Merge pull request #3813 from thaJeztah/20.10_bump_engine

[20.10] vendor: github.com/docker/docker v20.10.18
Merge pull request #3814 from thaJeztah/20.10_backport_zsh_completion
2022-10-13 15:56:52 +02:00 · 2022-10-13 15:55:53 +02:00 · 2022-10-13 15:25:19 +02:00 · 2022-10-13 15:21:59 +02:00 · 2022-10-13 15:21:43 +02:00 · 2022-10-12 17:27:45 +02:00
3177 changed files with 329029 additions and 276007 deletions
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@ -0,0 +1,153 @@
+version: 2
+
+jobs:
+
+  lint:
+    working_directory: /work
+    docker: [{image: 'docker:20.10-git'}]
+    environment:
+      DOCKER_BUILDKIT: 1
+    steps:
+      - checkout
+      - setup_remote_docker:
+          version: 20.10.6
+          reusable: true
+          exclusive: false
+      - run:
+          name: "Docker version"
+          command: docker version
+      - run:
+          name: "Docker info"
+          command: docker info
+      - run:
+          name: "Shellcheck - build image"
+          command: |
+            docker build --progress=plain -f dockerfiles/Dockerfile.shellcheck --tag cli-validator:$CIRCLE_BUILD_NUM .
+      - run:
+          name: "Shellcheck"
+          command: |
+            docker run --rm cli-validator:$CIRCLE_BUILD_NUM \
+                make shellcheck
+      - run:
+          name: "Lint - build image"
+          command: |
+            docker build --progress=plain -f dockerfiles/Dockerfile.lint --tag cli-linter:$CIRCLE_BUILD_NUM .
+      - run:
+          name: "Lint"
+          command: |
+            docker run --rm cli-linter:$CIRCLE_BUILD_NUM
+
+  cross:
+    working_directory: /work
+    docker: [{image: 'docker:20.10-git'}]
+    environment:
+      DOCKER_BUILDKIT: 1
+      BUILDX_VERSION: "v0.8.2"
+    parallelism: 3
+    steps:
+      - checkout
+      - setup_remote_docker:
+          version: 20.10.6
+          reusable: true
+          exclusive: false
+      - run:
+          name: "Docker version"
+          command: docker version
+      - run:
+          name: "Docker info"
+          command: docker info
+      - run: apk add make curl
+      - run: mkdir -vp ~/.docker/cli-plugins/
+      - run: curl -fsSL --output ~/.docker/cli-plugins/docker-buildx https://github.com/docker/buildx/releases/download/${BUILDX_VERSION}/buildx-${BUILDX_VERSION}.linux-amd64
+      - run: chmod a+x ~/.docker/cli-plugins/docker-buildx
+      - run: docker buildx version
+      - run: docker context create buildctx
+      - run: docker buildx create --use buildctx && docker buildx inspect --bootstrap
+      - run: GROUP_INDEX=$CIRCLE_NODE_INDEX GROUP_TOTAL=$CIRCLE_NODE_TOTAL docker buildx bake cross --progress=plain
+      - store_artifacts:
+          path: /work/build
+
+  test:
+    working_directory: /work
+    docker: [{image: 'docker:20.10-git'}]
+    environment:
+      DOCKER_BUILDKIT: 1
+    steps:
+      - checkout
+      - setup_remote_docker:
+          version: 20.10.6
+          reusable: true
+          exclusive: false
+      - run:
+          name: "Docker version"
+          command: docker version
+      - run:
+          name: "Docker info"
+          command: docker info
+      - run:
+          name: "Unit Test with Coverage - build image"
+          command: |
+            mkdir -p test-results/unit-tests
+            docker build --progress=plain -f dockerfiles/Dockerfile.dev --tag cli-builder:$CIRCLE_BUILD_NUM .
+      - run:
+          name: "Unit Test with Coverage"
+          command: |
+            docker run \
+                -e GOTESTSUM_JUNITFILE=/tmp/junit.xml \
+                --name \
+                test-$CIRCLE_BUILD_NUM cli-builder:$CIRCLE_BUILD_NUM \
+                make test-coverage
+            docker cp \
+                test-$CIRCLE_BUILD_NUM:/tmp/junit.xml \
+                ./test-results/unit-tests/junit.xml
+      - run:
+          name: "Upload to Codecov"
+          command: |
+            docker cp \
+                test-$CIRCLE_BUILD_NUM:/go/src/github.com/docker/cli/coverage.txt \
+                coverage.txt
+            apk add -U bash curl
+            curl -s https://codecov.io/bash | bash || \
+                echo 'Codecov failed to upload'
+      - store_test_results:
+          path:  test-results
+      - store_artifacts:
+          path:  test-results
+
+  validate:
+    working_directory: /work
+    docker: [{image: 'docker:20.10-git'}]
+    environment:
+      DOCKER_BUILDKIT: 1
+    steps:
+      - checkout
+      - setup_remote_docker:
+          version: 20.10.6
+          reusable: true
+          exclusive: false
+      - run:
+          name: "Docker version"
+          command: docker version
+      - run:
+          name: "Docker info"
+          command: docker info
+      - run:
+          name: "Validate - build image"
+          command: |
+            rm -f .dockerignore # include .git
+            docker build --progress=plain -f dockerfiles/Dockerfile.dev --tag cli-builder-with-git:$CIRCLE_BUILD_NUM .
+      - run:
+          name: "Validate Vendor, Docs, and Code Generation"
+          command: |
+            docker run --rm cli-builder-with-git:$CIRCLE_BUILD_NUM \
+                make ci-validate
+          no_output_timeout: 15m
+
+workflows:
+  version: 2
+  ci:
+    jobs:
+      - lint
+      - cross
+      - test
+      - validate
--- a/.dockerignore
+++ b/.dockerignore
@ -1,2 +1,7 @@
-.git
-build
+.circleci
+.dockerignore
+.github
+.gitignore
+appveyor.yml
+build
+/vndr.log
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@ -0,0 +1,80 @@
+# For most projects, this workflow file will not need changing; you simply need
+# to commit it to your repository.
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+name: "CodeQL"
+
+on:
+#  push:
+#    branches: [master]
+#  pull_request:
+#    # The branches below must be a subset of the branches above
+#    branches: [master]
+  schedule:
+    #        ┌───────────── minute (0 - 59)
+    #        │ ┌───────────── hour (0 - 23)
+    #        │ │ ┌───────────── day of the month (1 - 31)
+    #        │ │ │ ┌───────────── month (1 - 12)
+    #        │ │ │ │ ┌───────────── day of the week (0 - 6) (Sunday to Saturday)
+    #        │ │ │ │ │
+    #        │ │ │ │ │
+    #        │ │ │ │ │
+    #        * * * * *
+    - cron: '0 9 * * 4'
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+
+    strategy:
+      fail-fast: false
+      matrix:
+        # Override automatic language detection by changing the below list
+        # Supported options are ['csharp', 'cpp', 'go', 'java', 'javascript', 'python']
+        language: ['go']
+        # Learn more...
+        # https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#overriding-automatic-language-detection
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v2
+        with:
+          # We must fetch at least the immediate parents so that if this is
+          # a pull request then we can checkout the head.
+          fetch-depth: 2
+
+      # If this run was triggered by a pull request event, then checkout
+      # the head of the pull request instead of the merge commit.
+      - run: git checkout HEAD^2
+        if: ${{ github.event_name == 'pull_request' }}
+
+      # Initializes the CodeQL tools for scanning.
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v1
+        with:
+          languages: ${{ matrix.language }}
+          # If you wish to specify custom queries, you can do so here or in a config file.
+          # By default, queries listed here will override any specified in a config file.
+          # Prefix the list here with "+" to use these queries and those in the config file.
+          # queries: ./path/to/local/query, your-org/your-repo/queries@main
+
+      # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
+      # If this step fails, then you should remove it and run the build manually (see below)
+      - name: Autobuild
+        uses: github/codeql-action/autobuild@v1
+
+      # ℹ️ Command-line programs to run using the OS shell.
+      # 📚 https://git.io/JvXDl
+
+      # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
+      #    and modify them (or add more) to build your code if your project
+      #    uses a compiled language
+
+      #- run: |
+      #   make bootstrap
+      #   make release
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v1
--- a/.gitignore
+++ b/.gitignore
@ -8,11 +8,11 @@
 Thumbs.db
 .editorconfig
 /build/
-cli/winresources/rsrc_386.syso
-cli/winresources/rsrc_amd64.syso
+cli/winresources/rsrc_*.syso
 /man/man1/
 /man/man5/
 /man/man8/
 /docs/yaml/gen/
 coverage.txt
 profile.out
+/vndr.log
--- a/.golangci.yml
+++ b/.golangci.yml
@ -0,0 +1,117 @@
+linters:
+  enable:
+    - bodyclose
+    - deadcode
+    - dogsled
+    - gocyclo
+    - goimports
+    - gosec
+    - gosimple
+    - govet
+    - ineffassign
+    - lll
+    - megacheck
+    - misspell
+    - nakedret
+    - staticcheck
+    - structcheck
+    - typecheck
+    - unconvert
+    - unparam
+    - unused
+    - revive
+    - varcheck
+
+  disable:
+    - errcheck
+
+run:
+  timeout: 5m
+  skip-dirs:
+    - cli/command/stack/kubernetes/api/openapi
+    - cli/command/stack/kubernetes/api/client
+  skip-files:
+    - cli/compose/schema/bindata.go
+    - .*generated.*
+
+linters-settings:
+  gocyclo:
+    min-complexity: 16
+  govet:
+    check-shadowing: false
+  lll:
+    line-length: 200
+  nakedret:
+    command: nakedret
+    pattern: ^(?P<path>.*?\\.go):(?P<line>\\d+)\\s*(?P<message>.*)$
+
+issues:
+  # The default exclusion rules are a bit too permissive, so copying the relevant ones below
+  exclude-use-default: false
+
+  exclude:
+    - parameter .* always receives
+
+  exclude-rules:
+    # We prefer to use an "exclude-list" so that new "default" exclusions are not
+    # automatically inherited. We can decide whether or not to follow upstream
+    # defaults when updating golang-ci-lint versions.
+    # Unfortunately, this means we have to copy the whole exclusion pattern, as
+    # (unlike the "include" option), the "exclude" option does not take exclusion
+    # ID's.
+    #
+    # These exclusion patterns are copied from the default excluses at:
+    # https://github.com/golangci/golangci-lint/blob/v1.44.0/pkg/config/issues.go#L10-L104
+
+    # EXC0001
+    - text: "Error return value of .((os\\.)?std(out|err)\\..*|.*Close|.*Flush|os\\.Remove(All)?|.*print(f|ln)?|os\\.(Un)?Setenv). is not checked"
+      linters:
+        - errcheck
+    # EXC0003
+    - text: "func name will be used as test\\.Test.* by other packages, and that stutters; consider calling this"
+      linters:
+        - revive
+    # EXC0006
+    - text: "Use of unsafe calls should be audited"
+      linters:
+        - gosec
+    # EXC0007
+    - text: "Subprocess launch(ed with variable|ing should be audited)"
+      linters:
+        - gosec
+    # EXC0008
+    # TODO: evaluate these and fix where needed: G307: Deferring unsafe method "*os.File" on type "Close" (gosec)
+    - text: "(G104|G307)"
+      linters:
+        - gosec
+    # EXC0009
+    - text: "(Expect directory permissions to be 0750 or less|Expect file permissions to be 0600 or less)"
+      linters:
+        - gosec
+    # EXC0010
+    - text: "Potential file inclusion via variable"
+      linters:
+        - gosec
+
+    # Looks like the match in "EXC0007" above doesn't catch this one
+    # TODO: consider upstreaming this to golangci-lint's default exclusion rules
+    - text: "G204: Subprocess launched with a potential tainted input or cmd arguments"
+      linters:
+        - gosec
+    # Looks like the match in "EXC0009" above doesn't catch this one
+    # TODO: consider upstreaming this to golangci-lint's default exclusion rules
+    - text: "G306: Expect WriteFile permissions to be 0600 or less"
+      linters:
+        - gosec
+
+    # Exclude some linters from running on tests files.
+    - path: _test\.go
+      linters:
+        - errcheck
+        - gosec
+
+  # Maximum issues count per one linter. Set to 0 to disable. Default is 50.
+  max-issues-per-linter: 0
+
+  # Maximum count of issues with the same text. Set to 0 to disable. Default is 3.
+  max-same-issues: 0
--- a/.mailmap
+++ b/.mailmap
@ -12,10 +12,13 @@ Ace Tang <aceapril@126.com>
 Adrien Gallouët <adrien@gallouet.fr> <angt@users.noreply.github.com>
 Ahmed Kamal <email.ahmedkamal@googlemail.com>
 Ahmet Alp Balkan <ahmetb@microsoft.com> <ahmetalpbalkan@gmail.com>
-AJ Bowen <aj@gandi.net>
-AJ Bowen <aj@gandi.net> <amy@gandi.net>
+AJ Bowen <aj@soulshake.net>
+AJ Bowen <aj@soulshake.net> <aj@gandi.net>
+AJ Bowen <aj@soulshake.net> <amy@gandi.net>
 Akihiro Matsushima <amatsusbit@gmail.com> <amatsus@users.noreply.github.com>
-Akihiro Suda <suda.akihiro@lab.ntt.co.jp> <suda.kyoto@gmail.com>
+Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
+Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp> <suda.akihiro@lab.ntt.co.jp>
+Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp> <suda.kyoto@gmail.com>
 Aleksa Sarai <asarai@suse.de>
 Aleksa Sarai <asarai@suse.de> <asarai@suse.com>
 Aleksa Sarai <asarai@suse.de> <cyphar@cyphar.com>
@ -44,9 +47,11 @@ Antonio Murdaca <antonio.murdaca@gmail.com> <runcom@users.noreply.github.com>
 Anuj Bahuguna <anujbahuguna.dev@gmail.com>
 Anuj Bahuguna <anujbahuguna.dev@gmail.com> <abahuguna@fiberlink.com>
 Anusha Ragunathan <anusha.ragunathan@docker.com> <anusha@docker.com>
+Ao Li <la9249@163.com>
 Arnaud Porterie <arnaud.porterie@docker.com>
 Arnaud Porterie <arnaud.porterie@docker.com> <icecrime@gmail.com>
 Arthur Gautier <baloo@gandi.net> <superbaloo+registrations.github@superbaloo.net>
+Arthur Peka <arthur.peka@outlook.com> <arthrp@users.noreply.github.com>
 Avi Miller <avi.miller@oracle.com> <avi.miller@gmail.com>
 Ben Bonnefoy <frenchben@docker.com>
 Ben Golub <ben.golub@dotcloud.com>
@ -66,6 +71,7 @@ Brent Salisbury <brent.salisbury@docker.com> <brent@docker.com>
 Brian Goff <cpuguy83@gmail.com>
 Brian Goff <cpuguy83@gmail.com> <bgoff@cpuguy83-mbp.home>
 Brian Goff <cpuguy83@gmail.com> <bgoff@cpuguy83-mbp.local>
+Carlos de Paula <me@carlosedp.com>
 Chad Faragher <wyckster@hotmail.com>
 Chander Govindarajan <chandergovind@gmail.com>
 Chao Wang <wangchao.fnst@cn.fujitsu.com> <chaowang@localhost.localdomain>
@ -81,6 +87,7 @@ Christopher Biscardi <biscarch@sketcht.com>
 Christopher Latham <sudosurootdev@gmail.com>
 Christy Norman <christy@linux.vnet.ibm.com>
 Chun Chen <ramichen@tencent.com> <chenchun.feed@gmail.com>
+Comical Derskeal <27731088+derskeal@users.noreply.github.com>
 Corbin Coleman <corbin.coleman@docker.com>
 Cristian Staretu <cristian.staretu@gmail.com>
 Cristian Staretu <cristian.staretu@gmail.com> <unclejack@users.noreply.github.com>
@ -89,6 +96,7 @@ CUI Wei <ghostplant@qq.com> cuiwei13 <cuiwei13@pku.edu.cn>
 Daehyeok Mun <daehyeok@gmail.com>
 Daehyeok Mun <daehyeok@gmail.com> <daehyeok@daehyeok-ui-MacBook-Air.local>
 Daehyeok Mun <daehyeok@gmail.com> <daehyeok@daehyeokui-MacBook-Air.local>
+Daisuke Ito <itodaisuke00@gmail.com>
 Dan Feldman <danf@jfrog.com>
 Daniel Dao <dqminh@cloudflare.com>
 Daniel Dao <dqminh@cloudflare.com> <dqminh89@gmail.com>
@ -120,6 +128,8 @@ Diogo Monica <diogo@docker.com> <diogo.monica@gmail.com>
 Dominik Honnef <dominik@honnef.co> <dominikh@fork-bomb.org>
 Doug Davis <dug@us.ibm.com> <duglin@users.noreply.github.com>
 Doug Tangren <d.tangren@gmail.com>
+Drew Erny <derny@mirantis.com>
+Drew Erny <derny@mirantis.com> <drew.erny@docker.com>
 Elan Ruusamäe <glen@pld-linux.org>
 Elan Ruusamäe <glen@pld-linux.org> <glen@delfi.ee>
 Elango Sivanandam <elango.siva@docker.com>
@ -176,6 +186,7 @@ Hollie Teal <hollie@docker.com>
 Hollie Teal <hollie@docker.com> <hollie.teal@docker.com>
 Hollie Teal <hollie@docker.com> <hollietealok@users.noreply.github.com>
 Hu Keping <hukeping@huawei.com>
+Hugo Gabriel Eyherabide <hugogabriel.eyherabide@gmail.com>
 Huu Nguyen <huu@prismskylabs.com> <whoshuu@gmail.com>
 Hyzhou Zhy <hyzhou.zhy@alibaba-inc.com>
 Hyzhou Zhy <hyzhou.zhy@alibaba-inc.com> <1187766782@qq.com>
@ -196,14 +207,16 @@ Jean-Tiare Le Bigot <jt@yadutaf.fr> <admin@jtlebi.fr>
 Jeff Anderson <jeff@docker.com> <jefferya@programmerq.net>
 Jeff Nickoloff <jeff.nickoloff@gmail.com> <jeff@allingeek.com>
 Jeroen Franse <jeroenfranse@gmail.com>
-Jessica Frazelle <jessfraz@google.com>
-Jessica Frazelle <jessfraz@google.com> <acidburn@docker.com>
-Jessica Frazelle <jessfraz@google.com> <acidburn@google.com>
-Jessica Frazelle <jessfraz@google.com> <jess@docker.com>
-Jessica Frazelle <jessfraz@google.com> <jess@mesosphere.com>
-Jessica Frazelle <jessfraz@google.com> <jfrazelle@users.noreply.github.com>
-Jessica Frazelle <jessfraz@google.com> <me@jessfraz.com>
-Jessica Frazelle <jessfraz@google.com> <princess@docker.com>
+Jessica Frazelle <jess@oxide.computer>
+Jessica Frazelle <jess@oxide.computer> <acidburn@docker.com>
+Jessica Frazelle <jess@oxide.computer> <acidburn@google.com>
+Jessica Frazelle <jess@oxide.computer> <acidburn@microsoft.com>
+Jessica Frazelle <jess@oxide.computer> <jess@docker.com>
+Jessica Frazelle <jess@oxide.computer> <jess@mesosphere.com>
+Jessica Frazelle <jess@oxide.computer> <jessfraz@google.com>
+Jessica Frazelle <jess@oxide.computer> <jfrazelle@users.noreply.github.com>
+Jessica Frazelle <jess@oxide.computer> <me@jessfraz.com>
+Jessica Frazelle <jess@oxide.computer> <princess@docker.com>
 Jim Galasyn <jim.galasyn@docker.com>
 Jiuyue Ma <majiuyue@huawei.com>
 Joey Geiger <jgeiger@gmail.com>
@ -212,16 +225,19 @@ Joffrey F <joffrey@docker.com> <f.joffrey@gmail.com>
 Joffrey F <joffrey@docker.com> <joffrey@dotcloud.com>
 Johan Euphrosine <proppy@google.com> <proppy@aminche.com>
 John Harris <john@johnharris.io>
-John Howard (VM) <John.Howard@microsoft.com>
-John Howard (VM) <John.Howard@microsoft.com> <jhoward@microsoft.com>
-John Howard (VM) <John.Howard@microsoft.com> <jhoward@ntdev.microsoft.com>
-John Howard (VM) <John.Howard@microsoft.com> <jhowardmsft@users.noreply.github.com>
-John Howard (VM) <John.Howard@microsoft.com> <john.howard@microsoft.com>
+John Howard <github@lowenna.com>
+John Howard <github@lowenna.com> <John.Howard@microsoft.com>
+John Howard <github@lowenna.com> <jhoward@microsoft.com>
+John Howard <github@lowenna.com> <jhoward@ntdev.microsoft.com>
+John Howard <github@lowenna.com> <jhowardmsft@users.noreply.github.com>
+John Howard <github@lowenna.com> <john.howard@microsoft.com>
 John Stephens <johnstep@docker.com> <johnstep@users.noreply.github.com>
 Jordan Arentsen <blissdev@gmail.com>
 Jordan Jennings <jjn2009@gmail.com> <jjn2009@users.noreply.github.com>
 Jorit Kleine-Möllhoff <joppich@bricknet.de> <joppich@users.noreply.github.com>
-Jose Diaz-Gonzalez <jose@seatgeek.com> <josegonzalez@users.noreply.github.com>
+Jose Diaz-Gonzalez <email@josediazgonzalez.com>
+Jose Diaz-Gonzalez <email@josediazgonzalez.com> <jose@seatgeek.com>
+Jose Diaz-Gonzalez <email@josediazgonzalez.com> <josegonzalez@users.noreply.github.com>
 Josh Eveleth <joshe@opendns.com> <jeveleth@users.noreply.github.com>
 Josh Hawn <josh.hawn@docker.com> <jlhawn@berkeley.edu>
 Josh Horwitz <horwitz@addthis.com> <horwitzja@gmail.com>
@ -243,12 +259,16 @@ Kai Qiang Wu (Kennan) <wkq5325@gmail.com> <wkqwu@cn.ibm.com>
 Kamil Domański <kamil@domanski.co>
 Kamjar Gerami <kami.gerami@gmail.com>
 Kat Samperi <kat.samperi@gmail.com> <kizzie@users.noreply.github.com>
+Kathryn Spiers <kathryn@spiers.me>
+Kathryn Spiers <kathryn@spiers.me> <kyle@Spiers.me>
+Kathryn Spiers <kathryn@spiers.me> <Kyle@Spiers.me>
 Ken Cochrane <kencochrane@gmail.com> <KenCochrane@gmail.com>
 Ken Herner <kherner@progress.com> <chosenken@gmail.com>
 Kenfe-Mickaël Laventure <mickael.laventure@gmail.com>
 Kevin Feyrer <kevin.feyrer@btinternet.com> <kevinfeyrer@users.noreply.github.com>
 Kevin Kern <kaiwentan@harmonycloud.cn>
 Kevin Meredith <kevin.m.meredith@gmail.com>
+Kevin Woblick <mail@kovah.de>
 Kir Kolyshkin <kolyshkin@gmail.com>
 Kir Kolyshkin <kolyshkin@gmail.com> <kir@openvz.org>
 Kir Kolyshkin <kolyshkin@gmail.com> <kolyshkin@users.noreply.github.com>
@ -257,8 +277,6 @@ Konstantin Gribov <grossws@gmail.com>
 Konstantin Pelykh <kpelykh@zettaset.com>
 Kotaro Yoshimatsu <kotaro.yoshimatsu@gmail.com>
 Kunal Kushwaha <kushwaha_kunal_v7@lab.ntt.co.jp> <kunal.kushwaha@gmail.com>
-Kyle Spiers <kyle@spiers.me>
-Kyle Spiers <kyle@spiers.me> <Kyle@Spiers.me>
 Lajos Papp <lajos.papp@sequenceiq.com> <lalyos@yahoo.com>
 Lei Jitang <leijitang@huawei.com>
 Lei Jitang <leijitang@huawei.com> <leijitang@gmail.com>
@ -277,6 +295,8 @@ Lyn <energylyn@zju.edu.cn>
 Lynda O'Leary <lyndaoleary29@gmail.com>
 Lynda O'Leary <lyndaoleary29@gmail.com> <lyndaoleary@hotmail.com>
 Ma Müller <mueller-ma@users.noreply.github.com>
+Maciej Kalisz <maciej.d.kalisz@gmail.com>
+Maciej Kalisz <maciej.d.kalisz@gmail.com> <mdkalish@users.noreply.github.com>
 Madhan Raj Mookkandy <MadhanRaj.Mookkandy@microsoft.com> <madhanm@microsoft.com>
 Madhu Venugopal <madhu@socketplane.io> <madhu@docker.com>
 Mageee <fangpuyi@foxmail.com> <21521230.zju.edu.cn>
@ -286,6 +306,7 @@ Marc Abramowitz <marc@marc-abramowitz.com> <msabramo@gmail.com>
 Marcelo Horacio Fortino <info@fortinux.com> <fortinux@users.noreply.github.com>
 Marcus Linke <marcus.linke@gmx.de>
 Marianna Tessel <mtesselh@gmail.com>
+Marius Ileana <marius.ileana@gmail.com>
 Mark Oates <fl0yd@me.com>
 Markan Patel <mpatel678@gmail.com>
 Markus Kortlang <hyp3rdino@googlemail.com> <markus.kortlang@lhsystems.com>
@ -322,6 +343,8 @@ Milind Chawre <milindchawre@gmail.com>
 Misty Stanley-Jones <misty@docker.com> <misty@apache.org>
 Mohit Soni <mosoni@ebay.com> <mohitsoni1989@gmail.com>
 Moorthy RS <rsmoorthy@gmail.com> <rsmoorthy@users.noreply.github.com>
+Morten Hekkvang <morten.hekkvang@sbab.se>
+Morten Hekkvang <morten.hekkvang@sbab.se> <morten.hekkvang@tele2.com>
 Moysés Borges <moysesb@gmail.com>
 Moysés Borges <moysesb@gmail.com> <moyses.furtado@wplex.com.br>
 Nace Oroz <orkica@gmail.com>
@ -362,6 +385,7 @@ Ross Boucher <rboucher@gmail.com>
 Runshen Zhu <runshen.zhu@gmail.com>
 Ryan Stelly <ryan.stelly@live.com>
 Sakeven Jiang <jc5930@sina.cn>
+Samarth Shah <samashah@microsoft.com>
 Sandeep Bansal <sabansal@microsoft.com>
 Sandeep Bansal <sabansal@microsoft.com> <msabansal@microsoft.com>
 Sargun Dhillon <sargun@netflix.com> <sargun@sargun.me>
@ -394,6 +418,8 @@ Stefan Berger <stefanb@linux.vnet.ibm.com>
 Stefan Berger <stefanb@linux.vnet.ibm.com> <stefanb@us.ibm.com>
 Stefan J. Wernli <swernli@microsoft.com> <swernli@ntdev.microsoft.com>
 Stefan S. <tronicum@user.github.com>
+Stefan Scherer <stefan.scherer@docker.com>
+Stefan Scherer <stefan.scherer@docker.com> <scherer_stefan@icloud.com>
 Stephen Day <stevvooe@gmail.com>
 Stephen Day <stevvooe@gmail.com> <stephen.day@docker.com>
 Stephen Day <stevvooe@gmail.com> <stevvooe@users.noreply.github.com>
@ -402,6 +428,8 @@ Steve Richards <steve.richards@docker.com> stevejr <>
 Sun Gengze <690388648@qq.com>
 Sun Jianbo <wonderflow.sun@gmail.com>
 Sun Jianbo <wonderflow.sun@gmail.com> <wonderflow@zju.edu.cn>
+Sunny Gogoi <indiasuny000@gmail.com>
+Sunny Gogoi <indiasuny000@gmail.com> <me@darkowlzz.space>
 Sven Dowideit <SvenDowideit@home.org.au>
 Sven Dowideit <SvenDowideit@home.org.au> <sven@t440s.home.gateway>
 Sven Dowideit <SvenDowideit@home.org.au> <SvenDowideit@docker.com>
@ -413,6 +441,7 @@ Sylvain Bellemare <sylvain@ascribe.io>
 Sylvain Bellemare <sylvain@ascribe.io> <sylvain.bellemare@ezeep.com>
 Tangi Colin <tangicolin@gmail.com>
 Tejesh Mehta <tejesh.mehta@gmail.com> <tj@init.me>
+Teppei Fukuda <knqyf263@gmail.com>
 Thatcher Peskens <thatcher@docker.com>
 Thatcher Peskens <thatcher@docker.com> <thatcher@dotcloud.com>
 Thatcher Peskens <thatcher@docker.com> <thatcher@gmx.net>
@ -439,6 +468,8 @@ Tõnis Tiigi <tonistiigi@gmail.com>
 Trishna Guha <trishnaguha17@gmail.com>
 Tristan Carel <tristan@cogniteev.com>
 Tristan Carel <tristan@cogniteev.com> <tristan.carel@gmail.com>
+Ulrich Bareth <ulrich.bareth@gmail.com>
+Ulrich Bareth <ulrich.bareth@gmail.com> <usb79@users.noreply.github.com>
 Umesh Yadav <umesh4257@gmail.com>
 Umesh Yadav <umesh4257@gmail.com> <dungeonmaster18@users.noreply.github.com>
 Victor Lyuboslavsky <victor@victoreda.com>
--- a/76
+++ b/76
@ -8,20 +8,25 @@ Aaron.L.Xu <likexu@harmonycloud.cn>
 Abdur Rehman <abdur_rehman@mentor.com>
 Abhinandan Prativadi <abhi@docker.com>
 Abin Shahab <ashahab@altiscale.com>
+Abreto FU <public@abreto.email>
 Ace Tang <aceapril@126.com>
 Addam Hardy <addam.hardy@gmail.com>
 Adolfo Ochagavía <aochagavia92@gmail.com>
+Adrian Plata <adrian.plata@docker.com>
 Adrien Duermael <adrien@duermael.com>
 Adrien Folie <folie.adrien@gmail.com>
 Ahmet Alp Balkan <ahmetb@microsoft.com>
 Aidan Feldman <aidan.feldman@gmail.com>
 Aidan Hobson Sayers <aidanhs@cantab.net>
-AJ Bowen <aj@gandi.net>
-Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
+AJ Bowen <aj@soulshake.net>
+Akhil Mohan <akhil.mohan@mayadata.io>
+Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 Akim Demaille <akim.demaille@docker.com>
 Alan Thompson <cloojure@gmail.com>
 Albert Callarisa <shark234@gmail.com>
+Albin Kerouanton <albin@akerouanton.name>
 Aleksa Sarai <asarai@suse.de>
+Aleksander Piotrowski <apiotrowski312@gmail.com>
 Alessandro Boch <aboch@tetrationanalytics.com>
 Alex Mavrogiannis <alex.mavrogiannis@docker.com>
 Alex Mayer <amayer5125@gmail.com>
@ -39,6 +44,7 @@ Amir Goldstein <amir73il@aquasec.com>
 Amit Krishnan <amit.krishnan@oracle.com>
 Amit Shukla <amit.shukla@docker.com>
 Amy Lindburg <amy.lindburg@docker.com>
+Anca Iordache <anca.iordache@docker.com>
 Anda Xu <anda.xu@docker.com>
 Andrea Luzzardi <aluzzardi@gmail.com>
 Andreas Köhler <andi5.py@gmx.net>
@ -48,6 +54,7 @@ Andrew Macpherson <hopscotch23@gmail.com>
 Andrew McDonnell <bugs@andrewmcdonnell.net>
 Andrew Po <absourd.noise@gmail.com>
 Andrey Petrov <andrey.petrov@shazow.net>
+Andrii Berehuliak <berkusandrew@gmail.com>
 André Martins <aanm90@gmail.com>
 Andy Goldstein <agoldste@redhat.com>
 Andy Rothfusz <github@developersupport.net>
@ -58,8 +65,11 @@ Anton Polonskiy <anton.polonskiy@gmail.com>
 Antonio Murdaca <antonio.murdaca@gmail.com>
 Antonis Kalipetis <akalipetis@gmail.com>
 Anusha Ragunathan <anusha.ragunathan@docker.com>
+Ao Li <la9249@163.com>
 Arash Deshmeh <adeshmeh@ca.ibm.com>
+Arko Dasgupta <arko.dasgupta@docker.com>
 Arnaud Porterie <arnaud.porterie@docker.com>
+Arthur Peka <arthur.peka@outlook.com>
 Ashwini Oruganti <ashwini.oruganti@gmail.com>
 Azat Khuyiyakhmetov <shadow_uz@mail.ru>
 Bardia Keyoumarsi <bkeyouma@ucsc.edu>
@ -85,6 +95,7 @@ Brent Salisbury <brent.salisbury@docker.com>
 Bret Fisher <bret@bretfisher.com>
 Brian (bex) Exelbierd <bexelbie@redhat.com>
 Brian Goff <cpuguy83@gmail.com>
+Brian Wieder <brian@4wieders.com>
 Bryan Bess <squarejaw@bsbess.com>
 Bryan Boreham <bjboreham@gmail.com>
 Bryan Murphy <bmurphy1976@gmail.com>
@ -93,6 +104,7 @@ Cameron Spear <cameronspear@gmail.com>
 Cao Weiwei <cao.weiwei30@zte.com.cn>
 Carlo Mion <mion00@gmail.com>
 Carlos Alexandro Becker <caarlos0@gmail.com>
+Carlos de Paula <me@carlosedp.com>
 Ce Gao <ce.gao@outlook.com>
 Cedric Davies <cedricda@microsoft.com>
 Cezar Sa Espinola <cezarsa@gmail.com>
@ -126,25 +138,31 @@ Coenraad Loubser <coenraad@wish.org.za>
 Colin Hebert <hebert.colin@gmail.com>
 Collin Guarino <collin.guarino@gmail.com>
 Colm Hally <colmhally@gmail.com>
+Comical Derskeal <27731088+derskeal@users.noreply.github.com>
 Corey Farrell <git@cfware.com>
 Corey Quon <corey.quon@docker.com>
 Craig Wilhite <crwilhit@microsoft.com>
 Cristian Staretu <cristian.staretu@gmail.com>
 Daehyeok Mun <daehyeok@gmail.com>
 Dafydd Crosby <dtcrsby@gmail.com>
+Daisuke Ito <itodaisuke00@gmail.com>
 dalanlan <dalanlan925@gmail.com>
 Damien Nadé <github@livna.org>
 Dan Cotora <dan@bluevision.ro>
+Daniel Artine <daniel.artine@ufrj.br>
+Daniel Cassidy <mail@danielcassidy.me.uk>
 Daniel Dao <dqminh@cloudflare.com>
 Daniel Farrell <dfarrell@redhat.com>
 Daniel Gasienica <daniel@gasienica.ch>
 Daniel Goosen <daniel.goosen@surveysampling.com>
+Daniel Helfand <dhelfand@redhat.com>
 Daniel Hiltgen <daniel.hiltgen@docker.com>
 Daniel J Walsh <dwalsh@redhat.com>
 Daniel Nephin <dnephin@docker.com>
 Daniel Norberg <dano@spotify.com>
 Daniel Watkins <daniel@daniel-watkins.co.uk>
 Daniel Zhang <jmzwcn@gmail.com>
+Daniil Nikolenko <qoo2p5@gmail.com>
 Danny Berger <dpb587@gmail.com>
 Darren Shepherd <darren.s.shepherd@gmail.com>
 Darren Stahl <darst@microsoft.com>
@ -158,6 +176,7 @@ David Cramer <davcrame@cisco.com>
 David Dooling <dooling@gmail.com>
 David Gageot <david@gageot.net>
 David Lechner <david@lechnology.com>
+David Scott <dave@recoil.org>
 David Sheets <dsheets@docker.com>
 David Williamson <david.williamson@docker.com>
 David Xia <dxia@spotify.com>
@ -176,13 +195,15 @@ Dima Stopel <dima@twistlock.com>
 Dimitry Andric <d.andric@activevideo.com>
 Ding Fei <dingfei@stars.org.cn>
 Diogo Monica <diogo@docker.com>
+Djordje Lukic <djordje.lukic@docker.com>
 Dmitry Gusev <dmitry.gusev@gmail.com>
 Dmitry Smirnov <onlyjob@member.fsf.org>
 Dmitry V. Krivenok <krivenok.dmitry@gmail.com>
+Dominik Braun <dominik.braun@nbsp.de>
 Don Kjer <don.kjer@gmail.com>
 Dong Chen <dongluo.chen@docker.com>
 Doug Davis <dug@us.ibm.com>
-Drew Erny <drew.erny@docker.com>
+Drew Erny <derny@mirantis.com>
 Ed Costello <epc@epcostello.com>
 Elango Sivanandam <elango.siva@docker.com>
 Eli Uriegas <eli.uriegas@docker.com>
@ -213,6 +234,7 @@ Felix Rabe <felix@rabe.io>
 Filip Jareš <filipjares@gmail.com>
 Flavio Crisciani <flavio.crisciani@docker.com>
 Florian Klein <florian.klein@free.fr>
+Forest Johnson <fjohnson@peoplenetonline.com>
 Foysal Iqbal <foysal.iqbal.fb@gmail.com>
 François Scala <francois.scala@swiss-as.com>
 Fred Lifton <fred.lifton@docker.com>
@ -229,6 +251,7 @@ George MacRorie <gmacr31@gmail.com>
 George Xie <georgexsh@gmail.com>
 Gianluca Borello <g.borello@gmail.com>
 Gildas Cuisinier <gildas.cuisinier@gcuisinier.net>
+Goksu Toprak <goksu.toprak@docker.com>
 Gou Rao <gou@portworx.com>
 Grant Reaber <grant.reaber@gmail.com>
 Greg Pflaum <gpflaum@users.noreply.github.com>
@ -243,6 +266,7 @@ Harald Albers <github@albersweb.de>
 Harold Cooper <hrldcpr@gmail.com>
 Harry Zhang <harryz@hyper.sh>
 He Simei <hesimei@zju.edu.cn>
+Hector S <hfsam88@gmail.com>
 Helen Xie <chenjg@harmonycloud.cn>
 Henning Sprang <henning.sprang@gmail.com>
 Henry N <henrynmail-github@yahoo.de>
@ -250,6 +274,7 @@ Hernan Garcia <hernandanielg@gmail.com>
 Hongbin Lu <hongbin034@gmail.com>
 Hu Keping <hukeping@huawei.com>
 Huayi Zhang <irachex@gmail.com>
+Hugo Gabriel Eyherabide <hugogabriel.eyherabide@gmail.com>
 huqun <huqun@zju.edu.cn>
 Huu Nguyen <huu@prismskylabs.com>
 Hyzhou Zhy <hyzhou.zhy@alibaba-inc.com>
@ -291,7 +316,7 @@ Jeremy Unruh <jeremybunruh@gmail.com>
 Jeremy Yallop <yallop@docker.com>
 Jeroen Franse <jeroenfranse@gmail.com>
 Jesse Adametz <jesseadametz@gmail.com>
-Jessica Frazelle <jessfraz@google.com>
+Jessica Frazelle <jess@oxide.computer>
 Jezeniel Zapanta <jpzapanta22@gmail.com>
 Jian Zhang <zhangjian.fnst@cn.fujitsu.com>
 Jie Luo <luo612@zju.edu.cn>
@ -300,7 +325,9 @@ Jim Galasyn <jim.galasyn@docker.com>
 Jimmy Leger <jimmy.leger@gmail.com>
 Jimmy Song <rootsongjc@gmail.com>
 jimmyxian <jimmyxian2004@yahoo.com.cn>
+Jintao Zhang <zhangjintao9020@gmail.com>
 Joao Fernandes <joao.fernandes@docker.com>
+Joe Abbey <joe.abbey@gmail.com>
 Joe Doliner <jdoliner@pachyderm.io>
 Joe Gordon <joe.gordon0@gmail.com>
 Joel Handwell <joelhandwell@gmail.com>
@ -310,7 +337,7 @@ Johan Euphrosine <proppy@google.com>
 Johannes 'fish' Ziemke <github@freigeist.org>
 John Feminella <jxf@jxf.me>
 John Harris <john@johnharris.io>
-John Howard (VM) <John.Howard@microsoft.com>
+John Howard <github@lowenna.com>
 John Laswell <john.n.laswell@gmail.com>
 John Maguire <jmaguire@duosecurity.com>
 John Mulhausen <john@docker.com>
@ -319,12 +346,15 @@ John Stephens <johnstep@docker.com>
 John Tims <john.k.tims@gmail.com>
 John V. Martinez <jvmatl@gmail.com>
 John Willis <john.willis@docker.com>
+Jon Johnson <jonjohnson@google.com>
+Jonatas Baldin <jonatas.baldin@gmail.com>
 Jonathan Boulle <jonathanboulle@gmail.com>
 Jonathan Lee <jonjohn1232009@gmail.com>
 Jonathan Lomas <jonathan@floatinglomas.ca>
 Jonathan McCrohan <jmccrohan@gmail.com>
 Jonh Wendell <jonh.wendell@redhat.com>
 Jordan Jennings <jjn2009@gmail.com>
+Jose J. Escobar <53836904+jescobar-docker@users.noreply.github.com>
 Joseph Kern <jkern@semafour.net>
 Josh Bodah <jb3689@yahoo.com>
 Josh Chorlton <jchorlton@gmail.com>
@ -348,6 +378,7 @@ Kara Alexandra <kalexandra@us.ibm.com>
 Kareem Khazem <karkhaz@karkhaz.com>
 Karthik Nayak <Karthik.188@gmail.com>
 Kat Samperi <kat.samperi@gmail.com>
+Kathryn Spiers <kathryn@spiers.me>
 Katie McLaughlin <katie@glasnt.com>
 Ke Xu <leonhartx.k@gmail.com>
 Kei Ohmura <ohmura.kei@gmail.com>
@ -361,6 +392,7 @@ Kevin Kern <kaiwentan@harmonycloud.cn>
 Kevin Kirsche <Kev.Kirsche+GitHub@gmail.com>
 Kevin Meredith <kevin.m.meredith@gmail.com>
 Kevin Richardson <kevin@kevinrichardson.co>
+Kevin Woblick <mail@kovah.de>
 khaled souf <khaled.souf@gmail.com>
 Kim Eik <kim@heldig.org>
 Kir Kolyshkin <kolyshkin@gmail.com>
@ -369,7 +401,6 @@ Krasi Georgiev <krasi@vip-consult.solutions>
 Kris-Mikael Krister <krismikael@protonmail.com>
 Kun Zhang <zkazure@gmail.com>
 Kunal Kushwaha <kushwaha_kunal_v7@lab.ntt.co.jp>
-Kyle Spiers <kyle@spiers.me>
 Lachlan Cooper <lachlancooper@gmail.com>
 Lai Jiangshan <jiangshanlai@gmail.com>
 Lars Kellogg-Stedman <lars@redhat.com>
@ -399,13 +430,16 @@ Luca Favatella <luca.favatella@erlang-solutions.com>
 Luca Marturana <lucamarturana@gmail.com>
 Lucas Chan <lucas-github@lucaschan.com>
 Luka Hartwig <mail@lukahartwig.de>
+Lukas Heeren <lukas-heeren@hotmail.com>
 Lukasz Zajaczkowski <Lukasz.Zajaczkowski@ts.fujitsu.com>
 Lydell Manganti <LydellManganti@users.noreply.github.com>
 Lénaïc Huard <lhuard@amadeus.com>
 Ma Shimiao <mashimiao.fnst@cn.fujitsu.com>
 Mabin <bin.ma@huawei.com>
+Maciej Kalisz <maciej.d.kalisz@gmail.com>
 Madhav Puri <madhav.puri@gmail.com>
 Madhu Venugopal <madhu@socketplane.io>
+Madhur Batra <madhurbatra097@gmail.com>
 Malte Janduda <mail@janduda.net>
 Manjunath A Kumatagi <mkumatag@in.ibm.com>
 Mansi Nahar <mmn4185@rit.edu>
@ -415,6 +449,7 @@ Marco Mariani <marco.mariani@alterway.fr>
 Marco Vedovati <mvedovati@suse.com>
 Marcus Martins <marcus@docker.com>
 Marianna Tessel <mtesselh@gmail.com>
+Marius Ileana <marius.ileana@gmail.com>
 Marius Sturm <marius@graylog.com>
 Mark Oates <fl0yd@me.com>
 Marsh Macy <marsma@microsoft.com>
@ -460,20 +495,24 @@ mikelinjie <294893458@qq.com>
 Mikhail Vasin <vasin@cloud-tv.ru>
 Milind Chawre <milindchawre@gmail.com>
 Mindaugas Rukas <momomg@gmail.com>
+Miroslav Gula <miroslav.gula@naytrolabs.com>
 Misty Stanley-Jones <misty@docker.com>
 Mohammad Banikazemi <mb@us.ibm.com>
 Mohammed Aaqib Ansari <maaquib@gmail.com>
 Mohini Anne Dsouza <mohini3917@gmail.com>
 Moorthy RS <rsmoorthy@gmail.com>
 Morgan Bauer <mbauer@us.ibm.com>
+Morten Hekkvang <morten.hekkvang@sbab.se>
 Moysés Borges <moysesb@gmail.com>
 Mrunal Patel <mrunalp@gmail.com>
 muicoder <muicoder@gmail.com>
 Muthukumar R <muthur@gmail.com>
 Máximo Cuadros <mcuadros@gmail.com>
+Mårten Cassel <marten.cassel@gmail.com>
 Nace Oroz <orkica@gmail.com>
 Nahum Shalman <nshalman@omniti.com>
 Nalin Dahyabhai <nalin@redhat.com>
+Nao YONASHIRO <owan.orisano@gmail.com>
 Nassim 'Nass' Eddequiouaq <eddequiouaq.nassim@gmail.com>
 Natalie Parker <nparker@omnifone.com>
 Nate Brennand <nate.brennand@clever.com>
@ -494,9 +533,11 @@ Nishant Totla <nishanttotla@gmail.com>
 NIWA Hideyuki <niwa.niwa@nifty.ne.jp>
 Noah Treuhaft <noah.treuhaft@docker.com>
 O.S. Tezer <ostezer@gmail.com>
+Odin Ugedal <odin@ugedal.com>
 ohmystack <jun.jiang02@ele.me>
 Olle Jonsson <olle.jonsson@gmail.com>
 Olli Janatuinen <olli.janatuinen@gmail.com>
+Oscar Wieman <oscrx@icloud.com>
 Otto Kekäläinen <otto@seravo.fi>
 Ovidio Mallo <ovidio.mallo@gmail.com>
 Pascal Borreli <pascal@borreli.com>
@ -506,6 +547,7 @@ Patrick Lang <plang@microsoft.com>
 Paul <paul9869@gmail.com>
 Paul Kehrer <paul.l.kehrer@gmail.com>
 Paul Lietar <paul@lietar.net>
+Paul Mulders <justinkb@gmail.com>
 Paul Weaver <pauweave@cisco.com>
 Pavel Pospisil <pospispa@gmail.com>
 Paweł Szczekutowicz <pszczekutowicz@gmail.com>
@ -532,6 +574,8 @@ Qiang Huang <h.huangqiang@huawei.com>
 Qinglan Peng <qinglanpeng@zju.edu.cn>
 qudongfang <qudongfang@gmail.com>
 Raghavendra K T <raghavendra.kt@linux.vnet.ibm.com>
+Rahul Zoldyck <rahulzoldyck@gmail.com>
+Ravi Shekhar Jethani <rsjethani@gmail.com>
 Ray Tsang <rayt@google.com>
 Reficul <xuzhenglun@gmail.com>
 Remy Suen <remy.suen@gmail.com>
@ -543,11 +587,13 @@ Richard Scothern <richard.scothern@gmail.com>
 Rick Wieman <git@rickw.nl>
 Ritesh H Shukla <sritesh@vmware.com>
 Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
+Rob Gulewich <rgulewich@netflix.com>
 Robert Wallis <smilingrob@gmail.com>
 Robin Naundorf <r.naundorf@fh-muenster.de>
 Robin Speekenbrink <robin@kingsquare.nl>
 Rodolfo Ortiz <rodolfo.ortiz@definityfirst.com>
 Rogelio Canedo <rcanedo@mappy.priv>
+Rohan Verma <hello@rohanverma.net>
 Roland Kammerer <roland.kammerer@linbit.com>
 Roman Dudin <katrmr@gmail.com>
 Rory Hunter <roryhunter2@gmail.com>
@ -563,10 +609,14 @@ Sainath Grandhi <sainath.grandhi@intel.com>
 Sakeven Jiang <jc5930@sina.cn>
 Sally O'Malley <somalley@redhat.com>
 Sam Neirinck <sam@samneirinck.com>
+Samarth Shah <samashah@microsoft.com>
 Sambuddha Basu <sambuddhabasu1@gmail.com>
 Sami Tabet <salph.tabet@gmail.com>
+Samuel Cochran <sj26@sj26.com>
 Samuel Karp <skarp@amazon.com>
 Santhosh Manohar <santhosh@docker.com>
+Sargun Dhillon <sargun@netflix.com>
+Saswat Bhattacharya <sas.saswat@gmail.com>
 Scott Brenner <scott@scottbrenner.me>
 Scott Collier <emailscottcollier@gmail.com>
 Sean Christopherson <sean.j.christopherson@intel.com>
@ -587,6 +637,7 @@ sidharthamani <sid@rancher.com>
 Silvin Lubecki <silvin.lubecki@docker.com>
 Simei He <hesimei@zju.edu.cn>
 Simon Ferquel <simon.ferquel@docker.com>
+Simon Heimberg <simon.heimberg@heimberg-ea.ch>
 Sindhu S <sindhus@live.in>
 Slava Semushin <semushin@redhat.com>
 Solomon Hykes <solomon@docker.com>
@ -595,7 +646,7 @@ Spencer Brown <spencer@spencerbrown.org>
 squeegels <1674195+squeegels@users.noreply.github.com>
 Srini Brahmaroutu <srbrahma@us.ibm.com>
 Stefan S. <tronicum@user.github.com>
-Stefan Scherer <scherer_stefan@icloud.com>
+Stefan Scherer <stefan.scherer@docker.com>
 Stefan Weil <sw@weilnetz.de>
 Stephane Jeandeaux <stephane.jeandeaux@gmail.com>
 Stephen Day <stevvooe@gmail.com>
@ -605,7 +656,9 @@ Steve Richards <steve.richards@docker.com>
 Steven Burgess <steven.a.burgess@hotmail.com>
 Subhajit Ghosh <isubuz.g@gmail.com>
 Sun Jianbo <wonderflow.sun@gmail.com>
+Sune Keller <absukl@almbrand.dk>
 Sungwon Han <sungwon.han@navercorp.com>
+Sunny Gogoi <indiasuny000@gmail.com>
 Sven Dowideit <SvenDowideit@home.org.au>
 Sylvain Baubeau <sbaubeau@redhat.com>
 Sébastien HOUZÉ <cto@verylastroom.com>
@ -614,7 +667,10 @@ TAGOMORI Satoshi <tagomoris@gmail.com>
 taiji-tech <csuhqg@foxmail.com>
 Taylor Jones <monitorjbl@gmail.com>
 Tejaswini Duggaraju <naduggar@microsoft.com>
+Tengfei Wang <tfwang@alauda.io>
+Teppei Fukuda <knqyf263@gmail.com>
 Thatcher Peskens <thatcher@docker.com>
+Thibault Coupin <thibault.coupin@gmail.com>
 Thomas Gazagnaire <thomas@gazagnaire.org>
 Thomas Krzero <thomas.kovatchitch@gmail.com>
 Thomas Leonard <thomas.leonard@docker.com>
@ -626,6 +682,7 @@ Tianyi Wang <capkurmagati@gmail.com>
 Tibor Vass <teabee89@gmail.com>
 Tim Dettrick <t.dettrick@uq.edu.au>
 Tim Hockin <thockin@google.com>
+Tim Sampson <tim@sampson.fi>
 Tim Smith <timbot@google.com>
 Tim Waugh <twaugh@redhat.com>
 Tim Wraight <tim.wraight@tangentlabs.co.uk>
@ -650,9 +707,11 @@ Tristan Carel <tristan@cogniteev.com>
 Tycho Andersen <tycho@docker.com>
 Tycho Andersen <tycho@tycho.ws>
 uhayate <uhayate.gong@daocloud.io>
+Ulrich Bareth <ulrich.bareth@gmail.com>
 Ulysses Souza <ulysses.souza@docker.com>
 Umesh Yadav <umesh4257@gmail.com>
 Valentin Lorentz <progval+git@progval.net>
+Venkateswara Reddy Bukkasamudram <bukkasamudram@outlook.com>
 Veres Lajos <vlajos@gmail.com>
 Victor Vieux <victor.vieux@docker.com>
 Victoria Bialas <victoria.bialas@docker.com>
@ -670,6 +729,7 @@ Wang Long <long.wanglong@huawei.com>
 Wang Ping <present.wp@icloud.com>
 Wang Xing <hzwangxing@corp.netease.com>
 Wang Yuexiao <wang.yuexiao@zte.com.cn>
+Wang Yumu <37442693@qq.com>
 Wataru Ishida <ishida.wataru@lab.ntt.co.jp>
 Wayne Song <wsong@docker.com>
 Wen Cheng Ma <wenchma@cn.ibm.com>
@ -678,6 +738,7 @@ Wes Morgan <cap10morgan@gmail.com>
 Wewang Xiaorenfine <wang.xiaoren@zte.com.cn>
 William Henry <whenry@redhat.com>
 Xianglin Gao <xlgao@zju.edu.cn>
+Xiaodong Liu <liuxiaodong@loongson.cn>
 Xiaodong Zhang <a4012017@sina.com>
 Xiaoxi He <xxhe@alauda.io>
 Xinbo Weng <xihuanbo_0521@zju.edu.cn>
@ -694,6 +755,7 @@ Yuan Sun <sunyuan3@huawei.com>
 Yue Zhang <zy675793960@yeah.net>
 Yunxiang Huang <hyxqshk@vip.qq.com>
 Zachary Romero <zacromero3@gmail.com>
+Zander Mackie <zmackie@gmail.com>
 zebrilee <zebrilee@gmail.com>
 Zhang Kun <zkazure@gmail.com>
 Zhang Wei <zhangwei555@huawei.com>
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@ -88,7 +88,7 @@ use for simple changes](https://docs.docker.com/opensource/workflow/make-a-contr
  <tr>
    <td>Community Slack</td>
    <td>
-      The Docker Community has a dedicated Slack chat to discuss features and issues.  You can sign-up <a href="https://community.docker.com/registrations/groups/4316" target="_blank">with this link</a>.
+      The Docker Community has a dedicated Slack chat to discuss features and issues.  You can sign-up <a href="https://dockr.ly/slack" target="_blank">with this link</a>.
    </td>
  </tr>
  <tr>
@ -362,4 +362,4 @@ The rules:
 If you are having trouble getting into the mood of idiomatic Go, we recommend
 reading through [Effective Go](https://golang.org/doc/effective_go.html). The
 [Go Blog](https://blog.golang.org) is also a great resource. Drinking the
-kool-aid is a lot easier than going thirsty.
+kool-aid is a lot easier than going thirsty.
--- a/51
+++ b/51
@ -0,0 +1,51 @@
+# syntax=docker/dockerfile:1
+
+ARG BASE_VARIANT=alpine
+ARG GO_VERSION=1.18.7
+ARG XX_VERSION=1.1.0
+
+FROM --platform=$BUILDPLATFORM tonistiigi/xx:${XX_VERSION} AS xx
+
+FROM --platform=$BUILDPLATFORM golang:${GO_VERSION}-${BASE_VARIANT} AS build-base-alpine
+COPY --from=xx / /
+RUN apk add --no-cache clang lld llvm file git
+WORKDIR /go/src/github.com/docker/cli
+
+FROM build-base-alpine AS build-alpine
+ARG TARGETPLATFORM
+# gcc is installed for libgcc only
+RUN xx-apk add --no-cache musl-dev gcc
+
+FROM --platform=$BUILDPLATFORM golang:${GO_VERSION}-buster AS build-base-buster
+COPY --from=xx / /
+RUN apt-get update && apt-get install --no-install-recommends -y clang lld file
+WORKDIR /go/src/github.com/docker/cli
+
+FROM build-base-buster AS build-buster
+ARG TARGETPLATFORM
+RUN xx-apt install --no-install-recommends -y libc6-dev libgcc-8-dev
+
+FROM build-${BASE_VARIANT} AS build
+# GO_LINKMODE defines if static or dynamic binary should be produced
+ARG GO_LINKMODE=static
+# GO_BUILDTAGS defines additional build tags
+ARG GO_BUILDTAGS
+# GO_STRIP strips debugging symbols if set
+ARG GO_STRIP
+# CGO_ENABLED manually sets if cgo is used
+ARG CGO_ENABLED
+# VERSION sets the version for the produced binary
+ARG VERSION
+RUN --mount=ro --mount=type=cache,target=/root/.cache \
+    --mount=from=dockercore/golang-cross:xx-sdk-extras,target=/xx-sdk,src=/xx-sdk \
+    --mount=type=tmpfs,target=cli/winresources \
+    xx-go --wrap && \
+    # export GOCACHE=$(go env GOCACHE)/$(xx-info)$([ -f /etc/alpine-release ] && echo "alpine") && \
+    TARGET=/out ./scripts/build/binary && \
+    xx-verify $([ "$GO_LINKMODE" = "static" ] && echo "--static") /out/docker
+
+FROM build-base-${BASE_VARIANT} AS dev
+COPY . .
+
+FROM scratch AS binary
+COPY --from=build /out .
--- a/55
+++ b/55
@ -1,12 +1,47 @@
-wrappedNode(label: 'linux && x86_64', cleanWorkspace: true) {
-  timeout(time: 60, unit: 'MINUTES') {
-    stage "Git Checkout"
-    checkout scm
+pipeline {
+    agent {
+        label "amd64 && ubuntu-1804 && overlay2"
+    }

