Merge remote-tracking branch 'upstream/master' into issue-352

2023-02-23 05:54:40 +08:00 · 2023-02-23 05:54:40 +08:00 · 6421711354
parent e50ef9fa45 68ef4ab2a8
commit 6421711354
499 changed files with 44260 additions and 16563 deletions
--- a/CHANGES.md
+++ b/CHANGES.md
@ -1,3 +1,14 @@
 ## 2023.2.2
 ### Notices
 - Legacy tunnels were officially deprecated on December 1, 2022. Starting with this version, cloudflared no longer supports connecting legacy tunnels.
 - h2mux tunnel connection protocol is no longer supported. Any tunnels still configured to use this protocol will alert and use http2 tunnel protocol instead. We recommend using quic protocol for all tunnels going forward.
 ## 2023.2.1
 ### Bug fixes
 - Fixed a bug in TCP connection proxy that could result in the connection being closed before all data was written.
 - cloudflared now correctly aborts body write if connection to origin service fails after response headers were sent already.
 - Fixed a bug introduced in the previous release where debug endpoints were removed.
 ## 2022.12.0
 ### Improvements
 - cloudflared now attempts to try other edge addresses before falling back to a lower protoocol.
--- a/7
+++ b/7
@ -108,6 +108,9 @@ else
 	PACKAGE_ARCH := $(TARGET_ARCH)
 endif
 #for FIPS compliance, FPM defaults to MD5.
 RPM_DIGEST := --rpm-digest sha256
 .PHONY: all
 all: cloudflared test
@ -163,13 +166,13 @@ define build_package
 	mkdir -p $(PACKAGE_DIR)
 	cp cloudflared $(PACKAGE_DIR)/cloudflared
 	cp cloudflared.1 $(PACKAGE_DIR)/cloudflared.1
-	fakeroot fpm -C $(PACKAGE_DIR) -s dir -t $(1) \
+	fpm -C $(PACKAGE_DIR) -s dir -t $(1) \
 		--description 'Cloudflare Tunnel daemon' \
 		--vendor 'Cloudflare' \
 		--license 'Apache License Version 2.0' \
 		--url 'https://github.com/cloudflare/cloudflared' \
 		-m 'Cloudflare <support@cloudflare.com>' \
-	    -a $(PACKAGE_ARCH) -v $(VERSION) -n $(DEB_PACKAGE_NAME) $(NIGHTLY_FLAGS) --after-install postinst.sh --after-remove postrm.sh \
+	    -a $(PACKAGE_ARCH) -v $(VERSION) -n $(DEB_PACKAGE_NAME) $(RPM_DIGEST) $(NIGHTLY_FLAGS) --after-install postinst.sh --after-remove postrm.sh \
 		cloudflared=$(INSTALL_BINDIR) cloudflared.1=$(INSTALL_MANDIR)
 endef
--- a/10
+++ b/10
@ -1,3 +1,13 @@
 2023.2.1
 - 2023-02-01 TUN-7065: Revert Ingress Rule check for named tunnel configurations
 - 2023-02-01 Revert "TUN-7065: Revert Ingress Rule check for named tunnel configurations"
 - 2023-02-01 Revert "TUN-7065: Remove classic tunnel creation"
 2023.1.0
 - 2023-01-10 TUN-7064: RPM digests are now sha256 instead of md5sum
 - 2023-01-04 RTG-2418 Update qtls
 - 2022-12-24 TUN-7057: Remove dependency github.com/gorilla/mux
 - 2022-12-24 TUN-6724: Migrate to sentry-go from raven-go
 2022.12.1
 - 2022-12-20 TUN-7021: Fix proxy-dns not starting when cloudflared tunnel is run
 - 2022-12-15 TUN-7010: Changelog for release 2022.12.0
--- a/cfapi/client.go
+++ b/cfapi/client.go
@ -28,7 +28,7 @@ type IPRouteClient interface {
 type VnetClient interface {
 	CreateVirtualNetwork(newVnet NewVirtualNetwork) (VirtualNetwork, error)
 	ListVirtualNetworks(filter *VnetFilter) ([]*VirtualNetwork, error)
-	DeleteVirtualNetwork(id uuid.UUID) error
+	DeleteVirtualNetwork(id uuid.UUID, force bool) error
 	UpdateVirtualNetwork(id uuid.UUID, updates UpdateVirtualNetwork) error
 }
--- a/cfapi/virtual_network.go
+++ b/cfapi/virtual_network.go
@ -80,9 +80,16 @@ func (r *RESTClient) ListVirtualNetworks(filter *VnetFilter) ([]*VirtualNetwork,
 	return nil, r.statusCodeToError("list virtual networks", resp)
 }
-func (r *RESTClient) DeleteVirtualNetwork(id uuid.UUID) error {
+func (r *RESTClient) DeleteVirtualNetwork(id uuid.UUID, force bool) error {
 	endpoint := r.baseEndpoints.accountVnets
 	endpoint.Path = path.Join(endpoint.Path, url.PathEscape(id.String()))
 	queryParams := url.Values{}
 	if force {
 		queryParams.Set("force", strconv.FormatBool(force))
 	}
 	endpoint.RawQuery = queryParams.Encode()
 	resp, err := r.sendRequest("DELETE", endpoint, nil)
 	if err != nil {
 		return errors.Wrap(err, "REST request failed")
--- a/cmd/cloudflared/access/cmd.go
+++ b/cmd/cloudflared/access/cmd.go
@ -11,7 +11,7 @@ import (
 	"text/template"
 	"time"
-	"github.com/getsentry/raven-go"
+	"github.com/getsentry/sentry-go"
 	"github.com/pkg/errors"
 	"github.com/rs/zerolog"
 	"github.com/urfave/cli/v2"
@ -202,7 +202,11 @@ func Commands() []*cli.Command {
 // login pops up the browser window to do the actual login and JWT generation
 func login(c *cli.Context) error {
-	if err := raven.SetDSN(sentryDSN); err != nil {
+	err := sentry.Init(sentry.ClientOptions{
 		Dsn:     sentryDSN,
 		Release: c.App.Version,
 	})
 	if err != nil {
 		return err
 	}
@ -251,7 +255,11 @@ func ensureURLScheme(url string) string {
 // curl provides a wrapper around curl, passing Access JWT along in request
 func curl(c *cli.Context) error {
-	if err := raven.SetDSN(sentryDSN); err != nil {
+	err := sentry.Init(sentry.ClientOptions{
 		Dsn:     sentryDSN,
 		Release: c.App.Version,
 	})
 	if err != nil {
 		return err
 	}
 	log := logger.CreateLoggerFromContext(c, logger.EnableTerminalLog)
@ -314,7 +322,11 @@ func run(cmd string, args ...string) error {
 // token dumps provided token to stdout
 func generateToken(c *cli.Context) error {
-	if err := raven.SetDSN(sentryDSN); err != nil {
+	err := sentry.Init(sentry.ClientOptions{
 		Dsn:     sentryDSN,
 		Release: c.App.Version,
 	})
 	if err != nil {
 		return err
 	}
 	appURL, err := url.Parse(ensureURLScheme(c.String("app")))
--- a/cmd/cloudflared/main.go
+++ b/cmd/cloudflared/main.go
@ -6,7 +6,7 @@ import (
 	"strings"
 	"time"
-	"github.com/getsentry/raven-go"
+	"github.com/getsentry/sentry-go"
 	homedir "github.com/mitchellh/go-homedir"
 	"github.com/pkg/errors"
 	"github.com/urfave/cli/v2"
@ -50,7 +50,6 @@ var (
 func main() {
 	rand.Seed(time.Now().UnixNano())
 	metrics.RegisterBuildInfo(BuildType, BuildTime, Version)
 	raven.SetRelease(Version)
 	maxprocs.Set()
 	bInfo := cliutil.GetBuildInfo(BuildType, Version)
@ -156,10 +155,10 @@ func action(graceShutdownC chan struct{}) cli.ActionFunc {
 		if isEmptyInvocation(c) {
 			return handleServiceMode(c, graceShutdownC)
 		}
-		tags := make(map[string]string)
+		func() {
-		tags["hostname"] = c.String("hostname")
+			defer sentry.Recover()
-		raven.SetTagsContext(tags)
+			err = tunnel.TunnelCommand(c)
-		raven.CapturePanic(func() { err = tunnel.TunnelCommand(c) }, nil)
+		}()
 		if err != nil {
 			captureError(err)
 		}
@ -187,7 +186,7 @@ func captureError(err error) {
 			return
 		}
 	}
-	raven.CaptureError(err, nil)
+	sentry.CaptureException(err)
 }
 // cloudflared was started without any flags
--- a/cmd/cloudflared/tunnel/cmd.go
+++ b/cmd/cloudflared/tunnel/cmd.go
@ -14,7 +14,7 @@ import (
 	"github.com/coreos/go-systemd/daemon"
 	"github.com/facebookgo/grace/gracenet"
-	"github.com/getsentry/raven-go"
+	"github.com/getsentry/sentry-go"
 	"github.com/google/uuid"
 	homedir "github.com/mitchellh/go-homedir"
 	"github.com/pkg/errors"
@ -36,6 +36,7 @@ import (
 	"github.com/cloudflare/cloudflared/supervisor"
 	"github.com/cloudflare/cloudflared/tlsconfig"
 	"github.com/cloudflare/cloudflared/tunneldns"
 	"github.com/cloudflare/cloudflared/validation"
 )
 const (
@ -100,6 +101,7 @@ var (
 	routeFailMsg = fmt.Sprintf("failed to provision routing, please create it manually via Cloudflare dashboard or UI; "+
 		"most likely you already have a conflicting record there. You can also rerun this command with --%s to overwrite "+
 		"any existing DNS records for this hostname.", overwriteDNSFlag)
 	deprecatedClassicTunnelErr = fmt.Errorf("Classic tunnels have been deprecated, please use Named Tunnels. (https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/install-and-setup/tunnel-guide/)")
 )
 func Flags() []cli.Flag {
@ -176,26 +178,43 @@ func TunnelCommand(c *cli.Context) error {
 		return err
 	}
-	if name := c.String("name"); name != "" { // Start a named tunnel
+	// Run a adhoc named tunnel
 	// Allows for the creation, routing (optional), and startup of a tunnel in one command
 	// --name required
 	// --url or --hello-world required
 	// --hostname optional
 	if name := c.String("name"); name != "" {
 		hostname, err := validation.ValidateHostname(c.String("hostname"))
 		if err != nil {
 			return errors.Wrap(err, "Invalid hostname provided")
 		}
 		url := c.String("url")
 		if url == hostname && url != "" && hostname != "" {
 			return fmt.Errorf("hostname and url shouldn't match. See --help for more information")
 		}
 		return runAdhocNamedTunnel(sc, name, c.String(CredFileFlag))
 	}
-	// Unauthenticated named tunnel on <random>.<quick-tunnels-service>.com
+	// Run a quick tunnel
 	// A unauthenticated named tunnel hosted on <random>.<quick-tunnels-service>.com
 	// We don't support running proxy-dns and a quick tunnel at the same time as the same process
 	shouldRunQuickTunnel := c.IsSet("url") || c.IsSet("hello-world")
-	if !dnsProxyStandAlone(c, nil) && c.String("hostname") == "" && c.String("quick-service") != "" && shouldRunQuickTunnel {
+	if !c.IsSet("proxy-dns") && c.String("quick-service") != "" && shouldRunQuickTunnel {
 		return RunQuickTunnel(sc)
 	}
 	// If user provides a config, check to see if they meant to use `tunnel run` instead
 	if ref := config.GetConfiguration().TunnelID; ref != "" {
 		return fmt.Errorf("Use `cloudflared tunnel run` to start tunnel %s", ref)
 	}
-	// Start a classic tunnel if hostname is specified.
+	// Classic tunnel usage is no longer supported
 	if c.String("hostname") != "" {
-		return runClassicTunnel(sc)
+		return deprecatedClassicTunnelErr
 	}
-	if c.String("proxy-dns") != "" {
+	if c.IsSet("proxy-dns") {
 		// NamedTunnelProperties are nil since proxy dns server does not need it.
 		// This is supported for legacy reasons: dns proxy server is not a tunnel and ideally should
 		// not run as part of cloudflared tunnel.
@ -237,11 +256,6 @@ func runAdhocNamedTunnel(sc *subcommandContext, name, credentialsOutputPath stri
 	return nil
 }
 // runClassicTunnel creates a "classic" non-named tunnel
 func runClassicTunnel(sc *subcommandContext) error {
 	return StartServer(sc.c, buildInfo, nil, sc.log)
 }
 func routeFromFlag(c *cli.Context) (route cfapi.HostnameRoute, ok bool) {
 	if hostname := c.String("hostname"); hostname != "" {
 		if lbPool := c.String("lb-pool"); lbPool != "" {
@ -258,7 +272,13 @@ func StartServer(
 	namedTunnel *connection.NamedTunnelProperties,
 	log *zerolog.Logger,
 ) error {
-	_ = raven.SetDSN(sentryDSN)
+	err := sentry.Init(sentry.ClientOptions{
 		Dsn:     sentryDSN,
 		Release: c.App.Version,
 	})
 	if err != nil {
 		return err
 	}
 	var wg sync.WaitGroup
 	listeners := gracenet.Net{}
 	errC := make(chan error)
@ -337,21 +357,13 @@ func StartServer(
 		errC <- autoupdater.Run(ctx)
 	}()
-	// Serve DNS proxy stand-alone if no hostname or tag or app is going to run
+	// Serve DNS proxy stand-alone if no tunnel type (quick, adhoc, named) is going to run
 	if dnsProxyStandAlone(c, namedTunnel) {
 		connectedSignal.Notify()
 		// no grace period, handle SIGINT/SIGTERM immediately
 		return waitToShutdown(&wg, cancel, errC, graceShutdownC, 0, log)
 	}
 	url := c.String("url")
 	hostname := c.String("hostname")
 	if url == hostname && url != "" && hostname != "" {
 		errText := "hostname and url shouldn't match. See --help for more information"
 		log.Error().Msg(errText)
 		return fmt.Errorf(errText)
 	}
 	logTransport := logger.CreateTransportLoggerFromContext(c, logger.EnableTerminalLog)
 	observer := connection.NewObserver(log, logTransport)
--- a/cmd/cloudflared/tunnel/configuration.go
+++ b/cmd/cloudflared/tunnel/configuration.go
@ -21,18 +21,16 @@ import (
 	"golang.org/x/crypto/ssh/terminal"
 	"github.com/cloudflare/cloudflared/cmd/cloudflared/cliutil"
 	"github.com/cloudflare/cloudflared/edgediscovery/allregions"
 	"github.com/cloudflare/cloudflared/config"
 	"github.com/cloudflare/cloudflared/connection"
 	"github.com/cloudflare/cloudflared/edgediscovery"
 	"github.com/cloudflare/cloudflared/edgediscovery/allregions"
 	"github.com/cloudflare/cloudflared/h2mux"
 	"github.com/cloudflare/cloudflared/ingress"
 	"github.com/cloudflare/cloudflared/orchestration"
 	"github.com/cloudflare/cloudflared/supervisor"
 	"github.com/cloudflare/cloudflared/tlsconfig"
 	tunnelpogs "github.com/cloudflare/cloudflared/tunnelrpc/pogs"
 	"github.com/cloudflare/cloudflared/validation"
 )
 const LogFieldOriginCertPath = "originCertPath"
@ -43,8 +41,6 @@ var (
 	serviceUrl      = developerPortal + "/reference/service/"
 	argumentsUrl    = developerPortal + "/reference/arguments/"
 	LogFieldHostname = "hostname"
 	secretFlags     = [2]*altsrc.StringFlag{credentialsContentsFlag, tunnelTokenFlag}
 	defaultFeatures = []string{supervisor.FeatureAllowRemoteConfig, supervisor.FeatureSerializedHeaders, supervisor.FeatureDatagramV2, supervisor.FeatureQUICSupportEOF}
@ -127,7 +123,10 @@ func isSecretEnvVar(key string) bool {
 }
 func dnsProxyStandAlone(c *cli.Context, namedTunnel *connection.NamedTunnelProperties) bool {
-	return c.IsSet("proxy-dns") && (!c.IsSet("hostname") && !c.IsSet("tag") && !c.IsSet("hello-world") && namedTunnel == nil)
+	return c.IsSet("proxy-dns") &&
 		!(c.IsSet("name") || // adhoc-named tunnel
 			c.IsSet("hello-world") || // quick or named tunnel
 			namedTunnel != nil) // named tunnel
 }
 func findOriginCert(originCertPath string, log *zerolog.Logger) (string, error) {
@ -193,37 +192,19 @@ func prepareTunnelConfig(
 	observer *connection.Observer,
 	namedTunnel *connection.NamedTunnelProperties,
 ) (*supervisor.TunnelConfig, *orchestration.Config, error) {
-	isNamedTunnel := namedTunnel != nil
+	clientID, err := uuid.NewRandom()
 	configHostname := c.String("hostname")
 	hostname, err := validation.ValidateHostname(configHostname)
 	if err != nil {
-		log.Err(err).Str(LogFieldHostname, configHostname).Msg("Invalid hostname")
+		return nil, nil, errors.Wrap(err, "can't generate connector UUID")
 		return nil, nil, errors.Wrap(err, "Invalid hostname")
 	}
-	clientID := c.String("id")
+	log.Info().Msgf("Generated Connector ID: %s", clientID)
 	if !c.IsSet("id") {
 		clientID, err = generateRandomClientID(log)
 		if err != nil {
 			return nil, nil, err
 		}
 	}
 	tags, err := NewTagSliceFromCLI(c.StringSlice("tag"))
 	if err != nil {
 		log.Err(err).Msg("Tag parse failure")
 		return nil, nil, errors.Wrap(err, "Tag parse failure")
 	}
-
+	tags = append(tags, tunnelpogs.Tag{Name: "ID", Value: clientID.String()})
 	tags = append(tags, tunnelpogs.Tag{Name: "ID", Value: clientID})
 	var (
 		ingressRules  ingress.Ingress
 		classicTunnel *connection.ClassicTunnelProperties
 	)
 	transportProtocol := c.String("protocol")
 	needPQ := c.Bool("post-quantum")
 	if needPQ {
 		if FipsEnabled {
@ -236,81 +217,36 @@ func prepareTunnelConfig(
 		transportProtocol = connection.QUIC.String()
 	}
-	protocolFetcher := edgediscovery.ProtocolPercentage
+	features := dedup(append(c.StringSlice("features"), defaultFeatures...))
 	cfg := config.GetConfiguration()
 	if isNamedTunnel {
 		clientUUID, err := uuid.NewRandom()
 		if err != nil {
 			return nil, nil, errors.Wrap(err, "can't generate connector UUID")
 		}
 		log.Info().Msgf("Generated Connector ID: %s", clientUUID)
 		features := append(c.StringSlice("features"), defaultFeatures...)
 	if needPQ {
 		features = append(features, supervisor.FeaturePostQuantum)
 	}
 		if c.IsSet(TunnelTokenFlag) {
 			if transportProtocol == connection.AutoSelectFlag {
 				protocolFetcher = func() (edgediscovery.ProtocolPercents, error) {
 					// If the Tunnel is remotely managed and no protocol is set, we prefer QUIC, but still allow fall-back.
 					preferQuic := []edgediscovery.ProtocolPercent{
 						{
 							Protocol:   connection.QUIC.String(),
 							Percentage: 100,
 						},
 						{
 							Protocol:   connection.HTTP2.String(),
 							Percentage: 100,
 						},
 					}
 					return preferQuic, nil
 				}
 			}
 			log.Info().Msg("Will be fetching remotely managed configuration from Cloudflare API. Defaulting to protocol: quic")
 		}
 	namedTunnel.Client = tunnelpogs.ClientInfo{
-			ClientID: clientUUID[:],
+		ClientID: clientID[:],
-			Features: dedup(features),
+		Features: features,
 		Version:  info.Version(),
 		Arch:     info.OSArch(),
 	}
-		ingressRules, err = ingress.ParseIngress(cfg)
+	cfg := config.GetConfiguration()
 	ingressRules, err := ingress.ParseIngress(cfg)
 	if err != nil && err != ingress.ErrNoIngressRules {
 		return nil, nil, err
 	}
-		if !ingressRules.IsEmpty() && c.IsSet("url") {
+	if c.IsSet("url") {
 		// Ingress rules cannot be provided with --url flag
 		if !ingressRules.IsEmpty() {
 			return nil, nil, ingress.ErrURLIncompatibleWithIngress
 		}
 		} else {
-
+			// Only for quick or adhoc tunnels will we attempt to parse:
-		originCertPath := c.String("origincert")
+			// --url, --hello-world, or --unix-socket flag for a tunnel ingress rule
-		originCertLog := log.With().
+			ingressRules, err = ingress.NewSingleOrigin(c, false)
 			Str(LogFieldOriginCertPath, originCertPath).
 			Logger()
 		originCert, err := getOriginCert(originCertPath, &originCertLog)
 		if err != nil {
 			return nil, nil, errors.Wrap(err, "Error getting origin cert")
 		}
 		classicTunnel = &connection.ClassicTunnelProperties{
 			Hostname:   hostname,
 			OriginCert: originCert,
 			// turn off use of reconnect token and auth refresh when using named tunnels
 			UseReconnectToken: !isNamedTunnel && c.Bool("use-reconnect-token"),
 		}
 	}
 	// Convert single-origin configuration into multi-origin configuration.
 	if ingressRules.IsEmpty() {
 		ingressRules, err = ingress.NewSingleOrigin(c, !isNamedTunnel)
 			if err != nil {
 				return nil, nil, err
 			}
 		}
 	}
-	warpRoutingEnabled := isWarpRoutingEnabled(cfg.WarpRouting, isNamedTunnel)
+	protocolSelector, err := connection.NewProtocolSelector(transportProtocol, namedTunnel.Credentials.AccountTag, c.IsSet(TunnelTokenFlag), c.Bool("post-quantum"), edgediscovery.ProtocolPercentage, connection.ResolveTTL, log)
 	protocolSelector, err := connection.NewProtocolSelector(transportProtocol, warpRoutingEnabled, namedTunnel, protocolFetcher, supervisor.ResolveTTL, log, c.Bool("post-quantum"))
 	if err != nil {
 		return nil, nil, err
 	}
@ -374,7 +310,7 @@ func prepareTunnelConfig(
 		GracePeriod:     gracePeriod,
 		ReplaceExisting: c.Bool("force"),
 		OSArch:          info.OSArch(),
-		ClientID:        clientID,
+		ClientID:        clientID.String(),
 		EdgeAddrs:       c.StringSlice("edge"),
 		Region:          c.String("region"),
 		EdgeIPVersion:   edgeIPVersion,
@ -392,7 +328,6 @@ func prepareTunnelConfig(
 		Retries:            uint(c.Int("retries")),
 		RunFromTerminal:    isRunningFromTerminal(),
 		NamedTunnel:        namedTunnel,
 		ClassicTunnel:      classicTunnel,
 		MuxerConfig:        muxerConfig,
 		ProtocolSelector:   protocolSelector,
 		EdgeTLSConfigs:     edgeTLSConfigs,
@ -434,10 +369,6 @@ func gracePeriod(c *cli.Context) (time.Duration, error) {
 	return period, nil
 }
 func isWarpRoutingEnabled(warpConfig config.WarpRoutingConfig, isNamedTunnel bool) bool {
 	return warpConfig.Enabled && isNamedTunnel
 }
 func isRunningFromTerminal() bool {
 	return terminal.IsTerminal(int(os.Stdout.Fd()))
 }
--- a/cmd/cloudflared/tunnel/subcommand_context_vnets.go
+++ b/cmd/cloudflared/tunnel/subcommand_context_vnets.go
@ -23,12 +23,12 @@ func (sc *subcommandContext) listVirtualNetworks(filter *cfapi.VnetFilter) ([]*c
 	return client.ListVirtualNetworks(filter)
 }
-func (sc *subcommandContext) deleteVirtualNetwork(vnetId uuid.UUID) error {
+func (sc *subcommandContext) deleteVirtualNetwork(vnetId uuid.UUID, force bool) error {
 	client, err := sc.client()
 	if err != nil {
 		return errors.Wrap(err, noClientMsg)
 	}
-	return client.DeleteVirtualNetwork(vnetId)
+	return client.DeleteVirtualNetwork(vnetId, force)
 }
 func (sc *subcommandContext) updateVirtualNetwork(vnetId uuid.UUID, updates cfapi.UpdateVirtualNetwork) error {
--- a/cmd/cloudflared/tunnel/subcommands.go
+++ b/cmd/cloudflared/tunnel/subcommands.go
@ -821,7 +821,7 @@ Further information about managing Cloudflare WARP traffic to your tunnel is ava
 				Name:        "lb",
 				Action:      cliutil.ConfiguredAction(routeLbCommand),
 				Usage:       "Use this tunnel as a load balancer origin, creating pool and load balancer if necessary",
-				UsageText:   "cloudflared tunnel route lb [TUNNEL] [HOSTNAME] [LB-POOL]",
+				UsageText:   "cloudflared tunnel route lb [TUNNEL] [HOSTNAME] [LB-POOL-NAME]",
 				Description: `Creates Load Balancer with an origin pool that points to the tunnel.`,
 			},
 			buildRouteIPSubcommand(),
--- a/cmd/cloudflared/tunnel/vnets_subcommands.go
+++ b/cmd/cloudflared/tunnel/vnets_subcommands.go
@ -33,6 +33,12 @@ var (
 		Aliases: []string{"c"},
 		Usage:   "A new comment describing the purpose of the virtual network.",
 	}
 	vnetForceDeleteFlag = &cli.BoolFlag{
 		Name:    "force",
 		Aliases: []string{"f"},
 		Usage: "Force the deletion of the virtual network even if it is being relied upon by other resources. Those" +
 			"resources will either be deleted (e.g. IP Routes) or moved to the current default virutal network.",
 	}
 )
 func buildVirtualNetworkSubcommand(hidden bool) *cli.Command {
@ -82,6 +88,7 @@ be the current default.`,
 				UsageText: "cloudflared tunnel [--config FILEPATH] network delete VIRTUAL_NETWORK",
 				Description: `Deletes the virtual network (given its ID or name). This is only possible if that virtual network is unused. 
 A virtual network may be used by IP routes or by WARP devices.`,
 				Flags:  []cli.Flag{vnetForceDeleteFlag},
 				Hidden: hidden,
 			},
 			{
@ -188,7 +195,7 @@ func deleteVirtualNetworkCommand(c *cli.Context) error {
 	if err != nil {
 		return err
 	}
-	if c.NArg() != 1 {
+	if c.NArg() < 1 {
 		return errors.New("You must supply exactly one argument, either the ID or name of the virtual network to delete")
 	}
@ -198,7 +205,12 @@ func deleteVirtualNetworkCommand(c *cli.Context) error {
 		return err
 	}
-	if err := sc.deleteVirtualNetwork(vnetId); err != nil {
+	forceDelete := false
 	if c.IsSet(vnetForceDeleteFlag.Name) {
 		forceDelete = c.Bool(vnetForceDeleteFlag.Name)
 	}
 	if err := sc.deleteVirtualNetwork(vnetId, forceDelete); err != nil {
 		return errors.Wrap(err, "API error")
 	}
 	fmt.Printf("Successfully deleted virtual network '%s'\n", input)
--- a/component-tests/test_proxy_dns.py
+++ b/component-tests/test_proxy_dns.py
@ -12,18 +12,12 @@ class TestProxyDns:
    def test_proxy_dns_with_named_tunnel(self, tmp_path, component_tests_config):
        run_test_scenario(tmp_path, component_tests_config, CfdModes.NAMED, run_proxy_dns=True)
    def test_proxy_dns_with_classic_tunnel(self, tmp_path, component_tests_config):
        run_test_scenario(tmp_path, component_tests_config, CfdModes.CLASSIC, run_proxy_dns=True)
    def test_proxy_dns_alone(self, tmp_path, component_tests_config):
        run_test_scenario(tmp_path, component_tests_config, CfdModes.PROXY_DNS, run_proxy_dns=True)
    def test_named_tunnel_alone(self, tmp_path, component_tests_config):
        run_test_scenario(tmp_path, component_tests_config, CfdModes.NAMED, run_proxy_dns=False)
    def test_classic_tunnel_alone(self, tmp_path, component_tests_config):
        run_test_scenario(tmp_path, component_tests_config, CfdModes.CLASSIC, run_proxy_dns=False)
 def run_test_scenario(tmp_path, component_tests_config, cfd_mode, run_proxy_dns):
    expect_proxy_dns = run_proxy_dns
@ -33,10 +27,6 @@ def run_test_scenario(tmp_path, component_tests_config, cfd_mode, run_proxy_dns)
        expect_tunnel = True
        pre_args = ["tunnel"]
        args = ["run"]
    elif cfd_mode == CfdModes.CLASSIC:
        expect_tunnel = True
        pre_args = []
        args = []
    elif cfd_mode == CfdModes.PROXY_DNS:
        expect_proxy_dns = True
        pre_args = []
--- a/component-tests/test_reconnect.py
+++ b/component-tests/test_reconnect.py
@ -33,13 +33,6 @@ class TestReconnect:
            # Repeat the test multiple times because some issues only occur after multiple reconnects
            self.assert_reconnect(config, cloudflared, 5)
    def test_classic_reconnect(self, tmp_path, component_tests_config):
        extra_config = copy.copy(self.extra_config)
        extra_config["hello-world"] = True
        config = component_tests_config(additional_config=extra_config, cfd_mode=CfdModes.CLASSIC)
        with start_cloudflared(tmp_path, config, cfd_args=[], new_process=True, allow_input=True, capture_output=False) as cloudflared:
            self.assert_reconnect(config, cloudflared, 1)
    def send_reconnect(self, cloudflared, secs):
        # Although it is recommended to use the Popen.communicate method, we cannot
        # use it because it blocks on reading stdout and stderr until EOF is reached
--- a/connection/connection.go
+++ b/connection/connection.go
@ -142,6 +142,7 @@ type TCPRequest struct {
 	LBProbe   bool
 	FlowID    string
 	CfTraceID string
 	ConnIndex uint8
 }
 // ReadWriteAcker is a readwriter with the ability to Acknowledge to the downstream (edge) that the origin has
--- a/connection/h2mux.go
+++ b/connection/h2mux.go
@ -123,46 +123,6 @@ func (h *h2muxConnection) ServeNamedTunnel(ctx context.Context, namedTunnel *Nam
 	return err
 }
 func (h *h2muxConnection) ServeClassicTunnel(ctx context.Context, classicTunnel *ClassicTunnelProperties, credentialManager CredentialManager, registrationOptions *tunnelpogs.RegistrationOptions, connectedFuse ConnectedFuse) error {
 	errGroup, serveCtx := errgroup.WithContext(ctx)
 	errGroup.Go(func() error {
 		return h.serveMuxer(serveCtx)
 	})
 	errGroup.Go(func() (err error) {
 		defer func() {
 			if err == nil {
 				connectedFuse.Connected()
 			}
 		}()
 		if classicTunnel.UseReconnectToken && connectedFuse.IsConnected() {
 			err := h.reconnectTunnel(ctx, credentialManager, classicTunnel, registrationOptions)
 			if err == nil {
 				return nil
 			}
 			// log errors and proceed to RegisterTunnel
 			h.observer.log.Err(err).
 				Uint8(LogFieldConnIndex, h.connIndex).
 				Msg("Couldn't reconnect connection. Re-registering it instead.")
 		}
 		return h.registerTunnel(ctx, credentialManager, classicTunnel, registrationOptions)
 	})
 	errGroup.Go(func() error {
 		h.controlLoop(serveCtx, connectedFuse, false)
 		return nil
 	})
 	err := errGroup.Wait()
 	if err == errMuxerStopped {
 		if h.stoppedGracefully {
 			return nil
 		}
 		h.observer.log.Info().Uint8(LogFieldConnIndex, h.connIndex).Msg("Unexpected muxer shutdown")
 	}
 	return err
 }
 func (h *h2muxConnection) serveMuxer(ctx context.Context) error {
 	// All routines should stop when muxer finish serving. When muxer is shutdown
 	// gracefully, it doesn't return an error, so we need to return errMuxerShutdown
@ -236,7 +196,7 @@ func (h *h2muxConnection) ServeStream(stream *h2mux.MuxedStream) error {
 		return err
 	}
-	err = originProxy.ProxyHTTP(respWriter, tracing.NewTracedHTTPRequest(req, h.log), sourceConnectionType == TypeWebsocket)
+	err = originProxy.ProxyHTTP(respWriter, tracing.NewTracedHTTPRequest(req, h.connIndex, h.log), sourceConnectionType == TypeWebsocket)
 	if err != nil {
 		respWriter.WriteErrorResponse()
 	}
--- a/connection/http2.go
+++ b/connection/http2.go
@ -115,52 +115,53 @@ func (c *HTTP2Connection) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 	var requestErr error
 	switch connType {
 	case TypeControlStream:
-		if err := c.controlStreamHandler.ServeControlStream(r.Context(), respWriter, c.connOptions, c.orchestrator); err != nil {
+		requestErr = c.controlStreamHandler.ServeControlStream(r.Context(), respWriter, c.connOptions, c.orchestrator)
-			c.controlStreamErr = err
+		if requestErr != nil {
-			c.log.Error().Err(err)
+			c.controlStreamErr = requestErr
 			respWriter.WriteErrorResponse()
 		}
 	case TypeConfiguration:
-		if err := c.handleConfigurationUpdate(respWriter, r); err != nil {
+		requestErr = c.handleConfigurationUpdate(respWriter, r)
 			c.log.Error().Err(err)
 			respWriter.WriteErrorResponse()
 		}
 	case TypeWebsocket, TypeHTTP:
 		stripWebsocketUpgradeHeader(r)
 		// Check for tracing on request
-		tr := tracing.NewTracedHTTPRequest(r, c.log)
+		tr := tracing.NewTracedHTTPRequest(r, c.connIndex, c.log)
 		if err := originProxy.ProxyHTTP(respWriter, tr, connType == TypeWebsocket); err != nil {
-			err := fmt.Errorf("Failed to proxy HTTP: %w", err)
+			requestErr = fmt.Errorf("Failed to proxy HTTP: %w", err)
 			c.log.Error().Err(err)
 			respWriter.WriteErrorResponse()
 		}
 	case TypeTCP:
 		host, err := getRequestHost(r)
 		if err != nil {
-			err := fmt.Errorf(`cloudflared received a warp-routing request with an empty host value: %w`, err)
+			requestErr = fmt.Errorf(`cloudflared received a warp-routing request with an empty host value: %w`, err)
-			c.log.Error().Err(err)
+			break
 			respWriter.WriteErrorResponse()
 		}
 		rws := NewHTTPResponseReadWriterAcker(respWriter, r)
-		if err := originProxy.ProxyTCP(r.Context(), rws, &TCPRequest{
+		requestErr = originProxy.ProxyTCP(r.Context(), rws, &TCPRequest{
 			Dest:      host,
 			CFRay:     FindCfRayHeader(r),
 			LBProbe:   IsLBProbeRequest(r),
 			CfTraceID: r.Header.Get(tracing.TracerContextName),
-		}); err != nil {
+			ConnIndex: c.connIndex,
-			respWriter.WriteErrorResponse()
+		})
 		}
 	default:
-		err := fmt.Errorf("Received unknown connection type: %s", connType)
+		requestErr = fmt.Errorf("Received unknown connection type: %s", connType)
-		c.log.Error().Err(err)
+	}
-		respWriter.WriteErrorResponse()
+
 	if requestErr != nil {
 		c.log.Error().Err(requestErr).Msg("failed to serve incoming request")
 		// WriteErrorResponse will return false if status was already written. we need to abort handler.
 		if !respWriter.WriteErrorResponse() {
 			c.log.Debug().Msg("Handler aborted due to failure to write error response after status already sent")
 			panic(http.ErrAbortHandler)
 		}
 	}
 }
@ -275,9 +276,16 @@ func (rp *http2RespWriter) WriteRespHeaders(status int, header http.Header) erro
 	return nil
 }
-func (rp *http2RespWriter) WriteErrorResponse() {
+func (rp *http2RespWriter) WriteErrorResponse() bool {
 	if rp.statusWritten {
 		return false
 	}
 	rp.setResponseMetaHeader(responseMetaHeaderCfd)
 	rp.w.WriteHeader(http.StatusBadGateway)
 	rp.statusWritten = true
 	return true
 }
 func (rp *http2RespWriter) setResponseMetaHeader(value string) {
--- a/connection/protocol.go
+++ b/connection/protocol.go
@ -1,7 +1,6 @@
 package connection
 import (
 	"errors"
 	"fmt"
 	"hash/fnv"
 	"sync"
@ -13,7 +12,7 @@ import (
 )
 const (
-	AvailableProtocolFlagMessage = "Available protocols: 'auto' - automatically chooses the best protocol over time (the default; and also the recommended one); 'quic' - based on QUIC, relying on UDP egress to Cloudflare edge; 'http2' - using Go's HTTP2 library, relying on TCP egress to Cloudflare edge; 'h2mux' - Cloudflare's implementation of HTTP/2, deprecated"
+	AvailableProtocolFlagMessage = "Available protocols: 'auto' - automatically chooses the best protocol over time (the default; and also the recommended one); 'quic' - based on QUIC, relying on UDP egress to Cloudflare edge; 'http2' - using Go's HTTP2 library, relying on TCP egress to Cloudflare edge"
 	// edgeH2muxTLSServerName is the server name to establish h2mux connection with edge
 	edgeH2muxTLSServerName = "cftunnel.com"
 	// edgeH2TLSServerName is the server name to establish http2 connection with edge
@ -21,43 +20,32 @@ const (
 	// edgeQUICServerName is the server name to establish quic connection with edge.
 	edgeQUICServerName = "quic.cftunnel.com"
 	AutoSelectFlag     = "auto"
 	// SRV and TXT record resolution TTL
 	ResolveTTL = time.Hour
 )
 var (
-	// ProtocolList represents a list of supported protocols for communication with the edge.
+	// ProtocolList represents a list of supported protocols for communication with the edge
-	ProtocolList = []Protocol{H2mux, HTTP2, HTTP2Warp, QUIC, QUICWarp}
+	// in order of precedence for remote percentage fetcher.
 	ProtocolList = []Protocol{QUIC, HTTP2}
 )
 type Protocol int64
 const (
-	// H2mux protocol can be used both with Classic and Named Tunnels. .
+	// HTTP2 using golang HTTP2 library for edge connections.
-	H2mux Protocol = iota
+	HTTP2 Protocol = iota
-	// HTTP2 is used only with named tunnels. It's more efficient than H2mux for L4 proxying.
+	// QUIC using quic-go for edge connections.
 	HTTP2
 	// QUIC is used only with named tunnels.
 	QUIC
 	// HTTP2Warp is used only with named tunnels. It's useful for warp-routing where we don't want to fallback to
 	// H2mux on HTTP2 failure to connect.
 	HTTP2Warp
 	//QUICWarp is used only with named tunnels. It's useful for warp-routing where we want to fallback to HTTP2 but
 	// don't want HTTP2 to fallback to H2mux
 	QUICWarp
 )
 // Fallback returns the fallback protocol and whether the protocol has a fallback
 func (p Protocol) fallback() (Protocol, bool) {
 	switch p {
 	case H2mux:
 		return 0, false
 	case HTTP2:
 		return H2mux, true
 	case HTTP2Warp:
 		return 0, false
 	case QUIC:
 		return HTTP2, true
 	case QUICWarp:
 		return HTTP2Warp, true
 	default:
 		return 0, false
 	}
@ -65,11 +53,9 @@ func (p Protocol) fallback() (Protocol, bool) {
 func (p Protocol) String() string {
 	switch p {
-	case H2mux:
+	case HTTP2:
 		return "h2mux"
 	case HTTP2, HTTP2Warp:
 		return "http2"
-	case QUIC, QUICWarp:
+	case QUIC:
 		return "quic"
 	default:
 		return fmt.Sprintf("unknown protocol")
@ -78,15 +64,11 @@ func (p Protocol) String() string {
 func (p Protocol) TLSSettings() *TLSSettings {
 	switch p {
-	case H2mux:
+	case HTTP2:
 		return &TLSSettings{
 			ServerName: edgeH2muxTLSServerName,
 		}
 	case HTTP2, HTTP2Warp:
 		return &TLSSettings{
 			ServerName: edgeH2TLSServerName,
 		}
-	case QUIC, QUICWarp:
+	case QUIC:
 		return &TLSSettings{
 			ServerName: edgeQUICServerName,
 			NextProtos: []string{"argotunnel"},
@ -106,6 +88,7 @@ type ProtocolSelector interface {
 	Fallback() (Protocol, bool)
 }
 // staticProtocolSelector will not provide a different protocol for Fallback
 type staticProtocolSelector struct {
 	current Protocol
 }
@ -115,10 +98,11 @@ func (s *staticProtocolSelector) Current() Protocol {
 }
 func (s *staticProtocolSelector) Fallback() (Protocol, bool) {
-	return 0, false
+	return s.current, false
 }
-type autoProtocolSelector struct {
+// remoteProtocolSelector will fetch a list of remote protocols to provide for edge discovery
 type remoteProtocolSelector struct {
 	lock sync.RWMutex
 	current Protocol
@ -127,23 +111,21 @@ type autoProtocolSelector struct {
 	protocolPool []Protocol
 	switchThreshold int32
-	fetchFunc       PercentageFetcher
+	fetchFunc       edgediscovery.PercentageFetcher
 	refreshAfter    time.Time
 	ttl             time.Duration
 	log             *zerolog.Logger
 	needPQ          bool
 }
-func newAutoProtocolSelector(
+func newRemoteProtocolSelector(
 	current Protocol,
 	protocolPool []Protocol,
 	switchThreshold int32,
-	fetchFunc PercentageFetcher,
+	fetchFunc edgediscovery.PercentageFetcher,
 	ttl time.Duration,
 	log *zerolog.Logger,
-	needPQ bool,
+) *remoteProtocolSelector {
-) *autoProtocolSelector {
+	return &remoteProtocolSelector{
 	return &autoProtocolSelector{
 		current:         current,
 		protocolPool:    protocolPool,
 		switchThreshold: switchThreshold,
@ -151,11 +133,10 @@ func newAutoProtocolSelector(
 		refreshAfter:    time.Now().Add(ttl),
 		ttl:             ttl,
 		log:             log,
 		needPQ:          needPQ,
 	}
 }
-func (s *autoProtocolSelector) Current() Protocol {
+func (s *remoteProtocolSelector) Current() Protocol {
 	s.lock.Lock()
 	defer s.lock.Unlock()
 	if time.Now().Before(s.refreshAfter) {
@ -173,7 +154,13 @@ func (s *autoProtocolSelector) Current() Protocol {
 	return s.current
 }
-func getProtocol(protocolPool []Protocol, fetchFunc PercentageFetcher, switchThreshold int32) (Protocol, error) {
+func (s *remoteProtocolSelector) Fallback() (Protocol, bool) {
 	s.lock.RLock()
 	defer s.lock.RUnlock()
 	return s.current.fallback()
 }
 func getProtocol(protocolPool []Protocol, fetchFunc edgediscovery.PercentageFetcher, switchThreshold int32) (Protocol, error) {
 	protocolPercentages, err := fetchFunc()
 	if err != nil {
 		return 0, err
@ -185,112 +172,78 @@ func getProtocol(protocolPool []Protocol, fetchFunc PercentageFetcher, switchThr
 		}
 	}
-	return protocolPool[len(protocolPool)-1], nil
+	// Default to first index in protocolPool list
 	return protocolPool[0], nil
 }
-func (s *autoProtocolSelector) Fallback() (Protocol, bool) {
+// defaultProtocolSelector will allow for a protocol to have a fallback
 type defaultProtocolSelector struct {
 	lock    sync.RWMutex
 	current Protocol
 }
 func newDefaultProtocolSelector(
 	current Protocol,
 ) *defaultProtocolSelector {
 	return &defaultProtocolSelector{
 		current: current,
 	}
 }
 func (s *defaultProtocolSelector) Current() Protocol {
 	s.lock.Lock()
 	defer s.lock.Unlock()
 	return s.current
 }
 func (s *defaultProtocolSelector) Fallback() (Protocol, bool) {
 	s.lock.RLock()
 	defer s.lock.RUnlock()
 	if s.needPQ {
 		return 0, false
 	}
 	return s.current.fallback()
 }
 type PercentageFetcher func() (edgediscovery.ProtocolPercents, error)
 func NewProtocolSelector(
 	protocolFlag string,
-	warpRoutingEnabled bool,
+	accountTag string,
-	namedTunnel *NamedTunnelProperties,
+	tunnelTokenProvided bool,
 	fetchFunc PercentageFetcher,
 	ttl time.Duration,
 	log *zerolog.Logger,
 	needPQ bool,
 	protocolFetcher edgediscovery.PercentageFetcher,
 	resolveTTL time.Duration,
 	log *zerolog.Logger,
 ) (ProtocolSelector, error) {
-	// Classic tunnel is only supported with h2mux
+	// With --post-quantum, we force quic
 	if namedTunnel == nil {
 	if needPQ {
 			return nil, errors.New("Classic tunnel does not support post-quantum")
 		}
 		return &staticProtocolSelector{
-			current: H2mux,
+			current: QUIC,
 		}, nil
 	}
-	threshold := switchThreshold(namedTunnel.Credentials.AccountTag)
+	threshold := switchThreshold(accountTag)
-	fetchedProtocol, err := getProtocol([]Protocol{QUIC, HTTP2}, fetchFunc, threshold)
+	fetchedProtocol, err := getProtocol(ProtocolList, protocolFetcher, threshold)
-	if err != nil && protocolFlag == "auto" {
+	log.Debug().Msgf("Fetched protocol: %s", fetchedProtocol)
-		log.Err(err).Msg("Unable to lookup protocol. Defaulting to `http2`. If this fails, you can attempt `--protocol quic` instead.")
+	if err != nil {
-		if needPQ {
+		log.Warn().Msg("Unable to lookup protocol percentage.")
