Merge pull request #4595 from thaJeztah/23.0_backport_update_md2man

[23.0 backport] update go-md2man to v2.0.3
Merge pull request #4598 from thaJeztah/23.0_update_go1.20.10
2023-10-13 17:27:35 +02:00 · 2023-10-12 10:45:35 +02:00 · 2023-10-11 20:07:35 +02:00 · 2023-10-11 20:07:25 +02:00 · 2023-10-11 19:24:49 +02:00 · 2023-09-13 10:05:53 -06:00
2310 changed files with 40900 additions and 144319 deletions
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@ -0,0 +1,19 @@
+# This is a dummy CircleCI config file to avoid GitHub status failures reported
+# on branches that don't use CircleCI. This file should be deleted when all
+# branches are no longer dependent on CircleCI.
+version: 2
+
+jobs:
+  dummy:
+    docker:
+      - image: busybox
+    steps:
+      - run:
+          name: "dummy"
+          command: echo "dummy job"
+
+workflows:
+  version: 2
+  ci:
+    jobs:
+      - dummy
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@ -1,6 +1,7 @@
 # GitHub code owners
 # See https://github.com/blog/2392-introducing-code-owners

-cli/command/stack/**        @silvin-lubecki @docker/runtime-owners
-contrib/completion/bash/**  @albers @docker/runtime-owners
-docs/**                     @thaJeztah @docker/runtime-owners
+cli/command/stack/**        @silvin-lubecki
+contrib/completion/bash/**  @albers
+contrib/completion/zsh/**   @sdurrheimer
+docs/**                     @thaJeztah
--- a/.github/ISSUE_TEMPLATE/bug_report.yml
+++ b/.github/ISSUE_TEMPLATE/bug_report.yml
@ -8,12 +8,12 @@ body:
    attributes:
      value: |
        Thank you for taking the time to report a bug!
-        If this is a security issue report it to the [Docker Security team](mailto:security@docker.com).
+        If this is a security issue please report it to the [Docker Security team](mailto:security@docker.com).
  - type: textarea
    id: description
    attributes:
      label: Description
-      description: Give a clear and concise description of the bug
+      description: Please give a clear and concise description of the bug
    validations:
      required: true
  - type: textarea
--- a/.github/ISSUE_TEMPLATE/config.yml
+++ b/.github/ISSUE_TEMPLATE/config.yml
@ -4,7 +4,7 @@ contact_links:
    about: "Read guidelines and tips about contributing to Docker."
    url: "https://github.com/docker/cli/blob/master/CONTRIBUTING.md"
  - name: "Security and Vulnerabilities"
-    about: "Report any security issues or vulnerabilities responsibly to the Docker security team. Do not use the public issue tracker."
+    about: "Please report any security issues or vulnerabilities responsibly to the Docker security team. Please do not use the public issue tracker."
    url: "https://github.com/moby/moby/security/policy"
  - name: "General Support"
    about: "Get the help you need to build, share, and run your Docker applications"
--- a/.github/PULL_REQUEST_TEMPLATE.md
+++ b/.github/PULL_REQUEST_TEMPLATE.md
@ -1,5 +1,5 @@
 <!--
-Make sure you've read and understood our contributing guidelines;
+Please make sure you've read and understood our contributing guidelines;
 https://github.com/docker/cli/blob/master/CONTRIBUTING.md

 ** Make sure all your commits include a signature generated with `git commit -s` **
@ -10,7 +10,7 @@ guide https://docs.docker.com/opensource/code/
 If this is a bug fix, make sure your description includes "fixes #xxxx", or
 "closes #xxxx"

-Provide the following information:
+Please provide the following information:
 -->

 **- What I did**
@ -22,13 +22,9 @@ Provide the following information:
 **- Description for the changelog**
 <!--
 Write a short (one line) summary that describes the changes in this
-pull request for inclusion in the changelog.
-It must be placed inside the below triple backticks section:
+pull request for inclusion in the changelog:
 -->
-```markdown changelog


-```
-
 **- A picture of a cute animal (not mandatory but encouraged)**

--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@ -4,9 +4,6 @@ concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

-env:
-  VERSION: ${{ github.ref }}
-
 on:
  workflow_dispatch:
  push:
@ -19,13 +16,13 @@ on:

 jobs:
  prepare:
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-20.04
    outputs:
      matrix: ${{ steps.platforms.outputs.matrix }}
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v3
      -
        name: Create matrix
        id: platforms
@ -37,7 +34,7 @@ jobs:
          echo ${{ steps.platforms.outputs.matrix }}

  build:
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-20.04
    needs:
      - prepare
    strategy:
@ -53,15 +50,15 @@ jobs:
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v3
        with:
          fetch-depth: 0
      -
        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
+        uses: docker/setup-buildx-action@v2
      -
        name: Build
-        uses: docker/bake-action@v5
+        uses: docker/bake-action@v3
        with:
          targets: ${{ matrix.target }}
          set: |
@ -77,70 +74,26 @@ jobs:
          platformPair=${platform//\//-}
          tar -cvzf "/tmp/out/docker-${platformPair}.tar.gz" .
          if [ -z "${{ matrix.use_glibc }}" ]; then
-            echo "ARTIFACT_NAME=${{ matrix.target }}-${platformPair}" >> $GITHUB_ENV
+            echo "ARTIFACT_NAME=${{ matrix.target }}" >> $GITHUB_ENV
          else
-            echo "ARTIFACT_NAME=${{ matrix.target }}-${platformPair}-glibc" >> $GITHUB_ENV
+            echo "ARTIFACT_NAME=${{ matrix.target }}-glibc" >> $GITHUB_ENV
          fi
      -
        name: Upload artifacts
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v3
        with:
          name: ${{ env.ARTIFACT_NAME }}
          path: /tmp/out/*
          if-no-files-found: error

-  bin-image:
-    runs-on: ubuntu-24.04
-    if: ${{ github.event_name != 'pull_request' && github.repository == 'docker/cli' }}
-    steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v4
-      -
-        name: Set up QEMU
-        uses: docker/setup-qemu-action@v3
-      -
-        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-      -
-        name: Docker meta
-        id: meta
-        uses: docker/metadata-action@v5
-        with:
-          images: dockereng/cli-bin
-          tags: |
-            type=semver,pattern={{version}}
-            type=ref,event=branch
-            type=ref,event=pr
-            type=sha
-      -
-        name: Login to DockerHub
-        if: github.event_name != 'pull_request'
-        uses: docker/login-action@v3
-        with:
-          username: ${{ secrets.DOCKERHUB_CLIBIN_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_CLIBIN_TOKEN }}
-      -
-        name: Build and push image
-        uses: docker/bake-action@v5
-        with:
-          files: |
-            ./docker-bake.hcl
-            ${{ steps.meta.outputs.bake-file }}
-          targets: bin-image-cross
-          push: ${{ github.event_name != 'pull_request' }}
-          set: |
-            *.cache-from=type=gha,scope=bin-image
-            *.cache-to=type=gha,scope=bin-image,mode=max
-
  prepare-plugins:
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-20.04
    outputs:
      matrix: ${{ steps.platforms.outputs.matrix }}
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v3
      -
        name: Create matrix
        id: platforms
@ -152,7 +105,7 @@ jobs:
          echo ${{ steps.platforms.outputs.matrix }}

  plugins:
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-20.04
    needs:
      - prepare-plugins
    strategy:
@ -162,13 +115,13 @@ jobs:
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v3
      -
        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
+        uses: docker/setup-buildx-action@v2
      -
        name: Build
-        uses: docker/bake-action@v5
+        uses: docker/bake-action@v3
        with:
          targets: plugins-cross
          set: |
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@ -0,0 +1,40 @@
+name: codeql
+
+on:
+  schedule:
+    #        ┌───────────── minute (0 - 59)
+    #        │ ┌───────────── hour (0 - 23)
+    #        │ │ ┌───────────── day of the month (1 - 31)
+    #        │ │ │ ┌───────────── month (1 - 12)
+    #        │ │ │ │ ┌───────────── day of the week (0 - 6) (Sunday to Saturday)
+    #        │ │ │ │ │
+    #        │ │ │ │ │
+    #        │ │ │ │ │
+    #        * * * * *
+    - cron: '0 9 * * 4'
+
+jobs:
+  codeql:
+    runs-on: ubuntu-20.04
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 2
+      -
+        name: Checkout HEAD on PR
+        if: ${{ github.event_name == 'pull_request' }}
+        run: |
+          git checkout HEAD^2
+      -
+        name: Initialize CodeQL
+        uses: github/codeql-action/init@v2
+        with:
+          languages: go
+      -
+        name: Autobuild
+        uses: github/codeql-action/autobuild@v2
+      -
+        name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v2
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@ -1,74 +0,0 @@
-name: codeql
-
-on:
-  push:
-    branches: 
-      - 'master' 
-      - '[0-9]+.[0-9]+' 
-    tags: 
-      - 'v*' 
-  pull_request:
-    # The branches below must be a subset of the branches above
-    branches: [ "master" ]
-  schedule:
-    #        ┌───────────── minute (0 - 59)
-    #        │ ┌───────────── hour (0 - 23)
-    #        │ │ ┌───────────── day of the month (1 - 31)
-    #        │ │ │ ┌───────────── month (1 - 12)
-    #        │ │ │ │ ┌───────────── day of the week (0 - 6) (Sunday to Saturday)
-    #        │ │ │ │ │
-    #        │ │ │ │ │
-    #        │ │ │ │ │
-    #        * * * * *
-    - cron: '0 9 * * 4'
-
-jobs:
-  codeql:
-    runs-on: 'ubuntu-latest'
-    timeout-minutes: 360
-    env:
-      DISABLE_WARN_OUTSIDE_CONTAINER: '1'
-    permissions:
-      actions: read
-      contents: read
-      security-events: write
-    
-    steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 2
-      -
-        name: Checkout HEAD on PR
-        if: ${{ github.event_name == 'pull_request' }}
-        run: |
-          git checkout HEAD^2
-      # CodeQL 2.16.4's auto-build added support for multi-module repositories,
-      # and is trying to be smart by searching for modules in every directory,
-      # including vendor directories. If no module is found, it's creating one
-      # which is ... not what we want, so let's give it a "go.mod".
-      # see: https://github.com/docker/cli/pull/4944#issuecomment-2002034698
-      -
-        name: Create go.mod
-        run: |
-          ln -s vendor.mod go.mod
-          ln -s vendor.sum go.sum
-      -
-        name: Update Go
-        uses: actions/setup-go@v5
-        with:
-          go-version: '1.21'
-      -
-        name: Initialize CodeQL
-        uses: github/codeql-action/init@v3
-        with:
-          languages: go
-      -
-        name: Autobuild
-        uses: github/codeql-action/autobuild@v3
-      -
-        name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v3
-        with:
-          category: "/language:go"
--- a/.github/workflows/e2e.yml
+++ b/.github/workflows/e2e.yml
@ -16,7 +16,7 @@ on:

 jobs:
  e2e:
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-20.04
    strategy:
      fail-fast: false
      matrix:
@ -26,47 +26,39 @@ jobs:
          - connhelper-ssh
        base:
          - alpine
-          - debian
+          - bullseye
        engine-version:
-          - 27.0  # latest
-          - 26.1  # latest - 1
-          - 23.0  # mirantis lts
-          # TODO(krissetto) 19.03 needs a look, doesn't work ubuntu 22.04 (cgroup errors). 
-          # we could have a separate job that tests it against ubuntu 20.04
+#          - 20.10-dind # FIXME: Fails on 20.10
+          - stable-dind # TODO: Use 20.10-dind, stable-dind is deprecated
+        include:
+          - target: non-experimental
+            engine-version: 19.03-dind
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v3
      -
        name: Update daemon.json
        run: |
-          if [ ! -f /etc/docker/daemon.json ]; then
-            # ubuntu 24.04 runners no longer have a default daemon.json present
-            sudo mkdir -p /etc/docker/
-            echo '{"experimental": true}' | sudo tee /etc/docker/daemon.json
-          else
-            # but if there is one; let's patch it to keep other options that may be set.
-            sudo jq '.experimental = true' < /etc/docker/daemon.json > /tmp/docker.json
-            sudo mv /tmp/docker.json /etc/docker/daemon.json
-          fi
+          sudo jq '.experimental = true' < /etc/docker/daemon.json > /tmp/docker.json
+          sudo mv /tmp/docker.json /etc/docker/daemon.json
          sudo cat /etc/docker/daemon.json
          sudo service docker restart
          docker version
          docker info
      -
        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
+        uses: docker/setup-buildx-action@v2
      -
        name: Run ${{ matrix.target }}
        run: |
          make -f docker.Makefile test-e2e-${{ matrix.target }}
        env:
          BASE_VARIANT: ${{ matrix.base }}
-          ENGINE_VERSION: ${{ matrix.engine-version }}
+          E2E_ENGINE_VERSION: ${{ matrix.engine-version }}
          TESTFLAGS: -coverprofile=/tmp/coverage/coverage.txt
      -
        name: Send to Codecov
-        uses: codecov/codecov-action@v4
+        uses: codecov/codecov-action@v3
        with:
          file: ./build/coverage/coverage.txt
-          token: ${{ secrets.CODECOV_TOKEN }}
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@ -16,25 +16,24 @@ on:

 jobs:
  ctn:
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-20.04
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v3
      -
        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
+        uses: docker/setup-buildx-action@v2
      -
        name: Test
-        uses: docker/bake-action@v5
+        uses: docker/bake-action@v3
        with:
          targets: test-coverage
      -
        name: Send to Codecov
-        uses: codecov/codecov-action@v4
+        uses: codecov/codecov-action@v3
        with:
          file: ./build/coverage/coverage.txt
-          token: ${{ secrets.CODECOV_TOKEN }}

  host:
    runs-on: ${{ matrix.os }}
@ -46,7 +45,7 @@ jobs:
      fail-fast: false
      matrix:
        os:
-          - macos-12
+          - macos-11
 #          - windows-2022 # FIXME: some tests are failing on the Windows runner, as well as on Appveyor since June 24, 2018: https://ci.appveyor.com/project/docker/cli/history
    steps:
      -
@ -57,14 +56,14 @@ jobs:
          git config --system core.eol lf
      -
        name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v3
        with:
          path: ${{ env.GOPATH }}/src/github.com/docker/cli
      -
        name: Set up Go
-        uses: actions/setup-go@v5
+        uses: actions/setup-go@v3
        with:
-          go-version: 1.21.11
+          go-version: 1.20.10
      -
        name: Test
        run: |
@ -74,8 +73,7 @@ jobs:
        shell: bash
      -
        name: Send to Codecov
-        uses: codecov/codecov-action@v4
+        uses: codecov/codecov-action@v3
        with:
          file: /tmp/coverage.txt
          working-directory: ${{ env.GOPATH }}/src/github.com/docker/cli
-          token: ${{ secrets.CODECOV_TOKEN }}
--- a/.github/workflows/validate-pr.yml
+++ b/.github/workflows/validate-pr.yml
@ -1,62 +0,0 @@
-name: validate-pr
-
-on:
-  pull_request:
-    types: [opened, edited, labeled, unlabeled]
-
-jobs:
-  check-area-label:
-    runs-on: ubuntu-20.04
-    steps:
-      - name: Missing `area/` label
-        if: contains(join(github.event.pull_request.labels.*.name, ','), 'impact/') && !contains(join(github.event.pull_request.labels.*.name, ','), 'area/')
-        run: |
-          echo "::error::Every PR with an 'impact/*' label should also have an 'area/*' label"
-          exit 1
-      - name: OK
-        run: exit 0
-
-  check-changelog:
-    if: contains(join(github.event.pull_request.labels.*.name, ','), 'impact/')
-    runs-on: ubuntu-20.04
-    env:
-      PR_BODY: |
-        ${{ github.event.pull_request.body }}
-    steps:
-      - name: Check changelog description
-        run: |
-          # Extract the `markdown changelog` note code block
-          block=$(echo -n "$PR_BODY" | tr -d '\r' | awk '/^```markdown changelog$/{flag=1;next}/^```$/{flag=0}flag')
-
-          # Strip empty lines
-          desc=$(echo "$block" |  awk NF)
-
-          if [ -z "$desc" ]; then
-            echo "::error::Changelog section is empty. Provide a description for the changelog."
-            exit 1
-          fi
-
-          len=$(echo -n "$desc" | wc -c)
-          if [[ $len -le 6 ]]; then
-            echo "::error::Description looks too short: $desc"
-            exit 1
-          fi
-
-          echo "This PR will be included in the release notes with the following note:"
-          echo "$desc"
-
-  check-pr-branch:
-    runs-on: ubuntu-20.04
-    env:
-      PR_TITLE: ${{ github.event.pull_request.title }}
-    steps:
-      # Backports or PR that target a release branch directly should mention the target branch in the title, for example:
-      # [X.Y backport] Some change that needs backporting to X.Y
-      # [X.Y] Change directly targeting the X.Y branch
-      - name: Get branch from PR title
-        id: title_branch
-        run: echo "$PR_TITLE" | sed -n 's/^\[\([0-9]*\.[0-9]*\)[^]]*\].*/branch=\1/p' >> $GITHUB_OUTPUT
-
-      - name: Check release branch
-        if: github.event.pull_request.base.ref != steps.title_branch.outputs.branch && !(github.event.pull_request.base.ref == 'master' && steps.title_branch.outputs.branch == '')
-        run: echo "::error::PR title suggests targetting the ${{ steps.title_branch.outputs.branch }} branch, but is opened against ${{ github.event.pull_request.base.ref }}" && exit 1
--- a/.github/workflows/validate.yml
+++ b/.github/workflows/validate.yml
@ -16,7 +16,7 @@ on:

 jobs:
  validate:
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-20.04
    strategy:
      fail-fast: false
      matrix:
@ -28,20 +28,20 @@ jobs:
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v3
      -
        name: Run
-        uses: docker/bake-action@v5
+        uses: docker/bake-action@v3
        with:
          targets: ${{ matrix.target }}

  # check that the generated Markdown and the checked-in files match
  validate-md:
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-20.04
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v3
      -
        name: Generate
        shell: 'script --return --quiet --command "bash {0}"'
@ -57,7 +57,7 @@ jobs:
          fi

  validate-make:
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-20.04
    strategy:
      fail-fast: false
      matrix:
@ -67,7 +67,7 @@ jobs:
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v3
      -
        name: Run
        shell: 'script --return --quiet --command "bash {0}"'
--- a/.gitignore
+++ b/.gitignore
@ -1,5 +1,5 @@
 # if you want to ignore files created by your editor/tools,
-# consider a global .gitignore https://help.github.com/articles/ignoring-files
+# please consider a global .gitignore https://help.github.com/articles/ignoring-files
 *.exe
 *.exe~
 *.orig
--- a/.golangci.yml
+++ b/.golangci.yml
@ -3,88 +3,51 @@ linters:
    - bodyclose
    - depguard
    - dogsled
-    - dupword       # Detects duplicate words.
-    - durationcheck
-    - errchkjson
-    - exportloopref # Detects pointers to enclosing loop variables.
-    - gocritic      # Metalinter; detects bugs, performance, and styling issues.
    - gocyclo
-    - gofumpt       # Detects whether code was gofumpt-ed.
+    - gofumpt
    - goimports
-    - gosec         # Detects security problems.
+    - gosec
    - gosimple
    - govet
    - ineffassign
    - lll
    - megacheck
-    - misspell      # Detects commonly misspelled English words in comments.
+    - misspell
    - nakedret
-    - nilerr        # Detects code that returns nil even if it checks that the error is not nil.
-    - nolintlint    # Detects ill-formed or insufficient nolint directives.
-    - perfsprint    # Detects fmt.Sprintf uses that can be replaced with a faster alternative.
-    - prealloc      # Detects slice declarations that could potentially be pre-allocated.
-    - predeclared   # Detects code that shadows one of Go's predeclared identifiers
-    - reassign
-    - revive        # Metalinter; drop-in replacement for golint.
+    - revive
    - staticcheck
-    - stylecheck    # Replacement for golint
-    - tenv          # Detects using os.Setenv instead of t.Setenv.
-    - thelper       # Detects test helpers without t.Helper().
-    - tparallel     # Detects inappropriate usage of t.Parallel().
    - typecheck
-    - unconvert     # Detects unnecessary type conversions.
+    - unconvert
    - unparam
    - unused
-    - usestdlibvars
-    - vet
-    - wastedassign

  disable:
    - errcheck

 run:
  timeout: 5m
+  skip-files:
+    - cli/compose/schema/bindata.go
+    - .*generated.*

 linters-settings:
  depguard:
-    rules:
-      main:
-        deny:
-          - pkg: io/ioutil
-            desc: The io/ioutil package has been deprecated, see https://go.dev/doc/go1.16#ioutil
+    list-type: blacklist
+    include-go-root: true
+    packages:
+      # The io/ioutil package has been deprecated.
+      # https://go.dev/doc/go1.16#ioutil
+      - io/ioutil
  gocyclo:
    min-complexity: 16
  govet:
-    enable:
-      - shadow
-    settings:
-      shadow:
-        strict: true
+    check-shadowing: false
  lll:
    line-length: 200
  nakedret:
    command: nakedret
    pattern: ^(?P<path>.*?\\.go):(?P<line>\\d+)\\s*(?P<message>.*)$

-  revive:
-    rules:
-      # https://github.com/mgechev/revive/blob/master/RULES_DESCRIPTIONS.md#import-shadowing
-      - name: import-shadowing
-        severity: warning
-        disabled: false
-      # https://github.com/mgechev/revive/blob/master/RULES_DESCRIPTIONS.md#empty-block
-      - name: empty-block
-        severity: warning
-        disabled: false
-      # https://github.com/mgechev/revive/blob/master/RULES_DESCRIPTIONS.md#empty-lines
-      - name: empty-lines
-        severity: warning
-        disabled: false
-      # https://github.com/mgechev/revive/blob/master/RULES_DESCRIPTIONS.md#use-any
-      - name: use-any
-        severity: warning
-        disabled: false
-
 issues:
  # The default exclusion rules are a bit too permissive, so copying the relevant ones below
  exclude-use-default: false
@ -92,10 +55,6 @@ issues:
  exclude:
    - parameter .* always receives

-  exclude-files:
-    - cli/compose/schema/bindata.go
-    - .*generated.*
-
  exclude-rules:
    # We prefer to use an "exclude-list" so that new "default" exclusions are not
    # automatically inherited. We can decide whether or not to follow upstream
@ -125,7 +84,7 @@ issues:
        - gosec
    # EXC0008
    # TODO: evaluate these and fix where needed: G307: Deferring unsafe method "*os.File" on type "Close" (gosec)
-    - text: "G307"
+    - text: "(G104|G307)"
      linters:
        - gosec
    # EXC0009
@ -139,13 +98,10 @@ issues:

    # G113 Potential uncontrolled memory consumption in Rat.SetString (CVE-2022-23772)
    # only affects gp < 1.16.14. and go < 1.17.7
-    - text: "G113"
-      linters:
-        - gosec
-    # TODO: G104: Errors unhandled. (gosec)
-    - text: "G104"
+    - text: "(G113)"
      linters:
        - gosec
+
    # Looks like the match in "EXC0007" above doesn't catch this one
    # TODO: consider upstreaming this to golangci-lint's default exclusion rules
    - text: "G204: Subprocess launched with a potential tainted input or cmd arguments"
@ -170,15 +126,6 @@ issues:
      linters:
        - errcheck
        - gosec
-    - text: "ST1000: at least one file in a package should have a package comment"
-      linters:
-        - stylecheck
-
-    # Allow "err" and "ok" vars to shadow existing declarations, otherwise we get too many false positives.
-    - text: '^shadow: declaration of "(err|ok)" shadows declaration'
-      linters:
-        - govet
-

  # Maximum issues count per one linter. Set to 0 to disable. Default is 50.
  max-issues-per-linter: 0
--- a/.mailmap
+++ b/.mailmap
@ -22,11 +22,6 @@ Akihiro Matsushima <amatsusbit@gmail.com> <amatsus@users.noreply.github.com>
 Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp> <suda.akihiro@lab.ntt.co.jp>
 Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp> <suda.kyoto@gmail.com>
-Alano Terblanche <alano.terblanche@docker.com>
-Alano Terblanche <alano.terblanche@docker.com> <18033717+Benehiko@users.noreply.github.com>
-Albin Kerouanton <albinker@gmail.com>
-Albin Kerouanton <albinker@gmail.com> <557933+akerouanton@users.noreply.github.com>
-Albin Kerouanton <albinker@gmail.com> <albin@akerouanton.name>
 Aleksa Sarai <asarai@suse.de>
 Aleksa Sarai <asarai@suse.de> <asarai@suse.com>
 Aleksa Sarai <asarai@suse.de> <cyphar@cyphar.com>
@ -34,7 +29,6 @@ Aleksandrs Fadins <aleks@s-ko.net>
 Alessandro Boch <aboch@tetrationanalytics.com> <aboch@docker.com>
 Alex Chen <alexchenunix@gmail.com> <root@localhost.localdomain>
 Alex Ellis <alexellis2@gmail.com>
-Alexander Chneerov <achneerov@gmail.com>
 Alexander Larsson <alexl@redhat.com> <alexander.larsson@gmail.com>
 Alexander Morozov <lk4d4math@gmail.com>
 Alexander Morozov <lk4d4math@gmail.com> <lk4d4@docker.com>
@ -78,9 +72,6 @@ Bill Wang <ozbillwang@gmail.com> <SydOps@users.noreply.github.com>
 Bin Liu <liubin0329@gmail.com>
 Bin Liu <liubin0329@gmail.com> <liubin0329@users.noreply.github.com>
 Bingshen Wang <bingshen.wbs@alibaba-inc.com>
-Bjorn Neergaard <bjorn.neergaard@docker.com>
-Bjorn Neergaard <bjorn.neergaard@docker.com> <bjorn@neersighted.com>
-Bjorn Neergaard <bjorn.neergaard@docker.com> <bneergaard@mirantis.com>
 Boaz Shuster <ripcurld.github@gmail.com>
 Brad Baker <brad@brad.fi>
 Brad Baker <brad@brad.fi> <88946291+brdbkr@users.noreply.github.com>
@ -90,8 +81,6 @@ Brent Salisbury <brent.salisbury@docker.com> <brent@docker.com>
 Brian Goff <cpuguy83@gmail.com>
 Brian Goff <cpuguy83@gmail.com> <bgoff@cpuguy83-mbp.home>
 Brian Goff <cpuguy83@gmail.com> <bgoff@cpuguy83-mbp.local>
-Brian Tracy <brian.tracy33@gmail.com>
-Calvin Liu <flycalvin@qq.com>
 Carlos de Paula <me@carlosedp.com>
 Chad Faragher <wyckster@hotmail.com>
 Chander Govindarajan <chandergovind@gmail.com>
@ -102,8 +91,6 @@ Chen Chuanliang <chen.chuanliang@zte.com.cn>
 Chen Mingjie <chenmingjie0828@163.com>
 Chen Qiu <cheney-90@hotmail.com>
 Chen Qiu <cheney-90@hotmail.com> <21321229@zju.edu.cn>
-Chris Chinchilla <chris@chrischinchilla.com>
-Chris Chinchilla <chris@chrischinchilla.com> <chris.ward@docker.com>
 Chris Dias <cdias@microsoft.com>
 Chris McKinnel <chris.mckinnel@tangentlabs.co.uk>
 Christopher Biscardi <biscarch@sketcht.com>
@ -114,7 +101,6 @@ Chun Chen <ramichen@tencent.com> <chenchun.feed@gmail.com>
 Comical Derskeal <27731088+derskeal@users.noreply.github.com>
 Corbin Coleman <corbin.coleman@docker.com>
 Cory Bennet <cbennett@netflix.com>
-Craig Osterhout <craig.osterhout@docker.com>
 Cristian Staretu <cristian.staretu@gmail.com>
 Cristian Staretu <cristian.staretu@gmail.com> <unclejack@users.noreply.github.com>
 Cristian Staretu <cristian.staretu@gmail.com> <unclejacksons@gmail.com>
@ -124,7 +110,6 @@ Daehyeok Mun <daehyeok@gmail.com> <daehyeok@daehyeok-ui-MacBook-Air.local>
 Daehyeok Mun <daehyeok@gmail.com> <daehyeok@daehyeokui-MacBook-Air.local>
 Daisuke Ito <itodaisuke00@gmail.com>
 Dan Feldman <danf@jfrog.com>
-Danial Gharib <danial.mail.gh@gmail.com>
 Daniel Dao <dqminh@cloudflare.com>
 Daniel Dao <dqminh@cloudflare.com> <dqminh89@gmail.com>
 Daniel Garcia <daniel@danielgarcia.info>
@ -146,8 +131,6 @@ Dave Henderson <dhenderson@gmail.com> <Dave.Henderson@ca.ibm.com>
 Dave Tucker <dt@docker.com> <dave@dtucker.co.uk>
 David Alvarez <david.alvarez@flyeralarm.com>
 David Alvarez <david.alvarez@flyeralarm.com> <busilezas@gmail.com>
-David Karlsson <david.karlsson@docker.com>
-David Karlsson <david.karlsson@docker.com> <35727626+dvdksn@users.noreply.github.com>
 David M. Karr <davidmichaelkarr@gmail.com>
 David Sheets <dsheets@docker.com> <sheets@alum.mit.edu>
 David Sissitka <me@dsissitka.com>
@ -198,8 +181,6 @@ Gerwim Feiken <g.feiken@tfe.nl> <gerwim@gmail.com>
 Giampaolo Mancini <giampaolo@trampolineup.com>
 Gopikannan Venugopalsamy <gopikannan.venugopalsamy@gmail.com>
 Gou Rao <gou@portworx.com> <gourao@users.noreply.github.com>
-Graeme Wiebe <graeme.wiebe@gmail.com>
-Graeme Wiebe <graeme.wiebe@gmail.com> <79593869+TheRealGramdalf@users.noreply.github.com>
 Greg Stephens <greg@udon.org>
 Guillaume J. Charmes <guillaume.charmes@docker.com> <charmes.guillaume@gmail.com>
 Guillaume J. Charmes <guillaume.charmes@docker.com> <guillaume.charmes@dotcloud.com>
@ -258,7 +239,6 @@ Jessica Frazelle <jess@oxide.computer> <jessfraz@google.com>
 Jessica Frazelle <jess@oxide.computer> <jfrazelle@users.noreply.github.com>
 Jessica Frazelle <jess@oxide.computer> <me@jessfraz.com>
 Jessica Frazelle <jess@oxide.computer> <princess@docker.com>
-Jim Chen <njucjc@gmail.com>
 Jim Galasyn <jim.galasyn@docker.com>
 Jiuyue Ma <majiuyue@huawei.com>
 Joey Geiger <jgeiger@gmail.com>
@ -274,8 +254,6 @@ John Howard <github@lowenna.com> <jhowardmsft@users.noreply.github.com>
 John Howard <github@lowenna.com> <John.Howard@microsoft.com>
 John Howard <github@lowenna.com> <john.howard@microsoft.com>
 John Stephens <johnstep@docker.com> <johnstep@users.noreply.github.com>
-Jonathan A. Sternberg <jonathansternberg@gmail.com>
-Jonathan A. Sternberg <jonathansternberg@gmail.com> <jonathan.sternberg@docker.com>
 Jordan Arentsen <blissdev@gmail.com>
 Jordan Jennings <jjn2009@gmail.com> <jjn2009@users.noreply.github.com>
 Jorit Kleine-Möllhoff <joppich@bricknet.de> <joppich@users.noreply.github.com>
@ -311,8 +289,7 @@ Kelton Bassingthwaite <KeltonBassingthwaite@gmail.com> <github@bassingthwaite.or
 Ken Cochrane <kencochrane@gmail.com> <KenCochrane@gmail.com>
 Ken Herner <kherner@progress.com> <chosenken@gmail.com>
 Kenfe-Mickaël Laventure <mickael.laventure@gmail.com>
-Kevin Alvarez <github@crazymax.dev>
-Kevin Alvarez <github@crazymax.dev> <crazy-max@users.noreply.github.com>
+Kevin Alvarez <crazy-max@users.noreply.github.com>
 Kevin Feyrer <kevin.feyrer@btinternet.com> <kevinfeyrer@users.noreply.github.com>
 Kevin Kern <kaiwentan@harmonycloud.cn>
 Kevin Meredith <kevin.m.meredith@gmail.com>
@ -329,7 +306,6 @@ Kyle Mitofsky <Kylemit@gmail.com>
 Lajos Papp <lajos.papp@sequenceiq.com> <lalyos@yahoo.com>
 Lei Jitang <leijitang@huawei.com>
 Lei Jitang <leijitang@huawei.com> <leijitang@gmail.com>
-Li Fu Bang <lifubang@acmcoder.com>
 Liang Mingqiang <mqliang.zju@gmail.com>
 Liang-Chi Hsieh <viirya@gmail.com>
 Liao Qingwei <liaoqingwei@huawei.com>
@ -354,7 +330,6 @@ Mansi Nahar <mmn4185@rit.edu> <mansi.nahar@macbookpro-mansinahar.local>
 Mansi Nahar <mmn4185@rit.edu> <mansinahar@users.noreply.github.com>
 Marc Abramowitz <marc@marc-abramowitz.com> <msabramo@gmail.com>
 Marcelo Horacio Fortino <info@fortinux.com> <fortinux@users.noreply.github.com>
-Marco Spiess <marco.spiess@hotmail.de>
 Marcus Linke <marcus.linke@gmx.de>
 Marianna Tessel <mtesselh@gmail.com>
 Marius Ileana <marius.ileana@gmail.com>
@ -424,9 +399,6 @@ Paul Liljenberg <liljenberg.paul@gmail.com> <letters@paulnotcom.se>
 Pavel Tikhomirov <ptikhomirov@virtuozzo.com> <ptikhomirov@parallels.com>
 Pawel Konczalski <mail@konczalski.de>
 Paweł Pokrywka <pepawel@users.noreply.github.com>
-Per Lundberg <perlun@gmail.com>
-Per Lundberg <perlun@gmail.com> <per.lundberg@ecraft.com>
-Per Lundberg <perlun@gmail.com> <per.lundberg@hibox.tv>
 Peter Choi <phkchoi89@gmail.com> <reikani@Peters-MacBook-Pro.local>
 Peter Dave Hello <hsu@peterdavehello.org> <PeterDaveHello@users.noreply.github.com>
 Peter Hsu <shhsu@microsoft.com>
@ -442,8 +414,6 @@ Qiang Huang <h.huangqiang@huawei.com>
 Qiang Huang <h.huangqiang@huawei.com> <qhuang@10.0.2.15>
 Ray Tsang <rayt@google.com> <saturnism@users.noreply.github.com>
 Renaud Gaubert <rgaubert@nvidia.com> <renaud.gaubert@gmail.com>
-Rob Murray <rob.murray@docker.com>
-Rob Murray <rob.murray@docker.com> <148866618+robmry@users.noreply.github.com>
 Robert Terhaar <rterhaar@atlanticdynamic.com> <robbyt@users.noreply.github.com>
 Roberto G. Hashioka <roberto.hashioka@docker.com> <roberto_hashioka@hotmail.com>
 Roberto Muñoz Fernández <robertomf@gmail.com> <roberto.munoz.fernandez.contractor@bbva.com>
@ -451,7 +421,6 @@ Roch Feuillade <roch.feuillade@pandobac.com>
 Roch Feuillade <roch.feuillade@pandobac.com> <46478807+rochfeu@users.noreply.github.com>
 Roman Dudin <katrmr@gmail.com> <decadent@users.noreply.github.com>
 Ross Boucher <rboucher@gmail.com>
-Rui JingAn <quiterace@gmail.com>
 Runshen Zhu <runshen.zhu@gmail.com>
 Ryan Stelly <ryan.stelly@live.com>
 Sakeven Jiang <jc5930@sina.cn>
@ -460,7 +429,6 @@ Sandeep Bansal <sabansal@microsoft.com>
 Sandeep Bansal <sabansal@microsoft.com> <msabansal@microsoft.com>
 Sandro Jäckel <sandro.jaeckel@gmail.com>
 Sargun Dhillon <sargun@netflix.com> <sargun@sargun.me>
-Saurabh Kumar <saurabhkumar0184@gmail.com>
 Sean Lee <seanlee@tw.ibm.com> <scaleoutsean@users.noreply.github.com>
 Sebastiaan van Stijn <github@gone.nl> <sebastiaan@ws-key-sebas3.dpi1.dpi>
 Sebastiaan van Stijn <github@gone.nl> <thaJeztah@users.noreply.github.com>
@ -532,8 +500,6 @@ Tim Bart <tim@fewagainstmany.com>
 Tim Bosse <taim@bosboot.org> <maztaim@users.noreply.github.com>
 Tim Ruffles <oi@truffles.me.uk> <timruffles@googlemail.com>
 Tim Terhorst <mynamewastaken+git@gmail.com>
-Tim Welsh <timothy.welsh@docker.com>
-Tim Welsh <timothy.welsh@docker.com> <84401379+twelsh-aw@users.noreply.github.com>
 Tim Zju <21651152@zju.edu.cn>
 Timothy Hobbs <timothyhobbs@seznam.cz>
 Toli Kuznets <toli@docker.com>
--- a/66
+++ b/66
@ -2,7 +2,6 @@
 # This file lists all contributors to the repository.
 # See scripts/docs/generate-authors.sh to make modifications.

