Merge pull request #2886 from thaJeztah/bump_buildkit

vendor: BuildKit v0.8.1, Engine v20.10.1

VERSION

@@ -1 +1 @@
-20.03.0-dev
+20.10.0-dev

cli/cobra.go

@@ -10,6 +10,7 @@ import (
 	cliconfig "github.com/docker/cli/cli/config"
 	cliflags "github.com/docker/cli/cli/flags"
 	"github.com/moby/term"
+	"github.com/morikuni/aec"
 	"github.com/pkg/errors"
 	"github.com/spf13/cobra"
 	"github.com/spf13/pflag"
@@ -36,6 +37,8 @@ func setupCommonRootCommand(rootCmd *cobra.Command) (*cliflags.ClientOptions, *p
 	cobra.AddTemplateFunc("invalidPluginReason", invalidPluginReason)
 	cobra.AddTemplateFunc("isPlugin", isPlugin)
 	cobra.AddTemplateFunc("isExperimental", isExperimental)
+	cobra.AddTemplateFunc("hasAdditionalHelp", hasAdditionalHelp)
+	cobra.AddTemplateFunc("additionalHelp", additionalHelp)
 	cobra.AddTemplateFunc("decoratedName", decoratedName)
 
 	rootCmd.SetUsageTemplate(usageTemplate)
@@ -47,6 +50,8 @@ func setupCommonRootCommand(rootCmd *cobra.Command) (*cliflags.ClientOptions, *p
 	rootCmd.PersistentFlags().MarkShorthandDeprecated("help", "please use --help")
 	rootCmd.PersistentFlags().Lookup("help").Hidden = true
 
+	rootCmd.Annotations = map[string]string{"additionalHelp": "To get more help with docker, check out our guides at https://docs.docker.com/go/guides/"}
+
 	return opts, flags, helpCommand
 }
 
@@ -185,7 +190,6 @@ var helpCommand = &cobra.Command{
 		if cmd == nil || e != nil || len(args) > 0 {
 			return errors.Errorf("unknown help topic: %v", strings.Join(args, " "))
 		}
-
 		helpFunc := cmd.HelpFunc()
 		helpFunc(cmd, args)
 		return nil
@@ -205,6 +209,18 @@ func isExperimental(cmd *cobra.Command) bool {
 	return experimental
 }
 
+func additionalHelp(cmd *cobra.Command) string {
+	if additionalHelp, ok := cmd.Annotations["additionalHelp"]; ok {
+		style := aec.EmptyBuilder.Bold().ANSI
+		return style.Apply(additionalHelp)
+	}
+	return ""
+}
+
+func hasAdditionalHelp(cmd *cobra.Command) bool {
+	return additionalHelp(cmd) != ""
+}
+
 func isPlugin(cmd *cobra.Command) bool {
 	return cmd.Annotations[pluginmanager.CommandAnnotationPlugin] == "true"
 }
@@ -296,8 +312,8 @@ func invalidPluginReason(cmd *cobra.Command) string {
 
 var usageTemplate = `Usage:
 
-{{- if not .HasSubCommands}}	{{.UseLine}}{{end}}
-{{- if .HasSubCommands}}	{{ .CommandPath}}{{- if .HasAvailableFlags}} [OPTIONS]{{end}} COMMAND{{end}}
+{{- if not .HasSubCommands}}  {{.UseLine}}{{end}}
+{{- if .HasSubCommands}}  {{ .CommandPath}}{{- if .HasAvailableFlags}} [OPTIONS]{{end}} COMMAND{{end}}
 
 {{if ne .Long ""}}{{ .Long | trim }}{{ else }}{{ .Short | trim }}{{end}}
 {{- if isExperimental .}}
@@ -360,6 +376,10 @@ Invalid Plugins:
 
 Run '{{.CommandPath}} COMMAND --help' for more information on a command.
 {{- end}}
+{{- if hasAdditionalHelp .}}
+
+{{ additionalHelp . }}
+{{- end}}
 `
 
 var helpTemplate = `

cli/command/container/stats.go

@@ -156,6 +156,9 @@ func runStats(dockerCli command.Cli, opts *statsOptions) error {
 		// Start a short-lived goroutine to retrieve the initial list of
 		// containers.
 		getContainerList()
+
+		// make sure each container get at least one valid stat data
+		waitFirst.Wait()
 	} else {
 		// Artificially send creation events for the containers we were asked to
 		// monitor (same code path than we use when monitoring all containers).
@@ -170,9 +173,9 @@ func runStats(dockerCli command.Cli, opts *statsOptions) error {
 		// We don't expect any asynchronous errors: closeChan can be closed.
 		close(closeChan)
 
-		// Do a quick pause to detect any error with the provided list of
-		// container names.
-		time.Sleep(1500 * time.Millisecond)
+		// make sure each container get at least one valid stat data
+		waitFirst.Wait()
+
 		var errs []string
 		cStats.mu.Lock()
 		for _, c := range cStats.cs {
@@ -186,8 +189,6 @@ func runStats(dockerCli command.Cli, opts *statsOptions) error {
 		}
 	}
 
-	// before print to screen, make sure each container get at least one valid stat data
-	waitFirst.Wait()
 	format := opts.format
 	if len(format) == 0 {
 		if len(dockerCli.ConfigFile().StatsFormat) > 0 {

cli/command/image/build.go

@@ -113,25 +113,6 @@ func NewBuildCommand(dockerCli command.Cli) *cobra.Command {
 		},
 	}
 
-	// Wrap the global pre-run to handle non-BuildKit use of the --platform flag.
-	//
-	// We're doing it here so that we're only contacting the daemon when actually
-	// running the command, and not during initialization.
-	// TODO remove this hack once we no longer support the experimental use of --platform
-	rootFn := cmd.Root().PersistentPreRunE
-	cmd.PersistentPreRunE = func(cmd *cobra.Command, args []string) error {
-		if ok, _ := command.BuildKitEnabled(dockerCli.ServerInfo()); !ok {
-			f := cmd.Flag("platform")
-			delete(f.Annotations, "buildkit")
-			f.Annotations["version"] = []string{"1.32"}
-			f.Annotations["experimental"] = nil
-		}
-		if rootFn != nil {
-			return rootFn(cmd, args)
-		}
-		return nil
-	}
-
 	flags := cmd.Flags()
 
 	flags.VarP(&options.tags, "tag", "t", "Name and optionally a tag in the 'name:tag' format")
@@ -246,7 +227,11 @@ func runBuild(dockerCli command.Cli, options buildOptions) error {
 	)
 
 	if options.stream {
-		return errors.New("Experimental flag --stream was removed, enable BuildKit instead with DOCKER_BUILDKIT=1")
+		_, _ = fmt.Fprint(dockerCli.Err(), `DEPRECATED: The experimental --stream flag has been removed and the build context
+            will be sent non-streaming. Enable BuildKit instead with DOCKER_BUILDKIT=1
+            to stream build context, see https://docs.docker.com/go/buildkit/
+
+`)
 	}
 
 	if options.dockerfileFromStdin() {

cli/command/image/build/dockerignore.go

@@ -4,8 +4,8 @@ import (
 	"os"
 	"path/filepath"
 
-	"github.com/docker/docker/builder/dockerignore"
 	"github.com/docker/docker/pkg/fileutils"
+	"github.com/moby/buildkit/frontend/dockerfile/dockerignore"
 )
 
 // ReadDockerignore reads the .dockerignore file in the context directory and

cli/command/image/build_buildkit.go

@@ -32,6 +32,7 @@ import (
 	"github.com/moby/buildkit/session/sshforward/sshprovider"
 	"github.com/moby/buildkit/util/appcontext"
 	"github.com/moby/buildkit/util/progress/progressui"
+	"github.com/moby/buildkit/util/progress/progresswriter"
 	"github.com/pkg/errors"
 	fsutiltypes "github.com/tonistiigi/fsutil/types"
 	"github.com/tonistiigi/go-rosetta"
@@ -176,7 +177,8 @@ func runBuildBuildKit(dockerCli command.Cli, options buildOptions) error {
 		}))
 	}
 
-	s.Allow(authprovider.NewDockerAuthProvider(os.Stderr))
+	dockerAuthProvider := authprovider.NewDockerAuthProvider(os.Stderr)
+	s.Allow(dockerAuthProvider)
 	if len(options.secrets) > 0 {
 		sp, err := parseSecretSpecs(options.secrets)
 		if err != nil {
@@ -241,14 +243,14 @@ func runBuildBuildKit(dockerCli command.Cli, options buildOptions) error {
 		buildOptions.SessionID = s.ID()
 		buildOptions.BuildID = buildID
 		buildOptions.Outputs = outputs
-		return doBuild(ctx, eg, dockerCli, stdoutUsed, options, buildOptions)
+		return doBuild(ctx, eg, dockerCli, stdoutUsed, options, buildOptions, dockerAuthProvider)
 	})
 
 	return eg.Wait()
 }
 
 //nolint: gocyclo
-func doBuild(ctx context.Context, eg *errgroup.Group, dockerCli command.Cli, stdoutUsed bool, options buildOptions, buildOptions types.ImageBuildOptions) (finalErr error) {
+func doBuild(ctx context.Context, eg *errgroup.Group, dockerCli command.Cli, stdoutUsed bool, options buildOptions, buildOptions types.ImageBuildOptions, at session.Attachable) (finalErr error) {
 	response, err := dockerCli.Client().ImageBuild(context.Background(), nil, buildOptions)
 	if err != nil {
 		return err
@@ -279,10 +281,17 @@ func doBuild(ctx context.Context, eg *errgroup.Group, dockerCli command.Cli, std
 		if cons, err := console.ConsoleFromFile(out); err == nil && (options.progress == "auto" || options.progress == "tty") {
 			c = cons
 		}
-		// not using shared context to not disrupt display but let is finish reporting errors
+		// not using shared context to not disrupt display but let it finish reporting errors
 		eg.Go(func() error {
 			return progressui.DisplaySolveStatus(context.TODO(), "", c, out, displayCh)
 		})
+		if s, ok := at.(interface {
+			SetLogger(progresswriter.Logger)
+		}); ok {
+			s.SetLogger(func(s *client.SolveStatus) {
+				displayCh <- s
+			})
+		}
 	}
 
 	if options.quiet {

cli/command/registry.go

@@ -93,17 +93,18 @@ func GetDefaultAuthConfig(cli Cli, checkCredStore bool, serverAddress string, is
 	if !isDefaultRegistry {
 		serverAddress = registry.ConvertToHostname(serverAddress)
 	}
-	var authconfig configtypes.AuthConfig
+	var authconfig = configtypes.AuthConfig{}
 	var err error
 	if checkCredStore {
 		authconfig, err = cli.ConfigFile().GetAuthConfig(serverAddress)
-	} else {
-		authconfig = configtypes.AuthConfig{}
+		if err != nil {
+			return nil, err
+		}
 	}
 	authconfig.ServerAddress = serverAddress
 	authconfig.IdentityToken = ""
 	res := types.AuthConfig(authconfig)
-	return &res, err
+	return &res, nil
 }
 
 // ConfigureAuth handles prompting of user's username and password if needed

cli/command/stack/kubernetes/watcher.go

@@ -15,7 +15,6 @@ import (
 	runtimeutil "k8s.io/apimachinery/pkg/util/runtime"
 	"k8s.io/apimachinery/pkg/watch"
 	cache "k8s.io/client-go/tools/cache"
-	podutils "k8s.io/kubernetes/pkg/api/v1/pod"
 )
 
 type stackListWatch interface {
@@ -157,7 +156,7 @@ func (pw *podWatcher) updateServiceStatus(serviceName string) {
 			case apiv1.PodUnknown:
 				status.podsUnknown++
 			}
-			if podutils.IsPodReady(pod) {
+			if pw.isPodReady(pod) {
 				status.podsReady++
 			}
 		}
@@ -170,6 +169,15 @@ func (pw *podWatcher) updateServiceStatus(serviceName string) {
 	pw.services[serviceName] = status
 }
 
+func (pw *podWatcher) isPodReady(pod *apiv1.Pod) bool {
+	for _, condition := range pod.Status.Conditions {
+		if condition.Status == apiv1.ConditionTrue && condition.Type == apiv1.PodReady {
+			return true
+		}
+	}
+	return false
+}
+
 func (pw *podWatcher) allReady() bool {
 	for _, status := range pw.services {
 		if status.podsReady == 0 {

cli/command/swarm/unlock.go

@@ -13,7 +13,7 @@ import (
 	"github.com/docker/docker/api/types/swarm"
 	"github.com/pkg/errors"
 	"github.com/spf13/cobra"
-	"golang.org/x/crypto/ssh/terminal"
+	"golang.org/x/term"
 )
 
 func newUnlockCommand(dockerCli command.Cli) *cobra.Command {
@@ -63,7 +63,7 @@ func runUnlock(dockerCli command.Cli) error {
 func readKey(in *streams.In, prompt string) (string, error) {
 	if in.IsTerminal() {
 		fmt.Print(prompt)
-		dt, err := terminal.ReadPassword(int(in.FD()))
+		dt, err := term.ReadPassword(int(in.FD()))
 		fmt.Println()
 		return string(dt), err
 	}

cli/command/utils.go

@@ -125,7 +125,6 @@ func PruneFilters(dockerCli Cli, pruneFilters filters.Args) filters.Args {
 func AddPlatformFlag(flags *pflag.FlagSet, target *string) {
 	flags.StringVar(target, "platform", os.Getenv("DOCKER_DEFAULT_PLATFORM"), "Set platform if server is multi-platform capable")
 	flags.SetAnnotation("platform", "version", []string{"1.32"})
-	flags.SetAnnotation("platform", "experimental", nil)
 }
 
 // ValidateOutputPath validates the output paths of the `export` and `save` commands.

cli/config/configfile/file.go

@@ -169,6 +169,13 @@ func (configFile *ConfigFile) SaveToWriter(writer io.Writer) error {
 	configFile.AuthConfigs = tmpAuthConfigs
 	defer func() { configFile.AuthConfigs = saveAuthConfigs }()
 
+	// User-Agent header is automatically set, and should not be stored in the configuration
+	for v := range configFile.HTTPHeaders {
+		if strings.EqualFold(v, "User-Agent") {
+			delete(configFile.HTTPHeaders, v)
+		}
+	}
+
 	data, err := json.MarshalIndent(configFile, "", "\t")
 	if err != nil {
 		return err

cli/config/configfile/file_test.go

@@ -466,7 +466,27 @@ func TestSave(t *testing.T) {
 	assert.NilError(t, err)
 	cfg, err := ioutil.ReadFile("test-save")
 	assert.NilError(t, err)
-	assert.Check(t, is.Equal(string(cfg), "{\n	\"auths\": {}\n}"))
+	assert.Equal(t, string(cfg), `{
+	"auths": {}
+}`)
+}
+
+func TestSaveCustomHTTPHeaders(t *testing.T) {
+	configFile := New(t.Name())
+	defer os.Remove(t.Name())
+	configFile.HTTPHeaders["CUSTOM-HEADER"] = "custom-value"
+	configFile.HTTPHeaders["User-Agent"] = "user-agent 1"
+	configFile.HTTPHeaders["user-agent"] = "user-agent 2"
+	err := configFile.Save()
+	assert.NilError(t, err)
+	cfg, err := ioutil.ReadFile(t.Name())
+	assert.NilError(t, err)
+	assert.Equal(t, string(cfg), `{
+	"auths": {},
+	"HttpHeaders": {
+		"CUSTOM-HEADER": "custom-value"
+	}
+}`)
 }
 
 func TestSaveWithSymlink(t *testing.T) {

cli/connhelper/connhelper.go

@@ -22,6 +22,19 @@ type ConnectionHelper struct {
 //
 // ssh://<user>@<host> URL requires Docker 18.09 or later on the remote host.
 func GetConnectionHelper(daemonURL string) (*ConnectionHelper, error) {
+	return getConnectionHelper(daemonURL, nil)
+}
+
+// GetConnectionHelperWithSSHOpts returns Docker-specific connection helper for
+// the given URL, and accepts additional options for ssh connections. It returns
+// nil without error when no helper is registered for the scheme.
+//
+// Requires Docker 18.09 or later on the remote host.
+func GetConnectionHelperWithSSHOpts(daemonURL string, sshFlags []string) (*ConnectionHelper, error) {
+	return getConnectionHelper(daemonURL, sshFlags)
+}
+
+func getConnectionHelper(daemonURL string, sshFlags []string) (*ConnectionHelper, error) {
 	u, err := url.Parse(daemonURL)
 	if err != nil {
 		return nil, err
@@ -34,7 +47,7 @@ func GetConnectionHelper(daemonURL string) (*ConnectionHelper, error) {
 		}
 		return &ConnectionHelper{
 			Dialer: func(ctx context.Context, network, addr string) (net.Conn, error) {
-				return commandconn.New(ctx, "ssh", sp.Args("docker", "system", "dial-stdio")...)
+				return commandconn.New(ctx, "ssh", append(sshFlags, sp.Args("docker", "system", "dial-stdio")...)...)
 			},
 			Host: "http://docker",
 		}, nil

cmd/docker/docker.go

@@ -15,6 +15,7 @@ import (
 	"github.com/docker/cli/cli/version"
 	"github.com/docker/docker/api/types/versions"
 	"github.com/docker/docker/client"
+	"github.com/moby/buildkit/util/appcontext"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"
@@ -198,6 +199,11 @@ func tryPluginRun(dockerCli command.Cli, cmd *cobra.Command, subcommand string)
 		return err
 	}
 
+	go func() {
+		// override SIGTERM handler so we let the plugin shut down first
+		<-appcontext.Context().Done()
+	}()
+
 	if err := plugincmd.Run(); err != nil {
 		statusCode := 1
 		exitErr, ok := err.(*exec.ExitError)
@@ -316,8 +322,12 @@ func hideFlagIf(f *pflag.Flag, condition func(string) bool, annotation string) {
 	if f.Hidden {
 		return
 	}
-	if values, ok := f.Annotations[annotation]; ok && len(values) > 0 {
-		if condition(values[0]) {
+	var val string
+	if values, ok := f.Annotations[annotation]; ok {
+		if len(values) > 0 {
+			val = values[0]
+		}
+		if condition(val) {
 			f.Hidden = true
 		}
 	}

contrib/completion/bash/docker

@@ -602,19 +602,11 @@ __docker_append_to_completions() {
 # The result is cached for the duration of one invocation of bash completion.
 __docker_fetch_info() {
 	if [ -z "$info_fetched" ] ; then
-		read -r client_experimental server_experimental server_os <<< "$(__docker_q version -f '{{.Client.Experimental}} {{.Server.Experimental}} {{.Server.Os}}')"
+		read -r server_experimental server_os <<< "$(__docker_q version -f '{{.Server.Experimental}} {{.Server.Os}}')"
 		info_fetched=true
 	fi
 }
 
-# __docker_client_is_experimental tests whether the Docker cli is configured to support
-# experimental features. If so, the function exits with 0 (true).
-# Otherwise, or if the result cannot be determined, the exit value is 1 (false).
-__docker_client_is_experimental() {
-	__docker_fetch_info
-	[ "$client_experimental" = "true" ]
-}
-
 # __docker_server_is_experimental tests whether the currently configured Docker
 # server runs in experimental mode. If so, the function exits with 0 (true).
 # Otherwise, or if the result cannot be determined, the exit value is 1 (false).
@@ -1225,7 +1217,6 @@ _docker_docker() {
 		*)
 			local counter=$( __docker_pos_first_nonflag "$(__docker_to_extglob "$global_options_with_args")" )
 			if [ "$cword" -eq "$counter" ]; then
-				__docker_client_is_experimental && commands+=(${experimental_client_commands[*]})
 				__docker_server_is_experimental && commands+=(${experimental_server_commands[*]})
 				COMPREPLY=( $( compgen -W "${commands[*]} help" -- "$cur" ) )
 			fi
@@ -2579,6 +2570,8 @@ _docker_daemon() {
 		--cluster-store-opt
 		--config-file
 		--containerd
+		--containerd-namespace
+		--containerd-plugins-namespace
 		--cpu-rt-period
 		--cpu-rt-runtime
 		--data-root
@@ -5492,6 +5485,7 @@ _docker() {
 		container
 		context
 		image
+		manifest
 		network
 		node
 		plugin
@@ -5550,10 +5544,6 @@ _docker() {
 		wait
 	)
 
