Merge pull request #3773 from thaJeztah/20.10_backport_bump_golang_1.18.6

[20.10 backport] Update to go 1.18.6 to address CVE-2022-27664, CVE-2022-32190
Update to go 1.18.6 to address CVE-2022-27664, CVE-2022-32190
2022-09-08 10:19:02 +02:00 · 2022-09-06 22:14:52 +02:00 · 2022-08-27 21:37:23 +02:00 · 2022-08-26 16:29:01 +02:00 · 2022-08-26 15:08:55 +02:00 · 2022-08-26 14:07:25 +02:00
4171 changed files with 676938 additions and 294268 deletions
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@ -1,19 +1,153 @@
-# This is a dummy CircleCI config file to avoid GitHub status failures reported
-# on branches that don't use CircleCI. This file should be deleted when all
-# branches are no longer dependent on CircleCI.
 version: 2

 jobs:
-  dummy:
-    docker:
-      - image: busybox
+
+  lint:
+    working_directory: /work
+    docker: [{image: 'docker:20.10-git'}]
+    environment:
+      DOCKER_BUILDKIT: 1
    steps:
+      - checkout
+      - setup_remote_docker:
+          version: 20.10.6
+          reusable: true
+          exclusive: false
      - run:
-          name: "dummy"
-          command: echo "dummy job"
+          name: "Docker version"
+          command: docker version
+      - run:
+          name: "Docker info"
+          command: docker info
+      - run:
+          name: "Shellcheck - build image"
+          command: |
+            docker build --progress=plain -f dockerfiles/Dockerfile.shellcheck --tag cli-validator:$CIRCLE_BUILD_NUM .
+      - run:
+          name: "Shellcheck"
+          command: |
+            docker run --rm cli-validator:$CIRCLE_BUILD_NUM \
+                make shellcheck
+      - run:
+          name: "Lint - build image"
+          command: |
+            docker build --progress=plain -f dockerfiles/Dockerfile.lint --tag cli-linter:$CIRCLE_BUILD_NUM .
+      - run:
+          name: "Lint"
+          command: |
+            docker run --rm cli-linter:$CIRCLE_BUILD_NUM
+
+  cross:
+    working_directory: /work
+    docker: [{image: 'docker:20.10-git'}]
+    environment:
+      DOCKER_BUILDKIT: 1
+      BUILDX_VERSION: "v0.8.2"
+    parallelism: 3
+    steps:
+      - checkout
+      - setup_remote_docker:
+          version: 20.10.6
+          reusable: true
+          exclusive: false
+      - run:
+          name: "Docker version"
+          command: docker version
+      - run:
+          name: "Docker info"
+          command: docker info
+      - run: apk add make curl
+      - run: mkdir -vp ~/.docker/cli-plugins/
+      - run: curl -fsSL --output ~/.docker/cli-plugins/docker-buildx https://github.com/docker/buildx/releases/download/${BUILDX_VERSION}/buildx-${BUILDX_VERSION}.linux-amd64
+      - run: chmod a+x ~/.docker/cli-plugins/docker-buildx
+      - run: docker buildx version
+      - run: docker context create buildctx
+      - run: docker buildx create --use buildctx && docker buildx inspect --bootstrap
+      - run: GROUP_INDEX=$CIRCLE_NODE_INDEX GROUP_TOTAL=$CIRCLE_NODE_TOTAL docker buildx bake cross --progress=plain
+      - store_artifacts:
+          path: /work/build
+
+  test:
+    working_directory: /work
+    docker: [{image: 'docker:20.10-git'}]
+    environment:
+      DOCKER_BUILDKIT: 1
+    steps:
+      - checkout
+      - setup_remote_docker:
+          version: 20.10.6
+          reusable: true
+          exclusive: false
+      - run:
+          name: "Docker version"
+          command: docker version
+      - run:
+          name: "Docker info"
+          command: docker info
+      - run:
+          name: "Unit Test with Coverage - build image"
+          command: |
+            mkdir -p test-results/unit-tests
+            docker build --progress=plain -f dockerfiles/Dockerfile.dev --tag cli-builder:$CIRCLE_BUILD_NUM .
+      - run:
+          name: "Unit Test with Coverage"
+          command: |
+            docker run \
+                -e GOTESTSUM_JUNITFILE=/tmp/junit.xml \
+                --name \
+                test-$CIRCLE_BUILD_NUM cli-builder:$CIRCLE_BUILD_NUM \
+                make test-coverage
+            docker cp \
+                test-$CIRCLE_BUILD_NUM:/tmp/junit.xml \
+                ./test-results/unit-tests/junit.xml
+      - run:
+          name: "Upload to Codecov"
+          command: |
+            docker cp \
+                test-$CIRCLE_BUILD_NUM:/go/src/github.com/docker/cli/coverage.txt \
+                coverage.txt
+            apk add -U bash curl
+            curl -s https://codecov.io/bash | bash || \
+                echo 'Codecov failed to upload'
+      - store_test_results:
+          path:  test-results
+      - store_artifacts:
+          path:  test-results
+
+  validate:
+    working_directory: /work
+    docker: [{image: 'docker:20.10-git'}]
+    environment:
+      DOCKER_BUILDKIT: 1
+    steps:
+      - checkout
+      - setup_remote_docker:
+          version: 20.10.6
+          reusable: true
+          exclusive: false
+      - run:
+          name: "Docker version"
+          command: docker version
+      - run:
+          name: "Docker info"
+          command: docker info
+      - run:
+          name: "Validate - build image"
+          command: |
+            rm -f .dockerignore # include .git
+            docker build --progress=plain -f dockerfiles/Dockerfile.dev --tag cli-builder-with-git:$CIRCLE_BUILD_NUM .
+      - run:
+          name: "Validate Vendor, Docs, and Code Generation"
+          command: |
+            docker run --rm cli-builder-with-git:$CIRCLE_BUILD_NUM \
+                make ci-validate
+          no_output_timeout: 15m

 workflows:
  version: 2
  ci:
    jobs:
-      - dummy
+      - lint
+      - cross
+      - test
+      - validate
--- a/.dockerignore
+++ b/.dockerignore
@ -1,14 +1,7 @@
-/build/
-/cli/winresources/versioninfo.json
-/cli/winresources/*.syso
-/man/man*/
-/man/vendor/
-/man/go.sum
-/docs/yaml/
-/docs/vendor/
-/docs/go.sum
-profile.out
-
-# top-level go.mod is not meant to be checked in
-/go.mod
-/go.sum
+.circleci
+.dockerignore
+.github
+.gitignore
+appveyor.yml
+build
+/vndr.log
--- a/.gitattributes
+++ b/.gitattributes
@ -1,3 +0,0 @@
-Dockerfile* linguist-language=Dockerfile
-vendor.mod linguist-language=Go-Module
-vendor.sum linguist-language=Go-Checksums
--- a/.github/ISSUE_TEMPLATE.md
+++ b/.github/ISSUE_TEMPLATE.md
@ -0,0 +1,64 @@
+<!--
+If you are reporting a new issue, make sure that we do not have any duplicates
+already open. You can ensure this by searching the issue list for this
+repository. If there is a duplicate, please close your issue and add a comment
+to the existing issue instead.
+
+If you suspect your issue is a bug, please edit your issue description to
+include the BUG REPORT INFORMATION shown below. If you fail to provide this
+information within 7 days, we cannot debug your issue and will close it. We
+will, however, reopen it if you later provide the information.
+
+For more information about reporting issues, see
+https://github.com/docker/cli/blob/master/CONTRIBUTING.md#reporting-other-issues
+
+---------------------------------------------------
+GENERAL SUPPORT INFORMATION
+---------------------------------------------------
+
+The GitHub issue tracker is for bug reports and feature requests.
+General support can be found at the following locations:
+
+- Docker Support Forums - https://forums.docker.com
+- Docker Community Slack - https://dockr.ly/community
+- Post a question on StackOverflow, using the Docker tag
+
+---------------------------------------------------
+BUG REPORT INFORMATION
+---------------------------------------------------
+Use the commands below to provide key information from your environment:
+You do NOT have to include this information if this is a FEATURE REQUEST
+-->
+
+**Description**
+
+<!--
+Briefly describe the problem you are having in a few paragraphs.
+-->
+
+**Steps to reproduce the issue:**
+1.
+2.
+3.
+
+**Describe the results you received:**
+
+
+**Describe the results you expected:**
+
+
+**Additional information you deem important (e.g. issue happens only occasionally):**
+
+**Output of `docker version`:**
+
+```
+(paste your output here)
+```
+
+**Output of `docker info`:**
+
+```
+(paste your output here)
+```
+
+**Additional environment details (AWS, VirtualBox, physical, etc.):**
--- a/.github/ISSUE_TEMPLATE/bug_report.yml
+++ b/.github/ISSUE_TEMPLATE/bug_report.yml
@ -1,146 +0,0 @@
-name: Bug report
-description: Create a report to help us improve!
-labels:
-  - kind/bug
-  - status/0-triage
-body:
-  - type: markdown
-    attributes:
-      value: |
-        Thank you for taking the time to report a bug!
-        If this is a security issue please report it to the [Docker Security team](mailto:security@docker.com).
-  - type: textarea
-    id: description
-    attributes:
-      label: Description
-      description: Please give a clear and concise description of the bug
-    validations:
-      required: true
-  - type: textarea
-    id: repro
-    attributes:
-      label: Reproduce
-      description: Steps to reproduce the bug
-      placeholder: |
-        1. docker run ...
-        2. docker kill ...
-        3. docker rm ...
-    validations:
-      required: true
-  - type: textarea
-    id: expected
-    attributes:
-      label: Expected behavior
-      description: What is the expected behavior?
-      placeholder: |
-        E.g. "`docker rm` should remove the container and cleanup all associated data"
-  - type: textarea
-    id: version
-    attributes:
-      label: docker version
-      description: Output of `docker version`
-      render: bash
-      placeholder: |
-        Client:
-          Version:           20.10.17
-          API version:       1.41
-          Go version:        go1.17.11
-          Git commit:        100c70180fde3601def79a59cc3e996aa553c9b9
-          Built:             Mon Jun  6 21:36:39 UTC 2022
-          OS/Arch:           linux/amd64
-          Context:           default
-          Experimental:      true
-
-        Server:
-          Engine:
-            Version:          20.10.17
-            API version:      1.41 (minimum version 1.12)
-            Go version:       go1.17.11
-            Git commit:       a89b84221c8560e7a3dee2a653353429e7628424
-            Built:            Mon Jun  6 22:32:38 2022
-            OS/Arch:          linux/amd64
-            Experimental:     true
-          containerd:
-            Version:          1.6.6
-            GitCommit:        10c12954828e7c7c9b6e0ea9b0c02b01407d3ae1
-          runc:
-            Version:          1.1.2
-            GitCommit:        a916309fff0f838eb94e928713dbc3c0d0ac7aa4
-          docker-init:
-            Version:          0.19.0
-            GitCommit:
-    validations:
-      required: true
-  - type: textarea
-    id: info
-    attributes:
-      label: docker info
-      description: Output of `docker info`
-      render: bash
-      placeholder: |
-        Client:
-          Context:    default
-          Debug Mode: false
-          Plugins:
-            buildx: Docker Buildx (Docker Inc., 0.8.2)
-            compose: Docker Compose (Docker Inc., 2.6.0)
-
-        Server:
-          Containers: 4
-            Running: 2
-            Paused: 0
-            Stopped: 2
-          Images: 80
-          Server Version: 20.10.17
-          Storage Driver: overlay2
-            Backing Filesystem: xfs
-            Supports d_type: true
-            Native Overlay Diff: false
-            userxattr: false
-          Logging Driver: local
-          Cgroup Driver: cgroupfs
-          Cgroup Version: 1
-          Plugins:
-            Volume: local
-            Network: bridge host ipvlan macvlan null overlay
-            Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
-          Swarm: inactive
-          Runtimes: runc io.containerd.runc.v2 io.containerd.runtime.v1.linux
-          Default Runtime: runc
-          Init Binary: docker-init
-          containerd version: 10c12954828e7c7c9b6e0ea9b0c02b01407d3ae1
-          runc version: a916309fff0f838eb94e928713dbc3c0d0ac7aa4
-          init version: 
-          Security Options:
-            apparmor
-            seccomp
-            Profile: default
-          Kernel Version: 5.13.0-1031-azure
-          Operating System: Ubuntu 20.04.4 LTS
-          OSType: linux
-          Architecture: x86_64
-          CPUs: 4
-          Total Memory: 15.63GiB
-          Name: dev
-          ID: UC44:2RFL:7NQ5:GGFW:34O5:DYRE:CLOH:VLGZ:64AZ:GFXC:PY6H:SAHY
-          Docker Root Dir: /var/lib/docker
-          Debug Mode: true
-            File Descriptors: 46
-            Goroutines: 134
-            System Time: 2022-07-06T18:07:54.812439392Z
-            EventsListeners: 0
-          Registry: https://index.docker.io/v1/
-          Labels:
-          Experimental: true
-          Insecure Registries:
-            127.0.0.0/8
-          Live Restore Enabled: true
-    validations:
-      required: true
-  - type: textarea
-    id: additional
-    attributes:
-      label: Additional Info
-      description: Additional info you want to provide such as logs, system info, environment, etc.
-    validations:
-      required: false
--- a/.github/ISSUE_TEMPLATE/config.yml
+++ b/.github/ISSUE_TEMPLATE/config.yml
@ -1,11 +0,0 @@
-blank_issues_enabled: false
-contact_links:
-  - name: "Contributing to Docker"
-    about: "Read guidelines and tips about contributing to Docker."
-    url: "https://github.com/docker/cli/blob/master/CONTRIBUTING.md"
-  - name: "Security and Vulnerabilities"
-    about: "Please report any security issues or vulnerabilities responsibly to the Docker security team. Please do not use the public issue tracker."
-    url: "https://github.com/moby/moby/security/policy"
-  - name: "General Support"
-    about: "Get the help you need to build, share, and run your Docker applications"
-    url: "https://www.docker.com/support/"
--- a/.github/ISSUE_TEMPLATE/feature_request.yml
+++ b/.github/ISSUE_TEMPLATE/feature_request.yml
@ -1,13 +0,0 @@
-name: Feature request
-description: Missing functionality? Come tell us about it!
-labels:
-  - kind/feature
-  - status/0-triage
-body:
-  - type: textarea
-    id: description
-    attributes:
-      label: Description
-      description: What is the feature you want to see?
-    validations:
-      required: true
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@ -1,9 +0,0 @@
-version: 2
-updates:
-  - package-ecosystem: "github-actions"
-    directory: "/"
-    schedule:
-      interval: "daily"
-    labels:
-      - "area/testing"
-      - "status/2-code-review"
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@ -1,81 +0,0 @@
-name: build
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
-
-on:
-  workflow_dispatch:
-  push:
-    branches:
-      - 'master'
-      - '[0-9]+.[0-9]+'
-    tags:
-      - 'v*'
-  pull_request:
-
-jobs:
-  build:
-    runs-on: ubuntu-20.04
-    strategy:
-      fail-fast: false
-      matrix:
-        target:
-          - cross
-          - dynbinary-cross
-        use_glibc:
-          - ""
-          - glibc
-    steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v3
-        with:
-          fetch-depth: 0
-      -
-        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
-      -
-        name: Run ${{ matrix.target }}
-        uses: docker/bake-action@v2
-        with:
-          targets: ${{ matrix.target }}
-        env:
-          USE_GLIBC: ${{ matrix.use_glibc }}
-      -
-        name: Flatten artifacts
-        working-directory: ./build
-        run: |
-          for dir in */; do
-            base=$(basename "$dir")
-            echo "Creating ${base}.tar.gz ..."
-            tar -cvzf "${base}.tar.gz" "$dir"
-            rm -rf "$dir"
-          done
-          if [ -z "${{ matrix.use_glibc }}" ]; then
-            echo "ARTIFACT_NAME=${{ matrix.target }}" >> $GITHUB_ENV
-          else
-            echo "ARTIFACT_NAME=${{ matrix.target }}-glibc" >> $GITHUB_ENV
-          fi
-      -
-        name: Upload artifacts
-        uses: actions/upload-artifact@v3
-        with:
-          name: ${{ env.ARTIFACT_NAME }}
-          path: ./build/*
-          if-no-files-found: error
-
-  plugins:
-    runs-on: ubuntu-20.04
-    steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v3
-      -
-        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
-      -
-        name: Build plugins
-        uses: docker/bake-action@v2
-        with:
-          targets: plugins-cross
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@ -1,6 +1,16 @@
-name: codeql
+# For most projects, this workflow file will not need changing; you simply need
+# to commit it to your repository.
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+name: "CodeQL"

 on:
+#  push:
+#    branches: [master]
+#  pull_request:
+#    # The branches below must be a subset of the branches above
+#    branches: [master]
  schedule:
    #        ┌───────────── minute (0 - 59)
    #        │ ┌───────────── hour (0 - 23)
@ -14,27 +24,57 @@ on:
    - cron: '0 9 * * 4'

 jobs:
-  codeql:
-    runs-on: ubuntu-20.04
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+
+    strategy:
+      fail-fast: false
+      matrix:
+        # Override automatic language detection by changing the below list
+        # Supported options are ['csharp', 'cpp', 'go', 'java', 'javascript', 'python']
+        language: ['go']
+        # Learn more...
+        # https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#overriding-automatic-language-detection
+
    steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v3
+      - name: Checkout repository
+        uses: actions/checkout@v2
        with:
+          # We must fetch at least the immediate parents so that if this is
+          # a pull request then we can checkout the head.
          fetch-depth: 2
-      -
-        name: Checkout HEAD on PR
+
+      # If this run was triggered by a pull request event, then checkout
+      # the head of the pull request instead of the merge commit.
+      - run: git checkout HEAD^2
        if: ${{ github.event_name == 'pull_request' }}
-        run: |
-          git checkout HEAD^2
-      -
-        name: Initialize CodeQL
-        uses: github/codeql-action/init@v2
+
+      # Initializes the CodeQL tools for scanning.
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v1
        with:
-          languages: go
-      -
-        name: Autobuild
-        uses: github/codeql-action/autobuild@v2
-      -
-        name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v2
+          languages: ${{ matrix.language }}
+          # If you wish to specify custom queries, you can do so here or in a config file.
+          # By default, queries listed here will override any specified in a config file.
+          # Prefix the list here with "+" to use these queries and those in the config file.
+          # queries: ./path/to/local/query, your-org/your-repo/queries@main
+
+      # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
+      # If this step fails, then you should remove it and run the build manually (see below)
+      - name: Autobuild
+        uses: github/codeql-action/autobuild@v1
+
+      # ℹ️ Command-line programs to run using the OS shell.
+      # 📚 https://git.io/JvXDl
+
+      # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
+      #    and modify them (or add more) to build your code if your project
+      #    uses a compiled language
+
+      #- run: |
+      #   make bootstrap
+      #   make release
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v1
--- a/.github/workflows/e2e.yml
+++ b/.github/workflows/e2e.yml
@ -1,64 +0,0 @@
-name: e2e
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
-
-on:
-  workflow_dispatch:
-  push:
-    branches:
-      - 'master'
-      - '[0-9]+.[0-9]+'
-    tags:
-      - 'v*'
-  pull_request:
-
-jobs:
-  e2e:
-    runs-on: ubuntu-20.04
-    strategy:
-      fail-fast: false
-      matrix:
-        target:
-          - non-experimental
-          - experimental
-          - connhelper-ssh
-        base:
-          - alpine
-          - bullseye
-        engine-version:
-#          - 20.10-dind # FIXME: Fails on 20.10
-          - stable-dind # TODO: Use 20.10-dind, stable-dind is deprecated
-        include:
-          - target: non-experimental
-            engine-version: 19.03-dind
-    steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v3
-      -
-        name: Update daemon.json
-        run: |
-          sudo jq '.experimental = true' < /etc/docker/daemon.json > /tmp/docker.json
-          sudo mv /tmp/docker.json /etc/docker/daemon.json
-          sudo cat /etc/docker/daemon.json
-          sudo service docker restart
-          docker version
-          docker info
-      -
-        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
-      -
-        name: Run ${{ matrix.target }}
-        run: |
-          make -f docker.Makefile test-e2e-${{ matrix.target }}
-        env:
-          BASE_VARIANT: ${{ matrix.base }}
-          E2E_ENGINE_VERSION: ${{ matrix.engine-version }}
-          TESTFLAGS: -coverprofile=/tmp/coverage/coverage.txt
-      -
-        name: Send to Codecov
-        uses: codecov/codecov-action@v3
-        with:
-          file: ./build/coverage/coverage.txt
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@ -1,79 +0,0 @@
-name: test
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
-
-on:
-  workflow_dispatch:
-  push:
-    branches:
-      - 'master'
-      - '[0-9]+.[0-9]+'
-    tags:
-      - 'v*'
-  pull_request:
-
-jobs:
-  ctn:
-    runs-on: ubuntu-20.04
-    steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v3
-      -
-        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
-      -
-        name: Test
-        uses: docker/bake-action@v2
-        with:
-          targets: test-coverage
-      -
-        name: Send to Codecov
-        uses: codecov/codecov-action@v3
-        with:
-          file: ./build/coverage/coverage.txt
-
-  host:
-    runs-on: ${{ matrix.os }}
-    env:
-      GOPATH: ${{ github.workspace }}
-      GOBIN: ${{ github.workspace }}/bin
-      GO111MODULE: auto
-    strategy:
-      fail-fast: false
-      matrix:
-        os:
-          - macos-11
-#          - windows-2022 # FIXME: some tests are failing on the Windows runner, as well as on Appveyor since June 24, 2018: https://ci.appveyor.com/project/docker/cli/history
-    steps:
-      -
-        name: Prepare git
-        if: matrix.os == 'windows-latest'
-        run: |
-          git config --system core.autocrlf false
-          git config --system core.eol lf
-      -
-        name: Checkout
-        uses: actions/checkout@v3
-        with:
-          path: ${{ env.GOPATH }}/src/github.com/docker/cli
-      -
-        name: Set up Go
-        uses: actions/setup-go@v3
-        with:
-          go-version: 1.19.4
-      -
-        name: Test
-        run: |
-          go test -coverprofile=/tmp/coverage.txt $(go list ./... | grep -vE '/vendor/|/e2e/')
-          go tool cover -func=/tmp/coverage.txt
-        working-directory: ${{ env.GOPATH }}/src/github.com/docker/cli
-        shell: bash
-      -
-        name: Send to Codecov
-        uses: codecov/codecov-action@v3
-        with:
-          file: /tmp/coverage.txt
-          working-directory: ${{ env.GOPATH }}/src/github.com/docker/cli
--- a/.github/workflows/validate.yml
+++ b/.github/workflows/validate.yml
@ -1,58 +0,0 @@
-name: validate
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
-
-on:
-  workflow_dispatch:
-  push:
-    branches:
-      - 'master'
-      - '[0-9]+.[0-9]+'
-    tags:
-      - 'v*'
-  pull_request:
-
-jobs:
-  validate:
-    runs-on: ubuntu-20.04
-    strategy:
-      fail-fast: false
-      matrix:
-        target:
-          - lint
-          - shellcheck
-          - validate-vendor
-          - update-authors # ensure authors update target runs fine
-    steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v3
-        with:
-          fetch-depth: 0
-      -
-        name: Run
-        uses: docker/bake-action@v2
-        with:
-          targets: ${{ matrix.target }}
-
-  validate-make:
-    runs-on: ubuntu-20.04
-    strategy:
-      fail-fast: false
-      matrix:
-        target:
-          - yamldocs # ensure yamldocs target runs fine
-          - manpages # ensure manpages target runs fine
-    steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v3
-        with:
-          fetch-depth: 0
-      -
-        name: Run
-        shell: 'script --return --quiet --command "bash {0}"'
-        run: |
-          make -f docker.Makefile ${{ matrix.target }}
--- a/.gitignore
+++ b/.gitignore
@ -8,10 +8,11 @@
 Thumbs.db
 .editorconfig
 /build/
-/cli/winresources/versioninfo.json
-/cli/winresources/*.syso
+cli/winresources/rsrc_*.syso
+/man/man1/
+/man/man5/
+/man/man8/
+/docs/yaml/gen/
+coverage.txt
 profile.out
-
-# top-level go.mod is not meant to be checked in
-/go.mod
-/go.sum
+/vndr.log
--- a/.golangci.yml
+++ b/.golangci.yml
@ -1,10 +1,9 @@
 linters:
  enable:
    - bodyclose
-    - depguard
+    - deadcode
    - dogsled
    - gocyclo
-    - gofumpt
    - goimports
    - gosec
    - gosimple
@ -14,30 +13,28 @@ linters:
    - megacheck
    - misspell
    - nakedret
-    - revive
    - staticcheck
+    - structcheck
    - typecheck
    - unconvert
    - unparam
    - unused
+    - revive
+    - varcheck

  disable:
    - errcheck

 run:
  timeout: 5m
+  skip-dirs:
+    - cli/command/stack/kubernetes/api/openapi
+    - cli/command/stack/kubernetes/api/client
  skip-files:
    - cli/compose/schema/bindata.go
    - .*generated.*

 linters-settings:
-  depguard:
-    list-type: blacklist
-    include-go-root: true
-    packages:
-      # The io/ioutil package has been deprecated.
-      # https://go.dev/doc/go1.16#ioutil
-      - io/ioutil
  gocyclo:
    min-complexity: 16
  govet:
@ -96,12 +93,6 @@ issues:
      linters:
        - gosec

-    # G113 Potential uncontrolled memory consumption in Rat.SetString (CVE-2022-23772)
-    # only affects gp < 1.16.14. and go < 1.17.7
-    - text: "(G113)"
-      linters:
-        - gosec
-
    # Looks like the match in "EXC0007" above doesn't catch this one
    # TODO: consider upstreaming this to golangci-lint's default exclusion rules
    - text: "G204: Subprocess launched with a potential tainted input or cmd arguments"
@ -113,11 +104,6 @@ issues:
      linters:
        - gosec

-    # TODO: make sure all packages have a description. Currently, there's 67 packages without.
-    - text: "package-comments: should have a package comment"
-      linters:
-        - revive
-
    # Exclude some linters from running on tests files.
    - path: _test\.go
      linters:
--- a/.mailmap
+++ b/.mailmap
@ -6,10 +6,7 @@
 #
 # For explanation on this file format: man git-shortlog

-<lmscrewy@gmail.com> <1674195+squeegels@users.noreply.github.com>
 Aaron L. Xu <liker.xu@foxmail.com>
-Aaron Lehmann <alehmann@netflix.com>
-Aaron Lehmann <alehmann@netflix.com> <aaron.lehmann@docker.com>
 Abhinandan Prativadi <abhi@docker.com>
 Ace Tang <aceapril@126.com>
 Adrien Gallouët <adrien@gallouet.fr> <angt@users.noreply.github.com>
@ -30,10 +27,9 @@ Alessandro Boch <aboch@tetrationanalytics.com> <aboch@docker.com>
 Alex Chen <alexchenunix@gmail.com> <root@localhost.localdomain>
 Alex Ellis <alexellis2@gmail.com>
 Alexander Larsson <alexl@redhat.com> <alexander.larsson@gmail.com>
-Alexander Morozov <lk4d4math@gmail.com>
-Alexander Morozov <lk4d4math@gmail.com> <lk4d4@docker.com>
+Alexander Morozov <lk4d4@docker.com>
+Alexander Morozov <lk4d4@docker.com> <lk4d4math@gmail.com>
 Alexandre Beslic <alexandre.beslic@gmail.com> <abronan@docker.com>
-Alexis Couvreur <alexiscouvreur.pro@gmail.com>
 Alicia Lauerman <alicia@eta.im> <allydevour@me.com>
 Allen Sun <allensun.shl@alibaba-inc.com> <allen.sun@daocloud.io>
 Allen Sun <allensun.shl@alibaba-inc.com> <shlallen1990@gmail.com>
@ -52,18 +48,14 @@ Anuj Bahuguna <anujbahuguna.dev@gmail.com>
 Anuj Bahuguna <anujbahuguna.dev@gmail.com> <abahuguna@fiberlink.com>
 Anusha Ragunathan <anusha.ragunathan@docker.com> <anusha@docker.com>
 Ao Li <la9249@163.com>
-Arko Dasgupta <arko@tetrate.io>
-Arko Dasgupta <arko@tetrate.io> <arko.dasgupta@docker.com>
-Arko Dasgupta <arko@tetrate.io> <arkodg@users.noreply.github.com>
-Arnaud Porterie <icecrime@gmail.com>
-Arnaud Porterie <icecrime@gmail.com> <arnaud.porterie@docker.com>
+Arnaud Porterie <arnaud.porterie@docker.com>
+Arnaud Porterie <arnaud.porterie@docker.com> <icecrime@gmail.com>
 Arthur Gautier <baloo@gandi.net> <superbaloo+registrations.github@superbaloo.net>
 Arthur Peka <arthur.peka@outlook.com> <arthrp@users.noreply.github.com>
 Avi Miller <avi.miller@oracle.com> <avi.miller@gmail.com>
 Ben Bonnefoy <frenchben@docker.com>
 Ben Golub <ben.golub@dotcloud.com>
 Ben Toews <mastahyeti@gmail.com> <mastahyeti@users.noreply.github.com>
-Benjamin Nater <me@bn4t.me>
 Benoit Chesneau <bchesneau@gmail.com>
 Bhiraj Butala <abhiraj.butala@gmail.com>
 Bhumika Bayani <bhumikabayani@gmail.com>
@ -73,8 +65,6 @@ Bin Liu <liubin0329@gmail.com>
 Bin Liu <liubin0329@gmail.com> <liubin0329@users.noreply.github.com>
 Bingshen Wang <bingshen.wbs@alibaba-inc.com>
 Boaz Shuster <ripcurld.github@gmail.com>
-Brad Baker <brad@brad.fi>
-Brad Baker <brad@brad.fi> <88946291+brdbkr@users.noreply.github.com>
 Brandon Philips <brandon.philips@coreos.com> <brandon@ifup.co>
 Brandon Philips <brandon.philips@coreos.com> <brandon@ifup.org>
 Brent Salisbury <brent.salisbury@docker.com> <brent@docker.com>
@ -94,13 +84,11 @@ Chen Qiu <cheney-90@hotmail.com> <21321229@zju.edu.cn>
 Chris Dias <cdias@microsoft.com>
 Chris McKinnel <chris.mckinnel@tangentlabs.co.uk>
 Christopher Biscardi <biscarch@sketcht.com>
-Christopher Crone <christopher.crone@docker.com>
 Christopher Latham <sudosurootdev@gmail.com>
 Christy Norman <christy@linux.vnet.ibm.com>
 Chun Chen <ramichen@tencent.com> <chenchun.feed@gmail.com>
 Comical Derskeal <27731088+derskeal@users.noreply.github.com>
 Corbin Coleman <corbin.coleman@docker.com>
-Cory Bennet <cbennett@netflix.com>
 Cristian Staretu <cristian.staretu@gmail.com>
 Cristian Staretu <cristian.staretu@gmail.com> <unclejack@users.noreply.github.com>
 Cristian Staretu <cristian.staretu@gmail.com> <unclejacksons@gmail.com>
@ -129,20 +117,14 @@ Dattatraya Kumbhar <dattatraya.kumbhar@gslab.com>
 Dave Goodchild <buddhamagnet@gmail.com>
 Dave Henderson <dhenderson@gmail.com> <Dave.Henderson@ca.ibm.com>
 Dave Tucker <dt@docker.com> <dave@dtucker.co.uk>
-David Alvarez <david.alvarez@flyeralarm.com>
-David Alvarez <david.alvarez@flyeralarm.com> <busilezas@gmail.com>
 David M. Karr <davidmichaelkarr@gmail.com>
 David Sheets <dsheets@docker.com> <sheets@alum.mit.edu>
 David Sissitka <me@dsissitka.com>
 David Williamson <david.williamson@docker.com> <davidwilliamson@users.noreply.github.com>
-Derek McGowan <derek@mcg.dev>
-Derek McGowan <derek@mcg.dev> <derek@mcgstyle.net>
 Deshi Xiao <dxiao@redhat.com> <dsxiao@dataman-inc.com>
 Deshi Xiao <dxiao@redhat.com> <xiaods@gmail.com>
 Diego Siqueira <dieg0@live.com>
 Diogo Monica <diogo@docker.com> <diogo.monica@gmail.com>
-Dominik Braun <dominik.braun@nbsp.de>
-Dominik Braun <dominik.braun@nbsp.de> <Dominik.Braun@nbsp.de>
 Dominik Honnef <dominik@honnef.co> <dominikh@fork-bomb.org>
 Doug Davis <dug@us.ibm.com> <duglin@users.noreply.github.com>
 Doug Tangren <d.tangren@gmail.com>
@ -171,8 +153,6 @@ Fengtu Wang <wangfengtu@huawei.com> <wangfengtu@huawei.com>
 Francisco Carriedo <fcarriedo@gmail.com>
 Frank Rosquin <frank.rosquin+github@gmail.com> <frank.rosquin@gmail.com>
 Frederick F. Kautz IV <fkautz@redhat.com> <fkautz@alumni.cmu.edu>
-Gabriel Gore <gabgore@cisco.com>
-Gabriel Gore <gabgore@cisco.com> <gabriel59kg@gmail.com>
 Gabriel Nicolas Avellaneda <avellaneda.gabriel@gmail.com>
 Gaetan de Villele <gdevillele@gmail.com>
 Gang Qiao <qiaohai8866@gmail.com> <1373319223@qq.com>
@ -188,7 +168,6 @@ Guillaume J. Charmes <guillaume.charmes@docker.com> <guillaume@charmes.net>
 Guillaume J. Charmes <guillaume.charmes@docker.com> <guillaume@docker.com>
 Guillaume J. Charmes <guillaume.charmes@docker.com> <guillaume@dotcloud.com>
 Guillaume Le Floch <glfloch@gmail.com>
-Guillaume Tardif <guillaume.tardif@gmail.com>
 Gurjeet Singh <gurjeet@singh.im> <singh.gurjeet@gmail.com>
 Gustav Sinder <gustav.sinder@gmail.com>
 Günther Jungbluth <gunther@gameslabs.net>
@ -221,7 +200,6 @@ Jaivish Kothari <janonymous.codevulture@gmail.com>
 Jake Lambert <jake.lambert@volusion.com>
 Jake Lambert <jake.lambert@volusion.com> <32850427+jake-lambert-volusion@users.noreply.github.com>
 Jamie Hannaford <jamie@limetree.org> <jamie.hannaford@rackspace.com>
-Jean Lecordier  <jeanlecordier@hotmail.fr>
 Jean-Baptiste Barth <jeanbaptiste.barth@gmail.com>
 Jean-Baptiste Dalido <jeanbaptiste@appgratis.com>
 Jean-Pierre Huynh <jean-pierre.huynh@ounet.fr> <jp@moogsoft.com>
@ -248,10 +226,10 @@ Joffrey F <joffrey@docker.com> <joffrey@dotcloud.com>
 Johan Euphrosine <proppy@google.com> <proppy@aminche.com>
 John Harris <john@johnharris.io>
 John Howard <github@lowenna.com>
+John Howard <github@lowenna.com> <John.Howard@microsoft.com>
 John Howard <github@lowenna.com> <jhoward@microsoft.com>
 John Howard <github@lowenna.com> <jhoward@ntdev.microsoft.com>
 John Howard <github@lowenna.com> <jhowardmsft@users.noreply.github.com>
-John Howard <github@lowenna.com> <John.Howard@microsoft.com>
 John Howard <github@lowenna.com> <john.howard@microsoft.com>
 John Stephens <johnstep@docker.com> <johnstep@users.noreply.github.com>
 Jordan Arentsen <blissdev@gmail.com>
@ -284,12 +262,9 @@ Kat Samperi <kat.samperi@gmail.com> <kizzie@users.noreply.github.com>
 Kathryn Spiers <kathryn@spiers.me>
 Kathryn Spiers <kathryn@spiers.me> <kyle@Spiers.me>
 Kathryn Spiers <kathryn@spiers.me> <Kyle@Spiers.me>
-Kelton Bassingthwaite <KeltonBassingthwaite@gmail.com>
-Kelton Bassingthwaite <KeltonBassingthwaite@gmail.com> <github@bassingthwaite.org>
 Ken Cochrane <kencochrane@gmail.com> <KenCochrane@gmail.com>
 Ken Herner <kherner@progress.com> <chosenken@gmail.com>
 Kenfe-Mickaël Laventure <mickael.laventure@gmail.com>
-Kevin Alvarez <crazy-max@users.noreply.github.com>
 Kevin Feyrer <kevin.feyrer@btinternet.com> <kevinfeyrer@users.noreply.github.com>
 Kevin Kern <kaiwentan@harmonycloud.cn>
 Kevin Meredith <kevin.m.meredith@gmail.com>
@ -302,7 +277,6 @@ Konstantin Gribov <grossws@gmail.com>
 Konstantin Pelykh <kpelykh@zettaset.com>
 Kotaro Yoshimatsu <kotaro.yoshimatsu@gmail.com>
 Kunal Kushwaha <kushwaha_kunal_v7@lab.ntt.co.jp> <kunal.kushwaha@gmail.com>
-Kyle Mitofsky <Kylemit@gmail.com>
 Lajos Papp <lajos.papp@sequenceiq.com> <lalyos@yahoo.com>
 Lei Jitang <leijitang@huawei.com>
 Lei Jitang <leijitang@huawei.com> <leijitang@gmail.com>
@ -352,11 +326,9 @@ Matthew Mosesohn <raytrac3r@gmail.com>
 Matthew Mueller <mattmuelle@gmail.com>
 Matthias Kühnle <git.nivoc@neverbox.com> <kuehnle@online.de>
 Mauricio Garavaglia <mauricio@medallia.com> <mauriciogaravaglia@gmail.com>
-Michael Crosby <crosbymichael@gmail.com>
-Michael Crosby <crosbymichael@gmail.com> <crosby.michael@gmail.com>
-Michael Crosby <crosbymichael@gmail.com> <michael@crosbymichael.com>
-Michael Crosby <crosbymichael@gmail.com> <michael@docker.com>
-Michael Crosby <crosbymichael@gmail.com> <michael@thepasture.io>
+Michael Crosby <michael@docker.com> <crosby.michael@gmail.com>
+Michael Crosby <michael@docker.com> <crosbymichael@gmail.com>
+Michael Crosby <michael@docker.com> <michael@crosbymichael.com>
 Michael Hudson-Doyle <michael.hudson@canonical.com> <michael.hudson@linaro.org>
 Michael Huettermann <michael@huettermann.net>
 Michael Käufl <docker@c.michael-kaeufl.de> <michael-k@users.noreply.github.com>
@ -366,8 +338,6 @@ Miguel Angel Alvarez Cabrerizo <doncicuto@gmail.com> <30386061+doncicuto@users.n
 Miguel Angel Fernández <elmendalerenda@gmail.com>
 Mihai Borobocea <MihaiBorob@gmail.com> <MihaiBorobocea@gmail.com>
 Mike Casas <mkcsas0@gmail.com> <mikecasas@users.noreply.github.com>
-Mike Dalton <mikedalton@github.com>
-Mike Dalton <mikedalton@github.com> <19153140+mikedalton@users.noreply.github.com>
 Mike Goelzer <mike.goelzer@docker.com> <mgoelzer@docker.com>
 Milind Chawre <milindchawre@gmail.com>
 Misty Stanley-Jones <misty@docker.com> <misty@apache.org>
@ -382,32 +352,25 @@ Nathan LeClaire <nathan.leclaire@docker.com> <nathan.leclaire@gmail.com>
 Nathan LeClaire <nathan.leclaire@docker.com> <nathanleclaire@gmail.com>
 Neil Horman <nhorman@tuxdriver.com> <nhorman@hmswarspite.think-freely.org>
 Nick Russo <nicholasjamesrusso@gmail.com> <nicholasrusso@icloud.com>
-Nick Santos <nick.santos@docker.com>
-Nick Santos <nick.santos@docker.com> <nick@tilt.dev>
 Nicolas Borboën <ponsfrilus@gmail.com> <ponsfrilus@users.noreply.github.com>
-Nicolas De Loof <nicolas.deloof@gmail.com>
 Nigel Poulton <nigelpoulton@hotmail.com>
 Nik Nyby <nikolas@gnu.org> <nnyby@columbia.edu>
 Nolan Darilek <nolan@thewordnerd.info>
 O.S. Tezer <ostezer@gmail.com>
 O.S. Tezer <ostezer@gmail.com> <ostezer@users.noreply.github.com>
 Oh Jinkyun <tintypemolly@gmail.com> <tintypemolly@Ohui-MacBook-Pro.local>
-Oliver Pomeroy <oppomeroy@gmail.com>
 Ouyang Liduo <oyld0210@163.com>
 Patrick Stapleton <github@gdi2290.com>
 Paul Liljenberg <liljenberg.paul@gmail.com> <letters@paulnotcom.se>
 Pavel Tikhomirov <ptikhomirov@virtuozzo.com> <ptikhomirov@parallels.com>
 Pawel Konczalski <mail@konczalski.de>
-Paweł Pokrywka <pepawel@users.noreply.github.com>
 Peter Choi <phkchoi89@gmail.com> <reikani@Peters-MacBook-Pro.local>
 Peter Dave Hello <hsu@peterdavehello.org> <PeterDaveHello@users.noreply.github.com>
 Peter Hsu <shhsu@microsoft.com>
 Peter Jaffe <pjaffe@nevo.com>
 Peter Nagy <xificurC@gmail.com> <pnagy@gratex.com>
 Peter Waller <p@pwaller.net> <peter@scraperwiki.com>
-Phil Estes <estesp@gmail.com>
-Phil Estes <estesp@gmail.com> <estesp@amazon.com>
-Phil Estes <estesp@gmail.com> <estesp@linux.vnet.ibm.com>
+Phil Estes <estesp@linux.vnet.ibm.com> <estesp@gmail.com>
 Philip Alexander Etling <paetling@gmail.com>
 Philipp Gillé <philipp.gille@gmail.com> <philippgille@users.noreply.github.com>
 Qiang Huang <h.huangqiang@huawei.com>
@ -417,8 +380,6 @@ Renaud Gaubert <rgaubert@nvidia.com> <renaud.gaubert@gmail.com>
 Robert Terhaar <rterhaar@atlanticdynamic.com> <robbyt@users.noreply.github.com>
 Roberto G. Hashioka <roberto.hashioka@docker.com> <roberto_hashioka@hotmail.com>
 Roberto Muñoz Fernández <robertomf@gmail.com> <roberto.munoz.fernandez.contractor@bbva.com>
-Roch Feuillade <roch.feuillade@pandobac.com>
-Roch Feuillade <roch.feuillade@pandobac.com> <46478807+rochfeu@users.noreply.github.com>
 Roman Dudin <katrmr@gmail.com> <decadent@users.noreply.github.com>
 Ross Boucher <rboucher@gmail.com>
 Runshen Zhu <runshen.zhu@gmail.com>
@ -427,7 +388,6 @@ Sakeven Jiang <jc5930@sina.cn>
 Samarth Shah <samashah@microsoft.com>
 Sandeep Bansal <sabansal@microsoft.com>
 Sandeep Bansal <sabansal@microsoft.com> <msabansal@microsoft.com>
-Sandro Jäckel <sandro.jaeckel@gmail.com>
 Sargun Dhillon <sargun@netflix.com> <sargun@sargun.me>
 Sean Lee <seanlee@tw.ibm.com> <scaleoutsean@users.noreply.github.com>
 Sebastiaan van Stijn <github@gone.nl> <sebastiaan@ws-key-sebas3.dpi1.dpi>
@ -450,7 +410,6 @@ Solomon Hykes <solomon@docker.com> <solomon.hykes@dotcloud.com>
 Solomon Hykes <solomon@docker.com> <solomon@dotcloud.com>
 Soshi Katsuta <soshi.katsuta@gmail.com>
 Soshi Katsuta <soshi.katsuta@gmail.com> <katsuta_soshi@cyberagent.co.jp>
-Spring Lee <xi.shuai@outlook.com>
 Sridhar Ratnakumar <sridharr@activestate.com>
 Sridhar Ratnakumar <sridharr@activestate.com> <github@srid.name>
 Srini Brahmaroutu <srbrahma@us.ibm.com> <sbrahma@us.ibm.com>
@ -480,9 +439,7 @@ Sven Dowideit <SvenDowideit@home.org.au> <SvenDowideit@users.noreply.github.com>
 Sven Dowideit <SvenDowideit@home.org.au> <¨SvenDowideit@home.org.au¨>
 Sylvain Bellemare <sylvain@ascribe.io>
 Sylvain Bellemare <sylvain@ascribe.io> <sylvain.bellemare@ezeep.com>
-Takeshi Koenuma <t.koenuma2@gmail.com>
 Tangi Colin <tangicolin@gmail.com>
-Teiva Harsanyi <t.harsanyi@thebeat.co>
 Tejesh Mehta <tejesh.mehta@gmail.com> <tj@init.me>
 Teppei Fukuda <knqyf263@gmail.com>
 Thatcher Peskens <thatcher@docker.com>
@ -507,16 +464,12 @@ Tom Barlow <tomwbarlow@gmail.com>
 Tom Milligan <code@tommilligan.net>
 Tom Milligan <code@tommilligan.net> <tommilligan@users.noreply.github.com>
 Tom Sweeney <tsweeney@redhat.com>
-Tomas Bäckman <larstomas@gmail.com>
-Tomas Bäckman <larstomas@gmail.com> <11527327+larstomas@users.noreply.github.com>
 Tõnis Tiigi <tonistiigi@gmail.com>
 Trishna Guha <trishnaguha17@gmail.com>
 Tristan Carel <tristan@cogniteev.com>
 Tristan Carel <tristan@cogniteev.com> <tristan.carel@gmail.com>
 Ulrich Bareth <ulrich.bareth@gmail.com>
 Ulrich Bareth <ulrich.bareth@gmail.com> <usb79@users.noreply.github.com>
-Ulysses Souza <ulysses.souza@docker.com>
-Ulysses Souza <ulysses.souza@docker.com> <ulyssessouza@gmail.com>
 Umesh Yadav <umesh4257@gmail.com>
 Umesh Yadav <umesh4257@gmail.com> <dungeonmaster18@users.noreply.github.com>
 Victor Lyuboslavsky <victor@victoreda.com>
@ -575,4 +528,3 @@ Zhou Hao <zhouhao@cn.fujitsu.com>
 Zhoulin Xie <zhoulin.xie@daocloud.io>
 Zhu Kunjia <zhu.kunjia@zte.com.cn>
 Zou Yu <zouyu7@huawei.com>
-Александр Менщиков <__Singleton__@hackerdom.ru>
--- a/101
+++ b/101
@ -1,10 +1,9 @@
-# File @generated by scripts/docs/generate-authors.sh. DO NOT EDIT.
-# This file lists all contributors to the repository.
-# See scripts/docs/generate-authors.sh to make modifications.
+# This file lists all individuals having contributed content to the repository.
+# For how it is generated, see `scripts/docs/generate-authors.sh`.