-			return nil, errors.New("http2 does not support post-quantum")
+		// Falling through here since 'auto' is handled in the switch and failing
-		}
+		// to do the protocol lookup isn't a failure since it can be triggered again
-		return &staticProtocolSelector{
+		// after the TTL.
 			current: HTTP2,
 		}, nil
 	}
 	if warpRoutingEnabled {
 		if protocolFlag == H2mux.String() || fetchedProtocol == H2mux {
 			log.Warn().Msg("Warp routing is not supported in h2mux protocol. Upgrading to http2 to allow it.")
 			protocolFlag = HTTP2.String()
 			fetchedProtocol = HTTP2Warp
 		}
 		return selectWarpRoutingProtocols(protocolFlag, fetchFunc, ttl, log, threshold, fetchedProtocol, needPQ)
 	}
 	return selectNamedTunnelProtocols(protocolFlag, fetchFunc, ttl, log, threshold, fetchedProtocol, needPQ)
 }
 func selectNamedTunnelProtocols(
 	protocolFlag string,
 	fetchFunc PercentageFetcher,
 	ttl time.Duration,
 	log *zerolog.Logger,
 	threshold int32,
 	protocol Protocol,
 	needPQ bool,
 ) (ProtocolSelector, error) {
 	// If the user picks a protocol, then we stick to it no matter what.
 	switch protocolFlag {
-	case H2mux.String():
+	case "h2mux":
-		return &staticProtocolSelector{current: H2mux}, nil
+		// Any users still requesting h2mux will be upgraded to http2 instead
 		log.Warn().Msg("h2mux is no longer a supported protocol: upgrading edge connection to http2. Please remove '--protocol h2mux' from runtime arguments to remove this warning.")
 		return &staticProtocolSelector{current: HTTP2}, nil
 	case QUIC.String():
 		return &staticProtocolSelector{current: QUIC}, nil
 	case HTTP2.String():
 		return &staticProtocolSelector{current: HTTP2}, nil
 	case AutoSelectFlag:
 		// When a --token is provided, we want to start with QUIC but have fallback to HTTP2
 		if tunnelTokenProvided {
 			return newDefaultProtocolSelector(QUIC), nil
 		}
-
+		return newRemoteProtocolSelector(fetchedProtocol, ProtocolList, threshold, protocolFetcher, resolveTTL, log), nil
 	// If the user does not pick (hopefully the majority) then we use the one derived from the TXT DNS record and
 	// fallback on failures.
 	if protocolFlag == AutoSelectFlag {
 		return newAutoProtocolSelector(protocol, []Protocol{QUIC, HTTP2, H2mux}, threshold, fetchFunc, ttl, log, needPQ), nil
 	}
 	return nil, fmt.Errorf("Unknown protocol %s, %s", protocolFlag, AvailableProtocolFlagMessage)
 }
 func selectWarpRoutingProtocols(
 	protocolFlag string,
 	fetchFunc PercentageFetcher,
 	ttl time.Duration,
 	log *zerolog.Logger,
 	threshold int32,
 	protocol Protocol,
 	needPQ bool,
 ) (ProtocolSelector, error) {
 	// If the user picks a protocol, then we stick to it no matter what.
 	switch protocolFlag {
 	case QUIC.String():
 		return &staticProtocolSelector{current: QUICWarp}, nil
 	case HTTP2.String():
 		return &staticProtocolSelector{current: HTTP2Warp}, nil
 	}
 	// If the user does not pick (hopefully the majority) then we use the one derived from the TXT DNS record and
 	// fallback on failures.
 	if protocolFlag == AutoSelectFlag {
 		return newAutoProtocolSelector(protocol, []Protocol{QUICWarp, HTTP2Warp}, threshold, fetchFunc, ttl, log, needPQ), nil
 	}
 	return nil, fmt.Errorf("Unknown protocol %s, %s", protocolFlag, AvailableProtocolFlagMessage)
--- a/connection/protocol_test.go
+++ b/connection/protocol_test.go
@ -3,7 +3,6 @@ package connection
 import (
 	"fmt"
 	"testing"
 	"time"
 	"github.com/stretchr/testify/assert"
@ -12,18 +11,10 @@ import (
 const (
 	testNoTTL      = 0
-	noWarpRoutingEnabled = false
+	testAccountTag = "testAccountTag"
 )
-var (
+func mockFetcher(getError bool, protocolPercent ...edgediscovery.ProtocolPercent) edgediscovery.PercentageFetcher {
 	testNamedTunnelProperties = &NamedTunnelProperties{
 		Credentials: Credentials{
 			AccountTag: "testAccountTag",
 		},
 	}
 )
 func mockFetcher(getError bool, protocolPercent ...edgediscovery.ProtocolPercent) PercentageFetcher {
 	return func() (edgediscovery.ProtocolPercents, error) {
 		if getError {
 			return nil, fmt.Errorf("failed to fetch percentage")
@ -37,7 +28,7 @@ type dynamicMockFetcher struct {
 	err              error
 }
-func (dmf *dynamicMockFetcher) fetch() PercentageFetcher {
+func (dmf *dynamicMockFetcher) fetch() edgediscovery.PercentageFetcher {
 	return func() (edgediscovery.ProtocolPercents, error) {
 		return dmf.protocolPercents, dmf.err
 	}
@ -47,179 +38,56 @@ func TestNewProtocolSelector(t *testing.T) {
 	tests := []struct {
 		name                string
 		protocol            string
 		tunnelTokenProvided bool
 		needPQ              bool
 		expectedProtocol    Protocol
 		hasFallback         bool
 		expectedFallback    Protocol
 		warpRoutingEnabled bool
 		namedTunnelConfig  *NamedTunnelProperties
 		fetchFunc          PercentageFetcher
 		wantErr             bool
 	}{
 		{
-			name:              "classic tunnel",
+			name:     "named tunnel with unknown protocol",
-			protocol:          "h2mux",
+			protocol: "unknown",
-			expectedProtocol:  H2mux,
+			wantErr:  true,
 			namedTunnelConfig: nil,
 		},
 		{
-			name:              "named tunnel over h2mux",
+			name:             "named tunnel with h2mux: force to http2",
 			protocol:         "h2mux",
-			expectedProtocol:  H2mux,
+			expectedProtocol: HTTP2,
 			fetchFunc:         func() (edgediscovery.ProtocolPercents, error) { return nil, nil },
 			namedTunnelConfig: testNamedTunnelProperties,
 		},
 		{
-			name:              "named tunnel over http2",
+			name:             "named tunnel with http2: no fallback",
 			protocol:         "http2",
 			expectedProtocol: HTTP2,
 			fetchFunc:         mockFetcher(false, edgediscovery.ProtocolPercent{Protocol: "http2", Percentage: 0}),
 			namedTunnelConfig: testNamedTunnelProperties,
 		},
 		{
-			name:              "named tunnel http2 disabled still gets http2 because it is manually picked",
+			name:             "named tunnel with auto: quic",
 			protocol:          "http2",
 			expectedProtocol:  HTTP2,
 			fetchFunc:         mockFetcher(false, edgediscovery.ProtocolPercent{Protocol: "http2", Percentage: -1}),
 			namedTunnelConfig: testNamedTunnelProperties,
 		},
 		{
 			name:              "named tunnel quic disabled still gets quic because it is manually picked",
 			protocol:          "quic",
 			expectedProtocol:  QUIC,
 			fetchFunc:         mockFetcher(false, edgediscovery.ProtocolPercent{Protocol: "http2", Percentage: 100}, edgediscovery.ProtocolPercent{Protocol: "quic", Percentage: -1}),
 			namedTunnelConfig: testNamedTunnelProperties,
 		},
 		{
 			name:              "named tunnel quic and http2 disabled",
 			protocol:          AutoSelectFlag,
 			expectedProtocol:  H2mux,
 			fetchFunc:         mockFetcher(false, edgediscovery.ProtocolPercent{Protocol: "http2", Percentage: -1}, edgediscovery.ProtocolPercent{Protocol: "quic", Percentage: -1}),
 			namedTunnelConfig: testNamedTunnelProperties,
 		},
 		{
 			name:             "named tunnel quic disabled",
 			protocol:         AutoSelectFlag,
 			expectedProtocol: HTTP2,
 			// Hasfallback true is because if http2 fails, then we further fallback to h2mux.
 			hasFallback:       true,
 			expectedFallback:  H2mux,
 			fetchFunc:         mockFetcher(false, edgediscovery.ProtocolPercent{Protocol: "http2", Percentage: 100}, edgediscovery.ProtocolPercent{Protocol: "quic", Percentage: -1}),
 			namedTunnelConfig: testNamedTunnelProperties,
 		},
 		{
 			name:              "named tunnel auto all http2 disabled",
 			protocol:          AutoSelectFlag,
 			expectedProtocol:  H2mux,
 			fetchFunc:         mockFetcher(false, edgediscovery.ProtocolPercent{Protocol: "http2", Percentage: -1}),
 			namedTunnelConfig: testNamedTunnelProperties,
 		},
 		{
 			name:              "named tunnel auto to h2mux",
 			protocol:          AutoSelectFlag,
 			expectedProtocol:  H2mux,
 			fetchFunc:         mockFetcher(false, edgediscovery.ProtocolPercent{Protocol: "http2", Percentage: 0}),
 			namedTunnelConfig: testNamedTunnelProperties,
 		},
 		{
 			name:              "named tunnel auto to http2",
 			protocol:          AutoSelectFlag,
 			expectedProtocol:  HTTP2,
 			hasFallback:       true,
 			expectedFallback:  H2mux,
 			fetchFunc:         mockFetcher(false, edgediscovery.ProtocolPercent{Protocol: "http2", Percentage: 100}),
 			namedTunnelConfig: testNamedTunnelProperties,
 		},
 		{
 			name:              "named tunnel auto to quic",
 			protocol:         AutoSelectFlag,
 			expectedProtocol: QUIC,
 			hasFallback:      true,
 			expectedFallback: HTTP2,
 			fetchFunc:         mockFetcher(false, edgediscovery.ProtocolPercent{Protocol: "quic", Percentage: 100}),
 			namedTunnelConfig: testNamedTunnelProperties,
 		},
 		{
-			name:               "warp routing requesting h2mux",
+			name:             "named tunnel (post quantum)",
-			protocol:           "h2mux",
+			protocol:         AutoSelectFlag,
-			expectedProtocol:   HTTP2Warp,
+			needPQ:           true,
-			hasFallback:        false,
+			expectedProtocol: QUIC,
 			fetchFunc:          mockFetcher(false, edgediscovery.ProtocolPercent{Protocol: "http2", Percentage: 100}),
 			warpRoutingEnabled: true,
 			namedTunnelConfig:  testNamedTunnelProperties,
 		},
 		{
-			name:               "warp routing requesting h2mux picks HTTP2 even if http2 percent is -1",
+			name:             "named tunnel (post quantum) w/http2",
 			protocol:           "h2mux",
 			expectedProtocol:   HTTP2Warp,
 			hasFallback:        false,
 			fetchFunc:          mockFetcher(false, edgediscovery.ProtocolPercent{Protocol: "http2", Percentage: -1}),
 			warpRoutingEnabled: true,
 			namedTunnelConfig:  testNamedTunnelProperties,
 		},
 		{
 			name:               "warp routing http2",
 			protocol:         "http2",
-			expectedProtocol:   HTTP2Warp,
+			needPQ:           true,
-			hasFallback:        false,
+			expectedProtocol: QUIC,
 			fetchFunc:          mockFetcher(false, edgediscovery.ProtocolPercent{Protocol: "http2", Percentage: 100}),
 			warpRoutingEnabled: true,
 			namedTunnelConfig:  testNamedTunnelProperties,
 		},
 		{
 			name:               "warp routing quic",
 			protocol:           AutoSelectFlag,
 			expectedProtocol:   QUICWarp,
 			hasFallback:        true,
 			expectedFallback:   HTTP2Warp,
 			fetchFunc:          mockFetcher(false, edgediscovery.ProtocolPercent{Protocol: "quic", Percentage: 100}),
 			warpRoutingEnabled: true,
 			namedTunnelConfig:  testNamedTunnelProperties,
 		},
 		{
 			name:               "warp routing auto",
 			protocol:           AutoSelectFlag,
 			expectedProtocol:   HTTP2Warp,
 			hasFallback:        false,
 			fetchFunc:          mockFetcher(false, edgediscovery.ProtocolPercent{Protocol: "http2", Percentage: 100}),
 			warpRoutingEnabled: true,
 			namedTunnelConfig:  testNamedTunnelProperties,
 		},
 		{
 			name:               "warp routing auto- quic",
 			protocol:           AutoSelectFlag,
 			expectedProtocol:   QUICWarp,
 			hasFallback:        true,
 			expectedFallback:   HTTP2Warp,
 			fetchFunc:          mockFetcher(false, edgediscovery.ProtocolPercent{Protocol: "http2", Percentage: 100}, edgediscovery.ProtocolPercent{Protocol: "quic", Percentage: 100}),
 			warpRoutingEnabled: true,
 			namedTunnelConfig:  testNamedTunnelProperties,
 		},
 		{
 			// None named tunnel can only use h2mux, so specifying an unknown protocol is not an error
 			name:             "classic tunnel unknown protocol",
 			protocol:         "unknown",
 			expectedProtocol: H2mux,
 		},
 		{
 			name:              "named tunnel unknown protocol",
 			protocol:          "unknown",
 			fetchFunc:         mockFetcher(false, edgediscovery.ProtocolPercent{Protocol: "http2", Percentage: 100}),
 			namedTunnelConfig: testNamedTunnelProperties,
 			wantErr:           true,
 		},
 		{
 			name:              "named tunnel fetch error",
 			protocol:          AutoSelectFlag,
 			fetchFunc:         mockFetcher(true),
 			namedTunnelConfig: testNamedTunnelProperties,
 			expectedProtocol:  HTTP2,
 			wantErr:           false,
 		},
 	}
 	fetcher := dynamicMockFetcher{
 		protocolPercents: edgediscovery.ProtocolPercents{},
 	}
 	for _, test := range tests {
 		t.Run(test.name, func(t *testing.T) {
-			selector, err := NewProtocolSelector(test.protocol, test.warpRoutingEnabled, test.namedTunnelConfig, test.fetchFunc, testNoTTL, &log, false)
+			selector, err := NewProtocolSelector(test.protocol, testAccountTag, test.tunnelTokenProvided, test.needPQ, fetcher.fetch(), ResolveTTL, &log)
 			if test.wantErr {
 				assert.Error(t, err, fmt.Sprintf("test %s failed", test.name))
 			} else {
@ -237,15 +105,15 @@ func TestNewProtocolSelector(t *testing.T) {
 func TestAutoProtocolSelectorRefresh(t *testing.T) {
 	fetcher := dynamicMockFetcher{}
-	selector, err := NewProtocolSelector(AutoSelectFlag, noWarpRoutingEnabled, testNamedTunnelProperties, fetcher.fetch(), testNoTTL, &log, false)
+	selector, err := NewProtocolSelector(AutoSelectFlag, testAccountTag, false, false, fetcher.fetch(), testNoTTL, &log)
 	assert.NoError(t, err)
-	assert.Equal(t, H2mux, selector.Current())
+	assert.Equal(t, QUIC, selector.Current())
 	fetcher.protocolPercents = edgediscovery.ProtocolPercents{edgediscovery.ProtocolPercent{Protocol: "http2", Percentage: 100}}
 	assert.Equal(t, HTTP2, selector.Current())
 	fetcher.protocolPercents = edgediscovery.ProtocolPercents{edgediscovery.ProtocolPercent{Protocol: "http2", Percentage: 0}}
-	assert.Equal(t, H2mux, selector.Current())
+	assert.Equal(t, QUIC, selector.Current())
 	fetcher.protocolPercents = edgediscovery.ProtocolPercents{edgediscovery.ProtocolPercent{Protocol: "http2", Percentage: 100}}
 	assert.Equal(t, HTTP2, selector.Current())
@ -255,10 +123,10 @@ func TestAutoProtocolSelectorRefresh(t *testing.T) {
 	fetcher.protocolPercents = edgediscovery.ProtocolPercents{edgediscovery.ProtocolPercent{Protocol: "http2", Percentage: -1}}
 	fetcher.err = nil
-	assert.Equal(t, H2mux, selector.Current())
+	assert.Equal(t, QUIC, selector.Current())
 	fetcher.protocolPercents = edgediscovery.ProtocolPercents{edgediscovery.ProtocolPercent{Protocol: "http2", Percentage: 0}}
-	assert.Equal(t, H2mux, selector.Current())
+	assert.Equal(t, QUIC, selector.Current())
 	fetcher.protocolPercents = edgediscovery.ProtocolPercents{edgediscovery.ProtocolPercent{Protocol: "quic", Percentage: 100}}
 	assert.Equal(t, QUIC, selector.Current())
@ -267,7 +135,7 @@ func TestAutoProtocolSelectorRefresh(t *testing.T) {
 func TestHTTP2ProtocolSelectorRefresh(t *testing.T) {
 	fetcher := dynamicMockFetcher{}
 	// Since the user chooses http2 on purpose, we always stick to it.
-	selector, err := NewProtocolSelector("http2", noWarpRoutingEnabled, testNamedTunnelProperties, fetcher.fetch(), testNoTTL, &log, false)
+	selector, err := NewProtocolSelector(HTTP2.String(), testAccountTag, false, false, fetcher.fetch(), testNoTTL, &log)
 	assert.NoError(t, err)
 	assert.Equal(t, HTTP2, selector.Current())
@ -294,13 +162,12 @@ func TestHTTP2ProtocolSelectorRefresh(t *testing.T) {
 	assert.Equal(t, HTTP2, selector.Current())
 }
-func TestProtocolSelectorRefreshTTL(t *testing.T) {
+func TestAutoProtocolSelectorNoRefreshWithToken(t *testing.T) {
 	fetcher := dynamicMockFetcher{}
-	fetcher.protocolPercents = edgediscovery.ProtocolPercents{edgediscovery.ProtocolPercent{Protocol: "quic", Percentage: 100}}
+	selector, err := NewProtocolSelector(AutoSelectFlag, testAccountTag, true, false, fetcher.fetch(), testNoTTL, &log)
 	selector, err := NewProtocolSelector(AutoSelectFlag, noWarpRoutingEnabled, testNamedTunnelProperties, fetcher.fetch(), time.Hour, &log, false)
 	assert.NoError(t, err)
 	assert.Equal(t, QUIC, selector.Current())
-	fetcher.protocolPercents = edgediscovery.ProtocolPercents{edgediscovery.ProtocolPercent{Protocol: "quic", Percentage: 0}}
+	fetcher.protocolPercents = edgediscovery.ProtocolPercents{edgediscovery.ProtocolPercent{Protocol: "http2", Percentage: 100}}
 	assert.Equal(t, QUIC, selector.Current())
 }
--- a/connection/quic.go
+++ b/connection/quic.go
@ -60,6 +60,7 @@ type QUICConnection struct {
 	packetRouter         *ingress.PacketRouter
 	controlStreamHandler ControlStreamHandler
 	connOptions          *tunnelpogs.ConnectionOptions
 	connIndex            uint8
 }
 // NewQUICConnection returns a new instance of QUICConnection.
@ -107,6 +108,7 @@ func NewQUICConnection(
 		packetRouter:         packetRouter,
 		controlStreamHandler: controlStreamHandler,
 		connOptions:          connOptions,
 		connIndex:            connIndex,
 	}, nil
 }
@ -194,7 +196,11 @@ func (q *QUICConnection) runStream(quicStream quic.Stream) {
 	// A call to close will simulate a close to the read-side, which will fail subsequent reads.
 	noCloseStream := &nopCloserReadWriter{ReadWriteCloser: stream}
 	if err := q.handleStream(ctx, noCloseStream); err != nil {
-		q.logger.Err(err).Msg("Failed to handle QUIC stream")
+		q.logger.Debug().Err(err).Msg("Failed to handle QUIC stream")
 		// if we received an error at this level, then close write side of stream with an error, which will result in
 		// RST_STREAM frame.
 		quicStream.CancelWrite(0)
 	}
 }
@ -227,43 +233,61 @@ func (q *QUICConnection) handleDataStream(ctx context.Context, stream *quicpogs.
 		return err
 	}
-	if err := q.dispatchRequest(ctx, stream, err, request); err != nil {
+	if err, connectResponseSent := q.dispatchRequest(ctx, stream, err, request); err != nil {
 		_ = stream.WriteConnectResponseData(err)
 		q.logger.Err(err).Str("type", request.Type.String()).Str("dest", request.Dest).Msg("Request failed")
 		// if the connectResponse was already sent and we had an error, we need to propagate it up, so that the stream is
 		// closed with an RST_STREAM frame
 		if connectResponseSent {
 			return err
 		}
 		if writeRespErr := stream.WriteConnectResponseData(err); writeRespErr != nil {
 			return writeRespErr
 		}
 	}
 	return nil
 }
-func (q *QUICConnection) dispatchRequest(ctx context.Context, stream *quicpogs.RequestServerStream, err error, request *quicpogs.ConnectRequest) error {
+// dispatchRequest will dispatch the request depending on the type and returns an error if it occurs.
 // More importantly, it also tells if the during processing of the request the ConnectResponse metadata was sent downstream.
 // This is important since it informs
 func (q *QUICConnection) dispatchRequest(ctx context.Context, stream *quicpogs.RequestServerStream, err error, request *quicpogs.ConnectRequest) (error, bool) {
 	originProxy, err := q.orchestrator.GetOriginProxy()
 	if err != nil {
-		return err
+		return err, false
 	}
 	switch request.Type {
 	case quicpogs.ConnectionTypeHTTP, quicpogs.ConnectionTypeWebsocket:
-		tracedReq, err := buildHTTPRequest(ctx, request, stream, q.logger)
+		tracedReq, err := buildHTTPRequest(ctx, request, stream, q.connIndex, q.logger)
 		if err != nil {
-			return err
+			return err, false
 		}
 		w := newHTTPResponseAdapter(stream)
-		return originProxy.ProxyHTTP(w, tracedReq, request.Type == quicpogs.ConnectionTypeWebsocket)
+		return originProxy.ProxyHTTP(&w, tracedReq, request.Type == quicpogs.ConnectionTypeWebsocket), w.connectResponseSent
 	case quicpogs.ConnectionTypeTCP:
-		rwa := &streamReadWriteAcker{stream}
+		rwa := &streamReadWriteAcker{RequestServerStream: stream}
 		metadata := request.MetadataMap()
 		return originProxy.ProxyTCP(ctx, rwa, &TCPRequest{
 			Dest:      request.Dest,
 			FlowID:    metadata[QUICMetadataFlowID],
 			CfTraceID: metadata[tracing.TracerContextName],
-		})
+			ConnIndex: q.connIndex,
 		}), rwa.connectResponseSent
 	default:
 		return errors.Errorf("unsupported error type: %s", request.Type), false
 	}
 	return nil
 }
 func (q *QUICConnection) handleRPCStream(rpcStream *quicpogs.RPCServerStream) error {
-	return rpcStream.Serve(q, q, q.logger)
+	if err := rpcStream.Serve(q, q, q.logger); err != nil {
 		q.logger.Err(err).Msg("failed handling RPC stream")
 	}
 	return nil
 }
 // RegisterUdpSession is the RPC method invoked by edge to register and run a session
@ -358,31 +382,38 @@ func (q *QUICConnection) UpdateConfiguration(ctx context.Context, version int32,
 // the client.
 type streamReadWriteAcker struct {
 	*quicpogs.RequestServerStream
 	connectResponseSent bool
 }
 // AckConnection acks response back to the proxy.
 func (s *streamReadWriteAcker) AckConnection(tracePropagation string) error {
-	metadata := quicpogs.Metadata{
+	metadata := []quicpogs.Metadata{}
 	// Only add tracing if provided by origintunneld
 	if tracePropagation != "" {
 		metadata = append(metadata, quicpogs.Metadata{
 			Key: tracing.CanonicalCloudflaredTracingHeader,
 			Val: tracePropagation,
 		})
 	}
-	return s.WriteConnectResponseData(nil, metadata)
+	s.connectResponseSent = true
 	return s.WriteConnectResponseData(nil, metadata...)
 }
 // httpResponseAdapter translates responses written by the HTTP Proxy into ones that can be used in QUIC.
 type httpResponseAdapter struct {
 	*quicpogs.RequestServerStream
 	connectResponseSent bool
 }
 func newHTTPResponseAdapter(s *quicpogs.RequestServerStream) httpResponseAdapter {
-	return httpResponseAdapter{s}
+	return httpResponseAdapter{RequestServerStream: s}
 }
-func (hrw httpResponseAdapter) AddTrailer(trailerName, trailerValue string) {
+func (hrw *httpResponseAdapter) AddTrailer(trailerName, trailerValue string) {
 	// we do not support trailers over QUIC
 }
-func (hrw httpResponseAdapter) WriteRespHeaders(status int, header http.Header) error {
+func (hrw *httpResponseAdapter) WriteRespHeaders(status int, header http.Header) error {
 	metadata := make([]quicpogs.Metadata, 0)
 	metadata = append(metadata, quicpogs.Metadata{Key: "HttpStatus", Val: strconv.Itoa(status)})
 	for k, vv := range header {
@ -391,17 +422,24 @@ func (hrw httpResponseAdapter) WriteRespHeaders(status int, header http.Header)
 			metadata = append(metadata, quicpogs.Metadata{Key: httpHeaderKey, Val: v})
 		}
 	}
 	return hrw.WriteConnectResponseData(nil, metadata...)
 }
-func (hrw httpResponseAdapter) WriteErrorResponse(err error) {
+func (hrw *httpResponseAdapter) WriteErrorResponse(err error) {
 	hrw.WriteConnectResponseData(err, quicpogs.Metadata{Key: "HttpStatus", Val: strconv.Itoa(http.StatusBadGateway)})
 }
 func (hrw *httpResponseAdapter) WriteConnectResponseData(respErr error, metadata ...quicpogs.Metadata) error {
 	hrw.connectResponseSent = true
 	return hrw.RequestServerStream.WriteConnectResponseData(respErr, metadata...)
 }
 func buildHTTPRequest(
 	ctx context.Context,
 	connectRequest *quicpogs.ConnectRequest,
 	body io.ReadCloser,
 	connIndex uint8,
 	log *zerolog.Logger,
 ) (*tracing.TracedHTTPRequest, error) {
 	metadata := connectRequest.MetadataMap()
@ -445,7 +483,7 @@ func buildHTTPRequest(
 	stripWebsocketUpgradeHeader(req)
 	// Check for tracing on request
-	tracedReq := tracing.NewTracedHTTPRequest(req, log)
+	tracedReq := tracing.NewTracedHTTPRequest(req, connIndex, log)
 	return tracedReq, err
 }
--- a/connection/quic_test.go
+++ b/connection/quic_test.go
@ -485,7 +485,7 @@ func TestBuildHTTPRequest(t *testing.T) {
 	for _, test := range tests {
 		test := test // capture range variable
 		t.Run(test.name, func(t *testing.T) {
-			req, err := buildHTTPRequest(context.Background(), test.connectRequest, test.body, &log)
+			req, err := buildHTTPRequest(context.Background(), test.connectRequest, test.body, 0, &log)
 			assert.NoError(t, err)
 			test.req = test.req.WithContext(req.Context())
 			assert.Equal(t, test.req, req.Request)
--- a/connection/rpc.go
+++ b/connection/rpc.go
@ -295,7 +295,7 @@ func (h *h2muxConnection) registerNamedTunnel(
 		return err
 	}
 	h.observer.logServerInfo(h.connIndex, registrationDetails.Location, nil, fmt.Sprintf("Connection %s registered", registrationDetails.UUID))
-	h.observer.sendConnectedEvent(h.connIndex, H2mux, registrationDetails.Location)
+	h.observer.sendConnectedEvent(h.connIndex, 0, registrationDetails.Location)
 	return nil
 }
--- a/edgediscovery/protocol.go
+++ b/edgediscovery/protocol.go
@ -15,6 +15,8 @@ var (
 	errNoProtocolRecord = fmt.Errorf("No TXT record found for %s to determine connection protocol", protocolRecord)
 )
 type PercentageFetcher func() (ProtocolPercents, error)
 // ProtocolPercent represents a single Protocol Percentage combination.
 type ProtocolPercent struct {
 	Protocol   string `json:"protocol"`
--- a/go.mod
+++ b/go.mod
@ -5,12 +5,13 @@ go 1.19
 require (
 	github.com/cloudflare/brotli-go v0.0.0-20191101163834-d34379f7ff93
 	github.com/cloudflare/golibs v0.0.0-20170913112048-333127dbecfc
-	github.com/coredns/coredns v1.8.7
+	github.com/coredns/coredns v1.10.0
 	github.com/coreos/go-oidc/v3 v3.4.0
 	github.com/coreos/go-systemd v0.0.0-20191104093116-d3cd4ed1dbcf
 	github.com/facebookgo/grace v0.0.0-20180706040059-75cf19382434
 	github.com/fsnotify/fsnotify v1.4.9
-	github.com/getsentry/raven-go v0.0.0-20180517221441-ed7bcb39ff10
+	github.com/getsentry/raven-go v0.2.0
 	github.com/getsentry/sentry-go v0.16.0
 	github.com/gobwas/ws v1.0.4
 	github.com/golang-collections/collections v0.0.0-20130729185459-604e922904d3
 	github.com/google/gopacket v1.1.19
@ -18,14 +19,14 @@ require (
 	github.com/gorilla/websocket v1.4.2
 	github.com/json-iterator/go v1.1.12
 	github.com/lucas-clemente/quic-go v0.28.1
-	github.com/mattn/go-colorable v0.1.8
+	github.com/mattn/go-colorable v0.1.13
-	github.com/miekg/dns v1.1.45
+	github.com/miekg/dns v1.1.50
 	github.com/mitchellh/go-homedir v1.1.0
 	github.com/pkg/errors v0.9.1
-	github.com/prometheus/client_golang v1.12.1
+	github.com/prometheus/client_golang v1.13.0
 	github.com/prometheus/client_model v0.2.0
 	github.com/rs/zerolog v1.20.0
-	github.com/stretchr/testify v1.7.1
+	github.com/stretchr/testify v1.8.1
 	github.com/urfave/cli/v2 v2.3.0
 	go.opentelemetry.io/contrib/propagators v0.22.0
 	go.opentelemetry.io/otel v1.6.3
@ -34,12 +35,12 @@ require (
 	go.opentelemetry.io/otel/trace v1.6.3
 	go.opentelemetry.io/proto/otlp v0.15.0
 	go.uber.org/automaxprocs v1.4.0
-	golang.org/x/crypto v0.2.0
+	golang.org/x/crypto v0.5.0
-	golang.org/x/net v0.4.0
+	golang.org/x/net v0.5.0
 	golang.org/x/sync v0.1.0
-	golang.org/x/sys v0.3.0
+	golang.org/x/sys v0.4.0
-	golang.org/x/term v0.3.0
+	golang.org/x/term v0.4.0
-	google.golang.org/protobuf v1.28.0
+	google.golang.org/protobuf v1.28.1
 	gopkg.in/coreos/go-oidc.v2 v2.2.1
 	gopkg.in/natefinch/lumberjack.v2 v2.0.0
 	gopkg.in/square/go-jose.v2 v2.6.0
@ -48,10 +49,10 @@ require (
 )
 require (
-	github.com/BurntSushi/toml v0.3.1 // indirect
+	github.com/BurntSushi/toml v1.2.0 // indirect
 	github.com/apparentlymart/go-cidr v1.1.0 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
-	github.com/certifi/gocertifi v0.0.0-20200211180108-c7c1fbc02894 // indirect
+	github.com/certifi/gocertifi v0.0.0-20210507211836-431795d63e8d // indirect
 	github.com/cespare/xxhash/v2 v2.1.2 // indirect
 	github.com/cheekybits/genny v1.0.0 // indirect
 	github.com/cloudflare/circl v1.2.1-0.20220809205628-0a9554f37a47 // indirect
@ -71,30 +72,33 @@ require (
 	github.com/golang/protobuf v1.5.2 // indirect
 	github.com/grpc-ecosystem/grpc-gateway/v2 v2.7.0 // indirect
 	github.com/grpc-ecosystem/grpc-opentracing v0.0.0-20180507213350-8e809c8a8645 // indirect
 	github.com/kr/text v0.2.0 // indirect
 	github.com/kylelemons/godebug v1.1.0 // indirect
 	github.com/marten-seemann/qtls-go1-16 v0.1.5 // indirect
 	github.com/marten-seemann/qtls-go1-17 v0.1.2 // indirect
 	github.com/marten-seemann/qtls-go1-18 v0.1.2 // indirect
 	github.com/marten-seemann/qtls-go1-19 v0.1.0-beta.1 // indirect
-	github.com/mattn/go-isatty v0.0.12 // indirect
+	github.com/mattn/go-isatty v0.0.16 // indirect
 	github.com/matttproud/golang_protobuf_extensions v1.0.1 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/nxadm/tail v1.4.8 // indirect
 	github.com/onsi/ginkgo v1.16.5 // indirect
 	github.com/onsi/gomega v1.23.0 // indirect
 	github.com/opentracing/opentracing-go v1.2.0 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/pquerna/cachecontrol v0.0.0-20180517163645-1555304b9b35 // indirect
-	github.com/prometheus/common v0.32.1 // indirect
+	github.com/prometheus/common v0.37.0 // indirect
-	github.com/prometheus/procfs v0.7.3 // indirect
+	github.com/prometheus/procfs v0.8.0 // indirect
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
 	golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 // indirect
-	golang.org/x/oauth2 v0.0.0-20220822191816-0ebed06d0094 // indirect
+	golang.org/x/oauth2 v0.4.0 // indirect
-	golang.org/x/text v0.5.0 // indirect
+	golang.org/x/text v0.6.0 // indirect
 	golang.org/x/tools v0.1.12 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
-	google.golang.org/genproto v0.0.0-20220616135557-88e70c0c3a90 // indirect
+	google.golang.org/genproto v0.0.0-20221202195650-67e5cbc046fd // indirect
-	google.golang.org/grpc v1.47.0 // indirect
+	google.golang.org/grpc v1.51.0 // indirect
 	gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect
 	gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 )
--- a/go.sum
+++ b/go.sum
@ -61,37 +61,11 @@ dmitri.shuralyov.com/html/belt v0.0.0-20180602232347-f7d459c86be0/go.mod h1:JLBr
 dmitri.shuralyov.com/service/change v0.0.0-20181023043359-a85b471d5412/go.mod h1:a1inKt/atXimZ4Mv927x+r7UpyzRUf4emIoiiSC2TN4=
 dmitri.shuralyov.com/state v0.0.0-20180228185332-28bcc343414c/go.mod h1:0PRwlb0D6DFvNNtx+9ybjezNCa8XF0xaYcETyp6rHWU=
 git.apache.org/thrift.git v0.0.0-20180902110319-2566ecd5d999/go.mod h1:fPE2ZNJGynbRyZ4dJvy6G277gSllfV2HJqblrnkyeyg=
 github.com/Azure/azure-sdk-for-go v61.1.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
 github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24=
 github.com/Azure/go-autorest/autorest v0.11.18/go.mod h1:dSiJPy22c3u0OtOKDNttNgqpNFY/GeWa7GH/Pz56QRA=
 github.com/Azure/go-autorest/autorest v0.11.19/go.mod h1:dSiJPy22c3u0OtOKDNttNgqpNFY/GeWa7GH/Pz56QRA=
 github.com/Azure/go-autorest/autorest v0.11.23/go.mod h1:BAWYUWGPEtKPzjVkp0Q6an0MJcJDsoh5Z1BFAEFs4Xs=
 github.com/Azure/go-autorest/autorest/adal v0.9.5/go.mod h1:B7KF7jKIeC9Mct5spmyCB/A8CG/sEz1vwIRGv/bbw7A=
 github.com/Azure/go-autorest/autorest/adal v0.9.13/go.mod h1:W/MM4U6nLxnIskrw4UwWzlHfGjwUS50aOsc/I3yuU8M=
 github.com/Azure/go-autorest/autorest/adal v0.9.14/go.mod h1:W/MM4U6nLxnIskrw4UwWzlHfGjwUS50aOsc/I3yuU8M=
 github.com/Azure/go-autorest/autorest/adal v0.9.18/go.mod h1:XVVeme+LZwABT8K5Lc3hA4nAe8LDBVle26gTrguhhPQ=
 github.com/Azure/go-autorest/autorest/azure/auth v0.5.10/go.mod h1:zQXYYNX9kXzRMrJNVXWUfNy38oPMF5/2TeZ4Wylc9fE=
 github.com/Azure/go-autorest/autorest/azure/cli v0.4.2/go.mod h1:7qkJkT+j6b+hIpzMOwPChJhTqS8VbsqqgULzMNRugoM=
 github.com/Azure/go-autorest/autorest/date v0.3.0/go.mod h1:BI0uouVdmngYNUzGWeSYnokU+TrmwEsOqdt8Y6sso74=
 github.com/Azure/go-autorest/autorest/mocks v0.4.1/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k=
 github.com/Azure/go-autorest/autorest/to v0.2.0/go.mod h1:GunWKJp1AEqgMaGLV+iocmRAJWqST1wQYhyyjXJ3SJc=
 github.com/Azure/go-autorest/logger v0.2.1/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8=
 github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU=
 github.com/BurntSushi/toml v0.3.1 h1:WXkYYl6Yr3qBf1K79EBnL4mak0OimBfB0XUf9Vl28OQ=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/BurntSushi/toml v1.2.0 h1:Rt8g24XnyGTyglgET/PRUNlrUeu9F5L+7FilkXfZgs0=
 github.com/BurntSushi/toml v1.2.0/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
 github.com/DataDog/datadog-go v4.4.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ=
 github.com/DataDog/gostackparse v0.5.0/go.mod h1:lTfqcJKqS9KnXQGnyQMCugq3u1FP6UZMfWR0aitKFMM=
 github.com/DataDog/sketches-go v1.0.0/go.mod h1:O+XkJHWk9w4hDwY2ZUDU31ZC9sNYlYo8DiFsxjYeo1k=
 github.com/Microsoft/go-winio v0.5.0/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84=
 github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ=
 github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
 github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
 github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE=
 github.com/Shopify/sarama v1.19.0/go.mod h1:FVkBWblsNy7DGZRfXLU0O9RCGt5g3g3yEuWXgklEdEo=
 github.com/Shopify/sarama v1.30.0/go.mod h1:zujlQQx1kzHsh4jfV1USnptCQrHAEZ2Hk8fTKCulPVs=
 github.com/Shopify/toxiproxy v2.1.4+incompatible/go.mod h1:OXgGpZ6Cli1/URJOF1DMxUHB2q5Ap20/P/eIdh4G0pI=
 github.com/Shopify/toxiproxy/v2 v2.1.6-0.20210914104332-15ea381dcdae/go.mod h1:/cvHQkZ1fst0EmZnA5dFtiQdWCNCFYzb+uE2vqVgvx0=
 github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
 github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
 github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
@ -101,8 +75,6 @@ github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239/go.mod h1:2FmKhYU
 github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY=
 github.com/apparentlymart/go-cidr v1.1.0 h1:2mAhrMoF+nhXqxTzSZMUzDHkLjmIHC+Zzn4tdgBZjnU=
 github.com/apparentlymart/go-cidr v1.1.0/go.mod h1:EBcsNrHc3zQeuaeCeCtQruQm+n9/YjEn/vI25Lg7Gwc=
 github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY=
 github.com/aws/aws-sdk-go v1.42.30/go.mod h1:OGr6lGMAKGlG9CVrYnWYDKIyb829c6EVBRjxqjmPepc=
 github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
 github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
@ -112,8 +84,8 @@ github.com/buger/jsonparser v0.0.0-20181115193947-bf1c66bbce23/go.mod h1:bbYlZJ7
 github.com/bwesterb/go-ristretto v1.2.2/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0=
 github.com/cenkalti/backoff/v4 v4.1.2/go.mod h1:scbssz8iZGpm3xbr14ovlUdkxfGXNInqkPWOWmG2CLw=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
-github.com/certifi/gocertifi v0.0.0-20200211180108-c7c1fbc02894 h1:JLaf/iINcLyjwbtTsCJjc6rtlASgHeIJPrB6QmwURnA=
+github.com/certifi/gocertifi v0.0.0-20210507211836-431795d63e8d h1:S2NE3iHSwP0XV47EEXL8mWmRdEfGscSJ+7EgePNgt0s=
-github.com/certifi/gocertifi v0.0.0-20200211180108-c7c1fbc02894/go.mod h1:sGbDF6GwGcLpkNXPUTkMRoywsNa/ol15pxFe6ERfguA=
+github.com/certifi/gocertifi v0.0.0-20210507211836-431795d63e8d/go.mod h1:sGbDF6GwGcLpkNXPUTkMRoywsNa/ol15pxFe6ERfguA=
 github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc=
 github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/cespare/xxhash/v2 v2.1.2 h1:YRXhKfTDauu4ajMg1TPgFO5jnlC2HCbmLXMcTG5cbYE=
@ -147,16 +119,14 @@ github.com/cncf/xds/go v0.0.0-20211001041855-01bcc9b48dfe/go.mod h1:eXthEFrGJvWH
 github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
 github.com/coredns/caddy v1.1.1 h1:2eYKZT7i6yxIfGP3qLJoJ7HAsDJqYB+X68g4NYjSrE0=
 github.com/coredns/caddy v1.1.1/go.mod h1:A6ntJQlAWuQfFlsd9hvigKbo2WS0VUs2l1e2F+BawD4=
-github.com/coredns/coredns v1.8.7 h1:wVMjAnyFnY7Mc18AFO+9qbGD6ODPtdVUIlzoWrHr3hk=
+github.com/coredns/coredns v1.10.0 h1:jCfuWsBjTs0dapkkhISfPCzn5LqvSRtrFtaf/Tjj4DI=
-github.com/coredns/coredns v1.8.7/go.mod h1:bFmbgEfeRz5aizL2VsQ5LRlsvJuXWkgG/MWG9zxqjVM=
+github.com/coredns/coredns v1.10.0/go.mod h1:CIfRU5TgpuoIiJBJ4XrofQzfFQpPFh32ERpUevrSlaw=
 github.com/coreos/go-oidc/v3 v3.4.0 h1:xz7elHb/LDwm/ERpwHd+5nb7wFHL32rsr6bBOgaeu6g=
 github.com/coreos/go-oidc/v3 v3.4.0/go.mod h1:eHUXhZtXPQLgEaDrOVTgwbgmz1xGOkJNye6h3zkD2Pw=
 github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
 github.com/coreos/go-systemd v0.0.0-20181012123002-c6f51f82210d/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
 github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
 github.com/coreos/go-systemd v0.0.0-20191104093116-d3cd4ed1dbcf h1:iW4rZ826su+pqaw19uhpSCzhj44qo35pNgKFGqzDKkU=
 github.com/coreos/go-systemd v0.0.0-20191104093116-d3cd4ed1dbcf/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
 github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
 github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
 github.com/cpuguy83/go-md2man/v2 v2.0.0 h1:EoUDS0afbrsXAZ9YQ9jdu/mZ2sXgT1/2yyNng4PGlyM=
 github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
@ -164,18 +134,7 @@ github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ3
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/dimchansky/utfbom v1.1.0/go.mod h1:rO41eb7gLfo8SF1jd9F8HplJm1Fewwi4mQvIirEdv+8=
 github.com/dimchansky/utfbom v1.1.1/go.mod h1:SxdoEBH5qIqFocHMyGOXVAybYJdr71b1Q/j0mACtrfE=
 github.com/dnstap/golang-dnstap v0.4.0/go.mod h1:FqsSdH58NAmkAvKcpyxht7i4FoBjKu8E4JUPt8ipSUs=
 github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE=
 github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
 github.com/eapache/go-resiliency v1.1.0/go.mod h1:kFI+JgMyC7bLPUVY133qvEBtVayf5mFgVsvEsIPBvNs=
 github.com/eapache/go-resiliency v1.2.0/go.mod h1:kFI+JgMyC7bLPUVY133qvEBtVayf5mFgVsvEsIPBvNs=
 github.com/eapache/go-xerial-snappy v0.0.0-20180814174437-776d5712da21/go.mod h1:+020luEh2TKB4/GOp8oxxtq0Daoen/Cii55CzbTV6DU=
 github.com/eapache/queue v1.1.0/go.mod h1:6eCeP0CKFpHLu8blIFXhExK/dRa7WDZfr6jVFPTqq+I=
 github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc=
 github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs=
 github.com/envoyproxy/go-control-plane v0.6.9/go.mod h1:SBwIajubJHhxtWwsL9s8ss4safvEdbitLhGGK48rN6g=
 github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
@ -186,7 +145,6 @@ github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.m
 github.com/envoyproxy/go-control-plane v0.9.10-0.20210907150352-cf90f659a021/go.mod h1:AFq3mo9L8Lqqiid3OhADV3RfLJnjiw63cSpi+fDTRC0=
 github.com/envoyproxy/go-control-plane v0.10.2-0.20220325020618-49ff273808a1/go.mod h1:KJwIaB5Mv44NWtYuAOFCVOjcI94vtpEz2JU/D2v6IjE=
 github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
 github.com/evanphx/json-patch v4.12.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
 github.com/facebookgo/ensure v0.0.0-20160127193407-b4ab57deab51 h1:0JZ+dUmQeA8IIVUMzysrX4/AKuQwWhV2dYQuPZdvdSQ=
 github.com/facebookgo/ensure v0.0.0-20160127193407-b4ab57deab51/go.mod h1:Yg+htXGokKKdzcwhuNDwVvN+uBxDGXJ7G/VN1d8fa64=
 github.com/facebookgo/freeport v0.0.0-20150612182905-d4adf43b75b9 h1:wWke/RUCl7VRjQhwPlR/v0glZXNYzBHdNUzf/Am2Nmg=
@ -197,44 +155,36 @@ github.com/facebookgo/stack v0.0.0-20160209184415-751773369052 h1:JWuenKqqX8nojt
 github.com/facebookgo/stack v0.0.0-20160209184415-751773369052/go.mod h1:UbMTZqLaRiH3MsBH8va0n7s1pQYcu3uTb8G4tygF4Zg=
 github.com/facebookgo/subset v0.0.0-20150612182917-8dac2c3c4870 h1:E2s37DuLxFhQDg5gKsWoLBOB0n+ZW8s599zru8FJ2/Y=
 github.com/facebookgo/subset v0.0.0-20150612182917-8dac2c3c4870/go.mod h1:5tD+neXqOorC30/tWg0LCSkrqj/AR6gu8yY8/fpw1q0=
 github.com/farsightsec/golang-framestream v0.3.0/go.mod h1:eNde4IQyEiA5br02AouhEHCu3p3UzrCdFR4LuQHklMI=
 github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568 h1:BHsljHzVlRcyQhjrss6TZTdY2VfCqZPbv5k3iBFa2ZQ=
 github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc=
 github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k=
 github.com/form3tech-oss/jwt-go v3.2.3+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k=
 github.com/fortytw2/leaktest v1.3.0/go.mod h1:jDsjWgpAGjm2CA7WthBh/CdZYEPF31XHquHwclZch5g=
 github.com/francoispqt/gojay v1.2.13/go.mod h1:ehT5mTG4ua4581f1++1WLG0vPdaA9HaiDsoyrBGkyDY=
 github.com/frankban/quicktest v1.11.3/go.mod h1:wRf/ReqHper53s+kmmSZizM8NamnL3IM0I9ntUbOk+k=
 github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
 github.com/fsnotify/fsnotify v1.4.9 h1:hsms1Qyu0jgnwNXIxa+/V/PDsU6CfLf6CNO8H7IWoS4=
 github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
-github.com/getkin/kin-openapi v0.76.0/go.mod h1:660oXbgy5JFMKreazJaQTw7o+X00qeSyhcnluiMv+Xg=
+github.com/getsentry/raven-go v0.2.0 h1:no+xWJRb5ZI7eE8TWgIq1jLulQiIoLG0IfYxv5JYMGs=
-github.com/getsentry/raven-go v0.0.0-20180517221441-ed7bcb39ff10 h1:YO10pIIBftO/kkTFdWhctH96grJ7qiy7bMdiZcIvPKs=
+github.com/getsentry/raven-go v0.2.0/go.mod h1:KungGk8q33+aIAZUIVWZDr2OfAEBsO49PX4NzFV5kcQ=
-github.com/getsentry/raven-go v0.0.0-20180517221441-ed7bcb39ff10/go.mod h1:KungGk8q33+aIAZUIVWZDr2OfAEBsO49PX4NzFV5kcQ=
+github.com/getsentry/sentry-go v0.16.0 h1:owk+S+5XcgJLlGR/3+3s6N4d+uKwqYvh/eS0AIMjPWo=
 github.com/getsentry/sentry-go v0.16.0/go.mod h1:ZXCloQLj0pG7mja5NK6NPf2V4A88YJ4pNlc2mOHwh6Y=
 github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
 github.com/gliderlabs/ssh v0.1.1/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0=
 github.com/go-errors/errors v1.0.1/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm6/TyX73Q=
 github.com/go-errors/errors v1.4.2 h1:J6MZopCL4uSllY1OfXM374weqZFFItUbrImctkmUxIA=
 github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
 github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
 github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
 github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY=
 github.com/go-kit/log v0.2.0/go.mod h1:NwTd00d/i8cPZ3xOwwiv2PO5MOcx78fFErGNcVmBjv0=
 github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
 github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
 github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A=
-github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas=
+github.com/go-logfmt/logfmt v0.5.1/go.mod h1:WYhtIu8zTZfxdn5+rREduYbwxfcBr/Vr6KEVveWlfTs=
 github.com/go-logr/logr v0.2.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU=
 github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
 github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
 github.com/go-logr/logr v1.2.3 h1:2DntVwHkVopvECVRSlL5PSo9eG+cAkDCuckLubN+rq0=
 github.com/go-logr/logr v1.2.3/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
 github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
 github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
 github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
 github.com/go-openapi/jsonpointer v0.19.5/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
 github.com/go-openapi/jsonreference v0.19.3/go.mod h1:rjx6GuL8TTa9VaixXglHmQmIL98+wF9xc8zWvFonSJ8=
 github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk=
 github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
 github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 h1:p104kn46Q8WdvHunIJ9dAyjPVtrBPhSr3KT2yUst43I=
 github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE=
@ -244,21 +194,15 @@ github.com/gobwas/pool v0.2.1 h1:xfeeEhW7pwmX8nuLVlqbzVc7udMDrwetjEv+TZIz1og=
 github.com/gobwas/pool v0.2.1/go.mod h1:q8bcK0KcYlCgd9e7WYLm9LpyS+YeLd8JVDW6WezmKEw=
 github.com/gobwas/ws v1.0.4 h1:5eXU1CZhpQdq5kXbKb+sECH5Ia5KiO6CYzIzdlVx6Bs=
 github.com/gobwas/ws v1.0.4/go.mod h1:szmBTxLgaFppYjEmNtny/v3w89xOydFnnZMcgRRu/EM=
 github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
 github.com/gogo/googleapis v1.1.0/go.mod h1:gf4bu3Q80BeJ6H1S1vYPm8/ELATdvryBaNFGgqEef3s=
 github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
 github.com/gogo/protobuf v1.2.0/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
 github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
 github.com/golang-collections/collections v0.0.0-20130729185459-604e922904d3 h1:zN2lZNZRflqFyxVaTIU61KNKQ9C0055u9CAfpmqUvo4=
 github.com/golang-collections/collections v0.0.0-20130729185459-604e922904d3/go.mod h1:nPpo7qLxd6XL3hWJG/O60sR8ZKfMCiIoNap5GvD12KU=
 github.com/golang-jwt/jwt/v4 v4.0.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
 github.com/golang/glog v1.0.0 h1:nfP3RFugxnNRyKgeWd4oI1nYvXpxrx8ck8ZrcizshdQ=
 github.com/golang/glog v1.0.0/go.mod h1:EWib/APOK0SL3dFbYqvxE3UYd8E6s1ouQ7iEp/0LWV4=
 github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/lint v0.0.0-20180702182130-06c8688daad7/go.mod h1:tluoj9z5200jBnyusfRPU2LqT6J+DAorxEvtC7LHB+E=
 github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
 github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
@ -288,12 +232,9 @@ github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaS
 github.com/golang/protobuf v1.5.1/go.mod h1:DopwsBzvsk0Fs44TXzsVbJyPhcCPeIwnvohx4u74HPM=
 github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw=
 github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
 github.com/golang/snappy v0.0.0-20180518054509-2e65f85255db/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
 github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
 github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
 github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
 github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
 github.com/google/btree v1.0.1/go.mod h1:xXMiIv4Fb/0kKde4SpL7qlzvu5cMJDRkFDxJfI9uaxA=
 github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
 github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
 github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
@ -307,13 +248,11 @@ github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.7/go.mod h1:n+brtR0CgQNWTVd5ZUFpTBC8YFBDLK/h/bpaJ8/DtOE=
 github.com/google/go-cmp v0.5.8 h1:e6P7q2lk1O+qJJb4BtCQXlK8vWEO8V1ZeuEdJNOqZyg=
 github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
 github.com/google/go-github v17.0.0+incompatible/go.mod h1:zLgOLi98H3fifZn+44m+umXrS52loVEgC2AApnigrVQ=
 github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/gopacket v1.1.19 h1:ves8RnFZPGiFnTS0uPQStjwru6uO6h+nlr9j6fL7kF8=
 github.com/google/gopacket v1.1.19/go.mod h1:iJ8V8n6KS+z2U1A8pUwu8bW5SyEMkXJB8Yo/Vo+TKTo=
 github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
@ -331,7 +270,6 @@ github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLe
 github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
 github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
 github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
 github.com/google/pprof v0.0.0-20210423192551-a2663126120b/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
 github.com/google/pprof v0.0.0-20210601050228-01bbb1931b22/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
 github.com/google/pprof v0.0.0-20210609004039-a478d1d731e9/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
 github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
@ -350,46 +288,25 @@ github.com/googleapis/gax-go/v2 v2.1.1/go.mod h1:hddJymUZASv3XPyGkUpKj8pPO47Rmb0
 github.com/googleapis/gax-go/v2 v2.2.0/go.mod h1:as02EH8zWkzwUoLbBaFeQ+arQaj/OthfcblKl4IGNaM=
 github.com/googleapis/gax-go/v2 v2.3.0/go.mod h1:b8LNqSzNabLiUpXKkY7HAR5jr6bIT99EXz9pXxye9YM=
 github.com/googleapis/gax-go/v2 v2.4.0/go.mod h1:XOTVJ59hdnfJLIP/dh8n5CGryZR2LxK9wbMD5+iXC6c=