-    stage "Run end-to-end test suite"
-    sh "docker version"
-    sh "E2E_UNIQUE_ID=clie2e${BUILD_NUMBER} \
-        IMAGE_TAG=clie2e${BUILD_NUMBER} \
-        make -f docker.Makefile test-e2e"
-  }
+    options {
+        timeout(time: 60, unit: 'MINUTES')
+    }
+
+    stages {
+        stage("Docker info") {
+            steps {
+                sh "docker version"
+                sh "docker info"
+            }
+        }
+        stage("e2e (non-experimental) - stable engine") {
+            steps {
+                sh "E2E_UNIQUE_ID=clie2e${BUILD_NUMBER} \
+                    IMAGE_TAG=clie2e${BUILD_NUMBER} \
+                    make -f docker.Makefile test-e2e-non-experimental"
+            }
+        }
+        stage("e2e (non-experimental) - 19.03 engine") {
+            steps {
+                sh "E2E_ENGINE_VERSION=19.03-dind \
+                  E2E_UNIQUE_ID=clie2e${BUILD_NUMBER} \
+                  IMAGE_TAG=clie2e${BUILD_NUMBER} \
+                  make -f docker.Makefile test-e2e-non-experimental"
+            }
+        }
+        stage("e2e (experimental)") {
+            steps {
+                sh "E2E_UNIQUE_ID=clie2e${BUILD_NUMBER} \
+                    IMAGE_TAG=clie2e${BUILD_NUMBER} \
+                    make -f docker.Makefile test-e2e-experimental"
+            }
+        }
+        stage("e2e (ssh connhelper)") {
+            steps {
+                sh "E2E_UNIQUE_ID=clie2e${BUILD_NUMBER} \
+                    IMAGE_TAG=clie2e${BUILD_NUMBER} \
+                    make -f docker.Makefile test-e2e-connhelper-ssh"
+            }
+        }
+    }
 }
--- a/36
+++ b/36
@ -22,11 +22,8 @@
 	# subsystem maintainers accountable. If ownership is unclear, they are the de facto owners.

 		people = [
-			"aaronlehmann",
 			"albers",
 			"cpuguy83",
-			"dnephin",
-			"justincormack",
 			"silvin-lubecki",
 			"stevvooe",
 			"thajeztah",
@ -36,14 +33,6 @@
 			"vieux",
 		]

-	[Org."Docs maintainers"]
-
-	# TODO Describe the docs maintainers role.
-
-		people = [
-			"thajeztah"
-		]
-
 	[Org.Curators]

 	# The curators help ensure that incoming issues and pull requests are properly triaged and
@ -61,6 +50,21 @@
 			"thajeztah"
 		]

+	[Org.Alumni]
+
+	# This list contains maintainers that are no longer active on the project.
+	# It is thanks to these people that the project has become what it is today.
+	# Thank you!
+
+		people = [
+			# Before becoming a maintainer, Daniel Nephin was a core contributor
+ 			# to "Fig" (now known as Docker Compose). As a maintainer for both the
+ 			# Engine and Docker CLI, Daniel contributed many features, among which
+ 			# the `docker stack` commands, allowing users to deploy their Docker
+ 			# Compose projects as a Swarm service.
+ 			"dnephin",
+		]
+
 [people]

 # A reference list of all people associated with the project.
@ -69,11 +73,6 @@

 	# ADD YOURSELF HERE IN ALPHABETICAL ORDER

-	[people.aaronlehmann]
-	Name = "Aaron Lehmann"
-	Email = "aaron.lehmann@docker.com"
-	GitHub = "aaronlehmann"
-
 	[people.albers]
 	Name = "Harald Albers"
 	Email = "github@albersweb.de"
@ -89,11 +88,6 @@
 	Email = "dnephin@gmail.com"
 	GitHub = "dnephin"

-	[people.justincormack]
-	Name = "Justin Cormack"
-	Email = "justin.cormack@docker.com"
-	GitHub = "justincormack"
-
 	[people.programmerq]
 	Name = "Jeff Anderson"
 	Email = "jeff@docker.com"
--- a/22
+++ b/22
@ -30,8 +30,7 @@ lint: ## run all the lint tools
 	gometalinter --config gometalinter.json ./...