 Aanand Prasad <aanand.prasad@gmail.com>
 Aaron L. Xu <liker.xu@foxmail.com>
-Aaron Lehmann <alehmann@netflix.com>
+Aaron Lehmann <aaron.lehmann@docker.com>
 Aaron.L.Xu <likexu@harmonycloud.cn>
 Abdur Rehman <abdur_rehman@mentor.com>
 Abhinandan Prativadi <abhi@docker.com>
@ -25,27 +24,22 @@ Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 Akim Demaille <akim.demaille@docker.com>
 Alan Thompson <cloojure@gmail.com>
 Albert Callarisa <shark234@gmail.com>
-Alberto Roura <mail@albertoroura.com>
 Albin Kerouanton <albin@akerouanton.name>
 Aleksa Sarai <asarai@suse.de>
 Aleksander Piotrowski <apiotrowski312@gmail.com>
 Alessandro Boch <aboch@tetrationanalytics.com>
-Alex Couture-Beil <alex@earthly.dev>
 Alex Mavrogiannis <alex.mavrogiannis@docker.com>
 Alex Mayer <amayer5125@gmail.com>
 Alexander Boyd <alex@opengroove.org>
 Alexander Larsson <alexl@redhat.com>
-Alexander Morozov <lk4d4math@gmail.com>
+Alexander Morozov <lk4d4@docker.com>
 Alexander Ryabov <i@sepa.spb.ru>
 Alexandre González <agonzalezro@gmail.com>
-Alexey Igrychev <alexey.igrychev@flant.com>
-Alexis Couvreur <alexiscouvreur.pro@gmail.com>
 Alfred Landrum <alfred.landrum@docker.com>
 Alicia Lauerman <alicia@eta.im>
 Allen Sun <allensun.shl@alibaba-inc.com>
 Alvin Deng <alvin.q.deng@utexas.edu>
 Amen Belayneh <amenbelayneh@gmail.com>
-Amey Shrivastava <72866602+AmeyShrivastava@users.noreply.github.com>
 Amir Goldstein <amir73il@aquasec.com>
 Amit Krishnan <amit.krishnan@oracle.com>
 Amit Shukla <amit.shukla@docker.com>
@ -54,8 +48,6 @@ Anca Iordache <anca.iordache@docker.com>
 Anda Xu <anda.xu@docker.com>
 Andrea Luzzardi <aluzzardi@gmail.com>
 Andreas Köhler <andi5.py@gmx.net>
-Andres G. Aragoneses <knocte@gmail.com>
-Andres Leon Rangel <aleon1220@gmail.com>
 Andrew France <andrew@avito.co.uk>
 Andrew Hsu <andrewhsu@docker.com>
 Andrew Macpherson <hopscotch23@gmail.com>
@ -75,9 +67,8 @@ Antonis Kalipetis <akalipetis@gmail.com>
 Anusha Ragunathan <anusha.ragunathan@docker.com>
 Ao Li <la9249@163.com>
 Arash Deshmeh <adeshmeh@ca.ibm.com>
-Arko Dasgupta <arko@tetrate.io>
-Arnaud Porterie <icecrime@gmail.com>
-Arnaud Rebillout <elboulangero@gmail.com>
+Arko Dasgupta <arko.dasgupta@docker.com>
+Arnaud Porterie <arnaud.porterie@docker.com>
 Arthur Peka <arthur.peka@outlook.com>
 Ashwini Oruganti <ashwini.oruganti@gmail.com>
 Azat Khuyiyakhmetov <shadow_uz@mail.ru>
@ -85,23 +76,18 @@ Bardia Keyoumarsi <bkeyouma@ucsc.edu>
 Barnaby Gray <barnaby@pickle.me.uk>
 Bastiaan Bakker <bbakker@xebia.com>
 BastianHofmann <bastianhofmann@me.com>
-Ben Bodenmiller <bbodenmiller@gmail.com>
 Ben Bonnefoy <frenchben@docker.com>
 Ben Creasy <ben@bencreasy.com>
 Ben Firshman <ben@firshman.co.uk>
 Benjamin Boudreau <boudreau.benjamin@gmail.com>
-Benjamin Böhmke <benjamin@boehmke.net>
-Benjamin Nater <me@bn4t.me>
 Benoit Sigoure <tsunanet@gmail.com>
 Bhumika Bayani <bhumikabayani@gmail.com>
 Bill Wang <ozbillwang@gmail.com>
 Bin Liu <liubin0329@gmail.com>
 Bingshen Wang <bingshen.wbs@alibaba-inc.com>
-Bishal Das <bishalhnj127@gmail.com>
 Boaz Shuster <ripcurld.github@gmail.com>
 Bogdan Anton <contact@bogdananton.ro>
 Boris Pruessmann <boris@pruessmann.org>
-Brad Baker <brad@brad.fi>
 Bradley Cicenas <bradley.cicenas@gmail.com>
 Brandon Mitchell <git@bmitch.net>
 Brandon Philips <brandon.philips@coreos.com>
@ -110,7 +96,6 @@ Bret Fisher <bret@bretfisher.com>
 Brian (bex) Exelbierd <bexelbie@redhat.com>
 Brian Goff <cpuguy83@gmail.com>
 Brian Wieder <brian@4wieders.com>
-Bruno Sousa <bruno.sousa@docker.com>
 Bryan Bess <squarejaw@bsbess.com>
 Bryan Boreham <bjboreham@gmail.com>
 Bryan Murphy <bmurphy1976@gmail.com>
@ -129,19 +114,15 @@ Charles Chan <charleswhchan@users.noreply.github.com>
 Charles Law <claw@conduce.com>
 Charles Smith <charles.smith@docker.com>
 Charlie Drage <charlie@charliedrage.com>
-Charlotte Mach <charlotte.mach@fs.lmu.de>
 ChaYoung You <yousbe@gmail.com>
-Chee Hau Lim <cheehau.lim@mobimeo.com>
 Chen Chuanliang <chen.chuanliang@zte.com.cn>
 Chen Hanxiao <chenhanxiao@cn.fujitsu.com>
 Chen Mingjie <chenmingjie0828@163.com>
 Chen Qiu <cheney-90@hotmail.com>
-Chris Couzens <ccouzens@gmail.com>
 Chris Gavin <chris@chrisgavin.me>
 Chris Gibson <chris@chrisg.io>
 Chris McKinnel <chrismckinnel@gmail.com>
 Chris Snow <chsnow123@gmail.com>
-Chris Vermilion <christopher.vermilion@gmail.com>
 Chris Weyl <cweyl@alumni.drew.edu>
 Christian Persson <saser@live.se>
 Christian Stefanescu <st.chris@gmail.com>
@ -150,7 +131,6 @@ Christophe Vidal <kriss@krizalys.com>
 Christopher Biscardi <biscarch@sketcht.com>
 Christopher Crone <christopher.crone@docker.com>
 Christopher Jones <tophj@linux.vnet.ibm.com>
-Christopher Svensson <stoffus@stoffus.com>
 Christy Norman <christy@linux.vnet.ibm.com>
 Chun Chen <ramichen@tencent.com>
 Clinton Kitson <clintonskitson@gmail.com>
@ -159,10 +139,8 @@ Colin Hebert <hebert.colin@gmail.com>
 Collin Guarino <collin.guarino@gmail.com>
 Colm Hally <colmhally@gmail.com>
 Comical Derskeal <27731088+derskeal@users.noreply.github.com>
-Conner Crosby <conner@cavcrosby.tech>
 Corey Farrell <git@cfware.com>
 Corey Quon <corey.quon@docker.com>
-Cory Bennet <cbennett@netflix.com>
 Craig Wilhite <crwilhit@microsoft.com>
 Cristian Staretu <cristian.staretu@gmail.com>
 Daehyeok Mun <daehyeok@gmail.com>
@ -192,13 +170,11 @@ Dattatraya Kumbhar <dattatraya.kumbhar@gslab.com>
 Dave Goodchild <buddhamagnet@gmail.com>
 Dave Henderson <dhenderson@gmail.com>
 Dave Tucker <dt@docker.com>
-David Alvarez <david.alvarez@flyeralarm.com>
 David Beitey <david@davidjb.com>
 David Calavera <david.calavera@gmail.com>
 David Cramer <davcrame@cisco.com>
 David Dooling <dooling@gmail.com>
 David Gageot <david@gageot.net>
-David Karlsson <david.karlsson@docker.com>
 David Lechner <david@lechnology.com>
 David Scott <dave@recoil.org>
 David Sheets <dsheets@docker.com>
@ -210,8 +186,7 @@ Denis Defreyne <denis@soundcloud.com>
 Denis Gladkikh <denis@gladkikh.email>
 Denis Ollier <larchunix@users.noreply.github.com>
 Dennis Docter <dennis@d23.nl>
-Derek McGowan <derek@mcg.dev>
-Des Preston <despreston@gmail.com>
+Derek McGowan <derek@mcgstyle.net>
 Deshi Xiao <dxiao@redhat.com>
 Dharmit Shah <shahdharmit@gmail.com>
 Dhawal Yogesh Bhanushali <dbhanushali@vmware.com>
@ -221,14 +196,12 @@ Dimitry Andric <d.andric@activevideo.com>
 Ding Fei <dingfei@stars.org.cn>
 Diogo Monica <diogo@docker.com>
 Djordje Lukic <djordje.lukic@docker.com>
-Dmitriy Fishman <fishman.code@gmail.com>
 Dmitry Gusev <dmitry.gusev@gmail.com>
 Dmitry Smirnov <onlyjob@member.fsf.org>
 Dmitry V. Krivenok <krivenok.dmitry@gmail.com>
 Dominik Braun <dominik.braun@nbsp.de>
 Don Kjer <don.kjer@gmail.com>
 Dong Chen <dongluo.chen@docker.com>
-DongGeon Lee <secmatth1996@gmail.com>
 Doug Davis <dug@us.ibm.com>
 Drew Erny <derny@mirantis.com>
 Ed Costello <epc@epcostello.com>
@ -238,14 +211,12 @@ Eli Uriegas <seemethere101@gmail.com>
 Elias Faxö <elias.faxo@tre.se>
 Elliot Luo <956941328@qq.com>
 Eric Curtin <ericcurtin17@gmail.com>
-Eric Engestrom <eric@engestrom.ch>
 Eric G. Noriega <enoriega@vizuri.com>
 Eric Rosenberg <ehaydenr@gmail.com>
 Eric Sage <eric.david.sage@gmail.com>
 Eric-Olivier Lamey <eo@lamey.me>
 Erica Windisch <erica@windisch.us>
 Erik Hollensbe <github@hollensbe.org>
-Erik Humphrey <erik.humphrey@carleton.ca>
 Erik St. Martin <alakriti@gmail.com>
 Essam A. Hassan <es.hassan187@gmail.com>
 Ethan Haynes <ethanhaynes@alumni.harvard.edu>
@ -258,10 +229,8 @@ Evelyn Xu <evelynhsu21@gmail.com>
 Everett Toews <everett.toews@rackspace.com>
 Fabio Falci <fabiofalci@gmail.com>
 Fabrizio Soppelsa <fsoppelsa@mirantis.com>
-Felix Geyer <debfx@fobos.de>
 Felix Hupfeld <felix@quobyte.com>
 Felix Rabe <felix@rabe.io>
-fezzik1620 <fezzik1620@users.noreply.github.com>
 Filip Jareš <filipjares@gmail.com>
 Flavio Crisciani <flavio.crisciani@docker.com>
 Florian Klein <florian.klein@free.fr>
@ -273,7 +242,6 @@ Frederic Hemberger <mail@frederic-hemberger.de>
 Frederick F. Kautz IV <fkautz@redhat.com>
 Frederik Nordahl Jul Sabroe <frederikns@gmail.com>
 Frieder Bluemle <frieder.bluemle@gmail.com>
-Gabriel Gore <gabgore@cisco.com>
 Gabriel Nicolas Avellaneda <avellaneda.gabriel@gmail.com>
 Gaetan de Villele <gdevillele@gmail.com>
 Gang Qiao <qiaohai8866@gmail.com>
@ -283,18 +251,13 @@ George MacRorie <gmacr31@gmail.com>
 George Xie <georgexsh@gmail.com>
 Gianluca Borello <g.borello@gmail.com>
 Gildas Cuisinier <gildas.cuisinier@gcuisinier.net>
-Gio d'Amelio <giodamelio@gmail.com>
-Gleb Stsenov <gleb.stsenov@gmail.com>
 Goksu Toprak <goksu.toprak@docker.com>
 Gou Rao <gou@portworx.com>
-Govind Rai <raigovind93@gmail.com>
 Grant Reaber <grant.reaber@gmail.com>
 Greg Pflaum <gpflaum@users.noreply.github.com>
-Gsealy <jiaojingwei1001@hotmail.com>
 Guilhem Lettron <guilhem+github@lettron.fr>
 Guillaume J. Charmes <guillaume.charmes@docker.com>
 Guillaume Le Floch <glfloch@gmail.com>
-Guillaume Tardif <guillaume.tardif@gmail.com>
 gwx296173 <gaojing3@huawei.com>
 Günther Jungbluth <gunther@gameslabs.net>
 Hakan Özler <hakan.ozler@kodcu.com>
@ -315,7 +278,6 @@ Hugo Gabriel Eyherabide <hugogabriel.eyherabide@gmail.com>
 huqun <huqun@zju.edu.cn>
 Huu Nguyen <huu@prismskylabs.com>
 Hyzhou Zhy <hyzhou.zhy@alibaba-inc.com>
-Iain Samuel McLean Elder <iain@isme.es>
 Ian Campbell <ian.campbell@docker.com>
 Ian Philpot <ian.philpot@microsoft.com>
 Ignacio Capurro <icapurrofagian@gmail.com>
@ -325,7 +287,6 @@ Ilya Sotkov <ilya@sotkov.com>
 Ioan Eugen Stan <eu@ieugen.ro>
 Isabel Jimenez <contact.isabeljimenez@gmail.com>
 Ivan Grcic <igrcic@gmail.com>
-Ivan Grund <ivan.grund@gmail.com>
 Ivan Markin <sw@nogoegst.net>
 Jacob Atzen <jacob@jacobatzen.dk>
 Jacob Tomlinson <jacob@tom.linson.uk>
@ -341,18 +302,15 @@ Jan-Jaap Driessen <janjaapdriessen@gmail.com>
 Jana Radhakrishnan <mrjana@docker.com>
 Jared Hocutt <jaredh@netapp.com>
 Jasmine Hegman <jasmine@jhegman.com>
-Jason Hall <jason@chainguard.dev>
 Jason Heiss <jheiss@aput.net>
 Jason Plum <jplum@devonit.com>
 Jay Kamat <github@jgkamat.33mail.com>
-Jean Lecordier <jeanlecordier@hotmail.fr>
 Jean Rouge <rougej+github@gmail.com>
 Jean-Christophe Sirot <jean-christophe.sirot@docker.com>
 Jean-Pierre Huynh <jean-pierre.huynh@ounet.fr>
 Jeff Lindsay <progrium@gmail.com>
 Jeff Nickoloff <jeff.nickoloff@gmail.com>
 Jeff Silberman <jsilberm@gmail.com>
-Jennings Zhang <jenni_zh@protonmail.com>
 Jeremy Chambers <jeremy@thehipbot.com>
 Jeremy Unruh <jeremybunruh@gmail.com>
 Jeremy Yallop <yallop@docker.com>
@ -364,7 +322,6 @@ Jian Zhang <zhangjian.fnst@cn.fujitsu.com>
 Jie Luo <luo612@zju.edu.cn>
 Jilles Oldenbeuving <ojilles@gmail.com>
 Jim Galasyn <jim.galasyn@docker.com>
-Jim Lin <b04705003@ntu.edu.tw>
 Jimmy Leger <jimmy.leger@gmail.com>
 Jimmy Song <rootsongjc@gmail.com>
 jimmyxian <jimmyxian2004@yahoo.com.cn>
@ -381,7 +338,6 @@ Johannes 'fish' Ziemke <github@freigeist.org>
 John Feminella <jxf@jxf.me>
 John Harris <john@johnharris.io>
 John Howard <github@lowenna.com>
-John Howard <howardjohn@google.com>
 John Laswell <john.n.laswell@gmail.com>
 John Maguire <jmaguire@duosecurity.com>
 John Mulhausen <john@docker.com>
@ -391,16 +347,13 @@ John Tims <john.k.tims@gmail.com>
 John V. Martinez <jvmatl@gmail.com>
 John Willis <john.willis@docker.com>
 Jon Johnson <jonjohnson@google.com>
-Jon Zeolla <zeolla@gmail.com>
 Jonatas Baldin <jonatas.baldin@gmail.com>
 Jonathan Boulle <jonathanboulle@gmail.com>
 Jonathan Lee <jonjohn1232009@gmail.com>
 Jonathan Lomas <jonathan@floatinglomas.ca>
 Jonathan McCrohan <jmccrohan@gmail.com>
-Jonathan Warriss-Simmons <misterws@diogenes.ws>
 Jonh Wendell <jonh.wendell@redhat.com>
 Jordan Jennings <jjn2009@gmail.com>
-Jorge Vallecillo <jorgevallecilloc@gmail.com>
 Jose J. Escobar <53836904+jescobar-docker@users.noreply.github.com>
 Joseph Kern <jkern@semafour.net>
 Josh Bodah <jb3689@yahoo.com>
@ -430,11 +383,9 @@ Katie McLaughlin <katie@glasnt.com>
 Ke Xu <leonhartx.k@gmail.com>
 Kei Ohmura <ohmura.kei@gmail.com>
 Keith Hudgins <greenman@greenman.org>
-Kelton Bassingthwaite <KeltonBassingthwaite@gmail.com>
 Ken Cochrane <kencochrane@gmail.com>
 Ken ICHIKAWA <ichikawa.ken@jp.fujitsu.com>
 Kenfe-Mickaël Laventure <mickael.laventure@gmail.com>
-Kevin Alvarez <crazy-max@users.noreply.github.com>
 Kevin Burke <kev@inburke.com>
 Kevin Feyrer <kevin.feyrer@btinternet.com>
 Kevin Kern <kaiwentan@harmonycloud.cn>
@ -450,7 +401,6 @@ Krasi Georgiev <krasi@vip-consult.solutions>
 Kris-Mikael Krister <krismikael@protonmail.com>
 Kun Zhang <zkazure@gmail.com>
 Kunal Kushwaha <kushwaha_kunal_v7@lab.ntt.co.jp>
-Kyle Mitofsky <Kylemit@gmail.com>
 Lachlan Cooper <lachlancooper@gmail.com>
 Lai Jiangshan <jiangshanlai@gmail.com>
 Lars Kellogg-Stedman <lars@redhat.com>
@ -460,7 +410,6 @@ Lee Gaines <eightlimbed@gmail.com>
 Lei Jitang <leijitang@huawei.com>
 Lennie <github@consolejunkie.net>
 Leo Gallucci <elgalu3@gmail.com>
-Leonid Skorospelov <leosko94@gmail.com>
 Lewis Daly <lewisdaly@me.com>
 Li Yi <denverdino@gmail.com>
 Li Yi <weiyuan.yl@alibaba-inc.com>
@ -496,7 +445,6 @@ Manjunath A Kumatagi <mkumatag@in.ibm.com>
 Mansi Nahar <mmn4185@rit.edu>
 mapk0y <mapk0y@gmail.com>
 Marc Bihlmaier <marc.bihlmaier@reddoxx.com>
-Marc Cornellà <hello@mcornella.com>
 Marco Mariani <marco.mariani@alterway.fr>
 Marco Vedovati <mvedovati@suse.com>
 Marcus Martins <marcus@docker.com>
@ -511,7 +459,6 @@ Mason Fish <mason.fish@docker.com>
 Mason Malone <mason.malone@gmail.com>
 Mateusz Major <apkd@users.noreply.github.com>
 Mathieu Champlon <mathieu.champlon@docker.com>
-Mathieu Rollet <matletix@gmail.com>
 Matt Gucci <matt9ucci@gmail.com>
 Matt Robenolt <matt@ydekproductions.com>
 Matteo Orefice <matteo.orefice@bites4bits.software>
@ -520,13 +467,11 @@ Matthieu Hauglustaine <matt.hauglustaine@gmail.com>
 Mauro Porras P <mauroporrasp@gmail.com>
 Max Shytikov <mshytikov@gmail.com>
 Maxime Petazzoni <max@signalfuse.com>
-Maximillian Fan Xavier <maximillianfx@gmail.com>
 Mei ChunTao <mei.chuntao@zte.com.cn>
-Metal <2466052+tedhexaflow@users.noreply.github.com>
 Micah Zoltu <micah@newrelic.com>
 Michael A. Smith <michael@smith-li.com>
 Michael Bridgen <mikeb@squaremobius.net>
-Michael Crosby <crosbymichael@gmail.com>
+Michael Crosby <michael@docker.com>
 Michael Friis <friism@gmail.com>
 Michael Irwin <mikesir87@gmail.com>
 Michael Käufl <docker@c.michael-kaeufl.de>
@ -542,7 +487,6 @@ Mihai Borobocea <MihaiBorob@gmail.com>
 Mihuleacc Sergiu <mihuleac.sergiu@gmail.com>
 Mike Brown <brownwm@us.ibm.com>
 Mike Casas <mkcsas0@gmail.com>
-Mike Dalton <mikedalton@github.com>
 Mike Danese <mikedanese@google.com>
 Mike Dillon <mike@embody.org>
 Mike Goelzer <mike.goelzer@docker.com>
@ -559,12 +503,9 @@ Mohini Anne Dsouza <mohini3917@gmail.com>
 Moorthy RS <rsmoorthy@gmail.com>
 Morgan Bauer <mbauer@us.ibm.com>
 Morten Hekkvang <morten.hekkvang@sbab.se>
-Morten Linderud <morten@linderud.pw>
 Moysés Borges <moysesb@gmail.com>
-Mozi <29089388+pzhlkj6612@users.noreply.github.com>
 Mrunal Patel <mrunalp@gmail.com>
 muicoder <muicoder@gmail.com>
-Murukesh Mohanan <murukesh.mohanan@gmail.com>
 Muthukumar R <muthur@gmail.com>
 Máximo Cuadros <mcuadros@gmail.com>
 Mårten Cassel <marten.cassel@gmail.com>
@ -580,7 +521,6 @@ Nathan LeClaire <nathan.leclaire@docker.com>
 Nathan McCauley <nathan.mccauley@docker.com>
 Neil Peterson <neilpeterson@outlook.com>
 Nick Adcock <nick.adcock@docker.com>
-Nick Santos <nick.santos@docker.com>
 Nico Stapelbroek <nstapelbroek@gmail.com>
 Nicola Kabar <nicolaka@gmail.com>
 Nicolas Borboën <ponsfrilus@gmail.com>
@ -595,8 +535,6 @@ Noah Treuhaft <noah.treuhaft@docker.com>
 O.S. Tezer <ostezer@gmail.com>
 Odin Ugedal <odin@ugedal.com>
 ohmystack <jun.jiang02@ele.me>
-OKA Naoya <git@okanaoya.com>
-Oliver Pomeroy <oppomeroy@gmail.com>
 Olle Jonsson <olle.jonsson@gmail.com>
 Olli Janatuinen <olli.janatuinen@gmail.com>
 Oscar Wieman <oscrx@icloud.com>
@ -612,12 +550,9 @@ Paul Lietar <paul@lietar.net>
 Paul Mulders <justinkb@gmail.com>
 Paul Weaver <pauweave@cisco.com>
 Pavel Pospisil <pospispa@gmail.com>
-Paweł Gronowski <pawel.gronowski@docker.com>
-Paweł Pokrywka <pepawel@users.noreply.github.com>
 Paweł Szczekutowicz <pszczekutowicz@gmail.com>
 Peeyush Gupta <gpeeyush@linux.vnet.ibm.com>
 Per Lundberg <per.lundberg@ecraft.com>
-Peter Dave Hello <hsu@peterdavehello.org>
 Peter Edge <peter.edge@gmail.com>
 Peter Hsu <shhsu@microsoft.com>
 Peter Jaffe <pjaffe@nevo.com>
@ -625,13 +560,11 @@ Peter Kehl <peter.kehl@gmail.com>
 Peter Nagy <xificurC@gmail.com>
 Peter Salvatore <peter@psftw.com>
 Peter Waller <p@pwaller.net>
-Phil Estes <estesp@gmail.com>
+Phil Estes <estesp@linux.vnet.ibm.com>
 Philip Alexander Etling <paetling@gmail.com>
 Philipp Gillé <philipp.gille@gmail.com>
 Philipp Schmied <pschmied@schutzwerk.com>
-Phong Tran <tran.pho@northeastern.edu>
 pidster <pid@pidster.com>
-Pieter E Smit <diepes@github.com>
 pixelistik <pixelistik@users.noreply.github.com>
 Pratik Karki <prertik@outlook.com>
 Prayag Verma <prayag.verma@gmail.com>
@ -641,7 +574,6 @@ Qiang Huang <h.huangqiang@huawei.com>
 Qinglan Peng <qinglanpeng@zju.edu.cn>
 qudongfang <qudongfang@gmail.com>
 Raghavendra K T <raghavendra.kt@linux.vnet.ibm.com>
-Rahul Kadyan <hi@znck.me>
 Rahul Zoldyck <rahulzoldyck@gmail.com>
 Ravi Shekhar Jethani <rsjethani@gmail.com>
 Ray Tsang <rayt@google.com>
@ -650,7 +582,6 @@ Remy Suen <remy.suen@gmail.com>
 Renaud Gaubert <rgaubert@nvidia.com>
 Ricardo N Feliciano <FelicianoTech@gmail.com>
 Rich Moyse <rich@moyse.us>
-Richard Chen Zheng <58443436+rchenzheng@users.noreply.github.com>
 Richard Mathie <richard.mathie@amey.co.uk>
 Richard Scothern <richard.scothern@gmail.com>
 Rick Wieman <git@rickw.nl>
@ -660,7 +591,6 @@ Rob Gulewich <rgulewich@netflix.com>
 Robert Wallis <smilingrob@gmail.com>
 Robin Naundorf <r.naundorf@fh-muenster.de>
 Robin Speekenbrink <robin@kingsquare.nl>
-Roch Feuillade <roch.feuillade@pandobac.com>
 Rodolfo Ortiz <rodolfo.ortiz@definityfirst.com>
 Rogelio Canedo <rcanedo@mappy.priv>
 Rohan Verma <hello@rohanverma.net>
@ -679,13 +609,11 @@ Sainath Grandhi <sainath.grandhi@intel.com>
 Sakeven Jiang <jc5930@sina.cn>
 Sally O'Malley <somalley@redhat.com>
 Sam Neirinck <sam@samneirinck.com>
-Sam Thibault <sam.thibault@docker.com>
 Samarth Shah <samashah@microsoft.com>
 Sambuddha Basu <sambuddhabasu1@gmail.com>
 Sami Tabet <salph.tabet@gmail.com>
 Samuel Cochran <sj26@sj26.com>
 Samuel Karp <skarp@amazon.com>
-Sandro Jäckel <sandro.jaeckel@gmail.com>
 Santhosh Manohar <santhosh@docker.com>
 Sargun Dhillon <sargun@netflix.com>
 Saswat Bhattacharya <sas.saswat@gmail.com>
@ -715,8 +643,7 @@ Slava Semushin <semushin@redhat.com>
 Solomon Hykes <solomon@docker.com>
 Song Gao <song@gao.io>
 Spencer Brown <spencer@spencerbrown.org>
-Spring Lee <xi.shuai@outlook.com>
-squeegels <lmscrewy@gmail.com>
+squeegels <1674195+squeegels@users.noreply.github.com>
 Srini Brahmaroutu <srbrahma@us.ibm.com>
 Stefan S. <tronicum@user.github.com>
 Stefan Scherer <stefan.scherer@docker.com>
@ -727,7 +654,6 @@ Stephen Rust <srust@blockbridge.com>
 Steve Durrheimer <s.durrheimer@gmail.com>
 Steve Richards <steve.richards@docker.com>
 Steven Burgess <steven.a.burgess@hotmail.com>
-Stoica-Marcu Floris-Andrei <floris.sm@gmail.com>
 Subhajit Ghosh <isubuz.g@gmail.com>
 Sun Jianbo <wonderflow.sun@gmail.com>
 Sune Keller <absukl@almbrand.dk>
@ -739,10 +665,7 @@ Sébastien HOUZÉ <cto@verylastroom.com>
 T K Sourabh <sourabhtk37@gmail.com>
 TAGOMORI Satoshi <tagomoris@gmail.com>
 taiji-tech <csuhqg@foxmail.com>
-Takeshi Koenuma <t.koenuma2@gmail.com>
-Takuya Noguchi <takninnovationresearch@gmail.com>
 Taylor Jones <monitorjbl@gmail.com>
-Teiva Harsanyi <t.harsanyi@thebeat.co>
 Tejaswini Duggaraju <naduggar@microsoft.com>
 Tengfei Wang <tfwang@alauda.io>
 Teppei Fukuda <knqyf263@gmail.com>
@ -773,7 +696,6 @@ Tom Fotherby <tom+github@peopleperhour.com>
 Tom Klingenberg <tklingenberg@lastflood.net>
 Tom Milligan <code@tommilligan.net>
 Tom X. Tobin <tomxtobin@tomxtobin.com>
-Tomas Bäckman <larstomas@gmail.com>
 Tomas Tomecek <ttomecek@redhat.com>
 Tomasz Kopczynski <tomek@kopczynski.net.pl>
 Tomáš Hrčka <thrcka@redhat.com>
@ -789,7 +711,6 @@ Ulrich Bareth <ulrich.bareth@gmail.com>
 Ulysses Souza <ulysses.souza@docker.com>
 Umesh Yadav <umesh4257@gmail.com>
 Valentin Lorentz <progval+git@progval.net>
-Vardan Pogosian <vardan.pogosyan@gmail.com>
 Venkateswara Reddy Bukkasamudram <bukkasamudram@outlook.com>
 Veres Lajos <vlajos@gmail.com>
 Victor Vieux <victor.vieux@docker.com>
@ -836,7 +757,6 @@ Yunxiang Huang <hyxqshk@vip.qq.com>
 Zachary Romero <zacromero3@gmail.com>
 Zander Mackie <zmackie@gmail.com>
 zebrilee <zebrilee@gmail.com>
-Zeel B Patel <patel_zeel@iitgn.ac.in>
 Zhang Kun <zkazure@gmail.com>
 Zhang Wei <zhangwei555@huawei.com>
 Zhang Wentao <zhangwentao234@huawei.com>
@ -848,5 +768,4 @@ Zhu Guihua <zhugh.fnst@cn.fujitsu.com>
 Álex González <agonzalezro@gmail.com>
 Álvaro Lázaro <alvaro.lazaro.g@gmail.com>
 Átila Camurça Alves <camurca.home@gmail.com>
-Александр Менщиков <__Singleton__@hackerdom.ru>
 徐俊杰 <paco.xu@daocloud.io>
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@ -333,7 +333,7 @@ mind when nudging others to comply.

