diff --git a/go.mod b/go.mod
index fb361b1d0e..a05593aa71 100644
--- a/go.mod
+++ b/go.mod
@@ -83,8 +83,8 @@ require (
 	github.com/spf13/viper v1.21.0
 	github.com/stretchr/testify v1.11.1
 	github.com/test-go/testify v1.1.4
-	github.com/testcontainers/testcontainers-go v0.41.0
-	github.com/testcontainers/testcontainers-go/modules/opensearch v0.41.0
+	github.com/testcontainers/testcontainers-go v0.42.0
+	github.com/testcontainers/testcontainers-go/modules/opensearch v0.42.0
 	github.com/theckman/yacspin v0.13.12
 	github.com/thejerf/suture/v4 v4.0.6
 	github.com/tidwall/gjson v1.18.0
@@ -190,7 +190,6 @@ require (
 	github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect
 	github.com/distribution/reference v0.6.0 // indirect
 	github.com/dlclark/regexp2 v1.4.0 // indirect
-	github.com/docker/docker v28.5.2+incompatible // indirect
 	github.com/docker/go-connections v0.6.0 // indirect
 	github.com/docker/go-units v0.5.0 // indirect
 	github.com/dustin/go-humanize v1.0.1 // indirect
@@ -294,14 +293,15 @@ require (
 	github.com/mitchellh/reflectwalk v1.0.2 // indirect
 	github.com/moby/docker-image-spec v1.3.1 // indirect
 	github.com/moby/go-archive v0.2.0 // indirect
-	github.com/moby/patternmatcher v0.6.0 // indirect
+	github.com/moby/moby/api v1.54.1 // indirect
+	github.com/moby/moby/client v0.4.0 // indirect
+	github.com/moby/patternmatcher v0.6.1 // indirect
 	github.com/moby/sys/sequential v0.6.0 // indirect
 	github.com/moby/sys/user v0.4.0 // indirect
 	github.com/moby/sys/userns v0.1.0 // indirect
 	github.com/moby/term v0.5.2 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee // indirect
-	github.com/morikuni/aec v1.0.0 // indirect
 	github.com/mschoch/smat v0.2.0 // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
 	github.com/nats-io/jwt/v2 v2.8.1 // indirect
@@ -347,14 +347,14 @@ require (
 	github.com/sethvargo/go-diceware v0.5.0 // indirect
 	github.com/sethvargo/go-password v0.3.1 // indirect
 	github.com/shamaton/msgpack/v2 v2.4.0 // indirect
-	github.com/shirou/gopsutil/v4 v4.26.2 // indirect
+	github.com/shirou/gopsutil/v4 v4.26.3 // indirect
 	github.com/shurcooL/httpfs v0.0.0-20230704072500-f1e31cf0ba5c // indirect
 	github.com/shurcooL/vfsgen v0.0.0-20230704071429-0000e147ea92 // indirect
 	github.com/skeema/knownhosts v1.3.1 // indirect
 	github.com/sourcegraph/conc v0.3.1-0.20240121214520-5f936abd7ae8 // indirect
 	github.com/spacewander/go-suffix-tree v0.0.0-20191010040751-0865e368c784 // indirect
 	github.com/spf13/cast v1.10.0 // indirect
-	github.com/stretchr/objx v0.5.2 // indirect
+	github.com/stretchr/objx v0.5.3 // indirect
 	github.com/studio-b12/gowebdav v0.9.0 // indirect
 	github.com/subosito/gotenv v1.6.0 // indirect
 	github.com/tchap/go-patricia/v2 v2.3.3 // indirect
diff --git a/go.sum b/go.sum
index 3344ce7f3d..e9b7ca6f99 100644
--- a/go.sum
+++ b/go.sum
@@ -258,8 +258,8 @@ github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsr
 github.com/cpuguy83/go-md2man/v2 v2.0.6/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g=
 github.com/cpuguy83/go-md2man/v2 v2.0.7 h1:zbFlGlXEAKlwXpmvle3d8Oe3YnkKIK4xSRTd3sHPnBo=
 github.com/cpuguy83/go-md2man/v2 v2.0.7/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g=
-github.com/creack/pty v1.1.18 h1:n56/Zwd5o6whRC5PMGretI4IdRLlmBXYNjScPaBgsbY=
-github.com/creack/pty v1.1.18/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4=
+github.com/creack/pty v1.1.24 h1:bJrF4RRfyJnbTJqzRLHzcGaZK1NeM5kTC9jGgovnR1s=
+github.com/creack/pty v1.1.24/go.mod h1:08sCNb52WyoAwi2QDyzUCTgcvVFhUzewun7wtTfvcwE=
 github.com/crewjam/httperr v0.2.0 h1:b2BfXR8U3AlIHwNeFFvZ+BV1LFvKLlzMjzaTnZMybNo=
 github.com/crewjam/httperr v0.2.0/go.mod h1:Jlz+Sg/XqBQhyMjdDiC+GNNRzZTD7x39Gu3pglZ5oH4=
 github.com/crewjam/saml v0.4.14 h1:g9FBNx62osKusnFzs3QTN5L9CVA/Egfgm+stJShzw/c=
@@ -305,8 +305,6 @@ github.com/dlclark/regexp2 v1.4.0 h1:F1rxgk7p4uKjwIQxBs9oAXe5CqrXlCduYEJvrF4u93E
 github.com/dlclark/regexp2 v1.4.0/go.mod h1:2pZnwuY/m+8K6iRw6wQdMtk+rH5tNGR1i55kozfMjCc=
 github.com/dnaeon/go-vcr v1.0.1/go.mod h1:aBB1+wY4s93YsC3HHjMBMrwTj2R9FHDzUr9KyGc8n1E=
 github.com/dnsimple/dnsimple-go v0.63.0/go.mod h1:O5TJ0/U6r7AfT8niYNlmohpLbCSG+c71tQlGr9SeGrg=
-github.com/docker/docker v28.5.2+incompatible h1:DBX0Y0zAjZbSrm1uzOkdr1onVghKaftjlSWt4AFexzM=
-github.com/docker/docker v28.5.2+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
 github.com/docker/go-connections v0.6.0 h1:LlMG9azAe1TqfR7sO+NJttz1gy6KO7VJBh+pMmjSD94=
 github.com/docker/go-connections v0.6.0/go.mod h1:AahvXYshr6JgfUJGdDCs2b5EZG/vmaMAntpSFH5BFKE=
 github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4=
@@ -869,10 +867,12 @@ github.com/moby/docker-image-spec v1.3.1 h1:jMKff3w6PgbfSa69GfNg+zN/XLhfXJGnEx3N
 github.com/moby/docker-image-spec v1.3.1/go.mod h1:eKmb5VW8vQEh/BAr2yvVNvuiJuY6UIocYsFu/DxxRpo=
 github.com/moby/go-archive v0.2.0 h1:zg5QDUM2mi0JIM9fdQZWC7U8+2ZfixfTYoHL7rWUcP8=
 github.com/moby/go-archive v0.2.0/go.mod h1:mNeivT14o8xU+5q1YnNrkQVpK+dnNe/K6fHqnTg4qPU=
-github.com/moby/patternmatcher v0.6.0 h1:GmP9lR19aU5GqSSFko+5pRqHi+Ohk1O69aFiKkVGiPk=
-github.com/moby/patternmatcher v0.6.0/go.mod h1:hDPoyOpDY7OrrMDLaYoY3hf52gNCR/YOUYxkhApJIxc=
-github.com/moby/sys/atomicwriter v0.1.0 h1:kw5D/EqkBwsBFi0ss9v1VG3wIkVhzGvLklJ+w3A14Sw=
-github.com/moby/sys/atomicwriter v0.1.0/go.mod h1:Ul8oqv2ZMNHOceF643P6FKPXeCmYtlQMvpizfsSoaWs=
+github.com/moby/moby/api v1.54.1 h1:TqVzuJkOLsgLDDwNLmYqACUuTehOHRGKiPhvH8V3Nn4=
+github.com/moby/moby/api v1.54.1/go.mod h1:+RQ6wluLwtYaTd1WnPLykIDPekkuyD/ROWQClE83pzs=
+github.com/moby/moby/client v0.4.0 h1:S+2XegzHQrrvTCvF6s5HFzcrywWQmuVnhOXe2kiWjIw=
+github.com/moby/moby/client v0.4.0/go.mod h1:QWPbvWchQbxBNdaLSpoKpCdf5E+WxFAgNHogCWDoa7g=
+github.com/moby/patternmatcher v0.6.1 h1:qlhtafmr6kgMIJjKJMDmMWq7WLkKIo23hsrpR3x084U=
+github.com/moby/patternmatcher v0.6.1/go.mod h1:hDPoyOpDY7OrrMDLaYoY3hf52gNCR/YOUYxkhApJIxc=
 github.com/moby/sys/sequential v0.6.0 h1:qrx7XFUd/5DxtqcoH1h438hF5TmOvzC/lspjy7zgvCU=
 github.com/moby/sys/sequential v0.6.0/go.mod h1:uyv8EUTrca5PnDsdMGXhZe6CCe8U/UiTWd+lL+7b/Ko=
 github.com/moby/sys/user v0.4.0 h1:jhcMKit7SA80hivmFJcbB1vqmw//wU61Zdui2eQXuMs=
@@ -891,8 +891,6 @@ github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee h1:W5t00kpgFd
 github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
 github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826 h1:RWengNIwukTxcDr9M+97sNutRR1RKhG96O6jWumTTnw=
 github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826/go.mod h1:TaXosZuwdSHYgviHp1DAtfrULt5eUgsSMsZf+YrPgl8=
-github.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A=
-github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc=
 github.com/mschoch/smat v0.2.0 h1:8imxQsjDm8yFEAVBe7azKmKSgzSkZXDuKkSq9374khM=
 github.com/mschoch/smat v0.2.0/go.mod h1:kc9mz7DoBKqDyiRL7VZN8KvXQMWeTaVnttLRXOlotKw=
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
@@ -1116,8 +1114,8 @@ github.com/shamaton/msgpack/v2 v2.4.0 h1:O5Z08MRmbo0lA9o2xnQ4TXx6teJbPqEurqcCOQ8
 github.com/shamaton/msgpack/v2 v2.4.0/go.mod h1:6khjYnkx73f7VQU7wjcFS9DFjs+59naVWJv1TB7qdOI=
 github.com/shirou/gopsutil v3.21.11+incompatible h1:+1+c1VGhc88SSonWP6foOcLhvnKlUeu/erjjvaPEYiI=
 github.com/shirou/gopsutil v3.21.11+incompatible/go.mod h1:5b4v6he4MtMOwMlS0TUMTu2PcXUg8+E1lC7eC3UO/RA=
-github.com/shirou/gopsutil/v4 v4.26.2 h1:X8i6sicvUFih4BmYIGT1m2wwgw2VG9YgrDTi7cIRGUI=
-github.com/shirou/gopsutil/v4 v4.26.2/go.mod h1:LZ6ewCSkBqUpvSOf+LsTGnRinC6iaNUNMGBtDkJBaLQ=
+github.com/shirou/gopsutil/v4 v4.26.3 h1:2ESdQt90yU3oXF/CdOlRCJxrP+Am1aBYubTMTfxJ1qc=
+github.com/shirou/gopsutil/v4 v4.26.3/go.mod h1:LZ6ewCSkBqUpvSOf+LsTGnRinC6iaNUNMGBtDkJBaLQ=
 github.com/shurcooL/httpfs v0.0.0-20230704072500-f1e31cf0ba5c h1:aqg5Vm5dwtvL+YgDpBcK1ITf3o96N/K7/wsRXQnUTEs=
 github.com/shurcooL/httpfs v0.0.0-20230704072500-f1e31cf0ba5c/go.mod h1:owqhoLW1qZoYLZzLnBw+QkPP9WZnjlSWihhxAJC1+/M=
 github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
@@ -1171,8 +1169,8 @@ github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+
 github.com/stretchr/objx v0.3.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE=
 github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
 github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
-github.com/stretchr/objx v0.5.2 h1:xuMeJ0Sdp5ZMRXx/aWO6RZxdr3beISkG5/G/aIRr3pY=
-github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA=
+github.com/stretchr/objx v0.5.3 h1:jmXUvGomnU1o3W/V5h2VEradbpJDwGrzugQQvL0POH4=
+github.com/stretchr/objx v0.5.3/go.mod h1:rDQraq+vQZU7Fde9LOZLr8Tax6zZvy4kuNKF+QYS+U0=
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
@@ -1193,10 +1191,10 @@ github.com/tchap/go-patricia/v2 v2.3.3 h1:xfNEsODumaEcCcY3gI0hYPZ/PcpVv5ju6RMAhg
 github.com/tchap/go-patricia/v2 v2.3.3/go.mod h1:VZRHKAb53DLaG+nA9EaYYiaEx6YztwDlLElMsnSHD4k=
 github.com/test-go/testify v1.1.4 h1:Tf9lntrKUMHiXQ07qBScBTSA0dhYQlu83hswqelv1iE=
 github.com/test-go/testify v1.1.4/go.mod h1:rH7cfJo/47vWGdi4GPj16x3/t1xGOj2YxzmNQzk2ghU=
-github.com/testcontainers/testcontainers-go v0.41.0 h1:mfpsD0D36YgkxGj2LrIyxuwQ9i2wCKAD+ESsYM1wais=
-github.com/testcontainers/testcontainers-go v0.41.0/go.mod h1:pdFrEIfaPl24zmBjerWTTYaY0M6UHsqA1YSvsoU40MI=
-github.com/testcontainers/testcontainers-go/modules/opensearch v0.41.0 h1:xOHzMTJXgw/CQsrtemxLGDZGCSQg/AlaotVv273qC60=
-github.com/testcontainers/testcontainers-go/modules/opensearch v0.41.0/go.mod h1:vjKGTfDelOkOAzsFmf5YglHPnhyoHjPyDs9Z4Ane2xg=
+github.com/testcontainers/testcontainers-go v0.42.0 h1:He3IhTzTZOygSXLJPMX7n44XtK+qhjat1nI9cneBbUY=
+github.com/testcontainers/testcontainers-go v0.42.0/go.mod h1:vZjdY1YmUA1qEForxOIOazfsrdyORJAbhi0bp8plN30=
+github.com/testcontainers/testcontainers-go/modules/opensearch v0.42.0 h1:lXPr5NypYR0O8qcej+JQfsQTOTc3CRv+c4wz3VbBFLI=
+github.com/testcontainers/testcontainers-go/modules/opensearch v0.42.0/go.mod h1:KJ+m9onB785g9VDRDuhvUvsbkRjnFp3Uz+CHoHpPieA=
 github.com/thanhpk/randstr v1.0.6 h1:psAOktJFD4vV9NEVb3qkhRSMvYh4ORRaj1+w/hn4B+o=
 github.com/thanhpk/randstr v1.0.6/go.mod h1:M/H2P1eNLZzlDwAzpkkkUvoyNNMbzRGhESZuEQk3r0U=
 github.com/theckman/yacspin v0.13.12 h1:CdZ57+n0U6JMuh2xqjnjRq5Haj6v1ner2djtLQRzJr4=
@@ -1310,8 +1308,6 @@ go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.43.0 h1:88Y4s2C8oTui1LGM6bT
 go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.43.0/go.mod h1:Vl1/iaggsuRlrHf/hfPJPvVag77kKyvrLeD10kpMl+A=
 go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.43.0 h1:RAE+JPfvEmvy+0LzyUA25/SGawPwIUbZ6u0Wug54sLc=
 go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.43.0/go.mod h1:AGmbycVGEsRx9mXMZ75CsOyhSP6MFIcj/6dnG+vhVjk=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.41.0 h1:inYW9ZhgqiDqh6BioM7DVHHzEGVq76Db5897WLGZ5Go=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.41.0/go.mod h1:Izur+Wt8gClgMJqO/cZ8wdeeMryJ/xxiOVgFSSfpDTY=
 go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.42.0 h1:s/1iRkCKDfhlh1JF26knRneorus8aOwVIDhvYx9WoDw=
 go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.42.0/go.mod h1:UI3wi0FXg1Pofb8ZBiBLhtMzgoTm1TYkMvn71fAqDzs=
 go.opentelemetry.io/otel/metric v1.43.0 h1:d7638QeInOnuwOONPp4JAOGfbCEpYb+K6DVWvdxGzgM=
@@ -1800,6 +1796,8 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh
 honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
 honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
 honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
+pgregory.net/rapid v1.2.0 h1:keKAYRcjm+e1F0oAuU5F5+YPAWcyxNNRK2wud503Gnk=
+pgregory.net/rapid v1.2.0/go.mod h1:PY5XlDGj0+V1FCq0o192FdRhpKHGTRIWBgqjDBTrq04=
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
 rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
 rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
diff --git a/vendor/github.com/docker/docker/AUTHORS b/vendor/github.com/docker/docker/AUTHORS
deleted file mode 100644
index c7c649471c..0000000000
--- a/vendor/github.com/docker/docker/AUTHORS
+++ /dev/null
@@ -1,2496 +0,0 @@
-# File @generated by hack/generate-authors.sh. DO NOT EDIT.
-# This file lists all contributors to the repository.
-# See hack/generate-authors.sh to make modifications.
-
-17neverends <ionianrise@gmail.com>
-7sunarni <710720732@qq.com>
-Aanand Prasad <aanand.prasad@gmail.com>
-Aarni Koskela <akx@iki.fi>
-Aaron Davidson <aaron@databricks.com>
-Aaron Feng <aaron.feng@gmail.com>
-Aaron Hnatiw <aaron@griddio.com>
-Aaron Huslage <huslage@gmail.com>
-Aaron L. Xu <liker.xu@foxmail.com>
-Aaron Lehmann <alehmann@netflix.com>
-Aaron Welch <welch@packet.net>
-Aaron Yoshitake <airandfingers@gmail.com>
-Abdur Rehman <abdur_rehman@mentor.com>
-Abel Muiño <amuino@gmail.com>
-Abhijeet Kasurde <akasurde@redhat.com>
-Abhinandan Prativadi <aprativadi@gmail.com>
-Abhinav Ajgaonkar <abhinav316@gmail.com>
-Abhishek Chanda <abhishek.becs@gmail.com>
-Abhishek Sharma <abhishek@asharma.me>
-Abin Shahab <ashahab@altiscale.com>
-Abirdcfly <fp544037857@gmail.com>
-Ada Mancini <ada@docker.com>
-Adam Avilla <aavilla@yp.com>
-Adam Dobrawy <naczelnik@jawnosc.tk>
-Adam Eijdenberg <adam.eijdenberg@gmail.com>
-Adam Kunk <adam.kunk@tiaa-cref.org>
-Adam Lamers <adam.lamers@wmsdev.pl>
-Adam Miller <admiller@redhat.com>
-Adam Mills <adam@armills.info>
-Adam Pointer <adam.pointer@skybettingandgaming.com>
-Adam Simon <adamsimon85100@gmail.com>
-Adam Singer <financeCoding@gmail.com>
-Adam Thornton <adam.thornton@maryville.com>
-Adam Walz <adam@adamwalz.net>
-Adam Williams <awilliams@mirantis.com>
-AdamKorcz <adam@adalogics.com>
-Addam Hardy <addam.hardy@gmail.com>
-Aditi Rajagopal <arajagopal@us.ibm.com>
-Aditya <aditya@netroy.in>
-Adnan Khan <adnkha@amazon.com>
-Adolfo Ochagavía <aochagavia92@gmail.com>
-Adria Casas <adriacasas88@gmail.com>
-Adrian Moisey <adrian@changeover.za.net>
-Adrian Mouat <adrian.mouat@gmail.com>
-Adrian Oprea <adrian@codesi.nz>
-Adrien Folie <folie.adrien@gmail.com>
-Adrien Gallouët <adrien@gallouet.fr>
-Ahmed Kamal <email.ahmedkamal@googlemail.com>
-Ahmet Alp Balkan <ahmetb@microsoft.com>
-Aidan Feldman <aidan.feldman@gmail.com>
-Aidan Hobson Sayers <aidanhs@cantab.net>
-AJ Bowen <aj@soulshake.net>
-Ajey Charantimath <ajey.charantimath@gmail.com>
-ajneu <ajneu@users.noreply.github.com>
-Akash Gupta <akagup@microsoft.com>
-Akhil Mohan <akhil.mohan@mayadata.io>
-Akihiro Matsushima <amatsusbit@gmail.com>
-Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
-Akim Demaille <akim.demaille@docker.com>
-Akira Koyasu <mail@akirakoyasu.net>
-Akshay Karle <akshay.a.karle@gmail.com>
-Akshay Moghe <akshay.moghe@gmail.com>
-Al Tobey <al@ooyala.com>
-alambike <alambike@gmail.com>
-Alan Hoyle <alan@alanhoyle.com>
-Alan Scherger <flyinprogrammer@gmail.com>
-Alan Thompson <cloojure@gmail.com>
-Alano Terblanche <alano.terblanche@docker.com>
-Albert Callarisa <shark234@gmail.com>
-Albert Zhang <zhgwenming@gmail.com>
-Albin Kerouanton <albinker@gmail.com>
-Alec Benson <albenson@redhat.com>
-Alejandro González Hevia <alejandrgh11@gmail.com>
-Aleksa Sarai <asarai@suse.de>
-Aleksandr Chebotov <v-aleche@microsoft.com>
-Aleksandrs Fadins <aleks@s-ko.net>
-Alena Prokharchyk <alena@rancher.com>
-Alessandro Boch <aboch@tetrationanalytics.com>
-Alessio Biancalana <dottorblaster@gmail.com>
-Alex Chan <alex@alexwlchan.net>
-Alex Chen <alexchenunix@gmail.com>
-Alex Coventry <alx@empirical.com>
-Alex Crawford <alex.crawford@coreos.com>
-Alex Ellis <alexellis2@gmail.com>
-Alex Gaynor <alex.gaynor@gmail.com>
-Alex Goodman <wagoodman@gmail.com>
-Alex Nordlund <alexander.nordlund@nasdaq.com>
-Alex Olshansky <i@creagenics.com>
-Alex Samorukov <samm@os2.kiev.ua>
-Alex Stockinger <alex@atomicjar.com>
-Alex Warhawk <ax.warhawk@gmail.com>
-Alexander Artemenko <svetlyak.40wt@gmail.com>
-Alexander Boyd <alex@opengroove.org>
-Alexander Larsson <alexl@redhat.com>
-Alexander Midlash <amidlash@docker.com>
-Alexander Morozov <lk4d4math@gmail.com>
-Alexander Polakov <plhk@sdf.org>
-Alexander Shopov <ash@kambanaria.org>
-Alexandre Beslic <alexandre.beslic@gmail.com>
-Alexandre Garnier <zigarn@gmail.com>
-Alexandre González <agonzalezro@gmail.com>
-Alexandre Jomin <alexandrejomin@gmail.com>
-Alexandru Sfirlogea <alexandru.sfirlogea@gmail.com>
-Alexei Margasov <alexei38@yandex.ru>
-Alexey Guskov <lexag@mail.ru>
-Alexey Kotlyarov <alexey@infoxchange.net.au>
-Alexey Shamrin <shamrin@gmail.com>
-Alexis Ries <ries.alexis@gmail.com>
-Alexis Thomas <fr.alexisthomas@gmail.com>
-Alfred Landrum <alfred.landrum@docker.com>
-Ali Dehghani <ali.dehghani.g@gmail.com>
-Alicia Lauerman <alicia@eta.im>
-Alihan Demir <alihan_6153@hotmail.com>
-Allen Madsen <blatyo@gmail.com>
-Allen Sun <allensun.shl@alibaba-inc.com>
-almoehi <almoehi@users.noreply.github.com>
-Alvaro Saurin <alvaro.saurin@gmail.com>
-Alvin Deng <alvin.q.deng@utexas.edu>
-Alvin Richards <alvin.richards@docker.com>
-amangoel <amangoel@gmail.com>
-Amen Belayneh <amenbelayneh@gmail.com>
-Ameya Gawde <agawde@mirantis.com>
-Amir Goldstein <amir73il@aquasec.com>
-AmirBuddy <badinlu.amirhossein@gmail.com>
-Amit Bakshi <ambakshi@gmail.com>
-Amit Krishnan <amit.krishnan@oracle.com>
-Amit Shukla <amit.shukla@docker.com>
-Amr Gawish <amr.gawish@gmail.com>
-Amy Lindburg <amy.lindburg@docker.com>
-Anand Patil <anand.prabhakar.patil@gmail.com>
-AnandkumarPatel <anandkumarpatel@gmail.com>
-Anatoly Borodin <anatoly.borodin@gmail.com>
-Anca Iordache <anca.iordache@docker.com>
-Anchal Agrawal <aagrawa4@illinois.edu>
-Anda Xu <anda.xu@docker.com>
-Anders Janmyr <anders@janmyr.com>
-Andre Dublin <81dublin@gmail.com>
-Andre Granovsky <robotciti@live.com>
-Andrea Denisse Gómez <crypto.andrea@protonmail.ch>
-Andrea Luzzardi <aluzzardi@gmail.com>
-Andrea Turli <andrea.turli@gmail.com>
-Andreas Elvers <andreas@work.de>
-Andreas Köhler <andi5.py@gmx.net>
-Andreas Savvides <andreas@editd.com>
-Andreas Tiefenthaler <at@an-ti.eu>
-Andrei Gherzan <andrei@resin.io>
-Andrei Ushakov <aushakov@netflix.com>
-Andrei Vagin <avagin@gmail.com>
-Andrew Baxter <423qpsxzhh8k3h@s.rendaw.me>
-Andrew C. Bodine <acbodine@us.ibm.com>
-Andrew Clay Shafer <andrewcshafer@gmail.com>
-Andrew Duckworth <grillopress@gmail.com>
-Andrew France <andrew@avito.co.uk>
-Andrew Gerrand <adg@golang.org>
-Andrew Guenther <guenther.andrew.j@gmail.com>
-Andrew He <he.andrew.mail@gmail.com>
-Andrew Hsu <andrewhsu@docker.com>
-Andrew Kim <taeyeonkim90@gmail.com>
-Andrew Kuklewicz <kookster@gmail.com>
-Andrew Macgregor <andrew.macgregor@agworld.com.au>
-Andrew Macpherson <hopscotch23@gmail.com>
-Andrew Martin <sublimino@gmail.com>
-Andrew McDonnell <bugs@andrewmcdonnell.net>
-Andrew Munsell <andrew@wizardapps.net>
-Andrew Pennebaker <andrew.pennebaker@gmail.com>
-Andrew Po <absourd.noise@gmail.com>
-Andrew Weiss <andrew.weiss@docker.com>
-Andrew Williams <williams.andrew@gmail.com>
-Andrews Medina <andrewsmedina@gmail.com>
-Andrey Kolomentsev <andrey.kolomentsev@docker.com>
-Andrey Petrov <andrey.petrov@shazow.net>
-Andrey Stolbovsky <andrey.stolbovsky@gmail.com>
-André Martins <aanm90@gmail.com>
-Andrés Maldonado <maldonado@codelutin.com>
-Andy Chambers <anchambers@paypal.com>
-andy diller <dillera@gmail.com>
-Andy Goldstein <agoldste@redhat.com>
-Andy Kipp <andy@rstudio.com>
-Andy Lindeman <alindeman@salesforce.com>
-Andy Rothfusz <github@developersupport.net>
-Andy Smith <github@anarkystic.com>
-Andy Wilson <wilson.andrew.j+github@gmail.com>
-Andy Zhang <andy.zhangtao@hotmail.com>
-Aneesh Kulkarni <askthefactorcamera@gmail.com>
-Anes Hasicic <anes.hasicic@gmail.com>
-Angel Velazquez <angelcar@amazon.com>
-Anil Belur <askb23@gmail.com>
-Anil Madhavapeddy <anil@recoil.org>
-Anirudh Aithal <aithal@amazon.com>
-Ankit Jain <ajatkj@yahoo.co.in>
-Ankush Agarwal <ankushagarwal11@gmail.com>
-Anonmily <michelle@michelleliu.io>
-Anran Qiao <anran.qiao@daocloud.io>
-Anshul Pundir <anshul.pundir@docker.com>
-Anthon van der Neut <anthon@mnt.org>
-Anthony Baire <Anthony.Baire@irisa.fr>
-Anthony Bishopric <git@anthonybishopric.com>
-Anthony Dahanne <anthony.dahanne@gmail.com>
-Anthony Sottile <asottile@umich.edu>
-Anton Löfgren <anton.lofgren@gmail.com>
-Anton Nikitin <anton.k.nikitin@gmail.com>
-Anton Polonskiy <anton.polonskiy@gmail.com>
-Anton Tiurin <noxiouz@yandex.ru>
-Antonio Aguilar <antonio@zoftko.com>
-Antonio Murdaca <antonio.murdaca@gmail.com>
-Antonis Kalipetis <akalipetis@gmail.com>
-Antony Messerli <amesserl@rackspace.com>
-Anuj Bahuguna <anujbahuguna.dev@gmail.com>
-Anuj Varma <anujvarma@thumbtack.com>
-Anusha Ragunathan <anusha.ragunathan@docker.com>
-Anyu Wang <wanganyu@outlook.com>
-apocas <petermdias@gmail.com>
-Arash Deshmeh <adeshmeh@ca.ibm.com>
-arcosx <arcosx@outlook.com>
-ArikaChen <eaglesora@gmail.com>
-Arko Dasgupta <arko@tetrate.io>
-Arnaud Lefebvre <a.lefebvre@outlook.fr>
-Arnaud Porterie <icecrime@gmail.com>
-Arnaud Rebillout <arnaud.rebillout@collabora.com>
-Artem Khramov <akhramov@pm.me>
-Arthur Barr <arthur.barr@uk.ibm.com>
-Arthur Gautier <baloo@gandi.net>
-Artur Meyster <arthurfbi@yahoo.com>
-Arun Gupta <arun.gupta@gmail.com>
-Asad Saeeduddin <masaeedu@gmail.com>
-Asbjørn Enge <asbjorn@hanafjedle.net>
-Ashly Mathew <ashly.mathew@sap.com>
-Austin Vazquez <austin.vazquez.dev@gmail.com>
-averagehuman <averagehuman@users.noreply.github.com>
-Avi Das <andas222@gmail.com>
-Avi Kivity <avi@scylladb.com>
-Avi Miller <avi.miller@oracle.com>
-Avi Vaid <avaid1996@gmail.com>
-Azat Khuyiyakhmetov <shadow_uz@mail.ru>
-Bao Yonglei <baoyonglei@huawei.com>
-Bardia Keyoumarsi <bkeyouma@ucsc.edu>
-Barnaby Gray <barnaby@pickle.me.uk>
-Barry Allard <barry.allard@gmail.com>
-Bartłomiej Piotrowski <b@bpiotrowski.pl>
-Bastiaan Bakker <bbakker@xebia.com>
-Bastien Pascard <bpascard@hotmail.com>
-bdevloed <boris.de.vloed@gmail.com>
-Bearice Ren <bearice@gmail.com>
-Ben Bonnefoy <frenchben@docker.com>
-Ben Firshman <ben@firshman.co.uk>
-Ben Golub <ben.golub@dotcloud.com>
-Ben Gould <ben@bengould.co.uk>
-Ben Hall <ben@benhall.me.uk>
-Ben Langfeld <ben@langfeld.me>
-Ben Lovy <ben@deciduously.com>
-Ben Sargent <ben@brokendigits.com>
-Ben Severson <BenSeverson@users.noreply.github.com>
-Ben Toews <mastahyeti@gmail.com>
-Ben Wiklund <ben@daisyowl.com>
-Benjamin Atkin <ben@benatkin.com>
-Benjamin Baker <Benjamin.baker@utexas.edu>
-Benjamin Boudreau <boudreau.benjamin@gmail.com>
-Benjamin Böhmke <benjamin@boehmke.net>
-Benjamin Wang <wachao@vmware.com>
-Benjamin Yolken <yolken@stripe.com>
-Benny Ng <benny.tpng@gmail.com>
-Benoit Chesneau <bchesneau@gmail.com>
-Bernerd Schaefer <bj.schaefer@gmail.com>
-Bernhard M. Wiedemann <bwiedemann@suse.de>
-Bert Goethals <bert@bertg.be>
-Bertrand Roussel <broussel@sierrawireless.com>
-Bevisy Zhang <binbin36520@gmail.com>
-Bharath Thiruveedula <bharath_ves@hotmail.com>
-Bhiraj Butala <abhiraj.butala@gmail.com>
-Bhumika Bayani <bhumikabayani@gmail.com>
-Bilal Amarni <bilal.amarni@gmail.com>
-Bill Wang <ozbillwang@gmail.com>
-Billy Ridgway <wrridgwa@us.ibm.com>
-Bily Zhang <xcoder@tenxcloud.com>
-Bin Liu <liubin0329@gmail.com>
-Bingshen Wang <bingshen.wbs@alibaba-inc.com>
-Bjorn Neergaard <bjorn@neersighted.com>
-Blake Geno <blakegeno@gmail.com>
-Boaz Shuster <ripcurld.github@gmail.com>
-bobby abbott <ttobbaybbob@gmail.com>
-Bojun Zhu <bojun.zhu@foxmail.com>
-Boqin Qin <bobbqqin@gmail.com>
-Boris Pruessmann <boris@pruessmann.org>
-Boshi Lian <farmer1992@gmail.com>
-Bouke Haarsma <bouke@webatoom.nl>
-Boyd Hemphill <boyd@feedmagnet.com>
-boynux <boynux@gmail.com>
-Bradley Cicenas <bradley.cicenas@gmail.com>
-Bradley Wright <brad@intranation.com>
-Brandon Liu <bdon@bdon.org>
-Brandon Philips <brandon.philips@coreos.com>
-Brandon Rhodes <brandon@rhodesmill.org>
-Brendan Dixon <brendand@microsoft.com>
-Brendon Smith <bws@bws.bio>
-Brennan Kinney <5098581+polarathene@users.noreply.github.com>
-Brent Salisbury <brent.salisbury@docker.com>
-Brett Higgins <brhiggins@arbor.net>
-Brett Kochendorfer <brett.kochendorfer@gmail.com>
-Brett Milford <brettmilford@gmail.com>
-Brett Randall <javabrett@gmail.com>
-Brian (bex) Exelbierd <bexelbie@redhat.com>
-Brian Bland <brian.bland@docker.com>
-Brian DeHamer <brian@dehamer.com>
-Brian Dorsey <brian@dorseys.org>
-Brian Flad <bflad417@gmail.com>
-Brian Goff <cpuguy83@gmail.com>
-Brian McCallister <brianm@skife.org>
-Brian Olsen <brian@maven-group.org>
-Brian Schwind <brianmschwind@gmail.com>
-Brian Shumate <brian@couchbase.com>
-Brian Torres-Gil <brian@dralth.com>
-Brian Trump <btrump@yelp.com>
-Brice Jaglin <bjaglin@teads.tv>
-Briehan Lombaard <briehan.lombaard@gmail.com>
-Brielle Broder <bbroder@google.com>
-Bruno Bigras <bigras.bruno@gmail.com>
-Bruno Binet <bruno.binet@gmail.com>
-Bruno Gazzera <bgazzera@paginar.com>
-Bruno Renié <brutasse@gmail.com>
-Bruno Tavares <btavare@thoughtworks.com>
-Bryan Bess <squarejaw@bsbess.com>
-Bryan Boreham <bjboreham@gmail.com>
-Bryan Matsuo <bryan.matsuo@gmail.com>
-Bryan Murphy <bmurphy1976@gmail.com>
-Burke Libbey <burke@libbey.me>
-Byung Kang <byung.kang.ctr@amrdec.army.mil>
-Caleb Spare <cespare@gmail.com>
-Calen Pennington <cale@edx.org>
-Calvin Liu <flycalvin@qq.com>
-Cameron Boehmer <cameron.boehmer@gmail.com>
-Cameron Sparr <gh@sparr.email>
-Cameron Spear <cameronspear@gmail.com>
-Campbell Allen <campbell.allen@gmail.com>
-Candid Dauth <cdauth@cdauth.eu>
-Cao Weiwei <cao.weiwei30@zte.com.cn>
-Carl Henrik Lunde <chlunde@ping.uio.no>
-Carl Loa Odin <carlodin@gmail.com>
-Carl X. Su <bcbcarl@gmail.com>
-Carlo Mion <mion00@gmail.com>
-Carlos Alexandro Becker <caarlos0@gmail.com>
-Carlos de Paula <me@carlosedp.com>
-Carlos Sanchez <carlos@apache.org>
-Carol Fager-Higgins <carol.fager-higgins@docker.com>
-Cary <caryhartline@users.noreply.github.com>
-Casey Bisson <casey.bisson@joyent.com>
-Catalin Pirvu <pirvu.catalin94@gmail.com>
-Ce Gao <ce.gao@outlook.com>
-Cedric Davies <cedricda@microsoft.com>
-Cesar Talledo <cesar.talledo@docker.com>
-Cezar Sa Espinola <cezarsa@gmail.com>
-Chad Swenson <chadswen@gmail.com>
-Chance Zibolski <chance.zibolski@gmail.com>
-Chander Govindarajan <chandergovind@gmail.com>
-Chanhun Jeong <keyolk@gmail.com>
-Chao Wang <wangchao.fnst@cn.fujitsu.com>
-Charity Kathure <ckathure@microsoft.com>
-Charles Chan <charleswhchan@users.noreply.github.com>
-Charles Hooper <charles.hooper@dotcloud.com>
-Charles Law <claw@conduce.com>
-Charles Lindsay <chaz@chazomatic.us>
-Charles Merriam <charles.merriam@gmail.com>
-Charles Sarrazin <charles@sarraz.in>
-Charles Smith <charles.smith@docker.com>
-Charlie Drage <charlie@charliedrage.com>
-Charlie Lewis <charliel@lab41.org>
-Chase Bolt <chase.bolt@gmail.com>
-ChaYoung You <yousbe@gmail.com>
-Chee Hau Lim <ch33hau@gmail.com>
-Chen Chao <cc272309126@gmail.com>
-Chen Chuanliang <chen.chuanliang@zte.com.cn>
-Chen Hanxiao <chenhanxiao@cn.fujitsu.com>
-Chen Min <chenmin46@huawei.com>
-Chen Mingjie <chenmingjie0828@163.com>
-Chen Qiu <cheney-90@hotmail.com>
-Cheng-mean Liu <soccerl@microsoft.com>
-Chengfei Shang <cfshang@alauda.io>
-Chengguang Xu <cgxu519@gmx.com>
-Chengyu Zhu <hudson@cyzhu.com>
-Chentianze <cmoman@126.com>
-Chenyang Yan <memory.yancy@gmail.com>
-chenyuzhu <chenyuzhi@oschina.cn>
-Chetan Birajdar <birajdar.chetan@gmail.com>
-Chewey <prosto-chewey@users.noreply.github.com>
-Chia-liang Kao <clkao@clkao.org>
-Chiranjeevi Tirunagari <vchiranjeeviak.tirunagari@gmail.com>
-chli <chli@freewheel.tv>
-Cholerae Hu <choleraehyq@gmail.com>
-Chris Alfonso <calfonso@redhat.com>
-Chris Armstrong <chris@opdemand.com>
-Chris Dias <cdias@microsoft.com>
-Chris Dituri <csdituri@gmail.com>
-Chris Fordham <chris@fordham-nagy.id.au>
-Chris Gavin <chris@chrisgavin.me>
-Chris Gibson <chris@chrisg.io>
-Chris Khoo <chris.khoo@gmail.com>
-Chris Kreussling (Flatbush Gardener) <xrisfg@gmail.com>
-Chris McKinnel <chris.mckinnel@tangentlabs.co.uk>
-Chris McKinnel <chrismckinnel@gmail.com>
-Chris Price <cprice@mirantis.com>
-Chris Seto <chriskseto@gmail.com>
-Chris Snow <chsnow123@gmail.com>
-Chris St. Pierre <chris.a.st.pierre@gmail.com>
-Chris Stivers <chris@stivers.us>
-Chris Swan <chris.swan@iee.org>
-Chris Telfer <ctelfer@docker.com>
-Chris Wahl <github@wahlnetwork.com>
-Chris Weyl <cweyl@alumni.drew.edu>
-Chris White <me@cwprogram.com>
-Christian Becker <christian.becker@sixt.com>
-Christian Berendt <berendt@b1-systems.de>
-Christian Brauner <christian.brauner@ubuntu.com>
-Christian Böhme <developement@boehme3d.de>
-Christian Muehlhaeuser <muesli@gmail.com>
-Christian Persson <saser@live.se>
-Christian Rotzoll <ch.rotzoll@gmail.com>
-Christian Simon <simon@swine.de>
-Christian Stefanescu <st.chris@gmail.com>
-Christoph Ziebuhr <chris@codefrickler.de>
-Christophe Mehay <cmehay@online.net>
-Christophe Troestler <christophe.Troestler@umons.ac.be>
-Christophe Vidal <kriss@krizalys.com>
-Christopher Biscardi <biscarch@sketcht.com>
-Christopher Crone <christopher.crone@docker.com>
-Christopher Currie <codemonkey+github@gmail.com>
-Christopher Jones <tophj@linux.vnet.ibm.com>
-Christopher Latham <sudosurootdev@gmail.com>
-Christopher Petito <chrisjpetito@gmail.com>
-Christopher Rigor <crigor@gmail.com>
-Christy Norman <christy@linux.vnet.ibm.com>
-Chun Chen <ramichen@tencent.com>
-Ciro S. Costa <ciro.costa@usp.br>
-Clayton Coleman <ccoleman@redhat.com>
-Clint Armstrong <clint@clintarmstrong.net>
-Clinton Kitson <clintonskitson@gmail.com>
-clubby789 <jamie@hill-daniel.co.uk>
-Cody Roseborough <crrosebo@amazon.com>
-Coenraad Loubser <coenraad@wish.org.za>
-Colin Dunklau <colin.dunklau@gmail.com>
-Colin Hebert <hebert.colin@gmail.com>
-Colin Panisset <github@clabber.com>
-Colin Rice <colin@daedrum.net>
-Colin Walters <walters@verbum.org>
-Collin Guarino <collin.guarino@gmail.com>
-Colm Hally <colmhally@gmail.com>
-companycy <companycy@gmail.com>
-Conor Evans <coevans@tcd.ie>
-Corbin Coleman <corbin.coleman@docker.com>
-Corey Farrell <git@cfware.com>
-Cory Forsyth <cory.forsyth@gmail.com>
-Cory Snider <csnider@mirantis.com>
-cressie176 <github@stephen-cresswell.net>
-Cristian Ariza <dev@cristianrz.com>
-Cristian Staretu <cristian.staretu@gmail.com>
-cristiano balducci <cristiano.balducci@gmail.com>
-Cristina Yenyxe Gonzalez Garcia <cristina.yenyxe@gmail.com>
-Cruceru Calin-Cristian <crucerucalincristian@gmail.com>
-cui fliter <imcusg@gmail.com>
-CUI Wei <ghostplant@qq.com>
-Cuong Manh Le <cuong.manhle.vn@gmail.com>
-Cyprian Gracz <cyprian.gracz@micro-jumbo.eu>
-Cyril F <cyrilf7x@gmail.com>
-Da McGrady <dabkb@aol.com>
-Daan van Berkel <daan.v.berkel.1980@gmail.com>
-Daehyeok Mun <daehyeok@gmail.com>
-Dafydd Crosby <dtcrsby@gmail.com>
-dalanlan <dalanlan925@gmail.com>
-Damian Smyth <damian@dsau.co>
-Damien Nadé <github@livna.org>
-Damien Nozay <damien.nozay@gmail.com>
-Damjan Georgievski <gdamjan@gmail.com>
-Dan Anolik <dan@anolik.net>
-Dan Buch <d.buch@modcloth.com>
-Dan Cotora <dan@bluevision.ro>
-Dan Feldman <danf@jfrog.com>
-Dan Griffin <dgriffin@peer1.com>
-Dan Hirsch <thequux@upstandinghackers.com>
-Dan Keder <dan.keder@gmail.com>
-Dan Levy <dan@danlevy.net>
-Dan McPherson <dmcphers@redhat.com>
-Dan Plamadeala <cornul11@gmail.com>
-Dan Stine <sw@stinemail.com>
-Dan Williams <me@deedubs.com>
-Dani Hodovic <dani.hodovic@gmail.com>
-Dani Louca <dani.louca@docker.com>
-Daniel Antlinger <d.antlinger@gmx.at>
-Daniel Black <daniel@linux.ibm.com>
-Daniel Dao <dqminh@cloudflare.com>
-Daniel Exner <dex@dragonslave.de>
-Daniel Farrell <dfarrell@redhat.com>
-Daniel Garcia <daniel@danielgarcia.info>
-Daniel Gasienica <daniel@gasienica.ch>
-Daniel Grunwell <mwgrunny@gmail.com>
-Daniel Guns <danbguns@gmail.com>
-Daniel Helfand <helfand.4@gmail.com>
-Daniel Hiltgen <daniel.hiltgen@docker.com>
-Daniel J Walsh <dwalsh@redhat.com>
-Daniel Menet <membership@sontags.ch>
-Daniel Mizyrycki <daniel.mizyrycki@dotcloud.com>
-Daniel Nephin <dnephin@docker.com>
-Daniel Norberg <dano@spotify.com>
-Daniel Nordberg <dnordberg@gmail.com>
-Daniel P. Berrangé <berrange@redhat.com>
-Daniel Robinson <gottagetmac@gmail.com>
-Daniel S <dan.streby@gmail.com>
-Daniel Sweet <danieljsweet@icloud.com>
-Daniel Von Fange <daniel@leancoder.com>
-Daniel Watkins <daniel@daniel-watkins.co.uk>
-Daniel X Moore <yahivin@gmail.com>
-Daniel YC Lin <dlin.tw@gmail.com>
-Daniel Zhang <jmzwcn@gmail.com>
-Daniele Rondina <geaaru@sabayonlinux.org>
-Danny Berger <dpb587@gmail.com>
-Danny Milosavljevic <dannym@scratchpost.org>
-Danny Yates <danny@codeaholics.org>
-Danyal Khaliq <danyal.khaliq@tenpearls.com>
-Darren Coxall <darren@darrencoxall.com>
-Darren Shepherd <darren.s.shepherd@gmail.com>
-Darren Stahl <darst@microsoft.com>
-Dattatraya Kumbhar <dattatraya.kumbhar@gslab.com>
-Davanum Srinivas <davanum@gmail.com>
-Dave Barboza <dbarboza@datto.com>
-Dave Goodchild <buddhamagnet@gmail.com>
-Dave Henderson <dhenderson@gmail.com>
-Dave MacDonald <mindlapse@gmail.com>
-Dave Tucker <dt@docker.com>
-David Anderson <dave@natulte.net>
-David Bellotti <dbellotti@pivotal.io>
-David Calavera <david.calavera@gmail.com>
-David Chung <david.chung@docker.com>
-David Corking <dmc-source@dcorking.com>
-David Cramer <davcrame@cisco.com>
-David Currie <david_currie@uk.ibm.com>
-David Davis <daviddavis@redhat.com>
-David Dooling <dooling@gmail.com>
-David Gageot <david@gageot.net>
-David Gebler <davidgebler@gmail.com>
-David Glasser <glasser@davidglasser.net>
-David Karlsson <35727626+dvdksn@users.noreply.github.com>
-David Lawrence <david.lawrence@docker.com>
-David Lechner <david@lechnology.com>
-David M. Karr <davidmichaelkarr@gmail.com>
-David Mackey <tdmackey@booleanhaiku.com>
-David Manouchehri <manouchehri@riseup.net>
-David Mat <david@davidmat.com>
-David Mcanulty <github@hellspark.com>
-David McKay <david@rawkode.com>
-David O'Rourke <david@scalefactory.com>
-David P Hilton <david.hilton.p@gmail.com>
-David Pelaez <pelaez89@gmail.com>
-David R. Jenni <david.r.jenni@gmail.com>
-David Röthlisberger <david@rothlis.net>
-David Sheets <dsheets@docker.com>
-David Sissitka <me@dsissitka.com>
-David Trott <github@davidtrott.com>
-David Wang <00107082@163.com>
-David Williamson <david.williamson@docker.com>
-David Xia <dxia@spotify.com>
-David Young <yangboh@cn.ibm.com>
-Davide Ceretti <davide.ceretti@hogarthww.com>
-Dawn Chen <dawnchen@google.com>
-dbdd <wangtong2712@gmail.com>
-dcylabs <dcylabs@gmail.com>
-Debayan De <debayande@users.noreply.github.com>
-Deborah Gertrude Digges <deborah.gertrude.digges@gmail.com>
-deed02392 <georgehafiz@gmail.com>
-Deep Debroy <ddebroy@docker.com>
-Deng Guangxing <dengguangxing@huawei.com>
-Deni Bertovic <deni@kset.org>
-Denis Defreyne <denis@soundcloud.com>
-Denis Gladkikh <denis@gladkikh.email>
-Denis Ollier <larchunix@users.noreply.github.com>
-Dennis Chen <barracks510@gmail.com>
-Dennis Chen <dennis.chen@arm.com>
-Dennis Docter <dennis@d23.nl>
-Derek <crq@kernel.org>
-Derek <crquan@gmail.com>
-Derek Ch <denc716@gmail.com>
-Derek McGowan <derek@mcg.dev>
-Deric Crago <deric.crago@gmail.com>
-Deshi Xiao <dxiao@redhat.com>
-Devon Estes <devon.estes@klarna.com>
-Devvyn Murphy <devvyn@devvyn.com>
-Dharmit Shah <shahdharmit@gmail.com>
-Dhawal Yogesh Bhanushali <dbhanushali@vmware.com>
-Dhilip Kumars <dhilip.kumar.s@huawei.com>
-Diego Romero <idiegoromero@gmail.com>
-Diego Siqueira <dieg0@live.com>
-Dieter Reuter <dieter.reuter@me.com>
-Dillon Dixon <dillondixon@gmail.com>
-Dima Stopel <dima@twistlock.com>
-Dimitri John Ledkov <dimitri.j.ledkov@intel.com>
-Dimitris Mandalidis <dimitris.mandalidis@gmail.com>
-Dimitris Rozakis <dimrozakis@gmail.com>
-Dimitry Andric <d.andric@activevideo.com>
-Dinesh Subhraveti <dineshs@altiscale.com>
-Ding Fei <dingfei@stars.org.cn>
-dingwei <dingwei@cmss.chinamobile.com>
-Diogo Monica <diogo@docker.com>
-DiuDiugirl <sophia.wang@pku.edu.cn>
-Djibril Koné <kone.djibril@gmail.com>
-Djordje Lukic <djordje.lukic@docker.com>
-dkumor <daniel@dkumor.com>
-Dmitri Logvinenko <dmitri.logvinenko@gmail.com>
-Dmitri Shuralyov <shurcooL@gmail.com>
-Dmitry Demeshchuk <demeshchuk@gmail.com>
-Dmitry Gusev <dmitry.gusev@gmail.com>
-Dmitry Kononenko <d@dm42.ru>
-Dmitry Sharshakov <d3dx12.xx@gmail.com>
-Dmitry Shyshkin <dmitry@shyshkin.org.ua>
-Dmitry Smirnov <onlyjob@member.fsf.org>
-Dmitry V. Krivenok <krivenok.dmitry@gmail.com>
-Dmitry Vorobev <dimahabr@gmail.com>
-Dmytro Iakovliev <dmytro.iakovliev@zodiacsystems.com>
-docker-unir[bot] <docker-unir[bot]@users.noreply.github.com>
-Dolph Mathews <dolph.mathews@gmail.com>
-Dominic Tubach <dominic.tubach@to.com>
-Dominic Yin <yindongchao@inspur.com>
-Dominik Dingel <dingel@linux.vnet.ibm.com>
-Dominik Finkbeiner <finkes93@gmail.com>
-Dominik Honnef <dominik@honnef.co>
-Don Kirkby <donkirkby@users.noreply.github.com>
-Don Kjer <don.kjer@gmail.com>
-Don Spaulding <donspauldingii@gmail.com>
-Donald Huang <don.hcd@gmail.com>
-Dong Chen <dongluo.chen@docker.com>
-Donghwa Kim <shanytt@gmail.com>
-Donovan Jones <git@gamma.net.nz>
-Dorin Geman <dorin.geman@docker.com>
-Doron Podoleanu <doronp@il.ibm.com>
-Doug Davis <dug@us.ibm.com>
-Doug MacEachern <dougm@vmware.com>
-Doug Tangren <d.tangren@gmail.com>
-Douglas Curtis <dougcurtis1@gmail.com>
-Dr Nic Williams <drnicwilliams@gmail.com>
-dragon788 <dragon788@users.noreply.github.com>
-Dražen Lučanin <kermit666@gmail.com>
-Drew Erny <derny@mirantis.com>
-Drew Hubl <drew.hubl@gmail.com>
-Dustin Sallings <dustin@spy.net>
-Ed Costello <epc@epcostello.com>
-Edmund Wagner <edmund-wagner@web.de>
-Eiichi Tsukata <devel@etsukata.com>
-Eike Herzbach <eike@herzbach.net>
-Eivin Giske Skaaren <eivinsn@axis.com>
-Eivind Uggedal <eivind@uggedal.com>
-Elan Ruusamäe <glen@pld-linux.org>
-Elango Sivanandam <elango.siva@docker.com>
-Elena Morozova <lelenanam@gmail.com>
-Eli Uriegas <seemethere101@gmail.com>
-Elias Faxö <elias.faxo@tre.se>
-Elias Koromilas <elias.koromilas@gmail.com>
-Elias Probst <mail@eliasprobst.eu>
-Elijah Zupancic <elijah@zupancic.name>
-eluck <mail@eluck.me>
-Elvir Kuric <elvirkuric@gmail.com>
-Emil Davtyan <emil2k@gmail.com>
-Emil Hernvall <emil@quench.at>
-Emily Maier <emily@emilymaier.net>
-Emily Rose <emily@contactvibe.com>
-Emir Ozer <emirozer@yandex.com>
-Eng Zer Jun <engzerjun@gmail.com>
-Enguerran <engcolson@gmail.com>
-Enrico Weigelt, metux IT consult <info@metux.net>
-Eohyung Lee <liquidnuker@gmail.com>
-epeterso <epeterson@breakpoint-labs.com>
-er0k <er0k@er0k.net>
-Eric Barch <barch@tomesoftware.com>
-Eric Curtin <ericcurtin17@gmail.com>
-Eric G. Noriega <enoriega@vizuri.com>
-Eric Hanchrow <ehanchrow@ine.com>
-Eric Lee <thenorthsecedes@gmail.com>
-Eric Mountain <eric.mountain@datadoghq.com>
-Eric Myhre <hash@exultant.us>
-Eric Paris <eparis@redhat.com>
-Eric Rafaloff <erafaloff@gmail.com>
-Eric Rosenberg <ehaydenr@gmail.com>
-Eric Sage <eric.david.sage@gmail.com>
-Eric Soderstrom <ericsoderstrom@gmail.com>
-Eric Yang <windfarer@gmail.com>
-Eric-Olivier Lamey <eo@lamey.me>
-Erica Windisch <erica@windisch.us>
-Erich Cordoba <erich.cm@yandex.com>
-Erik Bray <erik.m.bray@gmail.com>
-Erik Dubbelboer <erik@dubbelboer.com>
-Erik Hollensbe <github@hollensbe.org>
-Erik Inge Bolsø <knan@redpill-linpro.com>
-Erik Kristensen <erik@erikkristensen.com>
-Erik Sipsma <erik@sipsma.dev>
-Erik Sjölund <erik.sjolund@gmail.com>
-Erik St. Martin <alakriti@gmail.com>
-Erik Weathers <erikdw@gmail.com>
-Erno Hopearuoho <erno.hopearuoho@gmail.com>
-Erwin van der Koogh <info@erronis.nl>
-Espen Suenson <mail@espensuenson.dk>
-Ethan Bell <ebgamer29@gmail.com>
-Ethan Mosbaugh <ethan@replicated.com>
-Euan Harris <euan.harris@docker.com>
-Euan Kemp <euan.kemp@coreos.com>
-Eugen Krizo <eugen.krizo@gmail.com>
-Eugene Yakubovich <eugene.yakubovich@coreos.com>
-Evan Allrich <evan@unguku.com>
-Evan Carmi <carmi@users.noreply.github.com>
-Evan Hazlett <ejhazlett@gmail.com>
-Evan Krall <krall@yelp.com>
-Evan Lezar <elezar@nvidia.com>
-Evan Phoenix <evan@fallingsnow.net>
-Evan Wies <evan@neomantra.net>
-Evelyn Xu <evelynhsu21@gmail.com>
-Everett Toews <everett.toews@rackspace.com>
-Evgeniy Makhrov <e.makhrov@corp.badoo.com>
-Evgeny Shmarnev <shmarnev@gmail.com>
-Evgeny Vereshchagin <evvers@ya.ru>
-Ewa Czechowska <ewa@ai-traders.com>
-Eystein Måløy Stenberg <eystein.maloy.stenberg@cfengine.com>
-ezbercih <cem.ezberci@gmail.com>
-Ezra Silvera <ezra@il.ibm.com>
-Fabian Kramm <kramm@covexo.com>
-Fabian Lauer <kontakt@softwareschmiede-saar.de>
-Fabian Raetz <fabian.raetz@gmail.com>
-Fabiano Rosas <farosas@br.ibm.com>
-Fabio Falci <fabiofalci@gmail.com>
-Fabio Kung <fabio.kung@gmail.com>
-Fabio Rapposelli <fabio@vmware.com>
-Fabio Rehm <fgrehm@gmail.com>
-Fabrizio Regini <freegenie@gmail.com>
-Fabrizio Soppelsa <fsoppelsa@mirantis.com>
-Faiz Khan <faizkhan00@gmail.com>
-falmp <chico.lopes@gmail.com>
-Fangming Fang <fangming.fang@arm.com>
-Fangyuan Gao <21551127@zju.edu.cn>
-fanjiyun <fan.jiyun@zte.com.cn>
-Fareed Dudhia <fareeddudhia@googlemail.com>
-Fathi Boudra <fathi.boudra@linaro.org>
-Federico Gimenez <fgimenez@coit.es>
-Felipe Oliveira <felipeweb.programador@gmail.com>
-Felipe Ruhland <felipe.ruhland@gmail.com>
-Felix Abecassis <fabecassis@nvidia.com>
-Felix Geisendörfer <felix@debuggable.com>
-Felix Hupfeld <felix@quobyte.com>
-Felix Rabe <felix@rabe.io>
-Felix Ruess <felix.ruess@gmail.com>
-Felix Schindler <fschindler@weluse.de>
-Feng Yan <fy2462@gmail.com>
-Fengtu Wang <wangfengtu@huawei.com>
-Ferenc Szabo <pragmaticfrank@gmail.com>
-Fernando <fermayo@gmail.com>
-Fero Volar <alian@alian.info>
-Feroz Salam <feroz.salam@sourcegraph.com>
-Ferran Rodenas <frodenas@gmail.com>
-Filipe Brandenburger <filbranden@google.com>
-Filipe Oliveira <contato@fmoliveira.com.br>
-Filipe Pina <hzlu1ot0@duck.com>
-Flavio Castelli <fcastelli@suse.com>
-Flavio Crisciani <flavio.crisciani@docker.com>
-Florian <FWirtz@users.noreply.github.com>
-Florian Klein <florian.klein@free.fr>
-Florian Maier <marsmensch@users.noreply.github.com>
-Florian Noeding <noeding@adobe.com>
-Florian Schmaus <flo@geekplace.eu>
-Florian Weingarten <flo@hackvalue.de>
-Florin Asavoaie <florin.asavoaie@gmail.com>
-Florin Patan <florinpatan@gmail.com>
-fonglh <fonglh@gmail.com>
-Foysal Iqbal <foysal.iqbal.fb@gmail.com>
-Francesc Campoy <campoy@google.com>
-Francesco Degrassi <francesco.degrassi@optionfactory.net>
-Francesco Mari <mari.francesco@gmail.com>
-Francis Chuang <francis.chuang@boostport.com>
-Francisco Carriedo <fcarriedo@gmail.com>
-Francisco Souza <f@souza.cc>
-Frank Groeneveld <frank@ivaldi.nl>
-Frank Herrmann <fgh@4gh.tv>
-Frank Macreery <frank@macreery.com>
-Frank Rosquin <frank.rosquin+github@gmail.com>
-Frank Villaro-Dixon <frank.villarodixon@merkle.com>
-Frank Yang <yyb196@gmail.com>
-François Scala <github@arcenik.net>
-Fred Lifton <fred.lifton@docker.com>
-Frederick F. Kautz IV <fkautz@redhat.com>
-Frederico F. de Oliveira <FreddieOliveira@users.noreply.github.com>
-Frederik Loeffert <frederik@zitrusmedia.de>
-Frederik Nordahl Jul Sabroe <frederikns@gmail.com>
-Freek Kalter <freek@kalteronline.org>
-Frieder Bluemle <frieder.bluemle@gmail.com>
-frobnicaty <92033765+frobnicaty@users.noreply.github.com>
-Frédéric Dalleau <frederic.dalleau@docker.com>
-Fu JinLin <withlin@yeah.net>
-Félix Baylac-Jacqué <baylac.felix@gmail.com>
-Félix Cantournet <felix.cantournet@cloudwatt.com>
-Gabe Rosenhouse <gabe@missionst.com>
-Gabor Nagy <mail@aigeruth.hu>
-Gabriel Adrian Samfira <gsamfira@cloudbasesolutions.com>
-Gabriel Goller <gabrielgoller123@gmail.com>
-Gabriel L. Somlo <gsomlo@gmail.com>
-Gabriel Linder <linder.gabriel@gmail.com>
-Gabriel Monroy <gabriel@opdemand.com>
-Gabriel Nicolas Avellaneda <avellaneda.gabriel@gmail.com>
-Gabriel Tomitsuka <gabriel@tomitsuka.com>
-Gaetan de Villele <gdevillele@gmail.com>
-Galen Sampson <galen.sampson@gmail.com>
-Gang Qiao <qiaohai8866@gmail.com>
-Gareth Rushgrove <gareth@morethanseven.net>
-Garrett Barboza <garrett@garrettbarboza.com>
-Gary Schaetz <gary@schaetzkc.com>
-Gaurav <gaurav.gosec@gmail.com>
-Gaurav Singh <gaurav1086@gmail.com>
-Gaël PORTAY <gael.portay@savoirfairelinux.com>
-Genki Takiuchi <genki@s21g.com>
-GennadySpb <lipenkov@gmail.com>
-Geoff Levand <geoff@infradead.org>
-Geoffrey Bachelet <grosfrais@gmail.com>
-Geon Kim <geon0250@gmail.com>
-George Adams <georgeadams1995@gmail.com>
-George Kontridze <george@bugsnag.com>
-George Ma <mayangang@outlook.com>
-George MacRorie <gmacr31@gmail.com>
-George Xie <georgexsh@gmail.com>
-Georgi Hristozov <georgi@forkbomb.nl>
-Georgy Yakovlev <gyakovlev@gentoo.org>
-Gereon Frey <gereon.frey@dynport.de>
-German DZ <germ@ndz.com.ar>
-Gert van Valkenhoef <g.h.m.van.valkenhoef@rug.nl>
-Gerwim Feiken <g.feiken@tfe.nl>
-Ghislain Bourgeois <ghislain.bourgeois@gmail.com>
-Giampaolo Mancini <giampaolo@trampolineup.com>
-Gianluca Borello <g.borello@gmail.com>
-Gildas Cuisinier <gildas.cuisinier@gcuisinier.net>
-Giovan Isa Musthofa <giovanism@outlook.co.id>
-gissehel <public-devgit-dantus@gissehel.org>
-Giuseppe Mazzotta <gdm85@users.noreply.github.com>
-Giuseppe Scrivano <gscrivan@redhat.com>
-Gleb Fotengauer-Malinovskiy <glebfm@altlinux.org>
-Gleb M Borisov <borisov.gleb@gmail.com>
-Glyn Normington <gnormington@gopivotal.com>
-GoBella <caili_welcome@163.com>
-Goffert van Gool <goffert@phusion.nl>
-Goldwyn Rodrigues <rgoldwyn@suse.com>
-Gopikannan Venugopalsamy <gopikannan.venugopalsamy@gmail.com>
-Gosuke Miyashita <gosukenator@gmail.com>
-Gou Rao <gou@portworx.com>
-Govinda Fichtner <govinda.fichtner@googlemail.com>
-Grace Choi <grace.54109@gmail.com>
-Grant Millar <rid@cylo.io>
-Grant Reaber <grant.reaber@gmail.com>
-Graydon Hoare <graydon@pobox.com>
-Greg Fausak <greg@tacodata.com>
-Greg Pflaum <gpflaum@users.noreply.github.com>
-Greg Stephens <greg@udon.org>
-Greg Thornton <xdissent@me.com>
-Grzegorz Jaśkiewicz <gj.jaskiewicz@gmail.com>
-Guilhem Lettron <guilhem+github@lettron.fr>
-Guilherme Salgado <gsalgado@gmail.com>
-Guillaume Dufour <gdufour.prestataire@voyages-sncf.com>
-Guillaume J. Charmes <guillaume.charmes@docker.com>
-Gunadhya S. <6939749+gunadhya@users.noreply.github.com>
-Guoqiang QI <guoqiang.qi1@gmail.com>
-guoxiuyan <guoxiuyan@huawei.com>
-Guri <odg0318@gmail.com>
-Gurjeet Singh <gurjeet@singh.im>
-Guruprasad <lgp171188@gmail.com>
-Gustav Sinder <gustav.sinder@gmail.com>
-gwx296173 <gaojing3@huawei.com>
-Günter Zöchbauer <guenter@gzoechbauer.com>
-Haichao Yang <yang.haichao@zte.com.cn>
-haikuoliu <haikuo@amazon.com>
-haining.cao <haining.cao@daocloud.io>
-Hakan Özler <hakan.ozler@kodcu.com>
-Hamish Hutchings <moredhel@aoeu.me>
-Hannes Ljungberg <hannes@5monkeys.se>
-Hans Kristian Flaatten <hans@starefossen.com>
-Hans Rødtang <hansrodtang@gmail.com>
-Hao Shu Wei <haoshuwei24@gmail.com>
-Hao Zhang <21521210@zju.edu.cn>
-Harald Albers <github@albersweb.de>
-Harald Niesche <harald@niesche.de>
-Harley Laue <losinggeneration@gmail.com>
-Harold Cooper <hrldcpr@gmail.com>
-Harrison Turton <harrisonturton@gmail.com>
-Harry Zhang <harryz@hyper.sh>
-Harshal Patil <harshal.patil@in.ibm.com>
-Harshal Patil <harshalp@linux.vnet.ibm.com>
-He Simei <hesimei@zju.edu.cn>
-He Xiaoxi <tossmilestone@gmail.com>
-He Xin <he_xinworld@126.com>
-heartlock <21521209@zju.edu.cn>
-Hector Castro <hectcastro@gmail.com>
-Helen Xie <chenjg@harmonycloud.cn>
-Henning Sprang <henning.sprang@gmail.com>
-Hiroshi Hatake <hatake@clear-code.com>
-Hiroyuki Sasagawa <hs19870702@gmail.com>
-Hobofan <goisser94@gmail.com>
-Hollie Teal <hollie@docker.com>
-Hong Xu <hong@topbug.net>
-Hongbin Lu <hongbin034@gmail.com>
-Hongxu Jia <hongxu.jia@windriver.com>
-Honza Pokorny <me@honza.ca>
-Hsing-Hui Hsu <hsinghui@amazon.com>
-Hsing-Yu (David) Chen <davidhsingyuchen@gmail.com>
-hsinko <21551195@zju.edu.cn>
-Hu Keping <hukeping@huawei.com>
-Hu Tao <hutao@cn.fujitsu.com>
-Huajin Tong <fliterdashen@gmail.com>
-huang-jl <1046678590@qq.com>
-HuanHuan Ye <logindaveye@gmail.com>
-Huanzhong Zhang <zhanghuanzhong90@gmail.com>
-Huayi Zhang <irachex@gmail.com>
-Hugo Barrera <hugo@barrera.io>
-Hugo Duncan <hugo@hugoduncan.org>
-Hugo Marisco <0x6875676f@gmail.com>
-Hui Kang <hkang.sunysb@gmail.com>
-Hunter Blanks <hunter@twilio.com>
-huqun <huqun@zju.edu.cn>
-Huu Nguyen <huu@prismskylabs.com>
-Hyeongkyu Lee <hyeongkyu.lee@navercorp.com>
-Hyzhou Zhy <hyzhou.zhy@alibaba-inc.com>
-Iago López Galeiras <iago@kinvolk.io>
-Ian Bishop <ianbishop@pace7.com>
-Ian Bull <irbull@gmail.com>
-Ian Calvert <ianjcalvert@gmail.com>
-Ian Campbell <ian.campbell@docker.com>
-Ian Chen <ianre657@gmail.com>
-Ian Lee <IanLee1521@gmail.com>
-Ian Main <imain@redhat.com>
-Ian Philpot <ian.philpot@microsoft.com>
-Ian Truslove <ian.truslove@gmail.com>
-Iavael <iavaelooeyt@gmail.com>
-Icaro Seara <icaro.seara@gmail.com>
-Ignacio Capurro <icapurrofagian@gmail.com>
-Igor Dolzhikov <bluesriverz@gmail.com>
-Igor Karpovich <i.karpovich@currencysolutions.com>
-Iliana Weller <iweller@amazon.com>
-Ilkka Laukkanen <ilkka@ilkka.io>
-Illia Antypenko <ilya@antipenko.pp.ua>
-Illo Abdulrahim <abdulrahim.illo@nokia.com>
-Ilya Dmitrichenko <errordeveloper@gmail.com>
-Ilya Gusev <mail@igusev.ru>
-Ilya Khlopotov <ilya.khlopotov@gmail.com>
-imalasong <2879499479@qq.com>
-imre Fitos <imre.fitos+github@gmail.com>
-inglesp <peter.inglesby@gmail.com>
-Ingo Gottwald <in.gottwald@gmail.com>
-Innovimax <innovimax@gmail.com>
-Isaac Dupree <antispam@idupree.com>
-Isabel Jimenez <contact.isabeljimenez@gmail.com>
-Isaiah Grace <irgkenya4@gmail.com>
-Isao Jonas <isao.jonas@gmail.com>
-Iskander Sharipov <quasilyte@gmail.com>
-Ivan Babrou <ibobrik@gmail.com>
-Ivan Fraixedes <ifcdev@gmail.com>
-Ivan Grcic <igrcic@gmail.com>
-Ivan Markin <sw@nogoegst.net>
-J Bruni <joaohbruni@yahoo.com.br>
-J. Nunn <jbnunn@gmail.com>
-Jack Danger Canty <jackdanger@squareup.com>
-Jack Laxson <jackjrabbit@gmail.com>
-Jack Walker <90711509+j2walker@users.noreply.github.com>
-Jacob Atzen <jacob@jacobatzen.dk>
-Jacob Edelman <edelman.jd@gmail.com>
-Jacob Tomlinson <jacob@tom.linson.uk>
-Jacob Vallejo <jakeev@amazon.com>
-Jacob Wen <jian.w.wen@oracle.com>
-Jaime Cepeda <jcepedavillamayor@gmail.com>
-Jaivish Kothari <janonymous.codevulture@gmail.com>
-Jake Champlin <jake.champlin.27@gmail.com>
-Jake Moshenko <jake@devtable.com>
-Jake Sanders <jsand@google.com>
-Jakub Drahos <jdrahos@pulsepoint.com>
-Jakub Guzik <jakubmguzik@gmail.com>
-James Allen <jamesallen0108@gmail.com>
-James Carey <jecarey@us.ibm.com>
-James Carr <james.r.carr@gmail.com>
-James DeFelice <james.defelice@ishisystems.com>
-James Harrison Fisher <jameshfisher@gmail.com>
-James Kyburz <james.kyburz@gmail.com>
-James Kyle <james@jameskyle.org>
-James Lal <james@lightsofapollo.com>
-James Mills <prologic@shortcircuit.net.au>
-James Nesbitt <jnesbitt@mirantis.com>
-James Nugent <james@jen20.com>
-James Sanders <james3sanders@gmail.com>
-James Turnbull <james@lovedthanlost.net>
-James Watkins-Harvey <jwatkins@progi-media.com>
-Jameson Hyde <jameson.hyde@docker.com>
-Jamie Hannaford <jamie@limetree.org>
-Jamshid Afshar <jafshar@yahoo.com>
-Jan Breig <git@pygos.space>
-Jan Chren <dev.rindeal@gmail.com>
-Jan Garcia <github-public@n-garcia.com>
-Jan Götte <jaseg@jaseg.net>
-Jan Keromnes <janx@linux.com>
-Jan Koprowski <jan.koprowski@gmail.com>
-Jan Pazdziora <jpazdziora@redhat.com>
-Jan Toebes <jan@toebes.info>
-Jan-Gerd Tenberge <janten@gmail.com>
-Jan-Jaap Driessen <janjaapdriessen@gmail.com>
-Jana Radhakrishnan <mrjana@docker.com>
-Jannick Fahlbusch <git@jf-projects.de>
-Januar Wayong <januar@gmail.com>
-Jared Biel <jared.biel@bolderthinking.com>
-Jared Hocutt <jaredh@netapp.com>
-Jaroslav Jindrak <dzejrou@gmail.com>
-Jaroslaw Zabiello <hipertracker@gmail.com>
-Jasmine Hegman <jasmine@jhegman.com>
-Jason A. Donenfeld <Jason@zx2c4.com>
-Jason Divock <jdivock@gmail.com>
-Jason Giedymin <jasong@apache.org>
-Jason Green <Jason.Green@AverInformatics.Com>
-Jason Hall <imjasonh@gmail.com>
-Jason Heiss <jheiss@aput.net>
-Jason Livesay <ithkuil@gmail.com>
-Jason McVetta <jason.mcvetta@gmail.com>
-Jason Plum <jplum@devonit.com>
-Jason Shepherd <jason@jasonshepherd.net>
-Jason Smith <jasonrichardsmith@gmail.com>
-Jason Sommer <jsdirv@gmail.com>
-Jason Stangroome <jason@codeassassin.com>
-Jasper Siepkes <siepkes@serviceplanet.nl>
-Javier Bassi <javierbassi@gmail.com>
-jaxgeller <jacksongeller@gmail.com>
-Jay <teguhwpurwanto@gmail.com>
-Jay Kamat <github@jgkamat.33mail.com>
-Jay Lim <jay@imjching.com>
-Jean Rouge <rougej+github@gmail.com>
-Jean-Baptiste Barth <jeanbaptiste.barth@gmail.com>
-Jean-Baptiste Dalido <jeanbaptiste@appgratis.com>
-Jean-Christophe Berthon <huygens@berthon.eu>
-Jean-Michel Rouet <jm.rouet@gmail.com>
-Jean-Paul Calderone <exarkun@twistedmatrix.com>
-Jean-Pierre Huynh <jean-pierre.huynh@ounet.fr>
-Jean-Tiare Le Bigot <jt@yadutaf.fr>
-Jeeva S. Chelladhurai <sjeeva@gmail.com>
-Jeff Anderson <jeff@docker.com>
-Jeff Hajewski <jeff.hajewski@gmail.com>
-Jeff Johnston <jeff.johnston.mn@gmail.com>
-Jeff Lindsay <progrium@gmail.com>
-Jeff Mickey <j@codemac.net>
-Jeff Minard <jeff@creditkarma.com>
-Jeff Nickoloff <jeff.nickoloff@gmail.com>
-Jeff Silberman <jsilberm@gmail.com>
-Jeff Welch <whatthejeff@gmail.com>
-Jeff Zvier <zvier20@gmail.com>
-Jeffrey Bolle <jeffreybolle@gmail.com>
-Jeffrey Morgan <jmorganca@gmail.com>
-Jeffrey van Gogh <jvg@google.com>
-Jenny Gebske <jennifer@gebske.de>
-Jeongseok Kang <piono623@naver.com>
-Jeremy Chambers <jeremy@thehipbot.com>
-Jeremy Grosser <jeremy@synack.me>
-Jeremy Huntwork <jhuntwork@lightcubesolutions.com>
-Jeremy Price <jprice.rhit@gmail.com>
-Jeremy Qian <vanpire110@163.com>
-Jeremy Unruh <jeremybunruh@gmail.com>
-Jeremy Yallop <yallop@docker.com>
-Jeroen Franse <jeroenfranse@gmail.com>
-Jeroen Jacobs <github@jeroenj.be>
-Jesse Dearing <jesse.dearing@gmail.com>
-Jesse Dubay <jesse@thefortytwo.net>
-Jessica Frazelle <jess@oxide.computer>
-Jeyanthinath Muthuram <jeyanthinath10@gmail.com>
-Jezeniel Zapanta <jpzapanta22@gmail.com>
-Jhon Honce <jhonce@redhat.com>
-Ji.Zhilong <zhilongji@gmail.com>
-Jian Liao <jliao@alauda.io>
-Jian Zeng <anonymousknight96@gmail.com>
-Jian Zhang <zhangjian.fnst@cn.fujitsu.com>
-Jiang Jinyang <jjyruby@gmail.com>
-Jianyong Wu <jianyong.wu@arm.com>
-Jie Luo <luo612@zju.edu.cn>
-Jie Ma <jienius@outlook.com>
-Jihyun Hwang <jhhwang@telcoware.com>
-Jilles Oldenbeuving <ojilles@gmail.com>
-Jim Alateras <jima@comware.com.au>
-Jim Carroll <jim.carroll@docker.com>
-Jim Ehrismann <jim.ehrismann@docker.com>
-Jim Galasyn <jim.galasyn@docker.com>
-Jim Lin <b04705003@ntu.edu.tw>
-Jim Minter <jminter@redhat.com>
-Jim Perrin <jperrin@centos.org>
-Jimmy Cuadra <jimmy@jimmycuadra.com>
-Jimmy Puckett <jimmy.puckett@spinen.com>
-Jimmy Song <rootsongjc@gmail.com>
-jinjiadu <jinjiadu@aliyun.com>
-Jinsoo Park <cellpjs@gmail.com>
-Jintao Zhang <zhangjintao9020@gmail.com>
-Jiri Appl <jiria@microsoft.com>
-Jiri Popelka <jpopelka@redhat.com>
-Jiuyue Ma <majiuyue@huawei.com>
-Jiří Župka <jzupka@redhat.com>
-jjimbo137 <115816493+jjimbo137@users.noreply.github.com>
-Joakim Roubert <joakim.roubert@axis.com>
-Joan Grau <grautxo.dev@proton.me>
-Joao Fernandes <joao.fernandes@docker.com>
-Joao Trindade <trindade.joao@gmail.com>
-Joe Beda <joe.github@bedafamily.com>
-Joe Doliner <jdoliner@pachyderm.io>
-Joe Ferguson <joe@infosiftr.com>
-Joe Gordon <joe.gordon0@gmail.com>
-Joe Shaw <joe@joeshaw.org>
-Joe Van Dyk <joe@tanga.com>
-Joel Friedly <joelfriedly@gmail.com>
-Joel Handwell <joelhandwell@gmail.com>
-Joel Hansson <joel.hansson@ecraft.com>
-Joel Wurtz <jwurtz@jolicode.com>
-Joey Geiger <jgeiger@gmail.com>
-Joey Geiger <jgeiger@users.noreply.github.com>
-Joey Gibson <joey@joeygibson.com>
-Joffrey F <joffrey@docker.com>
-Johan Euphrosine <proppy@google.com>
-Johan Rydberg <johan.rydberg@gmail.com>
-Johanan Lieberman <johanan.lieberman@gmail.com>
-Johannes 'fish' Ziemke <github@freigeist.org>
-John Costa <john.costa@gmail.com>
-John Feminella <jxf@jxf.me>
-John Gardiner Myers <jgmyers@proofpoint.com>
-John Gossman <johngos@microsoft.com>
-John Harris <john@johnharris.io>
-John Howard <github@lowenna.com>
-John Laswell <john.n.laswell@gmail.com>
-John Maguire <jmaguire@duosecurity.com>
-John Mulhausen <john@docker.com>
-John OBrien III <jobrieniii@yahoo.com>
-John Starks <jostarks@microsoft.com>
-John Stephens <johnstep@docker.com>
-John Tims <john.k.tims@gmail.com>
-John V. Martinez <jvmatl@gmail.com>
-John Warwick <jwarwick@gmail.com>
-John Willis <john.willis@docker.com>
-Jon Johnson <jonjohnson@google.com>
-Jon Surrell <jon.surrell@gmail.com>
-Jon Wedaman <jweede@gmail.com>
-Jonas Dohse <jonas@dohse.ch>
-Jonas Geiler <git@jonasgeiler.com>
-Jonas Heinrich <Jonas@JonasHeinrich.com>
-Jonas Pfenniger <jonas@pfenniger.name>
-Jonathan A. Schweder <jonathanschweder@gmail.com>
-Jonathan A. Sternberg <jonathansternberg@gmail.com>
-Jonathan Boulle <jonathanboulle@gmail.com>
-Jonathan Camp <jonathan@irondojo.com>
-Jonathan Choy <jonathan.j.choy@gmail.com>
-Jonathan Dowland <jon+github@alcopop.org>
-Jonathan Lebon <jlebon@redhat.com>
-Jonathan Lomas <jonathan@floatinglomas.ca>
-Jonathan McCrohan <jmccrohan@gmail.com>
-Jonathan Mueller <j.mueller@apoveda.ch>
-Jonathan Pares <jonathanpa@users.noreply.github.com>
-Jonathan Rudenberg <jonathan@titanous.com>
-Jonathan Stoppani <jonathan.stoppani@divio.com>
-Jonh Wendell <jonh.wendell@redhat.com>
-Joni Sar <yoni@cocycles.com>
-Joost Cassee <joost@cassee.net>
-Jordan Arentsen <blissdev@gmail.com>
-Jordan Jennings <jjn2009@gmail.com>
-Jordan Sissel <jls@semicomplete.com>
-Jordi Massaguer Pla <jmassaguerpla@suse.de>
-Jorge Marin <chipironcin@users.noreply.github.com>
-Jorit Kleine-Möllhoff <joppich@bricknet.de>
-Jose Diaz-Gonzalez <email@josediazgonzalez.com>
-Joseph Anthony Pasquale Holsten <joseph@josephholsten.com>
-Joseph Hager <ajhager@gmail.com>
-Joseph Kern <jkern@semafour.net>
-Joseph Rothrock <rothrock@rothrock.org>
-Josh <jokajak@gmail.com>
-Josh Bodah <jb3689@yahoo.com>
-Josh Bonczkowski <josh.bonczkowski@gmail.com>
-Josh Chorlton <jchorlton@gmail.com>
-Josh Eveleth <joshe@opendns.com>
-Josh Hawn <josh.hawn@docker.com>
-Josh Horwitz <horwitz@addthis.com>
-Josh Poimboeuf <jpoimboe@redhat.com>
-Josh Soref <jsoref@gmail.com>
-Josh Wilson <josh.wilson@fivestars.com>
-Josiah Kiehl <jkiehl@riotgames.com>
-José Tomás Albornoz <jojo@eljojo.net>
-Joyce Jang <mail@joycejang.com>
-JP <jpellerin@leapfrogonline.com>
-JSchltggr <jschltggr@gmail.com>
-Julian Taylor <jtaylor.debian@googlemail.com>
-Julien Barbier <write0@gmail.com>
-Julien Bisconti <veggiemonk@users.noreply.github.com>
-Julien Bordellier <julienbordellier@gmail.com>
-Julien Dubois <julien.dubois@gmail.com>
-Julien Kassar <github@kassisol.com>
-Julien Maitrehenry <julien.maitrehenry@me.com>
-Julien Pervillé <julien.perville@perfect-memory.com>
-Julien Pivotto <roidelapluie@inuits.eu>
-Julio Guerra <julio@sqreen.com>
-Julio Montes <imc.coder@gmail.com>
-Jun Du <dujun5@huawei.com>
-Jun-Ru Chang <jrjang@gmail.com>
-junxu <xujun@cmss.chinamobile.com>
-Jussi Nummelin <jussi.nummelin@gmail.com>
-Justas Brazauskas <brazauskasjustas@gmail.com>
-Justen Martin <jmart@the-coder.com>
-Justin Chadwell <me@jedevc.com>
-Justin Cormack <justin.cormack@docker.com>
-Justin Force <justin.force@gmail.com>
-Justin Keller <85903732+jk-vb@users.noreply.github.com>
-Justin Menga <justin.menga@gmail.com>
-Justin Plock <jplock@users.noreply.github.com>
-Justin Simonelis <justin.p.simonelis@gmail.com>
-Justin Terry <juterry@microsoft.com>
-Justyn Temme <justyntemme@gmail.com>
-Jyrki Puttonen <jyrkiput@gmail.com>
-Jérémy Leherpeur <amenophis@leherpeur.net>
-Jérôme Petazzoni <jerome.petazzoni@docker.com>
-Jörg Thalheim <joerg@higgsboson.tk>
-K. Heller <pestophagous@gmail.com>
-Kai Blin <kai@samba.org>
-Kai Qiang Wu (Kennan) <wkq5325@gmail.com>
-Kaijie Chen <chen@kaijie.org>
-Kaita Nakamura <kaita.nakamura0830@gmail.com>
-Kamil Domański <kamil@domanski.co>
-Kamjar Gerami <kami.gerami@gmail.com>
-Kanstantsin Shautsou <kanstantsin.sha@gmail.com>
-Kara Alexandra <kalexandra@us.ibm.com>
-Karan Lyons <karan@karanlyons.com>
-Kareem Khazem <karkhaz@karkhaz.com>
-kargakis <kargakis@users.noreply.github.com>
-Karl Grzeszczak <karlgrz@gmail.com>
-Karol Duleba <mr.fuxi@gmail.com>
-Karthik Karanth <karanth.karthik@gmail.com>
-Karthik Nayak <karthik.188@gmail.com>
-Kasper Fabæch Brandt <poizan@poizan.dk>
-Kate Heddleston <kate.heddleston@gmail.com>
-Katie McLaughlin <katie@glasnt.com>
-Kato Kazuyoshi <kato.kazuyoshi@gmail.com>
-Katrina Owen <katrina.owen@gmail.com>
-Kawsar Saiyeed <kawsar.saiyeed@projiris.com>
-Kay Yan <kay.yan@daocloud.io>
-kayrus <kay.diam@gmail.com>
-Kazuhiro Sera <seratch@gmail.com>
-Kazuyoshi Kato <katokazu@amazon.com>
-Ke Li <kel@splunk.com>
-Ke Xu <leonhartx.k@gmail.com>
-Kei Ohmura <ohmura.kei@gmail.com>
-Keith Hudgins <greenman@greenman.org>
-Keli Hu <dev@keli.hu>
-Ken Bannister <kb2ma@runbox.com>
-Ken Cochrane <kencochrane@gmail.com>
-Ken Herner <kherner@progress.com>
-Ken ICHIKAWA <ichikawa.ken@jp.fujitsu.com>
-Ken Reese <krrgithub@gmail.com>
-Kenfe-Mickaël Laventure <mickael.laventure@gmail.com>
-Kenjiro Nakayama <nakayamakenjiro@gmail.com>
-Kent Johnson <kentoj@gmail.com>
-Kenta Tada <Kenta.Tada@sony.com>
-Kevin "qwazerty" Houdebert <kevin.houdebert@gmail.com>
-Kevin Alvarez <github@crazymax.dev>
-Kevin Burke <kev@inburke.com>
-Kevin Clark <kevin.clark@gmail.com>
-Kevin Feyrer <kevin.feyrer@btinternet.com>
-Kevin J. Lynagh <kevin@keminglabs.com>
-Kevin Jing Qiu <kevin@idempotent.ca>
-Kevin Kern <kaiwentan@harmonycloud.cn>
-Kevin Menard <kevin@nirvdrum.com>
-Kevin Meredith <kevin.m.meredith@gmail.com>
-Kevin P. Kucharczyk <kevinkucharczyk@gmail.com>
-Kevin Parsons <kevpar@microsoft.com>
-Kevin Richardson <kevin@kevinrichardson.co>
-Kevin Shi <kshi@andrew.cmu.edu>
-Kevin Wallace <kevin@pentabarf.net>
-Kevin Yap <me@kevinyap.ca>
-Keyvan Fatehi <keyvanfatehi@gmail.com>
-kies <lleelm@gmail.com>
-Kim BKC Carlbacker <kim.carlbacker@gmail.com>
-Kim Eik <kim@heldig.org>
-Kimbro Staken <kstaken@kstaken.com>
-Kir Kolyshkin <kolyshkin@gmail.com>
-Kiran Gangadharan <kiran.daredevil@gmail.com>
-Kirill SIbirev <l0kix2@gmail.com>
-Kirk Easterson <kirk.easterson@gmail.com>
-knappe <tyler.knappe@gmail.com>
-Kohei Tsuruta <coheyxyz@gmail.com>
-Koichi Shiraishi <k@zchee.io>
-Konrad Kleine <konrad.wilhelm.kleine@gmail.com>
-Konrad Ponichtera <konpon96@gmail.com>
-Konstantin Gribov <grossws@gmail.com>
-Konstantin L <sw.double@gmail.com>
-Konstantin Pelykh <kpelykh@zettaset.com>
-Kostadin Plachkov <k.n.plachkov@gmail.com>
-kpcyrd <git@rxv.cc>
-Krasi Georgiev <krasi@vip-consult.solutions>
-Krasimir Georgiev <support@vip-consult.co.uk>
-Kris-Mikael Krister <krismikael@protonmail.com>
-Kristian Haugene <kristian.haugene@capgemini.com>
-Kristian Heljas <kristian@kristian.ee>
-Kristina Zabunova <triara.xiii@gmail.com>
-Krystian Wojcicki <kwojcicki@sympatico.ca>
-Kunal Kushwaha <kushwaha_kunal_v7@lab.ntt.co.jp>
-Kunal Tyagi <tyagi.kunal@live.com>
-Kyle Conroy <kyle.j.conroy@gmail.com>
-Kyle Linden <linden.kyle@gmail.com>
-Kyle Squizzato <ksquizz@gmail.com>
-Kyle Wuolle <kyle.wuolle@gmail.com>
-kyu <leehk1227@gmail.com>
-Lachlan Coote <lcoote@vmware.com>
-Lai Jiangshan <jiangshanlai@gmail.com>
-Lajos Papp <lajos.papp@sequenceiq.com>
-Lakshan Perera <lakshan@laktek.com>
-Lalatendu Mohanty <lmohanty@redhat.com>
-Lance Chen <cyen0312@gmail.com>
-Lance Kinley <lkinley@loyaltymethods.com>
-Lars Andringa <l.s.andringa@rug.nl>
-Lars Butler <Lars.Butler@gmail.com>
-Lars Kellogg-Stedman <lars@redhat.com>
-Lars R. Damerow <lars@pixar.com>
-Lars-Magnus Skog <ralphtheninja@riseup.net>
-Laszlo Meszaros <lacienator@gmail.com>
-Laura Brehm <laurabrehm@hey.com>
-Laura Frank <ljfrank@gmail.com>
-Laurent Bernaille <laurent.bernaille@datadoghq.com>
-Laurent Erignoux <lerignoux@gmail.com>
-Laurent Goderre <laurent.goderre@docker.com>
-Laurie Voss <github@seldo.com>
-Leandro Motta Barros <lmb@stackedboxes.org>
-Leandro Siqueira <leandro.siqueira@gmail.com>
-Lee Calcote <leecalcote@gmail.com>
-Lee Chao <932819864@qq.com>
-Lee, Meng-Han <sunrisedm4@gmail.com>
-Lei Gong <lgong@alauda.io>
-Lei Jitang <leijitang@huawei.com>
-Leiiwang <u2takey@gmail.com>
-Len Weincier <len@cloudafrica.net>
-Lennie <github@consolejunkie.net>
-Leo Gallucci <elgalu3@gmail.com>
-Leonardo Nodari <me@leonardonodari.it>
-Leonardo Taccari <leot@NetBSD.org>
-Leszek Kowalski <github@leszekkowalski.pl>
-Levi Blackstone <levi.blackstone@rackspace.com>
-Levi Gross <levi@levigross.com>
-Levi Harrison <levisamuelharrison@gmail.com>
-Lewis Daly <lewisdaly@me.com>
-Lewis Marshall <lewis@lmars.net>
-Lewis Peckover <lew+github@lew.io>
-Li Yi <denverdino@gmail.com>
-Liam Macgillavry <liam@kumina.nl>
-Liana Lo <liana.lixia@gmail.com>
-Liang Mingqiang <mqliang.zju@gmail.com>
-Liang-Chi Hsieh <viirya@gmail.com>
-liangwei <liangwei14@huawei.com>
-Liao Qingwei <liaoqingwei@huawei.com>
-Lifubang <lifubang@acmcoder.com>
-Lihua Tang <lhtang@alauda.io>
-Lily Guo <lily.guo@docker.com>
-limeidan <limeidan@loongson.cn>
-Lin Lu <doraalin@163.com>
-LingFaKe <lingfake@huawei.com>
-Linus Heckemann <lheckemann@twig-world.com>
-Liran Tal <liran.tal@gmail.com>
-Liron Levin <liron@twistlock.com>
-Liu Bo <bo.li.liu@oracle.com>
-Liu Hua <sdu.liu@huawei.com>
-liwenqi <vikilwq@zju.edu.cn>
-lixiaobing10051267 <li.xiaobing1@zte.com.cn>
-Liz Zhang <lizzha@microsoft.com>
-LIZAO LI <lzlarryli@gmail.com>
-Lizzie Dixon <_@lizzie.io>
-Lloyd Dewolf <foolswisdom@gmail.com>
-Lokesh Mandvekar <lsm5@fedoraproject.org>
-longliqiang88 <394564827@qq.com>
-Lorenz Leutgeb <lorenz.leutgeb@gmail.com>
-Lorenzo Fontana <fontanalorenz@gmail.com>
-Lotus Fenn <fenn.lotus@gmail.com>
-Louis Delossantos <ldelossa.ld@gmail.com>
-Louis Opter <kalessin@kalessin.fr>
-Luboslav Pivarc <lpivarc@redhat.com>
-Luca Favatella <luca.favatella@erlang-solutions.com>
-Luca Marturana <lucamarturana@gmail.com>
-Luca Orlandi <luca.orlandi@gmail.com>
-Luca-Bogdan Grigorescu <Luca-Bogdan Grigorescu>
-Lucas Chan <lucas-github@lucaschan.com>
-Lucas Chi <lucas@teacherspayteachers.com>
-Lucas Molas <lmolas@fundacionsadosky.org.ar>
-Lucas Silvestre <lukas.silvestre@gmail.com>
-Luciano Mores <leslau@gmail.com>
-Luis Henrique Mulinari <luis.mulinari@gmail.com>
-Luis Martínez de Bartolomé Izquierdo <lmartinez@biicode.com>
-Luiz Svoboda <luizek@gmail.com>
-Lukas Heeren <lukas-heeren@hotmail.com>
-Lukas Waslowski <cr7pt0gr4ph7@gmail.com>
-lukaspustina <lukas.pustina@centerdevice.com>
-Lukasz Zajaczkowski <Lukasz.Zajaczkowski@ts.fujitsu.com>
-Luke Marsden <me@lukemarsden.net>
-Lyn <energylyn@zju.edu.cn>
-Lynda O'Leary <lyndaoleary29@gmail.com>
-Lénaïc Huard <lhuard@amadeus.com>
-Ma Müller <mueller-ma@users.noreply.github.com>
-Ma Shimiao <mashimiao.fnst@cn.fujitsu.com>
-Mabin <bin.ma@huawei.com>
-Madhan Raj Mookkandy <MadhanRaj.Mookkandy@microsoft.com>
-Madhav Puri <madhav.puri@gmail.com>
-Madhu Venugopal <mavenugo@gmail.com>
-Mageee <fangpuyi@foxmail.com>
-maggie44 <64841595+maggie44@users.noreply.github.com>
-Mahesh Tiyyagura <tmahesh@gmail.com>
-malnick <malnick@gmail..com>
-Malte Janduda <mail@janduda.net>
-Manfred Touron <m@42.am>
-Manfred Zabarauskas <manfredas@zabarauskas.com>
-Manjunath A Kumatagi <mkumatag@in.ibm.com>
-Mansi Nahar <mmn4185@rit.edu>
-Manuel Meurer <manuel@krautcomputing.com>
-Manuel Rüger <manuel@rueg.eu>
-Manuel Woelker <github@manuel.woelker.org>
-mapk0y <mapk0y@gmail.com>
-Marat Radchenko <marat@slonopotamus.org>
-Marc Abramowitz <marc@marc-abramowitz.com>
-Marc Kuo <kuomarc2@gmail.com>
-Marc Tamsky <mtamsky@gmail.com>
-Marcel Edmund Franke <marcel.edmund.franke@gmail.com>
-Marcelo Horacio Fortino <info@fortinux.com>
-Marcelo Salazar <chelosalazar@gmail.com>
-Marco Hennings <marco.hennings@freiheit.com>
-Marcus Cobden <mcobden@cisco.com>
-Marcus Farkas <toothlessgear@finitebox.com>
-Marcus Linke <marcus.linke@gmx.de>
-Marcus Martins <marcus@docker.com>
-Marcus Ramberg <marcus@nordaaker.com>
-Marek Goldmann <marek.goldmann@gmail.com>
-Marian Marinov <mm@yuhu.biz>
-Marianna Tessel <mtesselh@gmail.com>
-Mario Loriedo <mario.loriedo@gmail.com>
-Marius Gundersen <me@mariusgundersen.net>
-Marius Sturm <marius@graylog.com>
-Marius Voila <marius.voila@gmail.com>
-Mark Allen <mrallen1@yahoo.com>
-Mark Feit <mfeit@internet2.edu>
-Mark Jeromin <mark.jeromin@sysfrog.net>
-Mark McGranaghan <mmcgrana@gmail.com>
-Mark McKinstry <mmckinst@umich.edu>
-Mark Milstein <mark@epiloque.com>
-Mark Oates <fl0yd@me.com>
-Mark Parker <godefroi@users.noreply.github.com>
-Mark Vainomaa <mikroskeem@mikroskeem.eu>
-Mark West <markewest@gmail.com>
-Markan Patel <mpatel678@gmail.com>
-Marko Mikulicic <mmikulicic@gmail.com>
-Marko Tibold <marko@tibold.nl>
-Markus Fix <lispmeister@gmail.com>
-Markus Kortlang <hyp3rdino@googlemail.com>
-Martijn Dwars <ikben@martijndwars.nl>
-Martijn van Oosterhout <kleptog@svana.org>
-Martin Braun <braun@neuroforge.de>
-Martin Dojcak <martin.dojcak@lablabs.io>
-Martin Honermeyer <maze@strahlungsfrei.de>
-Martin Jirku <martin@jirku.sk>
-Martin Kelly <martin@surround.io>
-Martin Mosegaard Amdisen <martin.amdisen@praqma.com>
-Martin Muzatko <martin@happy-css.com>
-Martin Redmond <redmond.martin@gmail.com>
-Maru Newby <mnewby@thesprawl.net>
-Mary Anthony <mary.anthony@docker.com>