 .PHONY: binary
-binary: ## build executable for Linux
-	@echo "WARNING: binary creates a Linux executable. Use cross for macOS or Windows."
+binary:
 	./scripts/build/binary

 .PHONY: plugins
@ -39,33 +38,26 @@ plugins: ## build example CLI plugins
 	./scripts/build/plugins

 .PHONY: cross
-cross: ## build executable for macOS and Windows
-	./scripts/build/cross
-
-.PHONY: binary-windows
-binary-windows: ## build executable for Windows
-	./scripts/build/windows
+cross:
+	./scripts/build/binary

 .PHONY: plugins-windows
 plugins-windows: ## build example CLI plugins for Windows
 	./scripts/build/plugins-windows

-.PHONY: binary-osx
-binary-osx: ## build executable for macOS
-	./scripts/build/osx
-
 .PHONY: plugins-osx
 plugins-osx: ## build example CLI plugins for macOS
 	./scripts/build/plugins-osx

 .PHONY: dynbinary
 dynbinary: ## build dynamically linked binary
-	./scripts/build/dynbinary
+	GO_LINKMODE=dynamic ./scripts/build/binary

 vendor: vendor.conf ## check that vendor matches vendor.conf
 	rm -rf vendor
-	bash -c 'vndr |& grep -v -i clone'
+	bash -c 'vndr |& grep -v -i clone | tee ./vndr.log'
 	scripts/validate/check-git-diff vendor
+	scripts/validate/check-all-packages-vendored

 .PHONY: authors
 authors: ## generate AUTHORS file from git history
@ -91,7 +83,7 @@ help: ## print this help
 cli/compose/schema/bindata.go: cli/compose/schema/data/*.json
 	go generate github.com/docker/cli/cli/compose/schema

-compose-jsonschema: cli/compose/schema/bindata.go
+compose-jsonschema: cli/compose/schema/bindata.go ## generate compose-file schemas
 	scripts/validate/check-git-diff cli/compose/schema/bindata.go

 .PHONY: ci-validate
--- a/2
+++ b/2
@ -3,7 +3,7 @@ Copyright 2012-2017 Docker, Inc.

 This product includes software developed at Docker, Inc. (https://www.docker.com).

-This product contains software (https://github.com/kr/pty) developed
+This product contains software (https://github.com/creack/pty) developed
 by Keith Rarick, licensed under the MIT License.

 The following is courtesy of our legal counsel:
--- a/README.md
+++ b/README.md
@ -1,4 +1,5 @@
-[![build status](https://circleci.com/gh/docker/cli.svg?style=shield)](https://circleci.com/gh/docker/cli/tree/master) [![Build Status](https://jenkins.dockerproject.org/job/docker/job/cli/job/master/badge/icon)](https://jenkins.dockerproject.org/job/docker/job/cli/job/master/)
+[![build status](https://circleci.com/gh/docker/cli.svg?style=shield)](https://circleci.com/gh/docker/cli/tree/master)
+[![Build Status](https://ci.docker.com/public/job/cli/job/master/badge/icon)](https://ci.docker.com/public/job/cli/job/master)

 docker/cli
 ==========
@ -11,18 +12,31 @@ Development

 `docker/cli` is developed using Docker.

-Build a linux binary:
+Build CLI from source:

 ```
-$ make -f docker.Makefile binary
+$ docker buildx bake
 ```

 Build binaries for all supported platforms:

 ```
-$ make -f docker.Makefile cross
+$ docker buildx bake cross
 ```

+Build for a specific platform:
+
+```
+$ docker buildx bake --set binary.platform=linux/arm64 
+```
+
+Build dynamic binary for glibc or musl:
+
+```
+$ USE_GLIBC=1 docker buildx bake dynbinary 
+```
+
+
 Run all linting:

 ```
@ -43,12 +57,6 @@ Start an interactive development environment:
 $ make -f docker.Makefile shell
 ```

-In the development environment you can run many tasks, including build binaries:
-
-```
-$ make binary
-```
-
 Legal
 =====
 *Brought to you courtesy of our legal counsel. For more context,
--- a/2
+++ b/2
@ -1 +1 @@
-19.03.0-dev
+20.10.0-dev
--- a/appveyor.yml
+++ b/appveyor.yml
@ -4,7 +4,7 @@ clone_folder: c:\gopath\src\github.com\docker\cli

 environment:
  GOPATH: c:\gopath
-  GOVERSION: 1.12.4
+  GOVERSION: 1.18.7
  DEPVERSION: v0.4.1

 install:
--- a/circle.yml
+++ b/circle.yml
@ -1,121 +0,0 @@
-version: 2
-
-jobs:
-
-  lint:
-    working_directory: /work
-    docker: [{image: 'docker:18.03-git'}]
-    steps:
-      - checkout
-      - setup_remote_docker:
-            version: 18.03.1-ce
-            reusable: true
-            exclusive: false
-      - run:
-          command: docker version
-      - run:
-          name: "Lint"
-          command: |
-            docker build -f dockerfiles/Dockerfile.lint --tag cli-linter:$CIRCLE_BUILD_NUM .
-            docker run --rm cli-linter:$CIRCLE_BUILD_NUM
-
-  cross:
-    working_directory: /work
-    docker: [{image: 'docker:18.03-git'}]
-    parallelism: 3
-    steps:
-      - checkout
-      - setup_remote_docker:
-            version: 18.03.1-ce
-            reusable: true
-            exclusive: false
-      - run:
-          name: "Cross"
-          command: |
-            docker build -f dockerfiles/Dockerfile.cross --tag cli-builder:$CIRCLE_BUILD_NUM .
-            name=cross-$CIRCLE_BUILD_NUM-$CIRCLE_NODE_INDEX
-            docker run \
-                -e CROSS_GROUP=$CIRCLE_NODE_INDEX \
-                --name $name cli-builder:$CIRCLE_BUILD_NUM \
-                make cross
-            docker cp \
-                $name:/go/src/github.com/docker/cli/build \
-                /work/build
-      - store_artifacts:
-          path: /work/build
-
-  test:
-    working_directory: /work
-    docker: [{image: 'docker:18.03-git'}]
-    steps:
-      - checkout
-      - setup_remote_docker:
-            version: 18.03.1-ce
-            reusable: true
-            exclusive: false
-      - run:
-          name: "Unit Test with Coverage"
-          command: |
-            mkdir -p test-results/unit-tests
-            docker build -f dockerfiles/Dockerfile.dev --tag cli-builder:$CIRCLE_BUILD_NUM .
-            docker run \
-                -e GOTESTSUM_JUNITFILE=/tmp/junit.xml \
-                --name \
-                test-$CIRCLE_BUILD_NUM cli-builder:$CIRCLE_BUILD_NUM \
-                make test-coverage
-            docker cp \
-                test-$CIRCLE_BUILD_NUM:/tmp/junit.xml \
-                ./test-results/unit-tests/junit.xml
-      - run:
-          name: "Upload to Codecov"
-          command: |
-            docker cp \
-                test-$CIRCLE_BUILD_NUM:/go/src/github.com/docker/cli/coverage.txt \
-                coverage.txt
-            apk add -U bash curl
-            curl -s https://codecov.io/bash | bash || \
-                echo 'Codecov failed to upload'
-      - store_test_results:
-          path:  test-results
-
-  validate:
-    working_directory: /work
-    docker: [{image: 'docker:18.03-git'}]
-    steps:
-      - checkout
-      - setup_remote_docker:
-            version: 18.03.1-ce
-            reusable: true
-            exclusive: false
-      - run:
-          name: "Validate Vendor, Docs, and Code Generation"
-          command: |
-            rm -f .dockerignore # include .git
-            docker build -f dockerfiles/Dockerfile.dev --tag cli-builder-with-git:$CIRCLE_BUILD_NUM .
-            docker run --rm cli-builder-with-git:$CIRCLE_BUILD_NUM \
-                make ci-validate
-          no_output_timeout: 15m
-  shellcheck:
-    working_directory: /work
-    docker: [{image: 'docker:18.03-git'}]
-    steps:
-      - checkout
-      - setup_remote_docker:
-            version: 18.03.1-ce
-            reusable: true
-            exclusive: false
-      - run:
-          name: "Run shellcheck"
-          command: |
-            docker build -f dockerfiles/Dockerfile.shellcheck --tag cli-validator:$CIRCLE_BUILD_NUM .
-            docker run --rm cli-validator:$CIRCLE_BUILD_NUM \
-                make shellcheck
-workflows:
-  version: 2
-  ci:
-    jobs:
-      - lint
-      - cross
-      - test
-      - validate
-      - shellcheck
--- a/cli-plugins/manager/candidate.go
+++ b/cli-plugins/manager/candidate.go
@ -1,7 +1,7 @@
 package manager

 import (
-	"os/exec"
+	exec "golang.org/x/sys/execabs"
 )

 // Candidate represents a possible plugin candidate, for mocking purposes
--- a/cli-plugins/manager/candidate_test.go
+++ b/cli-plugins/manager/candidate_test.go
@ -7,8 +7,8 @@ import (
 	"testing"

 	"github.com/spf13/cobra"
-	"gotest.tools/assert"
-	"gotest.tools/assert/cmp"
+	"gotest.tools/v3/assert"
+	"gotest.tools/v3/assert/cmp"
 )

 type fakeCandidate struct {
@ -29,15 +29,16 @@ func (c *fakeCandidate) Metadata() ([]byte, error) {
 }

 func TestValidateCandidate(t *testing.T) {
-	var (
+	const (
 		goodPluginName = NamePrefix + "goodplugin"

 		builtinName  = NamePrefix + "builtin"
 		builtinAlias = NamePrefix + "alias"

-		badPrefixPath  = "/usr/local/libexec/cli-plugins/wobble"
-		badNamePath    = "/usr/local/libexec/cli-plugins/docker-123456"
-		goodPluginPath = "/usr/local/libexec/cli-plugins/" + goodPluginName
+		badPrefixPath    = "/usr/local/libexec/cli-plugins/wobble"
+		badNamePath      = "/usr/local/libexec/cli-plugins/docker-123456"
+		goodPluginPath   = "/usr/local/libexec/cli-plugins/" + goodPluginName
+		metaExperimental = `{"SchemaVersion": "0.1.0", "Vendor": "e2e-testing", "Experimental": true}`
 	)

 	fakeroot := &cobra.Command{Use: "docker"}
@ -49,40 +50,44 @@ func TestValidateCandidate(t *testing.T) {
 	})

 	for _, tc := range []struct {
-		c *fakeCandidate
+		name string
+		c    *fakeCandidate

 		// Either err or invalid may be non-empty, but not both (both can be empty for a good plugin).
 		err     string
 		invalid string
 	}{
 		/* Each failing one of the tests */
-		{c: &fakeCandidate{path: ""}, err: "plugin candidate path cannot be empty"},
-		{c: &fakeCandidate{path: badPrefixPath}, err: fmt.Sprintf("does not have %q prefix", NamePrefix)},
-		{c: &fakeCandidate{path: badNamePath}, invalid: "did not match"},
-		{c: &fakeCandidate{path: builtinName}, invalid: `plugin "builtin" duplicates builtin command`},
-		{c: &fakeCandidate{path: builtinAlias}, invalid: `plugin "alias" duplicates an alias of builtin command "builtin"`},
-		{c: &fakeCandidate{path: goodPluginPath, exec: false}, invalid: fmt.Sprintf("failed to fetch metadata: faked a failure to exec %q", goodPluginPath)},
-		{c: &fakeCandidate{path: goodPluginPath, exec: true, meta: `xyzzy`}, invalid: "invalid character"},
-		{c: &fakeCandidate{path: goodPluginPath, exec: true, meta: `{}`}, invalid: `plugin SchemaVersion "" is not valid`},
-		{c: &fakeCandidate{path: goodPluginPath, exec: true, meta: `{"SchemaVersion": "xyzzy"}`}, invalid: `plugin SchemaVersion "xyzzy" is not valid`},
-		{c: &fakeCandidate{path: goodPluginPath, exec: true, meta: `{"SchemaVersion": "0.1.0"}`}, invalid: "plugin metadata does not define a vendor"},
-		{c: &fakeCandidate{path: goodPluginPath, exec: true, meta: `{"SchemaVersion": "0.1.0", "Vendor": ""}`}, invalid: "plugin metadata does not define a vendor"},
+		{name: "empty path", c: &fakeCandidate{path: ""}, err: "plugin candidate path cannot be empty"},
+		{name: "bad prefix", c: &fakeCandidate{path: badPrefixPath}, err: fmt.Sprintf("does not have %q prefix", NamePrefix)},
+		{name: "bad path", c: &fakeCandidate{path: badNamePath}, invalid: "did not match"},
+		{name: "builtin command", c: &fakeCandidate{path: builtinName}, invalid: `plugin "builtin" duplicates builtin command`},
+		{name: "builtin alias", c: &fakeCandidate{path: builtinAlias}, invalid: `plugin "alias" duplicates an alias of builtin command "builtin"`},
+		{name: "fetch failure", c: &fakeCandidate{path: goodPluginPath, exec: false}, invalid: fmt.Sprintf("failed to fetch metadata: faked a failure to exec %q", goodPluginPath)},
+		{name: "metadata not json", c: &fakeCandidate{path: goodPluginPath, exec: true, meta: `xyzzy`}, invalid: "invalid character"},
+		{name: "empty schemaversion", c: &fakeCandidate{path: goodPluginPath, exec: true, meta: `{}`}, invalid: `plugin SchemaVersion "" is not valid`},
+		{name: "invalid schemaversion", c: &fakeCandidate{path: goodPluginPath, exec: true, meta: `{"SchemaVersion": "xyzzy"}`}, invalid: `plugin SchemaVersion "xyzzy" is not valid`},
+		{name: "no vendor", c: &fakeCandidate{path: goodPluginPath, exec: true, meta: `{"SchemaVersion": "0.1.0"}`}, invalid: "plugin metadata does not define a vendor"},
+		{name: "empty vendor", c: &fakeCandidate{path: goodPluginPath, exec: true, meta: `{"SchemaVersion": "0.1.0", "Vendor": ""}`}, invalid: "plugin metadata does not define a vendor"},
 		// This one should work
-		{c: &fakeCandidate{path: goodPluginPath, exec: true, meta: `{"SchemaVersion": "0.1.0", "Vendor": "e2e-testing"}`}},
+		{name: "valid", c: &fakeCandidate{path: goodPluginPath, exec: true, meta: `{"SchemaVersion": "0.1.0", "Vendor": "e2e-testing"}`}},
+		{name: "experimental + allowing experimental", c: &fakeCandidate{path: goodPluginPath, exec: true, meta: metaExperimental}},
 	} {
-		p, err := newPlugin(tc.c, fakeroot)
-		if tc.err != "" {
-			assert.ErrorContains(t, err, tc.err)
-		} else if tc.invalid != "" {
-			assert.NilError(t, err)
-			assert.Assert(t, cmp.ErrorType(p.Err, reflect.TypeOf(&pluginError{})))
-			assert.ErrorContains(t, p.Err, tc.invalid)
-		} else {
-			assert.NilError(t, err)
-			assert.Equal(t, NamePrefix+p.Name, goodPluginName)
-			assert.Equal(t, p.SchemaVersion, "0.1.0")
-			assert.Equal(t, p.Vendor, "e2e-testing")
-		}
+		t.Run(tc.name, func(t *testing.T) {
+			p, err := newPlugin(tc.c, fakeroot)
+			if tc.err != "" {
+				assert.ErrorContains(t, err, tc.err)
+			} else if tc.invalid != "" {
+				assert.NilError(t, err)
+				assert.Assert(t, cmp.ErrorType(p.Err, reflect.TypeOf(&pluginError{})))
+				assert.ErrorContains(t, p.Err, tc.invalid)
+			} else {
+				assert.NilError(t, err)
+				assert.Equal(t, NamePrefix+p.Name, goodPluginName)
+				assert.Equal(t, p.SchemaVersion, "0.1.0")
+				assert.Equal(t, p.Vendor, "e2e-testing")
+			}
+		})
 	}
 }

--- a/cli-plugins/manager/error.go
+++ b/cli-plugins/manager/error.go
@ -25,6 +25,11 @@ func (e *pluginError) Cause() error {
 	return e.cause
 }

+// Unwrap provides compatibility for Go 1.13 error chains.
+func (e *pluginError) Unwrap() error {
+	return e.cause
+}
+
 // MarshalText marshalls the pluginError into a textual form.
 func (e *pluginError) MarshalText() (text []byte, err error) {
 	return []byte(e.cause.Error()), nil
--- a/cli-plugins/manager/error_test.go
+++ b/cli-plugins/manager/error_test.go
@ -6,7 +6,7 @@ import (

 	"github.com/pkg/errors"
 	"gopkg.in/yaml.v2"
-	"gotest.tools/assert"
+	"gotest.tools/v3/assert"
 )

 func TestPluginError(t *testing.T) {
@ -16,7 +16,7 @@ func TestPluginError(t *testing.T) {
 	inner := fmt.Errorf("testing")
 	err = wrapAsPluginError(inner, "wrapping")
 	assert.Error(t, err, "wrapping: testing")
-	assert.Equal(t, inner, errors.Cause(err))
+	assert.Assert(t, errors.Is(err, inner))

 	actual, err := yaml.Marshal(err)
 	assert.NilError(t, err)
--- a/cli-plugins/manager/manager.go
+++ b/cli-plugins/manager/manager.go
@ -3,13 +3,15 @@ package manager
 import (
 	"io/ioutil"
 	"os"
-	"os/exec"
 	"path/filepath"
+	"sort"
 	"strings"

 	"github.com/docker/cli/cli/command"
 	"github.com/docker/cli/cli/config"
+	"github.com/fvbommel/sortorder"
 	"github.com/spf13/cobra"
+	exec "golang.org/x/sys/execabs"
 )

 // ReexecEnvvar is the name of an ennvar which is set to the command
@ -31,6 +33,9 @@ type notFound interface{ NotFound() }

 // IsNotFound is true if the given error is due to a plugin not being found.
 func IsNotFound(err error) bool {
+	if e, ok := err.(*pluginError); ok {
+		err = e.Cause()
+	}
 	_, ok := err.(notFound)
 	return ok
 }
@ -121,10 +126,16 @@ func ListPlugins(dockerCli command.Cli, rootcmd *cobra.Command) ([]Plugin, error
 		if err != nil {
 			return nil, err
 		}
-		p.ShadowedPaths = paths[1:]
-		plugins = append(plugins, p)
+		if !IsNotFound(p.Err) {
+			p.ShadowedPaths = paths[1:]
+			plugins = append(plugins, p)
+		}
 	}

+	sort.Slice(plugins, func(i, j int) bool {
+		return sortorder.NaturalLess(plugins[i].Name, plugins[j].Name)
+	})
+
 	return plugins, nil
 }

--- a/cli-plugins/manager/manager_test.go
+++ b/cli-plugins/manager/manager_test.go
@ -7,8 +7,9 @@ import (
 	"github.com/docker/cli/cli/config"
 	"github.com/docker/cli/cli/config/configfile"
 	"github.com/docker/cli/internal/test"
-	"gotest.tools/assert"
-	"gotest.tools/fs"
+	"github.com/spf13/cobra"
+	"gotest.tools/v3/assert"
+	"gotest.tools/v3/fs"
 )

 func TestListPluginCandidates(t *testing.T) {
@ -81,6 +82,34 @@ func TestListPluginCandidates(t *testing.T) {
 	assert.DeepEqual(t, candidates, exp)
 }

+func TestListPluginsIsSorted(t *testing.T) {
+	dir := fs.NewDir(t, t.Name(),
+		fs.WithFile("docker-bbb", `
+#!/bin/sh
+echo '{"SchemaVersion":"0.1.0"}'`, fs.WithMode(0777)),
+		fs.WithFile("docker-aaa", `
+#!/bin/sh
+echo '{"SchemaVersion":"0.1.0"}'`, fs.WithMode(0777)),
+	)
+	defer dir.Remove()
+
+	cli := test.NewFakeCli(nil)
+	cli.SetConfigFile(&configfile.ConfigFile{CLIPluginsExtraDirs: []string{dir.Path()}})
+
+	plugins, err := ListPlugins(cli, &cobra.Command{})
+	assert.NilError(t, err)
+
+	// We're only interested in the plugins we created for testing this, and only
+	// if they appear in the expected order
+	var names []string
+	for _, p := range plugins {
+		if p.Name == "aaa" || p.Name == "bbb" {
+			names = append(names, p.Name)
+		}
+	}
+	assert.DeepEqual(t, names, []string{"aaa", "bbb"})
+}
+
 func TestErrPluginNotFound(t *testing.T) {
 	var err error = errPluginNotFound("test")
 	err.(errPluginNotFound).NotFound()
--- a/cli-plugins/manager/manager_unix.go
+++ b/cli-plugins/manager/manager_unix.go
@ -1,3 +1,4 @@
+//go:build !windows
 // +build !windows

 package manager
--- a/cli-plugins/manager/metadata.go
+++ b/cli-plugins/manager/metadata.go
@ -10,7 +10,7 @@ const (
 	MetadataSubcommandName = "docker-cli-plugin-metadata"
 )

-// Metadata provided by the plugin. See docs/extend/cli_plugins.md for canonical information.
+// Metadata provided by the plugin.
 type Metadata struct {
 	// SchemaVersion describes the version of this struct. Mandatory, must be "0.1.0"
 	SchemaVersion string `json:",omitempty"`
@ -22,4 +22,7 @@ type Metadata struct {
 	ShortDescription string `json:",omitempty"`
 	// URL is a pointer to the plugin's homepage.
 	URL string `json:",omitempty"`
+	// Experimental specifies whether the plugin is experimental.
+	// Deprecated: experimental features are now always enabled in the CLI
+	Experimental bool `json:",omitempty"`
 }
--- a/cli-plugins/manager/plugin.go
+++ b/cli-plugins/manager/plugin.go
@ -33,6 +33,8 @@ type Plugin struct {
 // is set, and is always a `pluginError`, but the `Plugin` is still
 // returned with no error. An error is only returned due to a
 // non-recoverable error.
+//
+// nolint: gocyclo
 func newPlugin(c Candidate, rootcmd *cobra.Command) (Plugin, error) {
 	path := c.Path()
 	if path == "" {
@ -94,7 +96,6 @@ func newPlugin(c Candidate, rootcmd *cobra.Command) (Plugin, error) {
 		p.Err = wrapAsPluginError(err, "invalid metadata")
 		return p, nil
 	}
-
 	if p.Metadata.SchemaVersion != "0.1.0" {
 		p.Err = NewPluginError("plugin SchemaVersion %q is not valid, must be 0.1.0", p.Metadata.SchemaVersion)
 		return p, nil
--- a/cli-plugins/manager/suffix_unix.go
+++ b/cli-plugins/manager/suffix_unix.go
@ -1,3 +1,4 @@
+//go:build !windows
 // +build !windows

 package manager
--- a/cli-plugins/plugin/plugin.go
+++ b/cli-plugins/plugin/plugin.go
@ -24,7 +24,8 @@ import (
 // called.
 var PersistentPreRunE func(*cobra.Command, []string) error

-func runPlugin(dockerCli *command.DockerCli, plugin *cobra.Command, meta manager.Metadata) error {
+// RunPlugin executes the specified plugin command
+func RunPlugin(dockerCli *command.DockerCli, plugin *cobra.Command, meta manager.Metadata) error {
 	tcmd := newPluginCommand(dockerCli, plugin, meta)

 	var persistentPreRunOnce sync.Once
@ -60,7 +61,7 @@ func Run(makeCmd func(command.Cli) *cobra.Command, meta manager.Metadata) {

 	plugin := makeCmd(dockerCli)

-	if err := runPlugin(dockerCli, plugin, meta); err != nil {
+	if err := RunPlugin(dockerCli, plugin, meta); err != nil {
 		if sterr, ok := err.(cli.StatusError); ok {
 			if sterr.Status != "" {
 				fmt.Fprintln(dockerCli.Err(), sterr.Status)
@ -114,17 +115,20 @@ func newPluginCommand(dockerCli *command.DockerCli, plugin *cobra.Command, meta
 	fullname := manager.NamePrefix + name

 	cmd := &cobra.Command{
-		Use:                   fmt.Sprintf("docker [OPTIONS] %s [ARG...]", name),
-		Short:                 fullname + " is a Docker CLI plugin",
-		SilenceUsage:          true,
-		SilenceErrors:         true,
-		PersistentPreRunE:     PersistentPreRunE,
+		Use:           fmt.Sprintf("docker [OPTIONS] %s [ARG...]", name),
+		Short:         fullname + " is a Docker CLI plugin",
+		SilenceUsage:  true,
+		SilenceErrors: true,
+		PersistentPreRunE: func(cmd *cobra.Command, args []string) error {
+			// We can't use this as the hook directly since it is initialised later (in runPlugin)
+			return PersistentPreRunE(cmd, args)
+		},
 		TraverseChildren:      true,
 		DisableFlagsInUseLine: true,
 	}
 	opts, flags := cli.SetupPluginRootCommand(cmd)

-	cmd.SetOutput(dockerCli.Out())
+	cmd.SetOut(dockerCli.Out())

 	cmd.AddCommand(
 		plugin,
--- a/cli/cobra.go
+++ b/cli/cobra.go
@ -9,7 +9,8 @@ import (
 	"github.com/docker/cli/cli/command"
 	cliconfig "github.com/docker/cli/cli/config"
 	cliflags "github.com/docker/cli/cli/flags"
-	"github.com/docker/docker/pkg/term"
+	"github.com/moby/term"
+	"github.com/morikuni/aec"
 	"github.com/pkg/errors"
 	"github.com/spf13/cobra"
 	"github.com/spf13/pflag"
@ -35,6 +36,9 @@ func setupCommonRootCommand(rootCmd *cobra.Command) (*cliflags.ClientOptions, *p
 	cobra.AddTemplateFunc("vendorAndVersion", vendorAndVersion)
 	cobra.AddTemplateFunc("invalidPluginReason", invalidPluginReason)
 	cobra.AddTemplateFunc("isPlugin", isPlugin)
+	cobra.AddTemplateFunc("isExperimental", isExperimental)
+	cobra.AddTemplateFunc("hasAdditionalHelp", hasAdditionalHelp)
+	cobra.AddTemplateFunc("additionalHelp", additionalHelp)
 	cobra.AddTemplateFunc("decoratedName", decoratedName)

 	rootCmd.SetUsageTemplate(usageTemplate)
@ -46,6 +50,8 @@ func setupCommonRootCommand(rootCmd *cobra.Command) (*cliflags.ClientOptions, *p
 	rootCmd.PersistentFlags().MarkShorthandDeprecated("help", "please use --help")
 	rootCmd.PersistentFlags().Lookup("help").Hidden = true

+	rootCmd.Annotations = map[string]string{"additionalHelp": "To get more help with docker, check out our guides at https://docs.docker.com/go/guides/"}
+
 	return opts, flags, helpCommand
 }

@ -184,13 +190,37 @@ var helpCommand = &cobra.Command{
 		if cmd == nil || e != nil || len(args) > 0 {
 			return errors.Errorf("unknown help topic: %v", strings.Join(args, " "))
 		}
-
 		helpFunc := cmd.HelpFunc()
 		helpFunc(cmd, args)
 		return nil
 	},
 }

+func isExperimental(cmd *cobra.Command) bool {
+	if _, ok := cmd.Annotations["experimentalCLI"]; ok {
+		return true
+	}
+	var experimental bool
+	cmd.VisitParents(func(cmd *cobra.Command) {
+		if _, ok := cmd.Annotations["experimentalCLI"]; ok {
+			experimental = true
+		}
+	})
+	return experimental
+}
+
+func additionalHelp(cmd *cobra.Command) string {
+	if additionalHelp, ok := cmd.Annotations["additionalHelp"]; ok {
+		style := aec.EmptyBuilder.Bold().ANSI
+		return style.Apply(additionalHelp)
+	}
+	return ""
+}
+
+func hasAdditionalHelp(cmd *cobra.Command) bool {
+	return additionalHelp(cmd) != ""
+}
+
 func isPlugin(cmd *cobra.Command) bool {
 	return cmd.Annotations[pluginmanager.CommandAnnotationPlugin] == "true"
 }
@ -282,11 +312,20 @@ func invalidPluginReason(cmd *cobra.Command) string {

 var usageTemplate = `Usage:

-{{- if not .HasSubCommands}}	{{.UseLine}}{{end}}
-{{- if .HasSubCommands}}	{{ .CommandPath}}{{- if .HasAvailableFlags}} [OPTIONS]{{end}} COMMAND{{end}}
+{{- if not .HasSubCommands}}  {{.UseLine}}{{end}}
+{{- if .HasSubCommands}}  {{ .CommandPath}}{{- if .HasAvailableFlags}} [OPTIONS]{{end}} COMMAND{{end}}

 {{if ne .Long ""}}{{ .Long | trim }}{{ else }}{{ .Short | trim }}{{end}}
+{{- if isExperimental .}}

+EXPERIMENTAL:
+  {{.CommandPath}} is an experimental feature.
+  Experimental features provide early access to product functionality. These
+  features may change between releases without warning, or can be removed from a
+  future release. Learn more about experimental features in our documentation:
+  https://docs.docker.com/go/experimental/
+
+{{- end}}
 {{- if gt .Aliases 0}}

 Aliases:
@ -337,6 +376,10 @@ Invalid Plugins:

