diff --git a/go.mod b/go.mod
index e7797f122a8..dcbade891b3 100644
--- a/go.mod
+++ b/go.mod
@@ -9,43 +9,43 @@ require (
 	cloud.google.com/go/storage v1.36.0
 	dario.cat/mergo v1.0.0
 	github.com/Azure/azure-amqp-common-go/v4 v4.2.0
-	github.com/Azure/azure-event-hubs-go/v3 v3.6.1
+	github.com/Azure/azure-event-hubs-go/v3 v3.6.2
 	github.com/Azure/azure-kusto-go v0.15.0
 	github.com/Azure/azure-sdk-for-go v68.0.0+incompatible
 	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.1
-	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.4.0
-	github.com/Azure/azure-sdk-for-go/sdk/messaging/azservicebus v1.5.0
+	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.1
+	github.com/Azure/azure-sdk-for-go/sdk/messaging/azservicebus v1.6.0
 	github.com/Azure/azure-storage-blob-go v0.15.0
 	github.com/Azure/azure-storage-queue-go v0.0.0-20230927153703-648530c9aaf2
 	github.com/Azure/go-autorest/autorest v0.11.29
 	github.com/Azure/go-autorest/autorest/azure/auth v0.5.12
-	github.com/AzureAD/microsoft-authentication-library-for-go v1.2.0
+	github.com/AzureAD/microsoft-authentication-library-for-go v1.2.1
 	github.com/DataDog/datadog-api-client-go v1.16.0
 	github.com/Huawei/gophercloud v1.0.21
 	github.com/IBM/sarama v1.42.1
 	github.com/arangodb/go-driver v1.6.1
 	github.com/aws/aws-sdk-go-v2 v1.24.1
-	github.com/aws/aws-sdk-go-v2/config v1.26.2
-	github.com/aws/aws-sdk-go-v2/credentials v1.16.13
+	github.com/aws/aws-sdk-go-v2/config v1.26.4
+	github.com/aws/aws-sdk-go-v2/credentials v1.16.15
 	github.com/aws/aws-sdk-go-v2/service/amp v1.22.1
-	github.com/aws/aws-sdk-go-v2/service/cloudwatch v1.32.1
-	github.com/aws/aws-sdk-go-v2/service/dynamodb v1.26.7
-	github.com/aws/aws-sdk-go-v2/service/dynamodbstreams v1.18.6
-	github.com/aws/aws-sdk-go-v2/service/kinesis v1.24.6
-	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.25.5
-	github.com/aws/aws-sdk-go-v2/service/sqs v1.29.6
-	github.com/aws/aws-sdk-go-v2/service/sts v1.26.6
-	github.com/bradleyfalzon/ghinstallation/v2 v2.8.0
+	github.com/aws/aws-sdk-go-v2/service/cloudwatch v1.32.2
+	github.com/aws/aws-sdk-go-v2/service/dynamodb v1.26.9
+	github.com/aws/aws-sdk-go-v2/service/dynamodbstreams v1.18.7
+	github.com/aws/aws-sdk-go-v2/service/kinesis v1.24.7
+	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.26.2
+	github.com/aws/aws-sdk-go-v2/service/sqs v1.29.7
+	github.com/aws/aws-sdk-go-v2/service/sts v1.26.7
+	github.com/bradleyfalzon/ghinstallation/v2 v2.9.0
 	github.com/cloudevents/sdk-go/v2 v2.14.0
 	github.com/denisenkom/go-mssqldb v0.12.3
 	github.com/dysnix/predictkube-libs v0.0.4-0.20230109175007-5a82fccd31c7
 	github.com/dysnix/predictkube-proto v0.0.0-20220713123213-7135dce1e9c9
 	github.com/elastic/go-elasticsearch/v7 v7.17.10
-	github.com/expr-lang/expr v1.15.7
+	github.com/expr-lang/expr v1.15.8
 	github.com/go-kivik/couchdb/v3 v3.4.1
 	github.com/go-kivik/kivik/v3 v3.2.4
 	github.com/go-logr/logr v1.4.1
-	github.com/go-playground/validator/v10 v10.16.0
+	github.com/go-playground/validator/v10 v10.17.0
 	github.com/go-sql-driver/mysql v1.7.1
 	github.com/gobwas/glob v0.2.3
 	github.com/gocql/gocql v1.6.0
@@ -56,23 +56,23 @@ require (
 	github.com/gophercloud/gophercloud v1.8.0
 	github.com/hashicorp/vault/api v1.10.0
 	github.com/influxdata/influxdb-client-go/v2 v2.13.0
-	github.com/jackc/pgx/v5 v5.5.1
+	github.com/jackc/pgx/v5 v5.5.2
 	github.com/joho/godotenv v1.5.1
 	github.com/microsoft/ApplicationInsights-Go v0.4.4
 	github.com/microsoft/azure-devops-go-api/azuredevops v1.0.0-b5
 	github.com/mitchellh/hashstructure v1.1.0
 	github.com/newrelic/newrelic-client-go v1.1.0
-	github.com/onsi/ginkgo/v2 v2.13.2
-	github.com/onsi/gomega v1.30.0
+	github.com/onsi/ginkgo/v2 v2.15.0
+	github.com/onsi/gomega v1.31.0
 	github.com/open-policy-agent/cert-controller v0.10.1
 	github.com/phayes/freeport v0.0.0-20220201140144-74d24b5ae9f5
 	github.com/pkg/errors v0.9.1
 	github.com/prometheus/client_golang v1.18.0
 	github.com/prometheus/client_model v0.5.0
-	github.com/prometheus/common v0.45.0
+	github.com/prometheus/common v0.46.0
 	github.com/rabbitmq/amqp091-go v1.9.0
 	github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475
-	github.com/redis/go-redis/v9 v9.3.1
+	github.com/redis/go-redis/v9 v9.4.0
 	github.com/robfig/cron/v3 v3.0.1
 	github.com/segmentio/kafka-go v0.4.47
 	github.com/segmentio/kafka-go/sasl/aws_msk_iam_v2 v0.1.0
@@ -85,12 +85,12 @@ require (
 	github.com/youmark/pkcs8 v0.0.0-20201027041543-1326539a0a0a
 	go.etcd.io/etcd/client/v3 v3.5.11
 	go.mongodb.org/mongo-driver v1.13.1
-	go.opentelemetry.io/otel v1.21.0
-	go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v0.44.0
-	go.opentelemetry.io/otel/metric v1.21.0
-	golang.org/x/oauth2 v0.15.0
-	golang.org/x/sync v0.5.0
-	google.golang.org/api v0.154.0
+	go.opentelemetry.io/otel v1.22.0
+	go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v0.45.0
+	go.opentelemetry.io/otel/metric v1.22.0
+	golang.org/x/oauth2 v0.16.0
+	golang.org/x/sync v0.6.0
+	google.golang.org/api v0.156.0
 	google.golang.org/grpc v1.60.1
 	google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.3.0
 	google.golang.org/protobuf v1.32.0
@@ -104,7 +104,7 @@ require (
 	k8s.io/kube-openapi v0.0.0-20240103051144-eec4567ac022
 	k8s.io/metrics v0.29.0
 	k8s.io/utils v0.0.0-20240102154912-e7106e64919e
-	knative.dev/pkg v0.0.0-20240103071102-dfa0a2c9e85b
+	knative.dev/pkg v0.0.0-20240116073220-b488e7be5902
 	sigs.k8s.io/controller-runtime v0.16.3
 	sigs.k8s.io/controller-runtime/tools/setup-envtest v0.0.0-20240102165319-7f316f1309b1
 	sigs.k8s.io/controller-tools v0.13.0
@@ -151,13 +151,13 @@ replace (
 )
 
 require (
-	cloud.google.com/go v0.111.0 // indirect
+	cloud.google.com/go v0.112.0 // indirect
 	cloud.google.com/go/compute v1.23.3 // indirect
 	cloud.google.com/go/iam v1.1.5 // indirect
 	code.cloudfoundry.org/clock v1.1.0 // indirect
 	github.com/Azure/azure-pipeline-go v0.2.3 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.1 // indirect
-	github.com/Azure/go-amqp v1.0.2 // indirect
+	github.com/Azure/go-amqp v1.0.4 // indirect
 	github.com/Azure/go-autorest v14.2.0+incompatible // indirect
 	github.com/Azure/go-autorest/autorest/adal v0.9.23 // indirect
 	github.com/Azure/go-autorest/autorest/azure/cli v0.4.6 // indirect
@@ -168,22 +168,22 @@ require (
 	github.com/Azure/go-autorest/tracing v0.6.0 // indirect
 	github.com/DataDog/zstd v1.5.5 // indirect
 	github.com/NYTimes/gziphandler v1.1.1 // indirect
-	github.com/ProtonMail/go-crypto v0.0.0-20230923063757-afb1ddc0824c // indirect
-	github.com/andybalholm/brotli v1.0.6 // indirect
+	github.com/ProtonMail/go-crypto v1.0.0 // indirect
+	github.com/andybalholm/brotli v1.1.0 // indirect
 	github.com/antlr/antlr4/runtime/Go/antlr/v4 v4.0.0-20230305170008-8188dc5388df // indirect
 	github.com/apapsch/go-jsonmerge/v2 v2.0.0 // indirect
 	github.com/arangodb/go-velocypack v0.0.0-20200318135517-5af53c29c67e // indirect
 	github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
 	github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.5.4 // indirect
-	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.10 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.11 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.10 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.10 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/ini v1.7.2 // indirect
 	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.4 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery v1.8.10 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.9 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sso v1.18.5 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.5 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery v1.8.11 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.10 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.18.6 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.7 // indirect
 	github.com/aws/smithy-go v1.19.0 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/blang/semver/v4 v4.0.0 // indirect
@@ -200,9 +200,9 @@ require (
 	github.com/eapache/go-resiliency v1.5.0 // indirect
 	github.com/eapache/go-xerial-snappy v0.0.0-20230731223053-c322873962e3 // indirect
 	github.com/eapache/queue v1.1.0 // indirect
-	github.com/emicklei/go-restful/v3 v3.11.0 // indirect
-	github.com/evanphx/json-patch v5.7.0+incompatible // indirect
-	github.com/evanphx/json-patch/v5 v5.7.0 // indirect
+	github.com/emicklei/go-restful/v3 v3.11.2 // indirect
+	github.com/evanphx/json-patch v5.8.1+incompatible // indirect
+	github.com/evanphx/json-patch/v5 v5.8.1 // indirect
 	github.com/fatih/color v1.16.0 // indirect
 	github.com/felixge/httpsnoop v1.0.4 // indirect
 	github.com/fsnotify/fsnotify v1.7.0 // indirect
@@ -230,7 +230,7 @@ require (
 	github.com/golang/snappy v0.0.4 // indirect
 	github.com/google/cel-go v0.18.2 // indirect
 	github.com/google/gnostic-models v0.6.8 // indirect
-	github.com/google/go-github/v56 v56.0.0 // indirect
+	github.com/google/go-github/v57 v57.0.0 // indirect
 	github.com/google/go-querystring v1.1.0 // indirect
 	github.com/google/gofuzz v1.2.0 // indirect
 	github.com/google/pprof v0.0.0-20231229205709-960ae82b1e42 // indirect
@@ -240,7 +240,7 @@ require (
 	github.com/googleapis/gax-go/v2 v2.12.0 // indirect
 	github.com/grpc-ecosystem/go-grpc-middleware v1.4.0 // indirect
 	github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 // indirect
-	github.com/grpc-ecosystem/grpc-gateway/v2 v2.18.1 // indirect
+	github.com/grpc-ecosystem/grpc-gateway/v2 v2.19.0 // indirect
 	github.com/hailocab/go-hostpool v0.0.0-20160125115350-e80d13ce29ed // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
@@ -276,7 +276,6 @@ require (
 	github.com/mattn/go-ieproxy v0.0.11 // indirect
 	github.com/mattn/go-isatty v0.0.20 // indirect
 	github.com/mattn/go-runewidth v0.0.15 // indirect
-	github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0 // indirect
 	github.com/mitchellh/go-homedir v1.1.0 // indirect
 	github.com/mitchellh/mapstructure v1.5.0 // indirect
 	github.com/moby/spdystream v0.2.0 // indirect
@@ -286,9 +285,9 @@ require (
 	github.com/montanaflynn/stats v0.7.1 // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
 	github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f // indirect
-	github.com/oapi-codegen/runtime v1.1.0 // indirect
+	github.com/oapi-codegen/runtime v1.1.1 // indirect
 	github.com/olekukonko/tablewriter v0.0.5 // indirect
-	github.com/pierrec/lz4/v4 v4.1.19 // indirect
+	github.com/pierrec/lz4/v4 v4.1.21 // indirect
 	github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/prometheus/procfs v0.12.0 // indirect
@@ -319,33 +318,33 @@ require (
 	go.opencensus.io v0.24.0 // indirect
 	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.46.1 // indirect
 	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.46.1 // indirect
-	go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.21.0 // indirect
-	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.21.0 // indirect
-	go.opentelemetry.io/otel/sdk v1.21.0 // indirect
-	go.opentelemetry.io/otel/sdk/metric v1.21.0
-	go.opentelemetry.io/otel/trace v1.21.0 // indirect
-	go.opentelemetry.io/proto/otlp v1.0.0 // indirect
+	go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.22.0 // indirect
+	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.22.0 // indirect
+	go.opentelemetry.io/otel/sdk v1.22.0 // indirect
+	go.opentelemetry.io/otel/sdk/metric v1.22.0
+	go.opentelemetry.io/otel/trace v1.22.0 // indirect
+	go.opentelemetry.io/proto/otlp v1.1.0 // indirect
 	go.starlark.net v0.0.0-20231121155337-90ade8b19d09 // indirect
 	go.uber.org/atomic v1.11.0 // indirect
 	go.uber.org/automaxprocs v1.5.3
 	go.uber.org/multierr v1.11.0 // indirect
 	go.uber.org/zap v1.26.0 // indirect
-	golang.org/x/crypto v0.17.0
-	golang.org/x/exp v0.0.0-20231226003508-02704c960a9b // indirect
+	golang.org/x/crypto v0.18.0
+	golang.org/x/exp v0.0.0-20240112132812-db7319d0e0e3 // indirect
 	golang.org/x/mod v0.14.0 // indirect
-	golang.org/x/net v0.19.0 // indirect
-	golang.org/x/sys v0.15.0 // indirect
-	golang.org/x/term v0.15.0 // indirect
+	golang.org/x/net v0.20.0 // indirect
+	golang.org/x/sys v0.16.0 // indirect
+	golang.org/x/term v0.16.0 // indirect
 	golang.org/x/text v0.14.0 // indirect
 	golang.org/x/time v0.5.0 // indirect
-	golang.org/x/tools v0.16.1 // indirect
+	golang.org/x/tools v0.17.0 // indirect
 	golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 // indirect
 	gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
 	google.golang.org/appengine v1.6.8 // indirect
-	google.golang.org/genproto v0.0.0-20240102182953-50ed04b92917 // indirect
-	google.golang.org/genproto/googleapis/api v0.0.0-20240102182953-50ed04b92917 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20240102182953-50ed04b92917 // indirect
-	gopkg.in/evanphx/json-patch.v5 v5.7.0 // indirect
+	google.golang.org/genproto v0.0.0-20240116215550-a9fa1716bcac // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20240116215550-a9fa1716bcac // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20240116215550-a9fa1716bcac // indirect
+	gopkg.in/evanphx/json-patch.v5 v5.8.1 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/natefinch/lumberjack.v2 v2.2.1 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
diff --git a/go.sum b/go.sum
index ff0ae497eb0..a8211e3da90 100644
--- a/go.sum
+++ b/go.sum
@@ -40,8 +40,8 @@ cloud.google.com/go v0.110.4/go.mod h1:+EYjdK8e5RME/VY/qLCAtuyALQ9q67dvuum8i+H5x
 cloud.google.com/go v0.110.6/go.mod h1:+EYjdK8e5RME/VY/qLCAtuyALQ9q67dvuum8i+H5xsI=
 cloud.google.com/go v0.110.7/go.mod h1:+EYjdK8e5RME/VY/qLCAtuyALQ9q67dvuum8i+H5xsI=
 cloud.google.com/go v0.110.8/go.mod h1:Iz8AkXJf1qmxC3Oxoep8R1T36w8B92yU29PcBhHO5fk=
-cloud.google.com/go v0.111.0 h1:YHLKNupSD1KqjDbQ3+LVdQ81h/UJbJyZG203cEfnQgM=
-cloud.google.com/go v0.111.0/go.mod h1:0mibmpKP1TyOOFYQY5izo0LnT+ecvOQ0Sg3OdmMiNRU=
+cloud.google.com/go v0.112.0 h1:tpFCD7hpHFlQ8yPwT3x+QeXqc2T6+n6T+hmABHfDUSM=
+cloud.google.com/go v0.112.0/go.mod h1:3jEEVwZ/MHU4djK5t5RHuKOA/GbLddgTdVubX1qnPD4=
 cloud.google.com/go/accessapproval v1.4.0/go.mod h1:zybIuC3KpDOvotz59lFe5qxRZx6C75OtwbisN56xYB4=
 cloud.google.com/go/accessapproval v1.5.0/go.mod h1:HFy3tuiGvMdcd/u+Cu5b9NkO1pEICJ46IR82PoUdplw=
 cloud.google.com/go/accessapproval v1.6.0/go.mod h1:R0EiYnwV5fsRFiKZkPHr6mwyk2wxUJ30nL4j2pcFY2E=
@@ -809,8 +809,8 @@ gioui.org v0.0.0-20210308172011-57750fc8a0a6/go.mod h1:RSH6KIUZ0p2xy5zHDxgAM4zum
 git.sr.ht/~sbinet/gg v0.3.1/go.mod h1:KGYtlADtqsqANL9ueOFkWymvzUvLMQllU5Ixo+8v3pc=
 github.com/Azure/azure-amqp-common-go/v4 v4.2.0 h1:q/jLx1KJ8xeI8XGfkOWMN9XrXzAfVTkyvCxPvHCjd2I=
 github.com/Azure/azure-amqp-common-go/v4 v4.2.0/go.mod h1:GD3m/WPPma+621UaU6KNjKEo5Hl09z86viKwQjTpV0Q=
-github.com/Azure/azure-event-hubs-go/v3 v3.6.1 h1:vSiMmn3tOwgiLyfnmhT5K6Of/3QWRLaaNZPI0hFvZyU=
-github.com/Azure/azure-event-hubs-go/v3 v3.6.1/go.mod h1:i2NByb9Pr2na7y8wi/XefEVKkuA2CDUjCNoWQJtTsGo=
+github.com/Azure/azure-event-hubs-go/v3 v3.6.2 h1:7rNj1/iqS/i3mUKokA2n2eMYO72TB7lO7OmpbKoakKY=
+github.com/Azure/azure-event-hubs-go/v3 v3.6.2/go.mod h1:n+ocYr9j2JCLYqUqz9eI+lx/TEAtL/g6rZzyTFSuIpc=
 github.com/Azure/azure-kusto-go v0.15.0 h1:Igr6JELHChySkmN/py5OHnqAUFVU004q+HB7oddDrTk=
 github.com/Azure/azure-kusto-go v0.15.0/go.mod h1:twZbo+gYmZPDzzMOqExT7rEZ6kyKFvZxqUl3DoTwaIo=
 github.com/Azure/azure-pipeline-go v0.1.8/go.mod h1:XA1kFWRVhSK+KNFiOhfv83Fv8L9achrP7OxIzeTn1Yg=
@@ -822,19 +822,19 @@ github.com/Azure/azure-sdk-for-go/sdk/azcore v0.19.0/go.mod h1:h6H6c8enJmmocHUbL
 github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.1 h1:lGlwhPtrX6EVml1hO0ivjkUxsSyl4dsiw9qcA1k/3IQ=
 github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.1/go.mod h1:RKUqNu35KJYcVG/fqTRqmuXJZYNhYkBrnC/hX7yGbTA=
 github.com/Azure/azure-sdk-for-go/sdk/azidentity v0.11.0/go.mod h1:HcM1YX14R7CJcghJGOYCgdezslRSVzqwLf/q+4Y2r/0=
-github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.4.0 h1:BMAjVKJM0U/CYF27gA0ZMmXGkOcvfFtD0oHVZ1TIPRI=
-github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.4.0/go.mod h1:1fXstnBMas5kzG+S3q8UoJcmyU6nUeunJcMDHcRYHhs=
+github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.1 h1:sO0/P7g68FrryJzljemN+6GTssUXdANk6aJ7T1ZxnsQ=
+github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.1/go.mod h1:h8hyGFDsU5HMivxiS2iYFZsgDbU9OnnJ163x5UGVKYo=
 github.com/Azure/azure-sdk-for-go/sdk/internal v0.7.0/go.mod h1:yqy467j36fJxcRV2TzfVZ1pCb5vxm4BtZPUdYWe/Xo8=
 github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.1 h1:6oNBlSdi1QqM1PNW7FPA6xOGA5UNsXnkaYZz9vdPGhA=
 github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.1/go.mod h1:s4kgfzA0covAXNicZHDMN58jExvcng2mC/DepXiF1EI=
-github.com/Azure/azure-sdk-for-go/sdk/messaging/azservicebus v1.5.0 h1:HKHkea1fdm18LT8VAxTVZgJpPsLgv+0NZhmtus1UqJQ=
-github.com/Azure/azure-sdk-for-go/sdk/messaging/azservicebus v1.5.0/go.mod h1:4BbKA+mRmmTP8VaLfDPNF5nOdhRm5upG3AXVWfv1dxc=
+github.com/Azure/azure-sdk-for-go/sdk/messaging/azservicebus v1.6.0 h1:Fhg/LkAagiLv9Xpw6r2knr19tn9t1TiQoJu5bOMzflc=
+github.com/Azure/azure-sdk-for-go/sdk/messaging/azservicebus v1.6.0/go.mod h1:7xwz/6tTwO9zMKni8/EozIMi0DTexFSm7YNE9HdD3cQ=
 github.com/Azure/azure-storage-blob-go v0.15.0 h1:rXtgp8tN1p29GvpGgfJetavIG0V7OgcSXPpwp3tx6qk=
 github.com/Azure/azure-storage-blob-go v0.15.0/go.mod h1:vbjsVbX0dlxnRc4FFMPsS9BsJWPcne7GB7onqlPvz58=
 github.com/Azure/azure-storage-queue-go v0.0.0-20230927153703-648530c9aaf2 h1:G6pzVaX36QLfGvbLSAt8Leb81MiONYT0L03lhABjrPg=
 github.com/Azure/azure-storage-queue-go v0.0.0-20230927153703-648530c9aaf2/go.mod h1:K6am8mT+5iFXgingS9LUc7TmbsW6XBw3nxaRyaMyWc8=
-github.com/Azure/go-amqp v1.0.2 h1:zHCHId+kKC7fO8IkwyZJnWMvtRXhYC0VJtD0GYkHc6M=
-github.com/Azure/go-amqp v1.0.2/go.mod h1:vZAogwdrkbyK3Mla8m/CxSc/aKdnTZ4IbPxl51Y5WZE=
+github.com/Azure/go-amqp v1.0.4 h1:GX5OFOs706UjuFRD5PDKm3aOuLQ92F7DMbua+DKAYCc=
+github.com/Azure/go-amqp v1.0.4/go.mod h1:vZAogwdrkbyK3Mla8m/CxSc/aKdnTZ4IbPxl51Y5WZE=
 github.com/Azure/go-autorest v14.2.0+incompatible h1:V5VMDjClD3GiElqLWO7mz2MxNAK/vTfRHdAubSIPRgs=
 github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24=
 github.com/Azure/go-autorest/autorest v0.11.24/go.mod h1:G6kyRlFnTuSbEYkQGawPfsCswgme4iYf6rfSKUDzbCc=
@@ -863,8 +863,8 @@ github.com/Azure/go-autorest/logger v0.2.1 h1:IG7i4p/mDa2Ce4TRyAO8IHnVhAVF3RFU+Z
 github.com/Azure/go-autorest/logger v0.2.1/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8=
 github.com/Azure/go-autorest/tracing v0.6.0 h1:TYi4+3m5t6K48TGI9AUdb+IzbnSxvnvUMfuitfgcfuo=
 github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU=
-github.com/AzureAD/microsoft-authentication-library-for-go v1.2.0 h1:hVeq+yCyUi+MsoO/CU95yqCIcdzra5ovzk8Q2BBpV2M=
-github.com/AzureAD/microsoft-authentication-library-for-go v1.2.0/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI=
+github.com/AzureAD/microsoft-authentication-library-for-go v1.2.1 h1:DzHpqpoJVaCgOUdVHxE8QB52S6NiVdDQvGlny1qvPqA=
+github.com/AzureAD/microsoft-authentication-library-for-go v1.2.1/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
 github.com/DataDog/datadog-api-client-go v1.16.0 h1:5jOZv1m98criCvYTa3qpW8Hzv301nbZX3K9yJtwGyWY=
@@ -881,8 +881,8 @@ github.com/Masterminds/semver/v3 v3.1.1/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0
 github.com/NYTimes/gziphandler v1.1.1 h1:ZUDjpQae29j0ryrS0u/B8HZfJBtBQHjqw2rQ2cqUQ3I=
 github.com/NYTimes/gziphandler v1.1.1/go.mod h1:n/CVRwUEOgIxrgPvAQhUUr9oeUtvrhMomdKFjzJNB0c=
 github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
-github.com/ProtonMail/go-crypto v0.0.0-20230923063757-afb1ddc0824c h1:kMFnB0vCcX7IL/m9Y5LO+KQYv+t1CQOiFe6+SV2J7bE=
-github.com/ProtonMail/go-crypto v0.0.0-20230923063757-afb1ddc0824c/go.mod h1:EjAoLdwvbIOoOQr3ihjnSoLZRtE8azugULFRteWMNc0=
+github.com/ProtonMail/go-crypto v1.0.0 h1:LRuvITjQWX+WIfr930YHG2HNfjR1uOfyf5vE0kC2U78=
+github.com/ProtonMail/go-crypto v1.0.0/go.mod h1:EjAoLdwvbIOoOQr3ihjnSoLZRtE8azugULFRteWMNc0=
 github.com/RaveNoX/go-jsoncommentstrip v1.0.0/go.mod h1:78ihd09MekBnJnxpICcwzCMzGrKSKYe4AqU6PDYYpjk=
 github.com/ajstarks/deck v0.0.0-20200831202436-30c9fc6549a9/go.mod h1:JynElWSGnm/4RlzPXRlREEwqTHAN3T56Bv2ITsFT3gY=
 github.com/ajstarks/deck/generate v0.0.0-20210309230005-c3f852c02e19/go.mod h1:T13YZdzov6OU0A1+RfKZiZN9ca6VeKdBdyDV+BY97Tk=
@@ -891,8 +891,8 @@ github.com/ajstarks/svgo v0.0.0-20211024235047-1546f124cd8b/go.mod h1:1KcenG0jGW
 github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
 github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
 github.com/andybalholm/brotli v1.0.4/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHGRSepvi9Eig=
-github.com/andybalholm/brotli v1.0.6 h1:Yf9fFpf49Zrxb9NlQaluyE92/+X7UVHlhMNJN2sxfOI=
-github.com/andybalholm/brotli v1.0.6/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHGRSepvi9Eig=
+github.com/andybalholm/brotli v1.1.0 h1:eLKJA0d02Lf0mVpIDgYnqXcUn0GqVmEFny3VuID1U3M=
+github.com/andybalholm/brotli v1.1.0/go.mod h1:sms7XGricyQI9K10gOSf56VKKWS4oLer58Q+mhRPtnY=
 github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY=
 github.com/antlr/antlr4/runtime/Go/antlr/v4 v4.0.0-20230305170008-8188dc5388df h1:7RFfzj4SSt6nnvCPbCqijJi1nWCd+TqAT3bYCStRC18=
 github.com/antlr/antlr4/runtime/Go/antlr/v4 v4.0.0-20230305170008-8188dc5388df/go.mod h1:pSwJ0fSY5KhvocuWSx4fz3BA8OrA1bQn+K1Eli3BRwM=
@@ -919,14 +919,14 @@ github.com/aws/aws-sdk-go-v2 v1.24.1/go.mod h1:LNh45Br1YAkEKaAqvmE1m8FUx6a5b/V0o
 github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.5.4 h1:OCs21ST2LrepDfD3lwlQiOqIGp6JiEUqG84GzTDoyJs=
 github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.5.4/go.mod h1:usURWEKSNNAcAZuzRn/9ZYPT8aZQkR7xcCtunK/LkJo=
 github.com/aws/aws-sdk-go-v2/config v1.17.2/go.mod h1:jumS/AMwul4WaG8vyXsF6kUndG9zndR+yfYBwl4i9ds=
-github.com/aws/aws-sdk-go-v2/config v1.26.2 h1:+RWLEIWQIGgrz2pBPAUoGgNGs1TOyF4Hml7hCnYj2jc=
-github.com/aws/aws-sdk-go-v2/config v1.26.2/go.mod h1:l6xqvUxt0Oj7PI/SUXYLNyZ9T/yBPn3YTQcJLLOdtR8=
+github.com/aws/aws-sdk-go-v2/config v1.26.4 h1:Juj7LhtxNudNUlfX22K5AnLafO+v4eq9PA3VWSCIQs4=
+github.com/aws/aws-sdk-go-v2/config v1.26.4/go.mod h1:tioqQ7wvxMYnTDpoTTLHhV3Zh+z261i/f2oz+ds8eNI=
 github.com/aws/aws-sdk-go-v2/credentials v1.12.15/go.mod h1:41zTC6U/78fUD7ZCa5NymTJANDjfqySg5YEAYVFl2Ic=
-github.com/aws/aws-sdk-go-v2/credentials v1.16.13 h1:WLABQ4Cp4vXtXfOWOS3MEZKr6AAYUpMczLhgKtAjQ/8=
-github.com/aws/aws-sdk-go-v2/credentials v1.16.13/go.mod h1:Qg6x82FXwW0sJHzYruxGiuApNo31UEtJvXVSZAXeWiw=
+github.com/aws/aws-sdk-go-v2/credentials v1.16.15 h1:P0/m1LU08MF2kRzx4P//+7lNjiJod1z4xI2WpWhdpTQ=
+github.com/aws/aws-sdk-go-v2/credentials v1.16.15/go.mod h1:pgtMCf7Dx4GWw5EpHOTc2Sy17LIP0A0N2C9nQ83pQ/0=
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.13/go.mod h1:y0eXmsNBFIVjUE8ZBjES8myOHlMsXDz7qGT93+MVdjk=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.10 h1:w98BT5w+ao1/r5sUuiH6JkVzjowOKeOJRHERyy1vh58=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.10/go.mod h1:K2WGI7vUvkIv1HoNbfBA1bvIZ+9kL3YVmWxeKuLQsiw=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.11 h1:c5I5iH+DZcH3xOIMlz3/tCKJDaHFwYEmxvlh2fAcFo8=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.11/go.mod h1:cRrYDYAMUohBJUtUnOhydaMHtiK/1NZ0Otc9lIb6O0Y=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.19/go.mod h1:llxE6bwUZhuCas0K7qGiu5OgMis3N7kdWtFSxoHmJ7E=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.10 h1:vF+Zgd9s+H4vOXd5BMaPWykta2a6Ih0AKLq/X6NYKn4=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.10/go.mod h1:6BkRjejp/GR4411UGqkX8+wFMbFbqsUIimfK4XjOKR4=
@@ -938,34 +938,34 @@ github.com/aws/aws-sdk-go-v2/internal/ini v1.7.2 h1:GrSw8s0Gs/5zZ0SX+gX4zQjRnRsM
 github.com/aws/aws-sdk-go-v2/internal/ini v1.7.2/go.mod h1:6fQQgfuGmw8Al/3M2IgIllycxV7ZW7WCdVSqfBeUiCY=
 github.com/aws/aws-sdk-go-v2/service/amp v1.22.1 h1:09O7NJKub+PsLAi1S+j/melSkjQROVV2RsDGqt3i34k=
 github.com/aws/aws-sdk-go-v2/service/amp v1.22.1/go.mod h1:zXysWREb7sWv3Mr80IBeQmbbWtBD4OvA5r/W+E+aSyA=
-github.com/aws/aws-sdk-go-v2/service/cloudwatch v1.32.1 h1:IQ+uLXwS5Eelikc5ZdR0P55XPo+tqWh+k872KdpAjFA=
-github.com/aws/aws-sdk-go-v2/service/cloudwatch v1.32.1/go.mod h1:G63GKqSBLpBmO3tN1/PwM2NC65XvSd00zJWTZk202bc=
-github.com/aws/aws-sdk-go-v2/service/dynamodb v1.26.7 h1:X60rMbnylU1xmmhv4+/N78t+lKOCC4ELst5eR25dyqg=
-github.com/aws/aws-sdk-go-v2/service/dynamodb v1.26.7/go.mod h1:o7TD9sjdgrl8l/g2a2IkYjuhxjPy9DMP2sWo7piaRBQ=
-github.com/aws/aws-sdk-go-v2/service/dynamodbstreams v1.18.6 h1:3i7i3iJ+lVLuS7h34DMPUXPsNPKkZing38FJIR674xk=
-github.com/aws/aws-sdk-go-v2/service/dynamodbstreams v1.18.6/go.mod h1:T461RxBmf94zuOuIUifdy5Zim3DJTo0X4nXE3vodXQI=
+github.com/aws/aws-sdk-go-v2/service/cloudwatch v1.32.2 h1:vQfCIHSDouEvbE4EuDrlCGKcrtABEqF3cMt61nGEV4g=
+github.com/aws/aws-sdk-go-v2/service/cloudwatch v1.32.2/go.mod h1:3ToKMEhVj+Q+HzZ8Hqin6LdAKtsi3zVXVNUPpQMd+Xk=
+github.com/aws/aws-sdk-go-v2/service/dynamodb v1.26.9 h1:LQy/ItO8N4sd2beDIFuXnr7y02mHJGebFrYnrNZH5E4=
+github.com/aws/aws-sdk-go-v2/service/dynamodb v1.26.9/go.mod h1:N5tqZcYMM0N1PN7UQYJNWuGyO886OfnMhf/3MAbqMcI=
+github.com/aws/aws-sdk-go-v2/service/dynamodbstreams v1.18.7 h1:srShyROqxzC7p18Ws8mqM2sqxJO/8L3Kpiqf+NboJLg=
+github.com/aws/aws-sdk-go-v2/service/dynamodbstreams v1.18.7/go.mod h1:9efZgg4nJCGRp91MuHhkwd2kvyp7PWLRYYk5WjEQ5ts=
 github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.4 h1:/b31bi3YVNlkzkBrm9LfpaKoaYZUxIAj4sHfOTmLfqw=
 github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.4/go.mod h1:2aGXHFmbInwgP9ZfpmdIfOELL79zhdNYNmReK8qDfdQ=
-github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery v1.8.10 h1:h8uweImUHGgyNKrxIUwpPs6XiH0a6DJ17hSJvFLgPAo=
-github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery v1.8.10/go.mod h1:LZKVtMBiZfdvUWgwg61Qo6kyAmE5rn9Dw36AqnycvG8=
+github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery v1.8.11 h1:e9AVb17H4x5FTE5KWIP5M1Du+9M86pS+Hw0lBUdN8EY=
+github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery v1.8.11/go.mod h1:B90ZQJa36xo0ph9HsoteI1+r8owgQH/U1QNfqZQkj1Q=
 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.13/go.mod h1:V390DK4MQxLpDdXxFqizyz8KUxuWImkW/xzgXMz0yyk=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.9 h1:Nf2sHxjMJR8CSImIVCONRi4g0Su3J+TSTbS7G0pUeMU=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.9/go.mod h1:idky4TER38YIjr2cADF1/ugFMKvZV7p//pVeV5LZbF0=
-github.com/aws/aws-sdk-go-v2/service/kinesis v1.24.6 h1:FO/aIHk86VePDUh/3Q/A5pnvu45miO1GZB8rIq2BUlA=
-github.com/aws/aws-sdk-go-v2/service/kinesis v1.24.6/go.mod h1:Sj7qc+P/GOGOPMDn8+B7Cs+WPq1Gk+R6CXRXVhZtWcA=
-github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.25.5 h1:qYi/BfDrWXZxlmRjlKCyFmtI4HKJwW8OKDKhKRAOZQI=
-github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.25.5/go.mod h1:4Ae1NCLK6ghmjzd45Tc33GgCKhUWD2ORAlULtMO1Cbs=
-github.com/aws/aws-sdk-go-v2/service/sqs v1.29.6 h1:UdbDTllc7cmusTTMy1dcTrYKRl4utDEsmKh9ZjvhJCc=
-github.com/aws/aws-sdk-go-v2/service/sqs v1.29.6/go.mod h1:mCUv04gd/7g+/HNzDB4X6dzJuygji0ckvB3Lg/TdG5Y=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.10 h1:DBYTXwIGQSGs9w4jKm60F5dmCQ3EEruxdc0MFh+3EY4=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.10/go.mod h1:wohMUQiFdzo0NtxbBg0mSRGZ4vL3n0dKjLTINdcIino=
+github.com/aws/aws-sdk-go-v2/service/kinesis v1.24.7 h1:7Xy/miw2n9G6yi0qHey8Ro2pHR93cMB/r/PMXLMeZrI=
+github.com/aws/aws-sdk-go-v2/service/kinesis v1.24.7/go.mod h1:xOJOknNQF6owzT/d+ivXnNK7M+swiglnobX+zekpS6s=
+github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.26.2 h1:A5sGOT/mukuU+4At1vkSIWAN8tPwPCoYZBp7aruR540=
+github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.26.2/go.mod h1:qutL00aW8GSo2D0I6UEOqMvRS3ZyuBrOC1BLe5D2jPc=
+github.com/aws/aws-sdk-go-v2/service/sqs v1.29.7 h1:tRNrFDGRm81e6nTX5Q4CFblea99eAfm0dxXazGpLceU=
+github.com/aws/aws-sdk-go-v2/service/sqs v1.29.7/go.mod h1:8GWUDux5Z2h6z2efAtr54RdHXtLm8sq7Rg85ZNY/CZM=
 github.com/aws/aws-sdk-go-v2/service/sso v1.11.18/go.mod h1:ytmEi5+qwcSNcV2pVA8PIb1DnKT/0Bu/K4nfJHwoM6c=
-github.com/aws/aws-sdk-go-v2/service/sso v1.18.5 h1:ldSFWz9tEHAwHNmjx2Cvy1MjP5/L9kNoR0skc6wyOOM=
-github.com/aws/aws-sdk-go-v2/service/sso v1.18.5/go.mod h1:CaFfXLYL376jgbP7VKC96uFcU8Rlavak0UlAwk1Dlhc=
+github.com/aws/aws-sdk-go-v2/service/sso v1.18.6 h1:dGrs+Q/WzhsiUKh82SfTVN66QzyulXuMDTV/G8ZxOac=
+github.com/aws/aws-sdk-go-v2/service/sso v1.18.6/go.mod h1:+mJNDdF+qiUlNKNC3fxn74WWNN+sOiGOEImje+3ScPM=
 github.com/aws/aws-sdk-go-v2/service/ssooidc v1.13.1/go.mod h1:NY+G+8PW0ISyJ7/6t5mgOe6qpJiwZa9Jix05WPscJjg=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.5 h1:2k9KmFawS63euAkY4/ixVNsYYwrwnd5fIvgEKkfZFNM=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.5/go.mod h1:W+nd4wWDVkSUIox9bacmkBP5NMFQeTJ/xqNabpzSR38=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.7 h1:QPMJf+Jw8E1l7zqhZmMlFw6w1NmfkfiSK8mS4zOx3BA=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.7/go.mod h1:ykf3COxYI0UJmxcfcxcVuz7b6uADi1FkiUz6Eb7AgM8=
 github.com/aws/aws-sdk-go-v2/service/sts v1.16.14/go.mod h1:Y+BUV19q3OmQVqNUlbZ40zVi3NM6Biuxwkx/qdSD/CY=
-github.com/aws/aws-sdk-go-v2/service/sts v1.26.6 h1:HJeiuZ2fldpd0WqngyMR6KW7ofkXNLyOaHwEIGm39Cs=
-github.com/aws/aws-sdk-go-v2/service/sts v1.26.6/go.mod h1:XX5gh4CB7wAs4KhcF46G6C8a2i7eupU19dcAAE+EydU=
+github.com/aws/aws-sdk-go-v2/service/sts v1.26.7 h1:NzO4Vrau795RkUdSHKEwiR01FaGzGOH1EETJ+5QHnm0=
+github.com/aws/aws-sdk-go-v2/service/sts v1.26.7/go.mod h1:6h2YuIoxaMSCFf5fi1EgZAwdfkGMgDY+DVfa61uLe4U=
 github.com/aws/smithy-go v1.13.0/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=
 github.com/aws/smithy-go v1.19.0 h1:KWFKQV80DpP3vJrrA9sVAHQ5gc2z8i4EzrLhLlWXcBM=
 github.com/aws/smithy-go v1.19.0/go.mod h1:NukqUGpCZIILqqiV0NIjeFh24kd/FAa4beRb6nbIUPE=
@@ -985,8 +985,8 @@ github.com/bmizerany/assert v0.0.0-20160611221934-b7ed37b82869 h1:DDGfHa7BWjL4Yn
 github.com/bmizerany/assert v0.0.0-20160611221934-b7ed37b82869/go.mod h1:Ekp36dRnpXw/yCqJaO+ZrUyxD+3VXMFFr56k5XYrpB4=
 github.com/boombuler/barcode v1.0.0/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8=
 github.com/boombuler/barcode v1.0.1/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8=
-github.com/bradleyfalzon/ghinstallation/v2 v2.8.0 h1:yUmoVv70H3J4UOqxqsee39+KlXxNEDfTbAp8c/qULKk=
-github.com/bradleyfalzon/ghinstallation/v2 v2.8.0/go.mod h1:fmPmvCiBWhJla3zDv9ZTQSZc8AbwyRnGW1yg5ep1Pcs=
+github.com/bradleyfalzon/ghinstallation/v2 v2.9.0 h1:HmxIYqnxubRYcYGRc5v3wUekmo5Wv2uX3gukmWJ0AFk=
+github.com/bradleyfalzon/ghinstallation/v2 v2.9.0/go.mod h1:wmkTDJf8CmVypxE8ijIStFnKoTa6solK5QfdmJrP9KI=
 github.com/bsm/ginkgo/v2 v2.12.0 h1:Ny8MWAHyOepLGlLKYmXG4IEkioBysk6GpaRTLC8zwWs=
 github.com/bsm/ginkgo/v2 v2.12.0/go.mod h1:SwYbGRRDovPVboqFv0tPTcG1sN61LM1Z4ARdbAV9g4c=
 github.com/bsm/gomega v1.27.10 h1:yeMWxP2pV2fG3FgAODIY8EiRE3dy0aeFYt4l7wh6yKA=
@@ -1066,8 +1066,8 @@ github.com/elastic/go-elasticsearch/v7 v7.17.10 h1:TCQ8i4PmIJuBunvBS6bwT2ybzVFxx
 github.com/elastic/go-elasticsearch/v7 v7.17.10/go.mod h1:OJ4wdbtDNk5g503kvlHLyErCgQwwzmDtaFC4XyOxXA4=
 github.com/elazarl/goproxy v0.0.0-20220417044921-416226498f94 h1:VIy7cdK7ufs7ctpTFkXJHm1uP3dJSnCGSPysEICB1so=
 github.com/elazarl/goproxy v0.0.0-20220417044921-416226498f94/go.mod h1:Ro8st/ElPeALwNFlcTpWmkr6IoMFfkjXAvTHpevnDsM=
-github.com/emicklei/go-restful/v3 v3.11.0 h1:rAQeMHw1c7zTmncogyy8VvRZwtkmkZ4FxERmMY4rD+g=
-github.com/emicklei/go-restful/v3 v3.11.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
+github.com/emicklei/go-restful/v3 v3.11.2 h1:1onLa9DcsMYO9P+CXaL0dStDqQ2EHHXLiz+BtnqkLAU=
+github.com/emicklei/go-restful/v3 v3.11.2/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
 github.com/envoyproxy/go-control-plane v0.10.2-0.20220325020618-49ff273808a1/go.mod h1:KJwIaB5Mv44NWtYuAOFCVOjcI94vtpEz2JU/D2v6IjE=
 github.com/envoyproxy/go-control-plane v0.10.3/go.mod h1:fJJn/j26vwOu972OllsvAgJJM//w9BV6Fxbg2LuVd34=
 github.com/envoyproxy/go-control-plane v0.11.0/go.mod h1:VnHyVMpzcLvCFt9yUz1UnCwHLhwx1WguiVDV7pTG/tI=
@@ -1081,12 +1081,12 @@ github.com/envoyproxy/protoc-gen-validate v0.10.1/go.mod h1:DRjgyB0I43LtJapqN6Ni
 github.com/envoyproxy/protoc-gen-validate v1.0.1/go.mod h1:0vj8bNkYbSTNS2PIyH87KZaeN4x9zpL9Qt8fQC7d+vs=
 github.com/envoyproxy/protoc-gen-validate v1.0.2 h1:QkIBuU5k+x7/QXPvPPnWXWlCdaBFApVqftFV6k087DA=
 github.com/envoyproxy/protoc-gen-validate v1.0.2/go.mod h1:GpiZQP3dDbg4JouG/NNS7QWXpgx6x8QiMKdmN72jogE=
-github.com/evanphx/json-patch v5.7.0+incompatible h1:vgGkfT/9f8zE6tvSCe74nfpAVDQ2tG6yudJd8LBksgI=
-github.com/evanphx/json-patch v5.7.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
-github.com/evanphx/json-patch/v5 v5.7.0 h1:nJqP7uwL84RJInrohHfW0Fx3awjbm8qZeFv0nW9SYGc=
-github.com/evanphx/json-patch/v5 v5.7.0/go.mod h1:VNkHZ/282BpEyt/tObQO8s5CMPmYYq14uClGH4abBuQ=
-github.com/expr-lang/expr v1.15.7 h1:BK0JcWUkoW6nrbLBo6xCKhz4BvH5DSOOu1Gx5lucyZo=
-github.com/expr-lang/expr v1.15.7/go.mod h1:uCkhfG+x7fcZ5A5sXHKuQ07jGZRl6J0FCAaf2k4PtVQ=
+github.com/evanphx/json-patch v5.8.1+incompatible h1:2toJaoe7/rNa1zpeQx0UnVEjqk6z2ecyA20V/zg8vTU=
+github.com/evanphx/json-patch v5.8.1+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
+github.com/evanphx/json-patch/v5 v5.8.1 h1:iPEdwg0XayoS+E7Mth9JxwUtOgyVxnDTXHtKhZPlZxA=
+github.com/evanphx/json-patch/v5 v5.8.1/go.mod h1:VNkHZ/282BpEyt/tObQO8s5CMPmYYq14uClGH4abBuQ=
+github.com/expr-lang/expr v1.15.8 h1:FL8+d3rSSP4tmK9o+vKfSMqqpGL8n15pEPiHcnBpxoI=
+github.com/expr-lang/expr v1.15.8/go.mod h1:uCkhfG+x7fcZ5A5sXHKuQ07jGZRl6J0FCAaf2k4PtVQ=
 github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
 github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk=
 github.com/fatih/color v1.16.0 h1:zmkK9Ngbjj+K0yRhTVONQh1p/HknKYSlNT+vZCzyokM=
@@ -1155,8 +1155,8 @@ github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/o
 github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY=
 github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY=
 github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY=
-github.com/go-playground/validator/v10 v10.16.0 h1:x+plE831WK4vaKHO/jpgUGsvLKIqRRkz6M78GuJAfGE=
-github.com/go-playground/validator/v10 v10.16.0/go.mod h1:9iXMNT7sEkjXb0I+enO7QXmzG6QCsPWY4zveKFVRSyU=
+github.com/go-playground/validator/v10 v10.17.0 h1:SmVVlfAOtlZncTxRuinDPomC2DkXJ4E5T9gDA0AIH74=
+github.com/go-playground/validator/v10 v10.17.0/go.mod h1:9iXMNT7sEkjXb0I+enO7QXmzG6QCsPWY4zveKFVRSyU=
 github.com/go-sql-driver/mysql v1.7.1 h1:lUIinVbN1DY0xBg0eMOzmmtGoHwWBbvnWubQUrtU8EI=
 github.com/go-sql-driver/mysql v1.7.1/go.mod h1:OXbVy3sEdcQ2Doequ6Z5BW6fXNQTmx+9S1MCJN5yJMI=
 github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
@@ -1261,8 +1261,8 @@ github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
 github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/go-github/v50 v50.2.0 h1:j2FyongEHlO9nxXLc+LP3wuBSVU9mVxfpdYUexMpIfk=
 github.com/google/go-github/v50 v50.2.0/go.mod h1:VBY8FB6yPIjrtKhozXv4FQupxKLS6H4m6xFZlT43q8Q=
-github.com/google/go-github/v56 v56.0.0 h1:TysL7dMa/r7wsQi44BjqlwaHvwlFlqkK8CtBWCX3gb4=
-github.com/google/go-github/v56 v56.0.0/go.mod h1:D8cdcX98YWJvi7TLo7zM4/h8ZTx6u6fwGEkCdisopo0=
+github.com/google/go-github/v57 v57.0.0 h1:L+Y3UPTY8ALM8x+TV0lg+IEBI+upibemtBD8Q9u7zHs=
+github.com/google/go-github/v57 v57.0.0/go.mod h1:s0omdnye0hvK/ecLvpsGfJMiRt85PimQh4oygmLIxHw=
 github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8=
 github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
@@ -1355,8 +1355,8 @@ github.com/grpc-ecosystem/grpc-gateway v1.16.0 h1:gmcG1KaJ57LophUzW0Hy8NmPhnMZb4
 github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw=
 github.com/grpc-ecosystem/grpc-gateway/v2 v2.7.0/go.mod h1:hgWBS7lorOAVIJEQMi4ZsPv9hVvWI6+ch50m39Pf2Ks=
 github.com/grpc-ecosystem/grpc-gateway/v2 v2.11.3/go.mod h1:o//XUCC/F+yRGJoPO/VU0GSB0f8Nhgmxx0VIRUvaC0w=
-github.com/grpc-ecosystem/grpc-gateway/v2 v2.18.1 h1:6UKoz5ujsI55KNpsJH3UwCq3T8kKbZwNZBNPuTTje8U=
-github.com/grpc-ecosystem/grpc-gateway/v2 v2.18.1/go.mod h1:YvJ2f6MplWDhfxiUC3KpyTy76kYUZA4W3pTv/wdKQ9Y=
+github.com/grpc-ecosystem/grpc-gateway/v2 v2.19.0 h1:Wqo399gCIufwto+VfwCSvsnfGpF/w5E9CNxSwbpD6No=
+github.com/grpc-ecosystem/grpc-gateway/v2 v2.19.0/go.mod h1:qmOFXW2epJhM0qSnUUYpldc7gVz2KMQwJ/QYCDIa7XU=
 github.com/hailocab/go-hostpool v0.0.0-20160125115350-e80d13ce29ed h1:5upAirOpQc1Q53c0bnx2ufif5kANL7bfZWcc6VJWJd8=
 github.com/hailocab/go-hostpool v0.0.0-20160125115350-e80d13ce29ed/go.mod h1:tMWxXQ9wFIaZeTI9F+hmhFiGpFmhOHzyShyFUhRm0H4=
 github.com/hashicorp/consul/api v1.1.0/go.mod h1:VmuI/Lkw1nC05EYQWNKwWGbkg+FbDBtguAZLlVdkD9Q=
@@ -1421,8 +1421,8 @@ github.com/jackc/pgpassfile v1.0.0 h1:/6Hmqy13Ss2zCq62VdNG8tM1wchn8zjSGOBJ6icpsI
 github.com/jackc/pgpassfile v1.0.0/go.mod h1:CEx0iS5ambNFdcRtxPj5JhEz+xB6uRky5eyVu/W2HEg=
 github.com/jackc/pgservicefile v0.0.0-20231201235250-de7065d80cb9 h1:L0QtFUgDarD7Fpv9jeVMgy/+Ec0mtnmYuImjTz6dtDA=
 github.com/jackc/pgservicefile v0.0.0-20231201235250-de7065d80cb9/go.mod h1:5TJZWKEWniPve33vlWYSoGYefn3gLQRzjfDlhSJ9ZKM=
-github.com/jackc/pgx/v5 v5.5.1 h1:5I9etrGkLrN+2XPCsi6XLlV5DITbSL/xBZdmAxFcXPI=
-github.com/jackc/pgx/v5 v5.5.1/go.mod h1:Ig06C2Vu0t5qXC60W8sqIthScaEnFvojjj9dSljmHRA=
+github.com/jackc/pgx/v5 v5.5.2 h1:iLlpgp4Cp/gC9Xuscl7lFL1PhhW+ZLtXZcrfCt4C3tA=
+github.com/jackc/pgx/v5 v5.5.2/go.mod h1:ez9gk+OAat140fv9ErkZDYFWmXLfV+++K0uAOiwgm1A=
 github.com/jackc/puddle/v2 v2.2.1 h1:RhxXJtFG022u4ibrCSMSiu5aOq1i77R3OHKNJj77OAk=
 github.com/jackc/puddle/v2 v2.2.1/go.mod h1:vriiEXHvEE654aYKXXjOvZM39qJ0q+azkZFrfEOc3H4=
 github.com/jcmturner/aescts/v2 v2.0.0 h1:9YKLH6ey7H4eDBXW8khjYslgyqG2xZikXP0EQFKrle8=
@@ -1525,8 +1525,6 @@ github.com/mattn/go-runewidth v0.0.15/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh
 github.com/mattn/go-sqlite3 v1.14.14/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU=
 github.com/mattn/go-sqlite3 v1.14.15/go.mod h1:2eHXhiwb8IkHr+BDWZGa96P6+rkvnG63S2DGjv9HUNg=
 github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
-github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0 h1:jWpvCLoY8Z/e3VKvlsiIGKtc+UG6U5vzxaoagmhXfyg=
-github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0/go.mod h1:QUyp042oQthUoa9bqDv0ER0wrtXnBruoNd7aNjkbP+k=
 github.com/microsoft/ApplicationInsights-Go v0.4.4 h1:G4+H9WNs6ygSCe6sUyxRc2U81TI5Es90b2t/MwX5KqY=
 github.com/microsoft/ApplicationInsights-Go v0.4.4/go.mod h1:fKRUseBqkw6bDiXTs3ESTiU/4YTIHsQS4W3fP2ieF4U=
 github.com/microsoft/azure-devops-go-api/azuredevops v1.0.0-b5 h1:YH424zrwLTlyHSH/GzLMJeu5zhYVZSx5RQxGKm1h96s=
@@ -1572,8 +1570,8 @@ github.com/newrelic/newrelic-client-go v1.1.0 h1:aflNjzQ21c+2GwBVh+UbAf9lznkRfCc
 github.com/newrelic/newrelic-client-go v1.1.0/go.mod h1:RYMXt7hgYw7nzuXIGd2BH0F1AivgWw7WrBhNBQZEB4k=
 github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE=
 github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU=
-github.com/oapi-codegen/runtime v1.1.0 h1:rJpoNUawn5XTvekgfkvSZr0RqEnoYpFkyvrzfWeFKWM=
-github.com/oapi-codegen/runtime v1.1.0/go.mod h1:BeSfBkWWWnAnGdyS+S/GnlbmHKzf8/hwkvelJZDeKA8=
+github.com/oapi-codegen/runtime v1.1.1 h1:EXLHh0DXIJnWhdRPN2w4MXAzFyE4CskzhNLUmtpMYro=
+github.com/oapi-codegen/runtime v1.1.1/go.mod h1:SK9X900oXmPWilYR5/WKPzt3Kqxn/uS/+lbpREv+eCg=
 github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U=
 github.com/olekukonko/tablewriter v0.0.5 h1:P2Ga83D34wi1o9J6Wh1mRuqd4mF/x/lgBS7N7AbDhec=
 github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6HuIJcUGPhkA7kY=
@@ -1581,11 +1579,11 @@ github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+W
 github.com/onsi/ginkgo v1.8.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
 github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE=
 github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU=
-github.com/onsi/ginkgo/v2 v2.13.2 h1:Bi2gGVkfn6gQcjNjZJVO8Gf0FHzMPf2phUei9tejVMs=
-github.com/onsi/ginkgo/v2 v2.13.2/go.mod h1:XStQ8QcGwLyF4HdfcZB8SFOS/MWCgDuXMSBe6zrvLgM=
+github.com/onsi/ginkgo/v2 v2.15.0 h1:79HwNRBAZHOEwrczrgSOPy+eFTTlIGELKy5as+ClttY=
+github.com/onsi/ginkgo/v2 v2.15.0/go.mod h1:HlxMHtYF57y6Dpf+mc5529KKmSq9h2FpCF+/ZkwUxKM=
 github.com/onsi/gomega v1.5.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
-github.com/onsi/gomega v1.30.0 h1:hvMK7xYz4D3HapigLTeGdId/NcfQx1VHMJc60ew99+8=
-github.com/onsi/gomega v1.30.0/go.mod h1:9sxs+SwGrKI0+PWe4Fxa9tFQQBG5xSsSbMXOI8PPpoQ=
+github.com/onsi/gomega v1.31.0 h1:54UJxxj6cPInHS3a35wm6BK/F9nHYueZ1NVujHDrnXE=
+github.com/onsi/gomega v1.31.0/go.mod h1:DW9aCi7U6Yi40wNVAvT6kzFnEVEI5n3DloYBiKiT6zk=
 github.com/open-policy-agent/cert-controller v0.10.1 h1:RXSYoyn8FdCenWecRP//UV5nbVfmstNpj4kHQFkvPK4=
 github.com/open-policy-agent/cert-controller v0.10.1/go.mod h1:4uRbBLY5DsPOog+a9pqk3JLxuuhrWsbUedQW65HcLTI=
 github.com/open-policy-agent/frameworks/constraint v0.0.0-20230822235116-f0b62fe1e4c4 h1:5dum5SLEz+95JDLkMls7Z7IDPjvSq3UhJSFe4f5einQ=
@@ -1605,8 +1603,8 @@ github.com/phpdave11/gofpdf v1.4.2/go.mod h1:zpO6xFn9yxo3YLyMvW8HcKWVdbNqgIfOOp2
 github.com/phpdave11/gofpdi v1.0.12/go.mod h1:vBmVV0Do6hSBHC8uKUQ71JGW+ZGQq74llk/7bXwjDoI=
 github.com/phpdave11/gofpdi v1.0.13/go.mod h1:vBmVV0Do6hSBHC8uKUQ71JGW+ZGQq74llk/7bXwjDoI=
 github.com/pierrec/lz4/v4 v4.1.15/go.mod h1:gZWDp/Ze/IJXGXf23ltt2EXimqmTUXEy0GFuRQyBid4=
-github.com/pierrec/lz4/v4 v4.1.19 h1:tYLzDnjDXh9qIxSTKHwXwOYmm9d887Y7Y1ZkyXYHAN4=
-github.com/pierrec/lz4/v4 v4.1.19/go.mod h1:gZWDp/Ze/IJXGXf23ltt2EXimqmTUXEy0GFuRQyBid4=
+github.com/pierrec/lz4/v4 v4.1.21 h1:yOVMLb6qSIDP67pl/5F7RepeKYu/VmTyEXvuMI5d9mQ=
+github.com/pierrec/lz4/v4 v4.1.21/go.mod h1:gZWDp/Ze/IJXGXf23ltt2EXimqmTUXEy0GFuRQyBid4=
 github.com/pkg/browser v0.0.0-20180916011732-0a3d74bf9ce4/go.mod h1:4OwLy04Bl9Ef3GJJCoec+30X3LQs/0/m4HFRt/2LUSA=
 github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c h1:+mdjkGKdHQG3305AYmdv1U2eRNDiU2ErMBj1gwrq8eQ=
 github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c/go.mod h1:7rwL4CYBLnjLxUqIJNnCWiEdr3bn6IUYi15bNlnbCCU=
@@ -1636,8 +1634,8 @@ github.com/prometheus/client_model v0.5.0 h1:VQw1hfvPvk3Uv6Qf29VrPF32JB6rtbgI6cY
 github.com/prometheus/client_model v0.5.0/go.mod h1:dTiFglRmd66nLR9Pv9f0mZi7B7fk5Pm3gvsjB5tr+kI=
 github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro=
 github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
-github.com/prometheus/common v0.45.0 h1:2BGz0eBc2hdMDLnO/8n0jeB3oPrt2D08CekT0lneoxM=
-github.com/prometheus/common v0.45.0/go.mod h1:YJmSTw9BoKxJplESWWxlbyttQR4uaEcGyv9MZjVOJsY=
+github.com/prometheus/common v0.46.0 h1:doXzt5ybi1HBKpsZOL0sSkaNHJJqkyfEWZGGqqScV0Y=
+github.com/prometheus/common v0.46.0/go.mod h1:Tp0qkxpb9Jsg54QMe+EAmqXkSV7Evdy1BTn+g2pa/hQ=
 github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
 github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
 github.com/prometheus/procfs v0.12.0 h1:jluTpSng7V9hY0O2R9DzzJHYb2xULk9VTR1V1R/k6Bo=
@@ -1647,8 +1645,8 @@ github.com/rabbitmq/amqp091-go v1.9.0 h1:qrQtyzB4H8BQgEuJwhmVQqVHB9O4+MNDJCCAcpc
 github.com/rabbitmq/amqp091-go v1.9.0/go.mod h1:+jPrT9iY2eLjRaMSRHUhc3z14E/l85kv/f+6luSD3pc=
 github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475 h1:N/ElC8H3+5XpJzTSTfLsJV/mx9Q9g7kxmchpfZyxgzM=
 github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4=
-github.com/redis/go-redis/v9 v9.3.1 h1:KqdY8U+3X6z+iACvumCNxnoluToB+9Me+TvyFa21Mds=
-github.com/redis/go-redis/v9 v9.3.1/go.mod h1:hdY0cQFCN4fnSYT6TkisLufl/4W5UIXyv0b/CLO2V2M=
+github.com/redis/go-redis/v9 v9.4.0 h1:Yzoz33UZw9I/mFhx4MNrB6Fk+XHO1VukNcCa1+lwyKk=
+github.com/redis/go-redis/v9 v9.4.0/go.mod h1:hdY0cQFCN4fnSYT6TkisLufl/4W5UIXyv0b/CLO2V2M=
 github.com/remyoudompheng/bigfft v0.0.0-20200410134404-eec4a21b6bb0/go.mod h1:qqbHyh8v60DhA7CoWK5oRCqLrMHRGoxYCSS9EjAz6Eo=
 github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec/go.mod h1:qqbHyh8v60DhA7CoWK5oRCqLrMHRGoxYCSS9EjAz6Eo=
 github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
@@ -1826,27 +1824,27 @@ go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.4
 go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.46.1/go.mod h1:4UoMYEZOC0yN/sPGH76KPkkU7zgiEWYWL9vwmbnTJPE=
 go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.46.1 h1:aFJWCqJMNjENlcleuuOkGAPH82y0yULBScfXcIEdS24=
 go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.46.1/go.mod h1:sEGXWArGqc3tVa+ekntsN65DmVbVeW+7lTKTjZF3/Fo=
-go.opentelemetry.io/otel v1.21.0 h1:hzLeKBZEL7Okw2mGzZ0cc4k/A7Fta0uoPgaJCr8fsFc=
-go.opentelemetry.io/otel v1.21.0/go.mod h1:QZzNPQPm1zLX4gZK4cMi+71eaorMSGT3A4znnUvNNEo=
-go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v0.44.0 h1:bflGWrfYyuulcdxf14V6n9+CoQcu5SAAdHmDPAJnlps=
-go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v0.44.0/go.mod h1:qcTO4xHAxZLaLxPd60TdE88rxtItPHgHWqOhOGRr0as=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.21.0 h1:cl5P5/GIfFh4t6xyruOgJP5QiA1pw4fYYdv6nc6CBWw=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.21.0/go.mod h1:zgBdWWAu7oEEMC06MMKc5NLbA/1YDXV1sMpSqEeLQLg=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.21.0 h1:tIqheXEFWAZ7O8A7m+J0aPTmpJN3YQ7qetUAdkkkKpk=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.21.0/go.mod h1:nUeKExfxAQVbiVFn32YXpXZZHZ61Cc3s3Rn1pDBGAb0=
-go.opentelemetry.io/otel/metric v1.21.0 h1:tlYWfeo+Bocx5kLEloTjbcDwBuELRrIFxwdQ36PlJu4=
-go.opentelemetry.io/otel/metric v1.21.0/go.mod h1:o1p3CA8nNHW8j5yuQLdc1eeqEaPfzug24uvsyIEJRWM=
-go.opentelemetry.io/otel/sdk v1.21.0 h1:FTt8qirL1EysG6sTQRZ5TokkU8d0ugCj8htOgThZXQ8=
-go.opentelemetry.io/otel/sdk v1.21.0/go.mod h1:Nna6Yv7PWTdgJHVRD9hIYywQBRx7pbox6nwBnZIxl/E=
-go.opentelemetry.io/otel/sdk/metric v1.21.0 h1:smhI5oD714d6jHE6Tie36fPx4WDFIg+Y6RfAY4ICcR0=
-go.opentelemetry.io/otel/sdk/metric v1.21.0/go.mod h1:FJ8RAsoPGv/wYMgBdUJXOm+6pzFY3YdljnXtv1SBE8Q=
-go.opentelemetry.io/otel/trace v1.21.0 h1:WD9i5gzvoUPuXIXH24ZNBudiarZDKuekPqi/E8fpfLc=
-go.opentelemetry.io/otel/trace v1.21.0/go.mod h1:LGbsEB0f9LGjN+OZaQQ26sohbOmiMR+BaslueVtS/qQ=
+go.opentelemetry.io/otel v1.22.0 h1:xS7Ku+7yTFvDfDraDIJVpw7XPyuHlB9MCiqqX5mcJ6Y=
+go.opentelemetry.io/otel v1.22.0/go.mod h1:eoV4iAi3Ea8LkAEI9+GFT44O6T/D0GWAVFyZVCC6pMI=
+go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v0.45.0 h1:+RbSCde0ERway5FwKvXR3aRJIFeDu9rtwC6E7BC6uoM=
+go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v0.45.0/go.mod h1:zcI8u2EJxbLPyoZ3SkVAAcQPgYb1TDRzW93xLFnsggU=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.22.0 h1:9M3+rhx7kZCIQQhQRYaZCdNu1V73tm4TvXs2ntl98C4=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.22.0/go.mod h1:noq80iT8rrHP1SfybmPiRGc9dc5M8RPmGvtwo7Oo7tc=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.22.0 h1:H2JFgRcGiyHg7H7bwcwaQJYrNFqCqrbTQ8K4p1OvDu8=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.22.0/go.mod h1:WfCWp1bGoYK8MeULtI15MmQVczfR+bFkk0DF3h06QmQ=
+go.opentelemetry.io/otel/metric v1.22.0 h1:lypMQnGyJYeuYPhOM/bgjbFM6WE44W1/T45er4d8Hhg=
+go.opentelemetry.io/otel/metric v1.22.0/go.mod h1:evJGjVpZv0mQ5QBRJoBF64yMuOf4xCWdXjK8pzFvliY=
+go.opentelemetry.io/otel/sdk v1.22.0 h1:6coWHw9xw7EfClIC/+O31R8IY3/+EiRFHevmHafB2Gw=
+go.opentelemetry.io/otel/sdk v1.22.0/go.mod h1:iu7luyVGYovrRpe2fmj3CVKouQNdTOkxtLzPvPz1DOc=
+go.opentelemetry.io/otel/sdk/metric v1.22.0 h1:ARrRetm1HCVxq0cbnaZQlfwODYJHo3gFL8Z3tSmHBcI=
+go.opentelemetry.io/otel/sdk/metric v1.22.0/go.mod h1:KjQGeMIDlBNEOo6HvjhxIec1p/69/kULDcp4gr0oLQQ=
+go.opentelemetry.io/otel/trace v1.22.0 h1:Hg6pPujv0XG9QaVbGOBVHunyuLcCC3jN7WEhPx83XD0=
+go.opentelemetry.io/otel/trace v1.22.0/go.mod h1:RbbHXVqKES9QhzZq/fE5UnOSILqRt40a21sPw2He1xo=
 go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI=
 go.opentelemetry.io/proto/otlp v0.15.0/go.mod h1:H7XAot3MsfNsj7EXtrA2q5xSNQ10UqI405h3+duxN4U=
 go.opentelemetry.io/proto/otlp v0.19.0/go.mod h1:H7XAot3MsfNsj7EXtrA2q5xSNQ10UqI405h3+duxN4U=
-go.opentelemetry.io/proto/otlp v1.0.0 h1:T0TX0tmXU8a3CbNXzEKGeU5mIVOdf0oykP+u2lIVU/I=
-go.opentelemetry.io/proto/otlp v1.0.0/go.mod h1:Sy6pihPLfYHkr3NkUbEhGHFhINUSI/v80hjKIs5JXpM=
+go.opentelemetry.io/proto/otlp v1.1.0 h1:2Di21piLrCqJ3U3eXGCTPHE9R8Nh+0uglSnOyxikMeI=
+go.opentelemetry.io/proto/otlp v1.1.0/go.mod h1:GpBHCBWiqvVLDqmHZsoMM3C5ySeKTC7ej/RNTae6MdY=
 go.starlark.net v0.0.0-20231121155337-90ade8b19d09 h1:hzy3LFnSN8kuQK8h9tHl4ndF6UruMj47OqwqsS+/Ai4=
 go.starlark.net v0.0.0-20231121155337-90ade8b19d09/go.mod h1:LcLNIzVOMp4oV+uusnpk+VU+SzXaJakUuBjoCSWH5dM=
 go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
@@ -1884,8 +1882,8 @@ golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u0
 golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM=
 golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU=
 golang.org/x/exp v0.0.0-20220827204233-334a2380cb91/go.mod h1:cyybsKvd6eL0RnXn6p/Grxp8F5bW7iYuBgsNCOHpMYE=
-golang.org/x/exp v0.0.0-20231226003508-02704c960a9b h1:kLiC65FbiHWFAOu+lxwNPujcsl8VYyTYYEZnsOO1WK4=
-golang.org/x/exp v0.0.0-20231226003508-02704c960a9b/go.mod h1:iRJReGqOEeBhDZGkGbynYwcHlctCvnjTYIamk7uXpHI=
+golang.org/x/exp v0.0.0-20240112132812-db7319d0e0e3 h1:hNQpMuAJe5CtcUqCXaWga3FHu+kQvCqcsoVaQgSV60o=
+golang.org/x/exp v0.0.0-20240112132812-db7319d0e0e3/go.mod h1:idGWGoKP1toJGkd5/ig9ZLuPcZBC3ewk7SzmH0uou08=
 golang.org/x/image v0.0.0-20180708004352-c73c2afc3b81/go.mod h1:ux5Hcp/YLpHSI86hEcLt0YII63i6oz57MZXIpbrjZUs=
 golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
 golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
@@ -1963,8 +1961,8 @@ golang.org/x/oauth2 v0.6.0/go.mod h1:ycmewcwgD4Rpr3eZJLSB4Kyyljb3qDh40vJ8STE5HKw
 golang.org/x/oauth2 v0.7.0/go.mod h1:hPLQkd9LyjfXTiRohC/41GhcFqxisoUQ99sCUOHO9x4=
 golang.org/x/oauth2 v0.8.0/go.mod h1:yr7u4HXZRm1R1kBWqr/xKNqewf0plRYoB7sla+BCIXE=
 golang.org/x/oauth2 v0.13.0/go.mod h1:/JMhi4ZRXAf4HG9LiNmxvk+45+96RUlVThiH8FzNBn0=
-golang.org/x/oauth2 v0.15.0 h1:s8pnnxNVzjWyrvYdFUQq5llS1PX2zhPXmccZv99h7uQ=
-golang.org/x/oauth2 v0.15.0/go.mod h1:q48ptWNTY5XWf+JNten23lcvHpLJ0ZSxF5ttTHKVCAM=
+golang.org/x/oauth2 v0.16.0 h1:aDkGMBSYxElaoP81NpoUoz2oo2R2wHdZpGToUxfyQrQ=
+golang.org/x/oauth2 v0.16.0/go.mod h1:hqZ+0LWXsiVoZpeld6jVt06P3adbS2Uu911W1SsJv2o=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -1984,8 +1982,8 @@ golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.2.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=
 golang.org/x/sync v0.4.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=
-golang.org/x/sync v0.5.0 h1:60k92dhOjHxJkrqnwsfl8KuaHbn/5dl0lUPUklKo3qE=
-golang.org/x/sync v0.5.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
+golang.org/x/sync v0.6.0 h1:5BMeUDZ7vkXGfEr1x9B4bRcTH4lpkTkpdh0T/J+qjbQ=
+golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -2072,10 +2070,12 @@ golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.9.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc=
 golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/term v0.15.0 h1:y/Oo/a/q3IXu26lQgl04j/gjuBDOBlx7X6Om1j2CPW4=
+golang.org/x/sys v0.16.0 h1:xWw16ngr6ZMtmxDyKyIgsE93KNKz5HKmMa3b8ALHidU=
+golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0=
+golang.org/x/term v0.16.0 h1:m+B6fahuftsE9qjo0VWp2FW0mB3MTJvR0BaMQrq0pmE=
+golang.org/x/term v0.16.0/go.mod h1:yn7UURbUtPyrVJPGPq404EukNFxcm/foM+bV/bfcDsY=
 golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
 golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
@@ -2156,8 +2156,8 @@ golang.org/x/tools v0.7.0/go.mod h1:4pg6aUX35JBAogB10C9AtvVL+qowtN4pT3CGSQex14s=
 golang.org/x/tools v0.8.0/go.mod h1:JxBZ99ISMI5ViVkT1tr6tdNmXeTrcpVSD3vZ1RsRdN4=
 golang.org/x/tools v0.9.1/go.mod h1:owI94Op576fPu3cIGQeHs3joujW/2Oc6MtlxbF5dfNc=
 golang.org/x/tools v0.10.0/go.mod h1:UJwyiVBsOA2uwvK/e5OY3GTpDUJriEd+/YlqAwLPmyM=
-golang.org/x/tools v0.16.1 h1:TLyB3WofjdOEepBHAU20JdNC1Zbg87elYofWYAY5oZA=
-golang.org/x/tools v0.16.1/go.mod h1:kYVVN6I1mBNoB1OX+noeBjbRk4IUEPa7JJ+TJMEooJ0=
+golang.org/x/tools v0.17.0 h1:FvmRgNOcs3kOa+T20R1uhfP9F6HgG2mfxDv1vrx1Htc=
+golang.org/x/tools v0.17.0/go.mod h1:xsh6VxdV005rRVaS6SSAf9oiAqljS7UZUacMZ8Bnsps=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
@@ -2241,8 +2241,8 @@ google.golang.org/api v0.124.0/go.mod h1:xu2HQurE5gi/3t1aFCvhPD781p0a3p11sdunTJ2
 google.golang.org/api v0.125.0/go.mod h1:mBwVAtz+87bEN6CbA1GtZPDOqY2R5ONPqJeIlvyo4Aw=
 google.golang.org/api v0.126.0/go.mod h1:mBwVAtz+87bEN6CbA1GtZPDOqY2R5ONPqJeIlvyo4Aw=
 google.golang.org/api v0.128.0/go.mod h1:Y611qgqaE92On/7g65MQgxYul3c0rEB894kniWLY750=
-google.golang.org/api v0.154.0 h1:X7QkVKZBskztmpPKWQXgjJRPA2dJYrL6r+sYPRLj050=
-google.golang.org/api v0.154.0/go.mod h1:qhSMkM85hgqiokIYsrRyKxrjfBeIhgl4Z2JmeRkYylc=
+google.golang.org/api v0.156.0 h1:yloYcGbBtVYjLKQe4enCunxvwn3s2w/XPrrhVf6MsvQ=
+google.golang.org/api v0.156.0/go.mod h1:bUSmn4KFO0Q+69zo9CNIDp4Psi6BqM0np0CbzKRSiSY=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0=
@@ -2396,8 +2396,8 @@ google.golang.org/genproto v0.0.0-20230821184602-ccc8af3d0e93/go.mod h1:yZTlhN0t
 google.golang.org/genproto v0.0.0-20230913181813-007df8e322eb/go.mod h1:yZTlhN0tQnXo3h00fuXNCxJdLdIdnVFVBaRJ5LWBbw4=
 google.golang.org/genproto v0.0.0-20230920204549-e6e6cdab5c13/go.mod h1:CCviP9RmpZ1mxVr8MUjCnSiY09IbAXZxhLE6EhHIdPU=
 google.golang.org/genproto v0.0.0-20231002182017-d307bd883b97/go.mod h1:t1VqOqqvce95G3hIDCT5FeO3YUc6Q4Oe24L/+rNMxRk=
-google.golang.org/genproto v0.0.0-20240102182953-50ed04b92917 h1:nz5NESFLZbJGPFxDT/HCn+V1mZ8JGNoY4nUpmW/Y2eg=
-google.golang.org/genproto v0.0.0-20240102182953-50ed04b92917/go.mod h1:pZqR+glSb11aJ+JQcczCvgf47+duRuzNSKqE8YAQnV0=
+google.golang.org/genproto v0.0.0-20240116215550-a9fa1716bcac h1:ZL/Teoy/ZGnzyrqK/Optxxp2pmVh+fmJ97slxSRyzUg=
+google.golang.org/genproto v0.0.0-20240116215550-a9fa1716bcac/go.mod h1:+Rvu7ElI+aLzyDQhpHMFMMltsD6m7nqpuWDd2CwJw3k=
 google.golang.org/genproto/googleapis/api v0.0.0-20230525234020-1aefcd67740a/go.mod h1:ts19tUU+Z0ZShN1y3aPyq2+O3d5FUNNgT6FtOzmrNn8=
 google.golang.org/genproto/googleapis/api v0.0.0-20230525234035-dd9d682886f9/go.mod h1:vHYtlOoi6TsQ3Uk2yxR7NI5z8uoV+3pZtR4jmHIkRig=
 google.golang.org/genproto/googleapis/api v0.0.0-20230526203410-71b5a4ffd15e/go.mod h1:vHYtlOoi6TsQ3Uk2yxR7NI5z8uoV+3pZtR4jmHIkRig=
@@ -2409,8 +2409,8 @@ google.golang.org/genproto/googleapis/api v0.0.0-20230803162519-f966b187b2e5/go.
 google.golang.org/genproto/googleapis/api v0.0.0-20230913181813-007df8e322eb/go.mod h1:KjSP20unUpOx5kyQUFa7k4OJg0qeJ7DEZflGDu2p6Bk=
 google.golang.org/genproto/googleapis/api v0.0.0-20230920204549-e6e6cdab5c13/go.mod h1:RdyHbowztCGQySiCvQPgWQWgWhGnouTdCflKoDBt32U=
 google.golang.org/genproto/googleapis/api v0.0.0-20231002182017-d307bd883b97/go.mod h1:iargEX0SFPm3xcfMI0d1domjg0ZF4Aa0p2awqyxhvF0=
-google.golang.org/genproto/googleapis/api v0.0.0-20240102182953-50ed04b92917 h1:rcS6EyEaoCO52hQDupoSfrxI3R6C2Tq741is7X8OvnM=
-google.golang.org/genproto/googleapis/api v0.0.0-20240102182953-50ed04b92917/go.mod h1:CmlNWB9lSezaYELKS5Ym1r44VrrbPUa7JTvw+6MbpJ0=
+google.golang.org/genproto/googleapis/api v0.0.0-20240116215550-a9fa1716bcac h1:OZkkudMUu9LVQMCoRUbI/1p5VCo9BOrlvkqMvWtqa6s=
+google.golang.org/genproto/googleapis/api v0.0.0-20240116215550-a9fa1716bcac/go.mod h1:B5xPO//w8qmBDjGReYLpR6UJPnkldGkCSMoH/2vxJeg=
 google.golang.org/genproto/googleapis/bytestream v0.0.0-20230530153820-e85fd2cbaebc/go.mod h1:ylj+BE99M198VPbBh6A8d9n3w8fChvyLK3wwBOjXBFA=
 google.golang.org/genproto/googleapis/rpc v0.0.0-20230525234015-3fc162c6f38a/go.mod h1:xURIpW9ES5+/GZhnV6beoEtxQrnkRGIfP5VQG2tCBLc=
 google.golang.org/genproto/googleapis/rpc v0.0.0-20230525234030-28d5490b6b19/go.mod h1:66JfowdXAEgad5O9NnYcsNPLCPZJD++2L9X0PCMODrA=
@@ -2423,8 +2423,8 @@ google.golang.org/genproto/googleapis/rpc v0.0.0-20230803162519-f966b187b2e5/go.
 google.golang.org/genproto/googleapis/rpc v0.0.0-20230920183334-c177e329c48b/go.mod h1:+Bk1OCOj40wS2hwAMA+aCW9ypzm63QTBBHp6lQ3p+9M=
 google.golang.org/genproto/googleapis/rpc v0.0.0-20230920204549-e6e6cdab5c13/go.mod h1:KSqppvjFjtoCI+KGd4PELB0qLNxdJHRGqRI09mB6pQA=
 google.golang.org/genproto/googleapis/rpc v0.0.0-20231002182017-d307bd883b97/go.mod h1:v7nGkzlmW8P3n/bKmWBn2WpBjpOEx8Q6gMueudAmKfY=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20240102182953-50ed04b92917 h1:6G8oQ016D88m1xAKljMlBOOGWDZkes4kMhgGFlf8WcQ=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20240102182953-50ed04b92917/go.mod h1:xtjpI3tXFPP051KaWnhvxkiubL/6dJ18vLVf7q2pTOU=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240116215550-a9fa1716bcac h1:nUQEQmH/csSvFECKYRv6HWEyypysidKl2I6Qpsglq/0=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240116215550-a9fa1716bcac/go.mod h1:daQN87bsDqDoe316QbbvX60nMoJQa4r6Ds0ZuoAe5yA=
 google.golang.org/grpc v1.60.1 h1:26+wFr+cNqSGFcOXcabYC0lUVJVRa2Sb2ortSK7VrEU=
 google.golang.org/grpc v1.60.1/go.mod h1:OlCHIeLYqSSsLi6i49B5QGdzaMZK9+M7LXN2FKz4eGM=
 google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw=
@@ -2458,8 +2458,8 @@ gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
 gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
-gopkg.in/evanphx/json-patch.v5 v5.7.0 h1:dGKGylPlZ/jus2g1YqhhyzfH0gPy2R8/MYUpW/OslTY=
-gopkg.in/evanphx/json-patch.v5 v5.7.0/go.mod h1:/kvTRh1TVm5wuM6OkHxqXtE/1nUZZpihg29RtuIyfvk=
+gopkg.in/evanphx/json-patch.v5 v5.8.1 h1:BVxXj2YS+4i9fttNkVvDKi4Pg1pVMpVE8tdEwaKeQY0=
+gopkg.in/evanphx/json-patch.v5 v5.8.1/go.mod h1:/kvTRh1TVm5wuM6OkHxqXtE/1nUZZpihg29RtuIyfvk=
 gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=
 gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=
 gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
@@ -2515,8 +2515,8 @@ k8s.io/metrics v0.28.5 h1:Yh29Yi/x3ojK9ofYuY76Ny0IJdXeTZ9TiVjqAd9MssY=
 k8s.io/metrics v0.28.5/go.mod h1:QR2NHc/RWIZz9DqrV4Yt1eArZ6uexORBHRocpv5MQ2Q=
 k8s.io/utils v0.0.0-20240102154912-e7106e64919e h1:eQ/4ljkx21sObifjzXwlPKpdGLrCfRziVtos3ofG/sQ=
 k8s.io/utils v0.0.0-20240102154912-e7106e64919e/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
-knative.dev/pkg v0.0.0-20240103071102-dfa0a2c9e85b h1:YTIVFBIooa/XDWGGnW7Pxz95M1tFaBstH+HJxWTOGUw=
-knative.dev/pkg v0.0.0-20240103071102-dfa0a2c9e85b/go.mod h1:rnzVo2C8+L73WEO8duDSJIqGi17ZhTmXJcSAvx7rPFg=
+knative.dev/pkg v0.0.0-20240116073220-b488e7be5902 h1:H6+JJN23fhwYWCHY1339sY6uhIyoUwDy1a8dN233fdk=
+knative.dev/pkg v0.0.0-20240116073220-b488e7be5902/go.mod h1:NYk8mMYoLkO7CQWnNkti4YGGnvLxN6MIDbUvtgeo0C0=
 lukechampine.com/uint128 v1.1.1/go.mod h1:c4eWIwlEGaxC/+H1VguhU4PHXNWDCDMUlWdIWl2j1gk=
 lukechampine.com/uint128 v1.2.0/go.mod h1:c4eWIwlEGaxC/+H1VguhU4PHXNWDCDMUlWdIWl2j1gk=
 modernc.org/cc/v3 v3.36.0/go.mod h1:NFUHyPn4ekoC/JHeZFfZurN6ixxawE1BnVonP/oahEI=
diff --git a/vendor/cloud.google.com/go/internal/.repo-metadata-full.json b/vendor/cloud.google.com/go/internal/.repo-metadata-full.json
index 46c4094d3b7..ae8a1fc1467 100644
--- a/vendor/cloud.google.com/go/internal/.repo-metadata-full.json
+++ b/vendor/cloud.google.com/go/internal/.repo-metadata-full.json
@@ -29,6 +29,26 @@
     "release_level": "stable",
     "library_type": "GAPIC_AUTO"
   },
+  "cloud.google.com/go/ai/generativelanguage/apiv1": {
+    "api_shortname": "generativelanguage",
+    "distribution_name": "cloud.google.com/go/ai/generativelanguage/apiv1",
+    "description": "Generative Language API",
+    "language": "go",
+    "client_library_type": "generated",
+    "client_documentation": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/ai/latest/generativelanguage/apiv1",
+    "release_level": "preview",
+    "library_type": "GAPIC_AUTO"
+  },
+  "cloud.google.com/go/ai/generativelanguage/apiv1beta": {
+    "api_shortname": "generativelanguage",
+    "distribution_name": "cloud.google.com/go/ai/generativelanguage/apiv1beta",
+    "description": "Generative Language API",
+    "language": "go",
+    "client_library_type": "generated",
+    "client_documentation": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/ai/latest/generativelanguage/apiv1beta",
+    "release_level": "preview",
+    "library_type": "GAPIC_AUTO"
+  },
   "cloud.google.com/go/ai/generativelanguage/apiv1beta2": {
     "api_shortname": "generativelanguage",
     "distribution_name": "cloud.google.com/go/ai/generativelanguage/apiv1beta2",
@@ -179,6 +199,16 @@
     "release_level": "stable",
     "library_type": "GAPIC_AUTO"
   },
+  "cloud.google.com/go/apps/meet/apiv2beta": {
+    "api_shortname": "meet",
+    "distribution_name": "cloud.google.com/go/apps/meet/apiv2beta",
+    "description": "Google Meet API",
+    "language": "go",
+    "client_library_type": "generated",
+    "client_documentation": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/apps/latest/meet/apiv2beta",
+    "release_level": "preview",
+    "library_type": "GAPIC_AUTO"
+  },
   "cloud.google.com/go/area120/tables/apiv1alpha1": {
     "api_shortname": "area120tables",
     "distribution_name": "cloud.google.com/go/area120/tables/apiv1alpha1",
@@ -629,6 +659,16 @@
     "release_level": "preview",
     "library_type": "GAPIC_AUTO"
   },
+  "cloud.google.com/go/cloudquotas/apiv1": {
+    "api_shortname": "cloudquotas",
+    "distribution_name": "cloud.google.com/go/cloudquotas/apiv1",
+    "description": "Cloud Quotas API",
+    "language": "go",
+    "client_library_type": "generated",
+    "client_documentation": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/cloudquotas/latest/apiv1",
+    "release_level": "preview",
+    "library_type": "GAPIC_AUTO"
+  },
   "cloud.google.com/go/cloudtasks/apiv2": {
     "api_shortname": "cloudtasks",
     "distribution_name": "cloud.google.com/go/cloudtasks/apiv2",
@@ -969,6 +1009,16 @@
     "release_level": "stable",
     "library_type": "GAPIC_AUTO"
   },
+  "cloud.google.com/go/discoveryengine/apiv1alpha": {
+    "api_shortname": "discoveryengine",
+    "distribution_name": "cloud.google.com/go/discoveryengine/apiv1alpha",
+    "description": "Discovery Engine API",
+    "language": "go",
+    "client_library_type": "generated",
+    "client_documentation": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/discoveryengine/latest/apiv1alpha",
+    "release_level": "preview",
+    "library_type": "GAPIC_AUTO"
+  },
   "cloud.google.com/go/discoveryengine/apiv1beta": {
     "api_shortname": "discoveryengine",
     "distribution_name": "cloud.google.com/go/discoveryengine/apiv1beta",
@@ -2099,6 +2149,16 @@
     "release_level": "preview",
     "library_type": "GAPIC_AUTO"
   },
+  "cloud.google.com/go/securitycentermanagement/apiv1": {
+    "api_shortname": "securitycentermanagement",
+    "distribution_name": "cloud.google.com/go/securitycentermanagement/apiv1",
+    "description": "Security Center Management API",
+    "language": "go",
+    "client_library_type": "generated",
+    "client_documentation": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/securitycentermanagement/latest/apiv1",
+    "release_level": "preview",
+    "library_type": "GAPIC_AUTO"
+  },
   "cloud.google.com/go/servicecontrol/apiv1": {
     "api_shortname": "servicecontrol",
     "distribution_name": "cloud.google.com/go/servicecontrol/apiv1",
@@ -2159,6 +2219,16 @@
     "release_level": "stable",
     "library_type": "GAPIC_AUTO"
   },
+  "cloud.google.com/go/shopping/css/apiv1": {
+    "api_shortname": "css",
+    "distribution_name": "cloud.google.com/go/shopping/css/apiv1",
+    "description": "CSS API",
+    "language": "go",
+    "client_library_type": "generated",
+    "client_documentation": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/shopping/latest/css/apiv1",
+    "release_level": "preview",
+    "library_type": "GAPIC_AUTO"
+  },
   "cloud.google.com/go/shopping/merchant/inventories/apiv1beta": {
     "api_shortname": "merchantapi",
     "distribution_name": "cloud.google.com/go/shopping/merchant/inventories/apiv1beta",
@@ -2209,6 +2279,16 @@
     "release_level": "stable",
     "library_type": "GAPIC_AUTO"
   },
+  "cloud.google.com/go/spanner/executor/apiv1": {
+    "api_shortname": "spanner-cloud-executor",
+    "distribution_name": "cloud.google.com/go/spanner/executor/apiv1",
+    "description": "Cloud Spanner Executor test API",
+    "language": "go",
+    "client_library_type": "generated",
+    "client_documentation": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/spanner/latest/executor/apiv1",
+    "release_level": "preview",
+    "library_type": "GAPIC_AUTO"
+  },
   "cloud.google.com/go/speech/apiv1": {
     "api_shortname": "speech",
     "distribution_name": "cloud.google.com/go/speech/apiv1",
diff --git a/vendor/cloud.google.com/go/internal/trace/trace.go b/vendor/cloud.google.com/go/internal/trace/trace.go
index f6b88253b4a..eabed000f30 100644
--- a/vendor/cloud.google.com/go/internal/trace/trace.go
+++ b/vendor/cloud.google.com/go/internal/trace/trace.go
@@ -32,16 +32,33 @@ import (
 )
 
 const (
-	telemetryPlatformTracingOpenCensus    = "opencensus"
-	telemetryPlatformTracingOpenTelemetry = "opentelemetry"
-	telemetryPlatformTracingVar           = "GOOGLE_API_GO_EXPERIMENTAL_TELEMETRY_PLATFORM_TRACING"
+	// TelemetryPlatformTracingOpenCensus is the value to which the environment
+	// variable GOOGLE_API_GO_EXPERIMENTAL_TELEMETRY_PLATFORM_TRACING should be
+	// set to enable OpenCensus tracing.
+	TelemetryPlatformTracingOpenCensus = "opencensus"
+	// TelemetryPlatformTracingOpenCensus is the value to which the environment
+	// variable GOOGLE_API_GO_EXPERIMENTAL_TELEMETRY_PLATFORM_TRACING should be
+	// set to enable OpenTelemetry tracing.
+	TelemetryPlatformTracingOpenTelemetry = "opentelemetry"
+	// TelemetryPlatformTracingOpenCensus is the name of the environment
+	// variable that can be set to change the default tracing from OpenCensus
+	// to OpenTelemetry.
+	TelemetryPlatformTracingVar = "GOOGLE_API_GO_EXPERIMENTAL_TELEMETRY_PLATFORM_TRACING"
+	// OpenTelemetryTracerName is the name given to the OpenTelemetry Tracer
+	// when it is obtained from the OpenTelemetry TracerProvider.
+	OpenTelemetryTracerName = "cloud.google.com/go"
 )
 
 var (
-	// TODO(chrisdsmith): Should the name of the OpenTelemetry tracer be public and mutable?
-	openTelemetryTracerName     string = "cloud.google.com/go"
-	openTelemetryTracingEnabled bool   = strings.EqualFold(strings.TrimSpace(
-		os.Getenv(telemetryPlatformTracingVar)), telemetryPlatformTracingOpenTelemetry)
+	// OpenTelemetryTracingEnabled is true if the environment variable
+	// GOOGLE_API_GO_EXPERIMENTAL_TELEMETRY_PLATFORM_TRACING is set to the
+	// case-insensitive value "opentelemetry".
+	//
+	// Do not access directly. Use instead IsOpenTelemetryTracingEnabled or
+	// IsOpenCensusTracingEnabled. Intended for use only in unit tests. Restore
+	// original value after each test.
+	OpenTelemetryTracingEnabled bool = strings.EqualFold(strings.TrimSpace(
+		os.Getenv(TelemetryPlatformTracingVar)), TelemetryPlatformTracingOpenTelemetry)
 )
 
 // IsOpenCensusTracingEnabled returns true if the environment variable
@@ -55,7 +72,7 @@ func IsOpenCensusTracingEnabled() bool {
 // GOOGLE_API_GO_EXPERIMENTAL_TELEMETRY_PLATFORM_TRACING is set to the
 // case-insensitive value "opentelemetry".
 func IsOpenTelemetryTracingEnabled() bool {
-	return openTelemetryTracingEnabled
+	return OpenTelemetryTracingEnabled
 }
 
 // StartSpan adds a span to the trace with the given name. If IsOpenCensusTracingEnabled
@@ -63,12 +80,12 @@ func IsOpenTelemetryTracingEnabled() bool {
 // returns true, the span will be an OpenTelemetry span. Set the environment variable
 // GOOGLE_API_GO_EXPERIMENTAL_TELEMETRY_PLATFORM_TRACING to the case-insensitive
 // value "opentelemetry" before loading the package to use OpenTelemetry tracing.
-// The default will remain OpenCensus until [TBD], at which time the default will
+// The default will remain OpenCensus until May 29, 2024, at which time the default will
 // switch to "opentelemetry" and explicitly setting the environment variable to
 // "opencensus" will be required to continue using OpenCensus tracing.
 func StartSpan(ctx context.Context, name string) context.Context {
 	if IsOpenTelemetryTracingEnabled() {
-		ctx, _ = otel.GetTracerProvider().Tracer(openTelemetryTracerName).Start(ctx, name)
+		ctx, _ = otel.GetTracerProvider().Tracer(OpenTelemetryTracerName).Start(ctx, name)
 	} else {
 		ctx, _ = trace.StartSpan(ctx, name)
 	}
@@ -80,7 +97,7 @@ func StartSpan(ctx context.Context, name string) context.Context {
 // returns true, the span will be an OpenTelemetry span. Set the environment variable
 // GOOGLE_API_GO_EXPERIMENTAL_TELEMETRY_PLATFORM_TRACING to the case-insensitive
 // value "opentelemetry" before loading the package to use OpenTelemetry tracing.
-// The default will remain OpenCensus until [TBD], at which time the default will
+// The default will remain OpenCensus until May 29, 2024, at which time the default will
 // switch to "opentelemetry" and explicitly setting the environment variable to
 // "opencensus" will be required to continue using OpenCensus tracing.
 func EndSpan(ctx context.Context, err error) {
@@ -166,7 +183,7 @@ func httpStatusCodeToOCCode(httpStatusCode int) int32 {
 // span must be an OpenTelemetry span. Set the environment variable
 // GOOGLE_API_GO_EXPERIMENTAL_TELEMETRY_PLATFORM_TRACING to the case-insensitive
 // value "opentelemetry" before loading the package to use OpenTelemetry tracing.
-// The default will remain OpenCensus until [TBD], at which time the default will
+// The default will remain OpenCensus until May 29, 2024, at which time the default will
 // switch to "opentelemetry" and explicitly setting the environment variable to
 // "opencensus" will be required to continue using OpenCensus tracing.
 func TracePrintf(ctx context.Context, attrMap map[string]interface{}, format string, args ...interface{}) {
diff --git a/vendor/github.com/Azure/azure-event-hubs-go/v3/changelog.md b/vendor/github.com/Azure/azure-event-hubs-go/v3/changelog.md
index 7192f437a5b..7c04d76295d 100644
--- a/vendor/github.com/Azure/azure-event-hubs-go/v3/changelog.md
+++ b/vendor/github.com/Azure/azure-event-hubs-go/v3/changelog.md
@@ -1,5 +1,9 @@
 # Change Log
 
+## `v3.6.2`
+
+- Update dependencies.
+
 ## `v3.6.1`
 
 - Deprecate module. Use github.com/Azure/azure-sdk-for-go/sdk/messaging/azeventhubs instead.
diff --git a/vendor/github.com/Azure/azure-event-hubs-go/v3/version.go b/vendor/github.com/Azure/azure-event-hubs-go/v3/version.go
index 185739a8287..9609d028d0d 100644
--- a/vendor/github.com/Azure/azure-event-hubs-go/v3/version.go
+++ b/vendor/github.com/Azure/azure-event-hubs-go/v3/version.go
@@ -2,5 +2,5 @@ package eventhub
 
 const (
 	// Version is the semantic version number
-	Version = "3.6.1"
+	Version = "3.6.2"
 )
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/arm/internal/resource/resource_identifier.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/arm/internal/resource/resource_identifier.go
new file mode 100644
index 00000000000..187fe82b97c
--- /dev/null
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/arm/internal/resource/resource_identifier.go
@@ -0,0 +1,224 @@
+//go:build go1.18
+// +build go1.18
+
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+package resource
+
+import (
+	"fmt"
+	"strings"
+)
+
+const (
+	providersKey             = "providers"
+	subscriptionsKey         = "subscriptions"
+	resourceGroupsLowerKey   = "resourcegroups"
+	locationsKey             = "locations"
+	builtInResourceNamespace = "Microsoft.Resources"
+)
+
+// RootResourceID defines the tenant as the root parent of all other ResourceID.
+var RootResourceID = &ResourceID{
+	Parent:       nil,
+	ResourceType: TenantResourceType,
+	Name:         "",
+}
+
+// ResourceID represents a resource ID such as `/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myRg`.
+// Don't create this type directly, use ParseResourceID instead.
+type ResourceID struct {
+	// Parent is the parent ResourceID of this instance.
+	// Can be nil if there is no parent.
+	Parent *ResourceID
+
+	// SubscriptionID is the subscription ID in this resource ID.
+	// The value can be empty if the resource ID does not contain a subscription ID.
+	SubscriptionID string
+
+	// ResourceGroupName is the resource group name in this resource ID.
+	// The value can be empty if the resource ID does not contain a resource group name.
+	ResourceGroupName string
+
+	// Provider represents the provider name in this resource ID.
+	// This is only valid when the resource ID represents a resource provider.
+	// Example: `/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Insights`
+	Provider string
+
+	// Location is the location in this resource ID.
+	// The value can be empty if the resource ID does not contain a location name.
+	Location string
+
+	// ResourceType represents the type of this resource ID.
+	ResourceType ResourceType
+
+	// Name is the resource name of this resource ID.
+	Name string
+
+	isChild     bool
+	stringValue string
+}
+
+// ParseResourceID parses a string to an instance of ResourceID
+func ParseResourceID(id string) (*ResourceID, error) {
+	if len(id) == 0 {
+		return nil, fmt.Errorf("invalid resource ID: id cannot be empty")
+	}
+
+	if !strings.HasPrefix(id, "/") {
+		return nil, fmt.Errorf("invalid resource ID: resource id '%s' must start with '/'", id)
+	}
+
+	parts := splitStringAndOmitEmpty(id, "/")
+
+	if len(parts) < 2 {
+		return nil, fmt.Errorf("invalid resource ID: %s", id)
+	}
+
+	if !strings.EqualFold(parts[0], subscriptionsKey) && !strings.EqualFold(parts[0], providersKey) {
+		return nil, fmt.Errorf("invalid resource ID: %s", id)
+	}
+
+	return appendNext(RootResourceID, parts, id)
+}
+
+// String returns the string of the ResourceID
+func (id *ResourceID) String() string {
+	if len(id.stringValue) > 0 {
+		return id.stringValue
+	}
+
+	if id.Parent == nil {
+		return ""
+	}
+
+	builder := strings.Builder{}
+	builder.WriteString(id.Parent.String())
+
+	if id.isChild {
+		builder.WriteString(fmt.Sprintf("/%s", id.ResourceType.lastType()))
+		if len(id.Name) > 0 {
+			builder.WriteString(fmt.Sprintf("/%s", id.Name))
+		}
+	} else {
+		builder.WriteString(fmt.Sprintf("/providers/%s/%s/%s", id.ResourceType.Namespace, id.ResourceType.Type, id.Name))
+	}
+
+	id.stringValue = builder.String()
+
+	return id.stringValue
+}
+
+func newResourceID(parent *ResourceID, resourceTypeName string, resourceName string) *ResourceID {
+	id := &ResourceID{}
+	id.init(parent, chooseResourceType(resourceTypeName, parent), resourceName, true)
+	return id
+}
+
+func newResourceIDWithResourceType(parent *ResourceID, resourceType ResourceType, resourceName string) *ResourceID {
+	id := &ResourceID{}
+	id.init(parent, resourceType, resourceName, true)
+	return id
+}
+
+func newResourceIDWithProvider(parent *ResourceID, providerNamespace, resourceTypeName, resourceName string) *ResourceID {
+	id := &ResourceID{}
+	id.init(parent, NewResourceType(providerNamespace, resourceTypeName), resourceName, false)
+	return id
+}
+
+func chooseResourceType(resourceTypeName string, parent *ResourceID) ResourceType {
+	if strings.EqualFold(resourceTypeName, resourceGroupsLowerKey) {
+		return ResourceGroupResourceType
+	} else if strings.EqualFold(resourceTypeName, subscriptionsKey) && parent != nil && parent.ResourceType.String() == TenantResourceType.String() {
+		return SubscriptionResourceType
+	}
+
+	return parent.ResourceType.AppendChild(resourceTypeName)
+}
+
+func (id *ResourceID) init(parent *ResourceID, resourceType ResourceType, name string, isChild bool) {
+	if parent != nil {
+		id.Provider = parent.Provider
+		id.SubscriptionID = parent.SubscriptionID
+		id.ResourceGroupName = parent.ResourceGroupName
+		id.Location = parent.Location
+	}
+
+	if resourceType.String() == SubscriptionResourceType.String() {
+		id.SubscriptionID = name
+	}
+
+	if resourceType.lastType() == locationsKey {
+		id.Location = name
+	}
+
+	if resourceType.String() == ResourceGroupResourceType.String() {
+		id.ResourceGroupName = name
+	}
+
+	if resourceType.String() == ProviderResourceType.String() {
+		id.Provider = name
+	}
+
+	if parent == nil {
+		id.Parent = RootResourceID
+	} else {
+		id.Parent = parent
+	}
+	id.isChild = isChild
+	id.ResourceType = resourceType
+	id.Name = name
+}
+
+func appendNext(parent *ResourceID, parts []string, id string) (*ResourceID, error) {
+	if len(parts) == 0 {
+		return parent, nil
+	}
+
+	if len(parts) == 1 {
+		// subscriptions and resourceGroups are not valid ids without their names
+		if strings.EqualFold(parts[0], subscriptionsKey) || strings.EqualFold(parts[0], resourceGroupsLowerKey) {
+			return nil, fmt.Errorf("invalid resource ID: %s", id)
+		}
+
+		// resourceGroup must contain either child or provider resource type
+		if parent.ResourceType.String() == ResourceGroupResourceType.String() {
+			return nil, fmt.Errorf("invalid resource ID: %s", id)
+		}
+
+		return newResourceID(parent, parts[0], ""), nil
+	}
+
+	if strings.EqualFold(parts[0], providersKey) && (len(parts) == 2 || strings.EqualFold(parts[2], providersKey)) {
+		//provider resource can only be on a tenant or a subscription parent
+		if parent.ResourceType.String() != SubscriptionResourceType.String() && parent.ResourceType.String() != TenantResourceType.String() {
+			return nil, fmt.Errorf("invalid resource ID: %s", id)
+		}
+
+		return appendNext(newResourceIDWithResourceType(parent, ProviderResourceType, parts[1]), parts[2:], id)
+	}
+
+	if len(parts) > 3 && strings.EqualFold(parts[0], providersKey) {
+		return appendNext(newResourceIDWithProvider(parent, parts[1], parts[2], parts[3]), parts[4:], id)
+	}
+
+	if len(parts) > 1 && !strings.EqualFold(parts[0], providersKey) {
+		return appendNext(newResourceID(parent, parts[0], parts[1]), parts[2:], id)
+	}
+
+	return nil, fmt.Errorf("invalid resource ID: %s", id)
+}
+
+func splitStringAndOmitEmpty(v, sep string) []string {
+	r := make([]string, 0)
+	for _, s := range strings.Split(v, sep) {
+		if len(s) == 0 {
+			continue
+		}
+		r = append(r, s)
+	}
+
+	return r
+}
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/arm/internal/resource/resource_type.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/arm/internal/resource/resource_type.go
new file mode 100644
index 00000000000..ca03ac9713d
--- /dev/null
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/arm/internal/resource/resource_type.go
@@ -0,0 +1,114 @@
+//go:build go1.18
+// +build go1.18
+
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+package resource
+
+import (
+	"fmt"
+	"strings"
+)
+
+// SubscriptionResourceType is the ResourceType of a subscription
+var SubscriptionResourceType = NewResourceType(builtInResourceNamespace, "subscriptions")
+
+// ResourceGroupResourceType is the ResourceType of a resource group
+var ResourceGroupResourceType = NewResourceType(builtInResourceNamespace, "resourceGroups")
+
+// TenantResourceType is the ResourceType of a tenant
+var TenantResourceType = NewResourceType(builtInResourceNamespace, "tenants")
+
+// ProviderResourceType is the ResourceType of a provider
+var ProviderResourceType = NewResourceType(builtInResourceNamespace, "providers")
+
+// ResourceType represents an Azure resource type, e.g. "Microsoft.Network/virtualNetworks/subnets".
+// Don't create this type directly, use ParseResourceType or NewResourceType instead.
+type ResourceType struct {
+	// Namespace is the namespace of the resource type.
+	// e.g. "Microsoft.Network" in resource type "Microsoft.Network/virtualNetworks/subnets"
+	Namespace string
+
+	// Type is the full type name of the resource type.
+	// e.g. "virtualNetworks/subnets" in resource type "Microsoft.Network/virtualNetworks/subnets"
+	Type string
+
+	// Types is the slice of all the sub-types of this resource type.
+	// e.g. ["virtualNetworks", "subnets"] in resource type "Microsoft.Network/virtualNetworks/subnets"
+	Types []string
+
+	stringValue string
+}
+
+// String returns the string of the ResourceType
+func (t ResourceType) String() string {
+	return t.stringValue
+}
+
+// IsParentOf returns true when the receiver is the parent resource type of the child.
+func (t ResourceType) IsParentOf(child ResourceType) bool {
+	if !strings.EqualFold(t.Namespace, child.Namespace) {
+		return false
+	}
+	if len(t.Types) >= len(child.Types) {
+		return false
+	}
+	for i := range t.Types {
+		if !strings.EqualFold(t.Types[i], child.Types[i]) {
+			return false
+		}
+	}
+
+	return true
+}
+
+// AppendChild creates an instance of ResourceType using the receiver as the parent with childType appended to it.
+func (t ResourceType) AppendChild(childType string) ResourceType {
+	return NewResourceType(t.Namespace, fmt.Sprintf("%s/%s", t.Type, childType))
+}
+
+// NewResourceType creates an instance of ResourceType using a provider namespace
+// such as "Microsoft.Network" and type such as "virtualNetworks/subnets".
+func NewResourceType(providerNamespace, typeName string) ResourceType {
+	return ResourceType{
+		Namespace:   providerNamespace,
+		Type:        typeName,
+		Types:       splitStringAndOmitEmpty(typeName, "/"),
+		stringValue: fmt.Sprintf("%s/%s", providerNamespace, typeName),
+	}
+}
+
+// ParseResourceType parses the ResourceType from a resource type string (e.g. Microsoft.Network/virtualNetworks/subsets)
+// or a resource identifier string.
+// e.g. /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myRg/providers/Microsoft.Network/virtualNetworks/vnet/subnets/mySubnet)
+func ParseResourceType(resourceIDOrType string) (ResourceType, error) {
+	// split the path into segments
+	parts := splitStringAndOmitEmpty(resourceIDOrType, "/")
+
+	// There must be at least a namespace and type name
+	if len(parts) < 1 {
+		return ResourceType{}, fmt.Errorf("invalid resource ID or type: %s", resourceIDOrType)
+	}
+
+	// if the type is just subscriptions, it is a built-in type in the Microsoft.Resources namespace
+	if len(parts) == 1 {
+		// Simple resource type
+		return NewResourceType(builtInResourceNamespace, parts[0]), nil
+	} else if strings.Contains(parts[0], ".") {
+		// Handle resource types (Microsoft.Compute/virtualMachines, Microsoft.Network/virtualNetworks/subnets)
+		// it is a full type name
+		return NewResourceType(parts[0], strings.Join(parts[1:], "/")), nil
+	} else {
+		// Check if ResourceID
+		id, err := ParseResourceID(resourceIDOrType)
+		if err != nil {
+			return ResourceType{}, err
+		}
+		return NewResourceType(id.ResourceType.Namespace, id.ResourceType.Type), nil
+	}
+}
+
+func (t ResourceType) lastType() string {
+	return t.Types[len(t.Types)-1]
+}
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/arm/policy/policy.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/arm/policy/policy.go
new file mode 100644
index 00000000000..83cf91e3ecb
--- /dev/null
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/arm/policy/policy.go
@@ -0,0 +1,98 @@
+//go:build go1.18
+// +build go1.18
+
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+package policy
+
+import (
+	"time"
+
+	"github.com/Azure/azure-sdk-for-go/sdk/azcore/policy"
+)
+
+// BearerTokenOptions configures the bearer token policy's behavior.
+type BearerTokenOptions struct {
+	// AuxiliaryTenants are additional tenant IDs for authenticating cross-tenant requests.
+	// The policy will add a token from each of these tenants to every request. The
+	// authenticating user or service principal must be a guest in these tenants, and the
+	// policy's credential must support multitenant authentication.
+	AuxiliaryTenants []string
+
+	// Scopes contains the list of permission scopes required for the token.
+	Scopes []string
+}
+
+// RegistrationOptions configures the registration policy's behavior.
+// All zero-value fields will be initialized with their default values.
+type RegistrationOptions struct {
+	policy.ClientOptions
+
+	// MaxAttempts is the total number of times to attempt automatic registration
+	// in the event that an attempt fails.
+	// The default value is 3.
+	// Set to a value less than zero to disable the policy.
+	MaxAttempts int
+
+	// PollingDelay is the amount of time to sleep between polling intervals.
+	// The default value is 15 seconds.
+	// A value less than zero means no delay between polling intervals (not recommended).
+	PollingDelay time.Duration
+
+	// PollingDuration is the amount of time to wait before abandoning polling.
+	// The default valule is 5 minutes.
+	// NOTE: Setting this to a small value might cause the policy to prematurely fail.
+	PollingDuration time.Duration
+}
+
+// ClientOptions contains configuration settings for a client's pipeline.
+type ClientOptions struct {
+	policy.ClientOptions
+
+	// AuxiliaryTenants are additional tenant IDs for authenticating cross-tenant requests.
+	// The client will add a token from each of these tenants to every request. The
+	// authenticating user or service principal must be a guest in these tenants, and the
+	// client's credential must support multitenant authentication.
+	AuxiliaryTenants []string
+
+	// DisableRPRegistration disables the auto-RP registration policy. Defaults to false.
+	DisableRPRegistration bool
+}
+
+// Clone return a deep copy of the current options.
+func (o *ClientOptions) Clone() *ClientOptions {
+	if o == nil {
+		return nil
+	}
+	copiedOptions := *o
+	copiedOptions.Cloud.Services = copyMap(copiedOptions.Cloud.Services)
+	copiedOptions.Logging.AllowedHeaders = copyArray(copiedOptions.Logging.AllowedHeaders)
+	copiedOptions.Logging.AllowedQueryParams = copyArray(copiedOptions.Logging.AllowedQueryParams)
+	copiedOptions.Retry.StatusCodes = copyArray(copiedOptions.Retry.StatusCodes)
+	copiedOptions.PerRetryPolicies = copyArray(copiedOptions.PerRetryPolicies)
+	copiedOptions.PerCallPolicies = copyArray(copiedOptions.PerCallPolicies)
+	return &copiedOptions
+}
+
+// copyMap return a new map with all the key value pair in the src map
+func copyMap[K comparable, V any](src map[K]V) map[K]V {
+	if src == nil {
+		return nil
+	}
+	copiedMap := make(map[K]V)
+	for k, v := range src {
+		copiedMap[k] = v
+	}
+	return copiedMap
+}
+
+// copyMap return a new array with all the elements in the src array
+func copyArray[T any](src []T) []T {
+	if src == nil {
+		return nil
+	}
+	copiedArray := make([]T, len(src))
+	copy(copiedArray, src)
+	return copiedArray
+}
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/arm/runtime/pipeline.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/arm/runtime/pipeline.go
new file mode 100644
index 00000000000..302c19cd426
--- /dev/null
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/arm/runtime/pipeline.go
@@ -0,0 +1,65 @@
+//go:build go1.18
+// +build go1.18
+
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+package runtime
+
+import (
+	"errors"
+	"reflect"
+
+	"github.com/Azure/azure-sdk-for-go/sdk/azcore"
+	armpolicy "github.com/Azure/azure-sdk-for-go/sdk/azcore/arm/policy"
+	"github.com/Azure/azure-sdk-for-go/sdk/azcore/cloud"
+	"github.com/Azure/azure-sdk-for-go/sdk/azcore/internal/exported"
+	azpolicy "github.com/Azure/azure-sdk-for-go/sdk/azcore/policy"
+	azruntime "github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime"
+)
+
+// NewPipeline creates a pipeline from connection options. Policies from ClientOptions are
+// placed after policies from PipelineOptions. The telemetry policy, when enabled, will
+// use the specified module and version info.
+func NewPipeline(module, version string, cred azcore.TokenCredential, plOpts azruntime.PipelineOptions, options *armpolicy.ClientOptions) (azruntime.Pipeline, error) {
+	if options == nil {
+		options = &armpolicy.ClientOptions{}
+	}
+	conf, err := getConfiguration(&options.ClientOptions)
+	if err != nil {
+		return azruntime.Pipeline{}, err
+	}
+	authPolicy := NewBearerTokenPolicy(cred, &armpolicy.BearerTokenOptions{
+		AuxiliaryTenants: options.AuxiliaryTenants,
+		Scopes:           []string{conf.Audience + "/.default"},
+	})
+	perRetry := make([]azpolicy.Policy, len(plOpts.PerRetry), len(plOpts.PerRetry)+1)
+	copy(perRetry, plOpts.PerRetry)
+	plOpts.PerRetry = append(perRetry, authPolicy, exported.PolicyFunc(httpTraceNamespacePolicy))
+	if !options.DisableRPRegistration {
+		regRPOpts := armpolicy.RegistrationOptions{ClientOptions: options.ClientOptions}
+		regPolicy, err := NewRPRegistrationPolicy(cred, &regRPOpts)
+		if err != nil {
+			return azruntime.Pipeline{}, err
+		}
+		perCall := make([]azpolicy.Policy, len(plOpts.PerCall), len(plOpts.PerCall)+1)
+		copy(perCall, plOpts.PerCall)
+		plOpts.PerCall = append(perCall, regPolicy)
+	}
+	if plOpts.APIVersion.Name == "" {
+		plOpts.APIVersion.Name = "api-version"
+	}
+	return azruntime.NewPipeline(module, version, plOpts, &options.ClientOptions), nil
+}
+
+func getConfiguration(o *azpolicy.ClientOptions) (cloud.ServiceConfiguration, error) {
+	c := cloud.AzurePublic
+	if !reflect.ValueOf(o.Cloud).IsZero() {
+		c = o.Cloud
+	}
+	if conf, ok := c.Services[cloud.ResourceManager]; ok && conf.Endpoint != "" && conf.Audience != "" {
+		return conf, nil
+	} else {
+		return conf, errors.New("provided Cloud field is missing Azure Resource Manager configuration")
+	}
+}
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/arm/runtime/policy_bearer_token.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/arm/runtime/policy_bearer_token.go
new file mode 100644
index 00000000000..54b3bb78d85
--- /dev/null
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/arm/runtime/policy_bearer_token.go
@@ -0,0 +1,145 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+package runtime
+
+import (
+	"context"
+	"encoding/base64"
+	"fmt"
+	"net/http"
+	"strings"
+	"time"
+
+	"github.com/Azure/azure-sdk-for-go/sdk/azcore"
+	armpolicy "github.com/Azure/azure-sdk-for-go/sdk/azcore/arm/policy"
+	"github.com/Azure/azure-sdk-for-go/sdk/azcore/internal/shared"
+	azpolicy "github.com/Azure/azure-sdk-for-go/sdk/azcore/policy"
+	azruntime "github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime"
+	"github.com/Azure/azure-sdk-for-go/sdk/internal/temporal"
+)
+
+const headerAuxiliaryAuthorization = "x-ms-authorization-auxiliary"
+
+// acquiringResourceState holds data for an auxiliary token request
+type acquiringResourceState struct {
+	ctx    context.Context
+	p      *BearerTokenPolicy
+	tenant string
+}
+
+// acquireAuxToken acquires a token from an auxiliary tenant. Only one thread/goroutine at a time ever calls this function.
+func acquireAuxToken(state acquiringResourceState) (newResource azcore.AccessToken, newExpiration time.Time, err error) {
+	tk, err := state.p.cred.GetToken(state.ctx, azpolicy.TokenRequestOptions{
+		EnableCAE: true,
+		Scopes:    state.p.scopes,
+		TenantID:  state.tenant,
+	})
+	if err != nil {
+		return azcore.AccessToken{}, time.Time{}, err
+	}
+	return tk, tk.ExpiresOn, nil
+}
+
+// BearerTokenPolicy authorizes requests with bearer tokens acquired from a TokenCredential.
+type BearerTokenPolicy struct {
+	auxResources map[string]*temporal.Resource[azcore.AccessToken, acquiringResourceState]
+	btp          *azruntime.BearerTokenPolicy
+	cred         azcore.TokenCredential
+	scopes       []string
+}
+
+// NewBearerTokenPolicy creates a policy object that authorizes requests with bearer tokens.
+// cred: an azcore.TokenCredential implementation such as a credential object from azidentity
+// opts: optional settings. Pass nil to accept default values; this is the same as passing a zero-value options.
+func NewBearerTokenPolicy(cred azcore.TokenCredential, opts *armpolicy.BearerTokenOptions) *BearerTokenPolicy {
+	if opts == nil {
+		opts = &armpolicy.BearerTokenOptions{}
+	}
+	p := &BearerTokenPolicy{cred: cred}
+	p.auxResources = make(map[string]*temporal.Resource[azcore.AccessToken, acquiringResourceState], len(opts.AuxiliaryTenants))
+	for _, t := range opts.AuxiliaryTenants {
+		p.auxResources[t] = temporal.NewResource(acquireAuxToken)
+	}
+	p.scopes = make([]string, len(opts.Scopes))
+	copy(p.scopes, opts.Scopes)
+	p.btp = azruntime.NewBearerTokenPolicy(cred, opts.Scopes, &azpolicy.BearerTokenOptions{
+		AuthorizationHandler: azpolicy.AuthorizationHandler{
+			OnChallenge: p.onChallenge,
+			OnRequest:   p.onRequest,
+		},
+	})
+	return p
+}
+
+func (b *BearerTokenPolicy) onChallenge(req *azpolicy.Request, res *http.Response, authNZ func(azpolicy.TokenRequestOptions) error) error {
+	challenge := res.Header.Get(shared.HeaderWWWAuthenticate)
+	claims, err := parseChallenge(challenge)
+	if err != nil {
+		// the challenge contains claims we can't parse
+		return err
+	} else if claims != "" {
+		// request a new token having the specified claims, send the request again
+		return authNZ(azpolicy.TokenRequestOptions{Claims: claims, EnableCAE: true, Scopes: b.scopes})
+	}
+	// auth challenge didn't include claims, so this is a simple authorization failure
+	return azruntime.NewResponseError(res)
+}
+
+// onRequest authorizes requests with one or more bearer tokens
+func (b *BearerTokenPolicy) onRequest(req *azpolicy.Request, authNZ func(azpolicy.TokenRequestOptions) error) error {
+	// authorize the request with a token for the primary tenant
+	err := authNZ(azpolicy.TokenRequestOptions{EnableCAE: true, Scopes: b.scopes})
+	if err != nil || len(b.auxResources) == 0 {
+		return err
+	}
+	// add tokens for auxiliary tenants
+	as := acquiringResourceState{
+		ctx: req.Raw().Context(),
+		p:   b,
+	}
+	auxTokens := make([]string, 0, len(b.auxResources))
+	for tenant, er := range b.auxResources {
+		as.tenant = tenant
+		auxTk, err := er.Get(as)
+		if err != nil {
+			return err
+		}
+		auxTokens = append(auxTokens, fmt.Sprintf("%s%s", shared.BearerTokenPrefix, auxTk.Token))
+	}
+	req.Raw().Header.Set(headerAuxiliaryAuthorization, strings.Join(auxTokens, ", "))
+	return nil
+}
+
+// Do authorizes a request with a bearer token
+func (b *BearerTokenPolicy) Do(req *azpolicy.Request) (*http.Response, error) {
+	return b.btp.Do(req)
+}
+
+// parseChallenge parses claims from an authentication challenge issued by ARM so a client can request a token
+// that will satisfy conditional access policies. It returns a non-nil error when the given value contains
+// claims it can't parse. If the value contains no claims, it returns an empty string and a nil error.
+func parseChallenge(wwwAuthenticate string) (string, error) {
+	claims := ""
+	var err error
+	for _, param := range strings.Split(wwwAuthenticate, ",") {
+		if _, after, found := strings.Cut(param, "claims="); found {
+			if claims != "" {
+				// The header contains multiple challenges, at least two of which specify claims. The specs allow this
+				// but it's unclear what a client should do in this case and there's as yet no concrete example of it.
+				err = fmt.Errorf("found multiple claims challenges in %q", wwwAuthenticate)
+				break
+			}
+			// trim stuff that would get an error from RawURLEncoding; claims may or may not be padded
+			claims = strings.Trim(after, `\"=`)
+			// we don't return this error because it's something unhelpful like "illegal base64 data at input byte 42"
+			if b, decErr := base64.RawURLEncoding.DecodeString(claims); decErr == nil {
+				claims = string(b)
+			} else {
+				err = fmt.Errorf("failed to parse claims from %q", wwwAuthenticate)
+				break
+			}
+		}
+	}
+	return claims, err
+}
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/arm/runtime/policy_register_rp.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/arm/runtime/policy_register_rp.go
new file mode 100644
index 00000000000..83e15949aa3
--- /dev/null
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/arm/runtime/policy_register_rp.go
@@ -0,0 +1,347 @@
+//go:build go1.18
+// +build go1.18
+
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+package runtime
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"net/http"
+	"net/url"
+	"strings"
+	"time"
+
+	"github.com/Azure/azure-sdk-for-go/sdk/azcore"
+	armpolicy "github.com/Azure/azure-sdk-for-go/sdk/azcore/arm/policy"
+	"github.com/Azure/azure-sdk-for-go/sdk/azcore/internal/exported"
+	"github.com/Azure/azure-sdk-for-go/sdk/azcore/internal/shared"
+	azpolicy "github.com/Azure/azure-sdk-for-go/sdk/azcore/policy"
+	"github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime"
+	"github.com/Azure/azure-sdk-for-go/sdk/internal/log"
+)
+
+const (
+	// LogRPRegistration entries contain information specific to the automatic registration of an RP.
+	// Entries of this classification are written IFF the policy needs to take any action.
+	LogRPRegistration log.Event = "RPRegistration"
+)
+
+// init sets any default values
+func setDefaults(r *armpolicy.RegistrationOptions) {
+	if r.MaxAttempts == 0 {
+		r.MaxAttempts = 3
+	} else if r.MaxAttempts < 0 {
+		r.MaxAttempts = 0
+	}
+	if r.PollingDelay == 0 {
+		r.PollingDelay = 15 * time.Second
+	} else if r.PollingDelay < 0 {
+		r.PollingDelay = 0
+	}
+	if r.PollingDuration == 0 {
+		r.PollingDuration = 5 * time.Minute
+	}
+}
+
+// NewRPRegistrationPolicy creates a policy object configured using the specified options.
+// The policy controls whether an unregistered resource provider should automatically be
+// registered. See https://aka.ms/rps-not-found for more information.
+func NewRPRegistrationPolicy(cred azcore.TokenCredential, o *armpolicy.RegistrationOptions) (azpolicy.Policy, error) {
+	if o == nil {
+		o = &armpolicy.RegistrationOptions{}
+	}
+	conf, err := getConfiguration(&o.ClientOptions)
+	if err != nil {
+		return nil, err
+	}
+	authPolicy := NewBearerTokenPolicy(cred, &armpolicy.BearerTokenOptions{Scopes: []string{conf.Audience + "/.default"}})
+	p := &rpRegistrationPolicy{
+		endpoint: conf.Endpoint,
+		pipeline: runtime.NewPipeline(shared.Module, shared.Version, runtime.PipelineOptions{PerRetry: []azpolicy.Policy{authPolicy}}, &o.ClientOptions),
+		options:  *o,
+	}
+	// init the copy
+	setDefaults(&p.options)
+	return p, nil
+}
+
+type rpRegistrationPolicy struct {
+	endpoint string
+	pipeline runtime.Pipeline
+	options  armpolicy.RegistrationOptions
+}
+
+func (r *rpRegistrationPolicy) Do(req *azpolicy.Request) (*http.Response, error) {
+	if r.options.MaxAttempts == 0 {
+		// policy is disabled
+		return req.Next()
+	}
+	const registeredState = "Registered"
+	var rp string
+	var resp *http.Response
+	for attempts := 0; attempts < r.options.MaxAttempts; attempts++ {
+		var err error
+		// make the original request
+		resp, err = req.Next()
+		// getting a 409 is the first indication that the RP might need to be registered, check error response
+		if err != nil || resp.StatusCode != http.StatusConflict {
+			return resp, err
+		}
+		var reqErr requestError
+		if err = runtime.UnmarshalAsJSON(resp, &reqErr); err != nil {
+			return resp, err
+		}
+		if reqErr.ServiceError == nil {
+			// missing service error info. just return the response
+			// to the caller so its error unmarshalling will kick in
+			return resp, err
+		}
+		if !isUnregisteredRPCode(reqErr.ServiceError.Code) {
+			// not a 409 due to unregistered RP. just return the response
+			// to the caller so its error unmarshalling will kick in
+			return resp, err
+		}
+		// RP needs to be registered.  start by getting the subscription ID from the original request
+		subID, err := getSubscription(req.Raw().URL.Path)
+		if err != nil {
+			return resp, err
+		}
+		// now get the RP from the error
+		rp, err = getProvider(reqErr)
+		if err != nil {
+			return resp, err
+		}
+		logRegistrationExit := func(v interface{}) {
+			log.Writef(LogRPRegistration, "END registration for %s: %v", rp, v)
+		}
+		log.Writef(LogRPRegistration, "BEGIN registration for %s", rp)
+		// create client and make the registration request
+		// we use the scheme and host from the original request
+		rpOps := &providersOperations{
+			p:     r.pipeline,
+			u:     r.endpoint,
+			subID: subID,
+		}
+		if _, err = rpOps.Register(&shared.ContextWithDeniedValues{Context: req.Raw().Context()}, rp); err != nil {
+			logRegistrationExit(err)
+			return resp, err
+		}
+
+		// RP was registered, however we need to wait for the registration to complete
+		pollCtx, pollCancel := context.WithTimeout(&shared.ContextWithDeniedValues{Context: req.Raw().Context()}, r.options.PollingDuration)
+		var lastRegState string
+		for {
+			// get the current registration state
+			getResp, err := rpOps.Get(pollCtx, rp)
+			if err != nil {
+				pollCancel()
+				logRegistrationExit(err)
+				return resp, err
+			}
+			if getResp.Provider.RegistrationState != nil && !strings.EqualFold(*getResp.Provider.RegistrationState, lastRegState) {
+				// registration state has changed, or was updated for the first time
+				lastRegState = *getResp.Provider.RegistrationState
+				log.Writef(LogRPRegistration, "registration state is %s", lastRegState)
+			}
+			if strings.EqualFold(lastRegState, registeredState) {
+				// registration complete
+				pollCancel()
+				logRegistrationExit(lastRegState)
+				break
+			}
+			// wait before trying again
+			select {
+			case <-time.After(r.options.PollingDelay):
+				// continue polling
+			case <-pollCtx.Done():
+				pollCancel()
+				logRegistrationExit(pollCtx.Err())
+				return resp, pollCtx.Err()
+			}
+		}
+		// RP was successfully registered, retry the original request
+		err = req.RewindBody()
+		if err != nil {
+			return resp, err
+		}
+	}
+	// if we get here it means we exceeded the number of attempts
+	return resp, fmt.Errorf("exceeded attempts to register %s", rp)
+}
+
+var unregisteredRPCodes = []string{
+	"MissingSubscriptionRegistration",
+	"MissingRegistrationForResourceProvider",
+	"Subscription Not Registered",
+	"SubscriptionNotRegistered",
+}
+
+func isUnregisteredRPCode(errorCode string) bool {
+	for _, code := range unregisteredRPCodes {
+		if strings.EqualFold(errorCode, code) {
+			return true
+		}
+	}
+	return false
+}
+
+func getSubscription(path string) (string, error) {
+	parts := strings.Split(path, "/")
+	for i, v := range parts {
+		if v == "subscriptions" && (i+1) < len(parts) {
+			return parts[i+1], nil
+		}
+	}
+	return "", fmt.Errorf("failed to obtain subscription ID from %s", path)
+}
+
+func getProvider(re requestError) (string, error) {
+	if len(re.ServiceError.Details) > 0 {
+		return re.ServiceError.Details[0].Target, nil
+	}
+	return "", errors.New("unexpected empty Details")
+}
+
+// minimal error definitions to simplify detection
+type requestError struct {
+	ServiceError *serviceError `json:"error"`
+}
+
+type serviceError struct {
+	Code    string                `json:"code"`
+	Details []serviceErrorDetails `json:"details"`
+}
+
+type serviceErrorDetails struct {
+	Code   string `json:"code"`
+	Target string `json:"target"`
+}
+
+///////////////////////////////////////////////////////////////////////////////////////////////
+// the following code was copied from module armresources, providers.go and models.go
+// only the minimum amount of code was copied to get this working and some edits were made.
+///////////////////////////////////////////////////////////////////////////////////////////////
+
+type providersOperations struct {
+	p     runtime.Pipeline
+	u     string
+	subID string
+}
+
+// Get - Gets the specified resource provider.
+func (client *providersOperations) Get(ctx context.Context, resourceProviderNamespace string) (providerResponse, error) {
+	req, err := client.getCreateRequest(ctx, resourceProviderNamespace)
+	if err != nil {
+		return providerResponse{}, err
+	}
+	resp, err := client.p.Do(req)
+	if err != nil {
+		return providerResponse{}, err
+	}
+	result, err := client.getHandleResponse(resp)
+	if err != nil {
+		return providerResponse{}, err
+	}
+	return result, nil
+}
+
+// getCreateRequest creates the Get request.
+func (client *providersOperations) getCreateRequest(ctx context.Context, resourceProviderNamespace string) (*azpolicy.Request, error) {
+	urlPath := "/subscriptions/{subscriptionId}/providers/{resourceProviderNamespace}"
+	urlPath = strings.ReplaceAll(urlPath, "{resourceProviderNamespace}", url.PathEscape(resourceProviderNamespace))
+	urlPath = strings.ReplaceAll(urlPath, "{subscriptionId}", url.PathEscape(client.subID))
+	req, err := runtime.NewRequest(ctx, http.MethodGet, runtime.JoinPaths(client.u, urlPath))
+	if err != nil {
+		return nil, err
+	}
+	query := req.Raw().URL.Query()
+	query.Set("api-version", "2019-05-01")
+	req.Raw().URL.RawQuery = query.Encode()
+	return req, nil
+}
+
+// getHandleResponse handles the Get response.
+func (client *providersOperations) getHandleResponse(resp *http.Response) (providerResponse, error) {
+	if !runtime.HasStatusCode(resp, http.StatusOK) {
+		return providerResponse{}, exported.NewResponseError(resp)
+	}
+	result := providerResponse{RawResponse: resp}
+	err := runtime.UnmarshalAsJSON(resp, &result.Provider)
+	if err != nil {
+		return providerResponse{}, err
+	}
+	return result, err
+}
+
+// Register - Registers a subscription with a resource provider.
+func (client *providersOperations) Register(ctx context.Context, resourceProviderNamespace string) (providerResponse, error) {
+	req, err := client.registerCreateRequest(ctx, resourceProviderNamespace)
+	if err != nil {
+		return providerResponse{}, err
+	}
+	resp, err := client.p.Do(req)
+	if err != nil {
+		return providerResponse{}, err
+	}
+	result, err := client.registerHandleResponse(resp)
+	if err != nil {
+		return providerResponse{}, err
+	}
+	return result, nil
+}
+
+// registerCreateRequest creates the Register request.
+func (client *providersOperations) registerCreateRequest(ctx context.Context, resourceProviderNamespace string) (*azpolicy.Request, error) {
+	urlPath := "/subscriptions/{subscriptionId}/providers/{resourceProviderNamespace}/register"
+	urlPath = strings.ReplaceAll(urlPath, "{resourceProviderNamespace}", url.PathEscape(resourceProviderNamespace))
+	urlPath = strings.ReplaceAll(urlPath, "{subscriptionId}", url.PathEscape(client.subID))
+	req, err := runtime.NewRequest(ctx, http.MethodPost, runtime.JoinPaths(client.u, urlPath))
+	if err != nil {
+		return nil, err
+	}
+	query := req.Raw().URL.Query()
+	query.Set("api-version", "2019-05-01")
+	req.Raw().URL.RawQuery = query.Encode()
+	return req, nil
+}
+
+// registerHandleResponse handles the Register response.
+func (client *providersOperations) registerHandleResponse(resp *http.Response) (providerResponse, error) {
+	if !runtime.HasStatusCode(resp, http.StatusOK) {
+		return providerResponse{}, exported.NewResponseError(resp)
+	}
+	result := providerResponse{RawResponse: resp}
+	err := runtime.UnmarshalAsJSON(resp, &result.Provider)
+	if err != nil {
+		return providerResponse{}, err
+	}
+	return result, err
+}
+
+// ProviderResponse is the response envelope for operations that return a Provider type.
+type providerResponse struct {
+	// Resource provider information.
+	Provider *provider
+
+	// RawResponse contains the underlying HTTP response.
+	RawResponse *http.Response
+}
+
+// Provider - Resource provider information.
+type provider struct {
+	// The provider ID.
+	ID *string `json:"id,omitempty"`
+
+	// The namespace of the resource provider.
+	Namespace *string `json:"namespace,omitempty"`
+
+	// The registration policy of the resource provider.
+	RegistrationPolicy *string `json:"registrationPolicy,omitempty"`
+
+	// The registration state of the resource provider.
+	RegistrationState *string `json:"registrationState,omitempty"`
+}
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/arm/runtime/policy_trace_namespace.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/arm/runtime/policy_trace_namespace.go
new file mode 100644
index 00000000000..6cea184240f
--- /dev/null
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/arm/runtime/policy_trace_namespace.go
@@ -0,0 +1,30 @@
+//go:build go1.18
+// +build go1.18
+
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+package runtime
+
+import (
+	"net/http"
+
+	"github.com/Azure/azure-sdk-for-go/sdk/azcore/arm/internal/resource"
+	"github.com/Azure/azure-sdk-for-go/sdk/azcore/internal/shared"
+	"github.com/Azure/azure-sdk-for-go/sdk/azcore/policy"
+	"github.com/Azure/azure-sdk-for-go/sdk/azcore/tracing"
+)
+
+// httpTraceNamespacePolicy is a policy that adds the az.namespace attribute to the current Span
+func httpTraceNamespacePolicy(req *policy.Request) (resp *http.Response, err error) {
+	rawTracer := req.Raw().Context().Value(shared.CtxWithTracingTracer{})
+	if tracer, ok := rawTracer.(tracing.Tracer); ok && tracer.Enabled() {
+		rt, err := resource.ParseResourceType(req.Raw().URL.Path)
+		if err == nil {
+			// add the namespace attribute to the current span
+			span := tracer.SpanFromContext(req.Raw().Context())
+			span.SetAttributes(tracing.Attribute{Key: shared.TracingNamespaceAttrName, Value: rt.Namespace})
+		}
+	}
+	return req.Next()
+}
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/arm/runtime/runtime.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/arm/runtime/runtime.go
new file mode 100644
index 00000000000..1400d43799f
--- /dev/null
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/arm/runtime/runtime.go
@@ -0,0 +1,24 @@
+//go:build go1.16
+// +build go1.16
+
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+package runtime
+
+import "github.com/Azure/azure-sdk-for-go/sdk/azcore/cloud"
+
+func init() {
+	cloud.AzureChina.Services[cloud.ResourceManager] = cloud.ServiceConfiguration{
+		Audience: "https://management.core.chinacloudapi.cn",
+		Endpoint: "https://management.chinacloudapi.cn",
+	}
+	cloud.AzureGovernment.Services[cloud.ResourceManager] = cloud.ServiceConfiguration{
+		Audience: "https://management.core.usgovcloudapi.net",
+		Endpoint: "https://management.usgovcloudapi.net",
+	}
+	cloud.AzurePublic.Services[cloud.ResourceManager] = cloud.ServiceConfiguration{
+		Audience: "https://management.core.windows.net/",
+		Endpoint: "https://management.azure.com",
+	}
+}
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/CHANGELOG.md b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/CHANGELOG.md
index 7ea119ab30d..71dcb5f3e95 100644
--- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/CHANGELOG.md
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/CHANGELOG.md
@@ -1,5 +1,38 @@
 # Release History
 
+## 1.5.1 (2024-01-17)
+
+### Bugs Fixed
+* `InteractiveBrowserCredential` handles `AdditionallyAllowedTenants` correctly
+
+## 1.5.0 (2024-01-16)
+
+### Breaking Changes
+> These changes affect only code written against a beta version such as v1.5.0-beta.1
+* Removed persistent token caching. It will return in v1.6.0-beta.1
+
+### Bugs Fixed
+* Credentials now preserve MSAL headers e.g. X-Client-Sku
+
+### Other Changes
+* Upgraded dependencies
+
+## 1.5.0-beta.2 (2023-11-07)
+
+### Features Added
+* `DefaultAzureCredential` and `ManagedIdentityCredential` support Azure ML managed identity
+* Added spans for distributed tracing.
+
+## 1.5.0-beta.1 (2023-10-10)
+
+### Features Added
+* Optional persistent token caching for most credentials. Set `TokenCachePersistenceOptions`
+  on a credential's options to enable and configure this. See the package documentation for
+  this version and [TOKEN_CACHING.md](https://aka.ms/azsdk/go/identity/caching) for more
+  details.
+* `AzureDeveloperCLICredential` authenticates with the Azure Developer CLI (`azd`). This
+  credential is also part of the `DefaultAzureCredential` authentication flow.
+
 ## 1.4.0 (2023-10-10)
 
 ### Bugs Fixed
@@ -94,14 +127,14 @@
 ### Features Added
 * By default, credentials set client capability "CP1" to enable support for
   [Continuous Access Evaluation (CAE)](https://docs.microsoft.com/azure/active-directory/develop/app-resilience-continuous-access-evaluation).
-  This indicates to Azure Active Directory that your application can handle CAE claims challenges.
+  This indicates to Microsoft Entra ID that your application can handle CAE claims challenges.
   You can disable this behavior by setting the environment variable "AZURE_IDENTITY_DISABLE_CP1" to "true".
 * `InteractiveBrowserCredentialOptions.LoginHint` enables pre-populating the login
   prompt with a username ([#15599](https://github.com/Azure/azure-sdk-for-go/pull/15599))
 * Service principal and user credentials support ADFS authentication on Azure Stack.
   Specify "adfs" as the credential's tenant.
 * Applications running in private or disconnected clouds can prevent credentials from
-  requesting Azure AD instance metadata by setting the `DisableInstanceDiscovery`
+  requesting Microsoft Entra instance metadata by setting the `DisableInstanceDiscovery`
   field on credential options.
 * Many credentials can now be configured to authenticate in multiple tenants. The
   options types for these credentials have an `AdditionallyAllowedTenants` field
@@ -454,4 +487,4 @@
 
 ## 0.1.0 (2020-07-23)
 ### Features Added
-* Initial Release. Azure Identity library that provides Azure Active Directory token authentication support for the SDK.
+* Initial Release. Azure Identity library that provides Microsoft Entra token authentication support for the SDK.
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/MIGRATION.md b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/MIGRATION.md
index 4ac53eb7b27..1a649202303 100644
--- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/MIGRATION.md
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/MIGRATION.md
@@ -1,6 +1,6 @@
 # Migrating from autorest/adal to azidentity
 
-`azidentity` provides Azure Active Directory (Azure AD) authentication for the newest Azure SDK modules (`github.com/azure-sdk-for-go/sdk/...`). Older Azure SDK packages (`github.com/azure-sdk-for-go/services/...`) use types from `github.com/go-autorest/autorest/adal` instead.
+`azidentity` provides Microsoft Entra ID ([formerly Azure Active Directory](https://learn.microsoft.com/azure/active-directory/fundamentals/new-name)) authentication for the newest Azure SDK modules (`github.com/azure-sdk-for-go/sdk/...`). Older Azure SDK packages (`github.com/azure-sdk-for-go/services/...`) use types from `github.com/go-autorest/autorest/adal` instead.
 
 This guide shows common authentication code using `autorest/adal` and its equivalent using `azidentity`.
 
@@ -18,7 +18,7 @@ This guide shows common authentication code using `autorest/adal` and its equiva
 
 ### `autorest/adal`
 
-Token providers require a token audience (resource identifier) and an instance of `adal.OAuthConfig`, which requires an Azure AD endpoint and tenant:
+Token providers require a token audience (resource identifier) and an instance of `adal.OAuthConfig`, which requires a Microsoft Entra endpoint and tenant:
 
 ```go
 import "github.com/Azure/go-autorest/autorest/adal"
@@ -284,7 +284,7 @@ if err == nil {
 }
 ```
 
-Note that `azidentity` credentials use the Azure AD v2.0 endpoint, which requires OAuth 2 scopes instead of the resource identifiers `autorest/adal` expects. For more information, see [Azure AD documentation](https://docs.microsoft.com/azure/active-directory/develop/v2-permissions-and-consent).
+Note that `azidentity` credentials use the Microsoft Entra endpoint, which requires OAuth 2 scopes instead of the resource identifiers `autorest/adal` expects. For more information, see [Microsoft Entra ID documentation](https://learn.microsoft.com/azure/active-directory/develop/permissions-consent-overview).
 
 ## Use azidentity credentials with older packages
 
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/README.md b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/README.md
index da0baa9add3..b6ad2d39f84 100644
--- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/README.md
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/README.md
@@ -1,9 +1,9 @@
 # Azure Identity Client Module for Go
 
-The Azure Identity module provides Azure Active Directory (Azure AD) token authentication support across the Azure SDK. It includes a set of `TokenCredential` implementations, which can be used with Azure SDK clients supporting token authentication.
+The Azure Identity module provides Microsoft Entra ID ([formerly Azure Active Directory](https://learn.microsoft.com/azure/active-directory/fundamentals/new-name)) token authentication support across the Azure SDK. It includes a set of `TokenCredential` implementations, which can be used with Azure SDK clients supporting token authentication.
 
 [![PkgGoDev](https://pkg.go.dev/badge/github.com/Azure/azure-sdk-for-go/sdk/azidentity)](https://pkg.go.dev/github.com/Azure/azure-sdk-for-go/sdk/azidentity)
-| [Azure Active Directory documentation](https://docs.microsoft.com/azure/active-directory/)
+| [Microsoft Entra ID documentation](https://learn.microsoft.com/azure/active-directory/)
 | [Source code](https://github.com/Azure/azure-sdk-for-go/tree/main/sdk/azidentity)
 
 # Getting started
@@ -35,6 +35,12 @@ signed in to the [Azure CLI](https://docs.microsoft.com/cli/azure). To sign in t
 When no default browser is available, `az login` will use the device code
 authentication flow. This can also be selected manually by running `az login --use-device-code`.
 
+#### Authenticate via the Azure Developer CLI
+
+Developers coding outside of an IDE can also use the [Azure Developer CLI](https://aka.ms/azure-dev) to authenticate. Applications using the `DefaultAzureCredential` or the `AzureDeveloperCLICredential` can use the account logged in to the Azure Developer CLI to authenticate calls in their application when running locally.
+
+To authenticate with the Azure Developer CLI, run `azd auth login`. On a system with a default web browser, `azd` will launch the browser to authenticate. On systems without a default web browser, run `azd auth login --use-device-code` to use the device code authentication flow.
+
 ## Key concepts
 
 ### Credentials
@@ -44,9 +50,7 @@ service client to authenticate requests. Service clients across the Azure SDK
 accept a credential instance when they are constructed, and use that credential
 to authenticate requests.
 
-The `azidentity` module focuses on OAuth authentication with Azure Active
-Directory (AAD). It offers a variety of credential types capable of acquiring
-an Azure AD access token. See [Credential Types](#credential-types "Credential Types") for a list of this module's credential types.
+The `azidentity` module focuses on OAuth authentication with Microsoft Entra ID. It offers a variety of credential types capable of acquiring a Microsoft Entra access token. See [Credential Types](#credential-types "Credential Types") for a list of this module's credential types.
 
 ### DefaultAzureCredential
 
@@ -58,6 +62,7 @@ an Azure AD access token. See [Credential Types](#credential-types "Credential T
 1. **Workload Identity** - If the app is deployed on Kubernetes with environment variables set by the workload identity webhook, `DefaultAzureCredential` will authenticate the configured identity.
 1. **Managed Identity** - If the app is deployed to an Azure host with managed identity enabled, `DefaultAzureCredential` will authenticate with it.
 1. **Azure CLI** - If a user or service principal has authenticated via the Azure CLI `az login` command, `DefaultAzureCredential` will authenticate that identity.
+1. **Azure Developer CLI** - If the developer has authenticated via the Azure Developer CLI `azd auth login` command, the `DefaultAzureCredential` will authenticate with that account.
 
 > Note: `DefaultAzureCredential` is intended to simplify getting started with the SDK by handling common scenarios with reasonable default behaviors. Developers who want more control or whose scenario isn't served by the default settings should use other credential types.
 
@@ -152,6 +157,7 @@ client := armresources.NewResourceGroupsClient("subscription ID", chain, nil)
 |Credential|Usage
 |-|-
 |[AzureCLICredential](https://pkg.go.dev/github.com/Azure/azure-sdk-for-go/sdk/azidentity#AzureCLICredential)|Authenticate as the user signed in to the Azure CLI
+|[`AzureDeveloperCLICredential`](https://pkg.go.dev/github.com/Azure/azure-sdk-for-go/sdk/azidentity#AzureDeveloperCLICredential)|Authenticates as the user signed in to the Azure Developer CLI
 
 ## Environment Variables
 
@@ -161,16 +167,16 @@ client := armresources.NewResourceGroupsClient("subscription ID", chain, nil)
 
 |variable name|value
 |-|-
-|`AZURE_CLIENT_ID`|ID of an Azure Active Directory application
-|`AZURE_TENANT_ID`|ID of the application's Azure Active Directory tenant
+|`AZURE_CLIENT_ID`|ID of a Microsoft Entra application
+|`AZURE_TENANT_ID`|ID of the application's Microsoft Entra tenant
 |`AZURE_CLIENT_SECRET`|one of the application's client secrets
 
 #### Service principal with certificate
 
 |variable name|value
 |-|-
-|`AZURE_CLIENT_ID`|ID of an Azure Active Directory application
-|`AZURE_TENANT_ID`|ID of the application's Azure Active Directory tenant
+|`AZURE_CLIENT_ID`|ID of a Microsoft Entra application
+|`AZURE_TENANT_ID`|ID of the application's Microsoft Entra tenant
 |`AZURE_CLIENT_CERTIFICATE_PATH`|path to a certificate file including private key
 |`AZURE_CLIENT_CERTIFICATE_PASSWORD`|password of the certificate file, if any
 
@@ -178,22 +184,30 @@ client := armresources.NewResourceGroupsClient("subscription ID", chain, nil)
 
 |variable name|value
 |-|-
-|`AZURE_CLIENT_ID`|ID of an Azure Active Directory application
+|`AZURE_CLIENT_ID`|ID of a Microsoft Entra application
 |`AZURE_USERNAME`|a username (usually an email address)
 |`AZURE_PASSWORD`|that user's password
 
 Configuration is attempted in the above order. For example, if values for a
 client secret and certificate are both present, the client secret will be used.
 
+## Token caching
+
+Token caching is an `azidentity` feature that allows apps to:
+
+* Cache tokens in memory (default) or on disk (opt-in).
+* Improve resilience and performance.
+* Reduce the number of requests made to Microsoft Entra ID to obtain access tokens.
+
+For more details, see the [token caching documentation](https://aka.ms/azsdk/go/identity/caching).
+
 ## Troubleshooting
 
 ### Error Handling
 
 Credentials return an `error` when they fail to authenticate or lack data they require to authenticate. For guidance on resolving errors from specific credential types, see the [troubleshooting guide](https://aka.ms/azsdk/go/identity/troubleshoot).
 
-For more details on handling specific Azure Active Directory errors please refer to the
-Azure Active Directory
-[error code documentation](https://docs.microsoft.com/azure/active-directory/develop/reference-aadsts-error-codes).
+For more details on handling specific Microsoft Entra errors, see the Microsoft Entra [error code documentation](https://learn.microsoft.com/azure/active-directory/develop/reference-error-codes).
 
 ### Logging
 
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/TOKEN_CACHING.MD b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/TOKEN_CACHING.MD
new file mode 100644
index 00000000000..c0d6601469c
--- /dev/null
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/TOKEN_CACHING.MD
@@ -0,0 +1,70 @@
+## Token caching in the Azure Identity client module
+
+*Token caching* is a feature provided by the Azure Identity library that allows apps to:
+
+- Improve their resilience and performance.
+- Reduce the number of requests made to Microsoft Entra ID to obtain access tokens.
+- Reduce the number of times the user is prompted to authenticate.
+
+When an app needs to access a protected Azure resource, it typically needs to obtain an access token from Entra ID. Obtaining that token involves sending a request to Entra ID and may also involve prompting the user. Entra ID then validates the credentials provided in the request and issues an access token.
+
+Token caching, via the Azure Identity library, allows the app to store this access token [in memory](#in-memory-token-caching), where it's accessible to the current process, or [on disk](#persistent-token-caching) where it can be accessed across application or process invocations. The token can then be retrieved quickly and easily the next time the app needs to access the same resource. The app can avoid making another request to Entra ID, which reduces network traffic and improves resilience. Additionally, in scenarios where the app is authenticating users, token caching also avoids prompting the user each time new tokens are requested.
+
+### In-memory token caching
+
+*In-memory token caching* is the default option provided by the Azure Identity library. This caching approach allows apps to store access tokens in memory. With in-memory token caching, the library first determines if a valid access token for the requested resource is already stored in memory. If a valid token is found, it's returned to the app without the need to make another request to Entra ID. If a valid token isn't found, the library will automatically acquire a token by sending a request to Entra ID. The in-memory token cache provided by the Azure Identity library is thread-safe.
+
+**Note:** When Azure Identity library credentials are used with Azure service libraries (for example, Azure Blob Storage), the in-memory token caching is active in the `Pipeline` layer as well. All `TokenCredential` implementations are supported there, including custom implementations external to the Azure Identity library.
+
+#### Caching cannot be disabled
+
+As there are many levels of caching, it's not possible disable in-memory caching. However, the in-memory cache may be cleared by creating a new credential instance.
+
+### Persistent token caching
+
+> Only azidentity v1.5.0-beta versions support persistent token caching
+
+*Persistent disk token caching* is an opt-in feature in the Azure Identity library. The feature allows apps to cache access tokens in an encrypted, persistent storage mechanism. As indicated in the following table, the storage mechanism differs across operating systems.
+
+| Operating system | Storage mechanism                     |
+|------------------|---------------------------------------|
+| Linux            | kernel key retention service (keyctl) |
+| macOS            | Keychain                              |
+| Windows          | DPAPI                                 |
+
+By default the token cache will protect any data which is persisted using the user data protection APIs available on the current platform.
+However, there are cases where no data protection is available, and applications may choose to allow storing the token cache in an unencrypted state by setting `TokenCachePersistenceOptions.AllowUnencryptedStorage` to `true`. This allows a credential to fall back to unencrypted storage if it can't encrypt the cache. However, we do not recommend using this storage method due to its significantly lower security measures. In addition, tokens are not encrypted solely to the current user, which could potentially allow unauthorized access to the cache by individuals with machine access.
+
+With persistent disk token caching enabled, the library first determines if a valid access token for the requested resource is already stored in the persistent cache. If a valid token is found, it's returned to the app without the need to make another request to Entra ID. Additionally, the tokens are preserved across app runs, which:
+
+- Makes the app more resilient to failures.
+- Ensures the app can continue to function during an Entra ID outage or disruption.
+- Avoids having to prompt users to authenticate each time the process is restarted.
+
+>IMPORTANT! The token cache contains sensitive data and **MUST** be protected to prevent compromising accounts. All application decisions regarding the persistence of the token cache must consider that a breach of its content will fully compromise all the accounts it contains.
+
+#### Example code
+
+See the [package documentation](https://pkg.go.dev/github.com/Azure/azure-sdk-for-go/sdk/azidentity@v1.5.0-beta.1#pkg-overview) for code examples demonstrating how to configure persistent caching and access cached data.
+
+### Credentials supporting token caching
+
+The following table indicates the state of in-memory and persistent caching in each credential type.
+
+**Note:** In-memory caching is activated by default. Persistent token caching needs to be enabled as shown in [this example](https://pkg.go.dev/github.com/Azure/azure-sdk-for-go/sdk/azidentity@v1.5.0-beta.1#example-package-PersistentCache).
+
+| Credential                     | In-memory token caching                                             | Persistent token caching |
+|--------------------------------|---------------------------------------------------------------------|--------------------------|
+| `AzureCLICredential`           | Not Supported                                                       | Not Supported            |
+| `AzureDeveloperCLICredential`  | Not Supported                                                       | Not Supported            |
+| `ClientAssertionCredential`    | Supported                                                           | Supported                |
+| `ClientCertificateCredential`  | Supported                                                           | Supported                |
+| `ClientSecretCredential`       | Supported                                                           | Supported                |
+| `DefaultAzureCredential`       | Supported if the target credential in the default chain supports it | Not Supported            |
+| `DeviceCodeCredential`         | Supported                                                           | Supported                |
+| `EnvironmentCredential`        | Supported                                                           | Not Supported            |
+| `InteractiveBrowserCredential` | Supported                                                           | Supported                |
+| `ManagedIdentityCredential`    | Supported                                                           | Not Supported            |
+| `OnBehalfOfCredential`         | Supported                                                           | Supported                |
+| `UsernamePasswordCredential`   | Supported                                                           | Supported                |
+| `WorkloadIdentityCredential`   | Supported                                                           | Supported                |
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/TROUBLESHOOTING.md b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/TROUBLESHOOTING.md
index fef099813c8..832c599eb90 100644
--- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/TROUBLESHOOTING.md
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/TROUBLESHOOTING.md
@@ -8,7 +8,8 @@ This troubleshooting guide covers failure investigation techniques, common error
   - [Permission issues](#permission-issues)
 - [Find relevant information in errors](#find-relevant-information-in-errors)
 - [Enable and configure logging](#enable-and-configure-logging)
-- [Troubleshoot AzureCliCredential authentication issues](#troubleshoot-azureclicredential-authentication-issues)
+- [Troubleshoot AzureCLICredential authentication issues](#troubleshoot-azureclicredential-authentication-issues)
+- [Troubleshoot AzureDeveloperCLICredential authentication issues](#troubleshoot-azuredeveloperclicredential-authentication-issues)
 - [Troubleshoot ClientCertificateCredential authentication issues](#troubleshoot-clientcertificatecredential-authentication-issues)
 - [Troubleshoot ClientSecretCredential authentication issues](#troubleshoot-clientsecretcredential-authentication-issues)
 - [Troubleshoot DefaultAzureCredential authentication issues](#troubleshoot-defaultazurecredential-authentication-issues)
@@ -23,7 +24,7 @@ This troubleshooting guide covers failure investigation techniques, common error
 
 ## Handle azidentity errors
 
-Any service client method that makes a request to the service may return an error due to authentication failure. This is because the credential authenticates on the first call to the service and on any subsequent call that needs to refresh an access token. Authentication errors include a description of the failure and possibly an error message from Azure Active Directory (Azure AD). Depending on the application, these errors may or may not be recoverable.
+Any service client method that makes a request to the service may return an error due to authentication failure. This is because the credential authenticates on the first call to the service and on any subsequent call that needs to refresh an access token. Authentication errors include a description of the failure and possibly an error message from Microsoft Entra ID. Depending on the application, these errors may or may not be recoverable.
 
 ### Permission issues
 
@@ -31,7 +32,7 @@ Service client errors with a status code of 401 or 403 often indicate that authe
 
 ## Find relevant information in errors
 
-Authentication errors can include responses from Azure AD and often contain information helpful in diagnosis. Consider the following error message:
+Authentication errors can include responses from Microsoft Entra ID and often contain information helpful in diagnosis. Consider the following error message:
 
 ```
 ClientSecretCredential authentication failed
@@ -57,9 +58,9 @@ This error contains several pieces of information:
 
 - __Failing Credential Type__: The type of credential that failed to authenticate. This can be helpful when diagnosing issues with chained credential types such as `DefaultAzureCredential` or `ChainedTokenCredential`.
 
-- __Azure AD Error Code and Message__: The error code and message returned by Azure AD. This can give insight into the specific reason the request failed. For instance, in this case authentication failed because the provided client secret is incorrect. [Azure AD documentation](https://docs.microsoft.com/azure/active-directory/develop/reference-aadsts-error-codes#aadsts-error-codes) has more information on AADSTS error codes.
+- __Microsoft Entra ID Error Code and Message__: The error code and message returned by Microsoft Entra ID. This can give insight into the specific reason the request failed. For instance, in this case authentication failed because the provided client secret is incorrect. [Microsoft Entra ID documentation](https://learn.microsoft.com/azure/active-directory/develop/reference-error-codes#aadsts-error-codes) has more information on AADSTS error codes.
 
-- __Correlation ID and Timestamp__: The correlation ID and timestamp identify the request in server-side logs. This information can be useful to support engineers diagnosing unexpected Azure AD failures.
+- __Correlation ID and Timestamp__: The correlation ID and timestamp identify the request in server-side logs. This information can be useful to support engineers diagnosing unexpected Microsoft Entra failures.
 
 ### Enable and configure logging
 
@@ -96,17 +97,17 @@ azlog.SetEvents(azidentity.EventAuthentication)
 
 | Error Code | Issue | Mitigation |
 |---|---|---|
-|AADSTS7000215|An invalid client secret was provided.|Ensure the secret provided to the credential constructor is valid. If unsure, create a new client secret using the Azure portal. Details on creating a new client secret are in [Azure AD documentation](https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal#option-2-create-a-new-application-secret).|
-|AADSTS7000222|An expired client secret was provided.|Create a new client secret using the Azure portal. Details on creating a new client secret are in [Azure AD documentation](https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal#option-2-create-a-new-application-secret).|
-|AADSTS700016|The specified application wasn't found in the specified tenant.|Ensure the client and tenant IDs provided to the credential constructor are correct for your application registration. For multi-tenant apps, ensure the application has been added to the desired tenant by a tenant admin. To add a new application in the desired tenant, follow the [Azure AD instructions](https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal).|
+|AADSTS7000215|An invalid client secret was provided.|Ensure the secret provided to the credential constructor is valid. If unsure, create a new client secret using the Azure portal. Details on creating a new client secret are in [Microsoft Entra ID documentation](https://learn.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal#option-2-create-a-new-application-secret).|
+|AADSTS7000222|An expired client secret was provided.|Create a new client secret using the Azure portal. Details on creating a new client secret are in [Microsoft Entra ID documentation](https://learn.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal#option-2-create-a-new-application-secret).|
+|AADSTS700016|The specified application wasn't found in the specified tenant.|Ensure the client and tenant IDs provided to the credential constructor are correct for your application registration. For multi-tenant apps, ensure the application has been added to the desired tenant by a tenant admin. To add a new application in the desired tenant, follow the [Microsoft Entra ID instructions](https://learn.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal).|
 
 <a id="client-cert"></a>
 ## Troubleshoot ClientCertificateCredential authentication issues
 
 | Error Code | Description | Mitigation |
 |---|---|---|
-|AADSTS700027|Client assertion contains an invalid signature.|Ensure the specified certificate has been uploaded to the application registration as described in [Azure AD documentation](https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal#option-1-upload-a-certificate).|
-|AADSTS700016|The specified application wasn't found in the specified tenant.|Ensure the client and tenant IDs provided to the credential constructor are correct for your application registration. For multi-tenant apps, ensure the application has been added to the desired tenant by a tenant admin. To add a new application in the desired tenant, follow the [Azure AD instructions](https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal).|
+|AADSTS700027|Client assertion contains an invalid signature.|Ensure the specified certificate has been uploaded to the application registration as described in [Microsoft Entra ID documentation](https://learn.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal#option-1-upload-a-certificate).|
+|AADSTS700016|The specified application wasn't found in the specified tenant.|Ensure the client and tenant IDs provided to the credential constructor are correct for your application registration. For multi-tenant apps, ensure the application has been added to the desired tenant by a tenant admin. To add a new application in the desired tenant, follow the [Microsoft Entra ID instructions](https://learn.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal).|
 
 <a id="username-password"></a>
 ## Troubleshoot UsernamePasswordCredential authentication issues
@@ -172,7 +173,7 @@ curl "$IDENTITY_ENDPOINT?resource=https://management.core.windows.net&api-versio
 |"no azure identity found for request clientID"|The application attempted to authenticate before an identity was assigned to its pod|Verify the pod is labeled correctly. This also occurs when a correctly labeled pod authenticates before the identity is ready. To prevent initialization races, configure NMI to set the Retry-After header in its responses as described in [Pod Identity documentation](https://azure.github.io/aad-pod-identity/docs/configure/feature_flags/#set-retry-after-header-in-nmi-response).
 
 <a id="azure-cli"></a>
-## Troubleshoot AzureCliCredential authentication issues
+## Troubleshoot AzureCLICredential authentication issues
 
 | Error Message |Description| Mitigation |
 |---|---|---|
@@ -195,6 +196,29 @@ az account get-access-token --output json --resource https://management.core.win
 
 > This command's output will contain an access token and SHOULD NOT BE SHARED, to avoid compromising account security.
 
+<a id="azd"></a>
+## Troubleshoot AzureDeveloperCLICredential authentication issues
+
+| Error Message |Description| Mitigation |
+|---|---|---|
+|Azure Developer CLI not found on path|The Azure Developer CLI isn't installed or couldn't be found.|<ul><li>Ensure the Azure Developer CLI is properly installed. See the installation instructions at [Install or update the Azure Developer CLI](https://learn.microsoft.com/azure/developer/azure-developer-cli/install-azd).</li><li>Validate the installation location has been added to the `PATH` environment variable.</li></ul>|
+|Please run "azd auth login"|No account is logged into the Azure Developer CLI, or the login has expired.|<ul><li>Log in to the Azure Developer CLI using the `azd login` command.</li><li>Validate that the Azure Developer CLI can obtain tokens. For instructions, see [Verify the Azure Developer CLI can obtain tokens](#verify-the-azure-developer-cli-can-obtain-tokens).</li></ul>|
+
+#### Verify the Azure Developer CLI can obtain tokens
+
+You can manually verify that the Azure Developer CLI is properly authenticated and can obtain tokens. First, use the `config` command to verify the account that is currently logged in to the Azure Developer CLI.
+
+```sh
+azd config list
+```
+
+Once you've verified the Azure Developer CLI is using correct account, you can validate that it's able to obtain tokens for this account.
+
+```sh
+azd auth token --output json --scope https://management.core.windows.net/.default
+```
+>Note that output of this command will contain a valid access token, and SHOULD NOT BE SHARED to avoid compromising account security.
+
 <a id="workload"></a>
 ## Troubleshoot `WorkloadIdentityCredential` authentication issues
 
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/assets.json b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/assets.json
index 47e77f88e3f..173ce2b3cda 100644
--- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/assets.json
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/assets.json
@@ -2,5 +2,5 @@
   "AssetsRepo": "Azure/azure-sdk-assets",
   "AssetsRepoPrefixPath": "go",
   "TagPrefix": "go/azidentity",
-  "Tag": "go/azidentity_6225ab0470"
+  "Tag": "go/azidentity_db4a26f583"
 }
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/authentication_record.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/authentication_record.go
new file mode 100644
index 00000000000..ada4d6501d2
--- /dev/null
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/authentication_record.go
@@ -0,0 +1,95 @@
+//go:build go1.18
+// +build go1.18
+
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+package azidentity
+
+import (
+	"encoding/json"
+	"errors"
+	"fmt"
+	"net/url"
+	"strings"
+
+	"github.com/AzureAD/microsoft-authentication-library-for-go/apps/public"
+)
+
+var supportedAuthRecordVersions = []string{"1.0"}
+
+// authenticationRecord is non-secret account information about an authenticated user that user credentials such as
+// [DeviceCodeCredential] and [InteractiveBrowserCredential] can use to access previously cached authentication
+// data. Call these credentials' Authenticate method to get an authenticationRecord for a user.
+type authenticationRecord struct {
+	// Authority is the URL of the authority that issued the token.
+	Authority string `json:"authority"`
+
+	// ClientID is the ID of the application that authenticated the user.
+	ClientID string `json:"clientId"`
+
+	// HomeAccountID uniquely identifies the account.
+	HomeAccountID string `json:"homeAccountId"`
+
+	// TenantID identifies the tenant in which the user authenticated.
+	TenantID string `json:"tenantId"`
+
+	// Username is the user's preferred username.
+	Username string `json:"username"`
+
+	// Version of the AuthenticationRecord.
+	Version string `json:"version"`
+}
+
+// UnmarshalJSON implements json.Unmarshaler for AuthenticationRecord
+func (a *authenticationRecord) UnmarshalJSON(b []byte) error {
+	// Default unmarshaling is fine but we want to return an error if the record's version isn't supported i.e., we
+	// want to inspect the unmarshalled values before deciding whether to return an error. Unmarshaling a formally
+	// different type enables this by assigning all the fields without recursing into this method.
+	type r authenticationRecord
+	err := json.Unmarshal(b, (*r)(a))
+	if err != nil {
+		return err
+	}
+	if a.Version == "" {
+		return errors.New("AuthenticationRecord must have a version")
+	}
+	for _, v := range supportedAuthRecordVersions {
+		if a.Version == v {
+			return nil
+		}
+	}
+	return fmt.Errorf("unsupported AuthenticationRecord version %q. This module supports %v", a.Version, supportedAuthRecordVersions)
+}
+
+// account returns the AuthenticationRecord as an MSAL Account. The account is zero-valued when the AuthenticationRecord is zero-valued.
+func (a *authenticationRecord) account() public.Account {
+	return public.Account{
+		Environment:       a.Authority,
+		HomeAccountID:     a.HomeAccountID,
+		PreferredUsername: a.Username,
+	}
+}
+
+func newAuthenticationRecord(ar public.AuthResult) (authenticationRecord, error) {
+	u, err := url.Parse(ar.IDToken.Issuer)
+	if err != nil {
+		return authenticationRecord{}, fmt.Errorf("Authenticate expected a URL issuer but got %q", ar.IDToken.Issuer)
+	}
+	tenant := ar.IDToken.TenantID
+	if tenant == "" {
+		tenant = strings.Trim(u.Path, "/")
+	}
+	username := ar.IDToken.PreferredUsername
+	if username == "" {
+		username = ar.IDToken.UPN
+	}
+	return authenticationRecord{
+		Authority:     fmt.Sprintf("%s://%s", u.Scheme, u.Host),
+		ClientID:      ar.IDToken.Audience,
+		HomeAccountID: ar.Account.HomeAccountID,
+		TenantID:      tenant,
+		Username:      username,
+		Version:       "1.0",
+	}, nil
+}
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/azidentity.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/azidentity.go
index 10b742ce1a1..c3bcfb56c0a 100644
--- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/azidentity.go
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/azidentity.go
@@ -15,12 +15,12 @@ import (
 	"net/http"
 	"net/url"
 	"os"
-	"regexp"
 
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore"
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore/cloud"
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime"
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore/streaming"
+	"github.com/Azure/azure-sdk-for-go/sdk/azidentity/internal"
 	"github.com/AzureAD/microsoft-authentication-library-for-go/apps/confidential"
 	"github.com/AzureAD/microsoft-authentication-library-for-go/apps/public"
 )
@@ -41,6 +41,10 @@ const (
 	organizationsTenantID   = "organizations"
 	developerSignOnClientID = "04b07795-8ddb-461a-bbee-02f9e1bf7b46"
 	defaultSuffix           = "/.default"
+
+	traceNamespace      = "Microsoft.Entra"
+	traceOpGetToken     = "GetToken"
+	traceOpAuthenticate = "Authenticate"
 )
 
 var (
@@ -49,6 +53,9 @@ var (
 	errInvalidTenantID = errors.New("invalid tenantID. You can locate your tenantID by following the instructions listed here: https://learn.microsoft.com/partner-center/find-ids-and-domain-names")
 )
 
+// tokenCachePersistenceOptions contains options for persistent token caching
+type tokenCachePersistenceOptions = internal.TokenCachePersistenceOptions
+
 // setAuthorityHost initializes the authority host for credentials. Precedence is:
 //  1. cloud.Configuration.ActiveDirectoryAuthorityHost value set by user
 //  2. value of AZURE_AUTHORITY_HOST
@@ -109,29 +116,20 @@ func resolveTenant(defaultTenant, specified, credName string, additionalTenants
 	return "", fmt.Errorf(`%s isn't configured to acquire tokens for tenant %q. To enable acquiring tokens for this tenant add it to the AdditionallyAllowedTenants on the credential options, or add "*" to allow acquiring tokens for any tenant`, credName, specified)
 }
 
-// validTenantID return true is it receives a valid tenantID, returns false otherwise
-func validTenantID(tenantID string) bool {
-	match, err := regexp.MatchString("^[0-9a-zA-Z-.]+$", tenantID)
-	if err != nil {
-		return false
-	}
-	return match
-}
-
-func newPipelineAdapter(opts *azcore.ClientOptions) pipelineAdapter {
-	pl := runtime.NewPipeline(component, version, runtime.PipelineOptions{}, opts)
-	return pipelineAdapter{pl: pl}
-}
-
-type pipelineAdapter struct {
-	pl runtime.Pipeline
+func alphanumeric(r rune) bool {
+	return ('0' <= r && r <= '9') || ('a' <= r && r <= 'z') || ('A' <= r && r <= 'Z')
 }
 
-func (p pipelineAdapter) CloseIdleConnections() {
-	// do nothing
+func validTenantID(tenantID string) bool {
+	for _, r := range tenantID {
+		if !(alphanumeric(r) || r == '.' || r == '-') {
+			return false
+		}
+	}
+	return true
 }
 
-func (p pipelineAdapter) Do(r *http.Request) (*http.Response, error) {
+func doForClient(client *azcore.Client, r *http.Request) (*http.Response, error) {
 	req, err := runtime.NewRequest(r.Context(), r.Method, r.URL.String())
 	if err != nil {
 		return nil, err
@@ -153,7 +151,18 @@ func (p pipelineAdapter) Do(r *http.Request) (*http.Response, error) {
 			return nil, err
 		}
 	}
-	resp, err := p.pl.Do(req)
+
+	// copy headers to the new request, ignoring any for which the new request has a value
+	h := req.Raw().Header
+	for key, vals := range r.Header {
+		if _, has := h[key]; !has {
+			for _, val := range vals {
+				h.Add(key, val)
+			}
+		}
+	}
+
+	resp, err := client.Pipeline().Do(req)
 	if err != nil {
 		return nil, err
 	}
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/azure_cli_credential.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/azure_cli_credential.go
index 55a0d654347..43577ab3c5f 100644
--- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/azure_cli_credential.go
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/azure_cli_credential.go
@@ -14,7 +14,6 @@ import (
 	"fmt"
 	"os"
 	"os/exec"
-	"regexp"
 	"runtime"
 	"strings"
 	"sync"
@@ -25,13 +24,9 @@ import (
 	"github.com/Azure/azure-sdk-for-go/sdk/internal/log"
 )
 
-const (
-	credNameAzureCLI  = "AzureCLICredential"
-	timeoutCLIRequest = 10 * time.Second
-)
+const credNameAzureCLI = "AzureCLICredential"
 
-// used by tests to fake invoking the CLI
-type azureCLITokenProvider func(ctx context.Context, resource string, tenantID string) ([]byte, error)
+type azTokenProvider func(ctx context.Context, scopes []string, tenant, subscription string) ([]byte, error)
 
 // AzureCLICredentialOptions contains optional parameters for AzureCLICredential.
 type AzureCLICredentialOptions struct {
@@ -39,17 +34,25 @@ type AzureCLICredentialOptions struct {
 	// to TenantID. Add the wildcard value "*" to allow the credential to acquire tokens for any tenant the
 	// logged in account can access.
 	AdditionallyAllowedTenants []string
+
+	// subscription is the name or ID of a subscription. Set this to acquire tokens for an account other
+	// than the Azure CLI's current account.
+	subscription string
+
 	// TenantID identifies the tenant the credential should authenticate in.
 	// Defaults to the CLI's default tenant, which is typically the home tenant of the logged in user.
 	TenantID string
 
-	tokenProvider azureCLITokenProvider
+	// inDefaultChain is true when the credential is part of DefaultAzureCredential
+	inDefaultChain bool
+	// tokenProvider is used by tests to fake invoking az
+	tokenProvider azTokenProvider
 }
 
 // init returns an instance of AzureCLICredentialOptions initialized with default values.
 func (o *AzureCLICredentialOptions) init() {
 	if o.tokenProvider == nil {
-		o.tokenProvider = defaultTokenProvider
+		o.tokenProvider = defaultAzTokenProvider
 	}
 }
 
@@ -65,6 +68,14 @@ func NewAzureCLICredential(options *AzureCLICredentialOptions) (*AzureCLICredent
 	if options != nil {
 		cp = *options
 	}
+	for _, r := range cp.subscription {
+		if !(alphanumeric(r) || r == '-' || r == '_' || r == ' ' || r == '.') {
+			return nil, fmt.Errorf("%s: invalid Subscription %q", credNameAzureCLI, cp.subscription)
+		}
+	}
+	if cp.TenantID != "" && !validTenantID(cp.TenantID) {
+		return nil, errInvalidTenantID
+	}
 	cp.init()
 	cp.AdditionallyAllowedTenants = resolveAdditionalTenants(cp.AdditionallyAllowedTenants)
 	return &AzureCLICredential{mu: &sync.Mutex{}, opts: cp}, nil
@@ -73,50 +84,51 @@ func NewAzureCLICredential(options *AzureCLICredentialOptions) (*AzureCLICredent
 // GetToken requests a token from the Azure CLI. This credential doesn't cache tokens, so every call invokes the CLI.
 // This method is called automatically by Azure SDK clients.
 func (c *AzureCLICredential) GetToken(ctx context.Context, opts policy.TokenRequestOptions) (azcore.AccessToken, error) {
+	at := azcore.AccessToken{}
 	if len(opts.Scopes) != 1 {
-		return azcore.AccessToken{}, errors.New(credNameAzureCLI + ": GetToken() requires exactly one scope")
+		return at, errors.New(credNameAzureCLI + ": GetToken() requires exactly one scope")
+	}
+	if !validScope(opts.Scopes[0]) {
+		return at, fmt.Errorf("%s.GetToken(): invalid scope %q", credNameAzureCLI, opts.Scopes[0])
 	}
 	tenant, err := resolveTenant(c.opts.TenantID, opts.TenantID, credNameAzureCLI, c.opts.AdditionallyAllowedTenants)
 	if err != nil {
-		return azcore.AccessToken{}, err
+		return at, err
 	}
-	// pass the CLI an AAD v1 resource because we don't know which CLI version is installed and older ones don't support v2 scopes
-	opts.Scopes = []string{strings.TrimSuffix(opts.Scopes[0], defaultSuffix)}
 	c.mu.Lock()
 	defer c.mu.Unlock()
-	b, err := c.opts.tokenProvider(ctx, opts.Scopes[0], tenant)
-	if err != nil {
-		return azcore.AccessToken{}, err
+	b, err := c.opts.tokenProvider(ctx, opts.Scopes, tenant, c.opts.subscription)
+	if err == nil {
+		at, err = c.createAccessToken(b)
 	}
-	at, err := c.createAccessToken(b)
 	if err != nil {
-		return azcore.AccessToken{}, err
+		err = unavailableIfInChain(err, c.opts.inDefaultChain)
+		return at, err
 	}
 	msg := fmt.Sprintf("%s.GetToken() acquired a token for scope %q", credNameAzureCLI, strings.Join(opts.Scopes, ", "))
 	log.Write(EventAuthentication, msg)
 	return at, nil
 }
 
-var defaultTokenProvider azureCLITokenProvider = func(ctx context.Context, resource string, tenantID string) ([]byte, error) {
-	match, err := regexp.MatchString("^[0-9a-zA-Z-.:/]+$", resource)
-	if err != nil {
-		return nil, err
-	}
-	if !match {
-		return nil, fmt.Errorf(`%s: unexpected scope "%s". Only alphanumeric characters and ".", ";", "-", and "/" are allowed`, credNameAzureCLI, resource)
-	}
-
+// defaultAzTokenProvider invokes the Azure CLI to acquire a token. It assumes
+// callers have verified that all string arguments are safe to pass to the CLI.
+var defaultAzTokenProvider azTokenProvider = func(ctx context.Context, scopes []string, tenantID, subscription string) ([]byte, error) {
+	// pass the CLI a Microsoft Entra ID v1 resource because we don't know which CLI version is installed and older ones don't support v2 scopes
+	resource := strings.TrimSuffix(scopes[0], defaultSuffix)
 	// set a default timeout for this authentication iff the application hasn't done so already
 	var cancel context.CancelFunc
 	if _, hasDeadline := ctx.Deadline(); !hasDeadline {
-		ctx, cancel = context.WithTimeout(ctx, timeoutCLIRequest)
+		ctx, cancel = context.WithTimeout(ctx, cliTimeout)
 		defer cancel()
 	}
-
 	commandLine := "az account get-access-token -o json --resource " + resource
 	if tenantID != "" {
 		commandLine += " --tenant " + tenantID
 	}
+	if subscription != "" {
+		// subscription needs quotes because it may contain spaces
+		commandLine += ` --subscription "` + subscription + `"`
+	}
 	var cliCmd *exec.Cmd
 	if runtime.GOOS == "windows" {
 		dir := os.Getenv("SYSTEMROOT")
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/azure_developer_cli_credential.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/azure_developer_cli_credential.go
new file mode 100644
index 00000000000..cbe7c4c2db1
--- /dev/null
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/azure_developer_cli_credential.go
@@ -0,0 +1,169 @@
+//go:build go1.18
+// +build go1.18
+
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+package azidentity
+
+import (
+	"bytes"
+	"context"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"os"
+	"os/exec"
+	"runtime"
+	"strings"
+	"sync"
+	"time"
+
+	"github.com/Azure/azure-sdk-for-go/sdk/azcore"
+	"github.com/Azure/azure-sdk-for-go/sdk/azcore/policy"
+	"github.com/Azure/azure-sdk-for-go/sdk/internal/log"
+)
+
+const credNameAzureDeveloperCLI = "AzureDeveloperCLICredential"
+
+type azdTokenProvider func(ctx context.Context, scopes []string, tenant string) ([]byte, error)
+
+// AzureDeveloperCLICredentialOptions contains optional parameters for AzureDeveloperCLICredential.
+type AzureDeveloperCLICredentialOptions struct {
+	// AdditionallyAllowedTenants specifies tenants for which the credential may acquire tokens, in addition
+	// to TenantID. Add the wildcard value "*" to allow the credential to acquire tokens for any tenant the
+	// logged in account can access.
+	AdditionallyAllowedTenants []string
+
+	// TenantID identifies the tenant the credential should authenticate in. Defaults to the azd environment,
+	// which is the tenant of the selected Azure subscription.
+	TenantID string
+
+	// inDefaultChain is true when the credential is part of DefaultAzureCredential
+	inDefaultChain bool
+	// tokenProvider is used by tests to fake invoking azd
+	tokenProvider azdTokenProvider
+}
+
+// AzureDeveloperCLICredential authenticates as the identity logged in to the [Azure Developer CLI].
+//
+// [Azure Developer CLI]: https://learn.microsoft.com/azure/developer/azure-developer-cli/overview
+type AzureDeveloperCLICredential struct {
+	mu   *sync.Mutex
+	opts AzureDeveloperCLICredentialOptions
+}
+
+// NewAzureDeveloperCLICredential constructs an AzureDeveloperCLICredential. Pass nil to accept default options.
+func NewAzureDeveloperCLICredential(options *AzureDeveloperCLICredentialOptions) (*AzureDeveloperCLICredential, error) {
+	cp := AzureDeveloperCLICredentialOptions{}
+	if options != nil {
+		cp = *options
+	}
+	if cp.TenantID != "" && !validTenantID(cp.TenantID) {
+		return nil, errInvalidTenantID
+	}
+	if cp.tokenProvider == nil {
+		cp.tokenProvider = defaultAzdTokenProvider
+	}
+	return &AzureDeveloperCLICredential{mu: &sync.Mutex{}, opts: cp}, nil
+}
+
+// GetToken requests a token from the Azure Developer CLI. This credential doesn't cache tokens, so every call invokes azd.
+// This method is called automatically by Azure SDK clients.
+func (c *AzureDeveloperCLICredential) GetToken(ctx context.Context, opts policy.TokenRequestOptions) (azcore.AccessToken, error) {
+	at := azcore.AccessToken{}
+	if len(opts.Scopes) == 0 {
+		return at, errors.New(credNameAzureDeveloperCLI + ": GetToken() requires at least one scope")
+	}
+	for _, scope := range opts.Scopes {
+		if !validScope(scope) {
+			return at, fmt.Errorf("%s.GetToken(): invalid scope %q", credNameAzureDeveloperCLI, scope)
+		}
+	}
+	tenant, err := resolveTenant(c.opts.TenantID, opts.TenantID, credNameAzureDeveloperCLI, c.opts.AdditionallyAllowedTenants)
+	if err != nil {
+		return at, err
+	}
+	c.mu.Lock()
+	defer c.mu.Unlock()
+	b, err := c.opts.tokenProvider(ctx, opts.Scopes, tenant)
+	if err == nil {
+		at, err = c.createAccessToken(b)
+	}
+	if err != nil {
+		err = unavailableIfInChain(err, c.opts.inDefaultChain)
+		return at, err
+	}
+	msg := fmt.Sprintf("%s.GetToken() acquired a token for scope %q", credNameAzureDeveloperCLI, strings.Join(opts.Scopes, ", "))
+	log.Write(EventAuthentication, msg)
+	return at, nil
+}
+
+// defaultAzTokenProvider invokes the Azure Developer CLI to acquire a token. It assumes
+// callers have verified that all string arguments are safe to pass to the CLI.
+var defaultAzdTokenProvider azdTokenProvider = func(ctx context.Context, scopes []string, tenant string) ([]byte, error) {
+	// set a default timeout for this authentication iff the application hasn't done so already
+	var cancel context.CancelFunc
+	if _, hasDeadline := ctx.Deadline(); !hasDeadline {
+		ctx, cancel = context.WithTimeout(ctx, cliTimeout)
+		defer cancel()
+	}
+	commandLine := "azd auth token -o json"
+	if tenant != "" {
+		commandLine += " --tenant-id " + tenant
+	}
+	for _, scope := range scopes {
+		commandLine += " --scope " + scope
+	}
+	var cliCmd *exec.Cmd
+	if runtime.GOOS == "windows" {
+		dir := os.Getenv("SYSTEMROOT")
+		if dir == "" {
+			return nil, newCredentialUnavailableError(credNameAzureDeveloperCLI, "environment variable 'SYSTEMROOT' has no value")
+		}
+		cliCmd = exec.CommandContext(ctx, "cmd.exe", "/c", commandLine)
+		cliCmd.Dir = dir
+	} else {
+		cliCmd = exec.CommandContext(ctx, "/bin/sh", "-c", commandLine)
+		cliCmd.Dir = "/bin"
+	}
+	cliCmd.Env = os.Environ()
+	var stderr bytes.Buffer
+	cliCmd.Stderr = &stderr
+	output, err := cliCmd.Output()
+	if err != nil {
+		msg := stderr.String()
+		var exErr *exec.ExitError
+		if errors.As(err, &exErr) && exErr.ExitCode() == 127 || strings.HasPrefix(msg, "'azd' is not recognized") {
+			msg = "Azure Developer CLI not found on path"
+		} else if strings.Contains(msg, "azd auth login") {
+			msg = `please run "azd auth login" from a command prompt to authenticate before using this credential`
+		}
+		if msg == "" {
+			msg = err.Error()
+		}
+		return nil, newCredentialUnavailableError(credNameAzureDeveloperCLI, msg)
+	}
+	return output, nil
+}
+
+func (c *AzureDeveloperCLICredential) createAccessToken(tk []byte) (azcore.AccessToken, error) {
+	t := struct {
+		AccessToken string `json:"token"`
+		ExpiresOn   string `json:"expiresOn"`
+	}{}
+	err := json.Unmarshal(tk, &t)
+	if err != nil {
+		return azcore.AccessToken{}, err
+	}
+	exp, err := time.Parse("2006-01-02T15:04:05Z", t.ExpiresOn)
+	if err != nil {
+		return azcore.AccessToken{}, fmt.Errorf("error parsing token expiration time %q: %v", t.ExpiresOn, err)
+	}
+	return azcore.AccessToken{
+		ExpiresOn: exp.UTC(),
+		Token:     t.AccessToken,
+	}, nil
+}
+
+var _ azcore.TokenCredential = (*AzureDeveloperCLICredential)(nil)
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/ci.yml b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/ci.yml
index 9002ea0b050..d077682c5c2 100644
--- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/ci.yml
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/ci.yml
@@ -25,6 +25,7 @@ stages:
 - template: /eng/pipelines/templates/jobs/archetype-sdk-client.yml
   parameters:
     RunLiveTests: true
+    UsePipelineProxy: false
     ServiceDirectory: 'azidentity'
     CloudConfig:
       Public:
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/client_assertion_credential.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/client_assertion_credential.go
index 303d5fc0925..fc3df68eb19 100644
--- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/client_assertion_credential.go
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/client_assertion_credential.go
@@ -12,6 +12,7 @@ import (
 
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore"
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore/policy"
+	"github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime"
 	"github.com/AzureAD/microsoft-authentication-library-for-go/apps/confidential"
 )
 
@@ -20,9 +21,9 @@ const credNameAssertion = "ClientAssertionCredential"
 // ClientAssertionCredential authenticates an application with assertions provided by a callback function.
 // This credential is for advanced scenarios. [ClientCertificateCredential] has a more convenient API for
 // the most common assertion scenario, authenticating a service principal with a certificate. See
-// [Azure AD documentation] for details of the assertion format.
+// [Microsoft Entra ID documentation] for details of the assertion format.
 //
-// [Azure AD documentation]: https://docs.microsoft.com/azure/active-directory/develop/active-directory-certificate-credentials#assertion-format
+// [Microsoft Entra ID documentation]: https://learn.microsoft.com/azure/active-directory/develop/active-directory-certificate-credentials#assertion-format
 type ClientAssertionCredential struct {
 	client *confidentialClient
 }
@@ -35,11 +36,15 @@ type ClientAssertionCredentialOptions struct {
 	// Add the wildcard value "*" to allow the credential to acquire tokens for any tenant in which the
 	// application is registered.
 	AdditionallyAllowedTenants []string
+
 	// DisableInstanceDiscovery should be set true only by applications authenticating in disconnected clouds, or
-	// private clouds such as Azure Stack. It determines whether the credential requests Azure AD instance metadata
+	// private clouds such as Azure Stack. It determines whether the credential requests Microsoft Entra instance metadata
 	// from https://login.microsoft.com before authenticating. Setting this to true will skip this request, making
 	// the application responsible for ensuring the configured authority is valid and trustworthy.
 	DisableInstanceDiscovery bool
+
+	// tokenCachePersistenceOptions enables persistent token caching when not nil.
+	tokenCachePersistenceOptions *tokenCachePersistenceOptions
 }
 
 // NewClientAssertionCredential constructs a ClientAssertionCredential. The getAssertion function must be thread safe. Pass nil for options to accept defaults.
@@ -56,9 +61,10 @@ func NewClientAssertionCredential(tenantID, clientID string, getAssertion func(c
 		},
 	)
 	msalOpts := confidentialClientOptions{
-		AdditionallyAllowedTenants: options.AdditionallyAllowedTenants,
-		ClientOptions:              options.ClientOptions,
-		DisableInstanceDiscovery:   options.DisableInstanceDiscovery,
+		AdditionallyAllowedTenants:   options.AdditionallyAllowedTenants,
+		ClientOptions:                options.ClientOptions,
+		DisableInstanceDiscovery:     options.DisableInstanceDiscovery,
+		tokenCachePersistenceOptions: options.tokenCachePersistenceOptions,
 	}
 	c, err := newConfidentialClient(tenantID, clientID, credNameAssertion, cred, msalOpts)
 	if err != nil {
@@ -67,9 +73,13 @@ func NewClientAssertionCredential(tenantID, clientID string, getAssertion func(c
 	return &ClientAssertionCredential{client: c}, nil
 }
 
-// GetToken requests an access token from Azure Active Directory. This method is called automatically by Azure SDK clients.
+// GetToken requests an access token from Microsoft Entra ID. This method is called automatically by Azure SDK clients.
 func (c *ClientAssertionCredential) GetToken(ctx context.Context, opts policy.TokenRequestOptions) (azcore.AccessToken, error) {
-	return c.client.GetToken(ctx, opts)
+	var err error
+	ctx, endSpan := runtime.StartSpan(ctx, credNameAssertion+"."+traceOpGetToken, c.client.azClient.Tracer(), nil)
+	defer func() { endSpan(err) }()
+	tk, err := c.client.GetToken(ctx, opts)
+	return tk, err
 }
 
 var _ azcore.TokenCredential = (*ClientAssertionCredential)(nil)
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/client_certificate_credential.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/client_certificate_credential.go
index d3300e3053b..607533f486e 100644
--- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/client_certificate_credential.go
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/client_certificate_credential.go
@@ -15,6 +15,7 @@ import (
 
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore"
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore/policy"
+	"github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime"
 	"github.com/AzureAD/microsoft-authentication-library-for-go/apps/confidential"
 	"golang.org/x/crypto/pkcs12"
 )
@@ -29,15 +30,20 @@ type ClientCertificateCredentialOptions struct {
 	// Add the wildcard value "*" to allow the credential to acquire tokens for any tenant in which the
 	// application is registered.
 	AdditionallyAllowedTenants []string
+
 	// DisableInstanceDiscovery should be set true only by applications authenticating in disconnected clouds, or
-	// private clouds such as Azure Stack. It determines whether the credential requests Azure AD instance metadata
+	// private clouds such as Azure Stack. It determines whether the credential requests Microsoft Entra instance metadata
 	// from https://login.microsoft.com before authenticating. Setting this to true will skip this request, making
 	// the application responsible for ensuring the configured authority is valid and trustworthy.
 	DisableInstanceDiscovery bool
+
 	// SendCertificateChain controls whether the credential sends the public certificate chain in the x5c
 	// header of each token request's JWT. This is required for Subject Name/Issuer (SNI) authentication.
 	// Defaults to False.
 	SendCertificateChain bool
+
+	// tokenCachePersistenceOptions enables persistent token caching when not nil.
+	tokenCachePersistenceOptions *tokenCachePersistenceOptions
 }
 
 // ClientCertificateCredential authenticates a service principal with a certificate.
@@ -58,10 +64,11 @@ func NewClientCertificateCredential(tenantID string, clientID string, certs []*x
 		return nil, err
 	}
 	msalOpts := confidentialClientOptions{
-		AdditionallyAllowedTenants: options.AdditionallyAllowedTenants,
-		ClientOptions:              options.ClientOptions,
-		DisableInstanceDiscovery:   options.DisableInstanceDiscovery,
-		SendX5C:                    options.SendCertificateChain,
+		AdditionallyAllowedTenants:   options.AdditionallyAllowedTenants,
+		ClientOptions:                options.ClientOptions,
+		DisableInstanceDiscovery:     options.DisableInstanceDiscovery,
+		SendX5C:                      options.SendCertificateChain,
+		tokenCachePersistenceOptions: options.tokenCachePersistenceOptions,
 	}
 	c, err := newConfidentialClient(tenantID, clientID, credNameCert, cred, msalOpts)
 	if err != nil {
@@ -70,9 +77,13 @@ func NewClientCertificateCredential(tenantID string, clientID string, certs []*x
 	return &ClientCertificateCredential{client: c}, nil
 }
 
-// GetToken requests an access token from Azure Active Directory. This method is called automatically by Azure SDK clients.
+// GetToken requests an access token from Microsoft Entra ID. This method is called automatically by Azure SDK clients.
 func (c *ClientCertificateCredential) GetToken(ctx context.Context, opts policy.TokenRequestOptions) (azcore.AccessToken, error) {
-	return c.client.GetToken(ctx, opts)
+	var err error
+	ctx, endSpan := runtime.StartSpan(ctx, credNameCert+"."+traceOpGetToken, c.client.azClient.Tracer(), nil)
+	defer func() { endSpan(err) }()
+	tk, err := c.client.GetToken(ctx, opts)
+	return tk, err
 }
 
 // ParseCertificates loads certificates and a private key, in PEM or PKCS12 format, for use with NewClientCertificateCredential.
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/client_secret_credential.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/client_secret_credential.go
index d2ff7582b99..9e6772e9b80 100644
--- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/client_secret_credential.go
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/client_secret_credential.go
@@ -11,6 +11,7 @@ import (
 
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore"
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore/policy"
+	"github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime"
 	"github.com/AzureAD/microsoft-authentication-library-for-go/apps/confidential"
 )
 
@@ -24,11 +25,15 @@ type ClientSecretCredentialOptions struct {
 	// Add the wildcard value "*" to allow the credential to acquire tokens for any tenant in which the
 	// application is registered.
 	AdditionallyAllowedTenants []string
+
 	// DisableInstanceDiscovery should be set true only by applications authenticating in disconnected clouds, or
-	// private clouds such as Azure Stack. It determines whether the credential requests Azure AD instance metadata
+	// private clouds such as Azure Stack. It determines whether the credential requests Microsoft Entra instance metadata
 	// from https://login.microsoft.com before authenticating. Setting this to true will skip this request, making
 	// the application responsible for ensuring the configured authority is valid and trustworthy.
 	DisableInstanceDiscovery bool
+
+	// tokenCachePersistenceOptions enables persistent token caching when not nil.
+	tokenCachePersistenceOptions *tokenCachePersistenceOptions
 }
 
 // ClientSecretCredential authenticates an application with a client secret.
@@ -46,20 +51,25 @@ func NewClientSecretCredential(tenantID string, clientID string, clientSecret st
 		return nil, err
 	}
 	msalOpts := confidentialClientOptions{
-		AdditionallyAllowedTenants: options.AdditionallyAllowedTenants,
-		ClientOptions:              options.ClientOptions,
-		DisableInstanceDiscovery:   options.DisableInstanceDiscovery,
+		AdditionallyAllowedTenants:   options.AdditionallyAllowedTenants,
+		ClientOptions:                options.ClientOptions,
+		DisableInstanceDiscovery:     options.DisableInstanceDiscovery,
+		tokenCachePersistenceOptions: options.tokenCachePersistenceOptions,
 	}
 	c, err := newConfidentialClient(tenantID, clientID, credNameSecret, cred, msalOpts)
 	if err != nil {
 		return nil, err
 	}
-	return &ClientSecretCredential{c}, nil
+	return &ClientSecretCredential{client: c}, nil
 }
 
-// GetToken requests an access token from Azure Active Directory. This method is called automatically by Azure SDK clients.
+// GetToken requests an access token from Microsoft Entra ID. This method is called automatically by Azure SDK clients.
 func (c *ClientSecretCredential) GetToken(ctx context.Context, opts policy.TokenRequestOptions) (azcore.AccessToken, error) {
-	return c.client.GetToken(ctx, opts)
+	var err error
+	ctx, endSpan := runtime.StartSpan(ctx, credNameSecret+"."+traceOpGetToken, c.client.azClient.Tracer(), nil)
+	defer func() { endSpan(err) }()
+	tk, err := c.client.GetToken(ctx, opts)
+	return tk, err
 }
 
 var _ azcore.TokenCredential = (*ClientSecretCredential)(nil)
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/confidential_client.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/confidential_client.go
index 4853a9a0095..854267bdbfd 100644
--- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/confidential_client.go
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/confidential_client.go
@@ -10,6 +10,7 @@ import (
 	"context"
 	"errors"
 	"fmt"
+	"net/http"
 	"os"
 	"strings"
 	"sync"
@@ -17,6 +18,7 @@ import (
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore"
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore/policy"
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime"
+	"github.com/Azure/azure-sdk-for-go/sdk/azidentity/internal"
 	"github.com/Azure/azure-sdk-for-go/sdk/internal/log"
 	"github.com/AzureAD/microsoft-authentication-library-for-go/apps/confidential"
 )
@@ -28,6 +30,7 @@ type confidentialClientOptions struct {
 	// Assertion for on-behalf-of authentication
 	Assertion                         string
 	DisableInstanceDiscovery, SendX5C bool
+	tokenCachePersistenceOptions      *tokenCachePersistenceOptions
 }
 
 // confidentialClient wraps the MSAL confidential client
@@ -40,6 +43,7 @@ type confidentialClient struct {
 	name                     string
 	opts                     confidentialClientOptions
 	region                   string
+	azClient                 *azcore.Client
 }
 
 func newConfidentialClient(tenantID, clientID, name string, cred confidential.Credential, opts confidentialClientOptions) (*confidentialClient, error) {
@@ -50,6 +54,14 @@ func newConfidentialClient(tenantID, clientID, name string, cred confidential.Cr
 	if err != nil {
 		return nil, err
 	}
+	client, err := azcore.NewClient(module, version, runtime.PipelineOptions{
+		Tracing: runtime.TracingOptions{
+			Namespace: traceNamespace,
+		},
+	}, &opts.ClientOptions)
+	if err != nil {
+		return nil, err
+	}
 	opts.AdditionallyAllowedTenants = resolveAdditionalTenants(opts.AdditionallyAllowedTenants)
 	return &confidentialClient{
 		caeMu:    &sync.Mutex{},
@@ -62,6 +74,7 @@ func newConfidentialClient(tenantID, clientID, name string, cred confidential.Cr
 		opts:     opts,
 		region:   os.Getenv(azureRegionalAuthorityName),
 		tenantID: tenantID,
+		azClient: client,
 	}, nil
 }
 
@@ -132,10 +145,15 @@ func (c *confidentialClient) client(ctx context.Context, tro policy.TokenRequest
 }
 
 func (c *confidentialClient) newMSALClient(enableCAE bool) (msalConfidentialClient, error) {
+	cache, err := internal.NewCache(c.opts.tokenCachePersistenceOptions, enableCAE)
+	if err != nil {
+		return nil, err
+	}
 	authority := runtime.JoinPaths(c.host, c.tenantID)
 	o := []confidential.Option{
 		confidential.WithAzureRegion(c.region),
-		confidential.WithHTTPClient(newPipelineAdapter(&c.opts.ClientOptions)),
+		confidential.WithCache(cache),
+		confidential.WithHTTPClient(c),
 	}
 	if enableCAE {
 		o = append(o, confidential.WithClientCapabilities(cp1))
@@ -149,8 +167,18 @@ func (c *confidentialClient) newMSALClient(enableCAE bool) (msalConfidentialClie
 	return confidential.New(authority, c.clientID, c.cred, o...)
 }
 
-// resolveTenant returns the correct tenant for a token request given the client's
+// resolveTenant returns the correct WithTenantID() argument for a token request given the client's
 // configuration, or an error when that configuration doesn't allow the specified tenant
 func (c *confidentialClient) resolveTenant(specified string) (string, error) {
 	return resolveTenant(c.tenantID, specified, c.name, c.opts.AdditionallyAllowedTenants)
 }
+
+// these methods satisfy the MSAL ops.HTTPClient interface
+
+func (c *confidentialClient) CloseIdleConnections() {
+	// do nothing
+}
+
+func (c *confidentialClient) Do(r *http.Request) (*http.Response, error) {
+	return doForClient(c.azClient, r)
+}
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/default_azure_credential.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/default_azure_credential.go
index 7647c60b1cb..35aeef86747 100644
--- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/default_azure_credential.go
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/default_azure_credential.go
@@ -30,7 +30,7 @@ type DefaultAzureCredentialOptions struct {
 	// set as a semicolon delimited list of tenants in the environment variable AZURE_ADDITIONALLY_ALLOWED_TENANTS.
 	AdditionallyAllowedTenants []string
 	// DisableInstanceDiscovery should be set true only by applications authenticating in disconnected clouds, or
-	// private clouds such as Azure Stack. It determines whether the credential requests Azure AD instance metadata
+	// private clouds such as Azure Stack. It determines whether the credential requests Microsoft Entra instance metadata
 	// from https://login.microsoft.com before authenticating. Setting this to true will skip this request, making
 	// the application responsible for ensuring the configured authority is valid and trustworthy.
 	DisableInstanceDiscovery bool
@@ -49,6 +49,7 @@ type DefaultAzureCredentialOptions struct {
 //     more control over its configuration.
 //   - [ManagedIdentityCredential]
 //   - [AzureCLICredential]
+//   - [AzureDeveloperCLICredential]
 //
 // Consult the documentation for these credential types for more information on how they authenticate.
 // Once a credential has successfully authenticated, DefaultAzureCredential will use that credential for
@@ -117,6 +118,17 @@ func NewDefaultAzureCredential(options *DefaultAzureCredentialOptions) (*Default
 		creds = append(creds, &defaultCredentialErrorReporter{credType: credNameAzureCLI, err: err})
 	}
 
+	azdCred, err := NewAzureDeveloperCLICredential(&AzureDeveloperCLICredentialOptions{
+		AdditionallyAllowedTenants: additionalTenants,
+		TenantID:                   options.TenantID,
+	})
+	if err == nil {
+		creds = append(creds, azdCred)
+	} else {
+		errorMessages = append(errorMessages, credNameAzureDeveloperCLI+": "+err.Error())
+		creds = append(creds, &defaultCredentialErrorReporter{credType: credNameAzureDeveloperCLI, err: err})
+	}
+
 	if len(errorMessages) > 0 {
 		log.Writef(EventAuthentication, "NewDefaultAzureCredential failed to initialize some credentials:\n\t%s", strings.Join(errorMessages, "\n\t"))
 	}
@@ -129,7 +141,7 @@ func NewDefaultAzureCredential(options *DefaultAzureCredentialOptions) (*Default
 	return &DefaultAzureCredential{chain: chain}, nil
 }
 
-// GetToken requests an access token from Azure Active Directory. This method is called automatically by Azure SDK clients.
+// GetToken requests an access token from Microsoft Entra ID. This method is called automatically by Azure SDK clients.
 func (c *DefaultAzureCredential) GetToken(ctx context.Context, opts policy.TokenRequestOptions) (azcore.AccessToken, error) {
 	return c.chain.GetToken(ctx, opts)
 }
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/developer_credential_util.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/developer_credential_util.go
new file mode 100644
index 00000000000..d8b952f532e
--- /dev/null
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/developer_credential_util.go
@@ -0,0 +1,38 @@
+//go:build go1.18
+// +build go1.18
+
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+package azidentity
+
+import (
+	"errors"
+	"time"
+)
+
+// cliTimeout is the default timeout for authentication attempts via CLI tools
+const cliTimeout = 10 * time.Second
+
+// unavailableIfInChain returns err or, if the credential was invoked by DefaultAzureCredential, a
+// credentialUnavailableError having the same message. This ensures DefaultAzureCredential will try
+// the next credential in its chain (another developer credential).
+func unavailableIfInChain(err error, inDefaultChain bool) error {
+	if err != nil && inDefaultChain {
+		var unavailableErr *credentialUnavailableError
+		if !errors.As(err, &unavailableErr) {
+			err = newCredentialUnavailableError(credNameAzureDeveloperCLI, err.Error())
+		}
+	}
+	return err
+}
+
+// validScope is for credentials authenticating via external tools. The authority validates scopes for all other credentials.
+func validScope(scope string) bool {
+	for _, r := range scope {
+		if !(alphanumeric(r) || r == '.' || r == '-' || r == '_' || r == '/' || r == ':') {
+			return false
+		}
+	}
+	return true
+}
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/device_code_credential.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/device_code_credential.go
index d245c269a76..1b7a283703a 100644
--- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/device_code_credential.go
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/device_code_credential.go
@@ -12,6 +12,7 @@ import (
 
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore"
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore/policy"
+	"github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime"
 )
 
 const credNameDeviceCode = "DeviceCodeCredential"
@@ -23,19 +24,34 @@ type DeviceCodeCredentialOptions struct {
 	// AdditionallyAllowedTenants specifies additional tenants for which the credential may acquire
 	// tokens. Add the wildcard value "*" to allow the credential to acquire tokens for any tenant.
 	AdditionallyAllowedTenants []string
+
+	// authenticationRecord returned by a call to a credential's Authenticate method. Set this option
+	// to enable the credential to use data from a previous authentication.
+	authenticationRecord authenticationRecord
+
 	// ClientID is the ID of the application users will authenticate to.
 	// Defaults to the ID of an Azure development application.
 	ClientID string
+
+	// disableAutomaticAuthentication prevents the credential from automatically prompting the user to authenticate.
+	// When this option is true, [DeviceCodeCredential.GetToken] will return [ErrAuthenticationRequired] when user
+	// interaction is necessary to acquire a token.
+	disableAutomaticAuthentication bool
+
 	// DisableInstanceDiscovery should be set true only by applications authenticating in disconnected clouds, or
-	// private clouds such as Azure Stack. It determines whether the credential requests Azure AD instance metadata
+	// private clouds such as Azure Stack. It determines whether the credential requests Microsoft Entra instance metadata
 	// from https://login.microsoft.com before authenticating. Setting this to true will skip this request, making
 	// the application responsible for ensuring the configured authority is valid and trustworthy.
 	DisableInstanceDiscovery bool
-	// TenantID is the Azure Active Directory tenant the credential authenticates in. Defaults to the
+
+	// TenantID is the Microsoft Entra tenant the credential authenticates in. Defaults to the
 	// "organizations" tenant, which can authenticate work and school accounts. Required for single-tenant
 	// applications.
 	TenantID string
 
+	// tokenCachePersistenceOptions enables persistent token caching when not nil.
+	tokenCachePersistenceOptions *tokenCachePersistenceOptions
+
 	// UserPrompt controls how the credential presents authentication instructions. The credential calls
 	// this function with authentication details when it receives a device code. By default, the credential
 	// prints these details to stdout.
@@ -63,14 +79,14 @@ type DeviceCodeMessage struct {
 	UserCode string `json:"user_code"`
 	// VerificationURL is the URL at which the user must authenticate.
 	VerificationURL string `json:"verification_uri"`
-	// Message is user instruction from Azure Active Directory.
+	// Message is user instruction from Microsoft Entra ID.
 	Message string `json:"message"`
 }
 
 // DeviceCodeCredential acquires tokens for a user via the device code flow, which has the
-// user browse to an Azure Active Directory URL, enter a code, and authenticate. It's useful
+// user browse to a Microsoft Entra URL, enter a code, and authenticate. It's useful
 // for authenticating a user in an environment without a web browser, such as an SSH session.
-// If a web browser is available, InteractiveBrowserCredential is more convenient because it
+// If a web browser is available, [InteractiveBrowserCredential] is more convenient because it
 // automatically opens a browser to the login page.
 type DeviceCodeCredential struct {
 	client *publicClient
@@ -84,10 +100,13 @@ func NewDeviceCodeCredential(options *DeviceCodeCredentialOptions) (*DeviceCodeC
 	}
 	cp.init()
 	msalOpts := publicClientOptions{
-		AdditionallyAllowedTenants: cp.AdditionallyAllowedTenants,
-		ClientOptions:              cp.ClientOptions,
-		DeviceCodePrompt:           cp.UserPrompt,
-		DisableInstanceDiscovery:   cp.DisableInstanceDiscovery,
+		AdditionallyAllowedTenants:     cp.AdditionallyAllowedTenants,
+		ClientOptions:                  cp.ClientOptions,
+		DeviceCodePrompt:               cp.UserPrompt,
+		DisableAutomaticAuthentication: cp.disableAutomaticAuthentication,
+		DisableInstanceDiscovery:       cp.DisableInstanceDiscovery,
+		Record:                         cp.authenticationRecord,
+		TokenCachePersistenceOptions:   cp.tokenCachePersistenceOptions,
 	}
 	c, err := newPublicClient(cp.TenantID, cp.ClientID, credNameDeviceCode, msalOpts)
 	if err != nil {
@@ -97,10 +116,23 @@ func NewDeviceCodeCredential(options *DeviceCodeCredentialOptions) (*DeviceCodeC
 	return &DeviceCodeCredential{client: c}, nil
 }
 
-// GetToken requests an access token from Azure Active Directory. It will begin the device code flow and poll until the user completes authentication.
+// Authenticate a user via the device code flow. Subsequent calls to GetToken will automatically use the returned AuthenticationRecord.
+func (c *DeviceCodeCredential) authenticate(ctx context.Context, opts *policy.TokenRequestOptions) (authenticationRecord, error) {
+	var err error
+	ctx, endSpan := runtime.StartSpan(ctx, credNameDeviceCode+"."+traceOpAuthenticate, c.client.azClient.Tracer(), nil)
+	defer func() { endSpan(err) }()
+	tk, err := c.client.Authenticate(ctx, opts)
+	return tk, err
+}
+
+// GetToken requests an access token from Microsoft Entra ID. It will begin the device code flow and poll until the user completes authentication.
 // This method is called automatically by Azure SDK clients.
 func (c *DeviceCodeCredential) GetToken(ctx context.Context, opts policy.TokenRequestOptions) (azcore.AccessToken, error) {
-	return c.client.GetToken(ctx, opts)
+	var err error
+	ctx, endSpan := runtime.StartSpan(ctx, credNameDeviceCode+"."+traceOpGetToken, c.client.azClient.Tracer(), nil)
+	defer func() { endSpan(err) }()
+	tk, err := c.client.GetToken(ctx, opts)
+	return tk, err
 }
 
 var _ azcore.TokenCredential = (*DeviceCodeCredential)(nil)
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/environment_credential.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/environment_credential.go
index 7ecd928e024..42f84875e23 100644
--- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/environment_credential.go
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/environment_credential.go
@@ -25,7 +25,7 @@ type EnvironmentCredentialOptions struct {
 	azcore.ClientOptions
 
 	// DisableInstanceDiscovery should be set true only by applications authenticating in disconnected clouds, or
-	// private clouds such as Azure Stack. It determines whether the credential requests Azure AD instance metadata
+	// private clouds such as Azure Stack. It determines whether the credential requests Microsoft Entra instance metadata
 	// from https://login.microsoft.com before authenticating. Setting this to true will skip this request, making
 	// the application responsible for ensuring the configured authority is valid and trustworthy.
 	DisableInstanceDiscovery bool
@@ -156,7 +156,7 @@ func NewEnvironmentCredential(options *EnvironmentCredentialOptions) (*Environme
 	return nil, errors.New("incomplete environment variable configuration. Only AZURE_TENANT_ID and AZURE_CLIENT_ID are set")
 }
 
-// GetToken requests an access token from Azure Active Directory. This method is called automatically by Azure SDK clients.
+// GetToken requests an access token from Microsoft Entra ID. This method is called automatically by Azure SDK clients.
 func (c *EnvironmentCredential) GetToken(ctx context.Context, opts policy.TokenRequestOptions) (azcore.AccessToken, error) {
 	return c.cred.GetToken(ctx, opts)
 }
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/errors.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/errors.go
index e1a21e0030a..335d2b7dcf2 100644
--- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/errors.go
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/errors.go
@@ -18,6 +18,10 @@ import (
 	msal "github.com/AzureAD/microsoft-authentication-library-for-go/apps/errors"
 )
 
+// errAuthenticationRequired indicates a credential's Authenticate method must be called to acquire a token
+// because user interaction is required and the credential is configured not to automatically prompt the user.
+var errAuthenticationRequired error = &credentialUnavailableError{"can't acquire a token without user interaction. Call Authenticate to interactively authenticate a user"}
+
 // getResponseFromError retrieves the response carried by
 // an AuthenticationFailedError or MSAL CallErr, if any
 func getResponseFromError(err error) *http.Response {
@@ -53,7 +57,13 @@ func (e *AuthenticationFailedError) Error() string {
 	}
 	msg := &bytes.Buffer{}
 	fmt.Fprintf(msg, e.credType+" authentication failed\n")
-	fmt.Fprintf(msg, "%s %s://%s%s\n", e.RawResponse.Request.Method, e.RawResponse.Request.URL.Scheme, e.RawResponse.Request.URL.Host, e.RawResponse.Request.URL.Path)
+	if e.RawResponse.Request != nil {
+		fmt.Fprintf(msg, "%s %s://%s%s\n", e.RawResponse.Request.Method, e.RawResponse.Request.URL.Scheme, e.RawResponse.Request.URL.Host, e.RawResponse.Request.URL.Path)
+	} else {
+		// this happens when the response is created from a custom HTTP transporter,
+		// which doesn't guarantee to bind the original request to the response
+		fmt.Fprintln(msg, "Request information not available")
+	}
 	fmt.Fprintln(msg, "--------------------------------------------------------------------------------")
 	fmt.Fprintf(msg, "RESPONSE %s\n", e.RawResponse.Status)
 	fmt.Fprintln(msg, "--------------------------------------------------------------------------------")
@@ -74,6 +84,8 @@ func (e *AuthenticationFailedError) Error() string {
 	switch e.credType {
 	case credNameAzureCLI:
 		anchor = "azure-cli"
+	case credNameAzureDeveloperCLI:
+		anchor = "azd"
 	case credNameCert:
 		anchor = "client-cert"
 	case credNameSecret:
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/go.work b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/go.work
new file mode 100644
index 00000000000..04ea962b422
--- /dev/null
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/go.work
@@ -0,0 +1,6 @@
+go 1.18
+
+use (
+	.
+	./cache
+)
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/go.work.sum b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/go.work.sum
new file mode 100644
index 00000000000..7cd86b0019e
--- /dev/null
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/go.work.sum
@@ -0,0 +1,39 @@
+github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.0-beta.1 h1:ODs3brnqQM99Tq1PffODpAViYv3Bf8zOg464MU7p5ew=
+github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.0-beta.1/go.mod h1:3Ug6Qzto9anB6mGlEdgYMDF5zHQ+wwhEaYR4s17PHMw=
+github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.0 h1:fb8kj/Dh4CSwgsOzHeZY4Xh68cFVbzXx+ONXGMY//4w=
+github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.0/go.mod h1:uReU2sSxZExRPBAg3qKzmAucSi51+SP1OhohieR821Q=
+github.com/Azure/azure-sdk-for-go/sdk/internal v1.3.0/go.mod h1:okt5dMMTOFjX/aovMlrjvvXoPMBVSPzk9185BT0+eZM=
+github.com/AzureAD/microsoft-authentication-library-for-go v1.2.1 h1:DzHpqpoJVaCgOUdVHxE8QB52S6NiVdDQvGlny1qvPqA=
+github.com/AzureAD/microsoft-authentication-library-for-go v1.2.1/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI=
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
+github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
+github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
+github.com/montanaflynn/stats v0.7.0/go.mod h1:etXPPgVO6n31NxCd9KQUMvCM+ve0ruNzt6R8Bnaayow=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
+github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
+github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
+golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc=
+golang.org/x/crypto v0.16.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4=
+golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
+golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
+golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
+golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk=
+golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/term v0.7.0/go.mod h1:P32HKFT3hSsZrRxla30E9HqToFYAQPCMs/zFMBUFqPY=
+golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo=
+golang.org/x/term v0.10.0/go.mod h1:lpqdcUyK/oCiQxvxVrppt5ggO2KCZ5QblwqPnfZ6d5o=
+golang.org/x/term v0.11.0/go.mod h1:zC9APTIj3jG3FdV/Ons+XE1riIZXG4aZ4GTHiPZJPIU=
+golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU=
+golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U=
+golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0=
+golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
+golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
+gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/interactive_browser_credential.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/interactive_browser_credential.go
index 08f3efbf3ec..bd829698375 100644
--- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/interactive_browser_credential.go
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/interactive_browser_credential.go
@@ -11,6 +11,7 @@ import (
 
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore"
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore/policy"
+	"github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime"
 )
 
 const credNameBrowser = "InteractiveBrowserCredential"
@@ -22,26 +23,40 @@ type InteractiveBrowserCredentialOptions struct {
 	// AdditionallyAllowedTenants specifies additional tenants for which the credential may acquire
 	// tokens. Add the wildcard value "*" to allow the credential to acquire tokens for any tenant.
 	AdditionallyAllowedTenants []string
+
+	// authenticationRecord returned by a call to a credential's Authenticate method. Set this option
+	// to enable the credential to use data from a previous authentication.
+	authenticationRecord authenticationRecord
+
 	// ClientID is the ID of the application users will authenticate to.
 	// Defaults to the ID of an Azure development application.
 	ClientID string
 
+	// disableAutomaticAuthentication prevents the credential from automatically prompting the user to authenticate.
+	// When this option is true, [InteractiveBrowserCredential.GetToken] will return [ErrAuthenticationRequired] when
+	// user interaction is necessary to acquire a token.
+	disableAutomaticAuthentication bool
+
 	// DisableInstanceDiscovery should be set true only by applications authenticating in disconnected clouds, or
-	// private clouds such as Azure Stack. It determines whether the credential requests Azure AD instance metadata
+	// private clouds such as Azure Stack. It determines whether the credential requests Microsoft Entra instance metadata
 	// from https://login.microsoft.com before authenticating. Setting this to true will skip this request, making
 	// the application responsible for ensuring the configured authority is valid and trustworthy.
 	DisableInstanceDiscovery bool
 
 	// LoginHint pre-populates the account prompt with a username. Users may choose to authenticate a different account.
 	LoginHint string
-	// RedirectURL is the URL Azure Active Directory will redirect to with the access token. This is required
+
+	// RedirectURL is the URL Microsoft Entra ID will redirect to with the access token. This is required
 	// only when setting ClientID, and must match a redirect URI in the application's registration.
 	// Applications which have registered "http://localhost" as a redirect URI need not set this option.
 	RedirectURL string
 
-	// TenantID is the Azure Active Directory tenant the credential authenticates in. Defaults to the
+	// TenantID is the Microsoft Entra tenant the credential authenticates in. Defaults to the
 	// "organizations" tenant, which can authenticate work and school accounts.
 	TenantID string
+
+	// tokenCachePersistenceOptions enables persistent token caching when not nil.
+	tokenCachePersistenceOptions *tokenCachePersistenceOptions
 }
 
 func (o *InteractiveBrowserCredentialOptions) init() {
@@ -66,10 +81,14 @@ func NewInteractiveBrowserCredential(options *InteractiveBrowserCredentialOption
 	}
 	cp.init()
 	msalOpts := publicClientOptions{
-		ClientOptions:            cp.ClientOptions,
-		DisableInstanceDiscovery: cp.DisableInstanceDiscovery,
-		LoginHint:                cp.LoginHint,
-		RedirectURL:              cp.RedirectURL,
+		AdditionallyAllowedTenants:     cp.AdditionallyAllowedTenants,
+		ClientOptions:                  cp.ClientOptions,
+		DisableAutomaticAuthentication: cp.disableAutomaticAuthentication,
+		DisableInstanceDiscovery:       cp.DisableInstanceDiscovery,
+		LoginHint:                      cp.LoginHint,
+		Record:                         cp.authenticationRecord,
+		RedirectURL:                    cp.RedirectURL,
+		TokenCachePersistenceOptions:   cp.tokenCachePersistenceOptions,
 	}
 	c, err := newPublicClient(cp.TenantID, cp.ClientID, credNameBrowser, msalOpts)
 	if err != nil {
@@ -78,9 +97,22 @@ func NewInteractiveBrowserCredential(options *InteractiveBrowserCredentialOption
 	return &InteractiveBrowserCredential{client: c}, nil
 }
 
-// GetToken requests an access token from Azure Active Directory. This method is called automatically by Azure SDK clients.
+// Authenticate a user via the default browser. Subsequent calls to GetToken will automatically use the returned AuthenticationRecord.
+func (c *InteractiveBrowserCredential) authenticate(ctx context.Context, opts *policy.TokenRequestOptions) (authenticationRecord, error) {
+	var err error
+	ctx, endSpan := runtime.StartSpan(ctx, credNameBrowser+"."+traceOpAuthenticate, c.client.azClient.Tracer(), nil)
+	defer func() { endSpan(err) }()
+	tk, err := c.client.Authenticate(ctx, opts)
+	return tk, err
+}
+
+// GetToken requests an access token from Microsoft Entra ID. This method is called automatically by Azure SDK clients.
 func (c *InteractiveBrowserCredential) GetToken(ctx context.Context, opts policy.TokenRequestOptions) (azcore.AccessToken, error) {
-	return c.client.GetToken(ctx, opts)
+	var err error
+	ctx, endSpan := runtime.StartSpan(ctx, credNameBrowser+"."+traceOpGetToken, c.client.azClient.Tracer(), nil)
+	defer func() { endSpan(err) }()
+	tk, err := c.client.GetToken(ctx, opts)
+	return tk, err
 }
 
 var _ azcore.TokenCredential = (*InteractiveBrowserCredential)(nil)
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/internal/exported.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/internal/exported.go
new file mode 100644
index 00000000000..b1b4d5c8bd3
--- /dev/null
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/internal/exported.go
@@ -0,0 +1,18 @@
+//go:build go1.18
+// +build go1.18
+
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+package internal
+
+// TokenCachePersistenceOptions contains options for persistent token caching
+type TokenCachePersistenceOptions struct {
+	// AllowUnencryptedStorage controls whether the cache should fall back to storing its data in plain text
+	// when encryption isn't possible. Setting this true doesn't disable encryption. The cache always attempts
+	// encryption before falling back to plaintext storage.
+	AllowUnencryptedStorage bool
+
+	// Name identifies the cache. Set this to isolate data from other applications.
+	Name string
+}
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/internal/internal.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/internal/internal.go
new file mode 100644
index 00000000000..c1498b46447
--- /dev/null
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/internal/internal.go
@@ -0,0 +1,31 @@
+//go:build go1.18
+// +build go1.18
+
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+package internal
+
+import (
+	"errors"
+
+	"github.com/AzureAD/microsoft-authentication-library-for-go/apps/cache"
+)
+
+var errMissingImport = errors.New("import github.com/Azure/azure-sdk-for-go/sdk/azidentity/cache to enable persistent caching")
+
+// NewCache constructs a persistent token cache when "o" isn't nil. Applications that intend to
+// use a persistent cache must first import the cache module, which will replace this function
+// with a platform-specific implementation.
+var NewCache = func(o *TokenCachePersistenceOptions, enableCAE bool) (cache.ExportReplace, error) {
+	if o == nil {
+		return nil, nil
+	}
+	return nil, errMissingImport
+}
+
+// CacheFilePath returns the path to the cache file for the given name.
+// Defining it in this package makes it available to azidentity tests.
+var CacheFilePath = func(name string) (string, error) {
+	return "", errMissingImport
+}
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/managed_identity_client.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/managed_identity_client.go
index fdc3c1f6776..7c25cb8bdd5 100644
--- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/managed_identity_client.go
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/managed_identity_client.go
@@ -28,12 +28,14 @@ import (
 
 const (
 	arcIMDSEndpoint          = "IMDS_ENDPOINT"
+	defaultIdentityClientID  = "DEFAULT_IDENTITY_CLIENT_ID"
 	identityEndpoint         = "IDENTITY_ENDPOINT"
 	identityHeader           = "IDENTITY_HEADER"
 	identityServerThumbprint = "IDENTITY_SERVER_THUMBPRINT"
 	headerMetadata           = "Metadata"
 	imdsEndpoint             = "http://169.254.169.254/metadata/identity/oauth2/token"
 	msiEndpoint              = "MSI_ENDPOINT"
+	msiSecret                = "MSI_SECRET"
 	imdsAPIVersion           = "2018-02-01"
 	azureArcAPIVersion       = "2019-08-15"
 	serviceFabricAPIVersion  = "2019-07-01-preview"
@@ -47,6 +49,7 @@ type msiType int
 const (
 	msiTypeAppService msiType = iota
 	msiTypeAzureArc
+	msiTypeAzureML
 	msiTypeCloudShell
 	msiTypeIMDS
 	msiTypeServiceFabric
@@ -55,7 +58,7 @@ const (
 // managedIdentityClient provides the base for authenticating in managed identity environments
 // This type includes an runtime.Pipeline and TokenCredentialOptions.
 type managedIdentityClient struct {
-	pipeline runtime.Pipeline
+	azClient *azcore.Client
 	msiType  msiType
 	endpoint string
 	id       ManagedIDKind
@@ -135,13 +138,27 @@ func newManagedIdentityClient(options *ManagedIdentityCredentialOptions) (*manag
 			c.msiType = msiTypeAzureArc
 		}
 	} else if endpoint, ok := os.LookupEnv(msiEndpoint); ok {
-		env = "Cloud Shell"
 		c.endpoint = endpoint
-		c.msiType = msiTypeCloudShell
+		if _, ok := os.LookupEnv(msiSecret); ok {
+			env = "Azure ML"
+			c.msiType = msiTypeAzureML
+		} else {
+			env = "Cloud Shell"
+			c.msiType = msiTypeCloudShell
+		}
 	} else {
 		setIMDSRetryOptionDefaults(&cp.Retry)
 	}
-	c.pipeline = runtime.NewPipeline(component, version, runtime.PipelineOptions{}, &cp)
+
+	client, err := azcore.NewClient(module, version, runtime.PipelineOptions{
+		Tracing: runtime.TracingOptions{
+			Namespace: traceNamespace,
+		},
+	}, &cp)
+	if err != nil {
+		return nil, err
+	}
+	c.azClient = client
 
 	if log.Should(EventAuthentication) {
 		log.Writef(EventAuthentication, "Managed Identity Credential will use %s managed identity", env)
@@ -168,7 +185,7 @@ func (c *managedIdentityClient) authenticate(ctx context.Context, id ManagedIDKi
 		return azcore.AccessToken{}, err
 	}
 
-	resp, err := c.pipeline.Do(msg)
+	resp, err := c.azClient.Pipeline().Do(msg)
 	if err != nil {
 		return azcore.AccessToken{}, newAuthenticationFailedError(credNameManagedIdentity, err.Error(), nil, err)
 	}
@@ -247,6 +264,8 @@ func (c *managedIdentityClient) createAuthRequest(ctx context.Context, id Manage
 			return nil, newAuthenticationFailedError(credNameManagedIdentity, msg, nil, err)
 		}
 		return c.createAzureArcAuthRequest(ctx, id, scopes, key)
+	case msiTypeAzureML:
+		return c.createAzureMLAuthRequest(ctx, id, scopes)
 	case msiTypeServiceFabric:
 		return c.createServiceFabricAuthRequest(ctx, id, scopes)
 	case msiTypeCloudShell:
@@ -296,6 +315,29 @@ func (c *managedIdentityClient) createAppServiceAuthRequest(ctx context.Context,
 	return request, nil
 }
 
+func (c *managedIdentityClient) createAzureMLAuthRequest(ctx context.Context, id ManagedIDKind, scopes []string) (*policy.Request, error) {
+	request, err := runtime.NewRequest(ctx, http.MethodGet, c.endpoint)
+	if err != nil {
+		return nil, err
+	}
+	request.Raw().Header.Set("secret", os.Getenv(msiSecret))
+	q := request.Raw().URL.Query()
+	q.Add("api-version", "2017-09-01")
+	q.Add("resource", strings.Join(scopes, " "))
+	q.Add("clientid", os.Getenv(defaultIdentityClientID))
+	if id != nil {
+		if id.idKind() == miResourceID {
+			log.Write(EventAuthentication, "WARNING: Azure ML doesn't support specifying a managed identity by resource ID")
+			q.Set("clientid", "")
+			q.Set(qpResID, id.String())
+		} else {
+			q.Set("clientid", id.String())
+		}
+	}
+	request.Raw().URL.RawQuery = q.Encode()
+	return request, nil
+}
+
 func (c *managedIdentityClient) createServiceFabricAuthRequest(ctx context.Context, id ManagedIDKind, scopes []string) (*policy.Request, error) {
 	request, err := runtime.NewRequest(ctx, http.MethodGet, c.endpoint)
 	if err != nil {
@@ -330,7 +372,7 @@ func (c *managedIdentityClient) getAzureArcSecretKey(ctx context.Context, resour
 	q.Add("resource", strings.Join(resources, " "))
 	request.Raw().URL.RawQuery = q.Encode()
 	// send the initial request to get the short-lived secret key
-	response, err := c.pipeline.Do(request)
+	response, err := c.azClient.Pipeline().Do(request)
 	if err != nil {
 		return "", err
 	}
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/managed_identity_credential.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/managed_identity_credential.go
index 35c5e6725cd..dcd278befa1 100644
--- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/managed_identity_credential.go
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/managed_identity_credential.go
@@ -13,6 +13,7 @@ import (
 
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore"
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore/policy"
+	"github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime"
 	"github.com/AzureAD/microsoft-authentication-library-for-go/apps/confidential"
 )
 
@@ -67,8 +68,8 @@ type ManagedIdentityCredentialOptions struct {
 
 // ManagedIdentityCredential authenticates an Azure managed identity in any hosting environment supporting managed identities.
 // This credential authenticates a system-assigned identity by default. Use ManagedIdentityCredentialOptions.ID to specify a
-// user-assigned identity. See Azure Active Directory documentation for more information about managed identities:
-// https://docs.microsoft.com/azure/active-directory/managed-identities-azure-resources/overview
+// user-assigned identity. See Microsoft Entra ID documentation for more information about managed identities:
+// https://learn.microsoft.com/azure/active-directory/managed-identities-azure-resources/overview
 type ManagedIdentityCredential struct {
 	client *confidentialClient
 	mic    *managedIdentityClient
@@ -92,7 +93,9 @@ func NewManagedIdentityCredential(options *ManagedIdentityCredentialOptions) (*M
 		clientID = options.ID.String()
 	}
 	// similarly, it's okay to give MSAL an incorrect tenant because MSAL won't use the value
-	c, err := newConfidentialClient("common", clientID, credNameManagedIdentity, cred, confidentialClientOptions{})
+	c, err := newConfidentialClient("common", clientID, credNameManagedIdentity, cred, confidentialClientOptions{
+		ClientOptions: options.ClientOptions,
+	})
 	if err != nil {
 		return nil, err
 	}
@@ -101,13 +104,18 @@ func NewManagedIdentityCredential(options *ManagedIdentityCredentialOptions) (*M
 
 // GetToken requests an access token from the hosting environment. This method is called automatically by Azure SDK clients.
 func (c *ManagedIdentityCredential) GetToken(ctx context.Context, opts policy.TokenRequestOptions) (azcore.AccessToken, error) {
+	var err error
+	ctx, endSpan := runtime.StartSpan(ctx, credNameManagedIdentity+"."+traceOpGetToken, c.client.azClient.Tracer(), nil)
+	defer func() { endSpan(err) }()
+
 	if len(opts.Scopes) != 1 {
-		err := fmt.Errorf("%s.GetToken() requires exactly one scope", credNameManagedIdentity)
+		err = fmt.Errorf("%s.GetToken() requires exactly one scope", credNameManagedIdentity)
 		return azcore.AccessToken{}, err
 	}
-	// managed identity endpoints require an AADv1 resource (i.e. token audience), not a v2 scope, so we remove "/.default" here
+	// managed identity endpoints require a Microsoft Entra ID v1 resource (i.e. token audience), not a v2 scope, so we remove "/.default" here
 	opts.Scopes = []string{strings.TrimSuffix(opts.Scopes[0], defaultSuffix)}
-	return c.client.GetToken(ctx, opts)
+	tk, err := c.client.GetToken(ctx, opts)
+	return tk, err
 }
 
 var _ azcore.TokenCredential = (*ManagedIdentityCredential)(nil)
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/on_behalf_of_credential.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/on_behalf_of_credential.go
index 2b360b681df..5e67cf02145 100644
--- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/on_behalf_of_credential.go
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/on_behalf_of_credential.go
@@ -13,6 +13,7 @@ import (
 
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore"
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore/policy"
+	"github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime"
 	"github.com/AzureAD/microsoft-authentication-library-for-go/apps/confidential"
 )
 
@@ -21,9 +22,9 @@ const credNameOBO = "OnBehalfOfCredential"
 // OnBehalfOfCredential authenticates a service principal via the on-behalf-of flow. This is typically used by
 // middle-tier services that authorize requests to other services with a delegated user identity. Because this
 // is not an interactive authentication flow, an application using it must have admin consent for any delegated
-// permissions before requesting tokens for them. See [Azure Active Directory documentation] for more details.
+// permissions before requesting tokens for them. See [Microsoft Entra ID documentation] for more details.
 //
-// [Azure Active Directory documentation]: https://docs.microsoft.com/azure/active-directory/develop/v2-oauth2-on-behalf-of-flow
+// [Microsoft Entra ID documentation]: https://learn.microsoft.com/azure/active-directory/develop/v2-oauth2-on-behalf-of-flow
 type OnBehalfOfCredential struct {
 	client *confidentialClient
 }
@@ -36,11 +37,13 @@ type OnBehalfOfCredentialOptions struct {
 	// Add the wildcard value "*" to allow the credential to acquire tokens for any tenant in which the
 	// application is registered.
 	AdditionallyAllowedTenants []string
+
 	// DisableInstanceDiscovery should be set true only by applications authenticating in disconnected clouds, or
-	// private clouds such as Azure Stack. It determines whether the credential requests Azure AD instance metadata
+	// private clouds such as Azure Stack. It determines whether the credential requests Microsoft Entra instance metadata
 	// from https://login.microsoft.com before authenticating. Setting this to true will skip this request, making
 	// the application responsible for ensuring the configured authority is valid and trustworthy.
 	DisableInstanceDiscovery bool
+
 	// SendCertificateChain applies only when the credential is configured to authenticate with a certificate.
 	// This setting controls whether the credential sends the public certificate chain in the x5c header of each
 	// token request's JWT. This is required for, and only used in, Subject Name/Issuer (SNI) authentication.
@@ -84,9 +87,13 @@ func newOnBehalfOfCredential(tenantID, clientID, userAssertion string, cred conf
 	return &OnBehalfOfCredential{c}, nil
 }
 
-// GetToken requests an access token from Azure Active Directory. This method is called automatically by Azure SDK clients.
+// GetToken requests an access token from Microsoft Entra ID. This method is called automatically by Azure SDK clients.
 func (o *OnBehalfOfCredential) GetToken(ctx context.Context, opts policy.TokenRequestOptions) (azcore.AccessToken, error) {
-	return o.client.GetToken(ctx, opts)
+	var err error
+	ctx, endSpan := runtime.StartSpan(ctx, credNameOBO+"."+traceOpGetToken, o.client.azClient.Tracer(), nil)
+	defer func() { endSpan(err) }()
+	tk, err := o.client.GetToken(ctx, opts)
+	return tk, err
 }
 
 var _ azcore.TokenCredential = (*OnBehalfOfCredential)(nil)
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/public_client.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/public_client.go
index 6512d3e25fd..63c31190d18 100644
--- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/public_client.go
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/public_client.go
@@ -8,38 +8,52 @@ package azidentity
 
 import (
 	"context"
+	"errors"
 	"fmt"
+	"net/http"
 	"strings"
 	"sync"
 
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore"
+	"github.com/Azure/azure-sdk-for-go/sdk/azcore/cloud"
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore/policy"
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime"
+	"github.com/Azure/azure-sdk-for-go/sdk/azidentity/internal"
 	"github.com/Azure/azure-sdk-for-go/sdk/internal/log"
 	"github.com/AzureAD/microsoft-authentication-library-for-go/apps/public"
+
+	// this import ensures well-known configurations in azcore/cloud have ARM audiences for Authenticate()
+	_ "github.com/Azure/azure-sdk-for-go/sdk/azcore/arm/runtime"
 )
 
 type publicClientOptions struct {
 	azcore.ClientOptions
 
-	AdditionallyAllowedTenants []string
-	DeviceCodePrompt           func(context.Context, DeviceCodeMessage) error
-	DisableInstanceDiscovery   bool
-	LoginHint, RedirectURL     string
-	Username, Password         string
+	AdditionallyAllowedTenants     []string
+	DeviceCodePrompt               func(context.Context, DeviceCodeMessage) error
+	DisableAutomaticAuthentication bool
+	DisableInstanceDiscovery       bool
+	LoginHint, RedirectURL         string
+	Record                         authenticationRecord
+	TokenCachePersistenceOptions   *tokenCachePersistenceOptions
+	Username, Password             string
 }
 
 // publicClient wraps the MSAL public client
 type publicClient struct {
-	account                  public.Account
 	cae, noCAE               msalPublicClient
 	caeMu, noCAEMu, clientMu *sync.Mutex
 	clientID, tenantID       string
+	defaultScope             []string
 	host                     string
 	name                     string
 	opts                     publicClientOptions
+	record                   authenticationRecord
+	azClient                 *azcore.Client
 }
 
+var errScopeRequired = errors.New("authenticating in this environment requires specifying a scope in TokenRequestOptions")
+
 func newPublicClient(tenantID, clientID, name string, o publicClientOptions) (*publicClient, error) {
 	if !validTenantID(tenantID) {
 		return nil, errInvalidTenantID
@@ -48,19 +62,76 @@ func newPublicClient(tenantID, clientID, name string, o publicClientOptions) (*p
 	if err != nil {
 		return nil, err
 	}
+	// if the application specified a cloud configuration, use its ARM audience as the default scope for Authenticate()
+	audience := o.Cloud.Services[cloud.ResourceManager].Audience
+	if audience == "" {
+		// no cloud configuration, or no ARM audience, specified; try to map the host to a well-known one (all of which have a trailing slash)
+		if !strings.HasSuffix(host, "/") {
+			host += "/"
+		}
+		switch host {
+		case cloud.AzureChina.ActiveDirectoryAuthorityHost:
+			audience = cloud.AzureChina.Services[cloud.ResourceManager].Audience
+		case cloud.AzureGovernment.ActiveDirectoryAuthorityHost:
+			audience = cloud.AzureGovernment.Services[cloud.ResourceManager].Audience
+		case cloud.AzurePublic.ActiveDirectoryAuthorityHost:
+			audience = cloud.AzurePublic.Services[cloud.ResourceManager].Audience
+		}
+	}
+	// if we didn't come up with an audience, the application will have to specify a scope for Authenticate()
+	var defaultScope []string
+	if audience != "" {
+		defaultScope = []string{audience + defaultSuffix}
+	}
+	client, err := azcore.NewClient(module, version, runtime.PipelineOptions{
+		Tracing: runtime.TracingOptions{
+			Namespace: traceNamespace,
+		},
+	}, &o.ClientOptions)
+	if err != nil {
+		return nil, err
+	}
 	o.AdditionallyAllowedTenants = resolveAdditionalTenants(o.AdditionallyAllowedTenants)
 	return &publicClient{
-		caeMu:    &sync.Mutex{},
-		clientID: clientID,
-		clientMu: &sync.Mutex{},
-		host:     host,
-		name:     name,
-		noCAEMu:  &sync.Mutex{},
-		opts:     o,
-		tenantID: tenantID,
+		caeMu:        &sync.Mutex{},
+		clientID:     clientID,
+		clientMu:     &sync.Mutex{},
+		defaultScope: defaultScope,
+		host:         host,
+		name:         name,
+		noCAEMu:      &sync.Mutex{},
+		opts:         o,
+		record:       o.Record,
+		tenantID:     tenantID,
+		azClient:     client,
 	}, nil
 }
 
+func (p *publicClient) Authenticate(ctx context.Context, tro *policy.TokenRequestOptions) (authenticationRecord, error) {
+	if tro == nil {
+		tro = &policy.TokenRequestOptions{}
+	}
+	if len(tro.Scopes) == 0 {
+		if p.defaultScope == nil {
+			return authenticationRecord{}, errScopeRequired
+		}
+		tro.Scopes = p.defaultScope
+	}
+	client, mu, err := p.client(*tro)
+	if err != nil {
+		return authenticationRecord{}, err
+	}
+	mu.Lock()
+	defer mu.Unlock()
+	_, err = p.reqToken(ctx, client, *tro)
+	if err == nil {
+		scope := strings.Join(tro.Scopes, ", ")
+		msg := fmt.Sprintf("%s.Authenticate() acquired a token for scope %q", p.name, scope)
+		log.Write(EventAuthentication, msg)
+	}
+	return p.record, err
+}
+
 // GetToken requests an access token from MSAL, checking the cache first.
 func (p *publicClient) GetToken(ctx context.Context, tro policy.TokenRequestOptions) (azcore.AccessToken, error) {
 	if len(tro.Scopes) < 1 {
@@ -76,10 +147,13 @@ func (p *publicClient) GetToken(ctx context.Context, tro policy.TokenRequestOpti
 	}
 	mu.Lock()
 	defer mu.Unlock()
-	ar, err := client.AcquireTokenSilent(ctx, tro.Scopes, public.WithSilentAccount(p.account), public.WithClaims(tro.Claims), public.WithTenantID(tenant))
+	ar, err := client.AcquireTokenSilent(ctx, tro.Scopes, public.WithSilentAccount(p.record.account()), public.WithClaims(tro.Claims), public.WithTenantID(tenant))
 	if err == nil {
 		return p.token(ar, err)
 	}
+	if p.opts.DisableAutomaticAuthentication {
+		return azcore.AccessToken{}, errAuthenticationRequired
+	}
 	at, err := p.reqToken(ctx, client, tro)
 	if err == nil {
 		msg := fmt.Sprintf("%s.GetToken() acquired a token for scope %q", p.name, strings.Join(ar.GrantedScopes, ", "))
@@ -148,9 +222,14 @@ func (p *publicClient) client(tro policy.TokenRequestOptions) (msalPublicClient,
 }
 
 func (p *publicClient) newMSALClient(enableCAE bool) (msalPublicClient, error) {
+	cache, err := internal.NewCache(p.opts.TokenCachePersistenceOptions, enableCAE)
+	if err != nil {
+		return nil, err
+	}
 	o := []public.Option{
 		public.WithAuthority(runtime.JoinPaths(p.host, p.tenantID)),
-		public.WithHTTPClient(newPipelineAdapter(&p.opts.ClientOptions)),
+		public.WithCache(cache),
+		public.WithHTTPClient(p),
 	}
 	if enableCAE {
 		o = append(o, public.WithClientCapabilities(cp1))
@@ -163,7 +242,7 @@ func (p *publicClient) newMSALClient(enableCAE bool) (msalPublicClient, error) {
 
 func (p *publicClient) token(ar public.AuthResult, err error) (azcore.AccessToken, error) {
 	if err == nil {
-		p.account = ar.Account
+		p.record, err = newAuthenticationRecord(ar)
 	} else {
 		res := getResponseFromError(err)
 		err = newAuthenticationFailedError(p.name, err.Error(), res, err)
@@ -171,8 +250,24 @@ func (p *publicClient) token(ar public.AuthResult, err error) (azcore.AccessToke
 	return azcore.AccessToken{Token: ar.AccessToken, ExpiresOn: ar.ExpiresOn.UTC()}, err
 }
 
-// resolveTenant returns the correct tenant for a token request given the client's
+// resolveTenant returns the correct WithTenantID() argument for a token request given the client's
 // configuration, or an error when that configuration doesn't allow the specified tenant
 func (p *publicClient) resolveTenant(specified string) (string, error) {
-	return resolveTenant(p.tenantID, specified, p.name, p.opts.AdditionallyAllowedTenants)
+	t, err := resolveTenant(p.tenantID, specified, p.name, p.opts.AdditionallyAllowedTenants)
+	if t == p.tenantID {
+		// callers pass this value to MSAL's WithTenantID(). There's no need to redundantly specify
+		// the client's default tenant and doing so is an error when that tenant is "organizations"
+		t = ""
+	}
+	return t, err
+}
+
+// these methods satisfy the MSAL ops.HTTPClient interface
+
+func (p *publicClient) CloseIdleConnections() {
+	// do nothing
+}
+
+func (p *publicClient) Do(r *http.Request) (*http.Response, error) {
+	return doForClient(p.azClient, r)
 }
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/username_password_credential.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/username_password_credential.go
index f787ec0ce18..294ed81e951 100644
--- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/username_password_credential.go
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/username_password_credential.go
@@ -11,6 +11,7 @@ import (
 
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore"
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore/policy"
+	"github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime"
 )
 
 const credNameUserPassword = "UsernamePasswordCredential"
@@ -23,11 +24,19 @@ type UsernamePasswordCredentialOptions struct {
 	// Add the wildcard value "*" to allow the credential to acquire tokens for any tenant in which the
 	// application is registered.
 	AdditionallyAllowedTenants []string
+
+	// authenticationRecord returned by a call to a credential's Authenticate method. Set this option
+	// to enable the credential to use data from a previous authentication.
+	authenticationRecord authenticationRecord
+
 	// DisableInstanceDiscovery should be set true only by applications authenticating in disconnected clouds, or
-	// private clouds such as Azure Stack. It determines whether the credential requests Azure AD instance metadata
+	// private clouds such as Azure Stack. It determines whether the credential requests Microsoft Entra instance metadata
 	// from https://login.microsoft.com before authenticating. Setting this to true will skip this request, making
 	// the application responsible for ensuring the configured authority is valid and trustworthy.
 	DisableInstanceDiscovery bool
+
+	// tokenCachePersistenceOptions enables persistent token caching when not nil.
+	tokenCachePersistenceOptions *tokenCachePersistenceOptions
 }
 
 // UsernamePasswordCredential authenticates a user with a password. Microsoft doesn't recommend this kind of authentication,
@@ -45,11 +54,13 @@ func NewUsernamePasswordCredential(tenantID string, clientID string, username st
 		options = &UsernamePasswordCredentialOptions{}
 	}
 	opts := publicClientOptions{
-		AdditionallyAllowedTenants: options.AdditionallyAllowedTenants,
-		ClientOptions:              options.ClientOptions,
-		DisableInstanceDiscovery:   options.DisableInstanceDiscovery,
-		Password:                   password,
-		Username:                   username,
+		AdditionallyAllowedTenants:   options.AdditionallyAllowedTenants,
+		ClientOptions:                options.ClientOptions,
+		DisableInstanceDiscovery:     options.DisableInstanceDiscovery,
+		Password:                     password,
+		Record:                       options.authenticationRecord,
+		TokenCachePersistenceOptions: options.tokenCachePersistenceOptions,
+		Username:                     username,
 	}
 	c, err := newPublicClient(tenantID, clientID, credNameUserPassword, opts)
 	if err != nil {
@@ -58,9 +69,22 @@ func NewUsernamePasswordCredential(tenantID string, clientID string, username st
 	return &UsernamePasswordCredential{client: c}, err
 }
 
-// GetToken requests an access token from Azure Active Directory. This method is called automatically by Azure SDK clients.
+// Authenticate the user. Subsequent calls to GetToken will automatically use the returned AuthenticationRecord.
+func (c *UsernamePasswordCredential) authenticate(ctx context.Context, opts *policy.TokenRequestOptions) (authenticationRecord, error) {
+	var err error
+	ctx, endSpan := runtime.StartSpan(ctx, credNameUserPassword+"."+traceOpAuthenticate, c.client.azClient.Tracer(), nil)
+	defer func() { endSpan(err) }()
+	tk, err := c.client.Authenticate(ctx, opts)
+	return tk, err
+}
+
+// GetToken requests an access token from Microsoft Entra ID. This method is called automatically by Azure SDK clients.
 func (c *UsernamePasswordCredential) GetToken(ctx context.Context, opts policy.TokenRequestOptions) (azcore.AccessToken, error) {
-	return c.client.GetToken(ctx, opts)
+	var err error
+	ctx, endSpan := runtime.StartSpan(ctx, credNameUserPassword+"."+traceOpGetToken, c.client.azClient.Tracer(), nil)
+	defer func() { endSpan(err) }()
+	tk, err := c.client.GetToken(ctx, opts)
+	return tk, err
 }
 
 var _ azcore.TokenCredential = (*UsernamePasswordCredential)(nil)
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/version.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/version.go
index 65e74e31e3b..e8caeea71ef 100644
--- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/version.go
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/version.go
@@ -10,6 +10,9 @@ const (
 	// UserAgent is the string to be used in the user agent string when making requests.
 	component = "azidentity"
 
+	// module is the fully qualified name of the module used in telemetry and distributed tracing.
+	module = "github.com/Azure/azure-sdk-for-go/sdk/" + component
+
 	// Version is the semantic version (see http://semver.org) of this module.
-	version = "v1.4.0"
+	version = "v1.5.1"
 )
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/workload_identity.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/workload_identity.go
index 7e016324d22..3e43e788e93 100644
--- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/workload_identity.go
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/workload_identity.go
@@ -15,6 +15,7 @@ import (
 
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore"
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore/policy"
+	"github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime"
 )
 
 const credNameWorkloadIdentity = "WorkloadIdentityCredential"
@@ -41,7 +42,7 @@ type WorkloadIdentityCredentialOptions struct {
 	// ClientID of the service principal. Defaults to the value of the environment variable AZURE_CLIENT_ID.
 	ClientID string
 	// DisableInstanceDiscovery should be set true only by applications authenticating in disconnected clouds, or
-	// private clouds such as Azure Stack. It determines whether the credential requests Azure AD instance metadata
+	// private clouds such as Azure Stack. It determines whether the credential requests Microsoft Entra instance metadata
 	// from https://login.microsoft.com before authenticating. Setting this to true will skip this request, making
 	// the application responsible for ensuring the configured authority is valid and trustworthy.
 	DisableInstanceDiscovery bool
@@ -93,9 +94,13 @@ func NewWorkloadIdentityCredential(options *WorkloadIdentityCredentialOptions) (
 	return &w, nil
 }
 
-// GetToken requests an access token from Azure Active Directory. Azure SDK clients call this method automatically.
+// GetToken requests an access token from Microsoft Entra ID. Azure SDK clients call this method automatically.
 func (w *WorkloadIdentityCredential) GetToken(ctx context.Context, opts policy.TokenRequestOptions) (azcore.AccessToken, error) {
-	return w.cred.GetToken(ctx, opts)
+	var err error
+	ctx, endSpan := runtime.StartSpan(ctx, credNameWorkloadIdentity+"."+traceOpGetToken, w.cred.client.azClient.Tracer(), nil)
+	defer func() { endSpan(err) }()
+	tk, err := w.cred.GetToken(ctx, opts)
+	return tk, err
 }
 
 // getAssertion returns the specified file's content, which is expected to be a Kubernetes service account token.
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/messaging/azservicebus/CHANGELOG.md b/vendor/github.com/Azure/azure-sdk-for-go/sdk/messaging/azservicebus/CHANGELOG.md
index e4a0bfb42d2..724b45d30ee 100644
--- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/messaging/azservicebus/CHANGELOG.md
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/messaging/azservicebus/CHANGELOG.md
@@ -1,5 +1,16 @@
 # Release History
 
+## 1.6.0 (2024-01-17)
+
+### Features Added
+
+- ReceiverOptions.TimeAfterFirstMessage lets you configure the amount of time, after the first message in a batch is received, before we return messages. (PR#22154)
+
+### Bugs Fixed
+
+- Settling a message (using CompleteMessage, AbandonMessage, etc..) on a different Receiver instance than you received on no 
+  longer leaks memory. (PR#22253)
+
 ## 1.5.0 (2023-10-10)
 
 ### Features Added
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/messaging/azservicebus/ci.yml b/vendor/github.com/Azure/azure-sdk-for-go/sdk/messaging/azservicebus/ci.yml
index 27fdec284d4..21b98cc1a28 100644
--- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/messaging/azservicebus/ci.yml
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/messaging/azservicebus/ci.yml
@@ -26,7 +26,21 @@ stages:
   parameters:
     ServiceDirectory: 'messaging/azservicebus'
     RunLiveTests: true
-    SupportedClouds: 'Public,UsGov,China'
+    # SupportedClouds: 'Public,UsGov,China'
+    SupportedClouds: 'China'
+    CloudConfig:
+      Public:
+        SubscriptionConfiguration: $(sub-config-azure-cloud-test-resources)
+      UsGov:
+        SubscriptionConfiguration: $(sub-config-gov-test-resources)
+      China:
+        SubscriptionConfiguration: $(sub-config-cn-test-resources)
+        MatrixReplace:
+          # Use dedicated pool with regional affinity to China cloud
+          - Pool=(.*)-general/$1-asia
+        MatrixFilters:
+          - Pool=.*mms-ubuntu-2004.*
+          - GoVersion=1.18.10
     EnvVars:
       AZURE_CLIENT_ID: $(AZSERVICEBUS_CLIENT_ID)
       AZURE_TENANT_ID: $(AZSERVICEBUS_TENANT_ID)
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/messaging/azservicebus/client.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/messaging/azservicebus/client.go
index d79cf0bbf10..ed3f389ac20 100644
--- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/messaging/azservicebus/client.go
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/messaging/azservicebus/client.go
@@ -232,7 +232,7 @@ func (client *Client) NewSender(queueOrTopic string, options *NewSenderOptions)
 
 // AcceptSessionForQueue accepts a session from a queue with a specific session ID.
 // NOTE: this receiver is initialized immediately, not lazily.
-// If the operation fails it can return an *azservicebus.Error type if the failure is actionable.
+// If the operation fails it can return an [*azservicebus.Error] type if the failure is actionable.
 func (client *Client) AcceptSessionForQueue(ctx context.Context, queueName string, sessionID string, options *SessionReceiverOptions) (*SessionReceiver, error) {
 	id, cleanupOnClose := client.getCleanupForCloseable()
 	sessionReceiver, err := newSessionReceiver(
@@ -259,7 +259,7 @@ func (client *Client) AcceptSessionForQueue(ctx context.Context, queueName strin
 
 // AcceptSessionForSubscription accepts a session from a subscription with a specific session ID.
 // NOTE: this receiver is initialized immediately, not lazily.
-// If the operation fails it can return an *azservicebus.Error type if the failure is actionable.
+// If the operation fails it can return an [*azservicebus.Error] type if the failure is actionable.
 func (client *Client) AcceptSessionForSubscription(ctx context.Context, topicName string, subscriptionName string, sessionID string, options *SessionReceiverOptions) (*SessionReceiver, error) {
 	id, cleanupOnClose := client.getCleanupForCloseable()
 	sessionReceiver, err := newSessionReceiver(
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/messaging/azservicebus/internal/constants.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/messaging/azservicebus/internal/constants.go
index 2f025c6fb98..6cd83e6ca08 100644
--- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/messaging/azservicebus/internal/constants.go
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/messaging/azservicebus/internal/constants.go
@@ -4,4 +4,4 @@
 package internal
 
 // Version is the semantic version number
-const Version = "v1.5.0"
+const Version = "v1.6.0"
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/messaging/azservicebus/migrationguide.md b/vendor/github.com/Azure/azure-sdk-for-go/sdk/messaging/azservicebus/migrationguide.md
index 5679e5ce550..5453f8914c4 100644
--- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/messaging/azservicebus/migrationguide.md
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/messaging/azservicebus/migrationguide.md
@@ -189,6 +189,8 @@ In `azservicebus`:
 ```go
 // import "github.com/Azure/azure-sdk-for-go/sdk/azidentity"
 