-	local experimental_client_commands=(
-		manifest
-	)
-
 	local experimental_server_commands=(
 		checkpoint
 	)
@@ -5581,7 +5571,7 @@ _docker() {
 	# variables to cache server info, populated on demand for performance reasons
 	local info_fetched server_experimental server_os
 	# variables to cache client info, populated on demand for performance reasons
-	local client_experimental stack_orchestrator_is_kubernetes stack_orchestrator_is_swarm
+	local stack_orchestrator_is_kubernetes stack_orchestrator_is_swarm
 
 	local host config context
 

contrib/completion/zsh/REVIEWERS

@@ -1,2 +0,0 @@
-Tianon Gravi <admwiggin@gmail.com> (@tianon)
-Jessie Frazelle <jess@docker.com> (@jfrazelle)

contrib/completion/zsh/_docker

@@ -2646,6 +2646,8 @@ __docker_subcommand() {
                 "($help)*--cluster-store-opt=[Cluster store options]:Cluster options:->cluster-store-options" \
                 "($help)--config-file=[Path to daemon configuration file]:Config File:_files" \
                 "($help)--containerd=[Path to containerd socket]:socket:_files -g \"*.sock\"" \
+                "($help)--containerd-namespace=[Containerd namespace to use]:containerd namespace:" \
+                "($help)--containerd-plugins-namespace=[Containerd namespace to use for plugins]:containerd namespace:" \
                 "($help)--data-root=[Root directory of persisted Docker data]:path:_directories" \
                 "($help -D --debug)"{-D,--debug}"[Enable debug mode]" \
                 "($help)--default-gateway[Container default gateway IPv4 address]:IPv4 address: " \

dockerfiles/Dockerfile.dev

@@ -19,7 +19,7 @@ RUN --mount=type=cache,target=/root/.cache/go-build \
     GO111MODULE=on go get gotest.tools/gotestsum@${GOTESTSUM_VERSION}
 
 FROM golang AS vndr
-ARG VNDR_VERSION=v0.1.1
+ARG VNDR_VERSION=v0.1.2
 RUN --mount=type=cache,target=/root/.cache/go-build \
     --mount=type=cache,target=/go/pkg/mod \
     --mount=type=tmpfs,target=/go/src/ \

docs/deprecated.md

@@ -50,33 +50,36 @@ The table below provides an overview of the current status of deprecated feature
 
 Status     | Feature                                                                                                                            | Deprecated | Remove
 -----------|------------------------------------------------------------------------------------------------------------------------------------|------------|------------
-Deprecated | [Kernel memory limit](#kernel-memory-limit)                                                                                        | v20.03     | -
-Deprecated | [Classic Swarm and overlay networks using external key/value stores](#classic-swarm-and-overlay-networks-using-cluster-store)      | v20.03     | -
-Deprecated | [Support for the legacy `~/.dockercfg` configuration file for authentication](#support-for-legacy-dockercfg-configuration-files)   | v20.03     | -
-Deprecated | [CLI plugins support](#cli-plugins-support)                                                                                        | v20.03     | -
-Deprecated | [Dockerfile legacy `ENV name value` syntax](#dockerfile-legacy-env-name-value-syntax)                                              | v20.03     | -
-Deprecated | [Configuration options for experimental CLI features](#configuration-options-for-experimental-cli-features)                        | v19.03     | v20.03
-Deprecated | [Pushing and pulling with image manifest v2 schema 1](#pushing-and-pulling-with-image-manifest-v2-schema-1)                        | v19.03     | v20.03
-Removed    | [`docker engine` subcommands](#docker-engine-subcommands)                                                                          | v19.03     | v20.03
-Removed    | [Top-level `docker deploy` subcommand (experimental)](#top-level-docker-deploy-subcommand-experimental)                            | v19.03     | v20.03
-Removed    | [`docker stack deploy` using "dab" files (experimental)](#docker-stack-deploy-using-dab-files-experimental)                        | v19.03     | v20.03
+Deprecated | [Pulling images from non-compliant image registries](#pulling-images-from-non-compliant-image-registries)                          | v20.10     | -
+Deprecated | [Linux containers on Windows (LCOW)](#linux-containers-on-windows-lcow-experimental)                                               | v20.10     | -
+Deprecated | [Kernel memory limit](#kernel-memory-limit)                                                                                        | v20.10     | -
+Deprecated | [Classic Swarm and overlay networks using external key/value stores](#classic-swarm-and-overlay-networks-using-cluster-store)      | v20.10     | -
+Deprecated | [Support for the legacy `~/.dockercfg` configuration file for authentication](#support-for-legacy-dockercfg-configuration-files)   | v20.10     | -
+Deprecated | [CLI plugins support](#cli-plugins-support)                                                                                        | v20.10     | -
+Deprecated | [Dockerfile legacy `ENV name value` syntax](#dockerfile-legacy-env-name-value-syntax)                                              | v20.10     | -
+Removed    | [`docker build --stream` flag (experimental)](#docker-build---stream-flag-experimental)                                            | v20.10     | v20.10
+Deprecated | [Configuration options for experimental CLI features](#configuration-options-for-experimental-cli-features)                        | v19.03     | v20.10
+Deprecated | [Pushing and pulling with image manifest v2 schema 1](#pushing-and-pulling-with-image-manifest-v2-schema-1)                        | v19.03     | v20.10
+Removed    | [`docker engine` subcommands](#docker-engine-subcommands)                                                                          | v19.03     | v20.10
+Removed    | [Top-level `docker deploy` subcommand (experimental)](#top-level-docker-deploy-subcommand-experimental)                            | v19.03     | v20.10
+Removed    | [`docker stack deploy` using "dab" files (experimental)](#docker-stack-deploy-using-dab-files-experimental)                        | v19.03     | v20.10
 Deprecated | [AuFS storage driver](#aufs-storage-driver)                                                                                        | v19.03     | -
 Deprecated | [Legacy "overlay" storage driver](#legacy-overlay-storage-driver)                                                                  | v18.09     | -
 Deprecated | [Device mapper storage driver](#device-mapper-storage-driver)                                                                      | v18.09     | -
-Removed    | [Use of reserved namespaces in engine labels](#use-of-reserved-namespaces-in-engine-labels)                                        | v18.06     | v20.03
+Removed    | [Use of reserved namespaces in engine labels](#use-of-reserved-namespaces-in-engine-labels)                                        | v18.06     | v20.10
 Removed    | [`--disable-legacy-registry` override daemon option](#--disable-legacy-registry-override-daemon-option)                            | v17.12     | v19.03
 Removed    | [Interacting with V1 registries](#interacting-with-v1-registries)                                                                  | v17.06     | v17.12
 Removed    | [Asynchronous `service create` and `service update` as default](#asynchronous-service-create-and-service-update-as-default)        | v17.05     | v17.10
 Removed    | [`-g` and `--graph` flags on `dockerd`](#-g-and---graph-flags-on-dockerd)                                                          | v17.05     | -
 Deprecated | [Top-level network properties in NetworkSettings](#top-level-network-properties-in-networksettings)                                | v1.13      | v17.12
-Removed    | [`filter` param for `/images/json` endpoint](#filter-param-for-imagesjson-endpoint)                                                | v1.13      | v20.03
+Removed    | [`filter` param for `/images/json` endpoint](#filter-param-for-imagesjson-endpoint)                                                | v1.13      | v20.10
 Removed    | [`repository:shortid` image references](#repositoryshortid-image-references)                                                       | v1.13      | v17.12
 Removed    | [`docker daemon` subcommand](#docker-daemon-subcommand)                                                                            | v1.13      | v17.12
 Removed    | [Duplicate keys with conflicting values in engine labels](#duplicate-keys-with-conflicting-values-in-engine-labels)                | v1.13      | v17.12
 Deprecated | [`MAINTAINER` in Dockerfile](#maintainer-in-dockerfile)                                                                            | v1.13      | -
 Deprecated | [API calls without a version](#api-calls-without-a-version)                                                                        | v1.13      | v17.12
 Removed    | [Backing filesystem without `d_type` support for overlay/overlay2](#backing-filesystem-without-d_type-support-for-overlayoverlay2) | v1.13      | v17.12
-Removed    | [`--automated` and `--stars` flags on `docker search`](#--automated-and---stars-flags-on-docker-search)                            | v1.12      | v20.03
+Removed    | [`--automated` and `--stars` flags on `docker search`](#--automated-and---stars-flags-on-docker-search)                            | v1.12      | v20.10
 Deprecated | [`-h` shorthand for `--help`](#-h-shorthand-for---help)                                                                            | v1.12      | v17.09
 Removed    | [`-e` and `--email` flags on `docker login`](#-e-and---email-flags-on-docker-login)                                                | v1.11      | v17.06
 Deprecated | [Separator (`:`) of `--security-opt` flag on `docker run`](#separator--of---security-opt-flag-on-docker-run)                       | v1.11      | v17.06
@@ -93,16 +96,60 @@ Removed    | [`--api-enable-cors` flag on `dockerd`](#--api-enable-cors-flag-on-
 Removed    | [`--run` flag on `docker commit`](#--run-flag-on-docker-commit)                                                                    | v0.10      | v1.13
 Removed    | [Three arguments form in `docker import`](#three-arguments-form-in-docker-import)                                                  | v0.6.7     | v1.12
 
+### Pulling images from non-compliant image registries
+
+**Deprecated in Release: v20.10**
+
+Docker Engine v20.10 and up includes optimizations to verify if images in the
+local image cache need updating before pulling, preventing the Docker Engine
+from making unnecessary API requests. These optimizations require the container
+image registry to conform to the [Open Container Initiative Distribution Specification](https://github.com/opencontainers/distribution-spec).
+
+While most registries conform to the specification, we encountered some registries
+to be non-compliant, resulting in `docker pull` to fail.
+
+As a temporary solution, Docker Engine v20.10 includes a fallback mechanism to
+allow `docker pull` to be functional when using a non-compliant registry. A
+warning message is printed in this situation:
+
+    WARNING Failed to pull manifest by the resolved digest. This registry does not
+            appear to conform to the distribution registry specification; falling back to
+            pull by tag. This fallback is DEPRECATED, and will be removed in a future
+            release.
+
+The fallback is added to allow users to either migrate their images to a compliant
+registry, or for these registries to become compliant.
+
+Note that this fallback only addresses failures on `docker pull`. Other commands,
+such as `docker stack deploy`, or pulling images with `containerd` will continue
+to fail.
+
+Given that other functionality is still broken with these registries, we consider
+this fallback a _temporary_ solution, and will remove the fallback in an upcoming
+major release.
+
+### Linux containers on Windows (LCOW) (experimental)
+
+**Deprecated in Release: v20.10**
+
+The experimental feature to run Linux containers on Windows (LCOW) was introduced
+as a technical preview in Docker 17.09. While many enhancements were made after
+its introduction, the feature never reached completeness, and development has
+now stopped in favor of running docker natively on Linux in WSL2.
+
+Developers who want to run Linux workloads on a Windows host are encouraged to use
+[Docker Desktop with WSL2](https://docs.docker.com/docker-for-windows/wsl/) instead.
+
 ### Kernel memory limit
 
-**Deprecated in Release: v20.03**
+**Deprecated in Release: v20.10**
 
 Specifying kernel memory limit (`docker run --kernel-memory`) is now marked as deprecated,
 as [Linux kernel deprecated `kmem.limit_in_bytes` in v5.4](https://github.com/torvalds/linux/commit/0158115f702b0ba208ab0b5adf44cae99b3ebcc7).
 
 ### Classic Swarm and overlay networks using cluster store
 
-**Deprecated in Release: v20.03**
+**Deprecated in Release: v20.10**
 
 Standalone ("classic") Swarm has been deprecated, and with that the use of overlay
 networks using an external key/value store. The corresponding`--cluster-advertise`,
@@ -112,7 +159,7 @@ deprecated, and will be disabled or removed in a future release.
 
 ### Support for legacy `~/.dockercfg` configuration files
 
-**Deprecated in Release: v20.03**
+**Deprecated in Release: v20.10**
 
 The docker CLI up until v1.7.0 used the `~/.dockercfg` file to store credentials
 after authenticating to a registry (`docker login`). Docker v1.7.0 replaced this
@@ -133,13 +180,13 @@ enabled by default, and these configuration options will no longer be functional
 
 ### CLI plugins support
 
-**Deprecated in Release: v20.03**
+**Deprecated in Release: v20.10**
 
 CLI Plugin API is now marked as deprecated.
 
 ### Dockerfile legacy `ENV name value` syntax
 
-**Deprecated in Release: v20.03**
+**Deprecated in Release: v20.10**
 
 The Dockerfile `ENV` instruction allows values to be set using either `ENV name=value`
 or `ENV name value`. The latter (`ENV name value`) form can be ambiguous, for example,
@@ -161,11 +208,28 @@ syntax, for example:
 ENV ONE="" TWO="" THREE="world"
 ```
 
+### `docker build --stream` flag (experimental)
+
+**Deprecated in Release: v20.10**
+**Removed in Release: v20.10**
+
+Docker v17.07 introduced an experimental `--stream` flag on `docker build` which
+allowed the build-context to be incrementally sent to the daemon, instead of
+unconditionally sending the whole build-context.
+
+This functionality has been reimplemented as part of BuildKit, which uses streaming
+by default and the `--stream` option will be ignored when using the classic builder,
+printing a deprecation warning instead.
+
+Users that want to use this feature are encouraged to enable BuildKit by setting
+the `DOCKER_BUILDKIT=1` environment variable or through the daemon or CLI configuration
+files.
+
 ### Pushing and pulling with image manifest v2 schema 1
 
 **Deprecated in Release: v19.03**
 
-**Target For Removal In Release: v20.03**
+**Target For Removal In Release: v20.10**
 
 The image manifest
 [v2 schema 1](https://github.com/docker/distribution/blob/fda42e5ef908bdba722d435ff1f330d40dfcd56c/docs/spec/manifest-v2-1.md)
@@ -179,7 +243,7 @@ If the registry you are using still supports v2 schema 1, urge their administrat
 
 **Deprecated in Release: v19.03**
 
-**Removed in Release: v20.03**
+**Removed in Release: v20.10**
 
 The `docker engine activate`, `docker engine check`, and `docker engine update`
 provided an alternative installation method to upgrade Docker Community engines
@@ -195,7 +259,7 @@ standard package  managers.
 
 **Deprecated in Release: v19.03**
 
-**Removed in Release: v20.03**
+**Removed in Release: v20.10**
 
 The top-level `docker deploy` command (using the "Docker Application Bundle"
 (.dab) file format was introduced as an experimental feature in Docker 1.13 /
@@ -207,7 +271,7 @@ subcommand.
 
 **Deprecated in Release: v19.03**
 
-**Removed in Release: v20.03**
+**Removed in Release: v20.10**
 
 With no development being done on this feature, and no active use of the file
 format, support for the DAB file format and the top-level docker deploy command
@@ -270,13 +334,13 @@ is no reason to continue maintenance of the `devicemapper` storage driver.
 
 **Deprecated in Release: v18.06**
 
-**Removed In Release: v20.03**
+**Removed In Release: v20.10**
 
 The namespaces `com.docker.*`, `io.docker.*`, and `org.dockerproject.*` in engine labels
 were always documented to be reserved, but there was never any enforcement.
 
 Usage of these namespaces will now cause a warning in the engine logs to discourage their
-use, and will error instead in v20.03 and above.
+use, and will error instead in v20.10 and above.
 
 
 ### `--disable-legacy-registry` override daemon option
@@ -358,7 +422,7 @@ information.
 ### `filter` param for `/images/json` endpoint
 **Deprecated In Release: [v1.13.0](https://github.com/docker/docker/releases/tag/v1.13.0)**
 
-**Removed In Release: v20.03**
+**Removed In Release: v20.10**
 
 The `filter` param to filter the list of image by reference (name or name:tag)
 is now implemented as a regular filter, named `reference`.
@@ -424,7 +488,7 @@ further information.
 
 **Deprecated in Release: [v1.12.0](https://github.com/docker/docker/releases/tag/v1.12.0)**
 
-**Removed In Release: v20.03**
+**Removed In Release: v20.10**
 
 The `docker search --automated` and `docker search --stars` options are deprecated.
 Use `docker search --filter=is-automated=<true|false>` and `docker search --filter=stars=...` instead.

docs/extend/index.md

@@ -21,8 +21,8 @@ keywords: "API, Usage, plugins, documentation, developer"
 Docker Engine's plugin system allows you to install, start, stop, and remove
 plugins using Docker Engine.
 
-For information about the legacy plugin system available in Docker Engine 1.12
-and earlier, see [Understand legacy Docker Engine plugins](legacy_plugins.md).
+For information about legacy (non-managed) plugins, refer to
+[Understand legacy Docker Engine plugins](legacy_plugins.md).
 
 > **Note**
 >

docs/reference/builder.md

@@ -655,7 +655,7 @@ The `FROM` instruction initializes a new build stage and sets the
 [*Base Image*](https://docs.docker.com/glossary/#base_image) for subsequent instructions. As such, a
 valid `Dockerfile` must start with a `FROM` instruction. The image can be
 any valid image – it is especially easy to start by **pulling an image** from
-the [*Public Repositories*](https://docs.docker.com/engine/tutorials/dockerrepos/).
+the [*Public Repositories*](https://docs.docker.com/docker-hub/repos/).
 
 - `ARG` is the only instruction that may precede `FROM` in the `Dockerfile`.
   See [Understand how ARG and FROM interact](#understand-how-arg-and-from-interact).
@@ -2043,7 +2043,7 @@ RUN echo hello
 If you specify `--build-arg CONT_IMG_VER=<value>` on the command line, in both
 cases, the specification on line 2 does not cause a cache miss; line 3 does
 cause a cache miss.`ARG CONT_IMG_VER` causes the RUN line to be identified
-as the same as running `CONT_IMG_VER=<value>` echo hello, so if the `<value>`
+as the same as running `CONT_IMG_VER=<value> echo hello`, so if the `<value>`
 changes, we get a cache miss.
 
 Consider another example under the same command line:
@@ -2216,8 +2216,6 @@ are stored currently).
 When the health status of a container changes, a `health_status` event is
 generated with the new status.
 
-The `HEALTHCHECK` feature was added in Docker 1.12.
-
 
 ## SHELL
 
@@ -2342,8 +2340,6 @@ environment variable expansion semantics could be modified.
 The `SHELL` instruction can also be used on Linux should an alternate shell be
 required such as `zsh`, `csh`, `tcsh` and others.
 
-The `SHELL` feature was added in Docker 1.12.
-
 ## External implementation features
 
 This feature is only available when using the  [BuildKit](#buildkit) backend.

docs/reference/commandline/build.md

@@ -402,14 +402,12 @@ the command line.
 ### Use a custom parent cgroup (--cgroup-parent)
 
 When `docker build` is run with the `--cgroup-parent` option the containers
-used in the build will be run with the 
-[corresponding `docker run` flag](../run.md#specify-custom-cgroups).
+used in the build will be run with the [corresponding `docker run` flag](../run.md#specify-custom-cgroups).
 
 ### Set ulimits in container (--ulimit)
 
 Using the `--ulimit` option with `docker build` will cause each build step's
-container to be started using those 
-[`--ulimit` flag values](run.md#set-ulimits-in-container---ulimit).
+container to be started using those [`--ulimit` flag values](run.md#set-ulimits-in-container---ulimit).
 
 ### Set build-time variables (--build-arg)
 
@@ -715,10 +713,9 @@ experimental flag enabled.
 
 #### Enable Docker experimental
 
-Experimental features are now included in the standard Docker binaries as of
-version 1.13.0. For enabling experimental features, you need to start the
-Docker daemon with `--experimental` flag. You can also enable the daemon flag
-via `/etc/docker/daemon.json`. e.g.
+To enable experimental features, you need to start the Docker daemon with
+`--experimental` flag. You can also enable the daemon flag via
+`/etc/docker/daemon.json`, for example:
 
 ```json
 {

docs/reference/commandline/container_prune.md

@@ -7,7 +7,7 @@ keywords: container, prune, delete, remove
 # container prune
 
 ```markdown
-Usage:	docker container prune [OPTIONS]
+Usage:  docker container prune [OPTIONS]
 
 Remove all stopped containers
 

docs/reference/commandline/dockerd.md

@@ -32,6 +32,8 @@ Options:
       --cgroup-parent string                  Set parent cgroup for all containers
       --config-file string                    Daemon configuration file (default "/etc/docker/daemon.json")
       --containerd string                     containerd grpc address
+      --containerd-namespace string           Containerd namespace to use (default "moby")
+      --containerd-plugins-namespace string   Containerd namespace to use for plugins (default "plugins.moby")
       --cpu-rt-period int                     Limit the CPU real-time period in microseconds for the
                                               parent cgroup for all containers
       --cpu-rt-runtime int                    Limit the CPU real-time runtime in microseconds for the
@@ -68,6 +70,7 @@ Options:
       --ip-forward                            Enable net.ipv4.ip_forward (default true)
       --ip-masq                               Enable IP masquerading (default true)
       --iptables                              Enable addition of iptables rules (default true)
+      --ip6tables                             Enable addition of ip6tables rules (default false)
       --ipv6                                  Enable IPv6 networking
       --label list                            Set key=value labels to the daemon
       --live-restore                          Enable live restore of docker when containers are still running
@@ -205,8 +208,7 @@ The Docker client will honor the `HTTP_PROXY`, `HTTPS_PROXY`, and `NO_PROXY`
 environment variables (or the lowercase versions thereof). `HTTPS_PROXY` takes
 precedence over `HTTP_PROXY`.
 
-Starting with Docker 18.09, the Docker client supports connecting to a remote
-daemon via SSH:
+The Docker client supports connecting to a remote daemon via SSH:
 
 ```
 $ docker -H ssh://me@example.com:22 ps
@@ -219,17 +221,17 @@ remote host with public key authentication. Password authentication is not
 supported. If your key is protected with passphrase, you need to set up
 `ssh-agent`.
 