 Run '{{.CommandPath}} COMMAND --help' for more information on a command.
 {{- end}}
+{{- if hasAdditionalHelp .}}
+
+{{ additionalHelp . }}
+{{- end}}
 `

 var helpTemplate = `
--- a/cli/cobra_test.go
+++ b/cli/cobra_test.go
@ -6,8 +6,8 @@ import (
 	pluginmanager "github.com/docker/cli/cli-plugins/manager"
 	"github.com/google/go-cmp/cmp/cmpopts"
 	"github.com/spf13/cobra"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
 )

 func TestVisitAll(t *testing.T) {
--- a/cli/command/builder/prune.go
+++ b/cli/command/builder/prune.go
@ -44,8 +44,8 @@ func NewPruneCommand(dockerCli command.Cli) *cobra.Command {

 	flags := cmd.Flags()
 	flags.BoolVarP(&options.force, "force", "f", false, "Do not prompt for confirmation")
-	flags.BoolVarP(&options.all, "all", "a", false, "Remove all unused images, not just dangling ones")
-	flags.Var(&options.filter, "filter", "Provide filter values (e.g. 'unused-for=24h')")
+	flags.BoolVarP(&options.all, "all", "a", false, "Remove all unused build cache, not just dangling ones")
+	flags.Var(&options.filter, "filter", "Provide filter values (e.g. 'until=24h')")
 	flags.Var(&options.keepStorage, "keep-storage", "Amount of disk space to keep for cache")

 	return cmd
--- a/cli/command/bundlefile/bundlefile.go
+++ b/cli/command/bundlefile/bundlefile.go
@ -1,70 +0,0 @@
-package bundlefile
-
-import (
-	"encoding/json"
-	"io"
-
-	"github.com/pkg/errors"
-)
-
-// Bundlefile stores the contents of a bundlefile
-type Bundlefile struct {
-	Version  string
-	Services map[string]Service
-}
-
-// Service is a service from a bundlefile
-type Service struct {
-	Image      string
-	Command    []string          `json:",omitempty"`
-	Args       []string          `json:",omitempty"`
-	Env        []string          `json:",omitempty"`
-	Labels     map[string]string `json:",omitempty"`
-	Ports      []Port            `json:",omitempty"`
-	WorkingDir *string           `json:",omitempty"`
-	User       *string           `json:",omitempty"`
-	Networks   []string          `json:",omitempty"`
-}
-
-// Port is a port as defined in a bundlefile
-type Port struct {
-	Protocol string
-	Port     uint32
-}
-
-// LoadFile loads a bundlefile from a path to the file
-func LoadFile(reader io.Reader) (*Bundlefile, error) {
-	bundlefile := &Bundlefile{}
-
-	decoder := json.NewDecoder(reader)
-	if err := decoder.Decode(bundlefile); err != nil {
-		switch jsonErr := err.(type) {
-		case *json.SyntaxError:
-			return nil, errors.Errorf(
-				"JSON syntax error at byte %v: %s",
-				jsonErr.Offset,
-				jsonErr.Error())
-		case *json.UnmarshalTypeError:
-			return nil, errors.Errorf(
-				"Unexpected type at byte %v. Expected %s but received %s.",
-				jsonErr.Offset,
-				jsonErr.Type,
-				jsonErr.Value)
-		}
-		return nil, err
-	}
-
-	return bundlefile, nil
-}
-
-// Print writes the contents of the bundlefile to the output writer
-// as human readable json
-func Print(out io.Writer, bundle *Bundlefile) error {
-	bytes, err := json.MarshalIndent(*bundle, "", "    ")
-	if err != nil {
-		return err
-	}
-
-	_, err = out.Write(bytes)
-	return err
-}
--- a/cli/command/bundlefile/bundlefile_test.go
+++ b/cli/command/bundlefile/bundlefile_test.go
@ -1,78 +0,0 @@
-package bundlefile
-
-import (
-	"bytes"
-	"strings"
-	"testing"
-
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
-)
-
-func TestLoadFileV01Success(t *testing.T) {
-	reader := strings.NewReader(`{
-		"Version": "0.1",
-		"Services": {
-			"redis": {
-				"Image": "redis@sha256:4b24131101fa0117bcaa18ac37055fffd9176aa1a240392bb8ea85e0be50f2ce",
-				"Networks": ["default"]
-			},
-			"web": {
-				"Image": "dockercloud/hello-world@sha256:fe79a2cfbd17eefc344fb8419420808df95a1e22d93b7f621a7399fd1e9dca1d",
-				"Networks": ["default"],
-				"User": "web"
-			}
-		}
-	}`)
-
-	bundle, err := LoadFile(reader)
-	assert.NilError(t, err)
-	assert.Check(t, is.Equal("0.1", bundle.Version))
-	assert.Check(t, is.Len(bundle.Services, 2))
-}
-
-func TestLoadFileSyntaxError(t *testing.T) {
-	reader := strings.NewReader(`{
-		"Version": "0.1",
-		"Services": unquoted string
-	}`)
-
-	_, err := LoadFile(reader)
-	assert.Error(t, err, "JSON syntax error at byte 37: invalid character 'u' looking for beginning of value")
-}
-
-func TestLoadFileTypeError(t *testing.T) {
-	reader := strings.NewReader(`{
-		"Version": "0.1",
-		"Services": {
-			"web": {
-				"Image": "redis",
-				"Networks": "none"
-			}
-		}
-	}`)
-
-	_, err := LoadFile(reader)
-	assert.Error(t, err, "Unexpected type at byte 94. Expected []string but received string.")
-}
-
-func TestPrint(t *testing.T) {
-	var buffer bytes.Buffer
-	bundle := &Bundlefile{
-		Version: "0.1",
-		Services: map[string]Service{
-			"web": {
-				Image:   "image",
-				Command: []string{"echo", "something"},
-			},
-		},
-	}
-	assert.Check(t, Print(&buffer, bundle))
-	output := buffer.String()
-	assert.Check(t, is.Contains(output, "\"Image\": \"image\""))
-	assert.Check(t, is.Contains(output,
-		`"Command": [
-                "echo",
-                "something"
-            ]`))
-}
--- a/cli/command/checkpoint/create_test.go
+++ b/cli/command/checkpoint/create_test.go
@ -8,8 +8,8 @@ import (
 	"github.com/docker/cli/internal/test"
 	"github.com/docker/docker/api/types"
 	"github.com/pkg/errors"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
 )

 func TestCheckpointCreateErrors(t *testing.T) {
@ -41,7 +41,7 @@ func TestCheckpointCreateErrors(t *testing.T) {
 		})
 		cmd := newCreateCommand(cli)
 		cmd.SetArgs(tc.args)
-		cmd.SetOutput(ioutil.Discard)
+		cmd.SetOut(ioutil.Discard)
 		assert.ErrorContains(t, cmd.Execute(), tc.expectedError)
 	}
 }
--- a/cli/command/checkpoint/formatter_test.go
+++ b/cli/command/checkpoint/formatter_test.go
@ -6,7 +6,7 @@ import (

 	"github.com/docker/cli/cli/command/formatter"
 	"github.com/docker/docker/api/types"
-	"gotest.tools/assert"
+	"gotest.tools/v3/assert"
 )

 func TestCheckpointContextFormatWrite(t *testing.T) {
--- a/cli/command/checkpoint/list_test.go
+++ b/cli/command/checkpoint/list_test.go
@ -7,9 +7,9 @@ import (
 	"github.com/docker/cli/internal/test"
 	"github.com/docker/docker/api/types"
 	"github.com/pkg/errors"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
-	"gotest.tools/golden"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
+	"gotest.tools/v3/golden"
 )

 func TestCheckpointListErrors(t *testing.T) {
@ -41,7 +41,7 @@ func TestCheckpointListErrors(t *testing.T) {
 		})
 		cmd := newListCommand(cli)
 		cmd.SetArgs(tc.args)
-		cmd.SetOutput(ioutil.Discard)
+		cmd.SetOut(ioutil.Discard)
 		assert.ErrorContains(t, cmd.Execute(), tc.expectedError)
 	}
 }
--- a/cli/command/checkpoint/remove_test.go
+++ b/cli/command/checkpoint/remove_test.go
@ -7,8 +7,8 @@ import (
 	"github.com/docker/cli/internal/test"
 	"github.com/docker/docker/api/types"
 	"github.com/pkg/errors"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
 )

 func TestCheckpointRemoveErrors(t *testing.T) {
@ -40,7 +40,7 @@ func TestCheckpointRemoveErrors(t *testing.T) {
 		})
 		cmd := newRemoveCommand(cli)
 		cmd.SetArgs(tc.args)
-		cmd.SetOutput(ioutil.Discard)
+		cmd.SetOut(ioutil.Discard)
 		assert.ErrorContains(t, cmd.Execute(), tc.expectedError)
 	}
 }
--- a/cli/command/cli.go
+++ b/cli/command/cli.go
@ -8,13 +8,14 @@ import (
 	"path/filepath"
 	"runtime"
 	"strconv"
+	"strings"
+	"time"

 	"github.com/docker/cli/cli/config"
 	cliconfig "github.com/docker/cli/cli/config"
 	"github.com/docker/cli/cli/config/configfile"
 	dcontext "github.com/docker/cli/cli/context"
 	"github.com/docker/cli/cli/context/docker"
-	kubcontext "github.com/docker/cli/cli/context/kubernetes"
 	"github.com/docker/cli/cli/context/store"
 	"github.com/docker/cli/cli/debug"
 	cliflags "github.com/docker/cli/cli/flags"
@ -23,14 +24,13 @@ import (
 	"github.com/docker/cli/cli/streams"
 	"github.com/docker/cli/cli/trust"
 	"github.com/docker/cli/cli/version"
-	"github.com/docker/cli/internal/containerizedengine"
 	dopts "github.com/docker/cli/opts"
-	clitypes "github.com/docker/cli/types"
+	"github.com/docker/docker/api"
 	"github.com/docker/docker/api/types"
 	registrytypes "github.com/docker/docker/api/types/registry"
 	"github.com/docker/docker/client"
-	"github.com/docker/docker/pkg/term"
 	"github.com/docker/go-connections/tlsconfig"
+	"github.com/moby/term"
 	"github.com/pkg/errors"
 	"github.com/spf13/cobra"
 	"github.com/theupdateframework/notary"
@ -61,7 +61,6 @@ type Cli interface {
 	ManifestStore() manifeststore.Store
 	RegistryClient(bool) registryclient.RegistryClient
 	ContentTrustEnabled() bool
-	NewContainerizedEngineClient(sockPath string) (clitypes.ContainerizedClient, error)
 	ContextStore() store.Store
 	CurrentContext() string
 	StackOrchestrator(flagValue string) (Orchestrator, error)
@ -71,24 +70,23 @@ type Cli interface {
 // DockerCli is an instance the docker command line client.
 // Instances of the client can be returned from NewDockerCli.
 type DockerCli struct {
-	configFile            *configfile.ConfigFile
-	in                    *streams.In
-	out                   *streams.Out
-	err                   io.Writer
-	client                client.APIClient
-	serverInfo            ServerInfo
-	clientInfo            ClientInfo
-	contentTrust          bool
-	newContainerizeClient func(string) (clitypes.ContainerizedClient, error)
-	contextStore          store.Store
-	currentContext        string
-	dockerEndpoint        docker.Endpoint
-	contextStoreConfig    store.Config
+	configFile         *configfile.ConfigFile
+	in                 *streams.In
+	out                *streams.Out
+	err                io.Writer
+	client             client.APIClient
+	serverInfo         ServerInfo
+	clientInfo         *ClientInfo
+	contentTrust       bool
+	contextStore       store.Store
+	currentContext     string
+	dockerEndpoint     docker.Endpoint
+	contextStoreConfig store.Config
 }

 // DefaultVersion returns api.defaultVersion or DOCKER_API_VERSION if specified.
 func (cli *DockerCli) DefaultVersion() string {
-	return cli.clientInfo.DefaultVersion
+	return cli.ClientInfo().DefaultVersion
 }

 // Client returns the APIClient
@ -119,7 +117,7 @@ func (cli *DockerCli) In() *streams.In {
 // ShowHelp shows the command help.
 func ShowHelp(err io.Writer) func(*cobra.Command, []string) error {
 	return func(cmd *cobra.Command, args []string) error {
-		cmd.SetOutput(err)
+		cmd.SetOut(err)
 		cmd.HelpFunc()(cmd, args)
 		return nil
 	}
@ -127,9 +125,16 @@ func ShowHelp(err io.Writer) func(*cobra.Command, []string) error {

 // ConfigFile returns the ConfigFile
 func (cli *DockerCli) ConfigFile() *configfile.ConfigFile {
+	if cli.configFile == nil {
+		cli.loadConfigFile()
+	}
 	return cli.configFile
 }

+func (cli *DockerCli) loadConfigFile() {
+	cli.configFile = cliconfig.LoadDefaultConfigFile(cli.err)
+}
+
 // ServerInfo returns the server version details for the host this client is
 // connected to
 func (cli *DockerCli) ServerInfo() ServerInfo {
@ -138,7 +143,26 @@ func (cli *DockerCli) ServerInfo() ServerInfo {

 // ClientInfo returns the client details for the cli
 func (cli *DockerCli) ClientInfo() ClientInfo {
-	return cli.clientInfo
+	if cli.clientInfo == nil {
+		if err := cli.loadClientInfo(); err != nil {
+			panic(err)
+		}
+	}
+	return *cli.clientInfo
+}
+
+func (cli *DockerCli) loadClientInfo() error {
+	var v string
+	if cli.client != nil {
+		v = cli.client.ClientVersion()
+	} else {
+		v = api.DefaultVersion
+	}
+	cli.clientInfo = &ClientInfo{
+		DefaultVersion:  v,
+		HasExperimental: true,
+	}
+	return nil
 }

 // ContentTrustEnabled returns whether content trust has been enabled by an
@ -208,13 +232,13 @@ func (cli *DockerCli) Initialize(opts *cliflags.ClientOptions, ops ...Initialize
 		debug.Enable()
 	}

-	cli.configFile = cliconfig.LoadDefaultConfigFile(cli.err)
+	cli.loadConfigFile()

-	baseContextSore := store.New(cliconfig.ContextStoreDir(), cli.contextStoreConfig)
+	baseContextStore := store.New(cliconfig.ContextStoreDir(), cli.contextStoreConfig)
 	cli.contextStore = &ContextStoreWithDefault{
-		Store: baseContextSore,
+		Store: baseContextStore,
 		Resolver: func() (*DefaultContext, error) {
-			return resolveDefaultContext(opts.Common, cli.ConfigFile(), cli.Err())
+			return ResolveDefaultContext(opts.Common, cli.ConfigFile(), cli.contextStoreConfig, cli.Err())
 		},
 	}
 	cli.currentContext, err = resolveContextName(opts.Common, cli.configFile, cli.contextStore)
@ -231,7 +255,7 @@ func (cli *DockerCli) Initialize(opts *cliflags.ClientOptions, ops ...Initialize
 		if tlsconfig.IsErrEncryptedKey(err) {
 			passRetriever := passphrase.PromptRetrieverWithInOut(cli.In(), cli.Out(), nil)
 			newClient := func(password string) (client.APIClient, error) {
-				cli.dockerEndpoint.TLSPassword = password
+				cli.dockerEndpoint.TLSPassword = password //nolint: staticcheck // SA1019: cli.dockerEndpoint.TLSPassword is deprecated
 				return newAPIClientFromEndpoint(cli.dockerEndpoint, cli.configFile)
 			}
 			cli.client, err = getClientWithPassword(passRetriever, newClient)
@ -240,29 +264,22 @@ func (cli *DockerCli) Initialize(opts *cliflags.ClientOptions, ops ...Initialize
 			return err
 		}
 	}
-	var experimentalValue string
-	// Environment variable always overrides configuration
-	if experimentalValue = os.Getenv("DOCKER_CLI_EXPERIMENTAL"); experimentalValue == "" {
-		experimentalValue = cli.configFile.Experimental
-	}
-	hasExperimental, err := isEnabled(experimentalValue)
-	if err != nil {
-		return errors.Wrap(err, "Experimental field")
-	}
-	cli.clientInfo = ClientInfo{
-		DefaultVersion:  cli.client.ClientVersion(),
-		HasExperimental: hasExperimental,
-	}
 	cli.initializeFromClient()
+
+	if err := cli.loadClientInfo(); err != nil {
+		return err
+	}
+
 	return nil
 }

 // NewAPIClientFromFlags creates a new APIClient from command line flags
 func NewAPIClientFromFlags(opts *cliflags.CommonOptions, configFile *configfile.ConfigFile) (client.APIClient, error) {
+	storeConfig := DefaultContextStoreConfig()
 	store := &ContextStoreWithDefault{
-		Store: store.New(cliconfig.ContextStoreDir(), defaultContextStoreConfig()),
+		Store: store.New(cliconfig.ContextStoreDir(), storeConfig),
 		Resolver: func() (*DefaultContext, error) {
-			return resolveDefaultContext(opts, configFile, ioutil.Discard)
+			return ResolveDefaultContext(opts, configFile, storeConfig, ioutil.Discard)
 		},
 	}
 	contextName, err := resolveContextName(opts, configFile, store)
@ -281,9 +298,9 @@ func newAPIClientFromEndpoint(ep docker.Endpoint, configFile *configfile.ConfigF
 	if err != nil {
 		return nil, err
 	}
-	customHeaders := configFile.HTTPHeaders
-	if customHeaders == nil {
-		customHeaders = map[string]string{}
+	customHeaders := make(map[string]string, len(configFile.HTTPHeaders))
+	for k, v := range configFile.HTTPHeaders {
+		customHeaders[k] = v
 	}
 	customHeaders["User-Agent"] = UserAgent()
 	clientOpts = append(clientOpts, client.WithHTTPHeaders(customHeaders))
@ -331,19 +348,17 @@ func resolveDefaultDockerEndpoint(opts *cliflags.CommonOptions) (docker.Endpoint
 	}, nil
 }

-func isEnabled(value string) (bool, error) {
-	switch value {
-	case "enabled":
-		return true, nil
-	case "", "disabled":
-		return false, nil
-	default:
-		return false, errors.Errorf("%q is not valid, should be either enabled or disabled", value)
-	}
-}
-
 func (cli *DockerCli) initializeFromClient() {
-	ping, err := cli.client.Ping(context.Background())
+	ctx := context.Background()
+	if strings.HasPrefix(cli.DockerEndpoint().Host, "tcp://") {
+		// @FIXME context.WithTimeout doesn't work with connhelper / ssh connections
+		// time="2020-04-10T10:16:26Z" level=warning msg="commandConn.CloseWrite: commandconn: failed to wait: signal: killed"
+		var cancel func()
+		ctx, cancel = context.WithTimeout(ctx, 2*time.Second)
+		defer cancel()
+	}
+
+	ping, err := cli.client.Ping(ctx)
 	if err != nil {
 		// Default to true if we fail to connect to daemon
 		cli.serverInfo = ServerInfo{HasExperimental: true}
@ -381,11 +396,6 @@ func (cli *DockerCli) NotaryClient(imgRefAndAuth trust.ImageRefAndAuth, actions
 	return trust.GetNotaryRepository(cli.In(), cli.Out(), UserAgent(), imgRefAndAuth.RepoInfo(), imgRefAndAuth.AuthConfig(), actions...)
 }

-// NewContainerizedEngineClient returns a containerized engine client
-func (cli *DockerCli) NewContainerizedEngineClient(sockPath string) (clitypes.ContainerizedClient, error) {
-	return cli.newContainerizeClient(sockPath)
-}
-
 // ContextStore returns the ContextStore
 func (cli *DockerCli) ContextStore() store.Store {
 	return cli.contextStore
@ -440,20 +450,21 @@ type ServerInfo struct {

 // ClientInfo stores details about the supported features of the client
 type ClientInfo struct {
+	// Deprecated: experimental CLI features always enabled. This field is kept
+	// for backward-compatibility, and is always "true".
 	HasExperimental bool
 	DefaultVersion  string
 }

 // NewDockerCli returns a DockerCli instance with all operators applied on it.
-// It applies by default the standard streams, the content trust from
-// environment and the default containerized client constructor operations.
+// It applies by default the standard streams, and the content trust from
+// environment.
 func NewDockerCli(ops ...DockerCliOption) (*DockerCli, error) {
 	cli := &DockerCli{}
 	defaultOps := []DockerCliOption{
 		WithContentTrustFromEnv(),
-		WithContainerizedClient(containerizedengine.NewClient),
 	}
-	cli.contextStoreConfig = defaultContextStoreConfig()
+	cli.contextStoreConfig = DefaultContextStoreConfig()
 	ops = append(defaultOps, ops...)
 	if err := cli.Apply(ops...); err != nil {
 		return nil, err
@ -526,10 +537,22 @@ func resolveContextName(opts *cliflags.CommonOptions, config *configfile.ConfigF
 	return DefaultContextName, nil
 }

-func defaultContextStoreConfig() store.Config {
+var defaultStoreEndpoints = []store.NamedTypeGetter{
+	store.EndpointTypeGetter(docker.DockerEndpoint, func() interface{} { return &docker.EndpointMeta{} }),
+}
+
+// RegisterDefaultStoreEndpoints registers a new named endpoint
+// metadata type with the default context store config, so that
+// endpoint will be supported by stores using the config returned by
+// DefaultContextStoreConfig.
+func RegisterDefaultStoreEndpoints(ep ...store.NamedTypeGetter) {
+	defaultStoreEndpoints = append(defaultStoreEndpoints, ep...)
+}
+
+// DefaultContextStoreConfig returns a new store.Config with the default set of endpoints configured.
+func DefaultContextStoreConfig() store.Config {
 	return store.NewConfig(
 		func() interface{} { return &DockerContext{} },
-		store.EndpointTypeGetter(docker.DockerEndpoint, func() interface{} { return &docker.EndpointMeta{} }),
-		store.EndpointTypeGetter(kubcontext.KubernetesEndpoint, func() interface{} { return &kubcontext.EndpointMeta{} }),
+		defaultStoreEndpoints...,
 	)
 }
--- a/cli/command/cli_options.go
+++ b/cli/command/cli_options.go
@ -7,11 +7,9 @@ import (
 	"strconv"

 	"github.com/docker/cli/cli/context/docker"
-	"github.com/docker/cli/cli/context/kubernetes"
 	"github.com/docker/cli/cli/context/store"
 	"github.com/docker/cli/cli/streams"
-	clitypes "github.com/docker/cli/types"
-	"github.com/docker/docker/pkg/term"
+	"github.com/moby/term"
 )

 // DockerCliOption applies a modification on a DockerCli.
@ -84,20 +82,12 @@ func WithContentTrust(enabled bool) DockerCliOption {
 	}
 }

-// WithContainerizedClient sets the containerized client constructor on a cli.
-func WithContainerizedClient(containerizedFn func(string) (clitypes.ContainerizedClient, error)) DockerCliOption {
-	return func(cli *DockerCli) error {
-		cli.newContainerizeClient = containerizedFn
-		return nil
-	}
-}
-
 // WithContextEndpointType add support for an additional typed endpoint in the context store
 // Plugins should use this to store additional endpoints configuration in the context store
 func WithContextEndpointType(endpointName string, endpointType store.TypeGetter) DockerCliOption {
 	return func(cli *DockerCli) error {
 		switch endpointName {
-		case docker.DockerEndpoint, kubernetes.KubernetesEndpoint:
+		case docker.DockerEndpoint:
 			return fmt.Errorf("cannot change %q endpoint type", endpointName)
 		}
 		cli.contextStoreConfig.SetEndpoint(endpointName, endpointType)
--- a/cli/command/cli_options_test.go
+++ b/cli/command/cli_options_test.go
@ -4,7 +4,7 @@ import (
 	"os"
 	"testing"

-	"gotest.tools/assert"
+	"gotest.tools/v3/assert"
 )

 func contentTrustEnabled(t *testing.T) bool {
--- a/cli/command/cli_test.go
+++ b/cli/command/cli_test.go
@ -13,15 +13,14 @@ import (
 	cliconfig "github.com/docker/cli/cli/config"
 	"github.com/docker/cli/cli/config/configfile"
 	"github.com/docker/cli/cli/flags"
-	clitypes "github.com/docker/cli/types"
 	"github.com/docker/docker/api"
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/client"
 	"github.com/pkg/errors"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
-	"gotest.tools/env"
-	"gotest.tools/fs"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
+	"gotest.tools/v3/env"
+	"gotest.tools/v3/fs"
 )

 func TestNewAPIClientFromFlags(t *testing.T) {
@ -45,6 +44,7 @@ func TestNewAPIClientFromFlags(t *testing.T) {
 	}
 	assert.Check(t, is.DeepEqual(expectedHeaders, apiclient.(*client.Client).CustomHTTPHeaders()))
 	assert.Check(t, is.Equal(api.DefaultVersion, apiclient.ClientVersion()))
+	assert.DeepEqual(t, configFile.HTTPHeaders, map[string]string{"My-Header": "Custom-Value"})
 }

 func TestNewAPIClientFromFlagsForDefaultSchema(t *testing.T) {
@ -133,6 +133,7 @@ func TestInitializeFromClient(t *testing.T) {
 	}

 	for _, testcase := range testcases {
+		testcase := testcase
 		t.Run(testcase.doc, func(t *testing.T) {
 			apiclient := &fakeClient{
 				pingFunc: testcase.pingFunc,
@ -147,29 +148,29 @@ func TestInitializeFromClient(t *testing.T) {
 	}
 }

+// The CLI no longer disables/hides experimental CLI features, however, we need
+// to verify that existing configuration files do not break
 func TestExperimentalCLI(t *testing.T) {
 	defaultVersion := "v1.55"

 	var testcases = []struct {
-		doc                     string
-		configfile              string
-		expectedExperimentalCLI bool
+		doc        string
+		configfile string
 	}{
 		{
-			doc:                     "default",
-			configfile:              `{}`,
-			expectedExperimentalCLI: false,
+			doc:        "default",
+			configfile: `{}`,
 		},
 		{
 			doc: "experimental",
 			configfile: `{
 	"experimental": "enabled"
 }`,
-			expectedExperimentalCLI: true,
 		},
 	}

 	for _, testcase := range testcases {
+		testcase := testcase
 		t.Run(testcase.doc, func(t *testing.T) {
 			dir := fs.NewDir(t, testcase.doc, fs.WithFile("config.json", testcase.configfile))
 			defer dir.Remove()
@ -184,7 +185,8 @@ func TestExperimentalCLI(t *testing.T) {
 			cliconfig.SetDir(dir.Path())
 			err := cli.Initialize(flags.NewClientOptions())
 			assert.NilError(t, err)
-			assert.Check(t, is.Equal(testcase.expectedExperimentalCLI, cli.ClientInfo().HasExperimental))
+			// For backward-compatibility, HasExperimental will always be "true"
+			assert.Check(t, is.Equal(true, cli.ClientInfo().HasExperimental))
 		})
 	}
 }
@ -223,6 +225,7 @@ func TestGetClientWithPassword(t *testing.T) {
 	}

 	for _, testcase := range testcases {
+		testcase := testcase
 		t.Run(testcase.doc, func(t *testing.T) {
 			passRetriever := func(_, _ string, _ bool, attempts int) (passphrase string, giveup bool, err error) {
 				// Always return an invalid pass first to test iteration
@ -259,7 +262,6 @@ func TestNewDockerCliAndOperators(t *testing.T) {
 	// Test default operations and also overriding default ones
 	cli, err := NewDockerCli(
 		WithContentTrust(true),
-		WithContainerizedClient(func(string) (clitypes.ContainerizedClient, error) { return nil, nil }),
 	)
 	assert.NilError(t, err)
 	// Check streams are initialized
@ -267,19 +269,17 @@ func TestNewDockerCliAndOperators(t *testing.T) {
 	assert.Check(t, cli.Out() != nil)
 	assert.Check(t, cli.Err() != nil)
 	assert.Equal(t, cli.ContentTrustEnabled(), true)
-	client, err := cli.NewContainerizedEngineClient("")
-	assert.NilError(t, err)
-	assert.Equal(t, client, nil)

 	// Apply can modify a dockerCli after construction
 	inbuf := bytes.NewBuffer([]byte("input"))
 	outbuf := bytes.NewBuffer(nil)
 	errbuf := bytes.NewBuffer(nil)
-	cli.Apply(
+	err = cli.Apply(
 		WithInputStream(ioutil.NopCloser(inbuf)),
 		WithOutputStream(outbuf),
 		WithErrorStream(errbuf),
 	)
+	assert.NilError(t, err)
 	// Check input stream
 	inputStream, err := ioutil.ReadAll(cli.In())
 	assert.NilError(t, err)
--- a/cli/command/commands/commands.go
+++ b/cli/command/commands/commands.go
@ -2,7 +2,6 @@ package commands

 import (
 	"os"
-	"runtime"

 	"github.com/docker/cli/cli/command"
 	"github.com/docker/cli/cli/command/builder"
@ -10,7 +9,6 @@ import (
 	"github.com/docker/cli/cli/command/config"
 	"github.com/docker/cli/cli/command/container"
 	"github.com/docker/cli/cli/command/context"
-	"github.com/docker/cli/cli/command/engine"
 	"github.com/docker/cli/cli/command/image"
 	"github.com/docker/cli/cli/command/manifest"
 	"github.com/docker/cli/cli/command/network"
@ -90,7 +88,6 @@ func AddCommands(cmd *cobra.Command, dockerCli command.Cli) {
 		context.NewContextCommand(dockerCli),

 		// legacy commands may be hidden
-		hide(stack.NewTopLevelDeployCommand(dockerCli)),
 		hide(system.NewEventsCommand(dockerCli)),
 		hide(system.NewInfoCommand(dockerCli)),
 		hide(system.NewInspectCommand(dockerCli)),
@ -126,10 +123,6 @@ func AddCommands(cmd *cobra.Command, dockerCli command.Cli) {
 		hide(image.NewSaveCommand(dockerCli)),
 		hide(image.NewTagCommand(dockerCli)),
 	)
-	if runtime.GOOS == "linux" {
-		// engine
-		cmd.AddCommand(engine.NewEngineCommand(dockerCli))
-	}
 }

 func hide(cmd *cobra.Command) *cobra.Command {
--- a/cli/command/config/create_test.go
+++ b/cli/command/config/create_test.go
@ -11,9 +11,9 @@ import (
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/swarm"
 	"github.com/pkg/errors"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
-	"gotest.tools/golden"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
+	"gotest.tools/v3/golden"
 )

 const configDataFile = "config-create-with-name.golden"
@ -46,7 +46,7 @@ func TestConfigCreateErrors(t *testing.T) {
 			}),
 		)
 		cmd.SetArgs(tc.args)
-		cmd.SetOutput(ioutil.Discard)
+		cmd.SetOut(ioutil.Discard)
 		assert.ErrorContains(t, cmd.Execute(), tc.expectedError)
 	}
 }
--- a/cli/command/config/formatter_test.go
+++ b/cli/command/config/formatter_test.go
@ -7,8 +7,7 @@ import (