-Masahito Zembutsu <zembutsu@users.noreply.github.com>
-Masato Ohba <over.rye@gmail.com>
-Masayuki Morita <minamijoyo@gmail.com>
-Mason Malone <mason.malone@gmail.com>
-Mateusz Sulima <sulima.mateusz@gmail.com>
-Mathias Monnerville <mathias@monnerville.com>
-Mathieu Champlon <mathieu.champlon@docker.com>
-Mathieu Le Marec - Pasquet <kiorky@cryptelium.net>
-Mathieu Parent <math.parent@gmail.com>
-Mathieu Paturel <mathieu.paturel@gmail.com>
-Matt Apperson <me@mattapperson.com>
-Matt Bachmann <bachmann.matt@gmail.com>
-Matt Bajor <matt@notevenremotelydorky.com>
-Matt Bentley <matt.bentley@docker.com>
-Matt Haggard <haggardii@gmail.com>
-Matt Hoyle <matt@deployable.co>
-Matt McCormick <matt.mccormick@kitware.com>
-Matt Moore <mattmoor@google.com>
-Matt Morrison <3maven@gmail.com>
-Matt Richardson <matt@redgumtech.com.au>
-Matt Rickard <mrick@google.com>
-Matt Robenolt <matt@ydekproductions.com>
-Matt Schurenko <matt.schurenko@gmail.com>
-Matt Williams <mattyw@me.com>
-Matthew Heon <mheon@redhat.com>
-Matthew Lapworth <matthewl@bit-shift.net>
-Matthew Mayer <matthewkmayer@gmail.com>
-Matthew Mosesohn <raytrac3r@gmail.com>
-Matthew Mueller <mattmuelle@gmail.com>
-Matthew Riley <mattdr@google.com>
-Matthias Klumpp <matthias@tenstral.net>
-Matthias Kühnle <git.nivoc@neverbox.com>
-Matthias Rampke <mr@soundcloud.com>
-Matthieu Fronton <m@tthieu.fr>
-Matthieu Hauglustaine <matt.hauglustaine@gmail.com>
-Matthieu MOREL <matthieu.morel35@gmail.com>
-Mattias Jernberg <nostrad@gmail.com>
-Mauricio Garavaglia <mauricio@medallia.com>
-mauriyouth <mauriyouth@gmail.com>
-Max Harmathy <max.harmathy@web.de>
-Max Shytikov <mshytikov@gmail.com>
-Max Timchenko <maxvt@pagerduty.com>
-Maxim Fedchyshyn <sevmax@gmail.com>
-Maxim Ivanov <ivanov.maxim@gmail.com>
-Maxim Kulkin <mkulkin@mirantis.com>
-Maxim Treskin <zerthurd@gmail.com>
-Maxime Petazzoni <max@signalfuse.com>
-Maximiliano Maccanti <maccanti@amazon.com>
-Maxwell <csuhp007@gmail.com>
-Meaglith Ma <genedna@gmail.com>
-meejah <meejah@meejah.ca>
-Megan Kostick <mkostick@us.ibm.com>
-Mehul Kar <mehul.kar@gmail.com>
-Mei ChunTao <mei.chuntao@zte.com.cn>
-Mengdi Gao <usrgdd@gmail.com>
-Menghui Chen <menghui.chen@alibaba-inc.com>
-Mert Yazıcıoğlu <merty@users.noreply.github.com>
-mgniu <mgniu@dataman-inc.com>
-Micah Zoltu <micah@newrelic.com>
-Michael A. Smith <michael@smith-li.com>
-Michael Beskin <mrbeskin@gmail.com>
-Michael Bridgen <mikeb@squaremobius.net>
-Michael Brown <michael@netdirect.ca>
-Michael Chiang <mchiang@docker.com>
-Michael Crosby <crosbymichael@gmail.com>
-Michael Currie <mcurrie@bruceforceresearch.com>
-Michael Friis <friism@gmail.com>
-Michael Gorsuch <gorsuch@github.com>
-Michael Grauer <michael.grauer@kitware.com>
-Michael Holzheu <holzheu@linux.vnet.ibm.com>
-Michael Hudson-Doyle <michael.hudson@canonical.com>
-Michael Huettermann <michael@huettermann.net>
-Michael Irwin <mikesir87@gmail.com>
-Michael Kebe <michael.kebe@hkm.de>
-Michael Kuehn <micha@kuehn.io>
-Michael Käufl <docker@c.michael-kaeufl.de>
-Michael Neale <michael.neale@gmail.com>
-Michael Nussbaum <michael.nussbaum@getbraintree.com>
-Michael Prokop <github@michael-prokop.at>
-Michael Scharf <github@scharf.gr>
-Michael Spetsiotis <michael_spets@hotmail.com>
-Michael Stapelberg <michael+gh@stapelberg.de>
-Michael Steinert <mike.steinert@gmail.com>
-Michael Thies <michaelthies78@gmail.com>
-Michael Weidmann <michaelweidmann@web.de>
-Michael West <mwest@mdsol.com>
-Michael Zhao <michael.zhao@arm.com>
-Michal Fojtik <mfojtik@redhat.com>
-Michal Gebauer <mishak@mishak.net>
-Michal Jemala <michal.jemala@gmail.com>
-Michal Kostrzewa <michal.kostrzewa@codilime.com>
-Michal Minář <miminar@redhat.com>
-Michal Rostecki <mrostecki@opensuse.org>
-Michal Wieczorek <wieczorek-michal@wp.pl>
-Michaël Pailloncy <mpapo.dev@gmail.com>
-Michał Czeraszkiewicz <czerasz@gmail.com>
-Michał Gryko <github@odkurzacz.org>
-Michał Kosek <mihao@users.noreply.github.com>
-Michiel de Jong <michiel@unhosted.org>
-Mickaël Fortunato <morsi.morsicus@gmail.com>
-Mickaël Remars <mickael@remars.com>
-Miguel Angel Fernández <elmendalerenda@gmail.com>
-Miguel Morales <mimoralea@gmail.com>
-Miguel Perez <miguel@voyat.com>
-Mihai Borobocea <MihaiBorob@gmail.com>
-Mihuleacc Sergiu <mihuleac.sergiu@gmail.com>
-Mikael Davranche <mikael.davranche@corp.ovh.com>
-Mike Brown <brownwm@us.ibm.com>
-Mike Bush <mpbush@gmail.com>
-Mike Casas <mkcsas0@gmail.com>
-Mike Chelen <michael.chelen@gmail.com>
-Mike Danese <mikedanese@google.com>
-Mike Dillon <mike@embody.org>
-Mike Dougherty <mike.dougherty@docker.com>
-Mike Estes <mike.estes@logos.com>
-Mike Gaffney <mike@uberu.com>
-Mike Goelzer <mike.goelzer@docker.com>
-Mike Leone <mleone896@gmail.com>
-Mike Lundy <mike@fluffypenguin.org>
-Mike MacCana <mike.maccana@gmail.com>
-Mike Naberezny <mike@naberezny.com>
-Mike Snitzer <snitzer@redhat.com>
-Mike Sul <mike.sul@foundries.io>
-mikelinjie <294893458@qq.com>
-Mikhail Sobolev <mss@mawhrin.net>
-Miklos Szegedi <miklos.szegedi@cloudera.com>
-Milas Bowman <devnull@milas.dev>
-Milind Chawre <milindchawre@gmail.com>
-Miloslav Trmač <mitr@redhat.com>
-mingqing <limingqing@cyou-inc.com>
-Mingzhen Feng <fmzhen@zju.edu.cn>
-Misty Stanley-Jones <misty@docker.com>
-Mitch Capper <mitch.capper@gmail.com>
-Mizuki Urushida <z11111001011@gmail.com>
-mlarcher <github@ringabell.org>
-Mohammad Banikazemi <MBanikazemi@gmail.com>
-Mohammad Nasirifar <farnasirim@gmail.com>
-Mohammed Aaqib Ansari <maaquib@gmail.com>
-Mohd Sadiq <mohdsadiq058@gmail.com>
-Mohit Soni <mosoni@ebay.com>
-Moorthy RS <rsmoorthy@gmail.com>
-Morgan Bauer <mbauer@us.ibm.com>
-Morgante Pell <morgante.pell@morgante.net>
-Morgy93 <thomas@ulfertsprygoda.de>
-Morten Siebuhr <sbhr@sbhr.dk>
-Morton Fox <github@qslw.com>
-Moysés Borges <moysesb@gmail.com>
-mrfly <mr.wrfly@gmail.com>
-Mrunal Patel <mrunalp@gmail.com>
-Muayyad Alsadi <alsadi@gmail.com>
-Muhammad Zohaib Aslam <zohaibse011@gmail.com>
-Mustafa Akın <mustafa91@gmail.com>
-Muthukumar R <muthur@gmail.com>
-Myeongjoon Kim <kimmj8409@gmail.com>
-Máximo Cuadros <mcuadros@gmail.com>
-Médi-Rémi Hashim <medimatrix@users.noreply.github.com>
-Nace Oroz <orkica@gmail.com>
-Nahum Shalman <nshalman@omniti.com>
-Nakul Pathak <nakulpathak3@hotmail.com>
-Nalin Dahyabhai <nalin@redhat.com>
-Nan Monnand Deng <monnand@gmail.com>
-Naoki Orii <norii@cs.cmu.edu>
-Natalie Parker <nparker@omnifone.com>
-Natanael Copa <natanael.copa@docker.com>
-Natasha Jarus <linuxmercedes@gmail.com>
-Nate Brennand <nate.brennand@clever.com>
-Nate Eagleson <nate@nateeag.com>
-Nate Jones <nate@endot.org>
-Nathan Baulch <nathan.baulch@gmail.com>
-Nathan Carlson <carl4403@umn.edu>
-Nathan Herald <me@nathanherald.com>
-Nathan Hsieh <hsieh.nathan@gmail.com>
-Nathan Kleyn <nathan@nathankleyn.com>
-Nathan LeClaire <nathan.leclaire@docker.com>
-Nathan McCauley <nathan.mccauley@docker.com>
-Nathan Williams <nathan@teamtreehouse.com>
-Naveed Jamil <naveed.jamil@tenpearls.com>
-Neal McBurnett <neal@mcburnett.org>
-Neil Horman <nhorman@tuxdriver.com>
-Neil Peterson <neilpeterson@outlook.com>
-Nelson Chen <crazysim@gmail.com>
-Neyazul Haque <nuhaque@gmail.com>
-Nghia Tran <nghia@google.com>
-Niall O'Higgins <niallo@unworkable.org>
-Nicholas E. Rabenau <nerab@gmx.at>
-Nick Adcock <nick.adcock@docker.com>
-Nick DeCoursin <n.decoursin@foodpanda.com>
-Nick Irvine <nfirvine@nfirvine.com>
-Nick Neisen <nwneisen@gmail.com>
-Nick Parker <nikaios@gmail.com>
-Nick Payne <nick@kurai.co.uk>
-Nick Russo <nicholasjamesrusso@gmail.com>
-Nick Santos <nick.santos@docker.com>
-Nick Stenning <nick.stenning@digital.cabinet-office.gov.uk>
-Nick Stinemates <nick@stinemates.org>
-Nick Wood <nwood@microsoft.com>
-NickrenREN <yuquan.ren@easystack.cn>
-Nicola Kabar <nicolaka@gmail.com>
-Nicolas Borboën <ponsfrilus@gmail.com>
-Nicolas De Loof <nicolas.deloof@gmail.com>
-Nicolas Dudebout <nicolas.dudebout@gatech.edu>
-Nicolas Goy <kuon@goyman.com>
-Nicolas Kaiser <nikai@nikai.net>
-Nicolas Sterchele <sterchele.nicolas@gmail.com>
-Nicolas V Castet <nvcastet@us.ibm.com>
-Nicolás Hock Isaza <nhocki@gmail.com>
-Niel Drummond <niel@drummond.lu>
-Nigel Poulton <nigelpoulton@hotmail.com>
-Nik Nyby <nikolas@gnu.org>
-Nikhil Chawla <chawlanikhil24@gmail.com>
-NikolaMandic <mn080202@gmail.com>
-Nikolas Garofil <nikolas.garofil@uantwerpen.be>
-Nikolay Edigaryev <edigaryev@gmail.com>
-Nikolay Milovanov <nmil@itransformers.net>
-ningmingxiao <ning.mingxiao@zte.com.cn>
-Nirmal Mehta <nirmalkmehta@gmail.com>
-Nishant Totla <nishanttotla@gmail.com>
-NIWA Hideyuki <niwa.niwa@nifty.ne.jp>
-Noah Meyerhans <nmeyerha@amazon.com>
-Noah Treuhaft <noah.treuhaft@docker.com>
-NobodyOnSE <ich@sektor.selfip.com>
-noducks <onemannoducks@gmail.com>
-Nolan Darilek <nolan@thewordnerd.info>
-Nolan Miles <nolanpmiles@gmail.com>
-Noriki Nakamura <noriki.nakamura@miraclelinux.com>
-nponeccop <andy.melnikov@gmail.com>
-Nurahmadie <nurahmadie@gmail.com>
-Nuutti Kotivuori <naked@iki.fi>
-nzwsch <hi@nzwsch.com>
-O.S. Tezer <ostezer@gmail.com>
-objectified <objectified@gmail.com>
-Octol1ttle <l1ttleofficial@outlook.com>
-Odin Ugedal <odin@ugedal.com>
-Oguz Bilgic <fisyonet@gmail.com>
-Oh Jinkyun <tintypemolly@gmail.com>
-Ohad Schneider <ohadschn@users.noreply.github.com>
-ohmystack <jun.jiang02@ele.me>
-Ole Reifschneider <mail@ole-reifschneider.de>
-Oliver Neal <ItsVeryWindy@users.noreply.github.com>
-Oliver Reason <oli@overrateddev.co>
-Olivier Gambier <dmp42@users.noreply.github.com>
-Olle Jonsson <olle.jonsson@gmail.com>
-Olli Janatuinen <olli.janatuinen@gmail.com>
-Olly Pomeroy <oppomeroy@gmail.com>
-Omri Shiv <Omri.Shiv@teradata.com>
-Onur Filiz <onur.filiz@microsoft.com>
-Oriol Francès <oriolfa@gmail.com>
-Oscar Bonilla <6f6231@gmail.com>
-oscar.chen <2972789494@qq.com>
-Oskar Niburski <oskarniburski@gmail.com>
-Otto Kekäläinen <otto@seravo.fi>
-Ouyang Liduo <oyld0210@163.com>
-Ovidio Mallo <ovidio.mallo@gmail.com>
-Panagiotis Moustafellos <pmoust@elastic.co>
-Paolo G. Giarrusso <p.giarrusso@gmail.com>
-Pascal <pascalgn@users.noreply.github.com>
-Pascal Bach <pascal.bach@siemens.com>
-Pascal Borreli <pascal@borreli.com>
-Pascal Hartig <phartig@rdrei.net>
-Patrick Böänziger <patrick.baenziger@bsi-software.com>
-Patrick Devine <patrick.devine@docker.com>
-Patrick Haas <patrickhaas@google.com>
-Patrick Hemmer <patrick.hemmer@gmail.com>
-Patrick St. laurent <patrick@saint-laurent.us>
-Patrick Stapleton <github@gdi2290.com>
-Patrik Cyvoct <patrik@ptrk.io>
-Patrik Leifert <patrikleifert@hotmail.com>
-pattichen <craftsbear@gmail.com>
-Paul "TBBle" Hampson <Paul.Hampson@Pobox.com>
-Paul <paul9869@gmail.com>
-paul <paul@inkling.com>
-Paul Annesley <paul@annesley.cc>
-Paul Bellamy <paul.a.bellamy@gmail.com>
-Paul Bowsher <pbowsher@globalpersonals.co.uk>
-Paul Furtado <pfurtado@hubspot.com>
-Paul Hammond <paul@paulhammond.org>
-Paul Jimenez <pj@place.org>
-Paul Kehrer <paul.l.kehrer@gmail.com>
-Paul Lietar <paul@lietar.net>
-Paul Liljenberg <liljenberg.paul@gmail.com>
-Paul Morie <pmorie@gmail.com>
-Paul Nasrat <pnasrat@gmail.com>
-Paul Seiffert <paul.seiffert@jimdo.com>
-Paul Weaver <pauweave@cisco.com>
-Paulo Gomes <pjbgf@linux.com>
-Paulo Ribeiro <paigr.io@gmail.com>
-Pavel Lobashov <ShockwaveNN@gmail.com>
-Pavel Matěja <pavel@verotel.cz>
-Pavel Pletenev <cpp.create@gmail.com>
-Pavel Pospisil <pospispa@gmail.com>
-Pavel Sutyrin <pavel.sutyrin@gmail.com>
-Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
-Pavlos Ratis <dastergon@gentoo.org>
-Pavol Vargovcik <pallly.vargovcik@gmail.com>
-Pawel Konczalski <mail@konczalski.de>
-Paweł Gronowski <pawel.gronowski@docker.com>
-payall4u <payall4u@qq.com>
-Peeyush Gupta <gpeeyush@linux.vnet.ibm.com>
-Peggy Li <peggyli.224@gmail.com>
-Pei Su <sillyousu@gmail.com>
-Peng Tao <bergwolf@gmail.com>
-Penghan Wang <ph.wang@daocloud.io>
-Per Weijnitz <per.weijnitz@gmail.com>
-perhapszzy@sina.com <perhapszzy@sina.com>
-Pete Woods <pete.woods@circleci.com>
-Peter Bourgon <peter@bourgon.org>
-Peter Braden <peterbraden@peterbraden.co.uk>
-Peter Bücker <peter.buecker@pressrelations.de>
-Peter Choi <phkchoi89@gmail.com>
-Peter Dave Hello <hsu@peterdavehello.org>
-Peter Edge <peter.edge@gmail.com>
-Peter Ericson <pdericson@gmail.com>
-Peter Esbensen <pkesbensen@gmail.com>
-Peter Jaffe <pjaffe@nevo.com>
-Peter Kang <peter@spell.run>
-Peter Malmgren <ptmalmgren@gmail.com>
-Peter Salvatore <peter@psftw.com>
-Peter Volpe <petervo@redhat.com>
-Peter Waller <p@pwaller.net>
-Petr Švihlík <svihlik.petr@gmail.com>
-Petros Angelatos <petrosagg@gmail.com>
-Phil <underscorephil@gmail.com>
-Phil Estes <estesp@gmail.com>
-Phil Sphicas <phil.sphicas@att.com>
-Phil Spitler <pspitler@gmail.com>
-Philip Alexander Etling <paetling@gmail.com>
-Philip K. Warren <pkwarren@gmail.com>
-Philip Monroe <phil@philmonroe.com>
-Philipp Fruck <dev@p-fruck.de>
-Philipp Gillé <philipp.gille@gmail.com>
-Philipp Wahala <philipp.wahala@gmail.com>
-Philipp Weissensteiner <mail@philippweissensteiner.com>
-Phillip Alexander <git@phillipalexander.io>
-phineas <phin@phineas.io>
-pidster <pid@pidster.com>
-Piergiuliano Bossi <pgbossi@gmail.com>
-Pierre <py@poujade.org>
-Pierre Carrier <pierre@meteor.com>
-Pierre Dal-Pra <dalpra.pierre@gmail.com>
-Pierre Wacrenier <pierre.wacrenier@gmail.com>
-Pierre-Alain RIVIERE <pariviere@ippon.fr>
-pinglanlu <pinglanlu@outlook.com>
-Piotr Bogdan <ppbogdan@gmail.com>
-Piotr Karbowski <piotr.karbowski@protonmail.ch>
-Porjo <porjo38@yahoo.com.au>
-Poul Kjeldager Sørensen <pks@s-innovations.net>
-Pradeep Chhetri <pradeep@indix.com>
-Pradip Dhara <pradipd@microsoft.com>
-Pradipta Kr. Banerjee <bpradip@in.ibm.com>
-Prasanna Gautam <prasannagautam@gmail.com>
-Pratik Karki <prertik@outlook.com>
-Prayag Verma <prayag.verma@gmail.com>
-Priya Wadhwa <priyawadhwa@google.com>
-Projjol Banerji <probaner23@gmail.com>
-Przemek Hejman <przemyslaw.hejman@gmail.com>
-Puneet Pruthi <puneet.pruthi@oracle.com>
-Pure White <daniel48@126.com>
-pysqz <randomq@126.com>
-Qiang Huang <h.huangqiang@huawei.com>
-Qin TianHuan <tianhuan@bingotree.cn>
-Qinglan Peng <qinglanpeng@zju.edu.cn>
-Quan Tian <tianquan@cloudin.cn>
-qudongfang <qudongfang@gmail.com>
-Quentin Brossard <qbrossard@gmail.com>
-Quentin Perez <qperez@ocs.online.net>
-Quentin Tayssier <qtayssier@gmail.com>
-r0n22 <cameron.regan@gmail.com>
-Rachit Sharma <rachitsharma613@gmail.com>
-Radostin Stoyanov <rstoyanov1@gmail.com>
-Rafael Fernández López <ereslibre@ereslibre.es>
-Rafal Jeczalik <rjeczalik@gmail.com>
-Rafe Colton <rafael.colton@gmail.com>
-Raghavendra K T <raghavendra.kt@linux.vnet.ibm.com>
-Raghuram Devarakonda <draghuram@gmail.com>
-Raja Sami <raja.sami@tenpearls.com>
-Rajat Pandit <rp@rajatpandit.com>
-Rajdeep Dua <dua_rajdeep@yahoo.com>
-Ralf Sippl <ralf.sippl@gmail.com>
-Ralle <spam@rasmusa.net>
-Ralph Bean <rbean@redhat.com>
-Ramkumar Ramachandra <artagnon@gmail.com>
-Ramon Brooker <rbrooker@aetherealmind.com>
-Ramon van Alteren <ramon@vanalteren.nl>
-RaviTeja Pothana <ravi-teja@live.com>
-Ray Tsang <rayt@google.com>
-ReadmeCritic <frankensteinbot@gmail.com>
-realityone <realityone@me.com>
-Recursive Madman <recursive.madman@gmx.de>
-Reficul <xuzhenglun@gmail.com>
-Regan McCooey <rmccooey27@aol.com>
-Remi Rampin <remirampin@gmail.com>
-Remy Suen <remy.suen@gmail.com>
-Renato Riccieri Santos Zannon <renato.riccieri@gmail.com>
-Renaud Gaubert <rgaubert@nvidia.com>
-Rhys Hiltner <rhys@twitch.tv>
-Ri Xu <xuri.me@gmail.com>
-Ricardo N Feliciano <FelicianoTech@gmail.com>
-Rich Horwood <rjhorwood@apple.com>
-Rich Moyse <rich@moyse.us>
-Rich Seymour <rseymour@gmail.com>
-Richard Burnison <rburnison@ebay.com>
-Richard Hansen <rhansen@rhansen.org>
-Richard Harvey <richard@squarecows.com>
-Richard Mathie <richard.mathie@amey.co.uk>
-Richard Metzler <richard@paadee.com>
-Richard Scothern <richard.scothern@gmail.com>
-Richo Healey <richo@psych0tik.net>
-Rick Bradley <rick@users.noreply.github.com>
-Rick van de Loo <rickvandeloo@gmail.com>
-Rick Wieman <git@rickw.nl>
-Rik Nijessen <rik@keefo.nl>
-Riku Voipio <riku.voipio@linaro.org>
-Riley Guerin <rileytg.dev@gmail.com>
-Ritesh H Shukla <sritesh@vmware.com>
-Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
-Rob Cowsill <42620235+rcowsill@users.noreply.github.com>
-Rob Gulewich <rgulewich@netflix.com>
-Rob Murray <rob.murray@docker.com>
-Rob Vesse <rvesse@dotnetrdf.org>
-Robert Bachmann <rb@robertbachmann.at>
-Robert Bittle <guywithnose@gmail.com>
-Robert Obryk <robryk@gmail.com>
-Robert Schneider <mail@shakeme.info>
-Robert Shade <robert.shade@gmail.com>
-Robert Stern <lexandro2000@gmail.com>
-Robert Sturla <robertsturla@outlook.com>
-Robert Terhaar <rterhaar@atlanticdynamic.com>
-Robert Wallis <smilingrob@gmail.com>
-Robert Wang <robert@arctic.tw>
-Roberto G. Hashioka <roberto.hashioka@docker.com>
-Roberto Muñoz Fernández <robertomf@gmail.com>
-Robin Naundorf <r.naundorf@fh-muenster.de>
-Robin Schneider <ypid@riseup.net>
-Robin Speekenbrink <robin@kingsquare.nl>
-Robin Thoni <robin@rthoni.com>
-robpc <rpcann@gmail.com>
-Rodolfo Carvalho <rhcarvalho@gmail.com>
-Rodrigo Campos <rodrigoca@microsoft.com>
-Rodrigo Vaz <rodrigo.vaz@gmail.com>
-Roel Van Nyen <roel.vannyen@gmail.com>
-Roger Peppe <rogpeppe@gmail.com>
-Rohit Jnagal <jnagal@google.com>
-Rohit Kadam <rohit.d.kadam@gmail.com>
-Rohit Kapur <rkapur@flatiron.com>
-Rojin George <rojingeorge@huawei.com>
-Roland Huß <roland@jolokia.org>
-Roland Kammerer <roland.kammerer@linbit.com>
-Roland Moriz <rmoriz@users.noreply.github.com>
-Roma Sokolov <sokolov.r.v@gmail.com>
-Roman Dudin <katrmr@gmail.com>
-Roman Mazur <roman@balena.io>
-Roman Strashkin <roman.strashkin@gmail.com>
-Roman Volosatovs <roman.volosatovs@docker.com>
-Roman Zabaluev <gpg@haarolean.dev>
-Ron Smits <ron.smits@gmail.com>
-Ron Williams <ron.a.williams@gmail.com>
-Rong Gao <gaoronggood@163.com>
-Rong Zhang <rongzhang@alauda.io>
-Rongxiang Song <tinysong1226@gmail.com>
-Rony Weng <ronyweng@synology.com>
-root <docker-dummy@example.com>
-root <root@lxdebmas.marist.edu>
-root <root@ubuntu-14.04-amd64-vbox>
-root <root@webm215.cluster016.ha.ovh.net>
-Rory Hunter <roryhunter2@gmail.com>
-Rory McCune <raesene@gmail.com>
-Ross Boucher <rboucher@gmail.com>
-Rovanion Luckey <rovanion.luckey@gmail.com>
-Roy Reznik <roy@wiz.io>
-Royce Remer <royceremer@gmail.com>
-Rozhnov Alexandr <nox73@ya.ru>
-Rudolph Gottesheim <r.gottesheim@loot.at>
-Rui Cao <ruicao@alauda.io>
-Rui JingAn <quiterace@gmail.com>
-Rui Lopes <rgl@ruilopes.com>
-Ruilin Li <liruilin4@huawei.com>
-Runshen Zhu <runshen.zhu@gmail.com>
-Russ Magee <rmagee@gmail.com>
-Ryan Abrams <rdabrams@gmail.com>
-Ryan Anderson <anderson.ryanc@gmail.com>
-Ryan Aslett <github@mixologic.com>
-Ryan Barry <rbarry@mirantis.com>
-Ryan Belgrave <rmb1993@gmail.com>
-Ryan Campbell <campbellr@gmail.com>
-Ryan Detzel <ryan.detzel@gmail.com>
-Ryan Fowler <rwfowler@gmail.com>
-Ryan Liu <ryanlyy@me.com>
-Ryan McLaughlin <rmclaughlin@insidesales.com>
-Ryan O'Donnell <odonnellryanc@gmail.com>
-Ryan Seto <ryanseto@yak.net>
-Ryan Shea <sheabot03@gmail.com>
-Ryan Simmen <ryan.simmen@gmail.com>
-Ryan Stelly <ryan.stelly@live.com>
-Ryan Thomas <rthomas@atlassian.com>
-Ryan Trauntvein <rtrauntvein@novacoast.com>
-Ryan Wallner <ryan.wallner@clusterhq.com>
-Ryan Zhang <ryan.zhang@docker.com>
-ryancooper7 <ryan.cooper7@gmail.com>
-RyanDeng <sheldon.d1018@gmail.com>
-Ryo Nakao <nakabonne@gmail.com>
-Ryoga Saito <contact@proelbtn.com>
-Régis Behmo <regis@behmo.com>
-Rémy Greinhofer <remy.greinhofer@livelovely.com>
-s. rannou <mxs@sbrk.org>
-Sabin Basyal <sabin.basyal@gmail.com>
-Sachin Joshi <sachin_jayant_joshi@hotmail.com>
-Sagar Hani <sagarhani33@gmail.com>
-Sainath Grandhi <sainath.grandhi@intel.com>
-Sakeven Jiang <jc5930@sina.cn>
-Salahuddin Khan <salah@docker.com>
-Sally O'Malley <somalley@redhat.com>
-Sam Abed <sam.abed@gmail.com>
-Sam Alba <sam.alba@gmail.com>
-Sam Bailey <cyprix@cyprix.com.au>
-Sam J Sharpe <sam.sharpe@digital.cabinet-office.gov.uk>
-Sam Neirinck <sam@samneirinck.com>
-Sam Reis <sreis@atlassian.com>
-Sam Rijs <srijs@airpost.net>
-Sam Thibault <sam.thibault@docker.com>
-Sam Whited <sam@samwhited.com>
-Sambuddha Basu <sambuddhabasu1@gmail.com>
-Sami Wagiaalla <swagiaal@redhat.com>
-Samuel Andaya <samuel@andaya.net>
-Samuel Dion-Girardeau <samuel.diongirardeau@gmail.com>
-Samuel Karp <me@samuelkarp.com>
-Samuel PHAN <samuel-phan@users.noreply.github.com>
-sanchayanghosh <sanchayanghosh@outlook.com>
-Sandeep Bansal <sabansal@microsoft.com>
-Sankar சங்கர் <sankar.curiosity@gmail.com>
-Sanket Saurav <sanketsaurav@gmail.com>
-Santhosh Manohar <santhosh@docker.com>
-sapphiredev <se.imas.kr@gmail.com>
-Sargun Dhillon <sargun@netflix.com>
-Sascha Andres <sascha.andres@outlook.com>
-Sascha Grunert <sgrunert@suse.com>
-SataQiu <qiushida@beyondcent.com>
-Satnam Singh <satnam@raintown.org>
-Satoshi Amemiya <satoshi_amemiya@voyagegroup.com>
-Satoshi Tagomori <tagomoris@gmail.com>
-Scott Bessler <scottbessler@gmail.com>
-Scott Collier <emailscottcollier@gmail.com>
-Scott Johnston <scott@docker.com>
-Scott Moser <smoser@brickies.net>
-Scott Percival <scottp@lastyard.com>
-Scott Stamp <scottstamp851@gmail.com>
-Scott Walls <sawalls@umich.edu>
-sdreyesg <sdreyesg@gmail.com>
-Sean Christopherson <sean.j.christopherson@intel.com>
-Sean Cronin <seancron@gmail.com>
-Sean Lee <seanlee@tw.ibm.com>
-Sean McIntyre <s.mcintyre@xverba.ca>
-Sean OMeara <sean@chef.io>
-Sean P. Kane <skane@newrelic.com>
-Sean Rodman <srodman7689@gmail.com>
-Sebastiaan van Steenis <mail@superseb.nl>
-Sebastiaan van Stijn <github@gone.nl>
-Sebastian Höffner <sebastian.hoeffner@mevis.fraunhofer.de>
-Sebastian Radloff <sradloff23@gmail.com>
-Sebastian Thomschke <sebthom@users.noreply.github.com>
-Sebastien Goasguen <runseb@gmail.com>
-Senthil Kumar Selvaraj <senthil.thecoder@gmail.com>
-Senthil Kumaran <senthil@uthcode.com>
-SeongJae Park <sj38.park@gmail.com>
-Seongyeol Lim <seongyeol37@gmail.com>
-Serge Hallyn <serge.hallyn@ubuntu.com>
-Sergey Alekseev <sergey.alekseev.minsk@gmail.com>
-Sergey Evstifeev <sergey.evstifeev@gmail.com>
-Sergii Kabashniuk <skabashnyuk@codenvy.com>
-Sergio Lopez <slp@redhat.com>
-Serhat Gülçiçek <serhat25@gmail.com>
-Serhii Nakon <serhii.n@thescimus.com>
-SeungUkLee <lsy931106@gmail.com>
-Sevki Hasirci <s@sevki.org>
-Shane Canon <scanon@lbl.gov>
-Shane da Silva <shane@dasilva.io>
-Shaun Kaasten <shaunk@gmail.com>
-Shaun Thompson <shaun.thompson@docker.com>
-shaunol <shaunol@gmail.com>
-Shawn Landden <shawn@churchofgit.com>
-Shawn Siefkas <shawn.siefkas@meredith.com>
-shawnhe <shawnhe@shawnhedeMacBook-Pro.local>
-Shayan Pooya <shayan@liveve.org>
-Shayne Wang <shaynexwang@gmail.com>
-Shekhar Gulati <shekhargulati84@gmail.com>
-Sheng Yang <sheng@yasker.org>
-Shengbo Song <thomassong@tencent.com>
-Shengjing Zhu <zhsj@debian.org>
-Shev Yan <yandong_8212@163.com>
-Shih-Yuan Lee <fourdollars@gmail.com>
-Shihao Xia <charlesxsh@hotmail.com>
-Shijiang Wei <mountkin@gmail.com>
-Shijun Qin <qinshijun16@mails.ucas.ac.cn>
-Shishir Mahajan <shishir.mahajan@redhat.com>
-Shoubhik Bose <sbose78@gmail.com>
-Shourya Sarcar <shourya.sarcar@gmail.com>
-Shreenidhi Shedi <shreenidhi.shedi@broadcom.com>
-Shu-Wai Chow <shu-wai.chow@seattlechildrens.org>
-shuai-z <zs.broccoli@gmail.com>
-Shukui Yang <yangshukui@huawei.com>
-Sian Lerk Lau <kiawin@gmail.com>
-Siarhei Rasiukevich <s_rasiukevich@wargaming.net>
-Sidhartha Mani <sidharthamn@gmail.com>
-sidharthamani <sid@rancher.com>
-Silas Sewell <silas@sewell.org>
-Silvan Jegen <s.jegen@gmail.com>
-Simão Reis <smnrsti@gmail.com>
-Simon Barendse <simon.barendse@gmail.com>
-Simon Eskildsen <sirup@sirupsen.com>
-Simon Ferquel <simon.ferquel@docker.com>
-Simon Leinen <simon.leinen@gmail.com>
-Simon Menke <simon.menke@gmail.com>
-Simon Taranto <simon.taranto@gmail.com>
-Simon Vikstrom <pullreq@devsn.se>
-Sindhu S <sindhus@live.in>
-Sjoerd Langkemper <sjoerd-github@linuxonly.nl>
-skanehira <sho19921005@gmail.com>
-Smark Meng <smark@freecoop.net>
-Solganik Alexander <solganik@gmail.com>
-Solomon Hykes <solomon@docker.com>
-Song Gao <song@gao.io>
-Soshi Katsuta <soshi.katsuta@gmail.com>
-Sotiris Salloumis <sotiris.salloumis@gmail.com>
-Soulou <leo@unbekandt.eu>
-Spencer Brown <spencer@spencerbrown.org>
-Spencer Smith <robertspencersmith@gmail.com>
-Spike Curtis <spike.curtis@metaswitch.com>
-Sridatta Thatipamala <sthatipamala@gmail.com>
-Sridhar Ratnakumar <sridharr@activestate.com>
-Srini Brahmaroutu <srbrahma@us.ibm.com>
-Srinivasan Srivatsan <srinivasan.srivatsan@hpe.com>
-Staf Wagemakers <staf@wagemakers.be>
-Stanislav Bondarenko <stanislav.bondarenko@gmail.com>
-Stanislav Levin <slev@altlinux.org>
-Steeve Morin <steeve.morin@gmail.com>
-Stefan Berger <stefanb@linux.vnet.ibm.com>
-Stefan Gehrig <stefan.gehrig.hn@googlemail.com>
-Stefan J. Wernli <swernli@microsoft.com>
-Stefan Praszalowicz <stefan@greplin.com>
-Stefan S. <tronicum@user.github.com>
-Stefan Scherer <stefan.scherer@docker.com>
-Stefan Staudenmeyer <doerte@instana.com>
-Stefan Weil <sw@weilnetz.de>
-Steffen Butzer <steffen.butzer@outlook.com>
-Stephan Henningsen <stephan-henningsen@users.noreply.github.com>
-Stephan Spindler <shutefan@gmail.com>
-Stephen Benjamin <stephen@redhat.com>
-Stephen Crosby <stevecrozz@gmail.com>
-Stephen Day <stevvooe@gmail.com>
-Stephen Drake <stephen@xenolith.net>
-Stephen Rust <srust@blockbridge.com>
-Steve Desmond <steve@vtsv.ca>
-Steve Dougherty <steve@asksteved.com>
-Steve Durrheimer <s.durrheimer@gmail.com>
-Steve Francia <steve.francia@gmail.com>
-Steve Koch <stevekochscience@gmail.com>
-Steven Burgess <steven.a.burgess@hotmail.com>
-Steven Erenst <stevenerenst@gmail.com>
-Steven Hartland <steven.hartland@multiplay.co.uk>
-Steven Iveson <sjiveson@outlook.com>
-Steven Merrill <steven.merrill@gmail.com>
-Steven Richards <steven@axiomzen.co>
-Steven Taylor <steven.taylor@me.com>
-Stéphane Este-Gracias <sestegra@gmail.com>
-Stig Larsson <stig@larsson.dev>
-Su Wang <su.wang@docker.com>
-Subhajit Ghosh <isubuz.g@gmail.com>
-Sujith Haridasan <sujith.h@gmail.com>
-Sun Gengze <690388648@qq.com>
-Sun Jianbo <wonderflow.sun@gmail.com>
-Sune Keller <sune.keller@gmail.com>
-Sunny Gogoi <indiasuny000@gmail.com>
-Suryakumar Sudar <surya.trunks@gmail.com>
-Sven Dowideit <SvenDowideit@home.org.au>
-Swapnil Daingade <swapnil.daingade@gmail.com>
-Sylvain Baubeau <lebauce@gmail.com>
-Sylvain Bellemare <sylvain@ascribe.io>
-Sébastien <sebastien@yoozio.com>
-Sébastien HOUZÉ <cto@verylastroom.com>
-Sébastien Luttringer <seblu@seblu.net>
-Sébastien Stormacq <sebsto@users.noreply.github.com>
-Sören Tempel <soeren+git@soeren-tempel.net>
-Tabakhase <mail@tabakhase.com>
-Tadej Janež <tadej.j@nez.si>
-Tadeusz Dudkiewicz <tadeusz.dudkiewicz@rtbhouse.com>
-Takuto Sato <tockn.jp@gmail.com>
-tang0th <tang0th@gmx.com>
-Tangi Colin <tangicolin@gmail.com>
-Tatsuki Sugiura <sugi@nemui.org>
-Tatsushi Inagaki <e29253@jp.ibm.com>
-Taylan Isikdemir <taylani@google.com>
-Taylor Jones <monitorjbl@gmail.com>
-tcpdumppy <847462026@qq.com>
-Ted M. Young <tedyoung@gmail.com>
-Tehmasp Chaudhri <tehmasp@gmail.com>
-Tejaswini Duggaraju <naduggar@microsoft.com>
-Tejesh Mehta <tejesh.mehta@gmail.com>
-Terry Chu <zue.hterry@gmail.com>
-terryding77 <550147740@qq.com>
-Thatcher Peskens <thatcher@docker.com>
-theadactyl <thea.lamkin@gmail.com>
-Thell 'Bo' Fowler <thell@tbfowler.name>
-Thermionix <bond711@gmail.com>
-Thiago Alves Silva <thiago.alves@aurea.com>
-Thijs Terlouw <thijsterlouw@gmail.com>
-Thomas Bikeev <thomas.bikeev@mac.com>
-Thomas Frössman <thomasf@jossystem.se>
-Thomas Gazagnaire <thomas@gazagnaire.org>
-Thomas Graf <tgraf@suug.ch>
-Thomas Grainger <tagrain@gmail.com>
-Thomas Hansen <thomas.hansen@gmail.com>
-Thomas Ledos <thomas.ledos92@gmail.com>
-Thomas Leonard <thomas.leonard@docker.com>
-Thomas Léveil <thomasleveil@gmail.com>
-Thomas Orozco <thomas@orozco.fr>
-Thomas Riccardi <riccardi@systran.fr>
-Thomas Schroeter <thomas@cliqz.com>
-Thomas Sjögren <konstruktoid@users.noreply.github.com>
-Thomas Swift <tgs242@gmail.com>
-Thomas Tanaka <thomas.tanaka@oracle.com>
-Thomas Texier <sharkone@en-mousse.org>
-Ti Zhou <tizhou1986@gmail.com>
-Tiago Seabra <tlgs@users.noreply.github.com>
-Tianon Gravi <admwiggin@gmail.com>
-Tianyi Wang <capkurmagati@gmail.com>
-Tibor Vass <teabee89@gmail.com>
-Tiffany Jernigan <tiffany.f.j@gmail.com>
-Tiffany Low <tiffany@box.com>
-Till Claassen <pixelistik@users.noreply.github.com>
-Till Wegmüller <toasterson@gmail.com>
-Tim <elatllat@gmail.com>
-Tim Bart <tim@fewagainstmany.com>
-Tim Bosse <taim@bosboot.org>
-Tim Dettrick <t.dettrick@uq.edu.au>
-Tim Düsterhus <tim@bastelstu.be>
-Tim Hockin <thockin@google.com>
-Tim Potter <tpot@hpe.com>
-Tim Ruffles <oi@truffles.me.uk>
-Tim Smith <timbot@google.com>
-Tim Terhorst <mynamewastaken+git@gmail.com>
-Tim Wagner <tim.wagner@freenet.ag>
-Tim Wang <timwangdev@gmail.com>
-Tim Waugh <twaugh@redhat.com>
-Tim Wraight <tim.wraight@tangentlabs.co.uk>
-Tim Zju <21651152@zju.edu.cn>
-timchenxiaoyu <837829664@qq.com>
-timfeirg <kkcocogogo@gmail.com>
-Timo Rothenpieler <timo@rothenpieler.org>
-Timothy Hobbs <timothyhobbs@seznam.cz>
-tjwebb123 <tjwebb123@users.noreply.github.com>
-tobe <tobegit3hub@gmail.com>
-Tobias Bieniek <Tobias.Bieniek@gmx.de>
-Tobias Bradtke <webwurst@gmail.com>
-Tobias Gesellchen <tobias@gesellix.de>
-Tobias Klauser <tklauser@distanz.ch>
-Tobias Munk <schmunk@usrbin.de>
-Tobias Pfandzelter <tobias@pfandzelter.com>
-Tobias Schmidt <ts@soundcloud.com>
-Tobias Schwab <tobias.schwab@dynport.de>
-Todd Crane <todd@toddcrane.com>
-Todd Lunter <tlunter@gmail.com>
-Todd Whiteman <todd.whiteman@joyent.com>
-Toli Kuznets <toli@docker.com>
-Tom Barlow <tomwbarlow@gmail.com>
-Tom Booth <tombooth@gmail.com>
-Tom Denham <tom@tomdee.co.uk>
-Tom Fotherby <tom+github@peopleperhour.com>
-Tom Howe <tom.howe@enstratius.com>
-Tom Hulihan <hulihan.tom159@gmail.com>
-Tom Maaswinkel <tom.maaswinkel@12wiki.eu>
-Tom Parker <palfrey@tevp.net>
-Tom Sweeney <tsweeney@redhat.com>
-Tom Wilkie <tom.wilkie@gmail.com>
-Tom X. Tobin <tomxtobin@tomxtobin.com>
-Tom Zhao <zlwangel@gmail.com>
-Tomas Janousek <tomi@nomi.cz>
-Tomas Kral <tomas.kral@gmail.com>
-Tomas Tomecek <ttomecek@redhat.com>
-Tomasz Kopczynski <tomek@kopczynski.net.pl>
-Tomasz Lipinski <tlipinski@users.noreply.github.com>
-Tomasz Nurkiewicz <nurkiewicz@gmail.com>
-Tomek Mańko <tomek.manko@railgun-solutions.com>
-Tommaso Visconti <tommaso.visconti@gmail.com>
-Tomoya Tabuchi <t@tomoyat1.com>
-Tomáš Hrčka <thrcka@redhat.com>
-Tomáš Virtus <nechtom@gmail.com>
-tonic <tonicbupt@gmail.com>
-Tonny Xu <tonny.xu@gmail.com>
-Tony Abboud <tdabboud@hotmail.com>
-Tony Daws <tony@daws.ca>
-Tony Miller <mcfiredrill@gmail.com>
-toogley <toogley@mailbox.org>
-Torstein Husebø <torstein@huseboe.net>
-Toshiaki Makita <makita.toshiaki@lab.ntt.co.jp>
-Tõnis Tiigi <tonistiigi@gmail.com>
-Trace Andreason <tandreason@gmail.com>
-tracylihui <793912329@qq.com>
-Trapier Marshall <tmarshall@mirantis.com>
-Travis Cline <travis.cline@gmail.com>
-Travis Thieman <travis.thieman@gmail.com>
-Trent Ogren <tedwardo2@gmail.com>
-Trevor <trevinwoodstock@gmail.com>
-Trevor Pounds <trevor.pounds@gmail.com>
-Trevor Sullivan <pcgeek86@gmail.com>
-Trishna Guha <trishnaguha17@gmail.com>
-Tristan Carel <tristan@cogniteev.com>
-Troy Denton <trdenton@gmail.com>
-Tudor Brindus <me@tbrindus.ca>
-Ty Alexander <ty.alexander@sendgrid.com>
-Tycho Andersen <tycho@docker.com>
-Tyler Brock <tyler.brock@gmail.com>
-Tyler Brown <tylers.pile@gmail.com>
-Tzu-Jung Lee <roylee17@gmail.com>
-uhayate <uhayate.gong@daocloud.io>
-Ulysse Carion <ulyssecarion@gmail.com>
-Umesh Yadav <umesh4257@gmail.com>
-Utz Bacher <utz.bacher@de.ibm.com>
-vagrant <vagrant@ubuntu-14.04-amd64-vbox>
-Vaidas Jablonskis <jablonskis@gmail.com>
-Valentin Kulesh <valentin.kulesh@virtuozzo.com>
-vanderliang <lansheng@meili-inc.com>
-Velko Ivanov <vivanov@deeperplane.com>
-Veres Lajos <vlajos@gmail.com>
-Victor Algaze <valgaze@gmail.com>
-Victor Coisne <victor.coisne@dotcloud.com>
-Victor Costan <costan@gmail.com>
-Victor I. Wood <viw@t2am.com>
-Victor Lyuboslavsky <victor@victoreda.com>
-Victor Marmol <vmarmol@google.com>
-Victor Palma <palma.victor@gmail.com>
-Victor Toni <victor.toni@gmail.com>
-Victor Vieux <victor.vieux@docker.com>
-Victoria Bialas <victoria.bialas@docker.com>
-Vijaya Kumar K <vijayak@caviumnetworks.com>
-Vikas Choudhary <choudharyvikas16@gmail.com>
-Vikram bir Singh <vsingh@mirantis.com>
-Viktor Stanchev <me@viktorstanchev.com>
-Viktor Vojnovski <viktor.vojnovski@amadeus.com>
-VinayRaghavanKS <raghavan.vinay@gmail.com>
-Vincent Batts <vbatts@redhat.com>
-Vincent Bernat <vincent@bernat.ch>
-Vincent Boulineau <vincent.boulineau@datadoghq.com>
-Vincent Demeester <vincent.demeester@docker.com>
-Vincent Giersch <vincent.giersch@ovh.net>
-Vincent Mayers <vincent.mayers@inbloom.org>
-Vincent Woo <me@vincentwoo.com>
-Vinod Kulkarni <vinod.kulkarni@gmail.com>
-Vishal Doshi <vishal.doshi@gmail.com>
-Vishnu Kannan <vishnuk@google.com>
-Vitaly Ostrosablin <vostrosablin@virtuozzo.com>
-Vitor Anjos <bartier@users.noreply.github.com>
-Vitor Monteiro <vmrmonteiro@gmail.com>
-Vivek Agarwal <me@vivek.im>
-Vivek Dasgupta <vdasgupt@redhat.com>
-Vivek Goyal <vgoyal@redhat.com>
-Vladimir Bulyga <xx@ccxx.cc>
-Vladimir Kirillov <proger@wilab.org.ua>
-Vladimir Pouzanov <farcaller@google.com>
-Vladimir Rutsky <altsysrq@gmail.com>
-Vladimir Varankin <nek.narqo+git@gmail.com>
-VladimirAus <v_roudakov@yahoo.com>
-Vladislav Kolesnikov <vkolesnikov@beget.ru>
-Vlastimil Zeman <vlastimil.zeman@diffblue.com>
-Vojtech Vitek (V-Teq) <vvitek@redhat.com>
-voloder <110066198+voloder@users.noreply.github.com>
-Walter Leibbrandt <github@wrl.co.za>
-Walter Stanish <walter@pratyeka.org>
-Wang Chao <chao.wang@ucloud.cn>
-Wang Guoliang <liangcszzu@163.com>
-Wang Jie <wangjie5@chinaskycloud.com>
-Wang Long <long.wanglong@huawei.com>
-Wang Ping <present.wp@icloud.com>
-Wang Xing <hzwangxing@corp.netease.com>
-Wang Yuexiao <wang.yuexiao@zte.com.cn>
-Wang Yumu <37442693@qq.com>
-wanghuaiqing <wanghuaiqing@loongson.cn>
-Ward Vandewege <ward@jhvc.com>
-WarheadsSE <max@warheads.net>
-Wassim Dhif <wassimdhif@gmail.com>
-Wataru Ishida <ishida.wataru@lab.ntt.co.jp>
-Wayne Chang <wayne@neverfear.org>
-Wayne Song <wsong@docker.com>
-weebney <weebney@gmail.com>
-Weerasak Chongnguluam <singpor@gmail.com>
-Wei Fu <fuweid89@gmail.com>
-Wei Wu <wuwei4455@gmail.com>
-Wei-Ting Kuo <waitingkuo0527@gmail.com>
-weipeng <weipeng@tuscloud.io>
-weiyan <weiyan3@huawei.com>
-Weiyang Zhu <cnresonant@gmail.com>
-Wen Cheng Ma <wenchma@cn.ibm.com>
-Wendel Fleming <wfleming@usc.edu>
-Wenjun Tang <tangwj2@lenovo.com>
-Wenkai Yin <yinw@vmware.com>
-wenlxie <wenlxie@ebay.com>
-Wenxuan Zhao <viz@linux.com>
-Wenyu You <21551128@zju.edu.cn>
-Wenzhi Liang <wenzhi.liang@gmail.com>
-Wes Morgan <cap10morgan@gmail.com>
-Wesley Pettit <wppttt@amazon.com>
-Wewang Xiaorenfine <wang.xiaoren@zte.com.cn>
-Wiktor Kwapisiewicz <wiktor@metacode.biz>
-Will Dietz <w@wdtz.org>
-Will Rouesnel <w.rouesnel@gmail.com>
-Will Weaver <monkey@buildingbananas.com>
-willhf <willhf@gmail.com>
-William Delanoue <william.delanoue@gmail.com>
-William Henry <whenry@redhat.com>
-William Hubbs <w.d.hubbs@gmail.com>
-William Martin <wmartin@pivotal.io>
-William Riancho <wr.wllm@gmail.com>
-William Thurston <thurstw@amazon.com>
-Wilson Júnior <wilsonpjunior@gmail.com>
-Wing-Kam Wong <wingkwong.code@gmail.com>
-WiseTrem <shepelyov.g@gmail.com>
-Wolfgang Nagele <mail@wnagele.com>
-Wolfgang Powisch <powo@powo.priv.at>
-Wonjun Kim <wonjun.kim@navercorp.com>
-WuLonghui <wlh6666@qq.com>
-xamyzhao <x.amy.zhao@gmail.com>
-Xia Wu <xwumzn@amazon.com>
-Xian Chaobo <xianchaobo@huawei.com>
-Xianglin Gao <xlgao@zju.edu.cn>
-Xianjie <guxianjie@gmail.com>
-Xianlu Bird <xianlubird@gmail.com>
-Xiao YongBiao <xyb4638@gmail.com>
-Xiao Zhang <xiaozhang0210@hotmail.com>
-XiaoBing Jiang <s7v7nislands@gmail.com>
-Xiaodong Liu <liuxiaodong@loongson.cn>
-Xiaodong Zhang <a4012017@sina.com>
-Xiaohua Ding <xiao_hua_ding@sina.cn>
-Xiaoxi He <xxhe@alauda.io>
-Xiaoxu Chen <chenxiaoxu14@otcaix.iscas.ac.cn>
-Xiaoyu Zhang <zhang.xiaoyu33@zte.com.cn>
-xichengliudui <1693291525@qq.com>
-xiekeyang <xiekeyang@huawei.com>
-Ximo Guanter Gonzálbez <joaquin.guantergonzalbez@telefonica.com>
-xin.li <xin.li@daocloud.io>
-Xinbo Weng <xihuanbo_0521@zju.edu.cn>
-Xinfeng Liu <XinfengLiu@icloud.com>
-Xinzi Zhou <imdreamrunner@gmail.com>
-Xiuming Chen <cc@cxm.cc>
-Xuecong Liao <satorulogic@gmail.com>
-xuzhaokui <cynicholas@gmail.com>
-Yadnyawalkya Tale <ytale@redhat.com>
-Yahya <ya7yaz@gmail.com>
-yalpul <yalpul@gmail.com>
-YAMADA Tsuyoshi <tyamada@minimum2scp.org>
-Yamasaki Masahide <masahide.y@gmail.com>
-Yamazaki Masashi <masi19bw@gmail.com>
-Yan Feng <yanfeng2@huawei.com>
-Yan Zhu <yanzhu@alauda.io>
-Yang Bai <hamo.by@gmail.com>
-Yang Li <idealhack@gmail.com>
-Yang Pengfei <yangpengfei4@huawei.com>
-yangchenliang <yangchenliang@huawei.com>
-Yann Autissier <yann.autissier@gmail.com>
-Yanqiang Miao <miao.yanqiang@zte.com.cn>
-Yao Zaiyong <yaozaiyong@hotmail.com>
-Yash Murty <yashmurty@gmail.com>
-Yassine Tijani <yasstij11@gmail.com>
-Yasunori Mahata <nori@mahata.net>
-Yazhong Liu <yorkiefixer@gmail.com>
-Yestin Sun <sunyi0804@gmail.com>
-Yi EungJun <eungjun.yi@navercorp.com>
-Yibai Zhang <xm1994@gmail.com>
-Yihang Ho <hoyihang5@gmail.com>
-Ying Li <ying.li@docker.com>
-Yohei Ueda <yohei@jp.ibm.com>
-Yong Tang <yong.tang.github@outlook.com>
-Yongxin Li <yxli@alauda.io>
-Yongzhi Pan <panyongzhi@gmail.com>
-Yosef Fertel <yfertel@gmail.com>
-You-Sheng Yang (楊有勝) <vicamo@gmail.com>
-youcai <omegacoleman@gmail.com>
-Youcef YEKHLEF <yyekhlef@gmail.com>
-Youfu Zhang <zhangyoufu@gmail.com>
-YR Chen <stevapple@icloud.com>
-Yu Changchun <yuchangchun1@huawei.com>
-Yu Chengxia <yuchengxia@huawei.com>
-Yu Peng <yu.peng36@zte.com.cn>
-Yu-Ju Hong <yjhong@google.com>
-Yuan Sun <sunyuan3@huawei.com>
-Yuanhong Peng <pengyuanhong@huawei.com>
-Yue Zhang <zy675793960@yeah.net>
-Yufei Xiong <yufei.xiong@qq.com>
-Yuhao Fang <fangyuhao@gmail.com>
-Yuichiro Kaneko <spiketeika@gmail.com>
-YujiOshima <yuji.oshima0x3fd@gmail.com>
-Yunxiang Huang <hyxqshk@vip.qq.com>
-Yurii Rashkovskii <yrashk@gmail.com>
-Yusuf Tarık Günaydın <yusuf_tarik@hotmail.com>
-Yves Blusseau <90z7oey02@sneakemail.com>
-Yves Junqueira <yves.junqueira@gmail.com>
-Zac Dover <zdover@redhat.com>
-Zach Borboa <zachborboa@gmail.com>
-Zach Gershman <zachgersh@gmail.com>
-Zachary Jaffee <zjaffee@us.ibm.com>
-Zain Memon <zain@inzain.net>
-Zaiste! <oh@zaiste.net>
-Zane DeGraffenried <zane.deg@gmail.com>
-Zefan Li <lizefan@huawei.com>
-Zen Lin(Zhinan Lin) <linzhinan@huawei.com>
-Zhang Kun <zkazure@gmail.com>
-Zhang Wei <zhangwei555@huawei.com>
-Zhang Wentao <zhangwentao234@huawei.com>
-zhangguanzhang <zhangguanzhang@qq.com>
-ZhangHang <stevezhang2014@gmail.com>
-zhangxianwei <xianwei.zw@alibaba-inc.com>
-Zhenan Ye <21551168@zju.edu.cn>
-zhenghenghuo <zhenghenghuo@zju.edu.cn>
-Zhenhai Gao <gaozh1988@live.com>
-Zhenkun Bi <bi.zhenkun@zte.com.cn>
-ZhiPeng Lu <lu.zhipeng@zte.com.cn>
-zhipengzuo <zuozhipeng@baidu.com>
-Zhou Hao <zhouhao@cn.fujitsu.com>
-Zhoulin Xie <zhoulin.xie@daocloud.io>
-Zhu Guihua <zhugh.fnst@cn.fujitsu.com>
-Zhu Kunjia <zhu.kunjia@zte.com.cn>
-Zhuoyun Wei <wzyboy@wzyboy.org>
-Ziheng Liu <lzhfromustc@gmail.com>
-Zilin Du <zilin.du@gmail.com>
-zimbatm <zimbatm@zimbatm.com>
-Ziming Dong <bnudzm@foxmail.com>
-ZJUshuaizhou <21551191@zju.edu.cn>
-zmarouf <zeid.marouf@gmail.com>
-Zoltan Tombol <zoltan.tombol@gmail.com>
-Zou Yu <zouyu7@huawei.com>
-zqh <zqhxuyuan@gmail.com>
-Zuhayr Elahi <zuhayr.elahi@docker.com>
-Zunayed Ali <zunayed@gmail.com>
-Álvaro Lázaro <alvaro.lazaro.g@gmail.com>
-Átila Camurça Alves <camurca.home@gmail.com>
-吴小白 <296015668@qq.com>
-尹吉峰 <jifeng.yin@gmail.com>
-屈骏 <qujun@tiduyun.com>
-徐俊杰 <paco.xu@daocloud.io>
-慕陶 <jihui.xjh@alibaba-inc.com>
-搏通 <yufeng.pyf@alibaba-inc.com>
-黄艳红00139573 <huang.yanhong@zte.com.cn>
-정재영 <jjy600901@gmail.com>
diff --git a/vendor/github.com/docker/docker/NOTICE b/vendor/github.com/docker/docker/NOTICE
deleted file mode 100644
index 58b19b6d15..0000000000
--- a/vendor/github.com/docker/docker/NOTICE
+++ /dev/null
@@ -1,19 +0,0 @@
-Docker
-Copyright 2012-2017 Docker, Inc.
-
-This product includes software developed at Docker, Inc. (https://www.docker.com).
-
-This product contains software (https://github.com/creack/pty) developed
-by Keith Rarick, licensed under the MIT License.
-
-The following is courtesy of our legal counsel:
-
-
-Use and transfer of Docker may be subject to certain restrictions by the
-United States and other governments.
-It is your responsibility to ensure that your use and/or transfer does not
-violate applicable laws.
-
-For more information, please see https://www.bis.doc.gov
-
-See also https://www.apache.org/dev/crypto.html and/or seek legal counsel.
diff --git a/vendor/github.com/docker/docker/api/README.md b/vendor/github.com/docker/docker/api/README.md
deleted file mode 100644
index 381f19881f..0000000000
--- a/vendor/github.com/docker/docker/api/README.md
+++ /dev/null
@@ -1,42 +0,0 @@
-# Working on the Engine API
-
-The Engine API is an HTTP API used by the command-line client to communicate with the daemon. It can also be used by third-party software to control the daemon.
-
-It consists of various components in this repository:
-
-- `api/swagger.yaml` A Swagger definition of the API.
-- `api/types/` Types shared by both the client and server, representing various objects, options, responses, etc. Most are written manually, but some are automatically generated from the Swagger definition. See [#27919](https://github.com/docker/docker/issues/27919) for progress on this.
-- `cli/` The command-line client.
-- `client/` The Go client used by the command-line client. It can also be used by third-party Go programs.
-- `daemon/` The daemon, which serves the API.
-
-## Swagger definition
-
-The API is defined by the [Swagger](http://swagger.io/specification/) definition in `api/swagger.yaml`. This definition can be used to:
-
-1. Automatically generate documentation.
-2. Automatically generate the Go server and client. (A work-in-progress.)
-3. Provide a machine readable version of the API for introspecting what it can do, automatically generating clients for other languages, etc.
-
-## Updating the API documentation
-
-The API documentation is generated entirely from `api/swagger.yaml`. If you make updates to the API, edit this file to represent the change in the documentation.
-
-The file is split into two main sections:
-
-- `definitions`, which defines re-usable objects used in requests and responses
-- `paths`, which defines the API endpoints (and some inline objects which don't need to be reusable)
-
-To make an edit, first look for the endpoint you want to edit under `paths`, then make the required edits. Endpoints may reference reusable objects with `$ref`, which can be found in the `definitions` section.
-
-There is hopefully enough example material in the file for you to copy a similar pattern from elsewhere in the file (e.g. adding new fields or endpoints), but for the full reference, see the [Swagger specification](https://github.com/docker/docker/issues/27919).
-
-`swagger.yaml` is validated by `hack/validate/swagger` to ensure it is a valid Swagger definition. This is useful when making edits to ensure you are doing the right thing.
-
-## Viewing the API documentation
-
-When you make edits to `swagger.yaml`, you may want to check the generated API documentation to ensure it renders correctly.
-
-Run `make swagger-docs` and a preview will be running at `http://localhost:9000`. Some of the styling may be incorrect, but you'll be able to ensure that it is generating the correct documentation.
-
-The production documentation is generated by vendoring `swagger.yaml` into [docker/docker.github.io](https://github.com/docker/docker.github.io).
diff --git a/vendor/github.com/docker/docker/api/common.go b/vendor/github.com/docker/docker/api/common.go
deleted file mode 100644
index 702d3dcae4..0000000000
--- a/vendor/github.com/docker/docker/api/common.go
+++ /dev/null
@@ -1,20 +0,0 @@
-package api
-
-// Common constants for daemon and client.
-const (
-	// DefaultVersion of the current REST API.
-	DefaultVersion = "1.51"
-
-	// MinSupportedAPIVersion is the minimum API version that can be supported
-	// by the API server, specified as "major.minor". Note that the daemon
-	// may be configured with a different minimum API version, as returned
-	// in [github.com/docker/docker/api/types.Version.MinAPIVersion].
-	//
-	// API requests for API versions lower than the configured version produce
-	// an error.
-	MinSupportedAPIVersion = "1.24"
-
-	// NoBaseImageSpecifier is the symbol used by the FROM
-	// command to specify that no base image is to be used.
-	NoBaseImageSpecifier = "scratch"
-)
diff --git a/vendor/github.com/docker/docker/api/swagger-gen.yaml b/vendor/github.com/docker/docker/api/swagger-gen.yaml
deleted file mode 100644
index f07a02737f..0000000000
--- a/vendor/github.com/docker/docker/api/swagger-gen.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
-
-layout:
-  models:
-    - name: definition
-      source: asset:model
-      target: "{{ joinFilePath .Target .ModelPackage }}"
-      file_name: "{{ (snakize (pascalize .Name)) }}.go"
-  operations:
-    - name: handler
-      source: asset:serverOperation
-      target: "{{ joinFilePath .Target .APIPackage .Package }}"
-      file_name: "{{ (snakize (pascalize .Name)) }}.go"
diff --git a/vendor/github.com/docker/docker/api/swagger.yaml b/vendor/github.com/docker/docker/api/swagger.yaml
deleted file mode 100644
index feb42e808a..0000000000
--- a/vendor/github.com/docker/docker/api/swagger.yaml
+++ /dev/null
@@ -1,13379 +0,0 @@
-# A Swagger 2.0 (a.k.a. OpenAPI) definition of the Engine API.
-#
-# This is used for generating API documentation and the types used by the
-# client/server. See api/README.md for more information.
-#
-# Some style notes:
-# - This file is used by ReDoc, which allows GitHub Flavored Markdown in
-#   descriptions.
-# - There is no maximum line length, for ease of editing and pretty diffs.
-# - operationIds are in the format "NounVerb", with a singular noun.
-
-swagger: "2.0"
-schemes:
-  - "http"
-  - "https"
-produces:
-  - "application/json"
-  - "text/plain"
-consumes:
-  - "application/json"
-  - "text/plain"
-basePath: "/v1.51"
-info:
-  title: "Docker Engine API"
-  version: "1.51"
-  x-logo:
-    url: "https://docs.docker.com/assets/images/logo-docker-main.png"
-  description: |
-    The Engine API is an HTTP API served by Docker Engine. It is the API the
-    Docker client uses to communicate with the Engine, so everything the Docker
-    client can do can be done with the API.
-
-    Most of the client's commands map directly to API endpoints (e.g. `docker ps`
-    is `GET /containers/json`). The notable exception is running containers,
-    which consists of several API calls.
-
-    # Errors
-
-    The API uses standard HTTP status codes to indicate the success or failure
-    of the API call. The body of the response will be JSON in the following
-    format:
-
-    ```
-    {
-      "message": "page not found"
-    }
-    ```
-
-    # Versioning
-
-    The API is usually changed in each release, so API calls are versioned to
-    ensure that clients don't break. To lock to a specific version of the API,
-    you prefix the URL with its version, for example, call `/v1.30/info` to use
-    the v1.30 version of the `/info` endpoint. If the API version specified in
-    the URL is not supported by the daemon, a HTTP `400 Bad Request` error message
-    is returned.
-
-    If you omit the version-prefix, the current version of the API (v1.50) is used.
-    For example, calling `/info` is the same as calling `/v1.51/info`. Using the
-    API without a version-prefix is deprecated and will be removed in a future release.
-
-    Engine releases in the near future should support this version of the API,
-    so your client will continue to work even if it is talking to a newer Engine.
-
-    The API uses an open schema model, which means the server may add extra properties
-    to responses. Likewise, the server will ignore any extra query parameters and
-    request body properties. When you write clients, you need to ignore additional
-    properties in responses to ensure they do not break when talking to newer
-    daemons.
-
-
-    # Authentication
-
-    Authentication for registries is handled client side. The client has to send
-    authentication details to various endpoints that need to communicate with
-    registries, such as `POST /images/(name)/push`. These are sent as
-    `X-Registry-Auth` header as a [base64url encoded](https://tools.ietf.org/html/rfc4648#section-5)
-    (JSON) string with the following structure:
-
-    ```
-    {
-      "username": "string",
-      "password": "string",
-      "serveraddress": "string"
-    }
-    ```
-
-    The `serveraddress` is a domain/IP without a protocol. Throughout this
-    structure, double quotes are required.
-
-    If you have already got an identity token from the [`/auth` endpoint](#operation/SystemAuth),
-    you can just pass this instead of credentials:
-
-    ```
-    {
-      "identitytoken": "9cbaf023786cd7..."
-    }
-    ```
-
-# The tags on paths define the menu sections in the ReDoc documentation, so
-# the usage of tags must make sense for that:
-# - They should be singular, not plural.
-# - There should not be too many tags, or the menu becomes unwieldy. For
-#   example, it is preferable to add a path to the "System" tag instead of
-#   creating a tag with a single path in it.
-# - The order of tags in this list defines the order in the menu.
-tags:
-  # Primary objects
-  - name: "Container"
-    x-displayName: "Containers"
-    description: |
-      Create and manage containers.
-  - name: "Image"
-    x-displayName: "Images"
-  - name: "Network"
-    x-displayName: "Networks"
-    description: |
-      Networks are user-defined networks that containers can be attached to.
-      See the [networking documentation](https://docs.docker.com/network/)
-      for more information.
-  - name: "Volume"
-    x-displayName: "Volumes"
-    description: |
-      Create and manage persistent storage that can be attached to containers.
-  - name: "Exec"
-    x-displayName: "Exec"
-    description: |
-      Run new commands inside running containers. Refer to the
-      [command-line reference](https://docs.docker.com/engine/reference/commandline/exec/)
-      for more information.
-
-      To exec a command in a container, you first need to create an exec instance,
-      then start it. These two API endpoints are wrapped up in a single command-line
-      command, `docker exec`.
-
-  # Swarm things
-  - name: "Swarm"
-    x-displayName: "Swarm"
-    description: |
-      Engines can be clustered together in a swarm. Refer to the
-      [swarm mode documentation](https://docs.docker.com/engine/swarm/)
-      for more information.
-  - name: "Node"
-    x-displayName: "Nodes"
-    description: |
-      Nodes are instances of the Engine participating in a swarm. Swarm mode
-      must be enabled for these endpoints to work.
-  - name: "Service"
-    x-displayName: "Services"
-    description: |
-      Services are the definitions of tasks to run on a swarm. Swarm mode must
-      be enabled for these endpoints to work.
-  - name: "Task"
-    x-displayName: "Tasks"
-    description: |
-      A task is a container running on a swarm. It is the atomic scheduling unit
-      of swarm. Swarm mode must be enabled for these endpoints to work.
-  - name: "Secret"
-    x-displayName: "Secrets"
-    description: |
-      Secrets are sensitive data that can be used by services. Swarm mode must
-      be enabled for these endpoints to work.
-  - name: "Config"
-    x-displayName: "Configs"
-    description: |
-      Configs are application configurations that can be used by services. Swarm
-      mode must be enabled for these endpoints to work.
-  # System things
-  - name: "Plugin"
-    x-displayName: "Plugins"
-  - name: "System"
-    x-displayName: "System"
-
-definitions:
-  Port:
-    type: "object"
-    description: "An open port on a container"
-    required: [PrivatePort, Type]
-    properties:
-      IP:
-        type: "string"
-        format: "ip-address"
-        description: "Host IP address that the container's port is mapped to"
-      PrivatePort:
-        type: "integer"
-        format: "uint16"
-        x-nullable: false
-        description: "Port on the container"
-      PublicPort:
-        type: "integer"
-        format: "uint16"
-        description: "Port exposed on the host"
-      Type:
-        type: "string"
-        x-nullable: false
-        enum: ["tcp", "udp", "sctp"]
-    example:
-      PrivatePort: 8080
-      PublicPort: 80
-      Type: "tcp"
-
-  MountPoint:
-    type: "object"
-    description: |
-      MountPoint represents a mount point configuration inside the container.
-      This is used for reporting the mountpoints in use by a container.
-    properties:
-      Type:
-        description: |
-          The mount type:
-
-          - `bind` a mount of a file or directory from the host into the container.
-          - `volume` a docker volume with the given `Name`.
-          - `image` a docker image
-          - `tmpfs` a `tmpfs`.
-          - `npipe` a named pipe from the host into the container.
-          - `cluster` a Swarm cluster volume
-        type: "string"
-        enum:
-          - "bind"
-          - "volume"
-          - "image"
-          - "tmpfs"
-          - "npipe"
-          - "cluster"
-        example: "volume"
-      Name:
-        description: |
-          Name is the name reference to the underlying data defined by `Source`
-          e.g., the volume name.
-        type: "string"
-        example: "myvolume"
-      Source:
-        description: |
-          Source location of the mount.
-
-          For volumes, this contains the storage location of the volume (within
-          `/var/lib/docker/volumes/`). For bind-mounts, and `npipe`, this contains
-          the source (host) part of the bind-mount. For `tmpfs` mount points, this
-          field is empty.
-        type: "string"
-        example: "/var/lib/docker/volumes/myvolume/_data"
-      Destination:
-        description: |
-          Destination is the path relative to the container root (`/`) where
-          the `Source` is mounted inside the container.
-        type: "string"
-        example: "/usr/share/nginx/html/"
-      Driver:
-        description: |
-          Driver is the volume driver used to create the volume (if it is a volume).
-        type: "string"
-        example: "local"
-      Mode:
-        description: |
-          Mode is a comma separated list of options supplied by the user when
-          creating the bind/volume mount.
-
-          The default is platform-specific (`"z"` on Linux, empty on Windows).
-        type: "string"
-        example: "z"
-      RW:
-        description: |
-          Whether the mount is mounted writable (read-write).
-        type: "boolean"
-        example: true
-      Propagation:
-        description: |
-          Propagation describes how mounts are propagated from the host into the
-          mount point, and vice-versa. Refer to the [Linux kernel documentation](https://www.kernel.org/doc/Documentation/filesystems/sharedsubtree.txt)
-          for details. This field is not used on Windows.
-        type: "string"
-        example: ""
-
-  DeviceMapping:
-    type: "object"
-    description: "A device mapping between the host and container"
-    properties:
-      PathOnHost:
-        type: "string"
-      PathInContainer:
-        type: "string"
-      CgroupPermissions:
-        type: "string"
-    example:
-      PathOnHost: "/dev/deviceName"
-      PathInContainer: "/dev/deviceName"
-      CgroupPermissions: "mrw"
-
-  DeviceRequest:
-    type: "object"
-    description: "A request for devices to be sent to device drivers"
-    properties:
-      Driver:
-        type: "string"
-        example: "nvidia"
-      Count:
-        type: "integer"
-        example: -1
-      DeviceIDs:
-        type: "array"
-        items:
-          type: "string"
-        example:
-          - "0"
-          - "1"
-          - "GPU-fef8089b-4820-abfc-e83e-94318197576e"
-      Capabilities:
-        description: |
-          A list of capabilities; an OR list of AND lists of capabilities.
-        type: "array"
-        items:
-          type: "array"
-          items:
-            type: "string"
-        example:
-          # gpu AND nvidia AND compute
-          - ["gpu", "nvidia", "compute"]
-      Options:
-        description: |
-          Driver-specific options, specified as a key/value pairs. These options
-          are passed directly to the driver.
-        type: "object"
-        additionalProperties:
-          type: "string"
-
-  ThrottleDevice:
-    type: "object"
-    properties:
-      Path:
-        description: "Device path"
-        type: "string"
-      Rate:
-        description: "Rate"
-        type: "integer"
-        format: "int64"
-        minimum: 0
-
-  Mount:
-    type: "object"
-    properties:
-      Target:
-        description: "Container path."
-        type: "string"
-      Source:
-        description: "Mount source (e.g. a volume name, a host path)."
-        type: "string"
-      Type:
-        description: |
-          The mount type. Available types:
-
-          - `bind` Mounts a file or directory from the host into the container. Must exist prior to creating the container.
-          - `volume` Creates a volume with the given name and options (or uses a pre-existing volume with the same name and options). These are **not** removed when the container is removed.
-          - `image` Mounts an image.
-          - `tmpfs` Create a tmpfs with the given options. The mount source cannot be specified for tmpfs.
-          - `npipe` Mounts a named pipe from the host into the container. Must exist prior to creating the container.
-          - `cluster` a Swarm cluster volume
-        type: "string"
-        enum:
-          - "bind"
-          - "volume"
-          - "image"
-          - "tmpfs"
-          - "npipe"
-          - "cluster"
-      ReadOnly:
-        description: "Whether the mount should be read-only."
-        type: "boolean"
-      Consistency:
-        description: "The consistency requirement for the mount: `default`, `consistent`, `cached`, or `delegated`."
-        type: "string"
-      BindOptions:
-        description: "Optional configuration for the `bind` type."
-        type: "object"
-        properties:
-          Propagation:
-            description: "A propagation mode with the value `[r]private`, `[r]shared`, or `[r]slave`."
-            type: "string"
-            enum:
-              - "private"
-              - "rprivate"
-              - "shared"
-              - "rshared"
-              - "slave"
-              - "rslave"
-          NonRecursive:
-            description: "Disable recursive bind mount."
-            type: "boolean"
-            default: false
-          CreateMountpoint:
-            description: "Create mount point on host if missing"
-            type: "boolean"
-            default: false
-          ReadOnlyNonRecursive:
-            description: |
-               Make the mount non-recursively read-only, but still leave the mount recursive
-               (unless NonRecursive is set to `true` in conjunction).
-
-               Added in v1.44, before that version all read-only mounts were
-               non-recursive by default. To match the previous behaviour this
-               will default to `true` for clients on versions prior to v1.44.
-            type: "boolean"
-            default: false
-          ReadOnlyForceRecursive:
-            description: "Raise an error if the mount cannot be made recursively read-only."
-            type: "boolean"
-            default: false
-      VolumeOptions:
-        description: "Optional configuration for the `volume` type."
-        type: "object"
-        properties:
-          NoCopy:
-            description: "Populate volume with data from the target."
-            type: "boolean"
-            default: false
-          Labels:
-            description: "User-defined key/value metadata."
-            type: "object"
-            additionalProperties:
-              type: "string"
-          DriverConfig:
-            description: "Map of driver specific options"
-            type: "object"
-            properties:
-              Name:
-                description: "Name of the driver to use to create the volume."
-                type: "string"
-              Options:
-                description: "key/value map of driver specific options."
-                type: "object"
-                additionalProperties:
-                  type: "string"
-          Subpath:
-            description: "Source path inside the volume. Must be relative without any back traversals."
-            type: "string"
-            example: "dir-inside-volume/subdirectory"
-      ImageOptions:
-        description: "Optional configuration for the `image` type."
-        type: "object"
-        properties:
-          Subpath:
-            description: "Source path inside the image. Must be relative without any back traversals."
-            type: "string"
-            example: "dir-inside-image/subdirectory"
-      TmpfsOptions:
-        description: "Optional configuration for the `tmpfs` type."
-        type: "object"
-        properties:
-          SizeBytes:
-            description: "The size for the tmpfs mount in bytes."
-            type: "integer"
-            format: "int64"
-          Mode:
-            description: "The permission mode for the tmpfs mount in an integer."
-            type: "integer"
-          Options:
-            description: |
-              The options to be passed to the tmpfs mount. An array of arrays.
-              Flag options should be provided as 1-length arrays. Other types
-              should be provided as as 2-length arrays, where the first item is
-              the key and the second the value.
-            type: "array"
-            items:
-              type: "array"
-              minItems: 1
-              maxItems: 2
-              items:
-                type: "string"
-            example:
-              [["noexec"]]
-
-  RestartPolicy:
-    description: |
-      The behavior to apply when the container exits. The default is not to
-      restart.
-
-      An ever increasing delay (double the previous delay, starting at 100ms) is
-      added before each restart to prevent flooding the server.
-    type: "object"
-    properties:
-      Name:
-        type: "string"
-        description: |
-          - Empty string means not to restart
-          - `no` Do not automatically restart
-          - `always` Always restart
-          - `unless-stopped` Restart always except when the user has manually stopped the container
-          - `on-failure` Restart only when the container exit code is non-zero
-        enum:
-          - ""
-          - "no"
-          - "always"
-          - "unless-stopped"
-          - "on-failure"
-      MaximumRetryCount:
-        type: "integer"
-        description: |
-          If `on-failure` is used, the number of times to retry before giving up.
-
-  Resources:
-    description: "A container's resources (cgroups config, ulimits, etc)"
-    type: "object"
-    properties:
-      # Applicable to all platforms
-      CpuShares:
-        description: |
-          An integer value representing this container's relative CPU weight
-          versus other containers.
-        type: "integer"
-      Memory:
-        description: "Memory limit in bytes."
-        type: "integer"
-        format: "int64"
-        default: 0
-      # Applicable to UNIX platforms
-      CgroupParent:
-        description: |
-          Path to `cgroups` under which the container's `cgroup` is created. If
-          the path is not absolute, the path is considered to be relative to the
-          `cgroups` path of the init process. Cgroups are created if they do not
-          already exist.
-        type: "string"
-      BlkioWeight:
-        description: "Block IO weight (relative weight)."
-        type: "integer"
-        minimum: 0
-        maximum: 1000
-      BlkioWeightDevice:
-        description: |
-          Block IO weight (relative device weight) in the form:
-
-          ```
-          [{"Path": "device_path", "Weight": weight}]
-          ```
-        type: "array"
-        items:
-          type: "object"
-          properties:
-            Path:
-              type: "string"
-            Weight:
-              type: "integer"
-              minimum: 0
-      BlkioDeviceReadBps:
-        description: |
-          Limit read rate (bytes per second) from a device, in the form:
-
-          ```
-          [{"Path": "device_path", "Rate": rate}]
-          ```
-        type: "array"
-        items:
-          $ref: "#/definitions/ThrottleDevice"
-      BlkioDeviceWriteBps:
-        description: |
-          Limit write rate (bytes per second) to a device, in the form:
-
-          ```
-          [{"Path": "device_path", "Rate": rate}]
-          ```
-        type: "array"
-        items:
-          $ref: "#/definitions/ThrottleDevice"
-      BlkioDeviceReadIOps:
-        description: |
-          Limit read rate (IO per second) from a device, in the form:
-
-          ```
-          [{"Path": "device_path", "Rate": rate}]
-          ```
-        type: "array"
-        items:
-          $ref: "#/definitions/ThrottleDevice"
-      BlkioDeviceWriteIOps:
-        description: |
-          Limit write rate (IO per second) to a device, in the form:
-
-          ```
-          [{"Path": "device_path", "Rate": rate}]
-          ```
-        type: "array"
-        items:
-          $ref: "#/definitions/ThrottleDevice"
-      CpuPeriod:
-        description: "The length of a CPU period in microseconds."
-        type: "integer"
-        format: "int64"
-      CpuQuota:
-        description: |
-          Microseconds of CPU time that the container can get in a CPU period.
-        type: "integer"
-        format: "int64"
-      CpuRealtimePeriod:
-        description: |
-          The length of a CPU real-time period in microseconds. Set to 0 to
-          allocate no time allocated to real-time tasks.
-        type: "integer"
-        format: "int64"
-      CpuRealtimeRuntime:
-        description: |
-          The length of a CPU real-time runtime in microseconds. Set to 0 to
-          allocate no time allocated to real-time tasks.
-        type: "integer"
-        format: "int64"
-      CpusetCpus:
-        description: |
-          CPUs in which to allow execution (e.g., `0-3`, `0,1`).
-        type: "string"
-        example: "0-3"
-      CpusetMems:
-        description: |
-          Memory nodes (MEMs) in which to allow execution (0-3, 0,1). Only
-          effective on NUMA systems.
-        type: "string"
-      Devices:
-        description: "A list of devices to add to the container."
-        type: "array"
-        items:
-          $ref: "#/definitions/DeviceMapping"
-      DeviceCgroupRules:
-        description: "a list of cgroup rules to apply to the container"
-        type: "array"
-        items:
-          type: "string"
-          example: "c 13:* rwm"
-      DeviceRequests:
-        description: |
-          A list of requests for devices to be sent to device drivers.
-        type: "array"
-        items:
-          $ref: "#/definitions/DeviceRequest"
-      KernelMemoryTCP:
-        description: |
-          Hard limit for kernel TCP buffer memory (in bytes). Depending on the
-          OCI runtime in use, this option may be ignored. It is no longer supported
-          by the default (runc) runtime.
-
-          This field is omitted when empty.
-
-          **Deprecated**: This field is deprecated as kernel 6.12 has deprecated `memory.kmem.tcp.limit_in_bytes` field
-          for cgroups v1. This field will be removed in a future release.
-        type: "integer"
-        format: "int64"
-      MemoryReservation:
-        description: "Memory soft limit in bytes."
-        type: "integer"
-        format: "int64"
-      MemorySwap:
-        description: |
-          Total memory limit (memory + swap). Set as `-1` to enable unlimited
-          swap.