-A. Lester Buck III <github-reg@nbolt.com>
 Aanand Prasad <aanand.prasad@gmail.com>
 Aaron L. Xu <liker.xu@foxmail.com>
 Aaron Lehmann <alehmann@netflix.com>
@ -17,7 +16,6 @@ Adolfo Ochagavía <aochagavia92@gmail.com>
 Adrian Plata <adrian.plata@docker.com>
 Adrien Duermael <adrien@duermael.com>
 Adrien Folie <folie.adrien@gmail.com>
-Adyanth Hosavalike <ahosavalike@ucsd.edu>
 Ahmet Alp Balkan <ahmetb@microsoft.com>
 Aidan Feldman <aidan.feldman@gmail.com>
 Aidan Hobson Sayers <aidanhs@cantab.net>
@ -26,10 +24,9 @@ Akhil Mohan <akhil.mohan@mayadata.io>
 Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 Akim Demaille <akim.demaille@docker.com>
 Alan Thompson <cloojure@gmail.com>
-Alano Terblanche <alano.terblanche@docker.com>
 Albert Callarisa <shark234@gmail.com>
 Alberto Roura <mail@albertoroura.com>
-Albin Kerouanton <albinker@gmail.com>
+Albin Kerouanton <albin@akerouanton.name>
 Aleksa Sarai <asarai@suse.de>
 Aleksander Piotrowski <apiotrowski312@gmail.com>
 Alessandro Boch <aboch@tetrationanalytics.com>
@ -37,7 +34,6 @@ Alex Couture-Beil <alex@earthly.dev>
 Alex Mavrogiannis <alex.mavrogiannis@docker.com>
 Alex Mayer <amayer5125@gmail.com>
 Alexander Boyd <alex@opengroove.org>
-Alexander Chneerov <achneerov@gmail.com>
 Alexander Larsson <alexl@redhat.com>
 Alexander Morozov <lk4d4math@gmail.com>
 Alexander Ryabov <i@sepa.spb.ru>
@ -45,7 +41,6 @@ Alexandre González <agonzalezro@gmail.com>
 Alexey Igrychev <alexey.igrychev@flant.com>
 Alexis Couvreur <alexiscouvreur.pro@gmail.com>
 Alfred Landrum <alfred.landrum@docker.com>
-Ali Rostami <rostami.ali@gmail.com>
 Alicia Lauerman <alicia@eta.im>
 Allen Sun <allensun.shl@alibaba-inc.com>
 Alvin Deng <alvin.q.deng@utexas.edu>
@ -66,7 +61,6 @@ Andrew Hsu <andrewhsu@docker.com>
 Andrew Macpherson <hopscotch23@gmail.com>
 Andrew McDonnell <bugs@andrewmcdonnell.net>
 Andrew Po <absourd.noise@gmail.com>
-Andrew-Zipperer <atzipperer@gmail.com>
 Andrey Petrov <andrey.petrov@shazow.net>
 Andrii Berehuliak <berkusandrew@gmail.com>
 André Martins <aanm90@gmail.com>
@ -85,9 +79,7 @@ Arko Dasgupta <arko@tetrate.io>
 Arnaud Porterie <icecrime@gmail.com>
 Arnaud Rebillout <elboulangero@gmail.com>
 Arthur Peka <arthur.peka@outlook.com>
-Ashly Mathew <ashly.mathew@sap.com>
 Ashwini Oruganti <ashwini.oruganti@gmail.com>
-Aslam Ahemad <aslamahemad@gmail.com>
 Azat Khuyiyakhmetov <shadow_uz@mail.ru>
 Bardia Keyoumarsi <bkeyouma@ucsc.edu>
 Barnaby Gray <barnaby@pickle.me.uk>
@ -106,9 +98,7 @@ Bill Wang <ozbillwang@gmail.com>
 Bin Liu <liubin0329@gmail.com>
 Bingshen Wang <bingshen.wbs@alibaba-inc.com>
 Bishal Das <bishalhnj127@gmail.com>
-Bjorn Neergaard <bjorn.neergaard@docker.com>
 Boaz Shuster <ripcurld.github@gmail.com>
-Boban Acimovic <boban.acimovic@gmail.com>
 Bogdan Anton <contact@bogdananton.ro>
 Boris Pruessmann <boris@pruessmann.org>
 Brad Baker <brad@brad.fi>
@ -119,20 +109,17 @@ Brent Salisbury <brent.salisbury@docker.com>
 Bret Fisher <bret@bretfisher.com>
 Brian (bex) Exelbierd <bexelbie@redhat.com>
 Brian Goff <cpuguy83@gmail.com>
-Brian Tracy <brian.tracy33@gmail.com>
 Brian Wieder <brian@4wieders.com>
 Bruno Sousa <bruno.sousa@docker.com>
 Bryan Bess <squarejaw@bsbess.com>
 Bryan Boreham <bjboreham@gmail.com>
 Bryan Murphy <bmurphy1976@gmail.com>
 bryfry <bryon.fryer@gmail.com>
-Calvin Liu <flycalvin@qq.com>
 Cameron Spear <cameronspear@gmail.com>
 Cao Weiwei <cao.weiwei30@zte.com.cn>
 Carlo Mion <mion00@gmail.com>
 Carlos Alexandro Becker <caarlos0@gmail.com>
 Carlos de Paula <me@carlosedp.com>
-Casey Korver <casey@korver.dev>
 Ce Gao <ce.gao@outlook.com>
 Cedric Davies <cedricda@microsoft.com>
 Cezar Sa Espinola <cezarsa@gmail.com>
@ -149,7 +136,6 @@ Chen Chuanliang <chen.chuanliang@zte.com.cn>
 Chen Hanxiao <chenhanxiao@cn.fujitsu.com>
 Chen Mingjie <chenmingjie0828@163.com>
 Chen Qiu <cheney-90@hotmail.com>
-Chris Chinchilla <chris@chrischinchilla.com>
 Chris Couzens <ccouzens@gmail.com>
 Chris Gavin <chris@chrisgavin.me>
 Chris Gibson <chris@chrisg.io>
@ -164,8 +150,6 @@ Christophe Vidal <kriss@krizalys.com>
 Christopher Biscardi <biscarch@sketcht.com>
 Christopher Crone <christopher.crone@docker.com>
 Christopher Jones <tophj@linux.vnet.ibm.com>
-Christopher Petito <47751006+krissetto@users.noreply.github.com>
-Christopher Petito <chrisjpetito@gmail.com>
 Christopher Svensson <stoffus@stoffus.com>
 Christy Norman <christy@linux.vnet.ibm.com>
 Chun Chen <ramichen@tencent.com>
@ -179,8 +163,6 @@ Conner Crosby <conner@cavcrosby.tech>
 Corey Farrell <git@cfware.com>
 Corey Quon <corey.quon@docker.com>
 Cory Bennet <cbennett@netflix.com>
-Cory Snider <csnider@mirantis.com>
-Craig Osterhout <craig.osterhout@docker.com>
 Craig Wilhite <crwilhit@microsoft.com>
 Cristian Staretu <cristian.staretu@gmail.com>
 Daehyeok Mun <daehyeok@gmail.com>
@ -189,7 +171,6 @@ Daisuke Ito <itodaisuke00@gmail.com>
 dalanlan <dalanlan925@gmail.com>
 Damien Nadé <github@livna.org>
 Dan Cotora <dan@bluevision.ro>
-Danial Gharib <danial.mail.gh@gmail.com>
 Daniel Artine <daniel.artine@ufrj.br>
 Daniel Cassidy <mail@danielcassidy.me.uk>
 Daniel Dao <dqminh@cloudflare.com>
@ -218,7 +199,6 @@ David Cramer <davcrame@cisco.com>
 David Dooling <dooling@gmail.com>
 David Gageot <david@gageot.net>
 David Karlsson <david.karlsson@docker.com>
-David le Blanc <systemmonkey42@users.noreply.github.com>
 David Lechner <david@lechnology.com>
 David Scott <dave@recoil.org>
 David Sheets <dsheets@docker.com>
@ -230,7 +210,6 @@ Denis Defreyne <denis@soundcloud.com>
 Denis Gladkikh <denis@gladkikh.email>
 Denis Ollier <larchunix@users.noreply.github.com>
 Dennis Docter <dennis@d23.nl>
-dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 Derek McGowan <derek@mcg.dev>
 Des Preston <despreston@gmail.com>
 Deshi Xiao <dxiao@redhat.com>
@ -253,13 +232,11 @@ DongGeon Lee <secmatth1996@gmail.com>
 Doug Davis <dug@us.ibm.com>
 Drew Erny <derny@mirantis.com>
 Ed Costello <epc@epcostello.com>
-Ed Morley <501702+edmorley@users.noreply.github.com>
 Elango Sivanandam <elango.siva@docker.com>
 Eli Uriegas <eli.uriegas@docker.com>
 Eli Uriegas <seemethere101@gmail.com>
 Elias Faxö <elias.faxo@tre.se>
 Elliot Luo <956941328@qq.com>
-Eric Bode <eric.bode@foundries.io>
 Eric Curtin <ericcurtin17@gmail.com>
 Eric Engestrom <eric@engestrom.ch>
 Eric G. Noriega <enoriega@vizuri.com>
@ -277,7 +254,6 @@ Eugene Yakubovich <eugene.yakubovich@coreos.com>
 Evan Allrich <evan@unguku.com>
 Evan Hazlett <ejhazlett@gmail.com>
 Evan Krall <krall@yelp.com>
-Evan Lezar <elezar@nvidia.com>
 Evelyn Xu <evelynhsu21@gmail.com>
 Everett Toews <everett.toews@rackspace.com>
 Fabio Falci <fabiofalci@gmail.com>
@ -299,13 +275,11 @@ Frederik Nordahl Jul Sabroe <frederikns@gmail.com>
 Frieder Bluemle <frieder.bluemle@gmail.com>
 Gabriel Gore <gabgore@cisco.com>
 Gabriel Nicolas Avellaneda <avellaneda.gabriel@gmail.com>
-Gabriela Georgieva <gabriela.georgieva@docker.com>
 Gaetan de Villele <gdevillele@gmail.com>
 Gang Qiao <qiaohai8866@gmail.com>
 Gary Schaetz <gary@schaetzkc.com>
 Genki Takiuchi <genki@s21g.com>
 George MacRorie <gmacr31@gmail.com>
-George Margaritis <gmargaritis@protonmail.com>
 George Xie <georgexsh@gmail.com>
 Gianluca Borello <g.borello@gmail.com>
 Gildas Cuisinier <gildas.cuisinier@gcuisinier.net>
@ -314,8 +288,6 @@ Gleb Stsenov <gleb.stsenov@gmail.com>
 Goksu Toprak <goksu.toprak@docker.com>
 Gou Rao <gou@portworx.com>
 Govind Rai <raigovind93@gmail.com>
-Grace Choi <grace.54109@gmail.com>
-Graeme Wiebe <graeme.wiebe@gmail.com>
 Grant Reaber <grant.reaber@gmail.com>
 Greg Pflaum <gpflaum@users.noreply.github.com>
 Gsealy <jiaojingwei1001@hotmail.com>
@ -339,7 +311,6 @@ Hernan Garcia <hernandanielg@gmail.com>
 Hongbin Lu <hongbin034@gmail.com>
 Hu Keping <hukeping@huawei.com>
 Huayi Zhang <irachex@gmail.com>
-Hugo Chastel <Hugo-C@users.noreply.github.com>
 Hugo Gabriel Eyherabide <hugogabriel.eyherabide@gmail.com>
 huqun <huqun@zju.edu.cn>
 Huu Nguyen <huu@prismskylabs.com>
@ -358,12 +329,9 @@ Ivan Grund <ivan.grund@gmail.com>
 Ivan Markin <sw@nogoegst.net>
 Jacob Atzen <jacob@jacobatzen.dk>
 Jacob Tomlinson <jacob@tom.linson.uk>
-Jacopo Rigoli <rigoli.jacopo@gmail.com>
 Jaivish Kothari <janonymous.codevulture@gmail.com>
 Jake Lambert <jake.lambert@volusion.com>
 Jake Sanders <jsand@google.com>
-Jake Stokes <contactjake@developerjake.com>
-Jakub Panek <me@panekj.dev>
 James Nesbitt <james.nesbitt@wunderkraut.com>
 James Turnbull <james@lovedthanlost.net>
 Jamie Hannaford <jamie@limetree.org>
@ -395,7 +363,6 @@ Jezeniel Zapanta <jpzapanta22@gmail.com>
 Jian Zhang <zhangjian.fnst@cn.fujitsu.com>
 Jie Luo <luo612@zju.edu.cn>
 Jilles Oldenbeuving <ojilles@gmail.com>
-Jim Chen <njucjc@gmail.com>
 Jim Galasyn <jim.galasyn@docker.com>
 Jim Lin <b04705003@ntu.edu.tw>
 Jimmy Leger <jimmy.leger@gmail.com>
@ -426,7 +393,6 @@ John Willis <john.willis@docker.com>
 Jon Johnson <jonjohnson@google.com>
 Jon Zeolla <zeolla@gmail.com>
 Jonatas Baldin <jonatas.baldin@gmail.com>
-Jonathan A. Sternberg <jonathansternberg@gmail.com>
 Jonathan Boulle <jonathanboulle@gmail.com>
 Jonathan Lee <jonjohn1232009@gmail.com>
 Jonathan Lomas <jonathan@floatinglomas.ca>
@ -442,12 +408,10 @@ Josh Chorlton <jchorlton@gmail.com>
 Josh Hawn <josh.hawn@docker.com>
 Josh Horwitz <horwitz@addthis.com>
 Josh Soref <jsoref@gmail.com>
-Julian <gitea+julian@ic.thejulian.uk>
 Julien Barbier <write0@gmail.com>
 Julien Kassar <github@kassisol.com>
 Julien Maitrehenry <julien.maitrehenry@me.com>
 Justas Brazauskas <brazauskasjustas@gmail.com>
-Justin Chadwell <me@jedevc.com>
 Justin Cormack <justin.cormack@docker.com>
 Justin Simonelis <justin.p.simonelis@gmail.com>
 Justyn Temme <justyntemme@gmail.com>
@ -470,7 +434,7 @@ Kelton Bassingthwaite <KeltonBassingthwaite@gmail.com>
 Ken Cochrane <kencochrane@gmail.com>
 Ken ICHIKAWA <ichikawa.ken@jp.fujitsu.com>
 Kenfe-Mickaël Laventure <mickael.laventure@gmail.com>
-Kevin Alvarez <github@crazymax.dev>
+Kevin Alvarez <crazy-max@users.noreply.github.com>
 Kevin Burke <kev@inburke.com>
 Kevin Feyrer <kevin.feyrer@btinternet.com>
 Kevin Kern <kaiwentan@harmonycloud.cn>
@ -481,7 +445,6 @@ Kevin Woblick <mail@kovah.de>
 khaled souf <khaled.souf@gmail.com>
 Kim Eik <kim@heldig.org>
 Kir Kolyshkin <kolyshkin@gmail.com>
-Kirill A. Korinsky <kirill@korins.ky>
 Kotaro Yoshimatsu <kotaro.yoshimatsu@gmail.com>
 Krasi Georgiev <krasi@vip-consult.solutions>
 Kris-Mikael Krister <krismikael@protonmail.com>
@ -491,7 +454,6 @@ Kyle Mitofsky <Kylemit@gmail.com>
 Lachlan Cooper <lachlancooper@gmail.com>
 Lai Jiangshan <jiangshanlai@gmail.com>
 Lars Kellogg-Stedman <lars@redhat.com>
-Laura Brehm <laurabrehm@hey.com>
 Laura Frank <ljfrank@gmail.com>
 Laurent Erignoux <lerignoux@gmail.com>
 Lee Gaines <eightlimbed@gmail.com>
@ -500,10 +462,10 @@ Lennie <github@consolejunkie.net>
 Leo Gallucci <elgalu3@gmail.com>
 Leonid Skorospelov <leosko94@gmail.com>
 Lewis Daly <lewisdaly@me.com>
-Li Fu Bang <lifubang@acmcoder.com>
 Li Yi <denverdino@gmail.com>
 Li Yi <weiyuan.yl@alibaba-inc.com>
 Liang-Chi Hsieh <viirya@gmail.com>
+Lifubang <lifubang@acmcoder.com>
 Lihua Tang <lhtang@alauda.io>
 Lily Guo <lily.guo@docker.com>
 Lin Lu <doraalin@163.com>
@ -518,7 +480,6 @@ Louis Opter <kalessin@kalessin.fr>
 Luca Favatella <luca.favatella@erlang-solutions.com>
 Luca Marturana <lucamarturana@gmail.com>
 Lucas Chan <lucas-github@lucaschan.com>
-Luis Henrique Mulinari <luis.mulinari@gmail.com>
 Luka Hartwig <mail@lukahartwig.de>
 Lukas Heeren <lukas-heeren@hotmail.com>
 Lukasz Zajaczkowski <Lukasz.Zajaczkowski@ts.fujitsu.com>
@ -537,12 +498,10 @@ mapk0y <mapk0y@gmail.com>
 Marc Bihlmaier <marc.bihlmaier@reddoxx.com>
 Marc Cornellà <hello@mcornella.com>
 Marco Mariani <marco.mariani@alterway.fr>
-Marco Spiess <marco.spiess@hotmail.de>
 Marco Vedovati <mvedovati@suse.com>
 Marcus Martins <marcus@docker.com>
 Marianna Tessel <mtesselh@gmail.com>
 Marius Ileana <marius.ileana@gmail.com>
-Marius Meschter <marius@meschter.me>
 Marius Sturm <marius@graylog.com>
 Mark Oates <fl0yd@me.com>
 Marsh Macy <marsma@microsoft.com>
@ -551,7 +510,6 @@ Mary Anthony <mary.anthony@docker.com>
 Mason Fish <mason.fish@docker.com>
 Mason Malone <mason.malone@gmail.com>
 Mateusz Major <apkd@users.noreply.github.com>
-Mathias Duedahl <64321057+Lussebullen@users.noreply.github.com>
 Mathieu Champlon <mathieu.champlon@docker.com>
 Mathieu Rollet <matletix@gmail.com>
 Matt Gucci <matt9ucci@gmail.com>
@ -561,11 +519,9 @@ Matthew Heon <mheon@redhat.com>
 Matthieu Hauglustaine <matt.hauglustaine@gmail.com>
 Mauro Porras P <mauroporrasp@gmail.com>
 Max Shytikov <mshytikov@gmail.com>
-Max-Julian Pogner <max-julian@pogner.at>
 Maxime Petazzoni <max@signalfuse.com>
 Maximillian Fan Xavier <maximillianfx@gmail.com>
 Mei ChunTao <mei.chuntao@zte.com.cn>
-Melroy van den Berg <melroy@melroy.org>
 Metal <2466052+tedhexaflow@users.noreply.github.com>
 Micah Zoltu <micah@newrelic.com>
 Michael A. Smith <michael@smith-li.com>
@ -625,7 +581,6 @@ Nathan McCauley <nathan.mccauley@docker.com>
 Neil Peterson <neilpeterson@outlook.com>
 Nick Adcock <nick.adcock@docker.com>
 Nick Santos <nick.santos@docker.com>
-Nick Sieger <nick@nicksieger.com>
 Nico Stapelbroek <nstapelbroek@gmail.com>
 Nicola Kabar <nicolaka@gmail.com>
 Nicolas Borboën <ponsfrilus@gmail.com>
@ -638,7 +593,6 @@ Nishant Totla <nishanttotla@gmail.com>
 NIWA Hideyuki <niwa.niwa@nifty.ne.jp>
 Noah Treuhaft <noah.treuhaft@docker.com>
 O.S. Tezer <ostezer@gmail.com>
-Oded Arbel <oded@geek.co.il>
 Odin Ugedal <odin@ugedal.com>
 ohmystack <jun.jiang02@ele.me>
 OKA Naoya <git@okanaoya.com>
@ -650,21 +604,19 @@ Otto Kekäläinen <otto@seravo.fi>
 Ovidio Mallo <ovidio.mallo@gmail.com>
 Pascal Borreli <pascal@borreli.com>
 Patrick Böänziger <patrick.baenziger@bsi-software.com>
-Patrick Daigle <114765035+pdaig@users.noreply.github.com>
 Patrick Hemmer <patrick.hemmer@gmail.com>
 Patrick Lang <plang@microsoft.com>
 Paul <paul9869@gmail.com>
 Paul Kehrer <paul.l.kehrer@gmail.com>
 Paul Lietar <paul@lietar.net>
 Paul Mulders <justinkb@gmail.com>
-Paul Seyfert <pseyfert.mathphys@gmail.com>
 Paul Weaver <pauweave@cisco.com>
 Pavel Pospisil <pospispa@gmail.com>
 Paweł Gronowski <pawel.gronowski@docker.com>
 Paweł Pokrywka <pepawel@users.noreply.github.com>
 Paweł Szczekutowicz <pszczekutowicz@gmail.com>
 Peeyush Gupta <gpeeyush@linux.vnet.ibm.com>
-Per Lundberg <perlun@gmail.com>
+Per Lundberg <per.lundberg@ecraft.com>
 Peter Dave Hello <hsu@peterdavehello.org>
 Peter Edge <peter.edge@gmail.com>
 Peter Hsu <shhsu@microsoft.com>
@ -687,7 +639,6 @@ Preston Cowley <preston.cowley@sony.com>
 Pure White <daniel48@126.com>
 Qiang Huang <h.huangqiang@huawei.com>
 Qinglan Peng <qinglanpeng@zju.edu.cn>
-QQ喵 <gqqnb2005@gmail.com>
 qudongfang <qudongfang@gmail.com>
 Raghavendra K T <raghavendra.kt@linux.vnet.ibm.com>
 Rahul Kadyan <hi@znck.me>
@ -706,7 +657,6 @@ Rick Wieman <git@rickw.nl>
 Ritesh H Shukla <sritesh@vmware.com>
 Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 Rob Gulewich <rgulewich@netflix.com>
-Rob Murray <rob.murray@docker.com>
 Robert Wallis <smilingrob@gmail.com>
 Robin Naundorf <r.naundorf@fh-muenster.de>
 Robin Speekenbrink <robin@kingsquare.nl>
@ -720,7 +670,6 @@ Rory Hunter <roryhunter2@gmail.com>
 Ross Boucher <rboucher@gmail.com>
 Rubens Figueiredo <r.figueiredo.52@gmail.com>
 Rui Cao <ruicao@alauda.io>
-Rui JingAn <quiterace@gmail.com>
 Ryan Belgrave <rmb1993@gmail.com>
 Ryan Detzel <ryan.detzel@gmail.com>
 Ryan Stelly <ryan.stelly@live.com>
@ -740,7 +689,6 @@ Sandro Jäckel <sandro.jaeckel@gmail.com>
 Santhosh Manohar <santhosh@docker.com>
 Sargun Dhillon <sargun@netflix.com>
 Saswat Bhattacharya <sas.saswat@gmail.com>
-Saurabh Kumar <saurabhkumar0184@gmail.com>
 Scott Brenner <scott@scottbrenner.me>
 Scott Collier <emailscottcollier@gmail.com>
 Sean Christopherson <sean.j.christopherson@intel.com>
@ -814,7 +762,6 @@ Tim Hockin <thockin@google.com>
 Tim Sampson <tim@sampson.fi>
 Tim Smith <timbot@google.com>
 Tim Waugh <twaugh@redhat.com>
-Tim Welsh <timothy.welsh@docker.com>
 Tim Wraight <tim.wraight@tangentlabs.co.uk>
 timfeirg <kkcocogogo@gmail.com>
 Timothy Hobbs <timothyhobbs@seznam.cz>
@ -841,7 +788,6 @@ uhayate <uhayate.gong@daocloud.io>
 Ulrich Bareth <ulrich.bareth@gmail.com>
 Ulysses Souza <ulysses.souza@docker.com>
 Umesh Yadav <umesh4257@gmail.com>
-Vaclav Struhar <struharv@gmail.com>
 Valentin Lorentz <progval+git@progval.net>
 Vardan Pogosian <vardan.pogosyan@gmail.com>
 Venkateswara Reddy Bukkasamudram <bukkasamudram@outlook.com>
@ -849,7 +795,6 @@ Veres Lajos <vlajos@gmail.com>
 Victor Vieux <victor.vieux@docker.com>
 Victoria Bialas <victoria.bialas@docker.com>
 Viktor Stanchev <me@viktorstanchev.com>
-Ville Skyttä <ville.skytta@iki.fi>
 Vimal Raghubir <vraghubir0418@gmail.com>
 Vincent Batts <vbatts@redhat.com>
 Vincent Bernat <Vincent.Bernat@exoscale.ch>
@ -886,7 +831,6 @@ Yong Tang <yong.tang.github@outlook.com>
 Yosef Fertel <yfertel@gmail.com>
 Yu Peng <yu.peng36@zte.com.cn>
 Yuan Sun <sunyuan3@huawei.com>
-Yucheng Wu <wyc123wyc@gmail.com>
 Yue Zhang <zy675793960@yeah.net>
 Yunxiang Huang <hyxqshk@vip.qq.com>
 Zachary Romero <zacromero3@gmail.com>
@ -898,11 +842,9 @@ Zhang Wei <zhangwei555@huawei.com>
 Zhang Wentao <zhangwentao234@huawei.com>
 ZhangHang <stevezhang2014@gmail.com>
 zhenghenghuo <zhenghenghuo@zju.edu.cn>
-Zhiwei Liang <zliang@akamai.com>
 Zhou Hao <zhouhao@cn.fujitsu.com>
 Zhoulin Xie <zhoulin.xie@daocloud.io>
 Zhu Guihua <zhugh.fnst@cn.fujitsu.com>
-Zhuo Zhi <h.dwwwwww@gmail.com>
 Álex González <agonzalezro@gmail.com>
 Álvaro Lázaro <alvaro.lazaro.g@gmail.com>
 Átila Camurça Alves <camurca.home@gmail.com>
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@ -1,5 +1,9 @@
 # Contributing to Docker

+Want to hack on Docker? Awesome!  We have a contributor's guide that explains
+[setting up a Docker development environment and the contribution
+process](https://docs.docker.com/opensource/project/who-written-for/). 
+
 This page contains information about reporting issues as well as some tips and
 guidelines useful to experienced open source contributors. Finally, make sure
 you read our [community guidelines](#docker-community-guidelines) before you
@ -16,9 +20,9 @@ start participating.
 ## Reporting security issues

 The Docker maintainers take security seriously. If you discover a security
-issue, bring it to their attention right away!
+issue, please bring it to their attention right away!

-**DO NOT** file a public issue, instead send your report privately to
+Please **DO NOT** file a public issue, instead send your report privately to
 [security@docker.com](mailto:security@docker.com).

 Security reports are greatly appreciated and we will publicly thank you for it.
@ -39,7 +43,7 @@ If you find a match, you can use the "subscribe" button to get notified on
 updates. Do *not* leave random "+1" or "I have this too" comments, as they
 only clutter the discussion, and don't help resolving it. However, if you
 have ways to reproduce the issue or have additional information that may help
-resolving the issue, leave a comment.
+resolving the issue, please leave a comment.

 When reporting issues, always include:

@ -84,7 +88,7 @@ use for simple changes](https://docs.docker.com/opensource/workflow/make-a-contr
  <tr>
    <td>Community Slack</td>
    <td>
-      The Docker Community has a dedicated Slack chat to discuss features and issues.  You can sign-up <a href="https://dockr.ly/comm-slack" target="_blank">with this link</a>.
+      The Docker Community has a dedicated Slack chat to discuss features and issues.  You can sign-up <a href="https://dockr.ly/slack" target="_blank">with this link</a>.
    </td>
  </tr>
  <tr>
@ -166,10 +170,10 @@ Include an issue reference like `Closes #XXXX` or `Fixes #XXXX` in the pull requ
 description that close an issue. Including references automatically closes the issue
 on a merge.

-Do not add yourself to the `AUTHORS` file, as it is regenerated regularly
+Please do not add yourself to the `AUTHORS` file, as it is regenerated regularly
 from the Git history.

-See the [Coding Style](#coding-style) for further guidelines.
+Please see the [Coding Style](#coding-style) for further guidelines.