 	"github.com/docker/cli/cli/command/formatter"
 	"github.com/docker/docker/api/types/swarm"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
+	"gotest.tools/v3/assert"
 )

 func TestConfigContextFormatWrite(t *testing.T) {
@ -20,19 +19,17 @@ func TestConfigContextFormatWrite(t *testing.T) {
 		// Errors
 		{
 			formatter.Context{Format: "{{InvalidFunction}}"},
-			`Template parsing error: template: :1: function "InvalidFunction" not defined
-`,
+			`template parsing error: template: :1: function "InvalidFunction" not defined`,
 		},
 		{
 			formatter.Context{Format: "{{nil}}"},
-			`Template parsing error: template: :1:2: executing "" at <nil>: nil is not a command
-`,
+			`template parsing error: template: :1:2: executing "" at <nil>: nil is not a command`,
 		},
 		// Table format
 		{formatter.Context{Format: NewFormat("table", false)},
-			`ID                  NAME                CREATED                  UPDATED
-1                   passwords           Less than a second ago   Less than a second ago
-2                   id_rsa              Less than a second ago   Less than a second ago
+			`ID        NAME        CREATED                  UPDATED
+1         passwords   Less than a second ago   Less than a second ago
+2         id_rsa      Less than a second ago   Less than a second ago
 `},
 		{formatter.Context{Format: NewFormat("table {{.Name}}", true)},
 			`NAME
@ -53,13 +50,16 @@ id_rsa
 			Meta: swarm.Meta{CreatedAt: time.Now(), UpdatedAt: time.Now()},
 			Spec: swarm.ConfigSpec{Annotations: swarm.Annotations{Name: "id_rsa"}}},
 	}
-	for _, testcase := range cases {
-		out := bytes.NewBufferString("")
-		testcase.context.Output = out
-		if err := FormatWrite(testcase.context, configs); err != nil {
-			assert.ErrorContains(t, err, testcase.expected)
-		} else {
-			assert.Check(t, is.Equal(out.String(), testcase.expected))
-		}
+	for _, tc := range cases {
+		tc := tc
+		t.Run(string(tc.context.Format), func(t *testing.T) {
+			var out bytes.Buffer
+			tc.context.Output = &out
+			if err := FormatWrite(tc.context, configs); err != nil {
+				assert.ErrorContains(t, err, tc.expected)
+			} else {
+				assert.Equal(t, out.String(), tc.expected)
+			}
+		})
 	}
 }
--- a/cli/command/config/inspect_test.go
+++ b/cli/command/config/inspect_test.go
@ -7,12 +7,11 @@ import (
 	"time"

 	"github.com/docker/cli/internal/test"
+	. "github.com/docker/cli/internal/test/builders" // Import builders to get the builder function as package function
 	"github.com/docker/docker/api/types/swarm"
 	"github.com/pkg/errors"
-	// Import builders to get the builder function as package function
-	. "github.com/docker/cli/internal/test/builders"
-	"gotest.tools/assert"
-	"gotest.tools/golden"
+	"gotest.tools/v3/assert"
+	"gotest.tools/v3/golden"
 )

 func TestConfigInspectErrors(t *testing.T) {
@ -37,7 +36,7 @@ func TestConfigInspectErrors(t *testing.T) {
 			flags: map[string]string{
 				"format": "{{invalid format}}",
 			},
-			expectedError: "Template parsing error",
+			expectedError: "template parsing error",
 		},
 		{
 			args: []string{"foo", "bar"},
@ -60,7 +59,7 @@ func TestConfigInspectErrors(t *testing.T) {
 		for key, value := range tc.flags {
 			cmd.Flags().Set(key, value)
 		}
-		cmd.SetOutput(ioutil.Discard)
+		cmd.SetOut(ioutil.Discard)
 		assert.ErrorContains(t, cmd.Execute(), tc.expectedError)
 	}
 }
--- a/cli/command/config/ls.go
+++ b/cli/command/config/ls.go
@ -9,8 +9,8 @@ import (
 	"github.com/docker/cli/cli/command/formatter"
 	"github.com/docker/cli/opts"
 	"github.com/docker/docker/api/types"
+	"github.com/fvbommel/sortorder"
 	"github.com/spf13/cobra"
-	"vbom.ml/util/sortorder"
 )

 // ListOptions contains options for the docker config ls command.
--- a/cli/command/config/ls_test.go
+++ b/cli/command/config/ls_test.go
@ -7,14 +7,13 @@ import (

 	"github.com/docker/cli/cli/config/configfile"
 	"github.com/docker/cli/internal/test"
+	. "github.com/docker/cli/internal/test/builders" // Import builders to get the builder function as package function
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/swarm"
 	"github.com/pkg/errors"
-	// Import builders to get the builder function as package function
-	. "github.com/docker/cli/internal/test/builders"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
-	"gotest.tools/golden"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
+	"gotest.tools/v3/golden"
 )

 func TestConfigListErrors(t *testing.T) {
@ -41,7 +40,7 @@ func TestConfigListErrors(t *testing.T) {
 			}),
 		)
 		cmd.SetArgs(tc.args)
-		cmd.SetOutput(ioutil.Discard)
+		cmd.SetOut(ioutil.Discard)
 		assert.ErrorContains(t, cmd.Execute(), tc.expectedError)
 	}
 }
--- a/cli/command/config/remove_test.go
+++ b/cli/command/config/remove_test.go
@ -7,8 +7,8 @@ import (

 	"github.com/docker/cli/internal/test"
 	"github.com/pkg/errors"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
 )

 func TestConfigRemoveErrors(t *testing.T) {
@ -36,7 +36,7 @@ func TestConfigRemoveErrors(t *testing.T) {
 			}),
 		)
 		cmd.SetArgs(tc.args)
-		cmd.SetOutput(ioutil.Discard)
+		cmd.SetOut(ioutil.Discard)
 		assert.ErrorContains(t, cmd.Execute(), tc.expectedError)
 	}
 }
@ -73,7 +73,7 @@ func TestConfigRemoveContinueAfterError(t *testing.T) {

 	cmd := newConfigRemoveCommand(cli)
 	cmd.SetArgs(names)
-	cmd.SetOutput(ioutil.Discard)
+	cmd.SetOut(ioutil.Discard)
 	assert.Error(t, cmd.Execute(), "error removing config: foo")
 	assert.Check(t, is.DeepEqual(names, removedConfigs))
 }
--- a/cli/command/config/testdata/config-list-sort.golden
+++ b/cli/command/config/testdata/config-list-sort.golden
@ -1,4 +1,4 @@
-ID                  NAME                CREATED             UPDATED
-ID-1-foo            1-foo               2 hours ago         About an hour ago
-ID-2-foo            2-foo               2 hours ago         About an hour ago
-ID-10-foo           10-foo              2 hours ago         About an hour ago
+ID          NAME      CREATED       UPDATED
+ID-1-foo    1-foo     2 hours ago   About an hour ago
+ID-2-foo    2-foo     2 hours ago   About an hour ago
+ID-10-foo   10-foo    2 hours ago   About an hour ago
--- a/cli/command/config/testdata/config-list-with-filter.golden
+++ b/cli/command/config/testdata/config-list-with-filter.golden
@ -1,3 +1,3 @@
-ID                  NAME                CREATED             UPDATED
-ID-bar              bar                 2 hours ago         About an hour ago
-ID-foo              foo                 2 hours ago         About an hour ago
+ID        NAME      CREATED       UPDATED
+ID-bar    bar       2 hours ago   About an hour ago
+ID-foo    foo       2 hours ago   About an hour ago
--- a/cli/command/container/attach.go
+++ b/cli/command/container/attach.go
@ -4,7 +4,6 @@ import (
 	"context"
 	"fmt"
 	"io"
-	"net/http/httputil"

 	"github.com/docker/cli/cli"
 	"github.com/docker/cli/cli/command"
@ -98,15 +97,13 @@ func runAttach(dockerCli command.Cli, opts *attachOptions) error {
 	}

 	if opts.proxy && !c.Config.Tty {
-		sigc := ForwardAllSignals(ctx, dockerCli, opts.container)
+		sigc := notfiyAllSignals()
+		go ForwardAllSignals(ctx, dockerCli, opts.container, sigc)
 		defer signal.StopCatch(sigc)
 	}

 	resp, errAttach := client.ContainerAttach(ctx, opts.container, options)
-	if errAttach != nil && errAttach != httputil.ErrPersistEOF {
-		// ContainerAttach returns an ErrPersistEOF (connection closed)
-		// means server met an error and put it in Hijacked connection
-		// keep the error and read detailed error message from hijacked connection later
+	if errAttach != nil {
 		return errAttach
 	}
 	defer resp.Close()
@ -142,10 +139,6 @@ func runAttach(dockerCli command.Cli, opts *attachOptions) error {
 		return err
 	}

-	if errAttach != nil {
-		return errAttach
-	}
-
 	return getExitStatus(errC, resultC)
 }

--- a/cli/command/container/attach_test.go
+++ b/cli/command/container/attach_test.go
@ -10,7 +10,7 @@ import (
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/container"
 	"github.com/pkg/errors"
-	"gotest.tools/assert"
+	"gotest.tools/v3/assert"
 )

 func TestNewAttachCommandErrors(t *testing.T) {
@ -71,7 +71,7 @@ func TestNewAttachCommandErrors(t *testing.T) {
 	}
 	for _, tc := range testCases {
 		cmd := NewAttachCommand(test.NewFakeCli(&fakeClient{inspectFunc: tc.containerInspectFunc}))
-		cmd.SetOutput(ioutil.Discard)
+		cmd.SetOut(ioutil.Discard)
 		cmd.SetArgs(tc.args)
 		assert.ErrorContains(t, cmd.Execute(), tc.expectedError)
 	}
--- a/cli/command/container/client_test.go
+++ b/cli/command/container/client_test.go
@ -8,6 +8,7 @@ import (
 	"github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/api/types/network"
 	"github.com/docker/docker/client"
+	specs "github.com/opencontainers/image-spec/specs-go/v1"
 )

 type fakeClient struct {
@ -18,6 +19,7 @@ type fakeClient struct {
 	createContainerFunc func(config *container.Config,
 		hostConfig *container.HostConfig,
 		networkingConfig *network.NetworkingConfig,
+		platform *specs.Platform,
 		containerName string) (container.ContainerCreateCreatedBody, error)
 	containerStartFunc      func(container string, options types.ContainerStartOptions) error
 	imageCreateFunc         func(parentReference string, options types.ImageCreateOptions) (io.ReadCloser, error)
@ -29,6 +31,8 @@ type fakeClient struct {
 	containerListFunc       func(types.ContainerListOptions) ([]types.Container, error)
 	containerExportFunc     func(string) (io.ReadCloser, error)
 	containerExecResizeFunc func(id string, options types.ResizeOptions) error
+	containerRemoveFunc     func(ctx context.Context, container string, options types.ContainerRemoveOptions) error
+	containerKillFunc       func(ctx context.Context, container, signal string) error
 	Version                 string
 }

@ -69,14 +73,22 @@ func (f *fakeClient) ContainerCreate(
 	config *container.Config,
 	hostConfig *container.HostConfig,
 	networkingConfig *network.NetworkingConfig,
+	platform *specs.Platform,
 	containerName string,
 ) (container.ContainerCreateCreatedBody, error) {
 	if f.createContainerFunc != nil {
-		return f.createContainerFunc(config, hostConfig, networkingConfig, containerName)
+		return f.createContainerFunc(config, hostConfig, networkingConfig, platform, containerName)
 	}
 	return container.ContainerCreateCreatedBody{}, nil
 }

+func (f *fakeClient) ContainerRemove(ctx context.Context, container string, options types.ContainerRemoveOptions) error {
+	if f.containerRemoveFunc != nil {
+		return f.containerRemoveFunc(ctx, container, options)
+	}
+	return nil
+}
+
 func (f *fakeClient) ImageCreate(ctx context.Context, parentReference string, options types.ImageCreateOptions) (io.ReadCloser, error) {
 	if f.imageCreateFunc != nil {
 		return f.imageCreateFunc(parentReference, options)
@ -143,3 +155,10 @@ func (f *fakeClient) ContainerExecResize(_ context.Context, id string, options t
 	}
 	return nil
 }
+
+func (f *fakeClient) ContainerKill(ctx context.Context, container, signal string) error {
+	if f.containerKillFunc != nil {
+		return f.containerKillFunc(ctx, container, signal)
+	}
+	return nil
+}
--- a/cli/command/container/cp_test.go
+++ b/cli/command/container/cp_test.go
@ -11,10 +11,10 @@ import (
 	"github.com/docker/cli/internal/test"
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/pkg/archive"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
-	"gotest.tools/fs"
-	"gotest.tools/skip"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
+	"gotest.tools/v3/fs"
+	"gotest.tools/v3/skip"
 )

 func TestRunCopyWithInvalidArguments(t *testing.T) {
--- a/cli/command/container/create.go
+++ b/cli/command/container/create.go
@ -7,6 +7,7 @@ import (
 	"os"
 	"regexp"

+	"github.com/containerd/containerd/platforms"
 	"github.com/docker/cli/cli"
 	"github.com/docker/cli/cli/command"
 	"github.com/docker/cli/cli/command/image"
@ -14,18 +15,28 @@ import (
 	"github.com/docker/distribution/reference"
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/api/types/versions"
 	apiclient "github.com/docker/docker/client"
 	"github.com/docker/docker/pkg/jsonmessage"
 	"github.com/docker/docker/registry"
+	specs "github.com/opencontainers/image-spec/specs-go/v1"
 	"github.com/pkg/errors"
 	"github.com/spf13/cobra"
 	"github.com/spf13/pflag"
 )

+// Pull constants
+const (
+	PullImageAlways  = "always"
+	PullImageMissing = "missing" // Default (matches previous behavior)
+	PullImageNever   = "never"
+)
+
 type createOptions struct {
 	name      string
 	platform  string
 	untrusted bool
+	pull      string // alway, missing, never
 }

 // NewCreateCommand creates a new cobra.Command for `docker create`
@ -50,6 +61,8 @@ func NewCreateCommand(dockerCli command.Cli) *cobra.Command {
 	flags.SetInterspersed(false)

 	flags.StringVar(&opts.name, "name", "", "Assign a name to the container")
+	flags.StringVar(&opts.pull, "pull", PullImageMissing,
+		`Pull image before creating ("`+PullImageAlways+`"|"`+PullImageMissing+`"|"`+PullImageNever+`")`)

 	// Add an explicit help that doesn't have a `-h` to prevent the conflict
 	// with hostname
@ -142,7 +155,7 @@ func (cid *cidFile) Close() error {
 		return nil
 	}
 	if err := os.Remove(cid.path); err != nil {
-		return errors.Errorf("failed to remove the CID file '%s': %s \n", cid.path, err)
+		return errors.Wrapf(err, "failed to remove the CID file '%s'", cid.path)
 	}

 	return nil
@ -153,7 +166,7 @@ func (cid *cidFile) Write(id string) error {
 		return nil
 	}
 	if _, err := cid.file.Write([]byte(id)); err != nil {
-		return errors.Errorf("Failed to write the container ID to the file: %s", err)
+		return errors.Wrap(err, "failed to write the container ID to the file")
 	}
 	cid.written = true
 	return nil
@ -164,17 +177,18 @@ func newCIDFile(path string) (*cidFile, error) {
 		return &cidFile{}, nil
 	}
 	if _, err := os.Stat(path); err == nil {
-		return nil, errors.Errorf("Container ID file found, make sure the other container isn't running or delete %s", path)
+		return nil, errors.Errorf("container ID file found, make sure the other container isn't running or delete %s", path)
 	}

 	f, err := os.Create(path)
 	if err != nil {
-		return nil, errors.Errorf("Failed to create the container ID file: %s", err)
+		return nil, errors.Wrap(err, "failed to create the container ID file")
 	}

 	return &cidFile{path: path, file: f}, nil
 }

+// nolint: gocyclo
 func createContainer(ctx context.Context, dockerCli command.Cli, containerConfig *containerConfig, opts *createOptions) (*container.ContainerCreateCreatedBody, error) {
 	config := containerConfig.Config
 	hostConfig := containerConfig.HostConfig
@ -212,26 +226,47 @@ func createContainer(ctx context.Context, dockerCli command.Cli, containerConfig
 		}
 	}

-	//create the container
-	response, err := dockerCli.Client().ContainerCreate(ctx, config, hostConfig, networkingConfig, opts.name)
+	pullAndTagImage := func() error {
+		if err := pullImage(ctx, dockerCli, config.Image, opts.platform, stderr); err != nil {
+			return err
+		}
+		if taggedRef, ok := namedRef.(reference.NamedTagged); ok && trustedRef != nil {
+			return image.TagTrusted(ctx, dockerCli, trustedRef, taggedRef)
+		}
+		return nil
+	}

-	//if image not found try to pull it
+	var platform *specs.Platform
+	// Engine API version 1.41 first introduced the option to specify platform on
+	// create. It will produce an error if you try to set a platform on older API
+	// versions, so check the API version here to maintain backwards
+	// compatibility for CLI users.
+	if opts.platform != "" && versions.GreaterThanOrEqualTo(dockerCli.Client().ClientVersion(), "1.41") {
+		p, err := platforms.Parse(opts.platform)
+		if err != nil {
+			return nil, errors.Wrap(err, "error parsing specified platform")
+		}
+		platform = &p
+	}
+
+	if opts.pull == PullImageAlways {
+		if err := pullAndTagImage(); err != nil {
+			return nil, err
+		}
+	}
+
+	response, err := dockerCli.Client().ContainerCreate(ctx, config, hostConfig, networkingConfig, platform, opts.name)
 	if err != nil {
-		if apiclient.IsErrNotFound(err) && namedRef != nil {
-			fmt.Fprintf(stderr, "Unable to find image '%s' locally\n", reference.FamiliarString(namedRef))
-
+		// Pull image if it does not exist locally and we have the PullImageMissing option. Default behavior.
+		if apiclient.IsErrNotFound(err) && namedRef != nil && opts.pull == PullImageMissing {
 			// we don't want to write to stdout anything apart from container.ID
-			if err := pullImage(ctx, dockerCli, config.Image, opts.platform, stderr); err != nil {
+			fmt.Fprintf(stderr, "Unable to find image '%s' locally\n", reference.FamiliarString(namedRef))
+			if err := pullAndTagImage(); err != nil {
 				return nil, err
 			}
-			if taggedRef, ok := namedRef.(reference.NamedTagged); ok && trustedRef != nil {
-				if err := image.TagTrusted(ctx, dockerCli, trustedRef, taggedRef); err != nil {
-					return nil, err
-				}
-			}
-			// Retry
+
 			var retryErr error
-			response, retryErr = dockerCli.Client().ContainerCreate(ctx, config, hostConfig, networkingConfig, opts.name)
+			response, retryErr = dockerCli.Client().ContainerCreate(ctx, config, hostConfig, networkingConfig, platform, opts.name)
 			if retryErr != nil {
 				return nil, retryErr
 			}
--- a/cli/command/container/create_test.go
+++ b/cli/command/container/create_test.go
@ -18,11 +18,11 @@ import (
 	"github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/api/types/network"
 	"github.com/google/go-cmp/cmp"
-	"github.com/pkg/errors"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
-	"gotest.tools/fs"
-	"gotest.tools/golden"
+	specs "github.com/opencontainers/image-spec/specs-go/v1"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
+	"gotest.tools/v3/fs"
+	"gotest.tools/v3/golden"
 )

 func TestCIDFileNoOPWithNoFilename(t *testing.T) {
@ -39,7 +39,7 @@ func TestNewCIDFileWhenFileAlreadyExists(t *testing.T) {
 	defer tempfile.Remove()

 	_, err := newCIDFile(tempfile.Path())
-	assert.ErrorContains(t, err, "Container ID file found")
+	assert.ErrorContains(t, err, "container ID file found")
 }

 func TestCIDFileCloseWithNoWrite(t *testing.T) {
@ -76,54 +76,84 @@ func TestCIDFileCloseWithWrite(t *testing.T) {
 	assert.NilError(t, err)
 }

-func TestCreateContainerPullsImageIfMissing(t *testing.T) {
+func TestCreateContainerImagePullPolicy(t *testing.T) {
 	imageName := "does-not-exist-locally"
-	responseCounter := 0
 	containerID := "abcdef"
-
-	client := &fakeClient{
-		createContainerFunc: func(
-			config *container.Config,
-			hostConfig *container.HostConfig,
-			networkingConfig *network.NetworkingConfig,
-			containerName string,
-		) (container.ContainerCreateCreatedBody, error) {
-			defer func() { responseCounter++ }()
-			switch responseCounter {
-			case 0:
-				return container.ContainerCreateCreatedBody{}, fakeNotFound{}
-			case 1:
-				return container.ContainerCreateCreatedBody{ID: containerID}, nil
-			default:
-				return container.ContainerCreateCreatedBody{}, errors.New("unexpected")
-			}
-		},
-		imageCreateFunc: func(parentReference string, options types.ImageCreateOptions) (io.ReadCloser, error) {
-			return ioutil.NopCloser(strings.NewReader("")), nil
-		},
-		infoFunc: func() (types.Info, error) {
-			return types.Info{IndexServerAddress: "http://indexserver"}, nil
-		},
-	}
-	cli := test.NewFakeCli(client)
 	config := &containerConfig{
 		Config: &container.Config{
 			Image: imageName,
 		},
 		HostConfig: &container.HostConfig{},
 	}
-	body, err := createContainer(context.Background(), cli, config, &createOptions{
-		name:      "name",
-		platform:  runtime.GOOS,
-		untrusted: true,
-	})
-	assert.NilError(t, err)
-	expected := container.ContainerCreateCreatedBody{ID: containerID}
-	assert.Check(t, is.DeepEqual(expected, *body))
-	stderr := cli.ErrBuffer().String()
-	assert.Check(t, is.Contains(stderr, "Unable to find image 'does-not-exist-locally:latest' locally"))
-}

+	cases := []struct {
+		PullPolicy      string
+		ExpectedPulls   int
+		ExpectedBody    container.ContainerCreateCreatedBody
+		ExpectedErrMsg  string
+		ResponseCounter int
+	}{
+		{
+			PullPolicy:    PullImageMissing,
+			ExpectedPulls: 1,
+			ExpectedBody:  container.ContainerCreateCreatedBody{ID: containerID},
+		}, {
+			PullPolicy:      PullImageAlways,
+			ExpectedPulls:   1,
+			ExpectedBody:    container.ContainerCreateCreatedBody{ID: containerID},
+			ResponseCounter: 1, // This lets us return a container on the first pull
+		}, {
+			PullPolicy:     PullImageNever,
+			ExpectedPulls:  0,
+			ExpectedErrMsg: "error fake not found",
+		},
+	}
+	for _, c := range cases {
+		c := c
+		pullCounter := 0
+
+		client := &fakeClient{
+			createContainerFunc: func(
+				config *container.Config,
+				hostConfig *container.HostConfig,
+				networkingConfig *network.NetworkingConfig,
+				platform *specs.Platform,
+				containerName string,
+			) (container.ContainerCreateCreatedBody, error) {
+				defer func() { c.ResponseCounter++ }()
+				switch c.ResponseCounter {
+				case 0:
+					return container.ContainerCreateCreatedBody{}, fakeNotFound{}
+				default:
+					return container.ContainerCreateCreatedBody{ID: containerID}, nil
+				}
+			},
+			imageCreateFunc: func(parentReference string, options types.ImageCreateOptions) (io.ReadCloser, error) {
+				defer func() { pullCounter++ }()
+				return ioutil.NopCloser(strings.NewReader("")), nil
+			},
+			infoFunc: func() (types.Info, error) {
+				return types.Info{IndexServerAddress: "https://indexserver.example.com"}, nil
+			},
+		}
+		cli := test.NewFakeCli(client)
+		body, err := createContainer(context.Background(), cli, config, &createOptions{
+			name:      "name",
+			platform:  runtime.GOOS,
+			untrusted: true,
+			pull:      c.PullPolicy,
+		})
+
+		if c.ExpectedErrMsg != "" {
+			assert.ErrorContains(t, err, c.ExpectedErrMsg)
+		} else {
+			assert.NilError(t, err)
+			assert.Check(t, is.DeepEqual(c.ExpectedBody, *body))
+		}
+
+		assert.Check(t, is.Equal(c.ExpectedPulls, pullCounter))
+	}
+}
 func TestNewCreateCommandWithContentTrustErrors(t *testing.T) {
 	testCases := []struct {
 		name          string
@ -151,10 +181,12 @@ func TestNewCreateCommandWithContentTrustErrors(t *testing.T) {
 		},
 	}
 	for _, tc := range testCases {
+		tc := tc
 		cli := test.NewFakeCli(&fakeClient{
 			createContainerFunc: func(config *container.Config,
 				hostConfig *container.HostConfig,
 				networkingConfig *network.NetworkingConfig,
+				platform *specs.Platform,
 				containerName string,
 			) (container.ContainerCreateCreatedBody, error) {
 				return container.ContainerCreateCreatedBody{}, fmt.Errorf("shouldn't try to pull image")
@ -162,7 +194,7 @@ func TestNewCreateCommandWithContentTrustErrors(t *testing.T) {
 		}, test.EnableContentTrust)
 		cli.SetNotaryClient(tc.notaryFunc)
 		cmd := NewCreateCommand(cli)
-		cmd.SetOutput(ioutil.Discard)
+		cmd.SetOut(ioutil.Discard)
 		cmd.SetArgs(tc.args)
 		err := cmd.Execute()
 		assert.ErrorContains(t, err, tc.expectedError)
@ -209,18 +241,20 @@ func TestNewCreateCommandWithWarnings(t *testing.T) {
 		},
 	}
 	for _, tc := range testCases {
+		tc := tc
 		t.Run(tc.name, func(t *testing.T) {
 			cli := test.NewFakeCli(&fakeClient{
 				createContainerFunc: func(config *container.Config,
 					hostConfig *container.HostConfig,
 					networkingConfig *network.NetworkingConfig,
+					platform *specs.Platform,
 					containerName string,
 				) (container.ContainerCreateCreatedBody, error) {
 					return container.ContainerCreateCreatedBody{}, nil
 				},
 			})
 			cmd := NewCreateCommand(cli)
-			cmd.SetOutput(ioutil.Discard)
+			cmd.SetOut(ioutil.Discard)
 			cmd.SetArgs(tc.args)
 			err := cmd.Execute()
 			assert.NilError(t, err)
@ -250,6 +284,7 @@ func TestCreateContainerWithProxyConfig(t *testing.T) {
 		createContainerFunc: func(config *container.Config,
 			hostConfig *container.HostConfig,
 			networkingConfig *network.NetworkingConfig,
+			platform *specs.Platform,
 			containerName string,
 		) (container.ContainerCreateCreatedBody, error) {
 			sort.Strings(config.Env)
@ -268,7 +303,7 @@ func TestCreateContainerWithProxyConfig(t *testing.T) {
 		},
 	})
 	cmd := NewCreateCommand(cli)
-	cmd.SetOutput(ioutil.Discard)
+	cmd.SetOut(ioutil.Discard)
 	cmd.SetArgs([]string{"image:tag"})
 	err := cmd.Execute()
 	assert.NilError(t, err)
--- a/cli/command/container/exec.go
+++ b/cli/command/container/exec.go
@ -27,10 +27,14 @@ type execOptions struct {
 	workdir     string
 	container   string
 	command     []string
+	envFile     opts.ListOpts
 }

 func newExecOptions() execOptions {
-	return execOptions{env: opts.NewListOpts(opts.ValidateEnv)}
+	return execOptions{
+		env:     opts.NewListOpts(opts.ValidateEnv),
+		envFile: opts.NewListOpts(nil),
+	}
 }

 // NewExecCommand creates a new cobra.Command for `docker exec`
@ -59,6 +63,8 @@ func NewExecCommand(dockerCli command.Cli) *cobra.Command {
 	flags.BoolVarP(&options.privileged, "privileged", "", false, "Give extended privileges to the command")
 	flags.VarP(&options.env, "env", "e", "Set environment variables")
 	flags.SetAnnotation("env", "version", []string{"1.25"})
+	flags.Var(&options.envFile, "env-file", "Read in a file of environment variables")
+	flags.SetAnnotation("env-file", "version", []string{"1.25"})
 	flags.StringVarP(&options.workdir, "workdir", "w", "", "Working directory inside the container")
 	flags.SetAnnotation("workdir", "version", []string{"1.35"})

@ -66,7 +72,11 @@ func NewExecCommand(dockerCli command.Cli) *cobra.Command {
 }

 func runExec(dockerCli command.Cli, options execOptions) error {
-	execConfig := parseExec(options, dockerCli.ConfigFile())
+	execConfig, err := parseExec(options, dockerCli.ConfigFile())
+	if err != nil {
+		return err
+	}
+
 	ctx := context.Background()
 	client := dockerCli.Client()

@ -185,30 +195,35 @@ func getExecExitStatus(ctx context.Context, client apiclient.ContainerAPIClient,

 // parseExec parses the specified args for the specified command and generates
 // an ExecConfig from it.
-func parseExec(opts execOptions, configFile *configfile.ConfigFile) *types.ExecConfig {
+func parseExec(execOpts execOptions, configFile *configfile.ConfigFile) (*types.ExecConfig, error) {
 	execConfig := &types.ExecConfig{
-		User:       opts.user,
-		Privileged: opts.privileged,
-		Tty:        opts.tty,
-		Cmd:        opts.command,
-		Detach:     opts.detach,
-		Env:        opts.env.GetAll(),
-		WorkingDir: opts.workdir,
+		User:       execOpts.user,
+		Privileged: execOpts.privileged,
+		Tty:        execOpts.tty,
+		Cmd:        execOpts.command,
+		Detach:     execOpts.detach,
+		WorkingDir: execOpts.workdir,
+	}
+
+	// collect all the environment variables for the container
+	var err error
+	if execConfig.Env, err = opts.ReadKVEnvStrings(execOpts.envFile.GetAll(), execOpts.env.GetAll()); err != nil {
+		return nil, err
 	}

 	// If -d is not set, attach to everything by default
-	if !opts.detach {
+	if !execOpts.detach {
 		execConfig.AttachStdout = true
 		execConfig.AttachStderr = true
-		if opts.interactive {
+		if execOpts.interactive {
 			execConfig.AttachStdin = true
 		}
 	}