-        type: "integer"
-        format: "int64"
-      MemorySwappiness:
-        description: |
-          Tune a container's memory swappiness behavior. Accepts an integer
-          between 0 and 100.
-        type: "integer"
-        format: "int64"
-        minimum: 0
-        maximum: 100
-      NanoCpus:
-        description: "CPU quota in units of 10<sup>-9</sup> CPUs."
-        type: "integer"
-        format: "int64"
-      OomKillDisable:
-        description: "Disable OOM Killer for the container."
-        type: "boolean"
-      Init:
-        description: |
-          Run an init inside the container that forwards signals and reaps
-          processes. This field is omitted if empty, and the default (as
-          configured on the daemon) is used.
-        type: "boolean"
-        x-nullable: true
-      PidsLimit:
-        description: |
-          Tune a container's PIDs limit. Set `0` or `-1` for unlimited, or `null`
-          to not change.
-        type: "integer"
-        format: "int64"
-        x-nullable: true
-      Ulimits:
-        description: |
-          A list of resource limits to set in the container. For example:
-
-          ```
-          {"Name": "nofile", "Soft": 1024, "Hard": 2048}
-          ```
-        type: "array"
-        items:
-          type: "object"
-          properties:
-            Name:
-              description: "Name of ulimit"
-              type: "string"
-            Soft:
-              description: "Soft limit"
-              type: "integer"
-            Hard:
-              description: "Hard limit"
-              type: "integer"
-      # Applicable to Windows
-      CpuCount:
-        description: |
-          The number of usable CPUs (Windows only).
-
-          On Windows Server containers, the processor resource controls are
-          mutually exclusive. The order of precedence is `CPUCount` first, then
-          `CPUShares`, and `CPUPercent` last.
-        type: "integer"
-        format: "int64"
-      CpuPercent:
-        description: |
-          The usable percentage of the available CPUs (Windows only).
-
-          On Windows Server containers, the processor resource controls are
-          mutually exclusive. The order of precedence is `CPUCount` first, then
-          `CPUShares`, and `CPUPercent` last.
-        type: "integer"
-        format: "int64"
-      IOMaximumIOps:
-        description: "Maximum IOps for the container system drive (Windows only)"
-        type: "integer"
-        format: "int64"
-      IOMaximumBandwidth:
-        description: |
-          Maximum IO in bytes per second for the container system drive
-          (Windows only).
-        type: "integer"
-        format: "int64"
-
-  Limit:
-    description: |
-      An object describing a limit on resources which can be requested by a task.
-    type: "object"
-    properties:
-      NanoCPUs:
-        type: "integer"
-        format: "int64"
-        example: 4000000000
-      MemoryBytes:
-        type: "integer"
-        format: "int64"
-        example: 8272408576
-      Pids:
-        description: |
-          Limits the maximum number of PIDs in the container. Set `0` for unlimited.
-        type: "integer"
-        format: "int64"
-        default: 0
-        example: 100
-
-  ResourceObject:
-    description: |
-      An object describing the resources which can be advertised by a node and
-      requested by a task.
-    type: "object"
-    properties:
-      NanoCPUs:
-        type: "integer"
-        format: "int64"
-        example: 4000000000
-      MemoryBytes:
-        type: "integer"
-        format: "int64"
-        example: 8272408576
-      GenericResources:
-        $ref: "#/definitions/GenericResources"
-
-  GenericResources:
-    description: |
-      User-defined resources can be either Integer resources (e.g, `SSD=3`) or
-      String resources (e.g, `GPU=UUID1`).
-    type: "array"
-    items:
-      type: "object"
-      properties:
-        NamedResourceSpec:
-          type: "object"
-          properties:
-            Kind:
-              type: "string"
-            Value:
-              type: "string"
-        DiscreteResourceSpec:
-          type: "object"
-          properties:
-            Kind:
-              type: "string"
-            Value:
-              type: "integer"
-              format: "int64"
-    example:
-      - DiscreteResourceSpec:
-          Kind: "SSD"
-          Value: 3
-      - NamedResourceSpec:
-          Kind: "GPU"
-          Value: "UUID1"
-      - NamedResourceSpec:
-          Kind: "GPU"
-          Value: "UUID2"
-
-  HealthConfig:
-    description: "A test to perform to check that the container is healthy."
-    type: "object"
-    properties:
-      Test:
-        description: |
-          The test to perform. Possible values are:
-
-          - `[]` inherit healthcheck from image or parent image
-          - `["NONE"]` disable healthcheck
-          - `["CMD", args...]` exec arguments directly
-          - `["CMD-SHELL", command]` run command with system's default shell
-        type: "array"
-        items:
-          type: "string"
-      Interval:
-        description: |
-          The time to wait between checks in nanoseconds. It should be 0 or at
-          least 1000000 (1 ms). 0 means inherit.
-        type: "integer"
-        format: "int64"
-      Timeout:
-        description: |
-          The time to wait before considering the check to have hung. It should
-          be 0 or at least 1000000 (1 ms). 0 means inherit.
-        type: "integer"
-        format: "int64"
-      Retries:
-        description: |
-          The number of consecutive failures needed to consider a container as
-          unhealthy. 0 means inherit.
-        type: "integer"
-      StartPeriod:
-        description: |
-          Start period for the container to initialize before starting
-          health-retries countdown in nanoseconds. It should be 0 or at least
-          1000000 (1 ms). 0 means inherit.
-        type: "integer"
-        format: "int64"
-      StartInterval:
-        description: |
-          The time to wait between checks in nanoseconds during the start period.
-          It should be 0 or at least 1000000 (1 ms). 0 means inherit.
-        type: "integer"
-        format: "int64"
-
-  Health:
-    description: |
-      Health stores information about the container's healthcheck results.
-    type: "object"
-    x-nullable: true
-    properties:
-      Status:
-        description: |
-          Status is one of `none`, `starting`, `healthy` or `unhealthy`
-
-          - "none"      Indicates there is no healthcheck
-          - "starting"  Starting indicates that the container is not yet ready
-          - "healthy"   Healthy indicates that the container is running correctly
-          - "unhealthy" Unhealthy indicates that the container has a problem
-        type: "string"
-        enum:
-          - "none"
-          - "starting"
-          - "healthy"
-          - "unhealthy"
-        example: "healthy"
-      FailingStreak:
-        description: "FailingStreak is the number of consecutive failures"
-        type: "integer"
-        example: 0
-      Log:
-        type: "array"
-        description: |
-          Log contains the last few results (oldest first)
-        items:
-          $ref: "#/definitions/HealthcheckResult"
-
-  HealthcheckResult:
-    description: |
-      HealthcheckResult stores information about a single run of a healthcheck probe
-    type: "object"
-    x-nullable: true
-    properties:
-      Start:
-        description: |
-          Date and time at which this check started in
-          [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format with nano-seconds.
-        type: "string"
-        format: "date-time"
-        example: "2020-01-04T10:44:24.496525531Z"
-      End:
-        description: |
-          Date and time at which this check ended in
-          [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format with nano-seconds.
-        type: "string"
-        format: "dateTime"
-        example: "2020-01-04T10:45:21.364524523Z"
-      ExitCode:
-        description: |
-          ExitCode meanings:
-
-          - `0` healthy
-          - `1` unhealthy
-          - `2` reserved (considered unhealthy)
-          - other values: error running probe
-        type: "integer"
-        example: 0
-      Output:
-        description: "Output from last check"
-        type: "string"
-
-  HostConfig:
-    description: "Container configuration that depends on the host we are running on"
-    allOf:
-      - $ref: "#/definitions/Resources"
-      - type: "object"
-        properties:
-          # Applicable to all platforms
-          Binds:
-            type: "array"
-            description: |
-              A list of volume bindings for this container. Each volume binding
-              is a string in one of these forms:
-
-              - `host-src:container-dest[:options]` to bind-mount a host path
-                into the container. Both `host-src`, and `container-dest` must
-                be an _absolute_ path.
-              - `volume-name:container-dest[:options]` to bind-mount a volume
-                managed by a volume driver into the container. `container-dest`
-                must be an _absolute_ path.
-
-              `options` is an optional, comma-delimited list of:
-
-              - `nocopy` disables automatic copying of data from the container
-                path to the volume. The `nocopy` flag only applies to named volumes.
-              - `[ro|rw]` mounts a volume read-only or read-write, respectively.
-                If omitted or set to `rw`, volumes are mounted read-write.
-              - `[z|Z]` applies SELinux labels to allow or deny multiple containers
-                to read and write to the same volume.
-                  - `z`: a _shared_ content label is applied to the content. This
-                    label indicates that multiple containers can share the volume
-                    content, for both reading and writing.
-                  - `Z`: a _private unshared_ label is applied to the content.
-                    This label indicates that only the current container can use
-                    a private volume. Labeling systems such as SELinux require
-                    proper labels to be placed on volume content that is mounted
-                    into a container. Without a label, the security system can
-                    prevent a container's processes from using the content. By
-                    default, the labels set by the host operating system are not
-                    modified.
-              - `[[r]shared|[r]slave|[r]private]` specifies mount
-                [propagation behavior](https://www.kernel.org/doc/Documentation/filesystems/sharedsubtree.txt).
-                This only applies to bind-mounted volumes, not internal volumes
-                or named volumes. Mount propagation requires the source mount
-                point (the location where the source directory is mounted in the
-                host operating system) to have the correct propagation properties.
-                For shared volumes, the source mount point must be set to `shared`.
-                For slave volumes, the mount must be set to either `shared` or
-                `slave`.
-            items:
-              type: "string"
-          ContainerIDFile:
-            type: "string"
-            description: "Path to a file where the container ID is written"
-            example: ""
-          LogConfig:
-            type: "object"
-            description: "The logging configuration for this container"
-            properties:
-              Type:
-                description: |-
-                  Name of the logging driver used for the container or "none"
-                  if logging is disabled.
-                type: "string"
-                enum:
-                  - "local"
-                  - "json-file"
-                  - "syslog"
-                  - "journald"
-                  - "gelf"
-                  - "fluentd"
-                  - "awslogs"
-                  - "splunk"
-                  - "etwlogs"
-                  - "none"
-              Config:
-                description: |-
-                  Driver-specific configuration options for the logging driver.
-                type: "object"
-                additionalProperties:
-                  type: "string"
-                example:
-                  "max-file": "5"
-                  "max-size": "10m"
-          NetworkMode:
-            type: "string"
-            description: |
-              Network mode to use for this container. Supported standard values
-              are: `bridge`, `host`, `none`, and `container:<name|id>`. Any
-              other value is taken as a custom network's name to which this
-              container should connect to.
-          PortBindings:
-            $ref: "#/definitions/PortMap"
-          RestartPolicy:
-            $ref: "#/definitions/RestartPolicy"
-          AutoRemove:
-            type: "boolean"
-            description: |
-              Automatically remove the container when the container's process
-              exits. This has no effect if `RestartPolicy` is set.
-          VolumeDriver:
-            type: "string"
-            description: "Driver that this container uses to mount volumes."
-          VolumesFrom:
-            type: "array"
-            description: |
-              A list of volumes to inherit from another container, specified in
-              the form `<container name>[:<ro|rw>]`.
-            items:
-              type: "string"
-          Mounts:
-            description: |
-              Specification for mounts to be added to the container.
-            type: "array"
-            items:
-              $ref: "#/definitions/Mount"
-          ConsoleSize:
-            type: "array"
-            description: |
-              Initial console size, as an `[height, width]` array.
-            x-nullable: true
-            minItems: 2
-            maxItems: 2
-            items:
-              type: "integer"
-              minimum: 0
-            example: [80, 64]
-          Annotations:
-            type: "object"
-            description: |
-              Arbitrary non-identifying metadata attached to container and
-              provided to the runtime when the container is started.
-            additionalProperties:
-              type: "string"
-
-          # Applicable to UNIX platforms
-          CapAdd:
-            type: "array"
-            description: |
-              A list of kernel capabilities to add to the container. Conflicts
-              with option 'Capabilities'.
-            items:
-              type: "string"
-          CapDrop:
-            type: "array"
-            description: |
-              A list of kernel capabilities to drop from the container. Conflicts
-              with option 'Capabilities'.
-            items:
-              type: "string"
-          CgroupnsMode:
-            type: "string"
-            enum:
-              - "private"
-              - "host"
-            description: |
-              cgroup namespace mode for the container. Possible values are:
-
-              - `"private"`: the container runs in its own private cgroup namespace
-              - `"host"`: use the host system's cgroup namespace
-
-              If not specified, the daemon default is used, which can either be `"private"`
-              or `"host"`, depending on daemon version, kernel support and configuration.
-          Dns:
-            type: "array"
-            description: "A list of DNS servers for the container to use."
-            items:
-              type: "string"
-          DnsOptions:
-            type: "array"
-            description: "A list of DNS options."
-            items:
-              type: "string"
-          DnsSearch:
-            type: "array"
-            description: "A list of DNS search domains."
-            items:
-              type: "string"
-          ExtraHosts:
-            type: "array"
-            description: |
-              A list of hostnames/IP mappings to add to the container's `/etc/hosts`
-              file. Specified in the form `["hostname:IP"]`.
-            items:
-              type: "string"
-          GroupAdd:
-            type: "array"
-            description: |
-              A list of additional groups that the container process will run as.
-            items:
-              type: "string"
-          IpcMode:
-            type: "string"
-            description: |
-              IPC sharing mode for the container. Possible values are:
-
-              - `"none"`: own private IPC namespace, with /dev/shm not mounted
-              - `"private"`: own private IPC namespace
-              - `"shareable"`: own private IPC namespace, with a possibility to share it with other containers
-              - `"container:<name|id>"`: join another (shareable) container's IPC namespace
-              - `"host"`: use the host system's IPC namespace
-
-              If not specified, daemon default is used, which can either be `"private"`
-              or `"shareable"`, depending on daemon version and configuration.
-          Cgroup:
-            type: "string"
-            description: "Cgroup to use for the container."
-          Links:
-            type: "array"
-            description: |
-              A list of links for the container in the form `container_name:alias`.
-            items:
-              type: "string"
-          OomScoreAdj:
-            type: "integer"
-            description: |
-              An integer value containing the score given to the container in
-              order to tune OOM killer preferences.
-            example: 500
-          PidMode:
-            type: "string"
-            description: |
-              Set the PID (Process) Namespace mode for the container. It can be
-              either:
-
-              - `"container:<name|id>"`: joins another container's PID namespace
-              - `"host"`: use the host's PID namespace inside the container
-          Privileged:
-            type: "boolean"
-            description: |-
-              Gives the container full access to the host.
-          PublishAllPorts:
-            type: "boolean"
-            description: |
-              Allocates an ephemeral host port for all of a container's
-              exposed ports.
-
-              Ports are de-allocated when the container stops and allocated when
-              the container starts. The allocated port might be changed when
-              restarting the container.
-
-              The port is selected from the ephemeral port range that depends on
-              the kernel. For example, on Linux the range is defined by
-              `/proc/sys/net/ipv4/ip_local_port_range`.
-          ReadonlyRootfs:
-            type: "boolean"
-            description: "Mount the container's root filesystem as read only."
-          SecurityOpt:
-            type: "array"
-            description: |
-              A list of string values to customize labels for MLS systems, such
-              as SELinux.
-            items:
-              type: "string"
-          StorageOpt:
-            type: "object"
-            description: |
-              Storage driver options for this container, in the form `{"size": "120G"}`.
-            additionalProperties:
-              type: "string"
-          Tmpfs:
-            type: "object"
-            description: |
-              A map of container directories which should be replaced by tmpfs
-              mounts, and their corresponding mount options. For example:
-
-              ```
-              { "/run": "rw,noexec,nosuid,size=65536k" }
-              ```
-            additionalProperties:
-              type: "string"
-          UTSMode:
-            type: "string"
-            description: "UTS namespace to use for the container."
-          UsernsMode:
-            type: "string"
-            description: |
-              Sets the usernamespace mode for the container when usernamespace
-              remapping option is enabled.
-          ShmSize:
-            type: "integer"
-            format: "int64"
-            description: |
-              Size of `/dev/shm` in bytes. If omitted, the system uses 64MB.
-            minimum: 0
-          Sysctls:
-            type: "object"
-            x-nullable: true
-            description: |-
-              A list of kernel parameters (sysctls) to set in the container.
-
-              This field is omitted if not set.
-            additionalProperties:
-              type: "string"
-            example:
-              "net.ipv4.ip_forward": "1"
-          Runtime:
-            type: "string"
-            x-nullable: true
-            description: |-
-              Runtime to use with this container.
-          # Applicable to Windows
-          Isolation:
-            type: "string"
-            description: |
-              Isolation technology of the container. (Windows only)
-            enum:
-              - "default"
-              - "process"
-              - "hyperv"
-              - ""
-          MaskedPaths:
-            type: "array"
-            description: |
-              The list of paths to be masked inside the container (this overrides
-              the default set of paths).
-            items:
-              type: "string"
-            example:
-              - "/proc/asound"
-              - "/proc/acpi"
-              - "/proc/kcore"
-              - "/proc/keys"
-              - "/proc/latency_stats"
-              - "/proc/timer_list"
-              - "/proc/timer_stats"
-              - "/proc/sched_debug"
-              - "/proc/scsi"
-              - "/sys/firmware"
-              - "/sys/devices/virtual/powercap"
-          ReadonlyPaths:
-            type: "array"
-            description: |
-              The list of paths to be set as read-only inside the container
-              (this overrides the default set of paths).
-            items:
-              type: "string"
-            example:
-              - "/proc/bus"
-              - "/proc/fs"
-              - "/proc/irq"
-              - "/proc/sys"
-              - "/proc/sysrq-trigger"
-
-  ContainerConfig:
-    description: |
-      Configuration for a container that is portable between hosts.
-    type: "object"
-    properties:
-      Hostname:
-        description: |
-          The hostname to use for the container, as a valid RFC 1123 hostname.
-        type: "string"
-        example: "439f4e91bd1d"
-      Domainname:
-        description: |
-          The domain name to use for the container.
-        type: "string"
-      User:
-        description: |-
-          Commands run as this user inside the container. If omitted, commands
-          run as the user specified in the image the container was started from.
-
-          Can be either user-name or UID, and optional group-name or GID,
-          separated by a colon (`<user-name|UID>[<:group-name|GID>]`).
-        type: "string"
-        example: "123:456"
-      AttachStdin:
-        description: "Whether to attach to `stdin`."
-        type: "boolean"
-        default: false
-      AttachStdout:
-        description: "Whether to attach to `stdout`."
-        type: "boolean"
-        default: true
-      AttachStderr:
-        description: "Whether to attach to `stderr`."
-        type: "boolean"
-        default: true
-      ExposedPorts:
-        description: |
-          An object mapping ports to an empty object in the form:
-
-          `{"<port>/<tcp|udp|sctp>": {}}`
-        type: "object"
-        x-nullable: true
-        additionalProperties:
-          type: "object"
-          enum:
-            - {}
-          default: {}
-        example: {
-          "80/tcp": {},
-          "443/tcp": {}
-        }
-      Tty:
-        description: |
-          Attach standard streams to a TTY, including `stdin` if it is not closed.
-        type: "boolean"
-        default: false
-      OpenStdin:
-        description: "Open `stdin`"
-        type: "boolean"
-        default: false
-      StdinOnce:
-        description: "Close `stdin` after one attached client disconnects"
-        type: "boolean"
-        default: false
-      Env:
-        description: |
-          A list of environment variables to set inside the container in the
-          form `["VAR=value", ...]`. A variable without `=` is removed from the
-          environment, rather than to have an empty value.
-        type: "array"
-        items:
-          type: "string"
-        example:
-          - "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
-      Cmd:
-        description: |
-          Command to run specified as a string or an array of strings.
-        type: "array"
-        items:
-          type: "string"
-        example: ["/bin/sh"]
-      Healthcheck:
-        $ref: "#/definitions/HealthConfig"
-      ArgsEscaped:
-        description: "Command is already escaped (Windows only)"
-        type: "boolean"
-        default: false
-        example: false
-        x-nullable: true
-      Image:
-        description: |
-          The name (or reference) of the image to use when creating the container,
-          or which was used when the container was created.
-        type: "string"
-        example: "example-image:1.0"
-      Volumes:
-        description: |
-          An object mapping mount point paths inside the container to empty
-          objects.
-        type: "object"
-        additionalProperties:
-          type: "object"
-          enum:
-            - {}
-          default: {}
-      WorkingDir:
-        description: "The working directory for commands to run in."
-        type: "string"
-        example: "/public/"
-      Entrypoint:
-        description: |
-          The entry point for the container as a string or an array of strings.
-
-          If the array consists of exactly one empty string (`[""]`) then the
-          entry point is reset to system default (i.e., the entry point used by
-          docker when there is no `ENTRYPOINT` instruction in the `Dockerfile`).
-        type: "array"
-        items:
-          type: "string"
-        example: []
-      NetworkDisabled:
-        description: "Disable networking for the container."
-        type: "boolean"
-        x-nullable: true
-      MacAddress:
-        description: |
-          MAC address of the container.
-
-          Deprecated: this field is deprecated in API v1.44 and up. Use EndpointSettings.MacAddress instead.
-        type: "string"
-        x-nullable: true
-      OnBuild:
-        description: |
-          `ONBUILD` metadata that were defined in the image's `Dockerfile`.
-        type: "array"
-        x-nullable: true
-        items:
-          type: "string"
-        example: []
-      Labels:
-        description: "User-defined key/value metadata."
-        type: "object"
-        additionalProperties:
-          type: "string"
-        example:
-          com.example.some-label: "some-value"
-          com.example.some-other-label: "some-other-value"
-      StopSignal:
-        description: |
-          Signal to stop a container as a string or unsigned integer.
-        type: "string"
-        example: "SIGTERM"
-        x-nullable: true
-      StopTimeout:
-        description: "Timeout to stop a container in seconds."
-        type: "integer"
-        default: 10
-        x-nullable: true
-      Shell:
-        description: |
-          Shell for when `RUN`, `CMD`, and `ENTRYPOINT` uses a shell.
-        type: "array"
-        x-nullable: true
-        items:
-          type: "string"
-        example: ["/bin/sh", "-c"]
-
-  ImageConfig:
-    description: |
-      Configuration of the image. These fields are used as defaults
-      when starting a container from the image.
-    type: "object"
-    properties:
-      User:
-        description: "The user that commands are run as inside the container."
-        type: "string"
-        example: "web:web"
-      ExposedPorts:
-        description: |
-          An object mapping ports to an empty object in the form:
-
-          `{"<port>/<tcp|udp|sctp>": {}}`
-        type: "object"
-        x-nullable: true
-        additionalProperties:
-          type: "object"
-          enum:
-            - {}
-          default: {}
-        example: {
-          "80/tcp": {},
-          "443/tcp": {}
-        }
-      Env:
-        description: |
-          A list of environment variables to set inside the container in the
-          form `["VAR=value", ...]`. A variable without `=` is removed from the
-          environment, rather than to have an empty value.
-        type: "array"
-        items:
-          type: "string"
-        example:
-          - "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
-      Cmd:
-        description: |
-          Command to run specified as a string or an array of strings.
-        type: "array"
-        items:
-          type: "string"
-        example: ["/bin/sh"]
-      Healthcheck:
-        $ref: "#/definitions/HealthConfig"
-      ArgsEscaped:
-        description: "Command is already escaped (Windows only)"
-        type: "boolean"
-        default: false
-        example: false
-        x-nullable: true
-      Volumes:
-        description: |
-          An object mapping mount point paths inside the container to empty
-          objects.
-        type: "object"
-        additionalProperties:
-          type: "object"
-          enum:
-            - {}
-          default: {}
-        example:
-          "/app/data": {}
-          "/app/config": {}
-      WorkingDir:
-        description: "The working directory for commands to run in."
-        type: "string"
-        example: "/public/"
-      Entrypoint:
-        description: |
-          The entry point for the container as a string or an array of strings.
-
-          If the array consists of exactly one empty string (`[""]`) then the
-          entry point is reset to system default (i.e., the entry point used by
-          docker when there is no `ENTRYPOINT` instruction in the `Dockerfile`).
-        type: "array"
-        items:
-          type: "string"
-        example: []
-      OnBuild:
-        description: |
-          `ONBUILD` metadata that were defined in the image's `Dockerfile`.
-        type: "array"
-        x-nullable: true
-        items:
-          type: "string"
-        example: []
-      Labels:
-        description: "User-defined key/value metadata."
-        type: "object"
-        additionalProperties:
-          type: "string"
-        example:
-          com.example.some-label: "some-value"
-          com.example.some-other-label: "some-other-value"
-      StopSignal:
-        description: |
-          Signal to stop a container as a string or unsigned integer.
-        type: "string"
-        example: "SIGTERM"
-        x-nullable: true
-      Shell:
-        description: |
-          Shell for when `RUN`, `CMD`, and `ENTRYPOINT` uses a shell.
-        type: "array"
-        x-nullable: true
-        items:
-          type: "string"
-        example: ["/bin/sh", "-c"]
-
-  NetworkingConfig:
-    description: |
-      NetworkingConfig represents the container's networking configuration for
-      each of its interfaces.
-      It is used for the networking configs specified in the `docker create`
-      and `docker network connect` commands.
-    type: "object"
-    properties:
-      EndpointsConfig:
-        description: |
-          A mapping of network name to endpoint configuration for that network.
-          The endpoint configuration can be left empty to connect to that
-          network with no particular endpoint configuration.
-        type: "object"
-        additionalProperties:
-          $ref: "#/definitions/EndpointSettings"
-    example:
-      # putting an example here, instead of using the example values from
-      # /definitions/EndpointSettings, because EndpointSettings contains
-      # operational data returned when inspecting a container that we don't
-      # accept here.
-      EndpointsConfig:
-        isolated_nw:
-          IPAMConfig:
-            IPv4Address: "172.20.30.33"
-            IPv6Address: "2001:db8:abcd::3033"
-            LinkLocalIPs:
-              - "169.254.34.68"
-              - "fe80::3468"
-          MacAddress: "02:42:ac:12:05:02"
-          Links:
-            - "container_1"
-            - "container_2"
-          Aliases:
-            - "server_x"
-            - "server_y"
-        database_nw: {}
-
-  NetworkSettings:
-    description: "NetworkSettings exposes the network settings in the API"
-    type: "object"
-    properties:
-      Bridge:
-        description: |
-          Name of the default bridge interface when dockerd's --bridge flag is set.
-
-          Deprecated: This field is only set when the daemon is started with the --bridge flag specified.
-        type: "string"
-        example: "docker0"
-      SandboxID:
-        description: SandboxID uniquely represents a container's network stack.
-        type: "string"
-        example: "9d12daf2c33f5959c8bf90aa513e4f65b561738661003029ec84830cd503a0c3"
-      HairpinMode:
-        description: |
-          Indicates if hairpin NAT should be enabled on the virtual interface.
-
-          Deprecated: This field is never set and will be removed in a future release.
-        type: "boolean"
-        example: false
-      LinkLocalIPv6Address:
-        description: |
-          IPv6 unicast address using the link-local prefix.
-
-          Deprecated: This field is never set and will be removed in a future release.
-        type: "string"
-        example: ""
-      LinkLocalIPv6PrefixLen:
-        description: |
-          Prefix length of the IPv6 unicast address.
-
-          Deprecated: This field is never set and will be removed in a future release.
-        type: "integer"
-        example: ""
-      Ports:
-        $ref: "#/definitions/PortMap"
-      SandboxKey:
-        description: SandboxKey is the full path of the netns handle
-        type: "string"
-        example: "/var/run/docker/netns/8ab54b426c38"
-
-      SecondaryIPAddresses:
-        description: "Deprecated: This field is never set and will be removed in a future release."
-        type: "array"
-        items:
-          $ref: "#/definitions/Address"
-        x-nullable: true
-
-      SecondaryIPv6Addresses:
-        description: "Deprecated: This field is never set and will be removed in a future release."
-        type: "array"
-        items:
-          $ref: "#/definitions/Address"
-        x-nullable: true
-
-      # TODO properties below are part of DefaultNetworkSettings, which is
-      # marked as deprecated since Docker 1.9 and to be removed in Docker v17.12
-      EndpointID:
-        description: |
-          EndpointID uniquely represents a service endpoint in a Sandbox.
-
-          <p><br /></p>
-
-          > **Deprecated**: This field is only propagated when attached to the
-          > default "bridge" network. Use the information from the "bridge"
-          > network inside the `Networks` map instead, which contains the same
-          > information. This field was deprecated in Docker 1.9 and is scheduled
-          > to be removed in Docker 17.12.0
-        type: "string"
-        example: "b88f5b905aabf2893f3cbc4ee42d1ea7980bbc0a92e2c8922b1e1795298afb0b"
-      Gateway:
-        description: |
-          Gateway address for the default "bridge" network.
-
-          <p><br /></p>
-
-          > **Deprecated**: This field is only propagated when attached to the
-          > default "bridge" network. Use the information from the "bridge"
-          > network inside the `Networks` map instead, which contains the same
-          > information. This field was deprecated in Docker 1.9 and is scheduled
-          > to be removed in Docker 17.12.0
-        type: "string"
-        example: "172.17.0.1"
-      GlobalIPv6Address:
-        description: |
-          Global IPv6 address for the default "bridge" network.
-
-          <p><br /></p>
-
-          > **Deprecated**: This field is only propagated when attached to the
-          > default "bridge" network. Use the information from the "bridge"
-          > network inside the `Networks` map instead, which contains the same
-          > information. This field was deprecated in Docker 1.9 and is scheduled
-          > to be removed in Docker 17.12.0
-        type: "string"
-        example: "2001:db8::5689"
-      GlobalIPv6PrefixLen:
-        description: |
-          Mask length of the global IPv6 address.
-
-          <p><br /></p>
-
-          > **Deprecated**: This field is only propagated when attached to the
-          > default "bridge" network. Use the information from the "bridge"
-          > network inside the `Networks` map instead, which contains the same
-          > information. This field was deprecated in Docker 1.9 and is scheduled
-          > to be removed in Docker 17.12.0
-        type: "integer"
-        example: 64
-      IPAddress:
-        description: |
-          IPv4 address for the default "bridge" network.
-
-          <p><br /></p>
-
-          > **Deprecated**: This field is only propagated when attached to the
-          > default "bridge" network. Use the information from the "bridge"
-          > network inside the `Networks` map instead, which contains the same
-          > information. This field was deprecated in Docker 1.9 and is scheduled
-          > to be removed in Docker 17.12.0
-        type: "string"
-        example: "172.17.0.4"
-      IPPrefixLen:
-        description: |
-          Mask length of the IPv4 address.
-
-          <p><br /></p>
-
-          > **Deprecated**: This field is only propagated when attached to the
-          > default "bridge" network. Use the information from the "bridge"
-          > network inside the `Networks` map instead, which contains the same
-          > information. This field was deprecated in Docker 1.9 and is scheduled
-          > to be removed in Docker 17.12.0
-        type: "integer"
-        example: 16
-      IPv6Gateway:
-        description: |
-          IPv6 gateway address for this network.
-
-          <p><br /></p>
-
-          > **Deprecated**: This field is only propagated when attached to the
-          > default "bridge" network. Use the information from the "bridge"
-          > network inside the `Networks` map instead, which contains the same
-          > information. This field was deprecated in Docker 1.9 and is scheduled
-          > to be removed in Docker 17.12.0
-        type: "string"
-        example: "2001:db8:2::100"
-      MacAddress:
-        description: |
-          MAC address for the container on the default "bridge" network.
-
-          <p><br /></p>
-
-          > **Deprecated**: This field is only propagated when attached to the
-          > default "bridge" network. Use the information from the "bridge"
-          > network inside the `Networks` map instead, which contains the same
-          > information. This field was deprecated in Docker 1.9 and is scheduled
-          > to be removed in Docker 17.12.0
-        type: "string"
-        example: "02:42:ac:11:00:04"
-      Networks:
-        description: |
-          Information about all networks that the container is connected to.
-        type: "object"
-        additionalProperties:
-          $ref: "#/definitions/EndpointSettings"
-
-  Address:
-    description: Address represents an IPv4 or IPv6 IP address.
-    type: "object"
-    properties:
-      Addr:
-        description: IP address.
-        type: "string"
-      PrefixLen:
-        description: Mask length of the IP address.
-        type: "integer"
-
-  PortMap:
-    description: |
-      PortMap describes the mapping of container ports to host ports, using the
-      container's port-number and protocol as key in the format `<port>/<protocol>`,
-      for example, `80/udp`.
-
-      If a container's port is mapped for multiple protocols, separate entries
-      are added to the mapping table.
-    type: "object"
-    additionalProperties:
-      type: "array"
-      x-nullable: true
-      items:
-        $ref: "#/definitions/PortBinding"
-    example:
-      "443/tcp":
-        - HostIp: "127.0.0.1"
-          HostPort: "4443"
-      "80/tcp":
-        - HostIp: "0.0.0.0"
-          HostPort: "80"
-        - HostIp: "0.0.0.0"
-          HostPort: "8080"
-      "80/udp":
-        - HostIp: "0.0.0.0"
-          HostPort: "80"
-      "53/udp":
-        - HostIp: "0.0.0.0"
-          HostPort: "53"
-      "2377/tcp": null
-
-  PortBinding:
-    description: |
-      PortBinding represents a binding between a host IP address and a host
-      port.
-    type: "object"
-    properties:
-      HostIp:
-        description: "Host IP address that the container's port is mapped to."
-        type: "string"
-        example: "127.0.0.1"
-      HostPort:
-        description: "Host port number that the container's port is mapped to."
-        type: "string"
-        example: "4443"
-
-  DriverData:
-    description: |
-      Information about the storage driver used to store the container's and
-      image's filesystem.
-    type: "object"
-    required: [Name, Data]
-    properties:
-      Name:
-        description: "Name of the storage driver."
-        type: "string"
-        x-nullable: false
-        example: "overlay2"
-      Data:
-        description: |
-          Low-level storage metadata, provided as key/value pairs.
-
-          This information is driver-specific, and depends on the storage-driver
-          in use, and should be used for informational purposes only.
-        type: "object"
-        x-nullable: false
-        additionalProperties:
-          type: "string"
-        example: {
-          "MergedDir": "/var/lib/docker/overlay2/ef749362d13333e65fc95c572eb525abbe0052e16e086cb64bc3b98ae9aa6d74/merged",
-          "UpperDir": "/var/lib/docker/overlay2/ef749362d13333e65fc95c572eb525abbe0052e16e086cb64bc3b98ae9aa6d74/diff",
-          "WorkDir": "/var/lib/docker/overlay2/ef749362d13333e65fc95c572eb525abbe0052e16e086cb64bc3b98ae9aa6d74/work"
-        }
-
-  FilesystemChange:
-    description: |
-      Change in the container's filesystem.
-    type: "object"
-    required: [Path, Kind]
-    properties:
-      Path:
-        description: |
-          Path to file or directory that has changed.
-        type: "string"
-        x-nullable: false
-      Kind:
-        $ref: "#/definitions/ChangeType"
-
-  ChangeType:
-    description: |
-      Kind of change
-
-      Can be one of:
-
-      - `0`: Modified ("C")
-      - `1`: Added ("A")
-      - `2`: Deleted ("D")
-    type: "integer"
-    format: "uint8"
-    enum: [0, 1, 2]
-    x-nullable: false
-
-  ImageInspect:
-    description: |
-      Information about an image in the local image cache.
-    type: "object"
-    properties:
-      Id:
-        description: |
-          ID is the content-addressable ID of an image.
-
-          This identifier is a content-addressable digest calculated from the
-          image's configuration (which includes the digests of layers used by
-          the image).
-
-          Note that this digest differs from the `RepoDigests` below, which
-          holds digests of image manifests that reference the image.
-        type: "string"
-        x-nullable: false
-        example: "sha256:ec3f0931a6e6b6855d76b2d7b0be30e81860baccd891b2e243280bf1cd8ad710"
-      Descriptor:
-        description: |
-          Descriptor is an OCI descriptor of the image target.
-          In case of a multi-platform image, this descriptor points to the OCI index
-          or a manifest list.
-
-          This field is only present if the daemon provides a multi-platform image store.
-
-          WARNING: This is experimental and may change at any time without any backward
-          compatibility.
-        x-nullable: true
-        $ref: "#/definitions/OCIDescriptor"
-      Manifests:
-        description: |
-            Manifests is a list of image manifests available in this image. It
-            provides a more detailed view of the platform-specific image manifests or
-            other image-attached data like build attestations.
-
-            Only available if the daemon provides a multi-platform image store
-            and the `manifests` option is set in the inspect request.
-
-            WARNING: This is experimental and may change at any time without any backward
-            compatibility.
-        type: "array"
-        x-nullable: true
-        items:
-          $ref: "#/definitions/ImageManifestSummary"
-      RepoTags:
-        description: |
-          List of image names/tags in the local image cache that reference this
-          image.
-
-          Multiple image tags can refer to the same image, and this list may be
-          empty if no tags reference the image, in which case the image is
-          "untagged", in which case it can still be referenced by its ID.
-        type: "array"
-        items:
-          type: "string"
-        example:
-          - "example:1.0"
-          - "example:latest"
-          - "example:stable"
-          - "internal.registry.example.com:5000/example:1.0"
-      RepoDigests:
-        description: |
-          List of content-addressable digests of locally available image manifests
-          that the image is referenced from. Multiple manifests can refer to the
-          same image.
-
-          These digests are usually only available if the image was either pulled
-          from a registry, or if the image was pushed to a registry, which is when
-          the manifest is generated and its digest calculated.
-        type: "array"
-        items:
-          type: "string"
-        example:
-          - "example@sha256:afcc7f1ac1b49db317a7196c902e61c6c3c4607d63599ee1a82d702d249a0ccb"
-          - "internal.registry.example.com:5000/example@sha256:b69959407d21e8a062e0416bf13405bb2b71ed7a84dde4158ebafacfa06f5578"
-      Parent:
-        description: |
-          ID of the parent image.
-
-          Depending on how the image was created, this field may be empty and
-          is only set for images that were built/created locally. This field
-          is empty if the image was pulled from an image registry.
-
-          > **Deprecated**: This field is only set when using the deprecated
-          > legacy builder. It is included in API responses for informational
-          > purposes, but should not be depended on as it will be omitted
-          > once the legacy builder is removed.
-        type: "string"
-        x-nullable: false
-        example: ""
-      Comment:
-        description: |
-          Optional message that was set when committing or importing the image.
-        type: "string"
-        x-nullable: false
-        example: ""
-      Created:
-        description: |
-          Date and time at which the image was created, formatted in
-          [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format with nano-seconds.
-
-          This information is only available if present in the image,
-          and omitted otherwise.
-        type: "string"
-        format: "dateTime"
-        x-nullable: true
-        example: "2022-02-04T21:20:12.497794809Z"
-      DockerVersion:
-        description: |
-          The version of Docker that was used to build the image.
-
-          Depending on how the image was created, this field may be empty.
-
-          > **Deprecated**: This field is only set when using the deprecated
-          > legacy builder. It is included in API responses for informational
-          > purposes, but should not be depended on as it will be omitted
-          > once the legacy builder is removed.
-        type: "string"
-        x-nullable: false
-        example: "27.0.1"
-      Author:
-        description: |
-          Name of the author that was specified when committing the image, or as
-          specified through MAINTAINER (deprecated) in the Dockerfile.
-        type: "string"
-        x-nullable: false
-        example: ""
-      Config:
-        $ref: "#/definitions/ImageConfig"
-      Architecture:
-        description: |
-          Hardware CPU architecture that the image runs on.
-        type: "string"
-        x-nullable: false
-        example: "arm"
-      Variant:
-        description: |
-          CPU architecture variant (presently ARM-only).
-        type: "string"
-        x-nullable: true
-        example: "v7"
-      Os:
-        description: |
-          Operating System the image is built to run on.
-        type: "string"
-        x-nullable: false
-        example: "linux"
-      OsVersion:
-        description: |
-          Operating System version the image is built to run on (especially
-          for Windows).
-        type: "string"
-        example: ""
-        x-nullable: true
-      Size:
-        description: |
-          Total size of the image including all layers it is composed of.
-        type: "integer"
-        format: "int64"
-        x-nullable: false
-        example: 1239828
-      GraphDriver:
-        $ref: "#/definitions/DriverData"
-      RootFS:
-        description: |
-          Information about the image's RootFS, including the layer IDs.
-        type: "object"
-        required: [Type]
-        properties:
-          Type:
-            type: "string"
-            x-nullable: false
-            example: "layers"
-          Layers:
-            type: "array"
-            items:
-              type: "string"
-            example:
-              - "sha256:1834950e52ce4d5a88a1bbd131c537f4d0e56d10ff0dd69e66be3b7dfa9df7e6"
-              - "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef"
-      Metadata:
-        description: |
-          Additional metadata of the image in the local cache. This information
-          is local to the daemon, and not part of the image itself.
-        type: "object"
-        properties:
-          LastTagTime:
-            description: |
-              Date and time at which the image was last tagged in
-              [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format with nano-seconds.
-
-              This information is only available if the image was tagged locally,
-              and omitted otherwise.
-            type: "string"
-            format: "dateTime"
-            example: "2022-02-28T14:40:02.623929178Z"
-            x-nullable: true
-
-  ImageSummary:
-    type: "object"
-    x-go-name: "Summary"
-    required:
-      - Id
-      - ParentId
-      - RepoTags
-      - RepoDigests
-      - Created
-      - Size
-      - SharedSize
-      - Labels
-      - Containers
-    properties:
-      Id:
-        description: |
-          ID is the content-addressable ID of an image.
-
-          This identifier is a content-addressable digest calculated from the
-          image's configuration (which includes the digests of layers used by
-          the image).
-
-          Note that this digest differs from the `RepoDigests` below, which
-          holds digests of image manifests that reference the image.
-        type: "string"
-        x-nullable: false
-        example: "sha256:ec3f0931a6e6b6855d76b2d7b0be30e81860baccd891b2e243280bf1cd8ad710"
-      ParentId:
-        description: |
-          ID of the parent image.
-
-          Depending on how the image was created, this field may be empty and
-          is only set for images that were built/created locally. This field
-          is empty if the image was pulled from an image registry.
-        type: "string"
-        x-nullable: false
-        example: ""
-      RepoTags:
-        description: |
-          List of image names/tags in the local image cache that reference this
-          image.
-
-          Multiple image tags can refer to the same image, and this list may be
-          empty if no tags reference the image, in which case the image is
-          "untagged", in which case it can still be referenced by its ID.
-        type: "array"
-        x-nullable: false
-        items:
-          type: "string"
-        example:
-          - "example:1.0"
-          - "example:latest"
-          - "example:stable"
-          - "internal.registry.example.com:5000/example:1.0"
-      RepoDigests:
-        description: |
-          List of content-addressable digests of locally available image manifests
-          that the image is referenced from. Multiple manifests can refer to the
-          same image.
-
-          These digests are usually only available if the image was either pulled
-          from a registry, or if the image was pushed to a registry, which is when
-          the manifest is generated and its digest calculated.
-        type: "array"
-        x-nullable: false
-        items:
-          type: "string"
-        example:
-          - "example@sha256:afcc7f1ac1b49db317a7196c902e61c6c3c4607d63599ee1a82d702d249a0ccb"
-          - "internal.registry.example.com:5000/example@sha256:b69959407d21e8a062e0416bf13405bb2b71ed7a84dde4158ebafacfa06f5578"
-      Created:
-        description: |
-          Date and time at which the image was created as a Unix timestamp
-          (number of seconds since EPOCH).
-        type: "integer"
-        x-nullable: false
-        example: "1644009612"
-      Size:
-        description: |
-          Total size of the image including all layers it is composed of.
-        type: "integer"
-        format: "int64"
-        x-nullable: false
-        example: 172064416
-      SharedSize:
-        description: |
-          Total size of image layers that are shared between this image and other
-          images.
-
-          This size is not calculated by default. `-1` indicates that the value
-          has not been set / calculated.
-        type: "integer"
-        format: "int64"
-        x-nullable: false
-        example: 1239828
-      Labels:
-        description: "User-defined key/value metadata."
-        type: "object"
-        x-nullable: false
-        additionalProperties:
-          type: "string"
-        example:
-          com.example.some-label: "some-value"
-          com.example.some-other-label: "some-other-value"
-      Containers:
-        description: |
-          Number of containers using this image. Includes both stopped and running
-          containers.
-
-          `-1` indicates that the value has not been set / calculated.
-        x-nullable: false
-        type: "integer"
-        example: 2
-      Manifests:
-        description: |
-          Manifests is a list of manifests available in this image.
-          It provides a more detailed view of the platform-specific image manifests
-          or other image-attached data like build attestations.
-
-          WARNING: This is experimental and may change at any time without any backward
-          compatibility.
-        type: "array"
-        x-nullable: false
-        x-omitempty: true
-        items:
-          $ref: "#/definitions/ImageManifestSummary"
-      Descriptor:
-        description: |
-          Descriptor is an OCI descriptor of the image target.
-          In case of a multi-platform image, this descriptor points to the OCI index
-          or a manifest list.
-
-          This field is only present if the daemon provides a multi-platform image store.
-
-          WARNING: This is experimental and may change at any time without any backward
-          compatibility.
-        x-nullable: true
-        $ref: "#/definitions/OCIDescriptor"
-
-  AuthConfig:
-    type: "object"
-    properties:
-      username:
-        type: "string"
-      password:
-        type: "string"
-      email:
-        description: |
-          Email is an optional value associated with the username.
-
-          > **Deprecated**: This field is deprecated since docker 1.11 (API v1.23) and will be removed in a future release.
-        type: "string"
-      serveraddress:
-        type: "string"
-    example:
-      username: "hannibal"
-      password: "xxxx"
-      serveraddress: "https://index.docker.io/v1/"
-
-  ProcessConfig:
-    type: "object"
-    properties:
-      privileged:
-        type: "boolean"
-      user:
-        type: "string"
-      tty:
-        type: "boolean"
-      entrypoint:
-        type: "string"
-      arguments:
-        type: "array"
-        items:
-          type: "string"
-
-  Volume:
-    type: "object"
-    required: [Name, Driver, Mountpoint, Labels, Scope, Options]
-    properties:
-      Name:
-        type: "string"
-        description: "Name of the volume."
-        x-nullable: false
-        example: "tardis"
-      Driver:
-        type: "string"
-        description: "Name of the volume driver used by the volume."
-        x-nullable: false
-        example: "custom"
-      Mountpoint:
-        type: "string"
-        description: "Mount path of the volume on the host."
-        x-nullable: false
-        example: "/var/lib/docker/volumes/tardis"
-      CreatedAt:
-        type: "string"
-        format: "dateTime"
-        description: "Date/Time the volume was created."
-        example: "2016-06-07T20:31:11.853781916Z"
-      Status:
-        type: "object"
-        description: |
-          Low-level details about the volume, provided by the volume driver.
-          Details are returned as a map with key/value pairs:
-          `{"key":"value","key2":"value2"}`.
-
-          The `Status` field is optional, and is omitted if the volume driver
-          does not support this feature.
-        additionalProperties:
-          type: "object"
-        example:
-          hello: "world"
-      Labels:
-        type: "object"
-        description: "User-defined key/value metadata."
-        x-nullable: false
-        additionalProperties:
-          type: "string"
-        example:
-          com.example.some-label: "some-value"
-          com.example.some-other-label: "some-other-value"
-      Scope:
-        type: "string"
-        description: |
-          The level at which the volume exists. Either `global` for cluster-wide,
-          or `local` for machine level.
-        default: "local"
-        x-nullable: false
-        enum: ["local", "global"]
-        example: "local"
-      ClusterVolume:
-        $ref: "#/definitions/ClusterVolume"
-      Options:
-        type: "object"
-        description: |
-          The driver specific options used when creating the volume.
-        additionalProperties:
-          type: "string"
-        example:
-          device: "tmpfs"
-          o: "size=100m,uid=1000"
-          type: "tmpfs"
-      UsageData:
-        type: "object"
-        x-nullable: true
-        x-go-name: "UsageData"
-        required: [Size, RefCount]
-        description: |
-          Usage details about the volume. This information is used by the
-          `GET /system/df` endpoint, and omitted in other endpoints.
-        properties:
-          Size:
-            type: "integer"
-            format: "int64"
-            default: -1
-            description: |
-              Amount of disk space used by the volume (in bytes). This information
-              is only available for volumes created with the `"local"` volume
-              driver. For volumes created with other volume drivers, this field
-              is set to `-1` ("not available")
-            x-nullable: false
-          RefCount:
-            type: "integer"
-            format: "int64"
-            default: -1
-            description: |
-              The number of containers referencing this volume. This field
-              is set to `-1` if the reference-count is not available.
-            x-nullable: false
-
-  VolumeCreateOptions:
-    description: "Volume configuration"
-    type: "object"
-    title: "VolumeConfig"
-    x-go-name: "CreateOptions"
-    properties:
-      Name:
-        description: |
-          The new volume's name. If not specified, Docker generates a name.
-        type: "string"
-        x-nullable: false
-        example: "tardis"
-      Driver:
-        description: "Name of the volume driver to use."
-        type: "string"
-        default: "local"
-        x-nullable: false
-        example: "custom"
-      DriverOpts:
-        description: |
-          A mapping of driver options and values. These options are
-          passed directly to the driver and are driver specific.
-        type: "object"
-        additionalProperties:
-          type: "string"
-        example:
-          device: "tmpfs"
-          o: "size=100m,uid=1000"
-          type: "tmpfs"
-      Labels:
-        description: "User-defined key/value metadata."
-        type: "object"
-        additionalProperties:
-          type: "string"
-        example:
-          com.example.some-label: "some-value"
-          com.example.some-other-label: "some-other-value"
-      ClusterVolumeSpec:
-        $ref: "#/definitions/ClusterVolumeSpec"
-
-  VolumeListResponse:
-    type: "object"
-    title: "VolumeListResponse"
-    x-go-name: "ListResponse"
-    description: "Volume list response"
-    properties:
-      Volumes:
-        type: "array"
-        description: "List of volumes"
-        items:
-          $ref: "#/definitions/Volume"
-      Warnings:
-        type: "array"
-        description: |
-          Warnings that occurred when fetching the list of volumes.
-        items:
-          type: "string"
-        example: []
-
-  Network:
-    type: "object"
-    properties:
-      Name:
-        description: |
-          Name of the network.
-        type: "string"
-        example: "my_network"
-      Id:
-        description: |
-          ID that uniquely identifies a network on a single machine.
-        type: "string"
-        example: "7d86d31b1478e7cca9ebed7e73aa0fdeec46c5ca29497431d3007d2d9e15ed99"
-      Created:
-        description: |
-          Date and time at which the network was created in
-          [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format with nano-seconds.
-        type: "string"
-        format: "dateTime"
-        example: "2016-10-19T04:33:30.360899459Z"
-      Scope:
-        description: |
-          The level at which the network exists (e.g. `swarm` for cluster-wide
-          or `local` for machine level)
-        type: "string"
-        example: "local"
-      Driver:
-        description: |
-          The name of the driver used to create the network (e.g. `bridge`,
-          `overlay`).
-        type: "string"
-        example: "overlay"
-      EnableIPv4:
-        description: |
-          Whether the network was created with IPv4 enabled.
-        type: "boolean"
-        example: true
-      EnableIPv6:
-        description: |
-          Whether the network was created with IPv6 enabled.
-        type: "boolean"
-        example: false
-      IPAM:
-        $ref: "#/definitions/IPAM"
-      Internal:
-        description: |
-          Whether the network is created to only allow internal networking
-          connectivity.
-        type: "boolean"
-        default: false
-        example: false
-      Attachable:
-        description: |
-          Whether a global / swarm scope network is manually attachable by regular
-          containers from workers in swarm mode.
-        type: "boolean"
-        default: false
-        example: false
-      Ingress:
-        description: |
-          Whether the network is providing the routing-mesh for the swarm cluster.
-        type: "boolean"
-        default: false
-        example: false
-      ConfigFrom:
-        $ref: "#/definitions/ConfigReference"
-      ConfigOnly:
-        description: |
-          Whether the network is a config-only network. Config-only networks are
-          placeholder networks for network configurations to be used by other
-          networks. Config-only networks cannot be used directly to run containers
-          or services.
-        type: "boolean"
-        default: false
-      Containers:
-        description: |
-          Contains endpoints attached to the network.
-        type: "object"
-        additionalProperties:
-          $ref: "#/definitions/NetworkContainer"
-        example:
-          19a4d5d687db25203351ed79d478946f861258f018fe384f229f2efa4b23513c:
-            Name: "test"
-            EndpointID: "628cadb8bcb92de107b2a1e516cbffe463e321f548feb37697cce00ad694f21a"
-            MacAddress: "02:42:ac:13:00:02"
-            IPv4Address: "172.19.0.2/16"
-            IPv6Address: ""
-      Options:
-        description: |
-          Network-specific options uses when creating the network.
-        type: "object"
-        additionalProperties:
-          type: "string"
-        example:
-          com.docker.network.bridge.default_bridge: "true"
-          com.docker.network.bridge.enable_icc: "true"
-          com.docker.network.bridge.enable_ip_masquerade: "true"
-          com.docker.network.bridge.host_binding_ipv4: "0.0.0.0"
-          com.docker.network.bridge.name: "docker0"
-          com.docker.network.driver.mtu: "1500"
-      Labels:
-        description: "User-defined key/value metadata."
-        type: "object"
-        additionalProperties:
-          type: "string"
-        example:
-          com.example.some-label: "some-value"
-          com.example.some-other-label: "some-other-value"
-      Peers:
-        description: |
-          List of peer nodes for an overlay network. This field is only present
-          for overlay networks, and omitted for other network types.
-        type: "array"
-        items:
-          $ref: "#/definitions/PeerInfo"
-        x-nullable: true
-      # TODO: Add Services (only present when "verbose" is set).
-
-  ConfigReference:
-    description: |
-      The config-only network source to provide the configuration for
-      this network.
-    type: "object"
-    properties:
-      Network:
-        description: |
-          The name of the config-only network that provides the network's
-          configuration. The specified network must be an existing config-only
-          network. Only network names are allowed, not network IDs.
-        type: "string"
-        example: "config_only_network_01"
-
-  IPAM:
-    type: "object"
-    properties:
-      Driver:
-        description: "Name of the IPAM driver to use."
-        type: "string"
-        default: "default"
-        example: "default"
-      Config:
-        description: |
-          List of IPAM configuration options, specified as a map:
-
-          ```
-          {"Subnet": <CIDR>, "IPRange": <CIDR>, "Gateway": <IP address>, "AuxAddress": <device_name:IP address>}
-          ```
-        type: "array"
-        items:
-          $ref: "#/definitions/IPAMConfig"
-      Options:
-        description: "Driver-specific options, specified as a map."
-        type: "object"
-        additionalProperties:
-          type: "string"
-        example:
-          foo: "bar"
-
-  IPAMConfig:
-    type: "object"
-    properties:
-      Subnet:
-        type: "string"
-        example: "172.20.0.0/16"
-      IPRange:
-        type: "string"
-        example: "172.20.10.0/24"
-      Gateway:
-        type: "string"
-        example: "172.20.10.11"
-      AuxiliaryAddresses:
-        type: "object"
-        additionalProperties:
-          type: "string"
-
-  NetworkContainer:
-    type: "object"
-    properties:
-      Name:
-        type: "string"
-        example: "container_1"
-      EndpointID:
-        type: "string"
-        example: "628cadb8bcb92de107b2a1e516cbffe463e321f548feb37697cce00ad694f21a"
-      MacAddress:
-        type: "string"
-        example: "02:42:ac:13:00:02"
-      IPv4Address:
-        type: "string"
-        example: "172.19.0.2/16"
-      IPv6Address:
-        type: "string"
-        example: ""
-
-  PeerInfo:
-    description: |
-      PeerInfo represents one peer of an overlay network.
-    type: "object"
-    properties:
-      Name:
-        description:
-          ID of the peer-node in the Swarm cluster.
-        type: "string"
-        example: "6869d7c1732b"
-      IP:
-        description:
-          IP-address of the peer-node in the Swarm cluster.
-        type: "string"
-        example: "10.133.77.91"
-
-  NetworkCreateResponse:
-    description: "OK response to NetworkCreate operation"
-    type: "object"
-    title: "NetworkCreateResponse"
-    x-go-name: "CreateResponse"
-    required: [Id, Warning]
-    properties:
-      Id:
-        description: "The ID of the created network."
-        type: "string"
-        x-nullable: false
-        example: "b5c4fc71e8022147cd25de22b22173de4e3b170134117172eb595cb91b4e7e5d"
-      Warning:
-        description: "Warnings encountered when creating the container"
-        type: "string"
-        x-nullable: false
-        example: ""
-
-  BuildInfo:
-    type: "object"
-    properties:
-      id:
-        type: "string"
-      stream:
-        type: "string"
-      error:
-        type: "string"
-        x-nullable: true
-        description: |-
-          errors encountered during the operation.
-
-
-          > **Deprecated**: This field is deprecated since API v1.4, and will be omitted in a future API version. Use the information in errorDetail instead.
-      errorDetail:
-        $ref: "#/definitions/ErrorDetail"
-      status:
-        type: "string"
-      progress:
-        type: "string"
-        x-nullable: true
-        description: |-
-          Progress is a pre-formatted presentation of progressDetail.
-
-
-          > **Deprecated**: This field is deprecated since API v1.8, and will be omitted in a future API version. Use the information in progressDetail instead.
-      progressDetail:
-        $ref: "#/definitions/ProgressDetail"
-      aux:
-        $ref: "#/definitions/ImageID"
-
-  BuildCache:
-    type: "object"
-    description: |
-      BuildCache contains information about a build cache record.
-    properties:
-      ID:
-        type: "string"
-        description: |
-          Unique ID of the build cache record.
-        example: "ndlpt0hhvkqcdfkputsk4cq9c"
-      Parents:
-        description: |
-          List of parent build cache record IDs.
-        type: "array"
-        items:
-          type: "string"
-        x-nullable: true
-        example: ["hw53o5aio51xtltp5xjp8v7fx"]
-      Type:
-        type: "string"
-        description: |
-          Cache record type.
-        example: "regular"
-        # see https://github.com/moby/buildkit/blob/fce4a32258dc9d9664f71a4831d5de10f0670677/client/diskusage.go#L75-L84
-        enum:
-          - "internal"
-          - "frontend"
-          - "source.local"
-          - "source.git.checkout"
-          - "exec.cachemount"
-          - "regular"
-      Description:
-        type: "string"
-        description: |
-          Description of the build-step that produced the build cache.
-        example: "mount / from exec /bin/sh -c echo 'Binary::apt::APT::Keep-Downloaded-Packages \"true\";' > /etc/apt/apt.conf.d/keep-cache"
-      InUse:
-        type: "boolean"
-        description: |
-          Indicates if the build cache is in use.
-        example: false
-      Shared:
-        type: "boolean"
-        description: |
-          Indicates if the build cache is shared.
-        example: true
-      Size:
-        description: |
-          Amount of disk space used by the build cache (in bytes).
-        type: "integer"
-        example: 51
-      CreatedAt:
-        description: |
-          Date and time at which the build cache was created in
-          [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format with nano-seconds.
-        type: "string"
-        format: "dateTime"
-        example: "2016-08-18T10:44:24.496525531Z"
-      LastUsedAt:
-        description: |
-          Date and time at which the build cache was last used in
-          [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format with nano-seconds.
-        type: "string"
-        format: "dateTime"
-        x-nullable: true
-        example: "2017-08-09T07:09:37.632105588Z"
-      UsageCount:
-        type: "integer"
-        example: 26
-
-  ImageID:
-    type: "object"
-    description: "Image ID or Digest"
-    properties:
-      ID:
-        type: "string"
-    example:
-      ID: "sha256:85f05633ddc1c50679be2b16a0479ab6f7637f8884e0cfe0f4d20e1ebb3d6e7c"
-
-  CreateImageInfo:
-    type: "object"
-    properties:
-      id:
-        type: "string"
-      error:
-        type: "string"
-        x-nullable: true
-        description: |-
-          errors encountered during the operation.
-
-
-          > **Deprecated**: This field is deprecated since API v1.4, and will be omitted in a future API version. Use the information in errorDetail instead.
-      errorDetail:
-        $ref: "#/definitions/ErrorDetail"
-      status:
-        type: "string"
-      progress:
-        type: "string"
-        x-nullable: true
-        description: |-
-          Progress is a pre-formatted presentation of progressDetail.
-
-
-          > **Deprecated**: This field is deprecated since API v1.8, and will be omitted in a future API version. Use the information in progressDetail instead.
-      progressDetail:
-        $ref: "#/definitions/ProgressDetail"
-
-  PushImageInfo:
-    type: "object"
-    properties:
-      error:
-        type: "string"
-        x-nullable: true
-        description: |-
-          errors encountered during the operation.
-
-
-          > **Deprecated**: This field is deprecated since API v1.4, and will be omitted in a future API version. Use the information in errorDetail instead.
-      errorDetail:
-        $ref: "#/definitions/ErrorDetail"
-      status:
-        type: "string"
-      progress:
-        type: "string"
-        x-nullable: true
-        description: |-
-          Progress is a pre-formatted presentation of progressDetail.
-
-
-          > **Deprecated**: This field is deprecated since API v1.8, and will be omitted in a future API version. Use the information in progressDetail instead.
-      progressDetail:
-        $ref: "#/definitions/ProgressDetail"
-
-  DeviceInfo:
-    type: "object"
-    description: |
-      DeviceInfo represents a device that can be used by a container.
-    properties:
-      Source:
-        type: "string"
-        example: "cdi"
-        description: |
-          The origin device driver.
-      ID:
-        type: "string"
-        example: "vendor.com/gpu=0"
-        description: |
-          The unique identifier for the device within its source driver.
-          For CDI devices, this would be an FQDN like "vendor.com/gpu=0".
-
-  ErrorDetail:
-    type: "object"
-    properties:
-      code:
-        type: "integer"
-      message:
-        type: "string"
-
-  ProgressDetail:
-    type: "object"
-    properties:
-      current:
-        type: "integer"
-      total:
-        type: "integer"
-
-  ErrorResponse:
-    description: "Represents an error."
-    type: "object"
-    required: ["message"]
-    properties:
-      message:
-        description: "The error message."
-        type: "string"
-        x-nullable: false
-    example:
-      message: "Something went wrong."
-
-  IDResponse:
-    description: "Response to an API call that returns just an Id"
-    type: "object"
-    x-go-name: "IDResponse"
-    required: ["Id"]
-    properties:
-      Id:
-        description: "The id of the newly created object."
-        type: "string"
-        x-nullable: false
-
-  EndpointSettings:
-    description: "Configuration for a network endpoint."
-    type: "object"
-    properties:
-      # Configurations
-      IPAMConfig:
-        $ref: "#/definitions/EndpointIPAMConfig"
-      Links:
-        type: "array"
-        items:
-          type: "string"
-        example:
-          - "container_1"
-          - "container_2"
-      MacAddress:
-        description: |
-          MAC address for the endpoint on this network. The network driver might ignore this parameter.
-        type: "string"
-        example: "02:42:ac:11:00:04"
-      Aliases:
-        type: "array"
-        items:
-          type: "string"
-        example:
-          - "server_x"
-          - "server_y"
-      DriverOpts:
-        description: |
-          DriverOpts is a mapping of driver options and values. These options
-          are passed directly to the driver and are driver specific.
-        type: "object"
-        x-nullable: true
-        additionalProperties:
-          type: "string"
-        example:
-          com.example.some-label: "some-value"
-          com.example.some-other-label: "some-other-value"
-      GwPriority:
-        description: |
-          This property determines which endpoint will provide the default
-          gateway for a container. The endpoint with the highest priority will
-          be used. If multiple endpoints have the same priority, endpoints are
-          lexicographically sorted based on their network name, and the one
-          that sorts first is picked.
-        type: "integer"
-        format: "int64"
-        example:
-          - 10
-
-      # Operational data
-      NetworkID:
-        description: |
-          Unique ID of the network.
-        type: "string"
-        example: "08754567f1f40222263eab4102e1c733ae697e8e354aa9cd6e18d7402835292a"
-      EndpointID:
-        description: |
-          Unique ID for the service endpoint in a Sandbox.
-        type: "string"
-        example: "b88f5b905aabf2893f3cbc4ee42d1ea7980bbc0a92e2c8922b1e1795298afb0b"
-      Gateway:
-        description: |
-          Gateway address for this network.
-        type: "string"
-        example: "172.17.0.1"
-      IPAddress:
-        description: |
-          IPv4 address.
-        type: "string"
-        example: "172.17.0.4"
-      IPPrefixLen:
-        description: |
-          Mask length of the IPv4 address.
-        type: "integer"
-        example: 16
-      IPv6Gateway:
-        description: |
-          IPv6 gateway address.
-        type: "string"
-        example: "2001:db8:2::100"
-      GlobalIPv6Address:
-        description: |
-          Global IPv6 address.
-        type: "string"
-        example: "2001:db8::5689"
-      GlobalIPv6PrefixLen:
-        description: |
-          Mask length of the global IPv6 address.
-        type: "integer"
-        format: "int64"
-        example: 64
-      DNSNames:
-        description: |
-          List of all DNS names an endpoint has on a specific network. This
-          list is based on the container name, network aliases, container short
-          ID, and hostname.
-
-          These DNS names are non-fully qualified but can contain several dots.
-          You can get fully qualified DNS names by appending `.<network-name>`.
-          For instance, if container name is `my.ctr` and the network is named
-          `testnet`, `DNSNames` will contain `my.ctr` and the FQDN will be
-          `my.ctr.testnet`.
-        type: array
-        items:
-          type: string
-        example: ["foobar", "server_x", "server_y", "my.ctr"]
-
-  EndpointIPAMConfig:
-    description: |
-      EndpointIPAMConfig represents an endpoint's IPAM configuration.
-    type: "object"
-    x-nullable: true
-    properties:
-      IPv4Address:
-        type: "string"
-        example: "172.20.30.33"
-      IPv6Address:
-        type: "string"
-        example: "2001:db8:abcd::3033"
-      LinkLocalIPs:
-        type: "array"
-        items:
-          type: "string"
-        example:
-          - "169.254.34.68"
-          - "fe80::3468"
-
-  PluginMount:
-    type: "object"
-    x-nullable: false
-    required: [Name, Description, Settable, Source, Destination, Type, Options]
-    properties:
-      Name:
-        type: "string"
-        x-nullable: false
-        example: "some-mount"
-      Description:
-        type: "string"
-        x-nullable: false
-        example: "This is a mount that's used by the plugin."
-      Settable:
-        type: "array"
-        items:
-          type: "string"
-      Source:
-        type: "string"
-        example: "/var/lib/docker/plugins/"
-      Destination:
-        type: "string"
-        x-nullable: false
-        example: "/mnt/state"
-      Type:
-        type: "string"
-        x-nullable: false
-        example: "bind"
-      Options:
-        type: "array"
-        items:
-          type: "string"
-        example:
-          - "rbind"
-          - "rw"
-
-  PluginDevice:
-    type: "object"
-    required: [Name, Description, Settable, Path]
-    x-nullable: false
-    properties:
-      Name:
-        type: "string"
-        x-nullable: false
-      Description:
-        type: "string"
-        x-nullable: false
-      Settable:
-        type: "array"
-        items:
-          type: "string"
-      Path:
-        type: "string"
-        example: "/dev/fuse"
-
-  PluginEnv:
-    type: "object"
-    x-nullable: false
-    required: [Name, Description, Settable, Value]
-    properties:
-      Name:
-        x-nullable: false
-        type: "string"
-      Description:
-        x-nullable: false
-        type: "string"
-      Settable:
-        type: "array"
-        items:
-          type: "string"
-      Value:
-        type: "string"
-
-  PluginInterfaceType:
-    type: "object"
-    x-nullable: false
-    required: [Prefix, Capability, Version]
-    properties:
-      Prefix:
-        type: "string"
-        x-nullable: false
-      Capability:
-        type: "string"
-        x-nullable: false
-      Version:
-        type: "string"
-        x-nullable: false
-
-  PluginPrivilege:
-    description: |
-      Describes a permission the user has to accept upon installing
-      the plugin.
-    type: "object"
-    x-go-name: "PluginPrivilege"
-    properties:
-      Name:
-        type: "string"
-        example: "network"
-      Description:
-        type: "string"
-      Value:
-        type: "array"
-        items:
-          type: "string"
-        example:
-          - "host"
-
-  Plugin:
-    description: "A plugin for the Engine API"
-    type: "object"
-    required: [Settings, Enabled, Config, Name]
-    properties:
-      Id:
-        type: "string"
-        example: "5724e2c8652da337ab2eedd19fc6fc0ec908e4bd907c7421bf6a8dfc70c4c078"
-      Name:
-        type: "string"
-        x-nullable: false
-        example: "tiborvass/sample-volume-plugin"
-      Enabled:
-        description:
-          True if the plugin is running. False if the plugin is not running,
-          only installed.
-        type: "boolean"
-        x-nullable: false
-        example: true
-      Settings:
-        description: "Settings that can be modified by users."
-        type: "object"
-        x-nullable: false
-        required: [Args, Devices, Env, Mounts]
-        properties:
-          Mounts:
-            type: "array"
-            items:
-              $ref: "#/definitions/PluginMount"
-          Env:
-            type: "array"
-            items:
-              type: "string"
-            example:
-              - "DEBUG=0"
-          Args:
-            type: "array"
-            items:
-              type: "string"
-          Devices:
-            type: "array"
-            items:
-              $ref: "#/definitions/PluginDevice"
-      PluginReference:
-        description: "plugin remote reference used to push/pull the plugin"
-        type: "string"
-        x-nullable: false
-        example: "localhost:5000/tiborvass/sample-volume-plugin:latest"
-      Config:
-        description: "The config of a plugin."
-        type: "object"
-        x-nullable: false
-        required:
-          - Description
-          - Documentation
-          - Interface
-          - Entrypoint
-          - WorkDir
-          - Network
-          - Linux
-          - PidHost
-          - PropagatedMount
-          - IpcHost
-          - Mounts
-          - Env
-          - Args
-        properties:
-          DockerVersion:
-            description: |-
-              Docker Version used to create the plugin.
-
-              Depending on how the plugin was created, this field may be empty or omitted.
-
-              Deprecated: this field is no longer set, and will be removed in the next API version.
-            type: "string"
-            x-nullable: false
-            x-omitempty: true
-          Description:
-            type: "string"
-            x-nullable: false
-            example: "A sample volume plugin for Docker"
-          Documentation:
-            type: "string"
-            x-nullable: false
-            example: "https://docs.docker.com/engine/extend/plugins/"
-          Interface:
-            description: "The interface between Docker and the plugin"
-            x-nullable: false
-            type: "object"
-            required: [Types, Socket]
-            properties:
-              Types:
-                type: "array"
-                items:
-                  $ref: "#/definitions/PluginInterfaceType"
-                example:
-                  - "docker.volumedriver/1.0"
-              Socket:
-                type: "string"
-                x-nullable: false
-                example: "plugins.sock"
-              ProtocolScheme:
-                type: "string"
-                example: "some.protocol/v1.0"
-                description: "Protocol to use for clients connecting to the plugin."
-                enum:
-                  - ""
-                  - "moby.plugins.http/v1"
-          Entrypoint:
-            type: "array"
-            items:
-              type: "string"
-            example:
-              - "/usr/bin/sample-volume-plugin"
-              - "/data"
-          WorkDir:
-            type: "string"
-            x-nullable: false
-            example: "/bin/"
-          User:
-            type: "object"
-            x-nullable: false
-            properties:
-              UID:
-                type: "integer"
-                format: "uint32"
-                example: 1000
-              GID:
-                type: "integer"
-                format: "uint32"
-                example: 1000
-          Network:
-            type: "object"
-            x-nullable: false
-            required: [Type]
-            properties:
-              Type:
-                x-nullable: false
-                type: "string"
-                example: "host"
-          Linux:
-            type: "object"
-            x-nullable: false
-            required: [Capabilities, AllowAllDevices, Devices]
-            properties:
-              Capabilities:
-                type: "array"
-                items:
-                  type: "string"
-                example:
-                  - "CAP_SYS_ADMIN"
-                  - "CAP_SYSLOG"
-              AllowAllDevices:
-                type: "boolean"
-                x-nullable: false
-                example: false
-              Devices:
-                type: "array"
-                items:
-                  $ref: "#/definitions/PluginDevice"
-          PropagatedMount:
-            type: "string"
-            x-nullable: false
-            example: "/mnt/volumes"
-          IpcHost:
-            type: "boolean"
-            x-nullable: false
-            example: false
-          PidHost:
-            type: "boolean"
-            x-nullable: false
-            example: false
-          Mounts:
-            type: "array"
-            items:
-              $ref: "#/definitions/PluginMount"
-          Env:
-            type: "array"
-            items:
-              $ref: "#/definitions/PluginEnv"
-            example:
-              - Name: "DEBUG"
-                Description: "If set, prints debug messages"
-                Settable: null
-                Value: "0"
-          Args:
-            type: "object"
-            x-nullable: false
-            required: [Name, Description, Settable, Value]
-            properties:
-              Name:
-                x-nullable: false
-                type: "string"
-                example: "args"
-              Description:
-                x-nullable: false
-                type: "string"
-                example: "command line arguments"
-              Settable:
-                type: "array"
-                items:
-                  type: "string"
-              Value:
-                type: "array"
-                items:
-                  type: "string"
-          rootfs:
-            type: "object"
-            properties:
-              type:
-                type: "string"
-                example: "layers"
-              diff_ids:
-                type: "array"
-                items:
-                  type: "string"
-                example:
-                  - "sha256:675532206fbf3030b8458f88d6e26d4eb1577688a25efec97154c94e8b6b4887"
-                  - "sha256:e216a057b1cb1efc11f8a268f37ef62083e70b1b38323ba252e25ac88904a7e8"
-
-  ObjectVersion:
-    description: |
-      The version number of the object such as node, service, etc. This is needed
-      to avoid conflicting writes. The client must send the version number along
-      with the modified specification when updating these objects.
-
-      This approach ensures safe concurrency and determinism in that the change
-      on the object may not be applied if the version number has changed from the
-      last read. In other words, if two update requests specify the same base
-      version, only one of the requests can succeed. As a result, two separate
-      update requests that happen at the same time will not unintentionally
-      overwrite each other.
-    type: "object"
-    properties:
-      Index:
-        type: "integer"
-        format: "uint64"
-        example: 373531
-
-  NodeSpec:
-    type: "object"
-    properties:
-      Name:
-        description: "Name for the node."
-        type: "string"
-        example: "my-node"
-      Labels:
-        description: "User-defined key/value metadata."
-        type: "object"
-        additionalProperties:
-          type: "string"
-      Role:
-        description: "Role of the node."
-        type: "string"
-        enum:
-          - "worker"
-          - "manager"
-        example: "manager"
-      Availability:
-        description: "Availability of the node."
-        type: "string"
-        enum:
-          - "active"
-          - "pause"
-          - "drain"
-        example: "active"
-    example:
-      Availability: "active"
-      Name: "node-name"
-      Role: "manager"
-      Labels:
-        foo: "bar"
-
-  Node:
-    type: "object"
-    properties:
-      ID:
-        type: "string"
-        example: "24ifsmvkjbyhk"
-      Version:
-        $ref: "#/definitions/ObjectVersion"
-      CreatedAt:
-        description: |
-          Date and time at which the node was added to the swarm in
-          [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format with nano-seconds.
-        type: "string"
-        format: "dateTime"
-        example: "2016-08-18T10:44:24.496525531Z"
-      UpdatedAt:
-        description: |
-          Date and time at which the node was last updated in
-          [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format with nano-seconds.
-        type: "string"
-        format: "dateTime"
-        example: "2017-08-09T07:09:37.632105588Z"
-      Spec:
-        $ref: "#/definitions/NodeSpec"
-      Description:
-        $ref: "#/definitions/NodeDescription"
-      Status:
-        $ref: "#/definitions/NodeStatus"
-      ManagerStatus:
-        $ref: "#/definitions/ManagerStatus"
-
-  NodeDescription:
-    description: |
-      NodeDescription encapsulates the properties of the Node as reported by the
-      agent.
-    type: "object"
-    properties:
-      Hostname:
-        type: "string"
-        example: "bf3067039e47"
-      Platform:
-        $ref: "#/definitions/Platform"
-      Resources:
-        $ref: "#/definitions/ResourceObject"
-      Engine:
-        $ref: "#/definitions/EngineDescription"
-      TLSInfo:
-        $ref: "#/definitions/TLSInfo"
-
-  Platform:
-    description: |
-      Platform represents the platform (Arch/OS).
-    type: "object"
-    properties:
-      Architecture:
-        description: |
-          Architecture represents the hardware architecture (for example,
-          `x86_64`).
-        type: "string"
-        example: "x86_64"
-      OS:
-        description: |
-          OS represents the Operating System (for example, `linux` or `windows`).
-        type: "string"
-        example: "linux"
-
-  EngineDescription:
-    description: "EngineDescription provides information about an engine."
-    type: "object"
-    properties:
-      EngineVersion:
-        type: "string"
-        example: "17.06.0"
-      Labels:
-        type: "object"
-        additionalProperties:
-          type: "string"
-        example:
-          foo: "bar"
-      Plugins:
-        type: "array"
-        items:
-          type: "object"
-          properties:
-            Type:
-              type: "string"
-            Name:
-              type: "string"
-        example:
-          - Type: "Log"
-            Name: "awslogs"
-          - Type: "Log"
-            Name: "fluentd"
-          - Type: "Log"
-            Name: "gcplogs"
-          - Type: "Log"
-            Name: "gelf"
-          - Type: "Log"
-            Name: "journald"
-          - Type: "Log"
-            Name: "json-file"
-          - Type: "Log"
-            Name: "splunk"
-          - Type: "Log"
-            Name: "syslog"
-          - Type: "Network"
-            Name: "bridge"
-          - Type: "Network"
-            Name: "host"
-          - Type: "Network"
-            Name: "ipvlan"
-          - Type: "Network"
-            Name: "macvlan"
-          - Type: "Network"
-            Name: "null"
-          - Type: "Network"
-            Name: "overlay"
-          - Type: "Volume"
-            Name: "local"
-          - Type: "Volume"
-            Name: "localhost:5000/vieux/sshfs:latest"
-          - Type: "Volume"
-            Name: "vieux/sshfs:latest"
-
-  TLSInfo:
-    description: |
-      Information about the issuer of leaf TLS certificates and the trusted root
-      CA certificate.
-    type: "object"
-    properties:
-      TrustRoot:
-        description: |
-          The root CA certificate(s) that are used to validate leaf TLS
-          certificates.
-        type: "string"
-      CertIssuerSubject:
-        description:
-          The base64-url-safe-encoded raw subject bytes of the issuer.
-        type: "string"
-      CertIssuerPublicKey:
-        description: |
-          The base64-url-safe-encoded raw public key bytes of the issuer.
-        type: "string"
-    example:
-      TrustRoot: |
-        -----BEGIN CERTIFICATE-----
-        MIIBajCCARCgAwIBAgIUbYqrLSOSQHoxD8CwG6Bi2PJi9c8wCgYIKoZIzj0EAwIw
-        EzERMA8GA1UEAxMIc3dhcm0tY2EwHhcNMTcwNDI0MjE0MzAwWhcNMzcwNDE5MjE0
-        MzAwWjATMREwDwYDVQQDEwhzd2FybS1jYTBZMBMGByqGSM49AgEGCCqGSM49AwEH
-        A0IABJk/VyMPYdaqDXJb/VXh5n/1Yuv7iNrxV3Qb3l06XD46seovcDWs3IZNV1lf
-        3Skyr0ofcchipoiHkXBODojJydSjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMB
-        Af8EBTADAQH/MB0GA1UdDgQWBBRUXxuRcnFjDfR/RIAUQab8ZV/n4jAKBggqhkjO
-        PQQDAgNIADBFAiAy+JTe6Uc3KyLCMiqGl2GyWGQqQDEcO3/YG36x7om65AIhAJvz
-        pxv6zFeVEkAEEkqIYi0omA9+CjanB/6Bz4n1uw8H
-        -----END CERTIFICATE-----
-      CertIssuerSubject: "MBMxETAPBgNVBAMTCHN3YXJtLWNh"
-      CertIssuerPublicKey: "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEmT9XIw9h1qoNclv9VeHmf/Vi6/uI2vFXdBveXTpcPjqx6i9wNazchk1XWV/dKTKvSh9xyGKmiIeRcE4OiMnJ1A=="
-
-  NodeStatus:
-    description: |
-      NodeStatus represents the status of a node.
-
-      It provides the current status of the node, as seen by the manager.
-    type: "object"
-    properties:
-      State:
-        $ref: "#/definitions/NodeState"
-      Message:
-        type: "string"
-        example: ""
-      Addr:
-        description: "IP address of the node."
-        type: "string"
-        example: "172.17.0.2"
-
-  NodeState:
-    description: "NodeState represents the state of a node."
-    type: "string"
-    enum:
-      - "unknown"
-      - "down"
-      - "ready"
-      - "disconnected"
-    example: "ready"
-
-  ManagerStatus:
-    description: |
-      ManagerStatus represents the status of a manager.
-
-      It provides the current status of a node's manager component, if the node
-      is a manager.
-    x-nullable: true
-    type: "object"
-    properties:
-      Leader:
-        type: "boolean"
-        default: false
-        example: true
-      Reachability:
-        $ref: "#/definitions/Reachability"
-      Addr:
-        description: |
-          The IP address and port at which the manager is reachable.
-        type: "string"
-        example: "10.0.0.46:2377"
-
-  Reachability:
-    description: "Reachability represents the reachability of a node."
-    type: "string"
-    enum:
-      - "unknown"
-      - "unreachable"
-      - "reachable"
-    example: "reachable"
-
-  SwarmSpec:
-    description: "User modifiable swarm configuration."
-    type: "object"
-    properties:
-      Name:
-        description: "Name of the swarm."
-        type: "string"
-        example: "default"
-      Labels:
-        description: "User-defined key/value metadata."
-        type: "object"
-        additionalProperties:
-          type: "string"
-        example:
-          com.example.corp.type: "production"
-          com.example.corp.department: "engineering"
-      Orchestration:
-        description: "Orchestration configuration."
-        type: "object"
-        x-nullable: true
-        properties:
-          TaskHistoryRetentionLimit:
-            description: |
-              The number of historic tasks to keep per instance or node. If
-              negative, never remove completed or failed tasks.
-            type: "integer"
-            format: "int64"
-            example: 10
-      Raft:
-        description: "Raft configuration."
-        type: "object"
-        properties:
-          SnapshotInterval:
-            description: "The number of log entries between snapshots."
-            type: "integer"
-            format: "uint64"
-            example: 10000
-          KeepOldSnapshots:
-            description: |
-              The number of snapshots to keep beyond the current snapshot.
-            type: "integer"
-            format: "uint64"
-          LogEntriesForSlowFollowers:
-            description: |
-              The number of log entries to keep around to sync up slow followers
-              after a snapshot is created.
-            type: "integer"
-            format: "uint64"
-            example: 500
-          ElectionTick:
-            description: |
-              The number of ticks that a follower will wait for a message from
-              the leader before becoming a candidate and starting an election.
-              `ElectionTick` must be greater than `HeartbeatTick`.
-
-              A tick currently defaults to one second, so these translate
-              directly to seconds currently, but this is NOT guaranteed.
-            type: "integer"
-            example: 3
-          HeartbeatTick:
-            description: |
-              The number of ticks between heartbeats. Every HeartbeatTick ticks,
-              the leader will send a heartbeat to the followers.
-
-              A tick currently defaults to one second, so these translate
-              directly to seconds currently, but this is NOT guaranteed.
-            type: "integer"
-            example: 1
-      Dispatcher:
-        description: "Dispatcher configuration."
-        type: "object"
-        x-nullable: true
-        properties:
-          HeartbeatPeriod:
-            description: |
-              The delay for an agent to send a heartbeat to the dispatcher.
-            type: "integer"
-            format: "int64"
-            example: 5000000000
-      CAConfig:
-        description: "CA configuration."
-        type: "object"
-        x-nullable: true
-        properties:
-          NodeCertExpiry:
-            description: "The duration node certificates are issued for."
-            type: "integer"
-            format: "int64"
-            example: 7776000000000000
-          ExternalCAs:
-            description: |
-              Configuration for forwarding signing requests to an external
-              certificate authority.
-            type: "array"
-            items:
-              type: "object"
-              properties:
-                Protocol:
-                  description: |
-                    Protocol for communication with the external CA (currently
-                    only `cfssl` is supported).
-                  type: "string"
-                  enum:
-                    - "cfssl"
-                  default: "cfssl"
-                URL:
-                  description: |
-                    URL where certificate signing requests should be sent.
-                  type: "string"
-                Options:
-                  description: |
-                    An object with key/value pairs that are interpreted as
-                    protocol-specific options for the external CA driver.
-                  type: "object"
-                  additionalProperties:
-                    type: "string"
-                CACert:
-                  description: |
-                    The root CA certificate (in PEM format) this external CA uses
-                    to issue TLS certificates (assumed to be to the current swarm
-                    root CA certificate if not provided).
-                  type: "string"
-          SigningCACert:
-            description: |
-              The desired signing CA certificate for all swarm node TLS leaf
-              certificates, in PEM format.
-            type: "string"
-          SigningCAKey:
-            description: |
-              The desired signing CA key for all swarm node TLS leaf certificates,
-              in PEM format.
-            type: "string"
-          ForceRotate:
-            description: |
-              An integer whose purpose is to force swarm to generate a new
-              signing CA certificate and key, if none have been specified in
-              `SigningCACert` and `SigningCAKey`
-            format: "uint64"
-            type: "integer"
-      EncryptionConfig:
-        description: "Parameters related to encryption-at-rest."
-        type: "object"
-        properties:
-          AutoLockManagers:
-            description: |
-              If set, generate a key and use it to lock data stored on the
-              managers.
-            type: "boolean"
-            example: false
-      TaskDefaults:
-        description: "Defaults for creating tasks in this cluster."
-        type: "object"
-        properties:
-          LogDriver:
-            description: |
-              The log driver to use for tasks created in the orchestrator if
-              unspecified by a service.
-
-              Updating this value only affects new tasks. Existing tasks continue
-              to use their previously configured log driver until recreated.
-            type: "object"
-            properties:
-              Name:
-                description: |
-                  The log driver to use as a default for new tasks.
-                type: "string"
-                example: "json-file"
-              Options:
-                description: |
-                  Driver-specific options for the selected log driver, specified
-                  as key/value pairs.
-                type: "object"
-                additionalProperties:
-                  type: "string"
-                example:
-                  "max-file": "10"
-                  "max-size": "100m"
-
-  # The Swarm information for `GET /info`. It is the same as `GET /swarm`, but
-  # without `JoinTokens`.
-  ClusterInfo:
-    description: |
-      ClusterInfo represents information about the swarm as is returned by the
-      "/info" endpoint. Join-tokens are not included.
-    x-nullable: true
-    type: "object"
-    properties:
-      ID:
-        description: "The ID of the swarm."
-        type: "string"
-        example: "abajmipo7b4xz5ip2nrla6b11"
-      Version:
-        $ref: "#/definitions/ObjectVersion"
-      CreatedAt:
-        description: |
-          Date and time at which the swarm was initialised in
-          [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format with nano-seconds.
-        type: "string"
-        format: "dateTime"
-        example: "2016-08-18T10:44:24.496525531Z"
-      UpdatedAt:
-        description: |
-          Date and time at which the swarm was last updated in
-          [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format with nano-seconds.
-        type: "string"
-        format: "dateTime"
-        example: "2017-08-09T07:09:37.632105588Z"
-      Spec:
-        $ref: "#/definitions/SwarmSpec"
-      TLSInfo:
-        $ref: "#/definitions/TLSInfo"
-      RootRotationInProgress:
-        description: |
-          Whether there is currently a root CA rotation in progress for the swarm
-        type: "boolean"
-        example: false
-      DataPathPort:
-        description: |
-          DataPathPort specifies the data path port number for data traffic.
-          Acceptable port range is 1024 to 49151.
-          If no port is set or is set to 0, the default port (4789) is used.
-        type: "integer"
-        format: "uint32"
-        default: 4789
-        example: 4789
-      DefaultAddrPool:
-        description: |
-          Default Address Pool specifies default subnet pools for global scope
-          networks.
-        type: "array"
-        items:
-          type: "string"
-          format: "CIDR"
-          example: ["10.10.0.0/16", "20.20.0.0/16"]
-      SubnetSize:
-        description: |
-          SubnetSize specifies the subnet size of the networks created from the
-          default subnet pool.
-        type: "integer"
-        format: "uint32"
-        maximum: 29
-        default: 24
-        example: 24
-
-  JoinTokens:
-    description: |
-      JoinTokens contains the tokens workers and managers need to join the swarm.
-    type: "object"
-    properties:
-      Worker:
-        description: |
-          The token workers can use to join the swarm.
-        type: "string"
-        example: "SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-1awxwuwd3z9j1z3puu7rcgdbx"
-      Manager:
-        description: |
-          The token managers can use to join the swarm.
-        type: "string"
-        example: "SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-7p73s1dx5in4tatdymyhg9hu2"
-
-  Swarm:
-    type: "object"
-    allOf:
-      - $ref: "#/definitions/ClusterInfo"
-      - type: "object"
-        properties:
-          JoinTokens:
-            $ref: "#/definitions/JoinTokens"
-
-  TaskSpec:
-    description: "User modifiable task configuration."
-    type: "object"
-    properties:
-      PluginSpec:
-        type: "object"
-        description: |
-          Plugin spec for the service.  *(Experimental release only.)*
-
-          <p><br /></p>
-
-          > **Note**: ContainerSpec, NetworkAttachmentSpec, and PluginSpec are
-          > mutually exclusive. PluginSpec is only used when the Runtime field
-          > is set to `plugin`. NetworkAttachmentSpec is used when the Runtime
-          > field is set to `attachment`.
-        properties:
-          Name:
-            description: "The name or 'alias' to use for the plugin."
-            type: "string"
-          Remote:
-            description: "The plugin image reference to use."
-            type: "string"
-          Disabled:
-            description: "Disable the plugin once scheduled."
-            type: "boolean"
-          PluginPrivilege:
-            type: "array"
-            items:
-              $ref: "#/definitions/PluginPrivilege"
-      ContainerSpec:
-        type: "object"
-        description: |
-          Container spec for the service.
-
-          <p><br /></p>
-
-          > **Note**: ContainerSpec, NetworkAttachmentSpec, and PluginSpec are
-          > mutually exclusive. PluginSpec is only used when the Runtime field
-          > is set to `plugin`. NetworkAttachmentSpec is used when the Runtime
-          > field is set to `attachment`.
-        properties:
-          Image:
-            description: "The image name to use for the container"
-            type: "string"
-          Labels:
-            description: "User-defined key/value data."
-            type: "object"
-            additionalProperties:
-              type: "string"
-          Command:
-            description: "The command to be run in the image."
-            type: "array"
-            items:
-              type: "string"
-          Args:
-            description: "Arguments to the command."
-            type: "array"
-            items:
-              type: "string"
-          Hostname:
-            description: |
-              The hostname to use for the container, as a valid
-              [RFC 1123](https://tools.ietf.org/html/rfc1123) hostname.
-            type: "string"
-          Env:
-            description: |
-              A list of environment variables in the form `VAR=value`.
-            type: "array"
-            items:
-              type: "string"
-          Dir:
-            description: "The working directory for commands to run in."