-Also, you need to have `docker` binary 18.09 or later on the daemon host.
-
 #### Bind Docker to another host/port or a Unix socket
 
-> **Warning**:
+> **Warning**
+>
 > Changing the default `docker` daemon binding to a
 > TCP port or Unix *docker* user group will increase your security risks
 > by allowing non-root users to gain *root* access on the host. Make sure
 > you control access to `docker`. If you are binding
 > to a TCP port, anyone with access to that port has full Docker access;
 > so it is not advisable on an open network.
+{: .warning :}
 
 With `-H` it is possible to make the Docker daemon to listen on a
 specific IP and port. By default, it will listen on
@@ -968,18 +970,18 @@ The following is an example adding 2 runtimes via the configuration:
 
 ```json
 {
-	"default-runtime": "runc",
-	"runtimes": {
-		"runc": {
-			"path": "runc"
-		},
-		"custom": {
-			"path": "/usr/local/bin/my-runc-replacement",
-			"runtimeArgs": [
-				"--debug"
-			]
-		}
-	}
+  "default-runtime": "runc",
+  "runtimes": {
+    "custom": {
+      "path": "/usr/local/bin/my-runc-replacement",
+      "runtimeArgs": [
+        "--debug"
+      ]
+    },
+    "runc": {
+      "path": "runc"
+    }
+  }
 }
 ```
 
@@ -1110,13 +1112,10 @@ system's list of trusted CAs instead of enabling `--insecure-registry`.
 
 #### Legacy Registries
 
-Starting with Docker 17.12, operations against registries supporting only the
-legacy v1 protocol are no longer supported. Specifically, the daemon will not
-attempt `push`, `pull` and `login` to v1 registries. The exception to this is
-`search` which can still be performed on v1 registries.
-
-The `disable-legacy-registry` configuration option has been removed and, when
-used, will produce an error on daemon startup.
+Operations against registries supporting only the legacy v1 protocol are no longer
+supported. Specifically, the daemon will not attempt `push`, `pull` and `login`
+to v1 registries. The exception to this is `search` which can still be performed
+on v1 registries.
 
 
 ### Running a Docker daemon behind an HTTPS_PROXY
@@ -1307,7 +1306,10 @@ the task to run.
 Example of usage:
 ```json
 {
-  "node-generic-resources": ["NVIDIA-GPU=UUID1", "NVIDIA-GPU=UUID2"]
+  "node-generic-resources": [
+    "NVIDIA-GPU=UUID1",
+    "NVIDIA-GPU=UUID2"
+  ]
 }
 ```
 
@@ -1336,9 +1338,42 @@ This is a full example of the allowed configuration options on Linux:
 
 ```json
 {
+  "allow-nondistributable-artifacts": [],
+  "api-cors-header": "",
   "authorization-plugins": [],
+  "bip": "",
+  "bridge": "",
+  "cgroup-parent": "",
+  "cluster-advertise": "",
+  "cluster-store": "",
+  "cluster-store-opts": {},
+  "containerd": "/run/containerd/containerd.sock",
+  "containerd-namespace": "docker",
+  "containerd-plugin-namespace": "docker-plugins",
   "data-root": "",
+  "debug": true,
+  "default-address-pools": [
+    {
+      "base": "172.80.0.0/16",
+      "size": 24
+    },
+    {
+      "base": "172.90.0.0/16",
+      "size": 24
+    }
+  ],
   "default-cgroupns-mode": "private",
+  "default-gateway": "",
+  "default-gateway-v6": "",
+  "default-runtime": "runc",
+  "default-shm-size": "64M",
+  "default-ulimits": {
+    "nofile": {
+      "Hard": 64000,
+      "Name": "nofile",
+      "Soft": 64000
+    }
+  },
   "dns": [],
   "dns-opts": [],
   "dns-search": [],
@@ -1346,73 +1381,43 @@ This is a full example of the allowed configuration options on Linux:
   "exec-root": "",
   "experimental": false,
   "features": {},
-  "storage-driver": "",
-  "storage-opts": [],
+  "fixed-cidr": "",
+  "fixed-cidr-v6": "",
+  "group": "",
+  "hosts": [],
+  "icc": false,
+  "init": false,
+  "init-path": "/usr/libexec/docker-init",
+  "insecure-registries": [],
+  "ip": "0.0.0.0",
+  "ip-forward": false,
+  "ip-masq": false,
+  "iptables": false,
+  "ip6tables": false,
+  "ipv6": false,
   "labels": [],
   "live-restore": true,
   "log-driver": "json-file",
+  "log-level": "",
   "log-opts": {
-    "max-size": "10m",
-    "max-file":"5",
+    "env": "os,customer",
     "labels": "somelabel",
-    "env": "os,customer"
+    "max-file": "5",
+    "max-size": "10m"
   },
-  "mtu": 0,
-  "pidfile": "",
-  "cluster-store": "",
-  "cluster-store-opts": {},
-  "cluster-advertise": "",
   "max-concurrent-downloads": 3,
   "max-concurrent-uploads": 5,
   "max-download-attempts": 5,
-  "default-shm-size": "64M",
-  "shutdown-timeout": 15,
-  "debug": true,
-  "hosts": [],
-  "log-level": "",
-  "tls": true,
-  "tlsverify": true,
-  "tlscacert": "",
-  "tlscert": "",
-  "tlskey": "",
-  "swarm-default-advertise-addr": "",
-  "api-cors-header": "",
-  "selinux-enabled": false,
-  "userns-remap": "",
-  "group": "",
-  "cgroup-parent": "",
-  "default-ulimits": {
-    "nofile": {
-      "Name": "nofile",
-      "Hard": 64000,
-      "Soft": 64000
-    }
-  },
-  "init": false,
-  "init-path": "/usr/libexec/docker-init",
-  "ipv6": false,
-  "iptables": false,
-  "ip-forward": false,
-  "ip-masq": false,
-  "userland-proxy": false,
-  "userland-proxy-path": "/usr/libexec/docker-proxy",
-  "ip": "0.0.0.0",
-  "bridge": "",
-  "bip": "",
-  "fixed-cidr": "",
-  "fixed-cidr-v6": "",
-  "default-gateway": "",
-  "default-gateway-v6": "",
-  "icc": false,
-  "raw-logs": false,
-  "allow-nondistributable-artifacts": [],
-  "registry-mirrors": [],
-  "seccomp-profile": "",
-  "insecure-registries": [],
+  "mtu": 0,
   "no-new-privileges": false,
-  "default-runtime": "runc",
+  "node-generic-resources": [
+    "NVIDIA-GPU=UUID1",
+    "NVIDIA-GPU=UUID2"
+  ],
   "oom-score-adjust": -500,
-  "node-generic-resources": ["NVIDIA-GPU=UUID1", "NVIDIA-GPU=UUID2"],
+  "pidfile": "",
+  "raw-logs": false,
+  "registry-mirrors": [],
   "runtimes": {
     "cc-runtime": {
       "path": "/usr/bin/cc-runtime"
@@ -1424,10 +1429,20 @@ This is a full example of the allowed configuration options on Linux:
       ]
     }
   },
-  "default-address-pools":[
-    {"base":"172.80.0.0/16","size":24},
-    {"base":"172.90.0.0/16","size":24}
-  ]
+  "seccomp-profile": "",
+  "selinux-enabled": false,
+  "shutdown-timeout": 15,
+  "storage-driver": "",
+  "storage-opts": [],
+  "swarm-default-advertise-addr": "",
+  "tls": true,
+  "tlscacert": "",
+  "tlscert": "",
+  "tlskey": "",
+  "tlsverify": true,
+  "userland-proxy": false,
+  "userland-proxy-path": "/usr/libexec/docker-proxy",
+  "userns-remap": ""
 }
 ```
 
@@ -1450,42 +1465,45 @@ This is a full example of the allowed configuration options on Windows:
 
 ```json
 {
+  "allow-nondistributable-artifacts": [],
   "authorization-plugins": [],
+  "bridge": "",
+  "cluster-advertise": "",
+  "cluster-store": "",
+  "containerd": "\\\\.\\pipe\\containerd-containerd",
+  "containerd-namespace": "docker",
+  "containerd-plugin-namespace": "docker-plugins",
   "data-root": "",
+  "debug": true,
+  "default-ulimits": {},
   "dns": [],
   "dns-opts": [],
   "dns-search": [],
   "exec-opts": [],
   "experimental": false,
-  "features":{},
-  "storage-driver": "",
-  "storage-opts": [],
+  "features": {},
+  "fixed-cidr": "",
+  "group": "",
+  "hosts": [],
+  "insecure-registries": [],
   "labels": [],
   "log-driver": "",
-  "mtu": 0,
-  "pidfile": "",
-  "cluster-store": "",
-  "cluster-advertise": "",
+  "log-level": "",
   "max-concurrent-downloads": 3,
   "max-concurrent-uploads": 5,
   "max-download-attempts": 5,
+  "mtu": 0,
+  "pidfile": "",
+  "raw-logs": false,
+  "registry-mirrors": [],
   "shutdown-timeout": 15,
-  "debug": true,
-  "hosts": [],
-  "log-level": "",
-  "tlsverify": true,
+  "storage-driver": "",
+  "storage-opts": [],
+  "swarm-default-advertise-addr": "",
   "tlscacert": "",
   "tlscert": "",
   "tlskey": "",
-  "swarm-default-advertise-addr": "",
-  "group": "",
-  "default-ulimits": {},
-  "bridge": "",
-  "fixed-cidr": "",
-  "raw-logs": false,
-  "allow-nondistributable-artifacts": [],
-  "registry-mirrors": [],
-  "insecure-registries": []
+  "tlsverify": true
 }
 ```
 

docs/reference/commandline/export.md

@@ -23,7 +23,7 @@ with the container. If a volume is mounted on top of an existing directory in
 the container, `docker export` will export the contents of the *underlying*
 directory, not the contents of the volume.
 
-Refer to [Backup, restore, or migrate data volumes](https://docs.docker.com/v17.03/engine/tutorials/dockervolumes/#backup-restore-or-migrate-data-volumes)
+Refer to [Backup, restore, or migrate data volumes](https://docs.docker.com/storage/volumes/#backup-restore-or-migrate-data-volumes)
 in the user guide for examples on exporting data in a volume.
 
 ## Examples

docs/reference/commandline/image_prune.md

@@ -7,7 +7,7 @@ keywords: "image, prune, delete, remove"
 # image prune
 
 ```markdown
-Usage:	docker image prune [OPTIONS]
+Usage:  docker image prune [OPTIONS]
 
 Remove unused images
 

docs/reference/commandline/network_create.md

@@ -7,7 +7,7 @@ keywords: "network, create"
 # network create
 
 ```markdown
-Usage:	docker network create [OPTIONS] NETWORK
+Usage:  docker network create [OPTIONS] NETWORK
 
 Create a network
 

docs/reference/commandline/network_prune.md

@@ -7,7 +7,7 @@ keywords: "network, prune, delete"
 # network prune
 
 ```markdown
-Usage:	docker network prune [OPTIONS]
+Usage:  docker network prune [OPTIONS]
 
 Remove all unused networks
 

docs/reference/commandline/node_rm.md

@@ -7,7 +7,7 @@ keywords: "node, remove"
 # node rm
 
 ```markdown
-Usage:	docker node rm [OPTIONS] NODE [NODE...]
+Usage:  docker node rm [OPTIONS] NODE [NODE...]
 
 Remove one or more nodes from the swarm
 

docs/reference/commandline/plugin_inspect.md

@@ -7,7 +7,7 @@ keywords: "plugin, inspect"
 # plugin inspect
 
 ```markdown
-Usage:	docker plugin inspect [OPTIONS] PLUGIN [PLUGIN...]
+Usage:  docker plugin inspect [OPTIONS] PLUGIN [PLUGIN...]
 
 Display detailed information on one or more plugins
 

docs/reference/commandline/plugin_push.md

@@ -5,7 +5,7 @@ keywords: "plugin, push"
 ---
 
 ```markdown
-Usage:	docker plugin push [OPTIONS] PLUGIN[:TAG]
+Usage:  docker plugin push [OPTIONS] PLUGIN[:TAG]
 
 Push a plugin to a registry
 

docs/reference/commandline/pull.md

@@ -160,7 +160,7 @@ Digest can also be used in the `FROM` of a Dockerfile, for example:
 
 ```dockerfile
 FROM ubuntu@sha256:45b23dee08af5e43a7fea6c4cf9c25ccf269ee113168c19722f87876677c5cb2
-MAINTAINER some maintainer <maintainer@example.com>
+LABEL maintainer="some maintainer <maintainer@example.com>"
 ```
 
 > **Note**

docs/reference/commandline/secret_create.md

@@ -7,7 +7,7 @@ keywords: ["secret, create"]
 # secret create
 
 ```Markdown
-Usage:	docker secret create [OPTIONS] SECRET [file|-]
+Usage:  docker secret create [OPTIONS] SECRET [file|-]
 
 Create a secret from a file or STDIN as content
 

docs/reference/commandline/secret_ls.md

@@ -7,7 +7,7 @@ keywords: ["secret, ls"]
 # secret ls
 
 ```Markdown
-Usage:	docker secret ls [OPTIONS]
+Usage:  docker secret ls [OPTIONS]
 
 List secrets
 

docs/reference/commandline/secret_rm.md

@@ -7,7 +7,7 @@ keywords: ["secret, rm"]
 # secret rm
 
 ```Markdown
-Usage:	docker secret rm SECRET [SECRET...]
+Usage:  docker secret rm SECRET [SECRET...]
 
 Remove one or more secrets
 

docs/reference/commandline/service_ls.md

@@ -7,7 +7,7 @@ keywords: "service, ls"
 # service ls
 
 ```Markdown
-Usage:	docker service ls [OPTIONS]
+Usage:  docker service ls [OPTIONS]
 
 List services
 

docs/reference/commandline/service_rm.md

@@ -7,7 +7,7 @@ keywords: "service, rm"
 # service rm
 
 ```Markdown
-Usage:	docker service rm SERVICE [SERVICE...]
+Usage:  docker service rm SERVICE [SERVICE...]
 
 Remove one or more services
 

docs/reference/commandline/service_rollback.md

@@ -7,7 +7,7 @@ keywords: "service, rollback"
 # service rollback
 
 ```markdown
-Usage:	docker service rollback SERVICE
+Usage:  docker service rollback SERVICE
 
 Revert changes to a service's configuration
 

docs/reference/commandline/stack_ls.md

@@ -7,7 +7,7 @@ keywords: "stack, ls"
 # stack ls
 
 ```markdown
-Usage:	docker stack ls [OPTIONS]
+Usage:  docker stack ls [OPTIONS]
 
 List stacks
 

docs/reference/commandline/stack_services.md

@@ -7,7 +7,7 @@ keywords: "stack, services"
 # stack services
 
 ```markdown
-Usage:	docker stack services [OPTIONS] STACK
+Usage:  docker stack services [OPTIONS] STACK
 
 List the services in the stack
 

docs/reference/commandline/swarm_ca.md

@@ -7,7 +7,7 @@ keywords: "swarm, ca"
 # swarm ca
 
 ```markdown
-Usage:	docker swarm ca [OPTIONS]
+Usage:  docker swarm ca [OPTIONS]
 
 Manage root CA
 

docs/reference/commandline/swarm_join-token.md

@@ -7,7 +7,7 @@ keywords: "swarm, join-token"
 # swarm join-token
 
 ```markdown
-Usage:	docker swarm join-token [OPTIONS] (worker|manager)
+Usage:  docker swarm join-token [OPTIONS] (worker|manager)
 
 Manage join tokens
 

docs/reference/commandline/swarm_leave.md

@@ -7,7 +7,7 @@ keywords: "swarm, leave"
 # swarm leave
 
 ```markdown
-Usage:	docker swarm leave [OPTIONS]
+Usage:  docker swarm leave [OPTIONS]
 
 Leave the swarm
 

docs/reference/commandline/swarm_unlock-key.md

@@ -7,7 +7,7 @@ keywords: "swarm, unlock-key"
 # swarm unlock-key
 
 ```markdown
-Usage:	docker swarm unlock-key [OPTIONS]
+Usage:  docker swarm unlock-key [OPTIONS]
 
 Manage the unlock key
 

docs/reference/commandline/swarm_unlock.md

@@ -7,7 +7,7 @@ keywords: "swarm, unlock"
 # swarm unlock
 
 ```markdown
-Usage:	docker swarm unlock
+Usage:  docker swarm unlock
 
 Unlock swarm
 

docs/reference/commandline/system_df.md

@@ -7,7 +7,7 @@ keywords: "system, data, usage, disk"
 # system df
 
 ```markdown
-Usage:	docker system df [OPTIONS]
+Usage:  docker system df [OPTIONS]
 
 Show docker filesystem usage
 

docs/reference/commandline/system_prune.md

@@ -7,7 +7,7 @@ keywords: "system, prune, delete, remove"
 # system prune
 
 ```markdown
-Usage:	docker system prune [OPTIONS]
+Usage:  docker system prune [OPTIONS]
 
 Remove unused data
 
@@ -97,15 +97,6 @@ deleted: sha256:3a88a5c81eb5c283e72db2dbc6d65cbfd8e80b6c89bb6e714cfaaa0eed99c548
 Total reclaimed space: 13.5 MB
 ```
 
-> **Note**
->
-> The `--volumes` option was added in Docker 17.06.1. Older versions of Docker
-> prune volumes by default, along with other Docker objects. On older versions,
-> run `docker container prune`, `docker network prune`, and `docker image prune`
-> separately to remove unused containers, networks, and images, without removing
-> volumes.
-
-
 ### Filtering
 
 The filtering flag (`--filter`) format is of "key=value". If there is more

docs/reference/commandline/trust_key_load.md

@@ -7,7 +7,7 @@ keywords: "key, notary, trust"
 # trust key load
 
 ```markdown
-Usage:	docker trust key load [OPTIONS] KEYFILE
+Usage:  docker trust key load [OPTIONS] KEYFILE
 
 Load a private key file for signing
 

docs/reference/commandline/trust_signer_add.md

@@ -7,7 +7,7 @@ keywords: "signer, notary, trust"
 # trust signer add
 
 ```markdown
-Usage:	docker trust signer add [OPTIONS] NAME REPOSITORY [REPOSITORY...]
+Usage:  docker trust signer add [OPTIONS] NAME REPOSITORY [REPOSITORY...]
 