-	if opts.detachKeys != "" {
-		execConfig.DetachKeys = opts.detachKeys
+	if execOpts.detachKeys != "" {
+		execConfig.DetachKeys = execOpts.detachKeys
 	} else {
 		execConfig.DetachKeys = configFile.DetachKeys
 	}
-	return execConfig
+	return execConfig, nil
 }
--- a/cli/command/container/exec_test.go
+++ b/cli/command/container/exec_test.go
@ -3,6 +3,7 @@ package container
 import (
 	"context"
 	"io/ioutil"
+	"os"
 	"testing"

 	"github.com/docker/cli/cli"
@ -11,12 +12,14 @@ import (
 	"github.com/docker/cli/opts"
 	"github.com/docker/docker/api/types"
 	"github.com/pkg/errors"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
+	"gotest.tools/v3/fs"
 )

 func withDefaultOpts(options execOptions) execOptions {
 	options.env = opts.NewListOpts(opts.ValidateEnv)
+	options.envFile = opts.NewListOpts(nil)
 	if len(options.command) == 0 {
 		options.command = []string{"command"}
 	}
@ -24,6 +27,13 @@ func withDefaultOpts(options execOptions) execOptions {
 }

 func TestParseExec(t *testing.T) {
+	content := `ONE=1
+TWO=2
+	`
+
+	tmpFile := fs.NewFile(t, t.Name(), fs.WithContent(content))
+	defer tmpFile.Remove()
+
 	testcases := []struct {
 		options    execOptions
 		configFile configfile.ConfigFile
@ -102,14 +112,51 @@ func TestParseExec(t *testing.T) {
 				Detach:     true,
 			},
 		},
+		{
+			expected: types.ExecConfig{
+				Cmd:          []string{"command"},
+				AttachStdout: true,
+				AttachStderr: true,
+				Env:          []string{"ONE=1", "TWO=2"},
+			},
+			options: func() execOptions {
+				o := withDefaultOpts(execOptions{})
+				o.envFile.Set(tmpFile.Path())
+				return o
+			}(),
+		},
+		{
+			expected: types.ExecConfig{
+				Cmd:          []string{"command"},
+				AttachStdout: true,
+				AttachStderr: true,
+				Env:          []string{"ONE=1", "TWO=2", "ONE=override"},
+			},
+			options: func() execOptions {
+				o := withDefaultOpts(execOptions{})
+				o.envFile.Set(tmpFile.Path())
+				o.env.Set("ONE=override")
+				return o
+			}(),
+		},
 	}

 	for _, testcase := range testcases {
-		execConfig := parseExec(testcase.options, &testcase.configFile)
+		execConfig, err := parseExec(testcase.options, &testcase.configFile)
+		assert.NilError(t, err)
 		assert.Check(t, is.DeepEqual(testcase.expected, *execConfig))
 	}
 }

+func TestParseExecNoSuchFile(t *testing.T) {
+	execOpts := withDefaultOpts(execOptions{})
+	execOpts.envFile.Set("no-such-env-file")
+	execConfig, err := parseExec(execOpts, &configfile.ConfigFile{})
+	assert.ErrorContains(t, err, "no-such-env-file")
+	assert.Check(t, os.IsNotExist(err))
+	assert.Check(t, execConfig == nil)
+}
+
 func TestRunExec(t *testing.T) {
 	var testcases = []struct {
 		doc           string
@ -220,7 +267,7 @@ func TestNewExecCommandErrors(t *testing.T) {
 	for _, tc := range testCases {
 		cli := test.NewFakeCli(&fakeClient{inspectFunc: tc.containerInspectFunc})
 		cmd := NewExecCommand(cli)
-		cmd.SetOutput(ioutil.Discard)
+		cmd.SetOut(ioutil.Discard)
 		cmd.SetArgs(tc.args)
 		assert.ErrorContains(t, cmd.Execute(), tc.expectedError)
 	}
--- a/cli/command/container/export_test.go
+++ b/cli/command/container/export_test.go
@ -7,8 +7,8 @@ import (
 	"testing"

 	"github.com/docker/cli/internal/test"
-	"gotest.tools/assert"
-	"gotest.tools/fs"
+	"gotest.tools/v3/assert"
+	"gotest.tools/v3/fs"
 )

 func TestContainerExportOutputToFile(t *testing.T) {
@ -21,7 +21,7 @@ func TestContainerExportOutputToFile(t *testing.T) {
 		},
 	})
 	cmd := NewExportCommand(cli)
-	cmd.SetOutput(ioutil.Discard)
+	cmd.SetOut(ioutil.Discard)
 	cmd.SetArgs([]string{"-o", dir.Join("foo"), "container"})
 	assert.NilError(t, cmd.Execute())

@ -39,7 +39,7 @@ func TestContainerExportOutputToIrregularFile(t *testing.T) {
 		},
 	})
 	cmd := NewExportCommand(cli)
-	cmd.SetOutput(ioutil.Discard)
+	cmd.SetOut(ioutil.Discard)
 	cmd.SetArgs([]string{"-o", "/dev/random", "container"})

 	err := cmd.Execute()
--- a/cli/command/container/formatter_diff_test.go
+++ b/cli/command/container/formatter_diff_test.go
@ -7,8 +7,7 @@ import (
 	"github.com/docker/cli/cli/command/formatter"
 	"github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/pkg/archive"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
+	"gotest.tools/v3/assert"
 )

 func TestDiffContextFormatWrite(t *testing.T) {
@ -19,10 +18,10 @@ func TestDiffContextFormatWrite(t *testing.T) {
 	}{
 		{
 			formatter.Context{Format: NewDiffFormat("table")},
-			`CHANGE TYPE         PATH
-C                   /var/log/app.log
-A                   /usr/app/app.js
-D                   /usr/app/old_app.js
+			`CHANGE TYPE   PATH
+C             /var/log/app.log
+A             /usr/app/app.js
+D             /usr/app/old_app.js
 `,
 		},
 		{
@ -48,14 +47,17 @@ D: /usr/app/old_app.js
 		{Kind: archive.ChangeDelete, Path: "/usr/app/old_app.js"},
 	}

-	for _, testcase := range cases {
-		out := bytes.NewBufferString("")
-		testcase.context.Output = out
-		err := DiffFormatWrite(testcase.context, diffs)
-		if err != nil {
-			assert.Error(t, err, testcase.expected)
-		} else {
-			assert.Check(t, is.Equal(testcase.expected, out.String()))
-		}
+	for _, tc := range cases {
+		tc := tc
+		t.Run(string(tc.context.Format), func(t *testing.T) {
+			out := bytes.NewBufferString("")
+			tc.context.Output = out
+			err := DiffFormatWrite(tc.context, diffs)
+			if err != nil {
+				assert.Error(t, err, tc.expected)
+			} else {
+				assert.Equal(t, out.String(), tc.expected)
+			}
+		})
 	}
 }
--- a/cli/command/container/formatter_stats.go
+++ b/cli/command/container/formatter_stats.go
@ -103,9 +103,9 @@ func (cs *Stats) GetStatistics() StatsEntry {
 func NewStatsFormat(source, osType string) formatter.Format {
 	if source == formatter.TableFormatKey {
 		if osType == winOSType {
-			return formatter.Format(winDefaultStatsTableFormat)
+			return winDefaultStatsTableFormat
 		}
-		return formatter.Format(defaultStatsTableFormat)
+		return defaultStatsTableFormat
 	}
 	return formatter.Format(source)
 }
@ -181,14 +181,14 @@ func (c *statsContext) ID() string {

 func (c *statsContext) CPUPerc() string {
 	if c.s.IsInvalid {
-		return fmt.Sprintf("--")
+		return "--"
 	}
 	return fmt.Sprintf("%.2f%%", c.s.CPUPercentage)
 }

 func (c *statsContext) MemUsage() string {
 	if c.s.IsInvalid {
-		return fmt.Sprintf("-- / --")
+		return "-- / --"
 	}
 	if c.os == winOSType {
 		return units.BytesSize(c.s.Memory)
@ -198,28 +198,28 @@ func (c *statsContext) MemUsage() string {

 func (c *statsContext) MemPerc() string {
 	if c.s.IsInvalid || c.os == winOSType {
-		return fmt.Sprintf("--")
+		return "--"
 	}
 	return fmt.Sprintf("%.2f%%", c.s.MemoryPercentage)
 }

 func (c *statsContext) NetIO() string {
 	if c.s.IsInvalid {
-		return fmt.Sprintf("--")
+		return "--"
 	}
 	return fmt.Sprintf("%s / %s", units.HumanSizeWithPrecision(c.s.NetworkRx, 3), units.HumanSizeWithPrecision(c.s.NetworkTx, 3))
 }

 func (c *statsContext) BlockIO() string {
 	if c.s.IsInvalid {
-		return fmt.Sprintf("--")
+		return "--"
 	}
 	return fmt.Sprintf("%s / %s", units.HumanSizeWithPrecision(c.s.BlockRead, 3), units.HumanSizeWithPrecision(c.s.BlockWrite, 3))
 }

 func (c *statsContext) PIDs() string {
 	if c.s.IsInvalid || c.os == winOSType {
-		return fmt.Sprintf("--")
+		return "--"
 	}
 	return fmt.Sprintf("%d", c.s.PidsCurrent)
 }
--- a/cli/command/container/formatter_stats_test.go
+++ b/cli/command/container/formatter_stats_test.go
@ -6,8 +6,8 @@ import (

 	"github.com/docker/cli/cli/command/formatter"
 	"github.com/docker/docker/pkg/stringid"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
 )

 func TestContainerStatsContext(t *testing.T) {
@ -54,13 +54,11 @@ func TestContainerStatsContextWrite(t *testing.T) {
 	}{
 		{
 			formatter.Context{Format: "{{InvalidFunction}}"},
-			`Template parsing error: template: :1: function "InvalidFunction" not defined
-`,
+			`template parsing error: template: :1: function "InvalidFunction" not defined`,
 		},
 		{
 			formatter.Context{Format: "{{nil}}"},
-			`Template parsing error: template: :1:2: executing "" at <nil>: nil is not a command
-`,
+			`template parsing error: template: :1:2: executing "" at <nil>: nil is not a command`,
 		},
 		{
 			formatter.Context{Format: "table {{.MemUsage}}"},
@ -126,7 +124,7 @@ container2  --
 }

 func TestContainerStatsContextWriteWindows(t *testing.T) {
-	tt := []struct {
+	cases := []struct {
 		context  formatter.Context
 		expected string
 	}{
@ -150,51 +148,54 @@ container2  --  --
 `,
 		},
 	}
+	stats := []StatsEntry{
+		{
+			Container:        "container1",
+			CPUPercentage:    20,
+			Memory:           20,
+			MemoryLimit:      20,
+			MemoryPercentage: 20,
+			NetworkRx:        20,
+			NetworkTx:        20,
+			BlockRead:        20,
+			BlockWrite:       20,
+			PidsCurrent:      2,
+			IsInvalid:        false,
+		},
+		{
+			Container:        "container2",
+			CPUPercentage:    30,
+			Memory:           30,
+			MemoryLimit:      30,
+			MemoryPercentage: 30,
+			NetworkRx:        30,
+			NetworkTx:        30,
+			BlockRead:        30,
+			BlockWrite:       30,
+			PidsCurrent:      3,
+			IsInvalid:        true,
+		},
+	}

-	for _, te := range tt {
-		stats := []StatsEntry{
-			{
-				Container:        "container1",
-				CPUPercentage:    20,
-				Memory:           20,
-				MemoryLimit:      20,
-				MemoryPercentage: 20,
-				NetworkRx:        20,
-				NetworkTx:        20,
-				BlockRead:        20,
-				BlockWrite:       20,
-				PidsCurrent:      2,
-				IsInvalid:        false,
-			},
-			{
-				Container:        "container2",
-				CPUPercentage:    30,
-				Memory:           30,
-				MemoryLimit:      30,
-				MemoryPercentage: 30,
-				NetworkRx:        30,
-				NetworkTx:        30,
-				BlockRead:        30,
-				BlockWrite:       30,
-				PidsCurrent:      3,
-				IsInvalid:        true,
-			},
-		}
-		var out bytes.Buffer
-		te.context.Output = &out
-		err := statsFormatWrite(te.context, stats, "windows", false)
-		if err != nil {
-			assert.Error(t, err, te.expected)
-		} else {
-			assert.Check(t, is.Equal(te.expected, out.String()))
-		}
+	for _, tc := range cases {
+		tc := tc
+		t.Run(string(tc.context.Format), func(t *testing.T) {
+			var out bytes.Buffer
+			tc.context.Output = &out
+			err := statsFormatWrite(tc.context, stats, "windows", false)
+			if err != nil {
+				assert.Error(t, err, tc.expected)
+			} else {
+				assert.Equal(t, out.String(), tc.expected)
+			}
+		})
 	}
 }

 func TestContainerStatsContextWriteWithNoStats(t *testing.T) {
 	var out bytes.Buffer

-	contexts := []struct {
+	cases := []struct {
 		context  formatter.Context
 		expected string
 	}{
@ -217,22 +218,26 @@ func TestContainerStatsContextWriteWithNoStats(t *testing.T) {
 				Format: "table {{.Container}}\t{{.CPUPerc}}",
 				Output: &out,
 			},
-			"CONTAINER           CPU %\n",
+			"CONTAINER   CPU %\n",
 		},
 	}

-	for _, context := range contexts {
-		statsFormatWrite(context.context, []StatsEntry{}, "linux", false)
-		assert.Check(t, is.Equal(context.expected, out.String()))
-		// Clean buffer
-		out.Reset()
+	for _, tc := range cases {
+		tc := tc
+		t.Run(string(tc.context.Format), func(t *testing.T) {
+			err := statsFormatWrite(tc.context, []StatsEntry{}, "linux", false)
+			assert.NilError(t, err)
+			assert.Equal(t, out.String(), tc.expected)
+			// Clean buffer
+			out.Reset()
+		})
 	}
 }

 func TestContainerStatsContextWriteWithNoStatsWindows(t *testing.T) {
 	var out bytes.Buffer

-	contexts := []struct {
+	cases := []struct {
 		context  formatter.Context
 		expected string
 	}{
@ -248,22 +253,25 @@ func TestContainerStatsContextWriteWithNoStatsWindows(t *testing.T) {
 				Format: "table {{.Container}}\t{{.MemUsage}}",
 				Output: &out,
 			},
-			"CONTAINER           PRIV WORKING SET\n",
+			"CONTAINER   PRIV WORKING SET\n",
 		},
 		{
 			formatter.Context{
 				Format: "table {{.Container}}\t{{.CPUPerc}}\t{{.MemUsage}}",
 				Output: &out,
 			},
-			"CONTAINER           CPU %               PRIV WORKING SET\n",
+			"CONTAINER   CPU %     PRIV WORKING SET\n",
 		},
 	}

-	for _, context := range contexts {
-		statsFormatWrite(context.context, []StatsEntry{}, "windows", false)
-		assert.Check(t, is.Equal(context.expected, out.String()))
-		// Clean buffer
-		out.Reset()
+	for _, tc := range cases {
+		tc := tc
+		t.Run(string(tc.context.Format), func(t *testing.T) {
+			err := statsFormatWrite(tc.context, []StatsEntry{}, "windows", false)
+			assert.NilError(t, err)
+			assert.Equal(t, out.String(), tc.expected)
+			out.Reset()
+		})
 	}
 }

--- a/cli/command/container/hijack.go
+++ b/cli/command/container/hijack.go
@ -11,7 +11,7 @@ import (
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/pkg/ioutils"
 	"github.com/docker/docker/pkg/stdcopy"
-	"github.com/docker/docker/pkg/term"
+	"github.com/moby/term"
 	"github.com/sirupsen/logrus"
 )

--- a/cli/command/container/list.go
+++ b/cli/command/container/list.go
@ -10,6 +10,7 @@ import (
 	"github.com/docker/cli/opts"
 	"github.com/docker/cli/templates"
 	"github.com/docker/docker/api/types"
+	"github.com/pkg/errors"
 	"github.com/spf13/cobra"
 )

@ -39,7 +40,7 @@ func NewPsCommand(dockerCli command.Cli) *cobra.Command {

 	flags := cmd.Flags()

-	flags.BoolVarP(&options.quiet, "quiet", "q", false, "Only display numeric IDs")
+	flags.BoolVarP(&options.quiet, "quiet", "q", false, "Only display container IDs")
 	flags.BoolVarP(&options.size, "size", "s", false, "Display total file sizes")
 	flags.BoolVarP(&options.all, "all", "a", false, "Show all containers (default shows just running)")
 	flags.BoolVar(&options.noTrunc, "no-trunc", false, "Don't truncate output")
@ -58,27 +59,6 @@ func newListCommand(dockerCli command.Cli) *cobra.Command {
 	return &cmd
 }

-// listOptionsProcessor is used to set any container list options which may only
-// be embedded in the format template.
-// This is passed directly into tmpl.Execute in order to allow the preprocessor
-// to set any list options that were not provided by flags (e.g. `.Size`).
-// It is using a `map[string]bool` so that unknown fields passed into the
-// template format do not cause errors. These errors will get picked up when
-// running through the actual template processor.
-type listOptionsProcessor map[string]bool
-
-// Size sets the size of the map when called by a template execution.
-func (o listOptionsProcessor) Size() bool {
-	o["size"] = true
-	return true
-}
-
-// Label is needed here as it allows the correct pre-processing
-// because Label() is a method with arguments
-func (o listOptionsProcessor) Label(name string) string {
-	return ""
-}
-
 func buildContainerListOptions(opts *psOptions) (*types.ContainerListOptions, error) {
 	options := &types.ContainerListOptions{
 		All:     opts.all,
@ -91,20 +71,32 @@ func buildContainerListOptions(opts *psOptions) (*types.ContainerListOptions, er
 		options.Limit = 1
 	}

-	tmpl, err := templates.Parse(opts.format)
+	options.Size = opts.size
+	if !options.Size && len(opts.format) > 0 {
+		// The --size option isn't set, but .Size may be used in the template.
+		// Parse and execute the given template to detect if the .Size field is
+		// used. If it is, then automatically enable the --size option. See #24696
+		//
+		// Only requesting container size information when needed is an optimization,
+		// because calculating the size is a costly operation.
+		tmpl, err := templates.NewParse("", opts.format)

-	if err != nil {
-		return nil, err
-	}
+		if err != nil {
+			return nil, errors.Wrap(err, "failed to parse template")
+		}

-	optionsProcessor := listOptionsProcessor{}
-	// This shouldn't error out but swallowing the error makes it harder
-	// to track down if preProcessor issues come up. Ref #24696
-	if err := tmpl.Execute(ioutil.Discard, optionsProcessor); err != nil {
-		return nil, err
+		optionsProcessor := formatter.NewContainerContext()
+
+		// This shouldn't error out but swallowing the error makes it harder
+		// to track down if preProcessor issues come up.
+		if err := tmpl.Execute(ioutil.Discard, optionsProcessor); err != nil {
+			return nil, errors.Wrap(err, "failed to execute template")
+		}
+
+		if _, ok := optionsProcessor.FieldsUsed["Size"]; ok {
+			options.Size = true
+		}
 	}
-	// At the moment all we need is to capture .Size for preprocessor
-	options.Size = opts.size || optionsProcessor["size"]

 	return options, nil
 }
--- a/cli/command/container/list_test.go
+++ b/cli/command/container/list_test.go
@ -7,13 +7,124 @@ import (

 	"github.com/docker/cli/cli/config/configfile"
 	"github.com/docker/cli/internal/test"
+	. "github.com/docker/cli/internal/test/builders" // Import builders to get the builder function as package function
+	"github.com/docker/cli/opts"
 	"github.com/docker/docker/api/types"
-	// Import builders to get the builder function as package function
-	. "github.com/docker/cli/internal/test/builders"
-	"gotest.tools/assert"
-	"gotest.tools/golden"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
+	"gotest.tools/v3/golden"
 )

+func TestContainerListBuildContainerListOptions(t *testing.T) {
+	filters := opts.NewFilterOpt()
+	assert.NilError(t, filters.Set("foo=bar"))
+	assert.NilError(t, filters.Set("baz=foo"))
+
+	contexts := []struct {
+		psOpts          *psOptions
+		expectedAll     bool
+		expectedSize    bool
+		expectedLimit   int
+		expectedFilters map[string]string
+	}{
+		{
+			psOpts: &psOptions{
+				all:    true,
+				size:   true,
+				last:   5,
+				filter: filters,
+			},
+			expectedAll:   true,
+			expectedSize:  true,
+			expectedLimit: 5,
+			expectedFilters: map[string]string{
+				"foo": "bar",
+				"baz": "foo",
+			},
+		},
+		{
+			psOpts: &psOptions{
+				all:     true,
+				size:    true,
+				last:    -1,
+				nLatest: true,
+			},
+			expectedAll:     true,
+			expectedSize:    true,
+			expectedLimit:   1,
+			expectedFilters: make(map[string]string),
+		},
+		{
+			psOpts: &psOptions{
+				all:    true,
+				size:   false,
+				last:   5,
+				filter: filters,
+				// With .Size, size should be true
+				format: "{{.Size}}",
+			},
+			expectedAll:   true,
+			expectedSize:  true,
+			expectedLimit: 5,
+			expectedFilters: map[string]string{
+				"foo": "bar",
+				"baz": "foo",
+			},
+		},
+		{
+			psOpts: &psOptions{
+				all:    true,
+				size:   false,
+				last:   5,
+				filter: filters,
+				// With .Size, size should be true
+				format: "{{.Size}} {{.CreatedAt}} {{upper .Networks}}",
+			},
+			expectedAll:   true,
+			expectedSize:  true,
+			expectedLimit: 5,
+			expectedFilters: map[string]string{
+				"foo": "bar",
+				"baz": "foo",
+			},
+		},
+		{
+			psOpts: &psOptions{
+				all:    true,
+				size:   false,
+				last:   5,
+				filter: filters,
+				// Without .Size, size should be false
+				format: "{{.CreatedAt}} {{.Networks}}",
+			},
+			expectedAll:   true,
+			expectedSize:  false,
+			expectedLimit: 5,
+			expectedFilters: map[string]string{
+				"foo": "bar",
+				"baz": "foo",
+			},
+		},
+	}
+
+	for _, c := range contexts {
+		options, err := buildContainerListOptions(c.psOpts)
+		assert.NilError(t, err)
+
+		assert.Check(t, is.Equal(c.expectedAll, options.All))
+		assert.Check(t, is.Equal(c.expectedSize, options.Size))
+		assert.Check(t, is.Equal(c.expectedLimit, options.Limit))
+		assert.Check(t, is.Equal(len(c.expectedFilters), options.Filters.Len()))
+
+		for k, v := range c.expectedFilters {
+			f := options.Filters
+			if !f.ExactMatch(k, v) {
+				t.Fatalf("Expected filter with key %s to be %s but got %s", k, v, f.Get(k))
+			}
+		}
+	}
+}
+
 func TestContainerListErrors(t *testing.T) {
 	testCases := []struct {
 		args              []string
@ -50,7 +161,7 @@ func TestContainerListErrors(t *testing.T) {
 		for key, value := range tc.flags {
 			cmd.Flags().Set(key, value)
 		}
-		cmd.SetOutput(ioutil.Discard)
+		cmd.SetOut(ioutil.Discard)
 		assert.ErrorContains(t, cmd.Execute(), tc.expectedError)
 	}
 }
--- a/cli/command/container/logs.go
+++ b/cli/command/container/logs.go
@ -38,12 +38,12 @@ func NewLogsCommand(dockerCli command.Cli) *cobra.Command {

 	flags := cmd.Flags()
 	flags.BoolVarP(&opts.follow, "follow", "f", false, "Follow log output")
-	flags.StringVar(&opts.since, "since", "", "Show logs since timestamp (e.g. 2013-01-02T13:23:37) or relative (e.g. 42m for 42 minutes)")
-	flags.StringVar(&opts.until, "until", "", "Show logs before a timestamp (e.g. 2013-01-02T13:23:37) or relative (e.g. 42m for 42 minutes)")
+	flags.StringVar(&opts.since, "since", "", "Show logs since timestamp (e.g. 2013-01-02T13:23:37Z) or relative (e.g. 42m for 42 minutes)")
+	flags.StringVar(&opts.until, "until", "", "Show logs before a timestamp (e.g. 2013-01-02T13:23:37Z) or relative (e.g. 42m for 42 minutes)")
 	flags.SetAnnotation("until", "version", []string{"1.35"})
 	flags.BoolVarP(&opts.timestamps, "timestamps", "t", false, "Show timestamps")
 	flags.BoolVar(&opts.details, "details", false, "Show extra details provided to logs")
-	flags.StringVar(&opts.tail, "tail", "all", "Number of lines to show from the end of the logs")
+	flags.StringVarP(&opts.tail, "tail", "n", "all", "Number of lines to show from the end of the logs")
 	return cmd
 }

--- a/cli/command/container/logs_test.go
+++ b/cli/command/container/logs_test.go
@ -9,8 +9,8 @@ import (
 	"github.com/docker/cli/internal/test"
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/container"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
 )

 var logFn = func(expectedOut string) func(string, types.ContainerLogsOptions) (io.ReadCloser, error) {
--- a/cli/command/container/opts.go
+++ b/cli/command/container/opts.go
@ -6,6 +6,7 @@ import (
 	"fmt"
 	"io/ioutil"
 	"path"
+	"reflect"
 	"regexp"
 	"strconv"
 	"strings"
@ -69,6 +70,7 @@ type containerOptions struct {
 	pidMode            string
 	utsMode            string
 	usernsMode         string
+	cgroupnsMode       string
 	publishAll         bool
 	stdin              bool
 	tty                bool
@ -197,6 +199,12 @@ func addFlags(flags *pflag.FlagSet) *containerOptions {
 	flags.BoolVar(&copts.privileged, "privileged", false, "Give extended privileges to this container")
 	flags.Var(&copts.securityOpt, "security-opt", "Security Options")
 	flags.StringVar(&copts.usernsMode, "userns", "", "User namespace to use")
+	flags.StringVar(&copts.cgroupnsMode, "cgroupns", "", `Cgroup namespace to use (host|private)
+'host':    Run the container in the Docker host's cgroup namespace
+'private': Run the container in its own private cgroup namespace
+'':        Use the cgroup namespace as configured by the
+           default-cgroupns-mode option on the daemon (default)`)
+	flags.SetAnnotation("cgroupns", "version", []string{"1.41"})

 	// Network and port publishing flag
 	flags.Var(&copts.extraHosts, "add-host", "Add a custom host-to-IP mapping (host:ip)")
@ -378,23 +386,20 @@ func parse(flags *pflag.FlagSet, copts *containerOptions, serverOS string) (*con
 	}

 	publishOpts := copts.publish.GetAll()
-	var ports map[nat.Port]struct{}
-	var portBindings map[nat.Port][]nat.PortBinding
+	var (
+		ports         map[nat.Port]struct{}
+		portBindings  map[nat.Port][]nat.PortBinding
+		convertedOpts []string
+	)

-	ports, portBindings, err = nat.ParsePortSpecs(publishOpts)
-
-	// If simple port parsing fails try to parse as long format
+	convertedOpts, err = convertToStandardNotation(publishOpts)
 	if err != nil {
-		publishOpts, err = parsePortOpts(publishOpts)
-		if err != nil {
-			return nil, err
-		}
+		return nil, err
+	}

-		ports, portBindings, err = nat.ParsePortSpecs(publishOpts)
-
-		if err != nil {
-			return nil, err
-		}
+	ports, portBindings, err = nat.ParsePortSpecs(convertedOpts)
+	if err != nil {
+		return nil, err
 	}

 	// Merge in exposed ports to the map of published ports
@ -402,10 +407,11 @@ func parse(flags *pflag.FlagSet, copts *containerOptions, serverOS string) (*con
 		if strings.Contains(e, ":") {
 			return nil, errors.Errorf("invalid port format for --expose: %s", e)
 		}
-		//support two formats for expose, original format <portnum>/[<proto>] or <startport-endport>/[<proto>]
+		// support two formats for expose, original format <portnum>/[<proto>]
+		// or <startport-endport>/[<proto>]
 		proto, port := nat.SplitProtoPort(e)
-		//parse the start and end port and create a sequence of ports to expose
-		//if expose a port, the start and end port are the same
+		// parse the start and end port and create a sequence of ports to expose
+		// if expose a port, the start and end port are the same
 		start, end, err := nat.ParsePortRange(port)
 		if err != nil {
 			return nil, errors.Errorf("invalid range format for --expose: %s, error: %s", e, err)
@ -470,6 +476,11 @@ func parse(flags *pflag.FlagSet, copts *containerOptions, serverOS string) (*con
 		return nil, errors.Errorf("--userns: invalid USER mode")
 	}

+	cgroupnsMode := container.CgroupnsMode(copts.cgroupnsMode)
+	if !cgroupnsMode.Valid() {
+		return nil, errors.Errorf("--cgroupns: invalid CGROUP mode")
+	}
+
 	restartPolicy, err := opts.ParseRestartPolicy(copts.restartPolicy)
 	if err != nil {
 		return nil, err
@ -621,6 +632,7 @@ func parse(flags *pflag.FlagSet, copts *containerOptions, serverOS string) (*con
 		PidMode:        pidMode,
 		UTSMode:        utsMode,
 		UsernsMode:     usernsMode,
+		CgroupnsMode:   cgroupnsMode,
 		CapAdd:         strslice.StrSlice(copts.capAdd.GetAll()),
 		CapDrop:        strslice.StrSlice(copts.capDrop.GetAll()),
 		GroupAdd:       copts.groupAdd.GetAll(),
@ -685,6 +697,7 @@ func parseNetworkOpts(copts *containerOptions) (map[string]*networktypes.Endpoin
 	)

 	for i, n := range copts.netMode.Value() {
+		n := n
 		if container.NetworkMode(n.Target).IsUserDefined() {
 			hasUserDefined = true
 		} else {
@ -707,6 +720,15 @@ func parseNetworkOpts(copts *containerOptions) (map[string]*networktypes.Endpoin
 		if _, ok := endpoints[n.Target]; ok {
 			return nil, errdefs.InvalidParameter(errors.Errorf("network %q is specified multiple times", n.Target))
 		}
+
+		// For backward compatibility: if no custom options are provided for the network,
+		// and only a single network is specified, omit the endpoint-configuration
+		// on the client (the daemon will still create it when creating the container)
+		if i == 0 && len(copts.netMode.Value()) == 1 {
+			if ep == nil || reflect.DeepEqual(*ep, networktypes.EndpointSettings{}) {
+				continue
+			}
+		}
 		endpoints[n.Target] = ep
 	}
 	if hasUserDefined && hasNonUserDefined {
@ -724,6 +746,12 @@ func applyContainerOptions(n *opts.NetworkAttachmentOpts, copts *containerOption
 	if len(n.Links) > 0 && copts.links.Len() > 0 {
 		return errdefs.InvalidParameter(errors.New("conflicting options: cannot specify both --link and per-network links"))
 	}
+	if n.IPv4Address != "" && copts.ipv4Address != "" {
+		return errdefs.InvalidParameter(errors.New("conflicting options: cannot specify both --ip and per-network IPv4 address"))
+	}
+	if n.IPv6Address != "" && copts.ipv6Address != "" {
+		return errdefs.InvalidParameter(errors.New("conflicting options: cannot specify both --ip6 and per-network IPv6 address"))
+	}
 	if copts.aliases.Len() > 0 {
 		n.Aliases = make([]string, copts.aliases.Len())
 		copy(n.Aliases, copts.aliases.GetAll())
@ -732,10 +760,12 @@ func applyContainerOptions(n *opts.NetworkAttachmentOpts, copts *containerOption
 		n.Links = make([]string, copts.links.Len())
 		copy(n.Links, copts.links.GetAll())
 	}
-
-	// TODO add IPv4/IPv6 options to the csv notation for --network, and error-out in case of conflicting options
-	n.IPv4Address = copts.ipv4Address
-	n.IPv6Address = copts.ipv6Address
+	if copts.ipv4Address != "" {
+		n.IPv4Address = copts.ipv4Address
+	}
+	if copts.ipv6Address != "" {
+		n.IPv6Address = copts.ipv6Address
+	}