 The rules:

-1. All code should be formatted with `gofumpt` (preferred) or `gofmt -s`.
+1. All code should be formatted with `gofmt -s`.
 2. All code should pass the default levels of
   [`golint`](https://github.com/golang/lint).
 3. All code should follow the guidelines covered in [Effective
--- a/99
+++ b/99
@ -1,18 +1,14 @@
 # syntax=docker/dockerfile:1

 ARG BASE_VARIANT=alpine
-ARG GO_VERSION=1.19.7
-ARG ALPINE_VERSION=3.16
-ARG XX_VERSION=1.1.1
-ARG GOVERSIONINFO_VERSION=v1.3.0
-ARG GOTESTSUM_VERSION=v1.8.2
-ARG BUILDX_VERSION=0.10.4
+ARG GO_VERSION=1.18.6
+ARG XX_VERSION=1.1.0

 FROM --platform=$BUILDPLATFORM tonistiigi/xx:${XX_VERSION} AS xx

-FROM --platform=$BUILDPLATFORM golang:${GO_VERSION}-alpine${ALPINE_VERSION} AS build-base-alpine
+FROM --platform=$BUILDPLATFORM golang:${GO_VERSION}-${BASE_VARIANT} AS build-base-alpine
 COPY --from=xx / /
-RUN apk add --no-cache bash clang lld llvm file git
+RUN apk add --no-cache clang lld llvm file git
 WORKDIR /go/src/github.com/docker/cli

 FROM build-base-alpine AS build-alpine
@ -20,34 +16,14 @@ ARG TARGETPLATFORM
 # gcc is installed for libgcc only
 RUN xx-apk add --no-cache musl-dev gcc

-FROM --platform=$BUILDPLATFORM golang:${GO_VERSION}-bullseye AS build-base-bullseye
+FROM --platform=$BUILDPLATFORM golang:${GO_VERSION}-buster AS build-base-buster
 COPY --from=xx / /
-RUN apt-get update && apt-get install --no-install-recommends -y bash clang lld llvm file
+RUN apt-get update && apt-get install --no-install-recommends -y clang lld file
 WORKDIR /go/src/github.com/docker/cli

-FROM build-base-bullseye AS build-bullseye
+FROM build-base-buster AS build-buster
 ARG TARGETPLATFORM
-RUN xx-apt-get install --no-install-recommends -y libc6-dev libgcc-10-dev
-# workaround for issue with llvm 11 for darwin/amd64 platform:
-#  # github.com/docker/cli/cmd/docker
-#  /usr/local/go/pkg/tool/linux_amd64/link: /usr/local/go/pkg/tool/linux_amd64/link: running strip failed: exit status 1
-#  llvm-strip: error: unsupported load command (cmd=0x5)
-# more info: https://github.com/docker/cli/pull/3717
-# FIXME: remove once llvm 12 available on debian
-RUN [ "$TARGETPLATFORM" != "darwin/amd64" ] || ln -sfnT /bin/true /usr/bin/llvm-strip
-
-FROM build-base-${BASE_VARIANT} AS goversioninfo
-ARG GOVERSIONINFO_VERSION
-RUN --mount=type=cache,target=/root/.cache/go-build \
-    --mount=type=cache,target=/go/pkg/mod \
-    GOBIN=/out GO111MODULE=on go install "github.com/josephspurrier/goversioninfo/cmd/goversioninfo@${GOVERSIONINFO_VERSION}"
-
-FROM build-base-${BASE_VARIANT} AS gotestsum
-ARG GOTESTSUM_VERSION
-RUN --mount=type=cache,target=/root/.cache/go-build \
-    --mount=type=cache,target=/go/pkg/mod \
-    GOBIN=/out GO111MODULE=on go install "gotest.tools/gotestsum@${GOTESTSUM_VERSION}" \
-    && /out/gotestsum --version
+RUN xx-apt install --no-install-recommends -y libc6-dev libgcc-8-dev

 FROM build-${BASE_VARIANT} AS build
 # GO_LINKMODE defines if static or dynamic binary should be produced
@ -60,73 +36,16 @@ ARG GO_STRIP
 ARG CGO_ENABLED
 # VERSION sets the version for the produced binary
 ARG VERSION
-# PACKAGER_NAME sets the company that produced the windows binary
-ARG PACKAGER_NAME
-COPY --from=goversioninfo /out/goversioninfo /usr/bin/goversioninfo
-# in bullseye arm64 target does not link with lld so configure it to use ld instead
-RUN [ ! -f /etc/alpine-release ] && xx-info is-cross && [ "$(xx-info arch)" = "arm64" ] && XX_CC_PREFER_LINKER=ld xx-clang --setup-target-triple || true
-RUN --mount=type=bind,target=.,ro \
-    --mount=type=cache,target=/root/.cache \
+RUN --mount=ro --mount=type=cache,target=/root/.cache \
    --mount=from=dockercore/golang-cross:xx-sdk-extras,target=/xx-sdk,src=/xx-sdk \
    --mount=type=tmpfs,target=cli/winresources \
-    # override the default behavior of go with xx-go
    xx-go --wrap && \
    # export GOCACHE=$(go env GOCACHE)/$(xx-info)$([ -f /etc/alpine-release ] && echo "alpine") && \
    TARGET=/out ./scripts/build/binary && \
    xx-verify $([ "$GO_LINKMODE" = "static" ] && echo "--static") /out/docker

-FROM build-${BASE_VARIANT} AS test
-COPY --from=gotestsum /out/gotestsum /usr/bin/gotestsum
-ENV GO111MODULE=auto
-RUN --mount=type=bind,target=.,rw \
-    --mount=type=cache,target=/root/.cache \
-    --mount=type=cache,target=/go/pkg/mod \
-    gotestsum -- -coverprofile=/tmp/coverage.txt $(go list ./... | grep -vE '/vendor/|/e2e/')
-
-FROM scratch AS test-coverage
-COPY --from=test /tmp/coverage.txt /coverage.txt
-
-FROM build-${BASE_VARIANT} AS build-plugins
-ARG GO_LINKMODE=static
-ARG GO_BUILDTAGS
-ARG GO_STRIP
-ARG CGO_ENABLED
-ARG VERSION
-RUN --mount=ro --mount=type=cache,target=/root/.cache \
-    --mount=from=dockercore/golang-cross:xx-sdk-extras,target=/xx-sdk,src=/xx-sdk \
-    xx-go --wrap && \
-    TARGET=/out ./scripts/build/plugins e2e/cli-plugins/plugins/*
-
-FROM build-base-alpine AS e2e-base-alpine
-RUN apk add --no-cache build-base curl docker-compose openssl openssh-client
-
-FROM build-base-bullseye AS e2e-base-bullseye
-RUN apt-get update && apt-get install -y build-essential curl openssl openssh-client
-ARG COMPOSE_VERSION=1.29.2
-RUN curl -fsSL https://github.com/docker/compose/releases/download/${COMPOSE_VERSION}/docker-compose-$(uname -s)-$(uname -m) -o /usr/local/bin/docker-compose && \
-    chmod +x /usr/local/bin/docker-compose
-
-FROM docker/buildx-bin:${BUILDX_VERSION} AS buildx
-
-FROM e2e-base-${BASE_VARIANT} AS e2e
-ARG NOTARY_VERSION=v0.6.1
-ADD --chmod=0755 https://github.com/theupdateframework/notary/releases/download/${NOTARY_VERSION}/notary-Linux-amd64 /usr/local/bin/notary
-COPY e2e/testdata/notary/root-ca.cert /usr/share/ca-certificates/notary.cert
-RUN echo 'notary.cert' >> /etc/ca-certificates.conf && update-ca-certificates
-COPY --from=gotestsum /out/gotestsum /usr/bin/gotestsum
-COPY --from=build /out ./build/
-COPY --from=build-plugins /out ./build/
-COPY --from=buildx /buildx /usr/libexec/docker/cli-plugins/docker-buildx
-COPY . .
-ENV DOCKER_BUILDKIT=1
-ENV PATH=/go/src/github.com/docker/cli/build:$PATH
-CMD ./scripts/test/e2e/entry
-
 FROM build-base-${BASE_VARIANT} AS dev
 COPY . .

 FROM scratch AS binary
 COPY --from=build /out .
-
-FROM scratch AS plugins
-COPY --from=build-plugins /out .
--- a/47
+++ b/47
@ -0,0 +1,47 @@
+pipeline {
+    agent {
+        label "amd64 && ubuntu-1804 && overlay2"
+    }
+
+    options {
+        timeout(time: 60, unit: 'MINUTES')
+    }
+
+    stages {
+        stage("Docker info") {
+            steps {
+                sh "docker version"
+                sh "docker info"
+            }
+        }
+        stage("e2e (non-experimental) - stable engine") {
+            steps {
+                sh "E2E_UNIQUE_ID=clie2e${BUILD_NUMBER} \
+                    IMAGE_TAG=clie2e${BUILD_NUMBER} \
+                    make -f docker.Makefile test-e2e-non-experimental"
+            }
+        }
+        stage("e2e (non-experimental) - 19.03 engine") {
+            steps {
+                sh "E2E_ENGINE_VERSION=19.03-dind \
+                  E2E_UNIQUE_ID=clie2e${BUILD_NUMBER} \
+                  IMAGE_TAG=clie2e${BUILD_NUMBER} \
+                  make -f docker.Makefile test-e2e-non-experimental"
+            }
+        }
+        stage("e2e (experimental)") {
+            steps {
+                sh "E2E_UNIQUE_ID=clie2e${BUILD_NUMBER} \
+                    IMAGE_TAG=clie2e${BUILD_NUMBER} \
+                    make -f docker.Makefile test-e2e-experimental"
+            }
+        }
+        stage("e2e (ssh connhelper)") {
+            steps {
+                sh "E2E_UNIQUE_ID=clie2e${BUILD_NUMBER} \
+                    IMAGE_TAG=clie2e${BUILD_NUMBER} \
+                    make -f docker.Makefile test-e2e-connhelper-ssh"
+            }
+        }
+    }
+}
--- a/32
+++ b/32
@ -24,8 +24,6 @@
 		people = [
 			"albers",
 			"cpuguy83",
-			"ndeloof",
-			"rumpl",
 			"silvin-lubecki",
 			"stevvooe",
 			"thajeztah",
@ -48,11 +46,8 @@
 	# - close an issue or pull request when it's inappropriate or off-topic

 		people = [
-			"bsousaa",
 			"programmerq",
-			"sam-thibault",
-			"thajeztah",
-			"vvoland"
+			"thajeztah"
 		]

 	[Org.Alumni]
@ -83,11 +78,6 @@
 	Email = "github@albersweb.de"
 	GitHub = "albers"

-	[people.bsousaa]
-	Name = "Bruno de Sousa"
-	Email = "bruno.sousa@docker.com"
-	GitHub = "bsousaa"
-
 	[people.cpuguy83]
 	Name = "Brian Goff"
 	Email = "cpuguy83@gmail.com"
@ -98,26 +88,11 @@
 	Email = "dnephin@gmail.com"
 	GitHub = "dnephin"

-	[people.ndeloof]
-	Name = "Nicolas De Loof"
-	Email = "nicolas.deloof@gmail.com"
-	GitHub = "ndeloof"
-
 	[people.programmerq]
 	Name = "Jeff Anderson"
 	Email = "jeff@docker.com"
 	GitHub = "programmerq"

-	[people.rumpl]
-	Name = "Djordje Lukic"
-	Email = "djordje.lukic@docker.com"
-	GitHub = "rumpl"
-
-	[people.sam-thibault]
-	Name = "Sam Thibault"
-	Email = "sam.thibault@docker.com"
-	GitHub = "sam-thibault"
-
 	[people.silvin-lubecki]
 	Name = "Silvin Lubecki"
 	Email = "silvin.lubecki@docker.com"
@ -153,8 +128,3 @@
 	Email = "vieux@docker.com"
 	GitHub = "vieux"

-	[people.vvoland]
-	Name = "Paweł Gronowski"
-	Email = "pawel.gronowski@docker.com"
-	GitHub = "vvoland"
-
--- a/111
+++ b/111
@ -1,86 +1,63 @@
 #
 # github.com/docker/cli
 #
-
-# Sets the name of the company that produced the windows binary.
-PACKAGER_NAME ?=
-
-# The repository doesn't have a go.mod, but "go list", and "gotestsum"
-# expect to be run from a module.
-GO111MODULE=auto
-export GO111MODULE
-
 all: binary

+
 _:=$(shell ./scripts/warn-outside-container $(MAKECMDGOALS))

-.PHONY: dev
-dev: ## start a build container in interactive mode for in-container development
-	@if [ -n "${DISABLE_WARN_OUTSIDE_CONTAINER}" ]; then \
-		echo "you are already in the dev container"; \
-	else \
-		$(MAKE) -f docker.Makefile dev; \
-	fi
-
-.PHONY: shell
-shell: dev ## alias for dev
-
 .PHONY: clean
 clean: ## remove build artifacts
-	rm -rf ./build/* man/man[1-9] docs/yaml
+	rm -rf ./build/* cli/winresources/rsrc_* ./man/man[1-9] docs/yaml/gen
+
+.PHONY: test-unit
+test-unit: ## run unit tests, to change the output format use: GOTESTSUM_FORMAT=(dots|short|standard-quiet|short-verbose|standard-verbose) make test-unit 
+	gotestsum $(TESTFLAGS) -- $${TESTDIRS:-$(shell go list ./... | grep -vE '/vendor/|/e2e/')}

 .PHONY: test
 test: test-unit ## run tests

-.PHONY: test-unit
-test-unit: ## run unit tests, to change the output format use: GOTESTSUM_FORMAT=(dots|short|standard-quiet|short-verbose|standard-verbose) make test-unit
-	gotestsum -- $${TESTDIRS:-$(shell go list ./... | grep -vE '/vendor/|/e2e/')} $(TESTFLAGS)
-
 .PHONY: test-coverage
 test-coverage: ## run test coverage
-	mkdir -p $(CURDIR)/build/coverage
-	gotestsum -- $(shell go list ./... | grep -vE '/vendor/|/e2e/') -coverprofile=$(CURDIR)/build/coverage/coverage.txt
+	gotestsum -- -coverprofile=coverage.txt $(shell go list ./... | grep -vE '/vendor/|/e2e/')
+
+.PHONY: fmt
+fmt:
+	go list -f {{.Dir}} ./... | xargs gofmt -w -s -d

 .PHONY: lint
 lint: ## run all the lint tools
-	golangci-lint run
-
-.PHONY: shellcheck
-shellcheck: ## run shellcheck validation
-	find scripts/ contrib/completion/bash -type f | grep -v scripts/winresources | grep -v '.*.ps1' | xargs shellcheck
-
-.PHONY: fmt
-fmt: ## run gofumpt (if present) or gofmt
-	@if command -v gofumpt > /dev/null; then \
-		gofumpt -w -d -lang=1.19 . ; \
-	else \
-		go list -f {{.Dir}} ./... | xargs gofmt -w -s -d ; \
-	fi
+	gometalinter --config gometalinter.json ./...

 .PHONY: binary
-binary: ## build executable for Linux
+binary:
 	./scripts/build/binary

-.PHONY: dynbinary
-dynbinary: ## build dynamically linked binary
-	GO_LINKMODE=dynamic ./scripts/build/binary
-
 .PHONY: plugins
 plugins: ## build example CLI plugins
 	./scripts/build/plugins

-.PHONY: vendor
-vendor: ## update vendor with go modules
+.PHONY: cross
+cross:
+	./scripts/build/binary
+
+.PHONY: plugins-windows
+plugins-windows: ## build example CLI plugins for Windows
+	./scripts/build/plugins-windows
+
+.PHONY: plugins-osx
+plugins-osx: ## build example CLI plugins for macOS
+	./scripts/build/plugins-osx
+
+.PHONY: dynbinary
+dynbinary: ## build dynamically linked binary
+	GO_LINKMODE=dynamic ./scripts/build/binary
+
+vendor: vendor.conf ## check that vendor matches vendor.conf
 	rm -rf vendor
-	./scripts/vendor update
-
-.PHONY: validate-vendor
-validate-vendor: ## validate vendor
-	./scripts/vendor validate
-
-.PHONY: mod-outdated
-mod-outdated: ## check outdated dependencies
-	./scripts/vendor outdated
+	bash -c 'vndr |& grep -v -i clone | tee ./vndr.log'
+	scripts/validate/check-git-diff vendor
+	scripts/validate/check-all-packages-vendored

 .PHONY: authors
 authors: ## generate AUTHORS file from git history
@ -90,14 +67,28 @@ authors: ## generate AUTHORS file from git history
 manpages: ## generate man pages from go source and markdown
 	scripts/docs/generate-man.sh

-.PHONY: mddocs
-mddocs: ## generate markdown files from go source
-	scripts/docs/generate-md.sh
-
 .PHONY: yamldocs
 yamldocs: ## generate documentation YAML files consumed by docs repo
 	scripts/docs/generate-yaml.sh

+.PHONY: shellcheck
+shellcheck: ## run shellcheck validation
+	scripts/validate/shellcheck
+
 .PHONY: help
 help: ## print this help
 	@awk 'BEGIN {FS = ":.*?## "} /^[a-zA-Z0-9_-]+:.*?## / {gsub("\\\\n",sprintf("\n%22c",""), $$2);printf "\033[36m%-20s\033[0m %s\n", $$1, $$2}' $(MAKEFILE_LIST)
+
+
+cli/compose/schema/bindata.go: cli/compose/schema/data/*.json
+	go generate github.com/docker/cli/cli/compose/schema
+
+compose-jsonschema: cli/compose/schema/bindata.go ## generate compose-file schemas
+	scripts/validate/check-git-diff cli/compose/schema/bindata.go
+
+.PHONY: ci-validate
+ci-validate:
+	time make -B vendor
+	time make -B compose-jsonschema
+	time make manpages
+	time make yamldocs
--- a/README.md
+++ b/README.md
@ -1,72 +1,64 @@
-# Docker CLI
+[![build status](https://circleci.com/gh/docker/cli.svg?style=shield)](https://circleci.com/gh/docker/cli/tree/master)
+[![Build Status](https://ci.docker.com/public/job/cli/job/master/badge/icon)](https://ci.docker.com/public/job/cli/job/master)

-[![PkgGoDev](https://img.shields.io/badge/go.dev-docs-007d9c?logo=go&logoColor=white)](https://pkg.go.dev/github.com/docker/cli)
-[![Build Status](https://img.shields.io/github/actions/workflow/status/docker/cli/build.yml?branch=master&label=build&logo=github)](https://github.com/docker/cli/actions?query=workflow%3Abuild)
-[![Test Status](https://img.shields.io/github/actions/workflow/status/docker/cli/test.yml?branch=master&label=test&logo=github)](https://github.com/docker/cli/actions?query=workflow%3Atest)
-[![Go Report Card](https://goreportcard.com/badge/github.com/docker/cli)](https://goreportcard.com/report/github.com/docker/cli)
-[![Codecov](https://img.shields.io/codecov/c/github/docker/cli?logo=codecov)](https://codecov.io/gh/docker/cli)
-
-## About
+docker/cli
+==========

 This repository is the home of the cli used in the Docker CE and
 Docker EE products.

-## Development
+Development
+===========

 `docker/cli` is developed using Docker.

 Build CLI from source:

-```shell
-docker buildx bake
+```
+$ docker buildx bake
 ```

 Build binaries for all supported platforms:

-```shell
-docker buildx bake cross
+```
+$ docker buildx bake cross
 ```

 Build for a specific platform:

-```shell
-docker buildx bake --set binary.platform=linux/arm64 
+```
+$ docker buildx bake --set binary.platform=linux/arm64 
 ```

 Build dynamic binary for glibc or musl:

-```shell
-USE_GLIBC=1 docker buildx bake dynbinary 
 ```
+$ USE_GLIBC=1 docker buildx bake dynbinary 
+```
+

 Run all linting:

-```shell
-docker buildx bake lint shellcheck
 ```
-
-Run test:
-
-```shell
-docker buildx bake test
+$ make -f docker.Makefile lint
 ```

 List all the available targets:

-```shell
-make help
+```
+$ make help
 ```

 ### In-container development environment

 Start an interactive development environment:

-```shell
-make -f docker.Makefile shell
+```
+$ make -f docker.Makefile shell
 ```

-## Legal
-
+Legal
+=====
 *Brought to you courtesy of our legal counsel. For more context,
 please see the [NOTICE](https://github.com/docker/cli/blob/master/NOTICE) document in this repo.*

@ -78,8 +70,8 @@ violate applicable laws.

 For more information, please see https://www.bis.doc.gov

-## Licensing
-
+Licensing
+=========
 docker/cli is licensed under the Apache License, Version 2.0. See
 [LICENSE](https://github.com/docker/docker/blob/master/LICENSE) for the full
 license text.
--- a/TESTING.md
+++ b/TESTING.md
@ -80,6 +80,6 @@ End-to-end test should run the `docker` binary using
 and make assertions about the exit code, stdout, stderr, and local file system.

 Any Docker image or registry operations should use `registry:5000/<image name>`
-to communicate with the local instance of the registry. To load 
+to communicate with the local instance of the Docker registry. To load 
 additional fixture images to the registry see
 [scripts/test/e2e/run](https://github.com/docker/cli/blob/master/scripts/test/e2e/run).
--- a/2
+++ b/2
@ -1 +1 @@
-23.0.0-dev
+20.10.0-dev
--- a/appveyor.yml
+++ b/appveyor.yml
@ -0,0 +1,23 @@
+version: "{build}"
+
+clone_folder: c:\gopath\src\github.com\docker\cli
+
+environment:
+  GOPATH: c:\gopath
+  GOVERSION: 1.18.6
+  DEPVERSION: v0.4.1
+
+install:
+  - rmdir c:\go /s /q
+  - appveyor DownloadFile https://storage.googleapis.com/golang/go%GOVERSION%.windows-amd64.msi
+  - msiexec /i go%GOVERSION%.windows-amd64.msi /q
+  - go version
+  - go env
+
+deploy: false
+
+build_script:
+  - ps: .\scripts\make.ps1 -Binary
+
+test_script:
+  - ps: .\scripts\make.ps1 -TestUnit
--- a/cli-plugins/manager/cobra.go
+++ b/cli-plugins/manager/cobra.go
@ -1,9 +1,6 @@
 package manager

 import (
-	"fmt"
-	"os"
-
 	"github.com/docker/cli/cli/command"
 	"github.com/spf13/cobra"
 )
@ -34,13 +31,12 @@ const (
 // AddPluginCommandStubs adds a stub cobra.Commands for each valid and invalid
 // plugin. The command stubs will have several annotations added, see
 // `CommandAnnotationPlugin*`.
-func AddPluginCommandStubs(dockerCli command.Cli, rootCmd *cobra.Command) error {
-	plugins, err := ListPlugins(dockerCli, rootCmd)
+func AddPluginCommandStubs(dockerCli command.Cli, cmd *cobra.Command) error {
+	plugins, err := ListPlugins(dockerCli, cmd)
 	if err != nil {
 		return err
 	}
 	for _, p := range plugins {
-		p := p
 		vendor := p.Vendor
 		if vendor == "" {
 			vendor = "unknown"
@ -53,41 +49,11 @@ func AddPluginCommandStubs(dockerCli command.Cli, rootCmd *cobra.Command) error
 		if p.Err != nil {
 			annotations[CommandAnnotationPluginInvalid] = p.Err.Error()
 		}
-		rootCmd.AddCommand(&cobra.Command{
-			Use:                p.Name,
-			Short:              p.ShortDescription,
-			Run:                func(_ *cobra.Command, _ []string) {},
-			Annotations:        annotations,
-			DisableFlagParsing: true,
-			RunE: func(cmd *cobra.Command, args []string) error {
-				flags := rootCmd.PersistentFlags()
-				flags.SetOutput(nil)
-				err := flags.Parse(args)
-				if err != nil {
-					return err
-				}
-				if flags.Changed("help") {
-					cmd.HelpFunc()(rootCmd, args)
-					return nil
-				}
-				return fmt.Errorf("docker: '%s' is not a docker command.\nSee 'docker --help'", cmd.Name())
-			},
-			ValidArgsFunction: func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
-				// Delegate completion to plugin
-				cargs := []string{p.Path, cobra.ShellCompRequestCmd, p.Name}
-				cargs = append(cargs, args...)
-				cargs = append(cargs, toComplete)
-				os.Args = cargs
-				runCommand, err := PluginRunCommand(dockerCli, p.Name, cmd)
-				if err != nil {
-					return nil, cobra.ShellCompDirectiveError
-				}
-				err = runCommand.Run()
-				if err == nil {
-					os.Exit(0) // plugin already rendered complete data
-				}
-				return nil, cobra.ShellCompDirectiveError
-			},
+		cmd.AddCommand(&cobra.Command{
+			Use:         p.Name,
+			Short:       p.ShortDescription,
+			Run:         func(_ *cobra.Command, _ []string) {},
+			Annotations: annotations,
 		})
 	}
 	return nil
--- a/cli-plugins/manager/error_test.go
+++ b/cli-plugins/manager/error_test.go
@ -1,24 +1,24 @@
 package manager

 import (
-	"encoding/json"
 	"fmt"
 	"testing"

+	"github.com/pkg/errors"
+	"gopkg.in/yaml.v2"
 	"gotest.tools/v3/assert"
-	is "gotest.tools/v3/assert/cmp"
 )

 func TestPluginError(t *testing.T) {
 	err := NewPluginError("new error")
-	assert.Check(t, is.Error(err, "new error"))
+	assert.Error(t, err, "new error")

 	inner := fmt.Errorf("testing")
 	err = wrapAsPluginError(inner, "wrapping")
-	assert.Check(t, is.Error(err, "wrapping: testing"))
-	assert.Check(t, is.ErrorIs(err, inner))
+	assert.Error(t, err, "wrapping: testing")
+	assert.Assert(t, errors.Is(err, inner))

-	actual, err := json.Marshal(err)
-	assert.Check(t, err)
-	assert.Check(t, is.Equal(`"wrapping: testing"`, string(actual)))
+	actual, err := yaml.Marshal(err)
+	assert.NilError(t, err)
+	assert.Equal(t, "'wrapping: testing'\n", string(actual))
 }
--- a/cli-plugins/manager/manager.go
+++ b/cli-plugins/manager/manager.go
@ -1,6 +1,7 @@
 package manager

 import (
+	"io/ioutil"
 	"os"
 	"path/filepath"
 	"sort"
@ -56,12 +57,12 @@ func getPluginDirs(dockerCli command.Cli) ([]string, error) {
 }

 func addPluginCandidatesFromDir(res map[string][]string, d string) error {
-	dentries, err := os.ReadDir(d)
+	dentries, err := ioutil.ReadDir(d)
 	if err != nil {
 		return err
 	}
 	for _, dentry := range dentries {
-		switch dentry.Type() & os.ModeType {
+		switch dentry.Mode() & os.ModeType {
 		case 0, os.ModeSymlink:
 			// Regular file or symlink, keep going
 		default:
@ -103,36 +104,6 @@ func listPluginCandidates(dirs []string) (map[string][]string, error) {
 	return result, nil
 }

-// GetPlugin returns a plugin on the system by its name
-func GetPlugin(name string, dockerCli command.Cli, rootcmd *cobra.Command) (*Plugin, error) {
-	pluginDirs, err := getPluginDirs(dockerCli)
-	if err != nil {
-		return nil, err
-	}
-
-	candidates, err := listPluginCandidates(pluginDirs)
-	if err != nil {
-		return nil, err
-	}
-
-	if paths, ok := candidates[name]; ok {
-		if len(paths) == 0 {
-			return nil, errPluginNotFound(name)
-		}
-		c := &candidate{paths[0]}
-		p, err := newPlugin(c, rootcmd)
-		if err != nil {
-			return nil, err
-		}
-		if !IsNotFound(p.Err) {
-			p.ShadowedPaths = paths[1:]
-		}
-		return &p, nil
-	}
-
-	return nil, errPluginNotFound(name)
-}
-
 // ListPlugins produces a list of the plugins available on the system
 func ListPlugins(dockerCli command.Cli, rootcmd *cobra.Command) ([]Plugin, error) {
 	pluginDirs, err := getPluginDirs(dockerCli)
@ -224,8 +195,3 @@ func PluginRunCommand(dockerCli command.Cli, name string, rootcmd *cobra.Command
 	}
 	return nil, errPluginNotFound(name)
 }
-
-// IsPluginCommand checks if the given cmd is a plugin-stub.
-func IsPluginCommand(cmd *cobra.Command) bool {
-	return cmd.Annotations[CommandAnnotationPlugin] == "true"
-}
--- a/cli-plugins/manager/manager_test.go
+++ b/cli-plugins/manager/manager_test.go
@ -82,37 +82,14 @@ func TestListPluginCandidates(t *testing.T) {
 	assert.DeepEqual(t, candidates, exp)
 }

-func TestGetPlugin(t *testing.T) {
-	dir := fs.NewDir(t, t.Name(),
-		fs.WithFile("docker-bbb", `
-#!/bin/sh
-echo '{"SchemaVersion":"0.1.0"}'`, fs.WithMode(0o777)),
-		fs.WithFile("docker-aaa", `
-#!/bin/sh
-echo '{"SchemaVersion":"0.1.0"}'`, fs.WithMode(0o777)),
-	)
-	defer dir.Remove()
-
-	cli := test.NewFakeCli(nil)
-	cli.SetConfigFile(&configfile.ConfigFile{CLIPluginsExtraDirs: []string{dir.Path()}})
-
-	plugin, err := GetPlugin("bbb", cli, &cobra.Command{})
-	assert.NilError(t, err)
-	assert.Equal(t, plugin.Name, "bbb")
-
-	_, err = GetPlugin("ccc", cli, &cobra.Command{})
-	assert.Error(t, err, "Error: No such CLI plugin: ccc")
-	assert.Assert(t, IsNotFound(err))
-}
-
 func TestListPluginsIsSorted(t *testing.T) {
 	dir := fs.NewDir(t, t.Name(),
 		fs.WithFile("docker-bbb", `
 #!/bin/sh
-echo '{"SchemaVersion":"0.1.0"}'`, fs.WithMode(0o777)),
+echo '{"SchemaVersion":"0.1.0"}'`, fs.WithMode(0777)),
 		fs.WithFile("docker-aaa", `
 #!/bin/sh
-echo '{"SchemaVersion":"0.1.0"}'`, fs.WithMode(0o777)),
+echo '{"SchemaVersion":"0.1.0"}'`, fs.WithMode(0777)),
 	)
 	defer dir.Remove()

--- a/cli-plugins/manager/plugin.go
+++ b/cli-plugins/manager/plugin.go
@ -10,7 +10,9 @@ import (
 	"github.com/spf13/cobra"
 )

-var pluginNameRe = regexp.MustCompile("^[a-z][a-z0-9]*$")
+var (
+	pluginNameRe = regexp.MustCompile("^[a-z][a-z0-9]*$")
+)

 // Plugin represents a potential plugin with all it's metadata.
 type Plugin struct {
@ -31,6 +33,8 @@ type Plugin struct {
 // is set, and is always a `pluginError`, but the `Plugin` is still
 // returned with no error. An error is only returned due to a
 // non-recoverable error.
+//
+// nolint: gocyclo
 func newPlugin(c Candidate, rootcmd *cobra.Command) (Plugin, error) {
 	path := c.Path()
 	if path == "" {
@ -67,7 +71,7 @@ func newPlugin(c Candidate, rootcmd *cobra.Command) (Plugin, error) {
 			// Ignore conflicts with commands which are
 			// just plugin stubs (i.e. from a previous
 			// call to AddPluginCommandStubs).
-			if IsPluginCommand(cmd) {
+			if p := cmd.Annotations[CommandAnnotationPlugin]; p == "true" {
 				continue
 			}
 			if cmd.Name() == p.Name {
--- a/cli-plugins/manager/suffix_unix.go
+++ b/cli-plugins/manager/suffix_unix.go
@ -6,7 +6,6 @@ package manager
 func trimExeSuffix(s string) (string, error) {
 	return s, nil
 }
-
 func addExeSuffix(s string) string {
 	return s
 }
--- a/cli-plugins/plugin/plugin.go
+++ b/cli-plugins/plugin/plugin.go
@ -125,17 +125,10 @@ func newPluginCommand(dockerCli *command.DockerCli, plugin *cobra.Command, meta
 		},
 		TraverseChildren:      true,
 		DisableFlagsInUseLine: true,
-		CompletionOptions: cobra.CompletionOptions{
-			DisableDefaultCmd:   false,
-			HiddenDefaultCmd:    true,
-			DisableDescriptions: true,
-		},
 	}
 	opts, flags := cli.SetupPluginRootCommand(cmd)

-	cmd.SetIn(dockerCli.In())
 	cmd.SetOut(dockerCli.Out())
-	cmd.SetErr(dockerCli.Err())

 	cmd.AddCommand(
 		plugin,
@ -167,11 +160,3 @@ func newMetadataSubcommand(plugin *cobra.Command, meta manager.Metadata) *cobra.
 	}
 	return cmd
 }
-
-// RunningStandalone tells a CLI plugin it is run standalone by direct execution
-func RunningStandalone() bool {
-	if os.Getenv(manager.ReexecEnvvar) != "" {
-		return false
-	}
-	return len(os.Args) < 2 || os.Args[1] != manager.MetadataSubcommandName
-}
--- a/cli/cobra.go
+++ b/cli/cobra.go
@ -3,17 +3,12 @@ package cli
 import (
 	"fmt"
 	"os"
-	"path/filepath"
-	"sort"
 	"strings"

 	pluginmanager "github.com/docker/cli/cli-plugins/manager"
 	"github.com/docker/cli/cli/command"
-	"github.com/docker/cli/cli/config"
+	cliconfig "github.com/docker/cli/cli/config"
 	cliflags "github.com/docker/cli/cli/flags"
-	"github.com/docker/docker/pkg/homedir"
-	"github.com/docker/docker/registry"
-	"github.com/fvbommel/sortorder"
 	"github.com/moby/term"
 	"github.com/morikuni/aec"
 	"github.com/pkg/errors"
@ -27,21 +22,15 @@ func setupCommonRootCommand(rootCmd *cobra.Command) (*cliflags.ClientOptions, *p
 	opts := cliflags.NewClientOptions()
 	flags := rootCmd.Flags()

-	flags.StringVar(&opts.ConfigDir, "config", config.Dir(), "Location of client config files")
-	opts.InstallFlags(flags)
+	flags.StringVar(&opts.ConfigDir, "config", cliconfig.Dir(), "Location of client config files")
+	opts.Common.InstallFlags(flags)

 	cobra.AddTemplateFunc("add", func(a, b int) int { return a + b })
-	cobra.AddTemplateFunc("hasAliases", hasAliases)
 	cobra.AddTemplateFunc("hasSubCommands", hasSubCommands)
-	cobra.AddTemplateFunc("hasTopCommands", hasTopCommands)
 	cobra.AddTemplateFunc("hasManagementSubCommands", hasManagementSubCommands)
-	cobra.AddTemplateFunc("hasSwarmSubCommands", hasSwarmSubCommands)
 	cobra.AddTemplateFunc("hasInvalidPlugins", hasInvalidPlugins)
-	cobra.AddTemplateFunc("topCommands", topCommands)
-	cobra.AddTemplateFunc("commandAliases", commandAliases)
 	cobra.AddTemplateFunc("operationSubCommands", operationSubCommands)
 	cobra.AddTemplateFunc("managementSubCommands", managementSubCommands)
-	cobra.AddTemplateFunc("orchestratorSubCommands", orchestratorSubCommands)
 	cobra.AddTemplateFunc("invalidPlugins", invalidPlugins)
 	cobra.AddTemplateFunc("wrappedFlagUsages", wrappedFlagUsages)
 	cobra.AddTemplateFunc("vendorAndVersion", vendorAndVersion)
@ -61,17 +50,7 @@ func setupCommonRootCommand(rootCmd *cobra.Command) (*cliflags.ClientOptions, *p
 	rootCmd.PersistentFlags().MarkShorthandDeprecated("help", "please use --help")
 	rootCmd.PersistentFlags().Lookup("help").Hidden = true

-	rootCmd.Annotations = map[string]string{
-		"additionalHelp":      "For more help on how to use Docker, head to https://docs.docker.com/go/guides/",
-		"docs.code-delimiter": `"`, // https://github.com/docker/cli-docs-tool/blob/77abede22166eaea4af7335096bdcedd043f5b19/annotation/annotation.go#L20-L22
-	}
-
-	// Configure registry.CertsDir() when running in rootless-mode
-	if os.Getenv("ROOTLESSKIT_STATE_DIR") != "" {
-		if configHome, err := homedir.GetConfigHome(); err == nil {
-			registry.SetCertsDir(filepath.Join(configHome, "docker/certs.d"))
-		}
-	}
+	rootCmd.Annotations = map[string]string{"additionalHelp": "To get more help with docker, check out our guides at https://docs.docker.com/go/guides/"}

 	return opts, flags, helpCommand
 }
@ -79,8 +58,11 @@ func setupCommonRootCommand(rootCmd *cobra.Command) (*cliflags.ClientOptions, *p
 // SetupRootCommand sets default usage, help, and error handling for the
 // root command.
 func SetupRootCommand(rootCmd *cobra.Command) (*cliflags.ClientOptions, *pflag.FlagSet, *cobra.Command) {
+	opts, flags, helpCmd := setupCommonRootCommand(rootCmd)
+
 	rootCmd.SetVersionTemplate("Docker version {{.Version}}\n")
-	return setupCommonRootCommand(rootCmd)
+
+	return opts, flags, helpCmd
 }

 // SetupPluginRootCommand sets default usage, help and error handling for a plugin root command.
@ -119,13 +101,7 @@ type TopLevelCommand struct {

 // NewTopLevelCommand returns a new TopLevelCommand object
 func NewTopLevelCommand(cmd *cobra.Command, dockerCli *command.DockerCli, opts *cliflags.ClientOptions, flags *pflag.FlagSet) *TopLevelCommand {
-	return &TopLevelCommand{
-		cmd:       cmd,
-		dockerCli: dockerCli,
-		opts:      opts,
-		flags:     flags,
-		args:      os.Args[1:],
-	}
+	return &TopLevelCommand{cmd, dockerCli, opts, flags, os.Args[1:]}
 }

 // SetArgs sets the args (default os.Args[:1] used to invoke the command
@ -181,7 +157,7 @@ func (tcmd *TopLevelCommand) HandleGlobalFlags() (*cobra.Command, []string, erro

 // Initialize finalises global option parsing and initializes the docker client.
 func (tcmd *TopLevelCommand) Initialize(ops ...command.InitializeOpt) error {
-	tcmd.opts.SetDefaultOptions(tcmd.flags)
+	tcmd.opts.Common.SetDefaultOptions(tcmd.flags)
 	return tcmd.dockerCli.Initialize(tcmd.opts, ops...)
 }

@ -234,13 +210,9 @@ func isExperimental(cmd *cobra.Command) bool {
 }

 func additionalHelp(cmd *cobra.Command) string {
-	if msg, ok := cmd.Annotations["additionalHelp"]; ok {
-		out := cmd.OutOrStderr()
-		if _, isTerminal := term.GetFdInfo(out); !isTerminal {
-			return msg
-		}
+	if additionalHelp, ok := cmd.Annotations["additionalHelp"]; ok {
 		style := aec.EmptyBuilder.Bold().ANSI
-		return style.Apply(msg)
+		return style.Apply(additionalHelp)
 	}
 	return ""
 }
@ -250,11 +222,7 @@ func hasAdditionalHelp(cmd *cobra.Command) bool {
 }

 func isPlugin(cmd *cobra.Command) bool {
-	return pluginmanager.IsPluginCommand(cmd)
-}
-
-func hasAliases(cmd *cobra.Command) bool {
-	return len(cmd.Aliases) > 0 || cmd.Annotations["aliases"] != ""
+	return cmd.Annotations[pluginmanager.CommandAnnotationPlugin] == "true"
 }

 func hasSubCommands(cmd *cobra.Command) bool {
@ -265,69 +233,16 @@ func hasManagementSubCommands(cmd *cobra.Command) bool {
 	return len(managementSubCommands(cmd)) > 0
 }

-func hasSwarmSubCommands(cmd *cobra.Command) bool {
-	return len(orchestratorSubCommands(cmd)) > 0
-}
-
 func hasInvalidPlugins(cmd *cobra.Command) bool {
 	return len(invalidPlugins(cmd)) > 0
 }

-func hasTopCommands(cmd *cobra.Command) bool {
-	return len(topCommands(cmd)) > 0
-}
-
-// commandAliases is a templating function to return aliases for the command,
-// formatted as the full command as they're called (contrary to the default
-// Aliases function, which only returns the subcommand).
-func commandAliases(cmd *cobra.Command) string {
-	if cmd.Annotations["aliases"] != "" {
-		return cmd.Annotations["aliases"]
-	}
-	var parentPath string
-	if cmd.HasParent() {
-		parentPath = cmd.Parent().CommandPath() + " "
-	}
-	aliases := cmd.CommandPath()
-	for _, alias := range cmd.Aliases {
-		aliases += ", " + parentPath + alias
-	}
-	return aliases
-}
-
-func topCommands(cmd *cobra.Command) []*cobra.Command {
-	cmds := []*cobra.Command{}
-	if cmd.Parent() != nil {
-		// for now, only use top-commands for the root-command, and skip
-		// for sub-commands
-		return cmds
-	}
-	for _, sub := range cmd.Commands() {
-		if isPlugin(sub) || !sub.IsAvailableCommand() {
-			continue
-		}
-		if _, ok := sub.Annotations["category-top"]; ok {
-			cmds = append(cmds, sub)
-		}
-	}
-	sort.SliceStable(cmds, func(i, j int) bool {
-		return sortorder.NaturalLess(cmds[i].Annotations["category-top"], cmds[j].Annotations["category-top"])
-	})
-	return cmds
-}
-
 func operationSubCommands(cmd *cobra.Command) []*cobra.Command {
 	cmds := []*cobra.Command{}
 	for _, sub := range cmd.Commands() {
 		if isPlugin(sub) {
 			continue
 		}
-		if _, ok := sub.Annotations["category-top"]; ok {
-			if cmd.Parent() == nil {
-				// for now, only use top-commands for the root-command
-				continue
-			}
-		}
 		if sub.IsAvailableCommand() && !sub.HasSubCommands() {
 			cmds = append(cmds, sub)
 		}
@ -363,27 +278,6 @@ func vendorAndVersion(cmd *cobra.Command) string {
 }

 func managementSubCommands(cmd *cobra.Command) []*cobra.Command {
-	cmds := []*cobra.Command{}
-	for _, sub := range allManagementSubCommands(cmd) {
-		if _, ok := sub.Annotations["swarm"]; ok {
-			continue
-		}
-		cmds = append(cmds, sub)
-	}
-	return cmds
-}
-
-func orchestratorSubCommands(cmd *cobra.Command) []*cobra.Command {
-	cmds := []*cobra.Command{}
-	for _, sub := range allManagementSubCommands(cmd) {
-		if _, ok := sub.Annotations["swarm"]; ok {
-			cmds = append(cmds, sub)
-		}
-	}
-	return cmds
-}
-
-func allManagementSubCommands(cmd *cobra.Command) []*cobra.Command {
 	cmds := []*cobra.Command{}
 	for _, sub := range cmd.Commands() {
 		if isPlugin(sub) {
@ -432,10 +326,10 @@ EXPERIMENTAL:
  https://docs.docker.com/go/experimental/