+// `DefaultAzureCredential` tries several common credential types. For more credential types
+// see this link: https://pkg.go.dev/github.com/Azure/azure-sdk-for-go/sdk/azidentity#readme-credential-types.
 credential, err := azidentity.NewDefaultAzureCredential(nil)
 client, err := azservicebus.NewClient("<ex: myservicebus.servicebus.windows.net>", credential, nil)
 ```
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/messaging/azservicebus/receiver.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/messaging/azservicebus/receiver.go
index 3646a9c1c8e..a03395e1085 100644
--- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/messaging/azservicebus/receiver.go
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/messaging/azservicebus/receiver.go
@@ -47,7 +47,6 @@ type Receiver struct {
 	amqpLinks                internal.AMQPLinks
 	cancelReleaser           *atomic.Value
 	cleanupOnClose           func()
-	defaultTimeAfterFirstMsg time.Duration
 	entityPath               string
 	lastPeekedSequenceNumber int64
 	maxAllowedCredits        uint32
@@ -131,7 +130,6 @@ func newReceiver(args newReceiverArgs, options *ReceiverOptions) (*Receiver, err
 	receiver := &Receiver{
 		cancelReleaser:           &atomic.Value{},
 		cleanupOnClose:           args.cleanupOnClose,
-		defaultTimeAfterFirstMsg: 20 * time.Millisecond,
 		lastPeekedSequenceNumber: 0,
 		maxAllowedCredits:        defaultLinkRxBuffer,
 		retryOptions:             args.retryOptions,
@@ -143,13 +141,6 @@ func newReceiver(args newReceiverArgs, options *ReceiverOptions) (*Receiver, err
 		return nil, err
 	}
 
-	if receiver.receiveMode == ReceiveModeReceiveAndDelete {
-		// TODO: there appears to be a bit more overhead when receiving messages
-		// in ReceiveAndDelete. Need to investigate if this is related to our
-		// auto-accepting logic in go-amqp.
-		receiver.defaultTimeAfterFirstMsg = time.Second
-	}
-
 	newLinkFn := receiver.newReceiverLink
 
 	if args.newLinkFn != nil {
@@ -181,12 +172,18 @@ func (r *Receiver) newReceiverLink(ctx context.Context, session amqpwrap.AMQPSes
 
 // ReceiveMessagesOptions are options for the ReceiveMessages function.
 type ReceiveMessagesOptions struct {
-	// For future expansion
+	// TimeAfterFirstMessage controls how long, after a message has been received, before we return the
+	// accumulated batch of messages.
+	//
+	// Default value depends on the receive mode:
+	// - 20ms when the receiver is in ReceiveModePeekLock
+	// - 1s when the receiver is in ReceiveModeReceiveAndDelete
+	TimeAfterFirstMessage time.Duration
 }
 
 // ReceiveMessages receives a fixed number of messages, up to numMessages.
 // This function will block until at least one message is received or until the ctx is cancelled.
-// If the operation fails it can return an *azservicebus.Error type if the failure is actionable.
+// If the operation fails it can return an [*azservicebus.Error] type if the failure is actionable.
 func (r *Receiver) ReceiveMessages(ctx context.Context, maxMessages int, options *ReceiveMessagesOptions) ([]*ReceivedMessage, error) {
 	r.mu.Lock()
 	isReceiving := r.receiving
@@ -216,7 +213,7 @@ type ReceiveDeferredMessagesOptions struct {
 }
 
 // ReceiveDeferredMessages receives messages that were deferred using `Receiver.DeferMessage`.
-// If the operation fails it can return an *azservicebus.Error type if the failure is actionable.
+// If the operation fails it can return an [*azservicebus.Error] type if the failure is actionable.
 func (r *Receiver) ReceiveDeferredMessages(ctx context.Context, sequenceNumbers []int64, options *ReceiveDeferredMessagesOptions) ([]*ReceivedMessage, error) {
 	var receivedMessages []*ReceivedMessage
 
@@ -251,12 +248,14 @@ type PeekMessagesOptions struct {
 //
 // The Receiver stores the last peeked sequence number internally, and will use it as the
 // start location for the next PeekMessages() call. You can override this behavior by passing an
-// explicit sequence number in PeekMessagesOptions.FromSequenceNumber.
+// explicit sequence number in [azservicebus.PeekMessagesOptions.FromSequenceNumber].
+//
+// Messages that are peeked are not locked, so settlement methods like [Receiver.CompleteMessage],
+// [Receiver.AbandonMessage], [Receiver.DeferMessage] or [Receiver.DeadLetterMessage] will not work with them.
 //
-// Messages that are peeked do not have lock tokens, so settlement methods
-// like CompleteMessage, AbandonMessage, DeferMessage or DeadLetterMessage
-// will not work with them.
-// If the operation fails it can return an *azservicebus.Error type if the failure is actionable.
+// If the operation fails it can return an [*azservicebus.Error] type if the failure is actionable.
+//
+// For more information about peeking/message-browsing see https://aka.ms/azsdk/servicebus/message-browsing
 func (r *Receiver) PeekMessages(ctx context.Context, maxMessageCount int, options *PeekMessagesOptions) ([]*ReceivedMessage, error) {
 	var receivedMessages []*ReceivedMessage
 
@@ -298,7 +297,7 @@ type RenewMessageLockOptions struct {
 }
 
 // RenewMessageLock renews the lock on a message, updating the `LockedUntil` field on `msg`.
-// If the operation fails it can return an *azservicebus.Error type if the failure is actionable.
+// If the operation fails it can return an [*azservicebus.Error] type if the failure is actionable.
 func (r *Receiver) RenewMessageLock(ctx context.Context, msg *ReceivedMessage, options *RenewMessageLockOptions) error {
 	err := r.amqpLinks.Retry(ctx, EventReceiver, "renewMessageLock", func(ctx context.Context, linksWithVersion *internal.LinksWithID, args *utils.RetryFnArgs) error {
 		newExpirationTime, err := internal.RenewLocks(ctx, linksWithVersion.RPC, msg.RawAMQPMessage.linkName, []amqp.UUID{
@@ -328,7 +327,7 @@ func (r *Receiver) Close(ctx context.Context) error {
 
 // CompleteMessage completes a message, deleting it from the queue or subscription.
 // This function can only be used when the Receiver has been opened with ReceiveModePeekLock.
-// If the operation fails it can return an *azservicebus.Error type if the failure is actionable.
+// If the operation fails it can return an [*azservicebus.Error] type if the failure is actionable.
 func (r *Receiver) CompleteMessage(ctx context.Context, message *ReceivedMessage, options *CompleteMessageOptions) error {
 	return r.settler.CompleteMessage(ctx, message, options)
 }
@@ -337,7 +336,7 @@ func (r *Receiver) CompleteMessage(ctx context.Context, message *ReceivedMessage
 // This will increment its delivery count, and potentially cause it to be dead-lettered
 // depending on your queue or subscription's configuration.
 // This function can only be used when the Receiver has been opened with `ReceiveModePeekLock`.
-// If the operation fails it can return an *azservicebus.Error type if the failure is actionable.
+// If the operation fails it can return an [*azservicebus.Error] type if the failure is actionable.
 func (r *Receiver) AbandonMessage(ctx context.Context, message *ReceivedMessage, options *AbandonMessageOptions) error {
 	return r.settler.AbandonMessage(ctx, message, options)
 }
@@ -345,7 +344,7 @@ func (r *Receiver) AbandonMessage(ctx context.Context, message *ReceivedMessage,
 // DeferMessage will cause a message to be deferred. Deferred messages can be received using
 // `Receiver.ReceiveDeferredMessages`.
 // This function can only be used when the Receiver has been opened with `ReceiveModePeekLock`.
-// If the operation fails it can return an *azservicebus.Error type if the failure is actionable.
+// If the operation fails it can return an [*azservicebus.Error] type if the failure is actionable.
 func (r *Receiver) DeferMessage(ctx context.Context, message *ReceivedMessage, options *DeferMessageOptions) error {
 	return r.settler.DeferMessage(ctx, message, options)
 }
@@ -354,7 +353,7 @@ func (r *Receiver) DeferMessage(ctx context.Context, message *ReceivedMessage, o
 // queue or subscription. To receive these messages create a receiver with `Client.NewReceiverForQueue()`
 // or `Client.NewReceiverForSubscription()` using the `ReceiverOptions.SubQueue` option.
 // This function can only be used when the Receiver has been opened with `ReceiveModePeekLock`.
-// If the operation fails it can return an *azservicebus.Error type if the failure is actionable.
+// If the operation fails it can return an [*azservicebus.Error] type if the failure is actionable.
 func (r *Receiver) DeadLetterMessage(ctx context.Context, message *ReceivedMessage, options *DeadLetterOptions) error {
 	return r.settler.DeadLetterMessage(ctx, message, options)
 }
@@ -398,7 +397,15 @@ func (r *Receiver) receiveMessagesImpl(ctx context.Context, maxMessages int, opt
 		r.amqpLinks.Writef(EventReceiver, "Have %d credits, no new credits needed", currentReceiverCredits)
 	}
 
-	result := r.fetchMessages(ctx, linksWithID.Receiver, maxMessages, r.defaultTimeAfterFirstMsg)
+	timeAfterFirstMessage := 20 * time.Millisecond
+
+	if options != nil && options.TimeAfterFirstMessage > 0 {
+		timeAfterFirstMessage = options.TimeAfterFirstMessage
+	} else if r.receiveMode == ReceiveModeReceiveAndDelete {
+		timeAfterFirstMessage = time.Second
+	}
+
+	result := r.fetchMessages(ctx, linksWithID.Receiver, maxMessages, timeAfterFirstMessage)
 
 	r.amqpLinks.Writef(EventReceiver, "Received %d/%d messages", len(result.Messages), maxMessages)
 
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/messaging/azservicebus/sender.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/messaging/azservicebus/sender.go
index 7e4c31d9077..8b3771e3ca4 100644
--- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/messaging/azservicebus/sender.go
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/messaging/azservicebus/sender.go
@@ -90,8 +90,8 @@ type SendMessageBatchOptions struct {
 }
 
 // SendMessageBatch sends a MessageBatch to a queue or topic.
-// Message batches can be created using `Sender.NewMessageBatch`.
-// If the operation fails it can return an *azservicebus.Error type if the failure is actionable.
+// Message batches can be created using [Sender.NewMessageBatch].
+// If the operation fails it can return an [*azservicebus.Error] type if the failure is actionable.
 func (s *Sender) SendMessageBatch(ctx context.Context, batch *MessageBatch, options *SendMessageBatchOptions) error {
 	err := s.links.Retry(ctx, EventSender, "SendMessageBatch", func(ctx context.Context, lwid *internal.LinksWithID, args *utils.RetryFnArgs) error {
 		return lwid.Sender.Send(ctx, batch.toAMQPMessage(), nil)
@@ -108,7 +108,7 @@ type ScheduleMessagesOptions struct {
 // ScheduleMessages schedules a slice of Messages to appear on Service Bus Queue/Subscription at a later time.
 // Returns the sequence numbers of the messages that were scheduled.  Messages that haven't been
 // delivered can be cancelled using `Receiver.CancelScheduleMessage(s)`
-// If the operation fails it can return an *azservicebus.Error type if the failure is actionable.
+// If the operation fails it can return an [*azservicebus.Error] type if the failure is actionable.
 func (s *Sender) ScheduleMessages(ctx context.Context, messages []*Message, scheduledEnqueueTime time.Time, options *ScheduleMessagesOptions) ([]int64, error) {
 	return scheduleMessages(ctx, s.links, s.retryOptions, messages, scheduledEnqueueTime)
 }
@@ -121,7 +121,7 @@ type ScheduleAMQPAnnotatedMessagesOptions struct {
 // ScheduleAMQPAnnotatedMessages schedules a slice of Messages to appear on Service Bus Queue/Subscription at a later time.
 // Returns the sequence numbers of the messages that were scheduled.  Messages that haven't been
 // delivered can be cancelled using `Receiver.CancelScheduleMessage(s)`
-// If the operation fails it can return an *azservicebus.Error type if the failure is actionable.
+// If the operation fails it can return an [*azservicebus.Error] type if the failure is actionable.
 func (s *Sender) ScheduleAMQPAnnotatedMessages(ctx context.Context, messages []*AMQPAnnotatedMessage, scheduledEnqueueTime time.Time, options *ScheduleAMQPAnnotatedMessagesOptions) ([]int64, error) {
 	return scheduleMessages(ctx, s.links, s.retryOptions, messages, scheduledEnqueueTime)
 }
@@ -156,7 +156,7 @@ type CancelScheduledMessagesOptions struct {
 }
 
 // CancelScheduledMessages cancels multiple messages that were scheduled.
-// If the operation fails it can return an *azservicebus.Error type if the failure is actionable.
+// If the operation fails it can return an [*azservicebus.Error] type if the failure is actionable.
 func (s *Sender) CancelScheduledMessages(ctx context.Context, sequenceNumbers []int64, options *CancelScheduledMessagesOptions) error {
 	err := s.links.Retry(ctx, EventSender, "CancelScheduledMessages", func(ctx context.Context, lwv *internal.LinksWithID, args *utils.RetryFnArgs) error {
 		return internal.CancelScheduledMessages(ctx, lwv.RPC, lwv.Sender.LinkName(), sequenceNumbers)
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/messaging/azservicebus/session_receiver.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/messaging/azservicebus/session_receiver.go
index 6b9a0f9af45..c4cac54b1bb 100644
--- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/messaging/azservicebus/session_receiver.go
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/messaging/azservicebus/session_receiver.go
@@ -134,22 +134,29 @@ func (r *SessionReceiver) newLink(ctx context.Context, session amqpwrap.AMQPSess
 
 // ReceiveMessages receives a fixed number of messages, up to maxMessages.
 // This function will block until at least one message is received or until the ctx is cancelled.
-// If the operation fails it can return an *azservicebus.Error type if the failure is actionable.
+// If the operation fails it can return an [*azservicebus.Error] type if the failure is actionable.
 func (r *SessionReceiver) ReceiveMessages(ctx context.Context, maxMessages int, options *ReceiveMessagesOptions) ([]*ReceivedMessage, error) {
 	return r.inner.ReceiveMessages(ctx, maxMessages, options)
 }
 
 // ReceiveDeferredMessages receives messages that were deferred using `Receiver.DeferMessage`.
-// If the operation fails it can return an *azservicebus.Error type if the failure is actionable.
+// If the operation fails it can return an [*azservicebus.Error] type if the failure is actionable.
 func (r *SessionReceiver) ReceiveDeferredMessages(ctx context.Context, sequenceNumbers []int64, options *ReceiveDeferredMessagesOptions) ([]*ReceivedMessage, error) {
 	return r.inner.ReceiveDeferredMessages(ctx, sequenceNumbers, options)
 }
 
 // PeekMessages will peek messages without locking or deleting messages.
-// Messages that are peeked do not have lock tokens, so settlement methods
-// like CompleteMessage, AbandonMessage, DeferMessage or DeadLetterMessage
-// will not work with them.
-// If the operation fails it can return an *azservicebus.Error type if the failure is actionable.
+//
+// The SessionReceiver stores the last peeked sequence number internally, and will use it as the
+// start location for the next PeekMessages() call. You can override this behavior by passing an
+// explicit sequence number in [azservicebus.PeekMessagesOptions.FromSequenceNumber].
+//
+// Messages that are peeked are not locked, so settlement methods like [SessionReceiver.CompleteMessage],
+// [SessionReceiver.AbandonMessage], [SessionReceiver.DeferMessage] or [SessionReceiver.DeadLetterMessage] will not work with them.
+//
+// If the operation fails it can return an [*azservicebus.Error] type if the failure is actionable.
+//
+// For more information about peeking/message-browsing see https://aka.ms/azsdk/servicebus/message-browsing
 func (r *SessionReceiver) PeekMessages(ctx context.Context, maxMessageCount int, options *PeekMessagesOptions) ([]*ReceivedMessage, error) {
 	return r.inner.PeekMessages(ctx, maxMessageCount, options)
 }
@@ -160,7 +167,7 @@ func (r *SessionReceiver) Close(ctx context.Context) error {
 }
 
 // CompleteMessage completes a message, deleting it from the queue or subscription.
-// If the operation fails it can return an *azservicebus.Error type if the failure is actionable.
+// If the operation fails it can return an [*azservicebus.Error] type if the failure is actionable.
 func (r *SessionReceiver) CompleteMessage(ctx context.Context, message *ReceivedMessage, options *CompleteMessageOptions) error {
 	return r.inner.CompleteMessage(ctx, message, options)
 }
@@ -168,14 +175,14 @@ func (r *SessionReceiver) CompleteMessage(ctx context.Context, message *Received
 // AbandonMessage will cause a message to be returned to the queue or subscription.
 // This will increment its delivery count, and potentially cause it to be dead lettered
 // depending on your queue or subscription's configuration.
-// If the operation fails it can return an *azservicebus.Error type if the failure is actionable.
+// If the operation fails it can return an [*azservicebus.Error] type if the failure is actionable.
 func (r *SessionReceiver) AbandonMessage(ctx context.Context, message *ReceivedMessage, options *AbandonMessageOptions) error {
 	return r.inner.AbandonMessage(ctx, message, options)
 }
 
 // DeferMessage will cause a message to be deferred. Deferred messages
 // can be received using `Receiver.ReceiveDeferredMessages`.
-// If the operation fails it can return an *azservicebus.Error type if the failure is actionable.
+// If the operation fails it can return an [*azservicebus.Error] type if the failure is actionable.
 func (r *SessionReceiver) DeferMessage(ctx context.Context, message *ReceivedMessage, options *DeferMessageOptions) error {
 	return r.inner.DeferMessage(ctx, message, options)
 }
@@ -183,7 +190,7 @@ func (r *SessionReceiver) DeferMessage(ctx context.Context, message *ReceivedMes
 // DeadLetterMessage settles a message by moving it to the dead letter queue for a
 // queue or subscription. To receive these messages create a receiver with `Client.NewReceiverForQueue()`
 // or `Client.NewReceiverForSubscription()` using the `ReceiverOptions.SubQueue` option.
-// If the operation fails it can return an *azservicebus.Error type if the failure is actionable.
+// If the operation fails it can return an [*azservicebus.Error] type if the failure is actionable.
 func (r *SessionReceiver) DeadLetterMessage(ctx context.Context, message *ReceivedMessage, options *DeadLetterOptions) error {
 	return r.inner.DeadLetterMessage(ctx, message, options)
 }
@@ -207,7 +214,7 @@ type GetSessionStateOptions struct {
 }
 
 // GetSessionState retrieves state associated with the session.
-// If the operation fails it can return an *azservicebus.Error type if the failure is actionable.
+// If the operation fails it can return an [*azservicebus.Error] type if the failure is actionable.
 func (sr *SessionReceiver) GetSessionState(ctx context.Context, options *GetSessionStateOptions) ([]byte, error) {
 	var sessionState []byte
 
@@ -232,7 +239,7 @@ type SetSessionStateOptions struct {
 
 // SetSessionState sets the state associated with the session.
 // Pass nil for the state parameter to clear the stored session state.
-// If the operation fails it can return an *azservicebus.Error type if the failure is actionable.
+// If the operation fails it can return an [*azservicebus.Error] type if the failure is actionable.
 func (sr *SessionReceiver) SetSessionState(ctx context.Context, state []byte, options *SetSessionStateOptions) error {
 	err := sr.inner.amqpLinks.Retry(ctx, EventReceiver, "SetSessionState", func(ctx context.Context, lwv *internal.LinksWithID, args *utils.RetryFnArgs) error {
 		return internal.SetSessionState(ctx, lwv.RPC, lwv.Receiver.LinkName(), sr.SessionID(), state)
@@ -248,7 +255,7 @@ type RenewSessionLockOptions struct {
 
 // RenewSessionLock renews this session's lock. The new expiration time is available
 // using `LockedUntil`.
-// If the operation fails it can return an *azservicebus.Error type if the failure is actionable.
+// If the operation fails it can return an [*azservicebus.Error] type if the failure is actionable.
 func (sr *SessionReceiver) RenewSessionLock(ctx context.Context, options *RenewSessionLockOptions) error {
 	err := sr.inner.amqpLinks.Retry(ctx, EventReceiver, "RenewSessionLock", func(ctx context.Context, lwv *internal.LinksWithID, args *utils.RetryFnArgs) error {
 		newLockedUntil, err := internal.RenewSessionLock(ctx, lwv.RPC, lwv.Receiver.LinkName(), *sr.sessionID)
diff --git a/vendor/github.com/Azure/go-amqp/CHANGELOG.md b/vendor/github.com/Azure/go-amqp/CHANGELOG.md
index 94b8b1ecca6..34bd386c133 100644
--- a/vendor/github.com/Azure/go-amqp/CHANGELOG.md
+++ b/vendor/github.com/Azure/go-amqp/CHANGELOG.md
@@ -1,5 +1,17 @@
 # Release History
 
+## 1.0.4 (2024-01-16)
+
+### Other Changes
+
+* A `Receiver`'s unsettled messages are tracked as a count (currently used for diagnostic purposes only).
+
+## 1.0.3 (2024-01-09)
+
+### Bugs Fixed
+
+* Fixed an issue that could cause a memory leak when settling messages across `Receiver` instances.
+
 ## 1.0.2 (2023-09-05)
 
 ### Bugs Fixed
diff --git a/vendor/github.com/Azure/go-amqp/message.go b/vendor/github.com/Azure/go-amqp/message.go
index 398d8676d9a..2fcb9d635b8 100644
--- a/vendor/github.com/Azure/go-amqp/message.go
+++ b/vendor/github.com/Azure/go-amqp/message.go
@@ -101,8 +101,9 @@ type Message struct {
 	// encryption details).
 	Footer Annotations
 
-	deliveryID uint32 // used when sending disposition
-	settled    bool   // whether transfer was settled by sender
+	deliveryID uint32    // used when sending disposition
+	settled    bool      // whether transfer was settled by sender
+	rcv        *Receiver // used to settle message on the corresponding Receiver (nil if settled == true)
 }
 
 // NewMessage returns a *Message with data as the first payload in the Data field.
@@ -299,6 +300,11 @@ func (m *Message) Unmarshal(r *buffer.Buffer) error {
 	return nil
 }
 
+func (m *Message) onSettlement() {
+	m.settled = true
+	m.rcv = nil
+}
+
 /*
 <type name="header" class="composite" source="list" provides="section">
     <descriptor name="amqp:header:list" code="0x00000000:0x00000070"/>
diff --git a/vendor/github.com/Azure/go-amqp/receiver.go b/vendor/github.com/Azure/go-amqp/receiver.go
index 9db9829e153..d472614d4c3 100644
--- a/vendor/github.com/Azure/go-amqp/receiver.go
+++ b/vendor/github.com/Azure/go-amqp/receiver.go
@@ -6,6 +6,7 @@ import (
 	"errors"
 	"fmt"
 	"sync"
+	"sync/atomic"
 
 	"github.com/Azure/go-amqp/internal/buffer"
 	"github.com/Azure/go-amqp/internal/debug"
@@ -28,11 +29,13 @@ type Receiver struct {
 	messagesQ     *queue.Holder[Message] // used to send completed messages to receiver
 	txDisposition chan frameBodyEnvelope // used to funnel disposition frames through the mux
 
-	unsettledMessages     map[string]struct{} // used to keep track of messages being handled downstream
-	unsettledMessagesLock sync.RWMutex        // lock to protect concurrent access to unsettledMessages
-	msgBuf                buffer.Buffer       // buffered bytes for current message
-	more                  bool                // if true, buf contains a partial message
-	msg                   Message             // current message being decoded
+	// NOTE: this will need to be retooled if/when we need to support resuming links.
+	// at present, this is only used for debug tracing purposes so it's safe to change it to a count.
+	unsettledMessages int32 // count of unsettled messages for this receiver; MUST be atomically accessed
+
+	msgBuf buffer.Buffer // buffered bytes for current message
+	more   bool          // if true, buf contains a partial message
+	msg    Message       // current message being decoded
 
 	settlementCount   uint32     // the count of settled messages
 	settlementCountMu sync.Mutex // must be held when accessing settlementCount
@@ -144,7 +147,7 @@ func (r *Receiver) Receive(ctx context.Context, opts *ReceiveOptions) (*Message,
 // If the context's deadline expires or is cancelled before the operation
 // completes, the message's disposition is in an unknown state.
 func (r *Receiver) AcceptMessage(ctx context.Context, msg *Message) error {
-	return r.messageDisposition(ctx, msg, &encoding.StateAccepted{})
+	return msg.rcv.messageDisposition(ctx, msg, &encoding.StateAccepted{})
 }
 
 // Reject notifies the server that the message is invalid.
@@ -155,7 +158,7 @@ func (r *Receiver) AcceptMessage(ctx context.Context, msg *Message) error {
 // If the context's deadline expires or is cancelled before the operation
 // completes, the message's disposition is in an unknown state.
 func (r *Receiver) RejectMessage(ctx context.Context, msg *Message, e *Error) error {
-	return r.messageDisposition(ctx, msg, &encoding.StateRejected{Error: e})
+	return msg.rcv.messageDisposition(ctx, msg, &encoding.StateRejected{Error: e})
 }
 
 // Release releases the message back to the server. The message may be redelivered to this or another consumer.
@@ -165,7 +168,7 @@ func (r *Receiver) RejectMessage(ctx context.Context, msg *Message, e *Error) er
 // If the context's deadline expires or is cancelled before the operation
 // completes, the message's disposition is in an unknown state.
 func (r *Receiver) ReleaseMessage(ctx context.Context, msg *Message) error {
-	return r.messageDisposition(ctx, msg, &encoding.StateReleased{})
+	return msg.rcv.messageDisposition(ctx, msg, &encoding.StateReleased{})
 }
 
 // Modify notifies the server that the message was not acted upon and should be modifed.
@@ -179,7 +182,7 @@ func (r *Receiver) ModifyMessage(ctx context.Context, msg *Message, options *Mod
 	if options == nil {
 		options = &ModifyMessageOptions{}
 	}
-	return r.messageDisposition(ctx,
+	return msg.rcv.messageDisposition(ctx,
 		msg, &encoding.StateModified{
 			DeliveryFailed:     options.DeliveryFailed,
 			UndeliverableHere:  options.UndeliverableHere,
@@ -269,11 +272,18 @@ func (r *Receiver) sendDisposition(ctx context.Context, first uint32, last *uint
 	}
 }
 
+// messageDisposition is called via the *Receiver associated with a *Message.
+// this allows messages to be settled across Receiver instances.
+// note that only unsettled messsages will have their rcv field set.
 func (r *Receiver) messageDisposition(ctx context.Context, msg *Message, state encoding.DeliveryState) error {
+	// settling a message that's already settled (sender-settled or otherwise) will have a nil rcv.
+	// which means that r will be nil. you MUST NOT dereference r if msg.settled == true
 	if msg.settled {
 		return nil
 	}
 
+	debug.Assert(r != nil)
+
 	// NOTE: we MUST add to the in-flight map before sending the disposition. if not, it's possible
 	// to receive the ack'ing disposition frame *before* the in-flight map has been updated which
 	// will cause the below <-wait to never trigger.
@@ -290,7 +300,8 @@ func (r *Receiver) messageDisposition(ctx context.Context, msg *Message, state e
 
 	if wait == nil {
 		// mode first, there will be no settlement ack
-		r.deleteUnsettled(msg)
+		msg.onSettlement()
+		r.deleteUnsettled()
 		r.onSettlement(1)
 		return nil
 	}
@@ -338,23 +349,23 @@ func (r *Receiver) onSettlement(count uint32) {
 	}
 }
 
-func (r *Receiver) addUnsettled(msg *Message) {
-	r.unsettledMessagesLock.Lock()
-	r.unsettledMessages[string(msg.DeliveryTag)] = struct{}{}
-	r.unsettledMessagesLock.Unlock()
+// increments the count of unsettled messages.
+// this is only called from our mux.
+func (r *Receiver) addUnsettled() {
+	atomic.AddInt32(&r.unsettledMessages, 1)
 }
 
-func (r *Receiver) deleteUnsettled(msg *Message) {
-	r.unsettledMessagesLock.Lock()
-	delete(r.unsettledMessages, string(msg.DeliveryTag))
-	r.unsettledMessagesLock.Unlock()
+// decrements the count of unsettled messages.
+// this is called inside _or_ outside the mux.
+// it's called outside when RSM is mode first.
+func (r *Receiver) deleteUnsettled() {
+	atomic.AddInt32(&r.unsettledMessages, -1)
 }
 
-func (r *Receiver) countUnsettled() int {
-	r.unsettledMessagesLock.RLock()
-	count := len(r.unsettledMessages)
-	r.unsettledMessagesLock.RUnlock()
-	return count
+// returns the count of unsettled messages.
+// this is only called from our mux for diagnostic purposes.
+func (r *Receiver) countUnsettled() int32 {
+	return atomic.LoadInt32(&r.unsettledMessages)
 }
 
 func newReceiver(source string, session *Session, opts *ReceiverOptions) (*Receiver, error) {
@@ -467,7 +478,6 @@ func (r *Receiver) attach(ctx context.Context) error {
 		}
 		// deliveryCount is a sequence number, must initialize to sender's initial sequence number
 		r.l.deliveryCount = pa.InitialDeliveryCount
-		r.unsettledMessages = map[string]struct{}{}
 		// copy the received filter values
 		if pa.Source != nil {
 			r.l.source.Filter = pa.Source.Filter
@@ -702,8 +712,8 @@ func (r *Receiver) muxHandleFrame(fr frames.FrameBody) error {
 		}
 		// removal from the in-flight map will also remove the message from the unsettled map
 		count := r.inFlight.remove(fr.First, fr.Last, dispositionError, func(msg *Message) {
-			r.deleteUnsettled(msg)
-			msg.settled = true
+			r.deleteUnsettled()
+			msg.onSettlement()
 		})
 		r.onSettlement(count)
 
@@ -808,7 +818,8 @@ func (r *Receiver) muxReceive(fr frames.PerformTransfer) {
 
 	// send to receiver
 	if !r.msg.settled {
-		r.addUnsettled(&r.msg)
+		r.addUnsettled()
+		r.msg.rcv = r
 		debug.Log(3, "RX (Receiver %p): add unsettled delivery ID %d", r, r.msg.deliveryID)
 	}
 
diff --git a/vendor/github.com/AzureAD/microsoft-authentication-library-for-go/apps/internal/base/internal/storage/storage.go b/vendor/github.com/AzureAD/microsoft-authentication-library-for-go/apps/internal/base/internal/storage/storage.go
index 11263822be1..2221e60c437 100644
--- a/vendor/github.com/AzureAD/microsoft-authentication-library-for-go/apps/internal/base/internal/storage/storage.go
+++ b/vendor/github.com/AzureAD/microsoft-authentication-library-for-go/apps/internal/base/internal/storage/storage.go
@@ -82,6 +82,39 @@ func isMatchingScopes(scopesOne []string, scopesTwo string) bool {
 	return scopeCounter == len(scopesOne)
 }
 
+// needsUpgrade returns true if the given key follows the v1.0 schema i.e.,
+// it contains an uppercase character (v1.1+ keys are all lowercase)
+func needsUpgrade(key string) bool {
+	for _, r := range key {
+		if 'A' <= r && r <= 'Z' {
+			return true
+		}
+	}
+	return false
+}
+
+// upgrade a v1.0 cache item by adding a v1.1+ item having the same value and deleting
+// the v1.0 item. Callers must hold an exclusive lock on m.
+func upgrade[T any](m map[string]T, k string) T {
+	v1_1Key := strings.ToLower(k)
+	v, ok := m[k]
+	if !ok {
+		// another goroutine did the upgrade while this one was waiting for the write lock
+		return m[v1_1Key]
+	}
+	if v2, ok := m[v1_1Key]; ok {
+		// cache has an equivalent v1.1+ item, which we prefer because we know it was added
+		// by a newer version of the module and is therefore more likely to remain valid.
+		// The v1.0 item may have expired because only v1.0 or earlier would update it.
+		v = v2
+	} else {
+		// add an equivalent item according to the v1.1 schema
+		m[v1_1Key] = v
+	}
+	delete(m, k)
+	return v
+}
+
 // Read reads a storage token from the cache if it exists.
 func (m *Manager) Read(ctx context.Context, authParameters authority.AuthParams) (TokenResponse, error) {
 	tr := TokenResponse{}
@@ -255,21 +288,25 @@ func (m *Manager) aadMetadata(ctx context.Context, authorityInfo authority.Info)
 
 func (m *Manager) readAccessToken(homeID string, envAliases []string, realm, clientID string, scopes []string, tokenType, authnSchemeKeyID string) AccessToken {
 	m.contractMu.RLock()
-	defer m.contractMu.RUnlock()
 	// TODO: linear search (over a map no less) is slow for a large number (thousands) of tokens.
 	// this shows up as the dominating node in a profile. for real-world scenarios this likely isn't
 	// an issue, however if it does become a problem then we know where to look.
-	for _, at := range m.contract.AccessTokens {
+	for k, at := range m.contract.AccessTokens {
 		if at.HomeAccountID == homeID && at.Realm == realm && at.ClientID == clientID {
-			if (at.TokenType == tokenType && at.AuthnSchemeKeyID == authnSchemeKeyID) || (at.TokenType == "" && (tokenType == "" || tokenType == "Bearer")) {
-				if checkAlias(at.Environment, envAliases) {
-					if isMatchingScopes(scopes, at.Scopes) {
-						return at
+			if (strings.EqualFold(at.TokenType, tokenType) && at.AuthnSchemeKeyID == authnSchemeKeyID) || (at.TokenType == "" && (tokenType == "" || tokenType == "Bearer")) {
+				if checkAlias(at.Environment, envAliases) && isMatchingScopes(scopes, at.Scopes) {
+					m.contractMu.RUnlock()
+					if needsUpgrade(k) {
+						m.contractMu.Lock()
+						defer m.contractMu.Unlock()
+						at = upgrade(m.contract.AccessTokens, k)
 					}
+					return at
 				}
 			}
 		}
 	}
+	m.contractMu.RUnlock()
 	return AccessToken{}
 }
 
@@ -310,15 +347,21 @@ func (m *Manager) readRefreshToken(homeID string, envAliases []string, familyID,
 	// If app is part of the family or if we DO NOT KNOW if it's part of the family, search by family ID, then by client_id (we will know if an app is part of the family after the first token response).
 	// https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/blob/311fe8b16e7c293462806f397e189a6aa1159769/src/client/Microsoft.Identity.Client/Internal/Requests/Silent/CacheSilentStrategy.cs#L95
 	m.contractMu.RLock()
-	defer m.contractMu.RUnlock()
 	for _, matcher := range matchers {
-		for _, rt := range m.contract.RefreshTokens {
+		for k, rt := range m.contract.RefreshTokens {
 			if matcher(rt) {
+				m.contractMu.RUnlock()
+				if needsUpgrade(k) {
+					m.contractMu.Lock()
+					defer m.contractMu.Unlock()
+					rt = upgrade(m.contract.RefreshTokens, k)
+				}
 				return rt, nil
 			}
 		}
 	}
 
+	m.contractMu.RUnlock()
 	return accesstokens.RefreshToken{}, fmt.Errorf("refresh token not found")
 }
 
@@ -340,14 +383,20 @@ func (m *Manager) writeRefreshToken(refreshToken accesstokens.RefreshToken) erro
 
 func (m *Manager) readIDToken(homeID string, envAliases []string, realm, clientID string) (IDToken, error) {
 	m.contractMu.RLock()
-	defer m.contractMu.RUnlock()
-	for _, idt := range m.contract.IDTokens {
+	for k, idt := range m.contract.IDTokens {
 		if idt.HomeAccountID == homeID && idt.Realm == realm && idt.ClientID == clientID {
 			if checkAlias(idt.Environment, envAliases) {
+				m.contractMu.RUnlock()
+				if needsUpgrade(k) {
+					m.contractMu.Lock()
+					defer m.contractMu.Unlock()
+					idt = upgrade(m.contract.IDTokens, k)
+				}
 				return idt, nil
 			}
 		}
 	}
+	m.contractMu.RUnlock()
 	return IDToken{}, fmt.Errorf("token not found")
 }
 
@@ -386,7 +435,6 @@ func (m *Manager) Account(homeAccountID string) shared.Account {
 
 func (m *Manager) readAccount(homeAccountID string, envAliases []string, realm string) (shared.Account, error) {
 	m.contractMu.RLock()
-	defer m.contractMu.RUnlock()
 
 	// You might ask why, if cache.Accounts is a map, we would loop through all of these instead of using a key.
 	// We only use a map because the storage contract shared between all language implementations says use a map.
@@ -394,11 +442,18 @@ func (m *Manager) readAccount(homeAccountID string, envAliases []string, realm s
 	// a match in multiple envs (envAlias). That means we either need to hash each possible keyand do the lookup
 	// or just statically check.  Since the design is to have a storage.Manager per user, the amount of keys stored
 	// is really low (say 2).  Each hash is more expensive than the entire iteration.
-	for _, acc := range m.contract.Accounts {
+	for k, acc := range m.contract.Accounts {
 		if acc.HomeAccountID == homeAccountID && checkAlias(acc.Environment, envAliases) && acc.Realm == realm {
+			m.contractMu.RUnlock()
+			if needsUpgrade(k) {
+				m.contractMu.Lock()
+				defer m.contractMu.Unlock()
+				acc = upgrade(m.contract.Accounts, k)
+			}
 			return acc, nil
 		}
 	}
+	m.contractMu.RUnlock()
 	return shared.Account{}, fmt.Errorf("account not found")
 }
 
@@ -412,13 +467,18 @@ func (m *Manager) writeAccount(account shared.Account) error {
 
 func (m *Manager) readAppMetaData(envAliases []string, clientID string) (AppMetaData, error) {
 	m.contractMu.RLock()
-	defer m.contractMu.RUnlock()
-
-	for _, app := range m.contract.AppMetaData {
+	for k, app := range m.contract.AppMetaData {
 		if checkAlias(app.Environment, envAliases) && app.ClientID == clientID {
+			m.contractMu.RUnlock()
+			if needsUpgrade(k) {
+				m.contractMu.Lock()
+				defer m.contractMu.Unlock()
+				app = upgrade(m.contract.AppMetaData, k)
+			}
 			return app, nil
 		}
 	}
+	m.contractMu.RUnlock()
 	return AppMetaData{}, fmt.Errorf("not found")
 }
 
diff --git a/vendor/github.com/AzureAD/microsoft-authentication-library-for-go/apps/public/public.go b/vendor/github.com/AzureAD/microsoft-authentication-library-for-go/apps/public/public.go
index 2221b3d3391..e346ff3dffd 100644
--- a/vendor/github.com/AzureAD/microsoft-authentication-library-for-go/apps/public/public.go
+++ b/vendor/github.com/AzureAD/microsoft-authentication-library-for-go/apps/public/public.go
@@ -51,7 +51,7 @@ type AuthenticationScheme = authority.AuthenticationScheme
 
 type Account = shared.Account
 
-var errNoAccount = errors.New("no account was specified with public.WithAccount(), or the specified account is invalid")
+var errNoAccount = errors.New("no account was specified with public.WithSilentAccount(), or the specified account is invalid")
 
 // clientOptions configures the Client's behavior.
 type clientOptions struct {
diff --git a/vendor/github.com/andybalholm/brotli/README.md b/vendor/github.com/andybalholm/brotli/README.md
index 1ea7fdb759d..00625211d71 100644
--- a/vendor/github.com/andybalholm/brotli/README.md
+++ b/vendor/github.com/andybalholm/brotli/README.md
@@ -2,6 +2,13 @@ This package is a brotli compressor and decompressor implemented in Go.
 It was translated from the reference implementation (https://github.com/google/brotli)
 with the `c2go` tool at https://github.com/andybalholm/c2go.
 
+I have been working on new compression algorithms (not translated from C)
+in the matchfinder package.
+You can use them with the NewWriterV2 function.
+Currently they give better results than the old implementation
+(at least for compressing my test file, Newton’s *Opticks*) 
+on levels 2 to 6.
+
 I am using it in production with https://github.com/andybalholm/redwood.
 
 API documentation is found at https://pkg.go.dev/github.com/andybalholm/brotli?tab=doc.
diff --git a/vendor/github.com/andybalholm/brotli/bitwriter.go b/vendor/github.com/andybalholm/brotli/bitwriter.go
new file mode 100644
index 00000000000..dfc60360f36
--- /dev/null
+++ b/vendor/github.com/andybalholm/brotli/bitwriter.go
@@ -0,0 +1,56 @@
+package brotli
+
+/* Copyright 2010 Google Inc. All Rights Reserved.
+
+   Distributed under MIT license.
+   See file LICENSE for detail or copy at https://opensource.org/licenses/MIT
+*/
+
+/* Write bits into a byte array. */
+
+type bitWriter struct {
+	dst []byte
+
+	// Data waiting to be written is the low nbits of bits.
+	bits  uint64
+	nbits uint
+}
+
+func (w *bitWriter) writeBits(nb uint, b uint64) {
+	w.bits |= b << w.nbits
+	w.nbits += nb
+	if w.nbits >= 32 {
+		bits := w.bits
+		w.bits >>= 32
+		w.nbits -= 32
+		w.dst = append(w.dst,
+			byte(bits),
+			byte(bits>>8),
+			byte(bits>>16),
+			byte(bits>>24),
+		)
+	}
+}
+
+func (w *bitWriter) writeSingleBit(bit bool) {
+	if bit {
+		w.writeBits(1, 1)
+	} else {
+		w.writeBits(1, 0)
+	}
+}
+
+func (w *bitWriter) jumpToByteBoundary() {
+	dst := w.dst
+	for w.nbits != 0 {
+		dst = append(dst, byte(w.bits))
+		w.bits >>= 8
+		if w.nbits > 8 { // Avoid underflow
+			w.nbits -= 8
+		} else {
+			w.nbits = 0
+		}
+	}
+	w.bits = 0
+	w.dst = dst
+}
diff --git a/vendor/github.com/andybalholm/brotli/brotli_bit_stream.go b/vendor/github.com/andybalholm/brotli/brotli_bit_stream.go
index 7acfb180616..ee6552982bf 100644
--- a/vendor/github.com/andybalholm/brotli/brotli_bit_stream.go
+++ b/vendor/github.com/andybalholm/brotli/brotli_bit_stream.go
@@ -7,12 +7,18 @@ import (
 
 const maxHuffmanTreeSize = (2*numCommandSymbols + 1)
 
-/* The maximum size of Huffman dictionary for distances assuming that
-   NPOSTFIX = 0 and NDIRECT = 0. */
+/*
+The maximum size of Huffman dictionary for distances assuming that
+
+	NPOSTFIX = 0 and NDIRECT = 0.
+*/
 const maxSimpleDistanceAlphabetSize = 140
 
-/* Represents the range of values belonging to a prefix code:
-   [offset, offset + 2^nbits) */
+/*
+Represents the range of values belonging to a prefix code:
+
+	[offset, offset + 2^nbits)
+*/
 type prefixCodeRange struct {
 	offset uint32
 	nbits  uint32
@@ -96,9 +102,12 @@ func nextBlockTypeCode(calculator *blockTypeCodeCalculator, type_ byte) uint {
 	return type_code
 }
 
-/* |nibblesbits| represents the 2 bits to encode MNIBBLES (0-3)
-   REQUIRES: length > 0
-   REQUIRES: length <= (1 << 24) */
+/*
+|nibblesbits| represents the 2 bits to encode MNIBBLES (0-3)
+
+	REQUIRES: length > 0
+	REQUIRES: length <= (1 << 24)
+*/
 func encodeMlen(length uint, bits *uint64, numbits *uint, nibblesbits *uint64) {
 	var lg uint
 	if length == 1 {
@@ -132,8 +141,11 @@ func storeCommandExtra(cmd *command, storage_ix *uint, storage []byte) {
 	writeBits(uint(insnumextra+getCopyExtra(copycode)), bits, storage_ix, storage)
 }
 
-/* Data structure that stores almost everything that is needed to encode each
-   block switch command. */
+/*
+Data structure that stores almost everything that is needed to encode each
+
+	block switch command.
+*/
 type blockSplitCode struct {
 	type_code_calculator blockTypeCodeCalculator
 	type_depths          [maxBlockTypeSymbols]byte
@@ -154,9 +166,12 @@ func storeVarLenUint8(n uint, storage_ix *uint, storage []byte) {
 	}
 }
 
-/* Stores the compressed meta-block header.
-   REQUIRES: length > 0
-   REQUIRES: length <= (1 << 24) */
+/*
+Stores the compressed meta-block header.
+
+	REQUIRES: length > 0
+	REQUIRES: length <= (1 << 24)
+*/
 func storeCompressedMetaBlockHeader(is_final_block bool, length uint, storage_ix *uint, storage []byte) {
 	var lenbits uint64
 	var nlenbits uint
@@ -186,9 +201,12 @@ func storeCompressedMetaBlockHeader(is_final_block bool, length uint, storage_ix
 	}
 }
 
-/* Stores the uncompressed meta-block header.
-   REQUIRES: length > 0
-   REQUIRES: length <= (1 << 24) */
+/*
+Stores the uncompressed meta-block header.
+
+	REQUIRES: length > 0
+	REQUIRES: length <= (1 << 24)
+*/
 func storeUncompressedMetaBlockHeader(length uint, storage_ix *uint, storage []byte) {
 	var lenbits uint64
 	var nlenbits uint
@@ -312,8 +330,11 @@ func storeSimpleHuffmanTree(depths []byte, symbols []uint, num_symbols uint, max
 	}
 }
 
-/* num = alphabet size
-   depths = symbol depths */
+/*
+num = alphabet size
+
+	depths = symbol depths
+*/
 func storeHuffmanTree(depths []byte, num uint, tree []huffmanTree, storage_ix *uint, storage []byte) {
 	var huffman_tree [numCommandSymbols]byte
 	var huffman_tree_extra_bits [numCommandSymbols]byte
@@ -367,8 +388,11 @@ func storeHuffmanTree(depths []byte, num uint, tree []huffmanTree, storage_ix *u
 	storeHuffmanTreeToBitMask(huffman_tree_size, huffman_tree[:], huffman_tree_extra_bits[:], code_length_bitdepth[:], code_length_bitdepth_symbols[:], storage_ix, storage)
 }
 
-/* Builds a Huffman tree from histogram[0:length] into depth[0:length] and
-   bits[0:length] and stores the encoded tree to the bit stream. */
+/*
+Builds a Huffman tree from histogram[0:length] into depth[0:length] and
+
+	bits[0:length] and stores the encoded tree to the bit stream.
+*/
 func buildAndStoreHuffmanTree(histogram []uint32, histogram_length uint, alphabet_size uint, tree []huffmanTree, depth []byte, bits []uint16, storage_ix *uint, storage []byte) {
 	var count uint = 0
 	var s4 = [4]uint{0}
@@ -623,6 +647,203 @@ func buildAndStoreHuffmanTreeFast(histogram []uint32, histogram_total uint, max_
 	}
 }
 
+func buildAndStoreHuffmanTreeFastBW(histogram []uint32, histogram_total uint, max_bits uint, depth []byte, bits []uint16, bw *bitWriter) {
+	var count uint = 0
+	var symbols = [4]uint{0}
+	var length uint = 0
+	var total uint = histogram_total
+	for total != 0 {
+		if histogram[length] != 0 {
+			if count < 4 {
+				symbols[count] = length
+			}
+
+			count++
+			total -= uint(histogram[length])
+		}
+
+		length++
+	}
+
+	if count <= 1 {
+		bw.writeBits(4, 1)
+		bw.writeBits(max_bits, uint64(symbols[0]))
+		depth[symbols[0]] = 0
+		bits[symbols[0]] = 0
+		return
+	}
+
+	for i := 0; i < int(length); i++ {
+		depth[i] = 0
+	}
+	{
+		var max_tree_size uint = 2*length + 1
+		tree, _ := huffmanTreePool.Get().(*[]huffmanTree)
+		if tree == nil || cap(*tree) < int(max_tree_size) {
+			tmp := make([]huffmanTree, max_tree_size)
+			tree = &tmp
+		} else {
+			*tree = (*tree)[:max_tree_size]
+		}
+		var count_limit uint32
+		for count_limit = 1; ; count_limit *= 2 {
+			var node int = 0
+			var l uint
+			for l = length; l != 0; {
+				l--
+				if histogram[l] != 0 {
+					if histogram[l] >= count_limit {
+						initHuffmanTree(&(*tree)[node:][0], histogram[l], -1, int16(l))
+					} else {
+						initHuffmanTree(&(*tree)[node:][0], count_limit, -1, int16(l))
+					}
+
+					node++
+				}
+			}
+			{
+				var n int = node
+				/* Points to the next leaf node. */ /* Points to the next non-leaf node. */
+				var sentinel huffmanTree
+				var i int = 0
+				var j int = n + 1
+				var k int
+
+				sortHuffmanTreeItems(*tree, uint(n), huffmanTreeComparator(sortHuffmanTree1))
+
+				/* The nodes are:
+				   [0, n): the sorted leaf nodes that we start with.
+				   [n]: we add a sentinel here.
+				   [n + 1, 2n): new parent nodes are added here, starting from
+				                (n+1). These are naturally in ascending order.
+				   [2n]: we add a sentinel at the end as well.
+				   There will be (2n+1) elements at the end. */
+				initHuffmanTree(&sentinel, math.MaxUint32, -1, -1)
+
+				(*tree)[node] = sentinel
+				node++
+				(*tree)[node] = sentinel
+				node++
+
+				for k = n - 1; k > 0; k-- {
+					var left int
+					var right int
+					if (*tree)[i].total_count_ <= (*tree)[j].total_count_ {
+						left = i
+						i++
+					} else {
+						left = j
+						j++
+					}
+
+					if (*tree)[i].total_count_ <= (*tree)[j].total_count_ {
+						right = i
+						i++
+					} else {
+						right = j
+						j++
+					}
+
+					/* The sentinel node becomes the parent node. */
+					(*tree)[node-1].total_count_ = (*tree)[left].total_count_ + (*tree)[right].total_count_
+
+					(*tree)[node-1].index_left_ = int16(left)
+					(*tree)[node-1].index_right_or_value_ = int16(right)
+
+					/* Add back the last sentinel node. */
+					(*tree)[node] = sentinel
+					node++
+				}
+
+				if setDepth(2*n-1, *tree, depth, 14) {
+					/* We need to pack the Huffman tree in 14 bits. If this was not
+					   successful, add fake entities to the lowest values and retry. */
+					break
+				}
+			}
+		}
+
+		huffmanTreePool.Put(tree)
+	}
+
+	convertBitDepthsToSymbols(depth, length, bits)
+	if count <= 4 {
+		var i uint
+
+		/* value of 1 indicates a simple Huffman code */
+		bw.writeBits(2, 1)
+
+		bw.writeBits(2, uint64(count)-1) /* NSYM - 1 */
+
+		/* Sort */
+		for i = 0; i < count; i++ {
+			var j uint
+			for j = i + 1; j < count; j++ {
+				if depth[symbols[j]] < depth[symbols[i]] {
+					var tmp uint = symbols[j]
+					symbols[j] = symbols[i]
+					symbols[i] = tmp
+				}
+			}
+		}
+
+		if count == 2 {
+			bw.writeBits(max_bits, uint64(symbols[0]))
+			bw.writeBits(max_bits, uint64(symbols[1]))
+		} else if count == 3 {
+			bw.writeBits(max_bits, uint64(symbols[0]))
+			bw.writeBits(max_bits, uint64(symbols[1]))
+			bw.writeBits(max_bits, uint64(symbols[2]))
+		} else {
+			bw.writeBits(max_bits, uint64(symbols[0]))
+			bw.writeBits(max_bits, uint64(symbols[1]))
+			bw.writeBits(max_bits, uint64(symbols[2]))
+			bw.writeBits(max_bits, uint64(symbols[3]))
+
+			/* tree-select */
+			bw.writeSingleBit(depth[symbols[0]] == 1)
+		}
+	} else {
+		var previous_value byte = 8
+		var i uint
+
+		/* Complex Huffman Tree */
+		storeStaticCodeLengthCodeBW(bw)
+
+		/* Actual RLE coding. */
+		for i = 0; i < length; {
+			var value byte = depth[i]
+			var reps uint = 1
+			var k uint
+			for k = i + 1; k < length && depth[k] == value; k++ {
+				reps++
+			}
+
+			i += reps
+			if value == 0 {
+				bw.writeBits(uint(kZeroRepsDepth[reps]), kZeroRepsBits[reps])
+			} else {
+				if previous_value != value {
+					bw.writeBits(uint(kCodeLengthDepth[value]), uint64(kCodeLengthBits[value]))
+					reps--
+				}
+
+				if reps < 3 {
+					for reps != 0 {
+						reps--
+						bw.writeBits(uint(kCodeLengthDepth[value]), uint64(kCodeLengthBits[value]))
+					}
+				} else {
+					reps -= 3
+					bw.writeBits(uint(kNonZeroRepsDepth[reps]), kNonZeroRepsBits[reps])
+				}
+
+				previous_value = value
+			}
+		}
+	}
+}
+
 func indexOf(v []byte, v_size uint, value byte) uint {
 	var i uint = 0
 	for ; i < v_size; i++ {
@@ -674,12 +895,15 @@ func moveToFrontTransform(v_in []uint32, v_size uint, v_out []uint32) {
 	}
 }
 
-/* Finds runs of zeros in v[0..in_size) and replaces them with a prefix code of
-   the run length plus extra bits (lower 9 bits is the prefix code and the rest
-   are the extra bits). Non-zero values in v[] are shifted by
-   *max_length_prefix. Will not create prefix codes bigger than the initial
-   value of *max_run_length_prefix. The prefix code of run length L is simply
-   Log2Floor(L) and the number of extra bits is the same as the prefix code. */
+/*
+Finds runs of zeros in v[0..in_size) and replaces them with a prefix code of
+
+	the run length plus extra bits (lower 9 bits is the prefix code and the rest
+	are the extra bits). Non-zero values in v[] are shifted by
+	*max_length_prefix. Will not create prefix codes bigger than the initial
+	value of *max_run_length_prefix. The prefix code of run length L is simply
+	Log2Floor(L) and the number of extra bits is the same as the prefix code.
+*/
 func runLengthCodeZeros(in_size uint, v []uint32, out_size *uint, max_run_length_prefix *uint32) {
 	var max_reps uint32 = 0
 	var i uint
@@ -799,8 +1023,11 @@ func storeBlockSwitch(code *blockSplitCode, block_len uint32, block_type byte, i
 	writeBits(uint(len_nextra), uint64(len_extra), storage_ix, storage)
 }
 
-/* Builds a BlockSplitCode data structure from the block split given by the
-   vector of block types and block lengths and stores it to the bit stream. */
+/*
+Builds a BlockSplitCode data structure from the block split given by the
+
+	vector of block types and block lengths and stores it to the bit stream.
+*/
 func buildAndStoreBlockSplitCode(types []byte, lengths []uint32, num_blocks uint, num_types uint, tree []huffmanTree, code *blockSplitCode, storage_ix *uint, storage []byte) {
 	var type_histo [maxBlockTypeSymbols]uint32
 	var length_histo [numBlockLenSymbols]uint32
@@ -919,14 +1146,20 @@ func cleanupBlockEncoder(self *blockEncoder) {
 	blockEncoderPool.Put(self)
 }
 
-/* Creates entropy codes of block lengths and block types and stores them
-   to the bit stream. */
+/*
+Creates entropy codes of block lengths and block types and stores them
+
+	to the bit stream.
+*/
 func buildAndStoreBlockSwitchEntropyCodes(self *blockEncoder, tree []huffmanTree, storage_ix *uint, storage []byte) {
 	buildAndStoreBlockSplitCode(self.block_types_, self.block_lengths_, self.num_blocks_, self.num_block_types_, tree, &self.block_split_code_, storage_ix, storage)
 }
 
-/* Stores the next symbol with the entropy code of the current block type.
-   Updates the block type and block length at block boundaries. */
+/*
+Stores the next symbol with the entropy code of the current block type.
+
+	Updates the block type and block length at block boundaries.
+*/
 func storeSymbol(self *blockEncoder, symbol uint, storage_ix *uint, storage []byte) {
 	if self.block_len_ == 0 {
 		self.block_ix_++
@@ -945,9 +1178,12 @@ func storeSymbol(self *blockEncoder, symbol uint, storage_ix *uint, storage []by
 	}
 }
 
-/* Stores the next symbol with the entropy code of the current block type and
-   context value.
-   Updates the block type and block length at block boundaries. */
+/*
+Stores the next symbol with the entropy code of the current block type and
+
+	context value.
+	Updates the block type and block length at block boundaries.
+*/
 func storeSymbolWithContext(self *blockEncoder, symbol uint, context uint, context_map []uint32, storage_ix *uint, storage []byte, context_bits uint) {
 	if self.block_len_ == 0 {
 		self.block_ix_++
@@ -1268,8 +1504,11 @@ func storeMetaBlockFast(input []byte, start_pos uint, length uint, mask uint, is
 	}
 }
 
-/* This is for storing uncompressed blocks (simple raw storage of
-   bytes-as-bytes). */
+/*
+This is for storing uncompressed blocks (simple raw storage of
+
+	bytes-as-bytes).
+*/
 func storeUncompressedMetaBlock(is_final_block bool, input []byte, position uint, mask uint, len uint, storage_ix *uint, storage []byte) {
 	var masked_pos uint = position & mask
 	storeUncompressedMetaBlockHeader(uint(len), storage_ix, storage)
diff --git a/vendor/github.com/andybalholm/brotli/compress_fragment_two_pass.go b/vendor/github.com/andybalholm/brotli/compress_fragment_two_pass.go
index 172dc7f4607..79f9c7fdfc8 100644
--- a/vendor/github.com/andybalholm/brotli/compress_fragment_two_pass.go
+++ b/vendor/github.com/andybalholm/brotli/compress_fragment_two_pass.go
@@ -39,8 +39,11 @@ func isMatch1(p1 []byte, p2 []byte, length uint) bool {
 	return p1[4] == p2[4] && p1[5] == p2[5]
 }
 
-/* Builds a command and distance prefix code (each 64 symbols) into "depth" and
-   "bits" based on "histogram" and stores it into the bit stream. */
+/*
+Builds a command and distance prefix code (each 64 symbols) into "depth" and
+
+	"bits" based on "histogram" and stores it into the bit stream.
+*/
 func buildAndStoreCommandPrefixCode(histogram []uint32, depth []byte, bits []uint16, storage_ix *uint, storage []byte) {
 	var tree [129]huffmanTree
 	var cmd_depth = [numCommandSymbols]byte{0}
@@ -216,6 +219,25 @@ func storeMetaBlockHeader(len uint, is_uncompressed bool, storage_ix *uint, stor
 	writeSingleBit(is_uncompressed, storage_ix, storage)
 }
 
+func storeMetaBlockHeaderBW(len uint, is_uncompressed bool, bw *bitWriter) {
+	var nibbles uint = 6
+
+	/* ISLAST */
+	bw.writeBits(1, 0)
+
+	if len <= 1<<16 {
+		nibbles = 4
+	} else if len <= 1<<20 {
+		nibbles = 5
+	}
+
+	bw.writeBits(2, uint64(nibbles)-4)
+	bw.writeBits(nibbles*4, uint64(len)-1)
+
+	/* ISUNCOMPRESSED */
+	bw.writeSingleBit(is_uncompressed)
+}
+
 func createCommands(input []byte, block_size uint, input_size uint, base_ip_ptr []byte, table []int, table_bits uint, min_match uint, literals *[]byte, commands *[]uint32) {
 	var ip int = 0
 	var shift uint = 64 - table_bits
@@ -710,19 +732,22 @@ func compressFragmentTwoPassImpl(input []byte, input_size uint, is_last bool, co
 	}
 }
 
-/* Compresses "input" string to the "*storage" buffer as one or more complete
-   meta-blocks, and updates the "*storage_ix" bit position.
+/*
+Compresses "input" string to the "*storage" buffer as one or more complete
 
-   If "is_last" is 1, emits an additional empty last meta-block.
+	meta-blocks, and updates the "*storage_ix" bit position.
 
-   REQUIRES: "input_size" is greater than zero, or "is_last" is 1.
-   REQUIRES: "input_size" is less or equal to maximal metablock size (1 << 24).
-   REQUIRES: "command_buf" and "literal_buf" point to at least
-              kCompressFragmentTwoPassBlockSize long arrays.
-   REQUIRES: All elements in "table[0..table_size-1]" are initialized to zero.
-   REQUIRES: "table_size" is a power of two
-   OUTPUT: maximal copy distance <= |input_size|
-   OUTPUT: maximal copy distance <= BROTLI_MAX_BACKWARD_LIMIT(18) */
+	If "is_last" is 1, emits an additional empty last meta-block.
+
+	REQUIRES: "input_size" is greater than zero, or "is_last" is 1.
+	REQUIRES: "input_size" is less or equal to maximal metablock size (1 << 24).
+	REQUIRES: "command_buf" and "literal_buf" point to at least
+	           kCompressFragmentTwoPassBlockSize long arrays.
+	REQUIRES: All elements in "table[0..table_size-1]" are initialized to zero.
+	REQUIRES: "table_size" is a power of two
+	OUTPUT: maximal copy distance <= |input_size|
+	OUTPUT: maximal copy distance <= BROTLI_MAX_BACKWARD_LIMIT(18)
+*/
 func compressFragmentTwoPass(input []byte, input_size uint, is_last bool, command_buf []uint32, literal_buf []byte, table []int, table_size uint, storage_ix *uint, storage []byte) {
 	var initial_storage_ix uint = *storage_ix
 	var table_bits uint = uint(log2FloorNonZero(table_size))
diff --git a/vendor/github.com/andybalholm/brotli/encoder.go b/vendor/github.com/andybalholm/brotli/encoder.go
new file mode 100644
index 00000000000..650d1e42b49
--- /dev/null
+++ b/vendor/github.com/andybalholm/brotli/encoder.go
@@ -0,0 +1,168 @@
+package brotli
+
+import "github.com/andybalholm/brotli/matchfinder"
+
+// An Encoder implements the matchfinder.Encoder interface, writing in Brotli format.
+type Encoder struct {
+	wroteHeader bool
+	bw          bitWriter
+	distCache   []distanceCode
+}
+
+func (e *Encoder) Reset() {
+	e.wroteHeader = false
+	e.bw = bitWriter{}
+}
+
+func (e *Encoder) Encode(dst []byte, src []byte, matches []matchfinder.Match, lastBlock bool) []byte {
+	e.bw.dst = dst
+	if !e.wroteHeader {
+		e.bw.writeBits(4, 15)
+		e.wroteHeader = true
+	}
+
+	var literalHisto [256]uint32
+	var commandHisto [704]uint32
+	var distanceHisto [64]uint32
+	literalCount := 0
+	commandCount := 0
+	distanceCount := 0
+
+	if len(e.distCache) < len(matches) {
+		e.distCache = make([]distanceCode, len(matches))
+	}
+
+	// first pass: build the histograms
+	pos := 0
+
+	// d is the ring buffer of the last 4 distances.
+	d := [4]int{-10, -10, -10, -10}
+	for i, m := range matches {
+		if m.Unmatched > 0 {
+			for _, c := range src[pos : pos+m.Unmatched] {
+				literalHisto[c]++
+			}
+			literalCount += m.Unmatched
+		}
+
+		insertCode := getInsertLengthCode(uint(m.Unmatched))
+		copyCode := getCopyLengthCode(uint(m.Length))
+		if m.Length == 0 {
+			// If the stream ends with unmatched bytes, we need a dummy copy length.
+			copyCode = 2
+		}
+		command := combineLengthCodes(insertCode, copyCode, false)
+		commandHisto[command]++
+		commandCount++
+
+		if command >= 128 && m.Length != 0 {
+			var distCode distanceCode
+			switch m.Distance {
+			case d[3]:
+				distCode.code = 0
+			case d[2]:
+				distCode.code = 1
+			case d[1]:
+				distCode.code = 2
+			case d[0]:
+				distCode.code = 3
+			case d[3] - 1:
+				distCode.code = 4
+			case d[3] + 1:
+				distCode.code = 5
+			case d[3] - 2:
+				distCode.code = 6
+			case d[3] + 2:
+				distCode.code = 7
+			case d[3] - 3:
+				distCode.code = 8
+			case d[3] + 3:
+				distCode.code = 9
+
+				// In my testing, codes 10–15 actually reduced the compression ratio.
+
+			default:
+				distCode = getDistanceCode(m.Distance)
+			}
+			e.distCache[i] = distCode
+			distanceHisto[distCode.code]++
+			distanceCount++
+			if distCode.code != 0 {
+				d[0], d[1], d[2], d[3] = d[1], d[2], d[3], m.Distance
+			}
+		}
+
+		pos += m.Unmatched + m.Length
+	}
+
+	storeMetaBlockHeaderBW(uint(len(src)), false, &e.bw)
+	e.bw.writeBits(13, 0)
+
+	var literalDepths [256]byte
+	var literalBits [256]uint16
+	buildAndStoreHuffmanTreeFastBW(literalHisto[:], uint(literalCount), 8, literalDepths[:], literalBits[:], &e.bw)
+
+	var commandDepths [704]byte
+	var commandBits [704]uint16
+	buildAndStoreHuffmanTreeFastBW(commandHisto[:], uint(commandCount), 10, commandDepths[:], commandBits[:], &e.bw)
+
+	var distanceDepths [64]byte
+	var distanceBits [64]uint16
+	buildAndStoreHuffmanTreeFastBW(distanceHisto[:], uint(distanceCount), 6, distanceDepths[:], distanceBits[:], &e.bw)
+
+	pos = 0
+	for i, m := range matches {
+		insertCode := getInsertLengthCode(uint(m.Unmatched))
+		copyCode := getCopyLengthCode(uint(m.Length))
+		if m.Length == 0 {
+			// If the stream ends with unmatched bytes, we need a dummy copy length.
+			copyCode = 2
+		}
+		command := combineLengthCodes(insertCode, copyCode, false)
+		e.bw.writeBits(uint(commandDepths[command]), uint64(commandBits[command]))
+		if kInsExtra[insertCode] > 0 {
+			e.bw.writeBits(uint(kInsExtra[insertCode]), uint64(m.Unmatched)-uint64(kInsBase[insertCode]))
+		}
+		if kCopyExtra[copyCode] > 0 {
+			e.bw.writeBits(uint(kCopyExtra[copyCode]), uint64(m.Length)-uint64(kCopyBase[copyCode]))
+		}
+
+		if m.Unmatched > 0 {
+			for _, c := range src[pos : pos+m.Unmatched] {
+				e.bw.writeBits(uint(literalDepths[c]), uint64(literalBits[c]))
+			}
+		}
+
+		if command >= 128 && m.Length != 0 {
+			distCode := e.distCache[i]
+			e.bw.writeBits(uint(distanceDepths[distCode.code]), uint64(distanceBits[distCode.code]))
+			if distCode.nExtra > 0 {
+				e.bw.writeBits(distCode.nExtra, distCode.extraBits)
+			}
+		}
+
+		pos += m.Unmatched + m.Length
+	}
+
+	if lastBlock {
+		e.bw.writeBits(2, 3) // islast + isempty
+		e.bw.jumpToByteBoundary()
+	}
+	return e.bw.dst
+}
+
+type distanceCode struct {
+	code      int
+	nExtra    uint
+	extraBits uint64
+}
+
+func getDistanceCode(distance int) distanceCode {
+	d := distance + 3
+	nbits := log2FloorNonZero(uint(d)) - 1
+	prefix := (d >> nbits) & 1
+	offset := (2 + prefix) << nbits
+	distcode := int(2*(nbits-1)) + prefix + 16
+	extra := d - offset
+	return distanceCode{distcode, uint(nbits), uint64(extra)}
+}
diff --git a/vendor/github.com/andybalholm/brotli/entropy_encode_static.go b/vendor/github.com/andybalholm/brotli/entropy_encode_static.go
index 5ddf3fcbaef..294aff4f4e6 100644
--- a/vendor/github.com/andybalholm/brotli/entropy_encode_static.go
+++ b/vendor/github.com/andybalholm/brotli/entropy_encode_static.go
@@ -782,6 +782,11 @@ func storeStaticCodeLengthCode(storage_ix *uint, storage []byte) {
 	writeBits(40, 0x0000FF55555554, storage_ix, storage)
 }
 
+func storeStaticCodeLengthCodeBW(bw *bitWriter) {
+	bw.writeBits(32, 0x55555554)
+	bw.writeBits(8, 0xFF)
+}
+
 var kZeroRepsBits = [numCommandSymbols]uint64{
 	0x00000000,
 	0x00000000,
diff --git a/vendor/github.com/andybalholm/brotli/http.go b/vendor/github.com/andybalholm/brotli/http.go
index b5b890475ea..3d3a8a06fdb 100644
--- a/vendor/github.com/andybalholm/brotli/http.go
+++ b/vendor/github.com/andybalholm/brotli/http.go
@@ -20,7 +20,7 @@ func HTTPCompressor(w http.ResponseWriter, r *http.Request) io.WriteCloser {
 	switch encoding {
 	case "br":
 		w.Header().Set("Content-Encoding", "br")
-		return NewWriter(w)
+		return NewWriterV2(w, DefaultCompression)
 	case "gzip":
 		w.Header().Set("Content-Encoding", "gzip")
 		return gzip.NewWriter(w)
diff --git a/vendor/github.com/andybalholm/brotli/matchfinder/emitter.go b/vendor/github.com/andybalholm/brotli/matchfinder/emitter.go
new file mode 100644
index 00000000000..37ed8e13340
--- /dev/null
+++ b/vendor/github.com/andybalholm/brotli/matchfinder/emitter.go
@@ -0,0 +1,45 @@
+package matchfinder
+
+// An absoluteMatch is like a Match, but it stores indexes into the byte
+// stream instead of lengths.
+type absoluteMatch struct {
+	// Start is the index of the first byte.
+	Start int
+
+	// End is the index of the byte after the last byte
+	// (so that End - Start = Length).
+	End int
+
+	// Match is the index of the previous data that matches
+	// (Start - Match = Distance).
+	Match int
+}
+
+// A matchEmitter manages the output of matches for a MatchFinder.
+type matchEmitter struct {
+	// Dst is the destination slice that Matches are added to.
+	Dst []Match
+
+	// NextEmit is the index of the next byte to emit.
+	NextEmit int
+}
+
+func (e *matchEmitter) emit(m absoluteMatch) {
+	e.Dst = append(e.Dst, Match{
+		Unmatched: m.Start - e.NextEmit,
+		Length:    m.End - m.Start,
+		Distance:  m.Start - m.Match,
+	})
+	e.NextEmit = m.End
+}
+
+// trim shortens m if it extends past maxEnd. Then if the length is at least
+// minLength, the match is emitted.
+func (e *matchEmitter) trim(m absoluteMatch, maxEnd int, minLength int) {
+	if m.End > maxEnd {
+		m.End = maxEnd
+	}
+	if m.End-m.Start >= minLength {
+		e.emit(m)
+	}
+}
diff --git a/vendor/github.com/andybalholm/brotli/matchfinder/m0.go b/vendor/github.com/andybalholm/brotli/matchfinder/m0.go
new file mode 100644
index 00000000000..773b7c49f3f
--- /dev/null
+++ b/vendor/github.com/andybalholm/brotli/matchfinder/m0.go
@@ -0,0 +1,169 @@
+package matchfinder
+
+import (
+	"encoding/binary"
+)
+
+// M0 is an implementation of the MatchFinder interface based
+// on the algorithm used by snappy, but modified to be more like the algorithm
+// used by compression level 0 of the brotli reference implementation.
+//
+// It has a maximum block size of 65536 bytes.
+type M0 struct {
+	// Lazy turns on "lazy matching," for higher compression but less speed.
+	Lazy bool
+
+	MaxDistance int
+	MaxLength   int
+}
+
+func (M0) Reset() {}
+
+const (
+	m0HashLen = 5
+
+	m0TableBits = 14
+	m0TableSize = 1 << m0TableBits
+	m0Shift     = 32 - m0TableBits
+	// m0TableMask is redundant, but helps the compiler eliminate bounds
+	// checks.
+	m0TableMask = m0TableSize - 1
+)
+
+func (m M0) hash(data uint64) uint64 {
+	hash := (data << (64 - 8*m0HashLen)) * hashMul64
+	return hash >> (64 - m0TableBits)
+}
+
+// FindMatches looks for matches in src, appends them to dst, and returns dst.
+// src must not be longer than 65536 bytes.
+func (m M0) FindMatches(dst []Match, src []byte) []Match {
+	const inputMargin = 16 - 1
+	const minNonLiteralBlockSize = 1 + 1 + inputMargin
+
+	if len(src) < minNonLiteralBlockSize {
+		dst = append(dst, Match{
+			Unmatched: len(src),
+		})
+		return dst
+	}
+	if len(src) > 65536 {
+		panic("block too long")
+	}
+
+	var table [m0TableSize]uint16
+
+	// sLimit is when to stop looking for offset/length copies. The inputMargin
+	// lets us use a fast path for emitLiteral in the main loop, while we are
+	// looking for copies.
+	sLimit := len(src) - inputMargin
+
+	// nextEmit is where in src the next emitLiteral should start from.
+	nextEmit := 0
+
+	// The encoded form must start with a literal, as there are no previous
+	// bytes to copy, so we start looking for hash matches at s == 1.
+	s := 1
+	nextHash := m.hash(binary.LittleEndian.Uint64(src[s:]))
+
+	for {
+		// Copied from the C++ snappy implementation:
+		//
+		// Heuristic match skipping: If 32 bytes are scanned with no matches
+		// found, start looking only at every other byte. If 32 more bytes are
+		// scanned (or skipped), look at every third byte, etc.. When a match
+		// is found, immediately go back to looking at every byte. This is a
+		// small loss (~5% performance, ~0.1% density) for compressible data
+		// due to more bookkeeping, but for non-compressible data (such as
+		// JPEG) it's a huge win since the compressor quickly "realizes" the
+		// data is incompressible and doesn't bother looking for matches
+		// everywhere.
+		//
+		// The "skip" variable keeps track of how many bytes there are since
+		// the last match; dividing it by 32 (ie. right-shifting by five) gives
+		// the number of bytes to move ahead for each iteration.
+		skip := 32
+
+		nextS := s
+		candidate := 0
+		for {
+			s = nextS
+			bytesBetweenHashLookups := skip >> 5
+			nextS = s + bytesBetweenHashLookups
+			skip += bytesBetweenHashLookups
+			if nextS > sLimit {
+				goto emitRemainder
+			}
+			candidate = int(table[nextHash&m0TableMask])
+			table[nextHash&m0TableMask] = uint16(s)
+			nextHash = m.hash(binary.LittleEndian.Uint64(src[nextS:]))
+			if m.MaxDistance != 0 && s-candidate > m.MaxDistance {
+				continue
+			}
+			if binary.LittleEndian.Uint32(src[s:]) == binary.LittleEndian.Uint32(src[candidate:]) {
+				break
+			}
+		}
+
+		// Invariant: we have a 4-byte match at s.
+		base := s
+		s = extendMatch(src, candidate+4, s+4)
+
+		origBase := base
+		if m.Lazy && base+1 < sLimit {
+			newBase := base + 1
+			h := m.hash(binary.LittleEndian.Uint64(src[newBase:]))
+			newCandidate := int(table[h&m0TableMask])
+			table[h&m0TableMask] = uint16(newBase)
+			okDistance := true
+			if m.MaxDistance != 0 && newBase-newCandidate > m.MaxDistance {
+				okDistance = false
+			}
+			if okDistance && binary.LittleEndian.Uint32(src[newBase:]) == binary.LittleEndian.Uint32(src[newCandidate:]) {
+				newS := extendMatch(src, newCandidate+4, newBase+4)
+				if newS-newBase > s-base+1 {
+					s = newS
+					base = newBase
+					candidate = newCandidate
+				}
+			}
+		}
+
+		if m.MaxLength != 0 && s-base > m.MaxLength {
+			s = base + m.MaxLength
+		}
+		dst = append(dst, Match{
+			Unmatched: base - nextEmit,
+			Length:    s - base,
+			Distance:  base - candidate,
+		})
+		nextEmit = s
+		if s >= sLimit {
+			goto emitRemainder
+		}
+
+		if m.Lazy {
+			// If lazy matching is enabled, we update the hash table for
+			// every byte in the match.
+			for i := origBase + 2; i < s-1; i++ {
+				x := binary.LittleEndian.Uint64(src[i:])
+				table[m.hash(x)&m0TableMask] = uint16(i)
+			}
+		}
+
+		// We could immediately start working at s now, but to improve
+		// compression we first update the hash table at s-1 and at s.
+		x := binary.LittleEndian.Uint64(src[s-1:])
+		prevHash := m.hash(x >> 0)
+		table[prevHash&m0TableMask] = uint16(s - 1)
+		nextHash = m.hash(x >> 8)
+	}
+
+emitRemainder:
+	if nextEmit < len(src) {
+		dst = append(dst, Match{
+			Unmatched: len(src) - nextEmit,
+		})
+	}
+	return dst
+}
diff --git a/vendor/github.com/andybalholm/brotli/matchfinder/m4.go b/vendor/github.com/andybalholm/brotli/matchfinder/m4.go
new file mode 100644
index 00000000000..5b2acba2e14
--- /dev/null
+++ b/vendor/github.com/andybalholm/brotli/matchfinder/m4.go
@@ -0,0 +1,297 @@
+package matchfinder
+
+import (
+	"encoding/binary"
+	"math/bits"
+	"runtime"
+)
+
+// M4 is an implementation of the MatchFinder
+// interface that uses a hash table to find matches,
+// optional match chains,
+// and the advanced parsing technique from
+// https://fastcompression.blogspot.com/2011/12/advanced-parsing-strategies.html.
+type M4 struct {
+	// MaxDistance is the maximum distance (in bytes) to look back for
+	// a match. The default is 65535.
+	MaxDistance int
+
+	// MinLength is the length of the shortest match to return.
+	// The default is 4.
+	MinLength int
+
+	// HashLen is the number of bytes to use to calculate the hashes.
+	// The maximum is 8 and the default is 6.
+	HashLen int
+
+	// TableBits is the number of bits in the hash table indexes.
+	// The default is 17 (128K entries).
+	TableBits int
+
+	// ChainLength is how many entries to search on the "match chain" of older
+	// locations with the same hash as the current location.
+	ChainLength int
+
+	// DistanceBitCost is used when comparing two matches to see
+	// which is better. The comparison is primarily based on the length
+	// of the matches, but it can also take the distance into account,
+	// in terms of the number of bits needed to represent the distance.
+	// One byte of length is given a score of 256, so 32 (256/8) would
+	// be a reasonable first guess for the value of one bit.
+	// (The default is 0, which bases the comparison solely on length.)
+	DistanceBitCost int
+
+	table []uint32
+	chain []uint16
+
+	history []byte
+}
+
+func (q *M4) Reset() {
+	for i := range q.table {
+		q.table[i] = 0
+	}
+	q.history = q.history[:0]
+	q.chain = q.chain[:0]
+}
+
+func (q *M4) score(m absoluteMatch) int {
+	return (m.End-m.Start)*256 + bits.LeadingZeros32(uint32(m.Start-m.Match))*q.DistanceBitCost
+}
+
+func (q *M4) FindMatches(dst []Match, src []byte) []Match {
+	if q.MaxDistance == 0 {
+		q.MaxDistance = 65535
+	}
+	if q.MinLength == 0 {
+		q.MinLength = 4
+	}
+	if q.HashLen == 0 {
+		q.HashLen = 6
+	}
+	if q.TableBits == 0 {
+		q.TableBits = 17
+	}
+	if len(q.table) < 1<<q.TableBits {
+		q.table = make([]uint32, 1<<q.TableBits)
+	}
+
+	e := matchEmitter{Dst: dst}
+
+	if len(q.history) > q.MaxDistance*2 {
+		// Trim down the history buffer.
+		delta := len(q.history) - q.MaxDistance
+		copy(q.history, q.history[delta:])
+		q.history = q.history[:q.MaxDistance]
+		if q.ChainLength > 0 {
+			q.chain = q.chain[:q.MaxDistance]
+		}
+
+		for i, v := range q.table {
+			newV := int(v) - delta
+			if newV < 0 {
+				newV = 0
+			}
+			q.table[i] = uint32(newV)
+		}
+	}
+
+	// Append src to the history buffer.
+	e.NextEmit = len(q.history)
+	q.history = append(q.history, src...)
+	if q.ChainLength > 0 {
+		q.chain = append(q.chain, make([]uint16, len(src))...)
+	}
+	src = q.history
+
+	// matches stores the matches that have been found but not emitted,
+	// in reverse order. (matches[0] is the most recent one.)
+	var matches [3]absoluteMatch
+	for i := e.NextEmit; i < len(src)-7; i++ {
+		if matches[0] != (absoluteMatch{}) && i >= matches[0].End {
+			// We have found some matches, and we're far enough along that we probably
+			// won't find overlapping matches, so we might as well emit them.
+			if matches[1] != (absoluteMatch{}) {
+				e.trim(matches[1], matches[0].Start, q.MinLength)
+			}
+			e.emit(matches[0])
+			matches = [3]absoluteMatch{}
+		}
+
+		// Calculate and store the hash.
+		h := ((binary.LittleEndian.Uint64(src[i:]) & (1<<(8*q.HashLen) - 1)) * hashMul64) >> (64 - q.TableBits)
+		candidate := int(q.table[h])
+		q.table[h] = uint32(i)
+		if q.ChainLength > 0 && candidate != 0 {
+			delta := i - candidate
+			if delta < 1<<16 {
+				q.chain[i] = uint16(delta)
+			}
+		}
+
+		if i < matches[0].End && i != matches[0].End+2-q.HashLen {
+			continue
+		}
+		if candidate == 0 || i-candidate > q.MaxDistance {
+			continue
+		}
+
+		// Look for a match.
+		var currentMatch absoluteMatch
+
+		if i-candidate != matches[0].Start-matches[0].Match {
+			if binary.LittleEndian.Uint32(src[candidate:]) == binary.LittleEndian.Uint32(src[i:]) {
+				m := extendMatch2(src, i, candidate, e.NextEmit)
+				if m.End-m.Start > q.MinLength {
+					currentMatch = m
+				}
+			}
+		}
+
+		for j := 0; j < q.ChainLength; j++ {
+			delta := q.chain[candidate]
+			if delta == 0 {
+				break
+			}
+			candidate -= int(delta)
+			if candidate <= 0 || i-candidate > q.MaxDistance {
+				break
+			}
+			if i-candidate != matches[0].Start-matches[0].Match {
+				if binary.LittleEndian.Uint32(src[candidate:]) == binary.LittleEndian.Uint32(src[i:]) {
+					m := extendMatch2(src, i, candidate, e.NextEmit)
+					if m.End-m.Start > q.MinLength && q.score(m) > q.score(currentMatch) {
+						currentMatch = m
+					}
+				}
+			}
+		}
+
+		if currentMatch.End-currentMatch.Start < q.MinLength {
+			continue
+		}
+
+		overlapPenalty := 0
+		if matches[0] != (absoluteMatch{}) {
+			overlapPenalty = 275
+			if currentMatch.Start <= matches[1].End {
+				// This match would completely replace the previous match,
+				// so there is no penalty for overlap.
+				overlapPenalty = 0
+			}
+		}
+
+		if q.score(currentMatch) <= q.score(matches[0])+overlapPenalty {
+			continue
+		}
+
+		matches = [3]absoluteMatch{
+			currentMatch,
+			matches[0],
+			matches[1],
+		}
+
+		if matches[2] == (absoluteMatch{}) {
+			continue
+		}
+
+		// We have three matches, so it's time to emit one and/or eliminate one.
+		switch {
+		case matches[0].Start < matches[2].End:
+			// The first and third matches overlap; discard the one in between.
+			matches = [3]absoluteMatch{
+				matches[0],
+				matches[2],
+				absoluteMatch{},
+			}
+
+		case matches[0].Start < matches[2].End+q.MinLength:
+			// The first and third matches don't overlap, but there's no room for
+			// another match between them. Emit the first match and discard the second.
+			e.emit(matches[2])
+			matches = [3]absoluteMatch{
+				matches[0],
+				absoluteMatch{},
+				absoluteMatch{},
+			}
+
+		default:
+			// Emit the first match, shortening it if necessary to avoid overlap with the second.
+			e.trim(matches[2], matches[1].Start, q.MinLength)
+			matches[2] = absoluteMatch{}
+		}
+	}
+
+	// We've found all the matches now; emit the remaining ones.
+	if matches[1] != (absoluteMatch{}) {
+		e.trim(matches[1], matches[0].Start, q.MinLength)
+	}
+	if matches[0] != (absoluteMatch{}) {
+		e.emit(matches[0])
+	}
+
+	dst = e.Dst
+	if e.NextEmit < len(src) {
+		dst = append(dst, Match{
+			Unmatched: len(src) - e.NextEmit,
+		})
+	}
+
+	return dst
+}
+
+const hashMul64 = 0x1E35A7BD1E35A7BD
+
+// extendMatch returns the largest k such that k <= len(src) and that
+// src[i:i+k-j] and src[j:k] have the same contents.
+//
+// It assumes that:
+//
+//	0 <= i && i < j && j <= len(src)
+func extendMatch(src []byte, i, j int) int {
+	switch runtime.GOARCH {
+	case "amd64":
+		// As long as we are 8 or more bytes before the end of src, we can load and
+		// compare 8 bytes at a time. If those 8 bytes are equal, repeat.
+		for j+8 < len(src) {
+			iBytes := binary.LittleEndian.Uint64(src[i:])
+			jBytes := binary.LittleEndian.Uint64(src[j:])
+			if iBytes != jBytes {
+				// If those 8 bytes were not equal, XOR the two 8 byte values, and return
+				// the index of the first byte that differs. The BSF instruction finds the
+				// least significant 1 bit, the amd64 architecture is little-endian, and
+				// the shift by 3 converts a bit index to a byte index.
+				return j + bits.TrailingZeros64(iBytes^jBytes)>>3
+			}
+			i, j = i+8, j+8
+		}
+	case "386":
+		// On a 32-bit CPU, we do it 4 bytes at a time.
+		for j+4 < len(src) {
+			iBytes := binary.LittleEndian.Uint32(src[i:])
+			jBytes := binary.LittleEndian.Uint32(src[j:])
+			if iBytes != jBytes {
+				return j + bits.TrailingZeros32(iBytes^jBytes)>>3
+			}
+			i, j = i+4, j+4
+		}
+	}
+	for ; j < len(src) && src[i] == src[j]; i, j = i+1, j+1 {
+	}
+	return j
+}
+
+// Given a 4-byte match at src[start] and src[candidate], extendMatch2 extends it
+// upward as far as possible, and downward no farther than to min.
+func extendMatch2(src []byte, start, candidate, min int) absoluteMatch {
+	end := extendMatch(src, candidate+4, start+4)
+	for start > min && candidate > 0 && src[start-1] == src[candidate-1] {
+		start--
+		candidate--
+	}
+	return absoluteMatch{
+		Start: start,
+		End:   end,
+		Match: candidate,
+	}
+}
diff --git a/vendor/github.com/andybalholm/brotli/matchfinder/matchfinder.go b/vendor/github.com/andybalholm/brotli/matchfinder/matchfinder.go
new file mode 100644
index 00000000000..f6bcfdb39cd
--- /dev/null
+++ b/vendor/github.com/andybalholm/brotli/matchfinder/matchfinder.go
@@ -0,0 +1,103 @@
+// The matchfinder package defines reusable components for data compression.
+//
+// Many compression libraries have two main parts:
+//   - Something that looks for repeated sequences of bytes
+//   - An encoder for the compressed data format (often an entropy coder)
+//
+// Although these are logically two separate steps, the implementations are
+// usually closely tied together. You can't use flate's matcher with snappy's
+// encoder, for example. This package defines interfaces and an intermediate
+// representation to allow mixing and matching compression components.
+package matchfinder
+
+import "io"
+
+// A Match is the basic unit of LZ77 compression.
+type Match struct {
+	Unmatched int // the number of unmatched bytes since the previous match
+	Length    int // the number of bytes in the matched string; it may be 0 at the end of the input
+	Distance  int // how far back in the stream to copy from
+}
+
+// A MatchFinder performs the LZ77 stage of compression, looking for matches.
+type MatchFinder interface {
+	// FindMatches looks for matches in src, appends them to dst, and returns dst.
+	FindMatches(dst []Match, src []byte) []Match
+
+	// Reset clears any internal state, preparing the MatchFinder to be used with
+	// a new stream.
+	Reset()
+}
+
+// An Encoder encodes the data in its final format.
+type Encoder interface {
+	// Encode appends the encoded format of src to dst, using the match
+	// information from matches.
+	Encode(dst []byte, src []byte, matches []Match, lastBlock bool) []byte
+
+	// Reset clears any internal state, preparing the Encoder to be used with
+	// a new stream.
+	Reset()
+}
+
+// A Writer uses MatchFinder and Encoder to write compressed data to Dest.
+type Writer struct {
+	Dest        io.Writer
+	MatchFinder MatchFinder
+	Encoder     Encoder
+
+	// BlockSize is the number of bytes to compress at a time. If it is zero,
+	// each Write operation will be treated as one block.
+	BlockSize int
+
+	err     error
+	inBuf   []byte
+	outBuf  []byte
+	matches []Match
+}
+
+func (w *Writer) Write(p []byte) (n int, err error) {
+	if w.err != nil {
+		return 0, w.err
+	}
+
+	if w.BlockSize == 0 {
+		return w.writeBlock(p, false)
+	}
+
+	w.inBuf = append(w.inBuf, p...)
+	var pos int
+	for pos = 0; pos+w.BlockSize <= len(w.inBuf) && w.err == nil; pos += w.BlockSize {
+		w.writeBlock(w.inBuf[pos:pos+w.BlockSize], false)
+	}
+	if pos > 0 {
+		n := copy(w.inBuf, w.inBuf[pos:])
+		w.inBuf = w.inBuf[:n]
+	}
+
+	return len(p), w.err
+}
+
+func (w *Writer) writeBlock(p []byte, lastBlock bool) (n int, err error) {
+	w.outBuf = w.outBuf[:0]
+	w.matches = w.MatchFinder.FindMatches(w.matches[:0], p)
+	w.outBuf = w.Encoder.Encode(w.outBuf, p, w.matches, lastBlock)
+	_, w.err = w.Dest.Write(w.outBuf)
+	return len(p), w.err
+}
+
+func (w *Writer) Close() error {
+	w.writeBlock(w.inBuf, true)
+	w.inBuf = w.inBuf[:0]
+	return w.err
+}
+
+func (w *Writer) Reset(newDest io.Writer) {
+	w.MatchFinder.Reset()
+	w.Encoder.Reset()
+	w.err = nil
+	w.inBuf = w.inBuf[:0]
+	w.outBuf = w.outBuf[:0]
+	w.matches = w.matches[:0]
+	w.Dest = newDest
+}
diff --git a/vendor/github.com/andybalholm/brotli/matchfinder/textencoder.go b/vendor/github.com/andybalholm/brotli/matchfinder/textencoder.go
new file mode 100644
index 00000000000..75ecc5908b9
--- /dev/null
+++ b/vendor/github.com/andybalholm/brotli/matchfinder/textencoder.go
@@ -0,0 +1,53 @@
+package matchfinder
+
+import "fmt"
+
+// A TextEncoder is an Encoder that produces a human-readable representation of
+// the LZ77 compression. Matches are replaced with <Length,Distance> symbols.
+type TextEncoder struct{}
+
+func (t TextEncoder) Reset() {}
+
+func (t TextEncoder) Encode(dst []byte, src []byte, matches []Match, lastBlock bool) []byte {
+	pos := 0
+	for _, m := range matches {
+		if m.Unmatched > 0 {
+			dst = append(dst, src[pos:pos+m.Unmatched]...)
+			pos += m.Unmatched
+		}
+		if m.Length > 0 {
+			dst = append(dst, []byte(fmt.Sprintf("<%d,%d>", m.Length, m.Distance))...)
+			pos += m.Length
+		}
+	}
+	if pos < len(src) {
+		dst = append(dst, src[pos:]...)
+	}
+	return dst
+}
+
+// A NoMatchFinder implements MatchFinder, but doesn't find any matches.
+// It can be used to implement the equivalent of the standard library flate package's
+// HuffmanOnly setting.
+type NoMatchFinder struct{}
+
+func (n NoMatchFinder) Reset() {}
+
+func (n NoMatchFinder) FindMatches(dst []Match, src []byte) []Match {
+	return append(dst, Match{
+		Unmatched: len(src),
+	})
+}
+
+// AutoReset wraps a MatchFinder that can return references to data in previous
+// blocks, and calls Reset before each block. It is useful for (e.g.) using a
+// snappy Encoder with a MatchFinder designed for flate. (Snappy doesn't
+// support references between blocks.)
+type AutoReset struct {
+	MatchFinder
+}
+
+func (a AutoReset) FindMatches(dst []Match, src []byte) []Match {
+	a.Reset()
+	return a.MatchFinder.FindMatches(dst, src)
+}
diff --git a/vendor/github.com/andybalholm/brotli/writer.go b/vendor/github.com/andybalholm/brotli/writer.go
index 39feaef5217..8a688117d13 100644
--- a/vendor/github.com/andybalholm/brotli/writer.go
+++ b/vendor/github.com/andybalholm/brotli/writer.go
@@ -3,6 +3,8 @@ package brotli
 import (
 	"errors"
 	"io"
+
+	"github.com/andybalholm/brotli/matchfinder"
 )
 
 const (
@@ -117,3 +119,44 @@ type nopCloser struct {
 }
 
 func (nopCloser) Close() error { return nil }
+
+// NewWriterV2 is like NewWriterLevel, but it uses the new implementation
+// based on the matchfinder package. It currently supports up to level 7;
+// if a higher level is specified, level 7 will be used.
+func NewWriterV2(dst io.Writer, level int) *matchfinder.Writer {
+	var mf matchfinder.MatchFinder
+	if level < 2 {
+		mf = matchfinder.M0{Lazy: level == 1}
+	} else {
+		hashLen := 6
+		if level >= 6 {
+			hashLen = 5
+		}
+		chainLen := 64
+		switch level {
+		case 2:
+			chainLen = 0
+		case 3:
+			chainLen = 1
+		case 4:
+			chainLen = 2
+		case 5:
+			chainLen = 4
+		case 6:
+			chainLen = 8
+		}
+		mf = &matchfinder.M4{
+			MaxDistance:     1 << 20,
+			ChainLength:     chainLen,
+			HashLen:         hashLen,
+			DistanceBitCost: 57,
+		}
+	}
+
+	return &matchfinder.Writer{
+		Dest:        dst,
+		MatchFinder: mf,
+		Encoder:     &Encoder{},
+		BlockSize:   1 << 16,
+	}
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/config/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/config/CHANGELOG.md
index e8c52e49222..0cd31f00ecc 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/config/CHANGELOG.md
+++ b/vendor/github.com/aws/aws-sdk-go-v2/config/CHANGELOG.md
@@ -1,3 +1,11 @@
+# v1.26.4 (2024-01-16)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.26.3 (2024-01-04)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
 # v1.26.2 (2023-12-20)
 
 * **Dependency Update**: Updated to the latest SDK module versions
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/config/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/config/go_module_metadata.go
index 2d4a44d2403..6de4538a4d5 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/config/go_module_metadata.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/config/go_module_metadata.go
@@ -3,4 +3,4 @@
 package config
 
 // goModuleVersion is the tagged release for this module
-const goModuleVersion = "1.26.2"
+const goModuleVersion = "1.26.4"
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/credentials/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/credentials/CHANGELOG.md
index 9a801cd36af..6671a41c92a 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/credentials/CHANGELOG.md
+++ b/vendor/github.com/aws/aws-sdk-go-v2/credentials/CHANGELOG.md
@@ -1,3 +1,11 @@
+# v1.16.15 (2024-01-16)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.16.14 (2024-01-04)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
 # v1.16.13 (2023-12-20)
 
 * **Dependency Update**: Updated to the latest SDK module versions
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/credentials/endpointcreds/internal/client/auth.go b/vendor/github.com/aws/aws-sdk-go-v2/credentials/endpointcreds/internal/client/auth.go
new file mode 100644
index 00000000000..c3f5dadcec9
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go-v2/credentials/endpointcreds/internal/client/auth.go
@@ -0,0 +1,48 @@
+package client
+
+import (
+	"context"
+	"github.com/aws/smithy-go/middleware"
+)
+
+type getIdentityMiddleware struct {
+	options Options
+}
+
+func (*getIdentityMiddleware) ID() string {
+	return "GetIdentity"
+}
+
+func (m *getIdentityMiddleware) HandleFinalize(ctx context.Context, in middleware.FinalizeInput, next middleware.FinalizeHandler) (
+	out middleware.FinalizeOutput, metadata middleware.Metadata, err error,
+) {
+	return next.HandleFinalize(ctx, in)
+}
+
+type signRequestMiddleware struct {
+}
+
+func (*signRequestMiddleware) ID() string {
+	return "Signing"
+}
+
+func (m *signRequestMiddleware) HandleFinalize(ctx context.Context, in middleware.FinalizeInput, next middleware.FinalizeHandler) (
+	out middleware.FinalizeOutput, metadata middleware.Metadata, err error,
+) {
+	return next.HandleFinalize(ctx, in)
+}
+
+type resolveAuthSchemeMiddleware struct {
+	operation string
+	options   Options
+}
+
+func (*resolveAuthSchemeMiddleware) ID() string {
+	return "ResolveAuthScheme"
+}
+
+func (m *resolveAuthSchemeMiddleware) HandleFinalize(ctx context.Context, in middleware.FinalizeInput, next middleware.FinalizeHandler) (
+	out middleware.FinalizeOutput, metadata middleware.Metadata, err error,
+) {
+	return next.HandleFinalize(ctx, in)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/credentials/endpointcreds/internal/client/client.go b/vendor/github.com/aws/aws-sdk-go-v2/credentials/endpointcreds/internal/client/client.go
index df0e7575c44..9a869f89547 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/credentials/endpointcreds/internal/client/client.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/credentials/endpointcreds/internal/client/client.go
@@ -101,6 +101,7 @@ func (c *Client) GetCredentials(ctx context.Context, params *GetCredentialsInput
 	stack.Serialize.Add(&serializeOpGetCredential{}, smithymiddleware.After)
 	stack.Build.Add(&buildEndpoint{Endpoint: options.Endpoint}, smithymiddleware.After)
 	stack.Deserialize.Add(&deserializeOpGetCredential{}, smithymiddleware.After)
+	addProtocolFinalizerMiddlewares(stack, options, "GetCredentials")
 	retry.AddRetryMiddlewares(stack, retry.AddRetryMiddlewaresOptions{Retryer: options.Retryer})
 	middleware.AddSDKAgentKey(middleware.FeatureMetadata, ServiceID)
 	smithyhttp.AddErrorCloseResponseBodyMiddleware(stack)
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/credentials/endpointcreds/internal/client/endpoints.go b/vendor/github.com/aws/aws-sdk-go-v2/credentials/endpointcreds/internal/client/endpoints.go
new file mode 100644
index 00000000000..748ee67244e
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go-v2/credentials/endpointcreds/internal/client/endpoints.go
@@ -0,0 +1,20 @@
+package client
+
+import (
+	"context"
+	"github.com/aws/smithy-go/middleware"
+)
+
+type resolveEndpointV2Middleware struct {
+	options Options
+}
+
+func (*resolveEndpointV2Middleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *resolveEndpointV2Middleware) HandleFinalize(ctx context.Context, in middleware.FinalizeInput, next middleware.FinalizeHandler) (
+	out middleware.FinalizeOutput, metadata middleware.Metadata, err error,
+) {
+	return next.HandleFinalize(ctx, in)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/credentials/endpointcreds/internal/client/middleware.go b/vendor/github.com/aws/aws-sdk-go-v2/credentials/endpointcreds/internal/client/middleware.go
index ddb28a66d1c..f2820d20eac 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/credentials/endpointcreds/internal/client/middleware.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/credentials/endpointcreds/internal/client/middleware.go
@@ -146,3 +146,19 @@ func stof(code int) smithy.ErrorFault {
 	}
 	return smithy.FaultClient
 }
+
+func addProtocolFinalizerMiddlewares(stack *smithymiddleware.Stack, options Options, operation string) error {
+	if err := stack.Finalize.Add(&resolveAuthSchemeMiddleware{operation: operation, options: options}, smithymiddleware.Before); err != nil {
+		return fmt.Errorf("add ResolveAuthScheme: %w", err)
+	}
+	if err := stack.Finalize.Insert(&getIdentityMiddleware{options: options}, "ResolveAuthScheme", smithymiddleware.After); err != nil {
+		return fmt.Errorf("add GetIdentity: %w", err)
+	}
+	if err := stack.Finalize.Insert(&resolveEndpointV2Middleware{options: options}, "GetIdentity", smithymiddleware.After); err != nil {
+		return fmt.Errorf("add ResolveEndpointV2: %w", err)
+	}
+	if err := stack.Finalize.Insert(&signRequestMiddleware{}, "ResolveEndpointV2", smithymiddleware.After); err != nil {
+		return fmt.Errorf("add Signing: %w", err)
+	}
+	return nil
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/credentials/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/credentials/go_module_metadata.go
index 5caa4ccc0ac..c8bcd2dceb5 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/credentials/go_module_metadata.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/credentials/go_module_metadata.go
@@ -3,4 +3,4 @@
 package credentials
 
 // goModuleVersion is the tagged release for this module
-const goModuleVersion = "1.16.13"
+const goModuleVersion = "1.16.15"
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/CHANGELOG.md
index eef77e9d5bc..40c317a967b 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/CHANGELOG.md
+++ b/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/CHANGELOG.md
@@ -1,3 +1,7 @@
+# v1.14.11 (2024-01-04)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
 # v1.14.10 (2023-12-07)
 
 * **Dependency Update**: Updated to the latest SDK module versions
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/api_op_GetDynamicData.go b/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/api_op_GetDynamicData.go
index 9e3bdb0e66e..af58b6bb102 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/api_op_GetDynamicData.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/api_op_GetDynamicData.go
@@ -56,6 +56,7 @@ type GetDynamicDataOutput struct {
 func addGetDynamicDataMiddleware(stack *middleware.Stack, options Options) error {
 	return addAPIRequestMiddleware(stack,
 		options,
+		"GetDynamicData",
 		buildGetDynamicDataPath,
 		buildGetDynamicDataOutput)
 }
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/api_op_GetIAMInfo.go b/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/api_op_GetIAMInfo.go
index 24845dccd6d..5111cc90cac 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/api_op_GetIAMInfo.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/api_op_GetIAMInfo.go
@@ -53,6 +53,7 @@ type GetIAMInfoOutput struct {
 func addGetIAMInfoMiddleware(stack *middleware.Stack, options Options) error {
 	return addAPIRequestMiddleware(stack,
 		options,
+		"GetIAMInfo",
 		buildGetIAMInfoPath,
 		buildGetIAMInfoOutput,
 	)
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/api_op_GetInstanceIdentityDocument.go b/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/api_op_GetInstanceIdentityDocument.go
index a87758ed302..dc8c09edf03 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/api_op_GetInstanceIdentityDocument.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/api_op_GetInstanceIdentityDocument.go
@@ -54,6 +54,7 @@ type GetInstanceIdentityDocumentOutput struct {
 func addGetInstanceIdentityDocumentMiddleware(stack *middleware.Stack, options Options) error {
 	return addAPIRequestMiddleware(stack,
 		options,
+		"GetInstanceIdentityDocument",
 		buildGetInstanceIdentityDocumentPath,
 		buildGetInstanceIdentityDocumentOutput,
 	)
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/api_op_GetMetadata.go b/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/api_op_GetMetadata.go
index cb0ce4c0004..869bfc9feb9 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/api_op_GetMetadata.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/api_op_GetMetadata.go
@@ -56,6 +56,7 @@ type GetMetadataOutput struct {
 func addGetMetadataMiddleware(stack *middleware.Stack, options Options) error {
 	return addAPIRequestMiddleware(stack,
 		options,
+		"GetMetadata",
 		buildGetMetadataPath,
 		buildGetMetadataOutput)
 }
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/api_op_GetRegion.go b/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/api_op_GetRegion.go
index 7b9b48912af..8c0572bb5c8 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/api_op_GetRegion.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/api_op_GetRegion.go
@@ -45,6 +45,7 @@ type GetRegionOutput struct {
 func addGetRegionMiddleware(stack *middleware.Stack, options Options) error {
 	return addAPIRequestMiddleware(stack,
 		options,
+		"GetRegion",
 		buildGetInstanceIdentityDocumentPath,
 		buildGetRegionOutput,
 	)
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/api_op_GetToken.go b/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/api_op_GetToken.go
index 841f802c1a3..1f9ee97a5b7 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/api_op_GetToken.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/api_op_GetToken.go
@@ -49,6 +49,7 @@ func addGetTokenMiddleware(stack *middleware.Stack, options Options) error {
 	err := addRequestMiddleware(stack,
 		options,
 		"PUT",
+		"GetToken",
 		buildGetTokenPath,
 		buildGetTokenOutput)
 	if err != nil {
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/api_op_GetUserData.go b/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/api_op_GetUserData.go
index 88aa61e9ad9..8903697244a 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/api_op_GetUserData.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/api_op_GetUserData.go
@@ -45,6 +45,7 @@ type GetUserDataOutput struct {
 func addGetUserDataMiddleware(stack *middleware.Stack, options Options) error {
 	return addAPIRequestMiddleware(stack,
 		options,
+		"GetUserData",
 		buildGetUserDataPath,
 		buildGetUserDataOutput)
 }
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/auth.go b/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/auth.go
new file mode 100644
index 00000000000..ad283cf825f
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/auth.go
@@ -0,0 +1,48 @@
+package imds
+
+import (
+	"context"
+	"github.com/aws/smithy-go/middleware"
+)
+
+type getIdentityMiddleware struct {
+	options Options
+}
+
+func (*getIdentityMiddleware) ID() string {
+	return "GetIdentity"
+}
+
+func (m *getIdentityMiddleware) HandleFinalize(ctx context.Context, in middleware.FinalizeInput, next middleware.FinalizeHandler) (
+	out middleware.FinalizeOutput, metadata middleware.Metadata, err error,
+) {
+	return next.HandleFinalize(ctx, in)
+}
+
+type signRequestMiddleware struct {
+}
+
+func (*signRequestMiddleware) ID() string {
+	return "Signing"
+}
+
+func (m *signRequestMiddleware) HandleFinalize(ctx context.Context, in middleware.FinalizeInput, next middleware.FinalizeHandler) (
+	out middleware.FinalizeOutput, metadata middleware.Metadata, err error,
+) {
+	return next.HandleFinalize(ctx, in)
+}
+
+type resolveAuthSchemeMiddleware struct {
+	operation string
+	options   Options
+}
+
+func (*resolveAuthSchemeMiddleware) ID() string {
+	return "ResolveAuthScheme"
+}
+
+func (m *resolveAuthSchemeMiddleware) HandleFinalize(ctx context.Context, in middleware.FinalizeInput, next middleware.FinalizeHandler) (
+	out middleware.FinalizeOutput, metadata middleware.Metadata, err error,
+) {
+	return next.HandleFinalize(ctx, in)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/endpoints.go b/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/endpoints.go
new file mode 100644
index 00000000000..d7540da3481
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/endpoints.go
@@ -0,0 +1,20 @@
+package imds
+
+import (
+	"context"
+	"github.com/aws/smithy-go/middleware"
+)
+
+type resolveEndpointV2Middleware struct {
+	options Options
+}
+
+func (*resolveEndpointV2Middleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *resolveEndpointV2Middleware) HandleFinalize(ctx context.Context, in middleware.FinalizeInput, next middleware.FinalizeHandler) (
+	out middleware.FinalizeOutput, metadata middleware.Metadata, err error,
+) {
+	return next.HandleFinalize(ctx, in)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/go_module_metadata.go
index ce3e3111861..0d747b213f1 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/go_module_metadata.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/go_module_metadata.go
@@ -3,4 +3,4 @@
 package imds
 
 // goModuleVersion is the tagged release for this module
-const goModuleVersion = "1.14.10"
+const goModuleVersion = "1.14.11"
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/request_middleware.go b/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/request_middleware.go
index c8abd64916c..fc948c27d89 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/request_middleware.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/request_middleware.go
@@ -17,10 +17,11 @@ import (
 
 func addAPIRequestMiddleware(stack *middleware.Stack,
 	options Options,
+	operation string,
 	getPath func(interface{}) (string, error),
 	getOutput func(*smithyhttp.Response) (interface{}, error),
 ) (err error) {
-	err = addRequestMiddleware(stack, options, "GET", getPath, getOutput)
+	err = addRequestMiddleware(stack, options, "GET", operation, getPath, getOutput)
 	if err != nil {
 		return err
 	}
@@ -44,6 +45,7 @@ func addAPIRequestMiddleware(stack *middleware.Stack,
 func addRequestMiddleware(stack *middleware.Stack,
 	options Options,
 	method string,
+	operation string,
 	getPath func(interface{}) (string, error),
 	getOutput func(*smithyhttp.Response) (interface{}, error),
 ) (err error) {
@@ -101,6 +103,10 @@ func addRequestMiddleware(stack *middleware.Stack,
 		return err
 	}
 
+	if err := addProtocolFinalizerMiddlewares(stack, options, operation); err != nil {
+		return fmt.Errorf("add protocol finalizers: %w", err)
+	}
+
 	// Retry support
 	return retry.AddRetryMiddlewares(stack, retry.AddRetryMiddlewaresOptions{
 		Retryer:          options.Retryer,
@@ -283,3 +289,19 @@ func appendURIPath(base, add string) string {
 	}
 	return reqPath
 }
+
+func addProtocolFinalizerMiddlewares(stack *middleware.Stack, options Options, operation string) error {
+	if err := stack.Finalize.Add(&resolveAuthSchemeMiddleware{operation: operation, options: options}, middleware.Before); err != nil {
+		return fmt.Errorf("add ResolveAuthScheme: %w", err)
+	}
+	if err := stack.Finalize.Insert(&getIdentityMiddleware{options: options}, "ResolveAuthScheme", middleware.After); err != nil {
+		return fmt.Errorf("add GetIdentity: %w", err)
+	}
+	if err := stack.Finalize.Insert(&resolveEndpointV2Middleware{options: options}, "GetIdentity", middleware.After); err != nil {
+		return fmt.Errorf("add ResolveEndpointV2: %w", err)
+	}
+	if err := stack.Finalize.Insert(&signRequestMiddleware{}, "ResolveEndpointV2", middleware.After); err != nil {
+		return fmt.Errorf("add Signing: %w", err)
+	}
+	return nil
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatch/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatch/CHANGELOG.md
index 1e735683b14..94e8147f4c9 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatch/CHANGELOG.md
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatch/CHANGELOG.md
@@ -1,3 +1,7 @@
+# v1.32.2 (2024-01-04)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
 # v1.32.1 (2023-12-20)
 
 * No change notes available for this release.
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatch/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatch/go_module_metadata.go
index e8759f0c085..0277561b310 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatch/go_module_metadata.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatch/go_module_metadata.go
@@ -3,4 +3,4 @@
 package cloudwatch
 
 // goModuleVersion is the tagged release for this module
-const goModuleVersion = "1.32.1"
+const goModuleVersion = "1.32.2"
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/CHANGELOG.md
index 067c8fe9250..221f0524e8f 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/CHANGELOG.md
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/CHANGELOG.md
@@ -1,3 +1,11 @@
+# v1.26.9 (2024-01-17)
+
+* **Documentation**: Updating note for enabling streams for UpdateTable.
+
+# v1.26.8 (2024-01-04)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
 # v1.26.7 (2023-12-20)
 
 * No change notes available for this release.
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_UpdateTable.go b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_UpdateTable.go
index 5ff1bd9e917..190bd78d1b9 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_UpdateTable.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_UpdateTable.go
@@ -94,9 +94,8 @@ type UpdateTableInput struct {
 	SSESpecification *types.SSESpecification
 
 	// Represents the DynamoDB Streams configuration for the table. You receive a
-	// ResourceInUseException if you try to enable a stream on a table that already has
-	// a stream, or if you try to disable a stream on a table that doesn't have a
-	// stream.
+	// ValidationException if you try to enable a stream on a table that already has a
+	// stream, or if you try to disable a stream on a table that doesn't have a stream.
 	StreamSpecification *types.StreamSpecification
 
 	// The table class of the table to be updated. Valid values are STANDARD and
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/go_module_metadata.go
index ab2f526ee53..77f9f4ec698 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/go_module_metadata.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/go_module_metadata.go
@@ -3,4 +3,4 @@
 package dynamodb
 
 // goModuleVersion is the tagged release for this module
-const goModuleVersion = "1.26.7"
+const goModuleVersion = "1.26.9"
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodbstreams/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodbstreams/CHANGELOG.md
index 6c03cc0a87d..00d737dde6a 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodbstreams/CHANGELOG.md
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodbstreams/CHANGELOG.md
@@ -1,3 +1,7 @@
+# v1.18.7 (2024-01-04)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
 # v1.18.6 (2023-12-20)
 
 * No change notes available for this release.
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodbstreams/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodbstreams/go_module_metadata.go
index 008d0d1f579..b3b44c5c621 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodbstreams/go_module_metadata.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodbstreams/go_module_metadata.go
@@ -3,4 +3,4 @@
 package dynamodbstreams
 
 // goModuleVersion is the tagged release for this module
-const goModuleVersion = "1.18.6"
+const goModuleVersion = "1.18.7"
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery/CHANGELOG.md
index f062e64b47e..ae6146c04aa 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery/CHANGELOG.md
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery/CHANGELOG.md
@@ -1,3 +1,7 @@
+# v1.8.11 (2024-01-04)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
 # v1.8.10 (2023-12-07)
 
 * **Dependency Update**: Updated to the latest SDK module versions
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery/go_module_metadata.go
index e8e5a65480b..678710daf75 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery/go_module_metadata.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery/go_module_metadata.go
@@ -3,4 +3,4 @@
 package endpointdiscovery
 
 // goModuleVersion is the tagged release for this module
-const goModuleVersion = "1.8.10"
+const goModuleVersion = "1.8.11"
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url/CHANGELOG.md
index 1191b30c69b..a65890b58f3 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url/CHANGELOG.md
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url/CHANGELOG.md
@@ -1,3 +1,7 @@
+# v1.10.10 (2024-01-04)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
 # v1.10.9 (2023-12-07)
 
 * **Dependency Update**: Updated to the latest SDK module versions
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url/go_module_metadata.go
index aacb4dd2485..073e8866b75 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url/go_module_metadata.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url/go_module_metadata.go
@@ -3,4 +3,4 @@
 package presignedurl
 
 // goModuleVersion is the tagged release for this module
-const goModuleVersion = "1.10.9"
+const goModuleVersion = "1.10.10"
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/kinesis/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/service/kinesis/CHANGELOG.md
index 86f4f4252e8..0553c35789f 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/kinesis/CHANGELOG.md
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/kinesis/CHANGELOG.md
@@ -1,3 +1,7 @@
+# v1.24.7 (2024-01-04)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
 # v1.24.6 (2023-12-20)
 
 * No change notes available for this release.
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/kinesis/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/service/kinesis/go_module_metadata.go
index 97e9e513850..1c69f2f5505 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/kinesis/go_module_metadata.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/kinesis/go_module_metadata.go
@@ -3,4 +3,4 @@
 package kinesis
 
 // goModuleVersion is the tagged release for this module
-const goModuleVersion = "1.24.6"
+const goModuleVersion = "1.24.7"
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/secretsmanager/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/service/secretsmanager/CHANGELOG.md
index 6318ebc79da..8c65e3385e3 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/secretsmanager/CHANGELOG.md
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/secretsmanager/CHANGELOG.md
@@ -1,3 +1,19 @@
+# v1.26.2 (2024-01-11)
+
+* **Documentation**: Doc only update for Secrets Manager
+
+# v1.26.1 (2024-01-04)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.26.0 (2023-12-22)
+
+* **Feature**: Update endpoint rules and examples.
+
+# v1.25.6 (2023-12-20)
+
+* No change notes available for this release.
+
 # v1.25.5 (2023-12-08)
 
 * **Bug Fix**: Reinstate presence of default Retryer in functional options, but still respect max attempts set therein.
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/secretsmanager/api_op_DescribeSecret.go b/vendor/github.com/aws/aws-sdk-go-v2/service/secretsmanager/api_op_DescribeSecret.go
index a5b2f0ad3b8..2e714de6d75 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/secretsmanager/api_op_DescribeSecret.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/secretsmanager/api_op_DescribeSecret.go
@@ -83,14 +83,16 @@ type DescribeSecretOutput struct {
 	LastChangedDate *time.Time
 
 	// The last date and time that Secrets Manager rotated the secret. If the secret
-	// isn't configured for rotation, Secrets Manager returns null.
+	// isn't configured for rotation or rotation has been disabled, Secrets Manager
+	// returns null.
 	LastRotatedDate *time.Time
 
 	// The name of the secret.
 	Name *string
 
 	// The next rotation is scheduled to occur on or before this date. If the secret
-	// isn't configured for rotation, Secrets Manager returns null.
+	// isn't configured for rotation or rotation has been disabled, Secrets Manager
+	// returns null.
 	NextRotationDate *time.Time
 
 	// The ID of the service that created this secret. For more information, see
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/secretsmanager/api_op_GetRandomPassword.go b/vendor/github.com/aws/aws-sdk-go-v2/service/secretsmanager/api_op_GetRandomPassword.go
index f302fb8b8a6..a9b2deaa346 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/secretsmanager/api_op_GetRandomPassword.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/secretsmanager/api_op_GetRandomPassword.go
@@ -13,10 +13,12 @@ import (
 
 // Generates a random password. We recommend that you specify the maximum length
 // and include every character type that the system you are generating a password
-// for can support. Secrets Manager generates a CloudTrail log entry when you call
-// this action. Do not include sensitive information in request parameters because
-// it might be logged. For more information, see Logging Secrets Manager events
-// with CloudTrail (https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html)
+// for can support. By default, Secrets Manager uses uppercase and lowercase
+// letters, numbers, and the following characters in passwords:
+// !\"#$%&'()*+,-./:;<=>?@[\\]^_`{|}~ Secrets Manager generates a CloudTrail log
+// entry when you call this action. Do not include sensitive information in request
+// parameters because it might be logged. For more information, see Logging
+// Secrets Manager events with CloudTrail (https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html)
 // . Required permissions: secretsmanager:GetRandomPassword . For more information,
 // see IAM policy actions for Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions)
 // and Authentication and access control in Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html)
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/secretsmanager/api_op_GetSecretValue.go b/vendor/github.com/aws/aws-sdk-go-v2/service/secretsmanager/api_op_GetSecretValue.go
index a8778ab3fe9..11ecfcd359b 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/secretsmanager/api_op_GetSecretValue.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/secretsmanager/api_op_GetSecretValue.go
@@ -87,11 +87,12 @@ type GetSecretValueOutput struct {
 	Name *string
 
 	// The decrypted secret value, if the secret value was originally provided as
-	// binary data in the form of a byte array. The response parameter represents the
-	// binary data as a base64-encoded (https://tools.ietf.org/html/rfc4648#section-4)
-	// string. If the secret was created by using the Secrets Manager console, or if
-	// the secret value was originally provided as a string, then this field is
-	// omitted. The secret value appears in SecretString instead.
+	// binary data in the form of a byte array. When you retrieve a SecretBinary using
+	// the HTTP API, the Python SDK, or the Amazon Web Services CLI, the value is
+	// Base64-encoded. Otherwise, it is not encoded. If the secret was created by using
+	// the Secrets Manager console, or if the secret value was originally provided as a
+	// string, then this field is omitted. The secret value appears in SecretString
+	// instead.
 	SecretBinary []byte
 
 	// The decrypted secret value, if the secret value was originally provided as a
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/secretsmanager/api_op_ReplicateSecretToRegions.go b/vendor/github.com/aws/aws-sdk-go-v2/service/secretsmanager/api_op_ReplicateSecretToRegions.go
index 313f28ca5c8..44d3acb0375 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/secretsmanager/api_op_ReplicateSecretToRegions.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/secretsmanager/api_op_ReplicateSecretToRegions.go
@@ -16,8 +16,11 @@ import (
 // . Secrets Manager generates a CloudTrail log entry when you call this action. Do
 // not include sensitive information in request parameters because it might be
 // logged. For more information, see Logging Secrets Manager events with CloudTrail (https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html)
-// . Required permissions: secretsmanager:ReplicateSecretToRegions . For more
-// information, see IAM policy actions for Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions)
+// . Required permissions: secretsmanager:ReplicateSecretToRegions . If the primary
+// secret is encrypted with a KMS key other than aws/secretsmanager , you also need
+// kms:Decrypt permission to the key. To encrypt the replicated secret with a KMS
+// key other than aws/secretsmanager , you need kms:GenerateDataKey and kms:Encrypt
+// to the key. For more information, see IAM policy actions for Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions)
 // and Authentication and access control in Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html)
 // .
 func (c *Client) ReplicateSecretToRegions(ctx context.Context, params *ReplicateSecretToRegionsInput, optFns ...func(*Options)) (*ReplicateSecretToRegionsOutput, error) {
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/secretsmanager/endpoints.go b/vendor/github.com/aws/aws-sdk-go-v2/service/secretsmanager/endpoints.go
index 4ee9dbc9bc7..347bcf0d595 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/secretsmanager/endpoints.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/secretsmanager/endpoints.go
@@ -342,6 +342,44 @@ func (r *resolver) ResolveEndpoint(
 				if _UseDualStack == true {
 					if true == _PartitionResult.SupportsFIPS {
 						if true == _PartitionResult.SupportsDualStack {
+							if "aws" == _PartitionResult.Name {
+								uriString := func() string {
+									var out strings.Builder
+									out.WriteString("https://secretsmanager-fips.")
+									out.WriteString(_Region)
+									out.WriteString(".amazonaws.com")
+									return out.String()
+								}()
+
+								uri, err := url.Parse(uriString)
+								if err != nil {
+									return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+								}
+
+								return smithyendpoints.Endpoint{
+									URI:     *uri,
+									Headers: http.Header{},
+								}, nil
+							}
+							if "aws-us-gov" == _PartitionResult.Name {
+								uriString := func() string {
+									var out strings.Builder
+									out.WriteString("https://secretsmanager-fips.")
+									out.WriteString(_Region)
+									out.WriteString(".amazonaws.com")
+									return out.String()
+								}()
+
+								uri, err := url.Parse(uriString)
+								if err != nil {
+									return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+								}
+
+								return smithyendpoints.Endpoint{
+									URI:     *uri,
+									Headers: http.Header{},
+								}, nil
+							}
 							uriString := func() string {
 								var out strings.Builder
 								out.WriteString("https://secretsmanager-fips.")
@@ -390,6 +428,63 @@ func (r *resolver) ResolveEndpoint(
 			}
 			if _UseDualStack == true {
 				if true == _PartitionResult.SupportsDualStack {
+					if "aws" == _PartitionResult.Name {
+						uriString := func() string {
+							var out strings.Builder
+							out.WriteString("https://secretsmanager.")
+							out.WriteString(_Region)
+							out.WriteString(".amazonaws.com")
+							return out.String()
+						}()
+
+						uri, err := url.Parse(uriString)
+						if err != nil {
+							return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+						}
+
+						return smithyendpoints.Endpoint{
+							URI:     *uri,
+							Headers: http.Header{},
+						}, nil
+					}
+					if "aws-cn" == _PartitionResult.Name {
+						uriString := func() string {
+							var out strings.Builder
+							out.WriteString("https://secretsmanager.")
+							out.WriteString(_Region)
+							out.WriteString(".amazonaws.com.cn")
+							return out.String()
+						}()
+
+						uri, err := url.Parse(uriString)
+						if err != nil {
+							return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+						}
+
+						return smithyendpoints.Endpoint{
+							URI:     *uri,
+							Headers: http.Header{},
+						}, nil
+					}
+					if "aws-us-gov" == _PartitionResult.Name {
+						uriString := func() string {
+							var out strings.Builder
+							out.WriteString("https://secretsmanager.")
+							out.WriteString(_Region)
+							out.WriteString(".amazonaws.com")
+							return out.String()
+						}()
+
+						uri, err := url.Parse(uriString)
+						if err != nil {
+							return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+						}
+
+						return smithyendpoints.Endpoint{
+							URI:     *uri,
+							Headers: http.Header{},
+						}, nil
+					}
 					uriString := func() string {
 						var out strings.Builder
 						out.WriteString("https://secretsmanager.")
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/secretsmanager/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/service/secretsmanager/go_module_metadata.go
index aa118c8e4cc..06f6ae945b3 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/secretsmanager/go_module_metadata.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/secretsmanager/go_module_metadata.go
@@ -3,4 +3,4 @@
 package secretsmanager
 
 // goModuleVersion is the tagged release for this module
-const goModuleVersion = "1.25.5"
+const goModuleVersion = "1.26.2"
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/secretsmanager/internal/endpoints/endpoints.go b/vendor/github.com/aws/aws-sdk-go-v2/service/secretsmanager/internal/endpoints/endpoints.go
index b1baedfadb0..4181a93f8b8 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/secretsmanager/internal/endpoints/endpoints.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/secretsmanager/internal/endpoints/endpoints.go
@@ -236,6 +236,26 @@ var defaultPartitions = endpoints.Partitions{
 			}: endpoints.Endpoint{
 				Deprecated: aws.TrueTernary,
 			},
+			endpoints.EndpointKey{
+				Region: "ca-west-1",
+			}: endpoints.Endpoint{},
+			endpoints.EndpointKey{
+				Region:  "ca-west-1",
+				Variant: endpoints.DualStackVariant,
+			}: {},
+			endpoints.EndpointKey{
+				Region:  "ca-west-1",
+				Variant: endpoints.FIPSVariant | endpoints.DualStackVariant,
+			}: {},
+			endpoints.EndpointKey{
+				Region:  "ca-west-1",
+				Variant: endpoints.FIPSVariant,
+			}: {},
+			endpoints.EndpointKey{
+				Region: "ca-west-1-fips",
+			}: endpoints.Endpoint{
+				Deprecated: aws.TrueTernary,
+			},
 			endpoints.EndpointKey{
 				Region: "eu-central-1",
 			}: endpoints.Endpoint{},
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/secretsmanager/types/types.go b/vendor/github.com/aws/aws-sdk-go-v2/service/secretsmanager/types/types.go
index 7d549c908f9..e04e17e788c 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/secretsmanager/types/types.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/secretsmanager/types/types.go
@@ -178,7 +178,8 @@ type SecretListEntry struct {
 	Name *string
 
 	// The next rotation is scheduled to occur on or before this date. If the secret
-	// isn't configured for rotation, Secrets Manager returns null.
+	// isn't configured for rotation or rotation has been disabled, Secrets Manager
+	// returns null.
 	NextRotationDate *time.Time
 
 	// Returns the name of the service that created the secret.
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sqs/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/service/sqs/CHANGELOG.md
index 4a5bc4969b0..6eedf3d6bf4 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/sqs/CHANGELOG.md
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sqs/CHANGELOG.md
@@ -1,3 +1,7 @@
+# v1.29.7 (2024-01-04)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
 # v1.29.6 (2023-12-20)
 
 * No change notes available for this release.
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sqs/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sqs/go_module_metadata.go
index 3a7ef4498c7..7a9bfb4c469 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/sqs/go_module_metadata.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sqs/go_module_metadata.go
@@ -3,4 +3,4 @@
 package sqs
 
 // goModuleVersion is the tagged release for this module
-const goModuleVersion = "1.29.6"
+const goModuleVersion = "1.29.7"
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/CHANGELOG.md
index 7a4c30c59c1..9d5847a052f 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/CHANGELOG.md
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/CHANGELOG.md
@@ -1,3 +1,7 @@
+# v1.18.6 (2024-01-04)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
 # v1.18.5 (2023-12-08)
 
 * **Bug Fix**: Reinstate presence of default Retryer in functional options, but still respect max attempts set therein.
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/go_module_metadata.go
index 52495f1fb60..d2e5a8ab8d7 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/go_module_metadata.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/go_module_metadata.go
@@ -3,4 +3,4 @@
 package sso
 
 // goModuleVersion is the tagged release for this module
-const goModuleVersion = "1.18.5"
+const goModuleVersion = "1.18.6"
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/CHANGELOG.md
index 80df3bdde8b..f77c4785e72 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/CHANGELOG.md
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/CHANGELOG.md
@@ -1,3 +1,11 @@
+# v1.21.7 (2024-01-16)
+
+* No change notes available for this release.
+
+# v1.21.6 (2024-01-04)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
 # v1.21.5 (2023-12-08)
 
 * **Bug Fix**: Reinstate presence of default Retryer in functional options, but still respect max attempts set therein.
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/go_module_metadata.go
index 98eaaa6d813..474a574ec71 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/go_module_metadata.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/go_module_metadata.go
@@ -3,4 +3,4 @@
 package ssooidc
 
 // goModuleVersion is the tagged release for this module
-const goModuleVersion = "1.21.5"
+const goModuleVersion = "1.21.7"
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/internal/endpoints/endpoints.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/internal/endpoints/endpoints.go
index c48da8b88a6..cbd77fd291c 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/internal/endpoints/endpoints.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/internal/endpoints/endpoints.go
@@ -283,6 +283,14 @@ var defaultPartitions = endpoints.Partitions{
 					Region: "il-central-1",
 				},
 			},
+			endpoints.EndpointKey{
+				Region: "me-central-1",
+			}: endpoints.Endpoint{
+				Hostname: "oidc.me-central-1.amazonaws.com",
+				CredentialScope: endpoints.CredentialScope{
+					Region: "me-central-1",
+				},
+			},
 			endpoints.EndpointKey{
 				Region: "me-south-1",
 			}: endpoints.Endpoint{
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/CHANGELOG.md
index e0961ad8954..f9b6404d199 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/CHANGELOG.md
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/CHANGELOG.md
@@ -1,3 +1,7 @@
+# v1.26.7 (2024-01-04)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
 # v1.26.6 (2023-12-20)
 
 * No change notes available for this release.
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_client.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_client.go
index 59cc4c70a38..369de83b8bc 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_client.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_client.go
@@ -552,6 +552,12 @@ func (c presignConverter) convertToPresignMiddleware(stack *middleware.Stack, op
 	if _, ok := stack.Finalize.Get((*acceptencodingcust.DisableGzip)(nil).ID()); ok {
 		stack.Finalize.Remove((*acceptencodingcust.DisableGzip)(nil).ID())
 	}
+	if _, ok := stack.Finalize.Get((*retry.Attempt)(nil).ID()); ok {
+		stack.Finalize.Remove((*retry.Attempt)(nil).ID())
+	}
+	if _, ok := stack.Finalize.Get((*retry.MetricsHeader)(nil).ID()); ok {
+		stack.Finalize.Remove((*retry.MetricsHeader)(nil).ID())
+	}
 	stack.Deserialize.Clear()
 	stack.Build.Remove((*awsmiddleware.ClientRequestID)(nil).ID())
 	stack.Build.Remove("UserAgent")
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/go_module_metadata.go
index cfdd8bfb964..962c336cf91 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/go_module_metadata.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/go_module_metadata.go
@@ -3,4 +3,4 @@
 package sts
 
 // goModuleVersion is the tagged release for this module
-const goModuleVersion = "1.26.6"
+const goModuleVersion = "1.26.7"
diff --git a/vendor/github.com/bradleyfalzon/ghinstallation/v2/transport.go b/vendor/github.com/bradleyfalzon/ghinstallation/v2/transport.go
index 172a4622a84..0d5e85be900 100644
--- a/vendor/github.com/bradleyfalzon/ghinstallation/v2/transport.go
+++ b/vendor/github.com/bradleyfalzon/ghinstallation/v2/transport.go
@@ -13,7 +13,7 @@ import (
 	"sync"
 	"time"
 
-	"github.com/google/go-github/v56/github"
+	"github.com/google/go-github/v57/github"
 )
 
 const (
diff --git a/vendor/github.com/emicklei/go-restful/v3/README.md b/vendor/github.com/emicklei/go-restful/v3/README.md
index e3e30080ec1..95a05a08944 100644
--- a/vendor/github.com/emicklei/go-restful/v3/README.md
+++ b/vendor/github.com/emicklei/go-restful/v3/README.md
@@ -95,8 +95,7 @@ There are several hooks to customize the behavior of the go-restful package.
 - Trace logging
 - Compression
 - Encoders for other serializers
-- Use [jsoniter](https://github.com/json-iterator/go) by building this package using a build tag, e.g. `go build -tags=jsoniter .` 
-- Use the package variable `TrimRightSlashEnabled` (default true) to control the behavior of matching routes that end with a slash `/` 
+- Use the package variable `TrimRightSlashEnabled` (default true) to control the behavior of matching routes that end with a slash `/`
 
 ## Resources
 
diff --git a/vendor/github.com/emicklei/go-restful/v3/entity_accessors.go b/vendor/github.com/emicklei/go-restful/v3/entity_accessors.go
index 66dfc824f55..9808752acdf 100644
--- a/vendor/github.com/emicklei/go-restful/v3/entity_accessors.go
+++ b/vendor/github.com/emicklei/go-restful/v3/entity_accessors.go
@@ -5,11 +5,18 @@ package restful
 // that can be found in the LICENSE file.
 
 import (
+	"encoding/json"
 	"encoding/xml"
 	"strings"
 	"sync"
 )
 
+var (
+	MarshalIndent = json.MarshalIndent
+	NewDecoder    = json.NewDecoder
+	NewEncoder    = json.NewEncoder
+)
+
 // EntityReaderWriter can read and write values using an encoding such as JSON,XML.
 type EntityReaderWriter interface {
 	// Read a serialized version of the value from the request.
diff --git a/vendor/github.com/emicklei/go-restful/v3/json.go b/vendor/github.com/emicklei/go-restful/v3/json.go
deleted file mode 100644
index 871165166a1..00000000000
--- a/vendor/github.com/emicklei/go-restful/v3/json.go
+++ /dev/null
@@ -1,11 +0,0 @@
-// +build !jsoniter
-
-package restful
-
-import "encoding/json"
-
-var (
-	MarshalIndent = json.MarshalIndent
-	NewDecoder    = json.NewDecoder
-	NewEncoder    = json.NewEncoder
-)
diff --git a/vendor/github.com/emicklei/go-restful/v3/jsoniter.go b/vendor/github.com/emicklei/go-restful/v3/jsoniter.go
deleted file mode 100644
index 11b8f8ae7f1..00000000000
--- a/vendor/github.com/emicklei/go-restful/v3/jsoniter.go
+++ /dev/null
@@ -1,12 +0,0 @@
-// +build jsoniter
-
-package restful
-
-import "github.com/json-iterator/go"
-
-var (
-	json          = jsoniter.ConfigCompatibleWithStandardLibrary
-	MarshalIndent = json.MarshalIndent
-	NewDecoder    = json.NewDecoder
-	NewEncoder    = json.NewEncoder
-)
diff --git a/vendor/github.com/evanphx/json-patch/v5/internal/json/decode.go b/vendor/github.com/evanphx/json-patch/v5/internal/json/decode.go
new file mode 100644
index 00000000000..e9bb0efe77d
--- /dev/null
+++ b/vendor/github.com/evanphx/json-patch/v5/internal/json/decode.go
@@ -0,0 +1,1385 @@
+// Copyright 2010 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Represents JSON data structure using native Go types: booleans, floats,
+// strings, arrays, and maps.
+
+package json
+
+import (
+	"encoding"
+	"encoding/base64"
+	"fmt"
+	"reflect"
+	"strconv"
+	"strings"
+	"sync"
+	"unicode"
+	"unicode/utf16"
+	"unicode/utf8"
+)
+
+// Unmarshal parses the JSON-encoded data and stores the result
+// in the value pointed to by v. If v is nil or not a pointer,
+// Unmarshal returns an InvalidUnmarshalError.
+//
+// Unmarshal uses the inverse of the encodings that
+// Marshal uses, allocating maps, slices, and pointers as necessary,
+// with the following additional rules:
+//
+// To unmarshal JSON into a pointer, Unmarshal first handles the case of
+// the JSON being the JSON literal null. In that case, Unmarshal sets
+// the pointer to nil. Otherwise, Unmarshal unmarshals the JSON into
+// the value pointed at by the pointer. If the pointer is nil, Unmarshal
+// allocates a new value for it to point to.
+//
+// To unmarshal JSON into a value implementing the Unmarshaler interface,
+// Unmarshal calls that value's UnmarshalJSON method, including
+// when the input is a JSON null.
+// Otherwise, if the value implements encoding.TextUnmarshaler
+// and the input is a JSON quoted string, Unmarshal calls that value's
+// UnmarshalText method with the unquoted form of the string.
+//
+// To unmarshal JSON into a struct, Unmarshal matches incoming object
+// keys to the keys used by Marshal (either the struct field name or its tag),
+// preferring an exact match but also accepting a case-insensitive match. By
+// default, object keys which don't have a corresponding struct field are
+// ignored (see Decoder.DisallowUnknownFields for an alternative).
+//
+// To unmarshal JSON into an interface value,
+// Unmarshal stores one of these in the interface value:
+//
+//	bool, for JSON booleans
+//	float64, for JSON numbers
+//	string, for JSON strings
+//	[]interface{}, for JSON arrays
+//	map[string]interface{}, for JSON objects
+//	nil for JSON null
+//
+// To unmarshal a JSON array into a slice, Unmarshal resets the slice length
+// to zero and then appends each element to the slice.
+// As a special case, to unmarshal an empty JSON array into a slice,
+// Unmarshal replaces the slice with a new empty slice.
+//
+// To unmarshal a JSON array into a Go array, Unmarshal decodes
+// JSON array elements into corresponding Go array elements.
+// If the Go array is smaller than the JSON array,
+// the additional JSON array elements are discarded.
+// If the JSON array is smaller than the Go array,
+// the additional Go array elements are set to zero values.
+//
+// To unmarshal a JSON object into a map, Unmarshal first establishes a map to
+// use. If the map is nil, Unmarshal allocates a new map. Otherwise Unmarshal
+// reuses the existing map, keeping existing entries. Unmarshal then stores
+// key-value pairs from the JSON object into the map. The map's key type must
+// either be any string type, an integer, implement json.Unmarshaler, or
+// implement encoding.TextUnmarshaler.
+//
+// If the JSON-encoded data contain a syntax error, Unmarshal returns a SyntaxError.
+//
+// If a JSON value is not appropriate for a given target type,
+// or if a JSON number overflows the target type, Unmarshal
+// skips that field and completes the unmarshaling as best it can.
+// If no more serious errors are encountered, Unmarshal returns
+// an UnmarshalTypeError describing the earliest such error. In any
+// case, it's not guaranteed that all the remaining fields following
+// the problematic one will be unmarshaled into the target object.
+//
+// The JSON null value unmarshals into an interface, map, pointer, or slice
+// by setting that Go value to nil. Because null is often used in JSON to mean
+// “not present,” unmarshaling a JSON null into any other Go type has no effect
+// on the value and produces no error.
+//
+// When unmarshaling quoted strings, invalid UTF-8 or
+// invalid UTF-16 surrogate pairs are not treated as an error.
+// Instead, they are replaced by the Unicode replacement
+// character U+FFFD.
+func Unmarshal(data []byte, v any) error {
+	// Check for well-formedness.
+	// Avoids filling out half a data structure
+	// before discovering a JSON syntax error.
+	d := ds.Get().(*decodeState)
+	defer ds.Put(d)
+	//var d decodeState
+	d.useNumber = true
+	err := checkValid(data, &d.scan)
+	if err != nil {
+		return err
+	}
+
+	d.init(data)
+	return d.unmarshal(v)
+}
+
+var ds = sync.Pool{
+	New: func() any {
+		return new(decodeState)
+	},
+}
+
+func UnmarshalWithKeys(data []byte, v any) ([]string, error) {
+	// Check for well-formedness.
+	// Avoids filling out half a data structure
+	// before discovering a JSON syntax error.
+
+	d := ds.Get().(*decodeState)
+	defer ds.Put(d)
+	//var d decodeState
+	d.useNumber = true
+	err := checkValid(data, &d.scan)
+	if err != nil {
+		return nil, err
+	}
+
+	d.init(data)
+	err = d.unmarshal(v)
+	if err != nil {
+		return nil, err
+	}
+
+	return d.lastKeys, nil
+}
+
+func UnmarshalValid(data []byte, v any) error {
+	// Check for well-formedness.
+	// Avoids filling out half a data structure
+	// before discovering a JSON syntax error.
+	d := ds.Get().(*decodeState)
+	defer ds.Put(d)
+	//var d decodeState
+	d.useNumber = true
+
+	d.init(data)
+	return d.unmarshal(v)
+}
+
+func UnmarshalValidWithKeys(data []byte, v any) ([]string, error) {
+	// Check for well-formedness.
+	// Avoids filling out half a data structure
+	// before discovering a JSON syntax error.
+
+	d := ds.Get().(*decodeState)
+	defer ds.Put(d)
+	//var d decodeState
+	d.useNumber = true
+
+	d.init(data)
+	err := d.unmarshal(v)
+	if err != nil {
+		return nil, err
+	}
+
+	return d.lastKeys, nil
+}
+
+// Unmarshaler is the interface implemented by types
+// that can unmarshal a JSON description of themselves.
+// The input can be assumed to be a valid encoding of
+// a JSON value. UnmarshalJSON must copy the JSON data
+// if it wishes to retain the data after returning.
+//
+// By convention, to approximate the behavior of Unmarshal itself,
+// Unmarshalers implement UnmarshalJSON([]byte("null")) as a no-op.
+type Unmarshaler interface {
+	UnmarshalJSON([]byte) error
+}
+
+// An UnmarshalTypeError describes a JSON value that was
+// not appropriate for a value of a specific Go type.
+type UnmarshalTypeError struct {
+	Value  string       // description of JSON value - "bool", "array", "number -5"
+	Type   reflect.Type // type of Go value it could not be assigned to
+	Offset int64        // error occurred after reading Offset bytes
+	Struct string       // name of the struct type containing the field
+	Field  string       // the full path from root node to the field
+}
+
+func (e *UnmarshalTypeError) Error() string {
+	if e.Struct != "" || e.Field != "" {
+		return "json: cannot unmarshal " + e.Value + " into Go struct field " + e.Struct + "." + e.Field + " of type " + e.Type.String()
+	}
+	return "json: cannot unmarshal " + e.Value + " into Go value of type " + e.Type.String()
+}
+
+// An UnmarshalFieldError describes a JSON object key that
+// led to an unexported (and therefore unwritable) struct field.
+//
+// Deprecated: No longer used; kept for compatibility.
+type UnmarshalFieldError struct {
+	Key   string
+	Type  reflect.Type
+	Field reflect.StructField
+}
+
+func (e *UnmarshalFieldError) Error() string {
+	return "json: cannot unmarshal object key " + strconv.Quote(e.Key) + " into unexported field " + e.Field.Name + " of type " + e.Type.String()
+}
+
+// An InvalidUnmarshalError describes an invalid argument passed to Unmarshal.
+// (The argument to Unmarshal must be a non-nil pointer.)
+type InvalidUnmarshalError struct {
+	Type reflect.Type
+}
+
+func (e *InvalidUnmarshalError) Error() string {
+	if e.Type == nil {
+		return "json: Unmarshal(nil)"
+	}
+
+	if e.Type.Kind() != reflect.Pointer {
+		return "json: Unmarshal(non-pointer " + e.Type.String() + ")"
+	}
+	return "json: Unmarshal(nil " + e.Type.String() + ")"
+}
+
+func (d *decodeState) unmarshal(v any) error {
+	rv := reflect.ValueOf(v)
+	if rv.Kind() != reflect.Pointer || rv.IsNil() {
+		return &InvalidUnmarshalError{reflect.TypeOf(v)}
+	}
+
+	d.scan.reset()
+	d.scanWhile(scanSkipSpace)
+	// We decode rv not rv.Elem because the Unmarshaler interface
+	// test must be applied at the top level of the value.
+	err := d.value(rv)
+	if err != nil {
+		return d.addErrorContext(err)
+	}
+	return d.savedError
+}
+
+// A Number represents a JSON number literal.
+type Number string
+
+// String returns the literal text of the number.
+func (n Number) String() string { return string(n) }
+
+// Float64 returns the number as a float64.
+func (n Number) Float64() (float64, error) {
+	return strconv.ParseFloat(string(n), 64)
+}
+
+// Int64 returns the number as an int64.
+func (n Number) Int64() (int64, error) {
+	return strconv.ParseInt(string(n), 10, 64)
+}
+
+// An errorContext provides context for type errors during decoding.
+type errorContext struct {
+	Struct     reflect.Type
+	FieldStack []string
+}
+
+// decodeState represents the state while decoding a JSON value.
+type decodeState struct {
+	data                  []byte
+	off                   int // next read offset in data
+	opcode                int // last read result
+	scan                  scanner
+	errorContext          *errorContext
+	savedError            error
+	useNumber             bool
+	disallowUnknownFields bool
+	lastKeys              []string
+}
+
+// readIndex returns the position of the last byte read.
+func (d *decodeState) readIndex() int {
+	return d.off - 1
+}
+
+// phasePanicMsg is used as a panic message when we end up with something that
+// shouldn't happen. It can indicate a bug in the JSON decoder, or that
+// something is editing the data slice while the decoder executes.
+const phasePanicMsg = "JSON decoder out of sync - data changing underfoot?"
+
+func (d *decodeState) init(data []byte) *decodeState {
+	d.data = data
+	d.off = 0
+	d.savedError = nil
+	if d.errorContext != nil {
+		d.errorContext.Struct = nil
+		// Reuse the allocated space for the FieldStack slice.
+		d.errorContext.FieldStack = d.errorContext.FieldStack[:0]
+	}
+	return d
+}
+
+// saveError saves the first err it is called with,
+// for reporting at the end of the unmarshal.
+func (d *decodeState) saveError(err error) {
+	if d.savedError == nil {
+		d.savedError = d.addErrorContext(err)
+	}
+}
+
+// addErrorContext returns a new error enhanced with information from d.errorContext
+func (d *decodeState) addErrorContext(err error) error {
+	if d.errorContext != nil && (d.errorContext.Struct != nil || len(d.errorContext.FieldStack) > 0) {
+		switch err := err.(type) {
+		case *UnmarshalTypeError:
+			err.Struct = d.errorContext.Struct.Name()
+			err.Field = strings.Join(d.errorContext.FieldStack, ".")
+		}
+	}
+	return err
+}
+
+// skip scans to the end of what was started.
+func (d *decodeState) skip() {
+	s, data, i := &d.scan, d.data, d.off
+	depth := len(s.parseState)
+	for {
+		op := s.step(s, data[i])
+		i++
+		if len(s.parseState) < depth {
+			d.off = i
+			d.opcode = op
+			return
+		}
+	}
+}
+
+// scanNext processes the byte at d.data[d.off].
+func (d *decodeState) scanNext() {
+	if d.off < len(d.data) {
+		d.opcode = d.scan.step(&d.scan, d.data[d.off])
+		d.off++
+	} else {
+		d.opcode = d.scan.eof()
+		d.off = len(d.data) + 1 // mark processed EOF with len+1
+	}
+}
+
+// scanWhile processes bytes in d.data[d.off:] until it
+// receives a scan code not equal to op.
+func (d *decodeState) scanWhile(op int) {
+	s, data, i := &d.scan, d.data, d.off
+	for i < len(data) {
+		newOp := s.step(s, data[i])
+		i++
+		if newOp != op {
+			d.opcode = newOp
+			d.off = i
+			return
+		}
+	}
+
+	d.off = len(data) + 1 // mark processed EOF with len+1
+	d.opcode = d.scan.eof()
+}
+
+// rescanLiteral is similar to scanWhile(scanContinue), but it specialises the
+// common case where we're decoding a literal. The decoder scans the input
+// twice, once for syntax errors and to check the length of the value, and the
+// second to perform the decoding.
+//
+// Only in the second step do we use decodeState to tokenize literals, so we
+// know there aren't any syntax errors. We can take advantage of that knowledge,
+// and scan a literal's bytes much more quickly.
+func (d *decodeState) rescanLiteral() {
+	data, i := d.data, d.off
+Switch:
+	switch data[i-1] {
+	case '"': // string
+		for ; i < len(data); i++ {
+			switch data[i] {
+			case '\\':
+				i++ // escaped char
+			case '"':
+				i++ // tokenize the closing quote too
+				break Switch
+			}
+		}
+	case '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', '-': // number
+		for ; i < len(data); i++ {
+			switch data[i] {
+			case '0', '1', '2', '3', '4', '5', '6', '7', '8', '9',
+				'.', 'e', 'E', '+', '-':
+			default:
+				break Switch
+			}
+		}
+	case 't': // true
+		i += len("rue")
+	case 'f': // false
+		i += len("alse")
+	case 'n': // null
+		i += len("ull")
+	}
+	if i < len(data) {
+		d.opcode = stateEndValue(&d.scan, data[i])
+	} else {
+		d.opcode = scanEnd
+	}
+	d.off = i + 1
+}
+
+// value consumes a JSON value from d.data[d.off-1:], decoding into v, and
+// reads the following byte ahead. If v is invalid, the value is discarded.
+// The first byte of the value has been read already.
+func (d *decodeState) value(v reflect.Value) error {
+	switch d.opcode {
+	default:
+		panic(phasePanicMsg)
+
+	case scanBeginArray:
+		if v.IsValid() {
+			if err := d.array(v); err != nil {
+				return err
+			}
+		} else {
+			d.skip()
+		}
+		d.scanNext()
+
+	case scanBeginObject:
+		if v.IsValid() {
+			if err := d.object(v); err != nil {
+				return err
+			}
+		} else {
+			d.skip()
+		}
+		d.scanNext()
+
+	case scanBeginLiteral:
+		// All bytes inside literal return scanContinue op code.
+		start := d.readIndex()
+		d.rescanLiteral()
+
+		if v.IsValid() {
+			if err := d.literalStore(d.data[start:d.readIndex()], v, false); err != nil {
+				return err
+			}
+		}
+	}
+	return nil
+}
+
+type unquotedValue struct{}
+
+// valueQuoted is like value but decodes a
+// quoted string literal or literal null into an interface value.
+// If it finds anything other than a quoted string literal or null,
+// valueQuoted returns unquotedValue{}.
+func (d *decodeState) valueQuoted() any {
+	switch d.opcode {
+	default:
+		panic(phasePanicMsg)
+
+	case scanBeginArray, scanBeginObject:
+		d.skip()
+		d.scanNext()
+
+	case scanBeginLiteral:
+		v := d.literalInterface()
+		switch v.(type) {
+		case nil, string:
+			return v
+		}
+	}
+	return unquotedValue{}
+}
+
+// indirect walks down v allocating pointers as needed,
+// until it gets to a non-pointer.
+// If it encounters an Unmarshaler, indirect stops and returns that.
+// If decodingNull is true, indirect stops at the first settable pointer so it
+// can be set to nil.
+func indirect(v reflect.Value, decodingNull bool) (Unmarshaler, encoding.TextUnmarshaler, reflect.Value) {
+	// Issue #24153 indicates that it is generally not a guaranteed property
+	// that you may round-trip a reflect.Value by calling Value.Addr().Elem()
+	// and expect the value to still be settable for values derived from
+	// unexported embedded struct fields.
+	//
+	// The logic below effectively does this when it first addresses the value
+	// (to satisfy possible pointer methods) and continues to dereference
+	// subsequent pointers as necessary.
+	//
+	// After the first round-trip, we set v back to the original value to
+	// preserve the original RW flags contained in reflect.Value.
+	v0 := v
+	haveAddr := false
+
+	// If v is a named type and is addressable,
+	// start with its address, so that if the type has pointer methods,
+	// we find them.
+	if v.Kind() != reflect.Pointer && v.Type().Name() != "" && v.CanAddr() {
+		haveAddr = true
+		v = v.Addr()
+	}
+	for {
+		// Load value from interface, but only if the result will be
+		// usefully addressable.
+		if v.Kind() == reflect.Interface && !v.IsNil() {
+			e := v.Elem()
+			if e.Kind() == reflect.Pointer && !e.IsNil() && (!decodingNull || e.Elem().Kind() == reflect.Pointer) {
+				haveAddr = false
+				v = e
+				continue
+			}
+		}
+
+		if v.Kind() != reflect.Pointer {
+			break
+		}
+
+		if decodingNull && v.CanSet() {
+			break
+		}
+
+		// Prevent infinite loop if v is an interface pointing to its own address:
+		//     var v interface{}
+		//     v = &v
+		if v.Elem().Kind() == reflect.Interface && v.Elem().Elem() == v {
+			v = v.Elem()
+			break
+		}
+		if v.IsNil() {
+			v.Set(reflect.New(v.Type().Elem()))
+		}
+		if v.Type().NumMethod() > 0 && v.CanInterface() {
+			if u, ok := v.Interface().(Unmarshaler); ok {
+				return u, nil, reflect.Value{}
+			}
+			if !decodingNull {
+				if u, ok := v.Interface().(encoding.TextUnmarshaler); ok {
+					return nil, u, reflect.Value{}
+				}
+			}
+		}
+
+		if haveAddr {
+			v = v0 // restore original value after round-trip Value.Addr().Elem()
+			haveAddr = false
+		} else {
+			v = v.Elem()
+		}
+	}
+	return nil, nil, v
+}
+
+// array consumes an array from d.data[d.off-1:], decoding into v.
+// The first byte of the array ('[') has been read already.
+func (d *decodeState) array(v reflect.Value) error {
+	// Check for unmarshaler.
+	u, ut, pv := indirect(v, false)
+	if u != nil {
+		start := d.readIndex()
+		d.skip()
+		return u.UnmarshalJSON(d.data[start:d.off])
+	}
+	if ut != nil {
+		d.saveError(&UnmarshalTypeError{Value: "array", Type: v.Type(), Offset: int64(d.off)})
+		d.skip()
+		return nil
+	}
+	v = pv
+
+	// Check type of target.
+	switch v.Kind() {
+	case reflect.Interface:
+		if v.NumMethod() == 0 {
+			// Decoding into nil interface? Switch to non-reflect code.
+			ai := d.arrayInterface()
+			v.Set(reflect.ValueOf(ai))
+			return nil
+		}
+		// Otherwise it's invalid.
+		fallthrough
+	default:
+		d.saveError(&UnmarshalTypeError{Value: "array", Type: v.Type(), Offset: int64(d.off)})
+		d.skip()
+		return nil
+	case reflect.Array, reflect.Slice:
+		break
+	}
+
+	i := 0
+	for {
+		// Look ahead for ] - can only happen on first iteration.
+		d.scanWhile(scanSkipSpace)
+		if d.opcode == scanEndArray {
+			break
+		}
+
+		// Get element of array, growing if necessary.
+		if v.Kind() == reflect.Slice {
+			// Grow slice if necessary
+			if i >= v.Cap() {
+				newcap := v.Cap() + v.Cap()/2
+				if newcap < 4 {
+					newcap = 4
+				}
+				newv := reflect.MakeSlice(v.Type(), v.Len(), newcap)
+				reflect.Copy(newv, v)
+				v.Set(newv)
+			}
+			if i >= v.Len() {
+				v.SetLen(i + 1)
+			}
+		}
+
+		if i < v.Len() {
+			// Decode into element.
+			if err := d.value(v.Index(i)); err != nil {
+				return err
+			}
+		} else {
+			// Ran out of fixed array: skip.
+			if err := d.value(reflect.Value{}); err != nil {
+				return err
+			}
+		}
+		i++
+
+		// Next token must be , or ].
+		if d.opcode == scanSkipSpace {
+			d.scanWhile(scanSkipSpace)
+		}
+		if d.opcode == scanEndArray {
+			break
+		}
+		if d.opcode != scanArrayValue {
+			panic(phasePanicMsg)
+		}
+	}
+
+	if i < v.Len() {
+		if v.Kind() == reflect.Array {
+			// Array. Zero the rest.
+			z := reflect.Zero(v.Type().Elem())
+			for ; i < v.Len(); i++ {
+				v.Index(i).Set(z)
+			}
+		} else {
+			v.SetLen(i)
+		}
+	}
+	if i == 0 && v.Kind() == reflect.Slice {
+		v.Set(reflect.MakeSlice(v.Type(), 0, 0))
+	}
+	return nil
+}
+
+var nullLiteral = []byte("null")
+var textUnmarshalerType = reflect.TypeOf((*encoding.TextUnmarshaler)(nil)).Elem()
+
+// object consumes an object from d.data[d.off-1:], decoding into v.
+// The first byte ('{') of the object has been read already.
+func (d *decodeState) object(v reflect.Value) error {
+	// Check for unmarshaler.
+	u, ut, pv := indirect(v, false)
+	if u != nil {
+		start := d.readIndex()
+		d.skip()
+		return u.UnmarshalJSON(d.data[start:d.off])
+	}
+	if ut != nil {
+		d.saveError(&UnmarshalTypeError{Value: "object", Type: v.Type(), Offset: int64(d.off)})
+		d.skip()
+		return nil
+	}
+	v = pv
+	t := v.Type()
+
+	// Decoding into nil interface? Switch to non-reflect code.
+	if v.Kind() == reflect.Interface && v.NumMethod() == 0 {
+		oi := d.objectInterface()
+		v.Set(reflect.ValueOf(oi))
+		return nil
+	}
+
+	var fields structFields
+
+	// Check type of target:
+	//   struct or
+	//   map[T1]T2 where T1 is string, an integer type,
+	//             or an encoding.TextUnmarshaler
+	switch v.Kind() {
+	case reflect.Map:
+		// Map key must either have string kind, have an integer kind,
+		// or be an encoding.TextUnmarshaler.
+		switch t.Key().Kind() {
+		case reflect.String,
+			reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64,
+			reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr:
+		default:
+			if !reflect.PointerTo(t.Key()).Implements(textUnmarshalerType) {
+				d.saveError(&UnmarshalTypeError{Value: "object", Type: t, Offset: int64(d.off)})
+				d.skip()
+				return nil
+			}
+		}
+		if v.IsNil() {
+			v.Set(reflect.MakeMap(t))
+		}
+	case reflect.Struct:
+		fields = cachedTypeFields(t)
+		// ok
+	default:
+		d.saveError(&UnmarshalTypeError{Value: "object", Type: t, Offset: int64(d.off)})
+		d.skip()
+		return nil
+	}
+
+	var mapElem reflect.Value
+	var origErrorContext errorContext
+	if d.errorContext != nil {
+		origErrorContext = *d.errorContext
+	}
+
+	var keys []string
+
+	for {
+		// Read opening " of string key or closing }.
+		d.scanWhile(scanSkipSpace)
+		if d.opcode == scanEndObject {
+			// closing } - can only happen on first iteration.
+			break
+		}
+		if d.opcode != scanBeginLiteral {
+			panic(phasePanicMsg)
+		}
+
+		// Read key.
+		start := d.readIndex()
+		d.rescanLiteral()
+		item := d.data[start:d.readIndex()]
+		key, ok := unquoteBytes(item)
+		if !ok {
+			panic(phasePanicMsg)
+		}
+
+		keys = append(keys, string(key))
+
+		// Figure out field corresponding to key.
+		var subv reflect.Value
+		destring := false // whether the value is wrapped in a string to be decoded first
+
+		if v.Kind() == reflect.Map {
+			elemType := t.Elem()
+			if !mapElem.IsValid() {
+				mapElem = reflect.New(elemType).Elem()
+			} else {
+				mapElem.Set(reflect.Zero(elemType))
+			}
+			subv = mapElem
+		} else {
+			var f *field
+			if i, ok := fields.nameIndex[string(key)]; ok {
+				// Found an exact name match.
+				f = &fields.list[i]
+			} else {
+				// Fall back to the expensive case-insensitive
+				// linear search.
+				for i := range fields.list {
+					ff := &fields.list[i]
+					if ff.equalFold(ff.nameBytes, key) {
+						f = ff
+						break
+					}
+				}
+			}
+			if f != nil {
+				subv = v
+				destring = f.quoted
+				for _, i := range f.index {
+					if subv.Kind() == reflect.Pointer {
+						if subv.IsNil() {
+							// If a struct embeds a pointer to an unexported type,
+							// it is not possible to set a newly allocated value
+							// since the field is unexported.
+							//
+							// See https://golang.org/issue/21357
+							if !subv.CanSet() {
+								d.saveError(fmt.Errorf("json: cannot set embedded pointer to unexported struct: %v", subv.Type().Elem()))
+								// Invalidate subv to ensure d.value(subv) skips over
+								// the JSON value without assigning it to subv.
+								subv = reflect.Value{}
+								destring = false
+								break
+							}
+							subv.Set(reflect.New(subv.Type().Elem()))
+						}
+						subv = subv.Elem()
+					}
+					subv = subv.Field(i)
+				}
+				if d.errorContext == nil {
+					d.errorContext = new(errorContext)
+				}
+				d.errorContext.FieldStack = append(d.errorContext.FieldStack, f.name)
+				d.errorContext.Struct = t
+			} else if d.disallowUnknownFields {
+				d.saveError(fmt.Errorf("json: unknown field %q", key))
+			}
+		}
+
+		// Read : before value.
+		if d.opcode == scanSkipSpace {
+			d.scanWhile(scanSkipSpace)
+		}
+		if d.opcode != scanObjectKey {
+			panic(phasePanicMsg)
+		}
+		d.scanWhile(scanSkipSpace)
+
+		if destring {
+			switch qv := d.valueQuoted().(type) {
+			case nil:
+				if err := d.literalStore(nullLiteral, subv, false); err != nil {
+					return err
+				}
+			case string:
+				if err := d.literalStore([]byte(qv), subv, true); err != nil {
+					return err
+				}
+			default:
+				d.saveError(fmt.Errorf("json: invalid use of ,string struct tag, trying to unmarshal unquoted value into %v", subv.Type()))
+			}
+		} else {
+			if err := d.value(subv); err != nil {
+				return err
+			}
+		}
+
+		// Write value back to map;
+		// if using struct, subv points into struct already.
+		if v.Kind() == reflect.Map {
+			kt := t.Key()
+			var kv reflect.Value
+			switch {
+			case reflect.PointerTo(kt).Implements(textUnmarshalerType):
+				kv = reflect.New(kt)
+				if err := d.literalStore(item, kv, true); err != nil {
+					return err
+				}
+				kv = kv.Elem()
+			case kt.Kind() == reflect.String:
+				kv = reflect.ValueOf(key).Convert(kt)
+			default:
+				switch kt.Kind() {
+				case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64:
+					s := string(key)
+					n, err := strconv.ParseInt(s, 10, 64)
+					if err != nil || reflect.Zero(kt).OverflowInt(n) {
+						d.saveError(&UnmarshalTypeError{Value: "number " + s, Type: kt, Offset: int64(start + 1)})
+						break
+					}
+					kv = reflect.ValueOf(n).Convert(kt)
+				case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr:
+					s := string(key)
+					n, err := strconv.ParseUint(s, 10, 64)
+					if err != nil || reflect.Zero(kt).OverflowUint(n) {
+						d.saveError(&UnmarshalTypeError{Value: "number " + s, Type: kt, Offset: int64(start + 1)})
+						break
+					}
+					kv = reflect.ValueOf(n).Convert(kt)
+				default:
+					panic("json: Unexpected key type") // should never occur
+				}
+			}
+			if kv.IsValid() {
+				v.SetMapIndex(kv, subv)
+			}
+		}
+
+		// Next token must be , or }.
+		if d.opcode == scanSkipSpace {
+			d.scanWhile(scanSkipSpace)
+		}
+		if d.errorContext != nil {
+			// Reset errorContext to its original state.
+			// Keep the same underlying array for FieldStack, to reuse the
+			// space and avoid unnecessary allocs.
+			d.errorContext.FieldStack = d.errorContext.FieldStack[:len(origErrorContext.FieldStack)]
+			d.errorContext.Struct = origErrorContext.Struct
+		}
+		if d.opcode == scanEndObject {
+			break
+		}
+		if d.opcode != scanObjectValue {
+			panic(phasePanicMsg)
+		}
+	}
+
+	if v.Kind() == reflect.Map {
+		d.lastKeys = keys
+	}
+	return nil
+}
+
+// convertNumber converts the number literal s to a float64 or a Number
+// depending on the setting of d.useNumber.
+func (d *decodeState) convertNumber(s string) (any, error) {
+	if d.useNumber {
+		return Number(s), nil
+	}
+	f, err := strconv.ParseFloat(s, 64)
+	if err != nil {
+		return nil, &UnmarshalTypeError{Value: "number " + s, Type: reflect.TypeOf(0.0), Offset: int64(d.off)}
+	}
+	return f, nil
+}
+
+var numberType = reflect.TypeOf(Number(""))
+
+// literalStore decodes a literal stored in item into v.
+//
+// fromQuoted indicates whether this literal came from unwrapping a
+// string from the ",string" struct tag option. this is used only to
+// produce more helpful error messages.
+func (d *decodeState) literalStore(item []byte, v reflect.Value, fromQuoted bool) error {
+	// Check for unmarshaler.
+	if len(item) == 0 {
+		//Empty string given
+		d.saveError(fmt.Errorf("json: invalid use of ,string struct tag, trying to unmarshal %q into %v", item, v.Type()))
+		return nil
+	}
+	isNull := item[0] == 'n' // null
+	u, ut, pv := indirect(v, isNull)
+	if u != nil {
+		return u.UnmarshalJSON(item)
+	}
+	if ut != nil {
+		if item[0] != '"' {
+			if fromQuoted {
+				d.saveError(fmt.Errorf("json: invalid use of ,string struct tag, trying to unmarshal %q into %v", item, v.Type()))
+				return nil
+			}
+			val := "number"
+			switch item[0] {
+			case 'n':
+				val = "null"
+			case 't', 'f':
+				val = "bool"
+			}
+			d.saveError(&UnmarshalTypeError{Value: val, Type: v.Type(), Offset: int64(d.readIndex())})
+			return nil
+		}
+		s, ok := unquoteBytes(item)
+		if !ok {
+			if fromQuoted {
+				return fmt.Errorf("json: invalid use of ,string struct tag, trying to unmarshal %q into %v", item, v.Type())
+			}
+			panic(phasePanicMsg)
+		}
+		return ut.UnmarshalText(s)
+	}
+
+	v = pv
+
+	switch c := item[0]; c {
+	case 'n': // null
+		// The main parser checks that only true and false can reach here,
+		// but if this was a quoted string input, it could be anything.
+		if fromQuoted && string(item) != "null" {
+			d.saveError(fmt.Errorf("json: invalid use of ,string struct tag, trying to unmarshal %q into %v", item, v.Type()))
+			break
+		}
+		switch v.Kind() {
+		case reflect.Interface, reflect.Pointer, reflect.Map, reflect.Slice:
+			v.Set(reflect.Zero(v.Type()))
+			// otherwise, ignore null for primitives/string
+		}
+	case 't', 'f': // true, false
+		value := item[0] == 't'
+		// The main parser checks that only true and false can reach here,
+		// but if this was a quoted string input, it could be anything.
+		if fromQuoted && string(item) != "true" && string(item) != "false" {
+			d.saveError(fmt.Errorf("json: invalid use of ,string struct tag, trying to unmarshal %q into %v", item, v.Type()))
+			break
+		}
+		switch v.Kind() {
+		default:
+			if fromQuoted {
+				d.saveError(fmt.Errorf("json: invalid use of ,string struct tag, trying to unmarshal %q into %v", item, v.Type()))
+			} else {
+				d.saveError(&UnmarshalTypeError{Value: "bool", Type: v.Type(), Offset: int64(d.readIndex())})
+			}
+		case reflect.Bool:
+			v.SetBool(value)
+		case reflect.Interface:
+			if v.NumMethod() == 0 {
+				v.Set(reflect.ValueOf(value))
+			} else {
+				d.saveError(&UnmarshalTypeError{Value: "bool", Type: v.Type(), Offset: int64(d.readIndex())})
+			}
+		}
+
+	case '"': // string
+		s, ok := unquoteBytes(item)
+		if !ok {
+			if fromQuoted {
+				return fmt.Errorf("json: invalid use of ,string struct tag, trying to unmarshal %q into %v", item, v.Type())
+			}
+			panic(phasePanicMsg)
+		}
+		switch v.Kind() {
+		default:
+			d.saveError(&UnmarshalTypeError{Value: "string", Type: v.Type(), Offset: int64(d.readIndex())})
+		case reflect.Slice:
+			if v.Type().Elem().Kind() != reflect.Uint8 {
+				d.saveError(&UnmarshalTypeError{Value: "string", Type: v.Type(), Offset: int64(d.readIndex())})
+				break
+			}
+			b := make([]byte, base64.StdEncoding.DecodedLen(len(s)))
+			n, err := base64.StdEncoding.Decode(b, s)
+			if err != nil {
+				d.saveError(err)
+				break
+			}
+			v.SetBytes(b[:n])
+		case reflect.String:
+			if v.Type() == numberType && !isValidNumber(string(s)) {
+				return fmt.Errorf("json: invalid number literal, trying to unmarshal %q into Number", item)
+			}
+			v.SetString(string(s))
+		case reflect.Interface:
+			if v.NumMethod() == 0 {
+				v.Set(reflect.ValueOf(string(s)))
+			} else {
+				d.saveError(&UnmarshalTypeError{Value: "string", Type: v.Type(), Offset: int64(d.readIndex())})
+			}
+		}
+
+	default: // number
+		if c != '-' && (c < '0' || c > '9') {
+			if fromQuoted {
+				return fmt.Errorf("json: invalid use of ,string struct tag, trying to unmarshal %q into %v", item, v.Type())
+			}
+			panic(phasePanicMsg)
+		}
+		s := string(item)
+		switch v.Kind() {
+		default:
+			if v.Kind() == reflect.String && v.Type() == numberType {
+				// s must be a valid number, because it's
+				// already been tokenized.
+				v.SetString(s)
+				break
+			}
+			if fromQuoted {
+				return fmt.Errorf("json: invalid use of ,string struct tag, trying to unmarshal %q into %v", item, v.Type())
+			}
+			d.saveError(&UnmarshalTypeError{Value: "number", Type: v.Type(), Offset: int64(d.readIndex())})
+		case reflect.Interface:
+			n, err := d.convertNumber(s)
+			if err != nil {
+				d.saveError(err)
+				break
+			}
+			if v.NumMethod() != 0 {
+				d.saveError(&UnmarshalTypeError{Value: "number", Type: v.Type(), Offset: int64(d.readIndex())})
+				break
+			}
+			v.Set(reflect.ValueOf(n))
+
+		case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64:
+			n, err := strconv.ParseInt(s, 10, 64)
+			if err != nil || v.OverflowInt(n) {
+				d.saveError(&UnmarshalTypeError{Value: "number " + s, Type: v.Type(), Offset: int64(d.readIndex())})
+				break
+			}
+			v.SetInt(n)
+
+		case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr:
+			n, err := strconv.ParseUint(s, 10, 64)
+			if err != nil || v.OverflowUint(n) {
+				d.saveError(&UnmarshalTypeError{Value: "number " + s, Type: v.Type(), Offset: int64(d.readIndex())})
+				break
+			}
+			v.SetUint(n)
+
+		case reflect.Float32, reflect.Float64:
+			n, err := strconv.ParseFloat(s, v.Type().Bits())
+			if err != nil || v.OverflowFloat(n) {
+				d.saveError(&UnmarshalTypeError{Value: "number " + s, Type: v.Type(), Offset: int64(d.readIndex())})
+				break
+			}
+			v.SetFloat(n)
+		}
+	}
+	return nil
+}
+
+// The xxxInterface routines build up a value to be stored
+// in an empty interface. They are not strictly necessary,
+// but they avoid the weight of reflection in this common case.
+
+// valueInterface is like value but returns interface{}
+func (d *decodeState) valueInterface() (val any) {
+	switch d.opcode {
+	default:
+		panic(phasePanicMsg)
+	case scanBeginArray:
+		val = d.arrayInterface()
+		d.scanNext()
+	case scanBeginObject:
+		val = d.objectInterface()
+		d.scanNext()
+	case scanBeginLiteral:
+		val = d.literalInterface()
+	}
+	return
+}
+
+// arrayInterface is like array but returns []interface{}.
+func (d *decodeState) arrayInterface() []any {
+	var v = make([]any, 0)
+	for {
+		// Look ahead for ] - can only happen on first iteration.
+		d.scanWhile(scanSkipSpace)
+		if d.opcode == scanEndArray {
+			break
+		}
+
+		v = append(v, d.valueInterface())
+
+		// Next token must be , or ].
+		if d.opcode == scanSkipSpace {
+			d.scanWhile(scanSkipSpace)
+		}
+		if d.opcode == scanEndArray {
+			break
+		}
+		if d.opcode != scanArrayValue {
+			panic(phasePanicMsg)
+		}
+	}
+	return v
+}
+
+// objectInterface is like object but returns map[string]interface{}.
+func (d *decodeState) objectInterface() map[string]any {
+	m := make(map[string]any)
+	for {
+		// Read opening " of string key or closing }.
+		d.scanWhile(scanSkipSpace)
+		if d.opcode == scanEndObject {
+			// closing } - can only happen on first iteration.
+			break
+		}
+		if d.opcode != scanBeginLiteral {
+			panic(phasePanicMsg)
+		}
+
+		// Read string key.
+		start := d.readIndex()
+		d.rescanLiteral()
+		item := d.data[start:d.readIndex()]
+		key, ok := unquote(item)
+		if !ok {
+			panic(phasePanicMsg)
+		}
+
+		// Read : before value.
+		if d.opcode == scanSkipSpace {
+			d.scanWhile(scanSkipSpace)
+		}
+		if d.opcode != scanObjectKey {
+			panic(phasePanicMsg)
+		}
+		d.scanWhile(scanSkipSpace)
+
+		// Read value.
+		m[key] = d.valueInterface()
+
+		// Next token must be , or }.
+		if d.opcode == scanSkipSpace {
+			d.scanWhile(scanSkipSpace)
+		}
+		if d.opcode == scanEndObject {
+			break
+		}
+		if d.opcode != scanObjectValue {
+			panic(phasePanicMsg)
+		}
+	}
+	return m
+}
+
+// literalInterface consumes and returns a literal from d.data[d.off-1:] and
+// it reads the following byte ahead. The first byte of the literal has been
+// read already (that's how the caller knows it's a literal).
+func (d *decodeState) literalInterface() any {
+	// All bytes inside literal return scanContinue op code.
+	start := d.readIndex()
+	d.rescanLiteral()
+
+	item := d.data[start:d.readIndex()]
+
+	switch c := item[0]; c {
+	case 'n': // null
+		return nil
+
+	case 't', 'f': // true, false
+		return c == 't'
+
+	case '"': // string
+		s, ok := unquote(item)
+		if !ok {
+			panic(phasePanicMsg)
+		}
+		return s
+
+	default: // number
+		if c != '-' && (c < '0' || c > '9') {
+			panic(phasePanicMsg)
+		}
+		n, err := d.convertNumber(string(item))
+		if err != nil {
+			d.saveError(err)
+		}
+		return n
+	}
+}
+
+// getu4 decodes \uXXXX from the beginning of s, returning the hex value,
+// or it returns -1.
+func getu4(s []byte) rune {
+	if len(s) < 6 || s[0] != '\\' || s[1] != 'u' {
+		return -1
+	}
+	var r rune
+	for _, c := range s[2:6] {
+		switch {
+		case '0' <= c && c <= '9':
+			c = c - '0'
+		case 'a' <= c && c <= 'f':
+			c = c - 'a' + 10
+		case 'A' <= c && c <= 'F':
+			c = c - 'A' + 10
+		default:
+			return -1
+		}
+		r = r*16 + rune(c)
+	}
+	return r
+}
+
+// unquote converts a quoted JSON string literal s into an actual string t.
+// The rules are different than for Go, so cannot use strconv.Unquote.
+func unquote(s []byte) (t string, ok bool) {
+	s, ok = unquoteBytes(s)
+	t = string(s)
+	return
+}
+
+func unquoteBytes(s []byte) (t []byte, ok bool) {
+	if len(s) < 2 || s[0] != '"' || s[len(s)-1] != '"' {
+		return
+	}
+	s = s[1 : len(s)-1]
+
+	// Check for unusual characters. If there are none,
+	// then no unquoting is needed, so return a slice of the
+	// original bytes.
+	r := 0
+	for r < len(s) {
+		c := s[r]
+		if c == '\\' || c == '"' || c < ' ' {
+			break
+		}
+		if c < utf8.RuneSelf {
+			r++
+			continue
+		}
+		rr, size := utf8.DecodeRune(s[r:])
+		if rr == utf8.RuneError && size == 1 {
+			break
+		}
+		r += size
+	}
+	if r == len(s) {
+		return s, true
+	}
+
+	b := make([]byte, len(s)+2*utf8.UTFMax)
+	w := copy(b, s[0:r])
+	for r < len(s) {
+		// Out of room? Can only happen if s is full of
+		// malformed UTF-8 and we're replacing each
+		// byte with RuneError.
+		if w >= len(b)-2*utf8.UTFMax {
+			nb := make([]byte, (len(b)+utf8.UTFMax)*2)
+			copy(nb, b[0:w])
+			b = nb
+		}
+		switch c := s[r]; {
+		case c == '\\':
+			r++
+			if r >= len(s) {
+				return
+			}
+			switch s[r] {
+			default:
+				return
+			case '"', '\\', '/', '\'':
+				b[w] = s[r]
+				r++
+				w++
+			case 'b':
+				b[w] = '\b'
+				r++
+				w++
+			case 'f':
+				b[w] = '\f'
+				r++
+				w++
+			case 'n':
+				b[w] = '\n'
+				r++
+				w++
+			case 'r':
+				b[w] = '\r'
+				r++
+				w++
+			case 't':
+				b[w] = '\t'
+				r++
+				w++
+			case 'u':
+				r--
+				rr := getu4(s[r:])
+				if rr < 0 {
+					return
+				}
+				r += 6
+				if utf16.IsSurrogate(rr) {
+					rr1 := getu4(s[r:])
+					if dec := utf16.DecodeRune(rr, rr1); dec != unicode.ReplacementChar {
+						// A valid pair; consume.
+						r += 6
+						w += utf8.EncodeRune(b[w:], dec)
+						break
+					}
+					// Invalid surrogate; fall back to replacement rune.
+					rr = unicode.ReplacementChar
+				}
+				w += utf8.EncodeRune(b[w:], rr)
+			}
+
+		// Quote, control characters are invalid.
+		case c == '"', c < ' ':
+			return
+
+		// ASCII
+		case c < utf8.RuneSelf:
+			b[w] = c
+			r++
+			w++
+
+		// Coerce to well-formed UTF-8.
+		default:
+			rr, size := utf8.DecodeRune(s[r:])
+			r += size
+			w += utf8.EncodeRune(b[w:], rr)
+		}
+	}
+	return b[0:w], true
+}
diff --git a/vendor/github.com/evanphx/json-patch/v5/internal/json/encode.go b/vendor/github.com/evanphx/json-patch/v5/internal/json/encode.go
new file mode 100644
index 00000000000..a1819b16ace
--- /dev/null
+++ b/vendor/github.com/evanphx/json-patch/v5/internal/json/encode.go
@@ -0,0 +1,1473 @@
+// Copyright 2010 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package json implements encoding and decoding of JSON as defined in
+// RFC 7159. The mapping between JSON and Go values is described
+// in the documentation for the Marshal and Unmarshal functions.
+//
+// See "JSON and Go" for an introduction to this package:
+// https://golang.org/doc/articles/json_and_go.html
+package json
+
+import (
+	"bytes"
+	"encoding"
+	"encoding/base64"
+	"fmt"
+	"math"
+	"reflect"
+	"sort"
+	"strconv"
+	"strings"
+	"sync"
+	"unicode"
+	"unicode/utf8"
+)
+
+// Marshal returns the JSON encoding of v.
+//
+// Marshal traverses the value v recursively.
+// If an encountered value implements the Marshaler interface
+// and is not a nil pointer, Marshal calls its MarshalJSON method
+// to produce JSON. If no MarshalJSON method is present but the
+// value implements encoding.TextMarshaler instead, Marshal calls
+// its MarshalText method and encodes the result as a JSON string.
+// The nil pointer exception is not strictly necessary
+// but mimics a similar, necessary exception in the behavior of
+// UnmarshalJSON.
+//
+// Otherwise, Marshal uses the following type-dependent default encodings:
+//
+// Boolean values encode as JSON booleans.
+//
+// Floating point, integer, and Number values encode as JSON numbers.
+//
+// String values encode as JSON strings coerced to valid UTF-8,
+// replacing invalid bytes with the Unicode replacement rune.
+// So that the JSON will be safe to embed inside HTML <script> tags,
+// the string is encoded using HTMLEscape,
+// which replaces "<", ">", "&", U+2028, and U+2029 are escaped
+// to "\u003c","\u003e", "\u0026", "\u2028", and "\u2029".
+// This replacement can be disabled when using an Encoder,
+// by calling SetEscapeHTML(false).
+//
+// Array and slice values encode as JSON arrays, except that
+// []byte encodes as a base64-encoded string, and a nil slice
+// encodes as the null JSON value.
+//
+// Struct values encode as JSON objects.
+// Each exported struct field becomes a member of the object, using the
+// field name as the object key, unless the field is omitted for one of the
+// reasons given below.
+//
+// The encoding of each struct field can be customized by the format string
+// stored under the "json" key in the struct field's tag.
+// The format string gives the name of the field, possibly followed by a
+// comma-separated list of options. The name may be empty in order to
+// specify options without overriding the default field name.
+//
+// The "omitempty" option specifies that the field should be omitted
+// from the encoding if the field has an empty value, defined as
+// false, 0, a nil pointer, a nil interface value, and any empty array,
+// slice, map, or string.
+//
+// As a special case, if the field tag is "-", the field is always omitted.
+// Note that a field with name "-" can still be generated using the tag "-,".
+//
+// Examples of struct field tags and their meanings:
+//
+//	// Field appears in JSON as key "myName".
+//	Field int `json:"myName"`
+//
+//	// Field appears in JSON as key "myName" and
+//	// the field is omitted from the object if its value is empty,
+//	// as defined above.
+//	Field int `json:"myName,omitempty"`
+//
+//	// Field appears in JSON as key "Field" (the default), but
+//	// the field is skipped if empty.
+//	// Note the leading comma.
+//	Field int `json:",omitempty"`
+//
+//	// Field is ignored by this package.
+//	Field int `json:"-"`
+//
+//	// Field appears in JSON as key "-".
+//	Field int `json:"-,"`
+//
+// The "string" option signals that a field is stored as JSON inside a
+// JSON-encoded string. It applies only to fields of string, floating point,
+// integer, or boolean types. This extra level of encoding is sometimes used
+// when communicating with JavaScript programs:
+//
+//	Int64String int64 `json:",string"`
+//
+// The key name will be used if it's a non-empty string consisting of
+// only Unicode letters, digits, and ASCII punctuation except quotation
+// marks, backslash, and comma.
+//
+// Anonymous struct fields are usually marshaled as if their inner exported fields
+// were fields in the outer struct, subject to the usual Go visibility rules amended
+// as described in the next paragraph.
+// An anonymous struct field with a name given in its JSON tag is treated as
+// having that name, rather than being anonymous.
+// An anonymous struct field of interface type is treated the same as having
+// that type as its name, rather than being anonymous.
+//
+// The Go visibility rules for struct fields are amended for JSON when
+// deciding which field to marshal or unmarshal. If there are
+// multiple fields at the same level, and that level is the least
+// nested (and would therefore be the nesting level selected by the
+// usual Go rules), the following extra rules apply:
+//
+// 1) Of those fields, if any are JSON-tagged, only tagged fields are considered,
+// even if there are multiple untagged fields that would otherwise conflict.
+//
+// 2) If there is exactly one field (tagged or not according to the first rule), that is selected.
+//
+// 3) Otherwise there are multiple fields, and all are ignored; no error occurs.
+//
+// Handling of anonymous struct fields is new in Go 1.1.
+// Prior to Go 1.1, anonymous struct fields were ignored. To force ignoring of
+// an anonymous struct field in both current and earlier versions, give the field
+// a JSON tag of "-".
+//
+// Map values encode as JSON objects. The map's key type must either be a
+// string, an integer type, or implement encoding.TextMarshaler. The map keys
+// are sorted and used as JSON object keys by applying the following rules,
+// subject to the UTF-8 coercion described for string values above:
+//   - keys of any string type are used directly
+//   - encoding.TextMarshalers are marshaled
+//   - integer keys are converted to strings
+//
+// Pointer values encode as the value pointed to.
+// A nil pointer encodes as the null JSON value.
+//
+// Interface values encode as the value contained in the interface.
+// A nil interface value encodes as the null JSON value.
+//
+// Channel, complex, and function values cannot be encoded in JSON.
+// Attempting to encode such a value causes Marshal to return
+// an UnsupportedTypeError.
+//
+// JSON cannot represent cyclic data structures and Marshal does not
+// handle them. Passing cyclic structures to Marshal will result in
+// an error.
+func Marshal(v any) ([]byte, error) {
+	e := newEncodeState()
+	defer encodeStatePool.Put(e)
+
+	err := e.marshal(v, encOpts{escapeHTML: true})
+	if err != nil {
+		return nil, err
+	}
+	buf := append([]byte(nil), e.Bytes()...)
+
+	return buf, nil
+}
+
+// MarshalIndent is like Marshal but applies Indent to format the output.
+// Each JSON element in the output will begin on a new line beginning with prefix
+// followed by one or more copies of indent according to the indentation nesting.
+func MarshalIndent(v any, prefix, indent string) ([]byte, error) {
+	b, err := Marshal(v)
+	if err != nil {
+		return nil, err
+	}
+	var buf bytes.Buffer
+	err = Indent(&buf, b, prefix, indent)
+	if err != nil {
+		return nil, err
+	}
+	return buf.Bytes(), nil
+}
+
+// HTMLEscape appends to dst the JSON-encoded src with <, >, &, U+2028 and U+2029
+// characters inside string literals changed to \u003c, \u003e, \u0026, \u2028, \u2029
+// so that the JSON will be safe to embed inside HTML <script> tags.
+// For historical reasons, web browsers don't honor standard HTML
+// escaping within <script> tags, so an alternative JSON encoding must
+// be used.
+func HTMLEscape(dst *bytes.Buffer, src []byte) {
+	// The characters can only appear in string literals,
+	// so just scan the string one byte at a time.
+	start := 0
+	for i, c := range src {
+		if c == '<' || c == '>' || c == '&' {
+			if start < i {
+				dst.Write(src[start:i])
+			}
+			dst.WriteString(`\u00`)
+			dst.WriteByte(hex[c>>4])
+			dst.WriteByte(hex[c&0xF])
+			start = i + 1
+		}
+		// Convert U+2028 and U+2029 (E2 80 A8 and E2 80 A9).
+		if c == 0xE2 && i+2 < len(src) && src[i+1] == 0x80 && src[i+2]&^1 == 0xA8 {
+			if start < i {
+				dst.Write(src[start:i])
+			}
+			dst.WriteString(`\u202`)
+			dst.WriteByte(hex[src[i+2]&0xF])
+			start = i + 3
+		}
+	}
+	if start < len(src) {
+		dst.Write(src[start:])
+	}
+}
+
+// Marshaler is the interface implemented by types that
+// can marshal themselves into valid JSON.
+type Marshaler interface {
+	MarshalJSON() ([]byte, error)
+}
+
+type RedirectMarshaler interface {
+	RedirectMarshalJSON() (any, error)
+}
+
+type TrustMarshaler interface {
+	TrustMarshalJSON(b *bytes.Buffer) error
+}
+
+// An UnsupportedTypeError is returned by Marshal when attempting
+// to encode an unsupported value type.
+type UnsupportedTypeError struct {
+	Type reflect.Type
+}
+
+func (e *UnsupportedTypeError) Error() string {
+	return "json: unsupported type: " + e.Type.String()
+}
+
+// An UnsupportedValueError is returned by Marshal when attempting
+// to encode an unsupported value.
+type UnsupportedValueError struct {
+	Value reflect.Value
+	Str   string
+}
+
+func (e *UnsupportedValueError) Error() string {
+	return "json: unsupported value: " + e.Str
+}
+
+// Before Go 1.2, an InvalidUTF8Error was returned by Marshal when
+// attempting to encode a string value with invalid UTF-8 sequences.
+// As of Go 1.2, Marshal instead coerces the string to valid UTF-8 by
+// replacing invalid bytes with the Unicode replacement rune U+FFFD.
+//
+// Deprecated: No longer used; kept for compatibility.
+type InvalidUTF8Error struct {
+	S string // the whole string value that caused the error
+}
+
+func (e *InvalidUTF8Error) Error() string {
+	return "json: invalid UTF-8 in string: " + strconv.Quote(e.S)
+}
+
+// A MarshalerError represents an error from calling a MarshalJSON or MarshalText method.
+type MarshalerError struct {
+	Type       reflect.Type
+	Err        error
+	sourceFunc string
+}
+
+func (e *MarshalerError) Error() string {
+	srcFunc := e.sourceFunc
+	if srcFunc == "" {
+		srcFunc = "MarshalJSON"
+	}
+	return "json: error calling " + srcFunc +
+		" for type " + e.Type.String() +
+		": " + e.Err.Error()
+}
+
+// Unwrap returns the underlying error.
+func (e *MarshalerError) Unwrap() error { return e.Err }
+
+var hex = "0123456789abcdef"
+
+// An encodeState encodes JSON into a bytes.Buffer.
+type encodeState struct {
+	bytes.Buffer // accumulated output
+	scratch      [64]byte
+
+	// Keep track of what pointers we've seen in the current recursive call
+	// path, to avoid cycles that could lead to a stack overflow. Only do
+	// the relatively expensive map operations if ptrLevel is larger than
+	// startDetectingCyclesAfter, so that we skip the work if we're within a
+	// reasonable amount of nested pointers deep.
+	ptrLevel uint
+	ptrSeen  map[any]struct{}
+}
+
+const startDetectingCyclesAfter = 1000
+
+var encodeStatePool sync.Pool
+
+func newEncodeState() *encodeState {
+	if v := encodeStatePool.Get(); v != nil {
+		e := v.(*encodeState)
+		e.Reset()
+		if len(e.ptrSeen) > 0 {
+			panic("ptrEncoder.encode should have emptied ptrSeen via defers")
+		}
+		e.ptrLevel = 0
+		return e
+	}
+	return &encodeState{ptrSeen: make(map[any]struct{})}
+}
+
+// jsonError is an error wrapper type for internal use only.
+// Panics with errors are wrapped in jsonError so that the top-level recover
+// can distinguish intentional panics from this package.
+type jsonError struct{ error }
+
+func (e *encodeState) marshal(v any, opts encOpts) (err error) {
+	defer func() {
+		if r := recover(); r != nil {
+			if je, ok := r.(jsonError); ok {
+				err = je.error
+			} else {
+				panic(r)
+			}
+		}
+	}()
+	e.reflectValue(reflect.ValueOf(v), opts)
+	return nil
+}
+
+// error aborts the encoding by panicking with err wrapped in jsonError.
+func (e *encodeState) error(err error) {
+	panic(jsonError{err})
+}
+
+func isEmptyValue(v reflect.Value) bool {
+	switch v.Kind() {
+	case reflect.Array, reflect.Map, reflect.Slice, reflect.String:
+		return v.Len() == 0
+	case reflect.Bool:
+		return !v.Bool()
+	case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64:
+		return v.Int() == 0
+	case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr:
+		return v.Uint() == 0
+	case reflect.Float32, reflect.Float64:
+		return v.Float() == 0
+	case reflect.Interface, reflect.Pointer:
+		return v.IsNil()
+	}
+	return false
+}
+
+func (e *encodeState) reflectValue(v reflect.Value, opts encOpts) {
+	valueEncoder(v)(e, v, opts)
+}
+
+type encOpts struct {
+	// quoted causes primitive fields to be encoded inside JSON strings.
+	quoted bool
+	// escapeHTML causes '<', '>', and '&' to be escaped in JSON strings.
+	escapeHTML bool
+}
+
+type encoderFunc func(e *encodeState, v reflect.Value, opts encOpts)
+
+var encoderCache sync.Map // map[reflect.Type]encoderFunc
+
+func valueEncoder(v reflect.Value) encoderFunc {
+	if !v.IsValid() {
+		return invalidValueEncoder
+	}
+	return typeEncoder(v.Type())
+}
+
+func typeEncoder(t reflect.Type) encoderFunc {
+	if fi, ok := encoderCache.Load(t); ok {
+		return fi.(encoderFunc)
+	}
+
+	// To deal with recursive types, populate the map with an
+	// indirect func before we build it. This type waits on the
+	// real func (f) to be ready and then calls it. This indirect
+	// func is only used for recursive types.
+	var (
+		wg sync.WaitGroup
+		f  encoderFunc
+	)
+	wg.Add(1)
+	fi, loaded := encoderCache.LoadOrStore(t, encoderFunc(func(e *encodeState, v reflect.Value, opts encOpts) {
+		wg.Wait()
+		f(e, v, opts)
+	}))
+	if loaded {
+		return fi.(encoderFunc)
+	}
+
+	// Compute the real encoder and replace the indirect func with it.
+	f = newTypeEncoder(t, true)
+	wg.Done()
+	encoderCache.Store(t, f)
+	return f
+}
+
+var (
+	marshalerType      = reflect.TypeOf((*Marshaler)(nil)).Elem()
+	redirMarshalerType = reflect.TypeOf((*RedirectMarshaler)(nil)).Elem()
+	trustMarshalerType = reflect.TypeOf((*TrustMarshaler)(nil)).Elem()
+	textMarshalerType  = reflect.TypeOf((*encoding.TextMarshaler)(nil)).Elem()
+)
+
+// newTypeEncoder constructs an encoderFunc for a type.
+// The returned encoder only checks CanAddr when allowAddr is true.
+func newTypeEncoder(t reflect.Type, allowAddr bool) encoderFunc {
+	if t.Implements(redirMarshalerType) {
+		return redirMarshalerEncoder
+	}
+	if t.Implements(trustMarshalerType) {
+		return marshalerTrustEncoder
+	}
+	// If we have a non-pointer value whose type implements
+	// Marshaler with a value receiver, then we're better off taking
+	// the address of the value - otherwise we end up with an
+	// allocation as we cast the value to an interface.
+	if t.Kind() != reflect.Pointer && allowAddr && reflect.PointerTo(t).Implements(marshalerType) {
+		return newCondAddrEncoder(addrMarshalerEncoder, newTypeEncoder(t, false))
+	}
+	if t.Implements(marshalerType) {
+		return marshalerEncoder
+	}
+	if t.Kind() != reflect.Pointer && allowAddr && reflect.PointerTo(t).Implements(textMarshalerType) {
+		return newCondAddrEncoder(addrTextMarshalerEncoder, newTypeEncoder(t, false))
+	}
+	if t.Implements(textMarshalerType) {
+		return textMarshalerEncoder
+	}
+
+	switch t.Kind() {
+	case reflect.Bool:
+		return boolEncoder
+	case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64:
+		return intEncoder
+	case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr:
+		return uintEncoder
+	case reflect.Float32:
+		return float32Encoder
+	case reflect.Float64:
+		return float64Encoder
+	case reflect.String:
+		return stringEncoder
+	case reflect.Interface:
+		return interfaceEncoder
+	case reflect.Struct:
+		return newStructEncoder(t)
+	case reflect.Map:
+		return newMapEncoder(t)
+	case reflect.Slice:
+		return newSliceEncoder(t)
+	case reflect.Array:
+		return newArrayEncoder(t)
+	case reflect.Pointer:
+		return newPtrEncoder(t)
+	default:
+		return unsupportedTypeEncoder
+	}
+}
+
+func invalidValueEncoder(e *encodeState, v reflect.Value, _ encOpts) {
+	e.WriteString("null")
+}
+
+func redirMarshalerEncoder(e *encodeState, v reflect.Value, opts encOpts) {
+	if v.Kind() == reflect.Pointer && v.IsNil() {
+		e.WriteString("null")
+		return
+	}
+	m, ok := v.Interface().(RedirectMarshaler)
+	if !ok {
+		e.WriteString("null")
+		return
+	}
+
+	iv, err := m.RedirectMarshalJSON()
+	if err != nil {
+		e.error(&MarshalerError{v.Type(), err, "RedirectMarshalJSON"})
+		return
+	}
+
+	e.marshal(iv, opts)
+}
+
+func marshalerTrustEncoder(e *encodeState, v reflect.Value, opts encOpts) {
+	if v.Kind() == reflect.Pointer && v.IsNil() {
+		e.WriteString("null")
+		return
+	}
+	m, ok := v.Interface().(TrustMarshaler)
+	if !ok {
+		e.WriteString("null")
+		return
+	}
+	err := m.TrustMarshalJSON(&e.Buffer)
+	if err == nil {
+		//_, err = e.Buffer.Write(b)
+		// copy JSON into buffer, checking validity.
+		//err = compact(&e.Buffer, b, opts.escapeHTML)
+	}
+	if err != nil {
+		e.error(&MarshalerError{v.Type(), err, "MarshalJSON"})
+	}
+}
+func marshalerEncoder(e *encodeState, v reflect.Value, opts encOpts) {
+	if v.Kind() == reflect.Pointer && v.IsNil() {
+		e.WriteString("null")
+		return
+	}
+	m, ok := v.Interface().(Marshaler)
+	if !ok {
+		e.WriteString("null")
+		return
+	}
+	b, err := m.MarshalJSON()
+	if err == nil {
+		// copy JSON into buffer, checking validity.
+		err = compact(&e.Buffer, b, opts.escapeHTML)
+	}
+	if err != nil {
+		e.error(&MarshalerError{v.Type(), err, "MarshalJSON"})
+	}
+}
+
+func addrMarshalerEncoder(e *encodeState, v reflect.Value, opts encOpts) {
+	va := v.Addr()
+	if va.IsNil() {
+		e.WriteString("null")
+		return
+	}
+	m := va.Interface().(Marshaler)
+	b, err := m.MarshalJSON()
+	if err == nil {
+		// copy JSON into buffer, checking validity.
+		err = compact(&e.Buffer, b, opts.escapeHTML)
+	}
+	if err != nil {
+		e.error(&MarshalerError{v.Type(), err, "MarshalJSON"})
+	}
+}
+
+func textMarshalerEncoder(e *encodeState, v reflect.Value, opts encOpts) {
+	if v.Kind() == reflect.Pointer && v.IsNil() {
+		e.WriteString("null")
+		return
+	}
+	m, ok := v.Interface().(encoding.TextMarshaler)
+	if !ok {
+		e.WriteString("null")
+		return
+	}
+	b, err := m.MarshalText()
+	if err != nil {
+		e.error(&MarshalerError{v.Type(), err, "MarshalText"})
+	}
+	e.stringBytes(b, opts.escapeHTML)
+}
+
+func addrTextMarshalerEncoder(e *encodeState, v reflect.Value, opts encOpts) {
+	va := v.Addr()
+	if va.IsNil() {
+		e.WriteString("null")
+		return
+	}
+	m := va.Interface().(encoding.TextMarshaler)
+	b, err := m.MarshalText()
+	if err != nil {
+		e.error(&MarshalerError{v.Type(), err, "MarshalText"})
+	}
+	e.stringBytes(b, opts.escapeHTML)
+}
+
+func boolEncoder(e *encodeState, v reflect.Value, opts encOpts) {
+	if opts.quoted {
+		e.WriteByte('"')
+	}
+	if v.Bool() {
+		e.WriteString("true")
+	} else {
+		e.WriteString("false")
+	}
+	if opts.quoted {
+		e.WriteByte('"')
+	}
+}
+
+func intEncoder(e *encodeState, v reflect.Value, opts encOpts) {
+	b := strconv.AppendInt(e.scratch[:0], v.Int(), 10)
+	if opts.quoted {
+		e.WriteByte('"')
+	}
+	e.Write(b)
+	if opts.quoted {
+		e.WriteByte('"')
+	}
+}
+
+func uintEncoder(e *encodeState, v reflect.Value, opts encOpts) {
+	b := strconv.AppendUint(e.scratch[:0], v.Uint(), 10)
+	if opts.quoted {
+		e.WriteByte('"')
+	}
+	e.Write(b)
+	if opts.quoted {
+		e.WriteByte('"')
+	}
+}
+
+type floatEncoder int // number of bits
+
+func (bits floatEncoder) encode(e *encodeState, v reflect.Value, opts encOpts) {
+	f := v.Float()
+	if math.IsInf(f, 0) || math.IsNaN(f) {
+		e.error(&UnsupportedValueError{v, strconv.FormatFloat(f, 'g', -1, int(bits))})
+	}
+
+	// Convert as if by ES6 number to string conversion.
+	// This matches most other JSON generators.
+	// See golang.org/issue/6384 and golang.org/issue/14135.
+	// Like fmt %g, but the exponent cutoffs are different
+	// and exponents themselves are not padded to two digits.
+	b := e.scratch[:0]
+	abs := math.Abs(f)
+	fmt := byte('f')
+	// Note: Must use float32 comparisons for underlying float32 value to get precise cutoffs right.
+	if abs != 0 {
+		if bits == 64 && (abs < 1e-6 || abs >= 1e21) || bits == 32 && (float32(abs) < 1e-6 || float32(abs) >= 1e21) {
+			fmt = 'e'
+		}
+	}
+	b = strconv.AppendFloat(b, f, fmt, -1, int(bits))
+	if fmt == 'e' {
+		// clean up e-09 to e-9
+		n := len(b)
+		if n >= 4 && b[n-4] == 'e' && b[n-3] == '-' && b[n-2] == '0' {
+			b[n-2] = b[n-1]
+			b = b[:n-1]
+		}
+	}
+
+	if opts.quoted {
+		e.WriteByte('"')
+	}
+	e.Write(b)
+	if opts.quoted {
+		e.WriteByte('"')
+	}
+}
+
+var (
+	float32Encoder = (floatEncoder(32)).encode
+	float64Encoder = (floatEncoder(64)).encode
+)
+
+func stringEncoder(e *encodeState, v reflect.Value, opts encOpts) {
+	if v.Type() == numberType {
+		numStr := v.String()
+		// In Go1.5 the empty string encodes to "0", while this is not a valid number literal
+		// we keep compatibility so check validity after this.
+		if numStr == "" {
+			numStr = "0" // Number's zero-val
+		}
+		if !isValidNumber(numStr) {
+			e.error(fmt.Errorf("json: invalid number literal %q", numStr))
+		}
+		if opts.quoted {
+			e.WriteByte('"')
+		}
+		e.WriteString(numStr)
+		if opts.quoted {
+			e.WriteByte('"')
+		}
+		return
+	}
+	if opts.quoted {
+		e2 := newEncodeState()
+		// Since we encode the string twice, we only need to escape HTML
+		// the first time.
+		e2.string(v.String(), opts.escapeHTML)
+		e.stringBytes(e2.Bytes(), false)
+		encodeStatePool.Put(e2)
+	} else {
+		e.string(v.String(), opts.escapeHTML)
+	}
+}
+
+// isValidNumber reports whether s is a valid JSON number literal.
+func isValidNumber(s string) bool {
+	// This function implements the JSON numbers grammar.
+	// See https://tools.ietf.org/html/rfc7159#section-6
+	// and https://www.json.org/img/number.png
+
+	if s == "" {
+		return false
+	}
+
+	// Optional -
+	if s[0] == '-' {
+		s = s[1:]
+		if s == "" {
+			return false
+		}
+	}
+
+	// Digits
+	switch {
+	default:
+		return false
+
+	case s[0] == '0':
+		s = s[1:]
+
+	case '1' <= s[0] && s[0] <= '9':
+		s = s[1:]
+		for len(s) > 0 && '0' <= s[0] && s[0] <= '9' {
+			s = s[1:]
+		}
+	}
+
+	// . followed by 1 or more digits.
+	if len(s) >= 2 && s[0] == '.' && '0' <= s[1] && s[1] <= '9' {
+		s = s[2:]
+		for len(s) > 0 && '0' <= s[0] && s[0] <= '9' {
+			s = s[1:]
+		}
+	}
+
+	// e or E followed by an optional - or + and
+	// 1 or more digits.
+	if len(s) >= 2 && (s[0] == 'e' || s[0] == 'E') {
+		s = s[1:]
+		if s[0] == '+' || s[0] == '-' {
+			s = s[1:]
+			if s == "" {
+				return false
+			}
+		}
+		for len(s) > 0 && '0' <= s[0] && s[0] <= '9' {
+			s = s[1:]
+		}
+	}
+
+	// Make sure we are at the end.
+	return s == ""
+}
+
+func interfaceEncoder(e *encodeState, v reflect.Value, opts encOpts) {
+	if v.IsNil() {
+		e.WriteString("null")
+		return
+	}
+	e.reflectValue(v.Elem(), opts)
+}
+
+func unsupportedTypeEncoder(e *encodeState, v reflect.Value, _ encOpts) {
+	e.error(&UnsupportedTypeError{v.Type()})
+}
+
+type structEncoder struct {
+	fields structFields
+}
+
+type structFields struct {
+	list      []field
+	nameIndex map[string]int
+}
+
+func (se structEncoder) encode(e *encodeState, v reflect.Value, opts encOpts) {
+	next := byte('{')
+FieldLoop:
+	for i := range se.fields.list {
+		f := &se.fields.list[i]
+
+		// Find the nested struct field by following f.index.
+		fv := v
+		for _, i := range f.index {
+			if fv.Kind() == reflect.Pointer {
+				if fv.IsNil() {
+					continue FieldLoop
+				}
+				fv = fv.Elem()
+			}
+			fv = fv.Field(i)
+		}
+
+		if f.omitEmpty && isEmptyValue(fv) {
+			continue
+		}
+		e.WriteByte(next)
+		next = ','
+		if opts.escapeHTML {
+			e.WriteString(f.nameEscHTML)
+		} else {
+			e.WriteString(f.nameNonEsc)
+		}
+		opts.quoted = f.quoted
+		f.encoder(e, fv, opts)
+	}
+	if next == '{' {
+		e.WriteString("{}")
+	} else {
+		e.WriteByte('}')
+	}
+}
+
+func newStructEncoder(t reflect.Type) encoderFunc {
+	se := structEncoder{fields: cachedTypeFields(t)}
+	return se.encode
+}
+
+type mapEncoder struct {
+	elemEnc encoderFunc
+}
+
+func (me mapEncoder) encode(e *encodeState, v reflect.Value, opts encOpts) {
+	if v.IsNil() {
+		e.WriteString("null")
+		return
+	}
+	if e.ptrLevel++; e.ptrLevel > startDetectingCyclesAfter {
+		// We're a large number of nested ptrEncoder.encode calls deep;
+		// start checking if we've run into a pointer cycle.
+		ptr := v.UnsafePointer()
+		if _, ok := e.ptrSeen[ptr]; ok {
+			e.error(&UnsupportedValueError{v, fmt.Sprintf("encountered a cycle via %s", v.Type())})
+		}
+		e.ptrSeen[ptr] = struct{}{}
+		defer delete(e.ptrSeen, ptr)
+	}
+	e.WriteByte('{')
+
+	// Extract and sort the keys.
+	sv := make([]reflectWithString, v.Len())
+	mi := v.MapRange()
+	for i := 0; mi.Next(); i++ {
+		sv[i].k = mi.Key()
+		sv[i].v = mi.Value()
+		if err := sv[i].resolve(); err != nil {
+			e.error(fmt.Errorf("json: encoding error for type %q: %q", v.Type().String(), err.Error()))
+		}
+	}
+	sort.Slice(sv, func(i, j int) bool { return sv[i].ks < sv[j].ks })
+
+	for i, kv := range sv {
+		if i > 0 {
+			e.WriteByte(',')
+		}
+		e.string(kv.ks, opts.escapeHTML)
+		e.WriteByte(':')
+		me.elemEnc(e, kv.v, opts)
+	}
+	e.WriteByte('}')
+	e.ptrLevel--
+}
+
+func newMapEncoder(t reflect.Type) encoderFunc {
+	switch t.Key().Kind() {
+	case reflect.String,
+		reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64,
+		reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr:
+	default:
+		if !t.Key().Implements(textMarshalerType) {
+			return unsupportedTypeEncoder
+		}
+	}
+	me := mapEncoder{typeEncoder(t.Elem())}
+	return me.encode
+}
+
+func encodeByteSlice(e *encodeState, v reflect.Value, _ encOpts) {
+	if v.IsNil() {
+		e.WriteString("null")
+		return
+	}
+	s := v.Bytes()
+	e.WriteByte('"')
+	encodedLen := base64.StdEncoding.EncodedLen(len(s))
+	if encodedLen <= len(e.scratch) {
+		// If the encoded bytes fit in e.scratch, avoid an extra
+		// allocation and use the cheaper Encoding.Encode.
+		dst := e.scratch[:encodedLen]
+		base64.StdEncoding.Encode(dst, s)
+		e.Write(dst)
+	} else if encodedLen <= 1024 {
+		// The encoded bytes are short enough to allocate for, and
+		// Encoding.Encode is still cheaper.
+		dst := make([]byte, encodedLen)
+		base64.StdEncoding.Encode(dst, s)
+		e.Write(dst)
+	} else {
+		// The encoded bytes are too long to cheaply allocate, and
+		// Encoding.Encode is no longer noticeably cheaper.
+		enc := base64.NewEncoder(base64.StdEncoding, e)
+		enc.Write(s)
+		enc.Close()
+	}
+	e.WriteByte('"')
+}
+
+// sliceEncoder just wraps an arrayEncoder, checking to make sure the value isn't nil.
+type sliceEncoder struct {
+	arrayEnc encoderFunc
+}
+
+func (se sliceEncoder) encode(e *encodeState, v reflect.Value, opts encOpts) {
+	if v.IsNil() {
+		e.WriteString("null")
+		return
+	}
+	if e.ptrLevel++; e.ptrLevel > startDetectingCyclesAfter {
+		// We're a large number of nested ptrEncoder.encode calls deep;
+		// start checking if we've run into a pointer cycle.
+		// Here we use a struct to memorize the pointer to the first element of the slice
+		// and its length.
+		ptr := struct {
+			ptr interface{} // always an unsafe.Pointer, but avoids a dependency on package unsafe
+			len int
+		}{v.UnsafePointer(), v.Len()}
+		if _, ok := e.ptrSeen[ptr]; ok {
+			e.error(&UnsupportedValueError{v, fmt.Sprintf("encountered a cycle via %s", v.Type())})
+		}
+		e.ptrSeen[ptr] = struct{}{}
+		defer delete(e.ptrSeen, ptr)
+	}
+	se.arrayEnc(e, v, opts)
+	e.ptrLevel--
+}
+
+func newSliceEncoder(t reflect.Type) encoderFunc {
+	// Byte slices get special treatment; arrays don't.
+	if t.Elem().Kind() == reflect.Uint8 {
+		p := reflect.PointerTo(t.Elem())
+		if !p.Implements(marshalerType) && !p.Implements(textMarshalerType) {
+			return encodeByteSlice
+		}
+	}
+	enc := sliceEncoder{newArrayEncoder(t)}
+	return enc.encode
+}
+
+type arrayEncoder struct {
+	elemEnc encoderFunc
+}
+
+func (ae arrayEncoder) encode(e *encodeState, v reflect.Value, opts encOpts) {
+	e.WriteByte('[')
+	n := v.Len()
+	for i := 0; i < n; i++ {
+		if i > 0 {
+			e.WriteByte(',')
+		}
+		ae.elemEnc(e, v.Index(i), opts)
+	}
+	e.WriteByte(']')
+}
+
+func newArrayEncoder(t reflect.Type) encoderFunc {
+	enc := arrayEncoder{typeEncoder(t.Elem())}
+	return enc.encode
+}
+
+type ptrEncoder struct {
+	elemEnc encoderFunc
+}
+
+func (pe ptrEncoder) encode(e *encodeState, v reflect.Value, opts encOpts) {
+	if v.IsNil() {
+		e.WriteString("null")
+		return
+	}
+	if e.ptrLevel++; e.ptrLevel > startDetectingCyclesAfter {
+		// We're a large number of nested ptrEncoder.encode calls deep;
+		// start checking if we've run into a pointer cycle.
+		ptr := v.Interface()
+		if _, ok := e.ptrSeen[ptr]; ok {
+			e.error(&UnsupportedValueError{v, fmt.Sprintf("encountered a cycle via %s", v.Type())})
+		}
+		e.ptrSeen[ptr] = struct{}{}
+		defer delete(e.ptrSeen, ptr)
+	}
+	pe.elemEnc(e, v.Elem(), opts)
+	e.ptrLevel--
+}
+
+func newPtrEncoder(t reflect.Type) encoderFunc {
+	enc := ptrEncoder{typeEncoder(t.Elem())}
+	return enc.encode
+}
+
+type condAddrEncoder struct {
+	canAddrEnc, elseEnc encoderFunc
+}
+
+func (ce condAddrEncoder) encode(e *encodeState, v reflect.Value, opts encOpts) {
+	if v.CanAddr() {
+		ce.canAddrEnc(e, v, opts)
+	} else {
+		ce.elseEnc(e, v, opts)
+	}
+}
+
+// newCondAddrEncoder returns an encoder that checks whether its value
+// CanAddr and delegates to canAddrEnc if so, else to elseEnc.
+func newCondAddrEncoder(canAddrEnc, elseEnc encoderFunc) encoderFunc {
+	enc := condAddrEncoder{canAddrEnc: canAddrEnc, elseEnc: elseEnc}
+	return enc.encode
+}
+
+func isValidTag(s string) bool {
+	if s == "" {
+		return false
+	}
+	for _, c := range s {
+		switch {
+		case strings.ContainsRune("!#$%&()*+-./:;<=>?@[]^_{|}~ ", c):
+			// Backslash and quote chars are reserved, but
+			// otherwise any punctuation chars are allowed
+			// in a tag name.
+		case !unicode.IsLetter(c) && !unicode.IsDigit(c):
+			return false
+		}
+	}
+	return true
+}
+
+func typeByIndex(t reflect.Type, index []int) reflect.Type {
+	for _, i := range index {
+		if t.Kind() == reflect.Pointer {
+			t = t.Elem()
+		}
+		t = t.Field(i).Type
+	}
+	return t
+}
+
+type reflectWithString struct {
+	k  reflect.Value
+	v  reflect.Value
+	ks string
+}
+
+func (w *reflectWithString) resolve() error {
+	if w.k.Kind() == reflect.String {
+		w.ks = w.k.String()
+		return nil
+	}
+	if tm, ok := w.k.Interface().(encoding.TextMarshaler); ok {
+		if w.k.Kind() == reflect.Pointer && w.k.IsNil() {
+			return nil
+		}
+		buf, err := tm.MarshalText()
+		w.ks = string(buf)
+		return err
+	}
+	switch w.k.Kind() {
+	case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64:
+		w.ks = strconv.FormatInt(w.k.Int(), 10)
+		return nil
+	case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr:
+		w.ks = strconv.FormatUint(w.k.Uint(), 10)
+		return nil
+	}
+	panic("unexpected map key type")
+}
+
+// NOTE: keep in sync with stringBytes below.
+func (e *encodeState) string(s string, escapeHTML bool) {
+	e.WriteByte('"')
+	start := 0
+	for i := 0; i < len(s); {
+		if b := s[i]; b < utf8.RuneSelf {
+			if htmlSafeSet[b] || (!escapeHTML && safeSet[b]) {
+				i++
+				continue
+			}
+			if start < i {
+				e.WriteString(s[start:i])
+			}
+			e.WriteByte('\\')
+			switch b {
+			case '\\', '"':
+				e.WriteByte(b)
+			case '\n':
+				e.WriteByte('n')
+			case '\r':
+				e.WriteByte('r')
+			case '\t':
+				e.WriteByte('t')
+			default:
+				// This encodes bytes < 0x20 except for \t, \n and \r.
+				// If escapeHTML is set, it also escapes <, >, and &
+				// because they can lead to security holes when
+				// user-controlled strings are rendered into JSON
+				// and served to some browsers.
+				e.WriteString(`u00`)
+				e.WriteByte(hex[b>>4])
+				e.WriteByte(hex[b&0xF])
+			}
+			i++
+			start = i
+			continue
+		}
+		c, size := utf8.DecodeRuneInString(s[i:])
+		if c == utf8.RuneError && size == 1 {
+			if start < i {
+				e.WriteString(s[start:i])
+			}
+			e.WriteString(`\ufffd`)
+			i += size
+			start = i
+			continue
+		}
+		// U+2028 is LINE SEPARATOR.
+		// U+2029 is PARAGRAPH SEPARATOR.
+		// They are both technically valid characters in JSON strings,
+		// but don't work in JSONP, which has to be evaluated as JavaScript,
+		// and can lead to security holes there. It is valid JSON to
+		// escape them, so we do so unconditionally.
+		// See http://timelessrepo.com/json-isnt-a-javascript-subset for discussion.
+		if c == '\u2028' || c == '\u2029' {
+			if start < i {
+				e.WriteString(s[start:i])
+			}
+			e.WriteString(`\u202`)
+			e.WriteByte(hex[c&0xF])
+			i += size
+			start = i
+			continue
+		}
+		i += size
+	}
+	if start < len(s) {
+		e.WriteString(s[start:])
+	}
+	e.WriteByte('"')
+}
+
+// NOTE: keep in sync with string above.
+func (e *encodeState) stringBytes(s []byte, escapeHTML bool) {
+	e.WriteByte('"')
+	start := 0
+	for i := 0; i < len(s); {
+		if b := s[i]; b < utf8.RuneSelf {
+			if htmlSafeSet[b] || (!escapeHTML && safeSet[b]) {
+				i++
+				continue
+			}
+			if start < i {
+				e.Write(s[start:i])
+			}
+			e.WriteByte('\\')
+			switch b {
+			case '\\', '"':
+				e.WriteByte(b)
+			case '\n':
+				e.WriteByte('n')
+			case '\r':
+				e.WriteByte('r')
+			case '\t':
+				e.WriteByte('t')
+			default:
+				// This encodes bytes < 0x20 except for \t, \n and \r.
+				// If escapeHTML is set, it also escapes <, >, and &
+				// because they can lead to security holes when
+				// user-controlled strings are rendered into JSON
+				// and served to some browsers.
+				e.WriteString(`u00`)
+				e.WriteByte(hex[b>>4])
+				e.WriteByte(hex[b&0xF])
+			}
+			i++
+			start = i
+			continue
+		}
+		c, size := utf8.DecodeRune(s[i:])
+		if c == utf8.RuneError && size == 1 {
+			if start < i {
+				e.Write(s[start:i])
+			}
+			e.WriteString(`\ufffd`)
+			i += size
+			start = i
+			continue
+		}
+		// U+2028 is LINE SEPARATOR.
+		// U+2029 is PARAGRAPH SEPARATOR.
+		// They are both technically valid characters in JSON strings,
+		// but don't work in JSONP, which has to be evaluated as JavaScript,
+		// and can lead to security holes there. It is valid JSON to
+		// escape them, so we do so unconditionally.
+		// See http://timelessrepo.com/json-isnt-a-javascript-subset for discussion.
+		if c == '\u2028' || c == '\u2029' {
+			if start < i {
+				e.Write(s[start:i])
+			}
+			e.WriteString(`\u202`)
+			e.WriteByte(hex[c&0xF])
+			i += size
+			start = i
+			continue
+		}
+		i += size
+	}
+	if start < len(s) {
+		e.Write(s[start:])
+	}
+	e.WriteByte('"')
+}
+
+// A field represents a single field found in a struct.
+type field struct {
+	name      string
+	nameBytes []byte                 // []byte(name)
+	equalFold func(s, t []byte) bool // bytes.EqualFold or equivalent
+
+	nameNonEsc  string // `"` + name + `":`
+	nameEscHTML string // `"` + HTMLEscape(name) + `":`
+
+	tag       bool
+	index     []int
+	typ       reflect.Type
+	omitEmpty bool
+	quoted    bool
+
+	encoder encoderFunc
+}
+
+// byIndex sorts field by index sequence.
+type byIndex []field
+
+func (x byIndex) Len() int { return len(x) }
+
+func (x byIndex) Swap(i, j int) { x[i], x[j] = x[j], x[i] }
+
+func (x byIndex) Less(i, j int) bool {
+	for k, xik := range x[i].index {
+		if k >= len(x[j].index) {
+			return false
+		}
+		if xik != x[j].index[k] {
+			return xik < x[j].index[k]
+		}
+	}
+	return len(x[i].index) < len(x[j].index)
+}
+
+// typeFields returns a list of fields that JSON should recognize for the given type.
+// The algorithm is breadth-first search over the set of structs to include - the top struct
+// and then any reachable anonymous structs.
+func typeFields(t reflect.Type) structFields {
+	// Anonymous fields to explore at the current level and the next.
+	current := []field{}
+	next := []field{{typ: t}}
+
+	// Count of queued names for current level and the next.
+	var count, nextCount map[reflect.Type]int
+
+	// Types already visited at an earlier level.
+	visited := map[reflect.Type]bool{}
+
+	// Fields found.
+	var fields []field
+
+	// Buffer to run HTMLEscape on field names.
+	var nameEscBuf bytes.Buffer
+
+	for len(next) > 0 {
+		current, next = next, current[:0]
+		count, nextCount = nextCount, map[reflect.Type]int{}
+
+		for _, f := range current {
+			if visited[f.typ] {
+				continue
+			}
+			visited[f.typ] = true
+
+			// Scan f.typ for fields to include.
+			for i := 0; i < f.typ.NumField(); i++ {
+				sf := f.typ.Field(i)
+				if sf.Anonymous {
+					t := sf.Type
+					if t.Kind() == reflect.Pointer {
+						t = t.Elem()
+					}
+					if !sf.IsExported() && t.Kind() != reflect.Struct {
+						// Ignore embedded fields of unexported non-struct types.
+						continue
+					}
+					// Do not ignore embedded fields of unexported struct types
+					// since they may have exported fields.
+				} else if !sf.IsExported() {
+					// Ignore unexported non-embedded fields.
+					continue
+				}
+				tag := sf.Tag.Get("json")
+				if tag == "-" {
+					continue
+				}
+				name, opts := parseTag(tag)
+				if !isValidTag(name) {
+					name = ""
+				}
+				index := make([]int, len(f.index)+1)
+				copy(index, f.index)
+				index[len(f.index)] = i
+
+				ft := sf.Type
+				if ft.Name() == "" && ft.Kind() == reflect.Pointer {
+					// Follow pointer.
+					ft = ft.Elem()
+				}
+
+				// Only strings, floats, integers, and booleans can be quoted.
+				quoted := false
+				if opts.Contains("string") {
+					switch ft.Kind() {
+					case reflect.Bool,
+						reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64,
+						reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr,
+						reflect.Float32, reflect.Float64,
+						reflect.String:
+						quoted = true
+					}
+				}
+
+				// Record found field and index sequence.
+				if name != "" || !sf.Anonymous || ft.Kind() != reflect.Struct {
+					tagged := name != ""
+					if name == "" {
+						name = sf.Name
+					}
+					field := field{
+						name:      name,
+						tag:       tagged,
+						index:     index,
+						typ:       ft,
+						omitEmpty: opts.Contains("omitempty"),
+						quoted:    quoted,
+					}
+					field.nameBytes = []byte(field.name)
+					field.equalFold = foldFunc(field.nameBytes)
+
+					// Build nameEscHTML and nameNonEsc ahead of time.
+					nameEscBuf.Reset()
+					nameEscBuf.WriteString(`"`)
+					HTMLEscape(&nameEscBuf, field.nameBytes)
+					nameEscBuf.WriteString(`":`)
+					field.nameEscHTML = nameEscBuf.String()
+					field.nameNonEsc = `"` + field.name + `":`
+
+					fields = append(fields, field)
+					if count[f.typ] > 1 {
+						// If there were multiple instances, add a second,
+						// so that the annihilation code will see a duplicate.
+						// It only cares about the distinction between 1 or 2,
+						// so don't bother generating any more copies.
+						fields = append(fields, fields[len(fields)-1])
+					}
+					continue
+				}
+
+				// Record new anonymous struct to explore in next round.
+				nextCount[ft]++
+				if nextCount[ft] == 1 {
+					next = append(next, field{name: ft.Name(), index: index, typ: ft})
+				}
+			}
+		}
+	}
+
+	sort.Slice(fields, func(i, j int) bool {
+		x := fields
+		// sort field by name, breaking ties with depth, then
+		// breaking ties with "name came from json tag", then
+		// breaking ties with index sequence.
+		if x[i].name != x[j].name {
+			return x[i].name < x[j].name
+		}
+		if len(x[i].index) != len(x[j].index) {
+			return len(x[i].index) < len(x[j].index)
+		}
+		if x[i].tag != x[j].tag {
+			return x[i].tag
+		}
+		return byIndex(x).Less(i, j)
+	})
+
+	// Delete all fields that are hidden by the Go rules for embedded fields,
+	// except that fields with JSON tags are promoted.
+
+	// The fields are sorted in primary order of name, secondary order
+	// of field index length. Loop over names; for each name, delete
+	// hidden fields by choosing the one dominant field that survives.
+	out := fields[:0]
+	for advance, i := 0, 0; i < len(fields); i += advance {
+		// One iteration per name.
+		// Find the sequence of fields with the name of this first field.
+		fi := fields[i]
+		name := fi.name
+		for advance = 1; i+advance < len(fields); advance++ {
+			fj := fields[i+advance]
+			if fj.name != name {
+				break
+			}
+		}
+		if advance == 1 { // Only one field with this name
+			out = append(out, fi)
+			continue
+		}
+		dominant, ok := dominantField(fields[i : i+advance])
+		if ok {
+			out = append(out, dominant)
+		}
+	}
+
+	fields = out
+	sort.Sort(byIndex(fields))
+
+	for i := range fields {
+		f := &fields[i]
+		f.encoder = typeEncoder(typeByIndex(t, f.index))
+	}
+	nameIndex := make(map[string]int, len(fields))
+	for i, field := range fields {
+		nameIndex[field.name] = i
+	}
+	return structFields{fields, nameIndex}
+}
+
+// dominantField looks through the fields, all of which are known to
+// have the same name, to find the single field that dominates the
+// others using Go's embedding rules, modified by the presence of
+// JSON tags. If there are multiple top-level fields, the boolean
+// will be false: This condition is an error in Go and we skip all
+// the fields.
+func dominantField(fields []field) (field, bool) {
+	// The fields are sorted in increasing index-length order, then by presence of tag.
+	// That means that the first field is the dominant one. We need only check
+	// for error cases: two fields at top level, either both tagged or neither tagged.
+	if len(fields) > 1 && len(fields[0].index) == len(fields[1].index) && fields[0].tag == fields[1].tag {
+		return field{}, false
+	}
+	return fields[0], true
+}
+
+var fieldCache sync.Map // map[reflect.Type]structFields
+
+// cachedTypeFields is like typeFields but uses a cache to avoid repeated work.
+func cachedTypeFields(t reflect.Type) structFields {
+	if f, ok := fieldCache.Load(t); ok {
+		return f.(structFields)
+	}
+	f, _ := fieldCache.LoadOrStore(t, typeFields(t))
+	return f.(structFields)
+}
diff --git a/vendor/github.com/evanphx/json-patch/v5/internal/json/fold.go b/vendor/github.com/evanphx/json-patch/v5/internal/json/fold.go
new file mode 100644
index 00000000000..0f9b09d712d
--- /dev/null
+++ b/vendor/github.com/evanphx/json-patch/v5/internal/json/fold.go
@@ -0,0 +1,141 @@
+// Copyright 2013 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package json
+
+import (
+	"bytes"
+	"unicode/utf8"
+)
+
+const (
+	caseMask     = ^byte(0x20) // Mask to ignore case in ASCII.
+	kelvin       = '\u212a'
+	smallLongEss = '\u017f'
+)
+
+// foldFunc returns one of four different case folding equivalence
+// functions, from most general (and slow) to fastest:
+//
+// 1) bytes.EqualFold, if the key s contains any non-ASCII UTF-8
+// 2) equalFoldRight, if s contains special folding ASCII ('k', 'K', 's', 'S')
+// 3) asciiEqualFold, no special, but includes non-letters (including _)
+// 4) simpleLetterEqualFold, no specials, no non-letters.
+//
+// The letters S and K are special because they map to 3 runes, not just 2:
+//   - S maps to s and to U+017F 'ſ' Latin small letter long s
+//   - k maps to K and to U+212A 'K' Kelvin sign
+//
+// See https://play.golang.org/p/tTxjOc0OGo
+//
+// The returned function is specialized for matching against s and
+// should only be given s. It's not curried for performance reasons.
+func foldFunc(s []byte) func(s, t []byte) bool {
+	nonLetter := false
+	special := false // special letter
+	for _, b := range s {
+		if b >= utf8.RuneSelf {
+			return bytes.EqualFold
+		}
+		upper := b & caseMask
+		if upper < 'A' || upper > 'Z' {
+			nonLetter = true
+		} else if upper == 'K' || upper == 'S' {
+			// See above for why these letters are special.
+			special = true
+		}
+	}
+	if special {
+		return equalFoldRight
+	}
+	if nonLetter {
+		return asciiEqualFold
+	}
+	return simpleLetterEqualFold
+}
+
+// equalFoldRight is a specialization of bytes.EqualFold when s is
+// known to be all ASCII (including punctuation), but contains an 's',
+// 'S', 'k', or 'K', requiring a Unicode fold on the bytes in t.
+// See comments on foldFunc.
+func equalFoldRight(s, t []byte) bool {
+	for _, sb := range s {
+		if len(t) == 0 {
+			return false
+		}
+		tb := t[0]
+		if tb < utf8.RuneSelf {
+			if sb != tb {
+				sbUpper := sb & caseMask
+				if 'A' <= sbUpper && sbUpper <= 'Z' {
+					if sbUpper != tb&caseMask {
+						return false
+					}
+				} else {
+					return false
+				}
+			}
+			t = t[1:]
+			continue
+		}
+		// sb is ASCII and t is not. t must be either kelvin
+		// sign or long s; sb must be s, S, k, or K.
+		tr, size := utf8.DecodeRune(t)
+		switch sb {
+		case 's', 'S':
+			if tr != smallLongEss {
+				return false
+			}
+		case 'k', 'K':
+			if tr != kelvin {
+				return false
+			}
+		default:
+			return false
+		}
+		t = t[size:]
+
+	}
+	return len(t) == 0
+}
+
+// asciiEqualFold is a specialization of bytes.EqualFold for use when
+// s is all ASCII (but may contain non-letters) and contains no
+// special-folding letters.
+// See comments on foldFunc.
+func asciiEqualFold(s, t []byte) bool {
+	if len(s) != len(t) {
+		return false
+	}
+	for i, sb := range s {
+		tb := t[i]
+		if sb == tb {
+			continue
+		}
+		if ('a' <= sb && sb <= 'z') || ('A' <= sb && sb <= 'Z') {
+			if sb&caseMask != tb&caseMask {
+				return false
+			}
+		} else {
+			return false
+		}
+	}
+	return true
+}
+
+// simpleLetterEqualFold is a specialization of bytes.EqualFold for
+// use when s is all ASCII letters (no underscores, etc) and also
+// doesn't contain 'k', 'K', 's', or 'S'.
+// See comments on foldFunc.
+func simpleLetterEqualFold(s, t []byte) bool {
+	if len(s) != len(t) {
+		return false
+	}
+	for i, b := range s {
+		if b&caseMask != t[i]&caseMask {
+			return false
+		}
+	}
+	return true
+}
diff --git a/vendor/github.com/evanphx/json-patch/v5/internal/json/fuzz.go b/vendor/github.com/evanphx/json-patch/v5/internal/json/fuzz.go
new file mode 100644
index 00000000000..b8f4ff2c1d6
--- /dev/null
+++ b/vendor/github.com/evanphx/json-patch/v5/internal/json/fuzz.go
@@ -0,0 +1,42 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build gofuzz
+
+package json
+
+import (
+	"fmt"
+)
+
+func Fuzz(data []byte) (score int) {
+	for _, ctor := range []func() any{
+		func() any { return new(any) },
+		func() any { return new(map[string]any) },
+		func() any { return new([]any) },
+	} {
+		v := ctor()
+		err := Unmarshal(data, v)
+		if err != nil {
+			continue
+		}
+		score = 1
+
+		m, err := Marshal(v)
+		if err != nil {
+			fmt.Printf("v=%#v\n", v)
+			panic(err)
+		}
+
+		u := ctor()
+		err = Unmarshal(m, u)
+		if err != nil {
+			fmt.Printf("v=%#v\n", v)
+			fmt.Printf("m=%s\n", m)
+			panic(err)
+		}
+	}
+
+	return
+}
diff --git a/vendor/github.com/evanphx/json-patch/v5/internal/json/indent.go b/vendor/github.com/evanphx/json-patch/v5/internal/json/indent.go
new file mode 100644
index 00000000000..2924d3b49b9
--- /dev/null
+++ b/vendor/github.com/evanphx/json-patch/v5/internal/json/indent.go
@@ -0,0 +1,143 @@
+// Copyright 2010 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package json
+
+import (
+	"bytes"
+)
+
+// Compact appends to dst the JSON-encoded src with
+// insignificant space characters elided.
+func Compact(dst *bytes.Buffer, src []byte) error {
+	return compact(dst, src, false)
+}
+
+func compact(dst *bytes.Buffer, src []byte, escape bool) error {
+	origLen := dst.Len()
+	scan := newScanner()
+	defer freeScanner(scan)
+	start := 0
+	for i, c := range src {
+		if escape && (c == '<' || c == '>' || c == '&') {
+			if start < i {
+				dst.Write(src[start:i])
+			}
+			dst.WriteString(`\u00`)
+			dst.WriteByte(hex[c>>4])
+			dst.WriteByte(hex[c&0xF])
+			start = i + 1
+		}
+		// Convert U+2028 and U+2029 (E2 80 A8 and E2 80 A9).
+		if escape && c == 0xE2 && i+2 < len(src) && src[i+1] == 0x80 && src[i+2]&^1 == 0xA8 {
+			if start < i {
+				dst.Write(src[start:i])
+			}
+			dst.WriteString(`\u202`)
+			dst.WriteByte(hex[src[i+2]&0xF])
+			start = i + 3
+		}
+		v := scan.step(scan, c)
+		if v >= scanSkipSpace {
+			if v == scanError {
+				break
+			}
+			if start < i {
+				dst.Write(src[start:i])
+			}
+			start = i + 1
+		}
+	}
+	if scan.eof() == scanError {
+		dst.Truncate(origLen)
+		return scan.err
+	}
+	if start < len(src) {
+		dst.Write(src[start:])
+	}
+	return nil
+}
+
+func newline(dst *bytes.Buffer, prefix, indent string, depth int) {
+	dst.WriteByte('\n')
+	dst.WriteString(prefix)
+	for i := 0; i < depth; i++ {
+		dst.WriteString(indent)
+	}
+}
+
+// Indent appends to dst an indented form of the JSON-encoded src.
+// Each element in a JSON object or array begins on a new,
+// indented line beginning with prefix followed by one or more
+// copies of indent according to the indentation nesting.
+// The data appended to dst does not begin with the prefix nor
+// any indentation, to make it easier to embed inside other formatted JSON data.
+// Although leading space characters (space, tab, carriage return, newline)
+// at the beginning of src are dropped, trailing space characters
+// at the end of src are preserved and copied to dst.
+// For example, if src has no trailing spaces, neither will dst;
+// if src ends in a trailing newline, so will dst.
+func Indent(dst *bytes.Buffer, src []byte, prefix, indent string) error {
+	origLen := dst.Len()
+	scan := newScanner()
+	defer freeScanner(scan)
+	needIndent := false
+	depth := 0
+	for _, c := range src {
+		scan.bytes++
+		v := scan.step(scan, c)
+		if v == scanSkipSpace {
+			continue
+		}
+		if v == scanError {
+			break
+		}
+		if needIndent && v != scanEndObject && v != scanEndArray {
+			needIndent = false
+			depth++
+			newline(dst, prefix, indent, depth)
+		}
+
+		// Emit semantically uninteresting bytes
+		// (in particular, punctuation in strings) unmodified.
+		if v == scanContinue {
+			dst.WriteByte(c)
+			continue
+		}
+
+		// Add spacing around real punctuation.
+		switch c {
+		case '{', '[':
+			// delay indent so that empty object and array are formatted as {} and [].
+			needIndent = true
+			dst.WriteByte(c)
+
+		case ',':
+			dst.WriteByte(c)
+			newline(dst, prefix, indent, depth)
+
+		case ':':
+			dst.WriteByte(c)
+			dst.WriteByte(' ')
+
+		case '}', ']':
+			if needIndent {
+				// suppress indent in empty object/array
+				needIndent = false
+			} else {
+				depth--
+				newline(dst, prefix, indent, depth)
+			}
+			dst.WriteByte(c)
+
+		default:
+			dst.WriteByte(c)
+		}
+	}
+	if scan.eof() == scanError {
+		dst.Truncate(origLen)
+		return scan.err
+	}
+	return nil
+}
diff --git a/vendor/github.com/evanphx/json-patch/v5/internal/json/scanner.go b/vendor/github.com/evanphx/json-patch/v5/internal/json/scanner.go
new file mode 100644
index 00000000000..4c43f5f98c4
--- /dev/null
+++ b/vendor/github.com/evanphx/json-patch/v5/internal/json/scanner.go
@@ -0,0 +1,610 @@
+// Copyright 2010 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package json
+
+// JSON value parser state machine.
+// Just about at the limit of what is reasonable to write by hand.
+// Some parts are a bit tedious, but overall it nicely factors out the
+// otherwise common code from the multiple scanning functions
+// in this package (Compact, Indent, checkValid, etc).
+//
+// This file starts with two simple examples using the scanner
+// before diving into the scanner itself.
+
+import (
+	"strconv"
+	"sync"
+)
+
+// Valid reports whether data is a valid JSON encoding.
+func Valid(data []byte) bool {
+	scan := newScanner()
+	defer freeScanner(scan)
+	return checkValid(data, scan) == nil
+}
+
+// checkValid verifies that data is valid JSON-encoded data.
+// scan is passed in for use by checkValid to avoid an allocation.
+// checkValid returns nil or a SyntaxError.
+func checkValid(data []byte, scan *scanner) error {
+	scan.reset()
+	for _, c := range data {
+		scan.bytes++
+		if scan.step(scan, c) == scanError {
+			return scan.err
+		}
+	}
+	if scan.eof() == scanError {
+		return scan.err
+	}
+	return nil
+}
+
+// A SyntaxError is a description of a JSON syntax error.
+// Unmarshal will return a SyntaxError if the JSON can't be parsed.
+type SyntaxError struct {
+	msg    string // description of error
+	Offset int64  // error occurred after reading Offset bytes
+}
+
+func (e *SyntaxError) Error() string { return e.msg }
+
+// A scanner is a JSON scanning state machine.
+// Callers call scan.reset and then pass bytes in one at a time
+// by calling scan.step(&scan, c) for each byte.
+// The return value, referred to as an opcode, tells the
+// caller about significant parsing events like beginning
+// and ending literals, objects, and arrays, so that the
+// caller can follow along if it wishes.
+// The return value scanEnd indicates that a single top-level
+// JSON value has been completed, *before* the byte that
+// just got passed in.  (The indication must be delayed in order
+// to recognize the end of numbers: is 123 a whole value or
+// the beginning of 12345e+6?).
+type scanner struct {
+	// The step is a func to be called to execute the next transition.
+	// Also tried using an integer constant and a single func
+	// with a switch, but using the func directly was 10% faster
+	// on a 64-bit Mac Mini, and it's nicer to read.
+	step func(*scanner, byte) int
+
+	// Reached end of top-level value.
+	endTop bool
+
+	// Stack of what we're in the middle of - array values, object keys, object values.
+	parseState []int
+
+	// Error that happened, if any.
+	err error
+
+	// total bytes consumed, updated by decoder.Decode (and deliberately
+	// not set to zero by scan.reset)
+	bytes int64
+}
+
+var scannerPool = sync.Pool{
+	New: func() any {
+		return &scanner{}
+	},
+}
+
+func newScanner() *scanner {
+	scan := scannerPool.Get().(*scanner)
+	// scan.reset by design doesn't set bytes to zero
+	scan.bytes = 0
+	scan.reset()
+	return scan
+}
+
+func freeScanner(scan *scanner) {
+	// Avoid hanging on to too much memory in extreme cases.
+	if len(scan.parseState) > 1024 {
+		scan.parseState = nil
+	}
+	scannerPool.Put(scan)
+}
+
+// These values are returned by the state transition functions
+// assigned to scanner.state and the method scanner.eof.
+// They give details about the current state of the scan that
+// callers might be interested to know about.
+// It is okay to ignore the return value of any particular
+// call to scanner.state: if one call returns scanError,
+// every subsequent call will return scanError too.
+const (
+	// Continue.
+	scanContinue     = iota // uninteresting byte
+	scanBeginLiteral        // end implied by next result != scanContinue
+	scanBeginObject         // begin object
+	scanObjectKey           // just finished object key (string)
+	scanObjectValue         // just finished non-last object value
+	scanEndObject           // end object (implies scanObjectValue if possible)
+	scanBeginArray          // begin array
+	scanArrayValue          // just finished array value
+	scanEndArray            // end array (implies scanArrayValue if possible)
+	scanSkipSpace           // space byte; can skip; known to be last "continue" result
+
+	// Stop.
+	scanEnd   // top-level value ended *before* this byte; known to be first "stop" result
+	scanError // hit an error, scanner.err.
+)
+
+// These values are stored in the parseState stack.
+// They give the current state of a composite value
+// being scanned. If the parser is inside a nested value
+// the parseState describes the nested state, outermost at entry 0.
+const (
+	parseObjectKey   = iota // parsing object key (before colon)
+	parseObjectValue        // parsing object value (after colon)
+	parseArrayValue         // parsing array value
+)
+
+// This limits the max nesting depth to prevent stack overflow.
+// This is permitted by https://tools.ietf.org/html/rfc7159#section-9
+const maxNestingDepth = 10000
+
+// reset prepares the scanner for use.
+// It must be called before calling s.step.
+func (s *scanner) reset() {
+	s.step = stateBeginValue
+	s.parseState = s.parseState[0:0]
+	s.err = nil
+	s.endTop = false
+}
+
+// eof tells the scanner that the end of input has been reached.
+// It returns a scan status just as s.step does.
+func (s *scanner) eof() int {
+	if s.err != nil {
+		return scanError
+	}
+	if s.endTop {
+		return scanEnd
+	}
+	s.step(s, ' ')
+	if s.endTop {
+		return scanEnd
+	}
+	if s.err == nil {
+		s.err = &SyntaxError{"unexpected end of JSON input", s.bytes}
+	}
+	return scanError
+}
+
+// pushParseState pushes a new parse state p onto the parse stack.
+// an error state is returned if maxNestingDepth was exceeded, otherwise successState is returned.
+func (s *scanner) pushParseState(c byte, newParseState int, successState int) int {
+	s.parseState = append(s.parseState, newParseState)
+	if len(s.parseState) <= maxNestingDepth {
+		return successState
+	}
+	return s.error(c, "exceeded max depth")
+}
+
+// popParseState pops a parse state (already obtained) off the stack
+// and updates s.step accordingly.
+func (s *scanner) popParseState() {
+	n := len(s.parseState) - 1
+	s.parseState = s.parseState[0:n]
+	if n == 0 {
+		s.step = stateEndTop
+		s.endTop = true
+	} else {
+		s.step = stateEndValue
+	}
+}
+
+func isSpace(c byte) bool {
+	return c <= ' ' && (c == ' ' || c == '\t' || c == '\r' || c == '\n')
+}
+
+// stateBeginValueOrEmpty is the state after reading `[`.
+func stateBeginValueOrEmpty(s *scanner, c byte) int {
+	if isSpace(c) {
+		return scanSkipSpace
+	}
+	if c == ']' {
+		return stateEndValue(s, c)
+	}
+	return stateBeginValue(s, c)
+}
+
+// stateBeginValue is the state at the beginning of the input.
+func stateBeginValue(s *scanner, c byte) int {
+	if isSpace(c) {
+		return scanSkipSpace
+	}
+	switch c {
+	case '{':
+		s.step = stateBeginStringOrEmpty
+		return s.pushParseState(c, parseObjectKey, scanBeginObject)
+	case '[':
+		s.step = stateBeginValueOrEmpty
+		return s.pushParseState(c, parseArrayValue, scanBeginArray)
+	case '"':
+		s.step = stateInString
+		return scanBeginLiteral
+	case '-':
+		s.step = stateNeg
+		return scanBeginLiteral
+	case '0': // beginning of 0.123
+		s.step = state0
+		return scanBeginLiteral
+	case 't': // beginning of true
+		s.step = stateT
+		return scanBeginLiteral
+	case 'f': // beginning of false
+		s.step = stateF
+		return scanBeginLiteral
+	case 'n': // beginning of null
+		s.step = stateN
+		return scanBeginLiteral
+	}
+	if '1' <= c && c <= '9' { // beginning of 1234.5
+		s.step = state1
+		return scanBeginLiteral
+	}
+	return s.error(c, "looking for beginning of value")
+}
+
+// stateBeginStringOrEmpty is the state after reading `{`.
+func stateBeginStringOrEmpty(s *scanner, c byte) int {
+	if isSpace(c) {
+		return scanSkipSpace
+	}
+	if c == '}' {
+		n := len(s.parseState)
+		s.parseState[n-1] = parseObjectValue
+		return stateEndValue(s, c)
+	}
+	return stateBeginString(s, c)
+}
+
+// stateBeginString is the state after reading `{"key": value,`.
+func stateBeginString(s *scanner, c byte) int {
+	if isSpace(c) {
+		return scanSkipSpace
+	}
+	if c == '"' {
+		s.step = stateInString
+		return scanBeginLiteral
+	}
+	return s.error(c, "looking for beginning of object key string")
+}
+
+// stateEndValue is the state after completing a value,
+// such as after reading `{}` or `true` or `["x"`.
+func stateEndValue(s *scanner, c byte) int {
+	n := len(s.parseState)
+	if n == 0 {
+		// Completed top-level before the current byte.
+		s.step = stateEndTop
+		s.endTop = true
+		return stateEndTop(s, c)
+	}
+	if isSpace(c) {
+		s.step = stateEndValue
+		return scanSkipSpace
+	}
+	ps := s.parseState[n-1]
+	switch ps {
+	case parseObjectKey:
+		if c == ':' {
+			s.parseState[n-1] = parseObjectValue
+			s.step = stateBeginValue
+			return scanObjectKey
+		}
+		return s.error(c, "after object key")
+	case parseObjectValue:
+		if c == ',' {
+			s.parseState[n-1] = parseObjectKey
+			s.step = stateBeginString
+			return scanObjectValue
+		}
+		if c == '}' {
+			s.popParseState()
+			return scanEndObject
+		}
+		return s.error(c, "after object key:value pair")
+	case parseArrayValue:
+		if c == ',' {
+			s.step = stateBeginValue
+			return scanArrayValue
+		}
+		if c == ']' {
+			s.popParseState()
+			return scanEndArray
+		}
+		return s.error(c, "after array element")
+	}
+	return s.error(c, "")
+}
+
+// stateEndTop is the state after finishing the top-level value,
+// such as after reading `{}` or `[1,2,3]`.
+// Only space characters should be seen now.
+func stateEndTop(s *scanner, c byte) int {
+	if !isSpace(c) {
+		// Complain about non-space byte on next call.
+		s.error(c, "after top-level value")
+	}
+	return scanEnd
+}
+
+// stateInString is the state after reading `"`.
+func stateInString(s *scanner, c byte) int {
+	if c == '"' {
+		s.step = stateEndValue
+		return scanContinue
+	}
+	if c == '\\' {
+		s.step = stateInStringEsc
+		return scanContinue
+	}
+	if c < 0x20 {
+		return s.error(c, "in string literal")
+	}
+	return scanContinue
+}
+
+// stateInStringEsc is the state after reading `"\` during a quoted string.
+func stateInStringEsc(s *scanner, c byte) int {
+	switch c {
+	case 'b', 'f', 'n', 'r', 't', '\\', '/', '"':
+		s.step = stateInString
+		return scanContinue
+	case 'u':
+		s.step = stateInStringEscU
+		return scanContinue
+	}
+	return s.error(c, "in string escape code")
+}
+
+// stateInStringEscU is the state after reading `"\u` during a quoted string.
+func stateInStringEscU(s *scanner, c byte) int {
+	if '0' <= c && c <= '9' || 'a' <= c && c <= 'f' || 'A' <= c && c <= 'F' {
+		s.step = stateInStringEscU1
+		return scanContinue
+	}
+	// numbers
+	return s.error(c, "in \\u hexadecimal character escape")
+}
+
+// stateInStringEscU1 is the state after reading `"\u1` during a quoted string.
+func stateInStringEscU1(s *scanner, c byte) int {
+	if '0' <= c && c <= '9' || 'a' <= c && c <= 'f' || 'A' <= c && c <= 'F' {
+		s.step = stateInStringEscU12
+		return scanContinue
+	}
+	// numbers
+	return s.error(c, "in \\u hexadecimal character escape")
+}
+
+// stateInStringEscU12 is the state after reading `"\u12` during a quoted string.
+func stateInStringEscU12(s *scanner, c byte) int {
+	if '0' <= c && c <= '9' || 'a' <= c && c <= 'f' || 'A' <= c && c <= 'F' {
+		s.step = stateInStringEscU123
+		return scanContinue
+	}
+	// numbers
+	return s.error(c, "in \\u hexadecimal character escape")
+}
+
+// stateInStringEscU123 is the state after reading `"\u123` during a quoted string.
+func stateInStringEscU123(s *scanner, c byte) int {
+	if '0' <= c && c <= '9' || 'a' <= c && c <= 'f' || 'A' <= c && c <= 'F' {
+		s.step = stateInString
+		return scanContinue
+	}
+	// numbers
+	return s.error(c, "in \\u hexadecimal character escape")
+}
+
+// stateNeg is the state after reading `-` during a number.
+func stateNeg(s *scanner, c byte) int {
+	if c == '0' {
+		s.step = state0
+		return scanContinue
+	}
+	if '1' <= c && c <= '9' {
+		s.step = state1
+		return scanContinue
+	}
+	return s.error(c, "in numeric literal")
+}
+
+// state1 is the state after reading a non-zero integer during a number,
+// such as after reading `1` or `100` but not `0`.
+func state1(s *scanner, c byte) int {
+	if '0' <= c && c <= '9' {
+		s.step = state1
+		return scanContinue
+	}
+	return state0(s, c)
+}
+
+// state0 is the state after reading `0` during a number.
+func state0(s *scanner, c byte) int {
+	if c == '.' {
+		s.step = stateDot
+		return scanContinue
+	}
+	if c == 'e' || c == 'E' {
+		s.step = stateE
+		return scanContinue
+	}
+	return stateEndValue(s, c)
+}
+
+// stateDot is the state after reading the integer and decimal point in a number,
+// such as after reading `1.`.
+func stateDot(s *scanner, c byte) int {
+	if '0' <= c && c <= '9' {
+		s.step = stateDot0
+		return scanContinue
+	}
+	return s.error(c, "after decimal point in numeric literal")
+}
+
+// stateDot0 is the state after reading the integer, decimal point, and subsequent
+// digits of a number, such as after reading `3.14`.
+func stateDot0(s *scanner, c byte) int {
+	if '0' <= c && c <= '9' {
+		return scanContinue
+	}
+	if c == 'e' || c == 'E' {
+		s.step = stateE
+		return scanContinue
+	}
+	return stateEndValue(s, c)
+}
+
+// stateE is the state after reading the mantissa and e in a number,
+// such as after reading `314e` or `0.314e`.
+func stateE(s *scanner, c byte) int {
+	if c == '+' || c == '-' {
+		s.step = stateESign
+		return scanContinue
+	}
+	return stateESign(s, c)
+}
+
+// stateESign is the state after reading the mantissa, e, and sign in a number,
+// such as after reading `314e-` or `0.314e+`.
+func stateESign(s *scanner, c byte) int {
+	if '0' <= c && c <= '9' {
+		s.step = stateE0
+		return scanContinue
+	}
+	return s.error(c, "in exponent of numeric literal")
+}
+
+// stateE0 is the state after reading the mantissa, e, optional sign,
+// and at least one digit of the exponent in a number,
+// such as after reading `314e-2` or `0.314e+1` or `3.14e0`.
+func stateE0(s *scanner, c byte) int {
+	if '0' <= c && c <= '9' {
+		return scanContinue
+	}
+	return stateEndValue(s, c)
+}
+
+// stateT is the state after reading `t`.
+func stateT(s *scanner, c byte) int {
+	if c == 'r' {
+		s.step = stateTr
+		return scanContinue
+	}
+	return s.error(c, "in literal true (expecting 'r')")
+}
+
+// stateTr is the state after reading `tr`.
+func stateTr(s *scanner, c byte) int {
+	if c == 'u' {
+		s.step = stateTru
+		return scanContinue
+	}
+	return s.error(c, "in literal true (expecting 'u')")
+}
+
+// stateTru is the state after reading `tru`.
+func stateTru(s *scanner, c byte) int {
+	if c == 'e' {
+		s.step = stateEndValue
+		return scanContinue
+	}
+	return s.error(c, "in literal true (expecting 'e')")
+}
+
+// stateF is the state after reading `f`.
+func stateF(s *scanner, c byte) int {
+	if c == 'a' {
+		s.step = stateFa
+		return scanContinue
+	}
+	return s.error(c, "in literal false (expecting 'a')")
+}
+
+// stateFa is the state after reading `fa`.
+func stateFa(s *scanner, c byte) int {
+	if c == 'l' {
+		s.step = stateFal
+		return scanContinue
+	}
+	return s.error(c, "in literal false (expecting 'l')")
+}
+
+// stateFal is the state after reading `fal`.
+func stateFal(s *scanner, c byte) int {
+	if c == 's' {
+		s.step = stateFals
+		return scanContinue
+	}
+	return s.error(c, "in literal false (expecting 's')")
+}
+
+// stateFals is the state after reading `fals`.
+func stateFals(s *scanner, c byte) int {
+	if c == 'e' {
+		s.step = stateEndValue
+		return scanContinue
+	}
+	return s.error(c, "in literal false (expecting 'e')")
+}
+
+// stateN is the state after reading `n`.
+func stateN(s *scanner, c byte) int {
+	if c == 'u' {
+		s.step = stateNu
+		return scanContinue
+	}
+	return s.error(c, "in literal null (expecting 'u')")
+}
+
+// stateNu is the state after reading `nu`.
+func stateNu(s *scanner, c byte) int {
+	if c == 'l' {
+		s.step = stateNul
+		return scanContinue
+	}
+	return s.error(c, "in literal null (expecting 'l')")
+}
+
+// stateNul is the state after reading `nul`.
+func stateNul(s *scanner, c byte) int {
+	if c == 'l' {
+		s.step = stateEndValue
+		return scanContinue
+	}
+	return s.error(c, "in literal null (expecting 'l')")
+}
+
+// stateError is the state after reaching a syntax error,
+// such as after reading `[1}` or `5.1.2`.
+func stateError(s *scanner, c byte) int {
+	return scanError
+}
+
+// error records an error and switches to the error state.
+func (s *scanner) error(c byte, context string) int {
+	s.step = stateError
+	s.err = &SyntaxError{"invalid character " + quoteChar(c) + " " + context, s.bytes}
+	return scanError
+}
+
+// quoteChar formats c as a quoted character literal.
+func quoteChar(c byte) string {
+	// special cases - different from quoted strings
+	if c == '\'' {
+		return `'\''`
+	}
+	if c == '"' {
+		return `'"'`
+	}
+
+	// use quoted string with different quotation marks
+	s := strconv.Quote(string(c))
+	return "'" + s[1:len(s)-1] + "'"
+}
diff --git a/vendor/github.com/evanphx/json-patch/v5/internal/json/stream.go b/vendor/github.com/evanphx/json-patch/v5/internal/json/stream.go
new file mode 100644
index 00000000000..5598ce11fe4
--- /dev/null
+++ b/vendor/github.com/evanphx/json-patch/v5/internal/json/stream.go
@@ -0,0 +1,495 @@
+// Copyright 2010 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package json
+
+import (
+	"bytes"
+	"encoding/json"
+	"io"
+)
+
+// A Decoder reads and decodes JSON values from an input stream.
+type Decoder struct {
+	r       io.Reader
+	buf     []byte
+	d       decodeState
+	scanp   int   // start of unread data in buf
+	scanned int64 // amount of data already scanned
+	scan    scanner
+	err     error
+
+	tokenState int
+	tokenStack []int
+}
+
+// NewDecoder returns a new decoder that reads from r.
+//
+// The decoder introduces its own buffering and may
+// read data from r beyond the JSON values requested.
+func NewDecoder(r io.Reader) *Decoder {
+	return &Decoder{r: r}
+}
+
+// UseNumber causes the Decoder to unmarshal a number into an interface{} as a
+// Number instead of as a float64.
+func (dec *Decoder) UseNumber() { dec.d.useNumber = true }
+
+// DisallowUnknownFields causes the Decoder to return an error when the destination
+// is a struct and the input contains object keys which do not match any
+// non-ignored, exported fields in the destination.
+func (dec *Decoder) DisallowUnknownFields() { dec.d.disallowUnknownFields = true }
+
+// Decode reads the next JSON-encoded value from its
+// input and stores it in the value pointed to by v.
+//
+// See the documentation for Unmarshal for details about
+// the conversion of JSON into a Go value.
+func (dec *Decoder) Decode(v any) error {
+	if dec.err != nil {
+		return dec.err
+	}
+
+	if err := dec.tokenPrepareForDecode(); err != nil {
+		return err
+	}
+
+	if !dec.tokenValueAllowed() {
+		return &SyntaxError{msg: "not at beginning of value", Offset: dec.InputOffset()}
+	}
+
+	// Read whole value into buffer.
+	n, err := dec.readValue()
+	if err != nil {
+		return err
+	}
+	dec.d.init(dec.buf[dec.scanp : dec.scanp+n])
+	dec.scanp += n
+
+	// Don't save err from unmarshal into dec.err:
+	// the connection is still usable since we read a complete JSON
+	// object from it before the error happened.
+	err = dec.d.unmarshal(v)
+
+	// fixup token streaming state
+	dec.tokenValueEnd()
+
+	return err
+}
+
+// Buffered returns a reader of the data remaining in the Decoder's
+// buffer. The reader is valid until the next call to Decode.
+func (dec *Decoder) Buffered() io.Reader {
+	return bytes.NewReader(dec.buf[dec.scanp:])
+}
+
+// readValue reads a JSON value into dec.buf.
+// It returns the length of the encoding.
+func (dec *Decoder) readValue() (int, error) {
+	dec.scan.reset()
+
+	scanp := dec.scanp
+	var err error
+Input:
+	// help the compiler see that scanp is never negative, so it can remove
+	// some bounds checks below.
+	for scanp >= 0 {
+
+		// Look in the buffer for a new value.
+		for ; scanp < len(dec.buf); scanp++ {
+			c := dec.buf[scanp]
+			dec.scan.bytes++
+			switch dec.scan.step(&dec.scan, c) {
+			case scanEnd:
+				// scanEnd is delayed one byte so we decrement
+				// the scanner bytes count by 1 to ensure that
+				// this value is correct in the next call of Decode.
+				dec.scan.bytes--
+				break Input
+			case scanEndObject, scanEndArray:
+				// scanEnd is delayed one byte.
+				// We might block trying to get that byte from src,
+				// so instead invent a space byte.
+				if stateEndValue(&dec.scan, ' ') == scanEnd {
+					scanp++
+					break Input
+				}
+			case scanError:
+				dec.err = dec.scan.err
+				return 0, dec.scan.err
+			}
+		}
+
+		// Did the last read have an error?
+		// Delayed until now to allow buffer scan.
+		if err != nil {
+			if err == io.EOF {
+				if dec.scan.step(&dec.scan, ' ') == scanEnd {
+					break Input
+				}
+				if nonSpace(dec.buf) {
+					err = io.ErrUnexpectedEOF
+				}
+			}
+			dec.err = err
+			return 0, err
+		}
+
+		n := scanp - dec.scanp
+		err = dec.refill()
+		scanp = dec.scanp + n
+	}
+	return scanp - dec.scanp, nil
+}
+
+func (dec *Decoder) refill() error {
+	// Make room to read more into the buffer.
+	// First slide down data already consumed.
+	if dec.scanp > 0 {
+		dec.scanned += int64(dec.scanp)
+		n := copy(dec.buf, dec.buf[dec.scanp:])
+		dec.buf = dec.buf[:n]
+		dec.scanp = 0
+	}
+
+	// Grow buffer if not large enough.
+	const minRead = 512
+	if cap(dec.buf)-len(dec.buf) < minRead {
+		newBuf := make([]byte, len(dec.buf), 2*cap(dec.buf)+minRead)
+		copy(newBuf, dec.buf)
+		dec.buf = newBuf
+	}
+
+	// Read. Delay error for next iteration (after scan).
+	n, err := dec.r.Read(dec.buf[len(dec.buf):cap(dec.buf)])
+	dec.buf = dec.buf[0 : len(dec.buf)+n]
+
+	return err
+}
+
+func nonSpace(b []byte) bool {
+	for _, c := range b {
+		if !isSpace(c) {
+			return true
+		}
+	}
+	return false
+}
+
+// An Encoder writes JSON values to an output stream.
+type Encoder struct {
+	w          io.Writer
+	err        error
+	escapeHTML bool
+
+	indentBuf    *bytes.Buffer
+	indentPrefix string
+	indentValue  string
+}
+
+// NewEncoder returns a new encoder that writes to w.
+func NewEncoder(w io.Writer) *Encoder {
+	return &Encoder{w: w, escapeHTML: true}
+}
+
+// Encode writes the JSON encoding of v to the stream,
+// followed by a newline character.
+//
+// See the documentation for Marshal for details about the
+// conversion of Go values to JSON.
+func (enc *Encoder) Encode(v any) error {
+	if enc.err != nil {
+		return enc.err
+	}
+
+	e := newEncodeState()
+	defer encodeStatePool.Put(e)
+
+	err := e.marshal(v, encOpts{escapeHTML: enc.escapeHTML})
+	if err != nil {
+		return err
+	}
+
+	// Terminate each value with a newline.
+	// This makes the output look a little nicer
+	// when debugging, and some kind of space
+	// is required if the encoded value was a number,
+	// so that the reader knows there aren't more
+	// digits coming.
+	e.WriteByte('\n')
+
+	b := e.Bytes()
+	if enc.indentPrefix != "" || enc.indentValue != "" {
+		if enc.indentBuf == nil {
+			enc.indentBuf = new(bytes.Buffer)
+		}
+		enc.indentBuf.Reset()
+		err = Indent(enc.indentBuf, b, enc.indentPrefix, enc.indentValue)
+		if err != nil {
+			return err
+		}
+		b = enc.indentBuf.Bytes()
+	}
+	if _, err = enc.w.Write(b); err != nil {
+		enc.err = err
+	}
+	return err
+}
+
+// SetIndent instructs the encoder to format each subsequent encoded
+// value as if indented by the package-level function Indent(dst, src, prefix, indent).
+// Calling SetIndent("", "") disables indentation.
+func (enc *Encoder) SetIndent(prefix, indent string) {
+	enc.indentPrefix = prefix
+	enc.indentValue = indent
+}
+
+// SetEscapeHTML specifies whether problematic HTML characters
+// should be escaped inside JSON quoted strings.
+// The default behavior is to escape &, <, and > to \u0026, \u003c, and \u003e
+// to avoid certain safety problems that can arise when embedding JSON in HTML.
+//
+// In non-HTML settings where the escaping interferes with the readability
+// of the output, SetEscapeHTML(false) disables this behavior.
+func (enc *Encoder) SetEscapeHTML(on bool) {
+	enc.escapeHTML = on
+}
+
+// RawMessage is a raw encoded JSON value.
+// It implements Marshaler and Unmarshaler and can
+// be used to delay JSON decoding or precompute a JSON encoding.
+type RawMessage = json.RawMessage
+
+// A Token holds a value of one of these types:
+//
+//	Delim, for the four JSON delimiters [ ] { }
+//	bool, for JSON booleans
+//	float64, for JSON numbers
+//	Number, for JSON numbers
+//	string, for JSON string literals
+//	nil, for JSON null
+type Token any
+
+const (
+	tokenTopValue = iota
+	tokenArrayStart
+	tokenArrayValue
+	tokenArrayComma
+	tokenObjectStart
+	tokenObjectKey
+	tokenObjectColon
+	tokenObjectValue
+	tokenObjectComma
+)
+
+// advance tokenstate from a separator state to a value state
+func (dec *Decoder) tokenPrepareForDecode() error {
+	// Note: Not calling peek before switch, to avoid
+	// putting peek into the standard Decode path.
+	// peek is only called when using the Token API.
+	switch dec.tokenState {
+	case tokenArrayComma:
+		c, err := dec.peek()
+		if err != nil {
+			return err
+		}
+		if c != ',' {
+			return &SyntaxError{"expected comma after array element", dec.InputOffset()}
+		}
+		dec.scanp++
+		dec.tokenState = tokenArrayValue
+	case tokenObjectColon:
+		c, err := dec.peek()
+		if err != nil {
+			return err
+		}
+		if c != ':' {
+			return &SyntaxError{"expected colon after object key", dec.InputOffset()}
+		}
+		dec.scanp++
+		dec.tokenState = tokenObjectValue
+	}
+	return nil
+}
+
+func (dec *Decoder) tokenValueAllowed() bool {
+	switch dec.tokenState {
+	case tokenTopValue, tokenArrayStart, tokenArrayValue, tokenObjectValue:
+		return true
+	}
+	return false
+}
+
+func (dec *Decoder) tokenValueEnd() {
+	switch dec.tokenState {
+	case tokenArrayStart, tokenArrayValue:
+		dec.tokenState = tokenArrayComma
+	case tokenObjectValue:
+		dec.tokenState = tokenObjectComma
+	}
+}
+
+// A Delim is a JSON array or object delimiter, one of [ ] { or }.
+type Delim rune
+
+func (d Delim) String() string {
+	return string(d)
+}
+
+// Token returns the next JSON token in the input stream.
+// At the end of the input stream, Token returns nil, io.EOF.
+//
+// Token guarantees that the delimiters [ ] { } it returns are
+// properly nested and matched: if Token encounters an unexpected
+// delimiter in the input, it will return an error.
+//
+// The input stream consists of basic JSON values—bool, string,
+// number, and null—along with delimiters [ ] { } of type Delim
+// to mark the start and end of arrays and objects.
+// Commas and colons are elided.
+func (dec *Decoder) Token() (Token, error) {
+	for {
+		c, err := dec.peek()
+		if err != nil {
+			return nil, err
+		}
+		switch c {
+		case '[':
+			if !dec.tokenValueAllowed() {
+				return dec.tokenError(c)
+			}
+			dec.scanp++
+			dec.tokenStack = append(dec.tokenStack, dec.tokenState)
+			dec.tokenState = tokenArrayStart
+			return Delim('['), nil
+
+		case ']':
+			if dec.tokenState != tokenArrayStart && dec.tokenState != tokenArrayComma {
+				return dec.tokenError(c)
+			}
+			dec.scanp++
+			dec.tokenState = dec.tokenStack[len(dec.tokenStack)-1]
+			dec.tokenStack = dec.tokenStack[:len(dec.tokenStack)-1]
+			dec.tokenValueEnd()
+			return Delim(']'), nil
+
+		case '{':
+			if !dec.tokenValueAllowed() {
+				return dec.tokenError(c)
+			}
+			dec.scanp++
+			dec.tokenStack = append(dec.tokenStack, dec.tokenState)
+			dec.tokenState = tokenObjectStart
+			return Delim('{'), nil
+
+		case '}':
+			if dec.tokenState != tokenObjectStart && dec.tokenState != tokenObjectComma {
+				return dec.tokenError(c)
+			}
+			dec.scanp++
+			dec.tokenState = dec.tokenStack[len(dec.tokenStack)-1]
+			dec.tokenStack = dec.tokenStack[:len(dec.tokenStack)-1]
+			dec.tokenValueEnd()
+			return Delim('}'), nil
+
+		case ':':
+			if dec.tokenState != tokenObjectColon {
+				return dec.tokenError(c)
+			}
+			dec.scanp++
+			dec.tokenState = tokenObjectValue
+			continue
+
+		case ',':
+			if dec.tokenState == tokenArrayComma {
+				dec.scanp++
+				dec.tokenState = tokenArrayValue
+				continue
+			}
+			if dec.tokenState == tokenObjectComma {
+				dec.scanp++
+				dec.tokenState = tokenObjectKey
+				continue
+			}
+			return dec.tokenError(c)
+
+		case '"':
+			if dec.tokenState == tokenObjectStart || dec.tokenState == tokenObjectKey {
+				var x string
+				old := dec.tokenState
+				dec.tokenState = tokenTopValue
+				err := dec.Decode(&x)
+				dec.tokenState = old
+				if err != nil {
+					return nil, err
+				}
+				dec.tokenState = tokenObjectColon
+				return x, nil
+			}
+			fallthrough
+
+		default:
+			if !dec.tokenValueAllowed() {
+				return dec.tokenError(c)
+			}
+			var x any
+			if err := dec.Decode(&x); err != nil {
+				return nil, err
+			}
+			return x, nil
+		}
+	}
+}
+
+func (dec *Decoder) tokenError(c byte) (Token, error) {
+	var context string
+	switch dec.tokenState {
+	case tokenTopValue:
+		context = " looking for beginning of value"
+	case tokenArrayStart, tokenArrayValue, tokenObjectValue:
+		context = " looking for beginning of value"
+	case tokenArrayComma:
+		context = " after array element"
+	case tokenObjectKey:
+		context = " looking for beginning of object key string"
+	case tokenObjectColon:
+		context = " after object key"
+	case tokenObjectComma:
+		context = " after object key:value pair"
+	}
+	return nil, &SyntaxError{"invalid character " + quoteChar(c) + context, dec.InputOffset()}
+}
+
+// More reports whether there is another element in the
+// current array or object being parsed.
+func (dec *Decoder) More() bool {
+	c, err := dec.peek()
+	return err == nil && c != ']' && c != '}'
+}
+
+func (dec *Decoder) peek() (byte, error) {
+	var err error
+	for {
+		for i := dec.scanp; i < len(dec.buf); i++ {
+			c := dec.buf[i]
+			if isSpace(c) {
+				continue
+			}
+			dec.scanp = i
+			return c, nil
+		}
+		// buffer has been scanned, now report any error
+		if err != nil {
+			return 0, err
+		}
+		err = dec.refill()
+	}
+}
+
+// InputOffset returns the input stream byte offset of the current decoder position.
+// The offset gives the location of the end of the most recently returned token
+// and the beginning of the next token.
+func (dec *Decoder) InputOffset() int64 {
+	return dec.scanned + int64(dec.scanp)
+}
diff --git a/vendor/github.com/evanphx/json-patch/v5/internal/json/tables.go b/vendor/github.com/evanphx/json-patch/v5/internal/json/tables.go
new file mode 100644
index 00000000000..10acdc18c6b
--- /dev/null
+++ b/vendor/github.com/evanphx/json-patch/v5/internal/json/tables.go
@@ -0,0 +1,218 @@
+// Copyright 2016 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package json
+
+import "unicode/utf8"
+
+// safeSet holds the value true if the ASCII character with the given array
+// position can be represented inside a JSON string without any further
+// escaping.
+//
+// All values are true except for the ASCII control characters (0-31), the
+// double quote ("), and the backslash character ("\").
+var safeSet = [utf8.RuneSelf]bool{
+	' ':      true,
+	'!':      true,
+	'"':      false,
+	'#':      true,
+	'$':      true,
+	'%':      true,
+	'&':      true,
+	'\'':     true,
+	'(':      true,
+	')':      true,
+	'*':      true,
+	'+':      true,
+	',':      true,
+	'-':      true,
+	'.':      true,
+	'/':      true,
+	'0':      true,
+	'1':      true,
+	'2':      true,
+	'3':      true,
+	'4':      true,
+	'5':      true,
+	'6':      true,
+	'7':      true,
+	'8':      true,
+	'9':      true,
+	':':      true,
+	';':      true,
+	'<':      true,
+	'=':      true,
+	'>':      true,
+	'?':      true,
+	'@':      true,
+	'A':      true,
+	'B':      true,
+	'C':      true,
+	'D':      true,
+	'E':      true,
+	'F':      true,
+	'G':      true,
+	'H':      true,
+	'I':      true,
+	'J':      true,
+	'K':      true,
+	'L':      true,
+	'M':      true,
+	'N':      true,
+	'O':      true,
+	'P':      true,
+	'Q':      true,
+	'R':      true,
+	'S':      true,
+	'T':      true,
+	'U':      true,
+	'V':      true,
+	'W':      true,
+	'X':      true,
+	'Y':      true,
+	'Z':      true,
+	'[':      true,
+	'\\':     false,
+	']':      true,
+	'^':      true,
+	'_':      true,
+	'`':      true,
+	'a':      true,
+	'b':      true,
+	'c':      true,
+	'd':      true,
+	'e':      true,
+	'f':      true,
+	'g':      true,
+	'h':      true,
+	'i':      true,
+	'j':      true,
+	'k':      true,
+	'l':      true,
+	'm':      true,
+	'n':      true,
+	'o':      true,
+	'p':      true,
+	'q':      true,
+	'r':      true,
+	's':      true,
+	't':      true,
+	'u':      true,
+	'v':      true,
+	'w':      true,
+	'x':      true,
+	'y':      true,
+	'z':      true,
+	'{':      true,
+	'|':      true,
+	'}':      true,
+	'~':      true,
+	'\u007f': true,
+}
+
+// htmlSafeSet holds the value true if the ASCII character with the given
+// array position can be safely represented inside a JSON string, embedded
+// inside of HTML <script> tags, without any additional escaping.
+//
+// All values are true except for the ASCII control characters (0-31), the
+// double quote ("), the backslash character ("\"), HTML opening and closing
+// tags ("<" and ">"), and the ampersand ("&").
+var htmlSafeSet = [utf8.RuneSelf]bool{
+	' ':      true,
+	'!':      true,
+	'"':      false,
+	'#':      true,
+	'$':      true,
+	'%':      true,
+	'&':      false,
+	'\'':     true,
+	'(':      true,
+	')':      true,
+	'*':      true,
+	'+':      true,
+	',':      true,
+	'-':      true,
+	'.':      true,
+	'/':      true,
+	'0':      true,
+	'1':      true,
+	'2':      true,
+	'3':      true,
+	'4':      true,
+	'5':      true,
+	'6':      true,
+	'7':      true,
+	'8':      true,
+	'9':      true,
+	':':      true,
+	';':      true,
+	'<':      false,
+	'=':      true,
+	'>':      false,
+	'?':      true,
+	'@':      true,
+	'A':      true,
+	'B':      true,
+	'C':      true,
+	'D':      true,
+	'E':      true,
+	'F':      true,
+	'G':      true,
+	'H':      true,
+	'I':      true,
+	'J':      true,
+	'K':      true,
+	'L':      true,
+	'M':      true,
+	'N':      true,
+	'O':      true,
+	'P':      true,
+	'Q':      true,
+	'R':      true,
+	'S':      true,
+	'T':      true,
+	'U':      true,
+	'V':      true,
+	'W':      true,
+	'X':      true,
+	'Y':      true,
+	'Z':      true,
+	'[':      true,
+	'\\':     false,
+	']':      true,
+	'^':      true,
+	'_':      true,
+	'`':      true,
+	'a':      true,
+	'b':      true,
+	'c':      true,
+	'd':      true,
+	'e':      true,
+	'f':      true,
+	'g':      true,
+	'h':      true,
+	'i':      true,
+	'j':      true,
+	'k':      true,
+	'l':      true,
+	'm':      true,
+	'n':      true,
+	'o':      true,
+	'p':      true,
+	'q':      true,
+	'r':      true,
+	's':      true,
+	't':      true,
+	'u':      true,
+	'v':      true,
+	'w':      true,
+	'x':      true,
+	'y':      true,
+	'z':      true,
+	'{':      true,
+	'|':      true,
+	'}':      true,
+	'~':      true,
+	'\u007f': true,
+}
diff --git a/vendor/github.com/evanphx/json-patch/v5/internal/json/tags.go b/vendor/github.com/evanphx/json-patch/v5/internal/json/tags.go
new file mode 100644
index 00000000000..b490328f4c4
--- /dev/null
+++ b/vendor/github.com/evanphx/json-patch/v5/internal/json/tags.go
@@ -0,0 +1,38 @@
+// Copyright 2011 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package json
+
+import (
+	"strings"
+)
+
+// tagOptions is the string following a comma in a struct field's "json"
+// tag, or the empty string. It does not include the leading comma.
+type tagOptions string
+
+// parseTag splits a struct field's json tag into its name and
+// comma-separated options.
+func parseTag(tag string) (string, tagOptions) {
+	tag, opt, _ := strings.Cut(tag, ",")
+	return tag, tagOptions(opt)
+}
+
+// Contains reports whether a comma-separated list of options
+// contains a particular substr flag. substr must be surrounded by a
+// string boundary or commas.
+func (o tagOptions) Contains(optionName string) bool {
+	if len(o) == 0 {
+		return false
+	}
+	s := string(o)
+	for s != "" {
+		var name string
+		name, s, _ = strings.Cut(s, ",")
+		if name == optionName {
+			return true
+		}
+	}
+	return false
+}
diff --git a/vendor/github.com/evanphx/json-patch/v5/merge.go b/vendor/github.com/evanphx/json-patch/v5/merge.go
index a7c45734285..bbe9f85f28e 100644
--- a/vendor/github.com/evanphx/json-patch/v5/merge.go
+++ b/vendor/github.com/evanphx/json-patch/v5/merge.go
@@ -2,9 +2,12 @@ package jsonpatch
 
 import (
 	"bytes"
-	"encoding/json"
+	"errors"
 	"fmt"
+	"io"
 	"reflect"
+
+	"github.com/evanphx/json-patch/v5/internal/json"
 )
 
 func merge(cur, patch *lazyNode, mergeMerge bool) *lazyNode {
@@ -88,14 +91,14 @@ func pruneDocNulls(doc *partialDoc) *partialDoc {
 func pruneAryNulls(ary *partialArray) *partialArray {
 	newAry := []*lazyNode{}
 
-	for _, v := range *ary {
+	for _, v := range ary.nodes {
 		if v != nil {
 			pruneNulls(v)
 		}
 		newAry = append(newAry, v)
 	}
 
-	*ary = newAry
+	ary.nodes = newAry
 
 	return ary
 }
@@ -117,20 +120,28 @@ func MergePatch(docData, patchData []byte) ([]byte, error) {
 }
 
 func doMergePatch(docData, patchData []byte, mergeMerge bool) ([]byte, error) {
+	if !json.Valid(docData) {
+		return nil, errBadJSONDoc
+	}
+
+	if !json.Valid(patchData) {
+		return nil, errBadJSONPatch
+	}
+
 	doc := &partialDoc{}
 
-	docErr := json.Unmarshal(docData, doc)
+	docErr := doc.UnmarshalJSON(docData)
 
 	patch := &partialDoc{}
 
-	patchErr := json.Unmarshal(patchData, patch)
+	patchErr := patch.UnmarshalJSON(patchData)
 
 	if isSyntaxError(docErr) {
 		return nil, errBadJSONDoc
 	}
 
 	if isSyntaxError(patchErr) {
-		return nil, errBadJSONPatch
+		return patchData, nil
 	}
 
 	if docErr == nil && doc.obj == nil {
@@ -138,7 +149,7 @@ func doMergePatch(docData, patchData []byte, mergeMerge bool) ([]byte, error) {
 	}
 
 	if patchErr == nil && patch.obj == nil {
-		return nil, errBadJSONPatch
+		return patchData, nil
 	}
 
 	if docErr != nil || patchErr != nil {
@@ -151,15 +162,19 @@ func doMergePatch(docData, patchData []byte, mergeMerge bool) ([]byte, error) {
 			}
 		} else {
 			patchAry := &partialArray{}
-			patchErr = json.Unmarshal(patchData, patchAry)
+			patchErr = unmarshal(patchData, &patchAry.nodes)
 
 			if patchErr != nil {
+				// Not an array either, a literal is the result directly.
+				if json.Valid(patchData) {
+					return patchData, nil
+				}
 				return nil, errBadJSONPatch
 			}
 
 			pruneAryNulls(patchAry)
 
-			out, patchErr := json.Marshal(patchAry)
+			out, patchErr := json.Marshal(patchAry.nodes)
 
 			if patchErr != nil {
 				return nil, errBadJSONPatch
@@ -175,6 +190,12 @@ func doMergePatch(docData, patchData []byte, mergeMerge bool) ([]byte, error) {
 }
 
 func isSyntaxError(err error) bool {
+	if errors.Is(err, io.EOF) {
+		return true
+	}
+	if errors.Is(err, io.ErrUnexpectedEOF) {
+		return true
+	}
 	if _, ok := err.(*json.SyntaxError); ok {
 		return true
 	}
@@ -227,12 +248,12 @@ func createObjectMergePatch(originalJSON, modifiedJSON []byte) ([]byte, error) {
 	originalDoc := map[string]interface{}{}
 	modifiedDoc := map[string]interface{}{}
 
-	err := json.Unmarshal(originalJSON, &originalDoc)
+	err := unmarshal(originalJSON, &originalDoc)
 	if err != nil {
 		return nil, errBadJSONDoc
 	}
 
-	err = json.Unmarshal(modifiedJSON, &modifiedDoc)
+	err = unmarshal(modifiedJSON, &modifiedDoc)
 	if err != nil {
 		return nil, errBadJSONDoc
 	}
@@ -245,6 +266,10 @@ func createObjectMergePatch(originalJSON, modifiedJSON []byte) ([]byte, error) {
 	return json.Marshal(dest)
 }
 
+func unmarshal(data []byte, into interface{}) error {
+	return json.UnmarshalValid(data, into)
+}
+
 // createArrayMergePatch will return an array of merge-patch documents capable
 // of converting the original document to the modified document for each
 // pair of JSON documents provided in the arrays.
@@ -253,12 +278,12 @@ func createArrayMergePatch(originalJSON, modifiedJSON []byte) ([]byte, error) {
 	originalDocs := []json.RawMessage{}
 	modifiedDocs := []json.RawMessage{}
 
-	err := json.Unmarshal(originalJSON, &originalDocs)
+	err := unmarshal(originalJSON, &originalDocs)
 	if err != nil {
 		return nil, errBadJSONDoc
 	}
 
-	err = json.Unmarshal(modifiedJSON, &modifiedDocs)
+	err = unmarshal(modifiedJSON, &modifiedDocs)
 	if err != nil {
 		return nil, errBadJSONDoc
 	}
@@ -314,6 +339,11 @@ func matchesValue(av, bv interface{}) bool {
 		if bt == at {
 			return true
 		}
+	case json.Number:
+		bt := bv.(json.Number)
+		if bt == at {
+			return true
+		}
 	case float64:
 		bt := bv.(float64)
 		if bt == at {
@@ -377,7 +407,7 @@ func getDiff(a, b map[string]interface{}) (map[string]interface{}, error) {
 			if len(dst) > 0 {
 				into[key] = dst
 			}
-		case string, float64, bool:
+		case string, float64, bool, json.Number:
 			if !matchesValue(av, bv) {
 				into[key] = bv
 			}
diff --git a/vendor/github.com/evanphx/json-patch/v5/patch.go b/vendor/github.com/evanphx/json-patch/v5/patch.go
index 73ff2c51572..a3bbf1c73b8 100644
--- a/vendor/github.com/evanphx/json-patch/v5/patch.go
+++ b/vendor/github.com/evanphx/json-patch/v5/patch.go
@@ -2,11 +2,12 @@ package jsonpatch
 
 import (
 	"bytes"
-	"encoding/json"
 	"fmt"
 	"strconv"
 	"strings"
+	"unicode"
 
+	"github.com/evanphx/json-patch/v5/internal/json"
 	"github.com/pkg/errors"
 )
 
@@ -45,7 +46,7 @@ var (
 type lazyNode struct {
 	raw   *json.RawMessage
 	doc   *partialDoc
-	ary   partialArray
+	ary   *partialArray
 	which int
 }
 
@@ -56,11 +57,15 @@ type Operation map[string]*json.RawMessage
 type Patch []Operation
 
 type partialDoc struct {
+	self *lazyNode
 	keys []string
 	obj  map[string]*lazyNode
 }
 
-type partialArray []*lazyNode
+type partialArray struct {
+	self  *lazyNode
+	nodes []*lazyNode
+}
 
 type container interface {
 	get(key string, options *ApplyOptions) (*lazyNode, error)
@@ -107,14 +112,14 @@ func newRawMessage(buf []byte) *json.RawMessage {
 	return &ra
 }
 
-func (n *lazyNode) MarshalJSON() ([]byte, error) {
+func (n *lazyNode) RedirectMarshalJSON() (any, error) {
 	switch n.which {
 	case eRaw:
-		return json.Marshal(n.raw)
+		return n.raw, nil
 	case eDoc:
-		return json.Marshal(n.doc)
+		return n.doc, nil
 	case eAry:
-		return json.Marshal(n.ary)
+		return n.ary.nodes, nil
 	default:
 		return nil, ErrUnknownType
 	}
@@ -128,39 +133,38 @@ func (n *lazyNode) UnmarshalJSON(data []byte) error {
 	return nil
 }
 
-func (n *partialDoc) MarshalJSON() ([]byte, error) {
-	var buf bytes.Buffer
-	if _, err := buf.WriteString("{"); err != nil {
-		return nil, err
+func (n *partialDoc) TrustMarshalJSON(buf *bytes.Buffer) error {
+	if err := buf.WriteByte('{'); err != nil {
+		return err
 	}
 	for i, k := range n.keys {
 		if i > 0 {
-			if _, err := buf.WriteString(", "); err != nil {
-				return nil, err
+			if err := buf.WriteByte(','); err != nil {
+				return err
 			}
 		}
 		key, err := json.Marshal(k)
 		if err != nil {
-			return nil, err
+			return err
 		}
 		if _, err := buf.Write(key); err != nil {
-			return nil, err
+			return err
 		}
-		if _, err := buf.WriteString(": "); err != nil {
-			return nil, err
+		if err := buf.WriteByte(':'); err != nil {
+			return err
 		}
 		value, err := json.Marshal(n.obj[k])
 		if err != nil {
-			return nil, err
+			return err
 		}
 		if _, err := buf.Write(value); err != nil {
-			return nil, err
+			return err
 		}
 	}
-	if _, err := buf.WriteString("}"); err != nil {
-		return nil, err
+	if err := buf.WriteByte('}'); err != nil {
+		return err
 	}
-	return buf.Bytes(), nil
+	return nil
 }
 
 type syntaxError struct {
@@ -172,70 +176,29 @@ func (err *syntaxError) Error() string {
 }
 
 func (n *partialDoc) UnmarshalJSON(data []byte) error {
-	if err := json.Unmarshal(data, &n.obj); err != nil {
-		return err
-	}
-	buffer := bytes.NewBuffer(data)
-	d := json.NewDecoder(buffer)
-	if t, err := d.Token(); err != nil {
+	keys, err := json.UnmarshalValidWithKeys(data, &n.obj)
+	if err != nil {
 		return err
-	} else if t != startObject {
-		return &syntaxError{fmt.Sprintf("unexpected JSON token in document node: %v", t)}
-	}
-	for d.More() {
-		k, err := d.Token()
-		if err != nil {
-			return err
-		}
-		key, ok := k.(string)
-		if !ok {
-			return &syntaxError{fmt.Sprintf("unexpected JSON token as document node key: %s", k)}
-		}
-		if err := skipValue(d); err != nil {
-			return err
-		}
-		n.keys = append(n.keys, key)
 	}
+
+	n.keys = keys
+
 	return nil
 }
 
-func skipValue(d *json.Decoder) error {
-	t, err := d.Token()
-	if err != nil {
-		return err
-	}
-	if t != startObject && t != startArray {
-		return nil
-	}
-	for d.More() {
-		if t == startObject {
-			// consume key token
-			if _, err := d.Token(); err != nil {
-				return err
-			}
-		}
-		if err := skipValue(d); err != nil {
-			return err
-		}
-	}
-	end, err := d.Token()
-	if err != nil {
-		return err
-	}
-	if t == startObject && end != endObject {
-		return &syntaxError{msg: "expected close object token"}
-	}
-	if t == startArray && end != endArray {
-		return &syntaxError{msg: "expected close object token"}
-	}
-	return nil
+func (n *partialArray) UnmarshalJSON(data []byte) error {
+	return json.UnmarshalValid(data, &n.nodes)
+}
+
+func (n *partialArray) RedirectMarshalJSON() (interface{}, error) {
+	return n.nodes, nil
 }
 
 func deepCopy(src *lazyNode) (*lazyNode, int, error) {
 	if src == nil {
 		return nil, 0, nil
 	}
-	a, err := src.MarshalJSON()
+	a, err := json.Marshal(src)
 	if err != nil {
 		return nil, 0, err
 	}
@@ -243,6 +206,16 @@ func deepCopy(src *lazyNode) (*lazyNode, int, error) {
 	return newLazyNode(newRawMessage(a)), sz, nil
 }
 
+func (n *lazyNode) nextByte() byte {
+	s := []byte(*n.raw)
+
+	for unicode.IsSpace(rune(s[0])) {
+		s = s[1:]
+	}
+
+	return s[0]
+}
+
 func (n *lazyNode) intoDoc() (*partialDoc, error) {
 	if n.which == eDoc {
 		return n.doc, nil
@@ -252,7 +225,15 @@ func (n *lazyNode) intoDoc() (*partialDoc, error) {
 		return nil, ErrInvalid
 	}
 
-	err := json.Unmarshal(*n.raw, &n.doc)
+	if n.nextByte() != '{' {
+		return nil, ErrInvalid
+	}
+
+	err := unmarshal(*n.raw, &n.doc)
+
+	if n.doc == nil {
+		return nil, ErrInvalid
+	}
 
 	if err != nil {
 		return nil, err
@@ -264,21 +245,21 @@ func (n *lazyNode) intoDoc() (*partialDoc, error) {
 
 func (n *lazyNode) intoAry() (*partialArray, error) {
 	if n.which == eAry {
-		return &n.ary, nil
+		return n.ary, nil
 	}
 
 	if n.raw == nil {
 		return nil, ErrInvalid
 	}
 
-	err := json.Unmarshal(*n.raw, &n.ary)
+	err := unmarshal(*n.raw, &n.ary)
 
 	if err != nil {
 		return nil, err
 	}
 
 	n.which = eAry
-	return &n.ary, nil
+	return n.ary, nil
 }
 
 func (n *lazyNode) compact() []byte {
@@ -302,12 +283,16 @@ func (n *lazyNode) tryDoc() bool {
 		return false
 	}
 
-	err := json.Unmarshal(*n.raw, &n.doc)
+	err := unmarshal(*n.raw, &n.doc)
 
 	if err != nil {
 		return false
 	}
 
+	if n.doc == nil {
+		return false
+	}
+
 	n.which = eDoc
 	return true
 }
@@ -317,7 +302,7 @@ func (n *lazyNode) tryAry() bool {
 		return false
 	}
 
-	err := json.Unmarshal(*n.raw, &n.ary)
+	err := unmarshal(*n.raw, &n.ary)
 
 	if err != nil {
 		return false
@@ -327,6 +312,18 @@ func (n *lazyNode) tryAry() bool {
 	return true
 }
 
+func (n *lazyNode) isNull() bool {
+	if n == nil {
+		return true
+	}
+
+	if n.raw == nil {
+		return true
+	}
+
+	return bytes.Equal(n.compact(), rawJSONNull)
+}
+
 func (n *lazyNode) equal(o *lazyNode) bool {
 	if n.which == eRaw {
 		if !n.tryDoc() && !n.tryAry() {
@@ -334,7 +331,27 @@ func (n *lazyNode) equal(o *lazyNode) bool {
 				return false
 			}
 
-			return bytes.Equal(n.compact(), o.compact())
+			nc := n.compact()
+			oc := o.compact()
+
+			if nc[0] == '"' && oc[0] == '"' {
+				// ok, 2 strings
+
+				var ns, os string
+
+				err := json.UnmarshalValid(nc, &ns)
+				if err != nil {
+					return false
+				}
+				err = json.UnmarshalValid(oc, &os)
+				if err != nil {
+					return false
+				}
+
+				return ns == os
+			}
+
+			return bytes.Equal(nc, oc)
 		}
 	}
 
@@ -380,12 +397,12 @@ func (n *lazyNode) equal(o *lazyNode) bool {
 		return false
 	}
 
-	if len(n.ary) != len(o.ary) {
+	if len(n.ary.nodes) != len(o.ary.nodes) {
 		return false
 	}
 
-	for idx, val := range n.ary {
-		if !val.equal(o.ary[idx]) {
+	for idx, val := range n.ary.nodes {
+		if !val.equal(o.ary.nodes[idx]) {
 			return false
 		}
 	}
@@ -398,7 +415,7 @@ func (o Operation) Kind() string {
 	if obj, ok := o["op"]; ok && obj != nil {
 		var op string
 
-		err := json.Unmarshal(*obj, &op)
+		err := unmarshal(*obj, &op)
 
 		if err != nil {
 			return "unknown"
@@ -415,7 +432,7 @@ func (o Operation) Path() (string, error) {
 	if obj, ok := o["path"]; ok && obj != nil {
 		var op string
 
-		err := json.Unmarshal(*obj, &op)
+		err := unmarshal(*obj, &op)
 
 		if err != nil {
 			return "unknown", err
@@ -432,7 +449,7 @@ func (o Operation) From() (string, error) {
 	if obj, ok := o["from"]; ok && obj != nil {
 		var op string
 
-		err := json.Unmarshal(*obj, &op)
+		err := unmarshal(*obj, &op)
 
 		if err != nil {
 			return "unknown", err
@@ -446,6 +463,10 @@ func (o Operation) From() (string, error) {
 
 func (o Operation) value() *lazyNode {
 	if obj, ok := o["value"]; ok {
+		// A `null` gets decoded as a nil RawMessage, so let's fix it up here.
+		if obj == nil {
+			return newLazyNode(newRawMessage(rawJSONNull))
+		}
 		return newLazyNode(obj)
 	}
 
@@ -461,7 +482,7 @@ func (o Operation) ValueInterface() (interface{}, error) {
 
 		var v interface{}
 
-		err := json.Unmarshal(*obj, &v)
+		err := unmarshal(*obj, &v)
 
 		if err != nil {
 			return nil, err
@@ -497,6 +518,9 @@ func findObject(pd *container, path string, options *ApplyOptions) (container, s
 	split := strings.Split(path, "/")
 
 	if len(split) < 2 {
+		if path == "" {
+			return doc, ""
+		}
 		return nil, ""
 	}
 
@@ -552,6 +576,9 @@ func (d *partialDoc) add(key string, val *lazyNode, options *ApplyOptions) error
 }
 
 func (d *partialDoc) get(key string, options *ApplyOptions) (*lazyNode, error) {
+	if key == "" {
+		return d.self, nil
+	}
 	v, ok := d.obj[key]
 	if !ok {
 		return v, errors.Wrapf(ErrMissing, "unable to get nonexistent key: %s", key)
@@ -591,19 +618,19 @@ func (d *partialArray) set(key string, val *lazyNode, options *ApplyOptions) err
 		if !options.SupportNegativeIndices {
 			return errors.Wrapf(ErrInvalidIndex, "Unable to access invalid index: %d", idx)
 		}
-		if idx < -len(*d) {
+		if idx < -len(d.nodes) {
 			return errors.Wrapf(ErrInvalidIndex, "Unable to access invalid index: %d", idx)
 		}
-		idx += len(*d)
+		idx += len(d.nodes)
 	}
 
-	(*d)[idx] = val
+	d.nodes[idx] = val
 	return nil
 }
 
 func (d *partialArray) add(key string, val *lazyNode, options *ApplyOptions) error {
 	if key == "-" {
-		*d = append(*d, val)
+		d.nodes = append(d.nodes, val)
 		return nil
 	}
 
@@ -612,11 +639,11 @@ func (d *partialArray) add(key string, val *lazyNode, options *ApplyOptions) err
 		return errors.Wrapf(err, "value was not a proper array index: '%s'", key)
 	}
 
-	sz := len(*d) + 1
+	sz := len(d.nodes) + 1
 
 	ary := make([]*lazyNode, sz)
 
-	cur := *d
+	cur := d
 
 	if idx >= len(ary) {
 		return errors.Wrapf(ErrInvalidIndex, "Unable to access invalid index: %d", idx)
@@ -632,15 +659,19 @@ func (d *partialArray) add(key string, val *lazyNode, options *ApplyOptions) err
 		idx += len(ary)
 	}
 
-	copy(ary[0:idx], cur[0:idx])
+	copy(ary[0:idx], cur.nodes[0:idx])
 	ary[idx] = val
-	copy(ary[idx+1:], cur[idx:])
+	copy(ary[idx+1:], cur.nodes[idx:])
 
-	*d = ary
+	d.nodes = ary
 	return nil
 }
 
 func (d *partialArray) get(key string, options *ApplyOptions) (*lazyNode, error) {
+	if key == "" {
+		return d.self, nil
+	}
+
 	idx, err := strconv.Atoi(key)
 
 	if err != nil {
@@ -651,17 +682,17 @@ func (d *partialArray) get(key string, options *ApplyOptions) (*lazyNode, error)
 		if !options.SupportNegativeIndices {
 			return nil, errors.Wrapf(ErrInvalidIndex, "Unable to access invalid index: %d", idx)
 		}
-		if idx < -len(*d) {
+		if idx < -len(d.nodes) {
 			return nil, errors.Wrapf(ErrInvalidIndex, "Unable to access invalid index: %d", idx)
 		}
-		idx += len(*d)
+		idx += len(d.nodes)
 	}
 
-	if idx >= len(*d) {
+	if idx >= len(d.nodes) {
 		return nil, errors.Wrapf(ErrInvalidIndex, "Unable to access invalid index: %d", idx)
 	}
 
-	return (*d)[idx], nil
+	return d.nodes[idx], nil
 }
 
 func (d *partialArray) remove(key string, options *ApplyOptions) error {
@@ -670,9 +701,9 @@ func (d *partialArray) remove(key string, options *ApplyOptions) error {
 		return err
 	}
 
-	cur := *d
+	cur := d
 
-	if idx >= len(cur) {
+	if idx >= len(cur.nodes) {
 		if options.AllowMissingPathOnRemove {
 			return nil
 		}
@@ -683,21 +714,21 @@ func (d *partialArray) remove(key string, options *ApplyOptions) error {
 		if !options.SupportNegativeIndices {
 			return errors.Wrapf(ErrInvalidIndex, "Unable to access invalid index: %d", idx)
 		}
-		if idx < -len(cur) {
+		if idx < -len(cur.nodes) {
 			if options.AllowMissingPathOnRemove {
 				return nil
 			}
 			return errors.Wrapf(ErrInvalidIndex, "Unable to access invalid index: %d", idx)
 		}
-		idx += len(cur)
+		idx += len(cur.nodes)
 	}
 
-	ary := make([]*lazyNode, len(cur)-1)
+	ary := make([]*lazyNode, len(cur.nodes)-1)
 
-	copy(ary[0:idx], cur[0:idx])
-	copy(ary[idx:], cur[idx+1:])
+	copy(ary[0:idx], cur.nodes[0:idx])
+	copy(ary[idx:], cur.nodes[idx+1:])
 
-	*d = ary
+	d.nodes = ary
 	return nil
 }
 
@@ -707,6 +738,32 @@ func (p Patch) add(doc *container, op Operation, options *ApplyOptions) error {
 		return errors.Wrapf(ErrMissing, "add operation failed to decode path")
 	}
 
+	// special case, adding to empty means replacing the container with the value given
+	if path == "" {
+		val := op.value()
+
+		var pd container
+		if (*val.raw)[0] == '[' {
+			pd = &partialArray{
+				self: val,
+			}
+		} else {
+			pd = &partialDoc{
+				self: val,
+			}
+		}
+
+		err := json.UnmarshalValid(*val.raw, pd)
+
+		if err != nil {
+			return err
+		}
+
+		*doc = pd
+
+		return nil
+	}
+
 	if options.EnsurePathExistsOnAdd {
 		err = ensurePathExists(doc, path, options)
 
@@ -762,9 +819,9 @@ func ensurePathExists(pd *container, path string, options *ApplyOptions) error {
 			if arrIndex, err = strconv.Atoi(part); err == nil {
 				pa, ok := doc.(*partialArray)
 
-				if ok && arrIndex >= len(*pa)+1 {
+				if ok && arrIndex >= len(pa.nodes)+1 {
 					// Pad the array with null values up to the required index.
-					for i := len(*pa); i <= arrIndex-1; i++ {
+					for i := len(pa.nodes); i <= arrIndex-1; i++ {
 						doc.add(strconv.Itoa(i), newLazyNode(newRawMessage(rawJSONNull)), options)
 					}
 				}
@@ -798,7 +855,10 @@ func ensurePathExists(pd *container, path string, options *ApplyOptions) error {
 				newNode := newLazyNode(newRawMessage(rawJSONObject))
 
 				doc.add(part, newNode, options)
-				doc, _ = newNode.intoDoc()
+				doc, err = newNode.intoDoc()
+				if err != nil {
+					return err
+				}
 			}
 		} else {
 			if isArray(*target.raw) {
@@ -899,7 +959,7 @@ func (p Patch) replace(doc *container, op Operation, options *ApplyOptions) erro
 
 		switch val.which {
 		case eAry:
-			*doc = &val.ary
+			*doc = val.ary
 		case eDoc:
 			*doc = val.doc
 		case eRaw:
@@ -934,6 +994,10 @@ func (p Patch) move(doc *container, op Operation, options *ApplyOptions) error {
 		return errors.Wrapf(err, "move operation failed to decode from")
 	}
 
+	if from == "" {
+		return errors.Wrapf(ErrInvalid, "unable to move entire document to another path")
+	}
+
 	con, key := findObject(doc, from, options)
 
 	if con == nil {
@@ -983,7 +1047,7 @@ func (p Patch) test(doc *container, op Operation, options *ApplyOptions) error {
 			self.doc = sv
 			self.which = eDoc
 		case *partialArray:
-			self.ary = *sv
+			self.ary = sv
 			self.which = eAry
 		}
 
@@ -1005,12 +1069,14 @@ func (p Patch) test(doc *container, op Operation, options *ApplyOptions) error {
 		return errors.Wrapf(err, "error in test for path: '%s'", path)
 	}
 
+	ov := op.value()
+
 	if val == nil {
-		if op.value() == nil || op.value().raw == nil {
+		if ov.isNull() {
 			return nil
 		}
 		return errors.Wrapf(ErrTestFailed, "testing value %s failed", path)
-	} else if op.value() == nil {
+	} else if ov.isNull() {
 		return errors.Wrapf(ErrTestFailed, "testing value %s failed", path)
 	}
 
@@ -1030,7 +1096,7 @@ func (p Patch) copy(doc *container, op Operation, accumulatedCopySize *int64, op
 	con, key := findObject(doc, from, options)
 
 	if con == nil {
-		return errors.Wrapf(ErrMissing, "copy operation does not apply: doc is missing from path: %s", from)
+		return errors.Wrapf(ErrMissing, "copy operation does not apply: doc is missing from path: \"%s\"", from)
 	}
 
 	val, err := con.get(key, options)
@@ -1077,9 +1143,13 @@ func Equal(a, b []byte) bool {
 
 // DecodePatch decodes the passed JSON document as an RFC 6902 patch.
 func DecodePatch(buf []byte) (Patch, error) {
+	if !json.Valid(buf) {
+		return nil, ErrInvalid
+	}
+
 	var p Patch
 
-	err := json.Unmarshal(buf, &p)
+	err := unmarshal(buf, &p)
 
 	if err != nil {
 		return nil, err
@@ -1117,14 +1187,25 @@ func (p Patch) ApplyIndentWithOptions(doc []byte, indent string, options *ApplyO
 		return doc, nil
 	}
 
+	if !json.Valid(doc) {
+		return nil, ErrInvalid
+	}
+
+	raw := json.RawMessage(doc)
+	self := newLazyNode(&raw)
+
 	var pd container
 	if doc[0] == '[' {
-		pd = &partialArray{}
+		pd = &partialArray{
+			self: self,
+		}
 	} else {
-		pd = &partialDoc{}
+		pd = &partialDoc{
+			self: self,
+		}
 	}
 
-	err := json.Unmarshal(doc, pd)
+	err := unmarshal(doc, pd)
 
 	if err != nil {
 		return nil, err
diff --git a/vendor/github.com/expr-lang/expr/.gitignore b/vendor/github.com/expr-lang/expr/.gitignore
index b0df3eb4442..b089dce8a82 100644
--- a/vendor/github.com/expr-lang/expr/.gitignore
+++ b/vendor/github.com/expr-lang/expr/.gitignore
@@ -6,3 +6,4 @@
 *.test
 *.out
 *.html
+custom_tests.json
diff --git a/vendor/github.com/expr-lang/expr/LICENSE b/vendor/github.com/expr-lang/expr/LICENSE
index 7d058f841cb..ec46ce324eb 100644
--- a/vendor/github.com/expr-lang/expr/LICENSE
+++ b/vendor/github.com/expr-lang/expr/LICENSE
@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2019 Anton Medvedev
+Copyright (c) 2018 Anton Medvedev
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
diff --git a/vendor/github.com/expr-lang/expr/README.md b/vendor/github.com/expr-lang/expr/README.md
index 1fb477b286c..bd34c7d2487 100644
--- a/vendor/github.com/expr-lang/expr/README.md
+++ b/vendor/github.com/expr-lang/expr/README.md
@@ -1,4 +1,4 @@
-# Expr
+<h1><a href="https://expr-lang.org"><img src="https://expr-lang.org/img/logo.png" alt="Zx logo" height="48"align="right"></a> Expr</h1>
 
 > [!IMPORTANT]
 > The repository [github.com/antonmedv/expr](https://github.com/antonmedv/expr) moved to [github.com/**expr-lang**/expr](https://github.com/expr-lang/expr).
@@ -8,18 +8,22 @@
 [![Fuzzing Status](https://oss-fuzz-build-logs.storage.googleapis.com/badges/expr.svg)](https://bugs.chromium.org/p/oss-fuzz/issues/list?sort=-opened&can=1&q=proj:expr)
 [![GoDoc](https://godoc.org/github.com/expr-lang/expr?status.svg)](https://godoc.org/github.com/expr-lang/expr)
 
-**Expr** is a Go-centric expression language designed to deliver dynamic configurations with unparalleled accuracy, safety, and speed.
-
-<img src="https://expr.medv.io/img/logo-small.png" width="150" alt="expr logo" align="right"/>
+**Expr** is a Go-centric expression language designed to deliver dynamic configurations with unparalleled accuracy, safety, and speed. 
+**Expr** combines simple [syntax](https://expr-lang.org/docs/language-definition) with powerful features for ease of use:
 
 ```js
 // Allow only admins and moderators to moderate comments.
 user.Group in ["admin", "moderator"] || user.Id == comment.UserId
 ```
 
+```js
+// Determine whether the request is in the permitted time window.
+request.Time - resource.Age < duration("24h")
+```
+
 ```js
 // Ensure all tweets are less than 240 characters.
-all(Tweets, .Size <= 240)
+all(tweets, len(.Content) <= 240)
 ```
 
 ## Features
@@ -62,22 +66,12 @@ go get github.com/expr-lang/expr
 
 ## Documentation
 
-* See [Getting Started](https://expr.medv.io/docs/Getting-Started) page for developer documentation.
-* See [Language Definition](https://expr.medv.io/docs/Language-Definition) page to learn the syntax.
-
-## Expr Code Editor
-
-<a href="https://bit.ly/expr-code-editor">
-  <img src="https://expr-lang.github.io/expr/ogimage.png" align="center" alt="Expr Code Editor" width="1200"/>
-</a>
-
-Also, I have an embeddable code editor written in JavaScript which allows editing expressions with syntax highlighting and autocomplete based on your types declaration.
-
-[Learn more →](https://expr-lang.github.io/expr/)
+* See [Getting Started](https://expr-lang.org/docs/Getting-Started) page for developer documentation.
+* See [Language Definition](https://expr-lang.org/docs/language-definition) page to learn the syntax.
 
 ## Examples
 
-[Play Online](https://play.golang.org/p/z7T8ytJ1T1d)
+[Play Online](https://go.dev/play/p/XCoNXEjm3TS)
 
 ```go
 package main
@@ -110,7 +104,7 @@ func main() {
 }
 ```
 
-[Play Online](https://play.golang.org/p/4S4brsIvU4i)
+[Play Online](https://go.dev/play/p/tz-ZneBfSuw)
 
 ```go
 package main
@@ -157,20 +151,22 @@ func main() {
 * [Aviasales](https://aviasales.ru) utilizes Expr as a business rule engine for its flight search engine.
 * [Wish.com](https://www.wish.com) employs Expr in its decision-making rule engine for the Wish Assistant.
 * [Argo](https://argoproj.github.io) integrates Expr into Argo Rollouts and Argo Workflows for Kubernetes.
-* [Crowdsec](https://crowdsec.net) incorporates Expr into its security automation tool.
-* [FACEIT](https://www.faceit.com) uses Expr to enhance customization of its eSports matchmaking algorithm.
-* [qiniu](https://www.qiniu.com) implements Expr in its trade systems.
-* [Junglee Games](https://www.jungleegames.com/) uses Expr for its in-house marketing retention tool, Project Audience.
 * [OpenTelemetry](https://opentelemetry.io) integrates Expr into the OpenTelemetry Collector.
 * [Philips Labs](https://github.com/philips-labs/tabia) employs Expr in Tabia, a tool designed to collect insights on their code bases.
+* [CrowdSec](https://crowdsec.net) incorporates Expr into its security automation tool.
 * [CoreDNS](https://coredns.io) uses Expr in CoreDNS, which is a DNS server.
+* [qiniu](https://www.qiniu.com) implements Expr in its trade systems.
+* [Junglee Games](https://www.jungleegames.com/) uses Expr for its in-house marketing retention tool, Project Audience.
+* [Faceit](https://www.faceit.com) uses Expr to enhance customization of its eSports matchmaking algorithm.
 * [Chaos Mesh](https://chaos-mesh.org) incorporates Expr into Chaos Mesh, a cloud-native Chaos Engineering platform.
-* [Milvus](https://milvus.io) integrates Expr into Milvus, an open-source vector database.
 * [Visually.io](https://visually.io) employs Expr as a business rule engine for its personalization targeting algorithm.
 * [Akvorado](https://github.com/akvorado/akvorado) utilizes Expr to classify exporters and interfaces in network flows.
+* [keda.sh](https://keda.sh) uses Expr to allow customization of its Kubernetes-based event-driven autoscaling.
 
 [Add your company too](https://github.com/expr-lang/expr/edit/master/README.md)
 
 ## License
 
 [MIT](https://github.com/expr-lang/expr/blob/master/LICENSE)
+
+<p align="center"><img src="https://expr-lang.org/img/gopher-small.png" width="150" /></p>
diff --git a/vendor/github.com/expr-lang/expr/ast/func.go b/vendor/github.com/expr-lang/expr/ast/func.go
deleted file mode 100644
index a873c35e994..00000000000
--- a/vendor/github.com/expr-lang/expr/ast/func.go
+++ /dev/null
@@ -1,12 +0,0 @@
-package ast
-
-import "reflect"
-
-type Function struct {
-	Name      string
-	Func      func(args ...any) (any, error)
-	Fast      func(arg any) any
-	Types     []reflect.Type
-	Validate  func(args []reflect.Type) (reflect.Type, error)
-	Predicate bool
-}
diff --git a/vendor/github.com/expr-lang/expr/ast/node.go b/vendor/github.com/expr-lang/expr/ast/node.go
index 7aabf064ca1..68c9e7bef8e 100644
--- a/vendor/github.com/expr-lang/expr/ast/node.go
+++ b/vendor/github.com/expr-lang/expr/ast/node.go
@@ -2,7 +2,6 @@ package ast
 
 import (
 	"reflect"
-	"regexp"
 
 	"github.com/expr-lang/expr/file"
 )
@@ -58,21 +57,7 @@ type NilNode struct {
 // IdentifierNode represents an identifier.
 type IdentifierNode struct {
 	base
-	Value       string // Name of the identifier. Like "foo" in "foo.bar".
-	FieldIndex  []int  // Internal. Index of the field in the list of fields.
-	Method      bool   // Internal. If true then the identifier is a method call.
-	MethodIndex int    // Internal. Index of the method in the list of methods.
-}
-
-// SetFieldIndex sets the field index of the identifier.
-func (n *IdentifierNode) SetFieldIndex(field []int) {
-	n.FieldIndex = field
-}
-
-// SetMethodIndex sets the method index of the identifier.
-func (n *IdentifierNode) SetMethodIndex(methodIndex int) {
-	n.Method = true
-	n.MethodIndex = methodIndex
+	Value string // Name of the identifier. Like "foo" in "foo.bar".
 }
 
 // IntegerNode represents an integer.
@@ -118,18 +103,17 @@ type UnaryNode struct {
 // BinaryNode represents a binary operator.
 type BinaryNode struct {
 	base
-	Operator string         // Operator of the binary operator. Like "+" in "foo + bar" or "matches" in "foo matches bar".
-	Left     Node           // Left node of the binary operator.
-	Right    Node           // Right node of the binary operator.
-	Regexp   *regexp.Regexp // Internal. Regexp of the "matches" operator. Like "f.+" in `foo matches "f.+"`.
+	Operator string // Operator of the binary operator. Like "+" in "foo + bar" or "matches" in "foo matches bar".
+	Left     Node   // Left node of the binary operator.
+	Right    Node   // Right node of the binary operator.
 }
 
 // ChainNode represents an optional chaining group.
 // A few MemberNode nodes can be chained together,
 // and will be wrapped in a ChainNode. Example:
-// ```
-// foo.bar?.baz?.qux
-// ```
+//
+//	foo.bar?.baz?.qux
+//
 // The whole chain will be wrapped in a ChainNode.
 type ChainNode struct {
 	base
@@ -140,40 +124,21 @@ type ChainNode struct {
 // It can be a field access, a method call,
 // or an array element access.
 // Example:
-// ```
-// foo.bar or foo["bar"]
-// foo.bar()
-// array[0]
-// ```
+//
+//	foo.bar or foo["bar"]
+//	foo.bar()
+//	array[0]
 type MemberNode struct {
 	base
-	Node       Node   // Node of the member access. Like "foo" in "foo.bar".
-	Property   Node   // Property of the member access. For property access it is a StringNode.
-	Optional   bool   // If true then the member access is optional. Like "foo?.bar".
-	Name       string // Internal. Name of the filed or method. Used for error reporting.
-	FieldIndex []int  // Internal. Index sequence of fields. Generated by type checker.
-
-	// TODO: Combine Method and MethodIndex into a single MethodIndex field of &int type.
-	Method      bool // Internal. If true then the member access is a method call.
-	MethodIndex int  // Internal. Index of the method in the list of methods. Generated by type checker.
-}
-
-// SetFieldIndex sets the field index of the member access.
-func (n *MemberNode) SetFieldIndex(field []int) {
-	n.FieldIndex = field
-}
-
-// SetMethodIndex sets the method index of the member access.
-func (n *MemberNode) SetMethodIndex(methodIndex int) {
-	n.Method = true
-	n.MethodIndex = methodIndex
+	Node     Node // Node of the member access. Like "foo" in "foo.bar".
+	Property Node // Property of the member access. For property access it is a StringNode.
+	Optional bool // If true then the member access is optional. Like "foo?.bar".
 }
 
 // SliceNode represents access to a slice of an array.
 // Example:
-// ```
-// array[1:4]
-// ```
+//
+//	array[1:4]
 type SliceNode struct {
 	base
 	Node Node // Node of the slice. Like "array" in "array[1:4]".
@@ -184,11 +149,8 @@ type SliceNode struct {
 // CallNode represents a function or a method call.
 type CallNode struct {
 	base
-	Callee    Node      // Node of the call. Like "foo" in "foo()".
-	Arguments []Node    // Arguments of the call.
-	Typed     int       // Internal. Used to indicate compiler what type is one of vm.FuncTypes.
-	Fast      bool      // Internal. Used to indicate compiler what this call is a fast call.
-	Func      *Function // Internal. Used to pass function information from type checker to compiler.
+	Callee    Node   // Node of the call. Like "foo" in "foo()".
+	Arguments []Node // Arguments of the call.
 }
 
 // BuiltinNode represents a builtin function call.
@@ -196,16 +158,16 @@ type BuiltinNode struct {
 	base
 	Name      string // Name of the builtin function. Like "len" in "len(foo)".
 	Arguments []Node // Arguments of the builtin function.
-	Throws    bool   // Internal. If true then accessing a field or array index can throw an error. Used by optimizer.
-	Map       Node   // Internal. Used by optimizer to fold filter() and map() builtins.
+	Throws    bool   // If true then accessing a field or array index can throw an error. Used by optimizer.
+	Map       Node   // Used by optimizer to fold filter() and map() builtins.
 }
 
 // ClosureNode represents a predicate.
 // Example:
-// ```
-// filter(foo, .bar == 1)
-// ```
-// The predicate is `.bar == 1`.
+//
+//	filter(foo, .bar == 1)
+//
+// The predicate is ".bar == 1".
 type ClosureNode struct {
 	base
 	Node Node // Node of the predicate body.
diff --git a/vendor/github.com/expr-lang/expr/builtin/builtin.go b/vendor/github.com/expr-lang/expr/builtin/builtin.go
index 8576160a640..cd943bd0baf 100644
--- a/vendor/github.com/expr-lang/expr/builtin/builtin.go
+++ b/vendor/github.com/expr-lang/expr/builtin/builtin.go
@@ -9,10 +9,19 @@ import (
 	"strings"
 	"time"
 
-	"github.com/expr-lang/expr/ast"
 	"github.com/expr-lang/expr/vm/runtime"
 )
 
+type Function struct {
+	Name         string
+	Func         func(args ...any) (any, error)
+	Fast         func(arg any) any
+	ValidateArgs func(args ...any) (any, error)
+	Types        []reflect.Type
+	Validate     func(args []reflect.Type) (reflect.Type, error)
+	Predicate    bool
+}
+
 var (
 	Index map[string]int
 	Names []string
@@ -27,7 +36,7 @@ func init() {
 	}
 }
 
-var Builtins = []*ast.Function{
+var Builtins = []*Function{
 	{
 		Name:      "all",
 		Predicate: true,
@@ -317,12 +326,15 @@ var Builtins = []*ast.Function{
 	},
 	{
 		Name: "repeat",
-		Func: func(args ...any) (any, error) {
+		ValidateArgs: func(args ...any) (any, error) {
 			n := runtime.ToInt(args[1])
-			if n > 1e6 {
-				panic("memory budget exceeded")
+			if n < 0 {
+				panic(fmt.Errorf("invalid argument for repeat (expected positive integer, got %d)", n))
 			}
-			return strings.Repeat(args[0].(string), n), nil
+			return uint(n), nil
+		},
+		Func: func(args ...any) (any, error) {
+			return strings.Repeat(args[0].(string), runtime.ToInt(args[1])), nil
 		},
 		Types: types(strings.Repeat),
 	},
@@ -972,4 +984,48 @@ var Builtins = []*ast.Function{
 			return arrayType, nil
 		},
 	},
+	bitFunc("bitand", func(x, y int) (any, error) {
+		return x & y, nil
+	}),
+	bitFunc("bitor", func(x, y int) (any, error) {
+		return x | y, nil
+	}),
+	bitFunc("bitxor", func(x, y int) (any, error) {
+		return x ^ y, nil
+	}),
+	bitFunc("bitnand", func(x, y int) (any, error) {
+		return x &^ y, nil
+	}),
+	bitFunc("bitshl", func(x, y int) (any, error) {
+		if y < 0 {
+			return nil, fmt.Errorf("invalid operation: negative shift count %d (type int)", y)
+		}
+		return x << y, nil
+	}),
+	bitFunc("bitshr", func(x, y int) (any, error) {
+		if y < 0 {
+			return nil, fmt.Errorf("invalid operation: negative shift count %d (type int)", y)
+		}
+		return x >> y, nil
+	}),
+	bitFunc("bitushr", func(x, y int) (any, error) {
+		if y < 0 {
+			return nil, fmt.Errorf("invalid operation: negative shift count %d (type int)", y)
+		}
+		return int(uint(x) >> y), nil
+	}),
+	{
+		Name: "bitnot",
+		Func: func(args ...any) (any, error) {
+			if len(args) != 1 {
+				return nil, fmt.Errorf("invalid number of arguments for bitnot (expected 1, got %d)", len(args))
+			}
+			x, err := toInt(args[0])
+			if err != nil {
+				return nil, fmt.Errorf("%v to call bitnot", err)
+			}
+			return ^x, nil
+		},
+		Types: types(new(func(int) int)),
+	},
 }
diff --git a/vendor/github.com/expr-lang/expr/builtin/func.go b/vendor/github.com/expr-lang/expr/builtin/lib.go
similarity index 89%
rename from vendor/github.com/expr-lang/expr/builtin/func.go
rename to vendor/github.com/expr-lang/expr/builtin/lib.go
index 9bcd7827b7d..1deca3f9948 100644
--- a/vendor/github.com/expr-lang/expr/builtin/func.go
+++ b/vendor/github.com/expr-lang/expr/builtin/lib.go
@@ -272,3 +272,24 @@ func Min(args ...any) (any, error) {
 	}
 	return min, nil
 }
+
+func bitFunc(name string, fn func(x, y int) (any, error)) *Function {
+	return &Function{
+		Name: name,
+		Func: func(args ...any) (any, error) {
+			if len(args) != 2 {
+				return nil, fmt.Errorf("invalid number of arguments for %s (expected 2, got %d)", name, len(args))
+			}
+			x, err := toInt(args[0])
+			if err != nil {
+				return nil, fmt.Errorf("%v to call %s", err, name)
+			}
+			y, err := toInt(args[1])
+			if err != nil {
+				return nil, fmt.Errorf("%v to call %s", err, name)
+			}
+			return fn(x, y)
+		},
+		Types: types(new(func(int, int) int)),
+	}
+}
diff --git a/vendor/github.com/expr-lang/expr/builtin/utils.go b/vendor/github.com/expr-lang/expr/builtin/utils.go
index eff8fdcd1d8..f831e95b6c2 100644
--- a/vendor/github.com/expr-lang/expr/builtin/utils.go
+++ b/vendor/github.com/expr-lang/expr/builtin/utils.go
@@ -63,3 +63,30 @@ loop:
 
 	panic(fmt.Sprintf("cannot deref %s", v))
 }
+
+func toInt(val any) (int, error) {
+	switch v := val.(type) {
+	case int:
+		return v, nil
+	case int8:
+		return int(v), nil
+	case int16:
+		return int(v), nil
+	case int32:
+		return int(v), nil
+	case int64:
+		return int(v), nil
+	case uint:
+		return int(v), nil
+	case uint8:
+		return int(v), nil
+	case uint16:
+		return int(v), nil
+	case uint32:
+		return int(v), nil
+	case uint64:
+		return int(v), nil
+	default:
+		return 0, fmt.Errorf("cannot use %T as argument (type int)", val)
+	}
+}
diff --git a/vendor/github.com/expr-lang/expr/checker/checker.go b/vendor/github.com/expr-lang/expr/checker/checker.go
index c214acf3ba2..4dced34eaad 100644
--- a/vendor/github.com/expr-lang/expr/checker/checker.go
+++ b/vendor/github.com/expr-lang/expr/checker/checker.go
@@ -10,7 +10,6 @@ import (
 	"github.com/expr-lang/expr/conf"
 	"github.com/expr-lang/expr/file"
 	"github.com/expr-lang/expr/parser"
-	"github.com/expr-lang/expr/vm"
 )
 
 func Check(tree *parser.Tree, config *conf.Config) (t reflect.Type, err error) {
@@ -72,7 +71,7 @@ type varScope struct {
 
 type info struct {
 	method bool
-	fn     *ast.Function
+	fn     *builtin.Function
 
 	// elem is element type of array or map.
 	// Arrays created with type []any, but
@@ -166,23 +165,13 @@ func (v *checker) IdentifierNode(node *ast.IdentifierNode) (reflect.Type, info)
 	return v.env(node, node.Value, true)
 }
 
-type NodeWithIndexes interface {
-	ast.Node
-	SetFieldIndex(field []int)
-	SetMethodIndex(methodIndex int)
-}
-
 // env method returns type of environment variable. env only lookups for
 // environment variables, no builtins, no custom functions.
-func (v *checker) env(node NodeWithIndexes, name string, strict bool) (reflect.Type, info) {
+func (v *checker) env(node ast.Node, name string, strict bool) (reflect.Type, info) {
 	if t, ok := v.config.Types[name]; ok {
 		if t.Ambiguous {
 			return v.error(node, "ambiguous identifier %v", name)
 		}
-		node.SetFieldIndex(t.FieldIndex)
-		if t.Method {
-			node.SetMethodIndex(t.MethodIndex)
-		}
 		return t.Type, info{method: t.Method}
 	}
 	if v.config.Strict && strict {
@@ -384,11 +373,10 @@ func (v *checker) BinaryNode(node *ast.BinaryNode) (reflect.Type, info) {
 
 	case "matches":
 		if s, ok := node.Right.(*ast.StringNode); ok {
-			r, err := regexp.Compile(s.Value)
+			_, err := regexp.Compile(s.Value)
 			if err != nil {
 				return v.error(node, err.Error())
 			}
-			node.Regexp = r
 		}
 		if isString(l) && isString(r) {
 			return boolType, info{}
@@ -477,8 +465,6 @@ func (v *checker) MemberNode(node *ast.MemberNode) (reflect.Type, info) {
 				// the same interface.
 				return m.Type, info{}
 			} else {
-				node.SetMethodIndex(m.Index)
-				node.Name = name.Value
 				return m.Type, info{method: true}
 			}
 		}
@@ -508,8 +494,6 @@ func (v *checker) MemberNode(node *ast.MemberNode) (reflect.Type, info) {
 		if name, ok := node.Property.(*ast.StringNode); ok {
 			propertyName := name.Value
 			if field, ok := fetchField(base, propertyName); ok {
-				node.FieldIndex = field.Index
-				node.Name = propertyName
 				return field.Type, info{}
 			}
 			if len(v.parents) > 1 {
@@ -563,7 +547,6 @@ func (v *checker) functionReturnType(node *ast.CallNode) (reflect.Type, info) {
 	fn, fnInfo := v.visit(node.Callee)
 
 	if fnInfo.fn != nil {
-		node.Func = fnInfo.fn
 		return v.checkFunction(fnInfo.fn, node, node.Arguments)
 	}
 
@@ -585,23 +568,6 @@ func (v *checker) functionReturnType(node *ast.CallNode) (reflect.Type, info) {
 	case reflect.Interface:
 		return anyType, info{}
 	case reflect.Func:
-		inputParamsCount := 1 // for functions
-		if fnInfo.method {
-			inputParamsCount = 2 // for methods
-		}
-		// TODO: Deprecate OpCallFast and move fn(...any) any to TypedFunc list.
-		// To do this we need add support for variadic arguments in OpCallTyped.
-		if !isAny(fn) &&
-			fn.IsVariadic() &&
-			fn.NumIn() == inputParamsCount &&
-			fn.NumOut() == 1 &&
-			fn.Out(0).Kind() == reflect.Interface {
-			rest := fn.In(fn.NumIn() - 1) // function has only one param for functions and two for methods
-			if kind(rest) == reflect.Slice && rest.Elem().Kind() == reflect.Interface {
-				node.Fast = true
-			}
-		}
-
 		outType, err := v.checkArguments(fnName, fn, fnInfo.method, node.Arguments, node)
 		if err != nil {
 			if v.err == nil {
@@ -609,9 +575,6 @@ func (v *checker) functionReturnType(node *ast.CallNode) (reflect.Type, info) {
 			}
 			return anyType, info{}
 		}
-
-		v.findTypedFunc(node, fn, fnInfo.method)
-
 		return outType, info{}
 	}
 	return v.error(node, "%v is not callable", fn)
@@ -856,7 +819,7 @@ func (v *checker) checkBuiltinGet(node *ast.BuiltinNode) (reflect.Type, info) {
 	return v.error(val, "type %v does not support indexing", t)
 }
 
-func (v *checker) checkFunction(f *ast.Function, node ast.Node, arguments []ast.Node) (reflect.Type, info) {
+func (v *checker) checkFunction(f *builtin.Function, node ast.Node, arguments []ast.Node) (reflect.Type, info) {
 	if f.Validate != nil {
 		args := make([]reflect.Type, len(arguments))
 		for i, arg := range arguments {
@@ -897,7 +860,13 @@ func (v *checker) checkFunction(f *ast.Function, node ast.Node, arguments []ast.
 	return v.error(node, "no matching overload for %v", f.Name)
 }
 
-func (v *checker) checkArguments(name string, fn reflect.Type, method bool, arguments []ast.Node, node ast.Node) (reflect.Type, *file.Error) {
+func (v *checker) checkArguments(
+	name string,
+	fn reflect.Type,
+	method bool,
+	arguments []ast.Node,
+	node ast.Node,
+) (reflect.Type, *file.Error) {
 	if isAny(fn) {
 		return anyType, nil
 	}
@@ -1136,44 +1105,3 @@ func (v *checker) PairNode(node *ast.PairNode) (reflect.Type, info) {
 	v.visit(node.Value)
 	return nilType, info{}
 }
-
-func (v *checker) findTypedFunc(node *ast.CallNode, fn reflect.Type, method bool) {
-	// OnCallTyped doesn't work for functions with variadic arguments,
-	// and doesn't work named function, like `type MyFunc func() int`.
-	// In PkgPath() is an empty string, it's unnamed function.
-	if !fn.IsVariadic() && fn.PkgPath() == "" {
-		fnNumIn := fn.NumIn()
-		fnInOffset := 0
-		if method {
-			fnNumIn--
-			fnInOffset = 1
-		}
-	funcTypes:
-		for i := range vm.FuncTypes {
-			if i == 0 {
-				continue
-			}
-			typed := reflect.ValueOf(vm.FuncTypes[i]).Elem().Type()
-			if typed.Kind() != reflect.Func {
-				continue
-			}
-			if typed.NumOut() != fn.NumOut() {
-				continue
-			}
-			for j := 0; j < typed.NumOut(); j++ {
-				if typed.Out(j) != fn.Out(j) {
-					continue funcTypes
-				}
-			}
-			if typed.NumIn() != fnNumIn {
-				continue
-			}
-			for j := 0; j < typed.NumIn(); j++ {
-				if typed.In(j) != fn.In(j+fnInOffset) {
-					continue funcTypes
-				}
-			}
-			node.Typed = i
-		}
-	}
-}
diff --git a/vendor/github.com/expr-lang/expr/checker/info.go b/vendor/github.com/expr-lang/expr/checker/info.go
new file mode 100644
index 00000000000..112bfab3108
--- /dev/null
+++ b/vendor/github.com/expr-lang/expr/checker/info.go
@@ -0,0 +1,128 @@
+package checker
+
+import (
+	"reflect"
+
+	"github.com/expr-lang/expr/ast"
+	"github.com/expr-lang/expr/conf"
+	"github.com/expr-lang/expr/vm"
+)
+
+func FieldIndex(types conf.TypesTable, node ast.Node) (bool, []int, string) {
+	switch n := node.(type) {
+	case *ast.IdentifierNode:
+		if t, ok := types[n.Value]; ok && len(t.FieldIndex) > 0 {
+			return true, t.FieldIndex, n.Value
+		}
+	case *ast.MemberNode:
+		base := n.Node.Type()
+		if kind(base) == reflect.Ptr {
+			base = base.Elem()
+		}
+		if kind(base) == reflect.Struct {
+			if prop, ok := n.Property.(*ast.StringNode); ok {
+				name := prop.Value
+				if field, ok := fetchField(base, name); ok {
+					return true, field.Index, name
+				}
+			}
+		}
+	}
+	return false, nil, ""
+}
+
+func MethodIndex(types conf.TypesTable, node ast.Node) (bool, int, string) {
+	switch n := node.(type) {
+	case *ast.IdentifierNode:
+		if t, ok := types[n.Value]; ok {
+			return t.Method, t.MethodIndex, n.Value
+		}
+	case *ast.MemberNode:
+		if name, ok := n.Property.(*ast.StringNode); ok {
+			base := n.Node.Type()
+			if base != nil && base.Kind() != reflect.Interface {
+				if m, ok := base.MethodByName(name.Value); ok {
+					return true, m.Index, name.Value
+				}
+			}
+		}
+	}
+	return false, 0, ""
+}
+
+func TypedFuncIndex(fn reflect.Type, method bool) (int, bool) {
+	if fn == nil {
+		return 0, false
+	}
+	if fn.Kind() != reflect.Func {
+		return 0, false
+	}
+	// OnCallTyped doesn't work for functions with variadic arguments.
+	if fn.IsVariadic() {
+		return 0, false
+	}
+	// OnCallTyped doesn't work named function, like `type MyFunc func() int`.
+	if fn.PkgPath() != "" { // If PkgPath() is not empty, it means that function is named.
+		return 0, false
+	}
+
+	fnNumIn := fn.NumIn()
+	fnInOffset := 0
+	if method {
+		fnNumIn--
+		fnInOffset = 1
+	}
+
+funcTypes:
+	for i := range vm.FuncTypes {
+		if i == 0 {
+			continue
+		}
+		typed := reflect.ValueOf(vm.FuncTypes[i]).Elem().Type()
+		if typed.Kind() != reflect.Func {
+			continue
+		}
+		if typed.NumOut() != fn.NumOut() {
+			continue
+		}
+		for j := 0; j < typed.NumOut(); j++ {
+			if typed.Out(j) != fn.Out(j) {
+				continue funcTypes
+			}
+		}
+		if typed.NumIn() != fnNumIn {
+			continue
+		}
+		for j := 0; j < typed.NumIn(); j++ {
+			if typed.In(j) != fn.In(j+fnInOffset) {
+				continue funcTypes
+			}
+		}
+		return i, true
+	}
+	return 0, false
+}
+
+func IsFastFunc(fn reflect.Type, method bool) bool {
+	if fn == nil {
+		return false
+	}
+	if fn.Kind() != reflect.Func {
+		return false
+	}
+	numIn := 1
+	if method {
+		numIn = 2
+	}
+	if !isAny(fn) &&
+		fn.IsVariadic() &&
+		fn.NumIn() == numIn &&
+		fn.NumOut() == 1 &&
+		fn.Out(0).Kind() == reflect.Interface {
+		rest := fn.In(fn.NumIn() - 1) // function has only one param for functions and two for methods
+		if kind(rest) == reflect.Slice && rest.Elem().Kind() == reflect.Interface {
+			return true
+		}
+	}
+	return false
+}
diff --git a/vendor/github.com/expr-lang/expr/checker/types.go b/vendor/github.com/expr-lang/expr/checker/types.go
index 1978fde0b92..662139c3752 100644
--- a/vendor/github.com/expr-lang/expr/checker/types.go
+++ b/vendor/github.com/expr-lang/expr/checker/types.go
@@ -192,7 +192,11 @@ func fetchField(t reflect.Type, name string) (reflect.StructField, bool) {
 		for i := 0; i < t.NumField(); i++ {
 			anon := t.Field(i)
 			if anon.Anonymous {
-				if field, ok := fetchField(anon.Type, name); ok {
+				anonType := anon.Type
+				if anonType.Kind() == reflect.Pointer {
+					anonType = anonType.Elem()
+				}
+				if field, ok := fetchField(anonType, name); ok {
 					field.Index = append(anon.Index, field.Index...)
 					return field, true
 				}
diff --git a/vendor/github.com/expr-lang/expr/compiler/compiler.go b/vendor/github.com/expr-lang/expr/compiler/compiler.go
index 4831a310373..1f1c00c9297 100644
--- a/vendor/github.com/expr-lang/expr/compiler/compiler.go
+++ b/vendor/github.com/expr-lang/expr/compiler/compiler.go
@@ -3,9 +3,11 @@ package compiler
 import (
 	"fmt"
 	"reflect"
+	"regexp"
 
 	"github.com/expr-lang/expr/ast"
 	"github.com/expr-lang/expr/builtin"
+	"github.com/expr-lang/expr/checker"
 	"github.com/expr-lang/expr/conf"
 	"github.com/expr-lang/expr/file"
 	"github.com/expr-lang/expr/parser"
@@ -25,26 +27,24 @@ func Compile(tree *parser.Tree, config *conf.Config) (program *Program, err erro
 	}()
 
 	c := &compiler{
+		config:         config,
 		locations:      make([]file.Location, 0),
 		constantsIndex: make(map[any]int),
 		functionsIndex: make(map[string]int),
 		debugInfo:      make(map[string]string),
 	}
 
-	if config != nil {
-		c.mapEnv = config.MapEnv
-		c.cast = config.Expect
-	}
-
 	c.compile(tree.Node)
 
-	switch c.cast {
-	case reflect.Int:
-		c.emit(OpCast, 0)
-	case reflect.Int64:
-		c.emit(OpCast, 1)
-	case reflect.Float64:
-		c.emit(OpCast, 2)
+	if c.config != nil {
+		switch c.config.Expect {
+		case reflect.Int:
+			c.emit(OpCast, 0)
+		case reflect.Int64:
+			c.emit(OpCast, 1)
+		case reflect.Float64:
+			c.emit(OpCast, 2)
+		}
 	}
 
 	program = NewProgram(
@@ -61,6 +61,7 @@ func Compile(tree *parser.Tree, config *conf.Config) (program *Program, err erro
 }
 
 type compiler struct {
+	config         *conf.Config
 	locations      []file.Location
 	bytecode       []Opcode
 	variables      []any
@@ -70,8 +71,6 @@ type compiler struct {
 	functions      []Function
 	functionsIndex map[string]int
 	debugInfo      map[string]string
-	mapEnv         bool
-	cast           reflect.Kind
 	nodes          []ast.Node
 	chains         [][]int
 	arguments      []int
@@ -145,34 +144,34 @@ func (c *compiler) addVariable(name string) int {
 }
 
 // emitFunction adds builtin.Function.Func to the program.functions and emits call opcode.
-func (c *compiler) emitFunction(fn *ast.Function, argsLen int) {
+func (c *compiler) emitFunction(fn *builtin.Function, argsLen int) {
 	switch argsLen {
 	case 0:
-		c.emit(OpCall0, c.addFunction(fn))
+		c.emit(OpCall0, c.addFunction(fn.Name, fn.Func))
 	case 1:
-		c.emit(OpCall1, c.addFunction(fn))
+		c.emit(OpCall1, c.addFunction(fn.Name, fn.Func))
 	case 2:
-		c.emit(OpCall2, c.addFunction(fn))
+		c.emit(OpCall2, c.addFunction(fn.Name, fn.Func))
 	case 3:
-		c.emit(OpCall3, c.addFunction(fn))
+		c.emit(OpCall3, c.addFunction(fn.Name, fn.Func))
 	default:
-		c.emit(OpLoadFunc, c.addFunction(fn))
+		c.emit(OpLoadFunc, c.addFunction(fn.Name, fn.Func))
 		c.emit(OpCallN, argsLen)
 	}
 }
 
 // addFunction adds builtin.Function.Func to the program.functions and returns its index.
-func (c *compiler) addFunction(fn *ast.Function) int {
+func (c *compiler) addFunction(name string, fn Function) int {
 	if fn == nil {
 		panic("function is nil")
 	}
-	if p, ok := c.functionsIndex[fn.Name]; ok {
+	if p, ok := c.functionsIndex[name]; ok {
 		return p
 	}
 	p := len(c.functions)
-	c.functions = append(c.functions, fn.Func)
-	c.functionsIndex[fn.Name] = p
-	c.debugInfo[fmt.Sprintf("func_%d", p)] = fn.Name
+	c.functions = append(c.functions, fn)
+	c.functionsIndex[name] = p
+	c.debugInfo[fmt.Sprintf("func_%d", p)] = name
 	return p
 }
 
@@ -252,17 +251,25 @@ func (c *compiler) IdentifierNode(node *ast.IdentifierNode) {
 		c.emit(OpLoadEnv)
 		return
 	}
-	if c.mapEnv {
+
+	var mapEnv bool
+	var types conf.TypesTable
+	if c.config != nil {
+		mapEnv = c.config.MapEnv
+		types = c.config.Types
+	}
+
+	if mapEnv {
 		c.emit(OpLoadFast, c.addConstant(node.Value))
-	} else if len(node.FieldIndex) > 0 {
+	} else if ok, index, name := checker.FieldIndex(types, node); ok {
 		c.emit(OpLoadField, c.addConstant(&runtime.Field{
-			Index: node.FieldIndex,
-			Path:  []string{node.Value},
+			Index: index,
+			Path:  []string{name},
 		}))
-	} else if node.Method {
+	} else if ok, index, name := checker.MethodIndex(types, node); ok {
 		c.emit(OpLoadMethod, c.addConstant(&runtime.Method{
-			Name:  node.Value,
-			Index: node.MethodIndex,
+			Name:  name,
+			Index: index,
 		}))
 	} else {
 		c.emit(OpLoadConst, c.addConstant(node.Value))
@@ -482,10 +489,14 @@ func (c *compiler) BinaryNode(node *ast.BinaryNode) {
 		c.emit(OpIn)
 
 	case "matches":
-		if node.Regexp != nil {
+		if str, ok := node.Right.(*ast.StringNode); ok {
+			re, err := regexp.Compile(str.Value)
+			if err != nil {
+				panic(err)
+			}
 			c.compile(node.Left)
 			c.derefInNeeded(node.Left)
-			c.emit(OpMatchesConst, c.addConstant(node.Regexp))
+			c.emit(OpMatchesConst, c.addConstant(re))
 		} else {
 			c.compile(node.Left)
 			c.derefInNeeded(node.Left)
@@ -559,36 +570,48 @@ func (c *compiler) ChainNode(node *ast.ChainNode) {
 }
 
 func (c *compiler) MemberNode(node *ast.MemberNode) {
-	if node.Method {
+	var types conf.TypesTable
+	if c.config != nil {
+		types = c.config.Types
+	}
+
+	if ok, index, name := checker.MethodIndex(types, node); ok {
 		c.compile(node.Node)
 		c.emit(OpMethod, c.addConstant(&runtime.Method{
-			Name:  node.Name,
-			Index: node.MethodIndex,
+			Name:  name,
+			Index: index,
 		}))
 		return
 	}
 	op := OpFetch
-	index := node.FieldIndex
-	path := []string{node.Name}
 	base := node.Node
-	if len(node.FieldIndex) > 0 {
+
+	ok, index, nodeName := checker.FieldIndex(types, node)
+	path := []string{nodeName}
+
+	if ok {
 		op = OpFetchField
 		for !node.Optional {
-			ident, ok := base.(*ast.IdentifierNode)
-			if ok && len(ident.FieldIndex) > 0 {
-				index = append(ident.FieldIndex, index...)
-				path = append([]string{ident.Value}, path...)
-				c.emitLocation(ident.Location(), OpLoadField, c.addConstant(
-					&runtime.Field{Index: index, Path: path},
-				))
-				return
+			if ident, isIdent := base.(*ast.IdentifierNode); isIdent {
+				if ok, identIndex, name := checker.FieldIndex(types, ident); ok {
+					index = append(identIndex, index...)
+					path = append([]string{name}, path...)
+					c.emitLocation(ident.Location(), OpLoadField, c.addConstant(
+						&runtime.Field{Index: index, Path: path},
+					))
+					return
+				}
 			}
-			member, ok := base.(*ast.MemberNode)
-			if ok && len(member.FieldIndex) > 0 {
-				index = append(member.FieldIndex, index...)
-				path = append([]string{member.Name}, path...)
-				node = member
-				base = member.Node
+
+			if member, isMember := base.(*ast.MemberNode); isMember {
+				if ok, memberIndex, name := checker.FieldIndex(types, member); ok {
+					index = append(memberIndex, index...)
+					path = append([]string{name}, path...)
+					node = member
+					base = member.Node
+				} else {
+					break
+				}
 			} else {
 				break
 			}
@@ -630,15 +653,21 @@ func (c *compiler) CallNode(node *ast.CallNode) {
 	for _, arg := range node.Arguments {
 		c.compile(arg)
 	}
-	if node.Func != nil {
-		c.emitFunction(node.Func, len(node.Arguments))
-		return
+	if ident, ok := node.Callee.(*ast.IdentifierNode); ok {
+		if c.config != nil {
+			if fn, ok := c.config.Functions[ident.Value]; ok {
+				c.emitFunction(fn, len(node.Arguments))
+				return
+			}
+		}
 	}
 	c.compile(node.Callee)
-	if node.Typed > 0 {
-		c.emit(OpCallTyped, node.Typed)
+
+	isMethod, _, _ := checker.MethodIndex(c.config.Types, node.Callee)
+	if index, ok := checker.TypedFuncIndex(node.Callee.Type(), isMethod); ok {
+		c.emit(OpCallTyped, index)
 		return
-	} else if node.Fast {
+	} else if checker.IsFastFunc(node.Callee.Type(), isMethod) {
 		c.emit(OpCallFast, len(node.Arguments))
 	} else {
 		c.emit(OpCall, len(node.Arguments))
@@ -875,6 +904,12 @@ func (c *compiler) BuiltinNode(node *ast.BuiltinNode) {
 		for _, arg := range node.Arguments {
 			c.compile(arg)
 		}
+
+		if f.ValidateArgs != nil {
+			c.emit(OpLoadFunc, c.addFunction("$_validate_args_"+f.Name, f.ValidateArgs))
+			c.emit(OpValidateArgs, len(node.Arguments))
+		}
+
 		if f.Fast != nil {
 			c.emit(OpCallBuiltin1, id)
 		} else if f.Func != nil {
diff --git a/vendor/github.com/expr-lang/expr/conf/config.go b/vendor/github.com/expr-lang/expr/conf/config.go
index 4de8ca4484c..48d491a96b5 100644
--- a/vendor/github.com/expr-lang/expr/conf/config.go
+++ b/vendor/github.com/expr-lang/expr/conf/config.go
@@ -21,8 +21,8 @@ type Config struct {
 	Strict      bool
 	ConstFns    map[string]reflect.Value
 	Visitors    []ast.Visitor
-	Functions   map[string]*ast.Function
-	Builtins    map[string]*ast.Function
+	Functions   map[string]*builtin.Function
+	Builtins    map[string]*builtin.Function
 	Disabled    map[string]bool // disabled builtins
 }
 
@@ -32,8 +32,8 @@ func CreateNew() *Config {
 		Optimize:  true,
 		Operators: make(map[string][]string),
 		ConstFns:  make(map[string]reflect.Value),
-		Functions: make(map[string]*ast.Function),
-		Builtins:  make(map[string]*ast.Function),
+		Functions: make(map[string]*builtin.Function),
+		Builtins:  make(map[string]*builtin.Function),
 		Disabled:  make(map[string]bool),
 	}
 	for _, f := range builtin.Builtins {
diff --git a/vendor/github.com/expr-lang/expr/expr.go b/vendor/github.com/expr-lang/expr/expr.go
index 90f1273a170..8569de8fb2f 100644
--- a/vendor/github.com/expr-lang/expr/expr.go
+++ b/vendor/github.com/expr-lang/expr/expr.go
@@ -1,10 +1,12 @@
 package expr
 
 import (
+	"errors"
 	"fmt"
 	"reflect"
 
 	"github.com/expr-lang/expr/ast"
+	"github.com/expr-lang/expr/builtin"
 	"github.com/expr-lang/expr/checker"
 	"github.com/expr-lang/expr/compiler"
 	"github.com/expr-lang/expr/conf"
@@ -122,7 +124,7 @@ func Function(name string, fn func(params ...any) (any, error), types ...any) Op
 			}
 			ts[i] = t
 		}
-		c.Functions[name] = &ast.Function{
+		c.Functions[name] = &builtin.Function{
 			Name:  name,
 			Func:  fn,
 			Types: ts,
@@ -199,7 +201,8 @@ func Compile(input string, ops ...Option) (*vm.Program, error) {
 	if config.Optimize {
 		err = optimizer.Optimize(&tree.Node, config)
 		if err != nil {
-			if fileError, ok := err.(*file.Error); ok {
+			var fileError *file.Error
+			if errors.As(err, &fileError) {
 				return nil, fileError.Bind(tree.Source)
 			}
 			return nil, err
diff --git a/vendor/github.com/expr-lang/expr/optimizer/const_range.go b/vendor/github.com/expr-lang/expr/optimizer/const_range.go
deleted file mode 100644
index 506b1c42357..00000000000
--- a/vendor/github.com/expr-lang/expr/optimizer/const_range.go
+++ /dev/null
@@ -1,40 +0,0 @@
-package optimizer
-
-import (
-	. "github.com/expr-lang/expr/ast"
-)
-
-type constRange struct{}
-
-func (*constRange) Visit(node *Node) {
-	switch n := (*node).(type) {
-	case *BinaryNode:
-		if n.Operator == ".." {
-			if min, ok := n.Left.(*IntegerNode); ok {
-				if max, ok := n.Right.(*IntegerNode); ok {
-					size := max.Value - min.Value + 1
-					// In case the max < min, patch empty slice
-					// as max must be greater than equal to min.
-					if size < 1 {
-						Patch(node, &ConstantNode{
-							Value: make([]int, 0),
-						})
-						return
-					}
-					// In this case array is too big. Skip generation,
-					// and wait for memory budget detection on runtime.
-					if size > 1e6 {
-						return
-					}
-					value := make([]int, size)
-					for i := range value {
-						value[i] = min.Value + i
-					}
-					Patch(node, &ConstantNode{
-						Value: value,
-					})
-				}
-			}
-		}
-	}
-}
diff --git a/vendor/github.com/expr-lang/expr/optimizer/optimizer.go b/vendor/github.com/expr-lang/expr/optimizer/optimizer.go
index ee9dedeec32..a9c0fa3d3a7 100644
--- a/vendor/github.com/expr-lang/expr/optimizer/optimizer.go
+++ b/vendor/github.com/expr-lang/expr/optimizer/optimizer.go
@@ -32,7 +32,6 @@ func Optimize(node *Node, config *conf.Config) error {
 		}
 	}
 	Walk(node, &inRange{})
-	Walk(node, &constRange{})
 	Walk(node, &filterMap{})
 	Walk(node, &filterLen{})
 	Walk(node, &filterLast{})
diff --git a/vendor/github.com/expr-lang/expr/parser/lexer/lexer.go b/vendor/github.com/expr-lang/expr/parser/lexer/lexer.go
index d17e1993248..c32658637f2 100644
--- a/vendor/github.com/expr-lang/expr/parser/lexer/lexer.go
+++ b/vendor/github.com/expr-lang/expr/parser/lexer/lexer.go
@@ -219,3 +219,17 @@ func (l *lexer) scanString(quote rune) (n int) {
 	}
 	return
 }
+
+func (l *lexer) scanRawString(quote rune) (n int) {
+	ch := l.next() // read character after back tick
+	for ch != quote {
+		if ch == eof {
+			l.error("literal not terminated")
+			return
+		}
+		ch = l.next()
+		n++
+	}
+	l.emitValue(String, l.input[l.start+1:l.end-1])
+	return
+}
diff --git a/vendor/github.com/expr-lang/expr/parser/lexer/state.go b/vendor/github.com/expr-lang/expr/parser/lexer/state.go
index 5d82329eb9c..9999fd3c526 100644
--- a/vendor/github.com/expr-lang/expr/parser/lexer/state.go
+++ b/vendor/github.com/expr-lang/expr/parser/lexer/state.go
@@ -23,6 +23,8 @@ func root(l *lexer) stateFn {
 			l.error("%v", err)
 		}
 		l.emitValue(String, str)
+	case r == '`':
+		l.scanRawString(r)
 	case '0' <= r && r <= '9':
 		l.backup()
 		return number
diff --git a/vendor/github.com/expr-lang/expr/vm/opcodes.go b/vendor/github.com/expr-lang/expr/vm/opcodes.go
index 1106cd3f05b..57b84050739 100644
--- a/vendor/github.com/expr-lang/expr/vm/opcodes.go
+++ b/vendor/github.com/expr-lang/expr/vm/opcodes.go
@@ -60,6 +60,7 @@ const (
 	OpCallFast
 	OpCallTyped
 	OpCallBuiltin1
+	OpValidateArgs
 	OpArray
 	OpMap
 	OpLen
diff --git a/vendor/github.com/expr-lang/expr/vm/program.go b/vendor/github.com/expr-lang/expr/vm/program.go
index 27b8f609874..085b18a7fd5 100644
--- a/vendor/github.com/expr-lang/expr/vm/program.go
+++ b/vendor/github.com/expr-lang/expr/vm/program.go
@@ -137,7 +137,7 @@ func (program *Program) DisassembleWriter(w io.Writer) {
 			constant("OpLoadMethod")
 
 		case OpLoadFunc:
-			argument("OpLoadFunc")
+			argumentWithInfo("OpLoadFunc", "func")
 
 		case OpLoadEnv:
 			code("OpLoadEnv")
@@ -278,6 +278,9 @@ func (program *Program) DisassembleWriter(w io.Writer) {
 		case OpCallBuiltin1:
 			builtinArg("OpCallBuiltin1")
 
+		case OpValidateArgs:
+			argument("OpValidateArgs")
+
 		case OpArray:
 			code("OpArray")
 
diff --git a/vendor/github.com/expr-lang/expr/vm/runtime/generated.go b/vendor/github.com/expr-lang/expr/vm/runtime/generated.go
index 720feb45543..a5b92f47780 100644
--- a/vendor/github.com/expr-lang/expr/vm/runtime/generated.go
+++ b/vendor/github.com/expr-lang/expr/vm/runtime/generated.go
@@ -3372,4 +3372,4 @@ func Modulo(a, b interface{}) int {
 		}
 	}
 	panic(fmt.Sprintf("invalid operation: %T %% %T", a, b))
-}
+}
\ No newline at end of file
diff --git a/vendor/github.com/expr-lang/expr/vm/vm.go b/vendor/github.com/expr-lang/expr/vm/vm.go
index 20e1594fdeb..fa2c7589983 100644
--- a/vendor/github.com/expr-lang/expr/vm/vm.go
+++ b/vendor/github.com/expr-lang/expr/vm/vm.go
@@ -397,6 +397,14 @@ func (vm *VM) Run(program *Program, env any) (_ any, err error) {
 		case OpCallBuiltin1:
 			vm.push(builtin.Builtins[arg].Fast(vm.pop()))
 
+		case OpValidateArgs:
+			fn := vm.pop().(Function)
+			mem, err := fn(vm.stack[len(vm.stack)-arg:]...)
+			if err != nil {
+				panic(err)
+			}
+			vm.memGrow(mem.(uint))
+
 		case OpArray:
 			size := vm.pop().(int)
 			vm.memGrow(uint(size))
diff --git a/vendor/github.com/go-playground/validator/v10/README.md b/vendor/github.com/go-playground/validator/v10/README.md
index dbbafc3e34d..810097b3a9a 100644
--- a/vendor/github.com/go-playground/validator/v10/README.md
+++ b/vendor/github.com/go-playground/validator/v10/README.md
@@ -1,7 +1,7 @@
 Package validator
 =================
 <img align="right" src="logo.png">[![Join the chat at https://gitter.im/go-playground/validator](https://badges.gitter.im/Join%20Chat.svg)](https://gitter.im/go-playground/validator?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
-![Project status](https://img.shields.io/badge/version-10.16.0-green.svg)
+![Project status](https://img.shields.io/badge/version-10.17.0-green.svg)
 [![Build Status](https://travis-ci.org/go-playground/validator.svg?branch=master)](https://travis-ci.org/go-playground/validator)
 [![Coverage Status](https://coveralls.io/repos/go-playground/validator/badge.svg?branch=master&service=github)](https://coveralls.io/github/go-playground/validator?branch=master)
 [![Go Report Card](https://goreportcard.com/badge/github.com/go-playground/validator)](https://goreportcard.com/report/github.com/go-playground/validator)
diff --git a/vendor/github.com/go-playground/validator/v10/errors.go b/vendor/github.com/go-playground/validator/v10/errors.go
index 5856d57c8c9..be2676e9e15 100644
--- a/vendor/github.com/go-playground/validator/v10/errors.go
+++ b/vendor/github.com/go-playground/validator/v10/errors.go
@@ -257,15 +257,19 @@ func (fe *fieldError) Error() string {
 // NOTE: if no registered translation can be found, it returns the original
 // untranslated error message.
 func (fe *fieldError) Translate(ut ut.Translator) string {
+	var fn TranslationFunc
 
 	m, ok := fe.v.transTagFunc[ut]
 	if !ok {
 		return fe.Error()
 	}
 
-	fn, ok := m[fe.tag]
+	fn, ok = m[fe.tag]
 	if !ok {
-		return fe.Error()
+		fn, ok = m[fe.actualTag]
+		if !ok {
+			return fe.Error()
+		}
 	}
 
 	return fn(ut, fe)
diff --git a/vendor/github.com/google/go-github/v56/github/security_advisories.go b/vendor/github.com/google/go-github/v56/github/security_advisories.go
deleted file mode 100644
index 681d0cd4bd5..00000000000
--- a/vendor/github.com/google/go-github/v56/github/security_advisories.go
+++ /dev/null
@@ -1,120 +0,0 @@
-// Copyright 2023 The go-github AUTHORS. All rights reserved.
-//
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package github
-
-import (
-	"context"
-	"fmt"
-)
-
-type SecurityAdvisoriesService service
-
-// SecurityAdvisorySubmission represents the Security Advisory Submission.
-type SecurityAdvisorySubmission struct {
-	// Accepted represents whether a private vulnerability report was accepted by the repository's administrators.
-	Accepted *bool `json:"accepted,omitempty"`
-}
-
-// RepoAdvisoryCredit represents the credit object for a repository Security Advisory.
-type RepoAdvisoryCredit struct {
-	Login *string `json:"login,omitempty"`
-	Type  *string `json:"type,omitempty"`
-}
-
-// RepoAdvisoryCreditDetailed represents a credit given to a user for a repository Security Advisory.
-type RepoAdvisoryCreditDetailed struct {
-	User  *User   `json:"user,omitempty"`
-	Type  *string `json:"type,omitempty"`
-	State *string `json:"state,omitempty"`
-}
-
-// ListRepositorySecurityAdvisoriesOptions specifies the optional parameters to list the repository security advisories.
-type ListRepositorySecurityAdvisoriesOptions struct {
-	ListCursorOptions
-
-	// Direction in which to sort advisories. Possible values are: asc, desc.
-	// Default is "asc".
-	Direction string `url:"direction,omitempty"`
-
-	// Sort specifies how to sort advisories. Possible values are: created, updated,
-	// and published. Default value is "created".
-	Sort string `url:"sort,omitempty"`
-
-	// State filters advisories based on their state. Possible values are: triage, draft, published, closed.
-	State string `url:"state,omitempty"`
-}
-
-// RequestCVE requests a Common Vulnerabilities and Exposures (CVE) for a repository security advisory.
-// The ghsaID is the GitHub Security Advisory identifier of the advisory.
-//
-// GitHub API docs: https://docs.github.com/en/rest/security-advisories/repository-advisories#request-a-cve-for-a-repository-security-advisory
-func (s *SecurityAdvisoriesService) RequestCVE(ctx context.Context, owner, repo, ghsaID string) (*Response, error) {
-	url := fmt.Sprintf("repos/%v/%v/security-advisories/%v/cve", owner, repo, ghsaID)
-
-	req, err := s.client.NewRequest("POST", url, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	resp, err := s.client.Do(ctx, req, nil)
-	if err != nil {
-		if _, ok := err.(*AcceptedError); ok {
-			return resp, nil
-		}
-
-		return resp, err
-	}
-
-	return resp, nil
-}
-
-// ListRepositorySecurityAdvisoriesForOrg lists the repository security advisories for an organization.
-//
-// GitHub API docs: https://docs.github.com/en/rest/security-advisories/repository-advisories?apiVersion=2022-11-28#list-repository-security-advisories-for-an-organization
-func (s *SecurityAdvisoriesService) ListRepositorySecurityAdvisoriesForOrg(ctx context.Context, org string, opt *ListRepositorySecurityAdvisoriesOptions) ([]*SecurityAdvisory, *Response, error) {
-	url := fmt.Sprintf("orgs/%v/security-advisories", org)
-	url, err := addOptions(url, opt)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	req, err := s.client.NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var advisories []*SecurityAdvisory
-	resp, err := s.client.Do(ctx, req, &advisories)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return advisories, resp, nil
-}
-
-// ListRepositorySecurityAdvisories lists the security advisories in a repository.
-//
-// GitHub API docs: https://docs.github.com/en/enterprise-cloud@latest/rest/security-advisories/repository-advisories?apiVersion=2022-11-28#list-repository-security-advisories
-func (s *SecurityAdvisoriesService) ListRepositorySecurityAdvisories(ctx context.Context, owner, repo string, opt *ListRepositorySecurityAdvisoriesOptions) ([]*SecurityAdvisory, *Response, error) {
-	url := fmt.Sprintf("repos/%v/%v/security-advisories", owner, repo)
-	url, err := addOptions(url, opt)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	req, err := s.client.NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var advisories []*SecurityAdvisory
-	resp, err := s.client.Do(ctx, req, &advisories)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return advisories, resp, nil
-}
diff --git a/vendor/github.com/google/go-github/v56/AUTHORS b/vendor/github.com/google/go-github/v57/AUTHORS
similarity index 100%
rename from vendor/github.com/google/go-github/v56/AUTHORS
rename to vendor/github.com/google/go-github/v57/AUTHORS
diff --git a/vendor/github.com/google/go-github/v56/LICENSE b/vendor/github.com/google/go-github/v57/LICENSE
similarity index 100%
rename from vendor/github.com/google/go-github/v56/LICENSE
rename to vendor/github.com/google/go-github/v57/LICENSE
diff --git a/vendor/github.com/google/go-github/v56/github/actions.go b/vendor/github.com/google/go-github/v57/github/actions.go
similarity index 83%
rename from vendor/github.com/google/go-github/v56/github/actions.go
rename to vendor/github.com/google/go-github/v57/github/actions.go
index 8d552f2d0db..4b88a1e1145 100644
--- a/vendor/github.com/google/go-github/v56/github/actions.go
+++ b/vendor/github.com/google/go-github/v57/github/actions.go
@@ -8,5 +8,5 @@ package github
 // ActionsService handles communication with the actions related
 // methods of the GitHub API.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/
+// GitHub API docs: https://docs.github.com/rest/actions/
 type ActionsService service
diff --git a/vendor/github.com/google/go-github/v56/github/actions_artifacts.go b/vendor/github.com/google/go-github/v57/github/actions_artifacts.go
similarity index 81%
rename from vendor/github.com/google/go-github/v56/github/actions_artifacts.go
rename to vendor/github.com/google/go-github/v57/github/actions_artifacts.go
index 6389268b4ea..f804b809b4a 100644
--- a/vendor/github.com/google/go-github/v56/github/actions_artifacts.go
+++ b/vendor/github.com/google/go-github/v57/github/actions_artifacts.go
@@ -14,7 +14,7 @@ import (
 