-            type: "string"
-          User:
-            description: "The user inside the container."
-            type: "string"
-          Groups:
-            type: "array"
-            description: |
-              A list of additional groups that the container process will run as.
-            items:
-              type: "string"
-          Privileges:
-            type: "object"
-            description: "Security options for the container"
-            properties:
-              CredentialSpec:
-                type: "object"
-                description: "CredentialSpec for managed service account (Windows only)"
-                properties:
-                  Config:
-                    type: "string"
-                    example: "0bt9dmxjvjiqermk6xrop3ekq"
-                    description: |
-                      Load credential spec from a Swarm Config with the given ID.
-                      The specified config must also be present in the Configs
-                      field with the Runtime property set.
-
-                      <p><br /></p>
-
-
-                      > **Note**: `CredentialSpec.File`, `CredentialSpec.Registry`,
-                      > and `CredentialSpec.Config` are mutually exclusive.
-                  File:
-                    type: "string"
-                    example: "spec.json"
-                    description: |
-                      Load credential spec from this file. The file is read by
-                      the daemon, and must be present in the `CredentialSpecs`
-                      subdirectory in the docker data directory, which defaults
-                      to `C:\ProgramData\Docker\` on Windows.
-
-                      For example, specifying `spec.json` loads
-                      `C:\ProgramData\Docker\CredentialSpecs\spec.json`.
-
-                      <p><br /></p>
-
-                      > **Note**: `CredentialSpec.File`, `CredentialSpec.Registry`,
-                      > and `CredentialSpec.Config` are mutually exclusive.
-                  Registry:
-                    type: "string"
-                    description: |
-                      Load credential spec from this value in the Windows
-                      registry. The specified registry value must be located in:
-
-                      `HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization\Containers\CredentialSpecs`
-
-                      <p><br /></p>
-
-
-                      > **Note**: `CredentialSpec.File`, `CredentialSpec.Registry`,
-                      > and `CredentialSpec.Config` are mutually exclusive.
-              SELinuxContext:
-                type: "object"
-                description: "SELinux labels of the container"
-                properties:
-                  Disable:
-                    type: "boolean"
-                    description: "Disable SELinux"
-                  User:
-                    type: "string"
-                    description: "SELinux user label"
-                  Role:
-                    type: "string"
-                    description: "SELinux role label"
-                  Type:
-                    type: "string"
-                    description: "SELinux type label"
-                  Level:
-                    type: "string"
-                    description: "SELinux level label"
-              Seccomp:
-                type: "object"
-                description: "Options for configuring seccomp on the container"
-                properties:
-                  Mode:
-                    type: "string"
-                    enum:
-                      - "default"
-                      - "unconfined"
-                      - "custom"
-                  Profile:
-                    description: "The custom seccomp profile as a json object"
-                    type: "string"
-              AppArmor:
-                type: "object"
-                description: "Options for configuring AppArmor on the container"
-                properties:
-                  Mode:
-                    type: "string"
-                    enum:
-                      - "default"
-                      - "disabled"
-              NoNewPrivileges:
-                type: "boolean"
-                description: "Configuration of the no_new_privs bit in the container"
-
-          TTY:
-            description: "Whether a pseudo-TTY should be allocated."
-            type: "boolean"
-          OpenStdin:
-            description: "Open `stdin`"
-            type: "boolean"
-          ReadOnly:
-            description: "Mount the container's root filesystem as read only."
-            type: "boolean"
-          Mounts:
-            description: |
-              Specification for mounts to be added to containers created as part
-              of the service.
-            type: "array"
-            items:
-              $ref: "#/definitions/Mount"
-          StopSignal:
-            description: "Signal to stop the container."
-            type: "string"
-          StopGracePeriod:
-            description: |
-              Amount of time to wait for the container to terminate before
-              forcefully killing it.
-            type: "integer"
-            format: "int64"
-          HealthCheck:
-            $ref: "#/definitions/HealthConfig"
-          Hosts:
-            type: "array"
-            description: |
-              A list of hostname/IP mappings to add to the container's `hosts`
-              file. The format of extra hosts is specified in the
-              [hosts(5)](http://man7.org/linux/man-pages/man5/hosts.5.html)
-              man page:
-
-                  IP_address canonical_hostname [aliases...]
-            items:
-              type: "string"
-          DNSConfig:
-            description: |
-              Specification for DNS related configurations in resolver configuration
-              file (`resolv.conf`).
-            type: "object"
-            properties:
-              Nameservers:
-                description: "The IP addresses of the name servers."
-                type: "array"
-                items:
-                  type: "string"
-              Search:
-                description: "A search list for host-name lookup."
-                type: "array"
-                items:
-                  type: "string"
-              Options:
-                description: |
-                  A list of internal resolver variables to be modified (e.g.,
-                  `debug`, `ndots:3`, etc.).
-                type: "array"
-                items:
-                  type: "string"
-          Secrets:
-            description: |
-              Secrets contains references to zero or more secrets that will be
-              exposed to the service.
-            type: "array"
-            items:
-              type: "object"
-              properties:
-                File:
-                  description: |
-                    File represents a specific target that is backed by a file.
-                  type: "object"
-                  properties:
-                    Name:
-                      description: |
-                        Name represents the final filename in the filesystem.
-                      type: "string"
-                    UID:
-                      description: "UID represents the file UID."
-                      type: "string"
-                    GID:
-                      description: "GID represents the file GID."
-                      type: "string"
-                    Mode:
-                      description: "Mode represents the FileMode of the file."
-                      type: "integer"
-                      format: "uint32"
-                SecretID:
-                  description: |
-                    SecretID represents the ID of the specific secret that we're
-                    referencing.
-                  type: "string"
-                SecretName:
-                  description: |
-                    SecretName is the name of the secret that this references,
-                    but this is just provided for lookup/display purposes. The
-                    secret in the reference will be identified by its ID.
-                  type: "string"
-          OomScoreAdj:
-            type: "integer"
-            format: "int64"
-            description: |
-              An integer value containing the score given to the container in
-              order to tune OOM killer preferences.
-            example: 0
-          Configs:
-            description: |
-              Configs contains references to zero or more configs that will be
-              exposed to the service.
-            type: "array"
-            items:
-              type: "object"
-              properties:
-                File:
-                  description: |
-                    File represents a specific target that is backed by a file.
-
-                    <p><br /><p>
-
-                    > **Note**: `Configs.File` and `Configs.Runtime` are mutually exclusive
-                  type: "object"
-                  properties:
-                    Name:
-                      description: |
-                        Name represents the final filename in the filesystem.
-                      type: "string"
-                    UID:
-                      description: "UID represents the file UID."
-                      type: "string"
-                    GID:
-                      description: "GID represents the file GID."
-                      type: "string"
-                    Mode:
-                      description: "Mode represents the FileMode of the file."
-                      type: "integer"
-                      format: "uint32"
-                Runtime:
-                  description: |
-                    Runtime represents a target that is not mounted into the
-                    container but is used by the task
-
-                    <p><br /><p>
-
-                    > **Note**: `Configs.File` and `Configs.Runtime` are mutually
-                    > exclusive
-                  type: "object"
-                ConfigID:
-                  description: |
-                    ConfigID represents the ID of the specific config that we're
-                    referencing.
-                  type: "string"
-                ConfigName:
-                  description: |
-                    ConfigName is the name of the config that this references,
-                    but this is just provided for lookup/display purposes. The
-                    config in the reference will be identified by its ID.
-                  type: "string"
-          Isolation:
-            type: "string"
-            description: |
-              Isolation technology of the containers running the service.
-              (Windows only)
-            enum:
-              - "default"
-              - "process"
-              - "hyperv"
-              - ""
-          Init:
-            description: |
-              Run an init inside the container that forwards signals and reaps
-              processes. This field is omitted if empty, and the default (as
-              configured on the daemon) is used.
-            type: "boolean"
-            x-nullable: true
-          Sysctls:
-            description: |
-              Set kernel namedspaced parameters (sysctls) in the container.
-              The Sysctls option on services accepts the same sysctls as the
-              are supported on containers. Note that while the same sysctls are
-              supported, no guarantees or checks are made about their
-              suitability for a clustered environment, and it's up to the user
-              to determine whether a given sysctl will work properly in a
-              Service.
-            type: "object"
-            additionalProperties:
-              type: "string"
-          # This option is not used by Windows containers
-          CapabilityAdd:
-            type: "array"
-            description: |
-              A list of kernel capabilities to add to the default set
-              for the container.
-            items:
-              type: "string"
-            example:
-              - "CAP_NET_RAW"
-              - "CAP_SYS_ADMIN"
-              - "CAP_SYS_CHROOT"
-              - "CAP_SYSLOG"
-          CapabilityDrop:
-            type: "array"
-            description: |
-              A list of kernel capabilities to drop from the default set
-              for the container.
-            items:
-              type: "string"
-            example:
-              - "CAP_NET_RAW"
-          Ulimits:
-            description: |
-              A list of resource limits to set in the container. For example: `{"Name": "nofile", "Soft": 1024, "Hard": 2048}`"
-            type: "array"
-            items:
-              type: "object"
-              properties:
-                Name:
-                  description: "Name of ulimit"
-                  type: "string"
-                Soft:
-                  description: "Soft limit"
-                  type: "integer"
-                Hard:
-                  description: "Hard limit"
-                  type: "integer"
-      NetworkAttachmentSpec:
-        description: |
-          Read-only spec type for non-swarm containers attached to swarm overlay
-          networks.
-
-          <p><br /></p>
-
-          > **Note**: ContainerSpec, NetworkAttachmentSpec, and PluginSpec are
-          > mutually exclusive. PluginSpec is only used when the Runtime field
-          > is set to `plugin`. NetworkAttachmentSpec is used when the Runtime
-          > field is set to `attachment`.
-        type: "object"
-        properties:
-          ContainerID:
-            description: "ID of the container represented by this task"
-            type: "string"
-      Resources:
-        description: |
-          Resource requirements which apply to each individual container created
-          as part of the service.
-        type: "object"
-        properties:
-          Limits:
-            description: "Define resources limits."
-            $ref: "#/definitions/Limit"
-          Reservations:
-            description: "Define resources reservation."
-            $ref: "#/definitions/ResourceObject"
-      RestartPolicy:
-        description: |
-          Specification for the restart policy which applies to containers
-          created as part of this service.
-        type: "object"
-        properties:
-          Condition:
-            description: "Condition for restart."
-            type: "string"
-            enum:
-              - "none"
-              - "on-failure"
-              - "any"
-          Delay:
-            description: "Delay between restart attempts."
-            type: "integer"
-            format: "int64"
-          MaxAttempts:
-            description: |
-              Maximum attempts to restart a given container before giving up
-              (default value is 0, which is ignored).
-            type: "integer"
-            format: "int64"
-            default: 0
-          Window:
-            description: |
-              Windows is the time window used to evaluate the restart policy
-              (default value is 0, which is unbounded).
-            type: "integer"
-            format: "int64"
-            default: 0
-      Placement:
-        type: "object"
-        properties:
-          Constraints:
-            description: |
-              An array of constraint expressions to limit the set of nodes where
-              a task can be scheduled. Constraint expressions can either use a
-              _match_ (`==`) or _exclude_ (`!=`) rule. Multiple constraints find
-              nodes that satisfy every expression (AND match). Constraints can
-              match node or Docker Engine labels as follows:
-
-              node attribute       | matches                        | example
-              ---------------------|--------------------------------|-----------------------------------------------
-              `node.id`            | Node ID                        | `node.id==2ivku8v2gvtg4`
-              `node.hostname`      | Node hostname                  | `node.hostname!=node-2`
-              `node.role`          | Node role (`manager`/`worker`) | `node.role==manager`
-              `node.platform.os`   | Node operating system          | `node.platform.os==windows`
-              `node.platform.arch` | Node architecture              | `node.platform.arch==x86_64`
-              `node.labels`        | User-defined node labels       | `node.labels.security==high`
-              `engine.labels`      | Docker Engine's labels         | `engine.labels.operatingsystem==ubuntu-24.04`
-
-              `engine.labels` apply to Docker Engine labels like operating system,
-              drivers, etc. Swarm administrators add `node.labels` for operational
-              purposes by using the [`node update endpoint`](#operation/NodeUpdate).
-
-            type: "array"
-            items:
-              type: "string"
-            example:
-              - "node.hostname!=node3.corp.example.com"
-              - "node.role!=manager"
-              - "node.labels.type==production"
-              - "node.platform.os==linux"
-              - "node.platform.arch==x86_64"
-          Preferences:
-            description: |
-              Preferences provide a way to make the scheduler aware of factors
-              such as topology. They are provided in order from highest to
-              lowest precedence.
-            type: "array"
-            items:
-              type: "object"
-              properties:
-                Spread:
-                  type: "object"
-                  properties:
-                    SpreadDescriptor:
-                      description: |
-                        label descriptor, such as `engine.labels.az`.
-                      type: "string"
-            example:
-              - Spread:
-                  SpreadDescriptor: "node.labels.datacenter"
-              - Spread:
-                  SpreadDescriptor: "node.labels.rack"
-          MaxReplicas:
-            description: |
-              Maximum number of replicas for per node (default value is 0, which
-              is unlimited)
-            type: "integer"
-            format: "int64"
-            default: 0
-          Platforms:
-            description: |
-              Platforms stores all the platforms that the service's image can
-              run on. This field is used in the platform filter for scheduling.
-              If empty, then the platform filter is off, meaning there are no
-              scheduling restrictions.
-            type: "array"
-            items:
-              $ref: "#/definitions/Platform"
-      ForceUpdate:
-        description: |
-          A counter that triggers an update even if no relevant parameters have
-          been changed.
-        type: "integer"
-        format: "uint64"
-      Runtime:
-        description: |
-          Runtime is the type of runtime specified for the task executor.
-        type: "string"
-      Networks:
-        description: "Specifies which networks the service should attach to."
-        type: "array"
-        items:
-          $ref: "#/definitions/NetworkAttachmentConfig"
-      LogDriver:
-        description: |
-          Specifies the log driver to use for tasks created from this spec. If
-          not present, the default one for the swarm will be used, finally
-          falling back to the engine default if not specified.
-        type: "object"
-        properties:
-          Name:
-            type: "string"
-          Options:
-            type: "object"
-            additionalProperties:
-              type: "string"
-
-  TaskState:
-    type: "string"
-    enum:
-      - "new"
-      - "allocated"
-      - "pending"
-      - "assigned"
-      - "accepted"
-      - "preparing"
-      - "ready"
-      - "starting"
-      - "running"
-      - "complete"
-      - "shutdown"
-      - "failed"
-      - "rejected"
-      - "remove"
-      - "orphaned"
-
-  ContainerStatus:
-    type: "object"
-    description: "represents the status of a container."
-    properties:
-      ContainerID:
-        type: "string"
-      PID:
-        type: "integer"
-      ExitCode:
-        type: "integer"
-
-  PortStatus:
-    type: "object"
-    description: "represents the port status of a task's host ports whose service has published host ports"
-    properties:
-      Ports:
-        type: "array"
-        items:
-          $ref: "#/definitions/EndpointPortConfig"
-
-  TaskStatus:
-    type: "object"
-    description: "represents the status of a task."
-    properties:
-      Timestamp:
-        type: "string"
-        format: "dateTime"
-      State:
-        $ref: "#/definitions/TaskState"
-      Message:
-        type: "string"
-      Err:
-        type: "string"
-      ContainerStatus:
-        $ref: "#/definitions/ContainerStatus"
-      PortStatus:
-        $ref: "#/definitions/PortStatus"
-
-  Task:
-    type: "object"
-    properties:
-      ID:
-        description: "The ID of the task."
-        type: "string"
-      Version:
-        $ref: "#/definitions/ObjectVersion"
-      CreatedAt:
-        type: "string"
-        format: "dateTime"
-      UpdatedAt:
-        type: "string"
-        format: "dateTime"
-      Name:
-        description: "Name of the task."
-        type: "string"
-      Labels:
-        description: "User-defined key/value metadata."
-        type: "object"
-        additionalProperties:
-          type: "string"
-      Spec:
-        $ref: "#/definitions/TaskSpec"
-      ServiceID:
-        description: "The ID of the service this task is part of."
-        type: "string"
-      Slot:
-        type: "integer"
-      NodeID:
-        description: "The ID of the node that this task is on."
-        type: "string"
-      AssignedGenericResources:
-        $ref: "#/definitions/GenericResources"
-      Status:
-        $ref: "#/definitions/TaskStatus"
-      DesiredState:
-        $ref: "#/definitions/TaskState"
-      JobIteration:
-        description: |
-          If the Service this Task belongs to is a job-mode service, contains
-          the JobIteration of the Service this Task was created for. Absent if
-          the Task was created for a Replicated or Global Service.
-        $ref: "#/definitions/ObjectVersion"
-    example:
-      ID: "0kzzo1i0y4jz6027t0k7aezc7"
-      Version:
-        Index: 71
-      CreatedAt: "2016-06-07T21:07:31.171892745Z"
-      UpdatedAt: "2016-06-07T21:07:31.376370513Z"
-      Spec:
-        ContainerSpec:
-          Image: "redis"
-        Resources:
-          Limits: {}
-          Reservations: {}
-        RestartPolicy:
-          Condition: "any"
-          MaxAttempts: 0
-        Placement: {}
-      ServiceID: "9mnpnzenvg8p8tdbtq4wvbkcz"
-      Slot: 1
-      NodeID: "60gvrl6tm78dmak4yl7srz94v"
-      Status:
-        Timestamp: "2016-06-07T21:07:31.290032978Z"
-        State: "running"
-        Message: "started"
-        ContainerStatus:
-          ContainerID: "e5d62702a1b48d01c3e02ca1e0212a250801fa8d67caca0b6f35919ebc12f035"
-          PID: 677
-      DesiredState: "running"
-      NetworksAttachments:
-        - Network:
-            ID: "4qvuz4ko70xaltuqbt8956gd1"
-            Version:
-              Index: 18
-            CreatedAt: "2016-06-07T20:31:11.912919752Z"
-            UpdatedAt: "2016-06-07T21:07:29.955277358Z"
-            Spec:
-              Name: "ingress"
-              Labels:
-                com.docker.swarm.internal: "true"
-              DriverConfiguration: {}
-              IPAMOptions:
-                Driver: {}
-                Configs:
-                  - Subnet: "10.255.0.0/16"
-                    Gateway: "10.255.0.1"
-            DriverState:
-              Name: "overlay"
-              Options:
-                com.docker.network.driver.overlay.vxlanid_list: "256"
-            IPAMOptions:
-              Driver:
-                Name: "default"
-              Configs:
-                - Subnet: "10.255.0.0/16"
-                  Gateway: "10.255.0.1"
-          Addresses:
-            - "10.255.0.10/16"
-      AssignedGenericResources:
-        - DiscreteResourceSpec:
-            Kind: "SSD"
-            Value: 3
-        - NamedResourceSpec:
-            Kind: "GPU"
-            Value: "UUID1"
-        - NamedResourceSpec:
-            Kind: "GPU"
-            Value: "UUID2"
-
-  ServiceSpec:
-    description: "User modifiable configuration for a service."
-    type: object
-    properties:
-      Name:
-        description: "Name of the service."
-        type: "string"
-      Labels:
-        description: "User-defined key/value metadata."
-        type: "object"
-        additionalProperties:
-          type: "string"
-      TaskTemplate:
-        $ref: "#/definitions/TaskSpec"
-      Mode:
-        description: "Scheduling mode for the service."
-        type: "object"
-        properties:
-          Replicated:
-            type: "object"
-            properties:
-              Replicas:
-                type: "integer"
-                format: "int64"
-          Global:
-            type: "object"
-          ReplicatedJob:
-            description: |
-              The mode used for services with a finite number of tasks that run
-              to a completed state.
-            type: "object"
-            properties:
-              MaxConcurrent:
-                description: |
-                  The maximum number of replicas to run simultaneously.
-                type: "integer"
-                format: "int64"
-                default: 1
-              TotalCompletions:
-                description: |
-                  The total number of replicas desired to reach the Completed
-                  state. If unset, will default to the value of `MaxConcurrent`
-                type: "integer"
-                format: "int64"
-          GlobalJob:
-            description: |
-              The mode used for services which run a task to the completed state
-              on each valid node.
-            type: "object"
-      UpdateConfig:
-        description: "Specification for the update strategy of the service."
-        type: "object"
-        properties:
-          Parallelism:
-            description: |
-              Maximum number of tasks to be updated in one iteration (0 means
-              unlimited parallelism).
-            type: "integer"
-            format: "int64"
-          Delay:
-            description: "Amount of time between updates, in nanoseconds."
-            type: "integer"
-            format: "int64"
-          FailureAction:
-            description: |
-              Action to take if an updated task fails to run, or stops running
-              during the update.
-            type: "string"
-            enum:
-              - "continue"
-              - "pause"
-              - "rollback"
-          Monitor:
-            description: |
-              Amount of time to monitor each updated task for failures, in
-              nanoseconds.
-            type: "integer"
-            format: "int64"
-          MaxFailureRatio:
-            description: |
-              The fraction of tasks that may fail during an update before the
-              failure action is invoked, specified as a floating point number
-              between 0 and 1.
-            type: "number"
-            default: 0
-          Order:
-            description: |
-              The order of operations when rolling out an updated task. Either
-              the old task is shut down before the new task is started, or the
-              new task is started before the old task is shut down.
-            type: "string"
-            enum:
-              - "stop-first"
-              - "start-first"
-      RollbackConfig:
-        description: "Specification for the rollback strategy of the service."
-        type: "object"
-        properties:
-          Parallelism:
-            description: |
-              Maximum number of tasks to be rolled back in one iteration (0 means
-              unlimited parallelism).
-            type: "integer"
-            format: "int64"
-          Delay:
-            description: |
-              Amount of time between rollback iterations, in nanoseconds.
-            type: "integer"
-            format: "int64"
-          FailureAction:
-            description: |
-              Action to take if an rolled back task fails to run, or stops
-              running during the rollback.
-            type: "string"
-            enum:
-              - "continue"
-              - "pause"
-          Monitor:
-            description: |
-              Amount of time to monitor each rolled back task for failures, in
-              nanoseconds.
-            type: "integer"
-            format: "int64"
-          MaxFailureRatio:
-            description: |
-              The fraction of tasks that may fail during a rollback before the
-              failure action is invoked, specified as a floating point number
-              between 0 and 1.
-            type: "number"
-            default: 0
-          Order:
-            description: |
-              The order of operations when rolling back a task. Either the old
-              task is shut down before the new task is started, or the new task
-              is started before the old task is shut down.
-            type: "string"
-            enum:
-              - "stop-first"
-              - "start-first"
-      Networks:
-        description: |
-          Specifies which networks the service should attach to.
-
-          Deprecated: This field is deprecated since v1.44. The Networks field in TaskSpec should be used instead.
-        type: "array"
-        items:
-          $ref: "#/definitions/NetworkAttachmentConfig"
-
-      EndpointSpec:
-        $ref: "#/definitions/EndpointSpec"
-
-  EndpointPortConfig:
-    type: "object"
-    properties:
-      Name:
-        type: "string"
-      Protocol:
-        type: "string"
-        enum:
-          - "tcp"
-          - "udp"
-          - "sctp"
-      TargetPort:
-        description: "The port inside the container."
-        type: "integer"
-      PublishedPort:
-        description: "The port on the swarm hosts."
-        type: "integer"
-      PublishMode:
-        description: |
-          The mode in which port is published.
-
-          <p><br /></p>
-
-          - "ingress" makes the target port accessible on every node,
-            regardless of whether there is a task for the service running on
-            that node or not.
-          - "host" bypasses the routing mesh and publish the port directly on
-            the swarm node where that service is running.
-
-        type: "string"
-        enum:
-          - "ingress"
-          - "host"
-        default: "ingress"
-        example: "ingress"
-
-  EndpointSpec:
-    description: "Properties that can be configured to access and load balance a service."
-    type: "object"
-    properties:
-      Mode:
-        description: |
-          The mode of resolution to use for internal load balancing between tasks.
-        type: "string"
-        enum:
-          - "vip"
-          - "dnsrr"
-        default: "vip"
-      Ports:
-        description: |
-          List of exposed ports that this service is accessible on from the
-          outside. Ports can only be provided if `vip` resolution mode is used.
-        type: "array"
-        items:
-          $ref: "#/definitions/EndpointPortConfig"
-
-  Service:
-    type: "object"
-    properties:
-      ID:
-        type: "string"
-      Version:
-        $ref: "#/definitions/ObjectVersion"
-      CreatedAt:
-        type: "string"
-        format: "dateTime"
-      UpdatedAt:
-        type: "string"
-        format: "dateTime"
-      Spec:
-        $ref: "#/definitions/ServiceSpec"
-      Endpoint:
-        type: "object"
-        properties:
-          Spec:
-            $ref: "#/definitions/EndpointSpec"
-          Ports:
-            type: "array"
-            items:
-              $ref: "#/definitions/EndpointPortConfig"
-          VirtualIPs:
-            type: "array"
-            items:
-              type: "object"
-              properties:
-                NetworkID:
-                  type: "string"
-                Addr:
-                  type: "string"
-      UpdateStatus:
-        description: "The status of a service update."
-        type: "object"
-        properties:
-          State:
-            type: "string"
-            enum:
-              - "updating"
-              - "paused"
-              - "completed"
-          StartedAt:
-            type: "string"
-            format: "dateTime"
-          CompletedAt:
-            type: "string"
-            format: "dateTime"
-          Message:
-            type: "string"
-      ServiceStatus:
-        description: |
-          The status of the service's tasks. Provided only when requested as
-          part of a ServiceList operation.
-        type: "object"
-        properties:
-          RunningTasks:
-            description: |
-              The number of tasks for the service currently in the Running state.
-            type: "integer"
-            format: "uint64"
-            example: 7
-          DesiredTasks:
-            description: |
-              The number of tasks for the service desired to be running.
-              For replicated services, this is the replica count from the
-              service spec. For global services, this is computed by taking
-              count of all tasks for the service with a Desired State other
-              than Shutdown.
-            type: "integer"
-            format: "uint64"
-            example: 10
-          CompletedTasks:
-            description: |
-              The number of tasks for a job that are in the Completed state.
-              This field must be cross-referenced with the service type, as the
-              value of 0 may mean the service is not in a job mode, or it may
-              mean the job-mode service has no tasks yet Completed.
-            type: "integer"
-            format: "uint64"
-      JobStatus:
-        description: |
-          The status of the service when it is in one of ReplicatedJob or
-          GlobalJob modes. Absent on Replicated and Global mode services. The
-          JobIteration is an ObjectVersion, but unlike the Service's version,
-          does not need to be sent with an update request.
-        type: "object"
-        properties:
-          JobIteration:
-            description: |
-              JobIteration is a value increased each time a Job is executed,
-              successfully or otherwise. "Executed", in this case, means the
-              job as a whole has been started, not that an individual Task has
-              been launched. A job is "Executed" when its ServiceSpec is
-              updated. JobIteration can be used to disambiguate Tasks belonging
-              to different executions of a job.  Though JobIteration will
-              increase with each subsequent execution, it may not necessarily
-              increase by 1, and so JobIteration should not be used to
-            $ref: "#/definitions/ObjectVersion"
-          LastExecution:
-            description: |
-              The last time, as observed by the server, that this job was
-              started.
-            type: "string"
-            format: "dateTime"
-    example:
-      ID: "9mnpnzenvg8p8tdbtq4wvbkcz"
-      Version:
-        Index: 19
-      CreatedAt: "2016-06-07T21:05:51.880065305Z"
-      UpdatedAt: "2016-06-07T21:07:29.962229872Z"
-      Spec:
-        Name: "hopeful_cori"
-        TaskTemplate:
-          ContainerSpec:
-            Image: "redis"
-          Resources:
-            Limits: {}
-            Reservations: {}
-          RestartPolicy:
-            Condition: "any"
-            MaxAttempts: 0
-          Placement: {}
-          ForceUpdate: 0
-        Mode:
-          Replicated:
-            Replicas: 1
-        UpdateConfig:
-          Parallelism: 1
-          Delay: 1000000000
-          FailureAction: "pause"
-          Monitor: 15000000000
-          MaxFailureRatio: 0.15
-        RollbackConfig:
-          Parallelism: 1
-          Delay: 1000000000
-          FailureAction: "pause"
-          Monitor: 15000000000
-          MaxFailureRatio: 0.15
-        EndpointSpec:
-          Mode: "vip"
-          Ports:
-            -
-              Protocol: "tcp"
-              TargetPort: 6379
-              PublishedPort: 30001
-      Endpoint:
-        Spec:
-          Mode: "vip"
-          Ports:
-            -
-              Protocol: "tcp"
-              TargetPort: 6379
-              PublishedPort: 30001
-        Ports:
-          -
-            Protocol: "tcp"
-            TargetPort: 6379
-            PublishedPort: 30001
-        VirtualIPs:
-          -
-            NetworkID: "4qvuz4ko70xaltuqbt8956gd1"
-            Addr: "10.255.0.2/16"
-          -
-            NetworkID: "4qvuz4ko70xaltuqbt8956gd1"
-            Addr: "10.255.0.3/16"
-
-  ImageDeleteResponseItem:
-    type: "object"
-    x-go-name: "DeleteResponse"
-    properties:
-      Untagged:
-        description: "The image ID of an image that was untagged"
-        type: "string"
-      Deleted:
-        description: "The image ID of an image that was deleted"
-        type: "string"
-
-  ServiceCreateResponse:
-    type: "object"
-    description: |
-      contains the information returned to a client on the
-      creation of a new service.
-    properties:
-      ID:
-        description: "The ID of the created service."
-        type: "string"
-        x-nullable: false
-        example: "ak7w3gjqoa3kuz8xcpnyy0pvl"
-      Warnings:
-        description: |
-          Optional warning message.
-
-          FIXME(thaJeztah): this should have "omitempty" in the generated type.
-        type: "array"
-        x-nullable: true
-        items:
-          type: "string"
-        example:
-          - "unable to pin image doesnotexist:latest to digest: image library/doesnotexist:latest not found"
-
-  ServiceUpdateResponse:
-    type: "object"
-    properties:
-      Warnings:
-        description: "Optional warning messages"
-        type: "array"
-        items:
-          type: "string"
-    example:
-      Warnings:
-        - "unable to pin image doesnotexist:latest to digest: image library/doesnotexist:latest not found"
-
-  ContainerInspectResponse:
-    type: "object"
-    title: "ContainerInspectResponse"
-    x-go-name: "InspectResponse"
-    properties:
-      Id:
-        description: |-
-          The ID of this container as a 128-bit (64-character) hexadecimal string (32 bytes).
-        type: "string"
-        x-go-name: "ID"
-        minLength: 64
-        maxLength: 64
-        pattern: "^[0-9a-fA-F]{64}$"
-        example: "aa86eacfb3b3ed4cd362c1e88fc89a53908ad05fb3a4103bca3f9b28292d14bf"
-      Created:
-        description: |-
-          Date and time at which the container was created, formatted in
-          [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format with nano-seconds.
-        type: "string"
-        format: "dateTime"
-        x-nullable: true
-        example: "2025-02-17T17:43:39.64001363Z"
-      Path:
-        description: |-
-          The path to the command being run
-        type: "string"
-        example: "/bin/sh"
-      Args:
-        description: "The arguments to the command being run"
-        type: "array"
-        items:
-          type: "string"
-        example:
-          - "-c"
-          - "exit 9"
-      State:
-        $ref: "#/definitions/ContainerState"
-      Image:
-        description: |-
-          The ID (digest) of the image that this container was created from.
-        type: "string"
-        example: "sha256:72297848456d5d37d1262630108ab308d3e9ec7ed1c3286a32fe09856619a782"
-      ResolvConfPath:
-        description: |-
-          Location of the `/etc/resolv.conf` generated for the container on the
-          host.
-
-          This file is managed through the docker daemon, and should not be
-          accessed or modified by other tools.
-        type: "string"
-        example: "/var/lib/docker/containers/aa86eacfb3b3ed4cd362c1e88fc89a53908ad05fb3a4103bca3f9b28292d14bf/resolv.conf"
-      HostnamePath:
-        description: |-
-          Location of the `/etc/hostname` generated for the container on the
-          host.
-
-          This file is managed through the docker daemon, and should not be
-          accessed or modified by other tools.
-        type: "string"
-        example: "/var/lib/docker/containers/aa86eacfb3b3ed4cd362c1e88fc89a53908ad05fb3a4103bca3f9b28292d14bf/hostname"
-      HostsPath:
-        description: |-
-          Location of the `/etc/hosts` generated for the container on the
-          host.
-
-          This file is managed through the docker daemon, and should not be
-          accessed or modified by other tools.
-        type: "string"
-        example: "/var/lib/docker/containers/aa86eacfb3b3ed4cd362c1e88fc89a53908ad05fb3a4103bca3f9b28292d14bf/hosts"
-      LogPath:
-        description: |-
-          Location of the file used to buffer the container's logs. Depending on
-          the logging-driver used for the container, this field may be omitted.
-
-          This file is managed through the docker daemon, and should not be
-          accessed or modified by other tools.
-        type: "string"
-        x-nullable: true
-        example: "/var/lib/docker/containers/5b7c7e2b992aa426584ce6c47452756066be0e503a08b4516a433a54d2f69e59/5b7c7e2b992aa426584ce6c47452756066be0e503a08b4516a433a54d2f69e59-json.log"
-      Name:
-        description: |-
-          The name associated with this container.
-
-          For historic reasons, the name may be prefixed with a forward-slash (`/`).
-        type: "string"
-        example: "/funny_chatelet"
-      RestartCount:
-        description: |-
-          Number of times the container was restarted since it was created,
-          or since daemon was started.
-        type: "integer"
-        example: 0
-      Driver:
-        description: |-
-          The storage-driver used for the container's filesystem (graph-driver
-          or snapshotter).
-        type: "string"
-        example: "overlayfs"
-      Platform:
-        description: |-
-          The platform (operating system) for which the container was created.
-
-          This field was introduced for the experimental "LCOW" (Linux Containers
-          On Windows) features, which has been removed. In most cases, this field
-          is equal to the host's operating system (`linux` or `windows`).
-        type: "string"
-        example: "linux"
-      ImageManifestDescriptor:
-        $ref: "#/definitions/OCIDescriptor"
-        description: |-
-          OCI descriptor of the platform-specific manifest of the image
-          the container was created from.
-
-          Note: Only available if the daemon provides a multi-platform
-          image store.
-      MountLabel:
-        description: |-
-          SELinux mount label set for the container.
-        type: "string"
-        example: ""
-      ProcessLabel:
-        description: |-
-          SELinux process label set for the container.
-        type: "string"
-        example: ""
-      AppArmorProfile:
-        description: |-
-          The AppArmor profile set for the container.
-        type: "string"
-        example: ""
-      ExecIDs:
-        description: |-
-          IDs of exec instances that are running in the container.
-        type: "array"
-        items:
-          type: "string"
-        x-nullable: true
-        example:
-          - "b35395de42bc8abd327f9dd65d913b9ba28c74d2f0734eeeae84fa1c616a0fca"
-          - "3fc1232e5cd20c8de182ed81178503dc6437f4e7ef12b52cc5e8de020652f1c4"
-      HostConfig:
-        $ref: "#/definitions/HostConfig"
-      GraphDriver:
-        $ref: "#/definitions/DriverData"
-      SizeRw:
-        description: |-
-          The size of files that have been created or changed by this container.
-
-          This field is omitted by default, and only set when size is requested
-          in the API request.
-        type: "integer"
-        format: "int64"
-        x-nullable: true
-        example: "122880"
-      SizeRootFs:
-        description: |-
-          The total size of all files in the read-only layers from the image
-          that the container uses. These layers can be shared between containers.
-
-          This field is omitted by default, and only set when size is requested
-          in the API request.
-        type: "integer"
-        format: "int64"
-        x-nullable: true
-        example: "1653948416"
-      Mounts:
-        description: |-
-          List of mounts used by the container.
-        type: "array"
-        items:
-          $ref: "#/definitions/MountPoint"
-      Config:
-        $ref: "#/definitions/ContainerConfig"
-      NetworkSettings:
-        $ref: "#/definitions/NetworkSettings"
-
-  ContainerSummary:
-    type: "object"
-    properties:
-      Id:
-        description: |-
-          The ID of this container as a 128-bit (64-character) hexadecimal string (32 bytes).
-        type: "string"
-        x-go-name: "ID"
-        minLength: 64
-        maxLength: 64
-        pattern: "^[0-9a-fA-F]{64}$"
-        example: "aa86eacfb3b3ed4cd362c1e88fc89a53908ad05fb3a4103bca3f9b28292d14bf"
-      Names:
-        description: |-
-          The names associated with this container. Most containers have a single
-          name, but when using legacy "links", the container can have multiple
-          names.
-
-          For historic reasons, names are prefixed with a forward-slash (`/`).
-        type: "array"
-        items:
-          type: "string"
-        example:
-          - "/funny_chatelet"
-      Image:
-        description: |-
-          The name or ID of the image used to create the container.
-
-          This field shows the image reference as was specified when creating the container,
-          which can be in its canonical form (e.g., `docker.io/library/ubuntu:latest`
-          or `docker.io/library/ubuntu@sha256:72297848456d5d37d1262630108ab308d3e9ec7ed1c3286a32fe09856619a782`),
-          short form (e.g., `ubuntu:latest`)), or the ID(-prefix) of the image (e.g., `72297848456d`).
-
-          The content of this field can be updated at runtime if the image used to
-          create the container is untagged, in which case the field is updated to
-          contain the the image ID (digest) it was resolved to in its canonical,
-          non-truncated form (e.g., `sha256:72297848456d5d37d1262630108ab308d3e9ec7ed1c3286a32fe09856619a782`).
-        type: "string"
-        example: "docker.io/library/ubuntu:latest"
-      ImageID:
-        description: |-
-          The ID (digest) of the image that this container was created from.
-        type: "string"
-        example: "sha256:72297848456d5d37d1262630108ab308d3e9ec7ed1c3286a32fe09856619a782"
-      ImageManifestDescriptor:
-        $ref: "#/definitions/OCIDescriptor"
-        x-nullable: true
-        description: |
-          OCI descriptor of the platform-specific manifest of the image
-          the container was created from.
-
-          Note: Only available if the daemon provides a multi-platform
-          image store.
-
-          This field is not populated in the `GET /system/df` endpoint.
-      Command:
-        description: "Command to run when starting the container"
-        type: "string"
-        example: "/bin/bash"
-      Created:
-        description: |-
-          Date and time at which the container was created as a Unix timestamp
-          (number of seconds since EPOCH).
-        type: "integer"
-        format: "int64"
-        example: "1739811096"
-      Ports:
-        description: |-
-          Port-mappings for the container.
-        type: "array"
-        items:
-          $ref: "#/definitions/Port"
-      SizeRw:
-        description: |-
-          The size of files that have been created or changed by this container.
-
-          This field is omitted by default, and only set when size is requested
-          in the API request.
-        type: "integer"
-        format: "int64"
-        x-nullable: true
-        example: "122880"
-      SizeRootFs:
-        description: |-
-          The total size of all files in the read-only layers from the image
-          that the container uses. These layers can be shared between containers.
-
-          This field is omitted by default, and only set when size is requested
-          in the API request.
-        type: "integer"
-        format: "int64"
-        x-nullable: true
-        example: "1653948416"
-      Labels:
-        description: "User-defined key/value metadata."
-        type: "object"
-        additionalProperties:
-          type: "string"
-        example:
-          com.example.vendor: "Acme"
-          com.example.license: "GPL"
-          com.example.version: "1.0"
-      State:
-        description: |
-          The state of this container.
-        type: "string"
-        enum:
-          - "created"
-          - "running"
-          - "paused"
-          - "restarting"
-          - "exited"
-          - "removing"
-          - "dead"
-        example: "running"
-      Status:
-        description: |-
-          Additional human-readable status of this container (e.g. `Exit 0`)
-        type: "string"
-        example: "Up 4 days"
-      HostConfig:
-        type: "object"
-        description: |-
-          Summary of host-specific runtime information of the container. This
-          is a reduced set of information in the container's "HostConfig" as
-          available in the container "inspect" response.
-        properties:
-          NetworkMode:
-            description: |-
-              Networking mode (`host`, `none`, `container:<id>`) or name of the
-              primary network the container is using.
-
-              This field is primarily for backward compatibility. The container
-              can be connected to multiple networks for which information can be
-              found in the `NetworkSettings.Networks` field, which enumerates
-              settings per network.
-            type: "string"
-            example: "mynetwork"
-          Annotations:
-            description: |-
-              Arbitrary key-value metadata attached to the container.
-            type: "object"
-            x-nullable: true
-            additionalProperties:
-              type: "string"
-            example:
-              io.kubernetes.docker.type: "container"
-              io.kubernetes.sandbox.id: "3befe639bed0fd6afdd65fd1fa84506756f59360ec4adc270b0fdac9be22b4d3"
-      NetworkSettings:
-        description: |-
-          Summary of the container's network settings
-        type: "object"
-        properties:
-          Networks:
-            type: "object"
-            description: |-
-              Summary of network-settings for each network the container is
-              attached to.
-            additionalProperties:
-              $ref: "#/definitions/EndpointSettings"
-      Mounts:
-        type: "array"
-        description: |-
-          List of mounts used by the container.
-        items:
-          $ref: "#/definitions/MountPoint"
-
-  Driver:
-    description: "Driver represents a driver (network, logging, secrets)."
-    type: "object"
-    required: [Name]
-    properties:
-      Name:
-        description: "Name of the driver."
-        type: "string"
-        x-nullable: false
-        example: "some-driver"
-      Options:
-        description: "Key/value map of driver-specific options."
-        type: "object"
-        x-nullable: false
-        additionalProperties:
-          type: "string"
-        example:
-          OptionA: "value for driver-specific option A"
-          OptionB: "value for driver-specific option B"
-
-  SecretSpec:
-    type: "object"
-    properties:
-      Name:
-        description: "User-defined name of the secret."
-        type: "string"
-      Labels:
-        description: "User-defined key/value metadata."
-        type: "object"
-        additionalProperties:
-          type: "string"
-        example:
-          com.example.some-label: "some-value"
-          com.example.some-other-label: "some-other-value"
-      Data:
-        description: |
-          Data is the data to store as a secret, formatted as a Base64-url-safe-encoded
-          ([RFC 4648](https://tools.ietf.org/html/rfc4648#section-5)) string.
-          It must be empty if the Driver field is set, in which case the data is
-          loaded from an external secret store. The maximum allowed size is 500KB,
-          as defined in [MaxSecretSize](https://pkg.go.dev/github.com/moby/swarmkit/v2@v2.0.0-20250103191802-8c1959736554/api/validation#MaxSecretSize).
-
-          This field is only used to _create_ a secret, and is not returned by
-          other endpoints.
-        type: "string"
-        example: ""
-      Driver:
-        description: |
-          Name of the secrets driver used to fetch the secret's value from an
-          external secret store.
-        $ref: "#/definitions/Driver"
-      Templating:
-        description: |
-          Templating driver, if applicable
-
-          Templating controls whether and how to evaluate the config payload as
-          a template. If no driver is set, no templating is used.
-        $ref: "#/definitions/Driver"
-
-  Secret:
-    type: "object"
-    properties:
-      ID:
-        type: "string"
-        example: "blt1owaxmitz71s9v5zh81zun"
-      Version:
-        $ref: "#/definitions/ObjectVersion"
-      CreatedAt:
-        type: "string"
-        format: "dateTime"
-        example: "2017-07-20T13:55:28.678958722Z"
-      UpdatedAt:
-        type: "string"
-        format: "dateTime"
-        example: "2017-07-20T13:55:28.678958722Z"
-      Spec:
-        $ref: "#/definitions/SecretSpec"
-
-  ConfigSpec:
-    type: "object"
-    properties:
-      Name:
-        description: "User-defined name of the config."
-        type: "string"
-      Labels:
-        description: "User-defined key/value metadata."
-        type: "object"
-        additionalProperties:
-          type: "string"
-      Data:
-        description: |
-          Data is the data to store as a config, formatted as a Base64-url-safe-encoded
-          ([RFC 4648](https://tools.ietf.org/html/rfc4648#section-5)) string.
-          The maximum allowed size is 1000KB, as defined in [MaxConfigSize](https://pkg.go.dev/github.com/moby/swarmkit/v2@v2.0.0-20250103191802-8c1959736554/manager/controlapi#MaxConfigSize).
-        type: "string"
-      Templating:
-        description: |
-          Templating driver, if applicable
-
-          Templating controls whether and how to evaluate the config payload as
-          a template. If no driver is set, no templating is used.
-        $ref: "#/definitions/Driver"
-
-  Config:
-    type: "object"
-    properties:
-      ID:
-        type: "string"
-      Version:
-        $ref: "#/definitions/ObjectVersion"
-      CreatedAt:
-        type: "string"
-        format: "dateTime"
-      UpdatedAt:
-        type: "string"
-        format: "dateTime"
-      Spec:
-        $ref: "#/definitions/ConfigSpec"
-
-  ContainerState:
-    description: |
-      ContainerState stores container's running state. It's part of ContainerJSONBase
-      and will be returned by the "inspect" command.
-    type: "object"
-    x-nullable: true
-    properties:
-      Status:
-        description: |
-          String representation of the container state. Can be one of "created",
-          "running", "paused", "restarting", "removing", "exited", or "dead".
-        type: "string"
-        enum: ["created", "running", "paused", "restarting", "removing", "exited", "dead"]
-        example: "running"
-      Running:
-        description: |
-          Whether this container is running.
-
-          Note that a running container can be _paused_. The `Running` and `Paused`
-          booleans are not mutually exclusive:
-
-          When pausing a container (on Linux), the freezer cgroup is used to suspend
-          all processes in the container. Freezing the process requires the process to
-          be running. As a result, paused containers are both `Running` _and_ `Paused`.
-
-          Use the `Status` field instead to determine if a container's state is "running".
-        type: "boolean"
-        example: true
-      Paused:
-        description: "Whether this container is paused."
-        type: "boolean"
-        example: false
-      Restarting:
-        description: "Whether this container is restarting."
-        type: "boolean"
-        example: false
-      OOMKilled:
-        description: |
-          Whether a process within this container has been killed because it ran
-          out of memory since the container was last started.
-        type: "boolean"
-        example: false
-      Dead:
-        type: "boolean"
-        example: false
-      Pid:
-        description: "The process ID of this container"
-        type: "integer"
-        example: 1234
-      ExitCode:
-        description: "The last exit code of this container"
-        type: "integer"
-        example: 0
-      Error:
-        type: "string"
-      StartedAt:
-        description: "The time when this container was last started."
-        type: "string"
-        example: "2020-01-06T09:06:59.461876391Z"
-      FinishedAt:
-        description: "The time when this container last exited."
-        type: "string"
-        example: "2020-01-06T09:07:59.461876391Z"
-      Health:
-        $ref: "#/definitions/Health"
-
-  ContainerCreateResponse:
-    description: "OK response to ContainerCreate operation"
-    type: "object"
-    title: "ContainerCreateResponse"
-    x-go-name: "CreateResponse"
-    required: [Id, Warnings]
-    properties:
-      Id:
-        description: "The ID of the created container"
-        type: "string"
-        x-nullable: false
-        example: "ede54ee1afda366ab42f824e8a5ffd195155d853ceaec74a927f249ea270c743"
-      Warnings:
-        description: "Warnings encountered when creating the container"
-        type: "array"
-        x-nullable: false
-        items:
-          type: "string"
-        example: []
-
-  ContainerUpdateResponse:
-    type: "object"
-    title: "ContainerUpdateResponse"
-    x-go-name: "UpdateResponse"
-    description: |-
-      Response for a successful container-update.
-    properties:
-      Warnings:
-        type: "array"
-        description: |-
-          Warnings encountered when updating the container.
-        items:
-          type: "string"
-        example: ["Published ports are discarded when using host network mode"]
-
-  ContainerStatsResponse:
-    description: |
-      Statistics sample for a container.
-    type: "object"
-    x-go-name: "StatsResponse"
-    title: "ContainerStatsResponse"
-    properties:
-      name:
-        description: "Name of the container"
-        type: "string"
-        x-nullable: true
-        example: "boring_wozniak"
-      id:
-        description: "ID of the container"
-        type: "string"
-        x-nullable: true
-        example: "ede54ee1afda366ab42f824e8a5ffd195155d853ceaec74a927f249ea270c743"
-      read:
-        description: |
-          Date and time at which this sample was collected.
-          The value is formatted as [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt)
-          with nano-seconds.
-        type: "string"
-        format: "date-time"
-        example: "2025-01-16T13:55:22.165243637Z"
-      preread:
-        description: |
-          Date and time at which this first sample was collected. This field
-          is not propagated if the "one-shot" option is set. If the "one-shot"
-          option is set, this field may be omitted, empty, or set to a default
-          date (`0001-01-01T00:00:00Z`).
-
-          The value is formatted as [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt)
-          with nano-seconds.
-        type: "string"
-        format: "date-time"
-        example: "2025-01-16T13:55:21.160452595Z"
-      pids_stats:
-        $ref: "#/definitions/ContainerPidsStats"
-      blkio_stats:
-        $ref: "#/definitions/ContainerBlkioStats"
-      num_procs:
-        description: |
-          The number of processors on the system.
-
-          This field is Windows-specific and always zero for Linux containers.
-        type: "integer"
-        format: "uint32"
-        example: 16
-      storage_stats:
-        $ref: "#/definitions/ContainerStorageStats"
-      cpu_stats:
-        $ref: "#/definitions/ContainerCPUStats"
-      precpu_stats:
-        $ref: "#/definitions/ContainerCPUStats"
-      memory_stats:
-        $ref: "#/definitions/ContainerMemoryStats"
-      networks:
-        description: |
-          Network statistics for the container per interface.
-
-          This field is omitted if the container has no networking enabled.
-        x-nullable: true
-        additionalProperties:
-          $ref: "#/definitions/ContainerNetworkStats"
-        example:
-          eth0:
-            rx_bytes: 5338
-            rx_dropped: 0
-            rx_errors: 0
-            rx_packets: 36
-            tx_bytes: 648
-            tx_dropped: 0
-            tx_errors: 0
-            tx_packets: 8
-          eth5:
-            rx_bytes: 4641
-            rx_dropped: 0
-            rx_errors: 0
-            rx_packets: 26
-            tx_bytes: 690
-            tx_dropped: 0
-            tx_errors: 0
-            tx_packets: 9
-
-  ContainerBlkioStats:
-    description: |
-      BlkioStats stores all IO service stats for data read and write.
-
-      This type is Linux-specific and holds many fields that are specific to cgroups v1.
-      On a cgroup v2 host, all fields other than `io_service_bytes_recursive`
-      are omitted or `null`.
-
-      This type is only populated on Linux and omitted for Windows containers.
-    type: "object"
-    x-go-name: "BlkioStats"
-    x-nullable: true
-    properties:
-      io_service_bytes_recursive:
-        type: "array"
-        items:
-          $ref: "#/definitions/ContainerBlkioStatEntry"
-      io_serviced_recursive:
-        description: |
-          This field is only available when using Linux containers with
-          cgroups v1. It is omitted or `null` when using cgroups v2.
-        x-nullable: true
-        type: "array"
-        items:
-          $ref: "#/definitions/ContainerBlkioStatEntry"
-      io_queue_recursive:
-        description: |
-          This field is only available when using Linux containers with
-          cgroups v1. It is omitted or `null` when using cgroups v2.
-        x-nullable: true
-        type: "array"
-        items:
-          $ref: "#/definitions/ContainerBlkioStatEntry"
-      io_service_time_recursive:
-        description: |
-          This field is only available when using Linux containers with
-          cgroups v1. It is omitted or `null` when using cgroups v2.
-        x-nullable: true
-        type: "array"
-        items:
-          $ref: "#/definitions/ContainerBlkioStatEntry"
-      io_wait_time_recursive:
-        description: |
-          This field is only available when using Linux containers with
-          cgroups v1. It is omitted or `null` when using cgroups v2.
-        x-nullable: true
-        type: "array"
-        items:
-          $ref: "#/definitions/ContainerBlkioStatEntry"
-      io_merged_recursive:
-        description: |
-          This field is only available when using Linux containers with
-          cgroups v1. It is omitted or `null` when using cgroups v2.
-        x-nullable: true
-        type: "array"
-        items:
-          $ref: "#/definitions/ContainerBlkioStatEntry"
-      io_time_recursive:
-        description: |
-          This field is only available when using Linux containers with
-          cgroups v1. It is omitted or `null` when using cgroups v2.
-        x-nullable: true
-        type: "array"
-        items:
-          $ref: "#/definitions/ContainerBlkioStatEntry"
-      sectors_recursive:
-        description: |
-          This field is only available when using Linux containers with
-          cgroups v1. It is omitted or `null` when using cgroups v2.
-        x-nullable: true
-        type: "array"
-        items:
-          $ref: "#/definitions/ContainerBlkioStatEntry"
-    example:
-      io_service_bytes_recursive: [
-        {"major": 254, "minor": 0, "op": "read", "value": 7593984},
-        {"major": 254, "minor": 0, "op": "write", "value": 100}
-      ]
-      io_serviced_recursive: null
-      io_queue_recursive: null
-      io_service_time_recursive: null
-      io_wait_time_recursive: null
-      io_merged_recursive: null
-      io_time_recursive: null
-      sectors_recursive: null
-
-  ContainerBlkioStatEntry:
-    description: |
-      Blkio stats entry.
-
-      This type is Linux-specific and omitted for Windows containers.
-    type: "object"
-    x-go-name: "BlkioStatEntry"
-    x-nullable: true
-    properties:
-      major:
-        type: "integer"
-        format: "uint64"
-        example: 254
-      minor:
-        type: "integer"
-        format: "uint64"
-        example: 0
-      op:
-        type: "string"
-        example: "read"
-      value:
-        type: "integer"
-        format: "uint64"
-        example: 7593984
-
-  ContainerCPUStats:
-    description: |
-      CPU related info of the container
-    type: "object"
-    x-go-name: "CPUStats"
-    x-nullable: true
-    properties:
-      cpu_usage:
-        $ref: "#/definitions/ContainerCPUUsage"
-      system_cpu_usage:
-        description: |
-          System Usage.
-
-          This field is Linux-specific and omitted for Windows containers.
-        type: "integer"
-        format: "uint64"
-        x-nullable: true
-        example: 5
-      online_cpus:
-        description: |
-          Number of online CPUs.
-
-          This field is Linux-specific and omitted for Windows containers.
-        type: "integer"
-        format: "uint32"
-        x-nullable: true
-        example: 5
-      throttling_data:
-        $ref: "#/definitions/ContainerThrottlingData"
-
-  ContainerCPUUsage:
-    description: |
-      All CPU stats aggregated since container inception.
-    type: "object"
-    x-go-name: "CPUUsage"
-    x-nullable: true
-    properties:
-      total_usage:
-        description: |
-          Total CPU time consumed in nanoseconds (Linux) or 100's of nanoseconds (Windows).
-        type: "integer"
-        format: "uint64"
-        example: 29912000
-      percpu_usage:
-        description: |
-          Total CPU time (in nanoseconds) consumed per core (Linux).
-
-          This field is Linux-specific when using cgroups v1. It is omitted
-          when using cgroups v2 and Windows containers.
-        type: "array"
-        x-nullable: true
-        items:
-          type: "integer"
-          format: "uint64"
-          example: 29912000
-
-      usage_in_kernelmode:
-        description: |
-          Time (in nanoseconds) spent by tasks of the cgroup in kernel mode (Linux),
-          or time spent (in 100's of nanoseconds) by all container processes in
-          kernel mode (Windows).
-
-          Not populated for Windows containers using Hyper-V isolation.
-        type: "integer"
-        format: "uint64"
-        example: 21994000
-      usage_in_usermode:
-        description: |
-          Time (in nanoseconds) spent by tasks of the cgroup in user mode (Linux),
-          or time spent (in 100's of nanoseconds) by all container processes in
-          kernel mode (Windows).
-
-          Not populated for Windows containers using Hyper-V isolation.
-        type: "integer"
-        format: "uint64"
-        example: 7918000
-
-  ContainerPidsStats:
-    description: |
-      PidsStats contains Linux-specific stats of a container's process-IDs (PIDs).
-
-      This type is Linux-specific and omitted for Windows containers.
-    type: "object"
-    x-go-name: "PidsStats"
-    x-nullable: true
-    properties:
-      current:
-        description: |
-          Current is the number of PIDs in the cgroup.
-        type: "integer"
-        format: "uint64"
-        x-nullable: true
-        example: 5
-      limit:
-        description: |
-          Limit is the hard limit on the number of pids in the cgroup.
-          A "Limit" of 0 means that there is no limit.
-        type: "integer"
-        format: "uint64"
-        x-nullable: true
-        example: "18446744073709551615"
-
-  ContainerThrottlingData:
-    description: |
-      CPU throttling stats of the container.
-
-      This type is Linux-specific and omitted for Windows containers.
-    type: "object"
-    x-go-name: "ThrottlingData"
-    x-nullable: true
-    properties:
-      periods:
-        description: |
-          Number of periods with throttling active.
-        type: "integer"
-        format: "uint64"
-        example: 0
-      throttled_periods:
-        description: |
-          Number of periods when the container hit its throttling limit.
-        type: "integer"
-        format: "uint64"
-        example: 0
-      throttled_time:
-        description: |
-          Aggregated time (in nanoseconds) the container was throttled for.
-        type: "integer"
-        format: "uint64"
-        example: 0
-
-  ContainerMemoryStats:
-    description: |
-      Aggregates all memory stats since container inception on Linux.
-      Windows returns stats for commit and private working set only.
-    type: "object"
-    x-go-name: "MemoryStats"
-    properties:
-      usage:
-        description: |
-          Current `res_counter` usage for memory.
-
-          This field is Linux-specific and omitted for Windows containers.
-        type: "integer"
-        format: "uint64"
-        x-nullable: true
-        example: 0
-      max_usage:
-        description: |
-          Maximum usage ever recorded.
-
-          This field is Linux-specific and only supported on cgroups v1.
-          It is omitted when using cgroups v2 and for Windows containers.
-        type: "integer"
-        format: "uint64"
-        x-nullable: true
-        example: 0
-      stats:
-        description: |
-          All the stats exported via memory.stat. when using cgroups v2.
-
-          This field is Linux-specific and omitted for Windows containers.
-        type: "object"
-        additionalProperties:
-          type: "integer"
-          format: "uint64"
-          x-nullable: true
-        example:
-          {
-            "active_anon": 1572864,
-            "active_file": 5115904,
-            "anon": 1572864,
-            "anon_thp": 0,
-            "file": 7626752,
-            "file_dirty": 0,
-            "file_mapped": 2723840,
-            "file_writeback": 0,
-            "inactive_anon": 0,
-            "inactive_file": 2510848,
-            "kernel_stack": 16384,
-            "pgactivate": 0,
-            "pgdeactivate": 0,
-            "pgfault": 2042,
-            "pglazyfree": 0,
-            "pglazyfreed": 0,
-            "pgmajfault": 45,
-            "pgrefill": 0,
-            "pgscan": 0,
-            "pgsteal": 0,
-            "shmem": 0,
-            "slab": 1180928,
-            "slab_reclaimable": 725576,
-            "slab_unreclaimable": 455352,
-            "sock": 0,
-            "thp_collapse_alloc": 0,
-            "thp_fault_alloc": 1,
-            "unevictable": 0,
-            "workingset_activate": 0,
-            "workingset_nodereclaim": 0,
-            "workingset_refault": 0
-          }
-      failcnt:
-        description: |
-          Number of times memory usage hits limits.
-
-          This field is Linux-specific and only supported on cgroups v1.
-          It is omitted when using cgroups v2 and for Windows containers.
-        type: "integer"
-        format: "uint64"
-        x-nullable: true
-        example: 0
-      limit:
-        description: |
-          This field is Linux-specific and omitted for Windows containers.
-        type: "integer"
-        format: "uint64"
-        x-nullable: true
-        example: 8217579520
-      commitbytes:
-        description: |
-          Committed bytes.
-
-          This field is Windows-specific and omitted for Linux containers.
-        type: "integer"
-        format: "uint64"
-        x-nullable: true
-        example: 0
-      commitpeakbytes:
-        description: |
-          Peak committed bytes.
-
-          This field is Windows-specific and omitted for Linux containers.
-        type: "integer"
-        format: "uint64"
-        x-nullable: true
-        example: 0
-      privateworkingset:
-        description: |
-          Private working set.
-
-          This field is Windows-specific and omitted for Linux containers.
-        type: "integer"
-        format: "uint64"
-        x-nullable: true
-        example: 0
-
-  ContainerNetworkStats:
-    description: |
-      Aggregates the network stats of one container
-    type: "object"
-    x-go-name: "NetworkStats"
-    x-nullable: true
-    properties:
-      rx_bytes:
-        description: |
-          Bytes received. Windows and Linux.
-        type: "integer"
-        format: "uint64"
-        example: 5338
-      rx_packets:
-        description: |
-          Packets received. Windows and Linux.
-        type: "integer"
-        format: "uint64"
-        example: 36
-      rx_errors:
-        description: |
-          Received errors. Not used on Windows.
-
-          This field is Linux-specific and always zero for Windows containers.
-        type: "integer"
-        format: "uint64"
-        example: 0
-      rx_dropped:
-        description: |
-          Incoming packets dropped. Windows and Linux.
-        type: "integer"
-        format: "uint64"
-        example: 0
-      tx_bytes:
-        description: |
-          Bytes sent. Windows and Linux.
-        type: "integer"
-        format: "uint64"
-        example: 1200
-      tx_packets:
-        description: |
-          Packets sent. Windows and Linux.
-        type: "integer"
-        format: "uint64"
-        example: 12
-      tx_errors:
-        description: |
-          Sent errors. Not used on Windows.
-
-          This field is Linux-specific and always zero for Windows containers.
-        type: "integer"
-        format: "uint64"
-        example: 0
-      tx_dropped:
-        description: |
-          Outgoing packets dropped. Windows and Linux.
-        type: "integer"
-        format: "uint64"
-        example: 0
-      endpoint_id:
-        description: |
-          Endpoint ID. Not used on Linux.
-
-          This field is Windows-specific and omitted for Linux containers.
-        type: "string"
-        x-nullable: true
-      instance_id:
-        description: |
-          Instance ID. Not used on Linux.
-
-          This field is Windows-specific and omitted for Linux containers.
-        type: "string"
-        x-nullable: true
-
-  ContainerStorageStats:
-    description: |
-      StorageStats is the disk I/O stats for read/write on Windows.
-
-      This type is Windows-specific and omitted for Linux containers.
-    type: "object"
-    x-go-name: "StorageStats"
-    x-nullable: true
-    properties:
-      read_count_normalized:
-        type: "integer"
-        format: "uint64"
-        x-nullable: true
-        example: 7593984
-      read_size_bytes:
-        type: "integer"
-        format: "uint64"
-        x-nullable: true
-        example: 7593984
-      write_count_normalized:
-        type: "integer"
-        format: "uint64"
-        x-nullable: true
-        example: 7593984
-      write_size_bytes:
-        type: "integer"
-        format: "uint64"
-        x-nullable: true
-        example: 7593984
-
-  ContainerTopResponse:
-    type: "object"
-    x-go-name: "TopResponse"
-    title: "ContainerTopResponse"
-    description: |-
-      Container "top" response.
-    properties:
-      Titles:
-        description: "The ps column titles"
-        type: "array"
-        items:
-          type: "string"
-        example:
-          Titles:
-            - "UID"
-            - "PID"
-            - "PPID"
-            - "C"
-            - "STIME"
-            - "TTY"
-            - "TIME"
-            - "CMD"
-      Processes:
-        description: |-
-          Each process running in the container, where each process
-          is an array of values corresponding to the titles.
-        type: "array"
-        items:
-          type: "array"
-          items:
-            type: "string"
-        example:
-          Processes:
-            -
-              - "root"
-              - "13642"
-              - "882"
-              - "0"
-              - "17:03"
-              - "pts/0"
-              - "00:00:00"
-              - "/bin/bash"
-            -
-              - "root"
-              - "13735"
-              - "13642"
-              - "0"
-              - "17:06"
-              - "pts/0"
-              - "00:00:00"
-              - "sleep 10"
-
-  ContainerWaitResponse:
-    description: "OK response to ContainerWait operation"
-    type: "object"
-    x-go-name: "WaitResponse"
-    title: "ContainerWaitResponse"
-    required: [StatusCode]
-    properties:
-      StatusCode:
-        description: "Exit code of the container"
-        type: "integer"
-        format: "int64"
-        x-nullable: false
-      Error:
-        $ref: "#/definitions/ContainerWaitExitError"
-
-  ContainerWaitExitError:
-    description: "container waiting error, if any"
-    type: "object"
-    x-go-name: "WaitExitError"
-    properties:
-      Message:
-        description: "Details of an error"
-        type: "string"
-
-  SystemVersion:
-    type: "object"
-    description: |
-      Response of Engine API: GET "/version"
-    properties:
-      Platform:
-        type: "object"
-        required: [Name]
-        properties:
-          Name:
-            type: "string"
-      Components:
-        type: "array"
-        description: |
-          Information about system components
-        items:
-          type: "object"
-          x-go-name: ComponentVersion
-          required: [Name, Version]
-          properties:
-            Name:
-              description: |
-                Name of the component
-              type: "string"
-              example: "Engine"
-            Version:
-              description: |
-                Version of the component
-              type: "string"
-              x-nullable: false
-              example: "27.0.1"
-            Details:
-              description: |
-                Key/value pairs of strings with additional information about the
-                component. These values are intended for informational purposes
-                only, and their content is not defined, and not part of the API
-                specification.
-
-                These messages can be printed by the client as information to the user.
-              type: "object"
-              x-nullable: true
-      Version:
-        description: "The version of the daemon"
-        type: "string"
-        example: "27.0.1"
-      ApiVersion:
-        description: |
-          The default (and highest) API version that is supported by the daemon
-        type: "string"
-        example: "1.47"
-      MinAPIVersion:
-        description: |
-          The minimum API version that is supported by the daemon
-        type: "string"
-        example: "1.24"
-      GitCommit:
-        description: |
-          The Git commit of the source code that was used to build the daemon
-        type: "string"
-        example: "48a66213fe"
-      GoVersion:
-        description: |
-          The version Go used to compile the daemon, and the version of the Go
-          runtime in use.
-        type: "string"
-        example: "go1.22.7"
-      Os:
-        description: |
-          The operating system that the daemon is running on ("linux" or "windows")
-        type: "string"
-        example: "linux"
-      Arch:
-        description: |
-          The architecture that the daemon is running on
-        type: "string"
-        example: "amd64"
-      KernelVersion:
-        description: |
-          The kernel version (`uname -r`) that the daemon is running on.
-
-          This field is omitted when empty.
-        type: "string"
-        example: "6.8.0-31-generic"
-      Experimental:
-        description: |
-          Indicates if the daemon is started with experimental features enabled.
-
-          This field is omitted when empty / false.
-        type: "boolean"
-        example: true
-      BuildTime:
-        description: |
-          The date and time that the daemon was compiled.
-        type: "string"
-        example: "2020-06-22T15:49:27.000000000+00:00"
-
-  SystemInfo:
-    type: "object"
-    properties:
-      ID:
-        description: |
-          Unique identifier of the daemon.
-
-          <p><br /></p>
-
-          > **Note**: The format of the ID itself is not part of the API, and
-          > should not be considered stable.
-        type: "string"
-        example: "7TRN:IPZB:QYBB:VPBQ:UMPP:KARE:6ZNR:XE6T:7EWV:PKF4:ZOJD:TPYS"
-      Containers:
-        description: "Total number of containers on the host."
-        type: "integer"
-        example: 14
-      ContainersRunning:
-        description: |
-          Number of containers with status `"running"`.
-        type: "integer"
-        example: 3
-      ContainersPaused:
-        description: |
-          Number of containers with status `"paused"`.
-        type: "integer"
-        example: 1
-      ContainersStopped:
-        description: |
-          Number of containers with status `"stopped"`.
-        type: "integer"
-        example: 10
-      Images:
-        description: |
-          Total number of images on the host.
-
-          Both _tagged_ and _untagged_ (dangling) images are counted.
-        type: "integer"
-        example: 508
-      Driver:
-        description: "Name of the storage driver in use."
-        type: "string"
-        example: "overlay2"
-      DriverStatus:
-        description: |
-          Information specific to the storage driver, provided as
-          "label" / "value" pairs.
-
-          This information is provided by the storage driver, and formatted
-          in a way consistent with the output of `docker info` on the command
-          line.
-
-          <p><br /></p>
-
-          > **Note**: The information returned in this field, including the
-          > formatting of values and labels, should not be considered stable,
-          > and may change without notice.
-        type: "array"
-        items:
-          type: "array"
-          items:
-            type: "string"
-        example:
-          - ["Backing Filesystem", "extfs"]
-          - ["Supports d_type", "true"]
-          - ["Native Overlay Diff", "true"]
-      DockerRootDir:
-        description: |
-          Root directory of persistent Docker state.
-
-          Defaults to `/var/lib/docker` on Linux, and `C:\ProgramData\docker`
-          on Windows.
-        type: "string"
-        example: "/var/lib/docker"
-      Plugins:
-        $ref: "#/definitions/PluginsInfo"
-      MemoryLimit:
-        description: "Indicates if the host has memory limit support enabled."
-        type: "boolean"
-        example: true
-      SwapLimit:
-        description: "Indicates if the host has memory swap limit support enabled."
-        type: "boolean"
-        example: true
-      KernelMemoryTCP:
-        description: |
-          Indicates if the host has kernel memory TCP limit support enabled. This
-          field is omitted if not supported.
-
-          Kernel memory TCP limits are not supported when using cgroups v2, which
-          does not support the corresponding `memory.kmem.tcp.limit_in_bytes` cgroup.
-
-          **Deprecated**: This field is deprecated as kernel 6.12 has deprecated kernel memory TCP accounting.
-        type: "boolean"
-        example: true
-      CpuCfsPeriod:
-        description: |
-          Indicates if CPU CFS(Completely Fair Scheduler) period is supported by
-          the host.
-        type: "boolean"
-        example: true
-      CpuCfsQuota:
-        description: |
-          Indicates if CPU CFS(Completely Fair Scheduler) quota is supported by
-          the host.
-        type: "boolean"
-        example: true
-      CPUShares:
-        description: |
-          Indicates if CPU Shares limiting is supported by the host.
-        type: "boolean"
-        example: true
-      CPUSet:
-        description: |
-          Indicates if CPUsets (cpuset.cpus, cpuset.mems) are supported by the host.
-
-          See [cpuset(7)](https://www.kernel.org/doc/Documentation/cgroup-v1/cpusets.txt)
-        type: "boolean"
-        example: true
-      PidsLimit:
-        description: "Indicates if the host kernel has PID limit support enabled."
-        type: "boolean"
-        example: true
-      OomKillDisable:
-        description: "Indicates if OOM killer disable is supported on the host."
-        type: "boolean"
-      IPv4Forwarding:
-        description: "Indicates IPv4 forwarding is enabled."
-        type: "boolean"
-        example: true
-      Debug:
-        description: |
-          Indicates if the daemon is running in debug-mode / with debug-level
-          logging enabled.
-        type: "boolean"
-        example: true
-      NFd:
-        description: |
-          The total number of file Descriptors in use by the daemon process.
-
-          This information is only returned if debug-mode is enabled.
-        type: "integer"
-        example: 64
-      NGoroutines:
-        description: |
-          The  number of goroutines that currently exist.
-
-          This information is only returned if debug-mode is enabled.
-        type: "integer"
-        example: 174
-      SystemTime:
-        description: |
-          Current system-time in [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt)
-          format with nano-seconds.
-        type: "string"
-        example: "2017-08-08T20:28:29.06202363Z"
-      LoggingDriver:
-        description: |
-          The logging driver to use as a default for new containers.
-        type: "string"
-      CgroupDriver:
-        description: |
-          The driver to use for managing cgroups.
-        type: "string"
-        enum: ["cgroupfs", "systemd", "none"]
-        default: "cgroupfs"
-        example: "cgroupfs"
-      CgroupVersion:
-        description: |
-          The version of the cgroup.
-        type: "string"
-        enum: ["1", "2"]
-        default: "1"
-        example: "1"
-      NEventsListener:
-        description: "Number of event listeners subscribed."
-        type: "integer"
-        example: 30
-      KernelVersion:
-        description: |
-          Kernel version of the host.
-
-          On Linux, this information obtained from `uname`. On Windows this
-          information is queried from the <kbd>HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\</kbd>
-          registry value, for example _"10.0 14393 (14393.1198.amd64fre.rs1_release_sec.170427-1353)"_.
-        type: "string"
-        example: "6.8.0-31-generic"
-      OperatingSystem:
-        description: |
-          Name of the host's operating system, for example: "Ubuntu 24.04 LTS"
-          or "Windows Server 2016 Datacenter"
-        type: "string"
-        example: "Ubuntu 24.04 LTS"
-      OSVersion:
-        description: |
-          Version of the host's operating system
-
-          <p><br /></p>
-
-          > **Note**: The information returned in this field, including its
-          > very existence, and the formatting of values, should not be considered
-          > stable, and may change without notice.
-        type: "string"
-        example: "24.04"
-      OSType:
-        description: |
-          Generic type of the operating system of the host, as returned by the
-          Go runtime (`GOOS`).
-
-          Currently returned values are "linux" and "windows". A full list of
-          possible values can be found in the [Go documentation](https://go.dev/doc/install/source#environment).
-        type: "string"
-        example: "linux"
-      Architecture:
-        description: |
-          Hardware architecture of the host, as returned by the Go runtime
-          (`GOARCH`).
-
-          A full list of possible values can be found in the [Go documentation](https://go.dev/doc/install/source#environment).
-        type: "string"
-        example: "x86_64"
-      NCPU:
-        description: |
-          The number of logical CPUs usable by the daemon.
-
-          The number of available CPUs is checked by querying the operating
-          system when the daemon starts. Changes to operating system CPU
-          allocation after the daemon is started are not reflected.
-        type: "integer"
-        example: 4
-      MemTotal:
-        description: |
-          Total amount of physical memory available on the host, in bytes.
-        type: "integer"
-        format: "int64"
-        example: 2095882240
-
-      IndexServerAddress:
-        description: |
-          Address / URL of the index server that is used for image search,
-          and as a default for user authentication for Docker Hub and Docker Cloud.
-        default: "https://index.docker.io/v1/"
-        type: "string"
-        example: "https://index.docker.io/v1/"
-      RegistryConfig:
-        $ref: "#/definitions/RegistryServiceConfig"
-      GenericResources:
-        $ref: "#/definitions/GenericResources"
-      HttpProxy:
-        description: |
-          HTTP-proxy configured for the daemon. This value is obtained from the
-          [`HTTP_PROXY`](https://www.gnu.org/software/wget/manual/html_node/Proxies.html) environment variable.
-          Credentials ([user info component](https://tools.ietf.org/html/rfc3986#section-3.2.1)) in the proxy URL
-          are masked in the API response.
-
-          Containers do not automatically inherit this configuration.
-        type: "string"
-        example: "http://xxxxx:xxxxx@proxy.corp.example.com:8080"
-      HttpsProxy:
-        description: |
-          HTTPS-proxy configured for the daemon. This value is obtained from the
-          [`HTTPS_PROXY`](https://www.gnu.org/software/wget/manual/html_node/Proxies.html) environment variable.
-          Credentials ([user info component](https://tools.ietf.org/html/rfc3986#section-3.2.1)) in the proxy URL
-          are masked in the API response.
-
-          Containers do not automatically inherit this configuration.
-        type: "string"
-        example: "https://xxxxx:xxxxx@proxy.corp.example.com:4443"
-      NoProxy:
-        description: |
-          Comma-separated list of domain extensions for which no proxy should be
-          used. This value is obtained from the [`NO_PROXY`](https://www.gnu.org/software/wget/manual/html_node/Proxies.html)
-          environment variable.
-
-          Containers do not automatically inherit this configuration.
-        type: "string"
-        example: "*.local, 169.254/16"
-      Name:
-        description: "Hostname of the host."
-        type: "string"
-        example: "node5.corp.example.com"
-      Labels:
-        description: |
-          User-defined labels (key/value metadata) as set on the daemon.
-
-          <p><br /></p>
-
-          > **Note**: When part of a Swarm, nodes can both have _daemon_ labels,
-          > set through the daemon configuration, and _node_ labels, set from a
-          > manager node in the Swarm. Node labels are not included in this
-          > field. Node labels can be retrieved using the `/nodes/(id)` endpoint
-          > on a manager node in the Swarm.
-        type: "array"
-        items:
-          type: "string"
-        example: ["storage=ssd", "production"]
-      ExperimentalBuild:
-        description: |
-          Indicates if experimental features are enabled on the daemon.
-        type: "boolean"
-        example: true
-      ServerVersion:
-        description: |
-          Version string of the daemon.
-        type: "string"
-        example: "27.0.1"
-      Runtimes:
-        description: |
-          List of [OCI compliant](https://github.com/opencontainers/runtime-spec)
-          runtimes configured on the daemon. Keys hold the "name" used to
-          reference the runtime.
-
-          The Docker daemon relies on an OCI compliant runtime (invoked via the
-          `containerd` daemon) as its interface to the Linux kernel namespaces,
-          cgroups, and SELinux.
-
-          The default runtime is `runc`, and automatically configured. Additional
-          runtimes can be configured by the user and will be listed here.
-        type: "object"
-        additionalProperties:
-          $ref: "#/definitions/Runtime"
-        default:
-          runc:
-            path: "runc"
-        example:
-          runc:
-            path: "runc"
-          runc-master:
-            path: "/go/bin/runc"
-          custom:
-            path: "/usr/local/bin/my-oci-runtime"
-            runtimeArgs: ["--debug", "--systemd-cgroup=false"]
-      DefaultRuntime:
-        description: |
-          Name of the default OCI runtime that is used when starting containers.
-
-          The default can be overridden per-container at create time.
-        type: "string"
-        default: "runc"
-        example: "runc"
-      Swarm:
-        $ref: "#/definitions/SwarmInfo"
-      LiveRestoreEnabled:
-        description: |
-          Indicates if live restore is enabled.
-
-          If enabled, containers are kept running when the daemon is shutdown
-          or upon daemon start if running containers are detected.
-        type: "boolean"
-        default: false
-        example: false
-      Isolation:
-        description: |
-          Represents the isolation technology to use as a default for containers.
-          The supported values are platform-specific.
-
-          If no isolation value is specified on daemon start, on Windows client,
-          the default is `hyperv`, and on Windows server, the default is `process`.
-
-          This option is currently not used on other platforms.
-        default: "default"
-        type: "string"
-        enum:
-          - "default"
-          - "hyperv"
-          - "process"
-          - ""
-      InitBinary:
-        description: |
-          Name and, optional, path of the `docker-init` binary.
-
-          If the path is omitted, the daemon searches the host's `$PATH` for the
-          binary and uses the first result.
-        type: "string"
-        example: "docker-init"
-      ContainerdCommit:
-        $ref: "#/definitions/Commit"
-      RuncCommit:
-        $ref: "#/definitions/Commit"
-      InitCommit:
-        $ref: "#/definitions/Commit"
-      SecurityOptions:
-        description: |
-          List of security features that are enabled on the daemon, such as
-          apparmor, seccomp, SELinux, user-namespaces (userns), rootless and
-          no-new-privileges.
-
-          Additional configuration options for each security feature may
-          be present, and are included as a comma-separated list of key/value
-          pairs.
-        type: "array"
-        items:
-          type: "string"
-        example:
-          - "name=apparmor"
-          - "name=seccomp,profile=default"
-          - "name=selinux"
-          - "name=userns"
-          - "name=rootless"
-      ProductLicense:
-        description: |
-          Reports a summary of the product license on the daemon.
-
-          If a commercial license has been applied to the daemon, information
-          such as number of nodes, and expiration are included.
-        type: "string"
-        example: "Community Engine"
-      DefaultAddressPools:
-        description: |
-          List of custom default address pools for local networks, which can be
-          specified in the daemon.json file or dockerd option.
-
-          Example: a Base "10.10.0.0/16" with Size 24 will define the set of 256
-          10.10.[0-255].0/24 address pools.
-        type: "array"
-        items:
-          type: "object"
-          properties:
-            Base:
-              description: "The network address in CIDR format"
-              type: "string"
-              example: "10.10.0.0/16"
-            Size:
-              description: "The network pool size"
-              type: "integer"
-              example: "24"
-      FirewallBackend:
-        $ref: "#/definitions/FirewallInfo"
-      DiscoveredDevices:
-        description: |
-          List of devices discovered by device drivers.
-
-          Each device includes information about its source driver, kind, name,
-          and additional driver-specific attributes.
-        type: "array"
-        items:
-          $ref: "#/definitions/DeviceInfo"
-      Warnings:
-        description: |
-          List of warnings / informational messages about missing features, or
-          issues related to the daemon configuration.
-
-          These messages can be printed by the client as information to the user.
-        type: "array"
-        items:
-          type: "string"
-        example:
-          - "WARNING: No memory limit support"
-      CDISpecDirs:
-        description: |
-          List of directories where (Container Device Interface) CDI
-          specifications are located.
-
-          These specifications define vendor-specific modifications to an OCI
-          runtime specification for a container being created.
-
-          An empty list indicates that CDI device injection is disabled.
-
-          Note that since using CDI device injection requires the daemon to have
-          experimental enabled. For non-experimental daemons an empty list will
-          always be returned.
-        type: "array"
-        items:
-          type: "string"
-        example:
-          - "/etc/cdi"
-          - "/var/run/cdi"
-      Containerd:
-        $ref: "#/definitions/ContainerdInfo"
-
-  ContainerdInfo:
-    description: |
-      Information for connecting to the containerd instance that is used by the daemon.
-      This is included for debugging purposes only.
-    type: "object"
-    x-nullable: true
-    properties:
-      Address:
-        description: "The address of the containerd socket."
-        type: "string"
-        example: "/run/containerd/containerd.sock"
-      Namespaces:
-        description: |
-          The namespaces that the daemon uses for running containers and
-          plugins in containerd. These namespaces can be configured in the
-          daemon configuration, and are considered to be used exclusively
-          by the daemon, Tampering with the containerd instance may cause
-          unexpected behavior.
-
-          As these namespaces are considered to be exclusively accessed
-          by the daemon, it is not recommended to change these values,
-          or to change them to a value that is used by other systems,
-          such as cri-containerd.
-        type: "object"
-        properties:
-          Containers:
-            description: |
-              The default containerd namespace used for containers managed
-              by the daemon.
-
-              The default namespace for containers is "moby", but will be
-              suffixed with the `<uid>.<gid>` of the remapped `root` if
-              user-namespaces are enabled and the containerd image-store
-              is used.
-            type: "string"
-            default: "moby"
-            example: "moby"
-          Plugins:
-            description: |
-              The default containerd namespace used for plugins managed by
-              the daemon.
-
-              The default namespace for plugins is "plugins.moby", but will be
-              suffixed with the `<uid>.<gid>` of the remapped `root` if
-              user-namespaces are enabled and the containerd image-store
-              is used.
-            type: "string"
-            default: "plugins.moby"
-            example: "plugins.moby"
-
-  FirewallInfo:
-    description: |
-      Information about the daemon's firewalling configuration.
-
-      This field is currently only used on Linux, and omitted on other platforms.
-    type: "object"
-    x-nullable: true
-    properties:
-      Driver:
-        description: |
-          The name of the firewall backend driver.
-        type: "string"
-        example: "nftables"
-      Info:
-        description: |
-          Information about the firewall backend, provided as
-          "label" / "value" pairs.
-
-          <p><br /></p>
-
-          > **Note**: The information returned in this field, including the
-          > formatting of values and labels, should not be considered stable,
-          > and may change without notice.
-        type: "array"
-        items:
-          type: "array"
-          items:
-            type: "string"
-        example:
-          - ["ReloadedAt", "2025-01-01T00:00:00Z"]
-
-  # PluginsInfo is a temp struct holding Plugins name
-  # registered with docker daemon. It is used by Info struct
-  PluginsInfo:
-    description: |
-      Available plugins per type.
-
-      <p><br /></p>
-
-      > **Note**: Only unmanaged (V1) plugins are included in this list.
-      > V1 plugins are "lazily" loaded, and are not returned in this list
-      > if there is no resource using the plugin.
-    type: "object"
-    properties:
-      Volume:
-        description: "Names of available volume-drivers, and network-driver plugins."
-        type: "array"
-        items:
-          type: "string"
-        example: ["local"]
-      Network:
-        description: "Names of available network-drivers, and network-driver plugins."
-        type: "array"
-        items:
-          type: "string"
-        example: ["bridge", "host", "ipvlan", "macvlan", "null", "overlay"]
-      Authorization:
-        description: "Names of available authorization plugins."
-        type: "array"
-        items:
-          type: "string"
-        example: ["img-authz-plugin", "hbm"]
-      Log:
-        description: "Names of available logging-drivers, and logging-driver plugins."
-        type: "array"
-        items:
-          type: "string"
-        example: ["awslogs", "fluentd", "gcplogs", "gelf", "journald", "json-file", "splunk", "syslog"]
-
-
-  RegistryServiceConfig:
-    description: |
-      RegistryServiceConfig stores daemon registry services configuration.
-    type: "object"
-    x-nullable: true
-    properties:
-      InsecureRegistryCIDRs:
-        description: |
-          List of IP ranges of insecure registries, using the CIDR syntax
-          ([RFC 4632](https://tools.ietf.org/html/4632)). Insecure registries
-          accept un-encrypted (HTTP) and/or untrusted (HTTPS with certificates
-          from unknown CAs) communication.
-
-          By default, local registries (`::1/128` and `127.0.0.0/8`) are configured as
-          insecure. All other registries are secure. Communicating with an
-          insecure registry is not possible if the daemon assumes that registry
-          is secure.
-
-          This configuration override this behavior, insecure communication with
-          registries whose resolved IP address is within the subnet described by
-          the CIDR syntax.
-
-          Registries can also be marked insecure by hostname. Those registries
-          are listed under `IndexConfigs` and have their `Secure` field set to
-          `false`.
-
-          > **Warning**: Using this option can be useful when running a local
-          > registry, but introduces security vulnerabilities. This option
-          > should therefore ONLY be used for testing purposes. For increased
-          > security, users should add their CA to their system's list of trusted
-          > CAs instead of enabling this option.
-        type: "array"
-        items:
-          type: "string"
-        example: ["::1/128", "127.0.0.0/8"]
-      IndexConfigs:
-        type: "object"
-        additionalProperties:
-          $ref: "#/definitions/IndexInfo"
-        example:
-          "127.0.0.1:5000":
-            "Name": "127.0.0.1:5000"
-            "Mirrors": []
-            "Secure": false
-            "Official": false
-          "[2001:db8:a0b:12f0::1]:80":
-            "Name": "[2001:db8:a0b:12f0::1]:80"
-            "Mirrors": []
-            "Secure": false
-            "Official": false
-          "docker.io":
-            Name: "docker.io"
-            Mirrors: ["https://hub-mirror.corp.example.com:5000/"]
-            Secure: true
-            Official: true
-          "registry.internal.corp.example.com:3000":
-            Name: "registry.internal.corp.example.com:3000"
-            Mirrors: []
-            Secure: false
-            Official: false
-      Mirrors:
-        description: |
-          List of registry URLs that act as a mirror for the official
-          (`docker.io`) registry.
-
-        type: "array"
-        items:
-          type: "string"
-        example:
-          - "https://hub-mirror.corp.example.com:5000/"
-          - "https://[2001:db8:a0b:12f0::1]/"
-
-  IndexInfo:
-    description:
-      IndexInfo contains information about a registry.
-    type: "object"
-    x-nullable: true
-    properties:
-      Name:
-        description: |
-          Name of the registry, such as "docker.io".
-        type: "string"
-        example: "docker.io"
-      Mirrors:
-        description: |
-          List of mirrors, expressed as URIs.
-        type: "array"
-        items:
-          type: "string"
-        example:
-          - "https://hub-mirror.corp.example.com:5000/"
-          - "https://registry-2.docker.io/"
-          - "https://registry-3.docker.io/"
-      Secure:
-        description: |
-          Indicates if the registry is part of the list of insecure
-          registries.
-
-          If `false`, the registry is insecure. Insecure registries accept
-          un-encrypted (HTTP) and/or untrusted (HTTPS with certificates from
-          unknown CAs) communication.
-
-          > **Warning**: Insecure registries can be useful when running a local
-          > registry. However, because its use creates security vulnerabilities
-          > it should ONLY be enabled for testing purposes. For increased
-          > security, users should add their CA to their system's list of
-          > trusted CAs instead of enabling this option.
-        type: "boolean"
-        example: true
-      Official:
-        description: |
-          Indicates whether this is an official registry (i.e., Docker Hub / docker.io)
-        type: "boolean"
-        example: true
-
-  Runtime:
-    description: |
-      Runtime describes an [OCI compliant](https://github.com/opencontainers/runtime-spec)
-      runtime.
-
-      The runtime is invoked by the daemon via the `containerd` daemon. OCI
-      runtimes act as an interface to the Linux kernel namespaces, cgroups,
-      and SELinux.
-    type: "object"
-    properties:
-      path:
-        description: |
-          Name and, optional, path, of the OCI executable binary.
-
-          If the path is omitted, the daemon searches the host's `$PATH` for the
-          binary and uses the first result.
-        type: "string"
-        example: "/usr/local/bin/my-oci-runtime"
-      runtimeArgs:
-        description: |
-          List of command-line arguments to pass to the runtime when invoked.
-        type: "array"
-        x-nullable: true
-        items:
-          type: "string"
-        example: ["--debug", "--systemd-cgroup=false"]
-      status:
-        description: |
-          Information specific to the runtime.
-
-          While this API specification does not define data provided by runtimes,
-          the following well-known properties may be provided by runtimes:
-
-          `org.opencontainers.runtime-spec.features`: features structure as defined
-          in the [OCI Runtime Specification](https://github.com/opencontainers/runtime-spec/blob/main/features.md),
-          in a JSON string representation.
-
-          <p><br /></p>
-
-          > **Note**: The information returned in this field, including the
-          > formatting of values and labels, should not be considered stable,
-          > and may change without notice.
-        type: "object"
-        x-nullable: true
-        additionalProperties:
-          type: "string"
-        example:
-          "org.opencontainers.runtime-spec.features": "{\"ociVersionMin\":\"1.0.0\",\"ociVersionMax\":\"1.1.0\",\"...\":\"...\"}"
-
-  Commit:
-    description: |
-      Commit holds the Git-commit (SHA1) that a binary was built from, as
-      reported in the version-string of external tools, such as `containerd`,
-      or `runC`.
-    type: "object"
-    properties:
-      ID:
-        description: "Actual commit ID of external tool."
-        type: "string"
-        example: "cfb82a876ecc11b5ca0977d1733adbe58599088a"
-
-  SwarmInfo:
-    description: |
-      Represents generic information about swarm.
-    type: "object"
-    properties:
-      NodeID:
-        description: "Unique identifier of for this node in the swarm."
-        type: "string"
-        default: ""
-        example: "k67qz4598weg5unwwffg6z1m1"
-      NodeAddr:
-        description: |
-          IP address at which this node can be reached by other nodes in the
-          swarm.