 ### Merge approval

@ -188,7 +192,7 @@ For more details, see the [MAINTAINERS](MAINTAINERS) page.
 The sign-off is a simple line at the end of the explanation for the patch. Your
 signature certifies that you wrote the patch or otherwise have the right to pass
 it on as an open-source patch. The rules are pretty simple: if you can certify
-the below (from [developercertificate.org](https://developercertificate.org):
+the below (from [developercertificate.org](http://developercertificate.org/)):

 ```
 Developer Certificate of Origin
@ -269,8 +273,8 @@ guidelines for the community as a whole:

 * Stay on topic: Make sure that you are posting to the correct channel and
  avoid off-topic discussions. Remember when you update an issue or respond
-  to an email you are potentially sending to a large number of people. Consider
-  this before you update. Also remember that nobody likes spam.
+  to an email you are potentially sending to a large number of people. Please
+  consider this before you update. Also remember that nobody likes spam.

 * Don't send email to the maintainers: There's no need to send email to the
  maintainers to ask them to investigate an issue or to take a look at a
@ -332,8 +336,9 @@ The rules:
 1. All code should be formatted with `gofumpt` (preferred) or `gofmt -s`.
 2. All code should pass the default levels of
   [`golint`](https://github.com/golang/lint).
-3. All code should follow the guidelines covered in [Effective Go](https://go.dev/doc/effective_go)
-   and [Go Code Review Comments](https://github.com/golang/go/wiki/CodeReviewComments).
+3. All code should follow the guidelines covered in [Effective
+   Go](http://golang.org/doc/effective_go.html) and [Go Code Review
+   Comments](https://github.com/golang/go/wiki/CodeReviewComments).
 4. Comment the code. Tell us the why, the history and the context.
 5. Document _all_ declarations and methods, even private ones. Declare
   expectations, caveats and anything else that may be important. If a type
@ -355,6 +360,6 @@ The rules:
    guidelines. Since you've read all the rules, you now know that.

 If you are having trouble getting into the mood of idiomatic Go, we recommend
-reading through [Effective Go](https://go.dev/doc/effective_go). The
-[Go Blog](https://go.dev/blog/) is also a great resource. Drinking the
+reading through [Effective Go](https://golang.org/doc/effective_go.html). The
+[Go Blog](https://blog.golang.org) is also a great resource. Drinking the
 kool-aid is a lot easier than going thirsty.
--- a/82
+++ b/82
@ -1,21 +1,17 @@
 # syntax=docker/dockerfile:1

 ARG BASE_VARIANT=alpine
-ARG ALPINE_VERSION=3.20
-ARG BASE_DEBIAN_DISTRO=bookworm
-
-ARG GO_VERSION=1.21.11
-ARG XX_VERSION=1.4.0
+ARG GO_VERSION=1.20.10
+ARG ALPINE_VERSION=3.17
+ARG XX_VERSION=1.1.1
 ARG GOVERSIONINFO_VERSION=v1.3.0
 ARG GOTESTSUM_VERSION=v1.10.0
-ARG BUILDX_VERSION=0.15.1
-ARG COMPOSE_VERSION=v2.28.0
+ARG BUILDX_VERSION=0.11.2

 FROM --platform=$BUILDPLATFORM tonistiigi/xx:${XX_VERSION} AS xx

 FROM --platform=$BUILDPLATFORM golang:${GO_VERSION}-alpine${ALPINE_VERSION} AS build-base-alpine
-ENV GOTOOLCHAIN=local
-COPY --link --from=xx / /
+COPY --from=xx / /
 RUN apk add --no-cache bash clang lld llvm file git
 WORKDIR /go/src/github.com/docker/cli

@ -24,27 +20,33 @@ ARG TARGETPLATFORM
 # gcc is installed for libgcc only
 RUN xx-apk add --no-cache musl-dev gcc

-FROM --platform=$BUILDPLATFORM golang:${GO_VERSION}-${BASE_DEBIAN_DISTRO} AS build-base-debian
-ENV GOTOOLCHAIN=local
-COPY --link --from=xx / /
+FROM --platform=$BUILDPLATFORM golang:${GO_VERSION}-bullseye AS build-base-bullseye
+COPY --from=xx / /
 RUN apt-get update && apt-get install --no-install-recommends -y bash clang lld llvm file
 WORKDIR /go/src/github.com/docker/cli

-FROM build-base-debian AS build-debian
+FROM build-base-bullseye AS build-bullseye
 ARG TARGETPLATFORM
-RUN xx-apt-get install --no-install-recommends -y libc6-dev libgcc-12-dev pkgconf
+RUN xx-apt-get install --no-install-recommends -y libc6-dev libgcc-10-dev
+# workaround for issue with llvm 11 for darwin/amd64 platform:
+#  # github.com/docker/cli/cmd/docker
+#  /usr/local/go/pkg/tool/linux_amd64/link: /usr/local/go/pkg/tool/linux_amd64/link: running strip failed: exit status 1
+#  llvm-strip: error: unsupported load command (cmd=0x5)
+# more info: https://github.com/docker/cli/pull/3717
+# FIXME: remove once llvm 12 available on debian
+RUN [ "$TARGETPLATFORM" != "darwin/amd64" ] || ln -sfnT /bin/true /usr/bin/llvm-strip

 FROM build-base-${BASE_VARIANT} AS goversioninfo
 ARG GOVERSIONINFO_VERSION
 RUN --mount=type=cache,target=/root/.cache/go-build \
    --mount=type=cache,target=/go/pkg/mod \
-    GOBIN=/out GO111MODULE=on CGO_ENABLED=0 go install "github.com/josephspurrier/goversioninfo/cmd/goversioninfo@${GOVERSIONINFO_VERSION}"
+    GOBIN=/out GO111MODULE=on go install "github.com/josephspurrier/goversioninfo/cmd/goversioninfo@${GOVERSIONINFO_VERSION}"

 FROM build-base-${BASE_VARIANT} AS gotestsum
 ARG GOTESTSUM_VERSION
 RUN --mount=type=cache,target=/root/.cache/go-build \
    --mount=type=cache,target=/go/pkg/mod \
-    GOBIN=/out GO111MODULE=on CGO_ENABLED=0 go install "gotest.tools/gotestsum@${GOTESTSUM_VERSION}" \
+    GOBIN=/out GO111MODULE=on go install "gotest.tools/gotestsum@${GOTESTSUM_VERSION}" \
    && /out/gotestsum --version

 FROM build-${BASE_VARIANT} AS build
@ -60,9 +62,12 @@ ARG CGO_ENABLED
 ARG VERSION
 # PACKAGER_NAME sets the company that produced the windows binary
 ARG PACKAGER_NAME
-COPY --link --from=goversioninfo /out/goversioninfo /usr/bin/goversioninfo
+COPY --from=goversioninfo /out/goversioninfo /usr/bin/goversioninfo
+# in bullseye arm64 target does not link with lld so configure it to use ld instead
+RUN [ ! -f /etc/alpine-release ] && xx-info is-cross && [ "$(xx-info arch)" = "arm64" ] && XX_CC_PREFER_LINKER=ld xx-clang --setup-target-triple || true
 RUN --mount=type=bind,target=.,ro \
    --mount=type=cache,target=/root/.cache \
+    --mount=from=dockercore/golang-cross:xx-sdk-extras,target=/xx-sdk,src=/xx-sdk \
    --mount=type=tmpfs,target=cli/winresources \
    # override the default behavior of go with xx-go
    xx-go --wrap && \
@ -71,7 +76,7 @@ RUN --mount=type=bind,target=.,ro \
    xx-verify $([ "$GO_LINKMODE" = "static" ] && echo "--static") /out/docker

 FROM build-${BASE_VARIANT} AS test
-COPY --link --from=gotestsum /out/gotestsum /usr/bin/gotestsum
+COPY --from=gotestsum /out/gotestsum /usr/bin/gotestsum
 ENV GO111MODULE=auto
 RUN --mount=type=bind,target=.,rw \
    --mount=type=cache,target=/root/.cache \
@ -88,47 +93,40 @@ ARG GO_STRIP
 ARG CGO_ENABLED
 ARG VERSION
 RUN --mount=ro --mount=type=cache,target=/root/.cache \
+    --mount=from=dockercore/golang-cross:xx-sdk-extras,target=/xx-sdk,src=/xx-sdk \
    xx-go --wrap && \
    TARGET=/out ./scripts/build/plugins e2e/cli-plugins/plugins/*

 FROM build-base-alpine AS e2e-base-alpine
-RUN apk add --no-cache build-base curl openssl openssh-client
+RUN apk add --no-cache build-base curl docker-compose openssl openssh-client

-FROM build-base-debian AS e2e-base-debian
+FROM build-base-bullseye AS e2e-base-bullseye
 RUN apt-get update && apt-get install -y build-essential curl openssl openssh-client
+ARG COMPOSE_VERSION=1.29.2
+RUN curl -fsSL https://github.com/docker/compose/releases/download/${COMPOSE_VERSION}/docker-compose-$(uname -s)-$(uname -m) -o /usr/local/bin/docker-compose && \
+    chmod +x /usr/local/bin/docker-compose

-FROM docker/buildx-bin:${BUILDX_VERSION}   AS buildx
-FROM docker/compose-bin:${COMPOSE_VERSION} AS compose
+FROM docker/buildx-bin:${BUILDX_VERSION} AS buildx

 FROM e2e-base-${BASE_VARIANT} AS e2e
 ARG NOTARY_VERSION=v0.6.1
 ADD --chmod=0755 https://github.com/theupdateframework/notary/releases/download/${NOTARY_VERSION}/notary-Linux-amd64 /usr/local/bin/notary
-COPY --link e2e/testdata/notary/root-ca.cert /usr/share/ca-certificates/notary.cert
+COPY e2e/testdata/notary/root-ca.cert /usr/share/ca-certificates/notary.cert
 RUN echo 'notary.cert' >> /etc/ca-certificates.conf && update-ca-certificates
-COPY --link --from=gotestsum /out/gotestsum /usr/bin/gotestsum
-COPY --link --from=build /out ./build/
-COPY --link --from=build-plugins /out ./build/
-COPY --link --from=buildx  /buildx         /usr/libexec/docker/cli-plugins/docker-buildx
-COPY --link --from=compose /docker-compose /usr/libexec/docker/cli-plugins/docker-compose
-COPY --link . .
+COPY --from=gotestsum /out/gotestsum /usr/bin/gotestsum
+COPY --from=build /out ./build/
+COPY --from=build-plugins /out ./build/
+COPY --from=buildx /buildx /usr/libexec/docker/cli-plugins/docker-buildx
+COPY . .
 ENV DOCKER_BUILDKIT=1
 ENV PATH=/go/src/github.com/docker/cli/build:$PATH
 CMD ./scripts/test/e2e/entry

 FROM build-base-${BASE_VARIANT} AS dev
-COPY --link . .
-
-FROM scratch AS plugins
-COPY --from=build-plugins /out .
-
-FROM scratch AS bin-image-linux
-COPY --from=build /out/docker /docker
-FROM scratch AS bin-image-darwin
-COPY --from=build /out/docker /docker
-FROM scratch AS bin-image-windows
-COPY --from=build /out/docker /docker.exe
-
-FROM bin-image-${TARGETOS} AS bin-image
+COPY . .

 FROM scratch AS binary
 COPY --from=build /out .
+
+FROM scratch AS plugins
+COPY --from=build-plugins /out .
--- a/11
+++ b/11
@ -24,6 +24,7 @@
 		people = [
 			"albers",
 			"cpuguy83",
+			"ndeloof",
 			"rumpl",
 			"silvin-lubecki",
 			"stevvooe",
@ -48,9 +49,9 @@

 		people = [
 			"bsousaa",
-			"neersighted",
 			"programmerq",
 			"sam-thibault",
+			"thajeztah",
 			"vvoland"
 		]

@ -97,10 +98,10 @@
 	Email = "dnephin@gmail.com"
 	GitHub = "dnephin"

-	[people.neersighted]
-	Name = "Bjorn Neergaard"
-	Email = "bneergaard@mirantis.com"
-	GitHub = "neersighted"
+	[people.ndeloof]
+	Name = "Nicolas De Loof"
+	Email = "nicolas.deloof@gmail.com"
+	GitHub = "ndeloof"

 	[people.programmerq]
 	Name = "Jeff Anderson"
--- a/2
+++ b/2
@ -52,7 +52,7 @@ shellcheck: ## run shellcheck validation
 .PHONY: fmt
 fmt: ## run gofumpt (if present) or gofmt
 	@if command -v gofumpt > /dev/null; then \
-		gofumpt -w -d -lang=1.21 . ; \
+		gofumpt -w -d -lang=1.19 . ; \
 	else \
 		go list -f {{.Dir}} ./... | xargs gofmt -w -s -d ; \
 	fi
--- a/2
+++ b/2
@ -14,6 +14,6 @@ United States and other governments.
 It is your responsibility to ensure that your use and/or transfer does not
 violate applicable laws.

-For more information, see https://www.bis.doc.gov
+For more information, please see https://www.bis.doc.gov

 See also https://www.apache.org/dev/crypto.html and/or seek legal counsel.
--- a/README.md
+++ b/README.md
@ -8,7 +8,8 @@

 ## About

-This repository is the home of the Docker CLI.
+This repository is the home of the cli used in the Docker CE and
+Docker EE products.

 ## Development

@ -67,7 +68,7 @@ make -f docker.Makefile shell
 ## Legal

 *Brought to you courtesy of our legal counsel. For more context,
-see the [NOTICE](https://github.com/docker/cli/blob/master/NOTICE) document in this repo.*
+please see the [NOTICE](https://github.com/docker/cli/blob/master/NOTICE) document in this repo.*

 Use and transfer of Docker may be subject to certain restrictions by the
 United States and other governments.
@ -75,7 +76,7 @@ United States and other governments.
 It is your responsibility to ensure that your use and/or transfer does not
 violate applicable laws.

-For more information, see https://www.bis.doc.gov
+For more information, please see https://www.bis.doc.gov

 ## Licensing

--- a/2
+++ b/2
@ -1 +1 @@
-27.0.1-dev
+23.0.0-dev
--- a/cli-plugins/examples/helloworld/main.go
+++ b/cli-plugins/examples/helloworld/main.go
@ -45,8 +45,8 @@ func main() {
 		}

 		var (
-			who, optContext string
-			preRun, debug   bool
+			who, context  string
+			preRun, debug bool
 		)
 		cmd := &cobra.Command{
 			Use:   "helloworld",
@ -65,7 +65,7 @@ func main() {
 					fmt.Fprintf(dockerCli.Err(), "Plugin debug mode enabled")
 				}

-				switch optContext {
+				switch context {
 				case "Christmas":
 					fmt.Fprintf(dockerCli.Out(), "Merry Christmas!\n")
 					return nil
@ -92,7 +92,7 @@ func main() {
 		// These are intended to deliberately clash with the CLIs own top
 		// level arguments.
 		flags.BoolVarP(&debug, "debug", "D", false, "Enable debug")
-		flags.StringVarP(&optContext, "context", "c", "", "Is it Christmas?")
+		flags.StringVarP(&context, "context", "c", "", "Is it Christmas?")

 		cmd.AddCommand(goodbye, apiversion, exitStatus2)
 		return cmd
--- a/cli-plugins/hooks/printer.go
+++ b/cli-plugins/hooks/printer.go
@ -1,18 +0,0 @@
-package hooks
-
-import (
-	"fmt"
-	"io"
-
-	"github.com/morikuni/aec"
-)
-
-func PrintNextSteps(out io.Writer, messages []string) {
-	if len(messages) == 0 {
-		return
-	}
-	fmt.Fprintln(out, aec.Bold.Apply("\nWhat's next:"))
-	for _, n := range messages {
-		_, _ = fmt.Fprintf(out, "    %s\n", n)
-	}
-}
--- a/cli-plugins/hooks/printer_test.go
+++ b/cli-plugins/hooks/printer_test.go
@ -1,38 +0,0 @@
-package hooks
-
-import (
-	"bytes"
-	"testing"
-
-	"github.com/morikuni/aec"
-	"gotest.tools/v3/assert"
-)
-
-func TestPrintHookMessages(t *testing.T) {
-	testCases := []struct {
-		messages       []string
-		expectedOutput string
-	}{
-		{
-			messages:       []string{},
-			expectedOutput: "",
-		},
-		{
-			messages: []string{"Bork!"},
-			expectedOutput: aec.Bold.Apply("\nWhat's next:") + "\n" +
-				"    Bork!\n",
-		},
-		{
-			messages: []string{"Foo", "bar"},
-			expectedOutput: aec.Bold.Apply("\nWhat's next:") + "\n" +
-				"    Foo\n" +
-				"    bar\n",
-		},
-	}
-
-	for _, tc := range testCases {
-		w := bytes.Buffer{}
-		PrintNextSteps(&w, tc.messages)
-		assert.Equal(t, w.String(), tc.expectedOutput)
-	}
-}
--- a/cli-plugins/hooks/template.go
+++ b/cli-plugins/hooks/template.go
@ -1,116 +0,0 @@
-package hooks
-
-import (
-	"bytes"
-	"errors"
-	"fmt"
-	"strconv"
-	"strings"
-	"text/template"
-
-	"github.com/spf13/cobra"
-)
-
-type HookType int
-
-const (
-	NextSteps = iota
-)
-
-// HookMessage represents a plugin hook response. Plugins
-// declaring support for CLI hooks need to print a json
-// representation of this type when their hook subcommand
-// is invoked.
-type HookMessage struct {
-	Type     HookType
-	Template string
-}
-
-// TemplateReplaceSubcommandName returns a hook template string
-// that will be replaced by the CLI subcommand being executed
-//
-// Example:
-//
-// "you ran the subcommand: " + TemplateReplaceSubcommandName()
-//
-// when being executed after the command:
-// `docker run --name "my-container" alpine`
-// will result in the message:
-// `you ran the subcommand: run`
-func TemplateReplaceSubcommandName() string {
-	return hookTemplateCommandName
-}
-
-// TemplateReplaceFlagValue returns a hook template string
-// that will be replaced by the flags value.
-//
-// Example:
-//
-// "you ran a container named: " + TemplateReplaceFlagValue("name")
-//
-// when being executed after the command:
-// `docker run --name "my-container" alpine`
-// will result in the message:
-// `you ran a container named: my-container`
-func TemplateReplaceFlagValue(flag string) string {
-	return fmt.Sprintf(hookTemplateFlagValue, flag)
-}
-
-// TemplateReplaceArg takes an index i and returns a hook
-// template string that the CLI will replace the template with
-// the ith argument, after processing the passed flags.
-//
-// Example:
-//
-// "run this image with `docker run " + TemplateReplaceArg(0) + "`"
-//
-// when being executed after the command:
-// `docker pull alpine`
-// will result in the message:
-// "Run this image with `docker run alpine`"
-func TemplateReplaceArg(i int) string {
-	return fmt.Sprintf(hookTemplateArg, strconv.Itoa(i))
-}
-
-func ParseTemplate(hookTemplate string, cmd *cobra.Command) ([]string, error) {
-	tmpl := template.New("").Funcs(commandFunctions)
-	tmpl, err := tmpl.Parse(hookTemplate)
-	if err != nil {
-		return nil, err
-	}
-	b := bytes.Buffer{}
-	err = tmpl.Execute(&b, cmd)
-	if err != nil {
-		return nil, err
-	}
-	return strings.Split(b.String(), "\n"), nil
-}
-
-var ErrHookTemplateParse = errors.New("failed to parse hook template")
-
-const (
-	hookTemplateCommandName = "{{.Name}}"
-	hookTemplateFlagValue   = `{{flag . "%s"}}`
-	hookTemplateArg         = "{{arg . %s}}"
-)
-
-var commandFunctions = template.FuncMap{
-	"flag": getFlagValue,
-	"arg":  getArgValue,
-}
-
-func getFlagValue(cmd *cobra.Command, flag string) (string, error) {
-	cmdFlag := cmd.Flag(flag)
-	if cmdFlag == nil {
-		return "", ErrHookTemplateParse
-	}
-	return cmdFlag.Value.String(), nil
-}
-
-func getArgValue(cmd *cobra.Command, i int) (string, error) {
-	flags := cmd.Flags()
-	if flags == nil {
-		return "", ErrHookTemplateParse
-	}
-	return flags.Arg(i), nil
-}
--- a/cli-plugins/hooks/template_test.go
+++ b/cli-plugins/hooks/template_test.go
@ -1,86 +0,0 @@
-package hooks
-
-import (
-	"testing"
-
-	"github.com/spf13/cobra"
-	"gotest.tools/v3/assert"
-)
-
-func TestParseTemplate(t *testing.T) {
-	type testFlag struct {
-		name  string
-		value string
-	}
-	testCases := []struct {
-		template       string
-		flags          []testFlag
-		args           []string
-		expectedOutput []string
-	}{
-		{
-			template:       "",
-			expectedOutput: []string{""},
-		},
-		{
-			template:       "a plain template message",
-			expectedOutput: []string{"a plain template message"},
-		},
-		{
-			template: TemplateReplaceFlagValue("tag"),
-			flags: []testFlag{
-				{
-					name:  "tag",
-					value: "my-tag",
-				},
-			},
-			expectedOutput: []string{"my-tag"},
-		},
-		{
-			template: TemplateReplaceFlagValue("test-one") + " " + TemplateReplaceFlagValue("test2"),
-			flags: []testFlag{
-				{
-					name:  "test-one",
-					value: "value",
-				},
-				{
-					name:  "test2",
-					value: "value2",
-				},
-			},
-			expectedOutput: []string{"value value2"},
-		},
-		{
-			template:       TemplateReplaceArg(0) + " " + TemplateReplaceArg(1),
-			args:           []string{"zero", "one"},
-			expectedOutput: []string{"zero one"},
-		},
-		{
-			template:       "You just pulled " + TemplateReplaceArg(0),
-			args:           []string{"alpine"},
-			expectedOutput: []string{"You just pulled alpine"},
-		},
-		{
-			template:       "one line\nanother line!",
-			expectedOutput: []string{"one line", "another line!"},
-		},
-	}
-
-	for _, tc := range testCases {
-		testCmd := &cobra.Command{
-			Use:  "pull",
-			Args: cobra.ExactArgs(len(tc.args)),
-		}
-		for _, f := range tc.flags {
-			_ = testCmd.Flags().String(f.name, "", "")
-			err := testCmd.Flag(f.name).Value.Set(f.value)
-			assert.NilError(t, err)
-		}
-		err := testCmd.Flags().Parse(tc.args)
-		assert.NilError(t, err)
-
-		out, err := ParseTemplate(tc.template, testCmd)
-		assert.NilError(t, err)
-		assert.DeepEqual(t, out, tc.expectedOutput)
-	}
-}
--- a/cli-plugins/manager/candidate.go
+++ b/cli-plugins/manager/candidate.go
@ -1,6 +1,8 @@
 package manager

-import "os/exec"
+import (
+	exec "golang.org/x/sys/execabs"
+)

 // Candidate represents a possible plugin candidate, for mocking purposes
 type Candidate interface {
--- a/cli-plugins/manager/candidate_test.go
+++ b/cli-plugins/manager/candidate_test.go
@ -75,14 +75,13 @@ func TestValidateCandidate(t *testing.T) {
 	} {
 		t.Run(tc.name, func(t *testing.T) {
 			p, err := newPlugin(tc.c, fakeroot.Commands())
-			switch {
-			case tc.err != "":
+			if tc.err != "" {
 				assert.ErrorContains(t, err, tc.err)
-			case tc.invalid != "":
+			} else if tc.invalid != "" {
 				assert.NilError(t, err)
 				assert.Assert(t, cmp.ErrorType(p.Err, reflect.TypeOf(&pluginError{})))
 				assert.ErrorContains(t, p.Err, tc.invalid)
-			default:
+			} else {
 				assert.NilError(t, err)
 				assert.Equal(t, NamePrefix+p.Name, goodPluginName)
 				assert.Equal(t, p.SchemaVersion, "0.1.0")
--- a/cli-plugins/manager/cobra.go
+++ b/cli-plugins/manager/cobra.go
@ -2,14 +2,11 @@ package manager

 import (
 	"fmt"
-	"net/url"
 	"os"
-	"strings"
 	"sync"

 	"github.com/docker/cli/cli/command"
 	"github.com/spf13/cobra"
-	"go.opentelemetry.io/otel/attribute"
 )

 const (
@ -33,10 +30,6 @@ const (
 	// is, one which failed it's candidate test) and contains the
 	// reason for the failure.
 	CommandAnnotationPluginInvalid = "com.docker.cli.plugin-invalid"
-
-	// CommandAnnotationPluginCommandPath is added to overwrite the
-	// command path for a plugin invocation.
-	CommandAnnotationPluginCommandPath = "com.docker.cli.plugin.command_path"
 )

 var pluginCommandStubsOnce sync.Once
@ -105,44 +98,3 @@ func AddPluginCommandStubs(dockerCli command.Cli, rootCmd *cobra.Command) (err e
 	})
 	return err
 }
-
-const (
-	dockerCliAttributePrefix = attribute.Key("docker.cli")
-
-	cobraCommandPath = attribute.Key("cobra.command_path")
-)
-
-func getPluginResourceAttributes(cmd *cobra.Command, plugin Plugin) attribute.Set {
-	commandPath := cmd.Annotations[CommandAnnotationPluginCommandPath]
-	if commandPath == "" {
-		commandPath = fmt.Sprintf("%s %s", cmd.CommandPath(), plugin.Name)
-	}
-
-	attrSet := attribute.NewSet(
-		cobraCommandPath.String(commandPath),
-	)
-
-	kvs := make([]attribute.KeyValue, 0, attrSet.Len())
-	for iter := attrSet.Iter(); iter.Next(); {
-		attr := iter.Attribute()
-		kvs = append(kvs, attribute.KeyValue{
-			Key:   dockerCliAttributePrefix + "." + attr.Key,
-			Value: attr.Value,
-		})
-	}
-	return attribute.NewSet(kvs...)
-}
-
-func appendPluginResourceAttributesEnvvar(env []string, cmd *cobra.Command, plugin Plugin) []string {
-	if attrs := getPluginResourceAttributes(cmd, plugin); attrs.Len() > 0 {
-		// values in environment variables need to be in baggage format
-		// otel/baggage package can be used after update to v1.22, currently it encodes incorrectly
-		attrsSlice := make([]string, attrs.Len())
-		for iter := attrs.Iter(); iter.Next(); {
-			i, v := iter.IndexedAttribute()
-			attrsSlice[i] = string(v.Key) + "=" + url.PathEscape(v.Value.AsString())
-		}
-		env = append(env, ResourceAttributesEnvvar+"="+strings.Join(attrsSlice, ","))
-	}
-	return env
-}
--- a/cli-plugins/manager/error.go
+++ b/cli-plugins/manager/error.go
@ -1,6 +1,3 @@
-// FIXME(thaJeztah): remove once we are a module; the go:build directive prevents go from downgrading language version to go1.16:
-//go:build go1.21
-
 package manager

 import (
@ -41,14 +38,11 @@ func (e *pluginError) MarshalText() (text []byte, err error) {
 // wrapAsPluginError wraps an error in a pluginError with an
 // additional message, analogous to errors.Wrapf.
 func wrapAsPluginError(err error, msg string) error {
-	if err == nil {
-		return nil
-	}
 	return &pluginError{cause: errors.Wrap(err, msg)}
 }

 // NewPluginError creates a new pluginError, analogous to
 // errors.Errorf.
-func NewPluginError(msg string, args ...any) error {
+func NewPluginError(msg string, args ...interface{}) error {
 	return &pluginError{cause: errors.Errorf(msg, args...)}
 }
--- a/cli-plugins/manager/error_test.go
+++ b/cli-plugins/manager/error_test.go
@ -2,7 +2,7 @@ package manager

 import (
 	"encoding/json"
-	"errors"
+	"fmt"
 	"testing"

 	"gotest.tools/v3/assert"
@ -13,7 +13,7 @@ func TestPluginError(t *testing.T) {
 	err := NewPluginError("new error")
 	assert.Check(t, is.Error(err, "new error"))

-	inner := errors.New("testing")
+	inner := fmt.Errorf("testing")
 	err = wrapAsPluginError(inner, "wrapping")
 	assert.Check(t, is.Error(err, "wrapping: testing"))
 	assert.Check(t, is.ErrorIs(err, inner))
--- a/cli-plugins/manager/hooks.go
+++ b/cli-plugins/manager/hooks.go
@ -1,199 +0,0 @@
-package manager
-
-import (
-	"context"
-	"encoding/json"
-	"strings"
-
-	"github.com/docker/cli/cli-plugins/hooks"
-	"github.com/docker/cli/cli/command"
-	"github.com/sirupsen/logrus"
-	"github.com/spf13/cobra"
-	"github.com/spf13/pflag"
-)
-
-// HookPluginData is the type representing the information
-// that plugins declaring support for hooks get passed when
-// being invoked following a CLI command execution.
-type HookPluginData struct {
-	// RootCmd is a string representing the matching hook configuration
-	// which is currently being invoked. If a hook for `docker context` is
-	// configured and the user executes `docker context ls`, the plugin will
-	// be invoked with `context`.
-	RootCmd      string
-	Flags        map[string]string
-	CommandError string
-}
-
-// RunCLICommandHooks is the entrypoint into the hooks execution flow after
-// a main CLI command was executed. It calls the hook subcommand for all
-// present CLI plugins that declare support for hooks in their metadata and
-// parses/prints their responses.
-func RunCLICommandHooks(ctx context.Context, dockerCli command.Cli, rootCmd, subCommand *cobra.Command, cmdErrorMessage string) {
-	commandName := strings.TrimPrefix(subCommand.CommandPath(), rootCmd.Name()+" ")
-	flags := getCommandFlags(subCommand)
-
-	runHooks(ctx, dockerCli, rootCmd, subCommand, commandName, flags, cmdErrorMessage)
-}
-
-// RunPluginHooks is the entrypoint for the hooks execution flow
-// after a plugin command was just executed by the CLI.
-func RunPluginHooks(ctx context.Context, dockerCli command.Cli, rootCmd, subCommand *cobra.Command, args []string) {
-	commandName := strings.Join(args, " ")
-	flags := getNaiveFlags(args)
-
-	runHooks(ctx, dockerCli, rootCmd, subCommand, commandName, flags, "")
-}
-
-func runHooks(ctx context.Context, dockerCli command.Cli, rootCmd, subCommand *cobra.Command, invokedCommand string, flags map[string]string, cmdErrorMessage string) {
-	nextSteps := invokeAndCollectHooks(ctx, dockerCli, rootCmd, subCommand, invokedCommand, flags, cmdErrorMessage)
-
-	hooks.PrintNextSteps(dockerCli.Err(), nextSteps)
-}
-
-func invokeAndCollectHooks(ctx context.Context, dockerCli command.Cli, rootCmd, subCmd *cobra.Command, subCmdStr string, flags map[string]string, cmdErrorMessage string) []string {
-	// check if the context was cancelled before invoking hooks
-	select {
-	case <-ctx.Done():
-		return nil
-	default:
-	}
-
-	pluginsCfg := dockerCli.ConfigFile().Plugins
-	if pluginsCfg == nil {
-		return nil
-	}
-
-	nextSteps := make([]string, 0, len(pluginsCfg))
-	for pluginName, cfg := range pluginsCfg {
-		match, ok := pluginMatch(cfg, subCmdStr)
-		if !ok {
-			continue
-		}
-
-		p, err := GetPlugin(pluginName, dockerCli, rootCmd)
-		if err != nil {
-			continue
-		}
-
-		hookReturn, err := p.RunHook(ctx, HookPluginData{
-			RootCmd:      match,
-			Flags:        flags,
-			CommandError: cmdErrorMessage,
-		})
-		if err != nil {
-			// skip misbehaving plugins, but don't halt execution
-			continue
-		}
-
-		var hookMessageData hooks.HookMessage
-		err = json.Unmarshal(hookReturn, &hookMessageData)
-		if err != nil {
-			continue
-		}
-
-		// currently the only hook type
-		if hookMessageData.Type != hooks.NextSteps {
-			continue
-		}
-
-		processedHook, err := hooks.ParseTemplate(hookMessageData.Template, subCmd)
-		if err != nil {
-			continue
-		}
-
-		var appended bool
-		nextSteps, appended = appendNextSteps(nextSteps, processedHook)
-		if !appended {
-			logrus.Debugf("Plugin %s responded with an empty hook message %q. Ignoring.", pluginName, string(hookReturn))
-		}
-	}
-	return nextSteps
-}
-
-// appendNextSteps appends the processed hook output to the nextSteps slice.
-// If the processed hook output is empty, it is not appended.
-// Empty lines are not stripped if there's at least one non-empty line.
-func appendNextSteps(nextSteps []string, processed []string) ([]string, bool) {
-	empty := true
-	for _, l := range processed {
-		if strings.TrimSpace(l) != "" {
-			empty = false
-			break
-		}
-	}
-
-	if empty {
-		return nextSteps, false
-	}
-
-	return append(nextSteps, processed...), true
-}
-
-// pluginMatch takes a plugin configuration and a string representing the
-// command being executed (such as 'image ls' – the root 'docker' is omitted)
-// and, if the configuration includes a hook for the invoked command, returns
-// the configured hook string.
-func pluginMatch(pluginCfg map[string]string, subCmd string) (string, bool) {
-	configuredPluginHooks, ok := pluginCfg["hooks"]
-	if !ok || configuredPluginHooks == "" {
-		return "", false
-	}
-
-	commands := strings.Split(configuredPluginHooks, ",")
-	for _, hookCmd := range commands {
-		if hookMatch(hookCmd, subCmd) {
-			return hookCmd, true
-		}
-	}
-
-	return "", false
-}
-
-func hookMatch(hookCmd, subCmd string) bool {
-	hookCmdTokens := strings.Split(hookCmd, " ")
-	subCmdTokens := strings.Split(subCmd, " ")
-
-	if len(hookCmdTokens) > len(subCmdTokens) {
-		return false
-	}
-
-	for i, v := range hookCmdTokens {
-		if v != subCmdTokens[i] {
-			return false
-		}
-	}
-
-	return true
-}
-
-func getCommandFlags(cmd *cobra.Command) map[string]string {
-	flags := make(map[string]string)
-	cmd.Flags().Visit(func(f *pflag.Flag) {
-		var fValue string
-		if f.Value.Type() == "bool" {
-			fValue = f.Value.String()
-		}
-		flags[f.Name] = fValue
-	})
-	return flags
-}
-
-// getNaiveFlags string-matches argv and parses them into a map.
-// This is used when calling hooks after a plugin command, since
-// in this case we can't rely on the cobra command tree to parse
-// flags in this case. In this case, no values are ever passed,
-// since we don't have enough information to process them.
-func getNaiveFlags(args []string) map[string]string {
-	flags := make(map[string]string)
-	for _, arg := range args {
-		if strings.HasPrefix(arg, "--") {
-			flags[arg[2:]] = ""
-			continue
-		}
-		if strings.HasPrefix(arg, "-") {
-			flags[arg[1:]] = ""
-		}
-	}
-	return flags
-}
--- a/cli-plugins/manager/hooks_test.go
+++ b/cli-plugins/manager/hooks_test.go
@ -1,143 +0,0 @@
-package manager
-
-import (
-	"testing"
-
-	"gotest.tools/v3/assert"
-	is "gotest.tools/v3/assert/cmp"
-)
-
-func TestGetNaiveFlags(t *testing.T) {
-	testCases := []struct {
-		args          []string
-		expectedFlags map[string]string
-	}{
-		{
-			args:          []string{"docker"},
-			expectedFlags: map[string]string{},
-		},
-		{
-			args: []string{"docker", "build", "-q", "--file", "test.Dockerfile", "."},
-			expectedFlags: map[string]string{
-				"q":    "",
-				"file": "",
-			},
-		},
-		{
-			args: []string{"docker", "--context", "a-context", "pull", "-q", "--progress", "auto", "alpine"},
-			expectedFlags: map[string]string{
-				"context":  "",
-				"q":        "",
-				"progress": "",
-			},
-		},
-	}
-
-	for _, tc := range testCases {
-		assert.DeepEqual(t, getNaiveFlags(tc.args), tc.expectedFlags)
-	}
-}
-
-func TestPluginMatch(t *testing.T) {
-	testCases := []struct {
-		commandString string
-		pluginConfig  map[string]string
-		expectedMatch string
-		expectedOk    bool
-	}{
-		{
-			commandString: "image ls",
-			pluginConfig: map[string]string{
-				"hooks": "image",
-			},
-			expectedMatch: "image",
-			expectedOk:    true,
-		},
-		{
-			commandString: "context ls",
-			pluginConfig: map[string]string{
-				"hooks": "build",
-			},
-			expectedMatch: "",
-			expectedOk:    false,
-		},
-		{
-			commandString: "context ls",
-			pluginConfig: map[string]string{
-				"hooks": "context ls",
-			},
-			expectedMatch: "context ls",
-			expectedOk:    true,
-		},
-		{
-			commandString: "image ls",
-			pluginConfig: map[string]string{
-				"hooks": "image ls,image",
-			},
-			expectedMatch: "image ls",
-			expectedOk:    true,
-		},
-		{
-			commandString: "image ls",
-			pluginConfig: map[string]string{
-				"hooks": "",
-			},
-			expectedMatch: "",
-			expectedOk:    false,
-		},
-		{
-			commandString: "image inspect",
-			pluginConfig: map[string]string{
-				"hooks": "image i",
-			},
-			expectedMatch: "",
-			expectedOk:    false,
-		},
-		{
-			commandString: "image inspect",
-			pluginConfig: map[string]string{
-				"hooks": "image",
-			},
-			expectedMatch: "image",
-			expectedOk:    true,
-		},
-	}
-
-	for _, tc := range testCases {
-		match, ok := pluginMatch(tc.pluginConfig, tc.commandString)
-		assert.Equal(t, ok, tc.expectedOk)
-		assert.Equal(t, match, tc.expectedMatch)
-	}
-}
-
-func TestAppendNextSteps(t *testing.T) {
-	testCases := []struct {
-		processed   []string
-		expectedOut []string
-	}{
-		{
-			processed:   []string{},
-			expectedOut: []string{},
-		},
-		{
-			processed:   []string{"", ""},
-			expectedOut: []string{},
-		},
-		{
-			processed:   []string{"Some hint", "", "Some other hint"},
-			expectedOut: []string{"Some hint", "", "Some other hint"},
-		},
-		{
-			processed:   []string{"Hint 1", "Hint 2"},
-			expectedOut: []string{"Hint 1", "Hint 2"},
-		},
-	}
-
-	for _, tc := range testCases {
-		t.Run("", func(t *testing.T) {
-			got, appended := appendNextSteps([]string{}, tc.processed)
-			assert.Check(t, is.DeepEqual(got, tc.expectedOut))
-			assert.Check(t, is.Equal(appended, len(got) > 0))
-		})
-	}
-}
--- a/cli-plugins/manager/manager.go
+++ b/cli-plugins/manager/manager.go
@ -3,7 +3,6 @@ package manager
 import (
 	"context"
 	"os"
-	"os/exec"
 	"path/filepath"
 	"sort"
 	"strings"
@ -11,23 +10,17 @@ import (

 	"github.com/docker/cli/cli/command"
 	"github.com/docker/cli/cli/config"
-	"github.com/docker/cli/cli/config/configfile"
 	"github.com/fvbommel/sortorder"
 	"github.com/spf13/cobra"
 	"golang.org/x/sync/errgroup"
+	exec "golang.org/x/sys/execabs"
 )

-const (
-	// ReexecEnvvar is the name of an ennvar which is set to the command
-	// used to originally invoke the docker CLI when executing a
-	// plugin. Assuming $PATH and $CWD remain unchanged this should allow
-	// the plugin to re-execute the original CLI.
-	ReexecEnvvar = "DOCKER_CLI_PLUGIN_ORIGINAL_CLI_COMMAND"
-
-	// ResourceAttributesEnvvar is the name of the envvar that includes additional
-	// resource attributes for OTEL.
-	ResourceAttributesEnvvar = "OTEL_RESOURCE_ATTRIBUTES"
-)
+// ReexecEnvvar is the name of an ennvar which is set to the command
+// used to originally invoke the docker CLI when executing a
+// plugin. Assuming $PATH and $CWD remain unchanged this should allow
+// the plugin to re-execute the original CLI.
+const ReexecEnvvar = "DOCKER_CLI_PLUGIN_ORIGINAL_CLI_COMMAND"

 // errPluginNotFound is the error returned when a plugin could not be found.
 type errPluginNotFound string
@ -49,20 +42,10 @@ func IsNotFound(err error) bool {
 	return ok
 }

-// getPluginDirs returns the platform-specific locations to search for plugins
-// in order of preference.
-//
-// Plugin-discovery is performed in the following order of preference:
-//
-// 1. The "cli-plugins" directory inside the CLIs [config.Path] (usually "~/.docker/cli-plugins").
-// 2. Additional plugin directories as configured through [ConfigFile.CLIPluginsExtraDirs].
-// 3. Platform-specific defaultSystemPluginDirs.
-//
-// [ConfigFile.CLIPluginsExtraDirs]: https://pkg.go.dev/github.com/docker/cli@v26.1.4+incompatible/cli/config/configfile#ConfigFile.CLIPluginsExtraDirs
-func getPluginDirs(cfg *configfile.ConfigFile) ([]string, error) {
+func getPluginDirs(dockerCli command.Cli) ([]string, error) {
 	var pluginDirs []string

-	if cfg != nil {
+	if cfg := dockerCli.ConfigFile(); cfg != nil {
 		pluginDirs = append(pluginDirs, cfg.CLIPluginsExtraDirs...)
 	}
 	pluginDir, err := config.Path("cli-plugins")
@ -125,7 +108,7 @@ func listPluginCandidates(dirs []string) (map[string][]string, error) {

 // GetPlugin returns a plugin on the system by its name
 func GetPlugin(name string, dockerCli command.Cli, rootcmd *cobra.Command) (*Plugin, error) {
-	pluginDirs, err := getPluginDirs(dockerCli.ConfigFile())
+	pluginDirs, err := getPluginDirs(dockerCli)
 	if err != nil {
 		return nil, err
 	}
@ -155,7 +138,7 @@ func GetPlugin(name string, dockerCli command.Cli, rootcmd *cobra.Command) (*Plu

 // ListPlugins produces a list of the plugins available on the system
 func ListPlugins(dockerCli command.Cli, rootcmd *cobra.Command) ([]Plugin, error) {
-	pluginDirs, err := getPluginDirs(dockerCli.ConfigFile())
+	pluginDirs, err := getPluginDirs(dockerCli)
 	if err != nil {
 		return nil, err
 	}
@ -215,7 +198,7 @@ func PluginRunCommand(dockerCli command.Cli, name string, rootcmd *cobra.Command
 		return nil, errPluginNotFound(name)
 	}
 	exename := addExeSuffix(NamePrefix + name)
-	pluginDirs, err := getPluginDirs(dockerCli.ConfigFile())
+	pluginDirs, err := getPluginDirs(dockerCli)
 	if err != nil {
 		return nil, err
 	}
@ -250,8 +233,8 @@ func PluginRunCommand(dockerCli command.Cli, name string, rootcmd *cobra.Command
 		cmd.Stdout = os.Stdout
 		cmd.Stderr = os.Stderr

-		cmd.Env = append(cmd.Environ(), ReexecEnvvar+"="+os.Args[0])
-		cmd.Env = appendPluginResourceAttributesEnvvar(cmd.Env, rootcmd, plugin)
+		cmd.Env = os.Environ()
+		cmd.Env = append(cmd.Env, ReexecEnvvar+"="+os.Args[0])

 		return cmd, nil
 	}
--- a/cli-plugins/manager/manager_test.go
+++ b/cli-plugins/manager/manager_test.go
@ -46,7 +46,7 @@ func TestListPluginCandidates(t *testing.T) {
 	)
 	defer dir.Remove()

-	dirs := make([]string, 0, 6)
+	var dirs []string
 	for _, d := range []string{"plugins1", "nonexistent", "plugins2", "plugins3", "plugins4", "plugins5"} {
 		dirs = append(dirs, dir.Join(d))
 	}
@ -149,7 +149,7 @@ func TestGetPluginDirs(t *testing.T) {
 	expected := append([]string{pluginDir}, defaultSystemPluginDirs...)

 	var pluginDirs []string
-	pluginDirs, err = getPluginDirs(cli.ConfigFile())
+	pluginDirs, err = getPluginDirs(cli)
 	assert.Equal(t, strings.Join(expected, ":"), strings.Join(pluginDirs, ":"))
 	assert.NilError(t, err)

@ -160,7 +160,7 @@ func TestGetPluginDirs(t *testing.T) {
 	cli.SetConfigFile(&configfile.ConfigFile{
 		CLIPluginsExtraDirs: extras,
 	})
-	pluginDirs, err = getPluginDirs(cli.ConfigFile())
+	pluginDirs, err = getPluginDirs(cli)
 	assert.DeepEqual(t, expected, pluginDirs)
 	assert.NilError(t, err)
 }
--- a/cli-plugins/manager/manager_unix.go
+++ b/cli-plugins/manager/manager_unix.go
@ -1,20 +1,9 @@
 //go:build !windows
+// +build !windows

 package manager

-// defaultSystemPluginDirs are the platform-specific locations to search
-// for plugins in order of preference.
-//
-// Plugin-discovery is performed in the following order of preference:
-//
-// 1. The "cli-plugins" directory inside the CLIs config-directory (usually "~/.docker/cli-plugins").
-// 2. Additional plugin directories as configured through [ConfigFile.CLIPluginsExtraDirs].
-// 3. Platform-specific defaultSystemPluginDirs (as defined below).
-//
-// [ConfigFile.CLIPluginsExtraDirs]: https://pkg.go.dev/github.com/docker/cli@v26.1.4+incompatible/cli/config/configfile#ConfigFile.CLIPluginsExtraDirs
 var defaultSystemPluginDirs = []string{
-	"/usr/local/lib/docker/cli-plugins",
-	"/usr/local/libexec/docker/cli-plugins",
-	"/usr/lib/docker/cli-plugins",
-	"/usr/libexec/docker/cli-plugins",
+	"/usr/local/lib/docker/cli-plugins", "/usr/local/libexec/docker/cli-plugins",
+	"/usr/lib/docker/cli-plugins", "/usr/libexec/docker/cli-plugins",
 }
--- a/cli-plugins/manager/manager_windows.go
+++ b/cli-plugins/manager/manager_windows.go
@ -5,16 +5,6 @@ import (
 	"path/filepath"
 )

-// defaultSystemPluginDirs are the platform-specific locations to search
-// for plugins in order of preference.
-//
-// Plugin-discovery is performed in the following order of preference:
-//
-// 1. The "cli-plugins" directory inside the CLIs config-directory (usually "~/.docker/cli-plugins").
-// 2. Additional plugin directories as configured through [ConfigFile.CLIPluginsExtraDirs].
-// 3. Platform-specific defaultSystemPluginDirs (as defined below).
-//
-// [ConfigFile.CLIPluginsExtraDirs]: https://pkg.go.dev/github.com/docker/cli@v26.1.4+incompatible/cli/config/configfile#ConfigFile.CLIPluginsExtraDirs
 var defaultSystemPluginDirs = []string{
 	filepath.Join(os.Getenv("ProgramData"), "Docker", "cli-plugins"),
 	filepath.Join(os.Getenv("ProgramFiles"), "Docker", "cli-plugins"),
--- a/cli-plugins/manager/metadata.go
+++ b/cli-plugins/manager/metadata.go
@ -8,11 +8,6 @@ const (
 	// which must be supported by every plugin and returns the
 	// plugin metadata.
 	MetadataSubcommandName = "docker-cli-plugin-metadata"
-
-	// HookSubcommandName is the name of the plugin subcommand
-	// which must be implemented by plugins declaring support
-	// for hooks in their metadata.
-	HookSubcommandName = "docker-cli-plugin-hooks"
 )

 // Metadata provided by the plugin.
@ -27,4 +22,8 @@ type Metadata struct {
 	ShortDescription string `json:",omitempty"`
 	// URL is a pointer to the plugin's homepage.
 	URL string `json:",omitempty"`
+	// Experimental specifies whether the plugin is experimental.
+	//
+	// Deprecated: experimental features are now always enabled in the CLI
+	Experimental bool `json:",omitempty"`
 }
--- a/cli-plugins/manager/plugin.go
+++ b/cli-plugins/manager/plugin.go
@ -1,10 +1,7 @@
 package manager

 import (
-	"context"
 	"encoding/json"
-	"os"
-	"os/exec"
 	"path/filepath"
 	"regexp"
 	"strings"
@ -103,22 +100,3 @@ func newPlugin(c Candidate, cmds []*cobra.Command) (Plugin, error) {
 	}
 	return p, nil
 }
-
-// RunHook executes the plugin's hooks command
-// and returns its unprocessed output.
-func (p *Plugin) RunHook(ctx context.Context, hookData HookPluginData) ([]byte, error) {
-	hDataBytes, err := json.Marshal(hookData)
-	if err != nil {
-		return nil, wrapAsPluginError(err, "failed to marshall hook data")
-	}
-
-	pCmd := exec.CommandContext(ctx, p.Path, p.Name, HookSubcommandName, string(hDataBytes))
-	pCmd.Env = os.Environ()
-	pCmd.Env = append(pCmd.Env, ReexecEnvvar+"="+os.Args[0])
-	hookCmdOutput, err := pCmd.Output()
-	if err != nil {
-		return nil, wrapAsPluginError(err, "failed to execute plugin hook subcommand")
-	}
-
-	return hookCmdOutput, nil
-}
--- a/cli-plugins/manager/suffix_unix.go
+++ b/cli-plugins/manager/suffix_unix.go
@ -1,4 +1,5 @@
 //go:build !windows
+// +build !windows

 package manager

--- a/cli-plugins/plugin/plugin.go
+++ b/cli-plugins/plugin/plugin.go
@ -1,7 +1,6 @@
 package plugin

 import (
-	"context"
 	"encoding/json"
 	"fmt"
 	"os"
@ -9,20 +8,17 @@ import (

 	"github.com/docker/cli/cli"
 	"github.com/docker/cli/cli-plugins/manager"
-	"github.com/docker/cli/cli-plugins/socket"
 	"github.com/docker/cli/cli/command"
 	"github.com/docker/cli/cli/connhelper"
-	"github.com/docker/cli/cli/debug"
 	"github.com/docker/docker/client"
 	"github.com/spf13/cobra"
-	"go.opentelemetry.io/otel"
 )

 // PersistentPreRunE must be called by any plugin command (or
 // subcommand) which uses the cobra `PersistentPreRun*` hook. Plugins
 // which do not make use of `PersistentPreRun*` do not need to call
 // this (although it remains safe to do so). Plugins are recommended
-// to use `PersistentPreRunE` to enable the error to be
+// to use `PersistenPreRunE` to enable the error to be
 // returned. Should not be called outside of a command's