 github.com/googleapis/gnostic v0.5.1/go.mod h1:6U4PtQXGIEt/Z3h5MAT7FNofLnw9vXk2cUuW7uA/OeU=
 github.com/googleapis/gnostic v0.5.5/go.mod h1:7+EbHbldMins07ALC74bsA81Ovc97DwqyJO1AENw9kA=
 github.com/googleapis/go-type-adapters v1.0.0/go.mod h1:zHW75FOG2aur7gAO2B+MLby+cLsWGBF62rFAi7WjWO4=
 github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
 github.com/gorilla/context v1.1.1/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51q0aT7Yg=
 github.com/gorilla/mux v1.6.2/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs=
 github.com/gorilla/mux v1.7.3/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs=
 github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So=
 github.com/gorilla/securecookie v1.1.1/go.mod h1:ra0sb63/xPlUeL+yeDciTfxMRAA+MP+HVt/4epWDjd4=
 github.com/gorilla/sessions v1.2.1/go.mod h1:dk2InVEVJ0sfLlnXv9EAgkf6ecYs/i80K/zI+bUmuGM=
 github.com/gorilla/websocket v1.4.2 h1:+/TMaTYc4QFitKJxsQ7Yye35DkWvkdLcvGKqM+x0Ufc=
 github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
 github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA=
 github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk=
 github.com/grpc-ecosystem/grpc-gateway v1.5.0/go.mod h1:RSKVYQBd5MCa4OVpNdGskqpgL2+G+NZTnrVHpWWfpdw=
 github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw=
 github.com/grpc-ecosystem/grpc-gateway/v2 v2.7.0 h1:BZHcxBETFHIdVyhyEfOvn/RdU/QGdLI4y34qQGjGWO0=
 github.com/grpc-ecosystem/grpc-gateway/v2 v2.7.0/go.mod h1:hgWBS7lorOAVIJEQMi4ZsPv9hVvWI6+ch50m39Pf2Ks=
 github.com/grpc-ecosystem/grpc-opentracing v0.0.0-20180507213350-8e809c8a8645 h1:MJG/KsmcqMwFAkh8mTnAwhyKoB+sTAnY4CACC110tbU=
 github.com/grpc-ecosystem/grpc-opentracing v0.0.0-20180507213350-8e809c8a8645/go.mod h1:6iZfnjpejD4L/4DwD7NryNaJyCQdzwWwH2MWhCA90Kw=
 github.com/hashicorp/go-uuid v1.0.2/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
 github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
 github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
 github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
 github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
 github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
 github.com/imdario/mergo v0.3.5/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA=
 github.com/imdario/mergo v0.3.12/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
 github.com/infobloxopen/go-trees v0.0.0-20200715205103-96a057b8dfb9/go.mod h1:BaIJzjD2ZnHmx2acPF6XfGLPzNCMiBbMRqJr+8/8uRI=
 github.com/ipostelnik/cli/v2 v2.3.1-0.20210324024421-b6ea8234fe3d h1:PRDnysJ9dF1vUMmEzBu6aHQeUluSQy4eWH3RsSSy/vI=
 github.com/ipostelnik/cli/v2 v2.3.1-0.20210324024421-b6ea8234fe3d/go.mod h1:LJmUH05zAU44vOAcrfzZQKsZbVcdbOG8rtL3/XcUArI=
 github.com/jcmturner/aescts/v2 v2.0.0/go.mod h1:AiaICIRyfYg35RUkr8yESTqvSy7csK90qZ5xfvvsoNs=
 github.com/jcmturner/dnsutils/v2 v2.0.0/go.mod h1:b0TnjGOvI/n42bZa+hmXL+kFJZsFT7G4t3HTlQ184QM=
 github.com/jcmturner/gofork v1.0.0/go.mod h1:MK8+TM0La+2rjBD4jE12Kj1pCCxK7d2LK/UM3ncEo0o=
 github.com/jcmturner/goidentity/v6 v6.0.1/go.mod h1:X1YW3bgtvwAXju7V3LCIMpY0Gbxyjn/mY9zx4tFonSg=
 github.com/jcmturner/gokrb5/v8 v8.4.2/go.mod h1:sb+Xq/fTY5yktf/VxLsE3wlfPqQjp0aWNYyvBVK62bc=
 github.com/jcmturner/rpc/v2 v2.0.3/go.mod h1:VUJYCIDm3PVOEHw8sgt091/20OJjskO/YJki3ELg/Hc=
 github.com/jellevandenhooff/dkim v0.0.0-20150330215556-f50fe3d243e1/go.mod h1:E0B/fFc00Y+Rasa88328GlI/XbtyysCtTHZS8h7IrBU=
 github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo=
 github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U=
 github.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4=
 github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
 github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
@ -400,14 +317,11 @@ github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1
 github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk=
 github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
 github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM=
 github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
 github.com/klauspost/compress v1.13.6/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
 github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
 github.com/kr/pretty v0.2.1 h1:Fmg33tUaq4/8ym9TJN1x7sLJnHVwhP33CNkpYV/7rwI=
 github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
@ -418,29 +332,23 @@ github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
 github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc=
 github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw=
 github.com/lunixbochs/vtclean v1.0.0/go.mod h1:pHhQNgMf3btfWnGBVipUOjRYhoOsdGqdm/+2c2E2WMI=
 github.com/lyft/protoc-gen-validate v0.0.13/go.mod h1:XbGvPuh87YZc5TdIa2/I4pLk0QoUACkjt2znoq26NVQ=
 github.com/mailru/easyjson v0.0.0-20190312143242-1de009706dbe/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
 github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
 github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
 github.com/marten-seemann/qpack v0.2.1/go.mod h1:F7Gl5L1jIgN1D11ucXefiuJS9UMVP2opoCp2jDKb7wc=
 github.com/marten-seemann/qtls-go1-16 v0.1.5 h1:o9JrYPPco/Nukd/HpOHMHZoBDXQqoNtUCmny98/1uqQ=
 github.com/marten-seemann/qtls-go1-16 v0.1.5/go.mod h1:gNpI2Ol+lRS3WwSOtIUUtRwZEQMXjYK+dQSBFbethAk=
 github.com/marten-seemann/qtls-go1-17 v0.1.2 h1:JADBlm0LYiVbuSySCHeY863dNkcpMmDR7s0bLKJeYlQ=
 github.com/marten-seemann/qtls-go1-17 v0.1.2/go.mod h1:C2ekUKcDdz9SDWxec1N/MvcXBpaX9l3Nx67XaR84L5s=
-github.com/mattn/go-colorable v0.1.8 h1:c1ghPdyEDarC70ftn0y+A/Ee++9zz8ljHG1b13eJ0s8=
+github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA=
-github.com/mattn/go-colorable v0.1.8/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
+github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=
-github.com/mattn/go-isatty v0.0.12 h1:wuysRhFDzyxgEmMf5xjvJ2M9dZoWAXNNr5LSBS7uHXY=
+github.com/mattn/go-isatty v0.0.16 h1:bq3VjFmv/sOjHtdEhmkEV4x1AJtvUvOJ2PFAZ5+peKQ=
-github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU=
+github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
 github.com/matttproud/golang_protobuf_extensions v1.0.1 h1:4hp9jkHxhMHkqkrB3Ix0jegS5sx/RkqARlsWZ6pIwiU=
 github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
 github.com/microcosm-cc/bluemonday v1.0.1/go.mod h1:hsXNsILzKxV+sX77C5b8FSuKF00vh2OMYv+xgHpAMF4=
-github.com/miekg/dns v1.1.31/go.mod h1:KNUDUusw/aVsxyTYZM1oqvCicbwhgbNgztCETuNZ7xM=
+github.com/miekg/dns v1.1.50 h1:DQUfb9uc6smULcREF09Uc+/Gd46YWqJd5DbpPE9xkcA=
-github.com/miekg/dns v1.1.45 h1:g5fRIhm9nx7g8osrAvgb16QJfmyMsyOCb+J7LSv+Qzk=
+github.com/miekg/dns v1.1.50/go.mod h1:e3IlAVfNqAllflbibAZEWOXOQ+Ynzk/dDozDxY7XnME=
 github.com/miekg/dns v1.1.45/go.mod h1:e3IlAVfNqAllflbibAZEWOXOQ+Ynzk/dDozDxY7XnME=
 github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y=
 github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
 github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
 github.com/moby/spdystream v0.2.0/go.mod h1:f7i0iNDQJ059oMTcWxx8MA/zKFIuD/lY+0GqbN2Wy8c=
 github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
@ -448,52 +356,34 @@ github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lN
 github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
 github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
 github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
 github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
 github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
 github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
 github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw=
 github.com/neelance/astrewrite v0.0.0-20160511093645-99348263ae86/go.mod h1:kHJEU3ofeGjhHklVoIGuVj85JJwZ6kWPaJwCIxgnFmo=
 github.com/neelance/sourcemap v0.0.0-20151028013722-8c68805598ab/go.mod h1:Qr6/a/Q4r9LP1IltGz7tA7iOK1WonHEYhu1HRBA7ZiM=
 github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
 github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A=
 github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE=
 github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU=
 github.com/onsi/ginkgo v0.0.0-20170829012221-11459a886d9c/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
 github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
 github.com/onsi/ginkgo v1.7.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
 github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk=
 github.com/onsi/ginkgo v1.14.0/go.mod h1:iSB4RoI2tjJc9BBv4NKIKWKya62Rps+oPG/Lv9klQyY=
 github.com/onsi/ginkgo v1.16.2/go.mod h1:CObGmKUOKaSC0RjmoAK7tKyn4Azo5P2IWuoMnvwxz1E=
 github.com/onsi/ginkgo v1.16.4/go.mod h1:dX+/inL/fNMqNlz0e9LfyB9TswhZpCVdJM/Z6Vvnwo0=
 github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE=
 github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU=
 github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA=
 github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
 github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY=
 github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo=
 github.com/onsi/gomega v1.13.0/go.mod h1:lRk9szgn8TxENtWd0Tp4c3wjlRfMTMH27I+3Je41yGY=
-github.com/onsi/gomega v1.16.0 h1:6gjqkI8iiRHMvdccRJM8rVKjCWk6ZIm6FTm3ddIe4/c=
+github.com/onsi/gomega v1.23.0 h1:/oxKu9c2HVap+F3PfKort2Hw5DEU+HGlW8n+tguWsys=
-github.com/onsi/gomega v1.16.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAlGdZY=
+github.com/onsi/gomega v1.23.0/go.mod h1:Z/NWtiqwBrwUt4/2loMmHL63EDLnYHmVbuBpDr2vQAg=
 github.com/opentracing-contrib/go-observer v0.0.0-20170622124052-a52f23424492/go.mod h1:Ngi6UdF0k5OKD5t5wlmGhe/EDKPoUM3BXZSSfIuJbis=
 github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o=
 github.com/opentracing/opentracing-go v1.2.0 h1:uEJPy/1a5RIPAJ0Ov+OIO8OxWu77jEv+1B0VhjKrZUs=
 github.com/opentracing/opentracing-go v1.2.0/go.mod h1:GxEUsuufX4nBwe+T+Wl9TAgYrxe9dPLANfrWvHYVTgc=
 github.com/openzipkin-contrib/zipkin-go-opentracing v0.4.5/go.mod h1:/wsWhb9smxSfWAKL3wpBW7V8scJMt8N8gnaMCS9E/cA=
 github.com/openzipkin/zipkin-go v0.1.1/go.mod h1:NtoC/o8u3JlF1lSlyPNswIbeQH9bJTmOf0Erfk+hxe8=
 github.com/openzipkin/zipkin-go v0.2.1/go.mod h1:NaW6tEwdmWMaCDZzg8sh+IBNOxHMPnhQw8ySjnjRyN4=
 github.com/openzipkin/zipkin-go v0.3.0/go.mod h1:4c3sLeE8xjNqehmF5RpAFLPLJxXscc0R4l6Zg0P1tTQ=
 github.com/oschwald/geoip2-golang v1.5.0/go.mod h1:xdvYt5xQzB8ORWFqPnqMwZpCpgNagttWdoZLlJQzg7s=
 github.com/oschwald/maxminddb-golang v1.8.0/go.mod h1:RXZtst0N6+FY/3qCNmZMBApR19cdQj43/NM9VkrNAis=
 github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU=
 github.com/philhofer/fwd v1.1.1 h1:GdGcTjf5RNAxwS4QLsiMzJYj5KEvPJD3Abr261yRQXQ=
-github.com/philhofer/fwd v1.1.1/go.mod h1:gk3iGcWd9+svBvR0sR+KPcfE+RNWozjowpeBVG3ZVNU=
+github.com/pingcap/errors v0.11.4 h1:lFuQV/oaUMGcD2tqt+01ROSmJs75VG1ToEOkZIZ4nE4=
 github.com/pierrec/lz4 v1.0.2-0.20190131084431-473cd7ce01a1/go.mod h1:3/3N9NVKO0jef7pBehbT1qWhCMrIgbYNnFAZCqQ5LRc=
 github.com/pierrec/lz4 v2.6.1+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY=
 github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/profile v1.2.1/go.mod h1:hJw3o1OdXxsrSjjVksARp5W95eeEaEfptyVZyv6JUPA=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/pquerna/cachecontrol v0.0.0-20180517163645-1555304b9b35 h1:J9b7z+QKAmPf4YLrFg6oQUotqHQeUNWwkvo7jZp1GLU=
@ -503,8 +393,9 @@ github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXP
 github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo=
 github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M=
 github.com/prometheus/client_golang v1.11.0/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0=
 github.com/prometheus/client_golang v1.12.1 h1:ZiaPsmm9uiBeaSMRznKsCDNtPCS0T3JVDGF+06gjBzk=
 github.com/prometheus/client_golang v1.12.1/go.mod h1:3Z9XVyYiZYEO+YQWt3RD2R3jrbd179Rt297l4aS6nDY=
 github.com/prometheus/client_golang v1.13.0 h1:b71QUfeo5M8gq2+evJdTPfZhYMAU0uKPkyPJ7TPsloU=
 github.com/prometheus/client_golang v1.13.0/go.mod h1:vTeo+zgvILHsnnj/39Ou/1fPN5nJFOEMgftOUOmlvYQ=
 github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
 github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
 github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
@ -514,18 +405,17 @@ github.com/prometheus/common v0.0.0-20180801064454-c7de2306084e/go.mod h1:daVV7q
 github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
 github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo=
 github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc=
 github.com/prometheus/common v0.32.1 h1:hWIdL3N2HoUx3B8j3YN9mWor0qhY/NlEKZEaXxuIRh4=
 github.com/prometheus/common v0.32.1/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls=
 github.com/prometheus/common v0.37.0 h1:ccBbHCgIiT9uSoFY0vX8H3zsNR5eLt17/RQLUvn8pXE=
 github.com/prometheus/common v0.37.0/go.mod h1:phzohg0JFMnBEFGxTDbfu3QyL5GI8gTQJFhYO5B3mfA=
 github.com/prometheus/procfs v0.0.0-20180725123919-05ee40e3a273/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
 github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
 github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
 github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU=
 github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA=
 github.com/prometheus/procfs v0.7.3 h1:4jVXhlkAyzOScmCkXBTOLRLTz8EeU+eyjrwB/EPq0VU=
 github.com/prometheus/procfs v0.7.3/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA=
-github.com/rabbitmq/amqp091-go v1.1.0/go.mod h1:ogQDLSOACsLPsIq0NpbtiifNZi2YOz0VTJ0kHRghqbM=
+github.com/prometheus/procfs v0.8.0 h1:ODq8ZFEaYeCaZOJlZZdJA2AbQR98dSHSM1KW/You5mo=
-github.com/rcrowley/go-metrics v0.0.0-20181016184325-3113b8401b8a/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4=
+github.com/prometheus/procfs v0.8.0/go.mod h1:z7EfXMXOkbkqb9IINtpCn86r/to3BnA0uaxHdg830/4=
 github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4=
 github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ=
 github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
 github.com/rs/xid v1.2.1/go.mod h1:+uKXf+4Djp6Md1KODXJxgGQPKngRmWyn10oCKFzNHOQ=
@ -562,42 +452,32 @@ github.com/shurcooL/webdavfs v0.0.0-20170829043945-18c3829fa133/go.mod h1:hKmq5k
 github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
 github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
 github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88=
 github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
 github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
 github.com/sourcegraph/annotate v0.0.0-20160123013949-f4cad6c6324d/go.mod h1:UdhH50NIW0fCiwBSr0co2m7BnFLdv4fQTgdqdJTHFeE=
 github.com/sourcegraph/syntaxhighlight v0.0.0-20170531221838-bd320f5d308e/go.mod h1:HuIsMU8RRBOtsCgI77wP899iHVBQpCmg4ErYMZB+2IA=
 github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
 github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk=
 github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
 github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag1KpM8ahLw8=
 github.com/streadway/amqp v0.0.0-20190404075320-75d898a42a94/go.mod h1:AZpEONHx3DKn8O/DFsRAY58/XVQiIPMTMB1SddzLXVw=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE=
+github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
 github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
 github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
 github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.1 h1:5TQK59W5E3v0r2duFAb7P95B6hEeOyEnHRa8MjYSMTY=
 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
 github.com/stretchr/testify v1.8.1 h1:w7B6lhMri9wdJUVmEZPGGhZzrYTPvgJArz7wNPgYKsk=
 github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
 github.com/tarm/serial v0.0.0-20180830185346-98f6abe2eb07/go.mod h1:kDXzergiv9cbyO7IOYJZWg1U88JhDg3PB6klq9Hg2pA=
 github.com/tinylib/msgp v1.1.2 h1:gWmO7n0Ys2RBEb7GPYB9Ujq8Mk5p2U08lRnmMcGy6BQ=
 github.com/tinylib/msgp v1.1.2/go.mod h1:+d+yLhGm8mzTaHzB+wgMYrodPfmZrzkirds8fDWklFE=
 github.com/viant/assertly v0.4.8/go.mod h1:aGifi++jvCrUaklKEKT0BU95igDNaqkvz+49uaYMPRU=
 github.com/viant/toolbox v0.24.0/go.mod h1:OxMCG57V0PXuIP2HNQrtJf2CjqdmbrOx5EkMILuUhzM=
 github.com/xdg-go/pbkdf2 v1.0.0/go.mod h1:jrpuAogTd400dnrH08LKmI/xc1MbPOebTwRqcT5RDeI=
 github.com/xdg-go/scram v1.0.2/go.mod h1:1WAq6h33pAW+iRreB34OORO2Nf7qel3VV3fjBj+hCSs=
 github.com/xdg-go/stringprep v1.0.2/go.mod h1:8F9zXuvzgwmyT5DUm4GUfZGDdT3W+LCvS6+da4O5kxM=
 github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
 go.etcd.io/etcd/api/v3 v3.5.1/go.mod h1:cbVKeC6lCfl7j/8jBhAK6aIYO9XOjdptoxU/nLQcPvs=
 go.etcd.io/etcd/client/pkg/v3 v3.5.1/go.mod h1:IJHfcCEKxYu1Os13ZdwCwIUTUVGYTSAM3YSwc9/Ac1g=
 go.etcd.io/etcd/client/v3 v3.5.1/go.mod h1:OnjH4M8OnAotwaB2l9bVgZzRFKru7/ZMoS46OtKyd3Q=
 go.opencensus.io v0.18.0/go.mod h1:vKdFvxhtzZ9onBp9VKHK8z/sRpBMnKAsufL7wlDrCOA=
 go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
 go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
@ -622,11 +502,8 @@ go.opentelemetry.io/otel/trace v1.6.3/go.mod h1:GNJQusJlUgZl9/TQBPKU/Y/ty+0iVB5f
 go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI=
 go.opentelemetry.io/proto/otlp v0.15.0 h1:h0bKrvdrT/9sBwEJ6iWUqT/N/xPcS66bL4u3isneJ6w=
 go.opentelemetry.io/proto/otlp v0.15.0/go.mod h1:H7XAot3MsfNsj7EXtrA2q5xSNQ10UqI405h3+duxN4U=
 go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
 go.uber.org/automaxprocs v1.4.0 h1:CpDZl6aOlLhReez+8S3eEotD7Jx0Os++lemPlMULQP0=
 go.uber.org/automaxprocs v1.4.0/go.mod h1:/mTEdr7LvHhs0v7mjdxDreTz1OG5zdZGqgOnhWiR/+Q=
 go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU=
 go.uber.org/zap v1.17.0/go.mod h1:MXVU+bhUf/A7Xi2HNOnopQOrmycQ5Ih87HtOu4q5SSo=
 go4.org v0.0.0-20180809161055-417644f6feb5/go.mod h1:MkTOUMDaeVYJUOUsaDXIhWPZYa1yOyC1qaOBpL57BhE=
 golang.org/x/build v0.0.0-20190111050920-041ab4dc3f9d/go.mod h1:OWs+y06UdEOHN4y+MfF/py+xQ/tYqIWW03b70/CG9Rw=
 golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
@ -638,14 +515,9 @@ golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8U
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20200221231518-2aa609cf4a9d/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20201112155050-0c6587e931a9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20210920023735-84f357641f63/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/crypto v0.2.0 h1:BRXPfhNivWL5Yq0BGQ39a2sW6t44aODpfxkWjYdzewE=
+golang.org/x/crypto v0.5.0 h1:U/0M97KRkSFvyD/3FSmdP5W5swImpNgle/EHFhOsQPE=
-golang.org/x/crypto v0.2.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
+golang.org/x/crypto v0.5.0/go.mod h1:NK/OQwhpMQP3MwtdjgLlYHnH9ebylxKWv3e0fK+mkQU=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
@ -702,8 +574,6 @@ golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLL
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20190923162816-aa69164e4478/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
@ -731,10 +601,7 @@ golang.org/x/net v0.0.0-20210428140749-89ef3d95e781/go.mod h1:OJAsFXCWl8Ukc7SiCT
 golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20210726213435-c6fcb2dbf985/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20210917221730-978cfadd31cf/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20211209124913-491a49abca63/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20211216030914-fe4d6282115f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
 golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
 golang.org/x/net v0.0.0-20220325170049-de3da57026de/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
@ -743,8 +610,8 @@ golang.org/x/net v0.0.0-20220425223048-2871e0cb64e4/go.mod h1:CfG3xpIq0wQ8r1q4Su
 golang.org/x/net v0.0.0-20220607020251-c690dde0001d/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
 golang.org/x/net v0.0.0-20220624214902-1bab6f366d9e/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
 golang.org/x/net v0.0.0-20220826154423-83b083e8dc8b/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk=
-golang.org/x/net v0.4.0 h1:Q5QPcMlvfxFTAPV0+07Xz/MpK9NTXu2VDUuy0FeMfaU=
+golang.org/x/net v0.5.0 h1:GyT4nK/YDHSqa1c4753ouYCDajOYKTja9Xb/OHtgvSw=
-golang.org/x/net v0.4.0/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE=
+golang.org/x/net v0.5.0/go.mod h1:DivGGAXEgPSlEBzxGzZI+ZLohi+xUj054jfeKui00ws=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20181017192945-9dcd33a902f4/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20181203162652-d668ce993890/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
@ -767,8 +634,9 @@ golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b/go.mod h1:DAh4E804XQdzx2j
 golang.org/x/oauth2 v0.0.0-20220309155454-6242fa91716a/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc=
 golang.org/x/oauth2 v0.0.0-20220411215720-9780585627b5/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc=
 golang.org/x/oauth2 v0.0.0-20220608161450-d0670ef3b1eb/go.mod h1:jaDAt6Dkxork7LmZnYtzbRWj0W47D86a3TGe0YHBvmE=
 golang.org/x/oauth2 v0.0.0-20220822191816-0ebed06d0094 h1:2o1E+E8TpNLklK9nHiPiK1uzIYrIHt+cQx3ynCwq9V8=
 golang.org/x/oauth2 v0.0.0-20220822191816-0ebed06d0094/go.mod h1:h4gKUeWbJ4rQPri7E0u6Gs4e9Ri2zaLxzw5DI5XGrYg=
 golang.org/x/oauth2 v0.4.0 h1:NF0gk8LVPg1Ml7SSbGyySuoxdsXitj7TvgvuRxIMc/M=
 golang.org/x/oauth2 v0.4.0/go.mod h1:RznEsdpjGAINPTOF0UH/t+xJ75L18YO3Ho6Pyn+uRec=
 golang.org/x/perf v0.0.0-20180704124530-6e6d33e29852/go.mod h1:JLpeXjPJfIyPr5TlbXLkXWLhP8nz10XfvxElABhCtcw=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@ -800,17 +668,13 @@ golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190924154521-2837fb4f24fe/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191224085550-c709ea063b76/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200106162015-b016eb3dc98e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200212091648-12a6c2dcc1e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@ -839,7 +703,6 @@ golang.org/x/sys v0.0.0-20210305230114-8fe3ee5dd75b/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20210315160823-c6e025ad8005/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210320140829-1e4c9ba3b0c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210403161142-5e06dd20ab57/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210423185535-09eb48e85fd7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
@ -851,7 +714,6 @@ golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210823070655-63515b42dcdf/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210831042530-f4d43177bf5e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210908233432-aa78b53d3365/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211124211545-fe61309f8881/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211210111614-af8b64212486/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
@ -868,13 +730,13 @@ golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220610221304-9f5ed59c137d/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220808155132-1c4a2a72c664/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.3.0 h1:w8ZOecv6NaNa/zC8944JTU3vz4u6Lagfk4RPQxv92NQ=
+golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.4.0 h1:Zr2JFtRQNX3BCZ8YtxRE9hNJYC8J6I1MVbMg6owUp18=
 golang.org/x/sys v0.4.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210615171337-6886f2dfbf5b/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
-golang.org/x/term v0.3.0 h1:qoo4akIqOcDME5bhc/NgxUdovd6BSS2uMsVjB56q1xI=
+golang.org/x/term v0.4.0 h1:O7UWfv5+A2qiuulQk30kVinPoMtoIPeVaKLEgLpVkvg=
-golang.org/x/term v0.3.0/go.mod h1:q750SLmJuPmVoN1blW3UFBPREJfb1KmY3vwxfr+nFDA=
+golang.org/x/term v0.4.0/go.mod h1:9P2UbLfCdcvo3p/nzKvsmas4TnlujnuoV9hGgYzW1lQ=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@ -884,13 +746,12 @@ golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
-golang.org/x/text v0.5.0 h1:OLmvp0KP+FVG99Ct/qFiL/Fhk4zp4QQnZ7b2U+5piUM=
+golang.org/x/text v0.6.0 h1:3XmdazWV+ubf7QgHSTWeykHOci5oeekaGJBLkrkaw4k=
-golang.org/x/text v0.5.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
+golang.org/x/text v0.6.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/tools v0.0.0-20180828015842-6cd1fcedba52/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20181030000716-a0a13e073c7b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
@ -914,7 +775,6 @@ golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtn
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191125144606-a911d9008d1f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191130070609-6e064ea0cf2d/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191216052735-49a3e744a425/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/tools v0.0.0-20191216173652-a0e659d51361/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/tools v0.0.0-20191227053925-7b8e75db28f4/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/tools v0.0.0-20200117161641-43d50277825c/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
@ -929,11 +789,9 @@ golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjs
 golang.org/x/tools v0.0.0-20200312045724-11d5b4c81c7d/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw=
 golang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8=
 golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20200505023115-26f46d2f7ef8/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20200618134242-20370b0cb4b2/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
 golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
 golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
@ -943,7 +801,6 @@ golang.org/x/tools v0.0.0-20201201161351-ac6f37ff4c2a/go.mod h1:emZCQorbCU4vsT4f
 golang.org/x/tools v0.0.0-20201208233053-a543418bbed2/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.0.0-20210105154028-b0ab187a4818/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0=
 golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
@ -994,7 +851,6 @@ google.golang.org/api v0.56.0/go.mod h1:38yMfeP1kfjsl8isn0tliTjIb1rJXcQi4UXlbqiv
 google.golang.org/api v0.57.0/go.mod h1:dVPlbZyBo2/OjBpmvNdpn2GRm6rPy75jyU7bmhdrMgI=
 google.golang.org/api v0.61.0/go.mod h1:xQRti5UdCmoCEqFxcz93fTl338AVqDgyaDRuOZ3hg9I=
 google.golang.org/api v0.63.0/go.mod h1:gs4ij2ffTRXwuzzgJl/56BdwJaA194ijkfn++9tDuPo=
 google.golang.org/api v0.64.0/go.mod h1:931CdxA8Rm4t6zqTFGSsgwbAEZ2+GMYurbndwSimebM=
 google.golang.org/api v0.67.0/go.mod h1:ShHKP8E60yPsKNw/w8w+VYaj9H6buA5UqDp8dhbQZ6g=
 google.golang.org/api v0.70.0/go.mod h1:Bs4ZM2HGifEvXwd50TtW70ovgJffJYw2oRCOFU/SkfA=
 google.golang.org/api v0.71.0/go.mod h1:4PyU6e6JogV1f9eA4voyrTY2batOLdgZ5qZ5HOCc4j8=
@ -1048,7 +904,6 @@ google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6D
 google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20200904004341-0bd0a958aa1d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20201019141844-1ed22bb0c154/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20201109203340-2640f1f9cdfb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20201201144952-b05cb90ed32e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20201210142538-e3217bee35cc/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
@ -1079,7 +934,6 @@ google.golang.org/genproto v0.0.0-20211118181313-81c1377c94b1/go.mod h1:5CzLGKJ6
 google.golang.org/genproto v0.0.0-20211206160659-862468c7d6e0/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
 google.golang.org/genproto v0.0.0-20211208223120-3a66f561d7aa/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
 google.golang.org/genproto v0.0.0-20211221195035-429b39de9b1c/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
 google.golang.org/genproto v0.0.0-20211223182754-3ac035c7e7cb/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
 google.golang.org/genproto v0.0.0-20220126215142-9970aeb2e350/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
 google.golang.org/genproto v0.0.0-20220207164111-0872dc986b00/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
 google.golang.org/genproto v0.0.0-20220218161850-94dd64e39d7c/go.mod h1:kGP+zUP2Ddo0ayMi4YuN7C3WZyJvGLZRh8Z5wnAqvEI=
@ -1096,16 +950,15 @@ google.golang.org/genproto v0.0.0-20220505152158-f39f71e6c8f3/go.mod h1:RAyBrSAP
 google.golang.org/genproto v0.0.0-20220518221133-4f43b3371335/go.mod h1:RAyBrSAP7Fh3Nc84ghnVLDPuV51xc9agzmm4Ph6i0Q4=
 google.golang.org/genproto v0.0.0-20220523171625-347a074981d8/go.mod h1:RAyBrSAP7Fh3Nc84ghnVLDPuV51xc9agzmm4Ph6i0Q4=
 google.golang.org/genproto v0.0.0-20220608133413-ed9918b62aac/go.mod h1:KEWEmljWE5zPzLBa/oHl6DaEt9LmfH6WtH1OHIvleBA=
 google.golang.org/genproto v0.0.0-20220616135557-88e70c0c3a90 h1:4SPz2GL2CXJt28MTF8V6Ap/9ZiVbQlJeGSd9qtA7DLs=
 google.golang.org/genproto v0.0.0-20220616135557-88e70c0c3a90/go.mod h1:KEWEmljWE5zPzLBa/oHl6DaEt9LmfH6WtH1OHIvleBA=
 google.golang.org/genproto v0.0.0-20221202195650-67e5cbc046fd h1:OjndDrsik+Gt+e6fs45z9AxiewiKyLKYpA45W5Kpkks=
 google.golang.org/genproto v0.0.0-20221202195650-67e5cbc046fd/go.mod h1:cTsE614GARnxrLsqKREzmNYJACSWWpAWdNMwnD7c2BE=
 google.golang.org/grpc v1.14.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw=
 google.golang.org/grpc v1.16.0/go.mod h1:0JHn/cJsOMiMfNA9+DeHDlAU7KAAB5GDlYFpa9MZMio=
 google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.20.0/go.mod h1:chYK+tFQF0nDUGJgXMSgLCQk3phJEuONr2DCgLDdAQM=
 google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
 google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
 google.golang.org/grpc v1.22.1/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
 google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
 google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
 google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
@ -1129,15 +982,14 @@ google.golang.org/grpc v1.39.0/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnD
 google.golang.org/grpc v1.39.1/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE=
 google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34=
 google.golang.org/grpc v1.40.1/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34=
 google.golang.org/grpc v1.41.0/go.mod h1:U3l9uK9J0sini8mHphKoXyaqDA/8VyGnDee1zzIUK6k=
 google.golang.org/grpc v1.42.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU=
 google.golang.org/grpc v1.43.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU=
 google.golang.org/grpc v1.44.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU=
 google.golang.org/grpc v1.45.0/go.mod h1:lN7owxKUQEqMfSyQikvvk5tf/6zMPsrK+ONuO11+0rQ=
 google.golang.org/grpc v1.46.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk=
 google.golang.org/grpc v1.46.2/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk=
 google.golang.org/grpc v1.47.0 h1:9n77onPX5F3qfFCqjy9dhn8PbNQsIKeVU04J9G7umt8=
 google.golang.org/grpc v1.47.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk=
 google.golang.org/grpc v1.51.0 h1:E1eGv1FTqoLIdnBCZufiSHgKjlqG6fKFf6pPWtMTh8U=
 google.golang.org/grpc v1.51.0/go.mod h1:wgNDFcnuBGmxLKI/qn4T+m5BtEBYXJPvibbUPsAIPww=
 google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
 google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
@ -1152,14 +1004,13 @@ google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlba
 google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
 google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
 google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
 google.golang.org/protobuf v1.28.0 h1:w43yiav+6bVFTBQFZX0r7ipe9JQ1QsbMgHwbBziscLw=
 google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
-gopkg.in/DataDog/dd-trace-go.v1 v1.34.0/go.mod h1:HtrC65fyJ6lWazShCC9rlOeiTSZJ0XtZhkwjZM2WpC4=
+google.golang.org/protobuf v1.28.1 h1:d0NfwRgPtno5B1Wa6L2DAG+KivqkdutMf1UhdNx175w=
 google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
 gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
 gopkg.in/coreos/go-oidc.v2 v2.2.1 h1:MY5SZClJ7vhjKfr64a4nHAOV/c3WH2gB9BMrR64J1Mc=
@ -1178,7 +1029,6 @@ gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
 gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
@ -1193,24 +1043,9 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh
 honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
 honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
 honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
 k8s.io/api v0.23.1/go.mod h1:WfXnOnwSqNtG62Y1CdjoMxh7r7u9QXGCkA1u0na2jgo=
 k8s.io/apimachinery v0.23.1/go.mod h1:SADt2Kl8/sttJ62RRsi9MIV4o8f5S3coArm0Iu3fBno=
 k8s.io/client-go v0.23.1/go.mod h1:6QSI8fEuqD4zgFK0xbdwfB/PthBsIxCJMa3s17WlcO0=
 k8s.io/gengo v0.0.0-20210813121822-485abfe95c7c/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E=
 k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE=
 k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y=
 k8s.io/klog/v2 v2.30.0/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
 k8s.io/klog/v2 v2.40.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
 k8s.io/kube-openapi v0.0.0-20211115234752-e816edb12b65/go.mod h1:sX9MT8g7NVZM5lVL/j8QyCCJe8YSMW30QvGZWaCIDIk=
 k8s.io/utils v0.0.0-20210802155522-efc7438f0176/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
 k8s.io/utils v0.0.0-20210930125809-cb0fa318a74b/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
 rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
 rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
 sigs.k8s.io/json v0.0.0-20211020170558-c049b76a60c6/go.mod h1:p4QtZmO4uMYipTQNzagwnNoseA6OxSUutVw05NhYDRs=
 sigs.k8s.io/structured-merge-diff/v4 v4.0.2/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw=
 sigs.k8s.io/structured-merge-diff/v4 v4.1.2/go.mod h1:j/nl6xW8vLS49O8YvXW1ocPhZawJtm+Yrr7PPRQ0Vg4=
 sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc=
 sourcegraph.com/sourcegraph/go-diff v0.5.0/go.mod h1:kuch7UrkMzY0X+p9CRK03kfuPQ2zzQcaEFbx8wA8rck=
 sourcegraph.com/sqs/pbtypes v0.0.0-20180604144634-d3ebe8f20ae4/go.mod h1:ketZ/q3QxT9HOBeFhu6RdvsftgpsbFHBF5Cas6cDKZ0=
 zombiezen.com/go/capnproto2 v2.18.0+incompatible h1:mwfXZniffG5mXokQGHUJWGnqIBggoPfT/CEwon9Yess=
--- a/ingress/ingress.go
+++ b/ingress/ingress.go
@ -71,9 +71,8 @@ type Ingress struct {
 }
 // NewSingleOrigin constructs an Ingress set with only one rule, constructed from
-// legacy CLI parameters like --url or --no-chunked-encoding.
+// CLI parameters for quick tunnels like --url or --no-chunked-encoding.
 func NewSingleOrigin(c *cli.Context, allowURLFromArgs bool) (Ingress, error) {
 	service, err := parseSingleOriginService(c, allowURLFromArgs)
 	if err != nil {
 		return Ingress{}, err
--- a/metrics/metrics.go
+++ b/metrics/metrics.go
@ -38,6 +38,7 @@ func newMetricsHandler(
 	log *zerolog.Logger,
 ) *http.ServeMux {
 	router := http.NewServeMux()
 	router.Handle("/debug/", http.DefaultServeMux)
 	router.Handle("/metrics", promhttp.Handler())
 	router.HandleFunc("/healthcheck", func(w http.ResponseWriter, r *http.Request) {
 		_, _ = fmt.Fprintf(w, "OK\n")
--- a/orchestration/orchestrator_test.go
+++ b/orchestration/orchestrator_test.go
@ -358,7 +358,7 @@ func proxyHTTP(originProxy connection.OriginProxy, hostname string) (*http.Respo
 		return nil, err
 	}
-	err = originProxy.ProxyHTTP(respWriter, tracing.NewTracedHTTPRequest(req, &log), false)
+	err = originProxy.ProxyHTTP(respWriter, tracing.NewTracedHTTPRequest(req, 0, &log), false)
 	if err != nil {
 		return nil, err
 	}
@ -608,7 +608,7 @@ func TestPersistentConnection(t *testing.T) {
 		respWriter, err := connection.NewHTTP2RespWriter(req, wsRespReadWriter, connection.TypeWebsocket, &log)
 		require.NoError(t, err)
-		err = originProxy.ProxyHTTP(respWriter, tracing.NewTracedHTTPRequest(req, &log), true)
+		err = originProxy.ProxyHTTP(respWriter, tracing.NewTracedHTTPRequest(req, 0, &log), true)
 		require.NoError(t, err)
 	}()
--- a/proxy/proxy.go
+++ b/proxy/proxy.go
@ -28,6 +28,7 @@ const (
 	LogFieldRule          = "ingressRule"
 	LogFieldOriginService = "originService"
 	LogFieldFlowID        = "flowID"
 	LogFieldConnIndex     = "connIndex"
 	trailerHeaderName = "Trailer"
 )
@ -97,6 +98,7 @@ func (p *Proxy) ProxyHTTP(
 		cfRay:     cfRay,
 		lbProbe:   lbProbe,
 		rule:      ruleNum,
 		connIndex: tr.ConnIndex,
 	}
 	p.logRequest(req, logFields)
 	ruleSpan.SetAttributes(attribute.Int("rule-num", ruleNum))
@ -163,14 +165,14 @@ func (p *Proxy) ProxyTCP(
 	tracedCtx := tracing.NewTracedContext(serveCtx, req.CfTraceID, p.log)
-	p.log.Debug().Str(LogFieldFlowID, req.FlowID).Msg("tcp proxy stream started")
+	p.log.Debug().Str(LogFieldFlowID, req.FlowID).Uint8(LogFieldConnIndex, req.ConnIndex).Msg("tcp proxy stream started")
 	if err := p.proxyStream(tracedCtx, rwa, req.Dest, p.warpRouting.Proxy); err != nil {
 		p.logRequestError(err, req.CFRay, req.FlowID, "", ingress.ServiceWarpRouting)
 		return err
 	}
-	p.log.Debug().Str(LogFieldFlowID, req.FlowID).Msg("tcp proxy stream finished successfully")
+	p.log.Debug().Str(LogFieldFlowID, req.FlowID).Uint8(LogFieldConnIndex, req.ConnIndex).Msg("tcp proxy stream finished successfully")
 	return nil
 }
@ -261,7 +263,9 @@ func (p *Proxy) proxyHTTPRequest(
 		return nil
 	}
-	_, _ = cfio.Copy(w, resp.Body)
+	if _, err = cfio.Copy(w, resp.Body); err != nil {
 		return err
 	}
 	// copy trailers
 	copyTrailers(w, resp)
@ -286,6 +290,7 @@ func (p *Proxy) proxyStream(
 		return err
 	}
 	connectSpan.End()
 	defer originConn.Close()
 	encodedSpans := tr.GetSpans()
@ -293,15 +298,6 @@ func (p *Proxy) proxyStream(
 		return err
 	}
 	streamCtx, cancel := context.WithCancel(ctx)
 	defer cancel()
 	go func() {
 		// streamCtx is done if req is cancelled or if Stream returns
 		<-streamCtx.Done()
 		originConn.Close()
 	}()
 	originConn.Stream(ctx, rwa, p.log)
 	return nil
 }
@ -330,6 +326,7 @@ type logFields struct {
 	lbProbe   bool
 	rule      interface{}
 	flowID    string
 	connIndex uint8
 }
 func copyTrailers(w connection.ResponseWriter, response *http.Response) {
@ -354,6 +351,7 @@ func (p *Proxy) logRequest(r *http.Request, fields logFields) {
 		Str("host", r.Host).
 		Str("path", r.URL.Path).
 		Interface("rule", fields.rule).
 		Uint8(LogFieldConnIndex, fields.connIndex).
 		Msg("Inbound request")
 	if contentLen := r.ContentLength; contentLen == -1 {
@ -366,18 +364,18 @@ func (p *Proxy) logRequest(r *http.Request, fields logFields) {
 func (p *Proxy) logOriginResponse(resp *http.Response, fields logFields) {
 	responseByCode.WithLabelValues(strconv.Itoa(resp.StatusCode)).Inc()
 	if fields.cfRay != "" {
-		p.log.Debug().Msgf("CF-RAY: %s Status: %s served by ingress %d", fields.cfRay, resp.Status, fields.rule)
+		p.log.Debug().Uint8(LogFieldConnIndex, fields.connIndex).Msgf("CF-RAY: %s Status: %s served by ingress %d", fields.cfRay, resp.Status, fields.rule)
 	} else if fields.lbProbe {
-		p.log.Debug().Msgf("Response to Load Balancer health check %s", resp.Status)
+		p.log.Debug().Uint8(LogFieldConnIndex, fields.connIndex).Msgf("Response to Load Balancer health check %s", resp.Status)
 	} else {
-		p.log.Debug().Msgf("Status: %s served by ingress %v", resp.Status, fields.rule)
+		p.log.Debug().Uint8(LogFieldConnIndex, fields.connIndex).Msgf("Status: %s served by ingress %v", resp.Status, fields.rule)
 	}
-	p.log.Debug().Msgf("CF-RAY: %s Response Headers %+v", fields.cfRay, resp.Header)
+	p.log.Debug().Uint8(LogFieldConnIndex, fields.connIndex).Msgf("CF-RAY: %s Response Headers %+v", fields.cfRay, resp.Header)
 	if contentLen := resp.ContentLength; contentLen == -1 {
-		p.log.Debug().Msgf("CF-RAY: %s Response content length unknown", fields.cfRay)
+		p.log.Debug().Uint8(LogFieldConnIndex, fields.connIndex).Msgf("CF-RAY: %s Response content length unknown", fields.cfRay)
 	} else {
-		p.log.Debug().Msgf("CF-RAY: %s Response content length %d", fields.cfRay, contentLen)
+		p.log.Debug().Uint8(LogFieldConnIndex, fields.connIndex).Msgf("CF-RAY: %s Response content length %d", fields.cfRay, contentLen)
 	}
 }
--- a/proxy/proxy_test.go
+++ b/proxy/proxy_test.go
@ -170,7 +170,7 @@ func testProxyHTTP(proxy connection.OriginProxy) func(t *testing.T) {
 		require.NoError(t, err)
 		log := zerolog.Nop()
-		err = proxy.ProxyHTTP(responseWriter, tracing.NewTracedHTTPRequest(req, &log), false)
+		err = proxy.ProxyHTTP(responseWriter, tracing.NewTracedHTTPRequest(req, 0, &log), false)
 		require.NoError(t, err)
 		for _, tag := range testTags {
 			assert.Equal(t, tag.Value, req.Header.Get(TagHeaderNamePrefix+tag.Name))
@ -198,7 +198,7 @@ func testProxyWebsocket(proxy connection.OriginProxy) func(t *testing.T) {
 		errGroup, ctx := errgroup.WithContext(ctx)
 		errGroup.Go(func() error {
 			log := zerolog.Nop()
-			err = proxy.ProxyHTTP(responseWriter, tracing.NewTracedHTTPRequest(req, &log), true)
+			err = proxy.ProxyHTTP(responseWriter, tracing.NewTracedHTTPRequest(req, 0, &log), true)
 			require.NoError(t, err)
 			require.Equal(t, http.StatusSwitchingProtocols, responseWriter.Code)
@ -260,8 +260,8 @@ func testProxySSE(proxy connection.OriginProxy) func(t *testing.T) {
 		go func() {
 			defer wg.Done()
 			log := zerolog.Nop()
-			err = proxy.ProxyHTTP(responseWriter, tracing.NewTracedHTTPRequest(req, &log), false)
+			err = proxy.ProxyHTTP(responseWriter, tracing.NewTracedHTTPRequest(req, 0, &log), false)
-			require.NoError(t, err)
+			require.Equal(t, err.Error(), "context canceled")
 			require.Equal(t, http.StatusOK, responseWriter.Code)
 		}()
@ -367,7 +367,7 @@ func runIngressTestScenarios(t *testing.T, unvalidatedIngress []config.Unvalidat
 		req, err := http.NewRequest(http.MethodGet, test.url, nil)
 		require.NoError(t, err)
-		err = proxy.ProxyHTTP(responseWriter, tracing.NewTracedHTTPRequest(req, &log), false)
+		err = proxy.ProxyHTTP(responseWriter, tracing.NewTracedHTTPRequest(req, 0, &log), false)
 		require.NoError(t, err)
 		assert.Equal(t, test.expectedStatus, responseWriter.Code)
@ -414,7 +414,7 @@ func TestProxyError(t *testing.T) {
 	req, err := http.NewRequest(http.MethodGet, "http://127.0.0.1", nil)
 	assert.NoError(t, err)
-	assert.Error(t, proxy.ProxyHTTP(responseWriter, tracing.NewTracedHTTPRequest(req, &log), false))
+	assert.Error(t, proxy.ProxyHTTP(responseWriter, tracing.NewTracedHTTPRequest(req, 0, &log), false))
 }
 type replayer struct {
@ -695,7 +695,7 @@ func TestConnections(t *testing.T) {
 				err = proxy.ProxyTCP(ctx, rwa, &connection.TCPRequest{Dest: dest})
 			} else {
 				log := zerolog.Nop()
-				err = proxy.ProxyHTTP(respWriter, tracing.NewTracedHTTPRequest(req, &log), test.args.connectionType == connection.TypeWebsocket)
+				err = proxy.ProxyHTTP(respWriter, tracing.NewTracedHTTPRequest(req, 0, &log), test.args.connectionType == connection.TypeWebsocket)
 			}
 			cancel()
--- a/supervisor/supervisor.go
+++ b/supervisor/supervisor.go
@ -3,28 +3,22 @@ package supervisor
 import (
 	"context"
 	"errors"
 	"fmt"
 	"net"
 	"strings"
 	"time"
 	"github.com/google/uuid"
 	"github.com/lucas-clemente/quic-go"
 	"github.com/rs/zerolog"
 	"github.com/cloudflare/cloudflared/connection"
 	"github.com/cloudflare/cloudflared/edgediscovery"
 	"github.com/cloudflare/cloudflared/h2mux"
 	"github.com/cloudflare/cloudflared/orchestration"
 	"github.com/cloudflare/cloudflared/retry"
 	"github.com/cloudflare/cloudflared/signal"
 	tunnelpogs "github.com/cloudflare/cloudflared/tunnelrpc/pogs"
 	"github.com/cloudflare/cloudflared/tunnelstate"
 )
 const (
 	// SRV and TXT record resolution TTL
 	ResolveTTL = time.Hour
 	// Waiting time before retrying a failed tunnel connection
 	tunnelRetryDuration = time.Second * 10
 	// Interval between registering new tunnels
@ -40,7 +34,6 @@ const (
 // Supervisor manages non-declarative tunnels. Establishes TCP connections with the edge, and
 // reconnects them if they disconnect.
 type Supervisor struct {
 	cloudflaredUUID         uuid.UUID
 	config                  *TunnelConfig
 	orchestrator            *orchestration.Orchestrator
 	edgeIPs                 *edgediscovery.Edge
@ -57,7 +50,6 @@ type Supervisor struct {
 	logTransport *zerolog.Logger
 	reconnectCredentialManager *reconnectCredentialManager
 	useReconnectToken          bool
 	reconnectCh       chan ReconnectSignal
 	gracefulShutdownC <-chan struct{}
@ -71,13 +63,9 @@ type tunnelError struct {
 }
 func NewSupervisor(config *TunnelConfig, orchestrator *orchestration.Orchestrator, reconnectCh chan ReconnectSignal, gracefulShutdownC <-chan struct{}) (*Supervisor, error) {
 	cloudflaredUUID, err := uuid.NewRandom()
 	if err != nil {
 		return nil, fmt.Errorf("failed to generate cloudflared instance ID: %w", err)
 	}
 	isStaticEdge := len(config.EdgeAddrs) > 0
 	var err error
 	var edgeIPs *edgediscovery.Edge
 	if isStaticEdge { // static edge addresses
 		edgeIPs, err = edgediscovery.StaticEdge(config.Log, config.EdgeAddrs)
@ -98,7 +86,6 @@ func NewSupervisor(config *TunnelConfig, orchestrator *orchestration.Orchestrato
 	edgeTunnelServer := EdgeTunnelServer{
 		config:            config,
 		cloudflaredUUID:   cloudflaredUUID,
 		orchestrator:      orchestrator,
 		credentialManager: reconnectCredentialManager,
 		edgeAddrs:         edgeIPs,
@ -110,13 +97,7 @@ func NewSupervisor(config *TunnelConfig, orchestrator *orchestration.Orchestrato
 		connAwareLogger:   log,
 	}
 	useReconnectToken := false
 	if config.ClassicTunnel != nil {
 		useReconnectToken = config.ClassicTunnel.UseReconnectToken
 	}
 	return &Supervisor{
 		cloudflaredUUID:            cloudflaredUUID,
 		config:                     config,
 		orchestrator:               orchestrator,
 		edgeIPs:                    edgeIPs,
@ -127,7 +108,6 @@ func NewSupervisor(config *TunnelConfig, orchestrator *orchestration.Orchestrato
 		log:                        log,
 		logTransport:               config.LogTransport,
 		reconnectCredentialManager: reconnectCredentialManager,
 		useReconnectToken:          useReconnectToken,
 		reconnectCh:                reconnectCh,
 		gracefulShutdownC:          gracefulShutdownC,
 	}, nil
@ -161,20 +141,6 @@ func (s *Supervisor) Run(
 	backoff := retry.BackoffHandler{MaxRetries: s.config.Retries, BaseTime: tunnelRetryDuration, RetryForever: true}
 	var backoffTimer <-chan time.Time
 	refreshAuthBackoff := &retry.BackoffHandler{MaxRetries: refreshAuthMaxBackoff, BaseTime: refreshAuthRetryDuration, RetryForever: true}
 	var refreshAuthBackoffTimer <-chan time.Time
 	if s.useReconnectToken {
 		if timer, err := s.reconnectCredentialManager.RefreshAuth(ctx, refreshAuthBackoff, s.authenticate); err == nil {
 			refreshAuthBackoffTimer = timer
 		} else {
 			s.log.Logger().Err(err).