 // ArtifactWorkflowRun represents a GitHub artifact's workflow run.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/artifacts
+// GitHub API docs: https://docs.github.com/rest/actions/artifacts
 type ArtifactWorkflowRun struct {
 	ID               *int64  `json:"id,omitempty"`
 	RepositoryID     *int64  `json:"repository_id,omitempty"`
@@ -27,7 +27,7 @@ type ArtifactWorkflowRun struct {
 // data between jobs in a workflow and provide storage for data
 // once a workflow is complete.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/artifacts
+// GitHub API docs: https://docs.github.com/rest/actions/artifacts
 type Artifact struct {
 	ID                 *int64               `json:"id,omitempty"`
 	NodeID             *string              `json:"node_id,omitempty"`
@@ -44,7 +44,7 @@ type Artifact struct {
 
 // ArtifactList represents a list of GitHub artifacts.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/artifacts#artifacts
+// GitHub API docs: https://docs.github.com/rest/actions/artifacts#artifacts
 type ArtifactList struct {
 	TotalCount *int64      `json:"total_count,omitempty"`
 	Artifacts  []*Artifact `json:"artifacts,omitempty"`
@@ -52,7 +52,9 @@ type ArtifactList struct {
 
 // ListArtifacts lists all artifacts that belong to a repository.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/artifacts#list-artifacts-for-a-repository
+// GitHub API docs: https://docs.github.com/rest/actions/artifacts#list-artifacts-for-a-repository
+//
+//meta:operation GET /repos/{owner}/{repo}/actions/artifacts
 func (s *ActionsService) ListArtifacts(ctx context.Context, owner, repo string, opts *ListOptions) (*ArtifactList, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/actions/artifacts", owner, repo)
 	u, err := addOptions(u, opts)
@@ -76,7 +78,9 @@ func (s *ActionsService) ListArtifacts(ctx context.Context, owner, repo string,
 
 // ListWorkflowRunArtifacts lists all artifacts that belong to a workflow run.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/artifacts#list-workflow-run-artifacts
+// GitHub API docs: https://docs.github.com/rest/actions/artifacts#list-workflow-run-artifacts
+//
+//meta:operation GET /repos/{owner}/{repo}/actions/runs/{run_id}/artifacts
 func (s *ActionsService) ListWorkflowRunArtifacts(ctx context.Context, owner, repo string, runID int64, opts *ListOptions) (*ArtifactList, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/actions/runs/%v/artifacts", owner, repo, runID)
 	u, err := addOptions(u, opts)
@@ -100,7 +104,9 @@ func (s *ActionsService) ListWorkflowRunArtifacts(ctx context.Context, owner, re
 
 // GetArtifact gets a specific artifact for a workflow run.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/artifacts#get-an-artifact
+// GitHub API docs: https://docs.github.com/rest/actions/artifacts#get-an-artifact
+//
+//meta:operation GET /repos/{owner}/{repo}/actions/artifacts/{artifact_id}
 func (s *ActionsService) GetArtifact(ctx context.Context, owner, repo string, artifactID int64) (*Artifact, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/actions/artifacts/%v", owner, repo, artifactID)
 
@@ -120,7 +126,9 @@ func (s *ActionsService) GetArtifact(ctx context.Context, owner, repo string, ar
 
 // DownloadArtifact gets a redirect URL to download an archive for a repository.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/artifacts#download-an-artifact
+// GitHub API docs: https://docs.github.com/rest/actions/artifacts#download-an-artifact
+//
+//meta:operation GET /repos/{owner}/{repo}/actions/artifacts/{artifact_id}/{archive_format}
 func (s *ActionsService) DownloadArtifact(ctx context.Context, owner, repo string, artifactID int64, maxRedirects int) (*url.URL, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/actions/artifacts/%v/zip", owner, repo, artifactID)
 
@@ -144,7 +152,9 @@ func (s *ActionsService) DownloadArtifact(ctx context.Context, owner, repo strin
 
 // DeleteArtifact deletes a workflow run artifact.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/artifacts#delete-an-artifact
+// GitHub API docs: https://docs.github.com/rest/actions/artifacts#delete-an-artifact
+//
+//meta:operation DELETE /repos/{owner}/{repo}/actions/artifacts/{artifact_id}
 func (s *ActionsService) DeleteArtifact(ctx context.Context, owner, repo string, artifactID int64) (*Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/actions/artifacts/%v", owner, repo, artifactID)
 
diff --git a/vendor/github.com/google/go-github/v56/github/actions_cache.go b/vendor/github.com/google/go-github/v57/github/actions_cache.go
similarity index 81%
rename from vendor/github.com/google/go-github/v56/github/actions_cache.go
rename to vendor/github.com/google/go-github/v57/github/actions_cache.go
index 9592d9ab62f..271d7d82069 100644
--- a/vendor/github.com/google/go-github/v56/github/actions_cache.go
+++ b/vendor/github.com/google/go-github/v57/github/actions_cache.go
@@ -12,7 +12,7 @@ import (
 
 // ActionsCache represents a GitHub action cache.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/cache?apiVersion=2022-11-28#about-the-cache-api
+// GitHub API docs: https://docs.github.com/rest/actions/cache#about-the-cache-api
 type ActionsCache struct {
 	ID             *int64     `json:"id,omitempty" url:"-"`
 	Ref            *string    `json:"ref,omitempty" url:"ref"`
@@ -25,7 +25,7 @@ type ActionsCache struct {
 
 // ActionsCacheList represents a list of GitHub actions Cache.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/cache?apiVersion=2022-11-28#list-github-actions-caches-for-a-repository
+// GitHub API docs: https://docs.github.com/rest/actions/cache#list-github-actions-caches-for-a-repository
 type ActionsCacheList struct {
 	TotalCount    int             `json:"total_count"`
 	ActionsCaches []*ActionsCache `json:"actions_caches,omitempty"`
@@ -33,7 +33,7 @@ type ActionsCacheList struct {
 
 // ActionsCacheUsage represents a GitHub Actions Cache Usage object.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/cache?apiVersion=2022-11-28#get-github-actions-cache-usage-for-a-repository
+// GitHub API docs: https://docs.github.com/rest/actions/cache#get-github-actions-cache-usage-for-a-repository
 type ActionsCacheUsage struct {
 	FullName                string `json:"full_name"`
 	ActiveCachesSizeInBytes int64  `json:"active_caches_size_in_bytes"`
@@ -42,7 +42,7 @@ type ActionsCacheUsage struct {
 
 // ActionsCacheUsageList represents a list of repositories with GitHub Actions cache usage for an organization.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/cache?apiVersion=2022-11-28#get-github-actions-cache-usage-for-a-repository
+// GitHub API docs: https://docs.github.com/rest/actions/cache#get-github-actions-cache-usage-for-a-repository
 type ActionsCacheUsageList struct {
 	TotalCount     int                  `json:"total_count"`
 	RepoCacheUsage []*ActionsCacheUsage `json:"repository_cache_usages,omitempty"`
@@ -50,7 +50,7 @@ type ActionsCacheUsageList struct {
 
 // TotalCacheUsage represents total GitHub actions cache usage of an organization or enterprise.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/cache?apiVersion=2022-11-28#get-github-actions-cache-usage-for-an-enterprise
+// GitHub API docs: https://docs.github.com/rest/actions/cache#get-github-actions-cache-usage-for-an-enterprise
 type TotalCacheUsage struct {
 	TotalActiveCachesUsageSizeInBytes int64 `json:"total_active_caches_size_in_bytes"`
 	TotalActiveCachesCount            int   `json:"total_active_caches_count"`
@@ -58,7 +58,7 @@ type TotalCacheUsage struct {
 
 // ActionsCacheListOptions represents a list of all possible optional Query parameters for ListCaches method.
 //
-// GitHub API docs:  https://docs.github.com/en/rest/actions/cache?apiVersion=2022-11-28#list-github-actions-caches-for-a-repository
+// GitHub API docs:  https://docs.github.com/rest/actions/cache#list-github-actions-caches-for-a-repository
 type ActionsCacheListOptions struct {
 	ListOptions
 	// The Git reference for the results you want to list.
@@ -77,7 +77,9 @@ type ActionsCacheListOptions struct {
 //
 // Permissions: must have the actions:read permission to use this endpoint.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/cache?apiVersion=2022-11-28#list-github-actions-caches-for-a-repository
+// GitHub API docs: https://docs.github.com/rest/actions/cache#list-github-actions-caches-for-a-repository
+//
+//meta:operation GET /repos/{owner}/{repo}/actions/caches
 func (s *ActionsService) ListCaches(ctx context.Context, owner, repo string, opts *ActionsCacheListOptions) (*ActionsCacheList, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/actions/caches", owner, repo)
 	u, err := addOptions(u, opts)
@@ -107,7 +109,9 @@ func (s *ActionsService) ListCaches(ctx context.Context, owner, repo string, opt
 //
 // Permissions: You must authenticate using an access token with the repo scope to use this endpoint. GitHub Apps must have the actions:write permission to use this endpoint.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/cache?apiVersion=2022-11-28#delete-github-actions-caches-for-a-repository-using-a-cache-key
+// GitHub API docs: https://docs.github.com/rest/actions/cache#delete-github-actions-caches-for-a-repository-using-a-cache-key
+//
+//meta:operation DELETE /repos/{owner}/{repo}/actions/caches
 func (s *ActionsService) DeleteCachesByKey(ctx context.Context, owner, repo, key string, ref *string) (*Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/actions/caches", owner, repo)
 	u, err := addOptions(u, ActionsCache{Key: &key, Ref: ref})
@@ -127,7 +131,9 @@ func (s *ActionsService) DeleteCachesByKey(ctx context.Context, owner, repo, key
 //
 // Permissions: You must authenticate using an access token with the repo scope to use this endpoint. GitHub Apps must have the actions:write permission to use this endpoint.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/cache?apiVersion=2022-11-28#delete-a-github-actions-cache-for-a-repository-using-a-cache-id
+// GitHub API docs: https://docs.github.com/rest/actions/cache#delete-a-github-actions-cache-for-a-repository-using-a-cache-id
+//
+//meta:operation DELETE /repos/{owner}/{repo}/actions/caches/{cache_id}
 func (s *ActionsService) DeleteCachesByID(ctx context.Context, owner, repo string, cacheID int64) (*Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/actions/caches/%v", owner, repo, cacheID)
 	req, err := s.client.NewRequest("DELETE", u, nil)
@@ -144,7 +150,9 @@ func (s *ActionsService) DeleteCachesByID(ctx context.Context, owner, repo strin
 // Permissions: Anyone with read access to the repository can use this endpoint. If the repository is private, you must use an
 // access token with the repo scope. GitHub Apps must have the actions:read permission to use this endpoint.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/cache?apiVersion=2022-11-28#get-github-actions-cache-usage-for-a-repository
+// GitHub API docs: https://docs.github.com/rest/actions/cache#get-github-actions-cache-usage-for-a-repository
+//
+//meta:operation GET /repos/{owner}/{repo}/actions/cache/usage
 func (s *ActionsService) GetCacheUsageForRepo(ctx context.Context, owner, repo string) (*ActionsCacheUsage, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/actions/cache/usage", owner, repo)
 	req, err := s.client.NewRequest("GET", u, nil)
@@ -167,7 +175,9 @@ func (s *ActionsService) GetCacheUsageForRepo(ctx context.Context, owner, repo s
 // Permissions: You must authenticate using an access token with the read:org scope to use this endpoint.
 // GitHub Apps must have the organization_admistration:read permission to use this endpoint.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/cache?apiVersion=2022-11-28#list-repositories-with-github-actions-cache-usage-for-an-organization
+// GitHub API docs: https://docs.github.com/rest/actions/cache#list-repositories-with-github-actions-cache-usage-for-an-organization
+//
+//meta:operation GET /orgs/{org}/actions/cache/usage-by-repository
 func (s *ActionsService) ListCacheUsageByRepoForOrg(ctx context.Context, org string, opts *ListOptions) (*ActionsCacheUsageList, *Response, error) {
 	u := fmt.Sprintf("orgs/%v/actions/cache/usage-by-repository", org)
 	u, err := addOptions(u, opts)
@@ -195,7 +205,9 @@ func (s *ActionsService) ListCacheUsageByRepoForOrg(ctx context.Context, org str
 // Permissions: You must authenticate using an access token with the read:org scope to use this endpoint.
 // GitHub Apps must have the organization_admistration:read permission to use this endpoint.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/cache?apiVersion=2022-11-28#get-github-actions-cache-usage-for-an-organization
+// GitHub API docs: https://docs.github.com/rest/actions/cache#get-github-actions-cache-usage-for-an-organization
+//
+//meta:operation GET /orgs/{org}/actions/cache/usage
 func (s *ActionsService) GetTotalCacheUsageForOrg(ctx context.Context, org string) (*TotalCacheUsage, *Response, error) {
 	u := fmt.Sprintf("orgs/%v/actions/cache/usage", org)
 	req, err := s.client.NewRequest("GET", u, nil)
@@ -217,7 +229,9 @@ func (s *ActionsService) GetTotalCacheUsageForOrg(ctx context.Context, org strin
 //
 // Permissions: You must authenticate using an access token with the "admin:enterprise" scope to use this endpoint.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/cache?apiVersion=2022-11-28#get-github-actions-cache-usage-for-an-enterprise
+// GitHub API docs: https://docs.github.com/enterprise-cloud@latest/rest/actions/cache#get-github-actions-cache-usage-for-an-enterprise
+//
+//meta:operation GET /enterprises/{enterprise}/actions/cache/usage
 func (s *ActionsService) GetTotalCacheUsageForEnterprise(ctx context.Context, enterprise string) (*TotalCacheUsage, *Response, error) {
 	u := fmt.Sprintf("enterprises/%v/actions/cache/usage", enterprise)
 	req, err := s.client.NewRequest("GET", u, nil)
diff --git a/vendor/github.com/google/go-github/v56/github/actions_oidc.go b/vendor/github.com/google/go-github/v57/github/actions_oidc.go
similarity index 76%
rename from vendor/github.com/google/go-github/v56/github/actions_oidc.go
rename to vendor/github.com/google/go-github/v57/github/actions_oidc.go
index b7f2d26ae9c..596aa9d981e 100644
--- a/vendor/github.com/google/go-github/v56/github/actions_oidc.go
+++ b/vendor/github.com/google/go-github/v57/github/actions_oidc.go
@@ -18,7 +18,9 @@ type OIDCSubjectClaimCustomTemplate struct {
 
 // GetOrgOIDCSubjectClaimCustomTemplate gets the subject claim customization template for an organization.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/oidc#get-the-customization-template-for-an-oidc-subject-claim-for-an-organization
+// GitHub API docs: https://docs.github.com/rest/actions/oidc#get-the-customization-template-for-an-oidc-subject-claim-for-an-organization
+//
+//meta:operation GET /orgs/{org}/actions/oidc/customization/sub
 func (s *ActionsService) GetOrgOIDCSubjectClaimCustomTemplate(ctx context.Context, org string) (*OIDCSubjectClaimCustomTemplate, *Response, error) {
 	u := fmt.Sprintf("orgs/%v/actions/oidc/customization/sub", org)
 	return s.getOIDCSubjectClaimCustomTemplate(ctx, u)
@@ -26,7 +28,9 @@ func (s *ActionsService) GetOrgOIDCSubjectClaimCustomTemplate(ctx context.Contex
 
 // GetRepoOIDCSubjectClaimCustomTemplate gets the subject claim customization template for a repository.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/oidc#get-the-customization-template-for-an-oidc-subject-claim-for-a-repository
+// GitHub API docs: https://docs.github.com/rest/actions/oidc#get-the-customization-template-for-an-oidc-subject-claim-for-a-repository
+//
+//meta:operation GET /repos/{owner}/{repo}/actions/oidc/customization/sub
 func (s *ActionsService) GetRepoOIDCSubjectClaimCustomTemplate(ctx context.Context, owner, repo string) (*OIDCSubjectClaimCustomTemplate, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/actions/oidc/customization/sub", owner, repo)
 	return s.getOIDCSubjectClaimCustomTemplate(ctx, u)
@@ -49,7 +53,9 @@ func (s *ActionsService) getOIDCSubjectClaimCustomTemplate(ctx context.Context,
 
 // SetOrgOIDCSubjectClaimCustomTemplate sets the subject claim customization for an organization.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/oidc#set-the-customization-template-for-an-oidc-subject-claim-for-an-organization
+// GitHub API docs: https://docs.github.com/rest/actions/oidc#set-the-customization-template-for-an-oidc-subject-claim-for-an-organization
+//
+//meta:operation PUT /orgs/{org}/actions/oidc/customization/sub
 func (s *ActionsService) SetOrgOIDCSubjectClaimCustomTemplate(ctx context.Context, org string, template *OIDCSubjectClaimCustomTemplate) (*Response, error) {
 	u := fmt.Sprintf("orgs/%v/actions/oidc/customization/sub", org)
 	return s.setOIDCSubjectClaimCustomTemplate(ctx, u, template)
@@ -57,7 +63,9 @@ func (s *ActionsService) SetOrgOIDCSubjectClaimCustomTemplate(ctx context.Contex
 
 // SetRepoOIDCSubjectClaimCustomTemplate sets the subject claim customization for a repository.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/oidc#set-the-customization-template-for-an-oidc-subject-claim-for-a-repository
+// GitHub API docs: https://docs.github.com/rest/actions/oidc#set-the-customization-template-for-an-oidc-subject-claim-for-a-repository
+//
+//meta:operation PUT /repos/{owner}/{repo}/actions/oidc/customization/sub
 func (s *ActionsService) SetRepoOIDCSubjectClaimCustomTemplate(ctx context.Context, owner, repo string, template *OIDCSubjectClaimCustomTemplate) (*Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/actions/oidc/customization/sub", owner, repo)
 	return s.setOIDCSubjectClaimCustomTemplate(ctx, u, template)
diff --git a/vendor/github.com/google/go-github/v56/github/actions_permissions_enterprise.go b/vendor/github.com/google/go-github/v57/github/actions_permissions_enterprise.go
similarity index 89%
rename from vendor/github.com/google/go-github/v56/github/actions_permissions_enterprise.go
rename to vendor/github.com/google/go-github/v57/github/actions_permissions_enterprise.go
index 8311e729438..7e10444af47 100644
--- a/vendor/github.com/google/go-github/v56/github/actions_permissions_enterprise.go
+++ b/vendor/github.com/google/go-github/v57/github/actions_permissions_enterprise.go
@@ -10,7 +10,7 @@ import (
 	"fmt"
 )
 
-// ActionsEnabledOnEnterpriseOrgs represents all the repositories in an enterprise for which Actions is enabled.
+// ActionsEnabledOnEnterpriseRepos represents all the repositories in an enterprise for which Actions is enabled.
 type ActionsEnabledOnEnterpriseRepos struct {
 	TotalCount    int             `json:"total_count"`
 	Organizations []*Organization `json:"organizations"`
@@ -32,6 +32,8 @@ func (a ActionsPermissionsEnterprise) String() string {
 // GetActionsPermissionsInEnterprise gets the GitHub Actions permissions policy for an enterprise.
 //
 // GitHub API docs: https://docs.github.com/enterprise-cloud@latest/rest/actions/permissions#get-github-actions-permissions-for-an-enterprise
+//
+//meta:operation GET /enterprises/{enterprise}/actions/permissions
 func (s *ActionsService) GetActionsPermissionsInEnterprise(ctx context.Context, enterprise string) (*ActionsPermissionsEnterprise, *Response, error) {
 	u := fmt.Sprintf("enterprises/%v/actions/permissions", enterprise)
 
@@ -52,6 +54,8 @@ func (s *ActionsService) GetActionsPermissionsInEnterprise(ctx context.Context,
 // EditActionsPermissionsInEnterprise sets the permissions policy in an enterprise.
 //
 // GitHub API docs: https://docs.github.com/enterprise-cloud@latest/rest/actions/permissions#set-github-actions-permissions-for-an-enterprise
+//
+//meta:operation PUT /enterprises/{enterprise}/actions/permissions
 func (s *ActionsService) EditActionsPermissionsInEnterprise(ctx context.Context, enterprise string, actionsPermissionsEnterprise ActionsPermissionsEnterprise) (*ActionsPermissionsEnterprise, *Response, error) {
 	u := fmt.Sprintf("enterprises/%v/actions/permissions", enterprise)
 	req, err := s.client.NewRequest("PUT", u, actionsPermissionsEnterprise)
@@ -71,6 +75,8 @@ func (s *ActionsService) EditActionsPermissionsInEnterprise(ctx context.Context,
 // ListEnabledOrgsInEnterprise lists the selected organizations that are enabled for GitHub Actions in an enterprise.
 //
 // GitHub API docs: https://docs.github.com/enterprise-cloud@latest/rest/actions/permissions#list-selected-organizations-enabled-for-github-actions-in-an-enterprise
+//
+//meta:operation GET /enterprises/{enterprise}/actions/permissions/organizations
 func (s *ActionsService) ListEnabledOrgsInEnterprise(ctx context.Context, owner string, opts *ListOptions) (*ActionsEnabledOnEnterpriseRepos, *Response, error) {
 	u := fmt.Sprintf("enterprises/%v/actions/permissions/organizations", owner)
 	u, err := addOptions(u, opts)
@@ -95,6 +101,8 @@ func (s *ActionsService) ListEnabledOrgsInEnterprise(ctx context.Context, owner
 // SetEnabledOrgsInEnterprise replaces the list of selected organizations that are enabled for GitHub Actions in an enterprise.
 //
 // GitHub API docs: https://docs.github.com/enterprise-cloud@latest/rest/actions/permissions#set-selected-organizations-enabled-for-github-actions-in-an-enterprise
+//
+//meta:operation PUT /enterprises/{enterprise}/actions/permissions/organizations
 func (s *ActionsService) SetEnabledOrgsInEnterprise(ctx context.Context, owner string, organizationIDs []int64) (*Response, error) {
 	u := fmt.Sprintf("enterprises/%v/actions/permissions/organizations", owner)
 
@@ -116,6 +124,8 @@ func (s *ActionsService) SetEnabledOrgsInEnterprise(ctx context.Context, owner s
 // AddEnabledOrgInEnterprise adds an organization to the list of selected organizations that are enabled for GitHub Actions in an enterprise.
 //
 // GitHub API docs: https://docs.github.com/enterprise-cloud@latest/rest/actions/permissions#enable-a-selected-organization-for-github-actions-in-an-enterprise
+//
+//meta:operation PUT /enterprises/{enterprise}/actions/permissions/organizations/{org_id}
 func (s *ActionsService) AddEnabledOrgInEnterprise(ctx context.Context, owner string, organizationID int64) (*Response, error) {
 	u := fmt.Sprintf("enterprises/%v/actions/permissions/organizations/%v", owner, organizationID)
 
@@ -135,6 +145,8 @@ func (s *ActionsService) AddEnabledOrgInEnterprise(ctx context.Context, owner st
 // RemoveEnabledOrgInEnterprise removes an organization from the list of selected organizations that are enabled for GitHub Actions in an enterprise.
 //
 // GitHub API docs: https://docs.github.com/enterprise-cloud@latest/rest/actions/permissions#disable-a-selected-organization-for-github-actions-in-an-enterprise
+//
+//meta:operation DELETE /enterprises/{enterprise}/actions/permissions/organizations/{org_id}
 func (s *ActionsService) RemoveEnabledOrgInEnterprise(ctx context.Context, owner string, organizationID int64) (*Response, error) {
 	u := fmt.Sprintf("enterprises/%v/actions/permissions/organizations/%v", owner, organizationID)
 
@@ -154,6 +166,8 @@ func (s *ActionsService) RemoveEnabledOrgInEnterprise(ctx context.Context, owner
 // GetActionsAllowedInEnterprise gets the actions that are allowed in an enterprise.
 //
 // GitHub API docs: https://docs.github.com/enterprise-cloud@latest/rest/actions/permissions#get-allowed-actions-and-reusable-workflows-for-an-enterprise
+//
+//meta:operation GET /enterprises/{enterprise}/actions/permissions/selected-actions
 func (s *ActionsService) GetActionsAllowedInEnterprise(ctx context.Context, enterprise string) (*ActionsAllowed, *Response, error) {
 	u := fmt.Sprintf("enterprises/%v/actions/permissions/selected-actions", enterprise)
 
@@ -174,6 +188,8 @@ func (s *ActionsService) GetActionsAllowedInEnterprise(ctx context.Context, ente
 // EditActionsAllowedInEnterprise sets the actions that are allowed in an enterprise.
 //
 // GitHub API docs: https://docs.github.com/enterprise-cloud@latest/rest/actions/permissions#set-allowed-actions-and-reusable-workflows-for-an-enterprise
+//
+//meta:operation PUT /enterprises/{enterprise}/actions/permissions/selected-actions
 func (s *ActionsService) EditActionsAllowedInEnterprise(ctx context.Context, enterprise string, actionsAllowed ActionsAllowed) (*ActionsAllowed, *Response, error) {
 	u := fmt.Sprintf("enterprises/%v/actions/permissions/selected-actions", enterprise)
 	req, err := s.client.NewRequest("PUT", u, actionsAllowed)
diff --git a/vendor/github.com/google/go-github/v56/github/actions_permissions_orgs.go b/vendor/github.com/google/go-github/v57/github/actions_permissions_orgs.go
similarity index 74%
rename from vendor/github.com/google/go-github/v56/github/actions_permissions_orgs.go
rename to vendor/github.com/google/go-github/v57/github/actions_permissions_orgs.go
index 801f1d97437..1a31e4c6f1b 100644
--- a/vendor/github.com/google/go-github/v56/github/actions_permissions_orgs.go
+++ b/vendor/github.com/google/go-github/v57/github/actions_permissions_orgs.go
@@ -12,7 +12,7 @@ import (
 
 // ActionsPermissions represents a policy for repositories and allowed actions in an organization.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/permissions
+// GitHub API docs: https://docs.github.com/rest/actions/permissions
 type ActionsPermissions struct {
 	EnabledRepositories *string `json:"enabled_repositories,omitempty"`
 	AllowedActions      *string `json:"allowed_actions,omitempty"`
@@ -31,7 +31,7 @@ type ActionsEnabledOnOrgRepos struct {
 
 // ActionsAllowed represents selected actions that are allowed.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/permissions
+// GitHub API docs: https://docs.github.com/rest/actions/permissions
 type ActionsAllowed struct {
 	GithubOwnedAllowed *bool    `json:"github_owned_allowed,omitempty"`
 	VerifiedAllowed    *bool    `json:"verified_allowed,omitempty"`
@@ -44,7 +44,9 @@ func (a ActionsAllowed) String() string {
 
 // GetActionsPermissions gets the GitHub Actions permissions policy for repositories and allowed actions in an organization.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/permissions#get-github-actions-permissions-for-an-organization
+// GitHub API docs: https://docs.github.com/rest/actions/permissions#get-github-actions-permissions-for-an-organization
+//
+//meta:operation GET /orgs/{org}/actions/permissions
 func (s *ActionsService) GetActionsPermissions(ctx context.Context, org string) (*ActionsPermissions, *Response, error) {
 	u := fmt.Sprintf("orgs/%v/actions/permissions", org)
 
@@ -64,7 +66,9 @@ func (s *ActionsService) GetActionsPermissions(ctx context.Context, org string)
 
 // EditActionsPermissions sets the permissions policy for repositories and allowed actions in an organization.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/permissions#set-github-actions-permissions-for-an-organization
+// GitHub API docs: https://docs.github.com/rest/actions/permissions#set-github-actions-permissions-for-an-organization
+//
+//meta:operation PUT /orgs/{org}/actions/permissions
 func (s *ActionsService) EditActionsPermissions(ctx context.Context, org string, actionsPermissions ActionsPermissions) (*ActionsPermissions, *Response, error) {
 	u := fmt.Sprintf("orgs/%v/actions/permissions", org)
 	req, err := s.client.NewRequest("PUT", u, actionsPermissions)
@@ -83,7 +87,9 @@ func (s *ActionsService) EditActionsPermissions(ctx context.Context, org string,
 
 // ListEnabledReposInOrg lists the selected repositories that are enabled for GitHub Actions in an organization.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/permissions#list-selected-repositories-enabled-for-github-actions-in-an-organization
+// GitHub API docs: https://docs.github.com/rest/actions/permissions#list-selected-repositories-enabled-for-github-actions-in-an-organization
+//
+//meta:operation GET /orgs/{org}/actions/permissions/repositories
 func (s *ActionsService) ListEnabledReposInOrg(ctx context.Context, owner string, opts *ListOptions) (*ActionsEnabledOnOrgRepos, *Response, error) {
 	u := fmt.Sprintf("orgs/%v/actions/permissions/repositories", owner)
 	u, err := addOptions(u, opts)
@@ -107,7 +113,9 @@ func (s *ActionsService) ListEnabledReposInOrg(ctx context.Context, owner string
 
 // SetEnabledReposInOrg replaces the list of selected repositories that are enabled for GitHub Actions in an organization..
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/permissions#set-selected-repositories-enabled-for-github-actions-in-an-organization
+// GitHub API docs: https://docs.github.com/rest/actions/permissions#set-selected-repositories-enabled-for-github-actions-in-an-organization
+//
+//meta:operation PUT /orgs/{org}/actions/permissions/repositories
 func (s *ActionsService) SetEnabledReposInOrg(ctx context.Context, owner string, repositoryIDs []int64) (*Response, error) {
 	u := fmt.Sprintf("orgs/%v/actions/permissions/repositories", owner)
 
@@ -128,7 +136,9 @@ func (s *ActionsService) SetEnabledReposInOrg(ctx context.Context, owner string,
 
 // AddEnabledReposInOrg adds a repository to the list of selected repositories that are enabled for GitHub Actions in an organization.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/permissions#enable-a-selected-repository-for-github-actions-in-an-organization
+// GitHub API docs: https://docs.github.com/rest/actions/permissions#enable-a-selected-repository-for-github-actions-in-an-organization
+//
+//meta:operation PUT /orgs/{org}/actions/permissions/repositories/{repository_id}
 func (s *ActionsService) AddEnabledReposInOrg(ctx context.Context, owner string, repositoryID int64) (*Response, error) {
 	u := fmt.Sprintf("orgs/%v/actions/permissions/repositories/%v", owner, repositoryID)
 
@@ -145,9 +155,11 @@ func (s *ActionsService) AddEnabledReposInOrg(ctx context.Context, owner string,
 	return resp, nil
 }
 
-// RemoveEnabledRepoInOrg removes a single repository from the list of enabled repos for GitHub Actions in an organization.
+// RemoveEnabledReposInOrg removes a single repository from the list of enabled repos for GitHub Actions in an organization.
+//
+// GitHub API docs: https://docs.github.com/rest/actions/permissions#disable-a-selected-repository-for-github-actions-in-an-organization
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/permissions#disable-a-selected-repository-for-github-actions-in-an-organization
+//meta:operation DELETE /orgs/{org}/actions/permissions/repositories/{repository_id}
 func (s *ActionsService) RemoveEnabledReposInOrg(ctx context.Context, owner string, repositoryID int64) (*Response, error) {
 	u := fmt.Sprintf("orgs/%v/actions/permissions/repositories/%v", owner, repositoryID)
 
@@ -166,7 +178,9 @@ func (s *ActionsService) RemoveEnabledReposInOrg(ctx context.Context, owner stri
 
 // GetActionsAllowed gets the actions that are allowed in an organization.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/permissions#get-allowed-actions-and-reusable-workflows-for-an-organization
+// GitHub API docs: https://docs.github.com/rest/actions/permissions#get-allowed-actions-and-reusable-workflows-for-an-organization
+//
+//meta:operation GET /orgs/{org}/actions/permissions/selected-actions
 func (s *ActionsService) GetActionsAllowed(ctx context.Context, org string) (*ActionsAllowed, *Response, error) {
 	u := fmt.Sprintf("orgs/%v/actions/permissions/selected-actions", org)
 
@@ -186,7 +200,9 @@ func (s *ActionsService) GetActionsAllowed(ctx context.Context, org string) (*Ac
 
 // EditActionsAllowed sets the actions that are allowed in an organization.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/permissions#set-allowed-actions-and-reusable-workflows-for-an-organization
+// GitHub API docs: https://docs.github.com/rest/actions/permissions#set-allowed-actions-and-reusable-workflows-for-an-organization
+//
+//meta:operation PUT /orgs/{org}/actions/permissions/selected-actions
 func (s *ActionsService) EditActionsAllowed(ctx context.Context, org string, actionsAllowed ActionsAllowed) (*ActionsAllowed, *Response, error) {
 	u := fmt.Sprintf("orgs/%v/actions/permissions/selected-actions", org)
 	req, err := s.client.NewRequest("PUT", u, actionsAllowed)
diff --git a/vendor/github.com/google/go-github/v56/github/actions_required_workflows.go b/vendor/github.com/google/go-github/v57/github/actions_required_workflows.go
similarity index 83%
rename from vendor/github.com/google/go-github/v56/github/actions_required_workflows.go
rename to vendor/github.com/google/go-github/v57/github/actions_required_workflows.go
index 3566eb9d207..b89741a82a1 100644
--- a/vendor/github.com/google/go-github/v56/github/actions_required_workflows.go
+++ b/vendor/github.com/google/go-github/v57/github/actions_required_workflows.go
@@ -67,7 +67,9 @@ type RepoRequiredWorkflows struct {
 
 // ListOrgRequiredWorkflows lists the RequiredWorkflows for an org.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/required-workflows?apiVersion=2022-11-28#list-required-workflows
+// GitHub API docs: https://docs.github.com/actions/using-workflows/required-workflows
+//
+//meta:operation GET /orgs/{org}/actions/required_workflows
 func (s *ActionsService) ListOrgRequiredWorkflows(ctx context.Context, org string, opts *ListOptions) (*OrgRequiredWorkflows, *Response, error) {
 	url := fmt.Sprintf("orgs/%v/actions/required_workflows", org)
 	u, err := addOptions(url, opts)
@@ -91,7 +93,9 @@ func (s *ActionsService) ListOrgRequiredWorkflows(ctx context.Context, org strin
 
 // CreateRequiredWorkflow creates the required workflow in an org.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/required-workflows?apiVersion=2022-11-28#create-a-required-workflow
+// GitHub API docs: https://docs.github.com/actions/using-workflows/required-workflows
+//
+//meta:operation POST /orgs/{org}/actions/required_workflows
 func (s *ActionsService) CreateRequiredWorkflow(ctx context.Context, org string, createRequiredWorkflowOptions *CreateUpdateRequiredWorkflowOptions) (*OrgRequiredWorkflow, *Response, error) {
 	url := fmt.Sprintf("orgs/%v/actions/required_workflows", org)
 	req, err := s.client.NewRequest("POST", url, createRequiredWorkflowOptions)
@@ -110,7 +114,9 @@ func (s *ActionsService) CreateRequiredWorkflow(ctx context.Context, org string,
 
 // GetRequiredWorkflowByID get the RequiredWorkflows for an org by its ID.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/required-workflows?apiVersion=2022-11-28#list-required-workflows
+// GitHub API docs: https://docs.github.com/actions/using-workflows/required-workflows
+//
+//meta:operation GET /orgs/{org}/actions/required_workflows/{workflow_id}
 func (s *ActionsService) GetRequiredWorkflowByID(ctx context.Context, owner string, requiredWorkflowID int64) (*OrgRequiredWorkflow, *Response, error) {
 	u := fmt.Sprintf("orgs/%v/actions/required_workflows/%v", owner, requiredWorkflowID)
 
@@ -130,7 +136,9 @@ func (s *ActionsService) GetRequiredWorkflowByID(ctx context.Context, owner stri
 
 // UpdateRequiredWorkflow updates a required workflow in an org.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/required-workflows?apiVersion=2022-11-28#update-a-required-workflow
+// GitHub API docs: https://docs.github.com/actions/using-workflows/required-workflows
+//
+//meta:operation PATCH /orgs/{org}/actions/required_workflows/{workflow_id}
 func (s *ActionsService) UpdateRequiredWorkflow(ctx context.Context, org string, requiredWorkflowID int64, updateRequiredWorkflowOptions *CreateUpdateRequiredWorkflowOptions) (*OrgRequiredWorkflow, *Response, error) {
 	url := fmt.Sprintf("orgs/%v/actions/required_workflows/%v", org, requiredWorkflowID)
 	req, err := s.client.NewRequest("PATCH", url, updateRequiredWorkflowOptions)
@@ -149,7 +157,9 @@ func (s *ActionsService) UpdateRequiredWorkflow(ctx context.Context, org string,
 
 // DeleteRequiredWorkflow deletes a required workflow in an org.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/required-workflows?apiVersion=2022-11-28#update-a-required-workflow
+// GitHub API docs: https://docs.github.com/actions/using-workflows/required-workflows
+//
+//meta:operation DELETE /orgs/{org}/actions/required_workflows/{workflow_id}
 func (s *ActionsService) DeleteRequiredWorkflow(ctx context.Context, org string, requiredWorkflowID int64) (*Response, error) {
 	url := fmt.Sprintf("orgs/%v/actions/required_workflows/%v", org, requiredWorkflowID)
 	req, err := s.client.NewRequest("DELETE", url, nil)
@@ -161,7 +171,9 @@ func (s *ActionsService) DeleteRequiredWorkflow(ctx context.Context, org string,
 
 // ListRequiredWorkflowSelectedRepos lists the Repositories selected for a workflow.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/required-workflows?apiVersion=2022-11-28#list-selected-repositories-for-a-required-workflow
+// GitHub API docs: https://docs.github.com/actions/using-workflows/required-workflows
+//
+//meta:operation GET /orgs/{org}/actions/required_workflows/{workflow_id}/repositories
 func (s *ActionsService) ListRequiredWorkflowSelectedRepos(ctx context.Context, org string, requiredWorkflowID int64, opts *ListOptions) (*RequiredWorkflowSelectedRepos, *Response, error) {
 	url := fmt.Sprintf("orgs/%v/actions/required_workflows/%v/repositories", org, requiredWorkflowID)
 	u, err := addOptions(url, opts)
@@ -184,7 +196,9 @@ func (s *ActionsService) ListRequiredWorkflowSelectedRepos(ctx context.Context,
 
 // SetRequiredWorkflowSelectedRepos sets the Repositories selected for a workflow.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/required-workflows?apiVersion=2022-11-28#sets-repositories-for-a-required-workflow
+// GitHub API docs: https://docs.github.com/actions/using-workflows/required-workflows
+//
+//meta:operation PUT /orgs/{org}/actions/required_workflows/{workflow_id}/repositories
 func (s *ActionsService) SetRequiredWorkflowSelectedRepos(ctx context.Context, org string, requiredWorkflowID int64, ids SelectedRepoIDs) (*Response, error) {
 	type repoIDs struct {
 		SelectedIDs SelectedRepoIDs `json:"selected_repository_ids"`
@@ -200,7 +214,9 @@ func (s *ActionsService) SetRequiredWorkflowSelectedRepos(ctx context.Context, o
 
 // AddRepoToRequiredWorkflow adds the Repository to a required workflow.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/required-workflows?apiVersion=2022-11-28#add-a-repository-to-a-required-workflow
+// GitHub API docs: https://docs.github.com/actions/using-workflows/required-workflows
+//
+//meta:operation PUT /orgs/{org}/actions/required_workflows/{workflow_id}/repositories/{repository_id}
 func (s *ActionsService) AddRepoToRequiredWorkflow(ctx context.Context, org string, requiredWorkflowID, repoID int64) (*Response, error) {
 	url := fmt.Sprintf("orgs/%v/actions/required_workflows/%v/repositories/%v", org, requiredWorkflowID, repoID)
 	req, err := s.client.NewRequest("PUT", url, nil)
@@ -212,7 +228,9 @@ func (s *ActionsService) AddRepoToRequiredWorkflow(ctx context.Context, org stri
 
 // RemoveRepoFromRequiredWorkflow removes the Repository from a required workflow.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/required-workflows?apiVersion=2022-11-28#add-a-repository-to-a-required-workflow
+// GitHub API docs: https://docs.github.com/actions/using-workflows/required-workflows
+//
+//meta:operation DELETE /orgs/{org}/actions/required_workflows/{workflow_id}/repositories/{repository_id}
 func (s *ActionsService) RemoveRepoFromRequiredWorkflow(ctx context.Context, org string, requiredWorkflowID, repoID int64) (*Response, error) {
 	url := fmt.Sprintf("orgs/%v/actions/required_workflows/%v/repositories/%v", org, requiredWorkflowID, repoID)
 	req, err := s.client.NewRequest("DELETE", url, nil)
@@ -224,7 +242,9 @@ func (s *ActionsService) RemoveRepoFromRequiredWorkflow(ctx context.Context, org
 
 // ListRepoRequiredWorkflows lists the RequiredWorkflows for a repo.
 //
-// Github API docs:https://docs.github.com/en/rest/actions/required-workflows?apiVersion=2022-11-28#list-repository-required-workflows
+// GitHub API docs: https://docs.github.com/actions/using-workflows/required-workflows
+//
+//meta:operation GET /repos/{owner}/{repo}/actions/required_workflows
 func (s *ActionsService) ListRepoRequiredWorkflows(ctx context.Context, owner, repo string, opts *ListOptions) (*RepoRequiredWorkflows, *Response, error) {
 	url := fmt.Sprintf("repos/%v/%v/actions/required_workflows", owner, repo)
 	u, err := addOptions(url, opts)
diff --git a/vendor/github.com/google/go-github/v56/github/actions_runner_groups.go b/vendor/github.com/google/go-github/v57/github/actions_runner_groups.go
similarity index 77%
rename from vendor/github.com/google/go-github/v56/github/actions_runner_groups.go
rename to vendor/github.com/google/go-github/v57/github/actions_runner_groups.go
index 00b9b6ce091..a1f453f3c67 100644
--- a/vendor/github.com/google/go-github/v56/github/actions_runner_groups.go
+++ b/vendor/github.com/google/go-github/v57/github/actions_runner_groups.go
@@ -80,7 +80,9 @@ type ListOrgRunnerGroupOptions struct {
 
 // ListOrganizationRunnerGroups lists all self-hosted runner groups configured in an organization.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/self-hosted-runner-groups#list-self-hosted-runner-groups-for-an-organization
+// GitHub API docs: https://docs.github.com/enterprise-cloud@latest/rest/actions/self-hosted-runner-groups#list-self-hosted-runner-groups-for-an-organization
+//
+//meta:operation GET /orgs/{org}/actions/runner-groups
 func (s *ActionsService) ListOrganizationRunnerGroups(ctx context.Context, org string, opts *ListOrgRunnerGroupOptions) (*RunnerGroups, *Response, error) {
 	u := fmt.Sprintf("orgs/%v/actions/runner-groups", org)
 	u, err := addOptions(u, opts)
@@ -104,7 +106,9 @@ func (s *ActionsService) ListOrganizationRunnerGroups(ctx context.Context, org s
 
 // GetOrganizationRunnerGroup gets a specific self-hosted runner group for an organization using its RunnerGroup ID.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/self-hosted-runner-groups#get-a-self-hosted-runner-group-for-an-organization
+// GitHub API docs: https://docs.github.com/enterprise-cloud@latest/rest/actions/self-hosted-runner-groups#get-a-self-hosted-runner-group-for-an-organization
+//
+//meta:operation GET /orgs/{org}/actions/runner-groups/{runner_group_id}
 func (s *ActionsService) GetOrganizationRunnerGroup(ctx context.Context, org string, groupID int64) (*RunnerGroup, *Response, error) {
 	u := fmt.Sprintf("orgs/%v/actions/runner-groups/%v", org, groupID)
 	req, err := s.client.NewRequest("GET", u, nil)
@@ -123,7 +127,9 @@ func (s *ActionsService) GetOrganizationRunnerGroup(ctx context.Context, org str
 
 // DeleteOrganizationRunnerGroup deletes a self-hosted runner group from an organization.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/self-hosted-runner-groups#delete-a-self-hosted-runner-group-from-an-organization
+// GitHub API docs: https://docs.github.com/enterprise-cloud@latest/rest/actions/self-hosted-runner-groups#delete-a-self-hosted-runner-group-from-an-organization
+//
+//meta:operation DELETE /orgs/{org}/actions/runner-groups/{runner_group_id}
 func (s *ActionsService) DeleteOrganizationRunnerGroup(ctx context.Context, org string, groupID int64) (*Response, error) {
 	u := fmt.Sprintf("orgs/%v/actions/runner-groups/%v", org, groupID)
 
@@ -137,7 +143,9 @@ func (s *ActionsService) DeleteOrganizationRunnerGroup(ctx context.Context, org
 
 // CreateOrganizationRunnerGroup creates a new self-hosted runner group for an organization.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/self-hosted-runner-groups#create-a-self-hosted-runner-group-for-an-organization
+// GitHub API docs: https://docs.github.com/enterprise-cloud@latest/rest/actions/self-hosted-runner-groups#create-a-self-hosted-runner-group-for-an-organization
+//
+//meta:operation POST /orgs/{org}/actions/runner-groups
 func (s *ActionsService) CreateOrganizationRunnerGroup(ctx context.Context, org string, createReq CreateRunnerGroupRequest) (*RunnerGroup, *Response, error) {
 	u := fmt.Sprintf("orgs/%v/actions/runner-groups", org)
 	req, err := s.client.NewRequest("POST", u, createReq)
@@ -156,7 +164,9 @@ func (s *ActionsService) CreateOrganizationRunnerGroup(ctx context.Context, org
 
 // UpdateOrganizationRunnerGroup updates a self-hosted runner group for an organization.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/self-hosted-runner-groups#update-a-self-hosted-runner-group-for-an-organization
+// GitHub API docs: https://docs.github.com/enterprise-cloud@latest/rest/actions/self-hosted-runner-groups#update-a-self-hosted-runner-group-for-an-organization
+//
+//meta:operation PATCH /orgs/{org}/actions/runner-groups/{runner_group_id}
 func (s *ActionsService) UpdateOrganizationRunnerGroup(ctx context.Context, org string, groupID int64, updateReq UpdateRunnerGroupRequest) (*RunnerGroup, *Response, error) {
 	u := fmt.Sprintf("orgs/%v/actions/runner-groups/%v", org, groupID)
 	req, err := s.client.NewRequest("PATCH", u, updateReq)
@@ -175,7 +185,9 @@ func (s *ActionsService) UpdateOrganizationRunnerGroup(ctx context.Context, org
 
 // ListRepositoryAccessRunnerGroup lists the repositories with access to a self-hosted runner group configured in an organization.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/self-hosted-runner-groups#list-repository-access-to-a-self-hosted-runner-group-in-an-organization
+// GitHub API docs: https://docs.github.com/enterprise-cloud@latest/rest/actions/self-hosted-runner-groups#list-repository-access-to-a-self-hosted-runner-group-in-an-organization
+//
+//meta:operation GET /orgs/{org}/actions/runner-groups/{runner_group_id}/repositories
 func (s *ActionsService) ListRepositoryAccessRunnerGroup(ctx context.Context, org string, groupID int64, opts *ListOptions) (*ListRepositories, *Response, error) {
 	u := fmt.Sprintf("orgs/%v/actions/runner-groups/%v/repositories", org, groupID)
 	u, err := addOptions(u, opts)
@@ -200,7 +212,9 @@ func (s *ActionsService) ListRepositoryAccessRunnerGroup(ctx context.Context, or
 // SetRepositoryAccessRunnerGroup replaces the list of repositories that have access to a self-hosted runner group configured in an organization
 // with a new List of repositories.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/self-hosted-runner-groups#set-repository-access-for-a-self-hosted-runner-group-in-an-organization
+// GitHub API docs: https://docs.github.com/enterprise-cloud@latest/rest/actions/self-hosted-runner-groups#set-repository-access-for-a-self-hosted-runner-group-in-an-organization
+//
+//meta:operation PUT /orgs/{org}/actions/runner-groups/{runner_group_id}/repositories
 func (s *ActionsService) SetRepositoryAccessRunnerGroup(ctx context.Context, org string, groupID int64, ids SetRepoAccessRunnerGroupRequest) (*Response, error) {
 	u := fmt.Sprintf("orgs/%v/actions/runner-groups/%v/repositories", org, groupID)
 
@@ -215,7 +229,9 @@ func (s *ActionsService) SetRepositoryAccessRunnerGroup(ctx context.Context, org
 // AddRepositoryAccessRunnerGroup adds a repository to the list of selected repositories that can access a self-hosted runner group.
 // The runner group must have visibility set to 'selected'.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/self-hosted-runner-groups#add-repository-access-to-a-self-hosted-runner-group-in-an-organization
+// GitHub API docs: https://docs.github.com/enterprise-cloud@latest/rest/actions/self-hosted-runner-groups#add-repository-access-to-a-self-hosted-runner-group-in-an-organization
+//
+//meta:operation PUT /orgs/{org}/actions/runner-groups/{runner_group_id}/repositories/{repository_id}
 func (s *ActionsService) AddRepositoryAccessRunnerGroup(ctx context.Context, org string, groupID, repoID int64) (*Response, error) {
 	u := fmt.Sprintf("orgs/%v/actions/runner-groups/%v/repositories/%v", org, groupID, repoID)
 
@@ -230,7 +246,9 @@ func (s *ActionsService) AddRepositoryAccessRunnerGroup(ctx context.Context, org
 // RemoveRepositoryAccessRunnerGroup removes a repository from the list of selected repositories that can access a self-hosted runner group.
 // The runner group must have visibility set to 'selected'.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/self-hosted-runner-groups#remove-repository-access-to-a-self-hosted-runner-group-in-an-organization
+// GitHub API docs: https://docs.github.com/enterprise-cloud@latest/rest/actions/self-hosted-runner-groups#remove-repository-access-to-a-self-hosted-runner-group-in-an-organization
+//
+//meta:operation DELETE /orgs/{org}/actions/runner-groups/{runner_group_id}/repositories/{repository_id}
 func (s *ActionsService) RemoveRepositoryAccessRunnerGroup(ctx context.Context, org string, groupID, repoID int64) (*Response, error) {
 	u := fmt.Sprintf("orgs/%v/actions/runner-groups/%v/repositories/%v", org, groupID, repoID)
 
@@ -244,7 +262,9 @@ func (s *ActionsService) RemoveRepositoryAccessRunnerGroup(ctx context.Context,
 
 // ListRunnerGroupRunners lists self-hosted runners that are in a specific organization group.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/self-hosted-runner-groups#list-self-hosted-runners-in-a-group-for-an-organization
+// GitHub API docs: https://docs.github.com/enterprise-cloud@latest/rest/actions/self-hosted-runner-groups#list-self-hosted-runners-in-a-group-for-an-organization
+//
+//meta:operation GET /orgs/{org}/actions/runner-groups/{runner_group_id}/runners
 func (s *ActionsService) ListRunnerGroupRunners(ctx context.Context, org string, groupID int64, opts *ListOptions) (*Runners, *Response, error) {
 	u := fmt.Sprintf("orgs/%v/actions/runner-groups/%v/runners", org, groupID)
 	u, err := addOptions(u, opts)
@@ -269,7 +289,9 @@ func (s *ActionsService) ListRunnerGroupRunners(ctx context.Context, org string,
 // SetRunnerGroupRunners replaces the list of self-hosted runners that are part of an organization runner group
 // with a new list of runners.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/self-hosted-runner-groups#set-self-hosted-runners-in-a-group-for-an-organization
+// GitHub API docs: https://docs.github.com/enterprise-cloud@latest/rest/actions/self-hosted-runner-groups#set-self-hosted-runners-in-a-group-for-an-organization
+//
+//meta:operation PUT /orgs/{org}/actions/runner-groups/{runner_group_id}/runners
 func (s *ActionsService) SetRunnerGroupRunners(ctx context.Context, org string, groupID int64, ids SetRunnerGroupRunnersRequest) (*Response, error) {
 	u := fmt.Sprintf("orgs/%v/actions/runner-groups/%v/runners", org, groupID)
 
@@ -283,7 +305,9 @@ func (s *ActionsService) SetRunnerGroupRunners(ctx context.Context, org string,
 
 // AddRunnerGroupRunners adds a self-hosted runner to a runner group configured in an organization.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/self-hosted-runner-groups#add-a-self-hosted-runner-to-a-group-for-an-organization
+// GitHub API docs: https://docs.github.com/enterprise-cloud@latest/rest/actions/self-hosted-runner-groups#add-a-self-hosted-runner-to-a-group-for-an-organization
+//
+//meta:operation PUT /orgs/{org}/actions/runner-groups/{runner_group_id}/runners/{runner_id}
 func (s *ActionsService) AddRunnerGroupRunners(ctx context.Context, org string, groupID, runnerID int64) (*Response, error) {
 	u := fmt.Sprintf("orgs/%v/actions/runner-groups/%v/runners/%v", org, groupID, runnerID)
 
@@ -298,7 +322,9 @@ func (s *ActionsService) AddRunnerGroupRunners(ctx context.Context, org string,
 // RemoveRunnerGroupRunners removes a self-hosted runner from a group configured in an organization.
 // The runner is then returned to the default group.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/self-hosted-runner-groups#remove-a-self-hosted-runner-from-a-group-for-an-organization
+// GitHub API docs: https://docs.github.com/enterprise-cloud@latest/rest/actions/self-hosted-runner-groups#remove-a-self-hosted-runner-from-a-group-for-an-organization
+//
+//meta:operation DELETE /orgs/{org}/actions/runner-groups/{runner_group_id}/runners/{runner_id}
 func (s *ActionsService) RemoveRunnerGroupRunners(ctx context.Context, org string, groupID, runnerID int64) (*Response, error) {
 	u := fmt.Sprintf("orgs/%v/actions/runner-groups/%v/runners/%v", org, groupID, runnerID)
 
diff --git a/vendor/github.com/google/go-github/v56/github/actions_runners.go b/vendor/github.com/google/go-github/v57/github/actions_runners.go
similarity index 79%
rename from vendor/github.com/google/go-github/v56/github/actions_runners.go
rename to vendor/github.com/google/go-github/v57/github/actions_runners.go
index d54d6d41ca2..90cf5804e1e 100644
--- a/vendor/github.com/google/go-github/v56/github/actions_runners.go
+++ b/vendor/github.com/google/go-github/v57/github/actions_runners.go
@@ -22,7 +22,9 @@ type RunnerApplicationDownload struct {
 
 // ListRunnerApplicationDownloads lists self-hosted runner application binaries that can be downloaded and run.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/self-hosted-runners#list-runner-applications-for-a-repository
+// GitHub API docs: https://docs.github.com/rest/actions/self-hosted-runners#list-runner-applications-for-a-repository
+//
+//meta:operation GET /repos/{owner}/{repo}/actions/runners/downloads
 func (s *ActionsService) ListRunnerApplicationDownloads(ctx context.Context, owner, repo string) ([]*RunnerApplicationDownload, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/actions/runners/downloads", owner, repo)
 	req, err := s.client.NewRequest("GET", u, nil)
@@ -58,7 +60,9 @@ type JITRunnerConfig struct {
 
 // GenerateOrgJITConfig generate a just-in-time configuration for an organization.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/self-hosted-runners?apiVersion=2022-11-28#create-configuration-for-a-just-in-time-runner-for-an-organization
+// GitHub API docs: https://docs.github.com/rest/actions/self-hosted-runners#create-configuration-for-a-just-in-time-runner-for-an-organization
+//
+//meta:operation POST /orgs/{org}/actions/runners/generate-jitconfig
 func (s *ActionsService) GenerateOrgJITConfig(ctx context.Context, owner string, request *GenerateJITConfigRequest) (*JITRunnerConfig, *Response, error) {
 	u := fmt.Sprintf("orgs/%v/actions/runners/generate-jitconfig", owner)
 	req, err := s.client.NewRequest("POST", u, request)
@@ -77,7 +81,9 @@ func (s *ActionsService) GenerateOrgJITConfig(ctx context.Context, owner string,
 
 // GenerateRepoJITConfig generates a just-in-time configuration for a repository.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/self-hosted-runners?apiVersion=2022-11-28#create-configuration-for-a-just-in-time-runner-for-a-repository
+// GitHub API docs: https://docs.github.com/rest/actions/self-hosted-runners#create-configuration-for-a-just-in-time-runner-for-a-repository
+//
+//meta:operation POST /repos/{owner}/{repo}/actions/runners/generate-jitconfig
 func (s *ActionsService) GenerateRepoJITConfig(ctx context.Context, owner, repo string, request *GenerateJITConfigRequest) (*JITRunnerConfig, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/actions/runners/generate-jitconfig", owner, repo)
 	req, err := s.client.NewRequest("POST", u, request)
@@ -102,7 +108,9 @@ type RegistrationToken struct {
 
 // CreateRegistrationToken creates a token that can be used to add a self-hosted runner.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/self-hosted-runners#create-a-registration-token-for-a-repository
+// GitHub API docs: https://docs.github.com/rest/actions/self-hosted-runners#create-a-registration-token-for-a-repository
+//
+//meta:operation POST /repos/{owner}/{repo}/actions/runners/registration-token
 func (s *ActionsService) CreateRegistrationToken(ctx context.Context, owner, repo string) (*RegistrationToken, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/actions/runners/registration-token", owner, repo)
 
@@ -145,7 +153,9 @@ type Runners struct {
 
 // ListRunners lists all the self-hosted runners for a repository.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/self-hosted-runners#list-self-hosted-runners-for-a-repository
+// GitHub API docs: https://docs.github.com/rest/actions/self-hosted-runners#list-self-hosted-runners-for-a-repository
+//
+//meta:operation GET /repos/{owner}/{repo}/actions/runners
 func (s *ActionsService) ListRunners(ctx context.Context, owner, repo string, opts *ListOptions) (*Runners, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/actions/runners", owner, repo)
 	u, err := addOptions(u, opts)
@@ -169,7 +179,9 @@ func (s *ActionsService) ListRunners(ctx context.Context, owner, repo string, op
 
 // GetRunner gets a specific self-hosted runner for a repository using its runner ID.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/self-hosted-runners#get-a-self-hosted-runner-for-a-repository
+// GitHub API docs: https://docs.github.com/rest/actions/self-hosted-runners#get-a-self-hosted-runner-for-a-repository
+//
+//meta:operation GET /repos/{owner}/{repo}/actions/runners/{runner_id}
 func (s *ActionsService) GetRunner(ctx context.Context, owner, repo string, runnerID int64) (*Runner, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/actions/runners/%v", owner, repo, runnerID)
 	req, err := s.client.NewRequest("GET", u, nil)
@@ -194,7 +206,9 @@ type RemoveToken struct {
 
 // CreateRemoveToken creates a token that can be used to remove a self-hosted runner from a repository.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/self-hosted-runners#create-a-remove-token-for-a-repository
+// GitHub API docs: https://docs.github.com/rest/actions/self-hosted-runners#create-a-remove-token-for-a-repository
+//
+//meta:operation POST /repos/{owner}/{repo}/actions/runners/remove-token
 func (s *ActionsService) CreateRemoveToken(ctx context.Context, owner, repo string) (*RemoveToken, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/actions/runners/remove-token", owner, repo)
 
@@ -214,7 +228,9 @@ func (s *ActionsService) CreateRemoveToken(ctx context.Context, owner, repo stri
 
 // RemoveRunner forces the removal of a self-hosted runner in a repository using the runner id.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/self-hosted-runners#delete-a-self-hosted-runner-from-a-repository
+// GitHub API docs: https://docs.github.com/rest/actions/self-hosted-runners#delete-a-self-hosted-runner-from-a-repository
+//
+//meta:operation DELETE /repos/{owner}/{repo}/actions/runners/{runner_id}
 func (s *ActionsService) RemoveRunner(ctx context.Context, owner, repo string, runnerID int64) (*Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/actions/runners/%v", owner, repo, runnerID)
 
@@ -228,7 +244,9 @@ func (s *ActionsService) RemoveRunner(ctx context.Context, owner, repo string, r
 
 // ListOrganizationRunnerApplicationDownloads lists self-hosted runner application binaries that can be downloaded and run.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/self-hosted-runners#list-runner-applications-for-an-organization
+// GitHub API docs: https://docs.github.com/rest/actions/self-hosted-runners#list-runner-applications-for-an-organization
+//
+//meta:operation GET /orgs/{org}/actions/runners/downloads
 func (s *ActionsService) ListOrganizationRunnerApplicationDownloads(ctx context.Context, owner string) ([]*RunnerApplicationDownload, *Response, error) {
 	u := fmt.Sprintf("orgs/%v/actions/runners/downloads", owner)
 	req, err := s.client.NewRequest("GET", u, nil)
@@ -247,7 +265,9 @@ func (s *ActionsService) ListOrganizationRunnerApplicationDownloads(ctx context.
 
 // CreateOrganizationRegistrationToken creates a token that can be used to add a self-hosted runner to an organization.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/self-hosted-runners#create-a-registration-token-for-an-organization
+// GitHub API docs: https://docs.github.com/rest/actions/self-hosted-runners#create-a-registration-token-for-an-organization
+//
+//meta:operation POST /orgs/{org}/actions/runners/registration-token
 func (s *ActionsService) CreateOrganizationRegistrationToken(ctx context.Context, owner string) (*RegistrationToken, *Response, error) {
 	u := fmt.Sprintf("orgs/%v/actions/runners/registration-token", owner)
 
@@ -267,7 +287,9 @@ func (s *ActionsService) CreateOrganizationRegistrationToken(ctx context.Context
 
 // ListOrganizationRunners lists all the self-hosted runners for an organization.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/self-hosted-runners#list-self-hosted-runners-for-an-organization
+// GitHub API docs: https://docs.github.com/rest/actions/self-hosted-runners#list-self-hosted-runners-for-an-organization
+//
+//meta:operation GET /orgs/{org}/actions/runners
 func (s *ActionsService) ListOrganizationRunners(ctx context.Context, owner string, opts *ListOptions) (*Runners, *Response, error) {
 	u := fmt.Sprintf("orgs/%v/actions/runners", owner)
 	u, err := addOptions(u, opts)
@@ -291,7 +313,9 @@ func (s *ActionsService) ListOrganizationRunners(ctx context.Context, owner stri
 
 // GetOrganizationRunner gets a specific self-hosted runner for an organization using its runner ID.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/self-hosted-runners#get-a-self-hosted-runner-for-an-organization
+// GitHub API docs: https://docs.github.com/rest/actions/self-hosted-runners#get-a-self-hosted-runner-for-an-organization
+//
+//meta:operation GET /orgs/{org}/actions/runners/{runner_id}
 func (s *ActionsService) GetOrganizationRunner(ctx context.Context, owner string, runnerID int64) (*Runner, *Response, error) {
 	u := fmt.Sprintf("orgs/%v/actions/runners/%v", owner, runnerID)
 	req, err := s.client.NewRequest("GET", u, nil)
@@ -310,7 +334,9 @@ func (s *ActionsService) GetOrganizationRunner(ctx context.Context, owner string
 
 // CreateOrganizationRemoveToken creates a token that can be used to remove a self-hosted runner from an organization.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/self-hosted-runners#create-a-remove-token-for-an-organization
+// GitHub API docs: https://docs.github.com/rest/actions/self-hosted-runners#create-a-remove-token-for-an-organization
+//
+//meta:operation POST /orgs/{org}/actions/runners/remove-token
 func (s *ActionsService) CreateOrganizationRemoveToken(ctx context.Context, owner string) (*RemoveToken, *Response, error) {
 	u := fmt.Sprintf("orgs/%v/actions/runners/remove-token", owner)
 
@@ -330,7 +356,9 @@ func (s *ActionsService) CreateOrganizationRemoveToken(ctx context.Context, owne
 
 // RemoveOrganizationRunner forces the removal of a self-hosted runner from an organization using the runner id.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/self-hosted-runners#delete-a-self-hosted-runner-from-an-organization
+// GitHub API docs: https://docs.github.com/rest/actions/self-hosted-runners#delete-a-self-hosted-runner-from-an-organization
+//
+//meta:operation DELETE /orgs/{org}/actions/runners/{runner_id}
 func (s *ActionsService) RemoveOrganizationRunner(ctx context.Context, owner string, runnerID int64) (*Response, error) {
 	u := fmt.Sprintf("orgs/%v/actions/runners/%v", owner, runnerID)
 
diff --git a/vendor/github.com/google/go-github/v56/github/actions_secrets.go b/vendor/github.com/google/go-github/v57/github/actions_secrets.go
similarity index 77%
rename from vendor/github.com/google/go-github/v56/github/actions_secrets.go
rename to vendor/github.com/google/go-github/v57/github/actions_secrets.go
index 49985e12afa..2d4ba98db30 100644
--- a/vendor/github.com/google/go-github/v56/github/actions_secrets.go
+++ b/vendor/github.com/google/go-github/v57/github/actions_secrets.go
@@ -64,7 +64,9 @@ func (s *ActionsService) getPublicKey(ctx context.Context, url string) (*PublicK
 
 // GetRepoPublicKey gets a public key that should be used for secret encryption.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/secrets#get-a-repository-public-key
+// GitHub API docs: https://docs.github.com/rest/actions/secrets#get-a-repository-public-key
+//
+//meta:operation GET /repos/{owner}/{repo}/actions/secrets/public-key
 func (s *ActionsService) GetRepoPublicKey(ctx context.Context, owner, repo string) (*PublicKey, *Response, error) {
 	url := fmt.Sprintf("repos/%v/%v/actions/secrets/public-key", owner, repo)
 	return s.getPublicKey(ctx, url)
@@ -72,7 +74,9 @@ func (s *ActionsService) GetRepoPublicKey(ctx context.Context, owner, repo strin
 
 // GetOrgPublicKey gets a public key that should be used for secret encryption.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/secrets#get-an-organization-public-key
+// GitHub API docs: https://docs.github.com/rest/actions/secrets#get-an-organization-public-key
+//
+//meta:operation GET /orgs/{org}/actions/secrets/public-key
 func (s *ActionsService) GetOrgPublicKey(ctx context.Context, org string) (*PublicKey, *Response, error) {
 	url := fmt.Sprintf("orgs/%v/actions/secrets/public-key", org)
 	return s.getPublicKey(ctx, url)
@@ -80,7 +84,9 @@ func (s *ActionsService) GetOrgPublicKey(ctx context.Context, org string) (*Publ
 
 // GetEnvPublicKey gets a public key that should be used for secret encryption.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/secrets#get-an-environment-public-key
+// GitHub API docs: https://docs.github.com/rest/actions/secrets#get-an-environment-public-key
+//
+//meta:operation GET /repositories/{repository_id}/environments/{environment_name}/secrets/public-key
 func (s *ActionsService) GetEnvPublicKey(ctx context.Context, repoID int, env string) (*PublicKey, *Response, error) {
 	url := fmt.Sprintf("repositories/%v/environments/%v/secrets/public-key", repoID, env)
 	return s.getPublicKey(ctx, url)
@@ -124,7 +130,9 @@ func (s *ActionsService) listSecrets(ctx context.Context, url string, opts *List
 // ListRepoSecrets lists all secrets available in a repository
 // without revealing their encrypted values.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/secrets#list-repository-secrets
+// GitHub API docs: https://docs.github.com/rest/actions/secrets#list-repository-secrets
+//
+//meta:operation GET /repos/{owner}/{repo}/actions/secrets
 func (s *ActionsService) ListRepoSecrets(ctx context.Context, owner, repo string, opts *ListOptions) (*Secrets, *Response, error) {
 	url := fmt.Sprintf("repos/%v/%v/actions/secrets", owner, repo)
 	return s.listSecrets(ctx, url, opts)
@@ -133,7 +141,9 @@ func (s *ActionsService) ListRepoSecrets(ctx context.Context, owner, repo string
 // ListOrgSecrets lists all secrets available in an organization
 // without revealing their encrypted values.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/secrets#list-organization-secrets
+// GitHub API docs: https://docs.github.com/rest/actions/secrets#list-organization-secrets
+//
+//meta:operation GET /orgs/{org}/actions/secrets
 func (s *ActionsService) ListOrgSecrets(ctx context.Context, org string, opts *ListOptions) (*Secrets, *Response, error) {
 	url := fmt.Sprintf("orgs/%v/actions/secrets", org)
 	return s.listSecrets(ctx, url, opts)
@@ -141,7 +151,9 @@ func (s *ActionsService) ListOrgSecrets(ctx context.Context, org string, opts *L
 
 // ListEnvSecrets lists all secrets available in an environment.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/secrets#list-environment-secrets
+// GitHub API docs: https://docs.github.com/rest/actions/secrets#list-environment-secrets
+//
+//meta:operation GET /repositories/{repository_id}/environments/{environment_name}/secrets
 func (s *ActionsService) ListEnvSecrets(ctx context.Context, repoID int, env string, opts *ListOptions) (*Secrets, *Response, error) {
 	url := fmt.Sprintf("repositories/%v/environments/%v/secrets", repoID, env)
 	return s.listSecrets(ctx, url, opts)
@@ -164,7 +176,9 @@ func (s *ActionsService) getSecret(ctx context.Context, url string) (*Secret, *R
 
 // GetRepoSecret gets a single repository secret without revealing its encrypted value.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/secrets#get-a-repository-secret
+// GitHub API docs: https://docs.github.com/rest/actions/secrets#get-a-repository-secret
+//
+//meta:operation GET /repos/{owner}/{repo}/actions/secrets/{secret_name}
 func (s *ActionsService) GetRepoSecret(ctx context.Context, owner, repo, name string) (*Secret, *Response, error) {
 	url := fmt.Sprintf("repos/%v/%v/actions/secrets/%v", owner, repo, name)
 	return s.getSecret(ctx, url)
@@ -172,7 +186,9 @@ func (s *ActionsService) GetRepoSecret(ctx context.Context, owner, repo, name st
 
 // GetOrgSecret gets a single organization secret without revealing its encrypted value.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/secrets#get-an-organization-secret
+// GitHub API docs: https://docs.github.com/rest/actions/secrets#get-an-organization-secret
+//
+//meta:operation GET /orgs/{org}/actions/secrets/{secret_name}
 func (s *ActionsService) GetOrgSecret(ctx context.Context, org, name string) (*Secret, *Response, error) {
 	url := fmt.Sprintf("orgs/%v/actions/secrets/%v", org, name)
 	return s.getSecret(ctx, url)
@@ -180,7 +196,9 @@ func (s *ActionsService) GetOrgSecret(ctx context.Context, org, name string) (*S
 
 // GetEnvSecret gets a single environment secret without revealing its encrypted value.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/secrets#get-an-environment-secret
+// GitHub API docs: https://docs.github.com/rest/actions/secrets#get-an-environment-secret
+//
+//meta:operation GET /repositories/{repository_id}/environments/{environment_name}/secrets/{secret_name}
 func (s *ActionsService) GetEnvSecret(ctx context.Context, repoID int, env, secretName string) (*Secret, *Response, error) {
 	url := fmt.Sprintf("repositories/%v/environments/%v/secrets/%v", repoID, env, secretName)
 	return s.getSecret(ctx, url)
@@ -213,7 +231,9 @@ func (s *ActionsService) putSecret(ctx context.Context, url string, eSecret *Enc
 
 // CreateOrUpdateRepoSecret creates or updates a repository secret with an encrypted value.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/secrets#create-or-update-a-repository-secret
+// GitHub API docs: https://docs.github.com/rest/actions/secrets#create-or-update-a-repository-secret
+//
+//meta:operation PUT /repos/{owner}/{repo}/actions/secrets/{secret_name}
 func (s *ActionsService) CreateOrUpdateRepoSecret(ctx context.Context, owner, repo string, eSecret *EncryptedSecret) (*Response, error) {
 	url := fmt.Sprintf("repos/%v/%v/actions/secrets/%v", owner, repo, eSecret.Name)
 	return s.putSecret(ctx, url, eSecret)
@@ -221,7 +241,9 @@ func (s *ActionsService) CreateOrUpdateRepoSecret(ctx context.Context, owner, re
 
 // CreateOrUpdateOrgSecret creates or updates an organization secret with an encrypted value.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/secrets#create-or-update-an-organization-secret
+// GitHub API docs: https://docs.github.com/rest/actions/secrets#create-or-update-an-organization-secret
+//
+//meta:operation PUT /orgs/{org}/actions/secrets/{secret_name}
 func (s *ActionsService) CreateOrUpdateOrgSecret(ctx context.Context, org string, eSecret *EncryptedSecret) (*Response, error) {
 	url := fmt.Sprintf("orgs/%v/actions/secrets/%v", org, eSecret.Name)
 	return s.putSecret(ctx, url, eSecret)
@@ -229,7 +251,9 @@ func (s *ActionsService) CreateOrUpdateOrgSecret(ctx context.Context, org string
 
 // CreateOrUpdateEnvSecret creates or updates a single environment secret with an encrypted value.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/secrets#create-or-update-an-environment-secret
+// GitHub API docs: https://docs.github.com/rest/actions/secrets#create-or-update-an-environment-secret
+//
+//meta:operation PUT /repositories/{repository_id}/environments/{environment_name}/secrets/{secret_name}
 func (s *ActionsService) CreateOrUpdateEnvSecret(ctx context.Context, repoID int, env string, eSecret *EncryptedSecret) (*Response, error) {
 	url := fmt.Sprintf("repositories/%v/environments/%v/secrets/%v", repoID, env, eSecret.Name)
 	return s.putSecret(ctx, url, eSecret)
@@ -246,7 +270,9 @@ func (s *ActionsService) deleteSecret(ctx context.Context, url string) (*Respons
 
 // DeleteRepoSecret deletes a secret in a repository using the secret name.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/secrets#delete-a-repository-secret
+// GitHub API docs: https://docs.github.com/rest/actions/secrets#delete-a-repository-secret
+//
+//meta:operation DELETE /repos/{owner}/{repo}/actions/secrets/{secret_name}
 func (s *ActionsService) DeleteRepoSecret(ctx context.Context, owner, repo, name string) (*Response, error) {
 	url := fmt.Sprintf("repos/%v/%v/actions/secrets/%v", owner, repo, name)
 	return s.deleteSecret(ctx, url)
@@ -254,7 +280,9 @@ func (s *ActionsService) DeleteRepoSecret(ctx context.Context, owner, repo, name
 
 // DeleteOrgSecret deletes a secret in an organization using the secret name.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/secrets#delete-an-organization-secret
+// GitHub API docs: https://docs.github.com/rest/actions/secrets#delete-an-organization-secret
+//
+//meta:operation DELETE /orgs/{org}/actions/secrets/{secret_name}
 func (s *ActionsService) DeleteOrgSecret(ctx context.Context, org, name string) (*Response, error) {
 	url := fmt.Sprintf("orgs/%v/actions/secrets/%v", org, name)
 	return s.deleteSecret(ctx, url)
@@ -262,7 +290,9 @@ func (s *ActionsService) DeleteOrgSecret(ctx context.Context, org, name string)
 
 // DeleteEnvSecret deletes a secret in an environment using the secret name.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/secrets#delete-an-environment-secret
+// GitHub API docs: https://docs.github.com/rest/actions/secrets#delete-an-environment-secret
+//
+//meta:operation DELETE /repositories/{repository_id}/environments/{environment_name}/secrets/{secret_name}
 func (s *ActionsService) DeleteEnvSecret(ctx context.Context, repoID int, env, secretName string) (*Response, error) {
 	url := fmt.Sprintf("repositories/%v/environments/%v/secrets/%v", repoID, env, secretName)
 	return s.deleteSecret(ctx, url)
@@ -296,7 +326,9 @@ func (s *ActionsService) listSelectedReposForSecret(ctx context.Context, url str
 
 // ListSelectedReposForOrgSecret lists all repositories that have access to a secret.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/secrets#list-selected-repositories-for-an-organization-secret
+// GitHub API docs: https://docs.github.com/rest/actions/secrets#list-selected-repositories-for-an-organization-secret
+//
+//meta:operation GET /orgs/{org}/actions/secrets/{secret_name}/repositories
 func (s *ActionsService) ListSelectedReposForOrgSecret(ctx context.Context, org, name string, opts *ListOptions) (*SelectedReposList, *Response, error) {
 	url := fmt.Sprintf("orgs/%v/actions/secrets/%v/repositories", org, name)
 	return s.listSelectedReposForSecret(ctx, url, opts)
@@ -317,7 +349,9 @@ func (s *ActionsService) setSelectedReposForSecret(ctx context.Context, url stri
 
 // SetSelectedReposForOrgSecret sets the repositories that have access to a secret.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/secrets#set-selected-repositories-for-an-organization-secret
+// GitHub API docs: https://docs.github.com/rest/actions/secrets#set-selected-repositories-for-an-organization-secret
+//
+//meta:operation PUT /orgs/{org}/actions/secrets/{secret_name}/repositories
 func (s *ActionsService) SetSelectedReposForOrgSecret(ctx context.Context, org, name string, ids SelectedRepoIDs) (*Response, error) {
 	url := fmt.Sprintf("orgs/%v/actions/secrets/%v/repositories", org, name)
 	return s.setSelectedReposForSecret(ctx, url, ids)
@@ -334,7 +368,9 @@ func (s *ActionsService) addSelectedRepoToSecret(ctx context.Context, url string
 
 // AddSelectedRepoToOrgSecret adds a repository to an organization secret.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/secrets#add-selected-repository-to-an-organization-secret
+// GitHub API docs: https://docs.github.com/rest/actions/secrets#add-selected-repository-to-an-organization-secret
+//
+//meta:operation PUT /orgs/{org}/actions/secrets/{secret_name}/repositories/{repository_id}
 func (s *ActionsService) AddSelectedRepoToOrgSecret(ctx context.Context, org, name string, repo *Repository) (*Response, error) {
 	url := fmt.Sprintf("orgs/%v/actions/secrets/%v/repositories/%v", org, name, *repo.ID)
 	return s.addSelectedRepoToSecret(ctx, url)
@@ -351,7 +387,9 @@ func (s *ActionsService) removeSelectedRepoFromSecret(ctx context.Context, url s
 
 // RemoveSelectedRepoFromOrgSecret removes a repository from an organization secret.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/secrets#remove-selected-repository-from-an-organization-secret
+// GitHub API docs: https://docs.github.com/rest/actions/secrets#remove-selected-repository-from-an-organization-secret
+//
+//meta:operation DELETE /orgs/{org}/actions/secrets/{secret_name}/repositories/{repository_id}
 func (s *ActionsService) RemoveSelectedRepoFromOrgSecret(ctx context.Context, org, name string, repo *Repository) (*Response, error) {
 	url := fmt.Sprintf("orgs/%v/actions/secrets/%v/repositories/%v", org, name, *repo.ID)
 	return s.removeSelectedRepoFromSecret(ctx, url)
diff --git a/vendor/github.com/google/go-github/v56/github/actions_variables.go b/vendor/github.com/google/go-github/v57/github/actions_variables.go
similarity index 74%
rename from vendor/github.com/google/go-github/v56/github/actions_variables.go
rename to vendor/github.com/google/go-github/v57/github/actions_variables.go
index 29445edd042..244d159079e 100644
--- a/vendor/github.com/google/go-github/v56/github/actions_variables.go
+++ b/vendor/github.com/google/go-github/v57/github/actions_variables.go
@@ -51,7 +51,9 @@ func (s *ActionsService) listVariables(ctx context.Context, url string, opts *Li
 
 // ListRepoVariables lists all variables available in a repository.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/variables#list-repository-variables
+// GitHub API docs: https://docs.github.com/rest/actions/variables#list-repository-variables
+//
+//meta:operation GET /repos/{owner}/{repo}/actions/variables
 func (s *ActionsService) ListRepoVariables(ctx context.Context, owner, repo string, opts *ListOptions) (*ActionsVariables, *Response, error) {
 	url := fmt.Sprintf("repos/%v/%v/actions/variables", owner, repo)
 	return s.listVariables(ctx, url, opts)
@@ -59,7 +61,9 @@ func (s *ActionsService) ListRepoVariables(ctx context.Context, owner, repo stri
 
 // ListOrgVariables lists all variables available in an organization.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/variables#list-organization-variables
+// GitHub API docs: https://docs.github.com/rest/actions/variables#list-organization-variables
+//
+//meta:operation GET /orgs/{org}/actions/variables
 func (s *ActionsService) ListOrgVariables(ctx context.Context, org string, opts *ListOptions) (*ActionsVariables, *Response, error) {
 	url := fmt.Sprintf("orgs/%v/actions/variables", org)
 	return s.listVariables(ctx, url, opts)
@@ -67,7 +71,9 @@ func (s *ActionsService) ListOrgVariables(ctx context.Context, org string, opts
 
 // ListEnvVariables lists all variables available in an environment.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/variables#list-environment-variables
+// GitHub API docs: https://docs.github.com/rest/actions/variables#list-environment-variables
+//
+//meta:operation GET /repositories/{repository_id}/environments/{environment_name}/variables
 func (s *ActionsService) ListEnvVariables(ctx context.Context, repoID int, env string, opts *ListOptions) (*ActionsVariables, *Response, error) {
 	url := fmt.Sprintf("repositories/%v/environments/%v/variables", repoID, env)
 	return s.listVariables(ctx, url, opts)
@@ -90,7 +96,9 @@ func (s *ActionsService) getVariable(ctx context.Context, url string) (*ActionsV
 
 // GetRepoVariable gets a single repository variable.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/variables#get-a-repository-variable
+// GitHub API docs: https://docs.github.com/rest/actions/variables#get-a-repository-variable
+//
+//meta:operation GET /repos/{owner}/{repo}/actions/variables/{name}
 func (s *ActionsService) GetRepoVariable(ctx context.Context, owner, repo, name string) (*ActionsVariable, *Response, error) {
 	url := fmt.Sprintf("repos/%v/%v/actions/variables/%v", owner, repo, name)
 	return s.getVariable(ctx, url)
@@ -98,7 +106,9 @@ func (s *ActionsService) GetRepoVariable(ctx context.Context, owner, repo, name
 
 // GetOrgVariable gets a single organization variable.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/variables#get-an-organization-variable
+// GitHub API docs: https://docs.github.com/rest/actions/variables#get-an-organization-variable
+//
+//meta:operation GET /orgs/{org}/actions/variables/{name}
 func (s *ActionsService) GetOrgVariable(ctx context.Context, org, name string) (*ActionsVariable, *Response, error) {
 	url := fmt.Sprintf("orgs/%v/actions/variables/%v", org, name)
 	return s.getVariable(ctx, url)
@@ -106,7 +116,9 @@ func (s *ActionsService) GetOrgVariable(ctx context.Context, org, name string) (
 
 // GetEnvVariable gets a single environment variable.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/variables#get-an-environment-variable
+// GitHub API docs: https://docs.github.com/rest/actions/variables#get-an-environment-variable
+//
+//meta:operation GET /repositories/{repository_id}/environments/{environment_name}/variables/{name}
 func (s *ActionsService) GetEnvVariable(ctx context.Context, repoID int, env, variableName string) (*ActionsVariable, *Response, error) {
 	url := fmt.Sprintf("repositories/%v/environments/%v/variables/%v", repoID, env, variableName)
 	return s.getVariable(ctx, url)
@@ -122,7 +134,9 @@ func (s *ActionsService) postVariable(ctx context.Context, url string, variable
 
 // CreateRepoVariable creates a repository variable.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/variables#create-a-repository-variable
+// GitHub API docs: https://docs.github.com/rest/actions/variables#create-a-repository-variable
+//
+//meta:operation POST /repos/{owner}/{repo}/actions/variables
 func (s *ActionsService) CreateRepoVariable(ctx context.Context, owner, repo string, variable *ActionsVariable) (*Response, error) {
 	url := fmt.Sprintf("repos/%v/%v/actions/variables", owner, repo)
 	return s.postVariable(ctx, url, variable)
@@ -130,7 +144,9 @@ func (s *ActionsService) CreateRepoVariable(ctx context.Context, owner, repo str
 
 // CreateOrgVariable creates an organization variable.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/variables#create-an-organization-variable
+// GitHub API docs: https://docs.github.com/rest/actions/variables#create-an-organization-variable
+//
+//meta:operation POST /orgs/{org}/actions/variables
 func (s *ActionsService) CreateOrgVariable(ctx context.Context, org string, variable *ActionsVariable) (*Response, error) {
 	url := fmt.Sprintf("orgs/%v/actions/variables", org)
 	return s.postVariable(ctx, url, variable)
@@ -138,7 +154,9 @@ func (s *ActionsService) CreateOrgVariable(ctx context.Context, org string, vari
 
 // CreateEnvVariable creates an environment variable.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/variables#create-an-environment-variable
+// GitHub API docs: https://docs.github.com/rest/actions/variables#create-an-environment-variable
+//
+//meta:operation POST /repositories/{repository_id}/environments/{environment_name}/variables
 func (s *ActionsService) CreateEnvVariable(ctx context.Context, repoID int, env string, variable *ActionsVariable) (*Response, error) {
 	url := fmt.Sprintf("repositories/%v/environments/%v/variables", repoID, env)
 	return s.postVariable(ctx, url, variable)
@@ -154,7 +172,9 @@ func (s *ActionsService) patchVariable(ctx context.Context, url string, variable
 
 // UpdateRepoVariable updates a repository variable.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/variables#update-a-repository-variable
+// GitHub API docs: https://docs.github.com/rest/actions/variables#update-a-repository-variable
+//
+//meta:operation PATCH /repos/{owner}/{repo}/actions/variables/{name}
 func (s *ActionsService) UpdateRepoVariable(ctx context.Context, owner, repo string, variable *ActionsVariable) (*Response, error) {
 	url := fmt.Sprintf("repos/%v/%v/actions/variables/%v", owner, repo, variable.Name)
 	return s.patchVariable(ctx, url, variable)
@@ -162,7 +182,9 @@ func (s *ActionsService) UpdateRepoVariable(ctx context.Context, owner, repo str
 
 // UpdateOrgVariable updates an organization variable.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/variables#update-an-organization-variable
+// GitHub API docs: https://docs.github.com/rest/actions/variables#update-an-organization-variable
+//
+//meta:operation PATCH /orgs/{org}/actions/variables/{name}
 func (s *ActionsService) UpdateOrgVariable(ctx context.Context, org string, variable *ActionsVariable) (*Response, error) {
 	url := fmt.Sprintf("orgs/%v/actions/variables/%v", org, variable.Name)
 	return s.patchVariable(ctx, url, variable)
@@ -170,7 +192,9 @@ func (s *ActionsService) UpdateOrgVariable(ctx context.Context, org string, vari
 
 // UpdateEnvVariable updates an environment variable.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/variables#create-an-environment-variable
+// GitHub API docs: https://docs.github.com/rest/actions/variables#update-an-environment-variable
+//
+//meta:operation PATCH /repositories/{repository_id}/environments/{environment_name}/variables/{name}
 func (s *ActionsService) UpdateEnvVariable(ctx context.Context, repoID int, env string, variable *ActionsVariable) (*Response, error) {
 	url := fmt.Sprintf("repositories/%v/environments/%v/variables/%v", repoID, env, variable.Name)
 	return s.patchVariable(ctx, url, variable)
@@ -187,7 +211,9 @@ func (s *ActionsService) deleteVariable(ctx context.Context, url string) (*Respo
 
 // DeleteRepoVariable deletes a variable in a repository.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/variables#delete-a-repository-variable
+// GitHub API docs: https://docs.github.com/rest/actions/variables#delete-a-repository-variable
+//
+//meta:operation DELETE /repos/{owner}/{repo}/actions/variables/{name}
 func (s *ActionsService) DeleteRepoVariable(ctx context.Context, owner, repo, name string) (*Response, error) {
 	url := fmt.Sprintf("repos/%v/%v/actions/variables/%v", owner, repo, name)
 	return s.deleteVariable(ctx, url)
@@ -195,7 +221,9 @@ func (s *ActionsService) DeleteRepoVariable(ctx context.Context, owner, repo, na
 
 // DeleteOrgVariable deletes a variable in an organization.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/variables#delete-an-organization-variable
+// GitHub API docs: https://docs.github.com/rest/actions/variables#delete-an-organization-variable
+//
+//meta:operation DELETE /orgs/{org}/actions/variables/{name}
 func (s *ActionsService) DeleteOrgVariable(ctx context.Context, org, name string) (*Response, error) {
 	url := fmt.Sprintf("orgs/%v/actions/variables/%v", org, name)
 	return s.deleteVariable(ctx, url)
@@ -203,7 +231,9 @@ func (s *ActionsService) DeleteOrgVariable(ctx context.Context, org, name string
 
 // DeleteEnvVariable deletes a variable in an environment.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/variables#delete-an-environment-variable
+// GitHub API docs: https://docs.github.com/rest/actions/variables#delete-an-environment-variable
+//
+//meta:operation DELETE /repositories/{repository_id}/environments/{environment_name}/variables/{name}
 func (s *ActionsService) DeleteEnvVariable(ctx context.Context, repoID int, env, variableName string) (*Response, error) {
 	url := fmt.Sprintf("repositories/%v/environments/%v/variables/%v", repoID, env, variableName)
 	return s.deleteVariable(ctx, url)
@@ -231,7 +261,9 @@ func (s *ActionsService) listSelectedReposForVariable(ctx context.Context, url s
 
 // ListSelectedReposForOrgVariable lists all repositories that have access to a variable.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/variables#list-selected-repositories-for-an-organization-variable
+// GitHub API docs: https://docs.github.com/rest/actions/variables#list-selected-repositories-for-an-organization-variable
+//
+//meta:operation GET /orgs/{org}/actions/variables/{name}/repositories
 func (s *ActionsService) ListSelectedReposForOrgVariable(ctx context.Context, org, name string, opts *ListOptions) (*SelectedReposList, *Response, error) {
 	url := fmt.Sprintf("orgs/%v/actions/variables/%v/repositories", org, name)
 	return s.listSelectedReposForVariable(ctx, url, opts)
@@ -252,7 +284,9 @@ func (s *ActionsService) setSelectedReposForVariable(ctx context.Context, url st
 
 // SetSelectedReposForOrgVariable sets the repositories that have access to a variable.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/variables#set-selected-repositories-for-an-organization-variable
+// GitHub API docs: https://docs.github.com/rest/actions/variables#set-selected-repositories-for-an-organization-variable
+//
+//meta:operation PUT /orgs/{org}/actions/variables/{name}/repositories
 func (s *ActionsService) SetSelectedReposForOrgVariable(ctx context.Context, org, name string, ids SelectedRepoIDs) (*Response, error) {
 	url := fmt.Sprintf("orgs/%v/actions/variables/%v/repositories", org, name)
 	return s.setSelectedReposForVariable(ctx, url, ids)
@@ -269,7 +303,9 @@ func (s *ActionsService) addSelectedRepoToVariable(ctx context.Context, url stri
 
 // AddSelectedRepoToOrgVariable adds a repository to an organization variable.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/variables#add-selected-repository-to-an-organization-variable
+// GitHub API docs: https://docs.github.com/rest/actions/variables#add-selected-repository-to-an-organization-variable
+//
+//meta:operation PUT /orgs/{org}/actions/variables/{name}/repositories/{repository_id}
 func (s *ActionsService) AddSelectedRepoToOrgVariable(ctx context.Context, org, name string, repo *Repository) (*Response, error) {
 	url := fmt.Sprintf("orgs/%v/actions/variables/%v/repositories/%v", org, name, *repo.ID)
 	return s.addSelectedRepoToVariable(ctx, url)
@@ -286,7 +322,9 @@ func (s *ActionsService) removeSelectedRepoFromVariable(ctx context.Context, url
 
 // RemoveSelectedRepoFromOrgVariable removes a repository from an organization variable.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/variables#remove-selected-repository-from-an-organization-variable
+// GitHub API docs: https://docs.github.com/rest/actions/variables#remove-selected-repository-from-an-organization-variable
+//
+//meta:operation DELETE /orgs/{org}/actions/variables/{name}/repositories/{repository_id}
 func (s *ActionsService) RemoveSelectedRepoFromOrgVariable(ctx context.Context, org, name string, repo *Repository) (*Response, error) {
 	url := fmt.Sprintf("orgs/%v/actions/variables/%v/repositories/%v", org, name, *repo.ID)
 	return s.removeSelectedRepoFromVariable(ctx, url)
diff --git a/vendor/github.com/google/go-github/v56/github/actions_workflow_jobs.go b/vendor/github.com/google/go-github/v57/github/actions_workflow_jobs.go
similarity index 89%
rename from vendor/github.com/google/go-github/v56/github/actions_workflow_jobs.go
rename to vendor/github.com/google/go-github/v57/github/actions_workflow_jobs.go
index 87d117ba9a9..0e0eb6e1146 100644
--- a/vendor/github.com/google/go-github/v56/github/actions_workflow_jobs.go
+++ b/vendor/github.com/google/go-github/v57/github/actions_workflow_jobs.go
@@ -70,7 +70,9 @@ type ListWorkflowJobsOptions struct {
 
 // ListWorkflowJobs lists all jobs for a workflow run.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/workflow-jobs#list-jobs-for-a-workflow-run
+// GitHub API docs: https://docs.github.com/rest/actions/workflow-jobs#list-jobs-for-a-workflow-run
+//
+//meta:operation GET /repos/{owner}/{repo}/actions/runs/{run_id}/jobs
 func (s *ActionsService) ListWorkflowJobs(ctx context.Context, owner, repo string, runID int64, opts *ListWorkflowJobsOptions) (*Jobs, *Response, error) {
 	u := fmt.Sprintf("repos/%s/%s/actions/runs/%v/jobs", owner, repo, runID)
 	u, err := addOptions(u, opts)
@@ -94,7 +96,9 @@ func (s *ActionsService) ListWorkflowJobs(ctx context.Context, owner, repo strin
 
 // GetWorkflowJobByID gets a specific job in a workflow run by ID.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/workflow-jobs#get-a-job-for-a-workflow-run
+// GitHub API docs: https://docs.github.com/rest/actions/workflow-jobs#get-a-job-for-a-workflow-run
+//
+//meta:operation GET /repos/{owner}/{repo}/actions/jobs/{job_id}
 func (s *ActionsService) GetWorkflowJobByID(ctx context.Context, owner, repo string, jobID int64) (*WorkflowJob, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/actions/jobs/%v", owner, repo, jobID)
 
@@ -114,7 +118,9 @@ func (s *ActionsService) GetWorkflowJobByID(ctx context.Context, owner, repo str
 
 // GetWorkflowJobLogs gets a redirect URL to download a plain text file of logs for a workflow job.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/workflow-jobs#download-job-logs-for-a-workflow-run
+// GitHub API docs: https://docs.github.com/rest/actions/workflow-jobs#download-job-logs-for-a-workflow-run
+//
+//meta:operation GET /repos/{owner}/{repo}/actions/jobs/{job_id}/logs
 func (s *ActionsService) GetWorkflowJobLogs(ctx context.Context, owner, repo string, jobID int64, maxRedirects int) (*url.URL, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/actions/jobs/%v/logs", owner, repo, jobID)
 
diff --git a/vendor/github.com/google/go-github/v56/github/actions_workflow_runs.go b/vendor/github.com/google/go-github/v57/github/actions_workflow_runs.go
similarity index 66%
rename from vendor/github.com/google/go-github/v56/github/actions_workflow_runs.go
rename to vendor/github.com/google/go-github/v57/github/actions_workflow_runs.go
index 390c26af9c3..bc7afe9e944 100644
--- a/vendor/github.com/google/go-github/v56/github/actions_workflow_runs.go
+++ b/vendor/github.com/google/go-github/v57/github/actions_workflow_runs.go
@@ -14,39 +14,40 @@ import (
 
 // WorkflowRun represents a repository action workflow run.
 type WorkflowRun struct {
-	ID                 *int64         `json:"id,omitempty"`
-	Name               *string        `json:"name,omitempty"`
-	NodeID             *string        `json:"node_id,omitempty"`
-	HeadBranch         *string        `json:"head_branch,omitempty"`
-	HeadSHA            *string        `json:"head_sha,omitempty"`
-	RunNumber          *int           `json:"run_number,omitempty"`
-	RunAttempt         *int           `json:"run_attempt,omitempty"`
-	Event              *string        `json:"event,omitempty"`
-	DisplayTitle       *string        `json:"display_title,omitempty"`
-	Status             *string        `json:"status,omitempty"`
-	Conclusion         *string        `json:"conclusion,omitempty"`
-	WorkflowID         *int64         `json:"workflow_id,omitempty"`
-	CheckSuiteID       *int64         `json:"check_suite_id,omitempty"`
-	CheckSuiteNodeID   *string        `json:"check_suite_node_id,omitempty"`
-	URL                *string        `json:"url,omitempty"`
-	HTMLURL            *string        `json:"html_url,omitempty"`
-	PullRequests       []*PullRequest `json:"pull_requests,omitempty"`
-	CreatedAt          *Timestamp     `json:"created_at,omitempty"`
-	UpdatedAt          *Timestamp     `json:"updated_at,omitempty"`
-	RunStartedAt       *Timestamp     `json:"run_started_at,omitempty"`
-	JobsURL            *string        `json:"jobs_url,omitempty"`
-	LogsURL            *string        `json:"logs_url,omitempty"`
-	CheckSuiteURL      *string        `json:"check_suite_url,omitempty"`
-	ArtifactsURL       *string        `json:"artifacts_url,omitempty"`
-	CancelURL          *string        `json:"cancel_url,omitempty"`
-	RerunURL           *string        `json:"rerun_url,omitempty"`
-	PreviousAttemptURL *string        `json:"previous_attempt_url,omitempty"`
-	HeadCommit         *HeadCommit    `json:"head_commit,omitempty"`
-	WorkflowURL        *string        `json:"workflow_url,omitempty"`
-	Repository         *Repository    `json:"repository,omitempty"`
-	HeadRepository     *Repository    `json:"head_repository,omitempty"`
-	Actor              *User          `json:"actor,omitempty"`
-	TriggeringActor    *User          `json:"triggering_actor,omitempty"`
+	ID                  *int64                `json:"id,omitempty"`
+	Name                *string               `json:"name,omitempty"`
+	NodeID              *string               `json:"node_id,omitempty"`
+	HeadBranch          *string               `json:"head_branch,omitempty"`
+	HeadSHA             *string               `json:"head_sha,omitempty"`
+	RunNumber           *int                  `json:"run_number,omitempty"`
+	RunAttempt          *int                  `json:"run_attempt,omitempty"`
+	Event               *string               `json:"event,omitempty"`
+	DisplayTitle        *string               `json:"display_title,omitempty"`
+	Status              *string               `json:"status,omitempty"`
+	Conclusion          *string               `json:"conclusion,omitempty"`
+	WorkflowID          *int64                `json:"workflow_id,omitempty"`
+	CheckSuiteID        *int64                `json:"check_suite_id,omitempty"`
+	CheckSuiteNodeID    *string               `json:"check_suite_node_id,omitempty"`
+	URL                 *string               `json:"url,omitempty"`
+	HTMLURL             *string               `json:"html_url,omitempty"`
+	PullRequests        []*PullRequest        `json:"pull_requests,omitempty"`
+	CreatedAt           *Timestamp            `json:"created_at,omitempty"`
+	UpdatedAt           *Timestamp            `json:"updated_at,omitempty"`
+	RunStartedAt        *Timestamp            `json:"run_started_at,omitempty"`
+	JobsURL             *string               `json:"jobs_url,omitempty"`
+	LogsURL             *string               `json:"logs_url,omitempty"`
+	CheckSuiteURL       *string               `json:"check_suite_url,omitempty"`
+	ArtifactsURL        *string               `json:"artifacts_url,omitempty"`
+	CancelURL           *string               `json:"cancel_url,omitempty"`
+	RerunURL            *string               `json:"rerun_url,omitempty"`
+	PreviousAttemptURL  *string               `json:"previous_attempt_url,omitempty"`
+	HeadCommit          *HeadCommit           `json:"head_commit,omitempty"`
+	WorkflowURL         *string               `json:"workflow_url,omitempty"`
+	Repository          *Repository           `json:"repository,omitempty"`
+	HeadRepository      *Repository           `json:"head_repository,omitempty"`
+	Actor               *User                 `json:"actor,omitempty"`
+	TriggeringActor     *User                 `json:"triggering_actor,omitempty"`
+	ReferencedWorkflows []*ReferencedWorkflow `json:"referenced_workflows,omitempty"`
 }
 
 // WorkflowRuns represents a slice of repository action workflow run.
@@ -104,6 +105,12 @@ type PendingDeploymentsRequest struct {
 	Comment string `json:"comment"`
 }
 
+type ReferencedWorkflow struct {
+	Path *string `json:"path,omitempty"`
+	SHA  *string `json:"sha,omitempty"`
+	Ref  *string `json:"ref,omitempty"`
+}
+
 func (s *ActionsService) listWorkflowRuns(ctx context.Context, endpoint string, opts *ListWorkflowRunsOptions) (*WorkflowRuns, *Response, error) {
 	u, err := addOptions(endpoint, opts)
 	if err != nil {
@@ -126,7 +133,9 @@ func (s *ActionsService) listWorkflowRuns(ctx context.Context, endpoint string,
 
 // ListWorkflowRunsByID lists all workflow runs by workflow ID.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/workflow-runs#list-workflow-runs
+// GitHub API docs: https://docs.github.com/rest/actions/workflow-runs#list-workflow-runs-for-a-workflow
+//
+//meta:operation GET /repos/{owner}/{repo}/actions/workflows/{workflow_id}/runs
 func (s *ActionsService) ListWorkflowRunsByID(ctx context.Context, owner, repo string, workflowID int64, opts *ListWorkflowRunsOptions) (*WorkflowRuns, *Response, error) {
 	u := fmt.Sprintf("repos/%s/%s/actions/workflows/%v/runs", owner, repo, workflowID)
 	return s.listWorkflowRuns(ctx, u, opts)
@@ -134,7 +143,9 @@ func (s *ActionsService) ListWorkflowRunsByID(ctx context.Context, owner, repo s
 
 // ListWorkflowRunsByFileName lists all workflow runs by workflow file name.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/workflow-runs#list-workflow-runs
+// GitHub API docs: https://docs.github.com/rest/actions/workflow-runs#list-workflow-runs-for-a-workflow
+//
+//meta:operation GET /repos/{owner}/{repo}/actions/workflows/{workflow_id}/runs
 func (s *ActionsService) ListWorkflowRunsByFileName(ctx context.Context, owner, repo, workflowFileName string, opts *ListWorkflowRunsOptions) (*WorkflowRuns, *Response, error) {
 	u := fmt.Sprintf("repos/%s/%s/actions/workflows/%v/runs", owner, repo, workflowFileName)
 	return s.listWorkflowRuns(ctx, u, opts)
@@ -142,7 +153,9 @@ func (s *ActionsService) ListWorkflowRunsByFileName(ctx context.Context, owner,
 
 // ListRepositoryWorkflowRuns lists all workflow runs for a repository.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/workflow-runs#list-workflow-runs-for-a-repository
+// GitHub API docs: https://docs.github.com/rest/actions/workflow-runs#list-workflow-runs-for-a-repository
+//
+//meta:operation GET /repos/{owner}/{repo}/actions/runs
 func (s *ActionsService) ListRepositoryWorkflowRuns(ctx context.Context, owner, repo string, opts *ListWorkflowRunsOptions) (*WorkflowRuns, *Response, error) {
 	u := fmt.Sprintf("repos/%s/%s/actions/runs", owner, repo)
 	u, err := addOptions(u, opts)
@@ -166,7 +179,9 @@ func (s *ActionsService) ListRepositoryWorkflowRuns(ctx context.Context, owner,
 
 // GetWorkflowRunByID gets a specific workflow run by ID.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/workflow-runs#get-a-workflow-run
+// GitHub API docs: https://docs.github.com/rest/actions/workflow-runs#get-a-workflow-run
+//
+//meta:operation GET /repos/{owner}/{repo}/actions/runs/{run_id}
 func (s *ActionsService) GetWorkflowRunByID(ctx context.Context, owner, repo string, runID int64) (*WorkflowRun, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/actions/runs/%v", owner, repo, runID)
 
@@ -186,7 +201,9 @@ func (s *ActionsService) GetWorkflowRunByID(ctx context.Context, owner, repo str
 
 // GetWorkflowRunAttempt gets a specific workflow run attempt.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/workflow-runs#get-a-workflow-run-attempt
+// GitHub API docs: https://docs.github.com/rest/actions/workflow-runs#get-a-workflow-run-attempt
+//
+//meta:operation GET /repos/{owner}/{repo}/actions/runs/{run_id}/attempts/{attempt_number}
 func (s *ActionsService) GetWorkflowRunAttempt(ctx context.Context, owner, repo string, runID int64, attemptNumber int, opts *WorkflowRunAttemptOptions) (*WorkflowRun, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/actions/runs/%v/attempts/%v", owner, repo, runID, attemptNumber)
 	u, err := addOptions(u, opts)
@@ -210,7 +227,9 @@ func (s *ActionsService) GetWorkflowRunAttempt(ctx context.Context, owner, repo
 
 // GetWorkflowRunAttemptLogs gets a redirect URL to download a plain text file of logs for a workflow run for attempt number.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/workflow-runs#download-workflow-run-attempt-logs
+// GitHub API docs: https://docs.github.com/rest/actions/workflow-runs#download-workflow-run-attempt-logs
+//
+//meta:operation GET /repos/{owner}/{repo}/actions/runs/{run_id}/attempts/{attempt_number}/logs
 func (s *ActionsService) GetWorkflowRunAttemptLogs(ctx context.Context, owner, repo string, runID int64, attemptNumber int, maxRedirects int) (*url.URL, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/actions/runs/%v/attempts/%v/logs", owner, repo, runID, attemptNumber)
 
@@ -230,7 +249,9 @@ func (s *ActionsService) GetWorkflowRunAttemptLogs(ctx context.Context, owner, r
 
 // RerunWorkflowByID re-runs a workflow by ID.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/workflow-runs#re-run-a-workflow
+// GitHub API docs: https://docs.github.com/rest/actions/workflow-runs#re-run-a-workflow
+//
+//meta:operation POST /repos/{owner}/{repo}/actions/runs/{run_id}/rerun
 func (s *ActionsService) RerunWorkflowByID(ctx context.Context, owner, repo string, runID int64) (*Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/actions/runs/%v/rerun", owner, repo, runID)
 
@@ -244,7 +265,9 @@ func (s *ActionsService) RerunWorkflowByID(ctx context.Context, owner, repo stri
 
 // RerunFailedJobsByID re-runs all of the failed jobs and their dependent jobs in a workflow run by ID.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/workflow-runs#re-run-failed-jobs-from-a-workflow-run
+// GitHub API docs: https://docs.github.com/rest/actions/workflow-runs#re-run-failed-jobs-from-a-workflow-run
+//
+//meta:operation POST /repos/{owner}/{repo}/actions/runs/{run_id}/rerun-failed-jobs
 func (s *ActionsService) RerunFailedJobsByID(ctx context.Context, owner, repo string, runID int64) (*Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/actions/runs/%v/rerun-failed-jobs", owner, repo, runID)
 
@@ -258,7 +281,9 @@ func (s *ActionsService) RerunFailedJobsByID(ctx context.Context, owner, repo st
 
 // RerunJobByID re-runs a job and its dependent jobs in a workflow run by ID.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/workflow-runs#re-run-a-job-from-a-workflow-run
+// GitHub API docs: https://docs.github.com/rest/actions/workflow-runs#re-run-a-job-from-a-workflow-run
+//
+//meta:operation POST /repos/{owner}/{repo}/actions/jobs/{job_id}/rerun
 func (s *ActionsService) RerunJobByID(ctx context.Context, owner, repo string, jobID int64) (*Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/actions/jobs/%v/rerun", owner, repo, jobID)
 
@@ -272,7 +297,9 @@ func (s *ActionsService) RerunJobByID(ctx context.Context, owner, repo string, j
 
 // CancelWorkflowRunByID cancels a workflow run by ID.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/workflow-runs#cancel-a-workflow-run
+// GitHub API docs: https://docs.github.com/rest/actions/workflow-runs#cancel-a-workflow-run
+//
+//meta:operation POST /repos/{owner}/{repo}/actions/runs/{run_id}/cancel
 func (s *ActionsService) CancelWorkflowRunByID(ctx context.Context, owner, repo string, runID int64) (*Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/actions/runs/%v/cancel", owner, repo, runID)
 
@@ -286,7 +313,9 @@ func (s *ActionsService) CancelWorkflowRunByID(ctx context.Context, owner, repo
 
 // GetWorkflowRunLogs gets a redirect URL to download a plain text file of logs for a workflow run.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/workflow-runs#download-workflow-run-logs
+// GitHub API docs: https://docs.github.com/rest/actions/workflow-runs#download-workflow-run-logs
+//
+//meta:operation GET /repos/{owner}/{repo}/actions/runs/{run_id}/logs
 func (s *ActionsService) GetWorkflowRunLogs(ctx context.Context, owner, repo string, runID int64, maxRedirects int) (*url.URL, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/actions/runs/%v/logs", owner, repo, runID)
 
@@ -306,7 +335,9 @@ func (s *ActionsService) GetWorkflowRunLogs(ctx context.Context, owner, repo str
 
 // DeleteWorkflowRun deletes a workflow run by ID.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/workflow-runs#delete-a-workflow-run
+// GitHub API docs: https://docs.github.com/rest/actions/workflow-runs#delete-a-workflow-run
+//
+//meta:operation DELETE /repos/{owner}/{repo}/actions/runs/{run_id}
 func (s *ActionsService) DeleteWorkflowRun(ctx context.Context, owner, repo string, runID int64) (*Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/actions/runs/%v", owner, repo, runID)
 
@@ -320,7 +351,9 @@ func (s *ActionsService) DeleteWorkflowRun(ctx context.Context, owner, repo stri
 
 // DeleteWorkflowRunLogs deletes all logs for a workflow run.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/workflow-runs#delete-workflow-run-logs
+// GitHub API docs: https://docs.github.com/rest/actions/workflow-runs#delete-workflow-run-logs
+//
+//meta:operation DELETE /repos/{owner}/{repo}/actions/runs/{run_id}/logs
 func (s *ActionsService) DeleteWorkflowRunLogs(ctx context.Context, owner, repo string, runID int64) (*Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/actions/runs/%v/logs", owner, repo, runID)
 
@@ -334,7 +367,9 @@ func (s *ActionsService) DeleteWorkflowRunLogs(ctx context.Context, owner, repo
 
 // GetWorkflowRunUsageByID gets a specific workflow usage run by run ID in the unit of billable milliseconds.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/workflow-runs#get-workflow-run-usage
+// GitHub API docs: https://docs.github.com/rest/actions/workflow-runs#get-workflow-run-usage
+//
+//meta:operation GET /repos/{owner}/{repo}/actions/runs/{run_id}/timing
 func (s *ActionsService) GetWorkflowRunUsageByID(ctx context.Context, owner, repo string, runID int64) (*WorkflowRunUsage, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/actions/runs/%v/timing", owner, repo, runID)
 
@@ -354,7 +389,9 @@ func (s *ActionsService) GetWorkflowRunUsageByID(ctx context.Context, owner, rep
 
 // PendingDeployments approve or reject pending deployments that are waiting on approval by a required reviewer.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/workflow-runs#review-pending-deployments-for-a-workflow-run
+// GitHub API docs: https://docs.github.com/rest/actions/workflow-runs#review-pending-deployments-for-a-workflow-run
+//
+//meta:operation POST /repos/{owner}/{repo}/actions/runs/{run_id}/pending_deployments
 func (s *ActionsService) PendingDeployments(ctx context.Context, owner, repo string, runID int64, request *PendingDeploymentsRequest) ([]*Deployment, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/actions/runs/%v/pending_deployments", owner, repo, runID)
 
diff --git a/vendor/github.com/google/go-github/v56/github/actions_workflows.go b/vendor/github.com/google/go-github/v57/github/actions_workflows.go
similarity index 80%
rename from vendor/github.com/google/go-github/v56/github/actions_workflows.go
rename to vendor/github.com/google/go-github/v57/github/actions_workflows.go
index c9b47ed4be4..0214e6abff2 100644
--- a/vendor/github.com/google/go-github/v56/github/actions_workflows.go
+++ b/vendor/github.com/google/go-github/v57/github/actions_workflows.go
@@ -58,7 +58,9 @@ type CreateWorkflowDispatchEventRequest struct {
 
 // ListWorkflows lists all workflows in a repository.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/workflows#list-repository-workflows
+// GitHub API docs: https://docs.github.com/rest/actions/workflows#list-repository-workflows
+//
+//meta:operation GET /repos/{owner}/{repo}/actions/workflows
 func (s *ActionsService) ListWorkflows(ctx context.Context, owner, repo string, opts *ListOptions) (*Workflows, *Response, error) {
 	u := fmt.Sprintf("repos/%s/%s/actions/workflows", owner, repo)
 	u, err := addOptions(u, opts)
@@ -82,7 +84,9 @@ func (s *ActionsService) ListWorkflows(ctx context.Context, owner, repo string,
 
 // GetWorkflowByID gets a specific workflow by ID.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/workflows#get-a-workflow
+// GitHub API docs: https://docs.github.com/rest/actions/workflows#get-a-workflow
+//
+//meta:operation GET /repos/{owner}/{repo}/actions/workflows/{workflow_id}
 func (s *ActionsService) GetWorkflowByID(ctx context.Context, owner, repo string, workflowID int64) (*Workflow, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/actions/workflows/%v", owner, repo, workflowID)
 
@@ -91,7 +95,9 @@ func (s *ActionsService) GetWorkflowByID(ctx context.Context, owner, repo string
 
 // GetWorkflowByFileName gets a specific workflow by file name.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/workflows#get-a-workflow
+// GitHub API docs: https://docs.github.com/rest/actions/workflows#get-a-workflow
+//
+//meta:operation GET /repos/{owner}/{repo}/actions/workflows/{workflow_id}
 func (s *ActionsService) GetWorkflowByFileName(ctx context.Context, owner, repo, workflowFileName string) (*Workflow, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/actions/workflows/%v", owner, repo, workflowFileName)
 
@@ -115,7 +121,9 @@ func (s *ActionsService) getWorkflow(ctx context.Context, url string) (*Workflow
 
 // GetWorkflowUsageByID gets a specific workflow usage by ID in the unit of billable milliseconds.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/workflows#get-workflow-usage
+// GitHub API docs: https://docs.github.com/rest/actions/workflows#get-workflow-usage
+//
+//meta:operation GET /repos/{owner}/{repo}/actions/workflows/{workflow_id}/timing
 func (s *ActionsService) GetWorkflowUsageByID(ctx context.Context, owner, repo string, workflowID int64) (*WorkflowUsage, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/actions/workflows/%v/timing", owner, repo, workflowID)
 
@@ -124,7 +132,9 @@ func (s *ActionsService) GetWorkflowUsageByID(ctx context.Context, owner, repo s
 
 // GetWorkflowUsageByFileName gets a specific workflow usage by file name in the unit of billable milliseconds.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/workflows#get-workflow-usage
+// GitHub API docs: https://docs.github.com/rest/actions/workflows#get-workflow-usage
+//
+//meta:operation GET /repos/{owner}/{repo}/actions/workflows/{workflow_id}/timing
 func (s *ActionsService) GetWorkflowUsageByFileName(ctx context.Context, owner, repo, workflowFileName string) (*WorkflowUsage, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/actions/workflows/%v/timing", owner, repo, workflowFileName)
 
@@ -148,7 +158,9 @@ func (s *ActionsService) getWorkflowUsage(ctx context.Context, url string) (*Wor
 
 // CreateWorkflowDispatchEventByID manually triggers a GitHub Actions workflow run.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/workflows#create-a-workflow-dispatch-event
+// GitHub API docs: https://docs.github.com/rest/actions/workflows#create-a-workflow-dispatch-event
+//
+//meta:operation POST /repos/{owner}/{repo}/actions/workflows/{workflow_id}/dispatches
 func (s *ActionsService) CreateWorkflowDispatchEventByID(ctx context.Context, owner, repo string, workflowID int64, event CreateWorkflowDispatchEventRequest) (*Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/actions/workflows/%v/dispatches", owner, repo, workflowID)
 
@@ -157,7 +169,9 @@ func (s *ActionsService) CreateWorkflowDispatchEventByID(ctx context.Context, ow
 
 // CreateWorkflowDispatchEventByFileName manually triggers a GitHub Actions workflow run.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/workflows#create-a-workflow-dispatch-event
+// GitHub API docs: https://docs.github.com/rest/actions/workflows#create-a-workflow-dispatch-event
+//
+//meta:operation POST /repos/{owner}/{repo}/actions/workflows/{workflow_id}/dispatches
 func (s *ActionsService) CreateWorkflowDispatchEventByFileName(ctx context.Context, owner, repo, workflowFileName string, event CreateWorkflowDispatchEventRequest) (*Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/actions/workflows/%v/dispatches", owner, repo, workflowFileName)
 
@@ -175,7 +189,9 @@ func (s *ActionsService) createWorkflowDispatchEvent(ctx context.Context, url st
 
 // EnableWorkflowByID enables a workflow and sets the state of the workflow to "active".
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/workflows#enable-a-workflow
+// GitHub API docs: https://docs.github.com/rest/actions/workflows#enable-a-workflow
+//
+//meta:operation PUT /repos/{owner}/{repo}/actions/workflows/{workflow_id}/enable
 func (s *ActionsService) EnableWorkflowByID(ctx context.Context, owner, repo string, workflowID int64) (*Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/actions/workflows/%v/enable", owner, repo, workflowID)
 	return s.doNewPutRequest(ctx, u)
@@ -183,7 +199,9 @@ func (s *ActionsService) EnableWorkflowByID(ctx context.Context, owner, repo str
 
 // EnableWorkflowByFileName enables a workflow and sets the state of the workflow to "active".
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/workflows#enable-a-workflow
+// GitHub API docs: https://docs.github.com/rest/actions/workflows#enable-a-workflow
+//
+//meta:operation PUT /repos/{owner}/{repo}/actions/workflows/{workflow_id}/enable
 func (s *ActionsService) EnableWorkflowByFileName(ctx context.Context, owner, repo, workflowFileName string) (*Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/actions/workflows/%v/enable", owner, repo, workflowFileName)
 	return s.doNewPutRequest(ctx, u)
@@ -191,7 +209,9 @@ func (s *ActionsService) EnableWorkflowByFileName(ctx context.Context, owner, re
 
 // DisableWorkflowByID disables a workflow and sets the state of the workflow to "disabled_manually".
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/workflows#disable-a-workflow
+// GitHub API docs: https://docs.github.com/rest/actions/workflows#disable-a-workflow
+//
+//meta:operation PUT /repos/{owner}/{repo}/actions/workflows/{workflow_id}/disable
 func (s *ActionsService) DisableWorkflowByID(ctx context.Context, owner, repo string, workflowID int64) (*Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/actions/workflows/%v/disable", owner, repo, workflowID)
 	return s.doNewPutRequest(ctx, u)
@@ -199,7 +219,9 @@ func (s *ActionsService) DisableWorkflowByID(ctx context.Context, owner, repo st
 
 // DisableWorkflowByFileName disables a workflow and sets the state of the workflow to "disabled_manually".
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/workflows#disable-a-workflow
+// GitHub API docs: https://docs.github.com/rest/actions/workflows#disable-a-workflow
+//
+//meta:operation PUT /repos/{owner}/{repo}/actions/workflows/{workflow_id}/disable
 func (s *ActionsService) DisableWorkflowByFileName(ctx context.Context, owner, repo, workflowFileName string) (*Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/actions/workflows/%v/disable", owner, repo, workflowFileName)
 	return s.doNewPutRequest(ctx, u)
diff --git a/vendor/github.com/google/go-github/v56/github/activity.go b/vendor/github.com/google/go-github/v57/github/activity.go
similarity index 94%
rename from vendor/github.com/google/go-github/v56/github/activity.go
rename to vendor/github.com/google/go-github/v57/github/activity.go
index 9cd9f9b71d7..edf8cc4397c 100644
--- a/vendor/github.com/google/go-github/v56/github/activity.go
+++ b/vendor/github.com/google/go-github/v57/github/activity.go
@@ -10,7 +10,7 @@ import "context"
 // ActivityService handles communication with the activity related
 // methods of the GitHub API.
 //
-// GitHub API docs: https://docs.github.com/en/rest/activity/
+// GitHub API docs: https://docs.github.com/rest/activity/
 type ActivityService service
 
 // FeedLink represents a link to a related resource.
@@ -57,6 +57,10 @@ type FeedLinks struct {
 //
 // Note: Private feeds are only returned when authenticating via Basic Auth
 // since current feed URIs use the older, non revocable auth tokens.
+//
+// GitHub API docs: https://docs.github.com/rest/activity/feeds#get-feeds
+//
+//meta:operation GET /feeds
 func (s *ActivityService) ListFeeds(ctx context.Context) (*Feeds, *Response, error) {
 	req, err := s.client.NewRequest("GET", "feeds", nil)
 	if err != nil {
diff --git a/vendor/github.com/google/go-github/v56/github/activity_events.go b/vendor/github.com/google/go-github/v57/github/activity_events.go
similarity index 76%
rename from vendor/github.com/google/go-github/v56/github/activity_events.go
rename to vendor/github.com/google/go-github/v57/github/activity_events.go
index d6f0f043b08..b12baa99e67 100644
--- a/vendor/github.com/google/go-github/v56/github/activity_events.go
+++ b/vendor/github.com/google/go-github/v57/github/activity_events.go
@@ -12,7 +12,9 @@ import (
 
 // ListEvents drinks from the firehose of all public events across GitHub.
 //
-// GitHub API docs: https://docs.github.com/en/rest/activity/events#list-public-events
+// GitHub API docs: https://docs.github.com/rest/activity/events#list-public-events
+//
+//meta:operation GET /events
 func (s *ActivityService) ListEvents(ctx context.Context, opts *ListOptions) ([]*Event, *Response, error) {
 	u, err := addOptions("events", opts)
 	if err != nil {
@@ -35,7 +37,9 @@ func (s *ActivityService) ListEvents(ctx context.Context, opts *ListOptions) ([]
 
 // ListRepositoryEvents lists events for a repository.
 //
-// GitHub API docs: https://docs.github.com/en/rest/activity/events#list-repository-events
+// GitHub API docs: https://docs.github.com/rest/activity/events#list-repository-events
+//
+//meta:operation GET /repos/{owner}/{repo}/events
 func (s *ActivityService) ListRepositoryEvents(ctx context.Context, owner, repo string, opts *ListOptions) ([]*Event, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/events", owner, repo)
 	u, err := addOptions(u, opts)
@@ -59,7 +63,9 @@ func (s *ActivityService) ListRepositoryEvents(ctx context.Context, owner, repo
 
 // ListIssueEventsForRepository lists issue events for a repository.
 //
-// GitHub API docs: https://docs.github.com/en/rest/issues/events#list-issue-events-for-a-repository
+// GitHub API docs: https://docs.github.com/rest/issues/events#list-issue-events-for-a-repository
+//
+//meta:operation GET /repos/{owner}/{repo}/issues/events
 func (s *ActivityService) ListIssueEventsForRepository(ctx context.Context, owner, repo string, opts *ListOptions) ([]*IssueEvent, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/issues/events", owner, repo)
 	u, err := addOptions(u, opts)
@@ -83,7 +89,9 @@ func (s *ActivityService) ListIssueEventsForRepository(ctx context.Context, owne
 
 // ListEventsForRepoNetwork lists public events for a network of repositories.
 //
-// GitHub API docs: https://docs.github.com/en/rest/activity/events#list-public-events-for-a-network-of-repositories
+// GitHub API docs: https://docs.github.com/rest/activity/events#list-public-events-for-a-network-of-repositories
+//
+//meta:operation GET /networks/{owner}/{repo}/events
 func (s *ActivityService) ListEventsForRepoNetwork(ctx context.Context, owner, repo string, opts *ListOptions) ([]*Event, *Response, error) {
 	u := fmt.Sprintf("networks/%v/%v/events", owner, repo)
 	u, err := addOptions(u, opts)
@@ -107,7 +115,9 @@ func (s *ActivityService) ListEventsForRepoNetwork(ctx context.Context, owner, r
 
 // ListEventsForOrganization lists public events for an organization.
 //
-// GitHub API docs: https://docs.github.com/en/rest/activity/events#list-public-organization-events
+// GitHub API docs: https://docs.github.com/rest/activity/events#list-public-organization-events
+//
+//meta:operation GET /orgs/{org}/events
 func (s *ActivityService) ListEventsForOrganization(ctx context.Context, org string, opts *ListOptions) ([]*Event, *Response, error) {
 	u := fmt.Sprintf("orgs/%v/events", org)
 	u, err := addOptions(u, opts)
@@ -132,8 +142,11 @@ func (s *ActivityService) ListEventsForOrganization(ctx context.Context, org str
 // ListEventsPerformedByUser lists the events performed by a user. If publicOnly is
 // true, only public events will be returned.
 //
-// GitHub API docs: https://docs.github.com/en/rest/activity/events#list-events-for-the-authenticated-user
-// GitHub API docs: https://docs.github.com/en/rest/activity/events#list-public-events-for-a-user
+// GitHub API docs: https://docs.github.com/rest/activity/events#list-events-for-the-authenticated-user
+// GitHub API docs: https://docs.github.com/rest/activity/events#list-public-events-for-a-user
+//
+//meta:operation GET /users/{username}/events
+//meta:operation GET /users/{username}/events/public
 func (s *ActivityService) ListEventsPerformedByUser(ctx context.Context, user string, publicOnly bool, opts *ListOptions) ([]*Event, *Response, error) {
 	var u string
 	if publicOnly {
@@ -163,8 +176,11 @@ func (s *ActivityService) ListEventsPerformedByUser(ctx context.Context, user st
 // ListEventsReceivedByUser lists the events received by a user. If publicOnly is
 // true, only public events will be returned.
 //
-// GitHub API docs: https://docs.github.com/en/rest/activity/events#list-events-received-by-the-authenticated-user
-// GitHub API docs: https://docs.github.com/en/rest/activity/events#list-public-events-received-by-a-user
+// GitHub API docs: https://docs.github.com/rest/activity/events#list-events-received-by-the-authenticated-user
+// GitHub API docs: https://docs.github.com/rest/activity/events#list-public-events-received-by-a-user
+//
+//meta:operation GET /users/{username}/received_events
+//meta:operation GET /users/{username}/received_events/public
 func (s *ActivityService) ListEventsReceivedByUser(ctx context.Context, user string, publicOnly bool, opts *ListOptions) ([]*Event, *Response, error) {
 	var u string
 	if publicOnly {
@@ -194,7 +210,9 @@ func (s *ActivityService) ListEventsReceivedByUser(ctx context.Context, user str
 // ListUserEventsForOrganization provides the user’s organization dashboard. You
 // must be authenticated as the user to view this.
 //
-// GitHub API docs: https://docs.github.com/en/rest/activity/events#list-organization-events-for-the-authenticated-user
+// GitHub API docs: https://docs.github.com/rest/activity/events#list-organization-events-for-the-authenticated-user
+//
+//meta:operation GET /users/{username}/events/orgs/{org}
 func (s *ActivityService) ListUserEventsForOrganization(ctx context.Context, org, user string, opts *ListOptions) ([]*Event, *Response, error) {
 	u := fmt.Sprintf("users/%v/events/orgs/%v", user, org)
 	u, err := addOptions(u, opts)
diff --git a/vendor/github.com/google/go-github/v56/github/activity_notifications.go b/vendor/github.com/google/go-github/v57/github/activity_notifications.go
similarity index 79%
rename from vendor/github.com/google/go-github/v56/github/activity_notifications.go
rename to vendor/github.com/google/go-github/v57/github/activity_notifications.go
index 03476c2e2c3..47f22261dd2 100644
--- a/vendor/github.com/google/go-github/v56/github/activity_notifications.go
+++ b/vendor/github.com/google/go-github/v57/github/activity_notifications.go
@@ -19,7 +19,7 @@ type Notification struct {
 
 	// Reason identifies the event that triggered the notification.
 	//
-	// GitHub API docs: https://docs.github.com/en/rest/activity#notification-reasons
+	// GitHub API docs: https://docs.github.com/rest/activity#notification-reasons
 	Reason *string `json:"reason,omitempty"`
 
 	Unread     *bool      `json:"unread,omitempty"`
@@ -49,7 +49,9 @@ type NotificationListOptions struct {
 
 // ListNotifications lists all notifications for the authenticated user.
 //
-// GitHub API docs: https://docs.github.com/en/rest/activity/notifications#list-notifications-for-the-authenticated-user
+// GitHub API docs: https://docs.github.com/rest/activity/notifications#list-notifications-for-the-authenticated-user
+//
+//meta:operation GET /notifications
 func (s *ActivityService) ListNotifications(ctx context.Context, opts *NotificationListOptions) ([]*Notification, *Response, error) {
 	u := "notifications"
 	u, err := addOptions(u, opts)
@@ -74,7 +76,9 @@ func (s *ActivityService) ListNotifications(ctx context.Context, opts *Notificat
 // ListRepositoryNotifications lists all notifications in a given repository
 // for the authenticated user.
 //
-// GitHub API docs: https://docs.github.com/en/rest/activity/notifications#list-repository-notifications-for-the-authenticated-user
+// GitHub API docs: https://docs.github.com/rest/activity/notifications#list-repository-notifications-for-the-authenticated-user
+//
+//meta:operation GET /repos/{owner}/{repo}/notifications
 func (s *ActivityService) ListRepositoryNotifications(ctx context.Context, owner, repo string, opts *NotificationListOptions) ([]*Notification, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/notifications", owner, repo)
 	u, err := addOptions(u, opts)
@@ -102,7 +106,9 @@ type markReadOptions struct {
 
 // MarkNotificationsRead marks all notifications up to lastRead as read.
 //
-// GitHub API docs: https://docs.github.com/en/rest/activity#mark-as-read
+// GitHub API docs: https://docs.github.com/rest/activity/notifications#mark-notifications-as-read
+//
+//meta:operation PUT /notifications
 func (s *ActivityService) MarkNotificationsRead(ctx context.Context, lastRead Timestamp) (*Response, error) {
 	opts := &markReadOptions{
 		LastReadAt: lastRead,
@@ -118,7 +124,9 @@ func (s *ActivityService) MarkNotificationsRead(ctx context.Context, lastRead Ti
 // MarkRepositoryNotificationsRead marks all notifications up to lastRead in
 // the specified repository as read.
 //
-// GitHub API docs: https://docs.github.com/en/rest/activity/notifications#mark-repository-notifications-as-read
+// GitHub API docs: https://docs.github.com/rest/activity/notifications#mark-repository-notifications-as-read
+//
+//meta:operation PUT /repos/{owner}/{repo}/notifications
 func (s *ActivityService) MarkRepositoryNotificationsRead(ctx context.Context, owner, repo string, lastRead Timestamp) (*Response, error) {
 	opts := &markReadOptions{
 		LastReadAt: lastRead,
@@ -134,7 +142,9 @@ func (s *ActivityService) MarkRepositoryNotificationsRead(ctx context.Context, o
 
 // GetThread gets the specified notification thread.
 //
-// GitHub API docs: https://docs.github.com/en/rest/activity/notifications#get-a-thread
+// GitHub API docs: https://docs.github.com/rest/activity/notifications#get-a-thread
+//
+//meta:operation GET /notifications/threads/{thread_id}
 func (s *ActivityService) GetThread(ctx context.Context, id string) (*Notification, *Response, error) {
 	u := fmt.Sprintf("notifications/threads/%v", id)
 
@@ -154,7 +164,9 @@ func (s *ActivityService) GetThread(ctx context.Context, id string) (*Notificati
 
 // MarkThreadRead marks the specified thread as read.
 //
-// GitHub API docs: https://docs.github.com/en/rest/activity/notifications#mark-a-thread-as-read
+// GitHub API docs: https://docs.github.com/rest/activity/notifications#mark-a-thread-as-read
+//
+//meta:operation PATCH /notifications/threads/{thread_id}
 func (s *ActivityService) MarkThreadRead(ctx context.Context, id string) (*Response, error) {
 	u := fmt.Sprintf("notifications/threads/%v", id)
 
@@ -169,7 +181,9 @@ func (s *ActivityService) MarkThreadRead(ctx context.Context, id string) (*Respo
 // GetThreadSubscription checks to see if the authenticated user is subscribed
 // to a thread.
 //
-// GitHub API docs: https://docs.github.com/en/rest/activity/notifications#get-a-thread-subscription-for-the-authenticated-user
+// GitHub API docs: https://docs.github.com/rest/activity/notifications#get-a-thread-subscription-for-the-authenticated-user
+//
+//meta:operation GET /notifications/threads/{thread_id}/subscription
 func (s *ActivityService) GetThreadSubscription(ctx context.Context, id string) (*Subscription, *Response, error) {
 	u := fmt.Sprintf("notifications/threads/%v/subscription", id)
 
@@ -190,7 +204,9 @@ func (s *ActivityService) GetThreadSubscription(ctx context.Context, id string)
 // SetThreadSubscription sets the subscription for the specified thread for the
 // authenticated user.
 //
-// GitHub API docs: https://docs.github.com/en/rest/activity/notifications#set-a-thread-subscription
+// GitHub API docs: https://docs.github.com/rest/activity/notifications#set-a-thread-subscription
+//
+//meta:operation PUT /notifications/threads/{thread_id}/subscription
 func (s *ActivityService) SetThreadSubscription(ctx context.Context, id string, subscription *Subscription) (*Subscription, *Response, error) {
 	u := fmt.Sprintf("notifications/threads/%v/subscription", id)
 
@@ -211,7 +227,9 @@ func (s *ActivityService) SetThreadSubscription(ctx context.Context, id string,
 // DeleteThreadSubscription deletes the subscription for the specified thread
 // for the authenticated user.
 //
-// GitHub API docs: https://docs.github.com/en/rest/activity/notifications#delete-a-thread-subscription
+// GitHub API docs: https://docs.github.com/rest/activity/notifications#delete-a-thread-subscription
+//
+//meta:operation DELETE /notifications/threads/{thread_id}/subscription
 func (s *ActivityService) DeleteThreadSubscription(ctx context.Context, id string) (*Response, error) {
 	u := fmt.Sprintf("notifications/threads/%v/subscription", id)
 	req, err := s.client.NewRequest("DELETE", u, nil)
diff --git a/vendor/github.com/google/go-github/v56/github/activity_star.go b/vendor/github.com/google/go-github/v57/github/activity_star.go
similarity index 79%
rename from vendor/github.com/google/go-github/v56/github/activity_star.go
rename to vendor/github.com/google/go-github/v57/github/activity_star.go
index 65a316f5325..cebdacf76a9 100644
--- a/vendor/github.com/google/go-github/v56/github/activity_star.go
+++ b/vendor/github.com/google/go-github/v57/github/activity_star.go
@@ -25,7 +25,9 @@ type Stargazer struct {
 
 // ListStargazers lists people who have starred the specified repo.
 //
-// GitHub API docs: https://docs.github.com/en/rest/activity/starring#list-stargazers
+// GitHub API docs: https://docs.github.com/rest/activity/starring#list-stargazers
+//
+//meta:operation GET /repos/{owner}/{repo}/stargazers
 func (s *ActivityService) ListStargazers(ctx context.Context, owner, repo string, opts *ListOptions) ([]*Stargazer, *Response, error) {
 	u := fmt.Sprintf("repos/%s/%s/stargazers", owner, repo)
 	u, err := addOptions(u, opts)
@@ -67,8 +69,11 @@ type ActivityListStarredOptions struct {
 // ListStarred lists all the repos starred by a user. Passing the empty string
 // will list the starred repositories for the authenticated user.
 //
-// GitHub API docs: https://docs.github.com/en/rest/activity/starring#list-repositories-starred-by-the-authenticated-user
-// GitHub API docs: https://docs.github.com/en/rest/activity/starring#list-repositories-starred-by-a-user
+// GitHub API docs: https://docs.github.com/rest/activity/starring#list-repositories-starred-by-a-user
+// GitHub API docs: https://docs.github.com/rest/activity/starring#list-repositories-starred-by-the-authenticated-user
+//
+//meta:operation GET /user/starred
+//meta:operation GET /users/{username}/starred
 func (s *ActivityService) ListStarred(ctx context.Context, user string, opts *ActivityListStarredOptions) ([]*StarredRepository, *Response, error) {
 	var u string
 	if user != "" {
@@ -101,7 +106,9 @@ func (s *ActivityService) ListStarred(ctx context.Context, user string, opts *Ac
 
 // IsStarred checks if a repository is starred by authenticated user.
 //
-// GitHub API docs: https://docs.github.com/en/rest/activity/starring#check-if-a-repository-is-starred-by-the-authenticated-user
+// GitHub API docs: https://docs.github.com/rest/activity/starring#check-if-a-repository-is-starred-by-the-authenticated-user
+//
+//meta:operation GET /user/starred/{owner}/{repo}
 func (s *ActivityService) IsStarred(ctx context.Context, owner, repo string) (bool, *Response, error) {
 	u := fmt.Sprintf("user/starred/%v/%v", owner, repo)
 	req, err := s.client.NewRequest("GET", u, nil)
@@ -116,7 +123,9 @@ func (s *ActivityService) IsStarred(ctx context.Context, owner, repo string) (bo
 
 // Star a repository as the authenticated user.
 //
-// GitHub API docs: https://docs.github.com/en/rest/activity/starring#star-a-repository-for-the-authenticated-user
+// GitHub API docs: https://docs.github.com/rest/activity/starring#star-a-repository-for-the-authenticated-user
+//
+//meta:operation PUT /user/starred/{owner}/{repo}
 func (s *ActivityService) Star(ctx context.Context, owner, repo string) (*Response, error) {
 	u := fmt.Sprintf("user/starred/%v/%v", owner, repo)
 	req, err := s.client.NewRequest("PUT", u, nil)
@@ -129,7 +138,9 @@ func (s *ActivityService) Star(ctx context.Context, owner, repo string) (*Respon
 
 // Unstar a repository as the authenticated user.
 //
-// GitHub API docs: https://docs.github.com/en/rest/activity/starring#unstar-a-repository-for-the-authenticated-user
+// GitHub API docs: https://docs.github.com/rest/activity/starring#unstar-a-repository-for-the-authenticated-user
+//
+//meta:operation DELETE /user/starred/{owner}/{repo}
 func (s *ActivityService) Unstar(ctx context.Context, owner, repo string) (*Response, error) {
 	u := fmt.Sprintf("user/starred/%v/%v", owner, repo)
 	req, err := s.client.NewRequest("DELETE", u, nil)
diff --git a/vendor/github.com/google/go-github/v56/github/activity_watching.go b/vendor/github.com/google/go-github/v57/github/activity_watching.go
similarity index 81%
rename from vendor/github.com/google/go-github/v56/github/activity_watching.go
rename to vendor/github.com/google/go-github/v57/github/activity_watching.go
index 2d6fafcc793..348590057b9 100644
--- a/vendor/github.com/google/go-github/v56/github/activity_watching.go
+++ b/vendor/github.com/google/go-github/v57/github/activity_watching.go
@@ -27,7 +27,9 @@ type Subscription struct {
 
 // ListWatchers lists watchers of a particular repo.
 //
-// GitHub API docs: https://docs.github.com/en/rest/activity/watching#list-watchers
+// GitHub API docs: https://docs.github.com/rest/activity/watching#list-watchers
+//
+//meta:operation GET /repos/{owner}/{repo}/subscribers
 func (s *ActivityService) ListWatchers(ctx context.Context, owner, repo string, opts *ListOptions) ([]*User, *Response, error) {
 	u := fmt.Sprintf("repos/%s/%s/subscribers", owner, repo)
 	u, err := addOptions(u, opts)
@@ -52,8 +54,11 @@ func (s *ActivityService) ListWatchers(ctx context.Context, owner, repo string,
 // ListWatched lists the repositories the specified user is watching. Passing
 // the empty string will fetch watched repos for the authenticated user.
 //
-// GitHub API docs: https://docs.github.com/en/rest/activity/watching#list-repositories-watched-by-the-authenticated-user
-// GitHub API docs: https://docs.github.com/en/rest/activity/watching#list-repositories-watched-by-a-user
+// GitHub API docs: https://docs.github.com/rest/activity/watching#list-repositories-watched-by-a-user
+// GitHub API docs: https://docs.github.com/rest/activity/watching#list-repositories-watched-by-the-authenticated-user
+//
+//meta:operation GET /user/subscriptions
+//meta:operation GET /users/{username}/subscriptions
 func (s *ActivityService) ListWatched(ctx context.Context, user string, opts *ListOptions) ([]*Repository, *Response, error) {
 	var u string
 	if user != "" {
@@ -84,7 +89,9 @@ func (s *ActivityService) ListWatched(ctx context.Context, user string, opts *Li
 // repository for the authenticated user. If the authenticated user is not
 // watching the repository, a nil Subscription is returned.
 //
-// GitHub API docs: https://docs.github.com/en/rest/activity/watching#get-a-repository-subscription
+// GitHub API docs: https://docs.github.com/rest/activity/watching#get-a-repository-subscription
+//
+//meta:operation GET /repos/{owner}/{repo}/subscription
 func (s *ActivityService) GetRepositorySubscription(ctx context.Context, owner, repo string) (*Subscription, *Response, error) {
 	u := fmt.Sprintf("repos/%s/%s/subscription", owner, repo)
 
@@ -111,7 +118,9 @@ func (s *ActivityService) GetRepositorySubscription(ctx context.Context, owner,
 // To ignore notifications made within a repository, set subscription.Ignored to true.
 // To stop watching a repository, use DeleteRepositorySubscription.
 //
-// GitHub API docs: https://docs.github.com/en/rest/activity/watching#set-a-repository-subscription
+// GitHub API docs: https://docs.github.com/rest/activity/watching#set-a-repository-subscription
+//
+//meta:operation PUT /repos/{owner}/{repo}/subscription
 func (s *ActivityService) SetRepositorySubscription(ctx context.Context, owner, repo string, subscription *Subscription) (*Subscription, *Response, error) {
 	u := fmt.Sprintf("repos/%s/%s/subscription", owner, repo)
 
@@ -135,7 +144,9 @@ func (s *ActivityService) SetRepositorySubscription(ctx context.Context, owner,
 // This is used to stop watching a repository. To control whether or not to
 // receive notifications from a repository, use SetRepositorySubscription.
 //
-// GitHub API docs: https://docs.github.com/en/rest/activity/watching#delete-a-repository-subscription
+// GitHub API docs: https://docs.github.com/rest/activity/watching#delete-a-repository-subscription
+//
+//meta:operation DELETE /repos/{owner}/{repo}/subscription
 func (s *ActivityService) DeleteRepositorySubscription(ctx context.Context, owner, repo string) (*Response, error) {
 	u := fmt.Sprintf("repos/%s/%s/subscription", owner, repo)
 	req, err := s.client.NewRequest("DELETE", u, nil)
diff --git a/vendor/github.com/google/go-github/v56/github/admin.go b/vendor/github.com/google/go-github/v57/github/admin.go
similarity index 89%
rename from vendor/github.com/google/go-github/v56/github/admin.go
rename to vendor/github.com/google/go-github/v57/github/admin.go
index 1b28ef64c7d..8eee9854c11 100644
--- a/vendor/github.com/google/go-github/v56/github/admin.go
+++ b/vendor/github.com/google/go-github/v57/github/admin.go
@@ -14,7 +14,7 @@ import (
 // GitHub API. These API routes are normally only accessible for GitHub
 // Enterprise installations.
 //
-// GitHub API docs: https://docs.github.com/en/rest/enterprise-admin
+// GitHub API docs: https://docs.github.com/rest/enterprise-admin
 type AdminService service
 
 // TeamLDAPMapping represents the mapping between a GitHub team and an LDAP group.
@@ -82,7 +82,9 @@ func (m Enterprise) String() string {
 
 // UpdateUserLDAPMapping updates the mapping between a GitHub user and an LDAP user.
 //
-// GitHub API docs: https://docs.github.com/en/enterprise-server/rest/enterprise-admin/ldap#update-ldap-mapping-for-a-user
+// GitHub API docs: https://docs.github.com/enterprise-server@3.10/rest/enterprise-admin/ldap#update-ldap-mapping-for-a-user
+//
+//meta:operation PATCH /admin/ldap/users/{username}/mapping
 func (s *AdminService) UpdateUserLDAPMapping(ctx context.Context, user string, mapping *UserLDAPMapping) (*UserLDAPMapping, *Response, error) {
 	u := fmt.Sprintf("admin/ldap/users/%v/mapping", user)
 	req, err := s.client.NewRequest("PATCH", u, mapping)
@@ -101,7 +103,9 @@ func (s *AdminService) UpdateUserLDAPMapping(ctx context.Context, user string, m
 
 // UpdateTeamLDAPMapping updates the mapping between a GitHub team and an LDAP group.
 //
-// GitHub API docs: https://docs.github.com/en/rest/enterprise/ldap/#update-ldap-mapping-for-a-team
+// GitHub API docs: https://docs.github.com/enterprise-server@3.10/rest/enterprise-admin/ldap#update-ldap-mapping-for-a-team
+//
+//meta:operation PATCH /admin/ldap/teams/{team_id}/mapping
 func (s *AdminService) UpdateTeamLDAPMapping(ctx context.Context, team int64, mapping *TeamLDAPMapping) (*TeamLDAPMapping, *Response, error) {
 	u := fmt.Sprintf("admin/ldap/teams/%v/mapping", team)
 	req, err := s.client.NewRequest("PATCH", u, mapping)
diff --git a/vendor/github.com/google/go-github/v56/github/admin_orgs.go b/vendor/github.com/google/go-github/v57/github/admin_orgs.go
similarity index 81%
rename from vendor/github.com/google/go-github/v56/github/admin_orgs.go
rename to vendor/github.com/google/go-github/v57/github/admin_orgs.go
index 448e51f631e..c734d4de12f 100644
--- a/vendor/github.com/google/go-github/v56/github/admin_orgs.go
+++ b/vendor/github.com/google/go-github/v57/github/admin_orgs.go
@@ -22,7 +22,9 @@ type createOrgRequest struct {
 // Note that only a subset of the org fields are used and org must
 // not be nil.
 //
-// GitHub Enterprise API docs: https://developer.github.com/enterprise/v3/enterprise-admin/orgs/#create-an-organization
+// GitHub API docs: https://docs.github.com/enterprise-server@3.10/rest/enterprise-admin/orgs#create-an-organization
+//
+//meta:operation POST /admin/organizations
 func (s *AdminService) CreateOrg(ctx context.Context, org *Organization, admin string) (*Organization, *Response, error) {
 	u := "admin/organizations"
 
@@ -59,14 +61,18 @@ type RenameOrgResponse struct {
 
 // RenameOrg renames an organization in GitHub Enterprise.
 //
-// GitHub Enterprise API docs: https://developer.github.com/enterprise/v3/enterprise-admin/orgs/#rename-an-organization
+// GitHub API docs: https://docs.github.com/enterprise-server@3.10/rest/enterprise-admin/orgs#update-an-organization-name
+//
+//meta:operation PATCH /admin/organizations/{org}
 func (s *AdminService) RenameOrg(ctx context.Context, org *Organization, newName string) (*RenameOrgResponse, *Response, error) {
 	return s.RenameOrgByName(ctx, *org.Login, newName)
 }
 
 // RenameOrgByName renames an organization in GitHub Enterprise using its current name.
 //
-// GitHub Enterprise API docs: https://developer.github.com/enterprise/v3/enterprise-admin/orgs/#rename-an-organization
+// GitHub API docs: https://docs.github.com/enterprise-server@3.10/rest/enterprise-admin/orgs#update-an-organization-name
+//
+//meta:operation PATCH /admin/organizations/{org}
 func (s *AdminService) RenameOrgByName(ctx context.Context, org, newName string) (*RenameOrgResponse, *Response, error) {
 	u := fmt.Sprintf("admin/organizations/%v", org)
 
diff --git a/vendor/github.com/google/go-github/v56/github/admin_stats.go b/vendor/github.com/google/go-github/v57/github/admin_stats.go
similarity index 96%
rename from vendor/github.com/google/go-github/v56/github/admin_stats.go
rename to vendor/github.com/google/go-github/v57/github/admin_stats.go
index 17e568f62b2..aa23f5d1995 100644
--- a/vendor/github.com/google/go-github/v56/github/admin_stats.go
+++ b/vendor/github.com/google/go-github/v57/github/admin_stats.go
@@ -152,7 +152,9 @@ func (s RepoStats) String() string {
 // Please note that this is only available to site administrators,
 // otherwise it will error with a 404 not found (instead of 401 or 403).
 //
-// GitHub API docs: https://docs.github.com/en/rest/enterprise-admin/admin_stats/
+// GitHub API docs: https://docs.github.com/enterprise-server@3.10/rest/enterprise-admin/admin-stats#get-all-statistics
+//
+//meta:operation GET /enterprise/stats/all
 func (s *AdminService) GetAdminStats(ctx context.Context) (*AdminStats, *Response, error) {
 	u := "enterprise/stats/all"
 	req, err := s.client.NewRequest("GET", u, nil)
diff --git a/vendor/github.com/google/go-github/v56/github/admin_users.go b/vendor/github.com/google/go-github/v57/github/admin_users.go
similarity index 83%
rename from vendor/github.com/google/go-github/v56/github/admin_users.go
rename to vendor/github.com/google/go-github/v57/github/admin_users.go
index d756a77e20d..3916a470b04 100644
--- a/vendor/github.com/google/go-github/v56/github/admin_users.go
+++ b/vendor/github.com/google/go-github/v57/github/admin_users.go
@@ -19,7 +19,9 @@ type createUserRequest struct {
 
 // CreateUser creates a new user in GitHub Enterprise.
 //
-// GitHub Enterprise API docs: https://developer.github.com/enterprise/v3/enterprise-admin/users/#create-a-new-user
+// GitHub API docs: https://docs.github.com/enterprise-server@3.10/rest/enterprise-admin/users#create-a-user
+//
+//meta:operation POST /admin/users
 func (s *AdminService) CreateUser(ctx context.Context, login, email string) (*User, *Response, error) {
 	u := "admin/users"
 
@@ -44,7 +46,9 @@ func (s *AdminService) CreateUser(ctx context.Context, login, email string) (*Us
 
 // DeleteUser deletes a user in GitHub Enterprise.
 //
-// GitHub Enterprise API docs: https://developer.github.com/enterprise/v3/enterprise-admin/users/#delete-a-user
+// GitHub API docs: https://docs.github.com/enterprise-server@3.10/rest/enterprise-admin/users#delete-a-user
+//
+//meta:operation DELETE /admin/users/{username}
 func (s *AdminService) DeleteUser(ctx context.Context, username string) (*Response, error) {
 	u := "admin/users/" + username
 
@@ -95,7 +99,9 @@ type UserAuthorization struct {
 
 // CreateUserImpersonation creates an impersonation OAuth token.
 //
-// GitHub Enterprise API docs: https://developer.github.com/enterprise/v3/enterprise-admin/users/#create-an-impersonation-oauth-token
+// GitHub API docs: https://docs.github.com/enterprise-server@3.10/rest/enterprise-admin/users#create-an-impersonation-oauth-token
+//
+//meta:operation POST /admin/users/{username}/authorizations
 func (s *AdminService) CreateUserImpersonation(ctx context.Context, username string, opts *ImpersonateUserOptions) (*UserAuthorization, *Response, error) {
 	u := fmt.Sprintf("admin/users/%s/authorizations", username)
 
@@ -115,7 +121,9 @@ func (s *AdminService) CreateUserImpersonation(ctx context.Context, username str
 
 // DeleteUserImpersonation deletes an impersonation OAuth token.
 //
-// GitHub Enterprise API docs: https://developer.github.com/enterprise/v3/enterprise-admin/users/#delete-an-impersonation-oauth-token
+// GitHub API docs: https://docs.github.com/enterprise-server@3.10/rest/enterprise-admin/users#delete-an-impersonation-oauth-token
+//
+//meta:operation DELETE /admin/users/{username}/authorizations
 func (s *AdminService) DeleteUserImpersonation(ctx context.Context, username string) (*Response, error) {
 	u := fmt.Sprintf("admin/users/%s/authorizations", username)
 
diff --git a/vendor/github.com/google/go-github/v56/github/apps.go b/vendor/github.com/google/go-github/v57/github/apps.go
similarity index 84%
rename from vendor/github.com/google/go-github/v56/github/apps.go
rename to vendor/github.com/google/go-github/v57/github/apps.go
index 8965e66815c..f0392f2d706 100644
--- a/vendor/github.com/google/go-github/v56/github/apps.go
+++ b/vendor/github.com/google/go-github/v57/github/apps.go
@@ -13,7 +13,7 @@ import (
 // AppsService provides access to the installation related functions
 // in the GitHub API.
 //
-// GitHub API docs: https://docs.github.com/en/rest/apps/
+// GitHub API docs: https://docs.github.com/rest/apps/
 type AppsService service
 
 // App represents a GitHub App.
@@ -60,8 +60,8 @@ type InstallationTokenOptions struct {
 //
 // Permission names taken from:
 //
-//	https://docs.github.com/en/enterprise-server@3.0/rest/apps#create-an-installation-access-token-for-an-app
-//	https://docs.github.com/en/rest/apps#create-an-installation-access-token-for-an-app
+//	https://docs.github.com/enterprise-server@3.0/rest/apps#create-an-installation-access-token-for-an-app
+//	https://docs.github.com/rest/apps#create-an-installation-access-token-for-an-app
 type InstallationPermissions struct {
 	Actions                       *string `json:"actions,omitempty"`
 	Administration                *string `json:"administration,omitempty"`
@@ -160,8 +160,11 @@ func (i Installation) String() string {
 // You can find this on the settings page for your GitHub App
 // (e.g., https://github.com/settings/apps/:app_slug).
 //
-// GitHub API docs: https://docs.github.com/en/rest/apps/apps#get-the-authenticated-app
-// GitHub API docs: https://docs.github.com/en/rest/apps/apps#get-an-app
+// GitHub API docs: https://docs.github.com/rest/apps/apps#get-an-app
+// GitHub API docs: https://docs.github.com/rest/apps/apps#get-the-authenticated-app
+//
+//meta:operation GET /app
+//meta:operation GET /apps/{app_slug}
 func (s *AppsService) Get(ctx context.Context, appSlug string) (*App, *Response, error) {
 	var u string
 	if appSlug != "" {
@@ -186,7 +189,9 @@ func (s *AppsService) Get(ctx context.Context, appSlug string) (*App, *Response,
 
 // ListInstallationRequests lists the pending installation requests that the current GitHub App has.
 //
-// GitHub API docs: https://docs.github.com/en/rest/apps/apps#list-installation-requests-for-the-authenticated-app
+// GitHub API docs: https://docs.github.com/rest/apps/apps#list-installation-requests-for-the-authenticated-app
+//
+//meta:operation GET /app/installation-requests
 func (s *AppsService) ListInstallationRequests(ctx context.Context, opts *ListOptions) ([]*InstallationRequest, *Response, error) {
 	u, err := addOptions("app/installation-requests", opts)
 	if err != nil {
@@ -209,7 +214,9 @@ func (s *AppsService) ListInstallationRequests(ctx context.Context, opts *ListOp
 
 // ListInstallations lists the installations that the current GitHub App has.
 //
-// GitHub API docs: https://docs.github.com/en/rest/apps/apps#list-installations-for-the-authenticated-app
+// GitHub API docs: https://docs.github.com/rest/apps/apps#list-installations-for-the-authenticated-app
+//
+//meta:operation GET /app/installations
 func (s *AppsService) ListInstallations(ctx context.Context, opts *ListOptions) ([]*Installation, *Response, error) {
 	u, err := addOptions("app/installations", opts)
 	if err != nil {
@@ -232,14 +239,18 @@ func (s *AppsService) ListInstallations(ctx context.Context, opts *ListOptions)
 
 // GetInstallation returns the specified installation.
 //
-// GitHub API docs: https://docs.github.com/en/rest/apps/apps#get-an-installation-for-the-authenticated-app
+// GitHub API docs: https://docs.github.com/rest/apps/apps#get-an-installation-for-the-authenticated-app
+//
+//meta:operation GET /app/installations/{installation_id}
 func (s *AppsService) GetInstallation(ctx context.Context, id int64) (*Installation, *Response, error) {
 	return s.getInstallation(ctx, fmt.Sprintf("app/installations/%v", id))
 }
 
 // ListUserInstallations lists installations that are accessible to the authenticated user.
 //
-// GitHub API docs: https://docs.github.com/en/rest/apps/installations#list-app-installations-accessible-to-the-user-access-token
+// GitHub API docs: https://docs.github.com/rest/apps/installations#list-app-installations-accessible-to-the-user-access-token
+//
+//meta:operation GET /user/installations
 func (s *AppsService) ListUserInstallations(ctx context.Context, opts *ListOptions) ([]*Installation, *Response, error) {
 	u, err := addOptions("user/installations", opts)
 	if err != nil {
@@ -264,7 +275,9 @@ func (s *AppsService) ListUserInstallations(ctx context.Context, opts *ListOptio
 
 // SuspendInstallation suspends the specified installation.
 //
-// GitHub API docs: https://docs.github.com/en/rest/apps/apps#suspend-an-app-installation
+// GitHub API docs: https://docs.github.com/rest/apps/apps#suspend-an-app-installation
+//
+//meta:operation PUT /app/installations/{installation_id}/suspended
 func (s *AppsService) SuspendInstallation(ctx context.Context, id int64) (*Response, error) {
 	u := fmt.Sprintf("app/installations/%v/suspended", id)
 
@@ -278,7 +291,9 @@ func (s *AppsService) SuspendInstallation(ctx context.Context, id int64) (*Respo
 
 // UnsuspendInstallation unsuspends the specified installation.
 //
-// GitHub API docs: https://docs.github.com/en/rest/apps/apps#unsuspend-an-app-installation
+// GitHub API docs: https://docs.github.com/rest/apps/apps#unsuspend-an-app-installation
+//
+//meta:operation DELETE /app/installations/{installation_id}/suspended
 func (s *AppsService) UnsuspendInstallation(ctx context.Context, id int64) (*Response, error) {
 	u := fmt.Sprintf("app/installations/%v/suspended", id)
 
@@ -292,7 +307,9 @@ func (s *AppsService) UnsuspendInstallation(ctx context.Context, id int64) (*Res
 
 // DeleteInstallation deletes the specified installation.
 //
-// GitHub API docs: https://docs.github.com/en/rest/apps/apps#delete-an-installation-for-the-authenticated-app
+// GitHub API docs: https://docs.github.com/rest/apps/apps#delete-an-installation-for-the-authenticated-app
+//
+//meta:operation DELETE /app/installations/{installation_id}
 func (s *AppsService) DeleteInstallation(ctx context.Context, id int64) (*Response, error) {
 	u := fmt.Sprintf("app/installations/%v", id)
 
@@ -306,7 +323,9 @@ func (s *AppsService) DeleteInstallation(ctx context.Context, id int64) (*Respon
 
 // CreateInstallationToken creates a new installation token.
 //
-// GitHub API docs: https://docs.github.com/en/rest/apps/apps#create-an-installation-access-token-for-an-app
+// GitHub API docs: https://docs.github.com/rest/apps/apps#create-an-installation-access-token-for-an-app
+//
+//meta:operation POST /app/installations/{installation_id}/access_tokens
 func (s *AppsService) CreateInstallationToken(ctx context.Context, id int64, opts *InstallationTokenOptions) (*InstallationToken, *Response, error) {
 	u := fmt.Sprintf("app/installations/%v/access_tokens", id)
 
@@ -326,7 +345,9 @@ func (s *AppsService) CreateInstallationToken(ctx context.Context, id int64, opt
 
 // CreateAttachment creates a new attachment on user comment containing a url.
 //
-// TODO: Find GitHub API docs.
+// GitHub API docs: https://docs.github.com/enterprise-server@3.3/rest/reference/apps#create-a-content-attachment
+//
+//meta:operation POST /repos/{owner}/{repo}/content_references/{content_reference_id}/attachments
 func (s *AppsService) CreateAttachment(ctx context.Context, contentReferenceID int64, title, body string) (*Attachment, *Response, error) {
 	u := fmt.Sprintf("content_references/%v/attachments", contentReferenceID)
 	payload := &Attachment{Title: String(title), Body: String(body)}
@@ -349,28 +370,36 @@ func (s *AppsService) CreateAttachment(ctx context.Context, contentReferenceID i
 
 // FindOrganizationInstallation finds the organization's installation information.
 //
-// GitHub API docs: https://docs.github.com/en/rest/apps/apps#get-an-organization-installation-for-the-authenticated-app
+// GitHub API docs: https://docs.github.com/rest/apps/apps#get-an-organization-installation-for-the-authenticated-app
+//
+//meta:operation GET /orgs/{org}/installation
 func (s *AppsService) FindOrganizationInstallation(ctx context.Context, org string) (*Installation, *Response, error) {
 	return s.getInstallation(ctx, fmt.Sprintf("orgs/%v/installation", org))
 }
 
 // FindRepositoryInstallation finds the repository's installation information.
 //
-// GitHub API docs: https://docs.github.com/en/rest/apps/apps#get-a-repository-installation-for-the-authenticated-app
+// GitHub API docs: https://docs.github.com/rest/apps/apps#get-a-repository-installation-for-the-authenticated-app
+//
+//meta:operation GET /repos/{owner}/{repo}/installation
 func (s *AppsService) FindRepositoryInstallation(ctx context.Context, owner, repo string) (*Installation, *Response, error) {
 	return s.getInstallation(ctx, fmt.Sprintf("repos/%v/%v/installation", owner, repo))
 }
 
 // FindRepositoryInstallationByID finds the repository's installation information.
 //
-// Note: FindRepositoryInstallationByID uses the undocumented GitHub API endpoint /repositories/:id/installation.
+// Note: FindRepositoryInstallationByID uses the undocumented GitHub API endpoint "GET /repositories/{repository_id}/installation".
+//
+//meta:operation GET /repositories/{repository_id}/installation
 func (s *AppsService) FindRepositoryInstallationByID(ctx context.Context, id int64) (*Installation, *Response, error) {
 	return s.getInstallation(ctx, fmt.Sprintf("repositories/%d/installation", id))
 }
 
 // FindUserInstallation finds the user's installation information.
 //
-// GitHub API docs: https://docs.github.com/en/rest/apps/apps#get-a-user-installation-for-the-authenticated-app
+// GitHub API docs: https://docs.github.com/rest/apps/apps#get-a-user-installation-for-the-authenticated-app
+//
+//meta:operation GET /users/{username}/installation
 func (s *AppsService) FindUserInstallation(ctx context.Context, user string) (*Installation, *Response, error) {
 	return s.getInstallation(ctx, fmt.Sprintf("users/%v/installation", user))
 }
diff --git a/vendor/github.com/google/go-github/v56/github/apps_hooks.go b/vendor/github.com/google/go-github/v57/github/apps_hooks.go
similarity index 80%
rename from vendor/github.com/google/go-github/v56/github/apps_hooks.go
rename to vendor/github.com/google/go-github/v57/github/apps_hooks.go
index e3bd2afc032..6046827ef06 100644
--- a/vendor/github.com/google/go-github/v56/github/apps_hooks.go
+++ b/vendor/github.com/google/go-github/v57/github/apps_hooks.go
@@ -12,7 +12,9 @@ import (
 // GetHookConfig returns the webhook configuration for a GitHub App.
 // The underlying transport must be authenticated as an app.
 //
-// GitHub API docs: https://docs.github.com/en/rest/apps#get-a-webhook-configuration-for-an-app
+// GitHub API docs: https://docs.github.com/rest/apps/webhooks#get-a-webhook-configuration-for-an-app
+//
+//meta:operation GET /app/hook/config
 func (s *AppsService) GetHookConfig(ctx context.Context) (*HookConfig, *Response, error) {
 	req, err := s.client.NewRequest("GET", "app/hook/config", nil)
 	if err != nil {
@@ -31,7 +33,9 @@ func (s *AppsService) GetHookConfig(ctx context.Context) (*HookConfig, *Response
 // UpdateHookConfig updates the webhook configuration for a GitHub App.
 // The underlying transport must be authenticated as an app.
 //
-// GitHub API docs: https://docs.github.com/en/rest/apps#update-a-webhook-configuration-for-an-app
+// GitHub API docs: https://docs.github.com/rest/apps/webhooks#update-a-webhook-configuration-for-an-app
+//
+//meta:operation PATCH /app/hook/config
 func (s *AppsService) UpdateHookConfig(ctx context.Context, config *HookConfig) (*HookConfig, *Response, error) {
 	req, err := s.client.NewRequest("PATCH", "app/hook/config", config)
 	if err != nil {
diff --git a/vendor/github.com/google/go-github/v56/github/apps_hooks_deliveries.go b/vendor/github.com/google/go-github/v57/github/apps_hooks_deliveries.go
similarity index 78%
rename from vendor/github.com/google/go-github/v56/github/apps_hooks_deliveries.go
rename to vendor/github.com/google/go-github/v57/github/apps_hooks_deliveries.go
index 33102f36d2b..59800a0ae43 100644
--- a/vendor/github.com/google/go-github/v56/github/apps_hooks_deliveries.go
+++ b/vendor/github.com/google/go-github/v57/github/apps_hooks_deliveries.go
@@ -12,7 +12,9 @@ import (
 
 // ListHookDeliveries lists deliveries of an App webhook.
 //
-// GitHub API docs: https://docs.github.com/en/rest/apps/webhooks#list-deliveries-for-an-app-webhook
+// GitHub API docs: https://docs.github.com/rest/apps/webhooks#list-deliveries-for-an-app-webhook
+//
+//meta:operation GET /app/hook/deliveries
 func (s *AppsService) ListHookDeliveries(ctx context.Context, opts *ListCursorOptions) ([]*HookDelivery, *Response, error) {
 	u, err := addOptions("app/hook/deliveries", opts)
 	if err != nil {
@@ -35,7 +37,9 @@ func (s *AppsService) ListHookDeliveries(ctx context.Context, opts *ListCursorOp
 
 // GetHookDelivery returns the App webhook delivery with the specified ID.
 //
-// GitHub API docs: https://docs.github.com/en/rest/apps/webhooks#get-a-delivery-for-an-app-webhook
+// GitHub API docs: https://docs.github.com/rest/apps/webhooks#get-a-delivery-for-an-app-webhook
+//
+//meta:operation GET /app/hook/deliveries/{delivery_id}
 func (s *AppsService) GetHookDelivery(ctx context.Context, deliveryID int64) (*HookDelivery, *Response, error) {
 	u := fmt.Sprintf("app/hook/deliveries/%v", deliveryID)
 	req, err := s.client.NewRequest("GET", u, nil)
@@ -54,7 +58,9 @@ func (s *AppsService) GetHookDelivery(ctx context.Context, deliveryID int64) (*H
 
 // RedeliverHookDelivery redelivers a delivery for an App webhook.
 //
-// GitHub API docs: https://docs.github.com/en/rest/apps/webhooks#redeliver-a-delivery-for-an-app-webhook
+// GitHub API docs: https://docs.github.com/rest/apps/webhooks#redeliver-a-delivery-for-an-app-webhook
+//
+//meta:operation POST /app/hook/deliveries/{delivery_id}/attempts
 func (s *AppsService) RedeliverHookDelivery(ctx context.Context, deliveryID int64) (*HookDelivery, *Response, error) {
 	u := fmt.Sprintf("app/hook/deliveries/%v/attempts", deliveryID)
 	req, err := s.client.NewRequest("POST", u, nil)
diff --git a/vendor/github.com/google/go-github/v56/github/apps_installation.go b/vendor/github.com/google/go-github/v57/github/apps_installation.go
similarity index 77%
rename from vendor/github.com/google/go-github/v56/github/apps_installation.go
rename to vendor/github.com/google/go-github/v57/github/apps_installation.go
index b619080713f..d430511d074 100644
--- a/vendor/github.com/google/go-github/v56/github/apps_installation.go
+++ b/vendor/github.com/google/go-github/v57/github/apps_installation.go
@@ -19,7 +19,9 @@ type ListRepositories struct {
 
 // ListRepos lists the repositories that are accessible to the authenticated installation.
 //
-// GitHub API docs: https://docs.github.com/en/rest/apps/installations#list-repositories-accessible-to-the-app-installation
+// GitHub API docs: https://docs.github.com/rest/apps/installations#list-repositories-accessible-to-the-app-installation
+//
+//meta:operation GET /installation/repositories
 func (s *AppsService) ListRepos(ctx context.Context, opts *ListOptions) (*ListRepositories, *Response, error) {
 	u, err := addOptions("installation/repositories", opts)
 	if err != nil {
@@ -52,7 +54,9 @@ func (s *AppsService) ListRepos(ctx context.Context, opts *ListOptions) (*ListRe
 // ListUserRepos lists repositories that are accessible
 // to the authenticated user for an installation.
 //
-// GitHub API docs: https://docs.github.com/en/rest/apps/installations#list-repositories-accessible-to-the-user-access-token
+// GitHub API docs: https://docs.github.com/rest/apps/installations#list-repositories-accessible-to-the-user-access-token
+//
+//meta:operation GET /user/installations/{installation_id}/repositories
 func (s *AppsService) ListUserRepos(ctx context.Context, id int64, opts *ListOptions) (*ListRepositories, *Response, error) {
 	u := fmt.Sprintf("user/installations/%v/repositories", id)
 	u, err := addOptions(u, opts)
@@ -84,7 +88,9 @@ func (s *AppsService) ListUserRepos(ctx context.Context, id int64, opts *ListOpt
 
 // AddRepository adds a single repository to an installation.
 //
-// GitHub API docs: https://docs.github.com/en/rest/apps/installations#add-a-repository-to-an-app-installation
+// GitHub API docs: https://docs.github.com/rest/apps/installations#add-a-repository-to-an-app-installation
+//
+//meta:operation PUT /user/installations/{installation_id}/repositories/{repository_id}
 func (s *AppsService) AddRepository(ctx context.Context, instID, repoID int64) (*Repository, *Response, error) {
 	u := fmt.Sprintf("user/installations/%v/repositories/%v", instID, repoID)
 	req, err := s.client.NewRequest("PUT", u, nil)
@@ -103,7 +109,9 @@ func (s *AppsService) AddRepository(ctx context.Context, instID, repoID int64) (
 
 // RemoveRepository removes a single repository from an installation.
 //
-// GitHub API docs: https://docs.github.com/en/rest/apps/installations#remove-a-repository-from-an-app-installation
+// GitHub API docs: https://docs.github.com/rest/apps/installations#remove-a-repository-from-an-app-installation
+//
+//meta:operation DELETE /user/installations/{installation_id}/repositories/{repository_id}
 func (s *AppsService) RemoveRepository(ctx context.Context, instID, repoID int64) (*Response, error) {
 	u := fmt.Sprintf("user/installations/%v/repositories/%v", instID, repoID)
 	req, err := s.client.NewRequest("DELETE", u, nil)
@@ -116,7 +124,9 @@ func (s *AppsService) RemoveRepository(ctx context.Context, instID, repoID int64
 
 // RevokeInstallationToken revokes an installation token.
 //
-// GitHub API docs: https://docs.github.com/en/rest/apps/installations#revoke-an-installation-access-token
+// GitHub API docs: https://docs.github.com/rest/apps/installations#revoke-an-installation-access-token
+//
+//meta:operation DELETE /installation/token
 func (s *AppsService) RevokeInstallationToken(ctx context.Context) (*Response, error) {
 	u := "installation/token"
 	req, err := s.client.NewRequest("DELETE", u, nil)
diff --git a/vendor/github.com/google/go-github/v56/github/apps_manifest.go b/vendor/github.com/google/go-github/v57/github/apps_manifest.go
similarity index 90%
rename from vendor/github.com/google/go-github/v56/github/apps_manifest.go
rename to vendor/github.com/google/go-github/v57/github/apps_manifest.go
index fa4c85379ca..5b6ff9af414 100644
--- a/vendor/github.com/google/go-github/v56/github/apps_manifest.go
+++ b/vendor/github.com/google/go-github/v57/github/apps_manifest.go
@@ -31,7 +31,9 @@ type AppConfig struct {
 // CompleteAppManifest completes the App manifest handshake flow for the given
 // code.
 //
-// GitHub API docs: https://docs.github.com/en/rest/apps/apps#create-a-github-app-from-a-manifest
+// GitHub API docs: https://docs.github.com/rest/apps/apps#create-a-github-app-from-a-manifest
+//
+//meta:operation POST /app-manifests/{code}/conversions
 func (s *AppsService) CompleteAppManifest(ctx context.Context, code string) (*AppConfig, *Response, error) {
 	u := fmt.Sprintf("app-manifests/%s/conversions", code)
 	req, err := s.client.NewRequest("POST", u, nil)
diff --git a/vendor/github.com/google/go-github/v56/github/apps_marketplace.go b/vendor/github.com/google/go-github/v57/github/apps_marketplace.go
similarity index 81%
rename from vendor/github.com/google/go-github/v56/github/apps_marketplace.go
rename to vendor/github.com/google/go-github/v57/github/apps_marketplace.go
index 32889abd240..976775a79a0 100644
--- a/vendor/github.com/google/go-github/v56/github/apps_marketplace.go
+++ b/vendor/github.com/google/go-github/v57/github/apps_marketplace.go
@@ -13,7 +13,7 @@ import (
 // MarketplaceService handles communication with the marketplace related
 // methods of the GitHub API.
 //
-// GitHub API docs: https://docs.github.com/en/rest/apps#marketplace
+// GitHub API docs: https://docs.github.com/rest/apps#marketplace
 type MarketplaceService struct {
 	client *Client
 	// Stubbed controls whether endpoints that return stubbed data are used
@@ -21,7 +21,7 @@ type MarketplaceService struct {
 	// for testing your GitHub Apps. Stubbed data is hard-coded and will not
 	// change based on actual subscriptions.
 	//
-	// GitHub API docs: https://docs.github.com/en/rest/apps#testing-with-stubbed-endpoints
+	// GitHub API docs: https://docs.github.com/rest/apps#testing-with-stubbed-endpoints
 	Stubbed bool
 }
 
@@ -89,7 +89,11 @@ type MarketplacePurchaseAccount struct {
 
 // ListPlans lists all plans for your Marketplace listing.
 //
-// GitHub API docs: https://docs.github.com/en/rest/apps#list-plans
+// GitHub API docs: https://docs.github.com/rest/apps/marketplace#list-plans
+// GitHub API docs: https://docs.github.com/rest/apps/marketplace#list-plans-stubbed
+//
+//meta:operation GET /marketplace_listing/plans
+//meta:operation GET /marketplace_listing/stubbed/plans
 func (s *MarketplaceService) ListPlans(ctx context.Context, opts *ListOptions) ([]*MarketplacePlan, *Response, error) {
 	uri := s.marketplaceURI("plans")
 	u, err := addOptions(uri, opts)
@@ -113,7 +117,11 @@ func (s *MarketplaceService) ListPlans(ctx context.Context, opts *ListOptions) (
 
 // ListPlanAccountsForPlan lists all GitHub accounts (user or organization) on a specific plan.
 //
-// GitHub API docs: https://docs.github.com/en/rest/apps#list-accounts-for-a-plan
+// GitHub API docs: https://docs.github.com/rest/apps/marketplace#list-accounts-for-a-plan
+// GitHub API docs: https://docs.github.com/rest/apps/marketplace#list-accounts-for-a-plan-stubbed
+//
+//meta:operation GET /marketplace_listing/plans/{plan_id}/accounts
+//meta:operation GET /marketplace_listing/stubbed/plans/{plan_id}/accounts
 func (s *MarketplaceService) ListPlanAccountsForPlan(ctx context.Context, planID int64, opts *ListOptions) ([]*MarketplacePlanAccount, *Response, error) {
 	uri := s.marketplaceURI(fmt.Sprintf("plans/%v/accounts", planID))
 	u, err := addOptions(uri, opts)
@@ -137,7 +145,11 @@ func (s *MarketplaceService) ListPlanAccountsForPlan(ctx context.Context, planID
 
 // GetPlanAccountForAccount get GitHub account (user or organization) associated with an account.
 //
-// GitHub API docs: https://docs.github.com/en/rest/apps#get-a-subscription-plan-for-an-account
+// GitHub API docs: https://docs.github.com/rest/apps/marketplace#get-a-subscription-plan-for-an-account
+// GitHub API docs: https://docs.github.com/rest/apps/marketplace#get-a-subscription-plan-for-an-account-stubbed
+//
+//meta:operation GET /marketplace_listing/accounts/{account_id}
+//meta:operation GET /marketplace_listing/stubbed/accounts/{account_id}
 func (s *MarketplaceService) GetPlanAccountForAccount(ctx context.Context, accountID int64) (*MarketplacePlanAccount, *Response, error) {
 	uri := s.marketplaceURI(fmt.Sprintf("accounts/%v", accountID))
 
@@ -157,8 +169,11 @@ func (s *MarketplaceService) GetPlanAccountForAccount(ctx context.Context, accou
 
 // ListMarketplacePurchasesForUser lists all GitHub marketplace purchases made by a user.
 //
-// GitHub API docs: https://docs.github.com/en/rest/apps/marketplace#list-subscriptions-for-the-authenticated-user-stubbed
-// GitHub API docs: https://docs.github.com/en/rest/apps/marketplace#list-subscriptions-for-the-authenticated-user
+// GitHub API docs: https://docs.github.com/rest/apps/marketplace#list-subscriptions-for-the-authenticated-user
+// GitHub API docs: https://docs.github.com/rest/apps/marketplace#list-subscriptions-for-the-authenticated-user-stubbed
+//
+//meta:operation GET /user/marketplace_purchases
+//meta:operation GET /user/marketplace_purchases/stubbed
 func (s *MarketplaceService) ListMarketplacePurchasesForUser(ctx context.Context, opts *ListOptions) ([]*MarketplacePurchase, *Response, error) {
 	uri := "user/marketplace_purchases"
 	if s.Stubbed {
diff --git a/vendor/github.com/google/go-github/v56/github/authorizations.go b/vendor/github.com/google/go-github/v57/github/authorizations.go
similarity index 88%
rename from vendor/github.com/google/go-github/v56/github/authorizations.go
rename to vendor/github.com/google/go-github/v57/github/authorizations.go
index ea0897e3627..7adc5323678 100644
--- a/vendor/github.com/google/go-github/v56/github/authorizations.go
+++ b/vendor/github.com/google/go-github/v57/github/authorizations.go
@@ -12,7 +12,7 @@ import (
 
 // Scope models a GitHub authorization scope.
 //
-// GitHub API docs: https://docs.github.com/en/rest/oauth/#scopes
+// GitHub API docs: https://docs.github.com/rest/oauth/#scopes
 type Scope string
 
 // This is the set of scopes for GitHub API V3
@@ -50,7 +50,7 @@ const (
 // This service requires HTTP Basic Authentication; it cannot be accessed using
 // an OAuth token.
 //
-// GitHub API docs: https://docs.github.com/en/rest/oauth-authorizations
+// GitHub API docs: https://docs.github.com/rest/oauth-authorizations
 type AuthorizationsService service
 
 // Authorization represents an individual GitHub authorization.
@@ -121,7 +121,7 @@ func (a AuthorizationRequest) String() string {
 // fields. That is, you may provide only one of "Scopes", or "AddScopes", or
 // "RemoveScopes".
 //
-// GitHub API docs: https://docs.github.com/en/rest/oauth-authorizations#update-an-existing-authorization
+// GitHub API docs: https://docs.github.com/rest/oauth-authorizations#update-an-existing-authorization
 type AuthorizationUpdateRequest struct {
 	Scopes       []string `json:"scopes,omitempty"`
 	AddScopes    []string `json:"add_scopes,omitempty"`
@@ -143,7 +143,9 @@ func (a AuthorizationUpdateRequest) String() string {
 //
 // The returned Authorization.User field will be populated.
 //
-// GitHub API docs: https://docs.github.com/en/rest/apps/oauth-applications#check-a-token
+// GitHub API docs: https://docs.github.com/rest/apps/oauth-applications#check-a-token
+//
+//meta:operation POST /applications/{client_id}/token
 func (s *AuthorizationsService) Check(ctx context.Context, clientID, accessToken string) (*Authorization, *Response, error) {
 	u := fmt.Sprintf("applications/%v/token", clientID)
 
@@ -176,7 +178,9 @@ func (s *AuthorizationsService) Check(ctx context.Context, clientID, accessToken
 //
 // The returned Authorization.User field will be populated.
 //
-// GitHub API docs: https://docs.github.com/en/rest/apps/oauth-applications#reset-a-token
+// GitHub API docs: https://docs.github.com/rest/apps/oauth-applications#reset-a-token
+//
+//meta:operation PATCH /applications/{client_id}/token
 func (s *AuthorizationsService) Reset(ctx context.Context, clientID, accessToken string) (*Authorization, *Response, error) {
 	u := fmt.Sprintf("applications/%v/token", clientID)
 
@@ -205,7 +209,9 @@ func (s *AuthorizationsService) Reset(ctx context.Context, clientID, accessToken
 // username is the OAuth application clientID, and the password is its
 // clientSecret. Invalid tokens will return a 404 Not Found.
 //
-// GitHub API docs: https://docs.github.com/en/rest/apps/oauth-applications#delete-an-app-token
+// GitHub API docs: https://docs.github.com/rest/apps/oauth-applications#delete-an-app-token
+//
+//meta:operation DELETE /applications/{client_id}/token
 func (s *AuthorizationsService) Revoke(ctx context.Context, clientID, accessToken string) (*Response, error) {
 	u := fmt.Sprintf("applications/%v/token", clientID)
 
@@ -226,7 +232,9 @@ func (s *AuthorizationsService) Revoke(ctx context.Context, clientID, accessToke
 // grant will also delete all OAuth tokens associated with the application for
 // the user.
 //
-// GitHub API docs: https://docs.github.com/en/rest/apps/oauth-applications#delete-an-app-authorization
+// GitHub API docs: https://docs.github.com/rest/apps/oauth-applications#delete-an-app-authorization
+//
+//meta:operation DELETE /applications/{client_id}/grant
 func (s *AuthorizationsService) DeleteGrant(ctx context.Context, clientID, accessToken string) (*Response, error) {
 	u := fmt.Sprintf("applications/%v/grant", clientID)
 
@@ -249,7 +257,9 @@ func (s *AuthorizationsService) DeleteGrant(ctx context.Context, clientID, acces
 // you can e.g. create or delete a user's public SSH key. NOTE: creating a
 // new token automatically revokes an existing one.
 //
-// GitHub API docs: https://developer.github.com/enterprise/v3/enterprise-admin/users/#create-an-impersonation-oauth-token
+// GitHub API docs: https://docs.github.com/enterprise-server@3.10/rest/enterprise-admin/users#create-an-impersonation-oauth-token
+//
+//meta:operation POST /admin/users/{username}/authorizations
 func (s *AuthorizationsService) CreateImpersonation(ctx context.Context, username string, authReq *AuthorizationRequest) (*Authorization, *Response, error) {
 	u := fmt.Sprintf("admin/users/%v/authorizations", username)
 	req, err := s.client.NewRequest("POST", u, authReq)
@@ -269,7 +279,9 @@ func (s *AuthorizationsService) CreateImpersonation(ctx context.Context, usernam
 //
 // NOTE: there can be only one at a time.
 //
-// GitHub API docs: https://developer.github.com/enterprise/v3/enterprise-admin/users/#delete-an-impersonation-oauth-token
+// GitHub API docs: https://docs.github.com/enterprise-server@3.10/rest/enterprise-admin/users#delete-an-impersonation-oauth-token
+//
+//meta:operation DELETE /admin/users/{username}/authorizations
 func (s *AuthorizationsService) DeleteImpersonation(ctx context.Context, username string) (*Response, error) {
 	u := fmt.Sprintf("admin/users/%v/authorizations", username)
 	req, err := s.client.NewRequest("DELETE", u, nil)
diff --git a/vendor/github.com/google/go-github/v56/github/billing.go b/vendor/github.com/google/go-github/v57/github/billing.go
similarity index 83%
rename from vendor/github.com/google/go-github/v56/github/billing.go
rename to vendor/github.com/google/go-github/v57/github/billing.go
index 7a76bf86fda..6d7579b884d 100644
--- a/vendor/github.com/google/go-github/v56/github/billing.go
+++ b/vendor/github.com/google/go-github/v57/github/billing.go
@@ -13,7 +13,7 @@ import (
 // BillingService provides access to the billing related functions
 // in the GitHub API.
 //
-// GitHub API docs: https://docs.github.com/en/rest/billing
+// GitHub API docs: https://docs.github.com/rest/billing
 type BillingService service
 
 // ActionBilling represents a GitHub Action billing.
@@ -62,7 +62,9 @@ type AdvancedSecurityCommittersBreakdown struct {
 
 // GetActionsBillingOrg returns the summary of the free and paid GitHub Actions minutes used for an Org.
 //
-// GitHub API docs: https://docs.github.com/en/rest/billing#get-github-actions-billing-for-an-organization
+// GitHub API docs: https://docs.github.com/rest/billing/billing#get-github-actions-billing-for-an-organization
+//
+//meta:operation GET /orgs/{org}/settings/billing/actions
 func (s *BillingService) GetActionsBillingOrg(ctx context.Context, org string) (*ActionBilling, *Response, error) {
 	u := fmt.Sprintf("orgs/%v/settings/billing/actions", org)
 	req, err := s.client.NewRequest("GET", u, nil)
@@ -81,7 +83,9 @@ func (s *BillingService) GetActionsBillingOrg(ctx context.Context, org string) (
 
 // GetPackagesBillingOrg returns the free and paid storage used for GitHub Packages in gigabytes for an Org.
 //
-// GitHub API docs: https://docs.github.com/en/rest/billing#get-github-packages-billing-for-an-organization
+// GitHub API docs: https://docs.github.com/rest/billing/billing#get-github-packages-billing-for-an-organization
+//
+//meta:operation GET /orgs/{org}/settings/billing/packages
 func (s *BillingService) GetPackagesBillingOrg(ctx context.Context, org string) (*PackageBilling, *Response, error) {
 	u := fmt.Sprintf("orgs/%v/settings/billing/packages", org)
 	req, err := s.client.NewRequest("GET", u, nil)
@@ -101,7 +105,9 @@ func (s *BillingService) GetPackagesBillingOrg(ctx context.Context, org string)
 // GetStorageBillingOrg returns the estimated paid and estimated total storage used for GitHub Actions
 // and GitHub Packages in gigabytes for an Org.
 //
-// GitHub API docs: https://docs.github.com/en/rest/billing#get-shared-storage-billing-for-an-organization
+// GitHub API docs: https://docs.github.com/rest/billing/billing#get-shared-storage-billing-for-an-organization
+//
+//meta:operation GET /orgs/{org}/settings/billing/shared-storage
 func (s *BillingService) GetStorageBillingOrg(ctx context.Context, org string) (*StorageBilling, *Response, error) {
 	u := fmt.Sprintf("orgs/%v/settings/billing/shared-storage", org)
 	req, err := s.client.NewRequest("GET", u, nil)
@@ -120,7 +126,9 @@ func (s *BillingService) GetStorageBillingOrg(ctx context.Context, org string) (
 
 // GetAdvancedSecurityActiveCommittersOrg returns the GitHub Advanced Security active committers for an organization per repository.
 //
-// GitHub API docs: https://docs.github.com/en/enterprise-cloud@latest/rest/billing?apiVersion=2022-11-28#get-github-advanced-security-active-committers-for-an-organization
+// GitHub API docs: https://docs.github.com/enterprise-cloud@latest/rest/billing/billing#get-github-advanced-security-active-committers-for-an-organization
+//
+//meta:operation GET /orgs/{org}/settings/billing/advanced-security
 func (s *BillingService) GetAdvancedSecurityActiveCommittersOrg(ctx context.Context, org string, opts *ListOptions) (*ActiveCommitters, *Response, error) {
 	u := fmt.Sprintf("orgs/%v/settings/billing/advanced-security", org)
 	u, err := addOptions(u, opts)
@@ -144,7 +152,9 @@ func (s *BillingService) GetAdvancedSecurityActiveCommittersOrg(ctx context.Cont
 
 // GetActionsBillingUser returns the summary of the free and paid GitHub Actions minutes used for a user.
 //
-// GitHub API docs: https://docs.github.com/en/rest/billing#get-github-actions-billing-for-a-user
+// GitHub API docs: https://docs.github.com/rest/billing/billing#get-github-actions-billing-for-a-user
+//
+//meta:operation GET /users/{username}/settings/billing/actions
 func (s *BillingService) GetActionsBillingUser(ctx context.Context, user string) (*ActionBilling, *Response, error) {
 	u := fmt.Sprintf("users/%v/settings/billing/actions", user)
 	req, err := s.client.NewRequest("GET", u, nil)
@@ -163,7 +173,9 @@ func (s *BillingService) GetActionsBillingUser(ctx context.Context, user string)
 
 // GetPackagesBillingUser returns the free and paid storage used for GitHub Packages in gigabytes for a user.
 //
-// GitHub API docs: https://docs.github.com/en/rest/billing#get-github-packages-billing-for-a-user
+// GitHub API docs: https://docs.github.com/rest/billing/billing#get-github-packages-billing-for-a-user
+//
+//meta:operation GET /users/{username}/settings/billing/packages
 func (s *BillingService) GetPackagesBillingUser(ctx context.Context, user string) (*PackageBilling, *Response, error) {
 	u := fmt.Sprintf("users/%v/settings/billing/packages", user)
 	req, err := s.client.NewRequest("GET", u, nil)
@@ -183,7 +195,9 @@ func (s *BillingService) GetPackagesBillingUser(ctx context.Context, user string
 // GetStorageBillingUser returns the estimated paid and estimated total storage used for GitHub Actions
 // and GitHub Packages in gigabytes for a user.
 //
-// GitHub API docs: https://docs.github.com/en/rest/billing#get-shared-storage-billing-for-a-user
+// GitHub API docs: https://docs.github.com/rest/billing/billing#get-shared-storage-billing-for-a-user
+//
+//meta:operation GET /users/{username}/settings/billing/shared-storage
 func (s *BillingService) GetStorageBillingUser(ctx context.Context, user string) (*StorageBilling, *Response, error) {
 	u := fmt.Sprintf("users/%v/settings/billing/shared-storage", user)
 	req, err := s.client.NewRequest("GET", u, nil)
diff --git a/vendor/github.com/google/go-github/v56/github/checks.go b/vendor/github.com/google/go-github/v57/github/checks.go
similarity index 89%
rename from vendor/github.com/google/go-github/v56/github/checks.go
rename to vendor/github.com/google/go-github/v57/github/checks.go
index 12d08530ca0..a8618944532 100644
--- a/vendor/github.com/google/go-github/v56/github/checks.go
+++ b/vendor/github.com/google/go-github/v57/github/checks.go
@@ -13,7 +13,7 @@ import (
 // ChecksService provides access to the Checks API in the
 // GitHub API.
 //
-// GitHub API docs: https://docs.github.com/en/rest/checks/
+// GitHub API docs: https://docs.github.com/rest/checks/
 type ChecksService service
 
 // CheckRun represents a GitHub check run on a repository associated with a GitHub app.
@@ -98,7 +98,9 @@ func (c CheckSuite) String() string {
 
 // GetCheckRun gets a check-run for a repository.
 //
-// GitHub API docs: https://docs.github.com/en/rest/checks/runs#get-a-check-run
+// GitHub API docs: https://docs.github.com/rest/checks/runs#get-a-check-run
+//
+//meta:operation GET /repos/{owner}/{repo}/check-runs/{check_run_id}
 func (s *ChecksService) GetCheckRun(ctx context.Context, owner, repo string, checkRunID int64) (*CheckRun, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/check-runs/%v", owner, repo, checkRunID)
 	req, err := s.client.NewRequest("GET", u, nil)
@@ -119,7 +121,9 @@ func (s *ChecksService) GetCheckRun(ctx context.Context, owner, repo string, che
 
 // GetCheckSuite gets a single check suite.
 //
-// GitHub API docs: https://docs.github.com/en/rest/checks/suites#get-a-check-suite
+// GitHub API docs: https://docs.github.com/rest/checks/suites#get-a-check-suite
+//
+//meta:operation GET /repos/{owner}/{repo}/check-suites/{check_suite_id}
 func (s *ChecksService) GetCheckSuite(ctx context.Context, owner, repo string, checkSuiteID int64) (*CheckSuite, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/check-suites/%v", owner, repo, checkSuiteID)
 	req, err := s.client.NewRequest("GET", u, nil)
@@ -161,7 +165,9 @@ type CheckRunAction struct {
 
 // CreateCheckRun creates a check run for repository.
 //
-// GitHub API docs: https://docs.github.com/en/rest/checks/runs#create-a-check-run
+// GitHub API docs: https://docs.github.com/rest/checks/runs#create-a-check-run
+//
+//meta:operation POST /repos/{owner}/{repo}/check-runs
 func (s *ChecksService) CreateCheckRun(ctx context.Context, owner, repo string, opts CreateCheckRunOptions) (*CheckRun, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/check-runs", owner, repo)
 	req, err := s.client.NewRequest("POST", u, opts)
@@ -194,7 +200,9 @@ type UpdateCheckRunOptions struct {
 
 // UpdateCheckRun updates a check run for a specific commit in a repository.
 //
-// GitHub API docs: https://docs.github.com/en/rest/checks/runs#update-a-check-run
+// GitHub API docs: https://docs.github.com/rest/checks/runs#update-a-check-run
+//
+//meta:operation PATCH /repos/{owner}/{repo}/check-runs/{check_run_id}
 func (s *ChecksService) UpdateCheckRun(ctx context.Context, owner, repo string, checkRunID int64, opts UpdateCheckRunOptions) (*CheckRun, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/check-runs/%v", owner, repo, checkRunID)
 	req, err := s.client.NewRequest("PATCH", u, opts)
@@ -215,7 +223,9 @@ func (s *ChecksService) UpdateCheckRun(ctx context.Context, owner, repo string,
 
 // ListCheckRunAnnotations lists the annotations for a check run.
 //
-// GitHub API docs: https://docs.github.com/en/rest/checks/runs#list-check-run-annotations
+// GitHub API docs: https://docs.github.com/rest/checks/runs#list-check-run-annotations
+//
+//meta:operation GET /repos/{owner}/{repo}/check-runs/{check_run_id}/annotations
 func (s *ChecksService) ListCheckRunAnnotations(ctx context.Context, owner, repo string, checkRunID int64, opts *ListOptions) ([]*CheckRunAnnotation, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/check-runs/%v/annotations", owner, repo, checkRunID)
 	u, err := addOptions(u, opts)
@@ -257,7 +267,9 @@ type ListCheckRunsResults struct {
 
 // ListCheckRunsForRef lists check runs for a specific ref.
 //
-// GitHub API docs: https://docs.github.com/en/rest/checks/runs#list-check-runs-for-a-git-reference
+// GitHub API docs: https://docs.github.com/rest/checks/runs#list-check-runs-for-a-git-reference
+//
+//meta:operation GET /repos/{owner}/{repo}/commits/{ref}/check-runs
 func (s *ChecksService) ListCheckRunsForRef(ctx context.Context, owner, repo, ref string, opts *ListCheckRunsOptions) (*ListCheckRunsResults, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/commits/%v/check-runs", owner, repo, refURLEscape(ref))
 	u, err := addOptions(u, opts)
@@ -283,7 +295,9 @@ func (s *ChecksService) ListCheckRunsForRef(ctx context.Context, owner, repo, re
 
 // ListCheckRunsCheckSuite lists check runs for a check suite.
 //
-// GitHub API docs: https://docs.github.com/en/rest/checks/runs#list-check-runs-in-a-check-suite
+// GitHub API docs: https://docs.github.com/rest/checks/runs#list-check-runs-in-a-check-suite
+//
+//meta:operation GET /repos/{owner}/{repo}/check-suites/{check_suite_id}/check-runs
 func (s *ChecksService) ListCheckRunsCheckSuite(ctx context.Context, owner, repo string, checkSuiteID int64, opts *ListCheckRunsOptions) (*ListCheckRunsResults, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/check-suites/%v/check-runs", owner, repo, checkSuiteID)
 	u, err := addOptions(u, opts)
@@ -309,7 +323,9 @@ func (s *ChecksService) ListCheckRunsCheckSuite(ctx context.Context, owner, repo
 
 // ReRequestCheckRun triggers GitHub to rerequest an existing check run.
 //
-// GitHub API docs: https://docs.github.com/en/rest/checks/runs#rerequest-a-check-run
+// GitHub API docs: https://docs.github.com/rest/checks/runs#rerequest-a-check-run
+//
+//meta:operation POST /repos/{owner}/{repo}/check-runs/{check_run_id}/rerequest
 func (s *ChecksService) ReRequestCheckRun(ctx context.Context, owner, repo string, checkRunID int64) (*Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/check-runs/%v/rerequest", owner, repo, checkRunID)
 
@@ -339,7 +355,9 @@ type ListCheckSuiteResults struct {
 
 // ListCheckSuitesForRef lists check suite for a specific ref.
 //
-// GitHub API docs: https://docs.github.com/en/rest/checks/suites#list-check-suites-for-a-git-reference
+// GitHub API docs: https://docs.github.com/rest/checks/suites#list-check-suites-for-a-git-reference
+//
+//meta:operation GET /repos/{owner}/{repo}/commits/{ref}/check-suites
 func (s *ChecksService) ListCheckSuitesForRef(ctx context.Context, owner, repo, ref string, opts *ListCheckSuiteOptions) (*ListCheckSuiteResults, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/commits/%v/check-suites", owner, repo, refURLEscape(ref))
 	u, err := addOptions(u, opts)
@@ -387,7 +405,9 @@ type PreferenceList struct {
 
 // SetCheckSuitePreferences changes the default automatic flow when creating check suites.
 //
-// GitHub API docs: https://docs.github.com/en/rest/checks/suites#update-repository-preferences-for-check-suites
+// GitHub API docs: https://docs.github.com/rest/checks/suites#update-repository-preferences-for-check-suites
+//
+//meta:operation PATCH /repos/{owner}/{repo}/check-suites/preferences
 func (s *ChecksService) SetCheckSuitePreferences(ctx context.Context, owner, repo string, opts CheckSuitePreferenceOptions) (*CheckSuitePreferenceResults, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/check-suites/preferences", owner, repo)
 	req, err := s.client.NewRequest("PATCH", u, opts)
@@ -414,7 +434,9 @@ type CreateCheckSuiteOptions struct {
 
 // CreateCheckSuite manually creates a check suite for a repository.
 //
-// GitHub API docs: https://docs.github.com/en/rest/checks/suites#create-a-check-suite
+// GitHub API docs: https://docs.github.com/rest/checks/suites#create-a-check-suite
+//
+//meta:operation POST /repos/{owner}/{repo}/check-suites
 func (s *ChecksService) CreateCheckSuite(ctx context.Context, owner, repo string, opts CreateCheckSuiteOptions) (*CheckSuite, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/check-suites", owner, repo)
 	req, err := s.client.NewRequest("POST", u, opts)
@@ -435,7 +457,9 @@ func (s *ChecksService) CreateCheckSuite(ctx context.Context, owner, repo string
 
 // ReRequestCheckSuite triggers GitHub to rerequest an existing check suite, without pushing new code to a repository.
 //
-// GitHub API docs: https://docs.github.com/en/rest/checks/suites#rerequest-a-check-suite
+// GitHub API docs: https://docs.github.com/rest/checks/suites#rerequest-a-check-suite
+//
+//meta:operation POST /repos/{owner}/{repo}/check-suites/{check_suite_id}/rerequest
 func (s *ChecksService) ReRequestCheckSuite(ctx context.Context, owner, repo string, checkSuiteID int64) (*Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/check-suites/%v/rerequest", owner, repo, checkSuiteID)
 
diff --git a/vendor/github.com/google/go-github/v56/github/code-scanning.go b/vendor/github.com/google/go-github/v57/github/code-scanning.go
similarity index 87%
rename from vendor/github.com/google/go-github/v56/github/code-scanning.go
rename to vendor/github.com/google/go-github/v57/github/code-scanning.go
index 0ae269be676..74a7b6c9b47 100644
--- a/vendor/github.com/google/go-github/v56/github/code-scanning.go
+++ b/vendor/github.com/google/go-github/v57/github/code-scanning.go
@@ -15,7 +15,7 @@ import (
 // CodeScanningService handles communication with the code scanning related
 // methods of the GitHub API.
 //
-// GitHub API docs: https://docs.github.com/en/rest/code-scanning
+// GitHub API docs: https://docs.github.com/rest/code-scanning
 type CodeScanningService service
 
 // Rule represents the complete details of GitHub Code Scanning alert type.
@@ -67,7 +67,7 @@ type Tool struct {
 
 // Alert represents an individual GitHub Code Scanning Alert on a single repository.
 //
-// GitHub API docs: https://docs.github.com/en/rest/code-scanning
+// GitHub API docs: https://docs.github.com/rest/code-scanning
 type Alert struct {
 	Number             *int                  `json:"number,omitempty"`
 	Repository         *Repository           `json:"repository,omitempty"`
@@ -160,7 +160,7 @@ type AnalysesListOptions struct {
 
 // CodeQLDatabase represents a metadata about the CodeQL database.
 //
-// GitHub API docs: https://docs.github.com/en/rest/code-scanning
+// GitHub API docs: https://docs.github.com/rest/code-scanning
 type CodeQLDatabase struct {
 	ID          *int64     `json:"id,omitempty"`
 	Name        *string    `json:"name,omitempty"`
@@ -175,7 +175,7 @@ type CodeQLDatabase struct {
 
 // ScanningAnalysis represents an individual GitHub Code Scanning ScanningAnalysis on a single repository.
 //
-// GitHub API docs: https://docs.github.com/en/rest/code-scanning
+// GitHub API docs: https://docs.github.com/rest/code-scanning
 type ScanningAnalysis struct {
 	ID           *int64     `json:"id,omitempty"`
 	Ref          *string    `json:"ref,omitempty"`
@@ -196,7 +196,7 @@ type ScanningAnalysis struct {
 
 // SarifAnalysis specifies the results of a code scanning job.
 //
-// GitHub API docs: https://docs.github.com/en/rest/code-scanning
+// GitHub API docs: https://docs.github.com/rest/code-scanning
 type SarifAnalysis struct {
 	CommitSHA   *string    `json:"commit_sha,omitempty"`
 	Ref         *string    `json:"ref,omitempty"`
@@ -208,7 +208,7 @@ type SarifAnalysis struct {
 
 // CodeScanningAlertState specifies the state of a code scanning alert.
 //
-// GitHub API docs: https://docs.github.com/en/rest/code-scanning
+// GitHub API docs: https://docs.github.com/rest/code-scanning
 type CodeScanningAlertState struct {
 	// State sets the state of the code scanning alert and is a required field.
 	// You must also provide DismissedReason when you set the state to "dismissed".
@@ -224,7 +224,7 @@ type CodeScanningAlertState struct {
 
 // SarifID identifies a sarif analysis upload.
 //
-// GitHub API docs: https://docs.github.com/en/rest/code-scanning
+// GitHub API docs: https://docs.github.com/rest/code-scanning
 type SarifID struct {
 	ID  *string `json:"id,omitempty"`
 	URL *string `json:"url,omitempty"`
@@ -235,7 +235,9 @@ type SarifID struct {
 // You must use an access token with the security_events scope to use this endpoint. GitHub Apps must have the security_events
 // read permission to use this endpoint.
 //
-// GitHub API docs: https://docs.github.com/en/rest/code-scanning/code-scanning#list-code-scanning-alerts-for-an-organization
+// GitHub API docs: https://docs.github.com/rest/code-scanning/code-scanning#list-code-scanning-alerts-for-an-organization
+//
+//meta:operation GET /orgs/{org}/code-scanning/alerts
 func (s *CodeScanningService) ListAlertsForOrg(ctx context.Context, org string, opts *AlertListOptions) ([]*Alert, *Response, error) {
 	u := fmt.Sprintf("orgs/%v/code-scanning/alerts", org)
 	u, err := addOptions(u, opts)
@@ -263,7 +265,9 @@ func (s *CodeScanningService) ListAlertsForOrg(ctx context.Context, org string,
 // You must use an access token with the security_events scope to use this endpoint. GitHub Apps must have the security_events
 // read permission to use this endpoint.
 //
-// GitHub API docs: https://docs.github.com/en/rest/code-scanning/code-scanning#list-code-scanning-alerts-for-a-repository
+// GitHub API docs: https://docs.github.com/rest/code-scanning/code-scanning#list-code-scanning-alerts-for-a-repository
+//
+//meta:operation GET /repos/{owner}/{repo}/code-scanning/alerts
 func (s *CodeScanningService) ListAlertsForRepo(ctx context.Context, owner, repo string, opts *AlertListOptions) ([]*Alert, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/code-scanning/alerts", owner, repo)
 	u, err := addOptions(u, opts)
@@ -292,7 +296,9 @@ func (s *CodeScanningService) ListAlertsForRepo(ctx context.Context, owner, repo
 //
 // The security alert_id is the number at the end of the security alert's URL.
 //
-// GitHub API docs: https://docs.github.com/en/rest/code-scanning/code-scanning#get-a-code-scanning-alert
+// GitHub API docs: https://docs.github.com/rest/code-scanning/code-scanning#get-a-code-scanning-alert
+//
+//meta:operation GET /repos/{owner}/{repo}/code-scanning/alerts/{alert_number}
 func (s *CodeScanningService) GetAlert(ctx context.Context, owner, repo string, id int64) (*Alert, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/code-scanning/alerts/%v", owner, repo, id)
 
@@ -317,7 +323,9 @@ func (s *CodeScanningService) GetAlert(ctx context.Context, owner, repo string,
 //
 // The security alert_id is the number at the end of the security alert's URL.
 //
-// GitHub API docs: https://docs.github.com/en/rest/code-scanning?apiVersion=2022-11-28#update-a-code-scanning-alert
+// GitHub API docs: https://docs.github.com/rest/code-scanning/code-scanning#update-a-code-scanning-alert
+//
+//meta:operation PATCH /repos/{owner}/{repo}/code-scanning/alerts/{alert_number}
 func (s *CodeScanningService) UpdateAlert(ctx context.Context, owner, repo string, id int64, stateInfo *CodeScanningAlertState) (*Alert, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/code-scanning/alerts/%v", owner, repo, id)
 
@@ -340,7 +348,9 @@ func (s *CodeScanningService) UpdateAlert(ctx context.Context, owner, repo strin
 // You must use an access token with the security_events scope to use this endpoint.
 // GitHub Apps must have the security_events read permission to use this endpoint.
 //
-// GitHub API docs: https://docs.github.com/en/rest/code-scanning/code-scanning#list-instances-of-a-code-scanning-alert
+// GitHub API docs: https://docs.github.com/rest/code-scanning/code-scanning#list-instances-of-a-code-scanning-alert
+//
+//meta:operation GET /repos/{owner}/{repo}/code-scanning/alerts/{alert_number}/instances
 func (s *CodeScanningService) ListAlertInstances(ctx context.Context, owner, repo string, id int64, opts *AlertInstancesListOptions) ([]*MostRecentInstance, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/code-scanning/alerts/%v/instances", owner, repo, id)
 	u, err := addOptions(u, opts)
@@ -368,7 +378,9 @@ func (s *CodeScanningService) ListAlertInstances(ctx context.Context, owner, rep
 // You must use an access token with the security_events scope to use this endpoint. GitHub Apps must have the security_events
 // write permission to use this endpoint.
 //
-// GitHub API docs: https://docs.github.com/en/rest/code-scanning/code-scanning#upload-an-analysis-as-sarif-data
+// GitHub API docs: https://docs.github.com/rest/code-scanning/code-scanning#upload-an-analysis-as-sarif-data
+//
+//meta:operation POST /repos/{owner}/{repo}/code-scanning/sarifs
 func (s *CodeScanningService) UploadSarif(ctx context.Context, owner, repo string, sarif *SarifAnalysis) (*SarifID, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/code-scanning/sarifs", owner, repo)
 
@@ -400,7 +412,9 @@ type SARIFUpload struct {
 // You must use an access token with the security_events scope to use this endpoint.
 // GitHub Apps must have the security_events read permission to use this endpoint.
 //
-// GitHub API docs: https://docs.github.com/en/rest/code-scanning/code-scanning#get-information-about-a-sarif-upload
+// GitHub API docs: https://docs.github.com/rest/code-scanning/code-scanning#get-information-about-a-sarif-upload
+//
+//meta:operation GET /repos/{owner}/{repo}/code-scanning/sarifs/{sarif_id}
 func (s *CodeScanningService) GetSARIF(ctx context.Context, owner, repo, sarifID string) (*SARIFUpload, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/code-scanning/sarifs/%v", owner, repo, sarifID)
 
@@ -424,7 +438,9 @@ func (s *CodeScanningService) GetSARIF(ctx context.Context, owner, repo, sarifID
 // You must use an access token with the security_events scope to use this endpoint.
 // GitHub Apps must have the security_events read permission to use this endpoint.
 //
-// GitHub API docs: https://docs.github.com/en/rest/code-scanning/code-scanning#list-code-scanning-analyses-for-a-repository
+// GitHub API docs: https://docs.github.com/rest/code-scanning/code-scanning#list-code-scanning-analyses-for-a-repository
+//
+//meta:operation GET /repos/{owner}/{repo}/code-scanning/analyses
 func (s *CodeScanningService) ListAnalysesForRepo(ctx context.Context, owner, repo string, opts *AnalysesListOptions) ([]*ScanningAnalysis, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/code-scanning/analyses", owner, repo)
 	u, err := addOptions(u, opts)
@@ -453,7 +469,9 @@ func (s *CodeScanningService) ListAnalysesForRepo(ctx context.Context, owner, re
 //
 // The security analysis_id is the ID of the analysis, as returned from the ListAnalysesForRepo operation.
 //
-// GitHub API docs: https://docs.github.com/en/rest/code-scanning/code-scanning#get-a-code-scanning-analysis-for-a-repository
+// GitHub API docs: https://docs.github.com/rest/code-scanning/code-scanning#get-a-code-scanning-analysis-for-a-repository
+//
+//meta:operation GET /repos/{owner}/{repo}/code-scanning/analyses/{analysis_id}
 func (s *CodeScanningService) GetAnalysis(ctx context.Context, owner, repo string, id int64) (*ScanningAnalysis, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/code-scanning/analyses/%v", owner, repo, id)
 
@@ -486,7 +504,9 @@ type DeleteAnalysis struct {
 //
 // The security analysis_id is the ID of the analysis, as returned from the ListAnalysesForRepo operation.
 //
-// GitHub API docs: https://docs.github.com/en/rest/code-scanning/code-scanning#delete-a-code-scanning-analysis-from-a-repository
+// GitHub API docs: https://docs.github.com/rest/code-scanning/code-scanning#delete-a-code-scanning-analysis-from-a-repository
+//
+//meta:operation DELETE /repos/{owner}/{repo}/code-scanning/analyses/{analysis_id}
 func (s *CodeScanningService) DeleteAnalysis(ctx context.Context, owner, repo string, id int64) (*DeleteAnalysis, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/code-scanning/analyses/%v", owner, repo, id)
 
@@ -509,7 +529,9 @@ func (s *CodeScanningService) DeleteAnalysis(ctx context.Context, owner, repo st
 // You must use an access token with the security_events scope to use this endpoint.
 // GitHub Apps must have the contents read permission to use this endpoint.
 //
-// GitHub API docs: https://docs.github.com/en/rest/code-scanning/code-scanning#list-codeql-databases-for-a-repository
+// GitHub API docs: https://docs.github.com/rest/code-scanning/code-scanning#list-codeql-databases-for-a-repository
+//
+//meta:operation GET /repos/{owner}/{repo}/code-scanning/codeql/databases
 func (s *CodeScanningService) ListCodeQLDatabases(ctx context.Context, owner, repo string) ([]*CodeQLDatabase, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/code-scanning/codeql/databases", owner, repo)
 
@@ -532,7 +554,9 @@ func (s *CodeScanningService) ListCodeQLDatabases(ctx context.Context, owner, re
 // You must use an access token with the security_events scope to use this endpoint.
 // GitHub Apps must have the contents read permission to use this endpoint.
 //
-// GitHub API docs: https://docs.github.com/en/rest/code-scanning/code-scanning#get-a-codeql-database-for-a-repository
+// GitHub API docs: https://docs.github.com/rest/code-scanning/code-scanning#get-a-codeql-database-for-a-repository
+//
+//meta:operation GET /repos/{owner}/{repo}/code-scanning/codeql/databases/{language}
 func (s *CodeScanningService) GetCodeQLDatabase(ctx context.Context, owner, repo, language string) (*CodeQLDatabase, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/code-scanning/codeql/databases/%v", owner, repo, language)
 
@@ -564,7 +588,9 @@ type DefaultSetupConfiguration struct {
 // endpoint with private repos or the public_repo scope for public repos. GitHub Apps must have the repo write
 // permission to use this endpoint.
 //
-// GitHub API docs: https://docs.github.com/en/rest/code-scanning/code-scanning#get-a-code-scanning-default-setup-configuration
+// GitHub API docs: https://docs.github.com/rest/code-scanning/code-scanning#get-a-code-scanning-default-setup-configuration
+//
+//meta:operation GET /repos/{owner}/{repo}/code-scanning/default-setup
 func (s *CodeScanningService) GetDefaultSetupConfiguration(ctx context.Context, owner, repo string) (*DefaultSetupConfiguration, *Response, error) {
 	u := fmt.Sprintf("repos/%s/%s/code-scanning/default-setup", owner, repo)
 
@@ -605,7 +631,9 @@ type UpdateDefaultSetupConfigurationResponse struct {
 // This method might return an AcceptedError and a status code of 202. This is because this is the status that GitHub
 // returns to signify that it has now scheduled the update of the pull request branch in a background task.
 //
-// GitHub API docs: https://docs.github.com/en/rest/code-scanning/code-scanning#update-a-code-scanning-default-setup-configuration
+// GitHub API docs: https://docs.github.com/rest/code-scanning/code-scanning#update-a-code-scanning-default-setup-configuration
+//
+//meta:operation PATCH /repos/{owner}/{repo}/code-scanning/default-setup
 func (s *CodeScanningService) UpdateDefaultSetupConfiguration(ctx context.Context, owner, repo string, options *UpdateDefaultSetupConfigurationOptions) (*UpdateDefaultSetupConfigurationResponse, *Response, error) {
 	u := fmt.Sprintf("repos/%s/%s/code-scanning/default-setup", owner, repo)
 
diff --git a/vendor/github.com/google/go-github/v56/github/codesofconduct.go b/vendor/github.com/google/go-github/v57/github/codesofconduct.go
similarity index 91%
rename from vendor/github.com/google/go-github/v56/github/codesofconduct.go
rename to vendor/github.com/google/go-github/v57/github/codesofconduct.go
index 4318ba56d2c..7d7f9ef8188 100644
--- a/vendor/github.com/google/go-github/v56/github/codesofconduct.go
+++ b/vendor/github.com/google/go-github/v57/github/codesofconduct.go
@@ -28,6 +28,8 @@ func (c *CodeOfConduct) String() string {
 // List returns all codes of conduct.
 //
 // GitHub API docs: https://docs.github.com/rest/codes-of-conduct/codes-of-conduct#get-all-codes-of-conduct
+//
+//meta:operation GET /codes_of_conduct
 func (s *CodesOfConductService) List(ctx context.Context) ([]*CodeOfConduct, *Response, error) {
 	req, err := s.client.NewRequest("GET", "codes_of_conduct", nil)
 	if err != nil {
@@ -46,7 +48,8 @@ func (s *CodesOfConductService) List(ctx context.Context) ([]*CodeOfConduct, *Re
 	return cs, resp, nil
 }
 
-// ListCodesOfConduct
+// ListCodesOfConduct returns all codes of conduct.
+//
 // Deprecated: Use CodesOfConductService.List instead
 func (c *Client) ListCodesOfConduct(ctx context.Context) ([]*CodeOfConduct, *Response, error) {
 	return c.CodesOfConduct.List(ctx)
@@ -55,6 +58,8 @@ func (c *Client) ListCodesOfConduct(ctx context.Context) ([]*CodeOfConduct, *Res
 // Get returns an individual code of conduct.
 //
 // GitHub API docs: https://docs.github.com/rest/codes-of-conduct/codes-of-conduct#get-a-code-of-conduct
+//
+//meta:operation GET /codes_of_conduct/{key}
 func (s *CodesOfConductService) Get(ctx context.Context, key string) (*CodeOfConduct, *Response, error) {
 	u := fmt.Sprintf("codes_of_conduct/%s", key)
 	req, err := s.client.NewRequest("GET", u, nil)
@@ -74,7 +79,8 @@ func (s *CodesOfConductService) Get(ctx context.Context, key string) (*CodeOfCon
 	return coc, resp, nil
 }
 
-// GetCodeOfConduct
+// GetCodeOfConduct returns an individual code of conduct.
+//
 // Deprecated: Use CodesOfConductService.Get instead
 func (c *Client) GetCodeOfConduct(ctx context.Context, key string) (*CodeOfConduct, *Response, error) {
 	return c.CodesOfConduct.Get(ctx, key)
diff --git a/vendor/github.com/google/go-github/v56/github/codespaces.go b/vendor/github.com/google/go-github/v57/github/codespaces.go
similarity index 89%
rename from vendor/github.com/google/go-github/v56/github/codespaces.go
rename to vendor/github.com/google/go-github/v57/github/codespaces.go
index cd8b0e5bee5..608370503f6 100644
--- a/vendor/github.com/google/go-github/v56/github/codespaces.go
+++ b/vendor/github.com/google/go-github/v57/github/codespaces.go
@@ -13,12 +13,12 @@ import (
 // CodespacesService handles communication with the Codespaces related
 // methods of the GitHub API.
 //
-// GitHub API docs: https://docs.github.com/en/rest/codespaces/
+// GitHub API docs: https://docs.github.com/rest/codespaces/
 type CodespacesService service
 
 // Codespace represents a codespace.
 //
-// GitHub API docs: https://docs.github.com/en/rest/codespaces
+// GitHub API docs: https://docs.github.com/rest/codespaces
 type Codespace struct {
 	ID                             *int64                        `json:"id,omitempty"`
 	Name                           *string                       `json:"name,omitempty"`
@@ -90,7 +90,9 @@ type ListCodespaces struct {
 // You must authenticate using an access token with the codespace scope to use this endpoint.
 // GitHub Apps must have read access to the codespaces repository permission to use this endpoint.
 //
-// GitHub API docs: https://docs.github.com/en/rest/codespaces/codespaces?apiVersion=2022-11-28#list-codespaces-in-a-repository-for-the-authenticated-user
+// GitHub API docs: https://docs.github.com/rest/codespaces/codespaces#list-codespaces-in-a-repository-for-the-authenticated-user
+//
+//meta:operation GET /repos/{owner}/{repo}/codespaces
 func (s *CodespacesService) ListInRepo(ctx context.Context, owner, repo string, opts *ListOptions) (*ListCodespaces, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/codespaces", owner, repo)
 	u, err := addOptions(u, opts)
@@ -112,7 +114,7 @@ func (s *CodespacesService) ListInRepo(ctx context.Context, owner, repo string,
 	return codespaces, resp, nil
 }
 
-// ListOptions represents the options for listing codespaces for a user.
+// ListCodespacesOptions represents the options for listing codespaces for a user.
 type ListCodespacesOptions struct {
 	ListOptions
 	RepositoryID int64 `url:"repository_id,omitempty"`
@@ -124,7 +126,9 @@ type ListCodespacesOptions struct {
 // You must authenticate using an access token with the codespace scope to use this endpoint.
 // GitHub Apps must have read access to the codespaces repository permission to use this endpoint.
 //
-// GitHub API docs: https://docs.github.com/en/rest/codespaces/codespaces?apiVersion=2022-11-28#list-codespaces-for-the-authenticated-user
+// GitHub API docs: https://docs.github.com/rest/codespaces/codespaces#list-codespaces-for-the-authenticated-user
+//
+//meta:operation GET /user/codespaces
 func (s *CodespacesService) List(ctx context.Context, opts *ListCodespacesOptions) (*ListCodespaces, *Response, error) {
 	u := "user/codespaces"
 	u, err := addOptions(u, opts)
@@ -172,7 +176,9 @@ type CreateCodespaceOptions struct {
 // You must authenticate using an access token with the codespace scope to use this endpoint.
 // GitHub Apps must have write access to the codespaces repository permission to use this endpoint.
 //
-// GitHub API docs: https://docs.github.com/en/rest/codespaces/codespaces?apiVersion=2022-11-28#create-a-codespace-in-a-repository
+// GitHub API docs: https://docs.github.com/rest/codespaces/codespaces#create-a-codespace-in-a-repository
+//
+//meta:operation POST /repos/{owner}/{repo}/codespaces
 func (s *CodespacesService) CreateInRepo(ctx context.Context, owner, repo string, request *CreateCodespaceOptions) (*Codespace, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/codespaces", owner, repo)
 
@@ -195,7 +201,9 @@ func (s *CodespacesService) CreateInRepo(ctx context.Context, owner, repo string
 // You must authenticate using an access token with the codespace scope to use this endpoint.
 // GitHub Apps must have write access to the codespaces_lifecycle_admin repository permission to use this endpoint.
 //
-// GitHub API docs: https://docs.github.com/en/rest/codespaces/codespaces?apiVersion=2022-11-28#start-a-codespace-for-the-authenticated-user
+// GitHub API docs: https://docs.github.com/rest/codespaces/codespaces#start-a-codespace-for-the-authenticated-user
+//
+//meta:operation POST /user/codespaces/{codespace_name}/start
 func (s *CodespacesService) Start(ctx context.Context, codespaceName string) (*Codespace, *Response, error) {
 	u := fmt.Sprintf("user/codespaces/%v/start", codespaceName)
 
@@ -218,7 +226,9 @@ func (s *CodespacesService) Start(ctx context.Context, codespaceName string) (*C
 // You must authenticate using an access token with the codespace scope to use this endpoint.
 // GitHub Apps must have write access to the codespaces_lifecycle_admin repository permission to use this endpoint.
 //
-// GitHub API docs: https://docs.github.com/en/rest/codespaces/codespaces?apiVersion=2022-11-28#stop-a-codespace-for-the-authenticated-user
+// GitHub API docs: https://docs.github.com/rest/codespaces/codespaces#stop-a-codespace-for-the-authenticated-user
+//
+//meta:operation POST /user/codespaces/{codespace_name}/stop
 func (s *CodespacesService) Stop(ctx context.Context, codespaceName string) (*Codespace, *Response, error) {
 	u := fmt.Sprintf("user/codespaces/%v/stop", codespaceName)
 
@@ -241,7 +251,9 @@ func (s *CodespacesService) Stop(ctx context.Context, codespaceName string) (*Co
 // You must authenticate using an access token with the codespace scope to use this endpoint.
 // GitHub Apps must have write access to the codespaces repository permission to use this endpoint.
 //
-// GitHub API docs: https://docs.github.com/en/rest/codespaces/codespaces?apiVersion=2022-11-28#delete-a-codespace-for-the-authenticated-user
+// GitHub API docs: https://docs.github.com/rest/codespaces/codespaces#delete-a-codespace-for-the-authenticated-user
+//
+//meta:operation DELETE /user/codespaces/{codespace_name}
 func (s *CodespacesService) Delete(ctx context.Context, codespaceName string) (*Response, error) {
 	u := fmt.Sprintf("user/codespaces/%v", codespaceName)
 
diff --git a/vendor/github.com/google/go-github/v56/github/codespaces_secrets.go b/vendor/github.com/google/go-github/v57/github/codespaces_secrets.go
similarity index 80%
rename from vendor/github.com/google/go-github/v56/github/codespaces_secrets.go
rename to vendor/github.com/google/go-github/v57/github/codespaces_secrets.go
index e11c679c668..438c27f8ffe 100644
--- a/vendor/github.com/google/go-github/v56/github/codespaces_secrets.go
+++ b/vendor/github.com/google/go-github/v57/github/codespaces_secrets.go
@@ -16,7 +16,9 @@ import (
 // You must authenticate using an access token with the codespace or codespace:secrets scope to use this endpoint. User must have Codespaces access to use this endpoint
 // GitHub Apps must have read access to the codespaces_user_secrets user permission to use this endpoint.
 //
-// GitHub API docs: https://docs.github.com/en/rest/codespaces/secrets?apiVersion=2022-11-28#list-secrets-for-the-authenticated-user
+// GitHub API docs: https://docs.github.com/rest/codespaces/secrets#list-secrets-for-the-authenticated-user
+//
+//meta:operation GET /user/codespaces/secrets
 func (s *CodespacesService) ListUserSecrets(ctx context.Context, opts *ListOptions) (*Secrets, *Response, error) {
 	u, err := addOptions("user/codespaces/secrets", opts)
 	if err != nil {
@@ -29,7 +31,9 @@ func (s *CodespacesService) ListUserSecrets(ctx context.Context, opts *ListOptio
 //
 // Lists all Codespaces secrets available at the organization-level without revealing their encrypted values. You must authenticate using an access token with the admin:org scope to use this endpoint.
 //
-// GitHub API docs: https://docs.github.com/en/rest/codespaces/organization-secrets?apiVersion=2022-11-28#list-organization-secrets
+// GitHub API docs: https://docs.github.com/rest/codespaces/organization-secrets#list-organization-secrets
+//
+//meta:operation GET /orgs/{org}/codespaces/secrets
 func (s *CodespacesService) ListOrgSecrets(ctx context.Context, org string, opts *ListOptions) (*Secrets, *Response, error) {
 	u := fmt.Sprintf("orgs/%v/codespaces/secrets", org)
 	u, err := addOptions(u, opts)
@@ -43,7 +47,9 @@ func (s *CodespacesService) ListOrgSecrets(ctx context.Context, org string, opts
 //
 // Lists all secrets available in a repository without revealing their encrypted values. You must authenticate using an access token with the repo scope to use this endpoint. GitHub Apps must have write access to the codespaces_secrets repository permission to use this endpoint.
 //
-// GitHub API docs: https://docs.github.com/en/rest/codespaces/repository-secrets?apiVersion=2022-11-28#list-repository-secrets
+// GitHub API docs: https://docs.github.com/rest/codespaces/repository-secrets#list-repository-secrets
+//
+//meta:operation GET /repos/{owner}/{repo}/codespaces/secrets
 func (s *CodespacesService) ListRepoSecrets(ctx context.Context, owner, repo string, opts *ListOptions) (*Secrets, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/codespaces/secrets", owner, repo)
 	u, err := addOptions(u, opts)
@@ -74,7 +80,9 @@ func (s *CodespacesService) listSecrets(ctx context.Context, url string) (*Secre
 // You must authenticate using an access token with the codespace or codespace:secrets scope to use this endpoint. User must have Codespaces access to use this endpoint.
 // GitHub Apps must have read access to the codespaces_user_secrets user permission to use this endpoint.
 //
-// GitHub API docs: https://docs.github.com/en/rest/codespaces/secrets?apiVersion=2022-11-28#get-public-key-for-the-authenticated-user
+// GitHub API docs: https://docs.github.com/rest/codespaces/secrets#get-public-key-for-the-authenticated-user
+//
+//meta:operation GET /user/codespaces/secrets/public-key
 func (s *CodespacesService) GetUserPublicKey(ctx context.Context) (*PublicKey, *Response, error) {
 	return s.getPublicKey(ctx, "user/codespaces/secrets/public-key")
 }
@@ -83,7 +91,9 @@ func (s *CodespacesService) GetUserPublicKey(ctx context.Context) (*PublicKey, *
 //
 // Gets a public key for an organization, which is required in order to encrypt secrets. You need to encrypt the value of a secret before you can create or update secrets. You must authenticate using an access token with the admin:org scope to use this endpoint.
 //
-// GitHub API docs: https://docs.github.com/en/rest/codespaces/organization-secrets?apiVersion=2022-11-28#get-an-organization-public-key
+// GitHub API docs: https://docs.github.com/rest/codespaces/organization-secrets#get-an-organization-public-key
+//
+//meta:operation GET /orgs/{org}/codespaces/secrets/public-key
 func (s *CodespacesService) GetOrgPublicKey(ctx context.Context, org string) (*PublicKey, *Response, error) {
 	return s.getPublicKey(ctx, fmt.Sprintf("orgs/%v/codespaces/secrets/public-key", org))
 }
@@ -92,7 +102,9 @@ func (s *CodespacesService) GetOrgPublicKey(ctx context.Context, org string) (*P
 //
 // Gets your public key, which you need to encrypt secrets. You need to encrypt a secret before you can create or update secrets. Anyone with read access to the repository can use this endpoint. If the repository is private you must use an access token with the repo scope. GitHub Apps must have write access to the codespaces_secrets repository permission to use this endpoint.
 //
-// GitHub API docs: https://docs.github.com/en/rest/codespaces/repository-secrets?apiVersion=2022-11-28#get-a-repository-public-key
+// GitHub API docs: https://docs.github.com/rest/codespaces/repository-secrets#get-a-repository-public-key
+//
+//meta:operation GET /repos/{owner}/{repo}/codespaces/secrets/public-key
 func (s *CodespacesService) GetRepoPublicKey(ctx context.Context, owner, repo string) (*PublicKey, *Response, error) {
 	return s.getPublicKey(ctx, fmt.Sprintf("repos/%v/%v/codespaces/secrets/public-key", owner, repo))
 }
@@ -118,7 +130,9 @@ func (s *CodespacesService) getPublicKey(ctx context.Context, url string) (*Publ
 // You must authenticate using an access token with the codespace or codespace:secrets scope to use this endpoint. User must have Codespaces access to use this endpoint.
 // GitHub Apps must have read access to the codespaces_user_secrets user permission to use this endpoint.
 //
-// GitHub API docs: https://docs.github.com/en/rest/codespaces/secrets?apiVersion=2022-11-28#get-a-secret-for-the-authenticated-user
+// GitHub API docs: https://docs.github.com/rest/codespaces/secrets#get-a-secret-for-the-authenticated-user
+//
+//meta:operation GET /user/codespaces/secrets/{secret_name}
 func (s *CodespacesService) GetUserSecret(ctx context.Context, name string) (*Secret, *Response, error) {
 	u := fmt.Sprintf("user/codespaces/secrets/%v", name)
 	return s.getSecret(ctx, u)
@@ -128,7 +142,9 @@ func (s *CodespacesService) GetUserSecret(ctx context.Context, name string) (*Se
 //
 // Gets an organization secret without revealing its encrypted value. You must authenticate using an access token with the admin:org scope to use this endpoint.
 //
-// GitHub API docs: https://docs.github.com/en/rest/codespaces/organization-secrets?apiVersion=2022-11-28#get-an-organization-secret
+// GitHub API docs: https://docs.github.com/rest/codespaces/organization-secrets#get-an-organization-secret
+//
+//meta:operation GET /orgs/{org}/codespaces/secrets/{secret_name}
 func (s *CodespacesService) GetOrgSecret(ctx context.Context, org, name string) (*Secret, *Response, error) {
 	u := fmt.Sprintf("orgs/%v/codespaces/secrets/%v", org, name)
 	return s.getSecret(ctx, u)
@@ -138,7 +154,9 @@ func (s *CodespacesService) GetOrgSecret(ctx context.Context, org, name string)
 //
 // Gets a single repository secret without revealing its encrypted value. You must authenticate using an access token with the repo scope to use this endpoint. GitHub Apps must have write access to the codespaces_secrets repository permission to use this endpoint.
 //
-// GitHub API docs: https://docs.github.com/en/rest/codespaces/repository-secrets?apiVersion=2022-11-28#get-a-repository-secret
+// GitHub API docs: https://docs.github.com/rest/codespaces/repository-secrets#get-a-repository-secret
+//
+//meta:operation GET /repos/{owner}/{repo}/codespaces/secrets/{secret_name}
 func (s *CodespacesService) GetRepoSecret(ctx context.Context, owner, repo, name string) (*Secret, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/codespaces/secrets/%v", owner, repo, name)
 	return s.getSecret(ctx, u)
@@ -165,7 +183,9 @@ func (s *CodespacesService) getSecret(ctx context.Context, url string) (*Secret,
 // You must authenticate using an access token with the codespace or codespace:secrets scope to use this endpoint. User must also have Codespaces access to use this endpoint.
 // GitHub Apps must have write access to the codespaces_user_secrets user permission and codespaces_secrets repository permission on all referenced repositories to use this endpoint.
 //
-// GitHub API docs: https://docs.github.com/en/rest/codespaces/secrets?apiVersion=2022-11-28#create-or-update-a-secret-for-the-authenticated-user
+// GitHub API docs: https://docs.github.com/rest/codespaces/secrets#create-or-update-a-secret-for-the-authenticated-user
+//
+//meta:operation PUT /user/codespaces/secrets/{secret_name}
 func (s *CodespacesService) CreateOrUpdateUserSecret(ctx context.Context, eSecret *EncryptedSecret) (*Response, error) {
 	u := fmt.Sprintf("user/codespaces/secrets/%v", eSecret.Name)
 	return s.createOrUpdateSecret(ctx, u, eSecret)
@@ -175,7 +195,9 @@ func (s *CodespacesService) CreateOrUpdateUserSecret(ctx context.Context, eSecre
 //
 // Creates or updates an organization secret with an encrypted value. Encrypt your secret using LibSodium. You must authenticate using an access token with the admin:org scope to use this endpoint.
 //
-// GitHub API docs: https://docs.github.com/en/rest/codespaces/organization-secrets?apiVersion=2022-11-28#create-or-update-an-organization-secret
+// GitHub API docs: https://docs.github.com/rest/codespaces/organization-secrets#create-or-update-an-organization-secret
+//
+//meta:operation PUT /orgs/{org}/codespaces/secrets/{secret_name}
 func (s *CodespacesService) CreateOrUpdateOrgSecret(ctx context.Context, org string, eSecret *EncryptedSecret) (*Response, error) {
 	u := fmt.Sprintf("orgs/%v/codespaces/secrets/%v", org, eSecret.Name)
 	return s.createOrUpdateSecret(ctx, u, eSecret)
@@ -185,7 +207,9 @@ func (s *CodespacesService) CreateOrUpdateOrgSecret(ctx context.Context, org str
 //
 // Creates or updates a repository secret with an encrypted value. Encrypt your secret using LibSodium. You must authenticate using an access token with the repo scope to use this endpoint. GitHub Apps must have write access to the codespaces_secrets repository permission to use this endpoint.
 //
-// GitHub API docs: https://docs.github.com/en/rest/codespaces/repository-secrets?apiVersion=2022-11-28#create-or-update-a-repository-secret
+// GitHub API docs: https://docs.github.com/rest/codespaces/repository-secrets#create-or-update-a-repository-secret
+//
+//meta:operation PUT /repos/{owner}/{repo}/codespaces/secrets/{secret_name}
 func (s *CodespacesService) CreateOrUpdateRepoSecret(ctx context.Context, owner, repo string, eSecret *EncryptedSecret) (*Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/codespaces/secrets/%v", owner, repo, eSecret.Name)
 	return s.createOrUpdateSecret(ctx, u, eSecret)
@@ -211,7 +235,9 @@ func (s *CodespacesService) createOrUpdateSecret(ctx context.Context, url string
 // You must authenticate using an access token with the codespace or codespace:secrets scope to use this endpoint. User must have Codespaces access to use this endpoint.
 // GitHub Apps must have write access to the codespaces_user_secrets user permission to use this endpoint.
 //
-// GitHub API docs: https://docs.github.com/en/rest/codespaces/secrets?apiVersion=2022-11-28#delete-a-secret-for-the-authenticated-user
+// GitHub API docs: https://docs.github.com/rest/codespaces/secrets#delete-a-secret-for-the-authenticated-user
+//
+//meta:operation DELETE /user/codespaces/secrets/{secret_name}
 func (s *CodespacesService) DeleteUserSecret(ctx context.Context, name string) (*Response, error) {
 	u := fmt.Sprintf("user/codespaces/secrets/%v", name)
 	return s.deleteSecret(ctx, u)
@@ -221,7 +247,9 @@ func (s *CodespacesService) DeleteUserSecret(ctx context.Context, name string) (
 //
 // Deletes an organization secret using the secret name. You must authenticate using an access token with the admin:org scope to use this endpoint.
 //
-// GitHub API docs: https://docs.github.com/en/rest/codespaces/organization-secrets?apiVersion=2022-11-28#delete-an-organization-secret
+// GitHub API docs: https://docs.github.com/rest/codespaces/organization-secrets#delete-an-organization-secret
+//
+//meta:operation DELETE /orgs/{org}/codespaces/secrets/{secret_name}
 func (s *CodespacesService) DeleteOrgSecret(ctx context.Context, org, name string) (*Response, error) {
 	u := fmt.Sprintf("orgs/%v/codespaces/secrets/%v", org, name)
 	return s.deleteSecret(ctx, u)
@@ -231,7 +259,9 @@ func (s *CodespacesService) DeleteOrgSecret(ctx context.Context, org, name strin
 //
 // Deletes a secret in a repository using the secret name. You must authenticate using an access token with the repo scope to use this endpoint. GitHub Apps must have write access to the codespaces_secrets repository permission to use this endpoint.
 //
-// GitHub API docs: https://docs.github.com/en/rest/codespaces/repository-secrets?apiVersion=2022-11-28#delete-a-repository-secret
+// GitHub API docs: https://docs.github.com/rest/codespaces/repository-secrets#delete-a-repository-secret
+//
+//meta:operation DELETE /repos/{owner}/{repo}/codespaces/secrets/{secret_name}
 func (s *CodespacesService) DeleteRepoSecret(ctx context.Context, owner, repo, name string) (*Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/codespaces/secrets/%v", owner, repo, name)
 	return s.deleteSecret(ctx, u)
@@ -256,7 +286,9 @@ func (s *CodespacesService) deleteSecret(ctx context.Context, url string) (*Resp
 // You must authenticate using an access token with the codespace or codespace:secrets scope to use this endpoint. User must have Codespaces access to use this endpoint.
 // GitHub Apps must have read access to the codespaces_user_secrets user permission and write access to the codespaces_secrets repository permission on all referenced repositories to use this endpoint.
 //
-// GitHub API docs: https://docs.github.com/en/rest/codespaces/secrets?apiVersion=2022-11-28#list-selected-repositories-for-a-user-secret
+// GitHub API docs: https://docs.github.com/rest/codespaces/secrets#list-selected-repositories-for-a-user-secret
+//
+//meta:operation GET /user/codespaces/secrets/{secret_name}/repositories
 func (s *CodespacesService) ListSelectedReposForUserSecret(ctx context.Context, name string, opts *ListOptions) (*SelectedReposList, *Response, error) {
 	u := fmt.Sprintf("user/codespaces/secrets/%v/repositories", name)
 	u, err := addOptions(u, opts)
@@ -271,7 +303,9 @@ func (s *CodespacesService) ListSelectedReposForUserSecret(ctx context.Context,
 //
 // Lists all repositories that have been selected when the visibility for repository access to a secret is set to selected. You must authenticate using an access token with the admin:org scope to use this endpoint.
 //
-// GitHub API docs: https://docs.github.com/en/rest/codespaces/organization-secrets?apiVersion=2022-11-28#list-selected-repositories-for-an-organization-secret
+// GitHub API docs: https://docs.github.com/rest/codespaces/organization-secrets#list-selected-repositories-for-an-organization-secret
+//
+//meta:operation GET /orgs/{org}/codespaces/secrets/{secret_name}/repositories
 func (s *CodespacesService) ListSelectedReposForOrgSecret(ctx context.Context, org, name string, opts *ListOptions) (*SelectedReposList, *Response, error) {
 	u := fmt.Sprintf("orgs/%v/codespaces/secrets/%v/repositories", org, name)
 	u, err := addOptions(u, opts)
@@ -302,7 +336,9 @@ func (s *CodespacesService) listSelectedReposForSecret(ctx context.Context, url
 // You must authenticate using an access token with the codespace or codespace:secrets scope to use this endpoint. User must have Codespaces access to use this endpoint.
 // GitHub Apps must have write access to the codespaces_user_secrets user permission and write access to the codespaces_secrets repository permission on all referenced repositories to use this endpoint.
 //
-// Github API docs: https://docs.github.com/en/rest/codespaces/secrets?apiVersion=2022-11-28#set-selected-repositories-for-a-user-secret
+// GitHub API docs: https://docs.github.com/rest/codespaces/secrets#set-selected-repositories-for-a-user-secret
+//
+//meta:operation PUT /user/codespaces/secrets/{secret_name}/repositories
 func (s *CodespacesService) SetSelectedReposForUserSecret(ctx context.Context, name string, ids SelectedRepoIDs) (*Response, error) {
 	u := fmt.Sprintf("user/codespaces/secrets/%v/repositories", name)
 	return s.setSelectedRepoForSecret(ctx, u, ids)
@@ -312,7 +348,9 @@ func (s *CodespacesService) SetSelectedReposForUserSecret(ctx context.Context, n
 //
 // Replaces all repositories for an organization secret when the visibility for repository access is set to selected. The visibility is set when you Create or update an organization secret. You must authenticate using an access token with the admin:org scope to use this endpoint.
 //
-// Github API docs: https://docs.github.com/en/rest/codespaces/secrets?apiVersion=2022-11-28#set-selected-repositories-for-a-user-secret
+// GitHub API docs: https://docs.github.com/rest/codespaces/organization-secrets#set-selected-repositories-for-an-organization-secret
+//
+//meta:operation PUT /orgs/{org}/codespaces/secrets/{secret_name}/repositories
 func (s *CodespacesService) SetSelectedReposForOrgSecret(ctx context.Context, org, name string, ids SelectedRepoIDs) (*Response, error) {
 	u := fmt.Sprintf("orgs/%v/codespaces/secrets/%v/repositories", org, name)
 	return s.setSelectedRepoForSecret(ctx, u, ids)
@@ -340,7 +378,9 @@ func (s *CodespacesService) setSelectedRepoForSecret(ctx context.Context, url st
 //
 // Adds a repository to the selected repositories for a user's codespace secret. You must authenticate using an access token with the codespace or codespace:secrets scope to use this endpoint. User must have Codespaces access to use this endpoint. GitHub Apps must have write access to the codespaces_user_secrets user permission and write access to the codespaces_secrets repository permission on the referenced repository to use this endpoint.
 //
-// Github API docs: https://docs.github.com/en/rest/codespaces/secrets?apiVersion=2022-11-28#add-a-selected-repository-to-a-user-secret
+// GitHub API docs: https://docs.github.com/rest/codespaces/secrets#add-a-selected-repository-to-a-user-secret
+//
+//meta:operation PUT /user/codespaces/secrets/{secret_name}/repositories/{repository_id}
 func (s *CodespacesService) AddSelectedRepoToUserSecret(ctx context.Context, name string, repo *Repository) (*Response, error) {
 	u := fmt.Sprintf("user/codespaces/secrets/%v/repositories/%v", name, *repo.ID)
 	return s.addSelectedRepoToSecret(ctx, u)
@@ -350,7 +390,9 @@ func (s *CodespacesService) AddSelectedRepoToUserSecret(ctx context.Context, nam
 //
 // Adds a repository to an organization secret when the visibility for repository access is set to selected. The visibility is set when you Create or update an organization secret. You must authenticate using an access token with the admin:org scope to use this endpoint.
 //
-// Github API docs: https://docs.github.com/en/rest/codespaces/organization-secrets?apiVersion=2022-11-28#add-selected-repository-to-an-organization-secret
+// GitHub API docs: https://docs.github.com/rest/codespaces/organization-secrets#add-selected-repository-to-an-organization-secret
+//
+//meta:operation PUT /orgs/{org}/codespaces/secrets/{secret_name}/repositories/{repository_id}
 func (s *CodespacesService) AddSelectedRepoToOrgSecret(ctx context.Context, org, name string, repo *Repository) (*Response, error) {
 	u := fmt.Sprintf("orgs/%v/codespaces/secrets/%v/repositories/%v", org, name, *repo.ID)
 	return s.addSelectedRepoToSecret(ctx, u)
@@ -374,7 +416,9 @@ func (s *CodespacesService) addSelectedRepoToSecret(ctx context.Context, url str
 //
 // Removes a repository from the selected repositories for a user's codespace secret. You must authenticate using an access token with the codespace or codespace:secrets scope to use this endpoint. User must have Codespaces access to use this endpoint. GitHub Apps must have write access to the codespaces_user_secrets user permission to use this endpoint.
 //
-// Github API docs: https://docs.github.com/en/rest/codespaces/secrets?apiVersion=2022-11-28#remove-a-selected-repository-from-a-user-secret
+// GitHub API docs: https://docs.github.com/rest/codespaces/secrets#remove-a-selected-repository-from-a-user-secret
+//
+//meta:operation DELETE /user/codespaces/secrets/{secret_name}/repositories/{repository_id}
 func (s *CodespacesService) RemoveSelectedRepoFromUserSecret(ctx context.Context, name string, repo *Repository) (*Response, error) {
 	u := fmt.Sprintf("user/codespaces/secrets/%v/repositories/%v", name, *repo.ID)
 	return s.removeSelectedRepoFromSecret(ctx, u)
@@ -384,7 +428,9 @@ func (s *CodespacesService) RemoveSelectedRepoFromUserSecret(ctx context.Context
 //
 // Removes a repository from an organization secret when the visibility for repository access is set to selected. The visibility is set when you Create or update an organization secret. You must authenticate using an access token with the admin:org scope to use this endpoint.
 //
-// Github API docs: https://docs.github.com/en/rest/codespaces/organization-secrets?apiVersion=2022-11-28#remove-selected-repository-from-an-organization-secret
+// GitHub API docs: https://docs.github.com/rest/codespaces/organization-secrets#remove-selected-repository-from-an-organization-secret
+//
+//meta:operation DELETE /orgs/{org}/codespaces/secrets/{secret_name}/repositories/{repository_id}
 func (s *CodespacesService) RemoveSelectedRepoFromOrgSecret(ctx context.Context, org, name string, repo *Repository) (*Response, error) {
 	u := fmt.Sprintf("orgs/%v/codespaces/secrets/%v/repositories/%v", org, name, *repo.ID)
 	return s.removeSelectedRepoFromSecret(ctx, u)
diff --git a/vendor/github.com/google/go-github/v56/github/dependabot.go b/vendor/github.com/google/go-github/v57/github/dependabot.go
similarity index 83%
rename from vendor/github.com/google/go-github/v56/github/dependabot.go
rename to vendor/github.com/google/go-github/v57/github/dependabot.go
index 07e68b506af..2a11a9c9563 100644
--- a/vendor/github.com/google/go-github/v56/github/dependabot.go
+++ b/vendor/github.com/google/go-github/v57/github/dependabot.go
@@ -8,5 +8,5 @@ package github
 // DependabotService handles communication with the Dependabot related
 // methods of the GitHub API.
 //
-// GitHub API docs: https://docs.github.com/en/rest/dependabot/
+// GitHub API docs: https://docs.github.com/rest/dependabot/
 type DependabotService service
diff --git a/vendor/github.com/google/go-github/v56/github/dependabot_alerts.go b/vendor/github.com/google/go-github/v57/github/dependabot_alerts.go
similarity index 75%
rename from vendor/github.com/google/go-github/v56/github/dependabot_alerts.go
rename to vendor/github.com/google/go-github/v57/github/dependabot_alerts.go
index 177316b1dc8..f1ed126c217 100644
--- a/vendor/github.com/google/go-github/v56/github/dependabot_alerts.go
+++ b/vendor/github.com/google/go-github/v57/github/dependabot_alerts.go
@@ -67,6 +67,17 @@ type DependabotAlert struct {
 	Repository *Repository `json:"repository,omitempty"`
 }
 
+// DependabotAlertState represents the state of a Dependabot alert to update.
+type DependabotAlertState struct {
+	// The state of the Dependabot alert. A dismissed_reason must be provided when setting the state to dismissed.
+	State string `json:"state"`
+	// Required when state is dismissed. A reason for dismissing the alert.
+	// Can be one of: fix_started, inaccurate, no_bandwidth, not_used, tolerable_risk
+	DismissedReason *string `json:"dismissed_reason,omitempty"`
+	// An optional comment associated with dismissing the alert.
+	DismissedComment *string `json:"dismissed_comment,omitempty"`
+}
+
 // ListAlertsOptions specifies the optional parameters to the DependabotService.ListRepoAlerts
 // and DependabotService.ListOrgAlerts methods.
 type ListAlertsOptions struct {
@@ -104,7 +115,9 @@ func (s *DependabotService) listAlerts(ctx context.Context, url string, opts *Li
 
 // ListRepoAlerts lists all Dependabot alerts of a repository.
 //
-// GitHub API docs: https://docs.github.com/en/rest/dependabot/alerts#list-dependabot-alerts-for-a-repository
+// GitHub API docs: https://docs.github.com/rest/dependabot/alerts#list-dependabot-alerts-for-a-repository
+//
+//meta:operation GET /repos/{owner}/{repo}/dependabot/alerts
 func (s *DependabotService) ListRepoAlerts(ctx context.Context, owner, repo string, opts *ListAlertsOptions) ([]*DependabotAlert, *Response, error) {
 	url := fmt.Sprintf("repos/%v/%v/dependabot/alerts", owner, repo)
 	return s.listAlerts(ctx, url, opts)
@@ -112,7 +125,9 @@ func (s *DependabotService) ListRepoAlerts(ctx context.Context, owner, repo stri
 
 // ListOrgAlerts lists all Dependabot alerts of an organization.
 //
-// GitHub API docs: https://docs.github.com/en/rest/dependabot/alerts#list-dependabot-alerts-for-an-organization
+// GitHub API docs: https://docs.github.com/rest/dependabot/alerts#list-dependabot-alerts-for-an-organization
+//
+//meta:operation GET /orgs/{org}/dependabot/alerts
 func (s *DependabotService) ListOrgAlerts(ctx context.Context, org string, opts *ListAlertsOptions) ([]*DependabotAlert, *Response, error) {
 	url := fmt.Sprintf("orgs/%v/dependabot/alerts", org)
 	return s.listAlerts(ctx, url, opts)
@@ -120,7 +135,9 @@ func (s *DependabotService) ListOrgAlerts(ctx context.Context, org string, opts
 
 // GetRepoAlert gets a single repository Dependabot alert.
 //
-// GitHub API docs: https://docs.github.com/en/rest/dependabot/alerts#get-a-dependabot-alert
+// GitHub API docs: https://docs.github.com/rest/dependabot/alerts#get-a-dependabot-alert
+//
+//meta:operation GET /repos/{owner}/{repo}/dependabot/alerts/{alert_number}
 func (s *DependabotService) GetRepoAlert(ctx context.Context, owner, repo string, number int) (*DependabotAlert, *Response, error) {
 	url := fmt.Sprintf("repos/%v/%v/dependabot/alerts/%v", owner, repo, number)
 	req, err := s.client.NewRequest("GET", url, nil)
@@ -136,3 +153,24 @@ func (s *DependabotService) GetRepoAlert(ctx context.Context, owner, repo string
 
 	return alert, resp, nil
 }
+
+// UpdateAlert updates a Dependabot alert.
+//
+// GitHub API docs: https://docs.github.com/rest/dependabot/alerts#update-a-dependabot-alert
+//
+//meta:operation PATCH /repos/{owner}/{repo}/dependabot/alerts/{alert_number}
+func (s *DependabotService) UpdateAlert(ctx context.Context, owner, repo string, number int, stateInfo *DependabotAlertState) (*DependabotAlert, *Response, error) {
+	url := fmt.Sprintf("repos/%v/%v/dependabot/alerts/%v", owner, repo, number)
+	req, err := s.client.NewRequest("PATCH", url, stateInfo)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	alert := new(DependabotAlert)
+	resp, err := s.client.Do(ctx, req, alert)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return alert, resp, nil
+}
diff --git a/vendor/github.com/google/go-github/v56/github/dependabot_secrets.go b/vendor/github.com/google/go-github/v57/github/dependabot_secrets.go
similarity index 77%
rename from vendor/github.com/google/go-github/v56/github/dependabot_secrets.go
rename to vendor/github.com/google/go-github/v57/github/dependabot_secrets.go
index 685f7bea8ea..e85c805a63f 100644
--- a/vendor/github.com/google/go-github/v56/github/dependabot_secrets.go
+++ b/vendor/github.com/google/go-github/v57/github/dependabot_secrets.go
@@ -27,7 +27,9 @@ func (s *DependabotService) getPublicKey(ctx context.Context, url string) (*Publ
 
 // GetRepoPublicKey gets a public key that should be used for Dependabot secret encryption.
 //
-// GitHub API docs: https://docs.github.com/en/rest/dependabot/secrets#get-a-repository-public-key
+// GitHub API docs: https://docs.github.com/rest/dependabot/secrets#get-a-repository-public-key
+//
+//meta:operation GET /repos/{owner}/{repo}/dependabot/secrets/public-key
 func (s *DependabotService) GetRepoPublicKey(ctx context.Context, owner, repo string) (*PublicKey, *Response, error) {
 	url := fmt.Sprintf("repos/%v/%v/dependabot/secrets/public-key", owner, repo)
 	return s.getPublicKey(ctx, url)
@@ -35,7 +37,9 @@ func (s *DependabotService) GetRepoPublicKey(ctx context.Context, owner, repo st
 
 // GetOrgPublicKey gets a public key that should be used for Dependabot secret encryption.
 //
-// GitHub API docs: https://docs.github.com/en/rest/dependabot/secrets#get-an-organization-public-key
+// GitHub API docs: https://docs.github.com/rest/dependabot/secrets#get-an-organization-public-key
+//
+//meta:operation GET /orgs/{org}/dependabot/secrets/public-key
 func (s *DependabotService) GetOrgPublicKey(ctx context.Context, org string) (*PublicKey, *Response, error) {
 	url := fmt.Sprintf("orgs/%v/dependabot/secrets/public-key", org)
 	return s.getPublicKey(ctx, url)
@@ -64,7 +68,9 @@ func (s *DependabotService) listSecrets(ctx context.Context, url string, opts *L
 // ListRepoSecrets lists all Dependabot secrets available in a repository
 // without revealing their encrypted values.
 //
-// GitHub API docs: https://docs.github.com/en/rest/dependabot/secrets#list-repository-secrets
+// GitHub API docs: https://docs.github.com/rest/dependabot/secrets#list-repository-secrets
+//
+//meta:operation GET /repos/{owner}/{repo}/dependabot/secrets
 func (s *DependabotService) ListRepoSecrets(ctx context.Context, owner, repo string, opts *ListOptions) (*Secrets, *Response, error) {
 	url := fmt.Sprintf("repos/%v/%v/dependabot/secrets", owner, repo)
 	return s.listSecrets(ctx, url, opts)
@@ -73,7 +79,9 @@ func (s *DependabotService) ListRepoSecrets(ctx context.Context, owner, repo str
 // ListOrgSecrets lists all Dependabot secrets available in an organization
 // without revealing their encrypted values.
 //
-// GitHub API docs: https://docs.github.com/en/rest/dependabot/secrets#list-organization-secrets
+// GitHub API docs: https://docs.github.com/rest/dependabot/secrets#list-organization-secrets
+//
+//meta:operation GET /orgs/{org}/dependabot/secrets
 func (s *DependabotService) ListOrgSecrets(ctx context.Context, org string, opts *ListOptions) (*Secrets, *Response, error) {
 	url := fmt.Sprintf("orgs/%v/dependabot/secrets", org)
 	return s.listSecrets(ctx, url, opts)
@@ -96,7 +104,9 @@ func (s *DependabotService) getSecret(ctx context.Context, url string) (*Secret,
 
 // GetRepoSecret gets a single repository Dependabot secret without revealing its encrypted value.
 //
-// GitHub API docs: https://docs.github.com/en/rest/dependabot/secrets#get-a-repository-secret
+// GitHub API docs: https://docs.github.com/rest/dependabot/secrets#get-a-repository-secret
+//
+//meta:operation GET /repos/{owner}/{repo}/dependabot/secrets/{secret_name}
 func (s *DependabotService) GetRepoSecret(ctx context.Context, owner, repo, name string) (*Secret, *Response, error) {
 	url := fmt.Sprintf("repos/%v/%v/dependabot/secrets/%v", owner, repo, name)
 	return s.getSecret(ctx, url)
@@ -104,7 +114,9 @@ func (s *DependabotService) GetRepoSecret(ctx context.Context, owner, repo, name
 
 // GetOrgSecret gets a single organization Dependabot secret without revealing its encrypted value.
 //
-// GitHub API docs: https://docs.github.com/en/rest/dependabot/secrets#get-an-organization-secret
+// GitHub API docs: https://docs.github.com/rest/dependabot/secrets#get-an-organization-secret
+//
+//meta:operation GET /orgs/{org}/dependabot/secrets/{secret_name}
 func (s *DependabotService) GetOrgSecret(ctx context.Context, org, name string) (*Secret, *Response, error) {
 	url := fmt.Sprintf("orgs/%v/dependabot/secrets/%v", org, name)
 	return s.getSecret(ctx, url)
@@ -134,7 +146,9 @@ func (s *DependabotService) putSecret(ctx context.Context, url string, eSecret *
 
 // CreateOrUpdateRepoSecret creates or updates a repository Dependabot secret with an encrypted value.
 //
-// GitHub API docs: https://docs.github.com/en/rest/dependabot/secrets#create-or-update-a-repository-secret
+// GitHub API docs: https://docs.github.com/rest/dependabot/secrets#create-or-update-a-repository-secret
+//
+//meta:operation PUT /repos/{owner}/{repo}/dependabot/secrets/{secret_name}
 func (s *DependabotService) CreateOrUpdateRepoSecret(ctx context.Context, owner, repo string, eSecret *DependabotEncryptedSecret) (*Response, error) {
 	url := fmt.Sprintf("repos/%v/%v/dependabot/secrets/%v", owner, repo, eSecret.Name)
 	return s.putSecret(ctx, url, eSecret)
@@ -142,7 +156,9 @@ func (s *DependabotService) CreateOrUpdateRepoSecret(ctx context.Context, owner,
 
 // CreateOrUpdateOrgSecret creates or updates an organization Dependabot secret with an encrypted value.
 //
-// GitHub API docs: https://docs.github.com/en/rest/dependabot/secrets#create-or-update-an-organization-secret
+// GitHub API docs: https://docs.github.com/rest/dependabot/secrets#create-or-update-an-organization-secret
+//
+//meta:operation PUT /orgs/{org}/dependabot/secrets/{secret_name}
 func (s *DependabotService) CreateOrUpdateOrgSecret(ctx context.Context, org string, eSecret *DependabotEncryptedSecret) (*Response, error) {
 	repoIDs := make([]string, len(eSecret.SelectedRepositoryIDs))
 	for i, secret := range eSecret.SelectedRepositoryIDs {
@@ -176,7 +192,9 @@ func (s *DependabotService) deleteSecret(ctx context.Context, url string) (*Resp
 
 // DeleteRepoSecret deletes a Dependabot secret in a repository using the secret name.
 //
-// GitHub API docs: https://docs.github.com/en/rest/dependabot/secrets#delete-a-repository-secret
+// GitHub API docs: https://docs.github.com/rest/dependabot/secrets#delete-a-repository-secret
+//
+//meta:operation DELETE /repos/{owner}/{repo}/dependabot/secrets/{secret_name}
 func (s *DependabotService) DeleteRepoSecret(ctx context.Context, owner, repo, name string) (*Response, error) {
 	url := fmt.Sprintf("repos/%v/%v/dependabot/secrets/%v", owner, repo, name)
 	return s.deleteSecret(ctx, url)
@@ -184,7 +202,9 @@ func (s *DependabotService) DeleteRepoSecret(ctx context.Context, owner, repo, n
 
 // DeleteOrgSecret deletes a Dependabot secret in an organization using the secret name.
 //
-// GitHub API docs: https://docs.github.com/en/rest/dependabot/secrets#delete-an-organization-secret
+// GitHub API docs: https://docs.github.com/rest/dependabot/secrets#delete-an-organization-secret
+//
+//meta:operation DELETE /orgs/{org}/dependabot/secrets/{secret_name}
 func (s *DependabotService) DeleteOrgSecret(ctx context.Context, org, name string) (*Response, error) {
 	url := fmt.Sprintf("orgs/%v/dependabot/secrets/%v", org, name)
 	return s.deleteSecret(ctx, url)
@@ -192,7 +212,9 @@ func (s *DependabotService) DeleteOrgSecret(ctx context.Context, org, name strin
 
 // ListSelectedReposForOrgSecret lists all repositories that have access to a Dependabot secret.
 //
-// GitHub API docs: https://docs.github.com/en/rest/dependabot/secrets#list-selected-repositories-for-an-organization-secret
+// GitHub API docs: https://docs.github.com/rest/dependabot/secrets#list-selected-repositories-for-an-organization-secret
+//
+//meta:operation GET /orgs/{org}/dependabot/secrets/{secret_name}/repositories
 func (s *DependabotService) ListSelectedReposForOrgSecret(ctx context.Context, org, name string, opts *ListOptions) (*SelectedReposList, *Response, error) {
 	url := fmt.Sprintf("orgs/%v/dependabot/secrets/%v/repositories", org, name)
 	u, err := addOptions(url, opts)
@@ -219,7 +241,9 @@ type DependabotSecretsSelectedRepoIDs []int64
 
 // SetSelectedReposForOrgSecret sets the repositories that have access to a Dependabot secret.
 //
-// GitHub API docs: https://docs.github.com/en/rest/dependabot/secrets#set-selected-repositories-for-an-organization-secret
+// GitHub API docs: https://docs.github.com/rest/dependabot/secrets#set-selected-repositories-for-an-organization-secret
+//
+//meta:operation PUT /orgs/{org}/dependabot/secrets/{secret_name}/repositories
 func (s *DependabotService) SetSelectedReposForOrgSecret(ctx context.Context, org, name string, ids DependabotSecretsSelectedRepoIDs) (*Response, error) {
 	url := fmt.Sprintf("orgs/%v/dependabot/secrets/%v/repositories", org, name)
 	type repoIDs struct {
@@ -236,7 +260,9 @@ func (s *DependabotService) SetSelectedReposForOrgSecret(ctx context.Context, or
 
 // AddSelectedRepoToOrgSecret adds a repository to an organization Dependabot secret.
 //
-// GitHub API docs: https://docs.github.com/en/rest/dependabot/secrets#add-selected-repository-to-an-organization-secret
+// GitHub API docs: https://docs.github.com/rest/dependabot/secrets#add-selected-repository-to-an-organization-secret
+//
+//meta:operation PUT /orgs/{org}/dependabot/secrets/{secret_name}/repositories/{repository_id}
 func (s *DependabotService) AddSelectedRepoToOrgSecret(ctx context.Context, org, name string, repo *Repository) (*Response, error) {
 	url := fmt.Sprintf("orgs/%v/dependabot/secrets/%v/repositories/%v", org, name, *repo.ID)
 	req, err := s.client.NewRequest("PUT", url, nil)
@@ -249,7 +275,9 @@ func (s *DependabotService) AddSelectedRepoToOrgSecret(ctx context.Context, org,
 
 // RemoveSelectedRepoFromOrgSecret removes a repository from an organization Dependabot secret.
 //
-// GitHub API docs: https://docs.github.com/en/rest/dependabot/secrets#remove-selected-repository-from-an-organization-secret
+// GitHub API docs: https://docs.github.com/rest/dependabot/secrets#remove-selected-repository-from-an-organization-secret
+//
+//meta:operation DELETE /orgs/{org}/dependabot/secrets/{secret_name}/repositories/{repository_id}
 func (s *DependabotService) RemoveSelectedRepoFromOrgSecret(ctx context.Context, org, name string, repo *Repository) (*Response, error) {
 	url := fmt.Sprintf("orgs/%v/dependabot/secrets/%v/repositories/%v", org, name, *repo.ID)
 	req, err := s.client.NewRequest("DELETE", url, nil)
diff --git a/vendor/github.com/google/go-github/v56/github/dependency_graph.go b/vendor/github.com/google/go-github/v57/github/dependency_graph.go
similarity index 92%
rename from vendor/github.com/google/go-github/v56/github/dependency_graph.go
rename to vendor/github.com/google/go-github/v57/github/dependency_graph.go
index e578965cc12..86a1fe48b98 100644
--- a/vendor/github.com/google/go-github/v56/github/dependency_graph.go
+++ b/vendor/github.com/google/go-github/v57/github/dependency_graph.go
@@ -61,7 +61,9 @@ func (s SBOM) String() string {
 
 // GetSBOM fetches the software bill of materials for a repository.
 //
-// GitHub API docs: https://docs.github.com/en/rest/dependency-graph/sboms
+// GitHub API docs: https://docs.github.com/rest/dependency-graph/sboms#export-a-software-bill-of-materials-sbom-for-a-repository
+//
+//meta:operation GET /repos/{owner}/{repo}/dependency-graph/sbom
 func (s *DependencyGraphService) GetSBOM(ctx context.Context, owner, repo string) (*SBOM, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/dependency-graph/sbom", owner, repo)
 
diff --git a/vendor/github.com/google/go-github/v56/github/doc.go b/vendor/github.com/google/go-github/v57/github/doc.go
similarity index 96%
rename from vendor/github.com/google/go-github/v56/github/doc.go
rename to vendor/github.com/google/go-github/v57/github/doc.go
index 4a9aa95c3af..ca00a4bd049 100644
--- a/vendor/github.com/google/go-github/v56/github/doc.go
+++ b/vendor/github.com/google/go-github/v57/github/doc.go
@@ -8,7 +8,7 @@ Package github provides a client for using the GitHub API.
 
 Usage:
 
-	import "github.com/google/go-github/v56/github"	// with go modules enabled (GO111MODULE=on or outside GOPATH)
+	import "github.com/google/go-github/v57/github"	// with go modules enabled (GO111MODULE=on or outside GOPATH)
 	import "github.com/google/go-github/github"     // with go modules disabled
 
 Construct a new GitHub client, then use the various services on the client to
@@ -29,7 +29,7 @@ Some API methods have optional parameters that can be passed. For example:
 
 The services of a client divide the API into logical chunks and correspond to
 the structure of the GitHub API documentation at
-https://docs.github.com/en/rest .
+https://docs.github.com/rest .
 
 NOTE: Using the https://godoc.org/context package, one can easily
 pass cancelation signals and deadlines to various services of the client for
@@ -119,7 +119,7 @@ For secondary rate limits, you can check if its type is *github.AbuseRateLimitEr
 	}
 
 Learn more about GitHub rate limiting at
-https://docs.github.com/en/rest/rate-limit .
+https://docs.github.com/rest/rate-limit .
 
 # Accepted Status
 
@@ -145,7 +145,7 @@ instead designed to work with a caching http.Transport. We recommend using
 https://github.com/gregjones/httpcache for that.
 
 Learn more about GitHub conditional requests at
-https://docs.github.com/en/rest/overview/resources-in-the-rest-api#conditional-requests.
+https://docs.github.com/rest/overview/resources-in-the-rest-api#conditional-requests.
 