 // PersistentPreRunE hook and must not be run unless Run has been
 // called.
@ -33,38 +29,14 @@ func RunPlugin(dockerCli *command.DockerCli, plugin *cobra.Command, meta manager
 	tcmd := newPluginCommand(dockerCli, plugin, meta)

 	var persistentPreRunOnce sync.Once
-	PersistentPreRunE = func(cmd *cobra.Command, _ []string) error {
+	PersistentPreRunE = func(_ *cobra.Command, _ []string) error {
 		var err error
 		persistentPreRunOnce.Do(func() {
-			ctx, cancel := context.WithCancel(cmd.Context())
-			cmd.SetContext(ctx)
-			// Set up the context to cancel based on signalling via CLI socket.
-			socket.ConnectAndWait(cancel)
-
-			var opts []command.CLIOption
+			var opts []command.InitializeOpt
 			if os.Getenv("DOCKER_CLI_PLUGIN_USE_DIAL_STDIO") != "" {
 				opts = append(opts, withPluginClientConn(plugin.Name()))
 			}
-			opts = append(opts, command.WithEnableGlobalMeterProvider(), command.WithEnableGlobalTracerProvider())
 			err = tcmd.Initialize(opts...)
-			ogRunE := cmd.RunE
-			if ogRunE == nil {
-				ogRun := cmd.Run
-				// necessary because error will always be nil here
-				// see: https://github.com/golangci/golangci-lint/issues/1379
-				//nolint:unparam
-				ogRunE = func(cmd *cobra.Command, args []string) error {
-					ogRun(cmd, args)
-					return nil
-				}
-				cmd.Run = nil
-			}
-			cmd.RunE = func(cmd *cobra.Command, args []string) error {
-				stopInstrumentation := dockerCli.StartInstrumentation(cmd)
-				err := ogRunE(cmd, args)
-				stopInstrumentation(err)
-				return err
-			}
 		})
 		return err
 	}
@ -81,8 +53,6 @@ func RunPlugin(dockerCli *command.DockerCli, plugin *cobra.Command, meta manager

 // Run is the top-level entry point to the CLI plugin framework. It should be called from your plugin's `main()` function.
 func Run(makeCmd func(command.Cli) *cobra.Command, meta manager.Metadata) {
-	otel.SetErrorHandler(debug.OTELErrorHandler)
-
 	dockerCli, err := command.NewDockerCli()
 	if err != nil {
 		fmt.Fprintln(os.Stderr, err)
@ -108,7 +78,7 @@ func Run(makeCmd func(command.Cli) *cobra.Command, meta manager.Metadata) {
 	}
 }

-func withPluginClientConn(name string) command.CLIOption {
+func withPluginClientConn(name string) command.InitializeOpt {
 	return command.WithInitializeClient(func(dockerCli *command.DockerCli) (client.APIClient, error) {
 		cmd := "docker"
 		if x := os.Getenv(manager.ReexecEnvvar); x != "" {
@ -161,7 +131,7 @@ func newPluginCommand(dockerCli *command.DockerCli, plugin *cobra.Command, meta
 			DisableDescriptions: true,
 		},
 	}
-	opts, _ := cli.SetupPluginRootCommand(cmd)
+	opts, flags := cli.SetupPluginRootCommand(cmd)

 	cmd.SetIn(dockerCli.In())
 	cmd.SetOut(dockerCli.Out())
@ -174,7 +144,7 @@ func newPluginCommand(dockerCli *command.DockerCli, plugin *cobra.Command, meta

 	cli.DisableFlagsInUseLine(cmd)

-	return cli.NewTopLevelCommand(cmd, dockerCli, opts, cmd.Flags())
+	return cli.NewTopLevelCommand(cmd, dockerCli, opts, flags)
 }

 func newMetadataSubcommand(plugin *cobra.Command, meta manager.Metadata) *cobra.Command {
--- a/cli-plugins/socket/socket.go
+++ b/cli-plugins/socket/socket.go
@ -1,166 +0,0 @@
-package socket
-
-import (
-	"crypto/rand"
-	"encoding/hex"
-	"errors"
-	"io"
-	"net"
-	"os"
-	"runtime"
-	"sync"
-
-	"github.com/sirupsen/logrus"
-)
-
-// EnvKey represents the well-known environment variable used to pass the
-// plugin being executed the socket name it should listen on to coordinate with
-// the host CLI.
-const EnvKey = "DOCKER_CLI_PLUGIN_SOCKET"
-
-// NewPluginServer creates a plugin server that listens on a new Unix domain
-// socket. h is called for each new connection to the socket in a goroutine.
-func NewPluginServer(h func(net.Conn)) (*PluginServer, error) {
-	// Listen on a Unix socket, with the address being platform-dependent.
-	// When a non-abstract address is used, Go will unlink(2) the socket
-	// for us once the listener is closed, as documented in
-	// [net.UnixListener.SetUnlinkOnClose].
-	l, err := net.ListenUnix("unix", &net.UnixAddr{
-		Name: socketName("docker_cli_" + randomID()),
-		Net:  "unix",
-	})
-	if err != nil {
-		return nil, err
-	}
-	logrus.Trace("Plugin server listening on ", l.Addr())
-
-	if h == nil {
-		h = func(net.Conn) {}
-	}
-
-	pl := &PluginServer{
-		l: l,
-		h: h,
-	}
-
-	go func() {
-		defer pl.Close()
-		for {
-			err := pl.accept()
-			if err != nil {
-				return
-			}
-		}
-	}()
-
-	return pl, nil
-}
-
-type PluginServer struct {
-	mu     sync.Mutex
-	conns  []net.Conn
-	l      *net.UnixListener
-	h      func(net.Conn)
-	closed bool
-}
-
-func (pl *PluginServer) accept() error {
-	conn, err := pl.l.Accept()
-	if err != nil {
-		return err
-	}
-
-	pl.mu.Lock()
-	defer pl.mu.Unlock()
-
-	if pl.closed {
-		// Handle potential race between Close and accept.
-		conn.Close()
-		return errors.New("plugin server is closed")
-	}
-
-	pl.conns = append(pl.conns, conn)
-
-	go pl.h(conn)
-	return nil
-}
-
-// Addr returns the [net.Addr] of the underlying [net.Listener].
-func (pl *PluginServer) Addr() net.Addr {
-	return pl.l.Addr()
-}
-
-// Close ensures that the server is no longer accepting new connections and
-// closes all existing connections. Existing connections will receive [io.EOF].
-//
-// The error value is that of the underlying [net.Listner.Close] call.
-func (pl *PluginServer) Close() error {
-	logrus.Trace("Closing plugin server")
-	// Close connections first to ensure the connections get io.EOF instead
-	// of a connection reset.
-	pl.closeAllConns()
-
-	// Try to ensure that any active connections have a chance to receive
-	// io.EOF.
-	runtime.Gosched()
-
-	return pl.l.Close()
-}
-
-func (pl *PluginServer) closeAllConns() {
-	pl.mu.Lock()
-	defer pl.mu.Unlock()
-
-	if pl.closed {
-		return
-	}
-
-	// Prevent new connections from being accepted.
-	pl.closed = true
-
-	for _, conn := range pl.conns {
-		conn.Close()
-	}
-
-	pl.conns = nil
-}
-
-func randomID() string {
-	b := make([]byte, 16)
-	if _, err := rand.Read(b); err != nil {
-		panic(err) // This shouldn't happen
-	}
-	return hex.EncodeToString(b)
-}
-
-// ConnectAndWait connects to the socket passed via well-known env var,
-// if present, and attempts to read from it until it receives an EOF, at which
-// point cb is called.
-func ConnectAndWait(cb func()) {
-	socketAddr, ok := os.LookupEnv(EnvKey)
-	if !ok {
-		// if a plugin compiled against a more recent version of docker/cli
-		// is executed by an older CLI binary, ignore missing environment
-		// variable and behave as usual
-		return
-	}
-	addr, err := net.ResolveUnixAddr("unix", socketAddr)
-	if err != nil {
-		return
-	}
-	conn, err := net.DialUnix("unix", nil, addr)
-	if err != nil {
-		return
-	}
-
-	go func() {
-		b := make([]byte, 1)
-		for {
-			_, err := conn.Read(b)
-			if errors.Is(err, io.EOF) {
-				cb()
-				return
-			}
-		}
-	}()
-}
--- a/cli-plugins/socket/socket_abstract.go
+++ b/cli-plugins/socket/socket_abstract.go
@ -1,9 +0,0 @@
-//go:build windows || linux
-
-package socket
-
-func socketName(basename string) string {
-	// Address of an abstract socket -- this socket can be opened by name,
-	// but is not present in the filesystem.
-	return "@" + basename
-}
--- a/cli-plugins/socket/socket_noabstract.go
+++ b/cli-plugins/socket/socket_noabstract.go
@ -1,14 +0,0 @@
-//go:build !windows && !linux
-
-package socket
-
-import (
-	"os"
-	"path/filepath"
-)
-
-func socketName(basename string) string {
-	// Because abstract sockets are unavailable, use a socket path in the
-	// system temporary directory.
-	return filepath.Join(os.TempDir(), basename)
-}
--- a/cli-plugins/socket/socket_test.go
+++ b/cli-plugins/socket/socket_test.go
@ -1,189 +0,0 @@
-package socket
-
-import (
-	"errors"
-	"io"
-	"io/fs"
-	"net"
-	"os"
-	"runtime"
-	"strings"
-	"sync/atomic"
-	"testing"
-	"time"
-
-	"gotest.tools/v3/assert"
-	"gotest.tools/v3/poll"
-)
-
-func TestPluginServer(t *testing.T) {
-	t.Run("connection closes with EOF when server closes", func(t *testing.T) {
-		called := make(chan struct{})
-		srv, err := NewPluginServer(func(_ net.Conn) { close(called) })
-		assert.NilError(t, err)
-		assert.Assert(t, srv != nil, "returned nil server but no error")
-
-		addr, err := net.ResolveUnixAddr("unix", srv.Addr().String())
-		assert.NilError(t, err, "failed to resolve server address")
-
-		conn, err := net.DialUnix("unix", nil, addr)
-		assert.NilError(t, err, "failed to dial returned server")
-		defer conn.Close()
-
-		done := make(chan error, 1)
-		go func() {
-			_, err := conn.Read(make([]byte, 1))
-			done <- err
-		}()
-
-		select {
-		case <-called:
-		case <-time.After(10 * time.Millisecond):
-			t.Fatal("handler not called")
-		}
-
-		srv.Close()
-
-		select {
-		case err := <-done:
-			if !errors.Is(err, io.EOF) {
-				t.Fatalf("exepcted EOF error, got: %v", err)
-			}
-		case <-time.After(10 * time.Millisecond):
-		}
-	})
-
-	t.Run("allows reconnects", func(t *testing.T) {
-		var calls int32
-		h := func(_ net.Conn) {
-			atomic.AddInt32(&calls, 1)
-		}
-
-		srv, err := NewPluginServer(h)
-		assert.NilError(t, err)
-		defer srv.Close()
-
-		assert.Check(t, srv.Addr() != nil, "returned nil addr but no error")
-
-		addr, err := net.ResolveUnixAddr("unix", srv.Addr().String())
-		assert.NilError(t, err, "failed to resolve server address")
-
-		waitForCalls := func(n int) {
-			poll.WaitOn(t, func(t poll.LogT) poll.Result {
-				if atomic.LoadInt32(&calls) == int32(n) {
-					return poll.Success()
-				}
-				return poll.Continue("waiting for handler to be called")
-			})
-		}
-
-		otherConn, err := net.DialUnix("unix", nil, addr)
-		assert.NilError(t, err, "failed to dial returned server")
-		otherConn.Close()
-		waitForCalls(1)
-
-		conn, err := net.DialUnix("unix", nil, addr)
-		assert.NilError(t, err, "failed to redial server")
-		defer conn.Close()
-		waitForCalls(2)
-
-		// and again but don't close the existing connection
-		conn2, err := net.DialUnix("unix", nil, addr)
-		assert.NilError(t, err, "failed to redial server")
-		defer conn2.Close()
-		waitForCalls(3)
-
-		srv.Close()
-
-		// now make sure we get EOF on the existing connections
-		buf := make([]byte, 1)
-		_, err = conn.Read(buf)
-		assert.ErrorIs(t, err, io.EOF, "expected EOF error, got: %v", err)
-
-		_, err = conn2.Read(buf)
-		assert.ErrorIs(t, err, io.EOF, "expected EOF error, got: %v", err)
-	})
-
-	t.Run("does not leak sockets to local directory", func(t *testing.T) {
-		srv, err := NewPluginServer(nil)
-		assert.NilError(t, err)
-		assert.Check(t, srv != nil, "returned nil server but no error")
-		checkDirNoNewPluginServer(t)
-
-		addr, err := net.ResolveUnixAddr("unix", srv.Addr().String())
-		assert.NilError(t, err, "failed to resolve server address")
-
-		_, err = net.DialUnix("unix", nil, addr)
-		assert.NilError(t, err, "failed to dial returned server")
-		checkDirNoNewPluginServer(t)
-	})
-}
-
-func checkDirNoNewPluginServer(t *testing.T) {
-	t.Helper()
-
-	files, err := os.ReadDir(".")
-	assert.NilError(t, err, "failed to list files in dir to check for leaked sockets")
-
-	for _, f := range files {
-		info, err := f.Info()
-		assert.NilError(t, err, "failed to check file info")
-		// check for a socket with `docker_cli_` in the name (from `SetupConn()`)
-		if strings.Contains(f.Name(), "docker_cli_") && info.Mode().Type() == fs.ModeSocket {
-			t.Fatal("found socket in a local directory")
-		}
-	}
-}
-
-func TestConnectAndWait(t *testing.T) {
-	t.Run("calls cancel func on EOF", func(t *testing.T) {
-		srv, err := NewPluginServer(nil)
-		assert.NilError(t, err, "failed to setup server")
-		defer srv.Close()
-
-		done := make(chan struct{})
-		t.Setenv(EnvKey, srv.Addr().String())
-		cancelFunc := func() {
-			done <- struct{}{}
-		}
-		ConnectAndWait(cancelFunc)
-
-		select {
-		case <-done:
-			t.Fatal("unexpectedly done")
-		default:
-		}
-
-		srv.Close()
-
-		select {
-		case <-done:
-		case <-time.After(10 * time.Millisecond):
-			t.Fatal("cancel function not closed after 10ms")
-		}
-	})
-
-	// TODO: this test cannot be executed with `t.Parallel()`, due to
-	// relying on goroutine numbers to ensure correct behaviour
-	t.Run("connect goroutine exits after EOF", func(t *testing.T) {
-		srv, err := NewPluginServer(nil)
-		assert.NilError(t, err, "failed to setup server")
-
-		defer srv.Close()
-
-		t.Setenv(EnvKey, srv.Addr().String())
-		numGoroutines := runtime.NumGoroutine()
-
-		ConnectAndWait(func() {})
-		assert.Equal(t, runtime.NumGoroutine(), numGoroutines+1)
-
-		srv.Close()
-
-		poll.WaitOn(t, func(t poll.LogT) poll.Result {
-			if runtime.NumGoroutine() > numGoroutines+1 {
-				return poll.Continue("waiting for connect goroutine to exit")
-			}
-			return poll.Success()
-		}, poll.WithDelay(1*time.Millisecond), poll.WithTimeout(10*time.Millisecond))
-	})
-}
--- a/cli/cobra.go
+++ b/cli/cobra.go
@ -9,6 +9,7 @@ import (

 	pluginmanager "github.com/docker/cli/cli-plugins/manager"
 	"github.com/docker/cli/cli/command"
+	"github.com/docker/cli/cli/config"
 	cliflags "github.com/docker/cli/cli/flags"
 	"github.com/docker/docker/pkg/homedir"
 	"github.com/docker/docker/registry"
@ -22,9 +23,12 @@ import (

 // setupCommonRootCommand contains the setup common to
 // SetupRootCommand and SetupPluginRootCommand.
-func setupCommonRootCommand(rootCmd *cobra.Command) (*cliflags.ClientOptions, *cobra.Command) {
+func setupCommonRootCommand(rootCmd *cobra.Command) (*cliflags.ClientOptions, *pflag.FlagSet, *cobra.Command) {
 	opts := cliflags.NewClientOptions()
-	opts.InstallFlags(rootCmd.Flags())
+	flags := rootCmd.Flags()
+
+	flags.StringVar(&opts.ConfigDir, "config", config.Dir(), "Location of client config files")
+	opts.InstallFlags(flags)

 	cobra.AddTemplateFunc("add", func(a, b int) int { return a + b })
 	cobra.AddTemplateFunc("hasAliases", hasAliases)
@ -54,7 +58,7 @@ func setupCommonRootCommand(rootCmd *cobra.Command) (*cliflags.ClientOptions, *c
 	rootCmd.SetHelpCommand(helpCommand)

 	rootCmd.PersistentFlags().BoolP("help", "h", false, "Print usage")
-	rootCmd.PersistentFlags().MarkShorthandDeprecated("help", "use --help")
+	rootCmd.PersistentFlags().MarkShorthandDeprecated("help", "please use --help")
 	rootCmd.PersistentFlags().Lookup("help").Hidden = true

 	rootCmd.Annotations = map[string]string{
@ -69,20 +73,20 @@ func setupCommonRootCommand(rootCmd *cobra.Command) (*cliflags.ClientOptions, *c
 		}
 	}

-	return opts, helpCommand
+	return opts, flags, helpCommand
 }

 // SetupRootCommand sets default usage, help, and error handling for the
 // root command.
-func SetupRootCommand(rootCmd *cobra.Command) (opts *cliflags.ClientOptions, helpCmd *cobra.Command) {
+func SetupRootCommand(rootCmd *cobra.Command) (*cliflags.ClientOptions, *pflag.FlagSet, *cobra.Command) {
 	rootCmd.SetVersionTemplate("Docker version {{.Version}}\n")
 	return setupCommonRootCommand(rootCmd)
 }

 // SetupPluginRootCommand sets default usage, help and error handling for a plugin root command.
 func SetupPluginRootCommand(rootCmd *cobra.Command) (*cliflags.ClientOptions, *pflag.FlagSet) {
-	opts, _ := setupCommonRootCommand(rootCmd)
-	return opts, rootCmd.Flags()
+	opts, flags, _ := setupCommonRootCommand(rootCmd)
+	return opts, flags
 }

 // FlagErrorFunc prints an error message which matches the format of the
@ -176,7 +180,7 @@ func (tcmd *TopLevelCommand) HandleGlobalFlags() (*cobra.Command, []string, erro
 }

 // Initialize finalises global option parsing and initializes the docker client.
-func (tcmd *TopLevelCommand) Initialize(ops ...command.CLIOption) error {
+func (tcmd *TopLevelCommand) Initialize(ops ...command.InitializeOpt) error {
 	tcmd.opts.SetDefaultOptions(tcmd.flags)
 	return tcmd.dockerCli.Initialize(tcmd.opts, ops...)
 }
@ -422,7 +426,7 @@ func invalidPluginReason(cmd *cobra.Command) string {
 	return cmd.Annotations[pluginmanager.CommandAnnotationPluginInvalid]
 }

-const usageTemplate = `Usage:
+var usageTemplate = `Usage:

 {{- if not .HasSubCommands}}  {{.UseLine}}{{end}}
 {{- if .HasSubCommands}}  {{ .CommandPath}}{{- if .HasAvailableFlags}} [OPTIONS]{{end}} COMMAND{{end}}
@ -470,7 +474,7 @@ Common Commands:
 Management Commands:

 {{- range managementSubCommands . }}
-  {{rpad (decoratedName .) (add .NamePadding 1)}}{{.Short}}
+  {{rpad (decoratedName .) (add .NamePadding 1)}}{{.Short}}{{ if isPlugin .}} {{vendorAndVersion .}}{{ end}}
 {{- end}}

 {{- end}}
@ -479,7 +483,7 @@ Management Commands:
 Swarm Commands:

 {{- range orchestratorSubCommands . }}
-  {{rpad (decoratedName .) (add .NamePadding 1)}}{{.Short}}
+  {{rpad (decoratedName .) (add .NamePadding 1)}}{{.Short}}{{ if isPlugin .}} {{vendorAndVersion .}}{{ end}}
 {{- end}}

 {{- end}}
@ -521,5 +525,5 @@ Run '{{.CommandPath}} COMMAND --help' for more information on a command.
 {{- end}}
 `

-const helpTemplate = `
+var helpTemplate = `
 {{if or .Runnable .HasSubCommands}}{{.UsageString}}{{end}}`
--- a/cli/command/builder/client_test.go
+++ b/cli/command/builder/client_test.go
@ -1,20 +0,0 @@
-package builder
-
-import (
-	"context"
-
-	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/client"
-)
-
-type fakeClient struct {
-	client.Client
-	builderPruneFunc func(ctx context.Context, opts types.BuildCachePruneOptions) (*types.BuildCachePruneReport, error)
-}
-
-func (c *fakeClient) BuildCachePrune(ctx context.Context, opts types.BuildCachePruneOptions) (*types.BuildCachePruneReport, error) {
-	if c.builderPruneFunc != nil {
-		return c.builderPruneFunc(ctx, opts)
-	}
-	return nil, nil
-}
--- a/cli/command/builder/prune.go
+++ b/cli/command/builder/prune.go
@ -2,7 +2,6 @@ package builder

 import (
 	"context"
-	"errors"
 	"fmt"
 	"strings"

@ -11,7 +10,6 @@ import (
 	"github.com/docker/cli/cli/command/completion"
 	"github.com/docker/cli/opts"
 	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/errdefs"
 	units "github.com/docker/go-units"
 	"github.com/spf13/cobra"
 )
@ -32,7 +30,7 @@ func NewPruneCommand(dockerCli command.Cli) *cobra.Command {
 		Short: "Remove build cache",
 		Args:  cli.NoArgs,
 		RunE: func(cmd *cobra.Command, args []string) error {
-			spaceReclaimed, output, err := runPrune(cmd.Context(), dockerCli, options)
+			spaceReclaimed, output, err := runPrune(dockerCli, options)
 			if err != nil {
 				return err
 			}
@ -60,7 +58,7 @@ const (
 	allCacheWarning = `WARNING! This will remove all build cache. Are you sure you want to continue?`
 )

-func runPrune(ctx context.Context, dockerCli command.Cli, options pruneOptions) (spaceReclaimed uint64, output string, err error) {
+func runPrune(dockerCli command.Cli, options pruneOptions) (spaceReclaimed uint64, output string, err error) {
 	pruneFilters := options.filter.Value()
 	pruneFilters = command.PruneFilters(dockerCli, pruneFilters)

@ -68,17 +66,11 @@ func runPrune(ctx context.Context, dockerCli command.Cli, options pruneOptions)
 	if options.all {
 		warning = allCacheWarning
 	}
-	if !options.force {
-		r, err := command.PromptForConfirmation(ctx, dockerCli.In(), dockerCli.Out(), warning)
-		if err != nil {
-			return 0, "", err
-		}
-		if !r {
-			return 0, "", errdefs.Cancelled(errors.New("builder prune has been cancelled"))
-		}
+	if !options.force && !command.PromptForConfirmation(dockerCli.In(), dockerCli.Out(), warning) {
+		return 0, "", nil
 	}

-	report, err := dockerCli.Client().BuildCachePrune(ctx, types.BuildCachePruneOptions{
+	report, err := dockerCli.Client().BuildCachePrune(context.Background(), types.BuildCachePruneOptions{
 		All:         options.all,
 		KeepStorage: options.keepStorage.Value(),
 		Filters:     pruneFilters,
@ -101,6 +93,6 @@ func runPrune(ctx context.Context, dockerCli command.Cli, options pruneOptions)
 }

 // CachePrune executes a prune command for build cache
-func CachePrune(ctx context.Context, dockerCli command.Cli, all bool, filter opts.FilterOpt) (uint64, string, error) {
-	return runPrune(ctx, dockerCli, pruneOptions{force: true, all: all, filter: filter})
+func CachePrune(dockerCli command.Cli, all bool, filter opts.FilterOpt) (uint64, string, error) {
+	return runPrune(dockerCli, pruneOptions{force: true, all: all, filter: filter})
 }
--- a/cli/command/builder/prune_test.go
+++ b/cli/command/builder/prune_test.go
@ -1,23 +0,0 @@
-package builder
-
-import (
-	"context"
-	"errors"
-	"testing"
-
-	"github.com/docker/cli/internal/test"
-	"github.com/docker/docker/api/types"
-)
-
-func TestBuilderPromptTermination(t *testing.T) {
-	ctx, cancel := context.WithCancel(context.Background())
-	t.Cleanup(cancel)
-
-	cli := test.NewFakeCli(&fakeClient{
-		builderPruneFunc: func(ctx context.Context, opts types.BuildCachePruneOptions) (*types.BuildCachePruneReport, error) {
-			return nil, errors.New("fakeClient builderPruneFunc should not be called")
-		},
-	})
-	cmd := NewPruneCommand(cli)
-	test.TerminatePrompt(ctx, t, cmd, cli)
-}
--- a/cli/command/checkpoint/client_test.go
+++ b/cli/command/checkpoint/client_test.go
@ -3,34 +3,34 @@ package checkpoint
 import (
 	"context"

-	"github.com/docker/docker/api/types/checkpoint"
+	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/client"
 )

 type fakeClient struct {
 	client.Client
-	checkpointCreateFunc func(container string, options checkpoint.CreateOptions) error
-	checkpointDeleteFunc func(container string, options checkpoint.DeleteOptions) error
-	checkpointListFunc   func(container string, options checkpoint.ListOptions) ([]checkpoint.Summary, error)
+	checkpointCreateFunc func(container string, options types.CheckpointCreateOptions) error
+	checkpointDeleteFunc func(container string, options types.CheckpointDeleteOptions) error
+	checkpointListFunc   func(container string, options types.CheckpointListOptions) ([]types.Checkpoint, error)
 }

-func (cli *fakeClient) CheckpointCreate(_ context.Context, container string, options checkpoint.CreateOptions) error {
+func (cli *fakeClient) CheckpointCreate(_ context.Context, container string, options types.CheckpointCreateOptions) error {
 	if cli.checkpointCreateFunc != nil {
 		return cli.checkpointCreateFunc(container, options)
 	}
 	return nil
 }

-func (cli *fakeClient) CheckpointDelete(_ context.Context, container string, options checkpoint.DeleteOptions) error {
+func (cli *fakeClient) CheckpointDelete(_ context.Context, container string, options types.CheckpointDeleteOptions) error {
 	if cli.checkpointDeleteFunc != nil {
 		return cli.checkpointDeleteFunc(container, options)
 	}
 	return nil
 }

-func (cli *fakeClient) CheckpointList(_ context.Context, container string, options checkpoint.ListOptions) ([]checkpoint.Summary, error) {
+func (cli *fakeClient) CheckpointList(_ context.Context, container string, options types.CheckpointListOptions) ([]types.Checkpoint, error) {
 	if cli.checkpointListFunc != nil {
 		return cli.checkpointListFunc(container, options)
 	}
-	return []checkpoint.Summary{}, nil
+	return []types.Checkpoint{}, nil
 }
--- a/cli/command/checkpoint/create.go
+++ b/cli/command/checkpoint/create.go
@ -7,7 +7,7 @@ import (
 	"github.com/docker/cli/cli"
 	"github.com/docker/cli/cli/command"
 	"github.com/docker/cli/cli/command/completion"
-	"github.com/docker/docker/api/types/checkpoint"
+	"github.com/docker/docker/api/types"
 	"github.com/spf13/cobra"
 )

@ -28,24 +28,28 @@ func newCreateCommand(dockerCli command.Cli) *cobra.Command {
 		RunE: func(cmd *cobra.Command, args []string) error {
 			opts.container = args[0]
 			opts.checkpoint = args[1]
-			return runCreate(cmd.Context(), dockerCli, opts)
+			return runCreate(dockerCli, opts)
 		},
 		ValidArgsFunction: completion.NoComplete,
 	}

 	flags := cmd.Flags()
 	flags.BoolVar(&opts.leaveRunning, "leave-running", false, "Leave the container running after checkpoint")
-	flags.StringVar(&opts.checkpointDir, "checkpoint-dir", "", "Use a custom checkpoint storage directory")
+	flags.StringVarP(&opts.checkpointDir, "checkpoint-dir", "", "", "Use a custom checkpoint storage directory")

 	return cmd
 }

-func runCreate(ctx context.Context, dockerCli command.Cli, opts createOptions) error {
-	err := dockerCli.Client().CheckpointCreate(ctx, opts.container, checkpoint.CreateOptions{
+func runCreate(dockerCli command.Cli, opts createOptions) error {
+	client := dockerCli.Client()
+
+	checkpointOpts := types.CheckpointCreateOptions{
 		CheckpointID:  opts.checkpoint,
 		CheckpointDir: opts.checkpointDir,
 		Exit:          !opts.leaveRunning,
-	})
+	}
+
+	err := client.CheckpointCreate(context.Background(), opts.container, checkpointOpts)
 	if err != nil {
 		return err
 	}
--- a/cli/command/checkpoint/create_test.go
+++ b/cli/command/checkpoint/create_test.go
@ -6,7 +6,7 @@ import (
 	"testing"

 	"github.com/docker/cli/internal/test"
-	"github.com/docker/docker/api/types/checkpoint"
+	"github.com/docker/docker/api/types"
 	"github.com/pkg/errors"
 	"gotest.tools/v3/assert"
 	is "gotest.tools/v3/assert/cmp"
@ -15,7 +15,7 @@ import (
 func TestCheckpointCreateErrors(t *testing.T) {
 	testCases := []struct {
 		args                 []string
-		checkpointCreateFunc func(container string, options checkpoint.CreateOptions) error
+		checkpointCreateFunc func(container string, options types.CheckpointCreateOptions) error
 		expectedError        string
 	}{
 		{
@ -28,7 +28,7 @@ func TestCheckpointCreateErrors(t *testing.T) {
 		},
 		{
 			args: []string{"foo", "bar"},
-			checkpointCreateFunc: func(container string, options checkpoint.CreateOptions) error {
+			checkpointCreateFunc: func(container string, options types.CheckpointCreateOptions) error {
 				return errors.Errorf("error creating checkpoint for container foo")
 			},
 			expectedError: "error creating checkpoint for container foo",
@ -50,7 +50,7 @@ func TestCheckpointCreateWithOptions(t *testing.T) {
 	var containerID, checkpointID, checkpointDir string
 	var exit bool
 	cli := test.NewFakeCli(&fakeClient{
-		checkpointCreateFunc: func(container string, options checkpoint.CreateOptions) error {
+		checkpointCreateFunc: func(container string, options types.CheckpointCreateOptions) error {
 			containerID = container
 			checkpointID = options.CheckpointID
 			checkpointDir = options.CheckpointDir
@ -59,14 +59,14 @@ func TestCheckpointCreateWithOptions(t *testing.T) {
 		},
 	})
 	cmd := newCreateCommand(cli)
-	cp := "checkpoint-bar"
-	cmd.SetArgs([]string{"container-foo", cp})
+	checkpoint := "checkpoint-bar"
+	cmd.SetArgs([]string{"container-foo", checkpoint})
 	cmd.Flags().Set("leave-running", "true")
 	cmd.Flags().Set("checkpoint-dir", "/dir/foo")
 	assert.NilError(t, cmd.Execute())
 	assert.Check(t, is.Equal("container-foo", containerID))
-	assert.Check(t, is.Equal(cp, checkpointID))
+	assert.Check(t, is.Equal(checkpoint, checkpointID))
 	assert.Check(t, is.Equal("/dir/foo", checkpointDir))
 	assert.Check(t, is.Equal(false, exit))
-	assert.Check(t, is.Equal(cp, strings.TrimSpace(cli.OutBuffer().String())))
+	assert.Check(t, is.Equal(checkpoint, strings.TrimSpace(cli.OutBuffer().String())))
 }
--- a/cli/command/checkpoint/formatter.go
+++ b/cli/command/checkpoint/formatter.go
@ -2,27 +2,29 @@ package checkpoint

 import (
 	"github.com/docker/cli/cli/command/formatter"
-	"github.com/docker/docker/api/types/checkpoint"
+	"github.com/docker/docker/api/types"
 )

 const (
 	defaultCheckpointFormat = "table {{.Name}}"
-	checkpointNameHeader    = "CHECKPOINT NAME"
+
+	checkpointNameHeader = "CHECKPOINT NAME"
 )

 // NewFormat returns a format for use with a checkpoint Context
 func NewFormat(source string) formatter.Format {
-	if source == formatter.TableFormatKey {
+	switch source {
+	case formatter.TableFormatKey:
 		return defaultCheckpointFormat
 	}
 	return formatter.Format(source)
 }

 // FormatWrite writes formatted checkpoints using the Context
-func FormatWrite(ctx formatter.Context, checkpoints []checkpoint.Summary) error {
+func FormatWrite(ctx formatter.Context, checkpoints []types.Checkpoint) error {
 	render := func(format func(subContext formatter.SubContext) error) error {
-		for _, cp := range checkpoints {
-			if err := format(&checkpointContext{c: cp}); err != nil {
+		for _, checkpoint := range checkpoints {
+			if err := format(&checkpointContext{c: checkpoint}); err != nil {
 				return err
 			}
 		}
@ -33,7 +35,7 @@ func FormatWrite(ctx formatter.Context, checkpoints []checkpoint.Summary) error

 type checkpointContext struct {
 	formatter.HeaderContext
-	c checkpoint.Summary
+	c types.Checkpoint
 }

 func newCheckpointContext() *checkpointContext {
--- a/cli/command/checkpoint/formatter_test.go
+++ b/cli/command/checkpoint/formatter_test.go
@ -5,7 +5,7 @@ import (
 	"testing"

 	"github.com/docker/cli/cli/command/formatter"
-	"github.com/docker/docker/api/types/checkpoint"
+	"github.com/docker/docker/api/types"
 	"gotest.tools/v3/assert"
 )

@ -38,14 +38,15 @@ checkpoint-3:
 		},
 	}

+	checkpoints := []types.Checkpoint{
+		{Name: "checkpoint-1"},
+		{Name: "checkpoint-2"},
+		{Name: "checkpoint-3"},
+	}
 	for _, testcase := range cases {
 		out := bytes.NewBufferString("")
 		testcase.context.Output = out
-		err := FormatWrite(testcase.context, []checkpoint.Summary{
-			{Name: "checkpoint-1"},
-			{Name: "checkpoint-2"},
-			{Name: "checkpoint-3"},
-		})
+		err := FormatWrite(testcase.context, checkpoints)
 		assert.NilError(t, err)
 		assert.Equal(t, out.String(), testcase.expected)
 	}
--- a/cli/command/checkpoint/list.go
+++ b/cli/command/checkpoint/list.go
@ -7,7 +7,7 @@ import (
 	"github.com/docker/cli/cli/command"
 	"github.com/docker/cli/cli/command/completion"
 	"github.com/docker/cli/cli/command/formatter"
-	"github.com/docker/docker/api/types/checkpoint"
+	"github.com/docker/docker/api/types"
 	"github.com/spf13/cobra"
 )

@ -24,21 +24,25 @@ func newListCommand(dockerCli command.Cli) *cobra.Command {
 		Short:   "List checkpoints for a container",
 		Args:    cli.ExactArgs(1),
 		RunE: func(cmd *cobra.Command, args []string) error {
-			return runList(cmd.Context(), dockerCli, args[0], opts)
+			return runList(dockerCli, args[0], opts)
 		},
 		ValidArgsFunction: completion.ContainerNames(dockerCli, false),
 	}

 	flags := cmd.Flags()
-	flags.StringVar(&opts.checkpointDir, "checkpoint-dir", "", "Use a custom checkpoint storage directory")
+	flags.StringVarP(&opts.checkpointDir, "checkpoint-dir", "", "", "Use a custom checkpoint storage directory")

 	return cmd
 }

-func runList(ctx context.Context, dockerCli command.Cli, container string, opts listOptions) error {
-	checkpoints, err := dockerCli.Client().CheckpointList(ctx, container, checkpoint.ListOptions{
+func runList(dockerCli command.Cli, container string, opts listOptions) error {
+	client := dockerCli.Client()
+
+	listOpts := types.CheckpointListOptions{
 		CheckpointDir: opts.checkpointDir,
-	})
+	}
+
+	checkpoints, err := client.CheckpointList(context.Background(), container, listOpts)
 	if err != nil {
 		return err
 	}
--- a/cli/command/checkpoint/list_test.go
+++ b/cli/command/checkpoint/list_test.go
@ -5,7 +5,7 @@ import (
 	"testing"

 	"github.com/docker/cli/internal/test"
-	"github.com/docker/docker/api/types/checkpoint"
+	"github.com/docker/docker/api/types"
 	"github.com/pkg/errors"
 	"gotest.tools/v3/assert"
 	is "gotest.tools/v3/assert/cmp"
@ -15,7 +15,7 @@ import (
 func TestCheckpointListErrors(t *testing.T) {
 	testCases := []struct {
 		args               []string
-		checkpointListFunc func(container string, options checkpoint.ListOptions) ([]checkpoint.Summary, error)
+		checkpointListFunc func(container string, options types.CheckpointListOptions) ([]types.Checkpoint, error)
 		expectedError      string
 	}{
 		{
@ -28,8 +28,8 @@ func TestCheckpointListErrors(t *testing.T) {
 		},
 		{
 			args: []string{"foo"},
-			checkpointListFunc: func(container string, options checkpoint.ListOptions) ([]checkpoint.Summary, error) {
-				return []checkpoint.Summary{}, errors.Errorf("error getting checkpoints for container foo")
+			checkpointListFunc: func(container string, options types.CheckpointListOptions) ([]types.Checkpoint, error) {
+				return []types.Checkpoint{}, errors.Errorf("error getting checkpoints for container foo")
 			},
 			expectedError: "error getting checkpoints for container foo",
 		},
@ -49,10 +49,10 @@ func TestCheckpointListErrors(t *testing.T) {
 func TestCheckpointListWithOptions(t *testing.T) {
 	var containerID, checkpointDir string
 	cli := test.NewFakeCli(&fakeClient{
-		checkpointListFunc: func(container string, options checkpoint.ListOptions) ([]checkpoint.Summary, error) {
+		checkpointListFunc: func(container string, options types.CheckpointListOptions) ([]types.Checkpoint, error) {
 			containerID = container
 			checkpointDir = options.CheckpointDir
-			return []checkpoint.Summary{
+			return []types.Checkpoint{
 				{Name: "checkpoint-foo"},
 			}, nil
 		},
--- a/cli/command/checkpoint/remove.go
+++ b/cli/command/checkpoint/remove.go
@ -5,7 +5,7 @@ import (

 	"github.com/docker/cli/cli"
 	"github.com/docker/cli/cli/command"
-	"github.com/docker/docker/api/types/checkpoint"
+	"github.com/docker/docker/api/types"
 	"github.com/spf13/cobra"
 )

@ -22,19 +22,23 @@ func newRemoveCommand(dockerCli command.Cli) *cobra.Command {
 		Short:   "Remove a checkpoint",
 		Args:    cli.ExactArgs(2),
 		RunE: func(cmd *cobra.Command, args []string) error {
-			return runRemove(cmd.Context(), dockerCli, args[0], args[1], opts)
+			return runRemove(dockerCli, args[0], args[1], opts)
 		},
 	}

 	flags := cmd.Flags()
-	flags.StringVar(&opts.checkpointDir, "checkpoint-dir", "", "Use a custom checkpoint storage directory")
+	flags.StringVarP(&opts.checkpointDir, "checkpoint-dir", "", "", "Use a custom checkpoint storage directory")

 	return cmd
 }

-func runRemove(ctx context.Context, dockerCli command.Cli, container string, checkpointID string, opts removeOptions) error {
-	return dockerCli.Client().CheckpointDelete(ctx, container, checkpoint.DeleteOptions{
-		CheckpointID:  checkpointID,
+func runRemove(dockerCli command.Cli, container string, checkpoint string, opts removeOptions) error {
+	client := dockerCli.Client()
+
+	removeOpts := types.CheckpointDeleteOptions{
+		CheckpointID:  checkpoint,
 		CheckpointDir: opts.checkpointDir,
-	})
+	}
+
+	return client.CheckpointDelete(context.Background(), container, removeOpts)
 }
--- a/cli/command/checkpoint/remove_test.go
+++ b/cli/command/checkpoint/remove_test.go
@ -5,7 +5,7 @@ import (
 	"testing"

 	"github.com/docker/cli/internal/test"
-	"github.com/docker/docker/api/types/checkpoint"
+	"github.com/docker/docker/api/types"
 	"github.com/pkg/errors"
 	"gotest.tools/v3/assert"
 	is "gotest.tools/v3/assert/cmp"
@ -14,7 +14,7 @@ import (
 func TestCheckpointRemoveErrors(t *testing.T) {
 	testCases := []struct {
 		args                 []string
-		checkpointDeleteFunc func(container string, options checkpoint.DeleteOptions) error
+		checkpointDeleteFunc func(container string, options types.CheckpointDeleteOptions) error
 		expectedError        string
 	}{
 		{
@ -27,7 +27,7 @@ func TestCheckpointRemoveErrors(t *testing.T) {
 		},
 		{
 			args: []string{"foo", "bar"},
-			checkpointDeleteFunc: func(container string, options checkpoint.DeleteOptions) error {
+			checkpointDeleteFunc: func(container string, options types.CheckpointDeleteOptions) error {
 				return errors.Errorf("error deleting checkpoint")
 			},
 			expectedError: "error deleting checkpoint",
@ -48,7 +48,7 @@ func TestCheckpointRemoveErrors(t *testing.T) {
 func TestCheckpointRemoveWithOptions(t *testing.T) {
 	var containerID, checkpointID, checkpointDir string
 	cli := test.NewFakeCli(&fakeClient{
-		checkpointDeleteFunc: func(container string, options checkpoint.DeleteOptions) error {
+		checkpointDeleteFunc: func(container string, options types.CheckpointDeleteOptions) error {
 			containerID = container
 			checkpointID = options.CheckpointID
 			checkpointDir = options.CheckpointDir
--- a/cli/command/cli.go
+++ b/cli/command/cli.go
@ -1,6 +1,3 @@
-// FIXME(thaJeztah): remove once we are a module; the go:build directive prevents go from downgrading language version to go1.16:
-//go:build go1.21
-
 package command

 import (
@ -11,6 +8,7 @@ import (
 	"path/filepath"
 	"runtime"
 	"strconv"
+	"strings"
 	"sync"
 	"time"

@ -44,15 +42,17 @@ const defaultInitTimeout = 2 * time.Second
 type Streams interface {
 	In() *streams.In
 	Out() *streams.Out
-	Err() *streams.Out
+	Err() io.Writer
 }

 // Cli represents the docker command line client.
 type Cli interface {
 	Client() client.APIClient
-	Streams
+	Out() *streams.Out
+	Err() io.Writer
+	In() *streams.In
 	SetIn(in *streams.In)
-	Apply(ops ...CLIOption) error
+	Apply(ops ...DockerCliOption) error
 	ConfigFile() *configfile.ConfigFile
 	ServerInfo() ServerInfo
 	NotaryClient(imgRefAndAuth trust.ImageRefAndAuth, actions []string) (notaryclient.Repository, error)
@ -65,7 +65,6 @@ type Cli interface {
 	ContextStore() store.Store
 	CurrentContext() string
 	DockerEndpoint() docker.Endpoint
-	TelemetryClient
 }

 // DockerCli is an instance the docker command line client.
@ -75,7 +74,7 @@ type DockerCli struct {
 	options            *cliflags.ClientOptions
 	in                 *streams.In
 	out                *streams.Out
-	err                *streams.Out
+	err                io.Writer
 	client             client.APIClient
 	serverInfo         ServerInfo
 	contentTrust       bool
@ -86,14 +85,6 @@ type DockerCli struct {
 	dockerEndpoint     docker.Endpoint
 	contextStoreConfig store.Config
 	initTimeout        time.Duration
-	res                telemetryResource
-
-	// baseCtx is the base context used for internal operations. In the future
-	// this may be replaced by explicitly passing a context to functions that
-	// need it.
-	baseCtx context.Context
-
-	enableGlobalMeter, enableGlobalTracer bool
 }

 // DefaultVersion returns api.defaultVersion.
@ -126,7 +117,7 @@ func (cli *DockerCli) Out() *streams.Out {
 }

 // Err returns the writer used for stderr
-func (cli *DockerCli) Err() *streams.Out {
+func (cli *DockerCli) Err() io.Writer {
 	return cli.err
 }

@ -186,48 +177,9 @@ func (cli *DockerCli) BuildKitEnabled() (bool, error) {
 	if _, ok := aliasMap["builder"]; ok {
 		return true, nil
 	}
-
-	si := cli.ServerInfo()
-	if si.BuildkitVersion == types.BuilderBuildKit {
-		// The daemon advertised BuildKit as the preferred builder; this may
-		// be either a Linux daemon or a Windows daemon with experimental
-		// BuildKit support enabled.
-		return true, nil
-	}
-
-	// otherwise, assume BuildKit is enabled for Linux, but disabled for
-	// Windows / WCOW, which does not yet support BuildKit by default.
-	return si.OSType != "windows", nil
-}
-
-// HooksEnabled returns whether plugin hooks are enabled.
-func (cli *DockerCli) HooksEnabled() bool {
-	// legacy support DOCKER_CLI_HINTS env var
-	if v := os.Getenv("DOCKER_CLI_HINTS"); v != "" {
-		enabled, err := strconv.ParseBool(v)
-		if err != nil {
-			return false
-		}
-		return enabled
-	}
-	// use DOCKER_CLI_HOOKS env var value if set and not empty
-	if v := os.Getenv("DOCKER_CLI_HOOKS"); v != "" {
-		enabled, err := strconv.ParseBool(v)
-		if err != nil {
-			return false
-		}
-		return enabled
-	}
-	featuresMap := cli.ConfigFile().Features
-	if v, ok := featuresMap["hooks"]; ok {
-		enabled, err := strconv.ParseBool(v)
-		if err != nil {
-			return false
-		}
-		return enabled
-	}
-	// default to false
-	return false
+	// otherwise, assume BuildKit is enabled but
+	// not if wcow reported from server side
+	return cli.ServerInfo().OSType != "windows", nil
 }

 // ManifestStore returns a store for local manifests
@ -239,14 +191,17 @@ func (cli *DockerCli) ManifestStore() manifeststore.Store {
 // RegistryClient returns a client for communicating with a Docker distribution
 // registry
 func (cli *DockerCli) RegistryClient(allowInsecure bool) registryclient.RegistryClient {
-	resolver := func(ctx context.Context, index *registry.IndexInfo) registry.AuthConfig {
-		return ResolveAuthConfig(cli.ConfigFile(), index)
+	resolver := func(ctx context.Context, index *registry.IndexInfo) types.AuthConfig {
+		return ResolveAuthConfig(ctx, cli, index)
 	}
 	return registryclient.NewRegistryClient(resolver, UserAgent(), allowInsecure)
 }

+// InitializeOpt is the type of the functional options passed to DockerCli.Initialize
+type InitializeOpt func(dockerCli *DockerCli) error
+
 // WithInitializeClient is passed to DockerCli.Initialize by callers who wish to set a particular API Client for use by the CLI.
-func WithInitializeClient(makeClient func(dockerCli *DockerCli) (client.APIClient, error)) CLIOption {
+func WithInitializeClient(makeClient func(dockerCli *DockerCli) (client.APIClient, error)) InitializeOpt {
 	return func(dockerCli *DockerCli) error {
 		var err error
 		dockerCli.client, err = makeClient(dockerCli)
@ -256,7 +211,7 @@ func WithInitializeClient(makeClient func(dockerCli *DockerCli) (client.APIClien

 // Initialize the dockerCli runs initialization that must happen after command
 // line flags are parsed.
-func (cli *DockerCli) Initialize(opts *cliflags.ClientOptions, ops ...CLIOption) error {
+func (cli *DockerCli) Initialize(opts *cliflags.ClientOptions, ops ...InitializeOpt) error {
 	for _, o := range ops {
 		if err := o(cli); err != nil {
 			return err
@ -284,15 +239,6 @@ func (cli *DockerCli) Initialize(opts *cliflags.ClientOptions, ops ...CLIOption)
 			return ResolveDefaultContext(cli.options, cli.contextStoreConfig)
 		},
 	}
-
-	// TODO(krissetto): pass ctx to the funcs instead of using this
-	if cli.enableGlobalMeter {
-		cli.createGlobalMeterProvider(cli.baseCtx)
-	}
-	if cli.enableGlobalTracer {
-		cli.createGlobalTracerProvider(cli.baseCtx)
-	}
-
 	return nil
 }

@ -317,20 +263,22 @@ func NewAPIClientFromFlags(opts *cliflags.ClientOptions, configFile *configfile.
 }

 func newAPIClientFromEndpoint(ep docker.Endpoint, configFile *configfile.ConfigFile) (client.APIClient, error) {
-	opts, err := ep.ClientOpts()
+	clientOpts, err := ep.ClientOpts()
 	if err != nil {
 		return nil, err
 	}
-	if len(configFile.HTTPHeaders) > 0 {
-		opts = append(opts, client.WithHTTPHeaders(configFile.HTTPHeaders))
+	customHeaders := make(map[string]string, len(configFile.HTTPHeaders))
+	for k, v := range configFile.HTTPHeaders {
+		customHeaders[k] = v
 	}
-	opts = append(opts, client.WithUserAgent(UserAgent()))
-	return client.NewClientWithOpts(opts...)
+	customHeaders["User-Agent"] = UserAgent()
+	clientOpts = append(clientOpts, client.WithHTTPHeaders(customHeaders))
+	return client.NewClientWithOpts(clientOpts...)
 }

 func resolveDockerEndpoint(s store.Reader, contextName string) (docker.Endpoint, error) {
 	if s == nil {
-		return docker.Endpoint{}, errors.New("no context store initialized")