 				Dur("refreshAuthRetryDuration", refreshAuthRetryDuration).
 				Msgf("supervisor: initial refreshAuth failed, retrying in %v", refreshAuthRetryDuration)
 			refreshAuthBackoffTimer = time.After(refreshAuthRetryDuration)
 		}
 	}
 	shuttingDown := false
 	for {
 		select {
@ -221,16 +187,6 @@ func (s *Supervisor) Run(
 			}
 			tunnelsActive += len(tunnelsWaiting)
 			tunnelsWaiting = nil
 		// Time to call Authenticate
 		case <-refreshAuthBackoffTimer:
 			newTimer, err := s.reconnectCredentialManager.RefreshAuth(ctx, refreshAuthBackoff, s.authenticate)
 			if err != nil {
 				s.log.Logger().Err(err).Msg("supervisor: Authentication failed")
 				// Permanent failure. Leave the `select` without setting the
 				// channel to be non-null, so we'll never hit this case of the `select` again.
 				continue
 			}
 			refreshAuthBackoffTimer = newTimer
 		// Tunnel successfully connected
 		case <-s.nextConnectedSignal:
 			if !s.waitForNextTunnel(s.nextConnectedIndex) && len(tunnelsWaiting) == 0 {
@ -379,44 +335,3 @@ func (s *Supervisor) waitForNextTunnel(index int) bool {
 func (s *Supervisor) unusedIPs() bool {
 	return s.edgeIPs.AvailableAddrs() > s.config.HAConnections
 }
 func (s *Supervisor) authenticate(ctx context.Context, numPreviousAttempts int) (tunnelpogs.AuthOutcome, error) {
 	arbitraryEdgeIP, err := s.edgeIPs.GetAddrForRPC()
 	if err != nil {
 		return nil, err
 	}
 	edgeConn, err := edgediscovery.DialEdge(ctx, dialTimeout, s.config.EdgeTLSConfigs[connection.H2mux], arbitraryEdgeIP.TCP, nil)
 	if err != nil {
 		return nil, err
 	}
 	defer edgeConn.Close()
 	handler := h2mux.MuxedStreamFunc(func(*h2mux.MuxedStream) error {
 		// This callback is invoked by h2mux when the edge initiates a stream.
 		return nil // noop
 	})
 	muxerConfig := s.config.MuxerConfig.H2MuxerConfig(handler, s.logTransport)
 	muxer, err := h2mux.Handshake(edgeConn, edgeConn, *muxerConfig, h2mux.ActiveStreams)
 	if err != nil {
 		return nil, err
 	}
 	go muxer.Serve(ctx)
 	defer func() {
 		// If we don't wait for the muxer shutdown here, edgeConn.Close() runs before the muxer connections are done,
 		// and the user sees log noise: "error writing data", "connection closed unexpectedly"
 		<-muxer.Shutdown()
 	}()
 	stream, err := muxer.OpenRPCStream(ctx)
 	if err != nil {
 		return nil, err
 	}
 	rpcClient := connection.NewTunnelServerClient(ctx, stream, s.log.Logger())
 	defer rpcClient.Close()
 	const arbitraryConnectionID = uint8(0)
 	registrationOptions := s.config.registrationOptions(arbitraryConnectionID, edgeConn.LocalAddr().String(), s.cloudflaredUUID)
 	registrationOptions.NumPreviousAttempts = uint8(numPreviousAttempts)
 	return rpcClient.Authenticate(ctx, s.config.ClassicTunnel, registrationOptions)
 }
--- a/supervisor/supervisor_test.go
+++ b/supervisor/supervisor_test.go
@ -1,74 +0,0 @@
 package supervisor
 import (
 	"context"
 	"testing"
 	"github.com/rs/zerolog"
 	"github.com/stretchr/testify/assert"
 	"github.com/cloudflare/cloudflared/connection"
 	"github.com/cloudflare/cloudflared/edgediscovery"
 	"github.com/cloudflare/cloudflared/edgediscovery/allregions"
 	"github.com/cloudflare/cloudflared/signal"
 )
 type mockProtocolSelector struct {
 	protocols []connection.Protocol
 	index     int
 }
 func (m *mockProtocolSelector) Current() connection.Protocol {
 	return m.protocols[m.index]
 }
 func (m *mockProtocolSelector) Fallback() (connection.Protocol, bool) {
 	m.index++
 	if m.index == len(m.protocols) {
 		return m.protocols[len(m.protocols)-1], false
 	}
 	return m.protocols[m.index], true
 }
 type mockEdgeTunnelServer struct {
 	config *TunnelConfig
 }
 func (m *mockEdgeTunnelServer) Serve(ctx context.Context, connIndex uint8, protocolFallback *protocolFallback, connectedSignal *signal.Signal) error {
 	// This is to mock the first connection falling back because of connectivity issues.
 	protocolFallback.protocol, _ = m.config.ProtocolSelector.Fallback()
 	connectedSignal.Notify()
 	return nil
 }
 // Test to check if initialize sets all the different connections to the same protocol should the first
 // tunnel fall back.
 func Test_Initialize_Same_Protocol(t *testing.T) {
 	edgeIPs, err := edgediscovery.ResolveEdge(&zerolog.Logger{}, "us", allregions.Auto)
 	assert.Nil(t, err)
 	s := Supervisor{
 		edgeIPs: edgeIPs,
 		config: &TunnelConfig{
 			ProtocolSelector: &mockProtocolSelector{protocols: []connection.Protocol{connection.QUIC, connection.HTTP2, connection.H2mux}},
 		},
 		tunnelsProtocolFallback: make(map[int]*protocolFallback),
 		edgeTunnelServer: &mockEdgeTunnelServer{
 			config: &TunnelConfig{
 				ProtocolSelector: &mockProtocolSelector{protocols: []connection.Protocol{connection.QUIC, connection.HTTP2, connection.H2mux}},
 			},
 		},
 	}
 	ctx := context.Background()
 	connectedSignal := signal.New(make(chan struct{}))
 	s.initialize(ctx, connectedSignal)
 	// Make sure we fell back to http2 as the mock Serve is wont to do.
 	assert.Equal(t, s.tunnelsProtocolFallback[0].protocol, connection.HTTP2)
 	// Ensure all the protocols we set to try are the same as what the first tunnel has fallen back to.
 	for _, protocolFallback := range s.tunnelsProtocolFallback {
 		assert.Equal(t, protocolFallback.protocol, s.tunnelsProtocolFallback[0].protocol)
 	}
 }
--- a/supervisor/tunnel.go
+++ b/supervisor/tunnel.go
@ -69,7 +69,6 @@ type TunnelConfig struct {
 	PQKexIdx int
 	NamedTunnel      *connection.NamedTunnelProperties
 	ClassicTunnel    *connection.ClassicTunnelProperties
 	MuxerConfig      *connection.MuxerConfig
 	ProtocolSelector connection.ProtocolSelector
 	EdgeTLSConfigs   map[connection.Protocol]*tls.Config
@ -205,7 +204,6 @@ func (f *ipAddrFallback) ShouldGetNewAddress(connIndex uint8, err error) (needsN
 type EdgeTunnelServer struct {
 	config            *TunnelConfig
 	cloudflaredUUID   uuid.UUID
 	orchestrator      *orchestration.Orchestrator
 	credentialManager *reconnectCredentialManager
 	edgeAddrHandler   EdgeAddrHandler
@ -491,7 +489,7 @@ func (e *EdgeTunnelServer) serveConnection(
 	)
 	switch protocol {
-	case connection.QUIC, connection.QUICWarp:
+	case connection.QUIC:
 		connOptions := e.config.connectionOptions(addr.UDP.String(), uint8(backoff.Retries()))
 		return e.serveQUIC(ctx,
 			addr.UDP,
@ -500,7 +498,7 @@ func (e *EdgeTunnelServer) serveConnection(
 			controlStream,
 			connIndex)
-	case connection.HTTP2, connection.HTTP2Warp:
+	case connection.HTTP2:
 		edgeConn, err := edgediscovery.DialEdge(ctx, dialTimeout, e.config.EdgeTLSConfigs[protocol], addr.TCP, e.edgeBindAddr)
 		if err != nil {
 			connLog.ConnAwareLogger().Err(err).Msg("Unable to establish connection with Cloudflare edge")
@ -579,12 +577,8 @@ func (e *EdgeTunnelServer) serveH2mux(
 	errGroup, serveCtx := errgroup.WithContext(ctx)
 	errGroup.Go(func() error {
 		if e.config.NamedTunnel != nil {
 		connOptions := e.config.connectionOptions(edgeConn.LocalAddr().String(), uint8(connectedFuse.backoff.Retries()))
 		return handler.ServeNamedTunnel(serveCtx, e.config.NamedTunnel, connOptions, connectedFuse)
 		}
 		registrationOptions := e.config.registrationOptions(connIndex, edgeConn.LocalAddr().String(), e.cloudflaredUUID)
 		return handler.ServeClassicTunnel(serveCtx, e.config.ClassicTunnel, e.credentialManager, registrationOptions, connectedFuse)
 	})
 	errGroup.Go(func() error {
--- a/supervisor/tunnel_test.go
+++ b/supervisor/tunnel_test.go
@ -18,7 +18,7 @@ type dynamicMockFetcher struct {
 	err              error
 }
-func (dmf *dynamicMockFetcher) fetch() connection.PercentageFetcher {
+func (dmf *dynamicMockFetcher) fetch() edgediscovery.PercentageFetcher {
 	return func() (edgediscovery.ProtocolPercents, error) {
 		return dmf.protocolPercents, dmf.err
 	}
@ -32,24 +32,22 @@ func TestWaitForBackoffFallback(t *testing.T) {
 	}
 	log := zerolog.Nop()
 	resolveTTL := time.Duration(0)
 	namedTunnel := &connection.NamedTunnelProperties{}
 	mockFetcher := dynamicMockFetcher{
-		protocolPercents: edgediscovery.ProtocolPercents{edgediscovery.ProtocolPercent{Protocol: "http2", Percentage: 100}},
+		protocolPercents: edgediscovery.ProtocolPercents{edgediscovery.ProtocolPercent{Protocol: "quic", Percentage: 100}},
 	}
 	warpRoutingEnabled := false
 	protocolSelector, err := connection.NewProtocolSelector(
 		"auto",
-		warpRoutingEnabled,
+		"",
-		namedTunnel,
+		false,
 		false,
 		mockFetcher.fetch(),
 		resolveTTL,
 		&log,
 		false,
 	)
 	assert.NoError(t, err)
 	initProtocol := protocolSelector.Current()
-	assert.Equal(t, connection.HTTP2, initProtocol)
+	assert.Equal(t, connection.QUIC, initProtocol)
 	protoFallback := &protocolFallback{
 		backoff,
@ -100,12 +98,12 @@ func TestWaitForBackoffFallback(t *testing.T) {
 	// The reason why there's no fallback available is because we pick a specific protocol instead of letting it be auto.
 	protocolSelector, err = connection.NewProtocolSelector(
 		"quic",
-		warpRoutingEnabled,
+		"",
-		namedTunnel,
+		false,
 		false,
 		mockFetcher.fetch(),
 		resolveTTL,
 		&log,
 		false,
 	)
 	assert.NoError(t, err)
 	protoFallback = &protocolFallback{backoff, protocolSelector.Current(), false}
--- a/tlsconfig/certreloader.go
+++ b/tlsconfig/certreloader.go
@ -8,7 +8,7 @@ import (
 	"runtime"
 	"sync"
-	"github.com/getsentry/raven-go"
+	"github.com/getsentry/sentry-go"
 	"github.com/pkg/errors"
 	"github.com/rs/zerolog"
 	"github.com/urfave/cli/v2"
@ -65,7 +65,7 @@ func (cr *CertReloader) LoadCert() error {
 	// Keep the old certificate if there's a problem reading the new one.
 	if err != nil {
-		raven.CaptureError(fmt.Errorf("Error parsing X509 key pair: %v", err), nil)
+		sentry.CaptureException(fmt.Errorf("Error parsing X509 key pair: %v", err))
 		return err
 	}
 	cr.certificate = &cert
--- a/tracing/tracing.go
+++ b/tracing/tracing.go
@ -73,15 +73,16 @@ func Init(version string) {
 type TracedHTTPRequest struct {
 	*http.Request
 	*cfdTracer
 	ConnIndex uint8 // The connection index used to proxy the request
 }
 // NewTracedHTTPRequest creates a new tracer for the current HTTP request context.
-func NewTracedHTTPRequest(req *http.Request, log *zerolog.Logger) *TracedHTTPRequest {
+func NewTracedHTTPRequest(req *http.Request, connIndex uint8, log *zerolog.Logger) *TracedHTTPRequest {
 	ctx, exists := extractTrace(req)
 	if !exists {
-		return &TracedHTTPRequest{req, &cfdTracer{trace.NewNoopTracerProvider(), &NoopOtlpClient{}, log}}
+		return &TracedHTTPRequest{req, &cfdTracer{trace.NewNoopTracerProvider(), &NoopOtlpClient{}, log}, connIndex}
 	}
-	return &TracedHTTPRequest{req.WithContext(ctx), newCfdTracer(ctx, log)}
+	return &TracedHTTPRequest{req.WithContext(ctx), newCfdTracer(ctx, log), connIndex}
 }
 func (tr *TracedHTTPRequest) ToTracedContext() *TracedContext {
--- a/tracing/tracing_test.go
+++ b/tracing/tracing_test.go
@ -17,7 +17,7 @@ func TestNewCfTracer(t *testing.T) {
 	log := zerolog.Nop()
 	req := httptest.NewRequest("GET", "http://localhost", nil)
 	req.Header.Add(TracerContextName, "14cb070dde8e51fc5ae8514e69ba42ca:b38f1bf5eae406f3:0:1")
-	tr := NewTracedHTTPRequest(req, &log)
+	tr := NewTracedHTTPRequest(req, 0, &log)
 	assert.NotNil(t, tr)
 	assert.IsType(t, tracesdk.NewTracerProvider(), tr.TracerProvider)
 	assert.IsType(t, &InMemoryOtlpClient{}, tr.exporter)
@ -28,7 +28,7 @@ func TestNewCfTracerMultiple(t *testing.T) {
 	req := httptest.NewRequest("GET", "http://localhost", nil)
 	req.Header.Add(TracerContextName, "1241ce3ecdefc68854e8514e69ba42ca:b38f1bf5eae406f3:0:1")
 	req.Header.Add(TracerContextName, "14cb070dde8e51fc5ae8514e69ba42ca:b38f1bf5eae406f3:0:1")
-	tr := NewTracedHTTPRequest(req, &log)
+	tr := NewTracedHTTPRequest(req, 0, &log)
 	assert.NotNil(t, tr)
 	assert.IsType(t, tracesdk.NewTracerProvider(), tr.TracerProvider)
 	assert.IsType(t, &InMemoryOtlpClient{}, tr.exporter)
@ -38,7 +38,7 @@ func TestNewCfTracerNilHeader(t *testing.T) {
 	log := zerolog.Nop()
 	req := httptest.NewRequest("GET", "http://localhost", nil)
 	req.Header[http.CanonicalHeaderKey(TracerContextName)] = nil
-	tr := NewTracedHTTPRequest(req, &log)
+	tr := NewTracedHTTPRequest(req, 0, &log)
 	assert.NotNil(t, tr)
 	assert.IsType(t, trace.NewNoopTracerProvider(), tr.TracerProvider)
 	assert.IsType(t, &NoopOtlpClient{}, tr.exporter)
@ -49,7 +49,7 @@ func TestNewCfTracerInvalidHeaders(t *testing.T) {
 	req := httptest.NewRequest("GET", "http://localhost", nil)
 	for _, test := range [][]string{nil, {""}} {
 		req.Header[http.CanonicalHeaderKey(TracerContextName)] = test
-		tr := NewTracedHTTPRequest(req, &log)
+		tr := NewTracedHTTPRequest(req, 0, &log)
 		assert.NotNil(t, tr)
 		assert.IsType(t, trace.NewNoopTracerProvider(), tr.TracerProvider)
 		assert.IsType(t, &NoopOtlpClient{}, tr.exporter)
@ -60,7 +60,7 @@ func TestAddingSpansWithNilMap(t *testing.T) {
 	log := zerolog.Nop()
 	req := httptest.NewRequest("GET", "http://localhost", nil)
 	req.Header.Add(TracerContextName, "14cb070dde8e51fc5ae8514e69ba42ca:b38f1bf5eae406f3:0:1")
-	tr := NewTracedHTTPRequest(req, &log)
+	tr := NewTracedHTTPRequest(req, 0, &log)
 	exporter := tr.exporter.(*InMemoryOtlpClient)
--- a/tunneldns/metrics.go
+++ b/tunneldns/metrics.go
@ -35,7 +35,7 @@ func (p MetricsPlugin) ServeDNS(ctx context.Context, w dns.ResponseWriter, r *dn
 	// Update built-in metrics
 	server := metrics.WithServer(ctx)
-	vars.Report(server, state, ".", rcode.ToString(rw.Rcode), pluginName, rw.Len, rw.Start)
+	vars.Report(server, state, ".", "", rcode.ToString(rw.Rcode), pluginName, rw.Len, rw.Start)
 	return status, err
 }
--- a/vendor/github.com/BurntSushi/toml/.gitignore
+++ b/vendor/github.com/BurntSushi/toml/.gitignore
@ -1,5 +1,2 @@
-TAGS
+/toml.test
-tags
+/toml-test
 .*.swp
 tomlcheck/tomlcheck
 toml.test
--- a/vendor/github.com/BurntSushi/toml/.travis.yml
+++ b/vendor/github.com/BurntSushi/toml/.travis.yml
@ -1,15 +0,0 @@
 language: go
 go:
  - 1.1
  - 1.2
  - 1.3
  - 1.4
  - 1.5
  - 1.6
  - tip
 install:
  - go install ./...
  - go get github.com/BurntSushi/toml-test
 script:
  - export PATH="$PATH:$HOME/gopath/bin"
  - make test
--- a/vendor/github.com/BurntSushi/toml/COMPATIBLE
+++ b/vendor/github.com/BurntSushi/toml/COMPATIBLE
@ -1,3 +0,0 @@
 Compatible with TOML version
 [v0.4.0](https://github.com/toml-lang/toml/blob/v0.4.0/versions/en/toml-v0.4.0.md)
--- a/vendor/github.com/BurntSushi/toml/Makefile
+++ b/vendor/github.com/BurntSushi/toml/Makefile
@ -1,19 +0,0 @@
 install:
 	go install ./...
 test: install
 	go test -v
 	toml-test toml-test-decoder
 	toml-test -encoder toml-test-encoder
 fmt:
 	gofmt -w *.go */*.go
 	colcheck *.go */*.go
 tags:
 	find ./ -name '*.go' -print0 | xargs -0 gotags > TAGS
 push:
 	git push origin master
 	git push github master
--- a/vendor/github.com/BurntSushi/toml/README.md
+++ b/vendor/github.com/BurntSushi/toml/README.md
@ -1,46 +1,26 @@
 ## TOML parser and encoder for Go with reflection
 TOML stands for Tom's Obvious, Minimal Language. This Go package provides a
-reflection interface similar to Go's standard library `json` and `xml`
+reflection interface similar to Go's standard library `json` and `xml` packages.
 packages. This package also supports the `encoding.TextUnmarshaler` and
 `encoding.TextMarshaler` interfaces so that you can define custom data
 representations. (There is an example of this below.)
-Spec: https://github.com/toml-lang/toml
+Compatible with TOML version [v1.0.0](https://toml.io/en/v1.0.0).
-Compatible with TOML version
+Documentation: https://godocs.io/github.com/BurntSushi/toml
 [v0.4.0](https://github.com/toml-lang/toml/blob/master/versions/en/toml-v0.4.0.md)
-Documentation: https://godoc.org/github.com/BurntSushi/toml
+See the [releases page](https://github.com/BurntSushi/toml/releases) for a
 changelog; this information is also in the git tag annotations (e.g. `git show
 v0.4.0`).
-Installation:
+This library requires Go 1.13 or newer; add it to your go.mod with:
-```bash
+    % go get github.com/BurntSushi/toml@latest
 go get github.com/BurntSushi/toml
 ```
-Try the toml validator:
+It also comes with a TOML validator CLI tool:
-```bash
+    % go install github.com/BurntSushi/toml/cmd/tomlv@latest
-go get github.com/BurntSushi/toml/cmd/tomlv
+    % tomlv some-toml-file.toml
 tomlv some-toml-file.toml
 ```
 [![Build Status](https://travis-ci.org/BurntSushi/toml.svg?branch=master)](https://travis-ci.org/BurntSushi/toml) [![GoDoc](https://godoc.org/github.com/BurntSushi/toml?status.svg)](https://godoc.org/github.com/BurntSushi/toml)
 ### Testing
 This package passes all tests in
 [toml-test](https://github.com/BurntSushi/toml-test) for both the decoder
 and the encoder.
 ### Examples
-
+For the simplest example, consider some TOML file as just a list of keys and
-This package works similarly to how the Go standard library handles `XML`
+values:
 and `JSON`. Namely, data is loaded into Go values via reflection.
 For the simplest example, consider some TOML file as just a list of keys
 and values:
 ```toml
 Age = 25
@ -50,7 +30,7 @@ Perfection = [ 6, 28, 496, 8128 ]
 DOB = 1987-07-05T05:45:00Z
 ```
-Which could be defined in Go as:
+Which can be decoded with:
 ```go
 type Config struct {
@ -58,21 +38,15 @@ type Config struct {
 	Cats       []string
 	Pi         float64
 	Perfection []int
-  DOB time.Time // requires `import time`
+	DOB        time.Time
 }
 ```
 And then decoded with:
 ```go
 var conf Config
-if _, err := toml.Decode(tomlData, &conf); err != nil {
+_, err := toml.Decode(tomlData, &conf)
  // handle error
 }
 ```
-You can also use struct tags if your struct field name doesn't map to a TOML
+You can also use struct tags if your struct field name doesn't map to a TOML key
-key value directly:
+value directly:
 ```toml
 some_key_NAME = "wat"
@ -84,135 +58,63 @@ type TOML struct {
 }
 ```
-### Using the `encoding.TextUnmarshaler` interface
+Beware that like other decoders **only exported fields** are considered when
 encoding and decoding; private fields are silently ignored.
-Here's an example that automatically parses duration strings into
+### Using the `Marshaler` and `encoding.TextUnmarshaler` interfaces
-`time.Duration` values:
+Here's an example that automatically parses values in a `mail.Address`:
 ```toml
-[[song]]
+contacts = [
-name = "Thunder Road"
+    "Donald Duck <donald@duckburg.com>",
-duration = "4m49s"
+    "Scrooge McDuck <scrooge@duckburg.com>",
 [[song]]
 name = "Stairway to Heaven"
 duration = "8m03s"
 ```
 Which can be decoded with:
 ```go
 type song struct {
  Name     string
  Duration duration
 }
 type songs struct {
  Song []song
 }
 var favorites songs
 if _, err := toml.Decode(blob, &favorites); err != nil {
  log.Fatal(err)
 }
 for _, s := range favorites.Song {
  fmt.Printf("%s (%s)\n", s.Name, s.Duration)
 }
 ```
 And you'll also need a `duration` type that satisfies the
 `encoding.TextUnmarshaler` interface:
 ```go
 type duration struct {
 	time.Duration
 }
 func (d *duration) UnmarshalText(text []byte) error {
 	var err error
 	d.Duration, err = time.ParseDuration(string(text))
 	return err
 }
 ```
 ### More complex usage
 Here's an example of how to load the example from the official spec page:
 ```toml
 # This is a TOML document. Boom.
 title = "TOML Example"
 [owner]
 name = "Tom Preston-Werner"
 organization = "GitHub"
 bio = "GitHub Cofounder & CEO\nLikes tater tots and beer."
 dob = 1979-05-27T07:32:00Z # First class dates? Why not?
 [database]
 server = "192.168.1.1"
 ports = [ 8001, 8001, 8002 ]
 connection_max = 5000
 enabled = true
 [servers]
  # You can indent as you please. Tabs or spaces. TOML don't care.
  [servers.alpha]
  ip = "10.0.0.1"
  dc = "eqdc10"
  [servers.beta]
  ip = "10.0.0.2"
  dc = "eqdc10"
 [clients]
 data = [ ["gamma", "delta"], [1, 2] ] # just an update to make sure parsers support it
 # Line breaks are OK when inside arrays
 hosts = [
  "alpha",
  "omega"
 ]
 ```
-And the corresponding Go types are:
+Can be decoded with:
 ```go
-type tomlConfig struct {
+// Create address type which satisfies the encoding.TextUnmarshaler interface.
-	Title string
+type address struct {
-	Owner ownerInfo
+	*mail.Address
 	DB database `toml:"database"`
 	Servers map[string]server
 	Clients clients
 }
-type ownerInfo struct {
+func (a *address) UnmarshalText(text []byte) error {
-	Name string
+	var err error
-	Org string `toml:"organization"`
+	a.Address, err = mail.ParseAddress(string(text))
-	Bio string
+	return err
 	DOB time.Time
 }
-type database struct {
+// Decode it.
-	Server string
+func decode() {
-	Ports []int
+	blob := `
-	ConnMax int `toml:"connection_max"`
+		contacts = [
-	Enabled bool
+			"Donald Duck <donald@duckburg.com>",
-}
+			"Scrooge McDuck <scrooge@duckburg.com>",
 		]
 	`
-type server struct {
+	var contacts struct {
-	IP string
+		Contacts []address
-	DC string
+	}
 }
-type clients struct {
+	_, err := toml.Decode(blob, &contacts)
-	Data [][]interface{}
+	if err != nil {
-	Hosts []string
+		log.Fatal(err)
 	}
 	for _, c := range contacts.Contacts {
 		fmt.Printf("%#v\n", c.Address)
 	}
 	// Output:
 	// &mail.Address{Name:"Donald Duck", Address:"donald@duckburg.com"}
 	// &mail.Address{Name:"Scrooge McDuck", Address:"scrooge@duckburg.com"}
 }
 ```
-Note that a case insensitive match will be tried if an exact match can't be
+To target TOML specifically you can implement `UnmarshalTOML` TOML interface in
-found.
+a similar way.
-A working example of the above can be found in `_examples/example.{go,toml}`.
+### More complex usage
 See the [`_example/`](/_example) directory for a more complex example.
--- a/vendor/github.com/BurntSushi/toml/decode.go
+++ b/vendor/github.com/BurntSushi/toml/decode.go
@ -1,54 +1,171 @@
 package toml
 import (
 	"bytes"
 	"encoding"
 	"encoding/json"
 	"fmt"
 	"io"
 	"io/ioutil"
 	"math"
 	"os"
 	"reflect"
 	"strconv"
 	"strings"
 	"time"
 )
 func e(format string, args ...interface{}) error {
 	return fmt.Errorf("toml: "+format, args...)
 }
 // Unmarshaler is the interface implemented by objects that can unmarshal a
 // TOML description of themselves.
 type Unmarshaler interface {
 	UnmarshalTOML(interface{}) error
 }
-// Unmarshal decodes the contents of `p` in TOML format into a pointer `v`.
+// Unmarshal decodes the contents of `data` in TOML format into a pointer `v`.
-func Unmarshal(p []byte, v interface{}) error {
+func Unmarshal(data []byte, v interface{}) error {
-	_, err := Decode(string(p), v)
+	_, err := NewDecoder(bytes.NewReader(data)).Decode(v)
 	return err
 }
 // Decode the TOML data in to the pointer v.
 //
 // See the documentation on Decoder for a description of the decoding process.
 func Decode(data string, v interface{}) (MetaData, error) {
 	return NewDecoder(strings.NewReader(data)).Decode(v)
 }
 // DecodeFile is just like Decode, except it will automatically read the
 // contents of the file at path and decode it for you.
 func DecodeFile(path string, v interface{}) (MetaData, error) {
 	fp, err := os.Open(path)
 	if err != nil {
 		return MetaData{}, err
 	}
 	defer fp.Close()
 	return NewDecoder(fp).Decode(v)
 }
 // Primitive is a TOML value that hasn't been decoded into a Go value.
 // When using the various `Decode*` functions, the type `Primitive` may
 // be given to any value, and its decoding will be delayed.
 //
-// A `Primitive` value can be decoded using the `PrimitiveDecode` function.
+// This type can be used for any value, which will cause decoding to be delayed.
 // You can use the PrimitiveDecode() function to "manually" decode these values.
 //
-// The underlying representation of a `Primitive` value is subject to change.
+// NOTE: The underlying representation of a `Primitive` value is subject to
-// Do not rely on it.
+// change. Do not rely on it.
 //
-// N.B. Primitive values are still parsed, so using them will only avoid
+// NOTE: Primitive values are still parsed, so using them will only avoid the
-// the overhead of reflection. They can be useful when you don't know the
+// overhead of reflection. They can be useful when you don't know the exact type
-// exact type of TOML data until run time.
+// of TOML data until runtime.
 type Primitive struct {
 	undecoded interface{}
 	context   Key
 }
-// DEPRECATED!
+// The significand precision for float32 and float64 is 24 and 53 bits; this is
 // the range a natural number can be stored in a float without loss of data.
 const (
 	maxSafeFloat32Int = 16777215                // 2^24-1
 	maxSafeFloat64Int = int64(9007199254740991) // 2^53-1
 )
 // Decoder decodes TOML data.
 //
-// Use MetaData.PrimitiveDecode instead.
+// TOML tables correspond to Go structs or maps (dealer's choice – they can be
-func PrimitiveDecode(primValue Primitive, v interface{}) error {
+// used interchangeably).
-	md := MetaData{decoded: make(map[string]bool)}
+//
-	return md.unify(primValue.undecoded, rvalue(v))
+// TOML table arrays correspond to either a slice of structs or a slice of maps.
 //
 // TOML datetimes correspond to Go time.Time values. Local datetimes are parsed
 // in the local timezone.
 //
 // time.Duration types are treated as nanoseconds if the TOML value is an
 // integer, or they're parsed with time.ParseDuration() if they're strings.
 //
 // All other TOML types (float, string, int, bool and array) correspond to the
 // obvious Go types.
 //
 // An exception to the above rules is if a type implements the TextUnmarshaler
 // interface, in which case any primitive TOML value (floats, strings, integers,
 // booleans, datetimes) will be converted to a []byte and given to the value's
 // UnmarshalText method. See the Unmarshaler example for a demonstration with
 // email addresses.
 //
 // Key mapping
 //
 // TOML keys can map to either keys in a Go map or field names in a Go struct.
 // The special `toml` struct tag can be used to map TOML keys to struct fields
 // that don't match the key name exactly (see the example). A case insensitive
 // match to struct names will be tried if an exact match can't be found.
 //
 // The mapping between TOML values and Go values is loose. That is, there may
 // exist TOML values that cannot be placed into your representation, and there
 // may be parts of your representation that do not correspond to TOML values.
 // This loose mapping can be made stricter by using the IsDefined and/or
 // Undecoded methods on the MetaData returned.
 //
 // This decoder does not handle cyclic types. Decode will not terminate if a
 // cyclic type is passed.
 type Decoder struct {
 	r io.Reader
 }
 // NewDecoder creates a new Decoder.
 func NewDecoder(r io.Reader) *Decoder {
 	return &Decoder{r: r}
 }
 var (
 	unmarshalToml = reflect.TypeOf((*Unmarshaler)(nil)).Elem()
 	unmarshalText = reflect.TypeOf((*encoding.TextUnmarshaler)(nil)).Elem()
 	primitiveType = reflect.TypeOf((*Primitive)(nil)).Elem()
 )
 // Decode TOML data in to the pointer `v`.
 func (dec *Decoder) Decode(v interface{}) (MetaData, error) {
 	rv := reflect.ValueOf(v)
 	if rv.Kind() != reflect.Ptr {
 		s := "%q"
 		if reflect.TypeOf(v) == nil {
 			s = "%v"
 		}
 		return MetaData{}, fmt.Errorf("toml: cannot decode to non-pointer "+s, reflect.TypeOf(v))
 	}
 	if rv.IsNil() {
 		return MetaData{}, fmt.Errorf("toml: cannot decode to nil value of %q", reflect.TypeOf(v))
 	}
 	// Check if this is a supported type: struct, map, interface{}, or something
 	// that implements UnmarshalTOML or UnmarshalText.
 	rv = indirect(rv)
 	rt := rv.Type()
 	if rv.Kind() != reflect.Struct && rv.Kind() != reflect.Map &&
 		!(rv.Kind() == reflect.Interface && rv.NumMethod() == 0) &&
 		!rt.Implements(unmarshalToml) && !rt.Implements(unmarshalText) {
 		return MetaData{}, fmt.Errorf("toml: cannot decode to type %s", rt)
 	}
 	// TODO: parser should read from io.Reader? Or at the very least, make it
 	// read from []byte rather than string
 	data, err := ioutil.ReadAll(dec.r)
 	if err != nil {
 		return MetaData{}, err
 	}
 	p, err := parse(string(data))
 	if err != nil {
 		return MetaData{}, err
 	}
 	md := MetaData{
 		mapping: p.mapping,
 		keyInfo: p.keyInfo,
 		keys:    p.ordered,
 		decoded: make(map[string]struct{}, len(p.ordered)),
 		context: nil,
 		data:    data,
 	}
 	return md, md.unify(p.mapping, rv)
 }
 // PrimitiveDecode is just like the other `Decode*` functions, except it
@ -68,90 +185,15 @@ func (md *MetaData) PrimitiveDecode(primValue Primitive, v interface{}) error {
 	return md.unify(primValue.undecoded, rvalue(v))
 }
 // Decode will decode the contents of `data` in TOML format into a pointer
 // `v`.
 //
 // TOML hashes correspond to Go structs or maps. (Dealer's choice. They can be
 // used interchangeably.)
 //
 // TOML arrays of tables correspond to either a slice of structs or a slice
 // of maps.
 //
 // TOML datetimes correspond to Go `time.Time` values.
 //
 // All other TOML types (float, string, int, bool and array) correspond
 // to the obvious Go types.
 //
 // An exception to the above rules is if a type implements the
 // encoding.TextUnmarshaler interface. In this case, any primitive TOML value
 // (floats, strings, integers, booleans and datetimes) will be converted to
 // a byte string and given to the value's UnmarshalText method. See the
 // Unmarshaler example for a demonstration with time duration strings.
 //
 // Key mapping
 //
 // TOML keys can map to either keys in a Go map or field names in a Go
 // struct. The special `toml` struct tag may be used to map TOML keys to
 // struct fields that don't match the key name exactly. (See the example.)
 // A case insensitive match to struct names will be tried if an exact match
 // can't be found.
 //
 // The mapping between TOML values and Go values is loose. That is, there
 // may exist TOML values that cannot be placed into your representation, and
 // there may be parts of your representation that do not correspond to
 // TOML values. This loose mapping can be made stricter by using the IsDefined
 // and/or Undecoded methods on the MetaData returned.
 //
 // This decoder will not handle cyclic types. If a cyclic type is passed,
 // `Decode` will not terminate.
 func Decode(data string, v interface{}) (MetaData, error) {
 	rv := reflect.ValueOf(v)
 	if rv.Kind() != reflect.Ptr {
 		return MetaData{}, e("Decode of non-pointer %s", reflect.TypeOf(v))
 	}
 	if rv.IsNil() {
 		return MetaData{}, e("Decode of nil %s", reflect.TypeOf(v))
 	}
 	p, err := parse(data)
 	if err != nil {
 		return MetaData{}, err
 	}
 	md := MetaData{
 		p.mapping, p.types, p.ordered,
 		make(map[string]bool, len(p.ordered)), nil,
 	}
 	return md, md.unify(p.mapping, indirect(rv))
 }
 // DecodeFile is just like Decode, except it will automatically read the
 // contents of the file at `fpath` and decode it for you.
 func DecodeFile(fpath string, v interface{}) (MetaData, error) {
 	bs, err := ioutil.ReadFile(fpath)
 	if err != nil {
 		return MetaData{}, err
 	}
 	return Decode(string(bs), v)
 }
 // DecodeReader is just like Decode, except it will consume all bytes
 // from the reader and decode it for you.
 func DecodeReader(r io.Reader, v interface{}) (MetaData, error) {
 	bs, err := ioutil.ReadAll(r)
 	if err != nil {
 		return MetaData{}, err
 	}
 	return Decode(string(bs), v)
 }
 // unify performs a sort of type unification based on the structure of `rv`,
 // which is the client representation.
 //
 // Any type mismatch produces an error. Finding a type that we don't know
 // how to handle produces an unsupported type error.
 func (md *MetaData) unify(data interface{}, rv reflect.Value) error {
 	// Special case. Look for a `Primitive` value.
-	if rv.Type() == reflect.TypeOf((*Primitive)(nil)).Elem() {
+	// TODO: #76 would make this superfluous after implemented.
 	if rv.Type() == primitiveType {
 		// Save the undecoded data and the key context into the primitive
 		// value.
 		context := make(Key, len(md.context))
@ -163,36 +205,24 @@ func (md *MetaData) unify(data interface{}, rv reflect.Value) error {
 		return nil
 	}
-	// Special case. Unmarshaler Interface support.
+	rvi := rv.Interface()
-	if rv.CanAddr() {
+	if v, ok := rvi.(Unmarshaler); ok {
 		if v, ok := rv.Addr().Interface().(Unmarshaler); ok {
 		return v.UnmarshalTOML(data)
 	}
-	}
+	if v, ok := rvi.(encoding.TextUnmarshaler); ok {
 	// Special case. Handle time.Time values specifically.
 	// TODO: Remove this code when we decide to drop support for Go 1.1.
 	// This isn't necessary in Go 1.2 because time.Time satisfies the encoding
 	// interfaces.
 	if rv.Type().AssignableTo(rvalue(time.Time{}).Type()) {
 		return md.unifyDatetime(data, rv)
 	}
 	// Special case. Look for a value satisfying the TextUnmarshaler interface.
 	if v, ok := rv.Interface().(TextUnmarshaler); ok {
 		return md.unifyText(data, v)
 	}
-	// BUG(burntsushi)
+
 	// TODO:
 	// The behavior here is incorrect whenever a Go type satisfies the
-	// encoding.TextUnmarshaler interface but also corresponds to a TOML
+	// encoding.TextUnmarshaler interface but also corresponds to a TOML hash or
-	// hash or array. In particular, the unmarshaler should only be applied
+	// array. In particular, the unmarshaler should only be applied to primitive
-	// to primitive TOML values. But at this point, it will be applied to
+	// TOML values. But at this point, it will be applied to all kinds of values
-	// all kinds of values and produce an incorrect error whenever those values
+	// and produce an incorrect error whenever those values are hashes or arrays
-	// are hashes or arrays (including arrays of tables).
+	// (including arrays of tables).
 	k := rv.Kind()
 	// laziness
 	if k >= reflect.Int && k <= reflect.Uint64 {
 		return md.unifyInt(data, rv)
 	}
@ -218,17 +248,14 @@ func (md *MetaData) unify(data interface{}, rv reflect.Value) error {
 	case reflect.Bool:
 		return md.unifyBool(data, rv)
 	case reflect.Interface:
-		// we only support empty interfaces.
+		if rv.NumMethod() > 0 { // Only support empty interfaces are supported.
-		if rv.NumMethod() > 0 {
+			return md.e("unsupported type %s", rv.Type())
 			return e("unsupported type %s", rv.Type())
 		}
 		return md.unifyAnything(data, rv)
-	case reflect.Float32:
+	case reflect.Float32, reflect.Float64:
 		fallthrough
 	case reflect.Float64:
 		return md.unifyFloat64(data, rv)
 	}
-	return e("unsupported type %s", rv.Kind())
+	return md.e("unsupported type %s", rv.Kind())
 }
 func (md *MetaData) unifyStruct(mapping interface{}, rv reflect.Value) error {
@ -237,7 +264,7 @@ func (md *MetaData) unifyStruct(mapping interface{}, rv reflect.Value) error {
 		if mapping == nil {
 			return nil
 		}
-		return e("type mismatch for %s: expected table but found %T",
+		return md.e("type mismatch for %s: expected table but found %T",
 			rv.Type().String(), mapping)
 	}
@ -259,17 +286,18 @@ func (md *MetaData) unifyStruct(mapping interface{}, rv reflect.Value) error {
 			for _, i := range f.index {
 				subv = indirect(subv.Field(i))
 			}
 			if isUnifiable(subv) {
-				md.decoded[md.context.add(key).String()] = true
+				md.decoded[md.context.add(key).String()] = struct{}{}
 				md.context = append(md.context, key)
-				if err := md.unify(datum, subv); err != nil {
+
 				err := md.unify(datum, subv)
 				if err != nil {
 					return err
 				}
 				md.context = md.context[0 : len(md.context)-1]
 			} else if f.name != "" {
-				// Bad user! No soup for you!
+				return md.e("cannot write unexported field %s.%s", rv.Type().String(), f.name)
 				return e("cannot write unexported field %s.%s",
 					rv.Type().String(), f.name)
 			}
 		}
 	}
@ -277,28 +305,43 @@ func (md *MetaData) unifyStruct(mapping interface{}, rv reflect.Value) error {
 }
 func (md *MetaData) unifyMap(mapping interface{}, rv reflect.Value) error {
 	keyType := rv.Type().Key().Kind()
 	if keyType != reflect.String && keyType != reflect.Interface {
 		return fmt.Errorf("toml: cannot decode to a map with non-string key type (%s in %q)",
 			keyType, rv.Type())
 	}
 	tmap, ok := mapping.(map[string]interface{})
 	if !ok {
 		if tmap == nil {
 			return nil
 		}
-		return badtype("map", mapping)
+		return md.badtype("map", mapping)
 	}
 	if rv.IsNil() {
 		rv.Set(reflect.MakeMap(rv.Type()))
 	}
 	for k, v := range tmap {
-		md.decoded[md.context.add(k).String()] = true
+		md.decoded[md.context.add(k).String()] = struct{}{}
 		md.context = append(md.context, k)
 		rvkey := indirect(reflect.New(rv.Type().Key()))
 		rvval := reflect.Indirect(reflect.New(rv.Type().Elem()))
-		if err := md.unify(v, rvval); err != nil {
+
 		err := md.unify(v, indirect(rvval))
 		if err != nil {
 			return err
 		}
 		md.context = md.context[0 : len(md.context)-1]
 		rvkey := indirect(reflect.New(rv.Type().Key()))
 		switch keyType {
 		case reflect.Interface:
 			rvkey.Set(reflect.ValueOf(k))
 		case reflect.String:
 			rvkey.SetString(k)
 		}
 		rv.SetMapIndex(rvkey, rvval)
 	}
 	return nil
@ -310,12 +353,10 @@ func (md *MetaData) unifyArray(data interface{}, rv reflect.Value) error {
 		if !datav.IsValid() {
 			return nil
 		}
-		return badtype("slice", data)
+		return md.badtype("slice", data)
 	}
-	sliceLen := datav.Len()
+	if l := datav.Len(); l != rv.Len() {
-	if sliceLen != rv.Len() {
+		return md.e("expected array length %d; got TOML array of length %d", rv.Len(), l)
 		return e("expected array length %d; got TOML array of length %d",
 			rv.Len(), sliceLen)
 	}
 	return md.unifySliceArray(datav, rv)
 }
@ -326,7 +367,7 @@ func (md *MetaData) unifySlice(data interface{}, rv reflect.Value) error {
 		if !datav.IsValid() {
 			return nil
 		}
-		return badtype("slice", data)
+		return md.badtype("slice", data)
 	}
 	n := datav.Len()
 	if rv.IsNil() || rv.Cap() < n {
@ -337,37 +378,45 @@ func (md *MetaData) unifySlice(data interface{}, rv reflect.Value) error {
 }
 func (md *MetaData) unifySliceArray(data, rv reflect.Value) error {
-	sliceLen := data.Len()
+	l := data.Len()
-	for i := 0; i < sliceLen; i++ {
+	for i := 0; i < l; i++ {
-		v := data.Index(i).Interface()
+		err := md.unify(data.Index(i).Interface(), indirect(rv.Index(i)))
-		sliceval := indirect(rv.Index(i))
+		if err != nil {
 		if err := md.unify(v, sliceval); err != nil {
 			return err
 		}
 	}
 	return nil
 }
-func (md *MetaData) unifyDatetime(data interface{}, rv reflect.Value) error {
+func (md *MetaData) unifyString(data interface{}, rv reflect.Value) error {
-	if _, ok := data.(time.Time); ok {
+	_, ok := rv.Interface().(json.Number)
-		rv.Set(reflect.ValueOf(data))
+	if ok {
 		if i, ok := data.(int64); ok {
 			rv.SetString(strconv.FormatInt(i, 10))
 		} else if f, ok := data.(float64); ok {
 			rv.SetString(strconv.FormatFloat(f, 'f', -1, 64))
 		} else {
 			return md.badtype("string", data)
 		}
 		return nil
 	}
 	return badtype("time.Time", data)
 }
 func (md *MetaData) unifyString(data interface{}, rv reflect.Value) error {
 	if s, ok := data.(string); ok {
 		rv.SetString(s)
 		return nil
 	}
-	return badtype("string", data)
+	return md.badtype("string", data)
 }
 func (md *MetaData) unifyFloat64(data interface{}, rv reflect.Value) error {
 	rvk := rv.Kind()
 	if num, ok := data.(float64); ok {
-		switch rv.Kind() {
+		switch rvk {
 		case reflect.Float32:
 			if num < -math.MaxFloat32 || num > math.MaxFloat32 {
 				return md.parseErr(errParseRange{i: num, size: rvk.String()})
 			}
 			fallthrough
 		case reflect.Float64:
 			rv.SetFloat(num)
@ -376,54 +425,60 @@ func (md *MetaData) unifyFloat64(data interface{}, rv reflect.Value) error {
 		}
 		return nil
 	}
-	return badtype("float", data)
+
 	if num, ok := data.(int64); ok {
 		if (rvk == reflect.Float32 && (num < -maxSafeFloat32Int || num > maxSafeFloat32Int)) ||
 			(rvk == reflect.Float64 && (num < -maxSafeFloat64Int || num > maxSafeFloat64Int)) {
 			return md.parseErr(errParseRange{i: num, size: rvk.String()})
 		}
 		rv.SetFloat(float64(num))
 		return nil
 	}
 	return md.badtype("float", data)
 }
 func (md *MetaData) unifyInt(data interface{}, rv reflect.Value) error {
-	if num, ok := data.(int64); ok {
+	_, ok := rv.Interface().(time.Duration)
-		if rv.Kind() >= reflect.Int && rv.Kind() <= reflect.Int64 {
+	if ok {
-			switch rv.Kind() {
+		// Parse as string duration, and fall back to regular integer parsing
-			case reflect.Int, reflect.Int64:
+		// (as nanosecond) if this is not a string.