 {{- end}}
-{{- if hasAliases . }}
+{{- if gt .Aliases 0}}

 Aliases:
-  {{ commandAliases . }}
+  {{.NameAndAliases}}

 {{- end}}
 {{- if .HasExample}}
@ -444,20 +338,11 @@ Examples:
 {{ .Example }}

 {{- end}}
-{{- if .HasParent}}
 {{- if .HasAvailableFlags}}

 Options:
 {{ wrappedFlagUsages . | trimRightSpace}}

-{{- end}}
-{{- end}}
-{{- if hasTopCommands .}}
-
-Common Commands:
-{{- range topCommands .}}
-  {{rpad (decoratedName .) (add .NamePadding 1)}}{{.Short}}
-{{- end}}
 {{- end}}
 {{- if hasManagementSubCommands . }}

@ -467,15 +352,6 @@ Management Commands:
  {{rpad (decoratedName .) (add .NamePadding 1)}}{{.Short}}{{ if isPlugin .}} {{vendorAndVersion .}}{{ end}}
 {{- end}}

-{{- end}}
-{{- if hasSwarmSubCommands . }}
-
-Swarm Commands:
-
-{{- range orchestratorSubCommands . }}
-  {{rpad (decoratedName .) (add .NamePadding 1)}}{{.Short}}{{ if isPlugin .}} {{vendorAndVersion .}}{{ end}}
-{{- end}}
-
 {{- end}}
 {{- if hasSubCommands .}}

@ -494,14 +370,6 @@ Invalid Plugins:
  {{rpad .Name .NamePadding }} {{invalidPluginReason .}}
 {{- end}}

-{{- end}}
-{{- if not .HasParent}}
-{{- if .HasAvailableFlags}}
-
-Global Options:
-{{ wrappedFlagUsages . | trimRightSpace}}
-
-{{- end}}
 {{- end}}

 {{- if .HasSubCommands }}
@ -511,7 +379,6 @@ Run '{{.CommandPath}} COMMAND --help' for more information on a command.
 {{- if hasAdditionalHelp .}}

 {{ additionalHelp . }}
-
 {{- end}}
 `

--- a/cli/cobra_test.go
+++ b/cli/cobra_test.go
@ -78,23 +78,6 @@ func TestInvalidPlugin(t *testing.T) {
 	assert.DeepEqual(t, invalidPlugins(root), []*cobra.Command{sub1}, cmpopts.IgnoreUnexported(cobra.Command{}))
 }

-func TestCommandAliases(t *testing.T) {
-	root := &cobra.Command{Use: "root"}
-	sub := &cobra.Command{Use: "subcommand", Aliases: []string{"alias1", "alias2"}}
-	sub2 := &cobra.Command{Use: "subcommand2", Annotations: map[string]string{"aliases": "root foo, root bar"}}
-	root.AddCommand(sub)
-	root.AddCommand(sub2)
-
-	assert.Equal(t, hasAliases(sub), true)
-	assert.Equal(t, commandAliases(sub), "root subcommand, root alias1, root alias2")
-	assert.Equal(t, hasAliases(sub2), true)
-	assert.Equal(t, commandAliases(sub2), "root foo, root bar")
-
-	sub.Annotations = map[string]string{"aliases": "custom alias, custom alias 2"}
-	assert.Equal(t, hasAliases(sub), true)
-	assert.Equal(t, commandAliases(sub), "custom alias, custom alias 2")
-}
-
 func TestDecoratedName(t *testing.T) {
 	root := &cobra.Command{Use: "root"}
 	topLevelCommand := &cobra.Command{Use: "pluginTopLevelCommand"}
--- a/cli/command/builder/prune.go
+++ b/cli/command/builder/prune.go
@ -7,7 +7,6 @@ import (

 	"github.com/docker/cli/cli"
 	"github.com/docker/cli/cli/command"
-	"github.com/docker/cli/cli/command/completion"
 	"github.com/docker/cli/opts"
 	"github.com/docker/docker/api/types"
 	units "github.com/docker/go-units"
@ -40,14 +39,13 @@ func NewPruneCommand(dockerCli command.Cli) *cobra.Command {
 			fmt.Fprintln(dockerCli.Out(), "Total reclaimed space:", units.HumanSize(float64(spaceReclaimed)))
 			return nil
 		},
-		Annotations:       map[string]string{"version": "1.39"},
-		ValidArgsFunction: completion.NoComplete,
+		Annotations: map[string]string{"version": "1.39"},
 	}

 	flags := cmd.Flags()
 	flags.BoolVarP(&options.force, "force", "f", false, "Do not prompt for confirmation")
 	flags.BoolVarP(&options.all, "all", "a", false, "Remove all unused build cache, not just dangling ones")
-	flags.Var(&options.filter, "filter", `Provide filter values (e.g. "until=24h")`)
+	flags.Var(&options.filter, "filter", "Provide filter values (e.g. 'until=24h')")
 	flags.Var(&options.keepStorage, "keep-storage", "Amount of disk space to keep for cache")

 	return cmd
--- a/cli/command/checkpoint/create.go
+++ b/cli/command/checkpoint/create.go
@ -6,7 +6,6 @@ import (

 	"github.com/docker/cli/cli"
 	"github.com/docker/cli/cli/command"
-	"github.com/docker/cli/cli/command/completion"
 	"github.com/docker/docker/api/types"
 	"github.com/spf13/cobra"
 )
@ -30,7 +29,6 @@ func newCreateCommand(dockerCli command.Cli) *cobra.Command {
 			opts.checkpoint = args[1]
 			return runCreate(dockerCli, opts)
 		},
-		ValidArgsFunction: completion.NoComplete,
 	}

 	flags := cmd.Flags()
--- a/cli/command/checkpoint/create_test.go
+++ b/cli/command/checkpoint/create_test.go
@ -1,7 +1,7 @@
 package checkpoint

 import (
-	"io"
+	"io/ioutil"
 	"strings"
 	"testing"

@ -41,7 +41,7 @@ func TestCheckpointCreateErrors(t *testing.T) {
 		})
 		cmd := newCreateCommand(cli)
 		cmd.SetArgs(tc.args)
-		cmd.SetOut(io.Discard)
+		cmd.SetOut(ioutil.Discard)
 		assert.ErrorContains(t, cmd.Execute(), tc.expectedError)
 	}
 }
--- a/cli/command/checkpoint/list.go
+++ b/cli/command/checkpoint/list.go
@ -5,7 +5,6 @@ import (

 	"github.com/docker/cli/cli"
 	"github.com/docker/cli/cli/command"
-	"github.com/docker/cli/cli/command/completion"
 	"github.com/docker/cli/cli/command/formatter"
 	"github.com/docker/docker/api/types"
 	"github.com/spf13/cobra"
@ -26,13 +25,13 @@ func newListCommand(dockerCli command.Cli) *cobra.Command {
 		RunE: func(cmd *cobra.Command, args []string) error {
 			return runList(dockerCli, args[0], opts)
 		},
-		ValidArgsFunction: completion.ContainerNames(dockerCli, false),
 	}

 	flags := cmd.Flags()
 	flags.StringVarP(&opts.checkpointDir, "checkpoint-dir", "", "", "Use a custom checkpoint storage directory")

 	return cmd
+
 }

 func runList(dockerCli command.Cli, container string, opts listOptions) error {
--- a/cli/command/checkpoint/list_test.go
+++ b/cli/command/checkpoint/list_test.go
@ -1,7 +1,7 @@
 package checkpoint

 import (
-	"io"
+	"io/ioutil"
 	"testing"

 	"github.com/docker/cli/internal/test"
@ -41,7 +41,7 @@ func TestCheckpointListErrors(t *testing.T) {
 		})
 		cmd := newListCommand(cli)
 		cmd.SetArgs(tc.args)
-		cmd.SetOut(io.Discard)
+		cmd.SetOut(ioutil.Discard)
 		assert.ErrorContains(t, cmd.Execute(), tc.expectedError)
 	}
 }
--- a/cli/command/checkpoint/remove_test.go
+++ b/cli/command/checkpoint/remove_test.go
@ -1,7 +1,7 @@
 package checkpoint

 import (
-	"io"
+	"io/ioutil"
 	"testing"

 	"github.com/docker/cli/internal/test"
@ -40,7 +40,7 @@ func TestCheckpointRemoveErrors(t *testing.T) {
 		})
 		cmd := newRemoveCommand(cli)
 		cmd.SetArgs(tc.args)
-		cmd.SetOut(io.Discard)
+		cmd.SetOut(ioutil.Discard)
 		assert.ErrorContains(t, cmd.Execute(), tc.expectedError)
 	}
 }
--- a/cli/command/cli.go
+++ b/cli/command/cli.go
@ -2,17 +2,17 @@ package command

 import (
 	"context"
-	"fmt"
 	"io"
+	"io/ioutil"
 	"os"
 	"path/filepath"
 	"runtime"
 	"strconv"
 	"strings"
-	"sync"
 	"time"

 	"github.com/docker/cli/cli/config"
+	cliconfig "github.com/docker/cli/cli/config"
 	"github.com/docker/cli/cli/config/configfile"
 	dcontext "github.com/docker/cli/cli/context"
 	"github.com/docker/cli/cli/context/docker"
@ -27,17 +27,17 @@ import (
 	dopts "github.com/docker/cli/opts"
 	"github.com/docker/docker/api"
 	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/api/types/registry"
-	"github.com/docker/docker/api/types/swarm"
+	registrytypes "github.com/docker/docker/api/types/registry"
 	"github.com/docker/docker/client"
 	"github.com/docker/go-connections/tlsconfig"
+	"github.com/moby/term"
 	"github.com/pkg/errors"
 	"github.com/spf13/cobra"
+	"github.com/theupdateframework/notary"
 	notaryclient "github.com/theupdateframework/notary/client"
+	"github.com/theupdateframework/notary/passphrase"
 )

-const defaultInitTimeout = 2 * time.Second
-
 // Streams is an interface which exposes the standard input and output streams
 type Streams interface {
 	In() *streams.In
@ -55,15 +55,15 @@ type Cli interface {
 	Apply(ops ...DockerCliOption) error
 	ConfigFile() *configfile.ConfigFile
 	ServerInfo() ServerInfo
+	ClientInfo() ClientInfo
 	NotaryClient(imgRefAndAuth trust.ImageRefAndAuth, actions []string) (notaryclient.Repository, error)
 	DefaultVersion() string
-	CurrentVersion() string
 	ManifestStore() manifeststore.Store
 	RegistryClient(bool) registryclient.RegistryClient
 	ContentTrustEnabled() bool
-	BuildKitEnabled() (bool, error)
 	ContextStore() store.Store
 	CurrentContext() string
+	StackOrchestrator(flagValue string) (Orchestrator, error)
 	DockerEndpoint() docker.Endpoint
 }

@ -71,43 +71,26 @@ type Cli interface {
 // Instances of the client can be returned from NewDockerCli.
 type DockerCli struct {
 	configFile         *configfile.ConfigFile
-	options            *cliflags.ClientOptions
 	in                 *streams.In
 	out                *streams.Out
 	err                io.Writer
 	client             client.APIClient
 	serverInfo         ServerInfo
+	clientInfo         *ClientInfo
 	contentTrust       bool
 	contextStore       store.Store
 	currentContext     string
-	init               sync.Once
-	initErr            error
 	dockerEndpoint     docker.Endpoint
 	contextStoreConfig store.Config
-	initTimeout        time.Duration
 }

-// DefaultVersion returns api.defaultVersion.
+// DefaultVersion returns api.defaultVersion or DOCKER_API_VERSION if specified.
 func (cli *DockerCli) DefaultVersion() string {
-	return api.DefaultVersion
-}
-
-// CurrentVersion returns the API version currently negotiated, or the default
-// version otherwise.
-func (cli *DockerCli) CurrentVersion() string {
-	_ = cli.initialize()
-	if cli.client == nil {
-		return api.DefaultVersion
-	}
-	return cli.client.ClientVersion()
+	return cli.ClientInfo().DefaultVersion
 }

 // Client returns the APIClient
 func (cli *DockerCli) Client() client.APIClient {
-	if err := cli.initialize(); err != nil {
-		_, _ = fmt.Fprintf(cli.Err(), "Failed to initialize: %s\n", err)
-		os.Exit(1)
-	}
 	return cli.client
 }

@ -142,44 +125,64 @@ func ShowHelp(err io.Writer) func(*cobra.Command, []string) error {

 // ConfigFile returns the ConfigFile
 func (cli *DockerCli) ConfigFile() *configfile.ConfigFile {
-	// TODO(thaJeztah): when would this happen? Is this only in tests (where cli.Initialize() is not called first?)
 	if cli.configFile == nil {
-		cli.configFile = config.LoadDefaultConfigFile(cli.err)
+		cli.loadConfigFile()
 	}
 	return cli.configFile
 }

+func (cli *DockerCli) loadConfigFile() {
+	cli.configFile = cliconfig.LoadDefaultConfigFile(cli.err)
+}
+
 // ServerInfo returns the server version details for the host this client is
 // connected to
 func (cli *DockerCli) ServerInfo() ServerInfo {
-	_ = cli.initialize()
 	return cli.serverInfo
 }

+// ClientInfo returns the client details for the cli
+func (cli *DockerCli) ClientInfo() ClientInfo {
+	if cli.clientInfo == nil {
+		if err := cli.loadClientInfo(); err != nil {
+			panic(err)
+		}
+	}
+	return *cli.clientInfo
+}
+
+func (cli *DockerCli) loadClientInfo() error {
+	var v string
+	if cli.client != nil {
+		v = cli.client.ClientVersion()
+	} else {
+		v = api.DefaultVersion
+	}
+	cli.clientInfo = &ClientInfo{
+		DefaultVersion:  v,
+		HasExperimental: true,
+	}
+	return nil
+}
+
 // ContentTrustEnabled returns whether content trust has been enabled by an
 // environment variable.
 func (cli *DockerCli) ContentTrustEnabled() bool {
 	return cli.contentTrust
 }

-// BuildKitEnabled returns buildkit is enabled or not.
-func (cli *DockerCli) BuildKitEnabled() (bool, error) {
-	// use DOCKER_BUILDKIT env var value if set
-	if v, ok := os.LookupEnv("DOCKER_BUILDKIT"); ok {
-		enabled, err := strconv.ParseBool(v)
+// BuildKitEnabled returns whether buildkit is enabled either through a daemon setting
+// or otherwise the client-side DOCKER_BUILDKIT environment variable
+func BuildKitEnabled(si ServerInfo) (bool, error) {
+	buildkitEnabled := si.BuildkitVersion == types.BuilderBuildKit
+	if buildkitEnv := os.Getenv("DOCKER_BUILDKIT"); buildkitEnv != "" {
+		var err error
+		buildkitEnabled, err = strconv.ParseBool(buildkitEnv)
 		if err != nil {
 			return false, errors.Wrap(err, "DOCKER_BUILDKIT environment variable expects boolean value")
 		}
-		return enabled, nil
 	}
-	// if a builder alias is defined, we are using BuildKit
-	aliasMap := cli.ConfigFile().Aliases
-	if _, ok := aliasMap["builder"]; ok {
-		return true, nil
-	}
-	// otherwise, assume BuildKit is enabled but
-	// not if wcow reported from server side
-	return cli.ServerInfo().OSType != "windows", nil
+	return buildkitEnabled, nil
 }

 // ManifestStore returns a store for local manifests
@ -191,7 +194,7 @@ func (cli *DockerCli) ManifestStore() manifeststore.Store {
 // RegistryClient returns a client for communicating with a Docker distribution
 // registry
 func (cli *DockerCli) RegistryClient(allowInsecure bool) registryclient.RegistryClient {
-	resolver := func(ctx context.Context, index *registry.IndexInfo) types.AuthConfig {
+	resolver := func(ctx context.Context, index *registrytypes.IndexInfo) types.AuthConfig {
 		return ResolveAuthConfig(ctx, cli, index)
 	}
 	return registryclient.NewRegistryClient(resolver, UserAgent(), allowInsecure)
@ -212,50 +215,78 @@ func WithInitializeClient(makeClient func(dockerCli *DockerCli) (client.APIClien
 // Initialize the dockerCli runs initialization that must happen after command
 // line flags are parsed.
 func (cli *DockerCli) Initialize(opts *cliflags.ClientOptions, ops ...InitializeOpt) error {
+	var err error
+
 	for _, o := range ops {
 		if err := o(cli); err != nil {
 			return err
 		}
 	}
-	cliflags.SetLogLevel(opts.LogLevel)
+	cliflags.SetLogLevel(opts.Common.LogLevel)

 	if opts.ConfigDir != "" {
-		config.SetDir(opts.ConfigDir)
+		cliconfig.SetDir(opts.ConfigDir)
 	}

-	if opts.Debug {
+	if opts.Common.Debug {
 		debug.Enable()
 	}
-	if opts.Context != "" && len(opts.Hosts) > 0 {
-		return errors.New("conflicting options: either specify --host or --context, not both")
-	}

-	cli.options = opts
-	cli.configFile = config.LoadDefaultConfigFile(cli.err)
-	cli.currentContext = resolveContextName(cli.options, cli.configFile)
+	cli.loadConfigFile()
+
+	baseContextStore := store.New(cliconfig.ContextStoreDir(), cli.contextStoreConfig)
 	cli.contextStore = &ContextStoreWithDefault{
-		Store: store.New(config.ContextStoreDir(), cli.contextStoreConfig),
+		Store: baseContextStore,
 		Resolver: func() (*DefaultContext, error) {
-			return ResolveDefaultContext(cli.options, cli.contextStoreConfig)
+			return ResolveDefaultContext(opts.Common, cli.ConfigFile(), cli.contextStoreConfig, cli.Err())
 		},
 	}
+	cli.currentContext, err = resolveContextName(opts.Common, cli.configFile, cli.contextStore)
+	if err != nil {
+		return err
+	}
+	cli.dockerEndpoint, err = resolveDockerEndpoint(cli.contextStore, cli.currentContext)
+	if err != nil {
+		return errors.Wrap(err, "unable to resolve docker endpoint")
+	}
+
+	if cli.client == nil {
+		cli.client, err = newAPIClientFromEndpoint(cli.dockerEndpoint, cli.configFile)
+		if tlsconfig.IsErrEncryptedKey(err) {
+			passRetriever := passphrase.PromptRetrieverWithInOut(cli.In(), cli.Out(), nil)
+			newClient := func(password string) (client.APIClient, error) {
+				cli.dockerEndpoint.TLSPassword = password //nolint: staticcheck // SA1019: cli.dockerEndpoint.TLSPassword is deprecated
+				return newAPIClientFromEndpoint(cli.dockerEndpoint, cli.configFile)
+			}
+			cli.client, err = getClientWithPassword(passRetriever, newClient)
+		}
+		if err != nil {
+			return err
+		}
+	}
+	cli.initializeFromClient()
+
+	if err := cli.loadClientInfo(); err != nil {
+		return err
+	}
+
 	return nil
 }

 // NewAPIClientFromFlags creates a new APIClient from command line flags
-func NewAPIClientFromFlags(opts *cliflags.ClientOptions, configFile *configfile.ConfigFile) (client.APIClient, error) {
-	if opts.Context != "" && len(opts.Hosts) > 0 {
-		return nil, errors.New("conflicting options: either specify --host or --context, not both")
-	}
-
+func NewAPIClientFromFlags(opts *cliflags.CommonOptions, configFile *configfile.ConfigFile) (client.APIClient, error) {
 	storeConfig := DefaultContextStoreConfig()
-	contextStore := &ContextStoreWithDefault{
-		Store: store.New(config.ContextStoreDir(), storeConfig),
+	store := &ContextStoreWithDefault{
+		Store: store.New(cliconfig.ContextStoreDir(), storeConfig),
 		Resolver: func() (*DefaultContext, error) {
-			return ResolveDefaultContext(opts, storeConfig)
+			return ResolveDefaultContext(opts, configFile, storeConfig, ioutil.Discard)
 		},
 	}
-	endpoint, err := resolveDockerEndpoint(contextStore, resolveContextName(opts, configFile))
+	contextName, err := resolveContextName(opts, configFile, store)
+	if err != nil {
+		return nil, err
+	}
+	endpoint, err := resolveDockerEndpoint(store, contextName)
 	if err != nil {
 		return nil, errors.Wrap(err, "unable to resolve docker endpoint")
 	}
@ -277,9 +308,6 @@ func newAPIClientFromEndpoint(ep docker.Endpoint, configFile *configfile.ConfigF
 }

 func resolveDockerEndpoint(s store.Reader, contextName string) (docker.Endpoint, error) {
-	if s == nil {
-		return docker.Endpoint{}, fmt.Errorf("no context store initialized")
-	}
 	ctxMeta, err := s.GetMetadata(contextName)
 	if err != nil {
 		return docker.Endpoint{}, err
@ -292,7 +320,7 @@ func resolveDockerEndpoint(s store.Reader, contextName string) (docker.Endpoint,
 }

 // Resolve the Docker endpoint for the default context (based on config, env vars and CLI flags)
-func resolveDefaultDockerEndpoint(opts *cliflags.ClientOptions) (docker.Endpoint, error) {
+func resolveDefaultDockerEndpoint(opts *cliflags.CommonOptions) (docker.Endpoint, error) {
 	host, err := getServerHost(opts.Hosts, opts.TLSOptions)
 	if err != nil {
 		return docker.Endpoint{}, err
@ -320,20 +348,13 @@ func resolveDefaultDockerEndpoint(opts *cliflags.ClientOptions) (docker.Endpoint
 	}, nil
 }

-func (cli *DockerCli) getInitTimeout() time.Duration {
-	if cli.initTimeout != 0 {
-		return cli.initTimeout
-	}
-	return defaultInitTimeout
-}
-
 func (cli *DockerCli) initializeFromClient() {
 	ctx := context.Background()
-	if !strings.HasPrefix(cli.dockerEndpoint.Host, "ssh://") {
+	if strings.HasPrefix(cli.DockerEndpoint().Host, "tcp://") {
 		// @FIXME context.WithTimeout doesn't work with connhelper / ssh connections
 		// time="2020-04-10T10:16:26Z" level=warning msg="commandConn.CloseWrite: commandconn: failed to wait: signal: killed"
 		var cancel func()
-		ctx, cancel = context.WithTimeout(ctx, cli.getInitTimeout())
+		ctx, cancel = context.WithTimeout(ctx, 2*time.Second)
 		defer cancel()
 	}

@ -352,11 +373,24 @@ func (cli *DockerCli) initializeFromClient() {
 		HasExperimental: ping.Experimental,
 		OSType:          ping.OSType,
 		BuildkitVersion: ping.BuilderVersion,
-		SwarmStatus:     ping.SwarmStatus,
 	}
 	cli.client.NegotiateAPIVersionPing(ping)
 }

+func getClientWithPassword(passRetriever notary.PassRetriever, newClient func(password string) (client.APIClient, error)) (client.APIClient, error) {
+	for attempts := 0; ; attempts++ {
+		passwd, giveup, err := passRetriever("private", "encrypted TLS private", false, attempts)
+		if giveup || err != nil {
+			return nil, errors.Wrap(err, "private key is encrypted, but could not get passphrase")
+		}
+
+		apiclient, err := newClient(passwd)
+		if !tlsconfig.IsErrEncryptedKey(err) {
+			return apiclient, err
+		}
+	}
+}
+
 // NotaryClient provides a Notary Repository to interact with signed metadata for an image
 func (cli *DockerCli) NotaryClient(imgRefAndAuth trust.ImageRefAndAuth, actions []string) (notaryclient.Repository, error) {
 	return trust.GetNotaryRepository(cli.In(), cli.Out(), UserAgent(), imgRefAndAuth.RepoInfo(), imgRefAndAuth.AuthConfig(), actions...)
@ -367,98 +401,35 @@ func (cli *DockerCli) ContextStore() store.Store {
 	return cli.contextStore
 }

-// CurrentContext returns the current context name, based on flags,
-// environment variables and the cli configuration file, in the following
-// order of preference:
-//
-//  1. The "--context" command-line option.
-//  2. The "DOCKER_CONTEXT" environment variable.
-//  3. The current context as configured through the in "currentContext"
-//     field in the CLI configuration file ("~/.docker/config.json").
-//  4. If no context is configured, use the "default" context.
-//
-// # Fallbacks for backward-compatibility
-//
-// To preserve backward-compatibility with the "pre-contexts" behavior,
-// the "default" context is used if:
-//
-//   - The "--host" option is set
-//   - The "DOCKER_HOST" ([DefaultContextName]) environment variable is set
-//     to a non-empty value.
-//
-// In these cases, the default context is used, which uses the host as
-// specified in "DOCKER_HOST", and TLS config from flags/env vars.
-//
-// Setting both the "--context" and "--host" flags is ambiguous and results
-// in an error when the cli is started.
-//
-// CurrentContext does not validate if the given context exists or if it's
-// valid; errors may occur when trying to use it.
+// CurrentContext returns the current context name
 func (cli *DockerCli) CurrentContext() string {
 	return cli.currentContext
 }

-// CurrentContext returns the current context name, based on flags,
-// environment variables and the cli configuration file. It does not
-// validate if the given context exists or if it's valid; errors may
-// occur when trying to use it.
-//
-// Refer to [DockerCli.CurrentContext] above for further details.
-func resolveContextName(opts *cliflags.ClientOptions, config *configfile.ConfigFile) string {
-	if opts != nil && opts.Context != "" {
-		return opts.Context
+// StackOrchestrator resolves which stack orchestrator is in use
+func (cli *DockerCli) StackOrchestrator(flagValue string) (Orchestrator, error) {
+	currentContext := cli.CurrentContext()
+	ctxRaw, err := cli.ContextStore().GetMetadata(currentContext)
+	if store.IsErrContextDoesNotExist(err) {
+		// case where the currentContext has been removed (CLI behavior is to fallback to using DOCKER_HOST based resolution)
+		return GetStackOrchestrator(flagValue, "", cli.ConfigFile().StackOrchestrator, cli.Err())
 	}
-	if opts != nil && len(opts.Hosts) > 0 {
-		return DefaultContextName
+	if err != nil {
+		return "", err
 	}
-	if os.Getenv(client.EnvOverrideHost) != "" {
-		return DefaultContextName
+	ctxMeta, err := GetDockerContext(ctxRaw)
+	if err != nil {
+		return "", err
 	}
-	if ctxName := os.Getenv("DOCKER_CONTEXT"); ctxName != "" {
-		return ctxName
-	}
-	if config != nil && config.CurrentContext != "" {
-		// We don't validate if this context exists: errors may occur when trying to use it.
-		return config.CurrentContext
-	}
-	return DefaultContextName
+	ctxOrchestrator := string(ctxMeta.StackOrchestrator)
+	return GetStackOrchestrator(flagValue, ctxOrchestrator, cli.ConfigFile().StackOrchestrator, cli.Err())
 }

 // DockerEndpoint returns the current docker endpoint
 func (cli *DockerCli) DockerEndpoint() docker.Endpoint {
-	if err := cli.initialize(); err != nil {
-		// Note that we're not terminating here, as this function may be used
-		// in cases where we're able to continue.
-		_, _ = fmt.Fprintf(cli.Err(), "%v\n", cli.initErr)
-	}
 	return cli.dockerEndpoint
 }

-func (cli *DockerCli) getDockerEndPoint() (ep docker.Endpoint, err error) {
-	cn := cli.CurrentContext()
-	if cn == DefaultContextName {
-		return resolveDefaultDockerEndpoint(cli.options)
-	}
-	return resolveDockerEndpoint(cli.contextStore, cn)
-}
-
-func (cli *DockerCli) initialize() error {
-	cli.init.Do(func() {
-		cli.dockerEndpoint, cli.initErr = cli.getDockerEndPoint()
-		if cli.initErr != nil {
-			cli.initErr = errors.Wrap(cli.initErr, "unable to resolve docker endpoint")
-			return
-		}
-		if cli.client == nil {
-			if cli.client, cli.initErr = newAPIClientFromEndpoint(cli.dockerEndpoint, cli.configFile); cli.initErr != nil {
-				return
-			}
-		}
-		cli.initializeFromClient()
-	})
-	return cli.initErr
-}
-
 // Apply all the operation on the cli
 func (cli *DockerCli) Apply(ops ...DockerCliOption) error {
 	for _, op := range ops {
@ -475,32 +446,41 @@ type ServerInfo struct {
 	HasExperimental bool
 	OSType          string
 	BuildkitVersion types.BuilderVersion
+}

-	// SwarmStatus provides information about the current swarm status of the
-	// engine, obtained from the "Swarm" header in the API response.
-	//
-	// It can be a nil struct if the API version does not provide this header
-	// in the ping response, or if an error occurred, in which case the client
-	// should use other ways to get the current swarm status, such as the /swarm
-	// endpoint.
-	SwarmStatus *swarm.Status
+// ClientInfo stores details about the supported features of the client
+type ClientInfo struct {
+	// Deprecated: experimental CLI features always enabled. This field is kept
+	// for backward-compatibility, and is always "true".
+	HasExperimental bool
+	DefaultVersion  string
 }

 // NewDockerCli returns a DockerCli instance with all operators applied on it.
 // It applies by default the standard streams, and the content trust from
 // environment.
 func NewDockerCli(ops ...DockerCliOption) (*DockerCli, error) {
+	cli := &DockerCli{}
 	defaultOps := []DockerCliOption{
 		WithContentTrustFromEnv(),
-		WithDefaultContextStoreConfig(),
-		WithStandardStreams(),
 	}
+	cli.contextStoreConfig = DefaultContextStoreConfig()
 	ops = append(defaultOps, ops...)
-
-	cli := &DockerCli{}
 	if err := cli.Apply(ops...); err != nil {
 		return nil, err
 	}
+	if cli.out == nil || cli.in == nil || cli.err == nil {
+		stdin, stdout, stderr := term.StdStreams()
+		if cli.in == nil {
+			cli.in = streams.NewIn(stdin)
+		}
+		if cli.out == nil {
+			cli.out = streams.NewOut(stdout)
+		}
+		if cli.err == nil {
+			cli.err = stderr
+		}
+	}
 	return cli, nil
 }

@ -508,7 +488,7 @@ func getServerHost(hosts []string, tlsOptions *tlsconfig.Options) (string, error
 	var host string
 	switch len(hosts) {
 	case 0:
-		host = os.Getenv(client.EnvOverrideHost)
+		host = os.Getenv("DOCKER_HOST")
 	case 1:
 		host = hosts[0]
 	default:
@ -523,6 +503,40 @@ func UserAgent() string {
 	return "Docker-Client/" + version.Version + " (" + runtime.GOOS + ")"
 }

+// resolveContextName resolves the current context name with the following rules:
+// - setting both --context and --host flags is ambiguous
+// - if --context is set, use this value
+// - if --host flag or DOCKER_HOST is set, fallbacks to use the same logic as before context-store was added
+// for backward compatibility with existing scripts
+// - if DOCKER_CONTEXT is set, use this value
+// - if Config file has a globally set "CurrentContext", use this value
+// - fallbacks to default HOST, uses TLS config from flags/env vars
+func resolveContextName(opts *cliflags.CommonOptions, config *configfile.ConfigFile, contextstore store.Reader) (string, error) {
+	if opts.Context != "" && len(opts.Hosts) > 0 {
+		return "", errors.New("Conflicting options: either specify --host or --context, not both")
+	}
+	if opts.Context != "" {
+		return opts.Context, nil
+	}
+	if len(opts.Hosts) > 0 {
+		return DefaultContextName, nil
+	}
+	if _, present := os.LookupEnv("DOCKER_HOST"); present {
+		return DefaultContextName, nil
+	}
+	if ctxName, ok := os.LookupEnv("DOCKER_CONTEXT"); ok {
+		return ctxName, nil
+	}
+	if config != nil && config.CurrentContext != "" {
+		_, err := contextstore.GetMetadata(config.CurrentContext)
+		if store.IsErrContextDoesNotExist(err) {
+			return "", errors.Errorf("Current context %q is not found on the file system, please check your config file at %s", config.CurrentContext, config.Filename)
+		}
+		return config.CurrentContext, err
+	}
+	return DefaultContextName, nil
+}
+
 var defaultStoreEndpoints = []store.NamedTypeGetter{
 	store.EndpointTypeGetter(docker.DockerEndpoint, func() interface{} { return &docker.EndpointMeta{} }),
 }
--- a/cli/command/cli_options.go
+++ b/cli/command/cli_options.go
@ -1,12 +1,14 @@
 package command

 import (
+	"fmt"
 	"io"
 	"os"
 	"strconv"

+	"github.com/docker/cli/cli/context/docker"
+	"github.com/docker/cli/cli/context/store"
 	"github.com/docker/cli/cli/streams"
-	"github.com/docker/docker/client"
 	"github.com/moby/term"
 )

@ -80,18 +82,15 @@ func WithContentTrust(enabled bool) DockerCliOption {
 	}
 }

-// WithDefaultContextStoreConfig configures the cli to use the default context store configuration.
-func WithDefaultContextStoreConfig() DockerCliOption {
+// WithContextEndpointType add support for an additional typed endpoint in the context store
+// Plugins should use this to store additional endpoints configuration in the context store
+func WithContextEndpointType(endpointName string, endpointType store.TypeGetter) DockerCliOption {
 	return func(cli *DockerCli) error {
-		cli.contextStoreConfig = DefaultContextStoreConfig()
-		return nil
-	}
-}
-
-// WithAPIClient configures the cli to use the given API client.
-func WithAPIClient(c client.APIClient) DockerCliOption {
-	return func(cli *DockerCli) error {
-		cli.client = c
+		switch endpointName {
+		case docker.DockerEndpoint:
+			return fmt.Errorf("cannot change %q endpoint type", endpointName)
+		}
+		cli.contextStoreConfig.SetEndpoint(endpointName, endpointType)
 		return nil
 	}
 }
--- a/cli/command/cli_options_test.go
+++ b/cli/command/cli_options_test.go
@ -15,13 +15,23 @@ func contentTrustEnabled(t *testing.T) bool {

 // NB: Do not t.Parallel() this test -- it messes with the process environment.
 func TestWithContentTrustFromEnv(t *testing.T) {
-	const envvar = "DOCKER_CONTENT_TRUST"
-	t.Setenv(envvar, "true")
-	assert.Check(t, contentTrustEnabled(t))
-	t.Setenv(envvar, "false")
-	assert.Check(t, !contentTrustEnabled(t))
-	t.Setenv(envvar, "invalid")
-	assert.Check(t, contentTrustEnabled(t))
+	envvar := "DOCKER_CONTENT_TRUST"
+	if orig, ok := os.LookupEnv(envvar); ok {
+		defer func() {
+			os.Setenv(envvar, orig)
+		}()
+	} else {
+		defer func() {
+			os.Unsetenv(envvar)
+		}()
+	}
+
+	os.Setenv(envvar, "true")
+	assert.Assert(t, contentTrustEnabled(t))
+	os.Setenv(envvar, "false")
+	assert.Assert(t, !contentTrustEnabled(t))
+	os.Setenv(envvar, "invalid")
+	assert.Assert(t, contentTrustEnabled(t))
 	os.Unsetenv(envvar)
-	assert.Check(t, !contentTrustEnabled(t))
+	assert.Assert(t, !contentTrustEnabled(t))
 }
--- a/cli/command/cli_test.go
+++ b/cli/command/cli_test.go
@ -3,19 +3,14 @@ package command
 import (
 	"bytes"
 	"context"
+	"crypto/x509"
 	"fmt"
-	"io"
-	"net"
-	"net/http"
-	"net/http/httptest"
+	"io/ioutil"
 	"os"
-	"path/filepath"
 	"runtime"
-	"strings"
 	"testing"
-	"time"

-	"github.com/docker/cli/cli/config"
+	cliconfig "github.com/docker/cli/cli/config"
 	"github.com/docker/cli/cli/config/configfile"
 	"github.com/docker/cli/cli/flags"
 	"github.com/docker/docker/api"
@ -23,6 +18,8 @@ import (
 	"github.com/docker/docker/client"
 	"github.com/pkg/errors"
 	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
+	"gotest.tools/v3/env"
 	"gotest.tools/v3/fs"
 )

@ -31,71 +28,55 @@ func TestNewAPIClientFromFlags(t *testing.T) {
 	if runtime.GOOS == "windows" {
 		host = "npipe://./"
 	}
-	opts := &flags.ClientOptions{Hosts: []string{host}}
-	apiClient, err := NewAPIClientFromFlags(opts, &configfile.ConfigFile{})
-	assert.NilError(t, err)
-	assert.Equal(t, apiClient.DaemonHost(), host)
-	assert.Equal(t, apiClient.ClientVersion(), api.DefaultVersion)
-}
-
-func TestNewAPIClientFromFlagsForDefaultSchema(t *testing.T) {
-	host := ":2375"
-	slug := "tcp://localhost"
-	if runtime.GOOS == "windows" {
-		slug = "tcp://127.0.0.1"
-	}
-	opts := &flags.ClientOptions{Hosts: []string{host}}
-	apiClient, err := NewAPIClientFromFlags(opts, &configfile.ConfigFile{})
-	assert.NilError(t, err)
-	assert.Equal(t, apiClient.DaemonHost(), slug+host)
-	assert.Equal(t, apiClient.ClientVersion(), api.DefaultVersion)
-}
-
-func TestNewAPIClientFromFlagsWithCustomHeaders(t *testing.T) {
-	var received map[string]string
-	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		received = map[string]string{
-			"My-Header":  r.Header.Get("My-Header"),
-			"User-Agent": r.Header.Get("User-Agent"),
-		}
-		_, _ = w.Write([]byte("OK"))
-	}))
-	defer ts.Close()
-	host := strings.Replace(ts.URL, "http://", "tcp://", 1)
-	opts := &flags.ClientOptions{Hosts: []string{host}}
+	opts := &flags.CommonOptions{Hosts: []string{host}}
 	configFile := &configfile.ConfigFile{
 		HTTPHeaders: map[string]string{
 			"My-Header": "Custom-Value",
 		},
 	}
-
-	apiClient, err := NewAPIClientFromFlags(opts, configFile)
+	apiclient, err := NewAPIClientFromFlags(opts, configFile)
 	assert.NilError(t, err)
-	assert.Equal(t, apiClient.DaemonHost(), host)
-	assert.Equal(t, apiClient.ClientVersion(), api.DefaultVersion)
-
-	// verify User-Agent is not appended to the configfile. see https://github.com/docker/cli/pull/2756
-	assert.DeepEqual(t, configFile.HTTPHeaders, map[string]string{"My-Header": "Custom-Value"})
+	assert.Check(t, is.Equal(host, apiclient.DaemonHost()))

 	expectedHeaders := map[string]string{
 		"My-Header":  "Custom-Value",
 		"User-Agent": UserAgent(),
 	}
-	_, err = apiClient.Ping(context.Background())
+	assert.Check(t, is.DeepEqual(expectedHeaders, apiclient.(*client.Client).CustomHTTPHeaders()))
+	assert.Check(t, is.Equal(api.DefaultVersion, apiclient.ClientVersion()))
+	assert.DeepEqual(t, configFile.HTTPHeaders, map[string]string{"My-Header": "Custom-Value"})
+}
+
+func TestNewAPIClientFromFlagsForDefaultSchema(t *testing.T) {
+	host := ":2375"
+	opts := &flags.CommonOptions{Hosts: []string{host}}
+	configFile := &configfile.ConfigFile{
+		HTTPHeaders: map[string]string{
+			"My-Header": "Custom-Value",
+		},
+	}
+	apiclient, err := NewAPIClientFromFlags(opts, configFile)
 	assert.NilError(t, err)
-	assert.DeepEqual(t, received, expectedHeaders)
+	assert.Check(t, is.Equal("tcp://localhost"+host, apiclient.DaemonHost()))
+
+	expectedHeaders := map[string]string{
+		"My-Header":  "Custom-Value",
+		"User-Agent": UserAgent(),
+	}
+	assert.Check(t, is.DeepEqual(expectedHeaders, apiclient.(*client.Client).CustomHTTPHeaders()))
+	assert.Check(t, is.Equal(api.DefaultVersion, apiclient.ClientVersion()))
 }

 func TestNewAPIClientFromFlagsWithAPIVersionFromEnv(t *testing.T) {
 	customVersion := "v3.3.3"
-	t.Setenv("DOCKER_API_VERSION", customVersion)
-	t.Setenv("DOCKER_HOST", ":2375")
+	defer env.Patch(t, "DOCKER_API_VERSION", customVersion)()
+	defer env.Patch(t, "DOCKER_HOST", ":2375")()