+		return docker.Endpoint{}, fmt.Errorf("no context store initialized")
 	}
 	ctxMeta, err := s.GetMetadata(contextName)
 	if err != nil {
@ -380,8 +328,14 @@ func (cli *DockerCli) getInitTimeout() time.Duration {
 }

 func (cli *DockerCli) initializeFromClient() {
-	ctx, cancel := context.WithTimeout(cli.baseCtx, cli.getInitTimeout())
-	defer cancel()
+	ctx := context.Background()
+	if !strings.HasPrefix(cli.dockerEndpoint.Host, "ssh://") {
+		// @FIXME context.WithTimeout doesn't work with connhelper / ssh connections
+		// time="2020-04-10T10:16:26Z" level=warning msg="commandConn.CloseWrite: commandconn: failed to wait: signal: killed"
+		var cancel func()
+		ctx, cancel = context.WithTimeout(ctx, cli.getInitTimeout())
+		defer cancel()
+	}

 	ping, err := cli.client.Ping(ctx)
 	if err != nil {
@ -418,7 +372,7 @@ func (cli *DockerCli) ContextStore() store.Store {
 // order of preference:
 //
 //  1. The "--context" command-line option.
-//  2. The "DOCKER_CONTEXT" environment variable ([EnvOverrideContext]).
+//  2. The "DOCKER_CONTEXT" environment variable.
 //  3. The current context as configured through the in "currentContext"
 //     field in the CLI configuration file ("~/.docker/config.json").
 //  4. If no context is configured, use the "default" context.
@ -429,7 +383,7 @@ func (cli *DockerCli) ContextStore() store.Store {
 // the "default" context is used if:
 //
 //   - The "--host" option is set
-//   - The "DOCKER_HOST" ([client.EnvOverrideHost]) environment variable is set
+//   - The "DOCKER_HOST" ([DefaultContextName]) environment variable is set
 //     to a non-empty value.
 //
 // In these cases, the default context is used, which uses the host as
@ -450,7 +404,7 @@ func (cli *DockerCli) CurrentContext() string {
 // occur when trying to use it.
 //
 // Refer to [DockerCli.CurrentContext] above for further details.
-func resolveContextName(opts *cliflags.ClientOptions, cfg *configfile.ConfigFile) string {
+func resolveContextName(opts *cliflags.ClientOptions, config *configfile.ConfigFile) string {
 	if opts != nil && opts.Context != "" {
 		return opts.Context
 	}
@ -460,12 +414,12 @@ func resolveContextName(opts *cliflags.ClientOptions, cfg *configfile.ConfigFile
 	if os.Getenv(client.EnvOverrideHost) != "" {
 		return DefaultContextName
 	}
-	if ctxName := os.Getenv(EnvOverrideContext); ctxName != "" {
+	if ctxName := os.Getenv("DOCKER_CONTEXT"); ctxName != "" {
 		return ctxName
 	}
-	if cfg != nil && cfg.CurrentContext != "" {
+	if config != nil && config.CurrentContext != "" {
 		// We don't validate if this context exists: errors may occur when trying to use it.
-		return cfg.CurrentContext
+		return config.CurrentContext
 	}
 	return DefaultContextName
 }
@ -500,16 +454,13 @@ func (cli *DockerCli) initialize() error {
 				return
 			}
 		}
-		if cli.baseCtx == nil {
-			cli.baseCtx = context.Background()
-		}
 		cli.initializeFromClient()
 	})
 	return cli.initErr
 }

 // Apply all the operation on the cli
-func (cli *DockerCli) Apply(ops ...CLIOption) error {
+func (cli *DockerCli) Apply(ops ...DockerCliOption) error {
 	for _, op := range ops {
 		if err := op(cli); err != nil {
 			return err
@ -538,15 +489,15 @@ type ServerInfo struct {
 // NewDockerCli returns a DockerCli instance with all operators applied on it.
 // It applies by default the standard streams, and the content trust from
 // environment.
-func NewDockerCli(ops ...CLIOption) (*DockerCli, error) {
-	defaultOps := []CLIOption{
+func NewDockerCli(ops ...DockerCliOption) (*DockerCli, error) {
+	defaultOps := []DockerCliOption{
 		WithContentTrustFromEnv(),
 		WithDefaultContextStoreConfig(),
 		WithStandardStreams(),
 	}
 	ops = append(defaultOps, ops...)

-	cli := &DockerCli{baseCtx: context.Background()}
+	cli := &DockerCli{}
 	if err := cli.Apply(ops...); err != nil {
 		return nil, err
 	}
@ -561,7 +512,7 @@ func getServerHost(hosts []string, tlsOptions *tlsconfig.Options) (string, error
 	case 1:
 		host = hosts[0]
 	default:
-		return "", errors.New("Specify only one -H")
+		return "", errors.New("Please specify only one -H")
 	}

 	return dopts.ParseHost(tlsOptions != nil, host)
@ -573,7 +524,7 @@ func UserAgent() string {
 }

 var defaultStoreEndpoints = []store.NamedTypeGetter{
-	store.EndpointTypeGetter(docker.DockerEndpoint, func() any { return &docker.EndpointMeta{} }),
+	store.EndpointTypeGetter(docker.DockerEndpoint, func() interface{} { return &docker.EndpointMeta{} }),
 }

 // RegisterDefaultStoreEndpoints registers a new named endpoint
@ -587,7 +538,7 @@ func RegisterDefaultStoreEndpoints(ep ...store.NamedTypeGetter) {
 // DefaultContextStoreConfig returns a new store.Config with the default set of endpoints configured.
 func DefaultContextStoreConfig() store.Config {
 	return store.NewConfig(
-		func() any { return &DockerContext{} },
+		func() interface{} { return &DockerContext{} },
 		defaultStoreEndpoints...,
 	)
 }
--- a/cli/command/cli_options.go
+++ b/cli/command/cli_options.go
@ -1,7 +1,6 @@
 package command

 import (
-	"context"
 	"io"
 	"os"
 	"strconv"
@ -11,44 +10,32 @@ import (
 	"github.com/moby/term"
 )

-// CLIOption is a functional argument to apply options to a [DockerCli]. These
-// options can be passed to [NewDockerCli] to initialize a new CLI, or
-// applied with [DockerCli.Initialize] or [DockerCli.Apply].
-type CLIOption func(cli *DockerCli) error
+// DockerCliOption applies a modification on a DockerCli.
+type DockerCliOption func(cli *DockerCli) error

 // WithStandardStreams sets a cli in, out and err streams with the standard streams.
-func WithStandardStreams() CLIOption {
+func WithStandardStreams() DockerCliOption {
 	return func(cli *DockerCli) error {
 		// Set terminal emulation based on platform as required.
 		stdin, stdout, stderr := term.StdStreams()
 		cli.in = streams.NewIn(stdin)
 		cli.out = streams.NewOut(stdout)
-		cli.err = streams.NewOut(stderr)
-		return nil
-	}
-}
-
-// WithBaseContext sets the base context of a cli. It is used to propagate
-// the context from the command line to the client.
-func WithBaseContext(ctx context.Context) CLIOption {
-	return func(cli *DockerCli) error {
-		cli.baseCtx = ctx
+		cli.err = stderr
 		return nil
 	}
 }

 // WithCombinedStreams uses the same stream for the output and error streams.
-func WithCombinedStreams(combined io.Writer) CLIOption {
+func WithCombinedStreams(combined io.Writer) DockerCliOption {
 	return func(cli *DockerCli) error {
-		s := streams.NewOut(combined)
-		cli.out = s
-		cli.err = s
+		cli.out = streams.NewOut(combined)
+		cli.err = combined
 		return nil
 	}
 }

 // WithInputStream sets a cli input stream.
-func WithInputStream(in io.ReadCloser) CLIOption {
+func WithInputStream(in io.ReadCloser) DockerCliOption {
 	return func(cli *DockerCli) error {
 		cli.in = streams.NewIn(in)
 		return nil
@ -56,7 +43,7 @@ func WithInputStream(in io.ReadCloser) CLIOption {
 }

 // WithOutputStream sets a cli output stream.
-func WithOutputStream(out io.Writer) CLIOption {
+func WithOutputStream(out io.Writer) DockerCliOption {
 	return func(cli *DockerCli) error {
 		cli.out = streams.NewOut(out)
 		return nil
@ -64,15 +51,15 @@ func WithOutputStream(out io.Writer) CLIOption {
 }

 // WithErrorStream sets a cli error stream.
-func WithErrorStream(err io.Writer) CLIOption {
+func WithErrorStream(err io.Writer) DockerCliOption {
 	return func(cli *DockerCli) error {
-		cli.err = streams.NewOut(err)
+		cli.err = err
 		return nil
 	}
 }

 // WithContentTrustFromEnv enables content trust on a cli from environment variable DOCKER_CONTENT_TRUST value.
-func WithContentTrustFromEnv() CLIOption {
+func WithContentTrustFromEnv() DockerCliOption {
 	return func(cli *DockerCli) error {
 		cli.contentTrust = false
 		if e := os.Getenv("DOCKER_CONTENT_TRUST"); e != "" {
@ -86,7 +73,7 @@ func WithContentTrustFromEnv() CLIOption {
 }

 // WithContentTrust enables content trust on a cli.
-func WithContentTrust(enabled bool) CLIOption {
+func WithContentTrust(enabled bool) DockerCliOption {
 	return func(cli *DockerCli) error {
 		cli.contentTrust = enabled
 		return nil
@ -94,7 +81,7 @@ func WithContentTrust(enabled bool) CLIOption {
 }

 // WithDefaultContextStoreConfig configures the cli to use the default context store configuration.
-func WithDefaultContextStoreConfig() CLIOption {
+func WithDefaultContextStoreConfig() DockerCliOption {
 	return func(cli *DockerCli) error {
 		cli.contextStoreConfig = DefaultContextStoreConfig()
 		return nil
@ -102,7 +89,7 @@ func WithDefaultContextStoreConfig() CLIOption {
 }

 // WithAPIClient configures the cli to use the given API client.
-func WithAPIClient(c client.APIClient) CLIOption {
+func WithAPIClient(c client.APIClient) DockerCliOption {
 	return func(cli *DockerCli) error {
 		cli.client = c
 		return nil
--- a/cli/command/cli_options_test.go
+++ b/cli/command/cli_options_test.go
@ -8,7 +8,6 @@ import (
 )

 func contentTrustEnabled(t *testing.T) bool {
-	t.Helper()
 	var cli DockerCli
 	assert.NilError(t, WithContentTrustFromEnv()(&cli))
 	return cli.contentTrust
--- a/cli/command/cli_test.go
+++ b/cli/command/cli_test.go
@ -18,7 +18,6 @@ import (
 	"github.com/docker/cli/cli/config"
 	"github.com/docker/cli/cli/config/configfile"
 	"github.com/docker/cli/cli/flags"
-	"github.com/docker/cli/cli/streams"
 	"github.com/docker/docker/api"
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/client"
@ -193,7 +192,7 @@ func TestInitializeFromClientHangs(t *testing.T) {
 	ts.Start()
 	defer ts.Close()

-	opts := &flags.ClientOptions{Hosts: []string{"unix://" + socket}}
+	opts := &flags.ClientOptions{Hosts: []string{fmt.Sprintf("unix://%s", socket)}}
 	configFile := &configfile.ConfigFile{}
 	apiClient, err := NewAPIClientFromFlags(opts, configFile)
 	assert.NilError(t, err)
@ -254,7 +253,7 @@ func TestExperimentalCLI(t *testing.T) {
 				},
 			}

-			cli := &DockerCli{client: apiclient, err: streams.NewOut(os.Stderr)}
+			cli := &DockerCli{client: apiclient, err: os.Stderr}
 			config.SetDir(dir.Path())
 			err := cli.Initialize(flags.NewClientOptions())
 			assert.NilError(t, err)
@ -308,56 +307,3 @@ func TestInitializeShouldAlwaysCreateTheContextStore(t *testing.T) {
 	})))
 	assert.Check(t, cli.ContextStore() != nil)
 }
-
-func TestHooksEnabled(t *testing.T) {
-	t.Run("disabled by default", func(t *testing.T) {
-		cli, err := NewDockerCli()
-		assert.NilError(t, err)
-
-		assert.Check(t, !cli.HooksEnabled())
-	})
-
-	t.Run("enabled in configFile", func(t *testing.T) {
-		configFile := `{
-    "features": {
-      "hooks": "true"
-    }}`
-		dir := fs.NewDir(t, "", fs.WithFile("config.json", configFile))
-		defer dir.Remove()
-		cli, err := NewDockerCli()
-		assert.NilError(t, err)
-		config.SetDir(dir.Path())
-
-		assert.Check(t, cli.HooksEnabled())
-	})
-
-	t.Run("env var overrides configFile", func(t *testing.T) {
-		configFile := `{
-    "features": {
-      "hooks": "true"
-    }}`
-		t.Setenv("DOCKER_CLI_HOOKS", "false")
-		dir := fs.NewDir(t, "", fs.WithFile("config.json", configFile))
-		defer dir.Remove()
-		cli, err := NewDockerCli()
-		assert.NilError(t, err)
-		config.SetDir(dir.Path())
-
-		assert.Check(t, !cli.HooksEnabled())
-	})
-
-	t.Run("legacy env var overrides configFile", func(t *testing.T) {
-		configFile := `{
-    "features": {
-      "hooks": "true"
-    }}`
-		t.Setenv("DOCKER_CLI_HINTS", "false")
-		dir := fs.NewDir(t, "", fs.WithFile("config.json", configFile))
-		defer dir.Remove()
-		cli, err := NewDockerCli()
-		assert.NilError(t, err)
-		config.SetDir(dir.Path())
-
-		assert.Check(t, !cli.HooksEnabled())
-	})
-}
--- a/cli/command/completion/functions.go
+++ b/cli/command/completion/functions.go
@ -3,39 +3,26 @@ package completion
 import (
 	"os"

+	"github.com/docker/cli/cli/command"
 	"github.com/docker/cli/cli/command/formatter"
 	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/api/types/container"
-	"github.com/docker/docker/api/types/image"
-	"github.com/docker/docker/api/types/network"
-	"github.com/docker/docker/api/types/volume"
-	"github.com/docker/docker/client"
+	"github.com/docker/docker/api/types/filters"
 	"github.com/spf13/cobra"
 )

 // ValidArgsFn a function to be used by cobra command as `ValidArgsFunction` to offer command line completion
 type ValidArgsFn func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective)

-// APIClientProvider provides a method to get an [client.APIClient], initializing
-// it if needed.
-//
-// It's a smaller interface than [command.Cli], and used in situations where an
-// APIClient is needed, but we want to postpone initializing the client until
-// it's used.
-type APIClientProvider interface {
-	Client() client.APIClient
-}
-
 // ImageNames offers completion for images present within the local store
-func ImageNames(dockerCLI APIClientProvider) ValidArgsFn {
+func ImageNames(dockerCli command.Cli) ValidArgsFn {
 	return func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
-		list, err := dockerCLI.Client().ImageList(cmd.Context(), image.ListOptions{})
+		list, err := dockerCli.Client().ImageList(cmd.Context(), types.ImageListOptions{})
 		if err != nil {
 			return nil, cobra.ShellCompDirectiveError
 		}
 		var names []string
-		for _, img := range list {
-			names = append(names, img.RepoTags...)
+		for _, image := range list {
+			names = append(names, image.RepoTags...)
 		}
 		return names, cobra.ShellCompDirectiveNoFileComp
 	}
@ -44,9 +31,9 @@ func ImageNames(dockerCLI APIClientProvider) ValidArgsFn {
 // ContainerNames offers completion for container names and IDs
 // By default, only names are returned.
 // Set DOCKER_COMPLETION_SHOW_CONTAINER_IDS=yes to also complete IDs.
-func ContainerNames(dockerCLI APIClientProvider, all bool, filters ...func(types.Container) bool) ValidArgsFn {
+func ContainerNames(dockerCli command.Cli, all bool, filters ...func(types.Container) bool) ValidArgsFn {
 	return func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
-		list, err := dockerCLI.Client().ContainerList(cmd.Context(), container.ListOptions{
+		list, err := dockerCli.Client().ContainerList(cmd.Context(), types.ContainerListOptions{
 			All: all,
 		})
 		if err != nil {
@ -56,10 +43,10 @@ func ContainerNames(dockerCLI APIClientProvider, all bool, filters ...func(types
 		showContainerIDs := os.Getenv("DOCKER_COMPLETION_SHOW_CONTAINER_IDS") == "yes"

 		var names []string
-		for _, ctr := range list {
+		for _, container := range list {
 			skip := false
 			for _, fn := range filters {
-				if !fn(ctr) {
+				if !fn(container) {
 					skip = true
 					break
 				}
@ -68,45 +55,45 @@ func ContainerNames(dockerCLI APIClientProvider, all bool, filters ...func(types
 				continue
 			}
 			if showContainerIDs {
-				names = append(names, ctr.ID)
+				names = append(names, container.ID)
 			}
-			names = append(names, formatter.StripNamePrefix(ctr.Names)...)
+			names = append(names, formatter.StripNamePrefix(container.Names)...)
 		}
 		return names, cobra.ShellCompDirectiveNoFileComp
 	}
 }

 // VolumeNames offers completion for volumes
-func VolumeNames(dockerCLI APIClientProvider) ValidArgsFn {
+func VolumeNames(dockerCli command.Cli) ValidArgsFn {
 	return func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
-		list, err := dockerCLI.Client().VolumeList(cmd.Context(), volume.ListOptions{})
+		list, err := dockerCli.Client().VolumeList(cmd.Context(), filters.Args{})
 		if err != nil {
 			return nil, cobra.ShellCompDirectiveError
 		}
 		var names []string
-		for _, vol := range list.Volumes {
-			names = append(names, vol.Name)
+		for _, volume := range list.Volumes {
+			names = append(names, volume.Name)
 		}
 		return names, cobra.ShellCompDirectiveNoFileComp
 	}
 }

 // NetworkNames offers completion for networks
-func NetworkNames(dockerCLI APIClientProvider) ValidArgsFn {
+func NetworkNames(dockerCli command.Cli) ValidArgsFn {
 	return func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
-		list, err := dockerCLI.Client().NetworkList(cmd.Context(), network.ListOptions{})
+		list, err := dockerCli.Client().NetworkList(cmd.Context(), types.NetworkListOptions{})
 		if err != nil {
 			return nil, cobra.ShellCompDirectiveError
 		}
 		var names []string
-		for _, nw := range list {
-			names = append(names, nw.Name)
+		for _, network := range list {
+			names = append(names, network.Name)
 		}
 		return names, cobra.ShellCompDirectiveNoFileComp
 	}
 }

 // NoComplete is used for commands where there's no relevant completion
-func NoComplete(_ *cobra.Command, _ []string, _ string) ([]string, cobra.ShellCompDirective) {
+func NoComplete(*cobra.Command, []string, string) ([]string, cobra.ShellCompDirective) {
 	return nil, cobra.ShellCompDirectiveNoFileComp
 }
--- a/cli/command/config/cmd.go
+++ b/cli/command/config/cmd.go
@ -30,9 +30,9 @@ func NewConfigCommand(dockerCli command.Cli) *cobra.Command {
 }

 // completeNames offers completion for swarm configs
-func completeNames(dockerCLI completion.APIClientProvider) completion.ValidArgsFn {
+func completeNames(dockerCli command.Cli) completion.ValidArgsFn {
 	return func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
-		list, err := dockerCLI.Client().ConfigList(cmd.Context(), types.ConfigListOptions{})
+		list, err := dockerCli.Client().ConfigList(cmd.Context(), types.ConfigListOptions{})
 		if err != nil {
 			return nil, cobra.ShellCompDirectiveError
 		}
--- a/cli/command/config/create.go
+++ b/cli/command/config/create.go
@ -35,7 +35,7 @@ func newConfigCreateCommand(dockerCli command.Cli) *cobra.Command {
 		RunE: func(cmd *cobra.Command, args []string) error {
 			createOpts.Name = args[0]
 			createOpts.File = args[1]
-			return RunConfigCreate(cmd.Context(), dockerCli, createOpts)
+			return RunConfigCreate(dockerCli, createOpts)
 		},
 		ValidArgsFunction: completion.NoComplete,
 	}
@ -48,8 +48,9 @@ func newConfigCreateCommand(dockerCli command.Cli) *cobra.Command {
 }

 // RunConfigCreate creates a config with the given options.
-func RunConfigCreate(ctx context.Context, dockerCli command.Cli, options CreateOptions) error {
+func RunConfigCreate(dockerCli command.Cli, options CreateOptions) error {
 	client := dockerCli.Client()
+	ctx := context.Background()

 	var in io.Reader = dockerCli.In()
 	if options.File != "-" {
--- a/cli/command/config/formatter.go
+++ b/cli/command/config/formatter.go
@ -101,9 +101,9 @@ func (c *configContext) Labels() string {
 	if mapLabels == nil {
 		return ""
 	}
-	joinLabels := make([]string, 0, len(mapLabels))
+	var joinLabels []string
 	for k, v := range mapLabels {
-		joinLabels = append(joinLabels, k+"="+v)
+		joinLabels = append(joinLabels, fmt.Sprintf("%s=%s", k, v))
 	}
 	return strings.Join(joinLabels, ",")
 }
--- a/cli/command/config/inspect.go
+++ b/cli/command/config/inspect.go
@ -1,6 +1,3 @@
-// FIXME(thaJeztah): remove once we are a module; the go:build directive prevents go from downgrading language version to go1.16:
-//go:build go1.21
-
 package config

 import (
@ -30,7 +27,7 @@ func newConfigInspectCommand(dockerCli command.Cli) *cobra.Command {
 		Args:  cli.RequiresMinArgs(1),
 		RunE: func(cmd *cobra.Command, args []string) error {
 			opts.Names = args
-			return RunConfigInspect(cmd.Context(), dockerCli, opts)
+			return RunConfigInspect(dockerCli, opts)
 		},
 		ValidArgsFunction: func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
 			return completeNames(dockerCli)(cmd, args, toComplete)
@ -43,14 +40,15 @@ func newConfigInspectCommand(dockerCli command.Cli) *cobra.Command {
 }

 // RunConfigInspect inspects the given Swarm config.
-func RunConfigInspect(ctx context.Context, dockerCli command.Cli, opts InspectOptions) error {
+func RunConfigInspect(dockerCli command.Cli, opts InspectOptions) error {
 	client := dockerCli.Client()
+	ctx := context.Background()

 	if opts.Pretty {
 		opts.Format = "pretty"
 	}

-	getRef := func(id string) (any, []byte, error) {
+	getRef := func(id string) (interface{}, []byte, error) {
 		return client.ConfigInspectWithRaw(ctx, id)
 	}
 	f := opts.Format
--- a/cli/command/config/inspect_test.go
+++ b/cli/command/config/inspect_test.go
@ -8,7 +8,7 @@ import (
 	"time"

 	"github.com/docker/cli/internal/test"
-	"github.com/docker/cli/internal/test/builders"
+	. "github.com/docker/cli/internal/test/builders" // Import builders to get the builder function as package function
 	"github.com/docker/docker/api/types/swarm"
 	"github.com/pkg/errors"
 	"gotest.tools/v3/assert"
@ -43,7 +43,7 @@ func TestConfigInspectErrors(t *testing.T) {
 			args: []string{"foo", "bar"},
 			configInspectFunc: func(_ context.Context, configID string) (swarm.Config, []byte, error) {
 				if configID == "foo" {
-					return *builders.Config(builders.ConfigName("foo")), nil, nil
+					return *Config(ConfigName("foo")), nil, nil
 				}
 				return swarm.Config{}, nil, errors.Errorf("error while inspecting the config")
 			},
@ -58,7 +58,7 @@ func TestConfigInspectErrors(t *testing.T) {
 		)
 		cmd.SetArgs(tc.args)
 		for key, value := range tc.flags {
-			assert.Check(t, cmd.Flags().Set(key, value))
+			cmd.Flags().Set(key, value)
 		}
 		cmd.SetOut(io.Discard)
 		assert.ErrorContains(t, cmd.Execute(), tc.expectedError)
@ -78,14 +78,14 @@ func TestConfigInspectWithoutFormat(t *testing.T) {
 				if name != "foo" {
 					return swarm.Config{}, nil, errors.Errorf("Invalid name, expected %s, got %s", "foo", name)
 				}
-				return *builders.Config(builders.ConfigID("ID-foo"), builders.ConfigName("foo")), nil, nil
+				return *Config(ConfigID("ID-foo"), ConfigName("foo")), nil, nil
 			},
 		},
 		{
 			name: "multiple-configs-with-labels",
 			args: []string{"foo", "bar"},
 			configInspectFunc: func(_ context.Context, name string) (swarm.Config, []byte, error) {
-				return *builders.Config(builders.ConfigID("ID-"+name), builders.ConfigName(name), builders.ConfigLabels(map[string]string{
+				return *Config(ConfigID("ID-"+name), ConfigName(name), ConfigLabels(map[string]string{
 					"label1": "label-foo",
 				})), nil, nil
 			},
@ -102,7 +102,7 @@ func TestConfigInspectWithoutFormat(t *testing.T) {

 func TestConfigInspectWithFormat(t *testing.T) {
 	configInspectFunc := func(_ context.Context, name string) (swarm.Config, []byte, error) {
-		return *builders.Config(builders.ConfigName("foo"), builders.ConfigLabels(map[string]string{
+		return *Config(ConfigName("foo"), ConfigLabels(map[string]string{
 			"label1": "label-foo",
 		})), nil, nil
 	}
@ -131,7 +131,7 @@ func TestConfigInspectWithFormat(t *testing.T) {
 		})
 		cmd := newConfigInspectCommand(cli)
 		cmd.SetArgs(tc.args)
-		assert.Check(t, cmd.Flags().Set("format", tc.format))
+		cmd.Flags().Set("format", tc.format)
 		assert.NilError(t, cmd.Execute())
 		golden.Assert(t, cli.OutBuffer().String(), fmt.Sprintf("config-inspect-with-format.%s.golden", tc.name))
 	}
@ -145,15 +145,15 @@ func TestConfigInspectPretty(t *testing.T) {
 		{
 			name: "simple",
 			configInspectFunc: func(_ context.Context, id string) (swarm.Config, []byte, error) {
-				return *builders.Config(
-					builders.ConfigLabels(map[string]string{
+				return *Config(
+					ConfigLabels(map[string]string{
 						"lbl1": "value1",
 					}),
-					builders.ConfigID("configID"),
-					builders.ConfigName("configName"),
-					builders.ConfigCreatedAt(time.Time{}),
-					builders.ConfigUpdatedAt(time.Time{}),
-					builders.ConfigData([]byte("payload here")),
+					ConfigID("configID"),
+					ConfigName("configName"),
+					ConfigCreatedAt(time.Time{}),
+					ConfigUpdatedAt(time.Time{}),
+					ConfigData([]byte("payload here")),
 				), []byte{}, nil
 			},
 		},
@ -165,7 +165,7 @@ func TestConfigInspectPretty(t *testing.T) {
 		cmd := newConfigInspectCommand(cli)

 		cmd.SetArgs([]string{"configID"})
-		assert.Check(t, cmd.Flags().Set("pretty", "true"))
+		cmd.Flags().Set("pretty", "true")
 		assert.NilError(t, cmd.Execute())
 		golden.Assert(t, cli.OutBuffer().String(), fmt.Sprintf("config-inspect-pretty.%s.golden", tc.name))
 	}
--- a/cli/command/config/ls.go
+++ b/cli/command/config/ls.go
@ -31,22 +31,23 @@ func newConfigListCommand(dockerCli command.Cli) *cobra.Command {
 		Short:   "List configs",
 		Args:    cli.NoArgs,
 		RunE: func(cmd *cobra.Command, args []string) error {
-			return RunConfigList(cmd.Context(), dockerCli, listOpts)
+			return RunConfigList(dockerCli, listOpts)
 		},
 		ValidArgsFunction: completion.NoComplete,
 	}

 	flags := cmd.Flags()
 	flags.BoolVarP(&listOpts.Quiet, "quiet", "q", false, "Only display IDs")
-	flags.StringVar(&listOpts.Format, "format", "", flagsHelper.FormatHelp)
+	flags.StringVarP(&listOpts.Format, "format", "", "", flagsHelper.FormatHelp)
 	flags.VarP(&listOpts.Filter, "filter", "f", "Filter output based on conditions provided")

 	return cmd
 }

 // RunConfigList lists Swarm configs.
-func RunConfigList(ctx context.Context, dockerCli command.Cli, options ListOptions) error {
+func RunConfigList(dockerCli command.Cli, options ListOptions) error {
 	client := dockerCli.Client()
+	ctx := context.Background()

 	configs, err := client.ConfigList(ctx, types.ConfigListOptions{Filters: options.Filter.Value()})
 	if err != nil {
--- a/cli/command/config/ls_test.go
+++ b/cli/command/config/ls_test.go
@ -8,7 +8,7 @@ import (

 	"github.com/docker/cli/cli/config/configfile"
 	"github.com/docker/cli/internal/test"
-	"github.com/docker/cli/internal/test/builders"
+	. "github.com/docker/cli/internal/test/builders" // Import builders to get the builder function as package function
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/swarm"
 	"github.com/pkg/errors"
@ -50,23 +50,23 @@ func TestConfigList(t *testing.T) {
 	cli := test.NewFakeCli(&fakeClient{
 		configListFunc: func(_ context.Context, options types.ConfigListOptions) ([]swarm.Config, error) {
 			return []swarm.Config{
-				*builders.Config(builders.ConfigID("ID-1-foo"),
-					builders.ConfigName("1-foo"),
-					builders.ConfigVersion(swarm.Version{Index: 10}),
-					builders.ConfigCreatedAt(time.Now().Add(-2*time.Hour)),
-					builders.ConfigUpdatedAt(time.Now().Add(-1*time.Hour)),
+				*Config(ConfigID("ID-1-foo"),
+					ConfigName("1-foo"),
+					ConfigVersion(swarm.Version{Index: 10}),
+					ConfigCreatedAt(time.Now().Add(-2*time.Hour)),
+					ConfigUpdatedAt(time.Now().Add(-1*time.Hour)),
 				),
-				*builders.Config(builders.ConfigID("ID-10-foo"),
-					builders.ConfigName("10-foo"),
-					builders.ConfigVersion(swarm.Version{Index: 11}),
-					builders.ConfigCreatedAt(time.Now().Add(-2*time.Hour)),
-					builders.ConfigUpdatedAt(time.Now().Add(-1*time.Hour)),
+				*Config(ConfigID("ID-10-foo"),
+					ConfigName("10-foo"),
+					ConfigVersion(swarm.Version{Index: 11}),
+					ConfigCreatedAt(time.Now().Add(-2*time.Hour)),
+					ConfigUpdatedAt(time.Now().Add(-1*time.Hour)),
 				),
-				*builders.Config(builders.ConfigID("ID-2-foo"),
-					builders.ConfigName("2-foo"),
-					builders.ConfigVersion(swarm.Version{Index: 11}),
-					builders.ConfigCreatedAt(time.Now().Add(-2*time.Hour)),
-					builders.ConfigUpdatedAt(time.Now().Add(-1*time.Hour)),
+				*Config(ConfigID("ID-2-foo"),
+					ConfigName("2-foo"),
+					ConfigVersion(swarm.Version{Index: 11}),
+					ConfigCreatedAt(time.Now().Add(-2*time.Hour)),
+					ConfigUpdatedAt(time.Now().Add(-1*time.Hour)),
 				),
 			}, nil
 		},
@ -80,15 +80,15 @@ func TestConfigListWithQuietOption(t *testing.T) {
 	cli := test.NewFakeCli(&fakeClient{
 		configListFunc: func(_ context.Context, options types.ConfigListOptions) ([]swarm.Config, error) {
 			return []swarm.Config{
-				*builders.Config(builders.ConfigID("ID-foo"), builders.ConfigName("foo")),
-				*builders.Config(builders.ConfigID("ID-bar"), builders.ConfigName("bar"), builders.ConfigLabels(map[string]string{
+				*Config(ConfigID("ID-foo"), ConfigName("foo")),
+				*Config(ConfigID("ID-bar"), ConfigName("bar"), ConfigLabels(map[string]string{
 					"label": "label-bar",
 				})),
 			}, nil
 		},
 	})
 	cmd := newConfigListCommand(cli)
-	assert.Check(t, cmd.Flags().Set("quiet", "true"))
+	cmd.Flags().Set("quiet", "true")
 	assert.NilError(t, cmd.Execute())
 	golden.Assert(t, cli.OutBuffer().String(), "config-list-with-quiet-option.golden")
 }
@ -97,8 +97,8 @@ func TestConfigListWithConfigFormat(t *testing.T) {
 	cli := test.NewFakeCli(&fakeClient{
 		configListFunc: func(_ context.Context, options types.ConfigListOptions) ([]swarm.Config, error) {
 			return []swarm.Config{
-				*builders.Config(builders.ConfigID("ID-foo"), builders.ConfigName("foo")),
-				*builders.Config(builders.ConfigID("ID-bar"), builders.ConfigName("bar"), builders.ConfigLabels(map[string]string{
+				*Config(ConfigID("ID-foo"), ConfigName("foo")),
+				*Config(ConfigID("ID-bar"), ConfigName("bar"), ConfigLabels(map[string]string{
 					"label": "label-bar",
 				})),
 			}, nil
@ -116,15 +116,15 @@ func TestConfigListWithFormat(t *testing.T) {
 	cli := test.NewFakeCli(&fakeClient{
 		configListFunc: func(_ context.Context, options types.ConfigListOptions) ([]swarm.Config, error) {
 			return []swarm.Config{
-				*builders.Config(builders.ConfigID("ID-foo"), builders.ConfigName("foo")),
-				*builders.Config(builders.ConfigID("ID-bar"), builders.ConfigName("bar"), builders.ConfigLabels(map[string]string{
+				*Config(ConfigID("ID-foo"), ConfigName("foo")),
+				*Config(ConfigID("ID-bar"), ConfigName("bar"), ConfigLabels(map[string]string{
 					"label": "label-bar",
 				})),
 			}, nil
 		},
 	})
 	cmd := newConfigListCommand(cli)
-	assert.Check(t, cmd.Flags().Set("format", "{{ .Name }} {{ .Labels }}"))
+	cmd.Flags().Set("format", "{{ .Name }} {{ .Labels }}")
 	assert.NilError(t, cmd.Execute())
 	golden.Assert(t, cli.OutBuffer().String(), "config-list-with-format.golden")
 }
@ -135,24 +135,24 @@ func TestConfigListWithFilter(t *testing.T) {
 			assert.Check(t, is.Equal("foo", options.Filters.Get("name")[0]))
 			assert.Check(t, is.Equal("lbl1=Label-bar", options.Filters.Get("label")[0]))
 			return []swarm.Config{
-				*builders.Config(builders.ConfigID("ID-foo"),
-					builders.ConfigName("foo"),
-					builders.ConfigVersion(swarm.Version{Index: 10}),
-					builders.ConfigCreatedAt(time.Now().Add(-2*time.Hour)),
-					builders.ConfigUpdatedAt(time.Now().Add(-1*time.Hour)),
+				*Config(ConfigID("ID-foo"),
+					ConfigName("foo"),
+					ConfigVersion(swarm.Version{Index: 10}),
+					ConfigCreatedAt(time.Now().Add(-2*time.Hour)),
+					ConfigUpdatedAt(time.Now().Add(-1*time.Hour)),
 				),
-				*builders.Config(builders.ConfigID("ID-bar"),
-					builders.ConfigName("bar"),
-					builders.ConfigVersion(swarm.Version{Index: 11}),
-					builders.ConfigCreatedAt(time.Now().Add(-2*time.Hour)),
-					builders.ConfigUpdatedAt(time.Now().Add(-1*time.Hour)),
+				*Config(ConfigID("ID-bar"),
+					ConfigName("bar"),
+					ConfigVersion(swarm.Version{Index: 11}),
+					ConfigCreatedAt(time.Now().Add(-2*time.Hour)),
+					ConfigUpdatedAt(time.Now().Add(-1*time.Hour)),
 				),
 			}, nil
 		},
 	})
 	cmd := newConfigListCommand(cli)
-	assert.Check(t, cmd.Flags().Set("filter", "name=foo"))
-	assert.Check(t, cmd.Flags().Set("filter", "label=lbl1=Label-bar"))
+	cmd.Flags().Set("filter", "name=foo")
+	cmd.Flags().Set("filter", "label=lbl1=Label-bar")
 	assert.NilError(t, cmd.Execute())
 	golden.Assert(t, cli.OutBuffer().String(), "config-list-with-filter.golden")
 }
--- a/cli/command/config/remove.go
+++ b/cli/command/config/remove.go
@ -26,7 +26,7 @@ func newConfigRemoveCommand(dockerCli command.Cli) *cobra.Command {
 			opts := RemoveOptions{
 				Names: args,
 			}
-			return RunConfigRemove(cmd.Context(), dockerCli, opts)
+			return RunConfigRemove(dockerCli, opts)
 		},
 		ValidArgsFunction: func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
 			return completeNames(dockerCli)(cmd, args, toComplete)
@ -35,8 +35,9 @@ func newConfigRemoveCommand(dockerCli command.Cli) *cobra.Command {
 }

 // RunConfigRemove removes the given Swarm configs.
-func RunConfigRemove(ctx context.Context, dockerCli command.Cli, opts RemoveOptions) error {
+func RunConfigRemove(dockerCli command.Cli, opts RemoveOptions) error {
 	client := dockerCli.Client()
+	ctx := context.Background()

 	var errs []string

--- a/cli/command/container/attach.go
+++ b/cli/command/container/attach.go
@ -2,6 +2,7 @@ package container

 import (
 	"context"
+	"fmt"
 	"io"

 	"github.com/docker/cli/cli"
@ -16,15 +17,16 @@ import (
 	"github.com/spf13/cobra"
 )

-// AttachOptions group options for `attach` command
-type AttachOptions struct {
-	NoStdin    bool
-	Proxy      bool
-	DetachKeys string
+type attachOptions struct {
+	noStdin    bool
+	proxy      bool
+	detachKeys string
+
+	container string
 }

-func inspectContainerAndCheckState(ctx context.Context, apiClient client.APIClient, args string) (*types.ContainerJSON, error) {
-	c, err := apiClient.ContainerInspect(ctx, args)
+func inspectContainerAndCheckState(ctx context.Context, cli client.APIClient, args string) (*types.ContainerJSON, error) {
+	c, err := cli.ContainerInspect(ctx, args)
 	if err != nil {
 		return nil, err
 	}
@ -42,78 +44,72 @@ func inspectContainerAndCheckState(ctx context.Context, apiClient client.APIClie
 }

 // NewAttachCommand creates a new cobra.Command for `docker attach`
-func NewAttachCommand(dockerCLI command.Cli) *cobra.Command {
-	var opts AttachOptions
+func NewAttachCommand(dockerCli command.Cli) *cobra.Command {
+	var opts attachOptions

 	cmd := &cobra.Command{
 		Use:   "attach [OPTIONS] CONTAINER",
 		Short: "Attach local standard input, output, and error streams to a running container",
 		Args:  cli.ExactArgs(1),
 		RunE: func(cmd *cobra.Command, args []string) error {
-			containerID := args[0]
-			return RunAttach(cmd.Context(), dockerCLI, containerID, &opts)
+			opts.container = args[0]
+			return runAttach(dockerCli, &opts)
 		},
 		Annotations: map[string]string{
 			"aliases": "docker container attach, docker attach",
 		},
-		ValidArgsFunction: completion.ContainerNames(dockerCLI, false, func(ctr types.Container) bool {
-			return ctr.State != "paused"
+		ValidArgsFunction: completion.ContainerNames(dockerCli, false, func(container types.Container) bool {
+			return container.State != "paused"
 		}),
 	}

 	flags := cmd.Flags()
-	flags.BoolVar(&opts.NoStdin, "no-stdin", false, "Do not attach STDIN")
-	flags.BoolVar(&opts.Proxy, "sig-proxy", true, "Proxy all received signals to the process")
-	flags.StringVar(&opts.DetachKeys, "detach-keys", "", "Override the key sequence for detaching a container")
+	flags.BoolVar(&opts.noStdin, "no-stdin", false, "Do not attach STDIN")
+	flags.BoolVar(&opts.proxy, "sig-proxy", true, "Proxy all received signals to the process")
+	flags.StringVar(&opts.detachKeys, "detach-keys", "", "Override the key sequence for detaching a container")
 	return cmd
 }

-// RunAttach executes an `attach` command
-func RunAttach(ctx context.Context, dockerCLI command.Cli, containerID string, opts *AttachOptions) error {
-	apiClient := dockerCLI.Client()
+func runAttach(dockerCli command.Cli, opts *attachOptions) error {
+	ctx := context.Background()
+	client := dockerCli.Client()

 	// request channel to wait for client
-	resultC, errC := apiClient.ContainerWait(ctx, containerID, "")
+	resultC, errC := client.ContainerWait(ctx, opts.container, "")

-	c, err := inspectContainerAndCheckState(ctx, apiClient, containerID)
+	c, err := inspectContainerAndCheckState(ctx, client, opts.container)
 	if err != nil {
 		return err
 	}

-	if err := dockerCLI.In().CheckTty(!opts.NoStdin, c.Config.Tty); err != nil {
+	if err := dockerCli.In().CheckTty(!opts.noStdin, c.Config.Tty); err != nil {
 		return err
 	}

-	detachKeys := dockerCLI.ConfigFile().DetachKeys
-	if opts.DetachKeys != "" {
-		detachKeys = opts.DetachKeys
+	if opts.detachKeys != "" {
+		dockerCli.ConfigFile().DetachKeys = opts.detachKeys
 	}

-	options := container.AttachOptions{
+	options := types.ContainerAttachOptions{
 		Stream:     true,
-		Stdin:      !opts.NoStdin && c.Config.OpenStdin,
+		Stdin:      !opts.noStdin && c.Config.OpenStdin,
 		Stdout:     true,
 		Stderr:     true,
-		DetachKeys: detachKeys,
+		DetachKeys: dockerCli.ConfigFile().DetachKeys,
 	}

 	var in io.ReadCloser
 	if options.Stdin {
-		in = dockerCLI.In()
+		in = dockerCli.In()
 	}

-	if opts.Proxy && !c.Config.Tty {
+	if opts.proxy && !c.Config.Tty {
 		sigc := notifyAllSignals()
-		// since we're explicitly setting up signal handling here, and the daemon will
-		// get notified independently of the clients ctx cancellation, we use this context
-		// but without cancellation to avoid ForwardAllSignals from returning
-		// before all signals are forwarded.
-		bgCtx := context.WithoutCancel(ctx)
-		go ForwardAllSignals(bgCtx, apiClient, containerID, sigc)
+		go ForwardAllSignals(ctx, dockerCli, opts.container, sigc)
 		defer signal.StopCatch(sigc)
 	}

-	resp, errAttach := apiClient.ContainerAttach(ctx, containerID, options)
+	resp, errAttach := client.ContainerAttach(ctx, opts.container, options)
 	if errAttach != nil {
 		return errAttach
 	}
@ -127,20 +123,20 @@ func RunAttach(ctx context.Context, dockerCLI command.Cli, containerID string, o
 	// the container and not exit.
 	//
 	// Recheck the container's state to avoid attach block.
-	_, err = inspectContainerAndCheckState(ctx, apiClient, containerID)
+	_, err = inspectContainerAndCheckState(ctx, client, opts.container)
 	if err != nil {
 		return err
 	}

-	if c.Config.Tty && dockerCLI.Out().IsTerminal() {
-		resizeTTY(ctx, dockerCLI, containerID)
+	if c.Config.Tty && dockerCli.Out().IsTerminal() {
+		resizeTTY(ctx, dockerCli, opts.container)
 	}

 	streamer := hijackedIOStreamer{
-		streams:      dockerCLI,
+		streams:      dockerCli,
 		inputStream:  in,
-		outputStream: dockerCLI.Out(),
-		errorStream:  dockerCLI.Err(),
+		outputStream: dockerCli.Out(),
+		errorStream:  dockerCli.Err(),
 		resp:         resp,
 		tty:          c.Config.Tty,
 		detachKeys:   options.DetachKeys,
@ -157,7 +153,7 @@ func getExitStatus(errC <-chan error, resultC <-chan container.WaitResponse) err
 	select {
 	case result := <-resultC:
 		if result.Error != nil {
-			return errors.New(result.Error.Message)
+			return fmt.Errorf(result.Error.Message)
 		}
 		if result.StatusCode != 0 {
 			return cli.StatusError{StatusCode: int(result.StatusCode)}
--- a/cli/command/container/attach_test.go
+++ b/cli/command/container/attach_test.go
@ -1,6 +1,7 @@
 package container

 import (
+	"fmt"
 	"io"
 	"testing"

@ -78,7 +79,7 @@ func TestNewAttachCommandErrors(t *testing.T) {

 func TestGetExitStatus(t *testing.T) {
 	var (
-		expectedErr = errors.New("unexpected error")
+		expectedErr = fmt.Errorf("unexpected error")
 		errC        = make(chan error, 1)
 		resultC     = make(chan container.WaitResponse, 1)
 	)
--- a/cli/command/container/client_test.go
+++ b/cli/command/container/client_test.go
@ -6,10 +6,7 @@ import (

 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/container"
-	"github.com/docker/docker/api/types/filters"
-	"github.com/docker/docker/api/types/image"
 	"github.com/docker/docker/api/types/network"
-	"github.com/docker/docker/api/types/system"
 	"github.com/docker/docker/client"
 	specs "github.com/opencontainers/image-spec/specs-go/v1"
 )
@ -17,31 +14,29 @@ import (
 type fakeClient struct {
 	client.Client
 	inspectFunc         func(string) (types.ContainerJSON, error)
-	execInspectFunc     func(execID string) (container.ExecInspect, error)
-	execCreateFunc      func(containerID string, options container.ExecOptions) (types.IDResponse, error)
+	execInspectFunc     func(execID string) (types.ContainerExecInspect, error)
+	execCreateFunc      func(container string, config types.ExecConfig) (types.IDResponse, error)
 	createContainerFunc func(config *container.Config,
 		hostConfig *container.HostConfig,
 		networkingConfig *network.NetworkingConfig,
 		platform *specs.Platform,
 		containerName string) (container.CreateResponse, error)
-	containerStartFunc      func(containerID string, options container.StartOptions) error
-	imageCreateFunc         func(parentReference string, options image.CreateOptions) (io.ReadCloser, error)
-	infoFunc                func() (system.Info, error)
-	containerStatPathFunc   func(containerID, path string) (container.PathStat, error)
-	containerCopyFromFunc   func(containerID, srcPath string) (io.ReadCloser, container.PathStat, error)
-	logFunc                 func(string, container.LogsOptions) (io.ReadCloser, error)
+	containerStartFunc      func(container string, options types.ContainerStartOptions) error
+	imageCreateFunc         func(parentReference string, options types.ImageCreateOptions) (io.ReadCloser, error)
+	infoFunc                func() (types.Info, error)
+	containerStatPathFunc   func(container, path string) (types.ContainerPathStat, error)
+	containerCopyFromFunc   func(container, srcPath string) (io.ReadCloser, types.ContainerPathStat, error)
+	logFunc                 func(string, types.ContainerLogsOptions) (io.ReadCloser, error)
 	waitFunc                func(string) (<-chan container.WaitResponse, <-chan error)
-	containerListFunc       func(container.ListOptions) ([]types.Container, error)
+	containerListFunc       func(types.ContainerListOptions) ([]types.Container, error)
 	containerExportFunc     func(string) (io.ReadCloser, error)
-	containerExecResizeFunc func(id string, options container.ResizeOptions) error
-	containerRemoveFunc     func(ctx context.Context, containerID string, options container.RemoveOptions) error
-	containerKillFunc       func(ctx context.Context, containerID, signal string) error
-	containerPruneFunc      func(ctx context.Context, pruneFilters filters.Args) (container.PruneReport, error)
-	containerAttachFunc     func(ctx context.Context, containerID string, options container.AttachOptions) (types.HijackedResponse, error)
+	containerExecResizeFunc func(id string, options types.ResizeOptions) error
+	containerRemoveFunc     func(ctx context.Context, container string, options types.ContainerRemoveOptions) error
+	containerKillFunc       func(ctx context.Context, container, signal string) error
 	Version                 string
 }

-func (f *fakeClient) ContainerList(_ context.Context, options container.ListOptions) ([]types.Container, error) {
+func (f *fakeClient) ContainerList(_ context.Context, options types.ContainerListOptions) ([]types.Container, error) {
 	if f.containerListFunc != nil {
 		return f.containerListFunc(options)
 	}
@ -55,21 +50,21 @@ func (f *fakeClient) ContainerInspect(_ context.Context, containerID string) (ty
 	return types.ContainerJSON{}, nil
 }