 # Creating and Updating Resources
 
diff --git a/vendor/github.com/google/go-github/v56/github/emojis.go b/vendor/github.com/google/go-github/v57/github/emojis.go
similarity index 90%
rename from vendor/github.com/google/go-github/v56/github/emojis.go
rename to vendor/github.com/google/go-github/v57/github/emojis.go
index 15b57130b3b..93ef232f6c7 100644
--- a/vendor/github.com/google/go-github/v56/github/emojis.go
+++ b/vendor/github.com/google/go-github/v57/github/emojis.go
@@ -15,6 +15,8 @@ type EmojisService service
 // List returns the emojis available to use on GitHub.
 //
 // GitHub API docs: https://docs.github.com/rest/emojis/emojis#get-emojis
+//
+//meta:operation GET /emojis
 func (s *EmojisService) List(ctx context.Context) (map[string]string, *Response, error) {
 	req, err := s.client.NewRequest("GET", "emojis", nil)
 	if err != nil {
@@ -30,7 +32,8 @@ func (s *EmojisService) List(ctx context.Context) (map[string]string, *Response,
 	return emoji, resp, nil
 }
 
-// ListEmojis
+// ListEmojis returns the emojis available to use on GitHub.
+//
 // Deprecated: Use EmojisService.List instead
 func (c *Client) ListEmojis(ctx context.Context) (map[string]string, *Response, error) {
 	return c.Emojis.List(ctx)
diff --git a/vendor/github.com/google/go-github/v56/github/enterprise.go b/vendor/github.com/google/go-github/v57/github/enterprise.go
similarity index 81%
rename from vendor/github.com/google/go-github/v56/github/enterprise.go
rename to vendor/github.com/google/go-github/v57/github/enterprise.go
index 1c9b0695669..2036f8bc75d 100644
--- a/vendor/github.com/google/go-github/v56/github/enterprise.go
+++ b/vendor/github.com/google/go-github/v57/github/enterprise.go
@@ -8,5 +8,5 @@ package github
 // EnterpriseService provides access to the enterprise related functions
 // in the GitHub API.
 //
-// GitHub API docs: https://docs.github.com/en/rest/enterprise-admin/
+// GitHub API docs: https://docs.github.com/rest/enterprise-admin/
 type EnterpriseService service
diff --git a/vendor/github.com/google/go-github/v56/github/enterprise_actions_runner_groups.go b/vendor/github.com/google/go-github/v57/github/enterprise_actions_runner_groups.go
similarity index 77%
rename from vendor/github.com/google/go-github/v56/github/enterprise_actions_runner_groups.go
rename to vendor/github.com/google/go-github/v57/github/enterprise_actions_runner_groups.go
index b6bb70dae40..f171df75734 100644
--- a/vendor/github.com/google/go-github/v56/github/enterprise_actions_runner_groups.go
+++ b/vendor/github.com/google/go-github/v57/github/enterprise_actions_runner_groups.go
@@ -79,7 +79,9 @@ type ListEnterpriseRunnerGroupOptions struct {
 
 // ListRunnerGroups lists all self-hosted runner groups configured in an enterprise.
 //
-// GitHub API docs: https://docs.github.com/en/enterprise-cloud@latest/rest/actions/self-hosted-runner-groups?apiVersion=2022-11-28#list-self-hosted-runner-groups-for-an-enterprise
+// GitHub API docs: https://docs.github.com/enterprise-cloud@latest/rest/actions/self-hosted-runner-groups#list-self-hosted-runner-groups-for-an-enterprise
+//
+//meta:operation GET /enterprises/{enterprise}/actions/runner-groups
 func (s *EnterpriseService) ListRunnerGroups(ctx context.Context, enterprise string, opts *ListEnterpriseRunnerGroupOptions) (*EnterpriseRunnerGroups, *Response, error) {
 	u := fmt.Sprintf("enterprises/%v/actions/runner-groups", enterprise)
 	u, err := addOptions(u, opts)
@@ -103,7 +105,9 @@ func (s *EnterpriseService) ListRunnerGroups(ctx context.Context, enterprise str
 
 // GetEnterpriseRunnerGroup gets a specific self-hosted runner group for an enterprise using its RunnerGroup ID.
 //
-// GitHub API docs: https://docs.github.com/en/enterprise-cloud@latest/rest/actions/self-hosted-runner-groups?apiVersion=2022-11-28#get-a-self-hosted-runner-group-for-an-enterprise
+// GitHub API docs: https://docs.github.com/enterprise-cloud@latest/rest/actions/self-hosted-runner-groups#get-a-self-hosted-runner-group-for-an-enterprise
+//
+//meta:operation GET /enterprises/{enterprise}/actions/runner-groups/{runner_group_id}
 func (s *EnterpriseService) GetEnterpriseRunnerGroup(ctx context.Context, enterprise string, groupID int64) (*EnterpriseRunnerGroup, *Response, error) {
 	u := fmt.Sprintf("enterprises/%v/actions/runner-groups/%v", enterprise, groupID)
 	req, err := s.client.NewRequest("GET", u, nil)
@@ -122,7 +126,9 @@ func (s *EnterpriseService) GetEnterpriseRunnerGroup(ctx context.Context, enterp
 
 // DeleteEnterpriseRunnerGroup deletes a self-hosted runner group from an enterprise.
 //
-// GitHub API docs: https://docs.github.com/en/enterprise-cloud@latest/rest/actions/self-hosted-runner-groups?apiVersion=2022-11-28#delete-a-self-hosted-runner-group-from-an-enterprise
+// GitHub API docs: https://docs.github.com/enterprise-cloud@latest/rest/actions/self-hosted-runner-groups#delete-a-self-hosted-runner-group-from-an-enterprise
+//
+//meta:operation DELETE /enterprises/{enterprise}/actions/runner-groups/{runner_group_id}
 func (s *EnterpriseService) DeleteEnterpriseRunnerGroup(ctx context.Context, enterprise string, groupID int64) (*Response, error) {
 	u := fmt.Sprintf("enterprises/%v/actions/runner-groups/%v", enterprise, groupID)
 
@@ -136,7 +142,9 @@ func (s *EnterpriseService) DeleteEnterpriseRunnerGroup(ctx context.Context, ent
 
 // CreateEnterpriseRunnerGroup creates a new self-hosted runner group for an enterprise.
 //
-// GitHub API docs: https://docs.github.com/en/enterprise-cloud@latest/rest/actions/self-hosted-runner-groups?apiVersion=2022-11-28#create-a-self-hosted-runner-group-for-an-enterprise
+// GitHub API docs: https://docs.github.com/enterprise-cloud@latest/rest/actions/self-hosted-runner-groups#create-a-self-hosted-runner-group-for-an-enterprise
+//
+//meta:operation POST /enterprises/{enterprise}/actions/runner-groups
 func (s *EnterpriseService) CreateEnterpriseRunnerGroup(ctx context.Context, enterprise string, createReq CreateEnterpriseRunnerGroupRequest) (*EnterpriseRunnerGroup, *Response, error) {
 	u := fmt.Sprintf("enterprises/%v/actions/runner-groups", enterprise)
 	req, err := s.client.NewRequest("POST", u, createReq)
@@ -155,7 +163,9 @@ func (s *EnterpriseService) CreateEnterpriseRunnerGroup(ctx context.Context, ent
 
 // UpdateEnterpriseRunnerGroup updates a self-hosted runner group for an enterprise.
 //
-// GitHub API docs: https://docs.github.com/en/enterprise-cloud@latest/rest/actions/self-hosted-runner-groups?apiVersion=2022-11-28#update-a-self-hosted-runner-group-for-an-enterprise
+// GitHub API docs: https://docs.github.com/enterprise-cloud@latest/rest/actions/self-hosted-runner-groups#update-a-self-hosted-runner-group-for-an-enterprise
+//
+//meta:operation PATCH /enterprises/{enterprise}/actions/runner-groups/{runner_group_id}
 func (s *EnterpriseService) UpdateEnterpriseRunnerGroup(ctx context.Context, enterprise string, groupID int64, updateReq UpdateEnterpriseRunnerGroupRequest) (*EnterpriseRunnerGroup, *Response, error) {
 	u := fmt.Sprintf("enterprises/%v/actions/runner-groups/%v", enterprise, groupID)
 	req, err := s.client.NewRequest("PATCH", u, updateReq)
@@ -174,7 +184,9 @@ func (s *EnterpriseService) UpdateEnterpriseRunnerGroup(ctx context.Context, ent
 
 // ListOrganizationAccessRunnerGroup lists the organizations with access to a self-hosted runner group configured in an enterprise.
 //
-// GitHub API docs: https://docs.github.com/en/enterprise-cloud@latest/rest/actions/self-hosted-runner-groups?apiVersion=2022-11-28#list-organization-access-to-a-self-hosted-runner-group-in-an-enterprise
+// GitHub API docs: https://docs.github.com/enterprise-cloud@latest/rest/actions/self-hosted-runner-groups#list-organization-access-to-a-self-hosted-runner-group-in-an-enterprise
+//
+//meta:operation GET /enterprises/{enterprise}/actions/runner-groups/{runner_group_id}/organizations
 func (s *EnterpriseService) ListOrganizationAccessRunnerGroup(ctx context.Context, enterprise string, groupID int64, opts *ListOptions) (*ListOrganizations, *Response, error) {
 	u := fmt.Sprintf("enterprises/%v/actions/runner-groups/%v/organizations", enterprise, groupID)
 	u, err := addOptions(u, opts)
@@ -199,7 +211,9 @@ func (s *EnterpriseService) ListOrganizationAccessRunnerGroup(ctx context.Contex
 // SetOrganizationAccessRunnerGroup replaces the list of organizations that have access to a self-hosted runner group configured in an enterprise
 // with a new List of organizations.
 //
-// GitHub API docs: https://docs.github.com/en/enterprise-cloud@latest/rest/actions/self-hosted-runner-groups?apiVersion=2022-11-28#set-organization-access-for-a-self-hosted-runner-group-in-an-enterprise
+// GitHub API docs: https://docs.github.com/enterprise-cloud@latest/rest/actions/self-hosted-runner-groups#set-organization-access-for-a-self-hosted-runner-group-in-an-enterprise
+//
+//meta:operation PUT /enterprises/{enterprise}/actions/runner-groups/{runner_group_id}/organizations
 func (s *EnterpriseService) SetOrganizationAccessRunnerGroup(ctx context.Context, enterprise string, groupID int64, ids SetOrgAccessRunnerGroupRequest) (*Response, error) {
 	u := fmt.Sprintf("enterprises/%v/actions/runner-groups/%v/organizations", enterprise, groupID)
 
@@ -214,7 +228,9 @@ func (s *EnterpriseService) SetOrganizationAccessRunnerGroup(ctx context.Context
 // AddOrganizationAccessRunnerGroup adds an organization to the list of selected organizations that can access a self-hosted runner group.
 // The runner group must have visibility set to 'selected'.
 //
-// GitHub API docs: https://docs.github.com/en/enterprise-cloud@latest/rest/actions/self-hosted-runner-groups?apiVersion=2022-11-28#add-organization-access-to-a-self-hosted-runner-group-in-an-enterprise
+// GitHub API docs: https://docs.github.com/enterprise-cloud@latest/rest/actions/self-hosted-runner-groups#add-organization-access-to-a-self-hosted-runner-group-in-an-enterprise
+//
+//meta:operation PUT /enterprises/{enterprise}/actions/runner-groups/{runner_group_id}/organizations/{org_id}
 func (s *EnterpriseService) AddOrganizationAccessRunnerGroup(ctx context.Context, enterprise string, groupID, orgID int64) (*Response, error) {
 	u := fmt.Sprintf("enterprises/%v/actions/runner-groups/%v/organizations/%v", enterprise, groupID, orgID)
 
@@ -229,7 +245,9 @@ func (s *EnterpriseService) AddOrganizationAccessRunnerGroup(ctx context.Context
 // RemoveOrganizationAccessRunnerGroup removes an organization from the list of selected organizations that can access a self-hosted runner group.
 // The runner group must have visibility set to 'selected'.
 //
-// GitHub API docs: https://docs.github.com/en/enterprise-cloud@latest/rest/actions/self-hosted-runner-groups?apiVersion=2022-11-28#remove-organization-access-to-a-self-hosted-runner-group-in-an-enterprise
+// GitHub API docs: https://docs.github.com/enterprise-cloud@latest/rest/actions/self-hosted-runner-groups#remove-organization-access-to-a-self-hosted-runner-group-in-an-enterprise
+//
+//meta:operation DELETE /enterprises/{enterprise}/actions/runner-groups/{runner_group_id}/organizations/{org_id}
 func (s *EnterpriseService) RemoveOrganizationAccessRunnerGroup(ctx context.Context, enterprise string, groupID, orgID int64) (*Response, error) {
 	u := fmt.Sprintf("enterprises/%v/actions/runner-groups/%v/organizations/%v", enterprise, groupID, orgID)
 
@@ -243,7 +261,9 @@ func (s *EnterpriseService) RemoveOrganizationAccessRunnerGroup(ctx context.Cont
 
 // ListRunnerGroupRunners lists self-hosted runners that are in a specific enterprise group.
 //
-// GitHub API docs: https://docs.github.com/en/enterprise-cloud@latest/rest/actions/self-hosted-runner-groups?apiVersion=2022-11-28#list-self-hosted-runners-in-a-group-for-an-enterprise
+// GitHub API docs: https://docs.github.com/enterprise-cloud@latest/rest/actions/self-hosted-runner-groups#list-self-hosted-runners-in-a-group-for-an-enterprise
+//
+//meta:operation GET /enterprises/{enterprise}/actions/runner-groups/{runner_group_id}/runners
 func (s *EnterpriseService) ListRunnerGroupRunners(ctx context.Context, enterprise string, groupID int64, opts *ListOptions) (*Runners, *Response, error) {
 	u := fmt.Sprintf("enterprises/%v/actions/runner-groups/%v/runners", enterprise, groupID)
 	u, err := addOptions(u, opts)
@@ -268,7 +288,9 @@ func (s *EnterpriseService) ListRunnerGroupRunners(ctx context.Context, enterpri
 // SetRunnerGroupRunners replaces the list of self-hosted runners that are part of an enterprise runner group
 // with a new list of runners.
 //
-// GitHub API docs: https://docs.github.com/en/enterprise-cloud@latest/rest/actions/self-hosted-runner-groups?apiVersion=2022-11-28#set-self-hosted-runners-in-a-group-for-an-enterprise
+// GitHub API docs: https://docs.github.com/enterprise-cloud@latest/rest/actions/self-hosted-runner-groups#set-self-hosted-runners-in-a-group-for-an-enterprise
+//
+//meta:operation PUT /enterprises/{enterprise}/actions/runner-groups/{runner_group_id}/runners
 func (s *EnterpriseService) SetRunnerGroupRunners(ctx context.Context, enterprise string, groupID int64, ids SetRunnerGroupRunnersRequest) (*Response, error) {
 	u := fmt.Sprintf("enterprises/%v/actions/runner-groups/%v/runners", enterprise, groupID)
 
@@ -282,7 +304,9 @@ func (s *EnterpriseService) SetRunnerGroupRunners(ctx context.Context, enterpris
 
 // AddRunnerGroupRunners adds a self-hosted runner to a runner group configured in an enterprise.
 //
-// GitHub API docs: https://docs.github.com/en/enterprise-cloud@latest/rest/actions/self-hosted-runner-groups?apiVersion=2022-11-28#add-a-self-hosted-runner-to-a-group-for-an-enterprise
+// GitHub API docs: https://docs.github.com/enterprise-cloud@latest/rest/actions/self-hosted-runner-groups#add-a-self-hosted-runner-to-a-group-for-an-enterprise
+//
+//meta:operation PUT /enterprises/{enterprise}/actions/runner-groups/{runner_group_id}/runners/{runner_id}
 func (s *EnterpriseService) AddRunnerGroupRunners(ctx context.Context, enterprise string, groupID, runnerID int64) (*Response, error) {
 	u := fmt.Sprintf("enterprises/%v/actions/runner-groups/%v/runners/%v", enterprise, groupID, runnerID)
 
@@ -297,7 +321,9 @@ func (s *EnterpriseService) AddRunnerGroupRunners(ctx context.Context, enterpris
 // RemoveRunnerGroupRunners removes a self-hosted runner from a group configured in an enterprise.
 // The runner is then returned to the default group.
 //
-// GitHub API docs: https://docs.github.com/en/enterprise-cloud@latest/rest/actions/self-hosted-runner-groups?apiVersion=2022-11-28#remove-a-self-hosted-runner-from-a-group-for-an-enterprise
+// GitHub API docs: https://docs.github.com/enterprise-cloud@latest/rest/actions/self-hosted-runner-groups#remove-a-self-hosted-runner-from-a-group-for-an-enterprise
+//
+//meta:operation DELETE /enterprises/{enterprise}/actions/runner-groups/{runner_group_id}/runners/{runner_id}
 func (s *EnterpriseService) RemoveRunnerGroupRunners(ctx context.Context, enterprise string, groupID, runnerID int64) (*Response, error) {
 	u := fmt.Sprintf("enterprises/%v/actions/runner-groups/%v/runners/%v", enterprise, groupID, runnerID)
 
diff --git a/vendor/github.com/google/go-github/v56/github/enterprise_actions_runners.go b/vendor/github.com/google/go-github/v57/github/enterprise_actions_runners.go
similarity index 72%
rename from vendor/github.com/google/go-github/v56/github/enterprise_actions_runners.go
rename to vendor/github.com/google/go-github/v57/github/enterprise_actions_runners.go
index 6fc30d50258..4a6e6b52c10 100644
--- a/vendor/github.com/google/go-github/v56/github/enterprise_actions_runners.go
+++ b/vendor/github.com/google/go-github/v57/github/enterprise_actions_runners.go
@@ -12,7 +12,9 @@ import (
 
 // ListRunnerApplicationDownloads lists self-hosted runner application binaries that can be downloaded and run.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/self-hosted-runners#list-runner-applications-for-an-enterprise
+// GitHub API docs: https://docs.github.com/enterprise-cloud@latest/rest/actions/self-hosted-runners#list-runner-applications-for-an-enterprise
+//
+//meta:operation GET /enterprises/{enterprise}/actions/runners/downloads
 func (s *EnterpriseService) ListRunnerApplicationDownloads(ctx context.Context, enterprise string) ([]*RunnerApplicationDownload, *Response, error) {
 	u := fmt.Sprintf("enterprises/%v/actions/runners/downloads", enterprise)
 	req, err := s.client.NewRequest("GET", u, nil)
@@ -31,7 +33,9 @@ func (s *EnterpriseService) ListRunnerApplicationDownloads(ctx context.Context,
 
 // GenerateEnterpriseJITConfig generates a just-in-time configuration for an enterprise.
 //
-// GitHub API docs: https://docs.github.com/en/enterprise-cloud@latest/rest/actions/self-hosted-runners?apiVersion=2022-11-28#create-configuration-for-a-just-in-time-runner-for-an-enterprise
+// GitHub API docs: https://docs.github.com/enterprise-cloud@latest/rest/actions/self-hosted-runners#create-configuration-for-a-just-in-time-runner-for-an-enterprise
+//
+//meta:operation POST /enterprises/{enterprise}/actions/runners/generate-jitconfig
 func (s *EnterpriseService) GenerateEnterpriseJITConfig(ctx context.Context, enterprise string, request *GenerateJITConfigRequest) (*JITRunnerConfig, *Response, error) {
 	u := fmt.Sprintf("enterprises/%v/actions/runners/generate-jitconfig", enterprise)
 
@@ -51,7 +55,9 @@ func (s *EnterpriseService) GenerateEnterpriseJITConfig(ctx context.Context, ent
 
 // CreateRegistrationToken creates a token that can be used to add a self-hosted runner.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/self-hosted-runners#create-a-registration-token-for-an-enterprise
+// GitHub API docs: https://docs.github.com/enterprise-cloud@latest/rest/actions/self-hosted-runners#create-a-registration-token-for-an-enterprise
+//
+//meta:operation POST /enterprises/{enterprise}/actions/runners/registration-token
 func (s *EnterpriseService) CreateRegistrationToken(ctx context.Context, enterprise string) (*RegistrationToken, *Response, error) {
 	u := fmt.Sprintf("enterprises/%v/actions/runners/registration-token", enterprise)
 
@@ -71,7 +77,9 @@ func (s *EnterpriseService) CreateRegistrationToken(ctx context.Context, enterpr
 
 // ListRunners lists all the self-hosted runners for a enterprise.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/self-hosted-runners#list-self-hosted-runners-for-an-enterprise
+// GitHub API docs: https://docs.github.com/enterprise-cloud@latest/rest/actions/self-hosted-runners#list-self-hosted-runners-for-an-enterprise
+//
+//meta:operation GET /enterprises/{enterprise}/actions/runners
 func (s *EnterpriseService) ListRunners(ctx context.Context, enterprise string, opts *ListOptions) (*Runners, *Response, error) {
 	u := fmt.Sprintf("enterprises/%v/actions/runners", enterprise)
 	u, err := addOptions(u, opts)
@@ -95,7 +103,9 @@ func (s *EnterpriseService) ListRunners(ctx context.Context, enterprise string,
 
 // RemoveRunner forces the removal of a self-hosted runner from an enterprise using the runner id.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/self-hosted-runners#delete-a-self-hosted-runner-from-an-enterprise
+// GitHub API docs: https://docs.github.com/enterprise-cloud@latest/rest/actions/self-hosted-runners#delete-a-self-hosted-runner-from-an-enterprise
+//
+//meta:operation DELETE /enterprises/{enterprise}/actions/runners/{runner_id}
 func (s *EnterpriseService) RemoveRunner(ctx context.Context, enterprise string, runnerID int64) (*Response, error) {
 	u := fmt.Sprintf("enterprises/%v/actions/runners/%v", enterprise, runnerID)
 
diff --git a/vendor/github.com/google/go-github/v56/github/enterprise_audit_log.go b/vendor/github.com/google/go-github/v57/github/enterprise_audit_log.go
similarity index 80%
rename from vendor/github.com/google/go-github/v56/github/enterprise_audit_log.go
rename to vendor/github.com/google/go-github/v57/github/enterprise_audit_log.go
index 40648673385..058a7d17786 100644
--- a/vendor/github.com/google/go-github/v56/github/enterprise_audit_log.go
+++ b/vendor/github.com/google/go-github/v57/github/enterprise_audit_log.go
@@ -12,7 +12,9 @@ import (
 
 // GetAuditLog gets the audit-log entries for an organization.
 //
-// GitHub API docs: https://docs.github.com/en/rest/enterprise-admin/audit-log#get-the-audit-log-for-an-enterprise
+// GitHub API docs: https://docs.github.com/enterprise-cloud@latest/rest/enterprise-admin/audit-log#get-the-audit-log-for-an-enterprise
+//
+//meta:operation GET /enterprises/{enterprise}/audit-log
 func (s *EnterpriseService) GetAuditLog(ctx context.Context, enterprise string, opts *GetAuditLogOptions) ([]*AuditEntry, *Response, error) {
 	u := fmt.Sprintf("enterprises/%v/audit-log", enterprise)
 	u, err := addOptions(u, opts)
diff --git a/vendor/github.com/google/go-github/v56/github/enterprise_code_security_and_analysis.go b/vendor/github.com/google/go-github/v57/github/enterprise_code_security_and_analysis.go
similarity index 78%
rename from vendor/github.com/google/go-github/v56/github/enterprise_code_security_and_analysis.go
rename to vendor/github.com/google/go-github/v57/github/enterprise_code_security_and_analysis.go
index 3980a86aa4b..af8eb0ffb2f 100644
--- a/vendor/github.com/google/go-github/v56/github/enterprise_code_security_and_analysis.go
+++ b/vendor/github.com/google/go-github/v57/github/enterprise_code_security_and_analysis.go
@@ -20,7 +20,9 @@ type EnterpriseSecurityAnalysisSettings struct {
 
 // GetCodeSecurityAndAnalysis gets code security and analysis features for an enterprise.
 //
-// GitHub API docs: https://docs.github.com/en/rest/enterprise-admin/code-security-and-analysis?apiVersion=2022-11-28#get-code-security-and-analysis-features-for-an-enterprise
+// GitHub API docs: https://docs.github.com/enterprise-cloud@latest/rest/enterprise-admin/code-security-and-analysis#get-code-security-and-analysis-features-for-an-enterprise
+//
+//meta:operation GET /enterprises/{enterprise}/code_security_and_analysis
 func (s *EnterpriseService) GetCodeSecurityAndAnalysis(ctx context.Context, enterprise string) (*EnterpriseSecurityAnalysisSettings, *Response, error) {
 	u := fmt.Sprintf("enterprises/%v/code_security_and_analysis", enterprise)
 
@@ -40,7 +42,9 @@ func (s *EnterpriseService) GetCodeSecurityAndAnalysis(ctx context.Context, ente
 
 // UpdateCodeSecurityAndAnalysis updates code security and analysis features for new repositories in an enterprise.
 //
-// GitHub API docs: https://docs.github.com/en/rest/enterprise-admin/code-security-and-analysis?apiVersion=2022-11-28#update-code-security-and-analysis-features-for-an-enterprise
+// GitHub API docs: https://docs.github.com/enterprise-cloud@latest/rest/enterprise-admin/code-security-and-analysis#update-code-security-and-analysis-features-for-an-enterprise
+//
+//meta:operation PATCH /enterprises/{enterprise}/code_security_and_analysis
 func (s *EnterpriseService) UpdateCodeSecurityAndAnalysis(ctx context.Context, enterprise string, settings *EnterpriseSecurityAnalysisSettings) (*Response, error) {
 	u := fmt.Sprintf("enterprises/%v/code_security_and_analysis", enterprise)
 	req, err := s.client.NewRequest("PATCH", u, settings)
@@ -61,7 +65,9 @@ func (s *EnterpriseService) UpdateCodeSecurityAndAnalysis(ctx context.Context, e
 // Valid values for securityProduct: "advanced_security", "secret_scanning", "secret_scanning_push_protection".
 // Valid values for enablement:  "enable_all", "disable_all".
 //
-// GitHub API docs: https://docs.github.com/en/enterprise-cloud@latest/rest/enterprise-admin/code-security-and-analysis?apiVersion=2022-11-28#enable-or-disable-a-security-feature
+// GitHub API docs: https://docs.github.com/enterprise-cloud@latest/rest/enterprise-admin/code-security-and-analysis#enable-or-disable-a-security-feature
+//
+//meta:operation POST /enterprises/{enterprise}/{security_product}/{enablement}
 func (s *EnterpriseService) EnableDisableSecurityFeature(ctx context.Context, enterprise, securityProduct, enablement string) (*Response, error) {
 	u := fmt.Sprintf("enterprises/%v/%v/%v", enterprise, securityProduct, enablement)
 	req, err := s.client.NewRequest("POST", u, nil)
diff --git a/vendor/github.com/google/go-github/v56/github/event.go b/vendor/github.com/google/go-github/v57/github/event.go
similarity index 100%
rename from vendor/github.com/google/go-github/v56/github/event.go
rename to vendor/github.com/google/go-github/v57/github/event.go
diff --git a/vendor/github.com/google/go-github/v56/github/event_types.go b/vendor/github.com/google/go-github/v57/github/event_types.go
similarity index 90%
rename from vendor/github.com/google/go-github/v56/github/event_types.go
rename to vendor/github.com/google/go-github/v57/github/event_types.go
index e91d22686ff..badd29b2a01 100644
--- a/vendor/github.com/google/go-github/v56/github/event_types.go
+++ b/vendor/github.com/google/go-github/v57/github/event_types.go
@@ -18,7 +18,7 @@ type RequestedAction struct {
 // BranchProtectionRuleEvent triggered when a check suite is "created", "edited", or "deleted".
 // The Webhook event name is "branch_protection_rule".
 //
-// GitHub API docs: https://docs.github.com/en/developers/webhooks-and-events/webhooks/webhook-events-and-payloads#branch_protection_rule
+// GitHub API docs: https://docs.github.com/developers/webhooks-and-events/webhooks/webhook-events-and-payloads#branch_protection_rule
 type BranchProtectionRuleEvent struct {
 	Action       *string               `json:"action,omitempty"`
 	Rule         *BranchProtectionRule `json:"rule,omitempty"`
@@ -32,7 +32,7 @@ type BranchProtectionRuleEvent struct {
 // CheckRunEvent is triggered when a check run is "created", "completed", or "rerequested".
 // The Webhook event name is "check_run".
 //
-// GitHub API docs: https://docs.github.com/en/developers/webhooks-and-events/webhook-events-and-payloads#check_run
+// GitHub API docs: https://docs.github.com/developers/webhooks-and-events/webhook-events-and-payloads#check_run
 type CheckRunEvent struct {
 	CheckRun *CheckRun `json:"check_run,omitempty"`
 	// The action performed. Possible values are: "created", "completed", "rerequested" or "requested_action".
@@ -51,7 +51,7 @@ type CheckRunEvent struct {
 // CheckSuiteEvent is triggered when a check suite is "completed", "requested", or "rerequested".
 // The Webhook event name is "check_suite".
 //
-// GitHub API docs: https://docs.github.com/en/developers/webhooks-and-events/webhook-events-and-payloads#check_suite
+// GitHub API docs: https://docs.github.com/developers/webhooks-and-events/webhook-events-and-payloads#check_suite
 type CheckSuiteEvent struct {
 	CheckSuite *CheckSuite `json:"check_suite,omitempty"`
 	// The action performed. Possible values are: "completed", "requested" or "rerequested".
@@ -67,7 +67,7 @@ type CheckSuiteEvent struct {
 // CommitCommentEvent is triggered when a commit comment is created.
 // The Webhook event name is "commit_comment".
 //
-// GitHub API docs: https://docs.github.com/en/developers/webhooks-and-events/webhook-events-and-payloads#commit_comment
+// GitHub API docs: https://docs.github.com/developers/webhooks-and-events/webhook-events-and-payloads#commit_comment
 type CommitCommentEvent struct {
 	Comment *RepositoryComment `json:"comment,omitempty"`
 
@@ -103,7 +103,7 @@ type ContentReferenceEvent struct {
 // Additionally, webhooks will not receive this event for tags if more
 // than three tags are pushed at once.
 //
-// GitHub API docs: https://docs.github.com/en/developers/webhooks-and-events/github-event-types#createevent
+// GitHub API docs: https://docs.github.com/developers/webhooks-and-events/github-event-types#createevent
 type CreateEvent struct {
 	Ref *string `json:"ref,omitempty"`
 	// RefType is the object that was created. Possible values are: "repository", "branch", "tag".
@@ -125,7 +125,7 @@ type CreateEvent struct {
 // Note: webhooks will not receive this event for tags if more than three tags
 // are deleted at once.
 //
-// GitHub API docs: https://docs.github.com/en/developers/webhooks-and-events/github-event-types#deleteevent
+// GitHub API docs: https://docs.github.com/developers/webhooks-and-events/github-event-types#deleteevent
 type DeleteEvent struct {
 	Ref *string `json:"ref,omitempty"`
 	// RefType is the object that was deleted. Possible values are: "branch", "tag".
@@ -145,7 +145,7 @@ type DeleteEvent struct {
 // DependabotAlertEvent is triggered when there is activity relating to Dependabot alerts.
 // The Webhook event name is "dependabot_alert".
 //
-// GitHub API docs: https://docs.github.com/en/webhooks-and-events/webhooks/webhook-events-and-payloads#dependabot_alert
+// GitHub API docs: https://docs.github.com/webhooks-and-events/webhooks/webhook-events-and-payloads#dependabot_alert
 type DependabotAlertEvent struct {
 	Action *string          `json:"action,omitempty"`
 	Alert  *DependabotAlert `json:"alert,omitempty"`
@@ -164,7 +164,7 @@ type DependabotAlertEvent struct {
 // DeployKeyEvent is triggered when a deploy key is added or removed from a repository.
 // The Webhook event name is "deploy_key".
 //
-// GitHub API docs: https://docs.github.com/en/developers/webhooks-and-events/webhook-events-and-payloads#deploy_key
+// GitHub API docs: https://docs.github.com/developers/webhooks-and-events/webhook-events-and-payloads#deploy_key
 type DeployKeyEvent struct {
 	// Action is the action that was performed. Possible values are:
 	// "created" or "deleted".
@@ -190,7 +190,7 @@ type DeployKeyEvent struct {
 //
 // Events of this type are not visible in timelines, they are only used to trigger hooks.
 //
-// GitHub API docs: https://docs.github.com/en/developers/webhooks-and-events/webhook-events-and-payloads#deployment
+// GitHub API docs: https://docs.github.com/developers/webhooks-and-events/webhook-events-and-payloads#deployment
 type DeploymentEvent struct {
 	Deployment  *Deployment  `json:"deployment,omitempty"`
 	Repo        *Repository  `json:"repository,omitempty"`
@@ -230,7 +230,7 @@ type DeploymentProtectionRuleEvent struct {
 //
 // Events of this type are not visible in timelines, they are only used to trigger hooks.
 //
-// GitHub API docs: https://docs.github.com/en/developers/webhooks-and-events/webhook-events-and-payloads#deployment_status
+// GitHub API docs: https://docs.github.com/developers/webhooks-and-events/webhook-events-and-payloads#deployment_status
 type DeploymentStatusEvent struct {
 	Deployment       *Deployment       `json:"deployment,omitempty"`
 	DeploymentStatus *DeploymentStatus `json:"deployment_status,omitempty"`
@@ -281,7 +281,7 @@ type CommentDiscussion struct {
 // DiscussionEvent represents a webhook event for a discussion.
 // The Webhook event name is "discussion".
 //
-// GitHub API docs: https://docs.github.com/en/developers/webhooks-and-events/webhooks/webhook-events-and-payloads#discussion
+// GitHub API docs: https://docs.github.com/developers/webhooks-and-events/webhooks/webhook-events-and-payloads#discussion
 type DiscussionEvent struct {
 	// Action is the action that was performed. Possible values are:
 	// created, edited, deleted, pinned, unpinned, locked, unlocked,
@@ -334,7 +334,7 @@ type DiscussionCategory struct {
 // ForkEvent is triggered when a user forks a repository.
 // The Webhook event name is "fork".
 //
-// GitHub API docs: https://docs.github.com/en/developers/webhooks-and-events/webhook-events-and-payloads#fork
+// GitHub API docs: https://docs.github.com/developers/webhooks-and-events/webhook-events-and-payloads#fork
 type ForkEvent struct {
 	// Forkee is the created repository.
 	Forkee *Repository `json:"forkee,omitempty"`
@@ -348,7 +348,7 @@ type ForkEvent struct {
 // GitHubAppAuthorizationEvent is triggered when a user's authorization for a
 // GitHub Application is revoked.
 //
-// GitHub API docs: https://docs.github.com/en/developers/webhooks-and-events/webhook-events-and-payloads#github_app_authorization
+// GitHub API docs: https://docs.github.com/developers/webhooks-and-events/webhook-events-and-payloads#github_app_authorization
 type GitHubAppAuthorizationEvent struct {
 	// The action performed. Possible value is: "revoked".
 	Action *string `json:"action,omitempty"`
@@ -371,7 +371,7 @@ type Page struct {
 // GollumEvent is triggered when a Wiki page is created or updated.
 // The Webhook event name is "gollum".
 //
-// GitHub API docs: https://docs.github.com/en/developers/webhooks-and-events/webhook-events-and-payloads#gollum
+// GitHub API docs: https://docs.github.com/developers/webhooks-and-events/webhook-events-and-payloads#gollum
 type GollumEvent struct {
 	Pages []*Page `json:"pages,omitempty"`
 
@@ -388,11 +388,12 @@ type GollumEvent struct {
 // EditChange represents the changes when an issue, pull request, comment,
 // or repository has been edited.
 type EditChange struct {
-	Title *EditTitle `json:"title,omitempty"`
-	Body  *EditBody  `json:"body,omitempty"`
-	Base  *EditBase  `json:"base,omitempty"`
-	Repo  *EditRepo  `json:"repository,omitempty"`
-	Owner *EditOwner `json:"owner,omitempty"`
+	Title         *EditTitle         `json:"title,omitempty"`
+	Body          *EditBody          `json:"body,omitempty"`
+	Base          *EditBase          `json:"base,omitempty"`
+	Repo          *EditRepo          `json:"repository,omitempty"`
+	Owner         *EditOwner         `json:"owner,omitempty"`
+	DefaultBranch *EditDefaultBranch `json:"default_branch,omitempty"`
 }
 
 // EditTitle represents a pull-request title change.
@@ -442,6 +443,11 @@ type EditSHA struct {
 	From *string `json:"from,omitempty"`
 }
 
+// EditDefaultBranch represents a change of repository's default branch name.
+type EditDefaultBranch struct {
+	From *string `json:"from,omitempty"`
+}
+
 // ProjectChange represents the changes when a project has been edited.
 type ProjectChange struct {
 	Name *ProjectName `json:"name,omitempty"`
@@ -522,7 +528,7 @@ type TeamPermissionsFrom struct {
 // or new permissions have been accepted.
 // The Webhook event name is "installation".
 //
-// GitHub API docs: https://docs.github.com/en/developers/webhooks-and-events/webhook-events-and-payloads#installation
+// GitHub API docs: https://docs.github.com/developers/webhooks-and-events/webhook-events-and-payloads#installation
 type InstallationEvent struct {
 	// The action that was performed. Can be either "created", "deleted", "suspend", "unsuspend" or "new_permissions_accepted".
 	Action       *string       `json:"action,omitempty"`
@@ -539,7 +545,7 @@ type InstallationEvent struct {
 // InstallationRepositoriesEvent is triggered when a repository is added or
 // removed from an installation. The Webhook event name is "installation_repositories".
 //
-// GitHub API docs: https://docs.github.com/en/developers/webhooks-and-events/webhook-events-and-payloads#installation_repositories
+// GitHub API docs: https://docs.github.com/developers/webhooks-and-events/webhook-events-and-payloads#installation_repositories
 type InstallationRepositoriesEvent struct {
 	// The action that was performed. Can be either "added" or "removed".
 	Action              *string       `json:"action,omitempty"`
@@ -573,7 +579,7 @@ type InstallationChanges struct {
 // InstallationTargetEvent is triggered when there is activity on an installation from a user or organization account.
 // The Webhook event name is "installation_target".
 //
-// GitHub API docs: https://docs.github.com/en/webhooks-and-events/webhooks/webhook-events-and-payloads#installation_target
+// GitHub API docs: https://docs.github.com/webhooks-and-events/webhooks/webhook-events-and-payloads#installation_target
 type InstallationTargetEvent struct {
 	Account      *User                `json:"account,omitempty"`
 	Action       *string              `json:"action,omitempty"`
@@ -590,7 +596,7 @@ type InstallationTargetEvent struct {
 // or pull request.
 // The Webhook event name is "issue_comment".
 //
-// GitHub API docs: https://docs.github.com/en/developers/webhooks-and-events/webhook-events-and-payloads#issue_comment
+// GitHub API docs: https://docs.github.com/developers/webhooks-and-events/webhook-events-and-payloads#issue_comment
 type IssueCommentEvent struct {
 	// Action is the action that was performed on the comment.
 	// Possible values are: "created", "edited", "deleted".
@@ -614,7 +620,7 @@ type IssueCommentEvent struct {
 // locked, unlocked, milestoned, or demilestoned.
 // The Webhook event name is "issues".
 //
-// GitHub API docs: https://docs.github.com/en/developers/webhooks-and-events/webhook-events-and-payloads#issues
+// GitHub API docs: https://docs.github.com/developers/webhooks-and-events/webhook-events-and-payloads#issues
 type IssuesEvent struct {
 	// Action is the action that was performed. Possible values are: "opened",
 	// "edited", "deleted", "transferred", "pinned", "unpinned", "closed", "reopened",
@@ -640,7 +646,7 @@ type IssuesEvent struct {
 // LabelEvent is triggered when a repository's label is created, edited, or deleted.
 // The Webhook event name is "label"
 //
-// GitHub API docs: https://docs.github.com/en/developers/webhooks-and-events/webhook-events-and-payloads#label
+// GitHub API docs: https://docs.github.com/developers/webhooks-and-events/webhook-events-and-payloads#label
 type LabelEvent struct {
 	// Action is the action that was performed. Possible values are:
 	// "created", "edited", "deleted"
@@ -659,7 +665,7 @@ type LabelEvent struct {
 // their GitHub Marketplace plan.
 // Webhook event name "marketplace_purchase".
 //
-// GitHub API docs: https://docs.github.com/en/developers/webhooks-and-events/webhook-events-and-payloads#marketplace_purchase
+// GitHub API docs: https://docs.github.com/developers/webhooks-and-events/webhook-events-and-payloads#marketplace_purchase
 type MarketplacePurchaseEvent struct {
 	// Action is the action that was performed. Possible values are:
 	// "purchased", "cancelled", "pending_change", "pending_change_cancelled", "changed".
@@ -680,7 +686,7 @@ type MarketplacePurchaseEvent struct {
 // MemberEvent is triggered when a user is added as a collaborator to a repository.
 // The Webhook event name is "member".
 //
-// GitHub API docs: https://docs.github.com/en/developers/webhooks-and-events/webhook-events-and-payloads#member
+// GitHub API docs: https://docs.github.com/developers/webhooks-and-events/webhook-events-and-payloads#member
 type MemberEvent struct {
 	// Action is the action that was performed. Possible value is: "added".
 	Action *string `json:"action,omitempty"`
@@ -702,7 +708,7 @@ type MemberEvent struct {
 // Events of this type are not visible in timelines, they are only used to
 // trigger organization webhooks.
 //
-// GitHub API docs: https://docs.github.com/en/developers/webhooks-and-events/webhook-events-and-payloads#membership
+// GitHub API docs: https://docs.github.com/developers/webhooks-and-events/webhook-events-and-payloads#membership
 type MembershipEvent struct {
 	// Action is the action that was performed. Possible values are: "added", "removed".
 	Action *string `json:"action,omitempty"`
@@ -734,7 +740,7 @@ type MergeGroup struct {
 // MergeGroupEvent represents activity related to merge groups in a merge queue. The type of activity is specified
 // in the action property of the payload object.
 //
-// GitHub API docs: https://docs.github.com/en/developers/webhooks-and-events/webhook-events-and-payloads#merge_group
+// GitHub API docs: https://docs.github.com/developers/webhooks-and-events/webhook-events-and-payloads#merge_group
 type MergeGroupEvent struct {
 	// The action that was performed. Currently, can only be checks_requested.
 	Action *string `json:"action,omitempty"`
@@ -753,7 +759,7 @@ type MergeGroupEvent struct {
 // Therefore, it must be selected for each hook that you'd like to receive meta events for.
 // The Webhook event name is "meta".
 //
-// GitHub API docs: https://docs.github.com/en/developers/webhooks-and-events/webhook-events-and-payloads#meta
+// GitHub API docs: https://docs.github.com/developers/webhooks-and-events/webhook-events-and-payloads#meta
 type MetaEvent struct {
 	// Action is the action that was performed. Possible value is: "deleted".
 	Action *string `json:"action,omitempty"`
@@ -774,7 +780,7 @@ type MetaEvent struct {
 // MilestoneEvent is triggered when a milestone is created, closed, opened, edited, or deleted.
 // The Webhook event name is "milestone".
 //
-// GitHub API docs: https://docs.github.com/en/developers/webhooks-and-events/webhook-events-and-payloads#milestone
+// GitHub API docs: https://docs.github.com/developers/webhooks-and-events/webhook-events-and-payloads#milestone
 type MilestoneEvent struct {
 	// Action is the action that was performed. Possible values are:
 	// "created", "closed", "opened", "edited", "deleted"
@@ -794,7 +800,7 @@ type MilestoneEvent struct {
 // Events of this type are not visible in timelines. These events are only used to trigger organization hooks.
 // Webhook event name is "organization".
 //
-// GitHub API docs: https://docs.github.com/en/developers/webhooks-and-events/webhook-events-and-payloads#organization
+// GitHub API docs: https://docs.github.com/developers/webhooks-and-events/webhook-events-and-payloads#organization
 type OrganizationEvent struct {
 	// Action is the action that was performed.
 	// Possible values are: "deleted", "renamed", "member_added", "member_removed", or "member_invited".
@@ -815,7 +821,7 @@ type OrganizationEvent struct {
 // OrgBlockEvent is triggered when an organization blocks or unblocks a user.
 // The Webhook event name is "org_block".
 //
-// GitHub API docs: https://docs.github.com/en/developers/webhooks-and-events/webhook-events-and-payloads#org_block
+// GitHub API docs: https://docs.github.com/developers/webhooks-and-events/webhook-events-and-payloads#org_block
 type OrgBlockEvent struct {
 	// Action is the action that was performed.
 	// Can be "blocked" or "unblocked".
@@ -856,7 +862,7 @@ type PackageEvent struct {
 //
 // Events of this type are not visible in timelines, they are only used to trigger hooks.
 //
-// GitHub API docs: https://docs.github.com/en/developers/webhooks-and-events/webhook-events-and-payloads#page_build
+// GitHub API docs: https://docs.github.com/developers/webhooks-and-events/webhook-events-and-payloads#page_build
 type PageBuildEvent struct {
 	Build *PagesBuild `json:"build,omitempty"`
 
@@ -876,7 +882,7 @@ type PageBuildEvent struct {
 // belong to a resource owner that requires approval for token access.
 // The webhook event name is "personal_access_token_request".
 //
-// GitHub API docs: https://docs.github.com/en/webhooks-and-events/webhooks/webhook-events-and-payloads#personal_access_token_request
+// GitHub API docs: https://docs.github.com/webhooks-and-events/webhooks/webhook-events-and-payloads#personal_access_token_request
 type PersonalAccessTokenRequestEvent struct {
 	// Action is the action that was performed. Possible values are:
 	// "approved", "cancelled", "created" or "denied"
@@ -964,7 +970,7 @@ type PingEvent struct {
 // ProjectEvent is triggered when project is created, modified or deleted.
 // The webhook event name is "project".
 //
-// GitHub API docs: https://docs.github.com/en/developers/webhooks-and-events/webhook-events-and-payloads#project
+// GitHub API docs: https://docs.github.com/developers/webhooks-and-events/webhook-events-and-payloads#project
 type ProjectEvent struct {
 	Action  *string        `json:"action,omitempty"`
 	Changes *ProjectChange `json:"changes,omitempty"`
@@ -980,7 +986,7 @@ type ProjectEvent struct {
 // ProjectCardEvent is triggered when a project card is created, updated, moved, converted to an issue, or deleted.
 // The webhook event name is "project_card".
 //
-// GitHub API docs: https://docs.github.com/en/developers/webhooks-and-events/webhook-events-and-payloads#project_card
+// GitHub API docs: https://docs.github.com/developers/webhooks-and-events/webhook-events-and-payloads#project_card
 type ProjectCardEvent struct {
 	Action      *string            `json:"action,omitempty"`
 	Changes     *ProjectCardChange `json:"changes,omitempty"`
@@ -997,7 +1003,7 @@ type ProjectCardEvent struct {
 // ProjectColumnEvent is triggered when a project column is created, updated, moved, or deleted.
 // The webhook event name is "project_column".
 //
-// GitHub API docs: https://docs.github.com/en/developers/webhooks-and-events/webhook-events-and-payloads#project_column
+// GitHub API docs: https://docs.github.com/developers/webhooks-and-events/webhook-events-and-payloads#project_column
 type ProjectColumnEvent struct {
 	Action        *string              `json:"action,omitempty"`
 	Changes       *ProjectColumnChange `json:"changes,omitempty"`
@@ -1014,7 +1020,7 @@ type ProjectColumnEvent struct {
 // ProjectV2Event is triggered when there is activity relating to an organization-level project.
 // The Webhook event name is "projects_v2".
 //
-// GitHub API docs: https://docs.github.com/en/developers/webhooks-and-events/webhooks/webhook-events-and-payloads#projects_v2
+// GitHub API docs: https://docs.github.com/developers/webhooks-and-events/webhooks/webhook-events-and-payloads#projects_v2
 type ProjectV2Event struct {
 	Action     *string     `json:"action,omitempty"`
 	ProjectsV2 *ProjectsV2 `json:"projects_v2,omitempty"`
@@ -1046,7 +1052,7 @@ type ProjectsV2 struct {
 // ProjectV2ItemEvent is triggered when there is activity relating to an item on an organization-level project.
 // The Webhook event name is "projects_v2_item".
 //
-// GitHub API docs: https://docs.github.com/en/developers/webhooks-and-events/webhooks/webhook-events-and-payloads#projects_v2_item
+// GitHub API docs: https://docs.github.com/developers/webhooks-and-events/webhooks/webhook-events-and-payloads#projects_v2_item
 type ProjectV2ItemEvent struct {
 	Action        *string              `json:"action,omitempty"`
 	Changes       *ProjectV2ItemChange `json:"changes,omitempty"`
@@ -1069,7 +1075,7 @@ type ArchivedAt struct {
 	To   *Timestamp `json:"to,omitempty"`
 }
 
-// ProjectsV2 represents an item belonging to a project.
+// ProjectV2Item represents an item belonging to a project.
 type ProjectV2Item struct {
 	ID            *int64     `json:"id,omitempty"`
 	NodeID        *string    `json:"node_id,omitempty"`
@@ -1086,7 +1092,7 @@ type ProjectV2Item struct {
 // According to GitHub: "Without a doubt: the best GitHub event."
 // The Webhook event name is "public".
 //
-// GitHub API docs: https://docs.github.com/en/developers/webhooks-and-events/webhook-events-and-payloads#public
+// GitHub API docs: https://docs.github.com/developers/webhooks-and-events/webhook-events-and-payloads#public
 type PublicEvent struct {
 	// The following fields are only populated by Webhook events.
 	Repo         *Repository   `json:"repository,omitempty"`
@@ -1103,7 +1109,7 @@ type PublicEvent struct {
 // locked, unlocked, a pull request review is requested, or a review request is removed.
 // The Webhook event name is "pull_request".
 //
-// GitHub API docs: https://docs.github.com/en/developers/webhooks-and-events/github-event-types#pullrequestevent
+// GitHub API docs: https://docs.github.com/developers/webhooks-and-events/github-event-types#pullrequestevent
 type PullRequestEvent struct {
 	// Action is the action that was performed. Possible values are:
 	// "assigned", "unassigned", "review_requested", "review_request_removed", "labeled", "unlabeled",
@@ -1147,7 +1153,7 @@ type PullRequestEvent struct {
 // request.
 // The Webhook event name is "pull_request_review".
 //
-// GitHub API docs: https://docs.github.com/en/developers/webhooks-and-events/webhook-events-and-payloads#pull_request_review
+// GitHub API docs: https://docs.github.com/developers/webhooks-and-events/webhook-events-and-payloads#pull_request_review
 type PullRequestReviewEvent struct {
 	// Action is always "submitted".
 	Action      *string            `json:"action,omitempty"`
@@ -1168,7 +1174,7 @@ type PullRequestReviewEvent struct {
 // portion of the unified diff of a pull request.
 // The Webhook event name is "pull_request_review_comment".
 //
-// GitHub API docs: https://docs.github.com/en/developers/webhooks-and-events/webhook-events-and-payloads#pull_request_review_comment
+// GitHub API docs: https://docs.github.com/developers/webhooks-and-events/webhook-events-and-payloads#pull_request_review_comment
 type PullRequestReviewCommentEvent struct {
 	// Action is the action that was performed on the comment.
 	// Possible values are: "created", "edited", "deleted".
@@ -1191,7 +1197,7 @@ type PullRequestReviewCommentEvent struct {
 // review of a pull request is marked resolved or unresolved.
 // The Webhook event name is "pull_request_review_thread".
 //
-// GitHub API docs: https://docs.github.com/en/developers/webhooks-and-events/webhook-events-and-payloads#pull_request_review_thread
+// GitHub API docs: https://docs.github.com/developers/webhooks-and-events/webhook-events-and-payloads#pull_request_review_thread
 type PullRequestReviewThreadEvent struct {
 	// Action is the action that was performed on the comment.
 	// Possible values are: "resolved", "unresolved".
@@ -1214,7 +1220,7 @@ type PullRequestReviewThreadEvent struct {
 // locked, unlocked, a pull request review is requested, or a review request is removed.
 // The Webhook event name is "pull_request_target".
 //
-// GitHub API docs: https://docs.github.com/en/actions/events-that-trigger-workflows#pull_request_target
+// GitHub API docs: https://docs.github.com/actions/events-that-trigger-workflows#pull_request_target
 type PullRequestTargetEvent struct {
 	// Action is the action that was performed. Possible values are:
 	// "assigned", "unassigned", "labeled", "unlabeled", "opened", "edited", "closed", "reopened",
@@ -1256,7 +1262,7 @@ type PullRequestTargetEvent struct {
 
 // PushEvent represents a git push to a GitHub repository.
 //
-// GitHub API docs: https://docs.github.com/en/developers/webhooks-and-events/webhook-events-and-payloads#push
+// GitHub API docs: https://docs.github.com/developers/webhooks-and-events/webhook-events-and-payloads#push
 type PushEvent struct {
 	PushID       *int64        `json:"push_id,omitempty"`
 	Head         *string       `json:"head,omitempty"`
@@ -1276,7 +1282,7 @@ type PushEvent struct {
 	Compare      *string              `json:"compare,omitempty"`
 	Repo         *PushEventRepository `json:"repository,omitempty"`
 	HeadCommit   *HeadCommit          `json:"head_commit,omitempty"`
-	Pusher       *User                `json:"pusher,omitempty"`
+	Pusher       *CommitAuthor        `json:"pusher,omitempty"`
 	Sender       *User                `json:"sender,omitempty"`
 	Installation *Installation        `json:"installation,omitempty"`
 
@@ -1364,7 +1370,7 @@ type PushEventRepoOwner struct {
 // edited, deleted, or prereleased.
 // The Webhook event name is "release".
 //
-// GitHub API docs: https://docs.github.com/en/developers/webhooks-and-events/webhook-events-and-payloads#release
+// GitHub API docs: https://docs.github.com/developers/webhooks-and-events/webhook-events-and-payloads#release
 type ReleaseEvent struct {
 	// Action is the action that was performed. Possible values are: "published", "unpublished",
 	// "created", "edited", "deleted", or "prereleased".
@@ -1389,7 +1395,7 @@ type ReleaseEvent struct {
 // Events of this type are not visible in timelines, they are only used to
 // trigger organization webhooks.
 //
-// GitHub API docs: https://docs.github.com/en/developers/webhooks-and-events/webhook-events-and-payloads#repository
+// GitHub API docs: https://docs.github.com/developers/webhooks-and-events/webhook-events-and-payloads#repository
 type RepositoryEvent struct {
 	// Action is the action that was performed. Possible values are: "created",
 	// "deleted" (organization hooks only), "archived", "unarchived", "edited", "renamed",
@@ -1406,7 +1412,7 @@ type RepositoryEvent struct {
 
 // RepositoryDispatchEvent is triggered when a client sends a POST request to the repository dispatch event endpoint.
 //
-// GitHub API docs: https://docs.github.com/en/developers/webhooks-and-events/webhook-events-and-payloads#repository_dispatch
+// GitHub API docs: https://docs.github.com/developers/webhooks-and-events/webhook-events-and-payloads#repository_dispatch
 type RepositoryDispatchEvent struct {
 	// Action is the event_type that submitted with the repository dispatch payload. Value can be any string.
 	Action        *string         `json:"action,omitempty"`
@@ -1422,7 +1428,7 @@ type RepositoryDispatchEvent struct {
 
 // RepositoryImportEvent represents the activity related to a repository being imported to GitHub.
 //
-// GitHub API docs: https://docs.github.com/en/developers/webhooks-and-events/webhooks/webhook-events-and-payloads#repository_import
+// GitHub API docs: https://docs.github.com/developers/webhooks-and-events/webhooks/webhook-events-and-payloads#repository_import
 type RepositoryImportEvent struct {
 	// Status represents the final state of the import. This can be one of "success", "cancelled", or "failure".
 	Status *string       `json:"status,omitempty"`
@@ -1433,7 +1439,7 @@ type RepositoryImportEvent struct {
 
 // RepositoryVulnerabilityAlertEvent is triggered when a security alert is created, dismissed, or resolved.
 //
-// GitHub API docs: https://docs.github.com/en/developers/webhooks-and-events/webhook-events-and-payloads#repository_vulnerability_alert
+// GitHub API docs: https://docs.github.com/developers/webhooks-and-events/webhook-events-and-payloads#repository_vulnerability_alert
 type RepositoryVulnerabilityAlertEvent struct {
 	// Action is the action that was performed. Possible values are: "create", "dismiss", "resolve".
 	Action *string `json:"action,omitempty"`
@@ -1474,7 +1480,7 @@ type RepositoryVulnerabilityAlert struct {
 // SecretScanningAlertEvent is triggered when a secret scanning alert occurs in a repository.
 // The Webhook name is secret_scanning_alert.
 //
-// GitHub API docs: https://docs.github.com/en/developers/webhooks-and-events/webhooks/webhook-events-and-payloads#secret_scanning_alert
+// GitHub API docs: https://docs.github.com/developers/webhooks-and-events/webhooks/webhook-events-and-payloads#secret_scanning_alert
 type SecretScanningAlertEvent struct {
 	// Action is the action that was performed. Possible values are: "created", "resolved", or "reopened".
 	Action *string `json:"action,omitempty"`
@@ -1494,7 +1500,7 @@ type SecretScanningAlertEvent struct {
 // SecurityAndAnalysisEvent is triggered when code security and analysis features
 // are enabled or disabled for a repository.
 //
-// GitHub API docs: https://docs.github.com/en/webhooks-and-events/webhooks/webhook-events-and-payloads#security_and_analysis
+// GitHub API docs: https://docs.github.com/webhooks-and-events/webhooks/webhook-events-and-payloads#security_and_analysis
 type SecurityAndAnalysisEvent struct {
 	Changes      *SecurityAndAnalysisChange `json:"changes,omitempty"`
 	Enterprise   *Enterprise                `json:"enterprise,omitempty"`
@@ -1519,7 +1525,7 @@ type SecurityAndAnalysisChangeFrom struct {
 // StarEvent is triggered when a star is added or removed from a repository.
 // The Webhook event name is "star".
 //
-// GitHub API docs: https://docs.github.com/en/developers/webhooks-and-events/webhook-events-and-payloads#star
+// GitHub API docs: https://docs.github.com/developers/webhooks-and-events/webhook-events-and-payloads#star
 type StarEvent struct {
 	// Action is the action that was performed. Possible values are: "created" or "deleted".
 	Action *string `json:"action,omitempty"`
@@ -1540,7 +1546,7 @@ type StarEvent struct {
 // Events of this type are not visible in timelines, they are only used to
 // trigger hooks.
 //
-// GitHub API docs: https://docs.github.com/en/developers/webhooks-and-events/webhook-events-and-payloads#status
+// GitHub API docs: https://docs.github.com/developers/webhooks-and-events/webhook-events-and-payloads#status
 type StatusEvent struct {
 	SHA *string `json:"sha,omitempty"`
 	// State is the new state. Possible values are: "pending", "success", "failure", "error".
@@ -1571,7 +1577,7 @@ type StatusEvent struct {
 // Events of this type are not visible in timelines. These events are only used
 // to trigger hooks.
 //
-// GitHub API docs: https://docs.github.com/en/developers/webhooks-and-events/webhook-events-and-payloads#team
+// GitHub API docs: https://docs.github.com/developers/webhooks-and-events/webhook-events-and-payloads#team
 type TeamEvent struct {
 	Action  *string     `json:"action,omitempty"`
 	Team    *Team       `json:"team,omitempty"`
@@ -1590,7 +1596,7 @@ type TeamEvent struct {
 // Events of this type are not visible in timelines. These events are only used
 // to trigger hooks.
 //
-// GitHub API docs: https://docs.github.com/en/developers/webhooks-and-events/webhook-events-and-payloads#team_add
+// GitHub API docs: https://docs.github.com/developers/webhooks-and-events/webhook-events-and-payloads#team_add
 type TeamAddEvent struct {
 	Team *Team       `json:"team,omitempty"`
 	Repo *Repository `json:"repository,omitempty"`
@@ -1624,7 +1630,7 @@ type UserEvent struct {
 // The event’s actor is the user who starred a repository, and the event’s
 // repository is the repository that was starred.
 //
-// GitHub API docs: https://docs.github.com/en/developers/webhooks-and-events/webhook-events-and-payloads#watch
+// GitHub API docs: https://docs.github.com/developers/webhooks-and-events/webhook-events-and-payloads#watch
 type WatchEvent struct {
 	// Action is the action that was performed. Possible value is: "started".
 	Action *string `json:"action,omitempty"`
@@ -1642,7 +1648,7 @@ type WatchEvent struct {
 // WorkflowDispatchEvent is triggered when someone triggers a workflow run on GitHub or
 // sends a POST request to the create a workflow dispatch event endpoint.
 //
-// GitHub API docs: https://docs.github.com/en/developers/webhooks-and-events/webhook-events-and-payloads#workflow_dispatch
+// GitHub API docs: https://docs.github.com/developers/webhooks-and-events/webhook-events-and-payloads#workflow_dispatch
 type WorkflowDispatchEvent struct {
 	Inputs   json.RawMessage `json:"inputs,omitempty"`
 	Ref      *string         `json:"ref,omitempty"`
@@ -1657,7 +1663,7 @@ type WorkflowDispatchEvent struct {
 
 // WorkflowJobEvent is triggered when a job is queued, started or completed.
 //
-// GitHub API docs: https://docs.github.com/en/developers/webhooks-and-events/webhooks/webhook-events-and-payloads#workflow_job
+// GitHub API docs: https://docs.github.com/developers/webhooks-and-events/webhooks/webhook-events-and-payloads#workflow_job
 type WorkflowJobEvent struct {
 	WorkflowJob *WorkflowJob `json:"workflow_job,omitempty"`
 
@@ -1675,7 +1681,7 @@ type WorkflowJobEvent struct {
 
 // WorkflowRunEvent is triggered when a GitHub Actions workflow run is requested or completed.
 //
-// GitHub API docs: https://docs.github.com/en/developers/webhooks-and-events/webhook-events-and-payloads#workflow_run
+// GitHub API docs: https://docs.github.com/developers/webhooks-and-events/webhook-events-and-payloads#workflow_run
 type WorkflowRunEvent struct {
 	Action      *string      `json:"action,omitempty"`
 	Workflow    *Workflow    `json:"workflow,omitempty"`
@@ -1690,7 +1696,7 @@ type WorkflowRunEvent struct {
 
 // SecurityAdvisory represents the advisory object in SecurityAdvisoryEvent payload.
 //
-// GitHub API docs: https://docs.github.com/en/developers/webhooks-and-events/webhooks/webhook-events-and-payloads#security_advisory
+// GitHub API docs: https://docs.github.com/developers/webhooks-and-events/webhooks/webhook-events-and-payloads#security_advisory
 type SecurityAdvisory struct {
 	CVSS               *AdvisoryCVSS                 `json:"cvss,omitempty"`
 	CWEs               []*AdvisoryCWEs               `json:"cwes,omitempty"`
@@ -1740,8 +1746,8 @@ type AdvisoryVulnerability struct {
 	FirstPatchedVersion    *FirstPatchedVersion  `json:"first_patched_version,omitempty"`
 
 	// PatchedVersions and VulnerableFunctions are used in the following APIs:
-	// - https://docs.github.com/en/rest/security-advisories/repository-advisories?apiVersion=2022-11-28#list-repository-security-advisories-for-an-organization
-	// - https://docs.github.com/en/rest/security-advisories/repository-advisories?apiVersion=2022-11-28#list-repository-security-advisories
+	// - https://docs.github.com/rest/security-advisories/repository-advisories#list-repository-security-advisories-for-an-organization
+	// - https://docs.github.com/rest/security-advisories/repository-advisories#list-repository-security-advisories
 	PatchedVersions     *string  `json:"patched_versions,omitempty"`
 	VulnerableFunctions []string `json:"vulnerable_functions,omitempty"`
 }
@@ -1759,7 +1765,7 @@ type FirstPatchedVersion struct {
 
 // SecurityAdvisoryEvent is triggered when a security-related vulnerability is found in software on GitHub.
 //
-// GitHub API docs: https://docs.github.com/en/developers/webhooks-and-events/webhooks/webhook-events-and-payloads#security_advisory
+// GitHub API docs: https://docs.github.com/developers/webhooks-and-events/webhooks/webhook-events-and-payloads#security_advisory
 type SecurityAdvisoryEvent struct {
 	Action           *string           `json:"action,omitempty"`
 	SecurityAdvisory *SecurityAdvisory `json:"security_advisory,omitempty"`
@@ -1774,7 +1780,7 @@ type SecurityAdvisoryEvent struct {
 
 // CodeScanningAlertEvent is triggered when a code scanning finds a potential vulnerability or error in your code.
 //
-// GitHub API docs: https://docs.github.com/en/developers/webhooks-and-events/webhooks/webhook-events-and-payloads#code_scanning_alert
+// GitHub API docs: https://docs.github.com/developers/webhooks-and-events/webhooks/webhook-events-and-payloads#code_scanning_alert
 type CodeScanningAlertEvent struct {
 	Action *string `json:"action,omitempty"`
 	Alert  *Alert  `json:"alert,omitempty"`
diff --git a/vendor/github.com/google/go-github/v56/github/gists.go b/vendor/github.com/google/go-github/v57/github/gists.go
similarity index 82%
rename from vendor/github.com/google/go-github/v56/github/gists.go
rename to vendor/github.com/google/go-github/v57/github/gists.go
index 80961fcb908..08180c6d301 100644
--- a/vendor/github.com/google/go-github/v56/github/gists.go
+++ b/vendor/github.com/google/go-github/v57/github/gists.go
@@ -14,7 +14,7 @@ import (
 // GistsService handles communication with the Gist related
 // methods of the GitHub API.
 //
-// GitHub API docs: https://docs.github.com/en/rest/gists
+// GitHub API docs: https://docs.github.com/rest/gists
 type GistsService service
 
 // Gist represents a GitHub's gist.
@@ -96,8 +96,11 @@ type GistListOptions struct {
 // is authenticated, it will returns all gists for the authenticated
 // user.
 //
-// GitHub API docs: https://docs.github.com/en/rest/gists/gists#list-gists-for-the-authenticated-user
-// GitHub API docs: https://docs.github.com/en/rest/gists/gists#list-gists-for-a-user
+// GitHub API docs: https://docs.github.com/rest/gists/gists#list-gists-for-a-user
+// GitHub API docs: https://docs.github.com/rest/gists/gists#list-gists-for-the-authenticated-user
+//
+//meta:operation GET /gists
+//meta:operation GET /users/{username}/gists
 func (s *GistsService) List(ctx context.Context, user string, opts *GistListOptions) ([]*Gist, *Response, error) {
 	var u string
 	if user != "" {
@@ -126,7 +129,9 @@ func (s *GistsService) List(ctx context.Context, user string, opts *GistListOpti
 
 // ListAll lists all public gists.
 //
-// GitHub API docs: https://docs.github.com/en/rest/gists/gists#list-public-gists
+// GitHub API docs: https://docs.github.com/rest/gists/gists#list-public-gists
+//
+//meta:operation GET /gists/public
 func (s *GistsService) ListAll(ctx context.Context, opts *GistListOptions) ([]*Gist, *Response, error) {
 	u, err := addOptions("gists/public", opts)
 	if err != nil {
@@ -149,7 +154,9 @@ func (s *GistsService) ListAll(ctx context.Context, opts *GistListOptions) ([]*G
 
 // ListStarred lists starred gists of authenticated user.
 //
-// GitHub API docs: https://docs.github.com/en/rest/gists/gists#list-starred-gists
+// GitHub API docs: https://docs.github.com/rest/gists/gists#list-starred-gists
+//
+//meta:operation GET /gists/starred
 func (s *GistsService) ListStarred(ctx context.Context, opts *GistListOptions) ([]*Gist, *Response, error) {
 	u, err := addOptions("gists/starred", opts)
 	if err != nil {
@@ -172,7 +179,9 @@ func (s *GistsService) ListStarred(ctx context.Context, opts *GistListOptions) (
 
 // Get a single gist.
 //
-// GitHub API docs: https://docs.github.com/en/rest/gists/gists#get-a-gist
+// GitHub API docs: https://docs.github.com/rest/gists/gists#get-a-gist
+//
+//meta:operation GET /gists/{gist_id}
 func (s *GistsService) Get(ctx context.Context, id string) (*Gist, *Response, error) {
 	u := fmt.Sprintf("gists/%v", id)
 	req, err := s.client.NewRequest("GET", u, nil)
@@ -191,7 +200,9 @@ func (s *GistsService) Get(ctx context.Context, id string) (*Gist, *Response, er
 
 // GetRevision gets a specific revision of a gist.
 //
-// GitHub API docs: https://docs.github.com/en/rest/gists/gists#get-a-gist-revision
+// GitHub API docs: https://docs.github.com/rest/gists/gists#get-a-gist-revision
+//
+//meta:operation GET /gists/{gist_id}/{sha}
 func (s *GistsService) GetRevision(ctx context.Context, id, sha string) (*Gist, *Response, error) {
 	u := fmt.Sprintf("gists/%v/%v", id, sha)
 	req, err := s.client.NewRequest("GET", u, nil)
@@ -210,7 +221,9 @@ func (s *GistsService) GetRevision(ctx context.Context, id, sha string) (*Gist,
 
 // Create a gist for authenticated user.
 //
-// GitHub API docs: https://docs.github.com/en/rest/gists/gists#create-a-gist
+// GitHub API docs: https://docs.github.com/rest/gists/gists#create-a-gist
+//
+//meta:operation POST /gists
 func (s *GistsService) Create(ctx context.Context, gist *Gist) (*Gist, *Response, error) {
 	u := "gists"
 	req, err := s.client.NewRequest("POST", u, gist)
@@ -229,7 +242,9 @@ func (s *GistsService) Create(ctx context.Context, gist *Gist) (*Gist, *Response
 
 // Edit a gist.
 //
-// GitHub API docs: https://docs.github.com/en/rest/gists/gists#update-a-gist
+// GitHub API docs: https://docs.github.com/rest/gists/gists#update-a-gist
+//
+//meta:operation PATCH /gists/{gist_id}
 func (s *GistsService) Edit(ctx context.Context, id string, gist *Gist) (*Gist, *Response, error) {
 	u := fmt.Sprintf("gists/%v", id)
 	req, err := s.client.NewRequest("PATCH", u, gist)
@@ -248,7 +263,9 @@ func (s *GistsService) Edit(ctx context.Context, id string, gist *Gist) (*Gist,
 
 // ListCommits lists commits of a gist.
 //
-// GitHub API docs: https://docs.github.com/en/rest/gists/gists#list-gist-commits
+// GitHub API docs: https://docs.github.com/rest/gists/gists#list-gist-commits
+//
+//meta:operation GET /gists/{gist_id}/commits
 func (s *GistsService) ListCommits(ctx context.Context, id string, opts *ListOptions) ([]*GistCommit, *Response, error) {
 	u := fmt.Sprintf("gists/%v/commits", id)
 	u, err := addOptions(u, opts)
@@ -272,7 +289,9 @@ func (s *GistsService) ListCommits(ctx context.Context, id string, opts *ListOpt
 
 // Delete a gist.
 //
-// GitHub API docs: https://docs.github.com/en/rest/gists/gists#delete-a-gist
+// GitHub API docs: https://docs.github.com/rest/gists/gists#delete-a-gist
+//
+//meta:operation DELETE /gists/{gist_id}
 func (s *GistsService) Delete(ctx context.Context, id string) (*Response, error) {
 	u := fmt.Sprintf("gists/%v", id)
 	req, err := s.client.NewRequest("DELETE", u, nil)
@@ -285,7 +304,9 @@ func (s *GistsService) Delete(ctx context.Context, id string) (*Response, error)
 
 // Star a gist on behalf of authenticated user.
 //
-// GitHub API docs: https://docs.github.com/en/rest/gists/gists#star-a-gist
+// GitHub API docs: https://docs.github.com/rest/gists/gists#star-a-gist
+//
+//meta:operation PUT /gists/{gist_id}/star
 func (s *GistsService) Star(ctx context.Context, id string) (*Response, error) {
 	u := fmt.Sprintf("gists/%v/star", id)
 	req, err := s.client.NewRequest("PUT", u, nil)
@@ -298,7 +319,9 @@ func (s *GistsService) Star(ctx context.Context, id string) (*Response, error) {
 
 // Unstar a gist on a behalf of authenticated user.
 //
-// GitHub API docs: https://docs.github.com/en/rest/gists/gists#unstar-a-gist
+// GitHub API docs: https://docs.github.com/rest/gists/gists#unstar-a-gist
+//
+//meta:operation DELETE /gists/{gist_id}/star
 func (s *GistsService) Unstar(ctx context.Context, id string) (*Response, error) {
 	u := fmt.Sprintf("gists/%v/star", id)
 	req, err := s.client.NewRequest("DELETE", u, nil)
@@ -311,7 +334,9 @@ func (s *GistsService) Unstar(ctx context.Context, id string) (*Response, error)
 
 // IsStarred checks if a gist is starred by authenticated user.
 //
-// GitHub API docs: https://docs.github.com/en/rest/gists/gists#check-if-a-gist-is-starred
+// GitHub API docs: https://docs.github.com/rest/gists/gists#check-if-a-gist-is-starred
+//
+//meta:operation GET /gists/{gist_id}/star
 func (s *GistsService) IsStarred(ctx context.Context, id string) (bool, *Response, error) {
 	u := fmt.Sprintf("gists/%v/star", id)
 	req, err := s.client.NewRequest("GET", u, nil)
@@ -326,7 +351,9 @@ func (s *GistsService) IsStarred(ctx context.Context, id string) (bool, *Respons
 
 // Fork a gist.
 //
-// GitHub API docs: https://docs.github.com/en/rest/gists/gists#fork-a-gist
+// GitHub API docs: https://docs.github.com/rest/gists/gists#fork-a-gist
+//
+//meta:operation POST /gists/{gist_id}/forks
 func (s *GistsService) Fork(ctx context.Context, id string) (*Gist, *Response, error) {
 	u := fmt.Sprintf("gists/%v/forks", id)
 	req, err := s.client.NewRequest("POST", u, nil)
@@ -345,7 +372,9 @@ func (s *GistsService) Fork(ctx context.Context, id string) (*Gist, *Response, e
 
 // ListForks lists forks of a gist.
 //
-// GitHub API docs: https://docs.github.com/en/rest/gists/gists#list-gist-forks
+// GitHub API docs: https://docs.github.com/rest/gists/gists#list-gist-forks
+//
+//meta:operation GET /gists/{gist_id}/forks
 func (s *GistsService) ListForks(ctx context.Context, id string, opts *ListOptions) ([]*GistFork, *Response, error) {
 	u := fmt.Sprintf("gists/%v/forks", id)
 	u, err := addOptions(u, opts)
diff --git a/vendor/github.com/google/go-github/v56/github/gists_comments.go b/vendor/github.com/google/go-github/v57/github/gists_comments.go
similarity index 79%
rename from vendor/github.com/google/go-github/v56/github/gists_comments.go
rename to vendor/github.com/google/go-github/v57/github/gists_comments.go
index ee0fbfa45f8..5e0614231b8 100644
--- a/vendor/github.com/google/go-github/v56/github/gists_comments.go
+++ b/vendor/github.com/google/go-github/v57/github/gists_comments.go
@@ -25,7 +25,9 @@ func (g GistComment) String() string {
 
 // ListComments lists all comments for a gist.
 //
-// GitHub API docs: https://docs.github.com/en/rest/gists/comments#list-gist-comments
+// GitHub API docs: https://docs.github.com/rest/gists/comments#list-gist-comments
+//
+//meta:operation GET /gists/{gist_id}/comments
 func (s *GistsService) ListComments(ctx context.Context, gistID string, opts *ListOptions) ([]*GistComment, *Response, error) {
 	u := fmt.Sprintf("gists/%v/comments", gistID)
 	u, err := addOptions(u, opts)
@@ -49,7 +51,9 @@ func (s *GistsService) ListComments(ctx context.Context, gistID string, opts *Li
 
 // GetComment retrieves a single comment from a gist.
 //
-// GitHub API docs: https://docs.github.com/en/rest/gists/comments#get-a-gist-comment
+// GitHub API docs: https://docs.github.com/rest/gists/comments#get-a-gist-comment
+//
+//meta:operation GET /gists/{gist_id}/comments/{comment_id}
 func (s *GistsService) GetComment(ctx context.Context, gistID string, commentID int64) (*GistComment, *Response, error) {
 	u := fmt.Sprintf("gists/%v/comments/%v", gistID, commentID)
 	req, err := s.client.NewRequest("GET", u, nil)
@@ -68,7 +72,9 @@ func (s *GistsService) GetComment(ctx context.Context, gistID string, commentID
 
 // CreateComment creates a comment for a gist.
 //
-// GitHub API docs: https://docs.github.com/en/rest/gists/comments#create-a-gist-comment
+// GitHub API docs: https://docs.github.com/rest/gists/comments#create-a-gist-comment
+//
+//meta:operation POST /gists/{gist_id}/comments
 func (s *GistsService) CreateComment(ctx context.Context, gistID string, comment *GistComment) (*GistComment, *Response, error) {
 	u := fmt.Sprintf("gists/%v/comments", gistID)
 	req, err := s.client.NewRequest("POST", u, comment)
@@ -87,7 +93,9 @@ func (s *GistsService) CreateComment(ctx context.Context, gistID string, comment
 
 // EditComment edits an existing gist comment.
 //
-// GitHub API docs: https://docs.github.com/en/rest/gists/comments#update-a-gist-comment
+// GitHub API docs: https://docs.github.com/rest/gists/comments#update-a-gist-comment
+//
+//meta:operation PATCH /gists/{gist_id}/comments/{comment_id}
 func (s *GistsService) EditComment(ctx context.Context, gistID string, commentID int64, comment *GistComment) (*GistComment, *Response, error) {
 	u := fmt.Sprintf("gists/%v/comments/%v", gistID, commentID)
 	req, err := s.client.NewRequest("PATCH", u, comment)
@@ -106,7 +114,9 @@ func (s *GistsService) EditComment(ctx context.Context, gistID string, commentID
 
 // DeleteComment deletes a gist comment.
 //
-// GitHub API docs: https://docs.github.com/en/rest/gists/comments#delete-a-gist-comment
+// GitHub API docs: https://docs.github.com/rest/gists/comments#delete-a-gist-comment
+//
+//meta:operation DELETE /gists/{gist_id}/comments/{comment_id}
 func (s *GistsService) DeleteComment(ctx context.Context, gistID string, commentID int64) (*Response, error) {
 	u := fmt.Sprintf("gists/%v/comments/%v", gistID, commentID)
 	req, err := s.client.NewRequest("DELETE", u, nil)
diff --git a/vendor/github.com/google/go-github/v56/github/git.go b/vendor/github.com/google/go-github/v57/github/git.go
similarity index 84%
rename from vendor/github.com/google/go-github/v56/github/git.go
rename to vendor/github.com/google/go-github/v57/github/git.go
index 8960de7b14a..2ca835e1b50 100644
--- a/vendor/github.com/google/go-github/v56/github/git.go
+++ b/vendor/github.com/google/go-github/v57/github/git.go
@@ -8,5 +8,5 @@ package github
 // GitService handles communication with the git data related
 // methods of the GitHub API.
 //
-// GitHub API docs: https://docs.github.com/en/rest/git/
+// GitHub API docs: https://docs.github.com/rest/git/
 type GitService service
diff --git a/vendor/github.com/google/go-github/v56/github/git_blobs.go b/vendor/github.com/google/go-github/v57/github/git_blobs.go
similarity index 83%
rename from vendor/github.com/google/go-github/v56/github/git_blobs.go
rename to vendor/github.com/google/go-github/v57/github/git_blobs.go
index da0485ccbe2..d8904288896 100644
--- a/vendor/github.com/google/go-github/v56/github/git_blobs.go
+++ b/vendor/github.com/google/go-github/v57/github/git_blobs.go
@@ -23,7 +23,9 @@ type Blob struct {
 
 // GetBlob fetches a blob from a repo given a SHA.
 //
-// GitHub API docs: https://docs.github.com/en/rest/git/blobs#get-a-blob
+// GitHub API docs: https://docs.github.com/rest/git/blobs#get-a-blob
+//
+//meta:operation GET /repos/{owner}/{repo}/git/blobs/{file_sha}
 func (s *GitService) GetBlob(ctx context.Context, owner string, repo string, sha string) (*Blob, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/git/blobs/%v", owner, repo, sha)
 	req, err := s.client.NewRequest("GET", u, nil)
@@ -43,7 +45,9 @@ func (s *GitService) GetBlob(ctx context.Context, owner string, repo string, sha
 // GetBlobRaw fetches a blob's contents from a repo.
 // Unlike GetBlob, it returns the raw bytes rather than the base64-encoded data.
 //
-// GitHub API docs: https://docs.github.com/en/rest/git/blobs#get-a-blob
+// GitHub API docs: https://docs.github.com/rest/git/blobs#get-a-blob
+//
+//meta:operation GET /repos/{owner}/{repo}/git/blobs/{file_sha}
 func (s *GitService) GetBlobRaw(ctx context.Context, owner, repo, sha string) ([]byte, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/git/blobs/%v", owner, repo, sha)
 	req, err := s.client.NewRequest("GET", u, nil)
@@ -64,7 +68,9 @@ func (s *GitService) GetBlobRaw(ctx context.Context, owner, repo, sha string) ([
 
 // CreateBlob creates a blob object.
 //
-// GitHub API docs: https://docs.github.com/en/rest/git/blobs#create-a-blob
+// GitHub API docs: https://docs.github.com/rest/git/blobs#create-a-blob
+//
+//meta:operation POST /repos/{owner}/{repo}/git/blobs
 func (s *GitService) CreateBlob(ctx context.Context, owner string, repo string, blob *Blob) (*Blob, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/git/blobs", owner, repo)
 	req, err := s.client.NewRequest("POST", u, blob)
diff --git a/vendor/github.com/google/go-github/v56/github/git_commits.go b/vendor/github.com/google/go-github/v57/github/git_commits.go
similarity index 95%
rename from vendor/github.com/google/go-github/v56/github/git_commits.go
rename to vendor/github.com/google/go-github/v57/github/git_commits.go
index 1a683bc34c9..573d38be528 100644
--- a/vendor/github.com/google/go-github/v56/github/git_commits.go
+++ b/vendor/github.com/google/go-github/v57/github/git_commits.go
@@ -82,7 +82,9 @@ func (c CommitAuthor) String() string {
 
 // GetCommit fetches the Commit object for a given SHA.
 //
-// GitHub API docs: https://docs.github.com/en/rest/git/commits#get-a-commit
+// GitHub API docs: https://docs.github.com/rest/git/commits#get-a-commit-object
+//
+//meta:operation GET /repos/{owner}/{repo}/git/commits/{commit_sha}
 func (s *GitService) GetCommit(ctx context.Context, owner string, repo string, sha string) (*Commit, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/git/commits/%v", owner, repo, sha)
 	req, err := s.client.NewRequest("GET", u, nil)
@@ -122,7 +124,9 @@ type CreateCommitOptions struct {
 // data if omitted. If the commit.Author is omitted, it will be filled in with
 // the authenticated user’s information and the current date.
 //
-// GitHub API docs: https://docs.github.com/en/rest/git/commits#create-a-commit
+// GitHub API docs: https://docs.github.com/rest/git/commits#create-a-commit
+//
+//meta:operation POST /repos/{owner}/{repo}/git/commits
 func (s *GitService) CreateCommit(ctx context.Context, owner string, repo string, commit *Commit, opts *CreateCommitOptions) (*Commit, *Response, error) {
 	if commit == nil {
 		return nil, nil, fmt.Errorf("commit must be provided")
diff --git a/vendor/github.com/google/go-github/v56/github/git_refs.go b/vendor/github.com/google/go-github/v57/github/git_refs.go
similarity index 86%
rename from vendor/github.com/google/go-github/v56/github/git_refs.go
rename to vendor/github.com/google/go-github/v57/github/git_refs.go
index e839c30f667..ad7b10d7d3f 100644
--- a/vendor/github.com/google/go-github/v56/github/git_refs.go
+++ b/vendor/github.com/google/go-github/v57/github/git_refs.go
@@ -49,7 +49,9 @@ type updateRefRequest struct {
 
 // GetRef fetches a single reference in a repository.
 //
-// GitHub API docs: https://docs.github.com/en/rest/git/refs#get-a-reference
+// GitHub API docs: https://docs.github.com/rest/git/refs#get-a-reference
+//
+//meta:operation GET /repos/{owner}/{repo}/git/ref/{ref}
 func (s *GitService) GetRef(ctx context.Context, owner string, repo string, ref string) (*Reference, *Response, error) {
 	ref = strings.TrimPrefix(ref, "refs/")
 	u := fmt.Sprintf("repos/%v/%v/git/ref/%v", owner, repo, refURLEscape(ref))
@@ -88,7 +90,9 @@ type ReferenceListOptions struct {
 // ListMatchingRefs lists references in a repository that match a supplied ref.
 // Use an empty ref to list all references.
 //
-// GitHub API docs: https://docs.github.com/en/rest/git/refs#list-matching-references
+// GitHub API docs: https://docs.github.com/rest/git/refs#list-matching-references
+//
+//meta:operation GET /repos/{owner}/{repo}/git/matching-refs/{ref}
 func (s *GitService) ListMatchingRefs(ctx context.Context, owner, repo string, opts *ReferenceListOptions) ([]*Reference, *Response, error) {
 	var ref string
 	if opts != nil {
@@ -116,7 +120,9 @@ func (s *GitService) ListMatchingRefs(ctx context.Context, owner, repo string, o
 
 // CreateRef creates a new ref in a repository.
 //
-// GitHub API docs: https://docs.github.com/en/rest/git/refs#create-a-reference
+// GitHub API docs: https://docs.github.com/rest/git/refs#create-a-reference
+//
+//meta:operation POST /repos/{owner}/{repo}/git/refs
 func (s *GitService) CreateRef(ctx context.Context, owner string, repo string, ref *Reference) (*Reference, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/git/refs", owner, repo)
 	req, err := s.client.NewRequest("POST", u, &createRefRequest{
@@ -139,7 +145,9 @@ func (s *GitService) CreateRef(ctx context.Context, owner string, repo string, r
 
 // UpdateRef updates an existing ref in a repository.
 //
-// GitHub API docs: https://docs.github.com/en/rest/git/refs#update-a-reference
+// GitHub API docs: https://docs.github.com/rest/git/refs#update-a-reference
+//
+//meta:operation PATCH /repos/{owner}/{repo}/git/refs/{ref}
 func (s *GitService) UpdateRef(ctx context.Context, owner string, repo string, ref *Reference, force bool) (*Reference, *Response, error) {
 	refPath := strings.TrimPrefix(*ref.Ref, "refs/")
 	u := fmt.Sprintf("repos/%v/%v/git/refs/%v", owner, repo, refURLEscape(refPath))
@@ -162,7 +170,9 @@ func (s *GitService) UpdateRef(ctx context.Context, owner string, repo string, r
 
 // DeleteRef deletes a ref from a repository.
 //
-// GitHub API docs: https://docs.github.com/en/rest/git/refs#delete-a-reference
+// GitHub API docs: https://docs.github.com/rest/git/refs#delete-a-reference
+//
+//meta:operation DELETE /repos/{owner}/{repo}/git/refs/{ref}
 func (s *GitService) DeleteRef(ctx context.Context, owner string, repo string, ref string) (*Response, error) {
 	ref = strings.TrimPrefix(ref, "refs/")
 	u := fmt.Sprintf("repos/%v/%v/git/refs/%v", owner, repo, refURLEscape(ref))
diff --git a/vendor/github.com/google/go-github/v56/github/git_tags.go b/vendor/github.com/google/go-github/v57/github/git_tags.go
similarity index 89%
rename from vendor/github.com/google/go-github/v56/github/git_tags.go
rename to vendor/github.com/google/go-github/v57/github/git_tags.go
index 30d7b2c2d23..67321566f73 100644
--- a/vendor/github.com/google/go-github/v56/github/git_tags.go
+++ b/vendor/github.com/google/go-github/v57/github/git_tags.go
@@ -35,7 +35,9 @@ type createTagRequest struct {
 
 // GetTag fetches a tag from a repo given a SHA.
 //
-// GitHub API docs: https://docs.github.com/en/rest/git/tags#get-a-tag
+// GitHub API docs: https://docs.github.com/rest/git/tags#get-a-tag
+//
+//meta:operation GET /repos/{owner}/{repo}/git/tags/{tag_sha}
 func (s *GitService) GetTag(ctx context.Context, owner string, repo string, sha string) (*Tag, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/git/tags/%v", owner, repo, sha)
 	req, err := s.client.NewRequest("GET", u, nil)
@@ -54,7 +56,9 @@ func (s *GitService) GetTag(ctx context.Context, owner string, repo string, sha
 
 // CreateTag creates a tag object.
 //
-// GitHub API docs: https://docs.github.com/en/rest/git/tags#create-a-tag-object
+// GitHub API docs: https://docs.github.com/rest/git/tags#create-a-tag-object
+//
+//meta:operation POST /repos/{owner}/{repo}/git/tags
 func (s *GitService) CreateTag(ctx context.Context, owner string, repo string, tag *Tag) (*Tag, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/git/tags", owner, repo)
 
diff --git a/vendor/github.com/google/go-github/v56/github/git_trees.go b/vendor/github.com/google/go-github/v57/github/git_trees.go
similarity index 94%
rename from vendor/github.com/google/go-github/v56/github/git_trees.go
rename to vendor/github.com/google/go-github/v57/github/git_trees.go
index db28976e032..b8eed58e136 100644
--- a/vendor/github.com/google/go-github/v56/github/git_trees.go
+++ b/vendor/github.com/google/go-github/v57/github/git_trees.go
@@ -93,7 +93,9 @@ func (t *TreeEntry) MarshalJSON() ([]byte, error) {
 
 // GetTree fetches the Tree object for a given sha hash from a repository.
 //
-// GitHub API docs: https://docs.github.com/en/rest/git/trees#get-a-tree
+// GitHub API docs: https://docs.github.com/rest/git/trees#get-a-tree
+//
+//meta:operation GET /repos/{owner}/{repo}/git/trees/{tree_sha}
 func (s *GitService) GetTree(ctx context.Context, owner string, repo string, sha string, recursive bool) (*Tree, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/git/trees/%v", owner, repo, sha)
 	if recursive {
@@ -124,7 +126,9 @@ type createTree struct {
 // path modifying that tree are specified, it will overwrite the contents of
 // that tree with the new path contents and write a new tree out.
 //
-// GitHub API docs: https://docs.github.com/en/rest/git/trees#create-a-tree
+// GitHub API docs: https://docs.github.com/rest/git/trees#create-a-tree
+//
+//meta:operation POST /repos/{owner}/{repo}/git/trees
 func (s *GitService) CreateTree(ctx context.Context, owner string, repo string, baseTree string, entries []*TreeEntry) (*Tree, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/git/trees", owner, repo)
 
diff --git a/vendor/github.com/google/go-github/v56/github/github-accessors.go b/vendor/github.com/google/go-github/v57/github/github-accessors.go
similarity index 98%
rename from vendor/github.com/google/go-github/v56/github/github-accessors.go
rename to vendor/github.com/google/go-github/v57/github/github-accessors.go
index 199c9b8a37d..e15eb10204b 100644
--- a/vendor/github.com/google/go-github/v56/github/github-accessors.go
+++ b/vendor/github.com/google/go-github/v57/github/github-accessors.go
@@ -4990,6 +4990,62 @@ func (c *CredentialAuthorization) GetTokenLastEight() string {
 	return *c.TokenLastEight
 }
 
+// GetType returns the Type field if it's non-nil, zero value otherwise.
+func (c *Credit) GetType() string {
+	if c == nil || c.Type == nil {
+		return ""
+	}
+	return *c.Type
+}
+
+// GetUser returns the User field.
+func (c *Credit) GetUser() *User {
+	if c == nil {
+		return nil
+	}
+	return c.User
+}
+
+// GetDefaultValue returns the DefaultValue field if it's non-nil, zero value otherwise.
+func (c *CustomProperty) GetDefaultValue() string {
+	if c == nil || c.DefaultValue == nil {
+		return ""
+	}
+	return *c.DefaultValue
+}
+
+// GetDescription returns the Description field if it's non-nil, zero value otherwise.
+func (c *CustomProperty) GetDescription() string {
+	if c == nil || c.Description == nil {
+		return ""
+	}
+	return *c.Description
+}
+
+// GetPropertyName returns the PropertyName field if it's non-nil, zero value otherwise.
+func (c *CustomProperty) GetPropertyName() string {
+	if c == nil || c.PropertyName == nil {
+		return ""
+	}
+	return *c.PropertyName
+}
+
+// GetRequired returns the Required field if it's non-nil, zero value otherwise.
+func (c *CustomProperty) GetRequired() bool {
+	if c == nil || c.Required == nil {
+		return false
+	}
+	return *c.Required
+}
+
+// GetValue returns the Value field if it's non-nil, zero value otherwise.
+func (c *CustomPropertyValue) GetValue() string {
+	if c == nil || c.Value == nil {
+		return ""
+	}
+	return *c.Value
+}
+
 // GetBaseRole returns the BaseRole field if it's non-nil, zero value otherwise.
 func (c *CustomRepoRoles) GetBaseRole() string {
 	if c == nil || c.BaseRole == nil {
@@ -5302,6 +5358,22 @@ func (d *DependabotAlertEvent) GetSender() *User {
 	return d.Sender
 }
 
+// GetDismissedComment returns the DismissedComment field if it's non-nil, zero value otherwise.
+func (d *DependabotAlertState) GetDismissedComment() string {
+	if d == nil || d.DismissedComment == nil {
+		return ""
+	}
+	return *d.DismissedComment
+}
+
+// GetDismissedReason returns the DismissedReason field if it's non-nil, zero value otherwise.
+func (d *DependabotAlertState) GetDismissedReason() string {
+	if d == nil || d.DismissedReason == nil {
+		return ""
+	}
+	return *d.DismissedReason
+}
+
 // GetCVEID returns the CVEID field if it's non-nil, zero value otherwise.
 func (d *DependabotSecurityAdvisory) GetCVEID() string {
 	if d == nil || d.CVEID == nil {
@@ -6622,6 +6694,14 @@ func (e *EditChange) GetBody() *EditBody {
 	return e.Body
 }
 
+// GetDefaultBranch returns the DefaultBranch field.
+func (e *EditChange) GetDefaultBranch() *EditDefaultBranch {
+	if e == nil {
+		return nil
+	}
+	return e.DefaultBranch
+}
+
 // GetOwner returns the Owner field.
 func (e *EditChange) GetOwner() *EditOwner {
 	if e == nil {
@@ -6646,6 +6726,14 @@ func (e *EditChange) GetTitle() *EditTitle {
 	return e.Title
 }
 
+// GetFrom returns the From field if it's non-nil, zero value otherwise.
+func (e *EditDefaultBranch) GetFrom() string {
+	if e == nil || e.From == nil {
+		return ""
+	}
+	return *e.From
+}
+
 // GetOwnerInfo returns the OwnerInfo field.
 func (e *EditOwner) GetOwnerInfo() *OwnerInfo {
 	if e == nil {
@@ -7742,6 +7830,78 @@ func (g *GitObject) GetURL() string {
 	return *g.URL
 }
 
+// GetGithubReviewedAt returns the GithubReviewedAt field if it's non-nil, zero value otherwise.
+func (g *GlobalSecurityAdvisory) GetGithubReviewedAt() Timestamp {
+	if g == nil || g.GithubReviewedAt == nil {
+		return Timestamp{}
+	}
+	return *g.GithubReviewedAt
+}
+
+// GetID returns the ID field if it's non-nil, zero value otherwise.
+func (g *GlobalSecurityAdvisory) GetID() int64 {
+	if g == nil || g.ID == nil {
+		return 0
+	}
+	return *g.ID
+}
+
+// GetNVDPublishedAt returns the NVDPublishedAt field if it's non-nil, zero value otherwise.
+func (g *GlobalSecurityAdvisory) GetNVDPublishedAt() Timestamp {
+	if g == nil || g.NVDPublishedAt == nil {
+		return Timestamp{}
+	}
+	return *g.NVDPublishedAt
+}
+
+// GetRepositoryAdvisoryURL returns the RepositoryAdvisoryURL field if it's non-nil, zero value otherwise.
+func (g *GlobalSecurityAdvisory) GetRepositoryAdvisoryURL() string {
+	if g == nil || g.RepositoryAdvisoryURL == nil {
+		return ""
+	}
+	return *g.RepositoryAdvisoryURL
+}
+
+// GetSourceCodeLocation returns the SourceCodeLocation field if it's non-nil, zero value otherwise.
+func (g *GlobalSecurityAdvisory) GetSourceCodeLocation() string {
+	if g == nil || g.SourceCodeLocation == nil {
+		return ""
+	}
+	return *g.SourceCodeLocation
+}
+
+// GetType returns the Type field if it's non-nil, zero value otherwise.
+func (g *GlobalSecurityAdvisory) GetType() string {
+	if g == nil || g.Type == nil {
+		return ""
+	}
+	return *g.Type
+}
+
+// GetFirstPatchedVersion returns the FirstPatchedVersion field if it's non-nil, zero value otherwise.
+func (g *GlobalSecurityVulnerability) GetFirstPatchedVersion() string {
+	if g == nil || g.FirstPatchedVersion == nil {
+		return ""
+	}
+	return *g.FirstPatchedVersion
+}
+
+// GetPackage returns the Package field.
+func (g *GlobalSecurityVulnerability) GetPackage() *VulnerabilityPackage {
+	if g == nil {
+		return nil
+	}
+	return g.Package
+}
+
+// GetVulnerableVersionRange returns the VulnerableVersionRange field if it's non-nil, zero value otherwise.
+func (g *GlobalSecurityVulnerability) GetVulnerableVersionRange() string {
+	if g == nil || g.VulnerableVersionRange == nil {
+		return ""
+	}
+	return *g.VulnerableVersionRange
+}
+
 // GetInstallation returns the Installation field.
 func (g *GollumEvent) GetInstallation() *Installation {
 	if g == nil {
@@ -9334,6 +9494,14 @@ func (i *Issue) GetCreatedAt() Timestamp {
 	return *i.CreatedAt
 }
 
+// GetDraft returns the Draft field if it's non-nil, zero value otherwise.
+func (i *Issue) GetDraft() bool {
+	if i == nil || i.Draft == nil {
+		return false
+	}
+	return *i.Draft
+}
+
 // GetEventsURL returns the EventsURL field if it's non-nil, zero value otherwise.
 func (i *Issue) GetEventsURL() string {
 	if i == nil || i.EventsURL == nil {
@@ -10710,6 +10878,86 @@ func (l *ListExternalGroupsOptions) GetDisplayName() string {
 	return *l.DisplayName
 }
 
+// GetAffects returns the Affects field if it's non-nil, zero value otherwise.
+func (l *ListGlobalSecurityAdvisoriesOptions) GetAffects() string {
+	if l == nil || l.Affects == nil {
+		return ""
+	}
+	return *l.Affects
+}
+
+// GetCVEID returns the CVEID field if it's non-nil, zero value otherwise.
+func (l *ListGlobalSecurityAdvisoriesOptions) GetCVEID() string {
+	if l == nil || l.CVEID == nil {
+		return ""
+	}
+	return *l.CVEID
+}
+
+// GetEcosystem returns the Ecosystem field if it's non-nil, zero value otherwise.
+func (l *ListGlobalSecurityAdvisoriesOptions) GetEcosystem() string {
+	if l == nil || l.Ecosystem == nil {
+		return ""
+	}
+	return *l.Ecosystem
+}
+
+// GetGHSAID returns the GHSAID field if it's non-nil, zero value otherwise.
+func (l *ListGlobalSecurityAdvisoriesOptions) GetGHSAID() string {
+	if l == nil || l.GHSAID == nil {
+		return ""
+	}
+	return *l.GHSAID
+}
+
+// GetIsWithdrawn returns the IsWithdrawn field if it's non-nil, zero value otherwise.
+func (l *ListGlobalSecurityAdvisoriesOptions) GetIsWithdrawn() bool {
+	if l == nil || l.IsWithdrawn == nil {
+		return false
+	}
+	return *l.IsWithdrawn
+}
+
+// GetModified returns the Modified field if it's non-nil, zero value otherwise.
+func (l *ListGlobalSecurityAdvisoriesOptions) GetModified() string {
+	if l == nil || l.Modified == nil {
+		return ""
+	}
+	return *l.Modified
+}
+
+// GetPublished returns the Published field if it's non-nil, zero value otherwise.
+func (l *ListGlobalSecurityAdvisoriesOptions) GetPublished() string {
+	if l == nil || l.Published == nil {
+		return ""
+	}
+	return *l.Published
+}
+
+// GetSeverity returns the Severity field if it's non-nil, zero value otherwise.
+func (l *ListGlobalSecurityAdvisoriesOptions) GetSeverity() string {
+	if l == nil || l.Severity == nil {
+		return ""
+	}
+	return *l.Severity
+}
+
+// GetType returns the Type field if it's non-nil, zero value otherwise.
+func (l *ListGlobalSecurityAdvisoriesOptions) GetType() string {
+	if l == nil || l.Type == nil {
+		return ""
+	}
+	return *l.Type
+}
+
+// GetUpdated returns the Updated field if it's non-nil, zero value otherwise.
+func (l *ListGlobalSecurityAdvisoriesOptions) GetUpdated() string {
+	if l == nil || l.Updated == nil {
+		return ""
+	}
+	return *l.Updated
+}
+
 // GetTotalCount returns the TotalCount field if it's non-nil, zero value otherwise.
 func (l *ListOrganizations) GetTotalCount() int {
 	if l == nil || l.TotalCount == nil {
@@ -17151,7 +17399,7 @@ func (p *PushEvent) GetOrganization() *Organization {
 }
 
 // GetPusher returns the Pusher field.
-func (p *PushEvent) GetPusher() *User {
+func (p *PushEvent) GetPusher() *CommitAuthor {
 	if p == nil {
 		return nil
 	}
@@ -17710,6 +17958,30 @@ func (r *Reference) GetURL() string {
 	return *r.URL
 }
 
+// GetPath returns the Path field if it's non-nil, zero value otherwise.
+func (r *ReferencedWorkflow) GetPath() string {
+	if r == nil || r.Path == nil {
+		return ""
+	}
+	return *r.Path
+}
+
+// GetRef returns the Ref field if it's non-nil, zero value otherwise.
+func (r *ReferencedWorkflow) GetRef() string {
+	if r == nil || r.Ref == nil {
+		return ""
+	}
+	return *r.Ref
+}
+
+// GetSHA returns the SHA field if it's non-nil, zero value otherwise.
+func (r *ReferencedWorkflow) GetSHA() string {
+	if r == nil || r.SHA == nil {
+		return ""
+	}
+	return *r.SHA
+}
+
 // GetExpiresAt returns the ExpiresAt field if it's non-nil, zero value otherwise.
 func (r *RegistrationToken) GetExpiresAt() Timestamp {
 	if r == nil || r.ExpiresAt == nil {
@@ -20318,6 +20590,30 @@ func (r *RuleRequiredStatusChecks) GetIntegrationID() int64 {
 	return *r.IntegrationID
 }
 
+// GetRef returns the Ref field if it's non-nil, zero value otherwise.
+func (r *RuleRequiredWorkflow) GetRef() string {
+	if r == nil || r.Ref == nil {
+		return ""
+	}
+	return *r.Ref
+}
+
+// GetRepositoryID returns the RepositoryID field if it's non-nil, zero value otherwise.
+func (r *RuleRequiredWorkflow) GetRepositoryID() int64 {
+	if r == nil || r.RepositoryID == nil {
+		return 0
+	}
+	return *r.RepositoryID
+}
+
+// GetSha returns the Sha field if it's non-nil, zero value otherwise.
+func (r *RuleRequiredWorkflow) GetSha() string {
+	if r == nil || r.Sha == nil {
+		return ""
+	}
+	return *r.Sha
+}
+
 // GetConditions returns the Conditions field.
 func (r *Ruleset) GetConditions() *RulesetConditions {
 	if r == nil {
diff --git a/vendor/github.com/google/go-github/v56/github/github.go b/vendor/github.com/google/go-github/v57/github/github.go
similarity index 92%
rename from vendor/github.com/google/go-github/v56/github/github.go
rename to vendor/github.com/google/go-github/v57/github/github.go
index d71236ef088..c248b256f6e 100644
--- a/vendor/github.com/google/go-github/v56/github/github.go
+++ b/vendor/github.com/google/go-github/v57/github/github.go
@@ -5,6 +5,7 @@
 
 //go:generate go run gen-accessors.go
 //go:generate go run gen-stringify-test.go
+//go:generate ../script/metadata.sh update-go
 
 package github
 
@@ -27,7 +28,7 @@ import (
 )
 
 const (
-	Version = "v56.0.0"
+	Version = "v57.0.0"
 
 	defaultAPIVersion = "2022-11-28"
 	defaultBaseURL    = "https://api.github.com/"
@@ -131,10 +132,10 @@ const (
 	// https://developer.github.com/changes/2019-04-11-pulls-branches-for-commit/
 	mediaTypeListPullsOrBranchesForCommitPreview = "application/vnd.github.groot-preview+json"
 
-	// https://docs.github.com/en/rest/previews/#repository-creation-permissions
+	// https://docs.github.com/rest/previews/#repository-creation-permissions
 	mediaTypeMemberAllowedRepoCreationTypePreview = "application/vnd.github.surtur-preview+json"
 
-	// https://docs.github.com/en/rest/previews/#create-and-use-repository-templates
+	// https://docs.github.com/rest/previews/#create-and-use-repository-templates
 	mediaTypeRepositoryTemplatePreview = "application/vnd.github.baptiste-preview+json"
 
 	// https://developer.github.com/changes/2019-10-03-multi-line-comments/
@@ -203,6 +204,7 @@ type Client struct {
 	Organizations      *OrganizationsService
 	Projects           *ProjectsService
 	PullRequests       *PullRequestsService
+	RateLimit          *RateLimitService
 	Reactions          *ReactionsService
 	Repositories       *RepositoriesService
 	SCIM               *SCIMService
@@ -424,6 +426,7 @@ func (c *Client) initialize() {
 	c.Organizations = (*OrganizationsService)(&c.common)
 	c.Projects = (*ProjectsService)(&c.common)
 	c.PullRequests = (*PullRequestsService)(&c.common)
+	c.RateLimit = (*RateLimitService)(&c.common)
 	c.Reactions = (*ReactionsService)(&c.common)
 	c.Repositories = (*RepositoriesService)(&c.common)
 	c.SCIM = (*SCIMService)(&c.common)
@@ -992,7 +995,7 @@ func compareHTTPResponse(r1, r2 *http.Response) bool {
 /*
 An ErrorResponse reports one or more errors caused by an API request.
 
-GitHub API docs: https://docs.github.com/en/rest/#client-errors
+GitHub API docs: https://docs.github.com/rest/#client-errors
 */
 type ErrorResponse struct {
 	Response *http.Response `json:"-"`       // HTTP response that caused this error
@@ -1002,7 +1005,7 @@ type ErrorResponse struct {
 	Block *ErrorBlock `json:"block,omitempty"`
 	// Most errors will also include a documentation_url field pointing
 	// to some content that might help you resolve the error, see
-	// https://docs.github.com/en/rest/#client-errors
+	// https://docs.github.com/rest/#client-errors
 	DocumentationURL string `json:"documentation_url,omitempty"`
 }
 
@@ -1015,9 +1018,17 @@ type ErrorBlock struct {
 }
 
 func (r *ErrorResponse) Error() string {
-	return fmt.Sprintf("%v %v: %d %v %+v",
-		r.Response.Request.Method, sanitizeURL(r.Response.Request.URL),
-		r.Response.StatusCode, r.Message, r.Errors)
+	if r.Response != nil && r.Response.Request != nil {
+		return fmt.Sprintf("%v %v: %d %v %+v",
+			r.Response.Request.Method, sanitizeURL(r.Response.Request.URL),
+			r.Response.StatusCode, r.Message, r.Errors)
+	}
+
+	if r.Response != nil {
+		return fmt.Sprintf("%d %v %+v", r.Response.StatusCode, r.Message, r.Errors)
+	}
+
+	return fmt.Sprintf("%v %+v", r.Message, r.Errors)
 }
 
 // Is returns whether the provided error equals this error.
@@ -1122,7 +1133,7 @@ func (ae *AcceptedError) Is(target error) bool {
 }
 
 // AbuseRateLimitError occurs when GitHub returns 403 Forbidden response with the
-// "documentation_url" field value equal to "https://docs.github.com/en/rest/overview/resources-in-the-rest-api#secondary-rate-limits".
+// "documentation_url" field value equal to "https://docs.github.com/rest/overview/rate-limits-for-the-rest-api#about-secondary-rate-limits".
 type AbuseRateLimitError struct {
 	Response *http.Response // HTTP response that caused this error
 	Message  string         `json:"message"` // error message
@@ -1185,7 +1196,7 @@ GitHub error responses structure are often undocumented and inconsistent.
 Sometimes error is just a simple string (Issue #540).
 In such cases, Message represents an error message as a workaround.
 
-GitHub API docs: https://docs.github.com/en/rest/#client-errors
+GitHub API docs: https://docs.github.com/rest/#client-errors
 */
 type Error struct {
 	Resource string `json:"resource"` // resource on which the error occurred
@@ -1248,7 +1259,7 @@ func CheckResponse(r *http.Response) error {
 		}
 	case r.StatusCode == http.StatusForbidden &&
 		(strings.HasSuffix(errorResponse.DocumentationURL, "#abuse-rate-limits") ||
-			strings.HasSuffix(errorResponse.DocumentationURL, "#secondary-rate-limits")):
+			strings.HasSuffix(errorResponse.DocumentationURL, "secondary-rate-limits")):
 		abuseRateLimitError := &AbuseRateLimitError{
 			Response: errorResponse.Response,
 			Message:  errorResponse.Message,
@@ -1281,54 +1292,6 @@ func parseBoolResponse(err error) (bool, error) {
 	return false, err
 }
 
-// Rate represents the rate limit for the current client.
-type Rate struct {
-	// The number of requests per hour the client is currently limited to.
-	Limit int `json:"limit"`
-
-	// The number of remaining requests the client can make this hour.
-	Remaining int `json:"remaining"`
-
-	// The time at which the current rate limit will reset.
-	Reset Timestamp `json:"reset"`
-}
-
-func (r Rate) String() string {
-	return Stringify(r)
-}
-
-// RateLimits represents the rate limits for the current client.
-type RateLimits struct {
-	// The rate limit for non-search API requests. Unauthenticated
-	// requests are limited to 60 per hour. Authenticated requests are
-	// limited to 5,000 per hour.
-	//
-	// GitHub API docs: https://docs.github.com/en/rest/overview/resources-in-the-rest-api#rate-limiting
-	Core *Rate `json:"core"`
-
-	// The rate limit for search API requests. Unauthenticated requests
-	// are limited to 10 requests per minutes. Authenticated requests are
-	// limited to 30 per minute.
-	//
-	// GitHub API docs: https://docs.github.com/en/rest/search#rate-limit
-	Search *Rate `json:"search"`
-
-	// GitHub API docs: https://docs.github.com/en/graphql/overview/resource-limitations#rate-limit
-	GraphQL *Rate `json:"graphql"`
-
-	// GitHub API dos: https://docs.github.com/en/rest/rate-limit
-	IntegrationManifest *Rate `json:"integration_manifest"`
-
-	SourceImport              *Rate `json:"source_import"`
-	CodeScanningUpload        *Rate `json:"code_scanning_upload"`
-	ActionsRunnerRegistration *Rate `json:"actions_runner_registration"`
-	SCIM                      *Rate `json:"scim"`
-}
-
-func (r RateLimits) String() string {
-	return Stringify(r)
-}
-
 type rateLimitCategory uint8
 
 const (
@@ -1347,7 +1310,7 @@ const (
 // category returns the rate limit category of the endpoint, determined by HTTP method and Request.URL.Path.
 func category(method, path string) rateLimitCategory {
 	switch {
-	// https://docs.github.com/en/rest/rate-limit#about-rate-limits
+	// https://docs.github.com/rest/rate-limit#about-rate-limits
 	default:
 		// NOTE: coreCategory is returned for actionsRunnerRegistrationCategory too,
 		// because no API found for this category.
@@ -1361,70 +1324,27 @@ func category(method, path string) rateLimitCategory {
 		method == http.MethodPost:
 		return integrationManifestCategory
 
-	// https://docs.github.com/en/rest/migrations/source-imports#start-an-import
+	// https://docs.github.com/rest/migrations/source-imports#start-an-import
 	case strings.HasPrefix(path, "/repos/") &&
 		strings.HasSuffix(path, "/import") &&
 		method == http.MethodPut:
 		return sourceImportCategory
 
-	// https://docs.github.com/en/rest/code-scanning#upload-an-analysis-as-sarif-data
+	// https://docs.github.com/rest/code-scanning#upload-an-analysis-as-sarif-data
 	case strings.HasSuffix(path, "/code-scanning/sarifs"):
 		return codeScanningUploadCategory
 
-	// https://docs.github.com/en/enterprise-cloud@latest/rest/scim
+	// https://docs.github.com/enterprise-cloud@latest/rest/scim
 	case strings.HasPrefix(path, "/scim/"):
 		return scimCategory
 	}
 }
 
 // RateLimits returns the rate limits for the current client.
+//
+// Deprecated: Use RateLimitService.Get instead.
 func (c *Client) RateLimits(ctx context.Context) (*RateLimits, *Response, error) {
-	req, err := c.NewRequest("GET", "rate_limit", nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	response := new(struct {
-		Resources *RateLimits `json:"resources"`
-	})
-
-	// This resource is not subject to rate limits.
-	ctx = context.WithValue(ctx, bypassRateLimitCheck, true)
-	resp, err := c.Do(ctx, req, response)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	if response.Resources != nil {
-		c.rateMu.Lock()
-		if response.Resources.Core != nil {
-			c.rateLimits[coreCategory] = *response.Resources.Core
-		}
-		if response.Resources.Search != nil {
-			c.rateLimits[searchCategory] = *response.Resources.Search
-		}
-		if response.Resources.GraphQL != nil {
-			c.rateLimits[graphqlCategory] = *response.Resources.GraphQL
-		}
-		if response.Resources.IntegrationManifest != nil {
-			c.rateLimits[integrationManifestCategory] = *response.Resources.IntegrationManifest
-		}
-		if response.Resources.SourceImport != nil {
-			c.rateLimits[sourceImportCategory] = *response.Resources.SourceImport
-		}
-		if response.Resources.CodeScanningUpload != nil {
-			c.rateLimits[codeScanningUploadCategory] = *response.Resources.CodeScanningUpload
-		}
-		if response.Resources.ActionsRunnerRegistration != nil {
-			c.rateLimits[actionsRunnerRegistrationCategory] = *response.Resources.ActionsRunnerRegistration
-		}
-		if response.Resources.SCIM != nil {
-			c.rateLimits[scimCategory] = *response.Resources.SCIM
-		}
-		c.rateMu.Unlock()
-	}
-
-	return response.Resources, resp, nil
+	return c.RateLimit.Get(ctx)
 }
 
 func setCredentialsAsHeaders(req *http.Request, id, secret string) *http.Request {
@@ -1458,7 +1378,7 @@ that need to use a higher rate limit associated with your OAuth application.
 This will add the client id and secret as a base64-encoded string in the format
 ClientID:ClientSecret and apply it as an "Authorization": "Basic" header.
 
-See https://docs.github.com/en/rest/#unauthenticated-rate-limited-requests for
+See https://docs.github.com/rest/#unauthenticated-rate-limited-requests for
 more information.
 */
 type UnauthenticatedRateLimitedTransport struct {
diff --git a/vendor/github.com/google/go-github/v56/github/gitignore.go b/vendor/github.com/google/go-github/v57/github/gitignore.go
similarity index 80%
rename from vendor/github.com/google/go-github/v56/github/gitignore.go
rename to vendor/github.com/google/go-github/v57/github/gitignore.go
index a20a868b44a..34cf285e146 100644
--- a/vendor/github.com/google/go-github/v56/github/gitignore.go
+++ b/vendor/github.com/google/go-github/v57/github/gitignore.go
@@ -13,7 +13,7 @@ import (
 // GitignoresService provides access to the gitignore related functions in the
 // GitHub API.
 //
-// GitHub API docs: https://docs.github.com/en/rest/gitignore/
+// GitHub API docs: https://docs.github.com/rest/gitignore/
 type GitignoresService service
 
 // Gitignore represents a .gitignore file as returned by the GitHub API.
@@ -28,7 +28,9 @@ func (g Gitignore) String() string {
 
 // List all available Gitignore templates.
 //
-// GitHub API docs: https://docs.github.com/en/rest/gitignore/#listing-available-templates
+// GitHub API docs: https://docs.github.com/rest/gitignore/gitignore#get-all-gitignore-templates
+//
+//meta:operation GET /gitignore/templates
 func (s *GitignoresService) List(ctx context.Context) ([]string, *Response, error) {
 	req, err := s.client.NewRequest("GET", "gitignore/templates", nil)
 	if err != nil {
@@ -46,7 +48,9 @@ func (s *GitignoresService) List(ctx context.Context) ([]string, *Response, erro
 
 // Get a Gitignore by name.
 //
-// GitHub API docs: https://docs.github.com/en/rest/gitignore#get-a-gitignore-template
+// GitHub API docs: https://docs.github.com/rest/gitignore/gitignore#get-a-gitignore-template
+//
+//meta:operation GET /gitignore/templates/{name}
 func (s *GitignoresService) Get(ctx context.Context, name string) (*Gitignore, *Response, error) {
 	u := fmt.Sprintf("gitignore/templates/%v", name)
 	req, err := s.client.NewRequest("GET", u, nil)
diff --git a/vendor/github.com/google/go-github/v56/github/interactions.go b/vendor/github.com/google/go-github/v57/github/interactions.go
similarity index 94%
rename from vendor/github.com/google/go-github/v56/github/interactions.go
rename to vendor/github.com/google/go-github/v57/github/interactions.go
index a690f61268f..2268273dd48 100644
--- a/vendor/github.com/google/go-github/v56/github/interactions.go
+++ b/vendor/github.com/google/go-github/v57/github/interactions.go
@@ -8,7 +8,7 @@ package github
 // InteractionsService handles communication with the repository and organization related
 // methods of the GitHub API.
 //
-// GitHub API docs: https://docs.github.com/en/rest/interactions/
+// GitHub API docs: https://docs.github.com/rest/interactions/
 type InteractionsService service
 
 // InteractionRestriction represents the interaction restrictions for repository and organization.
diff --git a/vendor/github.com/google/go-github/v56/github/interactions_orgs.go b/vendor/github.com/google/go-github/v57/github/interactions_orgs.go
similarity index 83%
rename from vendor/github.com/google/go-github/v56/github/interactions_orgs.go
rename to vendor/github.com/google/go-github/v57/github/interactions_orgs.go
index 5c7663f583d..f0ba0b15f04 100644
--- a/vendor/github.com/google/go-github/v56/github/interactions_orgs.go
+++ b/vendor/github.com/google/go-github/v57/github/interactions_orgs.go
@@ -12,7 +12,9 @@ import (
 
 // GetRestrictionsForOrg fetches the interaction restrictions for an organization.
 //
-// GitHub API docs: https://docs.github.com/en/rest/interactions/orgs#get-interaction-restrictions-for-an-organization
+// GitHub API docs: https://docs.github.com/rest/interactions/orgs#get-interaction-restrictions-for-an-organization
+//
+//meta:operation GET /orgs/{org}/interaction-limits
 func (s *InteractionsService) GetRestrictionsForOrg(ctx context.Context, organization string) (*InteractionRestriction, *Response, error) {
 	u := fmt.Sprintf("orgs/%v/interaction-limits", organization)
 	req, err := s.client.NewRequest("GET", u, nil)
@@ -39,7 +41,9 @@ func (s *InteractionsService) GetRestrictionsForOrg(ctx context.Context, organiz
 // in public repositories for the given organization.
 // Possible values are: "existing_users", "contributors_only", "collaborators_only".
 //
-// GitHub API docs: https://docs.github.com/en/rest/interactions/orgs#set-interaction-restrictions-for-an-organization
+// GitHub API docs: https://docs.github.com/rest/interactions/orgs#set-interaction-restrictions-for-an-organization
+//
+//meta:operation PUT /orgs/{org}/interaction-limits
 func (s *InteractionsService) UpdateRestrictionsForOrg(ctx context.Context, organization, limit string) (*InteractionRestriction, *Response, error) {
 	u := fmt.Sprintf("orgs/%v/interaction-limits", organization)
 
@@ -65,7 +69,9 @@ func (s *InteractionsService) UpdateRestrictionsForOrg(ctx context.Context, orga
 
 // RemoveRestrictionsFromOrg removes the interaction restrictions for an organization.
 //
-// GitHub API docs: https://docs.github.com/en/rest/interactions/orgs#remove-interaction-restrictions-for-an-organization
+// GitHub API docs: https://docs.github.com/rest/interactions/orgs#remove-interaction-restrictions-for-an-organization
+//
+//meta:operation DELETE /orgs/{org}/interaction-limits
 func (s *InteractionsService) RemoveRestrictionsFromOrg(ctx context.Context, organization string) (*Response, error) {
 	u := fmt.Sprintf("orgs/%v/interaction-limits", organization)
 	req, err := s.client.NewRequest("DELETE", u, nil)
diff --git a/vendor/github.com/google/go-github/v56/github/interactions_repos.go b/vendor/github.com/google/go-github/v57/github/interactions_repos.go
similarity index 82%
rename from vendor/github.com/google/go-github/v56/github/interactions_repos.go
rename to vendor/github.com/google/go-github/v57/github/interactions_repos.go
index 41e6c5319d0..9c044badd19 100644
--- a/vendor/github.com/google/go-github/v56/github/interactions_repos.go
+++ b/vendor/github.com/google/go-github/v57/github/interactions_repos.go
@@ -12,7 +12,9 @@ import (
 
 // GetRestrictionsForRepo fetches the interaction restrictions for a repository.
 //
-// GitHub API docs: https://docs.github.com/en/rest/interactions/repos#get-interaction-restrictions-for-a-repository
+// GitHub API docs: https://docs.github.com/rest/interactions/repos#get-interaction-restrictions-for-a-repository
+//
+//meta:operation GET /repos/{owner}/{repo}/interaction-limits
 func (s *InteractionsService) GetRestrictionsForRepo(ctx context.Context, owner, repo string) (*InteractionRestriction, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/interaction-limits", owner, repo)
 	req, err := s.client.NewRequest("GET", u, nil)
@@ -39,7 +41,9 @@ func (s *InteractionsService) GetRestrictionsForRepo(ctx context.Context, owner,
 // for the given repository.
 // Possible values are: "existing_users", "contributors_only", "collaborators_only".
 //
-// GitHub API docs: https://docs.github.com/en/rest/interactions/repos#set-interaction-restrictions-for-a-repository
+// GitHub API docs: https://docs.github.com/rest/interactions/repos#set-interaction-restrictions-for-a-repository
+//
+//meta:operation PUT /repos/{owner}/{repo}/interaction-limits
 func (s *InteractionsService) UpdateRestrictionsForRepo(ctx context.Context, owner, repo, limit string) (*InteractionRestriction, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/interaction-limits", owner, repo)
 
@@ -65,7 +69,9 @@ func (s *InteractionsService) UpdateRestrictionsForRepo(ctx context.Context, own
 
 // RemoveRestrictionsFromRepo removes the interaction restrictions for a repository.
 //
-// GitHub API docs: https://docs.github.com/en/rest/interactions/repos#remove-interaction-restrictions-for-a-repository
+// GitHub API docs: https://docs.github.com/rest/interactions/repos#remove-interaction-restrictions-for-a-repository
+//
+//meta:operation DELETE /repos/{owner}/{repo}/interaction-limits
 func (s *InteractionsService) RemoveRestrictionsFromRepo(ctx context.Context, owner, repo string) (*Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/interaction-limits", owner, repo)
 	req, err := s.client.NewRequest("DELETE", u, nil)
diff --git a/vendor/github.com/google/go-github/v56/github/issue_import.go b/vendor/github.com/google/go-github/v57/github/issue_import.go
similarity index 90%
rename from vendor/github.com/google/go-github/v56/github/issue_import.go
rename to vendor/github.com/google/go-github/v57/github/issue_import.go
index 04899772bd1..4f06371085e 100644
--- a/vendor/github.com/google/go-github/v56/github/issue_import.go
+++ b/vendor/github.com/google/go-github/v57/github/issue_import.go
@@ -70,7 +70,9 @@ type IssueImportError struct {
 
 // Create a new imported issue on the specified repository.
 //
-// https://gist.github.com/jonmagic/5282384165e0f86ef105#start-an-issue-import
+// GitHub API docs: https://gist.github.com/jonmagic/5282384165e0f86ef105#start-an-issue-import
+//
+//meta:operation POST /repos/{owner}/{repo}/import/issues
 func (s *IssueImportService) Create(ctx context.Context, owner, repo string, issue *IssueImportRequest) (*IssueImportResponse, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/import/issues", owner, repo)
 	req, err := s.client.NewRequest("POST", u, issue)
@@ -99,7 +101,9 @@ func (s *IssueImportService) Create(ctx context.Context, owner, repo string, iss
 
 // CheckStatus checks the status of an imported issue.
 //
-// https://gist.github.com/jonmagic/5282384165e0f86ef105#import-status-request
+// GitHub API docs: https://gist.github.com/jonmagic/5282384165e0f86ef105#import-status-request
+//
+//meta:operation GET /repos/{owner}/{repo}/import/issues/{issue_number}
 func (s *IssueImportService) CheckStatus(ctx context.Context, owner, repo string, issueID int64) (*IssueImportResponse, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/import/issues/%v", owner, repo, issueID)
 	req, err := s.client.NewRequest("GET", u, nil)
@@ -121,7 +125,9 @@ func (s *IssueImportService) CheckStatus(ctx context.Context, owner, repo string
 
 // CheckStatusSince checks the status of multiple imported issues since a given date.
 //
-// https://gist.github.com/jonmagic/5282384165e0f86ef105#check-status-of-multiple-issues
+// GitHub API docs: https://gist.github.com/jonmagic/5282384165e0f86ef105#check-status-of-multiple-issues
+//
+//meta:operation GET /repos/{owner}/{repo}/import/issues
 func (s *IssueImportService) CheckStatusSince(ctx context.Context, owner, repo string, since Timestamp) ([]*IssueImportResponse, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/import/issues?since=%v", owner, repo, since.Format("2006-01-02"))
 	req, err := s.client.NewRequest("GET", u, nil)
diff --git a/vendor/github.com/google/go-github/v56/github/issues.go b/vendor/github.com/google/go-github/v57/github/issues.go
similarity index 87%
rename from vendor/github.com/google/go-github/v56/github/issues.go
rename to vendor/github.com/google/go-github/v57/github/issues.go
index 42e58a17a8a..1c07fef827b 100644
--- a/vendor/github.com/google/go-github/v56/github/issues.go
+++ b/vendor/github.com/google/go-github/v57/github/issues.go
@@ -14,7 +14,7 @@ import (
 // IssuesService handles communication with the issue related
 // methods of the GitHub API.
 //
-// GitHub API docs: https://docs.github.com/en/rest/issues/
+// GitHub API docs: https://docs.github.com/rest/issues/
 type IssuesService service
 
 // Issue represents a GitHub issue on a repository.
@@ -54,9 +54,10 @@ type Issue struct {
 	Reactions         *Reactions        `json:"reactions,omitempty"`
 	Assignees         []*User           `json:"assignees,omitempty"`
 	NodeID            *string           `json:"node_id,omitempty"`
+	Draft             *bool             `json:"draft,omitempty"`
 
 	// TextMatches is only populated from search results that request text matches
-	// See: search.go and https://docs.github.com/en/rest/search/#text-match-metadata
+	// See: search.go and https://docs.github.com/rest/search/#text-match-metadata
 	TextMatches []*TextMatch `json:"text_matches,omitempty"`
 
 	// ActiveLockReason is populated only when LockReason is provided while locking the issue.
@@ -132,8 +133,11 @@ type PullRequestLinks struct {
 // organization repositories; if false, list only owned and member
 // repositories.
 //
-// GitHub API docs: https://docs.github.com/en/rest/issues/issues#list-user-account-issues-assigned-to-the-authenticated-user
-// GitHub API docs: https://docs.github.com/en/rest/issues/issues#list-issues-assigned-to-the-authenticated-user
+// GitHub API docs: https://docs.github.com/rest/issues/issues#list-issues-assigned-to-the-authenticated-user
+// GitHub API docs: https://docs.github.com/rest/issues/issues#list-user-account-issues-assigned-to-the-authenticated-user
+//
+//meta:operation GET /issues
+//meta:operation GET /user/issues
 func (s *IssuesService) List(ctx context.Context, all bool, opts *IssueListOptions) ([]*Issue, *Response, error) {
 	var u string
 	if all {
@@ -147,7 +151,9 @@ func (s *IssuesService) List(ctx context.Context, all bool, opts *IssueListOptio
 // ListByOrg fetches the issues in the specified organization for the
 // authenticated user.
 //
-// GitHub API docs: https://docs.github.com/en/rest/issues/issues#list-organization-issues-assigned-to-the-authenticated-user
+// GitHub API docs: https://docs.github.com/rest/issues/issues#list-organization-issues-assigned-to-the-authenticated-user
+//
+//meta:operation GET /orgs/{org}/issues
 func (s *IssuesService) ListByOrg(ctx context.Context, org string, opts *IssueListOptions) ([]*Issue, *Response, error) {
 	u := fmt.Sprintf("orgs/%v/issues", org)
 	return s.listIssues(ctx, u, opts)
@@ -218,7 +224,9 @@ type IssueListByRepoOptions struct {
 
 // ListByRepo lists the issues for the specified repository.
 //
-// GitHub API docs: https://docs.github.com/en/rest/issues/issues#list-repository-issues
+// GitHub API docs: https://docs.github.com/rest/issues/issues#list-repository-issues
+//
+//meta:operation GET /repos/{owner}/{repo}/issues
 func (s *IssuesService) ListByRepo(ctx context.Context, owner string, repo string, opts *IssueListByRepoOptions) ([]*Issue, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/issues", owner, repo)
 	u, err := addOptions(u, opts)
@@ -245,7 +253,9 @@ func (s *IssuesService) ListByRepo(ctx context.Context, owner string, repo strin
 
 // Get a single issue.
 //
-// GitHub API docs: https://docs.github.com/en/rest/issues/issues#get-an-issue
+// GitHub API docs: https://docs.github.com/rest/issues/issues#get-an-issue
+//
+//meta:operation GET /repos/{owner}/{repo}/issues/{issue_number}
 func (s *IssuesService) Get(ctx context.Context, owner string, repo string, number int) (*Issue, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/issues/%d", owner, repo, number)
 	req, err := s.client.NewRequest("GET", u, nil)
@@ -267,7 +277,9 @@ func (s *IssuesService) Get(ctx context.Context, owner string, repo string, numb
 
 // Create a new issue on the specified repository.
 //
-// GitHub API docs: https://docs.github.com/en/rest/issues/issues#create-an-issue
+// GitHub API docs: https://docs.github.com/rest/issues/issues#create-an-issue
+//
+//meta:operation POST /repos/{owner}/{repo}/issues
 func (s *IssuesService) Create(ctx context.Context, owner string, repo string, issue *IssueRequest) (*Issue, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/issues", owner, repo)
 	req, err := s.client.NewRequest("POST", u, issue)
@@ -286,7 +298,9 @@ func (s *IssuesService) Create(ctx context.Context, owner string, repo string, i
 
 // Edit (update) an issue.
 //
-// GitHub API docs: https://docs.github.com/en/rest/issues/issues#update-an-issue
+// GitHub API docs: https://docs.github.com/rest/issues/issues#update-an-issue
+//
+//meta:operation PATCH /repos/{owner}/{repo}/issues/{issue_number}
 func (s *IssuesService) Edit(ctx context.Context, owner string, repo string, number int, issue *IssueRequest) (*Issue, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/issues/%d", owner, repo, number)
 	req, err := s.client.NewRequest("PATCH", u, issue)
@@ -303,11 +317,13 @@ func (s *IssuesService) Edit(ctx context.Context, owner string, repo string, num
 	return i, resp, nil
 }
 
-// Remove a milestone from an issue.
+// RemoveMilestone removes a milestone from an issue.
 //
 // This is a helper method to explicitly update an issue with a `null` milestone, thereby removing it.
 //
-// GitHub API docs: https://docs.github.com/en/rest/issues/issues#update-an-issue
+// GitHub API docs: https://docs.github.com/rest/issues/issues#update-an-issue
+//
+//meta:operation PATCH /repos/{owner}/{repo}/issues/{issue_number}
 func (s *IssuesService) RemoveMilestone(ctx context.Context, owner, repo string, issueNumber int) (*Issue, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/issues/%v", owner, repo, issueNumber)
 	req, err := s.client.NewRequest("PATCH", u, &struct {
@@ -337,7 +353,9 @@ type LockIssueOptions struct {
 
 // Lock an issue's conversation.
 //
-// GitHub API docs: https://docs.github.com/en/rest/issues/issues#lock-an-issue
+// GitHub API docs: https://docs.github.com/rest/issues/issues#lock-an-issue
+//
+//meta:operation PUT /repos/{owner}/{repo}/issues/{issue_number}/lock
 func (s *IssuesService) Lock(ctx context.Context, owner string, repo string, number int, opts *LockIssueOptions) (*Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/issues/%d/lock", owner, repo, number)
 	req, err := s.client.NewRequest("PUT", u, opts)
@@ -350,7 +368,9 @@ func (s *IssuesService) Lock(ctx context.Context, owner string, repo string, num
 
 // Unlock an issue's conversation.
 //
-// GitHub API docs: https://docs.github.com/en/rest/issues/issues#unlock-an-issue
+// GitHub API docs: https://docs.github.com/rest/issues/issues#unlock-an-issue
+//
+//meta:operation DELETE /repos/{owner}/{repo}/issues/{issue_number}/lock
 func (s *IssuesService) Unlock(ctx context.Context, owner string, repo string, number int) (*Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/issues/%d/lock", owner, repo, number)
 	req, err := s.client.NewRequest("DELETE", u, nil)
diff --git a/vendor/github.com/google/go-github/v56/github/issues_assignees.go b/vendor/github.com/google/go-github/v57/github/issues_assignees.go
similarity index 79%
rename from vendor/github.com/google/go-github/v56/github/issues_assignees.go
rename to vendor/github.com/google/go-github/v57/github/issues_assignees.go
index b7f2e802437..fd065771ed3 100644
--- a/vendor/github.com/google/go-github/v56/github/issues_assignees.go
+++ b/vendor/github.com/google/go-github/v57/github/issues_assignees.go
@@ -13,7 +13,9 @@ import (
 // ListAssignees fetches all available assignees (owners and collaborators) to
 // which issues may be assigned.
 //
-// GitHub API docs: https://docs.github.com/en/rest/issues/assignees#list-assignees
+// GitHub API docs: https://docs.github.com/rest/issues/assignees#list-assignees
+//
+//meta:operation GET /repos/{owner}/{repo}/assignees
 func (s *IssuesService) ListAssignees(ctx context.Context, owner, repo string, opts *ListOptions) ([]*User, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/assignees", owner, repo)
 	u, err := addOptions(u, opts)
@@ -37,7 +39,9 @@ func (s *IssuesService) ListAssignees(ctx context.Context, owner, repo string, o
 
 // IsAssignee checks if a user is an assignee for the specified repository.
 //
-// GitHub API docs: https://docs.github.com/en/rest/issues/assignees#check-if-a-user-can-be-assigned
+// GitHub API docs: https://docs.github.com/rest/issues/assignees#check-if-a-user-can-be-assigned
+//
+//meta:operation GET /repos/{owner}/{repo}/assignees/{assignee}
 func (s *IssuesService) IsAssignee(ctx context.Context, owner, repo, user string) (bool, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/assignees/%v", owner, repo, user)
 	req, err := s.client.NewRequest("GET", u, nil)
@@ -52,7 +56,9 @@ func (s *IssuesService) IsAssignee(ctx context.Context, owner, repo, user string
 
 // AddAssignees adds the provided GitHub users as assignees to the issue.
 //
-// GitHub API docs: https://docs.github.com/en/rest/issues/assignees#add-assignees-to-an-issue
+// GitHub API docs: https://docs.github.com/rest/issues/assignees#add-assignees-to-an-issue
+//
+//meta:operation POST /repos/{owner}/{repo}/issues/{issue_number}/assignees
 func (s *IssuesService) AddAssignees(ctx context.Context, owner, repo string, number int, assignees []string) (*Issue, *Response, error) {
 	users := &struct {
 		Assignees []string `json:"assignees,omitempty"`
@@ -74,7 +80,9 @@ func (s *IssuesService) AddAssignees(ctx context.Context, owner, repo string, nu
 
 // RemoveAssignees removes the provided GitHub users as assignees from the issue.
 //
-// GitHub API docs: https://docs.github.com/en/rest/issues/assignees#remove-assignees-from-an-issue
+// GitHub API docs: https://docs.github.com/rest/issues/assignees#remove-assignees-from-an-issue
+//
+//meta:operation DELETE /repos/{owner}/{repo}/issues/{issue_number}/assignees
 func (s *IssuesService) RemoveAssignees(ctx context.Context, owner, repo string, number int, assignees []string) (*Issue, *Response, error) {
 	users := &struct {
 		Assignees []string `json:"assignees,omitempty"`
diff --git a/vendor/github.com/google/go-github/v56/github/issues_comments.go b/vendor/github.com/google/go-github/v57/github/issues_comments.go
similarity index 82%
rename from vendor/github.com/google/go-github/v56/github/issues_comments.go
rename to vendor/github.com/google/go-github/v57/github/issues_comments.go
index 17881c093dc..74a4e60f7ca 100644
--- a/vendor/github.com/google/go-github/v56/github/issues_comments.go
+++ b/vendor/github.com/google/go-github/v57/github/issues_comments.go
@@ -50,8 +50,11 @@ type IssueListCommentsOptions struct {
 // ListComments lists all comments on the specified issue. Specifying an issue
 // number of 0 will return all comments on all issues for the repository.
 //
-// GitHub API docs: https://docs.github.com/en/rest/issues/comments#list-issue-comments
-// GitHub API docs: https://docs.github.com/en/rest/issues/comments#list-issue-comments-for-a-repository
+// GitHub API docs: https://docs.github.com/rest/issues/comments#list-issue-comments
+// GitHub API docs: https://docs.github.com/rest/issues/comments#list-issue-comments-for-a-repository
+//
+//meta:operation GET /repos/{owner}/{repo}/issues/comments
+//meta:operation GET /repos/{owner}/{repo}/issues/{issue_number}/comments
 func (s *IssuesService) ListComments(ctx context.Context, owner string, repo string, number int, opts *IssueListCommentsOptions) ([]*IssueComment, *Response, error) {
 	var u string
 	if number == 0 {
@@ -83,7 +86,9 @@ func (s *IssuesService) ListComments(ctx context.Context, owner string, repo str
 
 // GetComment fetches the specified issue comment.
 //
-// GitHub API docs: https://docs.github.com/en/rest/issues/comments#get-an-issue-comment
+// GitHub API docs: https://docs.github.com/rest/issues/comments#get-an-issue-comment
+//
+//meta:operation GET /repos/{owner}/{repo}/issues/comments/{comment_id}
 func (s *IssuesService) GetComment(ctx context.Context, owner string, repo string, commentID int64) (*IssueComment, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/issues/comments/%d", owner, repo, commentID)
 
@@ -106,7 +111,9 @@ func (s *IssuesService) GetComment(ctx context.Context, owner string, repo strin
 
 // CreateComment creates a new comment on the specified issue.
 //
-// GitHub API docs: https://docs.github.com/en/rest/issues/comments#create-an-issue-comment
+// GitHub API docs: https://docs.github.com/rest/issues/comments#create-an-issue-comment
+//
+//meta:operation POST /repos/{owner}/{repo}/issues/{issue_number}/comments
 func (s *IssuesService) CreateComment(ctx context.Context, owner string, repo string, number int, comment *IssueComment) (*IssueComment, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/issues/%d/comments", owner, repo, number)
 	req, err := s.client.NewRequest("POST", u, comment)
@@ -125,7 +132,9 @@ func (s *IssuesService) CreateComment(ctx context.Context, owner string, repo st
 // EditComment updates an issue comment.
 // A non-nil comment.Body must be provided. Other comment fields should be left nil.
 //
-// GitHub API docs: https://docs.github.com/en/rest/issues/comments#update-an-issue-comment
+// GitHub API docs: https://docs.github.com/rest/issues/comments#update-an-issue-comment
+//
+//meta:operation PATCH /repos/{owner}/{repo}/issues/comments/{comment_id}
 func (s *IssuesService) EditComment(ctx context.Context, owner string, repo string, commentID int64, comment *IssueComment) (*IssueComment, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/issues/comments/%d", owner, repo, commentID)
 	req, err := s.client.NewRequest("PATCH", u, comment)
@@ -143,7 +152,9 @@ func (s *IssuesService) EditComment(ctx context.Context, owner string, repo stri
 
 // DeleteComment deletes an issue comment.
 //
-// GitHub API docs: https://docs.github.com/en/rest/issues/comments#delete-an-issue-comment
+// GitHub API docs: https://docs.github.com/rest/issues/comments#delete-an-issue-comment
+//
+//meta:operation DELETE /repos/{owner}/{repo}/issues/comments/{comment_id}
 func (s *IssuesService) DeleteComment(ctx context.Context, owner string, repo string, commentID int64) (*Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/issues/comments/%d", owner, repo, commentID)
 	req, err := s.client.NewRequest("DELETE", u, nil)
diff --git a/vendor/github.com/google/go-github/v56/github/issues_events.go b/vendor/github.com/google/go-github/v57/github/issues_events.go
similarity index 92%
rename from vendor/github.com/google/go-github/v56/github/issues_events.go
rename to vendor/github.com/google/go-github/v57/github/issues_events.go
index 0305fca1168..23a16bcdc72 100644
--- a/vendor/github.com/google/go-github/v56/github/issues_events.go
+++ b/vendor/github.com/google/go-github/v57/github/issues_events.go
@@ -101,7 +101,9 @@ type DismissedReview struct {
 
 // ListIssueEvents lists events for the specified issue.
 //
-// GitHub API docs: https://docs.github.com/en/rest/issues/events#list-issue-events
+// GitHub API docs: https://docs.github.com/rest/issues/events#list-issue-events
+//
+//meta:operation GET /repos/{owner}/{repo}/issues/{issue_number}/events
 func (s *IssuesService) ListIssueEvents(ctx context.Context, owner, repo string, number int, opts *ListOptions) ([]*IssueEvent, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/issues/%v/events", owner, repo, number)
 	u, err := addOptions(u, opts)
@@ -127,7 +129,9 @@ func (s *IssuesService) ListIssueEvents(ctx context.Context, owner, repo string,
 
 // ListRepositoryEvents lists events for the specified repository.
 //
-// GitHub API docs: https://docs.github.com/en/rest/issues/events#list-issue-events-for-a-repository
+// GitHub API docs: https://docs.github.com/rest/issues/events#list-issue-events-for-a-repository
+//
+//meta:operation GET /repos/{owner}/{repo}/issues/events
 func (s *IssuesService) ListRepositoryEvents(ctx context.Context, owner, repo string, opts *ListOptions) ([]*IssueEvent, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/issues/events", owner, repo)
 	u, err := addOptions(u, opts)
@@ -151,7 +155,9 @@ func (s *IssuesService) ListRepositoryEvents(ctx context.Context, owner, repo st
 
 // GetEvent returns the specified issue event.
 //
-// GitHub API docs: https://docs.github.com/en/rest/issues/events#get-an-issue-event
+// GitHub API docs: https://docs.github.com/rest/issues/events#get-an-issue-event
+//
+//meta:operation GET /repos/{owner}/{repo}/issues/events/{event_id}
 func (s *IssuesService) GetEvent(ctx context.Context, owner, repo string, id int64) (*IssueEvent, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/issues/events/%v", owner, repo, id)
 
diff --git a/vendor/github.com/google/go-github/v56/github/issues_labels.go b/vendor/github.com/google/go-github/v57/github/issues_labels.go
similarity index 77%
rename from vendor/github.com/google/go-github/v56/github/issues_labels.go
rename to vendor/github.com/google/go-github/v57/github/issues_labels.go
index d0f865c03f1..51e7fe6a55b 100644
--- a/vendor/github.com/google/go-github/v56/github/issues_labels.go
+++ b/vendor/github.com/google/go-github/v57/github/issues_labels.go
@@ -27,7 +27,9 @@ func (l Label) String() string {
 
 // ListLabels lists all labels for a repository.
 //
-// GitHub API docs: https://docs.github.com/en/rest/issues/labels#list-labels-for-a-repository
+// GitHub API docs: https://docs.github.com/rest/issues/labels#list-labels-for-a-repository
+//
+//meta:operation GET /repos/{owner}/{repo}/labels
 func (s *IssuesService) ListLabels(ctx context.Context, owner string, repo string, opts *ListOptions) ([]*Label, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/labels", owner, repo)
 	u, err := addOptions(u, opts)
@@ -51,7 +53,9 @@ func (s *IssuesService) ListLabels(ctx context.Context, owner string, repo strin
 
 // GetLabel gets a single label.
 //
-// GitHub API docs: https://docs.github.com/en/rest/issues/labels#get-a-label
+// GitHub API docs: https://docs.github.com/rest/issues/labels#get-a-label
+//
+//meta:operation GET /repos/{owner}/{repo}/labels/{name}
 func (s *IssuesService) GetLabel(ctx context.Context, owner string, repo string, name string) (*Label, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/labels/%v", owner, repo, name)
 	req, err := s.client.NewRequest("GET", u, nil)
@@ -70,7 +74,9 @@ func (s *IssuesService) GetLabel(ctx context.Context, owner string, repo string,
 
 // CreateLabel creates a new label on the specified repository.
 //
-// GitHub API docs: https://docs.github.com/en/rest/issues/labels#create-a-label
+// GitHub API docs: https://docs.github.com/rest/issues/labels#create-a-label
+//
+//meta:operation POST /repos/{owner}/{repo}/labels
 func (s *IssuesService) CreateLabel(ctx context.Context, owner string, repo string, label *Label) (*Label, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/labels", owner, repo)
 	req, err := s.client.NewRequest("POST", u, label)
@@ -89,7 +95,9 @@ func (s *IssuesService) CreateLabel(ctx context.Context, owner string, repo stri
 
 // EditLabel edits a label.
 //
-// GitHub API docs: https://docs.github.com/en/rest/issues/labels#update-a-label
+// GitHub API docs: https://docs.github.com/rest/issues/labels#update-a-label
+//
+//meta:operation PATCH /repos/{owner}/{repo}/labels/{name}
 func (s *IssuesService) EditLabel(ctx context.Context, owner string, repo string, name string, label *Label) (*Label, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/labels/%v", owner, repo, name)
 	req, err := s.client.NewRequest("PATCH", u, label)
@@ -108,7 +116,9 @@ func (s *IssuesService) EditLabel(ctx context.Context, owner string, repo string
 
 // DeleteLabel deletes a label.
 //
-// GitHub API docs: https://docs.github.com/en/rest/issues/labels#delete-a-label
+// GitHub API docs: https://docs.github.com/rest/issues/labels#delete-a-label
+//
+//meta:operation DELETE /repos/{owner}/{repo}/labels/{name}
 func (s *IssuesService) DeleteLabel(ctx context.Context, owner string, repo string, name string) (*Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/labels/%v", owner, repo, name)
 	req, err := s.client.NewRequest("DELETE", u, nil)
@@ -120,7 +130,9 @@ func (s *IssuesService) DeleteLabel(ctx context.Context, owner string, repo stri
 
 // ListLabelsByIssue lists all labels for an issue.
 //
-// GitHub API docs: https://docs.github.com/en/rest/issues/labels#list-labels-for-an-issue
+// GitHub API docs: https://docs.github.com/rest/issues/labels#list-labels-for-an-issue
+//
+//meta:operation GET /repos/{owner}/{repo}/issues/{issue_number}/labels
 func (s *IssuesService) ListLabelsByIssue(ctx context.Context, owner string, repo string, number int, opts *ListOptions) ([]*Label, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/issues/%d/labels", owner, repo, number)
 	u, err := addOptions(u, opts)
@@ -144,7 +156,9 @@ func (s *IssuesService) ListLabelsByIssue(ctx context.Context, owner string, rep
 
 // AddLabelsToIssue adds labels to an issue.
 //
-// GitHub API docs: https://docs.github.com/en/rest/issues/labels#add-labels-to-an-issue
+// GitHub API docs: https://docs.github.com/rest/issues/labels#add-labels-to-an-issue
+//
+//meta:operation POST /repos/{owner}/{repo}/issues/{issue_number}/labels
 func (s *IssuesService) AddLabelsToIssue(ctx context.Context, owner string, repo string, number int, labels []string) ([]*Label, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/issues/%d/labels", owner, repo, number)
 	req, err := s.client.NewRequest("POST", u, labels)
@@ -163,7 +177,9 @@ func (s *IssuesService) AddLabelsToIssue(ctx context.Context, owner string, repo
 
 // RemoveLabelForIssue removes a label for an issue.
 //
-// GitHub API docs: https://docs.github.com/en/rest/issues/labels#remove-a-label-from-an-issue
+// GitHub API docs: https://docs.github.com/rest/issues/labels#remove-a-label-from-an-issue
+//
+//meta:operation DELETE /repos/{owner}/{repo}/issues/{issue_number}/labels/{name}
 func (s *IssuesService) RemoveLabelForIssue(ctx context.Context, owner string, repo string, number int, label string) (*Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/issues/%d/labels/%v", owner, repo, number, label)
 	req, err := s.client.NewRequest("DELETE", u, nil)
@@ -176,7 +192,9 @@ func (s *IssuesService) RemoveLabelForIssue(ctx context.Context, owner string, r
 
 // ReplaceLabelsForIssue replaces all labels for an issue.
 //
-// GitHub API docs: https://docs.github.com/en/rest/issues/labels#set-labels-for-an-issue
+// GitHub API docs: https://docs.github.com/rest/issues/labels#set-labels-for-an-issue
+//
+//meta:operation PUT /repos/{owner}/{repo}/issues/{issue_number}/labels
 func (s *IssuesService) ReplaceLabelsForIssue(ctx context.Context, owner string, repo string, number int, labels []string) ([]*Label, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/issues/%d/labels", owner, repo, number)
 	req, err := s.client.NewRequest("PUT", u, labels)
@@ -195,7 +213,9 @@ func (s *IssuesService) ReplaceLabelsForIssue(ctx context.Context, owner string,
 
 // RemoveLabelsForIssue removes all labels for an issue.
 //
-// GitHub API docs: https://docs.github.com/en/rest/issues/labels#remove-all-labels-from-an-issue
+// GitHub API docs: https://docs.github.com/rest/issues/labels#remove-all-labels-from-an-issue
+//
+//meta:operation DELETE /repos/{owner}/{repo}/issues/{issue_number}/labels
 func (s *IssuesService) RemoveLabelsForIssue(ctx context.Context, owner string, repo string, number int) (*Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/issues/%d/labels", owner, repo, number)
 	req, err := s.client.NewRequest("DELETE", u, nil)
@@ -208,7 +228,9 @@ func (s *IssuesService) RemoveLabelsForIssue(ctx context.Context, owner string,
 
 // ListLabelsForMilestone lists labels for every issue in a milestone.
 //
-// GitHub API docs: https://docs.github.com/en/rest/issues/labels#list-labels-for-issues-in-a-milestone
+// GitHub API docs: https://docs.github.com/rest/issues/labels#list-labels-for-issues-in-a-milestone
+//
+//meta:operation GET /repos/{owner}/{repo}/milestones/{milestone_number}/labels
 func (s *IssuesService) ListLabelsForMilestone(ctx context.Context, owner string, repo string, number int, opts *ListOptions) ([]*Label, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/milestones/%d/labels", owner, repo, number)
 	u, err := addOptions(u, opts)
diff --git a/vendor/github.com/google/go-github/v56/github/issues_milestones.go b/vendor/github.com/google/go-github/v57/github/issues_milestones.go
similarity index 84%
rename from vendor/github.com/google/go-github/v56/github/issues_milestones.go
rename to vendor/github.com/google/go-github/v57/github/issues_milestones.go
index 897c7c0b6da..6c31bcd054d 100644
--- a/vendor/github.com/google/go-github/v56/github/issues_milestones.go
+++ b/vendor/github.com/google/go-github/v57/github/issues_milestones.go
@@ -54,7 +54,9 @@ type MilestoneListOptions struct {
 
 // ListMilestones lists all milestones for a repository.
 //
-// GitHub API docs: https://docs.github.com/en/rest/issues/milestones#list-milestones
+// GitHub API docs: https://docs.github.com/rest/issues/milestones#list-milestones
+//
+//meta:operation GET /repos/{owner}/{repo}/milestones
 func (s *IssuesService) ListMilestones(ctx context.Context, owner string, repo string, opts *MilestoneListOptions) ([]*Milestone, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/milestones", owner, repo)
 	u, err := addOptions(u, opts)
@@ -78,7 +80,9 @@ func (s *IssuesService) ListMilestones(ctx context.Context, owner string, repo s
 
 // GetMilestone gets a single milestone.
 //
-// GitHub API docs: https://docs.github.com/en/rest/issues/milestones#get-a-milestone
+// GitHub API docs: https://docs.github.com/rest/issues/milestones#get-a-milestone
+//
+//meta:operation GET /repos/{owner}/{repo}/milestones/{milestone_number}
 func (s *IssuesService) GetMilestone(ctx context.Context, owner string, repo string, number int) (*Milestone, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/milestones/%d", owner, repo, number)
 	req, err := s.client.NewRequest("GET", u, nil)
@@ -97,7 +101,9 @@ func (s *IssuesService) GetMilestone(ctx context.Context, owner string, repo str
 
 // CreateMilestone creates a new milestone on the specified repository.
 //
-// GitHub API docs: https://docs.github.com/en/rest/issues/milestones#create-a-milestone
+// GitHub API docs: https://docs.github.com/rest/issues/milestones#create-a-milestone
+//
+//meta:operation POST /repos/{owner}/{repo}/milestones
 func (s *IssuesService) CreateMilestone(ctx context.Context, owner string, repo string, milestone *Milestone) (*Milestone, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/milestones", owner, repo)
 	req, err := s.client.NewRequest("POST", u, milestone)
@@ -116,7 +122,9 @@ func (s *IssuesService) CreateMilestone(ctx context.Context, owner string, repo
 
 // EditMilestone edits a milestone.
 //
-// GitHub API docs: https://docs.github.com/en/rest/issues/milestones#update-a-milestone
+// GitHub API docs: https://docs.github.com/rest/issues/milestones#update-a-milestone
+//
+//meta:operation PATCH /repos/{owner}/{repo}/milestones/{milestone_number}
 func (s *IssuesService) EditMilestone(ctx context.Context, owner string, repo string, number int, milestone *Milestone) (*Milestone, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/milestones/%d", owner, repo, number)
 	req, err := s.client.NewRequest("PATCH", u, milestone)
@@ -135,7 +143,9 @@ func (s *IssuesService) EditMilestone(ctx context.Context, owner string, repo st
 
 // DeleteMilestone deletes a milestone.
 //
-// GitHub API docs: https://docs.github.com/en/rest/issues/milestones#delete-a-milestone
+// GitHub API docs: https://docs.github.com/rest/issues/milestones#delete-a-milestone
+//
+//meta:operation DELETE /repos/{owner}/{repo}/milestones/{milestone_number}
 func (s *IssuesService) DeleteMilestone(ctx context.Context, owner string, repo string, number int) (*Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/milestones/%d", owner, repo, number)
 	req, err := s.client.NewRequest("DELETE", u, nil)
diff --git a/vendor/github.com/google/go-github/v56/github/issues_timeline.go b/vendor/github.com/google/go-github/v57/github/issues_timeline.go
similarity index 95%
rename from vendor/github.com/google/go-github/v56/github/issues_timeline.go
rename to vendor/github.com/google/go-github/v57/github/issues_timeline.go
index 8ac02ac14dc..0aa589afe40 100644
--- a/vendor/github.com/google/go-github/v56/github/issues_timeline.go
+++ b/vendor/github.com/google/go-github/v57/github/issues_timeline.go
@@ -14,7 +14,7 @@ import (
 // Timeline represents an event that occurred around an Issue or Pull Request.
 //
 // It is similar to an IssueEvent but may contain more information.
-// GitHub API docs: https://docs.github.com/en/developers/webhooks-and-events/events/issue-event-types
+// GitHub API docs: https://docs.github.com/developers/webhooks-and-events/events/issue-event-types
 type Timeline struct {
 	ID        *int64  `json:"id,omitempty"`
 	URL       *string `json:"url,omitempty"`
@@ -166,7 +166,9 @@ type Source struct {
 
 // ListIssueTimeline lists events for the specified issue.
 //
-// GitHub API docs: https://docs.github.com/en/rest/issues/timeline#list-timeline-events-for-an-issue
+// GitHub API docs: https://docs.github.com/rest/issues/timeline#list-timeline-events-for-an-issue
+//
+//meta:operation GET /repos/{owner}/{repo}/issues/{issue_number}/timeline
 func (s *IssuesService) ListIssueTimeline(ctx context.Context, owner, repo string, number int, opts *ListOptions) ([]*Timeline, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/issues/%v/timeline", owner, repo, number)
 	u, err := addOptions(u, opts)
diff --git a/vendor/github.com/google/go-github/v56/github/licenses.go b/vendor/github.com/google/go-github/v57/github/licenses.go
similarity index 89%
rename from vendor/github.com/google/go-github/v56/github/licenses.go
rename to vendor/github.com/google/go-github/v57/github/licenses.go
index 0877b6d1831..34b8a3d8af1 100644
--- a/vendor/github.com/google/go-github/v56/github/licenses.go
+++ b/vendor/github.com/google/go-github/v57/github/licenses.go
@@ -13,7 +13,7 @@ import (
 // LicensesService handles communication with the license related
 // methods of the GitHub API.
 //
-// GitHub API docs: https://docs.github.com/en/rest/licenses/
+// GitHub API docs: https://docs.github.com/rest/licenses/
 type LicensesService service
 
 // RepositoryLicense represents the license for a repository.
@@ -60,7 +60,9 @@ func (l License) String() string {
 
 // List popular open source licenses.
 //
-// GitHub API docs: https://docs.github.com/en/rest/licenses/#list-all-licenses
+// GitHub API docs: https://docs.github.com/rest/licenses/licenses#get-all-commonly-used-licenses
+//
+//meta:operation GET /licenses
 func (s *LicensesService) List(ctx context.Context) ([]*License, *Response, error) {
 	req, err := s.client.NewRequest("GET", "licenses", nil)
 	if err != nil {
@@ -78,7 +80,9 @@ func (s *LicensesService) List(ctx context.Context) ([]*License, *Response, erro
 
 // Get extended metadata for one license.
 //
-// GitHub API docs: https://docs.github.com/en/rest/licenses#get-a-license
+// GitHub API docs: https://docs.github.com/rest/licenses/licenses#get-a-license
+//
+//meta:operation GET /licenses/{license}
 func (s *LicensesService) Get(ctx context.Context, licenseName string) (*License, *Response, error) {
 	u := fmt.Sprintf("licenses/%s", licenseName)
 
diff --git a/vendor/github.com/google/go-github/v56/github/markdown.go b/vendor/github.com/google/go-github/v57/github/markdown.go
similarity index 98%
rename from vendor/github.com/google/go-github/v56/github/markdown.go
rename to vendor/github.com/google/go-github/v57/github/markdown.go
index 48b445b3d85..fe3b31128d5 100644
--- a/vendor/github.com/google/go-github/v56/github/markdown.go
+++ b/vendor/github.com/google/go-github/v57/github/markdown.go
@@ -41,6 +41,8 @@ type markdownRenderRequest struct {
 // Render renders an arbitrary Render document.
 //
 // GitHub API docs: https://docs.github.com/rest/markdown/markdown#render-a-markdown-document
+//
+//meta:operation POST /markdown
 func (s *MarkdownService) Render(ctx context.Context, text string, opts *MarkdownOptions) (string, *Response, error) {
 	request := &markdownRenderRequest{Text: String(text)}
 	if opts != nil {
diff --git a/vendor/github.com/google/go-github/v56/github/messages.go b/vendor/github.com/google/go-github/v57/github/messages.go
similarity index 97%
rename from vendor/github.com/google/go-github/v56/github/messages.go
rename to vendor/github.com/google/go-github/v57/github/messages.go
index c16b6015284..72edbd9feef 100644
--- a/vendor/github.com/google/go-github/v56/github/messages.go
+++ b/vendor/github.com/google/go-github/v57/github/messages.go
@@ -281,14 +281,14 @@ func ValidateSignature(signature string, payload, secretToken []byte) error {
 
 // WebHookType returns the event type of webhook request r.
 //
-// GitHub API docs: https://docs.github.com/en/developers/webhooks-and-events/events/github-event-types
+// GitHub API docs: https://docs.github.com/developers/webhooks-and-events/events/github-event-types
 func WebHookType(r *http.Request) string {
 	return r.Header.Get(EventTypeHeader)
 }
 
 // DeliveryID returns the unique delivery ID of webhook request r.
 //
-// GitHub API docs: https://docs.github.com/en/developers/webhooks-and-events/events/github-event-types
+// GitHub API docs: https://docs.github.com/developers/webhooks-and-events/events/github-event-types
 func DeliveryID(r *http.Request) string {
 	return r.Header.Get(DeliveryIDHeader)
 }
@@ -326,7 +326,7 @@ func ParseWebHook(messageType string, payload []byte) (interface{}, error) {
 	return event.ParsePayload()
 }
 
-// WebhookTypes returns a sorted list of all the known GitHub event type strings
+// MessageTypes returns a sorted list of all the known GitHub event type strings
 // supported by go-github.
 func MessageTypes() []string {
 	types := make([]string, 0, len(eventTypeMapping))
diff --git a/vendor/github.com/google/go-github/v56/github/meta.go b/vendor/github.com/google/go-github/v57/github/meta.go
similarity index 90%
rename from vendor/github.com/google/go-github/v56/github/meta.go
rename to vendor/github.com/google/go-github/v57/github/meta.go
index a4d9bac77b4..1da8fcf1326 100644
--- a/vendor/github.com/google/go-github/v56/github/meta.go
+++ b/vendor/github.com/google/go-github/v57/github/meta.go
@@ -32,6 +32,10 @@ type APIMeta struct {
 	// not supported on these servers.)
 	VerifiablePasswordAuthentication *bool `json:"verifiable_password_authentication,omitempty"`
 
+	// An array of IP addresses in CIDR format specifying the addresses
+	// which serve GitHub Packages.
+	Packages []string `json:"packages,omitempty"`
+
 	// An array of IP addresses in CIDR format specifying the addresses
 	// which serve GitHub Pages websites.
 	Pages []string `json:"pages,omitempty"`
@@ -68,6 +72,8 @@ type APIMeta struct {
 // endpoint provides information about that installation.
 //
 // GitHub API docs: https://docs.github.com/rest/meta/meta#get-github-meta-information
+//
+//meta:operation GET /meta
 func (s *MetaService) Get(ctx context.Context) (*APIMeta, *Response, error) {
 	req, err := s.client.NewRequest("GET", "meta", nil)
 	if err != nil {
@@ -83,7 +89,8 @@ func (s *MetaService) Get(ctx context.Context) (*APIMeta, *Response, error) {
 	return meta, resp, nil
 }
 
-// APIMeta
+// APIMeta returns information about GitHub.com.
+//
 // Deprecated: Use MetaService.Get instead.
 func (c *Client) APIMeta(ctx context.Context) (*APIMeta, *Response, error) {
 	return c.Meta.Get(ctx)
@@ -93,6 +100,8 @@ func (c *Client) APIMeta(ctx context.Context) (*APIMeta, *Response, error) {
 // bubble. If message is empty, a random zen phrase is used.
 //
 // GitHub API docs: https://docs.github.com/rest/meta/meta#get-octocat
+//
+//meta:operation GET /octocat
 func (s *MetaService) Octocat(ctx context.Context, message string) (string, *Response, error) {
 	u := "octocat"
 	if message != "" {
@@ -113,7 +122,9 @@ func (s *MetaService) Octocat(ctx context.Context, message string) (string, *Res
 	return buf.String(), resp, nil
 }
 
-// Octocat
+// Octocat returns an ASCII art octocat with the specified message in a speech
+// bubble. If message is empty, a random zen phrase is used.
+//
 // Deprecated: Use MetaService.Octocat instead.
 func (c *Client) Octocat(ctx context.Context, message string) (string, *Response, error) {
 	return c.Meta.Octocat(ctx, message)
@@ -124,6 +135,8 @@ func (c *Client) Octocat(ctx context.Context, message string) (string, *Response
 // See also: http://warpspire.com/posts/taste/
 //
 // GitHub API docs: https://docs.github.com/rest/meta/meta#get-the-zen-of-github
+//
+//meta:operation GET /zen
 func (s *MetaService) Zen(ctx context.Context) (string, *Response, error) {
 	req, err := s.client.NewRequest("GET", "zen", nil)
 	if err != nil {
@@ -139,7 +152,8 @@ func (s *MetaService) Zen(ctx context.Context) (string, *Response, error) {
 	return buf.String(), resp, nil
 }
 
-// Zen
+// Zen returns a random line from The Zen of GitHub.
+//
 // Deprecated: Use MetaService.Zen instead.
 func (c *Client) Zen(ctx context.Context) (string, *Response, error) {
 	return c.Meta.Zen(ctx)
diff --git a/vendor/github.com/google/go-github/v56/github/migrations.go b/vendor/github.com/google/go-github/v57/github/migrations.go
similarity index 86%
rename from vendor/github.com/google/go-github/v56/github/migrations.go
rename to vendor/github.com/google/go-github/v57/github/migrations.go
index 67989c0789f..5af8817050f 100644
--- a/vendor/github.com/google/go-github/v56/github/migrations.go
+++ b/vendor/github.com/google/go-github/v57/github/migrations.go
@@ -16,7 +16,7 @@ import (
 // MigrationService provides access to the migration related functions
 // in the GitHub API.
 //
-// GitHub API docs: https://docs.github.com/en/rest/migration/
+// GitHub API docs: https://docs.github.com/rest/migration/
 type MigrationService service
 
 // Migration represents a GitHub migration (archival).
@@ -74,7 +74,9 @@ type startMigration struct {
 // StartMigration starts the generation of a migration archive.
 // repos is a slice of repository names to migrate.
 //
-// GitHub API docs: https://docs.github.com/en/rest/migrations/orgs#start-an-organization-migration
+// GitHub API docs: https://docs.github.com/rest/migrations/orgs#start-an-organization-migration
+//
+//meta:operation POST /orgs/{org}/migrations
 func (s *MigrationService) StartMigration(ctx context.Context, org string, repos []string, opts *MigrationOptions) (*Migration, *Response, error) {
 	u := fmt.Sprintf("orgs/%v/migrations", org)
 
@@ -103,7 +105,9 @@ func (s *MigrationService) StartMigration(ctx context.Context, org string, repos
 
 // ListMigrations lists the most recent migrations.
 //
-// GitHub API docs: https://docs.github.com/en/rest/migrations/orgs#list-organization-migrations
+// GitHub API docs: https://docs.github.com/rest/migrations/orgs#list-organization-migrations
+//
+//meta:operation GET /orgs/{org}/migrations
 func (s *MigrationService) ListMigrations(ctx context.Context, org string, opts *ListOptions) ([]*Migration, *Response, error) {
 	u := fmt.Sprintf("orgs/%v/migrations", org)
 	u, err := addOptions(u, opts)
@@ -131,7 +135,9 @@ func (s *MigrationService) ListMigrations(ctx context.Context, org string, opts
 // MigrationStatus gets the status of a specific migration archive.
 // id is the migration ID.
 //
-// GitHub API docs: https://docs.github.com/en/rest/migrations/orgs#get-an-organization-migration-status
+// GitHub API docs: https://docs.github.com/rest/migrations/orgs#get-an-organization-migration-status
+//
+//meta:operation GET /orgs/{org}/migrations/{migration_id}
 func (s *MigrationService) MigrationStatus(ctx context.Context, org string, id int64) (*Migration, *Response, error) {
 	u := fmt.Sprintf("orgs/%v/migrations/%v", org, id)
 
@@ -155,7 +161,9 @@ func (s *MigrationService) MigrationStatus(ctx context.Context, org string, id i
 // MigrationArchiveURL fetches a migration archive URL.
 // id is the migration ID.
 //
-// GitHub API docs: https://docs.github.com/en/rest/migrations/orgs#download-an-organization-migration-archive
+// GitHub API docs: https://docs.github.com/rest/migrations/orgs#download-an-organization-migration-archive
+//
+//meta:operation GET /orgs/{org}/migrations/{migration_id}/archive
 func (s *MigrationService) MigrationArchiveURL(ctx context.Context, org string, id int64) (url string, err error) {
 	u := fmt.Sprintf("orgs/%v/migrations/%v/archive", org, id)
 
@@ -192,7 +200,9 @@ func (s *MigrationService) MigrationArchiveURL(ctx context.Context, org string,
 // DeleteMigration deletes a previous migration archive.
 // id is the migration ID.
 //
-// GitHub API docs: https://docs.github.com/en/rest/migrations/orgs#delete-an-organization-migration-archive
+// GitHub API docs: https://docs.github.com/rest/migrations/orgs#delete-an-organization-migration-archive
+//
+//meta:operation DELETE /orgs/{org}/migrations/{migration_id}/archive
 func (s *MigrationService) DeleteMigration(ctx context.Context, org string, id int64) (*Response, error) {
 	u := fmt.Sprintf("orgs/%v/migrations/%v/archive", org, id)
 
@@ -212,7 +222,9 @@ func (s *MigrationService) DeleteMigration(ctx context.Context, org string, id i
 // You should unlock each migrated repository and delete them when the migration
 // is complete and you no longer need the source data.
 //
-// GitHub API docs: https://docs.github.com/en/rest/migrations/orgs#unlock-an-organization-repository
+// GitHub API docs: https://docs.github.com/rest/migrations/orgs#unlock-an-organization-repository
+//
+//meta:operation DELETE /orgs/{org}/migrations/{migration_id}/repos/{repo_name}/lock
 func (s *MigrationService) UnlockRepo(ctx context.Context, org string, id int64, repo string) (*Response, error) {
 	u := fmt.Sprintf("orgs/%v/migrations/%v/repos/%v/lock", org, id, repo)
 
diff --git a/vendor/github.com/google/go-github/v56/github/migrations_source_import.go b/vendor/github.com/google/go-github/v57/github/migrations_source_import.go
similarity index 88%
rename from vendor/github.com/google/go-github/v56/github/migrations_source_import.go
rename to vendor/github.com/google/go-github/v57/github/migrations_source_import.go
index 74a04b22a4e..3b161232f6a 100644
--- a/vendor/github.com/google/go-github/v56/github/migrations_source_import.go
+++ b/vendor/github.com/google/go-github/v57/github/migrations_source_import.go
@@ -115,7 +115,7 @@ func (i Import) String() string {
 
 // SourceImportAuthor identifies an author imported from a source repository.
 //
-// GitHub API docs: https://docs.github.com/en/rest/migration/source_imports/#get-commit-authors
+// GitHub API docs: https://docs.github.com/rest/migration/source_imports/#get-commit-authors
 type SourceImportAuthor struct {
 	ID         *int64  `json:"id,omitempty"`
 	RemoteID   *string `json:"remote_id,omitempty"`
@@ -132,7 +132,7 @@ func (a SourceImportAuthor) String() string {
 
 // LargeFile identifies a file larger than 100MB found during a repository import.
 //
-// GitHub API docs: https://docs.github.com/en/rest/migration/source_imports/#get-large-files
+// GitHub API docs: https://docs.github.com/rest/migration/source_imports/#get-large-files
 type LargeFile struct {
 	RefName *string `json:"ref_name,omitempty"`
 	Path    *string `json:"path,omitempty"`
@@ -146,7 +146,9 @@ func (f LargeFile) String() string {
 
 // StartImport initiates a repository import.
 //
-// GitHub API docs: https://docs.github.com/en/rest/migrations/source-imports#start-an-import
+// GitHub API docs: https://docs.github.com/rest/migrations/source-imports#start-an-import
+//
+//meta:operation PUT /repos/{owner}/{repo}/import
 func (s *MigrationService) StartImport(ctx context.Context, owner, repo string, in *Import) (*Import, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/import", owner, repo)
 	req, err := s.client.NewRequest("PUT", u, in)
@@ -165,7 +167,9 @@ func (s *MigrationService) StartImport(ctx context.Context, owner, repo string,
 
 // ImportProgress queries for the status and progress of an ongoing repository import.
 //
-// GitHub API docs: https://docs.github.com/en/rest/migrations/source-imports#get-an-import-status
+// GitHub API docs: https://docs.github.com/rest/migrations/source-imports#get-an-import-status
+//
+//meta:operation GET /repos/{owner}/{repo}/import
 func (s *MigrationService) ImportProgress(ctx context.Context, owner, repo string) (*Import, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/import", owner, repo)
 	req, err := s.client.NewRequest("GET", u, nil)
@@ -184,7 +188,9 @@ func (s *MigrationService) ImportProgress(ctx context.Context, owner, repo strin
 
 // UpdateImport initiates a repository import.
 //
-// GitHub API docs: https://docs.github.com/en/rest/migrations/source-imports#update-an-import
+// GitHub API docs: https://docs.github.com/rest/migrations/source-imports#update-an-import
+//
+//meta:operation PATCH /repos/{owner}/{repo}/import
 func (s *MigrationService) UpdateImport(ctx context.Context, owner, repo string, in *Import) (*Import, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/import", owner, repo)
 	req, err := s.client.NewRequest("PATCH", u, in)
@@ -213,7 +219,9 @@ func (s *MigrationService) UpdateImport(ctx context.Context, owner, repo string,
 // This method and MapCommitAuthor allow you to provide correct Git author
 // information.
 //
-// GitHub API docs: https://docs.github.com/en/rest/migrations/source-imports#get-commit-authors
+// GitHub API docs: https://docs.github.com/rest/migrations/source-imports#get-commit-authors
+//
+//meta:operation GET /repos/{owner}/{repo}/import/authors
 func (s *MigrationService) CommitAuthors(ctx context.Context, owner, repo string) ([]*SourceImportAuthor, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/import/authors", owner, repo)
 	req, err := s.client.NewRequest("GET", u, nil)
@@ -234,7 +242,9 @@ func (s *MigrationService) CommitAuthors(ctx context.Context, owner, repo string
 // application can continue updating authors any time before you push new
 // commits to the repository.
 //
-// GitHub API docs: https://docs.github.com/en/rest/migrations/source-imports#map-a-commit-author
+// GitHub API docs: https://docs.github.com/rest/migrations/source-imports#map-a-commit-author
+//
+//meta:operation PATCH /repos/{owner}/{repo}/import/authors/{author_id}
 func (s *MigrationService) MapCommitAuthor(ctx context.Context, owner, repo string, id int64, author *SourceImportAuthor) (*SourceImportAuthor, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/import/authors/%v", owner, repo, id)
 	req, err := s.client.NewRequest("PATCH", u, author)
@@ -255,7 +265,9 @@ func (s *MigrationService) MapCommitAuthor(ctx context.Context, owner, repo stri
 // files larger than 100MB. Only the UseLFS field on the provided Import is
 // used.
 //
-// GitHub API docs: https://docs.github.com/en/rest/migrations/source-imports#update-git-lfs-preference
+// GitHub API docs: https://docs.github.com/rest/migrations/source-imports#update-git-lfs-preference
+//
+//meta:operation PATCH /repos/{owner}/{repo}/import/lfs
 func (s *MigrationService) SetLFSPreference(ctx context.Context, owner, repo string, in *Import) (*Import, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/import/lfs", owner, repo)
 	req, err := s.client.NewRequest("PATCH", u, in)
@@ -274,7 +286,9 @@ func (s *MigrationService) SetLFSPreference(ctx context.Context, owner, repo str
 
 // LargeFiles lists files larger than 100MB found during the import.
 //
-// GitHub API docs: https://docs.github.com/en/rest/migrations/source-imports#get-large-files
+// GitHub API docs: https://docs.github.com/rest/migrations/source-imports#get-large-files
+//
+//meta:operation GET /repos/{owner}/{repo}/import/large_files
 func (s *MigrationService) LargeFiles(ctx context.Context, owner, repo string) ([]*LargeFile, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/import/large_files", owner, repo)
 	req, err := s.client.NewRequest("GET", u, nil)
@@ -293,7 +307,9 @@ func (s *MigrationService) LargeFiles(ctx context.Context, owner, repo string) (
 
 // CancelImport stops an import for a repository.
 //
-// GitHub API docs: https://docs.github.com/en/rest/migrations/source-imports#cancel-an-import
+// GitHub API docs: https://docs.github.com/rest/migrations/source-imports#cancel-an-import
+//
+//meta:operation DELETE /repos/{owner}/{repo}/import
 func (s *MigrationService) CancelImport(ctx context.Context, owner, repo string) (*Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/import", owner, repo)
 	req, err := s.client.NewRequest("DELETE", u, nil)
diff --git a/vendor/github.com/google/go-github/v56/github/migrations_user.go b/vendor/github.com/google/go-github/v57/github/migrations_user.go
similarity index 87%
rename from vendor/github.com/google/go-github/v56/github/migrations_user.go
rename to vendor/github.com/google/go-github/v57/github/migrations_user.go
index 6586fdb2d3f..1f907cd4ec2 100644
--- a/vendor/github.com/google/go-github/v56/github/migrations_user.go
+++ b/vendor/github.com/google/go-github/v57/github/migrations_user.go
@@ -67,7 +67,9 @@ type startUserMigration struct {
 // StartUserMigration starts the generation of a migration archive.
 // repos is a slice of repository names to migrate.
 //
-// GitHub API docs: https://docs.github.com/en/rest/migrations/users#start-a-user-migration
+// GitHub API docs: https://docs.github.com/rest/migrations/users#start-a-user-migration
+//
+//meta:operation POST /user/migrations
 func (s *MigrationService) StartUserMigration(ctx context.Context, repos []string, opts *UserMigrationOptions) (*UserMigration, *Response, error) {
 	u := "user/migrations"
 
@@ -96,7 +98,9 @@ func (s *MigrationService) StartUserMigration(ctx context.Context, repos []strin
 
 // ListUserMigrations lists the most recent migrations.
 //
-// GitHub API docs: https://docs.github.com/en/rest/migrations/users#list-user-migrations
+// GitHub API docs: https://docs.github.com/rest/migrations/users#list-user-migrations
+//
+//meta:operation GET /user/migrations
 func (s *MigrationService) ListUserMigrations(ctx context.Context, opts *ListOptions) ([]*UserMigration, *Response, error) {
 	u := "user/migrations"
 	u, err := addOptions(u, opts)
@@ -124,7 +128,9 @@ func (s *MigrationService) ListUserMigrations(ctx context.Context, opts *ListOpt
 // UserMigrationStatus gets the status of a specific migration archive.
 // id is the migration ID.
 //
-// GitHub API docs: https://docs.github.com/en/rest/migrations/users#get-a-user-migration-status
+// GitHub API docs: https://docs.github.com/rest/migrations/users#get-a-user-migration-status
+//
+//meta:operation GET /user/migrations/{migration_id}
 func (s *MigrationService) UserMigrationStatus(ctx context.Context, id int64) (*UserMigration, *Response, error) {
 	u := fmt.Sprintf("user/migrations/%v", id)
 
@@ -148,7 +154,9 @@ func (s *MigrationService) UserMigrationStatus(ctx context.Context, id int64) (*
 // UserMigrationArchiveURL gets the URL for a specific migration archive.
 // id is the migration ID.
 //
-// GitHub API docs: https://docs.github.com/en/rest/migrations/users#download-a-user-migration-archive
+// GitHub API docs: https://docs.github.com/rest/migrations/users#download-a-user-migration-archive
+//
+//meta:operation GET /user/migrations/{migration_id}/archive
 func (s *MigrationService) UserMigrationArchiveURL(ctx context.Context, id int64) (string, error) {
 	url := fmt.Sprintf("user/migrations/%v/archive", id)
 
@@ -182,7 +190,9 @@ func (s *MigrationService) UserMigrationArchiveURL(ctx context.Context, id int64
 // DeleteUserMigration will delete a previous migration archive.
 // id is the migration ID.
 //
-// GitHub API docs: https://docs.github.com/en/rest/migrations/users#delete-a-user-migration-archive
+// GitHub API docs: https://docs.github.com/rest/migrations/users#delete-a-user-migration-archive
+//
+//meta:operation DELETE /user/migrations/{migration_id}/archive
 func (s *MigrationService) DeleteUserMigration(ctx context.Context, id int64) (*Response, error) {
 	url := fmt.Sprintf("user/migrations/%v/archive", id)
 
@@ -202,7 +212,9 @@ func (s *MigrationService) DeleteUserMigration(ctx context.Context, id int64) (*
 // You should unlock each migrated repository and delete them when the migration
 // is complete and you no longer need the source data.
 //
-// GitHub API docs: https://docs.github.com/en/rest/migrations/users#unlock-a-user-repository
+// GitHub API docs: https://docs.github.com/rest/migrations/users#unlock-a-user-repository
+//
+//meta:operation DELETE /user/migrations/{migration_id}/repos/{repo_name}/lock
 func (s *MigrationService) UnlockUserRepo(ctx context.Context, id int64, repo string) (*Response, error) {
 	url := fmt.Sprintf("user/migrations/%v/repos/%v/lock", id, repo)
 
diff --git a/vendor/github.com/google/go-github/v56/github/orgs.go b/vendor/github.com/google/go-github/v57/github/orgs.go
similarity index 91%
rename from vendor/github.com/google/go-github/v56/github/orgs.go
rename to vendor/github.com/google/go-github/v57/github/orgs.go
index 0c7e361b3fc..4d3465271b6 100644
--- a/vendor/github.com/google/go-github/v56/github/orgs.go
+++ b/vendor/github.com/google/go-github/v57/github/orgs.go
@@ -13,7 +13,7 @@ import (
 // OrganizationsService provides access to the organization related functions
 // in the GitHub API.
 //
-// GitHub API docs: https://docs.github.com/en/rest/orgs/
+// GitHub API docs: https://docs.github.com/rest/orgs/
 type OrganizationsService service
 
 // Organization represents a GitHub organization account.
@@ -148,7 +148,9 @@ type OrganizationsListOptions struct {
 // listing the next set of organizations, use the ID of the last-returned organization
 // as the opts.Since parameter for the next call.
 //
-// GitHub API docs: https://docs.github.com/en/rest/orgs/orgs#list-organizations
+// GitHub API docs: https://docs.github.com/rest/orgs/orgs#list-organizations
+//
+//meta:operation GET /organizations
 func (s *OrganizationsService) ListAll(ctx context.Context, opts *OrganizationsListOptions) ([]*Organization, *Response, error) {
 	u, err := addOptions("organizations", opts)
 	if err != nil {
@@ -171,8 +173,11 @@ func (s *OrganizationsService) ListAll(ctx context.Context, opts *OrganizationsL
 // List the organizations for a user. Passing the empty string will list
 // organizations for the authenticated user.
 //
-// GitHub API docs: https://docs.github.com/en/rest/orgs/orgs#list-organizations-for-the-authenticated-user
-// GitHub API docs: https://docs.github.com/en/rest/orgs/orgs#list-organizations-for-a-user
+// GitHub API docs: https://docs.github.com/rest/orgs/orgs#list-organizations-for-a-user
+// GitHub API docs: https://docs.github.com/rest/orgs/orgs#list-organizations-for-the-authenticated-user
+//
+//meta:operation GET /user/orgs
+//meta:operation GET /users/{username}/orgs
 func (s *OrganizationsService) List(ctx context.Context, user string, opts *ListOptions) ([]*Organization, *Response, error) {
 	var u string
 	if user != "" {
@@ -201,7 +206,9 @@ func (s *OrganizationsService) List(ctx context.Context, user string, opts *List
 
 // Get fetches an organization by name.
 //
-// GitHub API docs: https://docs.github.com/en/rest/orgs/orgs#get-an-organization
+// GitHub API docs: https://docs.github.com/rest/orgs/orgs#get-an-organization
+//
+//meta:operation GET /orgs/{org}
 func (s *OrganizationsService) Get(ctx context.Context, org string) (*Organization, *Response, error) {
 	u := fmt.Sprintf("orgs/%v", org)
 	req, err := s.client.NewRequest("GET", u, nil)
@@ -223,7 +230,9 @@ func (s *OrganizationsService) Get(ctx context.Context, org string) (*Organizati
 
 // GetByID fetches an organization.
 //
-// Note: GetByID uses the undocumented GitHub API endpoint /organizations/:id.
+// Note: GetByID uses the undocumented GitHub API endpoint "GET /organizations/{organization_id}".
+//
+//meta:operation GET /organizations/{organization_id}
 func (s *OrganizationsService) GetByID(ctx context.Context, id int64) (*Organization, *Response, error) {
 	u := fmt.Sprintf("organizations/%d", id)
 	req, err := s.client.NewRequest("GET", u, nil)
@@ -242,7 +251,9 @@ func (s *OrganizationsService) GetByID(ctx context.Context, id int64) (*Organiza
 
 // Edit an organization.
 //
-// GitHub API docs: https://docs.github.com/en/rest/orgs/orgs#update-an-organization
+// GitHub API docs: https://docs.github.com/rest/orgs/orgs#update-an-organization
+//
+//meta:operation PATCH /orgs/{org}
 func (s *OrganizationsService) Edit(ctx context.Context, name string, org *Organization) (*Organization, *Response, error) {
 	u := fmt.Sprintf("orgs/%v", name)
 	req, err := s.client.NewRequest("PATCH", u, org)
@@ -264,7 +275,9 @@ func (s *OrganizationsService) Edit(ctx context.Context, name string, org *Organ
 
 // Delete an organization by name.
 //
-// GitHub API docs: https://docs.github.com/en/rest/orgs/orgs#delete-an-organization
+// GitHub API docs: https://docs.github.com/rest/orgs/orgs#delete-an-organization
+//
+//meta:operation DELETE /orgs/{org}
 func (s *OrganizationsService) Delete(ctx context.Context, org string) (*Response, error) {
 	u := fmt.Sprintf("orgs/%v", org)
 	req, err := s.client.NewRequest("DELETE", u, nil)
@@ -277,7 +290,9 @@ func (s *OrganizationsService) Delete(ctx context.Context, org string) (*Respons
 
 // ListInstallations lists installations for an organization.
 //
-// GitHub API docs: https://docs.github.com/en/rest/orgs/orgs#list-app-installations-for-an-organization
+// GitHub API docs: https://docs.github.com/rest/orgs/orgs#list-app-installations-for-an-organization
+//
+//meta:operation GET /orgs/{org}/installations
 func (s *OrganizationsService) ListInstallations(ctx context.Context, org string, opts *ListOptions) (*OrganizationInstallations, *Response, error) {
 	u := fmt.Sprintf("orgs/%v/installations", org)
 
diff --git a/vendor/github.com/google/go-github/v56/github/orgs_actions_allowed.go b/vendor/github.com/google/go-github/v57/github/orgs_actions_allowed.go
similarity index 69%
rename from vendor/github.com/google/go-github/v56/github/orgs_actions_allowed.go
rename to vendor/github.com/google/go-github/v57/github/orgs_actions_allowed.go
index c467c11546b..b115e094a4b 100644
--- a/vendor/github.com/google/go-github/v56/github/orgs_actions_allowed.go
+++ b/vendor/github.com/google/go-github/v57/github/orgs_actions_allowed.go
@@ -11,8 +11,11 @@ import (
 
 // GetActionsAllowed gets the actions that are allowed in an organization.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/permissions#get-allowed-actions-and-reusable-workflows-for-an-organization
 // Deprecated: please use `client.Actions.GetActionsAllowed` instead.
+//
+// GitHub API docs: https://docs.github.com/rest/actions/permissions#get-allowed-actions-and-reusable-workflows-for-an-organization
+//
+//meta:operation GET /orgs/{org}/actions/permissions/selected-actions
 func (s *OrganizationsService) GetActionsAllowed(ctx context.Context, org string) (*ActionsAllowed, *Response, error) {
 	s2 := (*ActionsService)(s)
 	return s2.GetActionsAllowed(ctx, org)
@@ -20,8 +23,11 @@ func (s *OrganizationsService) GetActionsAllowed(ctx context.Context, org string
 
 // EditActionsAllowed sets the actions that are allowed in an organization.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/permissions#set-allowed-actions-and-reusable-workflows-for-an-organization
 // Deprecated: please use `client.Actions.EditActionsAllowed` instead.
+//
+// GitHub API docs: https://docs.github.com/rest/actions/permissions#set-allowed-actions-and-reusable-workflows-for-an-organization
+//
+//meta:operation PUT /orgs/{org}/actions/permissions/selected-actions
 func (s *OrganizationsService) EditActionsAllowed(ctx context.Context, org string, actionsAllowed ActionsAllowed) (*ActionsAllowed, *Response, error) {
 	s2 := (*ActionsService)(s)
 	return s2.EditActionsAllowed(ctx, org, actionsAllowed)
diff --git a/vendor/github.com/google/go-github/v56/github/orgs_actions_permissions.go b/vendor/github.com/google/go-github/v57/github/orgs_actions_permissions.go
similarity index 74%
rename from vendor/github.com/google/go-github/v56/github/orgs_actions_permissions.go
rename to vendor/github.com/google/go-github/v57/github/orgs_actions_permissions.go
index 607ffca7981..97df1c967e9 100644
--- a/vendor/github.com/google/go-github/v56/github/orgs_actions_permissions.go
+++ b/vendor/github.com/google/go-github/v57/github/orgs_actions_permissions.go
@@ -11,8 +11,11 @@ import (
 
 // GetActionsPermissions gets the GitHub Actions permissions policy for repositories and allowed actions in an organization.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/permissions#get-github-actions-permissions-for-an-organization
 // Deprecated: please use `client.Actions.GetActionsPermissions` instead.
+//
+// GitHub API docs: https://docs.github.com/rest/actions/permissions#get-github-actions-permissions-for-an-organization
+//
+//meta:operation GET /orgs/{org}/actions/permissions
 func (s *OrganizationsService) GetActionsPermissions(ctx context.Context, org string) (*ActionsPermissions, *Response, error) {
 	s2 := (*ActionsService)(s)
 	return s2.GetActionsPermissions(ctx, org)
@@ -20,8 +23,11 @@ func (s *OrganizationsService) GetActionsPermissions(ctx context.Context, org st
 
 // EditActionsPermissions sets the permissions policy for repositories and allowed actions in an organization.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/permissions#set-github-actions-permissions-for-an-organization
 // Deprecated: please use `client.Actions.EditActionsPermissions` instead.
+//
+// GitHub API docs: https://docs.github.com/rest/actions/permissions#set-github-actions-permissions-for-an-organization
+//
+//meta:operation PUT /orgs/{org}/actions/permissions
 func (s *OrganizationsService) EditActionsPermissions(ctx context.Context, org string, actionsPermissions ActionsPermissions) (*ActionsPermissions, *Response, error) {
 	s2 := (*ActionsService)(s)
 	return s2.EditActionsPermissions(ctx, org, actionsPermissions)
diff --git a/vendor/github.com/google/go-github/v56/github/orgs_audit_log.go b/vendor/github.com/google/go-github/v57/github/orgs_audit_log.go
similarity index 96%
rename from vendor/github.com/google/go-github/v56/github/orgs_audit_log.go
rename to vendor/github.com/google/go-github/v57/github/orgs_audit_log.go
index e2f8fc24ffd..e3afd3117f5 100644
--- a/vendor/github.com/google/go-github/v56/github/orgs_audit_log.go
+++ b/vendor/github.com/google/go-github/v57/github/orgs_audit_log.go
@@ -41,7 +41,7 @@ type PolicyOverrideReason struct {
 }
 
 // AuditEntry describes the fields that may be represented by various audit-log "action" entries.
-// For a list of actions see - https://docs.github.com/en/github/setting-up-and-managing-organizations-and-teams/reviewing-the-audit-log-for-your-organization#audit-log-actions
+// For a list of actions see - https://docs.github.com/github/setting-up-and-managing-organizations-and-teams/reviewing-the-audit-log-for-your-organization#audit-log-actions
 type AuditEntry struct {
 	ActorIP                  *string                 `json:"actor_ip,omitempty"`
 	Action                   *string                 `json:"action,omitempty"` // The name of the action that was performed, for example `user.login` or `repo.create`.
@@ -135,7 +135,9 @@ type AuditEntryData struct {
 
 // GetAuditLog gets the audit-log entries for an organization.
 //
-// GitHub API docs: https://docs.github.com/en/rest/orgs/orgs#get-the-audit-log-for-an-organization
+// GitHub API docs: https://docs.github.com/enterprise-cloud@latest/rest/orgs/orgs#get-the-audit-log-for-an-organization
+//
+//meta:operation GET /orgs/{org}/audit-log
 func (s *OrganizationsService) GetAuditLog(ctx context.Context, org string, opts *GetAuditLogOptions) ([]*AuditEntry, *Response, error) {
 	u := fmt.Sprintf("orgs/%v/audit-log", org)
 	u, err := addOptions(u, opts)
diff --git a/vendor/github.com/google/go-github/v56/github/orgs_credential_authorizations.go b/vendor/github.com/google/go-github/v57/github/orgs_credential_authorizations.go
similarity index 88%
rename from vendor/github.com/google/go-github/v56/github/orgs_credential_authorizations.go
rename to vendor/github.com/google/go-github/v57/github/orgs_credential_authorizations.go
index 6d56fe8f79a..eed0f0c66e0 100644
--- a/vendor/github.com/google/go-github/v56/github/orgs_credential_authorizations.go
+++ b/vendor/github.com/google/go-github/v57/github/orgs_credential_authorizations.go
@@ -58,7 +58,9 @@ type CredentialAuthorization struct {
 // ListCredentialAuthorizations lists credentials authorized through SAML SSO
 // for a given organization. Only available with GitHub Enterprise Cloud.
 //
-// GitHub API docs: https://docs.github.com/en/enterprise-cloud@latest/rest/orgs/orgs?apiVersion=2022-11-28#list-saml-sso-authorizations-for-an-organization
+// GitHub API docs: https://docs.github.com/enterprise-cloud@latest/rest/orgs/orgs#list-saml-sso-authorizations-for-an-organization
+//
+//meta:operation GET /orgs/{org}/credential-authorizations
 func (s *OrganizationsService) ListCredentialAuthorizations(ctx context.Context, org string, opts *ListOptions) ([]*CredentialAuthorization, *Response, error) {
 	u := fmt.Sprintf("orgs/%v/credential-authorizations", org)
 	u, err := addOptions(u, opts)
@@ -83,7 +85,9 @@ func (s *OrganizationsService) ListCredentialAuthorizations(ctx context.Context,
 // RemoveCredentialAuthorization revokes the SAML SSO authorization for a given
 // credential within an organization. Only available with GitHub Enterprise Cloud.
 //
-// GitHub API docs: https://docs.github.com/en/enterprise-cloud@latest/rest/orgs/orgs?apiVersion=2022-11-28#remove-a-saml-sso-authorization-for-an-organization
+// GitHub API docs: https://docs.github.com/enterprise-cloud@latest/rest/orgs/orgs#remove-a-saml-sso-authorization-for-an-organization
+//
+//meta:operation DELETE /orgs/{org}/credential-authorizations/{credential_id}
 func (s *OrganizationsService) RemoveCredentialAuthorization(ctx context.Context, org string, credentialID int64) (*Response, error) {
 	u := fmt.Sprintf("orgs/%v/credential-authorizations/%v", org, credentialID)
 	req, err := s.client.NewRequest(http.MethodDelete, u, nil)
diff --git a/vendor/github.com/google/go-github/v56/github/orgs_custom_roles.go b/vendor/github.com/google/go-github/v57/github/orgs_custom_roles.go
similarity index 80%
rename from vendor/github.com/google/go-github/v56/github/orgs_custom_roles.go
rename to vendor/github.com/google/go-github/v57/github/orgs_custom_roles.go
index 7c1b2d6292d..45de896a2f9 100644
--- a/vendor/github.com/google/go-github/v56/github/orgs_custom_roles.go
+++ b/vendor/github.com/google/go-github/v57/github/orgs_custom_roles.go
@@ -17,7 +17,7 @@ type OrganizationCustomRepoRoles struct {
 }
 
 // CustomRepoRoles represents custom repository roles for an organization.
-// See https://docs.github.com/en/enterprise-cloud@latest/organizations/managing-peoples-access-to-your-organization-with-roles/managing-custom-repository-roles-for-an-organization
+// See https://docs.github.com/enterprise-cloud@latest/organizations/managing-peoples-access-to-your-organization-with-roles/managing-custom-repository-roles-for-an-organization
 // for more information.
 type CustomRepoRoles struct {
 	ID          *int64   `json:"id,omitempty"`
@@ -30,7 +30,9 @@ type CustomRepoRoles struct {
 // ListCustomRepoRoles lists the custom repository roles available in this organization.
 // In order to see custom repository roles in an organization, the authenticated user must be an organization owner.
 //
-// GitHub API docs: https://docs.github.com/en/rest/orgs/custom-roles#list-custom-repository-roles-in-an-organization
+// GitHub API docs: https://docs.github.com/enterprise-cloud@latest/rest/orgs/custom-roles#list-custom-repository-roles-in-an-organization
+//
+//meta:operation GET /orgs/{org}/custom-repository-roles
 func (s *OrganizationsService) ListCustomRepoRoles(ctx context.Context, org string) (*OrganizationCustomRepoRoles, *Response, error) {
 	u := fmt.Sprintf("orgs/%v/custom-repository-roles", org)
 
@@ -59,7 +61,9 @@ type CreateOrUpdateCustomRoleOptions struct {
 // CreateCustomRepoRole creates a custom repository role in this organization.
 // In order to create custom repository roles in an organization, the authenticated user must be an organization owner.
 //
-// GitHub API docs: https://docs.github.com/en/rest/orgs/custom-roles#create-a-custom-repository-role
+// GitHub API docs: https://docs.github.com/enterprise-cloud@latest/rest/orgs/custom-roles#create-a-custom-repository-role
+//
+//meta:operation POST /orgs/{org}/custom-repository-roles
 func (s *OrganizationsService) CreateCustomRepoRole(ctx context.Context, org string, opts *CreateOrUpdateCustomRoleOptions) (*CustomRepoRoles, *Response, error) {
 	u := fmt.Sprintf("orgs/%v/custom-repository-roles", org)
 
@@ -80,7 +84,9 @@ func (s *OrganizationsService) CreateCustomRepoRole(ctx context.Context, org str
 // UpdateCustomRepoRole updates a custom repository role in this organization.
 // In order to update custom repository roles in an organization, the authenticated user must be an organization owner.
 //
-// GitHub API docs: https://docs.github.com/en/rest/orgs/custom-roles#update-a-custom-repository-role
+// GitHub API docs: https://docs.github.com/enterprise-cloud@latest/rest/orgs/custom-roles#update-a-custom-repository-role
+//
+//meta:operation PATCH /orgs/{org}/custom-repository-roles/{role_id}
 func (s *OrganizationsService) UpdateCustomRepoRole(ctx context.Context, org, roleID string, opts *CreateOrUpdateCustomRoleOptions) (*CustomRepoRoles, *Response, error) {
 	u := fmt.Sprintf("orgs/%v/custom-repository-roles/%v", org, roleID)
 
@@ -101,7 +107,9 @@ func (s *OrganizationsService) UpdateCustomRepoRole(ctx context.Context, org, ro
 // DeleteCustomRepoRole deletes an existing custom repository role in this organization.
 // In order to delete custom repository roles in an organization, the authenticated user must be an organization owner.
 //
-// GitHub API docs: https://docs.github.com/en/rest/orgs/custom-roles#delete-a-custom-repository-role
+// GitHub API docs: https://docs.github.com/enterprise-cloud@latest/rest/orgs/custom-roles#delete-a-custom-repository-role
+//
+//meta:operation DELETE /orgs/{org}/custom-repository-roles/{role_id}
 func (s *OrganizationsService) DeleteCustomRepoRole(ctx context.Context, org, roleID string) (*Response, error) {
 	u := fmt.Sprintf("orgs/%v/custom-repository-roles/%v", org, roleID)
 
diff --git a/vendor/github.com/google/go-github/v56/github/orgs_hooks.go b/vendor/github.com/google/go-github/v57/github/orgs_hooks.go
similarity index 77%
rename from vendor/github.com/google/go-github/v56/github/orgs_hooks.go
rename to vendor/github.com/google/go-github/v57/github/orgs_hooks.go
index c0dd51e24e3..c2eef77c92e 100644
--- a/vendor/github.com/google/go-github/v56/github/orgs_hooks.go
+++ b/vendor/github.com/google/go-github/v57/github/orgs_hooks.go
@@ -12,7 +12,9 @@ import (
 
 // ListHooks lists all Hooks for the specified organization.
 //
-// GitHub API docs: https://docs.github.com/en/rest/orgs/webhooks#list-organization-webhooks
+// GitHub API docs: https://docs.github.com/rest/orgs/webhooks#list-organization-webhooks
+//
+//meta:operation GET /orgs/{org}/hooks
 func (s *OrganizationsService) ListHooks(ctx context.Context, org string, opts *ListOptions) ([]*Hook, *Response, error) {
 	u := fmt.Sprintf("orgs/%v/hooks", org)
 	u, err := addOptions(u, opts)
@@ -36,7 +38,9 @@ func (s *OrganizationsService) ListHooks(ctx context.Context, org string, opts *
 
 // GetHook returns a single specified Hook.
 //
-// GitHub API docs: https://docs.github.com/en/rest/orgs/webhooks#get-an-organization-webhook
+// GitHub API docs: https://docs.github.com/rest/orgs/webhooks#get-an-organization-webhook
+//
+//meta:operation GET /orgs/{org}/hooks/{hook_id}
 func (s *OrganizationsService) GetHook(ctx context.Context, org string, id int64) (*Hook, *Response, error) {
 	u := fmt.Sprintf("orgs/%v/hooks/%d", org, id)
 	req, err := s.client.NewRequest("GET", u, nil)
@@ -59,7 +63,9 @@ func (s *OrganizationsService) GetHook(ctx context.Context, org string, id int64
 // Note that only a subset of the hook fields are used and hook must
 // not be nil.
 //
-// GitHub API docs: https://docs.github.com/en/rest/orgs/webhooks#create-an-organization-webhook
+// GitHub API docs: https://docs.github.com/rest/orgs/webhooks#create-an-organization-webhook
+//
+//meta:operation POST /orgs/{org}/hooks
 func (s *OrganizationsService) CreateHook(ctx context.Context, org string, hook *Hook) (*Hook, *Response, error) {
 	u := fmt.Sprintf("orgs/%v/hooks", org)
 
@@ -86,7 +92,9 @@ func (s *OrganizationsService) CreateHook(ctx context.Context, org string, hook
 
 // EditHook updates a specified Hook.
 //
-// GitHub API docs: https://docs.github.com/en/rest/orgs/webhooks#update-an-organization-webhook
+// GitHub API docs: https://docs.github.com/rest/orgs/webhooks#update-an-organization-webhook
+//
+//meta:operation PATCH /orgs/{org}/hooks/{hook_id}
 func (s *OrganizationsService) EditHook(ctx context.Context, org string, id int64, hook *Hook) (*Hook, *Response, error) {
 	u := fmt.Sprintf("orgs/%v/hooks/%d", org, id)
 	req, err := s.client.NewRequest("PATCH", u, hook)
@@ -105,7 +113,9 @@ func (s *OrganizationsService) EditHook(ctx context.Context, org string, id int6
 
 // PingHook triggers a 'ping' event to be sent to the Hook.
 //
-// GitHub API docs: https://docs.github.com/en/rest/orgs/webhooks#ping-an-organization-webhook
+// GitHub API docs: https://docs.github.com/rest/orgs/webhooks#ping-an-organization-webhook
+//
+//meta:operation POST /orgs/{org}/hooks/{hook_id}/pings
 func (s *OrganizationsService) PingHook(ctx context.Context, org string, id int64) (*Response, error) {
 	u := fmt.Sprintf("orgs/%v/hooks/%d/pings", org, id)
 	req, err := s.client.NewRequest("POST", u, nil)
@@ -118,7 +128,9 @@ func (s *OrganizationsService) PingHook(ctx context.Context, org string, id int6
 
 // DeleteHook deletes a specified Hook.
 //
-// GitHub API docs: https://docs.github.com/en/rest/orgs/webhooks#delete-an-organization-webhook
+// GitHub API docs: https://docs.github.com/rest/orgs/webhooks#delete-an-organization-webhook
+//
+//meta:operation DELETE /orgs/{org}/hooks/{hook_id}
 func (s *OrganizationsService) DeleteHook(ctx context.Context, org string, id int64) (*Response, error) {
 	u := fmt.Sprintf("orgs/%v/hooks/%d", org, id)
 	req, err := s.client.NewRequest("DELETE", u, nil)
diff --git a/vendor/github.com/google/go-github/v56/github/orgs_hooks_configuration.go b/vendor/github.com/google/go-github/v57/github/orgs_hooks_configuration.go
similarity index 78%
rename from vendor/github.com/google/go-github/v56/github/orgs_hooks_configuration.go
rename to vendor/github.com/google/go-github/v57/github/orgs_hooks_configuration.go
index 953a2329c36..aeb616fc4c7 100644
--- a/vendor/github.com/google/go-github/v56/github/orgs_hooks_configuration.go
+++ b/vendor/github.com/google/go-github/v57/github/orgs_hooks_configuration.go
@@ -12,7 +12,9 @@ import (
 
 // GetHookConfiguration returns the configuration for the specified organization webhook.
 //
-// GitHub API docs: https://docs.github.com/en/rest/orgs/webhooks?apiVersion=2022-11-28#get-a-webhook-configuration-for-an-organization
+// GitHub API docs: https://docs.github.com/rest/orgs/webhooks#get-a-webhook-configuration-for-an-organization
+//
+//meta:operation GET /orgs/{org}/hooks/{hook_id}/config
 func (s *OrganizationsService) GetHookConfiguration(ctx context.Context, org string, id int64) (*HookConfig, *Response, error) {
 	u := fmt.Sprintf("orgs/%v/hooks/%v/config", org, id)
 	req, err := s.client.NewRequest("GET", u, nil)
@@ -31,7 +33,9 @@ func (s *OrganizationsService) GetHookConfiguration(ctx context.Context, org str
 
 // EditHookConfiguration updates the configuration for the specified organization webhook.
 //
-// GitHub API docs: https://docs.github.com/en/rest/orgs/webhooks?apiVersion=2022-11-28#update-a-webhook-configuration-for-an-organization
+// GitHub API docs: https://docs.github.com/rest/orgs/webhooks#update-a-webhook-configuration-for-an-organization
+//
+//meta:operation PATCH /orgs/{org}/hooks/{hook_id}/config
 func (s *OrganizationsService) EditHookConfiguration(ctx context.Context, org string, id int64, config *HookConfig) (*HookConfig, *Response, error) {
 	u := fmt.Sprintf("orgs/%v/hooks/%v/config", org, id)
 	req, err := s.client.NewRequest("PATCH", u, config)
diff --git a/vendor/github.com/google/go-github/v56/github/orgs_hooks_deliveries.go b/vendor/github.com/google/go-github/v57/github/orgs_hooks_deliveries.go
similarity index 77%
rename from vendor/github.com/google/go-github/v56/github/orgs_hooks_deliveries.go
rename to vendor/github.com/google/go-github/v57/github/orgs_hooks_deliveries.go
index 1bfad409ea5..c1c30124028 100644
--- a/vendor/github.com/google/go-github/v56/github/orgs_hooks_deliveries.go
+++ b/vendor/github.com/google/go-github/v57/github/orgs_hooks_deliveries.go
@@ -12,7 +12,9 @@ import (
 
 // ListHookDeliveries lists webhook deliveries for a webhook configured in an organization.
 //
-// GitHub API docs: https://docs.github.com/en/rest/orgs/webhooks#list-deliveries-for-an-organization-webhook
+// GitHub API docs: https://docs.github.com/rest/orgs/webhooks#list-deliveries-for-an-organization-webhook
+//
+//meta:operation GET /orgs/{org}/hooks/{hook_id}/deliveries
 func (s *OrganizationsService) ListHookDeliveries(ctx context.Context, org string, id int64, opts *ListCursorOptions) ([]*HookDelivery, *Response, error) {
 	u := fmt.Sprintf("orgs/%v/hooks/%v/deliveries", org, id)
 	u, err := addOptions(u, opts)
@@ -36,7 +38,9 @@ func (s *OrganizationsService) ListHookDeliveries(ctx context.Context, org strin
 
 // GetHookDelivery returns a delivery for a webhook configured in an organization.
 //
-// GitHub API docs: https://docs.github.com/en/rest/orgs/webhooks#get-a-webhook-delivery-for-an-organization-webhook
+// GitHub API docs: https://docs.github.com/rest/orgs/webhooks#get-a-webhook-delivery-for-an-organization-webhook
+//
+//meta:operation GET /orgs/{org}/hooks/{hook_id}/deliveries/{delivery_id}
 func (s *OrganizationsService) GetHookDelivery(ctx context.Context, owner string, hookID, deliveryID int64) (*HookDelivery, *Response, error) {
 	u := fmt.Sprintf("orgs/%v/hooks/%v/deliveries/%v", owner, hookID, deliveryID)
 	req, err := s.client.NewRequest("GET", u, nil)
@@ -55,7 +59,9 @@ func (s *OrganizationsService) GetHookDelivery(ctx context.Context, owner string
 
 // RedeliverHookDelivery redelivers a delivery for a webhook configured in an organization.
 //
-// GitHub API docs: https://docs.github.com/en/rest/orgs/webhooks#redeliver-a-delivery-for-an-organization-webhook
+// GitHub API docs: https://docs.github.com/rest/orgs/webhooks#redeliver-a-delivery-for-an-organization-webhook
+//
+//meta:operation POST /orgs/{org}/hooks/{hook_id}/deliveries/{delivery_id}/attempts
 func (s *OrganizationsService) RedeliverHookDelivery(ctx context.Context, owner string, hookID, deliveryID int64) (*HookDelivery, *Response, error) {
 	u := fmt.Sprintf("orgs/%v/hooks/%v/deliveries/%v/attempts", owner, hookID, deliveryID)
 	req, err := s.client.NewRequest("POST", u, nil)
diff --git a/vendor/github.com/google/go-github/v56/github/orgs_members.go b/vendor/github.com/google/go-github/v57/github/orgs_members.go
similarity index 80%
rename from vendor/github.com/google/go-github/v56/github/orgs_members.go
rename to vendor/github.com/google/go-github/v57/github/orgs_members.go
index 79f8a653333..5bc23657fcd 100644
--- a/vendor/github.com/google/go-github/v56/github/orgs_members.go
+++ b/vendor/github.com/google/go-github/v57/github/orgs_members.go
@@ -71,8 +71,11 @@ type ListMembersOptions struct {
 // user is an owner of the organization, this will return both concealed and
 // public members, otherwise it will only return public members.
 //
-// GitHub API docs: https://docs.github.com/en/rest/orgs/members#list-organization-members
-// GitHub API docs: https://docs.github.com/en/rest/orgs/members#list-public-organization-members
+// GitHub API docs: https://docs.github.com/rest/orgs/members#list-organization-members
+// GitHub API docs: https://docs.github.com/rest/orgs/members#list-public-organization-members
+//
+//meta:operation GET /orgs/{org}/members
+//meta:operation GET /orgs/{org}/public_members
 func (s *OrganizationsService) ListMembers(ctx context.Context, org string, opts *ListMembersOptions) ([]*User, *Response, error) {
 	var u string
 	if opts != nil && opts.PublicOnly {
@@ -101,7 +104,9 @@ func (s *OrganizationsService) ListMembers(ctx context.Context, org string, opts
 
 // IsMember checks if a user is a member of an organization.
 //
-// GitHub API docs: https://docs.github.com/en/rest/orgs/members#check-organization-membership-for-a-user
+// GitHub API docs: https://docs.github.com/rest/orgs/members#check-organization-membership-for-a-user
+//
+//meta:operation GET /orgs/{org}/members/{username}
 func (s *OrganizationsService) IsMember(ctx context.Context, org, user string) (bool, *Response, error) {
 	u := fmt.Sprintf("orgs/%v/members/%v", org, user)
 	req, err := s.client.NewRequest("GET", u, nil)
@@ -116,7 +121,9 @@ func (s *OrganizationsService) IsMember(ctx context.Context, org, user string) (
 
 // IsPublicMember checks if a user is a public member of an organization.
 //
-// GitHub API docs: https://docs.github.com/en/rest/orgs/members#check-public-organization-membership-for-a-user
+// GitHub API docs: https://docs.github.com/rest/orgs/members#check-public-organization-membership-for-a-user
+//
+//meta:operation GET /orgs/{org}/public_members/{username}
 func (s *OrganizationsService) IsPublicMember(ctx context.Context, org, user string) (bool, *Response, error) {
 	u := fmt.Sprintf("orgs/%v/public_members/%v", org, user)
 	req, err := s.client.NewRequest("GET", u, nil)
@@ -131,7 +138,9 @@ func (s *OrganizationsService) IsPublicMember(ctx context.Context, org, user str
 
 // RemoveMember removes a user from all teams of an organization.
 //
-// GitHub API docs: https://docs.github.com/en/rest/orgs/members#remove-an-organization-member
+// GitHub API docs: https://docs.github.com/rest/orgs/members#remove-an-organization-member
+//
+//meta:operation DELETE /orgs/{org}/members/{username}
 func (s *OrganizationsService) RemoveMember(ctx context.Context, org, user string) (*Response, error) {
 	u := fmt.Sprintf("orgs/%v/members/%v", org, user)
 	req, err := s.client.NewRequest("DELETE", u, nil)
@@ -145,7 +154,9 @@ func (s *OrganizationsService) RemoveMember(ctx context.Context, org, user strin
 // PublicizeMembership publicizes a user's membership in an organization. (A
 // user cannot publicize the membership for another user.)
 //
-// GitHub API docs: https://docs.github.com/en/rest/orgs/members#set-public-organization-membership-for-the-authenticated-user
+// GitHub API docs: https://docs.github.com/rest/orgs/members#set-public-organization-membership-for-the-authenticated-user
+//
+//meta:operation PUT /orgs/{org}/public_members/{username}
 func (s *OrganizationsService) PublicizeMembership(ctx context.Context, org, user string) (*Response, error) {
 	u := fmt.Sprintf("orgs/%v/public_members/%v", org, user)
 	req, err := s.client.NewRequest("PUT", u, nil)
@@ -158,7 +169,9 @@ func (s *OrganizationsService) PublicizeMembership(ctx context.Context, org, use
 
 // ConcealMembership conceals a user's membership in an organization.
 //
-// GitHub API docs: https://docs.github.com/en/rest/orgs/members#remove-public-organization-membership-for-the-authenticated-user
+// GitHub API docs: https://docs.github.com/rest/orgs/members#remove-public-organization-membership-for-the-authenticated-user
+//
+//meta:operation DELETE /orgs/{org}/public_members/{username}
 func (s *OrganizationsService) ConcealMembership(ctx context.Context, org, user string) (*Response, error) {
 	u := fmt.Sprintf("orgs/%v/public_members/%v", org, user)
 	req, err := s.client.NewRequest("DELETE", u, nil)
@@ -181,7 +194,9 @@ type ListOrgMembershipsOptions struct {
 
 // ListOrgMemberships lists the organization memberships for the authenticated user.
 //
-// GitHub API docs: https://docs.github.com/en/rest/orgs/members#list-organization-memberships-for-the-authenticated-user
+// GitHub API docs: https://docs.github.com/rest/orgs/members#list-organization-memberships-for-the-authenticated-user
+//
+//meta:operation GET /user/memberships/orgs
 func (s *OrganizationsService) ListOrgMemberships(ctx context.Context, opts *ListOrgMembershipsOptions) ([]*Membership, *Response, error) {
 	u := "user/memberships/orgs"
 	u, err := addOptions(u, opts)
@@ -207,8 +222,11 @@ func (s *OrganizationsService) ListOrgMemberships(ctx context.Context, opts *Lis
 // Passing an empty string for user will get the membership for the
 // authenticated user.
 //
-// GitHub API docs: https://docs.github.com/en/rest/orgs/members#get-an-organization-membership-for-the-authenticated-user
-// GitHub API docs: https://docs.github.com/en/rest/orgs/members#get-organization-membership-for-a-user
+// GitHub API docs: https://docs.github.com/rest/orgs/members#get-an-organization-membership-for-the-authenticated-user
+// GitHub API docs: https://docs.github.com/rest/orgs/members#get-organization-membership-for-a-user
+//
+//meta:operation GET /orgs/{org}/memberships/{username}
+//meta:operation GET /user/memberships/orgs/{org}
 func (s *OrganizationsService) GetOrgMembership(ctx context.Context, user, org string) (*Membership, *Response, error) {
 	var u string
 	if user != "" {
@@ -235,8 +253,11 @@ func (s *OrganizationsService) GetOrgMembership(ctx context.Context, user, org s
 // Passing an empty string for user will edit the membership for the
 // authenticated user.
 //
-// GitHub API docs: https://docs.github.com/en/rest/orgs/members#update-an-organization-membership-for-the-authenticated-user
-// GitHub API docs: https://docs.github.com/en/rest/orgs/members#set-organization-membership-for-a-user
+// GitHub API docs: https://docs.github.com/rest/orgs/members#set-organization-membership-for-a-user
+// GitHub API docs: https://docs.github.com/rest/orgs/members#update-an-organization-membership-for-the-authenticated-user
+//
+//meta:operation PUT /orgs/{org}/memberships/{username}
+//meta:operation PATCH /user/memberships/orgs/{org}
 func (s *OrganizationsService) EditOrgMembership(ctx context.Context, user, org string, membership *Membership) (*Membership, *Response, error) {
 	var u, method string
 	if user != "" {
@@ -264,7 +285,9 @@ func (s *OrganizationsService) EditOrgMembership(ctx context.Context, user, org
 // RemoveOrgMembership removes user from the specified organization. If the
 // user has been invited to the organization, this will cancel their invitation.
 //
-// GitHub API docs: https://docs.github.com/en/rest/orgs/members#remove-organization-membership-for-a-user
+// GitHub API docs: https://docs.github.com/rest/orgs/members#remove-organization-membership-for-a-user
+//
+//meta:operation DELETE /orgs/{org}/memberships/{username}
 func (s *OrganizationsService) RemoveOrgMembership(ctx context.Context, user, org string) (*Response, error) {
 	u := fmt.Sprintf("orgs/%v/memberships/%v", org, user)
 	req, err := s.client.NewRequest("DELETE", u, nil)
@@ -277,7 +300,9 @@ func (s *OrganizationsService) RemoveOrgMembership(ctx context.Context, user, or
 
 // ListPendingOrgInvitations returns a list of pending invitations.
 //
-// GitHub API docs: https://docs.github.com/en/rest/orgs/members#list-pending-organization-invitations
+// GitHub API docs: https://docs.github.com/rest/orgs/members#list-pending-organization-invitations
+//
+//meta:operation GET /orgs/{org}/invitations
 func (s *OrganizationsService) ListPendingOrgInvitations(ctx context.Context, org string, opts *ListOptions) ([]*Invitation, *Response, error) {
 	u := fmt.Sprintf("orgs/%v/invitations", org)
 	u, err := addOptions(u, opts)
@@ -323,7 +348,9 @@ type CreateOrgInvitationOptions struct {
 // In order to create invitations in an organization,
 // the authenticated user must be an organization owner.
 //
-// GitHub API docs: https://docs.github.com/en/rest/orgs/members#create-an-organization-invitation
+// GitHub API docs: https://docs.github.com/rest/orgs/members#create-an-organization-invitation
+//
+//meta:operation POST /orgs/{org}/invitations
 func (s *OrganizationsService) CreateOrgInvitation(ctx context.Context, org string, opts *CreateOrgInvitationOptions) (*Invitation, *Response, error) {
 	u := fmt.Sprintf("orgs/%v/invitations", org)
 
@@ -344,7 +371,9 @@ func (s *OrganizationsService) CreateOrgInvitation(ctx context.Context, org stri
 // ListOrgInvitationTeams lists all teams associated with an invitation. In order to see invitations in an organization,
 // the authenticated user must be an organization owner.
 //
-// GitHub API docs: https://docs.github.com/en/rest/orgs/members#list-organization-invitation-teams
+// GitHub API docs: https://docs.github.com/rest/orgs/members#list-organization-invitation-teams
+//
+//meta:operation GET /orgs/{org}/invitations/{invitation_id}/teams
 func (s *OrganizationsService) ListOrgInvitationTeams(ctx context.Context, org, invitationID string, opts *ListOptions) ([]*Team, *Response, error) {
 	u := fmt.Sprintf("orgs/%v/invitations/%v/teams", org, invitationID)
 	u, err := addOptions(u, opts)
@@ -368,7 +397,9 @@ func (s *OrganizationsService) ListOrgInvitationTeams(ctx context.Context, org,
 
 // ListFailedOrgInvitations returns a list of failed inviatations.
 //
-// GitHub API docs: https://docs.github.com/en/rest/orgs/members#list-failed-organization-invitations
+// GitHub API docs: https://docs.github.com/rest/orgs/members#list-failed-organization-invitations
+//
+//meta:operation GET /orgs/{org}/failed_invitations
 func (s *OrganizationsService) ListFailedOrgInvitations(ctx context.Context, org string, opts *ListOptions) ([]*Invitation, *Response, error) {
 	u := fmt.Sprintf("orgs/%v/failed_invitations", org)
 	u, err := addOptions(u, opts)
diff --git a/vendor/github.com/google/go-github/v56/github/orgs_outside_collaborators.go b/vendor/github.com/google/go-github/v57/github/orgs_outside_collaborators.go
similarity index 81%
rename from vendor/github.com/google/go-github/v56/github/orgs_outside_collaborators.go
rename to vendor/github.com/google/go-github/v57/github/orgs_outside_collaborators.go
index 506a4946034..56034d72602 100644
--- a/vendor/github.com/google/go-github/v56/github/orgs_outside_collaborators.go
+++ b/vendor/github.com/google/go-github/v57/github/orgs_outside_collaborators.go
@@ -27,7 +27,9 @@ type ListOutsideCollaboratorsOptions struct {
 // Warning: The API may change without advance notice during the preview period.
 // Preview features are not supported for production use.
 //
-// GitHub API docs: https://docs.github.com/en/rest/orgs/outside-collaborators#list-outside-collaborators-for-an-organization
+// GitHub API docs: https://docs.github.com/rest/orgs/outside-collaborators#list-outside-collaborators-for-an-organization
+//
+//meta:operation GET /orgs/{org}/outside_collaborators
 func (s *OrganizationsService) ListOutsideCollaborators(ctx context.Context, org string, opts *ListOutsideCollaboratorsOptions) ([]*User, *Response, error) {
 	u := fmt.Sprintf("orgs/%v/outside_collaborators", org)
 	u, err := addOptions(u, opts)
@@ -52,7 +54,9 @@ func (s *OrganizationsService) ListOutsideCollaborators(ctx context.Context, org
 // RemoveOutsideCollaborator removes a user from the list of outside collaborators;
 // consequently, removing them from all the organization's repositories.
 //
-// GitHub API docs: https://docs.github.com/en/rest/orgs/outside-collaborators#remove-outside-collaborator-from-an-organization
+// GitHub API docs: https://docs.github.com/rest/orgs/outside-collaborators#remove-outside-collaborator-from-an-organization
+//
+//meta:operation DELETE /orgs/{org}/outside_collaborators/{username}
 func (s *OrganizationsService) RemoveOutsideCollaborator(ctx context.Context, org string, user string) (*Response, error) {
 	u := fmt.Sprintf("orgs/%v/outside_collaborators/%v", org, user)
 	req, err := s.client.NewRequest("DELETE", u, nil)
@@ -69,7 +73,9 @@ func (s *OrganizationsService) RemoveOutsideCollaborator(ctx context.Context, or
 // Responses for converting a non-member or the last owner to an outside collaborator
 // are listed in GitHub API docs.
 //
-// GitHub API docs: https://docs.github.com/en/rest/orgs/outside-collaborators#convert-an-organization-member-to-outside-collaborator
+// GitHub API docs: https://docs.github.com/rest/orgs/outside-collaborators#convert-an-organization-member-to-outside-collaborator
+//
+//meta:operation PUT /orgs/{org}/outside_collaborators/{username}
 func (s *OrganizationsService) ConvertMemberToOutsideCollaborator(ctx context.Context, org string, user string) (*Response, error) {
 	u := fmt.Sprintf("orgs/%v/outside_collaborators/%v", org, user)
 	req, err := s.client.NewRequest("PUT", u, nil)
diff --git a/vendor/github.com/google/go-github/v56/github/orgs_packages.go b/vendor/github.com/google/go-github/v57/github/orgs_packages.go
similarity index 64%
rename from vendor/github.com/google/go-github/v56/github/orgs_packages.go
rename to vendor/github.com/google/go-github/v57/github/orgs_packages.go
index 0ae68aaa369..4fb9a63b428 100644
--- a/vendor/github.com/google/go-github/v56/github/orgs_packages.go
+++ b/vendor/github.com/google/go-github/v57/github/orgs_packages.go
@@ -10,9 +10,11 @@ import (
 	"fmt"
 )
 
-// List the packages for an organization.
+// ListPackages lists the packages for an organization.
 //
-// GitHub API docs: https://docs.github.com/en/rest/packages#list-packages-for-an-organization
+// GitHub API docs: https://docs.github.com/rest/packages/packages#list-packages-for-an-organization
+//
+//meta:operation GET /orgs/{org}/packages
 func (s *OrganizationsService) ListPackages(ctx context.Context, org string, opts *PackageListOptions) ([]*Package, *Response, error) {
 	u := fmt.Sprintf("orgs/%v/packages", org)
 	u, err := addOptions(u, opts)
@@ -34,9 +36,11 @@ func (s *OrganizationsService) ListPackages(ctx context.Context, org string, opt
 	return packages, resp, nil
 }
 
-// Get a package by name from an organization.
+// GetPackage gets a package by name from an organization.
+//
+// GitHub API docs: https://docs.github.com/rest/packages/packages#get-a-package-for-an-organization
 //
-// GitHub API docs: https://docs.github.com/en/rest/packages#get-a-package-for-an-organization
+//meta:operation GET /orgs/{org}/packages/{package_type}/{package_name}
 func (s *OrganizationsService) GetPackage(ctx context.Context, org, packageType, packageName string) (*Package, *Response, error) {
 	u := fmt.Sprintf("orgs/%v/packages/%v/%v", org, packageType, packageName)
 	req, err := s.client.NewRequest("GET", u, nil)
@@ -53,9 +57,11 @@ func (s *OrganizationsService) GetPackage(ctx context.Context, org, packageType,
 	return pack, resp, nil
 }
 
-// Delete a package from an organization.
+// DeletePackage deletes a package from an organization.
 //
-// GitHub API docs: https://docs.github.com/en/rest/packages#delete-a-package-for-an-organization
+// GitHub API docs: https://docs.github.com/rest/packages/packages#delete-a-package-for-an-organization
+//
+//meta:operation DELETE /orgs/{org}/packages/{package_type}/{package_name}
 func (s *OrganizationsService) DeletePackage(ctx context.Context, org, packageType, packageName string) (*Response, error) {
 	u := fmt.Sprintf("orgs/%v/packages/%v/%v", org, packageType, packageName)
 	req, err := s.client.NewRequest("DELETE", u, nil)
@@ -66,9 +72,11 @@ func (s *OrganizationsService) DeletePackage(ctx context.Context, org, packageTy
 	return s.client.Do(ctx, req, nil)
 }
 
-// Restore a package to an organization.
+// RestorePackage restores a package to an organization.
+//
+// GitHub API docs: https://docs.github.com/rest/packages/packages#restore-a-package-for-an-organization
 //
-// GitHub API docs: https://docs.github.com/en/rest/packages#restore-a-package-for-an-organization
+//meta:operation POST /orgs/{org}/packages/{package_type}/{package_name}/restore
 func (s *OrganizationsService) RestorePackage(ctx context.Context, org, packageType, packageName string) (*Response, error) {
 	u := fmt.Sprintf("orgs/%v/packages/%v/%v/restore", org, packageType, packageName)
 	req, err := s.client.NewRequest("POST", u, nil)
@@ -79,9 +87,11 @@ func (s *OrganizationsService) RestorePackage(ctx context.Context, org, packageT
 	return s.client.Do(ctx, req, nil)
 }
 
-// Get all versions of a package in an organization.
+// PackageGetAllVersions gets all versions of a package in an organization.
 //
-// GitHub API docs: https://docs.github.com/en/rest/packages#list-package-versions-for-a-package-owned-by-an-organization
+// GitHub API docs: https://docs.github.com/rest/packages/packages#list-package-versions-for-a-package-owned-by-an-organization
+//
+//meta:operation GET /orgs/{org}/packages/{package_type}/{package_name}/versions
 func (s *OrganizationsService) PackageGetAllVersions(ctx context.Context, org, packageType, packageName string, opts *PackageListOptions) ([]*PackageVersion, *Response, error) {
 	u := fmt.Sprintf("orgs/%v/packages/%v/%v/versions", org, packageType, packageName)
 	u, err := addOptions(u, opts)
@@ -103,9 +113,11 @@ func (s *OrganizationsService) PackageGetAllVersions(ctx context.Context, org, p
 	return versions, resp, nil
 }
 
-// Get a specific version of a package in an organization.
+// PackageGetVersion gets a specific version of a package in an organization.
+//
+// GitHub API docs: https://docs.github.com/rest/packages/packages#get-a-package-version-for-an-organization
 //
-// GitHub API docs: https://docs.github.com/en/rest/packages#get-a-package-version-for-an-organization
+//meta:operation GET /orgs/{org}/packages/{package_type}/{package_name}/versions/{package_version_id}
 func (s *OrganizationsService) PackageGetVersion(ctx context.Context, org, packageType, packageName string, packageVersionID int64) (*PackageVersion, *Response, error) {
 	u := fmt.Sprintf("orgs/%v/packages/%v/%v/versions/%v", org, packageType, packageName, packageVersionID)
 	req, err := s.client.NewRequest("GET", u, nil)
@@ -122,9 +134,11 @@ func (s *OrganizationsService) PackageGetVersion(ctx context.Context, org, packa
 	return version, resp, nil
 }
 
-// Delete a package version from an organization.
+// PackageDeleteVersion deletes a package version from an organization.
 //
-// GitHub API docs: https://docs.github.com/en/rest/packages#delete-package-version-for-an-organization
+// GitHub API docs: https://docs.github.com/rest/packages/packages#delete-package-version-for-an-organization
+//
+//meta:operation DELETE /orgs/{org}/packages/{package_type}/{package_name}/versions/{package_version_id}
 func (s *OrganizationsService) PackageDeleteVersion(ctx context.Context, org, packageType, packageName string, packageVersionID int64) (*Response, error) {
 	u := fmt.Sprintf("orgs/%v/packages/%v/%v/versions/%v", org, packageType, packageName, packageVersionID)
 	req, err := s.client.NewRequest("DELETE", u, nil)
@@ -135,9 +149,11 @@ func (s *OrganizationsService) PackageDeleteVersion(ctx context.Context, org, pa
 	return s.client.Do(ctx, req, nil)
 }
 
-// Restore a package version to an organization.
+// PackageRestoreVersion restores a package version to an organization.
+//
+// GitHub API docs: https://docs.github.com/rest/packages/packages#restore-package-version-for-an-organization
 //
-// GitHub API docs: https://docs.github.com/en/rest/packages#restore-package-version-for-an-organization
+//meta:operation POST /orgs/{org}/packages/{package_type}/{package_name}/versions/{package_version_id}/restore
 func (s *OrganizationsService) PackageRestoreVersion(ctx context.Context, org, packageType, packageName string, packageVersionID int64) (*Response, error) {
 	u := fmt.Sprintf("orgs/%v/packages/%v/%v/versions/%v/restore", org, packageType, packageName, packageVersionID)
 	req, err := s.client.NewRequest("POST", u, nil)
diff --git a/vendor/github.com/google/go-github/v56/github/orgs_personal_access_tokens.go b/vendor/github.com/google/go-github/v57/github/orgs_personal_access_tokens.go
similarity index 82%
rename from vendor/github.com/google/go-github/v56/github/orgs_personal_access_tokens.go
rename to vendor/github.com/google/go-github/v57/github/orgs_personal_access_tokens.go
index c30ff2843ee..0d786114f8c 100644
--- a/vendor/github.com/google/go-github/v56/github/orgs_personal_access_tokens.go
+++ b/vendor/github.com/google/go-github/v57/github/orgs_personal_access_tokens.go
@@ -21,7 +21,9 @@ type ReviewPersonalAccessTokenRequestOptions struct {
 // Only GitHub Apps can call this API, using the `organization_personal_access_token_requests: write` permission.
 // `action` can be one of `approve` or `deny`.
 //
-// GitHub API docs: https://docs.github.com/en/rest/orgs/personal-access-tokens?apiVersion=2022-11-28#review-a-request-to-access-organization-resources-with-a-fine-grained-personal-access-token
+// GitHub API docs: https://docs.github.com/rest/orgs/personal-access-tokens#review-a-request-to-access-organization-resources-with-a-fine-grained-personal-access-token
+//
+//meta:operation POST /orgs/{org}/personal-access-token-requests/{pat_request_id}
 func (s *OrganizationsService) ReviewPersonalAccessTokenRequest(ctx context.Context, org string, requestID int64, opts ReviewPersonalAccessTokenRequestOptions) (*Response, error) {
 	u := fmt.Sprintf("orgs/%v/personal-access-token-requests/%v", org, requestID)
 
diff --git a/vendor/github.com/google/go-github/v56/github/orgs_projects.go b/vendor/github.com/google/go-github/v57/github/orgs_projects.go
similarity index 84%
rename from vendor/github.com/google/go-github/v56/github/orgs_projects.go
rename to vendor/github.com/google/go-github/v57/github/orgs_projects.go
index d49eae54dce..454d8cf1c34 100644
--- a/vendor/github.com/google/go-github/v56/github/orgs_projects.go
+++ b/vendor/github.com/google/go-github/v57/github/orgs_projects.go
@@ -12,7 +12,9 @@ import (
 
 // ListProjects lists the projects for an organization.
 //
-// GitHub API docs: https://docs.github.com/en/rest/projects/projects#list-organization-projects
+// GitHub API docs: https://docs.github.com/rest/projects/projects#list-organization-projects
+//
+//meta:operation GET /orgs/{org}/projects
 func (s *OrganizationsService) ListProjects(ctx context.Context, org string, opts *ProjectListOptions) ([]*Project, *Response, error) {
 	u := fmt.Sprintf("orgs/%v/projects", org)
 	u, err := addOptions(u, opts)
@@ -39,7 +41,9 @@ func (s *OrganizationsService) ListProjects(ctx context.Context, org string, opt
 
 // CreateProject creates a GitHub Project for the specified organization.
 //
-// GitHub API docs: https://docs.github.com/en/rest/projects/projects#create-an-organization-project
+// GitHub API docs: https://docs.github.com/rest/projects/projects#create-an-organization-project
+//
+//meta:operation POST /orgs/{org}/projects
 func (s *OrganizationsService) CreateProject(ctx context.Context, org string, opts *ProjectOptions) (*Project, *Response, error) {
 	u := fmt.Sprintf("orgs/%v/projects", org)
 	req, err := s.client.NewRequest("POST", u, opts)
diff --git a/vendor/github.com/google/go-github/v57/github/orgs_properties.go b/vendor/github.com/google/go-github/v57/github/orgs_properties.go
new file mode 100644
index 00000000000..1daac811804
--- /dev/null
+++ b/vendor/github.com/google/go-github/v57/github/orgs_properties.go
@@ -0,0 +1,198 @@
+// Copyright 2023 The go-github AUTHORS. All rights reserved.
+//
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package github
+
+import (
+	"context"
+	"fmt"
+)
+
+// CustomProperty represents an organization custom property object.
+type CustomProperty struct {
+	// PropertyName is required for most endpoints except when calling CreateOrUpdateCustomProperty;
+	// where this is sent in the path and thus can be omitted.
+	PropertyName *string `json:"property_name,omitempty"`
+	// Possible values for ValueType are: string, single_select
+	ValueType     string   `json:"value_type"`
+	Required      *bool    `json:"required,omitempty"`
+	DefaultValue  *string  `json:"default_value,omitempty"`
+	Description   *string  `json:"description,omitempty"`
+	AllowedValues []string `json:"allowed_values,omitempty"`
+}
+
+// RepoCustomPropertyValue represents a repository custom property value.
+type RepoCustomPropertyValue struct {
+	RepositoryID       int64                  `json:"repository_id"`
+	RepositoryName     string                 `json:"repository_name"`
+	RepositoryFullName string                 `json:"repository_full_name"`
+	Properties         []*CustomPropertyValue `json:"properties"`
+}
+
+// CustomPropertyValue represents a custom property value.
+type CustomPropertyValue struct {
+	PropertyName string  `json:"property_name"`
+	Value        *string `json:"value,omitempty"`
+}
+
+// GetAllCustomProperties gets all custom properties that are defined for the specified organization.
+//
+// GitHub API docs: https://docs.github.com/rest/orgs/properties#get-all-custom-properties-for-an-organization
+//
+//meta:operation GET /orgs/{org}/properties/schema
+func (s *OrganizationsService) GetAllCustomProperties(ctx context.Context, org string) ([]*CustomProperty, *Response, error) {
+	u := fmt.Sprintf("orgs/%v/properties/schema", org)
+
+	req, err := s.client.NewRequest("GET", u, nil)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	var customProperties []*CustomProperty
+	resp, err := s.client.Do(ctx, req, &customProperties)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return customProperties, resp, nil
+}
+
+// CreateOrUpdateCustomProperties creates new or updates existing custom properties that are defined for the specified organization.
+//
+// GitHub API docs: https://docs.github.com/rest/orgs/properties#create-or-update-custom-properties-for-an-organization
+//
+//meta:operation PATCH /orgs/{org}/properties/schema
+func (s *OrganizationsService) CreateOrUpdateCustomProperties(ctx context.Context, org string, properties []*CustomProperty) ([]*CustomProperty, *Response, error) {
+	u := fmt.Sprintf("orgs/%v/properties/schema", org)
+
+	params := struct {
+		Properties []*CustomProperty `json:"properties"`
+	}{
+		Properties: properties,
+	}
+
+	req, err := s.client.NewRequest("PATCH", u, params)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	var customProperties []*CustomProperty
+	resp, err := s.client.Do(ctx, req, &customProperties)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return customProperties, resp, nil
+}
+
+// GetCustomProperty gets a custom property that is defined for the specified organization.
+//
+// GitHub API docs: https://docs.github.com/rest/orgs/properties#get-a-custom-property-for-an-organization
+//
+//meta:operation GET /orgs/{org}/properties/schema/{custom_property_name}
+func (s *OrganizationsService) GetCustomProperty(ctx context.Context, org, name string) (*CustomProperty, *Response, error) {
+	u := fmt.Sprintf("orgs/%v/properties/schema/%v", org, name)
+
+	req, err := s.client.NewRequest("GET", u, nil)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	var customProperty *CustomProperty
+	resp, err := s.client.Do(ctx, req, &customProperty)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return customProperty, resp, nil
+}
+
+// CreateOrUpdateCustomProperty creates a new or updates an existing custom property that is defined for the specified organization.
+//
+// GitHub API docs: https://docs.github.com/rest/orgs/properties#create-or-update-a-custom-property-for-an-organization
+//
+//meta:operation PUT /orgs/{org}/properties/schema/{custom_property_name}
+func (s *OrganizationsService) CreateOrUpdateCustomProperty(ctx context.Context, org, customPropertyName string, property *CustomProperty) (*CustomProperty, *Response, error) {
+	u := fmt.Sprintf("orgs/%v/properties/schema/%v", org, customPropertyName)
+
+	req, err := s.client.NewRequest("PUT", u, property)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	var customProperty *CustomProperty
+	resp, err := s.client.Do(ctx, req, &customProperty)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return customProperty, resp, nil
+}
+
+// RemoveCustomProperty removes a custom property that is defined for the specified organization.
+//
+// GitHub API docs: https://docs.github.com/rest/orgs/properties#remove-a-custom-property-for-an-organization
+//
+//meta:operation DELETE /orgs/{org}/properties/schema/{custom_property_name}
+func (s *OrganizationsService) RemoveCustomProperty(ctx context.Context, org, customPropertyName string) (*Response, error) {
+	u := fmt.Sprintf("orgs/%v/properties/schema/%v", org, customPropertyName)
+
+	req, err := s.client.NewRequest("DELETE", u, nil)
+	if err != nil {
+		return nil, err
+	}
+
+	return s.client.Do(ctx, req, nil)
+}
+
+// ListCustomPropertyValues lists all custom property values for repositories in the specified organization.
+//
+// GitHub API docs: https://docs.github.com/rest/orgs/properties#list-custom-property-values-for-organization-repositories
+//
+//meta:operation GET /orgs/{org}/properties/values
+func (s *OrganizationsService) ListCustomPropertyValues(ctx context.Context, org string, opts *ListOptions) ([]*RepoCustomPropertyValue, *Response, error) {
+	u := fmt.Sprintf("orgs/%v/properties/values", org)
+	u, err := addOptions(u, opts)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	req, err := s.client.NewRequest("GET", u, nil)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	var repoCustomPropertyValues []*RepoCustomPropertyValue
+	resp, err := s.client.Do(ctx, req, &repoCustomPropertyValues)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return repoCustomPropertyValues, resp, nil
+}
+
+// CreateOrUpdateRepoCustomPropertyValues creates new or updates existing custom property values across multiple repositories for the specified organization.
+//
+// GitHub API docs: https://docs.github.com/rest/orgs/properties#create-or-update-custom-property-values-for-organization-repositories
+//
+//meta:operation PATCH /orgs/{org}/properties/values
+func (s *OrganizationsService) CreateOrUpdateRepoCustomPropertyValues(ctx context.Context, org string, repoNames []string, properties []*CustomProperty) (*Response, error) {
+	u := fmt.Sprintf("orgs/%v/properties/values", org)
+
+	params := struct {
+		RepositoryNames []string          `json:"repository_names"`
+		Properties      []*CustomProperty `json:"properties"`
+	}{
+		RepositoryNames: repoNames,
+		Properties:      properties,
+	}
+
+	req, err := s.client.NewRequest("PATCH", u, params)
+	if err != nil {
+		return nil, err
+	}
+
+	return s.client.Do(ctx, req, nil)
+}
diff --git a/vendor/github.com/google/go-github/v56/github/orgs_rules.go b/vendor/github.com/google/go-github/v57/github/orgs_rules.go
similarity index 77%
rename from vendor/github.com/google/go-github/v56/github/orgs_rules.go
rename to vendor/github.com/google/go-github/v57/github/orgs_rules.go
index a3905af8fb3..37c06a7333c 100644
--- a/vendor/github.com/google/go-github/v56/github/orgs_rules.go
+++ b/vendor/github.com/google/go-github/v57/github/orgs_rules.go
@@ -12,7 +12,9 @@ import (
 
 // GetAllOrganizationRulesets gets all the rulesets for the specified organization.
 //
-// GitHub API docs: https://docs.github.com/en/rest/orgs/rules#get-all-organization-repository-rulesets
+// GitHub API docs: https://docs.github.com/rest/orgs/rules#get-all-organization-repository-rulesets
+//
+//meta:operation GET /orgs/{org}/rulesets
 func (s *OrganizationsService) GetAllOrganizationRulesets(ctx context.Context, org string) ([]*Ruleset, *Response, error) {
 	u := fmt.Sprintf("orgs/%v/rulesets", org)
 
@@ -32,7 +34,9 @@ func (s *OrganizationsService) GetAllOrganizationRulesets(ctx context.Context, o
 
 // CreateOrganizationRuleset creates a ruleset for the specified organization.
 //
-// GitHub API docs: https://docs.github.com/en/rest/orgs/rules#create-an-organization-repository-ruleset
+// GitHub API docs: https://docs.github.com/rest/orgs/rules#create-an-organization-repository-ruleset
+//
+//meta:operation POST /orgs/{org}/rulesets
 func (s *OrganizationsService) CreateOrganizationRuleset(ctx context.Context, org string, rs *Ruleset) (*Ruleset, *Response, error) {
 	u := fmt.Sprintf("orgs/%v/rulesets", org)
 
@@ -52,7 +56,9 @@ func (s *OrganizationsService) CreateOrganizationRuleset(ctx context.Context, or
 
 // GetOrganizationRuleset gets a ruleset from the specified organization.
 //
-// GitHub API docs: https://docs.github.com/en/rest/orgs/rules#get-an-organization-repository-ruleset
+// GitHub API docs: https://docs.github.com/rest/orgs/rules#get-an-organization-repository-ruleset
+//
+//meta:operation GET /orgs/{org}/rulesets/{ruleset_id}
 func (s *OrganizationsService) GetOrganizationRuleset(ctx context.Context, org string, rulesetID int64) (*Ruleset, *Response, error) {
 	u := fmt.Sprintf("orgs/%v/rulesets/%v", org, rulesetID)
 
@@ -72,7 +78,9 @@ func (s *OrganizationsService) GetOrganizationRuleset(ctx context.Context, org s
 
 // UpdateOrganizationRuleset updates a ruleset from the specified organization.
 //
-// GitHub API docs: https://docs.github.com/en/rest/orgs/rules#update-an-organization-repository-ruleset
+// GitHub API docs: https://docs.github.com/rest/orgs/rules#update-an-organization-repository-ruleset
+//
+//meta:operation PUT /orgs/{org}/rulesets/{ruleset_id}
 func (s *OrganizationsService) UpdateOrganizationRuleset(ctx context.Context, org string, rulesetID int64, rs *Ruleset) (*Ruleset, *Response, error) {
 	u := fmt.Sprintf("orgs/%v/rulesets/%v", org, rulesetID)
 
@@ -92,7 +100,9 @@ func (s *OrganizationsService) UpdateOrganizationRuleset(ctx context.Context, or
 
 // DeleteOrganizationRuleset deletes a ruleset from the specified organization.
 //
-// GitHub API docs: https://docs.github.com/en/rest/orgs/rules#delete-an-organization-repository-ruleset
+// GitHub API docs: https://docs.github.com/rest/orgs/rules#delete-an-organization-repository-ruleset
+//
+//meta:operation DELETE /orgs/{org}/rulesets/{ruleset_id}
 func (s *OrganizationsService) DeleteOrganizationRuleset(ctx context.Context, org string, rulesetID int64) (*Response, error) {
 	u := fmt.Sprintf("orgs/%v/rulesets/%v", org, rulesetID)
 
diff --git a/vendor/github.com/google/go-github/v56/github/orgs_security_managers.go b/vendor/github.com/google/go-github/v57/github/orgs_security_managers.go
similarity index 75%
rename from vendor/github.com/google/go-github/v56/github/orgs_security_managers.go
rename to vendor/github.com/google/go-github/v57/github/orgs_security_managers.go
index a3f002e0e1c..08037727320 100644
--- a/vendor/github.com/google/go-github/v56/github/orgs_security_managers.go
+++ b/vendor/github.com/google/go-github/v57/github/orgs_security_managers.go
@@ -12,7 +12,9 @@ import (
 
 // ListSecurityManagerTeams lists all security manager teams for an organization.
 //
-// GitHub API docs: https://docs.github.com/en/rest/orgs/security-managers#list-security-manager-teams
+// GitHub API docs: https://docs.github.com/rest/orgs/security-managers#list-security-manager-teams
+//
+//meta:operation GET /orgs/{org}/security-managers
 func (s *OrganizationsService) ListSecurityManagerTeams(ctx context.Context, org string) ([]*Team, *Response, error) {
 	u := fmt.Sprintf("orgs/%v/security-managers", org)
 
@@ -32,7 +34,9 @@ func (s *OrganizationsService) ListSecurityManagerTeams(ctx context.Context, org
 
 // AddSecurityManagerTeam adds a team to the list of security managers for an organization.
 //
-// GitHub API docs: https://docs.github.com/en/rest/orgs/security-managers#add-a-security-manager-team
+// GitHub API docs: https://docs.github.com/rest/orgs/security-managers#add-a-security-manager-team
+//
+//meta:operation PUT /orgs/{org}/security-managers/teams/{team_slug}
 func (s *OrganizationsService) AddSecurityManagerTeam(ctx context.Context, org, team string) (*Response, error) {
 	u := fmt.Sprintf("orgs/%v/security-managers/teams/%v", org, team)
 	req, err := s.client.NewRequest("PUT", u, nil)
@@ -45,7 +49,9 @@ func (s *OrganizationsService) AddSecurityManagerTeam(ctx context.Context, org,
 
 // RemoveSecurityManagerTeam removes a team from the list of security managers for an organization.
 //
-// GitHub API docs: https://docs.github.com/en/rest/orgs/security-managers#remove-a-security-manager-team
+// GitHub API docs: https://docs.github.com/rest/orgs/security-managers#remove-a-security-manager-team
+//
+//meta:operation DELETE /orgs/{org}/security-managers/teams/{team_slug}
 func (s *OrganizationsService) RemoveSecurityManagerTeam(ctx context.Context, org, team string) (*Response, error) {
 	u := fmt.Sprintf("orgs/%v/security-managers/teams/%v", org, team)
 	req, err := s.client.NewRequest("DELETE", u, nil)
diff --git a/vendor/github.com/google/go-github/v56/github/orgs_users_blocking.go b/vendor/github.com/google/go-github/v57/github/orgs_users_blocking.go
similarity index 79%
rename from vendor/github.com/google/go-github/v56/github/orgs_users_blocking.go
rename to vendor/github.com/google/go-github/v57/github/orgs_users_blocking.go
index 9c6cf60269e..62bd9116cde 100644
--- a/vendor/github.com/google/go-github/v56/github/orgs_users_blocking.go
+++ b/vendor/github.com/google/go-github/v57/github/orgs_users_blocking.go
@@ -12,7 +12,9 @@ import (
 
 // ListBlockedUsers lists all the users blocked by an organization.
 //
-// GitHub API docs: https://docs.github.com/en/rest/orgs/blocking#list-users-blocked-by-an-organization
+// GitHub API docs: https://docs.github.com/rest/orgs/blocking#list-users-blocked-by-an-organization
+//
+//meta:operation GET /orgs/{org}/blocks
 func (s *OrganizationsService) ListBlockedUsers(ctx context.Context, org string, opts *ListOptions) ([]*User, *Response, error) {
 	u := fmt.Sprintf("orgs/%v/blocks", org)
 	u, err := addOptions(u, opts)
@@ -39,7 +41,9 @@ func (s *OrganizationsService) ListBlockedUsers(ctx context.Context, org string,
 
 // IsBlocked reports whether specified user is blocked from an organization.
 //
-// GitHub API docs: https://docs.github.com/en/rest/orgs/blocking#check-if-a-user-is-blocked-by-an-organization
+// GitHub API docs: https://docs.github.com/rest/orgs/blocking#check-if-a-user-is-blocked-by-an-organization
+//
+//meta:operation GET /orgs/{org}/blocks/{username}
 func (s *OrganizationsService) IsBlocked(ctx context.Context, org string, user string) (bool, *Response, error) {
 	u := fmt.Sprintf("orgs/%v/blocks/%v", org, user)
 
@@ -58,7 +62,9 @@ func (s *OrganizationsService) IsBlocked(ctx context.Context, org string, user s
 
 // BlockUser blocks specified user from an organization.
 //
-// GitHub API docs: https://docs.github.com/en/rest/orgs/blocking#block-a-user-from-an-organization
+// GitHub API docs: https://docs.github.com/rest/orgs/blocking#block-a-user-from-an-organization
+//
+//meta:operation PUT /orgs/{org}/blocks/{username}
 func (s *OrganizationsService) BlockUser(ctx context.Context, org string, user string) (*Response, error) {
 	u := fmt.Sprintf("orgs/%v/blocks/%v", org, user)
 
@@ -75,7 +81,9 @@ func (s *OrganizationsService) BlockUser(ctx context.Context, org string, user s
 
 // UnblockUser unblocks specified user from an organization.
 //
-// GitHub API docs: https://docs.github.com/en/rest/orgs/blocking#unblock-a-user-from-an-organization
+// GitHub API docs: https://docs.github.com/rest/orgs/blocking#unblock-a-user-from-an-organization
+//
+//meta:operation DELETE /orgs/{org}/blocks/{username}
 func (s *OrganizationsService) UnblockUser(ctx context.Context, org string, user string) (*Response, error) {
 	u := fmt.Sprintf("orgs/%v/blocks/%v", org, user)
 
diff --git a/vendor/github.com/google/go-github/v56/github/packages.go b/vendor/github.com/google/go-github/v57/github/packages.go
similarity index 100%
rename from vendor/github.com/google/go-github/v56/github/packages.go
rename to vendor/github.com/google/go-github/v57/github/packages.go
diff --git a/vendor/github.com/google/go-github/v56/github/projects.go b/vendor/github.com/google/go-github/v57/github/projects.go
similarity index 86%
rename from vendor/github.com/google/go-github/v56/github/projects.go
rename to vendor/github.com/google/go-github/v57/github/projects.go
index df7ad6cd97e..c5c42f8939b 100644
--- a/vendor/github.com/google/go-github/v56/github/projects.go
+++ b/vendor/github.com/google/go-github/v57/github/projects.go
@@ -13,7 +13,7 @@ import (
 // ProjectsService provides access to the projects functions in the
 // GitHub API.
 //
-// GitHub API docs: https://docs.github.com/en/rest/projects
+// GitHub API docs: https://docs.github.com/rest/projects
 type ProjectsService service
 
 // Project represents a GitHub Project.
@@ -43,7 +43,9 @@ func (p Project) String() string {
 
 // GetProject gets a GitHub Project for a repo.
 //
-// GitHub API docs: https://docs.github.com/en/rest/projects/projects#get-a-project
+// GitHub API docs: https://docs.github.com/rest/projects/projects#get-a-project
+//
+//meta:operation GET /projects/{project_id}
 func (s *ProjectsService) GetProject(ctx context.Context, id int64) (*Project, *Response, error) {
 	u := fmt.Sprintf("projects/%v", id)
 	req, err := s.client.NewRequest("GET", u, nil)
@@ -90,7 +92,9 @@ type ProjectOptions struct {
 
 // UpdateProject updates a repository project.
 //
-// GitHub API docs: https://docs.github.com/en/rest/projects/projects#update-a-project
+// GitHub API docs: https://docs.github.com/rest/projects/projects#update-a-project
+//
+//meta:operation PATCH /projects/{project_id}
 func (s *ProjectsService) UpdateProject(ctx context.Context, id int64, opts *ProjectOptions) (*Project, *Response, error) {
 	u := fmt.Sprintf("projects/%v", id)
 	req, err := s.client.NewRequest("PATCH", u, opts)
@@ -112,7 +116,9 @@ func (s *ProjectsService) UpdateProject(ctx context.Context, id int64, opts *Pro
 
 // DeleteProject deletes a GitHub Project from a repository.
 //
-// GitHub API docs: https://docs.github.com/en/rest/projects/projects#delete-a-project
+// GitHub API docs: https://docs.github.com/rest/projects/projects#delete-a-project
+//
+//meta:operation DELETE /projects/{project_id}
 func (s *ProjectsService) DeleteProject(ctx context.Context, id int64) (*Response, error) {
 	u := fmt.Sprintf("projects/%v", id)
 	req, err := s.client.NewRequest("DELETE", u, nil)
@@ -128,7 +134,7 @@ func (s *ProjectsService) DeleteProject(ctx context.Context, id int64) (*Respons
 
 // ProjectColumn represents a column of a GitHub Project.
 //
-// GitHub API docs: https://docs.github.com/en/rest/repos/projects/
+// GitHub API docs: https://docs.github.com/rest/repos/projects/
 type ProjectColumn struct {
 	ID         *int64     `json:"id,omitempty"`
 	Name       *string    `json:"name,omitempty"`
@@ -142,7 +148,9 @@ type ProjectColumn struct {
 
 // ListProjectColumns lists the columns of a GitHub Project for a repo.
 //
-// GitHub API docs: https://docs.github.com/en/rest/projects/columns#list-project-columns
+// GitHub API docs: https://docs.github.com/rest/projects/columns#list-project-columns
+//
+//meta:operation GET /projects/{project_id}/columns
 func (s *ProjectsService) ListProjectColumns(ctx context.Context, projectID int64, opts *ListOptions) ([]*ProjectColumn, *Response, error) {
 	u := fmt.Sprintf("projects/%v/columns", projectID)
 	u, err := addOptions(u, opts)
@@ -169,7 +177,9 @@ func (s *ProjectsService) ListProjectColumns(ctx context.Context, projectID int6
 
 // GetProjectColumn gets a column of a GitHub Project for a repo.
 //
-// GitHub API docs: https://docs.github.com/en/rest/projects/columns#get-a-project-column
+// GitHub API docs: https://docs.github.com/rest/projects/columns#get-a-project-column
+//
+//meta:operation GET /projects/columns/{column_id}
 func (s *ProjectsService) GetProjectColumn(ctx context.Context, id int64) (*ProjectColumn, *Response, error) {
 	u := fmt.Sprintf("projects/columns/%v", id)
 	req, err := s.client.NewRequest("GET", u, nil)
@@ -199,7 +209,9 @@ type ProjectColumnOptions struct {
 
 // CreateProjectColumn creates a column for the specified (by number) project.
 //
-// GitHub API docs: https://docs.github.com/en/rest/projects/columns#create-a-project-column
+// GitHub API docs: https://docs.github.com/rest/projects/columns#create-a-project-column
+//
+//meta:operation POST /projects/{project_id}/columns
 func (s *ProjectsService) CreateProjectColumn(ctx context.Context, projectID int64, opts *ProjectColumnOptions) (*ProjectColumn, *Response, error) {
 	u := fmt.Sprintf("projects/%v/columns", projectID)
 	req, err := s.client.NewRequest("POST", u, opts)
@@ -221,7 +233,9 @@ func (s *ProjectsService) CreateProjectColumn(ctx context.Context, projectID int
 
 // UpdateProjectColumn updates a column of a GitHub Project.
 //
-// GitHub API docs: https://docs.github.com/en/rest/projects/columns#update-an-existing-project-column
+// GitHub API docs: https://docs.github.com/rest/projects/columns#update-an-existing-project-column
+//
+//meta:operation PATCH /projects/columns/{column_id}
 func (s *ProjectsService) UpdateProjectColumn(ctx context.Context, columnID int64, opts *ProjectColumnOptions) (*ProjectColumn, *Response, error) {
 	u := fmt.Sprintf("projects/columns/%v", columnID)
 	req, err := s.client.NewRequest("PATCH", u, opts)
@@ -243,7 +257,9 @@ func (s *ProjectsService) UpdateProjectColumn(ctx context.Context, columnID int6
 
 // DeleteProjectColumn deletes a column from a GitHub Project.
 //
-// GitHub API docs: https://docs.github.com/en/rest/projects/columns#delete-a-project-column
+// GitHub API docs: https://docs.github.com/rest/projects/columns#delete-a-project-column
+//
+//meta:operation DELETE /projects/columns/{column_id}
 func (s *ProjectsService) DeleteProjectColumn(ctx context.Context, columnID int64) (*Response, error) {
 	u := fmt.Sprintf("projects/columns/%v", columnID)
 	req, err := s.client.NewRequest("DELETE", u, nil)
@@ -267,7 +283,9 @@ type ProjectColumnMoveOptions struct {
 
 // MoveProjectColumn moves a column within a GitHub Project.
 //
-// GitHub API docs: https://docs.github.com/en/rest/projects/columns#move-a-project-column
+// GitHub API docs: https://docs.github.com/rest/projects/columns#move-a-project-column
+//
+//meta:operation POST /projects/columns/{column_id}/moves
 func (s *ProjectsService) MoveProjectColumn(ctx context.Context, columnID int64, opts *ProjectColumnMoveOptions) (*Response, error) {
 	u := fmt.Sprintf("projects/columns/%v/moves", columnID)
 	req, err := s.client.NewRequest("POST", u, opts)
@@ -283,7 +301,7 @@ func (s *ProjectsService) MoveProjectColumn(ctx context.Context, columnID int64,
 
 // ProjectCard represents a card in a column of a GitHub Project.
 //
-// GitHub API docs: https://docs.github.com/en/rest/projects/cards/#get-a-project-card
+// GitHub API docs: https://docs.github.com/rest/projects/cards/#get-a-project-card
 type ProjectCard struct {
 	URL        *string    `json:"url,omitempty"`
 	ColumnURL  *string    `json:"column_url,omitempty"`
@@ -318,7 +336,9 @@ type ProjectCardListOptions struct {
 
 // ListProjectCards lists the cards in a column of a GitHub Project.
 //
-// GitHub API docs: https://docs.github.com/en/rest/projects/cards#list-project-cards
+// GitHub API docs: https://docs.github.com/rest/projects/cards#list-project-cards
+//
+//meta:operation GET /projects/columns/{column_id}/cards
 func (s *ProjectsService) ListProjectCards(ctx context.Context, columnID int64, opts *ProjectCardListOptions) ([]*ProjectCard, *Response, error) {
 	u := fmt.Sprintf("projects/columns/%v/cards", columnID)
 	u, err := addOptions(u, opts)
@@ -345,7 +365,9 @@ func (s *ProjectsService) ListProjectCards(ctx context.Context, columnID int64,
 
 // GetProjectCard gets a card in a column of a GitHub Project.
 //
-// GitHub API docs: https://docs.github.com/en/rest/projects/cards#get-a-project-card
+// GitHub API docs: https://docs.github.com/rest/projects/cards#get-a-project-card
+//
+//meta:operation GET /projects/columns/cards/{card_id}
 func (s *ProjectsService) GetProjectCard(ctx context.Context, cardID int64) (*ProjectCard, *Response, error) {
 	u := fmt.Sprintf("projects/columns/cards/%v", cardID)
 	req, err := s.client.NewRequest("GET", u, nil)
@@ -383,7 +405,9 @@ type ProjectCardOptions struct {
 
 // CreateProjectCard creates a card in the specified column of a GitHub Project.
 //
-// GitHub API docs: https://docs.github.com/en/rest/projects/cards#create-a-project-card
+// GitHub API docs: https://docs.github.com/rest/projects/cards#create-a-project-card
+//
+//meta:operation POST /projects/columns/{column_id}/cards
 func (s *ProjectsService) CreateProjectCard(ctx context.Context, columnID int64, opts *ProjectCardOptions) (*ProjectCard, *Response, error) {
 	u := fmt.Sprintf("projects/columns/%v/cards", columnID)
 	req, err := s.client.NewRequest("POST", u, opts)
@@ -405,7 +429,9 @@ func (s *ProjectsService) CreateProjectCard(ctx context.Context, columnID int64,
 
 // UpdateProjectCard updates a card of a GitHub Project.
 //
-// GitHub API docs: https://docs.github.com/en/rest/projects/cards#update-an-existing-project-card
+// GitHub API docs: https://docs.github.com/rest/projects/cards#update-an-existing-project-card
+//
+//meta:operation PATCH /projects/columns/cards/{card_id}
 func (s *ProjectsService) UpdateProjectCard(ctx context.Context, cardID int64, opts *ProjectCardOptions) (*ProjectCard, *Response, error) {
 	u := fmt.Sprintf("projects/columns/cards/%v", cardID)
 	req, err := s.client.NewRequest("PATCH", u, opts)
@@ -427,7 +453,9 @@ func (s *ProjectsService) UpdateProjectCard(ctx context.Context, cardID int64, o
 
 // DeleteProjectCard deletes a card from a GitHub Project.
 //
-// GitHub API docs: https://docs.github.com/en/rest/projects/cards#delete-a-project-card
+// GitHub API docs: https://docs.github.com/rest/projects/cards#delete-a-project-card
+//
+//meta:operation DELETE /projects/columns/cards/{card_id}
 func (s *ProjectsService) DeleteProjectCard(ctx context.Context, cardID int64) (*Response, error) {
 	u := fmt.Sprintf("projects/columns/cards/%v", cardID)
 	req, err := s.client.NewRequest("DELETE", u, nil)
@@ -455,7 +483,9 @@ type ProjectCardMoveOptions struct {
 
 // MoveProjectCard moves a card within a GitHub Project.
 //
-// GitHub API docs: https://docs.github.com/en/rest/projects/cards#move-a-project-card
+// GitHub API docs: https://docs.github.com/rest/projects/cards#move-a-project-card
+//
+//meta:operation POST /projects/columns/cards/{card_id}/moves
 func (s *ProjectsService) MoveProjectCard(ctx context.Context, cardID int64, opts *ProjectCardMoveOptions) (*Response, error) {
 	u := fmt.Sprintf("projects/columns/cards/%v/moves", cardID)
 	req, err := s.client.NewRequest("POST", u, opts)
@@ -485,7 +515,9 @@ type ProjectCollaboratorOptions struct {
 // AddProjectCollaborator adds a collaborator to an organization project and sets
 // their permission level. You must be an organization owner or a project admin to add a collaborator.
 //
-// GitHub API docs: https://docs.github.com/en/rest/projects/collaborators#add-project-collaborator
+// GitHub API docs: https://docs.github.com/rest/projects/collaborators#add-project-collaborator
+//
+//meta:operation PUT /projects/{project_id}/collaborators/{username}
 func (s *ProjectsService) AddProjectCollaborator(ctx context.Context, id int64, username string, opts *ProjectCollaboratorOptions) (*Response, error) {
 	u := fmt.Sprintf("projects/%v/collaborators/%v", id, username)
 	req, err := s.client.NewRequest("PUT", u, opts)
@@ -502,7 +534,9 @@ func (s *ProjectsService) AddProjectCollaborator(ctx context.Context, id int64,
 // RemoveProjectCollaborator removes a collaborator from an organization project.
 // You must be an organization owner or a project admin to remove a collaborator.
 //
-// GitHub API docs: https://docs.github.com/en/rest/projects/collaborators#remove-user-as-a-collaborator
+// GitHub API docs: https://docs.github.com/rest/projects/collaborators#remove-user-as-a-collaborator
+//
+//meta:operation DELETE /projects/{project_id}/collaborators/{username}
 func (s *ProjectsService) RemoveProjectCollaborator(ctx context.Context, id int64, username string) (*Response, error) {
 	u := fmt.Sprintf("projects/%v/collaborators/%v", id, username)
 	req, err := s.client.NewRequest("DELETE", u, nil)
@@ -538,7 +572,9 @@ type ListCollaboratorOptions struct {
 // with access through default organization permissions, and organization owners. You must be an
 // organization owner or a project admin to list collaborators.
 //
-// GitHub API docs: https://docs.github.com/en/rest/projects/collaborators#list-project-collaborators
+// GitHub API docs: https://docs.github.com/rest/projects/collaborators#list-project-collaborators
+//
+//meta:operation GET /projects/{project_id}/collaborators
 func (s *ProjectsService) ListProjectCollaborators(ctx context.Context, id int64, opts *ListCollaboratorOptions) ([]*User, *Response, error) {
 	u := fmt.Sprintf("projects/%v/collaborators", id)
 	u, err := addOptions(u, opts)
@@ -576,7 +612,9 @@ type ProjectPermissionLevel struct {
 // project. Possible values for the permission key: "admin", "write", "read", "none".
 // You must be an organization owner or a project admin to review a user's permission level.
 //
-// GitHub API docs: https://docs.github.com/en/rest/projects/collaborators#get-project-permission-for-a-user
+// GitHub API docs: https://docs.github.com/rest/projects/collaborators#get-project-permission-for-a-user
+//
+//meta:operation GET /projects/{project_id}/collaborators/{username}/permission
 func (s *ProjectsService) ReviewProjectCollaboratorPermission(ctx context.Context, id int64, username string) (*ProjectPermissionLevel, *Response, error) {
 	u := fmt.Sprintf("projects/%v/collaborators/%v/permission", id, username)
 	req, err := s.client.NewRequest("GET", u, nil)
diff --git a/vendor/github.com/google/go-github/v56/github/pulls.go b/vendor/github.com/google/go-github/v57/github/pulls.go
similarity index 90%
rename from vendor/github.com/google/go-github/v56/github/pulls.go
rename to vendor/github.com/google/go-github/v57/github/pulls.go
index 29549e24b86..80df9fa688a 100644
--- a/vendor/github.com/google/go-github/v56/github/pulls.go
+++ b/vendor/github.com/google/go-github/v57/github/pulls.go
@@ -14,7 +14,7 @@ import (
 // PullRequestsService handles communication with the pull request related
 // methods of the GitHub API.
 //
-// GitHub API docs: https://docs.github.com/en/rest/pulls/
+// GitHub API docs: https://docs.github.com/rest/pulls/
 type PullRequestsService service
 
 // PullRequestAutoMerge represents the "auto_merge" response for a PullRequest.
@@ -72,7 +72,7 @@ type PullRequest struct {
 	AutoMerge           *PullRequestAutoMerge `json:"auto_merge,omitempty"`
 
 	// RequestedTeams is populated as part of the PullRequestEvent.
-	// See, https://docs.github.com/en/developers/webhooks-and-events/github-event-types#pullrequestevent for an example.
+	// See, https://docs.github.com/developers/webhooks-and-events/github-event-types#pullrequestevent for an example.
 	RequestedTeams []*Team `json:"requested_teams,omitempty"`
 
 	Links *PRLinks           `json:"_links,omitempty"`
@@ -142,7 +142,9 @@ type PullRequestListOptions struct {
 
 // List the pull requests for the specified repository.
 //
-// GitHub API docs: https://docs.github.com/en/rest/pulls/pulls#list-pull-requests
+// GitHub API docs: https://docs.github.com/rest/pulls/pulls#list-pull-requests
+//
+//meta:operation GET /repos/{owner}/{repo}/pulls
 func (s *PullRequestsService) List(ctx context.Context, owner string, repo string, opts *PullRequestListOptions) ([]*PullRequest, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/pulls", owner, repo)
 	u, err := addOptions(u, opts)
@@ -169,7 +171,9 @@ func (s *PullRequestsService) List(ctx context.Context, owner string, repo strin
 // The results may include open and closed pull requests.
 // By default, the PullRequestListOptions State filters for "open".
 //
-// GitHub API docs: https://docs.github.com/en/rest/commits/commits#list-pull-requests-associated-with-a-commit
+// GitHub API docs: https://docs.github.com/rest/commits/commits#list-pull-requests-associated-with-a-commit
+//
+//meta:operation GET /repos/{owner}/{repo}/commits/{commit_sha}/pulls
 func (s *PullRequestsService) ListPullRequestsWithCommit(ctx context.Context, owner, repo, sha string, opts *ListOptions) ([]*PullRequest, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/commits/%v/pulls", owner, repo, sha)
 	u, err := addOptions(u, opts)
@@ -195,7 +199,9 @@ func (s *PullRequestsService) ListPullRequestsWithCommit(ctx context.Context, ow
 
 // Get a single pull request.
 //
-// GitHub API docs: https://docs.github.com/en/rest/pulls/pulls#get-a-pull-request
+// GitHub API docs: https://docs.github.com/rest/pulls/pulls#get-a-pull-request
+//
+//meta:operation GET /repos/{owner}/{repo}/pulls/{pull_number}
 func (s *PullRequestsService) Get(ctx context.Context, owner string, repo string, number int) (*PullRequest, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/pulls/%d", owner, repo, number)
 	req, err := s.client.NewRequest("GET", u, nil)
@@ -214,7 +220,9 @@ func (s *PullRequestsService) Get(ctx context.Context, owner string, repo string
 
 // GetRaw gets a single pull request in raw (diff or patch) format.
 //
-// GitHub API docs: https://docs.github.com/en/rest/pulls/pulls#get-a-pull-request
+// GitHub API docs: https://docs.github.com/rest/pulls/pulls#get-a-pull-request
+//
+//meta:operation GET /repos/{owner}/{repo}/pulls/{pull_number}
 func (s *PullRequestsService) GetRaw(ctx context.Context, owner string, repo string, number int, opts RawOptions) (string, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/pulls/%d", owner, repo, number)
 	req, err := s.client.NewRequest("GET", u, nil)
@@ -254,7 +262,9 @@ type NewPullRequest struct {
 
 // Create a new pull request on the specified repository.
 //
-// GitHub API docs: https://docs.github.com/en/rest/pulls/pulls#create-a-pull-request
+// GitHub API docs: https://docs.github.com/rest/pulls/pulls#create-a-pull-request
+//
+//meta:operation POST /repos/{owner}/{repo}/pulls
 func (s *PullRequestsService) Create(ctx context.Context, owner string, repo string, pull *NewPullRequest) (*PullRequest, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/pulls", owner, repo)
 	req, err := s.client.NewRequest("POST", u, pull)
@@ -293,7 +303,9 @@ type PullRequestBranchUpdateResponse struct {
 // A follow up request, after a delay of a second or so, should result
 // in a successful request.
 //
-// GitHub API docs: https://docs.github.com/en/rest/pulls/pulls#update-a-pull-request-branch
+// GitHub API docs: https://docs.github.com/rest/pulls/pulls#update-a-pull-request-branch
+//
+//meta:operation PUT /repos/{owner}/{repo}/pulls/{pull_number}/update-branch
 func (s *PullRequestsService) UpdateBranch(ctx context.Context, owner, repo string, number int, opts *PullRequestBranchUpdateOptions) (*PullRequestBranchUpdateResponse, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/pulls/%d/update-branch", owner, repo, number)
 
@@ -328,7 +340,9 @@ type pullRequestUpdate struct {
 // The following fields are editable: Title, Body, State, Base.Ref and MaintainerCanModify.
 // Base.Ref updates the base branch of the pull request.
 //
-// GitHub API docs: https://docs.github.com/en/rest/pulls/pulls#update-a-pull-request
+// GitHub API docs: https://docs.github.com/rest/pulls/pulls#update-a-pull-request
+//
+//meta:operation PATCH /repos/{owner}/{repo}/pulls/{pull_number}
 func (s *PullRequestsService) Edit(ctx context.Context, owner string, repo string, number int, pull *PullRequest) (*PullRequest, *Response, error) {
 	if pull == nil {
 		return nil, nil, fmt.Errorf("pull must be provided")
@@ -365,7 +379,9 @@ func (s *PullRequestsService) Edit(ctx context.Context, owner string, repo strin
 
 // ListCommits lists the commits in a pull request.
 //
-// GitHub API docs: https://docs.github.com/en/rest/pulls/pulls#list-commits-on-a-pull-request
+// GitHub API docs: https://docs.github.com/rest/pulls/pulls#list-commits-on-a-pull-request
+//
+//meta:operation GET /repos/{owner}/{repo}/pulls/{pull_number}/commits
 func (s *PullRequestsService) ListCommits(ctx context.Context, owner string, repo string, number int, opts *ListOptions) ([]*RepositoryCommit, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/pulls/%d/commits", owner, repo, number)
 	u, err := addOptions(u, opts)
@@ -389,7 +405,9 @@ func (s *PullRequestsService) ListCommits(ctx context.Context, owner string, rep
 
 // ListFiles lists the files in a pull request.
 //
-// GitHub API docs: https://docs.github.com/en/rest/pulls/pulls#list-pull-requests-files
+// GitHub API docs: https://docs.github.com/rest/pulls/pulls#list-pull-requests-files
+//
+//meta:operation GET /repos/{owner}/{repo}/pulls/{pull_number}/files
 func (s *PullRequestsService) ListFiles(ctx context.Context, owner string, repo string, number int, opts *ListOptions) ([]*CommitFile, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/pulls/%d/files", owner, repo, number)
 	u, err := addOptions(u, opts)
@@ -413,7 +431,9 @@ func (s *PullRequestsService) ListFiles(ctx context.Context, owner string, repo
 
 // IsMerged checks if a pull request has been merged.
 //
-// GitHub API docs: https://docs.github.com/en/rest/pulls/pulls#check-if-a-pull-request-has-been-merged
+// GitHub API docs: https://docs.github.com/rest/pulls/pulls#check-if-a-pull-request-has-been-merged
+//
+//meta:operation GET /repos/{owner}/{repo}/pulls/{pull_number}/merge
 func (s *PullRequestsService) IsMerged(ctx context.Context, owner string, repo string, number int) (bool, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/pulls/%d/merge", owner, repo, number)
 	req, err := s.client.NewRequest("GET", u, nil)
@@ -455,7 +475,9 @@ type pullRequestMergeRequest struct {
 // Merge a pull request.
 // commitMessage is an extra detail to append to automatic commit message.
 //
-// GitHub API docs: https://docs.github.com/en/rest/pulls/pulls#merge-a-pull-request
+// GitHub API docs: https://docs.github.com/rest/pulls/pulls#merge-a-pull-request
+//
+//meta:operation PUT /repos/{owner}/{repo}/pulls/{pull_number}/merge
 func (s *PullRequestsService) Merge(ctx context.Context, owner string, repo string, number int, commitMessage string, options *PullRequestOptions) (*PullRequestMergeResult, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/pulls/%d/merge", owner, repo, number)
 
diff --git a/vendor/github.com/google/go-github/v56/github/pulls_comments.go b/vendor/github.com/google/go-github/v57/github/pulls_comments.go
similarity index 83%
rename from vendor/github.com/google/go-github/v56/github/pulls_comments.go
rename to vendor/github.com/google/go-github/v57/github/pulls_comments.go
index ea1cf45d1e8..a9ffe8d7cc1 100644
--- a/vendor/github.com/google/go-github/v56/github/pulls_comments.go
+++ b/vendor/github.com/google/go-github/v57/github/pulls_comments.go
@@ -41,7 +41,7 @@ type PullRequestComment struct {
 	URL               *string `json:"url,omitempty"`
 	HTMLURL           *string `json:"html_url,omitempty"`
 	PullRequestURL    *string `json:"pull_request_url,omitempty"`
-	// Can be one of: LINE, FILE from https://docs.github.com/en/rest/pulls/comments?apiVersion=2022-11-28#create-a-review-comment-for-a-pull-request
+	// Can be one of: LINE, FILE from https://docs.github.com/rest/pulls/comments#create-a-review-comment-for-a-pull-request
 	SubjectType *string `json:"subject_type,omitempty"`
 }
 
@@ -68,8 +68,11 @@ type PullRequestListCommentsOptions struct {
 // pull request number of 0 will return all comments on all pull requests for
 // the repository.
 //
-// GitHub API docs: https://docs.github.com/en/rest/pulls/comments#list-review-comments-on-a-pull-request
-// GitHub API docs: https://docs.github.com/en/rest/pulls/comments#list-review-comments-in-a-repository
+// GitHub API docs: https://docs.github.com/rest/pulls/comments#list-review-comments-in-a-repository
+// GitHub API docs: https://docs.github.com/rest/pulls/comments#list-review-comments-on-a-pull-request
+//
+//meta:operation GET /repos/{owner}/{repo}/pulls/comments
+//meta:operation GET /repos/{owner}/{repo}/pulls/{pull_number}/comments
 func (s *PullRequestsService) ListComments(ctx context.Context, owner, repo string, number int, opts *PullRequestListCommentsOptions) ([]*PullRequestComment, *Response, error) {
 	var u string
 	if number == 0 {
@@ -102,7 +105,9 @@ func (s *PullRequestsService) ListComments(ctx context.Context, owner, repo stri
 
 // GetComment fetches the specified pull request comment.
 //
-// GitHub API docs: https://docs.github.com/en/rest/pulls/comments#get-a-review-comment-for-a-pull-request
+// GitHub API docs: https://docs.github.com/rest/pulls/comments#get-a-review-comment-for-a-pull-request
+//
+//meta:operation GET /repos/{owner}/{repo}/pulls/comments/{comment_id}
 func (s *PullRequestsService) GetComment(ctx context.Context, owner, repo string, commentID int64) (*PullRequestComment, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/pulls/comments/%d", owner, repo, commentID)
 	req, err := s.client.NewRequest("GET", u, nil)
@@ -125,7 +130,9 @@ func (s *PullRequestsService) GetComment(ctx context.Context, owner, repo string
 
 // CreateComment creates a new comment on the specified pull request.
 //
-// GitHub API docs: https://docs.github.com/en/rest/pulls/comments#create-a-review-comment-for-a-pull-request
+// GitHub API docs: https://docs.github.com/rest/pulls/comments#create-a-review-comment-for-a-pull-request
+//
+//meta:operation POST /repos/{owner}/{repo}/pulls/{pull_number}/comments
 func (s *PullRequestsService) CreateComment(ctx context.Context, owner, repo string, number int, comment *PullRequestComment) (*PullRequestComment, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/pulls/%d/comments", owner, repo, number)
 	req, err := s.client.NewRequest("POST", u, comment)
@@ -147,7 +154,9 @@ func (s *PullRequestsService) CreateComment(ctx context.Context, owner, repo str
 
 // CreateCommentInReplyTo creates a new comment as a reply to an existing pull request comment.
 //
-// GitHub API docs: https://docs.github.com/en/rest/pulls/comments#create-a-review-comment-for-a-pull-request
+// GitHub API docs: https://docs.github.com/rest/pulls/comments#create-a-review-comment-for-a-pull-request
+//
+//meta:operation POST /repos/{owner}/{repo}/pulls/{pull_number}/comments
 func (s *PullRequestsService) CreateCommentInReplyTo(ctx context.Context, owner, repo string, number int, body string, commentID int64) (*PullRequestComment, *Response, error) {
 	comment := &struct {
 		Body      string `json:"body,omitempty"`
@@ -174,7 +183,9 @@ func (s *PullRequestsService) CreateCommentInReplyTo(ctx context.Context, owner,
 // EditComment updates a pull request comment.
 // A non-nil comment.Body must be provided. Other comment fields should be left nil.
 //
-// GitHub API docs: https://docs.github.com/en/rest/pulls/comments#update-a-review-comment-for-a-pull-request
+// GitHub API docs: https://docs.github.com/rest/pulls/comments#update-a-review-comment-for-a-pull-request
+//
+//meta:operation PATCH /repos/{owner}/{repo}/pulls/comments/{comment_id}
 func (s *PullRequestsService) EditComment(ctx context.Context, owner, repo string, commentID int64, comment *PullRequestComment) (*PullRequestComment, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/pulls/comments/%d", owner, repo, commentID)
 	req, err := s.client.NewRequest("PATCH", u, comment)
@@ -193,7 +204,9 @@ func (s *PullRequestsService) EditComment(ctx context.Context, owner, repo strin
 
 // DeleteComment deletes a pull request comment.
 //
-// GitHub API docs: https://docs.github.com/en/rest/pulls/comments#delete-a-review-comment-for-a-pull-request
+// GitHub API docs: https://docs.github.com/rest/pulls/comments#delete-a-review-comment-for-a-pull-request
+//
+//meta:operation DELETE /repos/{owner}/{repo}/pulls/comments/{comment_id}
 func (s *PullRequestsService) DeleteComment(ctx context.Context, owner, repo string, commentID int64) (*Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/pulls/comments/%d", owner, repo, commentID)
 	req, err := s.client.NewRequest("DELETE", u, nil)
diff --git a/vendor/github.com/google/go-github/v56/github/pulls_reviewers.go b/vendor/github.com/google/go-github/v57/github/pulls_reviewers.go
similarity index 79%
rename from vendor/github.com/google/go-github/v56/github/pulls_reviewers.go
rename to vendor/github.com/google/go-github/v57/github/pulls_reviewers.go
index 1c336540b81..3f0c50b746a 100644
--- a/vendor/github.com/google/go-github/v56/github/pulls_reviewers.go
+++ b/vendor/github.com/google/go-github/v57/github/pulls_reviewers.go
@@ -25,7 +25,9 @@ type Reviewers struct {
 
 // RequestReviewers creates a review request for the provided reviewers for the specified pull request.
 //
-// GitHub API docs: https://docs.github.com/en/rest/pulls/review-requests#request-reviewers-for-a-pull-request
+// GitHub API docs: https://docs.github.com/rest/pulls/review-requests#request-reviewers-for-a-pull-request
+//
+//meta:operation POST /repos/{owner}/{repo}/pulls/{pull_number}/requested_reviewers
 func (s *PullRequestsService) RequestReviewers(ctx context.Context, owner, repo string, number int, reviewers ReviewersRequest) (*PullRequest, *Response, error) {
 	u := fmt.Sprintf("repos/%s/%s/pulls/%d/requested_reviewers", owner, repo, number)
 	req, err := s.client.NewRequest("POST", u, &reviewers)
@@ -44,7 +46,9 @@ func (s *PullRequestsService) RequestReviewers(ctx context.Context, owner, repo
 
 // ListReviewers lists reviewers whose reviews have been requested on the specified pull request.
 //
-// GitHub API docs: https://docs.github.com/en/rest/pulls/review-requests#list-requested-reviewers-for-a-pull-request
+// GitHub API docs: https://docs.github.com/rest/pulls/review-requests#get-all-requested-reviewers-for-a-pull-request
+//
+//meta:operation GET /repos/{owner}/{repo}/pulls/{pull_number}/requested_reviewers
 func (s *PullRequestsService) ListReviewers(ctx context.Context, owner, repo string, number int, opts *ListOptions) (*Reviewers, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/pulls/%d/requested_reviewers", owner, repo, number)
 	u, err := addOptions(u, opts)
@@ -68,7 +72,9 @@ func (s *PullRequestsService) ListReviewers(ctx context.Context, owner, repo str
 
 // RemoveReviewers removes the review request for the provided reviewers for the specified pull request.
 //
-// GitHub API docs: https://docs.github.com/en/rest/pulls/review-requests#remove-requested-reviewers-from-a-pull-request
+// GitHub API docs: https://docs.github.com/rest/pulls/review-requests#remove-requested-reviewers-from-a-pull-request
+//
+//meta:operation DELETE /repos/{owner}/{repo}/pulls/{pull_number}/requested_reviewers
 func (s *PullRequestsService) RemoveReviewers(ctx context.Context, owner, repo string, number int, reviewers ReviewersRequest) (*Response, error) {
 	u := fmt.Sprintf("repos/%s/%s/pulls/%d/requested_reviewers", owner, repo, number)
 	req, err := s.client.NewRequest("DELETE", u, &reviewers)
diff --git a/vendor/github.com/google/go-github/v56/github/pulls_reviews.go b/vendor/github.com/google/go-github/v57/github/pulls_reviews.go
similarity index 86%
rename from vendor/github.com/google/go-github/v56/github/pulls_reviews.go
rename to vendor/github.com/google/go-github/v57/github/pulls_reviews.go
index addcce46834..27b8dc37d5d 100644
--- a/vendor/github.com/google/go-github/v56/github/pulls_reviews.go
+++ b/vendor/github.com/google/go-github/v57/github/pulls_reviews.go
@@ -100,7 +100,9 @@ func (r PullRequestReviewDismissalRequest) String() string {
 
 // ListReviews lists all reviews on the specified pull request.
 //
-// GitHub API docs: https://docs.github.com/en/rest/pulls/reviews#list-reviews-for-a-pull-request
+// GitHub API docs: https://docs.github.com/rest/pulls/reviews#list-reviews-for-a-pull-request
+//
+//meta:operation GET /repos/{owner}/{repo}/pulls/{pull_number}/reviews
 func (s *PullRequestsService) ListReviews(ctx context.Context, owner, repo string, number int, opts *ListOptions) ([]*PullRequestReview, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/pulls/%d/reviews", owner, repo, number)
 	u, err := addOptions(u, opts)
@@ -124,7 +126,9 @@ func (s *PullRequestsService) ListReviews(ctx context.Context, owner, repo strin
 
 // GetReview fetches the specified pull request review.
 //
-// GitHub API docs: https://docs.github.com/en/rest/pulls/reviews#get-a-review-for-a-pull-request
+// GitHub API docs: https://docs.github.com/rest/pulls/reviews#get-a-review-for-a-pull-request
+//
+//meta:operation GET /repos/{owner}/{repo}/pulls/{pull_number}/reviews/{review_id}
 func (s *PullRequestsService) GetReview(ctx context.Context, owner, repo string, number int, reviewID int64) (*PullRequestReview, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/pulls/%d/reviews/%d", owner, repo, number, reviewID)
 
@@ -144,7 +148,9 @@ func (s *PullRequestsService) GetReview(ctx context.Context, owner, repo string,
 
 // DeletePendingReview deletes the specified pull request pending review.
 //
-// GitHub API docs: https://docs.github.com/en/rest/pulls/reviews#delete-a-pending-review-for-a-pull-request
+// GitHub API docs: https://docs.github.com/rest/pulls/reviews#delete-a-pending-review-for-a-pull-request
+//
+//meta:operation DELETE /repos/{owner}/{repo}/pulls/{pull_number}/reviews/{review_id}
 func (s *PullRequestsService) DeletePendingReview(ctx context.Context, owner, repo string, number int, reviewID int64) (*PullRequestReview, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/pulls/%d/reviews/%d", owner, repo, number, reviewID)
 
@@ -164,7 +170,9 @@ func (s *PullRequestsService) DeletePendingReview(ctx context.Context, owner, re
 
 // ListReviewComments lists all the comments for the specified review.
 //
-// GitHub API docs: https://docs.github.com/en/rest/pulls/reviews#list-comments-for-a-pull-request-review
+// GitHub API docs: https://docs.github.com/rest/pulls/reviews#list-comments-for-a-pull-request-review
+//
+//meta:operation GET /repos/{owner}/{repo}/pulls/{pull_number}/reviews/{review_id}/comments
 func (s *PullRequestsService) ListReviewComments(ctx context.Context, owner, repo string, number int, reviewID int64, opts *ListOptions) ([]*PullRequestComment, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/pulls/%d/reviews/%d/comments", owner, repo, number, reviewID)
 	u, err := addOptions(u, opts)
@@ -188,8 +196,6 @@ func (s *PullRequestsService) ListReviewComments(ctx context.Context, owner, rep
 
 // CreateReview creates a new review on the specified pull request.
 //
-// GitHub API docs: https://docs.github.com/en/rest/pulls/reviews#create-a-review-for-a-pull-request
-//
 // In order to use multi-line comments, you must use the "comfort fade" preview.
 // This replaces the use of the "Position" field in comments with 4 new fields:
 //
@@ -223,6 +229,10 @@ func (s *PullRequestsService) ListReviewComments(ctx context.Context, owner, rep
 //	Use this instead.
 //	It is waaaaaay better.
 //	```
+//
+// GitHub API docs: https://docs.github.com/rest/pulls/reviews#create-a-review-for-a-pull-request
+//
+//meta:operation POST /repos/{owner}/{repo}/pulls/{pull_number}/reviews
 func (s *PullRequestsService) CreateReview(ctx context.Context, owner, repo string, number int, review *PullRequestReviewRequest) (*PullRequestReview, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/pulls/%d/reviews", owner, repo, number)
 
@@ -251,7 +261,9 @@ func (s *PullRequestsService) CreateReview(ctx context.Context, owner, repo stri
 
 // UpdateReview updates the review summary on the specified pull request.
 //
-// GitHub API docs: https://docs.github.com/en/rest/pulls/reviews#update-a-review-for-a-pull-request
+// GitHub API docs: https://docs.github.com/rest/pulls/reviews#update-a-review-for-a-pull-request
+//
+//meta:operation PUT /repos/{owner}/{repo}/pulls/{pull_number}/reviews/{review_id}
 func (s *PullRequestsService) UpdateReview(ctx context.Context, owner, repo string, number int, reviewID int64, body string) (*PullRequestReview, *Response, error) {
 	opts := &struct {
 		Body string `json:"body"`
@@ -274,7 +286,9 @@ func (s *PullRequestsService) UpdateReview(ctx context.Context, owner, repo stri
 
 // SubmitReview submits a specified review on the specified pull request.
 //
-// GitHub API docs: https://docs.github.com/en/rest/pulls/reviews#submit-a-review-for-a-pull-request
+// GitHub API docs: https://docs.github.com/rest/pulls/reviews#submit-a-review-for-a-pull-request
+//
+//meta:operation POST /repos/{owner}/{repo}/pulls/{pull_number}/reviews/{review_id}/events
 func (s *PullRequestsService) SubmitReview(ctx context.Context, owner, repo string, number int, reviewID int64, review *PullRequestReviewRequest) (*PullRequestReview, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/pulls/%d/reviews/%d/events", owner, repo, number, reviewID)
 
@@ -294,7 +308,9 @@ func (s *PullRequestsService) SubmitReview(ctx context.Context, owner, repo stri
 
 // DismissReview dismisses a specified review on the specified pull request.
 //
-// GitHub API docs: https://docs.github.com/en/rest/pulls/reviews#dismiss-a-review-for-a-pull-request
+// GitHub API docs: https://docs.github.com/rest/pulls/reviews#dismiss-a-review-for-a-pull-request
+//
+//meta:operation PUT /repos/{owner}/{repo}/pulls/{pull_number}/reviews/{review_id}/dismissals
 func (s *PullRequestsService) DismissReview(ctx context.Context, owner, repo string, number int, reviewID int64, review *PullRequestReviewDismissalRequest) (*PullRequestReview, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/pulls/%d/reviews/%d/dismissals", owner, repo, number, reviewID)
 
diff --git a/vendor/github.com/google/go-github/v56/github/pulls_threads.go b/vendor/github.com/google/go-github/v57/github/pulls_threads.go
similarity index 100%
rename from vendor/github.com/google/go-github/v56/github/pulls_threads.go
rename to vendor/github.com/google/go-github/v57/github/pulls_threads.go
diff --git a/vendor/github.com/google/go-github/v57/github/rate_limit.go b/vendor/github.com/google/go-github/v57/github/rate_limit.go
new file mode 100644
index 00000000000..0fc15f815e2
--- /dev/null
+++ b/vendor/github.com/google/go-github/v57/github/rate_limit.go
@@ -0,0 +1,113 @@
+// Copyright 2023 The go-github AUTHORS. All rights reserved.
+//
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package github
+
+import "context"
+
+// RateLimitService provides access to rate limit functions in the GitHub API.
+type RateLimitService service
+
+// Rate represents the rate limit for the current client.
+type Rate struct {
+	// The number of requests per hour the client is currently limited to.
+	Limit int `json:"limit"`
+
+	// The number of remaining requests the client can make this hour.
+	Remaining int `json:"remaining"`
+
+	// The time at which the current rate limit will reset.
+	Reset Timestamp `json:"reset"`
+}
+
+func (r Rate) String() string {
+	return Stringify(r)
+}
+
+// RateLimits represents the rate limits for the current client.
+type RateLimits struct {
+	// The rate limit for non-search API requests. Unauthenticated
+	// requests are limited to 60 per hour. Authenticated requests are
+	// limited to 5,000 per hour.
+	//
+	// GitHub API docs: https://docs.github.com/en/rest/overview/resources-in-the-rest-api#rate-limiting
+	Core *Rate `json:"core"`
+
+	// The rate limit for search API requests. Unauthenticated requests
+	// are limited to 10 requests per minutes. Authenticated requests are
+	// limited to 30 per minute.
+	//
+	// GitHub API docs: https://docs.github.com/en/rest/search#rate-limit
+	Search *Rate `json:"search"`
+
+	// GitHub API docs: https://docs.github.com/en/graphql/overview/resource-limitations#rate-limit
+	GraphQL *Rate `json:"graphql"`
+
+	// GitHub API dos: https://docs.github.com/en/rest/rate-limit
+	IntegrationManifest *Rate `json:"integration_manifest"`
+
+	SourceImport              *Rate `json:"source_import"`
+	CodeScanningUpload        *Rate `json:"code_scanning_upload"`
+	ActionsRunnerRegistration *Rate `json:"actions_runner_registration"`
+	SCIM                      *Rate `json:"scim"`
+}
+
+func (r RateLimits) String() string {
+	return Stringify(r)
+}
+
+// Get returns the rate limits for the current client.
+//
+// GitHub API docs: https://docs.github.com/rest/rate-limit/rate-limit#get-rate-limit-status-for-the-authenticated-user
+//
+//meta:operation GET /rate_limit
+func (s *RateLimitService) Get(ctx context.Context) (*RateLimits, *Response, error) {
+	req, err := s.client.NewRequest("GET", "rate_limit", nil)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	response := new(struct {
+		Resources *RateLimits `json:"resources"`
+	})
+
+	// This resource is not subject to rate limits.
+	ctx = context.WithValue(ctx, bypassRateLimitCheck, true)
+	resp, err := s.client.Do(ctx, req, response)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	if response.Resources != nil {
+		s.client.rateMu.Lock()
+		if response.Resources.Core != nil {
+			s.client.rateLimits[coreCategory] = *response.Resources.Core
+		}
+		if response.Resources.Search != nil {
+			s.client.rateLimits[searchCategory] = *response.Resources.Search
+		}
+		if response.Resources.GraphQL != nil {
+			s.client.rateLimits[graphqlCategory] = *response.Resources.GraphQL
+		}
+		if response.Resources.IntegrationManifest != nil {
+			s.client.rateLimits[integrationManifestCategory] = *response.Resources.IntegrationManifest
+		}
+		if response.Resources.SourceImport != nil {
+			s.client.rateLimits[sourceImportCategory] = *response.Resources.SourceImport
+		}
+		if response.Resources.CodeScanningUpload != nil {
+			s.client.rateLimits[codeScanningUploadCategory] = *response.Resources.CodeScanningUpload
+		}
+		if response.Resources.ActionsRunnerRegistration != nil {
+			s.client.rateLimits[actionsRunnerRegistrationCategory] = *response.Resources.ActionsRunnerRegistration
+		}
+		if response.Resources.SCIM != nil {
+			s.client.rateLimits[scimCategory] = *response.Resources.SCIM
+		}
+		s.client.rateMu.Unlock()
+	}
+
+	return response.Resources, resp, nil
+}
diff --git a/vendor/github.com/google/go-github/v56/github/reactions.go b/vendor/github.com/google/go-github/v57/github/reactions.go
similarity index 77%
rename from vendor/github.com/google/go-github/v56/github/reactions.go
rename to vendor/github.com/google/go-github/v57/github/reactions.go
index 14d193ae887..1aa7ac38f2a 100644
--- a/vendor/github.com/google/go-github/v56/github/reactions.go
+++ b/vendor/github.com/google/go-github/v57/github/reactions.go
@@ -14,7 +14,7 @@ import (
 // ReactionsService provides access to the reactions-related functions in the
 // GitHub API.
 //
-// GitHub API docs: https://docs.github.com/en/rest/reactions
+// GitHub API docs: https://docs.github.com/rest/reactions
 type ReactionsService service
 
 // Reaction represents a GitHub reaction.
@@ -60,7 +60,9 @@ type ListCommentReactionOptions struct {
 
 // ListCommentReactions lists the reactions for a commit comment.
 //
-// GitHub API docs: https://docs.github.com/en/rest/reactions#list-reactions-for-a-commit-comment
+// GitHub API docs: https://docs.github.com/rest/reactions/reactions#list-reactions-for-a-commit-comment
+//
+//meta:operation GET /repos/{owner}/{repo}/comments/{comment_id}/reactions
 func (s *ReactionsService) ListCommentReactions(ctx context.Context, owner, repo string, id int64, opts *ListCommentReactionOptions) ([]*Reaction, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/comments/%v/reactions", owner, repo, id)
 	u, err := addOptions(u, opts)
@@ -90,7 +92,9 @@ func (s *ReactionsService) ListCommentReactions(ctx context.Context, owner, repo
 // previously created reaction will be returned with Status: 200 OK.
 // The content should have one of the following values: "+1", "-1", "laugh", "confused", "heart", "hooray", "rocket", or "eyes".
 //
-// GitHub API docs: https://docs.github.com/en/rest/reactions#create-reaction-for-a-commit-comment
+// GitHub API docs: https://docs.github.com/rest/reactions/reactions#create-reaction-for-a-commit-comment
+//
+//meta:operation POST /repos/{owner}/{repo}/comments/{comment_id}/reactions
 func (s *ReactionsService) CreateCommentReaction(ctx context.Context, owner, repo string, id int64, content string) (*Reaction, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/comments/%v/reactions", owner, repo, id)
 
@@ -114,7 +118,9 @@ func (s *ReactionsService) CreateCommentReaction(ctx context.Context, owner, rep
 
 // DeleteCommentReaction deletes the reaction for a commit comment.
 //
-// GitHub API docs: https://docs.github.com/en/rest/reactions#delete-a-commit-comment-reaction
+// GitHub API docs: https://docs.github.com/rest/reactions/reactions#delete-a-commit-comment-reaction
+//
+//meta:operation DELETE /repos/{owner}/{repo}/comments/{comment_id}/reactions/{reaction_id}
 func (s *ReactionsService) DeleteCommentReaction(ctx context.Context, owner, repo string, commentID, reactionID int64) (*Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/comments/%v/reactions/%v", owner, repo, commentID, reactionID)
 
@@ -123,7 +129,9 @@ func (s *ReactionsService) DeleteCommentReaction(ctx context.Context, owner, rep
 
 // DeleteCommentReactionByID deletes the reaction for a commit comment by repository ID.
 //
-// GitHub API docs: https://docs.github.com/en/rest/reactions#delete-a-commit-comment-reaction
+// GitHub API docs: https://docs.github.com/rest/reactions/reactions#delete-a-commit-comment-reaction
+//
+//meta:operation DELETE /repos/{owner}/{repo}/comments/{comment_id}/reactions/{reaction_id}
 func (s *ReactionsService) DeleteCommentReactionByID(ctx context.Context, repoID, commentID, reactionID int64) (*Response, error) {
 	u := fmt.Sprintf("repositories/%v/comments/%v/reactions/%v", repoID, commentID, reactionID)
 
@@ -132,7 +140,9 @@ func (s *ReactionsService) DeleteCommentReactionByID(ctx context.Context, repoID
 
 // ListIssueReactions lists the reactions for an issue.
 //
-// GitHub API docs: https://docs.github.com/en/rest/reactions#list-reactions-for-an-issue
+// GitHub API docs: https://docs.github.com/rest/reactions/reactions#list-reactions-for-an-issue
+//
+//meta:operation GET /repos/{owner}/{repo}/issues/{issue_number}/reactions
 func (s *ReactionsService) ListIssueReactions(ctx context.Context, owner, repo string, number int, opts *ListOptions) ([]*Reaction, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/issues/%v/reactions", owner, repo, number)
 	u, err := addOptions(u, opts)
@@ -162,7 +172,9 @@ func (s *ReactionsService) ListIssueReactions(ctx context.Context, owner, repo s
 // previously created reaction will be returned with Status: 200 OK.
 // The content should have one of the following values: "+1", "-1", "laugh", "confused", "heart", "hooray", "rocket", or "eyes".
 //
-// GitHub API docs: https://docs.github.com/en/rest/reactions#create-reaction-for-an-issue
+// GitHub API docs: https://docs.github.com/rest/reactions/reactions#create-reaction-for-an-issue
+//
+//meta:operation POST /repos/{owner}/{repo}/issues/{issue_number}/reactions
 func (s *ReactionsService) CreateIssueReaction(ctx context.Context, owner, repo string, number int, content string) (*Reaction, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/issues/%v/reactions", owner, repo, number)
 
@@ -186,7 +198,9 @@ func (s *ReactionsService) CreateIssueReaction(ctx context.Context, owner, repo
 
 // DeleteIssueReaction deletes the reaction to an issue.
 //
-// GitHub API docs: https://docs.github.com/en/rest/reactions#delete-an-issue-reaction
+// GitHub API docs: https://docs.github.com/rest/reactions/reactions#delete-an-issue-reaction
+//
+//meta:operation DELETE /repos/{owner}/{repo}/issues/{issue_number}/reactions/{reaction_id}
 func (s *ReactionsService) DeleteIssueReaction(ctx context.Context, owner, repo string, issueNumber int, reactionID int64) (*Response, error) {
 	url := fmt.Sprintf("repos/%v/%v/issues/%v/reactions/%v", owner, repo, issueNumber, reactionID)
 
@@ -195,7 +209,9 @@ func (s *ReactionsService) DeleteIssueReaction(ctx context.Context, owner, repo
 
 // DeleteIssueReactionByID deletes the reaction to an issue by repository ID.
 //
-// GitHub API docs: https://docs.github.com/en/rest/reactions#delete-an-issue-reaction
+// GitHub API docs: https://docs.github.com/rest/reactions/reactions#delete-an-issue-reaction
+//
+//meta:operation DELETE /repos/{owner}/{repo}/issues/{issue_number}/reactions/{reaction_id}
 func (s *ReactionsService) DeleteIssueReactionByID(ctx context.Context, repoID, issueNumber int, reactionID int64) (*Response, error) {
 	url := fmt.Sprintf("repositories/%v/issues/%v/reactions/%v", repoID, issueNumber, reactionID)
 
@@ -204,7 +220,9 @@ func (s *ReactionsService) DeleteIssueReactionByID(ctx context.Context, repoID,
 
 // ListIssueCommentReactions lists the reactions for an issue comment.
 //
-// GitHub API docs: https://docs.github.com/en/rest/reactions#list-reactions-for-an-issue-comment
+// GitHub API docs: https://docs.github.com/rest/reactions/reactions#list-reactions-for-an-issue-comment
+//
+//meta:operation GET /repos/{owner}/{repo}/issues/comments/{comment_id}/reactions
 func (s *ReactionsService) ListIssueCommentReactions(ctx context.Context, owner, repo string, id int64, opts *ListOptions) ([]*Reaction, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/issues/comments/%v/reactions", owner, repo, id)
 	u, err := addOptions(u, opts)
@@ -234,7 +252,9 @@ func (s *ReactionsService) ListIssueCommentReactions(ctx context.Context, owner,
 // previously created reaction will be returned with Status: 200 OK.
 // The content should have one of the following values: "+1", "-1", "laugh", "confused", "heart", "hooray", "rocket", or "eyes".
 //
-// GitHub API docs: https://docs.github.com/en/rest/reactions#create-reaction-for-an-issue-comment
+// GitHub API docs: https://docs.github.com/rest/reactions/reactions#create-reaction-for-an-issue-comment
+//
+//meta:operation POST /repos/{owner}/{repo}/issues/comments/{comment_id}/reactions
 func (s *ReactionsService) CreateIssueCommentReaction(ctx context.Context, owner, repo string, id int64, content string) (*Reaction, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/issues/comments/%v/reactions", owner, repo, id)
 
@@ -258,7 +278,9 @@ func (s *ReactionsService) CreateIssueCommentReaction(ctx context.Context, owner
 
 // DeleteIssueCommentReaction deletes the reaction to an issue comment.
 //
-// GitHub API docs: https://docs.github.com/en/rest/reactions#delete-an-issue-comment-reaction
+// GitHub API docs: https://docs.github.com/rest/reactions/reactions#delete-an-issue-comment-reaction
+//
+//meta:operation DELETE /repos/{owner}/{repo}/issues/comments/{comment_id}/reactions/{reaction_id}
 func (s *ReactionsService) DeleteIssueCommentReaction(ctx context.Context, owner, repo string, commentID, reactionID int64) (*Response, error) {
 	url := fmt.Sprintf("repos/%v/%v/issues/comments/%v/reactions/%v", owner, repo, commentID, reactionID)
 
@@ -267,7 +289,9 @@ func (s *ReactionsService) DeleteIssueCommentReaction(ctx context.Context, owner
 
 // DeleteIssueCommentReactionByID deletes the reaction to an issue comment by repository ID.
 //
-// GitHub API docs: https://docs.github.com/en/rest/reactions#delete-an-issue-comment-reaction
+// GitHub API docs: https://docs.github.com/rest/reactions/reactions#delete-an-issue-comment-reaction
+//
+//meta:operation DELETE /repos/{owner}/{repo}/issues/comments/{comment_id}/reactions/{reaction_id}
 func (s *ReactionsService) DeleteIssueCommentReactionByID(ctx context.Context, repoID, commentID, reactionID int64) (*Response, error) {
 	url := fmt.Sprintf("repositories/%v/issues/comments/%v/reactions/%v", repoID, commentID, reactionID)
 
@@ -276,7 +300,9 @@ func (s *ReactionsService) DeleteIssueCommentReactionByID(ctx context.Context, r
 
 // ListPullRequestCommentReactions lists the reactions for a pull request review comment.
 //
-// GitHub API docs: https://docs.github.com/en/rest/reactions#list-reactions-for-a-pull-request-review-comment
+// GitHub API docs: https://docs.github.com/rest/reactions/reactions#list-reactions-for-a-pull-request-review-comment
+//
+//meta:operation GET /repos/{owner}/{repo}/pulls/comments/{comment_id}/reactions
 func (s *ReactionsService) ListPullRequestCommentReactions(ctx context.Context, owner, repo string, id int64, opts *ListOptions) ([]*Reaction, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/pulls/comments/%v/reactions", owner, repo, id)
 	u, err := addOptions(u, opts)
@@ -306,7 +332,9 @@ func (s *ReactionsService) ListPullRequestCommentReactions(ctx context.Context,
 // previously created reaction will be returned with Status: 200 OK.
 // The content should have one of the following values: "+1", "-1", "laugh", "confused", "heart", "hooray", "rocket", or "eyes".
 //
-// GitHub API docs: https://docs.github.com/en/rest/reactions#create-reaction-for-a-pull-request-review-comment
+// GitHub API docs: https://docs.github.com/rest/reactions/reactions#create-reaction-for-a-pull-request-review-comment
+//
+//meta:operation POST /repos/{owner}/{repo}/pulls/comments/{comment_id}/reactions
 func (s *ReactionsService) CreatePullRequestCommentReaction(ctx context.Context, owner, repo string, id int64, content string) (*Reaction, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/pulls/comments/%v/reactions", owner, repo, id)
 
@@ -330,7 +358,9 @@ func (s *ReactionsService) CreatePullRequestCommentReaction(ctx context.Context,
 
 // DeletePullRequestCommentReaction deletes the reaction to a pull request review comment.
 //
-// GitHub API docs: https://docs.github.com/en/rest/reactions#delete-a-pull-request-comment-reaction
+// GitHub API docs: https://docs.github.com/rest/reactions/reactions#delete-a-pull-request-comment-reaction
+//
+//meta:operation DELETE /repos/{owner}/{repo}/pulls/comments/{comment_id}/reactions/{reaction_id}
 func (s *ReactionsService) DeletePullRequestCommentReaction(ctx context.Context, owner, repo string, commentID, reactionID int64) (*Response, error) {
 	url := fmt.Sprintf("repos/%v/%v/pulls/comments/%v/reactions/%v", owner, repo, commentID, reactionID)
 
@@ -339,7 +369,9 @@ func (s *ReactionsService) DeletePullRequestCommentReaction(ctx context.Context,
 
 // DeletePullRequestCommentReactionByID deletes the reaction to a pull request review comment by repository ID.
 //
-// GitHub API docs: https://docs.github.com/en/rest/reactions#delete-a-pull-request-comment-reaction
+// GitHub API docs: https://docs.github.com/rest/reactions/reactions#delete-a-pull-request-comment-reaction
+//
+//meta:operation DELETE /repos/{owner}/{repo}/pulls/comments/{comment_id}/reactions/{reaction_id}
 func (s *ReactionsService) DeletePullRequestCommentReactionByID(ctx context.Context, repoID, commentID, reactionID int64) (*Response, error) {
 	url := fmt.Sprintf("repositories/%v/pulls/comments/%v/reactions/%v", repoID, commentID, reactionID)
 
@@ -348,7 +380,9 @@ func (s *ReactionsService) DeletePullRequestCommentReactionByID(ctx context.Cont
 
 // ListTeamDiscussionReactions lists the reactions for a team discussion.
 //
-// GitHub API docs: https://docs.github.com/en/rest/reactions#list-reactions-for-a-team-discussion-legacy
+// GitHub API docs: https://docs.github.com/rest/reactions/reactions#list-reactions-for-a-team-discussion-legacy
+//
+//meta:operation GET /teams/{team_id}/discussions/{discussion_number}/reactions
 func (s *ReactionsService) ListTeamDiscussionReactions(ctx context.Context, teamID int64, discussionNumber int, opts *ListOptions) ([]*Reaction, *Response, error) {
 	u := fmt.Sprintf("teams/%v/discussions/%v/reactions", teamID, discussionNumber)
 	u, err := addOptions(u, opts)
@@ -375,7 +409,9 @@ func (s *ReactionsService) ListTeamDiscussionReactions(ctx context.Context, team
 // CreateTeamDiscussionReaction creates a reaction for a team discussion.
 // The content should have one of the following values: "+1", "-1", "laugh", "confused", "heart", "hooray", "rocket", or "eyes".
 //
-// GitHub API docs: https://docs.github.com/en/rest/reactions#create-reaction-for-a-team-discussion-legacy
+// GitHub API docs: https://docs.github.com/rest/reactions/reactions#create-reaction-for-a-team-discussion-legacy
+//
+//meta:operation POST /teams/{team_id}/discussions/{discussion_number}/reactions
 func (s *ReactionsService) CreateTeamDiscussionReaction(ctx context.Context, teamID int64, discussionNumber int, content string) (*Reaction, *Response, error) {
 	u := fmt.Sprintf("teams/%v/discussions/%v/reactions", teamID, discussionNumber)
 
@@ -398,7 +434,9 @@ func (s *ReactionsService) CreateTeamDiscussionReaction(ctx context.Context, tea
 
 // DeleteTeamDiscussionReaction deletes the reaction to a team discussion.
 //
-// GitHub API docs: https://docs.github.com/en/rest/reactions#delete-team-discussion-reaction
+// GitHub API docs: https://docs.github.com/rest/reactions/reactions#delete-team-discussion-reaction
+//
+//meta:operation DELETE /orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions/{reaction_id}
 func (s *ReactionsService) DeleteTeamDiscussionReaction(ctx context.Context, org, teamSlug string, discussionNumber int, reactionID int64) (*Response, error) {
 	url := fmt.Sprintf("orgs/%v/teams/%v/discussions/%v/reactions/%v", org, teamSlug, discussionNumber, reactionID)
 
@@ -407,7 +445,9 @@ func (s *ReactionsService) DeleteTeamDiscussionReaction(ctx context.Context, org
 
 // DeleteTeamDiscussionReactionByOrgIDAndTeamID deletes the reaction to a team discussion by organization ID and team ID.
 //
-// GitHub API docs: https://docs.github.com/en/rest/reactions#create-reaction-for-a-team-discussion
+// GitHub API docs: https://docs.github.com/rest/reactions/reactions#create-reaction-for-a-team-discussion
+//
+//meta:operation POST /orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions
 func (s *ReactionsService) DeleteTeamDiscussionReactionByOrgIDAndTeamID(ctx context.Context, orgID, teamID, discussionNumber int, reactionID int64) (*Response, error) {
 	url := fmt.Sprintf("organizations/%v/team/%v/discussions/%v/reactions/%v", orgID, teamID, discussionNumber, reactionID)
 
@@ -416,7 +456,9 @@ func (s *ReactionsService) DeleteTeamDiscussionReactionByOrgIDAndTeamID(ctx cont
 
 // ListTeamDiscussionCommentReactions lists the reactions for a team discussion comment.
 //
-// GitHub API docs: https://docs.github.com/en/rest/reactions#list-reactions-for-a-team-discussion-comment-legacy
+// GitHub API docs: https://docs.github.com/rest/reactions/reactions#list-reactions-for-a-team-discussion-comment-legacy
+//
+//meta:operation GET /teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}/reactions
 func (s *ReactionsService) ListTeamDiscussionCommentReactions(ctx context.Context, teamID int64, discussionNumber, commentNumber int, opts *ListOptions) ([]*Reaction, *Response, error) {
 	u := fmt.Sprintf("teams/%v/discussions/%v/comments/%v/reactions", teamID, discussionNumber, commentNumber)
 	u, err := addOptions(u, opts)
@@ -442,7 +484,9 @@ func (s *ReactionsService) ListTeamDiscussionCommentReactions(ctx context.Contex
 // CreateTeamDiscussionCommentReaction creates a reaction for a team discussion comment.
 // The content should have one of the following values: "+1", "-1", "laugh", "confused", "heart", "hooray", "rocket", or "eyes".
 //
-// GitHub API docs: https://docs.github.com/en/rest/reactions#create-reaction-for-a-team-discussion-comment-legacy
+// GitHub API docs: https://docs.github.com/rest/reactions/reactions#create-reaction-for-a-team-discussion-comment-legacy
+//
+//meta:operation POST /teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}/reactions
 func (s *ReactionsService) CreateTeamDiscussionCommentReaction(ctx context.Context, teamID int64, discussionNumber, commentNumber int, content string) (*Reaction, *Response, error) {
 	u := fmt.Sprintf("teams/%v/discussions/%v/comments/%v/reactions", teamID, discussionNumber, commentNumber)
 
@@ -465,7 +509,9 @@ func (s *ReactionsService) CreateTeamDiscussionCommentReaction(ctx context.Conte
 
 // DeleteTeamDiscussionCommentReaction deletes the reaction to a team discussion comment.
 //
-// GitHub API docs: https://docs.github.com/en/rest/reactions#delete-team-discussion-comment-reaction
+// GitHub API docs: https://docs.github.com/rest/reactions/reactions#delete-team-discussion-comment-reaction
+//
+//meta:operation DELETE /orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions/{reaction_id}
 func (s *ReactionsService) DeleteTeamDiscussionCommentReaction(ctx context.Context, org, teamSlug string, discussionNumber, commentNumber int, reactionID int64) (*Response, error) {
 	url := fmt.Sprintf("orgs/%v/teams/%v/discussions/%v/comments/%v/reactions/%v", org, teamSlug, discussionNumber, commentNumber, reactionID)
 
@@ -474,7 +520,9 @@ func (s *ReactionsService) DeleteTeamDiscussionCommentReaction(ctx context.Conte
 
 // DeleteTeamDiscussionCommentReactionByOrgIDAndTeamID deletes the reaction to a team discussion comment by organization ID and team ID.
 //
-// GitHub API docs: https://docs.github.com/en/rest/reactions#create-reaction-for-a-team-discussion-comment
+// GitHub API docs: https://docs.github.com/rest/reactions/reactions#create-reaction-for-a-team-discussion-comment
+//
+//meta:operation POST /orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions
 func (s *ReactionsService) DeleteTeamDiscussionCommentReactionByOrgIDAndTeamID(ctx context.Context, orgID, teamID, discussionNumber, commentNumber int, reactionID int64) (*Response, error) {
 	url := fmt.Sprintf("organizations/%v/team/%v/discussions/%v/comments/%v/reactions/%v", orgID, teamID, discussionNumber, commentNumber, reactionID)
 
@@ -493,12 +541,14 @@ func (s *ReactionsService) deleteReaction(ctx context.Context, url string) (*Res
 	return s.client.Do(ctx, req, nil)
 }
 
-// Create a reaction to a release.
+// CreateReleaseReaction creates a reaction to a release.
 // Note that a response with a Status: 200 OK means that you already
 // added the reaction type to this release.
 // The content should have one of the following values: "+1", "-1", "laugh", "confused", "heart", "hooray", "rocket", or "eyes".
 //
-// GitHub API docs: https://docs.github.com/en/rest/reactions#create-reaction-for-a-release
+// GitHub API docs: https://docs.github.com/rest/reactions/reactions#create-reaction-for-a-release
+//
+//meta:operation POST /repos/{owner}/{repo}/releases/{release_id}/reactions
 func (s *ReactionsService) CreateReleaseReaction(ctx context.Context, owner, repo string, releaseID int64, content string) (*Reaction, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/releases/%v/reactions", owner, repo, releaseID)
 
diff --git a/vendor/github.com/google/go-github/v56/github/repos.go b/vendor/github.com/google/go-github/v57/github/repos.go
similarity index 84%
rename from vendor/github.com/google/go-github/v56/github/repos.go
rename to vendor/github.com/google/go-github/v57/github/repos.go
index f2059926ec8..5fcf219b3cf 100644
--- a/vendor/github.com/google/go-github/v56/github/repos.go
+++ b/vendor/github.com/google/go-github/v57/github/repos.go
@@ -22,7 +22,7 @@ var ErrBranchNotProtected = errors.New("branch is not protected")
 // RepositoriesService handles communication with the repository related
 // methods of the GitHub API.
 //
-// GitHub API docs: https://docs.github.com/en/rest/repos/
+// GitHub API docs: https://docs.github.com/rest/repos/
 type RepositoriesService service
 
 // Repository represents a GitHub repository.
@@ -141,7 +141,7 @@ type Repository struct {
 	TeamsURL         *string `json:"teams_url,omitempty"`
 
 	// TextMatches is only populated from search results that request text matches
-	// See: search.go and https://docs.github.com/en/rest/search/#text-match-metadata
+	// See: search.go and https://docs.github.com/rest/search/#text-match-metadata
 	TextMatches []*TextMatch `json:"text_matches,omitempty"`
 
 	// Visibility is only used for Create and Edit endpoints. The visibility field
@@ -150,7 +150,7 @@ type Repository struct {
 	Visibility *string `json:"visibility,omitempty"`
 
 	// RoleName is only returned by the API 'check team permissions for a repository'.
-	// See: teams.go (IsTeamRepoByID) https://docs.github.com/en/rest/teams/teams#check-team-permissions-for-a-repository
+	// See: teams.go (IsTeamRepoByID) https://docs.github.com/rest/teams/teams#check-team-permissions-for-a-repository
 	RoleName *string `json:"role_name,omitempty"`
 }
 
@@ -173,33 +173,19 @@ type BranchListOptions struct {
 // RepositoryListOptions specifies the optional parameters to the
 // RepositoriesService.List method.
 type RepositoryListOptions struct {
-	// Visibility of repositories to list. Can be one of all, public, or private.
-	// Default: all
+	// See RepositoryListByAuthenticatedUserOptions.Visibility
 	Visibility string `url:"visibility,omitempty"`
 
-	// List repos of given affiliation[s].
-	// Comma-separated list of values. Can include:
-	// * owner: Repositories that are owned by the authenticated user.
-	// * collaborator: Repositories that the user has been added to as a
-	//   collaborator.
-	// * organization_member: Repositories that the user has access to through
-	//   being a member of an organization. This includes every repository on
-	//   every team that the user is on.
-	// Default: owner,collaborator,organization_member
+	// See RepositoryListByAuthenticatedUserOptions.Affiliation
 	Affiliation string `url:"affiliation,omitempty"`
 
-	// Type of repositories to list.
-	// Can be one of all, owner, public, private, member. Default: all
-	// Will cause a 422 error if used in the same request as visibility or
-	// affiliation.
+	// See RepositoryListByUserOptions.Type or RepositoryListByAuthenticatedUserOptions.Type
 	Type string `url:"type,omitempty"`
 
-	// How to sort the repository list. Can be one of created, updated, pushed,
-	// full_name. Default: full_name
+	// See RepositoryListByUserOptions.Sort or RepositoryListByAuthenticatedUserOptions.Sort
 	Sort string `url:"sort,omitempty"`
 
-	// Direction in which to sort repositories. Can be one of asc or desc.
-	// Default: when using full_name: asc; otherwise desc
+	// See RepositoryListByUserOptions.Direction or RepositoryListByAuthenticatedUserOptions.Direction
 	Direction string `url:"direction,omitempty"`
 
 	ListOptions
@@ -220,7 +206,7 @@ func (s SecurityAndAnalysis) String() string {
 
 // AdvancedSecurity specifies the state of advanced security on a repository.
 //
-// GitHub API docs: https://docs.github.com/en/github/getting-started-with-github/learning-about-github/about-github-advanced-security
+// GitHub API docs: https://docs.github.com/github/getting-started-with-github/learning-about-github/about-github-advanced-security
 type AdvancedSecurity struct {
 	Status *string `json:"status,omitempty"`
 }
@@ -231,7 +217,7 @@ func (a AdvancedSecurity) String() string {
 
 // SecretScanning specifies the state of secret scanning on a repository.
 //
-// GitHub API docs: https://docs.github.com/en/code-security/secret-security/about-secret-scanning
+// GitHub API docs: https://docs.github.com/code-security/secret-security/about-secret-scanning
 type SecretScanning struct {
 	Status *string `json:"status,omitempty"`
 }
@@ -242,7 +228,7 @@ func (s SecretScanning) String() string {
 
 // SecretScanningPushProtection specifies the state of secret scanning push protection on a repository.
 //
-// GitHub API docs: https://docs.github.com/en/code-security/secret-scanning/about-secret-scanning#about-secret-scanning-for-partner-patterns
+// GitHub API docs: https://docs.github.com/code-security/secret-scanning/about-secret-scanning#about-secret-scanning-for-partner-patterns
 type SecretScanningPushProtection struct {
 	Status *string `json:"status,omitempty"`
 }
@@ -253,7 +239,7 @@ func (s SecretScanningPushProtection) String() string {
 
 // DependabotSecurityUpdates specifies the state of Dependabot security updates on a repository.
 //
-// GitHub API docs: https://docs.github.com/en/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates
+// GitHub API docs: https://docs.github.com/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates
 type DependabotSecurityUpdates struct {
 	Status *string `json:"status,omitempty"`
 }
@@ -262,18 +248,66 @@ func (d DependabotSecurityUpdates) String() string {
 	return Stringify(d)
 }
 
-// List the repositories for a user. Passing the empty string will list
-// repositories for the authenticated user.
+// List calls either RepositoriesService.ListByUser or RepositoriesService.ListByAuthenticatedUser
+// depending on whether user is empty.
+//
+// Deprecated: Use RepositoriesService.ListByUser or RepositoriesService.ListByAuthenticatedUser instead.
+//
+// GitHub API docs: https://docs.github.com/rest/repos/repos#list-repositories-for-a-user
+// GitHub API docs: https://docs.github.com/rest/repos/repos#list-repositories-for-the-authenticated-user
 //
-// GitHub API docs: https://docs.github.com/en/rest/repos/repos#list-repositories-for-the-authenticated-user
-// GitHub API docs: https://docs.github.com/en/rest/repos/repos#list-repositories-for-a-user
+//meta:operation GET /user/repos
+//meta:operation GET /users/{username}/repos
 func (s *RepositoriesService) List(ctx context.Context, user string, opts *RepositoryListOptions) ([]*Repository, *Response, error) {
-	var u string
-	if user != "" {
-		u = fmt.Sprintf("users/%v/repos", user)
-	} else {
-		u = "user/repos"
+	if opts == nil {
+		opts = &RepositoryListOptions{}
 	}
+	if user != "" {
+		return s.ListByUser(ctx, user, &RepositoryListByUserOptions{
+			Type:        opts.Type,
+			Sort:        opts.Sort,
+			Direction:   opts.Direction,
+			ListOptions: opts.ListOptions,
+		})
+	}
+	return s.ListByAuthenticatedUser(ctx, &RepositoryListByAuthenticatedUserOptions{
+		Visibility:  opts.Visibility,
+		Affiliation: opts.Affiliation,
+		Type:        opts.Type,
+		Sort:        opts.Sort,
+		Direction:   opts.Direction,
+		ListOptions: opts.ListOptions,
+	})
+}
+
+// RepositoryListByUserOptions specifies the optional parameters to the
+// RepositoriesService.ListByUser method.
+type RepositoryListByUserOptions struct {
+	// Limit results to repositories of the specified type.
+	// Default: owner
+	// Can be one of: all, owner, member
+	Type string `url:"type,omitempty"`
+
+	// The property to sort the results by.
+	// Default: full_name
+	// Can be one of: created, updated, pushed, full_name
+	Sort string `url:"sort,omitempty"`
+
+	// The order to sort by.
+	// Default: asc when using full_name, otherwise desc.
+	// Can be one of: asc, desc
+	Direction string `url:"direction,omitempty"`
+
+	ListOptions
+}
+
+// ListByUser lists public repositories for the specified user.
+//
+// GitHub API docs: https://docs.github.com/rest/repos/repos#list-repositories-for-a-user
+//
+//meta:operation GET /users/{username}/repos
+func (s *RepositoriesService) ListByUser(ctx context.Context, user string, opts *RepositoryListByUserOptions) ([]*Repository, *Response, error) {
+	u := fmt.Sprintf("users/%v/repos", user)
 	u, err := addOptions(u, opts)
 	if err != nil {
 		return nil, nil, err
@@ -284,9 +318,68 @@ func (s *RepositoriesService) List(ctx context.Context, user string, opts *Repos
 		return nil, nil, err
 	}
 
-	// TODO: remove custom Accept headers when APIs fully launch.
-	acceptHeaders := []string{mediaTypeTopicsPreview, mediaTypeRepositoryVisibilityPreview}
-	req.Header.Set("Accept", strings.Join(acceptHeaders, ", "))
+	var repos []*Repository
+	resp, err := s.client.Do(ctx, req, &repos)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return repos, resp, nil
+}
+
+// RepositoryListByAuthenticatedUserOptions specifies the optional parameters to the
+// RepositoriesService.ListByAuthenticatedUser method.
+type RepositoryListByAuthenticatedUserOptions struct {
+	// Limit results to repositories with the specified visibility.
+	// Default: all
+	// Can be one of: all, public, private
+	Visibility string `url:"visibility,omitempty"`
+
+	// List repos of given affiliation[s].
+	// Comma-separated list of values. Can include:
+	// * owner: Repositories that are owned by the authenticated user.
+	// * collaborator: Repositories that the user has been added to as a
+	//   collaborator.
+	// * organization_member: Repositories that the user has access to through
+	//   being a member of an organization. This includes every repository on
+	//   every team that the user is on.
+	// Default: owner,collaborator,organization_member
+	Affiliation string `url:"affiliation,omitempty"`
+
+	// Limit results to repositories of the specified type. Will cause a 422 error if
+	// used in the same request as visibility or affiliation.
+	// Default: all
+	// Can be one of: all, owner, public, private, member
+	Type string `url:"type,omitempty"`
+
+	// The property to sort the results by.
+	// Default: full_name
+	// Can be one of: created, updated, pushed, full_name
+	Sort string `url:"sort,omitempty"`
+
+	// Direction in which to sort repositories. Can be one of asc or desc.
+	// Default: when using full_name: asc; otherwise desc
+	Direction string `url:"direction,omitempty"`
+
+	ListOptions
+}
+
+// ListByAuthenticatedUser lists repositories for the authenticated user.
+//
+// GitHub API docs: https://docs.github.com/rest/repos/repos#list-repositories-for-the-authenticated-user
+//
+//meta:operation GET /user/repos
+func (s *RepositoriesService) ListByAuthenticatedUser(ctx context.Context, opts *RepositoryListByAuthenticatedUserOptions) ([]*Repository, *Response, error) {
+	u := "user/repos"
+	u, err := addOptions(u, opts)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	req, err := s.client.NewRequest("GET", u, nil)
+	if err != nil {
+		return nil, nil, err
+	}
 
 	var repos []*Repository
 	resp, err := s.client.Do(ctx, req, &repos)
@@ -317,7 +410,9 @@ type RepositoryListByOrgOptions struct {
 
 // ListByOrg lists the repositories for an organization.
 //
-// GitHub API docs: https://docs.github.com/en/rest/repos/repos#list-organization-repositories
+// GitHub API docs: https://docs.github.com/rest/repos/repos#list-organization-repositories
+//
+//meta:operation GET /orgs/{org}/repos
 func (s *RepositoriesService) ListByOrg(ctx context.Context, org string, opts *RepositoryListByOrgOptions) ([]*Repository, *Response, error) {
 	u := fmt.Sprintf("orgs/%v/repos", org)
 	u, err := addOptions(u, opts)
@@ -352,7 +447,9 @@ type RepositoryListAllOptions struct {
 
 // ListAll lists all GitHub repositories in the order that they were created.
 //
-// GitHub API docs: https://docs.github.com/en/rest/repos/repos#list-public-repositories
+// GitHub API docs: https://docs.github.com/rest/repos/repos#list-public-repositories
+//
+//meta:operation GET /repositories
 func (s *RepositoriesService) ListAll(ctx context.Context, opts *RepositoryListAllOptions) ([]*Repository, *Response, error) {
 	u, err := addOptions("repositories", opts)
 	if err != nil {
@@ -424,8 +521,11 @@ type createRepoRequest struct {
 // changes propagate throughout its servers. You may set up a loop with
 // exponential back-off to verify repository's creation.
 //
-// GitHub API docs: https://docs.github.com/en/rest/repos/repos#create-a-repository-for-the-authenticated-user
-// GitHub API docs: https://docs.github.com/en/rest/repos/repos#create-an-organization-repository
+// GitHub API docs: https://docs.github.com/rest/repos/repos#create-a-repository-for-the-authenticated-user
+// GitHub API docs: https://docs.github.com/rest/repos/repos#create-an-organization-repository
+//
+//meta:operation POST /orgs/{org}/repos
+//meta:operation POST /user/repos
 func (s *RepositoriesService) Create(ctx context.Context, org string, repo *Repository) (*Repository, *Response, error) {
 	var u string
 	if org != "" {
@@ -492,7 +592,9 @@ type TemplateRepoRequest struct {
 
 // CreateFromTemplate generates a repository from a template.
 //
-// GitHub API docs: https://docs.github.com/en/rest/repos/repos#create-a-repository-using-a-template
+// GitHub API docs: https://docs.github.com/rest/repos/repos#create-a-repository-using-a-template
+//
+//meta:operation POST /repos/{template_owner}/{template_repo}/generate
 func (s *RepositoriesService) CreateFromTemplate(ctx context.Context, templateOwner, templateRepo string, templateRepoReq *TemplateRepoRequest) (*Repository, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/generate", templateOwner, templateRepo)
 
@@ -513,7 +615,9 @@ func (s *RepositoriesService) CreateFromTemplate(ctx context.Context, templateOw
 
 // Get fetches a repository.
 //
-// GitHub API docs: https://docs.github.com/en/rest/repos/repos#get-a-repository
+// GitHub API docs: https://docs.github.com/rest/repos/repos#get-a-repository
+//
+//meta:operation GET /repos/{owner}/{repo}
 func (s *RepositoriesService) Get(ctx context.Context, owner, repo string) (*Repository, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v", owner, repo)
 	req, err := s.client.NewRequest("GET", u, nil)
@@ -522,7 +626,7 @@ func (s *RepositoriesService) Get(ctx context.Context, owner, repo string) (*Rep
 	}
 
 	// TODO: remove custom Accept header when the license support fully launches
-	// https://docs.github.com/en/rest/licenses/#get-a-repositorys-license
+	// https://docs.github.com/rest/licenses/#get-a-repositorys-license
 	acceptHeaders := []string{
 		mediaTypeCodesOfConductPreview,
 		mediaTypeTopicsPreview,
@@ -541,10 +645,12 @@ func (s *RepositoriesService) Get(ctx context.Context, owner, repo string) (*Rep
 }
 
 // GetCodeOfConduct gets the contents of a repository's code of conduct.
-// Note that https://docs.github.com/en/rest/codes-of-conduct#about-the-codes-of-conduct-api
+// Note that https://docs.github.com/rest/codes-of-conduct#about-the-codes-of-conduct-api
 // says to use the GET /repos/{owner}/{repo} endpoint.
 //
-// GitHub API docs: https://docs.github.com/en/rest/repos/repos#update-a-repository
+// GitHub API docs: https://docs.github.com/rest/repos/repos#get-a-repository
+//
+//meta:operation GET /repos/{owner}/{repo}
 func (s *RepositoriesService) GetCodeOfConduct(ctx context.Context, owner, repo string) (*CodeOfConduct, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v", owner, repo)
 	req, err := s.client.NewRequest("GET", u, nil)
@@ -566,7 +672,9 @@ func (s *RepositoriesService) GetCodeOfConduct(ctx context.Context, owner, repo
 
 // GetByID fetches a repository.
 //
-// Note: GetByID uses the undocumented GitHub API endpoint /repositories/:id.
+// Note: GetByID uses the undocumented GitHub API endpoint "GET /repositories/{repository_id}".
+//
+//meta:operation GET /repositories/{repository_id}
 func (s *RepositoriesService) GetByID(ctx context.Context, id int64) (*Repository, *Response, error) {
 	u := fmt.Sprintf("repositories/%d", id)
 	req, err := s.client.NewRequest("GET", u, nil)
@@ -585,7 +693,9 @@ func (s *RepositoriesService) GetByID(ctx context.Context, id int64) (*Repositor
 
 // Edit updates a repository.
 //
-// GitHub API docs: https://docs.github.com/en/rest/repos/repos#update-a-repository
+// GitHub API docs: https://docs.github.com/rest/repos/repos#update-a-repository
+//
+//meta:operation PATCH /repos/{owner}/{repo}
 func (s *RepositoriesService) Edit(ctx context.Context, owner, repo string, repository *Repository) (*Repository, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v", owner, repo)
 	req, err := s.client.NewRequest("PATCH", u, repository)
@@ -606,7 +716,9 @@ func (s *RepositoriesService) Edit(ctx context.Context, owner, repo string, repo
 
 // Delete a repository.
 //
-// GitHub API docs: https://docs.github.com/en/rest/repos/repos#delete-a-repository
+// GitHub API docs: https://docs.github.com/rest/repos/repos#delete-a-repository
+//
+//meta:operation DELETE /repos/{owner}/{repo}
 func (s *RepositoriesService) Delete(ctx context.Context, owner, repo string) (*Response, error) {
 	u := fmt.Sprintf("repos/%v/%v", owner, repo)
 	req, err := s.client.NewRequest("DELETE", u, nil)
@@ -653,7 +765,9 @@ type ListContributorsOptions struct {
 
 // GetVulnerabilityAlerts checks if vulnerability alerts are enabled for a repository.
 //
-// GitHub API docs: https://docs.github.com/en/rest/repos/repos#check-if-vulnerability-alerts-are-enabled-for-a-repository
+// GitHub API docs: https://docs.github.com/rest/repos/repos#check-if-vulnerability-alerts-are-enabled-for-a-repository
+//
+//meta:operation GET /repos/{owner}/{repo}/vulnerability-alerts
 func (s *RepositoriesService) GetVulnerabilityAlerts(ctx context.Context, owner, repository string) (bool, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/vulnerability-alerts", owner, repository)
 
@@ -672,7 +786,9 @@ func (s *RepositoriesService) GetVulnerabilityAlerts(ctx context.Context, owner,
 
 // EnableVulnerabilityAlerts enables vulnerability alerts and the dependency graph for a repository.
 //
-// GitHub API docs: https://docs.github.com/en/rest/repos/repos#enable-vulnerability-alerts
+// GitHub API docs: https://docs.github.com/rest/repos/repos#enable-vulnerability-alerts
+//
+//meta:operation PUT /repos/{owner}/{repo}/vulnerability-alerts
 func (s *RepositoriesService) EnableVulnerabilityAlerts(ctx context.Context, owner, repository string) (*Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/vulnerability-alerts", owner, repository)
 
@@ -689,7 +805,9 @@ func (s *RepositoriesService) EnableVulnerabilityAlerts(ctx context.Context, own
 
 // DisableVulnerabilityAlerts disables vulnerability alerts and the dependency graph for a repository.
 //
-// GitHub API docs: https://docs.github.com/en/rest/repos/repos#disable-vulnerability-alerts
+// GitHub API docs: https://docs.github.com/rest/repos/repos#disable-vulnerability-alerts
+//
+//meta:operation DELETE /repos/{owner}/{repo}/vulnerability-alerts
 func (s *RepositoriesService) DisableVulnerabilityAlerts(ctx context.Context, owner, repository string) (*Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/vulnerability-alerts", owner, repository)
 
@@ -706,7 +824,9 @@ func (s *RepositoriesService) DisableVulnerabilityAlerts(ctx context.Context, ow
 
 // GetAutomatedSecurityFixes checks if the automated security fixes for a repository are enabled.
 //
-// GitHub API docs: https://docs.github.com/en/rest/repos/repos?apiVersion=2022-11-28#check-if-automated-security-fixes-are-enabled-for-a-repository
+// GitHub API docs: https://docs.github.com/rest/repos/repos#check-if-automated-security-fixes-are-enabled-for-a-repository
+//
+//meta:operation GET /repos/{owner}/{repo}/automated-security-fixes
 func (s *RepositoriesService) GetAutomatedSecurityFixes(ctx context.Context, owner, repository string) (*AutomatedSecurityFixes, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/automated-security-fixes", owner, repository)
 
@@ -725,7 +845,9 @@ func (s *RepositoriesService) GetAutomatedSecurityFixes(ctx context.Context, own
 
 // EnableAutomatedSecurityFixes enables the automated security fixes for a repository.
 //
-// GitHub API docs: https://docs.github.com/en/rest/repos/repos#enable-automated-security-fixes
+// GitHub API docs: https://docs.github.com/rest/repos/repos#enable-automated-security-fixes
+//
+//meta:operation PUT /repos/{owner}/{repo}/automated-security-fixes
 func (s *RepositoriesService) EnableAutomatedSecurityFixes(ctx context.Context, owner, repository string) (*Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/automated-security-fixes", owner, repository)
 
@@ -739,7 +861,9 @@ func (s *RepositoriesService) EnableAutomatedSecurityFixes(ctx context.Context,
 
 // DisableAutomatedSecurityFixes disables vulnerability alerts and the dependency graph for a repository.
 //
-// GitHub API docs: https://docs.github.com/en/rest/repos/repos#disable-automated-security-fixes
+// GitHub API docs: https://docs.github.com/rest/repos/repos#disable-automated-security-fixes
+//
+//meta:operation DELETE /repos/{owner}/{repo}/automated-security-fixes
 func (s *RepositoriesService) DisableAutomatedSecurityFixes(ctx context.Context, owner, repository string) (*Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/automated-security-fixes", owner, repository)
 
@@ -753,7 +877,9 @@ func (s *RepositoriesService) DisableAutomatedSecurityFixes(ctx context.Context,
 
 // ListContributors lists contributors for a repository.
 //
-// GitHub API docs: https://docs.github.com/en/rest/repos/repos#list-repository-contributors
+// GitHub API docs: https://docs.github.com/rest/repos/repos#list-repository-contributors
+//
+//meta:operation GET /repos/{owner}/{repo}/contributors
 func (s *RepositoriesService) ListContributors(ctx context.Context, owner string, repository string, opts *ListContributorsOptions) ([]*Contributor, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/contributors", owner, repository)
 	u, err := addOptions(u, opts)
@@ -784,7 +910,9 @@ func (s *RepositoriesService) ListContributors(ctx context.Context, owner string
 //	  "Python": 7769
 //	}
 //
-// GitHub API docs: https://docs.github.com/en/rest/repos/repos#list-repository-languages
+// GitHub API docs: https://docs.github.com/rest/repos/repos#list-repository-languages
+//
+//meta:operation GET /repos/{owner}/{repo}/languages
 func (s *RepositoriesService) ListLanguages(ctx context.Context, owner string, repo string) (map[string]int, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/languages", owner, repo)
 	req, err := s.client.NewRequest("GET", u, nil)
@@ -803,7 +931,9 @@ func (s *RepositoriesService) ListLanguages(ctx context.Context, owner string, r
 
 // ListTeams lists the teams for the specified repository.
 //
-// GitHub API docs: https://docs.github.com/en/rest/repos/repos#list-repository-teams
+// GitHub API docs: https://docs.github.com/rest/repos/repos#list-repository-teams
+//
+//meta:operation GET /repos/{owner}/{repo}/teams
 func (s *RepositoriesService) ListTeams(ctx context.Context, owner string, repo string, opts *ListOptions) ([]*Team, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/teams", owner, repo)
 	u, err := addOptions(u, opts)
@@ -835,7 +965,9 @@ type RepositoryTag struct {
 
 // ListTags lists tags for the specified repository.
 //
-// GitHub API docs: https://docs.github.com/en/rest/repos/repos#list-repository-tags
+// GitHub API docs: https://docs.github.com/rest/repos/repos#list-repository-tags
+//
+//meta:operation GET /repos/{owner}/{repo}/tags
 func (s *RepositoriesService) ListTags(ctx context.Context, owner string, repo string, opts *ListOptions) ([]*RepositoryTag, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/tags", owner, repo)
 	u, err := addOptions(u, opts)
@@ -1055,7 +1187,7 @@ type RequiredStatusChecks struct {
 	Contexts []string `json:"contexts,omitempty"`
 	// The list of status checks to require in order to merge into this
 	// branch.
-	Checks      []*RequiredStatusCheck `json:"checks"`
+	Checks      []*RequiredStatusCheck `json:"checks,omitempty"`
 	ContextsURL *string                `json:"contexts_url,omitempty"`
 	URL         *string                `json:"url,omitempty"`
 }
@@ -1153,7 +1285,8 @@ type AllowForcePushes struct {
 	Enabled bool `json:"enabled"`
 }
 
-// RequiredConversationResolution, if enabled, requires all comments on the pull request to be resolved before it can be merged to a protected branch.
+// RequiredConversationResolution requires all comments on the pull request to be resolved before it can be
+// merged to a protected branch when enabled.
 type RequiredConversationResolution struct {
 	Enabled bool `json:"enabled"`
 }
@@ -1250,7 +1383,9 @@ type AutomatedSecurityFixes struct {
 
 // ListBranches lists branches for the specified repository.
 //
-// GitHub API docs: https://docs.github.com/en/rest/branches/branches#list-branches
+// GitHub API docs: https://docs.github.com/rest/branches/branches#list-branches
+//
+//meta:operation GET /repos/{owner}/{repo}/branches
 func (s *RepositoriesService) ListBranches(ctx context.Context, owner string, repo string, opts *BranchListOptions) ([]*Branch, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/branches", owner, repo)
 	u, err := addOptions(u, opts)
@@ -1276,7 +1411,9 @@ func (s *RepositoriesService) ListBranches(ctx context.Context, owner string, re
 //
 // Note: the branch name is URL path escaped for you. See: https://pkg.go.dev/net/url#PathEscape .
 //
-// GitHub API docs: https://docs.github.com/en/rest/branches/branches#get-a-branch
+// GitHub API docs: https://docs.github.com/rest/branches/branches#get-a-branch
+//
+//meta:operation GET /repos/{owner}/{repo}/branches/{branch}
 func (s *RepositoriesService) GetBranch(ctx context.Context, owner, repo, branch string, maxRedirects int) (*Branch, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/branches/%v", owner, repo, url.PathEscape(branch))
 