-				// No bounds checking necessary.
+		if s, ok := data.(string); ok {
-			case reflect.Int8:
+			dur, err := time.ParseDuration(s)
-				if num < math.MinInt8 || num > math.MaxInt8 {
+			if err != nil {
-					return e("value %d is out of range for int8", num)
+				return md.parseErr(errParseDuration{s})
 			}
-			case reflect.Int16:
+			rv.SetInt(int64(dur))
-				if num < math.MinInt16 || num > math.MaxInt16 {
+			return nil
 					return e("value %d is out of range for int16", num)
 		}
 			case reflect.Int32:
 				if num < math.MinInt32 || num > math.MaxInt32 {
 					return e("value %d is out of range for int32", num)
 	}
 	num, ok := data.(int64)
 	if !ok {
 		return md.badtype("integer", data)
 	}
 	rvk := rv.Kind()
 	switch {
 	case rvk >= reflect.Int && rvk <= reflect.Int64:
 		if (rvk == reflect.Int8 && (num < math.MinInt8 || num > math.MaxInt8)) ||
 			(rvk == reflect.Int16 && (num < math.MinInt16 || num > math.MaxInt16)) ||
 			(rvk == reflect.Int32 && (num < math.MinInt32 || num > math.MaxInt32)) {
 			return md.parseErr(errParseRange{i: num, size: rvk.String()})
 		}
 		rv.SetInt(num)
-		} else if rv.Kind() >= reflect.Uint && rv.Kind() <= reflect.Uint64 {
+	case rvk >= reflect.Uint && rvk <= reflect.Uint64:
 		unum := uint64(num)
-			switch rv.Kind() {
+		if rvk == reflect.Uint8 && (num < 0 || unum > math.MaxUint8) ||
-			case reflect.Uint, reflect.Uint64:
+			rvk == reflect.Uint16 && (num < 0 || unum > math.MaxUint16) ||
-				// No bounds checking necessary.
+			rvk == reflect.Uint32 && (num < 0 || unum > math.MaxUint32) {
-			case reflect.Uint8:
+			return md.parseErr(errParseRange{i: num, size: rvk.String()})
 				if num < 0 || unum > math.MaxUint8 {
 					return e("value %d is out of range for uint8", num)
 				}
 			case reflect.Uint16:
 				if num < 0 || unum > math.MaxUint16 {
 					return e("value %d is out of range for uint16", num)
 				}
 			case reflect.Uint32:
 				if num < 0 || unum > math.MaxUint32 {
 					return e("value %d is out of range for uint32", num)
 				}
 		}
 		rv.SetUint(unum)
-		} else {
+	default:
 		panic("unreachable")
 	}
 	return nil
 	}
 	return badtype("integer", data)
 }
 func (md *MetaData) unifyBool(data interface{}, rv reflect.Value) error {
@ -431,7 +486,7 @@ func (md *MetaData) unifyBool(data interface{}, rv reflect.Value) error {
 		rv.SetBool(b)
 		return nil
 	}
-	return badtype("boolean", data)
+	return md.badtype("boolean", data)
 }
 func (md *MetaData) unifyAnything(data interface{}, rv reflect.Value) error {
@ -439,10 +494,16 @@ func (md *MetaData) unifyAnything(data interface{}, rv reflect.Value) error {
 	return nil
 }
-func (md *MetaData) unifyText(data interface{}, v TextUnmarshaler) error {
+func (md *MetaData) unifyText(data interface{}, v encoding.TextUnmarshaler) error {
 	var s string
 	switch sdata := data.(type) {
-	case TextMarshaler:
+	case Marshaler:
 		text, err := sdata.MarshalTOML()
 		if err != nil {
 			return err
 		}
 		s = string(text)
 	case encoding.TextMarshaler:
 		text, err := sdata.MarshalText()
 		if err != nil {
 			return err
@ -459,7 +520,7 @@ func (md *MetaData) unifyText(data interface{}, v TextUnmarshaler) error {
 	case float64:
 		s = fmt.Sprintf("%f", sdata)
 	default:
-		return badtype("primitive (string-like)", data)
+		return md.badtype("primitive (string-like)", data)
 	}
 	if err := v.UnmarshalText([]byte(s)); err != nil {
 		return err
@ -467,22 +528,54 @@ func (md *MetaData) unifyText(data interface{}, v TextUnmarshaler) error {
 	return nil
 }
 func (md *MetaData) badtype(dst string, data interface{}) error {
 	return md.e("incompatible types: TOML value has type %T; destination has type %s", data, dst)
 }
 func (md *MetaData) parseErr(err error) error {
 	k := md.context.String()
 	return ParseError{
 		LastKey:  k,
 		Position: md.keyInfo[k].pos,
 		Line:     md.keyInfo[k].pos.Line,
 		err:      err,
 		input:    string(md.data),
 	}
 }
 func (md *MetaData) e(format string, args ...interface{}) error {
 	f := "toml: "
 	if len(md.context) > 0 {
 		f = fmt.Sprintf("toml: (last key %q): ", md.context)
 		p := md.keyInfo[md.context.String()].pos
 		if p.Line > 0 {
 			f = fmt.Sprintf("toml: line %d (last key %q): ", p.Line, md.context)
 		}
 	}
 	return fmt.Errorf(f+format, args...)
 }
 // rvalue returns a reflect.Value of `v`. All pointers are resolved.
 func rvalue(v interface{}) reflect.Value {
 	return indirect(reflect.ValueOf(v))
 }
 // indirect returns the value pointed to by a pointer.
 // Pointers are followed until the value is not a pointer.
 // New values are allocated for each nil pointer.
 //
-// An exception to this rule is if the value satisfies an interface of
+// Pointers are followed until the value is not a pointer. New values are
-// interest to us (like encoding.TextUnmarshaler).
+// allocated for each nil pointer.
 //
 // An exception to this rule is if the value satisfies an interface of interest
 // to us (like encoding.TextUnmarshaler).
 func indirect(v reflect.Value) reflect.Value {
 	if v.Kind() != reflect.Ptr {
 		if v.CanSet() {
 			pv := v.Addr()
-			if _, ok := pv.Interface().(TextUnmarshaler); ok {
+			pvi := pv.Interface()
 			if _, ok := pvi.(encoding.TextUnmarshaler); ok {
 				return pv
 			}
 			if _, ok := pvi.(Unmarshaler); ok {
 				return pv
 			}
 		}
@ -498,12 +591,12 @@ func isUnifiable(rv reflect.Value) bool {
 	if rv.CanSet() {
 		return true
 	}
-	if _, ok := rv.Interface().(TextUnmarshaler); ok {
+	rvi := rv.Interface()
 	if _, ok := rvi.(encoding.TextUnmarshaler); ok {
 		return true
 	}
 	if _, ok := rvi.(Unmarshaler); ok {
 		return true
 	}
 	return false
 }
 func badtype(expected string, data interface{}) error {
 	return e("cannot load TOML value of type %T into a Go %s", data, expected)
 }
--- a/vendor/github.com/BurntSushi/toml/decode_go116.go
+++ b/vendor/github.com/BurntSushi/toml/decode_go116.go
@ -0,0 +1,19 @@
 //go:build go1.16
 // +build go1.16
 package toml
 import (
 	"io/fs"
 )
 // DecodeFS is just like Decode, except it will automatically read the contents
 // of the file at `path` from a fs.FS instance.
 func DecodeFS(fsys fs.FS, path string, v interface{}) (MetaData, error) {
 	fp, err := fsys.Open(path)
 	if err != nil {
 		return MetaData{}, err
 	}
 	defer fp.Close()
 	return NewDecoder(fp).Decode(v)
 }
--- a/vendor/github.com/BurntSushi/toml/deprecated.go
+++ b/vendor/github.com/BurntSushi/toml/deprecated.go
@ -0,0 +1,21 @@
 package toml
 import (
 	"encoding"
 	"io"
 )
 // Deprecated: use encoding.TextMarshaler
 type TextMarshaler encoding.TextMarshaler
 // Deprecated: use encoding.TextUnmarshaler
 type TextUnmarshaler encoding.TextUnmarshaler
 // Deprecated: use MetaData.PrimitiveDecode.
 func PrimitiveDecode(primValue Primitive, v interface{}) error {
 	md := MetaData{decoded: make(map[string]struct{})}
 	return md.unify(primValue.undecoded, rvalue(v))
 }
 // Deprecated: use NewDecoder(reader).Decode(&value).
 func DecodeReader(r io.Reader, v interface{}) (MetaData, error) { return NewDecoder(r).Decode(v) }
--- a/vendor/github.com/BurntSushi/toml/doc.go
+++ b/vendor/github.com/BurntSushi/toml/doc.go
@ -1,27 +1,13 @@
 /*
-Package toml provides facilities for decoding and encoding TOML configuration
+Package toml implements decoding and encoding of TOML files.
 files via reflection. There is also support for delaying decoding with
 the Primitive type, and querying the set of keys in a TOML document with the
 MetaData type.
-The specification implemented: https://github.com/toml-lang/toml
+This package supports TOML v1.0.0, as listed on https://toml.io
-The sub-command github.com/BurntSushi/toml/cmd/tomlv can be used to verify
+There is also support for delaying decoding with the Primitive type, and
-whether a file is a valid TOML document. It can also be used to print the
+querying the set of keys in a TOML document with the MetaData type.
 type of each key in a TOML document.
-Testing
+The github.com/BurntSushi/toml/cmd/tomlv package implements a TOML validator,
-
+and can be used to verify if TOML document is valid. It can also be used to
-There are two important types of tests used for this package. The first is
+print the type of each key.
 contained inside '*_test.go' files and uses the standard Go unit testing
 framework. These tests are primarily devoted to holistically testing the
 decoder and encoder.
 The second type of testing is used to verify the implementation's adherence
 to the TOML specification. These tests have been factored into their own
 project: https://github.com/BurntSushi/toml-test
 The reason the tests are in a separate project is so that they can be used by
 any implementation of TOML. Namely, it is language agnostic.
 */
 package toml
--- a/vendor/github.com/BurntSushi/toml/encode.go
+++ b/vendor/github.com/BurntSushi/toml/encode.go
@ -2,57 +2,127 @@ package toml
 import (
 	"bufio"
 	"encoding"
 	"encoding/json"
 	"errors"
 	"fmt"
 	"io"
 	"math"
 	"reflect"
 	"sort"
 	"strconv"
 	"strings"
 	"time"
 	"github.com/BurntSushi/toml/internal"
 )
 type tomlEncodeError struct{ error }
 var (
-	errArrayMixedElementTypes = errors.New(
+	errArrayNilElement = errors.New("toml: cannot encode array with nil element")
-		"toml: cannot encode array with mixed element types")
+	errNonString       = errors.New("toml: cannot encode a map with non-string key type")
-	errArrayNilElement = errors.New(
+	errNoKey           = errors.New("toml: top-level values must be Go maps or structs")
 		"toml: cannot encode array with nil element")
 	errNonString = errors.New(
 		"toml: cannot encode a map with non-string key type")
 	errAnonNonStruct = errors.New(
 		"toml: cannot encode an anonymous field that is not a struct")
 	errArrayNoTable = errors.New(
 		"toml: TOML array element cannot contain a table")
 	errNoKey = errors.New(
 		"toml: top-level values must be Go maps or structs")
 	errAnything        = errors.New("") // used in testing
 )
-var quotedReplacer = strings.NewReplacer(
+var dblQuotedReplacer = strings.NewReplacer(
 	"\t", "\\t",
 	"\n", "\\n",
 	"\r", "\\r",
 	"\"", "\\\"",
 	"\\", "\\\\",
 	"\x00", `\u0000`,
 	"\x01", `\u0001`,
 	"\x02", `\u0002`,
 	"\x03", `\u0003`,
 	"\x04", `\u0004`,
 	"\x05", `\u0005`,
 	"\x06", `\u0006`,
 	"\x07", `\u0007`,
 	"\b", `\b`,
 	"\t", `\t`,
 	"\n", `\n`,
 	"\x0b", `\u000b`,
 	"\f", `\f`,
 	"\r", `\r`,
 	"\x0e", `\u000e`,
 	"\x0f", `\u000f`,
 	"\x10", `\u0010`,
 	"\x11", `\u0011`,
 	"\x12", `\u0012`,
 	"\x13", `\u0013`,
 	"\x14", `\u0014`,
 	"\x15", `\u0015`,
 	"\x16", `\u0016`,
 	"\x17", `\u0017`,
 	"\x18", `\u0018`,
 	"\x19", `\u0019`,
 	"\x1a", `\u001a`,
 	"\x1b", `\u001b`,
 	"\x1c", `\u001c`,
 	"\x1d", `\u001d`,
 	"\x1e", `\u001e`,
 	"\x1f", `\u001f`,
 	"\x7f", `\u007f`,
 )
-// Encoder controls the encoding of Go values to a TOML document to some
+var (
-// io.Writer.
+	marshalToml = reflect.TypeOf((*Marshaler)(nil)).Elem()
-//
+	marshalText = reflect.TypeOf((*encoding.TextMarshaler)(nil)).Elem()
-// The indentation level can be controlled with the Indent field.
+	timeType    = reflect.TypeOf((*time.Time)(nil)).Elem()
-type Encoder struct {
+)
 	// A single indentation level. By default it is two spaces.
 	Indent string
-	// hasWritten is whether we have written any output to w yet.
+// Marshaler is the interface implemented by types that can marshal themselves
-	hasWritten bool
+// into valid TOML.
-	w          *bufio.Writer
+type Marshaler interface {
 	MarshalTOML() ([]byte, error)
 }
-// NewEncoder returns a TOML encoder that encodes Go values to the io.Writer
+// Encoder encodes a Go to a TOML document.
-// given. By default, a single indentation level is 2 spaces.
+//
 // The mapping between Go values and TOML values should be precisely the same as
 // for the Decode* functions.
 //
 // time.Time is encoded as a RFC 3339 string, and time.Duration as its string
 // representation.
 //
 // The toml.Marshaler and encoder.TextMarshaler interfaces are supported to
 // encoding the value as custom TOML.
 //
 // If you want to write arbitrary binary data then you will need to use
 // something like base64 since TOML does not have any binary types.
 //
 // When encoding TOML hashes (Go maps or structs), keys without any sub-hashes
 // are encoded first.
 //
 // Go maps will be sorted alphabetically by key for deterministic output.
 //
 // The toml struct tag can be used to provide the key name; if omitted the
 // struct field name will be used. If the "omitempty" option is present the
 // following value will be skipped:
 //
 //   - arrays, slices, maps, and string with len of 0
 //   - struct with all zero values
 //   - bool false
 //
 // If omitzero is given all int and float types with a value of 0 will be
 // skipped.
 //
 // Encoding Go values without a corresponding TOML representation will return an
 // error. Examples of this includes maps with non-string keys, slices with nil
 // elements, embedded non-struct types, and nested slices containing maps or
 // structs. (e.g. [][]map[string]string is not allowed but []map[string]string
 // is okay, as is []map[string][]string).
 //
 // NOTE: only exported keys are encoded due to the use of reflection. Unexported
 // keys are silently discarded.
 type Encoder struct {
 	// String to use for a single indentation level; default is two spaces.
 	Indent string
 	w          *bufio.Writer
 	hasWritten bool // written any output to w yet?
 }
 // NewEncoder create a new Encoder.
 func NewEncoder(w io.Writer) *Encoder {
 	return &Encoder{
 		w:      bufio.NewWriter(w),
@ -60,29 +130,10 @@ func NewEncoder(w io.Writer) *Encoder {
 	}
 }
-// Encode writes a TOML representation of the Go value to the underlying
+// Encode writes a TOML representation of the Go value to the Encoder's writer.
 // io.Writer. If the value given cannot be encoded to a valid TOML document,
 // then an error is returned.
 //
-// The mapping between Go values and TOML values should be precisely the same
+// An error is returned if the value given cannot be encoded to a valid TOML
-// as for the Decode* functions. Similarly, the TextMarshaler interface is
+// document.
 // supported by encoding the resulting bytes as strings. (If you want to write
 // arbitrary binary data then you will need to use something like base64 since
 // TOML does not have any binary types.)
 //
 // When encoding TOML hashes (i.e., Go maps or structs), keys without any
 // sub-hashes are encoded first.
 //
 // If a Go map is encoded, then its keys are sorted alphabetically for
 // deterministic output. More control over this behavior may be provided if
 // there is demand for it.
 //
 // Encoding Go values without a corresponding TOML representation---like map
 // types with non-string keys---will cause an error to be returned. Similarly
 // for mixed arrays/slices, arrays/slices with nil elements, embedded
 // non-struct types and nested slices containing maps or structs.
 // (e.g., [][]map[string]string is not allowed but []map[string]string is OK
 // and so is []map[string][]string.)
 func (enc *Encoder) Encode(v interface{}) error {
 	rv := eindirect(reflect.ValueOf(v))
 	if err := enc.safeEncode(Key([]string{}), rv); err != nil {
@ -106,13 +157,15 @@ func (enc *Encoder) safeEncode(key Key, rv reflect.Value) (err error) {
 }
 func (enc *Encoder) encode(key Key, rv reflect.Value) {
-	// Special case. Time needs to be in ISO8601 format.
+	// If we can marshal the type to text, then we use that. This prevents the
-	// Special case. If we can marshal the type to text, then we used that.
+	// encoder for handling these types as generic structs (or whatever the
-	// Basically, this prevents the encoder for handling these types as
+	// underlying type of a TextMarshaler is).
-	// generic structs (or whatever the underlying type of a TextMarshaler is).
+	switch {
-	switch rv.Interface().(type) {
+	case isMarshaler(rv):
-	case time.Time, TextMarshaler:
+		enc.writeKeyValue(key, rv, false)
-		enc.keyEqElement(key, rv)
+		return
 	case rv.Type() == primitiveType: // TODO: #76 would make this superfluous after implemented.
 		enc.encode(key, reflect.ValueOf(rv.Interface().(Primitive).undecoded))
 		return
 	}
@ -123,12 +176,12 @@ func (enc *Encoder) encode(key Key, rv reflect.Value) {
 		reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32,
 		reflect.Uint64,
 		reflect.Float32, reflect.Float64, reflect.String, reflect.Bool:
-		enc.keyEqElement(key, rv)
+		enc.writeKeyValue(key, rv, false)
 	case reflect.Array, reflect.Slice:
 		if typeEqual(tomlArrayHash, tomlTypeOfGo(rv)) {
 			enc.eArrayOfTables(key, rv)
 		} else {
-			enc.keyEqElement(key, rv)
+			enc.writeKeyValue(key, rv, false)
 		}
 	case reflect.Interface:
 		if rv.IsNil() {
@ -148,55 +201,114 @@ func (enc *Encoder) encode(key Key, rv reflect.Value) {
 	case reflect.Struct:
 		enc.eTable(key, rv)
 	default:
-		panic(e("unsupported type for key '%s': %s", key, k))
+		encPanic(fmt.Errorf("unsupported type for key '%s': %s", key, k))
 	}
 }
-// eElement encodes any value that can be an array element (primitives and
+// eElement encodes any value that can be an array element.
 // arrays).
 func (enc *Encoder) eElement(rv reflect.Value) {
 	switch v := rv.Interface().(type) {
-	case time.Time:
+	case time.Time: // Using TextMarshaler adds extra quotes, which we don't want.
-		// Special case time.Time as a primitive. Has to come before
+		format := time.RFC3339Nano
-		// TextMarshaler below because time.Time implements
+		switch v.Location() {
-		// encoding.TextMarshaler, but we need to always use UTC.
+		case internal.LocalDatetime:
-		enc.wf(v.UTC().Format("2006-01-02T15:04:05Z"))
+			format = "2006-01-02T15:04:05.999999999"
 		case internal.LocalDate:
 			format = "2006-01-02"
 		case internal.LocalTime:
 			format = "15:04:05.999999999"
 		}
 		switch v.Location() {
 		default:
 			enc.wf(v.Format(format))
 		case internal.LocalDatetime, internal.LocalDate, internal.LocalTime:
 			enc.wf(v.In(time.UTC).Format(format))
 		}
 		return
-	case TextMarshaler:
+	case Marshaler:
-		// Special case. Use text marshaler if it's available for this value.
+		s, err := v.MarshalTOML()
-		if s, err := v.MarshalText(); err != nil {
+		if err != nil {
 			encPanic(err)
 		} else {
 			enc.writeQuoted(string(s))
 		}
 		if s == nil {
 			encPanic(errors.New("MarshalTOML returned nil and no error"))
 		}
 		enc.w.Write(s)
 		return
 	case encoding.TextMarshaler:
 		s, err := v.MarshalText()
 		if err != nil {
 			encPanic(err)
 		}
 		if s == nil {
 			encPanic(errors.New("MarshalText returned nil and no error"))
 		}
 		enc.writeQuoted(string(s))
 		return
 	case time.Duration:
 		enc.writeQuoted(v.String())
 		return
 	case json.Number:
 		n, _ := rv.Interface().(json.Number)
 		if n == "" { /// Useful zero value.
 			enc.w.WriteByte('0')
 			return
 		} else if v, err := n.Int64(); err == nil {
 			enc.eElement(reflect.ValueOf(v))
 			return
 		} else if v, err := n.Float64(); err == nil {
 			enc.eElement(reflect.ValueOf(v))
 			return
 		}
 		encPanic(errors.New(fmt.Sprintf("Unable to convert \"%s\" to neither int64 nor float64", n)))
 	}
 	switch rv.Kind() {
-	case reflect.Bool:
+	case reflect.Ptr:
 		enc.wf(strconv.FormatBool(rv.Bool()))
 	case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32,
 		reflect.Int64:
 		enc.wf(strconv.FormatInt(rv.Int(), 10))
 	case reflect.Uint, reflect.Uint8, reflect.Uint16,
 		reflect.Uint32, reflect.Uint64:
 		enc.wf(strconv.FormatUint(rv.Uint(), 10))
 	case reflect.Float32:
 		enc.wf(floatAddDecimal(strconv.FormatFloat(rv.Float(), 'f', -1, 32)))
 	case reflect.Float64:
 		enc.wf(floatAddDecimal(strconv.FormatFloat(rv.Float(), 'f', -1, 64)))
 	case reflect.Array, reflect.Slice:
 		enc.eArrayOrSliceElement(rv)
 	case reflect.Interface:
 		enc.eElement(rv.Elem())
 		return
 	case reflect.String:
 		enc.writeQuoted(rv.String())
 	case reflect.Bool:
 		enc.wf(strconv.FormatBool(rv.Bool()))
 	case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64:
 		enc.wf(strconv.FormatInt(rv.Int(), 10))
 	case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64:
 		enc.wf(strconv.FormatUint(rv.Uint(), 10))
 	case reflect.Float32:
 		f := rv.Float()
 		if math.IsNaN(f) {
 			enc.wf("nan")
 		} else if math.IsInf(f, 0) {
 			enc.wf("%cinf", map[bool]byte{true: '-', false: '+'}[math.Signbit(f)])
 		} else {
 			enc.wf(floatAddDecimal(strconv.FormatFloat(f, 'f', -1, 32)))
 		}
 	case reflect.Float64:
 		f := rv.Float()
 		if math.IsNaN(f) {
 			enc.wf("nan")
 		} else if math.IsInf(f, 0) {
 			enc.wf("%cinf", map[bool]byte{true: '-', false: '+'}[math.Signbit(f)])
 		} else {
 			enc.wf(floatAddDecimal(strconv.FormatFloat(f, 'f', -1, 64)))
 		}
 	case reflect.Array, reflect.Slice:
 		enc.eArrayOrSliceElement(rv)
 	case reflect.Struct:
 		enc.eStruct(nil, rv, true)
 	case reflect.Map:
 		enc.eMap(nil, rv, true)
 	case reflect.Interface:
 		enc.eElement(rv.Elem())
 	default:
-		panic(e("unexpected primitive type: %s", rv.Kind()))
+		encPanic(fmt.Errorf("unexpected type: %T", rv.Interface()))
 	}
 }
-// By the TOML spec, all floats must have a decimal with at least one
+// By the TOML spec, all floats must have a decimal with at least one number on
-// number on either side.
+// either side.
 func floatAddDecimal(fstr string) string {
 	if !strings.Contains(fstr, ".") {
 		return fstr + ".0"
@ -205,14 +317,14 @@ func floatAddDecimal(fstr string) string {
 }
 func (enc *Encoder) writeQuoted(s string) {
-	enc.wf("\"%s\"", quotedReplacer.Replace(s))
+	enc.wf("\"%s\"", dblQuotedReplacer.Replace(s))
 }
 func (enc *Encoder) eArrayOrSliceElement(rv reflect.Value) {
 	length := rv.Len()
 	enc.wf("[")
 	for i := 0; i < length; i++ {
-		elem := rv.Index(i)
+		elem := eindirect(rv.Index(i))
 		enc.eElement(elem)
 		if i != length-1 {
 			enc.wf(", ")
@ -226,44 +338,43 @@ func (enc *Encoder) eArrayOfTables(key Key, rv reflect.Value) {
 		encPanic(errNoKey)
 	}
 	for i := 0; i < rv.Len(); i++ {
-		trv := rv.Index(i)
+		trv := eindirect(rv.Index(i))
 		if isNil(trv) {
 			continue
 		}
 		panicIfInvalidKey(key)
 		enc.newline()
-		enc.wf("%s[[%s]]", enc.indentStr(key), key.maybeQuotedAll())
+		enc.wf("%s[[%s]]", enc.indentStr(key), key)
 		enc.newline()
-		enc.eMapOrStruct(key, trv)
+		enc.eMapOrStruct(key, trv, false)
 	}
 }
 func (enc *Encoder) eTable(key Key, rv reflect.Value) {
 	panicIfInvalidKey(key)
 	if len(key) == 1 {
 		// Output an extra newline between top-level tables.
 		// (The newline isn't written if nothing else has been written though.)
 		enc.newline()
 	}
 	if len(key) > 0 {
-		enc.wf("%s[%s]", enc.indentStr(key), key.maybeQuotedAll())
+		enc.wf("%s[%s]", enc.indentStr(key), key)
 		enc.newline()
 	}
-	enc.eMapOrStruct(key, rv)
+	enc.eMapOrStruct(key, rv, false)
 }
-func (enc *Encoder) eMapOrStruct(key Key, rv reflect.Value) {
+func (enc *Encoder) eMapOrStruct(key Key, rv reflect.Value, inline bool) {
-	switch rv := eindirect(rv); rv.Kind() {
+	switch rv.Kind() {
 	case reflect.Map:
-		enc.eMap(key, rv)
+		enc.eMap(key, rv, inline)
 	case reflect.Struct:
-		enc.eStruct(key, rv)
+		enc.eStruct(key, rv, inline)
 	default:
 		// Should never happen?
 		panic("eTable: unhandled reflect.Value Kind: " + rv.Kind().String())
 	}
 }
-func (enc *Encoder) eMap(key Key, rv reflect.Value) {
+func (enc *Encoder) eMap(key Key, rv reflect.Value, inline bool) {
 	rt := rv.Type()
 	if rt.Key().Kind() != reflect.String {
 		encPanic(errNonString)
@ -274,118 +385,179 @@ func (enc *Encoder) eMap(key Key, rv reflect.Value) {
 	var mapKeysDirect, mapKeysSub []string
 	for _, mapKey := range rv.MapKeys() {
 		k := mapKey.String()
-		if typeIsHash(tomlTypeOfGo(rv.MapIndex(mapKey))) {
+		if typeIsTable(tomlTypeOfGo(eindirect(rv.MapIndex(mapKey)))) {
 			mapKeysSub = append(mapKeysSub, k)
 		} else {
 			mapKeysDirect = append(mapKeysDirect, k)
 		}
 	}
-	var writeMapKeys = func(mapKeys []string) {
+	var writeMapKeys = func(mapKeys []string, trailC bool) {
 		sort.Strings(mapKeys)
-		for _, mapKey := range mapKeys {
+		for i, mapKey := range mapKeys {
-			mrv := rv.MapIndex(reflect.ValueOf(mapKey))
+			val := eindirect(rv.MapIndex(reflect.ValueOf(mapKey)))
-			if isNil(mrv) {
+			if isNil(val) {
 				// Don't write anything for nil fields.
 				continue
 			}
-			enc.encode(key.add(mapKey), mrv)
+
 			if inline {
 				enc.writeKeyValue(Key{mapKey}, val, true)
 				if trailC || i != len(mapKeys)-1 {
 					enc.wf(", ")
 				}
 			} else {
 				enc.encode(key.add(mapKey), val)
 			}
 		}
-	writeMapKeys(mapKeysDirect)
+	}
-	writeMapKeys(mapKeysSub)
+
 	if inline {
 		enc.wf("{")
 	}
 	writeMapKeys(mapKeysDirect, len(mapKeysSub) > 0)
 	writeMapKeys(mapKeysSub, false)
 	if inline {
 		enc.wf("}")
 	}
 }
-func (enc *Encoder) eStruct(key Key, rv reflect.Value) {
+const is32Bit = (32 << (^uint(0) >> 63)) == 32
 func pointerTo(t reflect.Type) reflect.Type {
 	if t.Kind() == reflect.Ptr {
 		return pointerTo(t.Elem())
 	}
 	return t
 }
 func (enc *Encoder) eStruct(key Key, rv reflect.Value, inline bool) {
 	// Write keys for fields directly under this key first, because if we write
-	// a field that creates a new table, then all keys under it will be in that
+	// a field that creates a new table then all keys under it will be in that
 	// table (not the one we're writing here).
-	rt := rv.Type()
+	//
-	var fieldsDirect, fieldsSub [][]int
+	// Fields is a [][]int: for fieldsDirect this always has one entry (the
-	var addFields func(rt reflect.Type, rv reflect.Value, start []int)
+	// struct index). For fieldsSub it contains two entries: the parent field
 	// index from tv, and the field indexes for the fields of the sub.
 	var (
 		rt                      = rv.Type()
 		fieldsDirect, fieldsSub [][]int
 		addFields               func(rt reflect.Type, rv reflect.Value, start []int)
 	)
 	addFields = func(rt reflect.Type, rv reflect.Value, start []int) {
 		for i := 0; i < rt.NumField(); i++ {
 			f := rt.Field(i)
-			// skip unexported fields
+			isEmbed := f.Anonymous && pointerTo(f.Type).Kind() == reflect.Struct
-			if f.PkgPath != "" && !f.Anonymous {
+			if f.PkgPath != "" && !isEmbed { /// Skip unexported fields.
 				continue
 			}
-			frv := rv.Field(i)
+			opts := getOptions(f.Tag)
-			if f.Anonymous {
+			if opts.skip {
 				t := f.Type
 				switch t.Kind() {
 				case reflect.Struct:
 					// Treat anonymous struct fields with
 					// tag names as though they are not
 					// anonymous, like encoding/json does.
 					if getOptions(f.Tag).name == "" {
 						addFields(t, frv, f.Index)
 				continue
 			}
-				case reflect.Ptr:
+
-					if t.Elem().Kind() == reflect.Struct &&
+			frv := eindirect(rv.Field(i))
-						getOptions(f.Tag).name == "" {
+
-						if !frv.IsNil() {
+			// Treat anonymous struct fields with tag names as though they are
-							addFields(t.Elem(), frv.Elem(), f.Index)
+			// not anonymous, like encoding/json does.
-						}
+			//
 			// Non-struct anonymous fields use the normal encoding logic.
 			if isEmbed {
 				if getOptions(f.Tag).name == "" && frv.Kind() == reflect.Struct {
 					addFields(frv.Type(), frv, append(start, f.Index...))
 					continue
 				}
 					// Fall through to the normal field encoding logic below
 					// for non-struct anonymous fields.
 				}
 			}
-			if typeIsHash(tomlTypeOfGo(frv)) {
+			if typeIsTable(tomlTypeOfGo(frv)) {
 				fieldsSub = append(fieldsSub, append(start, f.Index...))
 			} else {
 				// Copy so it works correct on 32bit archs; not clear why this
 				// is needed. See #314, and https://www.reddit.com/r/golang/comments/pnx8v4
 				// This also works fine on 64bit, but 32bit archs are somewhat
 				// rare and this is a wee bit faster.
 				if is32Bit {
 					copyStart := make([]int, len(start))
 					copy(copyStart, start)
 					fieldsDirect = append(fieldsDirect, append(copyStart, f.Index...))
 				} else {
 					fieldsDirect = append(fieldsDirect, append(start, f.Index...))
 				}
 			}
 		}
 	}
 	addFields(rt, rv, nil)
-	var writeFields = func(fields [][]int) {
+	writeFields := func(fields [][]int) {
 		for _, fieldIndex := range fields {
-			sft := rt.FieldByIndex(fieldIndex)
+			fieldType := rt.FieldByIndex(fieldIndex)
-			sf := rv.FieldByIndex(fieldIndex)
+			fieldVal := eindirect(rv.FieldByIndex(fieldIndex))
-			if isNil(sf) {
+
-				// Don't write anything for nil fields.
+			if isNil(fieldVal) { /// Don't write anything for nil fields.
 				continue
 			}
-			opts := getOptions(sft.Tag)
+			opts := getOptions(fieldType.Tag)
 			if opts.skip {
 				continue
 			}
-			keyName := sft.Name
+			keyName := fieldType.Name
 			if opts.name != "" {
 				keyName = opts.name
 			}
-			if opts.omitempty && isEmpty(sf) {
+			if opts.omitempty && isEmpty(fieldVal) {
 				continue
 			}
-			if opts.omitzero && isZero(sf) {
+			if opts.omitzero && isZero(fieldVal) {
 				continue
 			}
-			enc.encode(key.add(keyName), sf)
+			if inline {
 				enc.writeKeyValue(Key{keyName}, fieldVal, true)
 				if fieldIndex[0] != len(fields)-1 {
 					enc.wf(", ")
 				}
 			} else {
 				enc.encode(key.add(keyName), fieldVal)
 			}
 		}
 	}
 	if inline {
 		enc.wf("{")
 	}
 	writeFields(fieldsDirect)
 	writeFields(fieldsSub)
 	if inline {
 		enc.wf("}")
 	}
 }
-// tomlTypeName returns the TOML type name of the Go value's type. It is
+// tomlTypeOfGo returns the TOML type name of the Go value's type.
-// used to determine whether the types of array elements are mixed (which is
+//
-// forbidden). If the Go value is nil, then it is illegal for it to be an array
+// It is used to determine whether the types of array elements are mixed (which
-// element, and valueIsNil is returned as true.
+// is forbidden). If the Go value is nil, then it is illegal for it to be an
-
+// array element, and valueIsNil is returned as true.
-// Returns the TOML type of a Go value. The type may be `nil`, which means
+//
-// no concrete TOML type could be found.
+// The type may be `nil`, which means no concrete TOML type could be found.
 func tomlTypeOfGo(rv reflect.Value) tomlType {
 	if isNil(rv) || !rv.IsValid() {
 		return nil
 	}
 	if rv.Kind() == reflect.Struct {
 		if rv.Type() == timeType {
 			return tomlDatetime
 		}
 		if isMarshaler(rv) {
 			return tomlString
 		}
 		return tomlHash
 	}
 	if isMarshaler(rv) {
 		return tomlString
 	}
 	switch rv.Kind() {
 	case reflect.Bool:
 		return tomlBool
@ -397,7 +569,7 @@ func tomlTypeOfGo(rv reflect.Value) tomlType {
 	case reflect.Float32, reflect.Float64:
 		return tomlFloat
 	case reflect.Array, reflect.Slice:
-		if typeEqual(tomlHash, tomlArrayType(rv)) {
+		if isTableArray(rv) {
 			return tomlArrayHash
 		}
 		return tomlArray
@ -407,54 +579,35 @@ func tomlTypeOfGo(rv reflect.Value) tomlType {
 		return tomlString
 	case reflect.Map:
 		return tomlHash
 	case reflect.Struct:
 		switch rv.Interface().(type) {
 		case time.Time:
 			return tomlDatetime
 		case TextMarshaler:
 			return tomlString
 	default:
-			return tomlHash
+		encPanic(errors.New("unsupported type: " + rv.Kind().String()))
-		}
+		panic("unreachable")
 	default:
 		panic("unexpected reflect.Kind: " + rv.Kind().String())
 	}
 }
-// tomlArrayType returns the element type of a TOML array. The type returned
+func isMarshaler(rv reflect.Value) bool {
-// may be nil if it cannot be determined (e.g., a nil slice or a zero length
+	return rv.Type().Implements(marshalText) || rv.Type().Implements(marshalToml)
-// slize). This function may also panic if it finds a type that cannot be
+}
-// expressed in TOML (such as nil elements, heterogeneous arrays or directly
+
-// nested arrays of tables).
+// isTableArray reports if all entries in the array or slice are a table.
-func tomlArrayType(rv reflect.Value) tomlType {
+func isTableArray(arr reflect.Value) bool {
-	if isNil(rv) || !rv.IsValid() || rv.Len() == 0 {
+	if isNil(arr) || !arr.IsValid() || arr.Len() == 0 {
-		return nil
+		return false
 	}
-	firstType := tomlTypeOfGo(rv.Index(0))
+
-	if firstType == nil {
+	ret := true
 	for i := 0; i < arr.Len(); i++ {
 		tt := tomlTypeOfGo(eindirect(arr.Index(i)))
 		// Don't allow nil.
 		if tt == nil {
 			encPanic(errArrayNilElement)
 		}
-	rvlen := rv.Len()
+		if ret && !typeEqual(tomlHash, tt) {
-	for i := 1; i < rvlen; i++ {
+			ret = false
 		elem := rv.Index(i)
 		switch elemType := tomlTypeOfGo(elem); {
 		case elemType == nil:
 			encPanic(errArrayNilElement)
 		case !typeEqual(firstType, elemType):
 			encPanic(errArrayMixedElementTypes)
 		}
 	}
-	// If we have a nested array, then we must make sure that the nested
+	return ret
 	// array contains ONLY primitives.
 	// This checks arbitrarily nested arrays.
 	if typeEqual(firstType, tomlArray) || typeEqual(firstType, tomlArrayHash) {
 		nest := tomlArrayType(eindirect(rv.Index(0)))
 		if typeEqual(nest, tomlHash) || typeEqual(nest, tomlArrayHash) {
 			encPanic(errArrayNoTable)
 		}
 	}
 	return firstType
 }
 type tagOptions struct {
@ -499,6 +652,8 @@ func isEmpty(rv reflect.Value) bool {
 	switch rv.Kind() {
 	case reflect.Array, reflect.Slice, reflect.Map, reflect.String:
 		return rv.Len() == 0
 	case reflect.Struct:
 		return reflect.Zero(rv.Type()).Interface() == rv.Interface()
 	case reflect.Bool:
 		return !rv.Bool()
 	}
@ -511,18 +666,32 @@ func (enc *Encoder) newline() {
 	}
 }
-func (enc *Encoder) keyEqElement(key Key, val reflect.Value) {
+// Write a key/value pair:
 //
 //   key = <any value>
 //
 // This is also used for "k = v" in inline tables; so something like this will
 // be written in three calls:
 //
 //     ┌────────────────────┐
 //     │      ┌───┐  ┌─────┐│
 //     v      v   v  v     vv
 //     key = {k = v, k2 = v2}
 //
 func (enc *Encoder) writeKeyValue(key Key, val reflect.Value, inline bool) {
 	if len(key) == 0 {
 		encPanic(errNoKey)
 	}
 	panicIfInvalidKey(key)
 	enc.wf("%s%s = ", enc.indentStr(key), key.maybeQuoted(len(key)-1))
 	enc.eElement(val)
 	if !inline {
 		enc.newline()
 	}
 }
 func (enc *Encoder) wf(format string, v ...interface{}) {
-	if _, err := fmt.Fprintf(enc.w, format, v...); err != nil {
+	_, err := fmt.Fprintf(enc.w, format, v...)
 	if err != nil {
 		encPanic(err)
 	}
 	enc.hasWritten = true
@ -536,13 +705,25 @@ func encPanic(err error) {
 	panic(tomlEncodeError{err})
 }
 // Resolve any level of pointers to the actual value (e.g. **string → string).
 func eindirect(v reflect.Value) reflect.Value {
-	switch v.Kind() {
+	if v.Kind() != reflect.Ptr && v.Kind() != reflect.Interface {
-	case reflect.Ptr, reflect.Interface:
+		if isMarshaler(v) {
 		return eindirect(v.Elem())
 	default:
 			return v
 		}
 		if v.CanAddr() { /// Special case for marshalers; see #358.
 			if pv := v.Addr(); isMarshaler(pv) {
 				return pv
 			}
 		}
 		return v
 	}
 	if v.IsNil() {
 		return v
 	}
 	return eindirect(v.Elem())
 }
 func isNil(rv reflect.Value) bool {
@ -553,16 +734,3 @@ func isNil(rv reflect.Value) bool {
 		return false
 	}
 }
 func panicIfInvalidKey(key Key) {
 	for _, k := range key {
 		if len(k) == 0 {
 			encPanic(e("Key '%s' is not a valid table name. Key names "+
 				"cannot be empty.", key.maybeQuotedAll()))
 		}
 	}
 }
 func isValidKeyName(s string) bool {
 	return len(s) != 0
 }
--- a/vendor/github.com/BurntSushi/toml/encoding_types.go
+++ b/vendor/github.com/BurntSushi/toml/encoding_types.go
@ -1,19 +0,0 @@
 // +build go1.2
 package toml
 // In order to support Go 1.1, we define our own TextMarshaler and
 // TextUnmarshaler types. For Go 1.2+, we just alias them with the
 // standard library interfaces.
 import (
 	"encoding"
 )
 // TextMarshaler is a synonym for encoding.TextMarshaler. It is defined here
 // so that Go 1.1 can be supported.
 type TextMarshaler encoding.TextMarshaler
 // TextUnmarshaler is a synonym for encoding.TextUnmarshaler. It is defined
 // here so that Go 1.1 can be supported.
 type TextUnmarshaler encoding.TextUnmarshaler
--- a/vendor/github.com/BurntSushi/toml/encoding_types_1.1.go
+++ b/vendor/github.com/BurntSushi/toml/encoding_types_1.1.go
@ -1,18 +0,0 @@
 // +build !go1.2
 package toml
 // These interfaces were introduced in Go 1.2, so we add them manually when
 // compiling for Go 1.1.
 // TextMarshaler is a synonym for encoding.TextMarshaler. It is defined here
 // so that Go 1.1 can be supported.
 type TextMarshaler interface {
 	MarshalText() (text []byte, err error)
 }
 // TextUnmarshaler is a synonym for encoding.TextUnmarshaler. It is defined
 // here so that Go 1.1 can be supported.
 type TextUnmarshaler interface {
 	UnmarshalText(text []byte) error
 }
--- a/vendor/github.com/BurntSushi/toml/error.go
+++ b/vendor/github.com/BurntSushi/toml/error.go
@ -0,0 +1,276 @@
 package toml
 import (
 	"fmt"
 	"strings"
 )
 // ParseError is returned when there is an error parsing the TOML syntax.
 //
 // For example invalid syntax, duplicate keys, etc.
 //
 // In addition to the error message itself, you can also print detailed location
 // information with context by using ErrorWithPosition():
 //
 //     toml: error: Key 'fruit' was already created and cannot be used as an array.
 //
 //     At line 4, column 2-7:
 //
 //           2 | fruit = []
 //           3 |
 //           4 | [[fruit]] # Not allowed
 //                 ^^^^^
 //
 // Furthermore, the ErrorWithUsage() can be used to print the above with some
 // more detailed usage guidance:
 //
 //    toml: error: newlines not allowed within inline tables
 //
 //    At line 1, column 18:
 //
 //          1 | x = [{ key = 42 #
 //                               ^
 //
 //    Error help:
 //
 //      Inline tables must always be on a single line:
 //
 //          table = {key = 42, second = 43}
 //
 //      It is invalid to split them over multiple lines like so:
 //
 //          # INVALID
 //          table = {
 //              key    = 42,
 //              second = 43
 //          }
 //
 //      Use regular for this:
 //
 //          [table]
 //          key    = 42
 //          second = 43
 type ParseError struct {
 	Message  string   // Short technical message.
 	Usage    string   // Longer message with usage guidance; may be blank.
 	Position Position // Position of the error
 	LastKey  string   // Last parsed key, may be blank.
 	Line     int      // Line the error occurred. Deprecated: use Position.
 	err   error
 	input string
 }
 // Position of an error.
 type Position struct {
 	Line  int // Line number, starting at 1.
 	Start int // Start of error, as byte offset starting at 0.
 	Len   int // Lenght in bytes.
 }
 func (pe ParseError) Error() string {
 	msg := pe.Message
 	if msg == "" { // Error from errorf()
 		msg = pe.err.Error()
 	}
 	if pe.LastKey == "" {
 		return fmt.Sprintf("toml: line %d: %s", pe.Position.Line, msg)
 	}
 	return fmt.Sprintf("toml: line %d (last key %q): %s",
 		pe.Position.Line, pe.LastKey, msg)
 }
 // ErrorWithUsage() returns the error with detailed location context.
 //
 // See the documentation on ParseError.
 func (pe ParseError) ErrorWithPosition() string {
 	if pe.input == "" { // Should never happen, but just in case.
 		return pe.Error()
 	}
 	var (
 		lines = strings.Split(pe.input, "\n")
 		col   = pe.column(lines)
 		b     = new(strings.Builder)
 	)
 	msg := pe.Message
 	if msg == "" {
 		msg = pe.err.Error()
 	}
 	// TODO: don't show control characters as literals? This may not show up
 	// well everywhere.
 	if pe.Position.Len == 1 {
 		fmt.Fprintf(b, "toml: error: %s\n\nAt line %d, column %d:\n\n",
 			msg, pe.Position.Line, col+1)
 	} else {
 		fmt.Fprintf(b, "toml: error: %s\n\nAt line %d, column %d-%d:\n\n",
 			msg, pe.Position.Line, col, col+pe.Position.Len)
 	}
 	if pe.Position.Line > 2 {
 		fmt.Fprintf(b, "% 7d | %s\n", pe.Position.Line-2, lines[pe.Position.Line-3])
 	}
 	if pe.Position.Line > 1 {
 		fmt.Fprintf(b, "% 7d | %s\n", pe.Position.Line-1, lines[pe.Position.Line-2])
 	}
 	fmt.Fprintf(b, "% 7d | %s\n", pe.Position.Line, lines[pe.Position.Line-1])
 	fmt.Fprintf(b, "% 10s%s%s\n", "", strings.Repeat(" ", col), strings.Repeat("^", pe.Position.Len))
 	return b.String()
 }
 // ErrorWithUsage() returns the error with detailed location context and usage
 // guidance.
 //
 // See the documentation on ParseError.
 func (pe ParseError) ErrorWithUsage() string {
 	m := pe.ErrorWithPosition()
 	if u, ok := pe.err.(interface{ Usage() string }); ok && u.Usage() != "" {
 		lines := strings.Split(strings.TrimSpace(u.Usage()), "\n")
 		for i := range lines {
 			if lines[i] != "" {
 				lines[i] = "    " + lines[i]
 			}
 		}
 		return m + "Error help:\n\n" + strings.Join(lines, "\n") + "\n"
 	}
 	return m
 }
 func (pe ParseError) column(lines []string) int {
 	var pos, col int
 	for i := range lines {
 		ll := len(lines[i]) + 1 // +1 for the removed newline
 		if pos+ll >= pe.Position.Start {
 			col = pe.Position.Start - pos
 			if col < 0 { // Should never happen, but just in case.
 				col = 0
 			}
 			break
 		}
 		pos += ll
 	}
 	return col
 }
 type (
 	errLexControl       struct{ r rune }
 	errLexEscape        struct{ r rune }
 	errLexUTF8          struct{ b byte }
 	errLexInvalidNum    struct{ v string }
 	errLexInvalidDate   struct{ v string }
 	errLexInlineTableNL struct{}
 	errLexStringNL      struct{}
 	errParseRange       struct {
 		i    interface{} // int or float
 		size string      // "int64", "uint16", etc.