 Add a signer
 

docs/reference/commandline/trust_signer_remove.md

@@ -7,7 +7,7 @@ keywords: "signer, notary, trust"
 # trust signer remove
 
 ```markdown
-Usage:	docker trust signer remove [OPTIONS] NAME REPOSITORY [REPOSITORY...]
+Usage:  docker trust signer remove [OPTIONS] NAME REPOSITORY [REPOSITORY...]
 
 Remove a signer
 

docs/reference/commandline/update.md

@@ -81,7 +81,7 @@ the container before updating kernel memory.
 
 > **Note**
 >
-> The `--kernel-memory` option has been deprecated since Docker 20.03.
+> The `--kernel-memory` option has been deprecated since Docker 20.10.
 
 For example, if you started a container with this command:
 

docs/reference/commandline/volume_prune.md

@@ -7,7 +7,7 @@ keywords: "volume, prune, delete"
 # volume prune
 
 ```markdown
-Usage:	docker volume prune [OPTIONS]
+Usage:  docker volume prune [OPTIONS]
 
 Remove all unused local volumes
 

docs/reference/run.md

@@ -1396,10 +1396,7 @@ drwxrwxr-x 1 1000 1000   4096 Dec  4 06:11 .git
 ```
 
 The default seccomp profile will adjust to the selected capabilities, in order to allow
-use of facilities allowed by the capabilities, so you should not have to adjust this,
-since Docker 1.12. In Docker 1.10 and 1.11 this did not happen and it may be necessary
-to use a custom seccomp profile or use `--security-opt seccomp=unconfined` when adding
-capabilities.
+use of facilities allowed by the capabilities, so you should not have to adjust this.
 
 ## Logging drivers (--log-driver)
 
@@ -1772,7 +1769,7 @@ the `USER` instruction by passing the `-u` option.
 ### WORKDIR
 
 The default working directory for running binaries within a container is the
-root directory (`/`), but the developer can set a different default with the
+root directory (`/`). It is possible to set a different working directory with the
 Dockerfile `WORKDIR` command. The operator can override this with:
 
-    -w="": Working directory inside the container
+    -w="", --workdir="": Working directory inside the container

e2e/cli-plugins/run_test.go

@@ -49,7 +49,7 @@ func TestNonexistingHelp(t *testing.T) {
 		// This should actually be the whole docker help
 		// output, so spot check instead having of a golden
 		// with everything in, which will change too frequently.
-		Out: "Usage:	docker [OPTIONS] COMMAND\n\nA self-sufficient runtime for containers",
+		Out: "Usage:  docker [OPTIONS] COMMAND\n\nA self-sufficient runtime for containers",
 		Err: icmd.None,
 	})
 	// Short -h should be the same, modulo the deprecation message
@@ -101,7 +101,7 @@ func TestBadHelp(t *testing.T) {
 		// This should be literally the whole docker help
 		// output, so spot check instead of a golden with
 		// everything in which will change all the time.
-		Out: "Usage:	docker [OPTIONS] COMMAND\n\nA self-sufficient runtime for containers",
+		Out: "Usage:  docker [OPTIONS] COMMAND\n\nA self-sufficient runtime for containers",
 		Err: icmd.None,
 	})
 	// Short -h should be the same, modulo the deprecation message

e2e/cli-plugins/testdata/docker-help-helloworld-goodbye.golden

@@ -1,4 +1,4 @@
 
-Usage:	docker helloworld goodbye
+Usage:  docker helloworld goodbye
 
 Say Goodbye instead of Hello

e2e/cli-plugins/testdata/docker-help-helloworld.golden

@@ -1,5 +1,5 @@
 
-Usage:	docker helloworld [OPTIONS] COMMAND
+Usage:  docker helloworld [OPTIONS] COMMAND
 
 A basic Hello World plugin for tests
 

e2e/stack/testdata/stack-deploy-help-kubernetes.golden

@@ -1,5 +1,5 @@
 
-Usage:	docker stack deploy [OPTIONS] STACK
+Usage:  docker stack deploy [OPTIONS] STACK
 
 Deploy a new stack or update an existing stack
 

e2e/stack/testdata/stack-deploy-help-swarm.golden

@@ -1,5 +1,5 @@
 
-Usage:	docker stack deploy [OPTIONS] STACK
+Usage:  docker stack deploy [OPTIONS] STACK
 
 Deploy a new stack or update an existing stack
 

experimental/README.md

@@ -41,7 +41,7 @@ Metrics (Prometheus) output for basic container, image, and daemon operations.
  * [External graphdriver plugins](../docs/extend/plugins_graphdriver.md)
  * [Ipvlan Network Drivers](vlan-networks.md)
  * [Checkpoint & Restore](checkpoint-restore.md)
- * [Docker build with --squash argument](../docs/reference/commandline/build.md#squash-an-images-layers---squash-experimental-only)
+ * [Docker build with --squash argument](../docs/reference/commandline/build.md#squash-an-images-layers---squash-experimental)
 
 ## How to comment on an experimental feature
 

internal/test/builders/container.go

@@ -17,7 +17,7 @@ func Container(name string, builders ...func(container *types.Container)) *types
 		Command: "top",
 		Image:   "busybox:latest",
 		Status:  "Up 1 second",
-		Created: time.Now().UnixNano(),
+		Created: time.Now().Unix(),
 	}
 
 	for _, builder := range builders {

man/Dockerfile.5.md

@@ -1,6 +1,5 @@
-% DOCKERFILE(5) Docker User Manuals
-% Zac Dover
-% May 2014
+% "DOCKERFILE" "5" "MAY 2014" "Docker Community" "Docker User Manuals"
+
 # NAME
 
 Dockerfile - automate the steps of creating a Docker image

man/docker-build.1.md

@@ -1,6 +1,5 @@
-% DOCKER(1) Docker User Manuals
-% Docker Community
-% JUNE 2014
+% "DOCKER" "1" "JUNE 2014" "Docker Community" "Docker User Manuals"
+
 # NAME
 docker-build - Build an image from a Dockerfile
 

man/docker-config-json.5.md

@@ -1,6 +1,5 @@
-% CONFIG.JSON(5) Docker User Manuals
-% Docker Community
-% JANUARY 2016
+% "CONFIG.JSON" "5" "JANUARY 2016" "Docker Community" "Docker User Manuals"
+
 # NAME
 HOME/.docker/config.json - Default Docker configuration file
 

man/docker-run.1.md

@@ -1,6 +1,5 @@
-% DOCKER(1) Docker User Manuals
-% Docker Community
-% JUNE 2014
+% "DOCKER" "1" "JUNE 2014" "Docker Community" "Docker User Manuals"
+
 # NAME
 docker-run - Run a command in a new container
 

man/docker.1.md

@@ -1,6 +1,5 @@
-% DOCKER(1) Docker User Manuals
-% William Henry
-% APRIL 2014
+% "DOCKER" "1" "APRIL 2014" "Docker Community" "Docker User Manuals"
+
 # NAME
 docker \- Docker image and container command line interface
 

man/dockerd.8.md

@@ -1,6 +1,5 @@
-% DOCKER(8) Docker User Manuals
-% Shishir Mahajan
-% SEPTEMBER 2015
+% "DOCKERD" "8" "SEPTEMBER 2015" "Docker Community" "Docker User Manuals"
+
 # NAME
 dockerd - Enable daemon mode
 

man/generate.go

@@ -23,6 +23,7 @@ func generateManPages(opts *options) error {
 		Title:   "DOCKER",
 		Section: "1",
 		Source:  "Docker Community",
+		Manual:  "Docker User Manuals",
 	}
 
 	// If SOURCE_DATE_EPOCH is set, in order to allow reproducible package

man/src/container/update.md

@@ -60,7 +60,7 @@ running container only if the container was started with **--kernel-memory**.
 If the container was started *without* **--kernel-memory** you need to stop
 the container before updating kernel memory.
 
-NOTE: The **--kernel-memory** option has been deprecated since Docker 20.03.
+NOTE: The **--kernel-memory** option has been deprecated since Docker 20.10.
 
 For example, if you started a container with this command:
 

man/src/image/pull.md

@@ -111,7 +111,7 @@ pull the above image by digest, run the following command:
 Digest can also be used in the `FROM` of a Dockerfile, for example:
 
     FROM ubuntu@sha256:45b23dee08af5e43a7fea6c4cf9c25ccf269ee113168c19722f87876677c5cb2
-    MAINTAINER some maintainer <maintainer@example.com>
+    LABEL maintainer="some maintainer <maintainer@example.com>"
 
 > **Note**: Using this feature "pins" an image to a specific version in time.
 > Docker will therefore not pull updated versions of an image, which may include 

opts/weightdevice.go

@@ -20,7 +20,7 @@ func ValidateWeightDevice(val string) (*blkiodev.WeightDevice, error) {
 	if !strings.HasPrefix(split[0], "/dev/") {
 		return nil, fmt.Errorf("bad format for device path: %s", val)
 	}
-	weight, err := strconv.ParseUint(split[1], 10, 0)
+	weight, err := strconv.ParseUint(split[1], 10, 16)
 	if err != nil {
 		return nil, fmt.Errorf("invalid weight for device: %s", val)
 	}

scripts/docs/generate-man.sh

@@ -4,8 +4,10 @@ set -eu -o pipefail
 
 mkdir -p ./man/man1
 
-# yay, go install creates a binary named "v2" ¯\_(ツ)_/¯
-go build -o "/go/bin/md2man" ./vendor/github.com/cpuguy83/go-md2man/v2
+if ! command -v md2man &> /dev/null; then
+	# yay, go install creates a binary named "v2" ¯\_(ツ)_/¯
+	go build -o "/go/bin/md2man" ./vendor/github.com/cpuguy83/go-md2man/v2
+fi
 
 # Generate man pages from cobra commands
 go build -o /tmp/gen-manpages github.com/docker/cli/man

vendor.conf

@@ -1,19 +1,20 @@
-cloud.google.com/go                                 0ebda48a7f143b1cce9eb37a8c1106ac762a3430 # v0.34.0
+cloud.google.com/go                                 ceeb313ad77b789a7fa5287b36a1d127b69b7093 # v0.44.3
 github.com/agl/ed25519                              5312a61534124124185d41f09206b9fef1d88403
 github.com/Azure/go-ansiterm                        d6e3b3328b783f23731bc4d058875b0371ff8109
 github.com/beorn7/perks                             37c8de3658fcb183f997c4e13e8337516ab753e6 # v1.0.1
 github.com/cespare/xxhash/v2                        d7df74196a9e781ede915320c11c378c1b2f3a1f # v2.1.1
-github.com/containerd/console                       8375c3424e4d7b114e8a90a4a40c8e1b40d1d4e6 # v1.0.0
-github.com/containerd/containerd                    c623d1b36f09f8ef6536a057bd658b3aa8632828 # v1.4.1
+github.com/containerd/console                       5d7e1412f07b502a01029ea20e20e0d2be31fa7c # v1.0.1
+github.com/containerd/containerd                    0edc412565dcc6e3d6125ff9e4b009ad4b89c638 # master (v1.5.0-dev)
 github.com/containerd/continuity                    efbc4488d8fe1bdc16bde3b2d2990d9b3a899165
-github.com/containerd/cgroups                       318312a373405e5e91134d8063d04d59768a1bff
+github.com/containerd/cgroups                       0b889c03f102012f1d93a97ddd3ef71cd6f4f510
+github.com/containerd/typeurl                       cd3ce7159eae562a4f60ceff37dada11a939d247 # v1.0.1
 github.com/coreos/etcd                              d57e8b8d97adfc4a6c224fe116714bf1a1f3beb9 # v3.3.12
 github.com/cpuguy83/go-md2man/v2                    f79a8a8ca69da163eee19ab442bedad7a35bba5a # v2.0.0
-github.com/creack/pty                               3a6a957789163cacdfe0e291617a1c8e80612c11 # v1.1.9
+github.com/creack/pty                               2a38352e8b4d7ab6c336eef107e42a55e72e7fbc # v1.1.11
 github.com/davecgh/go-spew                          8991bc29aa16c548c550c7ff78260e27b9ab7c73 # v1.1.1
 github.com/docker/compose-on-kubernetes             78e6a00beda64ac8ccb9fec787e601fe2ce0d5bb # v0.5.0-alpha1
 github.com/docker/distribution                      0d3efadf0154c2b8a4e7b6621fff9809655cc580
-github.com/docker/docker                            7f7e4abb331a2973cfb3223710cc35a3e476b1b3
+github.com/docker/docker                            f0014860c1b3345e1fcc7ed81c491298de2633fb # v20.10.1
 github.com/docker/docker-credential-helpers         54f0238b6bf101fc3ad3b34114cb5520beb562f5 # v0.6.3
 github.com/docker/go                                d30aec9fd63c35133f8f79c3412ad91a3b08be06 # Contains a customized version of canonical/json and is used by Notary. The package is periodically rebased on current Go versions.
 github.com/docker/go-connections                    7395e3f8aa162843a74ed6d48e79627d9792ac55 # v0.4.0
@@ -22,11 +23,12 @@ github.com/docker/go-metrics                        b619b3592b65de4f087d9f16863a
 github.com/docker/go-units                          519db1ee28dcc9fd2474ae59fca29a810482bfb1 # v0.4.0
 github.com/docker/swarmkit                          d6592ddefd8a5319aadff74c558b816b1a0b2590
 github.com/evanphx/json-patch                       72bf35d0ff611848c1dc9df0f976c81192392fa5 # v4.1.0
-github.com/fvbommel/sortorder                       a1ddee917217bbd0691affdca9c88d24d3f5c27d # v1.0.1
-github.com/gofrs/flock                              392e7fae8f1b0bdbd67dad7237d23f618feb6dbb # v0.7.1
+github.com/fvbommel/sortorder                       26fad50c6b32a3064c09ed089865c16f2f3615f6 # v1.0.2
+github.com/gofrs/flock                              6caa7350c26b838538005fae7dbee4e69d9398db # v0.7.3
 github.com/gogo/googleapis                          01e0f9cca9b92166042241267ee2a5cdf5cff46c # v1.3.2
 github.com/gogo/protobuf                            5628607bb4c51c3157aacc3a50f0ab707582b805 # v1.3.1
 github.com/golang/glog                              23def4e6c14b4da8ac2ed8007337bc5eb5007998
+github.com/golang/groupcache                        869f871628b6baa9cfbc11732cdf6546b17c1298
 github.com/golang/protobuf                          84668698ea25b64748563aa20726db66a6b8d299 # v1.3.5
 github.com/google/go-cmp                            3af367b6b30c263d47e8895973edcca9a49cf029 # v0.2.0
 github.com/google/gofuzz                            24818f796faf91cd76ec7bddd72458fbced7a6c1
@@ -42,20 +44,20 @@ github.com/inconshreveable/mousetrap                76626ae9c91c4f2a10f34cad8ce8
 github.com/jaguilar/vt100                           ad4c4a5743050fb7f88ce968dca9422f72a0e3f2 git://github.com/tonistiigi/vt100.git
 github.com/json-iterator/go                         0ff49de124c6f76f8494e194af75bde0f1a49a29 # 1.1.6
 github.com/matttproud/golang_protobuf_extensions    c12348ce28de40eed0136aa2b644d0ee0650e56c # v1.0.1
-github.com/Microsoft/go-winio                       6c72808b55902eae4c5943626030429ff20f3b63 # v0.4.14
+github.com/Microsoft/go-winio                       5b44b70ab3ab4d291a7c1d28afe7b4afeced0ed4 # v0.4.15
 github.com/Microsoft/hcsshim                        5bc557dd210ff2caf615e6e22d398123de77fc11 # v0.8.9
 github.com/miekg/pkcs11                             210dc1e16747c5ba98a03bcbcf728c38086ea357 # v1.0.3
 github.com/mitchellh/mapstructure                   d16e9488127408e67948eb43b6d3fbb9f222da10 # v1.3.2
-github.com/moby/buildkit                            4d1f260e8490ec438ab66e08bb105577aca0ce06
-github.com/moby/sys                                 6154f11e6840c0d6b0dbb23f4125a6134b3013c9 # mountinfo/v0.1.3
-github.com/moby/term                                73f35e472e8f0a3f91347164138ce6bd73b756a9
+github.com/moby/buildkit                            8142d66b5ebde79846b869fba30d9d30633e74aa # v0.8.1
+github.com/moby/sys                                 1bc8673b57550ddf85262eb0fed0aac651a37dab # symlink/v0.1.0 (latest tag, either mount/vXXX, mountinfo/vXXX or symlink/vXXX)
+github.com/moby/term                                bea5bbe245bf407372d477f1361d2ff042d2f556
 github.com/modern-go/concurrent                     bacd9c7ef1dd9b15be4a9909b8ac7a4e313eec94 # 1.0.3
 github.com/modern-go/reflect2                       4b7aa43c6742a2c18fdef89dd197aaae7dac7ccd # 1.0.1
 github.com/morikuni/aec                             39771216ff4c63d11f5e604076f9c45e8be1067b # v1.0.0
-github.com/opencontainers/go-digest                 279bed98673dd5bef374d3b6e4b09e2af76183bf # v1.0.0-rc1
+github.com/opencontainers/go-digest                 ea51bea511f75cfa3ef6098cc253c5c3609b037a # v1.0.0
 github.com/opencontainers/image-spec                d60099175f88c47cd379c4738d158884749ed235 # v1.0.1
 github.com/opencontainers/runc                      ff819c7e9184c13b7c2607fe6c30ae19403a7aff # v1.0.0-rc92
-github.com/opentracing/opentracing-go               1361b9cd60be79c4c3a7fa9841b3c132e40066a7
+github.com/opentracing/opentracing-go               d34af3eaa63c4d08ab54863a4bdd0daa45212e12 # v1.2.0
 github.com/pkg/errors                               614d223910a179a466c1767a985424175c39b465 # v0.9.1
 github.com/prometheus/client_golang                 6edbbd9e560190e318cdc5b4d3e630b442858380 # v1.6.0
 github.com/prometheus/client_model                  7bc5445566f0fe75b15de23e6b93886e982d7bf9 # v0.2.0
@@ -64,20 +66,22 @@ github.com/prometheus/procfs                        46159f73e74d1cb8dc223deef9b2
 github.com/russross/blackfriday/v2                  d3b5b032dc8e8927d31a5071b56e14c89f045135 # v2.0.1
 github.com/shurcooL/sanitized_anchor_name           7bfe4c7ecddb3666a94b053b422cdd8f5aaa3615 # v1.0.0
 github.com/sirupsen/logrus                          6699a89a232f3db797f2e280639854bbc4b89725 # v1.7.0
-github.com/spf13/cobra                              a684a6d7f5e37385d954dd3b5a14fc6912c6ab9d # v1.0.0
+github.com/spf13/cobra                              86f8bfd7fef868a174e1b606783bd7f5c82ddf8f # v1.1.1
 github.com/spf13/pflag                              2e9d26c8c37aae03e3f9d4e90b7116f5accb7cab # v1.0.5
 github.com/theupdateframework/notary                d6e1431feb32348e0650bf7551ac5cffd01d857b # v0.6.1
-github.com/tonistiigi/fsutil                        ae3a8d753069d0f76fbee396457e8b6cfd7cb8c3
+github.com/tonistiigi/fsutil                        0834f99b7b85462efb69b4f571a4fa3ca7da5ac9
 github.com/tonistiigi/go-rosetta                    f79598599c5d34ea253b56a1d7c89bc6a96de7db
 github.com/tonistiigi/units                         6950e57a87eaf136bbe44ef2ec8e75b9e3569de2
 github.com/xeipuuv/gojsonpointer                    02993c407bfbf5f6dae44c4f4b1cf6a39b5fc5bb
 github.com/xeipuuv/gojsonreference                  bd5ef7bd5415a7ac448318e64f11a24cd21e594b
 github.com/xeipuuv/gojsonschema                     82fcdeb203eb6ab2a67d0a623d9c19e5e5a64927 # v1.2.0
-golang.org/x/crypto                                 75b288015ac94e66e3d6715fb68a9b41bf046ec2
+go.opencensus.io                                    d835ff86be02193d324330acdb7d65546b05f814 # v0.22.3
+golang.org/x/crypto                                 c1f2f97bffc9c53fc40a1a28a5b460094c0050d9
 golang.org/x/net                                    ab34263943818b32f575efc978a3d24e80b04bd7
 golang.org/x/oauth2                                 bf48bf16ab8d622ce64ec6ce98d2c98f916b6303
 golang.org/x/sync                                   cd5d95a43a6e21273425c7ae415d3df9ea832eeb
-golang.org/x/sys                                    ed371f2e16b4b305ee99df548828de367527b76b
+golang.org/x/sys                                    eeed37f84f13f52d35e095e8023ba65671ff86a1
+golang.org/x/term                                   f5c789dd3221ff39d752ac54467d762de7cfbec6
 golang.org/x/text                                   23ae387dee1f90d29a23c0e87ee0b46038fbed0e # v0.3.3
 golang.org/x/time                                   555d28b269f0569763d25dbe1a237ae74c6bcc82
 google.golang.org/genproto                          3f1135a288c9a07e340ae8ba4cc6c7065a3160e8
@@ -87,13 +91,9 @@ gopkg.in/yaml.v2                                    53403b58ad1b561927d19068c655
 gotest.tools/v3                                     bb0d8a963040ea5048dcef1a14d8f8b58a33d4b3 # v3.0.2
 k8s.io/api                                          d49a3f108dab8e8d25f22c497fb48678b124efd2 # v0.16.9
 k8s.io/apimachinery                                 f336d9be0221d10a93a7d6d2ec25f6fc799f4fc6 # v0.16.9
-k8s.io/apiextensions-apiserver                      e0288c14e6fda28eefbd584da8c657447e414f96 # v0.16.9
-k8s.io/apiserver                                    3987e0d46aec47186e5f2c0d61ad84975cb79bd8 # v0.16.9
 k8s.io/client-go                                    002560d5bf54049bf5b5ae99231cb2b591f15954 # v0.16.9
-k8s.io/component-base                               dbd90d7c5d87d80fd674cc40d69ca7b14798eda5 # v0.16.9
 k8s.io/klog                                         4ad0115ba9e45c096d06a31d8dfb0e5bd945ec5f # v1.0.0-2-g4ad0115 pending v1.0.1 release to fix https://github.com/docker/cli/issues/2420
 k8s.io/kube-openapi                                 0270cf2f1c1d995d34b36019a6f65d58e6e33ad4
-k8s.io/kubernetes                                   a17149e1a189050796ced469dbd78d380f2ed5ef # v1.16.9
 k8s.io/utils                                        69764acb6e8e900b7c05296c5d3c9c19545475f9
 sigs.k8s.io/yaml                                    fd68e9863619f6ec2fdd8625fe1f02e7c877e480 # v1.1.0
 

vendor/cloud.google.com/go/README.md

@@ -19,67 +19,44 @@ make backwards-incompatible changes.
 
 **NOTE:** Github repo is a mirror of [https://code.googlesource.com/gocloud](https://code.googlesource.com/gocloud).
 
-  * [News](#news)
-  * [Supported APIs](#supported-apis)
-  * [Go Versions Supported](#go-versions-supported)
-  * [Authorization](#authorization)
-  * [Cloud Datastore](#cloud-datastore-)
-  * [Cloud Storage](#cloud-storage-)
-  * [Cloud Pub/Sub](#cloud-pub-sub-)
-  * [BigQuery](#cloud-bigquery-)
-  * [Stackdriver Logging](#stackdriver-logging-)
-  * [Cloud Spanner](#cloud-spanner-)
-
-
-## News
-
-_7 August 2018_
-
-As of November 1, the code in the repo will no longer support Go versions 1.8
-and earlier. No one other than AppEngine users should be on those old versions,
-and AppEngine
-[Standard](https://groups.google.com/forum/#!topic/google-appengine-go/e7oPNomd7ak)
-and
-[Flex](https://groups.google.com/forum/#!topic/google-appengine-go/wHsYtxvEbXI)
-will stop supporting new deployments with those versions on that date.
-
-
-Changes have been moved to [CHANGES](https://github.com/GoogleCloudPlatform/google-cloud-go/blob/master/CHANGES.md).
-
-
 ## Supported APIs
 
-Google API                                   | Status       | Package
----------------------------------------------|--------------|-----------------------------------------------------------
-[Asset][cloud-asset]                         | alpha        | [`godoc.org/cloud.google.com/go/asset/v1beta`][cloud-asset-ref]
-[BigQuery][cloud-bigquery]                   | stable       | [`godoc.org/cloud.google.com/go/bigquery`][cloud-bigquery-ref]
-[Bigtable][cloud-bigtable]                   | stable       | [`godoc.org/cloud.google.com/go/bigtable`][cloud-bigtable-ref]
-[Cloudtasks][cloud-tasks]                    | beta         | [`godoc.org/cloud.google.com/go/cloudtasks/apiv2beta3`][cloud-tasks-ref]
-[Container][cloud-container]                 | stable       | [`godoc.org/cloud.google.com/go/container/apiv1`][cloud-container-ref]
-[ContainerAnalysis][cloud-containeranalysis] | beta         | [`godoc.org/cloud.google.com/go/containeranalysis/apiv1beta1`][cloud-containeranalysis-ref]
-[Dataproc][cloud-dataproc]                   | stable       | [`godoc.org/cloud.google.com/go/dataproc/apiv1`][cloud-dataproc-ref]
-[Datastore][cloud-datastore]                 | stable       | [`godoc.org/cloud.google.com/go/datastore`][cloud-datastore-ref]
-[Debugger][cloud-debugger]                   | alpha        | [`godoc.org/cloud.google.com/go/debugger/apiv2`][cloud-debugger-ref]
-[Dialogflow][cloud-dialogflow]               | alpha        | [`godoc.org/cloud.google.com/go/dialogflow/apiv2`][cloud-dialogflow-ref]
-[Data Loss Prevention][cloud-dlp]            | alpha        | [`godoc.org/cloud.google.com/go/dlp/apiv2`][cloud-dlp-ref]
-[ErrorReporting][cloud-errors]               | alpha        | [`godoc.org/cloud.google.com/go/errorreporting`][cloud-errors-ref]
-[Firestore][cloud-firestore]                 | beta         | [`godoc.org/cloud.google.com/go/firestore`][cloud-firestore-ref]
-[IAM][cloud-iam]                             | stable       | [`godoc.org/cloud.google.com/go/iam`][cloud-iam-ref]
-[KMS][cloud-kms]                             | stable       | [`godoc.org/cloud.google.com/go/kms`][cloud-kms-ref]
-[Natural Language][cloud-natural-language]   | stable       | [`godoc.org/cloud.google.com/go/language/apiv1`][cloud-natural-language-ref]
-[Logging][cloud-logging]                     | stable       | [`godoc.org/cloud.google.com/go/logging`][cloud-logging-ref]
-[Monitoring][cloud-monitoring]               | alpha        | [`godoc.org/cloud.google.com/go/monitoring/apiv3`][cloud-monitoring-ref]
-[OS Login][cloud-oslogin]                    | alpha        | [`cloud.google.com/compute/docs/oslogin/rest`][cloud-oslogin-ref]
-[Pub/Sub][cloud-pubsub]                      | stable       | [`godoc.org/cloud.google.com/go/pubsub`][cloud-pubsub-ref]
-[Memorystore][cloud-memorystore]             | stable       | [`godoc.org/cloud.google.com/go/redis/apiv1beta1`][cloud-memorystore-ref]
-[Spanner][cloud-spanner]                     | stable       | [`godoc.org/cloud.google.com/go/spanner`][cloud-spanner-ref]
-[Speech][cloud-speech]                       | stable       | [`godoc.org/cloud.google.com/go/speech/apiv1`][cloud-speech-ref]
-[Storage][cloud-storage]                     | stable       | [`godoc.org/cloud.google.com/go/storage`][cloud-storage-ref]
-[Text To Speech][cloud-texttospeech]         | alpha        | [`godoc.org/cloud.google.com/go/texttospeech/apiv1`][cloud-storage-ref]
-[Trace][cloud-trace]                         | alpha        | [`godoc.org/cloud.google.com/go/trace/apiv2`][cloud-translation-ref]
-[Translation][cloud-translation]             | stable       | [`godoc.org/cloud.google.com/go/translate`][cloud-translation-ref]
-[Video Intelligence][cloud-video]            | alpha        | [`godoc.org/cloud.google.com/go/videointelligence/apiv1beta1`][cloud-video-ref]
-[Vision][cloud-vision]                       | stable       | [`godoc.org/cloud.google.com/go/vision/apiv1`][cloud-vision-ref]
+Google API                                      | Status       | Package
+------------------------------------------------|--------------|-----------------------------------------------------------
+[Asset][cloud-asset]                            | alpha        | [`cloud.google.com/go/asset/v1beta`][cloud-asset-ref]
+[BigQuery][cloud-bigquery]                      | stable       | [`cloud.google.com/go/bigquery`][cloud-bigquery-ref]
+[Bigtable][cloud-bigtable]                      | stable       | [`cloud.google.com/go/bigtable`][cloud-bigtable-ref]
+[Cloudtasks][cloud-tasks]                       | stable       | [`cloud.google.com/go/cloudtasks/apiv2`][cloud-tasks-ref]
+[Container][cloud-container]                    | stable       | [`cloud.google.com/go/container/apiv1`][cloud-container-ref]
+[ContainerAnalysis][cloud-containeranalysis]    | beta         | [`cloud.google.com/go/containeranalysis/apiv1beta1`][cloud-containeranalysis-ref]
+[Dataproc][cloud-dataproc]                      | stable       | [`cloud.google.com/go/dataproc/apiv1`][cloud-dataproc-ref]
+[Datastore][cloud-datastore]                    | stable       | [`cloud.google.com/go/datastore`][cloud-datastore-ref]
+[Debugger][cloud-debugger]                      | alpha        | [`cloud.google.com/go/debugger/apiv2`][cloud-debugger-ref]
+[Dialogflow][cloud-dialogflow]                  | alpha        | [`cloud.google.com/go/dialogflow/apiv2`][cloud-dialogflow-ref]
+[Data Loss Prevention][cloud-dlp]               | alpha        | [`cloud.google.com/go/dlp/apiv2`][cloud-dlp-ref]
+[ErrorReporting][cloud-errors]                  | alpha        | [`cloud.google.com/go/errorreporting`][cloud-errors-ref]
+[Firestore][cloud-firestore]                    | stable       | [`cloud.google.com/go/firestore`][cloud-firestore-ref]
+[IAM][cloud-iam]                                | stable       | [`cloud.google.com/go/iam`][cloud-iam-ref]
+[IoT][cloud-iot]                                | alpha        | [`cloud.google.com/iot/apiv1`][cloud-iot-ref]
+[KMS][cloud-kms]                                | stable       | [`cloud.google.com/go/kms`][cloud-kms-ref]
+[Natural Language][cloud-natural-language]      | stable       | [`cloud.google.com/go/language/apiv1`][cloud-natural-language-ref]
+[Logging][cloud-logging]                        | stable       | [`cloud.google.com/go/logging`][cloud-logging-ref]
+[Monitoring][cloud-monitoring]                  | alpha        | [`cloud.google.com/go/monitoring/apiv3`][cloud-monitoring-ref]
+[OS Login][cloud-oslogin]                       | alpha        | [`cloud.google.com/go/oslogin/apiv1`][cloud-oslogin-ref]
+[Pub/Sub][cloud-pubsub]                         | stable       | [`cloud.google.com/go/pubsub`][cloud-pubsub-ref]
+[Phishing Protection][cloud-phishingprotection] | alpha        | [`cloud.google.com/go/phishingprotection/apiv1betad1`][cloud-phishingprotection-ref]
+[reCAPTCHA Enterprise][cloud-recaptcha]         | alpha        | [`cloud.google.com/go/recaptchaenterprise/apiv1betad1`][cloud-recaptcha-ref]
+[Memorystore][cloud-memorystore]                | alpha        | [`cloud.google.com/go/redis/apiv1`][cloud-memorystore-ref]
+[Scheduler][cloud-scheduler]                    | stable       | [`cloud.google.com/go/scheduler/apiv1`][cloud-scheduler-ref]
+[Spanner][cloud-spanner]                        | stable       | [`cloud.google.com/go/spanner`][cloud-spanner-ref]
+[Speech][cloud-speech]                          | stable       | [`cloud.google.com/go/speech/apiv1`][cloud-speech-ref]
+[Storage][cloud-storage]                        | stable       | [`cloud.google.com/go/storage`][cloud-storage-ref]
+[Talent][cloud-talent]                          | alpha        | [`cloud.google.com/go/talent/apiv4beta1`][cloud-talent-ref]
+[Text To Speech][cloud-texttospeech]            | alpha        | [`cloud.google.com/go/texttospeech/apiv1`][cloud-texttospeech-ref]
+[Trace][cloud-trace]                            | alpha        | [`cloud.google.com/go/trace/apiv2`][cloud-trace-ref]
+[Translate][cloud-translate]                    | stable       | [`cloud.google.com/go/translate`][cloud-translate-ref]
+[Video Intelligence][cloud-video]               | alpha        | [`cloud.google.com/go/videointelligence/apiv1beta1`][cloud-video-ref]
+[Vision][cloud-vision]                          | stable       | [`cloud.google.com/go/vision/apiv1`][cloud-vision-ref]
 
 > **Alpha status**: the API is still being actively developed. As a
 > result, it might change in backward-incompatible ways and is not recommended
@@ -92,12 +69,7 @@ Google API                                   | Status       | Package
 > **Stable status**: the API is mature and ready for production use. We will
 > continue addressing bugs and feature requests.
 
-Documentation and examples are available at
-https://godoc.org/cloud.google.com/go
-
-Visit or join the
-[google-api-go-announce group](https://groups.google.com/forum/#!forum/google-api-go-announce)
-for updates on these packages.
+Documentation and examples are available at [godoc.org/cloud.google.com/go](godoc.org/cloud.google.com/go)
 
 ## Go Versions Supported
 
@@ -106,7 +78,7 @@ an older version, we support that as well.
 
 ## Authorization
 
-By default, each API will use [Google Application Default Credentials][default-creds]
+By default, each API will use [Google Application Default Credentials](https://developers.google.com/identity/protocols/application-default-credentials)
 for authorization credentials used in calling the API endpoints. This will allow your
 application to run in many environments without requiring explicit configuration.
 
@@ -137,249 +109,6 @@ tokenSource := ...
 client, err := storage.NewClient(ctx, option.WithTokenSource(tokenSource))
 ```
 