@@ -1307,7 +1444,9 @@ type renameBranchRequest struct {
 //
 // Note: the branch name is URL path escaped for you. See: https://pkg.go.dev/net/url#PathEscape .
 //
-// GitHub API docs: https://docs.github.com/en/rest/branches/branches#rename-a-branch
+// GitHub API docs: https://docs.github.com/rest/branches/branches#rename-a-branch
+//
+//meta:operation POST /repos/{owner}/{repo}/branches/{branch}/rename
 func (s *RepositoriesService) RenameBranch(ctx context.Context, owner, repo, branch, newName string) (*Branch, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/branches/%v/rename", owner, repo, url.PathEscape(branch))
 	r := &renameBranchRequest{NewName: newName}
@@ -1329,7 +1468,9 @@ func (s *RepositoriesService) RenameBranch(ctx context.Context, owner, repo, bra
 //
 // Note: the branch name is URL path escaped for you. See: https://pkg.go.dev/net/url#PathEscape .
 //
-// GitHub API docs: https://docs.github.com/en/rest/branches/branch-protection#get-branch-protection
+// GitHub API docs: https://docs.github.com/rest/branches/branch-protection#get-branch-protection
+//
+//meta:operation GET /repos/{owner}/{repo}/branches/{branch}/protection
 func (s *RepositoriesService) GetBranchProtection(ctx context.Context, owner, repo, branch string) (*Protection, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/branches/%v/protection", owner, repo, url.PathEscape(branch))
 	req, err := s.client.NewRequest("GET", u, nil)
@@ -1356,7 +1497,9 @@ func (s *RepositoriesService) GetBranchProtection(ctx context.Context, owner, re
 //
 // Note: the branch name is URL path escaped for you. See: https://pkg.go.dev/net/url#PathEscape .
 //
-// GitHub API docs: https://docs.github.com/en/rest/branches/branch-protection#get-status-checks-protection
+// GitHub API docs: https://docs.github.com/rest/branches/branch-protection#get-status-checks-protection
+//
+//meta:operation GET /repos/{owner}/{repo}/branches/{branch}/protection/required_status_checks
 func (s *RepositoriesService) GetRequiredStatusChecks(ctx context.Context, owner, repo, branch string) (*RequiredStatusChecks, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/branches/%v/protection/required_status_checks", owner, repo, url.PathEscape(branch))
 	req, err := s.client.NewRequest("GET", u, nil)
@@ -1380,7 +1523,9 @@ func (s *RepositoriesService) GetRequiredStatusChecks(ctx context.Context, owner
 //
 // Note: the branch name is URL path escaped for you. See: https://pkg.go.dev/net/url#PathEscape .
 //
-// GitHub API docs: https://docs.github.com/en/rest/branches/branch-protection#get-all-status-check-contexts
+// GitHub API docs: https://docs.github.com/rest/branches/branch-protection#get-all-status-check-contexts
+//
+//meta:operation GET /repos/{owner}/{repo}/branches/{branch}/protection/required_status_checks/contexts
 func (s *RepositoriesService) ListRequiredStatusChecksContexts(ctx context.Context, owner, repo, branch string) (contexts []string, resp *Response, err error) {
 	u := fmt.Sprintf("repos/%v/%v/branches/%v/protection/required_status_checks/contexts", owner, repo, url.PathEscape(branch))
 	req, err := s.client.NewRequest("GET", u, nil)
@@ -1403,7 +1548,9 @@ func (s *RepositoriesService) ListRequiredStatusChecksContexts(ctx context.Conte
 //
 // Note: the branch name is URL path escaped for you. See: https://pkg.go.dev/net/url#PathEscape .
 //
-// GitHub API docs: https://docs.github.com/en/rest/branches/branch-protection#update-branch-protection
+// GitHub API docs: https://docs.github.com/rest/branches/branch-protection#update-branch-protection
+//
+//meta:operation PUT /repos/{owner}/{repo}/branches/{branch}/protection
 func (s *RepositoriesService) UpdateBranchProtection(ctx context.Context, owner, repo, branch string, preq *ProtectionRequest) (*Protection, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/branches/%v/protection", owner, repo, url.PathEscape(branch))
 	req, err := s.client.NewRequest("PUT", u, preq)
@@ -1427,7 +1574,9 @@ func (s *RepositoriesService) UpdateBranchProtection(ctx context.Context, owner,
 //
 // Note: the branch name is URL path escaped for you. See: https://pkg.go.dev/net/url#PathEscape .
 //
-// GitHub API docs: https://docs.github.com/en/rest/branches/branch-protection#delete-branch-protection
+// GitHub API docs: https://docs.github.com/rest/branches/branch-protection#delete-branch-protection
+//
+//meta:operation DELETE /repos/{owner}/{repo}/branches/{branch}/protection
 func (s *RepositoriesService) RemoveBranchProtection(ctx context.Context, owner, repo, branch string) (*Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/branches/%v/protection", owner, repo, url.PathEscape(branch))
 	req, err := s.client.NewRequest("DELETE", u, nil)
@@ -1442,7 +1591,9 @@ func (s *RepositoriesService) RemoveBranchProtection(ctx context.Context, owner,
 //
 // Note: the branch name is URL path escaped for you. See: https://pkg.go.dev/net/url#PathEscape .
 //
-// GitHub API docs: https://docs.github.com/en/rest/branches/branch-protection#get-commit-signature-protection
+// GitHub API docs: https://docs.github.com/rest/branches/branch-protection#get-commit-signature-protection
+//
+//meta:operation GET /repos/{owner}/{repo}/branches/{branch}/protection/required_signatures
 func (s *RepositoriesService) GetSignaturesProtectedBranch(ctx context.Context, owner, repo, branch string) (*SignaturesProtectedBranch, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/branches/%v/protection/required_signatures", owner, repo, url.PathEscape(branch))
 	req, err := s.client.NewRequest("GET", u, nil)
@@ -1467,7 +1618,9 @@ func (s *RepositoriesService) GetSignaturesProtectedBranch(ctx context.Context,
 //
 // Note: the branch name is URL path escaped for you. See: https://pkg.go.dev/net/url#PathEscape .
 //
-// GitHub API docs: https://docs.github.com/en/rest/branches/branch-protection#create-commit-signature-protection
+// GitHub API docs: https://docs.github.com/rest/branches/branch-protection#create-commit-signature-protection
+//
+//meta:operation POST /repos/{owner}/{repo}/branches/{branch}/protection/required_signatures
 func (s *RepositoriesService) RequireSignaturesOnProtectedBranch(ctx context.Context, owner, repo, branch string) (*SignaturesProtectedBranch, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/branches/%v/protection/required_signatures", owner, repo, url.PathEscape(branch))
 	req, err := s.client.NewRequest("POST", u, nil)
@@ -1491,7 +1644,9 @@ func (s *RepositoriesService) RequireSignaturesOnProtectedBranch(ctx context.Con
 //
 // Note: the branch name is URL path escaped for you. See: https://pkg.go.dev/net/url#PathEscape .
 //
-// GitHub API docs: https://docs.github.com/en/rest/branches/branch-protection#delete-commit-signature-protection
+// GitHub API docs: https://docs.github.com/rest/branches/branch-protection#delete-commit-signature-protection
+//
+//meta:operation DELETE /repos/{owner}/{repo}/branches/{branch}/protection/required_signatures
 func (s *RepositoriesService) OptionalSignaturesOnProtectedBranch(ctx context.Context, owner, repo, branch string) (*Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/branches/%v/protection/required_signatures", owner, repo, url.PathEscape(branch))
 	req, err := s.client.NewRequest("DELETE", u, nil)
@@ -1509,7 +1664,9 @@ func (s *RepositoriesService) OptionalSignaturesOnProtectedBranch(ctx context.Co
 //
 // Note: the branch name is URL path escaped for you. See: https://pkg.go.dev/net/url#PathEscape .
 //
-// GitHub API docs: https://docs.github.com/en/rest/branches/branch-protection#update-status-check-protection
+// GitHub API docs: https://docs.github.com/rest/branches/branch-protection#update-status-check-protection
+//
+//meta:operation PATCH /repos/{owner}/{repo}/branches/{branch}/protection/required_status_checks
 func (s *RepositoriesService) UpdateRequiredStatusChecks(ctx context.Context, owner, repo, branch string, sreq *RequiredStatusChecksRequest) (*RequiredStatusChecks, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/branches/%v/protection/required_status_checks", owner, repo, url.PathEscape(branch))
 	req, err := s.client.NewRequest("PATCH", u, sreq)
@@ -1530,7 +1687,9 @@ func (s *RepositoriesService) UpdateRequiredStatusChecks(ctx context.Context, ow
 //
 // Note: the branch name is URL path escaped for you. See: https://pkg.go.dev/net/url#PathEscape .
 //
-// GitHub API docs: https://docs.github.com/en/rest/branches/branch-protection#remove-status-check-protection
+// GitHub API docs: https://docs.github.com/rest/branches/branch-protection#remove-status-check-protection
+//
+//meta:operation DELETE /repos/{owner}/{repo}/branches/{branch}/protection/required_status_checks
 func (s *RepositoriesService) RemoveRequiredStatusChecks(ctx context.Context, owner, repo, branch string) (*Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/branches/%v/protection/required_status_checks", owner, repo, url.PathEscape(branch))
 	req, err := s.client.NewRequest("DELETE", u, nil)
@@ -1543,7 +1702,9 @@ func (s *RepositoriesService) RemoveRequiredStatusChecks(ctx context.Context, ow
 
 // License gets the contents of a repository's license if one is detected.
 //
-// GitHub API docs: https://docs.github.com/en/rest/licenses#get-the-license-for-a-repository
+// GitHub API docs: https://docs.github.com/rest/licenses/licenses#get-the-license-for-a-repository
+//
+//meta:operation GET /repos/{owner}/{repo}/license
 func (s *RepositoriesService) License(ctx context.Context, owner, repo string) (*RepositoryLicense, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/license", owner, repo)
 	req, err := s.client.NewRequest("GET", u, nil)
@@ -1564,7 +1725,9 @@ func (s *RepositoriesService) License(ctx context.Context, owner, repo string) (
 //
 // Note: the branch name is URL path escaped for you. See: https://pkg.go.dev/net/url#PathEscape .
 //
-// GitHub API docs: https://docs.github.com/en/rest/branches/branch-protection#get-pull-request-review-protection
+// GitHub API docs: https://docs.github.com/rest/branches/branch-protection#get-pull-request-review-protection
+//
+//meta:operation GET /repos/{owner}/{repo}/branches/{branch}/protection/required_pull_request_reviews
 func (s *RepositoriesService) GetPullRequestReviewEnforcement(ctx context.Context, owner, repo, branch string) (*PullRequestReviewsEnforcement, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/branches/%v/protection/required_pull_request_reviews", owner, repo, url.PathEscape(branch))
 	req, err := s.client.NewRequest("GET", u, nil)
@@ -1589,7 +1752,9 @@ func (s *RepositoriesService) GetPullRequestReviewEnforcement(ctx context.Contex
 //
 // Note: the branch name is URL path escaped for you. See: https://pkg.go.dev/net/url#PathEscape .
 //
-// GitHub API docs: https://docs.github.com/en/rest/branches/branch-protection#update-pull-request-review-protection
+// GitHub API docs: https://docs.github.com/rest/branches/branch-protection#update-pull-request-review-protection
+//
+//meta:operation PATCH /repos/{owner}/{repo}/branches/{branch}/protection/required_pull_request_reviews
 func (s *RepositoriesService) UpdatePullRequestReviewEnforcement(ctx context.Context, owner, repo, branch string, patch *PullRequestReviewsEnforcementUpdate) (*PullRequestReviewsEnforcement, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/branches/%v/protection/required_pull_request_reviews", owner, repo, url.PathEscape(branch))
 	req, err := s.client.NewRequest("PATCH", u, patch)
@@ -1614,7 +1779,9 @@ func (s *RepositoriesService) UpdatePullRequestReviewEnforcement(ctx context.Con
 //
 // Note: the branch name is URL path escaped for you. See: https://pkg.go.dev/net/url#PathEscape .
 //
-// GitHub API docs: https://docs.github.com/en/rest/branches/branch-protection#update-pull-request-review-protection
+// GitHub API docs: https://docs.github.com/rest/branches/branch-protection#update-pull-request-review-protection
+//
+//meta:operation PATCH /repos/{owner}/{repo}/branches/{branch}/protection/required_pull_request_reviews
 func (s *RepositoriesService) DisableDismissalRestrictions(ctx context.Context, owner, repo, branch string) (*PullRequestReviewsEnforcement, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/branches/%v/protection/required_pull_request_reviews", owner, repo, url.PathEscape(branch))
 
@@ -1643,7 +1810,9 @@ func (s *RepositoriesService) DisableDismissalRestrictions(ctx context.Context,
 //
 // Note: the branch name is URL path escaped for you. See: https://pkg.go.dev/net/url#PathEscape .
 //
-// GitHub API docs: https://docs.github.com/en/rest/branches/branch-protection#delete-pull-request-review-protection
+// GitHub API docs: https://docs.github.com/rest/branches/branch-protection#delete-pull-request-review-protection
+//
+//meta:operation DELETE /repos/{owner}/{repo}/branches/{branch}/protection/required_pull_request_reviews
 func (s *RepositoriesService) RemovePullRequestReviewEnforcement(ctx context.Context, owner, repo, branch string) (*Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/branches/%v/protection/required_pull_request_reviews", owner, repo, url.PathEscape(branch))
 	req, err := s.client.NewRequest("DELETE", u, nil)
@@ -1658,7 +1827,9 @@ func (s *RepositoriesService) RemovePullRequestReviewEnforcement(ctx context.Con
 //
 // Note: the branch name is URL path escaped for you. See: https://pkg.go.dev/net/url#PathEscape .
 //
-// GitHub API docs: https://docs.github.com/en/rest/branches/branch-protection#get-admin-branch-protection
+// GitHub API docs: https://docs.github.com/rest/branches/branch-protection#get-admin-branch-protection
+//
+//meta:operation GET /repos/{owner}/{repo}/branches/{branch}/protection/enforce_admins
 func (s *RepositoriesService) GetAdminEnforcement(ctx context.Context, owner, repo, branch string) (*AdminEnforcement, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/branches/%v/protection/enforce_admins", owner, repo, url.PathEscape(branch))
 	req, err := s.client.NewRequest("GET", u, nil)
@@ -1680,7 +1851,9 @@ func (s *RepositoriesService) GetAdminEnforcement(ctx context.Context, owner, re
 //
 // Note: the branch name is URL path escaped for you. See: https://pkg.go.dev/net/url#PathEscape .
 //
-// GitHub API docs: https://docs.github.com/en/rest/branches/branch-protection#set-admin-branch-protection
+// GitHub API docs: https://docs.github.com/rest/branches/branch-protection#set-admin-branch-protection
+//
+//meta:operation POST /repos/{owner}/{repo}/branches/{branch}/protection/enforce_admins
 func (s *RepositoriesService) AddAdminEnforcement(ctx context.Context, owner, repo, branch string) (*AdminEnforcement, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/branches/%v/protection/enforce_admins", owner, repo, url.PathEscape(branch))
 	req, err := s.client.NewRequest("POST", u, nil)
@@ -1701,7 +1874,9 @@ func (s *RepositoriesService) AddAdminEnforcement(ctx context.Context, owner, re
 //
 // Note: the branch name is URL path escaped for you. See: https://pkg.go.dev/net/url#PathEscape .
 //
-// GitHub API docs: https://docs.github.com/en/rest/branches/branch-protection#delete-admin-branch-protection
+// GitHub API docs: https://docs.github.com/rest/branches/branch-protection#delete-admin-branch-protection
+//
+//meta:operation DELETE /repos/{owner}/{repo}/branches/{branch}/protection/enforce_admins
 func (s *RepositoriesService) RemoveAdminEnforcement(ctx context.Context, owner, repo, branch string) (*Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/branches/%v/protection/enforce_admins", owner, repo, url.PathEscape(branch))
 	req, err := s.client.NewRequest("DELETE", u, nil)
@@ -1719,7 +1894,9 @@ type repositoryTopics struct {
 
 // ListAllTopics lists topics for a repository.
 //
-// GitHub API docs: https://docs.github.com/en/rest/repos/repos#get-all-repository-topics
+// GitHub API docs: https://docs.github.com/rest/repos/repos#get-all-repository-topics
+//
+//meta:operation GET /repos/{owner}/{repo}/topics
 func (s *RepositoriesService) ListAllTopics(ctx context.Context, owner, repo string) ([]string, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/topics", owner, repo)
 	req, err := s.client.NewRequest("GET", u, nil)
@@ -1741,7 +1918,9 @@ func (s *RepositoriesService) ListAllTopics(ctx context.Context, owner, repo str
 
 // ReplaceAllTopics replaces all repository topics.
 //
-// GitHub API docs: https://docs.github.com/en/rest/repos/repos#replace-all-repository-topics
+// GitHub API docs: https://docs.github.com/rest/repos/repos#replace-all-repository-topics
+//
+//meta:operation PUT /repos/{owner}/{repo}/topics
 func (s *RepositoriesService) ReplaceAllTopics(ctx context.Context, owner, repo string, topics []string) ([]string, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/topics", owner, repo)
 	t := &repositoryTopics{
@@ -1772,9 +1951,11 @@ func (s *RepositoriesService) ReplaceAllTopics(ctx context.Context, owner, repo
 //
 // Note: the branch name is URL path escaped for you. See: https://pkg.go.dev/net/url#PathEscape .
 //
-// GitHub API docs: https://docs.github.com/en/rest/branches/branch-protection#get-apps-with-access-to-the-protected-branch
-//
 // Deprecated: Please use ListAppRestrictions instead.
+//
+// GitHub API docs: https://docs.github.com/rest/branches/branch-protection#get-apps-with-access-to-the-protected-branch
+//
+//meta:operation GET /repos/{owner}/{repo}/branches/{branch}/protection/restrictions/apps
 func (s *RepositoriesService) ListApps(ctx context.Context, owner, repo, branch string) ([]*App, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/branches/%v/protection/restrictions/apps", owner, repo, url.PathEscape(branch))
 	req, err := s.client.NewRequest("GET", u, nil)
@@ -1794,9 +1975,11 @@ func (s *RepositoriesService) ListApps(ctx context.Context, owner, repo, branch
 // ListAppRestrictions lists the GitHub apps that have push access to a given protected branch.
 // It requires the GitHub apps to have `write` access to the `content` permission.
 //
-// GitHub API docs: https://docs.github.com/en/rest/branches/branch-protection#get-apps-with-access-to-the-protected-branch
-//
 // Note: This is a wrapper around ListApps so a naming convention with ListUserRestrictions and ListTeamRestrictions is preserved.
+//
+// GitHub API docs: https://docs.github.com/rest/branches/branch-protection#get-apps-with-access-to-the-protected-branch
+//
+//meta:operation GET /repos/{owner}/{repo}/branches/{branch}/protection/restrictions/apps
 func (s *RepositoriesService) ListAppRestrictions(ctx context.Context, owner, repo, branch string) ([]*App, *Response, error) {
 	return s.ListApps(ctx, owner, repo, branch)
 }
@@ -1809,7 +1992,9 @@ func (s *RepositoriesService) ListAppRestrictions(ctx context.Context, owner, re
 //
 // Note: the branch name is URL path escaped for you. See: https://pkg.go.dev/net/url#PathEscape .
 //
-// GitHub API docs: https://docs.github.com/en/rest/branches/branch-protection#set-app-access-restrictions
+// GitHub API docs: https://docs.github.com/rest/branches/branch-protection#set-app-access-restrictions
+//
+//meta:operation PUT /repos/{owner}/{repo}/branches/{branch}/protection/restrictions/apps
 func (s *RepositoriesService) ReplaceAppRestrictions(ctx context.Context, owner, repo, branch string, apps []string) ([]*App, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/branches/%v/protection/restrictions/apps", owner, repo, url.PathEscape(branch))
 	req, err := s.client.NewRequest("PUT", u, apps)
@@ -1833,7 +2018,9 @@ func (s *RepositoriesService) ReplaceAppRestrictions(ctx context.Context, owner,
 //
 // Note: the branch name is URL path escaped for you. See: https://pkg.go.dev/net/url#PathEscape .
 //
-// GitHub API docs: https://docs.github.com/en/rest/branches/branch-protection#add-app-access-restrictions
+// GitHub API docs: https://docs.github.com/rest/branches/branch-protection#add-app-access-restrictions
+//
+//meta:operation POST /repos/{owner}/{repo}/branches/{branch}/protection/restrictions/apps
 func (s *RepositoriesService) AddAppRestrictions(ctx context.Context, owner, repo, branch string, apps []string) ([]*App, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/branches/%v/protection/restrictions/apps", owner, repo, url.PathEscape(branch))
 	req, err := s.client.NewRequest("POST", u, apps)
@@ -1857,7 +2044,9 @@ func (s *RepositoriesService) AddAppRestrictions(ctx context.Context, owner, rep
 //
 // Note: the branch name is URL path escaped for you. See: https://pkg.go.dev/net/url#PathEscape .
 //
-// GitHub API docs: https://docs.github.com/en/rest/branches/branch-protection#remove-app-access-restrictions
+// GitHub API docs: https://docs.github.com/rest/branches/branch-protection#remove-app-access-restrictions
+//
+//meta:operation DELETE /repos/{owner}/{repo}/branches/{branch}/protection/restrictions/apps
 func (s *RepositoriesService) RemoveAppRestrictions(ctx context.Context, owner, repo, branch string, apps []string) ([]*App, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/branches/%v/protection/restrictions/apps", owner, repo, url.PathEscape(branch))
 	req, err := s.client.NewRequest("DELETE", u, apps)
@@ -1879,7 +2068,9 @@ func (s *RepositoriesService) RemoveAppRestrictions(ctx context.Context, owner,
 //
 // Note: the branch name is URL path escaped for you. See: https://pkg.go.dev/net/url#PathEscape .
 //
-// GitHub API docs: https://docs.github.com/en/rest/branches/branch-protection#get-teams-with-access-to-the-protected-branch
+// GitHub API docs: https://docs.github.com/rest/branches/branch-protection#get-teams-with-access-to-the-protected-branch
+//
+//meta:operation GET /repos/{owner}/{repo}/branches/{branch}/protection/restrictions/teams
 func (s *RepositoriesService) ListTeamRestrictions(ctx context.Context, owner, repo, branch string) ([]*Team, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/branches/%v/protection/restrictions/teams", owner, repo, url.PathEscape(branch))
 	req, err := s.client.NewRequest("GET", u, nil)
@@ -1904,7 +2095,9 @@ func (s *RepositoriesService) ListTeamRestrictions(ctx context.Context, owner, r
 //
 // Note: the branch name is URL path escaped for you. See: https://pkg.go.dev/net/url#PathEscape .
 //
-// GitHub API docs: https://docs.github.com/en/rest/branches/branch-protection#set-team-access-restrictions
+// GitHub API docs: https://docs.github.com/rest/branches/branch-protection#set-team-access-restrictions
+//
+//meta:operation PUT /repos/{owner}/{repo}/branches/{branch}/protection/restrictions/teams
 func (s *RepositoriesService) ReplaceTeamRestrictions(ctx context.Context, owner, repo, branch string, teams []string) ([]*Team, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/branches/%v/protection/restrictions/teams", owner, repo, url.PathEscape(branch))
 	req, err := s.client.NewRequest("PUT", u, teams)
@@ -1928,7 +2121,9 @@ func (s *RepositoriesService) ReplaceTeamRestrictions(ctx context.Context, owner
 //
 // Note: the branch name is URL path escaped for you. See: https://pkg.go.dev/net/url#PathEscape .
 //
-// GitHub API docs: https://docs.github.com/en/rest/branches/branch-protection#add-team-access-restrictions
+// GitHub API docs: https://docs.github.com/rest/branches/branch-protection#add-team-access-restrictions
+//
+//meta:operation POST /repos/{owner}/{repo}/branches/{branch}/protection/restrictions/teams
 func (s *RepositoriesService) AddTeamRestrictions(ctx context.Context, owner, repo, branch string, teams []string) ([]*Team, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/branches/%v/protection/restrictions/teams", owner, repo, url.PathEscape(branch))
 	req, err := s.client.NewRequest("POST", u, teams)
@@ -1952,7 +2147,9 @@ func (s *RepositoriesService) AddTeamRestrictions(ctx context.Context, owner, re
 //
 // Note: the branch name is URL path escaped for you. See: https://pkg.go.dev/net/url#PathEscape .
 //
-// GitHub API docs: https://docs.github.com/en/rest/branches/branch-protection#remove-team-access-restrictions
+// GitHub API docs: https://docs.github.com/rest/branches/branch-protection#remove-team-access-restrictions
+//
+//meta:operation DELETE /repos/{owner}/{repo}/branches/{branch}/protection/restrictions/teams
 func (s *RepositoriesService) RemoveTeamRestrictions(ctx context.Context, owner, repo, branch string, teams []string) ([]*Team, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/branches/%v/protection/restrictions/teams", owner, repo, url.PathEscape(branch))
 	req, err := s.client.NewRequest("DELETE", u, teams)
@@ -1974,7 +2171,9 @@ func (s *RepositoriesService) RemoveTeamRestrictions(ctx context.Context, owner,
 //
 // Note: the branch name is URL path escaped for you. See: https://pkg.go.dev/net/url#PathEscape .
 //
-// GitHub API docs: https://docs.github.com/en/rest/branches/branch-protection#get-users-with-access-to-the-protected-branch
+// GitHub API docs: https://docs.github.com/rest/branches/branch-protection#get-users-with-access-to-the-protected-branch
+//
+//meta:operation GET /repos/{owner}/{repo}/branches/{branch}/protection/restrictions/users
 func (s *RepositoriesService) ListUserRestrictions(ctx context.Context, owner, repo, branch string) ([]*User, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/branches/%v/protection/restrictions/users", owner, repo, url.PathEscape(branch))
 	req, err := s.client.NewRequest("GET", u, nil)
@@ -1999,7 +2198,9 @@ func (s *RepositoriesService) ListUserRestrictions(ctx context.Context, owner, r
 //
 // Note: the branch name is URL path escaped for you. See: https://pkg.go.dev/net/url#PathEscape .
 //
-// GitHub API docs: https://docs.github.com/en/rest/branches/branch-protection#set-team-access-restrictions
+// GitHub API docs: https://docs.github.com/rest/branches/branch-protection#set-user-access-restrictions
+//
+//meta:operation PUT /repos/{owner}/{repo}/branches/{branch}/protection/restrictions/users
 func (s *RepositoriesService) ReplaceUserRestrictions(ctx context.Context, owner, repo, branch string, users []string) ([]*User, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/branches/%v/protection/restrictions/users", owner, repo, url.PathEscape(branch))
 	req, err := s.client.NewRequest("PUT", u, users)
@@ -2023,7 +2224,9 @@ func (s *RepositoriesService) ReplaceUserRestrictions(ctx context.Context, owner
 //
 // Note: the branch name is URL path escaped for you. See: https://pkg.go.dev/net/url#PathEscape .
 //
-// GitHub API docs: https://docs.github.com/en/rest/branches/branch-protection#add-team-access-restrictions
+// GitHub API docs: https://docs.github.com/rest/branches/branch-protection#add-user-access-restrictions
+//
+//meta:operation POST /repos/{owner}/{repo}/branches/{branch}/protection/restrictions/users
 func (s *RepositoriesService) AddUserRestrictions(ctx context.Context, owner, repo, branch string, users []string) ([]*User, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/branches/%v/protection/restrictions/users", owner, repo, url.PathEscape(branch))
 	req, err := s.client.NewRequest("POST", u, users)
@@ -2047,7 +2250,9 @@ func (s *RepositoriesService) AddUserRestrictions(ctx context.Context, owner, re
 //
 // Note: the branch name is URL path escaped for you. See: https://pkg.go.dev/net/url#PathEscape .
 //
-// GitHub API docs: https://docs.github.com/en/rest/branches/branch-protection#remove-team-access-restrictions
+// GitHub API docs: https://docs.github.com/rest/branches/branch-protection#remove-user-access-restrictions
+//
+//meta:operation DELETE /repos/{owner}/{repo}/branches/{branch}/protection/restrictions/users
 func (s *RepositoriesService) RemoveUserRestrictions(ctx context.Context, owner, repo, branch string, users []string) ([]*User, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/branches/%v/protection/restrictions/users", owner, repo, url.PathEscape(branch))
 	req, err := s.client.NewRequest("DELETE", u, users)
@@ -2079,7 +2284,9 @@ type TransferRequest struct {
 // A follow up request, after a delay of a second or so, should result
 // in a successful request.
 //
-// GitHub API docs: https://docs.github.com/en/rest/repos/repos#transfer-a-repository
+// GitHub API docs: https://docs.github.com/rest/repos/repos#transfer-a-repository
+//
+//meta:operation POST /repos/{owner}/{repo}/transfer
 func (s *RepositoriesService) Transfer(ctx context.Context, owner, repo string, transfer TransferRequest) (*Repository, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/transfer", owner, repo)
 
@@ -2108,7 +2315,9 @@ type DispatchRequestOptions struct {
 
 // Dispatch triggers a repository_dispatch event in a GitHub Actions workflow.
 //
-// GitHub API docs: https://docs.github.com/en/rest/repos/repos#create-a-repository-dispatch-event
+// GitHub API docs: https://docs.github.com/rest/repos/repos#create-a-repository-dispatch-event
+//
+//meta:operation POST /repos/{owner}/{repo}/dispatches
 func (s *RepositoriesService) Dispatch(ctx context.Context, owner, repo string, opts DispatchRequestOptions) (*Repository, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/dispatches", owner, repo)
 
@@ -2136,7 +2345,9 @@ func isBranchNotProtected(err error) bool {
 // EnablePrivateReporting enables private reporting of vulnerabilities for a
 // repository.
 //
-// GitHub API docs: https://docs.github.com/en/rest/repos/repos#enable-private-vulnerability-reporting-for-a-repository
+// GitHub API docs: https://docs.github.com/rest/repos/repos#enable-private-vulnerability-reporting-for-a-repository
+//
+//meta:operation PUT /repos/{owner}/{repo}/private-vulnerability-reporting
 func (s *RepositoriesService) EnablePrivateReporting(ctx context.Context, owner, repo string) (*Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/private-vulnerability-reporting", owner, repo)
 
@@ -2156,7 +2367,9 @@ func (s *RepositoriesService) EnablePrivateReporting(ctx context.Context, owner,
 // DisablePrivateReporting disables private reporting of vulnerabilities for a
 // repository.
 //
-// GitHub API docs: https://docs.github.com/en/rest/repos/repos#disable-private-vulnerability-reporting-for-a-repository
+// GitHub API docs: https://docs.github.com/rest/repos/repos#disable-private-vulnerability-reporting-for-a-repository
+//
+//meta:operation DELETE /repos/{owner}/{repo}/private-vulnerability-reporting
 func (s *RepositoriesService) DisablePrivateReporting(ctx context.Context, owner, repo string) (*Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/private-vulnerability-reporting", owner, repo)
 
diff --git a/vendor/github.com/google/go-github/v56/github/repos_actions_access.go b/vendor/github.com/google/go-github/v57/github/repos_actions_access.go
similarity index 76%
rename from vendor/github.com/google/go-github/v56/github/repos_actions_access.go
rename to vendor/github.com/google/go-github/v57/github/repos_actions_access.go
index 55761eeb7ee..2da1f01cc26 100644
--- a/vendor/github.com/google/go-github/v56/github/repos_actions_access.go
+++ b/vendor/github.com/google/go-github/v57/github/repos_actions_access.go
@@ -12,7 +12,7 @@ import (
 
 // RepositoryActionsAccessLevel represents the repository actions access level.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/permissions#set-the-level-of-access-for-workflows-outside-of-the-repository
+// GitHub API docs: https://docs.github.com/rest/actions/permissions#set-the-level-of-access-for-workflows-outside-of-the-repository
 type RepositoryActionsAccessLevel struct {
 	// AccessLevel specifies the level of access that workflows outside of the repository have
 	// to actions and reusable workflows within the repository.
@@ -23,7 +23,9 @@ type RepositoryActionsAccessLevel struct {
 // GetActionsAccessLevel gets the level of access that workflows outside of the repository have
 // to actions and reusable workflows in the repository.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/permissions#get-the-level-of-access-for-workflows-outside-of-the-repository
+// GitHub API docs: https://docs.github.com/rest/actions/permissions#get-the-level-of-access-for-workflows-outside-of-the-repository
+//
+//meta:operation GET /repos/{owner}/{repo}/actions/permissions/access
 func (s *RepositoriesService) GetActionsAccessLevel(ctx context.Context, owner, repo string) (*RepositoryActionsAccessLevel, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/actions/permissions/access", owner, repo)
 	req, err := s.client.NewRequest("GET", u, nil)
@@ -43,7 +45,9 @@ func (s *RepositoriesService) GetActionsAccessLevel(ctx context.Context, owner,
 // EditActionsAccessLevel sets the level of access that workflows outside of the repository have
 // to actions and reusable workflows in the repository.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/permissions#set-the-level-of-access-for-workflows-outside-of-the-repository
+// GitHub API docs: https://docs.github.com/rest/actions/permissions#set-the-level-of-access-for-workflows-outside-of-the-repository
+//
+//meta:operation PUT /repos/{owner}/{repo}/actions/permissions/access
 func (s *RepositoriesService) EditActionsAccessLevel(ctx context.Context, owner, repo string, repositoryActionsAccessLevel RepositoryActionsAccessLevel) (*Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/actions/permissions/access", owner, repo)
 	req, err := s.client.NewRequest("PUT", u, repositoryActionsAccessLevel)
diff --git a/vendor/github.com/google/go-github/v56/github/repos_actions_allowed.go b/vendor/github.com/google/go-github/v57/github/repos_actions_allowed.go
similarity index 75%
rename from vendor/github.com/google/go-github/v56/github/repos_actions_allowed.go
rename to vendor/github.com/google/go-github/v57/github/repos_actions_allowed.go
index 25a46905839..e9ebff1d328 100644
--- a/vendor/github.com/google/go-github/v56/github/repos_actions_allowed.go
+++ b/vendor/github.com/google/go-github/v57/github/repos_actions_allowed.go
@@ -12,7 +12,9 @@ import (
 
 // GetActionsAllowed gets the allowed actions and reusable workflows for a repository.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/permissions#get-allowed-actions-and-reusable-workflows-for-a-repository
+// GitHub API docs: https://docs.github.com/rest/actions/permissions#get-allowed-actions-and-reusable-workflows-for-a-repository
+//
+//meta:operation GET /repos/{owner}/{repo}/actions/permissions/selected-actions
 func (s *RepositoriesService) GetActionsAllowed(ctx context.Context, org, repo string) (*ActionsAllowed, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/actions/permissions/selected-actions", org, repo)
 	req, err := s.client.NewRequest("GET", u, nil)
@@ -31,7 +33,9 @@ func (s *RepositoriesService) GetActionsAllowed(ctx context.Context, org, repo s
 
 // EditActionsAllowed sets the allowed actions and reusable workflows for a repository.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/permissions#set-allowed-actions-and-reusable-workflows-for-a-repository
+// GitHub API docs: https://docs.github.com/rest/actions/permissions#set-allowed-actions-and-reusable-workflows-for-a-repository
+//
+//meta:operation PUT /repos/{owner}/{repo}/actions/permissions/selected-actions
 func (s *RepositoriesService) EditActionsAllowed(ctx context.Context, org, repo string, actionsAllowed ActionsAllowed) (*ActionsAllowed, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/actions/permissions/selected-actions", org, repo)
 	req, err := s.client.NewRequest("PUT", u, actionsAllowed)
diff --git a/vendor/github.com/google/go-github/v56/github/repos_actions_permissions.go b/vendor/github.com/google/go-github/v57/github/repos_actions_permissions.go
similarity index 81%
rename from vendor/github.com/google/go-github/v56/github/repos_actions_permissions.go
rename to vendor/github.com/google/go-github/v57/github/repos_actions_permissions.go
index 45f844cec02..2dcc367de1c 100644
--- a/vendor/github.com/google/go-github/v56/github/repos_actions_permissions.go
+++ b/vendor/github.com/google/go-github/v57/github/repos_actions_permissions.go
@@ -12,7 +12,7 @@ import (
 
 // ActionsPermissionsRepository represents a policy for repositories and allowed actions in a repository.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/permissions
+// GitHub API docs: https://docs.github.com/rest/actions/permissions
 type ActionsPermissionsRepository struct {
 	Enabled            *bool   `json:"enabled,omitempty"`
 	AllowedActions     *string `json:"allowed_actions,omitempty"`
@@ -25,7 +25,9 @@ func (a ActionsPermissionsRepository) String() string {
 
 // GetActionsPermissions gets the GitHub Actions permissions policy for repositories and allowed actions in a repository.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/permissions#get-github-actions-permissions-for-a-repository
+// GitHub API docs: https://docs.github.com/rest/actions/permissions#get-github-actions-permissions-for-a-repository
+//
+//meta:operation GET /repos/{owner}/{repo}/actions/permissions
 func (s *RepositoriesService) GetActionsPermissions(ctx context.Context, owner, repo string) (*ActionsPermissionsRepository, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/actions/permissions", owner, repo)
 	req, err := s.client.NewRequest("GET", u, nil)
@@ -44,7 +46,9 @@ func (s *RepositoriesService) GetActionsPermissions(ctx context.Context, owner,
 
 // EditActionsPermissions sets the permissions policy for repositories and allowed actions in a repository.
 //
-// GitHub API docs: https://docs.github.com/en/rest/actions/permissions#set-github-actions-permissions-for-a-repository
+// GitHub API docs: https://docs.github.com/rest/actions/permissions#set-github-actions-permissions-for-a-repository
+//
+//meta:operation PUT /repos/{owner}/{repo}/actions/permissions
 func (s *RepositoriesService) EditActionsPermissions(ctx context.Context, owner, repo string, actionsPermissionsRepository ActionsPermissionsRepository) (*ActionsPermissionsRepository, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/actions/permissions", owner, repo)
 	req, err := s.client.NewRequest("PUT", u, actionsPermissionsRepository)
diff --git a/vendor/github.com/google/go-github/v56/github/repos_autolinks.go b/vendor/github.com/google/go-github/v57/github/repos_autolinks.go
similarity index 82%
rename from vendor/github.com/google/go-github/v56/github/repos_autolinks.go
rename to vendor/github.com/google/go-github/v57/github/repos_autolinks.go
index 0d2cec618f0..200605aa0b2 100644
--- a/vendor/github.com/google/go-github/v56/github/repos_autolinks.go
+++ b/vendor/github.com/google/go-github/v57/github/repos_autolinks.go
@@ -28,7 +28,9 @@ type Autolink struct {
 // ListAutolinks returns a list of autolinks configured for the given repository.
 // Information about autolinks are only available to repository administrators.
 //
-// GitHub API docs: https://docs.github.com/en/rest/repos/autolinks#list-all-autolinks-of-a-repository
+// GitHub API docs: https://docs.github.com/rest/repos/autolinks#list-all-autolinks-of-a-repository
+//
+//meta:operation GET /repos/{owner}/{repo}/autolinks
 func (s *RepositoriesService) ListAutolinks(ctx context.Context, owner, repo string, opts *ListOptions) ([]*Autolink, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/autolinks", owner, repo)
 	u, err := addOptions(u, opts)
@@ -53,7 +55,9 @@ func (s *RepositoriesService) ListAutolinks(ctx context.Context, owner, repo str
 // AddAutolink creates an autolink reference for a repository.
 // Users with admin access to the repository can create an autolink.
 //
-// GitHub API docs: https://docs.github.com/en/rest/repos/autolinks#create-an-autolink-reference-for-a-repository
+// GitHub API docs: https://docs.github.com/rest/repos/autolinks#create-an-autolink-reference-for-a-repository
+//
+//meta:operation POST /repos/{owner}/{repo}/autolinks
 func (s *RepositoriesService) AddAutolink(ctx context.Context, owner, repo string, opts *AutolinkOptions) (*Autolink, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/autolinks", owner, repo)
 	req, err := s.client.NewRequest("POST", u, opts)
@@ -72,7 +76,9 @@ func (s *RepositoriesService) AddAutolink(ctx context.Context, owner, repo strin
 // GetAutolink returns a single autolink reference by ID that was configured for the given repository.
 // Information about autolinks are only available to repository administrators.
 //
-// GitHub API docs: https://docs.github.com/en/rest/repos/autolinks#get-an-autolink-reference-of-a-repository
+// GitHub API docs: https://docs.github.com/rest/repos/autolinks#get-an-autolink-reference-of-a-repository
+//
+//meta:operation GET /repos/{owner}/{repo}/autolinks/{autolink_id}
 func (s *RepositoriesService) GetAutolink(ctx context.Context, owner, repo string, id int64) (*Autolink, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/autolinks/%v", owner, repo, id)
 
@@ -93,7 +99,9 @@ func (s *RepositoriesService) GetAutolink(ctx context.Context, owner, repo strin
 // DeleteAutolink deletes a single autolink reference by ID that was configured for the given repository.
 // Information about autolinks are only available to repository administrators.
 //
-// GitHub API docs: https://docs.github.com/en/rest/repos/autolinks#delete-an-autolink-reference-from-a-repository
+// GitHub API docs: https://docs.github.com/rest/repos/autolinks#delete-an-autolink-reference-from-a-repository
+//
+//meta:operation DELETE /repos/{owner}/{repo}/autolinks/{autolink_id}
 func (s *RepositoriesService) DeleteAutolink(ctx context.Context, owner, repo string, id int64) (*Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/autolinks/%v", owner, repo, id)
 	req, err := s.client.NewRequest("DELETE", u, nil)
diff --git a/vendor/github.com/google/go-github/v56/github/repos_codeowners.go b/vendor/github.com/google/go-github/v57/github/repos_codeowners.go
similarity index 92%
rename from vendor/github.com/google/go-github/v56/github/repos_codeowners.go
rename to vendor/github.com/google/go-github/v57/github/repos_codeowners.go
index 1c3f78abd9b..93eeae09b17 100644
--- a/vendor/github.com/google/go-github/v56/github/repos_codeowners.go
+++ b/vendor/github.com/google/go-github/v57/github/repos_codeowners.go
@@ -36,7 +36,9 @@ type CodeownersError struct {
 
 // GetCodeownersErrors lists any syntax errors that are detected in the CODEOWNERS file.
 //
-// GitHub API docs: https://docs.github.com/en/rest/repos/repos#list-codeowners-errors
+// GitHub API docs: https://docs.github.com/rest/repos/repos#list-codeowners-errors
+//
+//meta:operation GET /repos/{owner}/{repo}/codeowners/errors
 func (s *RepositoriesService) GetCodeownersErrors(ctx context.Context, owner, repo string, opts *GetCodeownersErrorsOptions) (*CodeownersErrors, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/codeowners/errors", owner, repo)
 	u, err := addOptions(u, opts)
diff --git a/vendor/github.com/google/go-github/v56/github/repos_collaborators.go b/vendor/github.com/google/go-github/v57/github/repos_collaborators.go
similarity index 84%
rename from vendor/github.com/google/go-github/v56/github/repos_collaborators.go
rename to vendor/github.com/google/go-github/v57/github/repos_collaborators.go
index c2396872f2e..15a4e77a2f1 100644
--- a/vendor/github.com/google/go-github/v56/github/repos_collaborators.go
+++ b/vendor/github.com/google/go-github/v57/github/repos_collaborators.go
@@ -34,7 +34,7 @@ type ListCollaboratorsOptions struct {
 }
 
 // CollaboratorInvitation represents an invitation created when adding a collaborator.
-// GitHub API docs: https://docs.github.com/en/rest/repos/collaborators/#response-when-a-new-invitation-is-created
+// GitHub API docs: https://docs.github.com/rest/repos/collaborators/#response-when-a-new-invitation-is-created
 type CollaboratorInvitation struct {
 	ID          *int64      `json:"id,omitempty"`
 	Repo        *Repository `json:"repository,omitempty"`
@@ -48,7 +48,9 @@ type CollaboratorInvitation struct {
 
 // ListCollaborators lists the GitHub users that have access to the repository.
 //
-// GitHub API docs: https://docs.github.com/en/rest/collaborators/collaborators#list-repository-collaborators
+// GitHub API docs: https://docs.github.com/rest/collaborators/collaborators#list-repository-collaborators
+//
+//meta:operation GET /repos/{owner}/{repo}/collaborators
 func (s *RepositoriesService) ListCollaborators(ctx context.Context, owner, repo string, opts *ListCollaboratorsOptions) ([]*User, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/collaborators", owner, repo)
 	u, err := addOptions(u, opts)
@@ -75,7 +77,9 @@ func (s *RepositoriesService) ListCollaborators(ctx context.Context, owner, repo
 // Note: This will return false if the user is not a collaborator OR the user
 // is not a GitHub user.
 //
-// GitHub API docs: https://docs.github.com/en/rest/collaborators/collaborators#check-if-a-user-is-a-repository-collaborator
+// GitHub API docs: https://docs.github.com/rest/collaborators/collaborators#check-if-a-user-is-a-repository-collaborator
+//
+//meta:operation GET /repos/{owner}/{repo}/collaborators/{username}
 func (s *RepositoriesService) IsCollaborator(ctx context.Context, owner, repo, user string) (bool, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/collaborators/%v", owner, repo, user)
 	req, err := s.client.NewRequest("GET", u, nil)
@@ -99,7 +103,9 @@ type RepositoryPermissionLevel struct {
 
 // GetPermissionLevel retrieves the specific permission level a collaborator has for a given repository.
 //
-// GitHub API docs: https://docs.github.com/en/rest/collaborators/collaborators#get-repository-permissions-for-a-user
+// GitHub API docs: https://docs.github.com/rest/collaborators/collaborators#get-repository-permissions-for-a-user
+//
+//meta:operation GET /repos/{owner}/{repo}/collaborators/{username}/permission
 func (s *RepositoriesService) GetPermissionLevel(ctx context.Context, owner, repo, user string) (*RepositoryPermissionLevel, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/collaborators/%v/permission", owner, repo, user)
 	req, err := s.client.NewRequest("GET", u, nil)
@@ -134,7 +140,9 @@ type RepositoryAddCollaboratorOptions struct {
 // AddCollaborator sends an invitation to the specified GitHub user
 // to become a collaborator to the given repo.
 //
-// GitHub API docs: https://docs.github.com/en/rest/collaborators/collaborators#add-a-repository-collaborator
+// GitHub API docs: https://docs.github.com/rest/collaborators/collaborators#add-a-repository-collaborator
+//
+//meta:operation PUT /repos/{owner}/{repo}/collaborators/{username}
 func (s *RepositoriesService) AddCollaborator(ctx context.Context, owner, repo, user string, opts *RepositoryAddCollaboratorOptions) (*CollaboratorInvitation, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/collaborators/%v", owner, repo, user)
 	req, err := s.client.NewRequest("PUT", u, opts)
@@ -154,7 +162,9 @@ func (s *RepositoriesService) AddCollaborator(ctx context.Context, owner, repo,
 // RemoveCollaborator removes the specified GitHub user as collaborator from the given repo.
 // Note: Does not return error if a valid user that is not a collaborator is removed.
 //
-// GitHub API docs: https://docs.github.com/en/rest/collaborators/collaborators#remove-a-repository-collaborator
+// GitHub API docs: https://docs.github.com/rest/collaborators/collaborators#remove-a-repository-collaborator
+//
+//meta:operation DELETE /repos/{owner}/{repo}/collaborators/{username}
 func (s *RepositoriesService) RemoveCollaborator(ctx context.Context, owner, repo, user string) (*Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/collaborators/%v", owner, repo, user)
 	req, err := s.client.NewRequest("DELETE", u, nil)
diff --git a/vendor/github.com/google/go-github/v56/github/repos_comments.go b/vendor/github.com/google/go-github/v57/github/repos_comments.go
similarity index 82%
rename from vendor/github.com/google/go-github/v56/github/repos_comments.go
rename to vendor/github.com/google/go-github/v57/github/repos_comments.go
index e282374e9e5..766a614cc12 100644
--- a/vendor/github.com/google/go-github/v56/github/repos_comments.go
+++ b/vendor/github.com/google/go-github/v57/github/repos_comments.go
@@ -35,7 +35,9 @@ func (r RepositoryComment) String() string {
 
 // ListComments lists all the comments for the repository.
 //
-// GitHub API docs: https://docs.github.com/en/rest/commits/comments#list-commit-comments-for-a-repository
+// GitHub API docs: https://docs.github.com/rest/commits/comments#list-commit-comments-for-a-repository
+//
+//meta:operation GET /repos/{owner}/{repo}/comments
 func (s *RepositoriesService) ListComments(ctx context.Context, owner, repo string, opts *ListOptions) ([]*RepositoryComment, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/comments", owner, repo)
 	u, err := addOptions(u, opts)
@@ -62,7 +64,9 @@ func (s *RepositoriesService) ListComments(ctx context.Context, owner, repo stri
 
 // ListCommitComments lists all the comments for a given commit SHA.
 //
-// GitHub API docs: https://docs.github.com/en/rest/commits/comments#list-commit-comments
+// GitHub API docs: https://docs.github.com/rest/commits/comments#list-commit-comments
+//
+//meta:operation GET /repos/{owner}/{repo}/commits/{commit_sha}/comments
 func (s *RepositoriesService) ListCommitComments(ctx context.Context, owner, repo, sha string, opts *ListOptions) ([]*RepositoryComment, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/commits/%v/comments", owner, repo, sha)
 	u, err := addOptions(u, opts)
@@ -90,7 +94,9 @@ func (s *RepositoriesService) ListCommitComments(ctx context.Context, owner, rep
 // CreateComment creates a comment for the given commit.
 // Note: GitHub allows for comments to be created for non-existing files and positions.
 //
-// GitHub API docs: https://docs.github.com/en/rest/commits/comments#create-a-commit-comment
+// GitHub API docs: https://docs.github.com/rest/commits/comments#create-a-commit-comment
+//
+//meta:operation POST /repos/{owner}/{repo}/commits/{commit_sha}/comments
 func (s *RepositoriesService) CreateComment(ctx context.Context, owner, repo, sha string, comment *RepositoryComment) (*RepositoryComment, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/commits/%v/comments", owner, repo, sha)
 	req, err := s.client.NewRequest("POST", u, comment)
@@ -109,7 +115,9 @@ func (s *RepositoriesService) CreateComment(ctx context.Context, owner, repo, sh
 
 // GetComment gets a single comment from a repository.
 //
-// GitHub API docs: https://docs.github.com/en/rest/commits/comments#get-a-commit-comment
+// GitHub API docs: https://docs.github.com/rest/commits/comments#get-a-commit-comment
+//
+//meta:operation GET /repos/{owner}/{repo}/comments/{comment_id}
 func (s *RepositoriesService) GetComment(ctx context.Context, owner, repo string, id int64) (*RepositoryComment, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/comments/%v", owner, repo, id)
 	req, err := s.client.NewRequest("GET", u, nil)
@@ -131,7 +139,9 @@ func (s *RepositoriesService) GetComment(ctx context.Context, owner, repo string
 
 // UpdateComment updates the body of a single comment.
 //
-// GitHub API docs: https://docs.github.com/en/rest/commits/comments#update-a-commit-comment
+// GitHub API docs: https://docs.github.com/rest/commits/comments#update-a-commit-comment
+//
+//meta:operation PATCH /repos/{owner}/{repo}/comments/{comment_id}
 func (s *RepositoriesService) UpdateComment(ctx context.Context, owner, repo string, id int64, comment *RepositoryComment) (*RepositoryComment, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/comments/%v", owner, repo, id)
 	req, err := s.client.NewRequest("PATCH", u, comment)
@@ -150,7 +160,9 @@ func (s *RepositoriesService) UpdateComment(ctx context.Context, owner, repo str
 
 // DeleteComment deletes a single comment from a repository.
 //
-// GitHub API docs: https://docs.github.com/en/rest/commits/comments#delete-a-commit-comment
+// GitHub API docs: https://docs.github.com/rest/commits/comments#delete-a-commit-comment
+//
+//meta:operation DELETE /repos/{owner}/{repo}/comments/{comment_id}
 func (s *RepositoriesService) DeleteComment(ctx context.Context, owner, repo string, id int64) (*Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/comments/%v", owner, repo, id)
 	req, err := s.client.NewRequest("DELETE", u, nil)
diff --git a/vendor/github.com/google/go-github/v56/github/repos_commits.go b/vendor/github.com/google/go-github/v57/github/repos_commits.go
similarity index 90%
rename from vendor/github.com/google/go-github/v56/github/repos_commits.go
rename to vendor/github.com/google/go-github/v57/github/repos_commits.go
index d1fb577c61c..cca7430cb51 100644
--- a/vendor/github.com/google/go-github/v56/github/repos_commits.go
+++ b/vendor/github.com/google/go-github/v57/github/repos_commits.go
@@ -124,7 +124,9 @@ type BranchCommit struct {
 
 // ListCommits lists the commits of a repository.
 //
-// GitHub API docs: https://docs.github.com/en/rest/commits/commits#list-commits
+// GitHub API docs: https://docs.github.com/rest/commits/commits#list-commits
+//
+//meta:operation GET /repos/{owner}/{repo}/commits
 func (s *RepositoriesService) ListCommits(ctx context.Context, owner, repo string, opts *CommitsListOptions) ([]*RepositoryCommit, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/commits", owner, repo)
 	u, err := addOptions(u, opts)
@@ -148,8 +150,9 @@ func (s *RepositoriesService) ListCommits(ctx context.Context, owner, repo strin
 
 // GetCommit fetches the specified commit, including all details about it.
 //
-// GitHub API docs: https://docs.github.com/en/rest/commits/commits#get-a-single-commit
-// GitHub API docs: https://docs.github.com/en/rest/commits/commits#get-a-commit
+// GitHub API docs: https://docs.github.com/rest/commits/commits#get-a-commit
+//
+//meta:operation GET /repos/{owner}/{repo}/commits/{ref}
 func (s *RepositoriesService) GetCommit(ctx context.Context, owner, repo, sha string, opts *ListOptions) (*RepositoryCommit, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/commits/%v", owner, repo, sha)
 	u, err := addOptions(u, opts)
@@ -173,7 +176,9 @@ func (s *RepositoriesService) GetCommit(ctx context.Context, owner, repo, sha st
 
 // GetCommitRaw fetches the specified commit in raw (diff or patch) format.
 //
-// GitHub API docs: https://docs.github.com/en/rest/commits/commits#get-a-commit
+// GitHub API docs: https://docs.github.com/rest/commits/commits#get-a-commit
+//
+//meta:operation GET /repos/{owner}/{repo}/commits/{ref}
 func (s *RepositoriesService) GetCommitRaw(ctx context.Context, owner string, repo string, sha string, opts RawOptions) (string, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/commits/%v", owner, repo, sha)
 	req, err := s.client.NewRequest("GET", u, nil)
@@ -202,7 +207,9 @@ func (s *RepositoriesService) GetCommitRaw(ctx context.Context, owner string, re
 // GetCommitSHA1 gets the SHA-1 of a commit reference. If a last-known SHA1 is
 // supplied and no new commits have occurred, a 304 Unmodified response is returned.
 //
-// GitHub API docs: https://docs.github.com/en/rest/commits/commits#get-a-commit
+// GitHub API docs: https://docs.github.com/rest/commits/commits#get-a-commit
+//
+//meta:operation GET /repos/{owner}/{repo}/commits/{ref}
 func (s *RepositoriesService) GetCommitSHA1(ctx context.Context, owner, repo, ref, lastSHA string) (string, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/commits/%v", owner, repo, refURLEscape(ref))
 
@@ -227,7 +234,9 @@ func (s *RepositoriesService) GetCommitSHA1(ctx context.Context, owner, repo, re
 
 // CompareCommits compares a range of commits with each other.
 //
-// GitHub API docs: https://docs.github.com/en/rest/commits/commits#compare-two-commits
+// GitHub API docs: https://docs.github.com/rest/commits/commits#compare-two-commits
+//
+//meta:operation GET /repos/{owner}/{repo}/compare/{basehead}
 func (s *RepositoriesService) CompareCommits(ctx context.Context, owner, repo string, base, head string, opts *ListOptions) (*CommitsComparison, *Response, error) {
 	escapedBase := url.QueryEscape(base)
 	escapedHead := url.QueryEscape(head)
@@ -258,7 +267,9 @@ func (s *RepositoriesService) CompareCommits(ctx context.Context, owner, repo st
 // To compare branches across other repositories in the same network as "repo",
 // use the format "<USERNAME>:branch".
 //
-// GitHub API docs: https://docs.github.com/en/rest/commits/commits#compare-two-commits
+// GitHub API docs: https://docs.github.com/rest/commits/commits#compare-two-commits
+//
+//meta:operation GET /repos/{owner}/{repo}/compare/{basehead}
 func (s *RepositoriesService) CompareCommitsRaw(ctx context.Context, owner, repo, base, head string, opts RawOptions) (string, *Response, error) {
 	escapedBase := url.QueryEscape(base)
 	escapedHead := url.QueryEscape(head)
@@ -291,7 +302,9 @@ func (s *RepositoriesService) CompareCommitsRaw(ctx context.Context, owner, repo
 // ListBranchesHeadCommit gets all branches where the given commit SHA is the HEAD,
 // or latest commit for the branch.
 //
-// GitHub API docs: https://docs.github.com/en/rest/commits/commits#list-branches-for-head-commit
+// GitHub API docs: https://docs.github.com/rest/commits/commits#list-branches-for-head-commit
+//
+//meta:operation GET /repos/{owner}/{repo}/commits/{commit_sha}/branches-where-head
 func (s *RepositoriesService) ListBranchesHeadCommit(ctx context.Context, owner, repo, sha string) ([]*BranchCommit, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/commits/%v/branches-where-head", owner, repo, sha)
 
diff --git a/vendor/github.com/google/go-github/v56/github/repos_community_health.go b/vendor/github.com/google/go-github/v57/github/repos_community_health.go
similarity index 92%
rename from vendor/github.com/google/go-github/v56/github/repos_community_health.go
rename to vendor/github.com/google/go-github/v57/github/repos_community_health.go
index 750ee158270..54d1b414ec9 100644
--- a/vendor/github.com/google/go-github/v56/github/repos_community_health.go
+++ b/vendor/github.com/google/go-github/v57/github/repos_community_health.go
@@ -43,7 +43,9 @@ type CommunityHealthMetrics struct {
 
 // GetCommunityHealthMetrics retrieves all the community health  metrics for a  repository.
 //
-// GitHub API docs: https://docs.github.com/en/rest/metrics/community#get-community-profile-metrics
+// GitHub API docs: https://docs.github.com/rest/metrics/community#get-community-profile-metrics
+//
+//meta:operation GET /repos/{owner}/{repo}/community/profile
 func (s *RepositoriesService) GetCommunityHealthMetrics(ctx context.Context, owner, repo string) (*CommunityHealthMetrics, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/community/profile", owner, repo)
 	req, err := s.client.NewRequest("GET", u, nil)
diff --git a/vendor/github.com/google/go-github/v56/github/repos_contents.go b/vendor/github.com/google/go-github/v57/github/repos_contents.go
similarity index 89%
rename from vendor/github.com/google/go-github/v56/github/repos_contents.go
rename to vendor/github.com/google/go-github/v57/github/repos_contents.go
index cfb4a6da22f..9539a5c4296 100644
--- a/vendor/github.com/google/go-github/v56/github/repos_contents.go
+++ b/vendor/github.com/google/go-github/v57/github/repos_contents.go
@@ -4,7 +4,7 @@
 // license that can be found in the LICENSE file.
 
 // Repository contents API methods.
-// GitHub API docs: https://docs.github.com/en/rest/repos/contents/
+// GitHub API docs: https://docs.github.com/rest/repos/contents/
 
 package github
 
@@ -100,7 +100,9 @@ func (r *RepositoryContent) GetContent() (string, error) {
 
 // GetReadme gets the Readme file for the repository.
 //
-// GitHub API docs: https://docs.github.com/en/rest/repos/contents#get-a-repository-readme
+// GitHub API docs: https://docs.github.com/rest/repos/contents#get-a-repository-readme
+//
+//meta:operation GET /repos/{owner}/{repo}/readme
 func (s *RepositoriesService) GetReadme(ctx context.Context, owner, repo string, opts *RepositoryContentGetOptions) (*RepositoryContent, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/readme", owner, repo)
 	u, err := addOptions(u, opts)
@@ -130,6 +132,10 @@ func (s *RepositoriesService) GetReadme(ctx context.Context, owner, repo string,
 // It is possible for the download to result in a failed response when the
 // returned error is nil. Callers should check the returned Response status
 // code to verify the content is from a successful response.
+//
+// GitHub API docs: https://docs.github.com/rest/repos/contents#get-repository-content
+//
+//meta:operation GET /repos/{owner}/{repo}/contents/{path}
 func (s *RepositoriesService) DownloadContents(ctx context.Context, owner, repo, filepath string, opts *RepositoryContentGetOptions) (io.ReadCloser, *Response, error) {
 	dir := path.Dir(filepath)
 	filename := path.Base(filepath)
@@ -164,6 +170,10 @@ func (s *RepositoriesService) DownloadContents(ctx context.Context, owner, repo,
 // It is possible for the download to result in a failed response when the
 // returned error is nil. Callers should check the returned Response status
 // code to verify the content is from a successful response.
+//
+// GitHub API docs: https://docs.github.com/rest/repos/contents#get-repository-content
+//
+//meta:operation GET /repos/{owner}/{repo}/contents/{path}
 func (s *RepositoriesService) DownloadContentsWithMeta(ctx context.Context, owner, repo, filepath string, opts *RepositoryContentGetOptions) (io.ReadCloser, *RepositoryContent, *Response, error) {
 	dir := path.Dir(filepath)
 	filename := path.Base(filepath)
@@ -200,7 +210,9 @@ func (s *RepositoriesService) DownloadContentsWithMeta(ctx context.Context, owne
 // Due to an auth vulnerability issue in the GitHub v3 API, ".." is not allowed
 // to appear anywhere in the "path" or this method will return an error.
 //
-// GitHub API docs: https://docs.github.com/en/rest/repos/contents#get-repository-content
+// GitHub API docs: https://docs.github.com/rest/repos/contents#get-repository-content
+//
+//meta:operation GET /repos/{owner}/{repo}/contents/{path}
 func (s *RepositoriesService) GetContents(ctx context.Context, owner, repo, path string, opts *RepositoryContentGetOptions) (fileContent *RepositoryContent, directoryContent []*RepositoryContent, resp *Response, err error) {
 	if strings.Contains(path, "..") {
 		return nil, nil, nil, ErrPathForbidden
@@ -240,7 +252,9 @@ func (s *RepositoriesService) GetContents(ctx context.Context, owner, repo, path
 // CreateFile creates a new file in a repository at the given path and returns
 // the commit and file metadata.
 //
-// GitHub API docs: https://docs.github.com/en/rest/repos/contents#create-or-update-file-contents
+// GitHub API docs: https://docs.github.com/rest/repos/contents#create-or-update-file-contents
+//
+//meta:operation PUT /repos/{owner}/{repo}/contents/{path}
 func (s *RepositoriesService) CreateFile(ctx context.Context, owner, repo, path string, opts *RepositoryContentFileOptions) (*RepositoryContentResponse, *Response, error) {
 	u := fmt.Sprintf("repos/%s/%s/contents/%s", owner, repo, path)
 	req, err := s.client.NewRequest("PUT", u, opts)
@@ -260,7 +274,9 @@ func (s *RepositoriesService) CreateFile(ctx context.Context, owner, repo, path
 // UpdateFile updates a file in a repository at the given path and returns the
 // commit and file metadata. Requires the blob SHA of the file being updated.
 //
-// GitHub API docs: https://docs.github.com/en/rest/repos/contents#create-or-update-file-contents
+// GitHub API docs: https://docs.github.com/rest/repos/contents#create-or-update-file-contents
+//
+//meta:operation PUT /repos/{owner}/{repo}/contents/{path}
 func (s *RepositoriesService) UpdateFile(ctx context.Context, owner, repo, path string, opts *RepositoryContentFileOptions) (*RepositoryContentResponse, *Response, error) {
 	u := fmt.Sprintf("repos/%s/%s/contents/%s", owner, repo, path)
 	req, err := s.client.NewRequest("PUT", u, opts)
@@ -280,7 +296,9 @@ func (s *RepositoriesService) UpdateFile(ctx context.Context, owner, repo, path
 // DeleteFile deletes a file from a repository and returns the commit.
 // Requires the blob SHA of the file to be deleted.
 //
-// GitHub API docs: https://docs.github.com/en/rest/repos/contents#delete-a-file
+// GitHub API docs: https://docs.github.com/rest/repos/contents#delete-a-file
+//
+//meta:operation DELETE /repos/{owner}/{repo}/contents/{path}
 func (s *RepositoriesService) DeleteFile(ctx context.Context, owner, repo, path string, opts *RepositoryContentFileOptions) (*RepositoryContentResponse, *Response, error) {
 	u := fmt.Sprintf("repos/%s/%s/contents/%s", owner, repo, path)
 	req, err := s.client.NewRequest("DELETE", u, opts)
@@ -312,7 +330,11 @@ const (
 // repository. The archiveFormat can be specified by either the github.Tarball
 // or github.Zipball constant.
 //
-// GitHub API docs: https://docs.github.com/en/rest/repos/contents/#get-archive-link
+// GitHub API docs: https://docs.github.com/rest/repos/contents#download-a-repository-archive-tar
+// GitHub API docs: https://docs.github.com/rest/repos/contents#download-a-repository-archive-zip
+//
+//meta:operation GET /repos/{owner}/{repo}/tarball/{ref}
+//meta:operation GET /repos/{owner}/{repo}/zipball/{ref}
 func (s *RepositoriesService) GetArchiveLink(ctx context.Context, owner, repo string, archiveformat ArchiveFormat, opts *RepositoryContentGetOptions, maxRedirects int) (*url.URL, *Response, error) {
 	u := fmt.Sprintf("repos/%s/%s/%s", owner, repo, archiveformat)
 	if opts != nil && opts.Ref != "" {
diff --git a/vendor/github.com/google/go-github/v56/github/repos_deployment_branch_policies.go b/vendor/github.com/google/go-github/v57/github/repos_deployment_branch_policies.go
similarity index 78%
rename from vendor/github.com/google/go-github/v56/github/repos_deployment_branch_policies.go
rename to vendor/github.com/google/go-github/v57/github/repos_deployment_branch_policies.go
index 32bf72ccab5..77ac73e44e1 100644
--- a/vendor/github.com/google/go-github/v56/github/repos_deployment_branch_policies.go
+++ b/vendor/github.com/google/go-github/v57/github/repos_deployment_branch_policies.go
@@ -32,7 +32,9 @@ type DeploymentBranchPolicyRequest struct {
 
 // ListDeploymentBranchPolicies lists the deployment branch policies for an environment.
 //
-// GitHub API docs: https://docs.github.com/en/rest/deployments/branch-policies#list-deployment-branch-policies
+// GitHub API docs: https://docs.github.com/rest/deployments/branch-policies#list-deployment-branch-policies
+//
+//meta:operation GET /repos/{owner}/{repo}/environments/{environment_name}/deployment-branch-policies
 func (s *RepositoriesService) ListDeploymentBranchPolicies(ctx context.Context, owner, repo, environment string) (*DeploymentBranchPolicyResponse, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/environments/%v/deployment-branch-policies", owner, repo, environment)
 
@@ -52,7 +54,9 @@ func (s *RepositoriesService) ListDeploymentBranchPolicies(ctx context.Context,
 
 // GetDeploymentBranchPolicy gets a deployment branch policy for an environment.
 //
-// GitHub API docs: https://docs.github.com/en/rest/deployments/branch-policies#get-a-deployment-branch-policy
+// GitHub API docs: https://docs.github.com/rest/deployments/branch-policies#get-a-deployment-branch-policy
+//
+//meta:operation GET /repos/{owner}/{repo}/environments/{environment_name}/deployment-branch-policies/{branch_policy_id}
 func (s *RepositoriesService) GetDeploymentBranchPolicy(ctx context.Context, owner, repo, environment string, branchPolicyID int64) (*DeploymentBranchPolicy, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/environments/%v/deployment-branch-policies/%v", owner, repo, environment, branchPolicyID)
 
@@ -72,7 +76,9 @@ func (s *RepositoriesService) GetDeploymentBranchPolicy(ctx context.Context, own
 
 // CreateDeploymentBranchPolicy creates a deployment branch policy for an environment.
 //
-// GitHub API docs: https://docs.github.com/en/rest/deployments/branch-policies#create-a-deployment-branch-policy
+// GitHub API docs: https://docs.github.com/rest/deployments/branch-policies#create-a-deployment-branch-policy
+//
+//meta:operation POST /repos/{owner}/{repo}/environments/{environment_name}/deployment-branch-policies
 func (s *RepositoriesService) CreateDeploymentBranchPolicy(ctx context.Context, owner, repo, environment string, request *DeploymentBranchPolicyRequest) (*DeploymentBranchPolicy, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/environments/%v/deployment-branch-policies", owner, repo, environment)
 
@@ -92,7 +98,9 @@ func (s *RepositoriesService) CreateDeploymentBranchPolicy(ctx context.Context,
 
 // UpdateDeploymentBranchPolicy updates a deployment branch policy for an environment.
 //
-// GitHub API docs: https://docs.github.com/en/rest/deployments/branch-policies#update-a-deployment-branch-policy
+// GitHub API docs: https://docs.github.com/rest/deployments/branch-policies#update-a-deployment-branch-policy
+//
+//meta:operation PUT /repos/{owner}/{repo}/environments/{environment_name}/deployment-branch-policies/{branch_policy_id}
 func (s *RepositoriesService) UpdateDeploymentBranchPolicy(ctx context.Context, owner, repo, environment string, branchPolicyID int64, request *DeploymentBranchPolicyRequest) (*DeploymentBranchPolicy, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/environments/%v/deployment-branch-policies/%v", owner, repo, environment, branchPolicyID)
 
@@ -112,7 +120,9 @@ func (s *RepositoriesService) UpdateDeploymentBranchPolicy(ctx context.Context,
 
 // DeleteDeploymentBranchPolicy deletes a deployment branch policy for an environment.
 //
-// GitHub API docs: https://docs.github.com/en/rest/deployments/branch-policies#delete-a-deployment-branch-policy
+// GitHub API docs: https://docs.github.com/rest/deployments/branch-policies#delete-a-deployment-branch-policy
+//
+//meta:operation DELETE /repos/{owner}/{repo}/environments/{environment_name}/deployment-branch-policies/{branch_policy_id}
 func (s *RepositoriesService) DeleteDeploymentBranchPolicy(ctx context.Context, owner, repo, environment string, branchPolicyID int64) (*Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/environments/%v/deployment-branch-policies/%v", owner, repo, environment, branchPolicyID)
 
diff --git a/vendor/github.com/google/go-github/v56/github/repos_deployments.go b/vendor/github.com/google/go-github/v57/github/repos_deployments.go
similarity index 87%
rename from vendor/github.com/google/go-github/v56/github/repos_deployments.go
rename to vendor/github.com/google/go-github/v57/github/repos_deployments.go
index 36445f895e2..d8c0b63218e 100644
--- a/vendor/github.com/google/go-github/v56/github/repos_deployments.go
+++ b/vendor/github.com/google/go-github/v57/github/repos_deployments.go
@@ -63,7 +63,9 @@ type DeploymentsListOptions struct {
 
 // ListDeployments lists the deployments of a repository.
 //
-// GitHub API docs: https://docs.github.com/en/rest/deployments/deployments#list-deployments
+// GitHub API docs: https://docs.github.com/rest/deployments/deployments#list-deployments
+//
+//meta:operation GET /repos/{owner}/{repo}/deployments
 func (s *RepositoriesService) ListDeployments(ctx context.Context, owner, repo string, opts *DeploymentsListOptions) ([]*Deployment, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/deployments", owner, repo)
 	u, err := addOptions(u, opts)
@@ -87,7 +89,9 @@ func (s *RepositoriesService) ListDeployments(ctx context.Context, owner, repo s
 
 // GetDeployment returns a single deployment of a repository.
 //
-// GitHub API docs: https://docs.github.com/en/rest/deployments/deployments#get-a-deployment
+// GitHub API docs: https://docs.github.com/rest/deployments/deployments#get-a-deployment
+//
+//meta:operation GET /repos/{owner}/{repo}/deployments/{deployment_id}
 func (s *RepositoriesService) GetDeployment(ctx context.Context, owner, repo string, deploymentID int64) (*Deployment, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/deployments/%v", owner, repo, deploymentID)
 
@@ -107,7 +111,9 @@ func (s *RepositoriesService) GetDeployment(ctx context.Context, owner, repo str
 
 // CreateDeployment creates a new deployment for a repository.
 //
-// GitHub API docs: https://docs.github.com/en/rest/deployments/deployments#create-a-deployment
+// GitHub API docs: https://docs.github.com/rest/deployments/deployments#create-a-deployment
+//
+//meta:operation POST /repos/{owner}/{repo}/deployments
 func (s *RepositoriesService) CreateDeployment(ctx context.Context, owner, repo string, request *DeploymentRequest) (*Deployment, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/deployments", owner, repo)
 
@@ -131,7 +137,9 @@ func (s *RepositoriesService) CreateDeployment(ctx context.Context, owner, repo
 
 // DeleteDeployment deletes an existing deployment for a repository.
 //
-// GitHub API docs: https://docs.github.com/en/rest/deployments/deployments#delete-a-deployment
+// GitHub API docs: https://docs.github.com/rest/deployments/deployments#delete-a-deployment
+//
+//meta:operation DELETE /repos/{owner}/{repo}/deployments/{deployment_id}
 func (s *RepositoriesService) DeleteDeployment(ctx context.Context, owner, repo string, deploymentID int64) (*Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/deployments/%v", owner, repo, deploymentID)
 	req, err := s.client.NewRequest("DELETE", u, nil)
@@ -175,7 +183,9 @@ type DeploymentStatusRequest struct {
 
 // ListDeploymentStatuses lists the statuses of a given deployment of a repository.
 //
-// GitHub API docs: https://docs.github.com/en/rest/deployments/statuses#list-deployment-statuses
+// GitHub API docs: https://docs.github.com/rest/deployments/statuses#list-deployment-statuses
+//
+//meta:operation GET /repos/{owner}/{repo}/deployments/{deployment_id}/statuses
 func (s *RepositoriesService) ListDeploymentStatuses(ctx context.Context, owner, repo string, deployment int64, opts *ListOptions) ([]*DeploymentStatus, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/deployments/%v/statuses", owner, repo, deployment)
 	u, err := addOptions(u, opts)
@@ -203,7 +213,9 @@ func (s *RepositoriesService) ListDeploymentStatuses(ctx context.Context, owner,
 
 // GetDeploymentStatus returns a single deployment status of a repository.
 //
-// GitHub API docs: https://docs.github.com/en/rest/deployments/statuses#get-a-deployment-status
+// GitHub API docs: https://docs.github.com/rest/deployments/statuses#get-a-deployment-status
+//
+//meta:operation GET /repos/{owner}/{repo}/deployments/{deployment_id}/statuses/{status_id}
 func (s *RepositoriesService) GetDeploymentStatus(ctx context.Context, owner, repo string, deploymentID, deploymentStatusID int64) (*DeploymentStatus, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/deployments/%v/statuses/%v", owner, repo, deploymentID, deploymentStatusID)
 
@@ -227,7 +239,9 @@ func (s *RepositoriesService) GetDeploymentStatus(ctx context.Context, owner, re
 
 // CreateDeploymentStatus creates a new status for a deployment.
 //
-// GitHub API docs: https://docs.github.com/en/rest/deployments/statuses#create-a-deployment-status
+// GitHub API docs: https://docs.github.com/rest/deployments/statuses#create-a-deployment-status
+//
+//meta:operation POST /repos/{owner}/{repo}/deployments/{deployment_id}/statuses
 func (s *RepositoriesService) CreateDeploymentStatus(ctx context.Context, owner, repo string, deployment int64, request *DeploymentStatusRequest) (*DeploymentStatus, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/deployments/%v/statuses", owner, repo, deployment)
 
diff --git a/vendor/github.com/google/go-github/v56/github/repos_environments.go b/vendor/github.com/google/go-github/v57/github/repos_environments.go
similarity index 91%
rename from vendor/github.com/google/go-github/v56/github/repos_environments.go
rename to vendor/github.com/google/go-github/v57/github/repos_environments.go
index e22ca5cd1be..ed81e3a1f95 100644
--- a/vendor/github.com/google/go-github/v56/github/repos_environments.go
+++ b/vendor/github.com/google/go-github/v57/github/repos_environments.go
@@ -107,7 +107,9 @@ func (r *RequiredReviewer) UnmarshalJSON(data []byte) error {
 
 // ListEnvironments lists all environments for a repository.
 //
-// GitHub API docs: https://docs.github.com/en/rest/deployments/environments#get-all-environments
+// GitHub API docs: https://docs.github.com/rest/deployments/environments#list-environments
+//
+//meta:operation GET /repos/{owner}/{repo}/environments
 func (s *RepositoriesService) ListEnvironments(ctx context.Context, owner, repo string, opts *EnvironmentListOptions) (*EnvResponse, *Response, error) {
 	u := fmt.Sprintf("repos/%s/%s/environments", owner, repo)
 	u, err := addOptions(u, opts)
@@ -130,7 +132,9 @@ func (s *RepositoriesService) ListEnvironments(ctx context.Context, owner, repo
 
 // GetEnvironment get a single environment for a repository.
 //
-// GitHub API docs: https://docs.github.com/en/rest/deployments/environments#get-an-environment
+// GitHub API docs: https://docs.github.com/rest/deployments/environments#get-an-environment
+//
+//meta:operation GET /repos/{owner}/{repo}/environments/{environment_name}
 func (s *RepositoriesService) GetEnvironment(ctx context.Context, owner, repo, name string) (*Environment, *Response, error) {
 	u := fmt.Sprintf("repos/%s/%s/environments/%s", owner, repo, name)
 
@@ -178,7 +182,7 @@ type CreateUpdateEnvironment struct {
 }
 
 // createUpdateEnvironmentNoEnterprise represents the fields accepted for Pro/Teams private repos.
-// Ref: https://docs.github.com/en/actions/deployment/targeting-different-environments/using-environments-for-deployment
+// Ref: https://docs.github.com/actions/deployment/targeting-different-environments/using-environments-for-deployment
 // See https://github.com/google/go-github/issues/2602 for more information.
 type createUpdateEnvironmentNoEnterprise struct {
 	DeploymentBranchPolicy *BranchPolicy `json:"deployment_branch_policy"`
@@ -186,7 +190,9 @@ type createUpdateEnvironmentNoEnterprise struct {
 
 // CreateUpdateEnvironment create or update a new environment for a repository.
 //
-// GitHub API docs: https://docs.github.com/en/rest/deployments/environments#create-or-update-an-environment
+// GitHub API docs: https://docs.github.com/rest/deployments/environments#create-or-update-an-environment
+//
+//meta:operation PUT /repos/{owner}/{repo}/environments/{environment_name}
 func (s *RepositoriesService) CreateUpdateEnvironment(ctx context.Context, owner, repo, name string, environment *CreateUpdateEnvironment) (*Environment, *Response, error) {
 	u := fmt.Sprintf("repos/%s/%s/environments/%s", owner, repo, name)
 
@@ -232,7 +238,9 @@ func (s *RepositoriesService) createNewEnvNoEnterprise(ctx context.Context, u st
 
 // DeleteEnvironment delete an environment from a repository.
 //
-// GitHub API docs: https://docs.github.com/en/rest/deployments/environments#delete-an-environment
+// GitHub API docs: https://docs.github.com/rest/deployments/environments#delete-an-environment
+//
+//meta:operation DELETE /repos/{owner}/{repo}/environments/{environment_name}
 func (s *RepositoriesService) DeleteEnvironment(ctx context.Context, owner, repo, name string) (*Response, error) {
 	u := fmt.Sprintf("repos/%s/%s/environments/%s", owner, repo, name)
 
diff --git a/vendor/github.com/google/go-github/v56/github/repos_forks.go b/vendor/github.com/google/go-github/v57/github/repos_forks.go
similarity index 91%
rename from vendor/github.com/google/go-github/v56/github/repos_forks.go
rename to vendor/github.com/google/go-github/v57/github/repos_forks.go
index f175dfe3b03..60fb49da5ab 100644
--- a/vendor/github.com/google/go-github/v56/github/repos_forks.go
+++ b/vendor/github.com/google/go-github/v57/github/repos_forks.go
@@ -23,7 +23,9 @@ type RepositoryListForksOptions struct {
 
 // ListForks lists the forks of the specified repository.
 //
-// GitHub API docs: https://docs.github.com/en/rest/repos/forks#list-forks
+// GitHub API docs: https://docs.github.com/rest/repos/forks#list-forks
+//
+//meta:operation GET /repos/{owner}/{repo}/forks
 func (s *RepositoriesService) ListForks(ctx context.Context, owner, repo string, opts *RepositoryListForksOptions) ([]*Repository, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/forks", owner, repo)
 	u, err := addOptions(u, opts)
@@ -66,7 +68,9 @@ type RepositoryCreateForkOptions struct {
 // A follow up request, after a delay of a second or so, should result
 // in a successful request.
 //
-// GitHub API docs: https://docs.github.com/en/rest/repos/forks#create-a-fork
+// GitHub API docs: https://docs.github.com/rest/repos/forks#create-a-fork
+//
+//meta:operation POST /repos/{owner}/{repo}/forks
 func (s *RepositoriesService) CreateFork(ctx context.Context, owner, repo string, opts *RepositoryCreateForkOptions) (*Repository, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/forks", owner, repo)
 
diff --git a/vendor/github.com/google/go-github/v56/github/repos_hooks.go b/vendor/github.com/google/go-github/v57/github/repos_hooks.go
similarity index 84%
rename from vendor/github.com/google/go-github/v56/github/repos_hooks.go
rename to vendor/github.com/google/go-github/v57/github/repos_hooks.go
index ba229e7bca8..8768d603d2b 100644
--- a/vendor/github.com/google/go-github/v56/github/repos_hooks.go
+++ b/vendor/github.com/google/go-github/v57/github/repos_hooks.go
@@ -79,7 +79,9 @@ type createHookRequest struct {
 // Note that only a subset of the hook fields are used and hook must
 // not be nil.
 //
-// GitHub API docs: https://docs.github.com/en/rest/webhooks/repos#create-a-repository-webhook
+// GitHub API docs: https://docs.github.com/rest/webhooks/repos#create-a-repository-webhook
+//
+//meta:operation POST /repos/{owner}/{repo}/hooks
 func (s *RepositoriesService) CreateHook(ctx context.Context, owner, repo string, hook *Hook) (*Hook, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/hooks", owner, repo)
 
@@ -106,7 +108,9 @@ func (s *RepositoriesService) CreateHook(ctx context.Context, owner, repo string
 
 // ListHooks lists all Hooks for the specified repository.
 //
-// GitHub API docs: https://docs.github.com/en/rest/webhooks/repos#list-repository-webhooks
+// GitHub API docs: https://docs.github.com/rest/webhooks/repos#list-repository-webhooks
+//
+//meta:operation GET /repos/{owner}/{repo}/hooks
 func (s *RepositoriesService) ListHooks(ctx context.Context, owner, repo string, opts *ListOptions) ([]*Hook, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/hooks", owner, repo)
 	u, err := addOptions(u, opts)
@@ -130,7 +134,9 @@ func (s *RepositoriesService) ListHooks(ctx context.Context, owner, repo string,
 
 // GetHook returns a single specified Hook.
 //
-// GitHub API docs: https://docs.github.com/en/rest/webhooks/repos#get-a-repository-webhook
+// GitHub API docs: https://docs.github.com/rest/webhooks/repos#get-a-repository-webhook
+//
+//meta:operation GET /repos/{owner}/{repo}/hooks/{hook_id}
 func (s *RepositoriesService) GetHook(ctx context.Context, owner, repo string, id int64) (*Hook, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/hooks/%d", owner, repo, id)
 	req, err := s.client.NewRequest("GET", u, nil)
@@ -148,7 +154,9 @@ func (s *RepositoriesService) GetHook(ctx context.Context, owner, repo string, i
 
 // EditHook updates a specified Hook.
 //
-// GitHub API docs: https://docs.github.com/en/rest/webhooks/repos#update-a-repository-webhook
+// GitHub API docs: https://docs.github.com/rest/webhooks/repos#update-a-repository-webhook
+//
+//meta:operation PATCH /repos/{owner}/{repo}/hooks/{hook_id}
 func (s *RepositoriesService) EditHook(ctx context.Context, owner, repo string, id int64, hook *Hook) (*Hook, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/hooks/%d", owner, repo, id)
 	req, err := s.client.NewRequest("PATCH", u, hook)
@@ -166,7 +174,9 @@ func (s *RepositoriesService) EditHook(ctx context.Context, owner, repo string,
 
 // DeleteHook deletes a specified Hook.
 //
-// GitHub API docs: https://docs.github.com/en/rest/webhooks/repos#delete-a-repository-webhook
+// GitHub API docs: https://docs.github.com/rest/webhooks/repos#delete-a-repository-webhook
+//
+//meta:operation DELETE /repos/{owner}/{repo}/hooks/{hook_id}
 func (s *RepositoriesService) DeleteHook(ctx context.Context, owner, repo string, id int64) (*Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/hooks/%d", owner, repo, id)
 	req, err := s.client.NewRequest("DELETE", u, nil)
@@ -178,7 +188,9 @@ func (s *RepositoriesService) DeleteHook(ctx context.Context, owner, repo string
 
 // PingHook triggers a 'ping' event to be sent to the Hook.
 //
-// GitHub API docs: https://docs.github.com/en/rest/webhooks/repos#ping-a-repository-webhook
+// GitHub API docs: https://docs.github.com/rest/webhooks/repos#ping-a-repository-webhook
+//
+//meta:operation POST /repos/{owner}/{repo}/hooks/{hook_id}/pings
 func (s *RepositoriesService) PingHook(ctx context.Context, owner, repo string, id int64) (*Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/hooks/%d/pings", owner, repo, id)
 	req, err := s.client.NewRequest("POST", u, nil)
@@ -190,7 +202,9 @@ func (s *RepositoriesService) PingHook(ctx context.Context, owner, repo string,
 
 // TestHook triggers a test Hook by github.
 //
-// GitHub API docs: https://docs.github.com/en/rest/webhooks/repos#test-the-push-repository-webhook
+// GitHub API docs: https://docs.github.com/rest/webhooks/repos#test-the-push-repository-webhook
+//
+//meta:operation POST /repos/{owner}/{repo}/hooks/{hook_id}/tests
 func (s *RepositoriesService) TestHook(ctx context.Context, owner, repo string, id int64) (*Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/hooks/%d/tests", owner, repo, id)
 	req, err := s.client.NewRequest("POST", u, nil)
@@ -202,7 +216,9 @@ func (s *RepositoriesService) TestHook(ctx context.Context, owner, repo string,
 
 // Subscribe lets servers register to receive updates when a topic is updated.
 //
-// GitHub API docs: https://docs.github.com/en/rest/webhooks#pubsubhubbub
+// GitHub API docs: https://docs.github.com/webhooks/about-webhooks-for-repositories#pubsubhubbub
+//
+//meta:operation POST /hub
 func (s *RepositoriesService) Subscribe(ctx context.Context, owner, repo, event, callback string, secret []byte) (*Response, error) {
 	req, err := s.createWebSubRequest("subscribe", owner, repo, event, callback, secret)
 	if err != nil {
@@ -214,7 +230,9 @@ func (s *RepositoriesService) Subscribe(ctx context.Context, owner, repo, event,
 
 // Unsubscribe lets servers unregister to no longer receive updates when a topic is updated.
 //
-// GitHub API docs: https://docs.github.com/en/rest/webhooks#pubsubhubbub
+// GitHub API docs: https://docs.github.com/webhooks/about-webhooks-for-repositories#pubsubhubbub
+//
+//meta:operation POST /hub
 func (s *RepositoriesService) Unsubscribe(ctx context.Context, owner, repo, event, callback string, secret []byte) (*Response, error) {
 	req, err := s.createWebSubRequest("unsubscribe", owner, repo, event, callback, secret)
 	if err != nil {
diff --git a/vendor/github.com/google/go-github/v56/github/repos_hooks_configuration.go b/vendor/github.com/google/go-github/v57/github/repos_hooks_configuration.go
similarity index 77%
rename from vendor/github.com/google/go-github/v56/github/repos_hooks_configuration.go
rename to vendor/github.com/google/go-github/v57/github/repos_hooks_configuration.go
index 5aadfb645e1..2203d7614f5 100644
--- a/vendor/github.com/google/go-github/v56/github/repos_hooks_configuration.go
+++ b/vendor/github.com/google/go-github/v57/github/repos_hooks_configuration.go
@@ -12,7 +12,9 @@ import (
 
 // GetHookConfiguration returns the configuration for the specified repository webhook.
 //
-// GitHub API docs: https://docs.github.com/en/rest/webhooks/repo-config?apiVersion=2022-11-28#get-a-webhook-configuration-for-a-repository
+// GitHub API docs: https://docs.github.com/rest/webhooks/repo-config#get-a-webhook-configuration-for-a-repository
+//
+//meta:operation GET /repos/{owner}/{repo}/hooks/{hook_id}/config
 func (s *RepositoriesService) GetHookConfiguration(ctx context.Context, owner, repo string, id int64) (*HookConfig, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/hooks/%v/config", owner, repo, id)
 	req, err := s.client.NewRequest("GET", u, nil)
@@ -31,7 +33,9 @@ func (s *RepositoriesService) GetHookConfiguration(ctx context.Context, owner, r
 
 // EditHookConfiguration updates the configuration for the specified repository webhook.
 //
-// GitHub API docs: https://docs.github.com/en/rest/webhooks/repo-config?apiVersion=2022-11-28#update-a-webhook-configuration-for-a-repository
+// GitHub API docs: https://docs.github.com/rest/webhooks/repo-config#update-a-webhook-configuration-for-a-repository
+//
+//meta:operation PATCH /repos/{owner}/{repo}/hooks/{hook_id}/config
 func (s *RepositoriesService) EditHookConfiguration(ctx context.Context, owner, repo string, id int64, config *HookConfig) (*HookConfig, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/hooks/%v/config", owner, repo, id)
 	req, err := s.client.NewRequest("PATCH", u, config)
diff --git a/vendor/github.com/google/go-github/v56/github/repos_hooks_deliveries.go b/vendor/github.com/google/go-github/v57/github/repos_hooks_deliveries.go
similarity index 83%
rename from vendor/github.com/google/go-github/v56/github/repos_hooks_deliveries.go
rename to vendor/github.com/google/go-github/v57/github/repos_hooks_deliveries.go
index 5f2f8807e4b..6e1fd86f99b 100644
--- a/vendor/github.com/google/go-github/v56/github/repos_hooks_deliveries.go
+++ b/vendor/github.com/google/go-github/v57/github/repos_hooks_deliveries.go
@@ -14,8 +14,8 @@ import (
 // HookDelivery represents the data that is received from GitHub's Webhook Delivery API
 //
 // GitHub API docs:
-// - https://docs.github.com/en/rest/webhooks/repo-deliveries#list-deliveries-for-a-repository-webhook
-// - https://docs.github.com/en/rest/webhooks/repo-deliveries#get-a-delivery-for-a-repository-webhook
+// - https://docs.github.com/rest/webhooks/repo-deliveries#list-deliveries-for-a-repository-webhook
+// - https://docs.github.com/rest/webhooks/repo-deliveries#get-a-delivery-for-a-repository-webhook
 type HookDelivery struct {
 	ID             *int64     `json:"id,omitempty"`
 	GUID           *string    `json:"guid,omitempty"`
@@ -63,7 +63,9 @@ func (r HookResponse) String() string {
 
 // ListHookDeliveries lists webhook deliveries for a webhook configured in a repository.
 //
-// GitHub API docs: https://docs.github.com/en/rest/webhooks/repo-deliveries#list-deliveries-for-a-repository-webhook
+// GitHub API docs: https://docs.github.com/rest/webhooks/repo-deliveries#list-deliveries-for-a-repository-webhook
+//
+//meta:operation GET /repos/{owner}/{repo}/hooks/{hook_id}/deliveries
 func (s *RepositoriesService) ListHookDeliveries(ctx context.Context, owner, repo string, id int64, opts *ListCursorOptions) ([]*HookDelivery, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/hooks/%v/deliveries", owner, repo, id)
 	u, err := addOptions(u, opts)
@@ -87,7 +89,9 @@ func (s *RepositoriesService) ListHookDeliveries(ctx context.Context, owner, rep
 
 // GetHookDelivery returns a delivery for a webhook configured in a repository.
 //
-// GitHub API docs: https://docs.github.com/en/rest/webhooks/repo-deliveries#get-a-delivery-for-a-repository-webhook
+// GitHub API docs: https://docs.github.com/rest/webhooks/repo-deliveries#get-a-delivery-for-a-repository-webhook
+//
+//meta:operation GET /repos/{owner}/{repo}/hooks/{hook_id}/deliveries/{delivery_id}
 func (s *RepositoriesService) GetHookDelivery(ctx context.Context, owner, repo string, hookID, deliveryID int64) (*HookDelivery, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/hooks/%v/deliveries/%v", owner, repo, hookID, deliveryID)
 	req, err := s.client.NewRequest("GET", u, nil)
@@ -106,7 +110,9 @@ func (s *RepositoriesService) GetHookDelivery(ctx context.Context, owner, repo s
 
 // RedeliverHookDelivery redelivers a delivery for a webhook configured in a repository.
 //
-// GitHub API docs: https://docs.github.com/en/rest/webhooks/repo-deliveries#redeliver-a-delivery-for-a-repository-webhook
+// GitHub API docs: https://docs.github.com/rest/webhooks/repo-deliveries#redeliver-a-delivery-for-a-repository-webhook
+//
+//meta:operation POST /repos/{owner}/{repo}/hooks/{hook_id}/deliveries/{delivery_id}/attempts
 func (s *RepositoriesService) RedeliverHookDelivery(ctx context.Context, owner, repo string, hookID, deliveryID int64) (*HookDelivery, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/hooks/%v/deliveries/%v/attempts", owner, repo, hookID, deliveryID)
 	req, err := s.client.NewRequest("POST", u, nil)
diff --git a/vendor/github.com/google/go-github/v56/github/repos_invitations.go b/vendor/github.com/google/go-github/v57/github/repos_invitations.go
similarity index 83%
rename from vendor/github.com/google/go-github/v56/github/repos_invitations.go
rename to vendor/github.com/google/go-github/v57/github/repos_invitations.go
index 81956cd49c9..4922e0b298c 100644
--- a/vendor/github.com/google/go-github/v56/github/repos_invitations.go
+++ b/vendor/github.com/google/go-github/v57/github/repos_invitations.go
@@ -27,7 +27,9 @@ type RepositoryInvitation struct {
 
 // ListInvitations lists all currently-open repository invitations.
 //
-// GitHub API docs: https://docs.github.com/en/rest/collaborators/invitations#list-repository-invitations
+// GitHub API docs: https://docs.github.com/rest/collaborators/invitations#list-repository-invitations
+//
+//meta:operation GET /repos/{owner}/{repo}/invitations
 func (s *RepositoriesService) ListInvitations(ctx context.Context, owner, repo string, opts *ListOptions) ([]*RepositoryInvitation, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/invitations", owner, repo)
 	u, err := addOptions(u, opts)
@@ -51,7 +53,9 @@ func (s *RepositoriesService) ListInvitations(ctx context.Context, owner, repo s
 
 // DeleteInvitation deletes a repository invitation.
 //
-// GitHub API docs: https://docs.github.com/en/rest/collaborators/invitations#delete-a-repository-invitation
+// GitHub API docs: https://docs.github.com/rest/collaborators/invitations#delete-a-repository-invitation
+//
+//meta:operation DELETE /repos/{owner}/{repo}/invitations/{invitation_id}
 func (s *RepositoriesService) DeleteInvitation(ctx context.Context, owner, repo string, invitationID int64) (*Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/invitations/%v", owner, repo, invitationID)
 	req, err := s.client.NewRequest("DELETE", u, nil)
@@ -68,7 +72,9 @@ func (s *RepositoriesService) DeleteInvitation(ctx context.Context, owner, repo
 // permissions represents the permissions that the associated user will have
 // on the repository. Possible values are: "read", "write", "admin".
 //
-// GitHub API docs: https://docs.github.com/en/rest/collaborators/invitations#update-a-repository-invitation
+// GitHub API docs: https://docs.github.com/rest/collaborators/invitations#update-a-repository-invitation
+//
+//meta:operation PATCH /repos/{owner}/{repo}/invitations/{invitation_id}
 func (s *RepositoriesService) UpdateInvitation(ctx context.Context, owner, repo string, invitationID int64, permissions string) (*RepositoryInvitation, *Response, error) {
 	opts := &struct {
 		Permissions string `json:"permissions"`
diff --git a/vendor/github.com/google/go-github/v56/github/repos_keys.go b/vendor/github.com/google/go-github/v57/github/repos_keys.go
similarity index 77%
rename from vendor/github.com/google/go-github/v56/github/repos_keys.go
rename to vendor/github.com/google/go-github/v57/github/repos_keys.go
index 42c5de49709..cc86f8bbd09 100644
--- a/vendor/github.com/google/go-github/v56/github/repos_keys.go
+++ b/vendor/github.com/google/go-github/v57/github/repos_keys.go
@@ -14,7 +14,9 @@ import (
 
 // ListKeys lists the deploy keys for a repository.
 //
-// GitHub API docs: https://docs.github.com/en/rest/deploy-keys#list-deploy-keys
+// GitHub API docs: https://docs.github.com/rest/deploy-keys/deploy-keys#list-deploy-keys
+//
+//meta:operation GET /repos/{owner}/{repo}/keys
 func (s *RepositoriesService) ListKeys(ctx context.Context, owner string, repo string, opts *ListOptions) ([]*Key, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/keys", owner, repo)
 	u, err := addOptions(u, opts)
@@ -38,7 +40,9 @@ func (s *RepositoriesService) ListKeys(ctx context.Context, owner string, repo s
 
 // GetKey fetches a single deploy key.
 //
-// GitHub API docs: https://docs.github.com/en/rest/deploy-keys#get-a-deploy-key
+// GitHub API docs: https://docs.github.com/rest/deploy-keys/deploy-keys#get-a-deploy-key
+//
+//meta:operation GET /repos/{owner}/{repo}/keys/{key_id}
 func (s *RepositoriesService) GetKey(ctx context.Context, owner string, repo string, id int64) (*Key, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/keys/%v", owner, repo, id)
 
@@ -58,7 +62,9 @@ func (s *RepositoriesService) GetKey(ctx context.Context, owner string, repo str
 
 // CreateKey adds a deploy key for a repository.
 //
-// GitHub API docs: https://docs.github.com/en/rest/deploy-keys#create-a-deploy-key
+// GitHub API docs: https://docs.github.com/rest/deploy-keys/deploy-keys#create-a-deploy-key
+//
+//meta:operation POST /repos/{owner}/{repo}/keys
 func (s *RepositoriesService) CreateKey(ctx context.Context, owner string, repo string, key *Key) (*Key, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/keys", owner, repo)
 
@@ -78,7 +84,9 @@ func (s *RepositoriesService) CreateKey(ctx context.Context, owner string, repo
 
 // DeleteKey deletes a deploy key.
 //
-// GitHub API docs: https://docs.github.com/en/rest/deploy-keys#delete-a-deploy-key
+// GitHub API docs: https://docs.github.com/rest/deploy-keys/deploy-keys#delete-a-deploy-key
+//
+//meta:operation DELETE /repos/{owner}/{repo}/keys/{key_id}
 func (s *RepositoriesService) DeleteKey(ctx context.Context, owner string, repo string, id int64) (*Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/keys/%v", owner, repo, id)
 
diff --git a/vendor/github.com/google/go-github/v56/github/repos_lfs.go b/vendor/github.com/google/go-github/v57/github/repos_lfs.go
similarity index 76%
rename from vendor/github.com/google/go-github/v56/github/repos_lfs.go
rename to vendor/github.com/google/go-github/v57/github/repos_lfs.go
index 6ac2e5a8778..f0153c08086 100644
--- a/vendor/github.com/google/go-github/v56/github/repos_lfs.go
+++ b/vendor/github.com/google/go-github/v57/github/repos_lfs.go
@@ -12,7 +12,9 @@ import (
 
 // EnableLFS turns the LFS (Large File Storage) feature ON for the selected repo.
 //
-// GitHub API docs: https://docs.github.com/en/rest/repos/lfs#enable-git-lfs-for-a-repository
+// GitHub API docs: https://docs.github.com/enterprise-cloud@latest/rest/repos/lfs#enable-git-lfs-for-a-repository
+//
+//meta:operation PUT /repos/{owner}/{repo}/lfs
 func (s *RepositoriesService) EnableLFS(ctx context.Context, owner, repo string) (*Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/lfs", owner, repo)
 
@@ -31,7 +33,9 @@ func (s *RepositoriesService) EnableLFS(ctx context.Context, owner, repo string)
 
 // DisableLFS turns the LFS (Large File Storage) feature OFF for the selected repo.
 //
-// GitHub API docs: https://docs.github.com/en/rest/repos/lfs#disable-git-lfs-for-a-repository
+// GitHub API docs: https://docs.github.com/enterprise-cloud@latest/rest/repos/lfs#disable-git-lfs-for-a-repository
+//
+//meta:operation DELETE /repos/{owner}/{repo}/lfs
 func (s *RepositoriesService) DisableLFS(ctx context.Context, owner, repo string) (*Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/lfs", owner, repo)
 
diff --git a/vendor/github.com/google/go-github/v56/github/repos_merging.go b/vendor/github.com/google/go-github/v57/github/repos_merging.go
similarity index 87%
rename from vendor/github.com/google/go-github/v56/github/repos_merging.go
rename to vendor/github.com/google/go-github/v57/github/repos_merging.go
index 66e88452e86..b26e5da1af6 100644
--- a/vendor/github.com/google/go-github/v56/github/repos_merging.go
+++ b/vendor/github.com/google/go-github/v57/github/repos_merging.go
@@ -34,7 +34,9 @@ type RepoMergeUpstreamResult struct {
 
 // Merge a branch in the specified repository.
 //
-// GitHub API docs: https://docs.github.com/en/rest/branches/branches#merge-a-branch
+// GitHub API docs: https://docs.github.com/rest/branches/branches#merge-a-branch
+//
+//meta:operation POST /repos/{owner}/{repo}/merges
 func (s *RepositoriesService) Merge(ctx context.Context, owner, repo string, request *RepositoryMergeRequest) (*RepositoryCommit, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/merges", owner, repo)
 	req, err := s.client.NewRequest("POST", u, request)
@@ -54,7 +56,9 @@ func (s *RepositoriesService) Merge(ctx context.Context, owner, repo string, req
 // MergeUpstream syncs a branch of a forked repository to keep it up-to-date
 // with the upstream repository.
 //
-// GitHub API docs: https://docs.github.com/en/rest/branches/branches#sync-a-fork-branch-with-the-upstream-repository
+// GitHub API docs: https://docs.github.com/rest/branches/branches#sync-a-fork-branch-with-the-upstream-repository
+//
+//meta:operation POST /repos/{owner}/{repo}/merge-upstream
 func (s *RepositoriesService) MergeUpstream(ctx context.Context, owner, repo string, request *RepoMergeUpstreamRequest) (*RepoMergeUpstreamResult, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/merge-upstream", owner, repo)
 	req, err := s.client.NewRequest("POST", u, request)
diff --git a/vendor/github.com/google/go-github/v56/github/repos_pages.go b/vendor/github.com/google/go-github/v57/github/repos_pages.go
similarity index 88%
rename from vendor/github.com/google/go-github/v56/github/repos_pages.go
rename to vendor/github.com/google/go-github/v57/github/repos_pages.go
index 83075dbdd23..6b9ba76e44d 100644
--- a/vendor/github.com/google/go-github/v56/github/repos_pages.go
+++ b/vendor/github.com/google/go-github/v57/github/repos_pages.go
@@ -103,7 +103,9 @@ type createPagesRequest struct {
 
 // EnablePages enables GitHub Pages for the named repo.
 //
-// GitHub API docs: https://docs.github.com/en/rest/pages#create-a-github-pages-site
+// GitHub API docs: https://docs.github.com/rest/pages/pages#create-a-github-pages-site
+//
+//meta:operation POST /repos/{owner}/{repo}/pages
 func (s *RepositoriesService) EnablePages(ctx context.Context, owner, repo string, pages *Pages) (*Pages, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/pages", owner, repo)
 
@@ -153,7 +155,9 @@ type PagesUpdate struct {
 
 // UpdatePages updates GitHub Pages for the named repo.
 //
-// GitHub API docs: https://docs.github.com/en/rest/pages#update-information-about-a-github-pages-site
+// GitHub API docs: https://docs.github.com/rest/pages/pages#update-information-about-a-github-pages-site
+//
+//meta:operation PUT /repos/{owner}/{repo}/pages
 func (s *RepositoriesService) UpdatePages(ctx context.Context, owner, repo string, opts *PagesUpdate) (*Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/pages", owner, repo)
 
@@ -172,7 +176,9 @@ func (s *RepositoriesService) UpdatePages(ctx context.Context, owner, repo strin
 
 // DisablePages disables GitHub Pages for the named repo.
 //
-// GitHub API docs: https://docs.github.com/en/rest/pages#delete-a-github-pages-site
+// GitHub API docs: https://docs.github.com/rest/pages/pages#delete-a-github-pages-site
+//
+//meta:operation DELETE /repos/{owner}/{repo}/pages
 func (s *RepositoriesService) DisablePages(ctx context.Context, owner, repo string) (*Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/pages", owner, repo)
 	req, err := s.client.NewRequest("DELETE", u, nil)
@@ -188,7 +194,9 @@ func (s *RepositoriesService) DisablePages(ctx context.Context, owner, repo stri
 
 // GetPagesInfo fetches information about a GitHub Pages site.
 //
-// GitHub API docs: https://docs.github.com/en/rest/pages#get-a-github-pages-site
+// GitHub API docs: https://docs.github.com/rest/pages/pages#get-a-github-pages-site
+//
+//meta:operation GET /repos/{owner}/{repo}/pages
 func (s *RepositoriesService) GetPagesInfo(ctx context.Context, owner, repo string) (*Pages, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/pages", owner, repo)
 	req, err := s.client.NewRequest("GET", u, nil)
@@ -207,7 +215,9 @@ func (s *RepositoriesService) GetPagesInfo(ctx context.Context, owner, repo stri
 
 // ListPagesBuilds lists the builds for a GitHub Pages site.
 //
-// GitHub API docs: https://docs.github.com/en/rest/pages#list-github-pages-builds
+// GitHub API docs: https://docs.github.com/rest/pages/pages#list-github-pages-builds
+//
+//meta:operation GET /repos/{owner}/{repo}/pages/builds
 func (s *RepositoriesService) ListPagesBuilds(ctx context.Context, owner, repo string, opts *ListOptions) ([]*PagesBuild, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/pages/builds", owner, repo)
 	u, err := addOptions(u, opts)
@@ -231,7 +241,9 @@ func (s *RepositoriesService) ListPagesBuilds(ctx context.Context, owner, repo s
 
 // GetLatestPagesBuild fetches the latest build information for a GitHub pages site.
 //
-// GitHub API docs: https://docs.github.com/en/rest/pages#get-latest-pages-build
+// GitHub API docs: https://docs.github.com/rest/pages/pages#get-latest-pages-build
+//
+//meta:operation GET /repos/{owner}/{repo}/pages/builds/latest
 func (s *RepositoriesService) GetLatestPagesBuild(ctx context.Context, owner, repo string) (*PagesBuild, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/pages/builds/latest", owner, repo)
 	req, err := s.client.NewRequest("GET", u, nil)
@@ -250,7 +262,9 @@ func (s *RepositoriesService) GetLatestPagesBuild(ctx context.Context, owner, re
 
 // GetPageBuild fetches the specific build information for a GitHub pages site.
 //
-// GitHub API docs: https://docs.github.com/en/rest/pages#get-github-pages-build
+// GitHub API docs: https://docs.github.com/rest/pages/pages#get-github-pages-build
+//
+//meta:operation GET /repos/{owner}/{repo}/pages/builds/{build_id}
 func (s *RepositoriesService) GetPageBuild(ctx context.Context, owner, repo string, id int64) (*PagesBuild, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/pages/builds/%v", owner, repo, id)
 	req, err := s.client.NewRequest("GET", u, nil)
@@ -269,7 +283,9 @@ func (s *RepositoriesService) GetPageBuild(ctx context.Context, owner, repo stri
 
 // RequestPageBuild requests a build of a GitHub Pages site without needing to push new commit.
 //
-// GitHub API docs: https://docs.github.com/en/rest/pages#request-a-github-pages-build
+// GitHub API docs: https://docs.github.com/rest/pages/pages#request-a-github-pages-build
+//
+//meta:operation POST /repos/{owner}/{repo}/pages/builds
 func (s *RepositoriesService) RequestPageBuild(ctx context.Context, owner, repo string) (*PagesBuild, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/pages/builds", owner, repo)
 	req, err := s.client.NewRequest("POST", u, nil)
@@ -286,9 +302,11 @@ func (s *RepositoriesService) RequestPageBuild(ctx context.Context, owner, repo
 	return build, resp, nil
 }
 
-// GetPagesHealthCheck gets a DNS health check for the CNAME record configured for a repository's GitHub Pages.
+// GetPageHealthCheck gets a DNS health check for the CNAME record configured for a repository's GitHub Pages.
+//
+// GitHub API docs: https://docs.github.com/rest/pages/pages#get-a-dns-health-check-for-github-pages
 //
-// GitHub API docs: https://docs.github.com/en/rest/pages#get-a-dns-health-check-for-github-pages
+//meta:operation GET /repos/{owner}/{repo}/pages/health
 func (s *RepositoriesService) GetPageHealthCheck(ctx context.Context, owner, repo string) (*PagesHealthCheckResponse, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/pages/health", owner, repo)
 	req, err := s.client.NewRequest("GET", u, nil)
diff --git a/vendor/github.com/google/go-github/v56/github/repos_prereceive_hooks.go b/vendor/github.com/google/go-github/v57/github/repos_prereceive_hooks.go
similarity index 76%
rename from vendor/github.com/google/go-github/v56/github/repos_prereceive_hooks.go
rename to vendor/github.com/google/go-github/v57/github/repos_prereceive_hooks.go
index 1ce6478d33b..e8361383f57 100644
--- a/vendor/github.com/google/go-github/v56/github/repos_prereceive_hooks.go
+++ b/vendor/github.com/google/go-github/v57/github/repos_prereceive_hooks.go
@@ -24,7 +24,9 @@ func (p PreReceiveHook) String() string {
 
 // ListPreReceiveHooks lists all pre-receive hooks for the specified repository.
 //
-// GitHub API docs: https://developer.github.com/enterprise/2.13/v3/repos/pre_receive_hooks/#list-pre-receive-hooks
+// GitHub API docs: https://docs.github.com/enterprise-server@3.10/rest/enterprise-admin/repo-pre-receive-hooks#list-pre-receive-hooks-for-a-repository
+//
+//meta:operation GET /repos/{owner}/{repo}/pre-receive-hooks
 func (s *RepositoriesService) ListPreReceiveHooks(ctx context.Context, owner, repo string, opts *ListOptions) ([]*PreReceiveHook, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/pre-receive-hooks", owner, repo)
 	u, err := addOptions(u, opts)
@@ -51,7 +53,9 @@ func (s *RepositoriesService) ListPreReceiveHooks(ctx context.Context, owner, re
 
 // GetPreReceiveHook returns a single specified pre-receive hook.
 //
-// GitHub API docs: https://developer.github.com/enterprise/2.13/v3/repos/pre_receive_hooks/#get-a-single-pre-receive-hook
+// GitHub API docs: https://docs.github.com/enterprise-server@3.10/rest/enterprise-admin/repo-pre-receive-hooks#get-a-pre-receive-hook-for-a-repository
+//
+//meta:operation GET /repos/{owner}/{repo}/pre-receive-hooks/{pre_receive_hook_id}
 func (s *RepositoriesService) GetPreReceiveHook(ctx context.Context, owner, repo string, id int64) (*PreReceiveHook, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/pre-receive-hooks/%d", owner, repo, id)
 	req, err := s.client.NewRequest("GET", u, nil)
@@ -73,7 +77,9 @@ func (s *RepositoriesService) GetPreReceiveHook(ctx context.Context, owner, repo
 
 // UpdatePreReceiveHook updates a specified pre-receive hook.
 //
-// GitHub API docs: https://developer.github.com/enterprise/2.13/v3/repos/pre_receive_hooks/#update-pre-receive-hook-enforcement
+// GitHub API docs: https://docs.github.com/enterprise-server@3.10/rest/enterprise-admin/repo-pre-receive-hooks#update-pre-receive-hook-enforcement-for-a-repository
+//
+//meta:operation PATCH /repos/{owner}/{repo}/pre-receive-hooks/{pre_receive_hook_id}
 func (s *RepositoriesService) UpdatePreReceiveHook(ctx context.Context, owner, repo string, id int64, hook *PreReceiveHook) (*PreReceiveHook, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/pre-receive-hooks/%d", owner, repo, id)
 	req, err := s.client.NewRequest("PATCH", u, hook)
@@ -95,7 +101,9 @@ func (s *RepositoriesService) UpdatePreReceiveHook(ctx context.Context, owner, r
 
 // DeletePreReceiveHook deletes a specified pre-receive hook.
 //
-// GitHub API docs: https://developer.github.com/enterprise/2.13/v3/repos/pre_receive_hooks/#remove-enforcement-overrides-for-a-pre-receive-hook
+// GitHub API docs: https://docs.github.com/enterprise-server@3.10/rest/enterprise-admin/repo-pre-receive-hooks#remove-pre-receive-hook-enforcement-for-a-repository
+//
+//meta:operation DELETE /repos/{owner}/{repo}/pre-receive-hooks/{pre_receive_hook_id}
 func (s *RepositoriesService) DeletePreReceiveHook(ctx context.Context, owner, repo string, id int64) (*Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/pre-receive-hooks/%d", owner, repo, id)
 	req, err := s.client.NewRequest("DELETE", u, nil)
diff --git a/vendor/github.com/google/go-github/v56/github/repos_projects.go b/vendor/github.com/google/go-github/v57/github/repos_projects.go
similarity index 86%
rename from vendor/github.com/google/go-github/v56/github/repos_projects.go
rename to vendor/github.com/google/go-github/v57/github/repos_projects.go
index a3001dee988..9269d4e95c0 100644
--- a/vendor/github.com/google/go-github/v56/github/repos_projects.go
+++ b/vendor/github.com/google/go-github/v57/github/repos_projects.go
@@ -21,7 +21,9 @@ type ProjectListOptions struct {
 
 // ListProjects lists the projects for a repo.
 //
-// GitHub API docs: https://docs.github.com/en/rest/projects/projects#list-repository-projects
+// GitHub API docs: https://docs.github.com/rest/projects/projects#list-repository-projects
+//
+//meta:operation GET /repos/{owner}/{repo}/projects
 func (s *RepositoriesService) ListProjects(ctx context.Context, owner, repo string, opts *ProjectListOptions) ([]*Project, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/projects", owner, repo)
 	u, err := addOptions(u, opts)
@@ -48,7 +50,9 @@ func (s *RepositoriesService) ListProjects(ctx context.Context, owner, repo stri
 
 // CreateProject creates a GitHub Project for the specified repository.
 //
-// GitHub API docs: https://docs.github.com/en/rest/projects/projects#create-a-repository-project
+// GitHub API docs: https://docs.github.com/rest/projects/projects#create-a-repository-project
+//
+//meta:operation POST /repos/{owner}/{repo}/projects
 func (s *RepositoriesService) CreateProject(ctx context.Context, owner, repo string, opts *ProjectOptions) (*Project, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/projects", owner, repo)
 	req, err := s.client.NewRequest("POST", u, opts)
diff --git a/vendor/github.com/google/go-github/v56/github/repos_releases.go b/vendor/github.com/google/go-github/v57/github/repos_releases.go
similarity index 86%
rename from vendor/github.com/google/go-github/v56/github/repos_releases.go
rename to vendor/github.com/google/go-github/v57/github/repos_releases.go
index e2aa845af2f..7231db6d9ea 100644
--- a/vendor/github.com/google/go-github/v56/github/repos_releases.go
+++ b/vendor/github.com/google/go-github/v57/github/repos_releases.go
@@ -87,7 +87,9 @@ func (r ReleaseAsset) String() string {
 
 // ListReleases lists the releases for a repository.
 //
-// GitHub API docs: https://docs.github.com/en/rest/releases/releases#list-releases
+// GitHub API docs: https://docs.github.com/rest/releases/releases#list-releases
+//
+//meta:operation GET /repos/{owner}/{repo}/releases
 func (s *RepositoriesService) ListReleases(ctx context.Context, owner, repo string, opts *ListOptions) ([]*RepositoryRelease, *Response, error) {
 	u := fmt.Sprintf("repos/%s/%s/releases", owner, repo)
 	u, err := addOptions(u, opts)
@@ -110,7 +112,9 @@ func (s *RepositoriesService) ListReleases(ctx context.Context, owner, repo stri
 
 // GetRelease fetches a single release.
 //
-// GitHub API docs: https://docs.github.com/en/rest/releases/releases#get-a-release
+// GitHub API docs: https://docs.github.com/rest/releases/releases#get-a-release
+//
+//meta:operation GET /repos/{owner}/{repo}/releases/{release_id}
 func (s *RepositoriesService) GetRelease(ctx context.Context, owner, repo string, id int64) (*RepositoryRelease, *Response, error) {
 	u := fmt.Sprintf("repos/%s/%s/releases/%d", owner, repo, id)
 	return s.getSingleRelease(ctx, u)
@@ -118,7 +122,9 @@ func (s *RepositoriesService) GetRelease(ctx context.Context, owner, repo string
 
 // GetLatestRelease fetches the latest published release for the repository.
 //
-// GitHub API docs: https://docs.github.com/en/rest/releases/releases#get-the-latest-release
+// GitHub API docs: https://docs.github.com/rest/releases/releases#get-the-latest-release
+//
+//meta:operation GET /repos/{owner}/{repo}/releases/latest
 func (s *RepositoriesService) GetLatestRelease(ctx context.Context, owner, repo string) (*RepositoryRelease, *Response, error) {
 	u := fmt.Sprintf("repos/%s/%s/releases/latest", owner, repo)
 	return s.getSingleRelease(ctx, u)
@@ -126,7 +132,9 @@ func (s *RepositoriesService) GetLatestRelease(ctx context.Context, owner, repo
 
 // GetReleaseByTag fetches a release with the specified tag.
 //
-// GitHub API docs: https://docs.github.com/en/rest/releases/releases#get-a-release-by-tag-name
+// GitHub API docs: https://docs.github.com/rest/releases/releases#get-a-release-by-tag-name
+//
+//meta:operation GET /repos/{owner}/{repo}/releases/tags/{tag}
 func (s *RepositoriesService) GetReleaseByTag(ctx context.Context, owner, repo, tag string) (*RepositoryRelease, *Response, error) {
 	u := fmt.Sprintf("repos/%s/%s/releases/tags/%s", owner, repo, tag)
 	return s.getSingleRelease(ctx, u)
@@ -134,7 +142,9 @@ func (s *RepositoriesService) GetReleaseByTag(ctx context.Context, owner, repo,
 
 // GenerateReleaseNotes generates the release notes for the given tag.
 //
-// GitHub API docs: https://docs.github.com/en/rest/releases/releases#generate-release-notes-content-for-a-release
+// GitHub API docs: https://docs.github.com/rest/releases/releases#generate-release-notes-content-for-a-release
+//
+//meta:operation POST /repos/{owner}/{repo}/releases/generate-notes
 func (s *RepositoriesService) GenerateReleaseNotes(ctx context.Context, owner, repo string, opts *GenerateNotesOptions) (*RepositoryReleaseNotes, *Response, error) {
 	u := fmt.Sprintf("repos/%s/%s/releases/generate-notes", owner, repo)
 	req, err := s.client.NewRequest("POST", u, opts)
@@ -188,7 +198,9 @@ type repositoryReleaseRequest struct {
 // Note that only a subset of the release fields are used.
 // See RepositoryRelease for more information.
 //
-// GitHub API docs: https://docs.github.com/en/rest/releases/releases#create-a-release
+// GitHub API docs: https://docs.github.com/rest/releases/releases#create-a-release
+//
+//meta:operation POST /repos/{owner}/{repo}/releases
 func (s *RepositoriesService) CreateRelease(ctx context.Context, owner, repo string, release *RepositoryRelease) (*RepositoryRelease, *Response, error) {
 	u := fmt.Sprintf("repos/%s/%s/releases", owner, repo)
 
@@ -222,7 +234,9 @@ func (s *RepositoriesService) CreateRelease(ctx context.Context, owner, repo str
 // Note that only a subset of the release fields are used.
 // See RepositoryRelease for more information.
 //
-// GitHub API docs: https://docs.github.com/en/rest/releases/releases#update-a-release
+// GitHub API docs: https://docs.github.com/rest/releases/releases#update-a-release
+//
+//meta:operation PATCH /repos/{owner}/{repo}/releases/{release_id}
 func (s *RepositoriesService) EditRelease(ctx context.Context, owner, repo string, id int64, release *RepositoryRelease) (*RepositoryRelease, *Response, error) {
 	u := fmt.Sprintf("repos/%s/%s/releases/%d", owner, repo, id)
 
@@ -252,7 +266,9 @@ func (s *RepositoriesService) EditRelease(ctx context.Context, owner, repo strin
 
 // DeleteRelease delete a single release from a repository.
 //
-// GitHub API docs: https://docs.github.com/en/rest/releases/releases#delete-a-release
+// GitHub API docs: https://docs.github.com/rest/releases/releases#delete-a-release
+//
+//meta:operation DELETE /repos/{owner}/{repo}/releases/{release_id}
 func (s *RepositoriesService) DeleteRelease(ctx context.Context, owner, repo string, id int64) (*Response, error) {
 	u := fmt.Sprintf("repos/%s/%s/releases/%d", owner, repo, id)
 
@@ -265,7 +281,9 @@ func (s *RepositoriesService) DeleteRelease(ctx context.Context, owner, repo str
 
 // ListReleaseAssets lists the release's assets.
 //
-// GitHub API docs: https://docs.github.com/en/rest/releases/assets#list-release-assets
+// GitHub API docs: https://docs.github.com/rest/releases/assets#list-release-assets
+//
+//meta:operation GET /repos/{owner}/{repo}/releases/{release_id}/assets
 func (s *RepositoriesService) ListReleaseAssets(ctx context.Context, owner, repo string, id int64, opts *ListOptions) ([]*ReleaseAsset, *Response, error) {
 	u := fmt.Sprintf("repos/%s/%s/releases/%d/assets", owner, repo, id)
 	u, err := addOptions(u, opts)
@@ -288,7 +306,9 @@ func (s *RepositoriesService) ListReleaseAssets(ctx context.Context, owner, repo
 
 // GetReleaseAsset fetches a single release asset.
 //
-// GitHub API docs: https://docs.github.com/en/rest/releases/assets#get-a-release-asset
+// GitHub API docs: https://docs.github.com/rest/releases/assets#get-a-release-asset
+//
+//meta:operation GET /repos/{owner}/{repo}/releases/assets/{asset_id}
 func (s *RepositoriesService) GetReleaseAsset(ctx context.Context, owner, repo string, id int64) (*ReleaseAsset, *Response, error) {
 	u := fmt.Sprintf("repos/%s/%s/releases/assets/%d", owner, repo, id)
 
@@ -317,7 +337,9 @@ func (s *RepositoriesService) GetReleaseAsset(ctx context.Context, owner, repo s
 // exist, but it's possible to pass any http.Client. If nil is passed the
 // redirectURL will be returned instead.
 //
-// GitHub API docs: https://docs.github.com/en/rest/releases/assets#get-a-release-asset
+// GitHub API docs: https://docs.github.com/rest/releases/assets#get-a-release-asset
+//
+//meta:operation GET /repos/{owner}/{repo}/releases/assets/{asset_id}
 func (s *RepositoriesService) DownloadReleaseAsset(ctx context.Context, owner, repo string, id int64, followRedirectsClient *http.Client) (rc io.ReadCloser, redirectURL string, err error) {
 	u := fmt.Sprintf("repos/%s/%s/releases/assets/%d", owner, repo, id)
 
@@ -379,7 +401,9 @@ func (s *RepositoriesService) downloadReleaseAssetFromURL(ctx context.Context, f
 
 // EditReleaseAsset edits a repository release asset.
 //
-// GitHub API docs: https://docs.github.com/en/rest/releases/assets#update-a-release-asset
+// GitHub API docs: https://docs.github.com/rest/releases/assets#update-a-release-asset
+//
+//meta:operation PATCH /repos/{owner}/{repo}/releases/assets/{asset_id}
 func (s *RepositoriesService) EditReleaseAsset(ctx context.Context, owner, repo string, id int64, release *ReleaseAsset) (*ReleaseAsset, *Response, error) {
 	u := fmt.Sprintf("repos/%s/%s/releases/assets/%d", owner, repo, id)
 
@@ -398,7 +422,9 @@ func (s *RepositoriesService) EditReleaseAsset(ctx context.Context, owner, repo
 
 // DeleteReleaseAsset delete a single release asset from a repository.
 //
-// GitHub API docs: https://docs.github.com/en/rest/releases/assets#delete-a-release-asset
+// GitHub API docs: https://docs.github.com/rest/releases/assets#delete-a-release-asset
+//
+//meta:operation DELETE /repos/{owner}/{repo}/releases/assets/{asset_id}
 func (s *RepositoriesService) DeleteReleaseAsset(ctx context.Context, owner, repo string, id int64) (*Response, error) {
 	u := fmt.Sprintf("repos/%s/%s/releases/assets/%d", owner, repo, id)
 
@@ -412,7 +438,9 @@ func (s *RepositoriesService) DeleteReleaseAsset(ctx context.Context, owner, rep
 // UploadReleaseAsset creates an asset by uploading a file into a release repository.
 // To upload assets that cannot be represented by an os.File, call NewUploadRequest directly.
 //
-// GitHub API docs: https://docs.github.com/en/rest/releases/assets#upload-a-release-asset
+// GitHub API docs: https://docs.github.com/rest/releases/assets#upload-a-release-asset
+//
+//meta:operation POST /repos/{owner}/{repo}/releases/{release_id}/assets
 func (s *RepositoriesService) UploadReleaseAsset(ctx context.Context, owner, repo string, id int64, opts *UploadOptions, file *os.File) (*ReleaseAsset, *Response, error) {
 	u := fmt.Sprintf("repos/%s/%s/releases/%d/assets", owner, repo, id)
 	u, err := addOptions(u, opts)
diff --git a/vendor/github.com/google/go-github/v56/github/repos_rules.go b/vendor/github.com/google/go-github/v57/github/repos_rules.go
similarity index 87%
rename from vendor/github.com/google/go-github/v56/github/repos_rules.go
rename to vendor/github.com/google/go-github/v57/github/repos_rules.go
index 7f964fe6655..479806c2ee9 100644
--- a/vendor/github.com/google/go-github/v56/github/repos_rules.go
+++ b/vendor/github.com/google/go-github/v57/github/repos_rules.go
@@ -48,7 +48,7 @@ type RulesetRepositoryIDsConditionParameters struct {
 	RepositoryIDs []int64 `json:"repository_ids,omitempty"`
 }
 
-// RulesetCondition represents the conditions object in a ruleset.
+// RulesetConditions represents the conditions object in a ruleset.
 // Set either RepositoryName or RepositoryID, not both.
 type RulesetConditions struct {
 	RefName        *RulesetRefConditionParameters             `json:"ref_name,omitempty"`
@@ -97,6 +97,19 @@ type RequiredStatusChecksRuleParameters struct {
 	StrictRequiredStatusChecksPolicy bool                       `json:"strict_required_status_checks_policy"`
 }
 
+// RuleRequiredWorkflow represents the Workflow for the RequireWorkflowsRuleParameters object.
+type RuleRequiredWorkflow struct {
+	Path         string  `json:"path"`
+	Ref          *string `json:"ref,omitempty"`
+	RepositoryID *int64  `json:"repository_id,omitempty"`
+	Sha          *string `json:"sha,omitempty"`
+}
+
+// RequiredWorkflowsRuleParameters represents the workflows rule parameters.
+type RequiredWorkflowsRuleParameters struct {
+	RequiredWorkflows []*RuleRequiredWorkflow `json:"workflows"`
+}
+
 // RepositoryRule represents a GitHub Rule.
 type RepositoryRule struct {
 	Type       string           `json:"type"`
@@ -171,6 +184,16 @@ func (r *RepositoryRule) UnmarshalJSON(data []byte) error {
 		bytes, _ := json.Marshal(params)
 		rawParams := json.RawMessage(bytes)
 
+		r.Parameters = &rawParams
+	case "workflows":
+		params := RequiredWorkflowsRuleParameters{}
+		if err := json.Unmarshal(*RepositoryRule.Parameters, &params); err != nil {
+			return err
+		}
+
+		bytes, _ := json.Marshal(params)
+		rawParams := json.RawMessage(bytes)
+
 		r.Parameters = &rawParams
 	default:
 		r.Type = ""
@@ -329,6 +352,18 @@ func NewTagNamePatternRule(params *RulePatternParameters) (rule *RepositoryRule)
 	}
 }
 
+// NewRequiredWorkflowsRule creates a rule to require which status checks must pass before branches can be merged into a branch rule.
+func NewRequiredWorkflowsRule(params *RequiredWorkflowsRuleParameters) (rule *RepositoryRule) {
+	bytes, _ := json.Marshal(params)
+
+	rawParams := json.RawMessage(bytes)
+
+	return &RepositoryRule{
+		Type:       "workflows",
+		Parameters: &rawParams,
+	}
+}
+
 // Ruleset represents a GitHub ruleset object.
 type Ruleset struct {
 	ID   *int64 `json:"id,omitempty"`
@@ -349,7 +384,9 @@ type Ruleset struct {
 
 // GetRulesForBranch gets all the rules that apply to the specified branch.
 //
-// GitHub API docs: https://docs.github.com/en/rest/repos/rules#get-rules-for-a-branch
+// GitHub API docs: https://docs.github.com/rest/repos/rules#get-rules-for-a-branch
+//
+//meta:operation GET /repos/{owner}/{repo}/rules/branches/{branch}
 func (s *RepositoriesService) GetRulesForBranch(ctx context.Context, owner, repo, branch string) ([]*RepositoryRule, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/rules/branches/%v", owner, repo, branch)
 
@@ -370,7 +407,9 @@ func (s *RepositoriesService) GetRulesForBranch(ctx context.Context, owner, repo
 // GetAllRulesets gets all the rules that apply to the specified repository.
 // If includesParents is true, rulesets configured at the organization level that apply to the repository will be returned.
 //
-// GitHub API docs: https://docs.github.com/en/rest/repos/rules#get-all-repository-rulesets
+// GitHub API docs: https://docs.github.com/rest/repos/rules#get-all-repository-rulesets
+//
+//meta:operation GET /repos/{owner}/{repo}/rulesets
 func (s *RepositoriesService) GetAllRulesets(ctx context.Context, owner, repo string, includesParents bool) ([]*Ruleset, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/rulesets?includes_parents=%v", owner, repo, includesParents)
 
@@ -390,7 +429,9 @@ func (s *RepositoriesService) GetAllRulesets(ctx context.Context, owner, repo st
 
 // CreateRuleset creates a ruleset for the specified repository.
 //
-// GitHub API docs: https://docs.github.com/en/rest/repos/rules#create-a-repository-ruleset
+// GitHub API docs: https://docs.github.com/rest/repos/rules#create-a-repository-ruleset
+//
+//meta:operation POST /repos/{owner}/{repo}/rulesets
 func (s *RepositoriesService) CreateRuleset(ctx context.Context, owner, repo string, rs *Ruleset) (*Ruleset, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/rulesets", owner, repo)
 
@@ -411,7 +452,9 @@ func (s *RepositoriesService) CreateRuleset(ctx context.Context, owner, repo str
 // GetRuleset gets a ruleset for the specified repository.
 // If includesParents is true, rulesets configured at the organization level that apply to the repository will be returned.
 //
-// GitHub API docs: https://docs.github.com/en/rest/repos/rules#get-a-repository-ruleset
+// GitHub API docs: https://docs.github.com/rest/repos/rules#get-a-repository-ruleset
+//
+//meta:operation GET /repos/{owner}/{repo}/rulesets/{ruleset_id}
 func (s *RepositoriesService) GetRuleset(ctx context.Context, owner, repo string, rulesetID int64, includesParents bool) (*Ruleset, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/rulesets/%v?includes_parents=%v", owner, repo, rulesetID, includesParents)
 
@@ -431,7 +474,9 @@ func (s *RepositoriesService) GetRuleset(ctx context.Context, owner, repo string
 
 // UpdateRuleset updates a ruleset for the specified repository.
 //
-// GitHub API docs: https://docs.github.com/en/rest/repos/rules#update-a-repository-ruleset
+// GitHub API docs: https://docs.github.com/rest/repos/rules#update-a-repository-ruleset
+//
+//meta:operation PUT /repos/{owner}/{repo}/rulesets/{ruleset_id}
 func (s *RepositoriesService) UpdateRuleset(ctx context.Context, owner, repo string, rulesetID int64, rs *Ruleset) (*Ruleset, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/rulesets/%v", owner, repo, rulesetID)
 
@@ -451,7 +496,9 @@ func (s *RepositoriesService) UpdateRuleset(ctx context.Context, owner, repo str
 
 // DeleteRuleset deletes a ruleset for the specified repository.
 //
-// GitHub API docs: https://docs.github.com/en/rest/repos/rules#delete-a-repository-ruleset
+// GitHub API docs: https://docs.github.com/rest/repos/rules#delete-a-repository-ruleset
+//
+//meta:operation DELETE /repos/{owner}/{repo}/rulesets/{ruleset_id}
 func (s *RepositoriesService) DeleteRuleset(ctx context.Context, owner, repo string, rulesetID int64) (*Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/rulesets/%v", owner, repo, rulesetID)
 
diff --git a/vendor/github.com/google/go-github/v56/github/repos_stats.go b/vendor/github.com/google/go-github/v57/github/repos_stats.go
similarity index 90%
rename from vendor/github.com/google/go-github/v56/github/repos_stats.go
rename to vendor/github.com/google/go-github/v57/github/repos_stats.go
index 3df0a8f6deb..898693f7864 100644
--- a/vendor/github.com/google/go-github/v56/github/repos_stats.go
+++ b/vendor/github.com/google/go-github/v57/github/repos_stats.go
@@ -45,7 +45,9 @@ func (w WeeklyStats) String() string {
 // it is now computing the requested statistics. A follow up request, after a
 // delay of a second or so, should result in a successful request.
 //
-// GitHub API docs: https://docs.github.com/en/rest/metrics/statistics#get-all-contributor-commit-activity
+// GitHub API docs: https://docs.github.com/rest/metrics/statistics#get-all-contributor-commit-activity
+//
+//meta:operation GET /repos/{owner}/{repo}/stats/contributors
 func (s *RepositoriesService) ListContributorsStats(ctx context.Context, owner, repo string) ([]*ContributorStats, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/stats/contributors", owner, repo)
 	req, err := s.client.NewRequest("GET", u, nil)
@@ -84,7 +86,9 @@ func (w WeeklyCommitActivity) String() string {
 // it is now computing the requested statistics. A follow up request, after a
 // delay of a second or so, should result in a successful request.
 //
-// GitHub API docs: https://docs.github.com/en/rest/metrics/statistics#get-the-last-year-of-commit-activity
+// GitHub API docs: https://docs.github.com/rest/metrics/statistics#get-the-last-year-of-commit-activity
+//
+//meta:operation GET /repos/{owner}/{repo}/stats/commit_activity
 func (s *RepositoriesService) ListCommitActivity(ctx context.Context, owner, repo string) ([]*WeeklyCommitActivity, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/stats/commit_activity", owner, repo)
 	req, err := s.client.NewRequest("GET", u, nil)
@@ -111,7 +115,9 @@ func (s *RepositoriesService) ListCommitActivity(ctx context.Context, owner, rep
 // it is now computing the requested statistics. A follow up request, after a
 // delay of a second or so, should result in a successful request.
 //
-// GitHub API docs: https://docs.github.com/en/rest/metrics/statistics#get-the-weekly-commit-activity
+// GitHub API docs: https://docs.github.com/rest/metrics/statistics#get-the-weekly-commit-activity
+//
+//meta:operation GET /repos/{owner}/{repo}/stats/code_frequency
 func (s *RepositoriesService) ListCodeFrequency(ctx context.Context, owner, repo string) ([]*WeeklyStats, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/stats/code_frequency", owner, repo)
 	req, err := s.client.NewRequest("GET", u, nil)
@@ -167,7 +173,9 @@ func (r RepositoryParticipation) String() string {
 // it is now computing the requested statistics. A follow up request, after a
 // delay of a second or so, should result in a successful request.
 //
-// GitHub API docs: https://docs.github.com/en/rest/metrics/statistics#get-the-weekly-commit-count
+// GitHub API docs: https://docs.github.com/rest/metrics/statistics#get-the-weekly-commit-count
+//
+//meta:operation GET /repos/{owner}/{repo}/stats/participation
 func (s *RepositoriesService) ListParticipation(ctx context.Context, owner, repo string) (*RepositoryParticipation, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/stats/participation", owner, repo)
 	req, err := s.client.NewRequest("GET", u, nil)
@@ -200,7 +208,9 @@ type PunchCard struct {
 // it is now computing the requested statistics. A follow up request, after a
 // delay of a second or so, should result in a successful request.
 //
-// GitHub API docs: https://docs.github.com/en/rest/metrics/statistics#get-the-hourly-commit-count-for-each-day
+// GitHub API docs: https://docs.github.com/rest/metrics/statistics#get-the-hourly-commit-count-for-each-day
+//
+//meta:operation GET /repos/{owner}/{repo}/stats/punch_card
 func (s *RepositoriesService) ListPunchCard(ctx context.Context, owner, repo string) ([]*PunchCard, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/stats/punch_card", owner, repo)
 	req, err := s.client.NewRequest("GET", u, nil)
diff --git a/vendor/github.com/google/go-github/v56/github/repos_statuses.go b/vendor/github.com/google/go-github/v57/github/repos_statuses.go
similarity index 88%
rename from vendor/github.com/google/go-github/v56/github/repos_statuses.go
rename to vendor/github.com/google/go-github/v57/github/repos_statuses.go
index ea3d166c753..e7b03047521 100644
--- a/vendor/github.com/google/go-github/v56/github/repos_statuses.go
+++ b/vendor/github.com/google/go-github/v57/github/repos_statuses.go
@@ -45,7 +45,9 @@ func (r RepoStatus) String() string {
 // ListStatuses lists the statuses of a repository at the specified
 // reference. ref can be a SHA, a branch name, or a tag name.
 //
-// GitHub API docs: https://docs.github.com/en/rest/commits/statuses#list-commit-statuses-for-a-reference
+// GitHub API docs: https://docs.github.com/rest/commits/statuses#list-commit-statuses-for-a-reference
+//
+//meta:operation GET /repos/{owner}/{repo}/commits/{ref}/statuses
 func (s *RepositoriesService) ListStatuses(ctx context.Context, owner, repo, ref string, opts *ListOptions) ([]*RepoStatus, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/commits/%v/statuses", owner, repo, refURLEscape(ref))
 	u, err := addOptions(u, opts)
@@ -70,7 +72,9 @@ func (s *RepositoriesService) ListStatuses(ctx context.Context, owner, repo, ref
 // CreateStatus creates a new status for a repository at the specified
 // reference. Ref can be a SHA, a branch name, or a tag name.
 //
-// GitHub API docs: https://docs.github.com/en/rest/commits/statuses#create-a-commit-status
+// GitHub API docs: https://docs.github.com/rest/commits/statuses#create-a-commit-status
+//
+//meta:operation POST /repos/{owner}/{repo}/statuses/{sha}
 func (s *RepositoriesService) CreateStatus(ctx context.Context, owner, repo, ref string, status *RepoStatus) (*RepoStatus, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/statuses/%v", owner, repo, refURLEscape(ref))
 	req, err := s.client.NewRequest("POST", u, status)
@@ -109,7 +113,9 @@ func (s CombinedStatus) String() string {
 // GetCombinedStatus returns the combined status of a repository at the specified
 // reference. ref can be a SHA, a branch name, or a tag name.
 //
-// GitHub API docs: https://docs.github.com/en/rest/commits/statuses#get-the-combined-status-for-a-specific-reference
+// GitHub API docs: https://docs.github.com/rest/commits/statuses#get-the-combined-status-for-a-specific-reference
+//
+//meta:operation GET /repos/{owner}/{repo}/commits/{ref}/status
 func (s *RepositoriesService) GetCombinedStatus(ctx context.Context, owner, repo, ref string, opts *ListOptions) (*CombinedStatus, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/commits/%v/status", owner, repo, refURLEscape(ref))
 	u, err := addOptions(u, opts)
diff --git a/vendor/github.com/google/go-github/v56/github/repos_tags.go b/vendor/github.com/google/go-github/v57/github/repos_tags.go
similarity index 80%
rename from vendor/github.com/google/go-github/v56/github/repos_tags.go
rename to vendor/github.com/google/go-github/v57/github/repos_tags.go
index ff46d90c731..93164dd1b8e 100644
--- a/vendor/github.com/google/go-github/v56/github/repos_tags.go
+++ b/vendor/github.com/google/go-github/v57/github/repos_tags.go
@@ -24,7 +24,9 @@ type tagProtectionRequest struct {
 
 // ListTagProtection lists tag protection of the specified repository.
 //
-// GitHub API docs: https://docs.github.com/en/rest/repos/tags#list-tag-protection-states-for-a-repository
+// GitHub API docs: https://docs.github.com/rest/repos/tags#list-tag-protection-states-for-a-repository
+//
+//meta:operation GET /repos/{owner}/{repo}/tags/protection
 func (s *RepositoriesService) ListTagProtection(ctx context.Context, owner, repo string) ([]*TagProtection, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/tags/protection", owner, repo)
 
@@ -44,7 +46,9 @@ func (s *RepositoriesService) ListTagProtection(ctx context.Context, owner, repo
 
 // CreateTagProtection creates the tag protection of the specified repository.
 //
-// GitHub API docs: https://docs.github.com/en/rest/repos/tags#create-a-tag-protection-state-for-a-repository
+// GitHub API docs: https://docs.github.com/rest/repos/tags#create-a-tag-protection-state-for-a-repository
+//
+//meta:operation POST /repos/{owner}/{repo}/tags/protection
 func (s *RepositoriesService) CreateTagProtection(ctx context.Context, owner, repo, pattern string) (*TagProtection, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/tags/protection", owner, repo)
 	r := &tagProtectionRequest{Pattern: pattern}
@@ -64,7 +68,9 @@ func (s *RepositoriesService) CreateTagProtection(ctx context.Context, owner, re
 
 // DeleteTagProtection deletes a tag protection from the specified repository.
 //
-// GitHub API docs: https://docs.github.com/en/rest/repos/tags#delete-a-tag-protection-state-for-a-repository
+// GitHub API docs: https://docs.github.com/rest/repos/tags#delete-a-tag-protection-state-for-a-repository
+//
+//meta:operation DELETE /repos/{owner}/{repo}/tags/protection/{tag_protection_id}
 func (s *RepositoriesService) DeleteTagProtection(ctx context.Context, owner, repo string, tagProtectionID int64) (*Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/tags/protection/%v", owner, repo, tagProtectionID)
 	req, err := s.client.NewRequest("DELETE", u, nil)
diff --git a/vendor/github.com/google/go-github/v56/github/repos_traffic.go b/vendor/github.com/google/go-github/v57/github/repos_traffic.go
similarity index 87%
rename from vendor/github.com/google/go-github/v56/github/repos_traffic.go
rename to vendor/github.com/google/go-github/v57/github/repos_traffic.go
index bf093c03ea7..ae2f1a86bd7 100644
--- a/vendor/github.com/google/go-github/v56/github/repos_traffic.go
+++ b/vendor/github.com/google/go-github/v57/github/repos_traffic.go
@@ -54,7 +54,9 @@ type TrafficBreakdownOptions struct {
 
 // ListTrafficReferrers list the top 10 referrers over the last 14 days.
 //
-// GitHub API docs: https://docs.github.com/en/rest/metrics/traffic#get-top-referral-sources
+// GitHub API docs: https://docs.github.com/rest/metrics/traffic#get-top-referral-sources
+//
+//meta:operation GET /repos/{owner}/{repo}/traffic/popular/referrers
 func (s *RepositoriesService) ListTrafficReferrers(ctx context.Context, owner, repo string) ([]*TrafficReferrer, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/traffic/popular/referrers", owner, repo)
 
@@ -74,7 +76,9 @@ func (s *RepositoriesService) ListTrafficReferrers(ctx context.Context, owner, r
 
 // ListTrafficPaths list the top 10 popular content over the last 14 days.
 //
-// GitHub API docs: https://docs.github.com/en/rest/metrics/traffic#get-top-referral-paths
+// GitHub API docs: https://docs.github.com/rest/metrics/traffic#get-top-referral-paths
+//
+//meta:operation GET /repos/{owner}/{repo}/traffic/popular/paths
 func (s *RepositoriesService) ListTrafficPaths(ctx context.Context, owner, repo string) ([]*TrafficPath, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/traffic/popular/paths", owner, repo)
 
@@ -94,7 +98,9 @@ func (s *RepositoriesService) ListTrafficPaths(ctx context.Context, owner, repo
 
 // ListTrafficViews get total number of views for the last 14 days and breaks it down either per day or week.
 //
-// GitHub API docs: https://docs.github.com/en/rest/metrics/traffic#get-page-views
+// GitHub API docs: https://docs.github.com/rest/metrics/traffic#get-page-views
+//
+//meta:operation GET /repos/{owner}/{repo}/traffic/views
 func (s *RepositoriesService) ListTrafficViews(ctx context.Context, owner, repo string, opts *TrafficBreakdownOptions) (*TrafficViews, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/traffic/views", owner, repo)
 	u, err := addOptions(u, opts)
@@ -118,7 +124,9 @@ func (s *RepositoriesService) ListTrafficViews(ctx context.Context, owner, repo
 
 // ListTrafficClones get total number of clones for the last 14 days and breaks it down either per day or week for the last 14 days.
 //
-// GitHub API docs: https://docs.github.com/en/rest/metrics/traffic#get-repository-clones
+// GitHub API docs: https://docs.github.com/rest/metrics/traffic#get-repository-clones
+//
+//meta:operation GET /repos/{owner}/{repo}/traffic/clones
 func (s *RepositoriesService) ListTrafficClones(ctx context.Context, owner, repo string, opts *TrafficBreakdownOptions) (*TrafficClones, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/traffic/clones", owner, repo)
 	u, err := addOptions(u, opts)
diff --git a/vendor/github.com/google/go-github/v56/github/scim.go b/vendor/github.com/google/go-github/v57/github/scim.go
similarity index 83%
rename from vendor/github.com/google/go-github/v56/github/scim.go
rename to vendor/github.com/google/go-github/v57/github/scim.go
index 7deee6be4b5..02136d7ef91 100644
--- a/vendor/github.com/google/go-github/v56/github/scim.go
+++ b/vendor/github.com/google/go-github/v57/github/scim.go
@@ -14,12 +14,12 @@ import (
 // SCIMService provides access to SCIM related functions in the
 // GitHub API.
 //
-// GitHub API docs: https://docs.github.com/en/rest/scim
+// GitHub API docs: https://docs.github.com/rest/scim
 type SCIMService service
 
 // SCIMUserAttributes represents supported SCIM User attributes.
 //
-// GitHub API docs: https://docs.github.com/en/rest/scim#supported-scim-user-attributes
+// GitHub API docs: https://docs.github.com/rest/scim#supported-scim-user-attributes
 type SCIMUserAttributes struct {
 	UserName    string           `json:"userName"`              // Configured by the admin. Could be an email, login, or username. (Required.)
 	Name        SCIMUserName     `json:"name"`                  // (Required.)
@@ -67,7 +67,7 @@ type SCIMProvisionedIdentities struct {
 
 // ListSCIMProvisionedIdentitiesOptions represents options for ListSCIMProvisionedIdentities.
 //
-// Github API docs: https://docs.github.com/en/rest/scim#list-scim-provisioned-identities--parameters
+// GitHub API docs: https://docs.github.com/rest/scim#list-scim-provisioned-identities--parameters
 type ListSCIMProvisionedIdentitiesOptions struct {
 	StartIndex *int `url:"startIndex,omitempty"` // Used for pagination: the index of the first result to return. (Optional.)
 	Count      *int `url:"count,omitempty"`      // Used for pagination: the number of results to return. (Optional.)
@@ -81,7 +81,9 @@ type ListSCIMProvisionedIdentitiesOptions struct {
 
 // ListSCIMProvisionedIdentities lists SCIM provisioned identities.
 //
-// GitHub API docs: https://docs.github.com/en/rest/scim#list-scim-provisioned-identities
+// GitHub API docs: https://docs.github.com/enterprise-cloud@latest/rest/scim/scim#list-scim-provisioned-identities
+//
+//meta:operation GET /scim/v2/organizations/{org}/Users
 func (s *SCIMService) ListSCIMProvisionedIdentities(ctx context.Context, org string, opts *ListSCIMProvisionedIdentitiesOptions) (*SCIMProvisionedIdentities, *Response, error) {
 	u := fmt.Sprintf("scim/v2/organizations/%v/Users", org)
 	u, err := addOptions(u, opts)
@@ -105,7 +107,9 @@ func (s *SCIMService) ListSCIMProvisionedIdentities(ctx context.Context, org str
 
 // ProvisionAndInviteSCIMUser provisions organization membership for a user, and sends an activation email to the email address.
 //
-// GitHub API docs: https://docs.github.com/en/rest/scim#provision-and-invite-a-scim-user
+// GitHub API docs: https://docs.github.com/enterprise-cloud@latest/rest/scim/scim#provision-and-invite-a-scim-user
+//
+//meta:operation POST /scim/v2/organizations/{org}/Users
 func (s *SCIMService) ProvisionAndInviteSCIMUser(ctx context.Context, org string, opts *SCIMUserAttributes) (*Response, error) {
 	u := fmt.Sprintf("scim/v2/organizations/%v/Users", org)
 	u, err := addOptions(u, opts)
@@ -123,7 +127,9 @@ func (s *SCIMService) ProvisionAndInviteSCIMUser(ctx context.Context, org string
 
 // GetSCIMProvisioningInfoForUser returns SCIM provisioning information for a user.
 //
-// GitHub API docs: https://docs.github.com/en/rest/scim#supported-scim-user-attributes
+// GitHub API docs: https://docs.github.com/enterprise-cloud@latest/rest/scim/scim#get-scim-provisioning-information-for-a-user
+//
+//meta:operation GET /scim/v2/organizations/{org}/Users/{scim_user_id}
 func (s *SCIMService) GetSCIMProvisioningInfoForUser(ctx context.Context, org, scimUserID string) (*SCIMUserAttributes, *Response, error) {
 	u := fmt.Sprintf("scim/v2/organizations/%v/Users/%v", org, scimUserID)
 	req, err := s.client.NewRequest("GET", u, nil)
@@ -142,7 +148,9 @@ func (s *SCIMService) GetSCIMProvisioningInfoForUser(ctx context.Context, org, s
 
 // UpdateProvisionedOrgMembership updates a provisioned organization membership.
 //
-// GitHub API docs: https://docs.github.com/en/rest/scim#update-a-provisioned-organization-membership
+// GitHub API docs: https://docs.github.com/enterprise-cloud@latest/rest/scim/scim#update-a-provisioned-organization-membership
+//
+//meta:operation PUT /scim/v2/organizations/{org}/Users/{scim_user_id}
 func (s *SCIMService) UpdateProvisionedOrgMembership(ctx context.Context, org, scimUserID string, opts *SCIMUserAttributes) (*Response, error) {
 	u := fmt.Sprintf("scim/v2/organizations/%v/Users/%v", org, scimUserID)
 	u, err := addOptions(u, opts)
@@ -160,7 +168,7 @@ func (s *SCIMService) UpdateProvisionedOrgMembership(ctx context.Context, org, s
 
 // UpdateAttributeForSCIMUserOptions represents options for UpdateAttributeForSCIMUser.
 //
-// GitHub API docs: https://docs.github.com/en/rest/scim#update-an-attribute-for-a-scim-user--parameters
+// GitHub API docs: https://docs.github.com/rest/scim#update-an-attribute-for-a-scim-user--parameters
 type UpdateAttributeForSCIMUserOptions struct {
 	Schemas    []string                             `json:"schemas,omitempty"` // (Optional.)
 	Operations UpdateAttributeForSCIMUserOperations `json:"operations"`        // Set of operations to be performed. (Required.)
@@ -175,7 +183,9 @@ type UpdateAttributeForSCIMUserOperations struct {
 
 // UpdateAttributeForSCIMUser updates an attribute for an SCIM user.
 //
-// GitHub API docs: https://docs.github.com/en/rest/scim#update-an-attribute-for-a-scim-user
+// GitHub API docs: https://docs.github.com/enterprise-cloud@latest/rest/scim/scim#update-an-attribute-for-a-scim-user
+//
+//meta:operation PATCH /scim/v2/organizations/{org}/Users/{scim_user_id}
 func (s *SCIMService) UpdateAttributeForSCIMUser(ctx context.Context, org, scimUserID string, opts *UpdateAttributeForSCIMUserOptions) (*Response, error) {
 	u := fmt.Sprintf("scim/v2/organizations/%v/Users/%v", org, scimUserID)
 	u, err := addOptions(u, opts)
@@ -193,7 +203,9 @@ func (s *SCIMService) UpdateAttributeForSCIMUser(ctx context.Context, org, scimU
 
 // DeleteSCIMUserFromOrg deletes SCIM user from an organization.
 //
-// GitHub API docs: https://docs.github.com/en/rest/scim#delete-a-scim-user-from-an-organization
+// GitHub API docs: https://docs.github.com/enterprise-cloud@latest/rest/scim/scim#delete-a-scim-user-from-an-organization
+//
+//meta:operation DELETE /scim/v2/organizations/{org}/Users/{scim_user_id}
 func (s *SCIMService) DeleteSCIMUserFromOrg(ctx context.Context, org, scimUserID string) (*Response, error) {
 	u := fmt.Sprintf("scim/v2/organizations/%v/Users/%v", org, scimUserID)
 	req, err := s.client.NewRequest("DELETE", u, nil)
diff --git a/vendor/github.com/google/go-github/v56/github/search.go b/vendor/github.com/google/go-github/v57/github/search.go
similarity index 91%
rename from vendor/github.com/google/go-github/v56/github/search.go
rename to vendor/github.com/google/go-github/v57/github/search.go
index adb832d0d8f..71efe87a039 100644
--- a/vendor/github.com/google/go-github/v56/github/search.go
+++ b/vendor/github.com/google/go-github/v57/github/search.go
@@ -32,7 +32,7 @@ import (
 // For example, querying with "language:c++" and "leveldb", then query should be
 // "language:c++ leveldb" but not "language:c+++leveldb".
 //
-// GitHub API docs: https://docs.github.com/en/rest/search/
+// GitHub API docs: https://docs.github.com/rest/search/
 type SearchService service
 
 // SearchOptions specifies optional parameters to the SearchService methods.
@@ -72,7 +72,9 @@ type RepositoriesSearchResult struct {
 
 // Repositories searches repositories via various criteria.
 //
-// GitHub API docs: https://docs.github.com/en/rest/search#search-repositories
+// GitHub API docs: https://docs.github.com/rest/search/search#search-repositories
+//
+//meta:operation GET /search/repositories
 func (s *SearchService) Repositories(ctx context.Context, query string, opts *SearchOptions) (*RepositoriesSearchResult, *Response, error) {
 	result := new(RepositoriesSearchResult)
 	resp, err := s.search(ctx, "repositories", &searchParameters{Query: query}, opts, result)
@@ -104,10 +106,12 @@ type TopicResult struct {
 }
 
 // Topics finds topics via various criteria. Results are sorted by best match.
-// Please see https://help.github.com/en/articles/searching-topics for more
+// Please see https://help.github.com/articles/searching-topics for more
 // information about search qualifiers.
 //
-// GitHub API docs: https://docs.github.com/en/rest/search#search-topics
+// GitHub API docs: https://docs.github.com/rest/search/search#search-topics
+//
+//meta:operation GET /search/topics
 func (s *SearchService) Topics(ctx context.Context, query string, opts *SearchOptions) (*TopicsSearchResult, *Response, error) {
 	result := new(TopicsSearchResult)
 	resp, err := s.search(ctx, "topics", &searchParameters{Query: query}, opts, result)
@@ -142,7 +146,9 @@ type CommitResult struct {
 
 // Commits searches commits via various criteria.
 //
-// GitHub API docs: https://docs.github.com/en/rest/search#search-commits
+// GitHub API docs: https://docs.github.com/rest/search/search#search-commits
+//
+//meta:operation GET /search/commits
 func (s *SearchService) Commits(ctx context.Context, query string, opts *SearchOptions) (*CommitsSearchResult, *Response, error) {
 	result := new(CommitsSearchResult)
 	resp, err := s.search(ctx, "commits", &searchParameters{Query: query}, opts, result)
@@ -162,7 +168,9 @@ type IssuesSearchResult struct {
 
 // Issues searches issues via various criteria.
 //
-// GitHub API docs: https://docs.github.com/en/rest/search#search-issues-and-pull-requests
+// GitHub API docs: https://docs.github.com/rest/search/search#search-issues-and-pull-requests
+//
+//meta:operation GET /search/issues
 func (s *SearchService) Issues(ctx context.Context, query string, opts *SearchOptions) (*IssuesSearchResult, *Response, error) {
 	result := new(IssuesSearchResult)
 	resp, err := s.search(ctx, "issues", &searchParameters{Query: query}, opts, result)
@@ -182,7 +190,9 @@ type UsersSearchResult struct {
 
 // Users searches users via various criteria.
 //
-// GitHub API docs: https://docs.github.com/en/rest/search#search-users
+// GitHub API docs: https://docs.github.com/rest/search/search#search-users
+//
+//meta:operation GET /search/users
 func (s *SearchService) Users(ctx context.Context, query string, opts *SearchOptions) (*UsersSearchResult, *Response, error) {
 	result := new(UsersSearchResult)
 	resp, err := s.search(ctx, "users", &searchParameters{Query: query}, opts, result)
@@ -235,7 +245,9 @@ func (c CodeResult) String() string {
 
 // Code searches code via various criteria.
 //
-// GitHub API docs: https://docs.github.com/en/rest/search#search-code
+// GitHub API docs: https://docs.github.com/rest/search/search#search-code
+//
+//meta:operation GET /search/code
 func (s *SearchService) Code(ctx context.Context, query string, opts *SearchOptions) (*CodeSearchResult, *Response, error) {
 	result := new(CodeSearchResult)
 	resp, err := s.search(ctx, "code", &searchParameters{Query: query}, opts, result)
@@ -270,7 +282,9 @@ func (l LabelResult) String() string {
 
 // Labels searches labels in the repository with ID repoID via various criteria.
 //
-// GitHub API docs: https://docs.github.com/en/rest/search#search-labels
+// GitHub API docs: https://docs.github.com/rest/search/search#search-labels
+//
+//meta:operation GET /search/labels
 func (s *SearchService) Labels(ctx context.Context, repoID int64, query string, opts *SearchOptions) (*LabelsSearchResult, *Response, error) {
 	result := new(LabelsSearchResult)
 	resp, err := s.search(ctx, "labels", &searchParameters{RepositoryID: &repoID, Query: query}, opts, result)
@@ -321,7 +335,7 @@ func (s *SearchService) search(ctx context.Context, searchType string, parameter
 		// TODO: remove custom Accept header when this API fully launches.
 		acceptHeaders = append(acceptHeaders, mediaTypeReactionsPreview)
 	}
-	// https://docs.github.com/en/rest/search#search-repositories
+	// https://docs.github.com/rest/search#search-repositories
 	// Accept header defaults to "application/vnd.github.v3+json"
 	// We change it here to fetch back text-match metadata
 	if opts != nil && opts.TextMatch {
diff --git a/vendor/github.com/google/go-github/v56/github/secret_scanning.go b/vendor/github.com/google/go-github/v57/github/secret_scanning.go
similarity index 81%
rename from vendor/github.com/google/go-github/v56/github/secret_scanning.go
rename to vendor/github.com/google/go-github/v57/github/secret_scanning.go
index 30d3da8ebf8..9b2ad8cd0d2 100644
--- a/vendor/github.com/google/go-github/v56/github/secret_scanning.go
+++ b/vendor/github.com/google/go-github/v57/github/secret_scanning.go
@@ -72,9 +72,9 @@ type SecretScanningAlertListOptions struct {
 	// List options can vary on the Enterprise type.
 	// On Enterprise Cloud, Secret Scan alerts support requesting by page number
 	// along with providing a cursor for an "after" param.
-	// See: https://docs.github.com/en/enterprise-cloud@latest/rest/secret-scanning#list-secret-scanning-alerts-for-an-organization
+	// See: https://docs.github.com/enterprise-cloud@latest/rest/secret-scanning#list-secret-scanning-alerts-for-an-organization
 	// Whereas on Enterprise Server, pagination is by index.
-	// See: https://docs.github.com/en/enterprise-server@3.6/rest/secret-scanning#list-secret-scanning-alerts-for-an-organization
+	// See: https://docs.github.com/enterprise-server@3.6/rest/secret-scanning#list-secret-scanning-alerts-for-an-organization
 	ListOptions
 }
 
@@ -90,12 +90,14 @@ type SecretScanningAlertUpdateOptions struct {
 	Resolution *string `json:"resolution,omitempty"`
 }
 
-// Lists secret scanning alerts for eligible repositories in an enterprise, from newest to oldest.
+// ListAlertsForEnterprise lists secret scanning alerts for eligible repositories in an enterprise, from newest to oldest.
 //
 // To use this endpoint, you must be a member of the enterprise, and you must use an access token with the repo scope or
 // security_events scope. Alerts are only returned for organizations in the enterprise for which you are an organization owner or a security manager.
 //
-// GitHub API docs: https://docs.github.com/en/enterprise-server@3.5/rest/secret-scanning#list-secret-scanning-alerts-for-an-enterprise
+// GitHub API docs: https://docs.github.com/rest/secret-scanning/secret-scanning#list-secret-scanning-alerts-for-an-enterprise
+//
+//meta:operation GET /enterprises/{enterprise}/secret-scanning/alerts
 func (s *SecretScanningService) ListAlertsForEnterprise(ctx context.Context, enterprise string, opts *SecretScanningAlertListOptions) ([]*SecretScanningAlert, *Response, error) {
 	u := fmt.Sprintf("enterprises/%v/secret-scanning/alerts", enterprise)
 	u, err := addOptions(u, opts)
@@ -117,12 +119,14 @@ func (s *SecretScanningService) ListAlertsForEnterprise(ctx context.Context, ent
 	return alerts, resp, nil
 }
 
-// Lists secret scanning alerts for eligible repositories in an organization, from newest to oldest.
+// ListAlertsForOrg lists secret scanning alerts for eligible repositories in an organization, from newest to oldest.
 //
 // To use this endpoint, you must be an administrator for the repository or organization, and you must use an access token with
 // the repo scope or security_events scope.
 //
-// GitHub API docs: https://docs.github.com/en/enterprise-server@3.5/rest/secret-scanning#list-secret-scanning-alerts-for-an-organization
+// GitHub API docs: https://docs.github.com/rest/secret-scanning/secret-scanning#list-secret-scanning-alerts-for-an-organization
+//
+//meta:operation GET /orgs/{org}/secret-scanning/alerts
 func (s *SecretScanningService) ListAlertsForOrg(ctx context.Context, org string, opts *SecretScanningAlertListOptions) ([]*SecretScanningAlert, *Response, error) {
 	u := fmt.Sprintf("orgs/%v/secret-scanning/alerts", org)
 	u, err := addOptions(u, opts)
@@ -144,12 +148,14 @@ func (s *SecretScanningService) ListAlertsForOrg(ctx context.Context, org string
 	return alerts, resp, nil
 }
 
-// Lists secret scanning alerts for a private repository, from newest to oldest.
+// ListAlertsForRepo lists secret scanning alerts for a private repository, from newest to oldest.
 //
 // To use this endpoint, you must be an administrator for the repository or organization, and you must use an access token with
 // the repo scope or security_events scope.
 //
-// GitHub API docs: https://docs.github.com/en/enterprise-server@3.5/rest/secret-scanning#list-secret-scanning-alerts-for-a-repository
+// GitHub API docs: https://docs.github.com/rest/secret-scanning/secret-scanning#list-secret-scanning-alerts-for-a-repository
+//
+//meta:operation GET /repos/{owner}/{repo}/secret-scanning/alerts
 func (s *SecretScanningService) ListAlertsForRepo(ctx context.Context, owner, repo string, opts *SecretScanningAlertListOptions) ([]*SecretScanningAlert, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/secret-scanning/alerts", owner, repo)
 	u, err := addOptions(u, opts)
@@ -171,12 +177,14 @@ func (s *SecretScanningService) ListAlertsForRepo(ctx context.Context, owner, re
 	return alerts, resp, nil
 }
 
-// Gets a single secret scanning alert detected in a private repository.
+// GetAlert gets a single secret scanning alert detected in a private repository.
 //
 // To use this endpoint, you must be an administrator for the repository or organization, and you must use an access token with
 // the repo scope or security_events scope.
 //
-// GitHub API docs: https://docs.github.com/en/enterprise-server@3.5/rest/secret-scanning#get-a-secret-scanning-alert
+// GitHub API docs: https://docs.github.com/rest/secret-scanning/secret-scanning#get-a-secret-scanning-alert
+//
+//meta:operation GET /repos/{owner}/{repo}/secret-scanning/alerts/{alert_number}
 func (s *SecretScanningService) GetAlert(ctx context.Context, owner, repo string, number int64) (*SecretScanningAlert, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/secret-scanning/alerts/%v", owner, repo, number)
 
@@ -194,12 +202,14 @@ func (s *SecretScanningService) GetAlert(ctx context.Context, owner, repo string
 	return alert, resp, nil
 }
 
-// Updates the status of a secret scanning alert in a private repository.
+// UpdateAlert updates the status of a secret scanning alert in a private repository.
 //
 // To use this endpoint, you must be an administrator for the repository or organization, and you must use an access token with
 // the repo scope or security_events scope.
 //
-// GitHub API docs: https://docs.github.com/en/enterprise-server@3.5/rest/secret-scanning#update-a-secret-scanning-alert
+// GitHub API docs: https://docs.github.com/rest/secret-scanning/secret-scanning#update-a-secret-scanning-alert
+//
+//meta:operation PATCH /repos/{owner}/{repo}/secret-scanning/alerts/{alert_number}
 func (s *SecretScanningService) UpdateAlert(ctx context.Context, owner, repo string, number int64, opts *SecretScanningAlertUpdateOptions) (*SecretScanningAlert, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/secret-scanning/alerts/%v", owner, repo, number)
 
@@ -217,12 +227,14 @@ func (s *SecretScanningService) UpdateAlert(ctx context.Context, owner, repo str
 	return alert, resp, nil
 }
 
-// Lists all locations for a given secret scanning alert for a private repository.
+// ListLocationsForAlert lists all locations for a given secret scanning alert for a private repository.
 //
 // To use this endpoint, you must be an administrator for the repository or organization, and you must use an access token with
 // the repo scope or security_events scope.
 //
-// GitHub API docs: https://docs.github.com/en/enterprise-server@3.5/rest/secret-scanning#list-locations-for-a-secret-scanning-alert
+// GitHub API docs: https://docs.github.com/rest/secret-scanning/secret-scanning#list-locations-for-a-secret-scanning-alert
+//
+//meta:operation GET /repos/{owner}/{repo}/secret-scanning/alerts/{alert_number}/locations
 func (s *SecretScanningService) ListLocationsForAlert(ctx context.Context, owner, repo string, number int64, opts *ListOptions) ([]*SecretScanningAlertLocation, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/secret-scanning/alerts/%v/locations", owner, repo, number)
 	u, err := addOptions(u, opts)
diff --git a/vendor/github.com/google/go-github/v57/github/security_advisories.go b/vendor/github.com/google/go-github/v57/github/security_advisories.go
new file mode 100644
index 00000000000..635263748d4
--- /dev/null
+++ b/vendor/github.com/google/go-github/v57/github/security_advisories.go
@@ -0,0 +1,248 @@
+// Copyright 2023 The go-github AUTHORS. All rights reserved.
+//
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package github
+
+import (
+	"context"
+	"fmt"
+)
+
+type SecurityAdvisoriesService service
+
+// SecurityAdvisorySubmission represents the Security Advisory Submission.
+type SecurityAdvisorySubmission struct {
+	// Accepted represents whether a private vulnerability report was accepted by the repository's administrators.
+	Accepted *bool `json:"accepted,omitempty"`
+}
+
+// RepoAdvisoryCredit represents the credit object for a repository Security Advisory.
+type RepoAdvisoryCredit struct {
+	Login *string `json:"login,omitempty"`
+	Type  *string `json:"type,omitempty"`
+}
+
+// RepoAdvisoryCreditDetailed represents a credit given to a user for a repository Security Advisory.
+type RepoAdvisoryCreditDetailed struct {
+	User  *User   `json:"user,omitempty"`
+	Type  *string `json:"type,omitempty"`
+	State *string `json:"state,omitempty"`
+}
+
+// ListRepositorySecurityAdvisoriesOptions specifies the optional parameters to list the repository security advisories.
+type ListRepositorySecurityAdvisoriesOptions struct {
+	ListCursorOptions
+
+	// Direction in which to sort advisories. Possible values are: asc, desc.
+	// Default is "asc".
+	Direction string `url:"direction,omitempty"`
+
+	// Sort specifies how to sort advisories. Possible values are: created, updated,
+	// and published. Default value is "created".
+	Sort string `url:"sort,omitempty"`
+
+	// State filters advisories based on their state. Possible values are: triage, draft, published, closed.
+	State string `url:"state,omitempty"`
+}
+
+// ListGlobalSecurityAdvisoriesOptions specifies the optional parameters to list the global security advisories.
+type ListGlobalSecurityAdvisoriesOptions struct {
+	ListCursorOptions
+
+	// If specified, only advisories with this GHSA (GitHub Security Advisory) identifier will be returned.
+	GHSAID *string `url:"ghsa_id,omitempty"`
+
+	// If specified, only advisories of this type will be returned.
+	// By default, a request with no other parameters defined will only return reviewed advisories that are not malware.
+	// Default: reviewed
+	// Can be one of: reviewed, malware, unreviewed
+	Type *string `url:"type,omitempty"`
+
+	// If specified, only advisories with this CVE (Common Vulnerabilities and Exposures) identifier will be returned.
+	CVEID *string `url:"cve_id,omitempty"`
+
+	// If specified, only advisories for these ecosystems will be returned.
+	// Can be one of: actions, composer, erlang, go, maven, npm, nuget, other, pip, pub, rubygems, rust
+	Ecosystem *string `url:"ecosystem,omitempty"`
+
+	// If specified, only advisories with these severities will be returned.
+	// Can be one of: unknown, low, medium, high, critical
+	Severity *string `url:"severity,omitempty"`
+
+	// If specified, only advisories with these Common Weakness Enumerations (CWEs) will be returned.
+	// Example: cwes=79,284,22 or cwes[]=79&cwes[]=284&cwes[]=22
+	CWEs []string `url:"cwes,omitempty"`
+
+	// Whether to only return advisories that have been withdrawn.
+	IsWithdrawn *bool `url:"is_withdrawn,omitempty"`
+
+	// If specified, only return advisories that affect any of package or package@version.
+	// A maximum of 1000 packages can be specified. If the query parameter causes
+	// the URL to exceed the maximum URL length supported by your client, you must specify fewer packages.
+	// Example: affects=package1,package2@1.0.0,package3@^2.0.0 or affects[]=package1&affects[]=package2@1.0.0
+	Affects *string `url:"affects,omitempty"`
+
+	// If specified, only return advisories that were published on a date or date range.
+	Published *string `url:"published,omitempty"`
+
+	// If specified, only return advisories that were updated on a date or date range.
+	Updated *string `url:"updated,omitempty"`
+
+	// If specified, only show advisories that were updated or published on a date or date range.
+	Modified *string `url:"modified,omitempty"`
+}
+
+// GlobalSecurityAdvisory represents the global security advisory object response.
+type GlobalSecurityAdvisory struct {
+	SecurityAdvisory
+	ID                    *int64                         `json:"id,omitempty"`
+	RepositoryAdvisoryURL *string                        `json:"repository_advisory_url,omitempty"`
+	Type                  *string                        `json:"type,omitempty"`
+	SourceCodeLocation    *string                        `json:"source_code_location,omitempty"`
+	References            []string                       `json:"references,omitempty"`
+	Vulnerabilities       []*GlobalSecurityVulnerability `json:"vulnerabilities,omitempty"`
+	GithubReviewedAt      *Timestamp                     `json:"github_reviewed_at,omitempty"`
+	NVDPublishedAt        *Timestamp                     `json:"nvd_published_at,omitempty"`
+	Credits               []*Credit                      `json:"credits,omitempty"`
+}
+
+// GlobalSecurityVulnerability represents a vulnerability for a global security advisory.
+type GlobalSecurityVulnerability struct {
+	Package                *VulnerabilityPackage `json:"package,omitempty"`
+	FirstPatchedVersion    *string               `json:"first_patched_version,omitempty"`
+	VulnerableVersionRange *string               `json:"vulnerable_version_range,omitempty"`
+	VulnerableFunctions    []string              `json:"vulnerable_functions,omitempty"`
+}
+
+// Credit represents the credit object for a global security advisory.
+type Credit struct {
+	User *User   `json:"user,omitempty"`
+	Type *string `json:"type,omitempty"`
+}
+
+// RequestCVE requests a Common Vulnerabilities and Exposures (CVE) for a repository security advisory.
+// The ghsaID is the GitHub Security Advisory identifier of the advisory.
+//
+// GitHub API docs: https://docs.github.com/rest/security-advisories/repository-advisories#request-a-cve-for-a-repository-security-advisory
+//
+//meta:operation POST /repos/{owner}/{repo}/security-advisories/{ghsa_id}/cve
+func (s *SecurityAdvisoriesService) RequestCVE(ctx context.Context, owner, repo, ghsaID string) (*Response, error) {
+	url := fmt.Sprintf("repos/%v/%v/security-advisories/%v/cve", owner, repo, ghsaID)
+
+	req, err := s.client.NewRequest("POST", url, nil)
+	if err != nil {
+		return nil, err
+	}
+
+	resp, err := s.client.Do(ctx, req, nil)
+	if err != nil {
+		if _, ok := err.(*AcceptedError); ok {
+			return resp, nil
+		}
+
+		return resp, err
+	}
+
+	return resp, nil
+}
+
+// ListRepositorySecurityAdvisoriesForOrg lists the repository security advisories for an organization.
+//
+// GitHub API docs: https://docs.github.com/rest/security-advisories/repository-advisories#list-repository-security-advisories-for-an-organization
+//
+//meta:operation GET /orgs/{org}/security-advisories
+func (s *SecurityAdvisoriesService) ListRepositorySecurityAdvisoriesForOrg(ctx context.Context, org string, opt *ListRepositorySecurityAdvisoriesOptions) ([]*SecurityAdvisory, *Response, error) {
+	url := fmt.Sprintf("orgs/%v/security-advisories", org)
+	url, err := addOptions(url, opt)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	req, err := s.client.NewRequest("GET", url, nil)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	var advisories []*SecurityAdvisory
+	resp, err := s.client.Do(ctx, req, &advisories)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return advisories, resp, nil
+}
+
+// ListRepositorySecurityAdvisories lists the security advisories in a repository.
+//
+// GitHub API docs: https://docs.github.com/rest/security-advisories/repository-advisories#list-repository-security-advisories
+//
+//meta:operation GET /repos/{owner}/{repo}/security-advisories
+func (s *SecurityAdvisoriesService) ListRepositorySecurityAdvisories(ctx context.Context, owner, repo string, opt *ListRepositorySecurityAdvisoriesOptions) ([]*SecurityAdvisory, *Response, error) {
+	url := fmt.Sprintf("repos/%v/%v/security-advisories", owner, repo)
+	url, err := addOptions(url, opt)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	req, err := s.client.NewRequest("GET", url, nil)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	var advisories []*SecurityAdvisory
+	resp, err := s.client.Do(ctx, req, &advisories)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return advisories, resp, nil
+}
+
+// ListGlobalSecurityAdvisories lists all global security advisories.
+//
+// GitHub API docs: https://docs.github.com/rest/security-advisories/global-advisories#list-global-security-advisories
+//
+//meta:operation GET /advisories
+func (s *SecurityAdvisoriesService) ListGlobalSecurityAdvisories(ctx context.Context, opts *ListGlobalSecurityAdvisoriesOptions) ([]*GlobalSecurityAdvisory, *Response, error) {
+	url := "advisories"
+	url, err := addOptions(url, opts)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	req, err := s.client.NewRequest("GET", url, nil)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	var advisories []*GlobalSecurityAdvisory
+	resp, err := s.client.Do(ctx, req, &advisories)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return advisories, resp, nil
+}
+
+// GetGlobalSecurityAdvisories gets a global security advisory using its GitHub Security Advisory (GHSA) identifier.
+//
+// GitHub API docs: https://docs.github.com/rest/security-advisories/global-advisories#get-a-global-security-advisory
+//
+//meta:operation GET /advisories/{ghsa_id}
+func (s *SecurityAdvisoriesService) GetGlobalSecurityAdvisories(ctx context.Context, ghsaID string) (*GlobalSecurityAdvisory, *Response, error) {
+	url := fmt.Sprintf("advisories/%s", ghsaID)
+	req, err := s.client.NewRequest("GET", url, nil)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	var advisory *GlobalSecurityAdvisory
+	resp, err := s.client.Do(ctx, req, &advisory)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return advisory, resp, nil
+}
diff --git a/vendor/github.com/google/go-github/v56/github/strings.go b/vendor/github.com/google/go-github/v57/github/strings.go
similarity index 100%
rename from vendor/github.com/google/go-github/v56/github/strings.go
rename to vendor/github.com/google/go-github/v57/github/strings.go
diff --git a/vendor/github.com/google/go-github/v56/github/teams.go b/vendor/github.com/google/go-github/v57/github/teams.go
similarity index 83%
rename from vendor/github.com/google/go-github/v56/github/teams.go
rename to vendor/github.com/google/go-github/v57/github/teams.go
index 0ee7c200792..fd22b792a66 100644
--- a/vendor/github.com/google/go-github/v56/github/teams.go
+++ b/vendor/github.com/google/go-github/v57/github/teams.go
@@ -15,7 +15,7 @@ import (
 // TeamsService provides access to the team-related functions
 // in the GitHub API.
 //
-// GitHub API docs: https://docs.github.com/en/rest/teams/
+// GitHub API docs: https://docs.github.com/rest/teams/
 type TeamsService service
 
 // Team represents a team within a GitHub organization. Teams are used to
@@ -81,7 +81,9 @@ func (i Invitation) String() string {
 
 // ListTeams lists all of the teams for an organization.
 //
-// GitHub API docs: https://docs.github.com/en/rest/teams/teams#list-teams
+// GitHub API docs: https://docs.github.com/rest/teams/teams#list-teams
+//
+//meta:operation GET /orgs/{org}/teams
 func (s *TeamsService) ListTeams(ctx context.Context, org string, opts *ListOptions) ([]*Team, *Response, error) {
 	u := fmt.Sprintf("orgs/%v/teams", org)
 	u, err := addOptions(u, opts)
@@ -105,7 +107,9 @@ func (s *TeamsService) ListTeams(ctx context.Context, org string, opts *ListOpti
 
 // GetTeamByID fetches a team, given a specified organization ID, by ID.
 //
-// GitHub API docs: https://docs.github.com/en/rest/teams/teams#get-a-team-by-name
+// GitHub API docs: https://docs.github.com/rest/teams/teams#get-a-team-by-name
+//
+//meta:operation GET /orgs/{org}/teams/{team_slug}
 func (s *TeamsService) GetTeamByID(ctx context.Context, orgID, teamID int64) (*Team, *Response, error) {
 	u := fmt.Sprintf("organizations/%v/team/%v", orgID, teamID)
 	req, err := s.client.NewRequest("GET", u, nil)
@@ -124,7 +128,9 @@ func (s *TeamsService) GetTeamByID(ctx context.Context, orgID, teamID int64) (*T
 
 // GetTeamBySlug fetches a team, given a specified organization name, by slug.
 //
-// GitHub API docs: https://docs.github.com/en/rest/teams/teams#get-a-team-by-name
+// GitHub API docs: https://docs.github.com/rest/teams/teams#get-a-team-by-name
+//
+//meta:operation GET /orgs/{org}/teams/{team_slug}
 func (s *TeamsService) GetTeamBySlug(ctx context.Context, org, slug string) (*Team, *Response, error) {
 	u := fmt.Sprintf("orgs/%v/teams/%v", org, slug)
 	req, err := s.client.NewRequest("GET", u, nil)
@@ -174,7 +180,9 @@ func (s NewTeam) String() string {
 
 // CreateTeam creates a new team within an organization.
 //
-// GitHub API docs: https://docs.github.com/en/rest/teams/teams#create-a-team
+// GitHub API docs: https://docs.github.com/rest/teams/teams#create-a-team
+//
+//meta:operation POST /orgs/{org}/teams
 func (s *TeamsService) CreateTeam(ctx context.Context, org string, team NewTeam) (*Team, *Response, error) {
 	u := fmt.Sprintf("orgs/%v/teams", org)
 	req, err := s.client.NewRequest("POST", u, team)
@@ -220,7 +228,9 @@ func copyNewTeamWithoutParent(team *NewTeam) *newTeamNoParent {
 
 // EditTeamByID edits a team, given an organization ID, selected by ID.
 //
-// GitHub API docs: https://docs.github.com/en/rest/teams/teams#update-a-team
+// GitHub API docs: https://docs.github.com/rest/teams/teams#update-a-team
+//
+//meta:operation PATCH /orgs/{org}/teams/{team_slug}
 func (s *TeamsService) EditTeamByID(ctx context.Context, orgID, teamID int64, team NewTeam, removeParent bool) (*Team, *Response, error) {
 	u := fmt.Sprintf("organizations/%v/team/%v", orgID, teamID)
 
@@ -247,7 +257,9 @@ func (s *TeamsService) EditTeamByID(ctx context.Context, orgID, teamID int64, te
 
 // EditTeamBySlug edits a team, given an organization name, by slug.
 //
-// GitHub API docs: https://docs.github.com/en/rest/teams/teams#update-a-team
+// GitHub API docs: https://docs.github.com/rest/teams/teams#update-a-team
+//
+//meta:operation PATCH /orgs/{org}/teams/{team_slug}
 func (s *TeamsService) EditTeamBySlug(ctx context.Context, org, slug string, team NewTeam, removeParent bool) (*Team, *Response, error) {
 	u := fmt.Sprintf("orgs/%v/teams/%v", org, slug)
 
@@ -274,7 +286,9 @@ func (s *TeamsService) EditTeamBySlug(ctx context.Context, org, slug string, tea
 
 // DeleteTeamByID deletes a team referenced by ID.
 //
-// GitHub API docs: https://docs.github.com/en/rest/teams/teams#delete-a-team
+// GitHub API docs: https://docs.github.com/rest/teams/teams#delete-a-team
+//
+//meta:operation DELETE /orgs/{org}/teams/{team_slug}
 func (s *TeamsService) DeleteTeamByID(ctx context.Context, orgID, teamID int64) (*Response, error) {
 	u := fmt.Sprintf("organizations/%v/team/%v", orgID, teamID)
 	req, err := s.client.NewRequest("DELETE", u, nil)
@@ -287,7 +301,9 @@ func (s *TeamsService) DeleteTeamByID(ctx context.Context, orgID, teamID int64)
 
 // DeleteTeamBySlug deletes a team reference by slug.
 //
-// GitHub API docs: https://docs.github.com/en/rest/teams/teams#delete-a-team
+// GitHub API docs: https://docs.github.com/rest/teams/teams#delete-a-team
+//
+//meta:operation DELETE /orgs/{org}/teams/{team_slug}
 func (s *TeamsService) DeleteTeamBySlug(ctx context.Context, org, slug string) (*Response, error) {
 	u := fmt.Sprintf("orgs/%v/teams/%v", org, slug)
 	req, err := s.client.NewRequest("DELETE", u, nil)
@@ -300,7 +316,9 @@ func (s *TeamsService) DeleteTeamBySlug(ctx context.Context, org, slug string) (
 
 // ListChildTeamsByParentID lists child teams for a parent team given parent ID.
 //
-// GitHub API docs: https://docs.github.com/en/rest/teams/teams#list-child-teams
+// GitHub API docs: https://docs.github.com/rest/teams/teams#list-child-teams
+//
+//meta:operation GET /orgs/{org}/teams/{team_slug}/teams
 func (s *TeamsService) ListChildTeamsByParentID(ctx context.Context, orgID, teamID int64, opts *ListOptions) ([]*Team, *Response, error) {
 	u := fmt.Sprintf("organizations/%v/team/%v/teams", orgID, teamID)
 	u, err := addOptions(u, opts)
@@ -324,7 +342,9 @@ func (s *TeamsService) ListChildTeamsByParentID(ctx context.Context, orgID, team
 
 // ListChildTeamsByParentSlug lists child teams for a parent team given parent slug.
 //
-// GitHub API docs: https://docs.github.com/en/rest/teams/teams#list-child-teams
+// GitHub API docs: https://docs.github.com/rest/teams/teams#list-child-teams
+//
+//meta:operation GET /orgs/{org}/teams/{team_slug}/teams
 func (s *TeamsService) ListChildTeamsByParentSlug(ctx context.Context, org, slug string, opts *ListOptions) ([]*Team, *Response, error) {
 	u := fmt.Sprintf("orgs/%v/teams/%v/teams", org, slug)
 	u, err := addOptions(u, opts)
@@ -348,7 +368,9 @@ func (s *TeamsService) ListChildTeamsByParentSlug(ctx context.Context, org, slug
 
 // ListTeamReposByID lists the repositories given a team ID that the specified team has access to.
 //
-// GitHub API docs: https://docs.github.com/en/rest/teams/teams#list-team-repositories
+// GitHub API docs: https://docs.github.com/rest/teams/teams#list-team-repositories
+//
+//meta:operation GET /orgs/{org}/teams/{team_slug}/repos
 func (s *TeamsService) ListTeamReposByID(ctx context.Context, orgID, teamID int64, opts *ListOptions) ([]*Repository, *Response, error) {
 	u := fmt.Sprintf("organizations/%v/team/%v/repos", orgID, teamID)
 	u, err := addOptions(u, opts)
@@ -376,7 +398,9 @@ func (s *TeamsService) ListTeamReposByID(ctx context.Context, orgID, teamID int6
 
 // ListTeamReposBySlug lists the repositories given a team slug that the specified team has access to.
 //
-// GitHub API docs: https://docs.github.com/en/rest/teams/teams#list-team-repositories
+// GitHub API docs: https://docs.github.com/rest/teams/teams#list-team-repositories
+//
+//meta:operation GET /orgs/{org}/teams/{team_slug}/repos
 func (s *TeamsService) ListTeamReposBySlug(ctx context.Context, org, slug string, opts *ListOptions) ([]*Repository, *Response, error) {
 	u := fmt.Sprintf("orgs/%v/teams/%v/repos", org, slug)
 	u, err := addOptions(u, opts)
@@ -406,7 +430,9 @@ func (s *TeamsService) ListTeamReposBySlug(ctx context.Context, org, slug string
 // repository is managed by team, a Repository is returned which includes the
 // permissions team has for that repo.
 //
-// GitHub API docs: https://docs.github.com/en/rest/teams/teams#check-team-permissions-for-a-repository
+// GitHub API docs: https://docs.github.com/rest/teams/teams#check-team-permissions-for-a-repository
+//
+//meta:operation GET /orgs/{org}/teams/{team_slug}/repos/{owner}/{repo}
 func (s *TeamsService) IsTeamRepoByID(ctx context.Context, orgID, teamID int64, owner, repo string) (*Repository, *Response, error) {
 	u := fmt.Sprintf("organizations/%v/team/%v/repos/%v/%v", orgID, teamID, owner, repo)
 	req, err := s.client.NewRequest("GET", u, nil)
@@ -430,7 +456,9 @@ func (s *TeamsService) IsTeamRepoByID(ctx context.Context, orgID, teamID int64,
 // repository is managed by team, a Repository is returned which includes the
 // permissions team has for that repo.
 //
-// GitHub API docs: https://docs.github.com/en/rest/teams/teams#check-team-permissions-for-a-repository
+// GitHub API docs: https://docs.github.com/rest/teams/teams#check-team-permissions-for-a-repository
+//
+//meta:operation GET /orgs/{org}/teams/{team_slug}/repos/{owner}/{repo}
 func (s *TeamsService) IsTeamRepoBySlug(ctx context.Context, org, slug, owner, repo string) (*Repository, *Response, error) {
 	u := fmt.Sprintf("orgs/%v/teams/%v/repos/%v/%v", org, slug, owner, repo)
 	req, err := s.client.NewRequest("GET", u, nil)
@@ -469,7 +497,9 @@ type TeamAddTeamRepoOptions struct {
 // The specified repository must be owned by the organization to which the team
 // belongs, or a direct fork of a repository owned by the organization.
 //
-// GitHub API docs: https://docs.github.com/en/rest/teams/teams#add-or-update-team-repository-permissions
+// GitHub API docs: https://docs.github.com/rest/teams/teams#add-or-update-team-repository-permissions
+//
+//meta:operation PUT /orgs/{org}/teams/{team_slug}/repos/{owner}/{repo}
 func (s *TeamsService) AddTeamRepoByID(ctx context.Context, orgID, teamID int64, owner, repo string, opts *TeamAddTeamRepoOptions) (*Response, error) {
 	u := fmt.Sprintf("organizations/%v/team/%v/repos/%v/%v", orgID, teamID, owner, repo)
 	req, err := s.client.NewRequest("PUT", u, opts)
@@ -484,7 +514,9 @@ func (s *TeamsService) AddTeamRepoByID(ctx context.Context, orgID, teamID int64,
 // The specified repository must be owned by the organization to which the team
 // belongs, or a direct fork of a repository owned by the organization.
 //
-// GitHub API docs: https://docs.github.com/en/rest/teams/teams#add-or-update-team-repository-permissions
+// GitHub API docs: https://docs.github.com/rest/teams/teams#add-or-update-team-repository-permissions
+//
+//meta:operation PUT /orgs/{org}/teams/{team_slug}/repos/{owner}/{repo}
 func (s *TeamsService) AddTeamRepoBySlug(ctx context.Context, org, slug, owner, repo string, opts *TeamAddTeamRepoOptions) (*Response, error) {
 	u := fmt.Sprintf("orgs/%v/teams/%v/repos/%v/%v", org, slug, owner, repo)
 	req, err := s.client.NewRequest("PUT", u, opts)
@@ -499,7 +531,9 @@ func (s *TeamsService) AddTeamRepoBySlug(ctx context.Context, org, slug, owner,
 // team given the team ID. Note that this does not delete the repository, it
 // just removes it from the team.
 //
-// GitHub API docs: https://docs.github.com/en/rest/teams/teams#remove-a-repository-from-a-team
+// GitHub API docs: https://docs.github.com/rest/teams/teams#remove-a-repository-from-a-team
+//
+//meta:operation DELETE /orgs/{org}/teams/{team_slug}/repos/{owner}/{repo}
 func (s *TeamsService) RemoveTeamRepoByID(ctx context.Context, orgID, teamID int64, owner, repo string) (*Response, error) {
 	u := fmt.Sprintf("organizations/%v/team/%v/repos/%v/%v", orgID, teamID, owner, repo)
 	req, err := s.client.NewRequest("DELETE", u, nil)
@@ -514,7 +548,9 @@ func (s *TeamsService) RemoveTeamRepoByID(ctx context.Context, orgID, teamID int
 // team given the team slug. Note that this does not delete the repository, it
 // just removes it from the team.
 //
-// GitHub API docs: https://docs.github.com/en/rest/teams/teams#remove-a-repository-from-a-team
+// GitHub API docs: https://docs.github.com/rest/teams/teams#remove-a-repository-from-a-team
+//
+//meta:operation DELETE /orgs/{org}/teams/{team_slug}/repos/{owner}/{repo}
 func (s *TeamsService) RemoveTeamRepoBySlug(ctx context.Context, org, slug, owner, repo string) (*Response, error) {
 	u := fmt.Sprintf("orgs/%v/teams/%v/repos/%v/%v", org, slug, owner, repo)
 	req, err := s.client.NewRequest("DELETE", u, nil)
@@ -526,7 +562,10 @@ func (s *TeamsService) RemoveTeamRepoBySlug(ctx context.Context, org, slug, owne
 }
 
 // ListUserTeams lists a user's teams
-// GitHub API docs: https://docs.github.com/en/rest/teams/teams#list-teams-for-the-authenticated-user
+//
+// GitHub API docs: https://docs.github.com/rest/teams/teams#list-teams-for-the-authenticated-user
+//
+//meta:operation GET /user/teams
 func (s *TeamsService) ListUserTeams(ctx context.Context, opts *ListOptions) ([]*Team, *Response, error) {
 	u := "user/teams"
 	u, err := addOptions(u, opts)
@@ -550,7 +589,9 @@ func (s *TeamsService) ListUserTeams(ctx context.Context, opts *ListOptions) ([]
 
 // ListTeamProjectsByID lists the organization projects for a team given the team ID.
 //
-// GitHub API docs: https://docs.github.com/en/rest/teams/teams#list-team-projects
+// GitHub API docs: https://docs.github.com/rest/teams/teams#list-team-projects
+//
+//meta:operation GET /orgs/{org}/teams/{team_slug}/projects
 func (s *TeamsService) ListTeamProjectsByID(ctx context.Context, orgID, teamID int64) ([]*Project, *Response, error) {
 	u := fmt.Sprintf("organizations/%v/team/%v/projects", orgID, teamID)
 
@@ -574,7 +615,9 @@ func (s *TeamsService) ListTeamProjectsByID(ctx context.Context, orgID, teamID i
 
 // ListTeamProjectsBySlug lists the organization projects for a team given the team slug.
 //
-// GitHub API docs: https://docs.github.com/en/rest/teams/teams#list-team-projects
+// GitHub API docs: https://docs.github.com/rest/teams/teams#list-team-projects
+//
+//meta:operation GET /orgs/{org}/teams/{team_slug}/projects
 func (s *TeamsService) ListTeamProjectsBySlug(ctx context.Context, org, slug string) ([]*Project, *Response, error) {
 	u := fmt.Sprintf("orgs/%v/teams/%v/projects", org, slug)
 
@@ -599,7 +642,9 @@ func (s *TeamsService) ListTeamProjectsBySlug(ctx context.Context, org, slug str
 // ReviewTeamProjectsByID checks whether a team, given its ID, has read, write, or admin
 // permissions for an organization project.
 //
-// GitHub API docs: https://docs.github.com/en/rest/teams/teams#check-team-permissions-for-a-project
+// GitHub API docs: https://docs.github.com/rest/teams/teams#check-team-permissions-for-a-project
+//
+//meta:operation GET /orgs/{org}/teams/{team_slug}/projects/{project_id}
 func (s *TeamsService) ReviewTeamProjectsByID(ctx context.Context, orgID, teamID, projectID int64) (*Project, *Response, error) {
 	u := fmt.Sprintf("organizations/%v/team/%v/projects/%v", orgID, teamID, projectID)
 	req, err := s.client.NewRequest("GET", u, nil)
@@ -623,7 +668,9 @@ func (s *TeamsService) ReviewTeamProjectsByID(ctx context.Context, orgID, teamID
 // ReviewTeamProjectsBySlug checks whether a team, given its slug, has read, write, or admin
 // permissions for an organization project.
 //
-// GitHub API docs: https://docs.github.com/en/rest/teams/teams#check-team-permissions-for-a-project
+// GitHub API docs: https://docs.github.com/rest/teams/teams#check-team-permissions-for-a-project
+//
+//meta:operation GET /orgs/{org}/teams/{team_slug}/projects/{project_id}
 func (s *TeamsService) ReviewTeamProjectsBySlug(ctx context.Context, org, slug string, projectID int64) (*Project, *Response, error) {
 	u := fmt.Sprintf("orgs/%v/teams/%v/projects/%v", org, slug, projectID)
 	req, err := s.client.NewRequest("GET", u, nil)
@@ -660,7 +707,9 @@ type TeamProjectOptions struct {
 // To add a project to a team or update the team's permission on a project, the
 // authenticated user must have admin permissions for the project.
 //
-// GitHub API docs: https://docs.github.com/en/rest/teams/teams#add-or-update-team-project-permissions
+// GitHub API docs: https://docs.github.com/rest/teams/teams#add-or-update-team-project-permissions
+//
+//meta:operation PUT /orgs/{org}/teams/{team_slug}/projects/{project_id}
 func (s *TeamsService) AddTeamProjectByID(ctx context.Context, orgID, teamID, projectID int64, opts *TeamProjectOptions) (*Response, error) {
 	u := fmt.Sprintf("organizations/%v/team/%v/projects/%v", orgID, teamID, projectID)
 	req, err := s.client.NewRequest("PUT", u, opts)
@@ -679,7 +728,9 @@ func (s *TeamsService) AddTeamProjectByID(ctx context.Context, orgID, teamID, pr
 // To add a project to a team or update the team's permission on a project, the
 // authenticated user must have admin permissions for the project.
 //
-// GitHub API docs: https://docs.github.com/en/rest/teams/teams#add-or-update-team-project-permissions
+// GitHub API docs: https://docs.github.com/rest/teams/teams#add-or-update-team-project-permissions
+//
+//meta:operation PUT /orgs/{org}/teams/{team_slug}/projects/{project_id}
 func (s *TeamsService) AddTeamProjectBySlug(ctx context.Context, org, slug string, projectID int64, opts *TeamProjectOptions) (*Response, error) {
 	u := fmt.Sprintf("orgs/%v/teams/%v/projects/%v", org, slug, projectID)
 	req, err := s.client.NewRequest("PUT", u, opts)
@@ -701,7 +752,9 @@ func (s *TeamsService) AddTeamProjectBySlug(ctx context.Context, org, slug strin
 // or project.
 // Note: This endpoint removes the project from the team, but does not delete it.
 //
-// GitHub API docs: https://docs.github.com/en/rest/teams/teams#remove-a-project-from-a-team
+// GitHub API docs: https://docs.github.com/rest/teams/teams#remove-a-project-from-a-team
+//
+//meta:operation DELETE /orgs/{org}/teams/{team_slug}/projects/{project_id}
 func (s *TeamsService) RemoveTeamProjectByID(ctx context.Context, orgID, teamID, projectID int64) (*Response, error) {
 	u := fmt.Sprintf("organizations/%v/team/%v/projects/%v", orgID, teamID, projectID)
 	req, err := s.client.NewRequest("DELETE", u, nil)
@@ -723,7 +776,9 @@ func (s *TeamsService) RemoveTeamProjectByID(ctx context.Context, orgID, teamID,
 // or project.
 // Note: This endpoint removes the project from the team, but does not delete it.
 //
-// GitHub API docs: https://docs.github.com/en/rest/teams/teams#remove-a-project-from-a-team
+// GitHub API docs: https://docs.github.com/rest/teams/teams#remove-a-project-from-a-team
+//
+//meta:operation DELETE /orgs/{org}/teams/{team_slug}/projects/{project_id}
 func (s *TeamsService) RemoveTeamProjectBySlug(ctx context.Context, org, slug string, projectID int64) (*Response, error) {
 	u := fmt.Sprintf("orgs/%v/teams/%v/projects/%v", org, slug, projectID)
 	req, err := s.client.NewRequest("DELETE", u, nil)
@@ -752,7 +807,9 @@ type IDPGroup struct {
 
 // ListIDPGroupsInOrganization lists IDP groups available in an organization.
 //
-// GitHub API docs: https://docs.github.com/en/rest/teams/team-sync#list-idp-groups-for-an-organization
+// GitHub API docs: https://docs.github.com/enterprise-cloud@latest/rest/teams/team-sync#list-idp-groups-for-an-organization
+//
+//meta:operation GET /orgs/{org}/team-sync/groups
 func (s *TeamsService) ListIDPGroupsInOrganization(ctx context.Context, org string, opts *ListCursorOptions) (*IDPGroupList, *Response, error) {
 	u := fmt.Sprintf("orgs/%v/team-sync/groups", org)
 	u, err := addOptions(u, opts)
@@ -777,7 +834,9 @@ func (s *TeamsService) ListIDPGroupsInOrganization(ctx context.Context, org stri
 // ListIDPGroupsForTeamByID lists IDP groups connected to a team on GitHub
 // given organization and team IDs.
 //
-// GitHub API docs: https://docs.github.com/en/rest/teams/team-sync#list-idp-groups-for-a-team
+// GitHub API docs: https://docs.github.com/enterprise-cloud@latest/rest/teams/team-sync#list-idp-groups-for-a-team
+//
+//meta:operation GET /orgs/{org}/teams/{team_slug}/team-sync/group-mappings
 func (s *TeamsService) ListIDPGroupsForTeamByID(ctx context.Context, orgID, teamID int64) (*IDPGroupList, *Response, error) {
 	u := fmt.Sprintf("organizations/%v/team/%v/team-sync/group-mappings", orgID, teamID)
 
@@ -798,7 +857,9 @@ func (s *TeamsService) ListIDPGroupsForTeamByID(ctx context.Context, orgID, team
 // ListIDPGroupsForTeamBySlug lists IDP groups connected to a team on GitHub
 // given organization name and team slug.
 //
-// GitHub API docs: https://docs.github.com/en/rest/teams/team-sync#list-idp-groups-for-a-team
+// GitHub API docs: https://docs.github.com/enterprise-cloud@latest/rest/teams/team-sync#list-idp-groups-for-a-team
+//
+//meta:operation GET /orgs/{org}/teams/{team_slug}/team-sync/group-mappings
 func (s *TeamsService) ListIDPGroupsForTeamBySlug(ctx context.Context, org, slug string) (*IDPGroupList, *Response, error) {
 	u := fmt.Sprintf("orgs/%v/teams/%v/team-sync/group-mappings", org, slug)
 
@@ -819,7 +880,9 @@ func (s *TeamsService) ListIDPGroupsForTeamBySlug(ctx context.Context, org, slug
 // CreateOrUpdateIDPGroupConnectionsByID creates, updates, or removes a connection
 // between a team and an IDP group given organization and team IDs.
 //
-// GitHub API docs: https://docs.github.com/en/rest/teams/team-sync#create-or-update-idp-group-connections
+// GitHub API docs: https://docs.github.com/enterprise-cloud@latest/rest/teams/team-sync#create-or-update-idp-group-connections
+//
+//meta:operation PATCH /orgs/{org}/teams/{team_slug}/team-sync/group-mappings
 func (s *TeamsService) CreateOrUpdateIDPGroupConnectionsByID(ctx context.Context, orgID, teamID int64, opts IDPGroupList) (*IDPGroupList, *Response, error) {
 	u := fmt.Sprintf("organizations/%v/team/%v/team-sync/group-mappings", orgID, teamID)
 
@@ -840,7 +903,9 @@ func (s *TeamsService) CreateOrUpdateIDPGroupConnectionsByID(ctx context.Context
 // CreateOrUpdateIDPGroupConnectionsBySlug creates, updates, or removes a connection
 // between a team and an IDP group given organization name and team slug.
 //
-// GitHub API docs: https://docs.github.com/en/rest/teams/team-sync#create-or-update-idp-group-connections
+// GitHub API docs: https://docs.github.com/enterprise-cloud@latest/rest/teams/team-sync#create-or-update-idp-group-connections
+//
+//meta:operation PATCH /orgs/{org}/teams/{team_slug}/team-sync/group-mappings
 func (s *TeamsService) CreateOrUpdateIDPGroupConnectionsBySlug(ctx context.Context, org, slug string, opts IDPGroupList) (*IDPGroupList, *Response, error) {
 	u := fmt.Sprintf("orgs/%v/teams/%v/team-sync/group-mappings", org, slug)
 
@@ -888,7 +953,9 @@ type ExternalGroupList struct {
 
 // GetExternalGroup fetches an external group.
 //
-// GitHub API docs: https://docs.github.com/en/enterprise-cloud@latest/rest/teams/external-groups#get-an-external-group
+// GitHub API docs: https://docs.github.com/enterprise-cloud@latest/rest/teams/external-groups#get-an-external-group
+//
+//meta:operation GET /orgs/{org}/external-group/{group_id}
 func (s *TeamsService) GetExternalGroup(ctx context.Context, org string, groupID int64) (*ExternalGroup, *Response, error) {
 	u := fmt.Sprintf("orgs/%v/external-group/%v", org, groupID)
 	req, err := s.client.NewRequest("GET", u, nil)
@@ -915,7 +982,9 @@ type ListExternalGroupsOptions struct {
 
 // ListExternalGroups lists external groups in an organization on GitHub.
 //
-// GitHub API docs: https://docs.github.com/en/enterprise-cloud@latest/rest/teams/external-groups#list-external-groups-in-an-organization
+// GitHub API docs: https://docs.github.com/enterprise-cloud@latest/rest/teams/external-groups#list-external-groups-in-an-organization
+//
+//meta:operation GET /orgs/{org}/external-groups
 func (s *TeamsService) ListExternalGroups(ctx context.Context, org string, opts *ListExternalGroupsOptions) (*ExternalGroupList, *Response, error) {
 	u := fmt.Sprintf("orgs/%v/external-groups", org)
 	u, err := addOptions(u, opts)
@@ -939,7 +1008,9 @@ func (s *TeamsService) ListExternalGroups(ctx context.Context, org string, opts
 
 // ListExternalGroupsForTeamBySlug lists external groups connected to a team on GitHub.
 //
-// GitHub API docs: https://docs.github.com/en/enterprise-cloud@latest/rest/teams/external-groups#list-a-connection-between-an-external-group-and-a-team
+// GitHub API docs: https://docs.github.com/enterprise-cloud@latest/rest/teams/external-groups#list-a-connection-between-an-external-group-and-a-team
+//
+//meta:operation GET /orgs/{org}/teams/{team_slug}/external-groups
 func (s *TeamsService) ListExternalGroupsForTeamBySlug(ctx context.Context, org, slug string) (*ExternalGroupList, *Response, error) {
 	u := fmt.Sprintf("orgs/%v/teams/%v/external-groups", org, slug)
 
@@ -959,7 +1030,9 @@ func (s *TeamsService) ListExternalGroupsForTeamBySlug(ctx context.Context, org,
 
 // UpdateConnectedExternalGroup updates the connection between an external group and a team.
 //
-// GitHub API docs: https://docs.github.com/en/enterprise-cloud@latest/rest/teams/external-groups#update-the-connection-between-an-external-group-and-a-team
+// GitHub API docs: https://docs.github.com/enterprise-cloud@latest/rest/teams/external-groups#update-the-connection-between-an-external-group-and-a-team
+//
+//meta:operation PATCH /orgs/{org}/teams/{team_slug}/external-groups
 func (s *TeamsService) UpdateConnectedExternalGroup(ctx context.Context, org, slug string, eg *ExternalGroup) (*ExternalGroup, *Response, error) {
 	u := fmt.Sprintf("orgs/%v/teams/%v/external-groups", org, slug)
 
@@ -979,7 +1052,9 @@ func (s *TeamsService) UpdateConnectedExternalGroup(ctx context.Context, org, sl
 
 // RemoveConnectedExternalGroup removes the connection between an external group and a team.
 //
-// GitHub API docs: https://docs.github.com/en/enterprise-cloud@latest/rest/teams/external-groups#remove-the-connection-between-an-external-group-and-a-team
+// GitHub API docs: https://docs.github.com/enterprise-cloud@latest/rest/teams/external-groups#remove-the-connection-between-an-external-group-and-a-team
+//
+//meta:operation DELETE /orgs/{org}/teams/{team_slug}/external-groups
 func (s *TeamsService) RemoveConnectedExternalGroup(ctx context.Context, org, slug string) (*Response, error) {
 	u := fmt.Sprintf("orgs/%v/teams/%v/external-groups", org, slug)
 
diff --git a/vendor/github.com/google/go-github/v56/github/teams_discussion_comments.go b/vendor/github.com/google/go-github/v57/github/teams_discussion_comments.go
similarity index 79%
rename from vendor/github.com/google/go-github/v56/github/teams_discussion_comments.go
rename to vendor/github.com/google/go-github/v57/github/teams_discussion_comments.go
index f3a1cc4dc00..ad3818c13fb 100644
--- a/vendor/github.com/google/go-github/v56/github/teams_discussion_comments.go
+++ b/vendor/github.com/google/go-github/v57/github/teams_discussion_comments.go
@@ -43,7 +43,9 @@ type DiscussionCommentListOptions struct {
 // ListCommentsByID lists all comments on a team discussion by team ID.
 // Authenticated user must grant read:discussion scope.
 //
-// GitHub API docs: https://docs.github.com/en/rest/teams/discussion-comments#list-discussion-comments
+// GitHub API docs: https://docs.github.com/rest/teams/discussion-comments#list-discussion-comments
+//
+//meta:operation GET /orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments
 func (s *TeamsService) ListCommentsByID(ctx context.Context, orgID, teamID int64, discussionNumber int, options *DiscussionCommentListOptions) ([]*DiscussionComment, *Response, error) {
 	u := fmt.Sprintf("organizations/%v/team/%v/discussions/%v/comments", orgID, teamID, discussionNumber)
 	u, err := addOptions(u, options)
@@ -68,7 +70,9 @@ func (s *TeamsService) ListCommentsByID(ctx context.Context, orgID, teamID int64
 // ListCommentsBySlug lists all comments on a team discussion by team slug.
 // Authenticated user must grant read:discussion scope.
 //
-// GitHub API docs: https://docs.github.com/en/rest/teams/discussion-comments#list-discussion-comments
+// GitHub API docs: https://docs.github.com/rest/teams/discussion-comments#list-discussion-comments
+//
+//meta:operation GET /orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments
 func (s *TeamsService) ListCommentsBySlug(ctx context.Context, org, slug string, discussionNumber int, options *DiscussionCommentListOptions) ([]*DiscussionComment, *Response, error) {
 	u := fmt.Sprintf("orgs/%v/teams/%v/discussions/%v/comments", org, slug, discussionNumber)
 	u, err := addOptions(u, options)
@@ -93,7 +97,9 @@ func (s *TeamsService) ListCommentsBySlug(ctx context.Context, org, slug string,
 // GetCommentByID gets a specific comment on a team discussion by team ID.
 // Authenticated user must grant read:discussion scope.
 //
-// GitHub API docs: https://docs.github.com/en/rest/teams/discussion-comments#get-a-discussion-comment
+// GitHub API docs: https://docs.github.com/rest/teams/discussion-comments#get-a-discussion-comment
+//
+//meta:operation GET /orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}
 func (s *TeamsService) GetCommentByID(ctx context.Context, orgID, teamID int64, discussionNumber, commentNumber int) (*DiscussionComment, *Response, error) {
 	u := fmt.Sprintf("organizations/%v/team/%v/discussions/%v/comments/%v", orgID, teamID, discussionNumber, commentNumber)
 	req, err := s.client.NewRequest("GET", u, nil)
@@ -113,7 +119,9 @@ func (s *TeamsService) GetCommentByID(ctx context.Context, orgID, teamID int64,
 // GetCommentBySlug gets a specific comment on a team discussion by team slug.
 // Authenticated user must grant read:discussion scope.
 //
-// GitHub API docs: https://docs.github.com/en/rest/teams/discussion-comments#get-a-discussion-comment
+// GitHub API docs: https://docs.github.com/rest/teams/discussion-comments#get-a-discussion-comment
+//
+//meta:operation GET /orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}
 func (s *TeamsService) GetCommentBySlug(ctx context.Context, org, slug string, discussionNumber, commentNumber int) (*DiscussionComment, *Response, error) {
 	u := fmt.Sprintf("orgs/%v/teams/%v/discussions/%v/comments/%v", org, slug, discussionNumber, commentNumber)
 
@@ -134,7 +142,9 @@ func (s *TeamsService) GetCommentBySlug(ctx context.Context, org, slug string, d
 // CreateCommentByID creates a new comment on a team discussion by team ID.
 // Authenticated user must grant write:discussion scope.
 //
-// GitHub API docs: https://docs.github.com/en/rest/teams/discussion-comments#create-a-discussion-comment
+// GitHub API docs: https://docs.github.com/rest/teams/discussion-comments#create-a-discussion-comment
+//
+//meta:operation POST /orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments
 func (s *TeamsService) CreateCommentByID(ctx context.Context, orgID, teamID int64, discsusionNumber int, comment DiscussionComment) (*DiscussionComment, *Response, error) {
 	u := fmt.Sprintf("organizations/%v/team/%v/discussions/%v/comments", orgID, teamID, discsusionNumber)
 	req, err := s.client.NewRequest("POST", u, comment)
@@ -154,7 +164,9 @@ func (s *TeamsService) CreateCommentByID(ctx context.Context, orgID, teamID int6
 // CreateCommentBySlug creates a new comment on a team discussion by team slug.
 // Authenticated user must grant write:discussion scope.
 //
-// GitHub API docs: https://docs.github.com/en/rest/teams/discussion-comments#create-a-discussion-comment
+// GitHub API docs: https://docs.github.com/rest/teams/discussion-comments#create-a-discussion-comment
+//
+//meta:operation POST /orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments
 func (s *TeamsService) CreateCommentBySlug(ctx context.Context, org, slug string, discsusionNumber int, comment DiscussionComment) (*DiscussionComment, *Response, error) {
 	u := fmt.Sprintf("orgs/%v/teams/%v/discussions/%v/comments", org, slug, discsusionNumber)
 	req, err := s.client.NewRequest("POST", u, comment)
@@ -175,7 +187,9 @@ func (s *TeamsService) CreateCommentBySlug(ctx context.Context, org, slug string
 // Authenticated user must grant write:discussion scope.
 // User is allowed to edit body of a comment only.
 //
-// GitHub API docs: https://docs.github.com/en/rest/teams/discussion-comments#update-a-discussion-comment
+// GitHub API docs: https://docs.github.com/rest/teams/discussion-comments#update-a-discussion-comment
+//
+//meta:operation PATCH /orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}
 func (s *TeamsService) EditCommentByID(ctx context.Context, orgID, teamID int64, discussionNumber, commentNumber int, comment DiscussionComment) (*DiscussionComment, *Response, error) {
 	u := fmt.Sprintf("organizations/%v/team/%v/discussions/%v/comments/%v", orgID, teamID, discussionNumber, commentNumber)
 	req, err := s.client.NewRequest("PATCH", u, comment)
@@ -196,7 +210,9 @@ func (s *TeamsService) EditCommentByID(ctx context.Context, orgID, teamID int64,
 // Authenticated user must grant write:discussion scope.
 // User is allowed to edit body of a comment only.
 //
-// GitHub API docs: https://docs.github.com/en/rest/teams/discussion-comments#update-a-discussion-comment
+// GitHub API docs: https://docs.github.com/rest/teams/discussion-comments#update-a-discussion-comment
+//
+//meta:operation PATCH /orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}
 func (s *TeamsService) EditCommentBySlug(ctx context.Context, org, slug string, discussionNumber, commentNumber int, comment DiscussionComment) (*DiscussionComment, *Response, error) {
 	u := fmt.Sprintf("orgs/%v/teams/%v/discussions/%v/comments/%v", org, slug, discussionNumber, commentNumber)
 	req, err := s.client.NewRequest("PATCH", u, comment)
@@ -216,7 +232,9 @@ func (s *TeamsService) EditCommentBySlug(ctx context.Context, org, slug string,
 // DeleteCommentByID deletes a comment on a team discussion by team ID.
 // Authenticated user must grant write:discussion scope.
 //
-// GitHub API docs: https://docs.github.com/en/rest/teams/discussion-comments#delete-a-discussion-comment
+// GitHub API docs: https://docs.github.com/rest/teams/discussion-comments#delete-a-discussion-comment
+//
+//meta:operation DELETE /orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}
 func (s *TeamsService) DeleteCommentByID(ctx context.Context, orgID, teamID int64, discussionNumber, commentNumber int) (*Response, error) {
 	u := fmt.Sprintf("organizations/%v/team/%v/discussions/%v/comments/%v", orgID, teamID, discussionNumber, commentNumber)
 	req, err := s.client.NewRequest("DELETE", u, nil)
@@ -230,7 +248,9 @@ func (s *TeamsService) DeleteCommentByID(ctx context.Context, orgID, teamID int6
 // DeleteCommentBySlug deletes a comment on a team discussion by team slug.
 // Authenticated user must grant write:discussion scope.
 //
-// GitHub API docs: https://docs.github.com/en/rest/teams/discussion-comments#delete-a-discussion-comment
+// GitHub API docs: https://docs.github.com/rest/teams/discussion-comments#delete-a-discussion-comment
+//
+//meta:operation DELETE /orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}
 func (s *TeamsService) DeleteCommentBySlug(ctx context.Context, org, slug string, discussionNumber, commentNumber int) (*Response, error) {
 	u := fmt.Sprintf("orgs/%v/teams/%v/discussions/%v/comments/%v", org, slug, discussionNumber, commentNumber)
 	req, err := s.client.NewRequest("DELETE", u, nil)
diff --git a/vendor/github.com/google/go-github/v56/github/teams_discussions.go b/vendor/github.com/google/go-github/v57/github/teams_discussions.go
similarity index 83%
rename from vendor/github.com/google/go-github/v56/github/teams_discussions.go
rename to vendor/github.com/google/go-github/v57/github/teams_discussions.go
index 69a3ebd51ff..ee78c032a61 100644
--- a/vendor/github.com/google/go-github/v56/github/teams_discussions.go
+++ b/vendor/github.com/google/go-github/v57/github/teams_discussions.go
@@ -49,7 +49,9 @@ type DiscussionListOptions struct {
 // ListDiscussionsByID lists all discussions on team's page given Organization and Team ID.
 // Authenticated user must grant read:discussion scope.
 //
-// GitHub API docs: https://docs.github.com/en/rest/teams/discussions#list-discussions
+// GitHub API docs: https://docs.github.com/rest/teams/discussions#list-discussions
+//
+//meta:operation GET /orgs/{org}/teams/{team_slug}/discussions
 func (s *TeamsService) ListDiscussionsByID(ctx context.Context, orgID, teamID int64, opts *DiscussionListOptions) ([]*TeamDiscussion, *Response, error) {
 	u := fmt.Sprintf("organizations/%v/team/%v/discussions", orgID, teamID)
 	u, err := addOptions(u, opts)
@@ -74,7 +76,9 @@ func (s *TeamsService) ListDiscussionsByID(ctx context.Context, orgID, teamID in
 // ListDiscussionsBySlug lists all discussions on team's page given Organization name and Team's slug.
 // Authenticated user must grant read:discussion scope.
 //
-// GitHub API docs: https://docs.github.com/en/rest/teams/discussions#list-discussions
+// GitHub API docs: https://docs.github.com/rest/teams/discussions#list-discussions
+//
+//meta:operation GET /orgs/{org}/teams/{team_slug}/discussions
 func (s *TeamsService) ListDiscussionsBySlug(ctx context.Context, org, slug string, opts *DiscussionListOptions) ([]*TeamDiscussion, *Response, error) {
 	u := fmt.Sprintf("orgs/%v/teams/%v/discussions", org, slug)
 	u, err := addOptions(u, opts)
@@ -99,7 +103,9 @@ func (s *TeamsService) ListDiscussionsBySlug(ctx context.Context, org, slug stri
 // GetDiscussionByID gets a specific discussion on a team's page given Organization and Team ID.
 // Authenticated user must grant read:discussion scope.
 //
-// GitHub API docs: https://docs.github.com/en/rest/teams/discussions#get-a-discussion
+// GitHub API docs: https://docs.github.com/rest/teams/discussions#get-a-discussion
+//
+//meta:operation GET /orgs/{org}/teams/{team_slug}/discussions/{discussion_number}
 func (s *TeamsService) GetDiscussionByID(ctx context.Context, orgID, teamID int64, discussionNumber int) (*TeamDiscussion, *Response, error) {
 	u := fmt.Sprintf("organizations/%v/team/%v/discussions/%v", orgID, teamID, discussionNumber)
 	req, err := s.client.NewRequest("GET", u, nil)
@@ -119,7 +125,9 @@ func (s *TeamsService) GetDiscussionByID(ctx context.Context, orgID, teamID int6
 // GetDiscussionBySlug gets a specific discussion on a team's page given Organization name and Team's slug.
 // Authenticated user must grant read:discussion scope.
 //
-// GitHub API docs: https://docs.github.com/en/rest/teams/discussions#get-a-discussion
+// GitHub API docs: https://docs.github.com/rest/teams/discussions#get-a-discussion
+//
+//meta:operation GET /orgs/{org}/teams/{team_slug}/discussions/{discussion_number}
 func (s *TeamsService) GetDiscussionBySlug(ctx context.Context, org, slug string, discussionNumber int) (*TeamDiscussion, *Response, error) {
 	u := fmt.Sprintf("orgs/%v/teams/%v/discussions/%v", org, slug, discussionNumber)
 	req, err := s.client.NewRequest("GET", u, nil)
@@ -139,7 +147,9 @@ func (s *TeamsService) GetDiscussionBySlug(ctx context.Context, org, slug string
 // CreateDiscussionByID creates a new discussion post on a team's page given Organization and Team ID.
 // Authenticated user must grant write:discussion scope.
 //
-// GitHub API docs: https://docs.github.com/en/rest/teams/discussions#create-a-discussion
+// GitHub API docs: https://docs.github.com/rest/teams/discussions#create-a-discussion
+//
+//meta:operation POST /orgs/{org}/teams/{team_slug}/discussions
 func (s *TeamsService) CreateDiscussionByID(ctx context.Context, orgID, teamID int64, discussion TeamDiscussion) (*TeamDiscussion, *Response, error) {
 	u := fmt.Sprintf("organizations/%v/team/%v/discussions", orgID, teamID)
 	req, err := s.client.NewRequest("POST", u, discussion)
@@ -159,7 +169,9 @@ func (s *TeamsService) CreateDiscussionByID(ctx context.Context, orgID, teamID i
 // CreateDiscussionBySlug creates a new discussion post on a team's page given Organization name and Team's slug.
 // Authenticated user must grant write:discussion scope.
 //
-// GitHub API docs: https://docs.github.com/en/rest/teams/discussions#create-a-discussion
+// GitHub API docs: https://docs.github.com/rest/teams/discussions#create-a-discussion
+//
+//meta:operation POST /orgs/{org}/teams/{team_slug}/discussions
 func (s *TeamsService) CreateDiscussionBySlug(ctx context.Context, org, slug string, discussion TeamDiscussion) (*TeamDiscussion, *Response, error) {
 	u := fmt.Sprintf("orgs/%v/teams/%v/discussions", org, slug)
 	req, err := s.client.NewRequest("POST", u, discussion)
@@ -180,7 +192,9 @@ func (s *TeamsService) CreateDiscussionBySlug(ctx context.Context, org, slug str
 // Authenticated user must grant write:discussion scope.
 // User is allowed to change Title and Body of a discussion only.
 //
-// GitHub API docs: https://docs.github.com/en/rest/teams/discussions#update-a-discussion
+// GitHub API docs: https://docs.github.com/rest/teams/discussions#update-a-discussion
+//
+//meta:operation PATCH /orgs/{org}/teams/{team_slug}/discussions/{discussion_number}
 func (s *TeamsService) EditDiscussionByID(ctx context.Context, orgID, teamID int64, discussionNumber int, discussion TeamDiscussion) (*TeamDiscussion, *Response, error) {
 	u := fmt.Sprintf("organizations/%v/team/%v/discussions/%v", orgID, teamID, discussionNumber)
 	req, err := s.client.NewRequest("PATCH", u, discussion)
@@ -201,7 +215,9 @@ func (s *TeamsService) EditDiscussionByID(ctx context.Context, orgID, teamID int
 // Authenticated user must grant write:discussion scope.
 // User is allowed to change Title and Body of a discussion only.
 //
-// GitHub API docs: https://docs.github.com/en/rest/teams/discussions#update-a-discussion
+// GitHub API docs: https://docs.github.com/rest/teams/discussions#update-a-discussion
+//
+//meta:operation PATCH /orgs/{org}/teams/{team_slug}/discussions/{discussion_number}
 func (s *TeamsService) EditDiscussionBySlug(ctx context.Context, org, slug string, discussionNumber int, discussion TeamDiscussion) (*TeamDiscussion, *Response, error) {
 	u := fmt.Sprintf("orgs/%v/teams/%v/discussions/%v", org, slug, discussionNumber)
 	req, err := s.client.NewRequest("PATCH", u, discussion)
@@ -221,7 +237,9 @@ func (s *TeamsService) EditDiscussionBySlug(ctx context.Context, org, slug strin
 // DeleteDiscussionByID deletes a discussion from team's page given Organization and Team ID.
 // Authenticated user must grant write:discussion scope.
 //
-// GitHub API docs: https://docs.github.com/en/rest/teams/discussions#delete-a-discussion
+// GitHub API docs: https://docs.github.com/rest/teams/discussions#delete-a-discussion
+//
+//meta:operation DELETE /orgs/{org}/teams/{team_slug}/discussions/{discussion_number}
 func (s *TeamsService) DeleteDiscussionByID(ctx context.Context, orgID, teamID int64, discussionNumber int) (*Response, error) {
 	u := fmt.Sprintf("organizations/%v/team/%v/discussions/%v", orgID, teamID, discussionNumber)
 	req, err := s.client.NewRequest("DELETE", u, nil)
@@ -235,7 +253,9 @@ func (s *TeamsService) DeleteDiscussionByID(ctx context.Context, orgID, teamID i
 // DeleteDiscussionBySlug deletes a discussion from team's page given Organization name and Team's slug.
 // Authenticated user must grant write:discussion scope.
 //
-// GitHub API docs: https://docs.github.com/en/rest/teams/discussions#delete-a-discussion
+// GitHub API docs: https://docs.github.com/rest/teams/discussions#delete-a-discussion
+//
+//meta:operation DELETE /orgs/{org}/teams/{team_slug}/discussions/{discussion_number}
 func (s *TeamsService) DeleteDiscussionBySlug(ctx context.Context, org, slug string, discussionNumber int) (*Response, error) {
 	u := fmt.Sprintf("orgs/%v/teams/%v/discussions/%v", org, slug, discussionNumber)
 	req, err := s.client.NewRequest("DELETE", u, nil)
diff --git a/vendor/github.com/google/go-github/v56/github/teams_members.go b/vendor/github.com/google/go-github/v57/github/teams_members.go
similarity index 81%
rename from vendor/github.com/google/go-github/v56/github/teams_members.go
rename to vendor/github.com/google/go-github/v57/github/teams_members.go
index 58cb79744e1..059d993a3e6 100644
--- a/vendor/github.com/google/go-github/v56/github/teams_members.go
+++ b/vendor/github.com/google/go-github/v57/github/teams_members.go
@@ -23,7 +23,9 @@ type TeamListTeamMembersOptions struct {
 // ListTeamMembersByID lists all of the users who are members of a team, given a specified
 // organization ID, by team ID.
 //
-// GitHub API docs: https://docs.github.com/en/rest/teams/members#list-team-members
+// GitHub API docs: https://docs.github.com/rest/teams/members#list-team-members
+//
+//meta:operation GET /orgs/{org}/teams/{team_slug}/members
 func (s *TeamsService) ListTeamMembersByID(ctx context.Context, orgID, teamID int64, opts *TeamListTeamMembersOptions) ([]*User, *Response, error) {
 	u := fmt.Sprintf("organizations/%v/team/%v/members", orgID, teamID)
 	u, err := addOptions(u, opts)
@@ -48,7 +50,9 @@ func (s *TeamsService) ListTeamMembersByID(ctx context.Context, orgID, teamID in
 // ListTeamMembersBySlug lists all of the users who are members of a team, given a specified
 // organization name, by team slug.
 //
-// GitHub API docs: https://docs.github.com/en/rest/teams/members#list-team-members
+// GitHub API docs: https://docs.github.com/rest/teams/members#list-team-members
+//
+//meta:operation GET /orgs/{org}/teams/{team_slug}/members
 func (s *TeamsService) ListTeamMembersBySlug(ctx context.Context, org, slug string, opts *TeamListTeamMembersOptions) ([]*User, *Response, error) {
 	u := fmt.Sprintf("orgs/%v/teams/%v/members", org, slug)
 	u, err := addOptions(u, opts)
@@ -73,7 +77,9 @@ func (s *TeamsService) ListTeamMembersBySlug(ctx context.Context, org, slug stri
 // GetTeamMembershipByID returns the membership status for a user in a team, given a specified
 // organization ID, by team ID.
 //
-// GitHub API docs: https://docs.github.com/en/rest/teams/members#list-team-members
+// GitHub API docs: https://docs.github.com/rest/teams/members#list-team-members
+//
+//meta:operation GET /orgs/{org}/teams/{team_slug}/members
 func (s *TeamsService) GetTeamMembershipByID(ctx context.Context, orgID, teamID int64, user string) (*Membership, *Response, error) {
 	u := fmt.Sprintf("organizations/%v/team/%v/memberships/%v", orgID, teamID, user)
 	req, err := s.client.NewRequest("GET", u, nil)
@@ -93,7 +99,9 @@ func (s *TeamsService) GetTeamMembershipByID(ctx context.Context, orgID, teamID
 // GetTeamMembershipBySlug returns the membership status for a user in a team, given a specified
 // organization name, by team slug.
 //
-// GitHub API docs: https://docs.github.com/en/rest/teams/members#get-team-membership-for-a-user
+// GitHub API docs: https://docs.github.com/rest/teams/members#get-team-membership-for-a-user
+//
+//meta:operation GET /orgs/{org}/teams/{team_slug}/memberships/{username}
 func (s *TeamsService) GetTeamMembershipBySlug(ctx context.Context, org, slug, user string) (*Membership, *Response, error) {
 	u := fmt.Sprintf("orgs/%v/teams/%v/memberships/%v", org, slug, user)
 	req, err := s.client.NewRequest("GET", u, nil)
@@ -127,7 +135,9 @@ type TeamAddTeamMembershipOptions struct {
 // AddTeamMembershipByID adds or invites a user to a team, given a specified
 // organization ID, by team ID.
 //
-// GitHub API docs: https://docs.github.com/en/rest/teams/members#add-or-update-team-membership-for-a-user
+// GitHub API docs: https://docs.github.com/rest/teams/members#add-or-update-team-membership-for-a-user
+//
+//meta:operation PUT /orgs/{org}/teams/{team_slug}/memberships/{username}
 func (s *TeamsService) AddTeamMembershipByID(ctx context.Context, orgID, teamID int64, user string, opts *TeamAddTeamMembershipOptions) (*Membership, *Response, error) {
 	u := fmt.Sprintf("organizations/%v/team/%v/memberships/%v", orgID, teamID, user)
 	req, err := s.client.NewRequest("PUT", u, opts)
@@ -147,7 +157,9 @@ func (s *TeamsService) AddTeamMembershipByID(ctx context.Context, orgID, teamID
 // AddTeamMembershipBySlug adds or invites a user to a team, given a specified
 // organization name, by team slug.
 //
-// GitHub API docs: https://docs.github.com/en/rest/teams/members#add-or-update-team-membership-for-a-user
+// GitHub API docs: https://docs.github.com/rest/teams/members#add-or-update-team-membership-for-a-user
+//
+//meta:operation PUT /orgs/{org}/teams/{team_slug}/memberships/{username}
 func (s *TeamsService) AddTeamMembershipBySlug(ctx context.Context, org, slug, user string, opts *TeamAddTeamMembershipOptions) (*Membership, *Response, error) {
 	u := fmt.Sprintf("orgs/%v/teams/%v/memberships/%v", org, slug, user)
 	req, err := s.client.NewRequest("PUT", u, opts)
@@ -167,7 +179,9 @@ func (s *TeamsService) AddTeamMembershipBySlug(ctx context.Context, org, slug, u
 // RemoveTeamMembershipByID removes a user from a team, given a specified
 // organization ID, by team ID.
 //
-// GitHub API docs: https://docs.github.com/en/rest/teams/members#remove-team-membership-for-a-user
+// GitHub API docs: https://docs.github.com/rest/teams/members#remove-team-membership-for-a-user
+//
+//meta:operation DELETE /orgs/{org}/teams/{team_slug}/memberships/{username}
 func (s *TeamsService) RemoveTeamMembershipByID(ctx context.Context, orgID, teamID int64, user string) (*Response, error) {
 	u := fmt.Sprintf("organizations/%v/team/%v/memberships/%v", orgID, teamID, user)
 	req, err := s.client.NewRequest("DELETE", u, nil)
@@ -181,7 +195,9 @@ func (s *TeamsService) RemoveTeamMembershipByID(ctx context.Context, orgID, team
 // RemoveTeamMembershipBySlug removes a user from a team, given a specified
 // organization name, by team slug.
 //
-// GitHub API docs: https://docs.github.com/en/rest/teams/members#remove-team-membership-for-a-user
+// GitHub API docs: https://docs.github.com/rest/teams/members#remove-team-membership-for-a-user
+//
+//meta:operation DELETE /orgs/{org}/teams/{team_slug}/memberships/{username}
 func (s *TeamsService) RemoveTeamMembershipBySlug(ctx context.Context, org, slug, user string) (*Response, error) {
 	u := fmt.Sprintf("orgs/%v/teams/%v/memberships/%v", org, slug, user)
 	req, err := s.client.NewRequest("DELETE", u, nil)
@@ -195,7 +211,9 @@ func (s *TeamsService) RemoveTeamMembershipBySlug(ctx context.Context, org, slug
 // ListPendingTeamInvitationsByID gets pending invitation list of a team, given a specified
 // organization ID, by team ID.
 //
-// GitHub API docs: https://docs.github.com/en/rest/teams/members#list-pending-team-invitations
+// GitHub API docs: https://docs.github.com/rest/teams/members#list-pending-team-invitations
+//
+//meta:operation GET /orgs/{org}/teams/{team_slug}/invitations
 func (s *TeamsService) ListPendingTeamInvitationsByID(ctx context.Context, orgID, teamID int64, opts *ListOptions) ([]*Invitation, *Response, error) {
 	u := fmt.Sprintf("organizations/%v/team/%v/invitations", orgID, teamID)
 	u, err := addOptions(u, opts)
@@ -220,7 +238,9 @@ func (s *TeamsService) ListPendingTeamInvitationsByID(ctx context.Context, orgID
 // ListPendingTeamInvitationsBySlug get pending invitation list of a team, given a specified
 // organization name, by team slug.
 //
-// GitHub API docs: https://docs.github.com/en/rest/teams/members#list-pending-team-invitations
+// GitHub API docs: https://docs.github.com/rest/teams/members#list-pending-team-invitations
+//
+//meta:operation GET /orgs/{org}/teams/{team_slug}/invitations
 func (s *TeamsService) ListPendingTeamInvitationsBySlug(ctx context.Context, org, slug string, opts *ListOptions) ([]*Invitation, *Response, error) {
 	u := fmt.Sprintf("orgs/%v/teams/%v/invitations", org, slug)
 	u, err := addOptions(u, opts)
diff --git a/vendor/github.com/google/go-github/v56/github/timestamp.go b/vendor/github.com/google/go-github/v57/github/timestamp.go
similarity index 100%
rename from vendor/github.com/google/go-github/v56/github/timestamp.go
rename to vendor/github.com/google/go-github/v57/github/timestamp.go
diff --git a/vendor/github.com/google/go-github/v56/github/users.go b/vendor/github.com/google/go-github/v57/github/users.go
similarity index 85%
rename from vendor/github.com/google/go-github/v56/github/users.go
rename to vendor/github.com/google/go-github/v57/github/users.go
index 1b0670103b3..51b2b2193bc 100644
--- a/vendor/github.com/google/go-github/v56/github/users.go
+++ b/vendor/github.com/google/go-github/v57/github/users.go
@@ -13,7 +13,7 @@ import (
 // UsersService handles communication with the user related
 // methods of the GitHub API.
 //
-// GitHub API docs: https://docs.github.com/en/rest/users/
+// GitHub API docs: https://docs.github.com/rest/users/
 type UsersService service
 
 // User represents a GitHub user.
@@ -63,7 +63,7 @@ type User struct {
 	SubscriptionsURL  *string `json:"subscriptions_url,omitempty"`
 
 	// TextMatches is only populated from search results that request text matches
-	// See: search.go and https://docs.github.com/en/rest/search/#text-match-metadata
+	// See: search.go and https://docs.github.com/rest/search/#text-match-metadata
 	TextMatches []*TextMatch `json:"text_matches,omitempty"`
 
 	// Permissions and RoleName identify the permissions and role that a user has on a given
@@ -79,8 +79,11 @@ func (u User) String() string {
 // Get fetches a user. Passing the empty string will fetch the authenticated
 // user.
 //
-// GitHub API docs: https://docs.github.com/en/rest/users/users#get-the-authenticated-user
-// GitHub API docs: https://docs.github.com/en/rest/users/users#get-a-user
+// GitHub API docs: https://docs.github.com/rest/users/users#get-a-user
+// GitHub API docs: https://docs.github.com/rest/users/users#get-the-authenticated-user
+//
+//meta:operation GET /user
+//meta:operation GET /users/{username}
 func (s *UsersService) Get(ctx context.Context, user string) (*User, *Response, error) {
 	var u string
 	if user != "" {
@@ -104,7 +107,9 @@ func (s *UsersService) Get(ctx context.Context, user string) (*User, *Response,
 
 // GetByID fetches a user.
 //
-// Note: GetByID uses the undocumented GitHub API endpoint /user/:id.
+// Note: GetByID uses the undocumented GitHub API endpoint "GET /user/{user_id}".
+//
+//meta:operation GET /user/{user_id}
 func (s *UsersService) GetByID(ctx context.Context, id int64) (*User, *Response, error) {
 	u := fmt.Sprintf("user/%d", id)
 	req, err := s.client.NewRequest("GET", u, nil)
@@ -123,7 +128,9 @@ func (s *UsersService) GetByID(ctx context.Context, id int64) (*User, *Response,
 
 // Edit the authenticated user.
 //
-// GitHub API docs: https://docs.github.com/en/rest/users/users#update-the-authenticated-user
+// GitHub API docs: https://docs.github.com/rest/users/users#update-the-authenticated-user
+//
+//meta:operation PATCH /user
 func (s *UsersService) Edit(ctx context.Context, user *User) (*User, *Response, error) {
 	u := "user"
 	req, err := s.client.NewRequest("PATCH", u, user)
@@ -165,7 +172,9 @@ type UserContext struct {
 // GetHovercard fetches contextual information about user. It requires authentication
 // via Basic Auth or via OAuth with the repo scope.
 //
-// GitHub API docs: https://docs.github.com/en/rest/users/users#get-contextual-information-for-a-user
+// GitHub API docs: https://docs.github.com/rest/users/users#get-contextual-information-for-a-user
+//
+//meta:operation GET /users/{username}/hovercard
 func (s *UsersService) GetHovercard(ctx context.Context, user string, opts *HovercardOptions) (*Hovercard, *Response, error) {
 	u := fmt.Sprintf("users/%v/hovercard", user)
 	u, err := addOptions(u, opts)
@@ -203,7 +212,9 @@ type UserListOptions struct {
 //
 // To paginate through all users, populate 'Since' with the ID of the last user.
 //
-// GitHub API docs: https://docs.github.com/en/rest/users/users#list-users
+// GitHub API docs: https://docs.github.com/rest/users/users#list-users
+//
+//meta:operation GET /users
 func (s *UsersService) ListAll(ctx context.Context, opts *UserListOptions) ([]*User, *Response, error) {
 	u, err := addOptions("users", opts)
 	if err != nil {
@@ -227,7 +238,9 @@ func (s *UsersService) ListAll(ctx context.Context, opts *UserListOptions) ([]*U
 // ListInvitations lists all currently-open repository invitations for the
 // authenticated user.
 //
-// GitHub API docs: https://docs.github.com/en/rest/collaborators/invitations#list-repository-invitations-for-the-authenticated-user
+// GitHub API docs: https://docs.github.com/rest/collaborators/invitations#list-repository-invitations-for-the-authenticated-user
+//
+//meta:operation GET /user/repository_invitations
 func (s *UsersService) ListInvitations(ctx context.Context, opts *ListOptions) ([]*RepositoryInvitation, *Response, error) {
 	u, err := addOptions("user/repository_invitations", opts)
 	if err != nil {
@@ -251,7 +264,9 @@ func (s *UsersService) ListInvitations(ctx context.Context, opts *ListOptions) (
 // AcceptInvitation accepts the currently-open repository invitation for the
 // authenticated user.
 //
-// GitHub API docs: https://docs.github.com/en/rest/collaborators/invitations#accept-a-repository-invitation
+// GitHub API docs: https://docs.github.com/rest/collaborators/invitations#accept-a-repository-invitation
+//
+//meta:operation PATCH /user/repository_invitations/{invitation_id}
 func (s *UsersService) AcceptInvitation(ctx context.Context, invitationID int64) (*Response, error) {
 	u := fmt.Sprintf("user/repository_invitations/%v", invitationID)
 	req, err := s.client.NewRequest("PATCH", u, nil)
@@ -265,7 +280,9 @@ func (s *UsersService) AcceptInvitation(ctx context.Context, invitationID int64)
 // DeclineInvitation declines the currently-open repository invitation for the
 // authenticated user.
 //
-// GitHub API docs: https://docs.github.com/en/rest/collaborators/invitations#decline-a-repository-invitation
+// GitHub API docs: https://docs.github.com/rest/collaborators/invitations#decline-a-repository-invitation
+//
+//meta:operation DELETE /user/repository_invitations/{invitation_id}
 func (s *UsersService) DeclineInvitation(ctx context.Context, invitationID int64) (*Response, error) {
 	u := fmt.Sprintf("user/repository_invitations/%v", invitationID)
 	req, err := s.client.NewRequest("DELETE", u, nil)
diff --git a/vendor/github.com/google/go-github/v56/github/users_administration.go b/vendor/github.com/google/go-github/v57/github/users_administration.go
similarity index 71%
rename from vendor/github.com/google/go-github/v56/github/users_administration.go
rename to vendor/github.com/google/go-github/v57/github/users_administration.go
index aef947ec451..02cb894bc3b 100644
--- a/vendor/github.com/google/go-github/v56/github/users_administration.go
+++ b/vendor/github.com/google/go-github/v57/github/users_administration.go
@@ -12,7 +12,9 @@ import (
 
 // PromoteSiteAdmin promotes a user to a site administrator of a GitHub Enterprise instance.
 //
-// GitHub API docs: https://developer.github.com/enterprise/v3/enterprise-admin/users/#promote-an-ordinary-user-to-a-site-administrator
+// GitHub API docs: https://docs.github.com/enterprise-server@3.10/rest/enterprise-admin/users#promote-a-user-to-be-a-site-administrator
+//
+//meta:operation PUT /users/{username}/site_admin
 func (s *UsersService) PromoteSiteAdmin(ctx context.Context, user string) (*Response, error) {
 	u := fmt.Sprintf("users/%v/site_admin", user)
 
@@ -26,7 +28,9 @@ func (s *UsersService) PromoteSiteAdmin(ctx context.Context, user string) (*Resp
 
 // DemoteSiteAdmin demotes a user from site administrator of a GitHub Enterprise instance.
 //
-// GitHub API docs: https://developer.github.com/enterprise/v3/enterprise-admin/users/#demote-a-site-administrator-to-an-ordinary-user
+// GitHub API docs: https://docs.github.com/enterprise-server@3.10/rest/enterprise-admin/users#demote-a-site-administrator
+//
+//meta:operation DELETE /users/{username}/site_admin
 func (s *UsersService) DemoteSiteAdmin(ctx context.Context, user string) (*Response, error) {
 	u := fmt.Sprintf("users/%v/site_admin", user)
 
@@ -45,7 +49,9 @@ type UserSuspendOptions struct {
 
 // Suspend a user on a GitHub Enterprise instance.
 //
-// GitHub API docs: https://developer.github.com/enterprise/v3/enterprise-admin/users/#suspend-a-user
+// GitHub API docs: https://docs.github.com/enterprise-server@3.10/rest/enterprise-admin/users#suspend-a-user
+//
+//meta:operation PUT /users/{username}/suspended
 func (s *UsersService) Suspend(ctx context.Context, user string, opts *UserSuspendOptions) (*Response, error) {
 	u := fmt.Sprintf("users/%v/suspended", user)
 
@@ -59,7 +65,9 @@ func (s *UsersService) Suspend(ctx context.Context, user string, opts *UserSuspe
 
 // Unsuspend a user on a GitHub Enterprise instance.
 //
-// GitHub API docs: https://developer.github.com/enterprise/v3/enterprise-admin/users/#unsuspend-a-user
+// GitHub API docs: https://docs.github.com/enterprise-server@3.10/rest/enterprise-admin/users#unsuspend-a-user
+//
+//meta:operation DELETE /users/{username}/suspended
 func (s *UsersService) Unsuspend(ctx context.Context, user string) (*Response, error) {
 	u := fmt.Sprintf("users/%v/suspended", user)
 
diff --git a/vendor/github.com/google/go-github/v56/github/users_blocking.go b/vendor/github.com/google/go-github/v57/github/users_blocking.go
similarity index 80%
rename from vendor/github.com/google/go-github/v56/github/users_blocking.go
rename to vendor/github.com/google/go-github/v57/github/users_blocking.go
index 3d38d947898..3f2af38f6c9 100644
--- a/vendor/github.com/google/go-github/v56/github/users_blocking.go
+++ b/vendor/github.com/google/go-github/v57/github/users_blocking.go
@@ -12,7 +12,9 @@ import (
 
 // ListBlockedUsers lists all the blocked users by the authenticated user.
 //
-// GitHub API docs: https://docs.github.com/en/rest/users/blocking#list-users-blocked-by-the-authenticated-user
+// GitHub API docs: https://docs.github.com/rest/users/blocking#list-users-blocked-by-the-authenticated-user
+//
+//meta:operation GET /user/blocks
 func (s *UsersService) ListBlockedUsers(ctx context.Context, opts *ListOptions) ([]*User, *Response, error) {
 	u := "user/blocks"
 	u, err := addOptions(u, opts)
@@ -39,7 +41,9 @@ func (s *UsersService) ListBlockedUsers(ctx context.Context, opts *ListOptions)
 
 // IsBlocked reports whether specified user is blocked by the authenticated user.
 //
-// GitHub API docs: https://docs.github.com/en/rest/users/blocking#check-if-a-user-is-blocked-by-the-authenticated-user
+// GitHub API docs: https://docs.github.com/rest/users/blocking#check-if-a-user-is-blocked-by-the-authenticated-user
+//
+//meta:operation GET /user/blocks/{username}
 func (s *UsersService) IsBlocked(ctx context.Context, user string) (bool, *Response, error) {
 	u := fmt.Sprintf("user/blocks/%v", user)
 
@@ -58,7 +62,9 @@ func (s *UsersService) IsBlocked(ctx context.Context, user string) (bool, *Respo
 
 // BlockUser blocks specified user for the authenticated user.
 //
-// GitHub API docs: https://docs.github.com/en/rest/users/blocking#block-a-user
+// GitHub API docs: https://docs.github.com/rest/users/blocking#block-a-user
+//
+//meta:operation PUT /user/blocks/{username}
 func (s *UsersService) BlockUser(ctx context.Context, user string) (*Response, error) {
 	u := fmt.Sprintf("user/blocks/%v", user)
 
@@ -75,7 +81,9 @@ func (s *UsersService) BlockUser(ctx context.Context, user string) (*Response, e
 
 // UnblockUser unblocks specified user for the authenticated user.
 //
-// GitHub API docs: https://docs.github.com/en/rest/users/blocking#unblock-a-user
+// GitHub API docs: https://docs.github.com/rest/users/blocking#unblock-a-user
+//
+//meta:operation DELETE /user/blocks/{username}
 func (s *UsersService) UnblockUser(ctx context.Context, user string) (*Response, error) {
 	u := fmt.Sprintf("user/blocks/%v", user)
 
diff --git a/vendor/github.com/google/go-github/v56/github/users_emails.go b/vendor/github.com/google/go-github/v57/github/users_emails.go
similarity index 78%
rename from vendor/github.com/google/go-github/v56/github/users_emails.go
rename to vendor/github.com/google/go-github/v57/github/users_emails.go
index 67bd210e8d5..8386de250b2 100644
--- a/vendor/github.com/google/go-github/v56/github/users_emails.go
+++ b/vendor/github.com/google/go-github/v57/github/users_emails.go
@@ -17,7 +17,9 @@ type UserEmail struct {
 
 // ListEmails lists all email addresses for the authenticated user.
 //
-// GitHub API docs: https://docs.github.com/en/rest/users/emails#list-email-addresses-for-the-authenticated-user
+// GitHub API docs: https://docs.github.com/rest/users/emails#list-email-addresses-for-the-authenticated-user
+//
+//meta:operation GET /user/emails
 func (s *UsersService) ListEmails(ctx context.Context, opts *ListOptions) ([]*UserEmail, *Response, error) {
 	u := "user/emails"
 	u, err := addOptions(u, opts)
@@ -41,7 +43,9 @@ func (s *UsersService) ListEmails(ctx context.Context, opts *ListOptions) ([]*Us
 
 // AddEmails adds email addresses of the authenticated user.
 //
-// GitHub API docs: https://docs.github.com/en/rest/users/emails#add-an-email-address-for-the-authenticated-user
+// GitHub API docs: https://docs.github.com/rest/users/emails#add-an-email-address-for-the-authenticated-user
+//
+//meta:operation POST /user/emails
 func (s *UsersService) AddEmails(ctx context.Context, emails []string) ([]*UserEmail, *Response, error) {
 	u := "user/emails"
 	req, err := s.client.NewRequest("POST", u, emails)
@@ -60,7 +64,9 @@ func (s *UsersService) AddEmails(ctx context.Context, emails []string) ([]*UserE
 
 // DeleteEmails deletes email addresses from authenticated user.
 //
-// GitHub API docs: https://docs.github.com/en/rest/users/emails#delete-an-email-address-for-the-authenticated-user
+// GitHub API docs: https://docs.github.com/rest/users/emails#delete-an-email-address-for-the-authenticated-user
+//
+//meta:operation DELETE /user/emails
 func (s *UsersService) DeleteEmails(ctx context.Context, emails []string) (*Response, error) {
 	u := "user/emails"
 	req, err := s.client.NewRequest("DELETE", u, emails)
@@ -74,7 +80,9 @@ func (s *UsersService) DeleteEmails(ctx context.Context, emails []string) (*Resp
 // SetEmailVisibility sets the visibility for the primary email address of the authenticated user.
 // `visibility` can be "private" or "public".
 //
-// GitHub API docs: https://docs.github.com/en/rest/users/emails#set-primary-email-visibility-for-the-authenticated-user
+// GitHub API docs: https://docs.github.com/rest/users/emails#set-primary-email-visibility-for-the-authenticated-user
+//
+//meta:operation PATCH /user/email/visibility
 func (s *UsersService) SetEmailVisibility(ctx context.Context, visibility string) ([]*UserEmail, *Response, error) {
 	u := "user/email/visibility"
 
diff --git a/vendor/github.com/google/go-github/v56/github/users_followers.go b/vendor/github.com/google/go-github/v57/github/users_followers.go
similarity index 70%
rename from vendor/github.com/google/go-github/v56/github/users_followers.go
rename to vendor/github.com/google/go-github/v57/github/users_followers.go
index 1266e0e9ee3..ec6f531eaa4 100644
--- a/vendor/github.com/google/go-github/v56/github/users_followers.go
+++ b/vendor/github.com/google/go-github/v57/github/users_followers.go
@@ -13,8 +13,11 @@ import (
 // ListFollowers lists the followers for a user. Passing the empty string will
 // fetch followers for the authenticated user.
 //
-// GitHub API docs: https://docs.github.com/en/rest/users/followers#list-followers-of-the-authenticated-user
-// GitHub API docs: https://docs.github.com/en/rest/users/followers#list-followers-of-a-user
+// GitHub API docs: https://docs.github.com/rest/users/followers#list-followers-of-a-user
+// GitHub API docs: https://docs.github.com/rest/users/followers#list-followers-of-the-authenticated-user
+//
+//meta:operation GET /user/followers
+//meta:operation GET /users/{username}/followers
 func (s *UsersService) ListFollowers(ctx context.Context, user string, opts *ListOptions) ([]*User, *Response, error) {
 	var u string
 	if user != "" {
@@ -44,8 +47,11 @@ func (s *UsersService) ListFollowers(ctx context.Context, user string, opts *Lis
 // ListFollowing lists the people that a user is following. Passing the empty
 // string will list people the authenticated user is following.
 //
-// GitHub API docs: https://docs.github.com/en/rest/users/followers#list-the-people-the-authenticated-user-follows
-// GitHub API docs: https://docs.github.com/en/rest/users/followers#list-the-people-a-user-follows
+// GitHub API docs: https://docs.github.com/rest/users/followers#list-the-people-a-user-follows
+// GitHub API docs: https://docs.github.com/rest/users/followers#list-the-people-the-authenticated-user-follows
+//
+//meta:operation GET /user/following
+//meta:operation GET /users/{username}/following
 func (s *UsersService) ListFollowing(ctx context.Context, user string, opts *ListOptions) ([]*User, *Response, error) {
 	var u string
 	if user != "" {
@@ -75,8 +81,11 @@ func (s *UsersService) ListFollowing(ctx context.Context, user string, opts *Lis
 // IsFollowing checks if "user" is following "target". Passing the empty
 // string for "user" will check if the authenticated user is following "target".
 //
-// GitHub API docs: https://docs.github.com/en/rest/users/followers#check-if-a-person-is-followed-by-the-authenticated-user
-// GitHub API docs: https://docs.github.com/en/rest/users/followers#check-if-a-user-follows-another-user
+// GitHub API docs: https://docs.github.com/rest/users/followers#check-if-a-person-is-followed-by-the-authenticated-user
+// GitHub API docs: https://docs.github.com/rest/users/followers#check-if-a-user-follows-another-user
+//
+//meta:operation GET /user/following/{username}
+//meta:operation GET /users/{username}/following/{target_user}
 func (s *UsersService) IsFollowing(ctx context.Context, user, target string) (bool, *Response, error) {
 	var u string
 	if user != "" {
@@ -97,7 +106,9 @@ func (s *UsersService) IsFollowing(ctx context.Context, user, target string) (bo
 
 // Follow will cause the authenticated user to follow the specified user.
 //
-// GitHub API docs: https://docs.github.com/en/rest/users/followers#follow-a-user
+// GitHub API docs: https://docs.github.com/rest/users/followers#follow-a-user
+//
+//meta:operation PUT /user/following/{username}
 func (s *UsersService) Follow(ctx context.Context, user string) (*Response, error) {
 	u := fmt.Sprintf("user/following/%v", user)
 	req, err := s.client.NewRequest("PUT", u, nil)
@@ -110,7 +121,9 @@ func (s *UsersService) Follow(ctx context.Context, user string) (*Response, erro
 
 // Unfollow will cause the authenticated user to unfollow the specified user.
 //
-// GitHub API docs: https://docs.github.com/en/rest/users/followers#unfollow-a-user
+// GitHub API docs: https://docs.github.com/rest/users/followers#unfollow-a-user
+//
+//meta:operation DELETE /user/following/{username}
 func (s *UsersService) Unfollow(ctx context.Context, user string) (*Response, error) {
 	u := fmt.Sprintf("user/following/%v", user)
 	req, err := s.client.NewRequest("DELETE", u, nil)
diff --git a/vendor/github.com/google/go-github/v56/github/users_gpg_keys.go b/vendor/github.com/google/go-github/v57/github/users_gpg_keys.go
similarity index 83%
rename from vendor/github.com/google/go-github/v56/github/users_gpg_keys.go
rename to vendor/github.com/google/go-github/v57/github/users_gpg_keys.go
index 54189b83077..de7caaf1bd0 100644
--- a/vendor/github.com/google/go-github/v56/github/users_gpg_keys.go
+++ b/vendor/github.com/google/go-github/v57/github/users_gpg_keys.go
@@ -44,8 +44,11 @@ type GPGEmail struct {
 // string will fetch keys for the authenticated user. It requires authentication
 // via Basic Auth or via OAuth with at least read:gpg_key scope.
 //
-// GitHub API docs: https://docs.github.com/en/rest/users/gpg-keys#list-gpg-keys-for-the-authenticated-user
-// GitHub API docs: https://docs.github.com/en/rest/users/gpg-keys#list-gpg-keys-for-a-user
+// GitHub API docs: https://docs.github.com/rest/users/gpg-keys#list-gpg-keys-for-a-user
+// GitHub API docs: https://docs.github.com/rest/users/gpg-keys#list-gpg-keys-for-the-authenticated-user
+//
+//meta:operation GET /user/gpg_keys
+//meta:operation GET /users/{username}/gpg_keys
 func (s *UsersService) ListGPGKeys(ctx context.Context, user string, opts *ListOptions) ([]*GPGKey, *Response, error) {
 	var u string
 	if user != "" {
@@ -75,7 +78,9 @@ func (s *UsersService) ListGPGKeys(ctx context.Context, user string, opts *ListO
 // GetGPGKey gets extended details for a single GPG key. It requires authentication
 // via Basic Auth or via OAuth with at least read:gpg_key scope.
 //
-// GitHub API docs: https://docs.github.com/en/rest/users/gpg-keys#get-a-gpg-key-for-the-authenticated-user
+// GitHub API docs: https://docs.github.com/rest/users/gpg-keys#get-a-gpg-key-for-the-authenticated-user
+//
+//meta:operation GET /user/gpg_keys/{gpg_key_id}
 func (s *UsersService) GetGPGKey(ctx context.Context, id int64) (*GPGKey, *Response, error) {
 	u := fmt.Sprintf("user/gpg_keys/%v", id)
 	req, err := s.client.NewRequest("GET", u, nil)
@@ -95,7 +100,9 @@ func (s *UsersService) GetGPGKey(ctx context.Context, id int64) (*GPGKey, *Respo
 // CreateGPGKey creates a GPG key. It requires authenticatation via Basic Auth
 // or OAuth with at least write:gpg_key scope.
 //
-// GitHub API docs: https://docs.github.com/en/rest/users/gpg-keys#create-a-gpg-key
+// GitHub API docs: https://docs.github.com/rest/users/gpg-keys#create-a-gpg-key-for-the-authenticated-user
+//
+//meta:operation POST /user/gpg_keys
 func (s *UsersService) CreateGPGKey(ctx context.Context, armoredPublicKey string) (*GPGKey, *Response, error) {
 	gpgKey := &struct {
 		ArmoredPublicKey string `json:"armored_public_key"`
@@ -117,7 +124,9 @@ func (s *UsersService) CreateGPGKey(ctx context.Context, armoredPublicKey string
 // DeleteGPGKey deletes a GPG key. It requires authentication via Basic Auth or
 // via OAuth with at least admin:gpg_key scope.
 //
-// GitHub API docs: https://docs.github.com/en/rest/users/gpg-keys#delete-a-gpg-key-for-the-authenticated-user
+// GitHub API docs: https://docs.github.com/rest/users/gpg-keys#delete-a-gpg-key-for-the-authenticated-user
+//
+//meta:operation DELETE /user/gpg_keys/{gpg_key_id}
 func (s *UsersService) DeleteGPGKey(ctx context.Context, id int64) (*Response, error) {
 	u := fmt.Sprintf("user/gpg_keys/%v", id)
 	req, err := s.client.NewRequest("DELETE", u, nil)
diff --git a/vendor/github.com/google/go-github/v56/github/users_keys.go b/vendor/github.com/google/go-github/v57/github/users_keys.go
similarity index 77%
rename from vendor/github.com/google/go-github/v56/github/users_keys.go
rename to vendor/github.com/google/go-github/v57/github/users_keys.go
index b49b8e4b4ef..4d42986ed2b 100644
--- a/vendor/github.com/google/go-github/v56/github/users_keys.go
+++ b/vendor/github.com/google/go-github/v57/github/users_keys.go
@@ -30,8 +30,11 @@ func (k Key) String() string {
 // ListKeys lists the verified public keys for a user. Passing the empty
 // string will fetch keys for the authenticated user.
 //
-// GitHub API docs: https://docs.github.com/en/rest/users/keys#list-public-ssh-keys-for-the-authenticated-user
-// GitHub API docs: https://docs.github.com/en/rest/users/keys#list-public-keys-for-a-user
+// GitHub API docs: https://docs.github.com/rest/users/keys#list-public-keys-for-a-user
+// GitHub API docs: https://docs.github.com/rest/users/keys#list-public-ssh-keys-for-the-authenticated-user
+//
+//meta:operation GET /user/keys
+//meta:operation GET /users/{username}/keys
 func (s *UsersService) ListKeys(ctx context.Context, user string, opts *ListOptions) ([]*Key, *Response, error) {
 	var u string
 	if user != "" {
@@ -60,7 +63,9 @@ func (s *UsersService) ListKeys(ctx context.Context, user string, opts *ListOpti
 
 // GetKey fetches a single public key.
 //
-// GitHub API docs: https://docs.github.com/en/rest/users/keys#get-a-public-ssh-key-for-the-authenticated-user
+// GitHub API docs: https://docs.github.com/rest/users/keys#get-a-public-ssh-key-for-the-authenticated-user
+//
+//meta:operation GET /user/keys/{key_id}
 func (s *UsersService) GetKey(ctx context.Context, id int64) (*Key, *Response, error) {
 	u := fmt.Sprintf("user/keys/%v", id)
 
@@ -80,7 +85,9 @@ func (s *UsersService) GetKey(ctx context.Context, id int64) (*Key, *Response, e
 
 // CreateKey adds a public key for the authenticated user.
 //
-// GitHub API docs: https://docs.github.com/en/rest/users/keys#create-a-public-ssh-key-for-the-authenticated-user
+// GitHub API docs: https://docs.github.com/rest/users/keys#create-a-public-ssh-key-for-the-authenticated-user
+//
+//meta:operation POST /user/keys
 func (s *UsersService) CreateKey(ctx context.Context, key *Key) (*Key, *Response, error) {
 	u := "user/keys"
 
@@ -100,7 +107,9 @@ func (s *UsersService) CreateKey(ctx context.Context, key *Key) (*Key, *Response
 
 // DeleteKey deletes a public key.
 //
-// GitHub API docs: https://docs.github.com/en/rest/users/keys#delete-a-public-ssh-key-for-the-authenticated-user
+// GitHub API docs: https://docs.github.com/rest/users/keys#delete-a-public-ssh-key-for-the-authenticated-user
+//
+//meta:operation DELETE /user/keys/{key_id}
 func (s *UsersService) DeleteKey(ctx context.Context, id int64) (*Response, error) {
 	u := fmt.Sprintf("user/keys/%v", id)
 
diff --git a/vendor/github.com/google/go-github/v56/github/users_packages.go b/vendor/github.com/google/go-github/v57/github/users_packages.go
similarity index 56%
rename from vendor/github.com/google/go-github/v56/github/users_packages.go
rename to vendor/github.com/google/go-github/v57/github/users_packages.go
index da04919eccd..3ccf68a1696 100644
--- a/vendor/github.com/google/go-github/v56/github/users_packages.go
+++ b/vendor/github.com/google/go-github/v57/github/users_packages.go
@@ -10,11 +10,14 @@ import (
 	"fmt"
 )
 
-// List the packages for a user. Passing the empty string for "user" will
+// ListPackages lists the packages for a user. Passing the empty string for "user" will
 // list packages for the authenticated user.
 //
-// GitHub API docs: https://docs.github.com/en/rest/packages#list-packages-for-the-authenticated-users-namespace
-// GitHub API docs: https://docs.github.com/en/rest/packages#list-packages-for-a-user
+// GitHub API docs: https://docs.github.com/rest/packages/packages#list-packages-for-a-user
+// GitHub API docs: https://docs.github.com/rest/packages/packages#list-packages-for-the-authenticated-users-namespace
+//
+//meta:operation GET /user/packages
+//meta:operation GET /users/{username}/packages
 func (s *UsersService) ListPackages(ctx context.Context, user string, opts *PackageListOptions) ([]*Package, *Response, error) {
 	var u string
 	if user != "" {
@@ -41,11 +44,14 @@ func (s *UsersService) ListPackages(ctx context.Context, user string, opts *Pack
 	return packages, resp, nil
 }
 
-// Get a package by name for a user. Passing the empty string for "user" will
+// GetPackage gets a package by name for a user. Passing the empty string for "user" will
 // get the package for the authenticated user.
 //
-// GitHub API docs: https://docs.github.com/en/rest/packages#get-a-package-for-the-authenticated-user
-// GitHub API docs: https://docs.github.com/en/rest/packages#get-a-package-for-a-user
+// GitHub API docs: https://docs.github.com/rest/packages/packages#get-a-package-for-a-user
+// GitHub API docs: https://docs.github.com/rest/packages/packages#get-a-package-for-the-authenticated-user
+//
+//meta:operation GET /user/packages/{package_type}/{package_name}
+//meta:operation GET /users/{username}/packages/{package_type}/{package_name}
 func (s *UsersService) GetPackage(ctx context.Context, user, packageType, packageName string) (*Package, *Response, error) {
 	var u string
 	if user != "" {
@@ -68,11 +74,14 @@ func (s *UsersService) GetPackage(ctx context.Context, user, packageType, packag
 	return pack, resp, nil
 }
 
-// Delete a package from a user. Passing the empty string for "user" will
+// DeletePackage deletes a package from a user. Passing the empty string for "user" will
 // delete the package for the authenticated user.
 //
-// GitHub API docs: https://docs.github.com/en/rest/packages#delete-a-package-for-the-authenticated-user
-// GitHub API docs: https://docs.github.com/en/rest/packages#delete-a-package-for-a-user
+// GitHub API docs: https://docs.github.com/rest/packages/packages#delete-a-package-for-a-user
+// GitHub API docs: https://docs.github.com/rest/packages/packages#delete-a-package-for-the-authenticated-user
+//
+//meta:operation DELETE /user/packages/{package_type}/{package_name}
+//meta:operation DELETE /users/{username}/packages/{package_type}/{package_name}
 func (s *UsersService) DeletePackage(ctx context.Context, user, packageType, packageName string) (*Response, error) {
 	var u string
 	if user != "" {
@@ -89,11 +98,14 @@ func (s *UsersService) DeletePackage(ctx context.Context, user, packageType, pac
 	return s.client.Do(ctx, req, nil)
 }
 
-// Restore a package to a user. Passing the empty string for "user" will
+// RestorePackage restores a package to a user. Passing the empty string for "user" will
 // restore the package for the authenticated user.
 //
-// GitHub API docs: https://docs.github.com/en/rest/packages#restore-a-package-for-the-authenticated-user
-// GitHub API docs: https://docs.github.com/en/rest/packages#restore-a-package-for-a-user
+// GitHub API docs: https://docs.github.com/rest/packages/packages#restore-a-package-for-a-user
+// GitHub API docs: https://docs.github.com/rest/packages/packages#restore-a-package-for-the-authenticated-user
+//
+//meta:operation POST /user/packages/{package_type}/{package_name}/restore
+//meta:operation POST /users/{username}/packages/{package_type}/{package_name}/restore
 func (s *UsersService) RestorePackage(ctx context.Context, user, packageType, packageName string) (*Response, error) {
 	var u string
 	if user != "" {
@@ -110,11 +122,14 @@ func (s *UsersService) RestorePackage(ctx context.Context, user, packageType, pa
 	return s.client.Do(ctx, req, nil)
 }
 
-// Get all versions of a package for a user. Passing the empty string for "user" will
+// PackageGetAllVersions gets all versions of a package for a user. Passing the empty string for "user" will
 // get versions for the authenticated user.
 //
-// GitHub API docs: https://docs.github.com/en/rest/packages#get-all-package-versions-for-a-package-owned-by-the-authenticated-user
-// GitHub API docs: https://docs.github.com/en/rest/packages#get-all-package-versions-for-a-package-owned-by-a-user
+// GitHub API docs: https://docs.github.com/rest/packages/packages#list-package-versions-for-a-package-owned-by-a-user
+// GitHub API docs: https://docs.github.com/rest/packages/packages#list-package-versions-for-a-package-owned-by-the-authenticated-user
+//
+//meta:operation GET /user/packages/{package_type}/{package_name}/versions
+//meta:operation GET /users/{username}/packages/{package_type}/{package_name}/versions
 func (s *UsersService) PackageGetAllVersions(ctx context.Context, user, packageType, packageName string, opts *PackageListOptions) ([]*PackageVersion, *Response, error) {
 	var u string
 	if user != "" {
@@ -141,11 +156,14 @@ func (s *UsersService) PackageGetAllVersions(ctx context.Context, user, packageT
 	return versions, resp, nil
 }
 
-// Get a specific version of a package for a user. Passing the empty string for "user" will
+// PackageGetVersion gets a specific version of a package for a user. Passing the empty string for "user" will
 // get the version for the authenticated user.
 //
-// GitHub API docs: https://docs.github.com/en/rest/packages#get-a-package-version-for-the-authenticated-user
-// GitHub API docs: https://docs.github.com/en/rest/packages#get-a-package-version-for-a-user
+// GitHub API docs: https://docs.github.com/rest/packages/packages#get-a-package-version-for-a-user
+// GitHub API docs: https://docs.github.com/rest/packages/packages#get-a-package-version-for-the-authenticated-user
+//
+//meta:operation GET /user/packages/{package_type}/{package_name}/versions/{package_version_id}
+//meta:operation GET /users/{username}/packages/{package_type}/{package_name}/versions/{package_version_id}
 func (s *UsersService) PackageGetVersion(ctx context.Context, user, packageType, packageName string, packageVersionID int64) (*PackageVersion, *Response, error) {
 	var u string
 	if user != "" {
@@ -168,11 +186,14 @@ func (s *UsersService) PackageGetVersion(ctx context.Context, user, packageType,
 	return version, resp, nil
 }
 
-// Delete a package version for a user. Passing the empty string for "user" will
+// PackageDeleteVersion deletes a package version for a user. Passing the empty string for "user" will
 // delete the version for the authenticated user.
 //
-// GitHub API docs: https://docs.github.com/en/rest/packages#delete-a-package-version-for-the-authenticated-user
-// GitHub API docs: https://docs.github.com/en/rest/packages#delete-package-version-for-a-user
+// GitHub API docs: https://docs.github.com/rest/packages/packages#delete-a-package-version-for-the-authenticated-user
+// GitHub API docs: https://docs.github.com/rest/packages/packages#delete-package-version-for-a-user
+//
+//meta:operation DELETE /user/packages/{package_type}/{package_name}/versions/{package_version_id}
+//meta:operation DELETE /users/{username}/packages/{package_type}/{package_name}/versions/{package_version_id}
 func (s *UsersService) PackageDeleteVersion(ctx context.Context, user, packageType, packageName string, packageVersionID int64) (*Response, error) {
 	var u string
 	if user != "" {
@@ -189,11 +210,14 @@ func (s *UsersService) PackageDeleteVersion(ctx context.Context, user, packageTy
 	return s.client.Do(ctx, req, nil)
 }
 
-// Restore a package version to a user. Passing the empty string for "user" will
+// PackageRestoreVersion restores a package version to a user. Passing the empty string for "user" will
 // restore the version for the authenticated user.
 //
-// GitHub API docs: https://docs.github.com/en/rest/packages#restore-a-package-version-for-the-authenticated-user
-// GitHub API docs: https://docs.github.com/en/rest/packages#restore-package-version-for-a-user
+// GitHub API docs: https://docs.github.com/rest/packages/packages#restore-a-package-version-for-the-authenticated-user
+// GitHub API docs: https://docs.github.com/rest/packages/packages#restore-package-version-for-a-user
+//
+//meta:operation POST /user/packages/{package_type}/{package_name}/versions/{package_version_id}/restore
+//meta:operation POST /users/{username}/packages/{package_type}/{package_name}/versions/{package_version_id}/restore
 func (s *UsersService) PackageRestoreVersion(ctx context.Context, user, packageType, packageName string, packageVersionID int64) (*Response, error) {
 	var u string
 	if user != "" {
diff --git a/vendor/github.com/google/go-github/v56/github/users_projects.go b/vendor/github.com/google/go-github/v57/github/users_projects.go
similarity index 86%
rename from vendor/github.com/google/go-github/v56/github/users_projects.go
rename to vendor/github.com/google/go-github/v57/github/users_projects.go
index 0cbd61f923c..0ab57e5c23c 100644
--- a/vendor/github.com/google/go-github/v56/github/users_projects.go
+++ b/vendor/github.com/google/go-github/v57/github/users_projects.go
@@ -12,7 +12,9 @@ import (
 
 // ListProjects lists the projects for the specified user.
 //
-// GitHub API docs: https://docs.github.com/en/rest/projects/projects#list-user-projects
+// GitHub API docs: https://docs.github.com/rest/projects/projects#list-user-projects
+//
+//meta:operation GET /users/{username}/projects
 func (s *UsersService) ListProjects(ctx context.Context, user string, opts *ProjectListOptions) ([]*Project, *Response, error) {
 	u := fmt.Sprintf("users/%v/projects", user)
 	u, err := addOptions(u, opts)
@@ -47,7 +49,9 @@ type CreateUserProjectOptions struct {
 
 // CreateProject creates a GitHub Project for the current user.
 //
-// GitHub API docs: https://docs.github.com/en/rest/projects/projects#create-a-user-project
+// GitHub API docs: https://docs.github.com/rest/projects/projects#create-a-user-project
+//
+//meta:operation POST /user/projects
 func (s *UsersService) CreateProject(ctx context.Context, opts *CreateUserProjectOptions) (*Project, *Response, error) {
 	u := "user/projects"
 	req, err := s.client.NewRequest("POST", u, opts)
diff --git a/vendor/github.com/google/go-github/v56/github/users_ssh_signing_keys.go b/vendor/github.com/google/go-github/v57/github/users_ssh_signing_keys.go
similarity index 72%
rename from vendor/github.com/google/go-github/v56/github/users_ssh_signing_keys.go
rename to vendor/github.com/google/go-github/v57/github/users_ssh_signing_keys.go
index 567623f8875..fcc930be628 100644
--- a/vendor/github.com/google/go-github/v56/github/users_ssh_signing_keys.go
+++ b/vendor/github.com/google/go-github/v57/github/users_ssh_signing_keys.go
@@ -25,8 +25,11 @@ func (k SSHSigningKey) String() string {
 // ListSSHSigningKeys lists the SSH signing keys for a user. Passing an empty
 // username string will fetch SSH signing keys for the authenticated user.
 //
-// GitHub API docs: https://docs.github.com/en/rest/users/ssh-signing-keys#list-ssh-signing-keys-for-the-authenticated-user
-// GitHub API docs: https://docs.github.com/en/rest/users/ssh-signing-keys#list-ssh-signing-keys-for-a-user
+// GitHub API docs: https://docs.github.com/rest/users/ssh-signing-keys#list-ssh-signing-keys-for-a-user
+// GitHub API docs: https://docs.github.com/rest/users/ssh-signing-keys#list-ssh-signing-keys-for-the-authenticated-user
+//
+//meta:operation GET /user/ssh_signing_keys
+//meta:operation GET /users/{username}/ssh_signing_keys
 func (s *UsersService) ListSSHSigningKeys(ctx context.Context, user string, opts *ListOptions) ([]*SSHSigningKey, *Response, error) {
 	var u string
 	if user != "" {
@@ -55,7 +58,9 @@ func (s *UsersService) ListSSHSigningKeys(ctx context.Context, user string, opts
 
 // GetSSHSigningKey fetches a single SSH signing key for the authenticated user.
 //
-// GitHub API docs: https://docs.github.com/en/rest/users/ssh-signing-keys#get-an-ssh-signing-key-for-the-authenticated-user
+// GitHub API docs: https://docs.github.com/rest/users/ssh-signing-keys#get-an-ssh-signing-key-for-the-authenticated-user
+//
+//meta:operation GET /user/ssh_signing_keys/{ssh_signing_key_id}
 func (s *UsersService) GetSSHSigningKey(ctx context.Context, id int64) (*SSHSigningKey, *Response, error) {
 	u := fmt.Sprintf("user/ssh_signing_keys/%v", id)
 
@@ -75,7 +80,9 @@ func (s *UsersService) GetSSHSigningKey(ctx context.Context, id int64) (*SSHSign
 
 // CreateSSHSigningKey adds a SSH signing key for the authenticated user.
 //
-// GitHub API docs: https://docs.github.com/en/rest/users/ssh-signing-keys#create-a-ssh-signing-key-for-the-authenticated-user
+// GitHub API docs: https://docs.github.com/rest/users/ssh-signing-keys#create-a-ssh-signing-key-for-the-authenticated-user
+//
+//meta:operation POST /user/ssh_signing_keys
 func (s *UsersService) CreateSSHSigningKey(ctx context.Context, key *Key) (*SSHSigningKey, *Response, error) {
 	u := "user/ssh_signing_keys"
 
@@ -93,9 +100,11 @@ func (s *UsersService) CreateSSHSigningKey(ctx context.Context, key *Key) (*SSHS
 	return k, resp, nil
 }
 
-// DeleteKey deletes a SSH signing key for the authenticated user.
+// DeleteSSHSigningKey deletes a SSH signing key for the authenticated user.
+//
+// GitHub API docs: https://docs.github.com/rest/users/ssh-signing-keys#delete-an-ssh-signing-key-for-the-authenticated-user
 //
-// GitHub API docs: https://docs.github.com/en/rest/users/ssh-signing-keys#delete-an-ssh-signing-key-for-the-authenticated-user
+//meta:operation DELETE /user/ssh_signing_keys/{ssh_signing_key_id}
 func (s *UsersService) DeleteSSHSigningKey(ctx context.Context, id int64) (*Response, error) {
 	u := fmt.Sprintf("user/ssh_signing_keys/%v", id)
 
diff --git a/vendor/github.com/google/go-github/v56/github/with_appengine.go b/vendor/github.com/google/go-github/v57/github/with_appengine.go
similarity index 100%
rename from vendor/github.com/google/go-github/v56/github/with_appengine.go
rename to vendor/github.com/google/go-github/v57/github/with_appengine.go
diff --git a/vendor/github.com/google/go-github/v56/github/without_appengine.go b/vendor/github.com/google/go-github/v57/github/without_appengine.go
similarity index 100%
rename from vendor/github.com/google/go-github/v56/github/without_appengine.go
rename to vendor/github.com/google/go-github/v57/github/without_appengine.go
diff --git a/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/errors.go b/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/errors.go
index d2bcbb7d2a2..230cac7b86c 100644
--- a/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/errors.go
+++ b/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/errors.go
@@ -137,7 +137,7 @@ func DefaultHTTPErrorHandler(ctx context.Context, mux *ServeMux, marshaler Marsh
 	doForwardTrailers := requestAcceptsTrailers(r)
 
 	if doForwardTrailers {
-		handleForwardResponseTrailerHeader(w, md)
+		handleForwardResponseTrailerHeader(w, mux, md)
 		w.Header().Set("Transfer-Encoding", "chunked")
 	}
 
@@ -152,7 +152,7 @@ func DefaultHTTPErrorHandler(ctx context.Context, mux *ServeMux, marshaler Marsh
 	}
 
 	if doForwardTrailers {
-		handleForwardResponseTrailer(w, md)
+		handleForwardResponseTrailer(w, mux, md)
 	}
 }
 
diff --git a/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/handler.go b/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/handler.go
index 305b1458b3d..5e14cf8b0e2 100644
--- a/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/handler.go
+++ b/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/handler.go
@@ -3,7 +3,6 @@ package runtime
 import (
 	"context"
 	"errors"
-	"fmt"
 	"io"
 	"net/http"
 	"net/textproto"
@@ -109,18 +108,20 @@ func handleForwardResponseServerMetadata(w http.ResponseWriter, mux *ServeMux, m
 	}
 }
 
-func handleForwardResponseTrailerHeader(w http.ResponseWriter, md ServerMetadata) {
+func handleForwardResponseTrailerHeader(w http.ResponseWriter, mux *ServeMux, md ServerMetadata) {
 	for k := range md.TrailerMD {
-		tKey := textproto.CanonicalMIMEHeaderKey(fmt.Sprintf("%s%s", MetadataTrailerPrefix, k))
-		w.Header().Add("Trailer", tKey)
+		if h, ok := mux.outgoingTrailerMatcher(k); ok {
+			w.Header().Add("Trailer", textproto.CanonicalMIMEHeaderKey(h))
+		}
 	}
 }
 
-func handleForwardResponseTrailer(w http.ResponseWriter, md ServerMetadata) {
+func handleForwardResponseTrailer(w http.ResponseWriter, mux *ServeMux, md ServerMetadata) {
 	for k, vs := range md.TrailerMD {
-		tKey := fmt.Sprintf("%s%s", MetadataTrailerPrefix, k)
-		for _, v := range vs {
-			w.Header().Add(tKey, v)
+		if h, ok := mux.outgoingTrailerMatcher(k); ok {
+			for _, v := range vs {
+				w.Header().Add(h, v)
+			}
 		}
 	}
 }
@@ -148,12 +149,10 @@ func ForwardResponseMessage(ctx context.Context, mux *ServeMux, marshaler Marsha
 	doForwardTrailers := requestAcceptsTrailers(req)
 
 	if doForwardTrailers {
-		handleForwardResponseTrailerHeader(w, md)
+		handleForwardResponseTrailerHeader(w, mux, md)
 		w.Header().Set("Transfer-Encoding", "chunked")
 	}
 
-	handleForwardResponseTrailerHeader(w, md)
-
 	contentType := marshaler.ContentType(resp)
 	w.Header().Set("Content-Type", contentType)
 
@@ -179,7 +178,7 @@ func ForwardResponseMessage(ctx context.Context, mux *ServeMux, marshaler Marsha
 	}
 
 	if doForwardTrailers {
-		handleForwardResponseTrailer(w, md)
+		handleForwardResponseTrailer(w, mux, md)
 	}
 }
 
diff --git a/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/mux.go b/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/mux.go
index f451cb441f4..628e1fde1cb 100644
--- a/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/mux.go
+++ b/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/mux.go
@@ -57,6 +57,7 @@ type ServeMux struct {
 	marshalers                marshalerRegistry
 	incomingHeaderMatcher     HeaderMatcherFunc
 	outgoingHeaderMatcher     HeaderMatcherFunc
+	outgoingTrailerMatcher    HeaderMatcherFunc
 	metadataAnnotators        []func(context.Context, *http.Request) metadata.MD
 	errorHandler              ErrorHandlerFunc
 	streamErrorHandler        StreamErrorHandlerFunc
@@ -114,10 +115,18 @@ func DefaultHeaderMatcher(key string) (string, bool) {
 	return "", false
 }
 
+func defaultOutgoingHeaderMatcher(key string) (string, bool) {
+	return fmt.Sprintf("%s%s", MetadataHeaderPrefix, key), true
+}
+
+func defaultOutgoingTrailerMatcher(key string) (string, bool) {
+	return fmt.Sprintf("%s%s", MetadataTrailerPrefix, key), true
+}
+
 // WithIncomingHeaderMatcher returns a ServeMuxOption representing a headerMatcher for incoming request to gateway.
 //
 // This matcher will be called with each header in http.Request. If matcher returns true, that header will be
-// passed to gRPC context. To transform the header before passing to gRPC context, matcher should return modified header.
+// passed to gRPC context. To transform the header before passing to gRPC context, matcher should return the modified header.
 func WithIncomingHeaderMatcher(fn HeaderMatcherFunc) ServeMuxOption {
 	for _, header := range fn.matchedMalformedHeaders() {
 		grpclog.Warningf("The configured forwarding filter would allow %q to be sent to the gRPC server, which will likely cause errors. See https://github.com/grpc/grpc-go/pull/4803#issuecomment-986093310 for more information.", header)
@@ -147,13 +156,24 @@ func (fn HeaderMatcherFunc) matchedMalformedHeaders() []string {
 //
 // This matcher will be called with each header in response header metadata. If matcher returns true, that header will be
 // passed to http response returned from gateway. To transform the header before passing to response,
-// matcher should return modified header.
+// matcher should return the modified header.
 func WithOutgoingHeaderMatcher(fn HeaderMatcherFunc) ServeMuxOption {
 	return func(mux *ServeMux) {
 		mux.outgoingHeaderMatcher = fn
 	}
 }
 
+// WithOutgoingTrailerMatcher returns a ServeMuxOption representing a headerMatcher for outgoing response from gateway.
+//
+// This matcher will be called with each header in response trailer metadata. If matcher returns true, that header will be
+// passed to http response returned from gateway. To transform the header before passing to response,
+// matcher should return the modified header.
+func WithOutgoingTrailerMatcher(fn HeaderMatcherFunc) ServeMuxOption {
+	return func(mux *ServeMux) {
+		mux.outgoingTrailerMatcher = fn
+	}
+}
+
 // WithMetadata returns a ServeMuxOption for passing metadata to a gRPC context.
 //
 // This can be used by services that need to read from http.Request and modify gRPC context. A common use case
@@ -273,11 +293,11 @@ func NewServeMux(opts ...ServeMuxOption) *ServeMux {
 	if serveMux.incomingHeaderMatcher == nil {
 		serveMux.incomingHeaderMatcher = DefaultHeaderMatcher
 	}
-
 	if serveMux.outgoingHeaderMatcher == nil {
-		serveMux.outgoingHeaderMatcher = func(key string) (string, bool) {
-			return fmt.Sprintf("%s%s", MetadataHeaderPrefix, key), true
-		}
+		serveMux.outgoingHeaderMatcher = defaultOutgoingHeaderMatcher
+	}
+	if serveMux.outgoingTrailerMatcher == nil {
+		serveMux.outgoingTrailerMatcher = defaultOutgoingTrailerMatcher
 	}
 
 	return serveMux
diff --git a/vendor/github.com/jackc/pgx/v5/CHANGELOG.md b/vendor/github.com/jackc/pgx/v5/CHANGELOG.md
index f56122775a4..6469c183b7f 100644
--- a/vendor/github.com/jackc/pgx/v5/CHANGELOG.md
+++ b/vendor/github.com/jackc/pgx/v5/CHANGELOG.md
@@ -1,3 +1,14 @@
+# 5.5.2 (January 13, 2024)
+
+* Allow NamedArgs to start with underscore
+* pgproto3: Maximum message body length support (jeremy.spriet)
+* Upgrade golang.org/x/crypto to v0.17.0
+* Add snake_case support to RowToStructByName (Tikhon Fedulov)
+* Fix: update description cache after exec prepare (James Hartig)
+* Fix: pipeline checks if it is closed (James Hartig and Ryan Fowler)
+* Fix: normalize timeout / context errors during TLS startup (Samuel Stauffer)
+* Add OnPgError for easier centralized error handling (James Hartig)
+
 # 5.5.1 (December 9, 2023)
 
 * Add CopyFromFunc helper function. (robford)
diff --git a/vendor/github.com/jackc/pgx/v5/conn.go b/vendor/github.com/jackc/pgx/v5/conn.go
index d85cf127f6d..64ae48cab03 100644
--- a/vendor/github.com/jackc/pgx/v5/conn.go
+++ b/vendor/github.com/jackc/pgx/v5/conn.go
@@ -513,6 +513,7 @@ optionLoop:
 			if err != nil {
 				return pgconn.CommandTag{}, err
 			}
+			c.descriptionCache.Put(sd)
 		}
 
 		return c.execParams(ctx, sd, arguments)
diff --git a/vendor/github.com/jackc/pgx/v5/doc.go b/vendor/github.com/jackc/pgx/v5/doc.go
index 7486f42c5d1..db99fc4cbb8 100644
--- a/vendor/github.com/jackc/pgx/v5/doc.go
+++ b/vendor/github.com/jackc/pgx/v5/doc.go
@@ -187,7 +187,7 @@ implemented on top of pgconn. The Conn.PgConn() method can be used to access thi
 
 PgBouncer
 
-By default pgx automatically uses prepared statements. Prepared statements are incompaptible with PgBouncer. This can be
+By default pgx automatically uses prepared statements. Prepared statements are incompatible with PgBouncer. This can be
 disabled by setting a different QueryExecMode in ConnConfig.DefaultQueryExecMode.
 */
 package pgx
diff --git a/vendor/github.com/jackc/pgx/v5/large_objects.go b/vendor/github.com/jackc/pgx/v5/large_objects.go
index c238ab9c220..676667450ff 100644
--- a/vendor/github.com/jackc/pgx/v5/large_objects.go
+++ b/vendor/github.com/jackc/pgx/v5/large_objects.go
@@ -67,6 +67,10 @@ type LargeObject struct {
 }
 
 // Write writes p to the large object and returns the number of bytes written and an error if not all of p was written.
+//
+// Write is implemented with a single call to lowrite. The PostgreSQL wire protocol has a limit of 1 GB - 1 per message.
+// See definition of PQ_LARGE_MESSAGE_LIMIT in the PostgreSQL source code. To allow for the other data in the message,
+// len(p) should be no larger than 1 GB - 1 KB.
 func (o *LargeObject) Write(p []byte) (int, error) {
 	var n int
 	err := o.tx.QueryRow(o.ctx, "select lowrite($1, $2)", o.fd, p).Scan(&n)
@@ -82,6 +86,10 @@ func (o *LargeObject) Write(p []byte) (int, error) {
 }
 
 // Read reads up to len(p) bytes into p returning the number of bytes read.
+//
+// Read is implemented with a single call to loread. PostgreSQL internally allocates a single buffer for the response.
+// The largest buffer PostgreSQL will allocate is 1 GB - 1. See definition of MaxAllocSize in the PostgreSQL source
+// code. To allow for the other data in the message, len(p) should be no larger than 1 GB - 1 KB.
 func (o *LargeObject) Read(p []byte) (int, error) {
 	var res []byte
 	err := o.tx.QueryRow(o.ctx, "select loread($1, $2)", o.fd, len(p)).Scan(&res)
diff --git a/vendor/github.com/jackc/pgx/v5/named_args.go b/vendor/github.com/jackc/pgx/v5/named_args.go
index 1bc32337aa1..8367fc63a2b 100644
--- a/vendor/github.com/jackc/pgx/v5/named_args.go
+++ b/vendor/github.com/jackc/pgx/v5/named_args.go
@@ -14,6 +14,9 @@ import (
 //
 //	conn.Query(ctx, "select * from widgets where foo = @foo and bar = @bar", pgx.NamedArgs{"foo": 1, "bar": 2})
 //	conn.Query(ctx, "select * from widgets where foo = $1 and bar = $2", 1, 2)
+//
+// Named placeholders are case sensitive and must start with a letter or underscore. Subsequent characters can be
+// letters, numbers, or underscores.
 type NamedArgs map[string]any
 
 // RewriteQuery implements the QueryRewriter interface.
@@ -80,7 +83,7 @@ func rawState(l *sqlLexer) stateFn {
 			return doubleQuoteState
 		case '@':
 			nextRune, _ := utf8.DecodeRuneInString(l.src[l.pos:])
-			if isLetter(nextRune) {
+			if isLetter(nextRune) || nextRune == '_' {
 				if l.pos-l.start > 0 {
 					l.parts = append(l.parts, l.src[l.start:l.pos-width])
 				}
diff --git a/vendor/github.com/jackc/pgx/v5/pgconn/config.go b/vendor/github.com/jackc/pgx/v5/pgconn/config.go
index db0170e02b4..ddde89bd5c8 100644
--- a/vendor/github.com/jackc/pgx/v5/pgconn/config.go
+++ b/vendor/github.com/jackc/pgx/v5/pgconn/config.go
@@ -60,6 +60,11 @@ type Config struct {
 	// OnNotification is a callback function called when a notification from the LISTEN/NOTIFY system is received.
 	OnNotification NotificationHandler
 
+	// OnPgError is a callback function called when a Postgres error is received by the server. The default handler will close
+	// the connection on any FATAL errors. If you override this handler you should call the previously set handler or ensure
+	// that you close on FATAL errors by returning false.
+	OnPgError PgErrorHandler
+
 	createdByParseConfig bool // Used to enforce created by ParseConfig rule.
 }
 
@@ -232,12 +237,12 @@ func ParseConfigWithOptions(connString string, options ParseConfigOptions) (*Con
 		if strings.HasPrefix(connString, "postgres://") || strings.HasPrefix(connString, "postgresql://") {
 			connStringSettings, err = parseURLSettings(connString)
 			if err != nil {
-				return nil, &parseConfigError{connString: connString, msg: "failed to parse as URL", err: err}
+				return nil, &ParseConfigError{ConnString: connString, msg: "failed to parse as URL", err: err}
 			}
 		} else {
 			connStringSettings, err = parseDSNSettings(connString)
 			if err != nil {
-				return nil, &parseConfigError{connString: connString, msg: "failed to parse as DSN", err: err}
+				return nil, &ParseConfigError{ConnString: connString, msg: "failed to parse as DSN", err: err}
 			}
 		}
 	}
@@ -246,7 +251,7 @@ func ParseConfigWithOptions(connString string, options ParseConfigOptions) (*Con
 	if service, present := settings["service"]; present {
 		serviceSettings, err := parseServiceSettings(settings["servicefile"], service)
 		if err != nil {
-			return nil, &parseConfigError{connString: connString, msg: "failed to read service", err: err}
+			return nil, &ParseConfigError{ConnString: connString, msg: "failed to read service", err: err}
 		}
 
 		settings = mergeSettings(defaultSettings, envSettings, serviceSettings, connStringSettings)
@@ -261,12 +266,19 @@ func ParseConfigWithOptions(connString string, options ParseConfigOptions) (*Con
 		BuildFrontend: func(r io.Reader, w io.Writer) *pgproto3.Frontend {
 			return pgproto3.NewFrontend(r, w)
 		},
+		OnPgError: func(_ *PgConn, pgErr *PgError) bool {
+			// we want to automatically close any fatal errors
+			if strings.EqualFold(pgErr.Severity, "FATAL") {
+				return false
+			}
+			return true
+		},
 	}
 
 	if connectTimeoutSetting, present := settings["connect_timeout"]; present {
 		connectTimeout, err := parseConnectTimeoutSetting(connectTimeoutSetting)
 		if err != nil {
-			return nil, &parseConfigError{connString: connString, msg: "invalid connect_timeout", err: err}
+			return nil, &ParseConfigError{ConnString: connString, msg: "invalid connect_timeout", err: err}
 		}
 		config.ConnectTimeout = connectTimeout
 		config.DialFunc = makeConnectTimeoutDialFunc(connectTimeout)
@@ -328,7 +340,7 @@ func ParseConfigWithOptions(connString string, options ParseConfigOptions) (*Con
 
 		port, err := parsePort(portStr)
 		if err != nil {
-			return nil, &parseConfigError{connString: connString, msg: "invalid port", err: err}
+			return nil, &ParseConfigError{ConnString: connString, msg: "invalid port", err: err}
 		}
 
 		var tlsConfigs []*tls.Config
@@ -340,7 +352,7 @@ func ParseConfigWithOptions(connString string, options ParseConfigOptions) (*Con
 			var err error
 			tlsConfigs, err = configTLS(settings, host, options)
 			if err != nil {
-				return nil, &parseConfigError{connString: connString, msg: "failed to configure TLS", err: err}
+				return nil, &ParseConfigError{ConnString: connString, msg: "failed to configure TLS", err: err}
 			}
 		}
 
@@ -384,7 +396,7 @@ func ParseConfigWithOptions(connString string, options ParseConfigOptions) (*Con
 	case "any":
 		// do nothing
 	default:
-		return nil, &parseConfigError{connString: connString, msg: fmt.Sprintf("unknown target_session_attrs value: %v", tsa)}
+		return nil, &ParseConfigError{ConnString: connString, msg: fmt.Sprintf("unknown target_session_attrs value: %v", tsa)}
 	}
 
 	return config, nil
diff --git a/vendor/github.com/jackc/pgx/v5/pgconn/errors.go b/vendor/github.com/jackc/pgx/v5/pgconn/errors.go
index 3c54bbec05b..c315739a9a2 100644
--- a/vendor/github.com/jackc/pgx/v5/pgconn/errors.go
+++ b/vendor/github.com/jackc/pgx/v5/pgconn/errors.go
@@ -57,22 +57,23 @@ func (pe *PgError) SQLState() string {
 	return pe.Code
 }
 
-type connectError struct {
-	config *Config
+// ConnectError is the error returned when a connection attempt fails.
+type ConnectError struct {
+	Config *Config // The configuration that was used in the connection attempt.
 	msg    string
 	err    error
 }
 
-func (e *connectError) Error() string {
+func (e *ConnectError) Error() string {
 	sb := &strings.Builder{}
-	fmt.Fprintf(sb, "failed to connect to `host=%s user=%s database=%s`: %s", e.config.Host, e.config.User, e.config.Database, e.msg)
+	fmt.Fprintf(sb, "failed to connect to `host=%s user=%s database=%s`: %s", e.Config.Host, e.Config.User, e.Config.Database, e.msg)
 	if e.err != nil {
 		fmt.Fprintf(sb, " (%s)", e.err.Error())
 	}
 	return sb.String()
 }
 
-func (e *connectError) Unwrap() error {
+func (e *ConnectError) Unwrap() error {
 	return e.err
 }
 
@@ -88,33 +89,38 @@ func (e *connLockError) Error() string {
 	return e.status
 }
 
-type parseConfigError struct {
-	connString string
+// ParseConfigError is the error returned when a connection string cannot be parsed.
+type ParseConfigError struct {
+	ConnString string // The connection string that could not be parsed.
 	msg        string
 	err        error
 }
 
-func (e *parseConfigError) Error() string {
-	connString := redactPW(e.connString)
+func (e *ParseConfigError) Error() string {
+	// Now that ParseConfigError is public and ConnString is available to the developer, perhaps it would be better only
+	// return a static string. That would ensure that the error message cannot leak a password. The ConnString field would
+	// allow access to the original string if desired and Unwrap would allow access to the underlying error.
+	connString := redactPW(e.ConnString)
 	if e.err == nil {
 		return fmt.Sprintf("cannot parse `%s`: %s", connString, e.msg)
 	}
 	return fmt.Sprintf("cannot parse `%s`: %s (%s)", connString, e.msg, e.err.Error())
 }
 
-func (e *parseConfigError) Unwrap() error {
+func (e *ParseConfigError) Unwrap() error {
 	return e.err
 }
 
 func normalizeTimeoutError(ctx context.Context, err error) error {
-	if err, ok := err.(net.Error); ok && err.Timeout() {
+	var netErr net.Error
+	if errors.As(err, &netErr) && netErr.Timeout() {
 		if ctx.Err() == context.Canceled {
 			// Since the timeout was caused by a context cancellation, the actual error is context.Canceled not the timeout error.
 			return context.Canceled
 		} else if ctx.Err() == context.DeadlineExceeded {
 			return &errTimeout{err: ctx.Err()}
 		} else {
-			return &errTimeout{err: err}
+			return &errTimeout{err: netErr}
 		}
 	}
 	return err
diff --git a/vendor/github.com/jackc/pgx/v5/pgconn/pgconn.go b/vendor/github.com/jackc/pgx/v5/pgconn/pgconn.go
index 1ccdc4db9f0..b287e0205c3 100644
--- a/vendor/github.com/jackc/pgx/v5/pgconn/pgconn.go
+++ b/vendor/github.com/jackc/pgx/v5/pgconn/pgconn.go
@@ -52,6 +52,12 @@ type LookupFunc func(ctx context.Context, host string) (addrs []string, err erro
 // BuildFrontendFunc is a function that can be used to create Frontend implementation for connection.
 type BuildFrontendFunc func(r io.Reader, w io.Writer) *pgproto3.Frontend
 
+// PgErrorHandler is a function that handles errors returned from Postgres. This function must return true to keep
+// the connection open. Returning false will cause the connection to be closed immediately. You should return
+// false on any FATAL-severity errors. This will not receive network errors. The *PgConn is provided so the handler is
+// aware of the origin of the error, but it must not invoke any query method.
+type PgErrorHandler func(*PgConn, *PgError) bool
+
 // NoticeHandler is a function that can handle notices received from the PostgreSQL server. Notices can be received at
 // any time, usually during handling of a query response. The *PgConn is provided so the handler is aware of the origin
 // of the notice, but it must not invoke any query method. Be aware that this is distinct from LISTEN/NOTIFY
@@ -146,11 +152,11 @@ func ConnectConfig(octx context.Context, config *Config) (pgConn *PgConn, err er
 	ctx := octx
 	fallbackConfigs, err = expandWithIPs(ctx, config.LookupFunc, fallbackConfigs)
 	if err != nil {
-		return nil, &connectError{config: config, msg: "hostname resolving error", err: err}
+		return nil, &ConnectError{Config: config, msg: "hostname resolving error", err: err}
 	}
 
 	if len(fallbackConfigs) == 0 {
-		return nil, &connectError{config: config, msg: "hostname resolving error", err: errors.New("ip addr wasn't found")}
+		return nil, &ConnectError{Config: config, msg: "hostname resolving error", err: errors.New("ip addr wasn't found")}
 	}
 
 	foundBestServer := false
@@ -172,7 +178,7 @@ func ConnectConfig(octx context.Context, config *Config) (pgConn *PgConn, err er
 			foundBestServer = true
 			break
 		} else if pgerr, ok := err.(*PgError); ok {
-			err = &connectError{config: config, msg: "server error", err: pgerr}
+			err = &ConnectError{Config: config, msg: "server error", err: pgerr}
 			const ERRCODE_INVALID_PASSWORD = "28P01"                    // wrong password
 			const ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION = "28000" // wrong password or bad pg_hba.conf settings
 			const ERRCODE_INVALID_CATALOG_NAME = "3D000"                // db does not exist
@@ -183,7 +189,7 @@ func ConnectConfig(octx context.Context, config *Config) (pgConn *PgConn, err er
 				pgerr.Code == ERRCODE_INSUFFICIENT_PRIVILEGE {
 				break
 			}
-		} else if cerr, ok := err.(*connectError); ok {
+		} else if cerr, ok := err.(*ConnectError); ok {
 			if _, ok := cerr.err.(*NotPreferredError); ok {
 				fallbackConfig = fc
 			}
@@ -193,7 +199,7 @@ func ConnectConfig(octx context.Context, config *Config) (pgConn *PgConn, err er
 	if !foundBestServer && fallbackConfig != nil {
 		pgConn, err = connect(ctx, config, fallbackConfig, true)
 		if pgerr, ok := err.(*PgError); ok {
-			err = &connectError{config: config, msg: "server error", err: pgerr}
+			err = &ConnectError{Config: config, msg: "server error", err: pgerr}
 		}
 	}
 
@@ -205,7 +211,7 @@ func ConnectConfig(octx context.Context, config *Config) (pgConn *PgConn, err er
 		err := config.AfterConnect(ctx, pgConn)
 		if err != nil {
 			pgConn.conn.Close()
-			return nil, &connectError{config: config, msg: "AfterConnect error", err: err}
+			return nil, &ConnectError{Config: config, msg: "AfterConnect error", err: err}
 		}
 	}
 
@@ -277,7 +283,7 @@ func connect(ctx context.Context, config *Config, fallbackConfig *FallbackConfig
 	network, address := NetworkAddress(fallbackConfig.Host, fallbackConfig.Port)
 	netConn, err := config.DialFunc(ctx, network, address)
 	if err != nil {
-		return nil, &connectError{config: config, msg: "dial error", err: normalizeTimeoutError(ctx, err)}
+		return nil, &ConnectError{Config: config, msg: "dial error", err: normalizeTimeoutError(ctx, err)}
 	}
 
 	pgConn.conn = netConn
@@ -289,7 +295,7 @@ func connect(ctx context.Context, config *Config, fallbackConfig *FallbackConfig
 		pgConn.contextWatcher.Unwatch() // Always unwatch `netConn` after TLS.
 		if err != nil {
 			netConn.Close()
-			return nil, &connectError{config: config, msg: "tls error", err: err}
+			return nil, &ConnectError{Config: config, msg: "tls error", err: normalizeTimeoutError(ctx, err)}
 		}
 
 		pgConn.conn = nbTLSConn
@@ -330,7 +336,7 @@ func connect(ctx context.Context, config *Config, fallbackConfig *FallbackConfig
 	pgConn.frontend.Send(&startupMsg)
 	if err := pgConn.flushWithPotentialWriteReadDeadlock(); err != nil {
 		pgConn.conn.Close()
-		return nil, &connectError{config: config, msg: "failed to write startup message", err: normalizeTimeoutError(ctx, err)}
+		return nil, &ConnectError{Config: config, msg: "failed to write startup message", err: normalizeTimeoutError(ctx, err)}
 	}
 
 	for {
@@ -340,7 +346,7 @@ func connect(ctx context.Context, config *Config, fallbackConfig *FallbackConfig
 			if err, ok := err.(*PgError); ok {
 				return nil, err
 			}
-			return nil, &connectError{config: config, msg: "failed to receive message", err: normalizeTimeoutError(ctx, err)}
+			return nil, &ConnectError{Config: config, msg: "failed to receive message", err: normalizeTimeoutError(ctx, err)}
 		}
 
 		switch msg := msg.(type) {
@@ -353,26 +359,26 @@ func connect(ctx context.Context, config *Config, fallbackConfig *FallbackConfig
 			err = pgConn.txPasswordMessage(pgConn.config.Password)
 			if err != nil {
 				pgConn.conn.Close()
-				return nil, &connectError{config: config, msg: "failed to write password message", err: err}
+				return nil, &ConnectError{Config: config, msg: "failed to write password message", err: err}
 			}
 		case *pgproto3.AuthenticationMD5Password:
 			digestedPassword := "md5" + hexMD5(hexMD5(pgConn.config.Password+pgConn.config.User)+string(msg.Salt[:]))
 			err = pgConn.txPasswordMessage(digestedPassword)
 			if err != nil {
 				pgConn.conn.Close()
-				return nil, &connectError{config: config, msg: "failed to write password message", err: err}
+				return nil, &ConnectError{Config: config, msg: "failed to write password message", err: err}
 			}
 		case *pgproto3.AuthenticationSASL:
 			err = pgConn.scramAuth(msg.AuthMechanisms)
 			if err != nil {
 				pgConn.conn.Close()
-				return nil, &connectError{config: config, msg: "failed SASL auth", err: err}
+				return nil, &ConnectError{Config: config, msg: "failed SASL auth", err: err}
 			}
 		case *pgproto3.AuthenticationGSS:
 			err = pgConn.gssAuth()
 			if err != nil {
 				pgConn.conn.Close()
-				return nil, &connectError{config: config, msg: "failed GSS auth", err: err}
+				return nil, &ConnectError{Config: config, msg: "failed GSS auth", err: err}
 			}
 		case *pgproto3.ReadyForQuery:
 			pgConn.status = connStatusIdle
@@ -390,7 +396,7 @@ func connect(ctx context.Context, config *Config, fallbackConfig *FallbackConfig
 						return pgConn, nil
 					}
 					pgConn.conn.Close()
-					return nil, &connectError{config: config, msg: "ValidateConnect failed", err: err}
+					return nil, &ConnectError{Config: config, msg: "ValidateConnect failed", err: err}
 				}
 			}
 			return pgConn, nil
@@ -401,7 +407,7 @@ func connect(ctx context.Context, config *Config, fallbackConfig *FallbackConfig
 			return nil, ErrorResponseToPgError(msg)
 		default:
 			pgConn.conn.Close()
-			return nil, &connectError{config: config, msg: "received unexpected message", err: err}
+			return nil, &ConnectError{Config: config, msg: "received unexpected message", err: err}
 		}
 	}
 }
@@ -547,11 +553,12 @@ func (pgConn *PgConn) receiveMessage() (pgproto3.BackendMessage, error) {
 	case *pgproto3.ParameterStatus:
 		pgConn.parameterStatuses[msg.Name] = msg.Value
 	case *pgproto3.ErrorResponse:
-		if msg.Severity == "FATAL" {
+		err := ErrorResponseToPgError(msg)
+		if pgConn.config.OnPgError != nil && !pgConn.config.OnPgError(pgConn, err) {
 			pgConn.status = connStatusClosed
 			pgConn.conn.Close() // Ignore error as the connection is already broken and there is already an error to return.
 			close(pgConn.cleanupDone)
-			return nil, ErrorResponseToPgError(msg)
+			return nil, err
 		}
 	case *pgproto3.NoticeResponse:
 		if pgConn.config.OnNotice != nil {
@@ -2046,6 +2053,13 @@ func (p *Pipeline) Flush() error {
 
 // Sync establishes a synchronization point and flushes the queued requests.
 func (p *Pipeline) Sync() error {
+	if p.closed {
+		if p.err != nil {
+			return p.err
+		}
+		return errors.New("pipeline closed")
+	}
+
 	p.conn.frontend.SendSync(&pgproto3.Sync{})
 	err := p.Flush()
 	if err != nil {
@@ -2062,10 +2076,21 @@ func (p *Pipeline) Sync() error {
 // *PipelineSync. If an ErrorResponse is received from the server, results will be nil and err will be a *PgError. If no
 // results are available, results and err will both be nil.
 func (p *Pipeline) GetResults() (results any, err error) {
+	if p.closed {
+		if p.err != nil {
+			return nil, p.err
+		}
+		return nil, errors.New("pipeline closed")
+	}
+
 	if p.expectedReadyForQueryCount == 0 {
 		return nil, nil
 	}
 
+	return p.getResults()
+}
+
+func (p *Pipeline) getResults() (results any, err error) {
 	for {
 		msg, err := p.conn.receiveMessage()
 		if err != nil {
@@ -2092,7 +2117,8 @@ func (p *Pipeline) GetResults() (results any, err error) {
 		case *pgproto3.ParseComplete:
 			peekedMsg, err := p.conn.peekMessage()
 			if err != nil {
-				return nil, err
+				p.conn.asyncClose()
+				return nil, normalizeTimeoutError(p.ctx, err)
 			}
 			if _, ok := peekedMsg.(*pgproto3.ParameterDescription); ok {
 				return p.getResultsPrepare()
@@ -2152,6 +2178,7 @@ func (p *Pipeline) Close() error {
 	if p.closed {
 		return p.err
 	}
+
 	p.closed = true
 
 	if p.pendingSync {
@@ -2164,7 +2191,7 @@ func (p *Pipeline) Close() error {
 	}
 
 	for p.expectedReadyForQueryCount > 0 {
-		_, err := p.GetResults()
+		_, err := p.getResults()
 		if err != nil {
 			p.err = err
 			var pgErr *PgError
diff --git a/vendor/github.com/jackc/pgx/v5/pgproto3/backend.go b/vendor/github.com/jackc/pgx/v5/pgproto3/backend.go
index 6db77e4a2f4..efa909c3a92 100644
--- a/vendor/github.com/jackc/pgx/v5/pgproto3/backend.go
+++ b/vendor/github.com/jackc/pgx/v5/pgproto3/backend.go
@@ -38,6 +38,7 @@ type Backend struct {
 	terminate      Terminate
 
 	bodyLen    int
+	maxBodyLen int // maxBodyLen is the maximum length of a message body in octets. If a message body exceeds this length, Receive will return an error.
 	msgType    byte
 	partialMsg bool
 	authType   uint32
@@ -158,6 +159,9 @@ func (b *Backend) Receive() (FrontendMessage, error) {
 
 		b.msgType = header[0]
 		b.bodyLen = int(binary.BigEndian.Uint32(header[1:])) - 4
+		if b.maxBodyLen > 0 && b.bodyLen > b.maxBodyLen {
+			return nil, &ExceededMaxBodyLenErr{b.maxBodyLen, b.bodyLen}
+		}
 		b.partialMsg = true
 	}
 
@@ -260,3 +264,12 @@ func (b *Backend) SetAuthType(authType uint32) error {
 
 	return nil
 }
+
+// SetMaxBodyLen sets the maximum length of a message body in octets. If a message body exceeds this length, Receive will return
+// an error. This is useful for protecting against malicious clients that send large messages with the intent of
+// causing memory exhaustion.
+// The default value is 0.
+// If maxBodyLen is 0, then no maximum is enforced.
+func (b *Backend) SetMaxBodyLen(maxBodyLen int) {
+	b.maxBodyLen = maxBodyLen
+}
diff --git a/vendor/github.com/jackc/pgx/v5/pgproto3/pgproto3.go b/vendor/github.com/jackc/pgx/v5/pgproto3/pgproto3.go
index ef5a54896be..8df383c2c99 100644
--- a/vendor/github.com/jackc/pgx/v5/pgproto3/pgproto3.go
+++ b/vendor/github.com/jackc/pgx/v5/pgproto3/pgproto3.go
@@ -70,6 +70,15 @@ func (e *writeError) Unwrap() error {
 	return e.err
 }
 