-func (f *fakeClient) ContainerExecCreate(_ context.Context, containerID string, config container.ExecOptions) (types.IDResponse, error) {
+func (f *fakeClient) ContainerExecCreate(_ context.Context, container string, config types.ExecConfig) (types.IDResponse, error) {
 	if f.execCreateFunc != nil {
-		return f.execCreateFunc(containerID, config)
+		return f.execCreateFunc(container, config)
 	}
 	return types.IDResponse{}, nil
 }

-func (f *fakeClient) ContainerExecInspect(_ context.Context, execID string) (container.ExecInspect, error) {
+func (f *fakeClient) ContainerExecInspect(_ context.Context, execID string) (types.ContainerExecInspect, error) {
 	if f.execInspectFunc != nil {
 		return f.execInspectFunc(execID)
 	}
-	return container.ExecInspect{}, nil
+	return types.ContainerExecInspect{}, nil
 }

-func (f *fakeClient) ContainerExecStart(context.Context, string, container.ExecStartOptions) error {
+func (f *fakeClient) ContainerExecStart(context.Context, string, types.ExecStartCheck) error {
 	return nil
 }

@ -87,44 +82,44 @@ func (f *fakeClient) ContainerCreate(
 	return container.CreateResponse{}, nil
 }

-func (f *fakeClient) ContainerRemove(ctx context.Context, containerID string, options container.RemoveOptions) error {
+func (f *fakeClient) ContainerRemove(ctx context.Context, container string, options types.ContainerRemoveOptions) error {
 	if f.containerRemoveFunc != nil {
-		return f.containerRemoveFunc(ctx, containerID, options)
+		return f.containerRemoveFunc(ctx, container, options)
 	}
 	return nil
 }

-func (f *fakeClient) ImageCreate(_ context.Context, parentReference string, options image.CreateOptions) (io.ReadCloser, error) {
+func (f *fakeClient) ImageCreate(_ context.Context, parentReference string, options types.ImageCreateOptions) (io.ReadCloser, error) {
 	if f.imageCreateFunc != nil {
 		return f.imageCreateFunc(parentReference, options)
 	}
 	return nil, nil
 }

-func (f *fakeClient) Info(_ context.Context) (system.Info, error) {
+func (f *fakeClient) Info(_ context.Context) (types.Info, error) {
 	if f.infoFunc != nil {
 		return f.infoFunc()
 	}
-	return system.Info{}, nil
+	return types.Info{}, nil
 }

-func (f *fakeClient) ContainerStatPath(_ context.Context, containerID, path string) (container.PathStat, error) {
+func (f *fakeClient) ContainerStatPath(_ context.Context, container, path string) (types.ContainerPathStat, error) {
 	if f.containerStatPathFunc != nil {
-		return f.containerStatPathFunc(containerID, path)
+		return f.containerStatPathFunc(container, path)
 	}
-	return container.PathStat{}, nil
+	return types.ContainerPathStat{}, nil
 }

-func (f *fakeClient) CopyFromContainer(_ context.Context, containerID, srcPath string) (io.ReadCloser, container.PathStat, error) {
+func (f *fakeClient) CopyFromContainer(_ context.Context, container, srcPath string) (io.ReadCloser, types.ContainerPathStat, error) {
 	if f.containerCopyFromFunc != nil {
-		return f.containerCopyFromFunc(containerID, srcPath)
+		return f.containerCopyFromFunc(container, srcPath)
 	}
-	return nil, container.PathStat{}, nil
+	return nil, types.ContainerPathStat{}, nil
 }

-func (f *fakeClient) ContainerLogs(_ context.Context, containerID string, options container.LogsOptions) (io.ReadCloser, error) {
+func (f *fakeClient) ContainerLogs(_ context.Context, container string, options types.ContainerLogsOptions) (io.ReadCloser, error) {
 	if f.logFunc != nil {
-		return f.logFunc(containerID, options)
+		return f.logFunc(container, options)
 	}
 	return nil, nil
 }
@ -133,51 +128,37 @@ func (f *fakeClient) ClientVersion() string {
 	return f.Version
 }

-func (f *fakeClient) ContainerWait(_ context.Context, containerID string, _ container.WaitCondition) (<-chan container.WaitResponse, <-chan error) {
+func (f *fakeClient) ContainerWait(_ context.Context, container string, _ container.WaitCondition) (<-chan container.WaitResponse, <-chan error) {
 	if f.waitFunc != nil {
-		return f.waitFunc(containerID)
+		return f.waitFunc(container)
 	}
 	return nil, nil
 }

-func (f *fakeClient) ContainerStart(_ context.Context, containerID string, options container.StartOptions) error {
+func (f *fakeClient) ContainerStart(_ context.Context, container string, options types.ContainerStartOptions) error {
 	if f.containerStartFunc != nil {
-		return f.containerStartFunc(containerID, options)
+		return f.containerStartFunc(container, options)
 	}
 	return nil
 }

-func (f *fakeClient) ContainerExport(_ context.Context, containerID string) (io.ReadCloser, error) {
+func (f *fakeClient) ContainerExport(_ context.Context, container string) (io.ReadCloser, error) {
 	if f.containerExportFunc != nil {
-		return f.containerExportFunc(containerID)
+		return f.containerExportFunc(container)
 	}
 	return nil, nil
 }

-func (f *fakeClient) ContainerExecResize(_ context.Context, id string, options container.ResizeOptions) error {
+func (f *fakeClient) ContainerExecResize(_ context.Context, id string, options types.ResizeOptions) error {
 	if f.containerExecResizeFunc != nil {
 		return f.containerExecResizeFunc(id, options)
 	}
 	return nil
 }

-func (f *fakeClient) ContainerKill(ctx context.Context, containerID, signal string) error {
+func (f *fakeClient) ContainerKill(ctx context.Context, container, signal string) error {
 	if f.containerKillFunc != nil {
-		return f.containerKillFunc(ctx, containerID, signal)
+		return f.containerKillFunc(ctx, container, signal)
 	}
 	return nil
 }
-
-func (f *fakeClient) ContainersPrune(ctx context.Context, pruneFilters filters.Args) (container.PruneReport, error) {
-	if f.containerPruneFunc != nil {
-		return f.containerPruneFunc(ctx, pruneFilters)
-	}
-	return container.PruneReport{}, nil
-}
-
-func (f *fakeClient) ContainerAttach(ctx context.Context, containerID string, options container.AttachOptions) (types.HijackedResponse, error) {
-	if f.containerAttachFunc != nil {
-		return f.containerAttachFunc(ctx, containerID, options)
-	}
-	return types.HijackedResponse{}, nil
-}
--- a/cli/command/container/commit.go
+++ b/cli/command/container/commit.go
@ -8,7 +8,7 @@ import (
 	"github.com/docker/cli/cli/command"
 	"github.com/docker/cli/cli/command/completion"
 	"github.com/docker/cli/opts"
-	"github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/api/types"
 	"github.com/spf13/cobra"
 )

@ -35,7 +35,7 @@ func NewCommitCommand(dockerCli command.Cli) *cobra.Command {
 			if len(args) > 1 {
 				options.reference = args[1]
 			}
-			return runCommit(cmd.Context(), dockerCli, &options)
+			return runCommit(dockerCli, &options)
 		},
 		Annotations: map[string]string{
 			"aliases": "docker container commit, docker commit",
@ -56,14 +56,21 @@ func NewCommitCommand(dockerCli command.Cli) *cobra.Command {
 	return cmd
 }

-func runCommit(ctx context.Context, dockerCli command.Cli, options *commitOptions) error {
-	response, err := dockerCli.Client().ContainerCommit(ctx, options.container, container.CommitOptions{
-		Reference: options.reference,
+func runCommit(dockerCli command.Cli, options *commitOptions) error {
+	ctx := context.Background()
+
+	name := options.container
+	reference := options.reference
+
+	commitOptions := types.ContainerCommitOptions{
+		Reference: reference,
 		Comment:   options.comment,
 		Author:    options.author,
 		Changes:   options.changes.GetAll(),
 		Pause:     options.pause,
-	})
+	}
+
+	response, err := dockerCli.Client().ContainerCommit(ctx, name, commitOptions)
 	if err != nil {
 		return err
 	}
--- a/cli/command/container/cp.go
+++ b/cli/command/container/cp.go
@ -15,7 +15,7 @@ import (
 	"github.com/docker/cli/cli"
 	"github.com/docker/cli/cli/command"
 	"github.com/docker/cli/cli/streams"
-	"github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/pkg/archive"
 	"github.com/docker/docker/pkg/system"
 	units "github.com/docker/go-units"
@ -151,7 +151,7 @@ func NewCopyCommand(dockerCli command.Cli) *cobra.Command {
 				// User did not specify "quiet" flag; suppress output if no terminal is attached
 				opts.quiet = !dockerCli.Out().IsTerminal()
 			}
-			return runCopy(cmd.Context(), dockerCli, opts)
+			return runCopy(dockerCli, opts)
 		},
 		Annotations: map[string]string{
 			"aliases": "docker container cp, docker cp",
@ -169,7 +169,7 @@ func progressHumanSize(n int64) string {
 	return units.HumanSizeWithPrecision(float64(n), 3)
 }

-func runCopy(ctx context.Context, dockerCli command.Cli, opts copyOptions) error {
+func runCopy(dockerCli command.Cli, opts copyOptions) error {
 	srcContainer, srcPath := splitCpArg(opts.source)
 	destContainer, destPath := splitCpArg(opts.destination)

@ -191,6 +191,8 @@ func runCopy(ctx context.Context, dockerCli command.Cli, opts copyOptions) error
 		copyConfig.container = destContainer
 	}

+	ctx := context.Background()
+
 	switch direction {
 	case fromContainer:
 		return copyFromContainer(ctx, dockerCli, copyConfig)
@ -207,7 +209,7 @@ func resolveLocalPath(localPath string) (absPath string, err error) {
 	if absPath, err = filepath.Abs(localPath); err != nil {
 		return
 	}
-	return archive.PreserveTrailingDotOrSeparator(absPath, localPath), nil
+	return archive.PreserveTrailingDotOrSeparator(absPath, localPath, filepath.Separator), nil
 }

 func copyFromContainer(ctx context.Context, dockerCli command.Cli, copyConfig cpConfig) (err error) {
@ -244,6 +246,7 @@ func copyFromContainer(ctx context.Context, dockerCli command.Cli, copyConfig cp
 			linkTarget, rebaseName = archive.GetRebaseName(srcPath, linkTarget)
 			srcPath = linkTarget
 		}
+
 	}

 	ctx, cancel := signal.NotifyContext(ctx, os.Interrupt)
@ -397,7 +400,7 @@ func copyToContainer(ctx context.Context, dockerCli command.Cli, copyConfig cpCo
 		}
 	}

-	options := container.CopyToContainerOptions{
+	options := types.CopyToContainerOptions{
 		AllowOverwriteDirWithFile: false,
 		CopyUIDGID:                copyConfig.copyUIDGID,
 	}
@ -433,18 +436,18 @@ func copyToContainer(ctx context.Context, dockerCli command.Cli, copyConfig cpCo
 // so we have to check for a `/` or `.` prefix. Also, in the case of a Windows
 // client, a `:` could be part of an absolute Windows path, in which case it
 // is immediately proceeded by a backslash.
-func splitCpArg(arg string) (ctr, path string) {
+func splitCpArg(arg string) (container, path string) {
 	if system.IsAbs(arg) {
 		// Explicit local absolute path, e.g., `C:\foo` or `/foo`.
 		return "", arg
 	}

-	ctr, path, ok := strings.Cut(arg, ":")
-	if !ok || strings.HasPrefix(ctr, ".") {
+	container, path, ok := strings.Cut(arg, ":")
+	if !ok || strings.HasPrefix(container, ".") {
 		// Either there's no `:` in the arg
 		// OR it's an explicit local relative path like `./file:name.txt`.
 		return "", arg
 	}

-	return ctr, path
+	return container, path
 }
--- a/cli/command/container/cp_test.go
+++ b/cli/command/container/cp_test.go
@ -1,7 +1,6 @@
 package container

 import (
-	"context"
 	"io"
 	"os"
 	"runtime"
@ -9,7 +8,7 @@ import (
 	"testing"

 	"github.com/docker/cli/internal/test"
-	"github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/pkg/archive"
 	"gotest.tools/v3/assert"
 	is "gotest.tools/v3/assert/cmp"
@ -42,7 +41,7 @@ func TestRunCopyWithInvalidArguments(t *testing.T) {
 	}
 	for _, testcase := range testcases {
 		t.Run(testcase.doc, func(t *testing.T) {
-			err := runCopy(context.TODO(), test.NewFakeCli(nil), testcase.options)
+			err := runCopy(test.NewFakeCli(nil), testcase.options)
 			assert.Error(t, err, testcase.expectedErr)
 		})
 	}
@ -51,16 +50,15 @@ func TestRunCopyWithInvalidArguments(t *testing.T) {
 func TestRunCopyFromContainerToStdout(t *testing.T) {
 	tarContent := "the tar content"

-	cli := test.NewFakeCli(&fakeClient{
-		containerCopyFromFunc: func(ctr, srcPath string) (io.ReadCloser, container.PathStat, error) {
-			assert.Check(t, is.Equal("container", ctr))
-			return io.NopCloser(strings.NewReader(tarContent)), container.PathStat{}, nil
+	fakeClient := &fakeClient{
+		containerCopyFromFunc: func(container, srcPath string) (io.ReadCloser, types.ContainerPathStat, error) {
+			assert.Check(t, is.Equal("container", container))
+			return io.NopCloser(strings.NewReader(tarContent)), types.ContainerPathStat{}, nil
 		},
-	})
-	err := runCopy(context.TODO(), cli, copyOptions{
-		source:      "container:/path",
-		destination: "-",
-	})
+	}
+	options := copyOptions{source: "container:/path", destination: "-"}
+	cli := test.NewFakeCli(fakeClient)
+	err := runCopy(cli, options)
 	assert.NilError(t, err)
 	assert.Check(t, is.Equal(tarContent, cli.OutBuffer().String()))
 	assert.Check(t, is.Equal("", cli.ErrBuffer().String()))
@ -71,18 +69,16 @@ func TestRunCopyFromContainerToFilesystem(t *testing.T) {
 		fs.WithFile("file1", "content\n"))
 	defer destDir.Remove()

-	cli := test.NewFakeCli(&fakeClient{
-		containerCopyFromFunc: func(ctr, srcPath string) (io.ReadCloser, container.PathStat, error) {
-			assert.Check(t, is.Equal("container", ctr))
+	fakeClient := &fakeClient{
+		containerCopyFromFunc: func(container, srcPath string) (io.ReadCloser, types.ContainerPathStat, error) {
+			assert.Check(t, is.Equal("container", container))
 			readCloser, err := archive.TarWithOptions(destDir.Path(), &archive.TarOptions{})
-			return readCloser, container.PathStat{}, err
+			return readCloser, types.ContainerPathStat{}, err
 		},
-	})
-	err := runCopy(context.TODO(), cli, copyOptions{
-		source:      "container:/path",
-		destination: destDir.Path(),
-		quiet:       true,
-	})
+	}
+	options := copyOptions{source: "container:/path", destination: destDir.Path(), quiet: true}
+	cli := test.NewFakeCli(fakeClient)
+	err := runCopy(cli, options)
 	assert.NilError(t, err)
 	assert.Check(t, is.Equal("", cli.OutBuffer().String()))
 	assert.Check(t, is.Equal("", cli.ErrBuffer().String()))
@ -97,17 +93,20 @@ func TestRunCopyFromContainerToFilesystemMissingDestinationDirectory(t *testing.
 		fs.WithFile("file1", "content\n"))
 	defer destDir.Remove()

-	cli := test.NewFakeCli(&fakeClient{
-		containerCopyFromFunc: func(ctr, srcPath string) (io.ReadCloser, container.PathStat, error) {
-			assert.Check(t, is.Equal("container", ctr))
+	fakeClient := &fakeClient{
+		containerCopyFromFunc: func(container, srcPath string) (io.ReadCloser, types.ContainerPathStat, error) {
+			assert.Check(t, is.Equal("container", container))
 			readCloser, err := archive.TarWithOptions(destDir.Path(), &archive.TarOptions{})
-			return readCloser, container.PathStat{}, err
+			return readCloser, types.ContainerPathStat{}, err
 		},
-	})
-	err := runCopy(context.TODO(), cli, copyOptions{
+	}
+
+	options := copyOptions{
 		source:      "container:/path",
 		destination: destDir.Join("missing", "foo"),
-	})
+	}
+	cli := test.NewFakeCli(fakeClient)
+	err := runCopy(cli, options)
 	assert.ErrorContains(t, err, destDir.Join("missing"))
 }

@ -115,11 +114,12 @@ func TestRunCopyToContainerFromFileWithTrailingSlash(t *testing.T) {
 	srcFile := fs.NewFile(t, t.Name())
 	defer srcFile.Remove()

-	cli := test.NewFakeCli(&fakeClient{})
-	err := runCopy(context.TODO(), cli, copyOptions{
+	options := copyOptions{
 		source:      srcFile.Path() + string(os.PathSeparator),
 		destination: "container:/path",
-	})
+	}
+	cli := test.NewFakeCli(&fakeClient{})
+	err := runCopy(cli, options)

 	expectedError := "not a directory"
 	if runtime.GOOS == "windows" {
@ -129,11 +129,12 @@ func TestRunCopyToContainerFromFileWithTrailingSlash(t *testing.T) {
 }

 func TestRunCopyToContainerSourceDoesNotExist(t *testing.T) {
-	cli := test.NewFakeCli(&fakeClient{})
-	err := runCopy(context.TODO(), cli, copyOptions{
+	options := copyOptions{
 		source:      "/does/not/exist",
 		destination: "container:/path",
-	})
+	}
+	cli := test.NewFakeCli(&fakeClient{})
+	err := runCopy(cli, options)
 	expected := "no such file or directory"
 	if runtime.GOOS == "windows" {
 		expected = "cannot find the file specified"
@ -182,19 +183,17 @@ func TestSplitCpArg(t *testing.T) {
 		t.Run(testcase.doc, func(t *testing.T) {
 			skip.If(t, testcase.os != "" && testcase.os != runtime.GOOS)

-			ctr, path := splitCpArg(testcase.path)
-			assert.Check(t, is.Equal(testcase.expectedContainer, ctr))
+			container, path := splitCpArg(testcase.path)
+			assert.Check(t, is.Equal(testcase.expectedContainer, container))
 			assert.Check(t, is.Equal(testcase.expectedPath, path))
 		})
 	}
 }

 func TestRunCopyFromContainerToFilesystemIrregularDestination(t *testing.T) {
+	options := copyOptions{source: "container:/dev/null", destination: "/dev/random"}
 	cli := test.NewFakeCli(nil)
-	err := runCopy(context.TODO(), cli, copyOptions{
-		source:      "container:/dev/null",
-		destination: "/dev/random",
-	})
+	err := runCopy(cli, options)
 	assert.Assert(t, err != nil)
 	expected := `"/dev/random" must be a directory or a regular file`
 	assert.ErrorContains(t, err, expected)
--- a/cli/command/container/create.go
+++ b/cli/command/container/create.go
@ -7,19 +7,19 @@ import (
 	"os"
 	"regexp"

-	"github.com/containerd/platforms"
-	"github.com/distribution/reference"
+	"github.com/containerd/containerd/platforms"
 	"github.com/docker/cli/cli"
 	"github.com/docker/cli/cli/command"
 	"github.com/docker/cli/cli/command/completion"
 	"github.com/docker/cli/cli/command/image"
-	"github.com/docker/cli/cli/streams"
 	"github.com/docker/cli/opts"
+	"github.com/docker/distribution/reference"
+	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/container"
-	imagetypes "github.com/docker/docker/api/types/image"
 	"github.com/docker/docker/api/types/versions"
-	"github.com/docker/docker/errdefs"
+	apiclient "github.com/docker/docker/client"
 	"github.com/docker/docker/pkg/jsonmessage"
+	"github.com/docker/docker/registry"
 	specs "github.com/opencontainers/image-spec/specs-go/v1"
 	"github.com/pkg/errors"
 	"github.com/spf13/cobra"
@ -55,7 +55,7 @@ func NewCreateCommand(dockerCli command.Cli) *cobra.Command {
 			if len(args) > 1 {
 				copts.Args = args[1:]
 			}
-			return runCreate(cmd.Context(), dockerCli, cmd.Flags(), &options, copts)
+			return runCreate(dockerCli, cmd.Flags(), &options, copts)
 		},
 		Annotations: map[string]string{
 			"aliases": "docker container create, docker create",
@ -80,7 +80,7 @@ func NewCreateCommand(dockerCli command.Cli) *cobra.Command {
 	return cmd
 }

-func runCreate(ctx context.Context, dockerCli command.Cli, flags *pflag.FlagSet, options *createOptions, copts *containerOptions) error {
+func runCreate(dockerCli command.Cli, flags *pflag.FlagSet, options *createOptions, copts *containerOptions) error {
 	if err := validatePullOpt(options.pull); err != nil {
 		reportError(dockerCli.Err(), "create", err.Error(), true)
 		return cli.StatusError{StatusCode: 125}
@ -91,48 +91,62 @@ func runCreate(ctx context.Context, dockerCli command.Cli, flags *pflag.FlagSet,
 		if v == nil {
 			newEnv = append(newEnv, k)
 		} else {
-			newEnv = append(newEnv, k+"="+*v)
+			newEnv = append(newEnv, fmt.Sprintf("%s=%s", k, *v))
 		}
 	}
 	copts.env = *opts.NewListOptsRef(&newEnv, nil)
-	containerCfg, err := parse(flags, copts, dockerCli.ServerInfo().OSType)
+	containerConfig, err := parse(flags, copts, dockerCli.ServerInfo().OSType)
 	if err != nil {
 		reportError(dockerCli.Err(), "create", err.Error(), true)
 		return cli.StatusError{StatusCode: 125}
 	}
-	if err = validateAPIVersion(containerCfg, dockerCli.Client().ClientVersion()); err != nil {
+	if err = validateAPIVersion(containerConfig, dockerCli.Client().ClientVersion()); err != nil {
 		reportError(dockerCli.Err(), "create", err.Error(), true)
 		return cli.StatusError{StatusCode: 125}
 	}
-	id, err := createContainer(ctx, dockerCli, containerCfg, options)
+	response, err := createContainer(context.Background(), dockerCli, containerConfig, options)
 	if err != nil {
 		return err
 	}
-	_, _ = fmt.Fprintln(dockerCli.Out(), id)
+	fmt.Fprintln(dockerCli.Out(), response.ID)
 	return nil
 }

-// FIXME(thaJeztah): this is the only code-path that uses APIClient.ImageCreate. Rewrite this to use the regular "pull" code (or vice-versa).
-func pullImage(ctx context.Context, dockerCli command.Cli, img string, options *createOptions) error {
-	encodedAuth, err := command.RetrieveAuthTokenFromImage(dockerCli.ConfigFile(), img)
+func pullImage(ctx context.Context, dockerCli command.Cli, image string, platform string, out io.Writer) error {
+	ref, err := reference.ParseNormalizedNamed(image)
 	if err != nil {
 		return err
 	}

-	responseBody, err := dockerCli.Client().ImageCreate(ctx, img, imagetypes.CreateOptions{
+	// Resolve the Repository name from fqn to RepositoryInfo
+	repoInfo, err := registry.ParseRepositoryInfo(ref)
+	if err != nil {
+		return err
+	}
+
+	authConfig := command.ResolveAuthConfig(ctx, dockerCli, repoInfo.Index)
+	encodedAuth, err := command.EncodeAuthToBase64(authConfig)
+	if err != nil {
+		return err
+	}
+
+	options := types.ImageCreateOptions{
 		RegistryAuth: encodedAuth,
-		Platform:     options.platform,
-	})
+		Platform:     platform,
+	}
+
+	responseBody, err := dockerCli.Client().ImageCreate(ctx, image, options)
 	if err != nil {
 		return err
 	}
 	defer responseBody.Close()

-	out := dockerCli.Err()
-	if options.quiet {
-		out = streams.NewOut(io.Discard)
-	}
-	return jsonmessage.DisplayJSONMessagesToStream(responseBody, out, nil)
+	return jsonmessage.DisplayJSONMessagesStream(
+		responseBody,
+		out,
+		dockerCli.Out().FD(),
+		dockerCli.Out().IsTerminal(),
+		nil)
 }

 type cidFile struct {
@ -185,10 +199,10 @@ func newCIDFile(path string) (*cidFile, error) {
 }

 //nolint:gocyclo
-func createContainer(ctx context.Context, dockerCli command.Cli, containerCfg *containerConfig, options *createOptions) (containerID string, err error) {
-	config := containerCfg.Config
-	hostConfig := containerCfg.HostConfig
-	networkingConfig := containerCfg.NetworkingConfig
+func createContainer(ctx context.Context, dockerCli command.Cli, containerConfig *containerConfig, opts *createOptions) (*container.CreateResponse, error) {
+	config := containerConfig.Config
+	hostConfig := containerConfig.HostConfig
+	networkingConfig := containerConfig.NetworkingConfig

 	warnOnOomKillDisable(*hostConfig, dockerCli.Err())
 	warnOnLocalhostDNS(*hostConfig, dockerCli.Err())
@ -200,29 +214,33 @@ func createContainer(ctx context.Context, dockerCli command.Cli, containerCfg *c

 	containerIDFile, err := newCIDFile(hostConfig.ContainerIDFile)
 	if err != nil {
-		return "", err
+		return nil, err
 	}
 	defer containerIDFile.Close()

 	ref, err := reference.ParseAnyReference(config.Image)
 	if err != nil {
-		return "", err
+		return nil, err
 	}
 	if named, ok := ref.(reference.Named); ok {
 		namedRef = reference.TagNameOnly(named)

-		if taggedRef, ok := namedRef.(reference.NamedTagged); ok && !options.untrusted {
+		if taggedRef, ok := namedRef.(reference.NamedTagged); ok && !opts.untrusted {
 			var err error
-			trustedRef, err = image.TrustedReference(ctx, dockerCli, taggedRef)
+			trustedRef, err = image.TrustedReference(ctx, dockerCli, taggedRef, nil)
 			if err != nil {
-				return "", err
+				return nil, err
 			}
 			config.Image = reference.FamiliarString(trustedRef)
 		}
 	}

 	pullAndTagImage := func() error {
-		if err := pullImage(ctx, dockerCli, config.Image, options); err != nil {
+		pullOut := dockerCli.Err()
+		if opts.quiet {
+			pullOut = io.Discard
+		}
+		if err := pullImage(ctx, dockerCli, config.Image, opts.platform, pullOut); err != nil {
 			return err
 		}
 		if taggedRef, ok := namedRef.(reference.NamedTagged); ok && trustedRef != nil {
@ -236,50 +254,50 @@ func createContainer(ctx context.Context, dockerCli command.Cli, containerCfg *c
 	// create. It will produce an error if you try to set a platform on older API
 	// versions, so check the API version here to maintain backwards
 	// compatibility for CLI users.
-	if options.platform != "" && versions.GreaterThanOrEqualTo(dockerCli.Client().ClientVersion(), "1.41") {
-		p, err := platforms.Parse(options.platform)
+	if opts.platform != "" && versions.GreaterThanOrEqualTo(dockerCli.Client().ClientVersion(), "1.41") {
+		p, err := platforms.Parse(opts.platform)
 		if err != nil {
-			return "", errors.Wrap(errdefs.InvalidParameter(err), "error parsing specified platform")
+			return nil, errors.Wrap(err, "error parsing specified platform")
 		}
 		platform = &p
 	}

-	if options.pull == PullImageAlways {
+	if opts.pull == PullImageAlways {
 		if err := pullAndTagImage(); err != nil {
-			return "", err
+			return nil, err
 		}
 	}

 	hostConfig.ConsoleSize[0], hostConfig.ConsoleSize[1] = dockerCli.Out().GetTtySize()

-	response, err := dockerCli.Client().ContainerCreate(ctx, config, hostConfig, networkingConfig, platform, options.name)
+	response, err := dockerCli.Client().ContainerCreate(ctx, config, hostConfig, networkingConfig, platform, opts.name)
 	if err != nil {
 		// Pull image if it does not exist locally and we have the PullImageMissing option. Default behavior.
-		if errdefs.IsNotFound(err) && namedRef != nil && options.pull == PullImageMissing {
-			if !options.quiet {
+		if apiclient.IsErrNotFound(err) && namedRef != nil && opts.pull == PullImageMissing {
+			if !opts.quiet {
 				// we don't want to write to stdout anything apart from container.ID
 				fmt.Fprintf(dockerCli.Err(), "Unable to find image '%s' locally\n", reference.FamiliarString(namedRef))
 			}

 			if err := pullAndTagImage(); err != nil {
-				return "", err
+				return nil, err
 			}

 			var retryErr error
-			response, retryErr = dockerCli.Client().ContainerCreate(ctx, config, hostConfig, networkingConfig, platform, options.name)
+			response, retryErr = dockerCli.Client().ContainerCreate(ctx, config, hostConfig, networkingConfig, platform, opts.name)
 			if retryErr != nil {
-				return "", retryErr
+				return nil, retryErr
 			}
 		} else {
-			return "", err
+			return nil, err
 		}
 	}

-	for _, w := range response.Warnings {
-		_, _ = fmt.Fprintf(dockerCli.Err(), "WARNING: %s\n", w)
+	for _, warning := range response.Warnings {
+		fmt.Fprintf(dockerCli.Err(), "WARNING: %s\n", warning)
 	}
 	err = containerIDFile.Write(response.ID)
-	return response.ID, err
+	return &response, err
 }

 func warnOnOomKillDisable(hostConfig container.HostConfig, stderr io.Writer) {
--- a/cli/command/container/create_test.go
+++ b/cli/command/container/create_test.go
@ -3,6 +3,7 @@ package container
 import (
 	"context"
 	"errors"
+	"fmt"
 	"io"
 	"os"
 	"runtime"
@ -14,10 +15,9 @@ import (
 	"github.com/docker/cli/cli/config/configfile"
 	"github.com/docker/cli/internal/test"
 	"github.com/docker/cli/internal/test/notary"
+	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/container"
-	"github.com/docker/docker/api/types/image"
 	"github.com/docker/docker/api/types/network"
-	"github.com/docker/docker/api/types/system"
 	"github.com/google/go-cmp/cmp"
 	specs "github.com/opencontainers/image-spec/specs-go/v1"
 	"github.com/spf13/pflag"
@ -79,10 +79,8 @@ func TestCIDFileCloseWithWrite(t *testing.T) {
 }

 func TestCreateContainerImagePullPolicy(t *testing.T) {
-	const (
-		imageName   = "does-not-exist-locally"
-		containerID = "abcdef"
-	)
+	imageName := "does-not-exist-locally"
+	containerID := "abcdef"
 	config := &containerConfig{
 		Config: &container.Config{
 			Image: imageName,
@ -93,18 +91,18 @@ func TestCreateContainerImagePullPolicy(t *testing.T) {
 	cases := []struct {
 		PullPolicy      string
 		ExpectedPulls   int
-		ExpectedID      string
+		ExpectedBody    container.CreateResponse
 		ExpectedErrMsg  string
 		ResponseCounter int
 	}{
 		{
 			PullPolicy:    PullImageMissing,
 			ExpectedPulls: 1,
-			ExpectedID:    containerID,
+			ExpectedBody:  container.CreateResponse{ID: containerID},
 		}, {
 			PullPolicy:      PullImageAlways,
 			ExpectedPulls:   1,
-			ExpectedID:      containerID,
+			ExpectedBody:    container.CreateResponse{ID: containerID},
 			ResponseCounter: 1, // This lets us return a container on the first pull
 		}, {
 			PullPolicy:     PullImageNever,
@ -112,52 +110,50 @@ func TestCreateContainerImagePullPolicy(t *testing.T) {
 			ExpectedErrMsg: "error fake not found",
 		},
 	}
-	for _, tc := range cases {
-		tc := tc
-		t.Run(tc.PullPolicy, func(t *testing.T) {
-			pullCounter := 0
+	for _, c := range cases {
+		c := c
+		pullCounter := 0

-			client := &fakeClient{
-				createContainerFunc: func(
-					config *container.Config,
-					hostConfig *container.HostConfig,
-					networkingConfig *network.NetworkingConfig,
-					platform *specs.Platform,
-					containerName string,
-				) (container.CreateResponse, error) {
-					defer func() { tc.ResponseCounter++ }()
-					switch tc.ResponseCounter {
-					case 0:
-						return container.CreateResponse{}, fakeNotFound{}
-					default:
-						return container.CreateResponse{ID: containerID}, nil
-					}
-				},
-				imageCreateFunc: func(parentReference string, options image.CreateOptions) (io.ReadCloser, error) {
-					defer func() { pullCounter++ }()
-					return io.NopCloser(strings.NewReader("")), nil
-				},
-				infoFunc: func() (system.Info, error) {
-					return system.Info{IndexServerAddress: "https://indexserver.example.com"}, nil
-				},
-			}
-			fakeCLI := test.NewFakeCli(client)
-			id, err := createContainer(context.Background(), fakeCLI, config, &createOptions{
-				name:      "name",
-				platform:  runtime.GOOS,
-				untrusted: true,
-				pull:      tc.PullPolicy,
-			})
-
-			if tc.ExpectedErrMsg != "" {
-				assert.Check(t, is.ErrorContains(err, tc.ExpectedErrMsg))
-			} else {
-				assert.Check(t, err)
-				assert.Check(t, is.Equal(tc.ExpectedID, id))
-			}
-
-			assert.Check(t, is.Equal(tc.ExpectedPulls, pullCounter))
+		client := &fakeClient{
+			createContainerFunc: func(
+				config *container.Config,
+				hostConfig *container.HostConfig,
+				networkingConfig *network.NetworkingConfig,
+				platform *specs.Platform,
+				containerName string,
+			) (container.CreateResponse, error) {
+				defer func() { c.ResponseCounter++ }()
+				switch c.ResponseCounter {
+				case 0:
+					return container.CreateResponse{}, fakeNotFound{}
+				default:
+					return container.CreateResponse{ID: containerID}, nil
+				}
+			},
+			imageCreateFunc: func(parentReference string, options types.ImageCreateOptions) (io.ReadCloser, error) {
+				defer func() { pullCounter++ }()
+				return io.NopCloser(strings.NewReader("")), nil
+			},
+			infoFunc: func() (types.Info, error) {
+				return types.Info{IndexServerAddress: "https://indexserver.example.com"}, nil
+			},
+		}
+		cli := test.NewFakeCli(client)
+		body, err := createContainer(context.Background(), cli, config, &createOptions{
+			name:      "name",
+			platform:  runtime.GOOS,
+			untrusted: true,
+			pull:      c.PullPolicy,
 		})
+
+		if c.ExpectedErrMsg != "" {
+			assert.ErrorContains(t, err, c.ExpectedErrMsg)
+		} else {
+			assert.NilError(t, err)
+			assert.Check(t, is.DeepEqual(c.ExpectedBody, *body))
+		}
+
+		assert.Check(t, is.Equal(c.ExpectedPulls, pullCounter))
 	}
 }

@ -180,7 +176,6 @@ func TestCreateContainerImagePullPolicyInvalid(t *testing.T) {
 		t.Run(tc.PullPolicy, func(t *testing.T) {
 			dockerCli := test.NewFakeCli(&fakeClient{})
 			err := runCreate(
-				context.TODO(),
 				dockerCli,
 				&pflag.FlagSet{},
 				&createOptions{pull: tc.PullPolicy},
@ -223,18 +218,18 @@ func TestNewCreateCommandWithContentTrustErrors(t *testing.T) {
 	}
 	for _, tc := range testCases {
 		tc := tc
-		fakeCLI := test.NewFakeCli(&fakeClient{
+		cli := test.NewFakeCli(&fakeClient{
 			createContainerFunc: func(config *container.Config,
 				hostConfig *container.HostConfig,
 				networkingConfig *network.NetworkingConfig,
 				platform *specs.Platform,
 				containerName string,
 			) (container.CreateResponse, error) {
-				return container.CreateResponse{}, errors.New("shouldn't try to pull image")
+				return container.CreateResponse{}, fmt.Errorf("shouldn't try to pull image")
 			},
 		}, test.EnableContentTrust)
-		fakeCLI.SetNotaryClient(tc.notaryFunc)
-		cmd := NewCreateCommand(fakeCLI)
+		cli.SetNotaryClient(tc.notaryFunc)
+		cmd := NewCreateCommand(cli)
 		cmd.SetOut(io.Discard)
 		cmd.SetArgs(tc.args)
 		err := cmd.Execute()
@ -323,7 +318,7 @@ func TestCreateContainerWithProxyConfig(t *testing.T) {
 	}
 	sort.Strings(expected)

-	fakeCLI := test.NewFakeCli(&fakeClient{
+	cli := test.NewFakeCli(&fakeClient{
 		createContainerFunc: func(config *container.Config,
 			hostConfig *container.HostConfig,
 			networkingConfig *network.NetworkingConfig,
@ -335,7 +330,7 @@ func TestCreateContainerWithProxyConfig(t *testing.T) {
 			return container.CreateResponse{}, nil
 		},
 	})
-	fakeCLI.SetConfigFile(&configfile.ConfigFile{
+	cli.SetConfigFile(&configfile.ConfigFile{
 		Proxies: map[string]configfile.ProxyConfig{
 			"default": {
 				HTTPProxy:  "httpProxy",
@ -346,7 +341,7 @@ func TestCreateContainerWithProxyConfig(t *testing.T) {
 			},
 		},
 	})
-	cmd := NewCreateCommand(fakeCLI)
+	cmd := NewCreateCommand(cli)
 	cmd.SetOut(io.Discard)
 	cmd.SetArgs([]string{"image:tag"})
 	err := cmd.Execute()
@ -355,5 +350,5 @@ func TestCreateContainerWithProxyConfig(t *testing.T) {

 type fakeNotFound struct{}

-func (f fakeNotFound) NotFound()     {}
-func (f fakeNotFound) Error() string { return "error fake not found" }
+func (f fakeNotFound) NotFound() bool { return true }
+func (f fakeNotFound) Error() string  { return "error fake not found" }
--- a/cli/command/container/diff.go
+++ b/cli/command/container/diff.go
@ -25,7 +25,7 @@ func NewDiffCommand(dockerCli command.Cli) *cobra.Command {
 		Args:  cli.ExactArgs(1),
 		RunE: func(cmd *cobra.Command, args []string) error {
 			opts.container = args[0]
-			return runDiff(cmd.Context(), dockerCli, &opts)
+			return runDiff(dockerCli, &opts)
 		},
 		Annotations: map[string]string{
 			"aliases": "docker container diff, docker diff",
@ -34,10 +34,12 @@ func NewDiffCommand(dockerCli command.Cli) *cobra.Command {
 	}
 }

-func runDiff(ctx context.Context, dockerCli command.Cli, opts *diffOptions) error {
+func runDiff(dockerCli command.Cli, opts *diffOptions) error {
 	if opts.container == "" {
 		return errors.New("Container name cannot be empty")
 	}
+	ctx := context.Background()
+
 	changes, err := dockerCli.Client().ContainerDiff(ctx, opts.container)
 	if err != nil {
 		return err
--- a/cli/command/container/exec.go
+++ b/cli/command/container/exec.go
@ -12,8 +12,7 @@ import (
 	"github.com/docker/cli/cli/config/configfile"
 	"github.com/docker/cli/opts"
 	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/api/types/container"
-	"github.com/docker/docker/client"
+	apiclient "github.com/docker/docker/client"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"
@ -29,6 +28,7 @@ type ExecOptions struct {
 	Privileged  bool
 	Env         opts.ListOpts
 	Workdir     string
+	Container   string
 	Command     []string
 	EnvFile     opts.ListOpts
 }
@ -50,12 +50,12 @@ func NewExecCommand(dockerCli command.Cli) *cobra.Command {
 		Short: "Execute a command in a running container",
 		Args:  cli.RequiresMinArgs(2),
 		RunE: func(cmd *cobra.Command, args []string) error {
-			containerIDorName := args[0]
+			options.Container = args[0]
 			options.Command = args[1:]
-			return RunExec(cmd.Context(), dockerCli, containerIDorName, options)
+			return RunExec(dockerCli, options)
 		},
-		ValidArgsFunction: completion.ContainerNames(dockerCli, false, func(ctr types.Container) bool {
-			return ctr.State != "paused"
+		ValidArgsFunction: completion.ContainerNames(dockerCli, false, func(container types.Container) bool {
+			return container.State != "paused"
 		}),
 		Annotations: map[string]string{
 			"category-top": "2",
@ -66,12 +66,12 @@ func NewExecCommand(dockerCli command.Cli) *cobra.Command {
 	flags := cmd.Flags()
 	flags.SetInterspersed(false)

-	flags.StringVar(&options.DetachKeys, "detach-keys", "", "Override the key sequence for detaching a container")
+	flags.StringVarP(&options.DetachKeys, "detach-keys", "", "", "Override the key sequence for detaching a container")
 	flags.BoolVarP(&options.Interactive, "interactive", "i", false, "Keep STDIN open even if not attached")
 	flags.BoolVarP(&options.TTY, "tty", "t", false, "Allocate a pseudo-TTY")
 	flags.BoolVarP(&options.Detach, "detach", "d", false, "Detached mode: run command in the background")
 	flags.StringVarP(&options.User, "user", "u", "", `Username or UID (format: "<name|uid>[:<group|gid>]")`)
-	flags.BoolVar(&options.Privileged, "privileged", false, "Give extended privileges to the command")
+	flags.BoolVarP(&options.Privileged, "privileged", "", false, "Give extended privileges to the command")
 	flags.VarP(&options.Env, "env", "e", "Set environment variables")
 	flags.SetAnnotation("env", "version", []string{"1.25"})
 	flags.Var(&options.EnvFile, "env-file", "Read in a file of environment variables")
@ -79,41 +79,48 @@ func NewExecCommand(dockerCli command.Cli) *cobra.Command {
 	flags.StringVarP(&options.Workdir, "workdir", "w", "", "Working directory inside the container")
 	flags.SetAnnotation("workdir", "version", []string{"1.35"})

-	_ = cmd.RegisterFlagCompletionFunc("env", func(*cobra.Command, []string, string) ([]string, cobra.ShellCompDirective) {
-		return os.Environ(), cobra.ShellCompDirectiveNoFileComp
-	})
-	_ = cmd.RegisterFlagCompletionFunc("env-file", func(*cobra.Command, []string, string) ([]string, cobra.ShellCompDirective) {
-		return nil, cobra.ShellCompDirectiveDefault // _filedir
-	})
+	cmd.RegisterFlagCompletionFunc(
+		"env",
+		func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
+			return os.Environ(), cobra.ShellCompDirectiveNoFileComp
+		},
+	)
+	cmd.RegisterFlagCompletionFunc(
+		"env-file",
+		func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
+			return nil, cobra.ShellCompDirectiveDefault // _filedir
+		},
+	)

 	return cmd
 }

 // RunExec executes an `exec` command
-func RunExec(ctx context.Context, dockerCli command.Cli, containerIDorName string, options ExecOptions) error {
-	execOptions, err := parseExec(options, dockerCli.ConfigFile())
+func RunExec(dockerCli command.Cli, options ExecOptions) error {
+	execConfig, err := parseExec(options, dockerCli.ConfigFile())
 	if err != nil {
 		return err
 	}

-	apiClient := dockerCli.Client()
+	ctx := context.Background()
+	client := dockerCli.Client()

 	// We need to check the tty _before_ we do the ContainerExecCreate, because
 	// otherwise if we error out we will leak execIDs on the server (and
 	// there's no easy way to clean those up). But also in order to make "not
 	// exist" errors take precedence we do a dummy inspect first.
-	if _, err := apiClient.ContainerInspect(ctx, containerIDorName); err != nil {
+	if _, err := client.ContainerInspect(ctx, options.Container); err != nil {
 		return err
 	}
-	if !execOptions.Detach {
-		if err := dockerCli.In().CheckTty(execOptions.AttachStdin, execOptions.Tty); err != nil {
+	if !execConfig.Detach {
+		if err := dockerCli.In().CheckTty(execConfig.AttachStdin, execConfig.Tty); err != nil {
 			return err
 		}
 	}

-	fillConsoleSize(execOptions, dockerCli)
+	fillConsoleSize(execConfig, dockerCli)

-	response, err := apiClient.ContainerExecCreate(ctx, containerIDorName, *execOptions)
+	response, err := client.ContainerExecCreate(ctx, options.Container, *execConfig)
 	if err != nil {
 		return err
 	}
@ -123,50 +130,52 @@ func RunExec(ctx context.Context, dockerCli command.Cli, containerIDorName strin
 		return errors.New("exec ID empty")
 	}

-	if execOptions.Detach {
-		return apiClient.ContainerExecStart(ctx, execID, container.ExecStartOptions{
-			Detach:      execOptions.Detach,
-			Tty:         execOptions.Tty,
-			ConsoleSize: execOptions.ConsoleSize,
-		})
+	if execConfig.Detach {
+		execStartCheck := types.ExecStartCheck{
+			Detach:      execConfig.Detach,
+			Tty:         execConfig.Tty,
+			ConsoleSize: execConfig.ConsoleSize,
+		}
+		return client.ContainerExecStart(ctx, execID, execStartCheck)
 	}
-	return interactiveExec(ctx, dockerCli, execOptions, execID)
+	return interactiveExec(ctx, dockerCli, execConfig, execID)
 }

-func fillConsoleSize(execOptions *container.ExecOptions, dockerCli command.Cli) {
-	if execOptions.Tty {
+func fillConsoleSize(execConfig *types.ExecConfig, dockerCli command.Cli) {
+	if execConfig.Tty {
 		height, width := dockerCli.Out().GetTtySize()
-		execOptions.ConsoleSize = &[2]uint{height, width}
+		execConfig.ConsoleSize = &[2]uint{height, width}
 	}
 }

-func interactiveExec(ctx context.Context, dockerCli command.Cli, execOptions *container.ExecOptions, execID string) error {
+func interactiveExec(ctx context.Context, dockerCli command.Cli, execConfig *types.ExecConfig, execID string) error {
 	// Interactive exec requested.
 	var (
 		out, stderr io.Writer
 		in          io.ReadCloser
 	)

-	if execOptions.AttachStdin {
+	if execConfig.AttachStdin {
 		in = dockerCli.In()
 	}
-	if execOptions.AttachStdout {
+	if execConfig.AttachStdout {
 		out = dockerCli.Out()
 	}
-	if execOptions.AttachStderr {
-		if execOptions.Tty {
+	if execConfig.AttachStderr {
+		if execConfig.Tty {
 			stderr = dockerCli.Out()
 		} else {
 			stderr = dockerCli.Err()
 		}
 	}
-	fillConsoleSize(execOptions, dockerCli)
+	fillConsoleSize(execConfig, dockerCli)

-	apiClient := dockerCli.Client()
-	resp, err := apiClient.ContainerExecAttach(ctx, execID, container.ExecAttachOptions{
-		Tty:         execOptions.Tty,
-		ConsoleSize: execOptions.ConsoleSize,
-	})
+	client := dockerCli.Client()
+	execStartCheck := types.ExecStartCheck{
+		Tty:         execConfig.Tty,
+		ConsoleSize: execConfig.ConsoleSize,
+	}
+	resp, err := client.ContainerExecAttach(ctx, execID, execStartCheck)
 	if err != nil {
 		return err
 	}
@ -183,17 +192,17 @@ func interactiveExec(ctx context.Context, dockerCli command.Cli, execOptions *co
 				outputStream: out,
 				errorStream:  stderr,
 				resp:         resp,
-				tty:          execOptions.Tty,
-				detachKeys:   execOptions.DetachKeys,
+				tty:          execConfig.Tty,
+				detachKeys:   execConfig.DetachKeys,
 			}

 			return streamer.stream(ctx)
 		}()
 	}()

-	if execOptions.Tty && dockerCli.In().IsTerminal() {
+	if execConfig.Tty && dockerCli.In().IsTerminal() {
 		if err := MonitorTtySize(ctx, dockerCli, execID, true); err != nil {
-			_, _ = fmt.Fprintln(dockerCli.Err(), "Error monitoring TTY size:", err)
+			fmt.Fprintln(dockerCli.Err(), "Error monitoring TTY size:", err)
 		}
 	}

@ -202,14 +211,14 @@ func interactiveExec(ctx context.Context, dockerCli command.Cli, execOptions *co
 		return err
 	}

-	return getExecExitStatus(ctx, apiClient, execID)
+	return getExecExitStatus(ctx, client, execID)
 }

-func getExecExitStatus(ctx context.Context, apiClient client.ContainerAPIClient, execID string) error {