-## Cloud Datastore [![GoDoc](https://godoc.org/cloud.google.com/go/datastore?status.svg)](https://godoc.org/cloud.google.com/go/datastore)
-
-- [About Cloud Datastore][cloud-datastore]
-- [Activating the API for your project][cloud-datastore-activation]
-- [API documentation][cloud-datastore-docs]
-- [Go client documentation](https://godoc.org/cloud.google.com/go/datastore)
-- [Complete sample program](https://github.com/GoogleCloudPlatform/golang-samples/tree/master/datastore/tasks)
-
-### Example Usage
-
-First create a `datastore.Client` to use throughout your application:
-
-[snip]:# (datastore-1)
-```go
-client, err := datastore.NewClient(ctx, "my-project-id")
-if err != nil {
-	log.Fatal(err)
-}
-```
-
-Then use that client to interact with the API:
-
-[snip]:# (datastore-2)
-```go
-type Post struct {
-	Title       string
-	Body        string `datastore:",noindex"`
-	PublishedAt time.Time
-}
-keys := []*datastore.Key{
-	datastore.NameKey("Post", "post1", nil),
-	datastore.NameKey("Post", "post2", nil),
-}
-posts := []*Post{
-	{Title: "Post 1", Body: "...", PublishedAt: time.Now()},
-	{Title: "Post 2", Body: "...", PublishedAt: time.Now()},
-}
-if _, err := client.PutMulti(ctx, keys, posts); err != nil {
-	log.Fatal(err)
-}
-```
-
-## Cloud Storage [![GoDoc](https://godoc.org/cloud.google.com/go/storage?status.svg)](https://godoc.org/cloud.google.com/go/storage)
-
-- [About Cloud Storage][cloud-storage]
-- [API documentation][cloud-storage-docs]
-- [Go client documentation](https://godoc.org/cloud.google.com/go/storage)
-- [Complete sample programs](https://github.com/GoogleCloudPlatform/golang-samples/tree/master/storage)
-
-### Example Usage
-
-First create a `storage.Client` to use throughout your application:
-
-[snip]:# (storage-1)
-```go
-client, err := storage.NewClient(ctx)
-if err != nil {
-	log.Fatal(err)
-}
-```
-
-[snip]:# (storage-2)
-```go
-// Read the object1 from bucket.
-rc, err := client.Bucket("bucket").Object("object1").NewReader(ctx)
-if err != nil {
-	log.Fatal(err)
-}
-defer rc.Close()
-body, err := ioutil.ReadAll(rc)
-if err != nil {
-	log.Fatal(err)
-}
-```
-
-## Cloud Pub/Sub [![GoDoc](https://godoc.org/cloud.google.com/go/pubsub?status.svg)](https://godoc.org/cloud.google.com/go/pubsub)
-
-- [About Cloud Pubsub][cloud-pubsub]
-- [API documentation][cloud-pubsub-docs]
-- [Go client documentation](https://godoc.org/cloud.google.com/go/pubsub)
-- [Complete sample programs](https://github.com/GoogleCloudPlatform/golang-samples/tree/master/pubsub)
-
-### Example Usage
-
-First create a `pubsub.Client` to use throughout your application:
-
-[snip]:# (pubsub-1)
-```go
-client, err := pubsub.NewClient(ctx, "project-id")
-if err != nil {
-	log.Fatal(err)
-}
-```
-
-Then use the client to publish and subscribe:
-
-[snip]:# (pubsub-2)
-```go
-// Publish "hello world" on topic1.
-topic := client.Topic("topic1")
-res := topic.Publish(ctx, &pubsub.Message{
-	Data: []byte("hello world"),
-})
-// The publish happens asynchronously.
-// Later, you can get the result from res:
-...
-msgID, err := res.Get(ctx)
-if err != nil {
-	log.Fatal(err)
-}
-
-// Use a callback to receive messages via subscription1.
-sub := client.Subscription("subscription1")
-err = sub.Receive(ctx, func(ctx context.Context, m *pubsub.Message) {
-	fmt.Println(m.Data)
-	m.Ack() // Acknowledge that we've consumed the message.
-})
-if err != nil {
-	log.Println(err)
-}
-```
-
-## BigQuery [![GoDoc](https://godoc.org/cloud.google.com/go/bigquery?status.svg)](https://godoc.org/cloud.google.com/go/bigquery)
-
-- [About BigQuery][cloud-bigquery]
-- [API documentation][cloud-bigquery-docs]
-- [Go client documentation][cloud-bigquery-ref]
-- [Complete sample programs](https://github.com/GoogleCloudPlatform/golang-samples/tree/master/bigquery)
-
-### Example Usage
-
-First create a `bigquery.Client` to use throughout your application:
-[snip]:# (bq-1)
-```go
-c, err := bigquery.NewClient(ctx, "my-project-ID")
-if err != nil {
-	// TODO: Handle error.
-}
-```
-
-Then use that client to interact with the API:
-[snip]:# (bq-2)
-```go
-// Construct a query.
-q := c.Query(`
-    SELECT year, SUM(number)
-    FROM [bigquery-public-data:usa_names.usa_1910_2013]
-    WHERE name = "William"
-    GROUP BY year
-    ORDER BY year
-`)
-// Execute the query.
-it, err := q.Read(ctx)
-if err != nil {
-	// TODO: Handle error.
-}
-// Iterate through the results.
-for {
-	var values []bigquery.Value
-	err := it.Next(&values)
-	if err == iterator.Done {
-		break
-	}
-	if err != nil {
-		// TODO: Handle error.
-	}
-	fmt.Println(values)
-}
-```
-
-
-## Stackdriver Logging [![GoDoc](https://godoc.org/cloud.google.com/go/logging?status.svg)](https://godoc.org/cloud.google.com/go/logging)
-
-- [About Stackdriver Logging][cloud-logging]
-- [API documentation][cloud-logging-docs]
-- [Go client documentation][cloud-logging-ref]
-- [Complete sample programs](https://github.com/GoogleCloudPlatform/golang-samples/tree/master/logging)
-
-### Example Usage
-
-First create a `logging.Client` to use throughout your application:
-[snip]:# (logging-1)
-```go
-ctx := context.Background()
-client, err := logging.NewClient(ctx, "my-project")
-if err != nil {
-	// TODO: Handle error.
-}
-```
-
-Usually, you'll want to add log entries to a buffer to be periodically flushed
-(automatically and asynchronously) to the Stackdriver Logging service.
-[snip]:# (logging-2)
-```go
-logger := client.Logger("my-log")
-logger.Log(logging.Entry{Payload: "something happened!"})
-```
-
-Close your client before your program exits, to flush any buffered log entries.
-[snip]:# (logging-3)
-```go
-err = client.Close()
-if err != nil {
-	// TODO: Handle error.
-}
-```
-
-## Cloud Spanner [![GoDoc](https://godoc.org/cloud.google.com/go/spanner?status.svg)](https://godoc.org/cloud.google.com/go/spanner)
-
-- [About Cloud Spanner][cloud-spanner]
-- [API documentation][cloud-spanner-docs]
-- [Go client documentation](https://godoc.org/cloud.google.com/go/spanner)
-
-### Example Usage
-
-First create a `spanner.Client` to use throughout your application:
-
-[snip]:# (spanner-1)
-```go
-client, err := spanner.NewClient(ctx, "projects/P/instances/I/databases/D")
-if err != nil {
-	log.Fatal(err)
-}
-```
-
-[snip]:# (spanner-2)
-```go
-// Simple Reads And Writes
-_, err = client.Apply(ctx, []*spanner.Mutation{
-	spanner.Insert("Users",
-		[]string{"name", "email"},
-		[]interface{}{"alice", "a@example.com"})})
-if err != nil {
-	log.Fatal(err)
-}
-row, err := client.Single().ReadRow(ctx, "Users",
-	spanner.Key{"alice"}, []string{"email"})
-if err != nil {
-	log.Fatal(err)
-}
-```
-
-
 ## Contributing
 
 Contributions are welcome. Please, see the
@@ -394,32 +123,23 @@ for more information.
 