-	opts := &flags.ClientOptions{}
+	opts := &flags.CommonOptions{}
 	configFile := &configfile.ConfigFile{}
 	apiclient, err := NewAPIClientFromFlags(opts, configFile)
 	assert.NilError(t, err)
-	assert.Equal(t, apiclient.ClientVersion(), customVersion)
+	assert.Check(t, is.Equal(customVersion, apiclient.ClientVersion()))
 }

 type fakeClient struct {
@ -118,9 +99,9 @@ func (c *fakeClient) NegotiateAPIVersionPing(types.Ping) {
 }

 func TestInitializeFromClient(t *testing.T) {
-	const defaultVersion = "v1.55"
+	defaultVersion := "v1.55"

-	testcases := []struct {
+	var testcases = []struct {
 		doc            string
 		pingFunc       func() (types.Ping, error)
 		expectedServer ServerInfo
@ -160,72 +141,19 @@ func TestInitializeFromClient(t *testing.T) {
 			}

 			cli := &DockerCli{client: apiclient}
-			err := cli.Initialize(flags.NewClientOptions())
-			assert.NilError(t, err)
-			assert.DeepEqual(t, cli.ServerInfo(), testcase.expectedServer)
-			assert.Equal(t, apiclient.negotiated, testcase.negotiated)
+			cli.initializeFromClient()
+			assert.Check(t, is.DeepEqual(testcase.expectedServer, cli.serverInfo))
+			assert.Check(t, is.Equal(testcase.negotiated, apiclient.negotiated))
 		})
 	}
 }

-// Makes sure we don't hang forever on the initial connection.
-// https://github.com/docker/cli/issues/3652
-func TestInitializeFromClientHangs(t *testing.T) {
-	dir := t.TempDir()
-	socket := filepath.Join(dir, "my.sock")
-	l, err := net.Listen("unix", socket)
-	assert.NilError(t, err)
-
-	receiveReqCh := make(chan bool)
-	timeoutCtx, cancel := context.WithTimeout(context.Background(), time.Second)
-	defer cancel()
-
-	// Simulate a server that hangs on connections.
-	ts := httptest.NewUnstartedServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		select {
-		case <-timeoutCtx.Done():
-		case receiveReqCh <- true: // Blocks until someone receives on the channel.
-		}
-		_, _ = w.Write([]byte("OK"))
-	}))
-	ts.Listener = l
-	ts.Start()
-	defer ts.Close()
-
-	opts := &flags.ClientOptions{Hosts: []string{fmt.Sprintf("unix://%s", socket)}}
-	configFile := &configfile.ConfigFile{}
-	apiClient, err := NewAPIClientFromFlags(opts, configFile)
-	assert.NilError(t, err)
-
-	initializedCh := make(chan bool)
-
-	go func() {
-		cli := &DockerCli{client: apiClient, initTimeout: time.Millisecond}
-		err := cli.Initialize(flags.NewClientOptions())
-		assert.Check(t, err)
-		cli.CurrentVersion()
-		close(initializedCh)
-	}()
-
-	select {
-	case <-timeoutCtx.Done():
-		t.Fatal("timeout waiting for initialization to complete")
-	case <-initializedCh:
-	}
-
-	select {
-	case <-timeoutCtx.Done():
-		t.Fatal("server never received an init request")
-	case <-receiveReqCh:
-	}
-}
-
 // The CLI no longer disables/hides experimental CLI features, however, we need
 // to verify that existing configuration files do not break
 func TestExperimentalCLI(t *testing.T) {
 	defaultVersion := "v1.55"

-	testcases := []struct {
+	var testcases = []struct {
 		doc        string
 		configfile string
 	}{
@ -254,9 +182,78 @@ func TestExperimentalCLI(t *testing.T) {
 			}

 			cli := &DockerCli{client: apiclient, err: os.Stderr}
-			config.SetDir(dir.Path())
+			cliconfig.SetDir(dir.Path())
 			err := cli.Initialize(flags.NewClientOptions())
 			assert.NilError(t, err)
+			// For backward-compatibility, HasExperimental will always be "true"
+			assert.Check(t, is.Equal(true, cli.ClientInfo().HasExperimental))
+		})
+	}
+}
+
+func TestGetClientWithPassword(t *testing.T) {
+	expected := "password"
+
+	var testcases = []struct {
+		doc             string
+		password        string
+		retrieverErr    error
+		retrieverGiveup bool
+		newClientErr    error
+		expectedErr     string
+	}{
+		{
+			doc:      "successful connect",
+			password: expected,
+		},
+		{
+			doc:             "password retriever exhausted",
+			retrieverGiveup: true,
+			retrieverErr:    errors.New("failed"),
+			expectedErr:     "private key is encrypted, but could not get passphrase",
+		},
+		{
+			doc:          "password retriever error",
+			retrieverErr: errors.New("failed"),
+			expectedErr:  "failed",
+		},
+		{
+			doc:          "newClient error",
+			newClientErr: errors.New("failed to connect"),
+			expectedErr:  "failed to connect",
+		},
+	}
+
+	for _, testcase := range testcases {
+		testcase := testcase
+		t.Run(testcase.doc, func(t *testing.T) {
+			passRetriever := func(_, _ string, _ bool, attempts int) (passphrase string, giveup bool, err error) {
+				// Always return an invalid pass first to test iteration
+				switch attempts {
+				case 0:
+					return "something else", false, nil
+				default:
+					return testcase.password, testcase.retrieverGiveup, testcase.retrieverErr
+				}
+			}
+
+			newClient := func(currentPassword string) (client.APIClient, error) {
+				if testcase.newClientErr != nil {
+					return nil, testcase.newClientErr
+				}
+				if currentPassword == expected {
+					return &client.Client{}, nil
+				}
+				return &client.Client{}, x509.IncorrectPasswordError
+			}
+
+			_, err := getClientWithPassword(passRetriever, newClient)
+			if testcase.expectedErr != "" {
+				assert.ErrorContains(t, err, testcase.expectedErr)
+				return
+			}
+
+			assert.NilError(t, err)
 		})
 	}
 }
@ -278,23 +275,23 @@ func TestNewDockerCliAndOperators(t *testing.T) {
 	outbuf := bytes.NewBuffer(nil)
 	errbuf := bytes.NewBuffer(nil)
 	err = cli.Apply(
-		WithInputStream(io.NopCloser(inbuf)),
+		WithInputStream(ioutil.NopCloser(inbuf)),
 		WithOutputStream(outbuf),
 		WithErrorStream(errbuf),
 	)
 	assert.NilError(t, err)
 	// Check input stream
-	inputStream, err := io.ReadAll(cli.In())
+	inputStream, err := ioutil.ReadAll(cli.In())
 	assert.NilError(t, err)
 	assert.Equal(t, string(inputStream), "input")
 	// Check output stream
 	fmt.Fprintf(cli.Out(), "output")
-	outputStream, err := io.ReadAll(outbuf)
+	outputStream, err := ioutil.ReadAll(outbuf)
 	assert.NilError(t, err)
 	assert.Equal(t, string(outputStream), "output")
 	// Check error stream
 	fmt.Fprintf(cli.Err(), "error")
-	errStream, err := io.ReadAll(errbuf)
+	errStream, err := ioutil.ReadAll(errbuf)
 	assert.NilError(t, err)
 	assert.Equal(t, string(errStream), "error")
 }
--- a/cli/command/commands/commands.go
+++ b/cli/command/commands/commands.go
@ -28,52 +28,81 @@ import (
 // AddCommands adds all the commands from cli/command to the root command
 func AddCommands(cmd *cobra.Command, dockerCli command.Cli) {
 	cmd.AddCommand(
-		// commonly used shorthands
+		// checkpoint
+		checkpoint.NewCheckpointCommand(dockerCli),
+
+		// config
+		config.NewConfigCommand(dockerCli),
+
+		// container
+		container.NewContainerCommand(dockerCli),
 		container.NewRunCommand(dockerCli),
-		container.NewExecCommand(dockerCli),
-		container.NewPsCommand(dockerCli),
+
+		// image
+		image.NewImageCommand(dockerCli),
 		image.NewBuildCommand(dockerCli),
-		image.NewPullCommand(dockerCli),
-		image.NewPushCommand(dockerCli),
-		image.NewImagesCommand(dockerCli),
+
+		// builder
+		builder.NewBuilderCommand(dockerCli),
+
+		// manifest
+		manifest.NewManifestCommand(dockerCli),
+
+		// network
+		network.NewNetworkCommand(dockerCli),
+
+		// node
+		node.NewNodeCommand(dockerCli),
+
+		// plugin
+		plugin.NewPluginCommand(dockerCli),
+
+		// registry
 		registry.NewLoginCommand(dockerCli),
 		registry.NewLogoutCommand(dockerCli),
 		registry.NewSearchCommand(dockerCli),
-		system.NewVersionCommand(dockerCli),
-		system.NewInfoCommand(dockerCli),

-		// management commands
-		builder.NewBuilderCommand(dockerCli),
-		checkpoint.NewCheckpointCommand(dockerCli),
-		container.NewContainerCommand(dockerCli),
-		context.NewContextCommand(dockerCli),
-		image.NewImageCommand(dockerCli),
-		manifest.NewManifestCommand(dockerCli),
-		network.NewNetworkCommand(dockerCli),
-		plugin.NewPluginCommand(dockerCli),
-		system.NewSystemCommand(dockerCli),
-		trust.NewTrustCommand(dockerCli),
-		volume.NewVolumeCommand(dockerCli),
-
-		// orchestration (swarm) commands
-		config.NewConfigCommand(dockerCli),
-		node.NewNodeCommand(dockerCli),
+		// secret
 		secret.NewSecretCommand(dockerCli),
+
+		// service
 		service.NewServiceCommand(dockerCli),
+
+		// system
+		system.NewSystemCommand(dockerCli),
+		system.NewVersionCommand(dockerCli),
+
+		// stack
 		stack.NewStackCommand(dockerCli),
+
+		// swarm
 		swarm.NewSwarmCommand(dockerCli),

+		// trust
+		trust.NewTrustCommand(dockerCli),
+
+		// volume
+		volume.NewVolumeCommand(dockerCli),
+
+		// context
+		context.NewContextCommand(dockerCli),
+
 		// legacy commands may be hidden
+		hide(system.NewEventsCommand(dockerCli)),
+		hide(system.NewInfoCommand(dockerCli)),
+		hide(system.NewInspectCommand(dockerCli)),
 		hide(container.NewAttachCommand(dockerCli)),
 		hide(container.NewCommitCommand(dockerCli)),
 		hide(container.NewCopyCommand(dockerCli)),
 		hide(container.NewCreateCommand(dockerCli)),
 		hide(container.NewDiffCommand(dockerCli)),
+		hide(container.NewExecCommand(dockerCli)),
 		hide(container.NewExportCommand(dockerCli)),
 		hide(container.NewKillCommand(dockerCli)),
 		hide(container.NewLogsCommand(dockerCli)),
 		hide(container.NewPauseCommand(dockerCli)),
 		hide(container.NewPortCommand(dockerCli)),
+		hide(container.NewPsCommand(dockerCli)),
 		hide(container.NewRenameCommand(dockerCli)),
 		hide(container.NewRestartCommand(dockerCli)),
 		hide(container.NewRmCommand(dockerCli)),
@ -85,13 +114,14 @@ func AddCommands(cmd *cobra.Command, dockerCli command.Cli) {
 		hide(container.NewUpdateCommand(dockerCli)),
 		hide(container.NewWaitCommand(dockerCli)),
 		hide(image.NewHistoryCommand(dockerCli)),
+		hide(image.NewImagesCommand(dockerCli)),
 		hide(image.NewImportCommand(dockerCli)),
 		hide(image.NewLoadCommand(dockerCli)),
+		hide(image.NewPullCommand(dockerCli)),
+		hide(image.NewPushCommand(dockerCli)),
 		hide(image.NewRemoveCommand(dockerCli)),
 		hide(image.NewSaveCommand(dockerCli)),
 		hide(image.NewTagCommand(dockerCli)),
-		hide(system.NewEventsCommand(dockerCli)),
-		hide(system.NewInspectCommand(dockerCli)),
 	)
 }

--- a/cli/command/completion/functions.go
+++ b/cli/command/completion/functions.go
@ -1,99 +0,0 @@
-package completion
-
-import (
-	"os"
-
-	"github.com/docker/cli/cli/command"
-	"github.com/docker/cli/cli/command/formatter"
-	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/api/types/filters"
-	"github.com/spf13/cobra"
-)
-
-// ValidArgsFn a function to be used by cobra command as `ValidArgsFunction` to offer command line completion
-type ValidArgsFn func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective)
-
-// ImageNames offers completion for images present within the local store
-func ImageNames(dockerCli command.Cli) ValidArgsFn {
-	return func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
-		list, err := dockerCli.Client().ImageList(cmd.Context(), types.ImageListOptions{})
-		if err != nil {
-			return nil, cobra.ShellCompDirectiveError
-		}
-		var names []string
-		for _, image := range list {
-			names = append(names, image.RepoTags...)
-		}
-		return names, cobra.ShellCompDirectiveNoFileComp
-	}
-}
-
-// ContainerNames offers completion for container names and IDs
-// By default, only names are returned.
-// Set DOCKER_COMPLETION_SHOW_CONTAINER_IDS=yes to also complete IDs.
-func ContainerNames(dockerCli command.Cli, all bool, filters ...func(types.Container) bool) ValidArgsFn {
-	return func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
-		list, err := dockerCli.Client().ContainerList(cmd.Context(), types.ContainerListOptions{
-			All: all,
-		})
-		if err != nil {
-			return nil, cobra.ShellCompDirectiveError
-		}
-
-		showContainerIDs := os.Getenv("DOCKER_COMPLETION_SHOW_CONTAINER_IDS") == "yes"
-
-		var names []string
-		for _, container := range list {
-			skip := false
-			for _, fn := range filters {
-				if !fn(container) {
-					skip = true
-					break
-				}
-			}
-			if skip {
-				continue
-			}
-			if showContainerIDs {
-				names = append(names, container.ID)
-			}
-			names = append(names, formatter.StripNamePrefix(container.Names)...)
-		}
-		return names, cobra.ShellCompDirectiveNoFileComp
-	}
-}
-
-// VolumeNames offers completion for volumes
-func VolumeNames(dockerCli command.Cli) ValidArgsFn {
-	return func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
-		list, err := dockerCli.Client().VolumeList(cmd.Context(), filters.Args{})
-		if err != nil {
-			return nil, cobra.ShellCompDirectiveError
-		}
-		var names []string
-		for _, volume := range list.Volumes {
-			names = append(names, volume.Name)
-		}
-		return names, cobra.ShellCompDirectiveNoFileComp
-	}
-}
-
-// NetworkNames offers completion for networks
-func NetworkNames(dockerCli command.Cli) ValidArgsFn {
-	return func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
-		list, err := dockerCli.Client().NetworkList(cmd.Context(), types.NetworkListOptions{})
-		if err != nil {
-			return nil, cobra.ShellCompDirectiveError
-		}
-		var names []string
-		for _, network := range list {
-			names = append(names, network.Name)
-		}
-		return names, cobra.ShellCompDirectiveNoFileComp
-	}
-}
-
-// NoComplete is used for commands where there's no relevant completion
-func NoComplete(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
-	return nil, cobra.ShellCompDirectiveNoFileComp
-}
--- a/cli/command/config/cmd.go
+++ b/cli/command/config/cmd.go
@ -1,23 +1,22 @@
 package config

 import (
+	"github.com/spf13/cobra"
+
 	"github.com/docker/cli/cli"
 	"github.com/docker/cli/cli/command"
-	"github.com/docker/cli/cli/command/completion"
-	"github.com/docker/docker/api/types"
-	"github.com/spf13/cobra"
 )

 // NewConfigCommand returns a cobra command for `config` subcommands
 func NewConfigCommand(dockerCli command.Cli) *cobra.Command {
 	cmd := &cobra.Command{
 		Use:   "config",
-		Short: "Manage Swarm configs",
+		Short: "Manage Docker configs",
 		Args:  cli.NoArgs,
 		RunE:  command.ShowHelp(dockerCli.Err()),
 		Annotations: map[string]string{
 			"version": "1.30",
-			"swarm":   "manager",
+			"swarm":   "",
 		},
 	}
 	cmd.AddCommand(
@ -28,18 +27,3 @@ func NewConfigCommand(dockerCli command.Cli) *cobra.Command {
 	)
 	return cmd
 }
-
-// completeNames offers completion for swarm configs
-func completeNames(dockerCli command.Cli) completion.ValidArgsFn {
-	return func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
-		list, err := dockerCli.Client().ConfigList(cmd.Context(), types.ConfigListOptions{})
-		if err != nil {
-			return nil, cobra.ShellCompDirectiveError
-		}
-		var names []string
-		for _, config := range list {
-			names = append(names, config.ID)
-		}
-		return names, cobra.ShellCompDirectiveNoFileComp
-	}
-}
--- a/cli/command/config/create.go
+++ b/cli/command/config/create.go
@ -4,13 +4,13 @@ import (
 	"context"
 	"fmt"
 	"io"
+	"io/ioutil"

 	"github.com/docker/cli/cli"
 	"github.com/docker/cli/cli/command"
-	"github.com/docker/cli/cli/command/completion"
 	"github.com/docker/cli/opts"
 	"github.com/docker/docker/api/types/swarm"
-	"github.com/moby/sys/sequential"
+	"github.com/docker/docker/pkg/system"
 	"github.com/pkg/errors"
 	"github.com/spf13/cobra"
 )
@ -37,7 +37,6 @@ func newConfigCreateCommand(dockerCli command.Cli) *cobra.Command {
 			createOpts.File = args[1]
 			return RunConfigCreate(dockerCli, createOpts)
 		},
-		ValidArgsFunction: completion.NoComplete,
 	}
 	flags := cmd.Flags()
 	flags.VarP(&createOpts.Labels, "label", "l", "Config labels")
@ -54,7 +53,7 @@ func RunConfigCreate(dockerCli command.Cli, options CreateOptions) error {

 	var in io.Reader = dockerCli.In()
 	if options.File != "-" {
-		file, err := sequential.Open(options.File)
+		file, err := system.OpenSequential(options.File)
 		if err != nil {
 			return err
 		}
@ -62,7 +61,7 @@ func RunConfigCreate(dockerCli command.Cli, options CreateOptions) error {
 		defer file.Close()
 	}

-	configData, err := io.ReadAll(in)
+	configData, err := ioutil.ReadAll(in)
 	if err != nil {
 		return errors.Errorf("Error reading content from %q: %v", options.File, err)
 	}
--- a/cli/command/config/create_test.go
+++ b/cli/command/config/create_test.go
@ -1,8 +1,7 @@
 package config

 import (
-	"io"
-	"os"
+	"io/ioutil"
 	"path/filepath"
 	"reflect"
 	"strings"
@ -29,8 +28,7 @@ func TestConfigCreateErrors(t *testing.T) {
 			args:          []string{"too_few"},
 			expectedError: "requires exactly 2 arguments",
 		},
-		{
-			args:          []string{"too", "many", "arguments"},
+		{args: []string{"too", "many", "arguments"},
 			expectedError: "requires exactly 2 arguments",
 		},
 		{
@ -48,7 +46,7 @@ func TestConfigCreateErrors(t *testing.T) {
 			}),
 		)
 		cmd.SetArgs(tc.args)
-		cmd.SetOut(io.Discard)
+		cmd.SetOut(ioutil.Discard)
 		assert.ErrorContains(t, cmd.Execute(), tc.expectedError)
 	}
 }
@ -84,7 +82,7 @@ func TestConfigCreateWithLabels(t *testing.T) {
 	}
 	name := "foo"

-	data, err := os.ReadFile(filepath.Join("testdata", configDataFile))
+	data, err := ioutil.ReadFile(filepath.Join("testdata", configDataFile))
 	assert.NilError(t, err)

 	expected := swarm.ConfigSpec{
--- a/cli/command/config/formatter_test.go
+++ b/cli/command/config/formatter_test.go
@ -26,39 +26,29 @@ func TestConfigContextFormatWrite(t *testing.T) {
 			`template parsing error: template: :1:2: executing "" at <nil>: nil is not a command`,
 		},
 		// Table format
-		{
-			formatter.Context{Format: NewFormat("table", false)},
+		{formatter.Context{Format: NewFormat("table", false)},
 			`ID        NAME        CREATED                  UPDATED
 1         passwords   Less than a second ago   Less than a second ago
 2         id_rsa      Less than a second ago   Less than a second ago
-`,
-		},
-		{
-			formatter.Context{Format: NewFormat("table {{.Name}}", true)},
+`},
+		{formatter.Context{Format: NewFormat("table {{.Name}}", true)},
 			`NAME
 passwords
 id_rsa
-`,
-		},
-		{
-			formatter.Context{Format: NewFormat("{{.ID}}-{{.Name}}", false)},
+`},
+		{formatter.Context{Format: NewFormat("{{.ID}}-{{.Name}}", false)},
 			`1-passwords
 2-id_rsa
-`,
-		},
+`},
 	}

 	configs := []swarm.Config{
-		{
-			ID:   "1",
+		{ID: "1",
 			Meta: swarm.Meta{CreatedAt: time.Now(), UpdatedAt: time.Now()},
-			Spec: swarm.ConfigSpec{Annotations: swarm.Annotations{Name: "passwords"}},
-		},
-		{
-			ID:   "2",
+			Spec: swarm.ConfigSpec{Annotations: swarm.Annotations{Name: "passwords"}}},
+		{ID: "2",
 			Meta: swarm.Meta{CreatedAt: time.Now(), UpdatedAt: time.Now()},
-			Spec: swarm.ConfigSpec{Annotations: swarm.Annotations{Name: "id_rsa"}},
-		},
+			Spec: swarm.ConfigSpec{Annotations: swarm.Annotations{Name: "id_rsa"}}},
 	}
 	for _, tc := range cases {
 		tc := tc
--- a/cli/command/config/inspect.go
+++ b/cli/command/config/inspect.go
@ -2,13 +2,12 @@ package config

 import (
 	"context"
-	"errors"
+	"fmt"
 	"strings"

 	"github.com/docker/cli/cli"
 	"github.com/docker/cli/cli/command"
 	"github.com/docker/cli/cli/command/formatter"
-	flagsHelper "github.com/docker/cli/cli/flags"
 	"github.com/spf13/cobra"
 )

@ -29,12 +28,9 @@ func newConfigInspectCommand(dockerCli command.Cli) *cobra.Command {
 			opts.Names = args
 			return RunConfigInspect(dockerCli, opts)
 		},
-		ValidArgsFunction: func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
-			return completeNames(dockerCli)(cmd, args, toComplete)
-		},
 	}

-	cmd.Flags().StringVarP(&opts.Format, "format", "f", "", flagsHelper.InspectFormatHelp)
+	cmd.Flags().StringVarP(&opts.Format, "format", "f", "", "Format the output using the given Go template")
 	cmd.Flags().BoolVar(&opts.Pretty, "pretty", false, "Print the information in a human friendly format")
 	return cmd
 }
@ -56,7 +52,7 @@ func RunConfigInspect(dockerCli command.Cli, opts InspectOptions) error {
 	// check if the user is trying to apply a template to the pretty format, which
 	// is not supported
 	if strings.HasPrefix(f, "pretty") && f != "pretty" {
-		return errors.New("cannot supply extra formatting options to the pretty template")
+		return fmt.Errorf("Cannot supply extra formatting options to the pretty template")
 	}

 	configCtx := formatter.Context{
@ -68,4 +64,5 @@ func RunConfigInspect(dockerCli command.Cli, opts InspectOptions) error {
 		return cli.StatusError{StatusCode: 1, Status: err.Error()}
 	}
 	return nil
+
 }
--- a/cli/command/config/inspect_test.go
+++ b/cli/command/config/inspect_test.go
@ -2,7 +2,7 @@ package config

 import (
 	"fmt"
-	"io"
+	"io/ioutil"
 	"testing"
 	"time"

@ -59,7 +59,7 @@ func TestConfigInspectErrors(t *testing.T) {
 		for key, value := range tc.flags {
 			cmd.Flags().Set(key, value)
 		}
-		cmd.SetOut(io.Discard)
+		cmd.SetOut(ioutil.Discard)
 		assert.ErrorContains(t, cmd.Execute(), tc.expectedError)
 	}
 }
--- a/cli/command/config/ls.go
+++ b/cli/command/config/ls.go
@ -6,9 +6,7 @@ import (

 	"github.com/docker/cli/cli"
 	"github.com/docker/cli/cli/command"
-	"github.com/docker/cli/cli/command/completion"
 	"github.com/docker/cli/cli/command/formatter"
-	flagsHelper "github.com/docker/cli/cli/flags"
 	"github.com/docker/cli/opts"
 	"github.com/docker/docker/api/types"
 	"github.com/fvbommel/sortorder"
@ -33,12 +31,11 @@ func newConfigListCommand(dockerCli command.Cli) *cobra.Command {
 		RunE: func(cmd *cobra.Command, args []string) error {
 			return RunConfigList(dockerCli, listOpts)
 		},
-		ValidArgsFunction: completion.NoComplete,
 	}

 	flags := cmd.Flags()
 	flags.BoolVarP(&listOpts.Quiet, "quiet", "q", false, "Only display IDs")
-	flags.StringVarP(&listOpts.Format, "format", "", "", flagsHelper.FormatHelp)
+	flags.StringVarP(&listOpts.Format, "format", "", "", "Pretty-print configs using a Go template")
 	flags.VarP(&listOpts.Filter, "filter", "f", "Filter output based on conditions provided")

 	return cmd
--- a/cli/command/config/ls_test.go
+++ b/cli/command/config/ls_test.go
@ -1,7 +1,7 @@
 package config

 import (
-	"io"
+	"io/ioutil"
 	"testing"
 	"time"

@ -40,7 +40,7 @@ func TestConfigListErrors(t *testing.T) {
 			}),
 		)
 		cmd.SetArgs(tc.args)
-		cmd.SetOut(io.Discard)
+		cmd.SetOut(ioutil.Discard)
 		assert.ErrorContains(t, cmd.Execute(), tc.expectedError)
 	}
 }
--- a/cli/command/config/remove.go
+++ b/cli/command/config/remove.go
@ -28,9 +28,6 @@ func newConfigRemoveCommand(dockerCli command.Cli) *cobra.Command {
 			}
 			return RunConfigRemove(dockerCli, opts)
 		},
-		ValidArgsFunction: func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
-			return completeNames(dockerCli)(cmd, args, toComplete)
-		},
 	}
 }

--- a/cli/command/config/remove_test.go
+++ b/cli/command/config/remove_test.go
@ -1,7 +1,7 @@
 package config

 import (
-	"io"
+	"io/ioutil"
 	"strings"
 	"testing"

@ -36,7 +36,7 @@ func TestConfigRemoveErrors(t *testing.T) {
 			}),
 		)
 		cmd.SetArgs(tc.args)
-		cmd.SetOut(io.Discard)
+		cmd.SetOut(ioutil.Discard)
 		assert.ErrorContains(t, cmd.Execute(), tc.expectedError)
 	}
 }
@ -73,7 +73,7 @@ func TestConfigRemoveContinueAfterError(t *testing.T) {

 	cmd := newConfigRemoveCommand(cli)
 	cmd.SetArgs(names)
-	cmd.SetOut(io.Discard)
+	cmd.SetOut(ioutil.Discard)
 	assert.Error(t, cmd.Execute(), "error removing config: foo")
 	assert.Check(t, is.DeepEqual(names, removedConfigs))
 }
--- a/cli/command/container/attach.go
+++ b/cli/command/container/attach.go
@ -7,11 +7,10 @@ import (

 	"github.com/docker/cli/cli"
 	"github.com/docker/cli/cli/command"
-	"github.com/docker/cli/cli/command/completion"
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/client"
-	"github.com/moby/sys/signal"
+	"github.com/docker/docker/pkg/signal"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"
@ -55,12 +54,6 @@ func NewAttachCommand(dockerCli command.Cli) *cobra.Command {
 			opts.container = args[0]
 			return runAttach(dockerCli, &opts)
 		},
-		Annotations: map[string]string{
-			"aliases": "docker container attach, docker attach",
-		},
-		ValidArgsFunction: completion.ContainerNames(dockerCli, false, func(container types.Container) bool {
-			return container.State != "paused"
-		}),
 	}

 	flags := cmd.Flags()
@ -104,7 +97,7 @@ func runAttach(dockerCli command.Cli, opts *attachOptions) error {
 	}

 	if opts.proxy && !c.Config.Tty {
-		sigc := notifyAllSignals()
+		sigc := notfiyAllSignals()
 		go ForwardAllSignals(ctx, dockerCli, opts.container, sigc)
 		defer signal.StopCatch(sigc)
 	}
@ -149,7 +142,7 @@ func runAttach(dockerCli command.Cli, opts *attachOptions) error {
 	return getExitStatus(errC, resultC)
 }

-func getExitStatus(errC <-chan error, resultC <-chan container.WaitResponse) error {
+func getExitStatus(errC <-chan error, resultC <-chan container.ContainerWaitOKBody) error {
 	select {
 	case result := <-resultC:
 		if result.Error != nil {
--- a/cli/command/container/attach_test.go
+++ b/cli/command/container/attach_test.go
@ -2,7 +2,7 @@ package container

 import (
 	"fmt"
-	"io"
+	"io/ioutil"
 	"testing"

 	"github.com/docker/cli/cli"
@ -71,7 +71,7 @@ func TestNewAttachCommandErrors(t *testing.T) {
 	}
 	for _, tc := range testCases {
 		cmd := NewAttachCommand(test.NewFakeCli(&fakeClient{inspectFunc: tc.containerInspectFunc}))
-		cmd.SetOut(io.Discard)
+		cmd.SetOut(ioutil.Discard)
 		cmd.SetArgs(tc.args)
 		assert.ErrorContains(t, cmd.Execute(), tc.expectedError)
 	}
@ -81,16 +81,16 @@ func TestGetExitStatus(t *testing.T) {
 	var (
 		expectedErr = fmt.Errorf("unexpected error")
 		errC        = make(chan error, 1)
-		resultC     = make(chan container.WaitResponse, 1)
+		resultC     = make(chan container.ContainerWaitOKBody, 1)
 	)

 	testcases := []struct {
-		result        *container.WaitResponse
+		result        *container.ContainerWaitOKBody
 		err           error
 		expectedError error
 	}{
 		{
-			result: &container.WaitResponse{
+			result: &container.ContainerWaitOKBody{
 				StatusCode: 0,
 			},
 		},
@ -99,13 +99,13 @@ func TestGetExitStatus(t *testing.T) {
 			expectedError: expectedErr,
 		},
 		{
-			result: &container.WaitResponse{
-				Error: &container.WaitExitError{Message: expectedErr.Error()},
+			result: &container.ContainerWaitOKBody{
+				Error: &container.ContainerWaitOKBodyError{Message: expectedErr.Error()},
 			},
 			expectedError: expectedErr,
 		},
 		{
-			result: &container.WaitResponse{
+			result: &container.ContainerWaitOKBody{
 				StatusCode: 15,
 			},
 			expectedError: cli.StatusError{StatusCode: 15},
--- a/cli/command/container/client_test.go
+++ b/cli/command/container/client_test.go
@ -20,14 +20,14 @@ type fakeClient struct {
 		hostConfig *container.HostConfig,
 		networkingConfig *network.NetworkingConfig,
 		platform *specs.Platform,
-		containerName string) (container.CreateResponse, error)
+		containerName string) (container.ContainerCreateCreatedBody, error)
 	containerStartFunc      func(container string, options types.ContainerStartOptions) error
 	imageCreateFunc         func(parentReference string, options types.ImageCreateOptions) (io.ReadCloser, error)
 	infoFunc                func() (types.Info, error)
 	containerStatPathFunc   func(container, path string) (types.ContainerPathStat, error)
 	containerCopyFromFunc   func(container, srcPath string) (io.ReadCloser, types.ContainerPathStat, error)
 	logFunc                 func(string, types.ContainerLogsOptions) (io.ReadCloser, error)
-	waitFunc                func(string) (<-chan container.WaitResponse, <-chan error)
+	waitFunc                func(string) (<-chan container.ContainerWaitOKBody, <-chan error)
 	containerListFunc       func(types.ContainerListOptions) ([]types.Container, error)
 	containerExportFunc     func(string) (io.ReadCloser, error)
 	containerExecResizeFunc func(id string, options types.ResizeOptions) error
@ -75,11 +75,11 @@ func (f *fakeClient) ContainerCreate(
 	networkingConfig *network.NetworkingConfig,
 	platform *specs.Platform,
 	containerName string,
-) (container.CreateResponse, error) {
+) (container.ContainerCreateCreatedBody, error) {
 	if f.createContainerFunc != nil {
 		return f.createContainerFunc(config, hostConfig, networkingConfig, platform, containerName)
 	}
-	return container.CreateResponse{}, nil
+	return container.ContainerCreateCreatedBody{}, nil
 }

 func (f *fakeClient) ContainerRemove(ctx context.Context, container string, options types.ContainerRemoveOptions) error {
@ -128,7 +128,7 @@ func (f *fakeClient) ClientVersion() string {
 	return f.Version
 }

-func (f *fakeClient) ContainerWait(_ context.Context, container string, _ container.WaitCondition) (<-chan container.WaitResponse, <-chan error) {
+func (f *fakeClient) ContainerWait(_ context.Context, container string, _ container.WaitCondition) (<-chan container.ContainerWaitOKBody, <-chan error) {
 	if f.waitFunc != nil {
 		return f.waitFunc(container)
 	}
--- a/cli/command/container/commit.go
+++ b/cli/command/container/commit.go
@ -6,7 +6,6 @@ import (

 	"github.com/docker/cli/cli"
 	"github.com/docker/cli/cli/command"
-	"github.com/docker/cli/cli/command/completion"
 	"github.com/docker/cli/opts"
 	"github.com/docker/docker/api/types"
 	"github.com/spf13/cobra"
@ -37,10 +36,6 @@ func NewCommitCommand(dockerCli command.Cli) *cobra.Command {
 			}
 			return runCommit(dockerCli, &options)
 		},
-		Annotations: map[string]string{
-			"aliases": "docker container commit, docker commit",
-		},
-		ValidArgsFunction: completion.ContainerNames(dockerCli, false),
 	}

 	flags := cmd.Flags()
@ -48,7 +43,7 @@ func NewCommitCommand(dockerCli command.Cli) *cobra.Command {

 	flags.BoolVarP(&options.pause, "pause", "p", true, "Pause container during commit")
 	flags.StringVarP(&options.comment, "message", "m", "", "Commit message")
-	flags.StringVarP(&options.author, "author", "a", "", `Author (e.g., "John Hannibal Smith <hannibal@a-team.com>")`)
+	flags.StringVarP(&options.author, "author", "a", "", "Author (e.g., \"John Hannibal Smith <hannibal@a-team.com>\")")

 	options.changes = opts.NewListOpts(nil)
 	flags.VarP(&options.changes, "change", "c", "Apply Dockerfile instruction to the created image")
--- a/cli/command/container/cp.go
+++ b/cli/command/container/cp.go
@ -2,7 +2,6 @@ package container

 import (
 	"context"
-	"fmt"
 	"io"
 	"os"
 	"path/filepath"
@ -13,8 +12,6 @@ import (
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/pkg/archive"
 	"github.com/docker/docker/pkg/system"
-	units "github.com/docker/go-units"
-	"github.com/morikuni/aec"
 	"github.com/pkg/errors"
 	"github.com/spf13/cobra"
 )
@ -24,7 +21,6 @@ type copyOptions struct {
 	destination string
 	followLink  bool
 	copyUIDGID  bool
-	quiet       bool
 }

 type copyDirection int
@ -38,38 +34,11 @@ const (
 type cpConfig struct {
 	followLink bool
 	copyUIDGID bool
-	quiet      bool
 	sourcePath string
 	destPath   string
 	container  string
 }

-// copyProgressPrinter wraps io.ReadCloser to print progress information when
-// copying files to/from a container.
-type copyProgressPrinter struct {
-	io.ReadCloser
-	toContainer bool
-	total       *float64
-	writer      io.Writer
-}
-
-func (pt *copyProgressPrinter) Read(p []byte) (int, error) {
-	n, err := pt.ReadCloser.Read(p)
-	*pt.total += float64(n)
-
-	if err == nil {
-		fmt.Fprint(pt.writer, aec.Restore)
-		fmt.Fprint(pt.writer, aec.EraseLine(aec.EraseModes.All))
-		if pt.toContainer {
-			fmt.Fprintln(pt.writer, "Copying to container - "+units.HumanSize(*pt.total))
-		} else {
-			fmt.Fprintln(pt.writer, "Copying from container - "+units.HumanSize(*pt.total))
-		}
-	}
-
-	return n, err
-}
-
 // NewCopyCommand creates a new `docker cp` command
 func NewCopyCommand(dockerCli command.Cli) *cobra.Command {
 	var opts copyOptions
@ -95,21 +64,13 @@ func NewCopyCommand(dockerCli command.Cli) *cobra.Command {
 			}
 			opts.source = args[0]
 			opts.destination = args[1]
-			if !cmd.Flag("quiet").Changed {
-				// User did not specify "quiet" flag; suppress output if no terminal is attached
-				opts.quiet = !dockerCli.Out().IsTerminal()
-			}
 			return runCopy(dockerCli, opts)
 		},
-		Annotations: map[string]string{
-			"aliases": "docker container cp, docker cp",
-		},
 	}

 	flags := cmd.Flags()
 	flags.BoolVarP(&opts.followLink, "follow-link", "L", false, "Always follow symbol link in SRC_PATH")
 	flags.BoolVarP(&opts.copyUIDGID, "archive", "a", false, "Archive mode (copy all uid/gid information)")
-	flags.BoolVarP(&opts.quiet, "quiet", "q", false, "Suppress progress output during copy. Progress output is automatically suppressed if no terminal is attached")
 	return cmd
 }

@ -120,7 +81,6 @@ func runCopy(dockerCli command.Cli, opts copyOptions) error {
 	copyConfig := cpConfig{
 		followLink: opts.followLink,
 		copyUIDGID: opts.copyUIDGID,
-		quiet:      opts.quiet,
 		sourcePath: srcPath,
 		destPath:   destPath,
 	}
@ -211,34 +171,12 @@ func copyFromContainer(ctx context.Context, dockerCli command.Cli, copyConfig cp
 		RebaseName: rebaseName,
 	}

-	var copiedSize float64
-	if !copyConfig.quiet {
-		content = &copyProgressPrinter{
-			ReadCloser:  content,
-			toContainer: false,
-			writer:      dockerCli.Err(),
-			total:       &copiedSize,
-		}
-	}
-
 	preArchive := content
 	if len(srcInfo.RebaseName) != 0 {
 		_, srcBase := archive.SplitPathDirEntry(srcInfo.Path)
 		preArchive = archive.RebaseArchiveEntries(content, srcBase, srcInfo.RebaseName)
 	}
-
-	if copyConfig.quiet {
-		return archive.CopyTo(preArchive, srcInfo, dstPath)
-	}
-
-	fmt.Fprint(dockerCli.Err(), aec.Save)
-	fmt.Fprintln(dockerCli.Err(), "Preparing to copy...")
-	res := archive.CopyTo(preArchive, srcInfo, dstPath)
-	fmt.Fprint(dockerCli.Err(), aec.Restore)
-	fmt.Fprint(dockerCli.Err(), aec.EraseLine(aec.EraseModes.All))
-	fmt.Fprintln(dockerCli.Err(), "Successfully copied", units.HumanSize(copiedSize), "to", dstPath)
-
-	return res
+	return archive.CopyTo(preArchive, srcInfo, dstPath)
 }