+type ExceededMaxBodyLenErr struct {
+	MaxExpectedBodyLen int
+	ActualBodyLen      int
+}
+
+func (e *ExceededMaxBodyLenErr) Error() string {
+	return fmt.Sprintf("invalid body length: expected at most %d, but got %d", e.MaxExpectedBodyLen, e.ActualBodyLen)
+}
+
 // getValueFromJSON gets the value from a protocol message representation in JSON.
 func getValueFromJSON(v map[string]string) ([]byte, error) {
 	if v == nil {
diff --git a/vendor/github.com/jackc/pgx/v5/rows.go b/vendor/github.com/jackc/pgx/v5/rows.go
index 73efffa0a2e..1ad91765594 100644
--- a/vendor/github.com/jackc/pgx/v5/rows.go
+++ b/vendor/github.com/jackc/pgx/v5/rows.go
@@ -667,7 +667,12 @@ const structTagKey = "db"
 func fieldPosByName(fldDescs []pgconn.FieldDescription, field string) (i int) {
 	i = -1
 	for i, desc := range fldDescs {
-		if strings.EqualFold(desc.Name, field) {
+
+		// Snake case support.
+		field = strings.ReplaceAll(field, "_", "")
+		descName := strings.ReplaceAll(desc.Name, "_", "")
+
+		if strings.EqualFold(descName, field) {
 			return i
 		}
 	}
diff --git a/vendor/github.com/jackc/pgx/v5/stdlib/sql.go b/vendor/github.com/jackc/pgx/v5/stdlib/sql.go
index 86a4c9320c0..3d65e23ad9c 100644
--- a/vendor/github.com/jackc/pgx/v5/stdlib/sql.go
+++ b/vendor/github.com/jackc/pgx/v5/stdlib/sql.go
@@ -21,10 +21,7 @@
 //	  return err
 //	}
 //
-//	db, err := stdlib.OpenDBFromPool(pool)
-//	if err != nil {
-//	  return err
-//	}
+//	db := stdlib.OpenDBFromPool(pool)
 //
 // Or a pgx.ConnConfig can be used to set configuration not accessible via connection string. In this case the
 // pgx.ConnConfig must first be registered with the driver. This registration returns a connection string which is used
diff --git a/vendor/github.com/matttproud/golang_protobuf_extensions/v2/LICENSE b/vendor/github.com/matttproud/golang_protobuf_extensions/v2/LICENSE
deleted file mode 100644
index 8dada3edaf5..00000000000
--- a/vendor/github.com/matttproud/golang_protobuf_extensions/v2/LICENSE
+++ /dev/null
@@ -1,201 +0,0 @@
-                                 Apache License
-                           Version 2.0, January 2004
-                        http://www.apache.org/licenses/
-
-   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
-
-   1. Definitions.
-
-      "License" shall mean the terms and conditions for use, reproduction,
-      and distribution as defined by Sections 1 through 9 of this document.
-
-      "Licensor" shall mean the copyright owner or entity authorized by
-      the copyright owner that is granting the License.
-
-      "Legal Entity" shall mean the union of the acting entity and all
-      other entities that control, are controlled by, or are under common
-      control with that entity. For the purposes of this definition,
-      "control" means (i) the power, direct or indirect, to cause the
-      direction or management of such entity, whether by contract or
-      otherwise, or (ii) ownership of fifty percent (50%) or more of the
-      outstanding shares, or (iii) beneficial ownership of such entity.
-
-      "You" (or "Your") shall mean an individual or Legal Entity
-      exercising permissions granted by this License.
-
-      "Source" form shall mean the preferred form for making modifications,
-      including but not limited to software source code, documentation
-      source, and configuration files.
-
-      "Object" form shall mean any form resulting from mechanical
-      transformation or translation of a Source form, including but
-      not limited to compiled object code, generated documentation,
-      and conversions to other media types.
-
-      "Work" shall mean the work of authorship, whether in Source or
-      Object form, made available under the License, as indicated by a
-      copyright notice that is included in or attached to the work
-      (an example is provided in the Appendix below).
-
-      "Derivative Works" shall mean any work, whether in Source or Object
-      form, that is based on (or derived from) the Work and for which the
-      editorial revisions, annotations, elaborations, or other modifications
-      represent, as a whole, an original work of authorship. For the purposes
-      of this License, Derivative Works shall not include works that remain
-      separable from, or merely link (or bind by name) to the interfaces of,
-      the Work and Derivative Works thereof.
-
-      "Contribution" shall mean any work of authorship, including
-      the original version of the Work and any modifications or additions
-      to that Work or Derivative Works thereof, that is intentionally
-      submitted to Licensor for inclusion in the Work by the copyright owner
-      or by an individual or Legal Entity authorized to submit on behalf of
-      the copyright owner. For the purposes of this definition, "submitted"
-      means any form of electronic, verbal, or written communication sent
-      to the Licensor or its representatives, including but not limited to
-      communication on electronic mailing lists, source code control systems,
-      and issue tracking systems that are managed by, or on behalf of, the
-      Licensor for the purpose of discussing and improving the Work, but
-      excluding communication that is conspicuously marked or otherwise
-      designated in writing by the copyright owner as "Not a Contribution."
-
-      "Contributor" shall mean Licensor and any individual or Legal Entity
-      on behalf of whom a Contribution has been received by Licensor and
-      subsequently incorporated within the Work.
-
-   2. Grant of Copyright License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      copyright license to reproduce, prepare Derivative Works of,
-      publicly display, publicly perform, sublicense, and distribute the
-      Work and such Derivative Works in Source or Object form.
-
-   3. Grant of Patent License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      (except as stated in this section) patent license to make, have made,
-      use, offer to sell, sell, import, and otherwise transfer the Work,
-      where such license applies only to those patent claims licensable
-      by such Contributor that are necessarily infringed by their
-      Contribution(s) alone or by combination of their Contribution(s)
-      with the Work to which such Contribution(s) was submitted. If You
-      institute patent litigation against any entity (including a
-      cross-claim or counterclaim in a lawsuit) alleging that the Work
-      or a Contribution incorporated within the Work constitutes direct
-      or contributory patent infringement, then any patent licenses
-      granted to You under this License for that Work shall terminate
-      as of the date such litigation is filed.
-
-   4. Redistribution. You may reproduce and distribute copies of the
-      Work or Derivative Works thereof in any medium, with or without
-      modifications, and in Source or Object form, provided that You
-      meet the following conditions:
-
-      (a) You must give any other recipients of the Work or
-          Derivative Works a copy of this License; and
-
-      (b) You must cause any modified files to carry prominent notices
-          stating that You changed the files; and
-
-      (c) You must retain, in the Source form of any Derivative Works
-          that You distribute, all copyright, patent, trademark, and
-          attribution notices from the Source form of the Work,
-          excluding those notices that do not pertain to any part of
-          the Derivative Works; and
-
-      (d) If the Work includes a "NOTICE" text file as part of its
-          distribution, then any Derivative Works that You distribute must
-          include a readable copy of the attribution notices contained
-          within such NOTICE file, excluding those notices that do not
-          pertain to any part of the Derivative Works, in at least one
-          of the following places: within a NOTICE text file distributed
-          as part of the Derivative Works; within the Source form or
-          documentation, if provided along with the Derivative Works; or,
-          within a display generated by the Derivative Works, if and
-          wherever such third-party notices normally appear. The contents
-          of the NOTICE file are for informational purposes only and
-          do not modify the License. You may add Your own attribution
-          notices within Derivative Works that You distribute, alongside
-          or as an addendum to the NOTICE text from the Work, provided
-          that such additional attribution notices cannot be construed
-          as modifying the License.
-
-      You may add Your own copyright statement to Your modifications and
-      may provide additional or different license terms and conditions
-      for use, reproduction, or distribution of Your modifications, or
-      for any such Derivative Works as a whole, provided Your use,
-      reproduction, and distribution of the Work otherwise complies with
-      the conditions stated in this License.
-
-   5. Submission of Contributions. Unless You explicitly state otherwise,
-      any Contribution intentionally submitted for inclusion in the Work
-      by You to the Licensor shall be under the terms and conditions of
-      this License, without any additional terms or conditions.
-      Notwithstanding the above, nothing herein shall supersede or modify
-      the terms of any separate license agreement you may have executed
-      with Licensor regarding such Contributions.
-
-   6. Trademarks. This License does not grant permission to use the trade
-      names, trademarks, service marks, or product names of the Licensor,
-      except as required for reasonable and customary use in describing the
-      origin of the Work and reproducing the content of the NOTICE file.
-
-   7. Disclaimer of Warranty. Unless required by applicable law or
-      agreed to in writing, Licensor provides the Work (and each
-      Contributor provides its Contributions) on an "AS IS" BASIS,
-      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
-      implied, including, without limitation, any warranties or conditions
-      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
-      PARTICULAR PURPOSE. You are solely responsible for determining the
-      appropriateness of using or redistributing the Work and assume any
-      risks associated with Your exercise of permissions under this License.
-
-   8. Limitation of Liability. In no event and under no legal theory,
-      whether in tort (including negligence), contract, or otherwise,
-      unless required by applicable law (such as deliberate and grossly
-      negligent acts) or agreed to in writing, shall any Contributor be
-      liable to You for damages, including any direct, indirect, special,
-      incidental, or consequential damages of any character arising as a
-      result of this License or out of the use or inability to use the
-      Work (including but not limited to damages for loss of goodwill,
-      work stoppage, computer failure or malfunction, or any and all
-      other commercial damages or losses), even if such Contributor
-      has been advised of the possibility of such damages.
-
-   9. Accepting Warranty or Additional Liability. While redistributing
-      the Work or Derivative Works thereof, You may choose to offer,
-      and charge a fee for, acceptance of support, warranty, indemnity,
-      or other liability obligations and/or rights consistent with this
-      License. However, in accepting such obligations, You may act only
-      on Your own behalf and on Your sole responsibility, not on behalf
-      of any other Contributor, and only if You agree to indemnify,
-      defend, and hold each Contributor harmless for any liability
-      incurred by, or claims asserted against, such Contributor by reason
-      of your accepting any such warranty or additional liability.
-
-   END OF TERMS AND CONDITIONS
-
-   APPENDIX: How to apply the Apache License to your work.
-
-      To apply the Apache License to your work, attach the following
-      boilerplate notice, with the fields enclosed by brackets "{}"
-      replaced with your own identifying information. (Don't include
-      the brackets!)  The text should be enclosed in the appropriate
-      comment syntax for the file format. We also recommend that a
-      file or class name and description of purpose be included on the
-      same "printed page" as the copyright notice for easier
-      identification within third-party archives.
-
-   Copyright {yyyy} {name of copyright owner}
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
diff --git a/vendor/github.com/matttproud/golang_protobuf_extensions/v2/NOTICE b/vendor/github.com/matttproud/golang_protobuf_extensions/v2/NOTICE
deleted file mode 100644
index 5d8cb5b72e7..00000000000
--- a/vendor/github.com/matttproud/golang_protobuf_extensions/v2/NOTICE
+++ /dev/null
@@ -1 +0,0 @@
-Copyright 2012 Matt T. Proud (matt.proud@gmail.com)
diff --git a/vendor/github.com/matttproud/golang_protobuf_extensions/v2/pbutil/.gitignore b/vendor/github.com/matttproud/golang_protobuf_extensions/v2/pbutil/.gitignore
deleted file mode 100644
index e16fb946bb9..00000000000
--- a/vendor/github.com/matttproud/golang_protobuf_extensions/v2/pbutil/.gitignore
+++ /dev/null
@@ -1 +0,0 @@
-cover.dat
diff --git a/vendor/github.com/matttproud/golang_protobuf_extensions/v2/pbutil/Makefile b/vendor/github.com/matttproud/golang_protobuf_extensions/v2/pbutil/Makefile
deleted file mode 100644
index 81be214370d..00000000000
--- a/vendor/github.com/matttproud/golang_protobuf_extensions/v2/pbutil/Makefile
+++ /dev/null
@@ -1,7 +0,0 @@
-all:
-
-cover:
-	go test -cover -v -coverprofile=cover.dat ./...
-	go tool cover -func cover.dat
-
-.PHONY: cover
diff --git a/vendor/github.com/matttproud/golang_protobuf_extensions/v2/pbutil/decode.go b/vendor/github.com/matttproud/golang_protobuf_extensions/v2/pbutil/decode.go
deleted file mode 100644
index 7c08e564f14..00000000000
--- a/vendor/github.com/matttproud/golang_protobuf_extensions/v2/pbutil/decode.go
+++ /dev/null
@@ -1,81 +0,0 @@
-// Copyright 2013 Matt T. Proud
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package pbutil
-
-import (
-	"encoding/binary"
-	"errors"
-	"io"
-
-	"google.golang.org/protobuf/proto"
-)
-
-// TODO: Give error package name prefix in next minor release.
-var errInvalidVarint = errors.New("invalid varint32 encountered")
-
-// ReadDelimited decodes a message from the provided length-delimited stream,
-// where the length is encoded as 32-bit varint prefix to the message body.
-// It returns the total number of bytes read and any applicable error.  This is
-// roughly equivalent to the companion Java API's
-// MessageLite#parseDelimitedFrom.  As per the reader contract, this function
-// calls r.Read repeatedly as required until exactly one message including its
-// prefix is read and decoded (or an error has occurred).  The function never
-// reads more bytes from the stream than required.  The function never returns
-// an error if a message has been read and decoded correctly, even if the end
-// of the stream has been reached in doing so.  In that case, any subsequent
-// calls return (0, io.EOF).
-func ReadDelimited(r io.Reader, m proto.Message) (n int, err error) {
-	// TODO: Consider allowing the caller to specify a decode buffer in the
-	// next major version.
-
-	// TODO: Consider using error wrapping to annotate error state in pass-
-	// through cases in the next minor version.
-
-	// Per AbstractParser#parsePartialDelimitedFrom with
-	// CodedInputStream#readRawVarint32.
-	var headerBuf [binary.MaxVarintLen32]byte
-	var bytesRead, varIntBytes int
-	var messageLength uint64
-	for varIntBytes == 0 { // i.e. no varint has been decoded yet.
-		if bytesRead >= len(headerBuf) {
-			return bytesRead, errInvalidVarint
-		}
-		// We have to read byte by byte here to avoid reading more bytes
-		// than required. Each read byte is appended to what we have
-		// read before.
-		newBytesRead, err := r.Read(headerBuf[bytesRead : bytesRead+1])
-		if newBytesRead == 0 {
-			if err != nil {
-				return bytesRead, err
-			}
-			// A Reader should not return (0, nil); but if it does, it should
-			// be treated as no-op according to the Reader contract.
-			continue
-		}
-		bytesRead += newBytesRead
-		// Now present everything read so far to the varint decoder and
-		// see if a varint can be decoded already.
-		messageLength, varIntBytes = binary.Uvarint(headerBuf[:bytesRead])
-	}
-
-	messageBuf := make([]byte, messageLength)
-	newBytesRead, err := io.ReadFull(r, messageBuf)
-	bytesRead += newBytesRead
-	if err != nil {
-		return bytesRead, err
-	}
-
-	return bytesRead, proto.Unmarshal(messageBuf, m)
-}
diff --git a/vendor/github.com/matttproud/golang_protobuf_extensions/v2/pbutil/doc.go b/vendor/github.com/matttproud/golang_protobuf_extensions/v2/pbutil/doc.go
deleted file mode 100644
index c318385cbed..00000000000
--- a/vendor/github.com/matttproud/golang_protobuf_extensions/v2/pbutil/doc.go
+++ /dev/null
@@ -1,16 +0,0 @@
-// Copyright 2013 Matt T. Proud
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-// Package pbutil provides record length-delimited Protocol Buffer streaming.
-package pbutil
diff --git a/vendor/github.com/matttproud/golang_protobuf_extensions/v2/pbutil/encode.go b/vendor/github.com/matttproud/golang_protobuf_extensions/v2/pbutil/encode.go
deleted file mode 100644
index e58dd9d2974..00000000000
--- a/vendor/github.com/matttproud/golang_protobuf_extensions/v2/pbutil/encode.go
+++ /dev/null
@@ -1,49 +0,0 @@
-// Copyright 2013 Matt T. Proud
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package pbutil
-
-import (
-	"encoding/binary"
-	"io"
-
-	"google.golang.org/protobuf/proto"
-)
-
-// WriteDelimited encodes and dumps a message to the provided writer prefixed
-// with a 32-bit varint indicating the length of the encoded message, producing
-// a length-delimited record stream, which can be used to chain together
-// encoded messages of the same type together in a file.  It returns the total
-// number of bytes written and any applicable error.  This is roughly
-// equivalent to the companion Java API's MessageLite#writeDelimitedTo.
-func WriteDelimited(w io.Writer, m proto.Message) (n int, err error) {
-	// TODO: Consider allowing the caller to specify an encode buffer in the
-	// next major version.
-
-	buffer, err := proto.Marshal(m)
-	if err != nil {
-		return 0, err
-	}
-
-	var buf [binary.MaxVarintLen32]byte
-	encodedLength := binary.PutUvarint(buf[:], uint64(len(buffer)))
-
-	sync, err := w.Write(buf[:encodedLength])
-	if err != nil {
-		return sync, err
-	}
-
-	n, err = w.Write(buffer)
-	return n + sync, err
-}
diff --git a/vendor/github.com/onsi/ginkgo/v2/CHANGELOG.md b/vendor/github.com/onsi/ginkgo/v2/CHANGELOG.md
index ec91408f990..9a65dd10c5d 100644
--- a/vendor/github.com/onsi/ginkgo/v2/CHANGELOG.md
+++ b/vendor/github.com/onsi/ginkgo/v2/CHANGELOG.md
@@ -1,3 +1,46 @@
+## 2.15.0
+
+### Features
+
+- JUnit reports now interpret Label(owner:X) and set owner to X. [8f3bd70]
+- include cancellation reason when cancelling spec context [96e915c]
+
+### Fixes
+
+- emit output of failed go tool cover invocation so users can try to debug things for themselves [c245d09]
+- fix outline when using nodot in ginkgo v2 [dca77c8]
+- Document areas where GinkgoT() behaves differently from testing.T [dbaf18f]
+- bugfix(docs): use Unsetenv instead of Clearenv (#1337) [6f67a14]
+
+### Maintenance
+
+- Bump to go 1.20 [4fcd0b3]
+
+## 2.14.0
+
+### Features
+You can now use `GinkgoTB()` when you need an instance of `testing.TB` to pass to a library.
+
+Prior to this release table testing only supported generating individual `It`s for each test entry.  `DescribeTableSubtree` extends table testing support to entire testing subtrees - under the hood `DescrieTableSubtree` generates a new container for each entry and invokes your function to fill our the container.  See the [docs](https://onsi.github.io/ginkgo/#generating-subtree-tables) to learn more.
+
+- Introduce DescribeTableSubtree [65ec56d]
+- add GinkgoTB() to docs [4a2c832]
+- Add GinkgoTB() function (#1333) [92b6744]
+
+### Fixes
+- Fix typo in internal/suite.go (#1332) [beb9507]
+- Fix typo in docs/index.md (#1319) [4ac3a13]
+- allow wasm to compile with ginkgo present (#1311) [b2e5bc5]
+
+### Maintenance
+- Bump golang.org/x/tools from 0.16.0 to 0.16.1 (#1316) [465a8ec]
+- Bump actions/setup-go from 4 to 5 (#1313) [eab0e40]
+- Bump github/codeql-action from 2 to 3 (#1317) [fbf9724]
+- Bump golang.org/x/crypto (#1318) [3ee80ee]
+- Bump golang.org/x/tools from 0.14.0 to 0.16.0 (#1306) [123e1d5]
+- Bump github.com/onsi/gomega from 1.29.0 to 1.30.0 (#1297) [558f6e0]
+- Bump golang.org/x/net from 0.17.0 to 0.19.0 (#1307) [84ff7f3]
+
 ## 2.13.2
 
 ### Fixes
diff --git a/vendor/github.com/onsi/ginkgo/v2/ginkgo/internal/profiles_and_reports.go b/vendor/github.com/onsi/ginkgo/v2/ginkgo/internal/profiles_and_reports.go
index bd3c6d0287a..26de28b5707 100644
--- a/vendor/github.com/onsi/ginkgo/v2/ginkgo/internal/profiles_and_reports.go
+++ b/vendor/github.com/onsi/ginkgo/v2/ginkgo/internal/profiles_and_reports.go
@@ -144,7 +144,7 @@ func FinalizeProfilesAndReportsForSuites(suites TestSuites, cliConfig types.CLIC
 	return messages, nil
 }
 
-//loads each profile, combines them, deletes them, stores them in destination
+// loads each profile, combines them, deletes them, stores them in destination
 func MergeAndCleanupCoverProfiles(profiles []string, destination string) error {
 	combined := &bytes.Buffer{}
 	modeRegex := regexp.MustCompile(`^mode: .*\n`)
@@ -184,7 +184,7 @@ func GetCoverageFromCoverProfile(profile string) (float64, error) {
 	cmd := exec.Command("go", "tool", "cover", "-func", profile)
 	output, err := cmd.CombinedOutput()
 	if err != nil {
-		return 0, fmt.Errorf("Could not process Coverprofile %s: %s", profile, err.Error())
+		return 0, fmt.Errorf("Could not process Coverprofile %s: %s - %s", profile, err.Error(), string(output))
 	}
 	re := regexp.MustCompile(`total:\s*\(statements\)\s*(\d*\.\d*)\%`)
 	matches := re.FindStringSubmatch(string(output))
diff --git a/vendor/github.com/onsi/ginkgo/v2/ginkgo/outline/ginkgo.go b/vendor/github.com/onsi/ginkgo/v2/ginkgo/outline/ginkgo.go
index 958daccbfa8..5d8d00bb17f 100644
--- a/vendor/github.com/onsi/ginkgo/v2/ginkgo/outline/ginkgo.go
+++ b/vendor/github.com/onsi/ginkgo/v2/ginkgo/outline/ginkgo.go
@@ -1,10 +1,11 @@
 package outline
 
 import (
-	"github.com/onsi/ginkgo/v2/types"
 	"go/ast"
 	"go/token"
 	"strconv"
+
+	"github.com/onsi/ginkgo/v2/types"
 )
 
 const (
diff --git a/vendor/github.com/onsi/ginkgo/v2/ginkgo/outline/import.go b/vendor/github.com/onsi/ginkgo/v2/ginkgo/outline/import.go
index 67ec5ab7579..f0a6b5d26cd 100644
--- a/vendor/github.com/onsi/ginkgo/v2/ginkgo/outline/import.go
+++ b/vendor/github.com/onsi/ginkgo/v2/ginkgo/outline/import.go
@@ -28,14 +28,7 @@ func packageNameForImport(f *ast.File, path string) *string {
 	}
 	name := spec.Name.String()
 	if name == "<nil>" {
-		// If the package name is not explicitly specified,
-		// make an educated guess. This is not guaranteed to be correct.
-		lastSlash := strings.LastIndex(path, "/")
-		if lastSlash == -1 {
-			name = path
-		} else {
-			name = path[lastSlash+1:]
-		}
+		name = "ginkgo"
 	}
 	if name == "." {
 		name = ""
diff --git a/vendor/github.com/onsi/ginkgo/v2/ginkgo_t_dsl.go b/vendor/github.com/onsi/ginkgo/v2/ginkgo_t_dsl.go
index 28447ffdd26..02c6739e5be 100644
--- a/vendor/github.com/onsi/ginkgo/v2/ginkgo_t_dsl.go
+++ b/vendor/github.com/onsi/ginkgo/v2/ginkgo_t_dsl.go
@@ -1,7 +1,10 @@
 package ginkgo
 
 import (
+	"testing"
+
 	"github.com/onsi/ginkgo/v2/internal/testingtproxy"
+	"github.com/onsi/ginkgo/v2/types"
 )
 
 /*
@@ -12,10 +15,15 @@ GinkgoT() is analogous to *testing.T and implements the majority of *testing.T's
 GinkgoT() takes an optional offset argument that can be used to get the
 correct line number associated with the failure - though you do not need to use this if you call GinkgoHelper() or GinkgoT().Helper() appropriately
 
+GinkgoT() attempts to mimic the behavior of `testing.T` with the exception of the following:
+
+- Error/Errorf: failures in Ginkgo always immediately stop execution and there is no mechanism to log a failure without aborting the test.  As such Error/Errorf are equivalent to Fatal/Fatalf.
+- Parallel() is a no-op as Ginkgo's multi-process parallelism model is substantially different from go test's in-process model.
+
 You can learn more here: https://onsi.github.io/ginkgo/#using-third-party-libraries
 */
 func GinkgoT(optionalOffset ...int) FullGinkgoTInterface {
-	offset := 3
+	offset := 1
 	if len(optionalOffset) > 0 {
 		offset = optionalOffset[0]
 	}
@@ -41,21 +49,21 @@ The portion of the interface returned by GinkgoT() that maps onto methods in the
 type GinkgoTInterface interface {
 	Cleanup(func())
 	Setenv(kev, value string)
-	Error(args ...interface{})
-	Errorf(format string, args ...interface{})
+	Error(args ...any)
+	Errorf(format string, args ...any)
 	Fail()
 	FailNow()
 	Failed() bool
-	Fatal(args ...interface{})
-	Fatalf(format string, args ...interface{})
+	Fatal(args ...any)
+	Fatalf(format string, args ...any)
 	Helper()
-	Log(args ...interface{})
-	Logf(format string, args ...interface{})
+	Log(args ...any)
+	Logf(format string, args ...any)
 	Name() string
 	Parallel()
-	Skip(args ...interface{})
+	Skip(args ...any)
 	SkipNow()
-	Skipf(format string, args ...interface{})
+	Skipf(format string, args ...any)
 	Skipped() bool
 	TempDir() string
 }
@@ -71,9 +79,9 @@ type FullGinkgoTInterface interface {
 	AddReportEntryVisibilityNever(name string, args ...any)
 
 	//Prints to the GinkgoWriter
-	Print(a ...interface{})
-	Printf(format string, a ...interface{})
-	Println(a ...interface{})
+	Print(a ...any)
+	Printf(format string, a ...any)
+	Println(a ...any)
 
 	//Provides access to Ginkgo's color formatting, correctly configured to match the color settings specified in the invocation of ginkgo
 	F(format string, args ...any) string
@@ -92,3 +100,81 @@ type FullGinkgoTInterface interface {
 
 	AttachProgressReporter(func() string) func()
 }
+
+/*
+GinkgoTB() implements a wrapper that exactly matches the testing.TB interface.
+
+In go 1.18 a new private() function was added to the testing.TB interface. Any function which accepts testing.TB as input needs to be passed in something that directly implements testing.TB.
+
+This wrapper satisfies the testing.TB interface and intended to be used as a drop-in replacement with third party libraries that accept testing.TB.
+
+Similar to GinkgoT(), GinkgoTB() takes an optional offset argument that can be used to get the
+correct line number associated with the failure - though you do not need to use this if you call GinkgoHelper() or GinkgoT().Helper() appropriately
+*/
+func GinkgoTB(optionalOffset ...int) *GinkgoTBWrapper {
+	offset := 2
+	if len(optionalOffset) > 0 {
+		offset = optionalOffset[0]
+	}
+	return &GinkgoTBWrapper{GinkgoT: GinkgoT(offset)}
+}
+
+type GinkgoTBWrapper struct {
+	testing.TB
+	GinkgoT FullGinkgoTInterface
+}
+
+func (g *GinkgoTBWrapper) Cleanup(f func()) {
+	g.GinkgoT.Cleanup(f)
+}
+func (g *GinkgoTBWrapper) Error(args ...any) {
+	g.GinkgoT.Error(args...)
+}
+func (g *GinkgoTBWrapper) Errorf(format string, args ...any) {
+	g.GinkgoT.Errorf(format, args...)
+}
+func (g *GinkgoTBWrapper) Fail() {
+	g.GinkgoT.Fail()
+}
+func (g *GinkgoTBWrapper) FailNow() {
+	g.GinkgoT.FailNow()
+}
+func (g *GinkgoTBWrapper) Failed() bool {
+	return g.GinkgoT.Failed()
+}
+func (g *GinkgoTBWrapper) Fatal(args ...any) {
+	g.GinkgoT.Fatal(args...)
+}
+func (g *GinkgoTBWrapper) Fatalf(format string, args ...any) {
+	g.GinkgoT.Fatalf(format, args...)
+}
+func (g *GinkgoTBWrapper) Helper() {
+	types.MarkAsHelper(1)
+}
+func (g *GinkgoTBWrapper) Log(args ...any) {
+	g.GinkgoT.Log(args...)
+}
+func (g *GinkgoTBWrapper) Logf(format string, args ...any) {
+	g.GinkgoT.Logf(format, args...)
+}
+func (g *GinkgoTBWrapper) Name() string {
+	return g.GinkgoT.Name()
+}
+func (g *GinkgoTBWrapper) Setenv(key, value string) {
+	g.GinkgoT.Setenv(key, value)
+}
+func (g *GinkgoTBWrapper) Skip(args ...any) {
+	g.GinkgoT.Skip(args...)
+}
+func (g *GinkgoTBWrapper) SkipNow() {
+	g.GinkgoT.SkipNow()
+}
+func (g *GinkgoTBWrapper) Skipf(format string, args ...any) {
+	g.GinkgoT.Skipf(format, args...)
+}
+func (g *GinkgoTBWrapper) Skipped() bool {
+	return g.GinkgoT.Skipped()
+}
+func (g *GinkgoTBWrapper) TempDir() string {
+	return g.GinkgoT.TempDir()
+}
diff --git a/vendor/github.com/onsi/ginkgo/v2/internal/output_interceptor_wasm.go b/vendor/github.com/onsi/ginkgo/v2/internal/output_interceptor_wasm.go
new file mode 100644
index 00000000000..4c374935b8a
--- /dev/null
+++ b/vendor/github.com/onsi/ginkgo/v2/internal/output_interceptor_wasm.go
@@ -0,0 +1,7 @@
+//go:build wasm
+
+package internal
+
+func NewOutputInterceptor() OutputInterceptor {
+	return &NoopOutputInterceptor{}
+}
diff --git a/vendor/github.com/onsi/ginkgo/v2/internal/progress_report_wasm.go b/vendor/github.com/onsi/ginkgo/v2/internal/progress_report_wasm.go
new file mode 100644
index 00000000000..8c53fe0adad
--- /dev/null
+++ b/vendor/github.com/onsi/ginkgo/v2/internal/progress_report_wasm.go
@@ -0,0 +1,10 @@
+//go:build wasm
+
+package internal
+
+import (
+	"os"
+	"syscall"
+)
+
+var PROGRESS_SIGNALS = []os.Signal{syscall.SIGUSR1}
diff --git a/vendor/github.com/onsi/ginkgo/v2/internal/spec_context.go b/vendor/github.com/onsi/ginkgo/v2/internal/spec_context.go
index 2515b84a140..2d2ea2fc357 100644
--- a/vendor/github.com/onsi/ginkgo/v2/internal/spec_context.go
+++ b/vendor/github.com/onsi/ginkgo/v2/internal/spec_context.go
@@ -17,7 +17,7 @@ type specContext struct {
 	context.Context
 	*ProgressReporterManager
 
-	cancel context.CancelFunc
+	cancel context.CancelCauseFunc
 
 	suite *Suite
 }
@@ -30,7 +30,7 @@ Note that while SpecContext is used to enforce deadlines by Ginkgo it is not con
 This is because Ginkgo needs finer control over when the context is canceled.  Specifically, Ginkgo needs to generate a ProgressReport before it cancels the context to ensure progress is captured where the spec is currently running.  The only way to avoid a race here is to manually control the cancellation.
 */
 func NewSpecContext(suite *Suite) *specContext {
-	ctx, cancel := context.WithCancel(context.Background())
+	ctx, cancel := context.WithCancelCause(context.Background())
 	sc := &specContext{
 		cancel:                  cancel,
 		suite:                   suite,
diff --git a/vendor/github.com/onsi/ginkgo/v2/internal/suite.go b/vendor/github.com/onsi/ginkgo/v2/internal/suite.go
index fe6e8288ad9..2b4db48af87 100644
--- a/vendor/github.com/onsi/ginkgo/v2/internal/suite.go
+++ b/vendor/github.com/onsi/ginkgo/v2/internal/suite.go
@@ -79,7 +79,7 @@ func NewSuite() *Suite {
 
 func (suite *Suite) Clone() (*Suite, error) {
 	if suite.phase != PhaseBuildTopLevel {
-		return nil, fmt.Errorf("cnanot clone suite after tree has been built")
+		return nil, fmt.Errorf("cannot clone suite after tree has been built")
 	}
 	return &Suite{
 		tree:                    &TreeNode{},
@@ -858,7 +858,7 @@ func (suite *Suite) runNode(node Node, specDeadline time.Time, text string) (typ
 	}
 
 	sc := NewSpecContext(suite)
-	defer sc.cancel()
+	defer sc.cancel(fmt.Errorf("spec has finished"))
 
 	suite.selectiveLock.Lock()
 	suite.currentSpecContext = sc
@@ -958,7 +958,7 @@ func (suite *Suite) runNode(node Node, specDeadline time.Time, text string) (typ
 
 			// tell the spec to stop.  it's important we generate the progress report first to make sure we capture where
 			// the spec is actually stuck
-			sc.cancel()
+			sc.cancel(fmt.Errorf("%s timeout occurred", timeoutInPlay))
 			//and now we wait for the grace period
 			gracePeriodChannel = time.After(gracePeriod)
 		case <-interruptStatus.Channel:
@@ -985,7 +985,7 @@ func (suite *Suite) runNode(node Node, specDeadline time.Time, text string) (typ
 			}
 
 			progressReport = progressReport.WithoutOtherGoroutines()
-			sc.cancel()
+			sc.cancel(fmt.Errorf(interruptStatus.Message()))
 
 			if interruptStatus.Level == interrupt_handler.InterruptLevelBailOut {
 				if interruptStatus.ShouldIncludeProgressReport() {
diff --git a/vendor/github.com/onsi/ginkgo/v2/reporters/junit_report.go b/vendor/github.com/onsi/ginkgo/v2/reporters/junit_report.go
index 816042208c0..43244a9bd51 100644
--- a/vendor/github.com/onsi/ginkgo/v2/reporters/junit_report.go
+++ b/vendor/github.com/onsi/ginkgo/v2/reporters/junit_report.go
@@ -15,6 +15,7 @@ import (
 	"fmt"
 	"os"
 	"path"
+	"regexp"
 	"strings"
 
 	"github.com/onsi/ginkgo/v2/config"
@@ -104,6 +105,8 @@ type JUnitProperty struct {
 	Value string `xml:"value,attr"`
 }
 
+var ownerRE = regexp.MustCompile(`(?i)^owner:(.*)$`)
+
 type JUnitTestCase struct {
 	// Name maps onto the full text of the spec - equivalent to "[SpecReport.LeafNodeType] SpecReport.FullText()"
 	Name string `xml:"name,attr"`
@@ -113,6 +116,8 @@ type JUnitTestCase struct {
 	Status string `xml:"status,attr"`
 	// Time is the time in seconds to execute the spec - maps onto SpecReport.RunTime
 	Time float64 `xml:"time,attr"`
+	// Owner is the owner the spec - is set if a label matching Label("owner:X") is provided.  The last matching label is used as the owner, thereby allowing specs to override owners specified in container nodes.
+	Owner string `xml:"owner,attr,omitempty"`
 	//Skipped is populated with a message if the test was skipped or pending
 	Skipped *JUnitSkipped `xml:"skipped,omitempty"`
 	//Error is populated if the test panicked or was interrupted
@@ -195,6 +200,12 @@ func GenerateJUnitReportWithConfig(report types.Report, dst string, config Junit
 		if len(labels) > 0 && !config.OmitSpecLabels {
 			name = name + " [" + strings.Join(labels, ", ") + "]"
 		}
+		owner := ""
+		for _, label := range labels {
+			if matches := ownerRE.FindStringSubmatch(label); len(matches) == 2 {
+				owner = matches[1]
+			}
+		}
 		name = strings.TrimSpace(name)
 
 		test := JUnitTestCase{
@@ -202,6 +213,7 @@ func GenerateJUnitReportWithConfig(report types.Report, dst string, config Junit
 			Classname: report.SuiteDescription,
 			Status:    spec.State.String(),
 			Time:      spec.RunTime.Seconds(),
+			Owner:     owner,
 		}
 		if !spec.State.Is(config.OmitTimelinesForSpecState) {
 			test.SystemErr = systemErrForUnstructuredReporters(spec)
diff --git a/vendor/github.com/onsi/ginkgo/v2/table_dsl.go b/vendor/github.com/onsi/ginkgo/v2/table_dsl.go
index ac9b7abb5ee..a3aef821bff 100644
--- a/vendor/github.com/onsi/ginkgo/v2/table_dsl.go
+++ b/vendor/github.com/onsi/ginkgo/v2/table_dsl.go
@@ -46,7 +46,7 @@ And can explore some Table patterns here: https://onsi.github.io/ginkgo/#table-s
 */
 func DescribeTable(description string, args ...interface{}) bool {
 	GinkgoHelper()
-	generateTable(description, args...)
+	generateTable(description, false, args...)
 	return true
 }
 
@@ -56,7 +56,7 @@ You can focus a table with `FDescribeTable`.  This is equivalent to `FDescribe`.
 func FDescribeTable(description string, args ...interface{}) bool {
 	GinkgoHelper()
 	args = append(args, internal.Focus)
-	generateTable(description, args...)
+	generateTable(description, false, args...)
 	return true
 }
 
@@ -66,7 +66,7 @@ You can mark a table as pending with `PDescribeTable`.  This is equivalent to `P
 func PDescribeTable(description string, args ...interface{}) bool {
 	GinkgoHelper()
 	args = append(args, internal.Pending)
-	generateTable(description, args...)
+	generateTable(description, false, args...)
 	return true
 }
 
@@ -75,6 +75,71 @@ You can mark a table as pending with `XDescribeTable`.  This is equivalent to `X
 */
 var XDescribeTable = PDescribeTable
 
+/*
+DescribeTableSubtree describes a table-driven spec that generates a set of tests for each entry.
+
+For example:
+
+	DescribeTableSubtree("a subtree table",
+	    func(url string, code int, message string) {
+			var resp *http.Response
+			BeforeEach(func() {
+				var err error
+				resp, err = http.Get(url)
+				Expect(err).NotTo(HaveOccurred())
+				DeferCleanup(resp.Body.Close)
+			})
+
+			It("should return the expected status code", func() {
+				Expect(resp.StatusCode).To(Equal(code))
+			})
+
+			It("should return the expected message", func() {
+				body, err := ioutil.ReadAll(resp.Body)
+				Expect(err).NotTo(HaveOccurred())
+				Expect(string(body)).To(Equal(message))
+			})
+	    },
+	    Entry("default response", "example.com/response", http.StatusOK, "hello world"),
+	    Entry("missing response", "example.com/missing", http.StatusNotFound, "wat?"),
+	)
+
+Note that you **must** place define an It inside the body function.
+
+You can learn more about DescribeTableSubtree here: https://onsi.github.io/ginkgo/#table-specs
+And can explore some Table patterns here: https://onsi.github.io/ginkgo/#table-specs-patterns
+*/
+func DescribeTableSubtree(description string, args ...interface{}) bool {
+	GinkgoHelper()
+	generateTable(description, true, args...)
+	return true
+}
+
+/*
+You can focus a table with `FDescribeTableSubtree`.  This is equivalent to `FDescribe`.
+*/
+func FDescribeTableSubtree(description string, args ...interface{}) bool {
+	GinkgoHelper()
+	args = append(args, internal.Focus)
+	generateTable(description, true, args...)
+	return true
+}
+
+/*
+You can mark a table as pending with `PDescribeTableSubtree`.  This is equivalent to `PDescribe`.
+*/
+func PDescribeTableSubtree(description string, args ...interface{}) bool {
+	GinkgoHelper()
+	args = append(args, internal.Pending)
+	generateTable(description, true, args...)
+	return true
+}
+
+/*
+You can mark a table as pending with `XDescribeTableSubtree`.  This is equivalent to `XDescribe`.
+*/
+var XDescribeTableSubtree = PDescribeTableSubtree
+
 /*
 TableEntry represents an entry in a table test.  You generally use the `Entry` constructor.
 */
@@ -131,14 +196,14 @@ var XEntry = PEntry
 var contextType = reflect.TypeOf(new(context.Context)).Elem()
 var specContextType = reflect.TypeOf(new(SpecContext)).Elem()
 
-func generateTable(description string, args ...interface{}) {
+func generateTable(description string, isSubtree bool, args ...interface{}) {
 	GinkgoHelper()
 	cl := types.NewCodeLocation(0)
 	containerNodeArgs := []interface{}{cl}
 
 	entries := []TableEntry{}
-	var itBody interface{}
-	var itBodyType reflect.Type
+	var internalBody interface{}
+	var internalBodyType reflect.Type
 
 	var tableLevelEntryDescription interface{}
 	tableLevelEntryDescription = func(args ...interface{}) string {
@@ -166,11 +231,11 @@ func generateTable(description string, args ...interface{}) {
 		case t.Kind() == reflect.Func && t.NumOut() == 1 && t.Out(0) == reflect.TypeOf(""):
 			tableLevelEntryDescription = arg
 		case t.Kind() == reflect.Func:
-			if itBody != nil {
+			if internalBody != nil {
 				exitIfErr(types.GinkgoErrors.MultipleEntryBodyFunctionsForTable(cl))
 			}
-			itBody = arg
-			itBodyType = reflect.TypeOf(itBody)
+			internalBody = arg
+			internalBodyType = reflect.TypeOf(internalBody)
 		default:
 			containerNodeArgs = append(containerNodeArgs, arg)
 		}
@@ -200,39 +265,47 @@ func generateTable(description string, args ...interface{}) {
 				err = types.GinkgoErrors.InvalidEntryDescription(entry.codeLocation)
 			}
 
-			itNodeArgs := []interface{}{entry.codeLocation}
-			itNodeArgs = append(itNodeArgs, entry.decorations...)
+			internalNodeArgs := []interface{}{entry.codeLocation}
+			internalNodeArgs = append(internalNodeArgs, entry.decorations...)
 
 			hasContext := false
-			if itBodyType.NumIn() > 0. {
-				if itBodyType.In(0).Implements(specContextType) {
+			if internalBodyType.NumIn() > 0. {
+				if internalBodyType.In(0).Implements(specContextType) {
 					hasContext = true
-				} else if itBodyType.In(0).Implements(contextType) && (len(entry.parameters) == 0 || !reflect.TypeOf(entry.parameters[0]).Implements(contextType)) {
+				} else if internalBodyType.In(0).Implements(contextType) && (len(entry.parameters) == 0 || !reflect.TypeOf(entry.parameters[0]).Implements(contextType)) {
 					hasContext = true
 				}
 			}
 
 			if err == nil {
-				err = validateParameters(itBody, entry.parameters, "Table Body function", entry.codeLocation, hasContext)
+				err = validateParameters(internalBody, entry.parameters, "Table Body function", entry.codeLocation, hasContext)
 			}
 
 			if hasContext {
-				itNodeArgs = append(itNodeArgs, func(c SpecContext) {
+				internalNodeArgs = append(internalNodeArgs, func(c SpecContext) {
 					if err != nil {
 						panic(err)
 					}
-					invokeFunction(itBody, append([]interface{}{c}, entry.parameters...))
+					invokeFunction(internalBody, append([]interface{}{c}, entry.parameters...))
 				})
+				if isSubtree {
+					exitIfErr(types.GinkgoErrors.ContextsCannotBeUsedInSubtreeTables(cl))
+				}
 			} else {
-				itNodeArgs = append(itNodeArgs, func() {
+				internalNodeArgs = append(internalNodeArgs, func() {
 					if err != nil {
 						panic(err)
 					}
-					invokeFunction(itBody, entry.parameters)
+					invokeFunction(internalBody, entry.parameters)
 				})
 			}
 
-			pushNode(internal.NewNode(deprecationTracker, types.NodeTypeIt, description, itNodeArgs...))
+			internalNodeType := types.NodeTypeIt
+			if isSubtree {
+				internalNodeType = types.NodeTypeContainer
+			}
+
+			pushNode(internal.NewNode(deprecationTracker, internalNodeType, description, internalNodeArgs...))
 		}
 	})
 
diff --git a/vendor/github.com/onsi/ginkgo/v2/types/errors.go b/vendor/github.com/onsi/ginkgo/v2/types/errors.go
index 4fbdc3e9b1d..6bb72d00ccd 100644
--- a/vendor/github.com/onsi/ginkgo/v2/types/errors.go
+++ b/vendor/github.com/onsi/ginkgo/v2/types/errors.go
@@ -505,6 +505,15 @@ func (g ginkgoErrors) IncorrectVariadicParameterTypeToTableFunction(expected, ac
 	}
 }
 
+func (g ginkgoErrors) ContextsCannotBeUsedInSubtreeTables(cl CodeLocation) error {
+	return GinkgoError{
+		Heading:      "Contexts cannot be used in subtree tables",
+		Message:      "You''ve defined a subtree body function that accepts a context but did not provide one in the table entry.  Ginkgo SpecContexts can only be passed in to subject and setup nodes - so if you are trying to implement a spec timeout you should request a context in the It function within your subtree body function, not in the subtree body function itself.",
+		CodeLocation: cl,
+		DocLink:      "table-specs",
+	}
+}
+
 /* Parallel Synchronization errors */
 
 func (g ginkgoErrors) AggregatedReportUnavailableDueToNodeDisappearing() error {
diff --git a/vendor/github.com/onsi/ginkgo/v2/types/version.go b/vendor/github.com/onsi/ginkgo/v2/types/version.go
index a4a1524b4fd..ed934647454 100644
--- a/vendor/github.com/onsi/ginkgo/v2/types/version.go
+++ b/vendor/github.com/onsi/ginkgo/v2/types/version.go
@@ -1,3 +1,3 @@
 package types
 
-const VERSION = "2.13.2"
+const VERSION = "2.15.0"
diff --git a/vendor/github.com/onsi/gomega/CHANGELOG.md b/vendor/github.com/onsi/gomega/CHANGELOG.md
index fe72a7b183f..fece58b1110 100644
--- a/vendor/github.com/onsi/gomega/CHANGELOG.md
+++ b/vendor/github.com/onsi/gomega/CHANGELOG.md
@@ -1,3 +1,17 @@
+## 1.31.0
+
+### Features
+- Async assertions include context cancellation cause if present [121c37f]
+
+### Maintenance
+- Bump minimum go version [dee1e3c]
+- docs: fix typo in example usage "occured" -> "occurred" [49005fe]
+- Bump actions/setup-go from 4 to 5 (#714) [f1c8757]
+- Bump github/codeql-action from 2 to 3 (#715) [9836e76]
+- Bump github.com/onsi/ginkgo/v2 from 2.13.0 to 2.13.2 (#713) [54726f0]
+- Bump golang.org/x/net from 0.17.0 to 0.19.0 (#711) [df97ecc]
+- docs: fix `HaveExactElement` typo (#712) [a672c86]
+
 ## 1.30.0
 
 ### Features
diff --git a/vendor/github.com/onsi/gomega/gomega_dsl.go b/vendor/github.com/onsi/gomega/gomega_dsl.go
index c271a366ae0..4f7ab2791b4 100644
--- a/vendor/github.com/onsi/gomega/gomega_dsl.go
+++ b/vendor/github.com/onsi/gomega/gomega_dsl.go
@@ -22,7 +22,7 @@ import (
 	"github.com/onsi/gomega/types"
 )
 
-const GOMEGA_VERSION = "1.30.0"
+const GOMEGA_VERSION = "1.31.0"
 
 const nilGomegaPanic = `You are trying to make an assertion, but haven't registered Gomega's fail handler.
 If you're using Ginkgo then you probably forgot to put your assertion in an It().
diff --git a/vendor/github.com/onsi/gomega/internal/async_assertion.go b/vendor/github.com/onsi/gomega/internal/async_assertion.go
index 1188b0bce37..cde9e2ec8bd 100644
--- a/vendor/github.com/onsi/gomega/internal/async_assertion.go
+++ b/vendor/github.com/onsi/gomega/internal/async_assertion.go
@@ -553,7 +553,12 @@ func (assertion *AsyncAssertion) match(matcher types.GomegaMatcher, desiredMatch
 				lock.Unlock()
 			}
 		case <-contextDone:
-			fail("Context was cancelled")
+			err := context.Cause(assertion.ctx)
+			if err != nil && err != context.Canceled {
+				fail(fmt.Sprintf("Context was cancelled (cause: %s)", err))
+			} else {
+				fail("Context was cancelled")
+			}
 			return false
 		case <-timeout:
 			if assertion.asyncType == AsyncAssertionTypeEventually {
diff --git a/vendor/github.com/onsi/gomega/matchers.go b/vendor/github.com/onsi/gomega/matchers.go
index 43f994374da..8860d677fc8 100644
--- a/vendor/github.com/onsi/gomega/matchers.go
+++ b/vendor/github.com/onsi/gomega/matchers.go
@@ -394,7 +394,7 @@ func ConsistOf(elements ...interface{}) types.GomegaMatcher {
 	}
 }
 
-// HaveExactElemets succeeds if actual contains elements that precisely match the elemets passed into the matcher. The ordering of the elements does matter.
+// HaveExactElements succeeds if actual contains elements that precisely match the elemets passed into the matcher. The ordering of the elements does matter.
 // By default HaveExactElements() uses Equal() to match the elements, however custom matchers can be passed in instead.  Here are some examples:
 //
 //	Expect([]string{"Foo", "FooBar"}).Should(HaveExactElements("Foo", "FooBar"))
diff --git a/vendor/github.com/pierrec/lz4/v4/README.md b/vendor/github.com/pierrec/lz4/v4/README.md
index 4629c9d0e03..dee77545b0c 100644
--- a/vendor/github.com/pierrec/lz4/v4/README.md
+++ b/vendor/github.com/pierrec/lz4/v4/README.md
@@ -21,7 +21,7 @@ go get github.com/pierrec/lz4/v4
 There is a command line interface tool to compress and decompress LZ4 files.
 
 ```
-go install github.com/pierrec/lz4/v4/cmd/lz4c
+go install github.com/pierrec/lz4/v4/cmd/lz4c@latest
 ```
 
 Usage
diff --git a/vendor/github.com/pierrec/lz4/v4/compressing_reader.go b/vendor/github.com/pierrec/lz4/v4/compressing_reader.go
new file mode 100644
index 00000000000..8df0dc76d00
--- /dev/null
+++ b/vendor/github.com/pierrec/lz4/v4/compressing_reader.go
@@ -0,0 +1,222 @@
+package lz4
+
+import (
+	"errors"
+	"io"
+
+	"github.com/pierrec/lz4/v4/internal/lz4block"
+	"github.com/pierrec/lz4/v4/internal/lz4errors"
+	"github.com/pierrec/lz4/v4/internal/lz4stream"
+)
+
+type crState int
+
+const (
+	crStateInitial crState = iota
+	crStateReading 
+	crStateFlushing
+	crStateDone
+)
+
+type CompressingReader struct {
+	state crState
+	src io.ReadCloser // source reader
+	level lz4block.CompressionLevel // how hard to try
+	frame *lz4stream.Frame // frame being built
+	in []byte
+	out ovWriter
+	handler func(int)
+}
+
+// NewCompressingReader creates a reader which reads compressed data from
+// raw stream. This makes it a logical opposite of a normal lz4.Reader.
+// We require an io.ReadCloser as an underlying source for compatibility
+// with Go's http.Request.
+func NewCompressingReader(src io.ReadCloser) *CompressingReader {
+	zrd := &CompressingReader {
+		frame: lz4stream.NewFrame(),
+	}
+
+	_ = zrd.Apply(DefaultBlockSizeOption, DefaultChecksumOption, defaultOnBlockDone)
+	zrd.Reset(src)
+
+	return zrd
+}
+
+// Source exposes the underlying source stream for introspection and control.
+func (zrd *CompressingReader) Source() io.ReadCloser {
+	return zrd.src
+}
+
+// Close simply invokes the underlying stream Close method. This method is
+// provided for the benefit of Go http client/server, which relies on Close
+// for goroutine termination.
+func (zrd *CompressingReader) Close() error {
+	return zrd.src.Close()
+}
+
+// Apply applies useful options to the lz4 encoder.
+func (zrd *CompressingReader) Apply(options ...Option) (err error) {
+	if zrd.state != crStateInitial {
+		return lz4errors.ErrOptionClosedOrError
+	}
+
+	zrd.Reset(zrd.src)
+
+	for _, o := range options {
+		if err = o(zrd); err != nil {
+			return
+		}
+	}
+	return
+}
+
+func (*CompressingReader) private() {}
+
+func (zrd *CompressingReader) init() error {
+	zrd.frame.InitW(&zrd.out, 1, false)
+	size := zrd.frame.Descriptor.Flags.BlockSizeIndex()
+	zrd.in = size.Get()
+	return zrd.frame.Descriptor.Write(zrd.frame, &zrd.out)
+}
+
+// Read allows reading of lz4 compressed data
+func (zrd *CompressingReader) Read(p []byte) (n int, err error) {
+	defer func() {
+		if err != nil {
+			zrd.state = crStateDone
+		}
+	}()
+
+	if !zrd.out.reset(p) {
+		return len(p), nil
+	}
+
+	switch zrd.state {
+	case crStateInitial:
+		err = zrd.init()
+		if err != nil {
+			return
+		}
+		zrd.state = crStateReading
+	case crStateDone:
+		return 0, errors.New("This reader is done")
+	case crStateFlushing:
+		if zrd.out.dataPos > 0 {
+			n = zrd.out.dataPos
+			zrd.out.data = nil
+			zrd.out.dataPos = 0
+			return
+		} else {
+			zrd.state = crStateDone
+			return 0, io.EOF
+		}
+	}
+
+	for zrd.state == crStateReading {
+		block := zrd.frame.Blocks.Block
+
+		var rCount int
+		rCount, err = io.ReadFull(zrd.src, zrd.in)
+		switch err {
+		case nil:
+			err = block.Compress(
+				zrd.frame, zrd.in[ : rCount], zrd.level,
+			).Write(zrd.frame, &zrd.out)
+			zrd.handler(len(block.Data))
+			if err != nil {
+				return
+			}
+
+			if zrd.out.dataPos == len(zrd.out.data) {
+				n = zrd.out.dataPos
+				zrd.out.dataPos = 0
+				zrd.out.data = nil
+				return
+			}
+		case io.EOF, io.ErrUnexpectedEOF: // read may be partial
+			if rCount > 0 {
+				err = block.Compress(
+					zrd.frame, zrd.in[ : rCount], zrd.level,
+				).Write(zrd.frame, &zrd.out)
+				zrd.handler(len(block.Data))
+				if err != nil {
+					return
+				}
+			}
+
+			err = zrd.frame.CloseW(&zrd.out, 1)
+			if err != nil {
+				return
+			}
+			zrd.state = crStateFlushing
+
+			n = zrd.out.dataPos
+			zrd.out.dataPos = 0
+			zrd.out.data = nil
+			return
+		default:
+			return
+		}
+	}
+
+	err = lz4errors.ErrInternalUnhandledState
+	return
+}
+
+// Reset makes the stream usable again; mostly handy to reuse lz4 encoder
+// instances.
+func (zrd *CompressingReader) Reset(src io.ReadCloser) {
+	zrd.frame.Reset(1)
+	zrd.state = crStateInitial
+	zrd.src = src
+	zrd.out.clear()
+}
+
+type ovWriter struct {
+	data []byte
+	ov []byte
+	dataPos int
+	ovPos int
+}
+
+func (wr *ovWriter) Write(p []byte) (n int, err error) {
+	count := copy(wr.data[wr.dataPos : ], p)
+	wr.dataPos += count
+
+	if count < len(p) {
+		wr.ov = append(wr.ov, p[count : ]...)
+	}
+
+	return len(p), nil
+}
+
+func (wr *ovWriter) reset(out []byte) bool {
+	ovRem := len(wr.ov) - wr.ovPos
+
+	if ovRem >= len(out) {
+		wr.ovPos += copy(out, wr.ov[wr.ovPos : ])
+		return false
+	}
+
+	if ovRem > 0 {
+		copy(out, wr.ov[wr.ovPos : ])
+		wr.ov = wr.ov[ : 0]
+		wr.ovPos = 0
+		wr.dataPos = ovRem
+	} else if wr.ovPos > 0 {
+		wr.ov = wr.ov[ : 0]
+		wr.ovPos = 0
+		wr.dataPos = 0
+	}
+
+	wr.data = out
+	return true
+}
+
+func (wr *ovWriter) clear() {
+	wr.data = nil
+	wr.dataPos = 0
+	wr.ov = wr.ov[ : 0]
+	wr.ovPos = 0
+}
diff --git a/vendor/github.com/pierrec/lz4/v4/internal/lz4block/blocks.go b/vendor/github.com/pierrec/lz4/v4/internal/lz4block/blocks.go
index a1bfa99e4b4..138083d9479 100644
--- a/vendor/github.com/pierrec/lz4/v4/internal/lz4block/blocks.go
+++ b/vendor/github.com/pierrec/lz4/v4/internal/lz4block/blocks.go
@@ -8,12 +8,9 @@ const (
 	Block256Kb
 	Block1Mb
 	Block4Mb
+	Block8Mb = 2 * Block4Mb
 )
 
-// In legacy mode all blocks are compressed regardless
-// of the compressed size: use the bound size.
-var Block8Mb = uint32(CompressBlockBound(8 << 20))
-
 var (
 	BlockPool64K  = sync.Pool{New: func() interface{} { return make([]byte, Block64Kb) }}
 	BlockPool256K = sync.Pool{New: func() interface{} { return make([]byte, Block256Kb) }}
diff --git a/vendor/github.com/pierrec/lz4/v4/internal/lz4stream/block.go b/vendor/github.com/pierrec/lz4/v4/internal/lz4stream/block.go
index 459086f09b2..e96465460c5 100644
--- a/vendor/github.com/pierrec/lz4/v4/internal/lz4stream/block.go
+++ b/vendor/github.com/pierrec/lz4/v4/internal/lz4stream/block.go
@@ -224,9 +224,7 @@ func (b *FrameDataBlock) Close(f *Frame) {
 func (b *FrameDataBlock) Compress(f *Frame, src []byte, level lz4block.CompressionLevel) *FrameDataBlock {
 	data := b.data
 	if f.isLegacy() {
-		// In legacy mode, the buffer is sized according to CompressBlockBound,
-		// but only 8Mb is buffered for compression.
-		src = src[:8<<20]
+		data = data[:cap(data)]
 	} else {
 		data = data[:len(src)] // trigger the incompressible flag in CompressBlock
 	}
diff --git a/vendor/github.com/pierrec/lz4/v4/options.go b/vendor/github.com/pierrec/lz4/v4/options.go
index 46a87380313..57a44e767dc 100644
--- a/vendor/github.com/pierrec/lz4/v4/options.go
+++ b/vendor/github.com/pierrec/lz4/v4/options.go
@@ -57,6 +57,13 @@ func BlockSizeOption(size BlockSize) Option {
 			}
 			w.frame.Descriptor.Flags.BlockSizeIndexSet(lz4block.Index(size))
 			return nil
+		case *CompressingReader:
+			size := uint32(size)
+			if !lz4block.IsValid(size) {
+				return fmt.Errorf("%w: %d", lz4errors.ErrOptionInvalidBlockSize, size)
+			}
+			w.frame.Descriptor.Flags.BlockSizeIndexSet(lz4block.Index(size))
+			return nil
 		}
 		return lz4errors.ErrOptionNotApplicable
 	}
@@ -72,6 +79,9 @@ func BlockChecksumOption(flag bool) Option {
 		case *Writer:
 			w.frame.Descriptor.Flags.BlockChecksumSet(flag)
 			return nil
+		case *CompressingReader:
+			w.frame.Descriptor.Flags.BlockChecksumSet(flag)
+			return nil
 		}
 		return lz4errors.ErrOptionNotApplicable
 	}
@@ -87,6 +97,9 @@ func ChecksumOption(flag bool) Option {
 		case *Writer:
 			w.frame.Descriptor.Flags.ContentChecksumSet(flag)
 			return nil
+		case *CompressingReader:
+			w.frame.Descriptor.Flags.ContentChecksumSet(flag)
+			return nil
 		}
 		return lz4errors.ErrOptionNotApplicable
 	}
@@ -104,6 +117,10 @@ func SizeOption(size uint64) Option {
 			w.frame.Descriptor.Flags.SizeSet(size > 0)
 			w.frame.Descriptor.ContentSize = size
 			return nil
+		case *CompressingReader:
+			w.frame.Descriptor.Flags.SizeSet(size > 0)
+			w.frame.Descriptor.ContentSize = size
+			return nil
 		}
 		return lz4errors.ErrOptionNotApplicable
 	}
@@ -162,6 +179,14 @@ func CompressionLevelOption(level CompressionLevel) Option {
 			}
 			w.level = lz4block.CompressionLevel(level)
 			return nil
+		case *CompressingReader:
+			switch level {
+			case Fast, Level1, Level2, Level3, Level4, Level5, Level6, Level7, Level8, Level9:
+			default:
+				return fmt.Errorf("%w: %d", lz4errors.ErrOptionInvalidCompressionLevel, level)
+			}
+			w.level = lz4block.CompressionLevel(level)
+			return nil
 		}
 		return lz4errors.ErrOptionNotApplicable
 	}
@@ -186,6 +211,9 @@ func OnBlockDoneOption(handler func(size int)) Option {
 		case *Reader:
 			rw.handler = handler
 			return nil
+		case *CompressingReader:
+			rw.handler = handler
+			return nil
 		}
 		return lz4errors.ErrOptionNotApplicable
 	}
diff --git a/vendor/github.com/prometheus/common/config/http_config.go b/vendor/github.com/prometheus/common/config/http_config.go
index 4763549b8ff..4a926e8d067 100644
--- a/vendor/github.com/prometheus/common/config/http_config.go
+++ b/vendor/github.com/prometheus/common/config/http_config.go
@@ -546,10 +546,10 @@ func NewRoundTripperFromConfig(cfg HTTPClientConfig, name string, optFuncs ...HT
 
 		// If a authorization_credentials is provided, create a round tripper that will set the
 		// Authorization header correctly on each request.
-		if cfg.Authorization != nil && len(cfg.Authorization.Credentials) > 0 {
-			rt = NewAuthorizationCredentialsRoundTripper(cfg.Authorization.Type, cfg.Authorization.Credentials, rt)
-		} else if cfg.Authorization != nil && len(cfg.Authorization.CredentialsFile) > 0 {
+		if cfg.Authorization != nil && len(cfg.Authorization.CredentialsFile) > 0 {
 			rt = NewAuthorizationCredentialsFileRoundTripper(cfg.Authorization.Type, cfg.Authorization.CredentialsFile, rt)
+		} else if cfg.Authorization != nil {
+			rt = NewAuthorizationCredentialsRoundTripper(cfg.Authorization.Type, cfg.Authorization.Credentials, rt)
 		}
 		// Backwards compatibility, be nice with importers who would not have
 		// called Validate().
@@ -630,7 +630,7 @@ func (rt *authorizationCredentialsFileRoundTripper) RoundTrip(req *http.Request)
 	if len(req.Header.Get("Authorization")) == 0 {
 		b, err := os.ReadFile(rt.authCredentialsFile)
 		if err != nil {
-			return nil, fmt.Errorf("unable to read authorization credentials file %s: %s", rt.authCredentialsFile, err)
+			return nil, fmt.Errorf("unable to read authorization credentials file %s: %w", rt.authCredentialsFile, err)
 		}
 		authCredentials := strings.TrimSpace(string(b))
 
@@ -670,7 +670,7 @@ func (rt *basicAuthRoundTripper) RoundTrip(req *http.Request) (*http.Response, e
 	if rt.usernameFile != "" {
 		usernameBytes, err := os.ReadFile(rt.usernameFile)
 		if err != nil {
-			return nil, fmt.Errorf("unable to read basic auth username file %s: %s", rt.usernameFile, err)
+			return nil, fmt.Errorf("unable to read basic auth username file %s: %w", rt.usernameFile, err)
 		}
 		username = strings.TrimSpace(string(usernameBytes))
 	} else {
@@ -679,7 +679,7 @@ func (rt *basicAuthRoundTripper) RoundTrip(req *http.Request) (*http.Response, e
 	if rt.passwordFile != "" {
 		passwordBytes, err := os.ReadFile(rt.passwordFile)
 		if err != nil {
-			return nil, fmt.Errorf("unable to read basic auth password file %s: %s", rt.passwordFile, err)
+			return nil, fmt.Errorf("unable to read basic auth password file %s: %w", rt.passwordFile, err)
 		}
 		password = strings.TrimSpace(string(passwordBytes))
 	} else {
@@ -723,7 +723,7 @@ func (rt *oauth2RoundTripper) RoundTrip(req *http.Request) (*http.Response, erro
 	if rt.config.ClientSecretFile != "" {
 		data, err := os.ReadFile(rt.config.ClientSecretFile)
 		if err != nil {
-			return nil, fmt.Errorf("unable to read oauth2 client secret file %s: %s", rt.config.ClientSecretFile, err)
+			return nil, fmt.Errorf("unable to read oauth2 client secret file %s: %w", rt.config.ClientSecretFile, err)
 		}
 		secret = strings.TrimSpace(string(data))
 		rt.mtx.RLock()
@@ -977,7 +977,7 @@ func (c *TLSConfig) getClientCertificate(_ *tls.CertificateRequestInfo) (*tls.Ce
 	if c.CertFile != "" {
 		certData, err = os.ReadFile(c.CertFile)
 		if err != nil {
-			return nil, fmt.Errorf("unable to read specified client cert (%s): %s", c.CertFile, err)
+			return nil, fmt.Errorf("unable to read specified client cert (%s): %w", c.CertFile, err)
 		}
 	} else {
 		certData = []byte(c.Cert)
@@ -986,7 +986,7 @@ func (c *TLSConfig) getClientCertificate(_ *tls.CertificateRequestInfo) (*tls.Ce
 	if c.KeyFile != "" {
 		keyData, err = os.ReadFile(c.KeyFile)
 		if err != nil {
-			return nil, fmt.Errorf("unable to read specified client key (%s): %s", c.KeyFile, err)
+			return nil, fmt.Errorf("unable to read specified client key (%s): %w", c.KeyFile, err)
 		}
 	} else {
 		keyData = []byte(c.Key)
@@ -994,7 +994,7 @@ func (c *TLSConfig) getClientCertificate(_ *tls.CertificateRequestInfo) (*tls.Ce
 
 	cert, err := tls.X509KeyPair(certData, keyData)
 	if err != nil {
-		return nil, fmt.Errorf("unable to use specified client cert (%s) & key (%s): %s", c.CertFile, c.KeyFile, err)
+		return nil, fmt.Errorf("unable to use specified client cert (%s) & key (%s): %w", c.CertFile, c.KeyFile, err)
 	}
 
 	return &cert, nil
@@ -1004,7 +1004,7 @@ func (c *TLSConfig) getClientCertificate(_ *tls.CertificateRequestInfo) (*tls.Ce
 func readCAFile(f string) ([]byte, error) {
 	data, err := os.ReadFile(f)
 	if err != nil {
-		return nil, fmt.Errorf("unable to load specified CA cert %s: %s", f, err)
+		return nil, fmt.Errorf("unable to load specified CA cert %s: %w", f, err)
 	}
 	return data, nil
 }
diff --git a/vendor/github.com/prometheus/common/expfmt/decode.go b/vendor/github.com/prometheus/common/expfmt/decode.go
index 0ca86a3dc7c..a909b171c86 100644
--- a/vendor/github.com/prometheus/common/expfmt/decode.go
+++ b/vendor/github.com/prometheus/common/expfmt/decode.go
@@ -14,6 +14,7 @@
 package expfmt
 
 import (
+	"bufio"
 	"fmt"
 	"io"
 	"math"
@@ -21,8 +22,8 @@ import (
 	"net/http"
 
 	dto "github.com/prometheus/client_model/go"
+	"google.golang.org/protobuf/encoding/protodelim"
 
-	"github.com/matttproud/golang_protobuf_extensions/v2/pbutil"
 	"github.com/prometheus/common/model"
 )
 
@@ -86,8 +87,10 @@ type protoDecoder struct {
 
 // Decode implements the Decoder interface.
 func (d *protoDecoder) Decode(v *dto.MetricFamily) error {
-	_, err := pbutil.ReadDelimited(d.r, v)
-	if err != nil {
+	opts := protodelim.UnmarshalOptions{
+		MaxSize: -1,
+	}
+	if err := opts.UnmarshalFrom(bufio.NewReader(d.r), v); err != nil {
 		return err
 	}
 	if !model.IsValidMetricName(model.LabelValue(v.GetName())) {
diff --git a/vendor/github.com/prometheus/common/expfmt/encode.go b/vendor/github.com/prometheus/common/expfmt/encode.go
index ca214060009..02b7a5e8128 100644
--- a/vendor/github.com/prometheus/common/expfmt/encode.go
+++ b/vendor/github.com/prometheus/common/expfmt/encode.go
@@ -18,10 +18,11 @@ import (
 	"io"
 	"net/http"
 
-	"github.com/matttproud/golang_protobuf_extensions/v2/pbutil"
-	"github.com/prometheus/common/internal/bitbucket.org/ww/goautoneg"
+	"google.golang.org/protobuf/encoding/protodelim"
 	"google.golang.org/protobuf/encoding/prototext"
 
+	"github.com/prometheus/common/internal/bitbucket.org/ww/goautoneg"
+
 	dto "github.com/prometheus/client_model/go"
 )
 
@@ -120,7 +121,7 @@ func NewEncoder(w io.Writer, format Format) Encoder {
 	case FmtProtoDelim:
 		return encoderCloser{
 			encode: func(v *dto.MetricFamily) error {
-				_, err := pbutil.WriteDelimited(w, v)
+				_, err := protodelim.MarshalTo(w, v)
 				return err
 			},
 			close: func() error { return nil },
diff --git a/vendor/github.com/prometheus/common/expfmt/text_parse.go b/vendor/github.com/prometheus/common/expfmt/text_parse.go
index 35db1cc9d73..26490211af2 100644
--- a/vendor/github.com/prometheus/common/expfmt/text_parse.go
+++ b/vendor/github.com/prometheus/common/expfmt/text_parse.go
@@ -16,6 +16,7 @@ package expfmt
 import (
 	"bufio"
 	"bytes"
+	"errors"
 	"fmt"
 	"io"
 	"math"
@@ -24,8 +25,9 @@ import (
 
 	dto "github.com/prometheus/client_model/go"
 
-	"github.com/prometheus/common/model"
 	"google.golang.org/protobuf/proto"
+
+	"github.com/prometheus/common/model"
 )
 
 // A stateFn is a function that represents a state in a state machine. By
@@ -112,7 +114,7 @@ func (p *TextParser) TextToMetricFamilies(in io.Reader) (map[string]*dto.MetricF
 	// stream. Turn this error into something nicer and more
 	// meaningful. (io.EOF is often used as a signal for the legitimate end
 	// of an input stream.)
-	if p.err == io.EOF {
+	if p.err != nil && errors.Is(p.err, io.EOF) {
 		p.parseError("unexpected end of input stream")
 	}
 	return p.metricFamiliesByName, p.err
@@ -146,7 +148,7 @@ func (p *TextParser) startOfLine() stateFn {
 		// which is not an error but the signal that we are done.
 		// Any other error that happens to align with the start of
 		// a line is still an error.
-		if p.err == io.EOF {
+		if errors.Is(p.err, io.EOF) {
 			p.err = nil
 		}
 		return nil
diff --git a/vendor/github.com/prometheus/common/model/alert.go b/vendor/github.com/prometheus/common/model/alert.go
index 35e739c7ad2..178fdbaf615 100644
--- a/vendor/github.com/prometheus/common/model/alert.go
+++ b/vendor/github.com/prometheus/common/model/alert.go
@@ -90,13 +90,13 @@ func (a *Alert) Validate() error {
 		return fmt.Errorf("start time must be before end time")
 	}
 	if err := a.Labels.Validate(); err != nil {
-		return fmt.Errorf("invalid label set: %s", err)
+		return fmt.Errorf("invalid label set: %w", err)
 	}
 	if len(a.Labels) == 0 {
 		return fmt.Errorf("at least one label pair required")
 	}
 	if err := a.Annotations.Validate(); err != nil {
-		return fmt.Errorf("invalid annotations: %s", err)
+		return fmt.Errorf("invalid annotations: %w", err)
 	}
 	return nil
 }
diff --git a/vendor/github.com/prometheus/common/model/metadata.go b/vendor/github.com/prometheus/common/model/metadata.go
new file mode 100644
index 00000000000..447ab8ad635
--- /dev/null
+++ b/vendor/github.com/prometheus/common/model/metadata.go
@@ -0,0 +1,28 @@
+// Copyright 2023 The Prometheus Authors
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package model
+
+// MetricType represents metric type values.
+type MetricType string
+
+const (
+	MetricTypeCounter        = MetricType("counter")
+	MetricTypeGauge          = MetricType("gauge")
+	MetricTypeHistogram      = MetricType("histogram")
+	MetricTypeGaugeHistogram = MetricType("gaugehistogram")
+	MetricTypeSummary        = MetricType("summary")
+	MetricTypeInfo           = MetricType("info")
+	MetricTypeStateset       = MetricType("stateset")
+	MetricTypeUnknown        = MetricType("unknown")
+)
diff --git a/vendor/github.com/prometheus/common/model/metric.go b/vendor/github.com/prometheus/common/model/metric.go
index 00804b7fedb..f8c5eabaa99 100644
--- a/vendor/github.com/prometheus/common/model/metric.go
+++ b/vendor/github.com/prometheus/common/model/metric.go
@@ -20,12 +20,10 @@ import (
 	"strings"
 )
 
-var (
-	// MetricNameRE is a regular expression matching valid metric
-	// names. Note that the IsValidMetricName function performs the same
-	// check but faster than a match with this regular expression.
-	MetricNameRE = regexp.MustCompile(`^[a-zA-Z_:][a-zA-Z0-9_:]*$`)
-)
+// MetricNameRE is a regular expression matching valid metric
+// names. Note that the IsValidMetricName function performs the same
+// check but faster than a match with this regular expression.
+var MetricNameRE = regexp.MustCompile(`^[a-zA-Z_:][a-zA-Z0-9_:]*$`)
 
 // A Metric is similar to a LabelSet, but the key difference is that a Metric is
 // a singleton and refers to one and only one stream of samples.
diff --git a/vendor/github.com/prometheus/common/model/signature.go b/vendor/github.com/prometheus/common/model/signature.go
index 8762b13c63d..dc8a0026c48 100644
--- a/vendor/github.com/prometheus/common/model/signature.go
+++ b/vendor/github.com/prometheus/common/model/signature.go
@@ -22,10 +22,8 @@ import (
 // when calculating their combined hash value (aka signature aka fingerprint).
 const SeparatorByte byte = 255
 
-var (
-	// cache the signature of an empty label set.
-	emptyLabelSignature = hashNew()
-)
+// cache the signature of an empty label set.
+var emptyLabelSignature = hashNew()
 
 // LabelsToSignature returns a quasi-unique signature (i.e., fingerprint) for a
 // given label set. (Collisions are possible but unlikely if the number of label
diff --git a/vendor/github.com/prometheus/common/model/silence.go b/vendor/github.com/prometheus/common/model/silence.go
index bb99889d2cc..910b0b71fcc 100644
--- a/vendor/github.com/prometheus/common/model/silence.go
+++ b/vendor/github.com/prometheus/common/model/silence.go
@@ -81,7 +81,7 @@ func (s *Silence) Validate() error {
 	}
 	for _, m := range s.Matchers {
 		if err := m.Validate(); err != nil {
-			return fmt.Errorf("invalid matcher: %s", err)
+			return fmt.Errorf("invalid matcher: %w", err)
 		}
 	}
 	if s.StartsAt.IsZero() {
diff --git a/vendor/github.com/prometheus/common/model/value.go b/vendor/github.com/prometheus/common/model/value.go
index 9eb440413fd..8050637d822 100644
--- a/vendor/github.com/prometheus/common/model/value.go
+++ b/vendor/github.com/prometheus/common/model/value.go
@@ -21,14 +21,12 @@ import (
 	"strings"
 )
 
-var (
-	// ZeroSample is the pseudo zero-value of Sample used to signal a
-	// non-existing sample. It is a Sample with timestamp Earliest, value 0.0,
-	// and metric nil. Note that the natural zero value of Sample has a timestamp
-	// of 0, which is possible to appear in a real Sample and thus not suitable
-	// to signal a non-existing Sample.
-	ZeroSample = Sample{Timestamp: Earliest}
-)
+// ZeroSample is the pseudo zero-value of Sample used to signal a
+// non-existing sample. It is a Sample with timestamp Earliest, value 0.0,
+// and metric nil. Note that the natural zero value of Sample has a timestamp
+// of 0, which is possible to appear in a real Sample and thus not suitable
+// to signal a non-existing Sample.
+var ZeroSample = Sample{Timestamp: Earliest}
 
 // Sample is a sample pair associated with a metric. A single sample must either
 // define Value or Histogram but not both. Histogram == nil implies the Value
@@ -274,7 +272,7 @@ func (s *Scalar) UnmarshalJSON(b []byte) error {
 
 	value, err := strconv.ParseFloat(f, 64)
 	if err != nil {
-		return fmt.Errorf("error parsing sample value: %s", err)
+		return fmt.Errorf("error parsing sample value: %w", err)
 	}
 	s.Value = SampleValue(value)
 	return nil
diff --git a/vendor/github.com/prometheus/common/model/value_float.go b/vendor/github.com/prometheus/common/model/value_float.go
index 0f615a70530..ae35cc2ab4b 100644
--- a/vendor/github.com/prometheus/common/model/value_float.go
+++ b/vendor/github.com/prometheus/common/model/value_float.go
@@ -20,14 +20,12 @@ import (
 	"strconv"
 )
 
-var (
-	// ZeroSamplePair is the pseudo zero-value of SamplePair used to signal a
-	// non-existing sample pair. It is a SamplePair with timestamp Earliest and
-	// value 0.0. Note that the natural zero value of SamplePair has a timestamp
-	// of 0, which is possible to appear in a real SamplePair and thus not
-	// suitable to signal a non-existing SamplePair.
-	ZeroSamplePair = SamplePair{Timestamp: Earliest}
-)
+// ZeroSamplePair is the pseudo zero-value of SamplePair used to signal a
+// non-existing sample pair. It is a SamplePair with timestamp Earliest and
+// value 0.0. Note that the natural zero value of SamplePair has a timestamp
+// of 0, which is possible to appear in a real SamplePair and thus not
+// suitable to signal a non-existing SamplePair.
+var ZeroSamplePair = SamplePair{Timestamp: Earliest}
 
 // A SampleValue is a representation of a value for a given sample at a given
 // time.
diff --git a/vendor/github.com/redis/go-redis/v9/command.go b/vendor/github.com/redis/go-redis/v9/command.go
index 4ef335a974a..06ed86ed00a 100644
--- a/vendor/github.com/redis/go-redis/v9/command.go
+++ b/vendor/github.com/redis/go-redis/v9/command.go
@@ -854,7 +854,7 @@ func (cmd *StringCmd) Val() string {
 }
 
 func (cmd *StringCmd) Result() (string, error) {
-	return cmd.Val(), cmd.err
+	return cmd.val, cmd.err
 }
 
 func (cmd *StringCmd) Bytes() ([]byte, error) {
@@ -958,7 +958,7 @@ func (cmd *FloatCmd) Val() float64 {
 }
 
 func (cmd *FloatCmd) Result() (float64, error) {
-	return cmd.Val(), cmd.Err()
+	return cmd.val, cmd.err
 }
 
 func (cmd *FloatCmd) String() string {
@@ -1053,7 +1053,7 @@ func (cmd *StringSliceCmd) Val() []string {
 }
 
 func (cmd *StringSliceCmd) Result() ([]string, error) {
-	return cmd.Val(), cmd.Err()
+	return cmd.val, cmd.err
 }
 
 func (cmd *StringSliceCmd) String() string {
@@ -2715,7 +2715,7 @@ func (cmd *ZWithKeyCmd) Val() *ZWithKey {
 }
 
 func (cmd *ZWithKeyCmd) Result() (*ZWithKey, error) {
-	return cmd.Val(), cmd.Err()
+	return cmd.val, cmd.err
 }
 
 func (cmd *ZWithKeyCmd) String() string {
@@ -2853,7 +2853,7 @@ func (cmd *ClusterSlotsCmd) Val() []ClusterSlot {
 }
 
 func (cmd *ClusterSlotsCmd) Result() ([]ClusterSlot, error) {
-	return cmd.Val(), cmd.Err()
+	return cmd.val, cmd.err
 }
 
 func (cmd *ClusterSlotsCmd) String() string {
@@ -3313,7 +3313,7 @@ func (cmd *GeoPosCmd) Val() []*GeoPos {
 }
 
 func (cmd *GeoPosCmd) Result() ([]*GeoPos, error) {
-	return cmd.Val(), cmd.Err()
+	return cmd.val, cmd.err
 }
 
 func (cmd *GeoPosCmd) String() string {
@@ -3394,7 +3394,7 @@ func (cmd *CommandsInfoCmd) Val() map[string]*CommandInfo {
 }
 
 func (cmd *CommandsInfoCmd) Result() (map[string]*CommandInfo, error) {
-	return cmd.Val(), cmd.Err()
+	return cmd.val, cmd.err
 }
 
 func (cmd *CommandsInfoCmd) String() string {
@@ -3584,7 +3584,7 @@ func (cmd *SlowLogCmd) Val() []SlowLog {
 }
 
 func (cmd *SlowLogCmd) Result() ([]SlowLog, error) {
-	return cmd.Val(), cmd.Err()
+	return cmd.val, cmd.err
 }
 
 func (cmd *SlowLogCmd) String() string {
@@ -3683,7 +3683,7 @@ func (cmd *MapStringInterfaceCmd) Val() map[string]interface{} {
 }
 
 func (cmd *MapStringInterfaceCmd) Result() (map[string]interface{}, error) {
-	return cmd.Val(), cmd.Err()
+	return cmd.val, cmd.err
 }
 
 func (cmd *MapStringInterfaceCmd) String() string {
@@ -3747,7 +3747,7 @@ func (cmd *MapStringStringSliceCmd) Val() []map[string]string {
 }
 
 func (cmd *MapStringStringSliceCmd) Result() ([]map[string]string, error) {
-	return cmd.Val(), cmd.Err()
+	return cmd.val, cmd.err
 }
 
 func (cmd *MapStringStringSliceCmd) String() string {
@@ -3811,7 +3811,7 @@ func (cmd *MapStringInterfaceSliceCmd) Val() []map[string]interface{} {
 }
 
 func (cmd *MapStringInterfaceSliceCmd) Result() ([]map[string]interface{}, error) {
-	return cmd.Val(), cmd.Err()
+	return cmd.val, cmd.err
 }
 
 func (cmd *MapStringInterfaceSliceCmd) String() string {
@@ -4661,7 +4661,7 @@ func (cmd *ClusterLinksCmd) Val() []ClusterLink {
 }
 
 func (cmd *ClusterLinksCmd) Result() ([]ClusterLink, error) {
-	return cmd.Val(), cmd.Err()
+	return cmd.val, cmd.err
 }
 
 func (cmd *ClusterLinksCmd) String() string {
@@ -4763,7 +4763,7 @@ func (cmd *ClusterShardsCmd) Val() []ClusterShard {
 }
 
 func (cmd *ClusterShardsCmd) Result() ([]ClusterShard, error) {
-	return cmd.Val(), cmd.Err()
+	return cmd.val, cmd.err
 }
 
 func (cmd *ClusterShardsCmd) String() string {
@@ -5236,7 +5236,7 @@ func (cmd *ACLLogCmd) Val() []*ACLLogEntry {
 }
 
 func (cmd *ACLLogCmd) Result() ([]*ACLLogEntry, error) {
-	return cmd.Val(), cmd.Err()
+	return cmd.val, cmd.err
 }
 
 func (cmd *ACLLogCmd) String() string {
@@ -5337,7 +5337,7 @@ func (cmd *InfoCmd) Val() map[string]map[string]string {
 }
 
 func (cmd *InfoCmd) Result() (map[string]map[string]string, error) {
-	return cmd.Val(), cmd.Err()
+	return cmd.val, cmd.err
 }
 
 func (cmd *InfoCmd) String() string {
diff --git a/vendor/github.com/redis/go-redis/v9/json.go b/vendor/github.com/redis/go-redis/v9/json.go
index f0d3abbda2c..ca731db3a7e 100644
--- a/vendor/github.com/redis/go-redis/v9/json.go
+++ b/vendor/github.com/redis/go-redis/v9/json.go
@@ -178,7 +178,7 @@ func (cmd *JSONSliceCmd) Val() []interface{} {
 }
 
 func (cmd *JSONSliceCmd) Result() ([]interface{}, error) {
-	return cmd.Val(), cmd.Err()
+	return cmd.val, cmd.err
 }
 
 func (cmd *JSONSliceCmd) readReply(rd *proto.Reader) error {
@@ -252,7 +252,7 @@ func (cmd *IntPointerSliceCmd) Val() []*int64 {
 }
 
 func (cmd *IntPointerSliceCmd) Result() ([]*int64, error) {
-	return cmd.Val(), cmd.Err()
+	return cmd.val, cmd.err
 }
 
 func (cmd *IntPointerSliceCmd) readReply(rd *proto.Reader) error {
diff --git a/vendor/github.com/redis/go-redis/v9/options.go b/vendor/github.com/redis/go-redis/v9/options.go
index 449a9252164..dff52ae8ba8 100644
--- a/vendor/github.com/redis/go-redis/v9/options.go
+++ b/vendor/github.com/redis/go-redis/v9/options.go
@@ -144,6 +144,9 @@ type Options struct {
 
 	// Disable set-lib on connect. Default is false.
 	DisableIndentity bool
+
+	// Add suffix to client name. Default is empty.
+	IdentitySuffix string
 }
 
 func (opt *Options) init() {
diff --git a/vendor/github.com/redis/go-redis/v9/osscluster.go b/vendor/github.com/redis/go-redis/v9/osscluster.go
index b8a82d9bcd9..9e5eb0464ad 100644
--- a/vendor/github.com/redis/go-redis/v9/osscluster.go
+++ b/vendor/github.com/redis/go-redis/v9/osscluster.go
@@ -86,6 +86,8 @@ type ClusterOptions struct {
 
 	TLSConfig        *tls.Config
 	DisableIndentity bool // Disable set-lib on connect. Default is false.
+
+	IdentitySuffix string // Add suffix to client name. Default is empty.
 }
 
 func (opt *ClusterOptions) init() {
@@ -291,6 +293,7 @@ func (opt *ClusterOptions) clientOptions() *Options {
 		ConnMaxIdleTime:  opt.ConnMaxIdleTime,
 		ConnMaxLifetime:  opt.ConnMaxLifetime,
 		DisableIndentity: opt.DisableIndentity,
+		IdentitySuffix:   opt.IdentitySuffix,
 		TLSConfig:        opt.TLSConfig,
 		// If ClusterSlots is populated, then we probably have an artificial
 		// cluster whose nodes are not in clustering mode (otherwise there isn't
diff --git a/vendor/github.com/redis/go-redis/v9/package.json b/vendor/github.com/redis/go-redis/v9/package.json
index cfba3581f9a..1a690047de4 100644
--- a/vendor/github.com/redis/go-redis/v9/package.json
+++ b/vendor/github.com/redis/go-redis/v9/package.json
@@ -1,6 +1,6 @@
 {
   "name": "redis",
-  "version": "9.3.1",
+  "version": "9.4.0",
   "main": "index.js",
   "repository": "git@github.com:redis/go-redis.git",
   "author": "Vladimir Mihailenco <vladimir.webdev@gmail.com>",
diff --git a/vendor/github.com/redis/go-redis/v9/redis.go b/vendor/github.com/redis/go-redis/v9/redis.go
index 9792af7604b..4dd862b845e 100644
--- a/vendor/github.com/redis/go-redis/v9/redis.go
+++ b/vendor/github.com/redis/go-redis/v9/redis.go
@@ -315,6 +315,9 @@ func (c *baseClient) initConn(ctx context.Context, cn *pool.Conn) error {
 	if !c.opt.DisableIndentity {
 		libName := ""
 		libVer := Version()
+		if c.opt.IdentitySuffix != "" {
+			libName = c.opt.IdentitySuffix
+		}
 		libInfo := LibraryInfo{LibName: &libName}
 		conn.ClientSetInfo(ctx, libInfo)
 		libInfo = LibraryInfo{LibVer: &libVer}
diff --git a/vendor/github.com/redis/go-redis/v9/ring.go b/vendor/github.com/redis/go-redis/v9/ring.go
index 0c031b5a651..4ae00542ba9 100644
--- a/vendor/github.com/redis/go-redis/v9/ring.go
+++ b/vendor/github.com/redis/go-redis/v9/ring.go
@@ -99,6 +99,7 @@ type RingOptions struct {
 	Limiter   Limiter
 
 	DisableIndentity bool
+	IdentitySuffix   string
 }
 
 func (opt *RingOptions) init() {
@@ -166,6 +167,7 @@ func (opt *RingOptions) clientOptions() *Options {
 		Limiter:   opt.Limiter,
 
 		DisableIndentity: opt.DisableIndentity,
+		IdentitySuffix:   opt.IdentitySuffix,
 	}
 }
 
diff --git a/vendor/github.com/redis/go-redis/v9/sentinel.go b/vendor/github.com/redis/go-redis/v9/sentinel.go
index 31ea3c77a7c..9ace0886b85 100644
--- a/vendor/github.com/redis/go-redis/v9/sentinel.go
+++ b/vendor/github.com/redis/go-redis/v9/sentinel.go
@@ -81,6 +81,7 @@ type FailoverOptions struct {
 	TLSConfig *tls.Config
 
 	DisableIndentity bool
+	IdentitySuffix   string
 }
 
 func (opt *FailoverOptions) clientOptions() *Options {
@@ -117,6 +118,7 @@ func (opt *FailoverOptions) clientOptions() *Options {
 		TLSConfig: opt.TLSConfig,
 
 		DisableIndentity: opt.DisableIndentity,
+		IdentitySuffix:   opt.IdentitySuffix,
 	}
 }
 
diff --git a/vendor/github.com/redis/go-redis/v9/sortedset_commands.go b/vendor/github.com/redis/go-redis/v9/sortedset_commands.go
index 7e96e1ebff8..67014027034 100644
--- a/vendor/github.com/redis/go-redis/v9/sortedset_commands.go
+++ b/vendor/github.com/redis/go-redis/v9/sortedset_commands.go
@@ -727,7 +727,7 @@ func (c cmdable) ZScan(ctx context.Context, key string, cursor uint64, match str
 // Z represents sorted set member.
 type Z struct {
 	Score  float64
-	Member string
+	Member interface{}
 }
 
 // ZWithKey represents sorted set member including the name of the key where it was popped.
diff --git a/vendor/github.com/redis/go-redis/v9/universal.go b/vendor/github.com/redis/go-redis/v9/universal.go
index 1e48d7b9008..275bef3d601 100644
--- a/vendor/github.com/redis/go-redis/v9/universal.go
+++ b/vendor/github.com/redis/go-redis/v9/universal.go
@@ -67,6 +67,7 @@ type UniversalOptions struct {
 	MasterName string
 
 	DisableIndentity bool
+	IdentitySuffix   string
 }
 
 // Cluster returns cluster options created from the universal options.
@@ -112,6 +113,7 @@ func (o *UniversalOptions) Cluster() *ClusterOptions {
 		TLSConfig: o.TLSConfig,
 
 		DisableIndentity: o.DisableIndentity,
+		IdentitySuffix:   o.IdentitySuffix,
 	}
 }
 
@@ -157,6 +159,7 @@ func (o *UniversalOptions) Failover() *FailoverOptions {
 		TLSConfig: o.TLSConfig,
 
 		DisableIndentity: o.DisableIndentity,
+		IdentitySuffix:   o.IdentitySuffix,
 	}
 }
 
@@ -199,6 +202,7 @@ func (o *UniversalOptions) Simple() *Options {
 		TLSConfig: o.TLSConfig,
 
 		DisableIndentity: o.DisableIndentity,
+		IdentitySuffix:   o.IdentitySuffix,
 	}
 }
 
diff --git a/vendor/github.com/redis/go-redis/v9/version.go b/vendor/github.com/redis/go-redis/v9/version.go
index a6c6905b017..92f498204db 100644
--- a/vendor/github.com/redis/go-redis/v9/version.go
+++ b/vendor/github.com/redis/go-redis/v9/version.go
@@ -2,5 +2,5 @@ package redis
 
 // Version is the current release version.
 func Version() string {
-	return "9.3.1"
+	return "9.4.0"
 }
diff --git a/vendor/go.opentelemetry.io/otel/CHANGELOG.md b/vendor/go.opentelemetry.io/otel/CHANGELOG.md
index 24874f856e3..fe670d79cc2 100644
--- a/vendor/go.opentelemetry.io/otel/CHANGELOG.md
+++ b/vendor/go.opentelemetry.io/otel/CHANGELOG.md
@@ -8,6 +8,46 @@ This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.htm
 
 ## [Unreleased]
 
+## [1.22.0/0.45.0] 2024-01-17
+
+### Added
+
+- The `go.opentelemetry.io/otel/semconv/v1.22.0` package.
+  The package contains semantic conventions from the `v1.22.0` version of the OpenTelemetry Semantic Conventions. (#4735)
+- The `go.opentelemetry.io/otel/semconv/v1.23.0` package.
+  The package contains semantic conventions from the `v1.23.0` version of the OpenTelemetry Semantic Conventions. (#4746)
+- The `go.opentelemetry.io/otel/semconv/v1.23.1` package.
+  The package contains semantic conventions from the `v1.23.1` version of the OpenTelemetry Semantic Conventions. (#4749)
+- The `go.opentelemetry.io/otel/semconv/v1.24.0` package.
+  The package contains semantic conventions from the `v1.24.0` version of the OpenTelemetry Semantic Conventions. (#4770)
+- Add `WithResourceAsConstantLabels` option to apply resource attributes for every metric emitted by the Prometheus exporter. (#4733)
+- Experimental cardinality limiting is added to the metric SDK.
+  See [metric documentation](./sdk/metric/EXPERIMENTAL.md#cardinality-limit) for more information about this feature and how to enable it. (#4457)
+- Add `NewMemberRaw` and `NewKeyValuePropertyRaw` in `go.opentelemetry.io/otel/baggage`. (#4804)
+
+### Changed
+
+- Upgrade all use of `go.opentelemetry.io/otel/semconv` to use `v1.24.0`. (#4754)
+- Update transformations in `go.opentelemetry.io/otel/exporters/zipkin` to follow `v1.19.0` version of the OpenTelemetry specification. (#4754)
+- Record synchronous measurements when the passed context is canceled instead of dropping in `go.opentelemetry.io/otel/sdk/metric`.
+  If you do not want to make a measurement when the context is cancelled, you need to handle it yourself (e.g  `if ctx.Err() != nil`). (#4671)
+- Improve `go.opentelemetry.io/otel/trace.TraceState`'s performance. (#4722)
+- Improve `go.opentelemetry.io/otel/propagation.TraceContext`'s performance. (#4721)
+- Improve `go.opentelemetry.io/otel/baggage` performance. (#4743)
+- Improve performance of the `(*Set).Filter` method in `go.opentelemetry.io/otel/attribute` when the passed filter does not filter out any attributes from the set. (#4774)
+- `Member.String` in `go.opentelemetry.io/otel/baggage` percent-encodes only when necessary. (#4775)
+- Improve `go.opentelemetry.io/otel/trace.Span`'s performance when adding multiple attributes. (#4818)
+- `Property.Value` in `go.opentelemetry.io/otel/baggage` now returns a raw string instead of a percent-encoded value. (#4804)
+
+### Fixed
+
+- Fix `Parse` in `go.opentelemetry.io/otel/baggage` to validate member value before percent-decoding. (#4755)
+- Fix whitespace encoding of `Member.String` in `go.opentelemetry.io/otel/baggage`. (#4756)
+- Fix observable not registered error when the asynchronous instrument has a drop aggregation in `go.opentelemetry.io/otel/sdk/metric`. (#4772)
+- Fix baggage item key so that it is not canonicalized in `go.opentelemetry.io/otel/bridge/opentracing`. (#4776)
+- Fix `go.opentelemetry.io/otel/bridge/opentracing` to properly handle baggage values that requires escaping during propagation. (#4804)
+- Fix a bug where using multiple readers resulted in incorrect asynchronous counter values in `go.opentelemetry.io/otel/sdk/metric`. (#4742)
+
 ## [1.21.0/0.44.0] 2023-11-16
 
 ### Removed
@@ -2735,7 +2775,8 @@ It contains api and sdk for trace and meter.
 - CircleCI build CI manifest files.
 - CODEOWNERS file to track owners of this project.
 
-[Unreleased]: https://github.com/open-telemetry/opentelemetry-go/compare/v1.21.0...HEAD
+[Unreleased]: https://github.com/open-telemetry/opentelemetry-go/compare/v1.22.0...HEAD
+[1.22.0/0.45.0]: https://github.com/open-telemetry/opentelemetry-go/releases/tag/v1.22.0
 [1.21.0/0.44.0]: https://github.com/open-telemetry/opentelemetry-go/releases/tag/v1.21.0
 [1.20.0/0.43.0]: https://github.com/open-telemetry/opentelemetry-go/releases/tag/v1.20.0
 [1.19.0/0.42.0/0.0.7]: https://github.com/open-telemetry/opentelemetry-go/releases/tag/v1.19.0
diff --git a/vendor/go.opentelemetry.io/otel/CONTRIBUTING.md b/vendor/go.opentelemetry.io/otel/CONTRIBUTING.md
index 850606ae692..31857a61738 100644
--- a/vendor/go.opentelemetry.io/otel/CONTRIBUTING.md
+++ b/vendor/go.opentelemetry.io/otel/CONTRIBUTING.md
@@ -591,6 +591,26 @@ this.
 
 [^3]: https://github.com/open-telemetry/opentelemetry-go/issues/3548
 
+### Ignoring context cancellation
+
+OpenTelemetry API implementations need to ignore the cancellation of the context that are
+passed when recording a value (e.g. starting a span, recording a measurement, emitting a log).
+Recording methods should not return an error describing the cancellation state of the context
+when they complete, nor should they abort any work.
+
+This rule may not apply if the OpenTelemetry specification defines a timeout mechanism for
+the method. In that case the context cancellation can be used for the timeout with the
+restriction that this behavior is documented for the method. Otherwise, timeouts
+are expected to be handled by the user calling the API, not the implementation.
+
+Stoppage of the telemetry pipeline is handled by calling the appropriate `Shutdown` method
+of a provider. It is assumed the context passed from a user is not used for this purpose.
+
+Outside of the direct recording of telemetry from the API (e.g. exporting telemetry,
+force flushing telemetry, shutting down a signal provider) the context cancellation
+should be honored. This means all work done on behalf of the user provided context
+should be canceled.
+
 ## Approvers and Maintainers
 
 ### Approvers
@@ -610,6 +630,7 @@ this.
 
 ### Emeritus
 
+- [Liz Fong-Jones](https://github.com/lizthegrey), Honeycomb
 - [Gustavo Silva Paiva](https://github.com/paivagustavo), LightStep
 - [Josh MacDonald](https://github.com/jmacd), LightStep
 
diff --git a/vendor/go.opentelemetry.io/otel/README.md b/vendor/go.opentelemetry.io/otel/README.md
index 2c5b0cc28ab..44e1bfc9b5e 100644
--- a/vendor/go.opentelemetry.io/otel/README.md
+++ b/vendor/go.opentelemetry.io/otel/README.md
@@ -66,7 +66,7 @@ are made for those systems currently.
 
 ## Getting Started
 
-You can find a getting started guide on [opentelemetry.io](https://opentelemetry.io/docs/go/getting-started/).
+You can find a getting started guide on [opentelemetry.io](https://opentelemetry.io/docs/languages/go/getting-started/).
 
 OpenTelemetry's goal is to provide a single set of APIs to capture distributed
 traces and metrics from your application and send them to an observability
diff --git a/vendor/go.opentelemetry.io/otel/RELEASING.md b/vendor/go.opentelemetry.io/otel/RELEASING.md
index 82ce3ee46a1..d2691d0bd8b 100644
--- a/vendor/go.opentelemetry.io/otel/RELEASING.md
+++ b/vendor/go.opentelemetry.io/otel/RELEASING.md
@@ -123,12 +123,12 @@ Once verified be sure to [make a release for the `contrib` repository](https://g
 
 ### Website Documentation
 
-Update the [Go instrumentation documentation] in the OpenTelemetry website under [content/en/docs/instrumentation/go].
+Update the [Go instrumentation documentation] in the OpenTelemetry website under [content/en/docs/languages/go].
 Importantly, bump any package versions referenced to be the latest one you just released and ensure all code examples still compile and are accurate.
 
 [OpenTelemetry Semantic Conventions]: https://github.com/open-telemetry/semantic-conventions
-[Go instrumentation documentation]: https://opentelemetry.io/docs/instrumentation/go/
-[content/en/docs/instrumentation/go]: https://github.com/open-telemetry/opentelemetry.io/tree/main/content/en/docs/instrumentation/go
+[Go instrumentation documentation]: https://opentelemetry.io/docs/languages/go/
+[content/en/docs/languages/go]: https://github.com/open-telemetry/opentelemetry.io/tree/main/content/en/docs/languages/go
 
 ### Demo Repository
 
diff --git a/vendor/go.opentelemetry.io/otel/attribute/set.go b/vendor/go.opentelemetry.io/otel/attribute/set.go
index 9f9303d4f15..7e6765b06b7 100644
--- a/vendor/go.opentelemetry.io/otel/attribute/set.go
+++ b/vendor/go.opentelemetry.io/otel/attribute/set.go
@@ -279,52 +279,75 @@ func NewSetWithSortableFiltered(kvs []KeyValue, tmp *Sortable, filter Filter) (S
 		position--
 		kvs[offset], kvs[position] = kvs[position], kvs[offset]
 	}
+	kvs = kvs[position:]
+
 	if filter != nil {
-		return filterSet(kvs[position:], filter)
+		if div := filteredToFront(kvs, filter); div != 0 {
+			return Set{equivalent: computeDistinct(kvs[div:])}, kvs[:div]
+		}
 	}
-	return Set{
-		equivalent: computeDistinct(kvs[position:]),
-	}, nil
+	return Set{equivalent: computeDistinct(kvs)}, nil
 }
 
-// filterSet reorders kvs so that included keys are contiguous at the end of
-// the slice, while excluded keys precede the included keys.
-func filterSet(kvs []KeyValue, filter Filter) (Set, []KeyValue) {
-	var excluded []KeyValue
-
-	// Move attributes that do not match the filter so they're adjacent before
-	// calling computeDistinct().
-	distinctPosition := len(kvs)
-
-	// Swap indistinct keys forward and distinct keys toward the
-	// end of the slice.
-	offset := len(kvs) - 1
-	for ; offset >= 0; offset-- {
-		if filter(kvs[offset]) {
-			distinctPosition--
-			kvs[offset], kvs[distinctPosition] = kvs[distinctPosition], kvs[offset]
-			continue
+// filteredToFront filters slice in-place using keep function. All KeyValues that need to
+// be removed are moved to the front. All KeyValues that need to be kept are
+// moved (in-order) to the back. The index for the first KeyValue to be kept is
+// returned.
+func filteredToFront(slice []KeyValue, keep Filter) int {
+	n := len(slice)
+	j := n
+	for i := n - 1; i >= 0; i-- {
+		if keep(slice[i]) {
+			j--
+			slice[i], slice[j] = slice[j], slice[i]
 		}
 	}
-	excluded = kvs[:distinctPosition]
-
-	return Set{
-		equivalent: computeDistinct(kvs[distinctPosition:]),
-	}, excluded
+	return j
 }
 
 // Filter returns a filtered copy of this Set. See the documentation for
 // NewSetWithSortableFiltered for more details.
 func (l *Set) Filter(re Filter) (Set, []KeyValue) {
 	if re == nil {
-		return Set{
-			equivalent: l.equivalent,
-		}, nil
+		return *l, nil
 	}
 
-	// Note: This could be refactored to avoid the temporary slice
-	// allocation, if it proves to be expensive.
-	return filterSet(l.ToSlice(), re)
+	// Iterate in reverse to the first attribute that will be filtered out.
+	n := l.Len()
+	first := n - 1
+	for ; first >= 0; first-- {
+		kv, _ := l.Get(first)
+		if !re(kv) {
+			break
+		}
+	}
+
+	// No attributes will be dropped, return the immutable Set l and nil.
+	if first < 0 {
+		return *l, nil
+	}
+
+	// Copy now that we know we need to return a modified set.
+	//
+	// Do not do this in-place on the underlying storage of *Set l. Sets are
+	// immutable and filtering should not change this.
+	slice := l.ToSlice()
+
+	// Don't re-iterate the slice if only slice[0] is filtered.
+	if first == 0 {
+		// It is safe to assume len(slice) >= 1 given we found at least one
+		// attribute above that needs to be filtered out.
+		return Set{equivalent: computeDistinct(slice[1:])}, slice[:1]
+	}
+
+	// Move the filtered slice[first] to the front (preserving order).
+	kv := slice[first]
+	copy(slice[1:first+1], slice[:first])
+	slice[0] = kv
+
+	// Do not re-evaluate re(slice[first+1:]).
+	div := filteredToFront(slice[1:first+1], re) + 1
+	return Set{equivalent: computeDistinct(slice[div:])}, slice[:div]
 }
 
 // computeDistinct returns a Distinct using either the fixed- or
diff --git a/vendor/go.opentelemetry.io/otel/baggage/baggage.go b/vendor/go.opentelemetry.io/otel/baggage/baggage.go
index 84532cb1da3..7d27cf77d5c 100644
--- a/vendor/go.opentelemetry.io/otel/baggage/baggage.go
+++ b/vendor/go.opentelemetry.io/otel/baggage/baggage.go
@@ -18,7 +18,6 @@ import (
 	"errors"
 	"fmt"
 	"net/url"
-	"regexp"
 	"strings"
 
 	"go.opentelemetry.io/otel/internal/baggage"
@@ -32,16 +31,6 @@ const (
 	listDelimiter     = ","
 	keyValueDelimiter = "="
 	propertyDelimiter = ";"
-
-	keyDef      = `([\x21\x23-\x27\x2A\x2B\x2D\x2E\x30-\x39\x41-\x5a\x5e-\x7a\x7c\x7e]+)`
-	valueDef    = `([\x21\x23-\x2b\x2d-\x3a\x3c-\x5B\x5D-\x7e]*)`
-	keyValueDef = `\s*` + keyDef + `\s*` + keyValueDelimiter + `\s*` + valueDef + `\s*`
-)
-
-var (
-	keyRe      = regexp.MustCompile(`^` + keyDef + `$`)
-	valueRe    = regexp.MustCompile(`^` + valueDef + `$`)
-	propertyRe = regexp.MustCompile(`^(?:\s*` + keyDef + `\s*|` + keyValueDef + `)$`)
 )
 
 var (
@@ -67,7 +56,7 @@ type Property struct {
 //
 // If key is invalid, an error will be returned.
 func NewKeyProperty(key string) (Property, error) {
-	if !keyRe.MatchString(key) {
+	if !validateKey(key) {
 		return newInvalidProperty(), fmt.Errorf("%w: %q", errInvalidKey, key)
 	}
 
@@ -77,14 +66,29 @@ func NewKeyProperty(key string) (Property, error) {
 
 // NewKeyValueProperty returns a new Property for key with value.
 //
-// If key or value are invalid, an error will be returned.
+// The passed key must be compliant with W3C Baggage specification.
+// The passed value must be precent-encoded as defined in W3C Baggage specification.
+//
+// Notice: Consider using [NewKeyValuePropertyRaw] instead
+// that does not require precent-encoding of the value.
 func NewKeyValueProperty(key, value string) (Property, error) {
-	if !keyRe.MatchString(key) {
-		return newInvalidProperty(), fmt.Errorf("%w: %q", errInvalidKey, key)
+	if !validateValue(value) {
+		return newInvalidProperty(), fmt.Errorf("%w: %q", errInvalidValue, value)
 	}
-	if !valueRe.MatchString(value) {
+	decodedValue, err := url.PathUnescape(value)
+	if err != nil {
 		return newInvalidProperty(), fmt.Errorf("%w: %q", errInvalidValue, value)
 	}
+	return NewKeyValuePropertyRaw(key, decodedValue)
+}
+
+// NewKeyValuePropertyRaw returns a new Property for key with value.
+//
+// The passed key must be compliant with W3C Baggage specification.
+func NewKeyValuePropertyRaw(key, value string) (Property, error) {
+	if !validateKey(key) {
+		return newInvalidProperty(), fmt.Errorf("%w: %q", errInvalidKey, key)
+	}
 
 	p := Property{
 		key:      key,
@@ -106,20 +110,11 @@ func parseProperty(property string) (Property, error) {
 		return newInvalidProperty(), nil
 	}
 
-	match := propertyRe.FindStringSubmatch(property)
-	if len(match) != 4 {
+	p, ok := parsePropertyInternal(property)
+	if !ok {
 		return newInvalidProperty(), fmt.Errorf("%w: %q", errInvalidProperty, property)
 	}
 
-	var p Property
-	if match[1] != "" {
-		p.key = match[1]
-	} else {
-		p.key = match[2]
-		p.value = match[3]
-		p.hasValue = true
-	}
-
 	return p, nil
 }
 
@@ -130,12 +125,9 @@ func (p Property) validate() error {
 		return fmt.Errorf("invalid property: %w", err)
 	}
 
-	if !keyRe.MatchString(p.key) {
+	if !validateKey(p.key) {
 		return errFunc(fmt.Errorf("%w: %q", errInvalidKey, p.key))
 	}
-	if p.hasValue && !valueRe.MatchString(p.value) {
-		return errFunc(fmt.Errorf("%w: %q", errInvalidValue, p.value))
-	}
 	if !p.hasValue && p.value != "" {
 		return errFunc(errors.New("inconsistent value"))
 	}
@@ -154,11 +146,11 @@ func (p Property) Value() (string, bool) {
 	return p.value, p.hasValue
 }
 
-// String encodes Property into a string compliant with the W3C Baggage
+// String encodes Property into a header string compliant with the W3C Baggage
 // specification.
 func (p Property) String() string {
 	if p.hasValue {
-		return fmt.Sprintf("%s%s%v", p.key, keyValueDelimiter, p.value)
+		return fmt.Sprintf("%s%s%v", p.key, keyValueDelimiter, valueEscape(p.value))
 	}
 	return p.key
 }
@@ -218,7 +210,7 @@ func (p properties) validate() error {
 	return nil
 }
 
-// String encodes properties into a string compliant with the W3C Baggage
+// String encodes properties into a header string compliant with the W3C Baggage
 // specification.
 func (p properties) String() string {
 	props := make([]string, len(p))
@@ -240,11 +232,28 @@ type Member struct {
 	hasData bool
 }
 
-// NewMember returns a new Member from the passed arguments. The key will be
-// used directly while the value will be url decoded after validation. An error
-// is returned if the created Member would be invalid according to the W3C
-// Baggage specification.
+// NewMemberRaw returns a new Member from the passed arguments.
+//
+// The passed key must be compliant with W3C Baggage specification.
+// The passed value must be precent-encoded as defined in W3C Baggage specification.
+//
+// Notice: Consider using [NewMemberRaw] instead
+// that does not require precent-encoding of the value.
 func NewMember(key, value string, props ...Property) (Member, error) {
+	if !validateValue(value) {
+		return newInvalidMember(), fmt.Errorf("%w: %q", errInvalidValue, value)
+	}
+	decodedValue, err := url.PathUnescape(value)
+	if err != nil {
+		return newInvalidMember(), fmt.Errorf("%w: %q", errInvalidValue, value)
+	}
+	return NewMemberRaw(key, decodedValue, props...)
+}
+
+// NewMemberRaw returns a new Member from the passed arguments.
+//
+// The passed key must be compliant with W3C Baggage specification.
+func NewMemberRaw(key, value string, props ...Property) (Member, error) {
 	m := Member{
 		key:        key,
 		value:      value,
@@ -254,11 +263,6 @@ func NewMember(key, value string, props ...Property) (Member, error) {
 	if err := m.validate(); err != nil {
 		return newInvalidMember(), err
 	}
-	decodedValue, err := url.PathUnescape(value)
-	if err != nil {
-		return newInvalidMember(), fmt.Errorf("%w: %q", errInvalidValue, value)
-	}
-	m.value = decodedValue
 	return m, nil
 }
 
@@ -274,11 +278,7 @@ func parseMember(member string) (Member, error) {
 		return newInvalidMember(), fmt.Errorf("%w: %d", errMemberBytes, n)
 	}
 
-	var (
-		key, value string
-		props      properties
-	)
-
+	var props properties
 	keyValue, properties, found := strings.Cut(member, propertyDelimiter)
 	if found {
 		// Parse the member properties.
@@ -299,36 +299,34 @@ func parseMember(member string) (Member, error) {
 	}
 	// "Leading and trailing whitespaces are allowed but MUST be trimmed
 	// when converting the header into a data structure."
-	key = strings.TrimSpace(k)
-	var err error
-	value, err = url.PathUnescape(strings.TrimSpace(v))
-	if err != nil {
-		return newInvalidMember(), fmt.Errorf("%w: %q", err, value)
-	}
-	if !keyRe.MatchString(key) {
+	key := strings.TrimSpace(k)
+	if !validateKey(key) {
 		return newInvalidMember(), fmt.Errorf("%w: %q", errInvalidKey, key)
 	}
-	if !valueRe.MatchString(value) {
-		return newInvalidMember(), fmt.Errorf("%w: %q", errInvalidValue, value)
+
+	val := strings.TrimSpace(v)
+	if !validateValue(val) {
+		return newInvalidMember(), fmt.Errorf("%w: %q", errInvalidValue, v)
 	}
 
+	// Decode a precent-encoded value.
+	value, err := url.PathUnescape(val)
+	if err != nil {
+		return newInvalidMember(), fmt.Errorf("%w: %v", errInvalidValue, err)
+	}
 	return Member{key: key, value: value, properties: props, hasData: true}, nil
 }
 
 // validate ensures m conforms to the W3C Baggage specification.
-// A key is just an ASCII string, but a value must be URL encoded UTF-8,
-// returning an error otherwise.
+// A key must be an ASCII string, returning an error otherwise.
 func (m Member) validate() error {
 	if !m.hasData {
 		return fmt.Errorf("%w: %q", errInvalidMember, m)
 	}
 
-	if !keyRe.MatchString(m.key) {
+	if !validateKey(m.key) {
 		return fmt.Errorf("%w: %q", errInvalidKey, m.key)
 	}
-	if !valueRe.MatchString(m.value) {
-		return fmt.Errorf("%w: %q", errInvalidValue, m.value)
-	}
 	return m.properties.validate()
 }
 
@@ -341,11 +339,13 @@ func (m Member) Value() string { return m.value }
 // Properties returns a copy of the Member properties.
 func (m Member) Properties() []Property { return m.properties.Copy() }
 
-// String encodes Member into a string compliant with the W3C Baggage
+// String encodes Member into a header string compliant with the W3C Baggage
 // specification.
 func (m Member) String() string {
-	// A key is just an ASCII string, but a value is URL encoded UTF-8.
-	s := fmt.Sprintf("%s%s%s", m.key, keyValueDelimiter, url.QueryEscape(m.value))
+	// A key is just an ASCII string. A value is restricted to be
+	// US-ASCII characters excluding CTLs, whitespace,
+	// DQUOTE, comma, semicolon, and backslash.
+	s := fmt.Sprintf("%s%s%s", m.key, keyValueDelimiter, valueEscape(m.value))
 	if len(m.properties) > 0 {
 		s = fmt.Sprintf("%s%s%s", s, propertyDelimiter, m.properties.String())
 	}
@@ -536,9 +536,8 @@ func (b Baggage) Len() int {
 	return len(b.list)
 }
 
-// String encodes Baggage into a string compliant with the W3C Baggage
-// specification. The returned string will be invalid if the Baggage contains
-// any invalid list-members.
+// String encodes Baggage into a header string compliant with the W3C Baggage
+// specification.
 func (b Baggage) String() string {
 	members := make([]string, 0, len(b.list))
 	for k, v := range b.list {
@@ -550,3 +549,196 @@ func (b Baggage) String() string {
 	}
 	return strings.Join(members, listDelimiter)
 }
+
+// parsePropertyInternal attempts to decode a Property from the passed string.
+// It follows the spec at https://www.w3.org/TR/baggage/#definition.
+func parsePropertyInternal(s string) (p Property, ok bool) {
+	// For the entire function we will use "   key    =    value  " as an example.
+	// Attempting to parse the key.
+	// First skip spaces at the beginning "<   >key    =    value  " (they could be empty).
+	index := skipSpace(s, 0)
+
+	// Parse the key: "   <key>    =    value  ".
+	keyStart := index
+	keyEnd := index
+	for _, c := range s[keyStart:] {
+		if !validateKeyChar(c) {
+			break
+		}
+		keyEnd++
+	}
+
+	// If we couldn't find any valid key character,
+	// it means the key is either empty or invalid.
+	if keyStart == keyEnd {
+		return
+	}
+
+	// Skip spaces after the key: "   key<    >=    value  ".
+	index = skipSpace(s, keyEnd)
+
+	if index == len(s) {
+		// A key can have no value, like: "   key    ".
+		ok = true
+		p.key = s[keyStart:keyEnd]
+		return
+	}
+
+	// If we have not reached the end and we can't find the '=' delimiter,
+	// it means the property is invalid.
+	if s[index] != keyValueDelimiter[0] {
+		return
+	}
+
+	// Attempting to parse the value.
+	// Match: "   key    =<    >value  ".
+	index = skipSpace(s, index+1)
+
+	// Match the value string: "   key    =    <value>  ".
+	// A valid property can be: "   key    =".
+	// Therefore, we don't have to check if the value is empty.
+	valueStart := index
+	valueEnd := index
+	for _, c := range s[valueStart:] {
+		if !validateValueChar(c) {
+			break
+		}
+		valueEnd++
+	}
+
+	// Skip all trailing whitespaces: "   key    =    value<  >".
+	index = skipSpace(s, valueEnd)
+
+	// If after looking for the value and skipping whitespaces
+	// we have not reached the end, it means the property is
+	// invalid, something like: "   key    =    value  value1".
+	if index != len(s) {
+		return
+	}
+
+	// Decode a precent-encoded value.
+	value, err := url.PathUnescape(s[valueStart:valueEnd])
+	if err != nil {
+		return
+	}
+
+	ok = true
+	p.key = s[keyStart:keyEnd]
+	p.hasValue = true
+
+	p.value = value
+	return
+}
+
+func skipSpace(s string, offset int) int {
+	i := offset
+	for ; i < len(s); i++ {
+		c := s[i]
+		if c != ' ' && c != '\t' {
+			break
+		}
+	}
+	return i
+}
+
+func validateKey(s string) bool {
+	if len(s) == 0 {
+		return false
+	}
+
+	for _, c := range s {
+		if !validateKeyChar(c) {
+			return false
+		}
+	}
+
+	return true
+}
+
+func validateKeyChar(c int32) bool {
+	return (c >= 0x23 && c <= 0x27) ||
+		(c >= 0x30 && c <= 0x39) ||
+		(c >= 0x41 && c <= 0x5a) ||
+		(c >= 0x5e && c <= 0x7a) ||
+		c == 0x21 ||
+		c == 0x2a ||
+		c == 0x2b ||
+		c == 0x2d ||
+		c == 0x2e ||
+		c == 0x7c ||
+		c == 0x7e
+}
+
+func validateValue(s string) bool {
+	for _, c := range s {
+		if !validateValueChar(c) {
+			return false
+		}
+	}
+
+	return true
+}
+
+func validateValueChar(c int32) bool {
+	return c == 0x21 ||
+		(c >= 0x23 && c <= 0x2b) ||
+		(c >= 0x2d && c <= 0x3a) ||
+		(c >= 0x3c && c <= 0x5b) ||
+		(c >= 0x5d && c <= 0x7e)
+}
+
+// valueEscape escapes the string so it can be safely placed inside a baggage value,
+// replacing special characters with %XX sequences as needed.
+//
+// The implementation is based on:
+// https://github.com/golang/go/blob/f6509cf5cdbb5787061b784973782933c47f1782/src/net/url/url.go#L285.
+func valueEscape(s string) string {
+	hexCount := 0
+	for i := 0; i < len(s); i++ {
+		c := s[i]
+		if shouldEscape(c) {
+			hexCount++
+		}
+	}
+
+	if hexCount == 0 {
+		return s
+	}
+
+	var buf [64]byte
+	var t []byte
+
+	required := len(s) + 2*hexCount
+	if required <= len(buf) {
+		t = buf[:required]
+	} else {
+		t = make([]byte, required)
+	}
+
+	j := 0
+	for i := 0; i < len(s); i++ {
+		c := s[i]
+		if shouldEscape(s[i]) {
+			const upperhex = "0123456789ABCDEF"
+			t[j] = '%'
+			t[j+1] = upperhex[c>>4]
+			t[j+2] = upperhex[c&15]
+			j += 3
+		} else {
+			t[j] = c
+			j++
+		}
+	}
+
+	return string(t)
+}
+
+// shouldEscape returns true if the specified byte should be escaped when
+// appearing in a baggage value string.
+func shouldEscape(c byte) bool {
+	if c == '%' {
+		// The percent character must be encoded so that percent-encoding can work.
+		return true
+	}
+	return !validateValueChar(int32(c))
+}
diff --git a/vendor/go.opentelemetry.io/otel/doc.go b/vendor/go.opentelemetry.io/otel/doc.go
index daa36c89dc6..36d7c24e88e 100644
--- a/vendor/go.opentelemetry.io/otel/doc.go
+++ b/vendor/go.opentelemetry.io/otel/doc.go
@@ -22,7 +22,7 @@ transmitted anywhere. An implementation of the OpenTelemetry SDK, like the
 default SDK implementation (go.opentelemetry.io/otel/sdk), and associated
 exporters are used to process and transport this data.
 
-To read the getting started guide, see https://opentelemetry.io/docs/go/getting-started/.
+To read the getting started guide, see https://opentelemetry.io/docs/languages/go/getting-started/.
 
 To read more about tracing, see go.opentelemetry.io/otel/trace.
 
diff --git a/vendor/go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp/version.go b/vendor/go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp/version.go
index 59d7c1c2cb9..59d3064ce17 100644
--- a/vendor/go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp/version.go
+++ b/vendor/go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp/version.go
@@ -16,5 +16,5 @@ package otlpmetrichttp // import "go.opentelemetry.io/otel/exporters/otlp/otlpme
 
 // Version is the current release version of the OpenTelemetry OTLP over HTTP/protobuf metrics exporter in use.
 func Version() string {
-	return "0.44.0"
+	return "0.45.0"
 }
diff --git a/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/version.go b/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/version.go
index 8ee285b8d52..3b3bc35911b 100644
--- a/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/version.go
+++ b/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/version.go
@@ -16,5 +16,5 @@ package otlptrace // import "go.opentelemetry.io/otel/exporters/otlp/otlptrace"
 
 // Version is the current release version of the OpenTelemetry OTLP trace exporter in use.
 func Version() string {
-	return "1.21.0"
+	return "1.22.0"
 }
diff --git a/vendor/go.opentelemetry.io/otel/propagation/trace_context.go b/vendor/go.opentelemetry.io/otel/propagation/trace_context.go
index 75a8f3435a5..63e5d62221f 100644
--- a/vendor/go.opentelemetry.io/otel/propagation/trace_context.go
+++ b/vendor/go.opentelemetry.io/otel/propagation/trace_context.go
@@ -18,7 +18,7 @@ import (
 	"context"
 	"encoding/hex"
 	"fmt"
-	"regexp"
+	"strings"
 
 	"go.opentelemetry.io/otel/trace"
 )
@@ -28,6 +28,7 @@ const (
 	maxVersion        = 254
 	traceparentHeader = "traceparent"
 	tracestateHeader  = "tracestate"
+	delimiter         = "-"
 )
 
 // TraceContext is a propagator that supports the W3C Trace Context format
@@ -41,8 +42,8 @@ const (
 type TraceContext struct{}
 
 var (
-	_              TextMapPropagator = TraceContext{}
-	traceCtxRegExp                   = regexp.MustCompile("^(?P<version>[0-9a-f]{2})-(?P<traceID>[a-f0-9]{32})-(?P<spanID>[a-f0-9]{16})-(?P<traceFlags>[a-f0-9]{2})(?:-.*)?$")
+	_           TextMapPropagator = TraceContext{}
+	versionPart                   = fmt.Sprintf("%.2X", supportedVersion)
 )
 
 // Inject set tracecontext from the Context into the carrier.
@@ -59,12 +60,19 @@ func (tc TraceContext) Inject(ctx context.Context, carrier TextMapCarrier) {
 	// Clear all flags other than the trace-context supported sampling bit.
 	flags := sc.TraceFlags() & trace.FlagsSampled
 
-	h := fmt.Sprintf("%.2x-%s-%s-%s",
-		supportedVersion,
-		sc.TraceID(),
-		sc.SpanID(),
-		flags)
-	carrier.Set(traceparentHeader, h)
+	var sb strings.Builder
+	sb.Grow(2 + 32 + 16 + 2 + 3)
+	_, _ = sb.WriteString(versionPart)
+	traceID := sc.TraceID()
+	spanID := sc.SpanID()
+	flagByte := [1]byte{byte(flags)}
+	var buf [32]byte
+	for _, src := range [][]byte{traceID[:], spanID[:], flagByte[:]} {
+		_ = sb.WriteByte(delimiter[0])
+		n := hex.Encode(buf[:], src)
+		_, _ = sb.Write(buf[:n])
+	}
+	carrier.Set(traceparentHeader, sb.String())
 }
 
 // Extract reads tracecontext from the carrier into a returned Context.
@@ -86,21 +94,8 @@ func (tc TraceContext) extract(carrier TextMapCarrier) trace.SpanContext {
 		return trace.SpanContext{}
 	}
 
-	matches := traceCtxRegExp.FindStringSubmatch(h)
-
-	if len(matches) == 0 {
-		return trace.SpanContext{}
-	}
-
-	if len(matches) < 5 { // four subgroups plus the overall match
-		return trace.SpanContext{}
-	}
-
-	if len(matches[1]) != 2 {
-		return trace.SpanContext{}
-	}
-	ver, err := hex.DecodeString(matches[1])
-	if err != nil {
+	var ver [1]byte
+	if !extractPart(ver[:], &h, 2) {
 		return trace.SpanContext{}
 	}
 	version := int(ver[0])
@@ -108,36 +103,24 @@ func (tc TraceContext) extract(carrier TextMapCarrier) trace.SpanContext {
 		return trace.SpanContext{}
 	}
 
-	if version == 0 && len(matches) != 5 { // four subgroups plus the overall match
-		return trace.SpanContext{}
-	}
-
-	if len(matches[2]) != 32 {
-		return trace.SpanContext{}
-	}
-
 	var scc trace.SpanContextConfig
-
-	scc.TraceID, err = trace.TraceIDFromHex(matches[2][:32])
-	if err != nil {
+	if !extractPart(scc.TraceID[:], &h, 32) {
 		return trace.SpanContext{}
 	}
-
-	if len(matches[3]) != 16 {
-		return trace.SpanContext{}
-	}
-	scc.SpanID, err = trace.SpanIDFromHex(matches[3])
-	if err != nil {
+	if !extractPart(scc.SpanID[:], &h, 16) {
 		return trace.SpanContext{}
 	}
 
-	if len(matches[4]) != 2 {
+	var opts [1]byte
+	if !extractPart(opts[:], &h, 2) {
 		return trace.SpanContext{}
 	}
-	opts, err := hex.DecodeString(matches[4])
-	if err != nil || len(opts) < 1 || (version == 0 && opts[0] > 2) {
+	if version == 0 && (h != "" || opts[0] > 2) {
+		// version 0 not allow extra
+		// version 0 not allow other flag
 		return trace.SpanContext{}
 	}
+
 	// Clear all flags other than the trace-context supported sampling bit.
 	scc.TraceFlags = trace.TraceFlags(opts[0]) & trace.FlagsSampled
 
@@ -155,6 +138,29 @@ func (tc TraceContext) extract(carrier TextMapCarrier) trace.SpanContext {
 	return sc
 }
 
+// upperHex detect hex is upper case Unicode characters.
+func upperHex(v string) bool {
+	for _, c := range v {
+		if c >= 'A' && c <= 'F' {
+			return true
+		}
+	}
+	return false
+}
+
+func extractPart(dst []byte, h *string, n int) bool {
+	part, left, _ := strings.Cut(*h, delimiter)
+	*h = left
+	// hex.Decode decodes unsupported upper-case characters, so exclude explicitly.
+	if len(part) != n || upperHex(part) {
+		return false
+	}
+	if p, err := hex.Decode(dst, []byte(part)); err != nil || p != n/2 {
+		return false
+	}
+	return true
+}
+
 // Fields returns the keys who's values are set with Inject.
 func (tc TraceContext) Fields() []string {
 	return []string{traceparentHeader, tracestateHeader}
diff --git a/vendor/go.opentelemetry.io/otel/sdk/metric/EXPERIMENTAL.md b/vendor/go.opentelemetry.io/otel/sdk/metric/EXPERIMENTAL.md
new file mode 100644
index 00000000000..d2a5a0470b6
--- /dev/null
+++ b/vendor/go.opentelemetry.io/otel/sdk/metric/EXPERIMENTAL.md
@@ -0,0 +1,50 @@
+# Experimental Features
+
+The metric SDK contains features that have not yet stabilized in the OpenTelemetry specification.
+These features are added to the OpenTelemetry Go metric SDK prior to stabilization in the specification so that users can start experimenting with them and provide feedback.
+
+These feature may change in backwards incompatible ways as feedback is applied.
+See the [Compatibility and Stability](#compatibility-and-stability) section for more information.
+
+## Features
+
+- [Cardinality Limit](#cardinality-limit)
+
+### Cardinality Limit
+
+The cardinality limit is the hard limit on the number of metric streams that can be collected for a single instrument.
+
+This experimental feature can be enabled by setting the `OTEL_GO_X_CARDINALITY_LIMIT` environment value.
+The value must be an integer value.
+All other values are ignored.
+
+If the value set is less than or equal to `0`, no limit will be applied.
+
+#### Examples
+
+Set the cardinality limit to 2000.
+
+```console
+export OTEL_GO_X_CARDINALITY_LIMIT=2000
+```
+
+Set an infinite cardinality limit (functionally equivalent to disabling the feature).
+
+```console
+export OTEL_GO_X_CARDINALITY_LIMIT=-1
+```
+
+Disable the cardinality limit.
+
+```console
+unset OTEL_GO_X_CARDINALITY_LIMIT
+```
+
+## Compatibility and Stability
+
+Experimental features do not fall within the scope of the OpenTelemetry Go versioning and stability [policy](../../VERSIONING.md).
+These features may be removed or modified in successive version releases, including patch versions.
+
+When an experimental feature is promoted to a stable feature, a migration path will be included in the changelog entry of the release.
+There is no guarantee that any environment variable feature flags that enabled the experimental feature will be supported by the stable version.
+If they are supported, they may be accompanied with a deprecation notice stating a timeline for the removal of that support.
diff --git a/vendor/go.opentelemetry.io/otel/sdk/metric/instrument.go b/vendor/go.opentelemetry.io/otel/sdk/metric/instrument.go
index bb52f6ec717..a4cfcbb95f1 100644
--- a/vendor/go.opentelemetry.io/otel/sdk/metric/instrument.go
+++ b/vendor/go.opentelemetry.io/otel/sdk/metric/instrument.go
@@ -205,9 +205,6 @@ func (i *int64Inst) Record(ctx context.Context, val int64, opts ...metric.Record
 }
 
 func (i *int64Inst) aggregate(ctx context.Context, val int64, s attribute.Set) { // nolint:revive  // okay to shadow pkg with method.
-	if err := ctx.Err(); err != nil {
-		return
-	}
 	for _, in := range i.measures {
 		in(ctx, val, s)
 	}
@@ -238,9 +235,6 @@ func (i *float64Inst) Record(ctx context.Context, val float64, opts ...metric.Re
 }
 
 func (i *float64Inst) aggregate(ctx context.Context, val float64, s attribute.Set) {
-	if err := ctx.Err(); err != nil {
-		return
-	}
 	for _, in := range i.measures {
 		in(ctx, val, s)
 	}
@@ -270,9 +264,9 @@ var (
 	_ metric.Float64ObservableGauge         = float64Observable{}
 )
 
-func newFloat64Observable(m *meter, kind InstrumentKind, name, desc, u string, meas []aggregate.Measure[float64]) float64Observable {
+func newFloat64Observable(m *meter, kind InstrumentKind, name, desc, u string) float64Observable {
 	return float64Observable{
-		observable: newObservable(m, kind, name, desc, u, meas),
+		observable: newObservable[float64](m, kind, name, desc, u),
 	}
 }
 
@@ -291,9 +285,9 @@ var (
 	_ metric.Int64ObservableGauge         = int64Observable{}
 )
 
-func newInt64Observable(m *meter, kind InstrumentKind, name, desc, u string, meas []aggregate.Measure[int64]) int64Observable {
+func newInt64Observable(m *meter, kind InstrumentKind, name, desc, u string) int64Observable {
 	return int64Observable{
-		observable: newObservable(m, kind, name, desc, u, meas),
+		observable: newObservable[int64](m, kind, name, desc, u),
 	}
 }
 
@@ -301,11 +295,12 @@ type observable[N int64 | float64] struct {
 	metric.Observable
 	observablID[N]
 
-	meter    *meter
-	measures []aggregate.Measure[N]
+	meter           *meter
+	measures        measures[N]
+	dropAggregation bool
 }
 
-func newObservable[N int64 | float64](m *meter, kind InstrumentKind, name, desc, u string, meas []aggregate.Measure[N]) *observable[N] {
+func newObservable[N int64 | float64](m *meter, kind InstrumentKind, name, desc, u string) *observable[N] {
 	return &observable[N]{
 		observablID: observablID[N]{
 			name:        name,
@@ -314,14 +309,24 @@ func newObservable[N int64 | float64](m *meter, kind InstrumentKind, name, desc,
 			unit:        u,
 			scope:       m.scope,
 		},
-		meter:    m,
-		measures: meas,
+		meter: m,
 	}
 }
 
 // observe records the val for the set of attrs.
 func (o *observable[N]) observe(val N, s attribute.Set) {
-	for _, in := range o.measures {
+	o.measures.observe(val, s)
+}
+
+func (o *observable[N]) appendMeasures(meas []aggregate.Measure[N]) {
+	o.measures = append(o.measures, meas...)
+}
+
+type measures[N int64 | float64] []aggregate.Measure[N]
+
+// observe records the val for the set of attrs.
+func (m measures[N]) observe(val N, s attribute.Set) {
+	for _, in := range m {
 		in(context.Background(), val, s)
 	}
 }
diff --git a/vendor/go.opentelemetry.io/otel/sdk/metric/internal/aggregate/aggregate.go b/vendor/go.opentelemetry.io/otel/sdk/metric/internal/aggregate/aggregate.go
index 8dec14237b9..c61f8513789 100644
--- a/vendor/go.opentelemetry.io/otel/sdk/metric/internal/aggregate/aggregate.go
+++ b/vendor/go.opentelemetry.io/otel/sdk/metric/internal/aggregate/aggregate.go
@@ -44,6 +44,14 @@ type Builder[N int64 | float64] struct {
 	// Filter is the attribute filter the aggregate function will use on the
 	// input of measurements.
 	Filter attribute.Filter
+	// AggregationLimit is the cardinality limit of measurement attributes. Any
+	// measurement for new attributes once the limit has been reached will be
+	// aggregated into a single aggregate for the "otel.metric.overflow"
+	// attribute.
+	//
+	// If AggregationLimit is less than or equal to zero there will not be an
+	// aggregation limit imposed (i.e. unlimited attribute sets).
+	AggregationLimit int
 }
 
 func (b Builder[N]) filter(f Measure[N]) Measure[N] {
@@ -63,7 +71,7 @@ func (b Builder[N]) filter(f Measure[N]) Measure[N] {
 func (b Builder[N]) LastValue() (Measure[N], ComputeAggregation) {
 	// Delta temporality is the only temporality that makes semantic sense for
 	// a last-value aggregate.
-	lv := newLastValue[N]()
+	lv := newLastValue[N](b.AggregationLimit)
 
 	return b.filter(lv.measure), func(dest *metricdata.Aggregation) int {
 		// Ignore if dest is not a metricdata.Gauge. The chance for memory
@@ -79,7 +87,7 @@ func (b Builder[N]) LastValue() (Measure[N], ComputeAggregation) {
 // PrecomputedSum returns a sum aggregate function input and output. The
 // arguments passed to the input are expected to be the precomputed sum values.
 func (b Builder[N]) PrecomputedSum(monotonic bool) (Measure[N], ComputeAggregation) {
-	s := newPrecomputedSum[N](monotonic)
+	s := newPrecomputedSum[N](monotonic, b.AggregationLimit)
 	switch b.Temporality {
 	case metricdata.DeltaTemporality:
 		return b.filter(s.measure), s.delta
@@ -90,7 +98,7 @@ func (b Builder[N]) PrecomputedSum(monotonic bool) (Measure[N], ComputeAggregati
 
 // Sum returns a sum aggregate function input and output.
 func (b Builder[N]) Sum(monotonic bool) (Measure[N], ComputeAggregation) {
-	s := newSum[N](monotonic)
+	s := newSum[N](monotonic, b.AggregationLimit)
 	switch b.Temporality {
 	case metricdata.DeltaTemporality:
 		return b.filter(s.measure), s.delta
@@ -102,7 +110,7 @@ func (b Builder[N]) Sum(monotonic bool) (Measure[N], ComputeAggregation) {
 // ExplicitBucketHistogram returns a histogram aggregate function input and
 // output.
 func (b Builder[N]) ExplicitBucketHistogram(boundaries []float64, noMinMax, noSum bool) (Measure[N], ComputeAggregation) {
-	h := newHistogram[N](boundaries, noMinMax, noSum)
+	h := newHistogram[N](boundaries, noMinMax, noSum, b.AggregationLimit)
 	switch b.Temporality {
 	case metricdata.DeltaTemporality:
 		return b.filter(h.measure), h.delta
@@ -114,7 +122,7 @@ func (b Builder[N]) ExplicitBucketHistogram(boundaries []float64, noMinMax, noSu
 // ExponentialBucketHistogram returns a histogram aggregate function input and
 // output.
 func (b Builder[N]) ExponentialBucketHistogram(maxSize, maxScale int32, noMinMax, noSum bool) (Measure[N], ComputeAggregation) {
-	h := newExponentialHistogram[N](maxSize, maxScale, noMinMax, noSum)
+	h := newExponentialHistogram[N](maxSize, maxScale, noMinMax, noSum, b.AggregationLimit)
 	switch b.Temporality {
 	case metricdata.DeltaTemporality:
 		return b.filter(h.measure), h.delta
diff --git a/vendor/go.opentelemetry.io/otel/sdk/metric/internal/aggregate/exponential_histogram.go b/vendor/go.opentelemetry.io/otel/sdk/metric/internal/aggregate/exponential_histogram.go
index 98b7dc1e0fa..e9c25980aa2 100644
--- a/vendor/go.opentelemetry.io/otel/sdk/metric/internal/aggregate/exponential_histogram.go
+++ b/vendor/go.opentelemetry.io/otel/sdk/metric/internal/aggregate/exponential_histogram.go
@@ -288,13 +288,14 @@ func (b *expoBuckets) downscale(delta int) {
 // newExponentialHistogram returns an Aggregator that summarizes a set of
 // measurements as an exponential histogram. Each histogram is scoped by attributes
 // and the aggregation cycle the measurements were made in.
-func newExponentialHistogram[N int64 | float64](maxSize, maxScale int32, noMinMax, noSum bool) *expoHistogram[N] {
+func newExponentialHistogram[N int64 | float64](maxSize, maxScale int32, noMinMax, noSum bool, limit int) *expoHistogram[N] {
 	return &expoHistogram[N]{
 		noSum:    noSum,
 		noMinMax: noMinMax,
 		maxSize:  int(maxSize),
 		maxScale: int(maxScale),
 
+		limit:  newLimiter[*expoHistogramDataPoint[N]](limit),
 		values: make(map[attribute.Set]*expoHistogramDataPoint[N]),
 
 		start: now(),
@@ -309,6 +310,7 @@ type expoHistogram[N int64 | float64] struct {
 	maxSize  int
 	maxScale int
 
+	limit    limiter[*expoHistogramDataPoint[N]]
 	values   map[attribute.Set]*expoHistogramDataPoint[N]
 	valuesMu sync.Mutex
 
@@ -324,6 +326,7 @@ func (e *expoHistogram[N]) measure(_ context.Context, value N, attr attribute.Se
 	e.valuesMu.Lock()
 	defer e.valuesMu.Unlock()
 
+	attr = e.limit.Attributes(attr, e.values)
 	v, ok := e.values[attr]
 	if !ok {
 		v = newExpoHistogramDataPoint[N](e.maxSize, e.maxScale, e.noMinMax, e.noSum)
diff --git a/vendor/go.opentelemetry.io/otel/sdk/metric/internal/aggregate/histogram.go b/vendor/go.opentelemetry.io/otel/sdk/metric/internal/aggregate/histogram.go
index 62ec51e1f5e..5d886360bae 100644
--- a/vendor/go.opentelemetry.io/otel/sdk/metric/internal/aggregate/histogram.go
+++ b/vendor/go.opentelemetry.io/otel/sdk/metric/internal/aggregate/histogram.go
@@ -54,11 +54,12 @@ type histValues[N int64 | float64] struct {
 	noSum  bool
 	bounds []float64
 
+	limit    limiter[*buckets[N]]
 	values   map[attribute.Set]*buckets[N]
 	valuesMu sync.Mutex
 }
 
-func newHistValues[N int64 | float64](bounds []float64, noSum bool) *histValues[N] {
+func newHistValues[N int64 | float64](bounds []float64, noSum bool, limit int) *histValues[N] {
 	// The responsibility of keeping all buckets correctly associated with the
 	// passed boundaries is ultimately this type's responsibility. Make a copy
 	// here so we can always guarantee this. Or, in the case of failure, have
@@ -69,6 +70,7 @@ func newHistValues[N int64 | float64](bounds []float64, noSum bool) *histValues[
 	return &histValues[N]{
 		noSum:  noSum,
 		bounds: b,
+		limit:  newLimiter[*buckets[N]](limit),
 		values: make(map[attribute.Set]*buckets[N]),
 	}
 }
@@ -86,6 +88,7 @@ func (s *histValues[N]) measure(_ context.Context, value N, attr attribute.Set)
 	s.valuesMu.Lock()
 	defer s.valuesMu.Unlock()
 
+	attr = s.limit.Attributes(attr, s.values)
 	b, ok := s.values[attr]
 	if !ok {
 		// N+1 buckets. For example:
@@ -108,9 +111,9 @@ func (s *histValues[N]) measure(_ context.Context, value N, attr attribute.Set)
 
 // newHistogram returns an Aggregator that summarizes a set of measurements as
 // an histogram.
-func newHistogram[N int64 | float64](boundaries []float64, noMinMax, noSum bool) *histogram[N] {
+func newHistogram[N int64 | float64](boundaries []float64, noMinMax, noSum bool, limit int) *histogram[N] {
 	return &histogram[N]{
-		histValues: newHistValues[N](boundaries, noSum),
+		histValues: newHistValues[N](boundaries, noSum, limit),
 		noMinMax:   noMinMax,
 		start:      now(),
 	}
diff --git a/vendor/go.opentelemetry.io/otel/sdk/metric/internal/aggregate/lastvalue.go b/vendor/go.opentelemetry.io/otel/sdk/metric/internal/aggregate/lastvalue.go
index 6af2d606141..b79e80a0c8d 100644
--- a/vendor/go.opentelemetry.io/otel/sdk/metric/internal/aggregate/lastvalue.go
+++ b/vendor/go.opentelemetry.io/otel/sdk/metric/internal/aggregate/lastvalue.go
@@ -29,20 +29,25 @@ type datapoint[N int64 | float64] struct {
 	value     N
 }
 
-func newLastValue[N int64 | float64]() *lastValue[N] {
-	return &lastValue[N]{values: make(map[attribute.Set]datapoint[N])}
+func newLastValue[N int64 | float64](limit int) *lastValue[N] {
+	return &lastValue[N]{
+		limit:  newLimiter[datapoint[N]](limit),
+		values: make(map[attribute.Set]datapoint[N]),
+	}
 }
 
 // lastValue summarizes a set of measurements as the last one made.
 type lastValue[N int64 | float64] struct {
 	sync.Mutex
 
+	limit  limiter[datapoint[N]]
 	values map[attribute.Set]datapoint[N]
 }
 
 func (s *lastValue[N]) measure(ctx context.Context, value N, attr attribute.Set) {
 	d := datapoint[N]{timestamp: now(), value: value}
 	s.Lock()
+	attr = s.limit.Attributes(attr, s.values)
 	s.values[attr] = d
 	s.Unlock()
 }
diff --git a/vendor/go.opentelemetry.io/otel/sdk/metric/internal/aggregate/limit.go b/vendor/go.opentelemetry.io/otel/sdk/metric/internal/aggregate/limit.go
new file mode 100644
index 00000000000..d3de8427200
--- /dev/null
+++ b/vendor/go.opentelemetry.io/otel/sdk/metric/internal/aggregate/limit.go
@@ -0,0 +1,53 @@
+// Copyright The OpenTelemetry Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package aggregate // import "go.opentelemetry.io/otel/sdk/metric/internal/aggregate"
+
+import "go.opentelemetry.io/otel/attribute"
+
+// overflowSet is the attribute set used to record a measurement when adding
+// another distinct attribute set to the aggregate would exceed the aggregate
+// limit.
+var overflowSet = attribute.NewSet(attribute.Bool("otel.metric.overflow", true))
+
+// limiter limits aggregate values.
+type limiter[V any] struct {
+	// aggLimit is the maximum number of metric streams that can be aggregated.
+	//
+	// Any metric stream with attributes distinct from any set already
+	// aggregated once the aggLimit will be meet will instead be aggregated
+	// into an "overflow" metric stream. That stream will only contain the
+	// "otel.metric.overflow"=true attribute.
+	aggLimit int
+}
+
+// newLimiter returns a new Limiter with the provided aggregation limit.
+func newLimiter[V any](aggregation int) limiter[V] {
+	return limiter[V]{aggLimit: aggregation}
+}
+
+// Attributes checks if adding a measurement for attrs will exceed the
+// aggregation cardinality limit for the existing measurements. If it will,
+// overflowSet is returned. Otherwise, if it will not exceed the limit, or the
+// limit is not set (limit <= 0), attr is returned.
+func (l limiter[V]) Attributes(attrs attribute.Set, measurements map[attribute.Set]V) attribute.Set {
+	if l.aggLimit > 0 {
+		_, exists := measurements[attrs]
+		if !exists && len(measurements) >= l.aggLimit-1 {
+			return overflowSet
+		}
+	}
+
+	return attrs
+}
diff --git a/vendor/go.opentelemetry.io/otel/sdk/metric/internal/aggregate/sum.go b/vendor/go.opentelemetry.io/otel/sdk/metric/internal/aggregate/sum.go
index 1e52ff0d1e5..a0d26e1ddb9 100644
--- a/vendor/go.opentelemetry.io/otel/sdk/metric/internal/aggregate/sum.go
+++ b/vendor/go.opentelemetry.io/otel/sdk/metric/internal/aggregate/sum.go
@@ -26,15 +26,20 @@ import (
 // valueMap is the storage for sums.
 type valueMap[N int64 | float64] struct {
 	sync.Mutex
+	limit  limiter[N]
 	values map[attribute.Set]N
 }
 
-func newValueMap[N int64 | float64]() *valueMap[N] {
-	return &valueMap[N]{values: make(map[attribute.Set]N)}
+func newValueMap[N int64 | float64](limit int) *valueMap[N] {
+	return &valueMap[N]{
+		limit:  newLimiter[N](limit),
+		values: make(map[attribute.Set]N),
+	}
 }
 
 func (s *valueMap[N]) measure(_ context.Context, value N, attr attribute.Set) {
 	s.Lock()
+	attr = s.limit.Attributes(attr, s.values)
 	s.values[attr] += value
 	s.Unlock()
 }
@@ -42,9 +47,9 @@ func (s *valueMap[N]) measure(_ context.Context, value N, attr attribute.Set) {
 // newSum returns an aggregator that summarizes a set of measurements as their
 // arithmetic sum. Each sum is scoped by attributes and the aggregation cycle
 // the measurements were made in.
-func newSum[N int64 | float64](monotonic bool) *sum[N] {
+func newSum[N int64 | float64](monotonic bool, limit int) *sum[N] {
 	return &sum[N]{
-		valueMap:  newValueMap[N](),
+		valueMap:  newValueMap[N](limit),
 		monotonic: monotonic,
 		start:     now(),
 	}
@@ -129,9 +134,9 @@ func (s *sum[N]) cumulative(dest *metricdata.Aggregation) int {
 // newPrecomputedSum returns an aggregator that summarizes a set of
 // observatrions as their arithmetic sum. Each sum is scoped by attributes and
 // the aggregation cycle the measurements were made in.
-func newPrecomputedSum[N int64 | float64](monotonic bool) *precomputedSum[N] {
+func newPrecomputedSum[N int64 | float64](monotonic bool, limit int) *precomputedSum[N] {
 	return &precomputedSum[N]{
-		valueMap:  newValueMap[N](),
+		valueMap:  newValueMap[N](limit),
 		monotonic: monotonic,
 		start:     now(),
 	}
diff --git a/vendor/go.opentelemetry.io/otel/sdk/metric/internal/x/x.go b/vendor/go.opentelemetry.io/otel/sdk/metric/internal/x/x.go
new file mode 100644
index 00000000000..541160f9423
--- /dev/null
+++ b/vendor/go.opentelemetry.io/otel/sdk/metric/internal/x/x.go
@@ -0,0 +1,96 @@
+// Copyright The OpenTelemetry Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Package x contains support for OTel metric SDK experimental features.
+//
+// This package should only be used for features defined in the specification.
+// It should not be used for experiments or new project ideas.
+package x // import "go.opentelemetry.io/otel/sdk/metric/internal/x"
+
+import (
+	"os"
+	"strconv"
+	"strings"
+)
+
+var (
+	// Exemplars is an experimental feature flag that defines if exemplars
+	// should be recorded for metric data-points.
+	//
+	// To enable this feature set the OTEL_GO_X_EXEMPLAR environment variable
+	// to the case-insensitive string value of "true" (i.e. "True" and "TRUE"
+	// will also enable this).
+	Exemplars = newFeature("EXEMPLAR", func(v string) (string, bool) {
+		if strings.ToLower(v) == "true" {
+			return v, true
+		}
+		return "", false
+	})
+
+	// CardinalityLimit is an experimental feature flag that defines if
+	// cardinality limits should be applied to the recorded metric data-points.
+	//
+	// To enable this feature set the OTEL_GO_X_CARDINALITY_LIMIT environment
+	// variable to the integer limit value you want to use.
+	//
+	// Setting OTEL_GO_X_CARDINALITY_LIMIT to a value less than or equal to 0
+	// will disable the cardinality limits.
+	CardinalityLimit = newFeature("CARDINALITY_LIMIT", func(v string) (int, bool) {
+		n, err := strconv.Atoi(v)
+		if err != nil {
+			return 0, false
+		}
+		return n, true
+	})
+)
+
+// Feature is an experimental feature control flag. It provides a uniform way
+// to interact with these feature flags and parse their values.
+type Feature[T any] struct {
+	key   string
+	parse func(v string) (T, bool)
+}
+
+func newFeature[T any](suffix string, parse func(string) (T, bool)) Feature[T] {
+	const envKeyRoot = "OTEL_GO_X_"
+	return Feature[T]{
+		key:   envKeyRoot + suffix,
+		parse: parse,
+	}
+}
+
+// Key returns the environment variable key that needs to be set to enable the
+// feature.
+func (f Feature[T]) Key() string { return f.key }
+
+// Lookup returns the user configured value for the feature and true if the
+// user has enabled the feature. Otherwise, if the feature is not enabled, a
+// zero-value and false are returned.
+func (f Feature[T]) Lookup() (v T, ok bool) {
+	// https://github.com/open-telemetry/opentelemetry-specification/blob/62effed618589a0bec416a87e559c0a9d96289bb/specification/configuration/sdk-environment-variables.md#parsing-empty-value
+	//
+	// > The SDK MUST interpret an empty value of an environment variable the
+	// > same way as when the variable is unset.
+	vRaw := os.Getenv(f.key)
+	if vRaw == "" {
+		return v, ok
+	}
+	return f.parse(vRaw)
+}
+
+// Enabled returns if the feature is enabled.
+func (f Feature[T]) Enabled() bool {
+	_, ok := f.Lookup()
+	return ok
+}
diff --git a/vendor/go.opentelemetry.io/otel/sdk/metric/meter.go b/vendor/go.opentelemetry.io/otel/sdk/metric/meter.go
index 7f51ec512ad..76f1e70a3d1 100644
--- a/vendor/go.opentelemetry.io/otel/sdk/metric/meter.go
+++ b/vendor/go.opentelemetry.io/otel/sdk/metric/meter.go
@@ -23,6 +23,7 @@ import (
 	"go.opentelemetry.io/otel/metric"
 	"go.opentelemetry.io/otel/metric/embedded"
 	"go.opentelemetry.io/otel/sdk/instrumentation"
+
 	"go.opentelemetry.io/otel/sdk/metric/internal/aggregate"
 )
 
@@ -104,20 +105,45 @@ func (m *meter) Int64Histogram(name string, options ...metric.Int64HistogramOpti
 	return i, validateInstrumentName(name)
 }
 
+// int64ObservableInstrument returns a new observable identified by the Instrument.
+// It registers callbacks for each reader's pipeline.
+func (m *meter) int64ObservableInstrument(id Instrument, callbacks []metric.Int64Callback) (int64Observable, error) {
+	inst := newInt64Observable(m, id.Kind, id.Name, id.Description, id.Unit)
+	for _, insert := range m.int64Resolver.inserters {
+		// Connect the measure functions for instruments in this pipeline with the
+		// callbacks for this pipeline.
+		in, err := insert.Instrument(id, insert.readerDefaultAggregation(id.Kind))
+		if err != nil {
+			return inst, err
+		}
+		// Drop aggregation
+		if len(in) == 0 {
+			inst.dropAggregation = true
+			continue
+		}
+		inst.appendMeasures(in)
+		for _, cback := range callbacks {
+			inst := int64Observer{measures: in}
+			insert.addCallback(func(ctx context.Context) error { return cback(ctx, inst) })
+		}
+	}
+	return inst, validateInstrumentName(id.Name)
+}
+
 // Int64ObservableCounter returns a new instrument identified by name and
 // configured with options. The instrument is used to asynchronously record
 // increasing int64 measurements once per a measurement collection cycle.
 // Only the measurements recorded during the collection cycle are exported.
 func (m *meter) Int64ObservableCounter(name string, options ...metric.Int64ObservableCounterOption) (metric.Int64ObservableCounter, error) {
 	cfg := metric.NewInt64ObservableCounterConfig(options...)
-	const kind = InstrumentKindObservableCounter
-	p := int64ObservProvider{m}
-	inst, err := p.lookup(kind, name, cfg.Description(), cfg.Unit())
-	if err != nil {
-		return nil, err
+	id := Instrument{
+		Name:        name,
+		Description: cfg.Description(),
+		Unit:        cfg.Unit(),
+		Kind:        InstrumentKindObservableCounter,
+		Scope:       m.scope,
 	}
-	p.registerCallbacks(inst, cfg.Callbacks())
-	return inst, validateInstrumentName(name)
+	return m.int64ObservableInstrument(id, cfg.Callbacks())
 }
 
 // Int64ObservableUpDownCounter returns a new instrument identified by name and
@@ -126,14 +152,14 @@ func (m *meter) Int64ObservableCounter(name string, options ...metric.Int64Obser
 // measurements recorded during the collection cycle are exported.
 func (m *meter) Int64ObservableUpDownCounter(name string, options ...metric.Int64ObservableUpDownCounterOption) (metric.Int64ObservableUpDownCounter, error) {
 	cfg := metric.NewInt64ObservableUpDownCounterConfig(options...)
-	const kind = InstrumentKindObservableUpDownCounter
-	p := int64ObservProvider{m}
-	inst, err := p.lookup(kind, name, cfg.Description(), cfg.Unit())
-	if err != nil {
-		return nil, err
+	id := Instrument{
+		Name:        name,
+		Description: cfg.Description(),
+		Unit:        cfg.Unit(),
+		Kind:        InstrumentKindObservableUpDownCounter,
+		Scope:       m.scope,
 	}
-	p.registerCallbacks(inst, cfg.Callbacks())
-	return inst, validateInstrumentName(name)
+	return m.int64ObservableInstrument(id, cfg.Callbacks())
 }
 
 // Int64ObservableGauge returns a new instrument identified by name and
@@ -142,14 +168,14 @@ func (m *meter) Int64ObservableUpDownCounter(name string, options ...metric.Int6
 // Only the measurements recorded during the collection cycle are exported.
 func (m *meter) Int64ObservableGauge(name string, options ...metric.Int64ObservableGaugeOption) (metric.Int64ObservableGauge, error) {
 	cfg := metric.NewInt64ObservableGaugeConfig(options...)
-	const kind = InstrumentKindObservableGauge
-	p := int64ObservProvider{m}
-	inst, err := p.lookup(kind, name, cfg.Description(), cfg.Unit())
-	if err != nil {
-		return nil, err
+	id := Instrument{
+		Name:        name,
+		Description: cfg.Description(),
+		Unit:        cfg.Unit(),
+		Kind:        InstrumentKindObservableGauge,
+		Scope:       m.scope,
 	}
-	p.registerCallbacks(inst, cfg.Callbacks())
-	return inst, validateInstrumentName(name)
+	return m.int64ObservableInstrument(id, cfg.Callbacks())
 }
 
 // Float64Counter returns a new instrument identified by name and configured
@@ -196,20 +222,45 @@ func (m *meter) Float64Histogram(name string, options ...metric.Float64Histogram
 	return i, validateInstrumentName(name)
 }
 
+// float64ObservableInstrument returns a new observable identified by the Instrument.
+// It registers callbacks for each reader's pipeline.
+func (m *meter) float64ObservableInstrument(id Instrument, callbacks []metric.Float64Callback) (float64Observable, error) {
+	inst := newFloat64Observable(m, id.Kind, id.Name, id.Description, id.Unit)
+	for _, insert := range m.float64Resolver.inserters {
+		// Connect the measure functions for instruments in this pipeline with the
+		// callbacks for this pipeline.
+		in, err := insert.Instrument(id, insert.readerDefaultAggregation(id.Kind))
+		if err != nil {
+			return inst, err
+		}
+		// Drop aggregation
+		if len(in) == 0 {
+			inst.dropAggregation = true
+			continue
+		}
+		inst.appendMeasures(in)
+		for _, cback := range callbacks {
+			inst := float64Observer{measures: in}
+			insert.addCallback(func(ctx context.Context) error { return cback(ctx, inst) })
+		}
+	}
+	return inst, validateInstrumentName(id.Name)
+}
+
 // Float64ObservableCounter returns a new instrument identified by name and
 // configured with options. The instrument is used to asynchronously record
 // increasing float64 measurements once per a measurement collection cycle.
 // Only the measurements recorded during the collection cycle are exported.
 func (m *meter) Float64ObservableCounter(name string, options ...metric.Float64ObservableCounterOption) (metric.Float64ObservableCounter, error) {
 	cfg := metric.NewFloat64ObservableCounterConfig(options...)
-	const kind = InstrumentKindObservableCounter
-	p := float64ObservProvider{m}
-	inst, err := p.lookup(kind, name, cfg.Description(), cfg.Unit())
-	if err != nil {
-		return nil, err
+	id := Instrument{
+		Name:        name,
+		Description: cfg.Description(),
+		Unit:        cfg.Unit(),
+		Kind:        InstrumentKindObservableCounter,
+		Scope:       m.scope,
 	}
-	p.registerCallbacks(inst, cfg.Callbacks())
-	return inst, validateInstrumentName(name)
+	return m.float64ObservableInstrument(id, cfg.Callbacks())
 }
 
 // Float64ObservableUpDownCounter returns a new instrument identified by name
@@ -218,14 +269,14 @@ func (m *meter) Float64ObservableCounter(name string, options ...metric.Float64O
 // measurements recorded during the collection cycle are exported.
 func (m *meter) Float64ObservableUpDownCounter(name string, options ...metric.Float64ObservableUpDownCounterOption) (metric.Float64ObservableUpDownCounter, error) {
 	cfg := metric.NewFloat64ObservableUpDownCounterConfig(options...)
-	const kind = InstrumentKindObservableUpDownCounter
-	p := float64ObservProvider{m}
-	inst, err := p.lookup(kind, name, cfg.Description(), cfg.Unit())
-	if err != nil {
-		return nil, err
+	id := Instrument{
+		Name:        name,
+		Description: cfg.Description(),
+		Unit:        cfg.Unit(),
+		Kind:        InstrumentKindObservableUpDownCounter,
+		Scope:       m.scope,
 	}
-	p.registerCallbacks(inst, cfg.Callbacks())
-	return inst, validateInstrumentName(name)
+	return m.float64ObservableInstrument(id, cfg.Callbacks())
 }
 
 // Float64ObservableGauge returns a new instrument identified by name and
@@ -234,14 +285,14 @@ func (m *meter) Float64ObservableUpDownCounter(name string, options ...metric.Fl
 // Only the measurements recorded during the collection cycle are exported.
 func (m *meter) Float64ObservableGauge(name string, options ...metric.Float64ObservableGaugeOption) (metric.Float64ObservableGauge, error) {
 	cfg := metric.NewFloat64ObservableGaugeConfig(options...)
-	const kind = InstrumentKindObservableGauge
-	p := float64ObservProvider{m}
-	inst, err := p.lookup(kind, name, cfg.Description(), cfg.Unit())
-	if err != nil {
-		return nil, err
+	id := Instrument{
+		Name:        name,
+		Description: cfg.Description(),
+		Unit:        cfg.Unit(),
+		Kind:        InstrumentKindObservableGauge,
+		Scope:       m.scope,
 	}
-	p.registerCallbacks(inst, cfg.Callbacks())
-	return inst, validateInstrumentName(name)
+	return m.float64ObservableInstrument(id, cfg.Callbacks())
 }
 
 func validateInstrumentName(name string) error {
@@ -389,12 +440,14 @@ func (r observer) ObserveFloat64(o metric.Float64Observable, v float64, opts ...
 	}
 
 	if _, registered := r.float64[oImpl.observablID]; !registered {
-		global.Error(errUnregObserver, "failed to record",
-			"name", oImpl.name,
-			"description", oImpl.description,
-			"unit", oImpl.unit,
-			"number", fmt.Sprintf("%T", float64(0)),
-		)
+		if !oImpl.dropAggregation {
+			global.Error(errUnregObserver, "failed to record",
+				"name", oImpl.name,
+				"description", oImpl.description,
+				"unit", oImpl.unit,
+				"number", fmt.Sprintf("%T", float64(0)),
+			)
+		}
 		return
 	}
 	c := metric.NewObserveConfig(opts)
@@ -422,12 +475,14 @@ func (r observer) ObserveInt64(o metric.Int64Observable, v int64, opts ...metric
 	}
 
 	if _, registered := r.int64[oImpl.observablID]; !registered {
-		global.Error(errUnregObserver, "failed to record",
-			"name", oImpl.name,
-			"description", oImpl.description,
-			"unit", oImpl.unit,
-			"number", fmt.Sprintf("%T", int64(0)),
-		)
+		if !oImpl.dropAggregation {
+			global.Error(errUnregObserver, "failed to record",
+				"name", oImpl.name,
+				"description", oImpl.description,
+				"unit", oImpl.unit,
+				"number", fmt.Sprintf("%T", int64(0)),
+			)
+		}
 		return
 	}
 	c := metric.NewObserveConfig(opts)
@@ -528,32 +583,9 @@ func (p float64InstProvider) lookupHistogram(name string, cfg metric.Float64Hist
 	return &float64Inst{measures: aggs}, err
 }
 
-type int64ObservProvider struct{ *meter }
-
-func (p int64ObservProvider) lookup(kind InstrumentKind, name, desc, u string) (int64Observable, error) {
-	aggs, err := (int64InstProvider)(p).aggs(kind, name, desc, u)
-	return newInt64Observable(p.meter, kind, name, desc, u, aggs), err
-}
-
-func (p int64ObservProvider) registerCallbacks(inst int64Observable, cBacks []metric.Int64Callback) {
-	if inst.observable == nil || len(inst.measures) == 0 {
-		// Drop aggregator.
-		return
-	}
-
-	for _, cBack := range cBacks {
-		p.pipes.registerCallback(p.callback(inst, cBack))
-	}
-}
-
-func (p int64ObservProvider) callback(i int64Observable, f metric.Int64Callback) func(context.Context) error {
-	inst := int64Observer{int64Observable: i}
-	return func(ctx context.Context) error { return f(ctx, inst) }
-}
-
 type int64Observer struct {
 	embedded.Int64Observer
-	int64Observable
+	measures[int64]
 }
 
 func (o int64Observer) Observe(val int64, opts ...metric.ObserveOption) {
@@ -561,32 +593,9 @@ func (o int64Observer) Observe(val int64, opts ...metric.ObserveOption) {
 	o.observe(val, c.Attributes())
 }
 
-type float64ObservProvider struct{ *meter }
-
-func (p float64ObservProvider) lookup(kind InstrumentKind, name, desc, u string) (float64Observable, error) {
-	aggs, err := (float64InstProvider)(p).aggs(kind, name, desc, u)
-	return newFloat64Observable(p.meter, kind, name, desc, u, aggs), err
-}
-
-func (p float64ObservProvider) registerCallbacks(inst float64Observable, cBacks []metric.Float64Callback) {
-	if inst.observable == nil || len(inst.measures) == 0 {
-		// Drop aggregator.
-		return
-	}
-
-	for _, cBack := range cBacks {
-		p.pipes.registerCallback(p.callback(inst, cBack))
-	}
-}
-
-func (p float64ObservProvider) callback(i float64Observable, f metric.Float64Callback) func(context.Context) error {
-	inst := float64Observer{float64Observable: i}
-	return func(ctx context.Context) error { return f(ctx, inst) }
-}
-
 type float64Observer struct {
 	embedded.Float64Observer
-	float64Observable
+	measures[float64]
 }
 
 func (o float64Observer) Observe(val float64, opts ...metric.ObserveOption) {
diff --git a/vendor/go.opentelemetry.io/otel/sdk/metric/pipeline.go b/vendor/go.opentelemetry.io/otel/sdk/metric/pipeline.go
index 48abcc8a7f3..47d9fe07ada 100644
--- a/vendor/go.opentelemetry.io/otel/sdk/metric/pipeline.go
+++ b/vendor/go.opentelemetry.io/otel/sdk/metric/pipeline.go
@@ -29,6 +29,7 @@ import (
 	"go.opentelemetry.io/otel/sdk/instrumentation"
 	"go.opentelemetry.io/otel/sdk/metric/internal"
 	"go.opentelemetry.io/otel/sdk/metric/internal/aggregate"
+	"go.opentelemetry.io/otel/sdk/metric/internal/x"
 	"go.opentelemetry.io/otel/sdk/metric/metricdata"
 	"go.opentelemetry.io/otel/sdk/resource"
 )
@@ -93,14 +94,6 @@ func (p *pipeline) addSync(scope instrumentation.Scope, iSync instrumentSync) {
 	p.aggregations[scope] = append(p.aggregations[scope], iSync)
 }
 
-// addCallback registers a single instrument callback to be run when
-// `produce()` is called.
-func (p *pipeline) addCallback(cback func(context.Context) error) {
-	p.Lock()
-	defer p.Unlock()
-	p.callbacks = append(p.callbacks, cback)
-}
-
 type multiCallback func(context.Context) error
 
 // addMultiCallback registers a multi-instrument callback to be run when
@@ -281,6 +274,14 @@ func (i *inserter[N]) Instrument(inst Instrument, readerAggregation Aggregation)
 	return measures, errs.errorOrNil()
 }
 
+// addCallback registers a single instrument callback to be run when
+// `produce()` is called.
+func (i *inserter[N]) addCallback(cback func(context.Context) error) {
+	i.pipeline.Lock()
+	defer i.pipeline.Unlock()
+	i.pipeline.callbacks = append(i.pipeline.callbacks, cback)
+}
+
 var aggIDCount uint64
 
 // aggVal is the cached value in an aggregators cache.
@@ -361,6 +362,12 @@ func (i *inserter[N]) cachedAggregator(scope instrumentation.Scope, kind Instrum
 			Temporality: i.pipeline.reader.temporality(kind),
 		}
 		b.Filter = stream.AttributeFilter
+		// A value less than or equal to zero will disable the aggregation
+		// limits for the builder (an all the created aggregates).
+		// CardinalityLimit.Lookup returns 0 by default if unset (or
+		// unrecognized input). Use that value directly.
+		b.AggregationLimit, _ = x.CardinalityLimit.Lookup()
+
 		in, out, err := i.aggregateFunc(b, stream.Aggregation, kind)
 		if err != nil {
 			return aggVal[N]{0, nil, err}
@@ -557,12 +564,6 @@ func newPipelines(res *resource.Resource, readers []Reader, views []View) pipeli
 	return pipes
 }
 
-func (p pipelines) registerCallback(cback func(context.Context) error) {
-	for _, pipe := range p {
-		pipe.addCallback(cback)
-	}
-}
-
 func (p pipelines) registerMultiCallback(c multiCallback) metric.Registration {
 	unregs := make([]func(), len(p))
 	for i, pipe := range p {
diff --git a/vendor/go.opentelemetry.io/otel/sdk/metric/version.go b/vendor/go.opentelemetry.io/otel/sdk/metric/version.go
index edcf7cfc862..d30a7d1c15a 100644
--- a/vendor/go.opentelemetry.io/otel/sdk/metric/version.go
+++ b/vendor/go.opentelemetry.io/otel/sdk/metric/version.go
@@ -16,5 +16,5 @@ package metric // import "go.opentelemetry.io/otel/sdk/metric"
 
 // version is the current release version of the metric SDK in use.
 func version() string {
-	return "1.21.0"
+	return "1.22.0"
 }
diff --git a/vendor/go.opentelemetry.io/otel/sdk/resource/builtin.go b/vendor/go.opentelemetry.io/otel/sdk/resource/builtin.go
index c63a0dd1f8c..6a2c08293a8 100644
--- a/vendor/go.opentelemetry.io/otel/sdk/resource/builtin.go
+++ b/vendor/go.opentelemetry.io/otel/sdk/resource/builtin.go
@@ -22,7 +22,7 @@ import (
 
 	"go.opentelemetry.io/otel/attribute"
 	"go.opentelemetry.io/otel/sdk"
-	semconv "go.opentelemetry.io/otel/semconv/v1.21.0"
+	semconv "go.opentelemetry.io/otel/semconv/v1.24.0"
 )
 
 type (
diff --git a/vendor/go.opentelemetry.io/otel/sdk/resource/container.go b/vendor/go.opentelemetry.io/otel/sdk/resource/container.go
index 3d536228283..c881b2895be 100644
--- a/vendor/go.opentelemetry.io/otel/sdk/resource/container.go
+++ b/vendor/go.opentelemetry.io/otel/sdk/resource/container.go
@@ -22,7 +22,7 @@ import (
 	"os"
 	"regexp"
 
-	semconv "go.opentelemetry.io/otel/semconv/v1.21.0"
+	semconv "go.opentelemetry.io/otel/semconv/v1.24.0"
 )
 
 type containerIDProvider func() (string, error)
diff --git a/vendor/go.opentelemetry.io/otel/sdk/resource/env.go b/vendor/go.opentelemetry.io/otel/sdk/resource/env.go
index e29ae563a69..be4cbe423ea 100644
--- a/vendor/go.opentelemetry.io/otel/sdk/resource/env.go
+++ b/vendor/go.opentelemetry.io/otel/sdk/resource/env.go
@@ -23,7 +23,7 @@ import (
 
 	"go.opentelemetry.io/otel"
 	"go.opentelemetry.io/otel/attribute"
-	semconv "go.opentelemetry.io/otel/semconv/v1.21.0"
+	semconv "go.opentelemetry.io/otel/semconv/v1.24.0"
 )
 
 const (
diff --git a/vendor/go.opentelemetry.io/otel/sdk/resource/host_id.go b/vendor/go.opentelemetry.io/otel/sdk/resource/host_id.go
index fb1ebf2cab2..f579329c2c6 100644
--- a/vendor/go.opentelemetry.io/otel/sdk/resource/host_id.go
+++ b/vendor/go.opentelemetry.io/otel/sdk/resource/host_id.go
@@ -19,7 +19,7 @@ import (
 	"errors"
 	"strings"
 
-	semconv "go.opentelemetry.io/otel/semconv/v1.21.0"
+	semconv "go.opentelemetry.io/otel/semconv/v1.24.0"
 )
 
 type hostIDProvider func() (string, error)
diff --git a/vendor/go.opentelemetry.io/otel/sdk/resource/os.go b/vendor/go.opentelemetry.io/otel/sdk/resource/os.go
index 0cbd559739c..8fbf071c178 100644
--- a/vendor/go.opentelemetry.io/otel/sdk/resource/os.go
+++ b/vendor/go.opentelemetry.io/otel/sdk/resource/os.go
@@ -19,7 +19,7 @@ import (
 	"strings"
 
 	"go.opentelemetry.io/otel/attribute"
-	semconv "go.opentelemetry.io/otel/semconv/v1.21.0"
+	semconv "go.opentelemetry.io/otel/semconv/v1.24.0"
 )
 
 type osDescriptionProvider func() (string, error)
diff --git a/vendor/go.opentelemetry.io/otel/sdk/resource/process.go b/vendor/go.opentelemetry.io/otel/sdk/resource/process.go
index ecdd11dd762..739ea4512ac 100644
--- a/vendor/go.opentelemetry.io/otel/sdk/resource/process.go
+++ b/vendor/go.opentelemetry.io/otel/sdk/resource/process.go
@@ -22,7 +22,7 @@ import (
 	"path/filepath"
 	"runtime"
 
-	semconv "go.opentelemetry.io/otel/semconv/v1.21.0"
+	semconv "go.opentelemetry.io/otel/semconv/v1.24.0"
 )
 
 type (
diff --git a/vendor/go.opentelemetry.io/otel/sdk/trace/span.go b/vendor/go.opentelemetry.io/otel/sdk/trace/span.go
index 36dbf67764b..85bc702a019 100644
--- a/vendor/go.opentelemetry.io/otel/sdk/trace/span.go
+++ b/vendor/go.opentelemetry.io/otel/sdk/trace/span.go
@@ -30,7 +30,7 @@ import (
 	"go.opentelemetry.io/otel/sdk/instrumentation"
 	"go.opentelemetry.io/otel/sdk/internal"
 	"go.opentelemetry.io/otel/sdk/resource"
-	semconv "go.opentelemetry.io/otel/semconv/v1.21.0"
+	semconv "go.opentelemetry.io/otel/semconv/v1.24.0"
 	"go.opentelemetry.io/otel/trace"
 	"go.opentelemetry.io/otel/trace/embedded"
 )
@@ -208,6 +208,16 @@ func (s *recordingSpan) SetStatus(code codes.Code, description string) {
 	s.status = status
 }
 
+// ensureAttributesCapacity inlines functionality from slices.Grow
+// so that we can avoid needing to import golang.org/x/exp for go1.20.
+// Once support for go1.20 is dropped, we can use slices.Grow available since go1.21 instead.
+// Tracking issue: https://github.com/open-telemetry/opentelemetry-go/issues/4819.
+func (s *recordingSpan) ensureAttributesCapacity(minCapacity int) {
+	if n := minCapacity - cap(s.attributes); n > 0 {
+		s.attributes = append(s.attributes[:cap(s.attributes)], make([]attribute.KeyValue, n)...)[:len(s.attributes)]
+	}
+}
+
 // SetAttributes sets attributes of this span.
 //
 // If a key from attributes already exists the value associated with that key
@@ -242,6 +252,7 @@ func (s *recordingSpan) SetAttributes(attributes ...attribute.KeyValue) {
 
 	// Otherwise, add without deduplication. When attributes are read they
 	// will be deduplicated, optimizing the operation.
+	s.ensureAttributesCapacity(len(s.attributes) + len(attributes))
 	for _, a := range attributes {
 		if !a.Valid() {
 			// Drop all invalid attributes.
@@ -277,6 +288,12 @@ func (s *recordingSpan) addOverCapAttrs(limit int, attrs []attribute.KeyValue) {
 
 	// Now that s.attributes is deduplicated, adding unique attributes up to
 	// the capacity of s will not over allocate s.attributes.
+	if sum := len(attrs) + len(s.attributes); sum < limit {
+		// After support for go1.20 is dropped, simplify if-else to min(sum, limit).
+		s.ensureAttributesCapacity(sum)
+	} else {
+		s.ensureAttributesCapacity(limit)
+	}
 	for _, a := range attrs {
 		if !a.Valid() {
 			// Drop all invalid attributes.
diff --git a/vendor/go.opentelemetry.io/otel/sdk/version.go b/vendor/go.opentelemetry.io/otel/sdk/version.go
index 422d4c964b3..17b16cc7966 100644
--- a/vendor/go.opentelemetry.io/otel/sdk/version.go
+++ b/vendor/go.opentelemetry.io/otel/sdk/version.go
@@ -16,5 +16,5 @@ package sdk // import "go.opentelemetry.io/otel/sdk"
 
 // Version is the current release version of the OpenTelemetry SDK in use.
 func Version() string {
-	return "1.21.0"
+	return "1.22.0"
 }
diff --git a/vendor/go.opentelemetry.io/otel/semconv/v1.21.0/attribute_group.go b/vendor/go.opentelemetry.io/otel/semconv/v1.21.0/attribute_group.go
deleted file mode 100644
index e6cf8951053..00000000000
--- a/vendor/go.opentelemetry.io/otel/semconv/v1.21.0/attribute_group.go
+++ /dev/null
@@ -1,1877 +0,0 @@
-// Copyright The OpenTelemetry Authors
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-// Code generated from semantic convention specification. DO NOT EDIT.
-
-package semconv // import "go.opentelemetry.io/otel/semconv/v1.21.0"
-
-import "go.opentelemetry.io/otel/attribute"
-
-// These attributes may be used to describe the client in a connection-based
-// network interaction where there is one side that initiates the connection
-// (the client is the side that initiates the connection). This covers all TCP
-// network interactions since TCP is connection-based and one side initiates
-// the connection (an exception is made for peer-to-peer communication over TCP
-// where the "user-facing" surface of the protocol / API does not expose a
-// clear notion of client and server). This also covers UDP network
-// interactions where one side initiates the interaction, e.g. QUIC (HTTP/3)
-// and DNS.
-const (
-	// ClientAddressKey is the attribute Key conforming to the "client.address"
-	// semantic conventions. It represents the client address - unix domain
-	// socket name, IPv4 or IPv6 address.
-	//
-	// Type: string
-	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: '/tmp/my.sock', '10.1.2.80'
-	// Note: When observed from the server side, and when communicating through
-	// an intermediary, `client.address` SHOULD represent client address behind
-	// any intermediaries (e.g. proxies) if it's available.
-	ClientAddressKey = attribute.Key("client.address")
-
-	// ClientPortKey is the attribute Key conforming to the "client.port"
-	// semantic conventions. It represents the client port number
-	//
-	// Type: int
-	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: 65123
-	// Note: When observed from the server side, and when communicating through
-	// an intermediary, `client.port` SHOULD represent client port behind any
-	// intermediaries (e.g. proxies) if it's available.
-	ClientPortKey = attribute.Key("client.port")
-
-	// ClientSocketAddressKey is the attribute Key conforming to the
-	// "client.socket.address" semantic conventions. It represents the
-	// immediate client peer address - unix domain socket name, IPv4 or IPv6
-	// address.
-	//
-	// Type: string
-	// RequirementLevel: Recommended (If different than `client.address`.)
-	// Stability: stable
-	// Examples: '/tmp/my.sock', '127.0.0.1'
-	ClientSocketAddressKey = attribute.Key("client.socket.address")
-
-	// ClientSocketPortKey is the attribute Key conforming to the
-	// "client.socket.port" semantic conventions. It represents the immediate
-	// client peer port number
-	//
-	// Type: int
-	// RequirementLevel: Recommended (If different than `client.port`.)
-	// Stability: stable
-	// Examples: 35555
-	ClientSocketPortKey = attribute.Key("client.socket.port")
-)
-
-// ClientAddress returns an attribute KeyValue conforming to the
-// "client.address" semantic conventions. It represents the client address -
-// unix domain socket name, IPv4 or IPv6 address.
-func ClientAddress(val string) attribute.KeyValue {
-	return ClientAddressKey.String(val)
-}
-
-// ClientPort returns an attribute KeyValue conforming to the "client.port"
-// semantic conventions. It represents the client port number
-func ClientPort(val int) attribute.KeyValue {
-	return ClientPortKey.Int(val)
-}
-
-// ClientSocketAddress returns an attribute KeyValue conforming to the
-// "client.socket.address" semantic conventions. It represents the immediate
-// client peer address - unix domain socket name, IPv4 or IPv6 address.
-func ClientSocketAddress(val string) attribute.KeyValue {
-	return ClientSocketAddressKey.String(val)
-}
-
-// ClientSocketPort returns an attribute KeyValue conforming to the
-// "client.socket.port" semantic conventions. It represents the immediate
-// client peer port number
-func ClientSocketPort(val int) attribute.KeyValue {
-	return ClientSocketPortKey.Int(val)
-}
-
-// Describes deprecated HTTP attributes.
-const (
-	// HTTPMethodKey is the attribute Key conforming to the "http.method"
-	// semantic conventions. It represents the deprecated, use
-	// `http.request.method` instead.
-	//
-	// Type: string
-	// RequirementLevel: Optional
-	// Stability: deprecated
-	// Examples: 'GET', 'POST', 'HEAD'
-	HTTPMethodKey = attribute.Key("http.method")
-
-	// HTTPStatusCodeKey is the attribute Key conforming to the
-	// "http.status_code" semantic conventions. It represents the deprecated,
-	// use `http.response.status_code` instead.
-	//
-	// Type: int
-	// RequirementLevel: Optional
-	// Stability: deprecated
-	// Examples: 200
-	HTTPStatusCodeKey = attribute.Key("http.status_code")
-
-	// HTTPSchemeKey is the attribute Key conforming to the "http.scheme"
-	// semantic conventions. It represents the deprecated, use `url.scheme`
-	// instead.
-	//
-	// Type: string
-	// RequirementLevel: Optional
-	// Stability: deprecated
-	// Examples: 'http', 'https'
-	HTTPSchemeKey = attribute.Key("http.scheme")
-
-	// HTTPURLKey is the attribute Key conforming to the "http.url" semantic
-	// conventions. It represents the deprecated, use `url.full` instead.
-	//
-	// Type: string
-	// RequirementLevel: Optional
-	// Stability: deprecated
-	// Examples: 'https://www.foo.bar/search?q=OpenTelemetry#SemConv'
-	HTTPURLKey = attribute.Key("http.url")
-
-	// HTTPTargetKey is the attribute Key conforming to the "http.target"
-	// semantic conventions. It represents the deprecated, use `url.path` and
-	// `url.query` instead.
-	//
-	// Type: string
-	// RequirementLevel: Optional
-	// Stability: deprecated
-	// Examples: '/search?q=OpenTelemetry#SemConv'
-	HTTPTargetKey = attribute.Key("http.target")
-
-	// HTTPRequestContentLengthKey is the attribute Key conforming to the
-	// "http.request_content_length" semantic conventions. It represents the
-	// deprecated, use `http.request.body.size` instead.
-	//
-	// Type: int
-	// RequirementLevel: Optional
-	// Stability: deprecated
-	// Examples: 3495
-	HTTPRequestContentLengthKey = attribute.Key("http.request_content_length")
-
-	// HTTPResponseContentLengthKey is the attribute Key conforming to the
-	// "http.response_content_length" semantic conventions. It represents the
-	// deprecated, use `http.response.body.size` instead.
-	//
-	// Type: int
-	// RequirementLevel: Optional
-	// Stability: deprecated
-	// Examples: 3495
-	HTTPResponseContentLengthKey = attribute.Key("http.response_content_length")
-)
-
-// HTTPMethod returns an attribute KeyValue conforming to the "http.method"
-// semantic conventions. It represents the deprecated, use
-// `http.request.method` instead.
-func HTTPMethod(val string) attribute.KeyValue {
-	return HTTPMethodKey.String(val)
-}
-
-// HTTPStatusCode returns an attribute KeyValue conforming to the
-// "http.status_code" semantic conventions. It represents the deprecated, use
-// `http.response.status_code` instead.
-func HTTPStatusCode(val int) attribute.KeyValue {
-	return HTTPStatusCodeKey.Int(val)
-}
-
-// HTTPScheme returns an attribute KeyValue conforming to the "http.scheme"
-// semantic conventions. It represents the deprecated, use `url.scheme`
-// instead.
-func HTTPScheme(val string) attribute.KeyValue {
-	return HTTPSchemeKey.String(val)
-}
-
-// HTTPURL returns an attribute KeyValue conforming to the "http.url"
-// semantic conventions. It represents the deprecated, use `url.full` instead.
-func HTTPURL(val string) attribute.KeyValue {
-	return HTTPURLKey.String(val)
-}
-
-// HTTPTarget returns an attribute KeyValue conforming to the "http.target"
-// semantic conventions. It represents the deprecated, use `url.path` and
-// `url.query` instead.
-func HTTPTarget(val string) attribute.KeyValue {
-	return HTTPTargetKey.String(val)
-}
-
-// HTTPRequestContentLength returns an attribute KeyValue conforming to the
-// "http.request_content_length" semantic conventions. It represents the
-// deprecated, use `http.request.body.size` instead.
-func HTTPRequestContentLength(val int) attribute.KeyValue {
-	return HTTPRequestContentLengthKey.Int(val)
-}
-
-// HTTPResponseContentLength returns an attribute KeyValue conforming to the
-// "http.response_content_length" semantic conventions. It represents the
-// deprecated, use `http.response.body.size` instead.
-func HTTPResponseContentLength(val int) attribute.KeyValue {
-	return HTTPResponseContentLengthKey.Int(val)
-}
-
-// These attributes may be used for any network related operation.
-const (
-	// NetSockPeerNameKey is the attribute Key conforming to the
-	// "net.sock.peer.name" semantic conventions. It represents the deprecated,
-	// use `server.socket.domain` on client spans.
-	//
-	// Type: string
-	// RequirementLevel: Optional
-	// Stability: deprecated
-	// Examples: '/var/my.sock'
-	NetSockPeerNameKey = attribute.Key("net.sock.peer.name")
-
-	// NetSockPeerAddrKey is the attribute Key conforming to the
-	// "net.sock.peer.addr" semantic conventions. It represents the deprecated,
-	// use `server.socket.address` on client spans and `client.socket.address`
-	// on server spans.
-	//
-	// Type: string
-	// RequirementLevel: Optional
-	// Stability: deprecated
-	// Examples: '192.168.0.1'
-	NetSockPeerAddrKey = attribute.Key("net.sock.peer.addr")
-
-	// NetSockPeerPortKey is the attribute Key conforming to the
-	// "net.sock.peer.port" semantic conventions. It represents the deprecated,
-	// use `server.socket.port` on client spans and `client.socket.port` on
-	// server spans.
-	//
-	// Type: int
-	// RequirementLevel: Optional
-	// Stability: deprecated
-	// Examples: 65531
-	NetSockPeerPortKey = attribute.Key("net.sock.peer.port")
-
-	// NetPeerNameKey is the attribute Key conforming to the "net.peer.name"
-	// semantic conventions. It represents the deprecated, use `server.address`
-	// on client spans and `client.address` on server spans.
-	//
-	// Type: string
-	// RequirementLevel: Optional
-	// Stability: deprecated
-	// Examples: 'example.com'
-	NetPeerNameKey = attribute.Key("net.peer.name")
-
-	// NetPeerPortKey is the attribute Key conforming to the "net.peer.port"
-	// semantic conventions. It represents the deprecated, use `server.port` on
-	// client spans and `client.port` on server spans.
-	//
-	// Type: int
-	// RequirementLevel: Optional
-	// Stability: deprecated
-	// Examples: 8080
-	NetPeerPortKey = attribute.Key("net.peer.port")
-
-	// NetHostNameKey is the attribute Key conforming to the "net.host.name"
-	// semantic conventions. It represents the deprecated, use
-	// `server.address`.
-	//
-	// Type: string
-	// RequirementLevel: Optional
-	// Stability: deprecated
-	// Examples: 'example.com'
-	NetHostNameKey = attribute.Key("net.host.name")
-
-	// NetHostPortKey is the attribute Key conforming to the "net.host.port"
-	// semantic conventions. It represents the deprecated, use `server.port`.
-	//
-	// Type: int
-	// RequirementLevel: Optional
-	// Stability: deprecated
-	// Examples: 8080
-	NetHostPortKey = attribute.Key("net.host.port")
-
-	// NetSockHostAddrKey is the attribute Key conforming to the
-	// "net.sock.host.addr" semantic conventions. It represents the deprecated,
-	// use `server.socket.address`.
-	//
-	// Type: string
-	// RequirementLevel: Optional
-	// Stability: deprecated
-	// Examples: '/var/my.sock'
-	NetSockHostAddrKey = attribute.Key("net.sock.host.addr")
-
-	// NetSockHostPortKey is the attribute Key conforming to the
-	// "net.sock.host.port" semantic conventions. It represents the deprecated,
-	// use `server.socket.port`.
-	//
-	// Type: int
-	// RequirementLevel: Optional
-	// Stability: deprecated
-	// Examples: 8080
-	NetSockHostPortKey = attribute.Key("net.sock.host.port")
-
-	// NetTransportKey is the attribute Key conforming to the "net.transport"
-	// semantic conventions. It represents the deprecated, use
-	// `network.transport`.
-	//
-	// Type: Enum
-	// RequirementLevel: Optional
-	// Stability: deprecated
-	NetTransportKey = attribute.Key("net.transport")
-
-	// NetProtocolNameKey is the attribute Key conforming to the
-	// "net.protocol.name" semantic conventions. It represents the deprecated,
-	// use `network.protocol.name`.
-	//
-	// Type: string
-	// RequirementLevel: Optional
-	// Stability: deprecated
-	// Examples: 'amqp', 'http', 'mqtt'
-	NetProtocolNameKey = attribute.Key("net.protocol.name")
-
-	// NetProtocolVersionKey is the attribute Key conforming to the
-	// "net.protocol.version" semantic conventions. It represents the
-	// deprecated, use `network.protocol.version`.
-	//
-	// Type: string
-	// RequirementLevel: Optional
-	// Stability: deprecated
-	// Examples: '3.1.1'
-	NetProtocolVersionKey = attribute.Key("net.protocol.version")
-
-	// NetSockFamilyKey is the attribute Key conforming to the
-	// "net.sock.family" semantic conventions. It represents the deprecated,
-	// use `network.transport` and `network.type`.
-	//
-	// Type: Enum
-	// RequirementLevel: Optional
-	// Stability: deprecated
-	NetSockFamilyKey = attribute.Key("net.sock.family")
-)
-
-var (
-	// ip_tcp
-	NetTransportTCP = NetTransportKey.String("ip_tcp")
-	// ip_udp
-	NetTransportUDP = NetTransportKey.String("ip_udp")
-	// Named or anonymous pipe
-	NetTransportPipe = NetTransportKey.String("pipe")
-	// In-process communication
-	NetTransportInProc = NetTransportKey.String("inproc")
-	// Something else (non IP-based)
-	NetTransportOther = NetTransportKey.String("other")
-)
-
-var (
-	// IPv4 address
-	NetSockFamilyInet = NetSockFamilyKey.String("inet")
-	// IPv6 address
-	NetSockFamilyInet6 = NetSockFamilyKey.String("inet6")
-	// Unix domain socket path
-	NetSockFamilyUnix = NetSockFamilyKey.String("unix")
-)
-
-// NetSockPeerName returns an attribute KeyValue conforming to the
-// "net.sock.peer.name" semantic conventions. It represents the deprecated, use
-// `server.socket.domain` on client spans.
-func NetSockPeerName(val string) attribute.KeyValue {
-	return NetSockPeerNameKey.String(val)
-}
-
-// NetSockPeerAddr returns an attribute KeyValue conforming to the
-// "net.sock.peer.addr" semantic conventions. It represents the deprecated, use
-// `server.socket.address` on client spans and `client.socket.address` on
-// server spans.
-func NetSockPeerAddr(val string) attribute.KeyValue {
-	return NetSockPeerAddrKey.String(val)
-}
-
-// NetSockPeerPort returns an attribute KeyValue conforming to the
-// "net.sock.peer.port" semantic conventions. It represents the deprecated, use
-// `server.socket.port` on client spans and `client.socket.port` on server
-// spans.
-func NetSockPeerPort(val int) attribute.KeyValue {
-	return NetSockPeerPortKey.Int(val)
-}
-
-// NetPeerName returns an attribute KeyValue conforming to the
-// "net.peer.name" semantic conventions. It represents the deprecated, use
-// `server.address` on client spans and `client.address` on server spans.
-func NetPeerName(val string) attribute.KeyValue {
-	return NetPeerNameKey.String(val)
-}
-
-// NetPeerPort returns an attribute KeyValue conforming to the
-// "net.peer.port" semantic conventions. It represents the deprecated, use
-// `server.port` on client spans and `client.port` on server spans.
-func NetPeerPort(val int) attribute.KeyValue {
-	return NetPeerPortKey.Int(val)
-}
-
-// NetHostName returns an attribute KeyValue conforming to the
-// "net.host.name" semantic conventions. It represents the deprecated, use
-// `server.address`.
-func NetHostName(val string) attribute.KeyValue {
-	return NetHostNameKey.String(val)
-}
-
-// NetHostPort returns an attribute KeyValue conforming to the
-// "net.host.port" semantic conventions. It represents the deprecated, use
-// `server.port`.
-func NetHostPort(val int) attribute.KeyValue {
-	return NetHostPortKey.Int(val)
-}
-
-// NetSockHostAddr returns an attribute KeyValue conforming to the
-// "net.sock.host.addr" semantic conventions. It represents the deprecated, use
-// `server.socket.address`.
-func NetSockHostAddr(val string) attribute.KeyValue {
-	return NetSockHostAddrKey.String(val)
-}
-
-// NetSockHostPort returns an attribute KeyValue conforming to the
-// "net.sock.host.port" semantic conventions. It represents the deprecated, use
-// `server.socket.port`.
-func NetSockHostPort(val int) attribute.KeyValue {
-	return NetSockHostPortKey.Int(val)
-}
-
-// NetProtocolName returns an attribute KeyValue conforming to the
-// "net.protocol.name" semantic conventions. It represents the deprecated, use
-// `network.protocol.name`.
-func NetProtocolName(val string) attribute.KeyValue {
-	return NetProtocolNameKey.String(val)
-}
-
-// NetProtocolVersion returns an attribute KeyValue conforming to the
-// "net.protocol.version" semantic conventions. It represents the deprecated,
-// use `network.protocol.version`.
-func NetProtocolVersion(val string) attribute.KeyValue {
-	return NetProtocolVersionKey.String(val)
-}
-
-// These attributes may be used to describe the receiver of a network
-// exchange/packet. These should be used when there is no client/server
-// relationship between the two sides, or when that relationship is unknown.
-// This covers low-level network interactions (e.g. packet tracing) where you
-// don't know if there was a connection or which side initiated it. This also
-// covers unidirectional UDP flows and peer-to-peer communication where the
-// "user-facing" surface of the protocol / API does not expose a clear notion
-// of client and server.
-const (
-	// DestinationDomainKey is the attribute Key conforming to the
-	// "destination.domain" semantic conventions. It represents the domain name
-	// of the destination system.
-	//
-	// Type: string
-	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: 'foo.example.com'
-	// Note: This value may be a host name, a fully qualified domain name, or
-	// another host naming format.
-	DestinationDomainKey = attribute.Key("destination.domain")
-
-	// DestinationAddressKey is the attribute Key conforming to the
-	// "destination.address" semantic conventions. It represents the peer
-	// address, for example IP address or UNIX socket name.
-	//
-	// Type: string
-	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: '10.5.3.2'
-	DestinationAddressKey = attribute.Key("destination.address")
-
-	// DestinationPortKey is the attribute Key conforming to the
-	// "destination.port" semantic conventions. It represents the peer port
-	// number
-	//
-	// Type: int
-	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: 3389, 2888
-	DestinationPortKey = attribute.Key("destination.port")
-)
-
-// DestinationDomain returns an attribute KeyValue conforming to the
-// "destination.domain" semantic conventions. It represents the domain name of
-// the destination system.
-func DestinationDomain(val string) attribute.KeyValue {
-	return DestinationDomainKey.String(val)
-}
-
-// DestinationAddress returns an attribute KeyValue conforming to the
-// "destination.address" semantic conventions. It represents the peer address,
-// for example IP address or UNIX socket name.
-func DestinationAddress(val string) attribute.KeyValue {
-	return DestinationAddressKey.String(val)
-}
-
-// DestinationPort returns an attribute KeyValue conforming to the
-// "destination.port" semantic conventions. It represents the peer port number
-func DestinationPort(val int) attribute.KeyValue {
-	return DestinationPortKey.Int(val)
-}
-
-// Describes HTTP attributes.
-const (
-	// HTTPRequestMethodKey is the attribute Key conforming to the
-	// "http.request.method" semantic conventions. It represents the hTTP
-	// request method.
-	//
-	// Type: Enum
-	// RequirementLevel: Required
-	// Stability: stable
-	// Examples: 'GET', 'POST', 'HEAD'
-	// Note: HTTP request method value SHOULD be "known" to the
-	// instrumentation.
-	// By default, this convention defines "known" methods as the ones listed
-	// in [RFC9110](https://www.rfc-editor.org/rfc/rfc9110.html#name-methods)
-	// and the PATCH method defined in
-	// [RFC5789](https://www.rfc-editor.org/rfc/rfc5789.html).
-	//
-	// If the HTTP request method is not known to instrumentation, it MUST set
-	// the `http.request.method` attribute to `_OTHER` and, except if reporting
-	// a metric, MUST
-	// set the exact method received in the request line as value of the
-	// `http.request.method_original` attribute.
-	//
-	// If the HTTP instrumentation could end up converting valid HTTP request
-	// methods to `_OTHER`, then it MUST provide a way to override
-	// the list of known HTTP methods. If this override is done via environment
-	// variable, then the environment variable MUST be named
-	// OTEL_INSTRUMENTATION_HTTP_KNOWN_METHODS and support a comma-separated
-	// list of case-sensitive known HTTP methods
-	// (this list MUST be a full override of the default known method, it is
-	// not a list of known methods in addition to the defaults).
-	//
-	// HTTP method names are case-sensitive and `http.request.method` attribute
-	// value MUST match a known HTTP method name exactly.
-	// Instrumentations for specific web frameworks that consider HTTP methods
-	// to be case insensitive, SHOULD populate a canonical equivalent.
-	// Tracing instrumentations that do so, MUST also set
-	// `http.request.method_original` to the original value.
-	HTTPRequestMethodKey = attribute.Key("http.request.method")
-
-	// HTTPResponseStatusCodeKey is the attribute Key conforming to the
-	// "http.response.status_code" semantic conventions. It represents the
-	// [HTTP response status
-	// code](https://tools.ietf.org/html/rfc7231#section-6).
-	//
-	// Type: int
-	// RequirementLevel: ConditionallyRequired (If and only if one was
-	// received/sent.)
-	// Stability: stable
-	// Examples: 200
-	HTTPResponseStatusCodeKey = attribute.Key("http.response.status_code")
-)
-
-var (
-	// CONNECT method
-	HTTPRequestMethodConnect = HTTPRequestMethodKey.String("CONNECT")
-	// DELETE method
-	HTTPRequestMethodDelete = HTTPRequestMethodKey.String("DELETE")
-	// GET method
-	HTTPRequestMethodGet = HTTPRequestMethodKey.String("GET")
-	// HEAD method
-	HTTPRequestMethodHead = HTTPRequestMethodKey.String("HEAD")
-	// OPTIONS method
-	HTTPRequestMethodOptions = HTTPRequestMethodKey.String("OPTIONS")
-	// PATCH method
-	HTTPRequestMethodPatch = HTTPRequestMethodKey.String("PATCH")
-	// POST method
-	HTTPRequestMethodPost = HTTPRequestMethodKey.String("POST")
-	// PUT method
-	HTTPRequestMethodPut = HTTPRequestMethodKey.String("PUT")
-	// TRACE method
-	HTTPRequestMethodTrace = HTTPRequestMethodKey.String("TRACE")
-	// Any HTTP method that the instrumentation has no prior knowledge of
-	HTTPRequestMethodOther = HTTPRequestMethodKey.String("_OTHER")
-)
-
-// HTTPResponseStatusCode returns an attribute KeyValue conforming to the
-// "http.response.status_code" semantic conventions. It represents the [HTTP
-// response status code](https://tools.ietf.org/html/rfc7231#section-6).
-func HTTPResponseStatusCode(val int) attribute.KeyValue {
-	return HTTPResponseStatusCodeKey.Int(val)
-}
-
-// HTTP Server attributes
-const (
-	// HTTPRouteKey is the attribute Key conforming to the "http.route"
-	// semantic conventions. It represents the matched route (path template in
-	// the format used by the respective server framework). See note below
-	//
-	// Type: string
-	// RequirementLevel: ConditionallyRequired (If and only if it's available)
-	// Stability: stable
-	// Examples: '/users/:userID?', '{controller}/{action}/{id?}'
-	// Note: MUST NOT be populated when this is not supported by the HTTP
-	// server framework as the route attribute should have low-cardinality and
-	// the URI path can NOT substitute it.
-	// SHOULD include the [application
-	// root](/docs/http/http-spans.md#http-server-definitions) if there is one.
-	HTTPRouteKey = attribute.Key("http.route")
-)
-
-// HTTPRoute returns an attribute KeyValue conforming to the "http.route"
-// semantic conventions. It represents the matched route (path template in the
-// format used by the respective server framework). See note below
-func HTTPRoute(val string) attribute.KeyValue {
-	return HTTPRouteKey.String(val)
-}
-
-// Attributes for Events represented using Log Records.
-const (
-	// EventNameKey is the attribute Key conforming to the "event.name"
-	// semantic conventions. It represents the name identifies the event.
-	//
-	// Type: string
-	// RequirementLevel: Required
-	// Stability: stable
-	// Examples: 'click', 'exception'
-	EventNameKey = attribute.Key("event.name")
-
-	// EventDomainKey is the attribute Key conforming to the "event.domain"
-	// semantic conventions. It represents the domain identifies the business
-	// context for the events.
-	//
-	// Type: Enum
-	// RequirementLevel: Required
-	// Stability: stable
-	// Note: Events across different domains may have same `event.name`, yet be
-	// unrelated events.
-	EventDomainKey = attribute.Key("event.domain")
-)
-
-var (
-	// Events from browser apps
-	EventDomainBrowser = EventDomainKey.String("browser")
-	// Events from mobile apps
-	EventDomainDevice = EventDomainKey.String("device")
-	// Events from Kubernetes
-	EventDomainK8S = EventDomainKey.String("k8s")
-)
-
-// EventName returns an attribute KeyValue conforming to the "event.name"
-// semantic conventions. It represents the name identifies the event.
-func EventName(val string) attribute.KeyValue {
-	return EventNameKey.String(val)
-}
-
-// The attributes described in this section are rather generic. They may be
-// used in any Log Record they apply to.
-const (
-	// LogRecordUIDKey is the attribute Key conforming to the "log.record.uid"
-	// semantic conventions. It represents a unique identifier for the Log
-	// Record.
-	//
-	// Type: string
-	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: '01ARZ3NDEKTSV4RRFFQ69G5FAV'
-	// Note: If an id is provided, other log records with the same id will be
-	// considered duplicates and can be removed safely. This means, that two
-	// distinguishable log records MUST have different values.
-	// The id MAY be an [Universally Unique Lexicographically Sortable
-	// Identifier (ULID)](https://github.com/ulid/spec), but other identifiers
-	// (e.g. UUID) may be used as needed.
-	LogRecordUIDKey = attribute.Key("log.record.uid")
-)
-
-// LogRecordUID returns an attribute KeyValue conforming to the
-// "log.record.uid" semantic conventions. It represents a unique identifier for
-// the Log Record.
-func LogRecordUID(val string) attribute.KeyValue {
-	return LogRecordUIDKey.String(val)
-}
-
-// Describes Log attributes
-const (
-	// LogIostreamKey is the attribute Key conforming to the "log.iostream"
-	// semantic conventions. It represents the stream associated with the log.
-	// See below for a list of well-known values.
-	//
-	// Type: Enum
-	// RequirementLevel: Optional
-	// Stability: stable
-	LogIostreamKey = attribute.Key("log.iostream")
-)
-
-var (
-	// Logs from stdout stream
-	LogIostreamStdout = LogIostreamKey.String("stdout")
-	// Events from stderr stream
-	LogIostreamStderr = LogIostreamKey.String("stderr")
-)
-
-// A file to which log was emitted.
-const (
-	// LogFileNameKey is the attribute Key conforming to the "log.file.name"
-	// semantic conventions. It represents the basename of the file.
-	//
-	// Type: string
-	// RequirementLevel: Recommended
-	// Stability: stable
-	// Examples: 'audit.log'
-	LogFileNameKey = attribute.Key("log.file.name")
-
-	// LogFilePathKey is the attribute Key conforming to the "log.file.path"
-	// semantic conventions. It represents the full path to the file.
-	//
-	// Type: string
-	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: '/var/log/mysql/audit.log'
-	LogFilePathKey = attribute.Key("log.file.path")
-
-	// LogFileNameResolvedKey is the attribute Key conforming to the
-	// "log.file.name_resolved" semantic conventions. It represents the
-	// basename of the file, with symlinks resolved.
-	//
-	// Type: string
-	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: 'uuid.log'
-	LogFileNameResolvedKey = attribute.Key("log.file.name_resolved")
-
-	// LogFilePathResolvedKey is the attribute Key conforming to the
-	// "log.file.path_resolved" semantic conventions. It represents the full
-	// path to the file, with symlinks resolved.
-	//
-	// Type: string
-	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: '/var/lib/docker/uuid.log'
-	LogFilePathResolvedKey = attribute.Key("log.file.path_resolved")
-)
-
-// LogFileName returns an attribute KeyValue conforming to the
-// "log.file.name" semantic conventions. It represents the basename of the
-// file.
-func LogFileName(val string) attribute.KeyValue {
-	return LogFileNameKey.String(val)
-}
-
-// LogFilePath returns an attribute KeyValue conforming to the
-// "log.file.path" semantic conventions. It represents the full path to the
-// file.
-func LogFilePath(val string) attribute.KeyValue {
-	return LogFilePathKey.String(val)
-}
-
-// LogFileNameResolved returns an attribute KeyValue conforming to the
-// "log.file.name_resolved" semantic conventions. It represents the basename of
-// the file, with symlinks resolved.
-func LogFileNameResolved(val string) attribute.KeyValue {
-	return LogFileNameResolvedKey.String(val)
-}
-
-// LogFilePathResolved returns an attribute KeyValue conforming to the
-// "log.file.path_resolved" semantic conventions. It represents the full path
-// to the file, with symlinks resolved.
-func LogFilePathResolved(val string) attribute.KeyValue {
-	return LogFilePathResolvedKey.String(val)
-}
-
-// Describes JVM memory metric attributes.
-const (
-	// TypeKey is the attribute Key conforming to the "type" semantic
-	// conventions. It represents the type of memory.
-	//
-	// Type: Enum
-	// RequirementLevel: Recommended
-	// Stability: stable
-	// Examples: 'heap', 'non_heap'
-	TypeKey = attribute.Key("type")
-
-	// PoolKey is the attribute Key conforming to the "pool" semantic
-	// conventions. It represents the name of the memory pool.
-	//
-	// Type: string
-	// RequirementLevel: Recommended
-	// Stability: stable
-	// Examples: 'G1 Old Gen', 'G1 Eden space', 'G1 Survivor Space'
-	// Note: Pool names are generally obtained via
-	// [MemoryPoolMXBean#getName()](https://docs.oracle.com/en/java/javase/11/docs/api/java.management/java/lang/management/MemoryPoolMXBean.html#getName()).
-	PoolKey = attribute.Key("pool")
-)
-
-var (
-	// Heap memory
-	TypeHeap = TypeKey.String("heap")
-	// Non-heap memory
-	TypeNonHeap = TypeKey.String("non_heap")
-)
-
-// Pool returns an attribute KeyValue conforming to the "pool" semantic
-// conventions. It represents the name of the memory pool.
-func Pool(val string) attribute.KeyValue {
-	return PoolKey.String(val)
-}
-
-// These attributes may be used to describe the server in a connection-based
-// network interaction where there is one side that initiates the connection
-// (the client is the side that initiates the connection). This covers all TCP
-// network interactions since TCP is connection-based and one side initiates
-// the connection (an exception is made for peer-to-peer communication over TCP
-// where the "user-facing" surface of the protocol / API does not expose a
-// clear notion of client and server). This also covers UDP network
-// interactions where one side initiates the interaction, e.g. QUIC (HTTP/3)
-// and DNS.
-const (
-	// ServerAddressKey is the attribute Key conforming to the "server.address"
-	// semantic conventions. It represents the logical server hostname, matches
-	// server FQDN if available, and IP or socket address if FQDN is not known.
-	//
-	// Type: string
-	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: 'example.com'
-	ServerAddressKey = attribute.Key("server.address")
-
-	// ServerPortKey is the attribute Key conforming to the "server.port"
-	// semantic conventions. It represents the logical server port number
-	//
-	// Type: int
-	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: 80, 8080, 443
-	ServerPortKey = attribute.Key("server.port")
-
-	// ServerSocketDomainKey is the attribute Key conforming to the
-	// "server.socket.domain" semantic conventions. It represents the domain
-	// name of an immediate peer.
-	//
-	// Type: string
-	// RequirementLevel: Recommended (If different than `server.address`.)
-	// Stability: stable
-	// Examples: 'proxy.example.com'
-	// Note: Typically observed from the client side, and represents a proxy or
-	// other intermediary domain name.
-	ServerSocketDomainKey = attribute.Key("server.socket.domain")
-
-	// ServerSocketAddressKey is the attribute Key conforming to the
-	// "server.socket.address" semantic conventions. It represents the physical
-	// server IP address or Unix socket address. If set from the client, should
-	// simply use the socket's peer address, and not attempt to find any actual
-	// server IP (i.e., if set from client, this may represent some proxy
-	// server instead of the logical server).
-	//
-	// Type: string
-	// RequirementLevel: Recommended (If different than `server.address`.)
-	// Stability: stable
-	// Examples: '10.5.3.2'
-	ServerSocketAddressKey = attribute.Key("server.socket.address")
-
-	// ServerSocketPortKey is the attribute Key conforming to the
-	// "server.socket.port" semantic conventions. It represents the physical
-	// server port.
-	//
-	// Type: int
-	// RequirementLevel: Recommended (If different than `server.port`.)
-	// Stability: stable
-	// Examples: 16456
-	ServerSocketPortKey = attribute.Key("server.socket.port")
-)
-
-// ServerAddress returns an attribute KeyValue conforming to the
-// "server.address" semantic conventions. It represents the logical server
-// hostname, matches server FQDN if available, and IP or socket address if FQDN
-// is not known.
-func ServerAddress(val string) attribute.KeyValue {
-	return ServerAddressKey.String(val)
-}
-
-// ServerPort returns an attribute KeyValue conforming to the "server.port"
-// semantic conventions. It represents the logical server port number
-func ServerPort(val int) attribute.KeyValue {
-	return ServerPortKey.Int(val)
-}
-
-// ServerSocketDomain returns an attribute KeyValue conforming to the
-// "server.socket.domain" semantic conventions. It represents the domain name
-// of an immediate peer.
-func ServerSocketDomain(val string) attribute.KeyValue {
-	return ServerSocketDomainKey.String(val)
-}
-
-// ServerSocketAddress returns an attribute KeyValue conforming to the
-// "server.socket.address" semantic conventions. It represents the physical
-// server IP address or Unix socket address. If set from the client, should
-// simply use the socket's peer address, and not attempt to find any actual
-// server IP (i.e., if set from client, this may represent some proxy server
-// instead of the logical server).
-func ServerSocketAddress(val string) attribute.KeyValue {
-	return ServerSocketAddressKey.String(val)
-}
-
-// ServerSocketPort returns an attribute KeyValue conforming to the
-// "server.socket.port" semantic conventions. It represents the physical server
-// port.
-func ServerSocketPort(val int) attribute.KeyValue {
-	return ServerSocketPortKey.Int(val)
-}
-
-// These attributes may be used to describe the sender of a network
-// exchange/packet. These should be used when there is no client/server
-// relationship between the two sides, or when that relationship is unknown.
-// This covers low-level network interactions (e.g. packet tracing) where you
-// don't know if there was a connection or which side initiated it. This also
-// covers unidirectional UDP flows and peer-to-peer communication where the
-// "user-facing" surface of the protocol / API does not expose a clear notion
-// of client and server.
-const (
-	// SourceDomainKey is the attribute Key conforming to the "source.domain"
-	// semantic conventions. It represents the domain name of the source
-	// system.
-	//
-	// Type: string
-	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: 'foo.example.com'
-	// Note: This value may be a host name, a fully qualified domain name, or
-	// another host naming format.
-	SourceDomainKey = attribute.Key("source.domain")
-
-	// SourceAddressKey is the attribute Key conforming to the "source.address"
-	// semantic conventions. It represents the source address, for example IP
-	// address or Unix socket name.
-	//
-	// Type: string
-	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: '10.5.3.2'
-	SourceAddressKey = attribute.Key("source.address")
-
-	// SourcePortKey is the attribute Key conforming to the "source.port"
-	// semantic conventions. It represents the source port number
-	//
-	// Type: int
-	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: 3389, 2888
-	SourcePortKey = attribute.Key("source.port")
-)
-
-// SourceDomain returns an attribute KeyValue conforming to the
-// "source.domain" semantic conventions. It represents the domain name of the
-// source system.
-func SourceDomain(val string) attribute.KeyValue {
-	return SourceDomainKey.String(val)
-}
-
-// SourceAddress returns an attribute KeyValue conforming to the
-// "source.address" semantic conventions. It represents the source address, for
-// example IP address or Unix socket name.
-func SourceAddress(val string) attribute.KeyValue {
-	return SourceAddressKey.String(val)
-}
-
-// SourcePort returns an attribute KeyValue conforming to the "source.port"
-// semantic conventions. It represents the source port number
-func SourcePort(val int) attribute.KeyValue {
-	return SourcePortKey.Int(val)
-}
-
-// These attributes may be used for any network related operation.
-const (
-	// NetworkTransportKey is the attribute Key conforming to the
-	// "network.transport" semantic conventions. It represents the [OSI
-	// Transport Layer](https://osi-model.com/transport-layer/) or
-	// [Inter-process Communication
-	// method](https://en.wikipedia.org/wiki/Inter-process_communication). The
-	// value SHOULD be normalized to lowercase.
-	//
-	// Type: Enum
-	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: 'tcp', 'udp'
-	NetworkTransportKey = attribute.Key("network.transport")
-
-	// NetworkTypeKey is the attribute Key conforming to the "network.type"
-	// semantic conventions. It represents the [OSI Network
-	// Layer](https://osi-model.com/network-layer/) or non-OSI equivalent. The
-	// value SHOULD be normalized to lowercase.
-	//
-	// Type: Enum
-	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: 'ipv4', 'ipv6'
-	NetworkTypeKey = attribute.Key("network.type")
-
-	// NetworkProtocolNameKey is the attribute Key conforming to the
-	// "network.protocol.name" semantic conventions. It represents the [OSI
-	// Application Layer](https://osi-model.com/application-layer/) or non-OSI
-	// equivalent. The value SHOULD be normalized to lowercase.
-	//
-	// Type: string
-	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: 'amqp', 'http', 'mqtt'
-	NetworkProtocolNameKey = attribute.Key("network.protocol.name")
-
-	// NetworkProtocolVersionKey is the attribute Key conforming to the
-	// "network.protocol.version" semantic conventions. It represents the
-	// version of the application layer protocol used. See note below.
-	//
-	// Type: string
-	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: '3.1.1'
-	// Note: `network.protocol.version` refers to the version of the protocol
-	// used and might be different from the protocol client's version. If the
-	// HTTP client used has a version of `0.27.2`, but sends HTTP version
-	// `1.1`, this attribute should be set to `1.1`.
-	NetworkProtocolVersionKey = attribute.Key("network.protocol.version")
-)
-
-var (
-	// TCP
-	NetworkTransportTCP = NetworkTransportKey.String("tcp")
-	// UDP
-	NetworkTransportUDP = NetworkTransportKey.String("udp")
-	// Named or anonymous pipe. See note below
-	NetworkTransportPipe = NetworkTransportKey.String("pipe")
-	// Unix domain socket
-	NetworkTransportUnix = NetworkTransportKey.String("unix")
-)
-
-var (
-	// IPv4
-	NetworkTypeIpv4 = NetworkTypeKey.String("ipv4")
-	// IPv6
-	NetworkTypeIpv6 = NetworkTypeKey.String("ipv6")
-)
-
-// NetworkProtocolName returns an attribute KeyValue conforming to the
-// "network.protocol.name" semantic conventions. It represents the [OSI
-// Application Layer](https://osi-model.com/application-layer/) or non-OSI
-// equivalent. The value SHOULD be normalized to lowercase.
-func NetworkProtocolName(val string) attribute.KeyValue {
-	return NetworkProtocolNameKey.String(val)
-}
-
-// NetworkProtocolVersion returns an attribute KeyValue conforming to the
-// "network.protocol.version" semantic conventions. It represents the version
-// of the application layer protocol used. See note below.
-func NetworkProtocolVersion(val string) attribute.KeyValue {
-	return NetworkProtocolVersionKey.String(val)
-}
-
-// These attributes may be used for any network related operation.
-const (
-	// NetworkConnectionTypeKey is the attribute Key conforming to the
-	// "network.connection.type" semantic conventions. It represents the
-	// internet connection type.
-	//
-	// Type: Enum
-	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: 'wifi'
-	NetworkConnectionTypeKey = attribute.Key("network.connection.type")
-
-	// NetworkConnectionSubtypeKey is the attribute Key conforming to the
-	// "network.connection.subtype" semantic conventions. It represents the
-	// this describes more details regarding the connection.type. It may be the
-	// type of cell technology connection, but it could be used for describing
-	// details about a wifi connection.
-	//
-	// Type: Enum
-	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: 'LTE'
-	NetworkConnectionSubtypeKey = attribute.Key("network.connection.subtype")
-
-	// NetworkCarrierNameKey is the attribute Key conforming to the
-	// "network.carrier.name" semantic conventions. It represents the name of
-	// the mobile carrier.
-	//
-	// Type: string
-	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: 'sprint'
-	NetworkCarrierNameKey = attribute.Key("network.carrier.name")
-
-	// NetworkCarrierMccKey is the attribute Key conforming to the
-	// "network.carrier.mcc" semantic conventions. It represents the mobile
-	// carrier country code.
-	//
-	// Type: string
-	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: '310'
-	NetworkCarrierMccKey = attribute.Key("network.carrier.mcc")
-
-	// NetworkCarrierMncKey is the attribute Key conforming to the
-	// "network.carrier.mnc" semantic conventions. It represents the mobile
-	// carrier network code.
-	//
-	// Type: string
-	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: '001'
-	NetworkCarrierMncKey = attribute.Key("network.carrier.mnc")
-
-	// NetworkCarrierIccKey is the attribute Key conforming to the
-	// "network.carrier.icc" semantic conventions. It represents the ISO 3166-1
-	// alpha-2 2-character country code associated with the mobile carrier
-	// network.
-	//
-	// Type: string
-	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: 'DE'
-	NetworkCarrierIccKey = attribute.Key("network.carrier.icc")
-)
-
-var (
-	// wifi
-	NetworkConnectionTypeWifi = NetworkConnectionTypeKey.String("wifi")
-	// wired
-	NetworkConnectionTypeWired = NetworkConnectionTypeKey.String("wired")
-	// cell
-	NetworkConnectionTypeCell = NetworkConnectionTypeKey.String("cell")
-	// unavailable
-	NetworkConnectionTypeUnavailable = NetworkConnectionTypeKey.String("unavailable")
-	// unknown
-	NetworkConnectionTypeUnknown = NetworkConnectionTypeKey.String("unknown")
-)
-
-var (
-	// GPRS
-	NetworkConnectionSubtypeGprs = NetworkConnectionSubtypeKey.String("gprs")
-	// EDGE
-	NetworkConnectionSubtypeEdge = NetworkConnectionSubtypeKey.String("edge")
-	// UMTS
-	NetworkConnectionSubtypeUmts = NetworkConnectionSubtypeKey.String("umts")
-	// CDMA
-	NetworkConnectionSubtypeCdma = NetworkConnectionSubtypeKey.String("cdma")
-	// EVDO Rel. 0
-	NetworkConnectionSubtypeEvdo0 = NetworkConnectionSubtypeKey.String("evdo_0")
-	// EVDO Rev. A
-	NetworkConnectionSubtypeEvdoA = NetworkConnectionSubtypeKey.String("evdo_a")
-	// CDMA2000 1XRTT
-	NetworkConnectionSubtypeCdma20001xrtt = NetworkConnectionSubtypeKey.String("cdma2000_1xrtt")
-	// HSDPA
-	NetworkConnectionSubtypeHsdpa = NetworkConnectionSubtypeKey.String("hsdpa")
-	// HSUPA
-	NetworkConnectionSubtypeHsupa = NetworkConnectionSubtypeKey.String("hsupa")
-	// HSPA
-	NetworkConnectionSubtypeHspa = NetworkConnectionSubtypeKey.String("hspa")
-	// IDEN
-	NetworkConnectionSubtypeIden = NetworkConnectionSubtypeKey.String("iden")
-	// EVDO Rev. B
-	NetworkConnectionSubtypeEvdoB = NetworkConnectionSubtypeKey.String("evdo_b")
-	// LTE
-	NetworkConnectionSubtypeLte = NetworkConnectionSubtypeKey.String("lte")
-	// EHRPD
-	NetworkConnectionSubtypeEhrpd = NetworkConnectionSubtypeKey.String("ehrpd")
-	// HSPAP
-	NetworkConnectionSubtypeHspap = NetworkConnectionSubtypeKey.String("hspap")
-	// GSM
-	NetworkConnectionSubtypeGsm = NetworkConnectionSubtypeKey.String("gsm")
-	// TD-SCDMA
-	NetworkConnectionSubtypeTdScdma = NetworkConnectionSubtypeKey.String("td_scdma")
-	// IWLAN
-	NetworkConnectionSubtypeIwlan = NetworkConnectionSubtypeKey.String("iwlan")
-	// 5G NR (New Radio)
-	NetworkConnectionSubtypeNr = NetworkConnectionSubtypeKey.String("nr")
-	// 5G NRNSA (New Radio Non-Standalone)
-	NetworkConnectionSubtypeNrnsa = NetworkConnectionSubtypeKey.String("nrnsa")
-	// LTE CA
-	NetworkConnectionSubtypeLteCa = NetworkConnectionSubtypeKey.String("lte_ca")
-)
-
-// NetworkCarrierName returns an attribute KeyValue conforming to the
-// "network.carrier.name" semantic conventions. It represents the name of the
-// mobile carrier.
-func NetworkCarrierName(val string) attribute.KeyValue {
-	return NetworkCarrierNameKey.String(val)
-}
-
-// NetworkCarrierMcc returns an attribute KeyValue conforming to the
-// "network.carrier.mcc" semantic conventions. It represents the mobile carrier
-// country code.
-func NetworkCarrierMcc(val string) attribute.KeyValue {
-	return NetworkCarrierMccKey.String(val)
-}
-
-// NetworkCarrierMnc returns an attribute KeyValue conforming to the
-// "network.carrier.mnc" semantic conventions. It represents the mobile carrier
-// network code.
-func NetworkCarrierMnc(val string) attribute.KeyValue {
-	return NetworkCarrierMncKey.String(val)
-}
-
-// NetworkCarrierIcc returns an attribute KeyValue conforming to the
-// "network.carrier.icc" semantic conventions. It represents the ISO 3166-1
-// alpha-2 2-character country code associated with the mobile carrier network.
-func NetworkCarrierIcc(val string) attribute.KeyValue {
-	return NetworkCarrierIccKey.String(val)
-}
-
-// Semantic conventions for HTTP client and server Spans.
-const (
-	// HTTPRequestMethodOriginalKey is the attribute Key conforming to the
-	// "http.request.method_original" semantic conventions. It represents the
-	// original HTTP method sent by the client in the request line.
-	//
-	// Type: string
-	// RequirementLevel: ConditionallyRequired (If and only if it's different
-	// than `http.request.method`.)
-	// Stability: stable
-	// Examples: 'GeT', 'ACL', 'foo'
-	HTTPRequestMethodOriginalKey = attribute.Key("http.request.method_original")
-
-	// HTTPRequestBodySizeKey is the attribute Key conforming to the
-	// "http.request.body.size" semantic conventions. It represents the size of
-	// the request payload body in bytes. This is the number of bytes
-	// transferred excluding headers and is often, but not always, present as
-	// the
-	// [Content-Length](https://www.rfc-editor.org/rfc/rfc9110.html#field.content-length)
-	// header. For requests using transport encoding, this should be the
-	// compressed size.
-	//
-	// Type: int
-	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: 3495
-	HTTPRequestBodySizeKey = attribute.Key("http.request.body.size")
-
-	// HTTPResponseBodySizeKey is the attribute Key conforming to the
-	// "http.response.body.size" semantic conventions. It represents the size
-	// of the response payload body in bytes. This is the number of bytes
-	// transferred excluding headers and is often, but not always, present as
-	// the
-	// [Content-Length](https://www.rfc-editor.org/rfc/rfc9110.html#field.content-length)
-	// header. For requests using transport encoding, this should be the
-	// compressed size.
-	//
-	// Type: int
-	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: 3495
-	HTTPResponseBodySizeKey = attribute.Key("http.response.body.size")
-)
-
-// HTTPRequestMethodOriginal returns an attribute KeyValue conforming to the
-// "http.request.method_original" semantic conventions. It represents the
-// original HTTP method sent by the client in the request line.
-func HTTPRequestMethodOriginal(val string) attribute.KeyValue {
-	return HTTPRequestMethodOriginalKey.String(val)
-}
-
-// HTTPRequestBodySize returns an attribute KeyValue conforming to the
-// "http.request.body.size" semantic conventions. It represents the size of the
-// request payload body in bytes. This is the number of bytes transferred
-// excluding headers and is often, but not always, present as the
-// [Content-Length](https://www.rfc-editor.org/rfc/rfc9110.html#field.content-length)
-// header. For requests using transport encoding, this should be the compressed
-// size.
-func HTTPRequestBodySize(val int) attribute.KeyValue {
-	return HTTPRequestBodySizeKey.Int(val)
-}
-
-// HTTPResponseBodySize returns an attribute KeyValue conforming to the
-// "http.response.body.size" semantic conventions. It represents the size of
-// the response payload body in bytes. This is the number of bytes transferred
-// excluding headers and is often, but not always, present as the
-// [Content-Length](https://www.rfc-editor.org/rfc/rfc9110.html#field.content-length)
-// header. For requests using transport encoding, this should be the compressed
-// size.
-func HTTPResponseBodySize(val int) attribute.KeyValue {
-	return HTTPResponseBodySizeKey.Int(val)
-}
-
-// Semantic convention describing per-message attributes populated on messaging
-// spans or links.
-const (
-	// MessagingMessageIDKey is the attribute Key conforming to the
-	// "messaging.message.id" semantic conventions. It represents a value used
-	// by the messaging system as an identifier for the message, represented as
-	// a string.
-	//
-	// Type: string
-	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: '452a7c7c7c7048c2f887f61572b18fc2'
-	MessagingMessageIDKey = attribute.Key("messaging.message.id")
-
-	// MessagingMessageConversationIDKey is the attribute Key conforming to the
-	// "messaging.message.conversation_id" semantic conventions. It represents
-	// the [conversation ID](#conversations) identifying the conversation to
-	// which the message belongs, represented as a string. Sometimes called
-	// "Correlation ID".
-	//
-	// Type: string
-	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: 'MyConversationID'
-	MessagingMessageConversationIDKey = attribute.Key("messaging.message.conversation_id")
-
-	// MessagingMessagePayloadSizeBytesKey is the attribute Key conforming to
-	// the "messaging.message.payload_size_bytes" semantic conventions. It
-	// represents the (uncompressed) size of the message payload in bytes. Also
-	// use this attribute if it is unknown whether the compressed or
-	// uncompressed payload size is reported.
-	//
-	// Type: int
-	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: 2738
-	MessagingMessagePayloadSizeBytesKey = attribute.Key("messaging.message.payload_size_bytes")
-
-	// MessagingMessagePayloadCompressedSizeBytesKey is the attribute Key
-	// conforming to the "messaging.message.payload_compressed_size_bytes"
-	// semantic conventions. It represents the compressed size of the message
-	// payload in bytes.
-	//
-	// Type: int
-	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: 2048
-	MessagingMessagePayloadCompressedSizeBytesKey = attribute.Key("messaging.message.payload_compressed_size_bytes")
-)
-
-// MessagingMessageID returns an attribute KeyValue conforming to the
-// "messaging.message.id" semantic conventions. It represents a value used by
-// the messaging system as an identifier for the message, represented as a
-// string.
-func MessagingMessageID(val string) attribute.KeyValue {
-	return MessagingMessageIDKey.String(val)
-}
-
-// MessagingMessageConversationID returns an attribute KeyValue conforming
-// to the "messaging.message.conversation_id" semantic conventions. It
-// represents the [conversation ID](#conversations) identifying the
-// conversation to which the message belongs, represented as a string.
-// Sometimes called "Correlation ID".
-func MessagingMessageConversationID(val string) attribute.KeyValue {
-	return MessagingMessageConversationIDKey.String(val)
-}
-
-// MessagingMessagePayloadSizeBytes returns an attribute KeyValue conforming
-// to the "messaging.message.payload_size_bytes" semantic conventions. It
-// represents the (uncompressed) size of the message payload in bytes. Also use
-// this attribute if it is unknown whether the compressed or uncompressed
-// payload size is reported.
-func MessagingMessagePayloadSizeBytes(val int) attribute.KeyValue {
-	return MessagingMessagePayloadSizeBytesKey.Int(val)
-}
-
-// MessagingMessagePayloadCompressedSizeBytes returns an attribute KeyValue
-// conforming to the "messaging.message.payload_compressed_size_bytes" semantic
-// conventions. It represents the compressed size of the message payload in
-// bytes.
-func MessagingMessagePayloadCompressedSizeBytes(val int) attribute.KeyValue {
-	return MessagingMessagePayloadCompressedSizeBytesKey.Int(val)
-}
-
-// Semantic convention for attributes that describe messaging destination on
-// broker
-const (
-	// MessagingDestinationNameKey is the attribute Key conforming to the
-	// "messaging.destination.name" semantic conventions. It represents the
-	// message destination name
-	//
-	// Type: string
-	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: 'MyQueue', 'MyTopic'
-	// Note: Destination name SHOULD uniquely identify a specific queue, topic
-	// or other entity within the broker. If
-	// the broker does not have such notion, the destination name SHOULD
-	// uniquely identify the broker.
-	MessagingDestinationNameKey = attribute.Key("messaging.destination.name")
-
-	// MessagingDestinationTemplateKey is the attribute Key conforming to the
-	// "messaging.destination.template" semantic conventions. It represents the
-	// low cardinality representation of the messaging destination name
-	//
-	// Type: string
-	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: '/customers/{customerID}'
-	// Note: Destination names could be constructed from templates. An example
-	// would be a destination name involving a user name or product id.
-	// Although the destination name in this case is of high cardinality, the
-	// underlying template is of low cardinality and can be effectively used
-	// for grouping and aggregation.
-	MessagingDestinationTemplateKey = attribute.Key("messaging.destination.template")
-
-	// MessagingDestinationTemporaryKey is the attribute Key conforming to the
-	// "messaging.destination.temporary" semantic conventions. It represents a
-	// boolean that is true if the message destination is temporary and might
-	// not exist anymore after messages are processed.
-	//
-	// Type: boolean
-	// RequirementLevel: Optional
-	// Stability: stable
-	MessagingDestinationTemporaryKey = attribute.Key("messaging.destination.temporary")
-
-	// MessagingDestinationAnonymousKey is the attribute Key conforming to the
-	// "messaging.destination.anonymous" semantic conventions. It represents a
-	// boolean that is true if the message destination is anonymous (could be
-	// unnamed or have auto-generated name).
-	//
-	// Type: boolean
-	// RequirementLevel: Optional
-	// Stability: stable
-	MessagingDestinationAnonymousKey = attribute.Key("messaging.destination.anonymous")
-)
-
-// MessagingDestinationName returns an attribute KeyValue conforming to the
-// "messaging.destination.name" semantic conventions. It represents the message
-// destination name
-func MessagingDestinationName(val string) attribute.KeyValue {
-	return MessagingDestinationNameKey.String(val)
-}
-
-// MessagingDestinationTemplate returns an attribute KeyValue conforming to
-// the "messaging.destination.template" semantic conventions. It represents the
-// low cardinality representation of the messaging destination name
-func MessagingDestinationTemplate(val string) attribute.KeyValue {
-	return MessagingDestinationTemplateKey.String(val)
-}
-
-// MessagingDestinationTemporary returns an attribute KeyValue conforming to
-// the "messaging.destination.temporary" semantic conventions. It represents a
-// boolean that is true if the message destination is temporary and might not
-// exist anymore after messages are processed.
-func MessagingDestinationTemporary(val bool) attribute.KeyValue {
-	return MessagingDestinationTemporaryKey.Bool(val)
-}
-
-// MessagingDestinationAnonymous returns an attribute KeyValue conforming to
-// the "messaging.destination.anonymous" semantic conventions. It represents a
-// boolean that is true if the message destination is anonymous (could be
-// unnamed or have auto-generated name).
-func MessagingDestinationAnonymous(val bool) attribute.KeyValue {
-	return MessagingDestinationAnonymousKey.Bool(val)
-}
-
-// Attributes for RabbitMQ
-const (
-	// MessagingRabbitmqDestinationRoutingKeyKey is the attribute Key
-	// conforming to the "messaging.rabbitmq.destination.routing_key" semantic
-	// conventions. It represents the rabbitMQ message routing key.
-	//
-	// Type: string
-	// RequirementLevel: ConditionallyRequired (If not empty.)
-	// Stability: stable
-	// Examples: 'myKey'
-	MessagingRabbitmqDestinationRoutingKeyKey = attribute.Key("messaging.rabbitmq.destination.routing_key")
-)
-
-// MessagingRabbitmqDestinationRoutingKey returns an attribute KeyValue
-// conforming to the "messaging.rabbitmq.destination.routing_key" semantic
-// conventions. It represents the rabbitMQ message routing key.
-func MessagingRabbitmqDestinationRoutingKey(val string) attribute.KeyValue {
-	return MessagingRabbitmqDestinationRoutingKeyKey.String(val)
-}
-
-// Attributes for Apache Kafka
-const (
-	// MessagingKafkaMessageKeyKey is the attribute Key conforming to the
-	// "messaging.kafka.message.key" semantic conventions. It represents the
-	// message keys in Kafka are used for grouping alike messages to ensure
-	// they're processed on the same partition. They differ from
-	// `messaging.message.id` in that they're not unique. If the key is `null`,
-	// the attribute MUST NOT be set.
-	//
-	// Type: string
-	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: 'myKey'
-	// Note: If the key type is not string, it's string representation has to
-	// be supplied for the attribute. If the key has no unambiguous, canonical
-	// string form, don't include its value.
-	MessagingKafkaMessageKeyKey = attribute.Key("messaging.kafka.message.key")
-
-	// MessagingKafkaConsumerGroupKey is the attribute Key conforming to the
-	// "messaging.kafka.consumer.group" semantic conventions. It represents the
-	// name of the Kafka Consumer Group that is handling the message. Only
-	// applies to consumers, not producers.
-	//
-	// Type: string
-	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: 'my-group'
-	MessagingKafkaConsumerGroupKey = attribute.Key("messaging.kafka.consumer.group")
-
-	// MessagingKafkaDestinationPartitionKey is the attribute Key conforming to
-	// the "messaging.kafka.destination.partition" semantic conventions. It
-	// represents the partition the message is sent to.
-	//
-	// Type: int
-	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: 2
-	MessagingKafkaDestinationPartitionKey = attribute.Key("messaging.kafka.destination.partition")
-
-	// MessagingKafkaMessageOffsetKey is the attribute Key conforming to the
-	// "messaging.kafka.message.offset" semantic conventions. It represents the
-	// offset of a record in the corresponding Kafka partition.
-	//
-	// Type: int
-	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: 42
-	MessagingKafkaMessageOffsetKey = attribute.Key("messaging.kafka.message.offset")
-
-	// MessagingKafkaMessageTombstoneKey is the attribute Key conforming to the
-	// "messaging.kafka.message.tombstone" semantic conventions. It represents
-	// a boolean that is true if the message is a tombstone.
-	//
-	// Type: boolean
-	// RequirementLevel: ConditionallyRequired (If value is `true`. When
-	// missing, the value is assumed to be `false`.)
-	// Stability: stable
-	MessagingKafkaMessageTombstoneKey = attribute.Key("messaging.kafka.message.tombstone")
-)
-
-// MessagingKafkaMessageKey returns an attribute KeyValue conforming to the
-// "messaging.kafka.message.key" semantic conventions. It represents the
-// message keys in Kafka are used for grouping alike messages to ensure they're
-// processed on the same partition. They differ from `messaging.message.id` in
-// that they're not unique. If the key is `null`, the attribute MUST NOT be
-// set.
-func MessagingKafkaMessageKey(val string) attribute.KeyValue {
-	return MessagingKafkaMessageKeyKey.String(val)
-}
-
-// MessagingKafkaConsumerGroup returns an attribute KeyValue conforming to
-// the "messaging.kafka.consumer.group" semantic conventions. It represents the
-// name of the Kafka Consumer Group that is handling the message. Only applies
-// to consumers, not producers.
-func MessagingKafkaConsumerGroup(val string) attribute.KeyValue {
-	return MessagingKafkaConsumerGroupKey.String(val)
-}
-
-// MessagingKafkaDestinationPartition returns an attribute KeyValue
-// conforming to the "messaging.kafka.destination.partition" semantic
-// conventions. It represents the partition the message is sent to.
-func MessagingKafkaDestinationPartition(val int) attribute.KeyValue {
-	return MessagingKafkaDestinationPartitionKey.Int(val)
-}
-
-// MessagingKafkaMessageOffset returns an attribute KeyValue conforming to
-// the "messaging.kafka.message.offset" semantic conventions. It represents the
-// offset of a record in the corresponding Kafka partition.
-func MessagingKafkaMessageOffset(val int) attribute.KeyValue {
-	return MessagingKafkaMessageOffsetKey.Int(val)
-}
-
-// MessagingKafkaMessageTombstone returns an attribute KeyValue conforming
-// to the "messaging.kafka.message.tombstone" semantic conventions. It
-// represents a boolean that is true if the message is a tombstone.
-func MessagingKafkaMessageTombstone(val bool) attribute.KeyValue {
-	return MessagingKafkaMessageTombstoneKey.Bool(val)
-}
-
-// Attributes for Apache RocketMQ
-const (
-	// MessagingRocketmqNamespaceKey is the attribute Key conforming to the
-	// "messaging.rocketmq.namespace" semantic conventions. It represents the
-	// namespace of RocketMQ resources, resources in different namespaces are
-	// individual.
-	//
-	// Type: string
-	// RequirementLevel: Required
-	// Stability: stable
-	// Examples: 'myNamespace'
-	MessagingRocketmqNamespaceKey = attribute.Key("messaging.rocketmq.namespace")
-
-	// MessagingRocketmqClientGroupKey is the attribute Key conforming to the
-	// "messaging.rocketmq.client_group" semantic conventions. It represents
-	// the name of the RocketMQ producer/consumer group that is handling the
-	// message. The client type is identified by the SpanKind.
-	//
-	// Type: string
-	// RequirementLevel: Required
-	// Stability: stable
-	// Examples: 'myConsumerGroup'
-	MessagingRocketmqClientGroupKey = attribute.Key("messaging.rocketmq.client_group")
-
-	// MessagingRocketmqMessageDeliveryTimestampKey is the attribute Key
-	// conforming to the "messaging.rocketmq.message.delivery_timestamp"
-	// semantic conventions. It represents the timestamp in milliseconds that
-	// the delay message is expected to be delivered to consumer.
-	//
-	// Type: int
-	// RequirementLevel: ConditionallyRequired (If the message type is delay
-	// and delay time level is not specified.)
-	// Stability: stable
-	// Examples: 1665987217045
-	MessagingRocketmqMessageDeliveryTimestampKey = attribute.Key("messaging.rocketmq.message.delivery_timestamp")
-
-	// MessagingRocketmqMessageDelayTimeLevelKey is the attribute Key
-	// conforming to the "messaging.rocketmq.message.delay_time_level" semantic
-	// conventions. It represents the delay time level for delay message, which
-	// determines the message delay time.
-	//
-	// Type: int
-	// RequirementLevel: ConditionallyRequired (If the message type is delay
-	// and delivery timestamp is not specified.)
-	// Stability: stable
-	// Examples: 3
-	MessagingRocketmqMessageDelayTimeLevelKey = attribute.Key("messaging.rocketmq.message.delay_time_level")
-
-	// MessagingRocketmqMessageGroupKey is the attribute Key conforming to the
-	// "messaging.rocketmq.message.group" semantic conventions. It represents
-	// the it is essential for FIFO message. Messages that belong to the same
-	// message group are always processed one by one within the same consumer
-	// group.
-	//
-	// Type: string
-	// RequirementLevel: ConditionallyRequired (If the message type is FIFO.)
-	// Stability: stable
-	// Examples: 'myMessageGroup'
-	MessagingRocketmqMessageGroupKey = attribute.Key("messaging.rocketmq.message.group")
-
-	// MessagingRocketmqMessageTypeKey is the attribute Key conforming to the
-	// "messaging.rocketmq.message.type" semantic conventions. It represents
-	// the type of message.
-	//
-	// Type: Enum
-	// RequirementLevel: Optional
-	// Stability: stable
-	MessagingRocketmqMessageTypeKey = attribute.Key("messaging.rocketmq.message.type")
-
-	// MessagingRocketmqMessageTagKey is the attribute Key conforming to the
-	// "messaging.rocketmq.message.tag" semantic conventions. It represents the
-	// secondary classifier of message besides topic.
-	//
-	// Type: string
-	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: 'tagA'
-	MessagingRocketmqMessageTagKey = attribute.Key("messaging.rocketmq.message.tag")
-
-	// MessagingRocketmqMessageKeysKey is the attribute Key conforming to the
-	// "messaging.rocketmq.message.keys" semantic conventions. It represents
-	// the key(s) of message, another way to mark message besides message id.
-	//
-	// Type: string[]
-	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: 'keyA', 'keyB'
-	MessagingRocketmqMessageKeysKey = attribute.Key("messaging.rocketmq.message.keys")
-
-	// MessagingRocketmqConsumptionModelKey is the attribute Key conforming to
-	// the "messaging.rocketmq.consumption_model" semantic conventions. It
-	// represents the model of message consumption. This only applies to
-	// consumer spans.
-	//
-	// Type: Enum
-	// RequirementLevel: Optional
-	// Stability: stable
-	MessagingRocketmqConsumptionModelKey = attribute.Key("messaging.rocketmq.consumption_model")
-)
-
-var (
-	// Normal message
-	MessagingRocketmqMessageTypeNormal = MessagingRocketmqMessageTypeKey.String("normal")
-	// FIFO message
-	MessagingRocketmqMessageTypeFifo = MessagingRocketmqMessageTypeKey.String("fifo")
-	// Delay message
-	MessagingRocketmqMessageTypeDelay = MessagingRocketmqMessageTypeKey.String("delay")
-	// Transaction message
-	MessagingRocketmqMessageTypeTransaction = MessagingRocketmqMessageTypeKey.String("transaction")
-)
-
-var (
-	// Clustering consumption model
-	MessagingRocketmqConsumptionModelClustering = MessagingRocketmqConsumptionModelKey.String("clustering")
-	// Broadcasting consumption model
-	MessagingRocketmqConsumptionModelBroadcasting = MessagingRocketmqConsumptionModelKey.String("broadcasting")
-)
-
-// MessagingRocketmqNamespace returns an attribute KeyValue conforming to
-// the "messaging.rocketmq.namespace" semantic conventions. It represents the
-// namespace of RocketMQ resources, resources in different namespaces are
-// individual.
-func MessagingRocketmqNamespace(val string) attribute.KeyValue {
-	return MessagingRocketmqNamespaceKey.String(val)
-}
-
-// MessagingRocketmqClientGroup returns an attribute KeyValue conforming to
-// the "messaging.rocketmq.client_group" semantic conventions. It represents
-// the name of the RocketMQ producer/consumer group that is handling the
-// message. The client type is identified by the SpanKind.
-func MessagingRocketmqClientGroup(val string) attribute.KeyValue {
-	return MessagingRocketmqClientGroupKey.String(val)
-}
-
-// MessagingRocketmqMessageDeliveryTimestamp returns an attribute KeyValue
-// conforming to the "messaging.rocketmq.message.delivery_timestamp" semantic
-// conventions. It represents the timestamp in milliseconds that the delay
-// message is expected to be delivered to consumer.
-func MessagingRocketmqMessageDeliveryTimestamp(val int) attribute.KeyValue {
-	return MessagingRocketmqMessageDeliveryTimestampKey.Int(val)
-}
-
-// MessagingRocketmqMessageDelayTimeLevel returns an attribute KeyValue
-// conforming to the "messaging.rocketmq.message.delay_time_level" semantic
-// conventions. It represents the delay time level for delay message, which
-// determines the message delay time.
-func MessagingRocketmqMessageDelayTimeLevel(val int) attribute.KeyValue {
-	return MessagingRocketmqMessageDelayTimeLevelKey.Int(val)
-}
-
-// MessagingRocketmqMessageGroup returns an attribute KeyValue conforming to
-// the "messaging.rocketmq.message.group" semantic conventions. It represents
-// the it is essential for FIFO message. Messages that belong to the same
-// message group are always processed one by one within the same consumer
-// group.
-func MessagingRocketmqMessageGroup(val string) attribute.KeyValue {
-	return MessagingRocketmqMessageGroupKey.String(val)
-}
-
-// MessagingRocketmqMessageTag returns an attribute KeyValue conforming to
-// the "messaging.rocketmq.message.tag" semantic conventions. It represents the
-// secondary classifier of message besides topic.
-func MessagingRocketmqMessageTag(val string) attribute.KeyValue {
-	return MessagingRocketmqMessageTagKey.String(val)
-}
-
-// MessagingRocketmqMessageKeys returns an attribute KeyValue conforming to
-// the "messaging.rocketmq.message.keys" semantic conventions. It represents
-// the key(s) of message, another way to mark message besides message id.
-func MessagingRocketmqMessageKeys(val ...string) attribute.KeyValue {
-	return MessagingRocketmqMessageKeysKey.StringSlice(val)
-}
-
-// Attributes describing URL.
-const (
-	// URLSchemeKey is the attribute Key conforming to the "url.scheme"
-	// semantic conventions. It represents the [URI
-	// scheme](https://www.rfc-editor.org/rfc/rfc3986#section-3.1) component
-	// identifying the used protocol.
-	//
-	// Type: string
-	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: 'https', 'ftp', 'telnet'
-	URLSchemeKey = attribute.Key("url.scheme")
-
-	// URLFullKey is the attribute Key conforming to the "url.full" semantic
-	// conventions. It represents the absolute URL describing a network
-	// resource according to [RFC3986](https://www.rfc-editor.org/rfc/rfc3986)
-	//
-	// Type: string
-	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: 'https://www.foo.bar/search?q=OpenTelemetry#SemConv',
-	// '//localhost'
-	// Note: For network calls, URL usually has
-	// `scheme://host[:port][path][?query][#fragment]` format, where the
-	// fragment is not transmitted over HTTP, but if it is known, it should be
-	// included nevertheless.
-	// `url.full` MUST NOT contain credentials passed via URL in form of
-	// `https://username:password@www.example.com/`. In such case username and
-	// password should be redacted and attribute's value should be
-	// `https://REDACTED:REDACTED@www.example.com/`.
-	// `url.full` SHOULD capture the absolute URL when it is available (or can
-	// be reconstructed) and SHOULD NOT be validated or modified except for
-	// sanitizing purposes.
-	URLFullKey = attribute.Key("url.full")
-
-	// URLPathKey is the attribute Key conforming to the "url.path" semantic
-	// conventions. It represents the [URI
-	// path](https://www.rfc-editor.org/rfc/rfc3986#section-3.3) component
-	//
-	// Type: string
-	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: '/search'
-	// Note: When missing, the value is assumed to be `/`
-	URLPathKey = attribute.Key("url.path")
-
-	// URLQueryKey is the attribute Key conforming to the "url.query" semantic
-	// conventions. It represents the [URI
-	// query](https://www.rfc-editor.org/rfc/rfc3986#section-3.4) component
-	//
-	// Type: string
-	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: 'q=OpenTelemetry'
-	// Note: Sensitive content provided in query string SHOULD be scrubbed when
-	// instrumentations can identify it.
-	URLQueryKey = attribute.Key("url.query")
-
-	// URLFragmentKey is the attribute Key conforming to the "url.fragment"
-	// semantic conventions. It represents the [URI
-	// fragment](https://www.rfc-editor.org/rfc/rfc3986#section-3.5) component
-	//
-	// Type: string
-	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: 'SemConv'
-	URLFragmentKey = attribute.Key("url.fragment")
-)
-
-// URLScheme returns an attribute KeyValue conforming to the "url.scheme"
-// semantic conventions. It represents the [URI
-// scheme](https://www.rfc-editor.org/rfc/rfc3986#section-3.1) component
-// identifying the used protocol.
-func URLScheme(val string) attribute.KeyValue {
-	return URLSchemeKey.String(val)
-}
-
-// URLFull returns an attribute KeyValue conforming to the "url.full"
-// semantic conventions. It represents the absolute URL describing a network
-// resource according to [RFC3986](https://www.rfc-editor.org/rfc/rfc3986)
-func URLFull(val string) attribute.KeyValue {
-	return URLFullKey.String(val)
-}
-
-// URLPath returns an attribute KeyValue conforming to the "url.path"
-// semantic conventions. It represents the [URI
-// path](https://www.rfc-editor.org/rfc/rfc3986#section-3.3) component
-func URLPath(val string) attribute.KeyValue {
-	return URLPathKey.String(val)
-}
-
-// URLQuery returns an attribute KeyValue conforming to the "url.query"
-// semantic conventions. It represents the [URI
-// query](https://www.rfc-editor.org/rfc/rfc3986#section-3.4) component
-func URLQuery(val string) attribute.KeyValue {
-	return URLQueryKey.String(val)
-}
-
-// URLFragment returns an attribute KeyValue conforming to the
-// "url.fragment" semantic conventions. It represents the [URI
-// fragment](https://www.rfc-editor.org/rfc/rfc3986#section-3.5) component
-func URLFragment(val string) attribute.KeyValue {
-	return URLFragmentKey.String(val)
-}
-
-// Describes user-agent attributes.
-const (
-	// UserAgentOriginalKey is the attribute Key conforming to the
-	// "user_agent.original" semantic conventions. It represents the value of
-	// the [HTTP
-	// User-Agent](https://www.rfc-editor.org/rfc/rfc9110.html#field.user-agent)
-	// header sent by the client.
-	//
-	// Type: string
-	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: 'CERN-LineMode/2.15 libwww/2.17b3'
-	UserAgentOriginalKey = attribute.Key("user_agent.original")
-)
-
-// UserAgentOriginal returns an attribute KeyValue conforming to the
-// "user_agent.original" semantic conventions. It represents the value of the
-// [HTTP
-// User-Agent](https://www.rfc-editor.org/rfc/rfc9110.html#field.user-agent)
-// header sent by the client.
-func UserAgentOriginal(val string) attribute.KeyValue {
-	return UserAgentOriginalKey.String(val)
-}
diff --git a/vendor/go.opentelemetry.io/otel/semconv/v1.24.0/attribute_group.go b/vendor/go.opentelemetry.io/otel/semconv/v1.24.0/attribute_group.go
new file mode 100644
index 00000000000..31726598d61
--- /dev/null
+++ b/vendor/go.opentelemetry.io/otel/semconv/v1.24.0/attribute_group.go
@@ -0,0 +1,4398 @@
+// Copyright The OpenTelemetry Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Code generated from semantic convention specification. DO NOT EDIT.
+
+package semconv // import "go.opentelemetry.io/otel/semconv/v1.24.0"
+
+import "go.opentelemetry.io/otel/attribute"
+
+// Describes FaaS attributes.
+const (
+	// FaaSInvokedNameKey is the attribute Key conforming to the
+	// "faas.invoked_name" semantic conventions. It represents the name of the
+	// invoked function.
+	//
+	// Type: string
+	// RequirementLevel: Required
+	// Stability: experimental
+	// Examples: 'my-function'
+	// Note: SHOULD be equal to the `faas.name` resource attribute of the
+	// invoked function.
+	FaaSInvokedNameKey = attribute.Key("faas.invoked_name")
+
+	// FaaSInvokedProviderKey is the attribute Key conforming to the
+	// "faas.invoked_provider" semantic conventions. It represents the cloud
+	// provider of the invoked function.
+	//
+	// Type: Enum
+	// RequirementLevel: Required
+	// Stability: experimental
+	// Note: SHOULD be equal to the `cloud.provider` resource attribute of the
+	// invoked function.
+	FaaSInvokedProviderKey = attribute.Key("faas.invoked_provider")
+
+	// FaaSInvokedRegionKey is the attribute Key conforming to the
+	// "faas.invoked_region" semantic conventions. It represents the cloud
+	// region of the invoked function.
+	//
+	// Type: string
+	// RequirementLevel: ConditionallyRequired (For some cloud providers, like
+	// AWS or GCP, the region in which a function is hosted is essential to
+	// uniquely identify the function and also part of its endpoint. Since it's
+	// part of the endpoint being called, the region is always known to
+	// clients. In these cases, `faas.invoked_region` MUST be set accordingly.
+	// If the region is unknown to the client or not required for identifying
+	// the invoked function, setting `faas.invoked_region` is optional.)
+	// Stability: experimental
+	// Examples: 'eu-central-1'
+	// Note: SHOULD be equal to the `cloud.region` resource attribute of the
+	// invoked function.
+	FaaSInvokedRegionKey = attribute.Key("faas.invoked_region")
+
+	// FaaSTriggerKey is the attribute Key conforming to the "faas.trigger"
+	// semantic conventions. It represents the type of the trigger which caused
+	// this function invocation.
+	//
+	// Type: Enum
+	// RequirementLevel: Optional
+	// Stability: experimental
+	FaaSTriggerKey = attribute.Key("faas.trigger")
+)
+
+var (
+	// Alibaba Cloud
+	FaaSInvokedProviderAlibabaCloud = FaaSInvokedProviderKey.String("alibaba_cloud")
+	// Amazon Web Services
+	FaaSInvokedProviderAWS = FaaSInvokedProviderKey.String("aws")
+	// Microsoft Azure
+	FaaSInvokedProviderAzure = FaaSInvokedProviderKey.String("azure")
+	// Google Cloud Platform
+	FaaSInvokedProviderGCP = FaaSInvokedProviderKey.String("gcp")
+	// Tencent Cloud
+	FaaSInvokedProviderTencentCloud = FaaSInvokedProviderKey.String("tencent_cloud")
+)
+
+var (
+	// A response to some data source operation such as a database or filesystem read/write
+	FaaSTriggerDatasource = FaaSTriggerKey.String("datasource")
+	// To provide an answer to an inbound HTTP request
+	FaaSTriggerHTTP = FaaSTriggerKey.String("http")
+	// A function is set to be executed when messages are sent to a messaging system
+	FaaSTriggerPubsub = FaaSTriggerKey.String("pubsub")
+	// A function is scheduled to be executed regularly
+	FaaSTriggerTimer = FaaSTriggerKey.String("timer")
+	// If none of the others apply
+	FaaSTriggerOther = FaaSTriggerKey.String("other")
+)
+
+// FaaSInvokedName returns an attribute KeyValue conforming to the
+// "faas.invoked_name" semantic conventions. It represents the name of the
+// invoked function.
+func FaaSInvokedName(val string) attribute.KeyValue {
+	return FaaSInvokedNameKey.String(val)
+}
+
+// FaaSInvokedRegion returns an attribute KeyValue conforming to the
+// "faas.invoked_region" semantic conventions. It represents the cloud region
+// of the invoked function.
+func FaaSInvokedRegion(val string) attribute.KeyValue {
+	return FaaSInvokedRegionKey.String(val)
+}
+
+// Attributes for Events represented using Log Records.
+const (
+	// EventNameKey is the attribute Key conforming to the "event.name"
+	// semantic conventions. It represents the identifies the class / type of
+	// event.
+	//
+	// Type: string
+	// RequirementLevel: Required
+	// Stability: experimental
+	// Examples: 'browser.mouse.click', 'device.app.lifecycle'
+	// Note: Event names are subject to the same rules as [attribute
+	// names](https://github.com/open-telemetry/opentelemetry-specification/tree/v1.26.0/specification/common/attribute-naming.md).
+	// Notably, event names are namespaced to avoid collisions and provide a
+	// clean separation of semantics for events in separate domains like
+	// browser, mobile, and kubernetes.
+	EventNameKey = attribute.Key("event.name")
+)
+
+// EventName returns an attribute KeyValue conforming to the "event.name"
+// semantic conventions. It represents the identifies the class / type of
+// event.
+func EventName(val string) attribute.KeyValue {
+	return EventNameKey.String(val)
+}
+
+// The attributes described in this section are rather generic. They may be
+// used in any Log Record they apply to.
+const (
+	// LogRecordUIDKey is the attribute Key conforming to the "log.record.uid"
+	// semantic conventions. It represents a unique identifier for the Log
+	// Record.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: '01ARZ3NDEKTSV4RRFFQ69G5FAV'
+	// Note: If an id is provided, other log records with the same id will be
+	// considered duplicates and can be removed safely. This means, that two
+	// distinguishable log records MUST have different values.
+	// The id MAY be an [Universally Unique Lexicographically Sortable
+	// Identifier (ULID)](https://github.com/ulid/spec), but other identifiers
+	// (e.g. UUID) may be used as needed.
+	LogRecordUIDKey = attribute.Key("log.record.uid")
+)
+
+// LogRecordUID returns an attribute KeyValue conforming to the
+// "log.record.uid" semantic conventions. It represents a unique identifier for
+// the Log Record.
+func LogRecordUID(val string) attribute.KeyValue {
+	return LogRecordUIDKey.String(val)
+}
+
+// Describes Log attributes
+const (
+	// LogIostreamKey is the attribute Key conforming to the "log.iostream"
+	// semantic conventions. It represents the stream associated with the log.
+	// See below for a list of well-known values.
+	//
+	// Type: Enum
+	// RequirementLevel: Optional
+	// Stability: experimental
+	LogIostreamKey = attribute.Key("log.iostream")
+)
+
+var (
+	// Logs from stdout stream
+	LogIostreamStdout = LogIostreamKey.String("stdout")
+	// Events from stderr stream
+	LogIostreamStderr = LogIostreamKey.String("stderr")
+)
+
+// A file to which log was emitted.
+const (
+	// LogFileNameKey is the attribute Key conforming to the "log.file.name"
+	// semantic conventions. It represents the basename of the file.
+	//
+	// Type: string
+	// RequirementLevel: Recommended
+	// Stability: experimental
+	// Examples: 'audit.log'
+	LogFileNameKey = attribute.Key("log.file.name")
+
+	// LogFileNameResolvedKey is the attribute Key conforming to the
+	// "log.file.name_resolved" semantic conventions. It represents the
+	// basename of the file, with symlinks resolved.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 'uuid.log'
+	LogFileNameResolvedKey = attribute.Key("log.file.name_resolved")
+
+	// LogFilePathKey is the attribute Key conforming to the "log.file.path"
+	// semantic conventions. It represents the full path to the file.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: '/var/log/mysql/audit.log'
+	LogFilePathKey = attribute.Key("log.file.path")
+
+	// LogFilePathResolvedKey is the attribute Key conforming to the
+	// "log.file.path_resolved" semantic conventions. It represents the full
+	// path to the file, with symlinks resolved.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: '/var/lib/docker/uuid.log'
+	LogFilePathResolvedKey = attribute.Key("log.file.path_resolved")
+)
+
+// LogFileName returns an attribute KeyValue conforming to the
+// "log.file.name" semantic conventions. It represents the basename of the
+// file.
+func LogFileName(val string) attribute.KeyValue {
+	return LogFileNameKey.String(val)
+}
+
+// LogFileNameResolved returns an attribute KeyValue conforming to the
+// "log.file.name_resolved" semantic conventions. It represents the basename of
+// the file, with symlinks resolved.
+func LogFileNameResolved(val string) attribute.KeyValue {
+	return LogFileNameResolvedKey.String(val)
+}
+
+// LogFilePath returns an attribute KeyValue conforming to the
+// "log.file.path" semantic conventions. It represents the full path to the
+// file.
+func LogFilePath(val string) attribute.KeyValue {
+	return LogFilePathKey.String(val)
+}
+
+// LogFilePathResolved returns an attribute KeyValue conforming to the
+// "log.file.path_resolved" semantic conventions. It represents the full path
+// to the file, with symlinks resolved.
+func LogFilePathResolved(val string) attribute.KeyValue {
+	return LogFilePathResolvedKey.String(val)
+}
+
+// Describes Database attributes
+const (
+	// PoolNameKey is the attribute Key conforming to the "pool.name" semantic
+	// conventions. It represents the name of the connection pool; unique
+	// within the instrumented application. In case the connection pool
+	// implementation doesn't provide a name, then the
+	// [db.connection_string](/docs/database/database-spans.md#connection-level-attributes)
+	// should be used
+	//
+	// Type: string
+	// RequirementLevel: Required
+	// Stability: experimental
+	// Examples: 'myDataSource'
+	PoolNameKey = attribute.Key("pool.name")
+
+	// StateKey is the attribute Key conforming to the "state" semantic
+	// conventions. It represents the state of a connection in the pool
+	//
+	// Type: Enum
+	// RequirementLevel: Required
+	// Stability: experimental
+	// Examples: 'idle'
+	StateKey = attribute.Key("state")
+)
+
+var (
+	// idle
+	StateIdle = StateKey.String("idle")
+	// used
+	StateUsed = StateKey.String("used")
+)
+
+// PoolName returns an attribute KeyValue conforming to the "pool.name"
+// semantic conventions. It represents the name of the connection pool; unique
+// within the instrumented application. In case the connection pool
+// implementation doesn't provide a name, then the
+// [db.connection_string](/docs/database/database-spans.md#connection-level-attributes)
+// should be used
+func PoolName(val string) attribute.KeyValue {
+	return PoolNameKey.String(val)
+}
+
+// ASP.NET Core attributes
+const (
+	// AspnetcoreDiagnosticsHandlerTypeKey is the attribute Key conforming to
+	// the "aspnetcore.diagnostics.handler.type" semantic conventions. It
+	// represents the full type name of the
+	// [`IExceptionHandler`](https://learn.microsoft.com/dotnet/api/microsoft.aspnetcore.diagnostics.iexceptionhandler)
+	// implementation that handled the exception.
+	//
+	// Type: string
+	// RequirementLevel: ConditionallyRequired (if and only if the exception
+	// was handled by this handler.)
+	// Stability: experimental
+	// Examples: 'Contoso.MyHandler'
+	AspnetcoreDiagnosticsHandlerTypeKey = attribute.Key("aspnetcore.diagnostics.handler.type")
+
+	// AspnetcoreRateLimitingPolicyKey is the attribute Key conforming to the
+	// "aspnetcore.rate_limiting.policy" semantic conventions. It represents
+	// the rate limiting policy name.
+	//
+	// Type: string
+	// RequirementLevel: ConditionallyRequired (if the matched endpoint for the
+	// request had a rate-limiting policy.)
+	// Stability: experimental
+	// Examples: 'fixed', 'sliding', 'token'
+	AspnetcoreRateLimitingPolicyKey = attribute.Key("aspnetcore.rate_limiting.policy")
+
+	// AspnetcoreRateLimitingResultKey is the attribute Key conforming to the
+	// "aspnetcore.rate_limiting.result" semantic conventions. It represents
+	// the rate-limiting result, shows whether the lease was acquired or
+	// contains a rejection reason
+	//
+	// Type: Enum
+	// RequirementLevel: Required
+	// Stability: experimental
+	// Examples: 'acquired', 'request_canceled'
+	AspnetcoreRateLimitingResultKey = attribute.Key("aspnetcore.rate_limiting.result")
+
+	// AspnetcoreRequestIsUnhandledKey is the attribute Key conforming to the
+	// "aspnetcore.request.is_unhandled" semantic conventions. It represents
+	// the flag indicating if request was handled by the application pipeline.
+	//
+	// Type: boolean
+	// RequirementLevel: ConditionallyRequired (if and only if the request was
+	// not handled.)
+	// Stability: experimental
+	// Examples: True
+	AspnetcoreRequestIsUnhandledKey = attribute.Key("aspnetcore.request.is_unhandled")
+
+	// AspnetcoreRoutingIsFallbackKey is the attribute Key conforming to the
+	// "aspnetcore.routing.is_fallback" semantic conventions. It represents a
+	// value that indicates whether the matched route is a fallback route.
+	//
+	// Type: boolean
+	// RequirementLevel: ConditionallyRequired (If and only if a route was
+	// successfully matched.)
+	// Stability: experimental
+	// Examples: True
+	AspnetcoreRoutingIsFallbackKey = attribute.Key("aspnetcore.routing.is_fallback")
+)
+
+var (
+	// Lease was acquired
+	AspnetcoreRateLimitingResultAcquired = AspnetcoreRateLimitingResultKey.String("acquired")
+	// Lease request was rejected by the endpoint limiter
+	AspnetcoreRateLimitingResultEndpointLimiter = AspnetcoreRateLimitingResultKey.String("endpoint_limiter")
+	// Lease request was rejected by the global limiter
+	AspnetcoreRateLimitingResultGlobalLimiter = AspnetcoreRateLimitingResultKey.String("global_limiter")
+	// Lease request was canceled
+	AspnetcoreRateLimitingResultRequestCanceled = AspnetcoreRateLimitingResultKey.String("request_canceled")
+)
+
+// AspnetcoreDiagnosticsHandlerType returns an attribute KeyValue conforming
+// to the "aspnetcore.diagnostics.handler.type" semantic conventions. It
+// represents the full type name of the
+// [`IExceptionHandler`](https://learn.microsoft.com/dotnet/api/microsoft.aspnetcore.diagnostics.iexceptionhandler)
+// implementation that handled the exception.
+func AspnetcoreDiagnosticsHandlerType(val string) attribute.KeyValue {
+	return AspnetcoreDiagnosticsHandlerTypeKey.String(val)
+}
+
+// AspnetcoreRateLimitingPolicy returns an attribute KeyValue conforming to
+// the "aspnetcore.rate_limiting.policy" semantic conventions. It represents
+// the rate limiting policy name.
+func AspnetcoreRateLimitingPolicy(val string) attribute.KeyValue {
+	return AspnetcoreRateLimitingPolicyKey.String(val)
+}
+
+// AspnetcoreRequestIsUnhandled returns an attribute KeyValue conforming to
+// the "aspnetcore.request.is_unhandled" semantic conventions. It represents
+// the flag indicating if request was handled by the application pipeline.
+func AspnetcoreRequestIsUnhandled(val bool) attribute.KeyValue {
+	return AspnetcoreRequestIsUnhandledKey.Bool(val)
+}
+
+// AspnetcoreRoutingIsFallback returns an attribute KeyValue conforming to
+// the "aspnetcore.routing.is_fallback" semantic conventions. It represents a
+// value that indicates whether the matched route is a fallback route.
+func AspnetcoreRoutingIsFallback(val bool) attribute.KeyValue {
+	return AspnetcoreRoutingIsFallbackKey.Bool(val)
+}
+
+// SignalR attributes
+const (
+	// SignalrConnectionStatusKey is the attribute Key conforming to the
+	// "signalr.connection.status" semantic conventions. It represents the
+	// signalR HTTP connection closure status.
+	//
+	// Type: Enum
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 'app_shutdown', 'timeout'
+	SignalrConnectionStatusKey = attribute.Key("signalr.connection.status")
+
+	// SignalrTransportKey is the attribute Key conforming to the
+	// "signalr.transport" semantic conventions. It represents the [SignalR
+	// transport
+	// type](https://github.com/dotnet/aspnetcore/blob/main/src/SignalR/docs/specs/TransportProtocols.md)
+	//
+	// Type: Enum
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 'web_sockets', 'long_polling'
+	SignalrTransportKey = attribute.Key("signalr.transport")
+)
+
+var (
+	// The connection was closed normally
+	SignalrConnectionStatusNormalClosure = SignalrConnectionStatusKey.String("normal_closure")
+	// The connection was closed due to a timeout
+	SignalrConnectionStatusTimeout = SignalrConnectionStatusKey.String("timeout")
+	// The connection was closed because the app is shutting down
+	SignalrConnectionStatusAppShutdown = SignalrConnectionStatusKey.String("app_shutdown")
+)
+
+var (
+	// ServerSentEvents protocol
+	SignalrTransportServerSentEvents = SignalrTransportKey.String("server_sent_events")
+	// LongPolling protocol
+	SignalrTransportLongPolling = SignalrTransportKey.String("long_polling")
+	// WebSockets protocol
+	SignalrTransportWebSockets = SignalrTransportKey.String("web_sockets")
+)
+
+// Describes JVM buffer metric attributes.
+const (
+	// JvmBufferPoolNameKey is the attribute Key conforming to the
+	// "jvm.buffer.pool.name" semantic conventions. It represents the name of
+	// the buffer pool.
+	//
+	// Type: string
+	// RequirementLevel: Recommended
+	// Stability: experimental
+	// Examples: 'mapped', 'direct'
+	// Note: Pool names are generally obtained via
+	// [BufferPoolMXBean#getName()](https://docs.oracle.com/en/java/javase/11/docs/api/java.management/java/lang/management/BufferPoolMXBean.html#getName()).
+	JvmBufferPoolNameKey = attribute.Key("jvm.buffer.pool.name")
+)
+
+// JvmBufferPoolName returns an attribute KeyValue conforming to the
+// "jvm.buffer.pool.name" semantic conventions. It represents the name of the
+// buffer pool.
+func JvmBufferPoolName(val string) attribute.KeyValue {
+	return JvmBufferPoolNameKey.String(val)
+}
+
+// Describes JVM memory metric attributes.
+const (
+	// JvmMemoryPoolNameKey is the attribute Key conforming to the
+	// "jvm.memory.pool.name" semantic conventions. It represents the name of
+	// the memory pool.
+	//
+	// Type: string
+	// RequirementLevel: Recommended
+	// Stability: stable
+	// Examples: 'G1 Old Gen', 'G1 Eden space', 'G1 Survivor Space'
+	// Note: Pool names are generally obtained via
+	// [MemoryPoolMXBean#getName()](https://docs.oracle.com/en/java/javase/11/docs/api/java.management/java/lang/management/MemoryPoolMXBean.html#getName()).
+	JvmMemoryPoolNameKey = attribute.Key("jvm.memory.pool.name")
+
+	// JvmMemoryTypeKey is the attribute Key conforming to the
+	// "jvm.memory.type" semantic conventions. It represents the type of
+	// memory.
+	//
+	// Type: Enum
+	// RequirementLevel: Recommended
+	// Stability: stable
+	// Examples: 'heap', 'non_heap'
+	JvmMemoryTypeKey = attribute.Key("jvm.memory.type")
+)
+
+var (
+	// Heap memory
+	JvmMemoryTypeHeap = JvmMemoryTypeKey.String("heap")
+	// Non-heap memory
+	JvmMemoryTypeNonHeap = JvmMemoryTypeKey.String("non_heap")
+)
+
+// JvmMemoryPoolName returns an attribute KeyValue conforming to the
+// "jvm.memory.pool.name" semantic conventions. It represents the name of the
+// memory pool.
+func JvmMemoryPoolName(val string) attribute.KeyValue {
+	return JvmMemoryPoolNameKey.String(val)
+}
+
+// Describes System metric attributes
+const (
+	// SystemDeviceKey is the attribute Key conforming to the "system.device"
+	// semantic conventions. It represents the device identifier
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: '(identifier)'
+	SystemDeviceKey = attribute.Key("system.device")
+)
+
+// SystemDevice returns an attribute KeyValue conforming to the
+// "system.device" semantic conventions. It represents the device identifier
+func SystemDevice(val string) attribute.KeyValue {
+	return SystemDeviceKey.String(val)
+}
+
+// Describes System CPU metric attributes
+const (
+	// SystemCPULogicalNumberKey is the attribute Key conforming to the
+	// "system.cpu.logical_number" semantic conventions. It represents the
+	// logical CPU number [0..n-1]
+	//
+	// Type: int
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 1
+	SystemCPULogicalNumberKey = attribute.Key("system.cpu.logical_number")
+
+	// SystemCPUStateKey is the attribute Key conforming to the
+	// "system.cpu.state" semantic conventions. It represents the state of the
+	// CPU
+	//
+	// Type: Enum
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 'idle', 'interrupt'
+	SystemCPUStateKey = attribute.Key("system.cpu.state")
+)
+
+var (
+	// user
+	SystemCPUStateUser = SystemCPUStateKey.String("user")
+	// system
+	SystemCPUStateSystem = SystemCPUStateKey.String("system")
+	// nice
+	SystemCPUStateNice = SystemCPUStateKey.String("nice")
+	// idle
+	SystemCPUStateIdle = SystemCPUStateKey.String("idle")
+	// iowait
+	SystemCPUStateIowait = SystemCPUStateKey.String("iowait")
+	// interrupt
+	SystemCPUStateInterrupt = SystemCPUStateKey.String("interrupt")
+	// steal
+	SystemCPUStateSteal = SystemCPUStateKey.String("steal")
+)
+
+// SystemCPULogicalNumber returns an attribute KeyValue conforming to the
+// "system.cpu.logical_number" semantic conventions. It represents the logical
+// CPU number [0..n-1]
+func SystemCPULogicalNumber(val int) attribute.KeyValue {
+	return SystemCPULogicalNumberKey.Int(val)
+}
+
+// Describes System Memory metric attributes
+const (
+	// SystemMemoryStateKey is the attribute Key conforming to the
+	// "system.memory.state" semantic conventions. It represents the memory
+	// state
+	//
+	// Type: Enum
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 'free', 'cached'
+	SystemMemoryStateKey = attribute.Key("system.memory.state")
+)
+
+var (
+	// used
+	SystemMemoryStateUsed = SystemMemoryStateKey.String("used")
+	// free
+	SystemMemoryStateFree = SystemMemoryStateKey.String("free")
+	// shared
+	SystemMemoryStateShared = SystemMemoryStateKey.String("shared")
+	// buffers
+	SystemMemoryStateBuffers = SystemMemoryStateKey.String("buffers")
+	// cached
+	SystemMemoryStateCached = SystemMemoryStateKey.String("cached")
+)
+
+// Describes System Memory Paging metric attributes
+const (
+	// SystemPagingDirectionKey is the attribute Key conforming to the
+	// "system.paging.direction" semantic conventions. It represents the paging
+	// access direction
+	//
+	// Type: Enum
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 'in'
+	SystemPagingDirectionKey = attribute.Key("system.paging.direction")
+
+	// SystemPagingStateKey is the attribute Key conforming to the
+	// "system.paging.state" semantic conventions. It represents the memory
+	// paging state
+	//
+	// Type: Enum
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 'free'
+	SystemPagingStateKey = attribute.Key("system.paging.state")
+
+	// SystemPagingTypeKey is the attribute Key conforming to the
+	// "system.paging.type" semantic conventions. It represents the memory
+	// paging type
+	//
+	// Type: Enum
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 'minor'
+	SystemPagingTypeKey = attribute.Key("system.paging.type")
+)
+
+var (
+	// in
+	SystemPagingDirectionIn = SystemPagingDirectionKey.String("in")
+	// out
+	SystemPagingDirectionOut = SystemPagingDirectionKey.String("out")
+)
+
+var (
+	// used
+	SystemPagingStateUsed = SystemPagingStateKey.String("used")
+	// free
+	SystemPagingStateFree = SystemPagingStateKey.String("free")
+)
+
+var (
+	// major
+	SystemPagingTypeMajor = SystemPagingTypeKey.String("major")
+	// minor
+	SystemPagingTypeMinor = SystemPagingTypeKey.String("minor")
+)
+
+// Describes Filesystem metric attributes
+const (
+	// SystemFilesystemModeKey is the attribute Key conforming to the
+	// "system.filesystem.mode" semantic conventions. It represents the
+	// filesystem mode
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 'rw, ro'
+	SystemFilesystemModeKey = attribute.Key("system.filesystem.mode")
+
+	// SystemFilesystemMountpointKey is the attribute Key conforming to the
+	// "system.filesystem.mountpoint" semantic conventions. It represents the
+	// filesystem mount path
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: '/mnt/data'
+	SystemFilesystemMountpointKey = attribute.Key("system.filesystem.mountpoint")
+
+	// SystemFilesystemStateKey is the attribute Key conforming to the
+	// "system.filesystem.state" semantic conventions. It represents the
+	// filesystem state
+	//
+	// Type: Enum
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 'used'
+	SystemFilesystemStateKey = attribute.Key("system.filesystem.state")
+
+	// SystemFilesystemTypeKey is the attribute Key conforming to the
+	// "system.filesystem.type" semantic conventions. It represents the
+	// filesystem type
+	//
+	// Type: Enum
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 'ext4'
+	SystemFilesystemTypeKey = attribute.Key("system.filesystem.type")
+)
+
+var (
+	// used
+	SystemFilesystemStateUsed = SystemFilesystemStateKey.String("used")
+	// free
+	SystemFilesystemStateFree = SystemFilesystemStateKey.String("free")
+	// reserved
+	SystemFilesystemStateReserved = SystemFilesystemStateKey.String("reserved")
+)
+
+var (
+	// fat32
+	SystemFilesystemTypeFat32 = SystemFilesystemTypeKey.String("fat32")
+	// exfat
+	SystemFilesystemTypeExfat = SystemFilesystemTypeKey.String("exfat")
+	// ntfs
+	SystemFilesystemTypeNtfs = SystemFilesystemTypeKey.String("ntfs")
+	// refs
+	SystemFilesystemTypeRefs = SystemFilesystemTypeKey.String("refs")
+	// hfsplus
+	SystemFilesystemTypeHfsplus = SystemFilesystemTypeKey.String("hfsplus")
+	// ext4
+	SystemFilesystemTypeExt4 = SystemFilesystemTypeKey.String("ext4")
+)
+
+// SystemFilesystemMode returns an attribute KeyValue conforming to the
+// "system.filesystem.mode" semantic conventions. It represents the filesystem
+// mode
+func SystemFilesystemMode(val string) attribute.KeyValue {
+	return SystemFilesystemModeKey.String(val)
+}
+
+// SystemFilesystemMountpoint returns an attribute KeyValue conforming to
+// the "system.filesystem.mountpoint" semantic conventions. It represents the
+// filesystem mount path
+func SystemFilesystemMountpoint(val string) attribute.KeyValue {
+	return SystemFilesystemMountpointKey.String(val)
+}
+
+// Describes Network metric attributes
+const (
+	// SystemNetworkStateKey is the attribute Key conforming to the
+	// "system.network.state" semantic conventions. It represents a stateless
+	// protocol MUST NOT set this attribute
+	//
+	// Type: Enum
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 'close_wait'
+	SystemNetworkStateKey = attribute.Key("system.network.state")
+)
+
+var (
+	// close
+	SystemNetworkStateClose = SystemNetworkStateKey.String("close")
+	// close_wait
+	SystemNetworkStateCloseWait = SystemNetworkStateKey.String("close_wait")
+	// closing
+	SystemNetworkStateClosing = SystemNetworkStateKey.String("closing")
+	// delete
+	SystemNetworkStateDelete = SystemNetworkStateKey.String("delete")
+	// established
+	SystemNetworkStateEstablished = SystemNetworkStateKey.String("established")
+	// fin_wait_1
+	SystemNetworkStateFinWait1 = SystemNetworkStateKey.String("fin_wait_1")
+	// fin_wait_2
+	SystemNetworkStateFinWait2 = SystemNetworkStateKey.String("fin_wait_2")
+	// last_ack
+	SystemNetworkStateLastAck = SystemNetworkStateKey.String("last_ack")
+	// listen
+	SystemNetworkStateListen = SystemNetworkStateKey.String("listen")
+	// syn_recv
+	SystemNetworkStateSynRecv = SystemNetworkStateKey.String("syn_recv")
+	// syn_sent
+	SystemNetworkStateSynSent = SystemNetworkStateKey.String("syn_sent")
+	// time_wait
+	SystemNetworkStateTimeWait = SystemNetworkStateKey.String("time_wait")
+)
+
+// Describes System Process metric attributes
+const (
+	// SystemProcessesStatusKey is the attribute Key conforming to the
+	// "system.processes.status" semantic conventions. It represents the
+	// process state, e.g., [Linux Process State
+	// Codes](https://man7.org/linux/man-pages/man1/ps.1.html#PROCESS_STATE_CODES)
+	//
+	// Type: Enum
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 'running'
+	SystemProcessesStatusKey = attribute.Key("system.processes.status")
+)
+
+var (
+	// running
+	SystemProcessesStatusRunning = SystemProcessesStatusKey.String("running")
+	// sleeping
+	SystemProcessesStatusSleeping = SystemProcessesStatusKey.String("sleeping")
+	// stopped
+	SystemProcessesStatusStopped = SystemProcessesStatusKey.String("stopped")
+	// defunct
+	SystemProcessesStatusDefunct = SystemProcessesStatusKey.String("defunct")
+)
+
+// These attributes may be used to describe the client in a connection-based
+// network interaction where there is one side that initiates the connection
+// (the client is the side that initiates the connection). This covers all TCP
+// network interactions since TCP is connection-based and one side initiates
+// the connection (an exception is made for peer-to-peer communication over TCP
+// where the "user-facing" surface of the protocol / API doesn't expose a clear
+// notion of client and server). This also covers UDP network interactions
+// where one side initiates the interaction, e.g. QUIC (HTTP/3) and DNS.
+const (
+	// ClientAddressKey is the attribute Key conforming to the "client.address"
+	// semantic conventions. It represents the client address - domain name if
+	// available without reverse DNS lookup; otherwise, IP address or Unix
+	// domain socket name.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'client.example.com', '10.1.2.80', '/tmp/my.sock'
+	// Note: When observed from the server side, and when communicating through
+	// an intermediary, `client.address` SHOULD represent the client address
+	// behind any intermediaries,  for example proxies, if it's available.
+	ClientAddressKey = attribute.Key("client.address")
+
+	// ClientPortKey is the attribute Key conforming to the "client.port"
+	// semantic conventions. It represents the client port number.
+	//
+	// Type: int
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 65123
+	// Note: When observed from the server side, and when communicating through
+	// an intermediary, `client.port` SHOULD represent the client port behind
+	// any intermediaries,  for example proxies, if it's available.
+	ClientPortKey = attribute.Key("client.port")
+)
+
+// ClientAddress returns an attribute KeyValue conforming to the
+// "client.address" semantic conventions. It represents the client address -
+// domain name if available without reverse DNS lookup; otherwise, IP address
+// or Unix domain socket name.
+func ClientAddress(val string) attribute.KeyValue {
+	return ClientAddressKey.String(val)
+}
+
+// ClientPort returns an attribute KeyValue conforming to the "client.port"
+// semantic conventions. It represents the client port number.
+func ClientPort(val int) attribute.KeyValue {
+	return ClientPortKey.Int(val)
+}
+
+// The attributes used to describe telemetry in the context of databases.
+const (
+	// DBCassandraConsistencyLevelKey is the attribute Key conforming to the
+	// "db.cassandra.consistency_level" semantic conventions. It represents the
+	// consistency level of the query. Based on consistency values from
+	// [CQL](https://docs.datastax.com/en/cassandra-oss/3.0/cassandra/dml/dmlConfigConsistency.html).
+	//
+	// Type: Enum
+	// RequirementLevel: Optional
+	// Stability: experimental
+	DBCassandraConsistencyLevelKey = attribute.Key("db.cassandra.consistency_level")
+
+	// DBCassandraCoordinatorDCKey is the attribute Key conforming to the
+	// "db.cassandra.coordinator.dc" semantic conventions. It represents the
+	// data center of the coordinating node for a query.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 'us-west-2'
+	DBCassandraCoordinatorDCKey = attribute.Key("db.cassandra.coordinator.dc")
+
+	// DBCassandraCoordinatorIDKey is the attribute Key conforming to the
+	// "db.cassandra.coordinator.id" semantic conventions. It represents the ID
+	// of the coordinating node for a query.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 'be13faa2-8574-4d71-926d-27f16cf8a7af'
+	DBCassandraCoordinatorIDKey = attribute.Key("db.cassandra.coordinator.id")
+
+	// DBCassandraIdempotenceKey is the attribute Key conforming to the
+	// "db.cassandra.idempotence" semantic conventions. It represents the
+	// whether or not the query is idempotent.
+	//
+	// Type: boolean
+	// RequirementLevel: Optional
+	// Stability: experimental
+	DBCassandraIdempotenceKey = attribute.Key("db.cassandra.idempotence")
+
+	// DBCassandraPageSizeKey is the attribute Key conforming to the
+	// "db.cassandra.page_size" semantic conventions. It represents the fetch
+	// size used for paging, i.e. how many rows will be returned at once.
+	//
+	// Type: int
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 5000
+	DBCassandraPageSizeKey = attribute.Key("db.cassandra.page_size")
+
+	// DBCassandraSpeculativeExecutionCountKey is the attribute Key conforming
+	// to the "db.cassandra.speculative_execution_count" semantic conventions.
+	// It represents the number of times a query was speculatively executed.
+	// Not set or `0` if the query was not executed speculatively.
+	//
+	// Type: int
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 0, 2
+	DBCassandraSpeculativeExecutionCountKey = attribute.Key("db.cassandra.speculative_execution_count")
+
+	// DBCassandraTableKey is the attribute Key conforming to the
+	// "db.cassandra.table" semantic conventions. It represents the name of the
+	// primary Cassandra table that the operation is acting upon, including the
+	// keyspace name (if applicable).
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 'mytable'
+	// Note: This mirrors the db.sql.table attribute but references cassandra
+	// rather than sql. It is not recommended to attempt any client-side
+	// parsing of `db.statement` just to get this property, but it should be
+	// set if it is provided by the library being instrumented. If the
+	// operation is acting upon an anonymous table, or more than one table,
+	// this value MUST NOT be set.
+	DBCassandraTableKey = attribute.Key("db.cassandra.table")
+
+	// DBConnectionStringKey is the attribute Key conforming to the
+	// "db.connection_string" semantic conventions. It represents the
+	// connection string used to connect to the database. It is recommended to
+	// remove embedded credentials.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 'Server=(localdb)\\v11.0;Integrated Security=true;'
+	DBConnectionStringKey = attribute.Key("db.connection_string")
+
+	// DBCosmosDBClientIDKey is the attribute Key conforming to the
+	// "db.cosmosdb.client_id" semantic conventions. It represents the unique
+	// Cosmos client instance id.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: '3ba4827d-4422-483f-b59f-85b74211c11d'
+	DBCosmosDBClientIDKey = attribute.Key("db.cosmosdb.client_id")
+
+	// DBCosmosDBConnectionModeKey is the attribute Key conforming to the
+	// "db.cosmosdb.connection_mode" semantic conventions. It represents the
+	// cosmos client connection mode.
+	//
+	// Type: Enum
+	// RequirementLevel: Optional
+	// Stability: experimental
+	DBCosmosDBConnectionModeKey = attribute.Key("db.cosmosdb.connection_mode")
+
+	// DBCosmosDBContainerKey is the attribute Key conforming to the
+	// "db.cosmosdb.container" semantic conventions. It represents the cosmos
+	// DB container name.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 'anystring'
+	DBCosmosDBContainerKey = attribute.Key("db.cosmosdb.container")
+
+	// DBCosmosDBOperationTypeKey is the attribute Key conforming to the
+	// "db.cosmosdb.operation_type" semantic conventions. It represents the
+	// cosmosDB Operation Type.
+	//
+	// Type: Enum
+	// RequirementLevel: Optional
+	// Stability: experimental
+	DBCosmosDBOperationTypeKey = attribute.Key("db.cosmosdb.operation_type")
+
+	// DBCosmosDBRequestChargeKey is the attribute Key conforming to the
+	// "db.cosmosdb.request_charge" semantic conventions. It represents the rU
+	// consumed for that operation
+	//
+	// Type: double
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 46.18, 1.0
+	DBCosmosDBRequestChargeKey = attribute.Key("db.cosmosdb.request_charge")
+
+	// DBCosmosDBRequestContentLengthKey is the attribute Key conforming to the
+	// "db.cosmosdb.request_content_length" semantic conventions. It represents
+	// the request payload size in bytes
+	//
+	// Type: int
+	// RequirementLevel: Optional
+	// Stability: experimental
+	DBCosmosDBRequestContentLengthKey = attribute.Key("db.cosmosdb.request_content_length")
+
+	// DBCosmosDBStatusCodeKey is the attribute Key conforming to the
+	// "db.cosmosdb.status_code" semantic conventions. It represents the cosmos
+	// DB status code.
+	//
+	// Type: int
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 200, 201
+	DBCosmosDBStatusCodeKey = attribute.Key("db.cosmosdb.status_code")
+
+	// DBCosmosDBSubStatusCodeKey is the attribute Key conforming to the
+	// "db.cosmosdb.sub_status_code" semantic conventions. It represents the
+	// cosmos DB sub status code.
+	//
+	// Type: int
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 1000, 1002
+	DBCosmosDBSubStatusCodeKey = attribute.Key("db.cosmosdb.sub_status_code")
+
+	// DBElasticsearchClusterNameKey is the attribute Key conforming to the
+	// "db.elasticsearch.cluster.name" semantic conventions. It represents the
+	// represents the identifier of an Elasticsearch cluster.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 'e9106fc68e3044f0b1475b04bf4ffd5f'
+	DBElasticsearchClusterNameKey = attribute.Key("db.elasticsearch.cluster.name")
+
+	// DBElasticsearchNodeNameKey is the attribute Key conforming to the
+	// "db.elasticsearch.node.name" semantic conventions. It represents the
+	// represents the human-readable identifier of the node/instance to which a
+	// request was routed.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 'instance-0000000001'
+	DBElasticsearchNodeNameKey = attribute.Key("db.elasticsearch.node.name")
+
+	// DBInstanceIDKey is the attribute Key conforming to the "db.instance.id"
+	// semantic conventions. It represents an identifier (address, unique name,
+	// or any other identifier) of the database instance that is executing
+	// queries or mutations on the current connection. This is useful in cases
+	// where the database is running in a clustered environment and the
+	// instrumentation is able to record the node executing the query. The
+	// client may obtain this value in databases like MySQL using queries like
+	// `select @@hostname`.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 'mysql-e26b99z.example.com'
+	DBInstanceIDKey = attribute.Key("db.instance.id")
+
+	// DBJDBCDriverClassnameKey is the attribute Key conforming to the
+	// "db.jdbc.driver_classname" semantic conventions. It represents the
+	// fully-qualified class name of the [Java Database Connectivity
+	// (JDBC)](https://docs.oracle.com/javase/8/docs/technotes/guides/jdbc/)
+	// driver used to connect.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 'org.postgresql.Driver',
+	// 'com.microsoft.sqlserver.jdbc.SQLServerDriver'
+	DBJDBCDriverClassnameKey = attribute.Key("db.jdbc.driver_classname")
+
+	// DBMongoDBCollectionKey is the attribute Key conforming to the
+	// "db.mongodb.collection" semantic conventions. It represents the MongoDB
+	// collection being accessed within the database stated in `db.name`.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 'customers', 'products'
+	DBMongoDBCollectionKey = attribute.Key("db.mongodb.collection")
+
+	// DBMSSQLInstanceNameKey is the attribute Key conforming to the
+	// "db.mssql.instance_name" semantic conventions. It represents the
+	// Microsoft SQL Server [instance
+	// name](https://docs.microsoft.com/sql/connect/jdbc/building-the-connection-url?view=sql-server-ver15)
+	// connecting to. This name is used to determine the port of a named
+	// instance.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 'MSSQLSERVER'
+	// Note: If setting a `db.mssql.instance_name`, `server.port` is no longer
+	// required (but still recommended if non-standard).
+	DBMSSQLInstanceNameKey = attribute.Key("db.mssql.instance_name")
+
+	// DBNameKey is the attribute Key conforming to the "db.name" semantic
+	// conventions. It represents the this attribute is used to report the name
+	// of the database being accessed. For commands that switch the database,
+	// this should be set to the target database (even if the command fails).
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 'customers', 'main'
+	// Note: In some SQL databases, the database name to be used is called
+	// "schema name". In case there are multiple layers that could be
+	// considered for database name (e.g. Oracle instance name and schema
+	// name), the database name to be used is the more specific layer (e.g.
+	// Oracle schema name).
+	DBNameKey = attribute.Key("db.name")
+
+	// DBOperationKey is the attribute Key conforming to the "db.operation"
+	// semantic conventions. It represents the name of the operation being
+	// executed, e.g. the [MongoDB command
+	// name](https://docs.mongodb.com/manual/reference/command/#database-operations)
+	// such as `findAndModify`, or the SQL keyword.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 'findAndModify', 'HMSET', 'SELECT'
+	// Note: When setting this to an SQL keyword, it is not recommended to
+	// attempt any client-side parsing of `db.statement` just to get this
+	// property, but it should be set if the operation name is provided by the
+	// library being instrumented. If the SQL statement has an ambiguous
+	// operation, or performs more than one operation, this value may be
+	// omitted.
+	DBOperationKey = attribute.Key("db.operation")
+
+	// DBRedisDBIndexKey is the attribute Key conforming to the
+	// "db.redis.database_index" semantic conventions. It represents the index
+	// of the database being accessed as used in the [`SELECT`
+	// command](https://redis.io/commands/select), provided as an integer. To
+	// be used instead of the generic `db.name` attribute.
+	//
+	// Type: int
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 0, 1, 15
+	DBRedisDBIndexKey = attribute.Key("db.redis.database_index")
+
+	// DBSQLTableKey is the attribute Key conforming to the "db.sql.table"
+	// semantic conventions. It represents the name of the primary table that
+	// the operation is acting upon, including the database name (if
+	// applicable).
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 'public.users', 'customers'
+	// Note: It is not recommended to attempt any client-side parsing of
+	// `db.statement` just to get this property, but it should be set if it is
+	// provided by the library being instrumented. If the operation is acting
+	// upon an anonymous table, or more than one table, this value MUST NOT be
+	// set.
+	DBSQLTableKey = attribute.Key("db.sql.table")
+
+	// DBStatementKey is the attribute Key conforming to the "db.statement"
+	// semantic conventions. It represents the database statement being
+	// executed.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 'SELECT * FROM wuser_table', 'SET mykey "WuValue"'
+	DBStatementKey = attribute.Key("db.statement")
+
+	// DBSystemKey is the attribute Key conforming to the "db.system" semantic
+	// conventions. It represents an identifier for the database management
+	// system (DBMS) product being used. See below for a list of well-known
+	// identifiers.
+	//
+	// Type: Enum
+	// RequirementLevel: Optional
+	// Stability: experimental
+	DBSystemKey = attribute.Key("db.system")
+
+	// DBUserKey is the attribute Key conforming to the "db.user" semantic
+	// conventions. It represents the username for accessing the database.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 'readonly_user', 'reporting_user'
+	DBUserKey = attribute.Key("db.user")
+)
+
+var (
+	// all
+	DBCassandraConsistencyLevelAll = DBCassandraConsistencyLevelKey.String("all")
+	// each_quorum
+	DBCassandraConsistencyLevelEachQuorum = DBCassandraConsistencyLevelKey.String("each_quorum")
+	// quorum
+	DBCassandraConsistencyLevelQuorum = DBCassandraConsistencyLevelKey.String("quorum")
+	// local_quorum
+	DBCassandraConsistencyLevelLocalQuorum = DBCassandraConsistencyLevelKey.String("local_quorum")
+	// one
+	DBCassandraConsistencyLevelOne = DBCassandraConsistencyLevelKey.String("one")
+	// two
+	DBCassandraConsistencyLevelTwo = DBCassandraConsistencyLevelKey.String("two")
+	// three
+	DBCassandraConsistencyLevelThree = DBCassandraConsistencyLevelKey.String("three")
+	// local_one
+	DBCassandraConsistencyLevelLocalOne = DBCassandraConsistencyLevelKey.String("local_one")
+	// any
+	DBCassandraConsistencyLevelAny = DBCassandraConsistencyLevelKey.String("any")
+	// serial
+	DBCassandraConsistencyLevelSerial = DBCassandraConsistencyLevelKey.String("serial")
+	// local_serial
+	DBCassandraConsistencyLevelLocalSerial = DBCassandraConsistencyLevelKey.String("local_serial")
+)
+
+var (
+	// Gateway (HTTP) connections mode
+	DBCosmosDBConnectionModeGateway = DBCosmosDBConnectionModeKey.String("gateway")
+	// Direct connection
+	DBCosmosDBConnectionModeDirect = DBCosmosDBConnectionModeKey.String("direct")
+)
+
+var (
+	// invalid
+	DBCosmosDBOperationTypeInvalid = DBCosmosDBOperationTypeKey.String("Invalid")
+	// create
+	DBCosmosDBOperationTypeCreate = DBCosmosDBOperationTypeKey.String("Create")
+	// patch
+	DBCosmosDBOperationTypePatch = DBCosmosDBOperationTypeKey.String("Patch")
+	// read
+	DBCosmosDBOperationTypeRead = DBCosmosDBOperationTypeKey.String("Read")
+	// read_feed
+	DBCosmosDBOperationTypeReadFeed = DBCosmosDBOperationTypeKey.String("ReadFeed")
+	// delete
+	DBCosmosDBOperationTypeDelete = DBCosmosDBOperationTypeKey.String("Delete")
+	// replace
+	DBCosmosDBOperationTypeReplace = DBCosmosDBOperationTypeKey.String("Replace")
+	// execute
+	DBCosmosDBOperationTypeExecute = DBCosmosDBOperationTypeKey.String("Execute")
+	// query
+	DBCosmosDBOperationTypeQuery = DBCosmosDBOperationTypeKey.String("Query")
+	// head
+	DBCosmosDBOperationTypeHead = DBCosmosDBOperationTypeKey.String("Head")
+	// head_feed
+	DBCosmosDBOperationTypeHeadFeed = DBCosmosDBOperationTypeKey.String("HeadFeed")
+	// upsert
+	DBCosmosDBOperationTypeUpsert = DBCosmosDBOperationTypeKey.String("Upsert")
+	// batch
+	DBCosmosDBOperationTypeBatch = DBCosmosDBOperationTypeKey.String("Batch")
+	// query_plan
+	DBCosmosDBOperationTypeQueryPlan = DBCosmosDBOperationTypeKey.String("QueryPlan")
+	// execute_javascript
+	DBCosmosDBOperationTypeExecuteJavascript = DBCosmosDBOperationTypeKey.String("ExecuteJavaScript")
+)
+
+var (
+	// Some other SQL database. Fallback only. See notes
+	DBSystemOtherSQL = DBSystemKey.String("other_sql")
+	// Microsoft SQL Server
+	DBSystemMSSQL = DBSystemKey.String("mssql")
+	// Microsoft SQL Server Compact
+	DBSystemMssqlcompact = DBSystemKey.String("mssqlcompact")
+	// MySQL
+	DBSystemMySQL = DBSystemKey.String("mysql")
+	// Oracle Database
+	DBSystemOracle = DBSystemKey.String("oracle")
+	// IBM DB2
+	DBSystemDB2 = DBSystemKey.String("db2")
+	// PostgreSQL
+	DBSystemPostgreSQL = DBSystemKey.String("postgresql")
+	// Amazon Redshift
+	DBSystemRedshift = DBSystemKey.String("redshift")
+	// Apache Hive
+	DBSystemHive = DBSystemKey.String("hive")
+	// Cloudscape
+	DBSystemCloudscape = DBSystemKey.String("cloudscape")
+	// HyperSQL DataBase
+	DBSystemHSQLDB = DBSystemKey.String("hsqldb")
+	// Progress Database
+	DBSystemProgress = DBSystemKey.String("progress")
+	// SAP MaxDB
+	DBSystemMaxDB = DBSystemKey.String("maxdb")
+	// SAP HANA
+	DBSystemHanaDB = DBSystemKey.String("hanadb")
+	// Ingres
+	DBSystemIngres = DBSystemKey.String("ingres")
+	// FirstSQL
+	DBSystemFirstSQL = DBSystemKey.String("firstsql")
+	// EnterpriseDB
+	DBSystemEDB = DBSystemKey.String("edb")
+	// InterSystems Caché
+	DBSystemCache = DBSystemKey.String("cache")
+	// Adabas (Adaptable Database System)
+	DBSystemAdabas = DBSystemKey.String("adabas")
+	// Firebird
+	DBSystemFirebird = DBSystemKey.String("firebird")
+	// Apache Derby
+	DBSystemDerby = DBSystemKey.String("derby")
+	// FileMaker
+	DBSystemFilemaker = DBSystemKey.String("filemaker")
+	// Informix
+	DBSystemInformix = DBSystemKey.String("informix")
+	// InstantDB
+	DBSystemInstantDB = DBSystemKey.String("instantdb")
+	// InterBase
+	DBSystemInterbase = DBSystemKey.String("interbase")
+	// MariaDB
+	DBSystemMariaDB = DBSystemKey.String("mariadb")
+	// Netezza
+	DBSystemNetezza = DBSystemKey.String("netezza")
+	// Pervasive PSQL
+	DBSystemPervasive = DBSystemKey.String("pervasive")
+	// PointBase
+	DBSystemPointbase = DBSystemKey.String("pointbase")
+	// SQLite
+	DBSystemSqlite = DBSystemKey.String("sqlite")
+	// Sybase
+	DBSystemSybase = DBSystemKey.String("sybase")
+	// Teradata
+	DBSystemTeradata = DBSystemKey.String("teradata")
+	// Vertica
+	DBSystemVertica = DBSystemKey.String("vertica")
+	// H2
+	DBSystemH2 = DBSystemKey.String("h2")
+	// ColdFusion IMQ
+	DBSystemColdfusion = DBSystemKey.String("coldfusion")
+	// Apache Cassandra
+	DBSystemCassandra = DBSystemKey.String("cassandra")
+	// Apache HBase
+	DBSystemHBase = DBSystemKey.String("hbase")
+	// MongoDB
+	DBSystemMongoDB = DBSystemKey.String("mongodb")
+	// Redis
+	DBSystemRedis = DBSystemKey.String("redis")
+	// Couchbase
+	DBSystemCouchbase = DBSystemKey.String("couchbase")
+	// CouchDB
+	DBSystemCouchDB = DBSystemKey.String("couchdb")
+	// Microsoft Azure Cosmos DB
+	DBSystemCosmosDB = DBSystemKey.String("cosmosdb")
+	// Amazon DynamoDB
+	DBSystemDynamoDB = DBSystemKey.String("dynamodb")
+	// Neo4j
+	DBSystemNeo4j = DBSystemKey.String("neo4j")
+	// Apache Geode
+	DBSystemGeode = DBSystemKey.String("geode")
+	// Elasticsearch
+	DBSystemElasticsearch = DBSystemKey.String("elasticsearch")
+	// Memcached
+	DBSystemMemcached = DBSystemKey.String("memcached")
+	// CockroachDB
+	DBSystemCockroachdb = DBSystemKey.String("cockroachdb")
+	// OpenSearch
+	DBSystemOpensearch = DBSystemKey.String("opensearch")
+	// ClickHouse
+	DBSystemClickhouse = DBSystemKey.String("clickhouse")
+	// Cloud Spanner
+	DBSystemSpanner = DBSystemKey.String("spanner")
+	// Trino
+	DBSystemTrino = DBSystemKey.String("trino")
+)
+
+// DBCassandraCoordinatorDC returns an attribute KeyValue conforming to the
+// "db.cassandra.coordinator.dc" semantic conventions. It represents the data
+// center of the coordinating node for a query.
+func DBCassandraCoordinatorDC(val string) attribute.KeyValue {
+	return DBCassandraCoordinatorDCKey.String(val)
+}
+
+// DBCassandraCoordinatorID returns an attribute KeyValue conforming to the
+// "db.cassandra.coordinator.id" semantic conventions. It represents the ID of
+// the coordinating node for a query.
+func DBCassandraCoordinatorID(val string) attribute.KeyValue {
+	return DBCassandraCoordinatorIDKey.String(val)
+}
+
+// DBCassandraIdempotence returns an attribute KeyValue conforming to the
+// "db.cassandra.idempotence" semantic conventions. It represents the whether
+// or not the query is idempotent.
+func DBCassandraIdempotence(val bool) attribute.KeyValue {
+	return DBCassandraIdempotenceKey.Bool(val)
+}
+
+// DBCassandraPageSize returns an attribute KeyValue conforming to the
+// "db.cassandra.page_size" semantic conventions. It represents the fetch size
+// used for paging, i.e. how many rows will be returned at once.
+func DBCassandraPageSize(val int) attribute.KeyValue {
+	return DBCassandraPageSizeKey.Int(val)
+}
+
+// DBCassandraSpeculativeExecutionCount returns an attribute KeyValue
+// conforming to the "db.cassandra.speculative_execution_count" semantic
+// conventions. It represents the number of times a query was speculatively
+// executed. Not set or `0` if the query was not executed speculatively.
+func DBCassandraSpeculativeExecutionCount(val int) attribute.KeyValue {
+	return DBCassandraSpeculativeExecutionCountKey.Int(val)
+}
+
+// DBCassandraTable returns an attribute KeyValue conforming to the
+// "db.cassandra.table" semantic conventions. It represents the name of the
+// primary Cassandra table that the operation is acting upon, including the
+// keyspace name (if applicable).
+func DBCassandraTable(val string) attribute.KeyValue {
+	return DBCassandraTableKey.String(val)
+}
+
+// DBConnectionString returns an attribute KeyValue conforming to the
+// "db.connection_string" semantic conventions. It represents the connection
+// string used to connect to the database. It is recommended to remove embedded
+// credentials.
+func DBConnectionString(val string) attribute.KeyValue {
+	return DBConnectionStringKey.String(val)
+}
+
+// DBCosmosDBClientID returns an attribute KeyValue conforming to the
+// "db.cosmosdb.client_id" semantic conventions. It represents the unique
+// Cosmos client instance id.
+func DBCosmosDBClientID(val string) attribute.KeyValue {
+	return DBCosmosDBClientIDKey.String(val)
+}
+
+// DBCosmosDBContainer returns an attribute KeyValue conforming to the
+// "db.cosmosdb.container" semantic conventions. It represents the cosmos DB
+// container name.
+func DBCosmosDBContainer(val string) attribute.KeyValue {
+	return DBCosmosDBContainerKey.String(val)
+}
+
+// DBCosmosDBRequestCharge returns an attribute KeyValue conforming to the
+// "db.cosmosdb.request_charge" semantic conventions. It represents the rU
+// consumed for that operation
+func DBCosmosDBRequestCharge(val float64) attribute.KeyValue {
+	return DBCosmosDBRequestChargeKey.Float64(val)
+}
+
+// DBCosmosDBRequestContentLength returns an attribute KeyValue conforming
+// to the "db.cosmosdb.request_content_length" semantic conventions. It
+// represents the request payload size in bytes
+func DBCosmosDBRequestContentLength(val int) attribute.KeyValue {
+	return DBCosmosDBRequestContentLengthKey.Int(val)
+}
+
+// DBCosmosDBStatusCode returns an attribute KeyValue conforming to the
+// "db.cosmosdb.status_code" semantic conventions. It represents the cosmos DB
+// status code.
+func DBCosmosDBStatusCode(val int) attribute.KeyValue {
+	return DBCosmosDBStatusCodeKey.Int(val)
+}
+
+// DBCosmosDBSubStatusCode returns an attribute KeyValue conforming to the
+// "db.cosmosdb.sub_status_code" semantic conventions. It represents the cosmos
+// DB sub status code.
+func DBCosmosDBSubStatusCode(val int) attribute.KeyValue {
+	return DBCosmosDBSubStatusCodeKey.Int(val)
+}
+
+// DBElasticsearchClusterName returns an attribute KeyValue conforming to
+// the "db.elasticsearch.cluster.name" semantic conventions. It represents the
+// represents the identifier of an Elasticsearch cluster.
+func DBElasticsearchClusterName(val string) attribute.KeyValue {
+	return DBElasticsearchClusterNameKey.String(val)
+}
+
+// DBElasticsearchNodeName returns an attribute KeyValue conforming to the
+// "db.elasticsearch.node.name" semantic conventions. It represents the
+// represents the human-readable identifier of the node/instance to which a
+// request was routed.
+func DBElasticsearchNodeName(val string) attribute.KeyValue {
+	return DBElasticsearchNodeNameKey.String(val)
+}
+
+// DBInstanceID returns an attribute KeyValue conforming to the
+// "db.instance.id" semantic conventions. It represents an identifier (address,
+// unique name, or any other identifier) of the database instance that is
+// executing queries or mutations on the current connection. This is useful in
+// cases where the database is running in a clustered environment and the
+// instrumentation is able to record the node executing the query. The client
+// may obtain this value in databases like MySQL using queries like `select
+// @@hostname`.
+func DBInstanceID(val string) attribute.KeyValue {
+	return DBInstanceIDKey.String(val)
+}
+
+// DBJDBCDriverClassname returns an attribute KeyValue conforming to the
+// "db.jdbc.driver_classname" semantic conventions. It represents the
+// fully-qualified class name of the [Java Database Connectivity
+// (JDBC)](https://docs.oracle.com/javase/8/docs/technotes/guides/jdbc/) driver
+// used to connect.
+func DBJDBCDriverClassname(val string) attribute.KeyValue {
+	return DBJDBCDriverClassnameKey.String(val)
+}
+
+// DBMongoDBCollection returns an attribute KeyValue conforming to the
+// "db.mongodb.collection" semantic conventions. It represents the MongoDB
+// collection being accessed within the database stated in `db.name`.
+func DBMongoDBCollection(val string) attribute.KeyValue {
+	return DBMongoDBCollectionKey.String(val)
+}
+
+// DBMSSQLInstanceName returns an attribute KeyValue conforming to the
+// "db.mssql.instance_name" semantic conventions. It represents the Microsoft
+// SQL Server [instance
+// name](https://docs.microsoft.com/sql/connect/jdbc/building-the-connection-url?view=sql-server-ver15)
+// connecting to. This name is used to determine the port of a named instance.
+func DBMSSQLInstanceName(val string) attribute.KeyValue {
+	return DBMSSQLInstanceNameKey.String(val)
+}
+
+// DBName returns an attribute KeyValue conforming to the "db.name" semantic
+// conventions. It represents the this attribute is used to report the name of
+// the database being accessed. For commands that switch the database, this
+// should be set to the target database (even if the command fails).
+func DBName(val string) attribute.KeyValue {
+	return DBNameKey.String(val)
+}
+
+// DBOperation returns an attribute KeyValue conforming to the
+// "db.operation" semantic conventions. It represents the name of the operation
+// being executed, e.g. the [MongoDB command
+// name](https://docs.mongodb.com/manual/reference/command/#database-operations)
+// such as `findAndModify`, or the SQL keyword.
+func DBOperation(val string) attribute.KeyValue {
+	return DBOperationKey.String(val)
+}
+
+// DBRedisDBIndex returns an attribute KeyValue conforming to the
+// "db.redis.database_index" semantic conventions. It represents the index of
+// the database being accessed as used in the [`SELECT`
+// command](https://redis.io/commands/select), provided as an integer. To be
+// used instead of the generic `db.name` attribute.
+func DBRedisDBIndex(val int) attribute.KeyValue {
+	return DBRedisDBIndexKey.Int(val)
+}
+
+// DBSQLTable returns an attribute KeyValue conforming to the "db.sql.table"
+// semantic conventions. It represents the name of the primary table that the
+// operation is acting upon, including the database name (if applicable).
+func DBSQLTable(val string) attribute.KeyValue {
+	return DBSQLTableKey.String(val)
+}
+
+// DBStatement returns an attribute KeyValue conforming to the
+// "db.statement" semantic conventions. It represents the database statement
+// being executed.
+func DBStatement(val string) attribute.KeyValue {
+	return DBStatementKey.String(val)
+}
+
+// DBUser returns an attribute KeyValue conforming to the "db.user" semantic
+// conventions. It represents the username for accessing the database.
+func DBUser(val string) attribute.KeyValue {
+	return DBUserKey.String(val)
+}
+
+// Describes deprecated HTTP attributes.
+const (
+	// HTTPFlavorKey is the attribute Key conforming to the "http.flavor"
+	// semantic conventions.
+	//
+	// Type: Enum
+	// RequirementLevel: Optional
+	// Stability: deprecated
+	// Deprecated: use `network.protocol.name` instead.
+	HTTPFlavorKey = attribute.Key("http.flavor")
+
+	// HTTPMethodKey is the attribute Key conforming to the "http.method"
+	// semantic conventions.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: deprecated
+	// Examples: 'GET', 'POST', 'HEAD'
+	// Deprecated: use `http.request.method` instead.
+	HTTPMethodKey = attribute.Key("http.method")
+
+	// HTTPRequestContentLengthKey is the attribute Key conforming to the
+	// "http.request_content_length" semantic conventions.
+	//
+	// Type: int
+	// RequirementLevel: Optional
+	// Stability: deprecated
+	// Examples: 3495
+	// Deprecated: use `http.request.header.content-length` instead.
+	HTTPRequestContentLengthKey = attribute.Key("http.request_content_length")
+
+	// HTTPResponseContentLengthKey is the attribute Key conforming to the
+	// "http.response_content_length" semantic conventions.
+	//
+	// Type: int
+	// RequirementLevel: Optional
+	// Stability: deprecated
+	// Examples: 3495
+	// Deprecated: use `http.response.header.content-length` instead.
+	HTTPResponseContentLengthKey = attribute.Key("http.response_content_length")
+
+	// HTTPSchemeKey is the attribute Key conforming to the "http.scheme"
+	// semantic conventions.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: deprecated
+	// Examples: 'http', 'https'
+	// Deprecated: use `url.scheme` instead.
+	HTTPSchemeKey = attribute.Key("http.scheme")
+
+	// HTTPStatusCodeKey is the attribute Key conforming to the
+	// "http.status_code" semantic conventions.
+	//
+	// Type: int
+	// RequirementLevel: Optional
+	// Stability: deprecated
+	// Examples: 200
+	// Deprecated: use `http.response.status_code` instead.
+	HTTPStatusCodeKey = attribute.Key("http.status_code")
+
+	// HTTPTargetKey is the attribute Key conforming to the "http.target"
+	// semantic conventions.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: deprecated
+	// Examples: '/search?q=OpenTelemetry#SemConv'
+	// Deprecated: use `url.path` and `url.query` instead.
+	HTTPTargetKey = attribute.Key("http.target")
+
+	// HTTPURLKey is the attribute Key conforming to the "http.url" semantic
+	// conventions.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: deprecated
+	// Examples: 'https://www.foo.bar/search?q=OpenTelemetry#SemConv'
+	// Deprecated: use `url.full` instead.
+	HTTPURLKey = attribute.Key("http.url")
+
+	// HTTPUserAgentKey is the attribute Key conforming to the
+	// "http.user_agent" semantic conventions.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: deprecated
+	// Examples: 'CERN-LineMode/2.15 libwww/2.17b3', 'Mozilla/5.0 (iPhone; CPU
+	// iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko)
+	// Version/14.1.2 Mobile/15E148 Safari/604.1'
+	// Deprecated: use `user_agent.original` instead.
+	HTTPUserAgentKey = attribute.Key("http.user_agent")
+)
+
+var (
+	// HTTP/1.0
+	//
+	// Deprecated: use `network.protocol.name` instead.
+	HTTPFlavorHTTP10 = HTTPFlavorKey.String("1.0")
+	// HTTP/1.1
+	//
+	// Deprecated: use `network.protocol.name` instead.
+	HTTPFlavorHTTP11 = HTTPFlavorKey.String("1.1")
+	// HTTP/2
+	//
+	// Deprecated: use `network.protocol.name` instead.
+	HTTPFlavorHTTP20 = HTTPFlavorKey.String("2.0")
+	// HTTP/3
+	//
+	// Deprecated: use `network.protocol.name` instead.
+	HTTPFlavorHTTP30 = HTTPFlavorKey.String("3.0")
+	// SPDY protocol
+	//
+	// Deprecated: use `network.protocol.name` instead.
+	HTTPFlavorSPDY = HTTPFlavorKey.String("SPDY")
+	// QUIC protocol
+	//
+	// Deprecated: use `network.protocol.name` instead.
+	HTTPFlavorQUIC = HTTPFlavorKey.String("QUIC")
+)
+
+// HTTPMethod returns an attribute KeyValue conforming to the "http.method"
+// semantic conventions.
+//
+// Deprecated: use `http.request.method` instead.
+func HTTPMethod(val string) attribute.KeyValue {
+	return HTTPMethodKey.String(val)
+}
+
+// HTTPRequestContentLength returns an attribute KeyValue conforming to the
+// "http.request_content_length" semantic conventions.
+//
+// Deprecated: use `http.request.header.content-length` instead.
+func HTTPRequestContentLength(val int) attribute.KeyValue {
+	return HTTPRequestContentLengthKey.Int(val)
+}
+
+// HTTPResponseContentLength returns an attribute KeyValue conforming to the
+// "http.response_content_length" semantic conventions.
+//
+// Deprecated: use `http.response.header.content-length` instead.
+func HTTPResponseContentLength(val int) attribute.KeyValue {
+	return HTTPResponseContentLengthKey.Int(val)
+}
+
+// HTTPScheme returns an attribute KeyValue conforming to the "http.scheme"
+// semantic conventions.
+//
+// Deprecated: use `url.scheme` instead.
+func HTTPScheme(val string) attribute.KeyValue {
+	return HTTPSchemeKey.String(val)
+}
+
+// HTTPStatusCode returns an attribute KeyValue conforming to the
+// "http.status_code" semantic conventions.
+//
+// Deprecated: use `http.response.status_code` instead.
+func HTTPStatusCode(val int) attribute.KeyValue {
+	return HTTPStatusCodeKey.Int(val)
+}
+
+// HTTPTarget returns an attribute KeyValue conforming to the "http.target"
+// semantic conventions.
+//
+// Deprecated: use `url.path` and `url.query` instead.
+func HTTPTarget(val string) attribute.KeyValue {
+	return HTTPTargetKey.String(val)
+}
+
+// HTTPURL returns an attribute KeyValue conforming to the "http.url"
+// semantic conventions.
+//
+// Deprecated: use `url.full` instead.
+func HTTPURL(val string) attribute.KeyValue {
+	return HTTPURLKey.String(val)
+}
+
+// HTTPUserAgent returns an attribute KeyValue conforming to the
+// "http.user_agent" semantic conventions.
+//
+// Deprecated: use `user_agent.original` instead.
+func HTTPUserAgent(val string) attribute.KeyValue {
+	return HTTPUserAgentKey.String(val)
+}
+
+// These attributes may be used for any network related operation.
+const (
+	// NetHostNameKey is the attribute Key conforming to the "net.host.name"
+	// semantic conventions.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: deprecated
+	// Examples: 'example.com'
+	// Deprecated: use `server.address`.
+	NetHostNameKey = attribute.Key("net.host.name")
+
+	// NetHostPortKey is the attribute Key conforming to the "net.host.port"
+	// semantic conventions.
+	//
+	// Type: int
+	// RequirementLevel: Optional
+	// Stability: deprecated
+	// Examples: 8080
+	// Deprecated: use `server.port`.
+	NetHostPortKey = attribute.Key("net.host.port")
+
+	// NetPeerNameKey is the attribute Key conforming to the "net.peer.name"
+	// semantic conventions.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: deprecated
+	// Examples: 'example.com'
+	// Deprecated: use `server.address` on client spans and `client.address` on
+	// server spans.
+	NetPeerNameKey = attribute.Key("net.peer.name")
+
+	// NetPeerPortKey is the attribute Key conforming to the "net.peer.port"
+	// semantic conventions.
+	//
+	// Type: int
+	// RequirementLevel: Optional
+	// Stability: deprecated
+	// Examples: 8080
+	// Deprecated: use `server.port` on client spans and `client.port` on
+	// server spans.
+	NetPeerPortKey = attribute.Key("net.peer.port")
+
+	// NetProtocolNameKey is the attribute Key conforming to the
+	// "net.protocol.name" semantic conventions.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: deprecated
+	// Examples: 'amqp', 'http', 'mqtt'
+	// Deprecated: use `network.protocol.name`.
+	NetProtocolNameKey = attribute.Key("net.protocol.name")
+
+	// NetProtocolVersionKey is the attribute Key conforming to the
+	// "net.protocol.version" semantic conventions.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: deprecated
+	// Examples: '3.1.1'
+	// Deprecated: use `network.protocol.version`.
+	NetProtocolVersionKey = attribute.Key("net.protocol.version")
+
+	// NetSockFamilyKey is the attribute Key conforming to the
+	// "net.sock.family" semantic conventions.
+	//
+	// Type: Enum
+	// RequirementLevel: Optional
+	// Stability: deprecated
+	// Deprecated: use `network.transport` and `network.type`.
+	NetSockFamilyKey = attribute.Key("net.sock.family")
+
+	// NetSockHostAddrKey is the attribute Key conforming to the
+	// "net.sock.host.addr" semantic conventions.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: deprecated
+	// Examples: '/var/my.sock'
+	// Deprecated: use `network.local.address`.
+	NetSockHostAddrKey = attribute.Key("net.sock.host.addr")
+
+	// NetSockHostPortKey is the attribute Key conforming to the
+	// "net.sock.host.port" semantic conventions.
+	//
+	// Type: int
+	// RequirementLevel: Optional
+	// Stability: deprecated
+	// Examples: 8080
+	// Deprecated: use `network.local.port`.
+	NetSockHostPortKey = attribute.Key("net.sock.host.port")
+
+	// NetSockPeerAddrKey is the attribute Key conforming to the
+	// "net.sock.peer.addr" semantic conventions.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: deprecated
+	// Examples: '192.168.0.1'
+	// Deprecated: use `network.peer.address`.
+	NetSockPeerAddrKey = attribute.Key("net.sock.peer.addr")
+
+	// NetSockPeerNameKey is the attribute Key conforming to the
+	// "net.sock.peer.name" semantic conventions.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: deprecated
+	// Examples: '/var/my.sock'
+	// Deprecated: no replacement at this time.
+	NetSockPeerNameKey = attribute.Key("net.sock.peer.name")
+
+	// NetSockPeerPortKey is the attribute Key conforming to the
+	// "net.sock.peer.port" semantic conventions.
+	//
+	// Type: int
+	// RequirementLevel: Optional
+	// Stability: deprecated
+	// Examples: 65531
+	// Deprecated: use `network.peer.port`.
+	NetSockPeerPortKey = attribute.Key("net.sock.peer.port")
+
+	// NetTransportKey is the attribute Key conforming to the "net.transport"
+	// semantic conventions.
+	//
+	// Type: Enum
+	// RequirementLevel: Optional
+	// Stability: deprecated
+	// Deprecated: use `network.transport`.
+	NetTransportKey = attribute.Key("net.transport")
+)
+
+var (
+	// IPv4 address
+	//
+	// Deprecated: use `network.transport` and `network.type`.
+	NetSockFamilyInet = NetSockFamilyKey.String("inet")
+	// IPv6 address
+	//
+	// Deprecated: use `network.transport` and `network.type`.
+	NetSockFamilyInet6 = NetSockFamilyKey.String("inet6")
+	// Unix domain socket path
+	//
+	// Deprecated: use `network.transport` and `network.type`.
+	NetSockFamilyUnix = NetSockFamilyKey.String("unix")
+)
+
+var (
+	// ip_tcp
+	//
+	// Deprecated: use `network.transport`.
+	NetTransportTCP = NetTransportKey.String("ip_tcp")
+	// ip_udp
+	//
+	// Deprecated: use `network.transport`.
+	NetTransportUDP = NetTransportKey.String("ip_udp")
+	// Named or anonymous pipe
+	//
+	// Deprecated: use `network.transport`.
+	NetTransportPipe = NetTransportKey.String("pipe")
+	// In-process communication
+	//
+	// Deprecated: use `network.transport`.
+	NetTransportInProc = NetTransportKey.String("inproc")
+	// Something else (non IP-based)
+	//
+	// Deprecated: use `network.transport`.
+	NetTransportOther = NetTransportKey.String("other")
+)
+
+// NetHostName returns an attribute KeyValue conforming to the
+// "net.host.name" semantic conventions.
+//
+// Deprecated: use `server.address`.
+func NetHostName(val string) attribute.KeyValue {
+	return NetHostNameKey.String(val)
+}
+
+// NetHostPort returns an attribute KeyValue conforming to the
+// "net.host.port" semantic conventions.
+//
+// Deprecated: use `server.port`.
+func NetHostPort(val int) attribute.KeyValue {
+	return NetHostPortKey.Int(val)
+}
+
+// NetPeerName returns an attribute KeyValue conforming to the
+// "net.peer.name" semantic conventions.
+//
+// Deprecated: use `server.address` on client spans and `client.address` on
+// server spans.
+func NetPeerName(val string) attribute.KeyValue {
+	return NetPeerNameKey.String(val)
+}
+
+// NetPeerPort returns an attribute KeyValue conforming to the
+// "net.peer.port" semantic conventions.
+//
+// Deprecated: use `server.port` on client spans and `client.port` on server
+// spans.
+func NetPeerPort(val int) attribute.KeyValue {
+	return NetPeerPortKey.Int(val)
+}
+
+// NetProtocolName returns an attribute KeyValue conforming to the
+// "net.protocol.name" semantic conventions.
+//
+// Deprecated: use `network.protocol.name`.
+func NetProtocolName(val string) attribute.KeyValue {
+	return NetProtocolNameKey.String(val)
+}
+
+// NetProtocolVersion returns an attribute KeyValue conforming to the
+// "net.protocol.version" semantic conventions.
+//
+// Deprecated: use `network.protocol.version`.
+func NetProtocolVersion(val string) attribute.KeyValue {
+	return NetProtocolVersionKey.String(val)
+}
+
+// NetSockHostAddr returns an attribute KeyValue conforming to the
+// "net.sock.host.addr" semantic conventions.
+//
+// Deprecated: use `network.local.address`.
+func NetSockHostAddr(val string) attribute.KeyValue {
+	return NetSockHostAddrKey.String(val)
+}
+
+// NetSockHostPort returns an attribute KeyValue conforming to the
+// "net.sock.host.port" semantic conventions.
+//
+// Deprecated: use `network.local.port`.
+func NetSockHostPort(val int) attribute.KeyValue {
+	return NetSockHostPortKey.Int(val)
+}
+
+// NetSockPeerAddr returns an attribute KeyValue conforming to the
+// "net.sock.peer.addr" semantic conventions.
+//
+// Deprecated: use `network.peer.address`.
+func NetSockPeerAddr(val string) attribute.KeyValue {
+	return NetSockPeerAddrKey.String(val)
+}
+
+// NetSockPeerName returns an attribute KeyValue conforming to the
+// "net.sock.peer.name" semantic conventions.
+//
+// Deprecated: no replacement at this time.
+func NetSockPeerName(val string) attribute.KeyValue {
+	return NetSockPeerNameKey.String(val)
+}
+
+// NetSockPeerPort returns an attribute KeyValue conforming to the
+// "net.sock.peer.port" semantic conventions.
+//
+// Deprecated: use `network.peer.port`.
+func NetSockPeerPort(val int) attribute.KeyValue {
+	return NetSockPeerPortKey.Int(val)
+}
+
+// These attributes may be used to describe the receiver of a network
+// exchange/packet. These should be used when there is no client/server
+// relationship between the two sides, or when that relationship is unknown.
+// This covers low-level network interactions (e.g. packet tracing) where you
+// don't know if there was a connection or which side initiated it. This also
+// covers unidirectional UDP flows and peer-to-peer communication where the
+// "user-facing" surface of the protocol / API doesn't expose a clear notion of
+// client and server.
+const (
+	// DestinationAddressKey is the attribute Key conforming to the
+	// "destination.address" semantic conventions. It represents the
+	// destination address - domain name if available without reverse DNS
+	// lookup; otherwise, IP address or Unix domain socket name.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 'destination.example.com', '10.1.2.80', '/tmp/my.sock'
+	// Note: When observed from the source side, and when communicating through
+	// an intermediary, `destination.address` SHOULD represent the destination
+	// address behind any intermediaries, for example proxies, if it's
+	// available.
+	DestinationAddressKey = attribute.Key("destination.address")
+
+	// DestinationPortKey is the attribute Key conforming to the
+	// "destination.port" semantic conventions. It represents the destination
+	// port number
+	//
+	// Type: int
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 3389, 2888
+	DestinationPortKey = attribute.Key("destination.port")
+)
+
+// DestinationAddress returns an attribute KeyValue conforming to the
+// "destination.address" semantic conventions. It represents the destination
+// address - domain name if available without reverse DNS lookup; otherwise, IP
+// address or Unix domain socket name.
+func DestinationAddress(val string) attribute.KeyValue {
+	return DestinationAddressKey.String(val)
+}
+
+// DestinationPort returns an attribute KeyValue conforming to the
+// "destination.port" semantic conventions. It represents the destination port
+// number
+func DestinationPort(val int) attribute.KeyValue {
+	return DestinationPortKey.Int(val)
+}
+
+// These attributes may be used for any disk related operation.
+const (
+	// DiskIoDirectionKey is the attribute Key conforming to the
+	// "disk.io.direction" semantic conventions. It represents the disk IO
+	// operation direction.
+	//
+	// Type: Enum
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 'read'
+	DiskIoDirectionKey = attribute.Key("disk.io.direction")
+)
+
+var (
+	// read
+	DiskIoDirectionRead = DiskIoDirectionKey.String("read")
+	// write
+	DiskIoDirectionWrite = DiskIoDirectionKey.String("write")
+)
+
+// The shared attributes used to report an error.
+const (
+	// ErrorTypeKey is the attribute Key conforming to the "error.type"
+	// semantic conventions. It represents the describes a class of error the
+	// operation ended with.
+	//
+	// Type: Enum
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'timeout', 'java.net.UnknownHostException',
+	// 'server_certificate_invalid', '500'
+	// Note: The `error.type` SHOULD be predictable and SHOULD have low
+	// cardinality.
+	// Instrumentations SHOULD document the list of errors they report.
+	//
+	// The cardinality of `error.type` within one instrumentation library
+	// SHOULD be low.
+	// Telemetry consumers that aggregate data from multiple instrumentation
+	// libraries and applications
+	// should be prepared for `error.type` to have high cardinality at query
+	// time when no
+	// additional filters are applied.
+	//
+	// If the operation has completed successfully, instrumentations SHOULD NOT
+	// set `error.type`.
+	//
+	// If a specific domain defines its own set of error identifiers (such as
+	// HTTP or gRPC status codes),
+	// it's RECOMMENDED to:
+	//
+	// * Use a domain-specific attribute
+	// * Set `error.type` to capture all errors, regardless of whether they are
+	// defined within the domain-specific set or not.
+	ErrorTypeKey = attribute.Key("error.type")
+)
+
+var (
+	// A fallback error value to be used when the instrumentation doesn't define a custom value
+	ErrorTypeOther = ErrorTypeKey.String("_OTHER")
+)
+
+// The shared attributes used to report a single exception associated with a
+// span or log.
+const (
+	// ExceptionEscapedKey is the attribute Key conforming to the
+	// "exception.escaped" semantic conventions. It represents the sHOULD be
+	// set to true if the exception event is recorded at a point where it is
+	// known that the exception is escaping the scope of the span.
+	//
+	// Type: boolean
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Note: An exception is considered to have escaped (or left) the scope of
+	// a span,
+	// if that span is ended while the exception is still logically "in
+	// flight".
+	// This may be actually "in flight" in some languages (e.g. if the
+	// exception
+	// is passed to a Context manager's `__exit__` method in Python) but will
+	// usually be caught at the point of recording the exception in most
+	// languages.
+	//
+	// It is usually not possible to determine at the point where an exception
+	// is thrown
+	// whether it will escape the scope of a span.
+	// However, it is trivial to know that an exception
+	// will escape, if one checks for an active exception just before ending
+	// the span,
+	// as done in the [example for recording span
+	// exceptions](#recording-an-exception).
+	//
+	// It follows that an exception may still escape the scope of the span
+	// even if the `exception.escaped` attribute was not set or set to false,
+	// since the event might have been recorded at a time where it was not
+	// clear whether the exception will escape.
+	ExceptionEscapedKey = attribute.Key("exception.escaped")
+
+	// ExceptionMessageKey is the attribute Key conforming to the
+	// "exception.message" semantic conventions. It represents the exception
+	// message.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 'Division by zero', "Can't convert 'int' object to str
+	// implicitly"
+	ExceptionMessageKey = attribute.Key("exception.message")
+
+	// ExceptionStacktraceKey is the attribute Key conforming to the
+	// "exception.stacktrace" semantic conventions. It represents a stacktrace
+	// as a string in the natural representation for the language runtime. The
+	// representation is to be determined and documented by each language SIG.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 'Exception in thread "main" java.lang.RuntimeException: Test
+	// exception\\n at '
+	//  'com.example.GenerateTrace.methodB(GenerateTrace.java:13)\\n at '
+	//  'com.example.GenerateTrace.methodA(GenerateTrace.java:9)\\n at '
+	//  'com.example.GenerateTrace.main(GenerateTrace.java:5)'
+	ExceptionStacktraceKey = attribute.Key("exception.stacktrace")
+
+	// ExceptionTypeKey is the attribute Key conforming to the "exception.type"
+	// semantic conventions. It represents the type of the exception (its
+	// fully-qualified class name, if applicable). The dynamic type of the
+	// exception should be preferred over the static type in languages that
+	// support it.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 'java.net.ConnectException', 'OSError'
+	ExceptionTypeKey = attribute.Key("exception.type")
+)
+
+// ExceptionEscaped returns an attribute KeyValue conforming to the
+// "exception.escaped" semantic conventions. It represents the sHOULD be set to
+// true if the exception event is recorded at a point where it is known that
+// the exception is escaping the scope of the span.
+func ExceptionEscaped(val bool) attribute.KeyValue {
+	return ExceptionEscapedKey.Bool(val)
+}
+
+// ExceptionMessage returns an attribute KeyValue conforming to the
+// "exception.message" semantic conventions. It represents the exception
+// message.
+func ExceptionMessage(val string) attribute.KeyValue {
+	return ExceptionMessageKey.String(val)
+}
+
+// ExceptionStacktrace returns an attribute KeyValue conforming to the
+// "exception.stacktrace" semantic conventions. It represents a stacktrace as a
+// string in the natural representation for the language runtime. The
+// representation is to be determined and documented by each language SIG.
+func ExceptionStacktrace(val string) attribute.KeyValue {
+	return ExceptionStacktraceKey.String(val)
+}
+
+// ExceptionType returns an attribute KeyValue conforming to the
+// "exception.type" semantic conventions. It represents the type of the
+// exception (its fully-qualified class name, if applicable). The dynamic type
+// of the exception should be preferred over the static type in languages that
+// support it.
+func ExceptionType(val string) attribute.KeyValue {
+	return ExceptionTypeKey.String(val)
+}
+
+// Semantic convention attributes in the HTTP namespace.
+const (
+	// HTTPRequestBodySizeKey is the attribute Key conforming to the
+	// "http.request.body.size" semantic conventions. It represents the size of
+	// the request payload body in bytes. This is the number of bytes
+	// transferred excluding headers and is often, but not always, present as
+	// the
+	// [Content-Length](https://www.rfc-editor.org/rfc/rfc9110.html#field.content-length)
+	// header. For requests using transport encoding, this should be the
+	// compressed size.
+	//
+	// Type: int
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 3495
+	HTTPRequestBodySizeKey = attribute.Key("http.request.body.size")
+
+	// HTTPRequestMethodKey is the attribute Key conforming to the
+	// "http.request.method" semantic conventions. It represents the hTTP
+	// request method.
+	//
+	// Type: Enum
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'GET', 'POST', 'HEAD'
+	// Note: HTTP request method value SHOULD be "known" to the
+	// instrumentation.
+	// By default, this convention defines "known" methods as the ones listed
+	// in [RFC9110](https://www.rfc-editor.org/rfc/rfc9110.html#name-methods)
+	// and the PATCH method defined in
+	// [RFC5789](https://www.rfc-editor.org/rfc/rfc5789.html).
+	//
+	// If the HTTP request method is not known to instrumentation, it MUST set
+	// the `http.request.method` attribute to `_OTHER`.
+	//
+	// If the HTTP instrumentation could end up converting valid HTTP request
+	// methods to `_OTHER`, then it MUST provide a way to override
+	// the list of known HTTP methods. If this override is done via environment
+	// variable, then the environment variable MUST be named
+	// OTEL_INSTRUMENTATION_HTTP_KNOWN_METHODS and support a comma-separated
+	// list of case-sensitive known HTTP methods
+	// (this list MUST be a full override of the default known method, it is
+	// not a list of known methods in addition to the defaults).
+	//
+	// HTTP method names are case-sensitive and `http.request.method` attribute
+	// value MUST match a known HTTP method name exactly.
+	// Instrumentations for specific web frameworks that consider HTTP methods
+	// to be case insensitive, SHOULD populate a canonical equivalent.
+	// Tracing instrumentations that do so, MUST also set
+	// `http.request.method_original` to the original value.
+	HTTPRequestMethodKey = attribute.Key("http.request.method")
+
+	// HTTPRequestMethodOriginalKey is the attribute Key conforming to the
+	// "http.request.method_original" semantic conventions. It represents the
+	// original HTTP method sent by the client in the request line.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'GeT', 'ACL', 'foo'
+	HTTPRequestMethodOriginalKey = attribute.Key("http.request.method_original")
+
+	// HTTPRequestResendCountKey is the attribute Key conforming to the
+	// "http.request.resend_count" semantic conventions. It represents the
+	// ordinal number of request resending attempt (for any reason, including
+	// redirects).
+	//
+	// Type: int
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 3
+	// Note: The resend count SHOULD be updated each time an HTTP request gets
+	// resent by the client, regardless of what was the cause of the resending
+	// (e.g. redirection, authorization failure, 503 Server Unavailable,
+	// network issues, or any other).
+	HTTPRequestResendCountKey = attribute.Key("http.request.resend_count")
+
+	// HTTPResponseBodySizeKey is the attribute Key conforming to the
+	// "http.response.body.size" semantic conventions. It represents the size
+	// of the response payload body in bytes. This is the number of bytes
+	// transferred excluding headers and is often, but not always, present as
+	// the
+	// [Content-Length](https://www.rfc-editor.org/rfc/rfc9110.html#field.content-length)
+	// header. For requests using transport encoding, this should be the
+	// compressed size.
+	//
+	// Type: int
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 3495
+	HTTPResponseBodySizeKey = attribute.Key("http.response.body.size")
+
+	// HTTPResponseStatusCodeKey is the attribute Key conforming to the
+	// "http.response.status_code" semantic conventions. It represents the
+	// [HTTP response status
+	// code](https://tools.ietf.org/html/rfc7231#section-6).
+	//
+	// Type: int
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 200
+	HTTPResponseStatusCodeKey = attribute.Key("http.response.status_code")
+
+	// HTTPRouteKey is the attribute Key conforming to the "http.route"
+	// semantic conventions. It represents the matched route, that is, the path
+	// template in the format used by the respective server framework.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: '/users/:userID?', '{controller}/{action}/{id?}'
+	// Note: MUST NOT be populated when this is not supported by the HTTP
+	// server framework as the route attribute should have low-cardinality and
+	// the URI path can NOT substitute it.
+	// SHOULD include the [application
+	// root](/docs/http/http-spans.md#http-server-definitions) if there is one.
+	HTTPRouteKey = attribute.Key("http.route")
+)
+
+var (
+	// CONNECT method
+	HTTPRequestMethodConnect = HTTPRequestMethodKey.String("CONNECT")
+	// DELETE method
+	HTTPRequestMethodDelete = HTTPRequestMethodKey.String("DELETE")
+	// GET method
+	HTTPRequestMethodGet = HTTPRequestMethodKey.String("GET")
+	// HEAD method
+	HTTPRequestMethodHead = HTTPRequestMethodKey.String("HEAD")
+	// OPTIONS method
+	HTTPRequestMethodOptions = HTTPRequestMethodKey.String("OPTIONS")
+	// PATCH method
+	HTTPRequestMethodPatch = HTTPRequestMethodKey.String("PATCH")
+	// POST method
+	HTTPRequestMethodPost = HTTPRequestMethodKey.String("POST")
+	// PUT method
+	HTTPRequestMethodPut = HTTPRequestMethodKey.String("PUT")
+	// TRACE method
+	HTTPRequestMethodTrace = HTTPRequestMethodKey.String("TRACE")
+	// Any HTTP method that the instrumentation has no prior knowledge of
+	HTTPRequestMethodOther = HTTPRequestMethodKey.String("_OTHER")
+)
+
+// HTTPRequestBodySize returns an attribute KeyValue conforming to the
+// "http.request.body.size" semantic conventions. It represents the size of the
+// request payload body in bytes. This is the number of bytes transferred
+// excluding headers and is often, but not always, present as the
+// [Content-Length](https://www.rfc-editor.org/rfc/rfc9110.html#field.content-length)
+// header. For requests using transport encoding, this should be the compressed
+// size.
+func HTTPRequestBodySize(val int) attribute.KeyValue {
+	return HTTPRequestBodySizeKey.Int(val)
+}
+
+// HTTPRequestMethodOriginal returns an attribute KeyValue conforming to the
+// "http.request.method_original" semantic conventions. It represents the
+// original HTTP method sent by the client in the request line.
+func HTTPRequestMethodOriginal(val string) attribute.KeyValue {
+	return HTTPRequestMethodOriginalKey.String(val)
+}
+
+// HTTPRequestResendCount returns an attribute KeyValue conforming to the
+// "http.request.resend_count" semantic conventions. It represents the ordinal
+// number of request resending attempt (for any reason, including redirects).
+func HTTPRequestResendCount(val int) attribute.KeyValue {
+	return HTTPRequestResendCountKey.Int(val)
+}
+
+// HTTPResponseBodySize returns an attribute KeyValue conforming to the
+// "http.response.body.size" semantic conventions. It represents the size of
+// the response payload body in bytes. This is the number of bytes transferred
+// excluding headers and is often, but not always, present as the
+// [Content-Length](https://www.rfc-editor.org/rfc/rfc9110.html#field.content-length)
+// header. For requests using transport encoding, this should be the compressed
+// size.
+func HTTPResponseBodySize(val int) attribute.KeyValue {
+	return HTTPResponseBodySizeKey.Int(val)
+}
+
+// HTTPResponseStatusCode returns an attribute KeyValue conforming to the
+// "http.response.status_code" semantic conventions. It represents the [HTTP
+// response status code](https://tools.ietf.org/html/rfc7231#section-6).
+func HTTPResponseStatusCode(val int) attribute.KeyValue {
+	return HTTPResponseStatusCodeKey.Int(val)
+}
+
+// HTTPRoute returns an attribute KeyValue conforming to the "http.route"
+// semantic conventions. It represents the matched route, that is, the path
+// template in the format used by the respective server framework.
+func HTTPRoute(val string) attribute.KeyValue {
+	return HTTPRouteKey.String(val)
+}
+
+// Attributes describing telemetry around messaging systems and messaging
+// activities.
+const (
+	// MessagingBatchMessageCountKey is the attribute Key conforming to the
+	// "messaging.batch.message_count" semantic conventions. It represents the
+	// number of messages sent, received, or processed in the scope of the
+	// batching operation.
+	//
+	// Type: int
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 0, 1, 2
+	// Note: Instrumentations SHOULD NOT set `messaging.batch.message_count` on
+	// spans that operate with a single message. When a messaging client
+	// library supports both batch and single-message API for the same
+	// operation, instrumentations SHOULD use `messaging.batch.message_count`
+	// for batching APIs and SHOULD NOT use it for single-message APIs.
+	MessagingBatchMessageCountKey = attribute.Key("messaging.batch.message_count")
+
+	// MessagingClientIDKey is the attribute Key conforming to the
+	// "messaging.client_id" semantic conventions. It represents a unique
+	// identifier for the client that consumes or produces a message.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 'client-5', 'myhost@8742@s8083jm'
+	MessagingClientIDKey = attribute.Key("messaging.client_id")
+
+	// MessagingDestinationAnonymousKey is the attribute Key conforming to the
+	// "messaging.destination.anonymous" semantic conventions. It represents a
+	// boolean that is true if the message destination is anonymous (could be
+	// unnamed or have auto-generated name).
+	//
+	// Type: boolean
+	// RequirementLevel: Optional
+	// Stability: experimental
+	MessagingDestinationAnonymousKey = attribute.Key("messaging.destination.anonymous")
+
+	// MessagingDestinationNameKey is the attribute Key conforming to the
+	// "messaging.destination.name" semantic conventions. It represents the
+	// message destination name
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 'MyQueue', 'MyTopic'
+	// Note: Destination name SHOULD uniquely identify a specific queue, topic
+	// or other entity within the broker. If
+	// the broker doesn't have such notion, the destination name SHOULD
+	// uniquely identify the broker.
+	MessagingDestinationNameKey = attribute.Key("messaging.destination.name")
+
+	// MessagingDestinationTemplateKey is the attribute Key conforming to the
+	// "messaging.destination.template" semantic conventions. It represents the
+	// low cardinality representation of the messaging destination name
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: '/customers/{customerID}'
+	// Note: Destination names could be constructed from templates. An example
+	// would be a destination name involving a user name or product id.
+	// Although the destination name in this case is of high cardinality, the
+	// underlying template is of low cardinality and can be effectively used
+	// for grouping and aggregation.
+	MessagingDestinationTemplateKey = attribute.Key("messaging.destination.template")
+
+	// MessagingDestinationTemporaryKey is the attribute Key conforming to the
+	// "messaging.destination.temporary" semantic conventions. It represents a
+	// boolean that is true if the message destination is temporary and might
+	// not exist anymore after messages are processed.
+	//
+	// Type: boolean
+	// RequirementLevel: Optional
+	// Stability: experimental
+	MessagingDestinationTemporaryKey = attribute.Key("messaging.destination.temporary")
+
+	// MessagingDestinationPublishAnonymousKey is the attribute Key conforming
+	// to the "messaging.destination_publish.anonymous" semantic conventions.
+	// It represents a boolean that is true if the publish message destination
+	// is anonymous (could be unnamed or have auto-generated name).
+	//
+	// Type: boolean
+	// RequirementLevel: Optional
+	// Stability: experimental
+	MessagingDestinationPublishAnonymousKey = attribute.Key("messaging.destination_publish.anonymous")
+
+	// MessagingDestinationPublishNameKey is the attribute Key conforming to
+	// the "messaging.destination_publish.name" semantic conventions. It
+	// represents the name of the original destination the message was
+	// published to
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 'MyQueue', 'MyTopic'
+	// Note: The name SHOULD uniquely identify a specific queue, topic, or
+	// other entity within the broker. If
+	// the broker doesn't have such notion, the original destination name
+	// SHOULD uniquely identify the broker.
+	MessagingDestinationPublishNameKey = attribute.Key("messaging.destination_publish.name")
+
+	// MessagingGCPPubsubMessageOrderingKeyKey is the attribute Key conforming
+	// to the "messaging.gcp_pubsub.message.ordering_key" semantic conventions.
+	// It represents the ordering key for a given message. If the attribute is
+	// not present, the message does not have an ordering key.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 'ordering_key'
+	MessagingGCPPubsubMessageOrderingKeyKey = attribute.Key("messaging.gcp_pubsub.message.ordering_key")
+
+	// MessagingKafkaConsumerGroupKey is the attribute Key conforming to the
+	// "messaging.kafka.consumer.group" semantic conventions. It represents the
+	// name of the Kafka Consumer Group that is handling the message. Only
+	// applies to consumers, not producers.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 'my-group'
+	MessagingKafkaConsumerGroupKey = attribute.Key("messaging.kafka.consumer.group")
+
+	// MessagingKafkaDestinationPartitionKey is the attribute Key conforming to
+	// the "messaging.kafka.destination.partition" semantic conventions. It
+	// represents the partition the message is sent to.
+	//
+	// Type: int
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 2
+	MessagingKafkaDestinationPartitionKey = attribute.Key("messaging.kafka.destination.partition")
+
+	// MessagingKafkaMessageKeyKey is the attribute Key conforming to the
+	// "messaging.kafka.message.key" semantic conventions. It represents the
+	// message keys in Kafka are used for grouping alike messages to ensure
+	// they're processed on the same partition. They differ from
+	// `messaging.message.id` in that they're not unique. If the key is `null`,
+	// the attribute MUST NOT be set.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 'myKey'
+	// Note: If the key type is not string, it's string representation has to
+	// be supplied for the attribute. If the key has no unambiguous, canonical
+	// string form, don't include its value.
+	MessagingKafkaMessageKeyKey = attribute.Key("messaging.kafka.message.key")
+
+	// MessagingKafkaMessageOffsetKey is the attribute Key conforming to the
+	// "messaging.kafka.message.offset" semantic conventions. It represents the
+	// offset of a record in the corresponding Kafka partition.
+	//
+	// Type: int
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 42
+	MessagingKafkaMessageOffsetKey = attribute.Key("messaging.kafka.message.offset")
+
+	// MessagingKafkaMessageTombstoneKey is the attribute Key conforming to the
+	// "messaging.kafka.message.tombstone" semantic conventions. It represents
+	// a boolean that is true if the message is a tombstone.
+	//
+	// Type: boolean
+	// RequirementLevel: Optional
+	// Stability: experimental
+	MessagingKafkaMessageTombstoneKey = attribute.Key("messaging.kafka.message.tombstone")
+
+	// MessagingMessageBodySizeKey is the attribute Key conforming to the
+	// "messaging.message.body.size" semantic conventions. It represents the
+	// size of the message body in bytes.
+	//
+	// Type: int
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 1439
+	// Note: This can refer to both the compressed or uncompressed body size.
+	// If both sizes are known, the uncompressed
+	// body size should be used.
+	MessagingMessageBodySizeKey = attribute.Key("messaging.message.body.size")
+
+	// MessagingMessageConversationIDKey is the attribute Key conforming to the
+	// "messaging.message.conversation_id" semantic conventions. It represents
+	// the conversation ID identifying the conversation to which the message
+	// belongs, represented as a string. Sometimes called "Correlation ID".
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 'MyConversationID'
+	MessagingMessageConversationIDKey = attribute.Key("messaging.message.conversation_id")
+
+	// MessagingMessageEnvelopeSizeKey is the attribute Key conforming to the
+	// "messaging.message.envelope.size" semantic conventions. It represents
+	// the size of the message body and metadata in bytes.
+	//
+	// Type: int
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 2738
+	// Note: This can refer to both the compressed or uncompressed size. If
+	// both sizes are known, the uncompressed
+	// size should be used.
+	MessagingMessageEnvelopeSizeKey = attribute.Key("messaging.message.envelope.size")
+
+	// MessagingMessageIDKey is the attribute Key conforming to the
+	// "messaging.message.id" semantic conventions. It represents a value used
+	// by the messaging system as an identifier for the message, represented as
+	// a string.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: '452a7c7c7c7048c2f887f61572b18fc2'
+	MessagingMessageIDKey = attribute.Key("messaging.message.id")
+
+	// MessagingOperationKey is the attribute Key conforming to the
+	// "messaging.operation" semantic conventions. It represents a string
+	// identifying the kind of messaging operation.
+	//
+	// Type: Enum
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Note: If a custom value is used, it MUST be of low cardinality.
+	MessagingOperationKey = attribute.Key("messaging.operation")
+
+	// MessagingRabbitmqDestinationRoutingKeyKey is the attribute Key
+	// conforming to the "messaging.rabbitmq.destination.routing_key" semantic
+	// conventions. It represents the rabbitMQ message routing key.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 'myKey'
+	MessagingRabbitmqDestinationRoutingKeyKey = attribute.Key("messaging.rabbitmq.destination.routing_key")
+
+	// MessagingRocketmqClientGroupKey is the attribute Key conforming to the
+	// "messaging.rocketmq.client_group" semantic conventions. It represents
+	// the name of the RocketMQ producer/consumer group that is handling the
+	// message. The client type is identified by the SpanKind.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 'myConsumerGroup'
+	MessagingRocketmqClientGroupKey = attribute.Key("messaging.rocketmq.client_group")
+
+	// MessagingRocketmqConsumptionModelKey is the attribute Key conforming to
+	// the "messaging.rocketmq.consumption_model" semantic conventions. It
+	// represents the model of message consumption. This only applies to
+	// consumer spans.
+	//
+	// Type: Enum
+	// RequirementLevel: Optional
+	// Stability: experimental
+	MessagingRocketmqConsumptionModelKey = attribute.Key("messaging.rocketmq.consumption_model")
+
+	// MessagingRocketmqMessageDelayTimeLevelKey is the attribute Key
+	// conforming to the "messaging.rocketmq.message.delay_time_level" semantic
+	// conventions. It represents the delay time level for delay message, which
+	// determines the message delay time.
+	//
+	// Type: int
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 3
+	MessagingRocketmqMessageDelayTimeLevelKey = attribute.Key("messaging.rocketmq.message.delay_time_level")
+
+	// MessagingRocketmqMessageDeliveryTimestampKey is the attribute Key
+	// conforming to the "messaging.rocketmq.message.delivery_timestamp"
+	// semantic conventions. It represents the timestamp in milliseconds that
+	// the delay message is expected to be delivered to consumer.
+	//
+	// Type: int
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 1665987217045
+	MessagingRocketmqMessageDeliveryTimestampKey = attribute.Key("messaging.rocketmq.message.delivery_timestamp")
+
+	// MessagingRocketmqMessageGroupKey is the attribute Key conforming to the
+	// "messaging.rocketmq.message.group" semantic conventions. It represents
+	// the it is essential for FIFO message. Messages that belong to the same
+	// message group are always processed one by one within the same consumer
+	// group.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 'myMessageGroup'
+	MessagingRocketmqMessageGroupKey = attribute.Key("messaging.rocketmq.message.group")
+
+	// MessagingRocketmqMessageKeysKey is the attribute Key conforming to the
+	// "messaging.rocketmq.message.keys" semantic conventions. It represents
+	// the key(s) of message, another way to mark message besides message id.
+	//
+	// Type: string[]
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 'keyA', 'keyB'
+	MessagingRocketmqMessageKeysKey = attribute.Key("messaging.rocketmq.message.keys")
+
+	// MessagingRocketmqMessageTagKey is the attribute Key conforming to the
+	// "messaging.rocketmq.message.tag" semantic conventions. It represents the
+	// secondary classifier of message besides topic.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 'tagA'
+	MessagingRocketmqMessageTagKey = attribute.Key("messaging.rocketmq.message.tag")
+
+	// MessagingRocketmqMessageTypeKey is the attribute Key conforming to the
+	// "messaging.rocketmq.message.type" semantic conventions. It represents
+	// the type of message.
+	//
+	// Type: Enum
+	// RequirementLevel: Optional
+	// Stability: experimental
+	MessagingRocketmqMessageTypeKey = attribute.Key("messaging.rocketmq.message.type")
+
+	// MessagingRocketmqNamespaceKey is the attribute Key conforming to the
+	// "messaging.rocketmq.namespace" semantic conventions. It represents the
+	// namespace of RocketMQ resources, resources in different namespaces are
+	// individual.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 'myNamespace'
+	MessagingRocketmqNamespaceKey = attribute.Key("messaging.rocketmq.namespace")
+
+	// MessagingSystemKey is the attribute Key conforming to the
+	// "messaging.system" semantic conventions. It represents an identifier for
+	// the messaging system being used. See below for a list of well-known
+	// identifiers.
+	//
+	// Type: Enum
+	// RequirementLevel: Optional
+	// Stability: experimental
+	MessagingSystemKey = attribute.Key("messaging.system")
+)
+
+var (
+	// One or more messages are provided for publishing to an intermediary. If a single message is published, the context of the "Publish" span can be used as the creation context and no "Create" span needs to be created
+	MessagingOperationPublish = MessagingOperationKey.String("publish")
+	// A message is created. "Create" spans always refer to a single message and are used to provide a unique creation context for messages in batch publishing scenarios
+	MessagingOperationCreate = MessagingOperationKey.String("create")
+	// One or more messages are requested by a consumer. This operation refers to pull-based scenarios, where consumers explicitly call methods of messaging SDKs to receive messages
+	MessagingOperationReceive = MessagingOperationKey.String("receive")
+	// One or more messages are passed to a consumer. This operation refers to push-based scenarios, where consumer register callbacks which get called by messaging SDKs
+	MessagingOperationDeliver = MessagingOperationKey.String("deliver")
+)
+
+var (
+	// Clustering consumption model
+	MessagingRocketmqConsumptionModelClustering = MessagingRocketmqConsumptionModelKey.String("clustering")
+	// Broadcasting consumption model
+	MessagingRocketmqConsumptionModelBroadcasting = MessagingRocketmqConsumptionModelKey.String("broadcasting")
+)
+
+var (
+	// Normal message
+	MessagingRocketmqMessageTypeNormal = MessagingRocketmqMessageTypeKey.String("normal")
+	// FIFO message
+	MessagingRocketmqMessageTypeFifo = MessagingRocketmqMessageTypeKey.String("fifo")
+	// Delay message
+	MessagingRocketmqMessageTypeDelay = MessagingRocketmqMessageTypeKey.String("delay")
+	// Transaction message
+	MessagingRocketmqMessageTypeTransaction = MessagingRocketmqMessageTypeKey.String("transaction")
+)
+
+var (
+	// Apache ActiveMQ
+	MessagingSystemActivemq = MessagingSystemKey.String("activemq")
+	// Amazon Simple Queue Service (SQS)
+	MessagingSystemAWSSqs = MessagingSystemKey.String("aws_sqs")
+	// Azure Event Grid
+	MessagingSystemAzureEventgrid = MessagingSystemKey.String("azure_eventgrid")
+	// Azure Event Hubs
+	MessagingSystemAzureEventhubs = MessagingSystemKey.String("azure_eventhubs")
+	// Azure Service Bus
+	MessagingSystemAzureServicebus = MessagingSystemKey.String("azure_servicebus")
+	// Google Cloud Pub/Sub
+	MessagingSystemGCPPubsub = MessagingSystemKey.String("gcp_pubsub")
+	// Java Message Service
+	MessagingSystemJms = MessagingSystemKey.String("jms")
+	// Apache Kafka
+	MessagingSystemKafka = MessagingSystemKey.String("kafka")
+	// RabbitMQ
+	MessagingSystemRabbitmq = MessagingSystemKey.String("rabbitmq")
+	// Apache RocketMQ
+	MessagingSystemRocketmq = MessagingSystemKey.String("rocketmq")
+)
+
+// MessagingBatchMessageCount returns an attribute KeyValue conforming to
+// the "messaging.batch.message_count" semantic conventions. It represents the
+// number of messages sent, received, or processed in the scope of the batching
+// operation.
+func MessagingBatchMessageCount(val int) attribute.KeyValue {
+	return MessagingBatchMessageCountKey.Int(val)
+}
+
+// MessagingClientID returns an attribute KeyValue conforming to the
+// "messaging.client_id" semantic conventions. It represents a unique
+// identifier for the client that consumes or produces a message.
+func MessagingClientID(val string) attribute.KeyValue {
+	return MessagingClientIDKey.String(val)
+}
+
+// MessagingDestinationAnonymous returns an attribute KeyValue conforming to
+// the "messaging.destination.anonymous" semantic conventions. It represents a
+// boolean that is true if the message destination is anonymous (could be
+// unnamed or have auto-generated name).
+func MessagingDestinationAnonymous(val bool) attribute.KeyValue {
+	return MessagingDestinationAnonymousKey.Bool(val)
+}
+
+// MessagingDestinationName returns an attribute KeyValue conforming to the
+// "messaging.destination.name" semantic conventions. It represents the message
+// destination name
+func MessagingDestinationName(val string) attribute.KeyValue {
+	return MessagingDestinationNameKey.String(val)
+}
+
+// MessagingDestinationTemplate returns an attribute KeyValue conforming to
+// the "messaging.destination.template" semantic conventions. It represents the
+// low cardinality representation of the messaging destination name
+func MessagingDestinationTemplate(val string) attribute.KeyValue {
+	return MessagingDestinationTemplateKey.String(val)
+}
+
+// MessagingDestinationTemporary returns an attribute KeyValue conforming to
+// the "messaging.destination.temporary" semantic conventions. It represents a
+// boolean that is true if the message destination is temporary and might not
+// exist anymore after messages are processed.
+func MessagingDestinationTemporary(val bool) attribute.KeyValue {
+	return MessagingDestinationTemporaryKey.Bool(val)
+}
+
+// MessagingDestinationPublishAnonymous returns an attribute KeyValue
+// conforming to the "messaging.destination_publish.anonymous" semantic
+// conventions. It represents a boolean that is true if the publish message
+// destination is anonymous (could be unnamed or have auto-generated name).
+func MessagingDestinationPublishAnonymous(val bool) attribute.KeyValue {
+	return MessagingDestinationPublishAnonymousKey.Bool(val)
+}
+
+// MessagingDestinationPublishName returns an attribute KeyValue conforming
+// to the "messaging.destination_publish.name" semantic conventions. It
+// represents the name of the original destination the message was published to
+func MessagingDestinationPublishName(val string) attribute.KeyValue {
+	return MessagingDestinationPublishNameKey.String(val)
+}
+
+// MessagingGCPPubsubMessageOrderingKey returns an attribute KeyValue
+// conforming to the "messaging.gcp_pubsub.message.ordering_key" semantic
+// conventions. It represents the ordering key for a given message. If the
+// attribute is not present, the message does not have an ordering key.
+func MessagingGCPPubsubMessageOrderingKey(val string) attribute.KeyValue {
+	return MessagingGCPPubsubMessageOrderingKeyKey.String(val)
+}
+
+// MessagingKafkaConsumerGroup returns an attribute KeyValue conforming to
+// the "messaging.kafka.consumer.group" semantic conventions. It represents the
+// name of the Kafka Consumer Group that is handling the message. Only applies
+// to consumers, not producers.
+func MessagingKafkaConsumerGroup(val string) attribute.KeyValue {
+	return MessagingKafkaConsumerGroupKey.String(val)
+}
+
+// MessagingKafkaDestinationPartition returns an attribute KeyValue
+// conforming to the "messaging.kafka.destination.partition" semantic
+// conventions. It represents the partition the message is sent to.
+func MessagingKafkaDestinationPartition(val int) attribute.KeyValue {
+	return MessagingKafkaDestinationPartitionKey.Int(val)
+}
+
+// MessagingKafkaMessageKey returns an attribute KeyValue conforming to the
+// "messaging.kafka.message.key" semantic conventions. It represents the
+// message keys in Kafka are used for grouping alike messages to ensure they're
+// processed on the same partition. They differ from `messaging.message.id` in
+// that they're not unique. If the key is `null`, the attribute MUST NOT be
+// set.
+func MessagingKafkaMessageKey(val string) attribute.KeyValue {
+	return MessagingKafkaMessageKeyKey.String(val)
+}
+
+// MessagingKafkaMessageOffset returns an attribute KeyValue conforming to
+// the "messaging.kafka.message.offset" semantic conventions. It represents the
+// offset of a record in the corresponding Kafka partition.
+func MessagingKafkaMessageOffset(val int) attribute.KeyValue {
+	return MessagingKafkaMessageOffsetKey.Int(val)
+}
+
+// MessagingKafkaMessageTombstone returns an attribute KeyValue conforming
+// to the "messaging.kafka.message.tombstone" semantic conventions. It
+// represents a boolean that is true if the message is a tombstone.
+func MessagingKafkaMessageTombstone(val bool) attribute.KeyValue {
+	return MessagingKafkaMessageTombstoneKey.Bool(val)
+}
+
+// MessagingMessageBodySize returns an attribute KeyValue conforming to the
+// "messaging.message.body.size" semantic conventions. It represents the size
+// of the message body in bytes.
+func MessagingMessageBodySize(val int) attribute.KeyValue {
+	return MessagingMessageBodySizeKey.Int(val)
+}
+
+// MessagingMessageConversationID returns an attribute KeyValue conforming
+// to the "messaging.message.conversation_id" semantic conventions. It
+// represents the conversation ID identifying the conversation to which the
+// message belongs, represented as a string. Sometimes called "Correlation ID".
+func MessagingMessageConversationID(val string) attribute.KeyValue {
+	return MessagingMessageConversationIDKey.String(val)
+}
+
+// MessagingMessageEnvelopeSize returns an attribute KeyValue conforming to
+// the "messaging.message.envelope.size" semantic conventions. It represents
+// the size of the message body and metadata in bytes.
+func MessagingMessageEnvelopeSize(val int) attribute.KeyValue {
+	return MessagingMessageEnvelopeSizeKey.Int(val)
+}
+
+// MessagingMessageID returns an attribute KeyValue conforming to the
+// "messaging.message.id" semantic conventions. It represents a value used by
+// the messaging system as an identifier for the message, represented as a
+// string.
+func MessagingMessageID(val string) attribute.KeyValue {
+	return MessagingMessageIDKey.String(val)
+}
+
+// MessagingRabbitmqDestinationRoutingKey returns an attribute KeyValue
+// conforming to the "messaging.rabbitmq.destination.routing_key" semantic
+// conventions. It represents the rabbitMQ message routing key.
+func MessagingRabbitmqDestinationRoutingKey(val string) attribute.KeyValue {
+	return MessagingRabbitmqDestinationRoutingKeyKey.String(val)
+}
+
+// MessagingRocketmqClientGroup returns an attribute KeyValue conforming to
+// the "messaging.rocketmq.client_group" semantic conventions. It represents
+// the name of the RocketMQ producer/consumer group that is handling the
+// message. The client type is identified by the SpanKind.
+func MessagingRocketmqClientGroup(val string) attribute.KeyValue {
+	return MessagingRocketmqClientGroupKey.String(val)
+}
+
+// MessagingRocketmqMessageDelayTimeLevel returns an attribute KeyValue
+// conforming to the "messaging.rocketmq.message.delay_time_level" semantic
+// conventions. It represents the delay time level for delay message, which
+// determines the message delay time.
+func MessagingRocketmqMessageDelayTimeLevel(val int) attribute.KeyValue {
+	return MessagingRocketmqMessageDelayTimeLevelKey.Int(val)
+}
+
+// MessagingRocketmqMessageDeliveryTimestamp returns an attribute KeyValue
+// conforming to the "messaging.rocketmq.message.delivery_timestamp" semantic
+// conventions. It represents the timestamp in milliseconds that the delay
+// message is expected to be delivered to consumer.
+func MessagingRocketmqMessageDeliveryTimestamp(val int) attribute.KeyValue {
+	return MessagingRocketmqMessageDeliveryTimestampKey.Int(val)
+}
+
+// MessagingRocketmqMessageGroup returns an attribute KeyValue conforming to
+// the "messaging.rocketmq.message.group" semantic conventions. It represents
+// the it is essential for FIFO message. Messages that belong to the same
+// message group are always processed one by one within the same consumer
+// group.
+func MessagingRocketmqMessageGroup(val string) attribute.KeyValue {
+	return MessagingRocketmqMessageGroupKey.String(val)
+}
+
+// MessagingRocketmqMessageKeys returns an attribute KeyValue conforming to
+// the "messaging.rocketmq.message.keys" semantic conventions. It represents
+// the key(s) of message, another way to mark message besides message id.
+func MessagingRocketmqMessageKeys(val ...string) attribute.KeyValue {
+	return MessagingRocketmqMessageKeysKey.StringSlice(val)
+}
+
+// MessagingRocketmqMessageTag returns an attribute KeyValue conforming to
+// the "messaging.rocketmq.message.tag" semantic conventions. It represents the
+// secondary classifier of message besides topic.
+func MessagingRocketmqMessageTag(val string) attribute.KeyValue {
+	return MessagingRocketmqMessageTagKey.String(val)
+}
+
+// MessagingRocketmqNamespace returns an attribute KeyValue conforming to
+// the "messaging.rocketmq.namespace" semantic conventions. It represents the
+// namespace of RocketMQ resources, resources in different namespaces are
+// individual.
+func MessagingRocketmqNamespace(val string) attribute.KeyValue {
+	return MessagingRocketmqNamespaceKey.String(val)
+}
+
+// These attributes may be used for any network related operation.
+const (
+	// NetworkCarrierIccKey is the attribute Key conforming to the
+	// "network.carrier.icc" semantic conventions. It represents the ISO 3166-1
+	// alpha-2 2-character country code associated with the mobile carrier
+	// network.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 'DE'
+	NetworkCarrierIccKey = attribute.Key("network.carrier.icc")
+
+	// NetworkCarrierMccKey is the attribute Key conforming to the
+	// "network.carrier.mcc" semantic conventions. It represents the mobile
+	// carrier country code.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: '310'
+	NetworkCarrierMccKey = attribute.Key("network.carrier.mcc")
+
+	// NetworkCarrierMncKey is the attribute Key conforming to the
+	// "network.carrier.mnc" semantic conventions. It represents the mobile
+	// carrier network code.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: '001'
+	NetworkCarrierMncKey = attribute.Key("network.carrier.mnc")
+
+	// NetworkCarrierNameKey is the attribute Key conforming to the
+	// "network.carrier.name" semantic conventions. It represents the name of
+	// the mobile carrier.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 'sprint'
+	NetworkCarrierNameKey = attribute.Key("network.carrier.name")
+
+	// NetworkConnectionSubtypeKey is the attribute Key conforming to the
+	// "network.connection.subtype" semantic conventions. It represents the
+	// this describes more details regarding the connection.type. It may be the
+	// type of cell technology connection, but it could be used for describing
+	// details about a wifi connection.
+	//
+	// Type: Enum
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 'LTE'
+	NetworkConnectionSubtypeKey = attribute.Key("network.connection.subtype")
+
+	// NetworkConnectionTypeKey is the attribute Key conforming to the
+	// "network.connection.type" semantic conventions. It represents the
+	// internet connection type.
+	//
+	// Type: Enum
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 'wifi'
+	NetworkConnectionTypeKey = attribute.Key("network.connection.type")
+
+	// NetworkIoDirectionKey is the attribute Key conforming to the
+	// "network.io.direction" semantic conventions. It represents the network
+	// IO operation direction.
+	//
+	// Type: Enum
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 'transmit'
+	NetworkIoDirectionKey = attribute.Key("network.io.direction")
+
+	// NetworkLocalAddressKey is the attribute Key conforming to the
+	// "network.local.address" semantic conventions. It represents the local
+	// address of the network connection - IP address or Unix domain socket
+	// name.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: '10.1.2.80', '/tmp/my.sock'
+	NetworkLocalAddressKey = attribute.Key("network.local.address")
+
+	// NetworkLocalPortKey is the attribute Key conforming to the
+	// "network.local.port" semantic conventions. It represents the local port
+	// number of the network connection.
+	//
+	// Type: int
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 65123
+	NetworkLocalPortKey = attribute.Key("network.local.port")
+
+	// NetworkPeerAddressKey is the attribute Key conforming to the
+	// "network.peer.address" semantic conventions. It represents the peer
+	// address of the network connection - IP address or Unix domain socket
+	// name.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: '10.1.2.80', '/tmp/my.sock'
+	NetworkPeerAddressKey = attribute.Key("network.peer.address")
+
+	// NetworkPeerPortKey is the attribute Key conforming to the
+	// "network.peer.port" semantic conventions. It represents the peer port
+	// number of the network connection.
+	//
+	// Type: int
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 65123
+	NetworkPeerPortKey = attribute.Key("network.peer.port")
+
+	// NetworkProtocolNameKey is the attribute Key conforming to the
+	// "network.protocol.name" semantic conventions. It represents the [OSI
+	// application layer](https://osi-model.com/application-layer/) or non-OSI
+	// equivalent.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'amqp', 'http', 'mqtt'
+	// Note: The value SHOULD be normalized to lowercase.
+	NetworkProtocolNameKey = attribute.Key("network.protocol.name")
+
+	// NetworkProtocolVersionKey is the attribute Key conforming to the
+	// "network.protocol.version" semantic conventions. It represents the
+	// version of the protocol specified in `network.protocol.name`.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: '3.1.1'
+	// Note: `network.protocol.version` refers to the version of the protocol
+	// used and might be different from the protocol client's version. If the
+	// HTTP client has a version of `0.27.2`, but sends HTTP version `1.1`,
+	// this attribute should be set to `1.1`.
+	NetworkProtocolVersionKey = attribute.Key("network.protocol.version")
+
+	// NetworkTransportKey is the attribute Key conforming to the
+	// "network.transport" semantic conventions. It represents the [OSI
+	// transport layer](https://osi-model.com/transport-layer/) or
+	// [inter-process communication
+	// method](https://wikipedia.org/wiki/Inter-process_communication).
+	//
+	// Type: Enum
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'tcp', 'udp'
+	// Note: The value SHOULD be normalized to lowercase.
+	//
+	// Consider always setting the transport when setting a port number, since
+	// a port number is ambiguous without knowing the transport. For example
+	// different processes could be listening on TCP port 12345 and UDP port
+	// 12345.
+	NetworkTransportKey = attribute.Key("network.transport")
+
+	// NetworkTypeKey is the attribute Key conforming to the "network.type"
+	// semantic conventions. It represents the [OSI network
+	// layer](https://osi-model.com/network-layer/) or non-OSI equivalent.
+	//
+	// Type: Enum
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'ipv4', 'ipv6'
+	// Note: The value SHOULD be normalized to lowercase.
+	NetworkTypeKey = attribute.Key("network.type")
+)
+
+var (
+	// GPRS
+	NetworkConnectionSubtypeGprs = NetworkConnectionSubtypeKey.String("gprs")
+	// EDGE
+	NetworkConnectionSubtypeEdge = NetworkConnectionSubtypeKey.String("edge")
+	// UMTS
+	NetworkConnectionSubtypeUmts = NetworkConnectionSubtypeKey.String("umts")
+	// CDMA
+	NetworkConnectionSubtypeCdma = NetworkConnectionSubtypeKey.String("cdma")
+	// EVDO Rel. 0
+	NetworkConnectionSubtypeEvdo0 = NetworkConnectionSubtypeKey.String("evdo_0")
+	// EVDO Rev. A
+	NetworkConnectionSubtypeEvdoA = NetworkConnectionSubtypeKey.String("evdo_a")
+	// CDMA2000 1XRTT
+	NetworkConnectionSubtypeCdma20001xrtt = NetworkConnectionSubtypeKey.String("cdma2000_1xrtt")
+	// HSDPA
+	NetworkConnectionSubtypeHsdpa = NetworkConnectionSubtypeKey.String("hsdpa")
+	// HSUPA
+	NetworkConnectionSubtypeHsupa = NetworkConnectionSubtypeKey.String("hsupa")
+	// HSPA
+	NetworkConnectionSubtypeHspa = NetworkConnectionSubtypeKey.String("hspa")
+	// IDEN
+	NetworkConnectionSubtypeIden = NetworkConnectionSubtypeKey.String("iden")
+	// EVDO Rev. B
+	NetworkConnectionSubtypeEvdoB = NetworkConnectionSubtypeKey.String("evdo_b")
+	// LTE
+	NetworkConnectionSubtypeLte = NetworkConnectionSubtypeKey.String("lte")
+	// EHRPD
+	NetworkConnectionSubtypeEhrpd = NetworkConnectionSubtypeKey.String("ehrpd")
+	// HSPAP
+	NetworkConnectionSubtypeHspap = NetworkConnectionSubtypeKey.String("hspap")
+	// GSM
+	NetworkConnectionSubtypeGsm = NetworkConnectionSubtypeKey.String("gsm")
+	// TD-SCDMA
+	NetworkConnectionSubtypeTdScdma = NetworkConnectionSubtypeKey.String("td_scdma")
+	// IWLAN
+	NetworkConnectionSubtypeIwlan = NetworkConnectionSubtypeKey.String("iwlan")
+	// 5G NR (New Radio)
+	NetworkConnectionSubtypeNr = NetworkConnectionSubtypeKey.String("nr")
+	// 5G NRNSA (New Radio Non-Standalone)
+	NetworkConnectionSubtypeNrnsa = NetworkConnectionSubtypeKey.String("nrnsa")
+	// LTE CA
+	NetworkConnectionSubtypeLteCa = NetworkConnectionSubtypeKey.String("lte_ca")
+)
+
+var (
+	// wifi
+	NetworkConnectionTypeWifi = NetworkConnectionTypeKey.String("wifi")
+	// wired
+	NetworkConnectionTypeWired = NetworkConnectionTypeKey.String("wired")
+	// cell
+	NetworkConnectionTypeCell = NetworkConnectionTypeKey.String("cell")
+	// unavailable
+	NetworkConnectionTypeUnavailable = NetworkConnectionTypeKey.String("unavailable")
+	// unknown
+	NetworkConnectionTypeUnknown = NetworkConnectionTypeKey.String("unknown")
+)
+
+var (
+	// transmit
+	NetworkIoDirectionTransmit = NetworkIoDirectionKey.String("transmit")
+	// receive
+	NetworkIoDirectionReceive = NetworkIoDirectionKey.String("receive")
+)
+
+var (
+	// TCP
+	NetworkTransportTCP = NetworkTransportKey.String("tcp")
+	// UDP
+	NetworkTransportUDP = NetworkTransportKey.String("udp")
+	// Named or anonymous pipe
+	NetworkTransportPipe = NetworkTransportKey.String("pipe")
+	// Unix domain socket
+	NetworkTransportUnix = NetworkTransportKey.String("unix")
+)
+
+var (
+	// IPv4
+	NetworkTypeIpv4 = NetworkTypeKey.String("ipv4")
+	// IPv6
+	NetworkTypeIpv6 = NetworkTypeKey.String("ipv6")
+)
+
+// NetworkCarrierIcc returns an attribute KeyValue conforming to the
+// "network.carrier.icc" semantic conventions. It represents the ISO 3166-1
+// alpha-2 2-character country code associated with the mobile carrier network.
+func NetworkCarrierIcc(val string) attribute.KeyValue {
+	return NetworkCarrierIccKey.String(val)
+}
+
+// NetworkCarrierMcc returns an attribute KeyValue conforming to the
+// "network.carrier.mcc" semantic conventions. It represents the mobile carrier
+// country code.
+func NetworkCarrierMcc(val string) attribute.KeyValue {
+	return NetworkCarrierMccKey.String(val)
+}
+
+// NetworkCarrierMnc returns an attribute KeyValue conforming to the
+// "network.carrier.mnc" semantic conventions. It represents the mobile carrier
+// network code.
+func NetworkCarrierMnc(val string) attribute.KeyValue {
+	return NetworkCarrierMncKey.String(val)
+}
+
+// NetworkCarrierName returns an attribute KeyValue conforming to the
+// "network.carrier.name" semantic conventions. It represents the name of the
+// mobile carrier.
+func NetworkCarrierName(val string) attribute.KeyValue {
+	return NetworkCarrierNameKey.String(val)
+}
+
+// NetworkLocalAddress returns an attribute KeyValue conforming to the
+// "network.local.address" semantic conventions. It represents the local
+// address of the network connection - IP address or Unix domain socket name.
+func NetworkLocalAddress(val string) attribute.KeyValue {
+	return NetworkLocalAddressKey.String(val)
+}
+
+// NetworkLocalPort returns an attribute KeyValue conforming to the
+// "network.local.port" semantic conventions. It represents the local port
+// number of the network connection.
+func NetworkLocalPort(val int) attribute.KeyValue {
+	return NetworkLocalPortKey.Int(val)
+}
+
+// NetworkPeerAddress returns an attribute KeyValue conforming to the
+// "network.peer.address" semantic conventions. It represents the peer address
+// of the network connection - IP address or Unix domain socket name.
+func NetworkPeerAddress(val string) attribute.KeyValue {
+	return NetworkPeerAddressKey.String(val)
+}
+
+// NetworkPeerPort returns an attribute KeyValue conforming to the
+// "network.peer.port" semantic conventions. It represents the peer port number
+// of the network connection.
+func NetworkPeerPort(val int) attribute.KeyValue {
+	return NetworkPeerPortKey.Int(val)
+}
+
+// NetworkProtocolName returns an attribute KeyValue conforming to the
+// "network.protocol.name" semantic conventions. It represents the [OSI
+// application layer](https://osi-model.com/application-layer/) or non-OSI
+// equivalent.
+func NetworkProtocolName(val string) attribute.KeyValue {
+	return NetworkProtocolNameKey.String(val)
+}
+
+// NetworkProtocolVersion returns an attribute KeyValue conforming to the
+// "network.protocol.version" semantic conventions. It represents the version
+// of the protocol specified in `network.protocol.name`.
+func NetworkProtocolVersion(val string) attribute.KeyValue {
+	return NetworkProtocolVersionKey.String(val)
+}
+
+// Attributes for remote procedure calls.
+const (
+	// RPCConnectRPCErrorCodeKey is the attribute Key conforming to the
+	// "rpc.connect_rpc.error_code" semantic conventions. It represents the
+	// [error codes](https://connect.build/docs/protocol/#error-codes) of the
+	// Connect request. Error codes are always string values.
+	//
+	// Type: Enum
+	// RequirementLevel: Optional
+	// Stability: experimental
+	RPCConnectRPCErrorCodeKey = attribute.Key("rpc.connect_rpc.error_code")
+
+	// RPCGRPCStatusCodeKey is the attribute Key conforming to the
+	// "rpc.grpc.status_code" semantic conventions. It represents the [numeric
+	// status
+	// code](https://github.com/grpc/grpc/blob/v1.33.2/doc/statuscodes.md) of
+	// the gRPC request.
+	//
+	// Type: Enum
+	// RequirementLevel: Optional
+	// Stability: experimental
+	RPCGRPCStatusCodeKey = attribute.Key("rpc.grpc.status_code")
+
+	// RPCJsonrpcErrorCodeKey is the attribute Key conforming to the
+	// "rpc.jsonrpc.error_code" semantic conventions. It represents the
+	// `error.code` property of response if it is an error response.
+	//
+	// Type: int
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: -32700, 100
+	RPCJsonrpcErrorCodeKey = attribute.Key("rpc.jsonrpc.error_code")
+
+	// RPCJsonrpcErrorMessageKey is the attribute Key conforming to the
+	// "rpc.jsonrpc.error_message" semantic conventions. It represents the
+	// `error.message` property of response if it is an error response.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 'Parse error', 'User already exists'
+	RPCJsonrpcErrorMessageKey = attribute.Key("rpc.jsonrpc.error_message")
+
+	// RPCJsonrpcRequestIDKey is the attribute Key conforming to the
+	// "rpc.jsonrpc.request_id" semantic conventions. It represents the `id`
+	// property of request or response. Since protocol allows id to be int,
+	// string, `null` or missing (for notifications), value is expected to be
+	// cast to string for simplicity. Use empty string in case of `null` value.
+	// Omit entirely if this is a notification.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: '10', 'request-7', ''
+	RPCJsonrpcRequestIDKey = attribute.Key("rpc.jsonrpc.request_id")
+
+	// RPCJsonrpcVersionKey is the attribute Key conforming to the
+	// "rpc.jsonrpc.version" semantic conventions. It represents the protocol
+	// version as in `jsonrpc` property of request/response. Since JSON-RPC 1.0
+	// doesn't specify this, the value can be omitted.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: '2.0', '1.0'
+	RPCJsonrpcVersionKey = attribute.Key("rpc.jsonrpc.version")
+
+	// RPCMethodKey is the attribute Key conforming to the "rpc.method"
+	// semantic conventions. It represents the name of the (logical) method
+	// being called, must be equal to the $method part in the span name.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 'exampleMethod'
+	// Note: This is the logical name of the method from the RPC interface
+	// perspective, which can be different from the name of any implementing
+	// method/function. The `code.function` attribute may be used to store the
+	// latter (e.g., method actually executing the call on the server side, RPC
+	// client stub method on the client side).
+	RPCMethodKey = attribute.Key("rpc.method")
+
+	// RPCServiceKey is the attribute Key conforming to the "rpc.service"
+	// semantic conventions. It represents the full (logical) name of the
+	// service being called, including its package name, if applicable.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 'myservice.EchoService'
+	// Note: This is the logical name of the service from the RPC interface
+	// perspective, which can be different from the name of any implementing
+	// class. The `code.namespace` attribute may be used to store the latter
+	// (despite the attribute name, it may include a class name; e.g., class
+	// with method actually executing the call on the server side, RPC client
+	// stub class on the client side).
+	RPCServiceKey = attribute.Key("rpc.service")
+
+	// RPCSystemKey is the attribute Key conforming to the "rpc.system"
+	// semantic conventions. It represents a string identifying the remoting
+	// system. See below for a list of well-known identifiers.
+	//
+	// Type: Enum
+	// RequirementLevel: Optional
+	// Stability: experimental
+	RPCSystemKey = attribute.Key("rpc.system")
+)
+
+var (
+	// cancelled
+	RPCConnectRPCErrorCodeCancelled = RPCConnectRPCErrorCodeKey.String("cancelled")
+	// unknown
+	RPCConnectRPCErrorCodeUnknown = RPCConnectRPCErrorCodeKey.String("unknown")
+	// invalid_argument
+	RPCConnectRPCErrorCodeInvalidArgument = RPCConnectRPCErrorCodeKey.String("invalid_argument")
+	// deadline_exceeded
+	RPCConnectRPCErrorCodeDeadlineExceeded = RPCConnectRPCErrorCodeKey.String("deadline_exceeded")
+	// not_found
+	RPCConnectRPCErrorCodeNotFound = RPCConnectRPCErrorCodeKey.String("not_found")
+	// already_exists
+	RPCConnectRPCErrorCodeAlreadyExists = RPCConnectRPCErrorCodeKey.String("already_exists")
+	// permission_denied
+	RPCConnectRPCErrorCodePermissionDenied = RPCConnectRPCErrorCodeKey.String("permission_denied")
+	// resource_exhausted
+	RPCConnectRPCErrorCodeResourceExhausted = RPCConnectRPCErrorCodeKey.String("resource_exhausted")
+	// failed_precondition
+	RPCConnectRPCErrorCodeFailedPrecondition = RPCConnectRPCErrorCodeKey.String("failed_precondition")
+	// aborted
+	RPCConnectRPCErrorCodeAborted = RPCConnectRPCErrorCodeKey.String("aborted")
+	// out_of_range
+	RPCConnectRPCErrorCodeOutOfRange = RPCConnectRPCErrorCodeKey.String("out_of_range")
+	// unimplemented
+	RPCConnectRPCErrorCodeUnimplemented = RPCConnectRPCErrorCodeKey.String("unimplemented")
+	// internal
+	RPCConnectRPCErrorCodeInternal = RPCConnectRPCErrorCodeKey.String("internal")
+	// unavailable
+	RPCConnectRPCErrorCodeUnavailable = RPCConnectRPCErrorCodeKey.String("unavailable")
+	// data_loss
+	RPCConnectRPCErrorCodeDataLoss = RPCConnectRPCErrorCodeKey.String("data_loss")
+	// unauthenticated
+	RPCConnectRPCErrorCodeUnauthenticated = RPCConnectRPCErrorCodeKey.String("unauthenticated")
+)
+
+var (
+	// OK
+	RPCGRPCStatusCodeOk = RPCGRPCStatusCodeKey.Int(0)
+	// CANCELLED
+	RPCGRPCStatusCodeCancelled = RPCGRPCStatusCodeKey.Int(1)
+	// UNKNOWN
+	RPCGRPCStatusCodeUnknown = RPCGRPCStatusCodeKey.Int(2)
+	// INVALID_ARGUMENT
+	RPCGRPCStatusCodeInvalidArgument = RPCGRPCStatusCodeKey.Int(3)
+	// DEADLINE_EXCEEDED
+	RPCGRPCStatusCodeDeadlineExceeded = RPCGRPCStatusCodeKey.Int(4)
+	// NOT_FOUND
+	RPCGRPCStatusCodeNotFound = RPCGRPCStatusCodeKey.Int(5)
+	// ALREADY_EXISTS
+	RPCGRPCStatusCodeAlreadyExists = RPCGRPCStatusCodeKey.Int(6)
+	// PERMISSION_DENIED
+	RPCGRPCStatusCodePermissionDenied = RPCGRPCStatusCodeKey.Int(7)
+	// RESOURCE_EXHAUSTED
+	RPCGRPCStatusCodeResourceExhausted = RPCGRPCStatusCodeKey.Int(8)
+	// FAILED_PRECONDITION
+	RPCGRPCStatusCodeFailedPrecondition = RPCGRPCStatusCodeKey.Int(9)
+	// ABORTED
+	RPCGRPCStatusCodeAborted = RPCGRPCStatusCodeKey.Int(10)
+	// OUT_OF_RANGE
+	RPCGRPCStatusCodeOutOfRange = RPCGRPCStatusCodeKey.Int(11)
+	// UNIMPLEMENTED
+	RPCGRPCStatusCodeUnimplemented = RPCGRPCStatusCodeKey.Int(12)
+	// INTERNAL
+	RPCGRPCStatusCodeInternal = RPCGRPCStatusCodeKey.Int(13)
+	// UNAVAILABLE
+	RPCGRPCStatusCodeUnavailable = RPCGRPCStatusCodeKey.Int(14)
+	// DATA_LOSS
+	RPCGRPCStatusCodeDataLoss = RPCGRPCStatusCodeKey.Int(15)
+	// UNAUTHENTICATED
+	RPCGRPCStatusCodeUnauthenticated = RPCGRPCStatusCodeKey.Int(16)
+)
+
+var (
+	// gRPC
+	RPCSystemGRPC = RPCSystemKey.String("grpc")
+	// Java RMI
+	RPCSystemJavaRmi = RPCSystemKey.String("java_rmi")
+	// .NET WCF
+	RPCSystemDotnetWcf = RPCSystemKey.String("dotnet_wcf")
+	// Apache Dubbo
+	RPCSystemApacheDubbo = RPCSystemKey.String("apache_dubbo")
+	// Connect RPC
+	RPCSystemConnectRPC = RPCSystemKey.String("connect_rpc")
+)
+
+// RPCJsonrpcErrorCode returns an attribute KeyValue conforming to the
+// "rpc.jsonrpc.error_code" semantic conventions. It represents the
+// `error.code` property of response if it is an error response.
+func RPCJsonrpcErrorCode(val int) attribute.KeyValue {
+	return RPCJsonrpcErrorCodeKey.Int(val)
+}
+
+// RPCJsonrpcErrorMessage returns an attribute KeyValue conforming to the
+// "rpc.jsonrpc.error_message" semantic conventions. It represents the
+// `error.message` property of response if it is an error response.
+func RPCJsonrpcErrorMessage(val string) attribute.KeyValue {
+	return RPCJsonrpcErrorMessageKey.String(val)
+}
+
+// RPCJsonrpcRequestID returns an attribute KeyValue conforming to the
+// "rpc.jsonrpc.request_id" semantic conventions. It represents the `id`
+// property of request or response. Since protocol allows id to be int, string,
+// `null` or missing (for notifications), value is expected to be cast to
+// string for simplicity. Use empty string in case of `null` value. Omit
+// entirely if this is a notification.
+func RPCJsonrpcRequestID(val string) attribute.KeyValue {
+	return RPCJsonrpcRequestIDKey.String(val)
+}
+
+// RPCJsonrpcVersion returns an attribute KeyValue conforming to the
+// "rpc.jsonrpc.version" semantic conventions. It represents the protocol
+// version as in `jsonrpc` property of request/response. Since JSON-RPC 1.0
+// doesn't specify this, the value can be omitted.
+func RPCJsonrpcVersion(val string) attribute.KeyValue {
+	return RPCJsonrpcVersionKey.String(val)
+}
+
+// RPCMethod returns an attribute KeyValue conforming to the "rpc.method"
+// semantic conventions. It represents the name of the (logical) method being
+// called, must be equal to the $method part in the span name.
+func RPCMethod(val string) attribute.KeyValue {
+	return RPCMethodKey.String(val)
+}
+
+// RPCService returns an attribute KeyValue conforming to the "rpc.service"
+// semantic conventions. It represents the full (logical) name of the service
+// being called, including its package name, if applicable.
+func RPCService(val string) attribute.KeyValue {
+	return RPCServiceKey.String(val)
+}
+
+// These attributes may be used to describe the server in a connection-based
+// network interaction where there is one side that initiates the connection
+// (the client is the side that initiates the connection). This covers all TCP
+// network interactions since TCP is connection-based and one side initiates
+// the connection (an exception is made for peer-to-peer communication over TCP
+// where the "user-facing" surface of the protocol / API doesn't expose a clear
+// notion of client and server). This also covers UDP network interactions
+// where one side initiates the interaction, e.g. QUIC (HTTP/3) and DNS.
+const (
+	// ServerAddressKey is the attribute Key conforming to the "server.address"
+	// semantic conventions. It represents the server domain name if available
+	// without reverse DNS lookup; otherwise, IP address or Unix domain socket
+	// name.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'example.com', '10.1.2.80', '/tmp/my.sock'
+	// Note: When observed from the client side, and when communicating through
+	// an intermediary, `server.address` SHOULD represent the server address
+	// behind any intermediaries, for example proxies, if it's available.
+	ServerAddressKey = attribute.Key("server.address")
+
+	// ServerPortKey is the attribute Key conforming to the "server.port"
+	// semantic conventions. It represents the server port number.
+	//
+	// Type: int
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 80, 8080, 443
+	// Note: When observed from the client side, and when communicating through
+	// an intermediary, `server.port` SHOULD represent the server port behind
+	// any intermediaries, for example proxies, if it's available.
+	ServerPortKey = attribute.Key("server.port")
+)
+
+// ServerAddress returns an attribute KeyValue conforming to the
+// "server.address" semantic conventions. It represents the server domain name
+// if available without reverse DNS lookup; otherwise, IP address or Unix
+// domain socket name.
+func ServerAddress(val string) attribute.KeyValue {
+	return ServerAddressKey.String(val)
+}
+
+// ServerPort returns an attribute KeyValue conforming to the "server.port"
+// semantic conventions. It represents the server port number.
+func ServerPort(val int) attribute.KeyValue {
+	return ServerPortKey.Int(val)
+}
+
+// These attributes may be used to describe the sender of a network
+// exchange/packet. These should be used when there is no client/server
+// relationship between the two sides, or when that relationship is unknown.
+// This covers low-level network interactions (e.g. packet tracing) where you
+// don't know if there was a connection or which side initiated it. This also
+// covers unidirectional UDP flows and peer-to-peer communication where the
+// "user-facing" surface of the protocol / API doesn't expose a clear notion of
+// client and server.
+const (
+	// SourceAddressKey is the attribute Key conforming to the "source.address"
+	// semantic conventions. It represents the source address - domain name if
+	// available without reverse DNS lookup; otherwise, IP address or Unix
+	// domain socket name.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 'source.example.com', '10.1.2.80', '/tmp/my.sock'
+	// Note: When observed from the destination side, and when communicating
+	// through an intermediary, `source.address` SHOULD represent the source
+	// address behind any intermediaries, for example proxies, if it's
+	// available.
+	SourceAddressKey = attribute.Key("source.address")
+
+	// SourcePortKey is the attribute Key conforming to the "source.port"
+	// semantic conventions. It represents the source port number
+	//
+	// Type: int
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 3389, 2888
+	SourcePortKey = attribute.Key("source.port")
+)
+
+// SourceAddress returns an attribute KeyValue conforming to the
+// "source.address" semantic conventions. It represents the source address -
+// domain name if available without reverse DNS lookup; otherwise, IP address
+// or Unix domain socket name.
+func SourceAddress(val string) attribute.KeyValue {
+	return SourceAddressKey.String(val)
+}
+
+// SourcePort returns an attribute KeyValue conforming to the "source.port"
+// semantic conventions. It represents the source port number
+func SourcePort(val int) attribute.KeyValue {
+	return SourcePortKey.Int(val)
+}
+
+// Semantic convention attributes in the TLS namespace.
+const (
+	// TLSCipherKey is the attribute Key conforming to the "tls.cipher"
+	// semantic conventions. It represents the string indicating the
+	// [cipher](https://datatracker.ietf.org/doc/html/rfc5246#appendix-A.5)
+	// used during the current connection.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 'TLS_RSA_WITH_3DES_EDE_CBC_SHA',
+	// 'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256'
+	// Note: The values allowed for `tls.cipher` MUST be one of the
+	// `Descriptions` of the [registered TLS Cipher
+	// Suits](https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#table-tls-parameters-4).
+	TLSCipherKey = attribute.Key("tls.cipher")
+
+	// TLSClientCertificateKey is the attribute Key conforming to the
+	// "tls.client.certificate" semantic conventions. It represents the
+	// pEM-encoded stand-alone certificate offered by the client. This is
+	// usually mutually-exclusive of `client.certificate_chain` since this
+	// value also exists in that list.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 'MII...'
+	TLSClientCertificateKey = attribute.Key("tls.client.certificate")
+
+	// TLSClientCertificateChainKey is the attribute Key conforming to the
+	// "tls.client.certificate_chain" semantic conventions. It represents the
+	// array of PEM-encoded certificates that make up the certificate chain
+	// offered by the client. This is usually mutually-exclusive of
+	// `client.certificate` since that value should be the first certificate in
+	// the chain.
+	//
+	// Type: string[]
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 'MII...', 'MI...'
+	TLSClientCertificateChainKey = attribute.Key("tls.client.certificate_chain")
+
+	// TLSClientHashMd5Key is the attribute Key conforming to the
+	// "tls.client.hash.md5" semantic conventions. It represents the
+	// certificate fingerprint using the MD5 digest of DER-encoded version of
+	// certificate offered by the client. For consistency with other hash
+	// values, this value should be formatted as an uppercase hash.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: '0F76C7F2C55BFD7D8E8B8F4BFBF0C9EC'
+	TLSClientHashMd5Key = attribute.Key("tls.client.hash.md5")
+
+	// TLSClientHashSha1Key is the attribute Key conforming to the
+	// "tls.client.hash.sha1" semantic conventions. It represents the
+	// certificate fingerprint using the SHA1 digest of DER-encoded version of
+	// certificate offered by the client. For consistency with other hash
+	// values, this value should be formatted as an uppercase hash.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: '9E393D93138888D288266C2D915214D1D1CCEB2A'
+	TLSClientHashSha1Key = attribute.Key("tls.client.hash.sha1")
+
+	// TLSClientHashSha256Key is the attribute Key conforming to the
+	// "tls.client.hash.sha256" semantic conventions. It represents the
+	// certificate fingerprint using the SHA256 digest of DER-encoded version
+	// of certificate offered by the client. For consistency with other hash
+	// values, this value should be formatted as an uppercase hash.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples:
+	// '0687F666A054EF17A08E2F2162EAB4CBC0D265E1D7875BE74BF3C712CA92DAF0'
+	TLSClientHashSha256Key = attribute.Key("tls.client.hash.sha256")
+
+	// TLSClientIssuerKey is the attribute Key conforming to the
+	// "tls.client.issuer" semantic conventions. It represents the
+	// distinguished name of
+	// [subject](https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.6)
+	// of the issuer of the x.509 certificate presented by the client.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 'CN=Example Root CA, OU=Infrastructure Team, DC=example,
+	// DC=com'
+	TLSClientIssuerKey = attribute.Key("tls.client.issuer")
+
+	// TLSClientJa3Key is the attribute Key conforming to the "tls.client.ja3"
+	// semantic conventions. It represents a hash that identifies clients based
+	// on how they perform an SSL/TLS handshake.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 'd4e5b18d6b55c71272893221c96ba240'
+	TLSClientJa3Key = attribute.Key("tls.client.ja3")
+
+	// TLSClientNotAfterKey is the attribute Key conforming to the
+	// "tls.client.not_after" semantic conventions. It represents the date/Time
+	// indicating when client certificate is no longer considered valid.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: '2021-01-01T00:00:00.000Z'
+	TLSClientNotAfterKey = attribute.Key("tls.client.not_after")
+
+	// TLSClientNotBeforeKey is the attribute Key conforming to the
+	// "tls.client.not_before" semantic conventions. It represents the
+	// date/Time indicating when client certificate is first considered valid.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: '1970-01-01T00:00:00.000Z'
+	TLSClientNotBeforeKey = attribute.Key("tls.client.not_before")
+
+	// TLSClientServerNameKey is the attribute Key conforming to the
+	// "tls.client.server_name" semantic conventions. It represents the also
+	// called an SNI, this tells the server which hostname to which the client
+	// is attempting to connect to.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 'opentelemetry.io'
+	TLSClientServerNameKey = attribute.Key("tls.client.server_name")
+
+	// TLSClientSubjectKey is the attribute Key conforming to the
+	// "tls.client.subject" semantic conventions. It represents the
+	// distinguished name of subject of the x.509 certificate presented by the
+	// client.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 'CN=myclient, OU=Documentation Team, DC=example, DC=com'
+	TLSClientSubjectKey = attribute.Key("tls.client.subject")
+
+	// TLSClientSupportedCiphersKey is the attribute Key conforming to the
+	// "tls.client.supported_ciphers" semantic conventions. It represents the
+	// array of ciphers offered by the client during the client hello.
+	//
+	// Type: string[]
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: '"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
+	// "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "..."'
+	TLSClientSupportedCiphersKey = attribute.Key("tls.client.supported_ciphers")
+
+	// TLSCurveKey is the attribute Key conforming to the "tls.curve" semantic
+	// conventions. It represents the string indicating the curve used for the
+	// given cipher, when applicable
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 'secp256r1'
+	TLSCurveKey = attribute.Key("tls.curve")
+
+	// TLSEstablishedKey is the attribute Key conforming to the
+	// "tls.established" semantic conventions. It represents the boolean flag
+	// indicating if the TLS negotiation was successful and transitioned to an
+	// encrypted tunnel.
+	//
+	// Type: boolean
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: True
+	TLSEstablishedKey = attribute.Key("tls.established")
+
+	// TLSNextProtocolKey is the attribute Key conforming to the
+	// "tls.next_protocol" semantic conventions. It represents the string
+	// indicating the protocol being tunneled. Per the values in the [IANA
+	// registry](https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#alpn-protocol-ids),
+	// this string should be lower case.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 'http/1.1'
+	TLSNextProtocolKey = attribute.Key("tls.next_protocol")
+
+	// TLSProtocolNameKey is the attribute Key conforming to the
+	// "tls.protocol.name" semantic conventions. It represents the normalized
+	// lowercase protocol name parsed from original string of the negotiated
+	// [SSL/TLS protocol
+	// version](https://www.openssl.org/docs/man1.1.1/man3/SSL_get_version.html#RETURN-VALUES)
+	//
+	// Type: Enum
+	// RequirementLevel: Optional
+	// Stability: experimental
+	TLSProtocolNameKey = attribute.Key("tls.protocol.name")
+
+	// TLSProtocolVersionKey is the attribute Key conforming to the
+	// "tls.protocol.version" semantic conventions. It represents the numeric
+	// part of the version parsed from the original string of the negotiated
+	// [SSL/TLS protocol
+	// version](https://www.openssl.org/docs/man1.1.1/man3/SSL_get_version.html#RETURN-VALUES)
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: '1.2', '3'
+	TLSProtocolVersionKey = attribute.Key("tls.protocol.version")
+
+	// TLSResumedKey is the attribute Key conforming to the "tls.resumed"
+	// semantic conventions. It represents the boolean flag indicating if this
+	// TLS connection was resumed from an existing TLS negotiation.
+	//
+	// Type: boolean
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: True
+	TLSResumedKey = attribute.Key("tls.resumed")
+
+	// TLSServerCertificateKey is the attribute Key conforming to the
+	// "tls.server.certificate" semantic conventions. It represents the
+	// pEM-encoded stand-alone certificate offered by the server. This is
+	// usually mutually-exclusive of `server.certificate_chain` since this
+	// value also exists in that list.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 'MII...'
+	TLSServerCertificateKey = attribute.Key("tls.server.certificate")
+
+	// TLSServerCertificateChainKey is the attribute Key conforming to the
+	// "tls.server.certificate_chain" semantic conventions. It represents the
+	// array of PEM-encoded certificates that make up the certificate chain
+	// offered by the server. This is usually mutually-exclusive of
+	// `server.certificate` since that value should be the first certificate in
+	// the chain.
+	//
+	// Type: string[]
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 'MII...', 'MI...'
+	TLSServerCertificateChainKey = attribute.Key("tls.server.certificate_chain")
+
+	// TLSServerHashMd5Key is the attribute Key conforming to the
+	// "tls.server.hash.md5" semantic conventions. It represents the
+	// certificate fingerprint using the MD5 digest of DER-encoded version of
+	// certificate offered by the server. For consistency with other hash
+	// values, this value should be formatted as an uppercase hash.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: '0F76C7F2C55BFD7D8E8B8F4BFBF0C9EC'
+	TLSServerHashMd5Key = attribute.Key("tls.server.hash.md5")
+
+	// TLSServerHashSha1Key is the attribute Key conforming to the
+	// "tls.server.hash.sha1" semantic conventions. It represents the
+	// certificate fingerprint using the SHA1 digest of DER-encoded version of
+	// certificate offered by the server. For consistency with other hash
+	// values, this value should be formatted as an uppercase hash.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: '9E393D93138888D288266C2D915214D1D1CCEB2A'
+	TLSServerHashSha1Key = attribute.Key("tls.server.hash.sha1")
+
+	// TLSServerHashSha256Key is the attribute Key conforming to the
+	// "tls.server.hash.sha256" semantic conventions. It represents the
+	// certificate fingerprint using the SHA256 digest of DER-encoded version
+	// of certificate offered by the server. For consistency with other hash
+	// values, this value should be formatted as an uppercase hash.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples:
+	// '0687F666A054EF17A08E2F2162EAB4CBC0D265E1D7875BE74BF3C712CA92DAF0'
+	TLSServerHashSha256Key = attribute.Key("tls.server.hash.sha256")
+
+	// TLSServerIssuerKey is the attribute Key conforming to the
+	// "tls.server.issuer" semantic conventions. It represents the
+	// distinguished name of
+	// [subject](https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.6)
+	// of the issuer of the x.509 certificate presented by the client.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 'CN=Example Root CA, OU=Infrastructure Team, DC=example,
+	// DC=com'
+	TLSServerIssuerKey = attribute.Key("tls.server.issuer")
+
+	// TLSServerJa3sKey is the attribute Key conforming to the
+	// "tls.server.ja3s" semantic conventions. It represents a hash that
+	// identifies servers based on how they perform an SSL/TLS handshake.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 'd4e5b18d6b55c71272893221c96ba240'
+	TLSServerJa3sKey = attribute.Key("tls.server.ja3s")
+
+	// TLSServerNotAfterKey is the attribute Key conforming to the
+	// "tls.server.not_after" semantic conventions. It represents the date/Time
+	// indicating when server certificate is no longer considered valid.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: '2021-01-01T00:00:00.000Z'
+	TLSServerNotAfterKey = attribute.Key("tls.server.not_after")
+
+	// TLSServerNotBeforeKey is the attribute Key conforming to the
+	// "tls.server.not_before" semantic conventions. It represents the
+	// date/Time indicating when server certificate is first considered valid.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: '1970-01-01T00:00:00.000Z'
+	TLSServerNotBeforeKey = attribute.Key("tls.server.not_before")
+
+	// TLSServerSubjectKey is the attribute Key conforming to the
+	// "tls.server.subject" semantic conventions. It represents the
+	// distinguished name of subject of the x.509 certificate presented by the
+	// server.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 'CN=myserver, OU=Documentation Team, DC=example, DC=com'
+	TLSServerSubjectKey = attribute.Key("tls.server.subject")
+)
+
+var (
+	// ssl
+	TLSProtocolNameSsl = TLSProtocolNameKey.String("ssl")
+	// tls
+	TLSProtocolNameTLS = TLSProtocolNameKey.String("tls")
+)
+
+// TLSCipher returns an attribute KeyValue conforming to the "tls.cipher"
+// semantic conventions. It represents the string indicating the
+// [cipher](https://datatracker.ietf.org/doc/html/rfc5246#appendix-A.5) used
+// during the current connection.
+func TLSCipher(val string) attribute.KeyValue {
+	return TLSCipherKey.String(val)
+}
+
+// TLSClientCertificate returns an attribute KeyValue conforming to the
+// "tls.client.certificate" semantic conventions. It represents the pEM-encoded
+// stand-alone certificate offered by the client. This is usually
+// mutually-exclusive of `client.certificate_chain` since this value also
+// exists in that list.
+func TLSClientCertificate(val string) attribute.KeyValue {
+	return TLSClientCertificateKey.String(val)
+}
+
+// TLSClientCertificateChain returns an attribute KeyValue conforming to the
+// "tls.client.certificate_chain" semantic conventions. It represents the array
+// of PEM-encoded certificates that make up the certificate chain offered by
+// the client. This is usually mutually-exclusive of `client.certificate` since
+// that value should be the first certificate in the chain.
+func TLSClientCertificateChain(val ...string) attribute.KeyValue {
+	return TLSClientCertificateChainKey.StringSlice(val)
+}
+
+// TLSClientHashMd5 returns an attribute KeyValue conforming to the
+// "tls.client.hash.md5" semantic conventions. It represents the certificate
+// fingerprint using the MD5 digest of DER-encoded version of certificate
+// offered by the client. For consistency with other hash values, this value
+// should be formatted as an uppercase hash.
+func TLSClientHashMd5(val string) attribute.KeyValue {
+	return TLSClientHashMd5Key.String(val)
+}
+
+// TLSClientHashSha1 returns an attribute KeyValue conforming to the
+// "tls.client.hash.sha1" semantic conventions. It represents the certificate
+// fingerprint using the SHA1 digest of DER-encoded version of certificate
+// offered by the client. For consistency with other hash values, this value
+// should be formatted as an uppercase hash.
+func TLSClientHashSha1(val string) attribute.KeyValue {
+	return TLSClientHashSha1Key.String(val)
+}
+
+// TLSClientHashSha256 returns an attribute KeyValue conforming to the
+// "tls.client.hash.sha256" semantic conventions. It represents the certificate
+// fingerprint using the SHA256 digest of DER-encoded version of certificate
+// offered by the client. For consistency with other hash values, this value
+// should be formatted as an uppercase hash.
+func TLSClientHashSha256(val string) attribute.KeyValue {
+	return TLSClientHashSha256Key.String(val)
+}
+
+// TLSClientIssuer returns an attribute KeyValue conforming to the
+// "tls.client.issuer" semantic conventions. It represents the distinguished
+// name of
+// [subject](https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.6) of
+// the issuer of the x.509 certificate presented by the client.
+func TLSClientIssuer(val string) attribute.KeyValue {
+	return TLSClientIssuerKey.String(val)
+}
+
+// TLSClientJa3 returns an attribute KeyValue conforming to the
+// "tls.client.ja3" semantic conventions. It represents a hash that identifies
+// clients based on how they perform an SSL/TLS handshake.
+func TLSClientJa3(val string) attribute.KeyValue {
+	return TLSClientJa3Key.String(val)
+}
+
+// TLSClientNotAfter returns an attribute KeyValue conforming to the
+// "tls.client.not_after" semantic conventions. It represents the date/Time
+// indicating when client certificate is no longer considered valid.
+func TLSClientNotAfter(val string) attribute.KeyValue {
+	return TLSClientNotAfterKey.String(val)
+}
+
+// TLSClientNotBefore returns an attribute KeyValue conforming to the
+// "tls.client.not_before" semantic conventions. It represents the date/Time
+// indicating when client certificate is first considered valid.
+func TLSClientNotBefore(val string) attribute.KeyValue {
+	return TLSClientNotBeforeKey.String(val)
+}
+
+// TLSClientServerName returns an attribute KeyValue conforming to the
+// "tls.client.server_name" semantic conventions. It represents the also called
+// an SNI, this tells the server which hostname to which the client is
+// attempting to connect to.
+func TLSClientServerName(val string) attribute.KeyValue {
+	return TLSClientServerNameKey.String(val)
+}
+
+// TLSClientSubject returns an attribute KeyValue conforming to the
+// "tls.client.subject" semantic conventions. It represents the distinguished
+// name of subject of the x.509 certificate presented by the client.
+func TLSClientSubject(val string) attribute.KeyValue {
+	return TLSClientSubjectKey.String(val)
+}
+
+// TLSClientSupportedCiphers returns an attribute KeyValue conforming to the
+// "tls.client.supported_ciphers" semantic conventions. It represents the array
+// of ciphers offered by the client during the client hello.
+func TLSClientSupportedCiphers(val ...string) attribute.KeyValue {
+	return TLSClientSupportedCiphersKey.StringSlice(val)
+}
+
+// TLSCurve returns an attribute KeyValue conforming to the "tls.curve"
+// semantic conventions. It represents the string indicating the curve used for
+// the given cipher, when applicable
+func TLSCurve(val string) attribute.KeyValue {
+	return TLSCurveKey.String(val)
+}
+
+// TLSEstablished returns an attribute KeyValue conforming to the
+// "tls.established" semantic conventions. It represents the boolean flag
+// indicating if the TLS negotiation was successful and transitioned to an
+// encrypted tunnel.
+func TLSEstablished(val bool) attribute.KeyValue {
+	return TLSEstablishedKey.Bool(val)
+}
+
+// TLSNextProtocol returns an attribute KeyValue conforming to the
+// "tls.next_protocol" semantic conventions. It represents the string
+// indicating the protocol being tunneled. Per the values in the [IANA
+// registry](https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#alpn-protocol-ids),
+// this string should be lower case.
+func TLSNextProtocol(val string) attribute.KeyValue {
+	return TLSNextProtocolKey.String(val)
+}
+
+// TLSProtocolVersion returns an attribute KeyValue conforming to the
+// "tls.protocol.version" semantic conventions. It represents the numeric part
+// of the version parsed from the original string of the negotiated [SSL/TLS
+// protocol
+// version](https://www.openssl.org/docs/man1.1.1/man3/SSL_get_version.html#RETURN-VALUES)
+func TLSProtocolVersion(val string) attribute.KeyValue {
+	return TLSProtocolVersionKey.String(val)
+}
+
+// TLSResumed returns an attribute KeyValue conforming to the "tls.resumed"
+// semantic conventions. It represents the boolean flag indicating if this TLS
+// connection was resumed from an existing TLS negotiation.
+func TLSResumed(val bool) attribute.KeyValue {
+	return TLSResumedKey.Bool(val)
+}
+
+// TLSServerCertificate returns an attribute KeyValue conforming to the
+// "tls.server.certificate" semantic conventions. It represents the pEM-encoded
+// stand-alone certificate offered by the server. This is usually
+// mutually-exclusive of `server.certificate_chain` since this value also
+// exists in that list.
+func TLSServerCertificate(val string) attribute.KeyValue {
+	return TLSServerCertificateKey.String(val)
+}
+
+// TLSServerCertificateChain returns an attribute KeyValue conforming to the
+// "tls.server.certificate_chain" semantic conventions. It represents the array
+// of PEM-encoded certificates that make up the certificate chain offered by
+// the server. This is usually mutually-exclusive of `server.certificate` since
+// that value should be the first certificate in the chain.
+func TLSServerCertificateChain(val ...string) attribute.KeyValue {
+	return TLSServerCertificateChainKey.StringSlice(val)
+}
+
+// TLSServerHashMd5 returns an attribute KeyValue conforming to the
+// "tls.server.hash.md5" semantic conventions. It represents the certificate
+// fingerprint using the MD5 digest of DER-encoded version of certificate
+// offered by the server. For consistency with other hash values, this value
+// should be formatted as an uppercase hash.
+func TLSServerHashMd5(val string) attribute.KeyValue {
+	return TLSServerHashMd5Key.String(val)
+}
+
+// TLSServerHashSha1 returns an attribute KeyValue conforming to the
+// "tls.server.hash.sha1" semantic conventions. It represents the certificate
+// fingerprint using the SHA1 digest of DER-encoded version of certificate
+// offered by the server. For consistency with other hash values, this value
+// should be formatted as an uppercase hash.
+func TLSServerHashSha1(val string) attribute.KeyValue {
+	return TLSServerHashSha1Key.String(val)
+}
+
+// TLSServerHashSha256 returns an attribute KeyValue conforming to the
+// "tls.server.hash.sha256" semantic conventions. It represents the certificate
+// fingerprint using the SHA256 digest of DER-encoded version of certificate
+// offered by the server. For consistency with other hash values, this value
+// should be formatted as an uppercase hash.
+func TLSServerHashSha256(val string) attribute.KeyValue {
+	return TLSServerHashSha256Key.String(val)
+}
+
+// TLSServerIssuer returns an attribute KeyValue conforming to the
+// "tls.server.issuer" semantic conventions. It represents the distinguished
+// name of
+// [subject](https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.6) of
+// the issuer of the x.509 certificate presented by the client.
+func TLSServerIssuer(val string) attribute.KeyValue {
+	return TLSServerIssuerKey.String(val)
+}
+
+// TLSServerJa3s returns an attribute KeyValue conforming to the
+// "tls.server.ja3s" semantic conventions. It represents a hash that identifies
+// servers based on how they perform an SSL/TLS handshake.
+func TLSServerJa3s(val string) attribute.KeyValue {
+	return TLSServerJa3sKey.String(val)
+}
+
+// TLSServerNotAfter returns an attribute KeyValue conforming to the
+// "tls.server.not_after" semantic conventions. It represents the date/Time
+// indicating when server certificate is no longer considered valid.
+func TLSServerNotAfter(val string) attribute.KeyValue {
+	return TLSServerNotAfterKey.String(val)
+}
+
+// TLSServerNotBefore returns an attribute KeyValue conforming to the
+// "tls.server.not_before" semantic conventions. It represents the date/Time
+// indicating when server certificate is first considered valid.
+func TLSServerNotBefore(val string) attribute.KeyValue {
+	return TLSServerNotBeforeKey.String(val)
+}
+
+// TLSServerSubject returns an attribute KeyValue conforming to the
+// "tls.server.subject" semantic conventions. It represents the distinguished
+// name of subject of the x.509 certificate presented by the server.
+func TLSServerSubject(val string) attribute.KeyValue {
+	return TLSServerSubjectKey.String(val)
+}
+
+// Attributes describing URL.
+const (
+	// URLFragmentKey is the attribute Key conforming to the "url.fragment"
+	// semantic conventions. It represents the [URI
+	// fragment](https://www.rfc-editor.org/rfc/rfc3986#section-3.5) component
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'SemConv'
+	URLFragmentKey = attribute.Key("url.fragment")
+
+	// URLFullKey is the attribute Key conforming to the "url.full" semantic
+	// conventions. It represents the absolute URL describing a network
+	// resource according to [RFC3986](https://www.rfc-editor.org/rfc/rfc3986)
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'https://www.foo.bar/search?q=OpenTelemetry#SemConv',
+	// '//localhost'
+	// Note: For network calls, URL usually has
+	// `scheme://host[:port][path][?query][#fragment]` format, where the
+	// fragment is not transmitted over HTTP, but if it is known, it SHOULD be
+	// included nevertheless.
+	// `url.full` MUST NOT contain credentials passed via URL in form of
+	// `https://username:password@www.example.com/`. In such case username and
+	// password SHOULD be redacted and attribute's value SHOULD be
+	// `https://REDACTED:REDACTED@www.example.com/`.
+	// `url.full` SHOULD capture the absolute URL when it is available (or can
+	// be reconstructed) and SHOULD NOT be validated or modified except for
+	// sanitizing purposes.
+	URLFullKey = attribute.Key("url.full")
+
+	// URLPathKey is the attribute Key conforming to the "url.path" semantic
+	// conventions. It represents the [URI
+	// path](https://www.rfc-editor.org/rfc/rfc3986#section-3.3) component
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: '/search'
+	URLPathKey = attribute.Key("url.path")
+
+	// URLQueryKey is the attribute Key conforming to the "url.query" semantic
+	// conventions. It represents the [URI
+	// query](https://www.rfc-editor.org/rfc/rfc3986#section-3.4) component
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'q=OpenTelemetry'
+	// Note: Sensitive content provided in query string SHOULD be scrubbed when
+	// instrumentations can identify it.
+	URLQueryKey = attribute.Key("url.query")
+
+	// URLSchemeKey is the attribute Key conforming to the "url.scheme"
+	// semantic conventions. It represents the [URI
+	// scheme](https://www.rfc-editor.org/rfc/rfc3986#section-3.1) component
+	// identifying the used protocol.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'https', 'ftp', 'telnet'
+	URLSchemeKey = attribute.Key("url.scheme")
+)
+
+// URLFragment returns an attribute KeyValue conforming to the
+// "url.fragment" semantic conventions. It represents the [URI
+// fragment](https://www.rfc-editor.org/rfc/rfc3986#section-3.5) component
+func URLFragment(val string) attribute.KeyValue {
+	return URLFragmentKey.String(val)
+}
+
+// URLFull returns an attribute KeyValue conforming to the "url.full"
+// semantic conventions. It represents the absolute URL describing a network
+// resource according to [RFC3986](https://www.rfc-editor.org/rfc/rfc3986)
+func URLFull(val string) attribute.KeyValue {
+	return URLFullKey.String(val)
+}
+
+// URLPath returns an attribute KeyValue conforming to the "url.path"
+// semantic conventions. It represents the [URI
+// path](https://www.rfc-editor.org/rfc/rfc3986#section-3.3) component
+func URLPath(val string) attribute.KeyValue {
+	return URLPathKey.String(val)
+}
+
+// URLQuery returns an attribute KeyValue conforming to the "url.query"
+// semantic conventions. It represents the [URI
+// query](https://www.rfc-editor.org/rfc/rfc3986#section-3.4) component
+func URLQuery(val string) attribute.KeyValue {
+	return URLQueryKey.String(val)
+}
+
+// URLScheme returns an attribute KeyValue conforming to the "url.scheme"
+// semantic conventions. It represents the [URI
+// scheme](https://www.rfc-editor.org/rfc/rfc3986#section-3.1) component
+// identifying the used protocol.
+func URLScheme(val string) attribute.KeyValue {
+	return URLSchemeKey.String(val)
+}
+
+// Describes user-agent attributes.
+const (
+	// UserAgentOriginalKey is the attribute Key conforming to the
+	// "user_agent.original" semantic conventions. It represents the value of
+	// the [HTTP
+	// User-Agent](https://www.rfc-editor.org/rfc/rfc9110.html#field.user-agent)
+	// header sent by the client.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'CERN-LineMode/2.15 libwww/2.17b3', 'Mozilla/5.0 (iPhone; CPU
+	// iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko)
+	// Version/14.1.2 Mobile/15E148 Safari/604.1'
+	UserAgentOriginalKey = attribute.Key("user_agent.original")
+)
+
+// UserAgentOriginal returns an attribute KeyValue conforming to the
+// "user_agent.original" semantic conventions. It represents the value of the
+// [HTTP
+// User-Agent](https://www.rfc-editor.org/rfc/rfc9110.html#field.user-agent)
+// header sent by the client.
+func UserAgentOriginal(val string) attribute.KeyValue {
+	return UserAgentOriginalKey.String(val)
+}
+
+// Session is defined as the period of time encompassing all activities
+// performed by the application and the actions executed by the end user.
+// Consequently, a Session is represented as a collection of Logs, Events, and
+// Spans emitted by the Client Application throughout the Session's duration.
+// Each Session is assigned a unique identifier, which is included as an
+// attribute in the Logs, Events, and Spans generated during the Session's
+// lifecycle.
+// When a session reaches end of life, typically due to user inactivity or
+// session timeout, a new session identifier will be assigned. The previous
+// session identifier may be provided by the instrumentation so that telemetry
+// backends can link the two sessions.
+const (
+	// SessionIDKey is the attribute Key conforming to the "session.id"
+	// semantic conventions. It represents a unique id to identify a session.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: '00112233-4455-6677-8899-aabbccddeeff'
+	SessionIDKey = attribute.Key("session.id")
+
+	// SessionPreviousIDKey is the attribute Key conforming to the
+	// "session.previous_id" semantic conventions. It represents the previous
+	// `session.id` for this user, when known.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: '00112233-4455-6677-8899-aabbccddeeff'
+	SessionPreviousIDKey = attribute.Key("session.previous_id")
+)
+
+// SessionID returns an attribute KeyValue conforming to the "session.id"
+// semantic conventions. It represents a unique id to identify a session.
+func SessionID(val string) attribute.KeyValue {
+	return SessionIDKey.String(val)
+}
+
+// SessionPreviousID returns an attribute KeyValue conforming to the
+// "session.previous_id" semantic conventions. It represents the previous
+// `session.id` for this user, when known.
+func SessionPreviousID(val string) attribute.KeyValue {
+	return SessionPreviousIDKey.String(val)
+}
diff --git a/vendor/go.opentelemetry.io/otel/semconv/v1.21.0/doc.go b/vendor/go.opentelemetry.io/otel/semconv/v1.24.0/doc.go
similarity index 91%
rename from vendor/go.opentelemetry.io/otel/semconv/v1.21.0/doc.go
rename to vendor/go.opentelemetry.io/otel/semconv/v1.24.0/doc.go
index 7cf424855e9..9b802db2722 100644
--- a/vendor/go.opentelemetry.io/otel/semconv/v1.21.0/doc.go
+++ b/vendor/go.opentelemetry.io/otel/semconv/v1.24.0/doc.go
@@ -15,6 +15,6 @@
 // Package semconv implements OpenTelemetry semantic conventions.
 //
 // OpenTelemetry semantic conventions are agreed standardized naming
-// patterns for OpenTelemetry things. This package represents the conventions
-// as of the v1.21.0 version of the OpenTelemetry specification.
-package semconv // import "go.opentelemetry.io/otel/semconv/v1.21.0"
+// patterns for OpenTelemetry things. This package represents the v1.24.0
+// version of the OpenTelemetry semantic conventions.
+package semconv // import "go.opentelemetry.io/otel/semconv/v1.24.0"
diff --git a/vendor/go.opentelemetry.io/otel/semconv/v1.21.0/event.go b/vendor/go.opentelemetry.io/otel/semconv/v1.24.0/event.go
similarity index 66%
rename from vendor/go.opentelemetry.io/otel/semconv/v1.21.0/event.go
rename to vendor/go.opentelemetry.io/otel/semconv/v1.24.0/event.go
index 30ae34fe478..cd3c7162955 100644
--- a/vendor/go.opentelemetry.io/otel/semconv/v1.21.0/event.go
+++ b/vendor/go.opentelemetry.io/otel/semconv/v1.24.0/event.go
@@ -14,10 +14,65 @@
 