-        type: "string"
-        default: ""
-        example: "10.0.0.46"
-      LocalNodeState:
-        $ref: "#/definitions/LocalNodeState"
-      ControlAvailable:
-        type: "boolean"
-        default: false
-        example: true
-      Error:
-        type: "string"
-        default: ""
-      RemoteManagers:
-        description: |
-          List of ID's and addresses of other managers in the swarm.
-        type: "array"
-        default: null
-        x-nullable: true
-        items:
-          $ref: "#/definitions/PeerNode"
-        example:
-          - NodeID: "71izy0goik036k48jg985xnds"
-            Addr: "10.0.0.158:2377"
-          - NodeID: "79y6h1o4gv8n120drcprv5nmc"
-            Addr: "10.0.0.159:2377"
-          - NodeID: "k67qz4598weg5unwwffg6z1m1"
-            Addr: "10.0.0.46:2377"
-      Nodes:
-        description: "Total number of nodes in the swarm."
-        type: "integer"
-        x-nullable: true
-        example: 4
-      Managers:
-        description: "Total number of managers in the swarm."
-        type: "integer"
-        x-nullable: true
-        example: 3
-      Cluster:
-        $ref: "#/definitions/ClusterInfo"
-
-  LocalNodeState:
-    description: "Current local status of this node."
-    type: "string"
-    default: ""
-    enum:
-      - ""
-      - "inactive"
-      - "pending"
-      - "active"
-      - "error"
-      - "locked"
-    example: "active"
-
-  PeerNode:
-    description: "Represents a peer-node in the swarm"
-    type: "object"
-    properties:
-      NodeID:
-        description: "Unique identifier of for this node in the swarm."
-        type: "string"
-      Addr:
-        description: |
-          IP address and ports at which this node can be reached.
-        type: "string"
-
-  NetworkAttachmentConfig:
-    description: |
-      Specifies how a service should be attached to a particular network.
-    type: "object"
-    properties:
-      Target:
-        description: |
-          The target network for attachment. Must be a network name or ID.
-        type: "string"
-      Aliases:
-        description: |
-          Discoverable alternate names for the service on this network.
-        type: "array"
-        items:
-          type: "string"
-      DriverOpts:
-        description: |
-          Driver attachment options for the network target.
-        type: "object"
-        additionalProperties:
-          type: "string"
-
-  EventActor:
-    description: |
-      Actor describes something that generates events, like a container, network,
-      or a volume.
-    type: "object"
-    properties:
-      ID:
-        description: "The ID of the object emitting the event"
-        type: "string"
-        example: "ede54ee1afda366ab42f824e8a5ffd195155d853ceaec74a927f249ea270c743"
-      Attributes:
-        description: |
-          Various key/value attributes of the object, depending on its type.
-        type: "object"
-        additionalProperties:
-          type: "string"
-        example:
-          com.example.some-label: "some-label-value"
-          image: "alpine:latest"
-          name: "my-container"
-
-  EventMessage:
-    description: |
-      EventMessage represents the information an event contains.
-    type: "object"
-    title: "SystemEventsResponse"
-    properties:
-      Type:
-        description: "The type of object emitting the event"
-        type: "string"
-        enum: ["builder", "config", "container", "daemon", "image", "network", "node", "plugin", "secret", "service", "volume"]
-        example: "container"
-      Action:
-        description: "The type of event"
-        type: "string"
-        example: "create"
-      Actor:
-        $ref: "#/definitions/EventActor"
-      scope:
-        description: |
-          Scope of the event. Engine events are `local` scope. Cluster (Swarm)
-          events are `swarm` scope.
-        type: "string"
-        enum: ["local", "swarm"]
-      time:
-        description: "Timestamp of event"
-        type: "integer"
-        format: "int64"
-        example: 1629574695
-      timeNano:
-        description: "Timestamp of event, with nanosecond accuracy"
-        type: "integer"
-        format: "int64"
-        example: 1629574695515050031
-
-  OCIDescriptor:
-    type: "object"
-    x-go-name: Descriptor
-    description: |
-      A descriptor struct containing digest, media type, and size, as defined in
-      the [OCI Content Descriptors Specification](https://github.com/opencontainers/image-spec/blob/v1.0.1/descriptor.md).
-    properties:
-      mediaType:
-        description: |
-          The media type of the object this schema refers to.
-        type: "string"
-        example: "application/vnd.oci.image.manifest.v1+json"
-      digest:
-        description: |
-          The digest of the targeted content.
-        type: "string"
-        example: "sha256:c0537ff6a5218ef531ece93d4984efc99bbf3f7497c0a7726c88e2bb7584dc96"
-      size:
-        description: |
-          The size in bytes of the blob.
-        type: "integer"
-        format: "int64"
-        example: 424
-      urls:
-        description: |-
-          List of URLs from which this object MAY be downloaded.
-        type: "array"
-        items:
-          type: "string"
-          format: "uri"
-        x-nullable: true
-      annotations:
-        description: |-
-          Arbitrary metadata relating to the targeted content.
-        type: "object"
-        x-nullable: true
-        additionalProperties:
-          type: "string"
-        example:
-          "com.docker.official-images.bashbrew.arch": "amd64"
-          "org.opencontainers.image.base.digest": "sha256:0d0ef5c914d3ea700147da1bd050c59edb8bb12ca312f3800b29d7c8087eabd8"
-          "org.opencontainers.image.base.name": "scratch"
-          "org.opencontainers.image.created": "2025-01-27T00:00:00Z"
-          "org.opencontainers.image.revision": "9fabb4bad5138435b01857e2fe9363e2dc5f6a79"
-          "org.opencontainers.image.source": "https://git.launchpad.net/cloud-images/+oci/ubuntu-base"
-          "org.opencontainers.image.url": "https://hub.docker.com/_/ubuntu"
-          "org.opencontainers.image.version": "24.04"
-      data:
-        type: string
-        x-nullable: true
-        description: |-
-          Data is an embedding of the targeted content. This is encoded as a base64
-          string when marshalled to JSON (automatically, by encoding/json). If
-          present, Data can be used directly to avoid fetching the targeted content.
-        example: null
-      platform:
-        $ref: "#/definitions/OCIPlatform"
-      artifactType:
-        description: |-
-          ArtifactType is the IANA media type of this artifact.
-        type: "string"
-        x-nullable: true
-        example: null
-
-  OCIPlatform:
-    type: "object"
-    x-go-name: Platform
-    x-nullable: true
-    description: |
-      Describes the platform which the image in the manifest runs on, as defined
-      in the [OCI Image Index Specification](https://github.com/opencontainers/image-spec/blob/v1.0.1/image-index.md).
-    properties:
-      architecture:
-        description: |
-          The CPU architecture, for example `amd64` or `ppc64`.
-        type: "string"
-        example: "arm"
-      os:
-        description: |
-          The operating system, for example `linux` or `windows`.
-        type: "string"
-        example: "windows"
-      os.version:
-        description: |
-          Optional field specifying the operating system version, for example on
-          Windows `10.0.19041.1165`.
-        type: "string"
-        example: "10.0.19041.1165"
-      os.features:
-        description: |
-          Optional field specifying an array of strings, each listing a required
-          OS feature (for example on Windows `win32k`).
-        type: "array"
-        items:
-          type: "string"
-        example:
-          - "win32k"
-      variant:
-        description: |
-          Optional field specifying a variant of the CPU, for example `v7` to
-          specify ARMv7 when architecture is `arm`.
-        type: "string"
-        example: "v7"
-
-  DistributionInspect:
-    type: "object"
-    x-go-name: DistributionInspect
-    title: "DistributionInspectResponse"
-    required: [Descriptor, Platforms]
-    description: |
-      Describes the result obtained from contacting the registry to retrieve
-      image metadata.
-    properties:
-      Descriptor:
-        $ref: "#/definitions/OCIDescriptor"
-      Platforms:
-        type: "array"
-        description: |
-          An array containing all platforms supported by the image.
-        items:
-          $ref: "#/definitions/OCIPlatform"
-
-  ClusterVolume:
-    type: "object"
-    description: |
-      Options and information specific to, and only present on, Swarm CSI
-      cluster volumes.
-    properties:
-      ID:
-        type: "string"
-        description: |
-          The Swarm ID of this volume. Because cluster volumes are Swarm
-          objects, they have an ID, unlike non-cluster volumes. This ID can
-          be used to refer to the Volume instead of the name.
-      Version:
-        $ref: "#/definitions/ObjectVersion"
-      CreatedAt:
-        type: "string"
-        format: "dateTime"
-      UpdatedAt:
-        type: "string"
-        format: "dateTime"
-      Spec:
-        $ref: "#/definitions/ClusterVolumeSpec"
-      Info:
-        type: "object"
-        description: |
-          Information about the global status of the volume.
-        properties:
-          CapacityBytes:
-            type: "integer"
-            format: "int64"
-            description: |
-              The capacity of the volume in bytes. A value of 0 indicates that
-              the capacity is unknown.
-          VolumeContext:
-            type: "object"
-            description: |
-              A map of strings to strings returned from the storage plugin when
-              the volume is created.
-            additionalProperties:
-              type: "string"
-          VolumeID:
-            type: "string"
-            description: |
-              The ID of the volume as returned by the CSI storage plugin. This
-              is distinct from the volume's ID as provided by Docker. This ID
-              is never used by the user when communicating with Docker to refer
-              to this volume. If the ID is blank, then the Volume has not been
-              successfully created in the plugin yet.
-          AccessibleTopology:
-            type: "array"
-            description: |
-              The topology this volume is actually accessible from.
-            items:
-              $ref: "#/definitions/Topology"
-      PublishStatus:
-        type: "array"
-        description: |
-          The status of the volume as it pertains to its publishing and use on
-          specific nodes
-        items:
-          type: "object"
-          properties:
-            NodeID:
-              type: "string"
-              description: |
-                The ID of the Swarm node the volume is published on.
-            State:
-              type: "string"
-              description: |
-                The published state of the volume.
-                * `pending-publish` The volume should be published to this node, but the call to the controller plugin to do so has not yet been successfully completed.
-                * `published` The volume is published successfully to the node.
-                * `pending-node-unpublish` The volume should be unpublished from the node, and the manager is awaiting confirmation from the worker that it has done so.
-                * `pending-controller-unpublish` The volume is successfully unpublished from the node, but has not yet been successfully unpublished on the controller.
-              enum:
-                - "pending-publish"
-                - "published"
-                - "pending-node-unpublish"
-                - "pending-controller-unpublish"
-            PublishContext:
-              type: "object"
-              description: |
-                A map of strings to strings returned by the CSI controller
-                plugin when a volume is published.
-              additionalProperties:
-                type: "string"
-
-  ClusterVolumeSpec:
-    type: "object"
-    description: |
-      Cluster-specific options used to create the volume.
-    properties:
-      Group:
-        type: "string"
-        description: |
-          Group defines the volume group of this volume. Volumes belonging to
-          the same group can be referred to by group name when creating
-          Services.  Referring to a volume by group instructs Swarm to treat
-          volumes in that group interchangeably for the purpose of scheduling.
-          Volumes with an empty string for a group technically all belong to
-          the same, emptystring group.
-      AccessMode:
-        type: "object"
-        description: |
-          Defines how the volume is used by tasks.
-        properties:
-          Scope:
-            type: "string"
-            description: |
-              The set of nodes this volume can be used on at one time.
-              - `single` The volume may only be scheduled to one node at a time.
-              - `multi` the volume may be scheduled to any supported number of nodes at a time.
-            default: "single"
-            enum: ["single", "multi"]
-            x-nullable: false
-          Sharing:
-            type: "string"
-            description: |
-              The number and way that different tasks can use this volume
-              at one time.
-              - `none` The volume may only be used by one task at a time.
-              - `readonly` The volume may be used by any number of tasks, but they all must mount the volume as readonly
-              - `onewriter` The volume may be used by any number of tasks, but only one may mount it as read/write.
-              - `all` The volume may have any number of readers and writers.
-            default: "none"
-            enum: ["none", "readonly", "onewriter", "all"]
-            x-nullable: false
-          MountVolume:
-            type: "object"
-            description: |
-              Options for using this volume as a Mount-type volume.
-
-                  Either MountVolume or BlockVolume, but not both, must be
-                  present.
-                properties:
-                  FsType:
-                    type: "string"
-                    description: |
-                      Specifies the filesystem type for the mount volume.
-                      Optional.
-                  MountFlags:
-                    type: "array"
-                    description: |
-                      Flags to pass when mounting the volume. Optional.
-                    items:
-                      type: "string"
-              BlockVolume:
-                type: "object"
-                description: |
-                  Options for using this volume as a Block-type volume.
-                  Intentionally empty.
-          Secrets:
-            type: "array"
-            description: |
-              Swarm Secrets that are passed to the CSI storage plugin when
-              operating on this volume.
-            items:
-              type: "object"
-              description: |
-                One cluster volume secret entry. Defines a key-value pair that
-                is passed to the plugin.
-              properties:
-                Key:
-                  type: "string"
-                  description: |
-                    Key is the name of the key of the key-value pair passed to
-                    the plugin.
-                Secret:
-                  type: "string"
-                  description: |
-                    Secret is the swarm Secret object from which to read data.
-                    This can be a Secret name or ID. The Secret data is
-                    retrieved by swarm and used as the value of the key-value
-                    pair passed to the plugin.
-          AccessibilityRequirements:
-            type: "object"
-            description: |
-              Requirements for the accessible topology of the volume. These
-              fields are optional. For an in-depth description of what these
-              fields mean, see the CSI specification.
-            properties:
-              Requisite:
-                type: "array"
-                description: |
-                  A list of required topologies, at least one of which the
-                  volume must be accessible from.
-                items:
-                  $ref: "#/definitions/Topology"
-              Preferred:
-                type: "array"
-                description: |
-                  A list of topologies that the volume should attempt to be
-                  provisioned in.
-                items:
-                  $ref: "#/definitions/Topology"
-          CapacityRange:
-            type: "object"
-            description: |
-              The desired capacity that the volume should be created with. If
-              empty, the plugin will decide the capacity.
-            properties:
-              RequiredBytes:
-                type: "integer"
-                format: "int64"
-                description: |
-                  The volume must be at least this big. The value of 0
-                  indicates an unspecified minimum
-              LimitBytes:
-                type: "integer"
-                format: "int64"
-                description: |
-                  The volume must not be bigger than this. The value of 0
-                  indicates an unspecified maximum.
-          Availability:
-            type: "string"
-            description: |
-              The availability of the volume for use in tasks.
-              - `active` The volume is fully available for scheduling on the cluster
-              - `pause` No new workloads should use the volume, but existing workloads are not stopped.
-              - `drain` All workloads using this volume should be stopped and rescheduled, and no new ones should be started.
-            default: "active"
-            x-nullable: false
-            enum:
-              - "active"
-              - "pause"
-              - "drain"
-
-  Topology:
-    description: |
-      A map of topological domains to topological segments. For in depth
-      details, see documentation for the Topology object in the CSI
-      specification.
-    type: "object"
-    additionalProperties:
-      type: "string"
-
-  ImageManifestSummary:
-    x-go-name: "ManifestSummary"
-    description: |
-      ImageManifestSummary represents a summary of an image manifest.
-    type: "object"
-    required: ["ID", "Descriptor", "Available", "Size", "Kind"]
-    properties:
-      ID:
-        description: |
-          ID is the content-addressable ID of an image and is the same as the
-          digest of the image manifest.
-        type: "string"
-        example: "sha256:95869fbcf224d947ace8d61d0e931d49e31bb7fc67fffbbe9c3198c33aa8e93f"
-      Descriptor:
-        $ref: "#/definitions/OCIDescriptor"
-      Available:
-        description: Indicates whether all the child content (image config, layers) is fully available locally.
-        type: "boolean"
-        example: true
-      Size:
-        type: "object"
-        x-nullable: false
-        required: ["Content", "Total"]
-        properties:
-          Total:
-            type: "integer"
-            format: "int64"
-            example: 8213251
-            description: |
-              Total is the total size (in bytes) of all the locally present
-              data (both distributable and non-distributable) that's related to
-              this manifest and its children.
-              This equal to the sum of [Content] size AND all the sizes in the
-              [Size] struct present in the Kind-specific data struct.
-              For example, for an image kind (Kind == "image")
-              this would include the size of the image content and unpacked
-              image snapshots ([Size.Content] + [ImageData.Size.Unpacked]).
-          Content:
-            description: |
-              Content is the size (in bytes) of all the locally present
-              content in the content store (e.g. image config, layers)
-              referenced by this manifest and its children.
-              This only includes blobs in the content store.
-            type: "integer"
-            format: "int64"
-            example: 3987495
-      Kind:
-        type: "string"
-        example: "image"
-        enum:
-          - "image"
-          - "attestation"
-          - "unknown"
-        description: |
-          The kind of the manifest.
-
-          kind         | description
-          -------------|-----------------------------------------------------------
-          image        | Image manifest that can be used to start a container.
-          attestation  | Attestation manifest produced by the Buildkit builder for a specific image manifest.
-      ImageData:
-        description: |
-          The image data for the image manifest.
-          This field is only populated when Kind is "image".
-        type: "object"
-        x-nullable: true
-        x-omitempty: true
-        required: ["Platform", "Containers", "Size", "UnpackedSize"]
-        properties:
-          Platform:
-            $ref: "#/definitions/OCIPlatform"
-            description: |
-              OCI platform of the image. This will be the platform specified in the
-              manifest descriptor from the index/manifest list.
-              If it's not available, it will be obtained from the image config.
-          Containers:
-            description: |
-              The IDs of the containers that are using this image.
-            type: "array"
-            items:
-              type: "string"
-            example: ["ede54ee1fda366ab42f824e8a5ffd195155d853ceaec74a927f249ea270c7430", "abadbce344c096744d8d6071a90d474d28af8f1034b5ea9fb03c3f4bfc6d005e"]
-          Size:
-            type: "object"
-            x-nullable: false
-            required: ["Unpacked"]
-            properties:
-              Unpacked:
-                type: "integer"
-                format: "int64"
-                example: 3987495
-                description: |
-                  Unpacked is the size (in bytes) of the locally unpacked
-                  (uncompressed) image content that's directly usable by the containers
-                  running this image.
-                  It's independent of the distributable content - e.g.
-                  the image might still have an unpacked data that's still used by
-                  some container even when the distributable/compressed content is
-                  already gone.
-      AttestationData:
-        description: |
-          The image data for the attestation manifest.
-          This field is only populated when Kind is "attestation".
-        type: "object"
-        x-nullable: true
-        x-omitempty: true
-        required: ["For"]
-        properties:
-          For:
-            description: |
-              The digest of the image manifest that this attestation is for.
-            type: "string"
-            example: "sha256:95869fbcf224d947ace8d61d0e931d49e31bb7fc67fffbbe9c3198c33aa8e93f"
-
-paths:
-  /containers/json:
-    get:
-      summary: "List containers"
-      description: |
-        Returns a list of containers. For details on the format, see the
-        [inspect endpoint](#operation/ContainerInspect).
-
-        Note that it uses a different, smaller representation of a container
-        than inspecting a single container. For example, the list of linked
-        containers is not propagated .
-      operationId: "ContainerList"
-      produces:
-        - "application/json"
-      parameters:
-        - name: "all"
-          in: "query"
-          description: |
-            Return all containers. By default, only running containers are shown.
-          type: "boolean"
-          default: false
-        - name: "limit"
-          in: "query"
-          description: |
-            Return this number of most recently created containers, including
-            non-running ones.
-          type: "integer"
-        - name: "size"
-          in: "query"
-          description: |
-            Return the size of container as fields `SizeRw` and `SizeRootFs`.
-          type: "boolean"
-          default: false
-        - name: "filters"
-          in: "query"
-          description: |
-            Filters to process on the container list, encoded as JSON (a
-            `map[string][]string`). For example, `{"status": ["paused"]}` will
-            only return paused containers.
-
-            Available filters:
-
-            - `ancestor`=(`<image-name>[:<tag>]`, `<image id>`, or `<image@digest>`)
-            - `before`=(`<container id>` or `<container name>`)
-            - `expose`=(`<port>[/<proto>]`|`<startport-endport>/[<proto>]`)
-            - `exited=<int>` containers with exit code of `<int>`
-            - `health`=(`starting`|`healthy`|`unhealthy`|`none`)
-            - `id=<ID>` a container's ID
-            - `isolation=`(`default`|`process`|`hyperv`) (Windows daemon only)
-            - `is-task=`(`true`|`false`)
-            - `label=key` or `label="key=value"` of a container label
-            - `name=<name>` a container's name
-            - `network`=(`<network id>` or `<network name>`)
-            - `publish`=(`<port>[/<proto>]`|`<startport-endport>/[<proto>]`)
-            - `since`=(`<container id>` or `<container name>`)
-            - `status=`(`created`|`restarting`|`running`|`removing`|`paused`|`exited`|`dead`)
-            - `volume`=(`<volume name>` or `<mount point destination>`)
-          type: "string"
-      responses:
-        200:
-          description: "no error"
-          schema:
-            type: "array"
-            items:
-              $ref: "#/definitions/ContainerSummary"
-        400:
-          description: "bad parameter"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-        500:
-          description: "server error"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-      tags: ["Container"]
-  /containers/create:
-    post:
-      summary: "Create a container"
-      operationId: "ContainerCreate"
-      consumes:
-        - "application/json"
-        - "application/octet-stream"
-      produces:
-        - "application/json"
-      parameters:
-        - name: "name"
-          in: "query"
-          description: |
-            Assign the specified name to the container. Must match
-            `/?[a-zA-Z0-9][a-zA-Z0-9_.-]+`.
-          type: "string"
-          pattern: "^/?[a-zA-Z0-9][a-zA-Z0-9_.-]+$"
-        - name: "platform"
-          in: "query"
-          description: |
-            Platform in the format `os[/arch[/variant]]` used for image lookup.
-
-            When specified, the daemon checks if the requested image is present
-            in the local image cache with the given OS and Architecture, and
-            otherwise returns a `404` status.
-
-            If the option is not set, the host's native OS and Architecture are
-            used to look up the image in the image cache. However, if no platform
-            is passed and the given image does exist in the local image cache,
-            but its OS or architecture does not match, the container is created
-            with the available image, and a warning is added to the `Warnings`
-            field in the response, for example;
-
-                WARNING: The requested image's platform (linux/arm64/v8) does not
-                         match the detected host platform (linux/amd64) and no
-                         specific platform was requested
-
-          type: "string"
-          default: ""
-        - name: "body"
-          in: "body"
-          description: "Container to create"
-          schema:
-            allOf:
-              - $ref: "#/definitions/ContainerConfig"
-              - type: "object"
-                properties:
-                  HostConfig:
-                    $ref: "#/definitions/HostConfig"
-                  NetworkingConfig:
-                    $ref: "#/definitions/NetworkingConfig"
-            example:
-              Hostname: ""
-              Domainname: ""
-              User: ""
-              AttachStdin: false
-              AttachStdout: true
-              AttachStderr: true
-              Tty: false
-              OpenStdin: false
-              StdinOnce: false
-              Env:
-                - "FOO=bar"
-                - "BAZ=quux"
-              Cmd:
-                - "date"
-              Entrypoint: ""
-              Image: "ubuntu"
-              Labels:
-                com.example.vendor: "Acme"
-                com.example.license: "GPL"
-                com.example.version: "1.0"
-              Volumes:
-                /volumes/data: {}
-              WorkingDir: ""
-              NetworkDisabled: false
-              MacAddress: "12:34:56:78:9a:bc"
-              ExposedPorts:
-                22/tcp: {}
-              StopSignal: "SIGTERM"
-              StopTimeout: 10
-              HostConfig:
-                Binds:
-                  - "/tmp:/tmp"
-                Links:
-                  - "redis3:redis"
-                Memory: 0
-                MemorySwap: 0
-                MemoryReservation: 0
-                NanoCpus: 500000
-                CpuPercent: 80
-                CpuShares: 512
-                CpuPeriod: 100000
-                CpuRealtimePeriod: 1000000
-                CpuRealtimeRuntime: 10000
-                CpuQuota: 50000
-                CpusetCpus: "0,1"
-                CpusetMems: "0,1"
-                MaximumIOps: 0
-                MaximumIOBps: 0
-                BlkioWeight: 300
-                BlkioWeightDevice:
-                  - {}
-                BlkioDeviceReadBps:
-                  - {}
-                BlkioDeviceReadIOps:
-                  - {}
-                BlkioDeviceWriteBps:
-                  - {}
-                BlkioDeviceWriteIOps:
-                  - {}
-                DeviceRequests:
-                  - Driver: "nvidia"
-                    Count: -1
-                    DeviceIDs": ["0", "1", "GPU-fef8089b-4820-abfc-e83e-94318197576e"]
-                    Capabilities: [["gpu", "nvidia", "compute"]]
-                    Options:
-                      property1: "string"
-                      property2: "string"
-                MemorySwappiness: 60
-                OomKillDisable: false
-                OomScoreAdj: 500
-                PidMode: ""
-                PidsLimit: 0
-                PortBindings:
-                  22/tcp:
-                    - HostPort: "11022"
-                PublishAllPorts: false
-                Privileged: false
-                ReadonlyRootfs: false
-                Dns:
-                  - "8.8.8.8"
-                DnsOptions:
-                  - ""
-                DnsSearch:
-                  - ""
-                VolumesFrom:
-                  - "parent"
-                  - "other:ro"
-                CapAdd:
-                  - "NET_ADMIN"
-                CapDrop:
-                  - "MKNOD"
-                GroupAdd:
-                  - "newgroup"
-                RestartPolicy:
-                  Name: ""
-                  MaximumRetryCount: 0
-                AutoRemove: true
-                NetworkMode: "bridge"
-                Devices: []
-                Ulimits:
-                  - {}
-                LogConfig:
-                  Type: "json-file"
-                  Config: {}
-                SecurityOpt: []
-                StorageOpt: {}
-                CgroupParent: ""
-                VolumeDriver: ""
-                ShmSize: 67108864
-              NetworkingConfig:
-                EndpointsConfig:
-                  isolated_nw:
-                    IPAMConfig:
-                      IPv4Address: "172.20.30.33"
-                      IPv6Address: "2001:db8:abcd::3033"
-                      LinkLocalIPs:
-                        - "169.254.34.68"
-                        - "fe80::3468"
-                    Links:
-                      - "container_1"
-                      - "container_2"
-                    Aliases:
-                      - "server_x"
-                      - "server_y"
-                  database_nw: {}
-
-          required: true
-      responses:
-        201:
-          description: "Container created successfully"
-          schema:
-            $ref: "#/definitions/ContainerCreateResponse"
-        400:
-          description: "bad parameter"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-        404:
-          description: "no such image"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-          examples:
-            application/json:
-              message: "No such image: c2ada9df5af8"
-        409:
-          description: "conflict"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-        500:
-          description: "server error"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-      tags: ["Container"]
-  /containers/{id}/json:
-    get:
-      summary: "Inspect a container"
-      description: "Return low-level information about a container."
-      operationId: "ContainerInspect"
-      produces:
-        - "application/json"
-      responses:
-        200:
-          description: "no error"
-          schema:
-            $ref: "#/definitions/ContainerInspectResponse"
-        404:
-          description: "no such container"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-          examples:
-            application/json:
-              message: "No such container: c2ada9df5af8"
-        500:
-          description: "server error"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-      parameters:
-        - name: "id"
-          in: "path"
-          required: true
-          description: "ID or name of the container"
-          type: "string"
-        - name: "size"
-          in: "query"
-          type: "boolean"
-          default: false
-          description: "Return the size of container as fields `SizeRw` and `SizeRootFs`"
-      tags: ["Container"]
-  /containers/{id}/top:
-    get:
-      summary: "List processes running inside a container"
-      description: |
-        On Unix systems, this is done by running the `ps` command. This endpoint
-        is not supported on Windows.
-      operationId: "ContainerTop"
-      responses:
-        200:
-          description: "no error"
-          schema:
-            $ref: "#/definitions/ContainerTopResponse"
-        404:
-          description: "no such container"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-          examples:
-            application/json:
-              message: "No such container: c2ada9df5af8"
-        500:
-          description: "server error"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-      parameters:
-        - name: "id"
-          in: "path"
-          required: true
-          description: "ID or name of the container"
-          type: "string"
-        - name: "ps_args"
-          in: "query"
-          description: "The arguments to pass to `ps`. For example, `aux`"
-          type: "string"
-          default: "-ef"
-      tags: ["Container"]
-  /containers/{id}/logs:
-    get:
-      summary: "Get container logs"
-      description: |
-        Get `stdout` and `stderr` logs from a container.
-
-        Note: This endpoint works only for containers with the `json-file` or
-        `journald` logging driver.
-      produces:
-        - "application/vnd.docker.raw-stream"
-        - "application/vnd.docker.multiplexed-stream"
-      operationId: "ContainerLogs"
-      responses:
-        200:
-          description: |
-            logs returned as a stream in response body.
-            For the stream format, [see the documentation for the attach endpoint](#operation/ContainerAttach).
-            Note that unlike the attach endpoint, the logs endpoint does not
-            upgrade the connection and does not set Content-Type.
-          schema:
-            type: "string"
-            format: "binary"
-        404:
-          description: "no such container"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-          examples:
-            application/json:
-              message: "No such container: c2ada9df5af8"
-        500:
-          description: "server error"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-      parameters:
-        - name: "id"
-          in: "path"
-          required: true
-          description: "ID or name of the container"
-          type: "string"
-        - name: "follow"
-          in: "query"
-          description: "Keep connection after returning logs."
-          type: "boolean"
-          default: false
-        - name: "stdout"
-          in: "query"
-          description: "Return logs from `stdout`"
-          type: "boolean"
-          default: false
-        - name: "stderr"
-          in: "query"
-          description: "Return logs from `stderr`"
-          type: "boolean"
-          default: false
-        - name: "since"
-          in: "query"
-          description: "Only return logs since this time, as a UNIX timestamp"
-          type: "integer"
-          default: 0
-        - name: "until"
-          in: "query"
-          description: "Only return logs before this time, as a UNIX timestamp"
-          type: "integer"
-          default: 0
-        - name: "timestamps"
-          in: "query"
-          description: "Add timestamps to every log line"
-          type: "boolean"
-          default: false
-        - name: "tail"
-          in: "query"
-          description: |
-            Only return this number of log lines from the end of the logs.
-            Specify as an integer or `all` to output all log lines.
-          type: "string"
-          default: "all"
-      tags: ["Container"]
-  /containers/{id}/changes:
-    get:
-      summary: "Get changes on a container’s filesystem"
-      description: |
-        Returns which files in a container's filesystem have been added, deleted,
-        or modified. The `Kind` of modification can be one of:
-
-        - `0`: Modified ("C")
-        - `1`: Added ("A")
-        - `2`: Deleted ("D")
-      operationId: "ContainerChanges"
-      produces: ["application/json"]
-      responses:
-        200:
-          description: "The list of changes"
-          schema:
-            type: "array"
-            items:
-              $ref: "#/definitions/FilesystemChange"
-          examples:
-            application/json:
-              - Path: "/dev"
-                Kind: 0
-              - Path: "/dev/kmsg"
-                Kind: 1
-              - Path: "/test"
-                Kind: 1
-        404:
-          description: "no such container"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-          examples:
-            application/json:
-              message: "No such container: c2ada9df5af8"
-        500:
-          description: "server error"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-      parameters:
-        - name: "id"
-          in: "path"
-          required: true
-          description: "ID or name of the container"
-          type: "string"
-      tags: ["Container"]
-  /containers/{id}/export:
-    get:
-      summary: "Export a container"
-      description: "Export the contents of a container as a tarball."
-      operationId: "ContainerExport"
-      produces:
-        - "application/octet-stream"
-      responses:
-        200:
-          description: "no error"
-        404:
-          description: "no such container"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-          examples:
-            application/json:
-              message: "No such container: c2ada9df5af8"
-        500:
-          description: "server error"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-      parameters:
-        - name: "id"
-          in: "path"
-          required: true
-          description: "ID or name of the container"
-          type: "string"
-      tags: ["Container"]
-  /containers/{id}/stats:
-    get:
-      summary: "Get container stats based on resource usage"
-      description: |
-        This endpoint returns a live stream of a container’s resource usage
-        statistics.
-
-        The `precpu_stats` is the CPU statistic of the *previous* read, and is
-        used to calculate the CPU usage percentage. It is not an exact copy
-        of the `cpu_stats` field.
-
-        If either `precpu_stats.online_cpus` or `cpu_stats.online_cpus` is
-        nil then for compatibility with older daemons the length of the
-        corresponding `cpu_usage.percpu_usage` array should be used.
-
-        On a cgroup v2 host, the following fields are not set
-        * `blkio_stats`: all fields other than `io_service_bytes_recursive`
-        * `cpu_stats`: `cpu_usage.percpu_usage`
-        * `memory_stats`: `max_usage` and `failcnt`
-        Also, `memory_stats.stats` fields are incompatible with cgroup v1.
-
-        To calculate the values shown by the `stats` command of the docker cli tool
-        the following formulas can be used:
-        * used_memory = `memory_stats.usage - memory_stats.stats.cache`
-        * available_memory = `memory_stats.limit`
-        * Memory usage % = `(used_memory / available_memory) * 100.0`
-        * cpu_delta = `cpu_stats.cpu_usage.total_usage - precpu_stats.cpu_usage.total_usage`
-        * system_cpu_delta = `cpu_stats.system_cpu_usage - precpu_stats.system_cpu_usage`
-        * number_cpus = `length(cpu_stats.cpu_usage.percpu_usage)` or `cpu_stats.online_cpus`
-        * CPU usage % = `(cpu_delta / system_cpu_delta) * number_cpus * 100.0`
-      operationId: "ContainerStats"
-      produces: ["application/json"]
-      responses:
-        200:
-          description: "no error"
-          schema:
-            $ref: "#/definitions/ContainerStatsResponse"
-        404:
-          description: "no such container"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-          examples:
-            application/json:
-              message: "No such container: c2ada9df5af8"
-        500:
-          description: "server error"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-      parameters:
-        - name: "id"
-          in: "path"
-          required: true
-          description: "ID or name of the container"
-          type: "string"
-        - name: "stream"
-          in: "query"
-          description: |
-            Stream the output. If false, the stats will be output once and then
-            it will disconnect.
-          type: "boolean"
-          default: true
-        - name: "one-shot"
-          in: "query"
-          description: |
-            Only get a single stat instead of waiting for 2 cycles. Must be used
-            with `stream=false`.
-          type: "boolean"
-          default: false
-      tags: ["Container"]
-  /containers/{id}/resize:
-    post:
-      summary: "Resize a container TTY"
-      description: "Resize the TTY for a container."
-      operationId: "ContainerResize"
-      consumes:
-        - "application/octet-stream"
-      produces:
-        - "text/plain"
-      responses:
-        200:
-          description: "no error"
-        404:
-          description: "no such container"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-          examples:
-            application/json:
-              message: "No such container: c2ada9df5af8"
-        500:
-          description: "cannot resize container"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-      parameters:
-        - name: "id"
-          in: "path"
-          required: true
-          description: "ID or name of the container"
-          type: "string"
-        - name: "h"
-          in: "query"
-          required: true
-          description: "Height of the TTY session in characters"
-          type: "integer"
-        - name: "w"
-          in: "query"
-          required: true
-          description: "Width of the TTY session in characters"
-          type: "integer"
-      tags: ["Container"]
-  /containers/{id}/start:
-    post:
-      summary: "Start a container"
-      operationId: "ContainerStart"
-      responses:
-        204:
-          description: "no error"
-        304:
-          description: "container already started"
-        404:
-          description: "no such container"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-          examples:
-            application/json:
-              message: "No such container: c2ada9df5af8"
-        500:
-          description: "server error"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-      parameters:
-        - name: "id"
-          in: "path"
-          required: true
-          description: "ID or name of the container"
-          type: "string"
-        - name: "detachKeys"
-          in: "query"
-          description: |
-            Override the key sequence for detaching a container. Format is a
-            single character `[a-Z]` or `ctrl-<value>` where `<value>` is one
-            of: `a-z`, `@`, `^`, `[`, `,` or `_`.
-          type: "string"
-      tags: ["Container"]
-  /containers/{id}/stop:
-    post:
-      summary: "Stop a container"
-      operationId: "ContainerStop"
-      responses:
-        204:
-          description: "no error"
-        304:
-          description: "container already stopped"
-        404:
-          description: "no such container"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-          examples:
-            application/json:
-              message: "No such container: c2ada9df5af8"
-        500:
-          description: "server error"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-      parameters:
-        - name: "id"
-          in: "path"
-          required: true
-          description: "ID or name of the container"
-          type: "string"
-        - name: "signal"
-          in: "query"
-          description: |
-            Signal to send to the container as an integer or string (e.g. `SIGINT`).
-          type: "string"
-        - name: "t"
-          in: "query"
-          description: "Number of seconds to wait before killing the container"
-          type: "integer"
-      tags: ["Container"]
-  /containers/{id}/restart:
-    post:
-      summary: "Restart a container"
-      operationId: "ContainerRestart"
-      responses:
-        204:
-          description: "no error"
-        404:
-          description: "no such container"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-          examples:
-            application/json:
-              message: "No such container: c2ada9df5af8"
-        500:
-          description: "server error"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-      parameters:
-        - name: "id"
-          in: "path"
-          required: true
-          description: "ID or name of the container"
-          type: "string"
-        - name: "signal"
-          in: "query"
-          description: |
-            Signal to send to the container as an integer or string (e.g. `SIGINT`).
-          type: "string"
-        - name: "t"
-          in: "query"
-          description: "Number of seconds to wait before killing the container"
-          type: "integer"
-      tags: ["Container"]
-  /containers/{id}/kill:
-    post:
-      summary: "Kill a container"
-      description: |
-        Send a POSIX signal to a container, defaulting to killing to the
-        container.
-      operationId: "ContainerKill"
-      responses:
-        204:
-          description: "no error"
-        404:
-          description: "no such container"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-          examples:
-            application/json:
-              message: "No such container: c2ada9df5af8"
-        409:
-          description: "container is not running"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-          examples:
-            application/json:
-              message: "Container d37cde0fe4ad63c3a7252023b2f9800282894247d145cb5933ddf6e52cc03a28 is not running"
-        500:
-          description: "server error"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-      parameters:
-        - name: "id"
-          in: "path"
-          required: true
-          description: "ID or name of the container"
-          type: "string"
-        - name: "signal"
-          in: "query"
-          description: |
-            Signal to send to the container as an integer or string (e.g. `SIGINT`).
-          type: "string"
-          default: "SIGKILL"
-      tags: ["Container"]
-  /containers/{id}/update:
-    post:
-      summary: "Update a container"
-      description: |
-        Change various configuration options of a container without having to
-        recreate it.
-      operationId: "ContainerUpdate"
-      consumes: ["application/json"]
-      produces: ["application/json"]
-      responses:
-        200:
-          description: "The container has been updated."
-          schema:
-            $ref: "#/definitions/ContainerUpdateResponse"
-        404:
-          description: "no such container"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-          examples:
-            application/json:
-              message: "No such container: c2ada9df5af8"
-        500:
-          description: "server error"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-      parameters:
-        - name: "id"
-          in: "path"
-          required: true
-          description: "ID or name of the container"
-          type: "string"
-        - name: "update"
-          in: "body"
-          required: true
-          schema:
-            allOf:
-              - $ref: "#/definitions/Resources"
-              - type: "object"
-                properties:
-                  RestartPolicy:
-                    $ref: "#/definitions/RestartPolicy"
-            example:
-              BlkioWeight: 300
-              CpuShares: 512
-              CpuPeriod: 100000
-              CpuQuota: 50000
-              CpuRealtimePeriod: 1000000
-              CpuRealtimeRuntime: 10000
-              CpusetCpus: "0,1"
-              CpusetMems: "0"
-              Memory: 314572800
-              MemorySwap: 514288000
-              MemoryReservation: 209715200
-              RestartPolicy:
-                MaximumRetryCount: 4
-                Name: "on-failure"
-      tags: ["Container"]
-  /containers/{id}/rename:
-    post:
-      summary: "Rename a container"
-      operationId: "ContainerRename"
-      responses:
-        204:
-          description: "no error"
-        404:
-          description: "no such container"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-          examples:
-            application/json:
-              message: "No such container: c2ada9df5af8"
-        409:
-          description: "name already in use"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-        500:
-          description: "server error"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-      parameters:
-        - name: "id"
-          in: "path"
-          required: true
-          description: "ID or name of the container"
-          type: "string"
-        - name: "name"
-          in: "query"
-          required: true
-          description: "New name for the container"
-          type: "string"
-      tags: ["Container"]
-  /containers/{id}/pause:
-    post:
-      summary: "Pause a container"
-      description: |
-        Use the freezer cgroup to suspend all processes in a container.
-
-        Traditionally, when suspending a process the `SIGSTOP` signal is used,
-        which is observable by the process being suspended. With the freezer
-        cgroup the process is unaware, and unable to capture, that it is being
-        suspended, and subsequently resumed.
-      operationId: "ContainerPause"
-      responses:
-        204:
-          description: "no error"
-        404:
-          description: "no such container"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-          examples:
-            application/json:
-              message: "No such container: c2ada9df5af8"
-        500:
-          description: "server error"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-      parameters:
-        - name: "id"
-          in: "path"
-          required: true
-          description: "ID or name of the container"
-          type: "string"
-      tags: ["Container"]
-  /containers/{id}/unpause:
-    post:
-      summary: "Unpause a container"
-      description: "Resume a container which has been paused."
-      operationId: "ContainerUnpause"
-      responses:
-        204:
-          description: "no error"
-        404:
-          description: "no such container"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-          examples:
-            application/json:
-              message: "No such container: c2ada9df5af8"
-        500:
-          description: "server error"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-      parameters:
-        - name: "id"
-          in: "path"
-          required: true
-          description: "ID or name of the container"
-          type: "string"
-      tags: ["Container"]
-  /containers/{id}/attach:
-    post:
-      summary: "Attach to a container"
-      description: |
-        Attach to a container to read its output or send it input. You can attach
-        to the same container multiple times and you can reattach to containers
-        that have been detached.
-
-        Either the `stream` or `logs` parameter must be `true` for this endpoint
-        to do anything.
-
-        See the [documentation for the `docker attach` command](https://docs.docker.com/engine/reference/commandline/attach/)
-        for more details.
-
-        ### Hijacking
-
-        This endpoint hijacks the HTTP connection to transport `stdin`, `stdout`,
-        and `stderr` on the same socket.
-
-        This is the response from the daemon for an attach request:
-
-        ```
-        HTTP/1.1 200 OK
-        Content-Type: application/vnd.docker.raw-stream
-
-        [STREAM]
-        ```
-
-        After the headers and two new lines, the TCP connection can now be used
-        for raw, bidirectional communication between the client and server.
-
-        To hint potential proxies about connection hijacking, the Docker client
-        can also optionally send connection upgrade headers.
-
-        For example, the client sends this request to upgrade the connection:
-
-        ```
-        POST /containers/16253994b7c4/attach?stream=1&stdout=1 HTTP/1.1
-        Upgrade: tcp
-        Connection: Upgrade
-        ```
-
-        The Docker daemon will respond with a `101 UPGRADED` response, and will
-        similarly follow with the raw stream:
-
-        ```
-        HTTP/1.1 101 UPGRADED
-        Content-Type: application/vnd.docker.raw-stream
-        Connection: Upgrade
-        Upgrade: tcp
-
-        [STREAM]
-        ```
-
-        ### Stream format
-
-        When the TTY setting is disabled in [`POST /containers/create`](#operation/ContainerCreate),
-        the HTTP Content-Type header is set to application/vnd.docker.multiplexed-stream
-        and the stream over the hijacked connected is multiplexed to separate out
-        `stdout` and `stderr`. The stream consists of a series of frames, each
-        containing a header and a payload.
-
-        The header contains the information which the stream writes (`stdout` or
-        `stderr`). It also contains the size of the associated frame encoded in
-        the last four bytes (`uint32`).
-
-        It is encoded on the first eight bytes like this:
-
-        ```go
-        header := [8]byte{STREAM_TYPE, 0, 0, 0, SIZE1, SIZE2, SIZE3, SIZE4}
-        ```
-
-        `STREAM_TYPE` can be:
-
-        - 0: `stdin` (is written on `stdout`)
-        - 1: `stdout`
-        - 2: `stderr`
-
-        `SIZE1, SIZE2, SIZE3, SIZE4` are the four bytes of the `uint32` size
-        encoded as big endian.
-
-        Following the header is the payload, which is the specified number of
-        bytes of `STREAM_TYPE`.
-
-        The simplest way to implement this protocol is the following:
-
-        1. Read 8 bytes.
-        2. Choose `stdout` or `stderr` depending on the first byte.
-        3. Extract the frame size from the last four bytes.
-        4. Read the extracted size and output it on the correct output.
-        5. Goto 1.
-
-        ### Stream format when using a TTY
-
-        When the TTY setting is enabled in [`POST /containers/create`](#operation/ContainerCreate),
-        the stream is not multiplexed. The data exchanged over the hijacked
-        connection is simply the raw data from the process PTY and client's
-        `stdin`.
-
-      operationId: "ContainerAttach"
-      produces:
-        - "application/vnd.docker.raw-stream"
-        - "application/vnd.docker.multiplexed-stream"
-      responses:
-        101:
-          description: "no error, hints proxy about hijacking"
-        200:
-          description: "no error, no upgrade header found"
-        400:
-          description: "bad parameter"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-        404:
-          description: "no such container"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-          examples:
-            application/json:
-              message: "No such container: c2ada9df5af8"
-        500:
-          description: "server error"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-      parameters:
-        - name: "id"
-          in: "path"
-          required: true
-          description: "ID or name of the container"
-          type: "string"
-        - name: "detachKeys"
-          in: "query"
-          description: |
-            Override the key sequence for detaching a container.Format is a single
-            character `[a-Z]` or `ctrl-<value>` where `<value>` is one of: `a-z`,
-            `@`, `^`, `[`, `,` or `_`.
-          type: "string"
-        - name: "logs"
-          in: "query"
-          description: |
-            Replay previous logs from the container.
-
-            This is useful for attaching to a container that has started and you
-            want to output everything since the container started.
-
-            If `stream` is also enabled, once all the previous output has been
-            returned, it will seamlessly transition into streaming current
-            output.
-          type: "boolean"
-          default: false
-        - name: "stream"
-          in: "query"
-          description: |
-            Stream attached streams from the time the request was made onwards.
-          type: "boolean"
-          default: false
-        - name: "stdin"
-          in: "query"
-          description: "Attach to `stdin`"
-          type: "boolean"
-          default: false
-        - name: "stdout"
-          in: "query"
-          description: "Attach to `stdout`"
-          type: "boolean"
-          default: false
-        - name: "stderr"
-          in: "query"
-          description: "Attach to `stderr`"
-          type: "boolean"
-          default: false
-      tags: ["Container"]
-  /containers/{id}/attach/ws:
-    get:
-      summary: "Attach to a container via a websocket"
-      operationId: "ContainerAttachWebsocket"
-      responses:
-        101:
-          description: "no error, hints proxy about hijacking"
-        200:
-          description: "no error, no upgrade header found"
-        400:
-          description: "bad parameter"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-        404:
-          description: "no such container"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-          examples:
-            application/json:
-              message: "No such container: c2ada9df5af8"
-        500:
-          description: "server error"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-      parameters:
-        - name: "id"
-          in: "path"
-          required: true
-          description: "ID or name of the container"
-          type: "string"
-        - name: "detachKeys"
-          in: "query"
-          description: |
-            Override the key sequence for detaching a container.Format is a single
-            character `[a-Z]` or `ctrl-<value>` where `<value>` is one of: `a-z`,
-            `@`, `^`, `[`, `,`, or `_`.
-          type: "string"
-        - name: "logs"
-          in: "query"
-          description: "Return logs"
-          type: "boolean"
-          default: false
-        - name: "stream"
-          in: "query"
-          description: "Return stream"
-          type: "boolean"
-          default: false
-        - name: "stdin"
-          in: "query"
-          description: "Attach to `stdin`"
-          type: "boolean"
-          default: false
-        - name: "stdout"
-          in: "query"
-          description: "Attach to `stdout`"
-          type: "boolean"
-          default: false
-        - name: "stderr"
-          in: "query"
-          description: "Attach to `stderr`"
-          type: "boolean"
-          default: false
-      tags: ["Container"]
-  /containers/{id}/wait:
-    post:
-      summary: "Wait for a container"
-      description: "Block until a container stops, then returns the exit code."
-      operationId: "ContainerWait"
-      produces: ["application/json"]
-      responses:
-        200:
-          description: "The container has exit."
-          schema:
-            $ref: "#/definitions/ContainerWaitResponse"
-        400:
-          description: "bad parameter"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-        404:
-          description: "no such container"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-          examples:
-            application/json:
-              message: "No such container: c2ada9df5af8"
-        500:
-          description: "server error"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-      parameters:
-        - name: "id"
-          in: "path"
-          required: true
-          description: "ID or name of the container"
-          type: "string"
-        - name: "condition"
-          in: "query"
-          description: |
-            Wait until a container state reaches the given condition.
-
-            Defaults to `not-running` if omitted or empty.
-          type: "string"
-          enum:
-            - "not-running"
-            - "next-exit"
-            - "removed"
-          default: "not-running"
-      tags: ["Container"]
-  /containers/{id}:
-    delete:
-      summary: "Remove a container"
-      operationId: "ContainerDelete"
-      responses:
-        204:
-          description: "no error"
-        400:
-          description: "bad parameter"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-        404:
-          description: "no such container"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-          examples:
-            application/json:
-              message: "No such container: c2ada9df5af8"
-        409:
-          description: "conflict"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-          examples:
-            application/json:
-              message: |
-                You cannot remove a running container: c2ada9df5af8. Stop the
-                container before attempting removal or force remove
-        500:
-          description: "server error"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-      parameters:
-        - name: "id"
-          in: "path"
-          required: true
-          description: "ID or name of the container"
-          type: "string"
-        - name: "v"
-          in: "query"
-          description: "Remove anonymous volumes associated with the container."
-          type: "boolean"
-          default: false
-        - name: "force"
-          in: "query"
-          description: "If the container is running, kill it before removing it."
-          type: "boolean"
-          default: false
-        - name: "link"
-          in: "query"
-          description: "Remove the specified link associated with the container."
-          type: "boolean"
-          default: false
-      tags: ["Container"]
-  /containers/{id}/archive:
-    head:
-      summary: "Get information about files in a container"
-      description: |
-        A response header `X-Docker-Container-Path-Stat` is returned, containing
-        a base64 - encoded JSON object with some filesystem header information
-        about the path.
-      operationId: "ContainerArchiveInfo"
-      responses:
-        200:
-          description: "no error"
-          headers:
-            X-Docker-Container-Path-Stat:
-              type: "string"
-              description: |
-                A base64 - encoded JSON object with some filesystem header
-                information about the path
-        400:
-          description: "Bad parameter"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-        404:
-          description: "Container or path does not exist"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-          examples:
-            application/json:
-              message: "No such container: c2ada9df5af8"
-        500:
-          description: "Server error"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-      parameters:
-        - name: "id"
-          in: "path"
-          required: true
-          description: "ID or name of the container"
-          type: "string"
-        - name: "path"
-          in: "query"
-          required: true
-          description: "Resource in the container’s filesystem to archive."
-          type: "string"
-      tags: ["Container"]
-    get:
-      summary: "Get an archive of a filesystem resource in a container"
-      description: "Get a tar archive of a resource in the filesystem of container id."
-      operationId: "ContainerArchive"
-      produces: ["application/x-tar"]
-      responses:
-        200:
-          description: "no error"
-        400:
-          description: "Bad parameter"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-        404:
-          description: "Container or path does not exist"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-          examples:
-            application/json:
-              message: "No such container: c2ada9df5af8"
-        500:
-          description: "server error"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-      parameters:
-        - name: "id"
-          in: "path"
-          required: true
-          description: "ID or name of the container"
-          type: "string"
-        - name: "path"
-          in: "query"
-          required: true
-          description: "Resource in the container’s filesystem to archive."
-          type: "string"
-      tags: ["Container"]
-    put:
-      summary: "Extract an archive of files or folders to a directory in a container"
-      description: |
-        Upload a tar archive to be extracted to a path in the filesystem of container id.
-        `path` parameter is asserted to be a directory. If it exists as a file, 400 error
-        will be returned with message "not a directory".
-      operationId: "PutContainerArchive"
-      consumes: ["application/x-tar", "application/octet-stream"]
-      responses:
-        200:
-          description: "The content was extracted successfully"
-        400:
-          description: "Bad parameter"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-          examples:
-            application/json:
-              message: "not a directory"
-        403:
-          description: "Permission denied, the volume or container rootfs is marked as read-only."
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-        404:
-          description: "No such container or path does not exist inside the container"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-          examples:
-            application/json:
-              message: "No such container: c2ada9df5af8"
-        500:
-          description: "Server error"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-      parameters:
-        - name: "id"
-          in: "path"
-          required: true
-          description: "ID or name of the container"
-          type: "string"
-        - name: "path"
-          in: "query"
-          required: true
-          description: "Path to a directory in the container to extract the archive’s contents into. "
-          type: "string"
-        - name: "noOverwriteDirNonDir"
-          in: "query"
-          description: |
-            If `1`, `true`, or `True` then it will be an error if unpacking the
-            given content would cause an existing directory to be replaced with
-            a non-directory and vice versa.
-          type: "string"
-        - name: "copyUIDGID"
-          in: "query"
-          description: |
-            If `1`, `true`, then it will copy UID/GID maps to the dest file or
-            dir
-          type: "string"
-        - name: "inputStream"
-          in: "body"
-          required: true
-          description: |
-            The input stream must be a tar archive compressed with one of the
-            following algorithms: `identity` (no compression), `gzip`, `bzip2`,
-            or `xz`.
-          schema:
-            type: "string"
-            format: "binary"
-      tags: ["Container"]
-  /containers/prune:
-    post:
-      summary: "Delete stopped containers"
-      produces:
-        - "application/json"
-      operationId: "ContainerPrune"
-      parameters:
-        - name: "filters"
-          in: "query"
-          description: |
-            Filters to process on the prune list, encoded as JSON (a `map[string][]string`).
-
-            Available filters:
-            - `until=<timestamp>` Prune containers created before this timestamp. The `<timestamp>` can be Unix timestamps, date formatted timestamps, or Go duration strings (e.g. `10m`, `1h30m`) computed relative to the daemon machine’s time.
-            - `label` (`label=<key>`, `label=<key>=<value>`, `label!=<key>`, or `label!=<key>=<value>`) Prune containers with (or without, in case `label!=...` is used) the specified labels.
-          type: "string"
-      responses:
-        200:
-          description: "No error"
-          schema:
-            type: "object"
-            title: "ContainerPruneResponse"
-            properties:
-              ContainersDeleted:
-                description: "Container IDs that were deleted"
-                type: "array"
-                items:
-                  type: "string"
-              SpaceReclaimed:
-                description: "Disk space reclaimed in bytes"
-                type: "integer"
-                format: "int64"
-        500:
-          description: "Server error"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-      tags: ["Container"]
-  /images/json:
-    get:
-      summary: "List Images"
-      description: "Returns a list of images on the server. Note that it uses a different, smaller representation of an image than inspecting a single image."
-      operationId: "ImageList"
-      produces:
-        - "application/json"
-      responses:
-        200:
-          description: "Summary image data for the images matching the query"
-          schema:
-            type: "array"
-            items:
-              $ref: "#/definitions/ImageSummary"
-        500:
-          description: "server error"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-      parameters:
-        - name: "all"
-          in: "query"
-          description: "Show all images. Only images from a final layer (no children) are shown by default."
-          type: "boolean"
-          default: false
-        - name: "filters"
-          in: "query"
-          description: |
-            A JSON encoded value of the filters (a `map[string][]string`) to
-            process on the images list.
-
-            Available filters:
-
-            - `before`=(`<image-name>[:<tag>]`,  `<image id>` or `<image@digest>`)
-            - `dangling=true`
-            - `label=key` or `label="key=value"` of an image label
-            - `reference`=(`<image-name>[:<tag>]`)
-            - `since`=(`<image-name>[:<tag>]`,  `<image id>` or `<image@digest>`)
-            - `until=<timestamp>`
-          type: "string"
-        - name: "shared-size"
-          in: "query"
-          description: "Compute and show shared size as a `SharedSize` field on each image."
-          type: "boolean"
-          default: false
-        - name: "digests"
-          in: "query"
-          description: "Show digest information as a `RepoDigests` field on each image."
-          type: "boolean"
-          default: false
-        - name: "manifests"
-          in: "query"
-          description: "Include `Manifests` in the image summary."
-          type: "boolean"
-          default: false
-      tags: ["Image"]
-  /build:
-    post:
-      summary: "Build an image"
-      description: |
-        Build an image from a tar archive with a `Dockerfile` in it.
-
-        The `Dockerfile` specifies how the image is built from the tar archive. It is typically in the archive's root, but can be at a different path or have a different name by specifying the `dockerfile` parameter. [See the `Dockerfile` reference for more information](https://docs.docker.com/engine/reference/builder/).
-
-        The Docker daemon performs a preliminary validation of the `Dockerfile` before starting the build, and returns an error if the syntax is incorrect. After that, each instruction is run one-by-one until the ID of the new image is output.
-
-        The build is canceled if the client drops the connection by quitting or being killed.
-      operationId: "ImageBuild"
-      consumes:
-        - "application/octet-stream"
-      produces:
-        - "application/json"
-      parameters:
-        - name: "inputStream"
-          in: "body"
-          description: "A tar archive compressed with one of the following algorithms: identity (no compression), gzip, bzip2, xz."
-          schema:
-            type: "string"
-            format: "binary"
-        - name: "dockerfile"
-          in: "query"
-          description: "Path within the build context to the `Dockerfile`. This is ignored if `remote` is specified and points to an external `Dockerfile`."
-          type: "string"
-          default: "Dockerfile"
-        - name: "t"
-          in: "query"
-          description: "A name and optional tag to apply to the image in the `name:tag` format. If you omit the tag the default `latest` value is assumed. You can provide several `t` parameters."
-          type: "string"
-        - name: "extrahosts"
-          in: "query"
-          description: "Extra hosts to add to /etc/hosts"
-          type: "string"
-        - name: "remote"
-          in: "query"
-          description: "A Git repository URI or HTTP/HTTPS context URI. If the URI points to a single text file, the file’s contents are placed into a file called `Dockerfile` and the image is built from that file. If the URI points to a tarball, the file is downloaded by the daemon and the contents therein used as the context for the build. If the URI points to a tarball and the `dockerfile` parameter is also specified, there must be a file with the corresponding path inside the tarball."
-          type: "string"
-        - name: "q"
-          in: "query"
-          description: "Suppress verbose build output."
-          type: "boolean"
-          default: false
-        - name: "nocache"
-          in: "query"
-          description: "Do not use the cache when building the image."
-          type: "boolean"
-          default: false
-        - name: "cachefrom"
-          in: "query"
-          description: "JSON array of images used for build cache resolution."
-          type: "string"
-        - name: "pull"
-          in: "query"
-          description: "Attempt to pull the image even if an older image exists locally."
-          type: "string"
-        - name: "rm"
-          in: "query"
-          description: "Remove intermediate containers after a successful build."
-          type: "boolean"
-          default: true
-        - name: "forcerm"
-          in: "query"
-          description: "Always remove intermediate containers, even upon failure."
-          type: "boolean"
-          default: false
-        - name: "memory"
-          in: "query"
-          description: "Set memory limit for build."
-          type: "integer"
-        - name: "memswap"
-          in: "query"
-          description: "Total memory (memory + swap). Set as `-1` to disable swap."
-          type: "integer"
-        - name: "cpushares"
-          in: "query"
-          description: "CPU shares (relative weight)."
-          type: "integer"
-        - name: "cpusetcpus"
-          in: "query"
-          description: "CPUs in which to allow execution (e.g., `0-3`, `0,1`)."
-          type: "string"
-        - name: "cpuperiod"
-          in: "query"
-          description: "The length of a CPU period in microseconds."
-          type: "integer"
-        - name: "cpuquota"
-          in: "query"
-          description: "Microseconds of CPU time that the container can get in a CPU period."
-          type: "integer"
-        - name: "buildargs"
-          in: "query"
-          description: >
-            JSON map of string pairs for build-time variables. Users pass these values at build-time. Docker
-            uses the buildargs as the environment context for commands run via the `Dockerfile` RUN
-            instruction, or for variable expansion in other `Dockerfile` instructions. This is not meant for
-            passing secret values.
-
-
-            For example, the build arg `FOO=bar` would become `{"FOO":"bar"}` in JSON. This would result in the
-            query parameter `buildargs={"FOO":"bar"}`. Note that `{"FOO":"bar"}` should be URI component encoded.
-
-
-            [Read more about the buildargs instruction.](https://docs.docker.com/engine/reference/builder/#arg)
-          type: "string"
-        - name: "shmsize"
-          in: "query"
-          description: "Size of `/dev/shm` in bytes. The size must be greater than 0. If omitted the system uses 64MB."
-          type: "integer"
-        - name: "squash"
-          in: "query"
-          description: "Squash the resulting images layers into a single layer. *(Experimental release only.)*"
-          type: "boolean"
-        - name: "labels"
-          in: "query"
-          description: "Arbitrary key/value labels to set on the image, as a JSON map of string pairs."
-          type: "string"
-        - name: "networkmode"
-          in: "query"
-          description: |
-            Sets the networking mode for the run commands during build. Supported
-            standard values are: `bridge`, `host`, `none`, and `container:<name|id>`.
-            Any other value is taken as a custom network's name or ID to which this
-            container should connect to.
-          type: "string"
-        - name: "Content-type"
-          in: "header"
-          type: "string"
-          enum:
-            - "application/x-tar"
-          default: "application/x-tar"
-        - name: "X-Registry-Config"
-          in: "header"
-          description: |
-            This is a base64-encoded JSON object with auth configurations for multiple registries that a build may refer to.
-
-            The key is a registry URL, and the value is an auth configuration object, [as described in the authentication section](#section/Authentication). For example:
-
-            ```
-            {
-              "docker.example.com": {
-                "username": "janedoe",
-                "password": "hunter2"
-              },
-              "https://index.docker.io/v1/": {
-                "username": "mobydock",
-                "password": "conta1n3rize14"
-              }
-            }
-            ```
-
-            Only the registry domain name (and port if not the default 443) are required. However, for legacy reasons, the Docker Hub registry must be specified with both a `https://` prefix and a `/v1/` suffix even though Docker will prefer to use the v2 registry API.
-          type: "string"
-        - name: "platform"
-          in: "query"
-          description: "Platform in the format os[/arch[/variant]]"
-          type: "string"
-          default: ""
-        - name: "target"
-          in: "query"
-          description: "Target build stage"
-          type: "string"
-          default: ""
-        - name: "outputs"
-          in: "query"
-          description: "BuildKit output configuration"
-          type: "string"
-          default: ""
-        - name: "version"
-          in: "query"
-          type: "string"
-          default: "1"
-          enum: ["1", "2"]
-          description: |
-            Version of the builder backend to use.
-
-            - `1` is the first generation classic (deprecated) builder in the Docker daemon (default)
-            - `2` is [BuildKit](https://github.com/moby/buildkit)
-      responses:
-        200:
-          description: "no error"
-        400:
-          description: "Bad parameter"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-        500:
-          description: "server error"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-      tags: ["Image"]
-  /build/prune:
-    post:
-      summary: "Delete builder cache"
-      produces:
-        - "application/json"
-      operationId: "BuildPrune"
-      parameters:
-        - name: "keep-storage"
-          in: "query"
-          description: |
-            Amount of disk space in bytes to keep for cache
-
-            > **Deprecated**: This parameter is deprecated and has been renamed to "reserved-space".
-            > It is kept for backward compatibility and will be removed in API v1.49.
-          type: "integer"
-          format: "int64"
-        - name: "reserved-space"
-          in: "query"
-          description: "Amount of disk space in bytes to keep for cache"
-          type: "integer"
-          format: "int64"
-        - name: "max-used-space"
-          in: "query"
-          description: "Maximum amount of disk space allowed to keep for cache"
-          type: "integer"
-          format: "int64"
-        - name: "min-free-space"
-          in: "query"
-          description: "Target amount of free disk space after pruning"
-          type: "integer"
-          format: "int64"
-        - name: "all"
-          in: "query"
-          type: "boolean"
-          description: "Remove all types of build cache"
-        - name: "filters"
-          in: "query"
-          type: "string"
-          description: |
-            A JSON encoded value of the filters (a `map[string][]string`) to
-            process on the list of build cache objects.
-
-            Available filters:
-
-            - `until=<timestamp>` remove cache older than `<timestamp>`. The `<timestamp>` can be Unix timestamps, date formatted timestamps, or Go duration strings (e.g. `10m`, `1h30m`) computed relative to the daemon's local time.
-            - `id=<id>`
-            - `parent=<id>`
-            - `type=<string>`
-            - `description=<string>`
-            - `inuse`
-            - `shared`
-            - `private`
-      responses:
-        200:
-          description: "No error"
-          schema:
-            type: "object"
-            title: "BuildPruneResponse"
-            properties:
-              CachesDeleted:
-                type: "array"
-                items:
-                  description: "ID of build cache object"
-                  type: "string"
-              SpaceReclaimed:
-                description: "Disk space reclaimed in bytes"
-                type: "integer"
-                format: "int64"
-        500:
-          description: "Server error"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-      tags: ["Image"]
-  /images/create:
-    post:
-      summary: "Create an image"
-      description: "Pull or import an image."
-      operationId: "ImageCreate"
-      consumes:
-        - "text/plain"
-        - "application/octet-stream"
-      produces:
-        - "application/json"
-      responses:
-        200:
-          description: "no error"
-        404:
-          description: "repository does not exist or no read access"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-        500:
-          description: "server error"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-      parameters:
-        - name: "fromImage"
-          in: "query"
-          description: |
-            Name of the image to pull. If the name includes a tag or digest, specific behavior applies:
-
-            - If only `fromImage` includes a tag, that tag is used.
-            - If both `fromImage` and `tag` are provided, `tag` takes precedence.
-            - If `fromImage` includes a digest, the image is pulled by digest, and `tag` is ignored.
-            - If neither a tag nor digest is specified, all tags are pulled.
-          type: "string"
-        - name: "fromSrc"
-          in: "query"
-          description: "Source to import. The value may be a URL from which the image can be retrieved or `-` to read the image from the request body. This parameter may only be used when importing an image."
-          type: "string"
-        - name: "repo"
-          in: "query"
-          description: "Repository name given to an image when it is imported. The repo may include a tag. This parameter may only be used when importing an image."
-          type: "string"
-        - name: "tag"
-          in: "query"
-          description: "Tag or digest. If empty when pulling an image, this causes all tags for the given image to be pulled."
-          type: "string"
-        - name: "message"
-          in: "query"
-          description: "Set commit message for imported image."
-          type: "string"
-        - name: "inputImage"
-          in: "body"
-          description: "Image content if the value `-` has been specified in fromSrc query parameter"
-          schema:
-            type: "string"
-          required: false
-        - name: "X-Registry-Auth"
-          in: "header"
-          description: |
-            A base64url-encoded auth configuration.
-
-            Refer to the [authentication section](#section/Authentication) for
-            details.
-          type: "string"
-        - name: "changes"
-          in: "query"
-          description: |
-            Apply `Dockerfile` instructions to the image that is created,
-            for example: `changes=ENV DEBUG=true`.
-            Note that `ENV DEBUG=true` should be URI component encoded.
-
-            Supported `Dockerfile` instructions:
-            `CMD`|`ENTRYPOINT`|`ENV`|`EXPOSE`|`ONBUILD`|`USER`|`VOLUME`|`WORKDIR`
-          type: "array"
-          items:
-            type: "string"
-        - name: "platform"
-          in: "query"
-          description: |
-            Platform in the format os[/arch[/variant]].
-
-            When used in combination with the `fromImage` option, the daemon checks
-            if the given image is present in the local image cache with the given
-            OS and Architecture, and otherwise attempts to pull the image. If the
-            option is not set, the host's native OS and Architecture are used.
-            If the given image does not exist in the local image cache, the daemon
-            attempts to pull the image with the host's native OS and Architecture.
-            If the given image does exists in the local image cache, but its OS or
-            architecture does not match, a warning is produced.
-
-            When used with the `fromSrc` option to import an image from an archive,
-            this option sets the platform information for the imported image. If
-            the option is not set, the host's native OS and Architecture are used
-            for the imported image.
-          type: "string"
-          default: ""
-      tags: ["Image"]
-  /images/{name}/json:
-    get:
-      summary: "Inspect an image"
-      description: "Return low-level information about an image."
-      operationId: "ImageInspect"
-      produces:
-        - "application/json"
-      responses:
-        200:
-          description: "No error"
-          schema:
-            $ref: "#/definitions/ImageInspect"
-        404:
-          description: "No such image"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-          examples:
-            application/json:
-              message: "No such image: someimage (tag: latest)"
-        500:
-          description: "Server error"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-      parameters:
-        - name: "name"
-          in: "path"
-          description: "Image name or id"
-          type: "string"
-          required: true
-        - name: "manifests"
-          in: "query"
-          description: "Include Manifests in the image summary."
-          type: "boolean"
-          default: false
-          required: false
-      tags: ["Image"]
-  /images/{name}/history:
-    get:
-      summary: "Get the history of an image"
-      description: "Return parent layers of an image."
-      operationId: "ImageHistory"
-      produces: ["application/json"]
-      responses:
-        200:
-          description: "List of image layers"
-          schema:
-            type: "array"
-            items:
-              type: "object"
-              x-go-name: HistoryResponseItem
-              title: "HistoryResponseItem"
-              description: "individual image layer information in response to ImageHistory operation"
-              required: [Id, Created, CreatedBy, Tags, Size, Comment]
-              properties:
-                Id:
-                  type: "string"
-                  x-nullable: false
-                Created:
-                  type: "integer"
-                  format: "int64"
-                  x-nullable: false
-                CreatedBy:
-                  type: "string"
-                  x-nullable: false
-                Tags:
-                  type: "array"
-                  items:
-                    type: "string"
-                Size:
-                  type: "integer"
-                  format: "int64"
-                  x-nullable: false
-                Comment:
-                  type: "string"
-                  x-nullable: false
-          examples:
-            application/json:
-              - Id: "3db9c44f45209632d6050b35958829c3a2aa256d81b9a7be45b362ff85c54710"
-                Created: 1398108230
-                CreatedBy: "/bin/sh -c #(nop) ADD file:eb15dbd63394e063b805a3c32ca7bf0266ef64676d5a6fab4801f2e81e2a5148 in /"
-                Tags:
-                  - "ubuntu:lucid"
-                  - "ubuntu:10.04"
-                Size: 182964289
-                Comment: ""
-              - Id: "6cfa4d1f33fb861d4d114f43b25abd0ac737509268065cdfd69d544a59c85ab8"
-                Created: 1398108222
-                CreatedBy: "/bin/sh -c #(nop) MAINTAINER Tianon Gravi <admwiggin@gmail.com> - mkimage-debootstrap.sh -i iproute,iputils-ping,ubuntu-minimal -t lucid.tar.xz lucid http://archive.ubuntu.com/ubuntu/"
-                Tags: []
-                Size: 0
-                Comment: ""
-              - Id: "511136ea3c5a64f264b78b5433614aec563103b4d4702f3ba7d4d2698e22c158"
-                Created: 1371157430
-                CreatedBy: ""
-                Tags:
-                  - "scratch12:latest"
-                  - "scratch:latest"
-                Size: 0
-                Comment: "Imported from -"
-        404:
-          description: "No such image"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-        500:
-          description: "Server error"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-      parameters:
-        - name: "name"
-          in: "path"
-          description: "Image name or ID"
-          type: "string"
-          required: true
-        - name: "platform"
-          type: "string"
-          in: "query"
-          description: |
-            JSON-encoded OCI platform to select the platform-variant.
-            If omitted, it defaults to any locally available platform,
-            prioritizing the daemon's host platform.
-
-            If the daemon provides a multi-platform image store, this selects
-            the platform-variant to show the history for. If the image is
-            a single-platform image, or if the multi-platform image does not
-            provide a variant matching the given platform, an error is returned.
-
-            Example: `{"os": "linux", "architecture": "arm", "variant": "v5"}`
-      tags: ["Image"]
-  /images/{name}/push:
-    post:
-      summary: "Push an image"
-      description: |
-        Push an image to a registry.
-
-        If you wish to push an image on to a private registry, that image must
-        already have a tag which references the registry. For example,
-        `registry.example.com/myimage:latest`.
-
-        The push is cancelled if the HTTP connection is closed.
-      operationId: "ImagePush"
-      consumes:
-        - "application/octet-stream"
-      responses:
-        200:
-          description: "No error"
-        404:
-          description: "No such image"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-        500:
-          description: "Server error"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-      parameters:
-        - name: "name"
-          in: "path"
-          description: |
-            Name of the image to push. For example, `registry.example.com/myimage`.
-            The image must be present in the local image store with the same name.
-
-            The name should be provided without tag; if a tag is provided, it
-            is ignored. For example, `registry.example.com/myimage:latest` is
-            considered equivalent to `registry.example.com/myimage`.
-
-            Use the `tag` parameter to specify the tag to push.
-          type: "string"
-          required: true
-        - name: "tag"
-          in: "query"
-          description: |
-            Tag of the image to push. For example, `latest`. If no tag is provided,
-            all tags of the given image that are present in the local image store
-            are pushed.
-          type: "string"
-        - name: "platform"
-          type: "string"
-          in: "query"
-          description: |
-            JSON-encoded OCI platform to select the platform-variant to push.
-            If not provided, all available variants will attempt to be pushed.
-
-            If the daemon provides a multi-platform image store, this selects
-            the platform-variant to push to the registry. If the image is
-            a single-platform image, or if the multi-platform image does not
-            provide a variant matching the given platform, an error is returned.
-
-            Example: `{"os": "linux", "architecture": "arm", "variant": "v5"}`
-        - name: "X-Registry-Auth"
-          in: "header"
-          description: |
-            A base64url-encoded auth configuration.
-
-            Refer to the [authentication section](#section/Authentication) for
-            details.
-          type: "string"
-          required: true
-      tags: ["Image"]
-  /images/{name}/tag:
-    post:
-      summary: "Tag an image"
-      description: "Tag an image so that it becomes part of a repository."
-      operationId: "ImageTag"
-      responses:
-        201:
-          description: "No error"
-        400:
-          description: "Bad parameter"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-        404:
-          description: "No such image"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-        409:
-          description: "Conflict"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-        500:
-          description: "Server error"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-      parameters:
-        - name: "name"
-          in: "path"
-          description: "Image name or ID to tag."
-          type: "string"
-          required: true
-        - name: "repo"
-          in: "query"
-          description: "The repository to tag in. For example, `someuser/someimage`."
-          type: "string"
-        - name: "tag"
-          in: "query"
-          description: "The name of the new tag."
-          type: "string"
-      tags: ["Image"]
-  /images/{name}:
-    delete:
-      summary: "Remove an image"
-      description: |
-        Remove an image, along with any untagged parent images that were
-        referenced by that image.
-
-        Images can't be removed if they have descendant images, are being
-        used by a running container or are being used by a build.
-      operationId: "ImageDelete"
-      produces: ["application/json"]
-      responses:
-        200:
-          description: "The image was deleted successfully"
-          schema:
-            type: "array"
-            items:
-              $ref: "#/definitions/ImageDeleteResponseItem"
-          examples:
-            application/json:
-              - Untagged: "3e2f21a89f"
-              - Deleted: "3e2f21a89f"
-              - Deleted: "53b4f83ac9"
-        404:
-          description: "No such image"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-        409:
-          description: "Conflict"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-        500:
-          description: "Server error"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-      parameters:
-        - name: "name"
-          in: "path"
-          description: "Image name or ID"
-          type: "string"
-          required: true
-        - name: "force"
-          in: "query"
-          description: "Remove the image even if it is being used by stopped containers or has other tags"
-          type: "boolean"
-          default: false
-        - name: "noprune"
-          in: "query"
-          description: "Do not delete untagged parent images"
-          type: "boolean"
-          default: false
-        - name: "platforms"
-          in: "query"
-          description: |
-            Select platform-specific content to delete.
-            Multiple values are accepted.
-            Each platform is a OCI platform encoded as a JSON string.
-          type: "array"
-          items:
-            # This should be OCIPlatform
-            # but $ref is not supported for array in query in Swagger 2.0
-            # $ref: "#/definitions/OCIPlatform"
-            type: "string"
-      tags: ["Image"]
-  /images/search:
-    get:
-      summary: "Search images"
-      description: "Search for an image on Docker Hub."
-      operationId: "ImageSearch"
-      produces:
-        - "application/json"
-      responses:
-        200:
-          description: "No error"
-          schema:
-            type: "array"
-            items:
-              type: "object"
-              title: "ImageSearchResponseItem"
-              properties:
-                description:
-                  type: "string"
-                is_official:
-                  type: "boolean"
-                is_automated:
-                  description: |
-                    Whether this repository has automated builds enabled.
-
-                    <p><br /></p>
-
-                    > **Deprecated**: This field is deprecated and will always be "false".
-                  type: "boolean"
-                  example: false
-                name:
-                  type: "string"
-                star_count:
-                  type: "integer"
-          examples:
-            application/json:
-              - description: "A minimal Docker image based on Alpine Linux with a complete package index and only 5 MB in size!"
-                is_official: true
-                is_automated: false
-                name: "alpine"
-                star_count: 10093
-              - description: "Busybox base image."
-                is_official: true
-                is_automated: false
-                name: "Busybox base image."
-                star_count: 3037
-              - description: "The PostgreSQL object-relational database system provides reliability and data integrity."
-                is_official: true
-                is_automated: false
-                name: "postgres"
-                star_count: 12408
-        500:
-          description: "Server error"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-      parameters:
-        - name: "term"
-          in: "query"
-          description: "Term to search"
-          type: "string"
-          required: true
-        - name: "limit"
-          in: "query"
-          description: "Maximum number of results to return"
-          type: "integer"
-        - name: "filters"
-          in: "query"
-          description: |
-            A JSON encoded value of the filters (a `map[string][]string`) to process on the images list. Available filters:
-
-            - `is-official=(true|false)`
-            - `stars=<number>` Matches images that has at least 'number' stars.
-          type: "string"
-      tags: ["Image"]
-  /images/prune:
-    post:
-      summary: "Delete unused images"
-      produces:
-        - "application/json"
-      operationId: "ImagePrune"
-      parameters:
-        - name: "filters"
-          in: "query"
-          description: |
-            Filters to process on the prune list, encoded as JSON (a `map[string][]string`). Available filters:
-
-            - `dangling=<boolean>` When set to `true` (or `1`), prune only
-               unused *and* untagged images. When set to `false`
-               (or `0`), all unused images are pruned.
-            - `until=<string>` Prune images created before this timestamp. The `<timestamp>` can be Unix timestamps, date formatted timestamps, or Go duration strings (e.g. `10m`, `1h30m`) computed relative to the daemon machine’s time.
-            - `label` (`label=<key>`, `label=<key>=<value>`, `label!=<key>`, or `label!=<key>=<value>`) Prune images with (or without, in case `label!=...` is used) the specified labels.
-          type: "string"
-      responses:
-        200:
-          description: "No error"
-          schema:
-            type: "object"
-            title: "ImagePruneResponse"
-            properties:
-              ImagesDeleted:
-                description: "Images that were deleted"
-                type: "array"
-                items:
-                  $ref: "#/definitions/ImageDeleteResponseItem"
-              SpaceReclaimed:
-                description: "Disk space reclaimed in bytes"
-                type: "integer"
-                format: "int64"
-        500:
-          description: "Server error"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-      tags: ["Image"]
-  /auth:
-    post:
-      summary: "Check auth configuration"
-      description: |
-        Validate credentials for a registry and, if available, get an identity
-        token for accessing the registry without password.
-      operationId: "SystemAuth"
-      consumes: ["application/json"]
-      produces: ["application/json"]
-      responses:
-        200:
-          description: "An identity token was generated successfully."
-          schema:
-            type: "object"
-            title: "SystemAuthResponse"
-            required: [Status]
-            properties:
-              Status:
-                description: "The status of the authentication"
-                type: "string"
-                x-nullable: false
-              IdentityToken:
-                description: "An opaque token used to authenticate a user after a successful login"
-                type: "string"
-                x-nullable: false
-          examples:
-            application/json:
-              Status: "Login Succeeded"
-              IdentityToken: "9cbaf023786cd7..."
-        204:
-          description: "No error"
-        401:
-          description: "Auth error"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-        500:
-          description: "Server error"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-      parameters:
-        - name: "authConfig"
-          in: "body"
-          description: "Authentication to check"
-          schema:
-            $ref: "#/definitions/AuthConfig"
-      tags: ["System"]
-  /info:
-    get:
-      summary: "Get system information"
-      operationId: "SystemInfo"
-      produces:
-        - "application/json"
-      responses:
-        200:
-          description: "No error"
-          schema:
-            $ref: "#/definitions/SystemInfo"
-        500:
-          description: "Server error"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-      tags: ["System"]
-  /version:
-    get:
-      summary: "Get version"
-      description: "Returns the version of Docker that is running and various information about the system that Docker is running on."
-      operationId: "SystemVersion"
-      produces: ["application/json"]
-      responses:
-        200:
-          description: "no error"
-          schema:
-            $ref: "#/definitions/SystemVersion"
-        500:
-          description: "server error"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-      tags: ["System"]
-  /_ping:
-    get:
-      summary: "Ping"
-      description: "This is a dummy endpoint you can use to test if the server is accessible."
-      operationId: "SystemPing"
-      produces: ["text/plain"]
-      responses:
-        200:
-          description: "no error"
-          schema:
-            type: "string"
-            example: "OK"
-          headers:
-            Api-Version:
-              type: "string"
-              description: "Max API Version the server supports"
-            Builder-Version:
-              type: "string"
-              description: |
-                Default version of docker image builder
-
-                The default on Linux is version "2" (BuildKit), but the daemon
-                can be configured to recommend version "1" (classic Builder).
-                Windows does not yet support BuildKit for native Windows images,
-                and uses "1" (classic builder) as a default.
-
-                This value is a recommendation as advertised by the daemon, and
-                it is up to the client to choose which builder to use.
-              default: "2"
-            Docker-Experimental:
-              type: "boolean"
-              description: "If the server is running with experimental mode enabled"
-            Swarm:
-              type: "string"
-              enum: ["inactive", "pending", "error", "locked", "active/worker", "active/manager"]
-              description: |
-                Contains information about Swarm status of the daemon,
-                and if the daemon is acting as a manager or worker node.
-              default: "inactive"
-            Cache-Control:
-              type: "string"
-              default: "no-cache, no-store, must-revalidate"
-            Pragma:
-              type: "string"
-              default: "no-cache"
-        500:
-          description: "server error"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-          headers:
-            Cache-Control:
-              type: "string"
-              default: "no-cache, no-store, must-revalidate"
-            Pragma:
-              type: "string"
-              default: "no-cache"
-      tags: ["System"]
-    head:
-      summary: "Ping"
-      description: "This is a dummy endpoint you can use to test if the server is accessible."
-      operationId: "SystemPingHead"
-      produces: ["text/plain"]
-      responses:
-        200:
-          description: "no error"
-          schema:
-            type: "string"
-            example: "(empty)"
-          headers:
-            Api-Version:
-              type: "string"
-              description: "Max API Version the server supports"
-            Builder-Version:
-              type: "string"
-              description: "Default version of docker image builder"
-            Docker-Experimental:
-              type: "boolean"
-              description: "If the server is running with experimental mode enabled"
-            Swarm:
-              type: "string"
-              enum: ["inactive", "pending", "error", "locked", "active/worker", "active/manager"]
-              description: |
-                Contains information about Swarm status of the daemon,
-                and if the daemon is acting as a manager or worker node.
-              default: "inactive"
-            Cache-Control:
-              type: "string"
-              default: "no-cache, no-store, must-revalidate"
-            Pragma:
-              type: "string"
-              default: "no-cache"
-        500:
-          description: "server error"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-      tags: ["System"]
-  /commit:
-    post:
-      summary: "Create a new image from a container"
-      operationId: "ImageCommit"
-      consumes:
-        - "application/json"
-      produces:
-        - "application/json"
-      responses:
-        201:
-          description: "no error"
-          schema:
-            $ref: "#/definitions/IDResponse"
-        404:
-          description: "no such container"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-          examples:
-            application/json:
-              message: "No such container: c2ada9df5af8"
-        500:
-          description: "server error"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-      parameters:
-        - name: "containerConfig"
-          in: "body"
-          description: "The container configuration"
-          schema:
-            $ref: "#/definitions/ContainerConfig"
-        - name: "container"
-          in: "query"
-          description: "The ID or name of the container to commit"
-          type: "string"
-        - name: "repo"
-          in: "query"
-          description: "Repository name for the created image"
-          type: "string"
-        - name: "tag"
-          in: "query"
-          description: "Tag name for the create image"
-          type: "string"
-        - name: "comment"
-          in: "query"
-          description: "Commit message"
-          type: "string"
-        - name: "author"
-          in: "query"
-          description: "Author of the image (e.g., `John Hannibal Smith <hannibal@a-team.com>`)"
-          type: "string"
-        - name: "pause"
-          in: "query"
-          description: "Whether to pause the container before committing"
-          type: "boolean"
-          default: true
-        - name: "changes"
-          in: "query"
-          description: "`Dockerfile` instructions to apply while committing"
-          type: "string"
-      tags: ["Image"]
-  /events:
-    get:
-      summary: "Monitor events"
-      description: |
-        Stream real-time events from the server.
-
-        Various objects within Docker report events when something happens to them.
-
-        Containers report these events: `attach`, `commit`, `copy`, `create`, `destroy`, `detach`, `die`, `exec_create`, `exec_detach`, `exec_start`, `exec_die`, `export`, `health_status`, `kill`, `oom`, `pause`, `rename`, `resize`, `restart`, `start`, `stop`, `top`, `unpause`, `update`, and `prune`
-
-        Images report these events: `create`, `delete`, `import`, `load`, `pull`, `push`, `save`, `tag`, `untag`, and `prune`
-
-        Volumes report these events: `create`, `mount`, `unmount`, `destroy`, and `prune`
-
-        Networks report these events: `create`, `connect`, `disconnect`, `destroy`, `update`, `remove`, and `prune`
-
-        The Docker daemon reports these events: `reload`
-
-        Services report these events: `create`, `update`, and `remove`
-
-        Nodes report these events: `create`, `update`, and `remove`
-
-        Secrets report these events: `create`, `update`, and `remove`
-
-        Configs report these events: `create`, `update`, and `remove`
-
-        The Builder reports `prune` events
-
-      operationId: "SystemEvents"
-      produces:
-        - "application/json"
-      responses:
-        200:
-          description: "no error"
-          schema:
-            $ref: "#/definitions/EventMessage"
-        400:
-          description: "bad parameter"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-        500:
-          description: "server error"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-      parameters:
-        - name: "since"
-          in: "query"
-          description: "Show events created since this timestamp then stream new events."
-          type: "string"
-        - name: "until"
-          in: "query"
-          description: "Show events created until this timestamp then stop streaming."
-          type: "string"
-        - name: "filters"
-          in: "query"
-          description: |
-            A JSON encoded value of filters (a `map[string][]string`) to process on the event list. Available filters:
-
-            - `config=<string>` config name or ID
-            - `container=<string>` container name or ID
-            - `daemon=<string>` daemon name or ID
-            - `event=<string>` event type
-            - `image=<string>` image name or ID
-            - `label=<string>` image or container label
-            - `network=<string>` network name or ID
-            - `node=<string>` node ID
-            - `plugin`=<string> plugin name or ID
-            - `scope`=<string> local or swarm
-            - `secret=<string>` secret name or ID
-            - `service=<string>` service name or ID
-            - `type=<string>` object to filter by, one of `container`, `image`, `volume`, `network`, `daemon`, `plugin`, `node`, `service`, `secret` or `config`
-            - `volume=<string>` volume name
-          type: "string"
-      tags: ["System"]
-  /system/df:
-    get:
-      summary: "Get data usage information"
-      operationId: "SystemDataUsage"
-      responses:
-        200:
-          description: "no error"
-          schema:
-            type: "object"
-            title: "SystemDataUsageResponse"
-            properties:
-              LayersSize:
-                type: "integer"
-                format: "int64"
-              Images:
-                type: "array"
-                items:
-                  $ref: "#/definitions/ImageSummary"
-              Containers:
-                type: "array"
-                items:
-                  $ref: "#/definitions/ContainerSummary"
-              Volumes:
-                type: "array"
-                items:
-                  $ref: "#/definitions/Volume"
-              BuildCache:
-                type: "array"
-                items:
-                  $ref: "#/definitions/BuildCache"
-            example:
-              LayersSize: 1092588
-              Images:
-                -
-                  Id: "sha256:2b8fd9751c4c0f5dd266fcae00707e67a2545ef34f9a29354585f93dac906749"
-                  ParentId: ""
-                  RepoTags:
-                    - "busybox:latest"
-                  RepoDigests:
-                    - "busybox@sha256:a59906e33509d14c036c8678d687bd4eec81ed7c4b8ce907b888c607f6a1e0e6"
-                  Created: 1466724217
-                  Size: 1092588
-                  SharedSize: 0
-                  Labels: {}
-                  Containers: 1
-              Containers:
-                -
-                  Id: "e575172ed11dc01bfce087fb27bee502db149e1a0fad7c296ad300bbff178148"
-                  Names:
-                    - "/top"
-                  Image: "busybox"
-                  ImageID: "sha256:2b8fd9751c4c0f5dd266fcae00707e67a2545ef34f9a29354585f93dac906749"
-                  Command: "top"
-                  Created: 1472592424
-                  Ports: []
-                  SizeRootFs: 1092588
-                  Labels: {}
-                  State: "exited"
-                  Status: "Exited (0) 56 minutes ago"
-                  HostConfig:
-                    NetworkMode: "default"
-                  NetworkSettings:
-                    Networks:
-                      bridge:
-                        IPAMConfig: null
-                        Links: null
-                        Aliases: null
-                        NetworkID: "d687bc59335f0e5c9ee8193e5612e8aee000c8c62ea170cfb99c098f95899d92"
-                        EndpointID: "8ed5115aeaad9abb174f68dcf135b49f11daf597678315231a32ca28441dec6a"
-                        Gateway: "172.18.0.1"
-                        IPAddress: "172.18.0.2"
-                        IPPrefixLen: 16
-                        IPv6Gateway: ""
-                        GlobalIPv6Address: ""
-                        GlobalIPv6PrefixLen: 0
-                        MacAddress: "02:42:ac:12:00:02"
-                  Mounts: []
-              Volumes:
-                -
-                  Name: "my-volume"
-                  Driver: "local"
-                  Mountpoint: "/var/lib/docker/volumes/my-volume/_data"
-                  Labels: null
-                  Scope: "local"
-                  Options: null
-                  UsageData:
-                    Size: 10920104
-                    RefCount: 2
-              BuildCache:
-                -
-                  ID: "hw53o5aio51xtltp5xjp8v7fx"
-                  Parents: []
-                  Type: "regular"
-                  Description: "pulled from docker.io/library/debian@sha256:234cb88d3020898631af0ccbbcca9a66ae7306ecd30c9720690858c1b007d2a0"
-                  InUse: false
-                  Shared: true
-                  Size: 0
-                  CreatedAt: "2021-06-28T13:31:01.474619385Z"
-                  LastUsedAt: "2021-07-07T22:02:32.738075951Z"
-                  UsageCount: 26
-                -
-                  ID: "ndlpt0hhvkqcdfkputsk4cq9c"
-                  Parents: ["ndlpt0hhvkqcdfkputsk4cq9c"]
-                  Type: "regular"
-                  Description: "mount / from exec /bin/sh -c echo 'Binary::apt::APT::Keep-Downloaded-Packages \"true\";' > /etc/apt/apt.conf.d/keep-cache"
-                  InUse: false
-                  Shared: true
-                  Size: 51
-                  CreatedAt: "2021-06-28T13:31:03.002625487Z"
-                  LastUsedAt: "2021-07-07T22:02:32.773909517Z"
-                  UsageCount: 26
-        500:
-          description: "server error"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-      parameters:
-        - name: "type"
-          in: "query"
-          description: |
-            Object types, for which to compute and return data.