 // In order to get the copy behavior right, we need to know information
@ -291,9 +229,8 @@ func copyToContainer(ctx context.Context, dockerCli command.Cli, copyConfig cpCo
 	}

 	var (
-		content         io.ReadCloser
+		content         io.Reader
 		resolvedDstPath string
-		copiedSize      float64
 	)

 	if srcPath == "-" {
@ -335,45 +272,23 @@ func copyToContainer(ctx context.Context, dockerCli command.Cli, copyConfig cpCo

 		resolvedDstPath = dstDir
 		content = preparedArchive
-		if !copyConfig.quiet {
-			content = &copyProgressPrinter{
-				ReadCloser:  content,
-				toContainer: true,
-				writer:      dockerCli.Err(),
-				total:       &copiedSize,
-			}
-		}
 	}

 	options := types.CopyToContainerOptions{
 		AllowOverwriteDirWithFile: false,
 		CopyUIDGID:                copyConfig.copyUIDGID,
 	}
-
-	if copyConfig.quiet {
-		return client.CopyToContainer(ctx, copyConfig.container, resolvedDstPath, content, options)
-	}
-
-	fmt.Fprint(dockerCli.Err(), aec.Save)
-	fmt.Fprintln(dockerCli.Err(), "Preparing to copy...")
-	res := client.CopyToContainer(ctx, copyConfig.container, resolvedDstPath, content, options)
-	fmt.Fprint(dockerCli.Err(), aec.Restore)
-	fmt.Fprint(dockerCli.Err(), aec.EraseLine(aec.EraseModes.All))
-	fmt.Fprintln(dockerCli.Err(), "Successfully copied", units.HumanSize(copiedSize), "to", copyConfig.container+":"+dstInfo.Path)
-
-	return res
+	return client.CopyToContainer(ctx, copyConfig.container, resolvedDstPath, content, options)
 }

 // We use `:` as a delimiter between CONTAINER and PATH, but `:` could also be
 // in a valid LOCALPATH, like `file:name.txt`. We can resolve this ambiguity by
 // requiring a LOCALPATH with a `:` to be made explicit with a relative or
 // absolute path:
-//
-//	`/path/to/file:name.txt` or `./file:name.txt`
+// 	`/path/to/file:name.txt` or `./file:name.txt`
 //
 // This is apparently how `scp` handles this as well:
-//
-//	http://www.cyberciti.biz/faq/rsync-scp-file-name-with-colon-punctuation-in-it/
+// 	http://www.cyberciti.biz/faq/rsync-scp-file-name-with-colon-punctuation-in-it/
 //
 // We can't simply check for a filepath separator because container names may
 // have a separator, e.g., "host0/cname1" if container is in a Docker cluster,
@ -386,12 +301,13 @@ func splitCpArg(arg string) (container, path string) {
 		return "", arg
 	}

-	container, path, ok := strings.Cut(arg, ":")
-	if !ok || strings.HasPrefix(container, ".") {
+	parts := strings.SplitN(arg, ":", 2)
+
+	if len(parts) == 1 || strings.HasPrefix(parts[0], ".") {
 		// Either there's no `:` in the arg
 		// OR it's an explicit local relative path like `./file:name.txt`.
 		return "", arg
 	}

-	return container, path
+	return parts[0], parts[1]
 }
--- a/cli/command/container/cp_test.go
+++ b/cli/command/container/cp_test.go
@ -2,6 +2,7 @@ package container

 import (
 	"io"
+	"io/ioutil"
 	"os"
 	"runtime"
 	"strings"
@ -17,7 +18,7 @@ import (
 )

 func TestRunCopyWithInvalidArguments(t *testing.T) {
-	testcases := []struct {
+	var testcases = []struct {
 		doc         string
 		options     copyOptions
 		expectedErr string
@ -53,7 +54,7 @@ func TestRunCopyFromContainerToStdout(t *testing.T) {
 	fakeClient := &fakeClient{
 		containerCopyFromFunc: func(container, srcPath string) (io.ReadCloser, types.ContainerPathStat, error) {
 			assert.Check(t, is.Equal("container", container))
-			return io.NopCloser(strings.NewReader(tarContent)), types.ContainerPathStat{}, nil
+			return ioutil.NopCloser(strings.NewReader(tarContent)), types.ContainerPathStat{}, nil
 		},
 	}
 	options := copyOptions{source: "container:/path", destination: "-"}
@ -76,14 +77,14 @@ func TestRunCopyFromContainerToFilesystem(t *testing.T) {
 			return readCloser, types.ContainerPathStat{}, err
 		},
 	}
-	options := copyOptions{source: "container:/path", destination: destDir.Path(), quiet: true}
+	options := copyOptions{source: "container:/path", destination: destDir.Path()}
 	cli := test.NewFakeCli(fakeClient)
 	err := runCopy(cli, options)
 	assert.NilError(t, err)
 	assert.Check(t, is.Equal("", cli.OutBuffer().String()))
 	assert.Check(t, is.Equal("", cli.ErrBuffer().String()))

-	content, err := os.ReadFile(destDir.Join("file1"))
+	content, err := ioutil.ReadFile(destDir.Join("file1"))
 	assert.NilError(t, err)
 	assert.Check(t, is.Equal("content\n", string(content)))
 }
@ -143,7 +144,7 @@ func TestRunCopyToContainerSourceDoesNotExist(t *testing.T) {
 }

 func TestSplitCpArg(t *testing.T) {
-	testcases := []struct {
+	var testcases = []struct {
 		doc               string
 		path              string
 		os                string
--- a/cli/command/container/create.go
+++ b/cli/command/container/create.go
@ -10,7 +10,6 @@ import (
 	"github.com/containerd/containerd/platforms"
 	"github.com/docker/cli/cli"
 	"github.com/docker/cli/cli/command"
-	"github.com/docker/cli/cli/command/completion"
 	"github.com/docker/cli/cli/command/image"
 	"github.com/docker/cli/opts"
 	"github.com/docker/distribution/reference"
@ -37,13 +36,12 @@ type createOptions struct {
 	name      string
 	platform  string
 	untrusted bool
-	pull      string // always, missing, never
-	quiet     bool
+	pull      string // alway, missing, never
 }

 // NewCreateCommand creates a new cobra.Command for `docker create`
 func NewCreateCommand(dockerCli command.Cli) *cobra.Command {
-	var options createOptions
+	var opts createOptions
 	var copts *containerOptions

 	cmd := &cobra.Command{
@ -55,36 +53,28 @@ func NewCreateCommand(dockerCli command.Cli) *cobra.Command {
 			if len(args) > 1 {
 				copts.Args = args[1:]
 			}
-			return runCreate(dockerCli, cmd.Flags(), &options, copts)
+			return runCreate(dockerCli, cmd.Flags(), &opts, copts)
 		},
-		Annotations: map[string]string{
-			"aliases": "docker container create, docker create",
-		},
-		ValidArgsFunction: completion.ImageNames(dockerCli),
 	}

 	flags := cmd.Flags()
 	flags.SetInterspersed(false)

-	flags.StringVar(&options.name, "name", "", "Assign a name to the container")
-	flags.StringVar(&options.pull, "pull", PullImageMissing, `Pull image before creating ("`+PullImageAlways+`", "|`+PullImageMissing+`", "`+PullImageNever+`")`)
-	flags.BoolVarP(&options.quiet, "quiet", "q", false, "Suppress the pull output")
+	flags.StringVar(&opts.name, "name", "", "Assign a name to the container")
+	flags.StringVar(&opts.pull, "pull", PullImageMissing,
+		`Pull image before creating ("`+PullImageAlways+`"|"`+PullImageMissing+`"|"`+PullImageNever+`")`)

 	// Add an explicit help that doesn't have a `-h` to prevent the conflict
 	// with hostname
 	flags.Bool("help", false, "Print usage")

-	command.AddPlatformFlag(flags, &options.platform)
-	command.AddTrustVerificationFlags(flags, &options.untrusted, dockerCli.ContentTrustEnabled())
+	command.AddPlatformFlag(flags, &opts.platform)
+	command.AddTrustVerificationFlags(flags, &opts.untrusted, dockerCli.ContentTrustEnabled())
 	copts = addFlags(flags)
 	return cmd
 }

 func runCreate(dockerCli command.Cli, flags *pflag.FlagSet, options *createOptions, copts *containerOptions) error {
-	if err := validatePullOpt(options.pull); err != nil {
-		reportError(dockerCli.Err(), "create", err.Error(), true)
-		return cli.StatusError{StatusCode: 125}
-	}
 	proxyConfig := dockerCli.ConfigFile().ParseProxyConfig(dockerCli.Client().DaemonHost(), opts.ConvertKVStringsToMapWithNil(copts.env.GetAll()))
 	newEnv := []string{}
 	for k, v := range proxyConfig {
@ -198,14 +188,15 @@ func newCIDFile(path string) (*cidFile, error) {
 	return &cidFile{path: path, file: f}, nil
 }

-//nolint:gocyclo
-func createContainer(ctx context.Context, dockerCli command.Cli, containerConfig *containerConfig, opts *createOptions) (*container.CreateResponse, error) {
+// nolint: gocyclo
+func createContainer(ctx context.Context, dockerCli command.Cli, containerConfig *containerConfig, opts *createOptions) (*container.ContainerCreateCreatedBody, error) {
 	config := containerConfig.Config
 	hostConfig := containerConfig.HostConfig
 	networkingConfig := containerConfig.NetworkingConfig
+	stderr := dockerCli.Err()

-	warnOnOomKillDisable(*hostConfig, dockerCli.Err())
-	warnOnLocalhostDNS(*hostConfig, dockerCli.Err())
+	warnOnOomKillDisable(*hostConfig, stderr)
+	warnOnLocalhostDNS(*hostConfig, stderr)

 	var (
 		trustedRef reference.Canonical
@ -236,11 +227,7 @@ func createContainer(ctx context.Context, dockerCli command.Cli, containerConfig
 	}

 	pullAndTagImage := func() error {
-		pullOut := dockerCli.Err()
-		if opts.quiet {
-			pullOut = io.Discard
-		}
-		if err := pullImage(ctx, dockerCli, config.Image, opts.platform, pullOut); err != nil {
+		if err := pullImage(ctx, dockerCli, config.Image, opts.platform, stderr); err != nil {
 			return err
 		}
 		if taggedRef, ok := namedRef.(reference.NamedTagged); ok && trustedRef != nil {
@ -268,17 +255,12 @@ func createContainer(ctx context.Context, dockerCli command.Cli, containerConfig
 		}
 	}

-	hostConfig.ConsoleSize[0], hostConfig.ConsoleSize[1] = dockerCli.Out().GetTtySize()
-
 	response, err := dockerCli.Client().ContainerCreate(ctx, config, hostConfig, networkingConfig, platform, opts.name)
 	if err != nil {
 		// Pull image if it does not exist locally and we have the PullImageMissing option. Default behavior.
 		if apiclient.IsErrNotFound(err) && namedRef != nil && opts.pull == PullImageMissing {
-			if !opts.quiet {
-				// we don't want to write to stdout anything apart from container.ID
-				fmt.Fprintf(dockerCli.Err(), "Unable to find image '%s' locally\n", reference.FamiliarString(namedRef))
-			}
-
+			// we don't want to write to stdout anything apart from container.ID
+			fmt.Fprintf(stderr, "Unable to find image '%s' locally\n", reference.FamiliarString(namedRef))
 			if err := pullAndTagImage(); err != nil {
 				return nil, err
 			}
@ -294,7 +276,7 @@ func createContainer(ctx context.Context, dockerCli command.Cli, containerConfig
 	}

 	for _, warning := range response.Warnings {
-		fmt.Fprintf(dockerCli.Err(), "WARNING: %s\n", warning)
+		fmt.Fprintf(stderr, "WARNING: %s\n", warning)
 	}
 	err = containerIDFile.Write(response.ID)
 	return &response, err
@ -328,19 +310,3 @@ var localhostIPRegexp = regexp.MustCompile(ipLocalhost)
 func isLocalhost(ip string) bool {
 	return localhostIPRegexp.MatchString(ip)
 }
-
-func validatePullOpt(val string) error {
-	switch val {
-	case PullImageAlways, PullImageMissing, PullImageNever, "":
-		// valid option, but nothing to do yet
-		return nil
-	default:
-		return fmt.Errorf(
-			"invalid pull option: '%s': must be one of %q, %q or %q",
-			val,
-			PullImageAlways,
-			PullImageMissing,
-			PullImageNever,
-		)
-	}
-}
--- a/cli/command/container/create_test.go
+++ b/cli/command/container/create_test.go
@ -2,16 +2,15 @@ package container

 import (
 	"context"
-	"errors"
 	"fmt"
 	"io"
+	"io/ioutil"
 	"os"
 	"runtime"
 	"sort"
 	"strings"
 	"testing"

-	"github.com/docker/cli/cli"
 	"github.com/docker/cli/cli/config/configfile"
 	"github.com/docker/cli/internal/test"
 	"github.com/docker/cli/internal/test/notary"
@ -20,7 +19,6 @@ import (
 	"github.com/docker/docker/api/types/network"
 	"github.com/google/go-cmp/cmp"
 	specs "github.com/opencontainers/image-spec/specs-go/v1"
-	"github.com/spf13/pflag"
 	"gotest.tools/v3/assert"
 	is "gotest.tools/v3/assert/cmp"
 	"gotest.tools/v3/fs"
@ -69,7 +67,7 @@ func TestCIDFileCloseWithWrite(t *testing.T) {
 	content := "id"
 	assert.NilError(t, file.Write(content))

-	actual, err := os.ReadFile(path)
+	actual, err := ioutil.ReadFile(path)
 	assert.NilError(t, err)
 	assert.Check(t, is.Equal(content, string(actual)))

@ -91,18 +89,18 @@ func TestCreateContainerImagePullPolicy(t *testing.T) {
 	cases := []struct {
 		PullPolicy      string
 		ExpectedPulls   int
-		ExpectedBody    container.CreateResponse
+		ExpectedBody    container.ContainerCreateCreatedBody
 		ExpectedErrMsg  string
 		ResponseCounter int
 	}{
 		{
 			PullPolicy:    PullImageMissing,
 			ExpectedPulls: 1,
-			ExpectedBody:  container.CreateResponse{ID: containerID},
+			ExpectedBody:  container.ContainerCreateCreatedBody{ID: containerID},
 		}, {
 			PullPolicy:      PullImageAlways,
 			ExpectedPulls:   1,
-			ExpectedBody:    container.CreateResponse{ID: containerID},
+			ExpectedBody:    container.ContainerCreateCreatedBody{ID: containerID},
 			ResponseCounter: 1, // This lets us return a container on the first pull
 		}, {
 			PullPolicy:     PullImageNever,
@ -121,18 +119,18 @@ func TestCreateContainerImagePullPolicy(t *testing.T) {
 				networkingConfig *network.NetworkingConfig,
 				platform *specs.Platform,
 				containerName string,
-			) (container.CreateResponse, error) {
+			) (container.ContainerCreateCreatedBody, error) {
 				defer func() { c.ResponseCounter++ }()
 				switch c.ResponseCounter {
 				case 0:
-					return container.CreateResponse{}, fakeNotFound{}
+					return container.ContainerCreateCreatedBody{}, fakeNotFound{}
 				default:
-					return container.CreateResponse{ID: containerID}, nil
+					return container.ContainerCreateCreatedBody{ID: containerID}, nil
 				}
 			},
 			imageCreateFunc: func(parentReference string, options types.ImageCreateOptions) (io.ReadCloser, error) {
 				defer func() { pullCounter++ }()
-				return io.NopCloser(strings.NewReader("")), nil
+				return ioutil.NopCloser(strings.NewReader("")), nil
 			},
 			infoFunc: func() (types.Info, error) {
 				return types.Info{IndexServerAddress: "https://indexserver.example.com"}, nil
@ -156,40 +154,6 @@ func TestCreateContainerImagePullPolicy(t *testing.T) {
 		assert.Check(t, is.Equal(c.ExpectedPulls, pullCounter))
 	}
 }
-
-func TestCreateContainerImagePullPolicyInvalid(t *testing.T) {
-	cases := []struct {
-		PullPolicy     string
-		ExpectedErrMsg string
-	}{
-		{
-			PullPolicy:     "busybox:latest",
-			ExpectedErrMsg: `invalid pull option: 'busybox:latest': must be one of "always", "missing" or "never"`,
-		},
-		{
-			PullPolicy:     "--network=foo",
-			ExpectedErrMsg: `invalid pull option: '--network=foo': must be one of "always", "missing" or "never"`,
-		},
-	}
-	for _, tc := range cases {
-		tc := tc
-		t.Run(tc.PullPolicy, func(t *testing.T) {
-			dockerCli := test.NewFakeCli(&fakeClient{})
-			err := runCreate(
-				dockerCli,
-				&pflag.FlagSet{},
-				&createOptions{pull: tc.PullPolicy},
-				&containerOptions{},
-			)
-
-			statusErr := cli.StatusError{}
-			assert.Check(t, errors.As(err, &statusErr))
-			assert.Equal(t, statusErr.StatusCode, 125)
-			assert.Check(t, is.Contains(dockerCli.ErrBuffer().String(), tc.ExpectedErrMsg))
-		})
-	}
-}
-
 func TestNewCreateCommandWithContentTrustErrors(t *testing.T) {
 	testCases := []struct {
 		name          string
@ -224,13 +188,13 @@ func TestNewCreateCommandWithContentTrustErrors(t *testing.T) {
 				networkingConfig *network.NetworkingConfig,
 				platform *specs.Platform,
 				containerName string,
-			) (container.CreateResponse, error) {
-				return container.CreateResponse{}, fmt.Errorf("shouldn't try to pull image")
+			) (container.ContainerCreateCreatedBody, error) {
+				return container.ContainerCreateCreatedBody{}, fmt.Errorf("shouldn't try to pull image")
 			},
 		}, test.EnableContentTrust)
 		cli.SetNotaryClient(tc.notaryFunc)
 		cmd := NewCreateCommand(cli)
-		cmd.SetOut(io.Discard)
+		cmd.SetOut(ioutil.Discard)
 		cmd.SetArgs(tc.args)
 		err := cmd.Execute()
 		assert.ErrorContains(t, err, tc.expectedError)
@ -285,12 +249,12 @@ func TestNewCreateCommandWithWarnings(t *testing.T) {
 					networkingConfig *network.NetworkingConfig,
 					platform *specs.Platform,
 					containerName string,
-				) (container.CreateResponse, error) {
-					return container.CreateResponse{}, nil
+				) (container.ContainerCreateCreatedBody, error) {
+					return container.ContainerCreateCreatedBody{}, nil
 				},
 			})
 			cmd := NewCreateCommand(cli)
-			cmd.SetOut(io.Discard)
+			cmd.SetOut(ioutil.Discard)
 			cmd.SetArgs(tc.args)
 			err := cmd.Execute()
 			assert.NilError(t, err)
@ -313,8 +277,6 @@ func TestCreateContainerWithProxyConfig(t *testing.T) {
 		"no_proxy=noProxy",
 		"FTP_PROXY=ftpProxy",
 		"ftp_proxy=ftpProxy",
-		"ALL_PROXY=allProxy",
-		"all_proxy=allProxy",
 	}
 	sort.Strings(expected)

@ -324,10 +286,10 @@ func TestCreateContainerWithProxyConfig(t *testing.T) {
 			networkingConfig *network.NetworkingConfig,
 			platform *specs.Platform,
 			containerName string,
-		) (container.CreateResponse, error) {
+		) (container.ContainerCreateCreatedBody, error) {
 			sort.Strings(config.Env)
 			assert.DeepEqual(t, config.Env, expected)
-			return container.CreateResponse{}, nil
+			return container.ContainerCreateCreatedBody{}, nil
 		},
 	})
 	cli.SetConfigFile(&configfile.ConfigFile{
@ -337,12 +299,11 @@ func TestCreateContainerWithProxyConfig(t *testing.T) {
 				HTTPSProxy: "httpsProxy",
 				NoProxy:    "noProxy",
 				FTPProxy:   "ftpProxy",
-				AllProxy:   "allProxy",
 			},
 		},
 	})
 	cmd := NewCreateCommand(cli)
-	cmd.SetOut(io.Discard)
+	cmd.SetOut(ioutil.Discard)
 	cmd.SetArgs([]string{"image:tag"})
 	err := cmd.Execute()
 	assert.NilError(t, err)
--- a/cli/command/container/diff.go
+++ b/cli/command/container/diff.go
@ -5,7 +5,6 @@ import (

 	"github.com/docker/cli/cli"
 	"github.com/docker/cli/cli/command"
-	"github.com/docker/cli/cli/command/completion"
 	"github.com/docker/cli/cli/command/formatter"
 	"github.com/pkg/errors"
 	"github.com/spf13/cobra"
@ -27,10 +26,6 @@ func NewDiffCommand(dockerCli command.Cli) *cobra.Command {
 			opts.container = args[0]
 			return runDiff(dockerCli, &opts)
 		},
-		Annotations: map[string]string{
-			"aliases": "docker container diff, docker diff",
-		},
-		ValidArgsFunction: completion.ContainerNames(dockerCli, false),
 	}
 }

--- a/cli/command/container/exec.go
+++ b/cli/command/container/exec.go
@ -4,11 +4,9 @@ import (
 	"context"
 	"fmt"
 	"io"
-	"os"

 	"github.com/docker/cli/cli"
 	"github.com/docker/cli/cli/command"
-	"github.com/docker/cli/cli/command/completion"
 	"github.com/docker/cli/cli/config/configfile"
 	"github.com/docker/cli/opts"
 	"github.com/docker/docker/api/types"
@ -18,85 +16,62 @@ import (
 	"github.com/spf13/cobra"
 )

-// ExecOptions group options for `exec` command
-type ExecOptions struct {
-	DetachKeys  string
-	Interactive bool
-	TTY         bool
-	Detach      bool
-	User        string
-	Privileged  bool
-	Env         opts.ListOpts
-	Workdir     string
-	Container   string
-	Command     []string
-	EnvFile     opts.ListOpts
+type execOptions struct {
+	detachKeys  string
+	interactive bool
+	tty         bool
+	detach      bool
+	user        string
+	privileged  bool
+	env         opts.ListOpts
+	workdir     string
+	container   string
+	command     []string
+	envFile     opts.ListOpts
 }

-// NewExecOptions creates a new ExecOptions
-func NewExecOptions() ExecOptions {
-	return ExecOptions{
-		Env:     opts.NewListOpts(opts.ValidateEnv),
-		EnvFile: opts.NewListOpts(nil),
+func newExecOptions() execOptions {
+	return execOptions{
+		env:     opts.NewListOpts(opts.ValidateEnv),
+		envFile: opts.NewListOpts(nil),
 	}
 }

 // NewExecCommand creates a new cobra.Command for `docker exec`
 func NewExecCommand(dockerCli command.Cli) *cobra.Command {
-	options := NewExecOptions()
+	options := newExecOptions()

 	cmd := &cobra.Command{
 		Use:   "exec [OPTIONS] CONTAINER COMMAND [ARG...]",
-		Short: "Execute a command in a running container",
+		Short: "Run a command in a running container",
 		Args:  cli.RequiresMinArgs(2),
 		RunE: func(cmd *cobra.Command, args []string) error {
-			options.Container = args[0]
-			options.Command = args[1:]
-			return RunExec(dockerCli, options)
-		},
-		ValidArgsFunction: completion.ContainerNames(dockerCli, false, func(container types.Container) bool {
-			return container.State != "paused"
-		}),
-		Annotations: map[string]string{
-			"category-top": "2",
-			"aliases":      "docker container exec, docker exec",
+			options.container = args[0]
+			options.command = args[1:]
+			return runExec(dockerCli, options)
 		},
 	}

 	flags := cmd.Flags()
 	flags.SetInterspersed(false)

-	flags.StringVarP(&options.DetachKeys, "detach-keys", "", "", "Override the key sequence for detaching a container")
-	flags.BoolVarP(&options.Interactive, "interactive", "i", false, "Keep STDIN open even if not attached")
-	flags.BoolVarP(&options.TTY, "tty", "t", false, "Allocate a pseudo-TTY")
-	flags.BoolVarP(&options.Detach, "detach", "d", false, "Detached mode: run command in the background")
-	flags.StringVarP(&options.User, "user", "u", "", `Username or UID (format: "<name|uid>[:<group|gid>]")`)
-	flags.BoolVarP(&options.Privileged, "privileged", "", false, "Give extended privileges to the command")
-	flags.VarP(&options.Env, "env", "e", "Set environment variables")
+	flags.StringVarP(&options.detachKeys, "detach-keys", "", "", "Override the key sequence for detaching a container")
+	flags.BoolVarP(&options.interactive, "interactive", "i", false, "Keep STDIN open even if not attached")
+	flags.BoolVarP(&options.tty, "tty", "t", false, "Allocate a pseudo-TTY")
+	flags.BoolVarP(&options.detach, "detach", "d", false, "Detached mode: run command in the background")
+	flags.StringVarP(&options.user, "user", "u", "", "Username or UID (format: <name|uid>[:<group|gid>])")
+	flags.BoolVarP(&options.privileged, "privileged", "", false, "Give extended privileges to the command")
+	flags.VarP(&options.env, "env", "e", "Set environment variables")
 	flags.SetAnnotation("env", "version", []string{"1.25"})
-	flags.Var(&options.EnvFile, "env-file", "Read in a file of environment variables")
+	flags.Var(&options.envFile, "env-file", "Read in a file of environment variables")
 	flags.SetAnnotation("env-file", "version", []string{"1.25"})
-	flags.StringVarP(&options.Workdir, "workdir", "w", "", "Working directory inside the container")
+	flags.StringVarP(&options.workdir, "workdir", "w", "", "Working directory inside the container")
 	flags.SetAnnotation("workdir", "version", []string{"1.35"})

-	cmd.RegisterFlagCompletionFunc(
-		"env",
-		func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
-			return os.Environ(), cobra.ShellCompDirectiveNoFileComp
-		},
-	)
-	cmd.RegisterFlagCompletionFunc(
-		"env-file",
-		func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
-			return nil, cobra.ShellCompDirectiveDefault // _filedir
-		},
-	)
-
 	return cmd
 }

-// RunExec executes an `exec` command
-func RunExec(dockerCli command.Cli, options ExecOptions) error {
+func runExec(dockerCli command.Cli, options execOptions) error {
 	execConfig, err := parseExec(options, dockerCli.ConfigFile())
 	if err != nil {
 		return err
@ -109,7 +84,7 @@ func RunExec(dockerCli command.Cli, options ExecOptions) error {
 	// otherwise if we error out we will leak execIDs on the server (and
 	// there's no easy way to clean those up). But also in order to make "not
 	// exist" errors take precedence we do a dummy inspect first.
-	if _, err := client.ContainerInspect(ctx, options.Container); err != nil {
+	if _, err := client.ContainerInspect(ctx, options.container); err != nil {
 		return err
 	}
 	if !execConfig.Detach {
@ -118,9 +93,7 @@ func RunExec(dockerCli command.Cli, options ExecOptions) error {
 		}
 	}

-	fillConsoleSize(execConfig, dockerCli)
-
-	response, err := client.ContainerExecCreate(ctx, options.Container, *execConfig)
+	response, err := client.ContainerExecCreate(ctx, options.container, *execConfig)
 	if err != nil {
 		return err
 	}
@ -132,22 +105,14 @@ func RunExec(dockerCli command.Cli, options ExecOptions) error {

 	if execConfig.Detach {
 		execStartCheck := types.ExecStartCheck{
-			Detach:      execConfig.Detach,
-			Tty:         execConfig.Tty,
-			ConsoleSize: execConfig.ConsoleSize,
+			Detach: execConfig.Detach,
+			Tty:    execConfig.Tty,
 		}
 		return client.ContainerExecStart(ctx, execID, execStartCheck)
 	}
 	return interactiveExec(ctx, dockerCli, execConfig, execID)
 }

-func fillConsoleSize(execConfig *types.ExecConfig, dockerCli command.Cli) {
-	if execConfig.Tty {
-		height, width := dockerCli.Out().GetTtySize()
-		execConfig.ConsoleSize = &[2]uint{height, width}
-	}
-}
-
 func interactiveExec(ctx context.Context, dockerCli command.Cli, execConfig *types.ExecConfig, execID string) error {
 	// Interactive exec requested.
 	var (
@ -168,12 +133,10 @@ func interactiveExec(ctx context.Context, dockerCli command.Cli, execConfig *typ
 			stderr = dockerCli.Err()
 		}
 	}
-	fillConsoleSize(execConfig, dockerCli)

 	client := dockerCli.Client()
 	execStartCheck := types.ExecStartCheck{
-		Tty:         execConfig.Tty,
-		ConsoleSize: execConfig.ConsoleSize,
+		Tty: execConfig.Tty,
 	}
 	resp, err := client.ContainerExecAttach(ctx, execID, execStartCheck)
 	if err != nil {
@ -232,33 +195,33 @@ func getExecExitStatus(ctx context.Context, client apiclient.ContainerAPIClient,

 // parseExec parses the specified args for the specified command and generates
 // an ExecConfig from it.
-func parseExec(execOpts ExecOptions, configFile *configfile.ConfigFile) (*types.ExecConfig, error) {
+func parseExec(execOpts execOptions, configFile *configfile.ConfigFile) (*types.ExecConfig, error) {
 	execConfig := &types.ExecConfig{
-		User:       execOpts.User,
-		Privileged: execOpts.Privileged,
-		Tty:        execOpts.TTY,
-		Cmd:        execOpts.Command,
-		Detach:     execOpts.Detach,
-		WorkingDir: execOpts.Workdir,
+		User:       execOpts.user,
+		Privileged: execOpts.privileged,
+		Tty:        execOpts.tty,
+		Cmd:        execOpts.command,
+		Detach:     execOpts.detach,
+		WorkingDir: execOpts.workdir,
 	}

 	// collect all the environment variables for the container
 	var err error
-	if execConfig.Env, err = opts.ReadKVEnvStrings(execOpts.EnvFile.GetAll(), execOpts.Env.GetAll()); err != nil {
+	if execConfig.Env, err = opts.ReadKVEnvStrings(execOpts.envFile.GetAll(), execOpts.env.GetAll()); err != nil {
 		return nil, err
 	}

 	// If -d is not set, attach to everything by default
-	if !execOpts.Detach {
+	if !execOpts.detach {
 		execConfig.AttachStdout = true
 		execConfig.AttachStderr = true
-		if execOpts.Interactive {
+		if execOpts.interactive {
 			execConfig.AttachStdin = true
 		}
 	}

-	if execOpts.DetachKeys != "" {
-		execConfig.DetachKeys = execOpts.DetachKeys
+	if execOpts.detachKeys != "" {
+		execConfig.DetachKeys = execOpts.detachKeys
 	} else {
 		execConfig.DetachKeys = configFile.DetachKeys
 	}
--- a/cli/command/container/exec_test.go
+++ b/cli/command/container/exec_test.go
@ -2,7 +2,7 @@ package container

 import (
 	"context"
-	"io"
+	"io/ioutil"
 	"os"
 	"testing"

@ -17,11 +17,11 @@ import (
 	"gotest.tools/v3/fs"
 )

-func withDefaultOpts(options ExecOptions) ExecOptions {
-	options.Env = opts.NewListOpts(opts.ValidateEnv)
-	options.EnvFile = opts.NewListOpts(nil)
-	if len(options.Command) == 0 {
-		options.Command = []string{"command"}
+func withDefaultOpts(options execOptions) execOptions {
+	options.env = opts.NewListOpts(opts.ValidateEnv)
+	options.envFile = opts.NewListOpts(nil)
+	if len(options.command) == 0 {
+		options.command = []string{"command"}
 	}
 	return options
 }
@ -35,7 +35,7 @@ TWO=2
 	defer tmpFile.Remove()

 	testcases := []struct {
-		options    ExecOptions
+		options    execOptions
 		configFile configfile.ConfigFile
 		expected   types.ExecConfig
 	}{
@ -45,7 +45,7 @@ TWO=2
 				AttachStdout: true,
 				AttachStderr: true,
 			},
-			options: withDefaultOpts(ExecOptions{}),
+			options: withDefaultOpts(execOptions{}),
 		},
 		{
 			expected: types.ExecConfig{
@ -53,15 +53,15 @@ TWO=2
 				AttachStdout: true,
 				AttachStderr: true,
 			},
-			options: withDefaultOpts(ExecOptions{
-				Command: []string{"command1", "command2"},
+			options: withDefaultOpts(execOptions{
+				command: []string{"command1", "command2"},
 			}),
 		},
 		{
-			options: withDefaultOpts(ExecOptions{
-				Interactive: true,
-				TTY:         true,
-				User:        "uid",
+			options: withDefaultOpts(execOptions{
+				interactive: true,
+				tty:         true,
+				user:        "uid",
 			}),
 			expected: types.ExecConfig{
 				User:         "uid",
@ -73,17 +73,17 @@ TWO=2
 			},
 		},
 		{
-			options: withDefaultOpts(ExecOptions{Detach: true}),
+			options: withDefaultOpts(execOptions{detach: true}),
 			expected: types.ExecConfig{
 				Detach: true,
 				Cmd:    []string{"command"},
 			},
 		},
 		{
-			options: withDefaultOpts(ExecOptions{
-				TTY:         true,
-				Interactive: true,
-				Detach:      true,
+			options: withDefaultOpts(execOptions{
+				tty:         true,
+				interactive: true,
+				detach:      true,
 			}),
 			expected: types.ExecConfig{
 				Detach: true,
@ -92,7 +92,7 @@ TWO=2
 			},
 		},
 		{
-			options:    withDefaultOpts(ExecOptions{Detach: true}),
+			options:    withDefaultOpts(execOptions{detach: true}),
 			configFile: configfile.ConfigFile{DetachKeys: "de"},
 			expected: types.ExecConfig{
 				Cmd:        []string{"command"},
@ -101,9 +101,9 @@ TWO=2
 			},
 		},
 		{
-			options: withDefaultOpts(ExecOptions{
-				Detach:     true,
-				DetachKeys: "ab",
+			options: withDefaultOpts(execOptions{
+				detach:     true,
+				detachKeys: "ab",
 			}),
 			configFile: configfile.ConfigFile{DetachKeys: "de"},
 			expected: types.ExecConfig{
@ -119,9 +119,9 @@ TWO=2
 				AttachStderr: true,
 				Env:          []string{"ONE=1", "TWO=2"},
 			},
-			options: func() ExecOptions {
-				o := withDefaultOpts(ExecOptions{})
-				o.EnvFile.Set(tmpFile.Path())
+			options: func() execOptions {
+				o := withDefaultOpts(execOptions{})
+				o.envFile.Set(tmpFile.Path())
 				return o
 			}(),
 		},
@ -132,10 +132,10 @@ TWO=2
 				AttachStderr: true,
 				Env:          []string{"ONE=1", "TWO=2", "ONE=override"},
 			},
-			options: func() ExecOptions {
-				o := withDefaultOpts(ExecOptions{})
-				o.EnvFile.Set(tmpFile.Path())
-				o.Env.Set("ONE=override")
+			options: func() execOptions {
+				o := withDefaultOpts(execOptions{})
+				o.envFile.Set(tmpFile.Path())
+				o.env.Set("ONE=override")
 				return o
 			}(),
 		},
@ -149,8 +149,8 @@ TWO=2
 }

 func TestParseExecNoSuchFile(t *testing.T) {
-	execOpts := withDefaultOpts(ExecOptions{})
-	execOpts.EnvFile.Set("no-such-env-file")
+	execOpts := withDefaultOpts(execOptions{})
+	execOpts.envFile.Set("no-such-env-file")
 	execConfig, err := parseExec(execOpts, &configfile.ConfigFile{})
 	assert.ErrorContains(t, err, "no-such-env-file")
 	assert.Check(t, os.IsNotExist(err))
@ -158,9 +158,9 @@ func TestParseExecNoSuchFile(t *testing.T) {
 }

 func TestRunExec(t *testing.T) {
-	testcases := []struct {
+	var testcases = []struct {
 		doc           string
-		options       ExecOptions
+		options       execOptions
 		client        fakeClient
 		expectedError string
 		expectedOut   string
@ -168,15 +168,15 @@ func TestRunExec(t *testing.T) {
 	}{
 		{
 			doc: "successful detach",
-			options: withDefaultOpts(ExecOptions{
-				Container: "thecontainer",
-				Detach:    true,
+			options: withDefaultOpts(execOptions{
+				container: "thecontainer",
+				detach:    true,
 			}),
 			client: fakeClient{execCreateFunc: execCreateWithID},
 		},
 		{
 			doc:     "inspect error",
-			options: NewExecOptions(),
+			options: newExecOptions(),
 			client: fakeClient{
 				inspectFunc: func(string) (types.ContainerJSON, error) {
 					return types.ContainerJSON{}, errors.New("failed inspect")
@ -186,7 +186,7 @@ func TestRunExec(t *testing.T) {
 		},
 		{
 			doc:           "missing exec ID",
-			options:       NewExecOptions(),
+			options:       newExecOptions(),
 			expectedError: "exec ID empty",
 		},
 	}
@ -195,7 +195,7 @@ func TestRunExec(t *testing.T) {
 		t.Run(testcase.doc, func(t *testing.T) {
 			cli := test.NewFakeCli(&testcase.client)

-			err := RunExec(cli, testcase.options)
+			err := runExec(cli, testcase.options)
 			if testcase.expectedError != "" {
 				assert.ErrorContains(t, err, testcase.expectedError)
 			} else {
@ -215,7 +215,7 @@ func execCreateWithID(_ string, _ types.ExecConfig) (types.IDResponse, error) {

 func TestGetExecExitStatus(t *testing.T) {
 	execID := "the exec id"
-	expectedErr := errors.New("unexpected error")
+	expecatedErr := errors.New("unexpected error")

 	testcases := []struct {
 		inspectError  error
@ -227,8 +227,8 @@ func TestGetExecExitStatus(t *testing.T) {
 			exitCode:     0,
 		},
 		{
-			inspectError:  expectedErr,
-			expectedError: expectedErr,
+			inspectError:  expecatedErr,
+			expectedError: expecatedErr,
 		},
 		{
 			exitCode:      15,
@ -267,7 +267,7 @@ func TestNewExecCommandErrors(t *testing.T) {
 	for _, tc := range testCases {
 		cli := test.NewFakeCli(&fakeClient{inspectFunc: tc.containerInspectFunc})
 		cmd := NewExecCommand(cli)
-		cmd.SetOut(io.Discard)
+		cmd.SetOut(ioutil.Discard)
 		cmd.SetArgs(tc.args)
 		assert.ErrorContains(t, cmd.Execute(), tc.expectedError)
 	}
--- a/cli/command/container/export.go
+++ b/cli/command/container/export.go
@ -6,7 +6,6 @@ import (

 	"github.com/docker/cli/cli"
 	"github.com/docker/cli/cli/command"
-	"github.com/docker/cli/cli/command/completion"
 	"github.com/pkg/errors"
 	"github.com/spf13/cobra"
 )
@ -28,10 +27,6 @@ func NewExportCommand(dockerCli command.Cli) *cobra.Command {
 			opts.container = args[0]
 			return runExport(dockerCli, opts)
 		},
-		Annotations: map[string]string{
-			"aliases": "docker container export, docker export",
-		},
-		ValidArgsFunction: completion.ContainerNames(dockerCli, true),
 	}

 	flags := cmd.Flags()
--- a/cli/command/container/export_test.go
+++ b/cli/command/container/export_test.go
@ -2,6 +2,7 @@ package container

 import (
 	"io"
+	"io/ioutil"
 	"strings"
 	"testing"

@ -16,11 +17,11 @@ func TestContainerExportOutputToFile(t *testing.T) {

 	cli := test.NewFakeCli(&fakeClient{
 		containerExportFunc: func(container string) (io.ReadCloser, error) {
-			return io.NopCloser(strings.NewReader("bar")), nil
+			return ioutil.NopCloser(strings.NewReader("bar")), nil
 		},
 	})
 	cmd := NewExportCommand(cli)
-	cmd.SetOut(io.Discard)
+	cmd.SetOut(ioutil.Discard)
 	cmd.SetArgs([]string{"-o", dir.Join("foo"), "container"})
 	assert.NilError(t, cmd.Execute())

@ -34,11 +35,11 @@ func TestContainerExportOutputToFile(t *testing.T) {
 func TestContainerExportOutputToIrregularFile(t *testing.T) {
 	cli := test.NewFakeCli(&fakeClient{
 		containerExportFunc: func(container string) (io.ReadCloser, error) {
-			return io.NopCloser(strings.NewReader("foo")), nil
+			return ioutil.NopCloser(strings.NewReader("foo")), nil
 		},
 	})
 	cmd := NewExportCommand(cli)
-	cmd.SetOut(io.Discard)
+	cmd.SetOut(ioutil.Discard)
 	cmd.SetArgs([]string{"-o", "/dev/random", "container"})

 	err := cmd.Execute()
--- a/cli/command/container/formatter_diff.go
+++ b/cli/command/container/formatter_diff.go
@ -24,6 +24,7 @@ func NewDiffFormat(source string) formatter.Format {