 	// TODO should linkLocalIPs be added to the _first_ network only, or to _all_ networks? (should this be a per-network option as well?)
 	if copts.linkLocalIPs.Len() > 0 {
@ -777,19 +807,23 @@ func parseNetworkAttachmentOpt(ep opts.NetworkAttachmentOpts) (*networktypes.End
 	return epConfig, nil
 }

-func parsePortOpts(publishOpts []string) ([]string, error) {
+func convertToStandardNotation(ports []string) ([]string, error) {
 	optsList := []string{}
-	for _, publish := range publishOpts {
-		params := map[string]string{"protocol": "tcp"}
-		for _, param := range strings.Split(publish, ",") {
-			opt := strings.Split(param, "=")
-			if len(opt) < 2 {
-				return optsList, errors.Errorf("invalid publish opts format (should be name=value but got '%s')", param)
-			}
+	for _, publish := range ports {
+		if strings.Contains(publish, "=") {
+			params := map[string]string{"protocol": "tcp"}
+			for _, param := range strings.Split(publish, ",") {
+				opt := strings.Split(param, "=")
+				if len(opt) < 2 {
+					return optsList, errors.Errorf("invalid publish opts format (should be name=value but got '%s')", param)
+				}

-			params[opt[0]] = opt[1]
+				params[opt[0]] = opt[1]
+			}
+			optsList = append(optsList, fmt.Sprintf("%s:%s/%s", params["published"], params["target"], params["protocol"]))
+		} else {
+			optsList = append(optsList, publish)
 		}
-		optsList = append(optsList, fmt.Sprintf("%s:%s/%s", params["target"], params["published"], params["protocol"]))
 	}
 	return optsList, nil
 }
--- a/cli/command/container/opts_test.go
+++ b/cli/command/container/opts_test.go
@ -14,9 +14,9 @@ import (
 	"github.com/docker/go-connections/nat"
 	"github.com/pkg/errors"
 	"github.com/spf13/pflag"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
-	"gotest.tools/skip"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
+	"gotest.tools/v3/skip"
 )

 func TestValidateAttach(t *testing.T) {
@ -64,12 +64,8 @@ func setupRunFlags() (*pflag.FlagSet, *containerOptions) {
 	return flags, copts
 }

-func parseMustError(t *testing.T, args string) {
-	_, _, _, err := parseRun(strings.Split(args+" ubuntu bash", " "))
-	assert.ErrorContains(t, err, "", args)
-}
-
 func mustParse(t *testing.T, args string) (*container.Config, *container.HostConfig) {
+	t.Helper()
 	config, hostConfig, _, err := parseRun(append(strings.Split(args, " "), "ubuntu", "bash"))
 	assert.NilError(t, err)
 	return config, hostConfig
@ -88,32 +84,102 @@ func TestParseRunLinks(t *testing.T) {
 }

 func TestParseRunAttach(t *testing.T) {
-	if config, _ := mustParse(t, "-a stdin"); !config.AttachStdin || config.AttachStdout || config.AttachStderr {
-		t.Fatalf("Error parsing attach flags. Expect only Stdin enabled. Received: in: %v, out: %v, err: %v", config.AttachStdin, config.AttachStdout, config.AttachStderr)
+	tests := []struct {
+		input    string
+		expected container.Config
+	}{
+		{
+			input: "",
+			expected: container.Config{
+				AttachStdout: true,
+				AttachStderr: true,
+			},
+		},
+		{
+			input: "-i",
+			expected: container.Config{
+				AttachStdin:  true,
+				AttachStdout: true,
+				AttachStderr: true,
+			},
+		},
+		{
+			input: "-a stdin",
+			expected: container.Config{
+				AttachStdin: true,
+			},
+		},
+		{
+			input: "-a stdin -a stdout",
+			expected: container.Config{
+				AttachStdin:  true,
+				AttachStdout: true,
+			},
+		},
+		{
+			input: "-a stdin -a stdout -a stderr",
+			expected: container.Config{
+				AttachStdin:  true,
+				AttachStdout: true,
+				AttachStderr: true,
+			},
+		},
 	}
-	if config, _ := mustParse(t, "-a stdin -a stdout"); !config.AttachStdin || !config.AttachStdout || config.AttachStderr {
-		t.Fatalf("Error parsing attach flags. Expect only Stdin and Stdout enabled. Received: in: %v, out: %v, err: %v", config.AttachStdin, config.AttachStdout, config.AttachStderr)
-	}
-	if config, _ := mustParse(t, "-a stdin -a stdout -a stderr"); !config.AttachStdin || !config.AttachStdout || !config.AttachStderr {
-		t.Fatalf("Error parsing attach flags. Expect all attach enabled. Received: in: %v, out: %v, err: %v", config.AttachStdin, config.AttachStdout, config.AttachStderr)
-	}
-	if config, _ := mustParse(t, ""); config.AttachStdin || !config.AttachStdout || !config.AttachStderr {
-		t.Fatalf("Error parsing attach flags. Expect Stdin disabled. Received: in: %v, out: %v, err: %v", config.AttachStdin, config.AttachStdout, config.AttachStderr)
-	}
-	if config, _ := mustParse(t, "-i"); !config.AttachStdin || !config.AttachStdout || !config.AttachStderr {
-		t.Fatalf("Error parsing attach flags. Expect Stdin enabled. Received: in: %v, out: %v, err: %v", config.AttachStdin, config.AttachStdout, config.AttachStderr)
+	for _, tc := range tests {
+		tc := tc
+		t.Run(tc.input, func(t *testing.T) {
+			config, _ := mustParse(t, tc.input)
+			assert.Equal(t, config.AttachStdin, tc.expected.AttachStdin)
+			assert.Equal(t, config.AttachStdout, tc.expected.AttachStdout)
+			assert.Equal(t, config.AttachStderr, tc.expected.AttachStderr)
+		})
 	}
 }

 func TestParseRunWithInvalidArgs(t *testing.T) {
-	parseMustError(t, "-a")
-	parseMustError(t, "-a invalid")
-	parseMustError(t, "-a invalid -a stdout")
-	parseMustError(t, "-a stdout -a stderr -d")
-	parseMustError(t, "-a stdin -d")
-	parseMustError(t, "-a stdout -d")
-	parseMustError(t, "-a stderr -d")
-	parseMustError(t, "-d --rm")
+	tests := []struct {
+		args  []string
+		error string
+	}{
+		{
+			args:  []string{"-a", "ubuntu", "bash"},
+			error: `invalid argument "ubuntu" for "-a, --attach" flag: valid streams are STDIN, STDOUT and STDERR`,
+		},
+		{
+			args:  []string{"-a", "invalid", "ubuntu", "bash"},
+			error: `invalid argument "invalid" for "-a, --attach" flag: valid streams are STDIN, STDOUT and STDERR`,
+		},
+		{
+			args:  []string{"-a", "invalid", "-a", "stdout", "ubuntu", "bash"},
+			error: `invalid argument "invalid" for "-a, --attach" flag: valid streams are STDIN, STDOUT and STDERR`,
+		},
+		{
+			args:  []string{"-a", "stdout", "-a", "stderr", "-z", "ubuntu", "bash"},
+			error: `unknown shorthand flag: 'z' in -z`,
+		},
+		{
+			args:  []string{"-a", "stdin", "-z", "ubuntu", "bash"},
+			error: `unknown shorthand flag: 'z' in -z`,
+		},
+		{
+			args:  []string{"-a", "stdout", "-z", "ubuntu", "bash"},
+			error: `unknown shorthand flag: 'z' in -z`,
+		},
+		{
+			args:  []string{"-a", "stderr", "-z", "ubuntu", "bash"},
+			error: `unknown shorthand flag: 'z' in -z`,
+		},
+		{
+			args:  []string{"-z", "--rm", "ubuntu", "bash"},
+			error: `unknown shorthand flag: 'z' in -z`,
+		},
+	}
+	flags, _ := setupRunFlags()
+	for _, tc := range tests {
+		t.Run(strings.Join(tc.args, " "), func(t *testing.T) {
+			assert.Error(t, flags.Parse(tc.args), tc.error)
+		})
+	}
 }

 // nolint: gocyclo
@ -352,7 +418,7 @@ func TestParseWithExpose(t *testing.T) {
 }

 func TestParseDevice(t *testing.T) {
-	skip.If(t, runtime.GOOS == "windows") // Windows validates server-side
+	skip.If(t, runtime.GOOS != "linux") // Windows and macOS validate server-side
 	valids := map[string]container.DeviceMapping{
 		"/dev/snd": {
 			PathOnHost:        "/dev/snd",
@ -401,13 +467,13 @@ func TestParseNetworkConfig(t *testing.T) {
 		{
 			name:        "single-network-legacy",
 			flags:       []string{"--network", "net1"},
-			expected:    map[string]*networktypes.EndpointSettings{"net1": {}},
+			expected:    map[string]*networktypes.EndpointSettings{},
 			expectedCfg: container.HostConfig{NetworkMode: "net1"},
 		},
 		{
 			name:        "single-network-advanced",
 			flags:       []string{"--network", "name=net1"},
-			expected:    map[string]*networktypes.EndpointSettings{"net1": {}},
+			expected:    map[string]*networktypes.EndpointSettings{},
 			expectedCfg: container.HostConfig{NetworkMode: "net1"},
 		},
 		{
@ -449,7 +515,7 @@ func TestParseNetworkConfig(t *testing.T) {
 				"--network-alias", "web1",
 				"--network-alias", "web2",
 				"--network", "net2",
-				"--network", "name=net3,alias=web3,driver-opt=field3=value3",
+				"--network", "name=net3,alias=web3,driver-opt=field3=value3,ip=172.20.88.22,ip6=2001:db8::8822",
 			},
 			expected: map[string]*networktypes.EndpointSettings{
 				"net1": {
@ -465,20 +531,28 @@ func TestParseNetworkConfig(t *testing.T) {
 				"net2": {},
 				"net3": {
 					DriverOpts: map[string]string{"field3": "value3"},
-					Aliases:    []string{"web3"},
+					IPAMConfig: &networktypes.EndpointIPAMConfig{
+						IPv4Address: "172.20.88.22",
+						IPv6Address: "2001:db8::8822",
+					},
+					Aliases: []string{"web3"},
 				},
 			},
 			expectedCfg: container.HostConfig{NetworkMode: "net1"},
 		},
 		{
 			name:  "single-network-advanced-with-options",
-			flags: []string{"--network", "name=net1,alias=web1,alias=web2,driver-opt=field1=value1,driver-opt=field2=value2"},
+			flags: []string{"--network", "name=net1,alias=web1,alias=web2,driver-opt=field1=value1,driver-opt=field2=value2,ip=172.20.88.22,ip6=2001:db8::8822"},
 			expected: map[string]*networktypes.EndpointSettings{
 				"net1": {
 					DriverOpts: map[string]string{
 						"field1": "value1",
 						"field2": "value2",
 					},
+					IPAMConfig: &networktypes.EndpointIPAMConfig{
+						IPv4Address: "172.20.88.22",
+						IPv6Address: "2001:db8::8822",
+					},
 					Aliases: []string{"web1", "web2"},
 				},
 			},
@ -496,10 +570,20 @@ func TestParseNetworkConfig(t *testing.T) {
 			expectedErr: `network "duplicate" is specified multiple times`,
 		},
 		{
-			name:        "conflict-options",
+			name:        "conflict-options-alias",
 			flags:       []string{"--network", "name=net1,alias=web1", "--network-alias", "web1"},
 			expectedErr: `conflicting options: cannot specify both --network-alias and per-network alias`,
 		},
+		{
+			name:        "conflict-options-ip",
+			flags:       []string{"--network", "name=net1,ip=172.20.88.22,ip6=2001:db8::8822", "--ip", "172.20.88.22"},
+			expectedErr: `conflicting options: cannot specify both --ip and per-network IPv4 address`,
+		},
+		{
+			name:        "conflict-options-ip6",
+			flags:       []string{"--network", "name=net1,ip=172.20.88.22,ip6=2001:db8::8822", "--ip6", "2001:db8::8822"},
+			expectedErr: `conflicting options: cannot specify both --ip6 and per-network IPv6 address`,
+		},
 		{
 			name:        "invalid-mixed-network-types",
 			flags:       []string{"--network", "name=host", "--network", "net1"},
@ -539,7 +623,7 @@ func TestParseModes(t *testing.T) {
 	}

 	// uts ko
-	_, _, _, err = parseRun([]string{"--uts=container:", "img", "cmd"})
+	_, _, _, err = parseRun([]string{"--uts=container:", "img", "cmd"}) //nolint:dogsled
 	assert.ErrorContains(t, err, "--uts: invalid UTS mode")

 	// uts ok
@ -600,7 +684,7 @@ func TestParseRestartPolicy(t *testing.T) {

 func TestParseRestartPolicyAutoRemove(t *testing.T) {
 	expected := "Conflicting options: --restart and --rm"
-	_, _, _, err := parseRun([]string{"--rm", "--restart=always", "img", "cmd"})
+	_, _, _, err := parseRun([]string{"--rm", "--restart=always", "img", "cmd"}) //nolint:dogsled
 	if err == nil || err.Error() != expected {
 		t.Fatalf("Expected error %v, but got none", expected)
 	}
@ -750,7 +834,7 @@ func TestParseEntryPoint(t *testing.T) {
 }

 func TestValidateDevice(t *testing.T) {
-	skip.If(t, runtime.GOOS == "windows") // Windows validates server-side
+	skip.If(t, runtime.GOOS != "linux") // Windows and macOS validate server-side
 	valid := []string{
 		"/home",
 		"/home:/home",
@ -854,3 +938,34 @@ func TestParseSystemPaths(t *testing.T) {
 		assert.DeepEqual(t, readonlyPaths, tc.readonly)
 	}
 }
+
+func TestConvertToStandardNotation(t *testing.T) {
+	valid := map[string][]string{
+		"20:10/tcp":               {"target=10,published=20"},
+		"40:30":                   {"40:30"},
+		"20:20 80:4444":           {"20:20", "80:4444"},
+		"1500:2500/tcp 1400:1300": {"target=2500,published=1500", "1400:1300"},
+		"1500:200/tcp 90:80/tcp":  {"published=1500,target=200", "target=80,published=90"},
+	}
+
+	invalid := [][]string{
+		{"published=1500,target:444"},
+		{"published=1500,444"},
+		{"published=1500,target,444"},
+	}
+
+	for key, ports := range valid {
+		convertedPorts, err := convertToStandardNotation(ports)
+
+		if err != nil {
+			assert.NilError(t, err)
+		}
+		assert.DeepEqual(t, strings.Split(key, " "), convertedPorts)
+	}
+
+	for _, ports := range invalid {
+		if _, err := convertToStandardNotation(ports); err == nil {
+			t.Fatalf("ConvertToStandardNotation(`%q`) should have failed conversion", ports)
+		}
+	}
+}
--- a/cli/command/container/ps_test.go
+++ b/cli/command/container/ps_test.go
@ -1,119 +0,0 @@
-package container
-
-import (
-	"testing"
-
-	"github.com/docker/cli/opts"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
-)
-
-func TestBuildContainerListOptions(t *testing.T) {
-	filters := opts.NewFilterOpt()
-	assert.NilError(t, filters.Set("foo=bar"))
-	assert.NilError(t, filters.Set("baz=foo"))
-
-	contexts := []struct {
-		psOpts          *psOptions
-		expectedAll     bool
-		expectedSize    bool
-		expectedLimit   int
-		expectedFilters map[string]string
-	}{
-		{
-			psOpts: &psOptions{
-				all:    true,
-				size:   true,
-				last:   5,
-				filter: filters,
-			},
-			expectedAll:   true,
-			expectedSize:  true,
-			expectedLimit: 5,
-			expectedFilters: map[string]string{
-				"foo": "bar",
-				"baz": "foo",
-			},
-		},
-		{
-			psOpts: &psOptions{
-				all:     true,
-				size:    true,
-				last:    -1,
-				nLatest: true,
-			},
-			expectedAll:     true,
-			expectedSize:    true,
-			expectedLimit:   1,
-			expectedFilters: make(map[string]string),
-		},
-		{
-			psOpts: &psOptions{
-				all:    true,
-				size:   false,
-				last:   5,
-				filter: filters,
-				// With .Size, size should be true
-				format: "{{.Size}}",
-			},
-			expectedAll:   true,
-			expectedSize:  true,
-			expectedLimit: 5,
-			expectedFilters: map[string]string{
-				"foo": "bar",
-				"baz": "foo",
-			},
-		},
-		{
-			psOpts: &psOptions{
-				all:    true,
-				size:   false,
-				last:   5,
-				filter: filters,
-				// With .Size, size should be true
-				format: "{{.Size}} {{.CreatedAt}} {{.Networks}}",
-			},
-			expectedAll:   true,
-			expectedSize:  true,
-			expectedLimit: 5,
-			expectedFilters: map[string]string{
-				"foo": "bar",
-				"baz": "foo",
-			},
-		},
-		{
-			psOpts: &psOptions{
-				all:    true,
-				size:   false,
-				last:   5,
-				filter: filters,
-				// Without .Size, size should be false
-				format: "{{.CreatedAt}} {{.Networks}}",
-			},
-			expectedAll:   true,
-			expectedSize:  false,
-			expectedLimit: 5,
-			expectedFilters: map[string]string{
-				"foo": "bar",
-				"baz": "foo",
-			},
-		},
-	}
-
-	for _, c := range contexts {
-		options, err := buildContainerListOptions(c.psOpts)
-		assert.NilError(t, err)
-
-		assert.Check(t, is.Equal(c.expectedAll, options.All))
-		assert.Check(t, is.Equal(c.expectedSize, options.Size))
-		assert.Check(t, is.Equal(c.expectedLimit, options.Limit))
-		assert.Check(t, is.Equal(len(c.expectedFilters), options.Filters.Len()))
-
-		for k, v := range c.expectedFilters {
-			f := options.Filters
-			if !f.ExactMatch(k, v) {
-				t.Fatalf("Expected filter with key %s to be %s but got %s", k, v, f.Get(k))
-			}
-		}
-	}
-}
--- a/cli/command/container/rm.go
+++ b/cli/command/container/rm.go
@ -8,6 +8,7 @@ import (
 	"github.com/docker/cli/cli"
 	"github.com/docker/cli/cli/command"
 	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/errdefs"
 	"github.com/pkg/errors"
 	"github.com/spf13/cobra"
 )
@ -35,7 +36,7 @@ func NewRmCommand(dockerCli command.Cli) *cobra.Command {
 	}

 	flags := cmd.Flags()
-	flags.BoolVarP(&opts.rmVolumes, "volumes", "v", false, "Remove the volumes associated with the container")
+	flags.BoolVarP(&opts.rmVolumes, "volumes", "v", false, "Remove anonymous volumes associated with the container")
 	flags.BoolVarP(&opts.rmLink, "link", "l", false, "Remove the specified link")
 	flags.BoolVarP(&opts.force, "force", "f", false, "Force the removal of a running container (uses SIGKILL)")
 	return cmd
@ -61,6 +62,10 @@ func runRm(dockerCli command.Cli, opts *rmOptions) error {

 	for _, name := range opts.containers {
 		if err := <-errChan; err != nil {
+			if opts.force && errdefs.IsNotFound(err) {
+				fmt.Fprintln(dockerCli.Err(), err)
+				continue
+			}
 			errs = append(errs, err.Error())
 			continue
 		}
--- a/cli/command/container/rm_test.go
+++ b/cli/command/container/rm_test.go
@ -0,0 +1,50 @@
+package container
+
+import (
+	"context"
+	"fmt"
+	"io/ioutil"
+	"sort"
+	"testing"
+
+	"github.com/docker/cli/internal/test"
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/errdefs"
+	"gotest.tools/v3/assert"
+)
+
+func TestRemoveForce(t *testing.T) {
+	var (
+		removed1 []string
+		removed2 []string
+	)
+
+	cli := test.NewFakeCli(&fakeClient{
+		containerRemoveFunc: func(ctx context.Context, container string, options types.ContainerRemoveOptions) error {
+			removed1 = append(removed1, container)
+			removed2 = append(removed2, container)
+			if container == "nosuchcontainer" {
+				return errdefs.NotFound(fmt.Errorf("Error: no such container: " + container))
+			}
+			return nil
+		},
+		Version: "1.36",
+	})
+	cmd := NewRmCommand(cli)
+	cmd.SetOut(ioutil.Discard)
+
+	t.Run("without force", func(t *testing.T) {
+		cmd.SetArgs([]string{"nosuchcontainer", "mycontainer"})
+		removed1 = []string{}
+		assert.ErrorContains(t, cmd.Execute(), "no such container")
+		sort.Strings(removed1)
+		assert.DeepEqual(t, removed1, []string{"mycontainer", "nosuchcontainer"})
+	})
+	t.Run("with force", func(t *testing.T) {
+		cmd.SetArgs([]string{"--force", "nosuchcontainer", "mycontainer"})
+		removed2 = []string{}
+		assert.NilError(t, cmd.Execute())
+		sort.Strings(removed2)
+		assert.DeepEqual(t, removed2, []string{"mycontainer", "nosuchcontainer"})
+	})
+}
--- a/cli/command/container/run.go
+++ b/cli/command/container/run.go
@ -4,8 +4,6 @@ import (
 	"context"
 	"fmt"
 	"io"
-	"net/http/httputil"
-	"os"
 	"runtime"
 	"strings"
 	"syscall"
@ -16,7 +14,7 @@ import (
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/pkg/signal"
-	"github.com/docker/docker/pkg/term"
+	"github.com/moby/term"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"
@ -56,6 +54,8 @@ func NewRunCommand(dockerCli command.Cli) *cobra.Command {
 	flags.BoolVar(&opts.sigProxy, "sig-proxy", true, "Proxy received signals to the process")
 	flags.StringVar(&opts.name, "name", "", "Assign a name to the container")
 	flags.StringVar(&opts.detachKeys, "detach-keys", "", "Override the key sequence for detaching a container")
+	flags.StringVar(&opts.createOptions.pull, "pull", PullImageMissing,
+		`Pull image before running ("`+PullImageAlways+`"|"`+PullImageMissing+`"|"`+PullImageNever+`")`)

 	// Add an explicit help that doesn't have a `-h` to prevent the conflict
 	// with hostname
@ -115,11 +115,6 @@ func runContainer(dockerCli command.Cli, opts *runOptions, copts *containerOptio
 		config.StdinOnce = false
 	}

-	// Disable sigProxy when in TTY mode
-	if config.Tty {
-		opts.sigProxy = false
-	}
-
 	// Telling the Windows daemon the initial size of the tty during start makes
 	// a far better user experience rather than relying on subsequent resizes
 	// to cause things to catch up.
@ -136,7 +131,8 @@ func runContainer(dockerCli command.Cli, opts *runOptions, copts *containerOptio
 		return runStartContainerErr(err)
 	}
 	if opts.sigProxy {
-		sigc := ForwardAllSignals(ctx, dockerCli, createResponse.ID)
+		sigc := notfiyAllSignals()
+		go ForwardAllSignals(ctx, dockerCli, createResponse.ID, sigc)
 		defer signal.StopCatch(sigc)
 	}

@ -168,7 +164,7 @@ func runContainer(dockerCli command.Cli, opts *runOptions, copts *containerOptio

 	statusChan := waitExitOrRemoved(ctx, dockerCli, createResponse.ID, copts.autoRemove)

-	//start the container
+	// start the container
 	if err := client.ContainerStart(ctx, createResponse.ID, types.ContainerStartOptions{}); err != nil {
 		// If we have hijackedIOStreamer, we should notify
 		// hijackedIOStreamer we are going to exit and wait
@ -253,10 +249,7 @@ func attachContainer(
 	}

 	resp, errAttach := dockerCli.Client().ContainerAttach(ctx, containerID, options)
-	if errAttach != nil && errAttach != httputil.ErrPersistEOF {
-		// ContainerAttach returns an ErrPersistEOF (connection closed)
-		// means server met an error and put it in Hijacked connection
-		// keep the error and read detailed error message from hijacked connection later
+	if errAttach != nil {
 		return nil, errAttach
 	}

@ -289,9 +282,9 @@ func attachContainer(
 func reportError(stderr io.Writer, name string, str string, withHelp bool) {
 	str = strings.TrimSuffix(str, ".") + "."
 	if withHelp {
-		str += "\nSee '" + os.Args[0] + " " + name + " --help'."
+		str += "\nSee 'docker " + name + " --help'."
 	}
-	fmt.Fprintf(stderr, "%s: %s\n", os.Args[0], str)
+	fmt.Fprintln(stderr, "docker:", str)
 }

 // if container start fails with 'not found'/'no such' error, return 127
--- a/cli/command/container/run_test.go
+++ b/cli/command/container/run_test.go
@ -9,13 +9,14 @@ import (
 	"github.com/docker/cli/internal/test/notary"
 	"github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/api/types/network"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
+	specs "github.com/opencontainers/image-spec/specs-go/v1"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
 )

 func TestRunLabel(t *testing.T) {
 	cli := test.NewFakeCli(&fakeClient{
-		createContainerFunc: func(_ *container.Config, _ *container.HostConfig, _ *network.NetworkingConfig, _ string) (container.ContainerCreateCreatedBody, error) {
+		createContainerFunc: func(_ *container.Config, _ *container.HostConfig, _ *network.NetworkingConfig, _ *specs.Platform, _ string) (container.ContainerCreateCreatedBody, error) {
 			return container.ContainerCreateCreatedBody{
 				ID: "id",
 			}, nil
@ -58,6 +59,7 @@ func TestRunCommandWithContentTrustErrors(t *testing.T) {
 			createContainerFunc: func(config *container.Config,
 				hostConfig *container.HostConfig,
 				networkingConfig *network.NetworkingConfig,
+				platform *specs.Platform,
 				containerName string,
 			) (container.ContainerCreateCreatedBody, error) {
 				return container.ContainerCreateCreatedBody{}, fmt.Errorf("shouldn't try to pull image")
@ -66,7 +68,7 @@ func TestRunCommandWithContentTrustErrors(t *testing.T) {
 		cli.SetNotaryClient(tc.notaryFunc)
 		cmd := NewRunCommand(cli)
 		cmd.SetArgs(tc.args)
-		cmd.SetOutput(ioutil.Discard)
+		cmd.SetOut(ioutil.Discard)
 		err := cmd.Execute()
 		assert.Assert(t, err != nil)
 		assert.Assert(t, is.Contains(cli.ErrBuffer().String(), tc.expectedError))
--- a/cli/command/container/signals.go
+++ b/cli/command/container/signals.go
@ -0,0 +1,61 @@
+package container
+
+import (
+	"context"
+	"os"
+	gosignal "os/signal"
+
+	"github.com/docker/cli/cli/command"
+	"github.com/docker/docker/pkg/signal"
+	"github.com/sirupsen/logrus"
+)
+
+// ForwardAllSignals forwards signals to the container
+//
+// The channel you pass in must already be setup to receive any signals you want to forward.
+func ForwardAllSignals(ctx context.Context, cli command.Cli, cid string, sigc <-chan os.Signal) {
+	var (
+		s  os.Signal
+		ok bool
+	)
+	for {
+		select {
+		case s, ok = <-sigc:
+			if !ok {
+				return
+			}
+		case <-ctx.Done():
+			return
+		}
+
+		if s == signal.SIGCHLD || s == signal.SIGPIPE {
+			continue
+		}
+
+		// In go1.14+, the go runtime issues SIGURG as an interrupt to support pre-emptable system calls on Linux.
+		// Since we can't forward that along we'll check that here.
+		if isRuntimeSig(s) {
+			continue
+		}
+		var sig string
+		for sigStr, sigN := range signal.SignalMap {
+			if sigN == s {
+				sig = sigStr
+				break
+			}
+		}
+		if sig == "" {
+			continue
+		}
+
+		if err := cli.Client().ContainerKill(ctx, cid, sig); err != nil {
+			logrus.Debugf("Error sending signal: %s", err)
+		}
+	}
+}
+
+func notfiyAllSignals() chan os.Signal {
+	sigc := make(chan os.Signal, 128)
+	gosignal.Notify(sigc)
+	return sigc
+}
--- a/cli/command/container/signals_test.go
+++ b/cli/command/container/signals_test.go
@ -0,0 +1,48 @@
+package container
+
+import (
+	"context"
+	"os"
+	"testing"
+	"time"
+
+	"github.com/docker/cli/internal/test"
+	"github.com/docker/docker/pkg/signal"
+)
+
+func TestForwardSignals(t *testing.T) {
+	ctx, cancel := context.WithCancel(context.Background())
+	defer cancel()
+
+	called := make(chan struct{})
+	client := &fakeClient{containerKillFunc: func(ctx context.Context, container, signal string) error {
+		close(called)
+		return nil
+	}}
+
+	cli := test.NewFakeCli(client)
+	sigc := make(chan os.Signal)
+	defer close(sigc)
+
+	go ForwardAllSignals(ctx, cli, t.Name(), sigc)
+
+	timer := time.NewTimer(30 * time.Second)
+	defer timer.Stop()
+
+	select {
+	case <-timer.C:
+		t.Fatal("timeout waiting to send signal")
+	case sigc <- signal.SignalMap["TERM"]:
+	}
+	if !timer.Stop() {
+		<-timer.C
+	}
+	timer.Reset(30 * time.Second)
+
+	select {
+	case <-called:
+	case <-timer.C:
+		t.Fatal("timeout waiting for signal to be processed")
+	}
+
+}
--- a/cli/command/container/signals_unix.go
+++ b/cli/command/container/signals_unix.go
@ -0,0 +1,14 @@
+//go:build !windows
+// +build !windows
+
+package container
+
+import (
+	"os"
+
+	"golang.org/x/sys/unix"
+)
+
+func isRuntimeSig(s os.Signal) bool {
+	return s == unix.SIGURG
+}
--- a/cli/command/container/signals_unix_test.go
+++ b/cli/command/container/signals_unix_test.go
@ -0,0 +1,60 @@
+//go:build !windows
+// +build !windows
+
+package container
+
+import (
+	"context"
+	"os"
+	"syscall"
+	"testing"
+	"time"
+
+	"github.com/docker/cli/internal/test"
+	"golang.org/x/sys/unix"
+	"gotest.tools/v3/assert"
+)
+
+func TestIgnoredSignals(t *testing.T) {
+	ignoredSignals := []syscall.Signal{unix.SIGPIPE, unix.SIGCHLD, unix.SIGURG}
+
+	for _, s := range ignoredSignals {
+		t.Run(unix.SignalName(s), func(t *testing.T) {
+			ctx, cancel := context.WithCancel(context.Background())
+			defer cancel()
+
+			var called bool
+			client := &fakeClient{containerKillFunc: func(ctx context.Context, container, signal string) error {
+				called = true
+				return nil
+			}}
+
+			cli := test.NewFakeCli(client)
+			sigc := make(chan os.Signal)
+			defer close(sigc)
+
+			done := make(chan struct{})
+			go func() {
+				ForwardAllSignals(ctx, cli, t.Name(), sigc)
+				close(done)
+			}()
+
+			timer := time.NewTimer(30 * time.Second)
+			defer timer.Stop()
+
+			select {
+			case <-timer.C:
+				t.Fatal("timeout waiting to send signal")
+			case sigc <- s:
+			case <-done:
+			}
+
+			// cancel the context so ForwardAllSignals will exit after it has processed the signal we sent.
+			// This is how we know the signal was actually processed and are not introducing a flakey test.
+			cancel()
+			<-done
+
+			assert.Assert(t, !called, "kill was called")
+		})
+	}
+}
--- a/cli/command/container/signals_windows.go
+++ b/cli/command/container/signals_windows.go
@ -0,0 +1,7 @@
+package container
+
+import "os"
+
+func isRuntimeSig(_ os.Signal) bool {
+	return false
+}
--- a/cli/command/container/start.go
+++ b/cli/command/container/start.go
@ -4,14 +4,13 @@ import (
 	"context"
 	"fmt"
 	"io"
-	"net/http/httputil"
 	"strings"