-          type: "array"
-          collectionFormat: multi
-          items:
-            type: "string"
-            enum: ["container", "image", "volume", "build-cache"]
-      tags: ["System"]
-  /images/{name}/get:
-    get:
-      summary: "Export an image"
-      description: |
-        Get a tarball containing all images and metadata for a repository.
-
-        If `name` is a specific name and tag (e.g. `ubuntu:latest`), then only that image (and its parents) are returned. If `name` is an image ID, similarly only that image (and its parents) are returned, but with the exclusion of the `repositories` file in the tarball, as there were no image names referenced.
-
-        ### Image tarball format
-
-        An image tarball contains [Content as defined in the OCI Image Layout Specification](https://github.com/opencontainers/image-spec/blob/v1.1.1/image-layout.md#content).
-
-        Additionally, includes the manifest.json file associated with a backwards compatible docker save format.
-
-        If the tarball defines a repository, the tarball should also include a `repositories` file at the root that contains a list of repository and tag names mapped to layer IDs.
-
-        ```json
-        {
-          "hello-world": {
-            "latest": "565a9d68a73f6706862bfe8409a7f659776d4d60a8d096eb4a3cbce6999cc2a1"
-          }
-        }
-        ```
-      operationId: "ImageGet"
-      produces:
-        - "application/x-tar"
-      responses:
-        200:
-          description: "no error"
-          schema:
-            type: "string"
-            format: "binary"
-        500:
-          description: "server error"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-      parameters:
-        - name: "name"
-          in: "path"
-          description: "Image name or ID"
-          type: "string"
-          required: true
-        - name: "platform"
-          type: "string"
-          in: "query"
-          description: |
-            JSON encoded OCI platform describing a platform which will be used
-            to select a platform-specific image to be saved if the image is
-            multi-platform.
-            If not provided, the full multi-platform image will be saved.
-
-            Example: `{"os": "linux", "architecture": "arm", "variant": "v5"}`
-      tags: ["Image"]
-  /images/get:
-    get:
-      summary: "Export several images"
-      description: |
-        Get a tarball containing all images and metadata for several image
-        repositories.
-
-        For each value of the `names` parameter: if it is a specific name and
-        tag (e.g. `ubuntu:latest`), then only that image (and its parents) are
-        returned; if it is an image ID, similarly only that image (and its parents)
-        are returned and there would be no names referenced in the 'repositories'
-        file for this image ID.
-
-        For details on the format, see the [export image endpoint](#operation/ImageGet).
-      operationId: "ImageGetAll"
-      produces:
-        - "application/x-tar"
-      responses:
-        200:
-          description: "no error"
-          schema:
-            type: "string"
-            format: "binary"
-        500:
-          description: "server error"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-      parameters:
-        - name: "names"
-          in: "query"
-          description: "Image names to filter by"
-          type: "array"
-          items:
-            type: "string"
-        - name: "platform"
-          type: "string"
-          in: "query"
-          description: |
-            JSON encoded OCI platform describing a platform which will be used
-            to select a platform-specific image to be saved if the image is
-            multi-platform.
-            If not provided, the full multi-platform image will be saved.
-
-            Example: `{"os": "linux", "architecture": "arm", "variant": "v5"}`
-      tags: ["Image"]
-  /images/load:
-    post:
-      summary: "Import images"
-      description: |
-        Load a set of images and tags into a repository.
-
-        For details on the format, see the [export image endpoint](#operation/ImageGet).
-      operationId: "ImageLoad"
-      consumes:
-        - "application/x-tar"
-      produces:
-        - "application/json"
-      responses:
-        200:
-          description: "no error"
-        500:
-          description: "server error"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-      parameters:
-        - name: "imagesTarball"
-          in: "body"
-          description: "Tar archive containing images"
-          schema:
-            type: "string"
-            format: "binary"
-        - name: "quiet"
-          in: "query"
-          description: "Suppress progress details during load."
-          type: "boolean"
-          default: false
-        - name: "platform"
-          type: "string"
-          in: "query"
-          description: |
-            JSON encoded OCI platform describing a platform which will be used
-            to select a platform-specific image to be load if the image is
-            multi-platform.
-            If not provided, the full multi-platform image will be loaded.
-
-            Example: `{"os": "linux", "architecture": "arm", "variant": "v5"}`
-      tags: ["Image"]
-  /containers/{id}/exec:
-    post:
-      summary: "Create an exec instance"
-      description: "Run a command inside a running container."
-      operationId: "ContainerExec"
-      consumes:
-        - "application/json"
-      produces:
-        - "application/json"
-      responses:
-        201:
-          description: "no error"
-          schema:
-            $ref: "#/definitions/IDResponse"
-        404:
-          description: "no such container"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-          examples:
-            application/json:
-              message: "No such container: c2ada9df5af8"
-        409:
-          description: "container is paused"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-        500:
-          description: "Server error"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-      parameters:
-        - name: "execConfig"
-          in: "body"
-          description: "Exec configuration"
-          schema:
-            type: "object"
-            title: "ExecConfig"
-            properties:
-              AttachStdin:
-                type: "boolean"
-                description: "Attach to `stdin` of the exec command."
-              AttachStdout:
-                type: "boolean"
-                description: "Attach to `stdout` of the exec command."
-              AttachStderr:
-                type: "boolean"
-                description: "Attach to `stderr` of the exec command."
-              ConsoleSize:
-                type: "array"
-                description: "Initial console size, as an `[height, width]` array."
-                x-nullable: true
-                minItems: 2
-                maxItems: 2
-                items:
-                  type: "integer"
-                  minimum: 0
-                example: [80, 64]
-              DetachKeys:
-                type: "string"
-                description: |
-                  Override the key sequence for detaching a container. Format is
-                  a single character `[a-Z]` or `ctrl-<value>` where `<value>`
-                  is one of: `a-z`, `@`, `^`, `[`, `,` or `_`.
-              Tty:
-                type: "boolean"
-                description: "Allocate a pseudo-TTY."
-              Env:
-                description: |
-                  A list of environment variables in the form `["VAR=value", ...]`.
-                type: "array"
-                items:
-                  type: "string"
-              Cmd:
-                type: "array"
-                description: "Command to run, as a string or array of strings."
-                items:
-                  type: "string"
-              Privileged:
-                type: "boolean"
-                description: "Runs the exec process with extended privileges."
-                default: false
-              User:
-                type: "string"
-                description: |
-                  The user, and optionally, group to run the exec process inside
-                  the container. Format is one of: `user`, `user:group`, `uid`,
-                  or `uid:gid`.
-              WorkingDir:
-                type: "string"
-                description: |
-                  The working directory for the exec process inside the container.
-            example:
-              AttachStdin: false
-              AttachStdout: true
-              AttachStderr: true
-              DetachKeys: "ctrl-p,ctrl-q"
-              Tty: false
-              Cmd:
-                - "date"
-              Env:
-                - "FOO=bar"
-                - "BAZ=quux"
-          required: true
-        - name: "id"
-          in: "path"
-          description: "ID or name of container"
-          type: "string"
-          required: true
-      tags: ["Exec"]
-  /exec/{id}/start:
-    post:
-      summary: "Start an exec instance"
-      description: |
-        Starts a previously set up exec instance. If detach is true, this endpoint
-        returns immediately after starting the command. Otherwise, it sets up an
-        interactive session with the command.
-      operationId: "ExecStart"
-      consumes:
-        - "application/json"
-      produces:
-        - "application/vnd.docker.raw-stream"
-        - "application/vnd.docker.multiplexed-stream"
-      responses:
-        200:
-          description: "No error"
-        404:
-          description: "No such exec instance"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-        409:
-          description: "Container is stopped or paused"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-      parameters:
-        - name: "execStartConfig"
-          in: "body"
-          schema:
-            type: "object"
-            title: "ExecStartConfig"
-            properties:
-              Detach:
-                type: "boolean"
-                description: "Detach from the command."
-                example: false
-              Tty:
-                type: "boolean"
-                description: "Allocate a pseudo-TTY."
-                example: true
-              ConsoleSize:
-                type: "array"
-                description: "Initial console size, as an `[height, width]` array."
-                x-nullable: true
-                minItems: 2
-                maxItems: 2
-                items:
-                  type: "integer"
-                  minimum: 0
-                example: [80, 64]
-        - name: "id"
-          in: "path"
-          description: "Exec instance ID"
-          required: true
-          type: "string"
-      tags: ["Exec"]
-  /exec/{id}/resize:
-    post:
-      summary: "Resize an exec instance"
-      description: |
-        Resize the TTY session used by an exec instance. This endpoint only works
-        if `tty` was specified as part of creating and starting the exec instance.
-      operationId: "ExecResize"
-      responses:
-        200:
-          description: "No error"
-        400:
-          description: "bad parameter"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-        404:
-          description: "No such exec instance"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-        500:
-          description: "Server error"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-      parameters:
-        - name: "id"
-          in: "path"
-          description: "Exec instance ID"
-          required: true
-          type: "string"
-        - name: "h"
-          in: "query"
-          required: true
-          description: "Height of the TTY session in characters"
-          type: "integer"
-        - name: "w"
-          in: "query"
-          required: true
-          description: "Width of the TTY session in characters"
-          type: "integer"
-      tags: ["Exec"]
-  /exec/{id}/json:
-    get:
-      summary: "Inspect an exec instance"
-      description: "Return low-level information about an exec instance."
-      operationId: "ExecInspect"
-      produces:
-        - "application/json"
-      responses:
-        200:
-          description: "No error"
-          schema:
-            type: "object"
-            title: "ExecInspectResponse"
-            properties:
-              CanRemove:
-                type: "boolean"
-              DetachKeys:
-                type: "string"
-              ID:
-                type: "string"
-              Running:
-                type: "boolean"
-              ExitCode:
-                type: "integer"
-              ProcessConfig:
-                $ref: "#/definitions/ProcessConfig"
-              OpenStdin:
-                type: "boolean"
-              OpenStderr:
-                type: "boolean"
-              OpenStdout:
-                type: "boolean"
-              ContainerID:
-                type: "string"
-              Pid:
-                type: "integer"
-                description: "The system process ID for the exec process."
-          examples:
-            application/json:
-              CanRemove: false
-              ContainerID: "b53ee82b53a40c7dca428523e34f741f3abc51d9f297a14ff874bf761b995126"
-              DetachKeys: ""
-              ExitCode: 2
-              ID: "f33bbfb39f5b142420f4759b2348913bd4a8d1a6d7fd56499cb41a1bb91d7b3b"
-              OpenStderr: true
-              OpenStdin: true
-              OpenStdout: true
-              ProcessConfig:
-                arguments:
-                  - "-c"
-                  - "exit 2"
-                entrypoint: "sh"
-                privileged: false
-                tty: true
-                user: "1000"
-              Running: false
-              Pid: 42000
-        404:
-          description: "No such exec instance"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-        500:
-          description: "Server error"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-      parameters:
-        - name: "id"
-          in: "path"
-          description: "Exec instance ID"
-          required: true
-          type: "string"
-      tags: ["Exec"]
-
-  /volumes:
-    get:
-      summary: "List volumes"
-      operationId: "VolumeList"
-      produces: ["application/json"]
-      responses:
-        200:
-          description: "Summary volume data that matches the query"
-          schema:
-            $ref: "#/definitions/VolumeListResponse"
-        500:
-          description: "Server error"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-      parameters:
-        - name: "filters"
-          in: "query"
-          description: |
-            JSON encoded value of the filters (a `map[string][]string`) to
-            process on the volumes list. Available filters:
-
-            - `dangling=<boolean>` When set to `true` (or `1`), returns all
-               volumes that are not in use by a container. When set to `false`
-               (or `0`), only volumes that are in use by one or more
-               containers are returned.
-            - `driver=<volume-driver-name>` Matches volumes based on their driver.
-            - `label=<key>` or `label=<key>:<value>` Matches volumes based on
-               the presence of a `label` alone or a `label` and a value.
-            - `name=<volume-name>` Matches all or part of a volume name.
-          type: "string"
-          format: "json"
-      tags: ["Volume"]
-
-  /volumes/create:
-    post:
-      summary: "Create a volume"
-      operationId: "VolumeCreate"
-      consumes: ["application/json"]
-      produces: ["application/json"]
-      responses:
-        201:
-          description: "The volume was created successfully"
-          schema:
-            $ref: "#/definitions/Volume"
-        500:
-          description: "Server error"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-      parameters:
-        - name: "volumeConfig"
-          in: "body"
-          required: true
-          description: "Volume configuration"
-          schema:
-            $ref: "#/definitions/VolumeCreateOptions"
-      tags: ["Volume"]
-
-  /volumes/{name}:
-    get:
-      summary: "Inspect a volume"
-      operationId: "VolumeInspect"
-      produces: ["application/json"]
-      responses:
-        200:
-          description: "No error"
-          schema:
-            $ref: "#/definitions/Volume"
-        404:
-          description: "No such volume"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-        500:
-          description: "Server error"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-      parameters:
-        - name: "name"
-          in: "path"
-          required: true
-          description: "Volume name or ID"
-          type: "string"
-      tags: ["Volume"]
-
-    put:
-      summary: |
-        "Update a volume. Valid only for Swarm cluster volumes"
-      operationId: "VolumeUpdate"
-      consumes: ["application/json"]
-      produces: ["application/json"]
-      responses:
-        200:
-          description: "no error"
-        400:
-          description: "bad parameter"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-        404:
-          description: "no such volume"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-        500:
-          description: "server error"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-        503:
-          description: "node is not part of a swarm"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-      parameters:
-        - name: "name"
-          in: "path"
-          description: "The name or ID of the volume"
-          type: "string"
-          required: true
-        - name: "body"
-          in: "body"
-          schema:
-            # though the schema for is an object that contains only a
-            # ClusterVolumeSpec, wrapping the ClusterVolumeSpec in this object
-            # means that if, later on, we support things like changing the
-            # labels, we can do so without duplicating that information to the
-            # ClusterVolumeSpec.
-            type: "object"
-            description: "Volume configuration"
-            properties:
-              Spec:
-                $ref: "#/definitions/ClusterVolumeSpec"
-          description: |
-            The spec of the volume to update. Currently, only Availability may
-            change. All other fields must remain unchanged.
-        - name: "version"
-          in: "query"
-          description: |
-            The version number of the volume being updated. This is required to
-            avoid conflicting writes. Found in the volume's `ClusterVolume`
-            field.
-          type: "integer"
-          format: "int64"
-          required: true
-      tags: ["Volume"]
-
-    delete:
-      summary: "Remove a volume"
-      description: "Instruct the driver to remove the volume."
-      operationId: "VolumeDelete"
-      responses:
-        204:
-          description: "The volume was removed"
-        404:
-          description: "No such volume or volume driver"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-        409:
-          description: "Volume is in use and cannot be removed"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-        500:
-          description: "Server error"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-      parameters:
-        - name: "name"
-          in: "path"
-          required: true
-          description: "Volume name or ID"
-          type: "string"
-        - name: "force"
-          in: "query"
-          description: "Force the removal of the volume"
-          type: "boolean"
-          default: false
-      tags: ["Volume"]
-
-  /volumes/prune:
-    post:
-      summary: "Delete unused volumes"
-      produces:
-        - "application/json"
-      operationId: "VolumePrune"
-      parameters:
-        - name: "filters"
-          in: "query"
-          description: |
-            Filters to process on the prune list, encoded as JSON (a `map[string][]string`).
-
-            Available filters:
-            - `label` (`label=<key>`, `label=<key>=<value>`, `label!=<key>`, or `label!=<key>=<value>`) Prune volumes with (or without, in case `label!=...` is used) the specified labels.
-            - `all` (`all=true`) - Consider all (local) volumes for pruning and not just anonymous volumes.
-          type: "string"
-      responses:
-        200:
-          description: "No error"
-          schema:
-            type: "object"
-            title: "VolumePruneResponse"
-            properties:
-              VolumesDeleted:
-                description: "Volumes that were deleted"
-                type: "array"
-                items:
-                  type: "string"
-              SpaceReclaimed:
-                description: "Disk space reclaimed in bytes"
-                type: "integer"
-                format: "int64"
-        500:
-          description: "Server error"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-      tags: ["Volume"]
-  /networks:
-    get:
-      summary: "List networks"
-      description: |
-        Returns a list of networks. For details on the format, see the
-        [network inspect endpoint](#operation/NetworkInspect).
-
-        Note that it uses a different, smaller representation of a network than
-        inspecting a single network. For example, the list of containers attached
-        to the network is not propagated in API versions 1.28 and up.
-      operationId: "NetworkList"
-      produces:
-        - "application/json"
-      responses:
-        200:
-          description: "No error"
-          schema:
-            type: "array"
-            items:
-              $ref: "#/definitions/Network"
-          examples:
-            application/json:
-              - Name: "bridge"
-                Id: "f2de39df4171b0dc801e8002d1d999b77256983dfc63041c0f34030aa3977566"
-                Created: "2016-10-19T06:21:00.416543526Z"
-                Scope: "local"
-                Driver: "bridge"
-                EnableIPv4: true
-                EnableIPv6: false
-                Internal: false
-                Attachable: false
-                Ingress: false
-                IPAM:
-                  Driver: "default"
-                  Config:
-                    -
-                      Subnet: "172.17.0.0/16"
-                Options:
-                  com.docker.network.bridge.default_bridge: "true"
-                  com.docker.network.bridge.enable_icc: "true"
-                  com.docker.network.bridge.enable_ip_masquerade: "true"
-                  com.docker.network.bridge.host_binding_ipv4: "0.0.0.0"
-                  com.docker.network.bridge.name: "docker0"
-                  com.docker.network.driver.mtu: "1500"
-              - Name: "none"
-                Id: "e086a3893b05ab69242d3c44e49483a3bbbd3a26b46baa8f61ab797c1088d794"
-                Created: "0001-01-01T00:00:00Z"
-                Scope: "local"
-                Driver: "null"
-                EnableIPv4: false
-                EnableIPv6: false
-                Internal: false
-                Attachable: false
-                Ingress: false
-                IPAM:
-                  Driver: "default"
-                  Config: []
-                Containers: {}
-                Options: {}
-              - Name: "host"
-                Id: "13e871235c677f196c4e1ecebb9dc733b9b2d2ab589e30c539efeda84a24215e"
-                Created: "0001-01-01T00:00:00Z"
-                Scope: "local"
-                Driver: "host"
-                EnableIPv4: false
-                EnableIPv6: false
-                Internal: false
-                Attachable: false
-                Ingress: false
-                IPAM:
-                  Driver: "default"
-                  Config: []
-                Containers: {}
-                Options: {}
-        500:
-          description: "Server error"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-      parameters:
-        - name: "filters"
-          in: "query"
-          description: |
-            JSON encoded value of the filters (a `map[string][]string`) to process
-            on the networks list.
-
-            Available filters:
-
-            - `dangling=<boolean>` When set to `true` (or `1`), returns all
-               networks that are not in use by a container. When set to `false`
-               (or `0`), only networks that are in use by one or more
-               containers are returned.
-            - `driver=<driver-name>` Matches a network's driver.
-            - `id=<network-id>` Matches all or part of a network ID.
-            - `label=<key>` or `label=<key>=<value>` of a network label.
-            - `name=<network-name>` Matches all or part of a network name.
-            - `scope=["swarm"|"global"|"local"]` Filters networks by scope (`swarm`, `global`, or `local`).
-            - `type=["custom"|"builtin"]` Filters networks by type. The `custom` keyword returns all user-defined networks.
-          type: "string"
-      tags: ["Network"]
-
-  /networks/{id}:
-    get:
-      summary: "Inspect a network"
-      operationId: "NetworkInspect"
-      produces:
-        - "application/json"
-      responses:
-        200:
-          description: "No error"
-          schema:
-            $ref: "#/definitions/Network"
-        404:
-          description: "Network not found"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-        500:
-          description: "Server error"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-      parameters:
-        - name: "id"
-          in: "path"
-          description: "Network ID or name"
-          required: true
-          type: "string"
-        - name: "verbose"
-          in: "query"
-          description: "Detailed inspect output for troubleshooting"
-          type: "boolean"
-          default: false
-        - name: "scope"
-          in: "query"
-          description: "Filter the network by scope (swarm, global, or local)"
-          type: "string"
-      tags: ["Network"]
-
-    delete:
-      summary: "Remove a network"
-      operationId: "NetworkDelete"
-      responses:
-        204:
-          description: "No error"
-        403:
-          description: "operation not supported for pre-defined networks"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-        404:
-          description: "no such network"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-        500:
-          description: "Server error"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-      parameters:
-        - name: "id"
-          in: "path"
-          description: "Network ID or name"
-          required: true
-          type: "string"
-      tags: ["Network"]
-
-  /networks/create:
-    post:
-      summary: "Create a network"
-      operationId: "NetworkCreate"
-      consumes:
-        - "application/json"
-      produces:
-        - "application/json"
-      responses:
-        201:
-          description: "Network created successfully"
-          schema:
-            $ref: "#/definitions/NetworkCreateResponse"
-        400:
-          description: "bad parameter"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-        403:
-          description: |
-            Forbidden operation. This happens when trying to create a network named after a pre-defined network,
-            or when trying to create an overlay network on a daemon which is not part of a Swarm cluster.
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-        404:
-          description: "plugin not found"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-        500:
-          description: "Server error"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-      parameters:
-        - name: "networkConfig"
-          in: "body"
-          description: "Network configuration"
-          required: true
-          schema:
-            type: "object"
-            title: "NetworkCreateRequest"
-            required: ["Name"]
-            properties:
-              Name:
-                description: "The network's name."
-                type: "string"
-                example: "my_network"
-              Driver:
-                description: "Name of the network driver plugin to use."
-                type: "string"
-                default: "bridge"
-                example: "bridge"
-              Scope:
-                description: |
-                  The level at which the network exists (e.g. `swarm` for cluster-wide
-                  or `local` for machine level).
-                type: "string"
-              Internal:
-                description: "Restrict external access to the network."
-                type: "boolean"
-              Attachable:
-                description: |
-                  Globally scoped network is manually attachable by regular
-                  containers from workers in swarm mode.
-                type: "boolean"
-                example: true
-              Ingress:
-                description: |
-                  Ingress network is the network which provides the routing-mesh
-                  in swarm mode.
-                type: "boolean"
-                example: false
-              ConfigOnly:
-                description: |
-                  Creates a config-only network. Config-only networks are placeholder
-                  networks for network configurations to be used by other networks.
-                  Config-only networks cannot be used directly to run containers
-                  or services.
-                type: "boolean"
-                default: false
-                example: false
-              ConfigFrom:
-                description: |
-                  Specifies the source which will provide the configuration for
-                  this network. The specified network must be an existing
-                  config-only network; see ConfigOnly.
-                $ref: "#/definitions/ConfigReference"
-              IPAM:
-                description: "Optional custom IP scheme for the network."
-                $ref: "#/definitions/IPAM"
-              EnableIPv4:
-                description: "Enable IPv4 on the network."
-                type: "boolean"
-                example: true
-              EnableIPv6:
-                description: "Enable IPv6 on the network."
-                type: "boolean"
-                example: true
-              Options:
-                description: "Network specific options to be used by the drivers."
-                type: "object"
-                additionalProperties:
-                  type: "string"
-                example:
-                  com.docker.network.bridge.default_bridge: "true"
-                  com.docker.network.bridge.enable_icc: "true"
-                  com.docker.network.bridge.enable_ip_masquerade: "true"
-                  com.docker.network.bridge.host_binding_ipv4: "0.0.0.0"
-                  com.docker.network.bridge.name: "docker0"
-                  com.docker.network.driver.mtu: "1500"
-              Labels:
-                description: "User-defined key/value metadata."
-                type: "object"
-                additionalProperties:
-                  type: "string"
-                example:
-                  com.example.some-label: "some-value"
-                  com.example.some-other-label: "some-other-value"
-      tags: ["Network"]
-
-  /networks/{id}/connect:
-    post:
-      summary: "Connect a container to a network"
-      description: "The network must be either a local-scoped network or a swarm-scoped network with the `attachable` option set. A network cannot be re-attached to a running container"
-      operationId: "NetworkConnect"
-      consumes:
-        - "application/json"
-      responses:
-        200:
-          description: "No error"
-        400:
-          description: "bad parameter"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-        403:
-          description: "Operation forbidden"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-        404:
-          description: "Network or container not found"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-        500:
-          description: "Server error"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-      parameters:
-        - name: "id"
-          in: "path"
-          description: "Network ID or name"
-          required: true
-          type: "string"
-        - name: "container"
-          in: "body"
-          required: true
-          schema:
-            type: "object"
-            title: "NetworkConnectRequest"
-            properties:
-              Container:
-                type: "string"
-                description: "The ID or name of the container to connect to the network."
-              EndpointConfig:
-                $ref: "#/definitions/EndpointSettings"
-            example:
-              Container: "3613f73ba0e4"
-              EndpointConfig:
-                IPAMConfig:
-                  IPv4Address: "172.24.56.89"
-                  IPv6Address: "2001:db8::5689"
-                MacAddress: "02:42:ac:12:05:02"
-                Priority: 100
-      tags: ["Network"]
-
-  /networks/{id}/disconnect:
-    post:
-      summary: "Disconnect a container from a network"
-      operationId: "NetworkDisconnect"
-      consumes:
-        - "application/json"
-      responses:
-        200:
-          description: "No error"
-        403:
-          description: "Operation not supported for swarm scoped networks"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-        404:
-          description: "Network or container not found"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-        500:
-          description: "Server error"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-      parameters:
-        - name: "id"
-          in: "path"
-          description: "Network ID or name"
-          required: true
-          type: "string"
-        - name: "container"
-          in: "body"
-          required: true
-          schema:
-            type: "object"
-            title: "NetworkDisconnectRequest"
-            properties:
-              Container:
-                type: "string"
-                description: |
-                  The ID or name of the container to disconnect from the network.
-              Force:
-                type: "boolean"
-                description: |
-                  Force the container to disconnect from the network.
-      tags: ["Network"]
-  /networks/prune:
-    post:
-      summary: "Delete unused networks"
-      produces:
-        - "application/json"
-      operationId: "NetworkPrune"
-      parameters:
-        - name: "filters"
-          in: "query"
-          description: |
-            Filters to process on the prune list, encoded as JSON (a `map[string][]string`).
-
-            Available filters:
-            - `until=<timestamp>` Prune networks created before this timestamp. The `<timestamp>` can be Unix timestamps, date formatted timestamps, or Go duration strings (e.g. `10m`, `1h30m`) computed relative to the daemon machine’s time.
-            - `label` (`label=<key>`, `label=<key>=<value>`, `label!=<key>`, or `label!=<key>=<value>`) Prune networks with (or without, in case `label!=...` is used) the specified labels.
-          type: "string"
-      responses:
-        200:
-          description: "No error"
-          schema:
-            type: "object"
-            title: "NetworkPruneResponse"
-            properties:
-              NetworksDeleted:
-                description: "Networks that were deleted"
-                type: "array"
-                items:
-                  type: "string"
-        500:
-          description: "Server error"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-      tags: ["Network"]
-  /plugins:
-    get:
-      summary: "List plugins"
-      operationId: "PluginList"
-      description: "Returns information about installed plugins."
-      produces: ["application/json"]
-      responses:
-        200:
-          description: "No error"
-          schema:
-            type: "array"
-            items:
-              $ref: "#/definitions/Plugin"
-        500:
-          description: "Server error"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-      parameters:
-        - name: "filters"
-          in: "query"
-          type: "string"
-          description: |
-            A JSON encoded value of the filters (a `map[string][]string`) to
-            process on the plugin list.
-
-            Available filters:
-
-            - `capability=<capability name>`
-            - `enable=<true>|<false>`
-      tags: ["Plugin"]
-
-  /plugins/privileges:
-    get:
-      summary: "Get plugin privileges"
-      operationId: "GetPluginPrivileges"
-      responses:
-        200:
-          description: "no error"
-          schema:
-            type: "array"
-            items:
-              $ref: "#/definitions/PluginPrivilege"
-            example:
-              - Name: "network"
-                Description: ""
-                Value:
-                  - "host"
-              - Name: "mount"
-                Description: ""
-                Value:
-                  - "/data"
-              - Name: "device"
-                Description: ""
-                Value:
-                  - "/dev/cpu_dma_latency"
-        500:
-          description: "server error"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-      parameters:
-        - name: "remote"
-          in: "query"
-          description: |
-            The name of the plugin. The `:latest` tag is optional, and is the
-            default if omitted.
-          required: true
-          type: "string"
-      tags:
-        - "Plugin"
-
-  /plugins/pull:
-    post:
-      summary: "Install a plugin"
-      operationId: "PluginPull"
-      description: |
-        Pulls and installs a plugin. After the plugin is installed, it can be
-        enabled using the [`POST /plugins/{name}/enable` endpoint](#operation/PostPluginsEnable).
-      produces:
-        - "application/json"
-      responses:
-        204:
-          description: "no error"
-        500:
-          description: "server error"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-      parameters:
-        - name: "remote"
-          in: "query"
-          description: |
-            Remote reference for plugin to install.
-
-            The `:latest` tag is optional, and is used as the default if omitted.
-          required: true
-          type: "string"
-        - name: "name"
-          in: "query"
-          description: |
-            Local name for the pulled plugin.
-
-            The `:latest` tag is optional, and is used as the default if omitted.
-          required: false
-          type: "string"
-        - name: "X-Registry-Auth"
-          in: "header"
-          description: |
-            A base64url-encoded auth configuration to use when pulling a plugin
-            from a registry.
-
-            Refer to the [authentication section](#section/Authentication) for
-            details.
-          type: "string"
-        - name: "body"
-          in: "body"
-          schema:
-            type: "array"
-            items:
-              $ref: "#/definitions/PluginPrivilege"
-            example:
-              - Name: "network"
-                Description: ""
-                Value:
-                  - "host"
-              - Name: "mount"
-                Description: ""
-                Value:
-                  - "/data"
-              - Name: "device"
-                Description: ""
-                Value:
-                  - "/dev/cpu_dma_latency"
-      tags: ["Plugin"]
-  /plugins/{name}/json:
-    get:
-      summary: "Inspect a plugin"
-      operationId: "PluginInspect"
-      responses:
-        200:
-          description: "no error"
-          schema:
-            $ref: "#/definitions/Plugin"
-        404:
-          description: "plugin is not installed"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-        500:
-          description: "server error"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-      parameters:
-        - name: "name"
-          in: "path"
-          description: |
-            The name of the plugin. The `:latest` tag is optional, and is the
-            default if omitted.
-          required: true
-          type: "string"
-      tags: ["Plugin"]
-  /plugins/{name}:
-    delete:
-      summary: "Remove a plugin"
-      operationId: "PluginDelete"
-      responses:
-        200:
-          description: "no error"
-          schema:
-            $ref: "#/definitions/Plugin"
-        404:
-          description: "plugin is not installed"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-        500:
-          description: "server error"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-      parameters:
-        - name: "name"
-          in: "path"
-          description: |
-            The name of the plugin. The `:latest` tag is optional, and is the
-            default if omitted.
-          required: true
-          type: "string"
-        - name: "force"
-          in: "query"
-          description: |
-            Disable the plugin before removing. This may result in issues if the
-            plugin is in use by a container.
-          type: "boolean"
-          default: false
-      tags: ["Plugin"]
-  /plugins/{name}/enable:
-    post:
-      summary: "Enable a plugin"
-      operationId: "PluginEnable"
-      responses:
-        200:
-          description: "no error"
-        404:
-          description: "plugin is not installed"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-        500:
-          description: "server error"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-      parameters:
-        - name: "name"
-          in: "path"
-          description: |
-            The name of the plugin. The `:latest` tag is optional, and is the
-            default if omitted.
-          required: true
-          type: "string"
-        - name: "timeout"
-          in: "query"
-          description: "Set the HTTP client timeout (in seconds)"
-          type: "integer"
-          default: 0
-      tags: ["Plugin"]
-  /plugins/{name}/disable:
-    post:
-      summary: "Disable a plugin"
-      operationId: "PluginDisable"
-      responses:
-        200:
-          description: "no error"
-        404:
-          description: "plugin is not installed"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-        500:
-          description: "server error"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-      parameters:
-        - name: "name"
-          in: "path"
-          description: |
-            The name of the plugin. The `:latest` tag is optional, and is the
-            default if omitted.
-          required: true
-          type: "string"
-        - name: "force"
-          in: "query"
-          description: |
-            Force disable a plugin even if still in use.
-          required: false
-          type: "boolean"
-      tags: ["Plugin"]
-  /plugins/{name}/upgrade:
-    post:
-      summary: "Upgrade a plugin"
-      operationId: "PluginUpgrade"
-      responses:
-        204:
-          description: "no error"
-        404:
-          description: "plugin not installed"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-        500:
-          description: "server error"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-      parameters:
-        - name: "name"
-          in: "path"
-          description: |
-            The name of the plugin. The `:latest` tag is optional, and is the
-            default if omitted.
-          required: true
-          type: "string"
-        - name: "remote"
-          in: "query"
-          description: |
-            Remote reference to upgrade to.
-
-            The `:latest` tag is optional, and is used as the default if omitted.
-          required: true
-          type: "string"
-        - name: "X-Registry-Auth"
-          in: "header"
-          description: |
-            A base64url-encoded auth configuration to use when pulling a plugin
-            from a registry.
-
-            Refer to the [authentication section](#section/Authentication) for
-            details.
-          type: "string"
-        - name: "body"
-          in: "body"
-          schema:
-            type: "array"
-            items:
-              $ref: "#/definitions/PluginPrivilege"
-            example:
-              - Name: "network"
-                Description: ""
-                Value:
-                  - "host"
-              - Name: "mount"
-                Description: ""
-                Value:
-                  - "/data"
-              - Name: "device"
-                Description: ""
-                Value:
-                  - "/dev/cpu_dma_latency"
-      tags: ["Plugin"]
-  /plugins/create:
-    post:
-      summary: "Create a plugin"
-      operationId: "PluginCreate"
-      consumes:
-        - "application/x-tar"
-      responses:
-        204:
-          description: "no error"
-        500:
-          description: "server error"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-      parameters:
-        - name: "name"
-          in: "query"
-          description: |
-            The name of the plugin. The `:latest` tag is optional, and is the
-            default if omitted.
-          required: true
-          type: "string"
-        - name: "tarContext"
-          in: "body"
-          description: "Path to tar containing plugin rootfs and manifest"
-          schema:
-            type: "string"
-            format: "binary"
-      tags: ["Plugin"]
-  /plugins/{name}/push:
-    post:
-      summary: "Push a plugin"
-      operationId: "PluginPush"
-      description: |
-        Push a plugin to the registry.
-      parameters:
-        - name: "name"
-          in: "path"
-          description: |
-            The name of the plugin. The `:latest` tag is optional, and is the
-            default if omitted.
-          required: true
-          type: "string"
-      responses:
-        200:
-          description: "no error"
-        404:
-          description: "plugin not installed"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-        500:
-          description: "server error"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-      tags: ["Plugin"]
-  /plugins/{name}/set:
-    post:
-      summary: "Configure a plugin"
-      operationId: "PluginSet"
-      consumes:
-        - "application/json"
-      parameters:
-        - name: "name"
-          in: "path"
-          description: |
-            The name of the plugin. The `:latest` tag is optional, and is the
-            default if omitted.
-          required: true
-          type: "string"
-        - name: "body"
-          in: "body"
-          schema:
-            type: "array"
-            items:
-              type: "string"
-            example: ["DEBUG=1"]
-      responses:
-        204:
-          description: "No error"
-        404:
-          description: "Plugin not installed"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-        500:
-          description: "Server error"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-      tags: ["Plugin"]
-  /nodes:
-    get:
-      summary: "List nodes"
-      operationId: "NodeList"
-      responses:
-        200:
-          description: "no error"
-          schema:
-            type: "array"
-            items:
-              $ref: "#/definitions/Node"
-        500:
-          description: "server error"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-        503:
-          description: "node is not part of a swarm"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-      parameters:
-        - name: "filters"
-          in: "query"
-          description: |
-            Filters to process on the nodes list, encoded as JSON (a `map[string][]string`).
-
-            Available filters:
-            - `id=<node id>`
-            - `label=<engine label>`
-            - `membership=`(`accepted`|`pending`)`
-            - `name=<node name>`
-            - `node.label=<node label>`
-            - `role=`(`manager`|`worker`)`
-          type: "string"
-      tags: ["Node"]
-  /nodes/{id}:
-    get:
-      summary: "Inspect a node"
-      operationId: "NodeInspect"
-      responses:
-        200:
-          description: "no error"
-          schema:
-            $ref: "#/definitions/Node"
-        404:
-          description: "no such node"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-        500:
-          description: "server error"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-        503:
-          description: "node is not part of a swarm"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-      parameters:
-        - name: "id"
-          in: "path"
-          description: "The ID or name of the node"
-          type: "string"
-          required: true
-      tags: ["Node"]
-    delete:
-      summary: "Delete a node"
-      operationId: "NodeDelete"
-      responses:
-        200:
-          description: "no error"
-        404:
-          description: "no such node"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-        500:
-          description: "server error"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-        503:
-          description: "node is not part of a swarm"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-      parameters:
-        - name: "id"
-          in: "path"
-          description: "The ID or name of the node"
-          type: "string"
-          required: true
-        - name: "force"
-          in: "query"
-          description: "Force remove a node from the swarm"
-          default: false
-          type: "boolean"
-      tags: ["Node"]
-  /nodes/{id}/update:
-    post:
-      summary: "Update a node"
-      operationId: "NodeUpdate"
-      responses:
-        200:
-          description: "no error"
-        400:
-          description: "bad parameter"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-        404:
-          description: "no such node"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-        500:
-          description: "server error"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-        503:
-          description: "node is not part of a swarm"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-      parameters:
-        - name: "id"
-          in: "path"
-          description: "The ID of the node"
-          type: "string"
-          required: true
-        - name: "body"
-          in: "body"
-          schema:
-            $ref: "#/definitions/NodeSpec"
-        - name: "version"
-          in: "query"
-          description: |
-            The version number of the node object being updated. This is required
-            to avoid conflicting writes.
-          type: "integer"
-          format: "int64"
-          required: true
-      tags: ["Node"]
-  /swarm:
-    get:
-      summary: "Inspect swarm"
-      operationId: "SwarmInspect"
-      responses:
-        200:
-          description: "no error"
-          schema:
-            $ref: "#/definitions/Swarm"
-        404:
-          description: "no such swarm"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-        500:
-          description: "server error"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-        503:
-          description: "node is not part of a swarm"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-      tags: ["Swarm"]
-  /swarm/init:
-    post:
-      summary: "Initialize a new swarm"
-      operationId: "SwarmInit"
-      produces:
-        - "application/json"
-        - "text/plain"
-      responses:
-        200:
-          description: "no error"
-          schema:
-            description: "The node ID"
-            type: "string"
-            example: "7v2t30z9blmxuhnyo6s4cpenp"
-        400:
-          description: "bad parameter"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-        500:
-          description: "server error"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-        503:
-          description: "node is already part of a swarm"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-      parameters:
-        - name: "body"
-          in: "body"
-          required: true
-          schema:
-            type: "object"
-            title: "SwarmInitRequest"
-            properties:
-              ListenAddr:
-                description: |
-                  Listen address used for inter-manager communication, as well
-                  as determining the networking interface used for the VXLAN
-                  Tunnel Endpoint (VTEP). This can either be an address/port
-                  combination in the form `192.168.1.1:4567`, or an interface
-                  followed by a port number, like `eth0:4567`. If the port number
-                  is omitted, the default swarm listening port is used.
-                type: "string"
-              AdvertiseAddr:
-                description: |
-                  Externally reachable address advertised to other nodes. This
-                  can either be an address/port combination in the form
-                  `192.168.1.1:4567`, or an interface followed by a port number,
-                  like `eth0:4567`. If the port number is omitted, the port
-                  number from the listen address is used. If `AdvertiseAddr` is
-                  not specified, it will be automatically detected when possible.
-                type: "string"
-              DataPathAddr:
-                description: |
-                  Address or interface to use for data path traffic (format:
-                  `<ip|interface>`), for example,  `192.168.1.1`, or an interface,
-                  like `eth0`. If `DataPathAddr` is unspecified, the same address
-                  as `AdvertiseAddr` is used.
-
-                  The `DataPathAddr` specifies the address that global scope
-                  network drivers will publish towards other  nodes in order to
-                  reach the containers running on this node. Using this parameter
-                  it is possible to separate the container data traffic from the
-                  management traffic of the cluster.
-                type: "string"
-              DataPathPort:
-                description: |
-                  DataPathPort specifies the data path port number for data traffic.
-                  Acceptable port range is 1024 to 49151.
-                  if no port is set or is set to 0, default port 4789 will be used.
-                type: "integer"
-                format: "uint32"
-              DefaultAddrPool:
-                description: |
-                  Default Address Pool specifies default subnet pools for global
-                  scope networks.
-                type: "array"
-                items:
-                  type: "string"
-                  example: ["10.10.0.0/16", "20.20.0.0/16"]
-              ForceNewCluster:
-                description: "Force creation of a new swarm."
-                type: "boolean"
-              SubnetSize:
-                description: |
-                  SubnetSize specifies the subnet size of the networks created
-                  from the default subnet pool.
-                type: "integer"
-                format: "uint32"
-              Spec:
-                $ref: "#/definitions/SwarmSpec"
-            example:
-              ListenAddr: "0.0.0.0:2377"
-              AdvertiseAddr: "192.168.1.1:2377"
-              DataPathPort: 4789
-              DefaultAddrPool: ["10.10.0.0/8", "20.20.0.0/8"]
-              SubnetSize: 24
-              ForceNewCluster: false
-              Spec:
-                Orchestration: {}
-                Raft: {}
-                Dispatcher: {}
-                CAConfig: {}
-                EncryptionConfig:
-                  AutoLockManagers: false
-      tags: ["Swarm"]
-  /swarm/join:
-    post:
-      summary: "Join an existing swarm"
-      operationId: "SwarmJoin"
-      responses:
-        200:
-          description: "no error"
-        400:
-          description: "bad parameter"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-        500:
-          description: "server error"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-        503:
-          description: "node is already part of a swarm"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-      parameters:
-        - name: "body"
-          in: "body"
-          required: true
-          schema:
-            type: "object"
-            title: "SwarmJoinRequest"
-            properties:
-              ListenAddr:
-                description: |
-                  Listen address used for inter-manager communication if the node
-                  gets promoted to manager, as well as determining the networking
-                  interface used for the VXLAN Tunnel Endpoint (VTEP).
-                type: "string"
-              AdvertiseAddr:
-                description: |
-                  Externally reachable address advertised to other nodes. This
-                  can either be an address/port combination in the form
-                  `192.168.1.1:4567`, or an interface followed by a port number,
-                  like `eth0:4567`. If the port number is omitted, the port
-                  number from the listen address is used. If `AdvertiseAddr` is
-                  not specified, it will be automatically detected when possible.
-                type: "string"
-              DataPathAddr:
-                description: |
-                  Address or interface to use for data path traffic (format:
-                  `<ip|interface>`), for example,  `192.168.1.1`, or an interface,
-                  like `eth0`. If `DataPathAddr` is unspecified, the same address
-                  as `AdvertiseAddr` is used.
-
-                  The `DataPathAddr` specifies the address that global scope
-                  network drivers will publish towards other nodes in order to
-                  reach the containers running on this node. Using this parameter
-                  it is possible to separate the container data traffic from the
-                  management traffic of the cluster.
-
-                type: "string"
-              RemoteAddrs:
-                description: |
-                  Addresses of manager nodes already participating in the swarm.
-                type: "array"
-                items:
-                  type: "string"
-              JoinToken:
-                description: "Secret token for joining this swarm."
-                type: "string"
-            example:
-              ListenAddr: "0.0.0.0:2377"
-              AdvertiseAddr: "192.168.1.1:2377"
-              DataPathAddr: "192.168.1.1"
-              RemoteAddrs:
-                - "node1:2377"
-              JoinToken: "SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-7p73s1dx5in4tatdymyhg9hu2"
-      tags: ["Swarm"]
-  /swarm/leave:
-    post:
-      summary: "Leave a swarm"
-      operationId: "SwarmLeave"
-      responses:
-        200:
-          description: "no error"
-        500:
-          description: "server error"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-        503:
-          description: "node is not part of a swarm"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-      parameters:
-        - name: "force"
-          description: |
-            Force leave swarm, even if this is the last manager or that it will
-            break the cluster.
-          in: "query"
-          type: "boolean"
-          default: false
-      tags: ["Swarm"]
-  /swarm/update:
-    post:
-      summary: "Update a swarm"
-      operationId: "SwarmUpdate"
-      responses:
-        200:
-          description: "no error"
-        400:
-          description: "bad parameter"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-        500:
-          description: "server error"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-        503:
-          description: "node is not part of a swarm"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-      parameters:
-        - name: "body"
-          in: "body"
-          required: true
-          schema:
-            $ref: "#/definitions/SwarmSpec"
-        - name: "version"
-          in: "query"
-          description: |
-            The version number of the swarm object being updated. This is
-            required to avoid conflicting writes.
-          type: "integer"
-          format: "int64"
-          required: true
-        - name: "rotateWorkerToken"
-          in: "query"
-          description: "Rotate the worker join token."
-          type: "boolean"
-          default: false
-        - name: "rotateManagerToken"
-          in: "query"
-          description: "Rotate the manager join token."
-          type: "boolean"
-          default: false
-        - name: "rotateManagerUnlockKey"
-          in: "query"
-          description: "Rotate the manager unlock key."
-          type: "boolean"
-          default: false
-      tags: ["Swarm"]
-  /swarm/unlockkey:
-    get:
-      summary: "Get the unlock key"
-      operationId: "SwarmUnlockkey"
-      consumes:
-        - "application/json"
-      responses:
-        200:
-          description: "no error"
-          schema:
-            type: "object"
-            title: "UnlockKeyResponse"
-            properties:
-              UnlockKey:
-                description: "The swarm's unlock key."
-                type: "string"
-            example:
-              UnlockKey: "SWMKEY-1-7c37Cc8654o6p38HnroywCi19pllOnGtbdZEgtKxZu8"
-        500:
-          description: "server error"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-        503:
-          description: "node is not part of a swarm"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-      tags: ["Swarm"]
-  /swarm/unlock:
-    post:
-      summary: "Unlock a locked manager"
-      operationId: "SwarmUnlock"
-      consumes:
-        - "application/json"
-      produces:
-        - "application/json"
-      parameters:
-        - name: "body"
-          in: "body"
-          required: true
-          schema:
-            type: "object"
-            title: "SwarmUnlockRequest"
-            properties:
-              UnlockKey:
-                description: "The swarm's unlock key."
-                type: "string"
-            example:
-              UnlockKey: "SWMKEY-1-7c37Cc8654o6p38HnroywCi19pllOnGtbdZEgtKxZu8"
-      responses:
-        200:
-          description: "no error"
-        500:
-          description: "server error"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-        503:
-          description: "node is not part of a swarm"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-      tags: ["Swarm"]
-  /services:
-    get:
-      summary: "List services"
-      operationId: "ServiceList"
-      responses:
-        200:
-          description: "no error"
-          schema:
-            type: "array"
-            items:
-              $ref: "#/definitions/Service"
-        500:
-          description: "server error"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-        503:
-          description: "node is not part of a swarm"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-      parameters:
-        - name: "filters"
-          in: "query"
-          type: "string"
-          description: |
-            A JSON encoded value of the filters (a `map[string][]string`) to
-            process on the services list.
-
-            Available filters:
-
-            - `id=<service id>`
-            - `label=<service label>`
-            - `mode=["replicated"|"global"]`
-            - `name=<service name>`
-        - name: "status"
-          in: "query"
-          type: "boolean"
-          description: |
-            Include service status, with count of running and desired tasks.
-      tags: ["Service"]
-  /services/create:
-    post:
-      summary: "Create a service"
-      operationId: "ServiceCreate"
-      consumes:
-        - "application/json"
-      produces:
-        - "application/json"
-      responses:
-        201:
-          description: "no error"
-          schema:
-            $ref: "#/definitions/ServiceCreateResponse"
-        400:
-          description: "bad parameter"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-        403:
-          description: "network is not eligible for services"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-        409:
-          description: "name conflicts with an existing service"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-        500:
-          description: "server error"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-        503:
-          description: "node is not part of a swarm"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-      parameters:
-        - name: "body"
-          in: "body"
-          required: true
-          schema:
-            allOf:
-              - $ref: "#/definitions/ServiceSpec"
-              - type: "object"
-                example:
-                  Name: "web"
-                  TaskTemplate:
-                    ContainerSpec:
-                      Image: "nginx:alpine"
-                      Mounts:
-                        -
-                          ReadOnly: true
-                          Source: "web-data"
-                          Target: "/usr/share/nginx/html"
-                          Type: "volume"
-                          VolumeOptions:
-                            DriverConfig: {}
-                            Labels:
-                              com.example.something: "something-value"
-                      Hosts: ["10.10.10.10 host1", "ABCD:EF01:2345:6789:ABCD:EF01:2345:6789 host2"]
-                      User: "33"
-                      DNSConfig:
-                        Nameservers: ["8.8.8.8"]
-                        Search: ["example.org"]
-                        Options: ["timeout:3"]
-                      Secrets:
-                        -
-                          File:
-                            Name: "www.example.org.key"
-                            UID: "33"
-                            GID: "33"
-                            Mode: 384
-                          SecretID: "fpjqlhnwb19zds35k8wn80lq9"
-                          SecretName: "example_org_domain_key"
-                      OomScoreAdj: 0
-                    LogDriver:
-                      Name: "json-file"
-                      Options:
-                        max-file: "3"
-                        max-size: "10M"
-                    Placement: {}
-                    Resources:
-                      Limits:
-                        MemoryBytes: 104857600
-                      Reservations: {}
-                    RestartPolicy:
-                      Condition: "on-failure"
-                      Delay: 10000000000
-                      MaxAttempts: 10
-                  Mode:
-                    Replicated:
-                      Replicas: 4
-                  UpdateConfig:
-                    Parallelism: 2
-                    Delay: 1000000000
-                    FailureAction: "pause"
-                    Monitor: 15000000000
-                    MaxFailureRatio: 0.15
-                  RollbackConfig:
-                    Parallelism: 1
-                    Delay: 1000000000
-                    FailureAction: "pause"
-                    Monitor: 15000000000
-                    MaxFailureRatio: 0.15
-                  EndpointSpec:
-                    Ports:
-                      -
-                        Protocol: "tcp"
-                        PublishedPort: 8080
-                        TargetPort: 80
-                  Labels:
-                    foo: "bar"
-        - name: "X-Registry-Auth"
-          in: "header"
-          description: |
-            A base64url-encoded auth configuration for pulling from private
-            registries.
-
-            Refer to the [authentication section](#section/Authentication) for
-            details.
-          type: "string"
-      tags: ["Service"]
-  /services/{id}:
-    get:
-      summary: "Inspect a service"
-      operationId: "ServiceInspect"
-      responses:
-        200:
-          description: "no error"
-          schema:
-            $ref: "#/definitions/Service"
-        404:
-          description: "no such service"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-        500:
-          description: "server error"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-        503:
-          description: "node is not part of a swarm"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-      parameters:
-        - name: "id"
-          in: "path"
-          description: "ID or name of service."
-          required: true
-          type: "string"
-        - name: "insertDefaults"
-          in: "query"
-          description: "Fill empty fields with default values."
-          type: "boolean"
-          default: false
-      tags: ["Service"]
-    delete:
-      summary: "Delete a service"
-      operationId: "ServiceDelete"
-      responses:
-        200:
-          description: "no error"
-        404:
-          description: "no such service"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-        500:
-          description: "server error"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-        503:
-          description: "node is not part of a swarm"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-      parameters:
-        - name: "id"
-          in: "path"
-          description: "ID or name of service."
-          required: true
-          type: "string"
-      tags: ["Service"]
-  /services/{id}/update:
-    post:
-      summary: "Update a service"
-      operationId: "ServiceUpdate"
-      consumes: ["application/json"]
-      produces: ["application/json"]
-      responses:
-        200:
-          description: "no error"
-          schema:
-            $ref: "#/definitions/ServiceUpdateResponse"
-        400:
-          description: "bad parameter"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-        404:
-          description: "no such service"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-        500:
-          description: "server error"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-        503:
-          description: "node is not part of a swarm"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-      parameters:
-        - name: "id"
-          in: "path"
-          description: "ID or name of service."
-          required: true
-          type: "string"
-        - name: "body"
-          in: "body"
-          required: true
-          schema:
-            allOf:
-              - $ref: "#/definitions/ServiceSpec"
-              - type: "object"
-                example:
-                  Name: "top"
-                  TaskTemplate:
-                    ContainerSpec:
-                      Image: "busybox"
-                      Args:
-                        - "top"
-                      OomScoreAdj: 0
-                    Resources:
-                      Limits: {}
-                      Reservations: {}
-                    RestartPolicy:
-                      Condition: "any"
-                      MaxAttempts: 0
-                    Placement: {}
-                    ForceUpdate: 0
-                  Mode:
-                    Replicated:
-                      Replicas: 1
-                  UpdateConfig:
-                    Parallelism: 2
-                    Delay: 1000000000
-                    FailureAction: "pause"
-                    Monitor: 15000000000
-                    MaxFailureRatio: 0.15
-                  RollbackConfig:
-                    Parallelism: 1
-                    Delay: 1000000000
-                    FailureAction: "pause"
-                    Monitor: 15000000000
-                    MaxFailureRatio: 0.15
-                  EndpointSpec:
-                    Mode: "vip"
-
-        - name: "version"
-          in: "query"
-          description: |
-            The version number of the service object being updated. This is
-            required to avoid conflicting writes.
-            This version number should be the value as currently set on the
-            service *before* the update. You can find the current version by
-            calling `GET /services/{id}`
-          required: true
-          type: "integer"
-        - name: "registryAuthFrom"
-          in: "query"
-          description: |
-            If the `X-Registry-Auth` header is not specified, this parameter
-            indicates where to find registry authorization credentials.
-          type: "string"
-          enum: ["spec", "previous-spec"]
-          default: "spec"
-        - name: "rollback"
-          in: "query"
-          description: |
-            Set to this parameter to `previous` to cause a server-side rollback
-            to the previous service spec. The supplied spec will be ignored in
-            this case.
-          type: "string"
-        - name: "X-Registry-Auth"
-          in: "header"
-          description: |
-            A base64url-encoded auth configuration for pulling from private
-            registries.
-
-            Refer to the [authentication section](#section/Authentication) for
-            details.
-          type: "string"
-
-      tags: ["Service"]
-  /services/{id}/logs:
-    get:
-      summary: "Get service logs"
-      description: |
-        Get `stdout` and `stderr` logs from a service. See also
-        [`/containers/{id}/logs`](#operation/ContainerLogs).
-
-        **Note**: This endpoint works only for services with the `local`,
-        `json-file` or `journald` logging drivers.
-      produces:
-        - "application/vnd.docker.raw-stream"
-        - "application/vnd.docker.multiplexed-stream"
-      operationId: "ServiceLogs"
-      responses:
-        200:
-          description: "logs returned as a stream in response body"
-          schema:
-            type: "string"
-            format: "binary"
-        404:
-          description: "no such service"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-          examples:
-            application/json:
-              message: "No such service: c2ada9df5af8"
-        500:
-          description: "server error"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-        503:
-          description: "node is not part of a swarm"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-      parameters:
-        - name: "id"
-          in: "path"
-          required: true
-          description: "ID or name of the service"
-          type: "string"
-        - name: "details"
-          in: "query"
-          description: "Show service context and extra details provided to logs."
-          type: "boolean"
-          default: false
-        - name: "follow"
-          in: "query"
-          description: "Keep connection after returning logs."
-          type: "boolean"
-          default: false
-        - name: "stdout"
-          in: "query"
-          description: "Return logs from `stdout`"
-          type: "boolean"
-          default: false
-        - name: "stderr"
-          in: "query"
-          description: "Return logs from `stderr`"
-          type: "boolean"
-          default: false
-        - name: "since"
-          in: "query"
-          description: "Only return logs since this time, as a UNIX timestamp"
-          type: "integer"
-          default: 0
-        - name: "timestamps"
-          in: "query"
-          description: "Add timestamps to every log line"
-          type: "boolean"
-          default: false
-        - name: "tail"
-          in: "query"
-          description: |
-            Only return this number of log lines from the end of the logs.
-            Specify as an integer or `all` to output all log lines.
-          type: "string"
-          default: "all"
-      tags: ["Service"]
-  /tasks:
-    get:
-      summary: "List tasks"
-      operationId: "TaskList"
-      produces:
-        - "application/json"
-      responses:
-        200:
-          description: "no error"
-          schema:
-            type: "array"
-            items:
-              $ref: "#/definitions/Task"
-            example:
-              - ID: "0kzzo1i0y4jz6027t0k7aezc7"
-                Version:
-                  Index: 71
-                CreatedAt: "2016-06-07T21:07:31.171892745Z"
-                UpdatedAt: "2016-06-07T21:07:31.376370513Z"
-                Spec:
-                  ContainerSpec:
-                    Image: "redis"
-                  Resources:
-                    Limits: {}
-                    Reservations: {}
-                  RestartPolicy:
-                    Condition: "any"
-                    MaxAttempts: 0
-                  Placement: {}
-                ServiceID: "9mnpnzenvg8p8tdbtq4wvbkcz"
-                Slot: 1
-                NodeID: "60gvrl6tm78dmak4yl7srz94v"
-                Status:
-                  Timestamp: "2016-06-07T21:07:31.290032978Z"
-                  State: "running"
-                  Message: "started"
-                  ContainerStatus:
-                    ContainerID: "e5d62702a1b48d01c3e02ca1e0212a250801fa8d67caca0b6f35919ebc12f035"
-                    PID: 677
-                DesiredState: "running"
-                NetworksAttachments:
-                  - Network:
-                      ID: "4qvuz4ko70xaltuqbt8956gd1"
-                      Version:
-                        Index: 18
-                      CreatedAt: "2016-06-07T20:31:11.912919752Z"
-                      UpdatedAt: "2016-06-07T21:07:29.955277358Z"
-                      Spec:
-                        Name: "ingress"
-                        Labels:
-                          com.docker.swarm.internal: "true"
-                        DriverConfiguration: {}
-                        IPAMOptions:
-                          Driver: {}
-                          Configs:
-                            - Subnet: "10.255.0.0/16"
-                              Gateway: "10.255.0.1"
-                      DriverState:
-                        Name: "overlay"
-                        Options:
-                          com.docker.network.driver.overlay.vxlanid_list: "256"
-                      IPAMOptions:
-                        Driver:
-                          Name: "default"
-                        Configs:
-                          - Subnet: "10.255.0.0/16"
-                            Gateway: "10.255.0.1"
-                    Addresses:
-                      - "10.255.0.10/16"
-              - ID: "1yljwbmlr8er2waf8orvqpwms"
-                Version:
-                  Index: 30
-                CreatedAt: "2016-06-07T21:07:30.019104782Z"
-                UpdatedAt: "2016-06-07T21:07:30.231958098Z"
-                Name: "hopeful_cori"
-                Spec:
-                  ContainerSpec:
-                    Image: "redis"
-                  Resources:
-                    Limits: {}
-                    Reservations: {}
-                  RestartPolicy:
-                    Condition: "any"
-                    MaxAttempts: 0
-                  Placement: {}
-                ServiceID: "9mnpnzenvg8p8tdbtq4wvbkcz"
-                Slot: 1
-                NodeID: "60gvrl6tm78dmak4yl7srz94v"
-                Status:
-                  Timestamp: "2016-06-07T21:07:30.202183143Z"
-                  State: "shutdown"
-                  Message: "shutdown"
-                  ContainerStatus:
-                    ContainerID: "1cf8d63d18e79668b0004a4be4c6ee58cddfad2dae29506d8781581d0688a213"
-                DesiredState: "shutdown"
-                NetworksAttachments:
-                  - Network:
-                      ID: "4qvuz4ko70xaltuqbt8956gd1"
-                      Version:
-                        Index: 18
-                      CreatedAt: "2016-06-07T20:31:11.912919752Z"
-                      UpdatedAt: "2016-06-07T21:07:29.955277358Z"
-                      Spec:
-                        Name: "ingress"
-                        Labels:
-                          com.docker.swarm.internal: "true"
-                        DriverConfiguration: {}
-                        IPAMOptions:
-                          Driver: {}
-                          Configs:
-                            - Subnet: "10.255.0.0/16"
-                              Gateway: "10.255.0.1"
-                      DriverState:
-                        Name: "overlay"
-                        Options:
-                          com.docker.network.driver.overlay.vxlanid_list: "256"
-                      IPAMOptions:
-                        Driver:
-                          Name: "default"
-                        Configs:
-                          - Subnet: "10.255.0.0/16"
-                            Gateway: "10.255.0.1"
-                    Addresses:
-                      - "10.255.0.5/16"
-        500:
-          description: "server error"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-        503:
-          description: "node is not part of a swarm"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-      parameters:
-        - name: "filters"
-          in: "query"
-          type: "string"
-          description: |
-            A JSON encoded value of the filters (a `map[string][]string`) to
-            process on the tasks list.
-
-            Available filters:
-
-            - `desired-state=(running | shutdown | accepted)`
-            - `id=<task id>`
-            - `label=key` or `label="key=value"`
-            - `name=<task name>`
-            - `node=<node id or name>`
-            - `service=<service name>`
-      tags: ["Task"]
-  /tasks/{id}:
-    get:
-      summary: "Inspect a task"
-      operationId: "TaskInspect"
-      produces:
-        - "application/json"
-      responses:
-        200:
-          description: "no error"
-          schema:
-            $ref: "#/definitions/Task"
-        404:
-          description: "no such task"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-        500:
-          description: "server error"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-        503:
-          description: "node is not part of a swarm"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-      parameters:
-        - name: "id"
-          in: "path"
-          description: "ID of the task"
-          required: true
-          type: "string"
-      tags: ["Task"]
-  /tasks/{id}/logs:
-    get:
-      summary: "Get task logs"
-      description: |
-        Get `stdout` and `stderr` logs from a task.
-        See also [`/containers/{id}/logs`](#operation/ContainerLogs).
-
-        **Note**: This endpoint works only for services with the `local`,
-        `json-file` or `journald` logging drivers.
-      operationId: "TaskLogs"
-      produces:
-        - "application/vnd.docker.raw-stream"
-        - "application/vnd.docker.multiplexed-stream"
-      responses:
-        200:
-          description: "logs returned as a stream in response body"
-          schema:
-            type: "string"
-            format: "binary"
-        404:
-          description: "no such task"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-          examples:
-            application/json:
-              message: "No such task: c2ada9df5af8"
-        500:
-          description: "server error"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-        503:
-          description: "node is not part of a swarm"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-      parameters:
-        - name: "id"
-          in: "path"
-          required: true
-          description: "ID of the task"
-          type: "string"
-        - name: "details"
-          in: "query"
-          description: "Show task context and extra details provided to logs."
-          type: "boolean"
-          default: false
-        - name: "follow"
-          in: "query"
-          description: "Keep connection after returning logs."
-          type: "boolean"
-          default: false
-        - name: "stdout"
-          in: "query"
-          description: "Return logs from `stdout`"
-          type: "boolean"
-          default: false
-        - name: "stderr"
-          in: "query"
-          description: "Return logs from `stderr`"
-          type: "boolean"
-          default: false
-        - name: "since"
-          in: "query"
-          description: "Only return logs since this time, as a UNIX timestamp"
-          type: "integer"
-          default: 0
-        - name: "timestamps"
-          in: "query"
-          description: "Add timestamps to every log line"
-          type: "boolean"
-          default: false
-        - name: "tail"
-          in: "query"
-          description: |
-            Only return this number of log lines from the end of the logs.
-            Specify as an integer or `all` to output all log lines.
-          type: "string"
-          default: "all"
-      tags: ["Task"]
-  /secrets:
-    get:
-      summary: "List secrets"
-      operationId: "SecretList"
-      produces:
-        - "application/json"
-      responses:
-        200:
-          description: "no error"
-          schema:
-            type: "array"
-            items:
-              $ref: "#/definitions/Secret"
-            example:
-              - ID: "blt1owaxmitz71s9v5zh81zun"
-                Version:
-                  Index: 85
-                CreatedAt: "2017-07-20T13:55:28.678958722Z"
-                UpdatedAt: "2017-07-20T13:55:28.678958722Z"
-                Spec:
-                  Name: "mysql-passwd"
-                  Labels:
-                    some.label: "some.value"
-                  Driver:
-                    Name: "secret-bucket"
-                    Options:
-                      OptionA: "value for driver option A"
-                      OptionB: "value for driver option B"
-              - ID: "ktnbjxoalbkvbvedmg1urrz8h"
-                Version:
-                  Index: 11
-                CreatedAt: "2016-11-05T01:20:17.327670065Z"
-                UpdatedAt: "2016-11-05T01:20:17.327670065Z"
-                Spec:
-                  Name: "app-dev.crt"
-                  Labels:
-                    foo: "bar"
-        500:
-          description: "server error"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-        503:
-          description: "node is not part of a swarm"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-      parameters:
-        - name: "filters"
-          in: "query"
-          type: "string"
-          description: |
-            A JSON encoded value of the filters (a `map[string][]string`) to
-            process on the secrets list.
-
-            Available filters:
-
-            - `id=<secret id>`
-            - `label=<key> or label=<key>=value`
-            - `name=<secret name>`
-            - `names=<secret name>`
-      tags: ["Secret"]
-  /secrets/create:
-    post:
-      summary: "Create a secret"
-      operationId: "SecretCreate"
-      consumes:
-        - "application/json"
-      produces:
-        - "application/json"
-      responses:
-        201:
-          description: "no error"
-          schema:
-            $ref: "#/definitions/IDResponse"
-        409:
-          description: "name conflicts with an existing object"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-        500:
-          description: "server error"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-        503:
-          description: "node is not part of a swarm"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-      parameters:
-        - name: "body"
-          in: "body"
-          schema:
-            allOf:
-              - $ref: "#/definitions/SecretSpec"
-              - type: "object"
-                example:
-                  Name: "app-key.crt"
-                  Labels:
-                    foo: "bar"
-                  Data: "VEhJUyBJUyBOT1QgQSBSRUFMIENFUlRJRklDQVRFCg=="
-                  Driver:
-                    Name: "secret-bucket"
-                    Options:
-                      OptionA: "value for driver option A"
-                      OptionB: "value for driver option B"
-      tags: ["Secret"]
-  /secrets/{id}:
-    get:
-      summary: "Inspect a secret"
-      operationId: "SecretInspect"
-      produces:
-        - "application/json"
-      responses:
-        200:
-          description: "no error"
-          schema:
-            $ref: "#/definitions/Secret"
-          examples:
-            application/json:
-              ID: "ktnbjxoalbkvbvedmg1urrz8h"
-              Version:
-                Index: 11
-              CreatedAt: "2016-11-05T01:20:17.327670065Z"
-              UpdatedAt: "2016-11-05T01:20:17.327670065Z"
-              Spec:
-                Name: "app-dev.crt"
-                Labels:
-                  foo: "bar"
-                Driver:
-                  Name: "secret-bucket"
-                  Options:
-                    OptionA: "value for driver option A"
-                    OptionB: "value for driver option B"
-
-        404:
-          description: "secret not found"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-        500:
-          description: "server error"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-        503:
-          description: "node is not part of a swarm"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-      parameters:
-        - name: "id"
-          in: "path"
-          required: true
-          type: "string"
-          description: "ID of the secret"
-      tags: ["Secret"]
-    delete:
-      summary: "Delete a secret"
-      operationId: "SecretDelete"
-      produces:
-        - "application/json"
-      responses:
-        204:
-          description: "no error"
-        404:
-          description: "secret not found"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-        500:
-          description: "server error"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-        503:
-          description: "node is not part of a swarm"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-      parameters:
-        - name: "id"
-          in: "path"
-          required: true
-          type: "string"
-          description: "ID of the secret"
-      tags: ["Secret"]
-  /secrets/{id}/update:
-    post:
-      summary: "Update a Secret"
-      operationId: "SecretUpdate"
-      responses:
-        200:
-          description: "no error"
-        400:
-          description: "bad parameter"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-        404:
-          description: "no such secret"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-        500:
-          description: "server error"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-        503:
-          description: "node is not part of a swarm"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-      parameters:
-        - name: "id"
-          in: "path"
-          description: "The ID or name of the secret"
-          type: "string"
-          required: true
-        - name: "body"
-          in: "body"
-          schema:
-            $ref: "#/definitions/SecretSpec"
-          description: |
-            The spec of the secret to update. Currently, only the Labels field
-            can be updated. All other fields must remain unchanged from the
-            [SecretInspect endpoint](#operation/SecretInspect) response values.
-        - name: "version"
-          in: "query"
-          description: |
-            The version number of the secret object being updated. This is
-            required to avoid conflicting writes.
-          type: "integer"
-          format: "int64"
-          required: true
-      tags: ["Secret"]
-  /configs:
-    get:
-      summary: "List configs"
-      operationId: "ConfigList"
-      produces:
-        - "application/json"
-      responses:
-        200:
-          description: "no error"
-          schema:
-            type: "array"
-            items:
-              $ref: "#/definitions/Config"
-            example:
-              - ID: "ktnbjxoalbkvbvedmg1urrz8h"
-                Version:
-                  Index: 11
-                CreatedAt: "2016-11-05T01:20:17.327670065Z"
-                UpdatedAt: "2016-11-05T01:20:17.327670065Z"
-                Spec:
-                  Name: "server.conf"
-        500:
-          description: "server error"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-        503:
-          description: "node is not part of a swarm"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-      parameters:
-        - name: "filters"
-          in: "query"
-          type: "string"
-          description: |
-            A JSON encoded value of the filters (a `map[string][]string`) to
-            process on the configs list.
-
-            Available filters:
-
-            - `id=<config id>`
-            - `label=<key> or label=<key>=value`
-            - `name=<config name>`
-            - `names=<config name>`
-      tags: ["Config"]
-  /configs/create:
-    post:
-      summary: "Create a config"
-      operationId: "ConfigCreate"
-      consumes:
-        - "application/json"
-      produces:
-        - "application/json"
-      responses:
-        201:
-          description: "no error"
-          schema:
-            $ref: "#/definitions/IDResponse"
-        409:
-          description: "name conflicts with an existing object"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-        500:
-          description: "server error"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-        503:
-          description: "node is not part of a swarm"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-      parameters:
-        - name: "body"
-          in: "body"
-          schema:
-            allOf:
-              - $ref: "#/definitions/ConfigSpec"
-              - type: "object"
-                example:
-                  Name: "server.conf"
-                  Labels:
-                    foo: "bar"
-                  Data: "VEhJUyBJUyBOT1QgQSBSRUFMIENFUlRJRklDQVRFCg=="
-      tags: ["Config"]
-  /configs/{id}:
-    get:
-      summary: "Inspect a config"
-      operationId: "ConfigInspect"
-      produces:
-        - "application/json"
-      responses:
-        200:
-          description: "no error"
-          schema:
-            $ref: "#/definitions/Config"
-          examples:
-            application/json:
-              ID: "ktnbjxoalbkvbvedmg1urrz8h"
-              Version:
-                Index: 11
-              CreatedAt: "2016-11-05T01:20:17.327670065Z"
-              UpdatedAt: "2016-11-05T01:20:17.327670065Z"
-              Spec:
-                Name: "app-dev.crt"
-        404:
-          description: "config not found"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-        500:
-          description: "server error"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-        503:
-          description: "node is not part of a swarm"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-      parameters:
-        - name: "id"
-          in: "path"
-          required: true
-          type: "string"
-          description: "ID of the config"
-      tags: ["Config"]
-    delete:
-      summary: "Delete a config"
-      operationId: "ConfigDelete"
-      produces:
-        - "application/json"
-      responses:
-        204:
-          description: "no error"
-        404:
-          description: "config not found"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-        500:
-          description: "server error"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-        503:
-          description: "node is not part of a swarm"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-      parameters:
-        - name: "id"
-          in: "path"
-          required: true
-          type: "string"
-          description: "ID of the config"
-      tags: ["Config"]
-  /configs/{id}/update:
-    post:
-      summary: "Update a Config"
-      operationId: "ConfigUpdate"
-      responses:
-        200:
-          description: "no error"
-        400:
-          description: "bad parameter"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-        404:
-          description: "no such config"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-        500:
-          description: "server error"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-        503:
-          description: "node is not part of a swarm"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-      parameters:
-        - name: "id"
-          in: "path"
-          description: "The ID or name of the config"
-          type: "string"
-          required: true
-        - name: "body"
-          in: "body"
-          schema:
-            $ref: "#/definitions/ConfigSpec"
-          description: |
-            The spec of the config to update. Currently, only the Labels field
-            can be updated. All other fields must remain unchanged from the
-            [ConfigInspect endpoint](#operation/ConfigInspect) response values.
-        - name: "version"
-          in: "query"
-          description: |
-            The version number of the config object being updated. This is
-            required to avoid conflicting writes.
-          type: "integer"
-          format: "int64"
-          required: true
-      tags: ["Config"]
-  /distribution/{name}/json:
-    get:
-      summary: "Get image information from the registry"
-      description: |
-        Return image digest and platform information by contacting the registry.
-      operationId: "DistributionInspect"
-      produces:
-        - "application/json"
-      responses:
-        200:
-          description: "descriptor and platform information"
-          schema:
-            $ref: "#/definitions/DistributionInspect"
-        401:
-          description: "Failed authentication or no image found"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-          examples:
-            application/json:
-              message: "No such image: someimage (tag: latest)"
-        500:
-          description: "Server error"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-      parameters:
-        - name: "name"
-          in: "path"
-          description: "Image name or id"
-          type: "string"
-          required: true
-      tags: ["Distribution"]
-  /session:
-    post:
-      summary: "Initialize interactive session"
-      description: |
-        Start a new interactive session with a server. Session allows server to
-        call back to the client for advanced capabilities.
-
-        ### Hijacking
-
-        This endpoint hijacks the HTTP connection to HTTP2 transport that allows
-        the client to expose gPRC services on that connection.
-
-        For example, the client sends this request to upgrade the connection:
-
-        ```
-        POST /session HTTP/1.1
-        Upgrade: h2c
-        Connection: Upgrade
-        ```
-
-        The Docker daemon responds with a `101 UPGRADED` response follow with
-        the raw stream:
-
-        ```
-        HTTP/1.1 101 UPGRADED
-        Connection: Upgrade
-        Upgrade: h2c
-        ```
-      operationId: "Session"
-      produces:
-        - "application/vnd.docker.raw-stream"
-      responses:
-        101:
-          description: "no error, hijacking successful"
-        400:
-          description: "bad parameter"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-        500:
-          description: "server error"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-      tags: ["Session"]
diff --git a/vendor/github.com/docker/docker/api/types/build/disk_usage.go b/vendor/github.com/docker/docker/api/types/build/disk_usage.go
deleted file mode 100644
index cfd7333272..0000000000
--- a/vendor/github.com/docker/docker/api/types/build/disk_usage.go
+++ /dev/null
@@ -1,10 +0,0 @@
-package build
-
-// CacheDiskUsage contains disk usage for the build cache.
-//
-// Deprecated: this type is no longer used and will be removed in the next release.
-type CacheDiskUsage struct {
-	TotalSize   int64
-	Reclaimable int64
-	Items       []*CacheRecord
-}
diff --git a/vendor/github.com/docker/docker/api/types/checkpoint/options.go b/vendor/github.com/docker/docker/api/types/checkpoint/options.go
deleted file mode 100644
index 9477458c24..0000000000
--- a/vendor/github.com/docker/docker/api/types/checkpoint/options.go
+++ /dev/null
@@ -1,19 +0,0 @@
-package checkpoint
-
-// CreateOptions holds parameters to create a checkpoint from a container.
-type CreateOptions struct {
-	CheckpointID  string
-	CheckpointDir string
-	Exit          bool
-}
-
-// ListOptions holds parameters to list checkpoints for a container.
-type ListOptions struct {
-	CheckpointDir string
-}
-
-// DeleteOptions holds parameters to delete a checkpoint from a container.
-type DeleteOptions struct {
-	CheckpointID  string
-	CheckpointDir string
-}
diff --git a/vendor/github.com/docker/docker/api/types/client.go b/vendor/github.com/docker/docker/api/types/client.go
deleted file mode 100644
index 42fe03ecca..0000000000
--- a/vendor/github.com/docker/docker/api/types/client.go
+++ /dev/null
@@ -1,85 +0,0 @@
-package types
-
-import (
-	"bufio"
-	"context"
-	"net"
-)
-
-// NewHijackedResponse initializes a [HijackedResponse] type.
-func NewHijackedResponse(conn net.Conn, mediaType string) HijackedResponse {
-	return HijackedResponse{Conn: conn, Reader: bufio.NewReader(conn), mediaType: mediaType}
-}
-
-// HijackedResponse holds connection information for a hijacked request.
-type HijackedResponse struct {
-	mediaType string
-	Conn      net.Conn
-	Reader    *bufio.Reader
-}
-
-// Close closes the hijacked connection and reader.
-func (h *HijackedResponse) Close() {
-	h.Conn.Close()
-}
-
-// MediaType let client know if HijackedResponse hold a raw or multiplexed stream.
-// returns false if HTTP Content-Type is not relevant, and container must be inspected
-func (h *HijackedResponse) MediaType() (string, bool) {
-	if h.mediaType == "" {
-		return "", false
-	}
-	return h.mediaType, true
-}
-
-// CloseWriter is an interface that implements structs
-// that close input streams to prevent from writing.
-type CloseWriter interface {
-	CloseWrite() error
-}
-
-// CloseWrite closes a readWriter for writing.
-func (h *HijackedResponse) CloseWrite() error {
-	if conn, ok := h.Conn.(CloseWriter); ok {
-		return conn.CloseWrite()
-	}
-	return nil
-}
-
-// PluginRemoveOptions holds parameters to remove plugins.
-type PluginRemoveOptions struct {
-	Force bool
-}
-
-// PluginEnableOptions holds parameters to enable plugins.
-type PluginEnableOptions struct {
-	Timeout int
-}
-
-// PluginDisableOptions holds parameters to disable plugins.
-type PluginDisableOptions struct {
-	Force bool
-}
-
-// PluginInstallOptions holds parameters to install a plugin.
-type PluginInstallOptions struct {
-	Disabled             bool
-	AcceptAllPermissions bool
-	RegistryAuth         string // RegistryAuth is the base64 encoded credentials for the registry
-	RemoteRef            string // RemoteRef is the plugin name on the registry
-
-	// PrivilegeFunc is a function that clients can supply to retry operations
-	// after getting an authorization error. This function returns the registry
-	// authentication header value in base64 encoded format, or an error if the
-	// privilege request fails.
-	//
-	// For details, refer to [github.com/docker/docker/api/types/registry.RequestAuthConfig].
-	PrivilegeFunc         func(context.Context) (string, error)
-	AcceptPermissionsFunc func(context.Context, PluginPrivileges) (bool, error)
-	Args                  []string
-}
-
-// PluginCreateOptions hold all options to plugin create.
-type PluginCreateOptions struct {
-	RepoName string
-}
diff --git a/vendor/github.com/docker/docker/api/types/container/disk_usage.go b/vendor/github.com/docker/docker/api/types/container/disk_usage.go
deleted file mode 100644
index d77538c2ab..0000000000
--- a/vendor/github.com/docker/docker/api/types/container/disk_usage.go
+++ /dev/null
@@ -1,10 +0,0 @@
-package container
-
-// DiskUsage contains disk usage for containers.
-//
-// Deprecated: this type is no longer used and will be removed in the next release.
-type DiskUsage struct {
-	TotalSize   int64
-	Reclaimable int64
-	Items       []*Summary
-}
diff --git a/vendor/github.com/docker/docker/api/types/container/exec.go b/vendor/github.com/docker/docker/api/types/container/exec.go
deleted file mode 100644
index e455cd27b2..0000000000
--- a/vendor/github.com/docker/docker/api/types/container/exec.go
+++ /dev/null
@@ -1,53 +0,0 @@
-package container
-
-import "github.com/docker/docker/api/types/common"
-
-// ExecCreateResponse is the response for a successful exec-create request.
-// It holds the ID of the exec that was created.
-//
-// TODO(thaJeztah): make this a distinct type.
-type ExecCreateResponse = common.IDResponse
-
-// ExecOptions is a small subset of the Config struct that holds the configuration
-// for the exec feature of docker.
-type ExecOptions struct {
-	User         string   // User that will run the command
-	Privileged   bool     // Is the container in privileged mode
-	Tty          bool     // Attach standard streams to a tty.
-	ConsoleSize  *[2]uint `json:",omitempty"` // Initial console size [height, width]
-	AttachStdin  bool     // Attach the standard input, makes possible user interaction
-	AttachStderr bool     // Attach the standard error
-	AttachStdout bool     // Attach the standard output
-	DetachKeys   string   // Escape keys for detach
-	Env          []string // Environment variables
-	WorkingDir   string   // Working directory
-	Cmd          []string // Execution commands and args
-
-	// Deprecated: the Detach field is not used, and will be removed in a future release.
-	Detach bool
-}
-
-// ExecStartOptions is a temp struct used by execStart
-// Config fields is part of ExecConfig in runconfig package
-type ExecStartOptions struct {
-	// ExecStart will first check if it's detached
-	Detach bool
-	// Check if there's a tty
-	Tty bool
-	// Terminal size [height, width], unused if Tty == false
-	ConsoleSize *[2]uint `json:",omitempty"`
-}
-
-// ExecAttachOptions is a temp struct used by execAttach.
-//
-// TODO(thaJeztah): make this a separate type; ContainerExecAttach does not use the Detach option, and cannot run detached.
-type ExecAttachOptions = ExecStartOptions
-
-// ExecInspect holds information returned by exec inspect.
-type ExecInspect struct {
-	ExecID      string `json:"ID"`
-	ContainerID string
-	Running     bool
-	ExitCode    int
-	Pid         int
-}
diff --git a/vendor/github.com/docker/docker/api/types/container/network_settings.go b/vendor/github.com/docker/docker/api/types/container/network_settings.go
deleted file mode 100644
index 687145f295..0000000000
--- a/vendor/github.com/docker/docker/api/types/container/network_settings.go
+++ /dev/null
@@ -1,85 +0,0 @@
-package container
-
-import (
-	"github.com/docker/docker/api/types/network"
-	"github.com/docker/go-connections/nat"
-)
-
-// NetworkSettings exposes the network settings in the api
-type NetworkSettings struct {
-	NetworkSettingsBase
-	DefaultNetworkSettings
-	Networks map[string]*network.EndpointSettings
-}
-
-// NetworkSettingsBase holds networking state for a container when inspecting it.
-//
-// Deprecated: Most fields in NetworkSettingsBase are deprecated. Fields which aren't deprecated will move to
-// NetworkSettings in v29.0, and this struct will be removed.
-type NetworkSettingsBase struct {
-	Bridge     string      // Deprecated: This field is only set when the daemon is started with the --bridge flag specified.
-	SandboxID  string      // SandboxID uniquely represents a container's network stack
-	SandboxKey string      // SandboxKey identifies the sandbox
-	Ports      nat.PortMap // Ports is a collection of PortBinding indexed by Port
-
-	// HairpinMode specifies if hairpin NAT should be enabled on the virtual interface
-	//
-	// Deprecated: This field is never set and will be removed in a future release.
-	HairpinMode bool
-	// LinkLocalIPv6Address is an IPv6 unicast address using the link-local prefix
-	//
-	// Deprecated: This field is never set and will be removed in a future release.
-	LinkLocalIPv6Address string
-	// LinkLocalIPv6PrefixLen is the prefix length of an IPv6 unicast address
-	//
-	// Deprecated: This field is never set and will be removed in a future release.
-	LinkLocalIPv6PrefixLen int
-	SecondaryIPAddresses   []network.Address // Deprecated: This field is never set and will be removed in a future release.
-	SecondaryIPv6Addresses []network.Address // Deprecated: This field is never set and will be removed in a future release.
-}
-
-// DefaultNetworkSettings holds the networking state for the default bridge, if the container is connected to that
-// network.
-//
-// Deprecated: this struct is deprecated since Docker v1.11 and will be removed in v29. You should look for the default
-// network in NetworkSettings.Networks instead.
-type DefaultNetworkSettings struct {
-	// EndpointID uniquely represents a service endpoint in a Sandbox
-	//
-	// Deprecated: This field will be removed in v29. You should look for the default network in NetworkSettings.Networks instead.
-	EndpointID string
-	// Gateway holds the gateway address for the network
-	//
-	// Deprecated: This field will be removed in v29. You should look for the default network in NetworkSettings.Networks instead.
-	Gateway string
-	// GlobalIPv6Address holds network's global IPv6 address
-	//
-	// Deprecated: This field will be removed in v29. You should look for the default network in NetworkSettings.Networks instead.
-	GlobalIPv6Address string
-	// GlobalIPv6PrefixLen represents mask length of network's global IPv6 address
-	//
-	// Deprecated: This field will be removed in v29. You should look for the default network in NetworkSettings.Networks instead.
-	GlobalIPv6PrefixLen int
-	// IPAddress holds the IPv4 address for the network
-	//
-	// Deprecated: This field will be removed in v29. You should look for the default network in NetworkSettings.Networks instead.
-	IPAddress string
-	// IPPrefixLen represents mask length of network's IPv4 address
-	//
-	// Deprecated: This field will be removed in v29. You should look for the default network in NetworkSettings.Networks instead.
-	IPPrefixLen int
-	// IPv6Gateway holds gateway address specific for IPv6
-	//
-	// Deprecated: This field will be removed in v29. You should look for the default network in NetworkSettings.Networks instead.
-	IPv6Gateway string
-	// MacAddress holds the MAC address for the network
-	//
-	// Deprecated: This field will be removed in v29. You should look for the default network in NetworkSettings.Networks instead.
-	MacAddress string
-}
-
-// NetworkSettingsSummary provides a summary of container's networks
-// in /containers/json
-type NetworkSettingsSummary struct {
-	Networks map[string]*network.EndpointSettings
-}
diff --git a/vendor/github.com/docker/docker/api/types/container/options.go b/vendor/github.com/docker/docker/api/types/container/options.go
deleted file mode 100644
index 7a23005769..0000000000
--- a/vendor/github.com/docker/docker/api/types/container/options.go
+++ /dev/null
@@ -1,67 +0,0 @@
-package container
-
-import "github.com/docker/docker/api/types/filters"
-
-// ResizeOptions holds parameters to resize a TTY.
-// It can be used to resize container TTYs and
-// exec process TTYs too.
-type ResizeOptions struct {
-	Height uint
-	Width  uint
-}
-
-// AttachOptions holds parameters to attach to a container.
-type AttachOptions struct {
-	Stream     bool
-	Stdin      bool
-	Stdout     bool
-	Stderr     bool
-	DetachKeys string
-	Logs       bool
-}
-
-// CommitOptions holds parameters to commit changes into a container.
-type CommitOptions struct {
-	Reference string
-	Comment   string
-	Author    string
-	Changes   []string
-	Pause     bool
-	Config    *Config
-}
-
-// RemoveOptions holds parameters to remove containers.
-type RemoveOptions struct {
-	RemoveVolumes bool
-	RemoveLinks   bool
-	Force         bool
-}
-
-// StartOptions holds parameters to start containers.
-type StartOptions struct {
-	CheckpointID  string
-	CheckpointDir string
-}
-
-// ListOptions holds parameters to list containers with.
-type ListOptions struct {
-	Size    bool
-	All     bool
-	Latest  bool
-	Since   string
-	Before  string
-	Limit   int
-	Filters filters.Args
-}
-
-// LogsOptions holds parameters to filter logs with.
-type LogsOptions struct {
-	ShowStdout bool
-	ShowStderr bool
-	Since      string
-	Until      string
-	Timestamps bool
-	Follow     bool
-	Tail       string
-	Details    bool
-}
diff --git a/vendor/github.com/docker/docker/api/types/filters/errors.go b/vendor/github.com/docker/docker/api/types/filters/errors.go
deleted file mode 100644
index b8a690d67a..0000000000
--- a/vendor/github.com/docker/docker/api/types/filters/errors.go
+++ /dev/null
@@ -1,24 +0,0 @@
-package filters
-
-import "fmt"
-
-// invalidFilter indicates that the provided filter or its value is invalid
-type invalidFilter struct {
-	Filter string
-	Value  []string
-}
-
-func (e invalidFilter) Error() string {
-	msg := "invalid filter"
-	if e.Filter != "" {
-		msg += " '" + e.Filter
-		if e.Value != nil {
-			msg = fmt.Sprintf("%s=%s", msg, e.Value)
-		}
-		msg += "'"
-	}
-	return msg
-}
-
-// InvalidParameter marks this error as ErrInvalidParameter
-func (e invalidFilter) InvalidParameter() {}
diff --git a/vendor/github.com/docker/docker/api/types/filters/filters_deprecated.go b/vendor/github.com/docker/docker/api/types/filters/filters_deprecated.go
deleted file mode 100644
index 4504cd7a7f..0000000000
--- a/vendor/github.com/docker/docker/api/types/filters/filters_deprecated.go
+++ /dev/null
@@ -1,61 +0,0 @@
-package filters
-
-import (
-	"encoding/json"
-
-	"github.com/docker/docker/api/types/versions"
-)
-
-// ToParamWithVersion encodes Args as a JSON string. If version is less than 1.22
-// then the encoded format will use an older legacy format where the values are a
-// list of strings, instead of a set.
-//
-// Deprecated: do not use in any new code; use ToJSON instead
-func ToParamWithVersion(version string, a Args) (string, error) {
-	out, err := ToJSON(a)
-	if out == "" || err != nil {
-		return "", nil
-	}
-	if version != "" && versions.LessThan(version, "1.22") {
-		return encodeLegacyFilters(out)
-	}
-	return out, nil
-}
-
-// encodeLegacyFilters encodes Args in the legacy format as used in API v1.21 and older.
-// where values are a list of strings, instead of a set.
-//
-// Don't use in any new code; use [filters.ToJSON]] instead.
-func encodeLegacyFilters(currentFormat string) (string, error) {
-	// The Args.fields field is not exported, but used to marshal JSON,
-	// so we'll marshal to the new format, then unmarshal to get the
-	// fields, and marshal again.
-	//
-	// This is far from optimal, but this code is only used for deprecated
-	// API versions, so should not be hit commonly.