-	resp, err := apiClient.ContainerExecInspect(ctx, execID)
+func getExecExitStatus(ctx context.Context, client apiclient.ContainerAPIClient, execID string) error {
+	resp, err := client.ContainerExecInspect(ctx, execID)
 	if err != nil {
 		// If we can't connect, then the daemon probably died.
-		if !client.IsErrConnectionFailed(err) {
+		if !apiclient.IsErrConnectionFailed(err) {
 			return err
 		}
 		return cli.StatusError{StatusCode: -1}
@ -223,8 +232,8 @@ func getExecExitStatus(ctx context.Context, apiClient client.ContainerAPIClient,

 // parseExec parses the specified args for the specified command and generates
 // an ExecConfig from it.
-func parseExec(execOpts ExecOptions, configFile *configfile.ConfigFile) (*container.ExecOptions, error) {
-	execOptions := &container.ExecOptions{
+func parseExec(execOpts ExecOptions, configFile *configfile.ConfigFile) (*types.ExecConfig, error) {
+	execConfig := &types.ExecConfig{
 		User:       execOpts.User,
 		Privileged: execOpts.Privileged,
 		Tty:        execOpts.TTY,
@ -235,23 +244,23 @@ func parseExec(execOpts ExecOptions, configFile *configfile.ConfigFile) (*contai

 	// collect all the environment variables for the container
 	var err error
-	if execOptions.Env, err = opts.ReadKVEnvStrings(execOpts.EnvFile.GetAll(), execOpts.Env.GetAll()); err != nil {
+	if execConfig.Env, err = opts.ReadKVEnvStrings(execOpts.EnvFile.GetAll(), execOpts.Env.GetAll()); err != nil {
 		return nil, err
 	}

 	// If -d is not set, attach to everything by default
 	if !execOpts.Detach {
-		execOptions.AttachStdout = true
-		execOptions.AttachStderr = true
+		execConfig.AttachStdout = true
+		execConfig.AttachStderr = true
 		if execOpts.Interactive {
-			execOptions.AttachStdin = true
+			execConfig.AttachStdin = true
 		}
 	}

 	if execOpts.DetachKeys != "" {
-		execOptions.DetachKeys = execOpts.DetachKeys
+		execConfig.DetachKeys = execOpts.DetachKeys
 	} else {
-		execOptions.DetachKeys = configFile.DetachKeys
+		execConfig.DetachKeys = configFile.DetachKeys
 	}
-	return execOptions, nil
+	return execConfig, nil
 }
--- a/cli/command/container/exec_test.go
+++ b/cli/command/container/exec_test.go
@ -11,7 +11,6 @@ import (
 	"github.com/docker/cli/internal/test"
 	"github.com/docker/cli/opts"
 	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/api/types/container"
 	"github.com/pkg/errors"
 	"gotest.tools/v3/assert"
 	is "gotest.tools/v3/assert/cmp"
@ -38,10 +37,10 @@ TWO=2
 	testcases := []struct {
 		options    ExecOptions
 		configFile configfile.ConfigFile
-		expected   container.ExecOptions
+		expected   types.ExecConfig
 	}{
 		{
-			expected: container.ExecOptions{
+			expected: types.ExecConfig{
 				Cmd:          []string{"command"},
 				AttachStdout: true,
 				AttachStderr: true,
@ -49,7 +48,7 @@ TWO=2
 			options: withDefaultOpts(ExecOptions{}),
 		},
 		{
-			expected: container.ExecOptions{
+			expected: types.ExecConfig{
 				Cmd:          []string{"command1", "command2"},
 				AttachStdout: true,
 				AttachStderr: true,
@ -64,7 +63,7 @@ TWO=2
 				TTY:         true,
 				User:        "uid",
 			}),
-			expected: container.ExecOptions{
+			expected: types.ExecConfig{
 				User:         "uid",
 				AttachStdin:  true,
 				AttachStdout: true,
@ -75,7 +74,7 @@ TWO=2
 		},
 		{
 			options: withDefaultOpts(ExecOptions{Detach: true}),
-			expected: container.ExecOptions{
+			expected: types.ExecConfig{
 				Detach: true,
 				Cmd:    []string{"command"},
 			},
@ -86,7 +85,7 @@ TWO=2
 				Interactive: true,
 				Detach:      true,
 			}),
-			expected: container.ExecOptions{
+			expected: types.ExecConfig{
 				Detach: true,
 				Tty:    true,
 				Cmd:    []string{"command"},
@ -95,7 +94,7 @@ TWO=2
 		{
 			options:    withDefaultOpts(ExecOptions{Detach: true}),
 			configFile: configfile.ConfigFile{DetachKeys: "de"},
-			expected: container.ExecOptions{
+			expected: types.ExecConfig{
 				Cmd:        []string{"command"},
 				DetachKeys: "de",
 				Detach:     true,
@ -107,14 +106,14 @@ TWO=2
 				DetachKeys: "ab",
 			}),
 			configFile: configfile.ConfigFile{DetachKeys: "de"},
-			expected: container.ExecOptions{
+			expected: types.ExecConfig{
 				Cmd:        []string{"command"},
 				DetachKeys: "ab",
 				Detach:     true,
 			},
 		},
 		{
-			expected: container.ExecOptions{
+			expected: types.ExecConfig{
 				Cmd:          []string{"command"},
 				AttachStdout: true,
 				AttachStderr: true,
@ -127,7 +126,7 @@ TWO=2
 			}(),
 		},
 		{
-			expected: container.ExecOptions{
+			expected: types.ExecConfig{
 				Cmd:          []string{"command"},
 				AttachStdout: true,
 				AttachStderr: true,
@ -162,7 +161,7 @@ func TestRunExec(t *testing.T) {
 	testcases := []struct {
 		doc           string
 		options       ExecOptions
-		client        *fakeClient
+		client        fakeClient
 		expectedError string
 		expectedOut   string
 		expectedErr   string
@ -170,14 +169,15 @@ func TestRunExec(t *testing.T) {
 		{
 			doc: "successful detach",
 			options: withDefaultOpts(ExecOptions{
-				Detach: true,
+				Container: "thecontainer",
+				Detach:    true,
 			}),
-			client: &fakeClient{execCreateFunc: execCreateWithID},
+			client: fakeClient{execCreateFunc: execCreateWithID},
 		},
 		{
 			doc:     "inspect error",
 			options: NewExecOptions(),
-			client: &fakeClient{
+			client: fakeClient{
 				inspectFunc: func(string) (types.ContainerJSON, error) {
 					return types.ContainerJSON{}, errors.New("failed inspect")
 				},
@ -188,27 +188,28 @@ func TestRunExec(t *testing.T) {
 			doc:           "missing exec ID",
 			options:       NewExecOptions(),
 			expectedError: "exec ID empty",
-			client:        &fakeClient{},
 		},
 	}

 	for _, testcase := range testcases {
 		t.Run(testcase.doc, func(t *testing.T) {
-			fakeCLI := test.NewFakeCli(testcase.client)
+			cli := test.NewFakeCli(&testcase.client)

-			err := RunExec(context.TODO(), fakeCLI, "thecontainer", testcase.options)
+			err := RunExec(cli, testcase.options)
 			if testcase.expectedError != "" {
 				assert.ErrorContains(t, err, testcase.expectedError)
-			} else if !assert.Check(t, err) {
-				return
+			} else {
+				if !assert.Check(t, err) {
+					return
+				}
 			}
-			assert.Check(t, is.Equal(testcase.expectedOut, fakeCLI.OutBuffer().String()))
-			assert.Check(t, is.Equal(testcase.expectedErr, fakeCLI.ErrBuffer().String()))
+			assert.Check(t, is.Equal(testcase.expectedOut, cli.OutBuffer().String()))
+			assert.Check(t, is.Equal(testcase.expectedErr, cli.ErrBuffer().String()))
 		})
 	}
 }

-func execCreateWithID(_ string, _ container.ExecOptions) (types.IDResponse, error) {
+func execCreateWithID(_ string, _ types.ExecConfig) (types.IDResponse, error) {
 	return types.IDResponse{ID: "execid"}, nil
 }

@ -237,9 +238,9 @@ func TestGetExecExitStatus(t *testing.T) {

 	for _, testcase := range testcases {
 		client := &fakeClient{
-			execInspectFunc: func(id string) (container.ExecInspect, error) {
+			execInspectFunc: func(id string) (types.ContainerExecInspect, error) {
 				assert.Check(t, is.Equal(execID, id))
-				return container.ExecInspect{ExitCode: testcase.exitCode}, testcase.inspectError
+				return types.ContainerExecInspect{ExitCode: testcase.exitCode}, testcase.inspectError
 			},
 		}
 		err := getExecExitStatus(context.Background(), client, execID)
@ -264,8 +265,8 @@ func TestNewExecCommandErrors(t *testing.T) {
 		},
 	}
 	for _, tc := range testCases {
-		fakeCLI := test.NewFakeCli(&fakeClient{inspectFunc: tc.containerInspectFunc})
-		cmd := NewExecCommand(fakeCLI)
+		cli := test.NewFakeCli(&fakeClient{inspectFunc: tc.containerInspectFunc})
+		cmd := NewExecCommand(cli)
 		cmd.SetOut(io.Discard)
 		cmd.SetArgs(tc.args)
 		assert.ErrorContains(t, cmd.Execute(), tc.expectedError)
--- a/cli/command/container/export.go
+++ b/cli/command/container/export.go
@ -26,7 +26,7 @@ func NewExportCommand(dockerCli command.Cli) *cobra.Command {
 		Args:  cli.ExactArgs(1),
 		RunE: func(cmd *cobra.Command, args []string) error {
 			opts.container = args[0]
-			return runExport(cmd.Context(), dockerCli, opts)
+			return runExport(dockerCli, opts)
 		},
 		Annotations: map[string]string{
 			"aliases": "docker container export, docker export",
@ -41,7 +41,7 @@ func NewExportCommand(dockerCli command.Cli) *cobra.Command {
 	return cmd
 }

-func runExport(ctx context.Context, dockerCli command.Cli, opts exportOptions) error {
+func runExport(dockerCli command.Cli, opts exportOptions) error {
 	if opts.output == "" && dockerCli.Out().IsTerminal() {
 		return errors.New("cowardly refusing to save to a terminal. Use the -o flag or redirect")
 	}
@ -52,7 +52,7 @@ func runExport(ctx context.Context, dockerCli command.Cli, opts exportOptions) e

 	clnt := dockerCli.Client()

-	responseBody, err := clnt.ContainerExport(ctx, opts.container)
+	responseBody, err := clnt.ContainerExport(context.Background(), opts.container)
 	if err != nil {
 		return err
 	}
--- a/cli/command/container/formatter_diff.go
+++ b/cli/command/container/formatter_diff.go
@ -3,6 +3,7 @@ package container
 import (
 	"github.com/docker/cli/cli/command/formatter"
 	"github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/pkg/archive"
 )

 const (
@ -14,14 +15,15 @@ const (

 // NewDiffFormat returns a format for use with a diff Context
 func NewDiffFormat(source string) formatter.Format {
-	if source == formatter.TableFormatKey {
+	switch source {
+	case formatter.TableFormatKey:
 		return defaultDiffTableFormat
 	}
 	return formatter.Format(source)
 }

 // DiffFormatWrite writes formatted diff using the Context
-func DiffFormatWrite(ctx formatter.Context, changes []container.FilesystemChange) error {
+func DiffFormatWrite(ctx formatter.Context, changes []container.ContainerChangeResponseItem) error {
 	render := func(format func(subContext formatter.SubContext) error) error {
 		for _, change := range changes {
 			if err := format(&diffContext{c: change}); err != nil {
@ -35,7 +37,7 @@ func DiffFormatWrite(ctx formatter.Context, changes []container.FilesystemChange

 type diffContext struct {
 	formatter.HeaderContext
-	c container.FilesystemChange
+	c container.ContainerChangeResponseItem
 }

 func newDiffContext() *diffContext {
@ -52,7 +54,16 @@ func (d *diffContext) MarshalJSON() ([]byte, error) {
 }

 func (d *diffContext) Type() string {
-	return d.c.Kind.String()
+	var kind string
+	switch d.c.Kind {
+	case archive.ChangeModify:
+		kind = "C"
+	case archive.ChangeAdd:
+		kind = "A"
+	case archive.ChangeDelete:
+		kind = "D"
+	}
+	return kind
 }

 func (d *diffContext) Path() string {
--- a/cli/command/container/formatter_diff_test.go
+++ b/cli/command/container/formatter_diff_test.go
@ -6,6 +6,7 @@ import (

 	"github.com/docker/cli/cli/command/formatter"
 	"github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/pkg/archive"
 	"gotest.tools/v3/assert"
 )

@ -40,10 +41,10 @@ D: /usr/app/old_app.js
 		},
 	}

-	diffs := []container.FilesystemChange{
-		{Kind: container.ChangeModify, Path: "/var/log/app.log"},
-		{Kind: container.ChangeAdd, Path: "/usr/app/app.js"},
-		{Kind: container.ChangeDelete, Path: "/usr/app/old_app.js"},
+	diffs := []container.ContainerChangeResponseItem{
+		{Kind: archive.ChangeModify, Path: "/var/log/app.log"},
+		{Kind: archive.ChangeAdd, Path: "/usr/app/app.js"},
+		{Kind: archive.ChangeDelete, Path: "/usr/app/old_app.js"},
 	}

 	for _, tc := range cases {
--- a/cli/command/container/formatter_stats.go
+++ b/cli/command/container/formatter_stats.go
@ -24,7 +24,7 @@ const (
 	pidsHeader      = "PIDS"              // Used only on Linux
 )

-// StatsEntry represents the statistics data collected from a container
+// StatsEntry represents represents the statistics data collected from a container
 type StatsEntry struct {
 	Container        string
 	Name             string
@ -116,9 +116,9 @@ func NewStats(container string) *Stats {
 }

 // statsFormatWrite renders the context for a list of containers statistics
-func statsFormatWrite(ctx formatter.Context, stats []StatsEntry, osType string, trunc bool) error {
+func statsFormatWrite(ctx formatter.Context, Stats []StatsEntry, osType string, trunc bool) error {
 	render := func(format func(subContext formatter.SubContext) error) error {
-		for _, cstats := range stats {
+		for _, cstats := range Stats {
 			statsCtx := &statsContext{
 				s:     cstats,
 				os:    osType,
--- a/cli/command/container/hijack.go
+++ b/cli/command/container/hijack.go
@ -87,7 +87,7 @@ func (h *hijackedIOStreamer) setupInput() (restore func(), err error) {
 	var restoreOnce sync.Once
 	restore = func() {
 		restoreOnce.Do(func() {
-			_ = restoreTerminal(h.streams, h.inputStream)
+			restoreTerminal(h.streams, h.inputStream)
 		})
 	}

--- a/cli/command/container/inspect.go
+++ b/cli/command/container/inspect.go
@ -1,6 +1,3 @@
-// FIXME(thaJeztah): remove once we are a module; the go:build directive prevents go from downgrading language version to go1.16:
-//go:build go1.21
-
 package container

 import (
@ -30,7 +27,7 @@ func newInspectCommand(dockerCli command.Cli) *cobra.Command {
 		Args:  cli.RequiresMinArgs(1),
 		RunE: func(cmd *cobra.Command, args []string) error {
 			opts.refs = args
-			return runInspect(cmd.Context(), dockerCli, opts)
+			return runInspect(dockerCli, opts)
 		},
 		ValidArgsFunction: completion.ContainerNames(dockerCli, true),
 	}
@ -42,10 +39,11 @@ func newInspectCommand(dockerCli command.Cli) *cobra.Command {
 	return cmd
 }

-func runInspect(ctx context.Context, dockerCli command.Cli, opts inspectOptions) error {
+func runInspect(dockerCli command.Cli, opts inspectOptions) error {
 	client := dockerCli.Client()
+	ctx := context.Background()

-	getRefFunc := func(ref string) (any, []byte, error) {
+	getRefFunc := func(ref string) (interface{}, []byte, error) {
 		return client.ContainerInspectWithRaw(ctx, ref, opts.size)
 	}
 	return inspect.Inspect(dockerCli.Out(), opts.refs, opts.format, getRefFunc)
--- a/cli/command/container/kill.go
+++ b/cli/command/container/kill.go
@ -28,7 +28,7 @@ func NewKillCommand(dockerCli command.Cli) *cobra.Command {
 		Args:  cli.RequiresMinArgs(1),
 		RunE: func(cmd *cobra.Command, args []string) error {
 			opts.containers = args
-			return runKill(cmd.Context(), dockerCli, &opts)
+			return runKill(dockerCli, &opts)
 		},
 		Annotations: map[string]string{
 			"aliases": "docker container kill, docker kill",
@ -41,8 +41,9 @@ func NewKillCommand(dockerCli command.Cli) *cobra.Command {
 	return cmd
 }

-func runKill(ctx context.Context, dockerCli command.Cli, opts *killOptions) error {
+func runKill(dockerCli command.Cli, opts *killOptions) error {
 	var errs []string
+	ctx := context.Background()
 	errChan := parallelOperation(ctx, opts.containers, func(ctx context.Context, container string) error {
 		return dockerCli.Client().ContainerKill(ctx, container, opts.signal)
 	})
--- a/cli/command/container/list.go
+++ b/cli/command/container/list.go
@ -11,7 +11,7 @@ import (
 	flagsHelper "github.com/docker/cli/cli/flags"
 	"github.com/docker/cli/opts"
 	"github.com/docker/cli/templates"
-	"github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/api/types"
 	"github.com/pkg/errors"
 	"github.com/spf13/cobra"
 )
@ -29,7 +29,7 @@ type psOptions struct {
 }

 // NewPsCommand creates a new cobra.Command for `docker ps`
-func NewPsCommand(dockerCLI command.Cli) *cobra.Command {
+func NewPsCommand(dockerCli command.Cli) *cobra.Command {
 	options := psOptions{filter: opts.NewFilterOpt()}

 	cmd := &cobra.Command{
@ -38,7 +38,7 @@ func NewPsCommand(dockerCLI command.Cli) *cobra.Command {
 		Args:  cli.NoArgs,
 		RunE: func(cmd *cobra.Command, args []string) error {
 			options.sizeChanged = cmd.Flags().Changed("size")
-			return runPs(cmd.Context(), dockerCLI, &options)
+			return runPs(dockerCli, &options)
 		},
 		Annotations: map[string]string{
 			"category-top": "3",
@ -55,34 +55,34 @@ func NewPsCommand(dockerCLI command.Cli) *cobra.Command {
 	flags.BoolVar(&options.noTrunc, "no-trunc", false, "Don't truncate output")
 	flags.BoolVarP(&options.nLatest, "latest", "l", false, "Show the latest created container (includes all states)")
 	flags.IntVarP(&options.last, "last", "n", -1, "Show n last created containers (includes all states)")
-	flags.StringVar(&options.format, "format", "", flagsHelper.FormatHelp)
+	flags.StringVarP(&options.format, "format", "", "", flagsHelper.FormatHelp)
 	flags.VarP(&options.filter, "filter", "f", "Filter output based on conditions provided")

 	return cmd
 }

-func newListCommand(dockerCLI command.Cli) *cobra.Command {
-	cmd := *NewPsCommand(dockerCLI)
+func newListCommand(dockerCli command.Cli) *cobra.Command {
+	cmd := *NewPsCommand(dockerCli)
 	cmd.Aliases = []string{"ps", "list"}
 	cmd.Use = "ls [OPTIONS]"
 	return &cmd
 }

-func buildContainerListOptions(options *psOptions) (*container.ListOptions, error) {
-	listOptions := &container.ListOptions{
-		All:     options.all,
-		Limit:   options.last,
-		Size:    options.size,
-		Filters: options.filter.Value(),
+func buildContainerListOptions(opts *psOptions) (*types.ContainerListOptions, error) {
+	options := &types.ContainerListOptions{
+		All:     opts.all,
+		Limit:   opts.last,
+		Size:    opts.size,
+		Filters: opts.filter.Value(),
 	}

-	if options.nLatest && options.last == -1 {
-		listOptions.Limit = 1
+	if opts.nLatest && opts.last == -1 {
+		options.Limit = 1
 	}

 	// always validate template when `--format` is used, for consistency
-	if len(options.format) > 0 {
-		tmpl, err := templates.NewParse("", options.format)
+	if len(opts.format) > 0 {
+		tmpl, err := templates.NewParse("", opts.format)
 		if err != nil {
 			return nil, errors.Wrap(err, "failed to parse template")
 		}
@ -97,7 +97,7 @@ func buildContainerListOptions(options *psOptions) (*container.ListOptions, erro

 		// if `size` was not explicitly set to false (with `--size=false`)
 		// and `--quiet` is not set, request size if the template requires it
-		if !options.quiet && !listOptions.Size && !options.sizeChanged {
+		if !opts.quiet && !options.Size && !opts.sizeChanged {
 			// The --size option isn't set, but .Size may be used in the template.
 			// Parse and execute the given template to detect if the .Size field is
 			// used. If it is, then automatically enable the --size option. See #24696
@ -106,20 +106,20 @@ func buildContainerListOptions(options *psOptions) (*container.ListOptions, erro
 			// because calculating the size is a costly operation.

 			if _, ok := optionsProcessor.FieldsUsed["Size"]; ok {
-				listOptions.Size = true
+				options.Size = true
 			}
 		}
 	}

-	return listOptions, nil
+	return options, nil
 }

-func runPs(ctx context.Context, dockerCLI command.Cli, options *psOptions) error {
+func runPs(dockerCli command.Cli, options *psOptions) error {
+	ctx := context.Background()
+
 	if len(options.format) == 0 {
 		// load custom psFormat from CLI config (if any)
-		options.format = dockerCLI.ConfigFile().PsFormat
-	} else if options.quiet {
-		_, _ = dockerCLI.Err().Write([]byte("WARNING: Ignoring custom format, because both --format and --quiet are set.\n"))
+		options.format = dockerCli.ConfigFile().PsFormat
 	}

 	listOptions, err := buildContainerListOptions(options)
@ -127,13 +127,13 @@ func runPs(ctx context.Context, dockerCLI command.Cli, options *psOptions) error
 		return err
 	}

-	containers, err := dockerCLI.Client().ContainerList(ctx, *listOptions)
+	containers, err := dockerCli.Client().ContainerList(ctx, *listOptions)
 	if err != nil {
 		return err
 	}

 	containerCtx := formatter.Context{
-		Output: dockerCLI.Out(),
+		Output: dockerCli.Out(),
 		Format: formatter.NewContainerFormat(options.format, options.quiet, listOptions.Size),
 		Trunc:  !options.noTrunc,
 	}
--- a/cli/command/container/list_test.go
+++ b/cli/command/container/list_test.go
@ -1,16 +1,15 @@
 package container

 import (
-	"errors"
+	"fmt"
 	"io"
 	"testing"

 	"github.com/docker/cli/cli/config/configfile"
 	"github.com/docker/cli/internal/test"
-	"github.com/docker/cli/internal/test/builders"
+	. "github.com/docker/cli/internal/test/builders" // Import builders to get the builder function as package function
 	"github.com/docker/cli/opts"
 	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/api/types/container"
 	"gotest.tools/v3/assert"
 	is "gotest.tools/v3/assert/cmp"
 	"gotest.tools/v3/golden"
@ -130,7 +129,7 @@ func TestContainerListErrors(t *testing.T) {
 	testCases := []struct {
 		args              []string
 		flags             map[string]string
-		containerListFunc func(container.ListOptions) ([]types.Container, error)
+		containerListFunc func(types.ContainerListOptions) ([]types.Container, error)
 		expectedError     string
 	}{
 		{
@ -146,8 +145,8 @@ func TestContainerListErrors(t *testing.T) {
 			expectedError: `wrong number of args for join`,
 		},
 		{
-			containerListFunc: func(_ container.ListOptions) ([]types.Container, error) {
-				return nil, errors.New("error listing containers")
+			containerListFunc: func(_ types.ContainerListOptions) ([]types.Container, error) {
+				return nil, fmt.Errorf("error listing containers")
 			},
 			expectedError: "error listing containers",
 		},
@ -160,7 +159,7 @@ func TestContainerListErrors(t *testing.T) {
 		)
 		cmd.SetArgs(tc.args)
 		for key, value := range tc.flags {
-			assert.Check(t, cmd.Flags().Set(key, value))
+			cmd.Flags().Set(key, value)
 		}
 		cmd.SetOut(io.Discard)
 		assert.ErrorContains(t, cmd.Execute(), tc.expectedError)
@ -169,13 +168,13 @@ func TestContainerListErrors(t *testing.T) {

 func TestContainerListWithoutFormat(t *testing.T) {
 	cli := test.NewFakeCli(&fakeClient{
-		containerListFunc: func(_ container.ListOptions) ([]types.Container, error) {
+		containerListFunc: func(_ types.ContainerListOptions) ([]types.Container, error) {
 			return []types.Container{
-				*builders.Container("c1"),
-				*builders.Container("c2", builders.WithName("foo")),
-				*builders.Container("c3", builders.WithPort(80, 80, builders.TCP), builders.WithPort(81, 81, builders.TCP), builders.WithPort(82, 82, builders.TCP)),
-				*builders.Container("c4", builders.WithPort(81, 81, builders.UDP)),
-				*builders.Container("c5", builders.WithPort(82, 82, builders.IP("8.8.8.8"), builders.TCP)),
+				*Container("c1"),
+				*Container("c2", WithName("foo")),
+				*Container("c3", WithPort(80, 80, TCP), WithPort(81, 81, TCP), WithPort(82, 82, TCP)),
+				*Container("c4", WithPort(81, 81, UDP)),
+				*Container("c5", WithPort(82, 82, IP("8.8.8.8"), TCP)),
 			}, nil
 		},
 	})
@ -186,15 +185,15 @@ func TestContainerListWithoutFormat(t *testing.T) {

 func TestContainerListNoTrunc(t *testing.T) {
 	cli := test.NewFakeCli(&fakeClient{
-		containerListFunc: func(_ container.ListOptions) ([]types.Container, error) {
+		containerListFunc: func(_ types.ContainerListOptions) ([]types.Container, error) {
 			return []types.Container{
-				*builders.Container("c1"),
-				*builders.Container("c2", builders.WithName("foo/bar")),
+				*Container("c1"),
+				*Container("c2", WithName("foo/bar")),
 			}, nil
 		},
 	})
 	cmd := newListCommand(cli)
-	assert.Check(t, cmd.Flags().Set("no-trunc", "true"))
+	cmd.Flags().Set("no-trunc", "true")
 	assert.NilError(t, cmd.Execute())
 	golden.Assert(t, cli.OutBuffer().String(), "container-list-without-format-no-trunc.golden")
 }
@ -202,15 +201,15 @@ func TestContainerListNoTrunc(t *testing.T) {
 // Test for GitHub issue docker/docker#21772
 func TestContainerListNamesMultipleTime(t *testing.T) {
 	cli := test.NewFakeCli(&fakeClient{
-		containerListFunc: func(_ container.ListOptions) ([]types.Container, error) {
+		containerListFunc: func(_ types.ContainerListOptions) ([]types.Container, error) {
 			return []types.Container{
-				*builders.Container("c1"),
-				*builders.Container("c2", builders.WithName("foo/bar")),
+				*Container("c1"),
+				*Container("c2", WithName("foo/bar")),
 			}, nil
 		},
 	})
 	cmd := newListCommand(cli)
-	assert.Check(t, cmd.Flags().Set("format", "{{.Names}} {{.Names}}"))
+	cmd.Flags().Set("format", "{{.Names}} {{.Names}}")
 	assert.NilError(t, cmd.Execute())
 	golden.Assert(t, cli.OutBuffer().String(), "container-list-format-name-name.golden")
 }
@ -218,15 +217,15 @@ func TestContainerListNamesMultipleTime(t *testing.T) {
 // Test for GitHub issue docker/docker#30291
 func TestContainerListFormatTemplateWithArg(t *testing.T) {
 	cli := test.NewFakeCli(&fakeClient{
-		containerListFunc: func(_ container.ListOptions) ([]types.Container, error) {
+		containerListFunc: func(_ types.ContainerListOptions) ([]types.Container, error) {
 			return []types.Container{
-				*builders.Container("c1", builders.WithLabel("some.label", "value")),
-				*builders.Container("c2", builders.WithName("foo/bar"), builders.WithLabel("foo", "bar")),
+				*Container("c1", WithLabel("some.label", "value")),
+				*Container("c2", WithName("foo/bar"), WithLabel("foo", "bar")),
 			}, nil
 		},
 	})
 	cmd := newListCommand(cli)
-	assert.Check(t, cmd.Flags().Set("format", `{{.Names}} {{.Label "some.label"}}`))
+	cmd.Flags().Set("format", `{{.Names}} {{.Label "some.label"}}`)
 	assert.NilError(t, cmd.Execute())
 	golden.Assert(t, cli.OutBuffer().String(), "container-list-format-with-arg.golden")
 }
@ -269,15 +268,15 @@ func TestContainerListFormatSizeSetsOption(t *testing.T) {
 		tc := tc
 		t.Run(tc.doc, func(t *testing.T) {
 			cli := test.NewFakeCli(&fakeClient{
-				containerListFunc: func(options container.ListOptions) ([]types.Container, error) {
+				containerListFunc: func(options types.ContainerListOptions) ([]types.Container, error) {
 					assert.Check(t, is.Equal(options.Size, tc.sizeExpected))
 					return []types.Container{}, nil
 				},
 			})
 			cmd := newListCommand(cli)
-			assert.Check(t, cmd.Flags().Set("format", tc.format))
+			cmd.Flags().Set("format", tc.format)
 			if tc.sizeFlag != "" {
-				assert.Check(t, cmd.Flags().Set("size", tc.sizeFlag))
+				cmd.Flags().Set("size", tc.sizeFlag)
 			}
 			assert.NilError(t, cmd.Execute())
 		})
@ -286,10 +285,10 @@ func TestContainerListFormatSizeSetsOption(t *testing.T) {

 func TestContainerListWithConfigFormat(t *testing.T) {
 	cli := test.NewFakeCli(&fakeClient{
-		containerListFunc: func(_ container.ListOptions) ([]types.Container, error) {
+		containerListFunc: func(_ types.ContainerListOptions) ([]types.Container, error) {
 			return []types.Container{
-				*builders.Container("c1", builders.WithLabel("some.label", "value"), builders.WithSize(10700000)),
-				*builders.Container("c2", builders.WithName("foo/bar"), builders.WithLabel("foo", "bar"), builders.WithSize(3200000)),
+				*Container("c1", WithLabel("some.label", "value"), WithSize(10700000)),
+				*Container("c2", WithName("foo/bar"), WithLabel("foo", "bar"), WithSize(3200000)),
 			}, nil
 		},
 	})
@ -303,29 +302,15 @@ func TestContainerListWithConfigFormat(t *testing.T) {

 func TestContainerListWithFormat(t *testing.T) {
 	cli := test.NewFakeCli(&fakeClient{
-		containerListFunc: func(_ container.ListOptions) ([]types.Container, error) {
+		containerListFunc: func(_ types.ContainerListOptions) ([]types.Container, error) {
 			return []types.Container{
-				*builders.Container("c1", builders.WithLabel("some.label", "value")),
-				*builders.Container("c2", builders.WithName("foo/bar"), builders.WithLabel("foo", "bar")),
+				*Container("c1", WithLabel("some.label", "value")),
+				*Container("c2", WithName("foo/bar"), WithLabel("foo", "bar")),
 			}, nil
 		},
 	})
-
-	t.Run("with format", func(t *testing.T) {
-		cli.OutBuffer().Reset()
-		cmd := newListCommand(cli)
-		assert.Check(t, cmd.Flags().Set("format", "{{ .Names }} {{ .Image }} {{ .Labels }}"))
-		assert.NilError(t, cmd.Execute())
-		golden.Assert(t, cli.OutBuffer().String(), "container-list-with-format.golden")
-	})
-
-	t.Run("with format and quiet", func(t *testing.T) {
-		cli.OutBuffer().Reset()
-		cmd := newListCommand(cli)
-		assert.Check(t, cmd.Flags().Set("format", "{{ .Names }} {{ .Image }} {{ .Labels }}"))
-		assert.Check(t, cmd.Flags().Set("quiet", "true"))
-		assert.NilError(t, cmd.Execute())
-		assert.Equal(t, cli.ErrBuffer().String(), "WARNING: Ignoring custom format, because both --format and --quiet are set.\n")
-		golden.Assert(t, cli.OutBuffer().String(), "container-list-quiet.golden")
-	})
+	cmd := newListCommand(cli)
+	cmd.Flags().Set("format", "{{ .Names }} {{ .Image }} {{ .Labels }}")
+	assert.NilError(t, cmd.Execute())
+	golden.Assert(t, cli.OutBuffer().String(), "container-list-with-format.golden")
 }
--- a/cli/command/container/logs.go
+++ b/cli/command/container/logs.go
@ -7,7 +7,7 @@ import (
 	"github.com/docker/cli/cli"
 	"github.com/docker/cli/cli/command"
 	"github.com/docker/cli/cli/command/completion"
-	"github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/pkg/stdcopy"
 	"github.com/spf13/cobra"
 )
@ -33,7 +33,7 @@ func NewLogsCommand(dockerCli command.Cli) *cobra.Command {
 		Args:  cli.ExactArgs(1),
 		RunE: func(cmd *cobra.Command, args []string) error {
 			opts.container = args[0]
-			return runLogs(cmd.Context(), dockerCli, &opts)
+			return runLogs(dockerCli, &opts)
 		},
 		Annotations: map[string]string{
 			"aliases": "docker container logs, docker logs",
@ -52,13 +52,15 @@ func NewLogsCommand(dockerCli command.Cli) *cobra.Command {
 	return cmd
 }

-func runLogs(ctx context.Context, dockerCli command.Cli, opts *logsOptions) error {
+func runLogs(dockerCli command.Cli, opts *logsOptions) error {
+	ctx := context.Background()
+
 	c, err := dockerCli.Client().ContainerInspect(ctx, opts.container)
 	if err != nil {
 		return err
 	}

-	responseBody, err := dockerCli.Client().ContainerLogs(ctx, c.ID, container.LogsOptions{
+	options := types.ContainerLogsOptions{
 		ShowStdout: true,
 		ShowStderr: true,
 		Since:      opts.since,
@ -67,7 +69,8 @@ func runLogs(ctx context.Context, dockerCli command.Cli, opts *logsOptions) erro
 		Follow:     opts.follow,
 		Tail:       opts.tail,
 		Details:    opts.details,
-	})
+	}
+	responseBody, err := dockerCli.Client().ContainerLogs(ctx, c.ID, options)
 	if err != nil {
 		return err
 	}
--- a/cli/command/container/logs_test.go
+++ b/cli/command/container/logs_test.go
@ -1,7 +1,6 @@
 package container

 import (
-	"context"
 	"io"
 	"strings"
 	"testing"
@ -13,8 +12,8 @@ import (
 	is "gotest.tools/v3/assert/cmp"
 )

-var logFn = func(expectedOut string) func(string, container.LogsOptions) (io.ReadCloser, error) {
-	return func(container string, opts container.LogsOptions) (io.ReadCloser, error) {
+var logFn = func(expectedOut string) func(string, types.ContainerLogsOptions) (io.ReadCloser, error) {
+	return func(container string, opts types.ContainerLogsOptions) (io.ReadCloser, error) {
 		return io.NopCloser(strings.NewReader(expectedOut)), nil
 	}
 }
@ -30,7 +29,7 @@ func TestRunLogs(t *testing.T) {
 	testcases := []struct {
 		doc           string
 		options       *logsOptions
-		client        *fakeClient
+		client        fakeClient
 		expectedError string
 		expectedOut   string
 		expectedErr   string
@ -39,19 +38,21 @@ func TestRunLogs(t *testing.T) {
 			doc:         "successful logs",
 			expectedOut: "foo",
 			options:     &logsOptions{},
-			client:      &fakeClient{logFunc: logFn("foo"), inspectFunc: inspectFn},
+			client:      fakeClient{logFunc: logFn("foo"), inspectFunc: inspectFn},
 		},
 	}

 	for _, testcase := range testcases {
 		t.Run(testcase.doc, func(t *testing.T) {
-			cli := test.NewFakeCli(testcase.client)
+			cli := test.NewFakeCli(&testcase.client)

-			err := runLogs(context.TODO(), cli, testcase.options)
+			err := runLogs(cli, testcase.options)
 			if testcase.expectedError != "" {
 				assert.ErrorContains(t, err, testcase.expectedError)
-			} else if !assert.Check(t, err) {
-				return
+			} else {
+				if !assert.Check(t, err) {
+					return
+				}
 			}
 			assert.Check(t, is.Equal(testcase.expectedOut, cli.OutBuffer().String()))
 			assert.Check(t, is.Equal(testcase.expectedErr, cli.ErrBuffer().String()))
--- a/cli/command/container/opts.go
+++ b/cli/command/container/opts.go
@ -13,133 +13,116 @@ import (
 	"strings"
 	"time"

-	"github.com/docker/cli/cli/command"
 	"github.com/docker/cli/cli/compose/loader"
 	"github.com/docker/cli/opts"
 	"github.com/docker/docker/api/types/container"
 	mounttypes "github.com/docker/docker/api/types/mount"
 	networktypes "github.com/docker/docker/api/types/network"
 	"github.com/docker/docker/api/types/strslice"
+	"github.com/docker/docker/api/types/versions"
 	"github.com/docker/docker/errdefs"
 	"github.com/docker/go-connections/nat"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 	"github.com/spf13/pflag"
-	cdi "tags.cncf.io/container-device-interface/pkg/parser"
-)
-
-const (
-	// TODO(thaJeztah): define these in the API-types, or query available defaults
-	//  from the daemon, or require "local" profiles to be an absolute path or
-	//  relative paths starting with "./". The daemon-config has consts for this
-	//  but we don't want to import that package:
-	//  https://github.com/moby/moby/blob/v23.0.0/daemon/config/config.go#L63-L67
-
-	// seccompProfileDefault is the built-in default seccomp profile.
-	seccompProfileDefault = "builtin"
-	// seccompProfileUnconfined is a special profile name for seccomp to use an
-	// "unconfined" seccomp profile.
-	seccompProfileUnconfined = "unconfined"
 )

 var deviceCgroupRuleRegexp = regexp.MustCompile(`^[acb] ([0-9]+|\*):([0-9]+|\*) [rwm]{1,3}$`)

 // containerOptions is a data object with all the options for creating a container
 type containerOptions struct {
-	attach              opts.ListOpts
-	volumes             opts.ListOpts
-	tmpfs               opts.ListOpts
-	mounts              opts.MountOpt
-	blkioWeightDevice   opts.WeightdeviceOpt
-	deviceReadBps       opts.ThrottledeviceOpt
-	deviceWriteBps      opts.ThrottledeviceOpt
-	links               opts.ListOpts
-	aliases             opts.ListOpts
-	linkLocalIPs        opts.ListOpts
-	deviceReadIOps      opts.ThrottledeviceOpt
-	deviceWriteIOps     opts.ThrottledeviceOpt
-	env                 opts.ListOpts
-	labels              opts.ListOpts
-	deviceCgroupRules   opts.ListOpts
-	devices             opts.ListOpts
-	gpus                opts.GpuOpts
-	ulimits             *opts.UlimitOpt
-	sysctls             *opts.MapOpts
-	publish             opts.ListOpts
-	expose              opts.ListOpts
-	dns                 opts.ListOpts
-	dnsSearch           opts.ListOpts
-	dnsOptions          opts.ListOpts
-	extraHosts          opts.ListOpts
-	volumesFrom         opts.ListOpts
-	envFile             opts.ListOpts
-	capAdd              opts.ListOpts
-	capDrop             opts.ListOpts
-	groupAdd            opts.ListOpts
-	securityOpt         opts.ListOpts
-	storageOpt          opts.ListOpts
-	labelsFile          opts.ListOpts
-	loggingOpts         opts.ListOpts
-	privileged          bool
-	pidMode             string
-	utsMode             string
-	usernsMode          string
-	cgroupnsMode        string
-	publishAll          bool
-	stdin               bool
-	tty                 bool
-	oomKillDisable      bool
-	oomScoreAdj         int
-	containerIDFile     string
-	entrypoint          string
-	hostname            string
-	domainname          string
-	memory              opts.MemBytes
-	memoryReservation   opts.MemBytes
-	memorySwap          opts.MemSwapBytes
-	kernelMemory        opts.MemBytes
-	user                string
-	workingDir          string
-	cpuCount            int64
-	cpuShares           int64
-	cpuPercent          int64
-	cpuPeriod           int64
-	cpuRealtimePeriod   int64
-	cpuRealtimeRuntime  int64
-	cpuQuota            int64
-	cpus                opts.NanoCPUs
-	cpusetCpus          string
-	cpusetMems          string
-	blkioWeight         uint16
-	ioMaxBandwidth      opts.MemBytes
-	ioMaxIOps           uint64
-	swappiness          int64
-	netMode             opts.NetworkOpt
-	macAddress          string
-	ipv4Address         string
-	ipv6Address         string
-	ipcMode             string
-	pidsLimit           int64
-	restartPolicy       string
-	readonlyRootfs      bool
-	loggingDriver       string
-	cgroupParent        string
-	volumeDriver        string
-	stopSignal          string
-	stopTimeout         int
-	isolation           string
-	shmSize             opts.MemBytes
-	noHealthcheck       bool
-	healthCmd           string
-	healthInterval      time.Duration
-	healthTimeout       time.Duration
-	healthStartPeriod   time.Duration
-	healthStartInterval time.Duration
-	healthRetries       int
-	runtime             string
-	autoRemove          bool
-	init                bool
-	annotations         *opts.MapOpts
+	attach             opts.ListOpts
+	volumes            opts.ListOpts
+	tmpfs              opts.ListOpts
+	mounts             opts.MountOpt
+	blkioWeightDevice  opts.WeightdeviceOpt
+	deviceReadBps      opts.ThrottledeviceOpt
+	deviceWriteBps     opts.ThrottledeviceOpt
+	links              opts.ListOpts
+	aliases            opts.ListOpts
+	linkLocalIPs       opts.ListOpts
+	deviceReadIOps     opts.ThrottledeviceOpt
+	deviceWriteIOps    opts.ThrottledeviceOpt
+	env                opts.ListOpts
+	labels             opts.ListOpts
+	deviceCgroupRules  opts.ListOpts
+	devices            opts.ListOpts
+	gpus               opts.GpuOpts
+	ulimits            *opts.UlimitOpt
+	sysctls            *opts.MapOpts
+	publish            opts.ListOpts
+	expose             opts.ListOpts
+	dns                opts.ListOpts
+	dnsSearch          opts.ListOpts
+	dnsOptions         opts.ListOpts
+	extraHosts         opts.ListOpts
+	volumesFrom        opts.ListOpts
+	envFile            opts.ListOpts
+	capAdd             opts.ListOpts
+	capDrop            opts.ListOpts
+	groupAdd           opts.ListOpts
+	securityOpt        opts.ListOpts
+	storageOpt         opts.ListOpts
+	labelsFile         opts.ListOpts
+	loggingOpts        opts.ListOpts
+	privileged         bool
+	pidMode            string
+	utsMode            string
+	usernsMode         string
+	cgroupnsMode       string
+	publishAll         bool
+	stdin              bool
+	tty                bool
+	oomKillDisable     bool
+	oomScoreAdj        int
+	containerIDFile    string
+	entrypoint         string
+	hostname           string
+	domainname         string
+	memory             opts.MemBytes
+	memoryReservation  opts.MemBytes
+	memorySwap         opts.MemSwapBytes
+	kernelMemory       opts.MemBytes
+	user               string
+	workingDir         string
+	cpuCount           int64
+	cpuShares          int64
+	cpuPercent         int64
+	cpuPeriod          int64
+	cpuRealtimePeriod  int64
+	cpuRealtimeRuntime int64
+	cpuQuota           int64
+	cpus               opts.NanoCPUs
+	cpusetCpus         string
+	cpusetMems         string
+	blkioWeight        uint16
+	ioMaxBandwidth     opts.MemBytes
+	ioMaxIOps          uint64
+	swappiness         int64
+	netMode            opts.NetworkOpt
+	macAddress         string
+	ipv4Address        string
+	ipv6Address        string
+	ipcMode            string
+	pidsLimit          int64
+	restartPolicy      string
+	readonlyRootfs     bool
+	loggingDriver      string
+	cgroupParent       string
+	volumeDriver       string
+	stopSignal         string
+	stopTimeout        int
+	isolation          string
+	shmSize            opts.MemBytes
+	noHealthcheck      bool
+	healthCmd          string
+	healthInterval     time.Duration
+	healthTimeout      time.Duration
+	healthStartPeriod  time.Duration
+	healthRetries      int
+	runtime            string
+	autoRemove         bool
+	init               bool

 	Image string
 	Args  []string
@ -180,7 +163,6 @@ func addFlags(flags *pflag.FlagSet) *containerOptions {
 		ulimits:           opts.NewUlimitOpt(nil),
 		volumes:           opts.NewListOpts(nil),
 		volumesFrom:       opts.NewListOpts(nil),
-		annotations:       opts.NewMapOpts(nil, nil),
 	}

 	// General purpose flags
@ -199,7 +181,7 @@ func addFlags(flags *pflag.FlagSet) *containerOptions {
 	flags.VarP(&copts.labels, "label", "l", "Set meta data on a container")
 	flags.Var(&copts.labelsFile, "label-file", "Read in a line delimited file of labels")
 	flags.BoolVar(&copts.readonlyRootfs, "read-only", false, "Mount the container's root filesystem as read only")
-	flags.StringVar(&copts.restartPolicy, "restart", string(container.RestartPolicyDisabled), "Restart policy to apply when a container exits")
+	flags.StringVar(&copts.restartPolicy, "restart", "no", "Restart policy to apply when a container exits")
 	flags.StringVar(&copts.stopSignal, "stop-signal", "", "Signal to stop the container")
 	flags.IntVar(&copts.stopTimeout, "stop-timeout", 0, "Timeout (in seconds) to stop a container")
 	flags.SetAnnotation("stop-timeout", "version", []string{"1.25"})
@ -208,7 +190,7 @@ func addFlags(flags *pflag.FlagSet) *containerOptions {
 	flags.Var(copts.ulimits, "ulimit", "Ulimit options")
 	flags.StringVarP(&copts.user, "user", "u", "", "Username or UID (format: <name|uid>[:<group|gid>])")
 	flags.StringVarP(&copts.workingDir, "workdir", "w", "", "Working directory inside the container")
-	flags.BoolVar(&copts.autoRemove, "rm", false, "Automatically remove the container and its associated anonymous volumes when it exits")
+	flags.BoolVar(&copts.autoRemove, "rm", false, "Automatically remove the container when it exits")

 	// Security
 	flags.Var(&copts.capAdd, "cap-add", "Add Linux capabilities")
@ -266,8 +248,6 @@ func addFlags(flags *pflag.FlagSet) *containerOptions {
 	flags.DurationVar(&copts.healthTimeout, "health-timeout", 0, "Maximum time to allow one check to run (ms|s|m|h) (default 0s)")
 	flags.DurationVar(&copts.healthStartPeriod, "health-start-period", 0, "Start period for the container to initialize before starting health-retries countdown (ms|s|m|h) (default 0s)")
 	flags.SetAnnotation("health-start-period", "version", []string{"1.29"})
-	flags.DurationVar(&copts.healthStartInterval, "health-start-interval", 0, "Time between running the check during the start period (ms|s|m|h) (default 0s)")
-	flags.SetAnnotation("health-start-interval", "version", []string{"1.44"})
 	flags.BoolVar(&copts.noHealthcheck, "no-healthcheck", false, "Disable any container-specified HEALTHCHECK")

 	// Resource management
@ -317,10 +297,6 @@ func addFlags(flags *pflag.FlagSet) *containerOptions {

 	flags.BoolVar(&copts.init, "init", false, "Run an init inside the container that forwards signals and reaps processes")
 	flags.SetAnnotation("init", "version", []string{"1.25"})
-
-	flags.Var(copts.annotations, "annotation", "Add an annotation to the container (passed through to the OCI runtime)")