 [cloud-datastore]: https://cloud.google.com/datastore/
 [cloud-datastore-ref]: https://godoc.org/cloud.google.com/go/datastore
-[cloud-datastore-docs]: https://cloud.google.com/datastore/docs
-[cloud-datastore-activation]: https://cloud.google.com/datastore/docs/activate
 
 [cloud-firestore]: https://cloud.google.com/firestore/
 [cloud-firestore-ref]: https://godoc.org/cloud.google.com/go/firestore
-[cloud-firestore-docs]: https://cloud.google.com/firestore/docs
-[cloud-firestore-activation]: https://cloud.google.com/firestore/docs/activate
 
 [cloud-pubsub]: https://cloud.google.com/pubsub/
 [cloud-pubsub-ref]: https://godoc.org/cloud.google.com/go/pubsub
-[cloud-pubsub-docs]: https://cloud.google.com/pubsub/docs
 
 [cloud-storage]: https://cloud.google.com/storage/
 [cloud-storage-ref]: https://godoc.org/cloud.google.com/go/storage
-[cloud-storage-docs]: https://cloud.google.com/storage/docs
-[cloud-storage-create-bucket]: https://cloud.google.com/storage/docs/cloud-console#_creatingbuckets
 
 [cloud-bigtable]: https://cloud.google.com/bigtable/
 [cloud-bigtable-ref]: https://godoc.org/cloud.google.com/go/bigtable
 
 [cloud-bigquery]: https://cloud.google.com/bigquery/
-[cloud-bigquery-docs]: https://cloud.google.com/bigquery/docs
 [cloud-bigquery-ref]: https://godoc.org/cloud.google.com/go/bigquery
 
 [cloud-logging]: https://cloud.google.com/logging/
-[cloud-logging-docs]: https://cloud.google.com/logging/docs
 [cloud-logging-ref]: https://godoc.org/cloud.google.com/go/logging
 
 [cloud-monitoring]: https://cloud.google.com/monitoring/
@@ -432,17 +152,16 @@ for more information.
 [cloud-language-ref]: https://godoc.org/cloud.google.com/go/language/apiv1
 
 [cloud-oslogin]: https://cloud.google.com/compute/docs/oslogin/rest
-[cloud-oslogin-ref]: https://cloud.google.com/compute/docs/oslogin/rest
+[cloud-oslogin-ref]: https://cloud.google.com/go/oslogin/apiv1
 
 [cloud-speech]: https://cloud.google.com/speech
 [cloud-speech-ref]: https://godoc.org/cloud.google.com/go/speech/apiv1
 
 [cloud-spanner]: https://cloud.google.com/spanner/
 [cloud-spanner-ref]: https://godoc.org/cloud.google.com/go/spanner
-[cloud-spanner-docs]: https://cloud.google.com/spanner/docs
 
-[cloud-translation]: https://cloud.google.com/translation
-[cloud-translation-ref]: https://godoc.org/cloud.google.com/go/translation
+[cloud-translate]: https://cloud.google.com/translate
+[cloud-translate-ref]: https://godoc.org/cloud.google.com/go/translate
 
 [cloud-video]: https://cloud.google.com/video-intelligence/
 [cloud-video-ref]: https://godoc.org/cloud.google.com/go/videointelligence/apiv1beta1
@@ -459,47 +178,50 @@ for more information.
 [cloud-dlp]: https://cloud.google.com/dlp/
 [cloud-dlp-ref]: https://godoc.org/cloud.google.com/go/dlp/apiv2beta1
 
-[default-creds]: https://developers.google.com/identity/protocols/application-default-credentials
-
 [cloud-dataproc]: https://cloud.google.com/dataproc/
-[cloud-dataproc-docs]: https://cloud.google.com/dataproc/docs
 [cloud-dataproc-ref]: https://godoc.org/cloud.google.com/go/dataproc/apiv1
 
 [cloud-iam]: https://cloud.google.com/iam/
-[cloud-iam-docs]: https://cloud.google.com/iam/docs
 [cloud-iam-ref]: https://godoc.org/cloud.google.com/go/iam
 
 [cloud-kms]: https://cloud.google.com/kms/
-[cloud-kms-docs]: https://cloud.google.com/kms/docs
 [cloud-kms-ref]: https://godoc.org/cloud.google.com/go/kms/apiv1
 
 [cloud-natural-language]: https://cloud.google.com/natural-language/
-[cloud-natural-language-docs]: https://cloud.google.com/natural-language/docs
 [cloud-natural-language-ref]: https://godoc.org/cloud.google.com/go/language/apiv1
 
 [cloud-memorystore]: https://cloud.google.com/memorystore/
-[cloud-memorystore-docs]: https://cloud.google.com/memorystore/docs
-[cloud-memorystore-ref]: https://godoc.org/cloud.google.com/go/redis/apiv1beta1
+[cloud-memorystore-ref]: https://godoc.org/cloud.google.com/go/redis/apiv1
 
 [cloud-texttospeech]: https://cloud.google.com/texttospeech/
-[cloud-texttospeech-docs]: https://cloud.google.com/texttospeech/docs
 [cloud-texttospeech-ref]: https://godoc.org/cloud.google.com/go/texttospeech/apiv1
 
 [cloud-trace]: https://cloud.google.com/trace/
-[cloud-trace-docs]: https://cloud.google.com/trace/docs
-[cloud-trace-ref]: https://godoc.org/cloud.google.com/go/trace/apiv1
+[cloud-trace-ref]: https://godoc.org/cloud.google.com/go/trace/apiv2
 
 [cloud-dialogflow]: https://cloud.google.com/dialogflow-enterprise/
-[cloud-dialogflow-docs]: https://cloud.google.com/dialogflow-enterprise/docs/
 [cloud-dialogflow-ref]: https://godoc.org/cloud.google.com/go/dialogflow/apiv2
 
 [cloud-containeranalysis]: https://cloud.google.com/container-registry/docs/container-analysis
-[cloud-containeranalysis-docs]: https://cloud.google.com/container-analysis/api/reference/rest/
 [cloud-containeranalysis-ref]: https://godoc.org/cloud.google.com/go/devtools/containeranalysis/apiv1beta1
 
 [cloud-asset]: https://cloud.google.com/security-command-center/docs/how-to-asset-inventory
-[cloud-asset-docs]: https://cloud.google.com/security-command-center/docs/how-to-asset-inventory
 [cloud-asset-ref]: https://godoc.org/cloud.google.com/go/asset/apiv1
 
 [cloud-tasks]: https://cloud.google.com/tasks/
-[cloud-tasks-ref]: https://godoc.org/cloud.google.com/go/cloudtasks/apiv2beta3
+[cloud-tasks-ref]: https://godoc.org/cloud.google.com/go/cloudtasks/apiv2
+
+[cloud-scheduler]: https://cloud.google.com/scheduler
+[cloud-scheduler-ref]: https://godoc.org/cloud.google.com/go/scheduler/apiv1
+
+[cloud-iot]: https://cloud.google.com/iot-core/
+[cloud-iot-ref]: https://godoc.org/cloud.google.com/go/iot/apiv1
+
+[cloud-phishingprotection]: https://cloud.google.com/phishing-protection/
+[cloud-phishingprotection-ref]: https://cloud.google.com/go/phishingprotection/apiv1beta1
+
+[cloud-recaptcha]: https://cloud.google.com/recaptcha-enterprise/
+[cloud-recaptcha-ref]: https://cloud.google.com/go/recaptchaenterprise/apiv1beta1
+
+[cloud-talent]: https://cloud.google.com/solutions/talent-solution/
+[cloud-talent-ref]: https://godoc.org/cloud.google.com/go/talent/apiv4beta1

vendor/cloud.google.com/go/compute/metadata/metadata.go

@@ -137,7 +137,7 @@ func testOnGCE() bool {
 	resc := make(chan bool, 2)
 
 	// Try two strategies in parallel.
-	// See https://github.com/GoogleCloudPlatform/google-cloud-go/issues/194
+	// See https://github.com/googleapis/google-cloud-go/issues/194
 	go func() {
 		req, _ := http.NewRequest("GET", "http://"+metadataIP, nil)
 		req.Header.Set("User-Agent", userAgent)
@@ -300,8 +300,8 @@ func (c *Client) getETag(suffix string) (value, etag string, err error) {
 		// being stable anyway.
 		host = metadataIP
 	}
-	url := "http://" + host + "/computeMetadata/v1/" + suffix
-	req, _ := http.NewRequest("GET", url, nil)
+	u := "http://" + host + "/computeMetadata/v1/" + suffix
+	req, _ := http.NewRequest("GET", u, nil)
 	req.Header.Set("Metadata-Flavor", "Google")
 	req.Header.Set("User-Agent", userAgent)
 	res, err := c.hc.Do(req)
@@ -312,13 +312,13 @@ func (c *Client) getETag(suffix string) (value, etag string, err error) {
 	if res.StatusCode == http.StatusNotFound {
 		return "", "", NotDefinedError(suffix)
 	}
-	if res.StatusCode != 200 {
-		return "", "", fmt.Errorf("status code %d trying to fetch %s", res.StatusCode, url)
-	}
 	all, err := ioutil.ReadAll(res.Body)
 	if err != nil {
 		return "", "", err
 	}
+	if res.StatusCode != 200 {
+		return "", "", &Error{Code: res.StatusCode, Message: string(all)}
+	}
 	return string(all), res.Header.Get("Etag"), nil
 }
 
@@ -499,3 +499,15 @@ func (c *Client) Subscribe(suffix string, fn func(v string, ok bool) error) erro
 		}
 	}
 }
+
+// Error contains an error response from the server.
+type Error struct {
+	// Code is the HTTP response status code.
+	Code int
+	// Message is the server response message.
+	Message string
+}
+
+func (e *Error) Error() string {
+	return fmt.Sprintf("compute: Received %d `%s`", e.Code, e.Message)
+}

vendor/cloud.google.com/go/go.mod

@@ -0,0 +1,29 @@
+module cloud.google.com/go
+
+go 1.9
+
+require (
+	cloud.google.com/go/datastore v1.0.0
+	github.com/golang/mock v1.3.1
+	github.com/golang/protobuf v1.3.2
+	github.com/google/btree v1.0.0
+	github.com/google/go-cmp v0.3.0
+	github.com/google/martian v2.1.0+incompatible
+	github.com/google/pprof v0.0.0-20190515194954-54271f7e092f
+	github.com/googleapis/gax-go/v2 v2.0.5
+	github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024
+	go.opencensus.io v0.22.0
+	golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522
+	golang.org/x/lint v0.0.0-20190409202823-959b441ac422
+	golang.org/x/net v0.0.0-20190620200207-3b0461eec859
+	golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45
+	golang.org/x/sync v0.0.0-20190423024810-112230192c58
+	golang.org/x/text v0.3.2
+	golang.org/x/time v0.0.0-20190308202827-9d24e82272b4
+	golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0
+	google.golang.org/api v0.8.0
+	google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64
+	google.golang.org/grpc v1.21.1
+	honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a
+	rsc.io/binaryregexp v0.2.0
+)

vendor/github.com/Microsoft/go-winio/go.mod

@@ -5,5 +5,5 @@ go 1.12
 require (
 	github.com/pkg/errors v0.8.1
 	github.com/sirupsen/logrus v1.4.1
-	golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b
+	golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3
 )

vendor/github.com/Microsoft/go-winio/pipe.go

@@ -182,13 +182,14 @@ func (s pipeAddress) String() string {
 }
 
 // tryDialPipe attempts to dial the pipe at `path` until `ctx` cancellation or timeout.
-func tryDialPipe(ctx context.Context, path *string) (syscall.Handle, error) {
+func tryDialPipe(ctx context.Context, path *string, access uint32) (syscall.Handle, error) {
 	for {
+
 		select {
 		case <-ctx.Done():
 			return syscall.Handle(0), ctx.Err()
 		default:
-			h, err := createFile(*path, syscall.GENERIC_READ|syscall.GENERIC_WRITE, 0, nil, syscall.OPEN_EXISTING, syscall.FILE_FLAG_OVERLAPPED|cSECURITY_SQOS_PRESENT|cSECURITY_ANONYMOUS, 0)
+			h, err := createFile(*path, access, 0, nil, syscall.OPEN_EXISTING, syscall.FILE_FLAG_OVERLAPPED|cSECURITY_SQOS_PRESENT|cSECURITY_ANONYMOUS, 0)
 			if err == nil {
 				return h, nil
 			}
@@ -197,7 +198,7 @@ func tryDialPipe(ctx context.Context, path *string) (syscall.Handle, error) {
 			}
 			// Wait 10 msec and try again. This is a rather simplistic
 			// view, as we always try each 10 milliseconds.
-			time.Sleep(time.Millisecond * 10)
+			time.Sleep(10 * time.Millisecond)
 		}
 	}
 }
@@ -210,7 +211,7 @@ func DialPipe(path string, timeout *time.Duration) (net.Conn, error) {
 	if timeout != nil {
 		absTimeout = time.Now().Add(*timeout)
 	} else {
-		absTimeout = time.Now().Add(time.Second * 2)
+		absTimeout = time.Now().Add(2 * time.Second)
 	}
 	ctx, _ := context.WithDeadline(context.Background(), absTimeout)
 	conn, err := DialPipeContext(ctx, path)
@@ -223,9 +224,15 @@ func DialPipe(path string, timeout *time.Duration) (net.Conn, error) {
 // DialPipeContext attempts to connect to a named pipe by `path` until `ctx`
 // cancellation or timeout.
 func DialPipeContext(ctx context.Context, path string) (net.Conn, error) {
+	return DialPipeAccess(ctx, path, syscall.GENERIC_READ|syscall.GENERIC_WRITE)
+}
+
+// DialPipeAccess attempts to connect to a named pipe by `path` with `access` until `ctx`
+// cancellation or timeout.
+func DialPipeAccess(ctx context.Context, path string, access uint32) (net.Conn, error) {
 	var err error
 	var h syscall.Handle
-	h, err = tryDialPipe(ctx, &path)
+	h, err = tryDialPipe(ctx, &path, access)
 	if err != nil {
 		return nil, err
 	}

vendor/github.com/containerd/cgroups/stats/v1/metrics.pb.go

@@ -33,6 +33,7 @@ type Metrics struct {
 	Rdma                 *RdmaStat      `protobuf:"bytes,6,opt,name=rdma,proto3" json:"rdma,omitempty"`
 	Network              []*NetworkStat `protobuf:"bytes,7,rep,name=network,proto3" json:"network,omitempty"`
 	CgroupStats          *CgroupStats   `protobuf:"bytes,8,opt,name=cgroup_stats,json=cgroupStats,proto3" json:"cgroup_stats,omitempty"`
+	MemoryOomControl     *MemoryOomControl `protobuf:"bytes,9,opt,name=memory_oom_control,json=MemoryOomControl,proto3" json:"memory_oom_control,omitempty"`
 	XXX_NoUnkeyedLiteral struct{}       `json:"-"`
 	XXX_unrecognized     []byte         `json:"-"`
 	XXX_sizecache        int32          `json:"-"`
@@ -392,6 +393,47 @@ func (m *MemoryEntry) XXX_DiscardUnknown() {
 
 var xxx_messageInfo_MemoryEntry proto.InternalMessageInfo
 
+type MemoryOomControl struct {
+	OomKillDisable   uint64   `protobuf:"varint,1,opt,name=oom_kill_disable,proto3" json:oom_kill_disable",omitempty"`
+	UnderOom         uint64   `protobuf:"varint,2,opt,name=under_oom,proto3" json:"under_oom,omitempty"`
+	OomKill          uint64   `protobuf:"varint,3,opt,name=oom_kill,proto3" json:"oom_kill,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *MemoryOomControl) Reset()  { *m = MemoryOomControl{} }
+func (*MemoryOomControl) ProtoMessage() {}
+func (*MemoryOomControl) Descriptor() ([]byte, []int) {
+	return fileDescriptor_a17b2d87c332bfaa, []int{8}
+}
+func (m *MemoryOomControl) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *MemoryOomControl) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_MemoryOomControl.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalTo(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *MemoryOomControl) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_MemoryOomControl.Merge(m, src)
+}
+func (m *MemoryOomControl) XXX_Size() int {
+	return m.Size()
+}
+func (m *MemoryOomControl) XXX_DiscardUnknown() {
+	xxx_messageInfo_MemoryOomControl.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_MemoryOomControl proto.InternalMessageInfo
+
 type BlkIOStat struct {
 	IoServiceBytesRecursive []*BlkIOEntry `protobuf:"bytes,1,rep,name=io_service_bytes_recursive,json=ioServiceBytesRecursive,proto3" json:"io_service_bytes_recursive,omitempty"`
 	IoServicedRecursive     []*BlkIOEntry `protobuf:"bytes,2,rep,name=io_serviced_recursive,json=ioServicedRecursive,proto3" json:"io_serviced_recursive,omitempty"`
@@ -409,7 +451,7 @@ type BlkIOStat struct {
 func (m *BlkIOStat) Reset()      { *m = BlkIOStat{} }
 func (*BlkIOStat) ProtoMessage() {}
 func (*BlkIOStat) Descriptor() ([]byte, []int) {
-	return fileDescriptor_a17b2d87c332bfaa, []int{8}
+	return fileDescriptor_a17b2d87c332bfaa, []int{9}
 }
 func (m *BlkIOStat) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -452,7 +494,7 @@ type BlkIOEntry struct {
 func (m *BlkIOEntry) Reset()      { *m = BlkIOEntry{} }
 func (*BlkIOEntry) ProtoMessage() {}
 func (*BlkIOEntry) Descriptor() ([]byte, []int) {
-	return fileDescriptor_a17b2d87c332bfaa, []int{9}
+	return fileDescriptor_a17b2d87c332bfaa, []int{10}
 }
 func (m *BlkIOEntry) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -492,7 +534,7 @@ type RdmaStat struct {
 func (m *RdmaStat) Reset()      { *m = RdmaStat{} }
 func (*RdmaStat) ProtoMessage() {}
 func (*RdmaStat) Descriptor() ([]byte, []int) {
-	return fileDescriptor_a17b2d87c332bfaa, []int{10}
+	return fileDescriptor_a17b2d87c332bfaa, []int{11}
 }
 func (m *RdmaStat) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -533,7 +575,7 @@ type RdmaEntry struct {
 func (m *RdmaEntry) Reset()      { *m = RdmaEntry{} }
 func (*RdmaEntry) ProtoMessage() {}
 func (*RdmaEntry) Descriptor() ([]byte, []int) {
-	return fileDescriptor_a17b2d87c332bfaa, []int{11}
+	return fileDescriptor_a17b2d87c332bfaa, []int{12}
 }
 func (m *RdmaEntry) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -580,7 +622,7 @@ type NetworkStat struct {
 func (m *NetworkStat) Reset()      { *m = NetworkStat{} }
 func (*NetworkStat) ProtoMessage() {}
 func (*NetworkStat) Descriptor() ([]byte, []int) {
-	return fileDescriptor_a17b2d87c332bfaa, []int{12}
+	return fileDescriptor_a17b2d87c332bfaa, []int{13}
 }
 func (m *NetworkStat) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -629,7 +671,7 @@ type CgroupStats struct {
 func (m *CgroupStats) Reset()      { *m = CgroupStats{} }
 func (*CgroupStats) ProtoMessage() {}
 func (*CgroupStats) Descriptor() ([]byte, []int) {
-	return fileDescriptor_a17b2d87c332bfaa, []int{13}
+	return fileDescriptor_a17b2d87c332bfaa, []int{14}
 }
 func (m *CgroupStats) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -667,6 +709,7 @@ func init() {
 	proto.RegisterType((*Throttle)(nil), "io.containerd.cgroups.v1.Throttle")
 	proto.RegisterType((*MemoryStat)(nil), "io.containerd.cgroups.v1.MemoryStat")
 	proto.RegisterType((*MemoryEntry)(nil), "io.containerd.cgroups.v1.MemoryEntry")
+	proto.RegisterType((*MemoryOomControl)(nil), "io.containerd.cgroups.v1.MemoryOomControl")
 	proto.RegisterType((*BlkIOStat)(nil), "io.containerd.cgroups.v1.BlkIOStat")
 	proto.RegisterType((*BlkIOEntry)(nil), "io.containerd.cgroups.v1.BlkIOEntry")
 	proto.RegisterType((*RdmaStat)(nil), "io.containerd.cgroups.v1.RdmaStat")
@@ -887,6 +930,16 @@ func (m *Metrics) MarshalTo(dAtA []byte) (int, error) {
 		}
 		i += n6
 	}
+	if m.MemoryOomControl != nil {
+		dAtA[i] = 0x4a
+		i++
+		i = encodeVarintMetrics(dAtA, i, uint64(m.MemoryOomControl.Size()))
+		n7, err := m.MemoryOomControl.MarshalTo(dAtA[i:])
+		if err != nil {
+			return 0, err
+		}
+		i += n7
+	}
 	if m.XXX_unrecognized != nil {
 		i += copy(dAtA[i:], m.XXX_unrecognized)
 	}
@@ -1400,6 +1453,39 @@ func (m *MemoryEntry) MarshalTo(dAtA []byte) (int, error) {
 	return i, nil
 }
 