-	var argsFields map[string]map[string]bool
-	err := json.Unmarshal([]byte(currentFormat), &argsFields)
-	if err != nil {
-		return "", err
-	}
-
-	buf, err := json.Marshal(convertArgsToSlice(argsFields))
-	if err != nil {
-		return "", err
-	}
-	return string(buf), nil
-}
-
-func convertArgsToSlice(f map[string]map[string]bool) map[string][]string {
-	m := map[string][]string{}
-	for k, v := range f {
-		values := []string{}
-		for kk := range v {
-			if v[kk] {
-				values = append(values, kk)
-			}
-		}
-		m[k] = values
-	}
-	return m
-}
diff --git a/vendor/github.com/docker/docker/api/types/filters/parse.go b/vendor/github.com/docker/docker/api/types/filters/parse.go
deleted file mode 100644
index 396657bb19..0000000000
--- a/vendor/github.com/docker/docker/api/types/filters/parse.go
+++ /dev/null
@@ -1,302 +0,0 @@
-/*
-Package filters provides tools for encoding a mapping of keys to a set of
-multiple values.
-*/
-package filters
-
-import (
-	"encoding/json"
-	"regexp"
-	"strings"
-)
-
-// Args stores a mapping of keys to a set of multiple values.
-type Args struct {
-	fields map[string]map[string]bool
-}
-
-// KeyValuePair are used to initialize a new Args
-type KeyValuePair struct {
-	Key   string
-	Value string
-}
-
-// Arg creates a new KeyValuePair for initializing Args
-func Arg(key, value string) KeyValuePair {
-	return KeyValuePair{Key: key, Value: value}
-}
-
-// NewArgs returns a new Args populated with the initial args
-func NewArgs(initialArgs ...KeyValuePair) Args {
-	args := Args{fields: map[string]map[string]bool{}}
-	for _, arg := range initialArgs {
-		args.Add(arg.Key, arg.Value)
-	}
-	return args
-}
-
-// Keys returns all the keys in list of Args
-func (args Args) Keys() []string {
-	keys := make([]string, 0, len(args.fields))
-	for k := range args.fields {
-		keys = append(keys, k)
-	}
-	return keys
-}
-
-// MarshalJSON returns a JSON byte representation of the Args
-func (args Args) MarshalJSON() ([]byte, error) {
-	if len(args.fields) == 0 {
-		return []byte("{}"), nil
-	}
-	return json.Marshal(args.fields)
-}
-
-// ToJSON returns the Args as a JSON encoded string
-func ToJSON(a Args) (string, error) {
-	if a.Len() == 0 {
-		return "", nil
-	}
-	buf, err := json.Marshal(a)
-	return string(buf), err
-}
-
-// FromJSON decodes a JSON encoded string into Args
-func FromJSON(p string) (Args, error) {
-	args := NewArgs()
-
-	if p == "" {
-		return args, nil
-	}
-
-	raw := []byte(p)
-	err := json.Unmarshal(raw, &args)
-	if err == nil {
-		return args, nil
-	}
-
-	// Fallback to parsing arguments in the legacy slice format
-	deprecated := map[string][]string{}
-	if legacyErr := json.Unmarshal(raw, &deprecated); legacyErr != nil {
-		return args, &invalidFilter{}
-	}
-
-	args.fields = deprecatedArgs(deprecated)
-	return args, nil
-}
-
-// UnmarshalJSON populates the Args from JSON encode bytes
-func (args Args) UnmarshalJSON(raw []byte) error {
-	return json.Unmarshal(raw, &args.fields)
-}
-
-// Get returns the list of values associated with the key
-func (args Args) Get(key string) []string {
-	values := args.fields[key]
-	if values == nil {
-		return make([]string, 0)
-	}
-	slice := make([]string, 0, len(values))
-	for key := range values {
-		slice = append(slice, key)
-	}
-	return slice
-}
-
-// Add a new value to the set of values
-func (args Args) Add(key, value string) {
-	if _, ok := args.fields[key]; ok {
-		args.fields[key][value] = true
-	} else {
-		args.fields[key] = map[string]bool{value: true}
-	}
-}
-
-// Del removes a value from the set
-func (args Args) Del(key, value string) {
-	if _, ok := args.fields[key]; ok {
-		delete(args.fields[key], value)
-		if len(args.fields[key]) == 0 {
-			delete(args.fields, key)
-		}
-	}
-}
-
-// Len returns the number of keys in the mapping
-func (args Args) Len() int {
-	return len(args.fields)
-}
-
-// MatchKVList returns true if all the pairs in sources exist as key=value
-// pairs in the mapping at key, or if there are no values at key.
-func (args Args) MatchKVList(key string, sources map[string]string) bool {
-	fieldValues := args.fields[key]
-
-	// do not filter if there is no filter set or cannot determine filter
-	if len(fieldValues) == 0 {
-		return true
-	}
-
-	if len(sources) == 0 {
-		return false
-	}
-
-	for value := range fieldValues {
-		testK, testV, hasValue := strings.Cut(value, "=")
-
-		v, ok := sources[testK]
-		if !ok {
-			return false
-		}
-		if hasValue && testV != v {
-			return false
-		}
-	}
-
-	return true
-}
-
-// Match returns true if any of the values at key match the source string
-func (args Args) Match(field, source string) bool {
-	if args.ExactMatch(field, source) {
-		return true
-	}
-
-	fieldValues := args.fields[field]
-	for name2match := range fieldValues {
-		match, err := regexp.MatchString(name2match, source)
-		if err != nil {
-			continue
-		}
-		if match {
-			return true
-		}
-	}
-	return false
-}
-
-// GetBoolOrDefault returns a boolean value of the key if the key is present
-// and is interpretable as a boolean value. Otherwise the default value is returned.
-// Error is not nil only if the filter values are not valid boolean or are conflicting.
-func (args Args) GetBoolOrDefault(key string, defaultValue bool) (bool, error) {
-	fieldValues, ok := args.fields[key]
-	if !ok {
-		return defaultValue, nil
-	}
-
-	if len(fieldValues) == 0 {
-		return defaultValue, &invalidFilter{key, nil}
-	}
-
-	isFalse := fieldValues["0"] || fieldValues["false"]
-	isTrue := fieldValues["1"] || fieldValues["true"]
-	if isFalse == isTrue {
-		// Either no or conflicting truthy/falsy value were provided
-		return defaultValue, &invalidFilter{key, args.Get(key)}
-	}
-	return isTrue, nil
-}
-
-// ExactMatch returns true if the source matches exactly one of the values.
-func (args Args) ExactMatch(key, source string) bool {
-	fieldValues, ok := args.fields[key]
-	// do not filter if there is no filter set or cannot determine filter
-	if !ok || len(fieldValues) == 0 {
-		return true
-	}
-
-	// try to match full name value to avoid O(N) regular expression matching
-	return fieldValues[source]
-}
-
-// UniqueExactMatch returns true if there is only one value and the source
-// matches exactly the value.
-func (args Args) UniqueExactMatch(key, source string) bool {
-	fieldValues := args.fields[key]
-	// do not filter if there is no filter set or cannot determine filter
-	if len(fieldValues) == 0 {
-		return true
-	}
-	if len(args.fields[key]) != 1 {
-		return false
-	}
-
-	// try to match full name value to avoid O(N) regular expression matching
-	return fieldValues[source]
-}
-
-// FuzzyMatch returns true if the source matches exactly one value,  or the
-// source has one of the values as a prefix.
-func (args Args) FuzzyMatch(key, source string) bool {
-	if args.ExactMatch(key, source) {
-		return true
-	}
-
-	fieldValues := args.fields[key]
-	for prefix := range fieldValues {
-		if strings.HasPrefix(source, prefix) {
-			return true
-		}
-	}
-	return false
-}
-
-// Contains returns true if the key exists in the mapping
-func (args Args) Contains(field string) bool {
-	_, ok := args.fields[field]
-	return ok
-}
-
-// Validate compared the set of accepted keys against the keys in the mapping.
-// An error is returned if any mapping keys are not in the accepted set.
-func (args Args) Validate(accepted map[string]bool) error {
-	for name := range args.fields {
-		if !accepted[name] {
-			return &invalidFilter{name, nil}
-		}
-	}
-	return nil
-}
-
-// WalkValues iterates over the list of values for a key in the mapping and calls
-// op() for each value. If op returns an error the iteration stops and the
-// error is returned.
-func (args Args) WalkValues(field string, op func(value string) error) error {
-	if _, ok := args.fields[field]; !ok {
-		return nil
-	}
-	for v := range args.fields[field] {
-		if err := op(v); err != nil {
-			return err
-		}
-	}
-	return nil
-}
-
-// Clone returns a copy of args.
-func (args Args) Clone() (newArgs Args) {
-	newArgs.fields = make(map[string]map[string]bool, len(args.fields))
-	for k, m := range args.fields {
-		var mm map[string]bool
-		if m != nil {
-			mm = make(map[string]bool, len(m))
-			for kk, v := range m {
-				mm[kk] = v
-			}
-		}
-		newArgs.fields[k] = mm
-	}
-	return newArgs
-}
-
-func deprecatedArgs(d map[string][]string) map[string]map[string]bool {
-	m := map[string]map[string]bool{}
-	for k, v := range d {
-		values := map[string]bool{}
-		for _, vv := range v {
-			values[vv] = true
-		}
-		m[k] = values
-	}
-	return m
-}
diff --git a/vendor/github.com/docker/docker/api/types/image/disk_usage.go b/vendor/github.com/docker/docker/api/types/image/disk_usage.go
deleted file mode 100644
index e847386a8d..0000000000
--- a/vendor/github.com/docker/docker/api/types/image/disk_usage.go
+++ /dev/null
@@ -1,10 +0,0 @@
-package image
-
-// DiskUsage contains disk usage for images.
-//
-// Deprecated: this type is no longer used and will be removed in the next release.
-type DiskUsage struct {
-	TotalSize   int64
-	Reclaimable int64
-	Items       []*Summary
-}
diff --git a/vendor/github.com/docker/docker/api/types/image/image.go b/vendor/github.com/docker/docker/api/types/image/image.go
deleted file mode 100644
index abb7ffd805..0000000000
--- a/vendor/github.com/docker/docker/api/types/image/image.go
+++ /dev/null
@@ -1,47 +0,0 @@
-package image
-
-import (
-	"io"
-	"time"
-)
-
-// Metadata contains engine-local data about the image.
-type Metadata struct {
-	// LastTagTime is the date and time at which the image was last tagged.
-	LastTagTime time.Time `json:",omitempty"`
-}
-
-// PruneReport contains the response for Engine API:
-// POST "/images/prune"
-type PruneReport struct {
-	ImagesDeleted  []DeleteResponse
-	SpaceReclaimed uint64
-}
-
-// LoadResponse returns information to the client about a load process.
-//
-// TODO(thaJeztah): remove this type, and just use an io.ReadCloser
-//
-// This type was added in https://github.com/moby/moby/pull/18878, related
-// to https://github.com/moby/moby/issues/19177;
-//
-// Make docker load to output json when the response content type is json
-// Swarm hijacks the response from docker load and returns JSON rather
-// than plain text like the Engine does. This makes the API library to return
-// information to figure that out.
-//
-// However the "load" endpoint unconditionally returns JSON;
-// https://github.com/moby/moby/blob/7b9d2ef6e5518a3d3f3cc418459f8df786cfbbd1/api/server/router/image/image_routes.go#L248-L255
-//
-// PR https://github.com/moby/moby/pull/21959 made the response-type depend
-// on whether "quiet" was set, but this logic got changed in a follow-up
-// https://github.com/moby/moby/pull/25557, which made the JSON response-type
-// unconditionally, but the output produced depend on whether"quiet" was set.
-//
-// We should deprecated the "quiet" option, as it's really a client
-// responsibility.
-type LoadResponse struct {
-	// Body must be closed to avoid a resource leak
-	Body io.ReadCloser
-	JSON bool
-}
diff --git a/vendor/github.com/docker/docker/api/types/image/opts.go b/vendor/github.com/docker/docker/api/types/image/opts.go
deleted file mode 100644
index 9e33a42fa6..0000000000
--- a/vendor/github.com/docker/docker/api/types/image/opts.go
+++ /dev/null
@@ -1,124 +0,0 @@
-package image
-
-import (
-	"context"
-	"io"
-
-	"github.com/docker/docker/api/types/filters"
-	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
-)
-
-// ImportSource holds source information for ImageImport
-type ImportSource struct {
-	Source     io.Reader // Source is the data to send to the server to create this image from. You must set SourceName to "-" to leverage this.
-	SourceName string    // SourceName is the name of the image to pull. Set to "-" to leverage the Source attribute.
-}
-
-// ImportOptions holds information to import images from the client host.
-type ImportOptions struct {
-	Tag      string   // Tag is the name to tag this image with. This attribute is deprecated.
-	Message  string   // Message is the message to tag the image with
-	Changes  []string // Changes are the raw changes to apply to this image
-	Platform string   // Platform is the target platform of the image
-}
-
-// CreateOptions holds information to create images.
-type CreateOptions struct {
-	RegistryAuth string // RegistryAuth is the base64 encoded credentials for the registry.
-	Platform     string // Platform is the target platform of the image if it needs to be pulled from the registry.
-}
-
-// PullOptions holds information to pull images.
-type PullOptions struct {
-	All          bool
-	RegistryAuth string // RegistryAuth is the base64 encoded credentials for the registry
-
-	// PrivilegeFunc is a function that clients can supply to retry operations
-	// after getting an authorization error. This function returns the registry
-	// authentication header value in base64 encoded format, or an error if the
-	// privilege request fails.
-	//
-	// For details, refer to [github.com/docker/docker/api/types/registry.RequestAuthConfig].
-	PrivilegeFunc func(context.Context) (string, error)
-	Platform      string
-}
-
-// PushOptions holds information to push images.
-type PushOptions struct {
-	All          bool
-	RegistryAuth string // RegistryAuth is the base64 encoded credentials for the registry
-
-	// PrivilegeFunc is a function that clients can supply to retry operations
-	// after getting an authorization error. This function returns the registry
-	// authentication header value in base64 encoded format, or an error if the
-	// privilege request fails.
-	//
-	// For details, refer to [github.com/docker/docker/api/types/registry.RequestAuthConfig].
-	PrivilegeFunc func(context.Context) (string, error)
-
-	// Platform is an optional field that selects a specific platform to push
-	// when the image is a multi-platform image.
-	// Using this will only push a single platform-specific manifest.
-	Platform *ocispec.Platform `json:",omitempty"`
-}
-
-// ListOptions holds parameters to list images with.
-type ListOptions struct {
-	// All controls whether all images in the graph are filtered, or just
-	// the heads.
-	All bool
-
-	// Filters is a JSON-encoded set of filter arguments.
-	Filters filters.Args
-
-	// SharedSize indicates whether the shared size of images should be computed.
-	SharedSize bool
-
-	// ContainerCount indicates whether container count should be computed.
-	//
-	// Deprecated: This field has been unused and is no longer required and will be removed in a future version.
-	ContainerCount bool
-
-	// Manifests indicates whether the image manifests should be returned.
-	Manifests bool
-}
-
-// RemoveOptions holds parameters to remove images.
-type RemoveOptions struct {
-	Platforms     []ocispec.Platform
-	Force         bool
-	PruneChildren bool
-}
-
-// HistoryOptions holds parameters to get image history.
-type HistoryOptions struct {
-	// Platform from the manifest list to use for history.
-	Platform *ocispec.Platform
-}
-
-// LoadOptions holds parameters to load images.
-type LoadOptions struct {
-	// Quiet suppresses progress output
-	Quiet bool
-
-	// Platforms selects the platforms to load if the image is a
-	// multi-platform image and has multiple variants.
-	Platforms []ocispec.Platform
-}
-
-type InspectOptions struct {
-	// Manifests returns the image manifests.
-	Manifests bool
-
-	// Platform selects the specific platform of a multi-platform image to inspect.
-	//
-	// This option is only available for API version 1.49 and up.
-	Platform *ocispec.Platform
-}
-
-// SaveOptions holds parameters to save images.
-type SaveOptions struct {
-	// Platforms selects the platforms to save if the image is a
-	// multi-platform image and has multiple variants.
-	Platforms []ocispec.Platform
-}
diff --git a/vendor/github.com/docker/docker/api/types/network/endpoint.go b/vendor/github.com/docker/docker/api/types/network/endpoint.go
deleted file mode 100644
index cdc06c6c90..0000000000
--- a/vendor/github.com/docker/docker/api/types/network/endpoint.go
+++ /dev/null
@@ -1,151 +0,0 @@
-package network
-
-import (
-	"errors"
-	"fmt"
-	"net"
-)
-
-// EndpointSettings stores the network endpoint details
-type EndpointSettings struct {
-	// Configurations
-	IPAMConfig *EndpointIPAMConfig
-	Links      []string
-	Aliases    []string // Aliases holds the list of extra, user-specified DNS names for this endpoint.
-	// MacAddress may be used to specify a MAC address when the container is created.
-	// Once the container is running, it becomes operational data (it may contain a
-	// generated address).
-	MacAddress string
-	DriverOpts map[string]string
-
-	// GwPriority determines which endpoint will provide the default gateway
-	// for the container. The endpoint with the highest priority will be used.
-	// If multiple endpoints have the same priority, they are lexicographically
-	// sorted based on their network name, and the one that sorts first is picked.
-	GwPriority int
-	// Operational data
-	NetworkID           string
-	EndpointID          string
-	Gateway             string
-	IPAddress           string
-	IPPrefixLen         int
-	IPv6Gateway         string
-	GlobalIPv6Address   string
-	GlobalIPv6PrefixLen int
-	// DNSNames holds all the (non fully qualified) DNS names associated to this endpoint. First entry is used to
-	// generate PTR records.
-	DNSNames []string
-}
-
-// Copy makes a deep copy of `EndpointSettings`
-func (es *EndpointSettings) Copy() *EndpointSettings {
-	epCopy := *es
-	if es.IPAMConfig != nil {
-		epCopy.IPAMConfig = es.IPAMConfig.Copy()
-	}
-
-	if es.Links != nil {
-		links := make([]string, 0, len(es.Links))
-		epCopy.Links = append(links, es.Links...)
-	}
-
-	if es.Aliases != nil {
-		aliases := make([]string, 0, len(es.Aliases))
-		epCopy.Aliases = append(aliases, es.Aliases...)
-	}
-
-	if len(es.DNSNames) > 0 {
-		epCopy.DNSNames = make([]string, len(es.DNSNames))
-		copy(epCopy.DNSNames, es.DNSNames)
-	}
-
-	return &epCopy
-}
-
-// EndpointIPAMConfig represents IPAM configurations for the endpoint
-type EndpointIPAMConfig struct {
-	IPv4Address  string   `json:",omitempty"`
-	IPv6Address  string   `json:",omitempty"`
-	LinkLocalIPs []string `json:",omitempty"`
-}
-
-// Copy makes a copy of the endpoint ipam config
-func (cfg *EndpointIPAMConfig) Copy() *EndpointIPAMConfig {
-	cfgCopy := *cfg
-	cfgCopy.LinkLocalIPs = make([]string, 0, len(cfg.LinkLocalIPs))
-	cfgCopy.LinkLocalIPs = append(cfgCopy.LinkLocalIPs, cfg.LinkLocalIPs...)
-	return &cfgCopy
-}
-
-// NetworkSubnet describes a user-defined subnet for a specific network. It's only used to validate if an
-// EndpointIPAMConfig is valid for a specific network.
-type NetworkSubnet interface {
-	// Contains checks whether the NetworkSubnet contains [addr].
-	Contains(addr net.IP) bool
-	// IsStatic checks whether the subnet was statically allocated (ie. user-defined).
-	IsStatic() bool
-}
-
-// IsInRange checks whether static IP addresses are valid in a specific network.
-func (cfg *EndpointIPAMConfig) IsInRange(v4Subnets []NetworkSubnet, v6Subnets []NetworkSubnet) error {
-	var errs []error
-
-	if err := validateEndpointIPAddress(cfg.IPv4Address, v4Subnets); err != nil {
-		errs = append(errs, err)
-	}
-	if err := validateEndpointIPAddress(cfg.IPv6Address, v6Subnets); err != nil {
-		errs = append(errs, err)
-	}
-
-	return errJoin(errs...)
-}
-
-func validateEndpointIPAddress(epAddr string, ipamSubnets []NetworkSubnet) error {
-	if epAddr == "" {
-		return nil
-	}
-
-	var staticSubnet bool
-	parsedAddr := net.ParseIP(epAddr)
-	for _, subnet := range ipamSubnets {
-		if subnet.IsStatic() {
-			staticSubnet = true
-			if subnet.Contains(parsedAddr) {
-				return nil
-			}
-		}
-	}
-
-	if staticSubnet {
-		return fmt.Errorf("no configured subnet or ip-range contain the IP address %s", epAddr)
-	}
-
-	return errors.New("user specified IP address is supported only when connecting to networks with user configured subnets")
-}
-
-// Validate checks whether cfg is valid.
-func (cfg *EndpointIPAMConfig) Validate() error {
-	if cfg == nil {
-		return nil
-	}
-
-	var errs []error
-
-	if cfg.IPv4Address != "" {
-		if addr := net.ParseIP(cfg.IPv4Address); addr == nil || addr.To4() == nil || addr.IsUnspecified() {
-			errs = append(errs, fmt.Errorf("invalid IPv4 address: %s", cfg.IPv4Address))
-		}
-	}
-	if cfg.IPv6Address != "" {
-		if addr := net.ParseIP(cfg.IPv6Address); addr == nil || addr.To4() != nil || addr.IsUnspecified() {
-			errs = append(errs, fmt.Errorf("invalid IPv6 address: %s", cfg.IPv6Address))
-		}
-	}
-	for _, addr := range cfg.LinkLocalIPs {
-		if parsed := net.ParseIP(addr); parsed == nil || parsed.IsUnspecified() {
-			errs = append(errs, fmt.Errorf("invalid link-local IP address: %s", addr))
-		}
-	}
-
-	return errJoin(errs...)
-}
diff --git a/vendor/github.com/docker/docker/api/types/network/ipam.go b/vendor/github.com/docker/docker/api/types/network/ipam.go
deleted file mode 100644
index f9a9ff9b35..0000000000
--- a/vendor/github.com/docker/docker/api/types/network/ipam.go
+++ /dev/null
@@ -1,173 +0,0 @@
-package network
-
-import (
-	"errors"
-	"fmt"
-	"net/netip"
-	"strings"
-)
-
-// IPAM represents IP Address Management
-type IPAM struct {
-	Driver  string
-	Options map[string]string // Per network IPAM driver options
-	Config  []IPAMConfig
-}
-
-// IPAMConfig represents IPAM configurations
-type IPAMConfig struct {
-	Subnet     string            `json:",omitempty"`
-	IPRange    string            `json:",omitempty"`
-	Gateway    string            `json:",omitempty"`
-	AuxAddress map[string]string `json:"AuxiliaryAddresses,omitempty"`
-}
-
-type ipFamily string
-
-const (
-	ip4 ipFamily = "IPv4"
-	ip6 ipFamily = "IPv6"
-)
-
-// ValidateIPAM checks whether the network's IPAM passed as argument is valid. It returns a joinError of the list of
-// errors found.
-func ValidateIPAM(ipam *IPAM, enableIPv6 bool) error {
-	if ipam == nil {
-		return nil
-	}
-
-	var errs []error
-	for _, cfg := range ipam.Config {
-		subnet, err := netip.ParsePrefix(cfg.Subnet)
-		if err != nil {
-			errs = append(errs, fmt.Errorf("invalid subnet %s: invalid CIDR block notation", cfg.Subnet))
-			continue
-		}
-		subnetFamily := ip4
-		if subnet.Addr().Is6() {
-			subnetFamily = ip6
-		}
-
-		if !enableIPv6 && subnetFamily == ip6 {
-			continue
-		}
-
-		if subnet != subnet.Masked() {
-			errs = append(errs, fmt.Errorf("invalid subnet %s: it should be %s", subnet, subnet.Masked()))
-		}
-
-		if ipRangeErrs := validateIPRange(cfg.IPRange, subnet, subnetFamily); len(ipRangeErrs) > 0 {
-			errs = append(errs, ipRangeErrs...)
-		}
-
-		if err := validateAddress(cfg.Gateway, subnet, subnetFamily); err != nil {
-			errs = append(errs, fmt.Errorf("invalid gateway %s: %w", cfg.Gateway, err))
-		}
-
-		for auxName, aux := range cfg.AuxAddress {
-			if err := validateAddress(aux, subnet, subnetFamily); err != nil {
-				errs = append(errs, fmt.Errorf("invalid auxiliary address %s: %w", auxName, err))
-			}
-		}
-	}
-
-	if err := errJoin(errs...); err != nil {
-		return fmt.Errorf("invalid network config:\n%w", err)
-	}
-
-	return nil
-}
-
-func validateIPRange(ipRange string, subnet netip.Prefix, subnetFamily ipFamily) []error {
-	if ipRange == "" {
-		return nil
-	}
-	prefix, err := netip.ParsePrefix(ipRange)
-	if err != nil {
-		return []error{fmt.Errorf("invalid ip-range %s: invalid CIDR block notation", ipRange)}
-	}
-	family := ip4
-	if prefix.Addr().Is6() {
-		family = ip6
-	}
-
-	if family != subnetFamily {
-		return []error{fmt.Errorf("invalid ip-range %s: parent subnet is an %s block", ipRange, subnetFamily)}
-	}
-
-	var errs []error
-	if prefix.Bits() < subnet.Bits() {
-		errs = append(errs, fmt.Errorf("invalid ip-range %s: CIDR block is bigger than its parent subnet %s", ipRange, subnet))
-	}
-	if prefix != prefix.Masked() {
-		errs = append(errs, fmt.Errorf("invalid ip-range %s: it should be %s", prefix, prefix.Masked()))
-	}
-	if !subnet.Overlaps(prefix) {
-		errs = append(errs, fmt.Errorf("invalid ip-range %s: parent subnet %s doesn't contain ip-range", ipRange, subnet))
-	}
-
-	return errs
-}
-
-func validateAddress(address string, subnet netip.Prefix, subnetFamily ipFamily) error {
-	if address == "" {
-		return nil
-	}
-	addr, err := netip.ParseAddr(address)
-	if err != nil {
-		return errors.New("invalid address")
-	}
-	family := ip4
-	if addr.Is6() {
-		family = ip6
-	}
-
-	if family != subnetFamily {
-		return fmt.Errorf("parent subnet is an %s block", subnetFamily)
-	}
-	if !subnet.Contains(addr) {
-		return fmt.Errorf("parent subnet %s doesn't contain this address", subnet)
-	}
-
-	return nil
-}
-
-func errJoin(errs ...error) error {
-	n := 0
-	for _, err := range errs {
-		if err != nil {
-			n++
-		}
-	}
-	if n == 0 {
-		return nil
-	}
-	e := &joinError{
-		errs: make([]error, 0, n),
-	}
-	for _, err := range errs {
-		if err != nil {
-			e.errs = append(e.errs, err)
-		}
-	}
-	return e
-}
-
-type joinError struct {
-	errs []error
-}
-
-func (e *joinError) Error() string {
-	if len(e.errs) == 1 {
-		return strings.TrimSpace(e.errs[0].Error())
-	}
-	stringErrs := make([]string, 0, len(e.errs))
-	for _, subErr := range e.errs {
-		stringErrs = append(stringErrs, strings.ReplaceAll(subErr.Error(), "\n", "\n\t"))
-	}
-	return "* " + strings.Join(stringErrs, "\n* ")
-}
-
-func (e *joinError) Unwrap() []error {
-	return e.errs
-}
diff --git a/vendor/github.com/docker/docker/api/types/network/network.go b/vendor/github.com/docker/docker/api/types/network/network.go
deleted file mode 100644
index 4a0cb47984..0000000000
--- a/vendor/github.com/docker/docker/api/types/network/network.go
+++ /dev/null
@@ -1,168 +0,0 @@
-package network
-
-import (
-	"time"
-
-	"github.com/docker/docker/api/types/filters"
-)
-
-const (
-	// NetworkDefault is a platform-independent alias to choose the platform-specific default network stack.
-	NetworkDefault = "default"
-	// NetworkHost is the name of the predefined network used when the NetworkMode host is selected (only available on Linux)
-	NetworkHost = "host"
-	// NetworkNone is the name of the predefined network used when the NetworkMode none is selected (available on both Linux and Windows)
-	NetworkNone = "none"
-	// NetworkBridge is the name of the default network on Linux
-	NetworkBridge = "bridge"
-	// NetworkNat is the name of the default network on Windows
-	NetworkNat = "nat"
-)
-
-// CreateRequest is the request message sent to the server for network create call.
-type CreateRequest struct {
-	CreateOptions
-	Name string // Name is the requested name of the network.
-
-	// Deprecated: CheckDuplicate is deprecated since API v1.44, but it defaults to true when sent by the client
-	// package to older daemons.
-	CheckDuplicate *bool `json:",omitempty"`
-}
-
-// CreateOptions holds options to create a network.
-type CreateOptions struct {
-	Driver     string            // Driver is the driver-name used to create the network (e.g. `bridge`, `overlay`)
-	Scope      string            // Scope describes the level at which the network exists (e.g. `swarm` for cluster-wide or `local` for machine level).
-	EnableIPv4 *bool             `json:",omitempty"` // EnableIPv4 represents whether to enable IPv4.
-	EnableIPv6 *bool             `json:",omitempty"` // EnableIPv6 represents whether to enable IPv6.
-	IPAM       *IPAM             // IPAM is the network's IP Address Management.
-	Internal   bool              // Internal represents if the network is used internal only.
-	Attachable bool              // Attachable represents if the global scope is manually attachable by regular containers from workers in swarm mode.
-	Ingress    bool              // Ingress indicates the network is providing the routing-mesh for the swarm cluster.
-	ConfigOnly bool              // ConfigOnly creates a config-only network. Config-only networks are place-holder networks for network configurations to be used by other networks. ConfigOnly networks cannot be used directly to run containers or services.
-	ConfigFrom *ConfigReference  // ConfigFrom specifies the source which will provide the configuration for this network. The specified network must be a config-only network; see [CreateOptions.ConfigOnly].
-	Options    map[string]string // Options specifies the network-specific options to use for when creating the network.
-	Labels     map[string]string // Labels holds metadata specific to the network being created.
-}
-
-// ListOptions holds parameters to filter the list of networks with.
-type ListOptions struct {
-	Filters filters.Args
-}
-
-// InspectOptions holds parameters to inspect network.
-type InspectOptions struct {
-	Scope   string
-	Verbose bool
-}
-
-// ConnectOptions represents the data to be used to connect a container to the
-// network.
-type ConnectOptions struct {
-	Container      string
-	EndpointConfig *EndpointSettings `json:",omitempty"`
-}
-
-// DisconnectOptions represents the data to be used to disconnect a container
-// from the network.
-type DisconnectOptions struct {
-	Container string
-	Force     bool
-}
-
-// Inspect is the body of the "get network" http response message.
-type Inspect struct {
-	Name       string                      // Name is the name of the network
-	ID         string                      `json:"Id"` // ID uniquely identifies a network on a single machine
-	Created    time.Time                   // Created is the time the network created
-	Scope      string                      // Scope describes the level at which the network exists (e.g. `swarm` for cluster-wide or `local` for machine level)
-	Driver     string                      // Driver is the Driver name used to create the network (e.g. `bridge`, `overlay`)
-	EnableIPv4 bool                        // EnableIPv4 represents whether IPv4 is enabled
-	EnableIPv6 bool                        // EnableIPv6 represents whether IPv6 is enabled
-	IPAM       IPAM                        // IPAM is the network's IP Address Management
-	Internal   bool                        // Internal represents if the network is used internal only
-	Attachable bool                        // Attachable represents if the global scope is manually attachable by regular containers from workers in swarm mode.
-	Ingress    bool                        // Ingress indicates the network is providing the routing-mesh for the swarm cluster.
-	ConfigFrom ConfigReference             // ConfigFrom specifies the source which will provide the configuration for this network.
-	ConfigOnly bool                        // ConfigOnly networks are place-holder networks for network configurations to be used by other networks. ConfigOnly networks cannot be used directly to run containers or services.
-	Containers map[string]EndpointResource // Containers contains endpoints belonging to the network
-	Options    map[string]string           // Options holds the network specific options to use for when creating the network
-	Labels     map[string]string           // Labels holds metadata specific to the network being created
-	Peers      []PeerInfo                  `json:",omitempty"` // List of peer nodes for an overlay network
-	Services   map[string]ServiceInfo      `json:",omitempty"`
-}
-
-// Summary is used as response when listing networks. It currently is an alias
-// for [Inspect], but may diverge in the future, as not all information may
-// be included when listing networks.
-type Summary = Inspect
-
-// Address represents an IP address
-type Address struct {
-	Addr      string
-	PrefixLen int
-}
-
-// PeerInfo represents one peer of an overlay network
-type PeerInfo struct {
-	Name string
-	IP   string
-}
-
-// Task carries the information about one backend task
-type Task struct {
-	Name       string
-	EndpointID string
-	EndpointIP string
-	Info       map[string]string
-}
-
-// ServiceInfo represents service parameters with the list of service's tasks
-type ServiceInfo struct {
-	VIP          string
-	Ports        []string
-	LocalLBIndex int
-	Tasks        []Task
-}
-
-// EndpointResource contains network resources allocated and used for a
-// container in a network.
-type EndpointResource struct {
-	Name        string
-	EndpointID  string
-	MacAddress  string
-	IPv4Address string
-	IPv6Address string
-}
-
-// NetworkingConfig represents the container's networking configuration for each of its interfaces
-// Carries the networking configs specified in the `docker run` and `docker network connect` commands
-type NetworkingConfig struct {
-	EndpointsConfig map[string]*EndpointSettings // Endpoint configs for each connecting network
-}
-
-// ConfigReference specifies the source which provides a network's configuration
-type ConfigReference struct {
-	Network string
-}
-
-var acceptedFilters = map[string]bool{
-	"dangling": true,
-	"driver":   true,
-	"id":       true,
-	"label":    true,
-	"name":     true,
-	"scope":    true,
-	"type":     true,
-}
-
-// ValidateFilters validates the list of filter args with the available filters.
-func ValidateFilters(filter filters.Args) error {
-	return filter.Validate(acceptedFilters)
-}
-
-// PruneReport contains the response for Engine API:
-// POST "/networks/prune"
-type PruneReport struct {
-	NetworksDeleted []string
-}
diff --git a/vendor/github.com/docker/docker/api/types/plugin_interface_type.go b/vendor/github.com/docker/docker/api/types/plugin_interface_type.go
deleted file mode 100644
index c82f204e87..0000000000
--- a/vendor/github.com/docker/docker/api/types/plugin_interface_type.go
+++ /dev/null
@@ -1,21 +0,0 @@
-package types
-
-// This file was generated by the swagger tool.
-// Editing this file might prove futile when you re-run the swagger generate command
-
-// PluginInterfaceType plugin interface type
-// swagger:model PluginInterfaceType
-type PluginInterfaceType struct {
-
-	// capability
-	// Required: true
-	Capability string `json:"Capability"`
-
-	// prefix
-	// Required: true
-	Prefix string `json:"Prefix"`
-
-	// version
-	// Required: true
-	Version string `json:"Version"`
-}
diff --git a/vendor/github.com/docker/docker/api/types/plugin_responses.go b/vendor/github.com/docker/docker/api/types/plugin_responses.go
deleted file mode 100644
index 18f743fcde..0000000000
--- a/vendor/github.com/docker/docker/api/types/plugin_responses.go
+++ /dev/null
@@ -1,71 +0,0 @@
-package types
-
-import (
-	"encoding/json"
-	"fmt"
-	"sort"
-)
-
-// PluginsListResponse contains the response for the Engine API
-type PluginsListResponse []*Plugin
-
-// UnmarshalJSON implements json.Unmarshaler for PluginInterfaceType
-func (t *PluginInterfaceType) UnmarshalJSON(p []byte) error {
-	versionIndex := len(p)
-	prefixIndex := 0
-	if len(p) < 2 || p[0] != '"' || p[len(p)-1] != '"' {
-		return fmt.Errorf("%q is not a plugin interface type", p)
-	}
-	p = p[1 : len(p)-1]
-loop:
-	for i, b := range p {
-		switch b {
-		case '.':
-			prefixIndex = i
-		case '/':
-			versionIndex = i
-			break loop
-		}
-	}
-	t.Prefix = string(p[:prefixIndex])
-	t.Capability = string(p[prefixIndex+1 : versionIndex])
-	if versionIndex < len(p) {
-		t.Version = string(p[versionIndex+1:])
-	}
-	return nil
-}
-
-// MarshalJSON implements json.Marshaler for PluginInterfaceType
-func (t *PluginInterfaceType) MarshalJSON() ([]byte, error) {
-	return json.Marshal(t.String())
-}
-
-// String implements fmt.Stringer for PluginInterfaceType
-func (t PluginInterfaceType) String() string {
-	return fmt.Sprintf("%s.%s/%s", t.Prefix, t.Capability, t.Version)
-}
-
-// PluginPrivilege describes a permission the user has to accept
-// upon installing a plugin.
-type PluginPrivilege struct {
-	Name        string
-	Description string
-	Value       []string
-}
-
-// PluginPrivileges is a list of PluginPrivilege
-type PluginPrivileges []PluginPrivilege
-
-func (s PluginPrivileges) Len() int {
-	return len(s)
-}
-
-func (s PluginPrivileges) Less(i, j int) bool {
-	return s[i].Name < s[j].Name
-}
-
-func (s PluginPrivileges) Swap(i, j int) {
-	sort.Strings(s[i].Value)
-	sort.Strings(s[j].Value)
-	s[i], s[j] = s[j], s[i]
-}
diff --git a/vendor/github.com/docker/docker/api/types/registry/authconfig.go b/vendor/github.com/docker/docker/api/types/registry/authconfig.go
deleted file mode 100644
index 4c6d7ab2ba..0000000000
--- a/vendor/github.com/docker/docker/api/types/registry/authconfig.go
+++ /dev/null
@@ -1,112 +0,0 @@
-package registry
-
-import (
-	"context"
-	"encoding/base64"
-	"encoding/json"
-	"fmt"
-	"io"
-	"strings"
-)
-
-// AuthHeader is the name of the header used to send encoded registry
-// authorization credentials for registry operations (push/pull).
-const AuthHeader = "X-Registry-Auth"
-
-// RequestAuthConfig is a function interface that clients can supply
-// to retry operations after getting an authorization error.
-//
-// The function must return the [AuthHeader] value ([AuthConfig]), encoded
-// in base64url format ([RFC4648, section 5]), which can be decoded by
-// [DecodeAuthConfig].
-//
-// It must return an error if the privilege request fails.
-//
-// [RFC4648, section 5]: https://tools.ietf.org/html/rfc4648#section-5
-type RequestAuthConfig func(context.Context) (string, error)
-
-// AuthConfig contains authorization information for connecting to a Registry.
-type AuthConfig struct {
-	Username string `json:"username,omitempty"`
-	Password string `json:"password,omitempty"`
-	Auth     string `json:"auth,omitempty"`
-
-	// Email is an optional value associated with the username.
-	//
-	// Deprecated: This field is deprecated since docker 1.11 (API v1.23) and will be removed in the next release.
-	Email string `json:"email,omitempty"`
-
-	ServerAddress string `json:"serveraddress,omitempty"`
-
-	// IdentityToken is used to authenticate the user and get
-	// an access token for the registry.
-	IdentityToken string `json:"identitytoken,omitempty"`
-
-	// RegistryToken is a bearer token to be sent to a registry
-	RegistryToken string `json:"registrytoken,omitempty"`
-}
-
-// EncodeAuthConfig serializes the auth configuration as a base64url encoded
-// ([RFC4648, section 5]) JSON string for sending through the X-Registry-Auth header.
-//
-// [RFC4648, section 5]: https://tools.ietf.org/html/rfc4648#section-5
-func EncodeAuthConfig(authConfig AuthConfig) (string, error) {
-	buf, err := json.Marshal(authConfig)
-	if err != nil {
-		return "", errInvalidParameter{err}
-	}
-	return base64.URLEncoding.EncodeToString(buf), nil
-}
-
-// DecodeAuthConfig decodes base64url encoded ([RFC4648, section 5]) JSON
-// authentication information as sent through the X-Registry-Auth header.
-//
-// This function always returns an [AuthConfig], even if an error occurs. It is up
-// to the caller to decide if authentication is required, and if the error can
-// be ignored.
-//
-// [RFC4648, section 5]: https://tools.ietf.org/html/rfc4648#section-5
-func DecodeAuthConfig(authEncoded string) (*AuthConfig, error) {
-	if authEncoded == "" {
-		return &AuthConfig{}, nil
-	}
-
-	authJSON := base64.NewDecoder(base64.URLEncoding, strings.NewReader(authEncoded))
-	return decodeAuthConfigFromReader(authJSON)
-}
-
-// DecodeAuthConfigBody decodes authentication information as sent as JSON in the
-// body of a request. This function is to provide backward compatibility with old
-// clients and API versions. Current clients and API versions expect authentication
-// to be provided through the X-Registry-Auth header.
-//
-// Like [DecodeAuthConfig], this function always returns an [AuthConfig], even if an
-// error occurs. It is up to the caller to decide if authentication is required,
-// and if the error can be ignored.
-//
-// Deprecated: this function is no longer used and will be removed in the next release.
-func DecodeAuthConfigBody(rdr io.ReadCloser) (*AuthConfig, error) {
-	return decodeAuthConfigFromReader(rdr)
-}
-
-func decodeAuthConfigFromReader(rdr io.Reader) (*AuthConfig, error) {
-	authConfig := &AuthConfig{}
-	if err := json.NewDecoder(rdr).Decode(authConfig); err != nil {
-		// always return an (empty) AuthConfig to increase compatibility with
-		// the existing API.
-		return &AuthConfig{}, invalid(err)
-	}
-	return authConfig, nil
-}
-
-func invalid(err error) error {
-	return errInvalidParameter{fmt.Errorf("invalid X-Registry-Auth header: %w", err)}
-}
-
-type errInvalidParameter struct{ error }
-
-func (errInvalidParameter) InvalidParameter() {}
-
-func (e errInvalidParameter) Cause() error { return e.error }
-
-func (e errInvalidParameter) Unwrap() error { return e.error }
diff --git a/vendor/github.com/docker/docker/api/types/registry/authenticate.go b/vendor/github.com/docker/docker/api/types/registry/authenticate.go
deleted file mode 100644
index 42cac4430a..0000000000
--- a/vendor/github.com/docker/docker/api/types/registry/authenticate.go
+++ /dev/null
@@ -1,21 +0,0 @@
-package registry
-
-// ----------------------------------------------------------------------------
-// DO NOT EDIT THIS FILE
-// This file was generated by `swagger generate operation`
-//
-// See hack/generate-swagger-api.sh
-// ----------------------------------------------------------------------------
-
-// AuthenticateOKBody authenticate o k body
-// swagger:model AuthenticateOKBody
-type AuthenticateOKBody struct {
-
-	// An opaque token used to authenticate a user after a successful login
-	// Required: true
-	IdentityToken string `json:"IdentityToken"`
-
-	// The status of the authentication
-	// Required: true
-	Status string `json:"Status"`
-}
diff --git a/vendor/github.com/docker/docker/api/types/registry/registry.go b/vendor/github.com/docker/docker/api/types/registry/registry.go
deleted file mode 100644
index 9319c964cd..0000000000
--- a/vendor/github.com/docker/docker/api/types/registry/registry.go
+++ /dev/null
@@ -1,122 +0,0 @@
-// FIXME(thaJeztah): remove once we are a module; the go:build directive prevents go from downgrading language version to go1.16:
-//go:build go1.23
-
-package registry
-
-import (
-	"encoding/json"
-	"net"
-
-	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
-)
-
-// ServiceConfig stores daemon registry services configuration.
-type ServiceConfig struct {
-	AllowNondistributableArtifactsCIDRs     []*NetIPNet `json:"AllowNondistributableArtifactsCIDRs,omitempty"`     // Deprecated: non-distributable artifacts are deprecated and enabled by default. This field will be removed in the next release.
-	AllowNondistributableArtifactsHostnames []string    `json:"AllowNondistributableArtifactsHostnames,omitempty"` // Deprecated: non-distributable artifacts are deprecated and enabled by default. This field will be removed in the next release.
-
-	InsecureRegistryCIDRs []*NetIPNet           `json:"InsecureRegistryCIDRs"`
-	IndexConfigs          map[string]*IndexInfo `json:"IndexConfigs"`
-	Mirrors               []string
-
-	// ExtraFields is for internal use to include deprecated fields on older API versions.
-	ExtraFields map[string]any `json:"-"`
-}
-
-// MarshalJSON implements a custom marshaler to include legacy fields
-// in API responses.
-func (sc *ServiceConfig) MarshalJSON() ([]byte, error) {
-	type tmp ServiceConfig
-	base, err := json.Marshal((*tmp)(sc))
-	if err != nil {
-		return nil, err
-	}
-	var merged map[string]any
-	_ = json.Unmarshal(base, &merged)
-
-	for k, v := range sc.ExtraFields {
-		merged[k] = v
-	}
-	return json.Marshal(merged)
-}
-
-// NetIPNet is the net.IPNet type, which can be marshalled and
-// unmarshalled to JSON
-type NetIPNet net.IPNet
-
-// String returns the CIDR notation of ipnet
-func (ipnet *NetIPNet) String() string {
-	return (*net.IPNet)(ipnet).String()
-}
-
-// MarshalJSON returns the JSON representation of the IPNet
-func (ipnet *NetIPNet) MarshalJSON() ([]byte, error) {
-	return json.Marshal((*net.IPNet)(ipnet).String())
-}
-
-// UnmarshalJSON sets the IPNet from a byte array of JSON
-func (ipnet *NetIPNet) UnmarshalJSON(b []byte) error {
-	var ipnetStr string
-	if err := json.Unmarshal(b, &ipnetStr); err != nil {
-		return err
-	}
-	_, cidr, err := net.ParseCIDR(ipnetStr)
-	if err != nil {
-		return err
-	}
-	*ipnet = NetIPNet(*cidr)
-	return nil
-}
-
-// IndexInfo contains information about a registry
-//
-// RepositoryInfo Examples:
-//
-//	{
-//	  "Index" : {
-//	    "Name" : "docker.io",
-//	    "Mirrors" : ["https://registry-2.docker.io/v1/", "https://registry-3.docker.io/v1/"],
-//	    "Secure" : true,
-//	    "Official" : true,
-//	  },
-//	  "RemoteName" : "library/debian",
-//	  "LocalName" : "debian",
-//	  "CanonicalName" : "docker.io/debian"
-//	  "Official" : true,
-//	}
-//
-//	{
-//	  "Index" : {
-//	    "Name" : "127.0.0.1:5000",
-//	    "Mirrors" : [],
-//	    "Secure" : false,
-//	    "Official" : false,
-//	  },
-//	  "RemoteName" : "user/repo",
-//	  "LocalName" : "127.0.0.1:5000/user/repo",
-//	  "CanonicalName" : "127.0.0.1:5000/user/repo",
-//	  "Official" : false,
-//	}
-type IndexInfo struct {
-	// Name is the name of the registry, such as "docker.io"
-	Name string
-	// Mirrors is a list of mirrors, expressed as URIs
-	Mirrors []string
-	// Secure is set to false if the registry is part of the list of
-	// insecure registries. Insecure registries accept HTTP and/or accept
-	// HTTPS with certificates from unknown CAs.
-	Secure bool
-	// Official indicates whether this is an official registry
-	Official bool
-}
-
-// DistributionInspect describes the result obtained from contacting the
-// registry to retrieve image metadata
-type DistributionInspect struct {
-	// Descriptor contains information about the manifest, including
-	// the content addressable digest
-	Descriptor ocispec.Descriptor
-	// Platforms contains the list of platforms supported by the image,
-	// obtained by parsing the manifest
-	Platforms []ocispec.Platform
-}
diff --git a/vendor/github.com/docker/docker/api/types/strslice/strslice.go b/vendor/github.com/docker/docker/api/types/strslice/strslice.go
deleted file mode 100644
index bad493fb89..0000000000
--- a/vendor/github.com/docker/docker/api/types/strslice/strslice.go
+++ /dev/null
@@ -1,30 +0,0 @@
-package strslice
-
-import "encoding/json"
-
-// StrSlice represents a string or an array of strings.
-// We need to override the json decoder to accept both options.
-type StrSlice []string
-
-// UnmarshalJSON decodes the byte slice whether it's a string or an array of
-// strings. This method is needed to implement json.Unmarshaler.
-func (e *StrSlice) UnmarshalJSON(b []byte) error {
-	if len(b) == 0 {
-		// With no input, we preserve the existing value by returning nil and
-		// leaving the target alone. This allows defining default values for
-		// the type.
-		return nil
-	}
-
-	p := make([]string, 0, 1)
-	if err := json.Unmarshal(b, &p); err != nil {
-		var s string
-		if err := json.Unmarshal(b, &s); err != nil {
-			return err
-		}
-		p = append(p, s)
-	}
-
-	*e = p
-	return nil
-}
diff --git a/vendor/github.com/docker/docker/api/types/swarm/runtime/runtime.go b/vendor/github.com/docker/docker/api/types/swarm/runtime/runtime.go
deleted file mode 100644
index 95176b2681..0000000000
--- a/vendor/github.com/docker/docker/api/types/swarm/runtime/runtime.go
+++ /dev/null
@@ -1,27 +0,0 @@
-package runtime
-
-import "fmt"
-
-// PluginSpec defines the base payload which clients can specify for creating
-// a service with the plugin runtime.
-type PluginSpec struct {
-	Name       string             `json:"name,omitempty"`
-	Remote     string             `json:"remote,omitempty"`
-	Privileges []*PluginPrivilege `json:"privileges,omitempty"`
-	Disabled   bool               `json:"disabled,omitempty"`
-	Env        []string           `json:"env,omitempty"`
-}
-
-// PluginPrivilege describes a permission the user has to accept
-// upon installing a plugin.
-type PluginPrivilege struct {
-	Name        string   `json:"name,omitempty"`
-	Description string   `json:"description,omitempty"`
-	Value       []string `json:"value,omitempty"`
-}
-
-var (
-	ErrInvalidLengthPlugin        = fmt.Errorf("proto: negative length found during unmarshaling") // Deprecated: this error was only used internally and is no longer used.
-	ErrIntOverflowPlugin          = fmt.Errorf("proto: integer overflow")                          // Deprecated: this error was only used internally and is no longer used.
-	ErrUnexpectedEndOfGroupPlugin = fmt.Errorf("proto: unexpected end of group")                   // Deprecated: this error was only used internally and is no longer used.
-)
diff --git a/vendor/github.com/docker/docker/api/types/system/security_opts.go b/vendor/github.com/docker/docker/api/types/system/security_opts.go
deleted file mode 100644
index edff3eb1ac..0000000000
--- a/vendor/github.com/docker/docker/api/types/system/security_opts.go
+++ /dev/null
@@ -1,48 +0,0 @@
-package system
-
-import (
-	"errors"
-	"fmt"
-	"strings"
-)
-
-// SecurityOpt contains the name and options of a security option
-type SecurityOpt struct {
-	Name    string
-	Options []KeyValue
-}
-
-// DecodeSecurityOptions decodes a security options string slice to a
-// type-safe [SecurityOpt].
-func DecodeSecurityOptions(opts []string) ([]SecurityOpt, error) {
-	so := []SecurityOpt{}
-	for _, opt := range opts {
-		// support output from a < 1.13 docker daemon
-		if !strings.Contains(opt, "=") {
-			so = append(so, SecurityOpt{Name: opt})
-			continue
-		}
-		secopt := SecurityOpt{}
-		for _, s := range strings.Split(opt, ",") {
-			k, v, ok := strings.Cut(s, "=")
-			if !ok {
-				return nil, fmt.Errorf("invalid security option %q", s)
-			}
-			if k == "" || v == "" {
-				return nil, errors.New("invalid empty security option")
-			}
-			if k == "name" {
-				secopt.Name = v
-				continue
-			}
-			secopt.Options = append(secopt.Options, KeyValue{Key: k, Value: v})
-		}
-		so = append(so, secopt)
-	}
-	return so, nil
-}
-
-// KeyValue holds a key/value pair.
-type KeyValue struct {
-	Key, Value string
-}
diff --git a/vendor/github.com/docker/docker/api/types/types.go b/vendor/github.com/docker/docker/api/types/types.go
deleted file mode 100644
index 8bbadeb208..0000000000
--- a/vendor/github.com/docker/docker/api/types/types.go
+++ /dev/null
@@ -1,103 +0,0 @@
-package types
-
-import (
-	"github.com/docker/docker/api/types/build"
-	"github.com/docker/docker/api/types/container"
-	"github.com/docker/docker/api/types/image"
-	"github.com/docker/docker/api/types/swarm"
-	"github.com/docker/docker/api/types/volume"
-)
-
-const (
-	// MediaTypeRawStream is vendor specific MIME-Type set for raw TTY streams
-	MediaTypeRawStream = "application/vnd.docker.raw-stream"
-
-	// MediaTypeMultiplexedStream is vendor specific MIME-Type set for stdin/stdout/stderr multiplexed streams
-	MediaTypeMultiplexedStream = "application/vnd.docker.multiplexed-stream"
-)
-
-// Ping contains response of Engine API:
-// GET "/_ping"
-type Ping struct {
-	APIVersion     string
-	OSType         string
-	Experimental   bool
-	BuilderVersion build.BuilderVersion
-
-	// SwarmStatus provides information about the current swarm status of the
-	// engine, obtained from the "Swarm" header in the API response.
-	//
-	// It can be a nil struct if the API version does not provide this header
-	// in the ping response, or if an error occurred, in which case the client
-	// should use other ways to get the current swarm status, such as the /swarm
-	// endpoint.
-	SwarmStatus *swarm.Status
-}
-
-// ComponentVersion describes the version information for a specific component.
-type ComponentVersion struct {
-	Name    string
-	Version string
-	Details map[string]string `json:",omitempty"`
-}
-
-// Version contains response of Engine API:
-// GET "/version"
-type Version struct {
-	Platform   struct{ Name string } `json:",omitempty"`
-	Components []ComponentVersion    `json:",omitempty"`
-
-	// The following fields are deprecated, they relate to the Engine component and are kept for backwards compatibility
-
-	Version       string
-	APIVersion    string `json:"ApiVersion"`
-	MinAPIVersion string `json:"MinAPIVersion,omitempty"`
-	GitCommit     string
-	GoVersion     string
-	Os            string
-	Arch          string
-	KernelVersion string `json:",omitempty"`
-	Experimental  bool   `json:",omitempty"`
-	BuildTime     string `json:",omitempty"`
-}
-
-// DiskUsageObject represents an object type used for disk usage query filtering.
-type DiskUsageObject string
-
-const (
-	// ContainerObject represents a container DiskUsageObject.
-	ContainerObject DiskUsageObject = "container"
-	// ImageObject represents an image DiskUsageObject.
-	ImageObject DiskUsageObject = "image"
-	// VolumeObject represents a volume DiskUsageObject.
-	VolumeObject DiskUsageObject = "volume"
-	// BuildCacheObject represents a build-cache DiskUsageObject.
-	BuildCacheObject DiskUsageObject = "build-cache"
-)
-
-// DiskUsageOptions holds parameters for system disk usage query.
-type DiskUsageOptions struct {
-	// Types specifies what object types to include in the response. If empty,
-	// all object types are returned.
-	Types []DiskUsageObject
-}
-
-// DiskUsage contains response of Engine API:
-// GET "/system/df"
-type DiskUsage struct {
-	LayersSize  int64
-	Images      []*image.Summary
-	Containers  []*container.Summary
-	Volumes     []*volume.Volume
-	BuildCache  []*build.CacheRecord
-	BuilderSize int64 `json:",omitempty"` // Deprecated: deprecated in API 1.38, and no longer used since API 1.40.
-}
-
-// PushResult contains the tag, manifest digest, and manifest size from the
-// push. It's used to signal this information to the trust code in the client
-// so it can sign the manifest if necessary.
-type PushResult struct {
-	Tag    string
-	Digest string
-	Size   int
-}
diff --git a/vendor/github.com/docker/docker/api/types/types_deprecated.go b/vendor/github.com/docker/docker/api/types/types_deprecated.go
deleted file mode 100644
index c9c20b8736..0000000000
--- a/vendor/github.com/docker/docker/api/types/types_deprecated.go
+++ /dev/null
@@ -1,242 +0,0 @@
-package types
-
-import (
-	"context"
-
-	"github.com/docker/docker/api/types/build"
-	"github.com/docker/docker/api/types/common"
-	"github.com/docker/docker/api/types/container"
-	"github.com/docker/docker/api/types/image"
-	"github.com/docker/docker/api/types/storage"
-	"github.com/docker/docker/api/types/swarm"
-)
-
-// IDResponse Response to an API call that returns just an Id.
-//
-// Deprecated: use either [container.CommitResponse] or [container.ExecCreateResponse]. It will be removed in the next release.
-type IDResponse = common.IDResponse
-
-// ContainerJSONBase contains response of Engine API GET "/containers/{name:.*}/json"
-// for API version 1.18 and older.
-//
-// Deprecated: use [container.InspectResponse] or [container.ContainerJSONBase]. It will be removed in the next release.
-type ContainerJSONBase = container.ContainerJSONBase
-
-// ContainerJSON is the response for the GET "/containers/{name:.*}/json"
-// endpoint.
-//
-// Deprecated: use [container.InspectResponse]. It will be removed in the next release.
-type ContainerJSON = container.InspectResponse
-
-// Container contains response of Engine API:
-// GET "/containers/json"
-//
-// Deprecated: use [container.Summary].
-type Container = container.Summary
-
-// ContainerState stores container's running state
-//
-// Deprecated: use [container.State].
-type ContainerState = container.State
-
-// NetworkSettings exposes the network settings in the api.
-//
-// Deprecated: use [container.NetworkSettings].
-type NetworkSettings = container.NetworkSettings
-
-// NetworkSettingsBase holds networking state for a container when inspecting it.
-//
-// Deprecated: [container.NetworkSettingsBase] will be removed in v29. Prefer
-// accessing the fields it contains through [container.NetworkSettings].
-type NetworkSettingsBase = container.NetworkSettingsBase //nolint:staticcheck // ignore SA1019: NetworkSettingsBase is deprecated in v28.4.
-
-// DefaultNetworkSettings holds network information
-// during the 2 release deprecation period.
-// It will be removed in Docker 1.11.
-//
-// Deprecated: use [container.DefaultNetworkSettings].
-type DefaultNetworkSettings = container.DefaultNetworkSettings //nolint:staticcheck // ignore SA1019: DefaultNetworkSettings is deprecated in v28.4.
-
-// SummaryNetworkSettings provides a summary of container's networks
-// in /containers/json.
-//
-// Deprecated: use [container.NetworkSettingsSummary].
-type SummaryNetworkSettings = container.NetworkSettingsSummary
-
-// Health states
-const (
-	NoHealthcheck = container.NoHealthcheck // Deprecated: use [container.NoHealthcheck].
-	Starting      = container.Starting      // Deprecated: use [container.Starting].
-	Healthy       = container.Healthy       // Deprecated: use [container.Healthy].
-	Unhealthy     = container.Unhealthy     // Deprecated: use [container.Unhealthy].
-)
-
-// Health stores information about the container's healthcheck results.
-//
-// Deprecated: use [container.Health].
-type Health = container.Health
-
-// HealthcheckResult stores information about a single run of a healthcheck probe.
-//
-// Deprecated: use [container.HealthcheckResult].
-type HealthcheckResult = container.HealthcheckResult
-
-// MountPoint represents a mount point configuration inside the container.
-// This is used for reporting the mountpoints in use by a container.
-//
-// Deprecated: use [container.MountPoint].
-type MountPoint = container.MountPoint
-
-// Port An open port on a container
-//
-// Deprecated: use [container.Port].
-type Port = container.Port
-
-// GraphDriverData Information about the storage driver used to store the container's and
-// image's filesystem.
-//
-// Deprecated: use [storage.DriverData].
-type GraphDriverData = storage.DriverData
-
-// RootFS returns Image's RootFS description including the layer IDs.
-//
-// Deprecated: use [image.RootFS].
-type RootFS = image.RootFS
-
-// ImageInspect contains response of Engine API:
-// GET "/images/{name:.*}/json"
-//
-// Deprecated: use [image.InspectResponse].
-type ImageInspect = image.InspectResponse
-
-// RequestPrivilegeFunc is a function interface that clients can supply to
-// retry operations after getting an authorization error.
-// This function returns the registry authentication header value in base64
-// format, or an error if the privilege request fails.
-//
-// Deprecated: moved to [github.com/docker/docker/api/types/registry.RequestAuthConfig].
-type RequestPrivilegeFunc func(context.Context) (string, error)
-
-// SecretCreateResponse contains the information returned to a client
-// on the creation of a new secret.
-//
-// Deprecated: use [swarm.SecretCreateResponse].
-type SecretCreateResponse = swarm.SecretCreateResponse
-
-// SecretListOptions holds parameters to list secrets
-//
-// Deprecated: use [swarm.SecretListOptions].
-type SecretListOptions = swarm.SecretListOptions
-
-// ConfigCreateResponse contains the information returned to a client
-// on the creation of a new config.
-//
-// Deprecated: use [swarm.ConfigCreateResponse].
-type ConfigCreateResponse = swarm.ConfigCreateResponse
-
-// ConfigListOptions holds parameters to list configs
-//
-// Deprecated: use [swarm.ConfigListOptions].
-type ConfigListOptions = swarm.ConfigListOptions
-
-// NodeListOptions holds parameters to list nodes with.
-//
-// Deprecated: use [swarm.NodeListOptions].
-type NodeListOptions = swarm.NodeListOptions
-
-// NodeRemoveOptions holds parameters to remove nodes with.
-//
-// Deprecated: use [swarm.NodeRemoveOptions].
-type NodeRemoveOptions = swarm.NodeRemoveOptions
-
-// TaskListOptions holds parameters to list tasks with.
-//
-// Deprecated: use [swarm.TaskListOptions].
-type TaskListOptions = swarm.TaskListOptions
-
-// ServiceCreateOptions contains the options to use when creating a service.
-//
-// Deprecated: use [swarm.ServiceCreateOptions].
-type ServiceCreateOptions = swarm.ServiceCreateOptions
-
-// ServiceUpdateOptions contains the options to be used for updating services.
-//
-// Deprecated: use [swarm.ServiceCreateOptions].
-type ServiceUpdateOptions = swarm.ServiceUpdateOptions
-
-const (
-	RegistryAuthFromSpec         = swarm.RegistryAuthFromSpec         // Deprecated: use [swarm.RegistryAuthFromSpec].
-	RegistryAuthFromPreviousSpec = swarm.RegistryAuthFromPreviousSpec // Deprecated: use [swarm.RegistryAuthFromPreviousSpec].
-)
-
-// ServiceListOptions holds parameters to list services with.
-//
-// Deprecated: use [swarm.ServiceListOptions].
-type ServiceListOptions = swarm.ServiceListOptions
-
-// ServiceInspectOptions holds parameters related to the "service inspect"
-// operation.
-//
-// Deprecated: use [swarm.ServiceInspectOptions].
-type ServiceInspectOptions = swarm.ServiceInspectOptions
-
-// SwarmUnlockKeyResponse contains the response for Engine API:
-// GET /swarm/unlockkey
-//
-// Deprecated: use [swarm.UnlockKeyResponse].
-type SwarmUnlockKeyResponse = swarm.UnlockKeyResponse
-
-// BuildCache contains information about a build cache record.
-//
-// Deprecated: deprecated in API 1.49. Use [build.CacheRecord] instead.
-type BuildCache = build.CacheRecord
-
-// BuildCachePruneOptions hold parameters to prune the build cache
-//
-// Deprecated: use [build.CachePruneOptions].
-type BuildCachePruneOptions = build.CachePruneOptions
-
-// BuildCachePruneReport contains the response for Engine API:
-// POST "/build/prune"
-//
-// Deprecated: use [build.CachePruneReport].
-type BuildCachePruneReport = build.CachePruneReport
-
-// BuildResult contains the image id of a successful build/
-//
-// Deprecated: use [build.Result].
-type BuildResult = build.Result
-
-// ImageBuildOptions holds the information
-// necessary to build images.
-//
-// Deprecated: use [build.ImageBuildOptions].
-type ImageBuildOptions = build.ImageBuildOptions
-
-// ImageBuildOutput defines configuration for exporting a build result
-//
-// Deprecated: use [build.ImageBuildOutput].
-type ImageBuildOutput = build.ImageBuildOutput
-
-// ImageBuildResponse holds information
-// returned by a server after building
-// an image.
-//
-// Deprecated: use [build.ImageBuildResponse].
-type ImageBuildResponse = build.ImageBuildResponse
-
-// BuilderVersion sets the version of underlying builder to use
-//
-// Deprecated: use [build.BuilderVersion].
-type BuilderVersion = build.BuilderVersion
-
-const (
-	// BuilderV1 is the first generation builder in docker daemon
-	//
-	// Deprecated: use [build.BuilderV1].
-	BuilderV1 = build.BuilderV1
-	// BuilderBuildKit is builder based on moby/buildkit project
-	//
-	// Deprecated: use [build.BuilderBuildKit].
-	BuilderBuildKit = build.BuilderBuildKit
-)
diff --git a/vendor/github.com/docker/docker/api/types/volume/disk_usage.go b/vendor/github.com/docker/docker/api/types/volume/disk_usage.go
deleted file mode 100644
index 88974303a0..0000000000
--- a/vendor/github.com/docker/docker/api/types/volume/disk_usage.go
+++ /dev/null
@@ -1,10 +0,0 @@
-package volume
-
-// DiskUsage contains disk usage for volumes.
-//
-// Deprecated: this type is no longer used and will be removed in the next release.
-type DiskUsage struct {
-	TotalSize   int64
-	Reclaimable int64
-	Items       []*Volume
-}
diff --git a/vendor/github.com/docker/docker/api/types/volume/volume_update.go b/vendor/github.com/docker/docker/api/types/volume/volume_update.go
deleted file mode 100644
index c26ed44c6c..0000000000
--- a/vendor/github.com/docker/docker/api/types/volume/volume_update.go
+++ /dev/null
@@ -1,7 +0,0 @@
-package volume
-
-// UpdateOptions is configuration to update a Volume with.
-type UpdateOptions struct {
-	// Spec is the ClusterVolumeSpec to update the volume to.
-	Spec *ClusterVolumeSpec `json:"Spec,omitempty"`
-}
diff --git a/vendor/github.com/docker/docker/client/README.md b/vendor/github.com/docker/docker/client/README.md
deleted file mode 100644
index f8af3ab903..0000000000
--- a/vendor/github.com/docker/docker/client/README.md
+++ /dev/null
@@ -1,38 +0,0 @@
-# Go client for the Docker Engine API
-
-The `docker` command uses this package to communicate with the daemon. It can
-also be used by your own Go applications to do anything the command-line
-interface does – running containers, pulling images, managing swarms, etc.
-
-For example, to list all containers (the equivalent of `docker ps --all`):
-
-```go
-package main
-
-import (
-	"context"
-	"fmt"
-
-	"github.com/docker/docker/api/types/container"
-	"github.com/docker/docker/client"
-)
-
-func main() {
-	apiClient, err := client.NewClientWithOpts(client.FromEnv)
-	if err != nil {
-		panic(err)
-	}
-	defer apiClient.Close()
-
-	containers, err := apiClient.ContainerList(context.Background(), container.ListOptions{All: true})
-	if err != nil {
-		panic(err)
-	}
-
-	for _, ctr := range containers {
-		fmt.Printf("%s %s (status: %s)\n", ctr.ID, ctr.Image, ctr.Status)
-	}
-}
-```
-
-[Full documentation is available on pkg.go.dev.](https://pkg.go.dev/github.com/docker/docker/client)
diff --git a/vendor/github.com/docker/docker/client/build_cancel.go b/vendor/github.com/docker/docker/client/build_cancel.go
deleted file mode 100644
index a5eeb81722..0000000000
--- a/vendor/github.com/docker/docker/client/build_cancel.go
+++ /dev/null
@@ -1,16 +0,0 @@
-package client
-
-import (
-	"context"
-	"net/url"
-)
-
-// BuildCancel requests the daemon to cancel the ongoing build request.
-func (cli *Client) BuildCancel(ctx context.Context, id string) error {
-	query := url.Values{}
-	query.Set("id", id)
-
-	resp, err := cli.post(ctx, "/build/cancel", query, nil, nil)
-	ensureReaderClosed(resp)
-	return err
-}
diff --git a/vendor/github.com/docker/docker/client/build_prune.go b/vendor/github.com/docker/docker/client/build_prune.go
deleted file mode 100644
index 6f0f59e30d..0000000000
--- a/vendor/github.com/docker/docker/client/build_prune.go
+++ /dev/null
@@ -1,56 +0,0 @@
-package client
-
-import (
-	"context"
-	"encoding/json"
-	"net/url"
-	"strconv"
-
-	"github.com/docker/docker/api/types/build"
-	"github.com/docker/docker/api/types/filters"
-	"github.com/pkg/errors"
-)
-
-// BuildCachePrune requests the daemon to delete unused cache data
-func (cli *Client) BuildCachePrune(ctx context.Context, opts build.CachePruneOptions) (*build.CachePruneReport, error) {
-	if err := cli.NewVersionError(ctx, "1.31", "build prune"); err != nil {
-		return nil, err
-	}
-
-	query := url.Values{}
-	if opts.All {
-		query.Set("all", "1")
-	}
-
-	if opts.KeepStorage != 0 {
-		query.Set("keep-storage", strconv.Itoa(int(opts.KeepStorage)))
-	}
-	if opts.ReservedSpace != 0 {
-		query.Set("reserved-space", strconv.Itoa(int(opts.ReservedSpace)))
-	}
-	if opts.MaxUsedSpace != 0 {
-		query.Set("max-used-space", strconv.Itoa(int(opts.MaxUsedSpace)))
-	}
-	if opts.MinFreeSpace != 0 {
-		query.Set("min-free-space", strconv.Itoa(int(opts.MinFreeSpace)))
-	}
-	f, err := filters.ToJSON(opts.Filters)
-	if err != nil {
-		return nil, errors.Wrap(err, "prune could not marshal filters option")
-	}
-	query.Set("filters", f)
-
-	resp, err := cli.post(ctx, "/build/prune", query, nil, nil)
-	defer ensureReaderClosed(resp)
-
-	if err != nil {
-		return nil, err
-	}
-
-	report := build.CachePruneReport{}
-	if err := json.NewDecoder(resp.Body).Decode(&report); err != nil {
-		return nil, errors.Wrap(err, "error retrieving disk usage")
-	}
-
-	return &report, nil
-}
diff --git a/vendor/github.com/docker/docker/client/checkpoint.go b/vendor/github.com/docker/docker/client/checkpoint.go
deleted file mode 100644
index d020574c89..0000000000
--- a/vendor/github.com/docker/docker/client/checkpoint.go
+++ /dev/null
@@ -1,18 +0,0 @@
-package client
-
-import (
-	"context"
-
-	"github.com/docker/docker/api/types/checkpoint"
-)
-
-// CheckpointAPIClient defines API client methods for the checkpoints.
-//
-// Experimental: checkpoint and restore is still an experimental feature,
-// and only available if the daemon is running with experimental features
-// enabled.
-type CheckpointAPIClient interface {
-	CheckpointCreate(ctx context.Context, container string, options checkpoint.CreateOptions) error
-	CheckpointDelete(ctx context.Context, container string, options checkpoint.DeleteOptions) error
-	CheckpointList(ctx context.Context, container string, options checkpoint.ListOptions) ([]checkpoint.Summary, error)
-}
diff --git a/vendor/github.com/docker/docker/client/checkpoint_create.go b/vendor/github.com/docker/docker/client/checkpoint_create.go
deleted file mode 100644
index 961a5fe62f..0000000000
--- a/vendor/github.com/docker/docker/client/checkpoint_create.go
+++ /dev/null
@@ -1,19 +0,0 @@
-package client
-
-import (
-	"context"
-
-	"github.com/docker/docker/api/types/checkpoint"
-)
-
-// CheckpointCreate creates a checkpoint from the given container with the given name
-func (cli *Client) CheckpointCreate(ctx context.Context, containerID string, options checkpoint.CreateOptions) error {
-	containerID, err := trimID("container", containerID)
-	if err != nil {
-		return err
-	}
-
-	resp, err := cli.post(ctx, "/containers/"+containerID+"/checkpoints", nil, options, nil)
-	ensureReaderClosed(resp)
-	return err
-}
diff --git a/vendor/github.com/docker/docker/client/checkpoint_delete.go b/vendor/github.com/docker/docker/client/checkpoint_delete.go
deleted file mode 100644
index 4c51b25f24..0000000000
--- a/vendor/github.com/docker/docker/client/checkpoint_delete.go
+++ /dev/null
@@ -1,25 +0,0 @@
-package client
-
-import (
-	"context"
-	"net/url"
-
-	"github.com/docker/docker/api/types/checkpoint"
-)
-
-// CheckpointDelete deletes the checkpoint with the given name from the given container
-func (cli *Client) CheckpointDelete(ctx context.Context, containerID string, options checkpoint.DeleteOptions) error {
-	containerID, err := trimID("container", containerID)
-	if err != nil {
-		return err
-	}
-
-	query := url.Values{}
-	if options.CheckpointDir != "" {
-		query.Set("dir", options.CheckpointDir)
-	}
-
-	resp, err := cli.delete(ctx, "/containers/"+containerID+"/checkpoints/"+options.CheckpointID, query, nil)
-	ensureReaderClosed(resp)
-	return err
-}
diff --git a/vendor/github.com/docker/docker/client/checkpoint_list.go b/vendor/github.com/docker/docker/client/checkpoint_list.go
deleted file mode 100644
index 8164c7668b..0000000000
--- a/vendor/github.com/docker/docker/client/checkpoint_list.go
+++ /dev/null
@@ -1,28 +0,0 @@
-package client
-
-import (
-	"context"
-	"encoding/json"
-	"net/url"
-
-	"github.com/docker/docker/api/types/checkpoint"
-)
-
-// CheckpointList returns the checkpoints of the given container in the docker host
-func (cli *Client) CheckpointList(ctx context.Context, container string, options checkpoint.ListOptions) ([]checkpoint.Summary, error) {
-	var checkpoints []checkpoint.Summary
-
-	query := url.Values{}
-	if options.CheckpointDir != "" {
-		query.Set("dir", options.CheckpointDir)
-	}
-
-	resp, err := cli.get(ctx, "/containers/"+container+"/checkpoints", query, nil)
-	defer ensureReaderClosed(resp)
-	if err != nil {
-		return checkpoints, err
-	}
-
-	err = json.NewDecoder(resp.Body).Decode(&checkpoints)
-	return checkpoints, err
-}
diff --git a/vendor/github.com/docker/docker/client/client_deprecated.go b/vendor/github.com/docker/docker/client/client_deprecated.go
deleted file mode 100644
index 9e366ce20d..0000000000
--- a/vendor/github.com/docker/docker/client/client_deprecated.go
+++ /dev/null
@@ -1,27 +0,0 @@
-package client
-
-import "net/http"
-
-// NewClient initializes a new API client for the given host and API version.
-// It uses the given http client as transport.
-// It also initializes the custom http headers to add to each request.
-//
-// It won't send any version information if the version number is empty. It is
-// highly recommended that you set a version or your client may break if the
-// server is upgraded.
-//
-// Deprecated: use [NewClientWithOpts] passing the [WithHost], [WithVersion],
-// [WithHTTPClient] and [WithHTTPHeaders] options. We recommend enabling API
-// version negotiation by passing the [WithAPIVersionNegotiation] option instead
-// of WithVersion.
-func NewClient(host string, version string, client *http.Client, httpHeaders map[string]string) (*Client, error) {
-	return NewClientWithOpts(WithHost(host), WithVersion(version), WithHTTPClient(client), WithHTTPHeaders(httpHeaders))
-}
-
-// NewEnvClient initializes a new API client based on environment variables.
-// See FromEnv for a list of support environment variables.
-//
-// Deprecated: use [NewClientWithOpts] passing the [FromEnv] option.
-func NewEnvClient() (*Client, error) {
-	return NewClientWithOpts(FromEnv)
-}
diff --git a/vendor/github.com/docker/docker/client/client_interfaces.go b/vendor/github.com/docker/docker/client/client_interfaces.go
deleted file mode 100644
index df7aad430c..0000000000
--- a/vendor/github.com/docker/docker/client/client_interfaces.go
+++ /dev/null
@@ -1,237 +0,0 @@
-package client
-
-import (
-	"context"
-	"io"
-	"net"
-	"net/http"
-
-	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/api/types/build"
-	"github.com/docker/docker/api/types/container"
-	"github.com/docker/docker/api/types/events"
-	"github.com/docker/docker/api/types/filters"
-	"github.com/docker/docker/api/types/image"
-	"github.com/docker/docker/api/types/network"
-	"github.com/docker/docker/api/types/registry"
-	"github.com/docker/docker/api/types/swarm"
-	"github.com/docker/docker/api/types/system"
-	"github.com/docker/docker/api/types/volume"
-	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
-)
-
-// CommonAPIClient is the common methods between stable and experimental versions of APIClient.
-//
-// Deprecated: use [APIClient] instead. This type will be an alias for [APIClient] in the next release, and removed after.
-type CommonAPIClient = stableAPIClient
-
-// APIClient is an interface that clients that talk with a docker server must implement.
-type APIClient interface {
-	stableAPIClient
-	CheckpointAPIClient // CheckpointAPIClient is still experimental.
-}
-
-type stableAPIClient interface {
-	ConfigAPIClient
-	ContainerAPIClient
-	DistributionAPIClient
-	ImageAPIClient
-	NetworkAPIClient
-	PluginAPIClient
-	SystemAPIClient
-	VolumeAPIClient
-	ClientVersion() string
-	DaemonHost() string
-	HTTPClient() *http.Client
-	ServerVersion(ctx context.Context) (types.Version, error)
-	NegotiateAPIVersion(ctx context.Context)
-	NegotiateAPIVersionPing(types.Ping)
-	HijackDialer
-	Dialer() func(context.Context) (net.Conn, error)
-	Close() error
-	SwarmManagementAPIClient
-}
-
-// SwarmManagementAPIClient defines all methods for managing Swarm-specific
-// objects.
-type SwarmManagementAPIClient interface {
-	SwarmAPIClient
-	NodeAPIClient
-	ServiceAPIClient
-	SecretAPIClient
-	ConfigAPIClient
-}
-
-// HijackDialer defines methods for a hijack dialer.
-type HijackDialer interface {
-	DialHijack(ctx context.Context, url, proto string, meta map[string][]string) (net.Conn, error)
-}
-
-// ContainerAPIClient defines API client methods for the containers
-type ContainerAPIClient interface {
-	ContainerAttach(ctx context.Context, container string, options container.AttachOptions) (types.HijackedResponse, error)
-	ContainerCommit(ctx context.Context, container string, options container.CommitOptions) (container.CommitResponse, error)
-	ContainerCreate(ctx context.Context, config *container.Config, hostConfig *container.HostConfig, networkingConfig *network.NetworkingConfig, platform *ocispec.Platform, containerName string) (container.CreateResponse, error)
-	ContainerDiff(ctx context.Context, container string) ([]container.FilesystemChange, error)
-	ContainerExecAttach(ctx context.Context, execID string, options container.ExecAttachOptions) (types.HijackedResponse, error)
-	ContainerExecCreate(ctx context.Context, container string, options container.ExecOptions) (container.ExecCreateResponse, error)
-	ContainerExecInspect(ctx context.Context, execID string) (container.ExecInspect, error)
-	ContainerExecResize(ctx context.Context, execID string, options container.ResizeOptions) error
-	ContainerExecStart(ctx context.Context, execID string, options container.ExecStartOptions) error
-	ContainerExport(ctx context.Context, container string) (io.ReadCloser, error)
-	ContainerInspect(ctx context.Context, container string) (container.InspectResponse, error)
-	ContainerInspectWithRaw(ctx context.Context, container string, getSize bool) (container.InspectResponse, []byte, error)
-	ContainerKill(ctx context.Context, container, signal string) error
-	ContainerList(ctx context.Context, options container.ListOptions) ([]container.Summary, error)
-	ContainerLogs(ctx context.Context, container string, options container.LogsOptions) (io.ReadCloser, error)
-	ContainerPause(ctx context.Context, container string) error
-	ContainerRemove(ctx context.Context, container string, options container.RemoveOptions) error
-	ContainerRename(ctx context.Context, container, newContainerName string) error
-	ContainerResize(ctx context.Context, container string, options container.ResizeOptions) error
-	ContainerRestart(ctx context.Context, container string, options container.StopOptions) error
-	ContainerStatPath(ctx context.Context, container, path string) (container.PathStat, error)
-	ContainerStats(ctx context.Context, container string, stream bool) (container.StatsResponseReader, error)
-	ContainerStatsOneShot(ctx context.Context, container string) (container.StatsResponseReader, error)
-	ContainerStart(ctx context.Context, container string, options container.StartOptions) error
-	ContainerStop(ctx context.Context, container string, options container.StopOptions) error
-	ContainerTop(ctx context.Context, container string, arguments []string) (container.TopResponse, error)
-	ContainerUnpause(ctx context.Context, container string) error
-	ContainerUpdate(ctx context.Context, container string, updateConfig container.UpdateConfig) (container.UpdateResponse, error)
-	ContainerWait(ctx context.Context, container string, condition container.WaitCondition) (<-chan container.WaitResponse, <-chan error)
-	CopyFromContainer(ctx context.Context, container, srcPath string) (io.ReadCloser, container.PathStat, error)
-	CopyToContainer(ctx context.Context, container, path string, content io.Reader, options container.CopyToContainerOptions) error
-	ContainersPrune(ctx context.Context, pruneFilters filters.Args) (container.PruneReport, error)
-}
-
-// DistributionAPIClient defines API client methods for the registry
-type DistributionAPIClient interface {
-	DistributionInspect(ctx context.Context, image, encodedRegistryAuth string) (registry.DistributionInspect, error)
-}
-
-// ImageAPIClient defines API client methods for the images
-type ImageAPIClient interface {
-	ImageBuild(ctx context.Context, context io.Reader, options build.ImageBuildOptions) (build.ImageBuildResponse, error)
-	BuildCachePrune(ctx context.Context, opts build.CachePruneOptions) (*build.CachePruneReport, error)
-	BuildCancel(ctx context.Context, id string) error
-	ImageCreate(ctx context.Context, parentReference string, options image.CreateOptions) (io.ReadCloser, error)
-	ImageImport(ctx context.Context, source image.ImportSource, ref string, options image.ImportOptions) (io.ReadCloser, error)
-
-	ImageList(ctx context.Context, options image.ListOptions) ([]image.Summary, error)
-	ImagePull(ctx context.Context, ref string, options image.PullOptions) (io.ReadCloser, error)
-	ImagePush(ctx context.Context, ref string, options image.PushOptions) (io.ReadCloser, error)
-	ImageRemove(ctx context.Context, image string, options image.RemoveOptions) ([]image.DeleteResponse, error)
-	ImageSearch(ctx context.Context, term string, options registry.SearchOptions) ([]registry.SearchResult, error)
-	ImageTag(ctx context.Context, image, ref string) error
-	ImagesPrune(ctx context.Context, pruneFilter filters.Args) (image.PruneReport, error)
-
-	ImageInspect(ctx context.Context, image string, _ ...ImageInspectOption) (image.InspectResponse, error)
-	ImageHistory(ctx context.Context, image string, _ ...ImageHistoryOption) ([]image.HistoryResponseItem, error)
-	ImageLoad(ctx context.Context, input io.Reader, _ ...ImageLoadOption) (image.LoadResponse, error)
-	ImageSave(ctx context.Context, images []string, _ ...ImageSaveOption) (io.ReadCloser, error)
-
-	ImageAPIClientDeprecated
-}
-
-// ImageAPIClientDeprecated defines deprecated methods of the ImageAPIClient.
-type ImageAPIClientDeprecated interface {
-	// ImageInspectWithRaw returns the image information and its raw representation.
-	//
-	// Deprecated: Use [Client.ImageInspect] instead. Raw response can be obtained using the [ImageInspectWithRawResponse] option.
-	ImageInspectWithRaw(ctx context.Context, image string) (image.InspectResponse, []byte, error)
-}
-
-// NetworkAPIClient defines API client methods for the networks
-type NetworkAPIClient interface {
-	NetworkConnect(ctx context.Context, network, container string, config *network.EndpointSettings) error
-	NetworkCreate(ctx context.Context, name string, options network.CreateOptions) (network.CreateResponse, error)
-	NetworkDisconnect(ctx context.Context, network, container string, force bool) error
-	NetworkInspect(ctx context.Context, network string, options network.InspectOptions) (network.Inspect, error)
-	NetworkInspectWithRaw(ctx context.Context, network string, options network.InspectOptions) (network.Inspect, []byte, error)
-	NetworkList(ctx context.Context, options network.ListOptions) ([]network.Summary, error)
-	NetworkRemove(ctx context.Context, network string) error
-	NetworksPrune(ctx context.Context, pruneFilter filters.Args) (network.PruneReport, error)
-}
-
-// NodeAPIClient defines API client methods for the nodes
-type NodeAPIClient interface {
-	NodeInspectWithRaw(ctx context.Context, nodeID string) (swarm.Node, []byte, error)
-	NodeList(ctx context.Context, options swarm.NodeListOptions) ([]swarm.Node, error)
-	NodeRemove(ctx context.Context, nodeID string, options swarm.NodeRemoveOptions) error
-	NodeUpdate(ctx context.Context, nodeID string, version swarm.Version, node swarm.NodeSpec) error
-}
-
-// PluginAPIClient defines API client methods for the plugins
-type PluginAPIClient interface {
-	PluginList(ctx context.Context, filter filters.Args) (types.PluginsListResponse, error)
-	PluginRemove(ctx context.Context, name string, options types.PluginRemoveOptions) error
-	PluginEnable(ctx context.Context, name string, options types.PluginEnableOptions) error
-	PluginDisable(ctx context.Context, name string, options types.PluginDisableOptions) error
-	PluginInstall(ctx context.Context, name string, options types.PluginInstallOptions) (io.ReadCloser, error)
-	PluginUpgrade(ctx context.Context, name string, options types.PluginInstallOptions) (io.ReadCloser, error)
-	PluginPush(ctx context.Context, name string, registryAuth string) (io.ReadCloser, error)
-	PluginSet(ctx context.Context, name string, args []string) error
-	PluginInspectWithRaw(ctx context.Context, name string) (*types.Plugin, []byte, error)
-	PluginCreate(ctx context.Context, createContext io.Reader, options types.PluginCreateOptions) error
-}
-
-// ServiceAPIClient defines API client methods for the services
-type ServiceAPIClient interface {
-	ServiceCreate(ctx context.Context, service swarm.ServiceSpec, options swarm.ServiceCreateOptions) (swarm.ServiceCreateResponse, error)
-	ServiceInspectWithRaw(ctx context.Context, serviceID string, options swarm.ServiceInspectOptions) (swarm.Service, []byte, error)
-	ServiceList(ctx context.Context, options swarm.ServiceListOptions) ([]swarm.Service, error)
-	ServiceRemove(ctx context.Context, serviceID string) error
-	ServiceUpdate(ctx context.Context, serviceID string, version swarm.Version, service swarm.ServiceSpec, options swarm.ServiceUpdateOptions) (swarm.ServiceUpdateResponse, error)
-	ServiceLogs(ctx context.Context, serviceID string, options container.LogsOptions) (io.ReadCloser, error)
-	TaskLogs(ctx context.Context, taskID string, options container.LogsOptions) (io.ReadCloser, error)
-	TaskInspectWithRaw(ctx context.Context, taskID string) (swarm.Task, []byte, error)
-	TaskList(ctx context.Context, options swarm.TaskListOptions) ([]swarm.Task, error)
-}
-
-// SwarmAPIClient defines API client methods for the swarm
-type SwarmAPIClient interface {
-	SwarmInit(ctx context.Context, req swarm.InitRequest) (string, error)
-	SwarmJoin(ctx context.Context, req swarm.JoinRequest) error
-	SwarmGetUnlockKey(ctx context.Context) (swarm.UnlockKeyResponse, error)
-	SwarmUnlock(ctx context.Context, req swarm.UnlockRequest) error
-	SwarmLeave(ctx context.Context, force bool) error
-	SwarmInspect(ctx context.Context) (swarm.Swarm, error)
-	SwarmUpdate(ctx context.Context, version swarm.Version, swarm swarm.Spec, flags swarm.UpdateFlags) error
-}
-
-// SystemAPIClient defines API client methods for the system
-type SystemAPIClient interface {
-	Events(ctx context.Context, options events.ListOptions) (<-chan events.Message, <-chan error)
-	Info(ctx context.Context) (system.Info, error)
-	RegistryLogin(ctx context.Context, auth registry.AuthConfig) (registry.AuthenticateOKBody, error)
-	DiskUsage(ctx context.Context, options types.DiskUsageOptions) (types.DiskUsage, error)
-	Ping(ctx context.Context) (types.Ping, error)
-}
-
-// VolumeAPIClient defines API client methods for the volumes
-type VolumeAPIClient interface {
-	VolumeCreate(ctx context.Context, options volume.CreateOptions) (volume.Volume, error)
-	VolumeInspect(ctx context.Context, volumeID string) (volume.Volume, error)
-	VolumeInspectWithRaw(ctx context.Context, volumeID string) (volume.Volume, []byte, error)
-	VolumeList(ctx context.Context, options volume.ListOptions) (volume.ListResponse, error)
-	VolumeRemove(ctx context.Context, volumeID string, force bool) error
-	VolumesPrune(ctx context.Context, pruneFilter filters.Args) (volume.PruneReport, error)
-	VolumeUpdate(ctx context.Context, volumeID string, version swarm.Version, options volume.UpdateOptions) error
-}
-
-// SecretAPIClient defines API client methods for secrets
-type SecretAPIClient interface {
-	SecretList(ctx context.Context, options swarm.SecretListOptions) ([]swarm.Secret, error)
-	SecretCreate(ctx context.Context, secret swarm.SecretSpec) (swarm.SecretCreateResponse, error)
-	SecretRemove(ctx context.Context, id string) error
-	SecretInspectWithRaw(ctx context.Context, name string) (swarm.Secret, []byte, error)
-	SecretUpdate(ctx context.Context, id string, version swarm.Version, secret swarm.SecretSpec) error
-}
-
-// ConfigAPIClient defines API client methods for configs
-type ConfigAPIClient interface {
-	ConfigList(ctx context.Context, options swarm.ConfigListOptions) ([]swarm.Config, error)
-	ConfigCreate(ctx context.Context, config swarm.ConfigSpec) (swarm.ConfigCreateResponse, error)
-	ConfigRemove(ctx context.Context, id string) error
-	ConfigInspectWithRaw(ctx context.Context, name string) (swarm.Config, []byte, error)
-	ConfigUpdate(ctx context.Context, id string, version swarm.Version, config swarm.ConfigSpec) error
-}
diff --git a/vendor/github.com/docker/docker/client/config_create.go b/vendor/github.com/docker/docker/client/config_create.go
deleted file mode 100644
index a39168e23b..0000000000
--- a/vendor/github.com/docker/docker/client/config_create.go
+++ /dev/null
@@ -1,24 +0,0 @@
-package client
-
-import (
-	"context"
-	"encoding/json"
-
-	"github.com/docker/docker/api/types/swarm"
-)
-
-// ConfigCreate creates a new config.