-	flags.SetAnnotation("annotation", "version", []string{"1.43"})
-
 	return copts
 }

@ -372,10 +348,7 @@ func parse(flags *pflag.FlagSet, copts *containerOptions, serverOS string) (*con
 	volumes := copts.volumes.GetMap()
 	// add any bind targets to the list of container volumes
 	for bind := range copts.volumes.GetMap() {
-		parsed, err := loader.ParseVolume(bind)
-		if err != nil {
-			return nil, err
-		}
+		parsed, _ := loader.ParseVolume(bind)

 		if parsed.Source != "" {
 			toBind := bind
@ -470,17 +443,12 @@ func parse(flags *pflag.FlagSet, copts *containerOptions, serverOS string) (*con
 	// parsing flags, we haven't yet sent a _ping to the daemon to determine
 	// what operating system it is.
 	deviceMappings := []container.DeviceMapping{}
-	var cdiDeviceNames []string
 	for _, device := range copts.devices.GetAll() {
 		var (
 			validated     string
 			deviceMapping container.DeviceMapping
 			err           error
 		)
-		if cdi.IsQualifiedName(device) {
-			cdiDeviceNames = append(cdiDeviceNames, device)
-			continue
-		}
 		validated, err = validateDevice(device, serverOS)
 		if err != nil {
 			return nil, err
@ -552,8 +520,7 @@ func parse(flags *pflag.FlagSet, copts *containerOptions, serverOS string) (*con
 		copts.healthInterval != 0 ||
 		copts.healthTimeout != 0 ||
 		copts.healthStartPeriod != 0 ||
-		copts.healthRetries != 0 ||
-		copts.healthStartInterval != 0
+		copts.healthRetries != 0
 	if copts.noHealthcheck {
 		if haveHealthSettings {
 			return nil, errors.Errorf("--no-healthcheck conflicts with --health-* options")
@ -574,31 +541,18 @@ func parse(flags *pflag.FlagSet, copts *containerOptions, serverOS string) (*con
 			return nil, errors.Errorf("--health-retries cannot be negative")
 		}
 		if copts.healthStartPeriod < 0 {
-			return nil, errors.New("--health-start-period cannot be negative")
-		}
-		if copts.healthStartInterval < 0 {
-			return nil, errors.New("--health-start-interval cannot be negative")
+			return nil, fmt.Errorf("--health-start-period cannot be negative")
 		}

 		healthConfig = &container.HealthConfig{
-			Test:          probe,
-			Interval:      copts.healthInterval,
-			Timeout:       copts.healthTimeout,
-			StartPeriod:   copts.healthStartPeriod,
-			StartInterval: copts.healthStartInterval,
-			Retries:       copts.healthRetries,
+			Test:        probe,
+			Interval:    copts.healthInterval,
+			Timeout:     copts.healthTimeout,
+			StartPeriod: copts.healthStartPeriod,
+			Retries:     copts.healthRetries,
 		}
 	}

-	deviceRequests := copts.gpus.Value()
-	if len(cdiDeviceNames) > 0 {
-		cdiDeviceRequest := container.DeviceRequest{
-			Driver:    "cdi",
-			DeviceIDs: cdiDeviceNames,
-		}
-		deviceRequests = append(deviceRequests, cdiDeviceRequest)
-	}
-
 	resources := container.Resources{
 		CgroupParent:         copts.cgroupParent,
 		Memory:               copts.memory.Value(),
@ -629,7 +583,7 @@ func parse(flags *pflag.FlagSet, copts *containerOptions, serverOS string) (*con
 		Ulimits:              copts.ulimits.GetList(),
 		DeviceCgroupRules:    copts.deviceCgroupRules.GetAll(),
 		Devices:              deviceMappings,
-		DeviceRequests:       deviceRequests,
+		DeviceRequests:       copts.gpus.Value(),
 	}

 	config := &container.Config{
@ -700,7 +654,6 @@ func parse(flags *pflag.FlagSet, copts *containerOptions, serverOS string) (*con
 		Mounts:         mounts,
 		MaskedPaths:    maskedPaths,
 		ReadonlyPaths:  readonlyPaths,
-		Annotations:    copts.annotations.GetAll(),
 	}

 	if copts.autoRemove && !hostConfig.RestartPolicy.IsNone() {
@ -726,12 +679,6 @@ func parse(flags *pflag.FlagSet, copts *containerOptions, serverOS string) (*con
 		return nil, err
 	}

-	// Put the endpoint-specific MacAddress of the "main" network attachment into the container Config for backward
-	// compatibility with older daemons.
-	if nw, ok := networkingConfig.EndpointsConfig[hostConfig.NetworkMode.NetworkName()]; ok {
-		config.MacAddress = nw.MacAddress //nolint:staticcheck // ignore SA1019: field is deprecated, but still used on API < v1.44.
-	}
-
 	return &containerConfig{
 		Config:           config,
 		HostConfig:       hostConfig,
@ -752,20 +699,6 @@ func parseNetworkOpts(copts *containerOptions) (map[string]*networktypes.Endpoin
 		hasUserDefined, hasNonUserDefined bool
 	)

-	if len(copts.netMode.Value()) == 0 {
-		n := opts.NetworkAttachmentOpts{
-			Target: "default",
-		}
-		if err := applyContainerOptions(&n, copts); err != nil {
-			return nil, err
-		}
-		ep, err := parseNetworkAttachmentOpt(n)
-		if err != nil {
-			return nil, err
-		}
-		endpoints["default"] = ep
-	}
-
 	for i, n := range copts.netMode.Value() {
 		n := n
 		if container.NetworkMode(n.Target).IsUserDefined() {
@ -807,7 +740,8 @@ func parseNetworkOpts(copts *containerOptions) (map[string]*networktypes.Endpoin
 	return endpoints, nil
 }

-func applyContainerOptions(n *opts.NetworkAttachmentOpts, copts *containerOptions) error { //nolint:gocyclo
+func applyContainerOptions(n *opts.NetworkAttachmentOpts, copts *containerOptions) error {
+	// TODO should copts.MacAddress actually be set on the first network? (currently it's not)
 	// TODO should we error if _any_ advanced option is used? (i.e. forbid to combine advanced notation with the "old" flags (`--network-alias`, `--link`, `--ip`, `--ip6`)?
 	if len(n.Aliases) > 0 && copts.aliases.Len() > 0 {
 		return errdefs.InvalidParameter(errors.New("conflicting options: cannot specify both --network-alias and per-network alias"))
@ -821,17 +755,11 @@ func applyContainerOptions(n *opts.NetworkAttachmentOpts, copts *containerOption
 	if n.IPv6Address != "" && copts.ipv6Address != "" {
 		return errdefs.InvalidParameter(errors.New("conflicting options: cannot specify both --ip6 and per-network IPv6 address"))
 	}
-	if n.MacAddress != "" && copts.macAddress != "" {
-		return errdefs.InvalidParameter(errors.New("conflicting options: cannot specify both --mac-address and per-network MAC address"))
-	}
-	if len(n.LinkLocalIPs) > 0 && copts.linkLocalIPs.Len() > 0 {
-		return errdefs.InvalidParameter(errors.New("conflicting options: cannot specify both --link-local-ip and per-network link-local IP addresses"))
-	}
 	if copts.aliases.Len() > 0 {
 		n.Aliases = make([]string, copts.aliases.Len())
 		copy(n.Aliases, copts.aliases.GetAll())
 	}
-	if n.Target != "default" && copts.links.Len() > 0 {
+	if copts.links.Len() > 0 {
 		n.Links = make([]string, copts.links.Len())
 		copy(n.Links, copts.links.GetAll())
 	}
@ -841,9 +769,8 @@ func applyContainerOptions(n *opts.NetworkAttachmentOpts, copts *containerOption
 	if copts.ipv6Address != "" {
 		n.IPv6Address = copts.ipv6Address
 	}
-	if copts.macAddress != "" {
-		n.MacAddress = copts.macAddress
-	}
+
+	// TODO should linkLocalIPs be added to the _first_ network only, or to _all_ networks? (should this be a per-network option as well?)
 	if copts.linkLocalIPs.Len() > 0 {
 		n.LinkLocalIPs = make([]string, copts.linkLocalIPs.Len())
 		copy(n.LinkLocalIPs, copts.linkLocalIPs.GetAll())
@ -880,12 +807,6 @@ func parseNetworkAttachmentOpt(ep opts.NetworkAttachmentOpts) (*networktypes.End
 			LinkLocalIPs: ep.LinkLocalIPs,
 		}
 	}
-	if ep.MacAddress != "" {
-		if _, err := opts.ValidateMACAddress(ep.MacAddress); err != nil {
-			return nil, errors.Errorf("%s is not a valid mac address", ep.MacAddress)
-		}
-		epConfig.MacAddress = ep.MacAddress
-	}
 	return epConfig, nil
 }

@ -928,23 +849,16 @@ func parseSecurityOpts(securityOpts []string) ([]string, error) {
 			// "no-new-privileges" is the only option that does not require a value.
 			return securityOpts, errors.Errorf("Invalid --security-opt: %q", opt)
 		}
-		if k == "seccomp" {
-			switch v {
-			case seccompProfileDefault, seccompProfileUnconfined:
-				// known special names for built-in profiles, nothing to do.
-			default:
-				// value may be a filename, in which case we send the profile's
-				// content if it's valid JSON.
-				f, err := os.ReadFile(v)
-				if err != nil {
-					return securityOpts, errors.Errorf("opening seccomp profile (%s) failed: %v", v, err)
-				}
-				b := bytes.NewBuffer(nil)
-				if err := json.Compact(b, f); err != nil {
-					return securityOpts, errors.Errorf("compacting json for seccomp profile (%s) failed: %v", v, err)
-				}
-				securityOpts[key] = fmt.Sprintf("seccomp=%s", b.Bytes())
+		if k == "seccomp" && v != "unconfined" {
+			f, err := os.ReadFile(v)
+			if err != nil {
+				return securityOpts, errors.Errorf("opening seccomp profile (%s) failed: %v", v, err)
 			}
+			b := bytes.NewBuffer(nil)
+			if err := json.Compact(b, f); err != nil {
+				return securityOpts, errors.Errorf("compacting json for seccomp profile (%s) failed: %v", v, err)
+			}
+			securityOpts[key] = fmt.Sprintf("seccomp=%s", b.Bytes())
 		}
 	}

@ -1140,8 +1054,8 @@ func validateAttach(val string) (string, error) {

 func validateAPIVersion(c *containerConfig, serverAPIVersion string) error {
 	for _, m := range c.HostConfig.Mounts {
-		if err := command.ValidateMountWithAPIVersion(m, serverAPIVersion); err != nil {
-			return err
+		if m.BindOptions != nil && m.BindOptions.NonRecursive && versions.LessThan(serverAPIVersion, "1.40") {
+			return errors.Errorf("bind-nonrecursive requires API v1.40 or later")
 		}
 	}
 	return nil
--- a/cli/command/container/opts_test.go
+++ b/cli/command/container/opts_test.go
@ -49,11 +49,11 @@ func parseRun(args []string) (*container.Config, *container.HostConfig, *network
 		return nil, nil, nil, err
 	}
 	// TODO: fix tests to accept ContainerConfig
-	containerCfg, err := parse(flags, copts, runtime.GOOS)
+	containerConfig, err := parse(flags, copts, runtime.GOOS)
 	if err != nil {
 		return nil, nil, nil, err
 	}
-	return containerCfg.Config, containerCfg.HostConfig, containerCfg.NetworkingConfig, err
+	return containerConfig.Config, containerConfig.HostConfig, containerConfig.NetworkingConfig, err
 }

 func setupRunFlags() (*pflag.FlagSet, *containerOptions) {
@ -64,21 +64,21 @@ func setupRunFlags() (*pflag.FlagSet, *containerOptions) {
 	return flags, copts
 }

-func mustParse(t *testing.T, args string) (*container.Config, *container.HostConfig, *networktypes.NetworkingConfig) {
+func mustParse(t *testing.T, args string) (*container.Config, *container.HostConfig) {
 	t.Helper()
-	config, hostConfig, nwConfig, err := parseRun(append(strings.Split(args, " "), "ubuntu", "bash"))
+	config, hostConfig, _, err := parseRun(append(strings.Split(args, " "), "ubuntu", "bash"))
 	assert.NilError(t, err)
-	return config, hostConfig, nwConfig
+	return config, hostConfig
 }

 func TestParseRunLinks(t *testing.T) {
-	if _, hostConfig, _ := mustParse(t, "--link a:b"); len(hostConfig.Links) == 0 || hostConfig.Links[0] != "a:b" {
+	if _, hostConfig := mustParse(t, "--link a:b"); len(hostConfig.Links) == 0 || hostConfig.Links[0] != "a:b" {
 		t.Fatalf("Error parsing links. Expected []string{\"a:b\"}, received: %v", hostConfig.Links)
 	}
-	if _, hostConfig, _ := mustParse(t, "--link a:b --link c:d"); len(hostConfig.Links) < 2 || hostConfig.Links[0] != "a:b" || hostConfig.Links[1] != "c:d" {
+	if _, hostConfig := mustParse(t, "--link a:b --link c:d"); len(hostConfig.Links) < 2 || hostConfig.Links[0] != "a:b" || hostConfig.Links[1] != "c:d" {
 		t.Fatalf("Error parsing links. Expected []string{\"a:b\", \"c:d\"}, received: %v", hostConfig.Links)
 	}
-	if _, hostConfig, _ := mustParse(t, ""); len(hostConfig.Links) != 0 {
+	if _, hostConfig := mustParse(t, ""); len(hostConfig.Links) != 0 {
 		t.Fatalf("Error parsing links. No link expected, received: %v", hostConfig.Links)
 	}
 }
@ -128,7 +128,7 @@ func TestParseRunAttach(t *testing.T) {
 	for _, tc := range tests {
 		tc := tc
 		t.Run(tc.input, func(t *testing.T) {
-			config, _, _ := mustParse(t, tc.input)
+			config, _ := mustParse(t, tc.input)
 			assert.Equal(t, config.AttachStdin, tc.expected.AttachStdin)
 			assert.Equal(t, config.AttachStdout, tc.expected.AttachStdout)
 			assert.Equal(t, config.AttachStderr, tc.expected.AttachStderr)
@ -186,7 +186,7 @@ func TestParseRunWithInvalidArgs(t *testing.T) {
 func TestParseWithVolumes(t *testing.T) {
 	// A single volume
 	arr, tryit := setupPlatformVolume([]string{`/tmp`}, []string{`c:\tmp`})
-	if config, hostConfig, _ := mustParse(t, tryit); hostConfig.Binds != nil {
+	if config, hostConfig := mustParse(t, tryit); hostConfig.Binds != nil {
 		t.Fatalf("Error parsing volume flags, %q should not mount-bind anything. Received %v", tryit, hostConfig.Binds)
 	} else if _, exists := config.Volumes[arr[0]]; !exists {
 		t.Fatalf("Error parsing volume flags, %q is missing from volumes. Received %v", tryit, config.Volumes)
@ -194,23 +194,23 @@ func TestParseWithVolumes(t *testing.T) {

 	// Two volumes
 	arr, tryit = setupPlatformVolume([]string{`/tmp`, `/var`}, []string{`c:\tmp`, `c:\var`})
-	if config, hostConfig, _ := mustParse(t, tryit); hostConfig.Binds != nil {
+	if config, hostConfig := mustParse(t, tryit); hostConfig.Binds != nil {
 		t.Fatalf("Error parsing volume flags, %q should not mount-bind anything. Received %v", tryit, hostConfig.Binds)
 	} else if _, exists := config.Volumes[arr[0]]; !exists {
 		t.Fatalf("Error parsing volume flags, %s is missing from volumes. Received %v", arr[0], config.Volumes)
-	} else if _, exists := config.Volumes[arr[1]]; !exists { //nolint:govet // ignore shadow-check
+	} else if _, exists := config.Volumes[arr[1]]; !exists {
 		t.Fatalf("Error parsing volume flags, %s is missing from volumes. Received %v", arr[1], config.Volumes)
 	}

 	// A single bind mount
 	arr, tryit = setupPlatformVolume([]string{`/hostTmp:/containerTmp`}, []string{os.Getenv("TEMP") + `:c:\containerTmp`})
-	if config, hostConfig, _ := mustParse(t, tryit); hostConfig.Binds == nil || hostConfig.Binds[0] != arr[0] {
+	if config, hostConfig := mustParse(t, tryit); hostConfig.Binds == nil || hostConfig.Binds[0] != arr[0] {
 		t.Fatalf("Error parsing volume flags, %q should mount-bind the path before the colon into the path after the colon. Received %v %v", arr[0], hostConfig.Binds, config.Volumes)
 	}

 	// Two bind mounts.
 	arr, tryit = setupPlatformVolume([]string{`/hostTmp:/containerTmp`, `/hostVar:/containerVar`}, []string{os.Getenv("ProgramData") + `:c:\ContainerPD`, os.Getenv("TEMP") + `:c:\containerTmp`})
-	if _, hostConfig, _ := mustParse(t, tryit); hostConfig.Binds == nil || compareRandomizedStrings(hostConfig.Binds[0], hostConfig.Binds[1], arr[0], arr[1]) != nil {
+	if _, hostConfig := mustParse(t, tryit); hostConfig.Binds == nil || compareRandomizedStrings(hostConfig.Binds[0], hostConfig.Binds[1], arr[0], arr[1]) != nil {
 		t.Fatalf("Error parsing volume flags, `%s and %s` did not mount-bind correctly. Received %v", arr[0], arr[1], hostConfig.Binds)
 	}

@ -219,26 +219,26 @@ func TestParseWithVolumes(t *testing.T) {
 	arr, tryit = setupPlatformVolume(
 		[]string{`/hostTmp:/containerTmp:ro`, `/hostVar:/containerVar:rw`},
 		[]string{os.Getenv("TEMP") + `:c:\containerTmp:rw`, os.Getenv("ProgramData") + `:c:\ContainerPD:rw`})
-	if _, hostConfig, _ := mustParse(t, tryit); hostConfig.Binds == nil || compareRandomizedStrings(hostConfig.Binds[0], hostConfig.Binds[1], arr[0], arr[1]) != nil {
+	if _, hostConfig := mustParse(t, tryit); hostConfig.Binds == nil || compareRandomizedStrings(hostConfig.Binds[0], hostConfig.Binds[1], arr[0], arr[1]) != nil {
 		t.Fatalf("Error parsing volume flags, `%s and %s` did not mount-bind correctly. Received %v", arr[0], arr[1], hostConfig.Binds)
 	}

 	// Similar to previous test but with alternate modes which are only supported by Linux
 	if runtime.GOOS != "windows" {
 		arr, tryit = setupPlatformVolume([]string{`/hostTmp:/containerTmp:ro,Z`, `/hostVar:/containerVar:rw,Z`}, []string{})
-		if _, hostConfig, _ := mustParse(t, tryit); hostConfig.Binds == nil || compareRandomizedStrings(hostConfig.Binds[0], hostConfig.Binds[1], arr[0], arr[1]) != nil {
+		if _, hostConfig := mustParse(t, tryit); hostConfig.Binds == nil || compareRandomizedStrings(hostConfig.Binds[0], hostConfig.Binds[1], arr[0], arr[1]) != nil {
 			t.Fatalf("Error parsing volume flags, `%s and %s` did not mount-bind correctly. Received %v", arr[0], arr[1], hostConfig.Binds)
 		}

 		arr, tryit = setupPlatformVolume([]string{`/hostTmp:/containerTmp:Z`, `/hostVar:/containerVar:z`}, []string{})
-		if _, hostConfig, _ := mustParse(t, tryit); hostConfig.Binds == nil || compareRandomizedStrings(hostConfig.Binds[0], hostConfig.Binds[1], arr[0], arr[1]) != nil {
+		if _, hostConfig := mustParse(t, tryit); hostConfig.Binds == nil || compareRandomizedStrings(hostConfig.Binds[0], hostConfig.Binds[1], arr[0], arr[1]) != nil {
 			t.Fatalf("Error parsing volume flags, `%s and %s` did not mount-bind correctly. Received %v", arr[0], arr[1], hostConfig.Binds)
 		}
 	}

 	// One bind mount and one volume
 	arr, tryit = setupPlatformVolume([]string{`/hostTmp:/containerTmp`, `/containerVar`}, []string{os.Getenv("TEMP") + `:c:\containerTmp`, `c:\containerTmp`})
-	if config, hostConfig, _ := mustParse(t, tryit); hostConfig.Binds == nil || len(hostConfig.Binds) > 1 || hostConfig.Binds[0] != arr[0] {
+	if config, hostConfig := mustParse(t, tryit); hostConfig.Binds == nil || len(hostConfig.Binds) > 1 || hostConfig.Binds[0] != arr[0] {
 		t.Fatalf("Error parsing volume flags, %s and %s should only one and only one bind mount %s. Received %s", arr[0], arr[1], arr[0], hostConfig.Binds)
 	} else if _, exists := config.Volumes[arr[1]]; !exists {
 		t.Fatalf("Error parsing volume flags %s and %s. %s is missing from volumes. Received %v", arr[0], arr[1], arr[1], config.Volumes)
@ -247,7 +247,7 @@ func TestParseWithVolumes(t *testing.T) {
 	// Root to non-c: drive letter (Windows specific)
 	if runtime.GOOS == "windows" {
 		arr, tryit = setupPlatformVolume([]string{}, []string{os.Getenv("SystemDrive") + `\:d:`})
-		if config, hostConfig, _ := mustParse(t, tryit); hostConfig.Binds == nil || len(hostConfig.Binds) > 1 || hostConfig.Binds[0] != arr[0] || len(config.Volumes) != 0 {
+		if config, hostConfig := mustParse(t, tryit); hostConfig.Binds == nil || len(hostConfig.Binds) > 1 || hostConfig.Binds[0] != arr[0] || len(config.Volumes) != 0 {
 			t.Fatalf("Error parsing %s. Should have a single bind mount and no volumes", arr[0])
 		}
 	}
@ -290,14 +290,8 @@ func TestParseWithMacAddress(t *testing.T) {
 	if _, _, _, err := parseRun([]string{invalidMacAddress, "img", "cmd"}); err != nil && err.Error() != "invalidMacAddress is not a valid mac address" {
 		t.Fatalf("Expected an error with %v mac-address, got %v", invalidMacAddress, err)
 	}
-	config, hostConfig, nwConfig := mustParse(t, validMacAddress)
-	if config.MacAddress != "92:d0:c6:0a:29:33" { //nolint:staticcheck // ignore SA1019: field is deprecated, but still used on API < v1.44.
-		t.Fatalf("Expected the config to have '92:d0:c6:0a:29:33' as container-wide MacAddress, got '%v'",
-			config.MacAddress) //nolint:staticcheck // ignore SA1019: field is deprecated, but still used on API < v1.44.
-	}
-	defaultNw := hostConfig.NetworkMode.NetworkName()
-	if nwConfig.EndpointsConfig[defaultNw].MacAddress != "92:d0:c6:0a:29:33" {
-		t.Fatalf("Expected the default endpoint to have the MacAddress '92:d0:c6:0a:29:33' set, got '%v'", nwConfig.EndpointsConfig[defaultNw].MacAddress)
+	if config, _ := mustParse(t, validMacAddress); config.MacAddress != "92:d0:c6:0a:29:33" {
+		t.Fatalf("Expected the config to have '92:d0:c6:0a:29:33' as MacAddress, got '%v'", config.MacAddress)
 	}
 }

@ -307,7 +301,7 @@ func TestRunFlagsParseWithMemory(t *testing.T) {
 	err := flags.Parse(args)
 	assert.ErrorContains(t, err, `invalid argument "invalid" for "-m, --memory" flag`)

-	_, hostconfig, _ := mustParse(t, "--memory=1G")
+	_, hostconfig := mustParse(t, "--memory=1G")
 	assert.Check(t, is.Equal(int64(1073741824), hostconfig.Memory))
 }

@ -317,10 +311,10 @@ func TestParseWithMemorySwap(t *testing.T) {
 	err := flags.Parse(args)
 	assert.ErrorContains(t, err, `invalid argument "invalid" for "--memory-swap" flag`)

-	_, hostconfig, _ := mustParse(t, "--memory-swap=1G")
+	_, hostconfig := mustParse(t, "--memory-swap=1G")
 	assert.Check(t, is.Equal(int64(1073741824), hostconfig.MemorySwap))

-	_, hostconfig, _ = mustParse(t, "--memory-swap=-1")
+	_, hostconfig = mustParse(t, "--memory-swap=-1")
 	assert.Check(t, is.Equal(int64(-1), hostconfig.MemorySwap))
 }

@ -335,14 +329,14 @@ func TestParseHostname(t *testing.T) {
 	hostnameWithDomain := "--hostname=hostname.domainname"
 	hostnameWithDomainTld := "--hostname=hostname.domainname.tld"
 	for hostname, expectedHostname := range validHostnames {
-		if config, _, _ := mustParse(t, "--hostname="+hostname); config.Hostname != expectedHostname {
+		if config, _ := mustParse(t, fmt.Sprintf("--hostname=%s", hostname)); config.Hostname != expectedHostname {
 			t.Fatalf("Expected the config to have 'hostname' as %q, got %q", expectedHostname, config.Hostname)
 		}
 	}
-	if config, _, _ := mustParse(t, hostnameWithDomain); config.Hostname != "hostname.domainname" || config.Domainname != "" {
+	if config, _ := mustParse(t, hostnameWithDomain); config.Hostname != "hostname.domainname" || config.Domainname != "" {
 		t.Fatalf("Expected the config to have 'hostname' as hostname.domainname, got %q", config.Hostname)
 	}
-	if config, _, _ := mustParse(t, hostnameWithDomainTld); config.Hostname != "hostname.domainname.tld" || config.Domainname != "" {
+	if config, _ := mustParse(t, hostnameWithDomainTld); config.Hostname != "hostname.domainname.tld" || config.Domainname != "" {
 		t.Fatalf("Expected the config to have 'hostname' as hostname.domainname.tld, got %q", config.Hostname)
 	}
 }
@ -356,14 +350,14 @@ func TestParseHostnameDomainname(t *testing.T) {
 		"domainname-63-bytes-long-should-be-valid-and-without-any-errors": "domainname-63-bytes-long-should-be-valid-and-without-any-errors",
 	}
 	for domainname, expectedDomainname := range validDomainnames {
-		if config, _, _ := mustParse(t, "--domainname="+domainname); config.Domainname != expectedDomainname {
+		if config, _ := mustParse(t, "--domainname="+domainname); config.Domainname != expectedDomainname {
 			t.Fatalf("Expected the config to have 'domainname' as %q, got %q", expectedDomainname, config.Domainname)
 		}
 	}
-	if config, _, _ := mustParse(t, "--hostname=some.prefix --domainname=domainname"); config.Hostname != "some.prefix" || config.Domainname != "domainname" {
+	if config, _ := mustParse(t, "--hostname=some.prefix --domainname=domainname"); config.Hostname != "some.prefix" || config.Domainname != "domainname" {
 		t.Fatalf("Expected the config to have 'hostname' as 'some.prefix' and 'domainname' as 'domainname', got %q and %q", config.Hostname, config.Domainname)
 	}
-	if config, _, _ := mustParse(t, "--hostname=another-prefix --domainname=domainname.tld"); config.Hostname != "another-prefix" || config.Domainname != "domainname.tld" {
+	if config, _ := mustParse(t, "--hostname=another-prefix --domainname=domainname.tld"); config.Hostname != "another-prefix" || config.Domainname != "domainname.tld" {
 		t.Fatalf("Expected the config to have 'hostname' as 'another-prefix' and 'domainname' as 'domainname.tld', got %q and %q", config.Hostname, config.Domainname)
 	}
 }
@ -372,8 +366,8 @@ func TestParseWithExpose(t *testing.T) {
 	invalids := map[string]string{
 		":":                   "invalid port format for --expose: :",
 		"8080:9090":           "invalid port format for --expose: 8080:9090",
-		"/tcp":                "invalid range format for --expose: /tcp, error: empty string specified for ports",
-		"/udp":                "invalid range format for --expose: /udp, error: empty string specified for ports",
+		"/tcp":                "invalid range format for --expose: /tcp, error: Empty string specified for ports.",
+		"/udp":                "invalid range format for --expose: /udp, error: Empty string specified for ports.",
 		"NaN/tcp":             `invalid range format for --expose: NaN/tcp, error: strconv.ParseUint: parsing "NaN": invalid syntax`,
 		"NaN-NaN/tcp":         `invalid range format for --expose: NaN-NaN/tcp, error: strconv.ParseUint: parsing "NaN": invalid syntax`,
 		"8080-NaN/tcp":        `invalid range format for --expose: 8080-NaN/tcp, error: strconv.ParseUint: parsing "NaN": invalid syntax`,
@ -423,114 +417,61 @@ func TestParseWithExpose(t *testing.T) {

 func TestParseDevice(t *testing.T) {
 	skip.If(t, runtime.GOOS != "linux") // Windows and macOS validate server-side
-	testCases := []struct {
-		devices        []string
-		deviceMapping  *container.DeviceMapping
-		deviceRequests []container.DeviceRequest
-	}{
-		{
-			devices: []string{"/dev/snd"},
-			deviceMapping: &container.DeviceMapping{
-				PathOnHost:        "/dev/snd",
-				PathInContainer:   "/dev/snd",
-				CgroupPermissions: "rwm",
-			},
+	valids := map[string]container.DeviceMapping{
+		"/dev/snd": {
+			PathOnHost:        "/dev/snd",
+			PathInContainer:   "/dev/snd",
+			CgroupPermissions: "rwm",
 		},
-		{
-			devices: []string{"/dev/snd:rw"},
-			deviceMapping: &container.DeviceMapping{
-				PathOnHost:        "/dev/snd",
-				PathInContainer:   "/dev/snd",
-				CgroupPermissions: "rw",
-			},
+		"/dev/snd:rw": {
+			PathOnHost:        "/dev/snd",
+			PathInContainer:   "/dev/snd",
+			CgroupPermissions: "rw",
 		},
-		{
-			devices: []string{"/dev/snd:/something"},
-			deviceMapping: &container.DeviceMapping{
-				PathOnHost:        "/dev/snd",
-				PathInContainer:   "/something",
-				CgroupPermissions: "rwm",
-			},
+		"/dev/snd:/something": {
+			PathOnHost:        "/dev/snd",
+			PathInContainer:   "/something",
+			CgroupPermissions: "rwm",
 		},
-		{
-			devices: []string{"/dev/snd:/something:rw"},
-			deviceMapping: &container.DeviceMapping{
-				PathOnHost:        "/dev/snd",
-				PathInContainer:   "/something",
-				CgroupPermissions: "rw",
-			},
-		},
-		{
-			devices:       []string{"vendor.com/class=name"},
-			deviceMapping: nil,
-			deviceRequests: []container.DeviceRequest{
-				{
-					Driver:    "cdi",
-					DeviceIDs: []string{"vendor.com/class=name"},
-				},
-			},
-		},
-		{
-			devices: []string{"vendor.com/class=name", "/dev/snd:/something:rw"},
-			deviceMapping: &container.DeviceMapping{
-				PathOnHost:        "/dev/snd",
-				PathInContainer:   "/something",
-				CgroupPermissions: "rw",
-			},
-			deviceRequests: []container.DeviceRequest{
-				{
-					Driver:    "cdi",
-					DeviceIDs: []string{"vendor.com/class=name"},
-				},
-			},
+		"/dev/snd:/something:rw": {
+			PathOnHost:        "/dev/snd",
+			PathInContainer:   "/something",
+			CgroupPermissions: "rw",
 		},
 	}
-
-	for _, tc := range testCases {
-		t.Run(fmt.Sprintf("%s", tc.devices), func(t *testing.T) {
-			var args []string
-			for _, d := range tc.devices {
-				args = append(args, fmt.Sprintf("--device=%v", d))
-			}
-			args = append(args, "img", "cmd")
-
-			_, hostconfig, _, err := parseRun(args)
-
-			assert.NilError(t, err)
-
-			if tc.deviceMapping != nil {
-				if assert.Check(t, is.Len(hostconfig.Devices, 1)) {
-					assert.Check(t, is.DeepEqual(*tc.deviceMapping, hostconfig.Devices[0]))
-				}
-			} else {
-				assert.Check(t, is.Len(hostconfig.Devices, 0))
-			}
-
-			assert.Check(t, is.DeepEqual(tc.deviceRequests, hostconfig.DeviceRequests))
-		})
+	for device, deviceMapping := range valids {
+		_, hostconfig, _, err := parseRun([]string{fmt.Sprintf("--device=%v", device), "img", "cmd"})
+		if err != nil {
+			t.Fatal(err)
+		}
+		if len(hostconfig.Devices) != 1 {
+			t.Fatalf("Expected 1 devices, got %v", hostconfig.Devices)
+		}
+		if hostconfig.Devices[0] != deviceMapping {
+			t.Fatalf("Expected %v, got %v", deviceMapping, hostconfig.Devices)
+		}
 	}
 }

 func TestParseNetworkConfig(t *testing.T) {
 	tests := []struct {
-		name            string
-		flags           []string
-		expected        map[string]*networktypes.EndpointSettings
-		expectedCfg     container.Config
-		expectedHostCfg container.HostConfig
-		expectedErr     string
+		name        string
+		flags       []string
+		expected    map[string]*networktypes.EndpointSettings
+		expectedCfg container.HostConfig
+		expectedErr string
 	}{
 		{
-			name:            "single-network-legacy",
-			flags:           []string{"--network", "net1"},
-			expected:        map[string]*networktypes.EndpointSettings{},
-			expectedHostCfg: container.HostConfig{NetworkMode: "net1"},
+			name:        "single-network-legacy",
+			flags:       []string{"--network", "net1"},
+			expected:    map[string]*networktypes.EndpointSettings{},
+			expectedCfg: container.HostConfig{NetworkMode: "net1"},
 		},
 		{
-			name:            "single-network-advanced",
-			flags:           []string{"--network", "name=net1"},
-			expected:        map[string]*networktypes.EndpointSettings{},
-			expectedHostCfg: container.HostConfig{NetworkMode: "net1"},
+			name:        "single-network-advanced",
+			flags:       []string{"--network", "name=net1"},
+			expected:    map[string]*networktypes.EndpointSettings{},
+			expectedCfg: container.HostConfig{NetworkMode: "net1"},
 		},
 		{
 			name: "single-network-legacy-with-options",
@ -556,7 +497,7 @@ func TestParseNetworkConfig(t *testing.T) {
 					Aliases: []string{"web1", "web2"},
 				},
 			},
-			expectedHostCfg: container.HostConfig{NetworkMode: "net1"},
+			expectedCfg: container.HostConfig{NetworkMode: "net1"},
 		},
 		{
 			name: "multiple-network-advanced-mixed",
@ -572,7 +513,6 @@ func TestParseNetworkConfig(t *testing.T) {
 				"--network-alias", "web2",
 				"--network", "net2",
 				"--network", "name=net3,alias=web3,driver-opt=field3=value3,ip=172.20.88.22,ip6=2001:db8::8822",
-				"--network", "name=net4,mac-address=02:32:1c:23:00:04,link-local-ip=169.254.169.254",
 			},
 			expected: map[string]*networktypes.EndpointSettings{
 				"net1": {
@ -594,18 +534,12 @@ func TestParseNetworkConfig(t *testing.T) {
 					},
 					Aliases: []string{"web3"},
 				},
-				"net4": {
-					MacAddress: "02:32:1c:23:00:04",
-					IPAMConfig: &networktypes.EndpointIPAMConfig{
-						LinkLocalIPs: []string{"169.254.169.254"},
-					},
-				},
 			},
-			expectedHostCfg: container.HostConfig{NetworkMode: "net1"},
+			expectedCfg: container.HostConfig{NetworkMode: "net1"},
 		},
 		{
 			name:  "single-network-advanced-with-options",
-			flags: []string{"--network", "name=net1,alias=web1,alias=web2,driver-opt=field1=value1,driver-opt=field2=value2,ip=172.20.88.22,ip6=2001:db8::8822,mac-address=02:32:1c:23:00:04"},
+			flags: []string{"--network", "name=net1,alias=web1,alias=web2,driver-opt=field1=value1,driver-opt=field2=value2,ip=172.20.88.22,ip6=2001:db8::8822"},
 			expected: map[string]*networktypes.EndpointSettings{
 				"net1": {
 					DriverOpts: map[string]string{
@ -616,30 +550,16 @@ func TestParseNetworkConfig(t *testing.T) {
 						IPv4Address: "172.20.88.22",
 						IPv6Address: "2001:db8::8822",
 					},
-					Aliases:    []string{"web1", "web2"},
-					MacAddress: "02:32:1c:23:00:04",
+					Aliases: []string{"web1", "web2"},
 				},
 			},
-			expectedCfg:     container.Config{MacAddress: "02:32:1c:23:00:04"},
-			expectedHostCfg: container.HostConfig{NetworkMode: "net1"},
+			expectedCfg: container.HostConfig{NetworkMode: "net1"},
 		},
 		{
-			name:            "multiple-networks",
-			flags:           []string{"--network", "net1", "--network", "name=net2"},
-			expected:        map[string]*networktypes.EndpointSettings{"net1": {}, "net2": {}},
-			expectedHostCfg: container.HostConfig{NetworkMode: "net1"},
-		},
-		{
-			name:  "advanced-options-with-standalone-mac-address-flag",
-			flags: []string{"--network=name=net1,alias=foobar", "--mac-address", "52:0f:f3:dc:50:10"},
-			expected: map[string]*networktypes.EndpointSettings{
-				"net1": {
-					Aliases:    []string{"foobar"},
-					MacAddress: "52:0f:f3:dc:50:10",
-				},
-			},
-			expectedCfg:     container.Config{MacAddress: "52:0f:f3:dc:50:10"},
-			expectedHostCfg: container.HostConfig{NetworkMode: "net1"},
+			name:        "multiple-networks",
+			flags:       []string{"--network", "net1", "--network", "name=net2"},
+			expected:    map[string]*networktypes.EndpointSettings{"net1": {}, "net2": {}},
+			expectedCfg: container.HostConfig{NetworkMode: "net1"},
 		},
 		{
 			name:        "conflict-network",
@ -666,26 +586,11 @@ func TestParseNetworkConfig(t *testing.T) {
 			flags:       []string{"--network", "name=host", "--network", "net1"},
 			expectedErr: `conflicting options: cannot attach both user-defined and non-user-defined network-modes`,
 		},
-		{
-			name:        "conflict-options-link-local-ip",
-			flags:       []string{"--network", "name=net1,link-local-ip=169.254.169.254", "--link-local-ip", "169.254.10.8"},
-			expectedErr: `conflicting options: cannot specify both --link-local-ip and per-network link-local IP addresses`,
-		},
-		{
-			name:        "conflict-options-mac-address",
-			flags:       []string{"--network", "name=net1,mac-address=02:32:1c:23:00:04", "--mac-address", "02:32:1c:23:00:04"},
-			expectedErr: `conflicting options: cannot specify both --mac-address and per-network MAC address`,
-		},
-		{
-			name:        "invalid-mac-address",
-			flags:       []string{"--network", "name=net1,mac-address=foobar"},
-			expectedErr: "foobar is not a valid mac address",
-		},
 	}

 	for _, tc := range tests {
 		t.Run(tc.name, func(t *testing.T) {
-			config, hConfig, nwConfig, err := parseRun(tc.flags)
+			_, hConfig, nwConfig, err := parseRun(tc.flags)

 			if tc.expectedErr != "" {
 				assert.Error(t, err, tc.expectedErr)
@ -693,8 +598,7 @@ func TestParseNetworkConfig(t *testing.T) {
 			}

 			assert.NilError(t, err)
-			assert.DeepEqual(t, config.MacAddress, tc.expectedCfg.MacAddress) //nolint:staticcheck // ignore SA1019: field is deprecated, but still used on API < v1.44.
-			assert.DeepEqual(t, hConfig.NetworkMode, tc.expectedHostCfg.NetworkMode)
+			assert.DeepEqual(t, hConfig.NetworkMode, tc.expectedCfg.NetworkMode)
 			assert.DeepEqual(t, nwConfig.EndpointsConfig, tc.expected)
 		})
 	}
@ -744,75 +648,34 @@ func TestRunFlagsParseShmSize(t *testing.T) {
 }

 func TestParseRestartPolicy(t *testing.T) {
-	tests := []struct {
-		input       string
-		expected    container.RestartPolicy
-		expectedErr string
-	}{
-		{
-			input: "",
+	invalids := map[string]string{
+		"always:2:3":         "invalid restart policy format: maximum retry count must be an integer",
+		"on-failure:invalid": "invalid restart policy format: maximum retry count must be an integer",
+	}
+	valids := map[string]container.RestartPolicy{
+		"": {},
+		"always": {
+			Name:              "always",
+			MaximumRetryCount: 0,
 		},
-		{
-			input: "no",
-			expected: container.RestartPolicy{
-				Name: container.RestartPolicyDisabled,
-			},
-		},
-		{
-			input:       ":1",
-			expectedErr: "invalid restart policy format: no policy provided before colon",
-		},
-		{
-			input: "always",
-			expected: container.RestartPolicy{
-				Name: container.RestartPolicyAlways,
-			},
-		},
-		{
-			input: "always:1",
-			expected: container.RestartPolicy{
-				Name:              container.RestartPolicyAlways,
-				MaximumRetryCount: 1,
-			},
-		},
-		{
-			input:       "always:2:3",
-			expectedErr: "invalid restart policy format: maximum retry count must be an integer",
-		},
-		{
-			input: "on-failure:1",
-			expected: container.RestartPolicy{
-				Name:              container.RestartPolicyOnFailure,
-				MaximumRetryCount: 1,
-			},
-		},
-		{
-			input:       "on-failure:invalid",
-			expectedErr: "invalid restart policy format: maximum retry count must be an integer",
-		},
-		{
-			input: "unless-stopped",
-			expected: container.RestartPolicy{
-				Name: container.RestartPolicyUnlessStopped,
-			},
-		},
-		{
-			input:       "unless-stopped:invalid",
-			expectedErr: "invalid restart policy format: maximum retry count must be an integer",
+		"on-failure:1": {
+			Name:              "on-failure",
+			MaximumRetryCount: 1,
 		},
 	}
-	for _, tc := range tests {
-		tc := tc
-		t.Run(tc.input, func(t *testing.T) {
-			_, hostConfig, _, err := parseRun([]string{"--restart=" + tc.input, "img", "cmd"})
-			if tc.expectedErr != "" {
-				assert.Check(t, is.Error(err, tc.expectedErr))
-				assert.Check(t, is.Nil(hostConfig))
-			} else {
-				assert.NilError(t, err)
-				assert.Check(t, is.DeepEqual(hostConfig.RestartPolicy, tc.expected))
-			}
-		})
+	for restart, expectedError := range invalids {
+		if _, _, _, err := parseRun([]string{fmt.Sprintf("--restart=%s", restart), "img", "cmd"}); err == nil || err.Error() != expectedError {
+			t.Fatalf("Expected an error with message '%v' for %v, got %v", expectedError, restart, err)
+		}
+	}
+	for restart, expected := range valids {
+		_, hostconfig, _, err := parseRun([]string{fmt.Sprintf("--restart=%v", restart), "img", "cmd"})
+		if err != nil {
+			t.Fatal(err)
+		}
+		if hostconfig.RestartPolicy != expected {
+			t.Fatalf("Expected %v, got %v", expected, hostconfig.RestartPolicy)
+		}
 	}
 }

@ -857,8 +720,8 @@ func TestParseHealth(t *testing.T) {
 	checkError("--no-healthcheck conflicts with --health-* options",
 		"--no-healthcheck", "--health-cmd=/check.sh -q", "img", "cmd")

-	health = checkOk("--health-timeout=2s", "--health-retries=3", "--health-interval=4.5s", "--health-start-period=5s", "--health-start-interval=1s", "img", "cmd")
-	if health.Timeout != 2*time.Second || health.Retries != 3 || health.Interval != 4500*time.Millisecond || health.StartPeriod != 5*time.Second || health.StartInterval != 1*time.Second {
+	health = checkOk("--health-timeout=2s", "--health-retries=3", "--health-interval=4.5s", "--health-start-period=5s", "img", "cmd")
+	if health.Timeout != 2*time.Second || health.Retries != 3 || health.Interval != 4500*time.Millisecond || health.StartPeriod != 5*time.Second {
 		t.Fatalf("--health-*: got %#v", health)
 	}
 }
@ -1011,8 +874,10 @@ func TestValidateDevice(t *testing.T) {
 	for path, expectedError := range invalid {
 		if _, err := validateDevice(path, runtime.GOOS); err == nil {
 			t.Fatalf("ValidateDevice(`%q`) should have failed validation", path)
-		} else if err.Error() != expectedError {
-			t.Fatalf("ValidateDevice(`%q`) error should contain %q, got %q", path, expectedError, err.Error())
+		} else {
+			if err.Error() != expectedError {
+				t.Fatalf("ValidateDevice(`%q`) error should contain %q, got %q", path, expectedError, err.Error())
+			}
 		}
 	}
 }
--- a/cli/command/container/pause.go
+++ b/cli/command/container/pause.go
@ -27,7 +27,7 @@ func NewPauseCommand(dockerCli command.Cli) *cobra.Command {
 		Args:  cli.RequiresMinArgs(1),
 		RunE: func(cmd *cobra.Command, args []string) error {
 			opts.containers = args
-			return runPause(cmd.Context(), dockerCli, &opts)
+			return runPause(dockerCli, &opts)
 		},
 		Annotations: map[string]string{
 			"aliases": "docker container pause, docker pause",
@ -38,7 +38,9 @@ func NewPauseCommand(dockerCli command.Cli) *cobra.Command {
 	}
 }

-func runPause(ctx context.Context, dockerCli command.Cli, opts *pauseOptions) error {
+func runPause(dockerCli command.Cli, opts *pauseOptions) error {
+	ctx := context.Background()
+
 	var errs []string
 	errChan := parallelOperation(ctx, opts.containers, dockerCli.Client().ContainerPause)
 	for _, container := range opts.containers {
--- a/cli/command/container/port.go
+++ b/cli/command/container/port.go
@ -36,7 +36,7 @@ func NewPortCommand(dockerCli command.Cli) *cobra.Command {
 			if len(args) > 1 {
 				opts.port = args[1]
 			}
-			return runPort(cmd.Context(), dockerCli, &opts)
+			return runPort(dockerCli, &opts)
 		},
 		Annotations: map[string]string{
 			"aliases": "docker container port, docker port",
@ -52,7 +52,9 @@ func NewPortCommand(dockerCli command.Cli) *cobra.Command {
 // TODO(thaJeztah): currently this defaults to show the TCP port if no
 // proto is specified. We should consider changing this to "any" protocol
 // for the given private port.
-func runPort(ctx context.Context, dockerCli command.Cli, opts *portOptions) error {
+func runPort(dockerCli command.Cli, opts *portOptions) error {
+	ctx := context.Background()
+
 	c, err := dockerCli.Client().ContainerInspect(ctx, opts.container)
 	if err != nil {
 		return err
--- a/cli/command/container/prune.go
+++ b/cli/command/container/prune.go
@ -8,9 +8,7 @@ import (
 	"github.com/docker/cli/cli/command"
 	"github.com/docker/cli/cli/command/completion"
 	"github.com/docker/cli/opts"
-	"github.com/docker/docker/errdefs"
 	units "github.com/docker/go-units"
-	"github.com/pkg/errors"
 	"github.com/spf13/cobra"
 )

@ -28,7 +26,7 @@ func NewPruneCommand(dockerCli command.Cli) *cobra.Command {
 		Short: "Remove all stopped containers",
 		Args:  cli.NoArgs,
 		RunE: func(cmd *cobra.Command, args []string) error {
-			spaceReclaimed, output, err := runPrune(cmd.Context(), dockerCli, options)
+			spaceReclaimed, output, err := runPrune(dockerCli, options)
 			if err != nil {
 				return err
 			}
@ -52,20 +50,14 @@ func NewPruneCommand(dockerCli command.Cli) *cobra.Command {
 const warning = `WARNING! This will remove all stopped containers.
 Are you sure you want to continue?`

-func runPrune(ctx context.Context, dockerCli command.Cli, options pruneOptions) (spaceReclaimed uint64, output string, err error) {
+func runPrune(dockerCli command.Cli, options pruneOptions) (spaceReclaimed uint64, output string, err error) {
 	pruneFilters := command.PruneFilters(dockerCli, options.filter.Value())

-	if !options.force {
-		r, err := command.PromptForConfirmation(ctx, dockerCli.In(), dockerCli.Out(), warning)
-		if err != nil {
-			return 0, "", err
-		}
-		if !r {
-			return 0, "", errdefs.Cancelled(errors.New("container prune has been cancelled"))
-		}
+	if !options.force && !command.PromptForConfirmation(dockerCli.In(), dockerCli.Out(), warning) {
+		return 0, "", nil
 	}

-	report, err := dockerCli.Client().ContainersPrune(ctx, pruneFilters)
+	report, err := dockerCli.Client().ContainersPrune(context.Background(), pruneFilters)
 	if err != nil {
 		return 0, "", err
 	}
@ -83,6 +75,6 @@ func runPrune(ctx context.Context, dockerCli command.Cli, options pruneOptions)

 // RunPrune calls the Container Prune API
 // This returns the amount of space reclaimed and a detailed output string
-func RunPrune(ctx context.Context, dockerCli command.Cli, _ bool, filter opts.FilterOpt) (uint64, string, error) {
-	return runPrune(ctx, dockerCli, pruneOptions{force: true, filter: filter})
+func RunPrune(dockerCli command.Cli, _ bool, filter opts.FilterOpt) (uint64, string, error) {
+	return runPrune(dockerCli, pruneOptions{force: true, filter: filter})
 }
--- a/Show More
+++ b/Show More