+func (m *MemoryOomControl) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalTo(dAtA)
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *MemoryOomControl) MarshalTo(dAtA []byte) (int, error) {
+	var i int
+	_ = i
+	var l int
+	_ = l
+	if m.OomKillDisable != 0 {
+		dAtA[i] = 0x8
+		i++
+		i = encodeVarintMetrics(dAtA, i, uint64(m.OomKillDisable))
+	}
+	if m.UnderOom != 0 {
+		dAtA[i] = 0x10
+		i++
+		i = encodeVarintMetrics(dAtA, i, uint64(m.UnderOom))
+	}
+	if m.OomKill != 0 {
+		dAtA[i] = 0x18
+		i++
+		i = encodeVarintMetrics(dAtA, i, uint64(m.OomKill))
+	}
+	return i, nil
+}
+
 func (m *BlkIOStat) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
@@ -1811,6 +1897,10 @@ func (m *Metrics) Size() (n int) {
 		l = m.CgroupStats.Size()
 		n += 1 + l + sovMetrics(uint64(l))
 	}
+	if m.MemoryOomControl != nil {
+		l = m.MemoryOomControl.Size()
+		n += 1 + l + sovMetrics(uint64(l))
+	}
 	if m.XXX_unrecognized != nil {
 		n += len(m.XXX_unrecognized)
 	}
@@ -2077,6 +2167,27 @@ func (m *MemoryEntry) Size() (n int) {
 	return n
 }
 
+func (m *MemoryOomControl) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if m.OomKillDisable != 0 {
+		n += 1 + sovMetrics(uint64(m.OomKillDisable))
+	}
+	if m.UnderOom != 0 {
+		n += 1 + sovMetrics(uint64(m.UnderOom))
+	}
+	if m.OomKill != 0 {
+		n += 1 + sovMetrics(uint64(m.OomKill))
+	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
+	return n
+}
+
 func (m *BlkIOStat) Size() (n int) {
 	if m == nil {
 		return 0
@@ -2301,6 +2412,7 @@ func (this *Metrics) String() string {
 		`Pids:` + strings.Replace(fmt.Sprintf("%v", this.Pids), "PidsStat", "PidsStat", 1) + `,`,
 		`CPU:` + strings.Replace(fmt.Sprintf("%v", this.CPU), "CPUStat", "CPUStat", 1) + `,`,
 		`Memory:` + strings.Replace(fmt.Sprintf("%v", this.Memory), "MemoryStat", "MemoryStat", 1) + `,`,
+		`MemoryOomControl:` + strings.Replace(fmt.Sprintf("%v", this.MemoryOomControl), "MemoryOomControl", "MemoryOomControl", 1) + `,`,
 		`Blkio:` + strings.Replace(fmt.Sprintf("%v", this.Blkio), "BlkIOStat", "BlkIOStat", 1) + `,`,
 		`Rdma:` + strings.Replace(fmt.Sprintf("%v", this.Rdma), "RdmaStat", "RdmaStat", 1) + `,`,
 		`Network:` + strings.Replace(fmt.Sprintf("%v", this.Network), "NetworkStat", "NetworkStat", 1) + `,`,
@@ -2435,6 +2547,19 @@ func (this *MemoryEntry) String() string {
 	}, "")
 	return s
 }
+func (this *MemoryOomControl) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&MemoryOomControl{`,
+		`OomKillDisable:` + fmt.Sprintf("%v", this.OomKillDisable) + `,`,
+		`UnderOom:` + fmt.Sprintf("%v", this.UnderOom) + `,`,
+		`OomKill:` + fmt.Sprintf("%v", this.OomKill) + `,`,
+		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
+		`}`,
+	}, "")
+	return s
+}
 func (this *BlkIOStat) String() string {
 	if this == nil {
 		return "nil"
@@ -2848,6 +2973,41 @@ func (m *Metrics) Unmarshal(dAtA []byte) error {
 				return err
 			}
 			iNdEx = postIndex
+		case 9:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field MemoryOomControl", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthMetrics
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthMetrics
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.MemoryOomControl == nil {
+				m.MemoryOomControl = &MemoryOomControl{}
+			}
+			if err := m.MemoryOomControl.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
 		default:
 			iNdEx = preIndex
 			skippy, err := skipMetrics(dAtA[iNdEx:])
@@ -4468,6 +4628,117 @@ func (m *MemoryEntry) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
+func (m *MemoryOomControl) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowMetrics
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: MemoryOomControl: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: MemoryOomControl: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field OomKillDisable", wireType)
+			}
+			m.OomKillDisable = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.OomKillDisable |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 2:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field UnderOom", wireType)
+			}
+			m.UnderOom = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.UnderOom |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 3:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field OomKill", wireType)
+			}
+			m.OomKill = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowMetrics
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.OomKill |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		default:
+			iNdEx = preIndex
+			skippy, err := skipMetrics(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if skippy < 0 {
+				return ErrInvalidLengthMetrics
+			}
+			if (iNdEx + skippy) < 0 {
+				return ErrInvalidLengthMetrics
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
 func (m *BlkIOStat) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0

vendor/github.com/containerd/cgroups/stats/v1/metrics.proto

@@ -13,6 +13,7 @@ message Metrics {
 	RdmaStat rdma = 6;
 	repeated NetworkStat network = 7;
 	CgroupStats cgroup_stats = 8;
+	MemoryOomControl memory_oom_control = 9;
 }
 
 message HugetlbStat {
@@ -94,6 +95,12 @@ message MemoryEntry {
 	uint64 failcnt = 4;
 }
 
+message MemoryOomControl {
+	uint64 oom_kill_disable = 1;
+	uint64 under_oom = 2;
+	uint64 oom_kill = 3;
+}
+
 message BlkIOStat {
 	repeated BlkIOEntry io_service_bytes_recursive = 1;
 	repeated BlkIOEntry io_serviced_recursive = 2;

vendor/github.com/containerd/console/console.go

@@ -61,18 +61,24 @@ type WinSize struct {
 	y     uint16
 }
 
-// Current returns the current processes console
-func Current() Console {
-	c, err := ConsoleFromFile(os.Stdin)
-	if err != nil {
-		// stdin should always be a console for the design
-		// of this function
-		panic(err)
+// Current returns the current process' console
+func Current() (c Console) {
+	var err error
+	// Usually all three streams (stdin, stdout, and stderr)
+	// are open to the same console, but some might be redirected,
+	// so try all three.
+	for _, s := range []*os.File{os.Stderr, os.Stdout, os.Stdin} {
+		if c, err = ConsoleFromFile(s); err == nil {
+			return c
+		}
 	}
-	return c
+	// One of the std streams should always be a console
+	// for the design of this function.
+	panic(err)
 }
 
 // ConsoleFromFile returns a console using the provided file
+// nolint:golint
 func ConsoleFromFile(f File) (Console, error) {
 	if err := checkConsole(f); err != nil {
 		return nil, err

vendor/github.com/containerd/console/console_unix.go

@@ -1,4 +1,4 @@
-// +build darwin freebsd linux openbsd solaris
+// +build darwin freebsd linux netbsd openbsd solaris
 
 /*
    Copyright The containerd Authors.

vendor/github.com/containerd/console/go.mod

@@ -3,6 +3,6 @@ module github.com/containerd/console
 go 1.13
 
 require (
-	github.com/pkg/errors v0.8.1
-	golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e
+	github.com/pkg/errors v0.9.1
+	golang.org/x/sys v0.0.0-20200916030750-2334cc1a136f
 )

vendor/github.com/containerd/console/tc_darwin.go

@@ -19,7 +19,6 @@ package console
 import (
 	"fmt"
 	"os"
-	"unsafe"
 
 	"golang.org/x/sys/unix"
 )
@@ -29,18 +28,10 @@ const (
 	cmdTcSet = unix.TIOCSETA
 )
 
-func ioctl(fd, flag, data uintptr) error {
-	if _, _, err := unix.Syscall(unix.SYS_IOCTL, fd, flag, data); err != 0 {
-		return err
-	}
-	return nil
-}
-
 // unlockpt unlocks the slave pseudoterminal device corresponding to the master pseudoterminal referred to by f.
 // unlockpt should be called before opening the slave side of a pty.
 func unlockpt(f *os.File) error {
-	var u int32
-	return ioctl(f.Fd(), unix.TIOCPTYUNLK, uintptr(unsafe.Pointer(&u)))
+	return unix.IoctlSetPointerInt(int(f.Fd()), unix.TIOCPTYUNLK, 0)
 }
 
 // ptsname retrieves the name of the first available pts for the given master.

vendor/github.com/containerd/console/tc_linux.go

@@ -19,7 +19,6 @@ package console
 import (
 	"fmt"
 	"os"
-	"unsafe"
 
 	"golang.org/x/sys/unix"
 )
@@ -32,17 +31,13 @@ const (
 // unlockpt unlocks the slave pseudoterminal device corresponding to the master pseudoterminal referred to by f.
 // unlockpt should be called before opening the slave side of a pty.
 func unlockpt(f *os.File) error {
-	var u int32
-	if _, _, err := unix.Syscall(unix.SYS_IOCTL, f.Fd(), unix.TIOCSPTLCK, uintptr(unsafe.Pointer(&u))); err != 0 {
-		return err
-	}
-	return nil
+	return unix.IoctlSetPointerInt(int(f.Fd()), unix.TIOCSPTLCK, 0)
 }
 
 // ptsname retrieves the name of the first available pts for the given master.
 func ptsname(f *os.File) (string, error) {
-	var u uint32
-	if _, _, err := unix.Syscall(unix.SYS_IOCTL, f.Fd(), unix.TIOCGPTN, uintptr(unsafe.Pointer(&u))); err != 0 {
+	u, err := unix.IoctlGetInt(int(f.Fd()), unix.TIOCGPTN)
+	if err != nil {
 		return "", err
 	}
 	return fmt.Sprintf("/dev/pts/%d", u), nil

vendor/github.com/containerd/console/tc_netbsd.go

@@ -0,0 +1,45 @@
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package console
+
+import (
+	"bytes"
+	"os"
+
+	"golang.org/x/sys/unix"
+)
+
+const (
+	cmdTcGet = unix.TIOCGETA
+	cmdTcSet = unix.TIOCSETA
+)
+
+// unlockpt unlocks the slave pseudoterminal device corresponding to the master pseudoterminal referred to by f.
+// unlockpt should be called before opening the slave side of a pty.
+// This does not exist on NetBSD, it does not allocate controlling terminals on open
+func unlockpt(f *os.File) error {
+	return nil
+}
+
+// ptsname retrieves the name of the first available pts for the given master.
+func ptsname(f *os.File) (string, error) {
+	ptm, err := unix.IoctlGetPtmget(int(f.Fd()), unix.TIOCPTSNAME)
+	if err != nil {
+		return "", err
+	}
+	return string(ptm.Sn[:bytes.IndexByte(ptm.Sn[:], 0)]), nil
+}

vendor/github.com/containerd/console/tc_unix.go

@@ -1,4 +1,4 @@
-// +build darwin freebsd linux openbsd solaris
+// +build darwin freebsd linux netbsd openbsd solaris
 
 /*
    Copyright The containerd Authors.

vendor/github.com/containerd/containerd/README.md

@@ -1,6 +1,6 @@
 ![containerd banner](https://raw.githubusercontent.com/cncf/artwork/master/projects/containerd/horizontal/color/containerd-horizontal-color.png)
 
-[![GoDoc](https://godoc.org/github.com/containerd/containerd?status.svg)](https://godoc.org/github.com/containerd/containerd)
+[![PkgGoDev](https://pkg.go.dev/badge/github.com/containerd/containerd)](https://pkg.go.dev/github.com/containerd/containerd)
 [![Build Status](https://github.com/containerd/containerd/workflows/CI/badge.svg)](https://github.com/containerd/containerd/actions?query=workflow%3ACI)
 [![Windows Build Status](https://ci.appveyor.com/api/projects/status/github/containerd/containerd?branch=master&svg=true)](https://ci.appveyor.com/project/mlaventure/containerd-3g73f?branch=master)
 [![Nightlies](https://github.com/containerd/containerd/workflows/Nightly/badge.svg)](https://github.com/containerd/containerd/actions?query=workflow%3ANightly)
@@ -10,10 +10,24 @@
 
 containerd is an industry-standard container runtime with an emphasis on simplicity, robustness and portability. It is available as a daemon for Linux and Windows, which can manage the complete container lifecycle of its host system: image transfer and storage, container execution and supervision, low-level storage and network attachments, etc.
 
+containerd is a member of CNCF with ['graduated'](https://landscape.cncf.io/selected=containerd) status.
+
 containerd is designed to be embedded into a larger system, rather than being used directly by developers or end-users.
 
 ![architecture](design/architecture.png)
 
+## Now Recruiting
+
+We are a large inclusive OSS project that is welcoming help of any kind shape or form:
+* Documentation help is needed to make the product easier to consume and extend.
+* We need OSS community outreach / organizing help to get the word out; manage
+and create messaging and educational content; and to help with social media, community forums/groups, and google groups.
+* We are actively inviting new [security advisors](https://github.com/containerd/project/blob/master/GOVERNANCE.md#security-advisors) to join the team.
+* New sub-projects are being created, core and non-core that could use additional development help.
+* Each of the [containerd projects](https://github.com/containerd) has a list of issues currently being worked on or that need help resolving.
+  - If the issue has not already been assigned to someone, or has not made recent progress and you are interested, please inquire.
+  - If you are interested in starting with a smaller / beginner level issue, look for issues with an `exp/beginner` tag, for example [containerd/containerd beginner issues.](https://github.com/containerd/containerd/issues?q=is%3Aissue+is%3Aopen+label%3Aexp%2Fbeginner)
+
 ## Getting Started
 
 See our documentation on [containerd.io](https://containerd.io):
@@ -250,10 +264,7 @@ loaded for the user's shell environment.
 For async communication and long running discussions please use issues and pull requests on the github repo.
 This will be the best place to discuss design and implementation.
 
-For sync communication we have a community slack with a #containerd channel that everyone is welcome to join and chat about development.
-
-**Slack:** Catch us in the #containerd and #containerd-dev channels on dockercommunity.slack.com.
-[Click here for an invite to docker community slack.](https://dockr.ly/slack)
+For sync communication catch us in the `#containerd` and `#containerd-dev` slack channels on Cloud Native Computing Foundation's (CNCF) slack - `cloud-native.slack.com`. Everyone is welcome to join and chat. [Get Invite to CNCF slack.](https://slack.cncf.io)
 
 ### Security audit
 

vendor/github.com/containerd/containerd/content/helpers.go

@@ -229,9 +229,47 @@ func seekReader(r io.Reader, offset, size int64) (io.Reader, error) {
 	return r, nil
 }
 
+// copyWithBuffer is very similar to  io.CopyBuffer https://golang.org/pkg/io/#CopyBuffer
+// but instead of using Read to read from the src, we use ReadAtLeast to make sure we have
+// a full buffer before we do a write operation to dst to reduce overheads associated
+// with the write operations of small buffers.
 func copyWithBuffer(dst io.Writer, src io.Reader) (written int64, err error) {
-	buf := bufPool.Get().(*[]byte)
-	written, err = io.CopyBuffer(dst, src, *buf)
-	bufPool.Put(buf)
+	// If the reader has a WriteTo method, use it to do the copy.
+	// Avoids an allocation and a copy.
+	if wt, ok := src.(io.WriterTo); ok {
+		return wt.WriteTo(dst)
+	}
+	// Similarly, if the writer has a ReadFrom method, use it to do the copy.
+	if rt, ok := dst.(io.ReaderFrom); ok {
+		return rt.ReadFrom(src)
+	}
+	bufRef := bufPool.Get().(*[]byte)
+	defer bufPool.Put(bufRef)
+	buf := *bufRef
+	for {
+		nr, er := io.ReadAtLeast(src, buf, len(buf))
+		if nr > 0 {
+			nw, ew := dst.Write(buf[0:nr])
+			if nw > 0 {
+				written += int64(nw)
+			}
+			if ew != nil {
+				err = ew
+				break
+			}
+			if nr != nw {
+				err = io.ErrShortWrite
+				break
+			}
+		}
+		if er != nil {
+			// If an EOF happens after reading fewer than the requested bytes,
+			// ReadAtLeast returns ErrUnexpectedEOF.
+			if er != io.EOF && er != io.ErrUnexpectedEOF {
+				err = er
+			}
+			break
+		}
+	}
 	return
 }

vendor/github.com/containerd/containerd/content/local/store_unix.go

@@ -1,4 +1,4 @@
-// +build linux solaris darwin freebsd
+// +build linux solaris darwin freebsd netbsd
 
 /*
    Copyright The containerd Authors.

vendor/github.com/containerd/containerd/content/proxy/content_reader.go

@@ -40,7 +40,13 @@ func (ra *remoteReaderAt) ReadAt(p []byte, off int64) (n int, err error) {
 		Offset: off,
 		Size_:  int64(len(p)),
 	}
-	rc, err := ra.client.Read(ra.ctx, rr)
+	// we need a child context with cancel, or the eventually called
+	// grpc.NewStream will leak the goroutine until the whole thing is cleared.
+	// See comment at https://godoc.org/google.golang.org/grpc#ClientConn.NewStream
+	childCtx, cancel := context.WithCancel(ra.ctx)
+	// we MUST cancel the child context; see comment above
+	defer cancel()
+	rc, err := ra.client.Read(childCtx, rr)
 	if err != nil {
 		return 0, err
 	}

vendor/github.com/containerd/containerd/defaults/defaults.go

@@ -0,0 +1,32 @@
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package defaults
+
+const (
+	// DefaultMaxRecvMsgSize defines the default maximum message size for
+	// receiving protobufs passed over the GRPC API.
+	DefaultMaxRecvMsgSize = 16 << 20
+	// DefaultMaxSendMsgSize defines the default maximum message size for
+	// sending protobufs passed over the GRPC API.
+	DefaultMaxSendMsgSize = 16 << 20
+	// DefaultRuntimeNSLabel defines the namespace label to check for the
+	// default runtime
+	DefaultRuntimeNSLabel = "containerd.io/defaults/runtime"
+	// DefaultSnapshotterNSLabel defines the namespace label to check for the
+	// default snapshotter
+	DefaultSnapshotterNSLabel = "containerd.io/defaults/snapshotter"
+)

vendor/github.com/containerd/containerd/defaults/defaults_unix.go

@@ -0,0 +1,37 @@
+// +build !windows
+
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package defaults
+
+const (
+	// DefaultRootDir is the default location used by containerd to store
+	// persistent data
+	DefaultRootDir = "/var/lib/containerd"
+	// DefaultStateDir is the default location used by containerd to store
+	// transient data
+	DefaultStateDir = "/run/containerd"
+	// DefaultAddress is the default unix socket address
+	DefaultAddress = "/run/containerd/containerd.sock"
+	// DefaultDebugAddress is the default unix socket address for pprof data
+	DefaultDebugAddress = "/run/containerd/debug.sock"
+	// DefaultFIFODir is the default location used by client-side cio library
+	// to store FIFOs.
+	DefaultFIFODir = "/run/containerd/fifo"
+	// DefaultRuntime is the default linux runtime
+	DefaultRuntime = "io.containerd.runc.v2"
+)

vendor/github.com/containerd/containerd/defaults/defaults_windows.go

@@ -0,0 +1,45 @@
+// +build windows
+
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package defaults
+
+import (
+	"os"
+	"path/filepath"
+)
+
+var (
+	// DefaultRootDir is the default location used by containerd to store
+	// persistent data
+	DefaultRootDir = filepath.Join(os.Getenv("ProgramData"), "containerd", "root")
+	// DefaultStateDir is the default location used by containerd to store
+	// transient data
+	DefaultStateDir = filepath.Join(os.Getenv("ProgramData"), "containerd", "state")
+)
+
+const (
+	// DefaultAddress is the default winpipe address
+	DefaultAddress = `\\.\pipe\containerd-containerd`
+	// DefaultDebugAddress is the default winpipe address for pprof data
+	DefaultDebugAddress = `\\.\pipe\containerd-debug`
+	// DefaultFIFODir is the default location used by client-side cio library
+	// to store FIFOs. Unused on Windows.
+	DefaultFIFODir = ""
+	// DefaultRuntime is the default windows runtime
+	DefaultRuntime = "io.containerd.runhcs.v1"
+)

vendor/github.com/containerd/containerd/defaults/doc.go

@@ -0,0 +1,19 @@
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+// Package defaults provides several common defaults for interacting with
+// containerd. These can be used on the client-side or server-side.
+package defaults

vendor/github.com/containerd/containerd/platforms/cpuinfo.go

@@ -96,6 +96,15 @@ func getCPUVariant() string {
 		return ""
 	}
 
+	// handle edge case for Raspberry Pi ARMv6 devices (which due to a kernel quirk, report "CPU architecture: 7")
+	// https://www.raspberrypi.org/forums/viewtopic.php?t=12614
+	if runtime.GOARCH == "arm" && variant == "7" {
+		model, err := getCPUInfo("model name")
+		if err == nil && strings.HasPrefix(strings.ToLower(model), "armv6-compatible") {
+			variant = "6"
+		}
+	}
+
 	switch strings.ToLower(variant) {
 	case "8", "aarch64":
 		// special case: if running a 32-bit userspace on aarch64, the variant should be "v7"