 	}
 	errParseDuration struct{ d string }
 )
 func (e errLexControl) Error() string {
 	return fmt.Sprintf("TOML files cannot contain control characters: '0x%02x'", e.r)
 }
 func (e errLexControl) Usage() string { return "" }
 func (e errLexEscape) Error() string        { return fmt.Sprintf(`invalid escape in string '\%c'`, e.r) }
 func (e errLexEscape) Usage() string        { return usageEscape }
 func (e errLexUTF8) Error() string          { return fmt.Sprintf("invalid UTF-8 byte: 0x%02x", e.b) }
 func (e errLexUTF8) Usage() string          { return "" }
 func (e errLexInvalidNum) Error() string    { return fmt.Sprintf("invalid number: %q", e.v) }
 func (e errLexInvalidNum) Usage() string    { return "" }
 func (e errLexInvalidDate) Error() string   { return fmt.Sprintf("invalid date: %q", e.v) }
 func (e errLexInvalidDate) Usage() string   { return "" }
 func (e errLexInlineTableNL) Error() string { return "newlines not allowed within inline tables" }
 func (e errLexInlineTableNL) Usage() string { return usageInlineNewline }
 func (e errLexStringNL) Error() string      { return "strings cannot contain newlines" }
 func (e errLexStringNL) Usage() string      { return usageStringNewline }
 func (e errParseRange) Error() string       { return fmt.Sprintf("%v is out of range for %s", e.i, e.size) }
 func (e errParseRange) Usage() string       { return usageIntOverflow }
 func (e errParseDuration) Error() string    { return fmt.Sprintf("invalid duration: %q", e.d) }
 func (e errParseDuration) Usage() string    { return usageDuration }
 const usageEscape = `
 A '\' inside a "-delimited string is interpreted as an escape character.
 The following escape sequences are supported:
 \b, \t, \n, \f, \r, \", \\, \uXXXX, and \UXXXXXXXX
 To prevent a '\' from being recognized as an escape character, use either:
 - a ' or '''-delimited string; escape characters aren't processed in them; or
 - write two backslashes to get a single backslash: '\\'.
 If you're trying to add a Windows path (e.g. "C:\Users\martin") then using '/'
 instead of '\' will usually also work: "C:/Users/martin".
 `
 const usageInlineNewline = `
 Inline tables must always be on a single line:
    table = {key = 42, second = 43}
 It is invalid to split them over multiple lines like so:
    # INVALID
    table = {
        key    = 42,
        second = 43
    }
 Use regular for this:
    [table]
    key    = 42
    second = 43
 `
 const usageStringNewline = `
 Strings must always be on a single line, and cannot span more than one line:
    # INVALID
    string = "Hello,
    world!"
 Instead use """ or ''' to split strings over multiple lines:
    string = """Hello,
    world!"""
 `
 const usageIntOverflow = `
 This number is too large; this may be an error in the TOML, but it can also be a
 bug in the program that uses too small of an integer.
 The maximum and minimum values are:
    size   │ lowest         │ highest
    ───────┼────────────────┼──────────
    int8   │ -128           │ 127
    int16  │ -32,768        │ 32,767
    int32  │ -2,147,483,648 │ 2,147,483,647
    int64  │ -9.2 × 10¹⁷    │ 9.2 × 10¹⁷
    uint8  │ 0              │ 255
    uint16 │ 0              │ 65535
    uint32 │ 0              │ 4294967295
    uint64 │ 0              │ 1.8 × 10¹⁸
 int refers to int32 on 32-bit systems and int64 on 64-bit systems.
 `
 const usageDuration = `
 A duration must be as "number<unit>", without any spaces. Valid units are:
    ns         nanoseconds (billionth of a second)
    us, µs     microseconds (millionth of a second)
    ms         milliseconds (thousands of a second)
    s          seconds
    m          minutes
    h          hours
 You can combine multiple units; for example "5m10s" for 5 minutes and 10
 seconds.
 `
--- a/vendor/github.com/BurntSushi/toml/internal/tz.go
+++ b/vendor/github.com/BurntSushi/toml/internal/tz.go
@ -0,0 +1,36 @@
 package internal
 import "time"
 // Timezones used for local datetime, date, and time TOML types.
 //
 // The exact way times and dates without a timezone should be interpreted is not
 // well-defined in the TOML specification and left to the implementation. These
 // defaults to current local timezone offset of the computer, but this can be
 // changed by changing these variables before decoding.
 //
 // TODO:
 // Ideally we'd like to offer people the ability to configure the used timezone
 // by setting Decoder.Timezone and Encoder.Timezone; however, this is a bit
 // tricky: the reason we use three different variables for this is to support
 // round-tripping – without these specific TZ names we wouldn't know which
 // format to use.
 //
 // There isn't a good way to encode this right now though, and passing this sort
 // of information also ties in to various related issues such as string format
 // encoding, encoding of comments, etc.
 //
 // So, for the time being, just put this in internal until we can write a good
 // comprehensive API for doing all of this.
 //
 // The reason they're exported is because they're referred from in e.g.
 // internal/tag.
 //
 // Note that this behaviour is valid according to the TOML spec as the exact
 // behaviour is left up to implementations.
 var (
 	localOffset   = func() int { _, o := time.Now().Zone(); return o }()
 	LocalDatetime = time.FixedZone("datetime-local", localOffset)
 	LocalDate     = time.FixedZone("date-local", localOffset)
 	LocalTime     = time.FixedZone("time-local", localOffset)
 )
--- a/vendor/github.com/BurntSushi/toml/lex.go
+++ b/vendor/github.com/BurntSushi/toml/lex.go
--- a/vendor/github.com/BurntSushi/toml/decode_meta.go
+++ b/vendor/github.com/BurntSushi/toml/decode_meta.go
@ -1,33 +1,40 @@
 package toml
-import "strings"
+import (
 	"strings"
 )
-// MetaData allows access to meta information about TOML data that may not
+// MetaData allows access to meta information about TOML data that's not
-// be inferrable via reflection. In particular, whether a key has been defined
+// accessible otherwise.
-// and the TOML type of a key.
+//
 // It allows checking if a key is defined in the TOML data, whether any keys
 // were undecoded, and the TOML type of a key.
 type MetaData struct {
 	mapping map[string]interface{}
 	types   map[string]tomlType
 	keys    []Key
 	decoded map[string]bool
 	context Key // Used only during decoding.
 	keyInfo map[string]keyInfo
 	mapping map[string]interface{}
 	keys    []Key
 	decoded map[string]struct{}
 	data    []byte // Input file; for errors.
 }
-// IsDefined returns true if the key given exists in the TOML data. The key
+// IsDefined reports if the key exists in the TOML data.
 // should be specified hierarchially. e.g.,
 //
-//	// access the TOML key 'a.b.c'
+// The key should be specified hierarchically, for example to access the TOML
-//	IsDefined("a", "b", "c")
+// key "a.b.c" you would use IsDefined("a", "b", "c"). Keys are case sensitive.
 //
-// IsDefined will return false if an empty key given. Keys are case sensitive.
+// Returns false for an empty key.
 func (md *MetaData) IsDefined(key ...string) bool {
 	if len(key) == 0 {
 		return false
 	}
-	var hash map[string]interface{}
+	var (
-	var ok bool
+		hash      map[string]interface{}
-	var hashOrVal interface{} = md.mapping
+		ok        bool
 		hashOrVal interface{} = md.mapping
 	)
 	for _, k := range key {
 		if hash, ok = hashOrVal.(map[string]interface{}); !ok {
 			return false
@ -41,58 +48,20 @@ func (md *MetaData) IsDefined(key ...string) bool {
 // Type returns a string representation of the type of the key specified.
 //
-// Type will return the empty string if given an empty key or a key that
+// Type will return the empty string if given an empty key or a key that does
-// does not exist. Keys are case sensitive.
+// not exist. Keys are case sensitive.
 func (md *MetaData) Type(key ...string) string {
-	fullkey := strings.Join(key, ".")
+	if ki, ok := md.keyInfo[Key(key).String()]; ok {
-	if typ, ok := md.types[fullkey]; ok {
+		return ki.tomlType.typeString()
 		return typ.typeString()
 	}
 	return ""
 }
 // Key is the type of any TOML key, including key groups. Use (MetaData).Keys
 // to get values of this type.
 type Key []string
 func (k Key) String() string {
 	return strings.Join(k, ".")
 }
 func (k Key) maybeQuotedAll() string {
 	var ss []string
 	for i := range k {
 		ss = append(ss, k.maybeQuoted(i))
 	}
 	return strings.Join(ss, ".")
 }
 func (k Key) maybeQuoted(i int) string {
 	quote := false
 	for _, c := range k[i] {
 		if !isBareKeyChar(c) {
 			quote = true
 			break
 		}
 	}
 	if quote {
 		return "\"" + strings.Replace(k[i], "\"", "\\\"", -1) + "\""
 	}
 	return k[i]
 }
 func (k Key) add(piece string) Key {
 	newKey := make(Key, len(k)+1)
 	copy(newKey, k)
 	newKey[len(k)] = piece
 	return newKey
 }
 // Keys returns a slice of every key in the TOML data, including key groups.
 // Each key is itself a slice, where the first element is the top of the
 // hierarchy and the last is the most specific.
 //
-// The list will have the same order as the keys appeared in the TOML data.
+// Each key is itself a slice, where the first element is the top of the
 // hierarchy and the last is the most specific. The list will have the same
 // order as the keys appeared in the TOML data.
 //
 // All keys returned are non-empty.
 func (md *MetaData) Keys() []Key {
@ -113,9 +82,40 @@ func (md *MetaData) Keys() []Key {
 func (md *MetaData) Undecoded() []Key {
 	undecoded := make([]Key, 0, len(md.keys))
 	for _, key := range md.keys {
-		if !md.decoded[key.String()] {
+		if _, ok := md.decoded[key.String()]; !ok {
 			undecoded = append(undecoded, key)
 		}
 	}
 	return undecoded
 }
 // Key represents any TOML key, including key groups. Use (MetaData).Keys to get
 // values of this type.
 type Key []string
 func (k Key) String() string {
 	ss := make([]string, len(k))
 	for i := range k {
 		ss[i] = k.maybeQuoted(i)
 	}
 	return strings.Join(ss, ".")
 }
 func (k Key) maybeQuoted(i int) string {
 	if k[i] == "" {
 		return `""`
 	}
 	for _, c := range k[i] {
 		if !isBareKeyChar(c) {
 			return `"` + dblQuotedReplacer.Replace(k[i]) + `"`
 		}
 	}
 	return k[i]
 }
 func (k Key) add(piece string) Key {
 	newKey := make(Key, len(k)+1)
 	copy(newKey, k)
 	newKey[len(k)] = piece
 	return newKey
 }
--- a/vendor/github.com/BurntSushi/toml/parse.go
+++ b/vendor/github.com/BurntSushi/toml/parse.go
@ -5,54 +5,69 @@ import (
 	"strconv"
 	"strings"
 	"time"
 	"unicode"
 	"unicode/utf8"
 	"github.com/BurntSushi/toml/internal"
 )
 type parser struct {
 	mapping map[string]interface{}
 	types   map[string]tomlType
 	lx         *lexer
 	context    Key      // Full key for the current hash in scope.
 	currentKey string   // Base key name for everything except hashes.
 	pos        Position // Current position in the TOML file.
-	// A list of keys in the order that they appear in the TOML data.
+	ordered []Key // List of keys in the order that they appear in the TOML data.
 	ordered []Key
-	// the full key for the current hash in scope
+	keyInfo   map[string]keyInfo     // Map keyname → info about the TOML key.
-	context Key
+	mapping   map[string]interface{} // Map keyname → key value.
-
+	implicits map[string]struct{}    // Record implicit keys (e.g. "key.group.names").
 	// the base key name for everything except hashes
 	currentKey string
 	// rough approximation of line number
 	approxLine int
 	// A map of 'key.group.names' to whether they were created implicitly.
 	implicits map[string]bool
 }
-type parseError string
+type keyInfo struct {
-
+	pos      Position
-func (pe parseError) Error() string {
+	tomlType tomlType
 	return string(pe)
 }
 func parse(data string) (p *parser, err error) {
 	defer func() {
 		if r := recover(); r != nil {
-			var ok bool
+			if pErr, ok := r.(ParseError); ok {
-			if err, ok = r.(parseError); ok {
+				pErr.input = data
 				err = pErr
 				return
 			}
 			panic(r)
 		}
 	}()
 	// Read over BOM; do this here as the lexer calls utf8.DecodeRuneInString()
 	// which mangles stuff.
 	if strings.HasPrefix(data, "\xff\xfe") || strings.HasPrefix(data, "\xfe\xff") {
 		data = data[2:]
 	}
 	// Examine first few bytes for NULL bytes; this probably means it's a UTF-16
 	// file (second byte in surrogate pair being NULL). Again, do this here to
 	// avoid having to deal with UTF-8/16 stuff in the lexer.
 	ex := 6
 	if len(data) < 6 {
 		ex = len(data)
 	}
 	if i := strings.IndexRune(data[:ex], 0); i > -1 {
 		return nil, ParseError{
 			Message:  "files cannot contain NULL bytes; probably using UTF-16; TOML files must be UTF-8",
 			Position: Position{Line: 1, Start: i, Len: 1},
 			Line:     1,
 			input:    data,
 		}
 	}
 	p = &parser{
 		keyInfo:   make(map[string]keyInfo),
 		mapping:   make(map[string]interface{}),
 		types:     make(map[string]tomlType),
 		lx:        lex(data),
 		ordered:   make([]Key, 0),
-		implicits: make(map[string]bool),
+		implicits: make(map[string]struct{}),
 	}
 	for {
 		item := p.next()
@ -65,17 +80,54 @@ func parse(data string) (p *parser, err error) {
 	return p, nil
 }
 func (p *parser) panicErr(it item, err error) {
 	panic(ParseError{
 		err:      err,
 		Position: it.pos,
 		Line:     it.pos.Len,
 		LastKey:  p.current(),
 	})
 }
 func (p *parser) panicItemf(it item, format string, v ...interface{}) {
 	panic(ParseError{
 		Message:  fmt.Sprintf(format, v...),
 		Position: it.pos,
 		Line:     it.pos.Len,
 		LastKey:  p.current(),
 	})
 }
 func (p *parser) panicf(format string, v ...interface{}) {
-	msg := fmt.Sprintf("Near line %d (last key parsed '%s'): %s",
+	panic(ParseError{
-		p.approxLine, p.current(), fmt.Sprintf(format, v...))
+		Message:  fmt.Sprintf(format, v...),
-	panic(parseError(msg))
+		Position: p.pos,
 		Line:     p.pos.Line,
 		LastKey:  p.current(),
 	})
 }
 func (p *parser) next() item {
 	it := p.lx.nextItem()
 	//fmt.Printf("ITEM %-18s line %-3d │ %q\n", it.typ, it.pos.Line, it.val)
 	if it.typ == itemError {
-		p.panicf("%s", it.val)
+		if it.err != nil {
 			panic(ParseError{
 				Position: it.pos,
 				Line:     it.pos.Line,
 				LastKey:  p.current(),
 				err:      it.err,
 			})
 		}
 		p.panicItemf(it, "%s", it.val)
 	}
 	return it
 }
 func (p *parser) nextPos() item {
 	it := p.next()
 	p.pos = it.pos
 	return it
 }
@ -97,44 +149,60 @@ func (p *parser) assertEqual(expected, got itemType) {
 func (p *parser) topLevel(item item) {
 	switch item.typ {
-	case itemCommentStart:
+	case itemCommentStart: // # ..
 		p.approxLine = item.line
 		p.expect(itemText)
-	case itemTableStart:
+	case itemTableStart: // [ .. ]
-		kg := p.next()
+		name := p.nextPos()
 		p.approxLine = kg.line
 		var key Key
-		for ; kg.typ != itemTableEnd && kg.typ != itemEOF; kg = p.next() {
+		for ; name.typ != itemTableEnd && name.typ != itemEOF; name = p.next() {
-			key = append(key, p.keyString(kg))
+			key = append(key, p.keyString(name))
 		}
-		p.assertEqual(itemTableEnd, kg.typ)
+		p.assertEqual(itemTableEnd, name.typ)
-		p.establishContext(key, false)
+		p.addContext(key, false)
-		p.setType("", tomlHash)
+		p.setType("", tomlHash, item.pos)
 		p.ordered = append(p.ordered, key)
-	case itemArrayTableStart:
+	case itemArrayTableStart: // [[ .. ]]
-		kg := p.next()
+		name := p.nextPos()
 		p.approxLine = kg.line
 		var key Key
-		for ; kg.typ != itemArrayTableEnd && kg.typ != itemEOF; kg = p.next() {
+		for ; name.typ != itemArrayTableEnd && name.typ != itemEOF; name = p.next() {
-			key = append(key, p.keyString(kg))
+			key = append(key, p.keyString(name))
 		}
-		p.assertEqual(itemArrayTableEnd, kg.typ)
+		p.assertEqual(itemArrayTableEnd, name.typ)
-		p.establishContext(key, true)
+		p.addContext(key, true)
-		p.setType("", tomlArrayHash)
+		p.setType("", tomlArrayHash, item.pos)
 		p.ordered = append(p.ordered, key)
-	case itemKeyStart:
+	case itemKeyStart: // key = ..
-		kname := p.next()
+		outerContext := p.context
-		p.approxLine = kname.line
+		/// Read all the key parts (e.g. 'a' and 'b' in 'a.b')
-		p.currentKey = p.keyString(kname)
+		k := p.nextPos()
 		var key Key
 		for ; k.typ != itemKeyEnd && k.typ != itemEOF; k = p.next() {
 			key = append(key, p.keyString(k))
 		}
 		p.assertEqual(itemKeyEnd, k.typ)
-		val, typ := p.value(p.next())
+		/// The current key is the last part.
-		p.setValue(p.currentKey, val)
+		p.currentKey = key[len(key)-1]
-		p.setType(p.currentKey, typ)
+
 		/// All the other parts (if any) are the context; need to set each part
 		/// as implicit.
 		context := key[:len(key)-1]
 		for i := range context {
 			p.addImplicitContext(append(p.context, context[i:i+1]...))
 		}
 		/// Set value.
 		vItem := p.next()
 		val, typ := p.value(vItem, false)
 		p.set(p.currentKey, val, typ, vItem.pos)
 		p.ordered = append(p.ordered, p.context.add(p.currentKey))
 		/// Remove the context we added (preserving any context from [tbl] lines).
 		p.context = outerContext
 		p.currentKey = ""
 	default:
 		p.bug("Unexpected type at top level: %s", item.typ)
@ -148,59 +216,81 @@ func (p *parser) keyString(it item) string {
 		return it.val
 	case itemString, itemMultilineString,
 		itemRawString, itemRawMultilineString:
-		s, _ := p.value(it)
+		s, _ := p.value(it, false)
 		return s.(string)
 	default:
 		p.bug("Unexpected key type: %s", it.typ)
 		panic("unreachable")
 	}
 	panic("unreachable")
 }
 var datetimeRepl = strings.NewReplacer(
 	"z", "Z",
 	"t", "T",
 	" ", "T")
 // value translates an expected value from the lexer into a Go value wrapped
 // as an empty interface.
-func (p *parser) value(it item) (interface{}, tomlType) {
+func (p *parser) value(it item, parentIsArray bool) (interface{}, tomlType) {
 	switch it.typ {
 	case itemString:
-		return p.replaceEscapes(it.val), p.typeOfPrimitive(it)
+		return p.replaceEscapes(it, it.val), p.typeOfPrimitive(it)
 	case itemMultilineString:
-		trimmed := stripFirstNewline(stripEscapedWhitespace(it.val))
+		return p.replaceEscapes(it, stripFirstNewline(p.stripEscapedNewlines(it.val))), p.typeOfPrimitive(it)
 		return p.replaceEscapes(trimmed), p.typeOfPrimitive(it)
 	case itemRawString:
 		return it.val, p.typeOfPrimitive(it)
 	case itemRawMultilineString:
 		return stripFirstNewline(it.val), p.typeOfPrimitive(it)
 	case itemInteger:
 		return p.valueInteger(it)
 	case itemFloat:
 		return p.valueFloat(it)
 	case itemBool:
 		switch it.val {
 		case "true":
 			return true, p.typeOfPrimitive(it)
 		case "false":
 			return false, p.typeOfPrimitive(it)
-		}
+		default:
 			p.bug("Expected boolean value, but got '%s'.", it.val)
 	case itemInteger:
 		if !numUnderscoresOK(it.val) {
 			p.panicf("Invalid integer %q: underscores must be surrounded by digits",
 				it.val)
 		}
-		val := strings.Replace(it.val, "_", "", -1)
+	case itemDatetime:
-		num, err := strconv.ParseInt(val, 10, 64)
+		return p.valueDatetime(it)
 	case itemArray:
 		return p.valueArray(it)
 	case itemInlineTableStart:
 		return p.valueInlineTable(it, parentIsArray)
 	default:
 		p.bug("Unexpected value type: %s", it.typ)
 	}
 	panic("unreachable")
 }
 func (p *parser) valueInteger(it item) (interface{}, tomlType) {
 	if !numUnderscoresOK(it.val) {
 		p.panicItemf(it, "Invalid integer %q: underscores must be surrounded by digits", it.val)
 	}
 	if numHasLeadingZero(it.val) {
 		p.panicItemf(it, "Invalid integer %q: cannot have leading zeroes", it.val)
 	}
 	num, err := strconv.ParseInt(it.val, 0, 64)
 	if err != nil {
 		// Distinguish integer values. Normally, it'd be a bug if the lexer
 		// provides an invalid integer, but it's possible that the number is
 		// out of range of valid values (which the lexer cannot determine).
 		// So mark the former as a bug but the latter as a legitimate user
 		// error.
-			if e, ok := err.(*strconv.NumError); ok &&
+		if e, ok := err.(*strconv.NumError); ok && e.Err == strconv.ErrRange {
-				e.Err == strconv.ErrRange {
+			p.panicErr(it, errParseRange{i: it.val, size: "int64"})
 				p.panicf("Integer '%s' is out of the range of 64-bit "+
 					"signed integers.", it.val)
 		} else {
 			p.bug("Expected integer value, but got '%s'.", it.val)
 		}
 	}
 	return num, p.typeOfPrimitive(it)
-	case itemFloat:
+}
 func (p *parser) valueFloat(it item) (interface{}, tomlType) {
 	parts := strings.FieldsFunc(it.val, func(r rune) bool {
 		switch r {
 		case '.', 'e', 'E':
@ -210,66 +300,95 @@ func (p *parser) value(it item) (interface{}, tomlType) {
 	})
 	for _, part := range parts {
 		if !numUnderscoresOK(part) {
-				p.panicf("Invalid float %q: underscores must be "+
+			p.panicItemf(it, "Invalid float %q: underscores must be surrounded by digits", it.val)
 					"surrounded by digits", it.val)
 		}
 	}
 	if len(parts) > 0 && numHasLeadingZero(parts[0]) {
 		p.panicItemf(it, "Invalid float %q: cannot have leading zeroes", it.val)
 	}
 	if !numPeriodsOK(it.val) {
 		// As a special case, numbers like '123.' or '1.e2',
 		// which are valid as far as Go/strconv are concerned,
 		// must be rejected because TOML says that a fractional
 		// part consists of '.' followed by 1+ digits.
-			p.panicf("Invalid float %q: '.' must be followed "+
+		p.panicItemf(it, "Invalid float %q: '.' must be followed by one or more digits", it.val)
 				"by one or more digits", it.val)
 	}
 	val := strings.Replace(it.val, "_", "", -1)
 	if val == "+nan" || val == "-nan" { // Go doesn't support this, but TOML spec does.
 		val = "nan"
 	}
 	num, err := strconv.ParseFloat(val, 64)
 	if err != nil {
-			if e, ok := err.(*strconv.NumError); ok &&
+		if e, ok := err.(*strconv.NumError); ok && e.Err == strconv.ErrRange {
-				e.Err == strconv.ErrRange {
+			p.panicErr(it, errParseRange{i: it.val, size: "float64"})
 				p.panicf("Float '%s' is out of the range of 64-bit "+
 					"IEEE-754 floating-point numbers.", it.val)
 		} else {
-				p.panicf("Invalid float value: %q", it.val)
+			p.panicItemf(it, "Invalid float value: %q", it.val)
 		}
 	}
 	return num, p.typeOfPrimitive(it)
-	case itemDatetime:
+}
-		var t time.Time
+
-		var ok bool
+var dtTypes = []struct {
-		var err error
+	fmt  string
-		for _, format := range []string{
+	zone *time.Location
-			"2006-01-02T15:04:05Z07:00",
+}{
-			"2006-01-02T15:04:05",
+	{time.RFC3339Nano, time.Local},
-			"2006-01-02",
+	{"2006-01-02T15:04:05.999999999", internal.LocalDatetime},
-		} {
+	{"2006-01-02", internal.LocalDate},
-			t, err = time.ParseInLocation(format, it.val, time.Local)
+	{"15:04:05.999999999", internal.LocalTime},
 }
 func (p *parser) valueDatetime(it item) (interface{}, tomlType) {
 	it.val = datetimeRepl.Replace(it.val)
 	var (
 		t   time.Time
 		ok  bool
 		err error
 	)
 	for _, dt := range dtTypes {
 		t, err = time.ParseInLocation(dt.fmt, it.val, dt.zone)
 		if err == nil {
 			ok = true
 			break
 		}
 	}
 	if !ok {
-			p.panicf("Invalid TOML Datetime: %q.", it.val)
+		p.panicItemf(it, "Invalid TOML Datetime: %q.", it.val)
 	}
 	return t, p.typeOfPrimitive(it)
-	case itemArray:
+}
 		array := make([]interface{}, 0)
 		types := make([]tomlType, 0)
 func (p *parser) valueArray(it item) (interface{}, tomlType) {
 	p.setType(p.currentKey, tomlArray, it.pos)
 	var (
 		types []tomlType
 		// Initialize to a non-nil empty slice. This makes it consistent with
 		// how S = [] decodes into a non-nil slice inside something like struct
 		// { S []string }. See #338
 		array = []interface{}{}
 	)
 	for it = p.next(); it.typ != itemArrayEnd; it = p.next() {
 		if it.typ == itemCommentStart {
 			p.expect(itemText)
 			continue
 		}
-			val, typ := p.value(it)
+		val, typ := p.value(it, true)
 		array = append(array, val)
 		types = append(types, typ)
 		// XXX: types isn't used here, we need it to record the accurate type
 		// information.
 		//
 		// Not entirely sure how to best store this; could use "key[0]",
 		// "key[1]" notation, or maybe store it on the Array type?
 	}
-		return array, p.typeOfArray(types)
+	return array, tomlArray
-	case itemInlineTableStart:
+}
 func (p *parser) valueInlineTable(it item, parentIsArray bool) (interface{}, tomlType) {
 	var (
 		hash         = make(map[string]interface{})
 		outerContext = p.context
@ -277,51 +396,81 @@ func (p *parser) value(it item) (interface{}, tomlType) {
 	)
 	p.context = append(p.context, p.currentKey)
 	prevContext := p.context
 	p.currentKey = ""
 	p.addImplicit(p.context)
 	p.addContext(p.context, parentIsArray)
 	/// Loop over all table key/value pairs.
 	for it := p.next(); it.typ != itemInlineTableEnd; it = p.next() {
 			if it.typ != itemKeyStart {
 				p.bug("Expected key start but instead found %q, around line %d",
 					it.val, p.approxLine)
 			}
 		if it.typ == itemCommentStart {
 			p.expect(itemText)
 			continue
 		}
-			// retrieve key
+		/// Read all key parts.
-			k := p.next()
+		k := p.nextPos()
-			p.approxLine = k.line
+		var key Key
-			kname := p.keyString(k)
+		for ; k.typ != itemKeyEnd && k.typ != itemEOF; k = p.next() {
 			key = append(key, p.keyString(k))
 		}
 		p.assertEqual(itemKeyEnd, k.typ)
-			// retrieve value
+		/// The current key is the last part.
-			p.currentKey = kname
+		p.currentKey = key[len(key)-1]
-			val, typ := p.value(p.next())
+
-			// make sure we keep metadata up to date
+		/// All the other parts (if any) are the context; need to set each part
-			p.setType(kname, typ)
+		/// as implicit.
 		context := key[:len(key)-1]
 		for i := range context {
 			p.addImplicitContext(append(p.context, context[i:i+1]...))
 		}
 		/// Set the value.
 		val, typ := p.value(p.next(), false)
 		p.set(p.currentKey, val, typ, it.pos)
 		p.ordered = append(p.ordered, p.context.add(p.currentKey))
-			hash[kname] = val
+		hash[p.currentKey] = val
 		/// Restore context.
 		p.context = prevContext
 	}
 	p.context = outerContext
 	p.currentKey = outerKey
 	return hash, tomlHash
 }
 // numHasLeadingZero checks if this number has leading zeroes, allowing for '0',
 // +/- signs, and base prefixes.
 func numHasLeadingZero(s string) bool {
 	if len(s) > 1 && s[0] == '0' && !(s[1] == 'b' || s[1] == 'o' || s[1] == 'x') { // Allow 0b, 0o, 0x
 		return true
 	}
-	p.bug("Unexpected value type: %s", it.typ)
+	if len(s) > 2 && (s[0] == '-' || s[0] == '+') && s[1] == '0' {
-	panic("unreachable")
+		return true
 	}
 	return false
 }
 // numUnderscoresOK checks whether each underscore in s is surrounded by
 // characters that are not underscores.
 func numUnderscoresOK(s string) bool {
 	switch s {
 	case "nan", "+nan", "-nan", "inf", "-inf", "+inf":
 		return true
 	}
 	accept := false
 	for _, r := range s {
 		if r == '_' {
 			if !accept {
 				return false
 			}
 			accept = false
 			continue
 		}
-		accept = true
+
 		// isHexadecimal is a superset of all the permissable characters
 		// surrounding an underscore.
 		accept = isHexadecimal(r)
 	}
 	return accept
 }
@ -338,13 +487,12 @@ func numPeriodsOK(s string) bool {
 	return !period
 }
-// establishContext sets the current context of the parser,
+// Set the current context of the parser, where the context is either a hash or
-// where the context is either a hash or an array of hashes. Which one is
+// an array of hashes, depending on the value of the `array` parameter.
 // set depends on the value of the `array` parameter.
 //
 // Establishing the context also makes sure that the key isn't a duplicate, and
 // will create implicit hashes automatically.
-func (p *parser) establishContext(key Key, array bool) {
+func (p *parser) addContext(key Key, array bool) {
 	var ok bool
 	// Always start at the top level and drill down for our context.
@ -383,7 +531,7 @@ func (p *parser) establishContext(key Key, array bool) {
 		// list of tables for it.
 		k := key[len(key)-1]
 		if _, ok := hashContext[k]; !ok {
-			hashContext[k] = make([]map[string]interface{}, 0, 5)
+			hashContext[k] = make([]map[string]interface{}, 0, 4)
 		}
 		// Add a new table. But make sure the key hasn't already been used
@ -391,8 +539,7 @@ func (p *parser) establishContext(key Key, array bool) {
 		if hash, ok := hashContext[k].([]map[string]interface{}); ok {
 			hashContext[k] = append(hash, make(map[string]interface{}))
 		} else {
-			p.panicf("Key '%s' was already created and cannot be used as "+
+			p.panicf("Key '%s' was already created and cannot be used as an array.", key)
 				"an array.", keyContext)
 		}
 	} else {
 		p.setValue(key[len(key)-1], make(map[string]interface{}))
@ -400,15 +547,23 @@ func (p *parser) establishContext(key Key, array bool) {
 	p.context = append(p.context, key[len(key)-1])
 }
 // set calls setValue and setType.
 func (p *parser) set(key string, val interface{}, typ tomlType, pos Position) {
 	p.setValue(key, val)
 	p.setType(key, typ, pos)
 }
 // setValue sets the given key to the given value in the current context.
 // It will make sure that the key hasn't already been defined, account for
 // implicit key groups.
 func (p *parser) setValue(key string, value interface{}) {
-	var tmpHash interface{}
+	var (
-	var ok bool
+		tmpHash    interface{}
-
+		ok         bool
-	hash := p.mapping
+		hash       = p.mapping
-	keyContext := make(Key, 0)
+		keyContext Key
 	)
 	for _, k := range p.context {
 		keyContext = append(keyContext, k)
 		if tmpHash, ok = hash[k]; !ok {
@ -422,24 +577,26 @@ func (p *parser) setValue(key string, value interface{}) {
 		case map[string]interface{}:
 			hash = t
 		default:
-			p.bug("Expected hash to have type 'map[string]interface{}', but "+
+			p.panicf("Key '%s' has already been defined.", keyContext)
 				"it has '%T' instead.", tmpHash)
 		}
 	}
 	keyContext = append(keyContext, key)
 	if _, ok := hash[key]; ok {
-		// Typically, if the given key has already been set, then we have
+		// Normally redefining keys isn't allowed, but the key could have been
-		// to raise an error since duplicate keys are disallowed. However,
+		// defined implicitly and it's allowed to be redefined concretely. (See
-		// it's possible that a key was previously defined implicitly. In this
+		// the `valid/implicit-and-explicit-after.toml` in toml-test)
 		// case, it is allowed to be redefined concretely. (See the
 		// `tests/valid/implicit-and-explicit-after.toml` test in `toml-test`.)
 		//
 		// But we have to make sure to stop marking it as an implicit. (So that
 		// another redefinition provokes an error.)
 		//
 		// Note that since it has already been defined (as a hash), we don't
 		// want to overwrite it. So our business is done.
 		if p.isArray(keyContext) {
 			p.removeImplicit(keyContext)
 			hash[key] = value
 			return
 		}
 		if p.isImplicit(keyContext) {
 			p.removeImplicit(keyContext)
 			return
@ -449,40 +606,39 @@ func (p *parser) setValue(key string, value interface{}) {
 		// key, which is *always* wrong.
 		p.panicf("Key '%s' has already been defined.", keyContext)
 	}
 	hash[key] = value
 }
-// setType sets the type of a particular value at a given key.
+// setType sets the type of a particular value at a given key. It should be
-// It should be called immediately AFTER setValue.
+// called immediately AFTER setValue.
 //
 // Note that if `key` is empty, then the type given will be applied to the
 // current context (which is either a table or an array of tables).
-func (p *parser) setType(key string, typ tomlType) {
+func (p *parser) setType(key string, typ tomlType, pos Position) {
 	keyContext := make(Key, 0, len(p.context)+1)
-	for _, k := range p.context {
+	keyContext = append(keyContext, p.context...)
 		keyContext = append(keyContext, k)
 	}
 	if len(key) > 0 { // allow type setting for hashes
 		keyContext = append(keyContext, key)
 	}
-	p.types[keyContext.String()] = typ
+	// Special case to make empty keys ("" = 1) work.
 	// Without it it will set "" rather than `""`.
 	// TODO: why is this needed? And why is this only needed here?
 	if len(keyContext) == 0 {
 		keyContext = Key{""}
 	}
 	p.keyInfo[keyContext.String()] = keyInfo{tomlType: typ, pos: pos}
 }
-// addImplicit sets the given Key as having been created implicitly.
+// Implicit keys need to be created when tables are implied in "a.b.c.d = 1" and
-func (p *parser) addImplicit(key Key) {
+// "[a.b.c]" (the "a", "b", and "c" hashes are never created explicitly).
-	p.implicits[key.String()] = true
+func (p *parser) addImplicit(key Key)     { p.implicits[key.String()] = struct{}{} }
-}
+func (p *parser) removeImplicit(key Key)  { delete(p.implicits, key.String()) }
-
+func (p *parser) isImplicit(key Key) bool { _, ok := p.implicits[key.String()]; return ok }
-// removeImplicit stops tagging the given key as having been implicitly
+func (p *parser) isArray(key Key) bool    { return p.keyInfo[key.String()].tomlType == tomlArray }
-// created.
+func (p *parser) addImplicitContext(key Key) {
-func (p *parser) removeImplicit(key Key) {
+	p.addImplicit(key)
-	p.implicits[key.String()] = false
+	p.addContext(key, false)
 }
 // isImplicit returns true if the key group pointed to by the key was created
 // implicitly.
 func (p *parser) isImplicit(key Key) bool {
 	return p.implicits[key.String()]
 }
 // current returns the full key name of the current context.
@ -497,24 +653,62 @@ func (p *parser) current() string {
 }
 func stripFirstNewline(s string) string {
-	if len(s) == 0 || s[0] != '\n' {
+	if len(s) > 0 && s[0] == '\n' {
 		return s[1:]
 	}
 	if len(s) > 1 && s[0] == '\r' && s[1] == '\n' {
 		return s[2:]
 	}
 	return s
 }
 // Remove newlines inside triple-quoted strings if a line ends with "\".
 func (p *parser) stripEscapedNewlines(s string) string {
 	split := strings.Split(s, "\n")
 	if len(split) < 1 {
 		return s
 	}
 	return s[1:]
 }
-func stripEscapedWhitespace(s string) string {
+	escNL := false // Keep track of the last non-blank line was escaped.
-	esc := strings.Split(s, "\\\n")
+	for i, line := range split {
-	if len(esc) > 1 {
+		line = strings.TrimRight(line, " \t\r")
-		for i := 1; i < len(esc); i++ {
+
-			esc[i] = strings.TrimLeftFunc(esc[i], unicode.IsSpace)
+		if len(line) == 0 || line[len(line)-1] != '\\' {
 			split[i] = strings.TrimRight(split[i], "\r")
 			if !escNL && i != len(split)-1 {
 				split[i] += "\n"
 			}
 			continue
 		}
 		escBS := true
 		for j := len(line) - 1; j >= 0 && line[j] == '\\'; j-- {
 			escBS = !escBS
 		}
 		if escNL {
 			line = strings.TrimLeft(line, " \t\r")
 		}
 		escNL = !escBS
 		if escBS {
 			split[i] += "\n"
 			continue
 		}
 		if i == len(split)-1 {
 			p.panicf("invalid escape: '\\ '")
 		}
 		split[i] = line[:len(line)-1] // Remove \
 		if len(split)-1 > i {
 			split[i+1] = strings.TrimLeft(split[i+1], " \t\r")
 		}
 	}
-	return strings.Join(esc, "")
+	return strings.Join(split, "")
 }
-func (p *parser) replaceEscapes(str string) string {
+func (p *parser) replaceEscapes(it item, str string) string {
-	var replaced []rune
+	replaced := make([]rune, 0, len(str))
 	s := []byte(str)
 	r := 0
 	for r < len(s) {
@ -532,7 +726,8 @@ func (p *parser) replaceEscapes(str string) string {
 		switch s[r] {
 		default:
 			p.bug("Expected valid escape code after \\, but got %q.", s[r])
-			return ""
+		case ' ', '\t':
 			p.panicItemf(it, "invalid escape: '\\%c'", s[r])
 		case 'b':
 			replaced = append(replaced, rune(0x0008))
 			r += 1
@ -558,14 +753,14 @@ func (p *parser) replaceEscapes(str string) string {
 			// At this point, we know we have a Unicode escape of the form
 			// `uXXXX` at [r, r+5). (Because the lexer guarantees this
 			// for us.)
-			escaped := p.asciiEscapeToUnicode(s[r+1 : r+5])
+			escaped := p.asciiEscapeToUnicode(it, s[r+1:r+5])
 			replaced = append(replaced, escaped)
 			r += 5
 		case 'U':
 			// At this point, we know we have a Unicode escape of the form
 			// `uXXXX` at [r, r+9). (Because the lexer guarantees this
 			// for us.)
-			escaped := p.asciiEscapeToUnicode(s[r+1 : r+9])
+			escaped := p.asciiEscapeToUnicode(it, s[r+1:r+9])
 			replaced = append(replaced, escaped)
 			r += 9
 		}
@ -573,20 +768,14 @@ func (p *parser) replaceEscapes(str string) string {
 	return string(replaced)
 }
-func (p *parser) asciiEscapeToUnicode(bs []byte) rune {
+func (p *parser) asciiEscapeToUnicode(it item, bs []byte) rune {
 	s := string(bs)
 	hex, err := strconv.ParseUint(strings.ToLower(s), 16, 32)
 	if err != nil {
-		p.bug("Could not parse '%s' as a hexadecimal number, but the "+
+		p.bug("Could not parse '%s' as a hexadecimal number, but the lexer claims it's OK: %s", s, err)
 			"lexer claims it's OK: %s", s, err)
 	}
 	if !utf8.ValidRune(rune(hex)) {
-		p.panicf("Escaped character '\\u%s' is not valid UTF-8.", s)
+		p.panicItemf(it, "Escaped character '\\u%s' is not valid UTF-8.", s)
 	}
 	return rune(hex)
 }
 func isStringType(ty itemType) bool {
 	return ty == itemString || ty == itemMultilineString ||
 		ty == itemRawString || ty == itemRawMultilineString
 }
--- a/vendor/github.com/BurntSushi/toml/session.vim
+++ b/vendor/github.com/BurntSushi/toml/session.vim
@ -1 +0,0 @@
 au BufWritePost *.go silent!make tags > /dev/null 2>&1
--- a/vendor/github.com/BurntSushi/toml/type_fields.go
+++ b/vendor/github.com/BurntSushi/toml/type_fields.go
@ -70,8 +70,8 @@ func typeFields(t reflect.Type) []field {
 	next := []field{{typ: t}}
 	// Count of queued names for current level and the next.
-	count := map[reflect.Type]int{}
+	var count map[reflect.Type]int
-	nextCount := map[reflect.Type]int{}
+	var nextCount map[reflect.Type]int
 	// Types already visited at an earlier level.
 	visited := map[reflect.Type]bool{}
--- a/vendor/github.com/BurntSushi/toml/type_check.go
+++ b/vendor/github.com/BurntSushi/toml/type_check.go
@ -16,7 +16,7 @@ func typeEqual(t1, t2 tomlType) bool {
 	return t1.typeString() == t2.typeString()
 }
-func typeIsHash(t tomlType) bool {
+func typeIsTable(t tomlType) bool {
 	return typeEqual(t, tomlHash) || typeEqual(t, tomlArrayHash)
 }
@ -68,24 +68,3 @@ func (p *parser) typeOfPrimitive(lexItem item) tomlType {
 	p.bug("Cannot infer primitive type of lex item '%s'.", lexItem)
 	panic("unreachable")
 }
 // typeOfArray returns a tomlType for an array given a list of types of its
 // values.
 //
 // In the current spec, if an array is homogeneous, then its type is always
 // "Array". If the array is not homogeneous, an error is generated.
 func (p *parser) typeOfArray(types []tomlType) tomlType {
 	// Empty arrays are cool.
 	if len(types) == 0 {
 		return tomlArray
 	}
 	theType := types[0]
 	for _, t := range types[1:] {
 		if !typeEqual(theType, t) {
 			p.panicf("Array contains values of type '%s' and '%s', but "+
 				"arrays must be homogeneous.", theType, t)
 		}
 	}
 	return tomlArray
 }
--- a/vendor/github.com/certifi/gocertifi/.travis.yml
+++ b/vendor/github.com/certifi/gocertifi/.travis.yml
@ -1,13 +0,0 @@
 ---
 language: go
 go:
 - tip
 - 1.12.x
 - 1.11.x
 - 1.10.x
 - 1.9.x
 - 1.8.x
 sudo: false
 # Forks will use that path for checkout
 go_import_path: github.com/certifi/gocertifi
--- a/vendor/github.com/certifi/gocertifi/README.md
+++ b/vendor/github.com/certifi/gocertifi/README.md
@ -59,16 +59,11 @@ Import as follows:
 import "github.com/certifi/gocertifi"
 ```
 ### Errors
 ```go
 var ErrParseFailed = errors.New("gocertifi: error when parsing certificates")
 ```
 ### Functions
 ```go
 func CACerts() (*x509.CertPool, error)
 ```
 CACerts builds an X.509 certificate pool containing the Mozilla CA Certificate
-bundle. Returns nil on error along with an appropriate error code.
+bundle. This can't actually error and always returns successfully with `nil`
 as the error. This will be replaced in `v2` to only return the `CertPool`.
--- a/vendor/github.com/certifi/gocertifi/certifi.go
+++ b/vendor/github.com/certifi/gocertifi/certifi.go
--- a/vendor/github.com/coredns/coredns/core/dnsserver/address.go
+++ b/vendor/github.com/coredns/coredns/core/dnsserver/address.go
@ -49,12 +49,23 @@ func newOverlapZone() *zoneOverlap {
 // registerAndCheck adds a new zoneAddr for validation, it returns information about existing or overlapping with already registered
 // we consider that an unbound address is overlapping all bound addresses for same zone, same port
 func (zo *zoneOverlap) registerAndCheck(z zoneAddr) (existingZone *zoneAddr, overlappingZone *zoneAddr) {
 	existingZone, overlappingZone = zo.check(z)
 	if existingZone != nil || overlappingZone != nil {
 		return existingZone, overlappingZone
 	}
 	// there is no overlap, keep the current zoneAddr for future checks
 	zo.registeredAddr[z] = z
 	zo.unboundOverlap[z.unbound()] = z
 	return nil, nil
 }
 // check validates a zoneAddr for overlap without registering it
 func (zo *zoneOverlap) check(z zoneAddr) (existingZone *zoneAddr, overlappingZone *zoneAddr) {
 	if exist, ok := zo.registeredAddr[z]; ok {
 		// exact same zone already registered
 		return &exist, nil
 	}
-	uz := zoneAddr{Zone: z.Zone, Address: "", Port: z.Port, Transport: z.Transport}
+	uz := z.unbound()
 	if already, ok := zo.unboundOverlap[uz]; ok {
 		if z.Address == "" {
 			// current is not bound to an address, but there is already another zone with a bind address registered
@ -65,8 +76,11 @@ func (zo *zoneOverlap) registerAndCheck(z zoneAddr) (existingZone *zoneAddr, ove
 			return nil, &uz
 		}
 	}
-	// there is no overlap, keep the current zoneAddr for future checks
+	// there is no overlap
 	zo.registeredAddr[z] = z
 	zo.unboundOverlap[uz] = z
 	return nil, nil
 }
 // unbound returns an unbound version of the zoneAddr
 func (z zoneAddr) unbound() zoneAddr {
 	return zoneAddr{Zone: z.Zone, Address: "", Port: z.Port, Transport: z.Transport}
 }
--- a/vendor/github.com/coredns/coredns/core/dnsserver/config.go
+++ b/vendor/github.com/coredns/coredns/core/dnsserver/config.go
@ -1,12 +1,14 @@
 package dnsserver
 import (
 	"context"
 	"crypto/tls"
 	"fmt"
 	"net/http"
 	"github.com/coredns/caddy"
 	"github.com/coredns/coredns/plugin"
 	"github.com/coredns/coredns/request"
 )
 // Config configuration for a single server.
@ -28,6 +30,9 @@ type Config struct {
 	// Debug controls the panic/recover mechanism that is enabled by default.
 	Debug bool
 	// Stacktrace controls including stacktrace as part of log from recover mechanism, it is disabled by default.
 	Stacktrace bool
 	// The transport we implement, normally just "dns" over TCP/UDP, but could be
 	// DNS-over-TLS or DNS-over-gRPC.
 	Transport string
@ -37,9 +42,20 @@ type Config struct {
 	// may depend on it.
 	HTTPRequestValidateFunc func(*http.Request) bool
 	// FilterFuncs is used to further filter access
 	// to this handler. E.g. to limit access to a reverse zone
 	// on a non-octet boundary, i.e. /17
 	FilterFuncs []FilterFunc
 	// ViewName is the name of the Viewer PLugin defined in the Config
 	ViewName string
 	// TLSConfig when listening for encrypted connections (gRPC, DNS-over-TLS).
 	TLSConfig *tls.Config
 	// TSIG secrets, [name]key.
 	TsigSecret map[string]string
 	// Plugin stack.
 	Plugin []plugin.Plugin
@ -54,8 +70,14 @@ type Config struct {
 	// firstConfigInBlock is used to reference the first config in a server block, for the
 	// purpose of sharing single instance of each plugin among all zones in a server block.
 	firstConfigInBlock *Config
 	// metaCollector references the first MetadataCollector plugin, if one exists
 	metaCollector MetadataCollector
 }
 // FilterFunc is a function that filters requests from the Config
 type FilterFunc func(context.Context, *request.Request) bool
 // keyForConfig builds a key for identifying the configs during setup time
 func keyForConfig(blocIndex int, blocKeyIndex int) string {
 	return fmt.Sprintf("%d:%d", blocIndex, blocKeyIndex)
--- a/vendor/github.com/coredns/coredns/core/dnsserver/onstartup.go
+++ b/vendor/github.com/coredns/coredns/core/dnsserver/onstartup.go
@ -2,17 +2,31 @@ package dnsserver
 import (
 	"fmt"
 	"regexp"
 	"sort"
 	"github.com/coredns/coredns/plugin/pkg/dnsutil"
 )
 // checkZoneSyntax() checks whether the given string match 1035 Preferred Syntax or not.