 // DiffFormatWrite writes formatted diff using the Context
 func DiffFormatWrite(ctx formatter.Context, changes []container.ContainerChangeResponseItem) error {
+
 	render := func(format func(subContext formatter.SubContext) error) error {
 		for _, change := range changes {
 			if err := format(&diffContext{c: change}); err != nil {
@ -64,6 +65,7 @@ func (d *diffContext) Type() string {
 		kind = "D"
 	}
 	return kind
+
 }

 func (d *diffContext) Path() string {
--- a/cli/command/container/formatter_stats.go
+++ b/cli/command/container/formatter_stats.go
@ -1,7 +1,7 @@
 package container

 import (
-	"strconv"
+	"fmt"
 	"sync"

 	"github.com/docker/cli/cli/command/formatter"
@ -43,7 +43,7 @@ type StatsEntry struct {

 // Stats represents an entity to store containers statistics synchronously
 type Stats struct {
-	mutex sync.RWMutex
+	mutex sync.Mutex
 	StatsEntry
 	err error
 }
@ -51,8 +51,8 @@ type Stats struct {
 // GetError returns the container statistics error.
 // This is used to determine whether the statistics are valid or not
 func (cs *Stats) GetError() error {
-	cs.mutex.RLock()
-	defer cs.mutex.RUnlock()
+	cs.mutex.Lock()
+	defer cs.mutex.Unlock()
 	return cs.err
 }

@ -94,8 +94,8 @@ func (cs *Stats) SetStatistics(s StatsEntry) {

 // GetStatistics returns container statistics with other meta data such as the container name
 func (cs *Stats) GetStatistics() StatsEntry {
-	cs.mutex.RLock()
-	defer cs.mutex.RUnlock()
+	cs.mutex.Lock()
+	defer cs.mutex.Unlock()
 	return cs.StatsEntry
 }

@ -183,7 +183,7 @@ func (c *statsContext) CPUPerc() string {
 	if c.s.IsInvalid {
 		return "--"
 	}
-	return formatPercentage(c.s.CPUPercentage)
+	return fmt.Sprintf("%.2f%%", c.s.CPUPercentage)
 }

 func (c *statsContext) MemUsage() string {
@ -193,37 +193,33 @@ func (c *statsContext) MemUsage() string {
 	if c.os == winOSType {
 		return units.BytesSize(c.s.Memory)
 	}
-	return units.BytesSize(c.s.Memory) + " / " + units.BytesSize(c.s.MemoryLimit)
+	return fmt.Sprintf("%s / %s", units.BytesSize(c.s.Memory), units.BytesSize(c.s.MemoryLimit))
 }

 func (c *statsContext) MemPerc() string {
 	if c.s.IsInvalid || c.os == winOSType {
 		return "--"
 	}
-	return formatPercentage(c.s.MemoryPercentage)
+	return fmt.Sprintf("%.2f%%", c.s.MemoryPercentage)
 }

 func (c *statsContext) NetIO() string {
 	if c.s.IsInvalid {
 		return "--"
 	}
-	return units.HumanSizeWithPrecision(c.s.NetworkRx, 3) + " / " + units.HumanSizeWithPrecision(c.s.NetworkTx, 3)
+	return fmt.Sprintf("%s / %s", units.HumanSizeWithPrecision(c.s.NetworkRx, 3), units.HumanSizeWithPrecision(c.s.NetworkTx, 3))
 }

 func (c *statsContext) BlockIO() string {
 	if c.s.IsInvalid {
 		return "--"
 	}
-	return units.HumanSizeWithPrecision(c.s.BlockRead, 3) + " / " + units.HumanSizeWithPrecision(c.s.BlockWrite, 3)
+	return fmt.Sprintf("%s / %s", units.HumanSizeWithPrecision(c.s.BlockRead, 3), units.HumanSizeWithPrecision(c.s.BlockWrite, 3))
 }

 func (c *statsContext) PIDs() string {
 	if c.s.IsInvalid || c.os == winOSType {
 		return "--"
 	}
-	return strconv.FormatUint(c.s.PidsCurrent, 10)
-}
-
-func formatPercentage(val float64) string {
-	return strconv.FormatFloat(val, 'f', 2, 64) + "%"
+	return fmt.Sprintf("%d", c.s.PidsCurrent)
 }
--- a/cli/command/container/formatter_stats_test.go
+++ b/cli/command/container/formatter_stats_test.go
@ -308,38 +308,3 @@ func TestContainerStatsContextWriteTrunc(t *testing.T) {
 		out.Reset()
 	}
 }
-
-func BenchmarkStatsFormat(b *testing.B) {
-	b.ReportAllocs()
-	stats := genStats()
-
-	for i := 0; i < b.N; i++ {
-		for _, s := range stats {
-			_ = s.CPUPerc()
-			_ = s.MemUsage()
-			_ = s.MemPerc()
-			_ = s.NetIO()
-			_ = s.BlockIO()
-			_ = s.PIDs()
-		}
-	}
-}
-
-func genStats() []statsContext {
-	entry := statsContext{s: StatsEntry{
-		CPUPercentage:    12.3456789,
-		Memory:           123.456789,
-		MemoryLimit:      987.654321,
-		MemoryPercentage: 12.3456789,
-		BlockRead:        123.456789,
-		BlockWrite:       987.654321,
-		NetworkRx:        123.456789,
-		NetworkTx:        987.654321,
-		PidsCurrent:      123456789,
-	}}
-	stats := make([]statsContext, 100)
-	for i := 0; i < 100; i++ {
-		stats = append(stats, entry)
-	}
-	return stats
-}
--- a/cli/command/container/hijack.go
+++ b/cli/command/container/hijack.go
@ -185,6 +185,7 @@ func setRawTerminal(streams command.Streams) error {
 	return streams.Out().SetRawTerminal()
 }

+// nolint: unparam
 func restoreTerminal(streams command.Streams, in io.Closer) error {
 	streams.In().RestoreTerminal()
 	streams.Out().RestoreTerminal()
--- a/cli/command/container/inspect.go
+++ b/cli/command/container/inspect.go
@ -5,9 +5,7 @@ import (

 	"github.com/docker/cli/cli"
 	"github.com/docker/cli/cli/command"
-	"github.com/docker/cli/cli/command/completion"
 	"github.com/docker/cli/cli/command/inspect"
-	flagsHelper "github.com/docker/cli/cli/flags"
 	"github.com/spf13/cobra"
 )

@ -29,11 +27,10 @@ func newInspectCommand(dockerCli command.Cli) *cobra.Command {
 			opts.refs = args
 			return runInspect(dockerCli, opts)
 		},
-		ValidArgsFunction: completion.ContainerNames(dockerCli, true),
 	}

 	flags := cmd.Flags()
-	flags.StringVarP(&opts.format, "format", "f", "", flagsHelper.InspectFormatHelp)
+	flags.StringVarP(&opts.format, "format", "f", "", "Format the output using the given Go template")
 	flags.BoolVarP(&opts.size, "size", "s", false, "Display total file sizes")

 	return cmd
--- a/cli/command/container/kill.go
+++ b/cli/command/container/kill.go
@ -7,7 +7,6 @@ import (

 	"github.com/docker/cli/cli"
 	"github.com/docker/cli/cli/command"
-	"github.com/docker/cli/cli/command/completion"
 	"github.com/pkg/errors"
 	"github.com/spf13/cobra"
 )
@ -30,14 +29,10 @@ func NewKillCommand(dockerCli command.Cli) *cobra.Command {
 			opts.containers = args
 			return runKill(dockerCli, &opts)
 		},
-		Annotations: map[string]string{
-			"aliases": "docker container kill, docker kill",
-		},
-		ValidArgsFunction: completion.ContainerNames(dockerCli, false),
 	}

 	flags := cmd.Flags()
-	flags.StringVarP(&opts.signal, "signal", "s", "", "Signal to send to the container")
+	flags.StringVarP(&opts.signal, "signal", "s", "KILL", "Signal to send to the container")
 	return cmd
 }

--- a/cli/command/container/list.go
+++ b/cli/command/container/list.go
@ -2,13 +2,11 @@ package container

 import (
 	"context"
-	"io"
+	"io/ioutil"

 	"github.com/docker/cli/cli"
 	"github.com/docker/cli/cli/command"
-	"github.com/docker/cli/cli/command/completion"
 	"github.com/docker/cli/cli/command/formatter"
-	flagsHelper "github.com/docker/cli/cli/flags"
 	"github.com/docker/cli/opts"
 	"github.com/docker/cli/templates"
 	"github.com/docker/docker/api/types"
@ -17,15 +15,14 @@ import (
 )

 type psOptions struct {
-	quiet       bool
-	size        bool
-	sizeChanged bool
-	all         bool
-	noTrunc     bool
-	nLatest     bool
-	last        int
-	format      string
-	filter      opts.FilterOpt
+	quiet   bool
+	size    bool
+	all     bool
+	noTrunc bool
+	nLatest bool
+	last    int
+	format  string
+	filter  opts.FilterOpt
 }

 // NewPsCommand creates a new cobra.Command for `docker ps`
@ -37,14 +34,8 @@ func NewPsCommand(dockerCli command.Cli) *cobra.Command {
 		Short: "List containers",
 		Args:  cli.NoArgs,
 		RunE: func(cmd *cobra.Command, args []string) error {
-			options.sizeChanged = cmd.Flags().Changed("size")
 			return runPs(dockerCli, &options)
 		},
-		Annotations: map[string]string{
-			"category-top": "3",
-			"aliases":      "docker container ls, docker container list, docker container ps, docker ps",
-		},
-		ValidArgsFunction: completion.NoComplete,
 	}

 	flags := cmd.Flags()
@ -55,7 +46,7 @@ func NewPsCommand(dockerCli command.Cli) *cobra.Command {
 	flags.BoolVar(&options.noTrunc, "no-trunc", false, "Don't truncate output")
 	flags.BoolVarP(&options.nLatest, "latest", "l", false, "Show the latest created container (includes all states)")
 	flags.IntVarP(&options.last, "last", "n", -1, "Show n last created containers (includes all states)")
-	flags.StringVarP(&options.format, "format", "", "", flagsHelper.FormatHelp)
+	flags.StringVarP(&options.format, "format", "", "", "Pretty-print containers using a Go template")
 	flags.VarP(&options.filter, "filter", "f", "Filter output based on conditions provided")

 	return cmd
@ -80,9 +71,16 @@ func buildContainerListOptions(opts *psOptions) (*types.ContainerListOptions, er
 		options.Limit = 1
 	}

-	// always validate template when `--format` is used, for consistency
-	if len(opts.format) > 0 {
+	options.Size = opts.size
+	if !options.Size && len(opts.format) > 0 {
+		// The --size option isn't set, but .Size may be used in the template.
+		// Parse and execute the given template to detect if the .Size field is
+		// used. If it is, then automatically enable the --size option. See #24696
+		//
+		// Only requesting container size information when needed is an optimization,
+		// because calculating the size is a costly operation.
 		tmpl, err := templates.NewParse("", opts.format)
+
 		if err != nil {
 			return nil, errors.Wrap(err, "failed to parse template")
 		}
@ -91,23 +89,12 @@ func buildContainerListOptions(opts *psOptions) (*types.ContainerListOptions, er

 		// This shouldn't error out but swallowing the error makes it harder
 		// to track down if preProcessor issues come up.
-		if err := tmpl.Execute(io.Discard, optionsProcessor); err != nil {
+		if err := tmpl.Execute(ioutil.Discard, optionsProcessor); err != nil {
 			return nil, errors.Wrap(err, "failed to execute template")
 		}

-		// if `size` was not explicitly set to false (with `--size=false`)
-		// and `--quiet` is not set, request size if the template requires it
-		if !opts.quiet && !options.Size && !opts.sizeChanged {
-			// The --size option isn't set, but .Size may be used in the template.
-			// Parse and execute the given template to detect if the .Size field is
-			// used. If it is, then automatically enable the --size option. See #24696
-			//
-			// Only requesting container size information when needed is an optimization,
-			// because calculating the size is a costly operation.
-
-			if _, ok := optionsProcessor.FieldsUsed["Size"]; ok {
-				options.Size = true
-			}
+		if _, ok := optionsProcessor.FieldsUsed["Size"]; ok {
+			options.Size = true
 		}
 	}

@ -117,11 +104,6 @@ func buildContainerListOptions(opts *psOptions) (*types.ContainerListOptions, er
 func runPs(dockerCli command.Cli, options *psOptions) error {
 	ctx := context.Background()

-	if len(options.format) == 0 {
-		// load custom psFormat from CLI config (if any)
-		options.format = dockerCli.ConfigFile().PsFormat
-	}
-
 	listOptions, err := buildContainerListOptions(options)
 	if err != nil {
 		return err
@ -132,9 +114,18 @@ func runPs(dockerCli command.Cli, options *psOptions) error {
 		return err
 	}

+	format := options.format
+	if len(format) == 0 {
+		if len(dockerCli.ConfigFile().PsFormat) > 0 && !options.quiet {
+			format = dockerCli.ConfigFile().PsFormat
+		} else {
+			format = formatter.TableFormatKey
+		}
+	}
+
 	containerCtx := formatter.Context{
 		Output: dockerCli.Out(),
-		Format: formatter.NewContainerFormat(options.format, options.quiet, listOptions.Size),
+		Format: formatter.NewContainerFormat(format, options.quiet, listOptions.Size),
 		Trunc:  !options.noTrunc,
 	}
 	return formatter.ContainerWrite(containerCtx, containers)
--- a/cli/command/container/list_test.go
+++ b/cli/command/container/list_test.go
@ -2,7 +2,7 @@ package container

 import (
 	"fmt"
-	"io"
+	"io/ioutil"
 	"testing"

 	"github.com/docker/cli/cli/config/configfile"
@ -161,7 +161,7 @@ func TestContainerListErrors(t *testing.T) {
 		for key, value := range tc.flags {
 			cmd.Flags().Set(key, value)
 		}
-		cmd.SetOut(io.Discard)
+		cmd.SetOut(ioutil.Discard)
 		assert.ErrorContains(t, cmd.Execute(), tc.expectedError)
 	}
 }
@ -231,69 +231,28 @@ func TestContainerListFormatTemplateWithArg(t *testing.T) {
 }

 func TestContainerListFormatSizeSetsOption(t *testing.T) {
-	tests := []struct {
-		doc, format, sizeFlag string
-		sizeExpected          bool
-	}{
-		{
-			doc:          "detect with all fields",
-			format:       `{{json .}}`,
-			sizeExpected: true,
+	cli := test.NewFakeCli(&fakeClient{
+		containerListFunc: func(options types.ContainerListOptions) ([]types.Container, error) {
+			assert.Check(t, options.Size)
+			return []types.Container{}, nil
 		},
-		{
-			doc:          "detect with explicit field",
-			format:       `{{.Size}}`,
-			sizeExpected: true,
-		},
-		{
-			doc:          "detect no size",
-			format:       `{{.Names}}`,
-			sizeExpected: false,
-		},
-		{
-			doc:          "override enable",
-			format:       `{{.Names}}`,
-			sizeFlag:     "true",
-			sizeExpected: true,
-		},
-		{
-			doc:          "override disable",
-			format:       `{{.Size}}`,
-			sizeFlag:     "false",
-			sizeExpected: false,
-		},
-	}
-
-	for _, tc := range tests {
-		tc := tc
-		t.Run(tc.doc, func(t *testing.T) {
-			cli := test.NewFakeCli(&fakeClient{
-				containerListFunc: func(options types.ContainerListOptions) ([]types.Container, error) {
-					assert.Check(t, is.Equal(options.Size, tc.sizeExpected))
-					return []types.Container{}, nil
-				},
-			})
-			cmd := newListCommand(cli)
-			cmd.Flags().Set("format", tc.format)
-			if tc.sizeFlag != "" {
-				cmd.Flags().Set("size", tc.sizeFlag)
-			}
-			assert.NilError(t, cmd.Execute())
-		})
-	}
+	})
+	cmd := newListCommand(cli)
+	cmd.Flags().Set("format", `{{.Size}}`)
+	assert.NilError(t, cmd.Execute())
 }

 func TestContainerListWithConfigFormat(t *testing.T) {
 	cli := test.NewFakeCli(&fakeClient{
 		containerListFunc: func(_ types.ContainerListOptions) ([]types.Container, error) {
 			return []types.Container{
-				*Container("c1", WithLabel("some.label", "value"), WithSize(10700000)),
-				*Container("c2", WithName("foo/bar"), WithLabel("foo", "bar"), WithSize(3200000)),
+				*Container("c1", WithLabel("some.label", "value")),
+				*Container("c2", WithName("foo/bar"), WithLabel("foo", "bar")),
 			}, nil
 		},
 	})
 	cli.SetConfigFile(&configfile.ConfigFile{
-		PsFormat: "{{ .Names }} {{ .Image }} {{ .Labels }} {{ .Size}}",
+		PsFormat: "{{ .Names }} {{ .Image }} {{ .Labels }}",
 	})
 	cmd := newListCommand(cli)
 	assert.NilError(t, cmd.Execute())
--- a/cli/command/container/logs.go
+++ b/cli/command/container/logs.go
@ -6,7 +6,6 @@ import (

 	"github.com/docker/cli/cli"
 	"github.com/docker/cli/cli/command"
-	"github.com/docker/cli/cli/command/completion"
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/pkg/stdcopy"
 	"github.com/spf13/cobra"
@ -35,16 +34,12 @@ func NewLogsCommand(dockerCli command.Cli) *cobra.Command {
 			opts.container = args[0]
 			return runLogs(dockerCli, &opts)
 		},
-		Annotations: map[string]string{
-			"aliases": "docker container logs, docker logs",
-		},
-		ValidArgsFunction: completion.ContainerNames(dockerCli, true),
 	}

 	flags := cmd.Flags()
 	flags.BoolVarP(&opts.follow, "follow", "f", false, "Follow log output")
-	flags.StringVar(&opts.since, "since", "", `Show logs since timestamp (e.g. "2013-01-02T13:23:37Z") or relative (e.g. "42m" for 42 minutes)`)
-	flags.StringVar(&opts.until, "until", "", `Show logs before a timestamp (e.g. "2013-01-02T13:23:37Z") or relative (e.g. "42m" for 42 minutes)`)
+	flags.StringVar(&opts.since, "since", "", "Show logs since timestamp (e.g. 2013-01-02T13:23:37Z) or relative (e.g. 42m for 42 minutes)")
+	flags.StringVar(&opts.until, "until", "", "Show logs before a timestamp (e.g. 2013-01-02T13:23:37Z) or relative (e.g. 42m for 42 minutes)")
 	flags.SetAnnotation("until", "version", []string{"1.35"})
 	flags.BoolVarP(&opts.timestamps, "timestamps", "t", false, "Show timestamps")
 	flags.BoolVar(&opts.details, "details", false, "Show extra details provided to logs")
--- a/cli/command/container/logs_test.go
+++ b/cli/command/container/logs_test.go
@ -2,6 +2,7 @@ package container

 import (
 	"io"
+	"io/ioutil"
 	"strings"
 	"testing"

@ -14,7 +15,7 @@ import (

 var logFn = func(expectedOut string) func(string, types.ContainerLogsOptions) (io.ReadCloser, error) {
 	return func(container string, opts types.ContainerLogsOptions) (io.ReadCloser, error) {
-		return io.NopCloser(strings.NewReader(expectedOut)), nil
+		return ioutil.NopCloser(strings.NewReader(expectedOut)), nil
 	}
 }

@ -26,7 +27,7 @@ func TestRunLogs(t *testing.T) {
 		}, nil
 	}

-	testcases := []struct {
+	var testcases = []struct {
 		doc           string
 		options       *logsOptions
 		client        fakeClient
--- a/cli/command/container/opts.go
+++ b/cli/command/container/opts.go
@ -4,9 +4,8 @@ import (
 	"bytes"
 	"encoding/json"
 	"fmt"
-	"os"
+	"io/ioutil"
 	"path"
-	"path/filepath"
 	"reflect"
 	"regexp"
 	"strconv"
@ -16,18 +15,20 @@ import (
 	"github.com/docker/cli/cli/compose/loader"
 	"github.com/docker/cli/opts"
 	"github.com/docker/docker/api/types/container"
-	mounttypes "github.com/docker/docker/api/types/mount"
 	networktypes "github.com/docker/docker/api/types/network"
 	"github.com/docker/docker/api/types/strslice"
 	"github.com/docker/docker/api/types/versions"
 	"github.com/docker/docker/errdefs"
+	"github.com/docker/docker/pkg/signal"
 	"github.com/docker/go-connections/nat"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 	"github.com/spf13/pflag"
 )

-var deviceCgroupRuleRegexp = regexp.MustCompile(`^[acb] ([0-9]+|\*):([0-9]+|\*) [rwm]{1,3}$`)
+var (
+	deviceCgroupRuleRegexp = regexp.MustCompile(`^[acb] ([0-9]+|\*):([0-9]+|\*) [rwm]{1,3}$`)
+)

 // containerOptions is a data object with all the options for creating a container
 type containerOptions struct {
@ -182,7 +183,7 @@ func addFlags(flags *pflag.FlagSet) *containerOptions {
 	flags.Var(&copts.labelsFile, "label-file", "Read in a line delimited file of labels")
 	flags.BoolVar(&copts.readonlyRootfs, "read-only", false, "Mount the container's root filesystem as read only")
 	flags.StringVar(&copts.restartPolicy, "restart", "no", "Restart policy to apply when a container exits")
-	flags.StringVar(&copts.stopSignal, "stop-signal", "", "Signal to stop the container")
+	flags.StringVar(&copts.stopSignal, "stop-signal", signal.DefaultStopSignal, "Signal to stop a container")
 	flags.IntVar(&copts.stopTimeout, "stop-timeout", 0, "Timeout (in seconds) to stop a container")
 	flags.SetAnnotation("stop-timeout", "version", []string{"1.25"})
 	flags.Var(copts.sysctls, "sysctl", "Sysctl options")
@ -309,8 +310,7 @@ type containerConfig struct {
 // parse parses the args for the specified command and generates a Config,
 // a HostConfig and returns them with the specified command.
 // If the specified args are not valid, it will return an error.
-//
-//nolint:gocyclo
+// nolint: gocyclo
 func parse(flags *pflag.FlagSet, copts *containerOptions, serverOS string) (*containerConfig, error) {
 	var (
 		attachStdin  = copts.attach.Get("stdin")
@ -349,24 +349,10 @@ func parse(flags *pflag.FlagSet, copts *containerOptions, serverOS string) (*con
 	// add any bind targets to the list of container volumes
 	for bind := range copts.volumes.GetMap() {
 		parsed, _ := loader.ParseVolume(bind)
-
 		if parsed.Source != "" {
-			toBind := bind
-
-			if parsed.Type == string(mounttypes.TypeBind) {
-				if hostPart, targetPath, ok := strings.Cut(bind, ":"); ok {
-					if strings.HasPrefix(hostPart, "."+string(filepath.Separator)) || hostPart == "." {
-						if absHostPart, err := filepath.Abs(hostPart); err == nil {
-							hostPart = absHostPart
-						}
-					}
-					toBind = hostPart + ":" + targetPath
-				}
-			}
-
 			// after creating the bind mount we want to delete it from the copts.volumes values because
 			// we do not want bind mounts being committed to image configs
-			binds = append(binds, toBind)
+			binds = append(binds, bind)
 			// We should delete from the map (`volumes`) here, as deleting from copts.volumes will not work if
 			// there are duplicates entries.
 			delete(volumes, bind)
@ -376,8 +362,11 @@ func parse(flags *pflag.FlagSet, copts *containerOptions, serverOS string) (*con
 	// Can't evaluate options passed into --tmpfs until we actually mount
 	tmpfs := make(map[string]string)
 	for _, t := range copts.tmpfs.GetAll() {
-		k, v, _ := strings.Cut(t, ":")
-		tmpfs[k] = v
+		if arr := strings.SplitN(t, ":", 2); len(arr) > 1 {
+			tmpfs[arr[0]] = arr[1]
+		} else {
+			tmpfs[arr[0]] = ""
+		}
 	}

 	var (
@ -386,7 +375,7 @@ func parse(flags *pflag.FlagSet, copts *containerOptions, serverOS string) (*con
 	)

 	if len(copts.Args) > 0 {
-		runCmd = copts.Args
+		runCmd = strslice.StrSlice(copts.Args)
 	}

 	if copts.entrypoint != "" {
@ -525,11 +514,13 @@ func parse(flags *pflag.FlagSet, copts *containerOptions, serverOS string) (*con
 		if haveHealthSettings {
 			return nil, errors.Errorf("--no-healthcheck conflicts with --health-* options")
 		}
-		healthConfig = &container.HealthConfig{Test: strslice.StrSlice{"NONE"}}
+		test := strslice.StrSlice{"NONE"}
+		healthConfig = &container.HealthConfig{Test: test}
 	} else if haveHealthSettings {
 		var probe strslice.StrSlice
 		if copts.healthCmd != "" {
-			probe = []string{"CMD-SHELL", copts.healthCmd}
+			args := []string{"CMD-SHELL", copts.healthCmd}
+			probe = strslice.StrSlice(args)
 		}
 		if copts.healthInterval < 0 {
 			return nil, errors.Errorf("--health-interval cannot be negative")
@ -592,20 +583,26 @@ func parse(flags *pflag.FlagSet, copts *containerOptions, serverOS string) (*con
 		ExposedPorts: ports,
 		User:         copts.user,
 		Tty:          copts.tty,
-		OpenStdin:    copts.stdin,
-		AttachStdin:  attachStdin,
-		AttachStdout: attachStdout,
-		AttachStderr: attachStderr,
-		Env:          envVariables,
-		Cmd:          runCmd,
-		Image:        copts.Image,
-		Volumes:      volumes,
-		MacAddress:   copts.macAddress,
-		Entrypoint:   entrypoint,
-		WorkingDir:   copts.workingDir,
-		Labels:       opts.ConvertKVStringsToMap(labels),
-		StopSignal:   copts.stopSignal,
-		Healthcheck:  healthConfig,
+		// TODO: deprecated, it comes from -n, --networking
+		// it's still needed internally to set the network to disabled
+		// if e.g. bridge is none in daemon opts, and in inspect
+		NetworkDisabled: false,
+		OpenStdin:       copts.stdin,
+		AttachStdin:     attachStdin,
+		AttachStdout:    attachStdout,
+		AttachStderr:    attachStderr,
+		Env:             envVariables,
+		Cmd:             runCmd,
+		Image:           copts.Image,
+		Volumes:         volumes,
+		MacAddress:      copts.macAddress,
+		Entrypoint:      entrypoint,
+		WorkingDir:      copts.workingDir,
+		Labels:          opts.ConvertKVStringsToMap(labels),
+		Healthcheck:     healthConfig,
+	}
+	if flags.Changed("stop-signal") {
+		config.StopSignal = copts.stopSignal
 	}
 	if flags.Changed("stop-timeout") {
 		config.StopTimeout = &copts.stopTimeout
@ -816,11 +813,12 @@ func convertToStandardNotation(ports []string) ([]string, error) {
 		if strings.Contains(publish, "=") {
 			params := map[string]string{"protocol": "tcp"}
 			for _, param := range strings.Split(publish, ",") {
-				k, v, ok := strings.Cut(param, "=")
-				if !ok || k == "" {
+				opt := strings.Split(param, "=")
+				if len(opt) < 2 {
 					return optsList, errors.Errorf("invalid publish opts format (should be name=value but got '%s')", param)
 				}
-				params[k] = v
+
+				params[opt[0]] = opt[1]
 			}
 			optsList = append(optsList, fmt.Sprintf("%s:%s/%s", params["published"], params["target"], params["protocol"]))
 		} else {
@ -841,22 +839,22 @@ func parseLoggingOpts(loggingDriver string, loggingOpts []string) (map[string]st
 // takes a local seccomp daemon, reads the file contents for sending to the daemon
 func parseSecurityOpts(securityOpts []string) ([]string, error) {
 	for key, opt := range securityOpts {
-		k, v, ok := strings.Cut(opt, "=")
-		if !ok && k != "no-new-privileges" {
-			k, v, ok = strings.Cut(opt, ":")
+		con := strings.SplitN(opt, "=", 2)
+		if len(con) == 1 && con[0] != "no-new-privileges" {
+			if strings.Contains(opt, ":") {
+				con = strings.SplitN(opt, ":", 2)
+			} else {
+				return securityOpts, errors.Errorf("Invalid --security-opt: %q", opt)
+			}
 		}
-		if (!ok || v == "") && k != "no-new-privileges" {
-			// "no-new-privileges" is the only option that does not require a value.
-			return securityOpts, errors.Errorf("Invalid --security-opt: %q", opt)
-		}
-		if k == "seccomp" && v != "unconfined" {
-			f, err := os.ReadFile(v)
+		if con[0] == "seccomp" && con[1] != "unconfined" {
+			f, err := ioutil.ReadFile(con[1])
 			if err != nil {
-				return securityOpts, errors.Errorf("opening seccomp profile (%s) failed: %v", v, err)
+				return securityOpts, errors.Errorf("opening seccomp profile (%s) failed: %v", con[1], err)
 			}
 			b := bytes.NewBuffer(nil)
 			if err := json.Compact(b, f); err != nil {
-				return securityOpts, errors.Errorf("compacting json for seccomp profile (%s) failed: %v", v, err)
+				return securityOpts, errors.Errorf("compacting json for seccomp profile (%s) failed: %v", con[1], err)
 			}
 			securityOpts[key] = fmt.Sprintf("seccomp=%s", b.Bytes())
 		}
@ -888,11 +886,12 @@ func parseSystemPaths(securityOpts []string) (filtered, maskedPaths, readonlyPat
 func parseStorageOpts(storageOpts []string) (map[string]string, error) {
 	m := make(map[string]string)
 	for _, option := range storageOpts {
-		k, v, ok := strings.Cut(option, "=")
-		if !ok {
+		if strings.Contains(option, "=") {
+			opt := strings.SplitN(option, "=", 2)
+			m[opt[0]] = opt[1]
+		} else {
 			return nil, errors.Errorf("invalid storage option")
 		}
-		m[k] = v
 	}
 	return m, nil
 }
@ -911,10 +910,10 @@ func parseDevice(device, serverOS string) (container.DeviceMapping, error) {
 // parseLinuxDevice parses a device mapping string to a container.DeviceMapping struct
 // knowing that the target is a Linux daemon
 func parseLinuxDevice(device string) (container.DeviceMapping, error) {
-	var src, dst string
+	src := ""
+	dst := ""
 	permissions := "rwm"
-	// We expect 3 parts at maximum; limit to 4 parts to detect invalid options.
-	arr := strings.SplitN(device, ":", 4)
+	arr := strings.Split(device, ":")
 	switch len(arr) {
 	case 3:
 		permissions = arr[2]
@ -952,8 +951,7 @@ func parseWindowsDevice(device string) (container.DeviceMapping, error) {

 // validateDeviceCgroupRule validates a device cgroup rule string format
 // It will make sure 'val' is in the form:
-//
-//	'type major:minor mode'
+//    'type major:minor mode'
 func validateDeviceCgroupRule(val string) (string, error) {
 	if deviceCgroupRuleRegexp.MatchString(val) {
 		return val, nil
@ -965,7 +963,7 @@ func validateDeviceCgroupRule(val string) (string, error) {
 // validDeviceMode checks if the mode for device is valid or not.
 // Valid mode is a composition of r (read), w (write), and m (mknod).
 func validDeviceMode(mode string) bool {
-	legalDeviceMode := map[rune]bool{
+	var legalDeviceMode = map[rune]bool{
 		'r': true,
 		'w': true,
 		'm': true,
@ -997,9 +995,7 @@ func validateDevice(val string, serverOS string) (string, error) {
 // validateLinuxPath is the implementation of validateDevice knowing that the
 // target server operating system is a Linux daemon.
 // It will make sure 'val' is in the form:
-//
-//	[host-dir:]container-path[:mode]
-//
+//    [host-dir:]container-path[:mode]
 // It also validates the device mode.
 func validateLinuxPath(val string, validator func(string) bool) (string, error) {
 	var containerPath string
--- a/cli/command/container/opts_test.go
+++ b/cli/command/container/opts_test.go
@ -2,7 +2,7 @@ package container

 import (
 	"fmt"
-	"io"
+	"io/ioutil"
 	"os"
 	"runtime"
 	"strings"
@ -58,7 +58,7 @@ func parseRun(args []string) (*container.Config, *container.HostConfig, *network

 func setupRunFlags() (*pflag.FlagSet, *containerOptions) {
 	flags := pflag.NewFlagSet("run", pflag.ContinueOnError)
-	flags.SetOutput(io.Discard)
+	flags.SetOutput(ioutil.Discard)
 	flags.Usage = nil
 	copts := addFlags(flags)
 	return flags, copts
@ -182,8 +182,9 @@ func TestParseRunWithInvalidArgs(t *testing.T) {
 	}
 }

-//nolint:gocyclo
+// nolint: gocyclo
 func TestParseWithVolumes(t *testing.T) {
+
 	// A single volume
 	arr, tryit := setupPlatformVolume([]string{`/tmp`}, []string{`c:\tmp`})
 	if config, hostConfig := mustParse(t, tryit); hostConfig.Binds != nil {
@ -251,6 +252,7 @@ func TestParseWithVolumes(t *testing.T) {
 			t.Fatalf("Error parsing %s. Should have a single bind mount and no volumes", arr[0])
 		}
 	}
+
 }

 // setupPlatformVolume takes two arrays of volume specs - a Unix style
@ -451,6 +453,7 @@ func TestParseDevice(t *testing.T) {
 			t.Fatalf("Expected %v, got %v", deviceMapping, hostconfig.Devices)
 		}
 	}
+
 }

 func TestParseNetworkConfig(t *testing.T) {
@ -635,7 +638,7 @@ func TestRunFlagsParseShmSize(t *testing.T) {
 	// shm-size ko
 	flags, _ := setupRunFlags()
 	args := []string{"--shm-size=a128m", "img", "cmd"}
-	expectedErr := `invalid argument "a128m" for "--shm-size" flag:`
+	expectedErr := `invalid argument "a128m" for "--shm-size" flag: invalid size: 'a128m'`
 	err := flags.Parse(args)
 	assert.ErrorContains(t, err, expectedErr)

@ -649,8 +652,8 @@ func TestRunFlagsParseShmSize(t *testing.T) {

 func TestParseRestartPolicy(t *testing.T) {
 	invalids := map[string]string{
-		"always:2:3":         "invalid restart policy format: maximum retry count must be an integer",
-		"on-failure:invalid": "invalid restart policy format: maximum retry count must be an integer",
+		"always:2:3":         "invalid restart policy format",
+		"on-failure:invalid": "maximum retry count must be an integer",
 	}
 	valids := map[string]container.RestartPolicy{
 		"": {},
@ -953,6 +956,7 @@ func TestConvertToStandardNotation(t *testing.T) {

 	for key, ports := range valid {
 		convertedPorts, err := convertToStandardNotation(ports)
+
 		if err != nil {
 			assert.NilError(t, err)
 		}
--- a/cli/command/container/pause.go
+++ b/cli/command/container/pause.go
@ -7,8 +7,6 @@ import (

 	"github.com/docker/cli/cli"
 	"github.com/docker/cli/cli/command"
-	"github.com/docker/cli/cli/command/completion"
-	"github.com/docker/docker/api/types"
 	"github.com/pkg/errors"
 	"github.com/spf13/cobra"
 )
@ -29,12 +27,6 @@ func NewPauseCommand(dockerCli command.Cli) *cobra.Command {
 			opts.containers = args
 			return runPause(dockerCli, &opts)
 		},
-		Annotations: map[string]string{
-			"aliases": "docker container pause, docker pause",
-		},
-		ValidArgsFunction: completion.ContainerNames(dockerCli, false, func(container types.Container) bool {
-			return container.State != "paused"
-		}),
 	}
 }

--- a/cli/command/container/port.go
+++ b/cli/command/container/port.go
@ -3,16 +3,11 @@ package container
 import (
 	"context"
 	"fmt"
-	"net"
-	"sort"
-	"strconv"
 	"strings"

 	"github.com/docker/cli/cli"
 	"github.com/docker/cli/cli/command"
-	"github.com/docker/cli/cli/command/completion"
 	"github.com/docker/go-connections/nat"
-	"github.com/fvbommel/sortorder"
 	"github.com/pkg/errors"
 	"github.com/spf13/cobra"
 )
@ -38,20 +33,10 @@ func NewPortCommand(dockerCli command.Cli) *cobra.Command {
 			}
 			return runPort(dockerCli, &opts)
 		},
-		Annotations: map[string]string{
-			"aliases": "docker container port, docker port",
-		},
-		ValidArgsFunction: completion.ContainerNames(dockerCli, false),
 	}
 	return cmd
 }

-// runPort shows the port mapping for a given container. Optionally, it
-// allows showing the mapping for a specific (container)port and proto.
-//
-// TODO(thaJeztah): currently this defaults to show the TCP port if no
-// proto is specified. We should consider changing this to "any" protocol
-// for the given private port.
 func runPort(dockerCli command.Cli, opts *portOptions) error {
 	ctx := context.Background()

@ -60,35 +45,33 @@ func runPort(dockerCli command.Cli, opts *portOptions) error {
 		return err
 	}

-	var out []string
 	if opts.port != "" {
-		port, proto, _ := strings.Cut(opts.port, "/")
-		if proto == "" {
-			proto = "tcp"
+		port := opts.port
+		proto := "tcp"
+		parts := strings.SplitN(port, "/", 2)
+
+		if len(parts) == 2 && len(parts[1]) != 0 {
+			port = parts[0]
+			proto = parts[1]
 		}
-		if _, err = strconv.ParseUint(port, 10, 16); err != nil {
-			return errors.Wrapf(err, "Error: invalid port (%s)", port)
+		natPort := port + "/" + proto
+		newP, err := nat.NewPort(proto, port)
+		if err != nil {
+			return err
 		}
-		frontends, exists := c.NetworkSettings.Ports[nat.Port(port+"/"+proto)]
-		if !exists || frontends == nil {
-			return errors.Errorf("Error: No public port '%s' published for %s", opts.port, opts.container)
-		}
-		for _, frontend := range frontends {
-			out = append(out, net.JoinHostPort(frontend.HostIP, frontend.HostPort))
-		}
-	} else {
-		for from, frontends := range c.NetworkSettings.Ports {
+		if frontends, exists := c.NetworkSettings.Ports[newP]; exists && frontends != nil {
 			for _, frontend := range frontends {
-				out = append(out, fmt.Sprintf("%s -> %s", from, net.JoinHostPort(frontend.HostIP, frontend.HostPort)))
+				fmt.Fprintf(dockerCli.Out(), "%s:%s\n", frontend.HostIP, frontend.HostPort)
 			}
+			return nil
 		}
+		return errors.Errorf("Error: No public port '%s' published for %s", natPort, opts.container)
 	}