 	"github.com/docker/cli/cli"
 	"github.com/docker/cli/cli/command"
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/pkg/signal"
-	"github.com/docker/docker/pkg/term"
+	"github.com/moby/term"
 	"github.com/pkg/errors"
 	"github.com/spf13/cobra"
 )
@ -75,7 +74,8 @@ func runStart(dockerCli command.Cli, opts *startOptions) error {

 		// We always use c.ID instead of container to maintain consistency during `docker start`
 		if !c.Config.Tty {
-			sigc := ForwardAllSignals(ctx, dockerCli, c.ID)
+			sigc := notfiyAllSignals()
+			go ForwardAllSignals(ctx, dockerCli, c.ID, sigc)
 			defer signal.StopCatch(sigc)
 		}

@ -98,10 +98,7 @@ func runStart(dockerCli command.Cli, opts *startOptions) error {
 		}

 		resp, errAttach := dockerCli.Client().ContainerAttach(ctx, c.ID, options)
-		if errAttach != nil && errAttach != httputil.ErrPersistEOF {
-			// ContainerAttach return an ErrPersistEOF (connection closed)
-			// means server met an error and already put it in Hijacked connection,
-			// we would keep the error and read the detailed error message from hijacked connection
+		if errAttach != nil {
 			return errAttach
 		}
 		defer resp.Close()
@ -154,7 +151,7 @@ func runStart(dockerCli command.Cli, opts *startOptions) error {
 			}
 		}
 		if attachErr := <-cErr; attachErr != nil {
-			if _, ok := err.(term.EscapeError); ok {
+			if _, ok := attachErr.(term.EscapeError); ok {
 				// The user entered the detach escape sequence.
 				return nil
 			}
--- a/cli/command/container/stats.go
+++ b/cli/command/container/stats.go
@ -156,6 +156,9 @@ func runStats(dockerCli command.Cli, opts *statsOptions) error {
 		// Start a short-lived goroutine to retrieve the initial list of
 		// containers.
 		getContainerList()
+
+		// make sure each container get at least one valid stat data
+		waitFirst.Wait()
 	} else {
 		// Artificially send creation events for the containers we were asked to
 		// monitor (same code path than we use when monitoring all containers).
@ -170,9 +173,9 @@ func runStats(dockerCli command.Cli, opts *statsOptions) error {
 		// We don't expect any asynchronous errors: closeChan can be closed.
 		close(closeChan)

-		// Do a quick pause to detect any error with the provided list of
-		// container names.
-		time.Sleep(1500 * time.Millisecond)
+		// make sure each container get at least one valid stat data
+		waitFirst.Wait()
+
 		var errs []string
 		cStats.mu.Lock()
 		for _, c := range cStats.cs {
@ -186,8 +189,6 @@ func runStats(dockerCli command.Cli, opts *statsOptions) error {
 		}
 	}

-	// before print to screen, make sure each container get at least one valid stat data
-	waitFirst.Wait()
 	format := opts.format
 	if len(format) == 0 {
 		if len(dockerCli.ConfigFile().StatsFormat) > 0 {
@ -208,7 +209,9 @@ func runStats(dockerCli command.Cli, opts *statsOptions) error {
 	}

 	var err error
-	for range time.Tick(500 * time.Millisecond) {
+	ticker := time.NewTicker(500 * time.Millisecond)
+	defer ticker.Stop()
+	for range ticker.C {
 		cleanScreen()
 		ccstats := []StatsEntry{}
 		cStats.mu.Lock()
--- a/cli/command/container/stats_helpers.go
+++ b/cli/command/container/stats_helpers.go
@ -225,9 +225,27 @@ func calculateNetwork(network map[string]types.NetworkStats) (float64, float64)
 }

 // calculateMemUsageUnixNoCache calculate memory usage of the container.
-// Page cache is intentionally excluded to avoid misinterpretation of the output.
+// Cache is intentionally excluded to avoid misinterpretation of the output.
+//
+// On cgroup v1 host, the result is `mem.Usage - mem.Stats["total_inactive_file"]` .
+// On cgroup v2 host, the result is `mem.Usage - mem.Stats["inactive_file"] `.
+//
+// This definition is consistent with cadvisor and containerd/CRI.
+// * https://github.com/google/cadvisor/commit/307d1b1cb320fef66fab02db749f07a459245451
+// * https://github.com/containerd/cri/commit/6b8846cdf8b8c98c1d965313d66bc8489166059a
+//
+// On Docker 19.03 and older, the result was `mem.Usage - mem.Stats["cache"]`.
+// See https://github.com/moby/moby/issues/40727 for the background.
 func calculateMemUsageUnixNoCache(mem types.MemoryStats) float64 {
-	return float64(mem.Usage - mem.Stats["cache"])
+	// cgroup v1
+	if v, isCgroup1 := mem.Stats["total_inactive_file"]; isCgroup1 && v < mem.Usage {
+		return float64(mem.Usage - v)
+	}
+	// cgroup v2
+	if v := mem.Stats["inactive_file"]; v < mem.Usage {
+		return float64(mem.Usage - v)
+	}
+	return float64(mem.Usage)
 }

 func calculateMemPercentUnixNoCache(limit float64, usedNoCache float64) float64 {
--- a/cli/command/container/stats_helpers_test.go
+++ b/cli/command/container/stats_helpers_test.go
@ -5,12 +5,12 @@ import (
 	"testing"

 	"github.com/docker/docker/api/types"
-	"gotest.tools/assert"
+	"gotest.tools/v3/assert"
 )

 func TestCalculateMemUsageUnixNoCache(t *testing.T) {
 	// Given
-	stats := types.MemoryStats{Usage: 500, Stats: map[string]uint64{"cache": 400}}
+	stats := types.MemoryStats{Usage: 500, Stats: map[string]uint64{"total_inactive_file": 400}}

 	// When
 	result := calculateMemUsageUnixNoCache(stats)
--- a/cli/command/container/testdata/container-list-without-format-no-trunc.golden
+++ b/cli/command/container/testdata/container-list-without-format-no-trunc.golden
@ -1,3 +1,3 @@
-CONTAINER ID        IMAGE               COMMAND             CREATED                  STATUS              PORTS               NAMES
-container_id        busybox:latest      "top"               Less than a second ago   Up 1 second                             c1
-container_id        busybox:latest      "top"               Less than a second ago   Up 1 second                             c2,foo/bar
+CONTAINER ID   IMAGE            COMMAND   CREATED                  STATUS        PORTS     NAMES
+container_id   busybox:latest   "top"     Less than a second ago   Up 1 second             c1
+container_id   busybox:latest   "top"     Less than a second ago   Up 1 second             c2,foo/bar
--- a/cli/command/container/testdata/container-list-without-format.golden
+++ b/cli/command/container/testdata/container-list-without-format.golden
@ -1,6 +1,6 @@
-CONTAINER ID        IMAGE               COMMAND             CREATED                  STATUS              PORTS                NAMES
-container_id        busybox:latest      "top"               Less than a second ago   Up 1 second                              c1
-container_id        busybox:latest      "top"               Less than a second ago   Up 1 second                              c2
-container_id        busybox:latest      "top"               Less than a second ago   Up 1 second         80-82/tcp            c3
-container_id        busybox:latest      "top"               Less than a second ago   Up 1 second         81/udp               c4
-container_id        busybox:latest      "top"               Less than a second ago   Up 1 second         8.8.8.8:82->82/tcp   c5
+CONTAINER ID   IMAGE            COMMAND   CREATED                  STATUS        PORTS                NAMES
+container_id   busybox:latest   "top"     Less than a second ago   Up 1 second                        c1
+container_id   busybox:latest   "top"     Less than a second ago   Up 1 second                        c2
+container_id   busybox:latest   "top"     Less than a second ago   Up 1 second   80-82/tcp            c3
+container_id   busybox:latest   "top"     Less than a second ago   Up 1 second   81/udp               c4
+container_id   busybox:latest   "top"     Less than a second ago   Up 1 second   8.8.8.8:82->82/tcp   c5
--- a/cli/command/container/tty.go
+++ b/cli/command/container/tty.go
@ -95,32 +95,3 @@ func MonitorTtySize(ctx context.Context, cli command.Cli, id string, isExec bool
 	}
 	return nil
 }
-
-// ForwardAllSignals forwards signals to the container
-func ForwardAllSignals(ctx context.Context, cli command.Cli, cid string) chan os.Signal {
-	sigc := make(chan os.Signal, 128)
-	signal.CatchAll(sigc)
-	go func() {
-		for s := range sigc {
-			if s == signal.SIGCHLD || s == signal.SIGPIPE {
-				continue
-			}
-			var sig string
-			for sigStr, sigN := range signal.SignalMap {
-				if sigN == s {
-					sig = sigStr
-					break
-				}
-			}
-			if sig == "" {
-				fmt.Fprintf(cli.Err(), "Unsupported signal: %v. Discarding.\n", s)
-				continue
-			}
-
-			if err := cli.Client().ContainerKill(ctx, cid, sig); err != nil {
-				logrus.Debugf("Error sending signal: %s", err)
-			}
-		}
-	}()
-	return sigc
-}
--- a/cli/command/container/tty_test.go
+++ b/cli/command/container/tty_test.go
@ -9,8 +9,8 @@ import (
 	"github.com/docker/cli/internal/test"
 	"github.com/docker/docker/api/types"
 	"github.com/pkg/errors"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
 )

 func TestInitTtySizeErrors(t *testing.T) {
--- a/cli/command/container/utils_test.go
+++ b/cli/command/container/utils_test.go
@ -9,8 +9,8 @@ import (
 	"github.com/docker/docker/api"
 	"github.com/docker/docker/api/types/container"
 	"github.com/pkg/errors"
-	"gotest.tools/assert"
-	is "gotest.tools/assert/cmp"
+	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
 )

 func waitFn(cid string) (<-chan container.ContainerWaitOKBody, <-chan error) {
--- a/cli/command/context.go
+++ b/cli/command/context.go
@ -1,6 +1,7 @@
 package command

 import (
+	"encoding/json"
 	"errors"

 	"github.com/docker/cli/cli/context/store"
@ -8,8 +9,48 @@ import (

 // DockerContext is a typed representation of what we put in Context metadata
 type DockerContext struct {
-	Description       string       `json:",omitempty"`
-	StackOrchestrator Orchestrator `json:",omitempty"`
+	Description       string
+	StackOrchestrator Orchestrator
+	AdditionalFields  map[string]interface{}
+}
+
+// MarshalJSON implements custom JSON marshalling
+func (dc DockerContext) MarshalJSON() ([]byte, error) {
+	s := map[string]interface{}{}
+	if dc.Description != "" {
+		s["Description"] = dc.Description
+	}
+	if dc.StackOrchestrator != "" {
+		s["StackOrchestrator"] = dc.StackOrchestrator
+	}
+	if dc.AdditionalFields != nil {
+		for k, v := range dc.AdditionalFields {
+			s[k] = v
+		}
+	}
+	return json.Marshal(s)
+}
+
+// UnmarshalJSON implements custom JSON marshalling
+func (dc *DockerContext) UnmarshalJSON(payload []byte) error {
+	var data map[string]interface{}
+	if err := json.Unmarshal(payload, &data); err != nil {
+		return err
+	}
+	for k, v := range data {
+		switch k {
+		case "Description":
+			dc.Description = v.(string)
+		case "StackOrchestrator":
+			dc.StackOrchestrator = Orchestrator(v.(string))
+		default:
+			if dc.AdditionalFields == nil {
+				dc.AdditionalFields = make(map[string]interface{})
+			}
+			dc.AdditionalFields[k] = v
+		}
+	}
+	return nil
 }

 // GetDockerContext extracts metadata from stored context metadata
--- a/cli/command/context/cmd.go
+++ b/cli/command/context/cmd.go
@ -1,10 +1,6 @@
 package context

 import (
-	"errors"
-	"fmt"
-	"regexp"
-
 	"github.com/docker/cli/cli"
 	"github.com/docker/cli/cli/command"
 	"github.com/spf13/cobra"
@ -30,20 +26,3 @@ func NewContextCommand(dockerCli command.Cli) *cobra.Command {
 	)
 	return cmd
 }
-
-const restrictedNamePattern = "^[a-zA-Z0-9][a-zA-Z0-9_.+-]+$"
-
-var restrictedNameRegEx = regexp.MustCompile(restrictedNamePattern)
-
-func validateContextName(name string) error {
-	if name == "" {
-		return errors.New("context name cannot be empty")
-	}
-	if name == "default" {
-		return errors.New(`"default" is a reserved context name`)
-	}
-	if !restrictedNameRegEx.MatchString(name) {
-		return fmt.Errorf("context name %q is invalid, names are validated against regexp %q", name, restrictedNamePattern)
-	}
-	return nil
-}
--- a/cli/command/context/create.go
+++ b/cli/command/context/create.go
@ -62,8 +62,11 @@ func newCreateCommand(dockerCli command.Cli) *cobra.Command {
 		&opts.DefaultStackOrchestrator,
 		"default-stack-orchestrator", "",
 		"Default orchestrator for stack operations to use with this context (swarm|kubernetes|all)")
+	flags.SetAnnotation("default-stack-orchestrator", "deprecated", nil)
 	flags.StringToStringVar(&opts.Docker, "docker", nil, "set the docker endpoint")
 	flags.StringToStringVar(&opts.Kubernetes, "kubernetes", nil, "set the kubernetes endpoint")
+	flags.SetAnnotation("kubernetes", "kubernetes", nil)
+	flags.SetAnnotation("kubernetes", "deprecated", nil)
 	flags.StringVar(&opts.From, "from", "", "create context from a named context")
 	return cmd
 }
@ -78,13 +81,19 @@ func RunCreate(cli command.Cli, o *CreateOptions) error {
 	if err != nil {
 		return errors.Wrap(err, "unable to parse default-stack-orchestrator")
 	}
-	if o.From == "" && o.Docker == nil && o.Kubernetes == nil {
-		return createFromExistingContext(s, cli.CurrentContext(), stackOrchestrator, o)
+	switch {
+	case o.From == "" && o.Docker == nil && o.Kubernetes == nil:
+		err = createFromExistingContext(s, cli.CurrentContext(), stackOrchestrator, o)
+	case o.From != "":
+		err = createFromExistingContext(s, o.From, stackOrchestrator, o)
+	default:
+		err = createNewContext(o, stackOrchestrator, cli, s)
 	}
-	if o.From != "" {
-		return createFromExistingContext(s, o.From, stackOrchestrator, o)
+	if err == nil {
+		fmt.Fprintln(cli.Out(), o.Name)
+		fmt.Fprintf(cli.Err(), "Successfully created context %q\n", o.Name)
 	}
-	return createNewContext(o, stackOrchestrator, cli, s)
+	return err
 }

 func createNewContext(o *CreateOptions, stackOrchestrator command.Orchestrator, cli command.Cli, s store.Writer) error {
@ -127,13 +136,11 @@ func createNewContext(o *CreateOptions, stackOrchestrator command.Orchestrator,
 	if err := s.ResetTLSMaterial(o.Name, &contextTLSData); err != nil {
 		return err
 	}
-	fmt.Fprintln(cli.Out(), o.Name)
-	fmt.Fprintf(cli.Err(), "Successfully created context %q\n", o.Name)
 	return nil
 }

 func checkContextNameForCreation(s store.Reader, name string) error {
-	if err := validateContextName(name); err != nil {
+	if err := store.ValidateContextName(name); err != nil {
 		return err
 	}
 	if _, err := s.GetMetadata(name); !store.IsErrContextDoesNotExist(err) {
--- a/cli/command/context/create_test.go
+++ b/cli/command/context/create_test.go
@ -1,6 +1,7 @@
 package context

 import (
+	"fmt"
 	"io/ioutil"
 	"os"
 	"testing"
@ -11,8 +12,8 @@ import (
 	"github.com/docker/cli/cli/context/kubernetes"
 	"github.com/docker/cli/cli/context/store"
 	"github.com/docker/cli/internal/test"
-	"gotest.tools/assert"
-	"gotest.tools/env"
+	"gotest.tools/v3/assert"
+	"gotest.tools/v3/env"
 )

 func makeFakeCli(t *testing.T, opts ...func(*test.FakeCli)) (*test.FakeCli, func()) {
@ -131,6 +132,11 @@ func TestCreateInvalids(t *testing.T) {
 	}
 }

+func assertContextCreateLogging(t *testing.T, cli *test.FakeCli, n string) {
+	assert.Equal(t, n+"\n", cli.OutBuffer().String())
+	assert.Equal(t, fmt.Sprintf("Successfully created context %q\n", n), cli.ErrBuffer().String())
+}
+
 func TestCreateOrchestratorSwarm(t *testing.T) {
 	cli, cleanup := makeFakeCli(t)
 	defer cleanup()
@ -141,8 +147,7 @@ func TestCreateOrchestratorSwarm(t *testing.T) {
 		Docker:                   map[string]string{},
 	})
 	assert.NilError(t, err)
-	assert.Equal(t, "test\n", cli.OutBuffer().String())
-	assert.Equal(t, "Successfully created context \"test\"\n", cli.ErrBuffer().String())
+	assertContextCreateLogging(t, cli, "test")
 }

 func TestCreateOrchestratorEmpty(t *testing.T) {
@ -154,6 +159,7 @@ func TestCreateOrchestratorEmpty(t *testing.T) {
 		Docker: map[string]string{},
 	})
 	assert.NilError(t, err)
+	assertContextCreateLogging(t, cli, "test")
 }

 func validateTestKubeEndpoint(t *testing.T, s store.Reader, name string) {
@ -163,7 +169,7 @@ func validateTestKubeEndpoint(t *testing.T, s store.Reader, name string) {
 	kubeMeta := ctxMetadata.Endpoints[kubernetes.KubernetesEndpoint].(kubernetes.EndpointMeta)
 	kubeEP, err := kubeMeta.WithTLSData(s, name)
 	assert.NilError(t, err)
-	assert.Equal(t, "https://someserver", kubeEP.Host)
+	assert.Equal(t, "https://someserver.example.com", kubeEP.Host)
 	assert.Equal(t, "the-ca", string(kubeEP.TLSData.CA))
 	assert.Equal(t, "the-cert", string(kubeEP.TLSData.Cert))
 	assert.Equal(t, "the-key", string(kubeEP.TLSData.Key))
@ -189,6 +195,7 @@ func TestCreateOrchestratorAllKubernetesEndpointFromCurrent(t *testing.T) {
 	cli, cleanup := makeFakeCli(t)
 	defer cleanup()
 	createTestContextWithKube(t, cli)
+	assertContextCreateLogging(t, cli, "test")
 	validateTestKubeEndpoint(t, cli.ContextStore(), "test")
 }

@ -225,6 +232,7 @@ func TestCreateFromContext(t *testing.T) {
 	defer cleanup()
 	revert := env.Patch(t, "KUBECONFIG", "./testdata/test-kubeconfig")
 	defer revert()
+	cli.ResetOutputBuffers()
 	assert.NilError(t, RunCreate(cli, &CreateOptions{
 		Name:        "original",
 		Description: "original description",
@ -236,6 +244,9 @@ func TestCreateFromContext(t *testing.T) {
 		},
 		DefaultStackOrchestrator: "swarm",
 	}))
+	assertContextCreateLogging(t, cli, "original")
+
+	cli.ResetOutputBuffers()
 	assert.NilError(t, RunCreate(cli, &CreateOptions{
 		Name:        "dummy",
 		Description: "dummy description",
@ -247,11 +258,14 @@ func TestCreateFromContext(t *testing.T) {
 		},
 		DefaultStackOrchestrator: "swarm",
 	}))
+	assertContextCreateLogging(t, cli, "dummy")

 	cli.SetCurrentContext("dummy")

 	for _, c := range cases {
+		c := c
 		t.Run(c.name, func(t *testing.T) {
+			cli.ResetOutputBuffers()
 			err := RunCreate(cli, &CreateOptions{
 				From:                     "original",
 				Name:                     c.name,
@ -261,6 +275,7 @@ func TestCreateFromContext(t *testing.T) {
 				Kubernetes:               c.kubernetes,
 			})
 			assert.NilError(t, err)
+			assertContextCreateLogging(t, cli, c.name)
 			newContext, err := cli.ContextStore().GetMetadata(c.name)
 			assert.NilError(t, err)
 			newContextTyped, err := command.GetDockerContext(newContext)
@ -272,7 +287,7 @@ func TestCreateFromContext(t *testing.T) {
 			assert.Equal(t, newContextTyped.Description, c.expectedDescription)
 			assert.Equal(t, newContextTyped.StackOrchestrator, c.expectedOrchestrator)
 			assert.Equal(t, dockerEndpoint.Host, "tcp://42.42.42.42:2375")
-			assert.Equal(t, kubeEndpoint.Host, "https://someserver")
+			assert.Equal(t, kubeEndpoint.Host, "https://someserver.example.com")
 		})
 	}
 }
@ -308,6 +323,7 @@ func TestCreateFromCurrent(t *testing.T) {
 	defer cleanup()
 	revert := env.Patch(t, "KUBECONFIG", "./testdata/test-kubeconfig")
 	defer revert()
+	cli.ResetOutputBuffers()
 	assert.NilError(t, RunCreate(cli, &CreateOptions{
 		Name:        "original",
 		Description: "original description",
@ -319,17 +335,21 @@ func TestCreateFromCurrent(t *testing.T) {
 		},
 		DefaultStackOrchestrator: "swarm",
 	}))
+	assertContextCreateLogging(t, cli, "original")

 	cli.SetCurrentContext("original")

 	for _, c := range cases {
+		c := c
 		t.Run(c.name, func(t *testing.T) {
+			cli.ResetOutputBuffers()
 			err := RunCreate(cli, &CreateOptions{
 				Name:                     c.name,
 				Description:              c.description,
 				DefaultStackOrchestrator: c.orchestrator,
 			})
 			assert.NilError(t, err)
+			assertContextCreateLogging(t, cli, c.name)
 			newContext, err := cli.ContextStore().GetMetadata(c.name)
 			assert.NilError(t, err)
 			newContextTyped, err := command.GetDockerContext(newContext)
@ -341,7 +361,7 @@ func TestCreateFromCurrent(t *testing.T) {
 			assert.Equal(t, newContextTyped.Description, c.expectedDescription)
 			assert.Equal(t, newContextTyped.StackOrchestrator, c.expectedOrchestrator)
 			assert.Equal(t, dockerEndpoint.Host, "tcp://42.42.42.42:2375")
-			assert.Equal(t, kubeEndpoint.Host, "https://someserver")
+			assert.Equal(t, kubeEndpoint.Host, "https://someserver.example.com")
 		})
 	}
 }
--- a/cli/command/context/export-import_test.go
+++ b/cli/command/context/export-import_test.go
@ -9,7 +9,7 @@ import (
 	"testing"

 	"github.com/docker/cli/cli/streams"
-	"gotest.tools/assert"
+	"gotest.tools/v3/assert"
 )

 func TestExportImportWithFile(t *testing.T) {
--- a/cli/command/context/export.go
+++ b/cli/command/context/export.go
@ -46,6 +46,8 @@ func newExportCommand(dockerCli command.Cli) *cobra.Command {

 	flags := cmd.Flags()
 	flags.BoolVar(&opts.Kubeconfig, "kubeconfig", false, "Export as a kubeconfig file")
+	flags.SetAnnotation("kubeconfig", "kubernetes", nil)
+	flags.SetAnnotation("kubeconfig", "deprecated", nil)
 	return cmd
 }

@ -77,7 +79,7 @@ func writeTo(dockerCli command.Cli, reader io.Reader, dest string) error {

 // RunExport exports a Docker context
 func RunExport(dockerCli command.Cli, opts *ExportOptions) error {
-	if err := validateContextName(opts.ContextName); err != nil && opts.ContextName != command.DefaultContextName {
+	if err := store.ValidateContextName(opts.ContextName); err != nil && opts.ContextName != command.DefaultContextName {
 		return err
 	}
 	ctxMeta, err := dockerCli.ContextStore().GetMetadata(opts.ContextName)
--- a/cli/command/context/import.go
+++ b/cli/command/context/import.go
@ -14,7 +14,7 @@ import (
 func newImportCommand(dockerCli command.Cli) *cobra.Command {
 	cmd := &cobra.Command{
 		Use:   "import CONTEXT FILE|-",
-		Short: "Import a context from a tar file",
+		Short: "Import a context from a tar or zip file",
 		Args:  cli.ExactArgs(2),
 		RunE: func(cmd *cobra.Command, args []string) error {
 			return RunImport(dockerCli, args[0], args[1])
@ -28,6 +28,7 @@ func RunImport(dockerCli command.Cli, name string, source string) error {
 	if err := checkContextNameForCreation(dockerCli.ContextStore(), name); err != nil {
 		return err
 	}
+
 	var reader io.Reader
 	if source == "-" {
 		reader = dockerCli.In()
@ -43,6 +44,7 @@ func RunImport(dockerCli command.Cli, name string, source string) error {
 	if err := store.Import(name, dockerCli.ContextStore(), reader); err != nil {
 		return err
 	}
+
 	fmt.Fprintln(dockerCli.Out(), name)
 	fmt.Fprintf(dockerCli.Err(), "Successfully imported context %q\n", name)
 	return nil
--- a/cli/command/context/inspect_test.go
+++ b/cli/command/context/inspect_test.go
@ -4,8 +4,8 @@ import (
 	"strings"
 	"testing"

-	"gotest.tools/assert"
-	"gotest.tools/golden"
+	"gotest.tools/v3/assert"
+	"gotest.tools/v3/golden"
 )

 func TestInspect(t *testing.T) {
--- a/cli/command/context/list.go
+++ b/cli/command/context/list.go
@ -10,8 +10,8 @@ import (
 	"github.com/docker/cli/cli/command/formatter"
 	"github.com/docker/cli/cli/context/docker"
 	kubecontext "github.com/docker/cli/cli/context/kubernetes"
+	"github.com/fvbommel/sortorder"
 	"github.com/spf13/cobra"
-	"vbom.ml/util/sortorder"
 )

 type listOptions struct {
--- a/cli/command/context/list_test.go
+++ b/cli/command/context/list_test.go
@ -4,9 +4,9 @@ import (
 	"testing"

 	"github.com/docker/cli/cli/command"
-	"gotest.tools/assert"
-	"gotest.tools/env"
-	"gotest.tools/golden"
+	"gotest.tools/v3/assert"
+	"gotest.tools/v3/env"
+	"gotest.tools/v3/golden"
 )

 func createTestContextWithKubeAndSwarm(t *testing.T, cli command.Cli, name string, orchestrator string) {
@ -18,7 +18,7 @@ func createTestContextWithKubeAndSwarm(t *testing.T, cli command.Cli, name strin
 		DefaultStackOrchestrator: orchestrator,
 		Description:              "description of " + name,
 		Kubernetes:               map[string]string{keyFrom: "default"},
-		Docker:                   map[string]string{keyHost: "https://someswarmserver"},
+		Docker:                   map[string]string{keyHost: "https://someswarmserver.example.com"},
 	})
 	assert.NilError(t, err)
 }
--- a/cli/command/context/remove_test.go
+++ b/cli/command/context/remove_test.go
@ -9,7 +9,7 @@ import (
 	"github.com/docker/cli/cli/config"
 	"github.com/docker/cli/cli/config/configfile"
 	"github.com/docker/cli/cli/context/store"
-	"gotest.tools/assert"
+	"gotest.tools/v3/assert"
 )

 func TestRemove(t *testing.T) {
--- a/cli/command/context/testdata/inspect.golden
+++ b/cli/command/context/testdata/inspect.golden
@ -7,11 +7,11 @@
        },
        "Endpoints": {
            "docker": {
-                "Host": "https://someswarmserver",
+                "Host": "https://someswarmserver.example.com",
                "SkipTLSVerify": false
            },
            "kubernetes": {
-                "Host": "https://someserver",
+                "Host": "https://someserver.example.com",
                "SkipTLSVerify": false,
                "DefaultNamespace": "default"
            }
--- a/Show More
+++ b/Show More