 // The root zone, and all reverse zones always return true even though they technically don't meet 1035 Preferred Syntax
 func checkZoneSyntax(zone string) bool {
 	if zone == "." || dnsutil.IsReverse(zone) != 0 {
 		return true
 	}
 	regex1035PreferredSyntax, _ := regexp.MatchString(`^(([A-Za-z]([A-Za-z0-9-]*[A-Za-z0-9])?)\.)+$`, zone)
 	return regex1035PreferredSyntax
 }
 // startUpZones creates the text that we show when starting up:
 // grpc://example.com.:1055
 // example.com.:1053 on 127.0.0.1
-func startUpZones(protocol, addr string, zones map[string]*Config) string {
+func startUpZones(protocol, addr string, zones map[string][]*Config) string {
 	s := ""
 	keys := make([]string, len(zones))
 	i := 0
 	for k := range zones {
 		keys[i] = k
 		i++
@ -20,6 +34,9 @@ func startUpZones(protocol, addr string, zones map[string]*Config) string {
 	sort.Strings(keys)
 	for _, zone := range keys {
 		if !checkZoneSyntax(zone) {
 			s += fmt.Sprintf("Warning: Domain %q does not follow RFC1035 preferred syntax\n", zone)
 		}
 		// split addr into protocol, IP and Port
 		_, ip, port, err := SplitProtocolHostPort(addr)
--- a/vendor/github.com/coredns/coredns/core/dnsserver/register.go
+++ b/vendor/github.com/coredns/coredns/core/dnsserver/register.go
@ -138,14 +138,6 @@ func (h *dnsContext) InspectServerBlocks(sourceFile string, serverBlocks []caddy
 // MakeServers uses the newly-created siteConfigs to create and return a list of server instances.
 func (h *dnsContext) MakeServers() ([]caddy.Server, error) {
 	// Now that all Keys and Directives are parsed and initialized
 	// lets verify that there is no overlap on the zones and addresses to listen for
 	errValid := h.validateZonesAndListeningAddresses()
 	if errValid != nil {
 		return nil, errValid
 	}
 	// Copy the Plugin, ListenHosts and Debug from first config in the block
 	// to all other config in the same block . Doing this results in zones
 	// sharing the same plugin instances and settings as other zones in
@ -154,7 +146,9 @@ func (h *dnsContext) MakeServers() ([]caddy.Server, error) {
 		c.Plugin = c.firstConfigInBlock.Plugin
 		c.ListenHosts = c.firstConfigInBlock.ListenHosts
 		c.Debug = c.firstConfigInBlock.Debug
 		c.Stacktrace = c.firstConfigInBlock.Stacktrace
 		c.TLSConfig = c.firstConfigInBlock.TLSConfig
 		c.TsigSecret = c.firstConfigInBlock.TsigSecret
 	}
 	// we must map (group) each config to a bind address
@ -195,7 +189,27 @@ func (h *dnsContext) MakeServers() ([]caddy.Server, error) {
 			}
 			servers = append(servers, s)
 		}
 	}
 	// For each server config, check for View Filter plugins
 	for _, c := range h.configs {
 		// Add filters in the plugin.cfg order for consistent filter func evaluation order.
 		for _, d := range Directives {
 			if vf, ok := c.registry[d].(Viewer); ok {
 				if c.ViewName != "" {
 					return nil, fmt.Errorf("multiple views defined in server block")
 				}
 				c.ViewName = vf.ViewName()
 				c.FilterFuncs = append(c.FilterFuncs, vf.Filter)
 			}
 		}
 	}
 	// Verify that there is no overlap on the zones and listen addresses
 	// for unfiltered server configs
 	errValid := h.validateZonesAndListeningAddresses()
 	if errValid != nil {
 		return nil, errValid
 	}
 	return servers, nil
@ -253,18 +267,24 @@ func (h *dnsContext) validateZonesAndListeningAddresses() error {
 		for _, h := range conf.ListenHosts {
 			// Validate the overlapping of ZoneAddr
 			akey := zoneAddr{Transport: conf.Transport, Zone: conf.Zone, Address: h, Port: conf.Port}
-			existZone, overlapZone := checker.registerAndCheck(akey)
+			var existZone, overlapZone *zoneAddr
 			if len(conf.FilterFuncs) > 0 {
 				// This config has filters. Check for overlap with other (unfiltered) configs.
 				existZone, overlapZone = checker.check(akey)
 			} else {
 				// This config has no filters. Check for overlap with other (unfiltered) configs,
 				// and register the zone to prevent subsequent zones from overlapping with it.
 				existZone, overlapZone = checker.registerAndCheck(akey)
 			}
 			if existZone != nil {
 				return fmt.Errorf("cannot serve %s - it is already defined", akey.String())
 			}
 			if overlapZone != nil {
 				return fmt.Errorf("cannot serve %s - zone overlap listener capacity with %v", akey.String(), overlapZone.String())
 			}
 		}
 	}
 	return nil
 }
 // groupSiteConfigsByListenAddr groups site configs by their listen
--- a/vendor/github.com/coredns/coredns/core/dnsserver/server.go
+++ b/vendor/github.com/coredns/coredns/core/dnsserver/server.go
@ -6,6 +6,7 @@ import (
 	"fmt"
 	"net"
 	"runtime"
 	"runtime/debug"
 	"strings"
 	"sync"
 	"time"
@ -36,22 +37,30 @@ type Server struct {
 	server [2]*dns.Server // 0 is a net.Listener, 1 is a net.PacketConn (a *UDPConn) in our case.
 	m      sync.Mutex     // protects the servers
-	zones        map[string]*Config // zones keyed by their address
+	zones        map[string][]*Config // zones keyed by their address
 	dnsWg        sync.WaitGroup       // used to wait on outstanding connections
 	graceTimeout time.Duration        // the maximum duration of a graceful shutdown
 	trace        trace.Trace          // the trace plugin for the server
 	debug        bool                 // disable recover()
 	stacktrace   bool                 // enable stacktrace in recover error log
 	classChaos   bool                 // allow non-INET class queries
 	tsigSecret map[string]string
 }
 // MetadataCollector is a plugin that can retrieve metadata functions from all metadata providing plugins
 type MetadataCollector interface {
 	Collect(context.Context, request.Request) context.Context
 }
 // NewServer returns a new CoreDNS server and compiles all plugins in to it. By default CH class
 // queries are blocked unless queries from enableChaos are loaded.
 func NewServer(addr string, group []*Config) (*Server, error) {
 	s := &Server{
 		Addr:         addr,
-		zones:        make(map[string]*Config),
+		zones:        make(map[string][]*Config),
 		graceTimeout: 5 * time.Second,
 		tsigSecret:   make(map[string]string),
 	}
 	// We have to bound our wg with one increment
@ -67,8 +76,15 @@ func NewServer(addr string, group []*Config) (*Server, error) {
 			s.debug = true
 			log.D.Set()
 		}
-		// set the config per zone
+		s.stacktrace = site.Stacktrace
-		s.zones[site.Zone] = site
+
 		// append the config to the zone's configs
 		s.zones[site.Zone] = append(s.zones[site.Zone], site)
 		// copy tsig secrets
 		for key, secret := range site.TsigSecret {
 			s.tsigSecret[key] = secret
 		}
 		// compile custom plugin for everything
 		var stack plugin.Handler
@ -78,6 +94,12 @@ func NewServer(addr string, group []*Config) (*Server, error) {
 			// register the *handler* also
 			site.registerHandler(stack)
 			// If the current plugin is a MetadataCollector, bookmark it for later use. This loop traverses the plugin
 			// list backwards, so the first MetadataCollector plugin wins.
 			if mdc, ok := stack.(MetadataCollector); ok {
 				site.metaCollector = mdc
 			}
 			if s.trace == nil && stack.Name() == "trace" {
 				// we have to stash away the plugin, not the
 				// Tracer object, because the Tracer won't be initialized yet
@ -112,7 +134,7 @@ func (s *Server) Serve(l net.Listener) error {
 		ctx := context.WithValue(context.Background(), Key{}, s)
 		ctx = context.WithValue(ctx, LoopKey{}, 0)
 		s.ServeDNS(ctx, w, r)
-	})}
+	}), TsigSecret: s.tsigSecret}
 	s.m.Unlock()
 	return s.server[tcp].ActivateAndServe()
@ -126,7 +148,7 @@ func (s *Server) ServePacket(p net.PacketConn) error {
 		ctx := context.WithValue(context.Background(), Key{}, s)
 		ctx = context.WithValue(ctx, LoopKey{}, 0)
 		s.ServeDNS(ctx, w, r)
-	})}
+	}), TsigSecret: s.tsigSecret}
 	s.m.Unlock()
 	return s.server[udp].ActivateAndServe()
@ -163,7 +185,6 @@ func (s *Server) ListenPacket() (net.PacketConn, error) {
 // immediately.
 // This implements Caddy.Stopper interface.
 func (s *Server) Stop() (err error) {
 	if runtime.GOOS != "windows" {
 		// force connections to close after timeout
 		done := make(chan struct{})
@ -213,7 +234,11 @@ func (s *Server) ServeDNS(ctx context.Context, w dns.ResponseWriter, r *dns.Msg)
 			// In case the user doesn't enable error plugin, we still
 			// need to make sure that we stay alive up here
 			if rec := recover(); rec != nil {
 				if s.stacktrace {
 					log.Errorf("Recovered from panic in server: %q %v\n%s", s.Addr, rec, string(debug.Stack()))
 				} else {
 					log.Errorf("Recovered from panic in server: %q %v", s.Addr, rec)
 				}
 				vars.Panic.Inc()
 				errorAndMetricsFunc(s.Addr, w, r, dns.RcodeServerFailure)
 			}
@ -241,11 +266,24 @@ func (s *Server) ServeDNS(ctx context.Context, w dns.ResponseWriter, r *dns.Msg)
 	)
 	for {
-		if h, ok := s.zones[q[off:]]; ok {
+		if z, ok := s.zones[q[off:]]; ok {
 			for _, h := range z {
 				if h.pluginChain == nil { // zone defined, but has not got any plugins
 					errorAndMetricsFunc(s.Addr, w, r, dns.RcodeRefused)
 					return
 				}
 				if h.metaCollector != nil {
 					// Collect metadata now, so it can be used before we send a request down the plugin chain.
 					ctx = h.metaCollector.Collect(ctx, request.Request{Req: r, W: w})
 				}
 				// If all filter funcs pass, use this config.
 				if passAllFilterFuncs(ctx, h.FilterFuncs, &request.Request{Req: r, W: w}) {
 					if h.ViewName != "" {
 						// if there was a view defined for this Config, set the view name in the context
 						ctx = context.WithValue(ctx, ViewKey{}, h.ViewName)
 					}
 					if r.Question[0].Qtype != dns.TypeDS {
 						rcode, _ := h.pluginChain.ServeDNS(ctx, w, r)
 						if !plugin.ClientWrite(rcode) {
@ -260,6 +298,8 @@ func (s *Server) ServeDNS(ctx context.Context, w dns.ResponseWriter, r *dns.Msg)
 					// In all fairness: direct DS queries should not be needed.
 					dshandler = h
 				}
 			}
 		}
 		off, end = dns.NextLabel(q, off)
 		if end {
 			break
@ -276,18 +316,46 @@ func (s *Server) ServeDNS(ctx context.Context, w dns.ResponseWriter, r *dns.Msg)
 	}
 	// Wildcard match, if we have found nothing try the root zone as a last resort.
-	if h, ok := s.zones["."]; ok && h.pluginChain != nil {
+	if z, ok := s.zones["."]; ok {
 		for _, h := range z {
 			if h.pluginChain == nil {
 				continue
 			}
 			if h.metaCollector != nil {
 				// Collect metadata now, so it can be used before we send a request down the plugin chain.
 				ctx = h.metaCollector.Collect(ctx, request.Request{Req: r, W: w})
 			}
 			// If all filter funcs pass, use this config.
 			if passAllFilterFuncs(ctx, h.FilterFuncs, &request.Request{Req: r, W: w}) {
 				if h.ViewName != "" {
 					// if there was a view defined for this Config, set the view name in the context
 					ctx = context.WithValue(ctx, ViewKey{}, h.ViewName)
 				}
 				rcode, _ := h.pluginChain.ServeDNS(ctx, w, r)
 				if !plugin.ClientWrite(rcode) {
 					errorFunc(s.Addr, w, r, rcode)
 				}
 				return
 			}
 		}
 	}
 	// Still here? Error out with REFUSED.
 	errorAndMetricsFunc(s.Addr, w, r, dns.RcodeRefused)
 }
 // passAllFilterFuncs returns true if all filter funcs evaluate to true for the given request
 func passAllFilterFuncs(ctx context.Context, filterFuncs []FilterFunc, req *request.Request) bool {
 	for _, ff := range filterFuncs {
 		if !ff(ctx, req) {
 			return false
 		}
 	}
 	return true
 }
 // OnStartupComplete lists the sites served by this server
 // and any relevant information, assuming Quiet is false.
 func (s *Server) OnStartupComplete() {
@ -328,7 +396,7 @@ func errorAndMetricsFunc(server string, w dns.ResponseWriter, r *dns.Msg, rc int
 	answer.SetRcode(r, rc)
 	state.SizeAndDo(answer)
-	vars.Report(server, state, vars.Dropped, rcode.ToString(rc), "" /* plugin */, answer.Len(), time.Now())
+	vars.Report(server, state, vars.Dropped, "", rcode.ToString(rc), "" /* plugin */, answer.Len(), time.Now())
 	w.WriteMsg(answer)
 }
@ -344,6 +412,9 @@ type (
 	// LoopKey is the context key to detect server wide loops.
 	LoopKey struct{}
 	// ViewKey is the context key for the current view, if defined
 	ViewKey struct{}
 )
 // EnableChaos is a map with plugin names for which we should open CH class queries as we block these by default.
--- a/vendor/github.com/coredns/coredns/core/dnsserver/server_grpc.go
+++ b/vendor/github.com/coredns/coredns/core/dnsserver/server_grpc.go
@ -22,6 +22,7 @@ import (
 // ServergRPC represents an instance of a DNS-over-gRPC server.
 type ServergRPC struct {
 	*Server
 	*pb.UnimplementedDnsServiceServer
 	grpcServer *grpc.Server
 	listenAddr net.Addr
 	tlsConfig  *tls.Config
@ -36,10 +37,12 @@ func NewServergRPC(addr string, group []*Config) (*ServergRPC, error) {
 	// The *tls* plugin must make sure that multiple conflicting
 	// TLS configuration returns an error: it can only be specified once.
 	var tlsConfig *tls.Config
-	for _, conf := range s.zones {
+	for _, z := range s.zones {
 		for _, conf := range z {
 			// Should we error if some configs *don't* have TLS?
 			tlsConfig = conf.TLSConfig
 		}
 	}
 	// http/2 is required when using gRPC. We need to specify it in next protos
 	// or the upgrade won't happen.
 	if tlsConfig != nil {
@ -81,7 +84,6 @@ func (s *ServergRPC) ServePacket(p net.PacketConn) error { return nil }
 // Listen implements caddy.TCPServer interface.
 func (s *ServergRPC) Listen() (net.Listener, error) {
 	l, err := reuseport.Listen("tcp", s.Addr[len(transport.GRPC+"://"):])
 	if err != nil {
 		return nil, err
--- a/vendor/github.com/coredns/coredns/core/dnsserver/server_https.go
+++ b/vendor/github.com/coredns/coredns/core/dnsserver/server_https.go
@ -4,14 +4,17 @@ import (
 	"context"
 	"crypto/tls"
 	"fmt"
 	stdlog "log"
 	"net"
 	"net/http"
 	"strconv"
 	"time"
 	"github.com/coredns/caddy"
 	"github.com/coredns/coredns/plugin/metrics/vars"
 	"github.com/coredns/coredns/plugin/pkg/dnsutil"
 	"github.com/coredns/coredns/plugin/pkg/doh"
 	clog "github.com/coredns/coredns/plugin/pkg/log"
 	"github.com/coredns/coredns/plugin/pkg/response"
 	"github.com/coredns/coredns/plugin/pkg/reuseport"
 	"github.com/coredns/coredns/plugin/pkg/transport"
@ -26,6 +29,18 @@ type ServerHTTPS struct {
 	validRequest func(*http.Request) bool
 }
 // loggerAdapter is a simple adapter around CoreDNS logger made to implement io.Writer in order to log errors from HTTP server
 type loggerAdapter struct {
 }
 func (l *loggerAdapter) Write(p []byte) (n int, err error) {
 	clog.Debug(string(p))
 	return len(p), nil
 }
 // HTTPRequestKey is the context key for the current processed HTTP request (if current processed request was done over DOH)
 type HTTPRequestKey struct{}
 // NewServerHTTPS returns a new CoreDNS HTTPS server and compiles all plugins in to it.
 func NewServerHTTPS(addr string, group []*Config) (*ServerHTTPS, error) {
 	s, err := NewServer(addr, group)
@ -35,10 +50,12 @@ func NewServerHTTPS(addr string, group []*Config) (*ServerHTTPS, error) {
 	// The *tls* plugin must make sure that multiple conflicting
 	// TLS configuration returns an error: it can only be specified once.
 	var tlsConfig *tls.Config
-	for _, conf := range s.zones {
+	for _, z := range s.zones {
 		for _, conf := range z {
 			// Should we error if some configs *don't* have TLS?
 			tlsConfig = conf.TLSConfig
 		}
 	}
 	// http/2 is recommended when using DoH. We need to specify it in next protos
 	// or the upgrade won't happen.
@ -48,9 +65,11 @@ func NewServerHTTPS(addr string, group []*Config) (*ServerHTTPS, error) {
 	// Use a custom request validation func or use the standard DoH path check.
 	var validator func(*http.Request) bool
-	for _, conf := range s.zones {
+	for _, z := range s.zones {
 		for _, conf := range z {
 			validator = conf.HTTPRequestValidateFunc
 		}
 	}
 	if validator == nil {
 		validator = func(r *http.Request) bool { return r.URL.Path == doh.Path }
 	}
@ -59,6 +78,7 @@ func NewServerHTTPS(addr string, group []*Config) (*ServerHTTPS, error) {
 		ReadTimeout:  5 * time.Second,
 		WriteTimeout: 10 * time.Second,
 		IdleTimeout:  120 * time.Second,
 		ErrorLog:     stdlog.New(&loggerAdapter{}, "", 0),
 	}
 	sh := &ServerHTTPS{
 		Server: s, tlsConfig: tlsConfig, httpsServer: srv, validRequest: validator,
@ -88,7 +108,6 @@ func (s *ServerHTTPS) ServePacket(p net.PacketConn) error { return nil }
 // Listen implements caddy.TCPServer interface.
 func (s *ServerHTTPS) Listen() (net.Listener, error) {
 	l, err := reuseport.Listen("tcp", s.Addr[len(transport.HTTPS+"://"):])
 	if err != nil {
 		return nil, err
@ -125,15 +144,16 @@ func (s *ServerHTTPS) Stop() error {
 // ServeHTTP is the handler that gets the HTTP request and converts to the dns format, calls the plugin
 // chain, converts it back and write it to the client.
 func (s *ServerHTTPS) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	if !s.validRequest(r) {
 		http.Error(w, "", http.StatusNotFound)
 		s.countResponse(http.StatusNotFound)
 		return
 	}
 	msg, err := doh.RequestToMsg(r)
 	if err != nil {
 		http.Error(w, err.Error(), http.StatusBadRequest)
 		s.countResponse(http.StatusBadRequest)
 		return
 	}
@ -150,6 +170,7 @@ func (s *ServerHTTPS) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	// We should expect a packet to be returned that we can send to the client.
 	ctx := context.WithValue(context.Background(), Key{}, s.Server)
 	ctx = context.WithValue(ctx, LoopKey{}, 0)
 	ctx = context.WithValue(ctx, HTTPRequestKey{}, r)
 	s.ServeDNS(ctx, dw, msg)
 	// See section 4.2.1 of RFC 8484.
@ -157,6 +178,7 @@ func (s *ServerHTTPS) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	// handler has not provided any response message.
 	if dw.Msg == nil {
 		http.Error(w, "No response", http.StatusInternalServerError)
 		s.countResponse(http.StatusInternalServerError)
 		return
 	}
@ -169,10 +191,15 @@ func (s *ServerHTTPS) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	w.Header().Set("Cache-Control", fmt.Sprintf("max-age=%f", age.Seconds()))
 	w.Header().Set("Content-Length", strconv.Itoa(len(buf)))
 	w.WriteHeader(http.StatusOK)
 	s.countResponse(http.StatusOK)
 	w.Write(buf)
 }
 func (s *ServerHTTPS) countResponse(status int) {
 	vars.HTTPSResponsesCount.WithLabelValues(s.Addr, strconv.Itoa(status)).Inc()
 }
 // Shutdown stops the server (non gracefully).
 func (s *ServerHTTPS) Shutdown() error {
 	if s.httpsServer != nil {
--- a/vendor/github.com/coredns/coredns/core/dnsserver/server_tls.go
+++ b/vendor/github.com/coredns/coredns/core/dnsserver/server_tls.go
@ -28,10 +28,12 @@ func NewServerTLS(addr string, group []*Config) (*ServerTLS, error) {
 	// The *tls* plugin must make sure that multiple conflicting
 	// TLS configuration returns an error: it can only be specified once.
 	var tlsConfig *tls.Config
-	for _, conf := range s.zones {
+	for _, z := range s.zones {
 		for _, conf := range z {
 			// Should we error if some configs *don't* have TLS?
 			tlsConfig = conf.TLSConfig
 		}
 	}
 	return &ServerTLS{Server: s, tlsConfig: tlsConfig}, nil
 }
--- a/vendor/github.com/coredns/coredns/core/dnsserver/view.go
+++ b/vendor/github.com/coredns/coredns/core/dnsserver/view.go
@ -0,0 +1,20 @@
 package dnsserver
 import (
 	"context"
 	"github.com/coredns/coredns/request"
 )
 // Viewer - If Viewer is implemented by a plugin in a server block, its Filter()
 // is added to the server block's filter functions when starting the server. When a running server
 // serves a DNS request, it will route the request to the first Config (server block) that passes
 // all its filter functions.
 type Viewer interface {
 	// Filter returns true if the server should use the server block in which the implementing plugin resides, and the
 	// name of the view for metrics logging.
 	Filter(ctx context.Context, req *request.Request) bool
 	// ViewName returns the name of the view
 	ViewName() string
 }
--- a/vendor/github.com/coredns/coredns/core/dnsserver/zdirectives.go
+++ b/vendor/github.com/coredns/coredns/core/dnsserver/zdirectives.go
@ -34,6 +34,7 @@ var Directives = []string{
 	"any",
 	"chaos",
 	"loadbalance",
 	"tsig",
 	"cache",
 	"rewrite",
 	"header",
@ -59,4 +60,5 @@ var Directives = []string{
 	"whoami",
 	"on",
 	"sign",
 	"view",
 }
--- a/vendor/github.com/coredns/coredns/coremain/run.go
+++ b/vendor/github.com/coredns/coredns/coremain/run.go
@ -6,6 +6,7 @@ import (
 	"fmt"
 	"log"
 	"os"
 	"path/filepath"
 	"runtime"
 	"strings"
@ -95,7 +96,7 @@ func confLoader(serverType string) (caddy.Input, error) {
 		return caddy.CaddyfileFromPipe(os.Stdin, serverType)
 	}
-	contents, err := os.ReadFile(conf)
+	contents, err := os.ReadFile(filepath.Clean(conf))
 	if err != nil {
 		return nil, err
 	}
--- a/vendor/github.com/coredns/coredns/coremain/version.go
+++ b/vendor/github.com/coredns/coredns/coremain/version.go
@ -2,7 +2,7 @@ package coremain
 // Various CoreDNS constants.
 const (
-	CoreVersion = "1.8.7"
+	CoreVersion = "1.10.0"
 	coreName    = "CoreDNS"
 	serverType  = "dns"
 )
--- a/vendor/github.com/coredns/coredns/pb/Makefile
+++ b/vendor/github.com/coredns/coredns/pb/Makefile
@ -2,11 +2,18 @@
 # from: https://github.com/golang/protobuf to make this work.
 # The generate dns.pb.go is checked into git, so for normal builds we don't need
 # to run this generation step.
 # Note: The following has been used when regenerate pb:
 #  curl -OL https://github.com/protocolbuffers/protobuf/releases/download/v3.19.4/protoc-3.19.4-linux-x86_64.zip
 #  go install google.golang.org/protobuf/cmd/protoc-gen-go@v1.27.1
 #  go install google.golang.org/grpc/cmd/protoc-gen-go-grpc@v1.2.0
 #  export PATH="$PATH:$(go env GOPATH)/bin"
 #  rm pb/dns.pb.go pb/dns_grpc.pb.go
 #  make pb
 all: dns.pb.go
 dns.pb.go: dns.proto
-	protoc --go_out=plugins=grpc:. dns.proto
+	protoc --go_out=. --go-grpc_out=. dns.proto
 .PHONY: clean
 clean:
--- a/vendor/github.com/coredns/coredns/pb/dns.pb.go
+++ b/vendor/github.com/coredns/coredns/pb/dns.pb.go
@ -1,156 +1,147 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.27.1
 // 	protoc        v3.19.4
 // source: dns.proto
 package pb
 import (
-	context "context"
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
-	fmt "fmt"
+	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
-	math "math"
+	reflect "reflect"
-
+	sync "sync"
 	proto "github.com/golang/protobuf/proto"
 	grpc "google.golang.org/grpc"
 )
-// Reference imports to suppress errors if they are not otherwise used.
+const (
-var _ = proto.Marshal
+	// Verify that this generated code is sufficiently up-to-date.
-var _ = fmt.Errorf
+	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
-var _ = math.Inf
+	// Verify that runtime/protoimpl is sufficiently up-to-date.
-
+	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
-/* Miek: disabled this manually, because I don't know what the heck */
+)
 /*
 // This is a compile-time assertion to ensure that this generated file
 // is compatible with the proto package it is being compiled against.
 // A compilation error at this line likely means your copy of the
 // proto package needs to be updated.
 const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package
 */
 type DnsPacket struct {
 	state         protoimpl.MessageState
 	sizeCache     protoimpl.SizeCache
 	unknownFields protoimpl.UnknownFields
 	Msg []byte `protobuf:"bytes,1,opt,name=msg,proto3" json:"msg,omitempty"`
 	XXX_NoUnkeyedLiteral struct{} `json:"-"`
 	XXX_unrecognized     []byte   `json:"-"`
 	XXX_sizecache        int32    `json:"-"`
 }
-func (m *DnsPacket) Reset()         { *m = DnsPacket{} }
+func (x *DnsPacket) Reset() {
-func (m *DnsPacket) String() string { return proto.CompactTextString(m) }
+	*x = DnsPacket{}
 	if protoimpl.UnsafeEnabled {
 		mi := &file_dns_proto_msgTypes[0]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
 }
 func (x *DnsPacket) String() string {
 	return protoimpl.X.MessageStringOf(x)
 }
 func (*DnsPacket) ProtoMessage() {}
 func (x *DnsPacket) ProtoReflect() protoreflect.Message {
 	mi := &file_dns_proto_msgTypes[0]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
 		}
 		return ms
 	}
 	return mi.MessageOf(x)
 }
 // Deprecated: Use DnsPacket.ProtoReflect.Descriptor instead.
 func (*DnsPacket) Descriptor() ([]byte, []int) {
-	return fileDescriptor_638ff8d8aaf3d8ae, []int{0}
+	return file_dns_proto_rawDescGZIP(), []int{0}
 }
-func (m *DnsPacket) XXX_Unmarshal(b []byte) error {
+func (x *DnsPacket) GetMsg() []byte {
-	return xxx_messageInfo_DnsPacket.Unmarshal(m, b)
+	if x != nil {
-}
+		return x.Msg
 func (m *DnsPacket) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
 	return xxx_messageInfo_DnsPacket.Marshal(b, m, deterministic)
 }
 func (m *DnsPacket) XXX_Merge(src proto.Message) {
 	xxx_messageInfo_DnsPacket.Merge(m, src)
 }
 func (m *DnsPacket) XXX_Size() int {
 	return xxx_messageInfo_DnsPacket.Size(m)
 }
 func (m *DnsPacket) XXX_DiscardUnknown() {
 	xxx_messageInfo_DnsPacket.DiscardUnknown(m)
 }
 var xxx_messageInfo_DnsPacket proto.InternalMessageInfo
 func (m *DnsPacket) GetMsg() []byte {
 	if m != nil {
 		return m.Msg
 	}
 	return nil
 }
-func init() {
+var File_dns_proto protoreflect.FileDescriptor
-	proto.RegisterType((*DnsPacket)(nil), "coredns.dns.DnsPacket")
+
 var file_dns_proto_rawDesc = []byte{
 	0x0a, 0x09, 0x64, 0x6e, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x0b, 0x63, 0x6f, 0x72,
 	0x65, 0x64, 0x6e, 0x73, 0x2e, 0x64, 0x6e, 0x73, 0x22, 0x1d, 0x0a, 0x09, 0x44, 0x6e, 0x73, 0x50,
 	0x61, 0x63, 0x6b, 0x65, 0x74, 0x12, 0x10, 0x0a, 0x03, 0x6d, 0x73, 0x67, 0x18, 0x01, 0x20, 0x01,
 	0x28, 0x0c, 0x52, 0x03, 0x6d, 0x73, 0x67, 0x32, 0x45, 0x0a, 0x0a, 0x44, 0x6e, 0x73, 0x53, 0x65,
 	0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x37, 0x0a, 0x05, 0x51, 0x75, 0x65, 0x72, 0x79, 0x12, 0x16,
 	0x2e, 0x63, 0x6f, 0x72, 0x65, 0x64, 0x6e, 0x73, 0x2e, 0x64, 0x6e, 0x73, 0x2e, 0x44, 0x6e, 0x73,
 	0x50, 0x61, 0x63, 0x6b, 0x65, 0x74, 0x1a, 0x16, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x64, 0x6e, 0x73,
 	0x2e, 0x64, 0x6e, 0x73, 0x2e, 0x44, 0x6e, 0x73, 0x50, 0x61, 0x63, 0x6b, 0x65, 0x74, 0x42, 0x06,
 	0x5a, 0x04, 0x2e, 0x3b, 0x70, 0x62, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
 }
-func init() { proto.RegisterFile("dns.proto", fileDescriptor_638ff8d8aaf3d8ae) }
+var (
 	file_dns_proto_rawDescOnce sync.Once
 	file_dns_proto_rawDescData = file_dns_proto_rawDesc
 )
-var fileDescriptor_638ff8d8aaf3d8ae = []byte{
+func file_dns_proto_rawDescGZIP() []byte {
-	// 120 bytes of a gzipped FileDescriptorProto
+	file_dns_proto_rawDescOnce.Do(func() {
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0xe2, 0x4c, 0xc9, 0x2b, 0xd6,
+		file_dns_proto_rawDescData = protoimpl.X.CompressGZIP(file_dns_proto_rawDescData)
-	0x2b, 0x28, 0xca, 0x2f, 0xc9, 0x17, 0xe2, 0x4e, 0xce, 0x2f, 0x4a, 0x05, 0x71, 0x53, 0xf2, 0x8a,
+	})
-	0x95, 0x64, 0xb9, 0x38, 0x5d, 0xf2, 0x8a, 0x03, 0x12, 0x93, 0xb3, 0x53, 0x4b, 0x84, 0x04, 0xb8,
+	return file_dns_proto_rawDescData
 	0x98, 0x73, 0x8b, 0xd3, 0x25, 0x18, 0x15, 0x18, 0x35, 0x78, 0x82, 0x40, 0x4c, 0x23, 0x57, 0x2e,
 	0x2e, 0x97, 0xbc, 0xe2, 0xe0, 0xd4, 0xa2, 0xb2, 0xcc, 0xe4, 0x54, 0x21, 0x73, 0x2e, 0xd6, 0xc0,
 	0xd2, 0xd4, 0xa2, 0x4a, 0x21, 0x31, 0x3d, 0x24, 0x33, 0xf4, 0xe0, 0x06, 0x48, 0xe1, 0x10, 0x77,
 	0x62, 0x89, 0x62, 0x2a, 0x48, 0x4a, 0x62, 0x03, 0xdb, 0x6f, 0x0c, 0x08, 0x00, 0x00, 0xff, 0xff,
 	0xf5, 0xd1, 0x3f, 0x26, 0x8c, 0x00, 0x00, 0x00,
 }
-// Reference imports to suppress errors if they are not otherwise used.
+var file_dns_proto_msgTypes = make([]protoimpl.MessageInfo, 1)
-var _ context.Context
+var file_dns_proto_goTypes = []interface{}{
-var _ grpc.ClientConn
+	(*DnsPacket)(nil), // 0: coredns.dns.DnsPacket
-
+}
-// This is a compile-time assertion to ensure that this generated file
+var file_dns_proto_depIdxs = []int32{
-// is compatible with the grpc package it is being compiled against.
+	0, // 0: coredns.dns.DnsService.Query:input_type -> coredns.dns.DnsPacket
-const _ = grpc.SupportPackageIsVersion4
+	0, // 1: coredns.dns.DnsService.Query:output_type -> coredns.dns.DnsPacket
-
+	1, // [1:2] is the sub-list for method output_type
-// DnsServiceClient is the client API for DnsService service.
+	0, // [0:1] is the sub-list for method input_type
-//
+	0, // [0:0] is the sub-list for extension type_name
-// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.
+	0, // [0:0] is the sub-list for extension extendee
-type DnsServiceClient interface {
+	0, // [0:0] is the sub-list for field type_name
 	Query(ctx context.Context, in *DnsPacket, opts ...grpc.CallOption) (*DnsPacket, error)
 }
-type dnsServiceClient struct {
+func init() { file_dns_proto_init() }
-	cc *grpc.ClientConn
+func file_dns_proto_init() {
-}
+	if File_dns_proto != nil {
-
+		return
 func NewDnsServiceClient(cc *grpc.ClientConn) DnsServiceClient {
 	return &dnsServiceClient{cc}
 }
 func (c *dnsServiceClient) Query(ctx context.Context, in *DnsPacket, opts ...grpc.CallOption) (*DnsPacket, error) {
 	out := new(DnsPacket)
 	err := c.cc.Invoke(ctx, "/coredns.dns.DnsService/Query", in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
-	return out, nil
+	if !protoimpl.UnsafeEnabled {
-}
+		file_dns_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
-
+			switch v := v.(*DnsPacket); i {
-// DnsServiceServer is the server API for DnsService service.
+			case 0:
-type DnsServiceServer interface {
+				return &v.state
-	Query(context.Context, *DnsPacket) (*DnsPacket, error)
+			case 1:
-}
+				return &v.sizeCache
-
+			case 2:
-func RegisterDnsServiceServer(s *grpc.Server, srv DnsServiceServer) {
+				return &v.unknownFields
-	s.RegisterService(&_DnsService_serviceDesc, srv)
+			default:
-}
+				return nil
 func _DnsService_Query_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
 	in := new(DnsPacket)
 	if err := dec(in); err != nil {
 		return nil, err
 			}
 	if interceptor == nil {
 		return srv.(DnsServiceServer).Query(ctx, in)
 		}
 	info := &grpc.UnaryServerInfo{
 		Server:     srv,
 		FullMethod: "/coredns.dns.DnsService/Query",
 	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+	type x struct{}
-		return srv.(DnsServiceServer).Query(ctx, req.(*DnsPacket))
+	out := protoimpl.TypeBuilder{
-	}
+		File: protoimpl.DescBuilder{
-	return interceptor(ctx, in, info, handler)
+			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
-}
+			RawDescriptor: file_dns_proto_rawDesc,
-
+			NumEnums:      0,
-var _DnsService_serviceDesc = grpc.ServiceDesc{
+			NumMessages:   1,
-	ServiceName: "coredns.dns.DnsService",
+			NumExtensions: 0,
-	HandlerType: (*DnsServiceServer)(nil),
+			NumServices:   1,
 	Methods: []grpc.MethodDesc{
 		{
 			MethodName: "Query",
 			Handler:    _DnsService_Query_Handler,
 		},
-	},
+		GoTypes:           file_dns_proto_goTypes,
-	Streams:  []grpc.StreamDesc{},
+		DependencyIndexes: file_dns_proto_depIdxs,
-	Metadata: "dns.proto",
+		MessageInfos:      file_dns_proto_msgTypes,
 	}.Build()
 	File_dns_proto = out.File
 	file_dns_proto_rawDesc = nil
 	file_dns_proto_goTypes = nil
 	file_dns_proto_depIdxs = nil
 }
--- a/vendor/github.com/coredns/coredns/pb/dns.proto
+++ b/vendor/github.com/coredns/coredns/pb/dns.proto
@ -1,7 +1,7 @@
 syntax = "proto3";
 package coredns.dns;
-option go_package = "pb";
+option go_package = ".;pb";
 message DnsPacket {
 	bytes msg = 1;
--- a/vendor/github.com/coredns/coredns/pb/dns_grpc.pb.go
+++ b/vendor/github.com/coredns/coredns/pb/dns_grpc.pb.go
@ -0,0 +1,105 @@
 // Code generated by protoc-gen-go-grpc. DO NOT EDIT.
 // versions:
 // - protoc-gen-go-grpc v1.2.0
 // - protoc             v3.19.4
 // source: dns.proto
 package pb
 import (
 	context "context"
 	grpc "google.golang.org/grpc"
 	codes "google.golang.org/grpc/codes"
 	status "google.golang.org/grpc/status"
 )
 // This is a compile-time assertion to ensure that this generated file
 // is compatible with the grpc package it is being compiled against.
 // Requires gRPC-Go v1.32.0 or later.
 const _ = grpc.SupportPackageIsVersion7
 // DnsServiceClient is the client API for DnsService service.
 //
 // For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.
 type DnsServiceClient interface {
 	Query(ctx context.Context, in *DnsPacket, opts ...grpc.CallOption) (*DnsPacket, error)
 }
 type dnsServiceClient struct {
 	cc grpc.ClientConnInterface
 }
 func NewDnsServiceClient(cc grpc.ClientConnInterface) DnsServiceClient {
 	return &dnsServiceClient{cc}
 }
 func (c *dnsServiceClient) Query(ctx context.Context, in *DnsPacket, opts ...grpc.CallOption) (*DnsPacket, error) {
 	out := new(DnsPacket)
 	err := c.cc.Invoke(ctx, "/coredns.dns.DnsService/Query", in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
 	return out, nil
 }
 // DnsServiceServer is the server API for DnsService service.
 // All implementations must embed UnimplementedDnsServiceServer
 // for forward compatibility
 type DnsServiceServer interface {
 	Query(context.Context, *DnsPacket) (*DnsPacket, error)
 	mustEmbedUnimplementedDnsServiceServer()
 }
 // UnimplementedDnsServiceServer must be embedded to have forward compatible implementations.
 type UnimplementedDnsServiceServer struct {
 }
 func (UnimplementedDnsServiceServer) Query(context.Context, *DnsPacket) (*DnsPacket, error) {
 	return nil, status.Errorf(codes.Unimplemented, "method Query not implemented")
 }
 func (UnimplementedDnsServiceServer) mustEmbedUnimplementedDnsServiceServer() {}
 // UnsafeDnsServiceServer may be embedded to opt out of forward compatibility for this service.
 // Use of this interface is not recommended, as added methods to DnsServiceServer will
 // result in compilation errors.
 type UnsafeDnsServiceServer interface {
 	mustEmbedUnimplementedDnsServiceServer()
 }
 func RegisterDnsServiceServer(s grpc.ServiceRegistrar, srv DnsServiceServer) {
 	s.RegisterService(&DnsService_ServiceDesc, srv)
 }
 func _DnsService_Query_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
 	in := new(DnsPacket)
 	if err := dec(in); err != nil {
 		return nil, err
 	}
 	if interceptor == nil {
 		return srv.(DnsServiceServer).Query(ctx, in)
 	}
 	info := &grpc.UnaryServerInfo{
 		Server:     srv,
 		FullMethod: "/coredns.dns.DnsService/Query",
 	}
 	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
 		return srv.(DnsServiceServer).Query(ctx, req.(*DnsPacket))
 	}
 	return interceptor(ctx, in, info, handler)
 }
 // DnsService_ServiceDesc is the grpc.ServiceDesc for DnsService service.
 // It's only intended for direct use with grpc.RegisterService,
 // and not to be introspected or modified (even as a copy)
 var DnsService_ServiceDesc = grpc.ServiceDesc{
 	ServiceName: "coredns.dns.DnsService",
 	HandlerType: (*DnsServiceServer)(nil),
 	Methods: []grpc.MethodDesc{
 		{
 			MethodName: "Query",
 			Handler:    _DnsService_Query_Handler,
 		},
 	},
 	Streams:  []grpc.StreamDesc{},
 	Metadata: "dns.proto",
 }
--- a/vendor/github.com/coredns/coredns/plugin/backend_lookup.go
+++ b/vendor/github.com/coredns/coredns/plugin/backend_lookup.go
@ -14,22 +14,22 @@ import (
 )
 // A returns A records from Backend or an error.
-func A(ctx context.Context, b ServiceBackend, zone string, state request.Request, previousRecords []dns.RR, opt Options) (records []dns.RR, err error) {
+func A(ctx context.Context, b ServiceBackend, zone string, state request.Request, previousRecords []dns.RR, opt Options) (records []dns.RR, truncated bool, err error) {
 	services, err := checkForApex(ctx, b, zone, state, opt)
 	if err != nil {
-		return nil, err
+		return nil, false, err
 	}
 	dup := make(map[string]struct{})
 	for _, serv := range services {
 		what, ip := serv.HostType()
 		switch what {
 		case dns.TypeCNAME:
 			if Name(state.Name()).Matches(dns.Fqdn(serv.Host)) {
 				// x CNAME x is a direct loop, don't add those
 				// in etcd/skydns w.x CNAME x is also direct loop due to the "recursive" nature of search results
 				continue
 			}
@ -44,7 +44,7 @@ func A(ctx context.Context, b ServiceBackend, zone string, state request.Request
 			if dns.IsSubDomain(zone, dns.Fqdn(serv.Host)) {
 				state1 := state.NewWithQuestion(serv.Host, state.QType())
 				state1.Zone = zone
-				nextRecords, err := A(ctx, b, zone, state1, append(previousRecords, newRecord), opt)
+				nextRecords, tc, err := A(ctx, b, zone, state1, append(previousRecords, newRecord), opt)
 				if err == nil {
 					// Not only have we found something we should add the CNAME and the IP addresses.
@ -53,6 +53,9 @@ func A(ctx context.Context, b ServiceBackend, zone string, state request.Request
 						records = append(records, nextRecords...)
 					}
 				}
 				if tc {
 					truncated = true
 				}
 				continue
 			}
 			// This means we can not complete the CNAME, try to look else where.
@ -62,6 +65,9 @@ func A(ctx context.Context, b ServiceBackend, zone string, state request.Request
 			if e1 != nil {
 				continue
 			}
 			if m1.Truncated {
 				truncated = true
 			}
 			// Len(m1.Answer) > 0 here is well?
 			records = append(records, newRecord)
 			records = append(records, m1.Answer...)
@ -77,20 +83,19 @@ func A(ctx context.Context, b ServiceBackend, zone string, state request.Request
 			// nada
 		}
 	}
-	return records, nil
+	return records, truncated, nil
 }
 // AAAA returns AAAA records from Backend or an error.
-func AAAA(ctx context.Context, b ServiceBackend, zone string, state request.Request, previousRecords []dns.RR, opt Options) (records []dns.RR, err error) {
+func AAAA(ctx context.Context, b ServiceBackend, zone string, state request.Request, previousRecords []dns.RR, opt Options) (records []dns.RR, truncated bool, err error) {
 	services, err := checkForApex(ctx, b, zone, state, opt)
 	if err != nil {
-		return nil, err
+		return nil, false, err
 	}
 	dup := make(map[string]struct{})
 	for _, serv := range services {
 		what, ip := serv.HostType()
 		switch what {
@ -98,6 +103,7 @@ func AAAA(ctx context.Context, b ServiceBackend, zone string, state request.Requ
 			// Try to resolve as CNAME if it's not an IP, but only if we don't create loops.
 			if Name(state.Name()).Matches(dns.Fqdn(serv.Host)) {
 				// x CNAME x is a direct loop, don't add those
 				// in etcd/skydns w.x CNAME x is also direct loop due to the "recursive" nature of search results
 				continue
 			}
@ -112,7 +118,7 @@ func AAAA(ctx context.Context, b ServiceBackend, zone string, state request.Requ
 			if dns.IsSubDomain(zone, dns.Fqdn(serv.Host)) {
 				state1 := state.NewWithQuestion(serv.Host, state.QType())
 				state1.Zone = zone
-				nextRecords, err := AAAA(ctx, b, zone, state1, append(previousRecords, newRecord), opt)
+				nextRecords, tc, err := AAAA(ctx, b, zone, state1, append(previousRecords, newRecord), opt)
 				if err == nil {
 					// Not only have we found something we should add the CNAME and the IP addresses.
@ -121,6 +127,9 @@ func AAAA(ctx context.Context, b ServiceBackend, zone string, state request.Requ
 						records = append(records, nextRecords...)
 					}
 				}
 				if tc {
 					truncated = true
 				}
 				continue
 			}
 			// This means we can not complete the CNAME, try to look else where.
@ -129,6 +138,9 @@ func AAAA(ctx context.Context, b ServiceBackend, zone string, state request.Requ
 			if e1 != nil {
 				continue
 			}
 			if m1.Truncated {
 				truncated = true
 			}
 			// Len(m1.Answer) > 0 here is well?
 			records = append(records, newRecord)
 			records = append(records, m1.Answer...)
@ -145,7 +157,7 @@ func AAAA(ctx context.Context, b ServiceBackend, zone string, state request.Requ
 			}
 		}
 	}
-	return records, nil
+	return records, truncated, nil
 }
 // SRV returns SRV records from the Backend.
@ -223,7 +235,7 @@ func SRV(ctx context.Context, b ServiceBackend, zone string, state request.Reque
 			// Internal name, we should have some info on them, either v4 or v6
 			// Clients expect a complete answer, because we are a recursor in their view.
 			state1 := state.NewWithQuestion(srv.Target, dns.TypeA)
-			addr, e1 := A(ctx, b, zone, state1, nil, opt)
+			addr, _, e1 := A(ctx, b, zone, state1, nil, opt)
 			if e1 == nil {
 				extra = append(extra, addr...)
 			}
@ -289,7 +301,7 @@ func MX(ctx context.Context, b ServiceBackend, zone string, state request.Reques
 			}
 			// Internal name
 			state1 := state.NewWithQuestion(mx.Mx, dns.TypeA)
-			addr, e1 := A(ctx, b, zone, state1, nil, opt)
+			addr, _, e1 := A(ctx, b, zone, state1, nil, opt)
 			if e1 == nil {
 				extra = append(extra, addr...)
 			}
@ -329,23 +341,22 @@ func CNAME(ctx context.Context, b ServiceBackend, zone string, state request.Req
 }
 // TXT returns TXT records from Backend or an error.
-func TXT(ctx context.Context, b ServiceBackend, zone string, state request.Request, previousRecords []dns.RR, opt Options) (records []dns.RR, err error) {
+func TXT(ctx context.Context, b ServiceBackend, zone string, state request.Request, previousRecords []dns.RR, opt Options) (records []dns.RR, truncated bool, err error) {
-
+	services, err := b.Services(ctx, state, false, opt)
 	services, err := b.Services(ctx, state, true, opt)
 	if err != nil {
-		return nil, err
+		return nil, false, err
 	}
 	dup := make(map[string]struct{})
 	for _, serv := range services {
 		what, _ := serv.HostType()
 		switch what {
 		case dns.TypeCNAME:
 			if Name(state.Name()).Matches(dns.Fqdn(serv.Host)) {
 				// x CNAME x is a direct loop, don't add those
 				// in etcd/skydns w.x CNAME x is also direct loop due to the "recursive" nature of search results
 				continue
 			}
@ -360,8 +371,10 @@ func TXT(ctx context.Context, b ServiceBackend, zone string, state request.Reque
 			if dns.IsSubDomain(zone, dns.Fqdn(serv.Host)) {
 				state1 := state.NewWithQuestion(serv.Host, state.QType())
 				state1.Zone = zone
-				nextRecords, err := TXT(ctx, b, zone, state1, append(previousRecords, newRecord), opt)
+				nextRecords, tc, err := TXT(ctx, b, zone, state1, append(previousRecords, newRecord), opt)
-
+				if tc {
 					truncated = true
 				}
 				if err == nil {
 					// Not only have we found something we should add the CNAME and the IP addresses.
 					if len(nextRecords) > 0 {
@ -384,15 +397,14 @@ func TXT(ctx context.Context, b ServiceBackend, zone string, state request.Reque
 			continue
 		case dns.TypeTXT:
-			if _, ok := dup[serv.Host]; !ok {
+			if _, ok := dup[serv.Text]; !ok {
-				dup[serv.Host] = struct{}{}
+				dup[serv.Text] = struct{}{}
-				return append(records, serv.NewTXT(state.QName())), nil
+				records = append(records, serv.NewTXT(state.QName()))
 			}
 		}
 	}
-	return records, nil
+	return records, truncated, nil
 }
 // PTR returns the PTR records from the backend, only services that have a domain name as host are included.
@ -490,7 +502,6 @@ func BackendError(ctx context.Context, b ServiceBackend, zone string, rcode int,
 }
 func newAddress(s msg.Service, name string, ip net.IP, what uint16) dns.RR {
 	hdr := dns.RR_Header{Name: name, Rrtype: what, Class: dns.ClassINET, Ttl: s.TTL}
 	if what == dns.TypeA {
--- a/vendor/github.com/coredns/coredns/plugin/cache/README.md
+++ b/vendor/github.com/coredns/coredns/plugin/cache/README.md
@ -37,7 +37,9 @@ cache [TTL] [ZONES...] {
    success CAPACITY [TTL] [MINTTL]
    denial CAPACITY [TTL] [MINTTL]
    prefetch AMOUNT [[DURATION] [PERCENTAGE%]]
-    serve_stale [DURATION]
+    serve_stale [DURATION] [REFRESH_MODE]
    servfail DURATION
    disable success|denial [ZONES...]
 }
 ~~~
@ -54,10 +56,20 @@ cache [TTL] [ZONES...] {
  **DURATION** defaults to 1m. Prefetching will happen when the TTL drops below **PERCENTAGE**,
  which defaults to `10%`, or latest 1 second before TTL expiration. Values should be in the range `[10%, 90%]`.
  Note the percent sign is mandatory. **PERCENTAGE** is treated as an `int`.