 // Code generated from semantic convention specification. DO NOT EDIT.
 
-package semconv // import "go.opentelemetry.io/otel/semconv/v1.21.0"
+package semconv // import "go.opentelemetry.io/otel/semconv/v1.24.0"
 
 import "go.opentelemetry.io/otel/attribute"
 
+// This event represents an occurrence of a lifecycle transition on the iOS
+// platform.
+const (
+	// IosStateKey is the attribute Key conforming to the "ios.state" semantic
+	// conventions. It represents the this attribute represents the state the
+	// application has transitioned into at the occurrence of the event.
+	//
+	// Type: Enum
+	// RequirementLevel: Required
+	// Stability: experimental
+	// Note: The iOS lifecycle states are defined in the [UIApplicationDelegate
+	// documentation](https://developer.apple.com/documentation/uikit/uiapplicationdelegate#1656902),
+	// and from which the `OS terminology` column values are derived.
+	IosStateKey = attribute.Key("ios.state")
+)
+
+var (
+	// The app has become `active`. Associated with UIKit notification `applicationDidBecomeActive`
+	IosStateActive = IosStateKey.String("active")
+	// The app is now `inactive`. Associated with UIKit notification `applicationWillResignActive`
+	IosStateInactive = IosStateKey.String("inactive")
+	// The app is now in the background. This value is associated with UIKit notification `applicationDidEnterBackground`
+	IosStateBackground = IosStateKey.String("background")
+	// The app is now in the foreground. This value is associated with UIKit notification `applicationWillEnterForeground`
+	IosStateForeground = IosStateKey.String("foreground")
+	// The app is about to terminate. Associated with UIKit notification `applicationWillTerminate`
+	IosStateTerminate = IosStateKey.String("terminate")
+)
+
+// This event represents an occurrence of a lifecycle transition on the Android
+// platform.
+const (
+	// AndroidStateKey is the attribute Key conforming to the "android.state"
+	// semantic conventions. It represents the this attribute represents the
+	// state the application has transitioned into at the occurrence of the
+	// event.
+	//
+	// Type: Enum
+	// RequirementLevel: Required
+	// Stability: experimental
+	// Note: The Android lifecycle states are defined in [Activity lifecycle
+	// callbacks](https://developer.android.com/guide/components/activities/activity-lifecycle#lc),
+	// and from which the `OS identifiers` are derived.
+	AndroidStateKey = attribute.Key("android.state")
+)
+
+var (
+	// Any time before Activity.onResume() or, if the app has no Activity, Context.startService() has been called in the app for the first time
+	AndroidStateCreated = AndroidStateKey.String("created")
+	// Any time after Activity.onPause() or, if the app has no Activity, Context.stopService() has been called when the app was in the foreground state
+	AndroidStateBackground = AndroidStateKey.String("background")
+	// Any time after Activity.onResume() or, if the app has no Activity, Context.startService() has been called when the app was in either the created or background states
+	AndroidStateForeground = AndroidStateKey.String("foreground")
+)
+
 // This semantic convention defines the attributes used to represent a feature
 // flag evaluation as an event.
 const (
@@ -27,7 +82,7 @@ const (
 	//
 	// Type: string
 	// RequirementLevel: Required
-	// Stability: stable
+	// Stability: experimental
 	// Examples: 'logo-color'
 	FeatureFlagKeyKey = attribute.Key("feature_flag.key")
 
@@ -37,7 +92,7 @@ const (
 	//
 	// Type: string
 	// RequirementLevel: Recommended
-	// Stability: stable
+	// Stability: experimental
 	// Examples: 'Flag Manager'
 	FeatureFlagProviderNameKey = attribute.Key("feature_flag.provider_name")
 
@@ -48,7 +103,7 @@ const (
 	//
 	// Type: string
 	// RequirementLevel: Recommended
-	// Stability: stable
+	// Stability: experimental
 	// Examples: 'red', 'true', 'on'
 	// Note: A semantic identifier, commonly referred to as a variant, provides
 	// a means
@@ -86,14 +141,14 @@ func FeatureFlagVariant(val string) attribute.KeyValue {
 
 // RPC received/sent message.
 const (
-	// MessageTypeKey is the attribute Key conforming to the "message.type"
-	// semantic conventions. It represents the whether this is a received or
-	// sent message.
+	// MessageCompressedSizeKey is the attribute Key conforming to the
+	// "message.compressed_size" semantic conventions. It represents the
+	// compressed size of the message in bytes.
 	//
-	// Type: Enum
+	// Type: int
 	// RequirementLevel: Optional
-	// Stability: stable
-	MessageTypeKey = attribute.Key("message.type")
+	// Stability: experimental
+	MessageCompressedSizeKey = attribute.Key("message.compressed_size")
 
 	// MessageIDKey is the attribute Key conforming to the "message.id"
 	// semantic conventions. It represents the mUST be calculated as two
@@ -102,19 +157,19 @@ const (
 	//
 	// Type: int
 	// RequirementLevel: Optional
-	// Stability: stable
+	// Stability: experimental
 	// Note: This way we guarantee that the values will be consistent between
 	// different implementations.
 	MessageIDKey = attribute.Key("message.id")
 
-	// MessageCompressedSizeKey is the attribute Key conforming to the
-	// "message.compressed_size" semantic conventions. It represents the
-	// compressed size of the message in bytes.
+	// MessageTypeKey is the attribute Key conforming to the "message.type"
+	// semantic conventions. It represents the whether this is a received or
+	// sent message.
 	//
-	// Type: int
+	// Type: Enum
 	// RequirementLevel: Optional
-	// Stability: stable
-	MessageCompressedSizeKey = attribute.Key("message.compressed_size")
+	// Stability: experimental
+	MessageTypeKey = attribute.Key("message.type")
 
 	// MessageUncompressedSizeKey is the attribute Key conforming to the
 	// "message.uncompressed_size" semantic conventions. It represents the
@@ -122,7 +177,7 @@ const (
 	//
 	// Type: int
 	// RequirementLevel: Optional
-	// Stability: stable
+	// Stability: experimental
 	MessageUncompressedSizeKey = attribute.Key("message.uncompressed_size")
 )
 
@@ -133,6 +188,13 @@ var (
 	MessageTypeReceived = MessageTypeKey.String("RECEIVED")
 )
 
+// MessageCompressedSize returns an attribute KeyValue conforming to the
+// "message.compressed_size" semantic conventions. It represents the compressed
+// size of the message in bytes.
+func MessageCompressedSize(val int) attribute.KeyValue {
+	return MessageCompressedSizeKey.Int(val)
+}
+
 // MessageID returns an attribute KeyValue conforming to the "message.id"
 // semantic conventions. It represents the mUST be calculated as two different
 // counters starting from `1` one for sent messages and one for received
@@ -141,59 +203,9 @@ func MessageID(val int) attribute.KeyValue {
 	return MessageIDKey.Int(val)
 }
 
-// MessageCompressedSize returns an attribute KeyValue conforming to the
-// "message.compressed_size" semantic conventions. It represents the compressed
-// size of the message in bytes.
-func MessageCompressedSize(val int) attribute.KeyValue {
-	return MessageCompressedSizeKey.Int(val)
-}
-
 // MessageUncompressedSize returns an attribute KeyValue conforming to the
 // "message.uncompressed_size" semantic conventions. It represents the
 // uncompressed size of the message in bytes.
 func MessageUncompressedSize(val int) attribute.KeyValue {
 	return MessageUncompressedSizeKey.Int(val)
 }
-
-// The attributes used to report a single exception associated with a span.
-const (
-	// ExceptionEscapedKey is the attribute Key conforming to the
-	// "exception.escaped" semantic conventions. It represents the sHOULD be
-	// set to true if the exception event is recorded at a point where it is
-	// known that the exception is escaping the scope of the span.
-	//
-	// Type: boolean
-	// RequirementLevel: Optional
-	// Stability: stable
-	// Note: An exception is considered to have escaped (or left) the scope of
-	// a span,
-	// if that span is ended while the exception is still logically "in
-	// flight".
-	// This may be actually "in flight" in some languages (e.g. if the
-	// exception
-	// is passed to a Context manager's `__exit__` method in Python) but will
-	// usually be caught at the point of recording the exception in most
-	// languages.
-	//
-	// It is usually not possible to determine at the point where an exception
-	// is thrown
-	// whether it will escape the scope of a span.
-	// However, it is trivial to know that an exception
-	// will escape, if one checks for an active exception just before ending
-	// the span,
-	// as done in the [example above](#recording-an-exception).
-	//
-	// It follows that an exception may still escape the scope of the span
-	// even if the `exception.escaped` attribute was not set or set to false,
-	// since the event might have been recorded at a time where it was not
-	// clear whether the exception will escape.
-	ExceptionEscapedKey = attribute.Key("exception.escaped")
-)
-
-// ExceptionEscaped returns an attribute KeyValue conforming to the
-// "exception.escaped" semantic conventions. It represents the sHOULD be set to
-// true if the exception event is recorded at a point where it is known that
-// the exception is escaping the scope of the span.
-func ExceptionEscaped(val bool) attribute.KeyValue {
-	return ExceptionEscapedKey.Bool(val)
-}
diff --git a/vendor/go.opentelemetry.io/otel/semconv/v1.21.0/exception.go b/vendor/go.opentelemetry.io/otel/semconv/v1.24.0/exception.go
similarity index 99%
rename from vendor/go.opentelemetry.io/otel/semconv/v1.21.0/exception.go
rename to vendor/go.opentelemetry.io/otel/semconv/v1.24.0/exception.go
index 93d3c1760c9..ef9bbd37a8c 100644
--- a/vendor/go.opentelemetry.io/otel/semconv/v1.21.0/exception.go
+++ b/vendor/go.opentelemetry.io/otel/semconv/v1.24.0/exception.go
@@ -12,7 +12,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-package semconv // import "go.opentelemetry.io/otel/semconv/v1.21.0"
+package semconv // import "go.opentelemetry.io/otel/semconv/v1.24.0"
 
 const (
 	// ExceptionEventName is the name of the Span event representing an exception.
diff --git a/vendor/go.opentelemetry.io/otel/semconv/v1.21.0/resource.go b/vendor/go.opentelemetry.io/otel/semconv/v1.24.0/resource.go
similarity index 82%
rename from vendor/go.opentelemetry.io/otel/semconv/v1.21.0/resource.go
rename to vendor/go.opentelemetry.io/otel/semconv/v1.24.0/resource.go
index b6d8935cf97..69eda1959f2 100644
--- a/vendor/go.opentelemetry.io/otel/semconv/v1.21.0/resource.go
+++ b/vendor/go.opentelemetry.io/otel/semconv/v1.24.0/resource.go
@@ -14,138 +14,68 @@
 
 // Code generated from semantic convention specification. DO NOT EDIT.
 
-package semconv // import "go.opentelemetry.io/otel/semconv/v1.21.0"
+package semconv // import "go.opentelemetry.io/otel/semconv/v1.24.0"
 
 import "go.opentelemetry.io/otel/attribute"
 
-// The web browser in which the application represented by the resource is
-// running. The `browser.*` attributes MUST be used only for resources that
-// represent applications running in a web browser (regardless of whether
-// running on a mobile or desktop device).
+// A cloud environment (e.g. GCP, Azure, AWS).
 const (
-	// BrowserBrandsKey is the attribute Key conforming to the "browser.brands"
-	// semantic conventions. It represents the array of brand name and version
-	// separated by a space
-	//
-	// Type: string[]
-	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: ' Not A;Brand 99', 'Chromium 99', 'Chrome 99'
-	// Note: This value is intended to be taken from the [UA client hints
-	// API](https://wicg.github.io/ua-client-hints/#interface)
-	// (`navigator.userAgentData.brands`).
-	BrowserBrandsKey = attribute.Key("browser.brands")
-
-	// BrowserPlatformKey is the attribute Key conforming to the
-	// "browser.platform" semantic conventions. It represents the platform on
-	// which the browser is running
+	// CloudAccountIDKey is the attribute Key conforming to the
+	// "cloud.account.id" semantic conventions. It represents the cloud account
+	// ID the resource is assigned to.
 	//
 	// Type: string
 	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: 'Windows', 'macOS', 'Android'
-	// Note: This value is intended to be taken from the [UA client hints
-	// API](https://wicg.github.io/ua-client-hints/#interface)
-	// (`navigator.userAgentData.platform`). If unavailable, the legacy
-	// `navigator.platform` API SHOULD NOT be used instead and this attribute
-	// SHOULD be left unset in order for the values to be consistent.
-	// The list of possible values is defined in the [W3C User-Agent Client
-	// Hints
-	// specification](https://wicg.github.io/ua-client-hints/#sec-ch-ua-platform).
-	// Note that some (but not all) of these values can overlap with values in
-	// the [`os.type` and `os.name` attributes](./os.md). However, for
-	// consistency, the values in the `browser.platform` attribute should
-	// capture the exact value that the user agent provides.
-	BrowserPlatformKey = attribute.Key("browser.platform")
+	// Stability: experimental
+	// Examples: '111111111111', 'opentelemetry'
+	CloudAccountIDKey = attribute.Key("cloud.account.id")
 
-	// BrowserMobileKey is the attribute Key conforming to the "browser.mobile"
-	// semantic conventions. It represents a boolean that is true if the
-	// browser is running on a mobile device
+	// CloudAvailabilityZoneKey is the attribute Key conforming to the
+	// "cloud.availability_zone" semantic conventions. It represents the cloud
+	// regions often have multiple, isolated locations known as zones to
+	// increase availability. Availability zone represents the zone where the
+	// resource is running.
 	//
-	// Type: boolean
+	// Type: string
 	// RequirementLevel: Optional
-	// Stability: stable
-	// Note: This value is intended to be taken from the [UA client hints
-	// API](https://wicg.github.io/ua-client-hints/#interface)
-	// (`navigator.userAgentData.mobile`). If unavailable, this attribute
-	// SHOULD be left unset.
-	BrowserMobileKey = attribute.Key("browser.mobile")
+	// Stability: experimental
+	// Examples: 'us-east-1c'
+	// Note: Availability zones are called "zones" on Alibaba Cloud and Google
+	// Cloud.
+	CloudAvailabilityZoneKey = attribute.Key("cloud.availability_zone")
 
-	// BrowserLanguageKey is the attribute Key conforming to the
-	// "browser.language" semantic conventions. It represents the preferred
-	// language of the user using the browser
+	// CloudPlatformKey is the attribute Key conforming to the "cloud.platform"
+	// semantic conventions. It represents the cloud platform in use.
 	//
-	// Type: string
+	// Type: Enum
 	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: 'en', 'en-US', 'fr', 'fr-FR'
-	// Note: This value is intended to be taken from the Navigator API
-	// `navigator.language`.
-	BrowserLanguageKey = attribute.Key("browser.language")
-)
-
-// BrowserBrands returns an attribute KeyValue conforming to the
-// "browser.brands" semantic conventions. It represents the array of brand name
-// and version separated by a space
-func BrowserBrands(val ...string) attribute.KeyValue {
-	return BrowserBrandsKey.StringSlice(val)
-}
-
-// BrowserPlatform returns an attribute KeyValue conforming to the
-// "browser.platform" semantic conventions. It represents the platform on which
-// the browser is running
-func BrowserPlatform(val string) attribute.KeyValue {
-	return BrowserPlatformKey.String(val)
-}
-
-// BrowserMobile returns an attribute KeyValue conforming to the
-// "browser.mobile" semantic conventions. It represents a boolean that is true
-// if the browser is running on a mobile device
-func BrowserMobile(val bool) attribute.KeyValue {
-	return BrowserMobileKey.Bool(val)
-}
-
-// BrowserLanguage returns an attribute KeyValue conforming to the
-// "browser.language" semantic conventions. It represents the preferred
-// language of the user using the browser
-func BrowserLanguage(val string) attribute.KeyValue {
-	return BrowserLanguageKey.String(val)
-}
+	// Stability: experimental
+	// Note: The prefix of the service SHOULD match the one specified in
+	// `cloud.provider`.
+	CloudPlatformKey = attribute.Key("cloud.platform")
 
-// A cloud environment (e.g. GCP, Azure, AWS)
-const (
 	// CloudProviderKey is the attribute Key conforming to the "cloud.provider"
 	// semantic conventions. It represents the name of the cloud provider.
 	//
 	// Type: Enum
 	// RequirementLevel: Optional
-	// Stability: stable
+	// Stability: experimental
 	CloudProviderKey = attribute.Key("cloud.provider")
 
-	// CloudAccountIDKey is the attribute Key conforming to the
-	// "cloud.account.id" semantic conventions. It represents the cloud account
-	// ID the resource is assigned to.
-	//
-	// Type: string
-	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: '111111111111', 'opentelemetry'
-	CloudAccountIDKey = attribute.Key("cloud.account.id")
-
 	// CloudRegionKey is the attribute Key conforming to the "cloud.region"
 	// semantic conventions. It represents the geographical region the resource
 	// is running.
 	//
 	// Type: string
 	// RequirementLevel: Optional
-	// Stability: stable
+	// Stability: experimental
 	// Examples: 'us-central1', 'us-east-1'
 	// Note: Refer to your provider's docs to see the available regions, for
 	// example [Alibaba Cloud
 	// regions](https://www.alibabacloud.com/help/doc-detail/40654.htm), [AWS
 	// regions](https://aws.amazon.com/about-aws/global-infrastructure/regions_az/),
 	// [Azure
-	// regions](https://azure.microsoft.com/en-us/global-infrastructure/geographies/),
+	// regions](https://azure.microsoft.com/global-infrastructure/geographies/),
 	// [Google Cloud regions](https://cloud.google.com/about/locations), or
 	// [Tencent Cloud
 	// regions](https://www.tencentcloud.com/document/product/213/6091).
@@ -157,14 +87,14 @@ const (
 	// (e.g. an
 	// [ARN](https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
 	// on AWS, a [fully qualified resource
-	// ID](https://learn.microsoft.com/en-us/rest/api/resources/resources/get-by-id)
+	// ID](https://learn.microsoft.com/rest/api/resources/resources/get-by-id)
 	// on Azure, a [full resource
 	// name](https://cloud.google.com/apis/design/resource_names#full_resource_name)
 	// on GCP)
 	//
 	// Type: string
 	// RequirementLevel: Optional
-	// Stability: stable
+	// Stability: experimental
 	// Examples: 'arn:aws:lambda:REGION:ACCOUNT_ID:function:my-function',
 	// '//run.googleapis.com/projects/PROJECT_ID/locations/LOCATION_ID/services/SERVICE_ID',
 	// '/subscriptions/<SUBSCIPTION_GUID>/resourceGroups/<RG>/providers/Microsoft.Web/sites/<FUNCAPP>/functions/<FUNC>'
@@ -189,7 +119,7 @@ const (
 	// * **GCP:** The [URI of the
 	// resource](https://cloud.google.com/iam/docs/full-resource-names)
 	// * **Azure:** The [Fully Qualified Resource
-	// ID](https://docs.microsoft.com/en-us/rest/api/resources/resources/get-by-id)
+	// ID](https://docs.microsoft.com/rest/api/resources/resources/get-by-id)
 	// of the invoked function,
 	//   *not* the function app, having the form
 	// `/subscriptions/<SUBSCIPTION_GUID>/resourceGroups/<RG>/providers/Microsoft.Web/sites/<FUNCAPP>/functions/<FUNC>`.
@@ -197,47 +127,6 @@ const (
 	// app can host multiple functions that would usually share
 	//   a TracerProvider.
 	CloudResourceIDKey = attribute.Key("cloud.resource_id")
-
-	// CloudAvailabilityZoneKey is the attribute Key conforming to the
-	// "cloud.availability_zone" semantic conventions. It represents the cloud
-	// regions often have multiple, isolated locations known as zones to
-	// increase availability. Availability zone represents the zone where the
-	// resource is running.
-	//
-	// Type: string
-	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: 'us-east-1c'
-	// Note: Availability zones are called "zones" on Alibaba Cloud and Google
-	// Cloud.
-	CloudAvailabilityZoneKey = attribute.Key("cloud.availability_zone")
-
-	// CloudPlatformKey is the attribute Key conforming to the "cloud.platform"
-	// semantic conventions. It represents the cloud platform in use.
-	//
-	// Type: Enum
-	// RequirementLevel: Optional
-	// Stability: stable
-	// Note: The prefix of the service SHOULD match the one specified in
-	// `cloud.provider`.
-	CloudPlatformKey = attribute.Key("cloud.platform")
-)
-
-var (
-	// Alibaba Cloud
-	CloudProviderAlibabaCloud = CloudProviderKey.String("alibaba_cloud")
-	// Amazon Web Services
-	CloudProviderAWS = CloudProviderKey.String("aws")
-	// Microsoft Azure
-	CloudProviderAzure = CloudProviderKey.String("azure")
-	// Google Cloud Platform
-	CloudProviderGCP = CloudProviderKey.String("gcp")
-	// Heroku Platform as a Service
-	CloudProviderHeroku = CloudProviderKey.String("heroku")
-	// IBM Cloud
-	CloudProviderIbmCloud = CloudProviderKey.String("ibm_cloud")
-	// Tencent Cloud
-	CloudProviderTencentCloud = CloudProviderKey.String("tencent_cloud")
 )
 
 var (
@@ -297,6 +186,23 @@ var (
 	CloudPlatformTencentCloudScf = CloudPlatformKey.String("tencent_cloud_scf")
 )
 
+var (
+	// Alibaba Cloud
+	CloudProviderAlibabaCloud = CloudProviderKey.String("alibaba_cloud")
+	// Amazon Web Services
+	CloudProviderAWS = CloudProviderKey.String("aws")
+	// Microsoft Azure
+	CloudProviderAzure = CloudProviderKey.String("azure")
+	// Google Cloud Platform
+	CloudProviderGCP = CloudProviderKey.String("gcp")
+	// Heroku Platform as a Service
+	CloudProviderHeroku = CloudProviderKey.String("heroku")
+	// IBM Cloud
+	CloudProviderIbmCloud = CloudProviderKey.String("ibm_cloud")
+	// Tencent Cloud
+	CloudProviderTencentCloud = CloudProviderKey.String("tencent_cloud")
+)
+
 // CloudAccountID returns an attribute KeyValue conforming to the
 // "cloud.account.id" semantic conventions. It represents the cloud account ID
 // the resource is assigned to.
@@ -304,6 +210,15 @@ func CloudAccountID(val string) attribute.KeyValue {
 	return CloudAccountIDKey.String(val)
 }
 
+// CloudAvailabilityZone returns an attribute KeyValue conforming to the
+// "cloud.availability_zone" semantic conventions. It represents the cloud
+// regions often have multiple, isolated locations known as zones to increase
+// availability. Availability zone represents the zone where the resource is
+// running.
+func CloudAvailabilityZone(val string) attribute.KeyValue {
+	return CloudAvailabilityZoneKey.String(val)
+}
+
 // CloudRegion returns an attribute KeyValue conforming to the
 // "cloud.region" semantic conventions. It represents the geographical region
 // the resource is running.
@@ -316,999 +231,766 @@ func CloudRegion(val string) attribute.KeyValue {
 // provider-specific native identifier of the monitored cloud resource (e.g. an
 // [ARN](https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
 // on AWS, a [fully qualified resource
-// ID](https://learn.microsoft.com/en-us/rest/api/resources/resources/get-by-id)
-// on Azure, a [full resource
+// ID](https://learn.microsoft.com/rest/api/resources/resources/get-by-id) on
+// Azure, a [full resource
 // name](https://cloud.google.com/apis/design/resource_names#full_resource_name)
 // on GCP)
 func CloudResourceID(val string) attribute.KeyValue {
 	return CloudResourceIDKey.String(val)
 }
 
-// CloudAvailabilityZone returns an attribute KeyValue conforming to the
-// "cloud.availability_zone" semantic conventions. It represents the cloud
-// regions often have multiple, isolated locations known as zones to increase
-// availability. Availability zone represents the zone where the resource is
-// running.
-func CloudAvailabilityZone(val string) attribute.KeyValue {
-	return CloudAvailabilityZoneKey.String(val)
-}
-
-// Resources used by AWS Elastic Container Service (ECS).
+// A container instance.
 const (
-	// AWSECSContainerARNKey is the attribute Key conforming to the
-	// "aws.ecs.container.arn" semantic conventions. It represents the Amazon
-	// Resource Name (ARN) of an [ECS container
-	// instance](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ECS_instances.html).
-	//
-	// Type: string
-	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples:
-	// 'arn:aws:ecs:us-west-1:123456789123:container/32624152-9086-4f0e-acae-1a75b14fe4d9'
-	AWSECSContainerARNKey = attribute.Key("aws.ecs.container.arn")
-
-	// AWSECSClusterARNKey is the attribute Key conforming to the
-	// "aws.ecs.cluster.arn" semantic conventions. It represents the ARN of an
-	// [ECS
-	// cluster](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/clusters.html).
+	// ContainerCommandKey is the attribute Key conforming to the
+	// "container.command" semantic conventions. It represents the command used
+	// to run the container (i.e. the command name).
 	//
 	// Type: string
 	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: 'arn:aws:ecs:us-west-2:123456789123:cluster/my-cluster'
-	AWSECSClusterARNKey = attribute.Key("aws.ecs.cluster.arn")
+	// Stability: experimental
+	// Examples: 'otelcontribcol'
+	// Note: If using embedded credentials or sensitive data, it is recommended
+	// to remove them to prevent potential leakage.
+	ContainerCommandKey = attribute.Key("container.command")
 
-	// AWSECSLaunchtypeKey is the attribute Key conforming to the
-	// "aws.ecs.launchtype" semantic conventions. It represents the [launch
-	// type](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/launch_types.html)
-	// for an ECS task.
+	// ContainerCommandArgsKey is the attribute Key conforming to the
+	// "container.command_args" semantic conventions. It represents the all the
+	// command arguments (including the command/executable itself) run by the
+	// container. [2]
 	//
-	// Type: Enum
+	// Type: string[]
 	// RequirementLevel: Optional
-	// Stability: stable
-	AWSECSLaunchtypeKey = attribute.Key("aws.ecs.launchtype")
+	// Stability: experimental
+	// Examples: 'otelcontribcol, --config, config.yaml'
+	ContainerCommandArgsKey = attribute.Key("container.command_args")
 
-	// AWSECSTaskARNKey is the attribute Key conforming to the
-	// "aws.ecs.task.arn" semantic conventions. It represents the ARN of an
-	// [ECS task
-	// definition](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definitions.html).
+	// ContainerCommandLineKey is the attribute Key conforming to the
+	// "container.command_line" semantic conventions. It represents the full
+	// command run by the container as a single string representing the full
+	// command. [2]
 	//
 	// Type: string
 	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples:
-	// 'arn:aws:ecs:us-west-1:123456789123:task/10838bed-421f-43ef-870a-f43feacbbb5b'
-	AWSECSTaskARNKey = attribute.Key("aws.ecs.task.arn")
+	// Stability: experimental
+	// Examples: 'otelcontribcol --config config.yaml'
+	ContainerCommandLineKey = attribute.Key("container.command_line")
 
-	// AWSECSTaskFamilyKey is the attribute Key conforming to the
-	// "aws.ecs.task.family" semantic conventions. It represents the task
-	// definition family this task definition is a member of.
+	// ContainerIDKey is the attribute Key conforming to the "container.id"
+	// semantic conventions. It represents the container ID. Usually a UUID, as
+	// for example used to [identify Docker
+	// containers](https://docs.docker.com/engine/reference/run/#container-identification).
+	// The UUID might be abbreviated.
 	//
 	// Type: string
 	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: 'opentelemetry-family'
-	AWSECSTaskFamilyKey = attribute.Key("aws.ecs.task.family")
+	// Stability: experimental
+	// Examples: 'a3bf90e006b2'
+	ContainerIDKey = attribute.Key("container.id")
 
-	// AWSECSTaskRevisionKey is the attribute Key conforming to the
-	// "aws.ecs.task.revision" semantic conventions. It represents the revision
-	// for this task definition.
+	// ContainerImageIDKey is the attribute Key conforming to the
+	// "container.image.id" semantic conventions. It represents the runtime
+	// specific image identifier. Usually a hash algorithm followed by a UUID.
 	//
 	// Type: string
 	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: '8', '26'
-	AWSECSTaskRevisionKey = attribute.Key("aws.ecs.task.revision")
-)
-
-var (
-	// ec2
-	AWSECSLaunchtypeEC2 = AWSECSLaunchtypeKey.String("ec2")
-	// fargate
-	AWSECSLaunchtypeFargate = AWSECSLaunchtypeKey.String("fargate")
-)
-
-// AWSECSContainerARN returns an attribute KeyValue conforming to the
-// "aws.ecs.container.arn" semantic conventions. It represents the Amazon
-// Resource Name (ARN) of an [ECS container
-// instance](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ECS_instances.html).
-func AWSECSContainerARN(val string) attribute.KeyValue {
-	return AWSECSContainerARNKey.String(val)
-}
-
-// AWSECSClusterARN returns an attribute KeyValue conforming to the
-// "aws.ecs.cluster.arn" semantic conventions. It represents the ARN of an [ECS
-// cluster](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/clusters.html).
-func AWSECSClusterARN(val string) attribute.KeyValue {
-	return AWSECSClusterARNKey.String(val)
-}
-
-// AWSECSTaskARN returns an attribute KeyValue conforming to the
-// "aws.ecs.task.arn" semantic conventions. It represents the ARN of an [ECS
-// task
-// definition](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definitions.html).
-func AWSECSTaskARN(val string) attribute.KeyValue {
-	return AWSECSTaskARNKey.String(val)
-}
-
-// AWSECSTaskFamily returns an attribute KeyValue conforming to the
-// "aws.ecs.task.family" semantic conventions. It represents the task
-// definition family this task definition is a member of.
-func AWSECSTaskFamily(val string) attribute.KeyValue {
-	return AWSECSTaskFamilyKey.String(val)
-}
-
-// AWSECSTaskRevision returns an attribute KeyValue conforming to the
-// "aws.ecs.task.revision" semantic conventions. It represents the revision for
-// this task definition.
-func AWSECSTaskRevision(val string) attribute.KeyValue {
-	return AWSECSTaskRevisionKey.String(val)
-}
+	// Stability: experimental
+	// Examples:
+	// 'sha256:19c92d0a00d1b66d897bceaa7319bee0dd38a10a851c60bcec9474aa3f01e50f'
+	// Note: Docker defines a sha256 of the image id; `container.image.id`
+	// corresponds to the `Image` field from the Docker container inspect
+	// [API](https://docs.docker.com/engine/api/v1.43/#tag/Container/operation/ContainerInspect)
+	// endpoint.
+	// K8S defines a link to the container registry repository with digest
+	// `"imageID": "registry.azurecr.io
+	// /namespace/service/dockerfile@sha256:bdeabd40c3a8a492eaf9e8e44d0ebbb84bac7ee25ac0cf8a7159d25f62555625"`.
+	// The ID is assinged by the container runtime and can vary in different
+	// environments. Consider using `oci.manifest.digest` if it is important to
+	// identify the same image in different environments/runtimes.
+	ContainerImageIDKey = attribute.Key("container.image.id")
 
-// Resources used by AWS Elastic Kubernetes Service (EKS).
-const (
-	// AWSEKSClusterARNKey is the attribute Key conforming to the
-	// "aws.eks.cluster.arn" semantic conventions. It represents the ARN of an
-	// EKS cluster.
+	// ContainerImageNameKey is the attribute Key conforming to the
+	// "container.image.name" semantic conventions. It represents the name of
+	// the image the container was built on.
 	//
 	// Type: string
 	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: 'arn:aws:ecs:us-west-2:123456789123:cluster/my-cluster'
-	AWSEKSClusterARNKey = attribute.Key("aws.eks.cluster.arn")
-)
-
-// AWSEKSClusterARN returns an attribute KeyValue conforming to the
-// "aws.eks.cluster.arn" semantic conventions. It represents the ARN of an EKS
-// cluster.
-func AWSEKSClusterARN(val string) attribute.KeyValue {
-	return AWSEKSClusterARNKey.String(val)
-}
+	// Stability: experimental
+	// Examples: 'gcr.io/opentelemetry/operator'
+	ContainerImageNameKey = attribute.Key("container.image.name")
 
-// Resources specific to Amazon Web Services.
-const (
-	// AWSLogGroupNamesKey is the attribute Key conforming to the
-	// "aws.log.group.names" semantic conventions. It represents the name(s) of
-	// the AWS log group(s) an application is writing to.
+	// ContainerImageRepoDigestsKey is the attribute Key conforming to the
+	// "container.image.repo_digests" semantic conventions. It represents the
+	// repo digests of the container image as provided by the container
+	// runtime.
 	//
 	// Type: string[]
 	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: '/aws/lambda/my-function', 'opentelemetry-service'
-	// Note: Multiple log groups must be supported for cases like
-	// multi-container applications, where a single application has sidecar
-	// containers, and each write to their own log group.
-	AWSLogGroupNamesKey = attribute.Key("aws.log.group.names")
-
-	// AWSLogGroupARNsKey is the attribute Key conforming to the
-	// "aws.log.group.arns" semantic conventions. It represents the Amazon
-	// Resource Name(s) (ARN) of the AWS log group(s).
+	// Stability: experimental
+	// Examples:
+	// 'example@sha256:afcc7f1ac1b49db317a7196c902e61c6c3c4607d63599ee1a82d702d249a0ccb',
+	// 'internal.registry.example.com:5000/example@sha256:b69959407d21e8a062e0416bf13405bb2b71ed7a84dde4158ebafacfa06f5578'
+	// Note:
+	// [Docker](https://docs.docker.com/engine/api/v1.43/#tag/Image/operation/ImageInspect)
+	// and
+	// [CRI](https://github.com/kubernetes/cri-api/blob/c75ef5b473bbe2d0a4fc92f82235efd665ea8e9f/pkg/apis/runtime/v1/api.proto#L1237-L1238)
+	// report those under the `RepoDigests` field.
+	ContainerImageRepoDigestsKey = attribute.Key("container.image.repo_digests")
+
+	// ContainerImageTagsKey is the attribute Key conforming to the
+	// "container.image.tags" semantic conventions. It represents the container
+	// image tags. An example can be found in [Docker Image
+	// Inspect](https://docs.docker.com/engine/api/v1.43/#tag/Image/operation/ImageInspect).
+	// Should be only the `<tag>` section of the full name for example from
+	// `registry.example.com/my-org/my-image:<tag>`.
 	//
 	// Type: string[]
 	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples:
-	// 'arn:aws:logs:us-west-1:123456789012:log-group:/aws/my/group:*'
-	// Note: See the [log group ARN format
-	// documentation](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/iam-access-control-overview-cwl.html#CWL_ARN_Format).
-	AWSLogGroupARNsKey = attribute.Key("aws.log.group.arns")
+	// Stability: experimental
+	// Examples: 'v1.27.1', '3.5.7-0'
+	ContainerImageTagsKey = attribute.Key("container.image.tags")
 
-	// AWSLogStreamNamesKey is the attribute Key conforming to the
-	// "aws.log.stream.names" semantic conventions. It represents the name(s)
-	// of the AWS log stream(s) an application is writing to.
+	// ContainerNameKey is the attribute Key conforming to the "container.name"
+	// semantic conventions. It represents the container name used by container
+	// runtime.
 	//
-	// Type: string[]
+	// Type: string
 	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: 'logs/main/10838bed-421f-43ef-870a-f43feacbbb5b'
-	AWSLogStreamNamesKey = attribute.Key("aws.log.stream.names")
+	// Stability: experimental
+	// Examples: 'opentelemetry-autoconf'
+	ContainerNameKey = attribute.Key("container.name")
 
-	// AWSLogStreamARNsKey is the attribute Key conforming to the
-	// "aws.log.stream.arns" semantic conventions. It represents the ARN(s) of
-	// the AWS log stream(s).
+	// ContainerRuntimeKey is the attribute Key conforming to the
+	// "container.runtime" semantic conventions. It represents the container
+	// runtime managing this container.
 	//
-	// Type: string[]
+	// Type: string
 	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples:
-	// 'arn:aws:logs:us-west-1:123456789012:log-group:/aws/my/group:log-stream:logs/main/10838bed-421f-43ef-870a-f43feacbbb5b'
-	// Note: See the [log stream ARN format
-	// documentation](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/iam-access-control-overview-cwl.html#CWL_ARN_Format).
-	// One log group can contain several log streams, so these ARNs necessarily
-	// identify both a log group and a log stream.
-	AWSLogStreamARNsKey = attribute.Key("aws.log.stream.arns")
+	// Stability: experimental
+	// Examples: 'docker', 'containerd', 'rkt'
+	ContainerRuntimeKey = attribute.Key("container.runtime")
 )
 
-// AWSLogGroupNames returns an attribute KeyValue conforming to the
-// "aws.log.group.names" semantic conventions. It represents the name(s) of the
-// AWS log group(s) an application is writing to.
-func AWSLogGroupNames(val ...string) attribute.KeyValue {
-	return AWSLogGroupNamesKey.StringSlice(val)
+// ContainerCommand returns an attribute KeyValue conforming to the
+// "container.command" semantic conventions. It represents the command used to
+// run the container (i.e. the command name).
+func ContainerCommand(val string) attribute.KeyValue {
+	return ContainerCommandKey.String(val)
 }
 
-// AWSLogGroupARNs returns an attribute KeyValue conforming to the
-// "aws.log.group.arns" semantic conventions. It represents the Amazon Resource
-// Name(s) (ARN) of the AWS log group(s).
-func AWSLogGroupARNs(val ...string) attribute.KeyValue {
-	return AWSLogGroupARNsKey.StringSlice(val)
+// ContainerCommandArgs returns an attribute KeyValue conforming to the
+// "container.command_args" semantic conventions. It represents the all the
+// command arguments (including the command/executable itself) run by the
+// container. [2]
+func ContainerCommandArgs(val ...string) attribute.KeyValue {
+	return ContainerCommandArgsKey.StringSlice(val)
 }
 
-// AWSLogStreamNames returns an attribute KeyValue conforming to the
-// "aws.log.stream.names" semantic conventions. It represents the name(s) of
-// the AWS log stream(s) an application is writing to.
-func AWSLogStreamNames(val ...string) attribute.KeyValue {
-	return AWSLogStreamNamesKey.StringSlice(val)
+// ContainerCommandLine returns an attribute KeyValue conforming to the
+// "container.command_line" semantic conventions. It represents the full
+// command run by the container as a single string representing the full
+// command. [2]
+func ContainerCommandLine(val string) attribute.KeyValue {
+	return ContainerCommandLineKey.String(val)
 }
 
-// AWSLogStreamARNs returns an attribute KeyValue conforming to the
-// "aws.log.stream.arns" semantic conventions. It represents the ARN(s) of the
-// AWS log stream(s).
-func AWSLogStreamARNs(val ...string) attribute.KeyValue {
-	return AWSLogStreamARNsKey.StringSlice(val)
+// ContainerID returns an attribute KeyValue conforming to the
+// "container.id" semantic conventions. It represents the container ID. Usually
+// a UUID, as for example used to [identify Docker
+// containers](https://docs.docker.com/engine/reference/run/#container-identification).
+// The UUID might be abbreviated.
+func ContainerID(val string) attribute.KeyValue {
+	return ContainerIDKey.String(val)
 }
 
-// Resource used by Google Cloud Run.
-const (
-	// GCPCloudRunJobExecutionKey is the attribute Key conforming to the
-	// "gcp.cloud_run.job.execution" semantic conventions. It represents the
-	// name of the Cloud Run
-	// [execution](https://cloud.google.com/run/docs/managing/job-executions)
-	// being run for the Job, as set by the
-	// [`CLOUD_RUN_EXECUTION`](https://cloud.google.com/run/docs/container-contract#jobs-env-vars)
-	// environment variable.
-	//
-	// Type: string
-	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: 'job-name-xxxx', 'sample-job-mdw84'
-	GCPCloudRunJobExecutionKey = attribute.Key("gcp.cloud_run.job.execution")
+// ContainerImageID returns an attribute KeyValue conforming to the
+// "container.image.id" semantic conventions. It represents the runtime
+// specific image identifier. Usually a hash algorithm followed by a UUID.
+func ContainerImageID(val string) attribute.KeyValue {
+	return ContainerImageIDKey.String(val)
+}
 
-	// GCPCloudRunJobTaskIndexKey is the attribute Key conforming to the
-	// "gcp.cloud_run.job.task_index" semantic conventions. It represents the
-	// index for a task within an execution as provided by the
-	// [`CLOUD_RUN_TASK_INDEX`](https://cloud.google.com/run/docs/container-contract#jobs-env-vars)
-	// environment variable.
-	//
-	// Type: int
-	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: 0, 1
-	GCPCloudRunJobTaskIndexKey = attribute.Key("gcp.cloud_run.job.task_index")
-)
+// ContainerImageName returns an attribute KeyValue conforming to the
+// "container.image.name" semantic conventions. It represents the name of the
+// image the container was built on.
+func ContainerImageName(val string) attribute.KeyValue {
+	return ContainerImageNameKey.String(val)
+}
 
-// GCPCloudRunJobExecution returns an attribute KeyValue conforming to the
-// "gcp.cloud_run.job.execution" semantic conventions. It represents the name
-// of the Cloud Run
-// [execution](https://cloud.google.com/run/docs/managing/job-executions) being
-// run for the Job, as set by the
-// [`CLOUD_RUN_EXECUTION`](https://cloud.google.com/run/docs/container-contract#jobs-env-vars)
-// environment variable.
-func GCPCloudRunJobExecution(val string) attribute.KeyValue {
-	return GCPCloudRunJobExecutionKey.String(val)
+// ContainerImageRepoDigests returns an attribute KeyValue conforming to the
+// "container.image.repo_digests" semantic conventions. It represents the repo
+// digests of the container image as provided by the container runtime.
+func ContainerImageRepoDigests(val ...string) attribute.KeyValue {
+	return ContainerImageRepoDigestsKey.StringSlice(val)
 }
 
-// GCPCloudRunJobTaskIndex returns an attribute KeyValue conforming to the
-// "gcp.cloud_run.job.task_index" semantic conventions. It represents the index
-// for a task within an execution as provided by the
-// [`CLOUD_RUN_TASK_INDEX`](https://cloud.google.com/run/docs/container-contract#jobs-env-vars)
-// environment variable.
-func GCPCloudRunJobTaskIndex(val int) attribute.KeyValue {
-	return GCPCloudRunJobTaskIndexKey.Int(val)
+// ContainerImageTags returns an attribute KeyValue conforming to the
+// "container.image.tags" semantic conventions. It represents the container
+// image tags. An example can be found in [Docker Image
+// Inspect](https://docs.docker.com/engine/api/v1.43/#tag/Image/operation/ImageInspect).
+// Should be only the `<tag>` section of the full name for example from
+// `registry.example.com/my-org/my-image:<tag>`.
+func ContainerImageTags(val ...string) attribute.KeyValue {
+	return ContainerImageTagsKey.StringSlice(val)
 }
 
-// Resources used by Google Compute Engine (GCE).
+// ContainerName returns an attribute KeyValue conforming to the
+// "container.name" semantic conventions. It represents the container name used
+// by container runtime.
+func ContainerName(val string) attribute.KeyValue {
+	return ContainerNameKey.String(val)
+}
+
+// ContainerRuntime returns an attribute KeyValue conforming to the
+// "container.runtime" semantic conventions. It represents the container
+// runtime managing this container.
+func ContainerRuntime(val string) attribute.KeyValue {
+	return ContainerRuntimeKey.String(val)
+}
+
+// Describes device attributes.
 const (
-	// GCPGceInstanceNameKey is the attribute Key conforming to the
-	// "gcp.gce.instance.name" semantic conventions. It represents the instance
-	// name of a GCE instance. This is the value provided by `host.name`, the
-	// visible name of the instance in the Cloud Console UI, and the prefix for
-	// the default hostname of the instance as defined by the [default internal
-	// DNS
-	// name](https://cloud.google.com/compute/docs/internal-dns#instance-fully-qualified-domain-names).
+	// DeviceIDKey is the attribute Key conforming to the "device.id" semantic
+	// conventions. It represents a unique identifier representing the device
 	//
 	// Type: string
 	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: 'instance-1', 'my-vm-name'
-	GCPGceInstanceNameKey = attribute.Key("gcp.gce.instance.name")
-
-	// GCPGceInstanceHostnameKey is the attribute Key conforming to the
-	// "gcp.gce.instance.hostname" semantic conventions. It represents the
-	// hostname of a GCE instance. This is the full value of the default or
-	// [custom
-	// hostname](https://cloud.google.com/compute/docs/instances/custom-hostname-vm).
-	//
-	// Type: string
-	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: 'my-host1234.example.com',
-	// 'sample-vm.us-west1-b.c.my-project.internal'
-	GCPGceInstanceHostnameKey = attribute.Key("gcp.gce.instance.hostname")
-)
-
-// GCPGceInstanceName returns an attribute KeyValue conforming to the
-// "gcp.gce.instance.name" semantic conventions. It represents the instance
-// name of a GCE instance. This is the value provided by `host.name`, the
-// visible name of the instance in the Cloud Console UI, and the prefix for the
-// default hostname of the instance as defined by the [default internal DNS
-// name](https://cloud.google.com/compute/docs/internal-dns#instance-fully-qualified-domain-names).
-func GCPGceInstanceName(val string) attribute.KeyValue {
-	return GCPGceInstanceNameKey.String(val)
-}
-
-// GCPGceInstanceHostname returns an attribute KeyValue conforming to the
-// "gcp.gce.instance.hostname" semantic conventions. It represents the hostname
-// of a GCE instance. This is the full value of the default or [custom
-// hostname](https://cloud.google.com/compute/docs/instances/custom-hostname-vm).
-func GCPGceInstanceHostname(val string) attribute.KeyValue {
-	return GCPGceInstanceHostnameKey.String(val)
-}
+	// Stability: experimental
+	// Examples: '2ab2916d-a51f-4ac8-80ee-45ac31a28092'
+	// Note: The device identifier MUST only be defined using the values
+	// outlined below. This value is not an advertising identifier and MUST NOT
+	// be used as such. On iOS (Swift or Objective-C), this value MUST be equal
+	// to the [vendor
+	// identifier](https://developer.apple.com/documentation/uikit/uidevice/1620059-identifierforvendor).
+	// On Android (Java or Kotlin), this value MUST be equal to the Firebase
+	// Installation ID or a globally unique UUID which is persisted across
+	// sessions in your application. More information can be found
+	// [here](https://developer.android.com/training/articles/user-data-ids) on
+	// best practices and exact implementation details. Caution should be taken
+	// when storing personal data or anything which can identify a user. GDPR
+	// and data protection laws may apply, ensure you do your own due
+	// diligence.
+	DeviceIDKey = attribute.Key("device.id")
 
-// Heroku dyno metadata
-const (
-	// HerokuReleaseCreationTimestampKey is the attribute Key conforming to the
-	// "heroku.release.creation_timestamp" semantic conventions. It represents
-	// the time and date the release was created
+	// DeviceManufacturerKey is the attribute Key conforming to the
+	// "device.manufacturer" semantic conventions. It represents the name of
+	// the device manufacturer
 	//
 	// Type: string
 	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: '2022-10-23T18:00:42Z'
-	HerokuReleaseCreationTimestampKey = attribute.Key("heroku.release.creation_timestamp")
+	// Stability: experimental
+	// Examples: 'Apple', 'Samsung'
+	// Note: The Android OS provides this field via
+	// [Build](https://developer.android.com/reference/android/os/Build#MANUFACTURER).
+	// iOS apps SHOULD hardcode the value `Apple`.
+	DeviceManufacturerKey = attribute.Key("device.manufacturer")
 
-	// HerokuReleaseCommitKey is the attribute Key conforming to the
-	// "heroku.release.commit" semantic conventions. It represents the commit
-	// hash for the current release
+	// DeviceModelIdentifierKey is the attribute Key conforming to the
+	// "device.model.identifier" semantic conventions. It represents the model
+	// identifier for the device
 	//
 	// Type: string
 	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: 'e6134959463efd8966b20e75b913cafe3f5ec'
-	HerokuReleaseCommitKey = attribute.Key("heroku.release.commit")
+	// Stability: experimental
+	// Examples: 'iPhone3,4', 'SM-G920F'
+	// Note: It's recommended this value represents a machine-readable version
+	// of the model identifier rather than the market or consumer-friendly name
+	// of the device.
+	DeviceModelIdentifierKey = attribute.Key("device.model.identifier")
 
-	// HerokuAppIDKey is the attribute Key conforming to the "heroku.app.id"
-	// semantic conventions. It represents the unique identifier for the
-	// application
+	// DeviceModelNameKey is the attribute Key conforming to the
+	// "device.model.name" semantic conventions. It represents the marketing
+	// name for the device model
 	//
 	// Type: string
 	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: '2daa2797-e42b-4624-9322-ec3f968df4da'
-	HerokuAppIDKey = attribute.Key("heroku.app.id")
+	// Stability: experimental
+	// Examples: 'iPhone 6s Plus', 'Samsung Galaxy S6'
+	// Note: It's recommended this value represents a human-readable version of
+	// the device model rather than a machine-readable alternative.
+	DeviceModelNameKey = attribute.Key("device.model.name")
 )
 
-// HerokuReleaseCreationTimestamp returns an attribute KeyValue conforming
-// to the "heroku.release.creation_timestamp" semantic conventions. It
-// represents the time and date the release was created
-func HerokuReleaseCreationTimestamp(val string) attribute.KeyValue {
-	return HerokuReleaseCreationTimestampKey.String(val)
+// DeviceID returns an attribute KeyValue conforming to the "device.id"
+// semantic conventions. It represents a unique identifier representing the
+// device
+func DeviceID(val string) attribute.KeyValue {
+	return DeviceIDKey.String(val)
 }
 
-// HerokuReleaseCommit returns an attribute KeyValue conforming to the
-// "heroku.release.commit" semantic conventions. It represents the commit hash
-// for the current release
-func HerokuReleaseCommit(val string) attribute.KeyValue {
-	return HerokuReleaseCommitKey.String(val)
+// DeviceManufacturer returns an attribute KeyValue conforming to the
+// "device.manufacturer" semantic conventions. It represents the name of the
+// device manufacturer
+func DeviceManufacturer(val string) attribute.KeyValue {
+	return DeviceManufacturerKey.String(val)
 }
 
-// HerokuAppID returns an attribute KeyValue conforming to the
-// "heroku.app.id" semantic conventions. It represents the unique identifier
-// for the application
-func HerokuAppID(val string) attribute.KeyValue {
-	return HerokuAppIDKey.String(val)
+// DeviceModelIdentifier returns an attribute KeyValue conforming to the
+// "device.model.identifier" semantic conventions. It represents the model
+// identifier for the device
+func DeviceModelIdentifier(val string) attribute.KeyValue {
+	return DeviceModelIdentifierKey.String(val)
 }
 
-// A container instance.
+// DeviceModelName returns an attribute KeyValue conforming to the
+// "device.model.name" semantic conventions. It represents the marketing name
+// for the device model
+func DeviceModelName(val string) attribute.KeyValue {
+	return DeviceModelNameKey.String(val)
+}
+
+// A host is defined as a computing instance. For example, physical servers,
+// virtual machines, switches or disk array.
 const (
-	// ContainerNameKey is the attribute Key conforming to the "container.name"
-	// semantic conventions. It represents the container name used by container
-	// runtime.
+	// HostArchKey is the attribute Key conforming to the "host.arch" semantic
+	// conventions. It represents the CPU architecture the host system is
+	// running on.
+	//
+	// Type: Enum
+	// RequirementLevel: Optional
+	// Stability: experimental
+	HostArchKey = attribute.Key("host.arch")
+
+	// HostCPUCacheL2SizeKey is the attribute Key conforming to the
+	// "host.cpu.cache.l2.size" semantic conventions. It represents the amount
+	// of level 2 memory cache available to the processor (in Bytes).
+	//
+	// Type: int
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 12288000
+	HostCPUCacheL2SizeKey = attribute.Key("host.cpu.cache.l2.size")
+
+	// HostCPUFamilyKey is the attribute Key conforming to the
+	// "host.cpu.family" semantic conventions. It represents the family or
+	// generation of the CPU.
 	//
 	// Type: string
 	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: 'opentelemetry-autoconf'
-	ContainerNameKey = attribute.Key("container.name")
+	// Stability: experimental
+	// Examples: '6', 'PA-RISC 1.1e'
+	HostCPUFamilyKey = attribute.Key("host.cpu.family")
 
-	// ContainerIDKey is the attribute Key conforming to the "container.id"
-	// semantic conventions. It represents the container ID. Usually a UUID, as
-	// for example used to [identify Docker
-	// containers](https://docs.docker.com/engine/reference/run/#container-identification).
-	// The UUID might be abbreviated.
+	// HostCPUModelIDKey is the attribute Key conforming to the
+	// "host.cpu.model.id" semantic conventions. It represents the model
+	// identifier. It provides more granular information about the CPU,
+	// distinguishing it from other CPUs within the same family.
 	//
 	// Type: string
 	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: 'a3bf90e006b2'
-	ContainerIDKey = attribute.Key("container.id")
+	// Stability: experimental
+	// Examples: '6', '9000/778/B180L'
+	HostCPUModelIDKey = attribute.Key("host.cpu.model.id")
 
-	// ContainerRuntimeKey is the attribute Key conforming to the
-	// "container.runtime" semantic conventions. It represents the container
-	// runtime managing this container.
+	// HostCPUModelNameKey is the attribute Key conforming to the
+	// "host.cpu.model.name" semantic conventions. It represents the model
+	// designation of the processor.
 	//
 	// Type: string
 	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: 'docker', 'containerd', 'rkt'
-	ContainerRuntimeKey = attribute.Key("container.runtime")
+	// Stability: experimental
+	// Examples: '11th Gen Intel(R) Core(TM) i7-1185G7 @ 3.00GHz'
+	HostCPUModelNameKey = attribute.Key("host.cpu.model.name")
 
-	// ContainerImageNameKey is the attribute Key conforming to the
-	// "container.image.name" semantic conventions. It represents the name of
-	// the image the container was built on.
+	// HostCPUSteppingKey is the attribute Key conforming to the
+	// "host.cpu.stepping" semantic conventions. It represents the stepping or
+	// core revisions.
+	//
+	// Type: int
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 1
+	HostCPUSteppingKey = attribute.Key("host.cpu.stepping")
+
+	// HostCPUVendorIDKey is the attribute Key conforming to the
+	// "host.cpu.vendor.id" semantic conventions. It represents the processor
+	// manufacturer identifier. A maximum 12-character string.
 	//
 	// Type: string
 	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: 'gcr.io/opentelemetry/operator'
-	ContainerImageNameKey = attribute.Key("container.image.name")
+	// Stability: experimental
+	// Examples: 'GenuineIntel'
+	// Note: [CPUID](https://wiki.osdev.org/CPUID) command returns the vendor
+	// ID string in EBX, EDX and ECX registers. Writing these to memory in this
+	// order results in a 12-character string.
+	HostCPUVendorIDKey = attribute.Key("host.cpu.vendor.id")
 
-	// ContainerImageTagKey is the attribute Key conforming to the
-	// "container.image.tag" semantic conventions. It represents the container
-	// image tag.
+	// HostIDKey is the attribute Key conforming to the "host.id" semantic
+	// conventions. It represents the unique host ID. For Cloud, this must be
+	// the instance_id assigned by the cloud provider. For non-containerized
+	// systems, this should be the `machine-id`. See the table below for the
+	// sources to use to determine the `machine-id` based on operating system.
 	//
 	// Type: string
 	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: '0.1'
-	ContainerImageTagKey = attribute.Key("container.image.tag")
+	// Stability: experimental
+	// Examples: 'fdbf79e8af94cb7f9e8df36789187052'
+	HostIDKey = attribute.Key("host.id")
 
-	// ContainerImageIDKey is the attribute Key conforming to the
-	// "container.image.id" semantic conventions. It represents the runtime
-	// specific image identifier. Usually a hash algorithm followed by a UUID.
+	// HostImageIDKey is the attribute Key conforming to the "host.image.id"
+	// semantic conventions. It represents the vM image ID or host OS image ID.
+	// For Cloud, this value is from the provider.
 	//
 	// Type: string
 	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples:
-	// 'sha256:19c92d0a00d1b66d897bceaa7319bee0dd38a10a851c60bcec9474aa3f01e50f'
-	// Note: Docker defines a sha256 of the image id; `container.image.id`
-	// corresponds to the `Image` field from the Docker container inspect
-	// [API](https://docs.docker.com/engine/api/v1.43/#tag/Container/operation/ContainerInspect)
-	// endpoint.
-	// K8S defines a link to the container registry repository with digest
-	// `"imageID": "registry.azurecr.io
-	// /namespace/service/dockerfile@sha256:bdeabd40c3a8a492eaf9e8e44d0ebbb84bac7ee25ac0cf8a7159d25f62555625"`.
-	// OCI defines a digest of manifest.
-	ContainerImageIDKey = attribute.Key("container.image.id")
+	// Stability: experimental
+	// Examples: 'ami-07b06b442921831e5'
+	HostImageIDKey = attribute.Key("host.image.id")
 
-	// ContainerCommandKey is the attribute Key conforming to the
-	// "container.command" semantic conventions. It represents the command used
-	// to run the container (i.e. the command name).
+	// HostImageNameKey is the attribute Key conforming to the
+	// "host.image.name" semantic conventions. It represents the name of the VM
+	// image or OS install the host was instantiated from.
 	//
 	// Type: string
 	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: 'otelcontribcol'
-	// Note: If using embedded credentials or sensitive data, it is recommended
-	// to remove them to prevent potential leakage.
-	ContainerCommandKey = attribute.Key("container.command")
+	// Stability: experimental
+	// Examples: 'infra-ami-eks-worker-node-7d4ec78312', 'CentOS-8-x86_64-1905'
+	HostImageNameKey = attribute.Key("host.image.name")
 
-	// ContainerCommandLineKey is the attribute Key conforming to the
-	// "container.command_line" semantic conventions. It represents the full
-	// command run by the container as a single string representing the full
-	// command. [2]
+	// HostImageVersionKey is the attribute Key conforming to the
+	// "host.image.version" semantic conventions. It represents the version
+	// string of the VM image or host OS as defined in [Version
+	// Attributes](/docs/resource/README.md#version-attributes).
 	//
 	// Type: string
 	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: 'otelcontribcol --config config.yaml'
-	ContainerCommandLineKey = attribute.Key("container.command_line")
+	// Stability: experimental
+	// Examples: '0.1'
+	HostImageVersionKey = attribute.Key("host.image.version")
 
-	// ContainerCommandArgsKey is the attribute Key conforming to the
-	// "container.command_args" semantic conventions. It represents the all the
-	// command arguments (including the command/executable itself) run by the
-	// container. [2]
+	// HostIPKey is the attribute Key conforming to the "host.ip" semantic
+	// conventions. It represents the available IP addresses of the host,
+	// excluding loopback interfaces.
 	//
 	// Type: string[]
 	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: 'otelcontribcol, --config, config.yaml'
-	ContainerCommandArgsKey = attribute.Key("container.command_args")
-)
+	// Stability: experimental
+	// Examples: '192.168.1.140', 'fe80::abc2:4a28:737a:609e'
+	// Note: IPv4 Addresses MUST be specified in dotted-quad notation. IPv6
+	// addresses MUST be specified in the [RFC
+	// 5952](https://www.rfc-editor.org/rfc/rfc5952.html) format.
+	HostIPKey = attribute.Key("host.ip")
 
-// ContainerName returns an attribute KeyValue conforming to the
-// "container.name" semantic conventions. It represents the container name used
-// by container runtime.
-func ContainerName(val string) attribute.KeyValue {
-	return ContainerNameKey.String(val)
-}
+	// HostMacKey is the attribute Key conforming to the "host.mac" semantic
+	// conventions. It represents the available MAC addresses of the host,
+	// excluding loopback interfaces.
+	//
+	// Type: string[]
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 'AC-DE-48-23-45-67', 'AC-DE-48-23-45-67-01-9F'
+	// Note: MAC Addresses MUST be represented in [IEEE RA hexadecimal
+	// form](https://standards.ieee.org/wp-content/uploads/import/documents/tutorials/eui.pdf):
+	// as hyphen-separated octets in uppercase hexadecimal form from most to
+	// least significant.
+	HostMacKey = attribute.Key("host.mac")
 
-// ContainerID returns an attribute KeyValue conforming to the
-// "container.id" semantic conventions. It represents the container ID. Usually
-// a UUID, as for example used to [identify Docker
-// containers](https://docs.docker.com/engine/reference/run/#container-identification).
-// The UUID might be abbreviated.
-func ContainerID(val string) attribute.KeyValue {
-	return ContainerIDKey.String(val)
-}
+	// HostNameKey is the attribute Key conforming to the "host.name" semantic
+	// conventions. It represents the name of the host. On Unix systems, it may
+	// contain what the hostname command returns, or the fully qualified
+	// hostname, or another name specified by the user.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 'opentelemetry-test'
+	HostNameKey = attribute.Key("host.name")
 
-// ContainerRuntime returns an attribute KeyValue conforming to the
-// "container.runtime" semantic conventions. It represents the container
-// runtime managing this container.
-func ContainerRuntime(val string) attribute.KeyValue {
-	return ContainerRuntimeKey.String(val)
-}
+	// HostTypeKey is the attribute Key conforming to the "host.type" semantic
+	// conventions. It represents the type of host. For Cloud, this must be the
+	// machine type.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 'n1-standard-1'
+	HostTypeKey = attribute.Key("host.type")
+)
 
-// ContainerImageName returns an attribute KeyValue conforming to the
-// "container.image.name" semantic conventions. It represents the name of the
-// image the container was built on.
-func ContainerImageName(val string) attribute.KeyValue {
-	return ContainerImageNameKey.String(val)
-}
+var (
+	// AMD64
+	HostArchAMD64 = HostArchKey.String("amd64")
+	// ARM32
+	HostArchARM32 = HostArchKey.String("arm32")
+	// ARM64
+	HostArchARM64 = HostArchKey.String("arm64")
+	// Itanium
+	HostArchIA64 = HostArchKey.String("ia64")
+	// 32-bit PowerPC
+	HostArchPPC32 = HostArchKey.String("ppc32")
+	// 64-bit PowerPC
+	HostArchPPC64 = HostArchKey.String("ppc64")
+	// IBM z/Architecture
+	HostArchS390x = HostArchKey.String("s390x")
+	// 32-bit x86
+	HostArchX86 = HostArchKey.String("x86")
+)
 
-// ContainerImageTag returns an attribute KeyValue conforming to the
-// "container.image.tag" semantic conventions. It represents the container
-// image tag.
-func ContainerImageTag(val string) attribute.KeyValue {
-	return ContainerImageTagKey.String(val)
+// HostCPUCacheL2Size returns an attribute KeyValue conforming to the
+// "host.cpu.cache.l2.size" semantic conventions. It represents the amount of
+// level 2 memory cache available to the processor (in Bytes).
+func HostCPUCacheL2Size(val int) attribute.KeyValue {
+	return HostCPUCacheL2SizeKey.Int(val)
 }
 
-// ContainerImageID returns an attribute KeyValue conforming to the
-// "container.image.id" semantic conventions. It represents the runtime
-// specific image identifier. Usually a hash algorithm followed by a UUID.
-func ContainerImageID(val string) attribute.KeyValue {
-	return ContainerImageIDKey.String(val)
+// HostCPUFamily returns an attribute KeyValue conforming to the
+// "host.cpu.family" semantic conventions. It represents the family or
+// generation of the CPU.
+func HostCPUFamily(val string) attribute.KeyValue {
+	return HostCPUFamilyKey.String(val)
 }
 
-// ContainerCommand returns an attribute KeyValue conforming to the
-// "container.command" semantic conventions. It represents the command used to
-// run the container (i.e. the command name).
-func ContainerCommand(val string) attribute.KeyValue {
-	return ContainerCommandKey.String(val)
+// HostCPUModelID returns an attribute KeyValue conforming to the
+// "host.cpu.model.id" semantic conventions. It represents the model
+// identifier. It provides more granular information about the CPU,
+// distinguishing it from other CPUs within the same family.
+func HostCPUModelID(val string) attribute.KeyValue {
+	return HostCPUModelIDKey.String(val)
 }
 
-// ContainerCommandLine returns an attribute KeyValue conforming to the
-// "container.command_line" semantic conventions. It represents the full
-// command run by the container as a single string representing the full
-// command. [2]
-func ContainerCommandLine(val string) attribute.KeyValue {
-	return ContainerCommandLineKey.String(val)
+// HostCPUModelName returns an attribute KeyValue conforming to the
+// "host.cpu.model.name" semantic conventions. It represents the model
+// designation of the processor.
+func HostCPUModelName(val string) attribute.KeyValue {
+	return HostCPUModelNameKey.String(val)
 }
 
-// ContainerCommandArgs returns an attribute KeyValue conforming to the
-// "container.command_args" semantic conventions. It represents the all the
-// command arguments (including the command/executable itself) run by the
-// container. [2]
-func ContainerCommandArgs(val ...string) attribute.KeyValue {
-	return ContainerCommandArgsKey.StringSlice(val)
+// HostCPUStepping returns an attribute KeyValue conforming to the
+// "host.cpu.stepping" semantic conventions. It represents the stepping or core
+// revisions.
+func HostCPUStepping(val int) attribute.KeyValue {
+	return HostCPUSteppingKey.Int(val)
 }
 
-// The software deployment.
-const (
-	// DeploymentEnvironmentKey is the attribute Key conforming to the
-	// "deployment.environment" semantic conventions. It represents the name of
-	// the [deployment
-	// environment](https://en.wikipedia.org/wiki/Deployment_environment) (aka
-	// deployment tier).
-	//
-	// Type: string
-	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: 'staging', 'production'
-	DeploymentEnvironmentKey = attribute.Key("deployment.environment")
-)
-
-// DeploymentEnvironment returns an attribute KeyValue conforming to the
-// "deployment.environment" semantic conventions. It represents the name of the
-// [deployment
-// environment](https://en.wikipedia.org/wiki/Deployment_environment) (aka
-// deployment tier).
-func DeploymentEnvironment(val string) attribute.KeyValue {
-	return DeploymentEnvironmentKey.String(val)
+// HostCPUVendorID returns an attribute KeyValue conforming to the
+// "host.cpu.vendor.id" semantic conventions. It represents the processor
+// manufacturer identifier. A maximum 12-character string.
+func HostCPUVendorID(val string) attribute.KeyValue {
+	return HostCPUVendorIDKey.String(val)
 }
 
-// The device on which the process represented by this resource is running.
-const (
-	// DeviceIDKey is the attribute Key conforming to the "device.id" semantic
-	// conventions. It represents a unique identifier representing the device
-	//
-	// Type: string
-	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: '2ab2916d-a51f-4ac8-80ee-45ac31a28092'
-	// Note: The device identifier MUST only be defined using the values
-	// outlined below. This value is not an advertising identifier and MUST NOT
-	// be used as such. On iOS (Swift or Objective-C), this value MUST be equal
-	// to the [vendor
-	// identifier](https://developer.apple.com/documentation/uikit/uidevice/1620059-identifierforvendor).
-	// On Android (Java or Kotlin), this value MUST be equal to the Firebase
-	// Installation ID or a globally unique UUID which is persisted across
-	// sessions in your application. More information can be found
-	// [here](https://developer.android.com/training/articles/user-data-ids) on
-	// best practices and exact implementation details. Caution should be taken
-	// when storing personal data or anything which can identify a user. GDPR
-	// and data protection laws may apply, ensure you do your own due
-	// diligence.
-	DeviceIDKey = attribute.Key("device.id")
+// HostID returns an attribute KeyValue conforming to the "host.id" semantic
+// conventions. It represents the unique host ID. For Cloud, this must be the
+// instance_id assigned by the cloud provider. For non-containerized systems,
+// this should be the `machine-id`. See the table below for the sources to use
+// to determine the `machine-id` based on operating system.
+func HostID(val string) attribute.KeyValue {
+	return HostIDKey.String(val)
+}
 
-	// DeviceModelIdentifierKey is the attribute Key conforming to the
-	// "device.model.identifier" semantic conventions. It represents the model
-	// identifier for the device
-	//
-	// Type: string
-	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: 'iPhone3,4', 'SM-G920F'
-	// Note: It's recommended this value represents a machine readable version
-	// of the model identifier rather than the market or consumer-friendly name
-	// of the device.
-	DeviceModelIdentifierKey = attribute.Key("device.model.identifier")
+// HostImageID returns an attribute KeyValue conforming to the
+// "host.image.id" semantic conventions. It represents the vM image ID or host
+// OS image ID. For Cloud, this value is from the provider.
+func HostImageID(val string) attribute.KeyValue {
+	return HostImageIDKey.String(val)
+}
 
-	// DeviceModelNameKey is the attribute Key conforming to the
-	// "device.model.name" semantic conventions. It represents the marketing
-	// name for the device model
-	//
-	// Type: string
-	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: 'iPhone 6s Plus', 'Samsung Galaxy S6'
-	// Note: It's recommended this value represents a human readable version of
-	// the device model rather than a machine readable alternative.
-	DeviceModelNameKey = attribute.Key("device.model.name")
+// HostImageName returns an attribute KeyValue conforming to the
+// "host.image.name" semantic conventions. It represents the name of the VM
+// image or OS install the host was instantiated from.
+func HostImageName(val string) attribute.KeyValue {
+	return HostImageNameKey.String(val)
+}
 
-	// DeviceManufacturerKey is the attribute Key conforming to the
-	// "device.manufacturer" semantic conventions. It represents the name of
-	// the device manufacturer
-	//
-	// Type: string
-	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: 'Apple', 'Samsung'
-	// Note: The Android OS provides this field via
-	// [Build](https://developer.android.com/reference/android/os/Build#MANUFACTURER).
-	// iOS apps SHOULD hardcode the value `Apple`.
-	DeviceManufacturerKey = attribute.Key("device.manufacturer")
-)
+// HostImageVersion returns an attribute KeyValue conforming to the
+// "host.image.version" semantic conventions. It represents the version string
+// of the VM image or host OS as defined in [Version
+// Attributes](/docs/resource/README.md#version-attributes).
+func HostImageVersion(val string) attribute.KeyValue {
+	return HostImageVersionKey.String(val)
+}
 
-// DeviceID returns an attribute KeyValue conforming to the "device.id"
-// semantic conventions. It represents a unique identifier representing the
-// device
-func DeviceID(val string) attribute.KeyValue {
-	return DeviceIDKey.String(val)
+// HostIP returns an attribute KeyValue conforming to the "host.ip" semantic
+// conventions. It represents the available IP addresses of the host, excluding
+// loopback interfaces.
+func HostIP(val ...string) attribute.KeyValue {
+	return HostIPKey.StringSlice(val)
 }
 
-// DeviceModelIdentifier returns an attribute KeyValue conforming to the
-// "device.model.identifier" semantic conventions. It represents the model
-// identifier for the device
-func DeviceModelIdentifier(val string) attribute.KeyValue {
-	return DeviceModelIdentifierKey.String(val)
+// HostMac returns an attribute KeyValue conforming to the "host.mac"
+// semantic conventions. It represents the available MAC addresses of the host,
+// excluding loopback interfaces.
+func HostMac(val ...string) attribute.KeyValue {
+	return HostMacKey.StringSlice(val)
 }
 
-// DeviceModelName returns an attribute KeyValue conforming to the
-// "device.model.name" semantic conventions. It represents the marketing name
-// for the device model
-func DeviceModelName(val string) attribute.KeyValue {
-	return DeviceModelNameKey.String(val)
+// HostName returns an attribute KeyValue conforming to the "host.name"
+// semantic conventions. It represents the name of the host. On Unix systems,
+// it may contain what the hostname command returns, or the fully qualified
+// hostname, or another name specified by the user.
+func HostName(val string) attribute.KeyValue {
+	return HostNameKey.String(val)
 }
 
-// DeviceManufacturer returns an attribute KeyValue conforming to the
-// "device.manufacturer" semantic conventions. It represents the name of the
-// device manufacturer
-func DeviceManufacturer(val string) attribute.KeyValue {
-	return DeviceManufacturerKey.String(val)
+// HostType returns an attribute KeyValue conforming to the "host.type"
+// semantic conventions. It represents the type of host. For Cloud, this must
+// be the machine type.
+func HostType(val string) attribute.KeyValue {
+	return HostTypeKey.String(val)
 }
 
-// A serverless instance.
+// Kubernetes resource attributes.
 const (
-	// FaaSNameKey is the attribute Key conforming to the "faas.name" semantic
-	// conventions. It represents the name of the single function that this
-	// runtime instance executes.
+	// K8SClusterNameKey is the attribute Key conforming to the
+	// "k8s.cluster.name" semantic conventions. It represents the name of the
+	// cluster.
 	//
 	// Type: string
-	// RequirementLevel: Required
-	// Stability: stable
-	// Examples: 'my-function', 'myazurefunctionapp/some-function-name'
-	// Note: This is the name of the function as configured/deployed on the
-	// FaaS
-	// platform and is usually different from the name of the callback
-	// function (which may be stored in the
-	// [`code.namespace`/`code.function`](/docs/general/general-attributes.md#source-code-attributes)
-	// span attributes).
-	//
-	// For some cloud providers, the above definition is ambiguous. The
-	// following
-	// definition of function name MUST be used for this attribute
-	// (and consequently the span name) for the listed cloud
-	// providers/products:
-	//
-	// * **Azure:**  The full name `<FUNCAPP>/<FUNC>`, i.e., function app name
-	//   followed by a forward slash followed by the function name (this form
-	//   can also be seen in the resource JSON for the function).
-	//   This means that a span attribute MUST be used, as an Azure function
-	//   app can host multiple functions that would usually share
-	//   a TracerProvider (see also the `cloud.resource_id` attribute).
-	FaaSNameKey = attribute.Key("faas.name")
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 'opentelemetry-cluster'
+	K8SClusterNameKey = attribute.Key("k8s.cluster.name")
 
-	// FaaSVersionKey is the attribute Key conforming to the "faas.version"
-	// semantic conventions. It represents the immutable version of the
-	// function being executed.
+	// K8SClusterUIDKey is the attribute Key conforming to the
+	// "k8s.cluster.uid" semantic conventions. It represents a pseudo-ID for
+	// the cluster, set to the UID of the `kube-system` namespace.
 	//
 	// Type: string
 	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: '26', 'pinkfroid-00002'
-	// Note: Depending on the cloud provider and platform, use:
+	// Stability: experimental
+	// Examples: '218fc5a9-a5f1-4b54-aa05-46717d0ab26d'
+	// Note: K8S doesn't have support for obtaining a cluster ID. If this is
+	// ever
+	// added, we will recommend collecting the `k8s.cluster.uid` through the
+	// official APIs. In the meantime, we are able to use the `uid` of the
+	// `kube-system` namespace as a proxy for cluster ID. Read on for the
+	// rationale.
 	//
-	// * **AWS Lambda:** The [function
-	// version](https://docs.aws.amazon.com/lambda/latest/dg/configuration-versions.html)
-	//   (an integer represented as a decimal string).
-	// * **Google Cloud Run (Services):** The
-	// [revision](https://cloud.google.com/run/docs/managing/revisions)
-	//   (i.e., the function name plus the revision suffix).
-	// * **Google Cloud Functions:** The value of the
-	//   [`K_REVISION` environment
-	// variable](https://cloud.google.com/functions/docs/env-var#runtime_environment_variables_set_automatically).
-	// * **Azure Functions:** Not applicable. Do not set this attribute.
-	FaaSVersionKey = attribute.Key("faas.version")
+	// Every object created in a K8S cluster is assigned a distinct UID. The
+	// `kube-system` namespace is used by Kubernetes itself and will exist
+	// for the lifetime of the cluster. Using the `uid` of the `kube-system`
+	// namespace is a reasonable proxy for the K8S ClusterID as it will only
+	// change if the cluster is rebuilt. Furthermore, Kubernetes UIDs are
+	// UUIDs as standardized by
+	// [ISO/IEC 9834-8 and ITU-T
+	// X.667](https://www.itu.int/ITU-T/studygroups/com17/oid.html).
+	// Which states:
+	//
+	// > If generated according to one of the mechanisms defined in Rec.
+	//   ITU-T X.667 | ISO/IEC 9834-8, a UUID is either guaranteed to be
+	//   different from all other UUIDs generated before 3603 A.D., or is
+	//   extremely likely to be different (depending on the mechanism chosen).
+	//
+	// Therefore, UIDs between clusters should be extremely unlikely to
+	// conflict.
+	K8SClusterUIDKey = attribute.Key("k8s.cluster.uid")
 
-	// FaaSInstanceKey is the attribute Key conforming to the "faas.instance"
-	// semantic conventions. It represents the execution environment ID as a
-	// string, that will be potentially reused for other invocations to the
-	// same function/function version.
+	// K8SContainerNameKey is the attribute Key conforming to the
+	// "k8s.container.name" semantic conventions. It represents the name of the
+	// Container from Pod specification, must be unique within a Pod. Container
+	// runtime usually uses different globally unique name (`container.name`).
 	//
 	// Type: string
 	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: '2021/06/28/[$LATEST]2f399eb14537447da05ab2a2e39309de'
-	// Note: * **AWS Lambda:** Use the (full) log stream name.
-	FaaSInstanceKey = attribute.Key("faas.instance")
+	// Stability: experimental
+	// Examples: 'redis'
+	K8SContainerNameKey = attribute.Key("k8s.container.name")
 
-	// FaaSMaxMemoryKey is the attribute Key conforming to the
-	// "faas.max_memory" semantic conventions. It represents the amount of
-	// memory available to the serverless function converted to Bytes.
+	// K8SContainerRestartCountKey is the attribute Key conforming to the
+	// "k8s.container.restart_count" semantic conventions. It represents the
+	// number of times the container was restarted. This attribute can be used
+	// to identify a particular container (running or stopped) within a
+	// container spec.
 	//
 	// Type: int
 	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: 134217728
-	// Note: It's recommended to set this attribute since e.g. too little
-	// memory can easily stop a Java AWS Lambda function from working
-	// correctly. On AWS Lambda, the environment variable
-	// `AWS_LAMBDA_FUNCTION_MEMORY_SIZE` provides this information (which must
-	// be multiplied by 1,048,576).
-	FaaSMaxMemoryKey = attribute.Key("faas.max_memory")
-)
-
-// FaaSName returns an attribute KeyValue conforming to the "faas.name"
-// semantic conventions. It represents the name of the single function that
-// this runtime instance executes.
-func FaaSName(val string) attribute.KeyValue {
-	return FaaSNameKey.String(val)
-}
-
-// FaaSVersion returns an attribute KeyValue conforming to the
-// "faas.version" semantic conventions. It represents the immutable version of
-// the function being executed.
-func FaaSVersion(val string) attribute.KeyValue {
-	return FaaSVersionKey.String(val)
-}
-
-// FaaSInstance returns an attribute KeyValue conforming to the
-// "faas.instance" semantic conventions. It represents the execution
-// environment ID as a string, that will be potentially reused for other
-// invocations to the same function/function version.
-func FaaSInstance(val string) attribute.KeyValue {
-	return FaaSInstanceKey.String(val)
-}
-
-// FaaSMaxMemory returns an attribute KeyValue conforming to the
-// "faas.max_memory" semantic conventions. It represents the amount of memory
-// available to the serverless function converted to Bytes.
-func FaaSMaxMemory(val int) attribute.KeyValue {
-	return FaaSMaxMemoryKey.Int(val)
-}
+	// Stability: experimental
+	// Examples: 0, 2
+	K8SContainerRestartCountKey = attribute.Key("k8s.container.restart_count")
 
-// A host is defined as a computing instance. For example, physical servers,
-// virtual machines, switches or disk array.
-const (
-	// HostIDKey is the attribute Key conforming to the "host.id" semantic
-	// conventions. It represents the unique host ID. For Cloud, this must be
-	// the instance_id assigned by the cloud provider. For non-containerized
-	// systems, this should be the `machine-id`. See the table below for the
-	// sources to use to determine the `machine-id` based on operating system.
+	// K8SCronJobNameKey is the attribute Key conforming to the
+	// "k8s.cronjob.name" semantic conventions. It represents the name of the
+	// CronJob.
 	//
 	// Type: string
 	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: 'fdbf79e8af94cb7f9e8df36789187052'
-	HostIDKey = attribute.Key("host.id")
+	// Stability: experimental
+	// Examples: 'opentelemetry'
+	K8SCronJobNameKey = attribute.Key("k8s.cronjob.name")
 
-	// HostNameKey is the attribute Key conforming to the "host.name" semantic
-	// conventions. It represents the name of the host. On Unix systems, it may
-	// contain what the hostname command returns, or the fully qualified
-	// hostname, or another name specified by the user.
+	// K8SCronJobUIDKey is the attribute Key conforming to the
+	// "k8s.cronjob.uid" semantic conventions. It represents the UID of the
+	// CronJob.
 	//
 	// Type: string
 	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: 'opentelemetry-test'
-	HostNameKey = attribute.Key("host.name")
+	// Stability: experimental
+	// Examples: '275ecb36-5aa8-4c2a-9c47-d8bb681b9aff'
+	K8SCronJobUIDKey = attribute.Key("k8s.cronjob.uid")
 
-	// HostTypeKey is the attribute Key conforming to the "host.type" semantic
-	// conventions. It represents the type of host. For Cloud, this must be the
-	// machine type.
+	// K8SDaemonSetNameKey is the attribute Key conforming to the
+	// "k8s.daemonset.name" semantic conventions. It represents the name of the
+	// DaemonSet.
 	//
 	// Type: string
 	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: 'n1-standard-1'
-	HostTypeKey = attribute.Key("host.type")
+	// Stability: experimental
+	// Examples: 'opentelemetry'
+	K8SDaemonSetNameKey = attribute.Key("k8s.daemonset.name")
 
-	// HostArchKey is the attribute Key conforming to the "host.arch" semantic
-	// conventions. It represents the CPU architecture the host system is
-	// running on.
+	// K8SDaemonSetUIDKey is the attribute Key conforming to the
+	// "k8s.daemonset.uid" semantic conventions. It represents the UID of the
+	// DaemonSet.
 	//
-	// Type: Enum
+	// Type: string
 	// RequirementLevel: Optional
-	// Stability: stable
-	HostArchKey = attribute.Key("host.arch")
+	// Stability: experimental
+	// Examples: '275ecb36-5aa8-4c2a-9c47-d8bb681b9aff'
+	K8SDaemonSetUIDKey = attribute.Key("k8s.daemonset.uid")
 
-	// HostImageNameKey is the attribute Key conforming to the
-	// "host.image.name" semantic conventions. It represents the name of the VM
-	// image or OS install the host was instantiated from.
+	// K8SDeploymentNameKey is the attribute Key conforming to the
+	// "k8s.deployment.name" semantic conventions. It represents the name of
+	// the Deployment.
 	//
 	// Type: string
 	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: 'infra-ami-eks-worker-node-7d4ec78312', 'CentOS-8-x86_64-1905'
-	HostImageNameKey = attribute.Key("host.image.name")
+	// Stability: experimental
+	// Examples: 'opentelemetry'
+	K8SDeploymentNameKey = attribute.Key("k8s.deployment.name")
 
-	// HostImageIDKey is the attribute Key conforming to the "host.image.id"
-	// semantic conventions. It represents the vM image ID or host OS image ID.
-	// For Cloud, this value is from the provider.
+	// K8SDeploymentUIDKey is the attribute Key conforming to the
+	// "k8s.deployment.uid" semantic conventions. It represents the UID of the
+	// Deployment.
 	//
 	// Type: string
 	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: 'ami-07b06b442921831e5'
-	HostImageIDKey = attribute.Key("host.image.id")
+	// Stability: experimental
+	// Examples: '275ecb36-5aa8-4c2a-9c47-d8bb681b9aff'
+	K8SDeploymentUIDKey = attribute.Key("k8s.deployment.uid")
 
-	// HostImageVersionKey is the attribute Key conforming to the
-	// "host.image.version" semantic conventions. It represents the version
-	// string of the VM image or host OS as defined in [Version
-	// Attributes](README.md#version-attributes).
+	// K8SJobNameKey is the attribute Key conforming to the "k8s.job.name"
+	// semantic conventions. It represents the name of the Job.
 	//
 	// Type: string
 	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: '0.1'
-	HostImageVersionKey = attribute.Key("host.image.version")
-)
-
-var (
-	// AMD64
-	HostArchAMD64 = HostArchKey.String("amd64")
-	// ARM32
-	HostArchARM32 = HostArchKey.String("arm32")
-	// ARM64
-	HostArchARM64 = HostArchKey.String("arm64")
-	// Itanium
-	HostArchIA64 = HostArchKey.String("ia64")
-	// 32-bit PowerPC
-	HostArchPPC32 = HostArchKey.String("ppc32")
-	// 64-bit PowerPC
-	HostArchPPC64 = HostArchKey.String("ppc64")
-	// IBM z/Architecture
-	HostArchS390x = HostArchKey.String("s390x")
-	// 32-bit x86
-	HostArchX86 = HostArchKey.String("x86")
-)
-
-// HostID returns an attribute KeyValue conforming to the "host.id" semantic
-// conventions. It represents the unique host ID. For Cloud, this must be the
-// instance_id assigned by the cloud provider. For non-containerized systems,
-// this should be the `machine-id`. See the table below for the sources to use
-// to determine the `machine-id` based on operating system.
-func HostID(val string) attribute.KeyValue {
-	return HostIDKey.String(val)
-}
-
-// HostName returns an attribute KeyValue conforming to the "host.name"
-// semantic conventions. It represents the name of the host. On Unix systems,
-// it may contain what the hostname command returns, or the fully qualified
-// hostname, or another name specified by the user.
-func HostName(val string) attribute.KeyValue {
-	return HostNameKey.String(val)
-}
-
-// HostType returns an attribute KeyValue conforming to the "host.type"
-// semantic conventions. It represents the type of host. For Cloud, this must
-// be the machine type.
-func HostType(val string) attribute.KeyValue {
-	return HostTypeKey.String(val)
-}
-
-// HostImageName returns an attribute KeyValue conforming to the
-// "host.image.name" semantic conventions. It represents the name of the VM
-// image or OS install the host was instantiated from.
-func HostImageName(val string) attribute.KeyValue {
-	return HostImageNameKey.String(val)
-}
-
-// HostImageID returns an attribute KeyValue conforming to the
-// "host.image.id" semantic conventions. It represents the vM image ID or host
-// OS image ID. For Cloud, this value is from the provider.
-func HostImageID(val string) attribute.KeyValue {
-	return HostImageIDKey.String(val)
-}
-
-// HostImageVersion returns an attribute KeyValue conforming to the
-// "host.image.version" semantic conventions. It represents the version string
-// of the VM image or host OS as defined in [Version
-// Attributes](README.md#version-attributes).
-func HostImageVersion(val string) attribute.KeyValue {
-	return HostImageVersionKey.String(val)
-}
+	// Stability: experimental
+	// Examples: 'opentelemetry'
+	K8SJobNameKey = attribute.Key("k8s.job.name")
 
-// A Kubernetes Cluster.
-const (
-	// K8SClusterNameKey is the attribute Key conforming to the
-	// "k8s.cluster.name" semantic conventions. It represents the name of the
-	// cluster.
+	// K8SJobUIDKey is the attribute Key conforming to the "k8s.job.uid"
+	// semantic conventions. It represents the UID of the Job.
 	//
 	// Type: string
 	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: 'opentelemetry-cluster'
-	K8SClusterNameKey = attribute.Key("k8s.cluster.name")
+	// Stability: experimental
+	// Examples: '275ecb36-5aa8-4c2a-9c47-d8bb681b9aff'
+	K8SJobUIDKey = attribute.Key("k8s.job.uid")
 
-	// K8SClusterUIDKey is the attribute Key conforming to the
-	// "k8s.cluster.uid" semantic conventions. It represents a pseudo-ID for
-	// the cluster, set to the UID of the `kube-system` namespace.
+	// K8SNamespaceNameKey is the attribute Key conforming to the
+	// "k8s.namespace.name" semantic conventions. It represents the name of the
+	// namespace that the pod is running in.
 	//
 	// Type: string
 	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: '218fc5a9-a5f1-4b54-aa05-46717d0ab26d'
-	// Note: K8S does not have support for obtaining a cluster ID. If this is
-	// ever
-	// added, we will recommend collecting the `k8s.cluster.uid` through the
-	// official APIs. In the meantime, we are able to use the `uid` of the
-	// `kube-system` namespace as a proxy for cluster ID. Read on for the
-	// rationale.
-	//
-	// Every object created in a K8S cluster is assigned a distinct UID. The
-	// `kube-system` namespace is used by Kubernetes itself and will exist
-	// for the lifetime of the cluster. Using the `uid` of the `kube-system`
-	// namespace is a reasonable proxy for the K8S ClusterID as it will only
-	// change if the cluster is rebuilt. Furthermore, Kubernetes UIDs are
-	// UUIDs as standardized by
-	// [ISO/IEC 9834-8 and ITU-T
-	// X.667](https://www.itu.int/ITU-T/studygroups/com17/oid.html).
-	// Which states:
-	//
-	// > If generated according to one of the mechanisms defined in Rec.
-	//   ITU-T X.667 | ISO/IEC 9834-8, a UUID is either guaranteed to be
-	//   different from all other UUIDs generated before 3603 A.D., or is
-	//   extremely likely to be different (depending on the mechanism chosen).
-	//
-	// Therefore, UIDs between clusters should be extremely unlikely to
-	// conflict.
-	K8SClusterUIDKey = attribute.Key("k8s.cluster.uid")
-)
-
-// K8SClusterName returns an attribute KeyValue conforming to the
-// "k8s.cluster.name" semantic conventions. It represents the name of the
-// cluster.
-func K8SClusterName(val string) attribute.KeyValue {
-	return K8SClusterNameKey.String(val)
-}
-
-// K8SClusterUID returns an attribute KeyValue conforming to the
-// "k8s.cluster.uid" semantic conventions. It represents a pseudo-ID for the
-// cluster, set to the UID of the `kube-system` namespace.
-func K8SClusterUID(val string) attribute.KeyValue {
-	return K8SClusterUIDKey.String(val)
-}
+	// Stability: experimental
+	// Examples: 'default'
+	K8SNamespaceNameKey = attribute.Key("k8s.namespace.name")
 
-// A Kubernetes Node object.
-const (
 	// K8SNodeNameKey is the attribute Key conforming to the "k8s.node.name"
 	// semantic conventions. It represents the name of the Node.
 	//
 	// Type: string
 	// RequirementLevel: Optional
-	// Stability: stable
+	// Stability: experimental
 	// Examples: 'node-1'
 	K8SNodeNameKey = attribute.Key("k8s.node.name")
 
@@ -1317,103 +999,83 @@ const (
 	//
 	// Type: string
 	// RequirementLevel: Optional
-	// Stability: stable
+	// Stability: experimental
 	// Examples: '1eb3a0c6-0477-4080-a9cb-0cb7db65c6a2'
 	K8SNodeUIDKey = attribute.Key("k8s.node.uid")
-)
-
-// K8SNodeName returns an attribute KeyValue conforming to the
-// "k8s.node.name" semantic conventions. It represents the name of the Node.
-func K8SNodeName(val string) attribute.KeyValue {
-	return K8SNodeNameKey.String(val)
-}
 
-// K8SNodeUID returns an attribute KeyValue conforming to the "k8s.node.uid"
-// semantic conventions. It represents the UID of the Node.
-func K8SNodeUID(val string) attribute.KeyValue {
-	return K8SNodeUIDKey.String(val)
-}
-
-// A Kubernetes Namespace.
-const (
-	// K8SNamespaceNameKey is the attribute Key conforming to the
-	// "k8s.namespace.name" semantic conventions. It represents the name of the
-	// namespace that the pod is running in.
+	// K8SPodNameKey is the attribute Key conforming to the "k8s.pod.name"
+	// semantic conventions. It represents the name of the Pod.
 	//
 	// Type: string
 	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: 'default'
-	K8SNamespaceNameKey = attribute.Key("k8s.namespace.name")
-)
-
-// K8SNamespaceName returns an attribute KeyValue conforming to the
-// "k8s.namespace.name" semantic conventions. It represents the name of the
-// namespace that the pod is running in.
-func K8SNamespaceName(val string) attribute.KeyValue {
-	return K8SNamespaceNameKey.String(val)
-}
+	// Stability: experimental
+	// Examples: 'opentelemetry-pod-autoconf'
+	K8SPodNameKey = attribute.Key("k8s.pod.name")
 
-// A Kubernetes Pod object.
-const (
 	// K8SPodUIDKey is the attribute Key conforming to the "k8s.pod.uid"
 	// semantic conventions. It represents the UID of the Pod.
 	//
 	// Type: string
 	// RequirementLevel: Optional
-	// Stability: stable
+	// Stability: experimental
 	// Examples: '275ecb36-5aa8-4c2a-9c47-d8bb681b9aff'
 	K8SPodUIDKey = attribute.Key("k8s.pod.uid")
 
-	// K8SPodNameKey is the attribute Key conforming to the "k8s.pod.name"
-	// semantic conventions. It represents the name of the Pod.
+	// K8SReplicaSetNameKey is the attribute Key conforming to the
+	// "k8s.replicaset.name" semantic conventions. It represents the name of
+	// the ReplicaSet.
 	//
 	// Type: string
 	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: 'opentelemetry-pod-autoconf'
-	K8SPodNameKey = attribute.Key("k8s.pod.name")
-)
-
-// K8SPodUID returns an attribute KeyValue conforming to the "k8s.pod.uid"
-// semantic conventions. It represents the UID of the Pod.
-func K8SPodUID(val string) attribute.KeyValue {
-	return K8SPodUIDKey.String(val)
-}
+	// Stability: experimental
+	// Examples: 'opentelemetry'
+	K8SReplicaSetNameKey = attribute.Key("k8s.replicaset.name")
 
-// K8SPodName returns an attribute KeyValue conforming to the "k8s.pod.name"
-// semantic conventions. It represents the name of the Pod.
-func K8SPodName(val string) attribute.KeyValue {
-	return K8SPodNameKey.String(val)
-}
+	// K8SReplicaSetUIDKey is the attribute Key conforming to the
+	// "k8s.replicaset.uid" semantic conventions. It represents the UID of the
+	// ReplicaSet.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: '275ecb36-5aa8-4c2a-9c47-d8bb681b9aff'
+	K8SReplicaSetUIDKey = attribute.Key("k8s.replicaset.uid")
 
-// A container in a
-// [PodTemplate](https://kubernetes.io/docs/concepts/workloads/pods/#pod-templates).
-const (
-	// K8SContainerNameKey is the attribute Key conforming to the
-	// "k8s.container.name" semantic conventions. It represents the name of the
-	// Container from Pod specification, must be unique within a Pod. Container
-	// runtime usually uses different globally unique name (`container.name`).
+	// K8SStatefulSetNameKey is the attribute Key conforming to the
+	// "k8s.statefulset.name" semantic conventions. It represents the name of
+	// the StatefulSet.
 	//
 	// Type: string
 	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: 'redis'
-	K8SContainerNameKey = attribute.Key("k8s.container.name")
+	// Stability: experimental
+	// Examples: 'opentelemetry'
+	K8SStatefulSetNameKey = attribute.Key("k8s.statefulset.name")
 
-	// K8SContainerRestartCountKey is the attribute Key conforming to the
-	// "k8s.container.restart_count" semantic conventions. It represents the
-	// number of times the container was restarted. This attribute can be used
-	// to identify a particular container (running or stopped) within a
-	// container spec.
+	// K8SStatefulSetUIDKey is the attribute Key conforming to the
+	// "k8s.statefulset.uid" semantic conventions. It represents the UID of the
+	// StatefulSet.
 	//
-	// Type: int
+	// Type: string
 	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: 0, 2
-	K8SContainerRestartCountKey = attribute.Key("k8s.container.restart_count")
+	// Stability: experimental
+	// Examples: '275ecb36-5aa8-4c2a-9c47-d8bb681b9aff'
+	K8SStatefulSetUIDKey = attribute.Key("k8s.statefulset.uid")
 )
 
+// K8SClusterName returns an attribute KeyValue conforming to the
+// "k8s.cluster.name" semantic conventions. It represents the name of the
+// cluster.
+func K8SClusterName(val string) attribute.KeyValue {
+	return K8SClusterNameKey.String(val)
+}
+
+// K8SClusterUID returns an attribute KeyValue conforming to the
+// "k8s.cluster.uid" semantic conventions. It represents a pseudo-ID for the
+// cluster, set to the UID of the `kube-system` namespace.
+func K8SClusterUID(val string) attribute.KeyValue {
+	return K8SClusterUIDKey.String(val)
+}
+
 // K8SContainerName returns an attribute KeyValue conforming to the
 // "k8s.container.name" semantic conventions. It represents the name of the
 // Container from Pod specification, must be unique within a Pod. Container
@@ -1430,65 +1092,40 @@ func K8SContainerRestartCount(val int) attribute.KeyValue {
 	return K8SContainerRestartCountKey.Int(val)
 }
 
-// A Kubernetes ReplicaSet object.
-const (
-	// K8SReplicaSetUIDKey is the attribute Key conforming to the
-	// "k8s.replicaset.uid" semantic conventions. It represents the UID of the
-	// ReplicaSet.
-	//
-	// Type: string
-	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: '275ecb36-5aa8-4c2a-9c47-d8bb681b9aff'
-	K8SReplicaSetUIDKey = attribute.Key("k8s.replicaset.uid")
-
-	// K8SReplicaSetNameKey is the attribute Key conforming to the
-	// "k8s.replicaset.name" semantic conventions. It represents the name of
-	// the ReplicaSet.
-	//
-	// Type: string
-	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: 'opentelemetry'
-	K8SReplicaSetNameKey = attribute.Key("k8s.replicaset.name")
-)
+// K8SCronJobName returns an attribute KeyValue conforming to the
+// "k8s.cronjob.name" semantic conventions. It represents the name of the
+// CronJob.
+func K8SCronJobName(val string) attribute.KeyValue {
+	return K8SCronJobNameKey.String(val)
+}
 
-// K8SReplicaSetUID returns an attribute KeyValue conforming to the
-// "k8s.replicaset.uid" semantic conventions. It represents the UID of the
-// ReplicaSet.
-func K8SReplicaSetUID(val string) attribute.KeyValue {
-	return K8SReplicaSetUIDKey.String(val)
+// K8SCronJobUID returns an attribute KeyValue conforming to the
+// "k8s.cronjob.uid" semantic conventions. It represents the UID of the
+// CronJob.
+func K8SCronJobUID(val string) attribute.KeyValue {
+	return K8SCronJobUIDKey.String(val)
 }
 
-// K8SReplicaSetName returns an attribute KeyValue conforming to the
-// "k8s.replicaset.name" semantic conventions. It represents the name of the
-// ReplicaSet.
-func K8SReplicaSetName(val string) attribute.KeyValue {
-	return K8SReplicaSetNameKey.String(val)
+// K8SDaemonSetName returns an attribute KeyValue conforming to the
+// "k8s.daemonset.name" semantic conventions. It represents the name of the
+// DaemonSet.
+func K8SDaemonSetName(val string) attribute.KeyValue {
+	return K8SDaemonSetNameKey.String(val)
 }
 
-// A Kubernetes Deployment object.
-const (
-	// K8SDeploymentUIDKey is the attribute Key conforming to the
-	// "k8s.deployment.uid" semantic conventions. It represents the UID of the
-	// Deployment.
-	//
-	// Type: string
-	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: '275ecb36-5aa8-4c2a-9c47-d8bb681b9aff'
-	K8SDeploymentUIDKey = attribute.Key("k8s.deployment.uid")
+// K8SDaemonSetUID returns an attribute KeyValue conforming to the
+// "k8s.daemonset.uid" semantic conventions. It represents the UID of the
+// DaemonSet.
+func K8SDaemonSetUID(val string) attribute.KeyValue {
+	return K8SDaemonSetUIDKey.String(val)
+}
 
-	// K8SDeploymentNameKey is the attribute Key conforming to the
-	// "k8s.deployment.name" semantic conventions. It represents the name of
-	// the Deployment.
-	//
-	// Type: string
-	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: 'opentelemetry'
-	K8SDeploymentNameKey = attribute.Key("k8s.deployment.name")
-)
+// K8SDeploymentName returns an attribute KeyValue conforming to the
+// "k8s.deployment.name" semantic conventions. It represents the name of the
+// Deployment.
+func K8SDeploymentName(val string) attribute.KeyValue {
+	return K8SDeploymentNameKey.String(val)
+}
 
 // K8SDeploymentUID returns an attribute KeyValue conforming to the
 // "k8s.deployment.uid" semantic conventions. It represents the UID of the
@@ -1497,41 +1134,61 @@ func K8SDeploymentUID(val string) attribute.KeyValue {
 	return K8SDeploymentUIDKey.String(val)
 }
 
-// K8SDeploymentName returns an attribute KeyValue conforming to the
-// "k8s.deployment.name" semantic conventions. It represents the name of the
-// Deployment.
-func K8SDeploymentName(val string) attribute.KeyValue {
-	return K8SDeploymentNameKey.String(val)
+// K8SJobName returns an attribute KeyValue conforming to the "k8s.job.name"
+// semantic conventions. It represents the name of the Job.
+func K8SJobName(val string) attribute.KeyValue {
+	return K8SJobNameKey.String(val)
 }
 
-// A Kubernetes StatefulSet object.
-const (
-	// K8SStatefulSetUIDKey is the attribute Key conforming to the
-	// "k8s.statefulset.uid" semantic conventions. It represents the UID of the
-	// StatefulSet.
-	//
-	// Type: string
-	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: '275ecb36-5aa8-4c2a-9c47-d8bb681b9aff'
-	K8SStatefulSetUIDKey = attribute.Key("k8s.statefulset.uid")
+// K8SJobUID returns an attribute KeyValue conforming to the "k8s.job.uid"
+// semantic conventions. It represents the UID of the Job.
+func K8SJobUID(val string) attribute.KeyValue {
+	return K8SJobUIDKey.String(val)
+}
 
-	// K8SStatefulSetNameKey is the attribute Key conforming to the
-	// "k8s.statefulset.name" semantic conventions. It represents the name of
-	// the StatefulSet.
-	//
-	// Type: string
-	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: 'opentelemetry'
-	K8SStatefulSetNameKey = attribute.Key("k8s.statefulset.name")
-)
+// K8SNamespaceName returns an attribute KeyValue conforming to the
+// "k8s.namespace.name" semantic conventions. It represents the name of the
+// namespace that the pod is running in.
+func K8SNamespaceName(val string) attribute.KeyValue {
+	return K8SNamespaceNameKey.String(val)
+}
 
-// K8SStatefulSetUID returns an attribute KeyValue conforming to the
-// "k8s.statefulset.uid" semantic conventions. It represents the UID of the
-// StatefulSet.
-func K8SStatefulSetUID(val string) attribute.KeyValue {
-	return K8SStatefulSetUIDKey.String(val)
+// K8SNodeName returns an attribute KeyValue conforming to the
+// "k8s.node.name" semantic conventions. It represents the name of the Node.
+func K8SNodeName(val string) attribute.KeyValue {
+	return K8SNodeNameKey.String(val)
+}
+
+// K8SNodeUID returns an attribute KeyValue conforming to the "k8s.node.uid"
+// semantic conventions. It represents the UID of the Node.
+func K8SNodeUID(val string) attribute.KeyValue {
+	return K8SNodeUIDKey.String(val)
+}
+
+// K8SPodName returns an attribute KeyValue conforming to the "k8s.pod.name"
+// semantic conventions. It represents the name of the Pod.
+func K8SPodName(val string) attribute.KeyValue {
+	return K8SPodNameKey.String(val)
+}
+
+// K8SPodUID returns an attribute KeyValue conforming to the "k8s.pod.uid"
+// semantic conventions. It represents the UID of the Pod.
+func K8SPodUID(val string) attribute.KeyValue {
+	return K8SPodUIDKey.String(val)
+}
+
+// K8SReplicaSetName returns an attribute KeyValue conforming to the
+// "k8s.replicaset.name" semantic conventions. It represents the name of the
+// ReplicaSet.
+func K8SReplicaSetName(val string) attribute.KeyValue {
+	return K8SReplicaSetNameKey.String(val)
+}
+
+// K8SReplicaSetUID returns an attribute KeyValue conforming to the
+// "k8s.replicaset.uid" semantic conventions. It represents the UID of the
+// ReplicaSet.
+func K8SReplicaSetUID(val string) attribute.KeyValue {
+	return K8SReplicaSetUIDKey.String(val)
 }
 
 // K8SStatefulSetName returns an attribute KeyValue conforming to the
@@ -1541,123 +1198,54 @@ func K8SStatefulSetName(val string) attribute.KeyValue {
 	return K8SStatefulSetNameKey.String(val)
 }
 
-// A Kubernetes DaemonSet object.
+// K8SStatefulSetUID returns an attribute KeyValue conforming to the
+// "k8s.statefulset.uid" semantic conventions. It represents the UID of the
+// StatefulSet.
+func K8SStatefulSetUID(val string) attribute.KeyValue {
+	return K8SStatefulSetUIDKey.String(val)
+}
+
+// An OCI image manifest.
 const (
-	// K8SDaemonSetUIDKey is the attribute Key conforming to the
-	// "k8s.daemonset.uid" semantic conventions. It represents the UID of the
-	// DaemonSet.
+	// OciManifestDigestKey is the attribute Key conforming to the
+	// "oci.manifest.digest" semantic conventions. It represents the digest of
+	// the OCI image manifest. For container images specifically is the digest
+	// by which the container image is known.
 	//
 	// Type: string
 	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: '275ecb36-5aa8-4c2a-9c47-d8bb681b9aff'
-	K8SDaemonSetUIDKey = attribute.Key("k8s.daemonset.uid")
-
-	// K8SDaemonSetNameKey is the attribute Key conforming to the
-	// "k8s.daemonset.name" semantic conventions. It represents the name of the
-	// DaemonSet.
-	//
-	// Type: string
-	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: 'opentelemetry'
-	K8SDaemonSetNameKey = attribute.Key("k8s.daemonset.name")
-)
-
-// K8SDaemonSetUID returns an attribute KeyValue conforming to the
-// "k8s.daemonset.uid" semantic conventions. It represents the UID of the
-// DaemonSet.
-func K8SDaemonSetUID(val string) attribute.KeyValue {
-	return K8SDaemonSetUIDKey.String(val)
-}
-
-// K8SDaemonSetName returns an attribute KeyValue conforming to the
-// "k8s.daemonset.name" semantic conventions. It represents the name of the
-// DaemonSet.
-func K8SDaemonSetName(val string) attribute.KeyValue {
-	return K8SDaemonSetNameKey.String(val)
-}
-
-// A Kubernetes Job object.
-const (
-	// K8SJobUIDKey is the attribute Key conforming to the "k8s.job.uid"
-	// semantic conventions. It represents the UID of the Job.
-	//
-	// Type: string
-	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: '275ecb36-5aa8-4c2a-9c47-d8bb681b9aff'
-	K8SJobUIDKey = attribute.Key("k8s.job.uid")
-
-	// K8SJobNameKey is the attribute Key conforming to the "k8s.job.name"
-	// semantic conventions. It represents the name of the Job.
-	//
-	// Type: string
-	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: 'opentelemetry'
-	K8SJobNameKey = attribute.Key("k8s.job.name")
-)
-
-// K8SJobUID returns an attribute KeyValue conforming to the "k8s.job.uid"
-// semantic conventions. It represents the UID of the Job.
-func K8SJobUID(val string) attribute.KeyValue {
-	return K8SJobUIDKey.String(val)
-}
-
-// K8SJobName returns an attribute KeyValue conforming to the "k8s.job.name"
-// semantic conventions. It represents the name of the Job.
-func K8SJobName(val string) attribute.KeyValue {
-	return K8SJobNameKey.String(val)
-}
-
-// A Kubernetes CronJob object.
-const (
-	// K8SCronJobUIDKey is the attribute Key conforming to the
-	// "k8s.cronjob.uid" semantic conventions. It represents the UID of the
-	// CronJob.
-	//
-	// Type: string
-	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: '275ecb36-5aa8-4c2a-9c47-d8bb681b9aff'
-	K8SCronJobUIDKey = attribute.Key("k8s.cronjob.uid")
-
-	// K8SCronJobNameKey is the attribute Key conforming to the
-	// "k8s.cronjob.name" semantic conventions. It represents the name of the
-	// CronJob.
-	//
-	// Type: string
-	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: 'opentelemetry'
-	K8SCronJobNameKey = attribute.Key("k8s.cronjob.name")
+	// Stability: experimental
+	// Examples:
+	// 'sha256:e4ca62c0d62f3e886e684806dfe9d4e0cda60d54986898173c1083856cfda0f4'
+	// Note: Follows [OCI Image Manifest
+	// Specification](https://github.com/opencontainers/image-spec/blob/main/manifest.md),
+	// and specifically the [Digest
+	// property](https://github.com/opencontainers/image-spec/blob/main/descriptor.md#digests).
+	// An example can be found in [Example Image
+	// Manifest](https://docs.docker.com/registry/spec/manifest-v2-2/#example-image-manifest).
+	OciManifestDigestKey = attribute.Key("oci.manifest.digest")
 )
 
-// K8SCronJobUID returns an attribute KeyValue conforming to the
-// "k8s.cronjob.uid" semantic conventions. It represents the UID of the
-// CronJob.
-func K8SCronJobUID(val string) attribute.KeyValue {
-	return K8SCronJobUIDKey.String(val)
-}
-
-// K8SCronJobName returns an attribute KeyValue conforming to the
-// "k8s.cronjob.name" semantic conventions. It represents the name of the
-// CronJob.
-func K8SCronJobName(val string) attribute.KeyValue {
-	return K8SCronJobNameKey.String(val)
+// OciManifestDigest returns an attribute KeyValue conforming to the
+// "oci.manifest.digest" semantic conventions. It represents the digest of the
+// OCI image manifest. For container images specifically is the digest by which
+// the container image is known.
+func OciManifestDigest(val string) attribute.KeyValue {
+	return OciManifestDigestKey.String(val)
 }
 
 // The operating system (OS) on which the process represented by this resource
 // is running.
 const (
-	// OSTypeKey is the attribute Key conforming to the "os.type" semantic
-	// conventions. It represents the operating system type.
+	// OSBuildIDKey is the attribute Key conforming to the "os.build_id"
+	// semantic conventions. It represents the unique identifier for a
+	// particular build or compilation of the operating system.
 	//
-	// Type: Enum
-	// RequirementLevel: Required
-	// Stability: stable
-	OSTypeKey = attribute.Key("os.type")
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 'TQ3C.230805.001.B2', '20E247', '22621'
+	OSBuildIDKey = attribute.Key("os.build_id")
 
 	// OSDescriptionKey is the attribute Key conforming to the "os.description"
 	// semantic conventions. It represents the human readable (not intended to
@@ -1666,7 +1254,7 @@ const (
 	//
 	// Type: string
 	// RequirementLevel: Optional
-	// Stability: stable
+	// Stability: experimental
 	// Examples: 'Microsoft Windows [Version 10.0.18363.778]', 'Ubuntu 18.04.1
 	// LTS'
 	OSDescriptionKey = attribute.Key("os.description")
@@ -1676,10 +1264,18 @@ const (
 	//
 	// Type: string
 	// RequirementLevel: Optional
-	// Stability: stable
+	// Stability: experimental
 	// Examples: 'iOS', 'Android', 'Ubuntu'
 	OSNameKey = attribute.Key("os.name")
 
+	// OSTypeKey is the attribute Key conforming to the "os.type" semantic
+	// conventions. It represents the operating system type.
+	//
+	// Type: Enum
+	// RequirementLevel: Optional
+	// Stability: experimental
+	OSTypeKey = attribute.Key("os.type")
+
 	// OSVersionKey is the attribute Key conforming to the "os.version"
 	// semantic conventions. It represents the version string of the operating
 	// system as defined in [Version
@@ -1687,7 +1283,7 @@ const (
 	//
 	// Type: string
 	// RequirementLevel: Optional
-	// Stability: stable
+	// Stability: experimental
 	// Examples: '14.2.1', '18.04.1'
 	OSVersionKey = attribute.Key("os.version")
 )
@@ -1717,6 +1313,13 @@ var (
 	OSTypeZOS = OSTypeKey.String("z_os")
 )
 
+// OSBuildID returns an attribute KeyValue conforming to the "os.build_id"
+// semantic conventions. It represents the unique identifier for a particular
+// build or compilation of the operating system.
+func OSBuildID(val string) attribute.KeyValue {
+	return OSBuildIDKey.String(val)
+}
+
 // OSDescription returns an attribute KeyValue conforming to the
 // "os.description" semantic conventions. It represents the human readable (not
 // intended to be parsed) OS version information, like e.g. reported by `ver`
@@ -1741,24 +1344,44 @@ func OSVersion(val string) attribute.KeyValue {
 
 // An operating system process.
 const (
-	// ProcessPIDKey is the attribute Key conforming to the "process.pid"
-	// semantic conventions. It represents the process identifier (PID).
+	// ProcessCommandKey is the attribute Key conforming to the
+	// "process.command" semantic conventions. It represents the command used
+	// to launch the process (i.e. the command name). On Linux based systems,
+	// can be set to the zeroth string in `proc/[pid]/cmdline`. On Windows, can
+	// be set to the first parameter extracted from `GetCommandLineW`.
 	//
-	// Type: int
+	// Type: string
 	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: 1234
-	ProcessPIDKey = attribute.Key("process.pid")
+	// Stability: experimental
+	// Examples: 'cmd/otelcol'
+	ProcessCommandKey = attribute.Key("process.command")
 
-	// ProcessParentPIDKey is the attribute Key conforming to the
-	// "process.parent_pid" semantic conventions. It represents the parent
-	// Process identifier (PID).
+	// ProcessCommandArgsKey is the attribute Key conforming to the
+	// "process.command_args" semantic conventions. It represents the all the
+	// command arguments (including the command/executable itself) as received
+	// by the process. On Linux-based systems (and some other Unixoid systems
+	// supporting procfs), can be set according to the list of null-delimited
+	// strings extracted from `proc/[pid]/cmdline`. For libc-based executables,
+	// this would be the full argv vector passed to `main`.
 	//
-	// Type: int
+	// Type: string[]
 	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: 111
-	ProcessParentPIDKey = attribute.Key("process.parent_pid")
+	// Stability: experimental
+	// Examples: 'cmd/otecol', '--config=config.yaml'
+	ProcessCommandArgsKey = attribute.Key("process.command_args")
+
+	// ProcessCommandLineKey is the attribute Key conforming to the
+	// "process.command_line" semantic conventions. It represents the full
+	// command used to launch the process as a single string representing the
+	// full command. On Windows, can be set to the result of `GetCommandLineW`.
+	// Do not set this if you have to assemble it just for monitoring; use
+	// `process.command_args` instead.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 'C:\\cmd\\otecol --config="my directory\\config.yaml"'
+	ProcessCommandLineKey = attribute.Key("process.command_line")
 
 	// ProcessExecutableNameKey is the attribute Key conforming to the
 	// "process.executable.name" semantic conventions. It represents the name
@@ -1767,9 +1390,8 @@ const (
 	// of `GetProcessImageFileNameW`.
 	//
 	// Type: string
-	// RequirementLevel: ConditionallyRequired (See alternative attributes
-	// below.)
-	// Stability: stable
+	// RequirementLevel: Optional
+	// Stability: experimental
 	// Examples: 'otelcol'
 	ProcessExecutableNameKey = attribute.Key("process.executable.name")
 
@@ -1780,76 +1402,102 @@ const (
 	// `GetProcessImageFileNameW`.
 	//
 	// Type: string
-	// RequirementLevel: ConditionallyRequired (See alternative attributes
-	// below.)
-	// Stability: stable
+	// RequirementLevel: Optional
+	// Stability: experimental
 	// Examples: '/usr/bin/cmd/otelcol'
 	ProcessExecutablePathKey = attribute.Key("process.executable.path")
 
-	// ProcessCommandKey is the attribute Key conforming to the
-	// "process.command" semantic conventions. It represents the command used
-	// to launch the process (i.e. the command name). On Linux based systems,
-	// can be set to the zeroth string in `proc/[pid]/cmdline`. On Windows, can
-	// be set to the first parameter extracted from `GetCommandLineW`.
+	// ProcessOwnerKey is the attribute Key conforming to the "process.owner"
+	// semantic conventions. It represents the username of the user that owns
+	// the process.
 	//
 	// Type: string
-	// RequirementLevel: ConditionallyRequired (See alternative attributes
-	// below.)
-	// Stability: stable
-	// Examples: 'cmd/otelcol'
-	ProcessCommandKey = attribute.Key("process.command")
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 'root'
+	ProcessOwnerKey = attribute.Key("process.owner")
 
-	// ProcessCommandLineKey is the attribute Key conforming to the
-	// "process.command_line" semantic conventions. It represents the full
-	// command used to launch the process as a single string representing the
-	// full command. On Windows, can be set to the result of `GetCommandLineW`.
-	// Do not set this if you have to assemble it just for monitoring; use
-	// `process.command_args` instead.
+	// ProcessParentPIDKey is the attribute Key conforming to the
+	// "process.parent_pid" semantic conventions. It represents the parent
+	// Process identifier (PPID).
+	//
+	// Type: int
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 111
+	ProcessParentPIDKey = attribute.Key("process.parent_pid")
+
+	// ProcessPIDKey is the attribute Key conforming to the "process.pid"
+	// semantic conventions. It represents the process identifier (PID).
+	//
+	// Type: int
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 1234
+	ProcessPIDKey = attribute.Key("process.pid")
+
+	// ProcessRuntimeDescriptionKey is the attribute Key conforming to the
+	// "process.runtime.description" semantic conventions. It represents an
+	// additional description about the runtime of the process, for example a
+	// specific vendor customization of the runtime environment.
 	//
 	// Type: string
-	// RequirementLevel: ConditionallyRequired (See alternative attributes
-	// below.)
-	// Stability: stable
-	// Examples: 'C:\\cmd\\otecol --config="my directory\\config.yaml"'
-	ProcessCommandLineKey = attribute.Key("process.command_line")
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 'Eclipse OpenJ9 Eclipse OpenJ9 VM openj9-0.21.0'
+	ProcessRuntimeDescriptionKey = attribute.Key("process.runtime.description")
 
-	// ProcessCommandArgsKey is the attribute Key conforming to the
-	// "process.command_args" semantic conventions. It represents the all the
-	// command arguments (including the command/executable itself) as received
-	// by the process. On Linux-based systems (and some other Unixoid systems
-	// supporting procfs), can be set according to the list of null-delimited
-	// strings extracted from `proc/[pid]/cmdline`. For libc-based executables,
-	// this would be the full argv vector passed to `main`.
+	// ProcessRuntimeNameKey is the attribute Key conforming to the
+	// "process.runtime.name" semantic conventions. It represents the name of
+	// the runtime of this process. For compiled native binaries, this SHOULD
+	// be the name of the compiler.
 	//
-	// Type: string[]
-	// RequirementLevel: ConditionallyRequired (See alternative attributes
-	// below.)
-	// Stability: stable
-	// Examples: 'cmd/otecol', '--config=config.yaml'
-	ProcessCommandArgsKey = attribute.Key("process.command_args")
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 'OpenJDK Runtime Environment'
+	ProcessRuntimeNameKey = attribute.Key("process.runtime.name")
 
-	// ProcessOwnerKey is the attribute Key conforming to the "process.owner"
-	// semantic conventions. It represents the username of the user that owns
-	// the process.
+	// ProcessRuntimeVersionKey is the attribute Key conforming to the
+	// "process.runtime.version" semantic conventions. It represents the
+	// version of the runtime of this process, as returned by the runtime
+	// without modification.
 	//
 	// Type: string
 	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: 'root'
-	ProcessOwnerKey = attribute.Key("process.owner")
+	// Stability: experimental
+	// Examples: '14.0.2'
+	ProcessRuntimeVersionKey = attribute.Key("process.runtime.version")
 )
 
-// ProcessPID returns an attribute KeyValue conforming to the "process.pid"
-// semantic conventions. It represents the process identifier (PID).
-func ProcessPID(val int) attribute.KeyValue {
-	return ProcessPIDKey.Int(val)
+// ProcessCommand returns an attribute KeyValue conforming to the
+// "process.command" semantic conventions. It represents the command used to
+// launch the process (i.e. the command name). On Linux based systems, can be
+// set to the zeroth string in `proc/[pid]/cmdline`. On Windows, can be set to
+// the first parameter extracted from `GetCommandLineW`.
+func ProcessCommand(val string) attribute.KeyValue {
+	return ProcessCommandKey.String(val)
 }
 
-// ProcessParentPID returns an attribute KeyValue conforming to the
-// "process.parent_pid" semantic conventions. It represents the parent Process
-// identifier (PID).
-func ProcessParentPID(val int) attribute.KeyValue {
-	return ProcessParentPIDKey.Int(val)
+// ProcessCommandArgs returns an attribute KeyValue conforming to the
+// "process.command_args" semantic conventions. It represents the all the
+// command arguments (including the command/executable itself) as received by
+// the process. On Linux-based systems (and some other Unixoid systems
+// supporting procfs), can be set according to the list of null-delimited
+// strings extracted from `proc/[pid]/cmdline`. For libc-based executables,
+// this would be the full argv vector passed to `main`.
+func ProcessCommandArgs(val ...string) attribute.KeyValue {
+	return ProcessCommandArgsKey.StringSlice(val)
+}
+
+// ProcessCommandLine returns an attribute KeyValue conforming to the
+// "process.command_line" semantic conventions. It represents the full command
+// used to launch the process as a single string representing the full command.
+// On Windows, can be set to the result of `GetCommandLineW`. Do not set this
+// if you have to assemble it just for monitoring; use `process.command_args`
+// instead.
+func ProcessCommandLine(val string) attribute.KeyValue {
+	return ProcessCommandLineKey.String(val)
 }
 
 // ProcessExecutableName returns an attribute KeyValue conforming to the
@@ -1870,101 +1518,675 @@ func ProcessExecutablePath(val string) attribute.KeyValue {
 	return ProcessExecutablePathKey.String(val)
 }
 
-// ProcessCommand returns an attribute KeyValue conforming to the
-// "process.command" semantic conventions. It represents the command used to
-// launch the process (i.e. the command name). On Linux based systems, can be
-// set to the zeroth string in `proc/[pid]/cmdline`. On Windows, can be set to
-// the first parameter extracted from `GetCommandLineW`.
-func ProcessCommand(val string) attribute.KeyValue {
-	return ProcessCommandKey.String(val)
+// ProcessOwner returns an attribute KeyValue conforming to the
+// "process.owner" semantic conventions. It represents the username of the user
+// that owns the process.
+func ProcessOwner(val string) attribute.KeyValue {
+	return ProcessOwnerKey.String(val)
 }
 
-// ProcessCommandLine returns an attribute KeyValue conforming to the
-// "process.command_line" semantic conventions. It represents the full command
-// used to launch the process as a single string representing the full command.
-// On Windows, can be set to the result of `GetCommandLineW`. Do not set this
-// if you have to assemble it just for monitoring; use `process.command_args`
-// instead.
-func ProcessCommandLine(val string) attribute.KeyValue {
-	return ProcessCommandLineKey.String(val)
+// ProcessParentPID returns an attribute KeyValue conforming to the
+// "process.parent_pid" semantic conventions. It represents the parent Process
+// identifier (PPID).
+func ProcessParentPID(val int) attribute.KeyValue {
+	return ProcessParentPIDKey.Int(val)
 }
 
-// ProcessCommandArgs returns an attribute KeyValue conforming to the
-// "process.command_args" semantic conventions. It represents the all the
-// command arguments (including the command/executable itself) as received by
-// the process. On Linux-based systems (and some other Unixoid systems
-// supporting procfs), can be set according to the list of null-delimited
-// strings extracted from `proc/[pid]/cmdline`. For libc-based executables,
-// this would be the full argv vector passed to `main`.
-func ProcessCommandArgs(val ...string) attribute.KeyValue {
-	return ProcessCommandArgsKey.StringSlice(val)
+// ProcessPID returns an attribute KeyValue conforming to the "process.pid"
+// semantic conventions. It represents the process identifier (PID).
+func ProcessPID(val int) attribute.KeyValue {
+	return ProcessPIDKey.Int(val)
+}
+
+// ProcessRuntimeDescription returns an attribute KeyValue conforming to the
+// "process.runtime.description" semantic conventions. It represents an
+// additional description about the runtime of the process, for example a
+// specific vendor customization of the runtime environment.
+func ProcessRuntimeDescription(val string) attribute.KeyValue {
+	return ProcessRuntimeDescriptionKey.String(val)
+}
+
+// ProcessRuntimeName returns an attribute KeyValue conforming to the
+// "process.runtime.name" semantic conventions. It represents the name of the
+// runtime of this process. For compiled native binaries, this SHOULD be the
+// name of the compiler.
+func ProcessRuntimeName(val string) attribute.KeyValue {
+	return ProcessRuntimeNameKey.String(val)
+}
+
+// ProcessRuntimeVersion returns an attribute KeyValue conforming to the
+// "process.runtime.version" semantic conventions. It represents the version of
+// the runtime of this process, as returned by the runtime without
+// modification.
+func ProcessRuntimeVersion(val string) attribute.KeyValue {
+	return ProcessRuntimeVersionKey.String(val)
+}
+
+// The Android platform on which the Android application is running.
+const (
+	// AndroidOSAPILevelKey is the attribute Key conforming to the
+	// "android.os.api_level" semantic conventions. It represents the uniquely
+	// identifies the framework API revision offered by a version
+	// (`os.version`) of the android operating system. More information can be
+	// found
+	// [here](https://developer.android.com/guide/topics/manifest/uses-sdk-element#APILevels).
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: '33', '32'
+	AndroidOSAPILevelKey = attribute.Key("android.os.api_level")
+)
+
+// AndroidOSAPILevel returns an attribute KeyValue conforming to the
+// "android.os.api_level" semantic conventions. It represents the uniquely
+// identifies the framework API revision offered by a version (`os.version`) of
+// the android operating system. More information can be found
+// [here](https://developer.android.com/guide/topics/manifest/uses-sdk-element#APILevels).
+func AndroidOSAPILevel(val string) attribute.KeyValue {
+	return AndroidOSAPILevelKey.String(val)
+}
+
+// The web browser in which the application represented by the resource is
+// running. The `browser.*` attributes MUST be used only for resources that
+// represent applications running in a web browser (regardless of whether
+// running on a mobile or desktop device).
+const (
+	// BrowserBrandsKey is the attribute Key conforming to the "browser.brands"
+	// semantic conventions. It represents the array of brand name and version
+	// separated by a space
+	//
+	// Type: string[]
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: ' Not A;Brand 99', 'Chromium 99', 'Chrome 99'
+	// Note: This value is intended to be taken from the [UA client hints
+	// API](https://wicg.github.io/ua-client-hints/#interface)
+	// (`navigator.userAgentData.brands`).
+	BrowserBrandsKey = attribute.Key("browser.brands")
+
+	// BrowserLanguageKey is the attribute Key conforming to the
+	// "browser.language" semantic conventions. It represents the preferred
+	// language of the user using the browser
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 'en', 'en-US', 'fr', 'fr-FR'
+	// Note: This value is intended to be taken from the Navigator API
+	// `navigator.language`.
+	BrowserLanguageKey = attribute.Key("browser.language")
+
+	// BrowserMobileKey is the attribute Key conforming to the "browser.mobile"
+	// semantic conventions. It represents a boolean that is true if the
+	// browser is running on a mobile device
+	//
+	// Type: boolean
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Note: This value is intended to be taken from the [UA client hints
+	// API](https://wicg.github.io/ua-client-hints/#interface)
+	// (`navigator.userAgentData.mobile`). If unavailable, this attribute
+	// SHOULD be left unset.
+	BrowserMobileKey = attribute.Key("browser.mobile")
+
+	// BrowserPlatformKey is the attribute Key conforming to the
+	// "browser.platform" semantic conventions. It represents the platform on
+	// which the browser is running
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 'Windows', 'macOS', 'Android'
+	// Note: This value is intended to be taken from the [UA client hints
+	// API](https://wicg.github.io/ua-client-hints/#interface)
+	// (`navigator.userAgentData.platform`). If unavailable, the legacy
+	// `navigator.platform` API SHOULD NOT be used instead and this attribute
+	// SHOULD be left unset in order for the values to be consistent.
+	// The list of possible values is defined in the [W3C User-Agent Client
+	// Hints
+	// specification](https://wicg.github.io/ua-client-hints/#sec-ch-ua-platform).
+	// Note that some (but not all) of these values can overlap with values in
+	// the [`os.type` and `os.name` attributes](./os.md). However, for
+	// consistency, the values in the `browser.platform` attribute should
+	// capture the exact value that the user agent provides.
+	BrowserPlatformKey = attribute.Key("browser.platform")
+)
+
+// BrowserBrands returns an attribute KeyValue conforming to the
+// "browser.brands" semantic conventions. It represents the array of brand name
+// and version separated by a space
+func BrowserBrands(val ...string) attribute.KeyValue {
+	return BrowserBrandsKey.StringSlice(val)
+}
+
+// BrowserLanguage returns an attribute KeyValue conforming to the
+// "browser.language" semantic conventions. It represents the preferred
+// language of the user using the browser
+func BrowserLanguage(val string) attribute.KeyValue {
+	return BrowserLanguageKey.String(val)
+}
+
+// BrowserMobile returns an attribute KeyValue conforming to the
+// "browser.mobile" semantic conventions. It represents a boolean that is true
+// if the browser is running on a mobile device
+func BrowserMobile(val bool) attribute.KeyValue {
+	return BrowserMobileKey.Bool(val)
+}
+
+// BrowserPlatform returns an attribute KeyValue conforming to the
+// "browser.platform" semantic conventions. It represents the platform on which
+// the browser is running
+func BrowserPlatform(val string) attribute.KeyValue {
+	return BrowserPlatformKey.String(val)
+}
+
+// Resources used by AWS Elastic Container Service (ECS).
+const (
+	// AWSECSClusterARNKey is the attribute Key conforming to the
+	// "aws.ecs.cluster.arn" semantic conventions. It represents the ARN of an
+	// [ECS
+	// cluster](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/clusters.html).
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 'arn:aws:ecs:us-west-2:123456789123:cluster/my-cluster'
+	AWSECSClusterARNKey = attribute.Key("aws.ecs.cluster.arn")
+
+	// AWSECSContainerARNKey is the attribute Key conforming to the
+	// "aws.ecs.container.arn" semantic conventions. It represents the Amazon
+	// Resource Name (ARN) of an [ECS container
+	// instance](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ECS_instances.html).
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples:
+	// 'arn:aws:ecs:us-west-1:123456789123:container/32624152-9086-4f0e-acae-1a75b14fe4d9'
+	AWSECSContainerARNKey = attribute.Key("aws.ecs.container.arn")
+
+	// AWSECSLaunchtypeKey is the attribute Key conforming to the
+	// "aws.ecs.launchtype" semantic conventions. It represents the [launch
+	// type](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/launch_types.html)
+	// for an ECS task.
+	//
+	// Type: Enum
+	// RequirementLevel: Optional
+	// Stability: experimental
+	AWSECSLaunchtypeKey = attribute.Key("aws.ecs.launchtype")
+
+	// AWSECSTaskARNKey is the attribute Key conforming to the
+	// "aws.ecs.task.arn" semantic conventions. It represents the ARN of an
+	// [ECS task
+	// definition](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definitions.html).
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples:
+	// 'arn:aws:ecs:us-west-1:123456789123:task/10838bed-421f-43ef-870a-f43feacbbb5b'
+	AWSECSTaskARNKey = attribute.Key("aws.ecs.task.arn")
+
+	// AWSECSTaskFamilyKey is the attribute Key conforming to the
+	// "aws.ecs.task.family" semantic conventions. It represents the task
+	// definition family this task definition is a member of.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 'opentelemetry-family'
+	AWSECSTaskFamilyKey = attribute.Key("aws.ecs.task.family")
+
+	// AWSECSTaskRevisionKey is the attribute Key conforming to the
+	// "aws.ecs.task.revision" semantic conventions. It represents the revision
+	// for this task definition.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: '8', '26'
+	AWSECSTaskRevisionKey = attribute.Key("aws.ecs.task.revision")
+)
+
+var (
+	// ec2
+	AWSECSLaunchtypeEC2 = AWSECSLaunchtypeKey.String("ec2")
+	// fargate
+	AWSECSLaunchtypeFargate = AWSECSLaunchtypeKey.String("fargate")
+)
+
+// AWSECSClusterARN returns an attribute KeyValue conforming to the
+// "aws.ecs.cluster.arn" semantic conventions. It represents the ARN of an [ECS
+// cluster](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/clusters.html).
+func AWSECSClusterARN(val string) attribute.KeyValue {
+	return AWSECSClusterARNKey.String(val)
+}
+
+// AWSECSContainerARN returns an attribute KeyValue conforming to the
+// "aws.ecs.container.arn" semantic conventions. It represents the Amazon
+// Resource Name (ARN) of an [ECS container
+// instance](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ECS_instances.html).
+func AWSECSContainerARN(val string) attribute.KeyValue {
+	return AWSECSContainerARNKey.String(val)
+}
+
+// AWSECSTaskARN returns an attribute KeyValue conforming to the
+// "aws.ecs.task.arn" semantic conventions. It represents the ARN of an [ECS
+// task
+// definition](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definitions.html).
+func AWSECSTaskARN(val string) attribute.KeyValue {
+	return AWSECSTaskARNKey.String(val)
+}
+
+// AWSECSTaskFamily returns an attribute KeyValue conforming to the
+// "aws.ecs.task.family" semantic conventions. It represents the task
+// definition family this task definition is a member of.
+func AWSECSTaskFamily(val string) attribute.KeyValue {
+	return AWSECSTaskFamilyKey.String(val)
+}
+
+// AWSECSTaskRevision returns an attribute KeyValue conforming to the
+// "aws.ecs.task.revision" semantic conventions. It represents the revision for
+// this task definition.
+func AWSECSTaskRevision(val string) attribute.KeyValue {
+	return AWSECSTaskRevisionKey.String(val)
+}
+
+// Resources used by AWS Elastic Kubernetes Service (EKS).
+const (
+	// AWSEKSClusterARNKey is the attribute Key conforming to the
+	// "aws.eks.cluster.arn" semantic conventions. It represents the ARN of an
+	// EKS cluster.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 'arn:aws:ecs:us-west-2:123456789123:cluster/my-cluster'
+	AWSEKSClusterARNKey = attribute.Key("aws.eks.cluster.arn")
+)
+
+// AWSEKSClusterARN returns an attribute KeyValue conforming to the
+// "aws.eks.cluster.arn" semantic conventions. It represents the ARN of an EKS
+// cluster.
+func AWSEKSClusterARN(val string) attribute.KeyValue {
+	return AWSEKSClusterARNKey.String(val)
+}
+
+// Resources specific to Amazon Web Services.
+const (
+	// AWSLogGroupARNsKey is the attribute Key conforming to the
+	// "aws.log.group.arns" semantic conventions. It represents the Amazon
+	// Resource Name(s) (ARN) of the AWS log group(s).
+	//
+	// Type: string[]
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples:
+	// 'arn:aws:logs:us-west-1:123456789012:log-group:/aws/my/group:*'
+	// Note: See the [log group ARN format
+	// documentation](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/iam-access-control-overview-cwl.html#CWL_ARN_Format).
+	AWSLogGroupARNsKey = attribute.Key("aws.log.group.arns")
+
+	// AWSLogGroupNamesKey is the attribute Key conforming to the
+	// "aws.log.group.names" semantic conventions. It represents the name(s) of
+	// the AWS log group(s) an application is writing to.
+	//
+	// Type: string[]
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: '/aws/lambda/my-function', 'opentelemetry-service'
+	// Note: Multiple log groups must be supported for cases like
+	// multi-container applications, where a single application has sidecar
+	// containers, and each write to their own log group.
+	AWSLogGroupNamesKey = attribute.Key("aws.log.group.names")
+
+	// AWSLogStreamARNsKey is the attribute Key conforming to the
+	// "aws.log.stream.arns" semantic conventions. It represents the ARN(s) of
+	// the AWS log stream(s).
+	//
+	// Type: string[]
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples:
+	// 'arn:aws:logs:us-west-1:123456789012:log-group:/aws/my/group:log-stream:logs/main/10838bed-421f-43ef-870a-f43feacbbb5b'
+	// Note: See the [log stream ARN format
+	// documentation](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/iam-access-control-overview-cwl.html#CWL_ARN_Format).
+	// One log group can contain several log streams, so these ARNs necessarily
+	// identify both a log group and a log stream.
+	AWSLogStreamARNsKey = attribute.Key("aws.log.stream.arns")
+
+	// AWSLogStreamNamesKey is the attribute Key conforming to the
+	// "aws.log.stream.names" semantic conventions. It represents the name(s)
+	// of the AWS log stream(s) an application is writing to.
+	//
+	// Type: string[]
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 'logs/main/10838bed-421f-43ef-870a-f43feacbbb5b'
+	AWSLogStreamNamesKey = attribute.Key("aws.log.stream.names")
+)
+
+// AWSLogGroupARNs returns an attribute KeyValue conforming to the
+// "aws.log.group.arns" semantic conventions. It represents the Amazon Resource
+// Name(s) (ARN) of the AWS log group(s).
+func AWSLogGroupARNs(val ...string) attribute.KeyValue {
+	return AWSLogGroupARNsKey.StringSlice(val)
+}
+
+// AWSLogGroupNames returns an attribute KeyValue conforming to the
+// "aws.log.group.names" semantic conventions. It represents the name(s) of the
+// AWS log group(s) an application is writing to.
+func AWSLogGroupNames(val ...string) attribute.KeyValue {
+	return AWSLogGroupNamesKey.StringSlice(val)
+}
+
+// AWSLogStreamARNs returns an attribute KeyValue conforming to the
+// "aws.log.stream.arns" semantic conventions. It represents the ARN(s) of the
+// AWS log stream(s).
+func AWSLogStreamARNs(val ...string) attribute.KeyValue {
+	return AWSLogStreamARNsKey.StringSlice(val)
+}
+
+// AWSLogStreamNames returns an attribute KeyValue conforming to the
+// "aws.log.stream.names" semantic conventions. It represents the name(s) of
+// the AWS log stream(s) an application is writing to.
+func AWSLogStreamNames(val ...string) attribute.KeyValue {
+	return AWSLogStreamNamesKey.StringSlice(val)
+}
+
+// Resource used by Google Cloud Run.
+const (
+	// GCPCloudRunJobExecutionKey is the attribute Key conforming to the
+	// "gcp.cloud_run.job.execution" semantic conventions. It represents the
+	// name of the Cloud Run
+	// [execution](https://cloud.google.com/run/docs/managing/job-executions)
+	// being run for the Job, as set by the
+	// [`CLOUD_RUN_EXECUTION`](https://cloud.google.com/run/docs/container-contract#jobs-env-vars)
+	// environment variable.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 'job-name-xxxx', 'sample-job-mdw84'
+	GCPCloudRunJobExecutionKey = attribute.Key("gcp.cloud_run.job.execution")
+
+	// GCPCloudRunJobTaskIndexKey is the attribute Key conforming to the
+	// "gcp.cloud_run.job.task_index" semantic conventions. It represents the
+	// index for a task within an execution as provided by the
+	// [`CLOUD_RUN_TASK_INDEX`](https://cloud.google.com/run/docs/container-contract#jobs-env-vars)
+	// environment variable.
+	//
+	// Type: int
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 0, 1
+	GCPCloudRunJobTaskIndexKey = attribute.Key("gcp.cloud_run.job.task_index")
+)
+
+// GCPCloudRunJobExecution returns an attribute KeyValue conforming to the
+// "gcp.cloud_run.job.execution" semantic conventions. It represents the name
+// of the Cloud Run
+// [execution](https://cloud.google.com/run/docs/managing/job-executions) being
+// run for the Job, as set by the
+// [`CLOUD_RUN_EXECUTION`](https://cloud.google.com/run/docs/container-contract#jobs-env-vars)
+// environment variable.
+func GCPCloudRunJobExecution(val string) attribute.KeyValue {
+	return GCPCloudRunJobExecutionKey.String(val)
+}
+
+// GCPCloudRunJobTaskIndex returns an attribute KeyValue conforming to the
+// "gcp.cloud_run.job.task_index" semantic conventions. It represents the index
+// for a task within an execution as provided by the
+// [`CLOUD_RUN_TASK_INDEX`](https://cloud.google.com/run/docs/container-contract#jobs-env-vars)
+// environment variable.
+func GCPCloudRunJobTaskIndex(val int) attribute.KeyValue {
+	return GCPCloudRunJobTaskIndexKey.Int(val)
+}
+
+// Resources used by Google Compute Engine (GCE).
+const (
+	// GCPGceInstanceHostnameKey is the attribute Key conforming to the
+	// "gcp.gce.instance.hostname" semantic conventions. It represents the
+	// hostname of a GCE instance. This is the full value of the default or
+	// [custom
+	// hostname](https://cloud.google.com/compute/docs/instances/custom-hostname-vm).
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 'my-host1234.example.com',
+	// 'sample-vm.us-west1-b.c.my-project.internal'
+	GCPGceInstanceHostnameKey = attribute.Key("gcp.gce.instance.hostname")
+
+	// GCPGceInstanceNameKey is the attribute Key conforming to the
+	// "gcp.gce.instance.name" semantic conventions. It represents the instance
+	// name of a GCE instance. This is the value provided by `host.name`, the
+	// visible name of the instance in the Cloud Console UI, and the prefix for
+	// the default hostname of the instance as defined by the [default internal
+	// DNS
+	// name](https://cloud.google.com/compute/docs/internal-dns#instance-fully-qualified-domain-names).
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 'instance-1', 'my-vm-name'
+	GCPGceInstanceNameKey = attribute.Key("gcp.gce.instance.name")
+)
+
+// GCPGceInstanceHostname returns an attribute KeyValue conforming to the
+// "gcp.gce.instance.hostname" semantic conventions. It represents the hostname
+// of a GCE instance. This is the full value of the default or [custom
+// hostname](https://cloud.google.com/compute/docs/instances/custom-hostname-vm).
+func GCPGceInstanceHostname(val string) attribute.KeyValue {
+	return GCPGceInstanceHostnameKey.String(val)
+}
+
+// GCPGceInstanceName returns an attribute KeyValue conforming to the
+// "gcp.gce.instance.name" semantic conventions. It represents the instance
+// name of a GCE instance. This is the value provided by `host.name`, the
+// visible name of the instance in the Cloud Console UI, and the prefix for the
+// default hostname of the instance as defined by the [default internal DNS
+// name](https://cloud.google.com/compute/docs/internal-dns#instance-fully-qualified-domain-names).
+func GCPGceInstanceName(val string) attribute.KeyValue {
+	return GCPGceInstanceNameKey.String(val)
+}
+
+// Heroku dyno metadata
+const (
+	// HerokuAppIDKey is the attribute Key conforming to the "heroku.app.id"
+	// semantic conventions. It represents the unique identifier for the
+	// application
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: '2daa2797-e42b-4624-9322-ec3f968df4da'
+	HerokuAppIDKey = attribute.Key("heroku.app.id")
+
+	// HerokuReleaseCommitKey is the attribute Key conforming to the
+	// "heroku.release.commit" semantic conventions. It represents the commit
+	// hash for the current release
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 'e6134959463efd8966b20e75b913cafe3f5ec'
+	HerokuReleaseCommitKey = attribute.Key("heroku.release.commit")
+
+	// HerokuReleaseCreationTimestampKey is the attribute Key conforming to the
+	// "heroku.release.creation_timestamp" semantic conventions. It represents
+	// the time and date the release was created
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: '2022-10-23T18:00:42Z'
+	HerokuReleaseCreationTimestampKey = attribute.Key("heroku.release.creation_timestamp")
+)
+
+// HerokuAppID returns an attribute KeyValue conforming to the
+// "heroku.app.id" semantic conventions. It represents the unique identifier
+// for the application
+func HerokuAppID(val string) attribute.KeyValue {
+	return HerokuAppIDKey.String(val)
+}
+
+// HerokuReleaseCommit returns an attribute KeyValue conforming to the
+// "heroku.release.commit" semantic conventions. It represents the commit hash
+// for the current release
+func HerokuReleaseCommit(val string) attribute.KeyValue {
+	return HerokuReleaseCommitKey.String(val)
+}
+
+// HerokuReleaseCreationTimestamp returns an attribute KeyValue conforming
+// to the "heroku.release.creation_timestamp" semantic conventions. It
+// represents the time and date the release was created
+func HerokuReleaseCreationTimestamp(val string) attribute.KeyValue {
+	return HerokuReleaseCreationTimestampKey.String(val)
 }
 
-// ProcessOwner returns an attribute KeyValue conforming to the
-// "process.owner" semantic conventions. It represents the username of the user
-// that owns the process.
-func ProcessOwner(val string) attribute.KeyValue {
-	return ProcessOwnerKey.String(val)
+// The software deployment.
+const (
+	// DeploymentEnvironmentKey is the attribute Key conforming to the
+	// "deployment.environment" semantic conventions. It represents the name of
+	// the [deployment
+	// environment](https://wikipedia.org/wiki/Deployment_environment) (aka
+	// deployment tier).
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 'staging', 'production'
+	// Note: `deployment.environment` does not affect the uniqueness
+	// constraints defined through
+	// the `service.namespace`, `service.name` and `service.instance.id`
+	// resource attributes.
+	// This implies that resources carrying the following attribute
+	// combinations MUST be
+	// considered to be identifying the same service:
+	//
+	// * `service.name=frontend`, `deployment.environment=production`
+	// * `service.name=frontend`, `deployment.environment=staging`.
+	DeploymentEnvironmentKey = attribute.Key("deployment.environment")
+)
+
+// DeploymentEnvironment returns an attribute KeyValue conforming to the
+// "deployment.environment" semantic conventions. It represents the name of the
+// [deployment environment](https://wikipedia.org/wiki/Deployment_environment)
+// (aka deployment tier).
+func DeploymentEnvironment(val string) attribute.KeyValue {
+	return DeploymentEnvironmentKey.String(val)
 }
 
-// The single (language) runtime instance which is monitored.
+// A serverless instance.
 const (
-	// ProcessRuntimeNameKey is the attribute Key conforming to the
-	// "process.runtime.name" semantic conventions. It represents the name of
-	// the runtime of this process. For compiled native binaries, this SHOULD
-	// be the name of the compiler.
+	// FaaSInstanceKey is the attribute Key conforming to the "faas.instance"
+	// semantic conventions. It represents the execution environment ID as a
+	// string, that will be potentially reused for other invocations to the
+	// same function/function version.
 	//
 	// Type: string
 	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: 'OpenJDK Runtime Environment'
-	ProcessRuntimeNameKey = attribute.Key("process.runtime.name")
+	// Stability: experimental
+	// Examples: '2021/06/28/[$LATEST]2f399eb14537447da05ab2a2e39309de'
+	// Note: * **AWS Lambda:** Use the (full) log stream name.
+	FaaSInstanceKey = attribute.Key("faas.instance")
 
-	// ProcessRuntimeVersionKey is the attribute Key conforming to the
-	// "process.runtime.version" semantic conventions. It represents the
-	// version of the runtime of this process, as returned by the runtime
-	// without modification.
+	// FaaSMaxMemoryKey is the attribute Key conforming to the
+	// "faas.max_memory" semantic conventions. It represents the amount of
+	// memory available to the serverless function converted to Bytes.
 	//
-	// Type: string
+	// Type: int
 	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: '14.0.2'
-	ProcessRuntimeVersionKey = attribute.Key("process.runtime.version")
+	// Stability: experimental
+	// Examples: 134217728
+	// Note: It's recommended to set this attribute since e.g. too little
+	// memory can easily stop a Java AWS Lambda function from working
+	// correctly. On AWS Lambda, the environment variable
+	// `AWS_LAMBDA_FUNCTION_MEMORY_SIZE` provides this information (which must
+	// be multiplied by 1,048,576).
+	FaaSMaxMemoryKey = attribute.Key("faas.max_memory")
 
-	// ProcessRuntimeDescriptionKey is the attribute Key conforming to the
-	// "process.runtime.description" semantic conventions. It represents an
-	// additional description about the runtime of the process, for example a
-	// specific vendor customization of the runtime environment.
+	// FaaSNameKey is the attribute Key conforming to the "faas.name" semantic
+	// conventions. It represents the name of the single function that this
+	// runtime instance executes.
+	//
+	// Type: string
+	// RequirementLevel: Required
+	// Stability: experimental
+	// Examples: 'my-function', 'myazurefunctionapp/some-function-name'
+	// Note: This is the name of the function as configured/deployed on the
+	// FaaS
+	// platform and is usually different from the name of the callback
+	// function (which may be stored in the
+	// [`code.namespace`/`code.function`](/docs/general/attributes.md#source-code-attributes)
+	// span attributes).
+	//
+	// For some cloud providers, the above definition is ambiguous. The
+	// following
+	// definition of function name MUST be used for this attribute
+	// (and consequently the span name) for the listed cloud
+	// providers/products:
+	//
+	// * **Azure:**  The full name `<FUNCAPP>/<FUNC>`, i.e., function app name
+	//   followed by a forward slash followed by the function name (this form
+	//   can also be seen in the resource JSON for the function).
+	//   This means that a span attribute MUST be used, as an Azure function
+	//   app can host multiple functions that would usually share
+	//   a TracerProvider (see also the `cloud.resource_id` attribute).
+	FaaSNameKey = attribute.Key("faas.name")
+
+	// FaaSVersionKey is the attribute Key conforming to the "faas.version"
+	// semantic conventions. It represents the immutable version of the
+	// function being executed.
 	//
 	// Type: string
 	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: 'Eclipse OpenJ9 Eclipse OpenJ9 VM openj9-0.21.0'
-	ProcessRuntimeDescriptionKey = attribute.Key("process.runtime.description")
+	// Stability: experimental
+	// Examples: '26', 'pinkfroid-00002'
+	// Note: Depending on the cloud provider and platform, use:
+	//
+	// * **AWS Lambda:** The [function
+	// version](https://docs.aws.amazon.com/lambda/latest/dg/configuration-versions.html)
+	//   (an integer represented as a decimal string).
+	// * **Google Cloud Run (Services):** The
+	// [revision](https://cloud.google.com/run/docs/managing/revisions)
+	//   (i.e., the function name plus the revision suffix).
+	// * **Google Cloud Functions:** The value of the
+	//   [`K_REVISION` environment
+	// variable](https://cloud.google.com/functions/docs/env-var#runtime_environment_variables_set_automatically).
+	// * **Azure Functions:** Not applicable. Do not set this attribute.
+	FaaSVersionKey = attribute.Key("faas.version")
 )
 
-// ProcessRuntimeName returns an attribute KeyValue conforming to the
-// "process.runtime.name" semantic conventions. It represents the name of the
-// runtime of this process. For compiled native binaries, this SHOULD be the
-// name of the compiler.
-func ProcessRuntimeName(val string) attribute.KeyValue {
-	return ProcessRuntimeNameKey.String(val)
+// FaaSInstance returns an attribute KeyValue conforming to the
+// "faas.instance" semantic conventions. It represents the execution
+// environment ID as a string, that will be potentially reused for other
+// invocations to the same function/function version.
+func FaaSInstance(val string) attribute.KeyValue {
+	return FaaSInstanceKey.String(val)
 }
 
-// ProcessRuntimeVersion returns an attribute KeyValue conforming to the
-// "process.runtime.version" semantic conventions. It represents the version of
-// the runtime of this process, as returned by the runtime without
-// modification.
-func ProcessRuntimeVersion(val string) attribute.KeyValue {
-	return ProcessRuntimeVersionKey.String(val)
+// FaaSMaxMemory returns an attribute KeyValue conforming to the
+// "faas.max_memory" semantic conventions. It represents the amount of memory
+// available to the serverless function converted to Bytes.
+func FaaSMaxMemory(val int) attribute.KeyValue {
+	return FaaSMaxMemoryKey.Int(val)
 }
 
-// ProcessRuntimeDescription returns an attribute KeyValue conforming to the
-// "process.runtime.description" semantic conventions. It represents an
-// additional description about the runtime of the process, for example a
-// specific vendor customization of the runtime environment.
-func ProcessRuntimeDescription(val string) attribute.KeyValue {
-	return ProcessRuntimeDescriptionKey.String(val)
+// FaaSName returns an attribute KeyValue conforming to the "faas.name"
+// semantic conventions. It represents the name of the single function that
+// this runtime instance executes.
+func FaaSName(val string) attribute.KeyValue {
+	return FaaSNameKey.String(val)
+}
+
+// FaaSVersion returns an attribute KeyValue conforming to the
+// "faas.version" semantic conventions. It represents the immutable version of
+// the function being executed.
+func FaaSVersion(val string) attribute.KeyValue {
+	return FaaSVersionKey.String(val)
 }
 
 // A service instance.
@@ -1974,7 +2196,7 @@ const (
 	//
 	// Type: string
 	// RequirementLevel: Required
-	// Stability: stable
+	// Stability: experimental
 	// Examples: 'shoppingcart'
 	// Note: MUST be the same for all instances of horizontally scaled
 	// services. If the value was not specified, SDKs MUST fallback to
@@ -1991,7 +2213,7 @@ const (
 	//
 	// Type: string
 	// RequirementLevel: Optional
-	// Stability: stable
+	// Stability: experimental
 	// Examples: '2.0.0', 'a01dbef8a'
 	ServiceVersionKey = attribute.Key("service.version")
 )
@@ -2013,31 +2235,13 @@ func ServiceVersion(val string) attribute.KeyValue {
 
 // A service instance.
 const (
-	// ServiceNamespaceKey is the attribute Key conforming to the
-	// "service.namespace" semantic conventions. It represents a namespace for
-	// `service.name`.
-	//
-	// Type: string
-	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: 'Shop'
-	// Note: A string value having a meaning that helps to distinguish a group
-	// of services, for example the team name that owns a group of services.
-	// `service.name` is expected to be unique within the same namespace. If
-	// `service.namespace` is not specified in the Resource then `service.name`
-	// is expected to be unique for all services that have no explicit
-	// namespace defined (so the empty/unspecified namespace is simply one more
-	// valid namespace). Zero-length namespace string is assumed equal to
-	// unspecified namespace.
-	ServiceNamespaceKey = attribute.Key("service.namespace")
-
 	// ServiceInstanceIDKey is the attribute Key conforming to the
 	// "service.instance.id" semantic conventions. It represents the string ID
 	// of the service instance.
 	//
 	// Type: string
 	// RequirementLevel: Optional
-	// Stability: stable
+	// Stability: experimental
 	// Examples: 'my-k8s-pod-deployment-1',
 	// '627cc493-f310-47de-96bd-71410b7dec09'
 	// Note: MUST be unique for each instance of the same
@@ -2054,14 +2258,25 @@ const (
 	// RFC 4122 UUID (services aiming for reproducible UUIDs may also use
 	// Version 5, see RFC 4122 for more recommendations).
 	ServiceInstanceIDKey = attribute.Key("service.instance.id")
-)
 
-// ServiceNamespace returns an attribute KeyValue conforming to the
-// "service.namespace" semantic conventions. It represents a namespace for
-// `service.name`.
-func ServiceNamespace(val string) attribute.KeyValue {
-	return ServiceNamespaceKey.String(val)
-}
+	// ServiceNamespaceKey is the attribute Key conforming to the
+	// "service.namespace" semantic conventions. It represents a namespace for
+	// `service.name`.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 'Shop'
+	// Note: A string value having a meaning that helps to distinguish a group
+	// of services, for example the team name that owns a group of services.
+	// `service.name` is expected to be unique within the same namespace. If
+	// `service.namespace` is not specified in the Resource then `service.name`
+	// is expected to be unique for all services that have no explicit
+	// namespace defined (so the empty/unspecified namespace is simply one more
+	// valid namespace). Zero-length namespace string is assumed equal to
+	// unspecified namespace.
+	ServiceNamespaceKey = attribute.Key("service.namespace")
+)
 
 // ServiceInstanceID returns an attribute KeyValue conforming to the
 // "service.instance.id" semantic conventions. It represents the string ID of
@@ -2070,16 +2285,32 @@ func ServiceInstanceID(val string) attribute.KeyValue {
 	return ServiceInstanceIDKey.String(val)
 }
 
+// ServiceNamespace returns an attribute KeyValue conforming to the
+// "service.namespace" semantic conventions. It represents a namespace for
+// `service.name`.
+func ServiceNamespace(val string) attribute.KeyValue {
+	return ServiceNamespaceKey.String(val)
+}
+
 // The telemetry SDK used to capture data recorded by the instrumentation
 // libraries.
 const (
+	// TelemetrySDKLanguageKey is the attribute Key conforming to the
+	// "telemetry.sdk.language" semantic conventions. It represents the
+	// language of the telemetry SDK.
+	//
+	// Type: Enum
+	// RequirementLevel: Required
+	// Stability: experimental
+	TelemetrySDKLanguageKey = attribute.Key("telemetry.sdk.language")
+
 	// TelemetrySDKNameKey is the attribute Key conforming to the
 	// "telemetry.sdk.name" semantic conventions. It represents the name of the
 	// telemetry SDK as defined above.
 	//
 	// Type: string
 	// RequirementLevel: Required
-	// Stability: stable
+	// Stability: experimental
 	// Examples: 'opentelemetry'
 	// Note: The OpenTelemetry SDK MUST set the `telemetry.sdk.name` attribute
 	// to `opentelemetry`.
@@ -2094,22 +2325,13 @@ const (
 	// implementation.
 	TelemetrySDKNameKey = attribute.Key("telemetry.sdk.name")
 
-	// TelemetrySDKLanguageKey is the attribute Key conforming to the
-	// "telemetry.sdk.language" semantic conventions. It represents the
-	// language of the telemetry SDK.
-	//
-	// Type: Enum
-	// RequirementLevel: Required
-	// Stability: stable
-	TelemetrySDKLanguageKey = attribute.Key("telemetry.sdk.language")
-
 	// TelemetrySDKVersionKey is the attribute Key conforming to the
 	// "telemetry.sdk.version" semantic conventions. It represents the version
 	// string of the telemetry SDK.
 	//
 	// Type: string
 	// RequirementLevel: Required
-	// Stability: stable
+	// Stability: experimental
 	// Examples: '1.2.3'
 	TelemetrySDKVersionKey = attribute.Key("telemetry.sdk.version")
 )
@@ -2158,33 +2380,67 @@ func TelemetrySDKVersion(val string) attribute.KeyValue {
 // The telemetry SDK used to capture data recorded by the instrumentation
 // libraries.
 const (
-	// TelemetryAutoVersionKey is the attribute Key conforming to the
-	// "telemetry.auto.version" semantic conventions. It represents the version
-	// string of the auto instrumentation agent, if used.
+	// TelemetryDistroNameKey is the attribute Key conforming to the
+	// "telemetry.distro.name" semantic conventions. It represents the name of
+	// the auto instrumentation agent or distribution, if used.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 'parts-unlimited-java'
+	// Note: Official auto instrumentation agents and distributions SHOULD set
+	// the `telemetry.distro.name` attribute to
+	// a string starting with `opentelemetry-`, e.g.
+	// `opentelemetry-java-instrumentation`.
+	TelemetryDistroNameKey = attribute.Key("telemetry.distro.name")
+
+	// TelemetryDistroVersionKey is the attribute Key conforming to the
+	// "telemetry.distro.version" semantic conventions. It represents the
+	// version string of the auto instrumentation agent or distribution, if
+	// used.
 	//
 	// Type: string
 	// RequirementLevel: Optional
-	// Stability: stable
+	// Stability: experimental
 	// Examples: '1.2.3'
-	TelemetryAutoVersionKey = attribute.Key("telemetry.auto.version")
+	TelemetryDistroVersionKey = attribute.Key("telemetry.distro.version")
 )
 
-// TelemetryAutoVersion returns an attribute KeyValue conforming to the
-// "telemetry.auto.version" semantic conventions. It represents the version
-// string of the auto instrumentation agent, if used.
-func TelemetryAutoVersion(val string) attribute.KeyValue {
-	return TelemetryAutoVersionKey.String(val)
+// TelemetryDistroName returns an attribute KeyValue conforming to the
+// "telemetry.distro.name" semantic conventions. It represents the name of the
+// auto instrumentation agent or distribution, if used.
+func TelemetryDistroName(val string) attribute.KeyValue {
+	return TelemetryDistroNameKey.String(val)
+}
+
+// TelemetryDistroVersion returns an attribute KeyValue conforming to the
+// "telemetry.distro.version" semantic conventions. It represents the version
+// string of the auto instrumentation agent or distribution, if used.
+func TelemetryDistroVersion(val string) attribute.KeyValue {
+	return TelemetryDistroVersionKey.String(val)
 }
 
 // Resource describing the packaged software running the application code. Web
 // engines are typically executed using process.runtime.
 const (
+	// WebEngineDescriptionKey is the attribute Key conforming to the
+	// "webengine.description" semantic conventions. It represents the
+	// additional description of the web engine (e.g. detailed version and
+	// edition information).
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 'WildFly Full 21.0.0.Final (WildFly Core 13.0.1.Final) -
+	// 2.2.2.Final'
+	WebEngineDescriptionKey = attribute.Key("webengine.description")
+
 	// WebEngineNameKey is the attribute Key conforming to the "webengine.name"
 	// semantic conventions. It represents the name of the web engine.
 	//
 	// Type: string
 	// RequirementLevel: Required
-	// Stability: stable
+	// Stability: experimental
 	// Examples: 'WildFly'
 	WebEngineNameKey = attribute.Key("webengine.name")
 
@@ -2194,23 +2450,19 @@ const (
 	//
 	// Type: string
 	// RequirementLevel: Optional
-	// Stability: stable
+	// Stability: experimental
 	// Examples: '21.0.0'
 	WebEngineVersionKey = attribute.Key("webengine.version")
-
-	// WebEngineDescriptionKey is the attribute Key conforming to the
-	// "webengine.description" semantic conventions. It represents the
-	// additional description of the web engine (e.g. detailed version and
-	// edition information).
-	//
-	// Type: string
-	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: 'WildFly Full 21.0.0.Final (WildFly Core 13.0.1.Final) -
-	// 2.2.2.Final'
-	WebEngineDescriptionKey = attribute.Key("webengine.description")
 )
 
+// WebEngineDescription returns an attribute KeyValue conforming to the
+// "webengine.description" semantic conventions. It represents the additional
+// description of the web engine (e.g. detailed version and edition
+// information).
+func WebEngineDescription(val string) attribute.KeyValue {
+	return WebEngineDescriptionKey.String(val)
+}
+
 // WebEngineName returns an attribute KeyValue conforming to the
 // "webengine.name" semantic conventions. It represents the name of the web
 // engine.
@@ -2225,14 +2477,6 @@ func WebEngineVersion(val string) attribute.KeyValue {
 	return WebEngineVersionKey.String(val)
 }
 
-// WebEngineDescription returns an attribute KeyValue conforming to the
-// "webengine.description" semantic conventions. It represents the additional
-// description of the web engine (e.g. detailed version and edition
-// information).
-func WebEngineDescription(val string) attribute.KeyValue {
-	return WebEngineDescriptionKey.String(val)
-}
-
 // Attributes used by non-OTLP exporters to represent OpenTelemetry Scope's
 // concepts.
 const (
@@ -2242,7 +2486,7 @@ const (
 	//
 	// Type: string
 	// RequirementLevel: Optional
-	// Stability: stable
+	// Stability: experimental
 	// Examples: 'io.opentelemetry.contrib.mongodb'
 	OTelScopeNameKey = attribute.Key("otel.scope.name")
 
@@ -2252,7 +2496,7 @@ const (
 	//
 	// Type: string
 	// RequirementLevel: Optional
-	// Stability: stable
+	// Stability: experimental
 	// Examples: '1.0.0'
 	OTelScopeVersionKey = attribute.Key("otel.scope.version")
 )
@@ -2275,36 +2519,38 @@ func OTelScopeVersion(val string) attribute.KeyValue {
 // Scope's concepts.
 const (
 	// OTelLibraryNameKey is the attribute Key conforming to the
-	// "otel.library.name" semantic conventions. It represents the deprecated,
-	// use the `otel.scope.name` attribute.
+	// "otel.library.name" semantic conventions.
 	//
 	// Type: string
 	// RequirementLevel: Optional
 	// Stability: deprecated
 	// Examples: 'io.opentelemetry.contrib.mongodb'
+	// Deprecated: use the `otel.scope.name` attribute.
 	OTelLibraryNameKey = attribute.Key("otel.library.name")
 
 	// OTelLibraryVersionKey is the attribute Key conforming to the
-	// "otel.library.version" semantic conventions. It represents the
-	// deprecated, use the `otel.scope.version` attribute.
+	// "otel.library.version" semantic conventions.
 	//
 	// Type: string
 	// RequirementLevel: Optional
 	// Stability: deprecated
 	// Examples: '1.0.0'
+	// Deprecated: use the `otel.scope.version` attribute.
 	OTelLibraryVersionKey = attribute.Key("otel.library.version")
 )
 
 // OTelLibraryName returns an attribute KeyValue conforming to the
-// "otel.library.name" semantic conventions. It represents the deprecated, use
-// the `otel.scope.name` attribute.
+// "otel.library.name" semantic conventions.
+//
+// Deprecated: use the `otel.scope.name` attribute.
 func OTelLibraryName(val string) attribute.KeyValue {
 	return OTelLibraryNameKey.String(val)
 }
 
 // OTelLibraryVersion returns an attribute KeyValue conforming to the
-// "otel.library.version" semantic conventions. It represents the deprecated,
-// use the `otel.scope.version` attribute.
+// "otel.library.version" semantic conventions.
+//
+// Deprecated: use the `otel.scope.version` attribute.
 func OTelLibraryVersion(val string) attribute.KeyValue {
 	return OTelLibraryVersionKey.String(val)
 }
diff --git a/vendor/go.opentelemetry.io/otel/semconv/v1.21.0/schema.go b/vendor/go.opentelemetry.io/otel/semconv/v1.24.0/schema.go
similarity index 93%
rename from vendor/go.opentelemetry.io/otel/semconv/v1.21.0/schema.go
rename to vendor/go.opentelemetry.io/otel/semconv/v1.24.0/schema.go
index 66ffd5989f3..9733ce888a0 100644
--- a/vendor/go.opentelemetry.io/otel/semconv/v1.21.0/schema.go
+++ b/vendor/go.opentelemetry.io/otel/semconv/v1.24.0/schema.go
@@ -12,9 +12,9 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-package semconv // import "go.opentelemetry.io/otel/semconv/v1.21.0"
+package semconv // import "go.opentelemetry.io/otel/semconv/v1.24.0"
 
 // SchemaURL is the schema URL that matches the version of the semantic conventions
 // that this package defines. Semconv packages starting from v1.4.0 must declare
 // non-empty schema URL in the form https://opentelemetry.io/schemas/<version>
-const SchemaURL = "https://opentelemetry.io/schemas/1.21.0"
+const SchemaURL = "https://opentelemetry.io/schemas/1.24.0"
diff --git a/vendor/go.opentelemetry.io/otel/semconv/v1.21.0/trace.go b/vendor/go.opentelemetry.io/otel/semconv/v1.24.0/trace.go
similarity index 52%
rename from vendor/go.opentelemetry.io/otel/semconv/v1.21.0/trace.go
rename to vendor/go.opentelemetry.io/otel/semconv/v1.24.0/trace.go
index b5a91450d42..397174818b7 100644
--- a/vendor/go.opentelemetry.io/otel/semconv/v1.21.0/trace.go
+++ b/vendor/go.opentelemetry.io/otel/semconv/v1.24.0/trace.go
@@ -14,74 +14,260 @@
 
 // Code generated from semantic convention specification. DO NOT EDIT.
 