vendor/github.com/containerd/containerd/remotes/docker/auth/fetch.go

@@ -0,0 +1,202 @@
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package auth
+
+import (
+	"context"
+	"encoding/json"
+	"net/http"
+	"net/url"
+	"strings"
+	"time"
+
+	"github.com/containerd/containerd/log"
+	remoteserrors "github.com/containerd/containerd/remotes/errors"
+	"github.com/pkg/errors"
+	"golang.org/x/net/context/ctxhttp"
+)
+
+var (
+	// ErrNoToken is returned if a request is successful but the body does not
+	// contain an authorization token.
+	ErrNoToken = errors.New("authorization server did not include a token in the response")
+)
+
+// GenerateTokenOptions generates options for fetching a token based on a challenge
+func GenerateTokenOptions(ctx context.Context, host, username, secret string, c Challenge) (TokenOptions, error) {
+	realm, ok := c.Parameters["realm"]
+	if !ok {
+		return TokenOptions{}, errors.New("no realm specified for token auth challenge")
+	}
+
+	realmURL, err := url.Parse(realm)
+	if err != nil {
+		return TokenOptions{}, errors.Wrap(err, "invalid token auth challenge realm")
+	}
+
+	to := TokenOptions{
+		Realm:    realmURL.String(),
+		Service:  c.Parameters["service"],
+		Username: username,
+		Secret:   secret,
+	}
+
+	scope, ok := c.Parameters["scope"]
+	if ok {
+		to.Scopes = append(to.Scopes, scope)
+	} else {
+		log.G(ctx).WithField("host", host).Debug("no scope specified for token auth challenge")
+	}
+
+	return to, nil
+}
+
+// TokenOptions are optios for requesting a token
+type TokenOptions struct {
+	Realm    string
+	Service  string
+	Scopes   []string
+	Username string
+	Secret   string
+}
+
+// OAuthTokenResponse is response from fetching token with a OAuth POST request
+type OAuthTokenResponse struct {
+	AccessToken  string    `json:"access_token"`
+	RefreshToken string    `json:"refresh_token"`
+	ExpiresIn    int       `json:"expires_in"`
+	IssuedAt     time.Time `json:"issued_at"`
+	Scope        string    `json:"scope"`
+}
+
+// FetchTokenWithOAuth fetches a token using a POST request
+func FetchTokenWithOAuth(ctx context.Context, client *http.Client, headers http.Header, clientID string, to TokenOptions) (*OAuthTokenResponse, error) {
+	form := url.Values{}
+	if len(to.Scopes) > 0 {
+		form.Set("scope", strings.Join(to.Scopes, " "))
+	}
+	form.Set("service", to.Service)
+	form.Set("client_id", clientID)
+
+	if to.Username == "" {
+		form.Set("grant_type", "refresh_token")
+		form.Set("refresh_token", to.Secret)
+	} else {
+		form.Set("grant_type", "password")
+		form.Set("username", to.Username)
+		form.Set("password", to.Secret)
+	}
+
+	req, err := http.NewRequest("POST", to.Realm, strings.NewReader(form.Encode()))
+	if err != nil {
+		return nil, err
+	}
+	req.Header.Set("Content-Type", "application/x-www-form-urlencoded; charset=utf-8")
+	for k, v := range headers {
+		req.Header[k] = append(req.Header[k], v...)
+	}
+
+	resp, err := ctxhttp.Do(ctx, client, req)
+	if err != nil {
+		return nil, err
+	}
+	defer resp.Body.Close()
+
+	if resp.StatusCode < 200 || resp.StatusCode >= 400 {
+		return nil, errors.WithStack(remoteserrors.NewUnexpectedStatusErr(resp))
+	}
+
+	decoder := json.NewDecoder(resp.Body)
+
+	var tr OAuthTokenResponse
+	if err = decoder.Decode(&tr); err != nil {
+		return nil, errors.Wrap(err, "unable to decode token response")
+	}
+
+	if tr.AccessToken == "" {
+		return nil, errors.WithStack(ErrNoToken)
+	}
+
+	return &tr, nil
+}
+
+// FetchTokenResponse is response from fetching token with GET request
+type FetchTokenResponse struct {
+	Token        string    `json:"token"`
+	AccessToken  string    `json:"access_token"`
+	ExpiresIn    int       `json:"expires_in"`
+	IssuedAt     time.Time `json:"issued_at"`
+	RefreshToken string    `json:"refresh_token"`
+}
+
+// FetchToken fetches a token using a GET request
+func FetchToken(ctx context.Context, client *http.Client, headers http.Header, to TokenOptions) (*FetchTokenResponse, error) {
+	req, err := http.NewRequest("GET", to.Realm, nil)
+	if err != nil {
+		return nil, err
+	}
+
+	for k, v := range headers {
+		req.Header[k] = append(req.Header[k], v...)
+	}
+
+	reqParams := req.URL.Query()
+
+	if to.Service != "" {
+		reqParams.Add("service", to.Service)
+	}
+
+	for _, scope := range to.Scopes {
+		reqParams.Add("scope", scope)
+	}
+
+	if to.Secret != "" {
+		req.SetBasicAuth(to.Username, to.Secret)
+	}
+
+	req.URL.RawQuery = reqParams.Encode()
+
+	resp, err := ctxhttp.Do(ctx, client, req)
+	if err != nil {
+		return nil, err
+	}
+	defer resp.Body.Close()
+
+	if resp.StatusCode < 200 || resp.StatusCode >= 400 {
+		return nil, errors.WithStack(remoteserrors.NewUnexpectedStatusErr(resp))
+	}
+
+	decoder := json.NewDecoder(resp.Body)
+
+	var tr FetchTokenResponse
+	if err = decoder.Decode(&tr); err != nil {
+		return nil, errors.Wrap(err, "unable to decode token response")
+	}
+
+	// `access_token` is equivalent to `token` and if both are specified
+	// the choice is undefined.  Canonicalize `access_token` by sticking
+	// things in `token`.
+	if tr.AccessToken != "" {
+		tr.Token = tr.AccessToken
+	}
+
+	if tr.Token == "" {
+		return nil, errors.WithStack(ErrNoToken)
+	}
+
+	return &tr, nil
+}

vendor/github.com/containerd/containerd/remotes/docker/auth/parse.go

@@ -0,0 +1,203 @@
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package auth
+
+import (
+	"net/http"
+	"sort"
+	"strings"
+)
+
+// AuthenticationScheme defines scheme of the authentication method
+type AuthenticationScheme byte
+
+const (
+	// BasicAuth is scheme for Basic HTTP Authentication RFC 7617
+	BasicAuth AuthenticationScheme = 1 << iota
+	// DigestAuth is scheme for HTTP Digest Access Authentication RFC 7616
+	DigestAuth
+	// BearerAuth is scheme for OAuth 2.0 Bearer Tokens RFC 6750
+	BearerAuth
+)
+
+// Challenge carries information from a WWW-Authenticate response header.
+// See RFC 2617.
+type Challenge struct {
+	// scheme is the auth-scheme according to RFC 2617
+	Scheme AuthenticationScheme
+
+	// parameters are the auth-params according to RFC 2617
+	Parameters map[string]string
+}
+
+type byScheme []Challenge
+
+func (bs byScheme) Len() int      { return len(bs) }
+func (bs byScheme) Swap(i, j int) { bs[i], bs[j] = bs[j], bs[i] }
+
+// Sort in priority order: token > digest > basic
+func (bs byScheme) Less(i, j int) bool { return bs[i].Scheme > bs[j].Scheme }
+
+// Octet types from RFC 2616.
+type octetType byte
+
+var octetTypes [256]octetType
+
+const (
+	isToken octetType = 1 << iota
+	isSpace
+)
+
+func init() {
+	// OCTET      = <any 8-bit sequence of data>
+	// CHAR       = <any US-ASCII character (octets 0 - 127)>
+	// CTL        = <any US-ASCII control character (octets 0 - 31) and DEL (127)>
+	// CR         = <US-ASCII CR, carriage return (13)>
+	// LF         = <US-ASCII LF, linefeed (10)>
+	// SP         = <US-ASCII SP, space (32)>
+	// HT         = <US-ASCII HT, horizontal-tab (9)>
+	// <">        = <US-ASCII double-quote mark (34)>
+	// CRLF       = CR LF
+	// LWS        = [CRLF] 1*( SP | HT )
+	// TEXT       = <any OCTET except CTLs, but including LWS>
+	// separators = "(" | ")" | "<" | ">" | "@" | "," | ";" | ":" | "\" | <">
+	//              | "/" | "[" | "]" | "?" | "=" | "{" | "}" | SP | HT
+	// token      = 1*<any CHAR except CTLs or separators>
+	// qdtext     = <any TEXT except <">>
+
+	for c := 0; c < 256; c++ {
+		var t octetType
+		isCtl := c <= 31 || c == 127
+		isChar := 0 <= c && c <= 127
+		isSeparator := strings.ContainsRune(" \t\"(),/:;<=>?@[]\\{}", rune(c))
+		if strings.ContainsRune(" \t\r\n", rune(c)) {
+			t |= isSpace
+		}
+		if isChar && !isCtl && !isSeparator {
+			t |= isToken
+		}
+		octetTypes[c] = t
+	}
+}
+
+// ParseAuthHeader parses challenges from WWW-Authenticate header
+func ParseAuthHeader(header http.Header) []Challenge {
+	challenges := []Challenge{}
+	for _, h := range header[http.CanonicalHeaderKey("WWW-Authenticate")] {
+		v, p := parseValueAndParams(h)
+		var s AuthenticationScheme
+		switch v {
+		case "basic":
+			s = BasicAuth
+		case "digest":
+			s = DigestAuth
+		case "bearer":
+			s = BearerAuth
+		default:
+			continue
+		}
+		challenges = append(challenges, Challenge{Scheme: s, Parameters: p})
+	}
+	sort.Stable(byScheme(challenges))
+	return challenges
+}
+
+func parseValueAndParams(header string) (value string, params map[string]string) {
+	params = make(map[string]string)
+	value, s := expectToken(header)
+	if value == "" {
+		return
+	}
+	value = strings.ToLower(value)
+	for {
+		var pkey string
+		pkey, s = expectToken(skipSpace(s))
+		if pkey == "" {
+			return
+		}
+		if !strings.HasPrefix(s, "=") {
+			return
+		}
+		var pvalue string
+		pvalue, s = expectTokenOrQuoted(s[1:])
+		if pvalue == "" {
+			return
+		}
+		pkey = strings.ToLower(pkey)
+		params[pkey] = pvalue
+		s = skipSpace(s)
+		if !strings.HasPrefix(s, ",") {
+			return
+		}
+		s = s[1:]
+	}
+}
+
+func skipSpace(s string) (rest string) {
+	i := 0
+	for ; i < len(s); i++ {
+		if octetTypes[s[i]]&isSpace == 0 {
+			break
+		}
+	}
+	return s[i:]
+}
+
+func expectToken(s string) (token, rest string) {
+	i := 0
+	for ; i < len(s); i++ {
+		if octetTypes[s[i]]&isToken == 0 {
+			break
+		}
+	}
+	return s[:i], s[i:]
+}
+
+func expectTokenOrQuoted(s string) (value string, rest string) {
+	if !strings.HasPrefix(s, "\"") {
+		return expectToken(s)
+	}
+	s = s[1:]
+	for i := 0; i < len(s); i++ {
+		switch s[i] {
+		case '"':
+			return s[:i], s[i+1:]
+		case '\\':
+			p := make([]byte, len(s)-1)
+			j := copy(p, s[:i])
+			escape := true
+			for i = i + 1; i < len(s); i++ {
+				b := s[i]
+				switch {
+				case escape:
+					escape = false
+					p[j] = b
+					j++
+				case b == '\\':
+					escape = true
+				case b == '"':
+					return string(p[:j]), s[i+1:]
+				default:
+					p[j] = b
+					j++
+				}
+			}
+			return "", ""
+		}
+	}
+	return "", ""
+}

vendor/github.com/containerd/containerd/remotes/errors/errors.go

@@ -0,0 +1,46 @@
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package errors
+
+import (
+	"fmt"
+	"io"
+	"io/ioutil"
+	"net/http"
+)
+
+var _ error = ErrUnexpectedStatus{}
+
+// ErrUnexpectedStatus is returned if a registry API request returned with unexpected HTTP status
+type ErrUnexpectedStatus struct {
+	Status     string
+	StatusCode int
+	Body       []byte
+}
+
+func (e ErrUnexpectedStatus) Error() string {
+	return fmt.Sprintf("unexpected status: %s", e.Status)
+}
+
+// NewUnexpectedStatusErr creates an ErrUnexpectedStatus from HTTP response
+func NewUnexpectedStatusErr(resp *http.Response) error {
+	var b []byte
+	if resp.Body != nil {
+		b, _ = ioutil.ReadAll(io.LimitReader(resp.Body, 64000)) // 64KB
+	}
+	return ErrUnexpectedStatus{Status: resp.Status, StatusCode: resp.StatusCode, Body: b}
+}

vendor/github.com/containerd/containerd/sys/stat_bsd.go

@@ -1,4 +1,4 @@
-// +build darwin freebsd
+// +build darwin freebsd netbsd
 
 /*
    Copyright The containerd Authors.

vendor/github.com/containerd/containerd/vendor.conf

@@ -1,13 +1,14 @@
 github.com/beorn7/perks                             v1.0.1
 github.com/BurntSushi/toml                          v0.3.1
 github.com/cespare/xxhash/v2                        v2.1.1
-github.com/containerd/btrfs                         153935315f4ab9be5bf03650a1341454b05efa5d
-github.com/containerd/cgroups                       318312a373405e5e91134d8063d04d59768a1bff
-github.com/containerd/console                       v1.0.0
+github.com/containerd/btrfs                         404b9149801e455c8076f615b06dc0abee0a977a
+github.com/containerd/cgroups                       0b889c03f102012f1d93a97ddd3ef71cd6f4f510
+github.com/containerd/console                       v1.0.1
 github.com/containerd/continuity                    efbc4488d8fe1bdc16bde3b2d2990d9b3a899165
-github.com/containerd/fifo                          f15a3290365b9d2627d189e619ab4008e0069caf
+github.com/containerd/fifo                          0724c46b320cf96bb172a0550c19a4b1fca4dacb
 github.com/containerd/go-runc                       7016d3ce2328dd2cb1192b2076ebd565c4e8df0c
-github.com/containerd/ttrpc                         v1.0.1
+github.com/containerd/nri                           eb1350a75164f76de48e3605389e7a3fbc85d06e
+github.com/containerd/ttrpc                         v1.0.2
 github.com/containerd/typeurl                       v1.0.1
 github.com/coreos/go-systemd/v22                    v22.1.0
 github.com/cpuguy83/go-md2man/v2                    v2.0.0
@@ -25,10 +26,10 @@ github.com/hashicorp/errwrap                        v1.0.0
 github.com/hashicorp/go-multierror                  v1.0.0
 github.com/hashicorp/golang-lru                     v0.5.3
 github.com/imdario/mergo                            v0.3.7
-github.com/konsorten/go-windows-terminal-sequences  v1.0.3
 github.com/matttproud/golang_protobuf_extensions    v1.0.1
 github.com/Microsoft/go-winio                       v0.4.14
-github.com/Microsoft/hcsshim                        v0.8.9
+github.com/Microsoft/hcsshim                        v0.8.10
+github.com/moby/sys                                 symlink/v0.1.0
 github.com/opencontainers/go-digest                 v1.0.0
 github.com/opencontainers/image-spec                v1.0.1
 github.com/opencontainers/runc                      v1.0.0-rc92
@@ -40,14 +41,14 @@ github.com/prometheus/common                        v0.9.1
 github.com/prometheus/procfs                        v0.0.11
 github.com/russross/blackfriday/v2                  v2.0.1
 github.com/shurcooL/sanitized_anchor_name           v1.0.0
-github.com/sirupsen/logrus                          v1.6.0
+github.com/sirupsen/logrus                          v1.7.0
 github.com/syndtr/gocapability                      d98352740cb2c55f81556b63d4a1ec64c5a319c2
 github.com/urfave/cli                               v1.22.1 # NOTE: urfave/cli must be <= v1.22.1 due to a regression: https://github.com/urfave/cli/issues/1092
 go.etcd.io/bbolt                                    v1.3.5
 go.opencensus.io                                    v0.22.0
 golang.org/x/net                                    ab34263943818b32f575efc978a3d24e80b04bd7
 golang.org/x/sync                                   42b317875d0fa942474b76e1b46a6060d720ae6e
-golang.org/x/sys                                    ed371f2e16b4b305ee99df548828de367527b76b
+golang.org/x/sys                                    0aaa2718063a42560507fce2cc04508608ca23b3
 golang.org/x/text                                   v0.3.3
 google.golang.org/genproto                          e50cd9704f63023d62cd06a1994b98227fc4d21a
 google.golang.org/grpc                              v1.27.1
@@ -57,9 +58,7 @@ gotest.tools/v3                                     v3.0.2
 github.com/cilium/ebpf                              1c8d4c9ef7759622653a1d319284a44652333b28
 
 # cri dependencies
-github.com/containerd/cri                           4e6644c8cf7fb825f62e0007421b7d83dfeab5a1 # master
 github.com/davecgh/go-spew                          v1.1.1
-github.com/docker/docker                            4634ce647cf2ce2c6031129ccd109e557244986f
 github.com/docker/spdystream                        449fdfce4d962303d702fec724ef0ad181c92528
 github.com/emicklei/go-restful                      v2.9.5
 github.com/go-logr/logr                             v0.2.0
@@ -68,21 +67,24 @@ github.com/json-iterator/go                         v1.1.10
 github.com/modern-go/concurrent                     1.0.3
 github.com/modern-go/reflect2                       v1.0.1
 github.com/opencontainers/selinux                   v1.6.0
+github.com/pmezard/go-difflib                       v1.0.0
+github.com/stretchr/testify                         v1.4.0
 github.com/tchap/go-patricia                        v2.2.6
-github.com/willf/bitset                             d5bec3311243426a3c6d1b7a795f24b17c686dbb # 1.1.10+ used by selinux pkg
+github.com/willf/bitset                             v1.1.11
 golang.org/x/crypto                                 75b288015ac94e66e3d6715fb68a9b41bf046ec2
 golang.org/x/oauth2                                 858c2ad4c8b6c5d10852cb89079f6ca1c7309787
 golang.org/x/time                                   555d28b269f0569763d25dbe1a237ae74c6bcc82
 gopkg.in/inf.v0                                     v0.9.1
 gopkg.in/yaml.v2                                    v2.2.8
-k8s.io/api                                          v0.19.0-rc.4
-k8s.io/apimachinery                                 v0.19.0-rc.4
-k8s.io/apiserver                                    v0.19.0-rc.4
-k8s.io/client-go                                    v0.19.0-rc.4
-k8s.io/cri-api                                      v0.19.0-rc.4
+k8s.io/api                                          v0.19.4
+k8s.io/apimachinery                                 v0.19.4
+k8s.io/apiserver                                    v0.19.4
+k8s.io/client-go                                    v0.19.4
+k8s.io/component-base                               v0.19.4
+k8s.io/cri-api                                      v0.19.4
 k8s.io/klog/v2                                      v2.2.0
-k8s.io/utils                                        2df71ebbae66f39338aed4cd0bb82d2212ee33cc
-sigs.k8s.io/structured-merge-diff/v3                v3.0.0
+k8s.io/utils                                        d5654de09c73da55eb19ae4ab4f734f7a61747a6
+sigs.k8s.io/structured-merge-diff/v4                v4.0.1
 sigs.k8s.io/yaml                                    v1.2.0
 
 # cni dependencies
@@ -98,8 +100,8 @@ github.com/fullsailor/pkcs7                         8306686428a5fe132eac8cb7c484
 gopkg.in/square/go-jose.v2                          v2.3.1
 
 # zfs dependencies
-github.com/containerd/zfs                           9abf673ca6ff9ab8d9bd776a4ceff8f6dc699c3d
+github.com/containerd/zfs                           0a33824f23a2ab8ec84166f47b571ecb793b0354
 github.com/mistifyio/go-zfs                         f784269be439d704d3dfa1906f45dd848fed2beb
 
 # aufs dependencies
-github.com/containerd/aufs                          371312c1e31c210a21e49bf3dfd3f31729ed9f2f
+github.com/containerd/aufs                          dab0cbea06f43329c07667afe1a70411ad555a86