-* `serve_stale`, when serve\_stale is set, cache always will serve an expired entry to a client if there is one
+* `serve_stale`, when serve\_stale is set, cache will always serve an expired entry to a client if there is one
-  available.  When this happens, cache will attempt to refresh the cache entry after sending the expired cache
+  available as long as it has not been expired for longer than **DURATION** (default 1 hour). By default, the _cache_ plugin will
-  entry to the client. The responses have a TTL of 0. **DURATION** is how far back to consider
+  attempt to refresh the cache entry after sending the expired cache entry to the client. The
-  stale responses as fresh. The default duration is 1h.
+  responses have a TTL of 0. **REFRESH_MODE** controls the timing of the expired cache entry refresh.
  `verify` will first verify that an entry is still unavailable from the source before sending the expired entry to the client.
  `immediate` will immediately send the expired entry to the client before
  checking to see if the entry is available from the source. **REFRESH_MODE** defaults to `immediate`. Setting this
  value to `verify` can lead to increased latency when serving stale responses, but will prevent stale entries
  from ever being served if an updated response can be retrieved from the source.
 * `servfail` cache SERVFAIL responses for **DURATION**.  Setting **DURATION** to 0 will disable caching of SERVFAIL
  responses.  If this option is not set, SERVFAIL responses will be cached for 5 seconds.  **DURATION** may not be
  greater than 5 minutes.
 * `disable`  disable the success or denial cache for the listed **ZONES**.  If no **ZONES** are given, the specified
  cache will be disabled for all zones.
 ## Capacity and Eviction
@ -73,14 +85,14 @@ Entries with 0 TTL will remain in the cache until randomly evicted when the shar
 If monitoring is enabled (via the *prometheus* plugin) then the following metrics are exported:
-* `coredns_cache_entries{server, type}` - Total elements in the cache by cache type.
+* `coredns_cache_entries{server, type, zones, view}` - Total elements in the cache by cache type.
-* `coredns_cache_hits_total{server, type}` - Counter of cache hits by cache type.
+* `coredns_cache_hits_total{server, type, zones, view}` - Counter of cache hits by cache type.
-* `coredns_cache_misses_total{server}` - Counter of cache misses. - Deprecated, derive misses from cache hits/requests counters.
+* `coredns_cache_misses_total{server, zones, view}` - Counter of cache misses. - Deprecated, derive misses from cache hits/requests counters.
-* `coredns_cache_requests_total{server}` - Counter of cache requests.
+* `coredns_cache_requests_total{server, zones, view}` - Counter of cache requests.
-* `coredns_cache_prefetch_total{server}` - Counter of times the cache has prefetched a cached item.
+* `coredns_cache_prefetch_total{server, zones, view}` - Counter of times the cache has prefetched a cached item.
-* `coredns_cache_drops_total{server}` - Counter of responses excluded from the cache due to request/response question name mismatch.
+* `coredns_cache_drops_total{server, zones, view}` - Counter of responses excluded from the cache due to request/response question name mismatch.
-* `coredns_cache_served_stale_total{server}` - Counter of requests served from stale cache entries.
+* `coredns_cache_served_stale_total{server, zones, view}` - Counter of requests served from stale cache entries.
-* `coredns_cache_evictions_total{server, type}` - Counter of cache evictions.
+* `coredns_cache_evictions_total{server, type, zones, view}` - Counter of cache evictions.
 Cache types are either "denial" or "success". `Server` is the server handling the request, see the
 prometheus plugin for documentation.
@ -115,3 +127,13 @@ example.org {
    }
 }
 ~~~
 Enable caching for `example.org`, but do not cache denials in `sub.example.org`:
 ~~~ corefile
 example.org {
    cache {
        disable denial sub.example.org
    }
 }
 ~~~
--- a/vendor/github.com/coredns/coredns/plugin/cache/cache.go
+++ b/vendor/github.com/coredns/coredns/plugin/cache/cache.go
@ -21,6 +21,9 @@ type Cache struct {
 	Next  plugin.Handler
 	Zones []string
 	zonesMetricLabel string
 	viewMetricLabel  string
 	ncache  *cache.Cache
 	ncap    int
 	nttl    time.Duration
@ -30,13 +33,20 @@ type Cache struct {
 	pcap    int
 	pttl    time.Duration
 	minpttl time.Duration
 	failttl time.Duration // TTL for caching SERVFAIL responses
 	// Prefetch.
 	prefetch   int
 	duration   time.Duration
 	percentage int
 	// Stale serve
 	staleUpTo   time.Duration
 	verifyStale bool
 	// Positive/negative zone exceptions
 	pexcept []string
 	nexcept []string
 	// Testing.
 	now func() time.Time
@ -55,6 +65,7 @@ func New() *Cache {
 		ncache:     cache.New(defaultCap),
 		nttl:       maxNTTL,
 		minnttl:    minNTTL,
 		failttl:    minNTTL,
 		prefetch:   0,
 		duration:   1 * time.Minute,
 		percentage: 10,
@ -105,8 +116,14 @@ type ResponseWriter struct {
 	server string // Server handling the request.
 	do         bool // When true the original request had the DO bit set.
 	ad         bool // When true the original request had the AD bit set.
 	prefetch   bool // When true write nothing back to the client.
 	remoteAddr net.Addr
 	wildcardFunc func() string // function to retrieve wildcard name that synthesized the result.
 	pexcept []string // positive zone exceptions
 	nexcept []string // negative zone exceptions
 }
 // newPrefetchResponseWriter returns a Cache ResponseWriter to be used in
@ -153,8 +170,7 @@ func (w *ResponseWriter) WriteMsg(res *dns.Msg) error {
 	if mt == response.NameError || mt == response.NoData {
 		duration = computeTTL(msgTTL, w.minnttl, w.nttl)
 	} else if mt == response.ServerError {
-		// use default ttl which is 5s
+		duration = w.failttl
 		duration = minTTL
 	} else {
 		duration = computeTTL(msgTTL, w.minpttl, w.pttl)
 	}
@ -162,11 +178,11 @@ func (w *ResponseWriter) WriteMsg(res *dns.Msg) error {
 	if hasKey && duration > 0 {
 		if w.state.Match(res) {
 			w.set(res, key, mt, duration)
-			cacheSize.WithLabelValues(w.server, Success).Set(float64(w.pcache.Len()))
+			cacheSize.WithLabelValues(w.server, Success, w.zonesMetricLabel, w.viewMetricLabel).Set(float64(w.pcache.Len()))
-			cacheSize.WithLabelValues(w.server, Denial).Set(float64(w.ncache.Len()))
+			cacheSize.WithLabelValues(w.server, Denial, w.zonesMetricLabel, w.viewMetricLabel).Set(float64(w.ncache.Len()))
 		} else {
 			// Don't log it, but increment counter
-			cacheDrops.WithLabelValues(w.server).Inc()
+			cacheDrops.WithLabelValues(w.server, w.zonesMetricLabel, w.viewMetricLabel).Inc()
 		}
 	}
@ -181,8 +197,10 @@ func (w *ResponseWriter) WriteMsg(res *dns.Msg) error {
 	res.Ns = filterRRSlice(res.Ns, ttl, w.do, false)
 	res.Extra = filterRRSlice(res.Extra, ttl, w.do, false)
-	if !w.do {
+	if !w.do && !w.ad {
-		res.AuthenticatedData = false // unset AD bit if client is not OK with DNSSEC
+		// unset AD bit if requester is not OK with DNSSEC
 		// But retain AD bit if requester set the AD bit in the request, per RFC6840 5.7-5.8
 		res.AuthenticatedData = false
 	}
 	return w.ResponseWriter.WriteMsg(res)
@ -193,9 +211,16 @@ func (w *ResponseWriter) set(m *dns.Msg, key uint64, mt response.Type, duration
 	// and key is valid
 	switch mt {
 	case response.NoError, response.Delegation:
 		if plugin.Zones(w.pexcept).Matches(m.Question[0].Name) != "" {
 			// zone is in exception list, do not cache
 			return
 		}
 		i := newItem(m, w.now(), duration)
 		if w.wildcardFunc != nil {
 			i.wildcard = w.wildcardFunc()
 		}
 		if w.pcache.Add(key, i) {
-			evictions.WithLabelValues(w.server, Success).Inc()
+			evictions.WithLabelValues(w.server, Success, w.zonesMetricLabel, w.viewMetricLabel).Inc()
 		}
 		// when pre-fetching, remove the negative cache entry if it exists
 		if w.prefetch {
@ -203,9 +228,16 @@ func (w *ResponseWriter) set(m *dns.Msg, key uint64, mt response.Type, duration
 		}
 	case response.NameError, response.NoData, response.ServerError:
 		if plugin.Zones(w.nexcept).Matches(m.Question[0].Name) != "" {
 			// zone is in exception list, do not cache
 			return
 		}
 		i := newItem(m, w.now(), duration)
 		if w.wildcardFunc != nil {
 			i.wildcard = w.wildcardFunc()
 		}
 		if w.ncache.Add(key, i) {
-			evictions.WithLabelValues(w.server, Denial).Inc()
+			evictions.WithLabelValues(w.server, Denial, w.zonesMetricLabel, w.viewMetricLabel).Inc()
 		}
 	case response.OtherError:
@ -225,6 +257,33 @@ func (w *ResponseWriter) Write(buf []byte) (int, error) {
 	return n, err
 }
 // verifyStaleResponseWriter is a response writer that only writes messages if they should replace a
 // stale cache entry, and otherwise discards them.
 type verifyStaleResponseWriter struct {
 	*ResponseWriter
 	refreshed bool // set to true if the last WriteMsg wrote to ResponseWriter, false otherwise.
 }
 // newVerifyStaleResponseWriter returns a ResponseWriter to be used when verifying stale cache
 // entries. It only forward writes if an entry was successfully refreshed according to RFC8767,
 // section 4 (response is NoError or NXDomain), and ignores any other response.
 func newVerifyStaleResponseWriter(w *ResponseWriter) *verifyStaleResponseWriter {
 	return &verifyStaleResponseWriter{
 		w,
 		false,
 	}
 }
 // WriteMsg implements the dns.ResponseWriter interface.
 func (w *verifyStaleResponseWriter) WriteMsg(res *dns.Msg) error {
 	w.refreshed = false
 	if res.Rcode == dns.RcodeSuccess || res.Rcode == dns.RcodeNameError {
 		w.refreshed = true
 		return w.ResponseWriter.WriteMsg(res) // stores to the cache and send to client
 	}
 	return nil // else discard
 }
 const (
 	maxTTL  = dnsutil.MaximumDefaulTTL
 	minTTL  = dnsutil.MinimalDefaultTTL
--- a/vendor/github.com/coredns/coredns/plugin/cache/fuzz.go
+++ b/vendor/github.com/coredns/coredns/plugin/cache/fuzz.go
@ -1,4 +1,4 @@
-// +build gofuzz
+//go:build gofuzz
 package cache
--- a/vendor/github.com/coredns/coredns/plugin/cache/handler.go
+++ b/vendor/github.com/coredns/coredns/plugin/cache/handler.go
@ -6,6 +6,7 @@ import (
 	"time"
 	"github.com/coredns/coredns/plugin"
 	"github.com/coredns/coredns/plugin/metadata"
 	"github.com/coredns/coredns/plugin/metrics"
 	"github.com/coredns/coredns/request"
@ -17,6 +18,7 @@ func (c *Cache) ServeDNS(ctx context.Context, w dns.ResponseWriter, r *dns.Msg)
 	rc := r.Copy() // We potentially modify r, to prevent other plugins from seeing this (r is a pointer), copy r into rc.
 	state := request.Request{W: w, Req: rc}
 	do := state.Do()
 	ad := r.AuthenticatedData
 	zone := plugin.Zones(c.Zones).Matches(state.Name())
 	if zone == "" {
@ -35,31 +37,59 @@ func (c *Cache) ServeDNS(ctx context.Context, w dns.ResponseWriter, r *dns.Msg)
 	ttl := 0
 	i := c.getIgnoreTTL(now, state, server)
 	if i != nil {
 		ttl = i.ttl(now)
 	}
 	if i == nil {
-		crr := &ResponseWriter{ResponseWriter: w, Cache: c, state: state, server: server, do: do}
+		crr := &ResponseWriter{ResponseWriter: w, Cache: c, state: state, server: server, do: do, ad: ad,
 			nexcept: c.nexcept, pexcept: c.pexcept, wildcardFunc: wildcardFunc(ctx)}
 		return c.doRefresh(ctx, state, crr)
 	}
 	ttl = i.ttl(now)
 	if ttl < 0 {
-		servedStale.WithLabelValues(server).Inc()
+		// serve stale behavior
 		if c.verifyStale {
 			crr := &ResponseWriter{ResponseWriter: w, Cache: c, state: state, server: server, do: do}
 			cw := newVerifyStaleResponseWriter(crr)
 			ret, err := c.doRefresh(ctx, state, cw)
 			if cw.refreshed {
 				return ret, err
 			}
 		}
 		// Adjust the time to get a 0 TTL in the reply built from a stale item.
 		now = now.Add(time.Duration(ttl) * time.Second)
 		if !c.verifyStale {
 			cw := newPrefetchResponseWriter(server, state, c)
 			go c.doPrefetch(ctx, state, cw, i, now)
 		}
 		servedStale.WithLabelValues(server, c.zonesMetricLabel, c.viewMetricLabel).Inc()
 	} else if c.shouldPrefetch(i, now) {
 		cw := newPrefetchResponseWriter(server, state, c)
 		go c.doPrefetch(ctx, state, cw, i, now)
 	}
 	resp := i.toMsg(r, now, do)
 	w.WriteMsg(resp)
 	if i.wildcard != "" {
 		// Set wildcard source record name to metadata
 		metadata.SetValueFunc(ctx, "zone/wildcard", func() string {
 			return i.wildcard
 		})
 	}
 	resp := i.toMsg(r, now, do, ad)
 	w.WriteMsg(resp)
 	return dns.RcodeSuccess, nil
 }
 func wildcardFunc(ctx context.Context) func() string {
 	return func() string {
 		// Get wildcard source record name from metadata
 		if f := metadata.ValueFunc(ctx, "zone/wildcard"); f != nil {
 			return f()
 		}
 		return ""
 	}
 }
 func (c *Cache) doPrefetch(ctx context.Context, state request.Request, cw *ResponseWriter, i *item, now time.Time) {
-	cachePrefetches.WithLabelValues(cw.server).Inc()
+	cachePrefetches.WithLabelValues(cw.server, c.zonesMetricLabel, c.viewMetricLabel).Inc()
 	c.doRefresh(ctx, state, cw)
 	// When prefetching we loose the item i, and with it the frequency
@ -70,7 +100,7 @@ func (c *Cache) doPrefetch(ctx context.Context, state request.Request, cw *Respo
 	}
 }
-func (c *Cache) doRefresh(ctx context.Context, state request.Request, cw *ResponseWriter) (int, error) {
+func (c *Cache) doRefresh(ctx context.Context, state request.Request, cw dns.ResponseWriter) (int, error) {
 	if !state.Do() {
 		setDo(state.Req)
 	}
@ -89,43 +119,28 @@ func (c *Cache) shouldPrefetch(i *item, now time.Time) bool {
 // Name implements the Handler interface.
 func (c *Cache) Name() string { return "cache" }
 func (c *Cache) get(now time.Time, state request.Request, server string) (*item, bool) {
 	k := hash(state.Name(), state.QType())
 	cacheRequests.WithLabelValues(server).Inc()
 	if i, ok := c.ncache.Get(k); ok && i.(*item).ttl(now) > 0 {
 		cacheHits.WithLabelValues(server, Denial).Inc()
 		return i.(*item), true
 	}
 	if i, ok := c.pcache.Get(k); ok && i.(*item).ttl(now) > 0 {
 		cacheHits.WithLabelValues(server, Success).Inc()
 		return i.(*item), true
 	}
 	cacheMisses.WithLabelValues(server).Inc()
 	return nil, false
 }
 // getIgnoreTTL unconditionally returns an item if it exists in the cache.
 func (c *Cache) getIgnoreTTL(now time.Time, state request.Request, server string) *item {
 	k := hash(state.Name(), state.QType())
-	cacheRequests.WithLabelValues(server).Inc()
+	cacheRequests.WithLabelValues(server, c.zonesMetricLabel, c.viewMetricLabel).Inc()
 	if i, ok := c.ncache.Get(k); ok {
-		ttl := i.(*item).ttl(now)
+		itm := i.(*item)
-		if ttl > 0 || (c.staleUpTo > 0 && -ttl < int(c.staleUpTo.Seconds())) {
+		ttl := itm.ttl(now)
-			cacheHits.WithLabelValues(server, Denial).Inc()
+		if itm.matches(state) && (ttl > 0 || (c.staleUpTo > 0 && -ttl < int(c.staleUpTo.Seconds()))) {
 			cacheHits.WithLabelValues(server, Denial, c.zonesMetricLabel, c.viewMetricLabel).Inc()
 			return i.(*item)
 		}
 	}
 	if i, ok := c.pcache.Get(k); ok {
-		ttl := i.(*item).ttl(now)
+		itm := i.(*item)
-		if ttl > 0 || (c.staleUpTo > 0 && -ttl < int(c.staleUpTo.Seconds())) {
+		ttl := itm.ttl(now)
-			cacheHits.WithLabelValues(server, Success).Inc()
+		if itm.matches(state) && (ttl > 0 || (c.staleUpTo > 0 && -ttl < int(c.staleUpTo.Seconds()))) {
 			cacheHits.WithLabelValues(server, Success, c.zonesMetricLabel, c.viewMetricLabel).Inc()
 			return i.(*item)
 		}
 	}
-	cacheMisses.WithLabelValues(server).Inc()
+	cacheMisses.WithLabelValues(server, c.zonesMetricLabel, c.viewMetricLabel).Inc()
 	return nil
 }
--- a/vendor/github.com/coredns/coredns/plugin/cache/item.go
+++ b/vendor/github.com/coredns/coredns/plugin/cache/item.go
@ -1,20 +1,25 @@
 package cache
 import (
 	"strings"
 	"time"
 	"github.com/coredns/coredns/plugin/cache/freq"
 	"github.com/coredns/coredns/request"
 	"github.com/miekg/dns"
 )
 type item struct {
 	Name               string
 	QType              uint16
 	Rcode              int
 	AuthenticatedData  bool
 	RecursionAvailable bool
 	Answer             []dns.RR
 	Ns                 []dns.RR
 	Extra              []dns.RR
 	wildcard           string
 	origTTL uint32
 	stored  time.Time
@ -24,6 +29,10 @@ type item struct {
 func newItem(m *dns.Msg, now time.Time, d time.Duration) *item {
 	i := new(item)
 	if len(m.Question) != 0 {
 		i.Name = m.Question[0].Name
 		i.QType = m.Question[0].Qtype
 	}
 	i.Rcode = m.Rcode
 	i.AuthenticatedData = m.AuthenticatedData
 	i.RecursionAvailable = m.RecursionAvailable
@ -56,7 +65,7 @@ func newItem(m *dns.Msg, now time.Time, d time.Duration) *item {
 // So we're forced to always set this to 1; regardless if the answer came from the cache or not.
 // On newer systems(e.g. ubuntu 16.04 with glib version 2.23), this issue is resolved.
 // So we may set this bit back to 0 in the future ?
-func (i *item) toMsg(m *dns.Msg, now time.Time, do bool) *dns.Msg {
+func (i *item) toMsg(m *dns.Msg, now time.Time, do bool, ad bool) *dns.Msg {
 	m1 := new(dns.Msg)
 	m1.SetReply(m)
@ -65,8 +74,10 @@ func (i *item) toMsg(m *dns.Msg, now time.Time, do bool) *dns.Msg {
 	// just set it to true.
 	m1.Authoritative = true
 	m1.AuthenticatedData = i.AuthenticatedData
-	if !do {
+	if !do && !ad {
-		m1.AuthenticatedData = false // when DNSSEC was not wanted, it can't be authenticated data.
+		// When DNSSEC was not wanted, it can't be authenticated data.
 		// However, retain the AD bit if the requester set the AD bit, per RFC6840 5.7-5.8
 		m1.AuthenticatedData = false
 	}
 	m1.RecursionAvailable = i.RecursionAvailable
 	m1.Rcode = i.Rcode
@ -87,3 +98,10 @@ func (i *item) ttl(now time.Time) int {
 	ttl := int(i.origTTL) - int(now.UTC().Sub(i.stored).Seconds())
 	return ttl
 }
 func (i *item) matches(state request.Request) bool {
 	if state.QType() == i.QType && strings.EqualFold(state.QName(), i.Name) {
 		return true
 	}
 	return false
 }
--- a/vendor/github.com/coredns/coredns/plugin/cache/metrics.go
+++ b/vendor/github.com/coredns/coredns/plugin/cache/metrics.go
@ -14,54 +14,54 @@ var (
 		Subsystem: "cache",
 		Name:      "entries",
 		Help:      "The number of elements in the cache.",
-	}, []string{"server", "type"})
+	}, []string{"server", "type", "zones", "view"})
 	// cacheRequests is a counter of all requests through the cache.
 	cacheRequests = promauto.NewCounterVec(prometheus.CounterOpts{
 		Namespace: plugin.Namespace,
 		Subsystem: "cache",
 		Name:      "requests_total",
 		Help:      "The count of cache requests.",
-	}, []string{"server"})
+	}, []string{"server", "zones", "view"})
 	// cacheHits is counter of cache hits by cache type.
 	cacheHits = promauto.NewCounterVec(prometheus.CounterOpts{
 		Namespace: plugin.Namespace,
 		Subsystem: "cache",
 		Name:      "hits_total",
 		Help:      "The count of cache hits.",
-	}, []string{"server", "type"})
+	}, []string{"server", "type", "zones", "view"})
 	// cacheMisses is the counter of cache misses. - Deprecated
 	cacheMisses = promauto.NewCounterVec(prometheus.CounterOpts{
 		Namespace: plugin.Namespace,
 		Subsystem: "cache",
 		Name:      "misses_total",
 		Help:      "The count of cache misses. Deprecated, derive misses from cache hits/requests counters.",
-	}, []string{"server"})
+	}, []string{"server", "zones", "view"})
 	// cachePrefetches is the number of time the cache has prefetched a cached item.
 	cachePrefetches = promauto.NewCounterVec(prometheus.CounterOpts{
 		Namespace: plugin.Namespace,
 		Subsystem: "cache",
 		Name:      "prefetch_total",
 		Help:      "The number of times the cache has prefetched a cached item.",
-	}, []string{"server"})
+	}, []string{"server", "zones", "view"})
 	// cacheDrops is the number responses that are not cached, because the reply is malformed.
 	cacheDrops = promauto.NewCounterVec(prometheus.CounterOpts{
 		Namespace: plugin.Namespace,
 		Subsystem: "cache",
 		Name:      "drops_total",
 		Help:      "The number responses that are not cached, because the reply is malformed.",
-	}, []string{"server"})
+	}, []string{"server", "zones", "view"})
 	// servedStale is the number of requests served from stale cache entries.
 	servedStale = promauto.NewCounterVec(prometheus.CounterOpts{
 		Namespace: plugin.Namespace,
 		Subsystem: "cache",
 		Name:      "served_stale_total",
 		Help:      "The number of requests served from stale cache entries.",
-	}, []string{"server"})
+	}, []string{"server", "zones", "view"})
 	// evictions is the counter of cache evictions.
 	evictions = promauto.NewCounterVec(prometheus.CounterOpts{
 		Namespace: plugin.Namespace,
 		Subsystem: "cache",
 		Name:      "evictions_total",
 		Help:      "The count of cache evictions.",
-	}, []string{"server", "type"})
+	}, []string{"server", "type", "zones", "view"})
 )
--- a/vendor/github.com/coredns/coredns/plugin/cache/setup.go
+++ b/vendor/github.com/coredns/coredns/plugin/cache/setup.go
@ -4,6 +4,7 @@ import (
 	"errors"
 	"fmt"
 	"strconv"
 	"strings"
 	"time"
 	"github.com/coredns/caddy"
@ -22,6 +23,12 @@ func setup(c *caddy.Controller) error {
 	if err != nil {
 		return plugin.Error("cache", err)
 	}
 	c.OnStartup(func() error {
 		ca.viewMetricLabel = dnsserver.GetConfig(c).ViewName
 		return nil
 	})
 	dnsserver.GetConfig(c).AddPlugin(func(next plugin.Handler) plugin.Handler {
 		ca.Next = next
 		return ca
@ -165,11 +172,11 @@ func cacheParse(c *caddy.Controller) (*Cache, error) {
 			case "serve_stale":
 				args := c.RemainingArgs()
-				if len(args) > 1 {
+				if len(args) > 2 {
 					return nil, c.ArgErr()
 				}
 				ca.staleUpTo = 1 * time.Hour
-				if len(args) == 1 {
+				if len(args) > 0 {
 					d, err := time.ParseDuration(args[0])
 					if err != nil {
 						return nil, err
@ -179,12 +186,67 @@ func cacheParse(c *caddy.Controller) (*Cache, error) {
 					}
 					ca.staleUpTo = d
 				}
 				ca.verifyStale = false
 				if len(args) > 1 {
 					mode := strings.ToLower(args[1])
 					if mode != "immediate" && mode != "verify" {
 						return nil, fmt.Errorf("invalid value for serve_stale refresh mode: %s", mode)
 					}
 					ca.verifyStale = mode == "verify"
 				}
 			case "servfail":
 				args := c.RemainingArgs()
 				if len(args) != 1 {
 					return nil, c.ArgErr()
 				}
 				d, err := time.ParseDuration(args[0])
 				if err != nil {
 					return nil, err
 				}
 				if d < 0 {
 					return nil, errors.New("invalid negative ttl for servfail")
 				}
 				if d > 5*time.Minute {
 					// RFC 2308 prohibits caching SERVFAIL longer than 5 minutes
 					return nil, errors.New("caching SERVFAIL responses over 5 minutes is not permitted")
 				}
 				ca.failttl = d
 			case "disable":
 				// disable [success|denial] [zones]...
 				args := c.RemainingArgs()
 				if len(args) < 1 {
 					return nil, c.ArgErr()
 				}
 				var zones []string
 				if len(args) > 1 {
 					for _, z := range args[1:] { // args[1:] define the list of zones to disable
 						nz := plugin.Name(z).Normalize()
 						if nz == "" {
 							return nil, fmt.Errorf("invalid disabled zone: %s", z)
 						}
 						zones = append(zones, nz)
 					}
 				} else {
 					// if no zones specified, default to root
 					zones = []string{"."}
 				}
 				switch args[0] { // args[0] defines which cache to disable
 				case Denial:
 					ca.nexcept = zones
 				case Success:
 					ca.pexcept = zones
 				default:
 					return nil, fmt.Errorf("cache type for disable must be %q or %q", Success, Denial)
 				}
 			default:
 				return nil, c.ArgErr()
 			}
 		}
 		ca.Zones = origins
 		ca.zonesMetricLabel = strings.Join(origins, ",")
 		ca.pcache = cache.New(ca.pcap)
 		ca.ncache = cache.New(ca.ncap)
 	}
--- a/vendor/github.com/coredns/coredns/plugin/etcd/msg/path.go
+++ b/vendor/github.com/coredns/coredns/plugin/etcd/msg/path.go
@ -22,6 +22,9 @@ func Path(s, prefix string) string {
 // Domain is the opposite of Path.
 func Domain(s string) string {
 	l := strings.Split(s, "/")
 	if l[len(l)-1] == "" {
 		l = l[:len(l)-1]
 	}
 	// start with 1, to strip /skydns
 	for i, j := 1, len(l)-1; i < j; i, j = i+1, j-1 {
 		l[i], l[j] = l[j], l[i]
--- a/vendor/github.com/coredns/coredns/plugin/etcd/msg/service.go
+++ b/vendor/github.com/coredns/coredns/plugin/etcd/msg/service.go
@ -154,7 +154,6 @@ func split255(s string) []string {
 		} else {
 			sx = append(sx, s[p:])
 			break
 		}
 		p, i = p+255, i+255
 	}
--- a/vendor/github.com/coredns/coredns/plugin/etcd/msg/type.go
+++ b/vendor/github.com/coredns/coredns/plugin/etcd/msg/type.go
@ -15,11 +15,9 @@ import (
 //
 // Note that a service can double/triple as a TXT record or MX record.
 func (s *Service) HostType() (what uint16, normalized net.IP) {
 	ip := net.ParseIP(s.Host)
 	switch {
 	case ip == nil:
 		if len(s.Text) == 0 {
 			return dns.TypeCNAME, nil
--- a/vendor/github.com/coredns/coredns/plugin/metadata/README.md
+++ b/vendor/github.com/coredns/coredns/plugin/metadata/README.md
@ -0,0 +1,49 @@
 # metadata
 ## Name
 *metadata* - enables a metadata collector.
 ## Description
 By enabling *metadata* any plugin that implements [metadata.Provider
 interface](https://godoc.org/github.com/coredns/coredns/plugin/metadata#Provider) will be called for
 each DNS query, at the beginning of the process for that query, in order to add its own metadata to
 context.
 The metadata collected will be available for all plugins, via the Context parameter provided in the
 ServeDNS function. The package (code) documentation has examples on how to inspect and retrieve
 metadata a plugin might be interested in.
 The metadata is added by setting a label with a value in the context. These labels should be named
 `plugin/NAME`, where **NAME** is something descriptive. The only hard requirement the *metadata*
 plugin enforces is that the labels contain a slash. See the documentation for
 `metadata.SetValueFunc`.
 The value stored is a string. The empty string signals "no metadata". See the documentation for
 `metadata.ValueFunc` on how to retrieve this.
 ## Syntax
 ~~~
 metadata [ZONES... ]
 ~~~
 * **ZONES** zones metadata should be invoked for.
 ## Plugins
 `metadata.Provider` interface needs to be implemented by each plugin willing to provide metadata
 information for other plugins. It will be called by metadata and gather the information from all
 plugins in context.
 Note: this method should work quickly, because it is called for every request.
 ## Examples
 The *rewrite* plugin uses meta data to rewrite requests.
 ## See Also
 The [Provider interface](https://godoc.org/github.com/coredns/coredns/plugin/metadata#Provider) and
 the [package level](https://godoc.org/github.com/coredns/coredns/plugin/metadata) documentation.
--- a/vendor/github.com/coredns/coredns/plugin/metadata/metadata.go
+++ b/vendor/github.com/coredns/coredns/plugin/metadata/metadata.go
@ -0,0 +1,44 @@
 package metadata
 import (
 	"context"
 	"github.com/coredns/coredns/plugin"
 	"github.com/coredns/coredns/request"
 	"github.com/miekg/dns"
 )
 // Metadata implements collecting metadata information from all plugins that
 // implement the Provider interface.
 type Metadata struct {
 	Zones     []string
 	Providers []Provider
 	Next      plugin.Handler
 }
 // Name implements the Handler interface.
 func (m *Metadata) Name() string { return "metadata" }
 // ContextWithMetadata is exported for use by provider tests
 func ContextWithMetadata(ctx context.Context) context.Context {
 	return context.WithValue(ctx, key{}, md{})
 }
 // ServeDNS implements the plugin.Handler interface.
 func (m *Metadata) ServeDNS(ctx context.Context, w dns.ResponseWriter, r *dns.Msg) (int, error) {
 	rcode, err := plugin.NextOrFailure(m.Name(), m.Next, ctx, w, r)
 	return rcode, err
 }
 // Collect will retrieve metadata functions from each metadata provider and update the context
 func (m *Metadata) Collect(ctx context.Context, state request.Request) context.Context {
 	ctx = ContextWithMetadata(ctx)
 	if plugin.Zones(m.Zones).Matches(state.Name()) != "" {
 		// Go through all Providers and collect metadata.
 		for _, p := range m.Providers {
 			ctx = p.Metadata(ctx, state)
 		}
 	}
 	return ctx
 }
--- a/vendor/github.com/coredns/coredns/plugin/metadata/provider.go
+++ b/vendor/github.com/coredns/coredns/plugin/metadata/provider.go
@ -0,0 +1,127 @@
 // Package metadata provides an API that allows plugins to add metadata to the context.
 // Each metadata is stored under a label that has the form <plugin>/<name>. Each metadata
 // is returned as a Func. When Func is called the metadata is returned. If Func is expensive to
 // execute it is its responsibility to provide some form of caching. During the handling of a
 // query it is expected the metadata stays constant.
 //
 // Basic example:
 //
 // Implement the Provider interface for a plugin p:
 //
 //    func (p P) Metadata(ctx context.Context, state request.Request) context.Context {
 //       metadata.SetValueFunc(ctx, "test/something", func() string { return "myvalue" })
 //	 return ctx
 //    }
 //
 // Basic example with caching:
 //
 //    func (p P) Metadata(ctx context.Context, state request.Request) context.Context {
 //       cached := ""
 //       f := func() string {
 //		if cached != "" {
 //                 return cached
 //             }
 //             cached = expensiveFunc()
 //             return cached
 //       }
 //       metadata.SetValueFunc(ctx, "test/something", f)
 //	 return ctx
 //    }
 //
 // If you need access to this metadata from another plugin:
 //
 //    // ...
 //    valueFunc := metadata.ValueFunc(ctx, "test/something")
 //    value := valueFunc()
 //    // use 'value'
 //
 package metadata
 import (
 	"context"
 	"strings"
 	"github.com/coredns/coredns/request"
 )
 // Provider interface needs to be implemented by each plugin willing to provide
 // metadata information for other plugins.
 type Provider interface {
 	// Metadata adds metadata to the context and returns a (potentially) new context.
 	// Note: this method should work quickly, because it is called for every request
 	// from the metadata plugin.
 	Metadata(ctx context.Context, state request.Request) context.Context
 }
 // Func is the type of function in the metadata, when called they return the value of the label.
 type Func func() string
 // IsLabel checks that the provided name is a valid label name, i.e. two or more words separated by a slash.
 func IsLabel(label string) bool {
 	p := strings.Index(label, "/")
 	if p <= 0 || p >= len(label)-1 {
 		// cannot accept namespace empty nor label empty
 		return false
 	}
 	return true
 }
 // Labels returns all metadata keys stored in the context. These label names should be named
 // as: plugin/NAME, where NAME is something descriptive.
 func Labels(ctx context.Context) []string {
 	if metadata := ctx.Value(key{}); metadata != nil {
 		if m, ok := metadata.(md); ok {
 			return keys(m)
 		}
 	}
 	return nil
 }
 // ValueFuncs returns the map[string]Func from the context, or nil if it does not exist.
 func ValueFuncs(ctx context.Context) map[string]Func {
 	if metadata := ctx.Value(key{}); metadata != nil {
 		if m, ok := metadata.(md); ok {
 			return m
 		}
 	}
 	return nil
 }
 // ValueFunc returns the value function of label. If none can be found nil is returned. Calling the
 // function returns the value of the label.
 func ValueFunc(ctx context.Context, label string) Func {
 	if metadata := ctx.Value(key{}); metadata != nil {
 		if m, ok := metadata.(md); ok {
 			return m[label]
 		}
 	}
 	return nil
 }
 // SetValueFunc set the metadata label to the value function. If no metadata can be found this is a noop and
 // false is returned. Any existing value is overwritten.
 func SetValueFunc(ctx context.Context, label string, f Func) bool {
 	if metadata := ctx.Value(key{}); metadata != nil {
 		if m, ok := metadata.(md); ok {
 			m[label] = f
 			return true
 		}
 	}
 	return false
 }
 // md is metadata information storage.
 type md map[string]Func
 // key defines the type of key that is used to save metadata into the context.
 type key struct{}
 func keys(m map[string]Func) []string {
 	s := make([]string, len(m))
 	i := 0
 	for k := range m {
 		s[i] = k
 		i++
 	}
 	return s
 }
--- a/vendor/github.com/coredns/coredns/plugin/metadata/setup.go
+++ b/vendor/github.com/coredns/coredns/plugin/metadata/setup.go
@ -0,0 +1,44 @@
 package metadata
 import (
 	"github.com/coredns/caddy"
 	"github.com/coredns/coredns/core/dnsserver"
 	"github.com/coredns/coredns/plugin"
 )
 func init() { plugin.Register("metadata", setup) }
 func setup(c *caddy.Controller) error {
 	m, err := metadataParse(c)
 	if err != nil {
 		return err
 	}
 	dnsserver.GetConfig(c).AddPlugin(func(next plugin.Handler) plugin.Handler {
 		m.Next = next
 		return m
 	})
 	c.OnStartup(func() error {
 		plugins := dnsserver.GetConfig(c).Handlers()
 		for _, p := range plugins {
 			if met, ok := p.(Provider); ok {
 				m.Providers = append(m.Providers, met)
 			}
 		}
 		return nil
 	})
 	return nil
 }
 func metadataParse(c *caddy.Controller) (*Metadata, error) {
 	m := &Metadata{}
 	c.Next()
 	m.Zones = plugin.OriginsFromArgsOrServerBlock(c.RemainingArgs(), c.ServerBlockKeys)
 	if c.NextBlock() || c.Next() {
 		return nil, plugin.Error("metadata", c.ArgErr())
 	}
 	return m, nil
 }
--- a/vendor/github.com/coredns/coredns/plugin/metrics/README.md
+++ b/vendor/github.com/coredns/coredns/plugin/metrics/README.md
@ -8,19 +8,22 @@
 With *prometheus* you export metrics from CoreDNS and any plugin that has them.
 The default location for the metrics is `localhost:9153`. The metrics path is fixed to `/metrics`.
-The following metrics are exported:
+
 In addition to the default Go metrics exported by the [Prometheus Go client](https://prometheus.io/docs/guides/go-application/),
 the following metrics are exported:
 * `coredns_build_info{version, revision, goversion}` - info about CoreDNS itself.
 * `coredns_panics_total{}` - total number of panics.
-* `coredns_dns_requests_total{server, zone, proto, family, type}` - total query count.
+* `coredns_dns_requests_total{server, zone, view, proto, family, type}` - total query count.
-* `coredns_dns_request_duration_seconds{server, zone, type}` - duration to process each query.
+* `coredns_dns_request_duration_seconds{server, zone, view, type}` - duration to process each query.
-* `coredns_dns_request_size_bytes{server, zone, proto}` - size of the request in bytes.
+* `coredns_dns_request_size_bytes{server, zone, view, proto}` - size of the request in bytes.
-* `coredns_dns_do_requests_total{server, zone}` -  queries that have the DO bit set
+* `coredns_dns_do_requests_total{server, view, zone}` -  queries that have the DO bit set
-* `coredns_dns_response_size_bytes{server, zone, proto}` - response size in bytes.
+* `coredns_dns_response_size_bytes{server, zone, view, proto}` - response size in bytes.
-* `coredns_dns_responses_total{server, zone, rcode, plugin}` - response per zone, rcode and plugin.
+* `coredns_dns_responses_total{server, zone, view, rcode, plugin}` - response per zone, rcode and plugin.
-* `coredns_plugin_enabled{server, zone, name}` - indicates whether a plugin is enabled on per server and zone basis.
+* `coredns_dns_https_responses_total{server, status}` - responses per server and http status code.
 * `coredns_plugin_enabled{server, zone, view, name}` - indicates whether a plugin is enabled on per server, zone and view basis.
-Each counter has a label `zone` which is the zonename used for the request/response.
+Almost each counter has a label `zone` which is the zonename used for the request/response.
 Extra labels used are:
@ -32,12 +35,20 @@ Extra labels used are:
 * `type` which holds the query type. It holds most common types (A, AAAA, MX, SOA, CNAME, PTR, TXT,
  NS, SRV, DS, DNSKEY, RRSIG, NSEC, NSEC3, HTTPS, IXFR, AXFR and ANY) and "other" which lumps together all
  other types.
 * `status` which holds the https status code. Possible values are:
  * 200 - request is processed,
  * 404 - request has been rejected on validation,
  * 400 - request to dns message conversion failed,
  * 500 - processing ended up with no response.
 * the `plugin` label holds the name of the plugin that made the write to the client. If the server
  did the write (on error for instance), the value is empty.
 If monitoring is enabled, queries that do not enter the plugin chain are exported under the fake
 name "dropped" (without a closing dot - this is never a valid domain name).
 Other plugins may export additional stats when the _prometheus_ plugin is enabled.  Those stats are documented in each
 plugin's README.
 This plugin can only be used once per Server Block.
 ## Syntax
--- a/vendor/github.com/coredns/coredns/plugin/metrics/context.go
+++ b/vendor/github.com/coredns/coredns/plugin/metrics/context.go
@ -22,3 +22,16 @@ func WithServer(ctx context.Context) string {
 	}
 	return srv.(*dnsserver.Server).Addr
 }
 // WithView returns the name of the view currently handling the request, if a view is defined.
 //
 // Basic usage with a metric:
 //
 // <metric>.WithLabelValues(metrics.WithView(ctx), labels..).Add(1)
 func WithView(ctx context.Context) string {
 	v := ctx.Value(dnsserver.ViewKey{})
 	if v == nil {
 		return ""
 	}
 	return v.(string)
 }
--- a/vendor/github.com/coredns/coredns/plugin/metrics/handler.go
+++ b/vendor/github.com/coredns/coredns/plugin/metrics/handler.go
@ -34,7 +34,7 @@ func (m *Metrics) ServeDNS(ctx context.Context, w dns.ResponseWriter, r *dns.Msg
 		rc = status
 	}
 	plugin := m.authoritativePlugin(rw.Caller)
-	vars.Report(WithServer(ctx), state, zone, rcode.ToString(rc), plugin, rw.Len, rw.Start)
+	vars.Report(WithServer(ctx), state, zone, WithView(ctx), rcode.ToString(rc), plugin, rw.Len, rw.Start)
 	return status, err
 }
--- a/vendor/github.com/coredns/coredns/plugin/metrics/recorder.go
+++ b/vendor/github.com/coredns/coredns/plugin/metrics/recorder.go
@ -24,7 +24,5 @@ func (r *Recorder) WriteMsg(res *dns.Msg) error {
 	_, r.Caller[0], _, _ = runtime.Caller(1)
 	_, r.Caller[1], _, _ = runtime.Caller(2)
 	_, r.Caller[2], _, _ = runtime.Caller(3)
-	r.Len += res.Len()
+	return r.Recorder.WriteMsg(res)
 	r.Msg = res
 	return r.ResponseWriter.WriteMsg(res)
 }
--- a/vendor/github.com/coredns/coredns/plugin/metrics/setup.go
+++ b/vendor/github.com/coredns/coredns/plugin/metrics/setup.go
@ -39,7 +39,7 @@ func setup(c *caddy.Controller) error {
 		for _, h := range conf.ListenHosts {
 			addrstr := conf.Transport + "://" + net.JoinHostPort(h, conf.Port)
 			for _, p := range conf.Handlers() {
-				vars.PluginEnabled.WithLabelValues(addrstr, conf.Zone, p.Name()).Set(1)
+				vars.PluginEnabled.WithLabelValues(addrstr, conf.Zone, conf.ViewName, p.Name()).Set(1)
 			}
 		}
 		return nil
@ -49,7 +49,7 @@ func setup(c *caddy.Controller) error {
 		for _, h := range conf.ListenHosts {
 			addrstr := conf.Transport + "://" + net.JoinHostPort(h, conf.Port)
 			for _, p := range conf.Handlers() {
-				vars.PluginEnabled.WithLabelValues(addrstr, conf.Zone, p.Name()).Set(1)
+				vars.PluginEnabled.WithLabelValues(addrstr, conf.Zone, conf.ViewName, p.Name()).Set(1)
 			}
 		}
 		return nil
--- a/vendor/github.com/coredns/coredns/plugin/metrics/vars/report.go
+++ b/vendor/github.com/coredns/coredns/plugin/metrics/vars/report.go
@ -9,7 +9,7 @@ import (
 // Report reports the metrics data associated with request. This function is exported because it is also
 // called from core/dnsserver to report requests hitting the server that should not be handled and are thus
 // not sent down the plugin chain.
-func Report(server string, req request.Request, zone, rcode, plugin string, size int, start time.Time) {
+func Report(server string, req request.Request, zone, view, rcode, plugin string, size int, start time.Time) {
 	// Proto and Family.
 	net := req.Proto()
 	fam := "1"
@ -18,16 +18,16 @@ func Report(server string, req request.Request, zone, rcode, plugin string, size
 	}
 	if req.Do() {
-		RequestDo.WithLabelValues(server, zone).Inc()
+		RequestDo.WithLabelValues(server, zone, view).Inc()
 	}
 	qType := qTypeString(req.QType())
-	RequestCount.WithLabelValues(server, zone, net, fam, qType).Inc()
+	RequestCount.WithLabelValues(server, zone, view, net, fam, qType).Inc()
-	RequestDuration.WithLabelValues(server, zone).Observe(time.Since(start).Seconds())
+	RequestDuration.WithLabelValues(server, zone, view).Observe(time.Since(start).Seconds())
-	ResponseSize.WithLabelValues(server, zone, net).Observe(float64(size))
+	ResponseSize.WithLabelValues(server, zone, view, net).Observe(float64(size))
-	RequestSize.WithLabelValues(server, zone, net).Observe(float64(req.Len()))
+	RequestSize.WithLabelValues(server, zone, view, net).Observe(float64(req.Len()))
-	ResponseRcode.WithLabelValues(server, zone, rcode, plugin).Inc()
+	ResponseRcode.WithLabelValues(server, zone, view, rcode, plugin).Inc()
 }
--- a/vendor/github.com/coredns/coredns/plugin/metrics/vars/vars.go
+++ b/vendor/github.com/coredns/coredns/plugin/metrics/vars/vars.go
@ -14,7 +14,7 @@ var (
 		Subsystem: subsystem,
 		Name:      "requests_total",
 		Help:      "Counter of DNS requests made per zone, protocol and family.",
-	}, []string{"server", "zone", "proto", "family", "type"})
+	}, []string{"server", "zone", "view", "proto", "family", "type"})
 	RequestDuration = promauto.NewHistogramVec(prometheus.HistogramOpts{
 		Namespace: plugin.Namespace,
@ -22,7 +22,7 @@ var (
 		Name:      "request_duration_seconds",
 		Buckets:   plugin.TimeBuckets,
 		Help:      "Histogram of the time (in seconds) each request took per zone.",
-	}, []string{"server", "zone"})
+	}, []string{"server", "zone", "view"})
 	RequestSize = promauto.NewHistogramVec(prometheus.HistogramOpts{
 		Namespace: plugin.Namespace,
@ -30,14 +30,14 @@ var (
 		Name:      "request_size_bytes",
 		Help:      "Size of the EDNS0 UDP buffer in bytes (64K for TCP) per zone and protocol.",
 		Buckets:   []float64{0, 100, 200, 300, 400, 511, 1023, 2047, 4095, 8291, 16e3, 32e3, 48e3, 64e3},
-	}, []string{"server", "zone", "proto"})
+	}, []string{"server", "zone", "view", "proto"})
 	RequestDo = promauto.NewCounterVec(prometheus.CounterOpts{
 		Namespace: plugin.Namespace,
 		Subsystem: subsystem,
 		Name:      "do_requests_total",
 		Help:      "Counter of DNS requests with DO bit set per zone.",
-	}, []string{"server", "zone"})
+	}, []string{"server", "zone", "view"})
 	ResponseSize = promauto.NewHistogramVec(prometheus.HistogramOpts{
 		Namespace: plugin.Namespace,
@ -45,14 +45,14 @@ var (
 		Name:      "response_size_bytes",
 		Help:      "Size of the returned response in bytes.",
 		Buckets:   []float64{0, 100, 200, 300, 400, 511, 1023, 2047, 4095, 8291, 16e3, 32e3, 48e3, 64e3},
-	}, []string{"server", "zone", "proto"})
+	}, []string{"server", "zone", "view", "proto"})
 	ResponseRcode = promauto.NewCounterVec(prometheus.CounterOpts{
 		Namespace: plugin.Namespace,
 		Subsystem: subsystem,
 		Name:      "responses_total",
 		Help:      "Counter of response status codes.",
-	}, []string{"server", "zone", "rcode", "plugin"})
+	}, []string{"server", "zone", "view", "rcode", "plugin"})
 	Panic = promauto.NewCounter(prometheus.CounterOpts{
 		Namespace: plugin.Namespace,
@ -64,7 +64,14 @@ var (
 		Namespace: plugin.Namespace,
 		Name:      "plugin_enabled",
 		Help:      "A metric that indicates whether a plugin is enabled on per server and zone basis.",
-	}, []string{"server", "zone", "name"})
+	}, []string{"server", "zone", "view", "name"})
 	HTTPSResponsesCount = promauto.NewCounterVec(prometheus.CounterOpts{
 		Namespace: plugin.Namespace,
 		Subsystem: subsystem,
 		Name:      "https_responses_total",
 		Help:      "Counter of DoH responses per server and http status code.",
 	}, []string{"server", "status"})
 )
 const (
--- a/vendor/github.com/coredns/coredns/plugin/normalize.go
+++ b/vendor/github.com/coredns/coredns/plugin/normalize.go
@ -125,7 +125,6 @@ func (h Host) NormalizeExact() []string {
 	}
 	for i := range hosts {
 		hosts[i] = Name(hosts[i]).Normalize()
 	}
 	return hosts
 }
--- a/Show More
+++ b/Show More
		`@ -1,3 +0,0 @@`
			`Compatible with TOML version`
			`[v0.4.0](https://github.com/toml-lang/toml/blob/v0.4.0/versions/en/toml-v0.4.0.md)`
		`@ -1 +0,0 @@`
			`au BufWritePost *.go silent!make tags > /dev/null 2>&1`
`@ -1,4 +1,4 @@`
	`// +build gofuzz`	`//go:build gofuzz`

	`package cache`	`package cache`