-package semconv // import "go.opentelemetry.io/otel/semconv/v1.21.0"
+package semconv // import "go.opentelemetry.io/otel/semconv/v1.24.0"
 
 import "go.opentelemetry.io/otel/attribute"
 
-// The shared attributes used to report a single exception associated with a
-// span or log.
+// Operations that access some remote service.
+const (
+	// PeerServiceKey is the attribute Key conforming to the "peer.service"
+	// semantic conventions. It represents the
+	// [`service.name`](/docs/resource/README.md#service) of the remote
+	// service. SHOULD be equal to the actual `service.name` resource attribute
+	// of the remote service if any.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 'AuthTokenCache'
+	PeerServiceKey = attribute.Key("peer.service")
+)
+
+// PeerService returns an attribute KeyValue conforming to the
+// "peer.service" semantic conventions. It represents the
+// [`service.name`](/docs/resource/README.md#service) of the remote service.
+// SHOULD be equal to the actual `service.name` resource attribute of the
+// remote service if any.
+func PeerService(val string) attribute.KeyValue {
+	return PeerServiceKey.String(val)
+}
+
+// These attributes may be used for any operation with an authenticated and/or
+// authorized enduser.
+const (
+	// EnduserIDKey is the attribute Key conforming to the "enduser.id"
+	// semantic conventions. It represents the username or client_id extracted
+	// from the access token or
+	// [Authorization](https://tools.ietf.org/html/rfc7235#section-4.2) header
+	// in the inbound request from outside the system.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 'username'
+	EnduserIDKey = attribute.Key("enduser.id")
+
+	// EnduserRoleKey is the attribute Key conforming to the "enduser.role"
+	// semantic conventions. It represents the actual/assumed role the client
+	// is making the request under extracted from token or application security
+	// context.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 'admin'
+	EnduserRoleKey = attribute.Key("enduser.role")
+
+	// EnduserScopeKey is the attribute Key conforming to the "enduser.scope"
+	// semantic conventions. It represents the scopes or granted authorities
+	// the client currently possesses extracted from token or application
+	// security context. The value would come from the scope associated with an
+	// [OAuth 2.0 Access
+	// Token](https://tools.ietf.org/html/rfc6749#section-3.3) or an attribute
+	// value in a [SAML 2.0
+	// Assertion](http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-tech-overview-2.0.html).
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 'read:message, write:files'
+	EnduserScopeKey = attribute.Key("enduser.scope")
+)
+
+// EnduserID returns an attribute KeyValue conforming to the "enduser.id"
+// semantic conventions. It represents the username or client_id extracted from
+// the access token or
+// [Authorization](https://tools.ietf.org/html/rfc7235#section-4.2) header in
+// the inbound request from outside the system.
+func EnduserID(val string) attribute.KeyValue {
+	return EnduserIDKey.String(val)
+}
+
+// EnduserRole returns an attribute KeyValue conforming to the
+// "enduser.role" semantic conventions. It represents the actual/assumed role
+// the client is making the request under extracted from token or application
+// security context.
+func EnduserRole(val string) attribute.KeyValue {
+	return EnduserRoleKey.String(val)
+}
+
+// EnduserScope returns an attribute KeyValue conforming to the
+// "enduser.scope" semantic conventions. It represents the scopes or granted
+// authorities the client currently possesses extracted from token or
+// application security context. The value would come from the scope associated
+// with an [OAuth 2.0 Access
+// Token](https://tools.ietf.org/html/rfc6749#section-3.3) or an attribute
+// value in a [SAML 2.0
+// Assertion](http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-tech-overview-2.0.html).
+func EnduserScope(val string) attribute.KeyValue {
+	return EnduserScopeKey.String(val)
+}
+
+// These attributes allow to report this unit of code and therefore to provide
+// more context about the span.
 const (
-	// ExceptionTypeKey is the attribute Key conforming to the "exception.type"
-	// semantic conventions. It represents the type of the exception (its
-	// fully-qualified class name, if applicable). The dynamic type of the
-	// exception should be preferred over the static type in languages that
-	// support it.
+	// CodeColumnKey is the attribute Key conforming to the "code.column"
+	// semantic conventions. It represents the column number in `code.filepath`
+	// best representing the operation. It SHOULD point within the code unit
+	// named in `code.function`.
+	//
+	// Type: int
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 16
+	CodeColumnKey = attribute.Key("code.column")
+
+	// CodeFilepathKey is the attribute Key conforming to the "code.filepath"
+	// semantic conventions. It represents the source code file name that
+	// identifies the code unit as uniquely as possible (preferably an absolute
+	// file path).
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: '/usr/local/MyApplication/content_root/app/index.php'
+	CodeFilepathKey = attribute.Key("code.filepath")
+
+	// CodeFunctionKey is the attribute Key conforming to the "code.function"
+	// semantic conventions. It represents the method or function name, or
+	// equivalent (usually rightmost part of the code unit's name).
 	//
 	// Type: string
 	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: 'java.net.ConnectException', 'OSError'
-	ExceptionTypeKey = attribute.Key("exception.type")
+	// Stability: experimental
+	// Examples: 'serveRequest'
+	CodeFunctionKey = attribute.Key("code.function")
+
+	// CodeLineNumberKey is the attribute Key conforming to the "code.lineno"
+	// semantic conventions. It represents the line number in `code.filepath`
+	// best representing the operation. It SHOULD point within the code unit
+	// named in `code.function`.
+	//
+	// Type: int
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 42
+	CodeLineNumberKey = attribute.Key("code.lineno")
 
-	// ExceptionMessageKey is the attribute Key conforming to the
-	// "exception.message" semantic conventions. It represents the exception
-	// message.
+	// CodeNamespaceKey is the attribute Key conforming to the "code.namespace"
+	// semantic conventions. It represents the "namespace" within which
+	// `code.function` is defined. Usually the qualified class or module name,
+	// such that `code.namespace` + some separator + `code.function` form a
+	// unique identifier for the code unit.
 	//
 	// Type: string
 	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: 'Division by zero', "Can't convert 'int' object to str
-	// implicitly"
-	ExceptionMessageKey = attribute.Key("exception.message")
-
-	// ExceptionStacktraceKey is the attribute Key conforming to the
-	// "exception.stacktrace" semantic conventions. It represents a stacktrace
-	// as a string in the natural representation for the language runtime. The
+	// Stability: experimental
+	// Examples: 'com.example.MyHTTPService'
+	CodeNamespaceKey = attribute.Key("code.namespace")
+
+	// CodeStacktraceKey is the attribute Key conforming to the
+	// "code.stacktrace" semantic conventions. It represents a stacktrace as a
+	// string in the natural representation for the language runtime. The
 	// representation is to be determined and documented by each language SIG.
 	//
 	// Type: string
 	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: 'Exception in thread "main" java.lang.RuntimeException: Test
-	// exception\\n at '
-	//  'com.example.GenerateTrace.methodB(GenerateTrace.java:13)\\n at '
+	// Stability: experimental
+	// Examples: 'at
+	// com.example.GenerateTrace.methodB(GenerateTrace.java:13)\\n at '
 	//  'com.example.GenerateTrace.methodA(GenerateTrace.java:9)\\n at '
 	//  'com.example.GenerateTrace.main(GenerateTrace.java:5)'
-	ExceptionStacktraceKey = attribute.Key("exception.stacktrace")
+	CodeStacktraceKey = attribute.Key("code.stacktrace")
 )
 
-// ExceptionType returns an attribute KeyValue conforming to the
-// "exception.type" semantic conventions. It represents the type of the
-// exception (its fully-qualified class name, if applicable). The dynamic type
-// of the exception should be preferred over the static type in languages that
-// support it.
-func ExceptionType(val string) attribute.KeyValue {
-	return ExceptionTypeKey.String(val)
+// CodeColumn returns an attribute KeyValue conforming to the "code.column"
+// semantic conventions. It represents the column number in `code.filepath`
+// best representing the operation. It SHOULD point within the code unit named
+// in `code.function`.
+func CodeColumn(val int) attribute.KeyValue {
+	return CodeColumnKey.Int(val)
+}
+
+// CodeFilepath returns an attribute KeyValue conforming to the
+// "code.filepath" semantic conventions. It represents the source code file
+// name that identifies the code unit as uniquely as possible (preferably an
+// absolute file path).
+func CodeFilepath(val string) attribute.KeyValue {
+	return CodeFilepathKey.String(val)
+}
+
+// CodeFunction returns an attribute KeyValue conforming to the
+// "code.function" semantic conventions. It represents the method or function
+// name, or equivalent (usually rightmost part of the code unit's name).
+func CodeFunction(val string) attribute.KeyValue {
+	return CodeFunctionKey.String(val)
+}
+
+// CodeLineNumber returns an attribute KeyValue conforming to the "code.lineno"
+// semantic conventions. It represents the line number in `code.filepath` best
+// representing the operation. It SHOULD point within the code unit named in
+// `code.function`.
+func CodeLineNumber(val int) attribute.KeyValue {
+	return CodeLineNumberKey.Int(val)
 }
 
-// ExceptionMessage returns an attribute KeyValue conforming to the
-// "exception.message" semantic conventions. It represents the exception
-// message.
-func ExceptionMessage(val string) attribute.KeyValue {
-	return ExceptionMessageKey.String(val)
+// CodeNamespace returns an attribute KeyValue conforming to the
+// "code.namespace" semantic conventions. It represents the "namespace" within
+// which `code.function` is defined. Usually the qualified class or module
+// name, such that `code.namespace` + some separator + `code.function` form a
+// unique identifier for the code unit.
+func CodeNamespace(val string) attribute.KeyValue {
+	return CodeNamespaceKey.String(val)
 }
 
-// ExceptionStacktrace returns an attribute KeyValue conforming to the
-// "exception.stacktrace" semantic conventions. It represents a stacktrace as a
+// CodeStacktrace returns an attribute KeyValue conforming to the
+// "code.stacktrace" semantic conventions. It represents a stacktrace as a
 // string in the natural representation for the language runtime. The
 // representation is to be determined and documented by each language SIG.
-func ExceptionStacktrace(val string) attribute.KeyValue {
-	return ExceptionStacktraceKey.String(val)
+func CodeStacktrace(val string) attribute.KeyValue {
+	return CodeStacktraceKey.String(val)
+}
+
+// These attributes may be used for any operation to store information about a
+// thread that started a span.
+const (
+	// ThreadIDKey is the attribute Key conforming to the "thread.id" semantic
+	// conventions. It represents the current "managed" thread ID (as opposed
+	// to OS thread ID).
+	//
+	// Type: int
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 42
+	ThreadIDKey = attribute.Key("thread.id")
+
+	// ThreadNameKey is the attribute Key conforming to the "thread.name"
+	// semantic conventions. It represents the current thread name.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 'main'
+	ThreadNameKey = attribute.Key("thread.name")
+)
+
+// ThreadID returns an attribute KeyValue conforming to the "thread.id"
+// semantic conventions. It represents the current "managed" thread ID (as
+// opposed to OS thread ID).
+func ThreadID(val int) attribute.KeyValue {
+	return ThreadIDKey.Int(val)
+}
+
+// ThreadName returns an attribute KeyValue conforming to the "thread.name"
+// semantic conventions. It represents the current thread name.
+func ThreadName(val string) attribute.KeyValue {
+	return ThreadNameKey.String(val)
 }
 
 // Span attributes used by AWS Lambda (in addition to general `faas`
@@ -95,7 +281,7 @@ const (
 	//
 	// Type: string
 	// RequirementLevel: Optional
-	// Stability: stable
+	// Stability: experimental
 	// Examples: 'arn:aws:lambda:us-east-1:123456:function:myfunction:myalias'
 	// Note: This may be different from `cloud.resource_id` if an alias is
 	// involved.
@@ -123,7 +309,7 @@ const (
 	//
 	// Type: string
 	// RequirementLevel: Required
-	// Stability: stable
+	// Stability: experimental
 	// Examples: '123e4567-e89b-12d3-a456-426614174000', '0001'
 	CloudeventsEventIDKey = attribute.Key("cloudevents.event_id")
 
@@ -134,7 +320,7 @@ const (
 	//
 	// Type: string
 	// RequirementLevel: Required
-	// Stability: stable
+	// Stability: experimental
 	// Examples: 'https://github.com/cloudevents',
 	// '/cloudevents/spec/pull/123', 'my-service'
 	CloudeventsEventSourceKey = attribute.Key("cloudevents.event_source")
@@ -147,10 +333,22 @@ const (
 	//
 	// Type: string
 	// RequirementLevel: Optional
-	// Stability: stable
+	// Stability: experimental
 	// Examples: '1.0'
 	CloudeventsEventSpecVersionKey = attribute.Key("cloudevents.event_spec_version")
 
+	// CloudeventsEventSubjectKey is the attribute Key conforming to the
+	// "cloudevents.event_subject" semantic conventions. It represents the
+	// [subject](https://github.com/cloudevents/spec/blob/v1.0.2/cloudevents/spec.md#subject)
+	// of the event in the context of the event producer (identified by
+	// source).
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 'mynewfile.jpg'
+	CloudeventsEventSubjectKey = attribute.Key("cloudevents.event_subject")
+
 	// CloudeventsEventTypeKey is the attribute Key conforming to the
 	// "cloudevents.event_type" semantic conventions. It represents the
 	// [event_type](https://github.com/cloudevents/spec/blob/v1.0.2/cloudevents/spec.md#type)
@@ -159,22 +357,10 @@ const (
 	//
 	// Type: string
 	// RequirementLevel: Optional
-	// Stability: stable
+	// Stability: experimental
 	// Examples: 'com.github.pull_request.opened',
 	// 'com.example.object.deleted.v2'
 	CloudeventsEventTypeKey = attribute.Key("cloudevents.event_type")
-
-	// CloudeventsEventSubjectKey is the attribute Key conforming to the
-	// "cloudevents.event_subject" semantic conventions. It represents the
-	// [subject](https://github.com/cloudevents/spec/blob/v1.0.2/cloudevents/spec.md#subject)
-	// of the event in the context of the event producer (identified by
-	// source).
-	//
-	// Type: string
-	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: 'mynewfile.jpg'
-	CloudeventsEventSubjectKey = attribute.Key("cloudevents.event_subject")
 )
 
 // CloudeventsEventID returns an attribute KeyValue conforming to the
@@ -202,6 +388,14 @@ func CloudeventsEventSpecVersion(val string) attribute.KeyValue {
 	return CloudeventsEventSpecVersionKey.String(val)
 }
 
+// CloudeventsEventSubject returns an attribute KeyValue conforming to the
+// "cloudevents.event_subject" semantic conventions. It represents the
+// [subject](https://github.com/cloudevents/spec/blob/v1.0.2/cloudevents/spec.md#subject)
+// of the event in the context of the event producer (identified by source).
+func CloudeventsEventSubject(val string) attribute.KeyValue {
+	return CloudeventsEventSubjectKey.String(val)
+}
+
 // CloudeventsEventType returns an attribute KeyValue conforming to the
 // "cloudevents.event_type" semantic conventions. It represents the
 // [event_type](https://github.com/cloudevents/spec/blob/v1.0.2/cloudevents/spec.md#type)
@@ -211,14 +405,6 @@ func CloudeventsEventType(val string) attribute.KeyValue {
 	return CloudeventsEventTypeKey.String(val)
 }
 
-// CloudeventsEventSubject returns an attribute KeyValue conforming to the
-// "cloudevents.event_subject" semantic conventions. It represents the
-// [subject](https://github.com/cloudevents/spec/blob/v1.0.2/cloudevents/spec.md#subject)
-// of the event in the context of the event producer (identified by source).
-func CloudeventsEventSubject(val string) attribute.KeyValue {
-	return CloudeventsEventSubjectKey.String(val)
-}
-
 // Semantic conventions for the OpenTracing Shim
 const (
 	// OpentracingRefTypeKey is the attribute Key conforming to the
@@ -227,7 +413,7 @@ const (
 	//
 	// Type: Enum
 	// RequirementLevel: Optional
-	// Stability: stable
+	// Stability: experimental
 	// Note: The causal relationship between a child Span and a parent Span.
 	OpentracingRefTypeKey = attribute.Key("opentracing.ref_type")
 )
@@ -235,688 +421,30 @@ const (
 var (
 	// The parent Span depends on the child Span in some capacity
 	OpentracingRefTypeChildOf = OpentracingRefTypeKey.String("child_of")
-	// The parent Span does not depend in any way on the result of the child Span
+	// The parent Span doesn't depend in any way on the result of the child Span
 	OpentracingRefTypeFollowsFrom = OpentracingRefTypeKey.String("follows_from")
 )
 
-// The attributes used to perform database client calls.
+// Span attributes used by non-OTLP exporters to represent OpenTelemetry Span's
+// concepts.
 const (
-	// DBSystemKey is the attribute Key conforming to the "db.system" semantic
-	// conventions. It represents an identifier for the database management
-	// system (DBMS) product being used. See below for a list of well-known
-	// identifiers.
+	// OTelStatusCodeKey is the attribute Key conforming to the
+	// "otel.status_code" semantic conventions. It represents the name of the
+	// code, either "OK" or "ERROR". MUST NOT be set if the status code is
+	// UNSET.
 	//
 	// Type: Enum
-	// RequirementLevel: Required
-	// Stability: stable
-	DBSystemKey = attribute.Key("db.system")
+	// RequirementLevel: Optional
+	// Stability: experimental
+	OTelStatusCodeKey = attribute.Key("otel.status_code")
 
-	// DBConnectionStringKey is the attribute Key conforming to the
-	// "db.connection_string" semantic conventions. It represents the
-	// connection string used to connect to the database. It is recommended to
-	// remove embedded credentials.
+	// OTelStatusDescriptionKey is the attribute Key conforming to the
+	// "otel.status_description" semantic conventions. It represents the
+	// description of the Status if it has a value, otherwise not set.
 	//
 	// Type: string
 	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: 'Server=(localdb)\\v11.0;Integrated Security=true;'
-	DBConnectionStringKey = attribute.Key("db.connection_string")
-
-	// DBUserKey is the attribute Key conforming to the "db.user" semantic
-	// conventions. It represents the username for accessing the database.
-	//
-	// Type: string
-	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: 'readonly_user', 'reporting_user'
-	DBUserKey = attribute.Key("db.user")
-
-	// DBJDBCDriverClassnameKey is the attribute Key conforming to the
-	// "db.jdbc.driver_classname" semantic conventions. It represents the
-	// fully-qualified class name of the [Java Database Connectivity
-	// (JDBC)](https://docs.oracle.com/javase/8/docs/technotes/guides/jdbc/)
-	// driver used to connect.
-	//
-	// Type: string
-	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: 'org.postgresql.Driver',
-	// 'com.microsoft.sqlserver.jdbc.SQLServerDriver'
-	DBJDBCDriverClassnameKey = attribute.Key("db.jdbc.driver_classname")
-
-	// DBNameKey is the attribute Key conforming to the "db.name" semantic
-	// conventions. It represents the this attribute is used to report the name
-	// of the database being accessed. For commands that switch the database,
-	// this should be set to the target database (even if the command fails).
-	//
-	// Type: string
-	// RequirementLevel: ConditionallyRequired (If applicable.)
-	// Stability: stable
-	// Examples: 'customers', 'main'
-	// Note: In some SQL databases, the database name to be used is called
-	// "schema name". In case there are multiple layers that could be
-	// considered for database name (e.g. Oracle instance name and schema
-	// name), the database name to be used is the more specific layer (e.g.
-	// Oracle schema name).
-	DBNameKey = attribute.Key("db.name")
-
-	// DBStatementKey is the attribute Key conforming to the "db.statement"
-	// semantic conventions. It represents the database statement being
-	// executed.
-	//
-	// Type: string
-	// RequirementLevel: Recommended (Should be collected by default only if
-	// there is sanitization that excludes sensitive information.)
-	// Stability: stable
-	// Examples: 'SELECT * FROM wuser_table', 'SET mykey "WuValue"'
-	DBStatementKey = attribute.Key("db.statement")
-
-	// DBOperationKey is the attribute Key conforming to the "db.operation"
-	// semantic conventions. It represents the name of the operation being
-	// executed, e.g. the [MongoDB command
-	// name](https://docs.mongodb.com/manual/reference/command/#database-operations)
-	// such as `findAndModify`, or the SQL keyword.
-	//
-	// Type: string
-	// RequirementLevel: ConditionallyRequired (If `db.statement` is not
-	// applicable.)
-	// Stability: stable
-	// Examples: 'findAndModify', 'HMSET', 'SELECT'
-	// Note: When setting this to an SQL keyword, it is not recommended to
-	// attempt any client-side parsing of `db.statement` just to get this
-	// property, but it should be set if the operation name is provided by the
-	// library being instrumented. If the SQL statement has an ambiguous
-	// operation, or performs more than one operation, this value may be
-	// omitted.
-	DBOperationKey = attribute.Key("db.operation")
-)
-
-var (
-	// Some other SQL database. Fallback only. See notes
-	DBSystemOtherSQL = DBSystemKey.String("other_sql")
-	// Microsoft SQL Server
-	DBSystemMSSQL = DBSystemKey.String("mssql")
-	// Microsoft SQL Server Compact
-	DBSystemMssqlcompact = DBSystemKey.String("mssqlcompact")
-	// MySQL
-	DBSystemMySQL = DBSystemKey.String("mysql")
-	// Oracle Database
-	DBSystemOracle = DBSystemKey.String("oracle")
-	// IBM DB2
-	DBSystemDB2 = DBSystemKey.String("db2")
-	// PostgreSQL
-	DBSystemPostgreSQL = DBSystemKey.String("postgresql")
-	// Amazon Redshift
-	DBSystemRedshift = DBSystemKey.String("redshift")
-	// Apache Hive
-	DBSystemHive = DBSystemKey.String("hive")
-	// Cloudscape
-	DBSystemCloudscape = DBSystemKey.String("cloudscape")
-	// HyperSQL DataBase
-	DBSystemHSQLDB = DBSystemKey.String("hsqldb")
-	// Progress Database
-	DBSystemProgress = DBSystemKey.String("progress")
-	// SAP MaxDB
-	DBSystemMaxDB = DBSystemKey.String("maxdb")
-	// SAP HANA
-	DBSystemHanaDB = DBSystemKey.String("hanadb")
-	// Ingres
-	DBSystemIngres = DBSystemKey.String("ingres")
-	// FirstSQL
-	DBSystemFirstSQL = DBSystemKey.String("firstsql")
-	// EnterpriseDB
-	DBSystemEDB = DBSystemKey.String("edb")
-	// InterSystems Caché
-	DBSystemCache = DBSystemKey.String("cache")
-	// Adabas (Adaptable Database System)
-	DBSystemAdabas = DBSystemKey.String("adabas")
-	// Firebird
-	DBSystemFirebird = DBSystemKey.String("firebird")
-	// Apache Derby
-	DBSystemDerby = DBSystemKey.String("derby")
-	// FileMaker
-	DBSystemFilemaker = DBSystemKey.String("filemaker")
-	// Informix
-	DBSystemInformix = DBSystemKey.String("informix")
-	// InstantDB
-	DBSystemInstantDB = DBSystemKey.String("instantdb")
-	// InterBase
-	DBSystemInterbase = DBSystemKey.String("interbase")
-	// MariaDB
-	DBSystemMariaDB = DBSystemKey.String("mariadb")
-	// Netezza
-	DBSystemNetezza = DBSystemKey.String("netezza")
-	// Pervasive PSQL
-	DBSystemPervasive = DBSystemKey.String("pervasive")
-	// PointBase
-	DBSystemPointbase = DBSystemKey.String("pointbase")
-	// SQLite
-	DBSystemSqlite = DBSystemKey.String("sqlite")
-	// Sybase
-	DBSystemSybase = DBSystemKey.String("sybase")
-	// Teradata
-	DBSystemTeradata = DBSystemKey.String("teradata")
-	// Vertica
-	DBSystemVertica = DBSystemKey.String("vertica")
-	// H2
-	DBSystemH2 = DBSystemKey.String("h2")
-	// ColdFusion IMQ
-	DBSystemColdfusion = DBSystemKey.String("coldfusion")
-	// Apache Cassandra
-	DBSystemCassandra = DBSystemKey.String("cassandra")
-	// Apache HBase
-	DBSystemHBase = DBSystemKey.String("hbase")
-	// MongoDB
-	DBSystemMongoDB = DBSystemKey.String("mongodb")
-	// Redis
-	DBSystemRedis = DBSystemKey.String("redis")
-	// Couchbase
-	DBSystemCouchbase = DBSystemKey.String("couchbase")
-	// CouchDB
-	DBSystemCouchDB = DBSystemKey.String("couchdb")
-	// Microsoft Azure Cosmos DB
-	DBSystemCosmosDB = DBSystemKey.String("cosmosdb")
-	// Amazon DynamoDB
-	DBSystemDynamoDB = DBSystemKey.String("dynamodb")
-	// Neo4j
-	DBSystemNeo4j = DBSystemKey.String("neo4j")
-	// Apache Geode
-	DBSystemGeode = DBSystemKey.String("geode")
-	// Elasticsearch
-	DBSystemElasticsearch = DBSystemKey.String("elasticsearch")
-	// Memcached
-	DBSystemMemcached = DBSystemKey.String("memcached")
-	// CockroachDB
-	DBSystemCockroachdb = DBSystemKey.String("cockroachdb")
-	// OpenSearch
-	DBSystemOpensearch = DBSystemKey.String("opensearch")
-	// ClickHouse
-	DBSystemClickhouse = DBSystemKey.String("clickhouse")
-	// Cloud Spanner
-	DBSystemSpanner = DBSystemKey.String("spanner")
-	// Trino
-	DBSystemTrino = DBSystemKey.String("trino")
-)
-
-// DBConnectionString returns an attribute KeyValue conforming to the
-// "db.connection_string" semantic conventions. It represents the connection
-// string used to connect to the database. It is recommended to remove embedded
-// credentials.
-func DBConnectionString(val string) attribute.KeyValue {
-	return DBConnectionStringKey.String(val)
-}
-
-// DBUser returns an attribute KeyValue conforming to the "db.user" semantic
-// conventions. It represents the username for accessing the database.
-func DBUser(val string) attribute.KeyValue {
-	return DBUserKey.String(val)
-}
-
-// DBJDBCDriverClassname returns an attribute KeyValue conforming to the
-// "db.jdbc.driver_classname" semantic conventions. It represents the
-// fully-qualified class name of the [Java Database Connectivity
-// (JDBC)](https://docs.oracle.com/javase/8/docs/technotes/guides/jdbc/) driver
-// used to connect.
-func DBJDBCDriverClassname(val string) attribute.KeyValue {
-	return DBJDBCDriverClassnameKey.String(val)
-}
-
-// DBName returns an attribute KeyValue conforming to the "db.name" semantic
-// conventions. It represents the this attribute is used to report the name of
-// the database being accessed. For commands that switch the database, this
-// should be set to the target database (even if the command fails).
-func DBName(val string) attribute.KeyValue {
-	return DBNameKey.String(val)
-}
-
-// DBStatement returns an attribute KeyValue conforming to the
-// "db.statement" semantic conventions. It represents the database statement
-// being executed.
-func DBStatement(val string) attribute.KeyValue {
-	return DBStatementKey.String(val)
-}
-
-// DBOperation returns an attribute KeyValue conforming to the
-// "db.operation" semantic conventions. It represents the name of the operation
-// being executed, e.g. the [MongoDB command
-// name](https://docs.mongodb.com/manual/reference/command/#database-operations)
-// such as `findAndModify`, or the SQL keyword.
-func DBOperation(val string) attribute.KeyValue {
-	return DBOperationKey.String(val)
-}
-
-// Connection-level attributes for Microsoft SQL Server
-const (
-	// DBMSSQLInstanceNameKey is the attribute Key conforming to the
-	// "db.mssql.instance_name" semantic conventions. It represents the
-	// Microsoft SQL Server [instance
-	// name](https://docs.microsoft.com/en-us/sql/connect/jdbc/building-the-connection-url?view=sql-server-ver15)
-	// connecting to. This name is used to determine the port of a named
-	// instance.
-	//
-	// Type: string
-	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: 'MSSQLSERVER'
-	// Note: If setting a `db.mssql.instance_name`, `server.port` is no longer
-	// required (but still recommended if non-standard).
-	DBMSSQLInstanceNameKey = attribute.Key("db.mssql.instance_name")
-)
-
-// DBMSSQLInstanceName returns an attribute KeyValue conforming to the
-// "db.mssql.instance_name" semantic conventions. It represents the Microsoft
-// SQL Server [instance
-// name](https://docs.microsoft.com/en-us/sql/connect/jdbc/building-the-connection-url?view=sql-server-ver15)
-// connecting to. This name is used to determine the port of a named instance.
-func DBMSSQLInstanceName(val string) attribute.KeyValue {
-	return DBMSSQLInstanceNameKey.String(val)
-}
-
-// Call-level attributes for Cassandra
-const (
-	// DBCassandraPageSizeKey is the attribute Key conforming to the
-	// "db.cassandra.page_size" semantic conventions. It represents the fetch
-	// size used for paging, i.e. how many rows will be returned at once.
-	//
-	// Type: int
-	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: 5000
-	DBCassandraPageSizeKey = attribute.Key("db.cassandra.page_size")
-
-	// DBCassandraConsistencyLevelKey is the attribute Key conforming to the
-	// "db.cassandra.consistency_level" semantic conventions. It represents the
-	// consistency level of the query. Based on consistency values from
-	// [CQL](https://docs.datastax.com/en/cassandra-oss/3.0/cassandra/dml/dmlConfigConsistency.html).
-	//
-	// Type: Enum
-	// RequirementLevel: Optional
-	// Stability: stable
-	DBCassandraConsistencyLevelKey = attribute.Key("db.cassandra.consistency_level")
-
-	// DBCassandraTableKey is the attribute Key conforming to the
-	// "db.cassandra.table" semantic conventions. It represents the name of the
-	// primary table that the operation is acting upon, including the keyspace
-	// name (if applicable).
-	//
-	// Type: string
-	// RequirementLevel: Recommended
-	// Stability: stable
-	// Examples: 'mytable'
-	// Note: This mirrors the db.sql.table attribute but references cassandra
-	// rather than sql. It is not recommended to attempt any client-side
-	// parsing of `db.statement` just to get this property, but it should be
-	// set if it is provided by the library being instrumented. If the
-	// operation is acting upon an anonymous table, or more than one table,
-	// this value MUST NOT be set.
-	DBCassandraTableKey = attribute.Key("db.cassandra.table")
-
-	// DBCassandraIdempotenceKey is the attribute Key conforming to the
-	// "db.cassandra.idempotence" semantic conventions. It represents the
-	// whether or not the query is idempotent.
-	//
-	// Type: boolean
-	// RequirementLevel: Optional
-	// Stability: stable
-	DBCassandraIdempotenceKey = attribute.Key("db.cassandra.idempotence")
-
-	// DBCassandraSpeculativeExecutionCountKey is the attribute Key conforming
-	// to the "db.cassandra.speculative_execution_count" semantic conventions.
-	// It represents the number of times a query was speculatively executed.
-	// Not set or `0` if the query was not executed speculatively.
-	//
-	// Type: int
-	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: 0, 2
-	DBCassandraSpeculativeExecutionCountKey = attribute.Key("db.cassandra.speculative_execution_count")
-
-	// DBCassandraCoordinatorIDKey is the attribute Key conforming to the
-	// "db.cassandra.coordinator.id" semantic conventions. It represents the ID
-	// of the coordinating node for a query.
-	//
-	// Type: string
-	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: 'be13faa2-8574-4d71-926d-27f16cf8a7af'
-	DBCassandraCoordinatorIDKey = attribute.Key("db.cassandra.coordinator.id")
-
-	// DBCassandraCoordinatorDCKey is the attribute Key conforming to the
-	// "db.cassandra.coordinator.dc" semantic conventions. It represents the
-	// data center of the coordinating node for a query.
-	//
-	// Type: string
-	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: 'us-west-2'
-	DBCassandraCoordinatorDCKey = attribute.Key("db.cassandra.coordinator.dc")
-)
-
-var (
-	// all
-	DBCassandraConsistencyLevelAll = DBCassandraConsistencyLevelKey.String("all")
-	// each_quorum
-	DBCassandraConsistencyLevelEachQuorum = DBCassandraConsistencyLevelKey.String("each_quorum")
-	// quorum
-	DBCassandraConsistencyLevelQuorum = DBCassandraConsistencyLevelKey.String("quorum")
-	// local_quorum
-	DBCassandraConsistencyLevelLocalQuorum = DBCassandraConsistencyLevelKey.String("local_quorum")
-	// one
-	DBCassandraConsistencyLevelOne = DBCassandraConsistencyLevelKey.String("one")
-	// two
-	DBCassandraConsistencyLevelTwo = DBCassandraConsistencyLevelKey.String("two")
-	// three
-	DBCassandraConsistencyLevelThree = DBCassandraConsistencyLevelKey.String("three")
-	// local_one
-	DBCassandraConsistencyLevelLocalOne = DBCassandraConsistencyLevelKey.String("local_one")
-	// any
-	DBCassandraConsistencyLevelAny = DBCassandraConsistencyLevelKey.String("any")
-	// serial
-	DBCassandraConsistencyLevelSerial = DBCassandraConsistencyLevelKey.String("serial")
-	// local_serial
-	DBCassandraConsistencyLevelLocalSerial = DBCassandraConsistencyLevelKey.String("local_serial")
-)
-
-// DBCassandraPageSize returns an attribute KeyValue conforming to the
-// "db.cassandra.page_size" semantic conventions. It represents the fetch size
-// used for paging, i.e. how many rows will be returned at once.
-func DBCassandraPageSize(val int) attribute.KeyValue {
-	return DBCassandraPageSizeKey.Int(val)
-}
-
-// DBCassandraTable returns an attribute KeyValue conforming to the
-// "db.cassandra.table" semantic conventions. It represents the name of the
-// primary table that the operation is acting upon, including the keyspace name
-// (if applicable).
-func DBCassandraTable(val string) attribute.KeyValue {
-	return DBCassandraTableKey.String(val)
-}
-
-// DBCassandraIdempotence returns an attribute KeyValue conforming to the
-// "db.cassandra.idempotence" semantic conventions. It represents the whether
-// or not the query is idempotent.
-func DBCassandraIdempotence(val bool) attribute.KeyValue {
-	return DBCassandraIdempotenceKey.Bool(val)
-}
-
-// DBCassandraSpeculativeExecutionCount returns an attribute KeyValue
-// conforming to the "db.cassandra.speculative_execution_count" semantic
-// conventions. It represents the number of times a query was speculatively
-// executed. Not set or `0` if the query was not executed speculatively.
-func DBCassandraSpeculativeExecutionCount(val int) attribute.KeyValue {
-	return DBCassandraSpeculativeExecutionCountKey.Int(val)
-}
-
-// DBCassandraCoordinatorID returns an attribute KeyValue conforming to the
-// "db.cassandra.coordinator.id" semantic conventions. It represents the ID of
-// the coordinating node for a query.
-func DBCassandraCoordinatorID(val string) attribute.KeyValue {
-	return DBCassandraCoordinatorIDKey.String(val)
-}
-
-// DBCassandraCoordinatorDC returns an attribute KeyValue conforming to the
-// "db.cassandra.coordinator.dc" semantic conventions. It represents the data
-// center of the coordinating node for a query.
-func DBCassandraCoordinatorDC(val string) attribute.KeyValue {
-	return DBCassandraCoordinatorDCKey.String(val)
-}
-
-// Call-level attributes for Redis
-const (
-	// DBRedisDBIndexKey is the attribute Key conforming to the
-	// "db.redis.database_index" semantic conventions. It represents the index
-	// of the database being accessed as used in the [`SELECT`
-	// command](https://redis.io/commands/select), provided as an integer. To
-	// be used instead of the generic `db.name` attribute.
-	//
-	// Type: int
-	// RequirementLevel: ConditionallyRequired (If other than the default
-	// database (`0`).)
-	// Stability: stable
-	// Examples: 0, 1, 15
-	DBRedisDBIndexKey = attribute.Key("db.redis.database_index")
-)
-
-// DBRedisDBIndex returns an attribute KeyValue conforming to the
-// "db.redis.database_index" semantic conventions. It represents the index of
-// the database being accessed as used in the [`SELECT`
-// command](https://redis.io/commands/select), provided as an integer. To be
-// used instead of the generic `db.name` attribute.
-func DBRedisDBIndex(val int) attribute.KeyValue {
-	return DBRedisDBIndexKey.Int(val)
-}
-
-// Call-level attributes for MongoDB
-const (
-	// DBMongoDBCollectionKey is the attribute Key conforming to the
-	// "db.mongodb.collection" semantic conventions. It represents the
-	// collection being accessed within the database stated in `db.name`.
-	//
-	// Type: string
-	// RequirementLevel: Required
-	// Stability: stable
-	// Examples: 'customers', 'products'
-	DBMongoDBCollectionKey = attribute.Key("db.mongodb.collection")
-)
-
-// DBMongoDBCollection returns an attribute KeyValue conforming to the
-// "db.mongodb.collection" semantic conventions. It represents the collection
-// being accessed within the database stated in `db.name`.
-func DBMongoDBCollection(val string) attribute.KeyValue {
-	return DBMongoDBCollectionKey.String(val)
-}
-
-// Call-level attributes for SQL databases
-const (
-	// DBSQLTableKey is the attribute Key conforming to the "db.sql.table"
-	// semantic conventions. It represents the name of the primary table that
-	// the operation is acting upon, including the database name (if
-	// applicable).
-	//
-	// Type: string
-	// RequirementLevel: Recommended
-	// Stability: stable
-	// Examples: 'public.users', 'customers'
-	// Note: It is not recommended to attempt any client-side parsing of
-	// `db.statement` just to get this property, but it should be set if it is
-	// provided by the library being instrumented. If the operation is acting
-	// upon an anonymous table, or more than one table, this value MUST NOT be
-	// set.
-	DBSQLTableKey = attribute.Key("db.sql.table")
-)
-
-// DBSQLTable returns an attribute KeyValue conforming to the "db.sql.table"
-// semantic conventions. It represents the name of the primary table that the
-// operation is acting upon, including the database name (if applicable).
-func DBSQLTable(val string) attribute.KeyValue {
-	return DBSQLTableKey.String(val)
-}
-
-// Call-level attributes for Cosmos DB.
-const (
-	// DBCosmosDBClientIDKey is the attribute Key conforming to the
-	// "db.cosmosdb.client_id" semantic conventions. It represents the unique
-	// Cosmos client instance id.
-	//
-	// Type: string
-	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: '3ba4827d-4422-483f-b59f-85b74211c11d'
-	DBCosmosDBClientIDKey = attribute.Key("db.cosmosdb.client_id")
-
-	// DBCosmosDBOperationTypeKey is the attribute Key conforming to the
-	// "db.cosmosdb.operation_type" semantic conventions. It represents the
-	// cosmosDB Operation Type.
-	//
-	// Type: Enum
-	// RequirementLevel: ConditionallyRequired (when performing one of the
-	// operations in this list)
-	// Stability: stable
-	DBCosmosDBOperationTypeKey = attribute.Key("db.cosmosdb.operation_type")
-
-	// DBCosmosDBConnectionModeKey is the attribute Key conforming to the
-	// "db.cosmosdb.connection_mode" semantic conventions. It represents the
-	// cosmos client connection mode.
-	//
-	// Type: Enum
-	// RequirementLevel: ConditionallyRequired (if not `direct` (or pick gw as
-	// default))
-	// Stability: stable
-	DBCosmosDBConnectionModeKey = attribute.Key("db.cosmosdb.connection_mode")
-
-	// DBCosmosDBContainerKey is the attribute Key conforming to the
-	// "db.cosmosdb.container" semantic conventions. It represents the cosmos
-	// DB container name.
-	//
-	// Type: string
-	// RequirementLevel: ConditionallyRequired (if available)
-	// Stability: stable
-	// Examples: 'anystring'
-	DBCosmosDBContainerKey = attribute.Key("db.cosmosdb.container")
-
-	// DBCosmosDBRequestContentLengthKey is the attribute Key conforming to the
-	// "db.cosmosdb.request_content_length" semantic conventions. It represents
-	// the request payload size in bytes
-	//
-	// Type: int
-	// RequirementLevel: Optional
-	// Stability: stable
-	DBCosmosDBRequestContentLengthKey = attribute.Key("db.cosmosdb.request_content_length")
-
-	// DBCosmosDBStatusCodeKey is the attribute Key conforming to the
-	// "db.cosmosdb.status_code" semantic conventions. It represents the cosmos
-	// DB status code.
-	//
-	// Type: int
-	// RequirementLevel: ConditionallyRequired (if response was received)
-	// Stability: stable
-	// Examples: 200, 201
-	DBCosmosDBStatusCodeKey = attribute.Key("db.cosmosdb.status_code")
-
-	// DBCosmosDBSubStatusCodeKey is the attribute Key conforming to the
-	// "db.cosmosdb.sub_status_code" semantic conventions. It represents the
-	// cosmos DB sub status code.
-	//
-	// Type: int
-	// RequirementLevel: ConditionallyRequired (when response was received and
-	// contained sub-code.)
-	// Stability: stable
-	// Examples: 1000, 1002
-	DBCosmosDBSubStatusCodeKey = attribute.Key("db.cosmosdb.sub_status_code")
-
-	// DBCosmosDBRequestChargeKey is the attribute Key conforming to the
-	// "db.cosmosdb.request_charge" semantic conventions. It represents the rU
-	// consumed for that operation
-	//
-	// Type: double
-	// RequirementLevel: ConditionallyRequired (when available)
-	// Stability: stable
-	// Examples: 46.18, 1.0
-	DBCosmosDBRequestChargeKey = attribute.Key("db.cosmosdb.request_charge")
-)
-
-var (
-	// invalid
-	DBCosmosDBOperationTypeInvalid = DBCosmosDBOperationTypeKey.String("Invalid")
-	// create
-	DBCosmosDBOperationTypeCreate = DBCosmosDBOperationTypeKey.String("Create")
-	// patch
-	DBCosmosDBOperationTypePatch = DBCosmosDBOperationTypeKey.String("Patch")
-	// read
-	DBCosmosDBOperationTypeRead = DBCosmosDBOperationTypeKey.String("Read")
-	// read_feed
-	DBCosmosDBOperationTypeReadFeed = DBCosmosDBOperationTypeKey.String("ReadFeed")
-	// delete
-	DBCosmosDBOperationTypeDelete = DBCosmosDBOperationTypeKey.String("Delete")
-	// replace
-	DBCosmosDBOperationTypeReplace = DBCosmosDBOperationTypeKey.String("Replace")
-	// execute
-	DBCosmosDBOperationTypeExecute = DBCosmosDBOperationTypeKey.String("Execute")
-	// query
-	DBCosmosDBOperationTypeQuery = DBCosmosDBOperationTypeKey.String("Query")
-	// head
-	DBCosmosDBOperationTypeHead = DBCosmosDBOperationTypeKey.String("Head")
-	// head_feed
-	DBCosmosDBOperationTypeHeadFeed = DBCosmosDBOperationTypeKey.String("HeadFeed")
-	// upsert
-	DBCosmosDBOperationTypeUpsert = DBCosmosDBOperationTypeKey.String("Upsert")
-	// batch
-	DBCosmosDBOperationTypeBatch = DBCosmosDBOperationTypeKey.String("Batch")
-	// query_plan
-	DBCosmosDBOperationTypeQueryPlan = DBCosmosDBOperationTypeKey.String("QueryPlan")
-	// execute_javascript
-	DBCosmosDBOperationTypeExecuteJavascript = DBCosmosDBOperationTypeKey.String("ExecuteJavaScript")
-)
-
-var (
-	// Gateway (HTTP) connections mode
-	DBCosmosDBConnectionModeGateway = DBCosmosDBConnectionModeKey.String("gateway")
-	// Direct connection
-	DBCosmosDBConnectionModeDirect = DBCosmosDBConnectionModeKey.String("direct")
-)
-
-// DBCosmosDBClientID returns an attribute KeyValue conforming to the
-// "db.cosmosdb.client_id" semantic conventions. It represents the unique
-// Cosmos client instance id.
-func DBCosmosDBClientID(val string) attribute.KeyValue {
-	return DBCosmosDBClientIDKey.String(val)
-}
-
-// DBCosmosDBContainer returns an attribute KeyValue conforming to the
-// "db.cosmosdb.container" semantic conventions. It represents the cosmos DB
-// container name.
-func DBCosmosDBContainer(val string) attribute.KeyValue {
-	return DBCosmosDBContainerKey.String(val)
-}
-
-// DBCosmosDBRequestContentLength returns an attribute KeyValue conforming
-// to the "db.cosmosdb.request_content_length" semantic conventions. It
-// represents the request payload size in bytes
-func DBCosmosDBRequestContentLength(val int) attribute.KeyValue {
-	return DBCosmosDBRequestContentLengthKey.Int(val)
-}
-
-// DBCosmosDBStatusCode returns an attribute KeyValue conforming to the
-// "db.cosmosdb.status_code" semantic conventions. It represents the cosmos DB
-// status code.
-func DBCosmosDBStatusCode(val int) attribute.KeyValue {
-	return DBCosmosDBStatusCodeKey.Int(val)
-}
-
-// DBCosmosDBSubStatusCode returns an attribute KeyValue conforming to the
-// "db.cosmosdb.sub_status_code" semantic conventions. It represents the cosmos
-// DB sub status code.
-func DBCosmosDBSubStatusCode(val int) attribute.KeyValue {
-	return DBCosmosDBSubStatusCodeKey.Int(val)
-}
-
-// DBCosmosDBRequestCharge returns an attribute KeyValue conforming to the
-// "db.cosmosdb.request_charge" semantic conventions. It represents the rU
-// consumed for that operation
-func DBCosmosDBRequestCharge(val float64) attribute.KeyValue {
-	return DBCosmosDBRequestChargeKey.Float64(val)
-}
-
-// Span attributes used by non-OTLP exporters to represent OpenTelemetry Span's
-// concepts.
-const (
-	// OTelStatusCodeKey is the attribute Key conforming to the
-	// "otel.status_code" semantic conventions. It represents the name of the
-	// code, either "OK" or "ERROR". MUST NOT be set if the status code is
-	// UNSET.
-	//
-	// Type: Enum
-	// RequirementLevel: Optional
-	// Stability: stable
-	OTelStatusCodeKey = attribute.Key("otel.status_code")
-
-	// OTelStatusDescriptionKey is the attribute Key conforming to the
-	// "otel.status_description" semantic conventions. It represents the
-	// description of the Status if it has a value, otherwise not set.
-	//
-	// Type: string
-	// RequirementLevel: Optional
-	// Stability: stable
+	// Stability: experimental
 	// Examples: 'resource not found'
 	OTelStatusDescriptionKey = attribute.Key("otel.status_description")
 )
@@ -939,48 +467,17 @@ func OTelStatusDescription(val string) attribute.KeyValue {
 // without provisioning or managing of servers (also known as serverless
 // functions or Function as a Service (FaaS)) with spans.
 const (
-	// FaaSTriggerKey is the attribute Key conforming to the "faas.trigger"
-	// semantic conventions. It represents the type of the trigger which caused
-	// this function invocation.
-	//
-	// Type: Enum
-	// RequirementLevel: Optional
-	// Stability: stable
-	// Note: For the server/consumer span on the incoming side,
-	// `faas.trigger` MUST be set.
-	//
-	// Clients invoking FaaS instances usually cannot set `faas.trigger`,
-	// since they would typically need to look in the payload to determine
-	// the event type. If clients set it, it should be the same as the
-	// trigger that corresponding incoming would have (i.e., this has
-	// nothing to do with the underlying transport used to make the API
-	// call to invoke the lambda, which is often HTTP).
-	FaaSTriggerKey = attribute.Key("faas.trigger")
-
 	// FaaSInvocationIDKey is the attribute Key conforming to the
 	// "faas.invocation_id" semantic conventions. It represents the invocation
 	// ID of the current function invocation.
 	//
 	// Type: string
 	// RequirementLevel: Optional
-	// Stability: stable
+	// Stability: experimental
 	// Examples: 'af9d5aa4-a685-4c5f-a22b-444f80b3cc28'
 	FaaSInvocationIDKey = attribute.Key("faas.invocation_id")
 )
 
-var (
-	// A response to some data source operation such as a database or filesystem read/write
-	FaaSTriggerDatasource = FaaSTriggerKey.String("datasource")
-	// To provide an answer to an inbound HTTP request
-	FaaSTriggerHTTP = FaaSTriggerKey.String("http")
-	// A function is set to be executed when messages are sent to a messaging system
-	FaaSTriggerPubsub = FaaSTriggerKey.String("pubsub")
-	// A function is scheduled to be executed regularly
-	FaaSTriggerTimer = FaaSTriggerKey.String("timer")
-	// If none of the others apply
-	FaaSTriggerOther = FaaSTriggerKey.String("other")
-)
-
 // FaaSInvocationID returns an attribute KeyValue conforming to the
 // "faas.invocation_id" semantic conventions. It represents the invocation ID
 // of the current function invocation.
@@ -999,17 +496,28 @@ const (
 	//
 	// Type: string
 	// RequirementLevel: Required
-	// Stability: stable
+	// Stability: experimental
 	// Examples: 'myBucketName', 'myDBName'
 	FaaSDocumentCollectionKey = attribute.Key("faas.document.collection")
 
+	// FaaSDocumentNameKey is the attribute Key conforming to the
+	// "faas.document.name" semantic conventions. It represents the document
+	// name/table subjected to the operation. For example, in Cloud Storage or
+	// S3 is the name of the file, and in Cosmos DB the table name.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 'myFile.txt', 'myTableName'
+	FaaSDocumentNameKey = attribute.Key("faas.document.name")
+
 	// FaaSDocumentOperationKey is the attribute Key conforming to the
 	// "faas.document.operation" semantic conventions. It represents the
 	// describes the type of the operation that was performed on the data.
 	//
 	// Type: Enum
 	// RequirementLevel: Required
-	// Stability: stable
+	// Stability: experimental
 	FaaSDocumentOperationKey = attribute.Key("faas.document.operation")
 
 	// FaaSDocumentTimeKey is the attribute Key conforming to the
@@ -1020,20 +528,9 @@ const (
 	//
 	// Type: string
 	// RequirementLevel: Optional
-	// Stability: stable
+	// Stability: experimental
 	// Examples: '2020-01-23T13:47:06Z'
 	FaaSDocumentTimeKey = attribute.Key("faas.document.time")
-
-	// FaaSDocumentNameKey is the attribute Key conforming to the
-	// "faas.document.name" semantic conventions. It represents the document
-	// name/table subjected to the operation. For example, in Cloud Storage or
-	// S3 is the name of the file, and in Cosmos DB the table name.
-	//
-	// Type: string
-	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: 'myFile.txt', 'myTableName'
-	FaaSDocumentNameKey = attribute.Key("faas.document.name")
 )
 
 var (
@@ -1054,6 +551,14 @@ func FaaSDocumentCollection(val string) attribute.KeyValue {
 	return FaaSDocumentCollectionKey.String(val)
 }
 
+// FaaSDocumentName returns an attribute KeyValue conforming to the
+// "faas.document.name" semantic conventions. It represents the document
+// name/table subjected to the operation. For example, in Cloud Storage or S3
+// is the name of the file, and in Cosmos DB the table name.
+func FaaSDocumentName(val string) attribute.KeyValue {
+	return FaaSDocumentNameKey.String(val)
+}
+
 // FaaSDocumentTime returns an attribute KeyValue conforming to the
 // "faas.document.time" semantic conventions. It represents a string containing
 // the time when the data was accessed in the [ISO
@@ -1063,16 +568,19 @@ func FaaSDocumentTime(val string) attribute.KeyValue {
 	return FaaSDocumentTimeKey.String(val)
 }
 
-// FaaSDocumentName returns an attribute KeyValue conforming to the
-// "faas.document.name" semantic conventions. It represents the document
-// name/table subjected to the operation. For example, in Cloud Storage or S3
-// is the name of the file, and in Cosmos DB the table name.
-func FaaSDocumentName(val string) attribute.KeyValue {
-	return FaaSDocumentNameKey.String(val)
-}
-
 // Semantic Convention for FaaS scheduled to be executed regularly.
 const (
+	// FaaSCronKey is the attribute Key conforming to the "faas.cron" semantic
+	// conventions. It represents a string containing the schedule period as
+	// [Cron
+	// Expression](https://docs.oracle.com/cd/E12058_01/doc/doc.1014/e12030/cron_expressions.htm).
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: '0/5 * * * ? *'
+	FaaSCronKey = attribute.Key("faas.cron")
+
 	// FaaSTimeKey is the attribute Key conforming to the "faas.time" semantic
 	// conventions. It represents a string containing the function invocation
 	// time in the [ISO
@@ -1081,31 +589,11 @@ const (
 	//
 	// Type: string
 	// RequirementLevel: Optional
-	// Stability: stable
+	// Stability: experimental
 	// Examples: '2020-01-23T13:47:06Z'
 	FaaSTimeKey = attribute.Key("faas.time")
-
-	// FaaSCronKey is the attribute Key conforming to the "faas.cron" semantic
-	// conventions. It represents a string containing the schedule period as
-	// [Cron
-	// Expression](https://docs.oracle.com/cd/E12058_01/doc/doc.1014/e12030/cron_expressions.htm).
-	//
-	// Type: string
-	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: '0/5 * * * ? *'
-	FaaSCronKey = attribute.Key("faas.cron")
 )
 
-// FaaSTime returns an attribute KeyValue conforming to the "faas.time"
-// semantic conventions. It represents a string containing the function
-// invocation time in the [ISO
-// 8601](https://www.iso.org/iso-8601-date-and-time-format.html) format
-// expressed in [UTC](https://www.w3.org/TR/NOTE-datetime).
-func FaaSTime(val string) attribute.KeyValue {
-	return FaaSTimeKey.String(val)
-}
-
 // FaaSCron returns an attribute KeyValue conforming to the "faas.cron"
 // semantic conventions. It represents a string containing the schedule period
 // as [Cron
@@ -1114,349 +602,32 @@ func FaaSCron(val string) attribute.KeyValue {
 	return FaaSCronKey.String(val)
 }
 
-// Contains additional attributes for incoming FaaS spans.
-const (
-	// FaaSColdstartKey is the attribute Key conforming to the "faas.coldstart"
-	// semantic conventions. It represents a boolean that is true if the
-	// serverless function is executed for the first time (aka cold-start).
-	//
-	// Type: boolean
-	// RequirementLevel: Optional
-	// Stability: stable
-	FaaSColdstartKey = attribute.Key("faas.coldstart")
-)
-
-// FaaSColdstart returns an attribute KeyValue conforming to the
-// "faas.coldstart" semantic conventions. It represents a boolean that is true
-// if the serverless function is executed for the first time (aka cold-start).
-func FaaSColdstart(val bool) attribute.KeyValue {
-	return FaaSColdstartKey.Bool(val)
-}
-
-// Contains additional attributes for outgoing FaaS spans.
-const (
-	// FaaSInvokedNameKey is the attribute Key conforming to the
-	// "faas.invoked_name" semantic conventions. It represents the name of the
-	// invoked function.
-	//
-	// Type: string
-	// RequirementLevel: Required
-	// Stability: stable
-	// Examples: 'my-function'
-	// Note: SHOULD be equal to the `faas.name` resource attribute of the
-	// invoked function.
-	FaaSInvokedNameKey = attribute.Key("faas.invoked_name")
-
-	// FaaSInvokedProviderKey is the attribute Key conforming to the
-	// "faas.invoked_provider" semantic conventions. It represents the cloud
-	// provider of the invoked function.
-	//
-	// Type: Enum
-	// RequirementLevel: Required
-	// Stability: stable
-	// Note: SHOULD be equal to the `cloud.provider` resource attribute of the
-	// invoked function.
-	FaaSInvokedProviderKey = attribute.Key("faas.invoked_provider")
-
-	// FaaSInvokedRegionKey is the attribute Key conforming to the
-	// "faas.invoked_region" semantic conventions. It represents the cloud
-	// region of the invoked function.
-	//
-	// Type: string
-	// RequirementLevel: ConditionallyRequired (For some cloud providers, like
-	// AWS or GCP, the region in which a function is hosted is essential to
-	// uniquely identify the function and also part of its endpoint. Since it's
-	// part of the endpoint being called, the region is always known to
-	// clients. In these cases, `faas.invoked_region` MUST be set accordingly.
-	// If the region is unknown to the client or not required for identifying
-	// the invoked function, setting `faas.invoked_region` is optional.)
-	// Stability: stable
-	// Examples: 'eu-central-1'
-	// Note: SHOULD be equal to the `cloud.region` resource attribute of the
-	// invoked function.
-	FaaSInvokedRegionKey = attribute.Key("faas.invoked_region")
-)
-
-var (
-	// Alibaba Cloud
-	FaaSInvokedProviderAlibabaCloud = FaaSInvokedProviderKey.String("alibaba_cloud")
-	// Amazon Web Services
-	FaaSInvokedProviderAWS = FaaSInvokedProviderKey.String("aws")
-	// Microsoft Azure
-	FaaSInvokedProviderAzure = FaaSInvokedProviderKey.String("azure")
-	// Google Cloud Platform
-	FaaSInvokedProviderGCP = FaaSInvokedProviderKey.String("gcp")
-	// Tencent Cloud
-	FaaSInvokedProviderTencentCloud = FaaSInvokedProviderKey.String("tencent_cloud")
-)
-
-// FaaSInvokedName returns an attribute KeyValue conforming to the
-// "faas.invoked_name" semantic conventions. It represents the name of the
-// invoked function.
-func FaaSInvokedName(val string) attribute.KeyValue {
-	return FaaSInvokedNameKey.String(val)
-}
-
-// FaaSInvokedRegion returns an attribute KeyValue conforming to the
-// "faas.invoked_region" semantic conventions. It represents the cloud region
-// of the invoked function.
-func FaaSInvokedRegion(val string) attribute.KeyValue {
-	return FaaSInvokedRegionKey.String(val)
-}
-
-// Operations that access some remote service.
-const (
-	// PeerServiceKey is the attribute Key conforming to the "peer.service"
-	// semantic conventions. It represents the
-	// [`service.name`](/docs/resource/README.md#service) of the remote
-	// service. SHOULD be equal to the actual `service.name` resource attribute
-	// of the remote service if any.
-	//
-	// Type: string
-	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: 'AuthTokenCache'
-	PeerServiceKey = attribute.Key("peer.service")
-)
-
-// PeerService returns an attribute KeyValue conforming to the
-// "peer.service" semantic conventions. It represents the
-// [`service.name`](/docs/resource/README.md#service) of the remote service.
-// SHOULD be equal to the actual `service.name` resource attribute of the
-// remote service if any.
-func PeerService(val string) attribute.KeyValue {
-	return PeerServiceKey.String(val)
-}
-
-// These attributes may be used for any operation with an authenticated and/or
-// authorized enduser.
-const (
-	// EnduserIDKey is the attribute Key conforming to the "enduser.id"
-	// semantic conventions. It represents the username or client_id extracted
-	// from the access token or
-	// [Authorization](https://tools.ietf.org/html/rfc7235#section-4.2) header
-	// in the inbound request from outside the system.
-	//
-	// Type: string
-	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: 'username'
-	EnduserIDKey = attribute.Key("enduser.id")
-
-	// EnduserRoleKey is the attribute Key conforming to the "enduser.role"
-	// semantic conventions. It represents the actual/assumed role the client
-	// is making the request under extracted from token or application security
-	// context.
-	//
-	// Type: string
-	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: 'admin'
-	EnduserRoleKey = attribute.Key("enduser.role")
-
-	// EnduserScopeKey is the attribute Key conforming to the "enduser.scope"
-	// semantic conventions. It represents the scopes or granted authorities
-	// the client currently possesses extracted from token or application
-	// security context. The value would come from the scope associated with an
-	// [OAuth 2.0 Access
-	// Token](https://tools.ietf.org/html/rfc6749#section-3.3) or an attribute
-	// value in a [SAML 2.0
-	// Assertion](http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-tech-overview-2.0.html).
-	//
-	// Type: string
-	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: 'read:message, write:files'
-	EnduserScopeKey = attribute.Key("enduser.scope")
-)
-
-// EnduserID returns an attribute KeyValue conforming to the "enduser.id"
-// semantic conventions. It represents the username or client_id extracted from
-// the access token or
-// [Authorization](https://tools.ietf.org/html/rfc7235#section-4.2) header in
-// the inbound request from outside the system.
-func EnduserID(val string) attribute.KeyValue {
-	return EnduserIDKey.String(val)
-}
-
-// EnduserRole returns an attribute KeyValue conforming to the
-// "enduser.role" semantic conventions. It represents the actual/assumed role
-// the client is making the request under extracted from token or application
-// security context.
-func EnduserRole(val string) attribute.KeyValue {
-	return EnduserRoleKey.String(val)
-}
-
-// EnduserScope returns an attribute KeyValue conforming to the
-// "enduser.scope" semantic conventions. It represents the scopes or granted
-// authorities the client currently possesses extracted from token or
-// application security context. The value would come from the scope associated
-// with an [OAuth 2.0 Access
-// Token](https://tools.ietf.org/html/rfc6749#section-3.3) or an attribute
-// value in a [SAML 2.0
-// Assertion](http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-tech-overview-2.0.html).
-func EnduserScope(val string) attribute.KeyValue {
-	return EnduserScopeKey.String(val)
-}
-
-// These attributes may be used for any operation to store information about a
-// thread that started a span.
-const (
-	// ThreadIDKey is the attribute Key conforming to the "thread.id" semantic
-	// conventions. It represents the current "managed" thread ID (as opposed
-	// to OS thread ID).
-	//
-	// Type: int
-	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: 42
-	ThreadIDKey = attribute.Key("thread.id")
-
-	// ThreadNameKey is the attribute Key conforming to the "thread.name"
-	// semantic conventions. It represents the current thread name.
-	//
-	// Type: string
-	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: 'main'
-	ThreadNameKey = attribute.Key("thread.name")
-)
-
-// ThreadID returns an attribute KeyValue conforming to the "thread.id"
-// semantic conventions. It represents the current "managed" thread ID (as
-// opposed to OS thread ID).
-func ThreadID(val int) attribute.KeyValue {
-	return ThreadIDKey.Int(val)
-}
-
-// ThreadName returns an attribute KeyValue conforming to the "thread.name"
-// semantic conventions. It represents the current thread name.
-func ThreadName(val string) attribute.KeyValue {
-	return ThreadNameKey.String(val)
-}
-
-// These attributes allow to report this unit of code and therefore to provide
-// more context about the span.
-const (
-	// CodeFunctionKey is the attribute Key conforming to the "code.function"
-	// semantic conventions. It represents the method or function name, or
-	// equivalent (usually rightmost part of the code unit's name).
-	//
-	// Type: string
-	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: 'serveRequest'
-	CodeFunctionKey = attribute.Key("code.function")
-
-	// CodeNamespaceKey is the attribute Key conforming to the "code.namespace"
-	// semantic conventions. It represents the "namespace" within which
-	// `code.function` is defined. Usually the qualified class or module name,
-	// such that `code.namespace` + some separator + `code.function` form a
-	// unique identifier for the code unit.
-	//
-	// Type: string
-	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: 'com.example.MyHTTPService'
-	CodeNamespaceKey = attribute.Key("code.namespace")
-
-	// CodeFilepathKey is the attribute Key conforming to the "code.filepath"
-	// semantic conventions. It represents the source code file name that
-	// identifies the code unit as uniquely as possible (preferably an absolute
-	// file path).
-	//
-	// Type: string
-	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: '/usr/local/MyApplication/content_root/app/index.php'
-	CodeFilepathKey = attribute.Key("code.filepath")
-
-	// CodeLineNumberKey is the attribute Key conforming to the "code.lineno"
-	// semantic conventions. It represents the line number in `code.filepath`
-	// best representing the operation. It SHOULD point within the code unit
-	// named in `code.function`.
-	//
-	// Type: int
-	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: 42
-	CodeLineNumberKey = attribute.Key("code.lineno")
-
-	// CodeColumnKey is the attribute Key conforming to the "code.column"
-	// semantic conventions. It represents the column number in `code.filepath`
-	// best representing the operation. It SHOULD point within the code unit
-	// named in `code.function`.
-	//
-	// Type: int
-	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: 16
-	CodeColumnKey = attribute.Key("code.column")
-)
-
-// CodeFunction returns an attribute KeyValue conforming to the
-// "code.function" semantic conventions. It represents the method or function
-// name, or equivalent (usually rightmost part of the code unit's name).
-func CodeFunction(val string) attribute.KeyValue {
-	return CodeFunctionKey.String(val)
-}
-
-// CodeNamespace returns an attribute KeyValue conforming to the
-// "code.namespace" semantic conventions. It represents the "namespace" within
-// which `code.function` is defined. Usually the qualified class or module
-// name, such that `code.namespace` + some separator + `code.function` form a
-// unique identifier for the code unit.
-func CodeNamespace(val string) attribute.KeyValue {
-	return CodeNamespaceKey.String(val)
-}
-
-// CodeFilepath returns an attribute KeyValue conforming to the
-// "code.filepath" semantic conventions. It represents the source code file
-// name that identifies the code unit as uniquely as possible (preferably an
-// absolute file path).
-func CodeFilepath(val string) attribute.KeyValue {
-	return CodeFilepathKey.String(val)
-}
-
-// CodeLineNumber returns an attribute KeyValue conforming to the "code.lineno"
-// semantic conventions. It represents the line number in `code.filepath` best
-// representing the operation. It SHOULD point within the code unit named in
-// `code.function`.
-func CodeLineNumber(val int) attribute.KeyValue {
-	return CodeLineNumberKey.Int(val)
-}
-
-// CodeColumn returns an attribute KeyValue conforming to the "code.column"
-// semantic conventions. It represents the column number in `code.filepath`
-// best representing the operation. It SHOULD point within the code unit named
-// in `code.function`.
-func CodeColumn(val int) attribute.KeyValue {
-	return CodeColumnKey.Int(val)
+// FaaSTime returns an attribute KeyValue conforming to the "faas.time"
+// semantic conventions. It represents a string containing the function
+// invocation time in the [ISO
+// 8601](https://www.iso.org/iso-8601-date-and-time-format.html) format
+// expressed in [UTC](https://www.w3.org/TR/NOTE-datetime).
+func FaaSTime(val string) attribute.KeyValue {
+	return FaaSTimeKey.String(val)
 }
 
-// Semantic Convention for HTTP Client
+// Contains additional attributes for incoming FaaS spans.
 const (
-	// HTTPResendCountKey is the attribute Key conforming to the
-	// "http.resend_count" semantic conventions. It represents the ordinal
-	// number of request resending attempt (for any reason, including
-	// redirects).
+	// FaaSColdstartKey is the attribute Key conforming to the "faas.coldstart"
+	// semantic conventions. It represents a boolean that is true if the
+	// serverless function is executed for the first time (aka cold-start).
 	//
-	// Type: int
-	// RequirementLevel: Recommended (if and only if request was retried.)
-	// Stability: stable
-	// Examples: 3
-	// Note: The resend count SHOULD be updated each time an HTTP request gets
-	// resent by the client, regardless of what was the cause of the resending
-	// (e.g. redirection, authorization failure, 503 Server Unavailable,
-	// network issues, or any other).
-	HTTPResendCountKey = attribute.Key("http.resend_count")
+	// Type: boolean
+	// RequirementLevel: Optional
+	// Stability: experimental
+	FaaSColdstartKey = attribute.Key("faas.coldstart")
 )
 
-// HTTPResendCount returns an attribute KeyValue conforming to the
-// "http.resend_count" semantic conventions. It represents the ordinal number
-// of request resending attempt (for any reason, including redirects).
-func HTTPResendCount(val int) attribute.KeyValue {
-	return HTTPResendCountKey.Int(val)
+// FaaSColdstart returns an attribute KeyValue conforming to the
+// "faas.coldstart" semantic conventions. It represents a boolean that is true
+// if the serverless function is executed for the first time (aka cold-start).
+func FaaSColdstart(val bool) attribute.KeyValue {
+	return FaaSColdstartKey.Bool(val)
 }
 
 // The `aws` conventions apply to operations using the AWS SDK. They map
@@ -1473,7 +644,7 @@ const (
 	//
 	// Type: string
 	// RequirementLevel: Optional
-	// Stability: stable
+	// Stability: experimental
 	// Examples: '79b9da39-b7ae-508a-a6bc-864b2829c622', 'C9ER4AJX75574TDJ'
 	AWSRequestIDKey = attribute.Key("aws.request_id")
 )
@@ -1487,15 +658,24 @@ func AWSRequestID(val string) attribute.KeyValue {
 
 // Attributes that exist for multiple DynamoDB request types.
 const (
-	// AWSDynamoDBTableNamesKey is the attribute Key conforming to the
-	// "aws.dynamodb.table_names" semantic conventions. It represents the keys
-	// in the `RequestItems` object field.
+	// AWSDynamoDBAttributesToGetKey is the attribute Key conforming to the
+	// "aws.dynamodb.attributes_to_get" semantic conventions. It represents the
+	// value of the `AttributesToGet` request parameter.
 	//
 	// Type: string[]
 	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: 'Users', 'Cats'
-	AWSDynamoDBTableNamesKey = attribute.Key("aws.dynamodb.table_names")
+	// Stability: experimental
+	// Examples: 'lives', 'id'
+	AWSDynamoDBAttributesToGetKey = attribute.Key("aws.dynamodb.attributes_to_get")
+
+	// AWSDynamoDBConsistentReadKey is the attribute Key conforming to the
+	// "aws.dynamodb.consistent_read" semantic conventions. It represents the
+	// value of the `ConsistentRead` request parameter.
+	//
+	// Type: boolean
+	// RequirementLevel: Optional
+	// Stability: experimental
+	AWSDynamoDBConsistentReadKey = attribute.Key("aws.dynamodb.consistent_read")
 
 	// AWSDynamoDBConsumedCapacityKey is the attribute Key conforming to the
 	// "aws.dynamodb.consumed_capacity" semantic conventions. It represents the
@@ -1504,7 +684,7 @@ const (
 	//
 	// Type: string[]
 	// RequirementLevel: Optional
-	// Stability: stable
+	// Stability: experimental
 	// Examples: '{ "CapacityUnits": number, "GlobalSecondaryIndexes": {
 	// "string" : { "CapacityUnits": number, "ReadCapacityUnits": number,
 	// "WriteCapacityUnits": number } }, "LocalSecondaryIndexes": { "string" :
@@ -1515,6 +695,16 @@ const (
 	// "WriteCapacityUnits": number }'
 	AWSDynamoDBConsumedCapacityKey = attribute.Key("aws.dynamodb.consumed_capacity")
 
+	// AWSDynamoDBIndexNameKey is the attribute Key conforming to the
+	// "aws.dynamodb.index_name" semantic conventions. It represents the value
+	// of the `IndexName` request parameter.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 'name_to_group'
+	AWSDynamoDBIndexNameKey = attribute.Key("aws.dynamodb.index_name")
+
 	// AWSDynamoDBItemCollectionMetricsKey is the attribute Key conforming to
 	// the "aws.dynamodb.item_collection_metrics" semantic conventions. It
 	// represents the JSON-serialized value of the `ItemCollectionMetrics`
@@ -1522,7 +712,7 @@ const (
 	//
 	// Type: string
 	// RequirementLevel: Optional
-	// Stability: stable
+	// Stability: experimental
 	// Examples: '{ "string" : [ { "ItemCollectionKey": { "string" : { "B":
 	// blob, "BOOL": boolean, "BS": [ blob ], "L": [ "AttributeValue" ], "M": {
 	// "string" : "AttributeValue" }, "N": "string", "NS": [ "string" ],
@@ -1530,6 +720,27 @@ const (
 	// "SizeEstimateRangeGB": [ number ] } ] }'
 	AWSDynamoDBItemCollectionMetricsKey = attribute.Key("aws.dynamodb.item_collection_metrics")
 
+	// AWSDynamoDBLimitKey is the attribute Key conforming to the
+	// "aws.dynamodb.limit" semantic conventions. It represents the value of
+	// the `Limit` request parameter.
+	//
+	// Type: int
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 10
+	AWSDynamoDBLimitKey = attribute.Key("aws.dynamodb.limit")
+
+	// AWSDynamoDBProjectionKey is the attribute Key conforming to the
+	// "aws.dynamodb.projection" semantic conventions. It represents the value
+	// of the `ProjectionExpression` request parameter.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 'Title', 'Title, Price, Color', 'Title, Description,
+	// RelatedItems, ProductReviews'
+	AWSDynamoDBProjectionKey = attribute.Key("aws.dynamodb.projection")
+
 	// AWSDynamoDBProvisionedReadCapacityKey is the attribute Key conforming to
 	// the "aws.dynamodb.provisioned_read_capacity" semantic conventions. It
 	// represents the value of the `ProvisionedThroughput.ReadCapacityUnits`
@@ -1537,7 +748,7 @@ const (
 	//
 	// Type: double
 	// RequirementLevel: Optional
-	// Stability: stable
+	// Stability: experimental
 	// Examples: 1.0, 2.0
 	AWSDynamoDBProvisionedReadCapacityKey = attribute.Key("aws.dynamodb.provisioned_read_capacity")
 
@@ -1548,76 +759,43 @@ const (
 	//
 	// Type: double
 	// RequirementLevel: Optional
-	// Stability: stable
+	// Stability: experimental
 	// Examples: 1.0, 2.0
 	AWSDynamoDBProvisionedWriteCapacityKey = attribute.Key("aws.dynamodb.provisioned_write_capacity")
 
-	// AWSDynamoDBConsistentReadKey is the attribute Key conforming to the
-	// "aws.dynamodb.consistent_read" semantic conventions. It represents the
-	// value of the `ConsistentRead` request parameter.
-	//
-	// Type: boolean
-	// RequirementLevel: Optional
-	// Stability: stable
-	AWSDynamoDBConsistentReadKey = attribute.Key("aws.dynamodb.consistent_read")
-
-	// AWSDynamoDBProjectionKey is the attribute Key conforming to the
-	// "aws.dynamodb.projection" semantic conventions. It represents the value
-	// of the `ProjectionExpression` request parameter.
-	//
-	// Type: string
-	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: 'Title', 'Title, Price, Color', 'Title, Description,
-	// RelatedItems, ProductReviews'
-	AWSDynamoDBProjectionKey = attribute.Key("aws.dynamodb.projection")
-
-	// AWSDynamoDBLimitKey is the attribute Key conforming to the
-	// "aws.dynamodb.limit" semantic conventions. It represents the value of
-	// the `Limit` request parameter.
-	//
-	// Type: int
-	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: 10
-	AWSDynamoDBLimitKey = attribute.Key("aws.dynamodb.limit")
-
-	// AWSDynamoDBAttributesToGetKey is the attribute Key conforming to the
-	// "aws.dynamodb.attributes_to_get" semantic conventions. It represents the
-	// value of the `AttributesToGet` request parameter.
-	//
-	// Type: string[]
-	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: 'lives', 'id'
-	AWSDynamoDBAttributesToGetKey = attribute.Key("aws.dynamodb.attributes_to_get")
-
-	// AWSDynamoDBIndexNameKey is the attribute Key conforming to the
-	// "aws.dynamodb.index_name" semantic conventions. It represents the value
-	// of the `IndexName` request parameter.
-	//
-	// Type: string
-	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: 'name_to_group'
-	AWSDynamoDBIndexNameKey = attribute.Key("aws.dynamodb.index_name")
-
 	// AWSDynamoDBSelectKey is the attribute Key conforming to the
 	// "aws.dynamodb.select" semantic conventions. It represents the value of
 	// the `Select` request parameter.
 	//
 	// Type: string
 	// RequirementLevel: Optional
-	// Stability: stable
+	// Stability: experimental
 	// Examples: 'ALL_ATTRIBUTES', 'COUNT'
 	AWSDynamoDBSelectKey = attribute.Key("aws.dynamodb.select")
+
+	// AWSDynamoDBTableNamesKey is the attribute Key conforming to the
+	// "aws.dynamodb.table_names" semantic conventions. It represents the keys
+	// in the `RequestItems` object field.
+	//
+	// Type: string[]
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 'Users', 'Cats'
+	AWSDynamoDBTableNamesKey = attribute.Key("aws.dynamodb.table_names")
 )
 
-// AWSDynamoDBTableNames returns an attribute KeyValue conforming to the
-// "aws.dynamodb.table_names" semantic conventions. It represents the keys in
-// the `RequestItems` object field.
-func AWSDynamoDBTableNames(val ...string) attribute.KeyValue {
-	return AWSDynamoDBTableNamesKey.StringSlice(val)
+// AWSDynamoDBAttributesToGet returns an attribute KeyValue conforming to
+// the "aws.dynamodb.attributes_to_get" semantic conventions. It represents the
+// value of the `AttributesToGet` request parameter.
+func AWSDynamoDBAttributesToGet(val ...string) attribute.KeyValue {
+	return AWSDynamoDBAttributesToGetKey.StringSlice(val)
+}
+
+// AWSDynamoDBConsistentRead returns an attribute KeyValue conforming to the
+// "aws.dynamodb.consistent_read" semantic conventions. It represents the value
+// of the `ConsistentRead` request parameter.
+func AWSDynamoDBConsistentRead(val bool) attribute.KeyValue {
+	return AWSDynamoDBConsistentReadKey.Bool(val)
 }
 
 // AWSDynamoDBConsumedCapacity returns an attribute KeyValue conforming to
@@ -1627,6 +805,13 @@ func AWSDynamoDBConsumedCapacity(val ...string) attribute.KeyValue {
 	return AWSDynamoDBConsumedCapacityKey.StringSlice(val)
 }
 
+// AWSDynamoDBIndexName returns an attribute KeyValue conforming to the
+// "aws.dynamodb.index_name" semantic conventions. It represents the value of
+// the `IndexName` request parameter.
+func AWSDynamoDBIndexName(val string) attribute.KeyValue {
+	return AWSDynamoDBIndexNameKey.String(val)
+}
+
 // AWSDynamoDBItemCollectionMetrics returns an attribute KeyValue conforming
 // to the "aws.dynamodb.item_collection_metrics" semantic conventions. It
 // represents the JSON-serialized value of the `ItemCollectionMetrics` response
@@ -1635,6 +820,20 @@ func AWSDynamoDBItemCollectionMetrics(val string) attribute.KeyValue {
 	return AWSDynamoDBItemCollectionMetricsKey.String(val)
 }
 
+// AWSDynamoDBLimit returns an attribute KeyValue conforming to the
+// "aws.dynamodb.limit" semantic conventions. It represents the value of the
+// `Limit` request parameter.
+func AWSDynamoDBLimit(val int) attribute.KeyValue {
+	return AWSDynamoDBLimitKey.Int(val)
+}
+
+// AWSDynamoDBProjection returns an attribute KeyValue conforming to the
+// "aws.dynamodb.projection" semantic conventions. It represents the value of
+// the `ProjectionExpression` request parameter.
+func AWSDynamoDBProjection(val string) attribute.KeyValue {
+	return AWSDynamoDBProjectionKey.String(val)
+}
+
 // AWSDynamoDBProvisionedReadCapacity returns an attribute KeyValue
 // conforming to the "aws.dynamodb.provisioned_read_capacity" semantic
 // conventions. It represents the value of the
@@ -1651,41 +850,6 @@ func AWSDynamoDBProvisionedWriteCapacity(val float64) attribute.KeyValue {
 	return AWSDynamoDBProvisionedWriteCapacityKey.Float64(val)
 }
 
-// AWSDynamoDBConsistentRead returns an attribute KeyValue conforming to the
-// "aws.dynamodb.consistent_read" semantic conventions. It represents the value
-// of the `ConsistentRead` request parameter.
-func AWSDynamoDBConsistentRead(val bool) attribute.KeyValue {
-	return AWSDynamoDBConsistentReadKey.Bool(val)
-}
-
-// AWSDynamoDBProjection returns an attribute KeyValue conforming to the
-// "aws.dynamodb.projection" semantic conventions. It represents the value of
-// the `ProjectionExpression` request parameter.
-func AWSDynamoDBProjection(val string) attribute.KeyValue {
-	return AWSDynamoDBProjectionKey.String(val)
-}
-
-// AWSDynamoDBLimit returns an attribute KeyValue conforming to the
-// "aws.dynamodb.limit" semantic conventions. It represents the value of the
-// `Limit` request parameter.
-func AWSDynamoDBLimit(val int) attribute.KeyValue {
-	return AWSDynamoDBLimitKey.Int(val)
-}
-
-// AWSDynamoDBAttributesToGet returns an attribute KeyValue conforming to
-// the "aws.dynamodb.attributes_to_get" semantic conventions. It represents the
-// value of the `AttributesToGet` request parameter.
-func AWSDynamoDBAttributesToGet(val ...string) attribute.KeyValue {
-	return AWSDynamoDBAttributesToGetKey.StringSlice(val)
-}
-
-// AWSDynamoDBIndexName returns an attribute KeyValue conforming to the
-// "aws.dynamodb.index_name" semantic conventions. It represents the value of
-// the `IndexName` request parameter.
-func AWSDynamoDBIndexName(val string) attribute.KeyValue {
-	return AWSDynamoDBIndexNameKey.String(val)
-}
-
 // AWSDynamoDBSelect returns an attribute KeyValue conforming to the
 // "aws.dynamodb.select" semantic conventions. It represents the value of the
 // `Select` request parameter.
@@ -1693,6 +857,13 @@ func AWSDynamoDBSelect(val string) attribute.KeyValue {
 	return AWSDynamoDBSelectKey.String(val)
 }
 
+// AWSDynamoDBTableNames returns an attribute KeyValue conforming to the
+// "aws.dynamodb.table_names" semantic conventions. It represents the keys in
+// the `RequestItems` object field.
+func AWSDynamoDBTableNames(val ...string) attribute.KeyValue {
+	return AWSDynamoDBTableNamesKey.StringSlice(val)
+}
+
 // DynamoDB.CreateTable
 const (
 	// AWSDynamoDBGlobalSecondaryIndexesKey is the attribute Key conforming to
@@ -1702,7 +873,7 @@ const (
 	//
 	// Type: string[]
 	// RequirementLevel: Optional
-	// Stability: stable
+	// Stability: experimental
 	// Examples: '{ "IndexName": "string", "KeySchema": [ { "AttributeName":
 	// "string", "KeyType": "string" } ], "Projection": { "NonKeyAttributes": [
 	// "string" ], "ProjectionType": "string" }, "ProvisionedThroughput": {
@@ -1716,7 +887,7 @@ const (
 	//
 	// Type: string[]
 	// RequirementLevel: Optional
-	// Stability: stable
+	// Stability: experimental
 	// Examples: '{ "IndexARN": "string", "IndexName": "string",
 	// "IndexSizeBytes": number, "ItemCount": number, "KeySchema": [ {
 	// "AttributeName": "string", "KeyType": "string" } ], "Projection": {
@@ -1748,7 +919,7 @@ const (
 	//
 	// Type: string
 	// RequirementLevel: Optional
-	// Stability: stable
+	// Stability: experimental
 	// Examples: 'Users', 'CatsTable'
 	AWSDynamoDBExclusiveStartTableKey = attribute.Key("aws.dynamodb.exclusive_start_table")
 
@@ -1758,7 +929,7 @@ const (
 	//
 	// Type: int
 	// RequirementLevel: Optional
-	// Stability: stable
+	// Stability: experimental
 	// Examples: 20
 	AWSDynamoDBTableCountKey = attribute.Key("aws.dynamodb.table_count")
 )
@@ -1785,7 +956,7 @@ const (
 	//
 	// Type: boolean
 	// RequirementLevel: Optional
-	// Stability: stable
+	// Stability: experimental
 	AWSDynamoDBScanForwardKey = attribute.Key("aws.dynamodb.scan_forward")
 )
 
@@ -1798,33 +969,13 @@ func AWSDynamoDBScanForward(val bool) attribute.KeyValue {
 
 // DynamoDB.Scan
 const (
-	// AWSDynamoDBSegmentKey is the attribute Key conforming to the
-	// "aws.dynamodb.segment" semantic conventions. It represents the value of
-	// the `Segment` request parameter.
-	//
-	// Type: int
-	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: 10
-	AWSDynamoDBSegmentKey = attribute.Key("aws.dynamodb.segment")
-
-	// AWSDynamoDBTotalSegmentsKey is the attribute Key conforming to the
-	// "aws.dynamodb.total_segments" semantic conventions. It represents the
-	// value of the `TotalSegments` request parameter.
-	//
-	// Type: int
-	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: 100
-	AWSDynamoDBTotalSegmentsKey = attribute.Key("aws.dynamodb.total_segments")
-
 	// AWSDynamoDBCountKey is the attribute Key conforming to the
 	// "aws.dynamodb.count" semantic conventions. It represents the value of
 	// the `Count` response parameter.
 	//
 	// Type: int
 	// RequirementLevel: Optional
-	// Stability: stable
+	// Stability: experimental
 	// Examples: 10
 	AWSDynamoDBCountKey = attribute.Key("aws.dynamodb.count")
 
@@ -1834,24 +985,30 @@ const (
 	//
 	// Type: int
 	// RequirementLevel: Optional
-	// Stability: stable
+	// Stability: experimental
 	// Examples: 50
 	AWSDynamoDBScannedCountKey = attribute.Key("aws.dynamodb.scanned_count")
-)
 
-// AWSDynamoDBSegment returns an attribute KeyValue conforming to the
-// "aws.dynamodb.segment" semantic conventions. It represents the value of the
-// `Segment` request parameter.
-func AWSDynamoDBSegment(val int) attribute.KeyValue {
-	return AWSDynamoDBSegmentKey.Int(val)
-}
+	// AWSDynamoDBSegmentKey is the attribute Key conforming to the
+	// "aws.dynamodb.segment" semantic conventions. It represents the value of
+	// the `Segment` request parameter.
+	//
+	// Type: int
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 10
+	AWSDynamoDBSegmentKey = attribute.Key("aws.dynamodb.segment")
 
-// AWSDynamoDBTotalSegments returns an attribute KeyValue conforming to the
-// "aws.dynamodb.total_segments" semantic conventions. It represents the value
-// of the `TotalSegments` request parameter.
-func AWSDynamoDBTotalSegments(val int) attribute.KeyValue {
-	return AWSDynamoDBTotalSegmentsKey.Int(val)
-}
+	// AWSDynamoDBTotalSegmentsKey is the attribute Key conforming to the
+	// "aws.dynamodb.total_segments" semantic conventions. It represents the
+	// value of the `TotalSegments` request parameter.
+	//
+	// Type: int
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 100
+	AWSDynamoDBTotalSegmentsKey = attribute.Key("aws.dynamodb.total_segments")
+)
 
 // AWSDynamoDBCount returns an attribute KeyValue conforming to the
 // "aws.dynamodb.count" semantic conventions. It represents the value of the
@@ -1860,11 +1017,25 @@ func AWSDynamoDBCount(val int) attribute.KeyValue {
 	return AWSDynamoDBCountKey.Int(val)
 }
 
-// AWSDynamoDBScannedCount returns an attribute KeyValue conforming to the
-// "aws.dynamodb.scanned_count" semantic conventions. It represents the value
-// of the `ScannedCount` response parameter.
-func AWSDynamoDBScannedCount(val int) attribute.KeyValue {
-	return AWSDynamoDBScannedCountKey.Int(val)
+// AWSDynamoDBScannedCount returns an attribute KeyValue conforming to the
+// "aws.dynamodb.scanned_count" semantic conventions. It represents the value
+// of the `ScannedCount` response parameter.
+func AWSDynamoDBScannedCount(val int) attribute.KeyValue {
+	return AWSDynamoDBScannedCountKey.Int(val)
+}
+
+// AWSDynamoDBSegment returns an attribute KeyValue conforming to the
+// "aws.dynamodb.segment" semantic conventions. It represents the value of the
+// `Segment` request parameter.
+func AWSDynamoDBSegment(val int) attribute.KeyValue {
+	return AWSDynamoDBSegmentKey.Int(val)
+}
+
+// AWSDynamoDBTotalSegments returns an attribute KeyValue conforming to the
+// "aws.dynamodb.total_segments" semantic conventions. It represents the value
+// of the `TotalSegments` request parameter.
+func AWSDynamoDBTotalSegments(val int) attribute.KeyValue {
+	return AWSDynamoDBTotalSegmentsKey.Int(val)
 }
 
 // DynamoDB.UpdateTable
@@ -1876,7 +1047,7 @@ const (
 	//
 	// Type: string[]
 	// RequirementLevel: Optional
-	// Stability: stable
+	// Stability: experimental
 	// Examples: '{ "AttributeName": "string", "AttributeType": "string" }'
 	AWSDynamoDBAttributeDefinitionsKey = attribute.Key("aws.dynamodb.attribute_definitions")
 
@@ -1887,7 +1058,7 @@ const (
 	//
 	// Type: string[]
 	// RequirementLevel: Optional
-	// Stability: stable
+	// Stability: experimental
 	// Examples: '{ "Create": { "IndexName": "string", "KeySchema": [ {
 	// "AttributeName": "string", "KeyType": "string" } ], "Projection": {
 	// "NonKeyAttributes": [ "string" ], "ProjectionType": "string" },
@@ -1922,7 +1093,7 @@ const (
 	//
 	// Type: string
 	// RequirementLevel: Optional
-	// Stability: stable
+	// Stability: experimental
 	// Examples: 'some-bucket-name'
 	// Note: The `bucket` attribute is applicable to all S3 operations that
 	// reference a bucket, i.e. that require the bucket name as a mandatory
@@ -1930,6 +1101,43 @@ const (
 	// This applies to almost all S3 operations except `list-buckets`.
 	AWSS3BucketKey = attribute.Key("aws.s3.bucket")
 
+	// AWSS3CopySourceKey is the attribute Key conforming to the
+	// "aws.s3.copy_source" semantic conventions. It represents the source
+	// object (in the form `bucket`/`key`) for the copy operation.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 'someFile.yml'
+	// Note: The `copy_source` attribute applies to S3 copy operations and
+	// corresponds to the `--copy-source` parameter
+	// of the [copy-object operation within the S3
+	// API](https://docs.aws.amazon.com/cli/latest/reference/s3api/copy-object.html).
+	// This applies in particular to the following operations:
+	//
+	// -
+	// [copy-object](https://docs.aws.amazon.com/cli/latest/reference/s3api/copy-object.html)
+	// -
+	// [upload-part-copy](https://docs.aws.amazon.com/cli/latest/reference/s3api/upload-part-copy.html)
+	AWSS3CopySourceKey = attribute.Key("aws.s3.copy_source")
+
+	// AWSS3DeleteKey is the attribute Key conforming to the "aws.s3.delete"
+	// semantic conventions. It represents the delete request container that
+	// specifies the objects to be deleted.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples:
+	// 'Objects=[{Key=string,VersionID=string},{Key=string,VersionID=string}],Quiet=boolean'
+	// Note: The `delete` attribute is only applicable to the
+	// [delete-object](https://docs.aws.amazon.com/cli/latest/reference/s3api/delete-object.html)
+	// operation.
+	// The `delete` attribute corresponds to the `--delete` parameter of the
+	// [delete-objects operation within the S3
+	// API](https://docs.aws.amazon.com/cli/latest/reference/s3api/delete-objects.html).
+	AWSS3DeleteKey = attribute.Key("aws.s3.delete")
+
 	// AWSS3KeyKey is the attribute Key conforming to the "aws.s3.key" semantic
 	// conventions. It represents the S3 object key the request refers to.
 	// Corresponds to the `--key` parameter of the [S3
@@ -1938,7 +1146,7 @@ const (
 	//
 	// Type: string
 	// RequirementLevel: Optional
-	// Stability: stable
+	// Stability: experimental
 	// Examples: 'someFile.yml'
 	// Note: The `key` attribute is applicable to all object-related S3
 	// operations, i.e. that require the object key as a mandatory parameter.
@@ -1972,25 +1180,25 @@ const (
 	// [upload-part-copy](https://docs.aws.amazon.com/cli/latest/reference/s3api/upload-part-copy.html)
 	AWSS3KeyKey = attribute.Key("aws.s3.key")
 
-	// AWSS3CopySourceKey is the attribute Key conforming to the
-	// "aws.s3.copy_source" semantic conventions. It represents the source
-	// object (in the form `bucket`/`key`) for the copy operation.
+	// AWSS3PartNumberKey is the attribute Key conforming to the
+	// "aws.s3.part_number" semantic conventions. It represents the part number
+	// of the part being uploaded in a multipart-upload operation. This is a
+	// positive integer between 1 and 10,000.
 	//
-	// Type: string
+	// Type: int
 	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: 'someFile.yml'
-	// Note: The `copy_source` attribute applies to S3 copy operations and
-	// corresponds to the `--copy-source` parameter
-	// of the [copy-object operation within the S3
-	// API](https://docs.aws.amazon.com/cli/latest/reference/s3api/copy-object.html).
-	// This applies in particular to the following operations:
-	//
-	// -
-	// [copy-object](https://docs.aws.amazon.com/cli/latest/reference/s3api/copy-object.html)
-	// -
+	// Stability: experimental
+	// Examples: 3456
+	// Note: The `part_number` attribute is only applicable to the
+	// [upload-part](https://docs.aws.amazon.com/cli/latest/reference/s3api/upload-part.html)
+	// and
 	// [upload-part-copy](https://docs.aws.amazon.com/cli/latest/reference/s3api/upload-part-copy.html)
-	AWSS3CopySourceKey = attribute.Key("aws.s3.copy_source")
+	// operations.
+	// The `part_number` attribute corresponds to the `--part-number` parameter
+	// of the
+	// [upload-part operation within the S3
+	// API](https://docs.aws.amazon.com/cli/latest/reference/s3api/upload-part.html).
+	AWSS3PartNumberKey = attribute.Key("aws.s3.part_number")
 
 	// AWSS3UploadIDKey is the attribute Key conforming to the
 	// "aws.s3.upload_id" semantic conventions. It represents the upload ID
@@ -1998,7 +1206,7 @@ const (
 	//
 	// Type: string
 	// RequirementLevel: Optional
-	// Stability: stable
+	// Stability: experimental
 	// Examples: 'dfRtDYWFbkRONycy.Yxwh66Yjlx.cph0gtNBtJ'
 	// Note: The `upload_id` attribute applies to S3 multipart-upload
 	// operations and corresponds to the `--upload-id` parameter
@@ -2018,43 +1226,6 @@ const (
 	// -
 	// [upload-part-copy](https://docs.aws.amazon.com/cli/latest/reference/s3api/upload-part-copy.html)
 	AWSS3UploadIDKey = attribute.Key("aws.s3.upload_id")
-
-	// AWSS3DeleteKey is the attribute Key conforming to the "aws.s3.delete"
-	// semantic conventions. It represents the delete request container that
-	// specifies the objects to be deleted.
-	//
-	// Type: string
-	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples:
-	// 'Objects=[{Key=string,VersionID=string},{Key=string,VersionID=string}],Quiet=boolean'
-	// Note: The `delete` attribute is only applicable to the
-	// [delete-object](https://docs.aws.amazon.com/cli/latest/reference/s3api/delete-object.html)
-	// operation.
-	// The `delete` attribute corresponds to the `--delete` parameter of the
-	// [delete-objects operation within the S3
-	// API](https://docs.aws.amazon.com/cli/latest/reference/s3api/delete-objects.html).
-	AWSS3DeleteKey = attribute.Key("aws.s3.delete")
-
-	// AWSS3PartNumberKey is the attribute Key conforming to the
-	// "aws.s3.part_number" semantic conventions. It represents the part number
-	// of the part being uploaded in a multipart-upload operation. This is a
-	// positive integer between 1 and 10,000.
-	//
-	// Type: int
-	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: 3456
-	// Note: The `part_number` attribute is only applicable to the
-	// [upload-part](https://docs.aws.amazon.com/cli/latest/reference/s3api/upload-part.html)
-	// and
-	// [upload-part-copy](https://docs.aws.amazon.com/cli/latest/reference/s3api/upload-part-copy.html)
-	// operations.
-	// The `part_number` attribute corresponds to the `--part-number` parameter
-	// of the
-	// [upload-part operation within the S3
-	// API](https://docs.aws.amazon.com/cli/latest/reference/s3api/upload-part.html).
-	AWSS3PartNumberKey = attribute.Key("aws.s3.part_number")
 )
 
 // AWSS3Bucket returns an attribute KeyValue conforming to the
@@ -2066,15 +1237,6 @@ func AWSS3Bucket(val string) attribute.KeyValue {
 	return AWSS3BucketKey.String(val)
 }
 
-// AWSS3Key returns an attribute KeyValue conforming to the "aws.s3.key"
-// semantic conventions. It represents the S3 object key the request refers to.
-// Corresponds to the `--key` parameter of the [S3
-// API](https://docs.aws.amazon.com/cli/latest/reference/s3api/index.html)
-// operations.
-func AWSS3Key(val string) attribute.KeyValue {
-	return AWSS3KeyKey.String(val)
-}
-
 // AWSS3CopySource returns an attribute KeyValue conforming to the
 // "aws.s3.copy_source" semantic conventions. It represents the source object
 // (in the form `bucket`/`key`) for the copy operation.
@@ -2082,13 +1244,6 @@ func AWSS3CopySource(val string) attribute.KeyValue {
 	return AWSS3CopySourceKey.String(val)
 }
 
-// AWSS3UploadID returns an attribute KeyValue conforming to the
-// "aws.s3.upload_id" semantic conventions. It represents the upload ID that
-// identifies the multipart upload.
-func AWSS3UploadID(val string) attribute.KeyValue {
-	return AWSS3UploadIDKey.String(val)
-}
-
 // AWSS3Delete returns an attribute KeyValue conforming to the
 // "aws.s3.delete" semantic conventions. It represents the delete request
 // container that specifies the objects to be deleted.
@@ -2096,6 +1251,15 @@ func AWSS3Delete(val string) attribute.KeyValue {
 	return AWSS3DeleteKey.String(val)
 }
 
+// AWSS3Key returns an attribute KeyValue conforming to the "aws.s3.key"
+// semantic conventions. It represents the S3 object key the request refers to.
+// Corresponds to the `--key` parameter of the [S3
+// API](https://docs.aws.amazon.com/cli/latest/reference/s3api/index.html)
+// operations.
+func AWSS3Key(val string) attribute.KeyValue {
+	return AWSS3KeyKey.String(val)
+}
+
 // AWSS3PartNumber returns an attribute KeyValue conforming to the
 // "aws.s3.part_number" semantic conventions. It represents the part number of
 // the part being uploaded in a multipart-upload operation. This is a positive
@@ -2104,16 +1268,34 @@ func AWSS3PartNumber(val int) attribute.KeyValue {
 	return AWSS3PartNumberKey.Int(val)
 }
 
+// AWSS3UploadID returns an attribute KeyValue conforming to the
+// "aws.s3.upload_id" semantic conventions. It represents the upload ID that
+// identifies the multipart upload.
+func AWSS3UploadID(val string) attribute.KeyValue {
+	return AWSS3UploadIDKey.String(val)
+}
+
 // Semantic conventions to apply when instrumenting the GraphQL implementation.
 // They map GraphQL operations to attributes on a Span.
 const (
+	// GraphqlDocumentKey is the attribute Key conforming to the
+	// "graphql.document" semantic conventions. It represents the GraphQL
+	// document being executed.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: experimental
+	// Examples: 'query findBookByID { bookByID(id: ?) { name } }'
+	// Note: The value may be sanitized to exclude sensitive information.
+	GraphqlDocumentKey = attribute.Key("graphql.document")
+
 	// GraphqlOperationNameKey is the attribute Key conforming to the
 	// "graphql.operation.name" semantic conventions. It represents the name of
 	// the operation being executed.
 	//
 	// Type: string
 	// RequirementLevel: Optional
-	// Stability: stable
+	// Stability: experimental
 	// Examples: 'findBookByID'
 	GraphqlOperationNameKey = attribute.Key("graphql.operation.name")
 
@@ -2123,20 +1305,9 @@ const (
 	//
 	// Type: Enum
 	// RequirementLevel: Optional
-	// Stability: stable
+	// Stability: experimental
 	// Examples: 'query', 'mutation', 'subscription'
 	GraphqlOperationTypeKey = attribute.Key("graphql.operation.type")
-
-	// GraphqlDocumentKey is the attribute Key conforming to the
-	// "graphql.document" semantic conventions. It represents the GraphQL
-	// document being executed.
-	//
-	// Type: string
-	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: 'query findBookByID { bookByID(id: ?) { name } }'
-	// Note: The value may be sanitized to exclude sensitive information.
-	GraphqlDocumentKey = attribute.Key("graphql.document")
 )
 
 var (
@@ -2148,13 +1319,6 @@ var (
 	GraphqlOperationTypeSubscription = GraphqlOperationTypeKey.String("subscription")
 )
 
-// GraphqlOperationName returns an attribute KeyValue conforming to the
-// "graphql.operation.name" semantic conventions. It represents the name of the
-// operation being executed.
-func GraphqlOperationName(val string) attribute.KeyValue {
-	return GraphqlOperationNameKey.String(val)
-}
-
 // GraphqlDocument returns an attribute KeyValue conforming to the
 // "graphql.document" semantic conventions. It represents the GraphQL document
 // being executed.
@@ -2162,334 +1326,9 @@ func GraphqlDocument(val string) attribute.KeyValue {
 	return GraphqlDocumentKey.String(val)
 }
 
-// General attributes used in messaging systems.
-const (
-	// MessagingSystemKey is the attribute Key conforming to the
-	// "messaging.system" semantic conventions. It represents a string
-	// identifying the messaging system.
-	//
-	// Type: string
-	// RequirementLevel: Required
-	// Stability: stable
-	// Examples: 'kafka', 'rabbitmq', 'rocketmq', 'activemq', 'AmazonSQS'
-	MessagingSystemKey = attribute.Key("messaging.system")
-
-	// MessagingOperationKey is the attribute Key conforming to the
-	// "messaging.operation" semantic conventions. It represents a string
-	// identifying the kind of messaging operation as defined in the [Operation
-	// names](#operation-names) section above.
-	//
-	// Type: Enum
-	// RequirementLevel: Required
-	// Stability: stable
-	// Note: If a custom value is used, it MUST be of low cardinality.
-	MessagingOperationKey = attribute.Key("messaging.operation")
-
-	// MessagingBatchMessageCountKey is the attribute Key conforming to the
-	// "messaging.batch.message_count" semantic conventions. It represents the
-	// number of messages sent, received, or processed in the scope of the
-	// batching operation.
-	//
-	// Type: int
-	// RequirementLevel: ConditionallyRequired (If the span describes an
-	// operation on a batch of messages.)
-	// Stability: stable
-	// Examples: 0, 1, 2
-	// Note: Instrumentations SHOULD NOT set `messaging.batch.message_count` on
-	// spans that operate with a single message. When a messaging client
-	// library supports both batch and single-message API for the same
-	// operation, instrumentations SHOULD use `messaging.batch.message_count`
-	// for batching APIs and SHOULD NOT use it for single-message APIs.
-	MessagingBatchMessageCountKey = attribute.Key("messaging.batch.message_count")
-
-	// MessagingClientIDKey is the attribute Key conforming to the
-	// "messaging.client_id" semantic conventions. It represents a unique
-	// identifier for the client that consumes or produces a message.
-	//
-	// Type: string
-	// RequirementLevel: Recommended (If a client id is available)
-	// Stability: stable
-	// Examples: 'client-5', 'myhost@8742@s8083jm'
-	MessagingClientIDKey = attribute.Key("messaging.client_id")
-)
-
-var (
-	// publish
-	MessagingOperationPublish = MessagingOperationKey.String("publish")
-	// receive
-	MessagingOperationReceive = MessagingOperationKey.String("receive")
-	// process
-	MessagingOperationProcess = MessagingOperationKey.String("process")
-)
-
-// MessagingSystem returns an attribute KeyValue conforming to the
-// "messaging.system" semantic conventions. It represents a string identifying
-// the messaging system.
-func MessagingSystem(val string) attribute.KeyValue {
-	return MessagingSystemKey.String(val)
-}
-
-// MessagingBatchMessageCount returns an attribute KeyValue conforming to
-// the "messaging.batch.message_count" semantic conventions. It represents the
-// number of messages sent, received, or processed in the scope of the batching
-// operation.
-func MessagingBatchMessageCount(val int) attribute.KeyValue {
-	return MessagingBatchMessageCountKey.Int(val)
-}
-
-// MessagingClientID returns an attribute KeyValue conforming to the
-// "messaging.client_id" semantic conventions. It represents a unique
-// identifier for the client that consumes or produces a message.
-func MessagingClientID(val string) attribute.KeyValue {
-	return MessagingClientIDKey.String(val)
-}
-
-// Semantic conventions for remote procedure calls.
-const (
-	// RPCSystemKey is the attribute Key conforming to the "rpc.system"
-	// semantic conventions. It represents a string identifying the remoting
-	// system. See below for a list of well-known identifiers.
-	//
-	// Type: Enum
-	// RequirementLevel: Required
-	// Stability: stable
-	RPCSystemKey = attribute.Key("rpc.system")
-
-	// RPCServiceKey is the attribute Key conforming to the "rpc.service"
-	// semantic conventions. It represents the full (logical) name of the
-	// service being called, including its package name, if applicable.
-	//
-	// Type: string
-	// RequirementLevel: Recommended
-	// Stability: stable
-	// Examples: 'myservice.EchoService'
-	// Note: This is the logical name of the service from the RPC interface
-	// perspective, which can be different from the name of any implementing
-	// class. The `code.namespace` attribute may be used to store the latter
-	// (despite the attribute name, it may include a class name; e.g., class
-	// with method actually executing the call on the server side, RPC client
-	// stub class on the client side).
-	RPCServiceKey = attribute.Key("rpc.service")
-
-	// RPCMethodKey is the attribute Key conforming to the "rpc.method"
-	// semantic conventions. It represents the name of the (logical) method
-	// being called, must be equal to the $method part in the span name.
-	//
-	// Type: string
-	// RequirementLevel: Recommended
-	// Stability: stable
-	// Examples: 'exampleMethod'
-	// Note: This is the logical name of the method from the RPC interface
-	// perspective, which can be different from the name of any implementing
-	// method/function. The `code.function` attribute may be used to store the
-	// latter (e.g., method actually executing the call on the server side, RPC
-	// client stub method on the client side).
-	RPCMethodKey = attribute.Key("rpc.method")
-)
-
-var (
-	// gRPC
-	RPCSystemGRPC = RPCSystemKey.String("grpc")
-	// Java RMI
-	RPCSystemJavaRmi = RPCSystemKey.String("java_rmi")
-	// .NET WCF
-	RPCSystemDotnetWcf = RPCSystemKey.String("dotnet_wcf")
-	// Apache Dubbo
-	RPCSystemApacheDubbo = RPCSystemKey.String("apache_dubbo")
-	// Connect RPC
-	RPCSystemConnectRPC = RPCSystemKey.String("connect_rpc")
-)
-
-// RPCService returns an attribute KeyValue conforming to the "rpc.service"
-// semantic conventions. It represents the full (logical) name of the service
-// being called, including its package name, if applicable.
-func RPCService(val string) attribute.KeyValue {
-	return RPCServiceKey.String(val)
-}
-
-// RPCMethod returns an attribute KeyValue conforming to the "rpc.method"
-// semantic conventions. It represents the name of the (logical) method being
-// called, must be equal to the $method part in the span name.
-func RPCMethod(val string) attribute.KeyValue {
-	return RPCMethodKey.String(val)
-}
-
-// Tech-specific attributes for gRPC.
-const (
-	// RPCGRPCStatusCodeKey is the attribute Key conforming to the
-	// "rpc.grpc.status_code" semantic conventions. It represents the [numeric
-	// status
-	// code](https://github.com/grpc/grpc/blob/v1.33.2/doc/statuscodes.md) of
-	// the gRPC request.
-	//
-	// Type: Enum
-	// RequirementLevel: Required
-	// Stability: stable
-	RPCGRPCStatusCodeKey = attribute.Key("rpc.grpc.status_code")
-)
-
-var (
-	// OK
-	RPCGRPCStatusCodeOk = RPCGRPCStatusCodeKey.Int(0)
-	// CANCELLED
-	RPCGRPCStatusCodeCancelled = RPCGRPCStatusCodeKey.Int(1)
-	// UNKNOWN
-	RPCGRPCStatusCodeUnknown = RPCGRPCStatusCodeKey.Int(2)
-	// INVALID_ARGUMENT
-	RPCGRPCStatusCodeInvalidArgument = RPCGRPCStatusCodeKey.Int(3)
-	// DEADLINE_EXCEEDED
-	RPCGRPCStatusCodeDeadlineExceeded = RPCGRPCStatusCodeKey.Int(4)
-	// NOT_FOUND
-	RPCGRPCStatusCodeNotFound = RPCGRPCStatusCodeKey.Int(5)
-	// ALREADY_EXISTS
-	RPCGRPCStatusCodeAlreadyExists = RPCGRPCStatusCodeKey.Int(6)
-	// PERMISSION_DENIED
-	RPCGRPCStatusCodePermissionDenied = RPCGRPCStatusCodeKey.Int(7)
-	// RESOURCE_EXHAUSTED
-	RPCGRPCStatusCodeResourceExhausted = RPCGRPCStatusCodeKey.Int(8)
-	// FAILED_PRECONDITION
-	RPCGRPCStatusCodeFailedPrecondition = RPCGRPCStatusCodeKey.Int(9)
-	// ABORTED
-	RPCGRPCStatusCodeAborted = RPCGRPCStatusCodeKey.Int(10)
-	// OUT_OF_RANGE
-	RPCGRPCStatusCodeOutOfRange = RPCGRPCStatusCodeKey.Int(11)
-	// UNIMPLEMENTED
-	RPCGRPCStatusCodeUnimplemented = RPCGRPCStatusCodeKey.Int(12)
-	// INTERNAL
-	RPCGRPCStatusCodeInternal = RPCGRPCStatusCodeKey.Int(13)
-	// UNAVAILABLE
-	RPCGRPCStatusCodeUnavailable = RPCGRPCStatusCodeKey.Int(14)
-	// DATA_LOSS
-	RPCGRPCStatusCodeDataLoss = RPCGRPCStatusCodeKey.Int(15)
-	// UNAUTHENTICATED
-	RPCGRPCStatusCodeUnauthenticated = RPCGRPCStatusCodeKey.Int(16)
-)
-
-// Tech-specific attributes for [JSON RPC](https://www.jsonrpc.org/).
-const (
-	// RPCJsonrpcVersionKey is the attribute Key conforming to the
-	// "rpc.jsonrpc.version" semantic conventions. It represents the protocol
-	// version as in `jsonrpc` property of request/response. Since JSON-RPC 1.0
-	// does not specify this, the value can be omitted.
-	//
-	// Type: string
-	// RequirementLevel: ConditionallyRequired (If other than the default
-	// version (`1.0`))
-	// Stability: stable
-	// Examples: '2.0', '1.0'
-	RPCJsonrpcVersionKey = attribute.Key("rpc.jsonrpc.version")
-
-	// RPCJsonrpcRequestIDKey is the attribute Key conforming to the
-	// "rpc.jsonrpc.request_id" semantic conventions. It represents the `id`
-	// property of request or response. Since protocol allows id to be int,
-	// string, `null` or missing (for notifications), value is expected to be
-	// cast to string for simplicity. Use empty string in case of `null` value.
-	// Omit entirely if this is a notification.
-	//
-	// Type: string
-	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: '10', 'request-7', ''
-	RPCJsonrpcRequestIDKey = attribute.Key("rpc.jsonrpc.request_id")
-
-	// RPCJsonrpcErrorCodeKey is the attribute Key conforming to the
-	// "rpc.jsonrpc.error_code" semantic conventions. It represents the
-	// `error.code` property of response if it is an error response.
-	//
-	// Type: int
-	// RequirementLevel: ConditionallyRequired (If response is not successful.)
-	// Stability: stable
-	// Examples: -32700, 100
-	RPCJsonrpcErrorCodeKey = attribute.Key("rpc.jsonrpc.error_code")
-
-	// RPCJsonrpcErrorMessageKey is the attribute Key conforming to the
-	// "rpc.jsonrpc.error_message" semantic conventions. It represents the
-	// `error.message` property of response if it is an error response.
-	//
-	// Type: string
-	// RequirementLevel: Optional
-	// Stability: stable
-	// Examples: 'Parse error', 'User already exists'
-	RPCJsonrpcErrorMessageKey = attribute.Key("rpc.jsonrpc.error_message")
-)
-
-// RPCJsonrpcVersion returns an attribute KeyValue conforming to the
-// "rpc.jsonrpc.version" semantic conventions. It represents the protocol
-// version as in `jsonrpc` property of request/response. Since JSON-RPC 1.0
-// does not specify this, the value can be omitted.
-func RPCJsonrpcVersion(val string) attribute.KeyValue {
-	return RPCJsonrpcVersionKey.String(val)
-}
-
-// RPCJsonrpcRequestID returns an attribute KeyValue conforming to the
-// "rpc.jsonrpc.request_id" semantic conventions. It represents the `id`
-// property of request or response. Since protocol allows id to be int, string,
-// `null` or missing (for notifications), value is expected to be cast to
-// string for simplicity. Use empty string in case of `null` value. Omit
-// entirely if this is a notification.
-func RPCJsonrpcRequestID(val string) attribute.KeyValue {
-	return RPCJsonrpcRequestIDKey.String(val)
-}
-
-// RPCJsonrpcErrorCode returns an attribute KeyValue conforming to the
-// "rpc.jsonrpc.error_code" semantic conventions. It represents the
-// `error.code` property of response if it is an error response.
-func RPCJsonrpcErrorCode(val int) attribute.KeyValue {
-	return RPCJsonrpcErrorCodeKey.Int(val)
-}
-
-// RPCJsonrpcErrorMessage returns an attribute KeyValue conforming to the
-// "rpc.jsonrpc.error_message" semantic conventions. It represents the
-// `error.message` property of response if it is an error response.
-func RPCJsonrpcErrorMessage(val string) attribute.KeyValue {
-	return RPCJsonrpcErrorMessageKey.String(val)
+// GraphqlOperationName returns an attribute KeyValue conforming to the
+// "graphql.operation.name" semantic conventions. It represents the name of the
+// operation being executed.
+func GraphqlOperationName(val string) attribute.KeyValue {
+	return GraphqlOperationNameKey.String(val)
 }
-
-// Tech-specific attributes for Connect RPC.
-const (
-	// RPCConnectRPCErrorCodeKey is the attribute Key conforming to the
-	// "rpc.connect_rpc.error_code" semantic conventions. It represents the
-	// [error codes](https://connect.build/docs/protocol/#error-codes) of the
-	// Connect request. Error codes are always string values.
-	//
-	// Type: Enum
-	// RequirementLevel: ConditionallyRequired (If response is not successful
-	// and if error code available.)
-	// Stability: stable
-	RPCConnectRPCErrorCodeKey = attribute.Key("rpc.connect_rpc.error_code")
-)
-
-var (
-	// cancelled
-	RPCConnectRPCErrorCodeCancelled = RPCConnectRPCErrorCodeKey.String("cancelled")
-	// unknown
-	RPCConnectRPCErrorCodeUnknown = RPCConnectRPCErrorCodeKey.String("unknown")
-	// invalid_argument
-	RPCConnectRPCErrorCodeInvalidArgument = RPCConnectRPCErrorCodeKey.String("invalid_argument")
-	// deadline_exceeded
-	RPCConnectRPCErrorCodeDeadlineExceeded = RPCConnectRPCErrorCodeKey.String("deadline_exceeded")
-	// not_found
-	RPCConnectRPCErrorCodeNotFound = RPCConnectRPCErrorCodeKey.String("not_found")
-	// already_exists
-	RPCConnectRPCErrorCodeAlreadyExists = RPCConnectRPCErrorCodeKey.String("already_exists")
-	// permission_denied
-	RPCConnectRPCErrorCodePermissionDenied = RPCConnectRPCErrorCodeKey.String("permission_denied")
-	// resource_exhausted
-	RPCConnectRPCErrorCodeResourceExhausted = RPCConnectRPCErrorCodeKey.String("resource_exhausted")
-	// failed_precondition
-	RPCConnectRPCErrorCodeFailedPrecondition = RPCConnectRPCErrorCodeKey.String("failed_precondition")
-	// aborted
-	RPCConnectRPCErrorCodeAborted = RPCConnectRPCErrorCodeKey.String("aborted")
-	// out_of_range
-	RPCConnectRPCErrorCodeOutOfRange = RPCConnectRPCErrorCodeKey.String("out_of_range")
-	// unimplemented
-	RPCConnectRPCErrorCodeUnimplemented = RPCConnectRPCErrorCodeKey.String("unimplemented")
-	// internal
-	RPCConnectRPCErrorCodeInternal = RPCConnectRPCErrorCodeKey.String("internal")
-	// unavailable
-	RPCConnectRPCErrorCodeUnavailable = RPCConnectRPCErrorCodeKey.String("unavailable")
-	// data_loss
-	RPCConnectRPCErrorCodeDataLoss = RPCConnectRPCErrorCodeKey.String("data_loss")
-	// unauthenticated
-	RPCConnectRPCErrorCodeUnauthenticated = RPCConnectRPCErrorCodeKey.String("unauthenticated")
-)
diff --git a/vendor/go.opentelemetry.io/otel/trace/tracestate.go b/vendor/go.opentelemetry.io/otel/trace/tracestate.go
index d1e47ca2faa..db936ba5b73 100644
--- a/vendor/go.opentelemetry.io/otel/trace/tracestate.go
+++ b/vendor/go.opentelemetry.io/otel/trace/tracestate.go
@@ -17,20 +17,14 @@ package trace // import "go.opentelemetry.io/otel/trace"
 import (
 	"encoding/json"
 	"fmt"
-	"regexp"
 	"strings"
 )
 
 const (
 	maxListMembers = 32
 
-	listDelimiter = ","
-
-	// based on the W3C Trace Context specification, see
-	// https://www.w3.org/TR/trace-context-1/#tracestate-header
-	noTenantKeyFormat   = `[a-z][_0-9a-z\-\*\/]*`
-	withTenantKeyFormat = `[a-z0-9][_0-9a-z\-\*\/]*@[a-z][_0-9a-z\-\*\/]*`
-	valueFormat         = `[\x20-\x2b\x2d-\x3c\x3e-\x7e]*[\x21-\x2b\x2d-\x3c\x3e-\x7e]`
+	listDelimiters  = ","
+	memberDelimiter = "="
 
 	errInvalidKey    errorConst = "invalid tracestate key"
 	errInvalidValue  errorConst = "invalid tracestate value"
@@ -39,43 +33,128 @@ const (
 	errDuplicate     errorConst = "duplicate list-member in tracestate"
 )
 
-var (
-	noTenantKeyRe   = regexp.MustCompile(`^` + noTenantKeyFormat + `$`)
-	withTenantKeyRe = regexp.MustCompile(`^` + withTenantKeyFormat + `$`)
-	valueRe         = regexp.MustCompile(`^` + valueFormat + `$`)
-	memberRe        = regexp.MustCompile(`^\s*((?:` + noTenantKeyFormat + `)|(?:` + withTenantKeyFormat + `))=(` + valueFormat + `)\s*$`)
-)
-
 type member struct {
 	Key   string
 	Value string
 }
 
-func newMember(key, value string) (member, error) {
-	if len(key) > 256 {
-		return member{}, fmt.Errorf("%w: %s", errInvalidKey, key)
+// according to (chr = %x20 / (nblk-char = %x21-2B / %x2D-3C / %x3E-7E) )
+// means (chr = %x20-2B / %x2D-3C / %x3E-7E) .
+func checkValueChar(v byte) bool {
+	return v >= '\x20' && v <= '\x7e' && v != '\x2c' && v != '\x3d'
+}
+
+// according to (nblk-chr = %x21-2B / %x2D-3C / %x3E-7E) .
+func checkValueLast(v byte) bool {
+	return v >= '\x21' && v <= '\x7e' && v != '\x2c' && v != '\x3d'
+}
+
+// based on the W3C Trace Context specification
+//
+//	value    = (0*255(chr)) nblk-chr
+//	nblk-chr = %x21-2B / %x2D-3C / %x3E-7E
+//	chr      = %x20 / nblk-chr
+//
+// see https://www.w3.org/TR/trace-context-1/#value
+func checkValue(val string) bool {
+	n := len(val)
+	if n == 0 || n > 256 {
+		return false
+	}
+	for i := 0; i < n-1; i++ {
+		if !checkValueChar(val[i]) {
+			return false
+		}
 	}
-	if !noTenantKeyRe.MatchString(key) {
-		if !withTenantKeyRe.MatchString(key) {
-			return member{}, fmt.Errorf("%w: %s", errInvalidKey, key)
+	return checkValueLast(val[n-1])
+}
+
+func checkKeyRemain(key string) bool {
+	// ( lcalpha / DIGIT / "_" / "-"/ "*" / "/" )
+	for _, v := range key {
+		if isAlphaNum(byte(v)) {
+			continue
 		}
-		atIndex := strings.LastIndex(key, "@")
-		if atIndex > 241 || len(key)-1-atIndex > 14 {
-			return member{}, fmt.Errorf("%w: %s", errInvalidKey, key)
+		switch v {
+		case '_', '-', '*', '/':
+			continue
 		}
+		return false
+	}
+	return true
+}
+
+// according to
+//
+//	simple-key = lcalpha (0*255( lcalpha / DIGIT / "_" / "-"/ "*" / "/" ))
+//	system-id = lcalpha (0*13( lcalpha / DIGIT / "_" / "-"/ "*" / "/" ))
+//
+// param n is remain part length, should be 255 in simple-key or 13 in system-id.
+func checkKeyPart(key string, n int) bool {
+	if len(key) == 0 {
+		return false
+	}
+	first := key[0] // key's first char
+	ret := len(key[1:]) <= n
+	ret = ret && first >= 'a' && first <= 'z'
+	return ret && checkKeyRemain(key[1:])
+}
+
+func isAlphaNum(c byte) bool {
+	if c >= 'a' && c <= 'z' {
+		return true
 	}
-	if len(value) > 256 || !valueRe.MatchString(value) {
-		return member{}, fmt.Errorf("%w: %s", errInvalidValue, value)
+	return c >= '0' && c <= '9'
+}
+
+// according to
+//
+//	tenant-id = ( lcalpha / DIGIT ) 0*240( lcalpha / DIGIT / "_" / "-"/ "*" / "/" )
+//
+// param n is remain part length, should be 240 exactly.
+func checkKeyTenant(key string, n int) bool {
+	if len(key) == 0 {
+		return false
+	}
+	return isAlphaNum(key[0]) && len(key[1:]) <= n && checkKeyRemain(key[1:])
+}
+
+// based on the W3C Trace Context specification
+//
+//	key = simple-key / multi-tenant-key
+//	simple-key = lcalpha (0*255( lcalpha / DIGIT / "_" / "-"/ "*" / "/" ))
+//	multi-tenant-key = tenant-id "@" system-id
+//	tenant-id = ( lcalpha / DIGIT ) (0*240( lcalpha / DIGIT / "_" / "-"/ "*" / "/" ))
+//	system-id = lcalpha (0*13( lcalpha / DIGIT / "_" / "-"/ "*" / "/" ))
+//	lcalpha    = %x61-7A ; a-z
+//
+// see https://www.w3.org/TR/trace-context-1/#tracestate-header.
+func checkKey(key string) bool {
+	tenant, system, ok := strings.Cut(key, "@")
+	if !ok {
+		return checkKeyPart(key, 255)
+	}
+	return checkKeyTenant(tenant, 240) && checkKeyPart(system, 13)
+}
+
+func newMember(key, value string) (member, error) {
+	if !checkKey(key) {
+		return member{}, errInvalidKey
+	}
+	if !checkValue(value) {
+		return member{}, errInvalidValue
 	}
 	return member{Key: key, Value: value}, nil
 }
 
 func parseMember(m string) (member, error) {
-	matches := memberRe.FindStringSubmatch(m)
-	if len(matches) != 3 {
+	key, val, ok := strings.Cut(m, memberDelimiter)
+	if !ok {
 		return member{}, fmt.Errorf("%w: %s", errInvalidMember, m)
 	}
-	result, e := newMember(matches[1], matches[2])
+	key = strings.TrimLeft(key, " \t")
+	val = strings.TrimRight(val, " \t")
+	result, e := newMember(key, val)
 	if e != nil {
 		return member{}, fmt.Errorf("%w: %s", errInvalidMember, m)
 	}
@@ -85,7 +164,7 @@ func parseMember(m string) (member, error) {
 // String encodes member into a string compliant with the W3C Trace Context
 // specification.
 func (m member) String() string {
-	return fmt.Sprintf("%s=%s", m.Key, m.Value)
+	return m.Key + "=" + m.Value
 }
 
 // TraceState provides additional vendor-specific trace identification
@@ -109,8 +188,8 @@ var _ json.Marshaler = TraceState{}
 // ParseTraceState attempts to decode a TraceState from the passed
 // string. It returns an error if the input is invalid according to the W3C
 // Trace Context specification.
-func ParseTraceState(tracestate string) (TraceState, error) {
-	if tracestate == "" {
+func ParseTraceState(ts string) (TraceState, error) {
+	if ts == "" {
 		return TraceState{}, nil
 	}
 
@@ -120,7 +199,9 @@ func ParseTraceState(tracestate string) (TraceState, error) {
 
 	var members []member
 	found := make(map[string]struct{})
-	for _, memberStr := range strings.Split(tracestate, listDelimiter) {
+	for ts != "" {
+		var memberStr string
+		memberStr, ts, _ = strings.Cut(ts, listDelimiters)
 		if len(memberStr) == 0 {
 			continue
 		}
@@ -153,11 +234,29 @@ func (ts TraceState) MarshalJSON() ([]byte, error) {
 // Trace Context specification. The returned string will be invalid if the
 // TraceState contains any invalid members.
 func (ts TraceState) String() string {
-	members := make([]string, len(ts.list))
-	for i, m := range ts.list {
-		members[i] = m.String()
+	if len(ts.list) == 0 {
+		return ""
+	}
+	var n int
+	n += len(ts.list)     // member delimiters: '='
+	n += len(ts.list) - 1 // list delimiters: ','
+	for _, mem := range ts.list {
+		n += len(mem.Key)
+		n += len(mem.Value)
 	}
-	return strings.Join(members, listDelimiter)
+
+	var sb strings.Builder
+	sb.Grow(n)
+	_, _ = sb.WriteString(ts.list[0].Key)
+	_ = sb.WriteByte('=')
+	_, _ = sb.WriteString(ts.list[0].Value)
+	for i := 1; i < len(ts.list); i++ {
+		_ = sb.WriteByte(listDelimiters[0])
+		_, _ = sb.WriteString(ts.list[i].Key)
+		_ = sb.WriteByte('=')
+		_, _ = sb.WriteString(ts.list[i].Value)
+	}
+	return sb.String()
 }
 
 // Get returns the value paired with key from the corresponding TraceState
@@ -189,15 +288,25 @@ func (ts TraceState) Insert(key, value string) (TraceState, error) {
 	if err != nil {
 		return ts, err
 	}
-
-	cTS := ts.Delete(key)
-	if cTS.Len()+1 <= maxListMembers {
-		cTS.list = append(cTS.list, member{})
+	n := len(ts.list)
+	found := n
+	for i := range ts.list {
+		if ts.list[i].Key == key {
+			found = i
+		}
+	}
+	cTS := TraceState{}
+	if found == n && n < maxListMembers {
+		cTS.list = make([]member, n+1)
+	} else {
+		cTS.list = make([]member, n)
 	}
-	// When the number of members exceeds capacity, drop the "right-most".
-	copy(cTS.list[1:], cTS.list)
 	cTS.list[0] = m
-
+	// When the number of members exceeds capacity, drop the "right-most".
+	copy(cTS.list[1:], ts.list[0:found])
+	if found < n {
+		copy(cTS.list[1+found:], ts.list[found+1:])
+	}
 	return cTS, nil
 }
 
diff --git a/vendor/go.opentelemetry.io/otel/version.go b/vendor/go.opentelemetry.io/otel/version.go
index e2f743585d1..c7aba1c3f44 100644
--- a/vendor/go.opentelemetry.io/otel/version.go
+++ b/vendor/go.opentelemetry.io/otel/version.go
@@ -16,5 +16,5 @@ package otel // import "go.opentelemetry.io/otel"
 
 // Version is the current release version of OpenTelemetry in use.
 func Version() string {
-	return "1.21.0"
+	return "1.22.0"
 }
diff --git a/vendor/go.opentelemetry.io/otel/versions.yaml b/vendor/go.opentelemetry.io/otel/versions.yaml
index 3c153c9d6fc..a9cfb80ae5c 100644
--- a/vendor/go.opentelemetry.io/otel/versions.yaml
+++ b/vendor/go.opentelemetry.io/otel/versions.yaml
@@ -14,7 +14,7 @@
 
 module-sets:
   stable-v1:
-    version: v1.21.0
+    version: v1.22.0
     modules:
       - go.opentelemetry.io/otel
       - go.opentelemetry.io/otel/bridge/opentracing
@@ -34,7 +34,7 @@ module-sets:
       - go.opentelemetry.io/otel/sdk/metric
       - go.opentelemetry.io/otel/trace
   experimental-metrics:
-    version: v0.44.0
+    version: v0.45.0
     modules:
       - go.opentelemetry.io/otel/bridge/opencensus
       - go.opentelemetry.io/otel/bridge/opencensus/test
diff --git a/vendor/go.opentelemetry.io/proto/otlp/metrics/v1/metrics.pb.go b/vendor/go.opentelemetry.io/proto/otlp/metrics/v1/metrics.pb.go
index dfa59a67854..1ef2656e94d 100644
--- a/vendor/go.opentelemetry.io/proto/otlp/metrics/v1/metrics.pb.go
+++ b/vendor/go.opentelemetry.io/proto/otlp/metrics/v1/metrics.pb.go
@@ -279,6 +279,9 @@ type ResourceMetrics struct {
 	Resource *v1.Resource `protobuf:"bytes,1,opt,name=resource,proto3" json:"resource,omitempty"`
 	// A list of metrics that originate from a resource.
 	ScopeMetrics []*ScopeMetrics `protobuf:"bytes,2,rep,name=scope_metrics,json=scopeMetrics,proto3" json:"scope_metrics,omitempty"`
+	// The Schema URL, if known. This is the identifier of the Schema that the resource data
+	// is recorded in. To learn more about Schema URL see
+	// https://opentelemetry.io/docs/specs/otel/schemas/#schema-url
 	// This schema_url applies to the data in the "resource" field. It does not apply
 	// to the data in the "scope_metrics" field which have their own schema_url field.
 	SchemaUrl string `protobuf:"bytes,3,opt,name=schema_url,json=schemaUrl,proto3" json:"schema_url,omitempty"`
@@ -349,6 +352,9 @@ type ScopeMetrics struct {
 	Scope *v11.InstrumentationScope `protobuf:"bytes,1,opt,name=scope,proto3" json:"scope,omitempty"`
 	// A list of metrics that originate from an instrumentation library.
 	Metrics []*Metric `protobuf:"bytes,2,rep,name=metrics,proto3" json:"metrics,omitempty"`
+	// The Schema URL, if known. This is the identifier of the Schema that the metric data
+	// is recorded in. To learn more about Schema URL see
+	// https://opentelemetry.io/docs/specs/otel/schemas/#schema-url
 	// This schema_url applies to all metrics in the "metrics" field.
 	SchemaUrl string `protobuf:"bytes,3,opt,name=schema_url,json=schemaUrl,proto3" json:"schema_url,omitempty"`
 }
@@ -496,7 +502,7 @@ type Metric struct {
 	sizeCache     protoimpl.SizeCache
 	unknownFields protoimpl.UnknownFields
 
-	// name of the metric, including its DNS name prefix. It must be unique.
+	// name of the metric.
 	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
 	// description of the metric, which can be used in documentation.
 	Description string `protobuf:"bytes,2,opt,name=description,proto3" json:"description,omitempty"`
diff --git a/vendor/go.opentelemetry.io/proto/otlp/trace/v1/trace.pb.go b/vendor/go.opentelemetry.io/proto/otlp/trace/v1/trace.pb.go
index 51a499816a6..71090883705 100644
--- a/vendor/go.opentelemetry.io/proto/otlp/trace/v1/trace.pb.go
+++ b/vendor/go.opentelemetry.io/proto/otlp/trace/v1/trace.pb.go
@@ -36,6 +36,69 @@ const (
 	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
 )
 
+// SpanFlags represents constants used to interpret the
+// Span.flags field, which is protobuf 'fixed32' type and is to
+// be used as bit-fields. Each non-zero value defined in this enum is
+// a bit-mask.  To extract the bit-field, for example, use an
+// expression like:
+//
+//   (span.flags & SPAN_FLAGS_TRACE_FLAGS_MASK)
+//
+// See https://www.w3.org/TR/trace-context-2/#trace-flags for the flag definitions.
+//
+// Note that Span flags were introduced in version 1.1 of the
+// OpenTelemetry protocol.  Older Span producers do not set this
+// field, consequently consumers should not rely on the absence of a
+// particular flag bit to indicate the presence of a particular feature.
+type SpanFlags int32
+
+const (
+	// The zero value for the enum. Should not be used for comparisons.
+	// Instead use bitwise "and" with the appropriate mask as shown above.
+	SpanFlags_SPAN_FLAGS_DO_NOT_USE SpanFlags = 0
+	// Bits 0-7 are used for trace flags.
+	SpanFlags_SPAN_FLAGS_TRACE_FLAGS_MASK SpanFlags = 255
+)
+
+// Enum value maps for SpanFlags.
+var (
+	SpanFlags_name = map[int32]string{
+		0:   "SPAN_FLAGS_DO_NOT_USE",
+		255: "SPAN_FLAGS_TRACE_FLAGS_MASK",
+	}
+	SpanFlags_value = map[string]int32{
+		"SPAN_FLAGS_DO_NOT_USE":       0,
+		"SPAN_FLAGS_TRACE_FLAGS_MASK": 255,
+	}
+)
+
+func (x SpanFlags) Enum() *SpanFlags {
+	p := new(SpanFlags)
+	*p = x
+	return p
+}
+
+func (x SpanFlags) String() string {
+	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
+}
+
+func (SpanFlags) Descriptor() protoreflect.EnumDescriptor {
+	return file_opentelemetry_proto_trace_v1_trace_proto_enumTypes[0].Descriptor()
+}
+
+func (SpanFlags) Type() protoreflect.EnumType {
+	return &file_opentelemetry_proto_trace_v1_trace_proto_enumTypes[0]
+}
+
+func (x SpanFlags) Number() protoreflect.EnumNumber {
+	return protoreflect.EnumNumber(x)
+}
+
+// Deprecated: Use SpanFlags.Descriptor instead.
+func (SpanFlags) EnumDescriptor() ([]byte, []int) {
+	return file_opentelemetry_proto_trace_v1_trace_proto_rawDescGZIP(), []int{0}
+}
+
 // SpanKind is the type of span. Can be used to specify additional relationships between spans
 // in addition to a parent/child relationship.
 type Span_SpanKind int32
@@ -94,11 +157,11 @@ func (x Span_SpanKind) String() string {
 }
 
 func (Span_SpanKind) Descriptor() protoreflect.EnumDescriptor {
-	return file_opentelemetry_proto_trace_v1_trace_proto_enumTypes[0].Descriptor()
+	return file_opentelemetry_proto_trace_v1_trace_proto_enumTypes[1].Descriptor()
 }
 
 func (Span_SpanKind) Type() protoreflect.EnumType {
-	return &file_opentelemetry_proto_trace_v1_trace_proto_enumTypes[0]
+	return &file_opentelemetry_proto_trace_v1_trace_proto_enumTypes[1]
 }
 
 func (x Span_SpanKind) Number() protoreflect.EnumNumber {
@@ -149,11 +212,11 @@ func (x Status_StatusCode) String() string {
 }
 
 func (Status_StatusCode) Descriptor() protoreflect.EnumDescriptor {
-	return file_opentelemetry_proto_trace_v1_trace_proto_enumTypes[1].Descriptor()
+	return file_opentelemetry_proto_trace_v1_trace_proto_enumTypes[2].Descriptor()
 }
 
 func (Status_StatusCode) Type() protoreflect.EnumType {
-	return &file_opentelemetry_proto_trace_v1_trace_proto_enumTypes[1]
+	return &file_opentelemetry_proto_trace_v1_trace_proto_enumTypes[2]
 }
 
 func (x Status_StatusCode) Number() protoreflect.EnumNumber {
@@ -238,6 +301,9 @@ type ResourceSpans struct {
 	Resource *v1.Resource `protobuf:"bytes,1,opt,name=resource,proto3" json:"resource,omitempty"`
 	// A list of ScopeSpans that originate from a resource.
 	ScopeSpans []*ScopeSpans `protobuf:"bytes,2,rep,name=scope_spans,json=scopeSpans,proto3" json:"scope_spans,omitempty"`
+	// The Schema URL, if known. This is the identifier of the Schema that the resource data
+	// is recorded in. To learn more about Schema URL see
+	// https://opentelemetry.io/docs/specs/otel/schemas/#schema-url
 	// This schema_url applies to the data in the "resource" field. It does not apply
 	// to the data in the "scope_spans" field which have their own schema_url field.
 	SchemaUrl string `protobuf:"bytes,3,opt,name=schema_url,json=schemaUrl,proto3" json:"schema_url,omitempty"`
@@ -308,6 +374,9 @@ type ScopeSpans struct {
 	Scope *v11.InstrumentationScope `protobuf:"bytes,1,opt,name=scope,proto3" json:"scope,omitempty"`
 	// A list of Spans that originate from an instrumentation scope.
 	Spans []*Span `protobuf:"bytes,2,rep,name=spans,proto3" json:"spans,omitempty"`
+	// The Schema URL, if known. This is the identifier of the Schema that the span data
+	// is recorded in. To learn more about Schema URL see
+	// https://opentelemetry.io/docs/specs/otel/schemas/#schema-url
 	// This schema_url applies to all spans and span events in the "spans" field.
 	SchemaUrl string `protobuf:"bytes,3,opt,name=schema_url,json=schemaUrl,proto3" json:"schema_url,omitempty"`
 }
@@ -394,6 +463,21 @@ type Span struct {
 	// The `span_id` of this span's parent span. If this is a root span, then this
 	// field must be empty. The ID is an 8-byte array.
 	ParentSpanId []byte `protobuf:"bytes,4,opt,name=parent_span_id,json=parentSpanId,proto3" json:"parent_span_id,omitempty"`
+	// Flags, a bit field. 8 least significant bits are the trace
+	// flags as defined in W3C Trace Context specification. Readers
+	// MUST not assume that 24 most significant bits will be zero.
+	// To read the 8-bit W3C trace flag, use `flags & SPAN_FLAGS_TRACE_FLAGS_MASK`.
+	//
+	// When creating span messages, if the message is logically forwarded from another source
+	// with an equivalent flags fields (i.e., usually another OTLP span message), the field SHOULD
+	// be copied as-is. If creating from a source that does not have an equivalent flags field
+	// (such as a runtime representation of an OpenTelemetry span), the high 24 bits MUST
+	// be set to zero.
+	//
+	// [Optional].
+	//
+	// See https://www.w3.org/TR/trace-context-2/#trace-flags for the flag definitions.
+	Flags uint32 `protobuf:"fixed32,16,opt,name=flags,proto3" json:"flags,omitempty"`
 	// A description of the span's operation.
 	//
 	// For example, the name can be a qualified method name or a file name
@@ -517,6 +601,13 @@ func (x *Span) GetParentSpanId() []byte {
 	return nil
 }
 
+func (x *Span) GetFlags() uint32 {
+	if x != nil {
+		return x.Flags
+	}
+	return 0
+}
+
 func (x *Span) GetName() string {
 	if x != nil {
 		return x.Name
@@ -757,6 +848,15 @@ type Span_Link struct {
 	// dropped_attributes_count is the number of dropped attributes. If the value is 0,
 	// then no attributes were dropped.
 	DroppedAttributesCount uint32 `protobuf:"varint,5,opt,name=dropped_attributes_count,json=droppedAttributesCount,proto3" json:"dropped_attributes_count,omitempty"`
+	// Flags, a bit field. 8 least significant bits are the trace
+	// flags as defined in W3C Trace Context specification. Readers
+	// MUST not assume that 24 most significant bits will be zero.
+	// When creating new spans, the most-significant 24-bits MUST be
+	// zero.  To read the 8-bit W3C trace flag (use flags &
+	// SPAN_FLAGS_TRACE_FLAGS_MASK).  [Optional].
+	//
+	// See https://www.w3.org/TR/trace-context-2/#trace-flags for the flag definitions.
+	Flags uint32 `protobuf:"fixed32,6,opt,name=flags,proto3" json:"flags,omitempty"`
 }
 
 func (x *Span_Link) Reset() {
@@ -826,6 +926,13 @@ func (x *Span_Link) GetDroppedAttributesCount() uint32 {
 	return 0
 }
 
+func (x *Span_Link) GetFlags() uint32 {
+	if x != nil {
+		return x.Flags
+	}
+	return 0
+}
+
 var File_opentelemetry_proto_trace_v1_trace_proto protoreflect.FileDescriptor
 
 var file_opentelemetry_proto_trace_v1_trace_proto_rawDesc = []byte{
@@ -869,7 +976,7 @@ var file_opentelemetry_proto_trace_v1_trace_proto_rawDesc = []byte{
 	0x2e, 0x74, 0x72, 0x61, 0x63, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x70, 0x61, 0x6e, 0x52, 0x05,
 	0x73, 0x70, 0x61, 0x6e, 0x73, 0x12, 0x1d, 0x0a, 0x0a, 0x73, 0x63, 0x68, 0x65, 0x6d, 0x61, 0x5f,
 	0x75, 0x72, 0x6c, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x73, 0x63, 0x68, 0x65, 0x6d,
-	0x61, 0x55, 0x72, 0x6c, 0x22, 0x9c, 0x0a, 0x0a, 0x04, 0x53, 0x70, 0x61, 0x6e, 0x12, 0x19, 0x0a,
+	0x61, 0x55, 0x72, 0x6c, 0x22, 0xc8, 0x0a, 0x0a, 0x04, 0x53, 0x70, 0x61, 0x6e, 0x12, 0x19, 0x0a,
 	0x08, 0x74, 0x72, 0x61, 0x63, 0x65, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52,
 	0x07, 0x74, 0x72, 0x61, 0x63, 0x65, 0x49, 0x64, 0x12, 0x17, 0x0a, 0x07, 0x73, 0x70, 0x61, 0x6e,
 	0x5f, 0x69, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x06, 0x73, 0x70, 0x61, 0x6e, 0x49,
@@ -877,101 +984,108 @@ var file_opentelemetry_proto_trace_v1_trace_proto_rawDesc = []byte{
 	0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x74, 0x72, 0x61, 0x63, 0x65, 0x53, 0x74, 0x61,
 	0x74, 0x65, 0x12, 0x24, 0x0a, 0x0e, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x5f, 0x73, 0x70, 0x61,
 	0x6e, 0x5f, 0x69, 0x64, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x0c, 0x70, 0x61, 0x72, 0x65,
-	0x6e, 0x74, 0x53, 0x70, 0x61, 0x6e, 0x49, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65,
-	0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x3f, 0x0a, 0x04,
-	0x6b, 0x69, 0x6e, 0x64, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2b, 0x2e, 0x6f, 0x70, 0x65,
-	0x6e, 0x74, 0x65, 0x6c, 0x65, 0x6d, 0x65, 0x74, 0x72, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
-	0x2e, 0x74, 0x72, 0x61, 0x63, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x70, 0x61, 0x6e, 0x2e, 0x53,
-	0x70, 0x61, 0x6e, 0x4b, 0x69, 0x6e, 0x64, 0x52, 0x04, 0x6b, 0x69, 0x6e, 0x64, 0x12, 0x2f, 0x0a,
-	0x14, 0x73, 0x74, 0x61, 0x72, 0x74, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x5f, 0x75, 0x6e, 0x69, 0x78,
-	0x5f, 0x6e, 0x61, 0x6e, 0x6f, 0x18, 0x07, 0x20, 0x01, 0x28, 0x06, 0x52, 0x11, 0x73, 0x74, 0x61,
-	0x72, 0x74, 0x54, 0x69, 0x6d, 0x65, 0x55, 0x6e, 0x69, 0x78, 0x4e, 0x61, 0x6e, 0x6f, 0x12, 0x2b,
-	0x0a, 0x12, 0x65, 0x6e, 0x64, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x5f, 0x75, 0x6e, 0x69, 0x78, 0x5f,
-	0x6e, 0x61, 0x6e, 0x6f, 0x18, 0x08, 0x20, 0x01, 0x28, 0x06, 0x52, 0x0f, 0x65, 0x6e, 0x64, 0x54,
-	0x69, 0x6d, 0x65, 0x55, 0x6e, 0x69, 0x78, 0x4e, 0x61, 0x6e, 0x6f, 0x12, 0x47, 0x0a, 0x0a, 0x61,
-	0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x18, 0x09, 0x20, 0x03, 0x28, 0x0b, 0x32,
-	0x27, 0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x74, 0x65, 0x6c, 0x65, 0x6d, 0x65, 0x74, 0x72, 0x79, 0x2e,
-	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x76, 0x31, 0x2e,
-	0x4b, 0x65, 0x79, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x0a, 0x61, 0x74, 0x74, 0x72, 0x69, 0x62,
-	0x75, 0x74, 0x65, 0x73, 0x12, 0x38, 0x0a, 0x18, 0x64, 0x72, 0x6f, 0x70, 0x70, 0x65, 0x64, 0x5f,
-	0x61, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x5f, 0x63, 0x6f, 0x75, 0x6e, 0x74,
-	0x18, 0x0a, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x16, 0x64, 0x72, 0x6f, 0x70, 0x70, 0x65, 0x64, 0x41,
-	0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x12, 0x40,
-	0x0a, 0x06, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x73, 0x18, 0x0b, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x28,
-	0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x74, 0x65, 0x6c, 0x65, 0x6d, 0x65, 0x74, 0x72, 0x79, 0x2e, 0x70,
-	0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x74, 0x72, 0x61, 0x63, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x70,
-	0x61, 0x6e, 0x2e, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x52, 0x06, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x73,
-	0x12, 0x30, 0x0a, 0x14, 0x64, 0x72, 0x6f, 0x70, 0x70, 0x65, 0x64, 0x5f, 0x65, 0x76, 0x65, 0x6e,
-	0x74, 0x73, 0x5f, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x12,
-	0x64, 0x72, 0x6f, 0x70, 0x70, 0x65, 0x64, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x73, 0x43, 0x6f, 0x75,
-	0x6e, 0x74, 0x12, 0x3d, 0x0a, 0x05, 0x6c, 0x69, 0x6e, 0x6b, 0x73, 0x18, 0x0d, 0x20, 0x03, 0x28,
-	0x0b, 0x32, 0x27, 0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x74, 0x65, 0x6c, 0x65, 0x6d, 0x65, 0x74, 0x72,
-	0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x74, 0x72, 0x61, 0x63, 0x65, 0x2e, 0x76, 0x31,
-	0x2e, 0x53, 0x70, 0x61, 0x6e, 0x2e, 0x4c, 0x69, 0x6e, 0x6b, 0x52, 0x05, 0x6c, 0x69, 0x6e, 0x6b,
-	0x73, 0x12, 0x2e, 0x0a, 0x13, 0x64, 0x72, 0x6f, 0x70, 0x70, 0x65, 0x64, 0x5f, 0x6c, 0x69, 0x6e,
-	0x6b, 0x73, 0x5f, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x18, 0x0e, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x11,
-	0x64, 0x72, 0x6f, 0x70, 0x70, 0x65, 0x64, 0x4c, 0x69, 0x6e, 0x6b, 0x73, 0x43, 0x6f, 0x75, 0x6e,
-	0x74, 0x12, 0x3c, 0x0a, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x0f, 0x20, 0x01, 0x28,
-	0x0b, 0x32, 0x24, 0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x74, 0x65, 0x6c, 0x65, 0x6d, 0x65, 0x74, 0x72,
-	0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x74, 0x72, 0x61, 0x63, 0x65, 0x2e, 0x76, 0x31,
-	0x2e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x1a,
-	0xc4, 0x01, 0x0a, 0x05, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x12, 0x24, 0x0a, 0x0e, 0x74, 0x69, 0x6d,
-	0x65, 0x5f, 0x75, 0x6e, 0x69, 0x78, 0x5f, 0x6e, 0x61, 0x6e, 0x6f, 0x18, 0x01, 0x20, 0x01, 0x28,
-	0x06, 0x52, 0x0c, 0x74, 0x69, 0x6d, 0x65, 0x55, 0x6e, 0x69, 0x78, 0x4e, 0x61, 0x6e, 0x6f, 0x12,
-	0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e,
-	0x61, 0x6d, 0x65, 0x12, 0x47, 0x0a, 0x0a, 0x61, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65,
-	0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x27, 0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x74, 0x65,
-	0x6c, 0x65, 0x6d, 0x65, 0x74, 0x72, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x63, 0x6f,
-	0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x76, 0x31, 0x2e, 0x4b, 0x65, 0x79, 0x56, 0x61, 0x6c, 0x75, 0x65,
-	0x52, 0x0a, 0x61, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x12, 0x38, 0x0a, 0x18,
-	0x64, 0x72, 0x6f, 0x70, 0x70, 0x65, 0x64, 0x5f, 0x61, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74,
-	0x65, 0x73, 0x5f, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x16,
-	0x64, 0x72, 0x6f, 0x70, 0x70, 0x65, 0x64, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65,
-	0x73, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x1a, 0xde, 0x01, 0x0a, 0x04, 0x4c, 0x69, 0x6e, 0x6b, 0x12,
-	0x19, 0x0a, 0x08, 0x74, 0x72, 0x61, 0x63, 0x65, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28,
-	0x0c, 0x52, 0x07, 0x74, 0x72, 0x61, 0x63, 0x65, 0x49, 0x64, 0x12, 0x17, 0x0a, 0x07, 0x73, 0x70,
-	0x61, 0x6e, 0x5f, 0x69, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x06, 0x73, 0x70, 0x61,
-	0x6e, 0x49, 0x64, 0x12, 0x1f, 0x0a, 0x0b, 0x74, 0x72, 0x61, 0x63, 0x65, 0x5f, 0x73, 0x74, 0x61,
-	0x74, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x74, 0x72, 0x61, 0x63, 0x65, 0x53,
-	0x74, 0x61, 0x74, 0x65, 0x12, 0x47, 0x0a, 0x0a, 0x61, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74,
-	0x65, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x27, 0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x74,
-	0x65, 0x6c, 0x65, 0x6d, 0x65, 0x74, 0x72, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x63,
-	0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x76, 0x31, 0x2e, 0x4b, 0x65, 0x79, 0x56, 0x61, 0x6c, 0x75,
-	0x65, 0x52, 0x0a, 0x61, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x12, 0x38, 0x0a,
-	0x18, 0x64, 0x72, 0x6f, 0x70, 0x70, 0x65, 0x64, 0x5f, 0x61, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75,
-	0x74, 0x65, 0x73, 0x5f, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0d, 0x52,
-	0x16, 0x64, 0x72, 0x6f, 0x70, 0x70, 0x65, 0x64, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74,
-	0x65, 0x73, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x22, 0x99, 0x01, 0x0a, 0x08, 0x53, 0x70, 0x61, 0x6e,
-	0x4b, 0x69, 0x6e, 0x64, 0x12, 0x19, 0x0a, 0x15, 0x53, 0x50, 0x41, 0x4e, 0x5f, 0x4b, 0x49, 0x4e,
-	0x44, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12,
-	0x16, 0x0a, 0x12, 0x53, 0x50, 0x41, 0x4e, 0x5f, 0x4b, 0x49, 0x4e, 0x44, 0x5f, 0x49, 0x4e, 0x54,
-	0x45, 0x52, 0x4e, 0x41, 0x4c, 0x10, 0x01, 0x12, 0x14, 0x0a, 0x10, 0x53, 0x50, 0x41, 0x4e, 0x5f,
-	0x4b, 0x49, 0x4e, 0x44, 0x5f, 0x53, 0x45, 0x52, 0x56, 0x45, 0x52, 0x10, 0x02, 0x12, 0x14, 0x0a,
-	0x10, 0x53, 0x50, 0x41, 0x4e, 0x5f, 0x4b, 0x49, 0x4e, 0x44, 0x5f, 0x43, 0x4c, 0x49, 0x45, 0x4e,
-	0x54, 0x10, 0x03, 0x12, 0x16, 0x0a, 0x12, 0x53, 0x50, 0x41, 0x4e, 0x5f, 0x4b, 0x49, 0x4e, 0x44,
-	0x5f, 0x50, 0x52, 0x4f, 0x44, 0x55, 0x43, 0x45, 0x52, 0x10, 0x04, 0x12, 0x16, 0x0a, 0x12, 0x53,
-	0x50, 0x41, 0x4e, 0x5f, 0x4b, 0x49, 0x4e, 0x44, 0x5f, 0x43, 0x4f, 0x4e, 0x53, 0x55, 0x4d, 0x45,
-	0x52, 0x10, 0x05, 0x22, 0xbd, 0x01, 0x0a, 0x06, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x18,
-	0x0a, 0x07, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52,
-	0x07, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x12, 0x43, 0x0a, 0x04, 0x63, 0x6f, 0x64, 0x65,
-	0x18, 0x03, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2f, 0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x74, 0x65, 0x6c,
-	0x65, 0x6d, 0x65, 0x74, 0x72, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x74, 0x72, 0x61,
-	0x63, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x2e, 0x53, 0x74, 0x61,
-	0x74, 0x75, 0x73, 0x43, 0x6f, 0x64, 0x65, 0x52, 0x04, 0x63, 0x6f, 0x64, 0x65, 0x22, 0x4e, 0x0a,
-	0x0a, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x43, 0x6f, 0x64, 0x65, 0x12, 0x15, 0x0a, 0x11, 0x53,
-	0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x43, 0x4f, 0x44, 0x45, 0x5f, 0x55, 0x4e, 0x53, 0x45, 0x54,
-	0x10, 0x00, 0x12, 0x12, 0x0a, 0x0e, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x43, 0x4f, 0x44,
-	0x45, 0x5f, 0x4f, 0x4b, 0x10, 0x01, 0x12, 0x15, 0x0a, 0x11, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53,
-	0x5f, 0x43, 0x4f, 0x44, 0x45, 0x5f, 0x45, 0x52, 0x52, 0x4f, 0x52, 0x10, 0x02, 0x4a, 0x04, 0x08,
-	0x01, 0x10, 0x02, 0x42, 0x77, 0x0a, 0x1f, 0x69, 0x6f, 0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x74, 0x65,
+	0x6e, 0x74, 0x53, 0x70, 0x61, 0x6e, 0x49, 0x64, 0x12, 0x14, 0x0a, 0x05, 0x66, 0x6c, 0x61, 0x67,
+	0x73, 0x18, 0x10, 0x20, 0x01, 0x28, 0x07, 0x52, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x12, 0x12,
+	0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61,
+	0x6d, 0x65, 0x12, 0x3f, 0x0a, 0x04, 0x6b, 0x69, 0x6e, 0x64, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0e,
+	0x32, 0x2b, 0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x74, 0x65, 0x6c, 0x65, 0x6d, 0x65, 0x74, 0x72, 0x79,
+	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x74, 0x72, 0x61, 0x63, 0x65, 0x2e, 0x76, 0x31, 0x2e,
+	0x53, 0x70, 0x61, 0x6e, 0x2e, 0x53, 0x70, 0x61, 0x6e, 0x4b, 0x69, 0x6e, 0x64, 0x52, 0x04, 0x6b,
+	0x69, 0x6e, 0x64, 0x12, 0x2f, 0x0a, 0x14, 0x73, 0x74, 0x61, 0x72, 0x74, 0x5f, 0x74, 0x69, 0x6d,
+	0x65, 0x5f, 0x75, 0x6e, 0x69, 0x78, 0x5f, 0x6e, 0x61, 0x6e, 0x6f, 0x18, 0x07, 0x20, 0x01, 0x28,
+	0x06, 0x52, 0x11, 0x73, 0x74, 0x61, 0x72, 0x74, 0x54, 0x69, 0x6d, 0x65, 0x55, 0x6e, 0x69, 0x78,
+	0x4e, 0x61, 0x6e, 0x6f, 0x12, 0x2b, 0x0a, 0x12, 0x65, 0x6e, 0x64, 0x5f, 0x74, 0x69, 0x6d, 0x65,
+	0x5f, 0x75, 0x6e, 0x69, 0x78, 0x5f, 0x6e, 0x61, 0x6e, 0x6f, 0x18, 0x08, 0x20, 0x01, 0x28, 0x06,
+	0x52, 0x0f, 0x65, 0x6e, 0x64, 0x54, 0x69, 0x6d, 0x65, 0x55, 0x6e, 0x69, 0x78, 0x4e, 0x61, 0x6e,
+	0x6f, 0x12, 0x47, 0x0a, 0x0a, 0x61, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x18,
+	0x09, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x27, 0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x74, 0x65, 0x6c, 0x65,
+	0x6d, 0x65, 0x74, 0x72, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x63, 0x6f, 0x6d, 0x6d,
+	0x6f, 0x6e, 0x2e, 0x76, 0x31, 0x2e, 0x4b, 0x65, 0x79, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x0a,
+	0x61, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x12, 0x38, 0x0a, 0x18, 0x64, 0x72,
+	0x6f, 0x70, 0x70, 0x65, 0x64, 0x5f, 0x61, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73,
+	0x5f, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x16, 0x64, 0x72,
+	0x6f, 0x70, 0x70, 0x65, 0x64, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x43,
+	0x6f, 0x75, 0x6e, 0x74, 0x12, 0x40, 0x0a, 0x06, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x73, 0x18, 0x0b,
+	0x20, 0x03, 0x28, 0x0b, 0x32, 0x28, 0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x74, 0x65, 0x6c, 0x65, 0x6d,
+	0x65, 0x74, 0x72, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x74, 0x72, 0x61, 0x63, 0x65,
+	0x2e, 0x76, 0x31, 0x2e, 0x53, 0x70, 0x61, 0x6e, 0x2e, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x52, 0x06,
+	0x65, 0x76, 0x65, 0x6e, 0x74, 0x73, 0x12, 0x30, 0x0a, 0x14, 0x64, 0x72, 0x6f, 0x70, 0x70, 0x65,
+	0x64, 0x5f, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x73, 0x5f, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x18, 0x0c,
+	0x20, 0x01, 0x28, 0x0d, 0x52, 0x12, 0x64, 0x72, 0x6f, 0x70, 0x70, 0x65, 0x64, 0x45, 0x76, 0x65,
+	0x6e, 0x74, 0x73, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x12, 0x3d, 0x0a, 0x05, 0x6c, 0x69, 0x6e, 0x6b,
+	0x73, 0x18, 0x0d, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x27, 0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x74, 0x65,
+	0x6c, 0x65, 0x6d, 0x65, 0x74, 0x72, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x74, 0x72,
+	0x61, 0x63, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x70, 0x61, 0x6e, 0x2e, 0x4c, 0x69, 0x6e, 0x6b,
+	0x52, 0x05, 0x6c, 0x69, 0x6e, 0x6b, 0x73, 0x12, 0x2e, 0x0a, 0x13, 0x64, 0x72, 0x6f, 0x70, 0x70,
+	0x65, 0x64, 0x5f, 0x6c, 0x69, 0x6e, 0x6b, 0x73, 0x5f, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x18, 0x0e,
+	0x20, 0x01, 0x28, 0x0d, 0x52, 0x11, 0x64, 0x72, 0x6f, 0x70, 0x70, 0x65, 0x64, 0x4c, 0x69, 0x6e,
+	0x6b, 0x73, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x12, 0x3c, 0x0a, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75,
+	0x73, 0x18, 0x0f, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x74, 0x65,
 	0x6c, 0x65, 0x6d, 0x65, 0x74, 0x72, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x74, 0x72,
-	0x61, 0x63, 0x65, 0x2e, 0x76, 0x31, 0x42, 0x0a, 0x54, 0x72, 0x61, 0x63, 0x65, 0x50, 0x72, 0x6f,
-	0x74, 0x6f, 0x50, 0x01, 0x5a, 0x27, 0x67, 0x6f, 0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x74, 0x65, 0x6c,
-	0x65, 0x6d, 0x65, 0x74, 0x72, 0x79, 0x2e, 0x69, 0x6f, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f,
-	0x6f, 0x74, 0x6c, 0x70, 0x2f, 0x74, 0x72, 0x61, 0x63, 0x65, 0x2f, 0x76, 0x31, 0xaa, 0x02, 0x1c,
-	0x4f, 0x70, 0x65, 0x6e, 0x54, 0x65, 0x6c, 0x65, 0x6d, 0x65, 0x74, 0x72, 0x79, 0x2e, 0x50, 0x72,
-	0x6f, 0x74, 0x6f, 0x2e, 0x54, 0x72, 0x61, 0x63, 0x65, 0x2e, 0x56, 0x31, 0x62, 0x06, 0x70, 0x72,
-	0x6f, 0x74, 0x6f, 0x33,
+	0x61, 0x63, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x06, 0x73,
+	0x74, 0x61, 0x74, 0x75, 0x73, 0x1a, 0xc4, 0x01, 0x0a, 0x05, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x12,
+	0x24, 0x0a, 0x0e, 0x74, 0x69, 0x6d, 0x65, 0x5f, 0x75, 0x6e, 0x69, 0x78, 0x5f, 0x6e, 0x61, 0x6e,
+	0x6f, 0x18, 0x01, 0x20, 0x01, 0x28, 0x06, 0x52, 0x0c, 0x74, 0x69, 0x6d, 0x65, 0x55, 0x6e, 0x69,
+	0x78, 0x4e, 0x61, 0x6e, 0x6f, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20,
+	0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x47, 0x0a, 0x0a, 0x61, 0x74, 0x74,
+	0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x27, 0x2e,
+	0x6f, 0x70, 0x65, 0x6e, 0x74, 0x65, 0x6c, 0x65, 0x6d, 0x65, 0x74, 0x72, 0x79, 0x2e, 0x70, 0x72,
+	0x6f, 0x74, 0x6f, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x76, 0x31, 0x2e, 0x4b, 0x65,
+	0x79, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x0a, 0x61, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74,
+	0x65, 0x73, 0x12, 0x38, 0x0a, 0x18, 0x64, 0x72, 0x6f, 0x70, 0x70, 0x65, 0x64, 0x5f, 0x61, 0x74,
+	0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x5f, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x18, 0x04,
+	0x20, 0x01, 0x28, 0x0d, 0x52, 0x16, 0x64, 0x72, 0x6f, 0x70, 0x70, 0x65, 0x64, 0x41, 0x74, 0x74,
+	0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x1a, 0xf4, 0x01, 0x0a,
+	0x04, 0x4c, 0x69, 0x6e, 0x6b, 0x12, 0x19, 0x0a, 0x08, 0x74, 0x72, 0x61, 0x63, 0x65, 0x5f, 0x69,
+	0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x07, 0x74, 0x72, 0x61, 0x63, 0x65, 0x49, 0x64,
+	0x12, 0x17, 0x0a, 0x07, 0x73, 0x70, 0x61, 0x6e, 0x5f, 0x69, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28,
+	0x0c, 0x52, 0x06, 0x73, 0x70, 0x61, 0x6e, 0x49, 0x64, 0x12, 0x1f, 0x0a, 0x0b, 0x74, 0x72, 0x61,
+	0x63, 0x65, 0x5f, 0x73, 0x74, 0x61, 0x74, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a,
+	0x74, 0x72, 0x61, 0x63, 0x65, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x47, 0x0a, 0x0a, 0x61, 0x74,
+	0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x27,
+	0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x74, 0x65, 0x6c, 0x65, 0x6d, 0x65, 0x74, 0x72, 0x79, 0x2e, 0x70,
+	0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x76, 0x31, 0x2e, 0x4b,
+	0x65, 0x79, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x0a, 0x61, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75,
+	0x74, 0x65, 0x73, 0x12, 0x38, 0x0a, 0x18, 0x64, 0x72, 0x6f, 0x70, 0x70, 0x65, 0x64, 0x5f, 0x61,
+	0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x5f, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x18,
+	0x05, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x16, 0x64, 0x72, 0x6f, 0x70, 0x70, 0x65, 0x64, 0x41, 0x74,
+	0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x12, 0x14, 0x0a,
+	0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x18, 0x06, 0x20, 0x01, 0x28, 0x07, 0x52, 0x05, 0x66, 0x6c,
+	0x61, 0x67, 0x73, 0x22, 0x99, 0x01, 0x0a, 0x08, 0x53, 0x70, 0x61, 0x6e, 0x4b, 0x69, 0x6e, 0x64,
+	0x12, 0x19, 0x0a, 0x15, 0x53, 0x50, 0x41, 0x4e, 0x5f, 0x4b, 0x49, 0x4e, 0x44, 0x5f, 0x55, 0x4e,
+	0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x16, 0x0a, 0x12, 0x53,
+	0x50, 0x41, 0x4e, 0x5f, 0x4b, 0x49, 0x4e, 0x44, 0x5f, 0x49, 0x4e, 0x54, 0x45, 0x52, 0x4e, 0x41,
+	0x4c, 0x10, 0x01, 0x12, 0x14, 0x0a, 0x10, 0x53, 0x50, 0x41, 0x4e, 0x5f, 0x4b, 0x49, 0x4e, 0x44,
+	0x5f, 0x53, 0x45, 0x52, 0x56, 0x45, 0x52, 0x10, 0x02, 0x12, 0x14, 0x0a, 0x10, 0x53, 0x50, 0x41,
+	0x4e, 0x5f, 0x4b, 0x49, 0x4e, 0x44, 0x5f, 0x43, 0x4c, 0x49, 0x45, 0x4e, 0x54, 0x10, 0x03, 0x12,
+	0x16, 0x0a, 0x12, 0x53, 0x50, 0x41, 0x4e, 0x5f, 0x4b, 0x49, 0x4e, 0x44, 0x5f, 0x50, 0x52, 0x4f,
+	0x44, 0x55, 0x43, 0x45, 0x52, 0x10, 0x04, 0x12, 0x16, 0x0a, 0x12, 0x53, 0x50, 0x41, 0x4e, 0x5f,
+	0x4b, 0x49, 0x4e, 0x44, 0x5f, 0x43, 0x4f, 0x4e, 0x53, 0x55, 0x4d, 0x45, 0x52, 0x10, 0x05, 0x22,
+	0xbd, 0x01, 0x0a, 0x06, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x18, 0x0a, 0x07, 0x6d, 0x65,
+	0x73, 0x73, 0x61, 0x67, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x6d, 0x65, 0x73,
+	0x73, 0x61, 0x67, 0x65, 0x12, 0x43, 0x0a, 0x04, 0x63, 0x6f, 0x64, 0x65, 0x18, 0x03, 0x20, 0x01,
+	0x28, 0x0e, 0x32, 0x2f, 0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x74, 0x65, 0x6c, 0x65, 0x6d, 0x65, 0x74,
+	0x72, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x74, 0x72, 0x61, 0x63, 0x65, 0x2e, 0x76,
+	0x31, 0x2e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x2e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x43,
+	0x6f, 0x64, 0x65, 0x52, 0x04, 0x63, 0x6f, 0x64, 0x65, 0x22, 0x4e, 0x0a, 0x0a, 0x53, 0x74, 0x61,
+	0x74, 0x75, 0x73, 0x43, 0x6f, 0x64, 0x65, 0x12, 0x15, 0x0a, 0x11, 0x53, 0x54, 0x41, 0x54, 0x55,
+	0x53, 0x5f, 0x43, 0x4f, 0x44, 0x45, 0x5f, 0x55, 0x4e, 0x53, 0x45, 0x54, 0x10, 0x00, 0x12, 0x12,
+	0x0a, 0x0e, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x43, 0x4f, 0x44, 0x45, 0x5f, 0x4f, 0x4b,
+	0x10, 0x01, 0x12, 0x15, 0x0a, 0x11, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x43, 0x4f, 0x44,
+	0x45, 0x5f, 0x45, 0x52, 0x52, 0x4f, 0x52, 0x10, 0x02, 0x4a, 0x04, 0x08, 0x01, 0x10, 0x02, 0x2a,
+	0x48, 0x0a, 0x09, 0x53, 0x70, 0x61, 0x6e, 0x46, 0x6c, 0x61, 0x67, 0x73, 0x12, 0x19, 0x0a, 0x15,
+	0x53, 0x50, 0x41, 0x4e, 0x5f, 0x46, 0x4c, 0x41, 0x47, 0x53, 0x5f, 0x44, 0x4f, 0x5f, 0x4e, 0x4f,
+	0x54, 0x5f, 0x55, 0x53, 0x45, 0x10, 0x00, 0x12, 0x20, 0x0a, 0x1b, 0x53, 0x50, 0x41, 0x4e, 0x5f,
+	0x46, 0x4c, 0x41, 0x47, 0x53, 0x5f, 0x54, 0x52, 0x41, 0x43, 0x45, 0x5f, 0x46, 0x4c, 0x41, 0x47,
+	0x53, 0x5f, 0x4d, 0x41, 0x53, 0x4b, 0x10, 0xff, 0x01, 0x42, 0x77, 0x0a, 0x1f, 0x69, 0x6f, 0x2e,
+	0x6f, 0x70, 0x65, 0x6e, 0x74, 0x65, 0x6c, 0x65, 0x6d, 0x65, 0x74, 0x72, 0x79, 0x2e, 0x70, 0x72,
+	0x6f, 0x74, 0x6f, 0x2e, 0x74, 0x72, 0x61, 0x63, 0x65, 0x2e, 0x76, 0x31, 0x42, 0x0a, 0x54, 0x72,
+	0x61, 0x63, 0x65, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x27, 0x67, 0x6f, 0x2e, 0x6f,
+	0x70, 0x65, 0x6e, 0x74, 0x65, 0x6c, 0x65, 0x6d, 0x65, 0x74, 0x72, 0x79, 0x2e, 0x69, 0x6f, 0x2f,
+	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x6f, 0x74, 0x6c, 0x70, 0x2f, 0x74, 0x72, 0x61, 0x63, 0x65,
+	0x2f, 0x76, 0x31, 0xaa, 0x02, 0x1c, 0x4f, 0x70, 0x65, 0x6e, 0x54, 0x65, 0x6c, 0x65, 0x6d, 0x65,
+	0x74, 0x72, 0x79, 0x2e, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x54, 0x72, 0x61, 0x63, 0x65, 0x2e,
+	0x56, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
 }
 
 var (
@@ -986,36 +1100,37 @@ func file_opentelemetry_proto_trace_v1_trace_proto_rawDescGZIP() []byte {
 	return file_opentelemetry_proto_trace_v1_trace_proto_rawDescData
 }
 
-var file_opentelemetry_proto_trace_v1_trace_proto_enumTypes = make([]protoimpl.EnumInfo, 2)
+var file_opentelemetry_proto_trace_v1_trace_proto_enumTypes = make([]protoimpl.EnumInfo, 3)
 var file_opentelemetry_proto_trace_v1_trace_proto_msgTypes = make([]protoimpl.MessageInfo, 7)
 var file_opentelemetry_proto_trace_v1_trace_proto_goTypes = []interface{}{
-	(Span_SpanKind)(0),               // 0: opentelemetry.proto.trace.v1.Span.SpanKind
-	(Status_StatusCode)(0),           // 1: opentelemetry.proto.trace.v1.Status.StatusCode
-	(*TracesData)(nil),               // 2: opentelemetry.proto.trace.v1.TracesData
-	(*ResourceSpans)(nil),            // 3: opentelemetry.proto.trace.v1.ResourceSpans
-	(*ScopeSpans)(nil),               // 4: opentelemetry.proto.trace.v1.ScopeSpans
-	(*Span)(nil),                     // 5: opentelemetry.proto.trace.v1.Span
-	(*Status)(nil),                   // 6: opentelemetry.proto.trace.v1.Status
-	(*Span_Event)(nil),               // 7: opentelemetry.proto.trace.v1.Span.Event
-	(*Span_Link)(nil),                // 8: opentelemetry.proto.trace.v1.Span.Link
-	(*v1.Resource)(nil),              // 9: opentelemetry.proto.resource.v1.Resource
-	(*v11.InstrumentationScope)(nil), // 10: opentelemetry.proto.common.v1.InstrumentationScope
-	(*v11.KeyValue)(nil),             // 11: opentelemetry.proto.common.v1.KeyValue
+	(SpanFlags)(0),                   // 0: opentelemetry.proto.trace.v1.SpanFlags
+	(Span_SpanKind)(0),               // 1: opentelemetry.proto.trace.v1.Span.SpanKind
+	(Status_StatusCode)(0),           // 2: opentelemetry.proto.trace.v1.Status.StatusCode
+	(*TracesData)(nil),               // 3: opentelemetry.proto.trace.v1.TracesData
+	(*ResourceSpans)(nil),            // 4: opentelemetry.proto.trace.v1.ResourceSpans
+	(*ScopeSpans)(nil),               // 5: opentelemetry.proto.trace.v1.ScopeSpans
+	(*Span)(nil),                     // 6: opentelemetry.proto.trace.v1.Span
+	(*Status)(nil),                   // 7: opentelemetry.proto.trace.v1.Status
+	(*Span_Event)(nil),               // 8: opentelemetry.proto.trace.v1.Span.Event
+	(*Span_Link)(nil),                // 9: opentelemetry.proto.trace.v1.Span.Link
+	(*v1.Resource)(nil),              // 10: opentelemetry.proto.resource.v1.Resource
+	(*v11.InstrumentationScope)(nil), // 11: opentelemetry.proto.common.v1.InstrumentationScope
+	(*v11.KeyValue)(nil),             // 12: opentelemetry.proto.common.v1.KeyValue
 }
 var file_opentelemetry_proto_trace_v1_trace_proto_depIdxs = []int32{
-	3,  // 0: opentelemetry.proto.trace.v1.TracesData.resource_spans:type_name -> opentelemetry.proto.trace.v1.ResourceSpans
-	9,  // 1: opentelemetry.proto.trace.v1.ResourceSpans.resource:type_name -> opentelemetry.proto.resource.v1.Resource
-	4,  // 2: opentelemetry.proto.trace.v1.ResourceSpans.scope_spans:type_name -> opentelemetry.proto.trace.v1.ScopeSpans
-	10, // 3: opentelemetry.proto.trace.v1.ScopeSpans.scope:type_name -> opentelemetry.proto.common.v1.InstrumentationScope
-	5,  // 4: opentelemetry.proto.trace.v1.ScopeSpans.spans:type_name -> opentelemetry.proto.trace.v1.Span
-	0,  // 5: opentelemetry.proto.trace.v1.Span.kind:type_name -> opentelemetry.proto.trace.v1.Span.SpanKind
-	11, // 6: opentelemetry.proto.trace.v1.Span.attributes:type_name -> opentelemetry.proto.common.v1.KeyValue
-	7,  // 7: opentelemetry.proto.trace.v1.Span.events:type_name -> opentelemetry.proto.trace.v1.Span.Event
-	8,  // 8: opentelemetry.proto.trace.v1.Span.links:type_name -> opentelemetry.proto.trace.v1.Span.Link
-	6,  // 9: opentelemetry.proto.trace.v1.Span.status:type_name -> opentelemetry.proto.trace.v1.Status
-	1,  // 10: opentelemetry.proto.trace.v1.Status.code:type_name -> opentelemetry.proto.trace.v1.Status.StatusCode
-	11, // 11: opentelemetry.proto.trace.v1.Span.Event.attributes:type_name -> opentelemetry.proto.common.v1.KeyValue
-	11, // 12: opentelemetry.proto.trace.v1.Span.Link.attributes:type_name -> opentelemetry.proto.common.v1.KeyValue
+	4,  // 0: opentelemetry.proto.trace.v1.TracesData.resource_spans:type_name -> opentelemetry.proto.trace.v1.ResourceSpans
+	10, // 1: opentelemetry.proto.trace.v1.ResourceSpans.resource:type_name -> opentelemetry.proto.resource.v1.Resource
+	5,  // 2: opentelemetry.proto.trace.v1.ResourceSpans.scope_spans:type_name -> opentelemetry.proto.trace.v1.ScopeSpans
+	11, // 3: opentelemetry.proto.trace.v1.ScopeSpans.scope:type_name -> opentelemetry.proto.common.v1.InstrumentationScope
+	6,  // 4: opentelemetry.proto.trace.v1.ScopeSpans.spans:type_name -> opentelemetry.proto.trace.v1.Span
+	1,  // 5: opentelemetry.proto.trace.v1.Span.kind:type_name -> opentelemetry.proto.trace.v1.Span.SpanKind
+	12, // 6: opentelemetry.proto.trace.v1.Span.attributes:type_name -> opentelemetry.proto.common.v1.KeyValue
+	8,  // 7: opentelemetry.proto.trace.v1.Span.events:type_name -> opentelemetry.proto.trace.v1.Span.Event
+	9,  // 8: opentelemetry.proto.trace.v1.Span.links:type_name -> opentelemetry.proto.trace.v1.Span.Link
+	7,  // 9: opentelemetry.proto.trace.v1.Span.status:type_name -> opentelemetry.proto.trace.v1.Status
+	2,  // 10: opentelemetry.proto.trace.v1.Status.code:type_name -> opentelemetry.proto.trace.v1.Status.StatusCode
+	12, // 11: opentelemetry.proto.trace.v1.Span.Event.attributes:type_name -> opentelemetry.proto.common.v1.KeyValue
+	12, // 12: opentelemetry.proto.trace.v1.Span.Link.attributes:type_name -> opentelemetry.proto.common.v1.KeyValue
 	13, // [13:13] is the sub-list for method output_type
 	13, // [13:13] is the sub-list for method input_type
 	13, // [13:13] is the sub-list for extension type_name
@@ -1119,7 +1234,7 @@ func file_opentelemetry_proto_trace_v1_trace_proto_init() {
 		File: protoimpl.DescBuilder{
 			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
 			RawDescriptor: file_opentelemetry_proto_trace_v1_trace_proto_rawDesc,
-			NumEnums:      2,
+			NumEnums:      3,
 			NumMessages:   7,
 			NumExtensions: 0,
 			NumServices:   0,
diff --git a/vendor/golang.org/x/oauth2/google/default.go b/vendor/golang.org/x/oauth2/google/default.go
index 12b12a30c55..02ccd08a770 100644
--- a/vendor/golang.org/x/oauth2/google/default.go
+++ b/vendor/golang.org/x/oauth2/google/default.go
@@ -12,6 +12,7 @@ import (
 	"os"
 	"path/filepath"
 	"runtime"
+	"sync"
 	"time"
 
 	"cloud.google.com/go/compute/metadata"
@@ -41,12 +42,20 @@ type Credentials struct {
 	// running on Google Cloud Platform.
 	JSON []byte
 
+	udMu sync.Mutex // guards universeDomain
 	// universeDomain is the default service domain for a given Cloud universe.
 	universeDomain string
 }
 
 // UniverseDomain returns the default service domain for a given Cloud universe.
+//
 // The default value is "googleapis.com".
+//
+// Deprecated: Use instead (*Credentials).GetUniverseDomain(), which supports
+// obtaining the universe domain when authenticating via the GCE metadata server.
+// Unlike GetUniverseDomain, this method, UniverseDomain, will always return the
+// default value when authenticating via the GCE metadata server.
+// See also [The attached service account](https://cloud.google.com/docs/authentication/application-default-credentials#attached-sa).
 func (c *Credentials) UniverseDomain() string {
 	if c.universeDomain == "" {
 		return universeDomainDefault
@@ -54,6 +63,55 @@ func (c *Credentials) UniverseDomain() string {
 	return c.universeDomain
 }
 
+// GetUniverseDomain returns the default service domain for a given Cloud
+// universe.
+//
+// The default value is "googleapis.com".
+//
+// It obtains the universe domain from the attached service account on GCE when
+// authenticating via the GCE metadata server. See also [The attached service
+// account](https://cloud.google.com/docs/authentication/application-default-credentials#attached-sa).
+// If the GCE metadata server returns a 404 error, the default value is
+// returned. If the GCE metadata server returns an error other than 404, the
+// error is returned.
+func (c *Credentials) GetUniverseDomain() (string, error) {
+	c.udMu.Lock()
+	defer c.udMu.Unlock()
+	if c.universeDomain == "" && metadata.OnGCE() {
+		// If we're on Google Compute Engine, an App Engine standard second
+		// generation runtime, or App Engine flexible, use the metadata server.
+		err := c.computeUniverseDomain()
+		if err != nil {
+			return "", err
+		}
+	}
+	// If not on Google Compute Engine, or in case of any non-error path in
+	// computeUniverseDomain that did not set universeDomain, set the default
+	// universe domain.
+	if c.universeDomain == "" {
+		c.universeDomain = universeDomainDefault
+	}
+	return c.universeDomain, nil
+}
+
+// computeUniverseDomain fetches the default service domain for a given Cloud
+// universe from Google Compute Engine (GCE)'s metadata server. It's only valid
+// to use this method if your program is running on a GCE instance.
+func (c *Credentials) computeUniverseDomain() error {
+	var err error
+	c.universeDomain, err = metadata.Get("universe/universe_domain")
+	if err != nil {
+		if _, ok := err.(metadata.NotDefinedError); ok {
+			// http.StatusNotFound (404)
+			c.universeDomain = universeDomainDefault
+			return nil
+		} else {
+			return err
+		}
+	}
+	return nil
+}
+
 // DefaultCredentials is the old name of Credentials.
 //
 // Deprecated: use Credentials instead.
@@ -91,6 +149,12 @@ type CredentialsParams struct {
 	// Note: This option is currently only respected when using credentials
 	// fetched from the GCE metadata server.
 	EarlyTokenRefresh time.Duration
+
+	// UniverseDomain is the default service domain for a given Cloud universe.
+	// Only supported in authentication flows that support universe domains.
+	// This value takes precedence over a universe domain explicitly specified
+	// in a credentials config file or by the GCE metadata server. Optional.
+	UniverseDomain string
 }
 
 func (params CredentialsParams) deepCopy() CredentialsParams {
@@ -175,8 +239,9 @@ func FindDefaultCredentialsWithParams(ctx context.Context, params CredentialsPar
 	if metadata.OnGCE() {
 		id, _ := metadata.ProjectID()
 		return &Credentials{
-			ProjectID:   id,
-			TokenSource: computeTokenSource("", params.EarlyTokenRefresh, params.Scopes...),
+			ProjectID:      id,
+			TokenSource:    computeTokenSource("", params.EarlyTokenRefresh, params.Scopes...),
+			universeDomain: params.UniverseDomain,
 		}, nil
 	}
 
@@ -217,6 +282,9 @@ func CredentialsFromJSONWithParams(ctx context.Context, jsonData []byte, params
 	}
 
 	universeDomain := f.UniverseDomain
+	if params.UniverseDomain != "" {
+		universeDomain = params.UniverseDomain
+	}
 	// Authorized user credentials are only supported in the googleapis.com universe.
 	if f.Type == userCredentialsKey {
 		universeDomain = universeDomainDefault
diff --git a/vendor/golang.org/x/sync/errgroup/errgroup.go b/vendor/golang.org/x/sync/errgroup/errgroup.go
index b18efb743fe..948a3ee63d4 100644
--- a/vendor/golang.org/x/sync/errgroup/errgroup.go
+++ b/vendor/golang.org/x/sync/errgroup/errgroup.go
@@ -4,6 +4,9 @@
 
 // Package errgroup provides synchronization, error propagation, and Context
 // cancelation for groups of goroutines working on subtasks of a common task.
+//
+// [errgroup.Group] is related to [sync.WaitGroup] but adds handling of tasks
+// returning errors.
 package errgroup
 
 import (
diff --git a/vendor/golang.org/x/sys/unix/mkerrors.sh b/vendor/golang.org/x/sys/unix/mkerrors.sh
index 6202638bae8..c6492020ec7 100644
--- a/vendor/golang.org/x/sys/unix/mkerrors.sh
+++ b/vendor/golang.org/x/sys/unix/mkerrors.sh
@@ -248,6 +248,7 @@ struct ltchars {
 #include <linux/module.h>
 #include <linux/mount.h>
 #include <linux/netfilter/nfnetlink.h>
+#include <linux/netfilter/nf_tables.h>
 #include <linux/netlink.h>
 #include <linux/net_namespace.h>
 #include <linux/nfc.h>
@@ -283,10 +284,6 @@ struct ltchars {
 #include <asm/termbits.h>
 #endif
 
-#ifndef MSG_FASTOPEN
-#define MSG_FASTOPEN    0x20000000
-#endif
-
 #ifndef PTRACE_GETREGS
 #define PTRACE_GETREGS	0xc
 #endif
@@ -295,14 +292,6 @@ struct ltchars {
 #define PTRACE_SETREGS	0xd
 #endif
 
-#ifndef SOL_NETLINK
-#define SOL_NETLINK	270
-#endif
-
-#ifndef SOL_SMC
-#define SOL_SMC 286
-#endif
-
 #ifdef SOL_BLUETOOTH
 // SPARC includes this in /usr/include/sparc64-linux-gnu/bits/socket.h
 // but it is already in bluetooth_linux.go
@@ -319,10 +308,23 @@ struct ltchars {
 #undef TIPC_WAIT_FOREVER
 #define TIPC_WAIT_FOREVER 0xffffffff
 
-// Copied from linux/l2tp.h
-// Including linux/l2tp.h here causes conflicts between linux/in.h
-// and netinet/in.h included via net/route.h above.
-#define IPPROTO_L2TP		115
+// Copied from linux/netfilter/nf_nat.h
+// Including linux/netfilter/nf_nat.h here causes conflicts between linux/in.h
+// and netinet/in.h.
+#define NF_NAT_RANGE_MAP_IPS			(1 << 0)
+#define NF_NAT_RANGE_PROTO_SPECIFIED		(1 << 1)
+#define NF_NAT_RANGE_PROTO_RANDOM		(1 << 2)
+#define NF_NAT_RANGE_PERSISTENT			(1 << 3)
+#define NF_NAT_RANGE_PROTO_RANDOM_FULLY		(1 << 4)
+#define NF_NAT_RANGE_PROTO_OFFSET		(1 << 5)
+#define NF_NAT_RANGE_NETMAP			(1 << 6)
+#define NF_NAT_RANGE_PROTO_RANDOM_ALL		\
+	(NF_NAT_RANGE_PROTO_RANDOM | NF_NAT_RANGE_PROTO_RANDOM_FULLY)
+#define NF_NAT_RANGE_MASK					\
+	(NF_NAT_RANGE_MAP_IPS | NF_NAT_RANGE_PROTO_SPECIFIED |	\
+	 NF_NAT_RANGE_PROTO_RANDOM | NF_NAT_RANGE_PERSISTENT |	\
+	 NF_NAT_RANGE_PROTO_RANDOM_FULLY | NF_NAT_RANGE_PROTO_OFFSET | \
+	 NF_NAT_RANGE_NETMAP)
 
 // Copied from linux/hid.h.
 // Keep in sync with the size of the referenced fields.
@@ -603,6 +605,9 @@ ccflags="$@"
 		$2 ~ /^FSOPT_/ ||
 		$2 ~ /^WDIO[CFS]_/ ||
 		$2 ~ /^NFN/ ||
+		$2 !~ /^NFT_META_IIFTYPE/ &&
+		$2 ~ /^NFT_/ ||
+		$2 ~ /^NF_NAT_/ ||
 		$2 ~ /^XDP_/ ||
 		$2 ~ /^RWF_/ ||
 		$2 ~ /^(HDIO|WIN|SMART)_/ ||
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux.go b/vendor/golang.org/x/sys/unix/zerrors_linux.go
index c73cfe2f10b..a5d3ff8df95 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux.go
@@ -2127,6 +2127,60 @@ const (
 	NFNL_SUBSYS_QUEUE                           = 0x3
 	NFNL_SUBSYS_ULOG                            = 0x4
 	NFS_SUPER_MAGIC                             = 0x6969
+	NFT_CHAIN_FLAGS                             = 0x7
+	NFT_CHAIN_MAXNAMELEN                        = 0x100
+	NFT_CT_MAX                                  = 0x17
+	NFT_DATA_RESERVED_MASK                      = 0xffffff00
+	NFT_DATA_VALUE_MAXLEN                       = 0x40
+	NFT_EXTHDR_OP_MAX                           = 0x4
+	NFT_FIB_RESULT_MAX                          = 0x3
+	NFT_INNER_MASK                              = 0xf
+	NFT_LOGLEVEL_MAX                            = 0x8
+	NFT_NAME_MAXLEN                             = 0x100
+	NFT_NG_MAX                                  = 0x1
+	NFT_OBJECT_CONNLIMIT                        = 0x5
+	NFT_OBJECT_COUNTER                          = 0x1
+	NFT_OBJECT_CT_EXPECT                        = 0x9
+	NFT_OBJECT_CT_HELPER                        = 0x3
+	NFT_OBJECT_CT_TIMEOUT                       = 0x7
+	NFT_OBJECT_LIMIT                            = 0x4
+	NFT_OBJECT_MAX                              = 0xa
+	NFT_OBJECT_QUOTA                            = 0x2
+	NFT_OBJECT_SECMARK                          = 0x8
+	NFT_OBJECT_SYNPROXY                         = 0xa
+	NFT_OBJECT_TUNNEL                           = 0x6
+	NFT_OBJECT_UNSPEC                           = 0x0
+	NFT_OBJ_MAXNAMELEN                          = 0x100
+	NFT_OSF_MAXGENRELEN                         = 0x10
+	NFT_QUEUE_FLAG_BYPASS                       = 0x1
+	NFT_QUEUE_FLAG_CPU_FANOUT                   = 0x2
+	NFT_QUEUE_FLAG_MASK                         = 0x3
+	NFT_REG32_COUNT                             = 0x10
+	NFT_REG32_SIZE                              = 0x4
+	NFT_REG_MAX                                 = 0x4
+	NFT_REG_SIZE                                = 0x10
+	NFT_REJECT_ICMPX_MAX                        = 0x3
+	NFT_RT_MAX                                  = 0x4
+	NFT_SECMARK_CTX_MAXLEN                      = 0x100
+	NFT_SET_MAXNAMELEN                          = 0x100
+	NFT_SOCKET_MAX                              = 0x3
+	NFT_TABLE_F_MASK                            = 0x3
+	NFT_TABLE_MAXNAMELEN                        = 0x100
+	NFT_TRACETYPE_MAX                           = 0x3
+	NFT_TUNNEL_F_MASK                           = 0x7
+	NFT_TUNNEL_MAX                              = 0x1
+	NFT_TUNNEL_MODE_MAX                         = 0x2
+	NFT_USERDATA_MAXLEN                         = 0x100
+	NFT_XFRM_KEY_MAX                            = 0x6
+	NF_NAT_RANGE_MAP_IPS                        = 0x1
+	NF_NAT_RANGE_MASK                           = 0x7f
+	NF_NAT_RANGE_NETMAP                         = 0x40
+	NF_NAT_RANGE_PERSISTENT                     = 0x8
+	NF_NAT_RANGE_PROTO_OFFSET                   = 0x20
+	NF_NAT_RANGE_PROTO_RANDOM                   = 0x4
+	NF_NAT_RANGE_PROTO_RANDOM_ALL               = 0x14
+	NF_NAT_RANGE_PROTO_RANDOM_FULLY             = 0x10
+	NF_NAT_RANGE_PROTO_SPECIFIED                = 0x2
 	NILFS_SUPER_MAGIC                           = 0x3434
 	NL0                                         = 0x0
 	NL1                                         = 0x100
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go
index a1d061597cc..9dc42410b78 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go
@@ -2297,5 +2297,3 @@ func unveil(path *byte, flags *byte) (err error) {
 var libc_unveil_trampoline_addr uintptr
 
 //go:cgo_import_dynamic libc_unveil unveil "libc.so"
-
-
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go
index 5b2a7409778..0d3a0751cd4 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go
@@ -2297,5 +2297,3 @@ func unveil(path *byte, flags *byte) (err error) {
 var libc_unveil_trampoline_addr uintptr
 
 //go:cgo_import_dynamic libc_unveil unveil "libc.so"
-
-
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go
index f6eda1344a8..c39f7776db3 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go
@@ -2297,5 +2297,3 @@ func unveil(path *byte, flags *byte) (err error) {
 var libc_unveil_trampoline_addr uintptr
 
 //go:cgo_import_dynamic libc_unveil unveil "libc.so"
-
-
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go
index 55df20ae9d8..57571d072fe 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go
@@ -2297,5 +2297,3 @@ func unveil(path *byte, flags *byte) (err error) {
 var libc_unveil_trampoline_addr uintptr
 
 //go:cgo_import_dynamic libc_unveil unveil "libc.so"
-
-
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.go
index 8c1155cbc08..e62963e67e2 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.go
@@ -2297,5 +2297,3 @@ func unveil(path *byte, flags *byte) (err error) {
 var libc_unveil_trampoline_addr uintptr
 
 //go:cgo_import_dynamic libc_unveil unveil "libc.so"
-
-
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.go
index 7cc80c58d98..00831354c82 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.go
@@ -2297,5 +2297,3 @@ func unveil(path *byte, flags *byte) (err error) {
 var libc_unveil_trampoline_addr uintptr
 
 //go:cgo_import_dynamic libc_unveil unveil "libc.so"
-
-
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.go
index 0688737f494..79029ed5848 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.go
@@ -2297,5 +2297,3 @@ func unveil(path *byte, flags *byte) (err error) {
 var libc_unveil_trampoline_addr uintptr
 
 //go:cgo_import_dynamic libc_unveil unveil "libc.so"
-
-
diff --git a/vendor/golang.org/x/sys/windows/syscall_windows.go b/vendor/golang.org/x/sys/windows/syscall_windows.go
index 47dc5796769..ffb8708ccf8 100644
--- a/vendor/golang.org/x/sys/windows/syscall_windows.go
+++ b/vendor/golang.org/x/sys/windows/syscall_windows.go
@@ -194,6 +194,7 @@ func NewCallbackCDecl(fn interface{}) uintptr {
 //sys	GetComputerName(buf *uint16, n *uint32) (err error) = GetComputerNameW
 //sys	GetComputerNameEx(nametype uint32, buf *uint16, n *uint32) (err error) = GetComputerNameExW
 //sys	SetEndOfFile(handle Handle) (err error)
+//sys	SetFileValidData(handle Handle, validDataLength int64) (err error)
 //sys	GetSystemTimeAsFileTime(time *Filetime)
 //sys	GetSystemTimePreciseAsFileTime(time *Filetime)
 //sys	GetTimeZoneInformation(tzi *Timezoneinformation) (rc uint32, err error) [failretval==0xffffffff]
diff --git a/vendor/golang.org/x/sys/windows/zsyscall_windows.go b/vendor/golang.org/x/sys/windows/zsyscall_windows.go
index 146a1f0196f..e8791c82c30 100644
--- a/vendor/golang.org/x/sys/windows/zsyscall_windows.go
+++ b/vendor/golang.org/x/sys/windows/zsyscall_windows.go
@@ -342,6 +342,7 @@ var (
 	procSetDefaultDllDirectories                             = modkernel32.NewProc("SetDefaultDllDirectories")
 	procSetDllDirectoryW                                     = modkernel32.NewProc("SetDllDirectoryW")
 	procSetEndOfFile                                         = modkernel32.NewProc("SetEndOfFile")
+	procSetFileValidData                                     = modkernel32.NewProc("SetFileValidData")
 	procSetEnvironmentVariableW                              = modkernel32.NewProc("SetEnvironmentVariableW")
 	procSetErrorMode                                         = modkernel32.NewProc("SetErrorMode")
 	procSetEvent                                             = modkernel32.NewProc("SetEvent")
@@ -2988,6 +2989,14 @@ func SetEndOfFile(handle Handle) (err error) {
 	return
 }
 
+func SetFileValidData(handle Handle, validDataLength int64) (err error) {
+	r1, _, e1 := syscall.Syscall(procSetFileValidData.Addr(), 2, uintptr(handle), uintptr(validDataLength), 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
 func SetEnvironmentVariable(name *uint16, value *uint16) (err error) {
 	r1, _, e1 := syscall.Syscall(procSetEnvironmentVariableW.Addr(), 2, uintptr(unsafe.Pointer(name)), uintptr(unsafe.Pointer(value)), 0)
 	if r1 == 0 {
diff --git a/vendor/golang.org/x/tools/internal/versions/versions_go121.go b/vendor/golang.org/x/tools/internal/versions/versions.go
similarity index 80%
rename from vendor/golang.org/x/tools/internal/versions/versions_go121.go
rename to vendor/golang.org/x/tools/internal/versions/versions.go
index cf4a7d0360f..e16f6c33a52 100644
--- a/vendor/golang.org/x/tools/internal/versions/versions_go121.go
+++ b/vendor/golang.org/x/tools/internal/versions/versions.go
@@ -2,11 +2,14 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-//go:build !go1.22
-// +build !go1.22
-
 package versions
 
+// Note: If we use build tags to use go/versions when go >=1.22,
+// we run into go.dev/issue/53737. Under some operations users would see an
+// import of "go/versions" even if they would not compile the file.
+// For example, during `go get -u ./...` (go.dev/issue/64490) we do not try to include
+// For this reason, this library just a clone of go/versions for the moment.
+
 // Lang returns the Go language version for version x.
 // If x is not a valid version, Lang returns the empty string.
 // For example:
diff --git a/vendor/golang.org/x/tools/internal/versions/versions_go122.go b/vendor/golang.org/x/tools/internal/versions/versions_go122.go
deleted file mode 100644
index c1c1814b28d..00000000000
--- a/vendor/golang.org/x/tools/internal/versions/versions_go122.go
+++ /dev/null
@@ -1,38 +0,0 @@
-// Copyright 2023 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build go1.22
-// +build go1.22
-
-package versions
-
-import (
-	"go/version"
-)
-
-// Lang returns the Go language version for version x.
-// If x is not a valid version, Lang returns the empty string.
-// For example:
-//
-//	Lang("go1.21rc2") = "go1.21"
-//	Lang("go1.21.2") = "go1.21"
-//	Lang("go1.21") = "go1.21"
-//	Lang("go1") = "go1"
-//	Lang("bad") = ""
-//	Lang("1.21") = ""
-func Lang(x string) string { return version.Lang(x) }
-
-// Compare returns -1, 0, or +1 depending on whether
-// x < y, x == y, or x > y, interpreted as Go versions.
-// The versions x and y must begin with a "go" prefix: "go1.21" not "1.21".
-// Invalid versions, including the empty string, compare less than
-// valid versions and equal to each other.
-// The language version "go1.21" compares less than the
-// release candidate and eventual releases "go1.21rc1" and "go1.21.0".
-// Custom toolchain suffixes are ignored during comparison:
-// "go1.21.0" and "go1.21.0-bigcorp" are equal.
-func Compare(x, y string) int { return version.Compare(x, y) }
-
-// IsValid reports whether the version x is valid.
-func IsValid(x string) bool { return version.IsValid(x) }
diff --git a/vendor/google.golang.org/api/iamcredentials/v1/iamcredentials-gen.go b/vendor/google.golang.org/api/iamcredentials/v1/iamcredentials-gen.go
index 5dfff4cb2cc..947e83a5b58 100644
--- a/vendor/google.golang.org/api/iamcredentials/v1/iamcredentials-gen.go
+++ b/vendor/google.golang.org/api/iamcredentials/v1/iamcredentials-gen.go
@@ -1,4 +1,4 @@
-// Copyright 2023 Google LLC.
+// Copyright 2024 Google LLC.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
@@ -90,7 +90,9 @@ const apiId = "iamcredentials:v1"
 const apiName = "iamcredentials"
 const apiVersion = "v1"
 const basePath = "https://iamcredentials.googleapis.com/"
+const basePathTemplate = "https://iamcredentials.UNIVERSE_DOMAIN/"
 const mtlsBasePath = "https://iamcredentials.mtls.googleapis.com/"
+const defaultUniverseDomain = "googleapis.com"
 
 // OAuth2 scopes used by this API.
 const (
@@ -107,7 +109,9 @@ func NewService(ctx context.Context, opts ...option.ClientOption) (*Service, err
 	// NOTE: prepend, so we don't override user-specified scopes.
 	opts = append([]option.ClientOption{scopesOption}, opts...)
 	opts = append(opts, internaloption.WithDefaultEndpoint(basePath))
+	opts = append(opts, internaloption.WithDefaultEndpointTemplate(basePathTemplate))
 	opts = append(opts, internaloption.WithDefaultMTLSEndpoint(mtlsBasePath))
+	opts = append(opts, internaloption.WithDefaultUniverseDomain(defaultUniverseDomain))
 	client, endpoint, err := htransport.NewClient(ctx, opts...)
 	if err != nil {
 		return nil, err
diff --git a/vendor/google.golang.org/api/internal/settings.go b/vendor/google.golang.org/api/internal/settings.go
index 3356fa97b8f..285e6e04d39 100644
--- a/vendor/google.golang.org/api/internal/settings.go
+++ b/vendor/google.golang.org/api/internal/settings.go
@@ -27,6 +27,7 @@ const (
 type DialSettings struct {
 	Endpoint                      string
 	DefaultEndpoint               string
+	DefaultEndpointTemplate       string
 	DefaultMTLSEndpoint           string
 	Scopes                        []string
 	DefaultScopes                 []string
diff --git a/vendor/google.golang.org/api/internal/version.go b/vendor/google.golang.org/api/internal/version.go
index 104a911327f..8ecad3542b9 100644
--- a/vendor/google.golang.org/api/internal/version.go
+++ b/vendor/google.golang.org/api/internal/version.go
@@ -5,4 +5,4 @@
 package internal
 
 // Version is the current tagged release of the library.
-const Version = "0.154.0"
+const Version = "0.156.0"
diff --git a/vendor/google.golang.org/api/option/internaloption/internaloption.go b/vendor/google.golang.org/api/option/internaloption/internaloption.go
index 3fdee095c1b..c15be9faa96 100644
--- a/vendor/google.golang.org/api/option/internaloption/internaloption.go
+++ b/vendor/google.golang.org/api/option/internaloption/internaloption.go
@@ -22,10 +22,29 @@ func (o defaultEndpointOption) Apply(settings *internal.DialSettings) {
 // It should only be used internally by generated clients.
 //
 // This is similar to WithEndpoint, but allows us to determine whether the user has overridden the default endpoint.
+//
+// Deprecated: WithDefaultEndpoint does not support setting the universe domain.
+// Use WithDefaultEndpointTemplate and WithDefaultUniverseDomain to compose the
+// default endpoint instead.
 func WithDefaultEndpoint(url string) option.ClientOption {
 	return defaultEndpointOption(url)
 }
 
+type defaultEndpointTemplateOption string
+
+func (o defaultEndpointTemplateOption) Apply(settings *internal.DialSettings) {
+	settings.DefaultEndpointTemplate = string(o)
+}
+
+// WithDefaultEndpointTemplate provides a template for creating the endpoint
+// using a universe domain. See also WithDefaultUniverseDomain and
+// option.WithUniverseDomain.
+//
+// It should only be used internally by generated clients.
+func WithDefaultEndpointTemplate(url string) option.ClientOption {
+	return defaultEndpointTemplateOption(url)
+}
+
 type defaultMTLSEndpointOption string
 
 func (o defaultMTLSEndpointOption) Apply(settings *internal.DialSettings) {
diff --git a/vendor/google.golang.org/api/storage/v1/storage-api.json b/vendor/google.golang.org/api/storage/v1/storage-api.json
index 2c5bfb5b30b..25003692209 100644
--- a/vendor/google.golang.org/api/storage/v1/storage-api.json
+++ b/vendor/google.golang.org/api/storage/v1/storage-api.json
@@ -33,7 +33,7 @@
       "location": "me-central2"
     }
   ],
-  "etag": "\"3131373432363238303039393730353234383930\"",
+  "etag": "\"3136323232353032373039383637313835303036\"",
   "icons": {
     "x16": "https://www.google.com/images/icons/product/cloud_storage-16.png",
     "x32": "https://www.google.com/images/icons/product/cloud_storage-32.png"
@@ -99,7 +99,7 @@
   },
   "protocol": "rest",
   "resources": {
-    "anywhereCache": {
+    "anywhereCaches": {
       "methods": {
         "disable": {
           "description": "Disables an Anywhere Cache instance.",
@@ -117,7 +117,7 @@
               "type": "string"
             },
             "bucket": {
-              "description": "Name of the partent bucket",
+              "description": "Name of the parent bucket.",
               "location": "path",
               "required": true,
               "type": "string"
@@ -149,7 +149,7 @@
               "type": "string"
             },
             "bucket": {
-              "description": "Name of the partent bucket",
+              "description": "Name of the parent bucket.",
               "location": "path",
               "required": true,
               "type": "string"
@@ -176,7 +176,7 @@
           ],
           "parameters": {
             "bucket": {
-              "description": "Name of the partent bucket",
+              "description": "Name of the parent bucket.",
               "location": "path",
               "required": true,
               "type": "string"
@@ -204,13 +204,13 @@
           ],
           "parameters": {
             "bucket": {
-              "description": "Name of the partent bucket",
+              "description": "Name of the parent bucket.",
               "location": "path",
               "required": true,
               "type": "string"
             },
             "pageSize": {
-              "description": "Maximum number of items return in a single page of responses. Maximum 1000.",
+              "description": "Maximum number of items to return in a single page of responses. Maximum 1000.",
               "format": "int32",
               "location": "query",
               "minimum": "0",
@@ -250,7 +250,7 @@
               "type": "string"
             },
             "bucket": {
-              "description": "Name of the partent bucket",
+              "description": "Name of the parent bucket.",
               "location": "path",
               "required": true,
               "type": "string"
@@ -282,7 +282,7 @@
               "type": "string"
             },
             "bucket": {
-              "description": "Name of the partent bucket",
+              "description": "Name of the parent bucket.",
               "location": "path",
               "required": true,
               "type": "string"
@@ -314,7 +314,7 @@
               "type": "string"
             },
             "bucket": {
-              "description": "Name of the partent bucket",
+              "description": "Name of the parent bucket.",
               "location": "path",
               "required": true,
               "type": "string"
@@ -1387,6 +1387,240 @@
         }
       }
     },
+    "folders": {
+      "methods": {
+        "delete": {
+          "description": "Permanently deletes a folder. Only applicable to buckets with hierarchical namespace enabled.",
+          "httpMethod": "DELETE",
+          "id": "storage.folders.delete",
+          "parameterOrder": [
+            "bucket",
+            "folder"
+          ],
+          "parameters": {
+            "bucket": {
+              "description": "Name of the bucket in which the folder resides.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            },
+            "folder": {
+              "description": "Name of a folder.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            },
+            "ifMetagenerationMatch": {
+              "description": "If set, only deletes the folder if its metageneration matches this value.",
+              "format": "int64",
+              "location": "query",
+              "type": "string"
+            },
+            "ifMetagenerationNotMatch": {
+              "description": "If set, only deletes the folder if its metageneration does not match this value.",
+              "format": "int64",
+              "location": "query",
+              "type": "string"
+            }
+          },
+          "path": "b/{bucket}/folders/{folder}",
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/devstorage.full_control",
+            "https://www.googleapis.com/auth/devstorage.read_write"
+          ]
+        },
+        "get": {
+          "description": "Returns metadata for the specified folder. Only applicable to buckets with hierarchical namespace enabled.",
+          "httpMethod": "GET",
+          "id": "storage.folders.get",
+          "parameterOrder": [
+            "bucket",
+            "folder"
+          ],
+          "parameters": {
+            "bucket": {
+              "description": "Name of the bucket in which the folder resides.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            },
+            "folder": {
+              "description": "Name of a folder.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            },
+            "ifMetagenerationMatch": {
+              "description": "Makes the return of the folder metadata conditional on whether the folder's current metageneration matches the given value.",
+              "format": "int64",
+              "location": "query",
+              "type": "string"
+            },
+            "ifMetagenerationNotMatch": {
+              "description": "Makes the return of the folder metadata conditional on whether the folder's current metageneration does not match the given value.",
+              "format": "int64",
+              "location": "query",
+              "type": "string"
+            }
+          },
+          "path": "b/{bucket}/folders/{folder}",
+          "response": {
+            "$ref": "Folder"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/cloud-platform.read-only",
+            "https://www.googleapis.com/auth/devstorage.full_control",
+            "https://www.googleapis.com/auth/devstorage.read_only",
+            "https://www.googleapis.com/auth/devstorage.read_write"
+          ]
+        },
+        "insert": {
+          "description": "Creates a new folder. Only applicable to buckets with hierarchical namespace enabled.",
+          "httpMethod": "POST",
+          "id": "storage.folders.insert",
+          "parameterOrder": [
+            "bucket"
+          ],
+          "parameters": {
+            "bucket": {
+              "description": "Name of the bucket in which the folder resides.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            },
+            "recursive": {
+              "description": "If true, any parent folder which doesn’t exist will be created automatically.",
+              "location": "query",
+              "type": "boolean"
+            }
+          },
+          "path": "b/{bucket}/folders",
+          "request": {
+            "$ref": "Folder"
+          },
+          "response": {
+            "$ref": "Folder"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/devstorage.full_control",
+            "https://www.googleapis.com/auth/devstorage.read_write"
+          ]
+        },
+        "list": {
+          "description": "Retrieves a list of folders matching the criteria. Only applicable to buckets with hierarchical namespace enabled.",
+          "httpMethod": "GET",
+          "id": "storage.folders.list",
+          "parameterOrder": [
+            "bucket"
+          ],
+          "parameters": {
+            "bucket": {
+              "description": "Name of the bucket in which to look for folders.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            },
+            "delimiter": {
+              "description": "Returns results in a directory-like mode. The only supported value is '/'. If set, items will only contain folders that either exactly match the prefix, or are one level below the prefix.",
+              "location": "query",
+              "type": "string"
+            },
+            "endOffset": {
+              "description": "Filter results to folders whose names are lexicographically before endOffset. If startOffset is also set, the folders listed will have names between startOffset (inclusive) and endOffset (exclusive).",
+              "location": "query",
+              "type": "string"
+            },
+            "pageSize": {
+              "description": "Maximum number of items to return in a single page of responses.",
+              "format": "int32",
+              "location": "query",
+              "minimum": "0",
+              "type": "integer"
+            },
+            "pageToken": {
+              "description": "A previously-returned page token representing part of the larger set of results to view.",
+              "location": "query",
+              "type": "string"
+            },
+            "prefix": {
+              "description": "Filter results to folders whose paths begin with this prefix. If set, the value must either be an empty string or end with a '/'.",
+              "location": "query",
+              "type": "string"
+            },
+            "startOffset": {
+              "description": "Filter results to folders whose names are lexicographically equal to or after startOffset. If endOffset is also set, the folders listed will have names between startOffset (inclusive) and endOffset (exclusive).",
+              "location": "query",
+              "type": "string"
+            }
+          },
+          "path": "b/{bucket}/folders",
+          "response": {
+            "$ref": "Folders"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/cloud-platform.read-only",
+            "https://www.googleapis.com/auth/devstorage.full_control",
+            "https://www.googleapis.com/auth/devstorage.read_only",
+            "https://www.googleapis.com/auth/devstorage.read_write"
+          ]
+        },
+        "rename": {
+          "description": "Renames a source folder to a destination folder. Only applicable to buckets with hierarchical namespace enabled.",
+          "httpMethod": "POST",
+          "id": "storage.folders.rename",
+          "parameterOrder": [
+            "bucket",
+            "sourceFolder",
+            "destinationFolder"
+          ],
+          "parameters": {
+            "bucket": {
+              "description": "Name of the bucket in which the folders are in.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            },
+            "destinationFolder": {
+              "description": "Name of the destination folder.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            },
+            "ifSourceMetagenerationMatch": {
+              "description": "Makes the operation conditional on whether the source object's current metageneration matches the given value.",
+              "format": "int64",
+              "location": "query",
+              "type": "string"
+            },
+            "ifSourceMetagenerationNotMatch": {
+              "description": "Makes the operation conditional on whether the source object's current metageneration does not match the given value.",
+              "format": "int64",
+              "location": "query",
+              "type": "string"
+            },
+            "sourceFolder": {
+              "description": "Name of the source folder.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            }
+          },
+          "path": "b/{bucket}/folders/{sourceFolder}/renameTo/folders/{destinationFolder}",
+          "response": {
+            "$ref": "GoogleLongrunningOperation"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/devstorage.full_control",
+            "https://www.googleapis.com/auth/devstorage.read_write"
+          ]
+        }
+      }
+    },
     "managedFolders": {
       "methods": {
         "delete": {
@@ -1565,7 +1799,7 @@
               "type": "string"
             },
             "pageSize": {
-              "description": "Maximum number of items return in a single page of responses.",
+              "description": "Maximum number of items to return in a single page of responses.",
               "format": "int32",
               "location": "query",
               "minimum": "0",
@@ -3806,7 +4040,7 @@
       }
     }
   },
-  "revision": "20231202",
+  "revision": "20240105",
   "rootUrl": "https://storage.googleapis.com/",
   "schemas": {
     "AnywhereCache": {
@@ -3860,6 +4094,10 @@
           "description": "The modification time of the cache instance metadata in RFC 3339 format.",
           "format": "date-time",
           "type": "string"
+        },
+        "zone": {
+          "description": "The zone in which the cache instance is running. For example, us-central1-a.",
+          "type": "string"
         }
       },
       "type": "object"
@@ -4010,6 +4248,16 @@
           "description": "HTTP 1.1 Entity tag for the bucket.",
           "type": "string"
         },
+        "hierarchicalNamespace": {
+          "description": "The bucket's hierarchical namespace configuration.",
+          "properties": {
+            "enabled": {
+              "description": "When set to true, hierarchical namespace is enabled for this bucket.",
+              "type": "boolean"
+            }
+          },
+          "type": "object"
+        },
         "iamConfiguration": {
           "description": "The bucket's IAM configuration.",
           "properties": {
@@ -4597,6 +4845,90 @@
       },
       "type": "object"
     },
+    "Folder": {
+      "description": "A folder. Only available in buckets with hierarchical namespace enabled.",
+      "id": "Folder",
+      "properties": {
+        "bucket": {
+          "description": "The name of the bucket containing this folder.",
+          "type": "string"
+        },
+        "id": {
+          "description": "The ID of the folder, including the bucket name, folder name.",
+          "type": "string"
+        },
+        "kind": {
+          "default": "storage#folder",
+          "description": "The kind of item this is. For folders, this is always storage#folder.",
+          "type": "string"
+        },
+        "metadata": {
+          "additionalProperties": {
+            "description": "An individual metadata entry.",
+            "type": "string"
+          },
+          "description": "User-provided metadata, in key/value pairs.",
+          "type": "object"
+        },
+        "metageneration": {
+          "description": "The version of the metadata for this folder. Used for preconditions and for detecting changes in metadata.",
+          "format": "int64",
+          "type": "string"
+        },
+        "name": {
+          "description": "The name of the folder. Required if not specified by URL parameter.",
+          "type": "string"
+        },
+        "pendingRenameInfo": {
+          "description": "Only present if the folder is part of an ongoing rename folder operation. Contains information which can be used to query the operation status.",
+          "properties": {
+            "operationId": {
+              "description": "The ID of the rename folder operation.",
+              "type": "string"
+            }
+          },
+          "type": "object"
+        },
+        "selfLink": {
+          "description": "The link to this folder.",
+          "type": "string"
+        },
+        "timeCreated": {
+          "description": "The creation time of the folder in RFC 3339 format.",
+          "format": "date-time",
+          "type": "string"
+        },
+        "updated": {
+          "description": "The modification time of the folder metadata in RFC 3339 format.",
+          "format": "date-time",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "Folders": {
+      "description": "A list of folders.",
+      "id": "Folders",
+      "properties": {
+        "items": {
+          "description": "The list of items.",
+          "items": {
+            "$ref": "Folder"
+          },
+          "type": "array"
+        },
+        "kind": {
+          "default": "storage#folders",
+          "description": "The kind of item this is. For lists of folders, this is always storage#folders.",
+          "type": "string"
+        },
+        "nextPageToken": {
+          "description": "The continuation token, used to page through large result sets. Provide this value in a subsequent request to return the next page of results.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
     "GoogleLongrunningListOperationsResponse": {
       "description": "The response message for storage.buckets.operations.list.",
       "id": "GoogleLongrunningListOperationsResponse",
diff --git a/vendor/google.golang.org/api/storage/v1/storage-gen.go b/vendor/google.golang.org/api/storage/v1/storage-gen.go
index c4331c04de6..c34ca98c4d5 100644
--- a/vendor/google.golang.org/api/storage/v1/storage-gen.go
+++ b/vendor/google.golang.org/api/storage/v1/storage-gen.go
@@ -1,4 +1,4 @@
-// Copyright 2023 Google LLC.
+// Copyright 2024 Google LLC.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
@@ -98,7 +98,9 @@ const apiId = "storage:v1"
 const apiName = "storage"
 const apiVersion = "v1"
 const basePath = "https://storage.googleapis.com/storage/v1/"
+const basePathTemplate = "https://storage.UNIVERSE_DOMAIN/storage/v1/"
 const mtlsBasePath = "https://storage.mtls.googleapis.com/storage/v1/"
+const defaultUniverseDomain = "googleapis.com"
 
 // OAuth2 scopes used by this API.
 const (
@@ -130,7 +132,9 @@ func NewService(ctx context.Context, opts ...option.ClientOption) (*Service, err
 	// NOTE: prepend, so we don't override user-specified scopes.
 	opts = append([]option.ClientOption{scopesOption}, opts...)
 	opts = append(opts, internaloption.WithDefaultEndpoint(basePath))
+	opts = append(opts, internaloption.WithDefaultEndpointTemplate(basePathTemplate))
 	opts = append(opts, internaloption.WithDefaultMTLSEndpoint(mtlsBasePath))
+	opts = append(opts, internaloption.WithDefaultUniverseDomain(defaultUniverseDomain))
 	client, endpoint, err := htransport.NewClient(ctx, opts...)
 	if err != nil {
 		return nil, err
@@ -155,11 +159,12 @@ func New(client *http.Client) (*Service, error) {
 		return nil, errors.New("client is nil")
 	}
 	s := &Service{client: client, BasePath: basePath}
-	s.AnywhereCache = NewAnywhereCacheService(s)
+	s.AnywhereCaches = NewAnywhereCachesService(s)
 	s.BucketAccessControls = NewBucketAccessControlsService(s)
 	s.Buckets = NewBucketsService(s)
 	s.Channels = NewChannelsService(s)
 	s.DefaultObjectAccessControls = NewDefaultObjectAccessControlsService(s)
+	s.Folders = NewFoldersService(s)
 	s.ManagedFolders = NewManagedFoldersService(s)
 	s.Notifications = NewNotificationsService(s)
 	s.ObjectAccessControls = NewObjectAccessControlsService(s)
@@ -174,7 +179,7 @@ type Service struct {
 	BasePath  string // API endpoint base URL
 	UserAgent string // optional additional User-Agent fragment
 
-	AnywhereCache *AnywhereCacheService
+	AnywhereCaches *AnywhereCachesService
 
 	BucketAccessControls *BucketAccessControlsService
 
@@ -184,6 +189,8 @@ type Service struct {
 
 	DefaultObjectAccessControls *DefaultObjectAccessControlsService
 
+	Folders *FoldersService
+
 	ManagedFolders *ManagedFoldersService
 
 	Notifications *NotificationsService
@@ -204,12 +211,12 @@ func (s *Service) userAgent() string {
 	return googleapi.UserAgent + " " + s.UserAgent
 }
 
-func NewAnywhereCacheService(s *Service) *AnywhereCacheService {
-	rs := &AnywhereCacheService{s: s}
+func NewAnywhereCachesService(s *Service) *AnywhereCachesService {
+	rs := &AnywhereCachesService{s: s}
 	return rs
 }
 
-type AnywhereCacheService struct {
+type AnywhereCachesService struct {
 	s *Service
 }
 
@@ -249,6 +256,15 @@ type DefaultObjectAccessControlsService struct {
 	s *Service
 }
 
+func NewFoldersService(s *Service) *FoldersService {
+	rs := &FoldersService{s: s}
+	return rs
+}
+
+type FoldersService struct {
+	s *Service
+}
+
 func NewManagedFoldersService(s *Service) *ManagedFoldersService {
 	rs := &ManagedFoldersService{s: s}
 	return rs
@@ -367,6 +383,10 @@ type AnywhereCache struct {
 	// RFC 3339 format.
 	UpdateTime string `json:"updateTime,omitempty"`
 
+	// Zone: The zone in which the cache instance is running. For example,
+	// us-central1-a.
+	Zone string `json:"zone,omitempty"`
+
 	// ServerResponse contains the HTTP response code and headers from the
 	// server.
 	googleapi.ServerResponse `json:"-"`
@@ -481,6 +501,10 @@ type Bucket struct {
 	// Etag: HTTP 1.1 Entity tag for the bucket.
 	Etag string `json:"etag,omitempty"`
 
+	// HierarchicalNamespace: The bucket's hierarchical namespace
+	// configuration.
+	HierarchicalNamespace *BucketHierarchicalNamespace `json:"hierarchicalNamespace,omitempty"`
+
 	// IamConfiguration: The bucket's IAM configuration.
 	IamConfiguration *BucketIamConfiguration `json:"iamConfiguration,omitempty"`
 
@@ -781,6 +805,36 @@ func (s *BucketEncryption) MarshalJSON() ([]byte, error) {
 	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
 }
 
+// BucketHierarchicalNamespace: The bucket's hierarchical namespace
+// configuration.
+type BucketHierarchicalNamespace struct {
+	// Enabled: When set to true, hierarchical namespace is enabled for this
+	// bucket.
+	Enabled bool `json:"enabled,omitempty"`
+
+	// ForceSendFields is a list of field names (e.g. "Enabled") to
+	// unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "Enabled") to include in
+	// API requests with the JSON null value. By default, fields with empty
+	// values are omitted from API requests. However, any field with an
+	// empty value appearing in NullFields will be sent to the server as
+	// null. It is an error if a field in this list has a non-empty value.
+	// This may be used to include null fields in Patch requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *BucketHierarchicalNamespace) MarshalJSON() ([]byte, error) {
+	type NoMethod BucketHierarchicalNamespace
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
 // BucketIamConfiguration: The bucket's IAM configuration.
 type BucketIamConfiguration struct {
 	// BucketPolicyOnly: The bucket's uniform bucket-level access
@@ -1793,6 +1847,143 @@ func (s *Expr) MarshalJSON() ([]byte, error) {
 	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
 }
 
+// Folder: A folder. Only available in buckets with hierarchical
+// namespace enabled.
+type Folder struct {
+	// Bucket: The name of the bucket containing this folder.
+	Bucket string `json:"bucket,omitempty"`
+
+	// Id: The ID of the folder, including the bucket name, folder name.
+	Id string `json:"id,omitempty"`
+
+	// Kind: The kind of item this is. For folders, this is always
+	// storage#folder.
+	Kind string `json:"kind,omitempty"`
+
+	// Metadata: User-provided metadata, in key/value pairs.
+	Metadata map[string]string `json:"metadata,omitempty"`
+
+	// Metageneration: The version of the metadata for this folder. Used for
+	// preconditions and for detecting changes in metadata.
+	Metageneration int64 `json:"metageneration,omitempty,string"`
+
+	// Name: The name of the folder. Required if not specified by URL
+	// parameter.
+	Name string `json:"name,omitempty"`
+
+	// PendingRenameInfo: Only present if the folder is part of an ongoing
+	// rename folder operation. Contains information which can be used to
+	// query the operation status.
+	PendingRenameInfo *FolderPendingRenameInfo `json:"pendingRenameInfo,omitempty"`
+
+	// SelfLink: The link to this folder.
+	SelfLink string `json:"selfLink,omitempty"`
+
+	// TimeCreated: The creation time of the folder in RFC 3339 format.
+	TimeCreated string `json:"timeCreated,omitempty"`
+
+	// Updated: The modification time of the folder metadata in RFC 3339
+	// format.
+	Updated string `json:"updated,omitempty"`
+
+	// ServerResponse contains the HTTP response code and headers from the
+	// server.
+	googleapi.ServerResponse `json:"-"`
+
+	// ForceSendFields is a list of field names (e.g. "Bucket") to
+	// unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "Bucket") to include in API
+	// requests with the JSON null value. By default, fields with empty
+	// values are omitted from API requests. However, any field with an
+	// empty value appearing in NullFields will be sent to the server as
+	// null. It is an error if a field in this list has a non-empty value.
+	// This may be used to include null fields in Patch requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *Folder) MarshalJSON() ([]byte, error) {
+	type NoMethod Folder
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
+// FolderPendingRenameInfo: Only present if the folder is part of an
+// ongoing rename folder operation. Contains information which can be
+// used to query the operation status.
+type FolderPendingRenameInfo struct {
+	// OperationId: The ID of the rename folder operation.
+	OperationId string `json:"operationId,omitempty"`
+
+	// ForceSendFields is a list of field names (e.g. "OperationId") to
+	// unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "OperationId") to include
+	// in API requests with the JSON null value. By default, fields with
+	// empty values are omitted from API requests. However, any field with
+	// an empty value appearing in NullFields will be sent to the server as
+	// null. It is an error if a field in this list has a non-empty value.
+	// This may be used to include null fields in Patch requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *FolderPendingRenameInfo) MarshalJSON() ([]byte, error) {
+	type NoMethod FolderPendingRenameInfo
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
+// Folders: A list of folders.
+type Folders struct {
+	// Items: The list of items.
+	Items []*Folder `json:"items,omitempty"`
+
+	// Kind: The kind of item this is. For lists of folders, this is always
+	// storage#folders.
+	Kind string `json:"kind,omitempty"`
+
+	// NextPageToken: The continuation token, used to page through large
+	// result sets. Provide this value in a subsequent request to return the
+	// next page of results.
+	NextPageToken string `json:"nextPageToken,omitempty"`
+
+	// ServerResponse contains the HTTP response code and headers from the
+	// server.
+	googleapi.ServerResponse `json:"-"`
+
+	// ForceSendFields is a list of field names (e.g. "Items") to
+	// unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "Items") to include in API
+	// requests with the JSON null value. By default, fields with empty
+	// values are omitted from API requests. However, any field with an
+	// empty value appearing in NullFields will be sent to the server as
+	// null. It is an error if a field in this list has a non-empty value.
+	// This may be used to include null fields in Patch requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *Folders) MarshalJSON() ([]byte, error) {
+	type NoMethod Folders
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
 // GoogleLongrunningListOperationsResponse: The response message for
 // storage.buckets.operations.list.
 type GoogleLongrunningListOperationsResponse struct {
@@ -3067,7 +3258,7 @@ func (s *TestIamPermissionsResponse) MarshalJSON() ([]byte, error) {
 
 // method id "storage.anywhereCaches.disable":
 
-type AnywhereCacheDisableCall struct {
+type AnywhereCachesDisableCall struct {
 	s               *Service
 	bucket          string
 	anywhereCacheId string
@@ -3079,9 +3270,9 @@ type AnywhereCacheDisableCall struct {
 // Disable: Disables an Anywhere Cache instance.
 //
 // - anywhereCacheId: The ID of requested Anywhere Cache instance.
-// - bucket: Name of the partent bucket.
-func (r *AnywhereCacheService) Disable(bucket string, anywhereCacheId string) *AnywhereCacheDisableCall {
-	c := &AnywhereCacheDisableCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+// - bucket: Name of the parent bucket.
+func (r *AnywhereCachesService) Disable(bucket string, anywhereCacheId string) *AnywhereCachesDisableCall {
+	c := &AnywhereCachesDisableCall{s: r.s, urlParams_: make(gensupport.URLParams)}
 	c.bucket = bucket
 	c.anywhereCacheId = anywhereCacheId
 	return c
@@ -3090,7 +3281,7 @@ func (r *AnywhereCacheService) Disable(bucket string, anywhereCacheId string) *A
 // Fields allows partial responses to be retrieved. See
 // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
 // for more information.
-func (c *AnywhereCacheDisableCall) Fields(s ...googleapi.Field) *AnywhereCacheDisableCall {
+func (c *AnywhereCachesDisableCall) Fields(s ...googleapi.Field) *AnywhereCachesDisableCall {
 	c.urlParams_.Set("fields", googleapi.CombineFields(s))
 	return c
 }
@@ -3098,21 +3289,21 @@ func (c *AnywhereCacheDisableCall) Fields(s ...googleapi.Field) *AnywhereCacheDi
 // Context sets the context to be used in this call's Do method. Any
 // pending HTTP request will be aborted if the provided context is
 // canceled.
-func (c *AnywhereCacheDisableCall) Context(ctx context.Context) *AnywhereCacheDisableCall {
+func (c *AnywhereCachesDisableCall) Context(ctx context.Context) *AnywhereCachesDisableCall {
 	c.ctx_ = ctx
 	return c
 }
 
 // Header returns an http.Header that can be modified by the caller to
 // add HTTP headers to the request.
-func (c *AnywhereCacheDisableCall) Header() http.Header {
+func (c *AnywhereCachesDisableCall) Header() http.Header {
 	if c.header_ == nil {
 		c.header_ = make(http.Header)
 	}
 	return c.header_
 }
 
-func (c *AnywhereCacheDisableCall) doRequest(alt string) (*http.Response, error) {
+func (c *AnywhereCachesDisableCall) doRequest(alt string) (*http.Response, error) {
 	reqHeaders := make(http.Header)
 	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
 	for k, v := range c.header_ {
@@ -3143,7 +3334,7 @@ func (c *AnywhereCacheDisableCall) doRequest(alt string) (*http.Response, error)
 // at all) in error.(*googleapi.Error).Header. Use
 // googleapi.IsNotModified to check whether the returned error was
 // because http.StatusNotModified was returned.
-func (c *AnywhereCacheDisableCall) Do(opts ...googleapi.CallOption) (*AnywhereCache, error) {
+func (c *AnywhereCachesDisableCall) Do(opts ...googleapi.CallOption) (*AnywhereCache, error) {
 	gensupport.SetOptions(c.urlParams_, opts...)
 	res, err := c.doRequest("json")
 	if res != nil && res.StatusCode == http.StatusNotModified {
@@ -3189,7 +3380,7 @@ func (c *AnywhereCacheDisableCall) Do(opts ...googleapi.CallOption) (*AnywhereCa
 	//       "type": "string"
 	//     },
 	//     "bucket": {
-	//       "description": "Name of the partent bucket",
+	//       "description": "Name of the parent bucket.",
 	//       "location": "path",
 	//       "required": true,
 	//       "type": "string"
@@ -3210,7 +3401,7 @@ func (c *AnywhereCacheDisableCall) Do(opts ...googleapi.CallOption) (*AnywhereCa
 
 // method id "storage.anywhereCaches.get":
 
-type AnywhereCacheGetCall struct {
+type AnywhereCachesGetCall struct {
 	s               *Service
 	bucket          string
 	anywhereCacheId string
@@ -3223,9 +3414,9 @@ type AnywhereCacheGetCall struct {
 // Get: Returns the metadata of an Anywhere Cache instance.
 //
 // - anywhereCacheId: The ID of requested Anywhere Cache instance.
-// - bucket: Name of the partent bucket.
-func (r *AnywhereCacheService) Get(bucket string, anywhereCacheId string) *AnywhereCacheGetCall {
-	c := &AnywhereCacheGetCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+// - bucket: Name of the parent bucket.
+func (r *AnywhereCachesService) Get(bucket string, anywhereCacheId string) *AnywhereCachesGetCall {
+	c := &AnywhereCachesGetCall{s: r.s, urlParams_: make(gensupport.URLParams)}
 	c.bucket = bucket
 	c.anywhereCacheId = anywhereCacheId
 	return c
@@ -3234,7 +3425,7 @@ func (r *AnywhereCacheService) Get(bucket string, anywhereCacheId string) *Anywh
 // Fields allows partial responses to be retrieved. See
 // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
 // for more information.
-func (c *AnywhereCacheGetCall) Fields(s ...googleapi.Field) *AnywhereCacheGetCall {
+func (c *AnywhereCachesGetCall) Fields(s ...googleapi.Field) *AnywhereCachesGetCall {
 	c.urlParams_.Set("fields", googleapi.CombineFields(s))
 	return c
 }
@@ -3244,7 +3435,7 @@ func (c *AnywhereCacheGetCall) Fields(s ...googleapi.Field) *AnywhereCacheGetCal
 // getting updates only after the object has changed since the last
 // request. Use googleapi.IsNotModified to check whether the response
 // error from Do is the result of In-None-Match.
-func (c *AnywhereCacheGetCall) IfNoneMatch(entityTag string) *AnywhereCacheGetCall {
+func (c *AnywhereCachesGetCall) IfNoneMatch(entityTag string) *AnywhereCachesGetCall {
 	c.ifNoneMatch_ = entityTag
 	return c
 }
@@ -3252,21 +3443,21 @@ func (c *AnywhereCacheGetCall) IfNoneMatch(entityTag string) *AnywhereCacheGetCa
 // Context sets the context to be used in this call's Do method. Any
 // pending HTTP request will be aborted if the provided context is
 // canceled.
-func (c *AnywhereCacheGetCall) Context(ctx context.Context) *AnywhereCacheGetCall {
+func (c *AnywhereCachesGetCall) Context(ctx context.Context) *AnywhereCachesGetCall {
 	c.ctx_ = ctx
 	return c
 }
 
 // Header returns an http.Header that can be modified by the caller to
 // add HTTP headers to the request.
-func (c *AnywhereCacheGetCall) Header() http.Header {
+func (c *AnywhereCachesGetCall) Header() http.Header {
 	if c.header_ == nil {
 		c.header_ = make(http.Header)
 	}
 	return c.header_
 }
 
-func (c *AnywhereCacheGetCall) doRequest(alt string) (*http.Response, error) {
+func (c *AnywhereCachesGetCall) doRequest(alt string) (*http.Response, error) {
 	reqHeaders := make(http.Header)
 	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
 	for k, v := range c.header_ {
@@ -3300,7 +3491,7 @@ func (c *AnywhereCacheGetCall) doRequest(alt string) (*http.Response, error) {
 // at all) in error.(*googleapi.Error).Header. Use
 // googleapi.IsNotModified to check whether the returned error was
 // because http.StatusNotModified was returned.
-func (c *AnywhereCacheGetCall) Do(opts ...googleapi.CallOption) (*AnywhereCache, error) {
+func (c *AnywhereCachesGetCall) Do(opts ...googleapi.CallOption) (*AnywhereCache, error) {
 	gensupport.SetOptions(c.urlParams_, opts...)
 	res, err := c.doRequest("json")
 	if res != nil && res.StatusCode == http.StatusNotModified {
@@ -3346,7 +3537,7 @@ func (c *AnywhereCacheGetCall) Do(opts ...googleapi.CallOption) (*AnywhereCache,
 	//       "type": "string"
 	//     },
 	//     "bucket": {
-	//       "description": "Name of the partent bucket",
+	//       "description": "Name of the parent bucket.",
 	//       "location": "path",
 	//       "required": true,
 	//       "type": "string"
@@ -3369,7 +3560,7 @@ func (c *AnywhereCacheGetCall) Do(opts ...googleapi.CallOption) (*AnywhereCache,
 
 // method id "storage.anywhereCaches.insert":
 
-type AnywhereCacheInsertCall struct {
+type AnywhereCachesInsertCall struct {
 	s             *Service
 	bucket        string
 	anywherecache *AnywhereCache
@@ -3380,9 +3571,9 @@ type AnywhereCacheInsertCall struct {
 
 // Insert: Creates an Anywhere Cache instance.
 //
-// - bucket: Name of the partent bucket.
-func (r *AnywhereCacheService) Insert(bucket string, anywherecache *AnywhereCache) *AnywhereCacheInsertCall {
-	c := &AnywhereCacheInsertCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+// - bucket: Name of the parent bucket.
+func (r *AnywhereCachesService) Insert(bucket string, anywherecache *AnywhereCache) *AnywhereCachesInsertCall {
+	c := &AnywhereCachesInsertCall{s: r.s, urlParams_: make(gensupport.URLParams)}
 	c.bucket = bucket
 	c.anywherecache = anywherecache
 	return c
@@ -3391,7 +3582,7 @@ func (r *AnywhereCacheService) Insert(bucket string, anywherecache *AnywhereCach
 // Fields allows partial responses to be retrieved. See
 // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
 // for more information.
-func (c *AnywhereCacheInsertCall) Fields(s ...googleapi.Field) *AnywhereCacheInsertCall {
+func (c *AnywhereCachesInsertCall) Fields(s ...googleapi.Field) *AnywhereCachesInsertCall {
 	c.urlParams_.Set("fields", googleapi.CombineFields(s))
 	return c
 }
@@ -3399,21 +3590,21 @@ func (c *AnywhereCacheInsertCall) Fields(s ...googleapi.Field) *AnywhereCacheIns
 // Context sets the context to be used in this call's Do method. Any
 // pending HTTP request will be aborted if the provided context is
 // canceled.
-func (c *AnywhereCacheInsertCall) Context(ctx context.Context) *AnywhereCacheInsertCall {
+func (c *AnywhereCachesInsertCall) Context(ctx context.Context) *AnywhereCachesInsertCall {
 	c.ctx_ = ctx
 	return c
 }
 
 // Header returns an http.Header that can be modified by the caller to
 // add HTTP headers to the request.
-func (c *AnywhereCacheInsertCall) Header() http.Header {
+func (c *AnywhereCachesInsertCall) Header() http.Header {
 	if c.header_ == nil {
 		c.header_ = make(http.Header)
 	}
 	return c.header_
 }
 
-func (c *AnywhereCacheInsertCall) doRequest(alt string) (*http.Response, error) {
+func (c *AnywhereCachesInsertCall) doRequest(alt string) (*http.Response, error) {
 	reqHeaders := make(http.Header)
 	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
 	for k, v := range c.header_ {
@@ -3448,7 +3639,7 @@ func (c *AnywhereCacheInsertCall) doRequest(alt string) (*http.Response, error)
 // was returned at all) in error.(*googleapi.Error).Header. Use
 // googleapi.IsNotModified to check whether the returned error was
 // because http.StatusNotModified was returned.
-func (c *AnywhereCacheInsertCall) Do(opts ...googleapi.CallOption) (*GoogleLongrunningOperation, error) {
+func (c *AnywhereCachesInsertCall) Do(opts ...googleapi.CallOption) (*GoogleLongrunningOperation, error) {
 	gensupport.SetOptions(c.urlParams_, opts...)
 	res, err := c.doRequest("json")
 	if res != nil && res.StatusCode == http.StatusNotModified {
@@ -3487,7 +3678,7 @@ func (c *AnywhereCacheInsertCall) Do(opts ...googleapi.CallOption) (*GoogleLongr
 	//   ],
 	//   "parameters": {
 	//     "bucket": {
-	//       "description": "Name of the partent bucket",
+	//       "description": "Name of the parent bucket.",
 	//       "location": "path",
 	//       "required": true,
 	//       "type": "string"
@@ -3511,7 +3702,7 @@ func (c *AnywhereCacheInsertCall) Do(opts ...googleapi.CallOption) (*GoogleLongr
 
 // method id "storage.anywhereCaches.list":
 
-type AnywhereCacheListCall struct {
+type AnywhereCachesListCall struct {
 	s            *Service
 	bucket       string
 	urlParams_   gensupport.URLParams
@@ -3523,16 +3714,16 @@ type AnywhereCacheListCall struct {
 // List: Returns a list of Anywhere Cache instances of the bucket
 // matching the criteria.
 //
-// - bucket: Name of the partent bucket.
-func (r *AnywhereCacheService) List(bucket string) *AnywhereCacheListCall {
-	c := &AnywhereCacheListCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+// - bucket: Name of the parent bucket.
+func (r *AnywhereCachesService) List(bucket string) *AnywhereCachesListCall {
+	c := &AnywhereCachesListCall{s: r.s, urlParams_: make(gensupport.URLParams)}
 	c.bucket = bucket
 	return c
 }
 
 // PageSize sets the optional parameter "pageSize": Maximum number of
-// items return in a single page of responses. Maximum 1000.
-func (c *AnywhereCacheListCall) PageSize(pageSize int64) *AnywhereCacheListCall {
+// items to return in a single page of responses. Maximum 1000.
+func (c *AnywhereCachesListCall) PageSize(pageSize int64) *AnywhereCachesListCall {
 	c.urlParams_.Set("pageSize", fmt.Sprint(pageSize))
 	return c
 }
@@ -3540,7 +3731,7 @@ func (c *AnywhereCacheListCall) PageSize(pageSize int64) *AnywhereCacheListCall
 // PageToken sets the optional parameter "pageToken": A
 // previously-returned page token representing part of the larger set of
 // results to view.
-func (c *AnywhereCacheListCall) PageToken(pageToken string) *AnywhereCacheListCall {
+func (c *AnywhereCachesListCall) PageToken(pageToken string) *AnywhereCachesListCall {
 	c.urlParams_.Set("pageToken", pageToken)
 	return c
 }
@@ -3548,7 +3739,7 @@ func (c *AnywhereCacheListCall) PageToken(pageToken string) *AnywhereCacheListCa
 // Fields allows partial responses to be retrieved. See
 // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
 // for more information.
-func (c *AnywhereCacheListCall) Fields(s ...googleapi.Field) *AnywhereCacheListCall {
+func (c *AnywhereCachesListCall) Fields(s ...googleapi.Field) *AnywhereCachesListCall {
 	c.urlParams_.Set("fields", googleapi.CombineFields(s))
 	return c
 }
@@ -3558,7 +3749,7 @@ func (c *AnywhereCacheListCall) Fields(s ...googleapi.Field) *AnywhereCacheListC
 // getting updates only after the object has changed since the last
 // request. Use googleapi.IsNotModified to check whether the response
 // error from Do is the result of In-None-Match.
-func (c *AnywhereCacheListCall) IfNoneMatch(entityTag string) *AnywhereCacheListCall {
+func (c *AnywhereCachesListCall) IfNoneMatch(entityTag string) *AnywhereCachesListCall {
 	c.ifNoneMatch_ = entityTag
 	return c
 }
@@ -3566,21 +3757,21 @@ func (c *AnywhereCacheListCall) IfNoneMatch(entityTag string) *AnywhereCacheList
 // Context sets the context to be used in this call's Do method. Any
 // pending HTTP request will be aborted if the provided context is
 // canceled.
-func (c *AnywhereCacheListCall) Context(ctx context.Context) *AnywhereCacheListCall {
+func (c *AnywhereCachesListCall) Context(ctx context.Context) *AnywhereCachesListCall {
 	c.ctx_ = ctx
 	return c
 }
 
 // Header returns an http.Header that can be modified by the caller to
 // add HTTP headers to the request.
-func (c *AnywhereCacheListCall) Header() http.Header {
+func (c *AnywhereCachesListCall) Header() http.Header {
 	if c.header_ == nil {
 		c.header_ = make(http.Header)
 	}
 	return c.header_
 }
 
-func (c *AnywhereCacheListCall) doRequest(alt string) (*http.Response, error) {
+func (c *AnywhereCachesListCall) doRequest(alt string) (*http.Response, error) {
 	reqHeaders := make(http.Header)
 	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
 	for k, v := range c.header_ {
@@ -3613,7 +3804,7 @@ func (c *AnywhereCacheListCall) doRequest(alt string) (*http.Response, error) {
 // at all) in error.(*googleapi.Error).Header. Use
 // googleapi.IsNotModified to check whether the returned error was
 // because http.StatusNotModified was returned.
-func (c *AnywhereCacheListCall) Do(opts ...googleapi.CallOption) (*AnywhereCaches, error) {
+func (c *AnywhereCachesListCall) Do(opts ...googleapi.CallOption) (*AnywhereCaches, error) {
 	gensupport.SetOptions(c.urlParams_, opts...)
 	res, err := c.doRequest("json")
 	if res != nil && res.StatusCode == http.StatusNotModified {
@@ -3652,13 +3843,13 @@ func (c *AnywhereCacheListCall) Do(opts ...googleapi.CallOption) (*AnywhereCache
 	//   ],
 	//   "parameters": {
 	//     "bucket": {
-	//       "description": "Name of the partent bucket",
+	//       "description": "Name of the parent bucket.",
 	//       "location": "path",
 	//       "required": true,
 	//       "type": "string"
 	//     },
 	//     "pageSize": {
-	//       "description": "Maximum number of items return in a single page of responses. Maximum 1000.",
+	//       "description": "Maximum number of items to return in a single page of responses. Maximum 1000.",
 	//       "format": "int32",
 	//       "location": "query",
 	//       "minimum": "0",
@@ -3688,7 +3879,7 @@ func (c *AnywhereCacheListCall) Do(opts ...googleapi.CallOption) (*AnywhereCache
 // Pages invokes f for each page of results.
 // A non-nil error returned from f will halt the iteration.
 // The provided context supersedes any context provided to the Context method.
-func (c *AnywhereCacheListCall) Pages(ctx context.Context, f func(*AnywhereCaches) error) error {
+func (c *AnywhereCachesListCall) Pages(ctx context.Context, f func(*AnywhereCaches) error) error {
 	c.ctx_ = ctx
 	defer c.PageToken(c.urlParams_.Get("pageToken")) // reset paging to original point
 	for {
@@ -3708,7 +3899,7 @@ func (c *AnywhereCacheListCall) Pages(ctx context.Context, f func(*AnywhereCache
 
 // method id "storage.anywhereCaches.pause":
 
-type AnywhereCachePauseCall struct {
+type AnywhereCachesPauseCall struct {
 	s               *Service
 	bucket          string
 	anywhereCacheId string
@@ -3720,9 +3911,9 @@ type AnywhereCachePauseCall struct {
 // Pause: Pauses an Anywhere Cache instance.
 //
 // - anywhereCacheId: The ID of requested Anywhere Cache instance.
-// - bucket: Name of the partent bucket.
-func (r *AnywhereCacheService) Pause(bucket string, anywhereCacheId string) *AnywhereCachePauseCall {
-	c := &AnywhereCachePauseCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+// - bucket: Name of the parent bucket.
+func (r *AnywhereCachesService) Pause(bucket string, anywhereCacheId string) *AnywhereCachesPauseCall {
+	c := &AnywhereCachesPauseCall{s: r.s, urlParams_: make(gensupport.URLParams)}
 	c.bucket = bucket
 	c.anywhereCacheId = anywhereCacheId
 	return c
@@ -3731,7 +3922,7 @@ func (r *AnywhereCacheService) Pause(bucket string, anywhereCacheId string) *Any
 // Fields allows partial responses to be retrieved. See
 // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
 // for more information.
-func (c *AnywhereCachePauseCall) Fields(s ...googleapi.Field) *AnywhereCachePauseCall {
+func (c *AnywhereCachesPauseCall) Fields(s ...googleapi.Field) *AnywhereCachesPauseCall {
 	c.urlParams_.Set("fields", googleapi.CombineFields(s))
 	return c
 }
@@ -3739,21 +3930,21 @@ func (c *AnywhereCachePauseCall) Fields(s ...googleapi.Field) *AnywhereCachePaus
 // Context sets the context to be used in this call's Do method. Any
 // pending HTTP request will be aborted if the provided context is
 // canceled.
-func (c *AnywhereCachePauseCall) Context(ctx context.Context) *AnywhereCachePauseCall {
+func (c *AnywhereCachesPauseCall) Context(ctx context.Context) *AnywhereCachesPauseCall {
 	c.ctx_ = ctx
 	return c
 }
 
 // Header returns an http.Header that can be modified by the caller to
 // add HTTP headers to the request.
-func (c *AnywhereCachePauseCall) Header() http.Header {
+func (c *AnywhereCachesPauseCall) Header() http.Header {
 	if c.header_ == nil {
 		c.header_ = make(http.Header)
 	}
 	return c.header_
 }
 
-func (c *AnywhereCachePauseCall) doRequest(alt string) (*http.Response, error) {
+func (c *AnywhereCachesPauseCall) doRequest(alt string) (*http.Response, error) {
 	reqHeaders := make(http.Header)
 	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
 	for k, v := range c.header_ {
@@ -3784,7 +3975,7 @@ func (c *AnywhereCachePauseCall) doRequest(alt string) (*http.Response, error) {
 // at all) in error.(*googleapi.Error).Header. Use
 // googleapi.IsNotModified to check whether the returned error was
 // because http.StatusNotModified was returned.
-func (c *AnywhereCachePauseCall) Do(opts ...googleapi.CallOption) (*AnywhereCache, error) {
+func (c *AnywhereCachesPauseCall) Do(opts ...googleapi.CallOption) (*AnywhereCache, error) {
 	gensupport.SetOptions(c.urlParams_, opts...)
 	res, err := c.doRequest("json")
 	if res != nil && res.StatusCode == http.StatusNotModified {
@@ -3830,7 +4021,7 @@ func (c *AnywhereCachePauseCall) Do(opts ...googleapi.CallOption) (*AnywhereCach
 	//       "type": "string"
 	//     },
 	//     "bucket": {
-	//       "description": "Name of the partent bucket",
+	//       "description": "Name of the parent bucket.",
 	//       "location": "path",
 	//       "required": true,
 	//       "type": "string"
@@ -3851,7 +4042,7 @@ func (c *AnywhereCachePauseCall) Do(opts ...googleapi.CallOption) (*AnywhereCach
 
 // method id "storage.anywhereCaches.resume":
 
-type AnywhereCacheResumeCall struct {
+type AnywhereCachesResumeCall struct {
 	s               *Service
 	bucket          string
 	anywhereCacheId string
@@ -3863,9 +4054,9 @@ type AnywhereCacheResumeCall struct {
 // Resume: Resumes a paused or disabled Anywhere Cache instance.
 //
 // - anywhereCacheId: The ID of requested Anywhere Cache instance.
-// - bucket: Name of the partent bucket.
-func (r *AnywhereCacheService) Resume(bucket string, anywhereCacheId string) *AnywhereCacheResumeCall {
-	c := &AnywhereCacheResumeCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+// - bucket: Name of the parent bucket.
+func (r *AnywhereCachesService) Resume(bucket string, anywhereCacheId string) *AnywhereCachesResumeCall {
+	c := &AnywhereCachesResumeCall{s: r.s, urlParams_: make(gensupport.URLParams)}
 	c.bucket = bucket
 	c.anywhereCacheId = anywhereCacheId
 	return c
@@ -3874,7 +4065,7 @@ func (r *AnywhereCacheService) Resume(bucket string, anywhereCacheId string) *An
 // Fields allows partial responses to be retrieved. See
 // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
 // for more information.
-func (c *AnywhereCacheResumeCall) Fields(s ...googleapi.Field) *AnywhereCacheResumeCall {
+func (c *AnywhereCachesResumeCall) Fields(s ...googleapi.Field) *AnywhereCachesResumeCall {
 	c.urlParams_.Set("fields", googleapi.CombineFields(s))
 	return c
 }
@@ -3882,21 +4073,21 @@ func (c *AnywhereCacheResumeCall) Fields(s ...googleapi.Field) *AnywhereCacheRes
 // Context sets the context to be used in this call's Do method. Any
 // pending HTTP request will be aborted if the provided context is
 // canceled.
-func (c *AnywhereCacheResumeCall) Context(ctx context.Context) *AnywhereCacheResumeCall {
+func (c *AnywhereCachesResumeCall) Context(ctx context.Context) *AnywhereCachesResumeCall {
 	c.ctx_ = ctx
 	return c
 }
 
 // Header returns an http.Header that can be modified by the caller to
 // add HTTP headers to the request.
-func (c *AnywhereCacheResumeCall) Header() http.Header {
+func (c *AnywhereCachesResumeCall) Header() http.Header {
 	if c.header_ == nil {
 		c.header_ = make(http.Header)
 	}
 	return c.header_
 }
 
-func (c *AnywhereCacheResumeCall) doRequest(alt string) (*http.Response, error) {
+func (c *AnywhereCachesResumeCall) doRequest(alt string) (*http.Response, error) {
 	reqHeaders := make(http.Header)
 	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
 	for k, v := range c.header_ {
@@ -3927,7 +4118,7 @@ func (c *AnywhereCacheResumeCall) doRequest(alt string) (*http.Response, error)
 // at all) in error.(*googleapi.Error).Header. Use
 // googleapi.IsNotModified to check whether the returned error was
 // because http.StatusNotModified was returned.
-func (c *AnywhereCacheResumeCall) Do(opts ...googleapi.CallOption) (*AnywhereCache, error) {
+func (c *AnywhereCachesResumeCall) Do(opts ...googleapi.CallOption) (*AnywhereCache, error) {
 	gensupport.SetOptions(c.urlParams_, opts...)
 	res, err := c.doRequest("json")
 	if res != nil && res.StatusCode == http.StatusNotModified {
@@ -3973,7 +4164,7 @@ func (c *AnywhereCacheResumeCall) Do(opts ...googleapi.CallOption) (*AnywhereCac
 	//       "type": "string"
 	//     },
 	//     "bucket": {
-	//       "description": "Name of the partent bucket",
+	//       "description": "Name of the parent bucket.",
 	//       "location": "path",
 	//       "required": true,
 	//       "type": "string"
@@ -3994,7 +4185,7 @@ func (c *AnywhereCacheResumeCall) Do(opts ...googleapi.CallOption) (*AnywhereCac
 
 // method id "storage.anywhereCaches.update":
 
-type AnywhereCacheUpdateCall struct {
+type AnywhereCachesUpdateCall struct {
 	s               *Service
 	bucket          string
 	anywhereCacheId string
@@ -4008,9 +4199,9 @@ type AnywhereCacheUpdateCall struct {
 // Cache instance.
 //
 // - anywhereCacheId: The ID of requested Anywhere Cache instance.
-// - bucket: Name of the partent bucket.
-func (r *AnywhereCacheService) Update(bucket string, anywhereCacheId string, anywherecache *AnywhereCache) *AnywhereCacheUpdateCall {
-	c := &AnywhereCacheUpdateCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+// - bucket: Name of the parent bucket.
+func (r *AnywhereCachesService) Update(bucket string, anywhereCacheId string, anywherecache *AnywhereCache) *AnywhereCachesUpdateCall {
+	c := &AnywhereCachesUpdateCall{s: r.s, urlParams_: make(gensupport.URLParams)}
 	c.bucket = bucket
 	c.anywhereCacheId = anywhereCacheId
 	c.anywherecache = anywherecache
@@ -4020,7 +4211,7 @@ func (r *AnywhereCacheService) Update(bucket string, anywhereCacheId string, any
 // Fields allows partial responses to be retrieved. See
 // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
 // for more information.
-func (c *AnywhereCacheUpdateCall) Fields(s ...googleapi.Field) *AnywhereCacheUpdateCall {
+func (c *AnywhereCachesUpdateCall) Fields(s ...googleapi.Field) *AnywhereCachesUpdateCall {
 	c.urlParams_.Set("fields", googleapi.CombineFields(s))
 	return c
 }
@@ -4028,21 +4219,21 @@ func (c *AnywhereCacheUpdateCall) Fields(s ...googleapi.Field) *AnywhereCacheUpd
 // Context sets the context to be used in this call's Do method. Any
 // pending HTTP request will be aborted if the provided context is
 // canceled.
-func (c *AnywhereCacheUpdateCall) Context(ctx context.Context) *AnywhereCacheUpdateCall {
+func (c *AnywhereCachesUpdateCall) Context(ctx context.Context) *AnywhereCachesUpdateCall {
 	c.ctx_ = ctx
 	return c
 }
 
 // Header returns an http.Header that can be modified by the caller to
 // add HTTP headers to the request.
-func (c *AnywhereCacheUpdateCall) Header() http.Header {
+func (c *AnywhereCachesUpdateCall) Header() http.Header {
 	if c.header_ == nil {
 		c.header_ = make(http.Header)
 	}
 	return c.header_
 }
 
-func (c *AnywhereCacheUpdateCall) doRequest(alt string) (*http.Response, error) {
+func (c *AnywhereCachesUpdateCall) doRequest(alt string) (*http.Response, error) {
 	reqHeaders := make(http.Header)
 	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
 	for k, v := range c.header_ {
@@ -4078,7 +4269,7 @@ func (c *AnywhereCacheUpdateCall) doRequest(alt string) (*http.Response, error)
 // was returned at all) in error.(*googleapi.Error).Header. Use
 // googleapi.IsNotModified to check whether the returned error was
 // because http.StatusNotModified was returned.
-func (c *AnywhereCacheUpdateCall) Do(opts ...googleapi.CallOption) (*GoogleLongrunningOperation, error) {
+func (c *AnywhereCachesUpdateCall) Do(opts ...googleapi.CallOption) (*GoogleLongrunningOperation, error) {
 	gensupport.SetOptions(c.urlParams_, opts...)
 	res, err := c.doRequest("json")
 	if res != nil && res.StatusCode == http.StatusNotModified {
@@ -4124,7 +4315,7 @@ func (c *AnywhereCacheUpdateCall) Do(opts ...googleapi.CallOption) (*GoogleLongr
 	//       "type": "string"
 	//     },
 	//     "bucket": {
-	//       "description": "Name of the partent bucket",
+	//       "description": "Name of the parent bucket.",
 	//       "location": "path",
 	//       "required": true,
 	//       "type": "string"
@@ -8316,6 +8507,932 @@ func (c *DefaultObjectAccessControlsUpdateCall) Do(opts ...googleapi.CallOption)
 
 }
 
+// method id "storage.folders.delete":
+
+type FoldersDeleteCall struct {
+	s          *Service
+	bucket     string
+	folder     string
+	urlParams_ gensupport.URLParams
+	ctx_       context.Context
+	header_    http.Header
+}
+
+// Delete: Permanently deletes a folder. Only applicable to buckets with
+// hierarchical namespace enabled.
+//
+// - bucket: Name of the bucket in which the folder resides.
+// - folder: Name of a folder.
+func (r *FoldersService) Delete(bucket string, folder string) *FoldersDeleteCall {
+	c := &FoldersDeleteCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+	c.bucket = bucket
+	c.folder = folder
+	return c
+}
+
+// IfMetagenerationMatch sets the optional parameter
+// "ifMetagenerationMatch": If set, only deletes the folder if its
+// metageneration matches this value.
+func (c *FoldersDeleteCall) IfMetagenerationMatch(ifMetagenerationMatch int64) *FoldersDeleteCall {
+	c.urlParams_.Set("ifMetagenerationMatch", fmt.Sprint(ifMetagenerationMatch))
+	return c
+}
+
+// IfMetagenerationNotMatch sets the optional parameter
+// "ifMetagenerationNotMatch": If set, only deletes the folder if its
+// metageneration does not match this value.
+func (c *FoldersDeleteCall) IfMetagenerationNotMatch(ifMetagenerationNotMatch int64) *FoldersDeleteCall {
+	c.urlParams_.Set("ifMetagenerationNotMatch", fmt.Sprint(ifMetagenerationNotMatch))
+	return c
+}
+
+// Fields allows partial responses to be retrieved. See
+// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
+// for more information.
+func (c *FoldersDeleteCall) Fields(s ...googleapi.Field) *FoldersDeleteCall {
+	c.urlParams_.Set("fields", googleapi.CombineFields(s))
+	return c
+}
+
+// Context sets the context to be used in this call's Do method. Any
+// pending HTTP request will be aborted if the provided context is
+// canceled.
+func (c *FoldersDeleteCall) Context(ctx context.Context) *FoldersDeleteCall {
+	c.ctx_ = ctx
+	return c
+}
+
+// Header returns an http.Header that can be modified by the caller to
+// add HTTP headers to the request.
+func (c *FoldersDeleteCall) Header() http.Header {
+	if c.header_ == nil {
+		c.header_ = make(http.Header)
+	}
+	return c.header_
+}
+
+func (c *FoldersDeleteCall) doRequest(alt string) (*http.Response, error) {
+	reqHeaders := make(http.Header)
+	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
+	for k, v := range c.header_ {
+		reqHeaders[k] = v
+	}
+	reqHeaders.Set("User-Agent", c.s.userAgent())
+	var body io.Reader = nil
+	c.urlParams_.Set("alt", alt)
+	c.urlParams_.Set("prettyPrint", "false")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "b/{bucket}/folders/{folder}")
+	urls += "?" + c.urlParams_.Encode()
+	req, err := http.NewRequest("DELETE", urls, body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header = reqHeaders
+	googleapi.Expand(req.URL, map[string]string{
+		"bucket": c.bucket,
+		"folder": c.folder,
+	})
+	return gensupport.SendRequest(c.ctx_, c.s.client, req)
+}
+
+// Do executes the "storage.folders.delete" call.
+func (c *FoldersDeleteCall) Do(opts ...googleapi.CallOption) error {
+	gensupport.SetOptions(c.urlParams_, opts...)
+	res, err := c.doRequest("json")
+	if err != nil {
+		return err
+	}
+	defer googleapi.CloseBody(res)
+	if err := googleapi.CheckResponse(res); err != nil {
+		return gensupport.WrapError(err)
+	}
+	return nil
+	// {
+	//   "description": "Permanently deletes a folder. Only applicable to buckets with hierarchical namespace enabled.",
+	//   "httpMethod": "DELETE",
+	//   "id": "storage.folders.delete",
+	//   "parameterOrder": [
+	//     "bucket",
+	//     "folder"
+	//   ],
+	//   "parameters": {
+	//     "bucket": {
+	//       "description": "Name of the bucket in which the folder resides.",
+	//       "location": "path",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "folder": {
+	//       "description": "Name of a folder.",
+	//       "location": "path",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "ifMetagenerationMatch": {
+	//       "description": "If set, only deletes the folder if its metageneration matches this value.",
+	//       "format": "int64",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "ifMetagenerationNotMatch": {
+	//       "description": "If set, only deletes the folder if its metageneration does not match this value.",
+	//       "format": "int64",
+	//       "location": "query",
+	//       "type": "string"
+	//     }
+	//   },
+	//   "path": "b/{bucket}/folders/{folder}",
+	//   "scopes": [
+	//     "https://www.googleapis.com/auth/cloud-platform",
+	//     "https://www.googleapis.com/auth/devstorage.full_control",
+	//     "https://www.googleapis.com/auth/devstorage.read_write"
+	//   ]
+	// }
+
+}
+
+// method id "storage.folders.get":
+
+type FoldersGetCall struct {
+	s            *Service
+	bucket       string
+	folder       string
+	urlParams_   gensupport.URLParams
+	ifNoneMatch_ string
+	ctx_         context.Context
+	header_      http.Header
+}
+
+// Get: Returns metadata for the specified folder. Only applicable to
+// buckets with hierarchical namespace enabled.
+//
+// - bucket: Name of the bucket in which the folder resides.
+// - folder: Name of a folder.
+func (r *FoldersService) Get(bucket string, folder string) *FoldersGetCall {
+	c := &FoldersGetCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+	c.bucket = bucket
+	c.folder = folder
+	return c
+}
+
+// IfMetagenerationMatch sets the optional parameter
+// "ifMetagenerationMatch": Makes the return of the folder metadata
+// conditional on whether the folder's current metageneration matches
+// the given value.
+func (c *FoldersGetCall) IfMetagenerationMatch(ifMetagenerationMatch int64) *FoldersGetCall {
+	c.urlParams_.Set("ifMetagenerationMatch", fmt.Sprint(ifMetagenerationMatch))
+	return c
+}
+
+// IfMetagenerationNotMatch sets the optional parameter
+// "ifMetagenerationNotMatch": Makes the return of the folder metadata
+// conditional on whether the folder's current metageneration does not
+// match the given value.
+func (c *FoldersGetCall) IfMetagenerationNotMatch(ifMetagenerationNotMatch int64) *FoldersGetCall {
+	c.urlParams_.Set("ifMetagenerationNotMatch", fmt.Sprint(ifMetagenerationNotMatch))
+	return c
+}
+
+// Fields allows partial responses to be retrieved. See
+// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
+// for more information.
+func (c *FoldersGetCall) Fields(s ...googleapi.Field) *FoldersGetCall {
+	c.urlParams_.Set("fields", googleapi.CombineFields(s))
+	return c
+}
+
+// IfNoneMatch sets the optional parameter which makes the operation
+// fail if the object's ETag matches the given value. This is useful for
+// getting updates only after the object has changed since the last
+// request. Use googleapi.IsNotModified to check whether the response
+// error from Do is the result of In-None-Match.
+func (c *FoldersGetCall) IfNoneMatch(entityTag string) *FoldersGetCall {
+	c.ifNoneMatch_ = entityTag
+	return c
+}
+
+// Context sets the context to be used in this call's Do method. Any
+// pending HTTP request will be aborted if the provided context is
+// canceled.
+func (c *FoldersGetCall) Context(ctx context.Context) *FoldersGetCall {
+	c.ctx_ = ctx
+	return c
+}
+
+// Header returns an http.Header that can be modified by the caller to
+// add HTTP headers to the request.
+func (c *FoldersGetCall) Header() http.Header {
+	if c.header_ == nil {
+		c.header_ = make(http.Header)
+	}
+	return c.header_
+}
+
+func (c *FoldersGetCall) doRequest(alt string) (*http.Response, error) {
+	reqHeaders := make(http.Header)
+	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
+	for k, v := range c.header_ {
+		reqHeaders[k] = v
+	}
+	reqHeaders.Set("User-Agent", c.s.userAgent())
+	if c.ifNoneMatch_ != "" {
+		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
+	}
+	var body io.Reader = nil
+	c.urlParams_.Set("alt", alt)
+	c.urlParams_.Set("prettyPrint", "false")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "b/{bucket}/folders/{folder}")
+	urls += "?" + c.urlParams_.Encode()
+	req, err := http.NewRequest("GET", urls, body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header = reqHeaders
+	googleapi.Expand(req.URL, map[string]string{
+		"bucket": c.bucket,
+		"folder": c.folder,
+	})
+	return gensupport.SendRequest(c.ctx_, c.s.client, req)
+}
+
+// Do executes the "storage.folders.get" call.
+// Exactly one of *Folder or error will be non-nil. Any non-2xx status
+// code is an error. Response headers are in either
+// *Folder.ServerResponse.Header or (if a response was returned at all)
+// in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to
+// check whether the returned error was because http.StatusNotModified
+// was returned.
+func (c *FoldersGetCall) Do(opts ...googleapi.CallOption) (*Folder, error) {
+	gensupport.SetOptions(c.urlParams_, opts...)
+	res, err := c.doRequest("json")
+	if res != nil && res.StatusCode == http.StatusNotModified {
+		if res.Body != nil {
+			res.Body.Close()
+		}
+		return nil, gensupport.WrapError(&googleapi.Error{
+			Code:   res.StatusCode,
+			Header: res.Header,
+		})
+	}
+	if err != nil {
+		return nil, err
+	}
+	defer googleapi.CloseBody(res)
+	if err := googleapi.CheckResponse(res); err != nil {
+		return nil, gensupport.WrapError(err)
+	}
+	ret := &Folder{
+		ServerResponse: googleapi.ServerResponse{
+			Header:         res.Header,
+			HTTPStatusCode: res.StatusCode,
+		},
+	}
+	target := &ret
+	if err := gensupport.DecodeResponse(target, res); err != nil {
+		return nil, err
+	}
+	return ret, nil
+	// {
+	//   "description": "Returns metadata for the specified folder. Only applicable to buckets with hierarchical namespace enabled.",
+	//   "httpMethod": "GET",
+	//   "id": "storage.folders.get",
+	//   "parameterOrder": [
+	//     "bucket",
+	//     "folder"
+	//   ],
+	//   "parameters": {
+	//     "bucket": {
+	//       "description": "Name of the bucket in which the folder resides.",
+	//       "location": "path",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "folder": {
+	//       "description": "Name of a folder.",
+	//       "location": "path",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "ifMetagenerationMatch": {
+	//       "description": "Makes the return of the folder metadata conditional on whether the folder's current metageneration matches the given value.",
+	//       "format": "int64",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "ifMetagenerationNotMatch": {
+	//       "description": "Makes the return of the folder metadata conditional on whether the folder's current metageneration does not match the given value.",
+	//       "format": "int64",
+	//       "location": "query",
+	//       "type": "string"
+	//     }
+	//   },
+	//   "path": "b/{bucket}/folders/{folder}",
+	//   "response": {
+	//     "$ref": "Folder"
+	//   },
+	//   "scopes": [
+	//     "https://www.googleapis.com/auth/cloud-platform",
+	//     "https://www.googleapis.com/auth/cloud-platform.read-only",
+	//     "https://www.googleapis.com/auth/devstorage.full_control",
+	//     "https://www.googleapis.com/auth/devstorage.read_only",
+	//     "https://www.googleapis.com/auth/devstorage.read_write"
+	//   ]
+	// }
+
+}
+
+// method id "storage.folders.insert":
+
+type FoldersInsertCall struct {
+	s          *Service
+	bucket     string
+	folder     *Folder
+	urlParams_ gensupport.URLParams
+	ctx_       context.Context
+	header_    http.Header
+}
+
+// Insert: Creates a new folder. Only applicable to buckets with
+// hierarchical namespace enabled.
+//
+// - bucket: Name of the bucket in which the folder resides.
+func (r *FoldersService) Insert(bucket string, folder *Folder) *FoldersInsertCall {
+	c := &FoldersInsertCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+	c.bucket = bucket
+	c.folder = folder
+	return c
+}
+
+// Recursive sets the optional parameter "recursive": If true, any
+// parent folder which doesn’t exist will be created automatically.
+func (c *FoldersInsertCall) Recursive(recursive bool) *FoldersInsertCall {
+	c.urlParams_.Set("recursive", fmt.Sprint(recursive))
+	return c
+}
+
+// Fields allows partial responses to be retrieved. See
+// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
+// for more information.
+func (c *FoldersInsertCall) Fields(s ...googleapi.Field) *FoldersInsertCall {
+	c.urlParams_.Set("fields", googleapi.CombineFields(s))
+	return c
+}
+
+// Context sets the context to be used in this call's Do method. Any
+// pending HTTP request will be aborted if the provided context is
+// canceled.
+func (c *FoldersInsertCall) Context(ctx context.Context) *FoldersInsertCall {
+	c.ctx_ = ctx
+	return c
+}
+
+// Header returns an http.Header that can be modified by the caller to
+// add HTTP headers to the request.
+func (c *FoldersInsertCall) Header() http.Header {
+	if c.header_ == nil {
+		c.header_ = make(http.Header)
+	}
+	return c.header_
+}
+
+func (c *FoldersInsertCall) doRequest(alt string) (*http.Response, error) {
+	reqHeaders := make(http.Header)
+	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
+	for k, v := range c.header_ {
+		reqHeaders[k] = v
+	}
+	reqHeaders.Set("User-Agent", c.s.userAgent())
+	var body io.Reader = nil
+	body, err := googleapi.WithoutDataWrapper.JSONReader(c.folder)
+	if err != nil {
+		return nil, err
+	}
+	reqHeaders.Set("Content-Type", "application/json")
+	c.urlParams_.Set("alt", alt)
+	c.urlParams_.Set("prettyPrint", "false")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "b/{bucket}/folders")
+	urls += "?" + c.urlParams_.Encode()
+	req, err := http.NewRequest("POST", urls, body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header = reqHeaders
+	googleapi.Expand(req.URL, map[string]string{
+		"bucket": c.bucket,
+	})
+	return gensupport.SendRequest(c.ctx_, c.s.client, req)
+}
+
+// Do executes the "storage.folders.insert" call.
+// Exactly one of *Folder or error will be non-nil. Any non-2xx status
+// code is an error. Response headers are in either
+// *Folder.ServerResponse.Header or (if a response was returned at all)
+// in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to
+// check whether the returned error was because http.StatusNotModified
+// was returned.
+func (c *FoldersInsertCall) Do(opts ...googleapi.CallOption) (*Folder, error) {
+	gensupport.SetOptions(c.urlParams_, opts...)
+	res, err := c.doRequest("json")
+	if res != nil && res.StatusCode == http.StatusNotModified {
+		if res.Body != nil {
+			res.Body.Close()
+		}
+		return nil, gensupport.WrapError(&googleapi.Error{
+			Code:   res.StatusCode,
+			Header: res.Header,
+		})
+	}
+	if err != nil {
+		return nil, err
+	}
+	defer googleapi.CloseBody(res)
+	if err := googleapi.CheckResponse(res); err != nil {
+		return nil, gensupport.WrapError(err)
+	}
+	ret := &Folder{
+		ServerResponse: googleapi.ServerResponse{
+			Header:         res.Header,
+			HTTPStatusCode: res.StatusCode,
+		},
+	}
+	target := &ret
+	if err := gensupport.DecodeResponse(target, res); err != nil {
+		return nil, err
+	}
+	return ret, nil
+	// {
+	//   "description": "Creates a new folder. Only applicable to buckets with hierarchical namespace enabled.",
+	//   "httpMethod": "POST",
+	//   "id": "storage.folders.insert",
+	//   "parameterOrder": [
+	//     "bucket"
+	//   ],
+	//   "parameters": {
+	//     "bucket": {
+	//       "description": "Name of the bucket in which the folder resides.",
+	//       "location": "path",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "recursive": {
+	//       "description": "If true, any parent folder which doesn’t exist will be created automatically.",
+	//       "location": "query",
+	//       "type": "boolean"
+	//     }
+	//   },
+	//   "path": "b/{bucket}/folders",
+	//   "request": {
+	//     "$ref": "Folder"
+	//   },
+	//   "response": {
+	//     "$ref": "Folder"
+	//   },
+	//   "scopes": [
+	//     "https://www.googleapis.com/auth/cloud-platform",
+	//     "https://www.googleapis.com/auth/devstorage.full_control",
+	//     "https://www.googleapis.com/auth/devstorage.read_write"
+	//   ]
+	// }
+
+}
+
+// method id "storage.folders.list":
+
+type FoldersListCall struct {
+	s            *Service
+	bucket       string
+	urlParams_   gensupport.URLParams
+	ifNoneMatch_ string
+	ctx_         context.Context
+	header_      http.Header
+}
+
+// List: Retrieves a list of folders matching the criteria. Only
+// applicable to buckets with hierarchical namespace enabled.
+//
+// - bucket: Name of the bucket in which to look for folders.
+func (r *FoldersService) List(bucket string) *FoldersListCall {
+	c := &FoldersListCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+	c.bucket = bucket
+	return c
+}
+
+// Delimiter sets the optional parameter "delimiter": Returns results in
+// a directory-like mode. The only supported value is '/'. If set, items
+// will only contain folders that either exactly match the prefix, or
+// are one level below the prefix.
+func (c *FoldersListCall) Delimiter(delimiter string) *FoldersListCall {
+	c.urlParams_.Set("delimiter", delimiter)
+	return c
+}
+
+// EndOffset sets the optional parameter "endOffset": Filter results to
+// folders whose names are lexicographically before endOffset. If
+// startOffset is also set, the folders listed will have names between
+// startOffset (inclusive) and endOffset (exclusive).
+func (c *FoldersListCall) EndOffset(endOffset string) *FoldersListCall {
+	c.urlParams_.Set("endOffset", endOffset)
+	return c
+}
+
+// PageSize sets the optional parameter "pageSize": Maximum number of
+// items to return in a single page of responses.
+func (c *FoldersListCall) PageSize(pageSize int64) *FoldersListCall {
+	c.urlParams_.Set("pageSize", fmt.Sprint(pageSize))
+	return c
+}
+
+// PageToken sets the optional parameter "pageToken": A
+// previously-returned page token representing part of the larger set of
+// results to view.
+func (c *FoldersListCall) PageToken(pageToken string) *FoldersListCall {
+	c.urlParams_.Set("pageToken", pageToken)
+	return c
+}
+
+// Prefix sets the optional parameter "prefix": Filter results to
+// folders whose paths begin with this prefix. If set, the value must
+// either be an empty string or end with a '/'.
+func (c *FoldersListCall) Prefix(prefix string) *FoldersListCall {
+	c.urlParams_.Set("prefix", prefix)
+	return c
+}
+
+// StartOffset sets the optional parameter "startOffset": Filter results
+// to folders whose names are lexicographically equal to or after
+// startOffset. If endOffset is also set, the folders listed will have
+// names between startOffset (inclusive) and endOffset (exclusive).
+func (c *FoldersListCall) StartOffset(startOffset string) *FoldersListCall {
+	c.urlParams_.Set("startOffset", startOffset)
+	return c
+}
+
+// Fields allows partial responses to be retrieved. See
+// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
+// for more information.
+func (c *FoldersListCall) Fields(s ...googleapi.Field) *FoldersListCall {
+	c.urlParams_.Set("fields", googleapi.CombineFields(s))
+	return c
+}
+
+// IfNoneMatch sets the optional parameter which makes the operation
+// fail if the object's ETag matches the given value. This is useful for
+// getting updates only after the object has changed since the last
+// request. Use googleapi.IsNotModified to check whether the response
+// error from Do is the result of In-None-Match.
+func (c *FoldersListCall) IfNoneMatch(entityTag string) *FoldersListCall {
+	c.ifNoneMatch_ = entityTag
+	return c
+}
+
+// Context sets the context to be used in this call's Do method. Any
+// pending HTTP request will be aborted if the provided context is
+// canceled.
+func (c *FoldersListCall) Context(ctx context.Context) *FoldersListCall {
+	c.ctx_ = ctx
+	return c
+}
+
+// Header returns an http.Header that can be modified by the caller to
+// add HTTP headers to the request.
+func (c *FoldersListCall) Header() http.Header {
+	if c.header_ == nil {
+		c.header_ = make(http.Header)
+	}
+	return c.header_
+}
+
+func (c *FoldersListCall) doRequest(alt string) (*http.Response, error) {
+	reqHeaders := make(http.Header)
+	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
+	for k, v := range c.header_ {
+		reqHeaders[k] = v
+	}
+	reqHeaders.Set("User-Agent", c.s.userAgent())
+	if c.ifNoneMatch_ != "" {
+		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
+	}
+	var body io.Reader = nil
+	c.urlParams_.Set("alt", alt)
+	c.urlParams_.Set("prettyPrint", "false")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "b/{bucket}/folders")
+	urls += "?" + c.urlParams_.Encode()
+	req, err := http.NewRequest("GET", urls, body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header = reqHeaders
+	googleapi.Expand(req.URL, map[string]string{
+		"bucket": c.bucket,
+	})
+	return gensupport.SendRequest(c.ctx_, c.s.client, req)
+}
+
+// Do executes the "storage.folders.list" call.
+// Exactly one of *Folders or error will be non-nil. Any non-2xx status
+// code is an error. Response headers are in either
+// *Folders.ServerResponse.Header or (if a response was returned at all)
+// in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to
+// check whether the returned error was because http.StatusNotModified
+// was returned.
+func (c *FoldersListCall) Do(opts ...googleapi.CallOption) (*Folders, error) {
+	gensupport.SetOptions(c.urlParams_, opts...)
+	res, err := c.doRequest("json")
+	if res != nil && res.StatusCode == http.StatusNotModified {
+		if res.Body != nil {
+			res.Body.Close()
+		}
+		return nil, gensupport.WrapError(&googleapi.Error{
+			Code:   res.StatusCode,
+			Header: res.Header,
+		})
+	}
+	if err != nil {
+		return nil, err
+	}
+	defer googleapi.CloseBody(res)
+	if err := googleapi.CheckResponse(res); err != nil {
+		return nil, gensupport.WrapError(err)
+	}
+	ret := &Folders{
+		ServerResponse: googleapi.ServerResponse{
+			Header:         res.Header,
+			HTTPStatusCode: res.StatusCode,
+		},
+	}
+	target := &ret
+	if err := gensupport.DecodeResponse(target, res); err != nil {
+		return nil, err
+	}
+	return ret, nil
+	// {
+	//   "description": "Retrieves a list of folders matching the criteria. Only applicable to buckets with hierarchical namespace enabled.",
+	//   "httpMethod": "GET",
+	//   "id": "storage.folders.list",
+	//   "parameterOrder": [
+	//     "bucket"
+	//   ],
+	//   "parameters": {
+	//     "bucket": {
+	//       "description": "Name of the bucket in which to look for folders.",
+	//       "location": "path",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "delimiter": {
+	//       "description": "Returns results in a directory-like mode. The only supported value is '/'. If set, items will only contain folders that either exactly match the prefix, or are one level below the prefix.",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "endOffset": {
+	//       "description": "Filter results to folders whose names are lexicographically before endOffset. If startOffset is also set, the folders listed will have names between startOffset (inclusive) and endOffset (exclusive).",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "pageSize": {
+	//       "description": "Maximum number of items to return in a single page of responses.",
+	//       "format": "int32",
+	//       "location": "query",
+	//       "minimum": "0",
+	//       "type": "integer"
+	//     },
+	//     "pageToken": {
+	//       "description": "A previously-returned page token representing part of the larger set of results to view.",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "prefix": {
+	//       "description": "Filter results to folders whose paths begin with this prefix. If set, the value must either be an empty string or end with a '/'.",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "startOffset": {
+	//       "description": "Filter results to folders whose names are lexicographically equal to or after startOffset. If endOffset is also set, the folders listed will have names between startOffset (inclusive) and endOffset (exclusive).",
+	//       "location": "query",
+	//       "type": "string"
+	//     }
+	//   },
+	//   "path": "b/{bucket}/folders",
+	//   "response": {
+	//     "$ref": "Folders"
+	//   },
+	//   "scopes": [
+	//     "https://www.googleapis.com/auth/cloud-platform",
+	//     "https://www.googleapis.com/auth/cloud-platform.read-only",
+	//     "https://www.googleapis.com/auth/devstorage.full_control",
+	//     "https://www.googleapis.com/auth/devstorage.read_only",
+	//     "https://www.googleapis.com/auth/devstorage.read_write"
+	//   ]
+	// }
+
+}
+
+// Pages invokes f for each page of results.
+// A non-nil error returned from f will halt the iteration.
+// The provided context supersedes any context provided to the Context method.
+func (c *FoldersListCall) Pages(ctx context.Context, f func(*Folders) error) error {
+	c.ctx_ = ctx
+	defer c.PageToken(c.urlParams_.Get("pageToken")) // reset paging to original point
+	for {
+		x, err := c.Do()
+		if err != nil {
+			return err
+		}
+		if err := f(x); err != nil {
+			return err
+		}
+		if x.NextPageToken == "" {
+			return nil
+		}
+		c.PageToken(x.NextPageToken)
+	}
+}
+
+// method id "storage.folders.rename":
+
+type FoldersRenameCall struct {
+	s                 *Service
+	bucket            string
+	sourceFolder      string
+	destinationFolder string
+	urlParams_        gensupport.URLParams
+	ctx_              context.Context
+	header_           http.Header
+}
+
+// Rename: Renames a source folder to a destination folder. Only
+// applicable to buckets with hierarchical namespace enabled.
+//
+// - bucket: Name of the bucket in which the folders are in.
+// - destinationFolder: Name of the destination folder.
+// - sourceFolder: Name of the source folder.
+func (r *FoldersService) Rename(bucket string, sourceFolder string, destinationFolder string) *FoldersRenameCall {
+	c := &FoldersRenameCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+	c.bucket = bucket
+	c.sourceFolder = sourceFolder
+	c.destinationFolder = destinationFolder
+	return c
+}
+
+// IfSourceMetagenerationMatch sets the optional parameter
+// "ifSourceMetagenerationMatch": Makes the operation conditional on
+// whether the source object's current metageneration matches the given
+// value.
+func (c *FoldersRenameCall) IfSourceMetagenerationMatch(ifSourceMetagenerationMatch int64) *FoldersRenameCall {
+	c.urlParams_.Set("ifSourceMetagenerationMatch", fmt.Sprint(ifSourceMetagenerationMatch))
+	return c
+}
+
+// IfSourceMetagenerationNotMatch sets the optional parameter
+// "ifSourceMetagenerationNotMatch": Makes the operation conditional on
+// whether the source object's current metageneration does not match the
+// given value.
+func (c *FoldersRenameCall) IfSourceMetagenerationNotMatch(ifSourceMetagenerationNotMatch int64) *FoldersRenameCall {
+	c.urlParams_.Set("ifSourceMetagenerationNotMatch", fmt.Sprint(ifSourceMetagenerationNotMatch))
+	return c
+}
+
+// Fields allows partial responses to be retrieved. See
+// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
+// for more information.
+func (c *FoldersRenameCall) Fields(s ...googleapi.Field) *FoldersRenameCall {
+	c.urlParams_.Set("fields", googleapi.CombineFields(s))
+	return c
+}
+
+// Context sets the context to be used in this call's Do method. Any
+// pending HTTP request will be aborted if the provided context is
+// canceled.
+func (c *FoldersRenameCall) Context(ctx context.Context) *FoldersRenameCall {
+	c.ctx_ = ctx
+	return c
+}
+
+// Header returns an http.Header that can be modified by the caller to
+// add HTTP headers to the request.
+func (c *FoldersRenameCall) Header() http.Header {
+	if c.header_ == nil {
+		c.header_ = make(http.Header)
+	}
+	return c.header_
+}
+
+func (c *FoldersRenameCall) doRequest(alt string) (*http.Response, error) {
+	reqHeaders := make(http.Header)
+	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
+	for k, v := range c.header_ {
+		reqHeaders[k] = v
+	}
+	reqHeaders.Set("User-Agent", c.s.userAgent())
+	var body io.Reader = nil
+	c.urlParams_.Set("alt", alt)
+	c.urlParams_.Set("prettyPrint", "false")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "b/{bucket}/folders/{sourceFolder}/renameTo/folders/{destinationFolder}")
+	urls += "?" + c.urlParams_.Encode()
+	req, err := http.NewRequest("POST", urls, body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header = reqHeaders
+	googleapi.Expand(req.URL, map[string]string{
+		"bucket":            c.bucket,
+		"sourceFolder":      c.sourceFolder,
+		"destinationFolder": c.destinationFolder,
+	})
+	return gensupport.SendRequest(c.ctx_, c.s.client, req)
+}
+
+// Do executes the "storage.folders.rename" call.
+// Exactly one of *GoogleLongrunningOperation or error will be non-nil.
+// Any non-2xx status code is an error. Response headers are in either
+// *GoogleLongrunningOperation.ServerResponse.Header or (if a response
+// was returned at all) in error.(*googleapi.Error).Header. Use
+// googleapi.IsNotModified to check whether the returned error was
+// because http.StatusNotModified was returned.
+func (c *FoldersRenameCall) Do(opts ...googleapi.CallOption) (*GoogleLongrunningOperation, error) {
+	gensupport.SetOptions(c.urlParams_, opts...)
+	res, err := c.doRequest("json")
+	if res != nil && res.StatusCode == http.StatusNotModified {
+		if res.Body != nil {
+			res.Body.Close()
+		}
+		return nil, gensupport.WrapError(&googleapi.Error{
+			Code:   res.StatusCode,
+			Header: res.Header,
+		})
+	}
+	if err != nil {
+		return nil, err
+	}
+	defer googleapi.CloseBody(res)
+	if err := googleapi.CheckResponse(res); err != nil {
+		return nil, gensupport.WrapError(err)
+	}
+	ret := &GoogleLongrunningOperation{
+		ServerResponse: googleapi.ServerResponse{
+			Header:         res.Header,
+			HTTPStatusCode: res.StatusCode,
+		},
+	}
+	target := &ret
+	if err := gensupport.DecodeResponse(target, res); err != nil {
+		return nil, err
+	}
+	return ret, nil
+	// {
+	//   "description": "Renames a source folder to a destination folder. Only applicable to buckets with hierarchical namespace enabled.",
+	//   "httpMethod": "POST",
+	//   "id": "storage.folders.rename",
+	//   "parameterOrder": [
+	//     "bucket",
+	//     "sourceFolder",
+	//     "destinationFolder"
+	//   ],
+	//   "parameters": {
+	//     "bucket": {
+	//       "description": "Name of the bucket in which the folders are in.",
+	//       "location": "path",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "destinationFolder": {
+	//       "description": "Name of the destination folder.",
+	//       "location": "path",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "ifSourceMetagenerationMatch": {
+	//       "description": "Makes the operation conditional on whether the source object's current metageneration matches the given value.",
+	//       "format": "int64",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "ifSourceMetagenerationNotMatch": {
+	//       "description": "Makes the operation conditional on whether the source object's current metageneration does not match the given value.",
+	//       "format": "int64",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "sourceFolder": {
+	//       "description": "Name of the source folder.",
+	//       "location": "path",
+	//       "required": true,
+	//       "type": "string"
+	//     }
+	//   },
+	//   "path": "b/{bucket}/folders/{sourceFolder}/renameTo/folders/{destinationFolder}",
+	//   "response": {
+	//     "$ref": "GoogleLongrunningOperation"
+	//   },
+	//   "scopes": [
+	//     "https://www.googleapis.com/auth/cloud-platform",
+	//     "https://www.googleapis.com/auth/devstorage.full_control",
+	//     "https://www.googleapis.com/auth/devstorage.read_write"
+	//   ]
+	// }
+
+}
+
 // method id "storage.managedFolders.delete":
 
 type ManagedFoldersDeleteCall struct {
@@ -8999,7 +10116,7 @@ func (r *ManagedFoldersService) List(bucket string) *ManagedFoldersListCall {
 }
 
 // PageSize sets the optional parameter "pageSize": Maximum number of
-// items return in a single page of responses.
+// items to return in a single page of responses.
 func (c *ManagedFoldersListCall) PageSize(pageSize int64) *ManagedFoldersListCall {
 	c.urlParams_.Set("pageSize", fmt.Sprint(pageSize))
 	return c
@@ -9133,7 +10250,7 @@ func (c *ManagedFoldersListCall) Do(opts ...googleapi.CallOption) (*ManagedFolde
 	//       "type": "string"
 	//     },
 	//     "pageSize": {
-	//       "description": "Maximum number of items return in a single page of responses.",
+	//       "description": "Maximum number of items to return in a single page of responses.",
 	//       "format": "int32",
 	//       "location": "query",
 	//       "minimum": "0",
diff --git a/vendor/google.golang.org/api/transport/grpc/dial.go b/vendor/google.golang.org/api/transport/grpc/dial.go
index 34f9ba8bdb7..10830f01644 100644
--- a/vendor/google.golang.org/api/transport/grpc/dial.go
+++ b/vendor/google.golang.org/api/transport/grpc/dial.go
@@ -14,6 +14,7 @@ import (
 	"net"
 	"os"
 	"strings"
+	"sync"
 	"time"
 
 	"cloud.google.com/go/compute/metadata"
@@ -27,6 +28,7 @@ import (
 	grpcgoogle "google.golang.org/grpc/credentials/google"
 	grpcinsecure "google.golang.org/grpc/credentials/insecure"
 	"google.golang.org/grpc/credentials/oauth"
+	"google.golang.org/grpc/stats"
 
 	// Install grpclb, which is required for direct path.
 	_ "google.golang.org/grpc/balancer/grpclb"
@@ -47,6 +49,26 @@ var logRateLimiter = rate.Sometimes{Interval: 1 * time.Second}
 // Assign to var for unit test replacement
 var dialContext = grpc.DialContext
 
+// otelStatsHandler is a singleton otelgrpc.clientHandler to be used across
+// all dial connections to avoid the memory leak documented in
+// https://github.com/open-telemetry/opentelemetry-go-contrib/issues/4226
+//
+// TODO: If 4226 has been fixed in opentelemetry-go-contrib, replace this
+// singleton with inline usage for simplicity.
+var (
+	initOtelStatsHandlerOnce sync.Once
+	otelStatsHandler         stats.Handler
+)
+
+// otelGRPCStatsHandler returns singleton otelStatsHandler for reuse across all
+// dial connections.
+func otelGRPCStatsHandler() stats.Handler {
+	initOtelStatsHandlerOnce.Do(func() {
+		otelStatsHandler = otelgrpc.NewClientHandler()
+	})
+	return otelStatsHandler
+}
+
 // Dial returns a GRPC connection for use communicating with a Google cloud
 // service, configured with the given ClientOptions.
 func Dial(ctx context.Context, opts ...option.ClientOption) (*grpc.ClientConn, error) {
@@ -146,52 +168,56 @@ func dial(ctx context.Context, insecure bool, o *internal.DialSettings) (*grpc.C
 	// when dialing an insecure connection?
 	if !o.NoAuth && !insecure {
 		if o.APIKey != "" {
-			log.Print("API keys are not supported for gRPC APIs. Remove the WithAPIKey option from your client-creating call.")
-		}
-		creds, err := internal.Creds(ctx, o)
-		if err != nil {
-			return nil, err
-		}
-
-		grpcOpts = append(grpcOpts,
-			grpc.WithPerRPCCredentials(grpcTokenSource{
-				TokenSource:   oauth.TokenSource{creds.TokenSource},
-				quotaProject:  internal.GetQuotaProject(creds, o.QuotaProject),
+			grpcOpts = append(grpcOpts, grpc.WithPerRPCCredentials(grpcAPIKey{
+				apiKey:        o.APIKey,
 				requestReason: o.RequestReason,
-			}),
-		)
-
-		// Attempt Direct Path:
-		logRateLimiter.Do(func() {
-			logDirectPathMisconfig(endpoint, creds.TokenSource, o)
-		})
-		if isDirectPathEnabled(endpoint, o) && isTokenSourceDirectPathCompatible(creds.TokenSource, o) && metadata.OnGCE() {
-			// Overwrite all of the previously specific DialOptions, DirectPath uses its own set of credentials and certificates.
-			grpcOpts = []grpc.DialOption{
-				grpc.WithCredentialsBundle(grpcgoogle.NewDefaultCredentialsWithOptions(grpcgoogle.DefaultCredentialsOptions{oauth.TokenSource{creds.TokenSource}}))}
-			if timeoutDialerOption != nil {
-				grpcOpts = append(grpcOpts, timeoutDialerOption)
+			}))
+		} else {
+			creds, err := internal.Creds(ctx, o)
+			if err != nil {
+				return nil, err
 			}
-			// Check if google-c2p resolver is enabled for DirectPath
-			if isDirectPathXdsUsed(o) {
-				// google-c2p resolver target must not have a port number
-				if addr, _, err := net.SplitHostPort(endpoint); err == nil {
-					endpoint = "google-c2p:///" + addr
-				} else {
-					endpoint = "google-c2p:///" + endpoint
+			grpcOpts = append(grpcOpts, grpc.WithPerRPCCredentials(grpcTokenSource{
+				TokenSource:   oauth.TokenSource{TokenSource: creds.TokenSource},
+				quotaProject:  internal.GetQuotaProject(creds, o.QuotaProject),
+				requestReason: o.RequestReason,
+			}))
+			// Attempt Direct Path:
+			logRateLimiter.Do(func() {
+				logDirectPathMisconfig(endpoint, creds.TokenSource, o)
+			})
+			if isDirectPathEnabled(endpoint, o) && isTokenSourceDirectPathCompatible(creds.TokenSource, o) && metadata.OnGCE() {
+				// Overwrite all of the previously specific DialOptions, DirectPath uses its own set of credentials and certificates.
+				grpcOpts = []grpc.DialOption{
+					grpc.WithCredentialsBundle(grpcgoogle.NewDefaultCredentialsWithOptions(
+						grpcgoogle.DefaultCredentialsOptions{
+							PerRPCCreds: oauth.TokenSource{TokenSource: creds.TokenSource},
+						})),
 				}
-			} else {
-				if !strings.HasPrefix(endpoint, "dns:///") {
-					endpoint = "dns:///" + endpoint
+				if timeoutDialerOption != nil {
+					grpcOpts = append(grpcOpts, timeoutDialerOption)
+				}
+				// Check if google-c2p resolver is enabled for DirectPath
+				if isDirectPathXdsUsed(o) {
+					// google-c2p resolver target must not have a port number
+					if addr, _, err := net.SplitHostPort(endpoint); err == nil {
+						endpoint = "google-c2p:///" + addr
+					} else {
+						endpoint = "google-c2p:///" + endpoint
+					}
+				} else {
+					if !strings.HasPrefix(endpoint, "dns:///") {
+						endpoint = "dns:///" + endpoint
+					}
+					grpcOpts = append(grpcOpts,
+						// For now all DirectPath go clients will be using the following lb config, but in future
+						// when different services need different configs, then we should change this to a
+						// per-service config.
+						grpc.WithDisableServiceConfig(),
+						grpc.WithDefaultServiceConfig(`{"loadBalancingConfig":[{"grpclb":{"childPolicy":[{"pick_first":{}}]}}]}`))
 				}
-				grpcOpts = append(grpcOpts,
-					// For now all DirectPath go clients will be using the following lb config, but in future
-					// when different services need different configs, then we should change this to a
-					// per-service config.
-					grpc.WithDisableServiceConfig(),
-					grpc.WithDefaultServiceConfig(`{"loadBalancingConfig":[{"grpclb":{"childPolicy":[{"pick_first":{}}]}}]}`))
+				// TODO(cbro): add support for system parameters (quota project, request reason) via chained interceptor.
 			}
-			// TODO(cbro): add support for system parameters (quota project, request reason) via chained interceptor.
 		}
 	}
 
@@ -219,7 +245,7 @@ func addOpenTelemetryStatsHandler(opts []grpc.DialOption, settings *internal.Dia
 	if settings.TelemetryDisabled {
 		return opts
 	}
-	return append(opts, grpc.WithStatsHandler(otelgrpc.NewClientHandler()))
+	return append(opts, grpc.WithStatsHandler(otelGRPCStatsHandler()))
 }
 
 // grpcTokenSource supplies PerRPCCredentials from an oauth.TokenSource.
@@ -249,6 +275,31 @@ func (ts grpcTokenSource) GetRequestMetadata(ctx context.Context, uri ...string)
 	return metadata, nil
 }
 
+// grpcAPIKey supplies PerRPCCredentials from an API Key.
+type grpcAPIKey struct {
+	apiKey string
+
+	// Additional metadata attached as headers.
+	requestReason string
+}
+
+// GetRequestMetadata gets the request metadata as a map from a grpcAPIKey.
+func (ts grpcAPIKey) GetRequestMetadata(ctx context.Context, uri ...string) (
+	map[string]string, error) {
+	metadata := map[string]string{
+		"X-goog-api-key": ts.apiKey,
+	}
+	if ts.requestReason != "" {
+		metadata["X-goog-request-reason"] = ts.requestReason
+	}
+	return metadata, nil
+}
+
+// RequireTransportSecurity indicates whether the credentials requires transport security.
+func (ts grpcAPIKey) RequireTransportSecurity() bool {
+	return true
+}
+
 func isDirectPathEnabled(endpoint string, o *internal.DialSettings) bool {
 	if !o.EnableDirectPath {
 		return false
diff --git a/vendor/google.golang.org/protobuf/encoding/protodelim/protodelim.go b/vendor/google.golang.org/protobuf/encoding/protodelim/protodelim.go
new file mode 100644
index 00000000000..2ef36bbcf92
--- /dev/null
+++ b/vendor/google.golang.org/protobuf/encoding/protodelim/protodelim.go
@@ -0,0 +1,160 @@
+// Copyright 2022 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package protodelim marshals and unmarshals varint size-delimited messages.
+package protodelim
+
+import (
+	"bufio"
+	"encoding/binary"
+	"fmt"
+	"io"
+
+	"google.golang.org/protobuf/encoding/protowire"
+	"google.golang.org/protobuf/internal/errors"
+	"google.golang.org/protobuf/proto"
+)
+
+// MarshalOptions is a configurable varint size-delimited marshaler.
+type MarshalOptions struct{ proto.MarshalOptions }
+
+// MarshalTo writes a varint size-delimited wire-format message to w.
+// If w returns an error, MarshalTo returns it unchanged.
+func (o MarshalOptions) MarshalTo(w io.Writer, m proto.Message) (int, error) {
+	msgBytes, err := o.MarshalOptions.Marshal(m)
+	if err != nil {
+		return 0, err
+	}
+
+	sizeBytes := protowire.AppendVarint(nil, uint64(len(msgBytes)))
+	sizeWritten, err := w.Write(sizeBytes)
+	if err != nil {
+		return sizeWritten, err
+	}
+	msgWritten, err := w.Write(msgBytes)
+	if err != nil {
+		return sizeWritten + msgWritten, err
+	}
+	return sizeWritten + msgWritten, nil
+}
+
+// MarshalTo writes a varint size-delimited wire-format message to w
+// with the default options.
+//
+// See the documentation for [MarshalOptions.MarshalTo].
+func MarshalTo(w io.Writer, m proto.Message) (int, error) {
+	return MarshalOptions{}.MarshalTo(w, m)
+}
+
+// UnmarshalOptions is a configurable varint size-delimited unmarshaler.
+type UnmarshalOptions struct {
+	proto.UnmarshalOptions
+
+	// MaxSize is the maximum size in wire-format bytes of a single message.
+	// Unmarshaling a message larger than MaxSize will return an error.
+	// A zero MaxSize will default to 4 MiB.
+	// Setting MaxSize to -1 disables the limit.
+	MaxSize int64
+}
+
+const defaultMaxSize = 4 << 20 // 4 MiB, corresponds to the default gRPC max request/response size
+
+// SizeTooLargeError is an error that is returned when the unmarshaler encounters a message size
+// that is larger than its configured [UnmarshalOptions.MaxSize].
+type SizeTooLargeError struct {
+	// Size is the varint size of the message encountered
+	// that was larger than the provided MaxSize.
+	Size uint64
+
+	// MaxSize is the MaxSize limit configured in UnmarshalOptions, which Size exceeded.
+	MaxSize uint64
+}
+
+func (e *SizeTooLargeError) Error() string {
+	return fmt.Sprintf("message size %d exceeded unmarshaler's maximum configured size %d", e.Size, e.MaxSize)
+}
+
+// Reader is the interface expected by [UnmarshalFrom].
+// It is implemented by *[bufio.Reader].
+type Reader interface {
+	io.Reader
+	io.ByteReader
+}
+
+// UnmarshalFrom parses and consumes a varint size-delimited wire-format message
+// from r.
+// The provided message must be mutable (e.g., a non-nil pointer to a message).
+//
+// The error is [io.EOF] error only if no bytes are read.
+// If an EOF happens after reading some but not all the bytes,
+// UnmarshalFrom returns a non-io.EOF error.
+// In particular if r returns a non-io.EOF error, UnmarshalFrom returns it unchanged,
+// and if only a size is read with no subsequent message, [io.ErrUnexpectedEOF] is returned.
+func (o UnmarshalOptions) UnmarshalFrom(r Reader, m proto.Message) error {
+	var sizeArr [binary.MaxVarintLen64]byte
+	sizeBuf := sizeArr[:0]
+	for i := range sizeArr {
+		b, err := r.ReadByte()
+		if err != nil {
+			// Immediate EOF is unexpected.
+			if err == io.EOF && i != 0 {
+				break
+			}
+			return err
+		}
+		sizeBuf = append(sizeBuf, b)
+		if b < 0x80 {
+			break
+		}
+	}
+	size, n := protowire.ConsumeVarint(sizeBuf)
+	if n < 0 {
+		return protowire.ParseError(n)
+	}
+
+	maxSize := o.MaxSize
+	if maxSize == 0 {
+		maxSize = defaultMaxSize
+	}
+	if maxSize != -1 && size > uint64(maxSize) {
+		return errors.Wrap(&SizeTooLargeError{Size: size, MaxSize: uint64(maxSize)}, "")
+	}
+
+	var b []byte
+	var err error
+	if br, ok := r.(*bufio.Reader); ok {
+		// Use the []byte from the bufio.Reader instead of having to allocate one.
+		// This reduces CPU usage and allocated bytes.
+		b, err = br.Peek(int(size))
+		if err == nil {
+			defer br.Discard(int(size))
+		} else {
+			b = nil
+		}
+	}
+	if b == nil {
+		b = make([]byte, size)
+		_, err = io.ReadFull(r, b)
+	}
+
+	if err == io.EOF {
+		return io.ErrUnexpectedEOF
+	}
+	if err != nil {
+		return err
+	}
+	if err := o.Unmarshal(b, m); err != nil {
+		return err
+	}
+	return nil
+}
+
+// UnmarshalFrom parses and consumes a varint size-delimited wire-format message
+// from r with the default options.
+// The provided message must be mutable (e.g., a non-nil pointer to a message).
+//
+// See the documentation for [UnmarshalOptions.UnmarshalFrom].
+func UnmarshalFrom(r Reader, m proto.Message) error {
+	return UnmarshalOptions{}.UnmarshalFrom(r, m)
+}
diff --git a/vendor/modules.txt b/vendor/modules.txt
index 4c00f335b91..84c2153f7a3 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -1,4 +1,4 @@
-# cloud.google.com/go v0.111.0
+# cloud.google.com/go v0.112.0
 ## explicit; go 1.19
 cloud.google.com/go/internal
 cloud.google.com/go/internal/optional
@@ -48,7 +48,7 @@ github.com/Azure/azure-amqp-common-go/v4/internal/tracing
 github.com/Azure/azure-amqp-common-go/v4/rpc
 github.com/Azure/azure-amqp-common-go/v4/sas
 github.com/Azure/azure-amqp-common-go/v4/uuid
-# github.com/Azure/azure-event-hubs-go/v3 v3.6.1
+# github.com/Azure/azure-event-hubs-go/v3 v3.6.2
 ## explicit; go 1.18
 github.com/Azure/azure-event-hubs-go/v3
 github.com/Azure/azure-event-hubs-go/v3/atom
@@ -84,6 +84,9 @@ github.com/Azure/azure-sdk-for-go/version
 # github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.1
 ## explicit; go 1.18
 github.com/Azure/azure-sdk-for-go/sdk/azcore
+github.com/Azure/azure-sdk-for-go/sdk/azcore/arm/internal/resource
+github.com/Azure/azure-sdk-for-go/sdk/azcore/arm/policy
+github.com/Azure/azure-sdk-for-go/sdk/azcore/arm/runtime
 github.com/Azure/azure-sdk-for-go/sdk/azcore/cloud
 github.com/Azure/azure-sdk-for-go/sdk/azcore/internal/exported
 github.com/Azure/azure-sdk-for-go/sdk/azcore/internal/log
@@ -100,9 +103,10 @@ github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime
 github.com/Azure/azure-sdk-for-go/sdk/azcore/streaming
 github.com/Azure/azure-sdk-for-go/sdk/azcore/to
 github.com/Azure/azure-sdk-for-go/sdk/azcore/tracing
-# github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.4.0
+# github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.1
 ## explicit; go 1.18
 github.com/Azure/azure-sdk-for-go/sdk/azidentity
+github.com/Azure/azure-sdk-for-go/sdk/azidentity/internal
 # github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.1
 ## explicit; go 1.18
 github.com/Azure/azure-sdk-for-go/sdk/internal/diag
@@ -113,7 +117,7 @@ github.com/Azure/azure-sdk-for-go/sdk/internal/poller
 github.com/Azure/azure-sdk-for-go/sdk/internal/telemetry
 github.com/Azure/azure-sdk-for-go/sdk/internal/temporal
 github.com/Azure/azure-sdk-for-go/sdk/internal/uuid
-# github.com/Azure/azure-sdk-for-go/sdk/messaging/azservicebus v1.5.0
+# github.com/Azure/azure-sdk-for-go/sdk/messaging/azservicebus v1.6.0
 ## explicit; go 1.18
 github.com/Azure/azure-sdk-for-go/sdk/messaging/azservicebus
 github.com/Azure/azure-sdk-for-go/sdk/messaging/azservicebus/admin
@@ -132,7 +136,7 @@ github.com/Azure/azure-storage-blob-go/azblob
 # github.com/Azure/azure-storage-queue-go v0.0.0-20230927153703-648530c9aaf2
 ## explicit
 github.com/Azure/azure-storage-queue-go/azqueue
-# github.com/Azure/go-amqp v1.0.2
+# github.com/Azure/go-amqp v1.0.4
 ## explicit; go 1.18
 github.com/Azure/go-amqp
 github.com/Azure/go-amqp/internal/bitmap
@@ -173,7 +177,7 @@ github.com/Azure/go-autorest/logger
 # github.com/Azure/go-autorest/tracing v0.6.0
 ## explicit; go 1.12
 github.com/Azure/go-autorest/tracing
-# github.com/AzureAD/microsoft-authentication-library-for-go v1.2.0
+# github.com/AzureAD/microsoft-authentication-library-for-go v1.2.1
 ## explicit; go 1.18
 github.com/AzureAD/microsoft-authentication-library-for-go/apps/cache
 github.com/AzureAD/microsoft-authentication-library-for-go/apps/confidential
@@ -225,7 +229,7 @@ github.com/IBM/sarama
 # github.com/NYTimes/gziphandler v1.1.1
 ## explicit; go 1.11
 github.com/NYTimes/gziphandler
-# github.com/ProtonMail/go-crypto v0.0.0-20230923063757-afb1ddc0824c
+# github.com/ProtonMail/go-crypto v1.0.0
 ## explicit; go 1.13
 github.com/ProtonMail/go-crypto/bitcurves
 github.com/ProtonMail/go-crypto/brainpool
@@ -245,9 +249,10 @@ github.com/ProtonMail/go-crypto/openpgp/internal/ecc
 github.com/ProtonMail/go-crypto/openpgp/internal/encoding
 github.com/ProtonMail/go-crypto/openpgp/packet
 github.com/ProtonMail/go-crypto/openpgp/s2k
-# github.com/andybalholm/brotli v1.0.6
-## explicit; go 1.12
+# github.com/andybalholm/brotli v1.1.0
+## explicit; go 1.13
 github.com/andybalholm/brotli
+github.com/andybalholm/brotli/matchfinder
 # github.com/antlr/antlr4/runtime/Go/antlr/v4 v4.0.0-20230305170008-8188dc5388df
 ## explicit; go 1.18
 github.com/antlr/antlr4/runtime/Go/antlr/v4
@@ -297,10 +302,10 @@ github.com/aws/aws-sdk-go-v2/internal/timeconv
 ## explicit; go 1.19
 github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream
 github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream/eventstreamapi
-# github.com/aws/aws-sdk-go-v2/config v1.26.2
+# github.com/aws/aws-sdk-go-v2/config v1.26.4
 ## explicit; go 1.19
 github.com/aws/aws-sdk-go-v2/config
-# github.com/aws/aws-sdk-go-v2/credentials v1.16.13
+# github.com/aws/aws-sdk-go-v2/credentials v1.16.15
 ## explicit; go 1.19
 github.com/aws/aws-sdk-go-v2/credentials
 github.com/aws/aws-sdk-go-v2/credentials/ec2rolecreds
@@ -309,7 +314,7 @@ github.com/aws/aws-sdk-go-v2/credentials/endpointcreds/internal/client
 github.com/aws/aws-sdk-go-v2/credentials/processcreds
 github.com/aws/aws-sdk-go-v2/credentials/ssocreds
 github.com/aws/aws-sdk-go-v2/credentials/stscreds
-# github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.10
+# github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.11
 ## explicit; go 1.19
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds/internal/config
@@ -327,18 +332,18 @@ github.com/aws/aws-sdk-go-v2/internal/ini
 github.com/aws/aws-sdk-go-v2/service/amp
 github.com/aws/aws-sdk-go-v2/service/amp/internal/endpoints
 github.com/aws/aws-sdk-go-v2/service/amp/types
-# github.com/aws/aws-sdk-go-v2/service/cloudwatch v1.32.1
+# github.com/aws/aws-sdk-go-v2/service/cloudwatch v1.32.2
 ## explicit; go 1.19
 github.com/aws/aws-sdk-go-v2/service/cloudwatch
 github.com/aws/aws-sdk-go-v2/service/cloudwatch/internal/endpoints
 github.com/aws/aws-sdk-go-v2/service/cloudwatch/types
-# github.com/aws/aws-sdk-go-v2/service/dynamodb v1.26.7
+# github.com/aws/aws-sdk-go-v2/service/dynamodb v1.26.9
 ## explicit; go 1.19
 github.com/aws/aws-sdk-go-v2/service/dynamodb
 github.com/aws/aws-sdk-go-v2/service/dynamodb/internal/customizations
 github.com/aws/aws-sdk-go-v2/service/dynamodb/internal/endpoints
 github.com/aws/aws-sdk-go-v2/service/dynamodb/types
-# github.com/aws/aws-sdk-go-v2/service/dynamodbstreams v1.18.6
+# github.com/aws/aws-sdk-go-v2/service/dynamodbstreams v1.18.7
 ## explicit; go 1.19
 github.com/aws/aws-sdk-go-v2/service/dynamodbstreams
 github.com/aws/aws-sdk-go-v2/service/dynamodbstreams/internal/endpoints
@@ -346,39 +351,39 @@ github.com/aws/aws-sdk-go-v2/service/dynamodbstreams/types
 # github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.4
 ## explicit; go 1.19
 github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding
-# github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery v1.8.10
+# github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery v1.8.11
 ## explicit; go 1.19
 github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery
-# github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.9
+# github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.10
 ## explicit; go 1.19
 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url
-# github.com/aws/aws-sdk-go-v2/service/kinesis v1.24.6
+# github.com/aws/aws-sdk-go-v2/service/kinesis v1.24.7
 ## explicit; go 1.19
 github.com/aws/aws-sdk-go-v2/service/kinesis
 github.com/aws/aws-sdk-go-v2/service/kinesis/internal/customizations
 github.com/aws/aws-sdk-go-v2/service/kinesis/internal/endpoints
 github.com/aws/aws-sdk-go-v2/service/kinesis/types
-# github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.25.5
+# github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.26.2
 ## explicit; go 1.19
 github.com/aws/aws-sdk-go-v2/service/secretsmanager
 github.com/aws/aws-sdk-go-v2/service/secretsmanager/internal/endpoints
 github.com/aws/aws-sdk-go-v2/service/secretsmanager/types
-# github.com/aws/aws-sdk-go-v2/service/sqs v1.29.6
+# github.com/aws/aws-sdk-go-v2/service/sqs v1.29.7
 ## explicit; go 1.19
 github.com/aws/aws-sdk-go-v2/service/sqs
 github.com/aws/aws-sdk-go-v2/service/sqs/internal/endpoints
 github.com/aws/aws-sdk-go-v2/service/sqs/types
-# github.com/aws/aws-sdk-go-v2/service/sso v1.18.5
+# github.com/aws/aws-sdk-go-v2/service/sso v1.18.6
 ## explicit; go 1.19
 github.com/aws/aws-sdk-go-v2/service/sso
 github.com/aws/aws-sdk-go-v2/service/sso/internal/endpoints
 github.com/aws/aws-sdk-go-v2/service/sso/types
-# github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.5
+# github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.7
 ## explicit; go 1.19
 github.com/aws/aws-sdk-go-v2/service/ssooidc
 github.com/aws/aws-sdk-go-v2/service/ssooidc/internal/endpoints
 github.com/aws/aws-sdk-go-v2/service/ssooidc/types
-# github.com/aws/aws-sdk-go-v2/service/sts v1.26.6
+# github.com/aws/aws-sdk-go-v2/service/sts v1.26.7
 ## explicit; go 1.19
 github.com/aws/aws-sdk-go-v2/service/sts
 github.com/aws/aws-sdk-go-v2/service/sts/internal/endpoints
@@ -414,7 +419,7 @@ github.com/beorn7/perks/quantile
 # github.com/blang/semver/v4 v4.0.0
 ## explicit; go 1.14
 github.com/blang/semver/v4
-# github.com/bradleyfalzon/ghinstallation/v2 v2.8.0
+# github.com/bradleyfalzon/ghinstallation/v2 v2.9.0
 ## explicit; go 1.13
 github.com/bradleyfalzon/ghinstallation/v2
 # github.com/cenkalti/backoff/v3 v3.2.2
@@ -513,17 +518,18 @@ github.com/elastic/go-elasticsearch/v7
 github.com/elastic/go-elasticsearch/v7/esapi
 github.com/elastic/go-elasticsearch/v7/estransport
 github.com/elastic/go-elasticsearch/v7/internal/version
-# github.com/emicklei/go-restful/v3 v3.11.0
+# github.com/emicklei/go-restful/v3 v3.11.2
 ## explicit; go 1.13
 github.com/emicklei/go-restful/v3
 github.com/emicklei/go-restful/v3/log
-# github.com/evanphx/json-patch v5.7.0+incompatible
+# github.com/evanphx/json-patch v5.8.1+incompatible
 ## explicit
 github.com/evanphx/json-patch
-# github.com/evanphx/json-patch/v5 v5.7.0
+# github.com/evanphx/json-patch/v5 v5.8.1
 ## explicit; go 1.18
 github.com/evanphx/json-patch/v5
-# github.com/expr-lang/expr v1.15.7
+github.com/evanphx/json-patch/v5/internal/json
+# github.com/expr-lang/expr v1.15.8
 ## explicit; go 1.18
 github.com/expr-lang/expr
 github.com/expr-lang/expr/ast
@@ -601,7 +607,7 @@ github.com/go-playground/locales/currency
 # github.com/go-playground/universal-translator v0.18.1
 ## explicit; go 1.18
 github.com/go-playground/universal-translator
-# github.com/go-playground/validator/v10 v10.16.0
+# github.com/go-playground/validator/v10 v10.17.0
 ## explicit; go 1.18
 github.com/go-playground/validator/v10
 # github.com/go-sql-driver/mysql v1.7.1
@@ -709,9 +715,9 @@ github.com/google/go-cmp/cmp/internal/value
 # github.com/google/go-github/v50 v50.2.0
 ## explicit; go 1.17
 github.com/google/go-github/v50/github
-# github.com/google/go-github/v56 v56.0.0
+# github.com/google/go-github/v57 v57.0.0
 ## explicit; go 1.17
-github.com/google/go-github/v56/github
+github.com/google/go-github/v57/github
 # github.com/google/go-querystring v1.1.0
 ## explicit; go 1.10
 github.com/google/go-querystring/query
@@ -782,7 +788,7 @@ github.com/grpc-ecosystem/go-grpc-middleware
 # github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0
 ## explicit
 github.com/grpc-ecosystem/go-grpc-prometheus
-# github.com/grpc-ecosystem/grpc-gateway/v2 v2.18.1
+# github.com/grpc-ecosystem/grpc-gateway/v2 v2.19.0
 ## explicit; go 1.19
 github.com/grpc-ecosystem/grpc-gateway/v2/internal/httprule
 github.com/grpc-ecosystem/grpc-gateway/v2/runtime
@@ -861,7 +867,7 @@ github.com/jackc/pgpassfile
 # github.com/jackc/pgservicefile v0.0.0-20231201235250-de7065d80cb9
 ## explicit; go 1.14
 github.com/jackc/pgservicefile
-# github.com/jackc/pgx/v5 v5.5.1
+# github.com/jackc/pgx/v5 v5.5.2
 ## explicit; go 1.19
 github.com/jackc/pgx/v5
 github.com/jackc/pgx/v5/internal/anynil
@@ -979,9 +985,6 @@ github.com/mattn/go-isatty
 # github.com/mattn/go-runewidth v0.0.15
 ## explicit; go 1.9
 github.com/mattn/go-runewidth
-# github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0
-## explicit; go 1.19
-github.com/matttproud/golang_protobuf_extensions/v2/pbutil
 # github.com/microsoft/ApplicationInsights-Go v0.4.4
 ## explicit; go 1.12
 github.com/microsoft/ApplicationInsights-Go/appinsights
@@ -1072,15 +1075,15 @@ github.com/newrelic/newrelic-client-go/pkg/testhelpers
 github.com/newrelic/newrelic-client-go/pkg/users
 github.com/newrelic/newrelic-client-go/pkg/workflows
 github.com/newrelic/newrelic-client-go/pkg/workloads
-# github.com/oapi-codegen/runtime v1.1.0
+# github.com/oapi-codegen/runtime v1.1.1
 ## explicit; go 1.20
 github.com/oapi-codegen/runtime
 github.com/oapi-codegen/runtime/types
 # github.com/olekukonko/tablewriter v0.0.5
 ## explicit; go 1.12
 github.com/olekukonko/tablewriter
-# github.com/onsi/ginkgo/v2 v2.13.2
-## explicit; go 1.18
+# github.com/onsi/ginkgo/v2 v2.15.0
+## explicit; go 1.20
 github.com/onsi/ginkgo/v2
 github.com/onsi/ginkgo/v2/config
 github.com/onsi/ginkgo/v2/formatter
@@ -1101,8 +1104,8 @@ github.com/onsi/ginkgo/v2/internal/parallel_support
 github.com/onsi/ginkgo/v2/internal/testingtproxy
 github.com/onsi/ginkgo/v2/reporters
 github.com/onsi/ginkgo/v2/types
-# github.com/onsi/gomega v1.30.0
-## explicit; go 1.18
+# github.com/onsi/gomega v1.31.0
+## explicit; go 1.20
 github.com/onsi/gomega
 github.com/onsi/gomega/format
 github.com/onsi/gomega/internal
@@ -1119,7 +1122,7 @@ github.com/open-policy-agent/cert-controller/pkg/rotator
 # github.com/phayes/freeport v0.0.0-20220201140144-74d24b5ae9f5
 ## explicit
 github.com/phayes/freeport
-# github.com/pierrec/lz4/v4 v4.1.19
+# github.com/pierrec/lz4/v4 v4.1.21
 ## explicit; go 1.14
 github.com/pierrec/lz4/v4
 github.com/pierrec/lz4/v4/internal/lz4block
@@ -1149,7 +1152,7 @@ github.com/prometheus/client_golang/prometheus/testutil/promlint/validations
 # github.com/prometheus/client_model v0.5.0
 ## explicit; go 1.19
 github.com/prometheus/client_model/go
-# github.com/prometheus/common v0.45.0
+# github.com/prometheus/common v0.46.0
 ## explicit; go 1.20
 github.com/prometheus/common/config
 github.com/prometheus/common/expfmt
@@ -1166,7 +1169,7 @@ github.com/rabbitmq/amqp091-go
 # github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475
 ## explicit
 github.com/rcrowley/go-metrics
-# github.com/redis/go-redis/v9 v9.3.1
+# github.com/redis/go-redis/v9 v9.4.0
 ## explicit; go 1.18
 github.com/redis/go-redis/v9
 github.com/redis/go-redis/v9/internal
@@ -1427,7 +1430,7 @@ go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc/inte
 ## explicit; go 1.20
 go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp
 go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/internal/semconvutil
-# go.opentelemetry.io/otel v1.21.0
+# go.opentelemetry.io/otel v1.22.0
 ## explicit; go 1.20
 go.opentelemetry.io/otel
 go.opentelemetry.io/otel/attribute
@@ -1441,8 +1444,8 @@ go.opentelemetry.io/otel/propagation
 go.opentelemetry.io/otel/semconv/internal
 go.opentelemetry.io/otel/semconv/v1.12.0
 go.opentelemetry.io/otel/semconv/v1.17.0
-go.opentelemetry.io/otel/semconv/v1.21.0
-# go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v0.44.0
+go.opentelemetry.io/otel/semconv/v1.24.0
+# go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v0.45.0
 ## explicit; go 1.20
 go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp
 go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp/internal
@@ -1450,23 +1453,23 @@ go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp/internal/envco
 go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp/internal/oconf
 go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp/internal/retry
 go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp/internal/transform
-# go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.21.0
+# go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.22.0
 ## explicit; go 1.20
 go.opentelemetry.io/otel/exporters/otlp/otlptrace
 go.opentelemetry.io/otel/exporters/otlp/otlptrace/internal/tracetransform
-# go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.21.0
+# go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.22.0
 ## explicit; go 1.20
 go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc
 go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/internal
 go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/internal/envconfig
 go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/internal/otlpconfig
 go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/internal/retry
-# go.opentelemetry.io/otel/metric v1.21.0
+# go.opentelemetry.io/otel/metric v1.22.0
 ## explicit; go 1.20
 go.opentelemetry.io/otel/metric
 go.opentelemetry.io/otel/metric/embedded
 go.opentelemetry.io/otel/metric/noop
-# go.opentelemetry.io/otel/sdk v1.21.0
+# go.opentelemetry.io/otel/sdk v1.22.0
 ## explicit; go 1.20
 go.opentelemetry.io/otel/sdk
 go.opentelemetry.io/otel/sdk/instrumentation
@@ -1474,18 +1477,19 @@ go.opentelemetry.io/otel/sdk/internal
 go.opentelemetry.io/otel/sdk/internal/env
 go.opentelemetry.io/otel/sdk/resource
 go.opentelemetry.io/otel/sdk/trace
-# go.opentelemetry.io/otel/sdk/metric v1.21.0
+# go.opentelemetry.io/otel/sdk/metric v1.22.0
 ## explicit; go 1.20
 go.opentelemetry.io/otel/sdk/metric
 go.opentelemetry.io/otel/sdk/metric/internal
 go.opentelemetry.io/otel/sdk/metric/internal/aggregate
+go.opentelemetry.io/otel/sdk/metric/internal/x
 go.opentelemetry.io/otel/sdk/metric/metricdata
-# go.opentelemetry.io/otel/trace v1.21.0
+# go.opentelemetry.io/otel/trace v1.22.0
 ## explicit; go 1.20
 go.opentelemetry.io/otel/trace
 go.opentelemetry.io/otel/trace/embedded
 go.opentelemetry.io/otel/trace/noop
-# go.opentelemetry.io/proto/otlp v1.0.0
+# go.opentelemetry.io/proto/otlp v1.1.0
 ## explicit; go 1.17
 go.opentelemetry.io/proto/otlp/collector/metrics/v1
 go.opentelemetry.io/proto/otlp/collector/trace/v1
@@ -1525,7 +1529,7 @@ go.uber.org/zap/internal/pool
 go.uber.org/zap/internal/stacktrace
 go.uber.org/zap/zapcore
 go.uber.org/zap/zapgrpc
-# golang.org/x/crypto v0.17.0 => golang.org/x/crypto v0.17.0
+# golang.org/x/crypto v0.18.0 => golang.org/x/crypto v0.17.0
 ## explicit; go 1.18
 golang.org/x/crypto/argon2
 golang.org/x/crypto/blake2b
@@ -1546,7 +1550,7 @@ golang.org/x/crypto/pkcs12/internal/rc2
 golang.org/x/crypto/salsa20/salsa
 golang.org/x/crypto/scrypt
 golang.org/x/crypto/sha3
-# golang.org/x/exp v0.0.0-20231226003508-02704c960a9b
+# golang.org/x/exp v0.0.0-20240112132812-db7319d0e0e3
 ## explicit; go 1.20
 golang.org/x/exp/constraints
 golang.org/x/exp/maps
@@ -1557,7 +1561,7 @@ golang.org/x/mod/internal/lazyregexp
 golang.org/x/mod/modfile
 golang.org/x/mod/module
 golang.org/x/mod/semver
-# golang.org/x/net v0.19.0 => golang.org/x/net v0.19.0
+# golang.org/x/net v0.20.0 => golang.org/x/net v0.19.0
 ## explicit; go 1.18
 golang.org/x/net/context
 golang.org/x/net/html
@@ -1574,7 +1578,7 @@ golang.org/x/net/proxy
 golang.org/x/net/publicsuffix
 golang.org/x/net/trace
 golang.org/x/net/websocket
-# golang.org/x/oauth2 v0.15.0
+# golang.org/x/oauth2 v0.16.0
 ## explicit; go 1.18
 golang.org/x/oauth2
 golang.org/x/oauth2/authhandler
@@ -1586,19 +1590,19 @@ golang.org/x/oauth2/google/internal/stsexchange
 golang.org/x/oauth2/internal
 golang.org/x/oauth2/jws
 golang.org/x/oauth2/jwt
-# golang.org/x/sync v0.5.0
+# golang.org/x/sync v0.6.0
 ## explicit; go 1.18
 golang.org/x/sync/errgroup
 golang.org/x/sync/semaphore
 golang.org/x/sync/singleflight
-# golang.org/x/sys v0.15.0
+# golang.org/x/sys v0.16.0
 ## explicit; go 1.18
 golang.org/x/sys/cpu
 golang.org/x/sys/plan9
 golang.org/x/sys/unix
 golang.org/x/sys/windows
 golang.org/x/sys/windows/registry
-# golang.org/x/term v0.15.0
+# golang.org/x/term v0.16.0
 ## explicit; go 1.18
 golang.org/x/term
 # golang.org/x/text v0.14.0 => golang.org/x/text v0.14.0
@@ -1637,7 +1641,7 @@ golang.org/x/text/width
 # golang.org/x/time v0.5.0
 ## explicit; go 1.18
 golang.org/x/time/rate
-# golang.org/x/tools v0.16.1
+# golang.org/x/tools v0.17.0
 ## explicit; go 1.18
 golang.org/x/tools/go/ast/astutil
 golang.org/x/tools/go/ast/inspector
@@ -1668,7 +1672,7 @@ golang.org/x/xerrors/internal
 # gomodules.xyz/jsonpatch/v2 v2.4.0
 ## explicit; go 1.20
 gomodules.xyz/jsonpatch/v2
-# google.golang.org/api v0.154.0
+# google.golang.org/api v0.156.0
 ## explicit; go 1.19
 google.golang.org/api/googleapi
 google.golang.org/api/googleapi/transport
@@ -1698,13 +1702,13 @@ google.golang.org/appengine/internal/modules
 google.golang.org/appengine/internal/remote_api
 google.golang.org/appengine/internal/urlfetch
 google.golang.org/appengine/urlfetch
-# google.golang.org/genproto v0.0.0-20240102182953-50ed04b92917
+# google.golang.org/genproto v0.0.0-20240116215550-a9fa1716bcac
 ## explicit; go 1.19
 google.golang.org/genproto/googleapis/type/calendarperiod
 google.golang.org/genproto/googleapis/type/date
 google.golang.org/genproto/googleapis/type/expr
 google.golang.org/genproto/internal
-# google.golang.org/genproto/googleapis/api v0.0.0-20240102182953-50ed04b92917
+# google.golang.org/genproto/googleapis/api v0.0.0-20240116215550-a9fa1716bcac
 ## explicit; go 1.19
 google.golang.org/genproto/googleapis/api
 google.golang.org/genproto/googleapis/api/annotations
@@ -1714,7 +1718,7 @@ google.golang.org/genproto/googleapis/api/httpbody
 google.golang.org/genproto/googleapis/api/label
 google.golang.org/genproto/googleapis/api/metric
 google.golang.org/genproto/googleapis/api/monitoredres
-# google.golang.org/genproto/googleapis/rpc v0.0.0-20240102182953-50ed04b92917
+# google.golang.org/genproto/googleapis/rpc v0.0.0-20240116215550-a9fa1716bcac
 ## explicit; go 1.19
 google.golang.org/genproto/googleapis/rpc/code
 google.golang.org/genproto/googleapis/rpc/errdetails
@@ -1795,6 +1799,7 @@ google.golang.org/grpc/cmd/protoc-gen-go-grpc
 google.golang.org/protobuf/cmd/protoc-gen-go
 google.golang.org/protobuf/cmd/protoc-gen-go/internal_gengo
 google.golang.org/protobuf/compiler/protogen
+google.golang.org/protobuf/encoding/protodelim
 google.golang.org/protobuf/encoding/protojson
 google.golang.org/protobuf/encoding/prototext
 google.golang.org/protobuf/encoding/protowire
@@ -1836,7 +1841,7 @@ google.golang.org/protobuf/types/known/structpb
 google.golang.org/protobuf/types/known/timestamppb
 google.golang.org/protobuf/types/known/wrapperspb
 google.golang.org/protobuf/types/pluginpb
-# gopkg.in/evanphx/json-patch.v5 v5.7.0
+# gopkg.in/evanphx/json-patch.v5 v5.8.1
 ## explicit
 gopkg.in/evanphx/json-patch.v5
 # gopkg.in/inf.v0 v0.9.1
@@ -2533,7 +2538,7 @@ k8s.io/utils/pointer
 k8s.io/utils/ptr
 k8s.io/utils/strings/slices
 k8s.io/utils/trace
-# knative.dev/pkg v0.0.0-20240103071102-dfa0a2c9e85b
+# knative.dev/pkg v0.0.0-20240116073220-b488e7be5902
 ## explicit; go 1.18
 knative.dev/pkg/apis
 knative.dev/pkg/apis/duck