-	if len(out) > 0 {
-		sort.Slice(out, func(i, j int) bool {
-			return sortorder.NaturalLess(out[i], out[j])
-		})
-		_, _ = fmt.Fprintln(dockerCli.Out(), strings.Join(out, "\n"))
+	for from, frontends := range c.NetworkSettings.Ports {
+		for _, frontend := range frontends {
+			fmt.Fprintf(dockerCli.Out(), "%s -> %s:%s\n", from, frontend.HostIP, frontend.HostPort)
+		}
 	}

 	return nil
--- a/cli/command/container/port_test.go
+++ b/cli/command/container/port_test.go
@ -1,78 +0,0 @@
-package container
-
-import (
-	"io"
-	"testing"
-
-	"github.com/docker/cli/internal/test"
-	"github.com/docker/docker/api/types"
-	"github.com/docker/go-connections/nat"
-	"gotest.tools/v3/assert"
-	"gotest.tools/v3/golden"
-)
-
-func TestNewPortCommandOutput(t *testing.T) {
-	testCases := []struct {
-		name string
-		ips  []string
-		port string
-	}{
-		{
-			name: "container-port-ipv4",
-			ips:  []string{"0.0.0.0"},
-			port: "80",
-		},
-		{
-			name: "container-port-ipv6",
-			ips:  []string{"::"},
-			port: "80",
-		},
-		{
-			name: "container-port-ipv6-and-ipv4",
-			ips:  []string{"::", "0.0.0.0"},
-			port: "80",
-		},
-		{
-			name: "container-port-ipv6-and-ipv4-443-udp",
-			ips:  []string{"::", "0.0.0.0"},
-			port: "443/udp",
-		},
-		{
-			name: "container-port-all-ports",
-			ips:  []string{"::", "0.0.0.0"},
-		},
-	}
-	for _, tc := range testCases {
-		tc := tc
-		t.Run(tc.name, func(t *testing.T) {
-			cli := test.NewFakeCli(&fakeClient{
-				inspectFunc: func(string) (types.ContainerJSON, error) {
-					ci := types.ContainerJSON{NetworkSettings: &types.NetworkSettings{}}
-					ci.NetworkSettings.Ports = nat.PortMap{
-						"80/tcp":  make([]nat.PortBinding, len(tc.ips)),
-						"443/tcp": make([]nat.PortBinding, len(tc.ips)),
-						"443/udp": make([]nat.PortBinding, len(tc.ips)),
-					}
-					for i, ip := range tc.ips {
-						ci.NetworkSettings.Ports["80/tcp"][i] = nat.PortBinding{
-							HostIP: ip, HostPort: "3456",
-						}
-						ci.NetworkSettings.Ports["443/tcp"][i] = nat.PortBinding{
-							HostIP: ip, HostPort: "4567",
-						}
-						ci.NetworkSettings.Ports["443/udp"][i] = nat.PortBinding{
-							HostIP: ip, HostPort: "5678",
-						}
-					}
-					return ci, nil
-				},
-			}, test.EnableContentTrust)
-			cmd := NewPortCommand(cli)
-			cmd.SetErr(io.Discard)
-			cmd.SetArgs([]string{"some_container", tc.port})
-			err := cmd.Execute()
-			assert.NilError(t, err)
-			golden.Assert(t, cli.OutBuffer().String(), tc.name+".golden")
-		})
-	}
-}
--- a/cli/command/container/prune.go
+++ b/cli/command/container/prune.go
@ -6,7 +6,6 @@ import (

 	"github.com/docker/cli/cli"
 	"github.com/docker/cli/cli/command"
-	"github.com/docker/cli/cli/command/completion"
 	"github.com/docker/cli/opts"
 	units "github.com/docker/go-units"
 	"github.com/spf13/cobra"
@ -36,13 +35,12 @@ func NewPruneCommand(dockerCli command.Cli) *cobra.Command {
 			fmt.Fprintln(dockerCli.Out(), "Total reclaimed space:", units.HumanSize(float64(spaceReclaimed)))
 			return nil
 		},
-		Annotations:       map[string]string{"version": "1.25"},
-		ValidArgsFunction: completion.NoComplete,
+		Annotations: map[string]string{"version": "1.25"},
 	}

 	flags := cmd.Flags()
 	flags.BoolVarP(&options.force, "force", "f", false, "Do not prompt for confirmation")
-	flags.Var(&options.filter, "filter", `Provide filter values (e.g. "until=<timestamp>")`)
+	flags.Var(&options.filter, "filter", "Provide filter values (e.g. 'until=<timestamp>')")

 	return cmd
 }
--- a/cli/command/container/rename.go
+++ b/cli/command/container/rename.go
@ -7,7 +7,6 @@ import (

 	"github.com/docker/cli/cli"
 	"github.com/docker/cli/cli/command"
-	"github.com/docker/cli/cli/command/completion"
 	"github.com/pkg/errors"
 	"github.com/spf13/cobra"
 )
@ -30,10 +29,6 @@ func NewRenameCommand(dockerCli command.Cli) *cobra.Command {
 			opts.newName = args[1]
 			return runRename(dockerCli, &opts)
 		},
-		Annotations: map[string]string{
-			"aliases": "docker container rename, docker rename",
-		},
-		ValidArgsFunction: completion.ContainerNames(dockerCli, true),
 	}
 	return cmd
 }
--- a/cli/command/container/restart.go
+++ b/cli/command/container/restart.go
@ -4,19 +4,17 @@ import (
 	"context"
 	"fmt"
 	"strings"
+	"time"

 	"github.com/docker/cli/cli"
 	"github.com/docker/cli/cli/command"
-	"github.com/docker/cli/cli/command/completion"
-	"github.com/docker/docker/api/types/container"
 	"github.com/pkg/errors"
 	"github.com/spf13/cobra"
 )

 type restartOptions struct {
-	signal         string
-	timeout        int
-	timeoutChanged bool
+	nSeconds        int
+	nSecondsChanged bool

 	containers []string
 }
@ -31,38 +29,31 @@ func NewRestartCommand(dockerCli command.Cli) *cobra.Command {
 		Args:  cli.RequiresMinArgs(1),
 		RunE: func(cmd *cobra.Command, args []string) error {
 			opts.containers = args
-			opts.timeoutChanged = cmd.Flags().Changed("time")
+			opts.nSecondsChanged = cmd.Flags().Changed("time")
 			return runRestart(dockerCli, &opts)
 		},
-		Annotations: map[string]string{
-			"aliases": "docker container restart, docker restart",
-		},
-		ValidArgsFunction: completion.ContainerNames(dockerCli, true),
 	}

 	flags := cmd.Flags()
-	flags.StringVarP(&opts.signal, "signal", "s", "", "Signal to send to the container")
-	flags.IntVarP(&opts.timeout, "time", "t", 0, "Seconds to wait before killing the container")
+	flags.IntVarP(&opts.nSeconds, "time", "t", 10, "Seconds to wait for stop before killing the container")
 	return cmd
 }

 func runRestart(dockerCli command.Cli, opts *restartOptions) error {
 	ctx := context.Background()
 	var errs []string
-	var timeout *int
-	if opts.timeoutChanged {
-		timeout = &opts.timeout
+	var timeout *time.Duration
+	if opts.nSecondsChanged {
+		timeoutValue := time.Duration(opts.nSeconds) * time.Second
+		timeout = &timeoutValue
 	}
+
 	for _, name := range opts.containers {
-		err := dockerCli.Client().ContainerRestart(ctx, name, container.StopOptions{
-			Signal:  opts.signal,
-			Timeout: timeout,
-		})
-		if err != nil {
+		if err := dockerCli.Client().ContainerRestart(ctx, name, timeout); err != nil {
 			errs = append(errs, err.Error())
 			continue
 		}
-		_, _ = fmt.Fprintln(dockerCli.Out(), name)
+		fmt.Fprintln(dockerCli.Out(), name)
 	}
 	if len(errs) > 0 {
 		return errors.New(strings.Join(errs, "\n"))
--- a/cli/command/container/rm.go
+++ b/cli/command/container/rm.go
@ -7,7 +7,6 @@ import (

 	"github.com/docker/cli/cli"
 	"github.com/docker/cli/cli/command"
-	"github.com/docker/cli/cli/command/completion"
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/errdefs"
 	"github.com/pkg/errors"
@ -27,18 +26,13 @@ func NewRmCommand(dockerCli command.Cli) *cobra.Command {
 	var opts rmOptions

 	cmd := &cobra.Command{
-		Use:     "rm [OPTIONS] CONTAINER [CONTAINER...]",
-		Aliases: []string{"remove"},
-		Short:   "Remove one or more containers",
-		Args:    cli.RequiresMinArgs(1),
+		Use:   "rm [OPTIONS] CONTAINER [CONTAINER...]",
+		Short: "Remove one or more containers",
+		Args:  cli.RequiresMinArgs(1),
 		RunE: func(cmd *cobra.Command, args []string) error {
 			opts.containers = args
 			return runRm(dockerCli, &opts)
 		},
-		Annotations: map[string]string{
-			"aliases": "docker container rm, docker container remove, docker rm",
-		},
-		ValidArgsFunction: completion.ContainerNames(dockerCli, true),
 	}

 	flags := cmd.Flags()
--- a/cli/command/container/rm_test.go
+++ b/cli/command/container/rm_test.go
@ -3,9 +3,8 @@ package container
 import (
 	"context"
 	"fmt"
-	"io"
+	"io/ioutil"
 	"sort"
-	"sync"
 	"testing"

 	"github.com/docker/cli/internal/test"
@ -15,46 +14,37 @@ import (
 )

 func TestRemoveForce(t *testing.T) {
-	for _, tc := range []struct {
-		name        string
-		args        []string
-		expectedErr string
-	}{
-		{name: "without force", args: []string{"nosuchcontainer", "mycontainer"}, expectedErr: "no such container"},
-		{name: "with force", args: []string{"--force", "nosuchcontainer", "mycontainer"}, expectedErr: ""},
-	} {
-		tc := tc
-		t.Run(tc.name, func(t *testing.T) {
-			var removed []string
-			mutex := new(sync.Mutex)
+	var (
+		removed1 []string
+		removed2 []string
+	)

-			cli := test.NewFakeCli(&fakeClient{
-				containerRemoveFunc: func(ctx context.Context, container string, options types.ContainerRemoveOptions) error {
-					// containerRemoveFunc is called in parallel for each container
-					// by the remove command so append must be synchronized.
-					mutex.Lock()
-					removed = append(removed, container)
-					mutex.Unlock()
-
-					if container == "nosuchcontainer" {
-						return errdefs.NotFound(fmt.Errorf("Error: no such container: " + container))
-					}
-					return nil
-				},
-				Version: "1.36",
-			})
-			cmd := NewRmCommand(cli)
-			cmd.SetOut(io.Discard)
-			cmd.SetArgs(tc.args)
-
-			err := cmd.Execute()
-			if tc.expectedErr != "" {
-				assert.ErrorContains(t, err, tc.expectedErr)
-			} else {
-				assert.NilError(t, err)
+	cli := test.NewFakeCli(&fakeClient{
+		containerRemoveFunc: func(ctx context.Context, container string, options types.ContainerRemoveOptions) error {
+			removed1 = append(removed1, container)
+			removed2 = append(removed2, container)
+			if container == "nosuchcontainer" {
+				return errdefs.NotFound(fmt.Errorf("Error: no such container: " + container))
 			}
-			sort.Strings(removed)
-			assert.DeepEqual(t, removed, []string{"mycontainer", "nosuchcontainer"})
-		})
-	}
+			return nil
+		},
+		Version: "1.36",
+	})
+	cmd := NewRmCommand(cli)
+	cmd.SetOut(ioutil.Discard)
+
+	t.Run("without force", func(t *testing.T) {
+		cmd.SetArgs([]string{"nosuchcontainer", "mycontainer"})
+		removed1 = []string{}
+		assert.ErrorContains(t, cmd.Execute(), "no such container")
+		sort.Strings(removed1)
+		assert.DeepEqual(t, removed1, []string{"mycontainer", "nosuchcontainer"})
+	})
+	t.Run("with force", func(t *testing.T) {
+		cmd.SetArgs([]string{"--force", "nosuchcontainer", "mycontainer"})
+		removed2 = []string{}
+		assert.NilError(t, cmd.Execute())
+		sort.Strings(removed2)
+		assert.DeepEqual(t, removed2, []string{"mycontainer", "nosuchcontainer"})
+	})
 }
--- a/cli/command/container/run.go
+++ b/cli/command/container/run.go
@ -4,17 +4,16 @@ import (
 	"context"
 	"fmt"
 	"io"
-	"os"
+	"runtime"
 	"strings"
 	"syscall"

 	"github.com/docker/cli/cli"
 	"github.com/docker/cli/cli/command"
-	"github.com/docker/cli/cli/command/completion"
 	"github.com/docker/cli/opts"
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/container"
-	"github.com/moby/sys/signal"
+	"github.com/docker/docker/pkg/signal"
 	"github.com/moby/term"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
@ -31,24 +30,19 @@ type runOptions struct {

 // NewRunCommand create a new `docker run` command
 func NewRunCommand(dockerCli command.Cli) *cobra.Command {
-	var options runOptions
+	var opts runOptions
 	var copts *containerOptions

 	cmd := &cobra.Command{
 		Use:   "run [OPTIONS] IMAGE [COMMAND] [ARG...]",
-		Short: "Create and run a new container from an image",
+		Short: "Run a command in a new container",
 		Args:  cli.RequiresMinArgs(1),
 		RunE: func(cmd *cobra.Command, args []string) error {
 			copts.Image = args[0]
 			if len(args) > 1 {
 				copts.Args = args[1:]
 			}
-			return runRun(dockerCli, cmd.Flags(), &options, copts)
-		},
-		ValidArgsFunction: completion.ImageNames(dockerCli),
-		Annotations: map[string]string{
-			"category-top": "1",
-			"aliases":      "docker container run, docker run",
+			return runRun(dockerCli, cmd.Flags(), &opts, copts)
 		},
 	}

@ -56,45 +50,24 @@ func NewRunCommand(dockerCli command.Cli) *cobra.Command {
 	flags.SetInterspersed(false)

 	// These are flags not stored in Config/HostConfig
-	flags.BoolVarP(&options.detach, "detach", "d", false, "Run container in background and print container ID")
-	flags.BoolVar(&options.sigProxy, "sig-proxy", true, "Proxy received signals to the process")
-	flags.StringVar(&options.name, "name", "", "Assign a name to the container")
-	flags.StringVar(&options.detachKeys, "detach-keys", "", "Override the key sequence for detaching a container")
-	flags.StringVar(&options.pull, "pull", PullImageMissing, `Pull image before running ("`+PullImageAlways+`", "`+PullImageMissing+`", "`+PullImageNever+`")`)
-	flags.BoolVarP(&options.quiet, "quiet", "q", false, "Suppress the pull output")
+	flags.BoolVarP(&opts.detach, "detach", "d", false, "Run container in background and print container ID")
+	flags.BoolVar(&opts.sigProxy, "sig-proxy", true, "Proxy received signals to the process")
+	flags.StringVar(&opts.name, "name", "", "Assign a name to the container")
+	flags.StringVar(&opts.detachKeys, "detach-keys", "", "Override the key sequence for detaching a container")
+	flags.StringVar(&opts.createOptions.pull, "pull", PullImageMissing,
+		`Pull image before running ("`+PullImageAlways+`"|"`+PullImageMissing+`"|"`+PullImageNever+`")`)

 	// Add an explicit help that doesn't have a `-h` to prevent the conflict
 	// with hostname
 	flags.Bool("help", false, "Print usage")

-	command.AddPlatformFlag(flags, &options.platform)
-	command.AddTrustVerificationFlags(flags, &options.untrusted, dockerCli.ContentTrustEnabled())
+	command.AddPlatformFlag(flags, &opts.platform)
+	command.AddTrustVerificationFlags(flags, &opts.untrusted, dockerCli.ContentTrustEnabled())
 	copts = addFlags(flags)
-
-	cmd.RegisterFlagCompletionFunc(
-		"env",
-		func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
-			return os.Environ(), cobra.ShellCompDirectiveNoFileComp
-		},
-	)
-	cmd.RegisterFlagCompletionFunc(
-		"env-file",
-		func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
-			return nil, cobra.ShellCompDirectiveDefault
-		},
-	)
-	cmd.RegisterFlagCompletionFunc(
-		"network",
-		completion.NetworkNames(dockerCli),
-	)
 	return cmd
 }

 func runRun(dockerCli command.Cli, flags *pflag.FlagSet, ropts *runOptions, copts *containerOptions) error {
-	if err := validatePullOpt(ropts.pull); err != nil {
-		reportError(dockerCli.Err(), "run", err.Error(), true)
-		return cli.StatusError{StatusCode: 125}
-	}
 	proxyConfig := dockerCli.ConfigFile().ParseProxyConfig(dockerCli.Client().DaemonHost(), opts.ConvertKVStringsToMapWithNil(copts.env.GetAll()))
 	newEnv := []string{}
 	for k, v := range proxyConfig {
@ -111,16 +84,17 @@ func runRun(dockerCli command.Cli, flags *pflag.FlagSet, ropts *runOptions, copt
 		reportError(dockerCli.Err(), "run", err.Error(), true)
 		return cli.StatusError{StatusCode: 125}
 	}
-	if err = validateAPIVersion(containerConfig, dockerCli.CurrentVersion()); err != nil {
+	if err = validateAPIVersion(containerConfig, dockerCli.Client().ClientVersion()); err != nil {
 		reportError(dockerCli.Err(), "run", err.Error(), true)
 		return cli.StatusError{StatusCode: 125}
 	}
 	return runContainer(dockerCli, ropts, copts, containerConfig)
 }

-//nolint:gocyclo
+// nolint: gocyclo
 func runContainer(dockerCli command.Cli, opts *runOptions, copts *containerOptions, containerConfig *containerConfig) error {
 	config := containerConfig.Config
+	hostConfig := containerConfig.HostConfig
 	stdout, stderr := dockerCli.Out(), dockerCli.Err()
 	client := dockerCli.Client()

@ -141,6 +115,13 @@ func runContainer(dockerCli command.Cli, opts *runOptions, copts *containerOptio
 		config.StdinOnce = false
 	}

+	// Telling the Windows daemon the initial size of the tty during start makes
+	// a far better user experience rather than relying on subsequent resizes
+	// to cause things to catch up.
+	if runtime.GOOS == "windows" {
+		hostConfig.ConsoleSize[0], hostConfig.ConsoleSize[1] = dockerCli.Out().GetTtySize()
+	}
+
 	ctx, cancelFun := context.WithCancel(context.Background())
 	defer cancelFun()

@ -150,7 +131,7 @@ func runContainer(dockerCli command.Cli, opts *runOptions, copts *containerOptio
 		return runStartContainerErr(err)
 	}
 	if opts.sigProxy {
-		sigc := notifyAllSignals()
+		sigc := notfiyAllSignals()
 		go ForwardAllSignals(ctx, dockerCli, createResponse.ID, sigc)
 		defer signal.StopCatch(sigc)
 	}
@ -174,6 +155,7 @@ func runContainer(dockerCli command.Cli, opts *runOptions, copts *containerOptio
 		}

 		close, err := attachContainer(ctx, dockerCli, &errCh, config, createResponse.ID)
+
 		if err != nil {
 			return err
 		}
@ -232,7 +214,32 @@ func runContainer(dockerCli command.Cli, opts *runOptions, copts *containerOptio
 	return nil
 }

-func attachContainer(ctx context.Context, dockerCli command.Cli, errCh *chan error, config *container.Config, containerID string) (func(), error) {
+func attachContainer(
+	ctx context.Context,
+	dockerCli command.Cli,
+	errCh *chan error,
+	config *container.Config,
+	containerID string,
+) (func(), error) {
+	stdout, stderr := dockerCli.Out(), dockerCli.Err()
+	var (
+		out, cerr io.Writer
+		in        io.ReadCloser
+	)
+	if config.AttachStdin {
+		in = dockerCli.In()
+	}
+	if config.AttachStdout {
+		out = stdout
+	}
+	if config.AttachStderr {
+		if config.Tty {
+			cerr = stdout
+		} else {
+			cerr = stderr
+		}
+	}
+
 	options := types.ContainerAttachOptions{
 		Stream:     true,
 		Stdin:      config.AttachStdin,
@ -246,24 +253,6 @@ func attachContainer(ctx context.Context, dockerCli command.Cli, errCh *chan err
 		return nil, errAttach
 	}

-	var (
-		out, cerr io.Writer
-		in        io.ReadCloser
-	)
-	if config.AttachStdin {
-		in = dockerCli.In()
-	}
-	if config.AttachStdout {
-		out = dockerCli.Out()
-	}
-	if config.AttachStderr {
-		if config.Tty {
-			cerr = dockerCli.Out()
-		} else {
-			cerr = dockerCli.Err()
-		}
-	}
-
 	ch := make(chan error, 1)
 	*errCh = ch

@ -295,7 +284,7 @@ func reportError(stderr io.Writer, name string, str string, withHelp bool) {
 	if withHelp {
 		str += "\nSee 'docker " + name + " --help'."
 	}
-	_, _ = fmt.Fprintln(stderr, "docker:", str)
+	fmt.Fprintln(stderr, "docker:", str)
 }

 // if container start fails with 'not found'/'no such' error, return 127
@ -308,8 +297,7 @@ func runStartContainerErr(err error) error {
 		strings.Contains(trimmedErr, "no such file or directory") ||
 		strings.Contains(trimmedErr, "system cannot find the file specified") {
 		statusError = cli.StatusError{StatusCode: 127}
-	} else if strings.Contains(trimmedErr, syscall.EACCES.Error()) ||
-		strings.Contains(trimmedErr, syscall.EISDIR.Error()) {
+	} else if strings.Contains(trimmedErr, syscall.EACCES.Error()) {
 		statusError = cli.StatusError{StatusCode: 126}
 	}

--- a/cli/command/container/run_test.go
+++ b/cli/command/container/run_test.go
@ -1,26 +1,23 @@
 package container

 import (
-	"errors"
 	"fmt"
-	"io"
+	"io/ioutil"
 	"testing"

-	"github.com/docker/cli/cli"
 	"github.com/docker/cli/internal/test"
 	"github.com/docker/cli/internal/test/notary"
 	"github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/api/types/network"
 	specs "github.com/opencontainers/image-spec/specs-go/v1"
-	"github.com/spf13/pflag"
 	"gotest.tools/v3/assert"
 	is "gotest.tools/v3/assert/cmp"
 )

 func TestRunLabel(t *testing.T) {
 	cli := test.NewFakeCli(&fakeClient{
-		createContainerFunc: func(_ *container.Config, _ *container.HostConfig, _ *network.NetworkingConfig, _ *specs.Platform, _ string) (container.CreateResponse, error) {
-			return container.CreateResponse{
+		createContainerFunc: func(_ *container.Config, _ *container.HostConfig, _ *network.NetworkingConfig, _ *specs.Platform, _ string) (container.ContainerCreateCreatedBody, error) {
+			return container.ContainerCreateCreatedBody{
 				ID: "id",
 			}, nil
 		},
@ -64,49 +61,16 @@ func TestRunCommandWithContentTrustErrors(t *testing.T) {
 				networkingConfig *network.NetworkingConfig,
 				platform *specs.Platform,
 				containerName string,
-			) (container.CreateResponse, error) {
-				return container.CreateResponse{}, fmt.Errorf("shouldn't try to pull image")
+			) (container.ContainerCreateCreatedBody, error) {
+				return container.ContainerCreateCreatedBody{}, fmt.Errorf("shouldn't try to pull image")
 			},
 		}, test.EnableContentTrust)
 		cli.SetNotaryClient(tc.notaryFunc)
 		cmd := NewRunCommand(cli)
 		cmd.SetArgs(tc.args)
-		cmd.SetOut(io.Discard)
+		cmd.SetOut(ioutil.Discard)
 		err := cmd.Execute()
 		assert.Assert(t, err != nil)
 		assert.Assert(t, is.Contains(cli.ErrBuffer().String(), tc.expectedError))
 	}
 }
-
-func TestRunContainerImagePullPolicyInvalid(t *testing.T) {
-	cases := []struct {
-		PullPolicy     string
-		ExpectedErrMsg string
-	}{
-		{
-			PullPolicy:     "busybox:latest",
-			ExpectedErrMsg: `invalid pull option: 'busybox:latest': must be one of "always", "missing" or "never"`,
-		},
-		{
-			PullPolicy:     "--network=foo",
-			ExpectedErrMsg: `invalid pull option: '--network=foo': must be one of "always", "missing" or "never"`,
-		},
-	}
-	for _, tc := range cases {
-		tc := tc
-		t.Run(tc.PullPolicy, func(t *testing.T) {
-			dockerCli := test.NewFakeCli(&fakeClient{})
-			err := runRun(
-				dockerCli,
-				&pflag.FlagSet{},
-				&runOptions{createOptions: createOptions{pull: tc.PullPolicy}},
-				&containerOptions{},
-			)
-
-			statusErr := cli.StatusError{}
-			assert.Check(t, errors.As(err, &statusErr))
-			assert.Equal(t, statusErr.StatusCode, 125)
-			assert.Check(t, is.Contains(dockerCli.ErrBuffer().String(), tc.ExpectedErrMsg))
-		})
-	}
-}
--- a/cli/command/container/signals.go
+++ b/cli/command/container/signals.go
@ -6,7 +6,7 @@ import (
 	gosignal "os/signal"

 	"github.com/docker/cli/cli/command"
-	"github.com/moby/sys/signal"
+	"github.com/docker/docker/pkg/signal"
 	"github.com/sirupsen/logrus"
 )

@ -54,7 +54,7 @@ func ForwardAllSignals(ctx context.Context, cli command.Cli, cid string, sigc <-
 	}
 }

-func notifyAllSignals() chan os.Signal {
+func notfiyAllSignals() chan os.Signal {
 	sigc := make(chan os.Signal, 128)
 	gosignal.Notify(sigc)
 	return sigc
--- a/cli/command/container/signals_test.go
+++ b/cli/command/container/signals_test.go
@ -7,7 +7,7 @@ import (
 	"time"

 	"github.com/docker/cli/internal/test"
-	"github.com/moby/sys/signal"
+	"github.com/docker/docker/pkg/signal"
 )

 func TestForwardSignals(t *testing.T) {
@ -44,4 +44,5 @@ func TestForwardSignals(t *testing.T) {
 	case <-timer.C:
 		t.Fatal("timeout waiting for signal to be processed")
 	}
+
 }
--- a/cli/command/container/start.go
+++ b/cli/command/container/start.go
@ -8,80 +8,65 @@ import (

 	"github.com/docker/cli/cli"
 	"github.com/docker/cli/cli/command"
-	"github.com/docker/cli/cli/command/completion"
 	"github.com/docker/docker/api/types"
-	"github.com/moby/sys/signal"
+	"github.com/docker/docker/pkg/signal"
 	"github.com/moby/term"
 	"github.com/pkg/errors"
 	"github.com/spf13/cobra"
 )

-// StartOptions group options for `start` command
-type StartOptions struct {
-	Attach        bool
-	OpenStdin     bool
-	DetachKeys    string
-	Checkpoint    string
-	CheckpointDir string
+type startOptions struct {
+	attach        bool
+	openStdin     bool
+	detachKeys    string
+	checkpoint    string
+	checkpointDir string

-	Containers []string
-}
-
-// NewStartOptions creates a new StartOptions
-func NewStartOptions() StartOptions {
-	return StartOptions{}
+	containers []string
 }

 // NewStartCommand creates a new cobra.Command for `docker start`
 func NewStartCommand(dockerCli command.Cli) *cobra.Command {
-	var opts StartOptions
+	var opts startOptions

 	cmd := &cobra.Command{
 		Use:   "start [OPTIONS] CONTAINER [CONTAINER...]",
 		Short: "Start one or more stopped containers",
 		Args:  cli.RequiresMinArgs(1),
 		RunE: func(cmd *cobra.Command, args []string) error {
-			opts.Containers = args
-			return RunStart(dockerCli, &opts)
+			opts.containers = args
+			return runStart(dockerCli, &opts)
 		},
-		Annotations: map[string]string{
-			"aliases": "docker container start, docker start",
-		},
-		ValidArgsFunction: completion.ContainerNames(dockerCli, true, func(container types.Container) bool {
-			return container.State == "exited" || container.State == "created"
-		}),
 	}

 	flags := cmd.Flags()
-	flags.BoolVarP(&opts.Attach, "attach", "a", false, "Attach STDOUT/STDERR and forward signals")
-	flags.BoolVarP(&opts.OpenStdin, "interactive", "i", false, "Attach container's STDIN")
-	flags.StringVar(&opts.DetachKeys, "detach-keys", "", "Override the key sequence for detaching a container")
+	flags.BoolVarP(&opts.attach, "attach", "a", false, "Attach STDOUT/STDERR and forward signals")
+	flags.BoolVarP(&opts.openStdin, "interactive", "i", false, "Attach container's STDIN")
+	flags.StringVar(&opts.detachKeys, "detach-keys", "", "Override the key sequence for detaching a container")

-	flags.StringVar(&opts.Checkpoint, "checkpoint", "", "Restore from this checkpoint")
+	flags.StringVar(&opts.checkpoint, "checkpoint", "", "Restore from this checkpoint")
 	flags.SetAnnotation("checkpoint", "experimental", nil)
 	flags.SetAnnotation("checkpoint", "ostype", []string{"linux"})
-	flags.StringVar(&opts.CheckpointDir, "checkpoint-dir", "", "Use a custom checkpoint storage directory")
+	flags.StringVar(&opts.checkpointDir, "checkpoint-dir", "", "Use a custom checkpoint storage directory")
 	flags.SetAnnotation("checkpoint-dir", "experimental", nil)
 	flags.SetAnnotation("checkpoint-dir", "ostype", []string{"linux"})
 	return cmd
 }

-// RunStart executes a `start` command
-//
-//nolint:gocyclo
-func RunStart(dockerCli command.Cli, opts *StartOptions) error {
+// nolint: gocyclo
+func runStart(dockerCli command.Cli, opts *startOptions) error {
 	ctx, cancelFun := context.WithCancel(context.Background())
 	defer cancelFun()

-	if opts.Attach || opts.OpenStdin {
+	if opts.attach || opts.openStdin {
 		// We're going to attach to a container.
 		// 1. Ensure we only have one container.
-		if len(opts.Containers) > 1 {
+		if len(opts.containers) > 1 {
 			return errors.New("you cannot start and attach multiple containers at once")
 		}

 		// 2. Attach to the container.
-		container := opts.Containers[0]
+		container := opts.containers[0]
 		c, err := dockerCli.Client().ContainerInspect(ctx, container)
 		if err != nil {
 			return err
@ -89,18 +74,18 @@ func RunStart(dockerCli command.Cli, opts *StartOptions) error {

 		// We always use c.ID instead of container to maintain consistency during `docker start`
 		if !c.Config.Tty {
-			sigc := notifyAllSignals()
+			sigc := notfiyAllSignals()
 			go ForwardAllSignals(ctx, dockerCli, c.ID, sigc)
 			defer signal.StopCatch(sigc)
 		}

-		if opts.DetachKeys != "" {
-			dockerCli.ConfigFile().DetachKeys = opts.DetachKeys
+		if opts.detachKeys != "" {
+			dockerCli.ConfigFile().DetachKeys = opts.detachKeys
 		}

 		options := types.ContainerAttachOptions{
 			Stream:     true,
-			Stdin:      opts.OpenStdin && c.Config.OpenStdin,
+			Stdin:      opts.openStdin && c.Config.OpenStdin,
 			Stdout:     true,
 			Stderr:     true,
 			DetachKeys: dockerCli.ConfigFile().DetachKeys,
@ -144,8 +129,8 @@ func RunStart(dockerCli command.Cli, opts *StartOptions) error {
 		// no matter it's detached, removed on daemon side(--rm) or exit normally.
 		statusChan := waitExitOrRemoved(ctx, dockerCli, c.ID, c.HostConfig.AutoRemove)
 		startOptions := types.ContainerStartOptions{
-			CheckpointID:  opts.Checkpoint,
-			CheckpointDir: opts.CheckpointDir,
+			CheckpointID:  opts.checkpoint,
+			CheckpointDir: opts.checkpointDir,
 		}

 		// 4. Start the container.
@ -176,21 +161,21 @@ func RunStart(dockerCli command.Cli, opts *StartOptions) error {
 		if status := <-statusChan; status != 0 {
 			return cli.StatusError{StatusCode: status}
 		}
-	} else if opts.Checkpoint != "" {
-		if len(opts.Containers) > 1 {
+	} else if opts.checkpoint != "" {
+		if len(opts.containers) > 1 {
 			return errors.New("you cannot restore multiple containers at once")
 		}
-		container := opts.Containers[0]
+		container := opts.containers[0]
 		startOptions := types.ContainerStartOptions{
-			CheckpointID:  opts.Checkpoint,
-			CheckpointDir: opts.CheckpointDir,
+			CheckpointID:  opts.checkpoint,
+			CheckpointDir: opts.checkpointDir,
 		}
 		return dockerCli.Client().ContainerStart(ctx, container, startOptions)

 	} else {
 		// We're not going to attach to anything.
 		// Start as many containers as we want.
-		return startContainersWithoutAttachments(ctx, dockerCli, opts.Containers)
+		return startContainersWithoutAttachments(ctx, dockerCli, opts.containers)
 	}

 	return nil
--- a/cli/command/container/stats.go
+++ b/cli/command/container/stats.go
@ -10,9 +10,7 @@ import (

 	"github.com/docker/cli/cli"
 	"github.com/docker/cli/cli/command"
-	"github.com/docker/cli/cli/command/completion"
 	"github.com/docker/cli/cli/command/formatter"
-	flagsHelper "github.com/docker/cli/cli/flags"
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/events"
 	"github.com/docker/docker/api/types/filters"
@ -40,24 +38,19 @@ func NewStatsCommand(dockerCli command.Cli) *cobra.Command {
 			opts.containers = args
 			return runStats(dockerCli, &opts)
 		},
-		Annotations: map[string]string{
-			"aliases": "docker container stats, docker stats",
-		},
-		ValidArgsFunction: completion.ContainerNames(dockerCli, false),
 	}

 	flags := cmd.Flags()
 	flags.BoolVarP(&opts.all, "all", "a", false, "Show all containers (default shows just running)")
 	flags.BoolVar(&opts.noStream, "no-stream", false, "Disable streaming stats and only pull the first result")
 	flags.BoolVar(&opts.noTrunc, "no-trunc", false, "Do not truncate output")
-	flags.StringVar(&opts.format, "format", "", flagsHelper.FormatHelp)
+	flags.StringVar(&opts.format, "format", "", "Pretty-print images using a Go template")
 	return cmd
 }

 // runStats displays a live stream of resource usage statistics for one or more containers.
 // This shows real-time information on CPU usage, memory usage, and network I/O.
-//
-//nolint:gocyclo
+// nolint: gocyclo
 func runStats(dockerCli command.Cli, opts *statsOptions) error {
 	showAll := len(opts.containers) == 0
 	closeChan := make(chan error)
@ -66,7 +59,7 @@ func runStats(dockerCli command.Cli, opts *statsOptions) error {

 	// monitorContainerEvents watches for container creation and removal (only
 	// used when calling `docker stats` without arguments).
-	monitorContainerEvents := func(started chan<- struct{}, c chan events.Message, stopped <-chan struct{}) {
+	monitorContainerEvents := func(started chan<- struct{}, c chan events.Message) {
 		f := filters.NewArgs()
 		f.Add("type", "container")
 		options := types.EventsOptions{
@ -78,12 +71,9 @@ func runStats(dockerCli command.Cli, opts *statsOptions) error {
 		// Whether we successfully subscribed to eventq or not, we can now
 		// unblock the main goroutine.
 		close(started)
-		defer close(c)

 		for {
 			select {
-			case <-stopped:
-				return
 			case event := <-eventq:
 				c <- event
 			case err := <-errq:
@ -159,9 +149,8 @@ func runStats(dockerCli command.Cli, opts *statsOptions) error {

 		eventChan := make(chan events.Message)
 		go eh.Watch(eventChan)
-		stopped := make(chan struct{})
-		go monitorContainerEvents(started, eventChan, stopped)
-		defer close(stopped)
+		go monitorContainerEvents(started, eventChan)
+		defer close(eventChan)
 		<-started

 		// Start a short-lived goroutine to retrieve the initial list of
@ -188,13 +177,13 @@ func runStats(dockerCli command.Cli, opts *statsOptions) error {
 		waitFirst.Wait()

 		var errs []string
-		cStats.mu.RLock()
+		cStats.mu.Lock()
 		for _, c := range cStats.cs {
 			if err := c.GetError(); err != nil {
 				errs = append(errs, err.Error())
 			}
 		}
-		cStats.mu.RUnlock()
+		cStats.mu.Unlock()
 		if len(errs) > 0 {
 			return errors.New(strings.Join(errs, "\n"))
 		}
@ -225,11 +214,11 @@ func runStats(dockerCli command.Cli, opts *statsOptions) error {
 	for range ticker.C {
 		cleanScreen()
 		ccstats := []StatsEntry{}
-		cStats.mu.RLock()
+		cStats.mu.Lock()
 		for _, c := range cStats.cs {
 			ccstats = append(ccstats, c.GetStatistics())
 		}
-		cStats.mu.RUnlock()
+		cStats.mu.Unlock()
 		if err = statsFormatWrite(statsCtx, ccstats, daemonOSType, !opts.noTrunc); err != nil {
 			break
 		}
--- a/cli/command/container/stats_helpers.go
+++ b/cli/command/container/stats_helpers.go
@ -14,7 +14,7 @@ import (
 )

 type stats struct {
-	mu sync.RWMutex
+	mu sync.Mutex
 	cs []*Stats
 }

--- a/cli/command/container/stop.go
+++ b/cli/command/container/stop.go
@ -4,19 +4,17 @@ import (
 	"context"
 	"fmt"
 	"strings"
+	"time"

 	"github.com/docker/cli/cli"
 	"github.com/docker/cli/cli/command"
-	"github.com/docker/cli/cli/command/completion"
-	"github.com/docker/docker/api/types/container"
 	"github.com/pkg/errors"
 	"github.com/spf13/cobra"
 )

 type stopOptions struct {
-	signal         string
-	timeout        int
-	timeoutChanged bool
+	time        int
+	timeChanged bool

 	containers []string
 }
@ -31,40 +29,36 @@ func NewStopCommand(dockerCli command.Cli) *cobra.Command {
 		Args:  cli.RequiresMinArgs(1),
 		RunE: func(cmd *cobra.Command, args []string) error {
 			opts.containers = args
-			opts.timeoutChanged = cmd.Flags().Changed("time")
+			opts.timeChanged = cmd.Flags().Changed("time")
 			return runStop(dockerCli, &opts)
 		},
-		Annotations: map[string]string{
-			"aliases": "docker container stop, docker stop",
-		},
-		ValidArgsFunction: completion.ContainerNames(dockerCli, false),
 	}

 	flags := cmd.Flags()
-	flags.StringVarP(&opts.signal, "signal", "s", "", "Signal to send to the container")
-	flags.IntVarP(&opts.timeout, "time", "t", 0, "Seconds to wait before killing the container")
+	flags.IntVarP(&opts.time, "time", "t", 10, "Seconds to wait for stop before killing it")
 	return cmd
 }

 func runStop(dockerCli command.Cli, opts *stopOptions) error {
-	var timeout *int
-	if opts.timeoutChanged {
-		timeout = &opts.timeout
+	ctx := context.Background()
+
+	var timeout *time.Duration
+	if opts.timeChanged {
+		timeoutValue := time.Duration(opts.time) * time.Second
+		timeout = &timeoutValue
 	}

-	errChan := parallelOperation(context.Background(), opts.containers, func(ctx context.Context, id string) error {
-		return dockerCli.Client().ContainerStop(ctx, id, container.StopOptions{
-			Signal:  opts.signal,
-			Timeout: timeout,
-		})
-	})
 	var errs []string
-	for _, ctr := range opts.containers {
+
+	errChan := parallelOperation(ctx, opts.containers, func(ctx context.Context, id string) error {
+		return dockerCli.Client().ContainerStop(ctx, id, timeout)
+	})
+	for _, container := range opts.containers {
 		if err := <-errChan; err != nil {
 			errs = append(errs, err.Error())
 			continue
 		}
-		_, _ = fmt.Fprintln(dockerCli.Out(), ctr)
+		fmt.Fprintln(dockerCli.Out(), container)
 	}
 	if len(errs) > 0 {
 		return errors.New(strings.Join(errs, "\n"))
--- a/cli/command/container/testdata/container-list-with-config-format.golden
+++ b/cli/command/container/testdata/container-list-with-config-format.golden
@ -1,2 +1,2 @@
-c1 busybox:latest some.label=value 10.7MB
-c2 busybox:latest foo=bar 3.2MB
+c1 busybox:latest some.label=value
+c2 busybox:latest foo=bar
--- a/cli/command/container/testdata/container-list-without-format-no-trunc.golden
+++ b/cli/command/container/testdata/container-list-without-format-no-trunc.golden
@ -1,3 +1,3 @@
-CONTAINER ID   IMAGE            COMMAND   CREATED              STATUS        PORTS     NAMES
-container_id   busybox:latest   "top"     About a minute ago   Up 1 minute             c1
-container_id   busybox:latest   "top"     About a minute ago   Up 1 minute             c2,foo/bar
+CONTAINER ID   IMAGE            COMMAND   CREATED                  STATUS        PORTS     NAMES
+container_id   busybox:latest   "top"     Less than a second ago   Up 1 second             c1
+container_id   busybox:latest   "top"     Less than a second ago   Up 1 second             c2,foo/bar
--- a/Show More
+++ b/Show More