-func (cli *Client) ConfigCreate(ctx context.Context, config swarm.ConfigSpec) (swarm.ConfigCreateResponse, error) {
-	var response swarm.ConfigCreateResponse
-	if err := cli.NewVersionError(ctx, "1.30", "config create"); err != nil {
-		return response, err
-	}
-	resp, err := cli.post(ctx, "/configs/create", nil, config, nil)
-	defer ensureReaderClosed(resp)
-	if err != nil {
-		return response, err
-	}
-
-	err = json.NewDecoder(resp.Body).Decode(&response)
-	return response, err
-}
diff --git a/vendor/github.com/docker/docker/client/config_inspect.go b/vendor/github.com/docker/docker/client/config_inspect.go
deleted file mode 100644
index a9f0a8b05e..0000000000
--- a/vendor/github.com/docker/docker/client/config_inspect.go
+++ /dev/null
@@ -1,37 +0,0 @@
-package client
-
-import (
-	"bytes"
-	"context"
-	"encoding/json"
-	"io"
-
-	"github.com/docker/docker/api/types/swarm"
-)
-
-// ConfigInspectWithRaw returns the config information with raw data
-func (cli *Client) ConfigInspectWithRaw(ctx context.Context, id string) (swarm.Config, []byte, error) {
-	id, err := trimID("contig", id)
-	if err != nil {
-		return swarm.Config{}, nil, err
-	}
-	if err := cli.NewVersionError(ctx, "1.30", "config inspect"); err != nil {
-		return swarm.Config{}, nil, err
-	}
-	resp, err := cli.get(ctx, "/configs/"+id, nil, nil)
-	defer ensureReaderClosed(resp)
-	if err != nil {
-		return swarm.Config{}, nil, err
-	}
-
-	body, err := io.ReadAll(resp.Body)
-	if err != nil {
-		return swarm.Config{}, nil, err
-	}
-
-	var config swarm.Config
-	rdr := bytes.NewReader(body)
-	err = json.NewDecoder(rdr).Decode(&config)
-
-	return config, body, err
-}
diff --git a/vendor/github.com/docker/docker/client/config_list.go b/vendor/github.com/docker/docker/client/config_list.go
deleted file mode 100644
index 6f8a1c21f0..0000000000
--- a/vendor/github.com/docker/docker/client/config_list.go
+++ /dev/null
@@ -1,37 +0,0 @@
-package client
-
-import (
-	"context"
-	"encoding/json"
-	"net/url"
-
-	"github.com/docker/docker/api/types/filters"
-	"github.com/docker/docker/api/types/swarm"
-)
-
-// ConfigList returns the list of configs.
-func (cli *Client) ConfigList(ctx context.Context, options swarm.ConfigListOptions) ([]swarm.Config, error) {
-	if err := cli.NewVersionError(ctx, "1.30", "config list"); err != nil {
-		return nil, err
-	}
-	query := url.Values{}
-
-	if options.Filters.Len() > 0 {
-		filterJSON, err := filters.ToJSON(options.Filters)
-		if err != nil {
-			return nil, err
-		}
-
-		query.Set("filters", filterJSON)
-	}
-
-	resp, err := cli.get(ctx, "/configs", query, nil)
-	defer ensureReaderClosed(resp)
-	if err != nil {
-		return nil, err
-	}
-
-	var configs []swarm.Config
-	err = json.NewDecoder(resp.Body).Decode(&configs)
-	return configs, err
-}
diff --git a/vendor/github.com/docker/docker/client/config_remove.go b/vendor/github.com/docker/docker/client/config_remove.go
deleted file mode 100644
index 99d33b1ce2..0000000000
--- a/vendor/github.com/docker/docker/client/config_remove.go
+++ /dev/null
@@ -1,17 +0,0 @@
-package client
-
-import "context"
-
-// ConfigRemove removes a config.
-func (cli *Client) ConfigRemove(ctx context.Context, id string) error {
-	id, err := trimID("config", id)
-	if err != nil {
-		return err
-	}
-	if err := cli.NewVersionError(ctx, "1.30", "config remove"); err != nil {
-		return err
-	}
-	resp, err := cli.delete(ctx, "/configs/"+id, nil, nil)
-	defer ensureReaderClosed(resp)
-	return err
-}
diff --git a/vendor/github.com/docker/docker/client/config_update.go b/vendor/github.com/docker/docker/client/config_update.go
deleted file mode 100644
index 9bc137f7f9..0000000000
--- a/vendor/github.com/docker/docker/client/config_update.go
+++ /dev/null
@@ -1,24 +0,0 @@
-package client
-
-import (
-	"context"
-	"net/url"
-
-	"github.com/docker/docker/api/types/swarm"
-)
-
-// ConfigUpdate attempts to update a config
-func (cli *Client) ConfigUpdate(ctx context.Context, id string, version swarm.Version, config swarm.ConfigSpec) error {
-	id, err := trimID("config", id)
-	if err != nil {
-		return err
-	}
-	if err := cli.NewVersionError(ctx, "1.30", "config update"); err != nil {
-		return err
-	}
-	query := url.Values{}
-	query.Set("version", version.String())
-	resp, err := cli.post(ctx, "/configs/"+id+"/update", query, config, nil)
-	ensureReaderClosed(resp)
-	return err
-}
diff --git a/vendor/github.com/docker/docker/client/container_attach.go b/vendor/github.com/docker/docker/client/container_attach.go
deleted file mode 100644
index 1fb3493ebf..0000000000
--- a/vendor/github.com/docker/docker/client/container_attach.go
+++ /dev/null
@@ -1,65 +0,0 @@
-package client
-
-import (
-	"context"
-	"net/http"
-	"net/url"
-
-	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/api/types/container"
-)
-
-// ContainerAttach attaches a connection to a container in the server.
-// It returns a types.HijackedConnection with the hijacked connection
-// and the a reader to get output. It's up to the called to close
-// the hijacked connection by calling types.HijackedResponse.Close.
-//
-// The stream format on the response will be in one of two formats:
-//
-// If the container is using a TTY, there is only a single stream (stdout), and
-// data is copied directly from the container output stream, no extra
-// multiplexing or headers.
-//
-// If the container is *not* using a TTY, streams for stdout and stderr are
-// multiplexed.
-// The format of the multiplexed stream is as follows:
-//
-//	[8]byte{STREAM_TYPE, 0, 0, 0, SIZE1, SIZE2, SIZE3, SIZE4}[]byte{OUTPUT}
-//
-// STREAM_TYPE can be 1 for stdout and 2 for stderr
-//
-// SIZE1, SIZE2, SIZE3, and SIZE4 are four bytes of uint32 encoded as big endian.
-// This is the size of OUTPUT.
-//
-// You can use github.com/docker/docker/pkg/stdcopy.StdCopy to demultiplex this
-// stream.
-func (cli *Client) ContainerAttach(ctx context.Context, containerID string, options container.AttachOptions) (types.HijackedResponse, error) {
-	containerID, err := trimID("container", containerID)
-	if err != nil {
-		return types.HijackedResponse{}, err
-	}
-
-	query := url.Values{}
-	if options.Stream {
-		query.Set("stream", "1")
-	}
-	if options.Stdin {
-		query.Set("stdin", "1")
-	}
-	if options.Stdout {
-		query.Set("stdout", "1")
-	}
-	if options.Stderr {
-		query.Set("stderr", "1")
-	}
-	if options.DetachKeys != "" {
-		query.Set("detachKeys", options.DetachKeys)
-	}
-	if options.Logs {
-		query.Set("logs", "1")
-	}
-
-	return cli.postHijacked(ctx, "/containers/"+containerID+"/attach", query, nil, http.Header{
-		"Content-Type": {"text/plain"},
-	})
-}
diff --git a/vendor/github.com/docker/docker/client/container_create.go b/vendor/github.com/docker/docker/client/container_create.go
deleted file mode 100644
index 0625cb125c..0000000000
--- a/vendor/github.com/docker/docker/client/container_create.go
+++ /dev/null
@@ -1,168 +0,0 @@
-package client
-
-import (
-	"context"
-	"encoding/json"
-	"errors"
-	"net/url"
-	"path"
-	"sort"
-	"strings"
-
-	"github.com/docker/docker/api/types/container"
-	"github.com/docker/docker/api/types/network"
-	"github.com/docker/docker/api/types/versions"
-	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
-)
-
-// ContainerCreate creates a new container based on the given configuration.
-// It can be associated with a name, but it's not mandatory.
-func (cli *Client) ContainerCreate(ctx context.Context, config *container.Config, hostConfig *container.HostConfig, networkingConfig *network.NetworkingConfig, platform *ocispec.Platform, containerName string) (container.CreateResponse, error) {
-	var response container.CreateResponse
-
-	// Make sure we negotiated (if the client is configured to do so),
-	// as code below contains API-version specific handling of options.
-	//
-	// Normally, version-negotiation (if enabled) would not happen until
-	// the API request is made.
-	if err := cli.checkVersion(ctx); err != nil {
-		return response, err
-	}
-
-	if err := cli.NewVersionError(ctx, "1.25", "stop timeout"); config != nil && config.StopTimeout != nil && err != nil {
-		return response, err
-	}
-	if err := cli.NewVersionError(ctx, "1.41", "specify container image platform"); platform != nil && err != nil {
-		return response, err
-	}
-	if err := cli.NewVersionError(ctx, "1.44", "specify health-check start interval"); config != nil && config.Healthcheck != nil && config.Healthcheck.StartInterval != 0 && err != nil {
-		return response, err
-	}
-	if err := cli.NewVersionError(ctx, "1.44", "specify mac-address per network"); hasEndpointSpecificMacAddress(networkingConfig) && err != nil {
-		return response, err
-	}
-
-	if hostConfig != nil {
-		if versions.LessThan(cli.ClientVersion(), "1.25") {
-			// When using API 1.24 and under, the client is responsible for removing the container
-			hostConfig.AutoRemove = false
-		}
-		if versions.GreaterThanOrEqualTo(cli.ClientVersion(), "1.42") || versions.LessThan(cli.ClientVersion(), "1.40") {
-			// KernelMemory was added in API 1.40, and deprecated in API 1.42
-			hostConfig.KernelMemory = 0
-		}
-		if platform != nil && platform.OS == "linux" && versions.LessThan(cli.ClientVersion(), "1.42") {
-			// When using API under 1.42, the Linux daemon doesn't respect the ConsoleSize
-			hostConfig.ConsoleSize = [2]uint{0, 0}
-		}
-		if versions.LessThan(cli.ClientVersion(), "1.44") {
-			for _, m := range hostConfig.Mounts {
-				if m.BindOptions != nil {
-					// ReadOnlyNonRecursive can be safely ignored when API < 1.44
-					if m.BindOptions.ReadOnlyForceRecursive {
-						return response, errors.New("bind-recursive=readonly requires API v1.44 or later")
-					}
-					if m.BindOptions.NonRecursive && versions.LessThan(cli.ClientVersion(), "1.40") {
-						return response, errors.New("bind-recursive=disabled requires API v1.40 or later")
-					}
-				}
-			}
-		}
-
-		hostConfig.CapAdd = normalizeCapabilities(hostConfig.CapAdd)
-		hostConfig.CapDrop = normalizeCapabilities(hostConfig.CapDrop)
-	}
-
-	// Since API 1.44, the container-wide MacAddress is deprecated and will trigger a WARNING if it's specified.
-	if versions.GreaterThanOrEqualTo(cli.ClientVersion(), "1.44") {
-		config.MacAddress = "" //nolint:staticcheck // ignore SA1019: field is deprecated, but still used on API < v1.44.
-	}
-
-	query := url.Values{}
-	if p := formatPlatform(platform); p != "" {
-		query.Set("platform", p)
-	}
-
-	if containerName != "" {
-		query.Set("name", containerName)
-	}
-
-	body := container.CreateRequest{
-		Config:           config,
-		HostConfig:       hostConfig,
-		NetworkingConfig: networkingConfig,
-	}
-
-	resp, err := cli.post(ctx, "/containers/create", query, body, nil)
-	defer ensureReaderClosed(resp)
-	if err != nil {
-		return response, err
-	}
-
-	err = json.NewDecoder(resp.Body).Decode(&response)
-	return response, err
-}
-
-// formatPlatform returns a formatted string representing platform (e.g. linux/arm/v7).
-//
-// Similar to containerd's platforms.Format(), but does allow components to be
-// omitted (e.g. pass "architecture" only, without "os":
-// https://github.com/containerd/containerd/blob/v1.5.2/platforms/platforms.go#L243-L263
-func formatPlatform(platform *ocispec.Platform) string {
-	if platform == nil {
-		return ""
-	}
-	return path.Join(platform.OS, platform.Architecture, platform.Variant)
-}
-
-// hasEndpointSpecificMacAddress checks whether one of the endpoint in networkingConfig has a MacAddress defined.
-func hasEndpointSpecificMacAddress(networkingConfig *network.NetworkingConfig) bool {
-	if networkingConfig == nil {
-		return false
-	}
-	for _, endpoint := range networkingConfig.EndpointsConfig {
-		if endpoint.MacAddress != "" {
-			return true
-		}
-	}
-	return false
-}
-
-// allCapabilities is a magic value for "all capabilities"
-const allCapabilities = "ALL"
-
-// normalizeCapabilities normalizes capabilities to their canonical form,
-// removes duplicates, and sorts the results.
-//
-// It is similar to [github.com/docker/docker/oci/caps.NormalizeLegacyCapabilities],
-// but performs no validation based on supported capabilities.
-func normalizeCapabilities(caps []string) []string {
-	var normalized []string
-
-	unique := make(map[string]struct{})
-	for _, c := range caps {
-		c = normalizeCap(c)
-		if _, ok := unique[c]; ok {
-			continue
-		}
-		unique[c] = struct{}{}
-		normalized = append(normalized, c)
-	}
-
-	sort.Strings(normalized)
-	return normalized
-}
-
-// normalizeCap normalizes a capability to its canonical format by upper-casing
-// and adding a "CAP_" prefix (if not yet present). It also accepts the "ALL"
-// magic-value.
-func normalizeCap(cap string) string {
-	cap = strings.ToUpper(cap)
-	if cap == allCapabilities {
-		return cap
-	}
-	if !strings.HasPrefix(cap, "CAP_") {
-		cap = "CAP_" + cap
-	}
-	return cap
-}
diff --git a/vendor/github.com/docker/docker/client/container_exec.go b/vendor/github.com/docker/docker/client/container_exec.go
deleted file mode 100644
index 8abbf8924b..0000000000
--- a/vendor/github.com/docker/docker/client/container_exec.go
+++ /dev/null
@@ -1,81 +0,0 @@
-package client
-
-import (
-	"context"
-	"encoding/json"
-	"net/http"
-
-	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/api/types/container"
-	"github.com/docker/docker/api/types/versions"
-)
-
-// ContainerExecCreate creates a new exec configuration to run an exec process.
-func (cli *Client) ContainerExecCreate(ctx context.Context, containerID string, options container.ExecOptions) (container.ExecCreateResponse, error) {
-	containerID, err := trimID("container", containerID)
-	if err != nil {
-		return container.ExecCreateResponse{}, err
-	}
-
-	// Make sure we negotiated (if the client is configured to do so),
-	// as code below contains API-version specific handling of options.
-	//
-	// Normally, version-negotiation (if enabled) would not happen until
-	// the API request is made.
-	if err := cli.checkVersion(ctx); err != nil {
-		return container.ExecCreateResponse{}, err
-	}
-
-	if err := cli.NewVersionError(ctx, "1.25", "env"); len(options.Env) != 0 && err != nil {
-		return container.ExecCreateResponse{}, err
-	}
-	if versions.LessThan(cli.ClientVersion(), "1.42") {
-		options.ConsoleSize = nil
-	}
-
-	resp, err := cli.post(ctx, "/containers/"+containerID+"/exec", nil, options, nil)
-	defer ensureReaderClosed(resp)
-	if err != nil {
-		return container.ExecCreateResponse{}, err
-	}
-
-	var response container.ExecCreateResponse
-	err = json.NewDecoder(resp.Body).Decode(&response)
-	return response, err
-}
-
-// ContainerExecStart starts an exec process already created in the docker host.
-func (cli *Client) ContainerExecStart(ctx context.Context, execID string, config container.ExecStartOptions) error {
-	if versions.LessThan(cli.ClientVersion(), "1.42") {
-		config.ConsoleSize = nil
-	}
-	resp, err := cli.post(ctx, "/exec/"+execID+"/start", nil, config, nil)
-	ensureReaderClosed(resp)
-	return err
-}
-
-// ContainerExecAttach attaches a connection to an exec process in the server.
-// It returns a types.HijackedConnection with the hijacked connection
-// and the a reader to get output. It's up to the called to close
-// the hijacked connection by calling types.HijackedResponse.Close.
-func (cli *Client) ContainerExecAttach(ctx context.Context, execID string, config container.ExecAttachOptions) (types.HijackedResponse, error) {
-	if versions.LessThan(cli.ClientVersion(), "1.42") {
-		config.ConsoleSize = nil
-	}
-	return cli.postHijacked(ctx, "/exec/"+execID+"/start", nil, config, http.Header{
-		"Content-Type": {"application/json"},
-	})
-}
-
-// ContainerExecInspect returns information about a specific exec process on the docker host.
-func (cli *Client) ContainerExecInspect(ctx context.Context, execID string) (container.ExecInspect, error) {
-	var response container.ExecInspect
-	resp, err := cli.get(ctx, "/exec/"+execID+"/json", nil, nil)
-	if err != nil {
-		return response, err
-	}
-
-	err = json.NewDecoder(resp.Body).Decode(&response)
-	ensureReaderClosed(resp)
-	return response, err
-}
diff --git a/vendor/github.com/docker/docker/client/container_export.go b/vendor/github.com/docker/docker/client/container_export.go
deleted file mode 100644
index 3fc4d5704d..0000000000
--- a/vendor/github.com/docker/docker/client/container_export.go
+++ /dev/null
@@ -1,24 +0,0 @@
-package client
-
-import (
-	"context"
-	"io"
-	"net/url"
-)
-
-// ContainerExport retrieves the raw contents of a container
-// and returns them as an io.ReadCloser. It's up to the caller
-// to close the stream.
-func (cli *Client) ContainerExport(ctx context.Context, containerID string) (io.ReadCloser, error) {
-	containerID, err := trimID("container", containerID)
-	if err != nil {
-		return nil, err
-	}
-
-	resp, err := cli.get(ctx, "/containers/"+containerID+"/export", url.Values{}, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	return resp.Body, nil
-}
diff --git a/vendor/github.com/docker/docker/client/container_inspect.go b/vendor/github.com/docker/docker/client/container_inspect.go
deleted file mode 100644
index 18ccdf2339..0000000000
--- a/vendor/github.com/docker/docker/client/container_inspect.go
+++ /dev/null
@@ -1,57 +0,0 @@
-package client
-
-import (
-	"bytes"
-	"context"
-	"encoding/json"
-	"io"
-	"net/url"
-
-	"github.com/docker/docker/api/types/container"
-)
-
-// ContainerInspect returns the container information.
-func (cli *Client) ContainerInspect(ctx context.Context, containerID string) (container.InspectResponse, error) {
-	containerID, err := trimID("container", containerID)
-	if err != nil {
-		return container.InspectResponse{}, err
-	}
-
-	resp, err := cli.get(ctx, "/containers/"+containerID+"/json", nil, nil)
-	defer ensureReaderClosed(resp)
-	if err != nil {
-		return container.InspectResponse{}, err
-	}
-
-	var response container.InspectResponse
-	err = json.NewDecoder(resp.Body).Decode(&response)
-	return response, err
-}
-
-// ContainerInspectWithRaw returns the container information and its raw representation.
-func (cli *Client) ContainerInspectWithRaw(ctx context.Context, containerID string, getSize bool) (container.InspectResponse, []byte, error) {
-	containerID, err := trimID("container", containerID)
-	if err != nil {
-		return container.InspectResponse{}, nil, err
-	}
-
-	query := url.Values{}
-	if getSize {
-		query.Set("size", "1")
-	}
-	resp, err := cli.get(ctx, "/containers/"+containerID+"/json", query, nil)
-	defer ensureReaderClosed(resp)
-	if err != nil {
-		return container.InspectResponse{}, nil, err
-	}
-
-	body, err := io.ReadAll(resp.Body)
-	if err != nil {
-		return container.InspectResponse{}, nil, err
-	}
-
-	var response container.InspectResponse
-	rdr := bytes.NewReader(body)
-	err = json.NewDecoder(rdr).Decode(&response)
-	return response, body, err
-}
diff --git a/vendor/github.com/docker/docker/client/container_kill.go b/vendor/github.com/docker/docker/client/container_kill.go
deleted file mode 100644
index 251ae479a3..0000000000
--- a/vendor/github.com/docker/docker/client/container_kill.go
+++ /dev/null
@@ -1,23 +0,0 @@
-package client
-
-import (
-	"context"
-	"net/url"
-)
-
-// ContainerKill terminates the container process but does not remove the container from the docker host.
-func (cli *Client) ContainerKill(ctx context.Context, containerID, signal string) error {
-	containerID, err := trimID("container", containerID)
-	if err != nil {
-		return err
-	}
-
-	query := url.Values{}
-	if signal != "" {
-		query.Set("signal", signal)
-	}
-
-	resp, err := cli.post(ctx, "/containers/"+containerID+"/kill", query, nil, nil)
-	ensureReaderClosed(resp)
-	return err
-}
diff --git a/vendor/github.com/docker/docker/client/container_list.go b/vendor/github.com/docker/docker/client/container_list.go
deleted file mode 100644
index e17b14acff..0000000000
--- a/vendor/github.com/docker/docker/client/container_list.go
+++ /dev/null
@@ -1,56 +0,0 @@
-package client
-
-import (
-	"context"
-	"encoding/json"
-	"net/url"
-	"strconv"
-
-	"github.com/docker/docker/api/types/container"
-	"github.com/docker/docker/api/types/filters"
-)
-
-// ContainerList returns the list of containers in the docker host.
-func (cli *Client) ContainerList(ctx context.Context, options container.ListOptions) ([]container.Summary, error) {
-	query := url.Values{}
-
-	if options.All {
-		query.Set("all", "1")
-	}
-
-	if options.Limit > 0 {
-		query.Set("limit", strconv.Itoa(options.Limit))
-	}
-
-	if options.Since != "" {
-		query.Set("since", options.Since)
-	}
-
-	if options.Before != "" {
-		query.Set("before", options.Before)
-	}
-
-	if options.Size {
-		query.Set("size", "1")
-	}
-
-	if options.Filters.Len() > 0 {
-		//nolint:staticcheck // ignore SA1019 for old code
-		filterJSON, err := filters.ToParamWithVersion(cli.version, options.Filters)
-		if err != nil {
-			return nil, err
-		}
-
-		query.Set("filters", filterJSON)
-	}
-
-	resp, err := cli.get(ctx, "/containers/json", query, nil)
-	defer ensureReaderClosed(resp)
-	if err != nil {
-		return nil, err
-	}
-
-	var containers []container.Summary
-	err = json.NewDecoder(resp.Body).Decode(&containers)
-	return containers, err
-}
diff --git a/vendor/github.com/docker/docker/client/container_logs.go b/vendor/github.com/docker/docker/client/container_logs.go
deleted file mode 100644
index 3ea1f68d42..0000000000
--- a/vendor/github.com/docker/docker/client/container_logs.go
+++ /dev/null
@@ -1,85 +0,0 @@
-package client
-
-import (
-	"context"
-	"io"
-	"net/url"
-	"time"
-
-	"github.com/docker/docker/api/types/container"
-	timetypes "github.com/docker/docker/api/types/time"
-	"github.com/pkg/errors"
-)
-
-// ContainerLogs returns the logs generated by a container in an io.ReadCloser.
-// It's up to the caller to close the stream.
-//
-// The stream format on the response will be in one of two formats:
-//
-// If the container is using a TTY, there is only a single stream (stdout), and
-// data is copied directly from the container output stream, no extra
-// multiplexing or headers.
-//
-// If the container is *not* using a TTY, streams for stdout and stderr are
-// multiplexed.
-// The format of the multiplexed stream is as follows:
-//
-//	[8]byte{STREAM_TYPE, 0, 0, 0, SIZE1, SIZE2, SIZE3, SIZE4}[]byte{OUTPUT}
-//
-// STREAM_TYPE can be 1 for stdout and 2 for stderr
-//
-// SIZE1, SIZE2, SIZE3, and SIZE4 are four bytes of uint32 encoded as big endian.
-// This is the size of OUTPUT.
-//
-// You can use github.com/docker/docker/pkg/stdcopy.StdCopy to demultiplex this
-// stream.
-func (cli *Client) ContainerLogs(ctx context.Context, containerID string, options container.LogsOptions) (io.ReadCloser, error) {
-	containerID, err := trimID("container", containerID)
-	if err != nil {
-		return nil, err
-	}
-
-	query := url.Values{}
-	if options.ShowStdout {
-		query.Set("stdout", "1")
-	}
-
-	if options.ShowStderr {
-		query.Set("stderr", "1")
-	}
-
-	if options.Since != "" {
-		ts, err := timetypes.GetTimestamp(options.Since, time.Now())
-		if err != nil {
-			return nil, errors.Wrap(err, `invalid value for "since"`)
-		}
-		query.Set("since", ts)
-	}
-
-	if options.Until != "" {
-		ts, err := timetypes.GetTimestamp(options.Until, time.Now())
-		if err != nil {
-			return nil, errors.Wrap(err, `invalid value for "until"`)
-		}
-		query.Set("until", ts)
-	}
-
-	if options.Timestamps {
-		query.Set("timestamps", "1")
-	}
-
-	if options.Details {
-		query.Set("details", "1")
-	}
-
-	if options.Follow {
-		query.Set("follow", "1")
-	}
-	query.Set("tail", options.Tail)
-
-	resp, err := cli.get(ctx, "/containers/"+containerID+"/logs", query, nil)
-	if err != nil {
-		return nil, err
-	}
-	return resp.Body, nil
-}
diff --git a/vendor/github.com/docker/docker/client/container_pause.go b/vendor/github.com/docker/docker/client/container_pause.go
deleted file mode 100644
index 59b3e2d865..0000000000
--- a/vendor/github.com/docker/docker/client/container_pause.go
+++ /dev/null
@@ -1,15 +0,0 @@
-package client
-
-import "context"
-
-// ContainerPause pauses the main process of a given container without terminating it.
-func (cli *Client) ContainerPause(ctx context.Context, containerID string) error {
-	containerID, err := trimID("container", containerID)
-	if err != nil {
-		return err
-	}
-
-	resp, err := cli.post(ctx, "/containers/"+containerID+"/pause", nil, nil, nil)
-	ensureReaderClosed(resp)
-	return err
-}
diff --git a/vendor/github.com/docker/docker/client/container_prune.go b/vendor/github.com/docker/docker/client/container_prune.go
deleted file mode 100644
index 84fb6bc235..0000000000
--- a/vendor/github.com/docker/docker/client/container_prune.go
+++ /dev/null
@@ -1,35 +0,0 @@
-package client
-
-import (
-	"context"
-	"encoding/json"
-	"fmt"
-
-	"github.com/docker/docker/api/types/container"
-	"github.com/docker/docker/api/types/filters"
-)
-
-// ContainersPrune requests the daemon to delete unused data
-func (cli *Client) ContainersPrune(ctx context.Context, pruneFilters filters.Args) (container.PruneReport, error) {
-	if err := cli.NewVersionError(ctx, "1.25", "container prune"); err != nil {
-		return container.PruneReport{}, err
-	}
-
-	query, err := getFiltersQuery(pruneFilters)
-	if err != nil {
-		return container.PruneReport{}, err
-	}
-
-	resp, err := cli.post(ctx, "/containers/prune", query, nil, nil)
-	defer ensureReaderClosed(resp)
-	if err != nil {
-		return container.PruneReport{}, err
-	}
-
-	var report container.PruneReport
-	if err := json.NewDecoder(resp.Body).Decode(&report); err != nil {
-		return container.PruneReport{}, fmt.Errorf("Error retrieving disk usage: %v", err)
-	}
-
-	return report, nil
-}
diff --git a/vendor/github.com/docker/docker/client/container_rename.go b/vendor/github.com/docker/docker/client/container_rename.go
deleted file mode 100644
index 4c030228cd..0000000000
--- a/vendor/github.com/docker/docker/client/container_rename.go
+++ /dev/null
@@ -1,20 +0,0 @@
-package client
-
-import (
-	"context"
-	"net/url"
-)
-
-// ContainerRename changes the name of a given container.
-func (cli *Client) ContainerRename(ctx context.Context, containerID, newContainerName string) error {
-	containerID, err := trimID("container", containerID)
-	if err != nil {
-		return err
-	}
-
-	query := url.Values{}
-	query.Set("name", newContainerName)
-	resp, err := cli.post(ctx, "/containers/"+containerID+"/rename", query, nil, nil)
-	ensureReaderClosed(resp)
-	return err
-}
diff --git a/vendor/github.com/docker/docker/client/container_resize.go b/vendor/github.com/docker/docker/client/container_resize.go
deleted file mode 100644
index 56b7368b75..0000000000
--- a/vendor/github.com/docker/docker/client/container_resize.go
+++ /dev/null
@@ -1,38 +0,0 @@
-package client
-
-import (
-	"context"
-	"net/url"
-	"strconv"
-
-	"github.com/docker/docker/api/types/container"
-)
-
-// ContainerResize changes the size of the tty for a container.
-func (cli *Client) ContainerResize(ctx context.Context, containerID string, options container.ResizeOptions) error {
-	containerID, err := trimID("container", containerID)
-	if err != nil {
-		return err
-	}
-	return cli.resize(ctx, "/containers/"+containerID, options.Height, options.Width)
-}
-
-// ContainerExecResize changes the size of the tty for an exec process running inside a container.
-func (cli *Client) ContainerExecResize(ctx context.Context, execID string, options container.ResizeOptions) error {
-	execID, err := trimID("exec", execID)
-	if err != nil {
-		return err
-	}
-	return cli.resize(ctx, "/exec/"+execID, options.Height, options.Width)
-}
-
-func (cli *Client) resize(ctx context.Context, basePath string, height, width uint) error {
-	// FIXME(thaJeztah): the API / backend accepts uint32, but container.ResizeOptions uses uint.
-	query := url.Values{}
-	query.Set("h", strconv.FormatUint(uint64(height), 10))
-	query.Set("w", strconv.FormatUint(uint64(width), 10))
-
-	resp, err := cli.post(ctx, basePath+"/resize", query, nil, nil)
-	ensureReaderClosed(resp)
-	return err
-}
diff --git a/vendor/github.com/docker/docker/client/container_restart.go b/vendor/github.com/docker/docker/client/container_restart.go
deleted file mode 100644
index 5af07bfc76..0000000000
--- a/vendor/github.com/docker/docker/client/container_restart.go
+++ /dev/null
@@ -1,41 +0,0 @@
-package client
-
-import (
-	"context"
-	"net/url"
-	"strconv"
-
-	"github.com/docker/docker/api/types/container"
-	"github.com/docker/docker/api/types/versions"
-)
-
-// ContainerRestart stops and starts a container again.
-// It makes the daemon wait for the container to be up again for
-// a specific amount of time, given the timeout.
-func (cli *Client) ContainerRestart(ctx context.Context, containerID string, options container.StopOptions) error {
-	containerID, err := trimID("container", containerID)
-	if err != nil {
-		return err
-	}
-
-	query := url.Values{}
-	if options.Timeout != nil {
-		query.Set("t", strconv.Itoa(*options.Timeout))
-	}
-	if options.Signal != "" {
-		// Make sure we negotiated (if the client is configured to do so),
-		// as code below contains API-version specific handling of options.
-		//
-		// Normally, version-negotiation (if enabled) would not happen until
-		// the API request is made.
-		if err := cli.checkVersion(ctx); err != nil {
-			return err
-		}
-		if versions.GreaterThanOrEqualTo(cli.version, "1.42") {
-			query.Set("signal", options.Signal)
-		}
-	}
-	resp, err := cli.post(ctx, "/containers/"+containerID+"/restart", query, nil, nil)
-	ensureReaderClosed(resp)
-	return err
-}
diff --git a/vendor/github.com/docker/docker/client/container_stats.go b/vendor/github.com/docker/docker/client/container_stats.go
deleted file mode 100644
index 076954f4c3..0000000000
--- a/vendor/github.com/docker/docker/client/container_stats.go
+++ /dev/null
@@ -1,56 +0,0 @@
-package client
-
-import (
-	"context"
-	"net/url"
-
-	"github.com/docker/docker/api/types/container"
-)
-
-// ContainerStats returns near realtime stats for a given container.
-// It's up to the caller to close the io.ReadCloser returned.
-func (cli *Client) ContainerStats(ctx context.Context, containerID string, stream bool) (container.StatsResponseReader, error) {
-	containerID, err := trimID("container", containerID)
-	if err != nil {
-		return container.StatsResponseReader{}, err
-	}
-
-	query := url.Values{}
-	query.Set("stream", "0")
-	if stream {
-		query.Set("stream", "1")
-	}
-
-	resp, err := cli.get(ctx, "/containers/"+containerID+"/stats", query, nil)
-	if err != nil {
-		return container.StatsResponseReader{}, err
-	}
-
-	return container.StatsResponseReader{
-		Body:   resp.Body,
-		OSType: resp.Header.Get("Ostype"),
-	}, nil
-}
-
-// ContainerStatsOneShot gets a single stat entry from a container.
-// It differs from `ContainerStats` in that the API should not wait to prime the stats
-func (cli *Client) ContainerStatsOneShot(ctx context.Context, containerID string) (container.StatsResponseReader, error) {
-	containerID, err := trimID("container", containerID)
-	if err != nil {
-		return container.StatsResponseReader{}, err
-	}
-
-	query := url.Values{}
-	query.Set("stream", "0")
-	query.Set("one-shot", "1")
-
-	resp, err := cli.get(ctx, "/containers/"+containerID+"/stats", query, nil)
-	if err != nil {
-		return container.StatsResponseReader{}, err
-	}
-
-	return container.StatsResponseReader{
-		Body:   resp.Body,
-		OSType: resp.Header.Get("Ostype"),
-	}, nil
-}
diff --git a/vendor/github.com/docker/docker/client/container_stop.go b/vendor/github.com/docker/docker/client/container_stop.go
deleted file mode 100644
index 175b9c8bcc..0000000000
--- a/vendor/github.com/docker/docker/client/container_stop.go
+++ /dev/null
@@ -1,45 +0,0 @@
-package client
-
-import (
-	"context"
-	"net/url"
-	"strconv"
-
-	"github.com/docker/docker/api/types/container"
-	"github.com/docker/docker/api/types/versions"
-)
-
-// ContainerStop stops a container. In case the container fails to stop
-// gracefully within a time frame specified by the timeout argument,
-// it is forcefully terminated (killed).
-//
-// If the timeout is nil, the container's StopTimeout value is used, if set,
-// otherwise the engine default. A negative timeout value can be specified,
-// meaning no timeout, i.e. no forceful termination is performed.
-func (cli *Client) ContainerStop(ctx context.Context, containerID string, options container.StopOptions) error {
-	containerID, err := trimID("container", containerID)
-	if err != nil {
-		return err
-	}
-
-	query := url.Values{}
-	if options.Timeout != nil {
-		query.Set("t", strconv.Itoa(*options.Timeout))
-	}
-	if options.Signal != "" {
-		// Make sure we negotiated (if the client is configured to do so),
-		// as code below contains API-version specific handling of options.
-		//
-		// Normally, version-negotiation (if enabled) would not happen until
-		// the API request is made.
-		if err := cli.checkVersion(ctx); err != nil {
-			return err
-		}
-		if versions.GreaterThanOrEqualTo(cli.version, "1.42") {
-			query.Set("signal", options.Signal)
-		}
-	}
-	resp, err := cli.post(ctx, "/containers/"+containerID+"/stop", query, nil, nil)
-	ensureReaderClosed(resp)
-	return err
-}
diff --git a/vendor/github.com/docker/docker/client/container_top.go b/vendor/github.com/docker/docker/client/container_top.go
deleted file mode 100644
index 5770f9d469..0000000000
--- a/vendor/github.com/docker/docker/client/container_top.go
+++ /dev/null
@@ -1,33 +0,0 @@
-package client
-
-import (
-	"context"
-	"encoding/json"
-	"net/url"
-	"strings"
-
-	"github.com/docker/docker/api/types/container"
-)
-
-// ContainerTop shows process information from within a container.
-func (cli *Client) ContainerTop(ctx context.Context, containerID string, arguments []string) (container.TopResponse, error) {
-	containerID, err := trimID("container", containerID)
-	if err != nil {
-		return container.TopResponse{}, err
-	}
-
-	query := url.Values{}
-	if len(arguments) > 0 {
-		query.Set("ps_args", strings.Join(arguments, " "))
-	}
-
-	resp, err := cli.get(ctx, "/containers/"+containerID+"/top", query, nil)
-	defer ensureReaderClosed(resp)
-	if err != nil {
-		return container.TopResponse{}, err
-	}
-
-	var response container.TopResponse
-	err = json.NewDecoder(resp.Body).Decode(&response)
-	return response, err
-}
diff --git a/vendor/github.com/docker/docker/client/container_unpause.go b/vendor/github.com/docker/docker/client/container_unpause.go
deleted file mode 100644
index c95f6e3aba..0000000000
--- a/vendor/github.com/docker/docker/client/container_unpause.go
+++ /dev/null
@@ -1,15 +0,0 @@
-package client
-
-import "context"
-
-// ContainerUnpause resumes the process execution within a container
-func (cli *Client) ContainerUnpause(ctx context.Context, containerID string) error {
-	containerID, err := trimID("container", containerID)
-	if err != nil {
-		return err
-	}
-
-	resp, err := cli.post(ctx, "/containers/"+containerID+"/unpause", nil, nil, nil)
-	ensureReaderClosed(resp)
-	return err
-}
diff --git a/vendor/github.com/docker/docker/client/container_update.go b/vendor/github.com/docker/docker/client/container_update.go
deleted file mode 100644
index 10e966d089..0000000000
--- a/vendor/github.com/docker/docker/client/container_update.go
+++ /dev/null
@@ -1,26 +0,0 @@
-package client
-
-import (
-	"context"
-	"encoding/json"
-
-	"github.com/docker/docker/api/types/container"
-)
-
-// ContainerUpdate updates the resources of a container.
-func (cli *Client) ContainerUpdate(ctx context.Context, containerID string, updateConfig container.UpdateConfig) (container.UpdateResponse, error) {
-	containerID, err := trimID("container", containerID)
-	if err != nil {
-		return container.UpdateResponse{}, err
-	}
-
-	resp, err := cli.post(ctx, "/containers/"+containerID+"/update", nil, updateConfig, nil)
-	defer ensureReaderClosed(resp)
-	if err != nil {
-		return container.UpdateResponse{}, err
-	}
-
-	var response container.UpdateResponse
-	err = json.NewDecoder(resp.Body).Decode(&response)
-	return response, err
-}
diff --git a/vendor/github.com/docker/docker/client/container_wait.go b/vendor/github.com/docker/docker/client/container_wait.go
deleted file mode 100644
index 75c03a12fa..0000000000
--- a/vendor/github.com/docker/docker/client/container_wait.go
+++ /dev/null
@@ -1,122 +0,0 @@
-package client
-
-import (
-	"bytes"
-	"context"
-	"encoding/json"
-	"errors"
-	"io"
-	"net/url"
-
-	"github.com/docker/docker/api/types/container"
-	"github.com/docker/docker/api/types/versions"
-)
-
-const containerWaitErrorMsgLimit = 2 * 1024 /* Max: 2KiB */
-
-// ContainerWait waits until the specified container is in a certain state
-// indicated by the given condition, either "not-running" (default),
-// "next-exit", or "removed".
-//
-// If this client's API version is before 1.30, condition is ignored and
-// ContainerWait will return immediately with the two channels, as the server
-// will wait as if the condition were "not-running".
-//
-// If this client's API version is at least 1.30, ContainerWait blocks until
-// the request has been acknowledged by the server (with a response header),
-// then returns two channels on which the caller can wait for the exit status
-// of the container or an error if there was a problem either beginning the
-// wait request or in getting the response. This allows the caller to
-// synchronize ContainerWait with other calls, such as specifying a
-// "next-exit" condition before issuing a ContainerStart request.
-func (cli *Client) ContainerWait(ctx context.Context, containerID string, condition container.WaitCondition) (<-chan container.WaitResponse, <-chan error) {
-	resultC := make(chan container.WaitResponse)
-	errC := make(chan error, 1)
-
-	containerID, err := trimID("container", containerID)
-	if err != nil {
-		errC <- err
-		return resultC, errC
-	}
-
-	// Make sure we negotiated (if the client is configured to do so),
-	// as code below contains API-version specific handling of options.
-	//
-	// Normally, version-negotiation (if enabled) would not happen until
-	// the API request is made.
-	if err := cli.checkVersion(ctx); err != nil {
-		errC <- err
-		return resultC, errC
-	}
-	if versions.LessThan(cli.ClientVersion(), "1.30") {
-		return cli.legacyContainerWait(ctx, containerID)
-	}
-
-	query := url.Values{}
-	if condition != "" {
-		query.Set("condition", string(condition))
-	}
-
-	resp, err := cli.post(ctx, "/containers/"+containerID+"/wait", query, nil, nil)
-	if err != nil {
-		defer ensureReaderClosed(resp)
-		errC <- err
-		return resultC, errC
-	}
-
-	go func() {
-		defer ensureReaderClosed(resp)
-
-		responseText := bytes.NewBuffer(nil)
-		stream := io.TeeReader(resp.Body, responseText)
-
-		var res container.WaitResponse
-		if err := json.NewDecoder(stream).Decode(&res); err != nil {
-			// NOTE(nicks): The /wait API does not work well with HTTP proxies.
-			// At any time, the proxy could cut off the response stream.
-			//
-			// But because the HTTP status has already been written, the proxy's
-			// only option is to write a plaintext error message.
-			//
-			// If there's a JSON parsing error, read the real error message
-			// off the body and send it to the client.
-			if errors.As(err, new(*json.SyntaxError)) {
-				_, _ = io.ReadAll(io.LimitReader(stream, containerWaitErrorMsgLimit))
-				errC <- errors.New(responseText.String())
-			} else {
-				errC <- err
-			}
-			return
-		}
-
-		resultC <- res
-	}()
-
-	return resultC, errC
-}
-
-// legacyContainerWait returns immediately and doesn't have an option to wait
-// until the container is removed.
-func (cli *Client) legacyContainerWait(ctx context.Context, containerID string) (<-chan container.WaitResponse, <-chan error) {
-	resultC := make(chan container.WaitResponse)
-	errC := make(chan error)
-
-	go func() {
-		resp, err := cli.post(ctx, "/containers/"+containerID+"/wait", nil, nil, nil)
-		if err != nil {
-			errC <- err
-			return
-		}
-		defer ensureReaderClosed(resp)
-
-		var res container.WaitResponse
-		if err := json.NewDecoder(resp.Body).Decode(&res); err != nil {
-			errC <- err
-			return
-		}
-
-		resultC <- res
-	}()
-
-	return resultC, errC
-}
diff --git a/vendor/github.com/docker/docker/client/disk_usage.go b/vendor/github.com/docker/docker/client/disk_usage.go
deleted file mode 100644
index 729e105715..0000000000
--- a/vendor/github.com/docker/docker/client/disk_usage.go
+++ /dev/null
@@ -1,33 +0,0 @@
-package client
-
-import (
-	"context"
-	"encoding/json"
-	"fmt"
-	"net/url"
-
-	"github.com/docker/docker/api/types"
-)
-
-// DiskUsage requests the current data usage from the daemon
-func (cli *Client) DiskUsage(ctx context.Context, options types.DiskUsageOptions) (types.DiskUsage, error) {
-	var query url.Values
-	if len(options.Types) > 0 {
-		query = url.Values{}
-		for _, t := range options.Types {
-			query.Add("type", string(t))
-		}
-	}
-
-	resp, err := cli.get(ctx, "/system/df", query, nil)
-	defer ensureReaderClosed(resp)
-	if err != nil {
-		return types.DiskUsage{}, err
-	}
-
-	var du types.DiskUsage
-	if err := json.NewDecoder(resp.Body).Decode(&du); err != nil {
-		return types.DiskUsage{}, fmt.Errorf("Error retrieving disk usage: %v", err)
-	}
-	return du, nil
-}
diff --git a/vendor/github.com/docker/docker/client/distribution_inspect.go b/vendor/github.com/docker/docker/client/distribution_inspect.go
deleted file mode 100644
index 693c4121a6..0000000000
--- a/vendor/github.com/docker/docker/client/distribution_inspect.go
+++ /dev/null
@@ -1,39 +0,0 @@
-package client
-
-import (
-	"context"
-	"encoding/json"
-	"net/http"
-	"net/url"
-
-	"github.com/docker/docker/api/types/registry"
-)
-
-// DistributionInspect returns the image digest with the full manifest.
-func (cli *Client) DistributionInspect(ctx context.Context, imageRef, encodedRegistryAuth string) (registry.DistributionInspect, error) {
-	if imageRef == "" {
-		return registry.DistributionInspect{}, objectNotFoundError{object: "distribution", id: imageRef}
-	}
-
-	if err := cli.NewVersionError(ctx, "1.30", "distribution inspect"); err != nil {
-		return registry.DistributionInspect{}, err
-	}
-
-	var headers http.Header
-	if encodedRegistryAuth != "" {
-		headers = http.Header{
-			registry.AuthHeader: {encodedRegistryAuth},
-		}
-	}
-
-	// Contact the registry to retrieve digest and platform information
-	resp, err := cli.get(ctx, "/distribution/"+imageRef+"/json", url.Values{}, headers)
-	defer ensureReaderClosed(resp)
-	if err != nil {
-		return registry.DistributionInspect{}, err
-	}
-
-	var distributionInspect registry.DistributionInspect
-	err = json.NewDecoder(resp.Body).Decode(&distributionInspect)
-	return distributionInspect, err
-}
diff --git a/vendor/github.com/docker/docker/client/events.go b/vendor/github.com/docker/docker/client/events.go
deleted file mode 100644
index 498fe46314..0000000000
--- a/vendor/github.com/docker/docker/client/events.go
+++ /dev/null
@@ -1,100 +0,0 @@
-package client
-
-import (
-	"context"
-	"encoding/json"
-	"net/url"
-	"time"
-
-	"github.com/docker/docker/api/types/events"
-	"github.com/docker/docker/api/types/filters"
-	timetypes "github.com/docker/docker/api/types/time"
-)
-
-// Events returns a stream of events in the daemon. It's up to the caller to close the stream
-// by cancelling the context. Once the stream has been completely read an io.EOF error will
-// be sent over the error channel. If an error is sent all processing will be stopped. It's up
-// to the caller to reopen the stream in the event of an error by reinvoking this method.
-func (cli *Client) Events(ctx context.Context, options events.ListOptions) (<-chan events.Message, <-chan error) {
-	messages := make(chan events.Message)
-	errs := make(chan error, 1)
-
-	started := make(chan struct{})
-	go func() {
-		defer close(errs)
-
-		query, err := buildEventsQueryParams(cli.version, options)
-		if err != nil {
-			close(started)
-			errs <- err
-			return
-		}
-
-		resp, err := cli.get(ctx, "/events", query, nil)
-		if err != nil {
-			close(started)
-			errs <- err
-			return
-		}
-		defer resp.Body.Close()
-
-		decoder := json.NewDecoder(resp.Body)
-
-		close(started)
-		for {
-			select {
-			case <-ctx.Done():
-				errs <- ctx.Err()
-				return
-			default:
-				var event events.Message
-				if err := decoder.Decode(&event); err != nil {
-					errs <- err
-					return
-				}
-
-				select {
-				case messages <- event:
-				case <-ctx.Done():
-					errs <- ctx.Err()
-					return
-				}
-			}
-		}
-	}()
-	<-started
-
-	return messages, errs
-}
-
-func buildEventsQueryParams(cliVersion string, options events.ListOptions) (url.Values, error) {
-	query := url.Values{}
-	ref := time.Now()
-
-	if options.Since != "" {
-		ts, err := timetypes.GetTimestamp(options.Since, ref)
-		if err != nil {
-			return nil, err
-		}
-		query.Set("since", ts)
-	}
-
-	if options.Until != "" {
-		ts, err := timetypes.GetTimestamp(options.Until, ref)
-		if err != nil {
-			return nil, err
-		}
-		query.Set("until", ts)
-	}
-
-	if options.Filters.Len() > 0 {
-		//nolint:staticcheck // ignore SA1019 for old code
-		filterJSON, err := filters.ToParamWithVersion(cliVersion, options.Filters)
-		if err != nil {
-			return nil, err
-		}
-		query.Set("filters", filterJSON)
-	}
-
-	return query, nil
-}
diff --git a/vendor/github.com/docker/docker/client/image_create.go b/vendor/github.com/docker/docker/client/image_create.go
deleted file mode 100644
index 1e044d7779..0000000000
--- a/vendor/github.com/docker/docker/client/image_create.go
+++ /dev/null
@@ -1,40 +0,0 @@
-package client
-
-import (
-	"context"
-	"io"
-	"net/http"
-	"net/url"
-	"strings"
-
-	"github.com/distribution/reference"
-	"github.com/docker/docker/api/types/image"
-	"github.com/docker/docker/api/types/registry"
-)
-
-// ImageCreate creates a new image based on the parent options.
-// It returns the JSON content in the response body.
-func (cli *Client) ImageCreate(ctx context.Context, parentReference string, options image.CreateOptions) (io.ReadCloser, error) {
-	ref, err := reference.ParseNormalizedNamed(parentReference)
-	if err != nil {
-		return nil, err
-	}
-
-	query := url.Values{}
-	query.Set("fromImage", ref.Name())
-	query.Set("tag", getAPITagFromNamedRef(ref))
-	if options.Platform != "" {
-		query.Set("platform", strings.ToLower(options.Platform))
-	}
-	resp, err := cli.tryImageCreate(ctx, query, options.RegistryAuth)
-	if err != nil {
-		return nil, err
-	}
-	return resp.Body, nil
-}
-
-func (cli *Client) tryImageCreate(ctx context.Context, query url.Values, registryAuth string) (*http.Response, error) {
-	return cli.post(ctx, "/images/create", query, nil, http.Header{
-		registry.AuthHeader: {registryAuth},
-	})
-}
diff --git a/vendor/github.com/docker/docker/client/image_import.go b/vendor/github.com/docker/docker/client/image_import.go
deleted file mode 100644
index 5236dbc62a..0000000000
--- a/vendor/github.com/docker/docker/client/image_import.go
+++ /dev/null
@@ -1,48 +0,0 @@
-package client
-
-import (
-	"context"
-	"io"
-	"net/url"
-	"strings"
-
-	"github.com/distribution/reference"
-	"github.com/docker/docker/api/types/image"
-)
-
-// ImageImport creates a new image based on the source options.
-// It returns the JSON content in the response body.
-func (cli *Client) ImageImport(ctx context.Context, source image.ImportSource, ref string, options image.ImportOptions) (io.ReadCloser, error) {
-	if ref != "" {
-		// Check if the given image name can be resolved
-		if _, err := reference.ParseNormalizedNamed(ref); err != nil {
-			return nil, err
-		}
-	}
-
-	query := url.Values{}
-	if source.SourceName != "" {
-		query.Set("fromSrc", source.SourceName)
-	}
-	if ref != "" {
-		query.Set("repo", ref)
-	}
-	if options.Tag != "" {
-		query.Set("tag", options.Tag)
-	}
-	if options.Message != "" {
-		query.Set("message", options.Message)
-	}
-	if options.Platform != "" {
-		query.Set("platform", strings.ToLower(options.Platform))
-	}
-	for _, change := range options.Changes {
-		query.Add("changes", change)
-	}
-
-	resp, err := cli.postRaw(ctx, "/images/create", query, source.Source, nil)
-	if err != nil {
-		return nil, err
-	}
-	return resp.Body, nil
-}
diff --git a/vendor/github.com/docker/docker/client/image_inspect.go b/vendor/github.com/docker/docker/client/image_inspect.go
deleted file mode 100644
index 4c35003129..0000000000
--- a/vendor/github.com/docker/docker/client/image_inspect.go
+++ /dev/null
@@ -1,76 +0,0 @@
-package client
-
-import (
-	"bytes"
-	"context"
-	"encoding/json"
-	"fmt"
-	"io"
-	"net/url"
-
-	"github.com/docker/docker/api/types/image"
-)
-
-// ImageInspect returns the image information.
-func (cli *Client) ImageInspect(ctx context.Context, imageID string, inspectOpts ...ImageInspectOption) (image.InspectResponse, error) {
-	if imageID == "" {
-		return image.InspectResponse{}, objectNotFoundError{object: "image", id: imageID}
-	}
-
-	var opts imageInspectOpts
-	for _, opt := range inspectOpts {
-		if err := opt.Apply(&opts); err != nil {
-			return image.InspectResponse{}, fmt.Errorf("error applying image inspect option: %w", err)
-		}
-	}
-
-	query := url.Values{}
-	if opts.apiOptions.Manifests {
-		if err := cli.NewVersionError(ctx, "1.48", "manifests"); err != nil {
-			return image.InspectResponse{}, err
-		}
-		query.Set("manifests", "1")
-	}
-
-	if opts.apiOptions.Platform != nil {
-		if err := cli.NewVersionError(ctx, "1.49", "platform"); err != nil {
-			return image.InspectResponse{}, err
-		}
-		platform, err := encodePlatform(opts.apiOptions.Platform)
-		if err != nil {
-			return image.InspectResponse{}, err
-		}
-		query.Set("platform", platform)
-	}
-
-	resp, err := cli.get(ctx, "/images/"+imageID+"/json", query, nil)
-	defer ensureReaderClosed(resp)
-	if err != nil {
-		return image.InspectResponse{}, err
-	}
-
-	buf := opts.raw
-	if buf == nil {
-		buf = &bytes.Buffer{}
-	}
-
-	if _, err := io.Copy(buf, resp.Body); err != nil {
-		return image.InspectResponse{}, err
-	}
-
-	var response image.InspectResponse
-	err = json.Unmarshal(buf.Bytes(), &response)
-	return response, err
-}
-
-// ImageInspectWithRaw returns the image information and its raw representation.
-//
-// Deprecated: Use [Client.ImageInspect] instead. Raw response can be obtained using the [ImageInspectWithRawResponse] option.
-func (cli *Client) ImageInspectWithRaw(ctx context.Context, imageID string) (image.InspectResponse, []byte, error) {
-	var buf bytes.Buffer
-	resp, err := cli.ImageInspect(ctx, imageID, ImageInspectWithRawResponse(&buf))
-	if err != nil {
-		return image.InspectResponse{}, nil, err
-	}
-	return resp, buf.Bytes(), err
-}
diff --git a/vendor/github.com/docker/docker/client/image_list.go b/vendor/github.com/docker/docker/client/image_list.go
deleted file mode 100644
index ec0a2ad570..0000000000
--- a/vendor/github.com/docker/docker/client/image_list.go
+++ /dev/null
@@ -1,67 +0,0 @@
-package client
-
-import (
-	"context"
-	"encoding/json"
-	"net/url"
-
-	"github.com/docker/docker/api/types/filters"
-	"github.com/docker/docker/api/types/image"
-	"github.com/docker/docker/api/types/versions"
-)
-
-// ImageList returns a list of images in the docker host.
-//
-// Experimental: Setting the [options.Manifest] will populate
-// [image.Summary.Manifests] with information about image manifests.
-// This is experimental and might change in the future without any backward
-// compatibility.
-func (cli *Client) ImageList(ctx context.Context, options image.ListOptions) ([]image.Summary, error) {
-	var images []image.Summary
-
-	// Make sure we negotiated (if the client is configured to do so),
-	// as code below contains API-version specific handling of options.
-	//
-	// Normally, version-negotiation (if enabled) would not happen until
-	// the API request is made.
-	if err := cli.checkVersion(ctx); err != nil {
-		return images, err
-	}
-
-	query := url.Values{}
-
-	optionFilters := options.Filters
-	referenceFilters := optionFilters.Get("reference")
-	if versions.LessThan(cli.version, "1.25") && len(referenceFilters) > 0 {
-		query.Set("filter", referenceFilters[0])
-		for _, filterValue := range referenceFilters {
-			optionFilters.Del("reference", filterValue)
-		}
-	}
-	if optionFilters.Len() > 0 {
-		//nolint:staticcheck // ignore SA1019 for old code
-		filterJSON, err := filters.ToParamWithVersion(cli.version, optionFilters)
-		if err != nil {
-			return images, err
-		}
-		query.Set("filters", filterJSON)
-	}
-	if options.All {
-		query.Set("all", "1")
-	}
-	if options.SharedSize && versions.GreaterThanOrEqualTo(cli.version, "1.42") {
-		query.Set("shared-size", "1")
-	}
-	if options.Manifests && versions.GreaterThanOrEqualTo(cli.version, "1.47") {
-		query.Set("manifests", "1")
-	}
-
-	resp, err := cli.get(ctx, "/images/json", query, nil)
-	defer ensureReaderClosed(resp)
-	if err != nil {
-		return images, err
-	}
-
-	err = json.NewDecoder(resp.Body).Decode(&images)
-	return images, err
-}
diff --git a/vendor/github.com/docker/docker/client/image_load.go b/vendor/github.com/docker/docker/client/image_load.go
deleted file mode 100644
index 079002e943..0000000000
--- a/vendor/github.com/docker/docker/client/image_load.go
+++ /dev/null
@@ -1,54 +0,0 @@
-package client
-
-import (
-	"context"
-	"io"
-	"net/http"
-	"net/url"
-
-	"github.com/docker/docker/api/types/image"
-)
-
-// ImageLoad loads an image in the docker host from the client host.
-// It's up to the caller to close the io.ReadCloser in the
-// ImageLoadResponse returned by this function.
-//
-// Platform is an optional parameter that specifies the platform to load from
-// the provided multi-platform image. This is only has effect if the input image
-// is a multi-platform image.
-func (cli *Client) ImageLoad(ctx context.Context, input io.Reader, loadOpts ...ImageLoadOption) (image.LoadResponse, error) {
-	var opts imageLoadOpts
-	for _, opt := range loadOpts {
-		if err := opt.Apply(&opts); err != nil {
-			return image.LoadResponse{}, err
-		}
-	}
-
-	query := url.Values{}
-	query.Set("quiet", "0")
-	if opts.apiOptions.Quiet {
-		query.Set("quiet", "1")
-	}
-	if len(opts.apiOptions.Platforms) > 0 {
-		if err := cli.NewVersionError(ctx, "1.48", "platform"); err != nil {
-			return image.LoadResponse{}, err
-		}
-
-		p, err := encodePlatforms(opts.apiOptions.Platforms...)
-		if err != nil {
-			return image.LoadResponse{}, err
-		}
-		query["platform"] = p
-	}
-
-	resp, err := cli.postRaw(ctx, "/images/load", query, input, http.Header{
-		"Content-Type": {"application/x-tar"},
-	})
-	if err != nil {
-		return image.LoadResponse{}, err
-	}
-	return image.LoadResponse{
-		Body: resp.Body,
-		JSON: resp.Header.Get("Content-Type") == "application/json",
-	}, nil
-}
diff --git a/vendor/github.com/docker/docker/client/image_prune.go b/vendor/github.com/docker/docker/client/image_prune.go
deleted file mode 100644
index 52e8bcf551..0000000000
--- a/vendor/github.com/docker/docker/client/image_prune.go
+++ /dev/null
@@ -1,35 +0,0 @@
-package client
-
-import (
-	"context"
-	"encoding/json"
-	"fmt"
-
-	"github.com/docker/docker/api/types/filters"
-	"github.com/docker/docker/api/types/image"
-)
-
-// ImagesPrune requests the daemon to delete unused data
-func (cli *Client) ImagesPrune(ctx context.Context, pruneFilters filters.Args) (image.PruneReport, error) {
-	if err := cli.NewVersionError(ctx, "1.25", "image prune"); err != nil {
-		return image.PruneReport{}, err
-	}
-
-	query, err := getFiltersQuery(pruneFilters)
-	if err != nil {
-		return image.PruneReport{}, err
-	}
-
-	resp, err := cli.post(ctx, "/images/prune", query, nil, nil)
-	defer ensureReaderClosed(resp)
-	if err != nil {
-		return image.PruneReport{}, err
-	}
-
-	var report image.PruneReport
-	if err := json.NewDecoder(resp.Body).Decode(&report); err != nil {
-		return image.PruneReport{}, fmt.Errorf("Error retrieving disk usage: %v", err)
-	}
-
-	return report, nil
-}
diff --git a/vendor/github.com/docker/docker/client/image_pull.go b/vendor/github.com/docker/docker/client/image_pull.go
deleted file mode 100644
index ab7606b456..0000000000
--- a/vendor/github.com/docker/docker/client/image_pull.go
+++ /dev/null
@@ -1,64 +0,0 @@
-package client
-
-import (
-	"context"
-	"io"
-	"net/url"
-	"strings"
-
-	cerrdefs "github.com/containerd/errdefs"
-	"github.com/distribution/reference"
-	"github.com/docker/docker/api/types/image"
-)
-
-// ImagePull requests the docker host to pull an image from a remote registry.
-// It executes the privileged function if the operation is unauthorized
-// and it tries one more time.
-// It's up to the caller to handle the io.ReadCloser and close it properly.
-//
-// FIXME(vdemeester): there is currently used in a few way in docker/docker
-// - if not in trusted content, ref is used to pass the whole reference, and tag is empty
-// - if in trusted content, ref is used to pass the reference name, and tag for the digest
-func (cli *Client) ImagePull(ctx context.Context, refStr string, options image.PullOptions) (io.ReadCloser, error) {
-	ref, err := reference.ParseNormalizedNamed(refStr)
-	if err != nil {
-		return nil, err
-	}
-
-	query := url.Values{}
-	query.Set("fromImage", ref.Name())
-	if !options.All {
-		query.Set("tag", getAPITagFromNamedRef(ref))
-	}
-	if options.Platform != "" {
-		query.Set("platform", strings.ToLower(options.Platform))
-	}
-
-	resp, err := cli.tryImageCreate(ctx, query, options.RegistryAuth)
-	if cerrdefs.IsUnauthorized(err) && options.PrivilegeFunc != nil {
-		newAuthHeader, privilegeErr := options.PrivilegeFunc(ctx)
-		if privilegeErr != nil {
-			return nil, privilegeErr
-		}
-		resp, err = cli.tryImageCreate(ctx, query, newAuthHeader)
-	}
-	if err != nil {
-		return nil, err
-	}
-	return resp.Body, nil
-}
-
-// getAPITagFromNamedRef returns a tag from the specified reference.
-// This function is necessary as long as the docker "server" api expects
-// digests to be sent as tags and makes a distinction between the name
-// and tag/digest part of a reference.
-func getAPITagFromNamedRef(ref reference.Named) string {
-	if digested, ok := ref.(reference.Digested); ok {
-		return digested.Digest().String()
-	}
-	ref = reference.TagNameOnly(ref)
-	if tagged, ok := ref.(reference.Tagged); ok {
-		return tagged.Tag()
-	}
-	return ""
-}
diff --git a/vendor/github.com/docker/docker/client/image_tag.go b/vendor/github.com/docker/docker/client/image_tag.go
deleted file mode 100644
index 2bfafc51cd..0000000000
--- a/vendor/github.com/docker/docker/client/image_tag.go
+++ /dev/null
@@ -1,37 +0,0 @@
-package client
-
-import (
-	"context"
-	"net/url"
-
-	"github.com/distribution/reference"
-	"github.com/pkg/errors"
-)
-
-// ImageTag tags an image in the docker host
-func (cli *Client) ImageTag(ctx context.Context, source, target string) error {
-	if _, err := reference.ParseAnyReference(source); err != nil {
-		return errors.Wrapf(err, "Error parsing reference: %q is not a valid repository/tag", source)
-	}
-
-	ref, err := reference.ParseNormalizedNamed(target)
-	if err != nil {
-		return errors.Wrapf(err, "Error parsing reference: %q is not a valid repository/tag", target)
-	}
-
-	if _, isCanonical := ref.(reference.Canonical); isCanonical {
-		return errors.New("refusing to create a tag with a digest reference")
-	}
-
-	ref = reference.TagNameOnly(ref)
-
-	query := url.Values{}
-	query.Set("repo", ref.Name())
-	if tagged, ok := ref.(reference.Tagged); ok {
-		query.Set("tag", tagged.Tag())
-	}
-
-	resp, err := cli.post(ctx, "/images/"+source+"/tag", query, nil, nil)
-	ensureReaderClosed(resp)
-	return err
-}
diff --git a/vendor/github.com/docker/docker/client/info.go b/vendor/github.com/docker/docker/client/info.go
deleted file mode 100644
index ed85d7f8d9..0000000000
--- a/vendor/github.com/docker/docker/client/info.go
+++ /dev/null
@@ -1,26 +0,0 @@
-package client
-
-import (
-	"context"
-	"encoding/json"
-	"fmt"
-	"net/url"
-
-	"github.com/docker/docker/api/types/system"
-)
-
-// Info returns information about the docker server.
-func (cli *Client) Info(ctx context.Context) (system.Info, error) {
-	var info system.Info
-	resp, err := cli.get(ctx, "/info", url.Values{}, nil)
-	defer ensureReaderClosed(resp)
-	if err != nil {
-		return info, err
-	}
-
-	if err := json.NewDecoder(resp.Body).Decode(&info); err != nil {
-		return info, fmt.Errorf("Error reading remote info: %v", err)
-	}
-
-	return info, nil
-}
diff --git a/vendor/github.com/docker/docker/client/login.go b/vendor/github.com/docker/docker/client/login.go
deleted file mode 100644
index 2d7f179023..0000000000
--- a/vendor/github.com/docker/docker/client/login.go
+++ /dev/null
@@ -1,24 +0,0 @@
-package client
-
-import (
-	"context"
-	"encoding/json"
-	"net/url"
-
-	"github.com/docker/docker/api/types/registry"
-)
-
-// RegistryLogin authenticates the docker server with a given docker registry.
-// It returns unauthorizedError when the authentication fails.
-func (cli *Client) RegistryLogin(ctx context.Context, auth registry.AuthConfig) (registry.AuthenticateOKBody, error) {
-	resp, err := cli.post(ctx, "/auth", url.Values{}, auth, nil)
-	defer ensureReaderClosed(resp)
-
-	if err != nil {
-		return registry.AuthenticateOKBody{}, err
-	}
-
-	var response registry.AuthenticateOKBody
-	err = json.NewDecoder(resp.Body).Decode(&response)
-	return response, err
-}
diff --git a/vendor/github.com/docker/docker/client/network_connect.go b/vendor/github.com/docker/docker/client/network_connect.go
deleted file mode 100644
index f7526c5d8e..0000000000
--- a/vendor/github.com/docker/docker/client/network_connect.go
+++ /dev/null
@@ -1,28 +0,0 @@
-package client
-
-import (
-	"context"
-
-	"github.com/docker/docker/api/types/network"
-)
-
-// NetworkConnect connects a container to an existent network in the docker host.
-func (cli *Client) NetworkConnect(ctx context.Context, networkID, containerID string, config *network.EndpointSettings) error {
-	networkID, err := trimID("network", networkID)
-	if err != nil {
-		return err
-	}
-
-	containerID, err = trimID("container", containerID)
-	if err != nil {
-		return err
-	}
-
-	nc := network.ConnectOptions{
-		Container:      containerID,
-		EndpointConfig: config,
-	}
-	resp, err := cli.post(ctx, "/networks/"+networkID+"/connect", nil, nc, nil)
-	ensureReaderClosed(resp)
-	return err
-}
diff --git a/vendor/github.com/docker/docker/client/network_create.go b/vendor/github.com/docker/docker/client/network_create.go
deleted file mode 100644
index 6a7f2ea52e..0000000000
--- a/vendor/github.com/docker/docker/client/network_create.go
+++ /dev/null
@@ -1,40 +0,0 @@
-package client
-
-import (
-	"context"
-	"encoding/json"
-
-	"github.com/docker/docker/api/types/network"
-	"github.com/docker/docker/api/types/versions"
-)
-
-// NetworkCreate creates a new network in the docker host.
-func (cli *Client) NetworkCreate(ctx context.Context, name string, options network.CreateOptions) (network.CreateResponse, error) {
-	// Make sure we negotiated (if the client is configured to do so),
-	// as code below contains API-version specific handling of options.
-	//
-	// Normally, version-negotiation (if enabled) would not happen until
-	// the API request is made.
-	if err := cli.checkVersion(ctx); err != nil {
-		return network.CreateResponse{}, err
-	}
-
-	networkCreateRequest := network.CreateRequest{
-		CreateOptions: options,
-		Name:          name,
-	}
-	if versions.LessThan(cli.version, "1.44") {
-		enabled := true
-		networkCreateRequest.CheckDuplicate = &enabled //nolint:staticcheck // ignore SA1019: CheckDuplicate is deprecated since API v1.44.
-	}
-
-	resp, err := cli.post(ctx, "/networks/create", nil, networkCreateRequest, nil)
-	defer ensureReaderClosed(resp)
-	if err != nil {
-		return network.CreateResponse{}, err
-	}
-
-	var response network.CreateResponse
-	err = json.NewDecoder(resp.Body).Decode(&response)
-	return response, err
-}
diff --git a/vendor/github.com/docker/docker/client/network_disconnect.go b/vendor/github.com/docker/docker/client/network_disconnect.go
deleted file mode 100644
index 55f9b6a206..0000000000
--- a/vendor/github.com/docker/docker/client/network_disconnect.go
+++ /dev/null
@@ -1,28 +0,0 @@
-package client
-
-import (
-	"context"
-
-	"github.com/docker/docker/api/types/network"
-)
-
-// NetworkDisconnect disconnects a container from an existent network in the docker host.
-func (cli *Client) NetworkDisconnect(ctx context.Context, networkID, containerID string, force bool) error {
-	networkID, err := trimID("network", networkID)
-	if err != nil {
-		return err
-	}
-
-	containerID, err = trimID("container", containerID)
-	if err != nil {
-		return err
-	}
-
-	nd := network.DisconnectOptions{
-		Container: containerID,
-		Force:     force,
-	}
-	resp, err := cli.post(ctx, "/networks/"+networkID+"/disconnect", nil, nd, nil)
-	ensureReaderClosed(resp)
-	return err
-}
diff --git a/vendor/github.com/docker/docker/client/network_inspect.go b/vendor/github.com/docker/docker/client/network_inspect.go
deleted file mode 100644
index 734ec10211..0000000000
--- a/vendor/github.com/docker/docker/client/network_inspect.go
+++ /dev/null
@@ -1,47 +0,0 @@
-package client
-
-import (
-	"bytes"
-	"context"
-	"encoding/json"
-	"io"
-	"net/url"
-
-	"github.com/docker/docker/api/types/network"
-)
-
-// NetworkInspect returns the information for a specific network configured in the docker host.
-func (cli *Client) NetworkInspect(ctx context.Context, networkID string, options network.InspectOptions) (network.Inspect, error) {
-	networkResource, _, err := cli.NetworkInspectWithRaw(ctx, networkID, options)
-	return networkResource, err
-}
-
-// NetworkInspectWithRaw returns the information for a specific network configured in the docker host and its raw representation.
-func (cli *Client) NetworkInspectWithRaw(ctx context.Context, networkID string, options network.InspectOptions) (network.Inspect, []byte, error) {
-	networkID, err := trimID("network", networkID)
-	if err != nil {
-		return network.Inspect{}, nil, err
-	}
-	query := url.Values{}
-	if options.Verbose {
-		query.Set("verbose", "true")
-	}
-	if options.Scope != "" {
-		query.Set("scope", options.Scope)
-	}
-
-	resp, err := cli.get(ctx, "/networks/"+networkID, query, nil)
-	defer ensureReaderClosed(resp)
-	if err != nil {
-		return network.Inspect{}, nil, err
-	}
-
-	raw, err := io.ReadAll(resp.Body)
-	if err != nil {
-		return network.Inspect{}, nil, err
-	}
-
-	var nw network.Inspect
-	err = json.NewDecoder(bytes.NewReader(raw)).Decode(&nw)
-	return nw, raw, err
-}
diff --git a/vendor/github.com/docker/docker/client/network_list.go b/vendor/github.com/docker/docker/client/network_list.go
deleted file mode 100644
index 8d93361966..0000000000
--- a/vendor/github.com/docker/docker/client/network_list.go
+++ /dev/null
@@ -1,32 +0,0 @@
-package client
-
-import (
-	"context"
-	"encoding/json"
-	"net/url"
-
-	"github.com/docker/docker/api/types/filters"
-	"github.com/docker/docker/api/types/network"
-)
-
-// NetworkList returns the list of networks configured in the docker host.
-func (cli *Client) NetworkList(ctx context.Context, options network.ListOptions) ([]network.Summary, error) {
-	query := url.Values{}
-	if options.Filters.Len() > 0 {
-		//nolint:staticcheck // ignore SA1019 for old code
-		filterJSON, err := filters.ToParamWithVersion(cli.version, options.Filters)
-		if err != nil {
-			return nil, err
-		}
-
-		query.Set("filters", filterJSON)
-	}
-	var networkResources []network.Summary
-	resp, err := cli.get(ctx, "/networks", query, nil)
-	defer ensureReaderClosed(resp)
-	if err != nil {
-		return networkResources, err
-	}
-	err = json.NewDecoder(resp.Body).Decode(&networkResources)
-	return networkResources, err
-}
diff --git a/vendor/github.com/docker/docker/client/network_prune.go b/vendor/github.com/docker/docker/client/network_prune.go
deleted file mode 100644
index 7835fe9069..0000000000
--- a/vendor/github.com/docker/docker/client/network_prune.go
+++ /dev/null
@@ -1,35 +0,0 @@
-package client
-
-import (
-	"context"
-	"encoding/json"
-	"fmt"
-
-	"github.com/docker/docker/api/types/filters"
-	"github.com/docker/docker/api/types/network"
-)
-
-// NetworksPrune requests the daemon to delete unused networks
-func (cli *Client) NetworksPrune(ctx context.Context, pruneFilters filters.Args) (network.PruneReport, error) {
-	if err := cli.NewVersionError(ctx, "1.25", "network prune"); err != nil {
-		return network.PruneReport{}, err
-	}
-
-	query, err := getFiltersQuery(pruneFilters)
-	if err != nil {
-		return network.PruneReport{}, err
-	}
-
-	resp, err := cli.post(ctx, "/networks/prune", query, nil, nil)
-	defer ensureReaderClosed(resp)
-	if err != nil {
-		return network.PruneReport{}, err
-	}
-
-	var report network.PruneReport
-	if err := json.NewDecoder(resp.Body).Decode(&report); err != nil {
-		return network.PruneReport{}, fmt.Errorf("Error retrieving network prune report: %v", err)
-	}
-
-	return report, nil
-}
diff --git a/vendor/github.com/docker/docker/client/network_remove.go b/vendor/github.com/docker/docker/client/network_remove.go
deleted file mode 100644
index 9b164d3eae..0000000000
--- a/vendor/github.com/docker/docker/client/network_remove.go
+++ /dev/null
@@ -1,14 +0,0 @@
-package client
-
-import "context"
-
-// NetworkRemove removes an existent network from the docker host.
-func (cli *Client) NetworkRemove(ctx context.Context, networkID string) error {
-	networkID, err := trimID("network", networkID)
-	if err != nil {
-		return err
-	}
-	resp, err := cli.delete(ctx, "/networks/"+networkID, nil, nil)
-	defer ensureReaderClosed(resp)
-	return err
-}
diff --git a/vendor/github.com/docker/docker/client/node_inspect.go b/vendor/github.com/docker/docker/client/node_inspect.go
deleted file mode 100644
index dd1f1f8ab4..0000000000
--- a/vendor/github.com/docker/docker/client/node_inspect.go
+++ /dev/null
@@ -1,33 +0,0 @@
-package client
-
-import (
-	"bytes"
-	"context"
-	"encoding/json"
-	"io"
-
-	"github.com/docker/docker/api/types/swarm"
-)
-
-// NodeInspectWithRaw returns the node information.
-func (cli *Client) NodeInspectWithRaw(ctx context.Context, nodeID string) (swarm.Node, []byte, error) {
-	nodeID, err := trimID("node", nodeID)
-	if err != nil {
-		return swarm.Node{}, nil, err
-	}
-	resp, err := cli.get(ctx, "/nodes/"+nodeID, nil, nil)
-	defer ensureReaderClosed(resp)
-	if err != nil {
-		return swarm.Node{}, nil, err
-	}
-
-	body, err := io.ReadAll(resp.Body)
-	if err != nil {
-		return swarm.Node{}, nil, err
-	}
-
-	var response swarm.Node
-	rdr := bytes.NewReader(body)
-	err = json.NewDecoder(rdr).Decode(&response)
-	return response, body, err
-}
diff --git a/vendor/github.com/docker/docker/client/node_list.go b/vendor/github.com/docker/docker/client/node_list.go
deleted file mode 100644
index 3b393ffe38..0000000000
--- a/vendor/github.com/docker/docker/client/node_list.go
+++ /dev/null
@@ -1,34 +0,0 @@
-package client
-
-import (
-	"context"
-	"encoding/json"
-	"net/url"
-
-	"github.com/docker/docker/api/types/filters"
-	"github.com/docker/docker/api/types/swarm"
-)
-
-// NodeList returns the list of nodes.
-func (cli *Client) NodeList(ctx context.Context, options swarm.NodeListOptions) ([]swarm.Node, error) {
-	query := url.Values{}
-
-	if options.Filters.Len() > 0 {
-		filterJSON, err := filters.ToJSON(options.Filters)
-		if err != nil {
-			return nil, err
-		}
-
-		query.Set("filters", filterJSON)
-	}
-
-	resp, err := cli.get(ctx, "/nodes", query, nil)
-	defer ensureReaderClosed(resp)
-	if err != nil {
-		return nil, err
-	}
-
-	var nodes []swarm.Node
-	err = json.NewDecoder(resp.Body).Decode(&nodes)
-	return nodes, err
-}
diff --git a/vendor/github.com/docker/docker/client/node_update.go b/vendor/github.com/docker/docker/client/node_update.go
deleted file mode 100644
index 62af964cf0..0000000000
--- a/vendor/github.com/docker/docker/client/node_update.go
+++ /dev/null
@@ -1,22 +0,0 @@
-package client
-
-import (
-	"context"
-	"net/url"
-
-	"github.com/docker/docker/api/types/swarm"
-)
-
-// NodeUpdate updates a Node.
-func (cli *Client) NodeUpdate(ctx context.Context, nodeID string, version swarm.Version, node swarm.NodeSpec) error {
-	nodeID, err := trimID("node", nodeID)
-	if err != nil {
-		return err
-	}
-
-	query := url.Values{}
-	query.Set("version", version.String())
-	resp, err := cli.post(ctx, "/nodes/"+nodeID+"/update", query, node, nil)
-	ensureReaderClosed(resp)
-	return err
-}
diff --git a/vendor/github.com/docker/docker/client/options.go b/vendor/github.com/docker/docker/client/options.go
deleted file mode 100644
index 6f68fc2b89..0000000000
--- a/vendor/github.com/docker/docker/client/options.go
+++ /dev/null
@@ -1,240 +0,0 @@
-package client
-
-import (
-	"context"
-	"net"
-	"net/http"
-	"os"
-	"path/filepath"
-	"strings"
-	"time"
-
-	"github.com/docker/go-connections/sockets"
-	"github.com/docker/go-connections/tlsconfig"
-	"github.com/pkg/errors"
-	"go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp"
-	"go.opentelemetry.io/otel/trace"
-)
-
-// Opt is a configuration option to initialize a [Client].
-type Opt func(*Client) error
-
-// FromEnv configures the client with values from environment variables. It
-// is the equivalent of using the [WithTLSClientConfigFromEnv], [WithHostFromEnv],
-// and [WithVersionFromEnv] options.
-//
-// FromEnv uses the following environment variables:
-//
-//   - DOCKER_HOST ([EnvOverrideHost]) to set the URL to the docker server.
-//   - DOCKER_API_VERSION ([EnvOverrideAPIVersion]) to set the version of the
-//     API to use, leave empty for latest.
-//   - DOCKER_CERT_PATH ([EnvOverrideCertPath]) to specify the directory from
-//     which to load the TLS certificates ("ca.pem", "cert.pem", "key.pem').
-//   - DOCKER_TLS_VERIFY ([EnvTLSVerify]) to enable or disable TLS verification
-//     (off by default).
-func FromEnv(c *Client) error {
-	ops := []Opt{
-		WithTLSClientConfigFromEnv(),
-		WithHostFromEnv(),
-		WithVersionFromEnv(),
-	}
-	for _, op := range ops {
-		if err := op(c); err != nil {
-			return err
-		}
-	}
-	return nil
-}
-
-// WithDialContext applies the dialer to the client transport. This can be
-// used to set the Timeout and KeepAlive settings of the client. It returns
-// an error if the client does not have a [http.Transport] configured.
-func WithDialContext(dialContext func(ctx context.Context, network, addr string) (net.Conn, error)) Opt {
-	return func(c *Client) error {
-		if transport, ok := c.client.Transport.(*http.Transport); ok {
-			transport.DialContext = dialContext
-			return nil
-		}
-		return errors.Errorf("cannot apply dialer to transport: %T", c.client.Transport)
-	}
-}
-
-// WithHost overrides the client host with the specified one.
-func WithHost(host string) Opt {
-	return func(c *Client) error {
-		hostURL, err := ParseHostURL(host)
-		if err != nil {
-			return err
-		}
-		c.host = host
-		c.proto = hostURL.Scheme
-		c.addr = hostURL.Host
-		c.basePath = hostURL.Path
-		if transport, ok := c.client.Transport.(*http.Transport); ok {
-			return sockets.ConfigureTransport(transport, c.proto, c.addr)
-		}
-		return errors.Errorf("cannot apply host to transport: %T", c.client.Transport)
-	}
-}
-
-// WithHostFromEnv overrides the client host with the host specified in the
-// DOCKER_HOST ([EnvOverrideHost]) environment variable. If DOCKER_HOST is not set,
-// or set to an empty value, the host is not modified.
-func WithHostFromEnv() Opt {
-	return func(c *Client) error {
-		if host := os.Getenv(EnvOverrideHost); host != "" {
-			return WithHost(host)(c)
-		}
-		return nil
-	}
-}
-
-// WithHTTPClient overrides the client's HTTP client with the specified one.
-func WithHTTPClient(client *http.Client) Opt {
-	return func(c *Client) error {
-		if client != nil {
-			c.client = client
-		}
-		return nil
-	}
-}
-
-// WithTimeout configures the time limit for requests made by the HTTP client.
-func WithTimeout(timeout time.Duration) Opt {
-	return func(c *Client) error {
-		c.client.Timeout = timeout
-		return nil
-	}
-}
-
-// WithUserAgent configures the User-Agent header to use for HTTP requests.
-// It overrides any User-Agent set in headers. When set to an empty string,
-// the User-Agent header is removed, and no header is sent.
-func WithUserAgent(ua string) Opt {
-	return func(c *Client) error {
-		c.userAgent = &ua
-		return nil
-	}
-}
-
-// WithHTTPHeaders appends custom HTTP headers to the client's default headers.
-// It does not allow for built-in headers (such as "User-Agent", if set) to
-// be overridden. Also see [WithUserAgent].
-func WithHTTPHeaders(headers map[string]string) Opt {
-	return func(c *Client) error {
-		c.customHTTPHeaders = headers
-		return nil
-	}
-}
-
-// WithScheme overrides the client scheme with the specified one.
-func WithScheme(scheme string) Opt {
-	return func(c *Client) error {
-		c.scheme = scheme
-		return nil
-	}
-}
-
-// WithTLSClientConfig applies a TLS config to the client transport.
-func WithTLSClientConfig(cacertPath, certPath, keyPath string) Opt {
-	return func(c *Client) error {
-		transport, ok := c.client.Transport.(*http.Transport)
-		if !ok {
-			return errors.Errorf("cannot apply tls config to transport: %T", c.client.Transport)
-		}
-		config, err := tlsconfig.Client(tlsconfig.Options{
-			CAFile:             cacertPath,
-			CertFile:           certPath,
-			KeyFile:            keyPath,
-			ExclusiveRootPools: true,
-		})
-		if err != nil {
-			return errors.Wrap(err, "failed to create tls config")
-		}
-		transport.TLSClientConfig = config
-		return nil
-	}
-}
-
-// WithTLSClientConfigFromEnv configures the client's TLS settings with the
-// settings in the DOCKER_CERT_PATH ([EnvOverrideCertPath]) and DOCKER_TLS_VERIFY
-// ([EnvTLSVerify]) environment variables. If DOCKER_CERT_PATH is not set or empty,
-// TLS configuration is not modified.
-//
-// WithTLSClientConfigFromEnv uses the following environment variables:
-//
-//   - DOCKER_CERT_PATH ([EnvOverrideCertPath]) to specify the directory from
-//     which to load the TLS certificates ("ca.pem", "cert.pem", "key.pem").
-//   - DOCKER_TLS_VERIFY ([EnvTLSVerify]) to enable or disable TLS verification
-//     (off by default).
-func WithTLSClientConfigFromEnv() Opt {
-	return func(c *Client) error {
-		dockerCertPath := os.Getenv(EnvOverrideCertPath)
-		if dockerCertPath == "" {
-			return nil
-		}
-		tlsc, err := tlsconfig.Client(tlsconfig.Options{
-			CAFile:             filepath.Join(dockerCertPath, "ca.pem"),
-			CertFile:           filepath.Join(dockerCertPath, "cert.pem"),
-			KeyFile:            filepath.Join(dockerCertPath, "key.pem"),
-			InsecureSkipVerify: os.Getenv(EnvTLSVerify) == "",
-		})
-		if err != nil {
-			return err
-		}
-
-		c.client = &http.Client{
-			Transport:     &http.Transport{TLSClientConfig: tlsc},
-			CheckRedirect: CheckRedirect,
-		}
-		return nil
-	}
-}
-
-// WithVersion overrides the client version with the specified one. If an empty
-// version is provided, the value is ignored to allow version negotiation
-// (see [WithAPIVersionNegotiation]).
-func WithVersion(version string) Opt {
-	return func(c *Client) error {
-		if v := strings.TrimPrefix(version, "v"); v != "" {
-			c.version = v
-			c.manualOverride = true
-		}
-		return nil
-	}
-}
-
-// WithVersionFromEnv overrides the client version with the version specified in
-// the DOCKER_API_VERSION ([EnvOverrideAPIVersion]) environment variable.
-// If DOCKER_API_VERSION is not set, or set to an empty value, the version
-// is not modified.
-func WithVersionFromEnv() Opt {
-	return func(c *Client) error {
-		return WithVersion(os.Getenv(EnvOverrideAPIVersion))(c)
-	}
-}
-
-// WithAPIVersionNegotiation enables automatic API version negotiation for the client.
-// With this option enabled, the client automatically negotiates the API version
-// to use when making requests. API version negotiation is performed on the first
-// request; subsequent requests do not re-negotiate.
-func WithAPIVersionNegotiation() Opt {
-	return func(c *Client) error {
-		c.negotiateVersion = true
-		return nil
-	}
-}
-
-// WithTraceProvider sets the trace provider for the client.
-// If this is not set then the global trace provider will be used.
-func WithTraceProvider(provider trace.TracerProvider) Opt {
-	return WithTraceOptions(otelhttp.WithTracerProvider(provider))
-}
-
-// WithTraceOptions sets tracing span options for the client.
-func WithTraceOptions(opts ...otelhttp.Option) Opt {
-	return func(c *Client) error {
-		c.traceOpts = append(c.traceOpts, opts...)
-		return nil
-	}
-}
diff --git a/vendor/github.com/docker/docker/client/ping.go b/vendor/github.com/docker/docker/client/ping.go
deleted file mode 100644
index 385fdf0524..0000000000
--- a/vendor/github.com/docker/docker/client/ping.go
+++ /dev/null
@@ -1,81 +0,0 @@
-package client
-
-import (
-	"context"
-	"net/http"
-	"path"
-	"strings"
-
-	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/api/types/build"
-	"github.com/docker/docker/api/types/swarm"
-)
-
-// Ping pings the server and returns the value of the "Docker-Experimental",
-// "Builder-Version", "OS-Type" & "API-Version" headers. It attempts to use
-// a HEAD request on the endpoint, but falls back to GET if HEAD is not supported
-// by the daemon. It ignores internal server errors returned by the API, which
-// may be returned if the daemon is in an unhealthy state, but returns errors
-// for other non-success status codes, failing to connect to the API, or failing
-// to parse the API response.
-func (cli *Client) Ping(ctx context.Context) (types.Ping, error) {
-	var ping types.Ping
-
-	// Using cli.buildRequest() + cli.doRequest() instead of cli.sendRequest()
-	// because ping requests are used during API version negotiation, so we want
-	// to hit the non-versioned /_ping endpoint, not /v1.xx/_ping
-	req, err := cli.buildRequest(ctx, http.MethodHead, path.Join(cli.basePath, "/_ping"), nil, nil)
-	if err != nil {
-		return ping, err
-	}
-	resp, err := cli.doRequest(req)
-	if err != nil {
-		if IsErrConnectionFailed(err) {
-			return ping, err
-		}
-		// We managed to connect, but got some error; continue and try GET request.
-	} else {
-		defer ensureReaderClosed(resp)
-		switch resp.StatusCode {
-		case http.StatusOK, http.StatusInternalServerError:
-			// Server handled the request, so parse the response
-			return parsePingResponse(cli, resp)
-		}
-	}
-
-	// HEAD failed; fallback to GET.
-	req.Method = http.MethodGet
-	resp, err = cli.doRequest(req)
-	defer ensureReaderClosed(resp)
-	if err != nil {
-		return ping, err
-	}
-	return parsePingResponse(cli, resp)
-}
-
-func parsePingResponse(cli *Client, resp *http.Response) (types.Ping, error) {
-	if resp == nil {
-		return types.Ping{}, nil
-	}
-
-	var ping types.Ping
-	if resp.Header == nil {
-		return ping, cli.checkResponseErr(resp)
-	}
-	ping.APIVersion = resp.Header.Get("Api-Version")
-	ping.OSType = resp.Header.Get("Ostype")
-	if resp.Header.Get("Docker-Experimental") == "true" {
-		ping.Experimental = true
-	}
-	if bv := resp.Header.Get("Builder-Version"); bv != "" {
-		ping.BuilderVersion = build.BuilderVersion(bv)
-	}
-	if si := resp.Header.Get("Swarm"); si != "" {
-		state, role, _ := strings.Cut(si, "/")
-		ping.SwarmStatus = &swarm.Status{
-			NodeState:        swarm.LocalNodeState(state),
-			ControlAvailable: role == "manager",
-		}
-	}
-	return ping, cli.checkResponseErr(resp)
-}
diff --git a/vendor/github.com/docker/docker/client/plugin_create.go b/vendor/github.com/docker/docker/client/plugin_create.go
deleted file mode 100644
index eaba7ee653..0000000000
--- a/vendor/github.com/docker/docker/client/plugin_create.go
+++ /dev/null
@@ -1,23 +0,0 @@
-package client
-
-import (
-	"context"
-	"io"
-	"net/http"
-	"net/url"
-
-	"github.com/docker/docker/api/types"
-)
-
-// PluginCreate creates a plugin
-func (cli *Client) PluginCreate(ctx context.Context, createContext io.Reader, createOptions types.PluginCreateOptions) error {
-	headers := http.Header(make(map[string][]string))
-	headers.Set("Content-Type", "application/x-tar")
-
-	query := url.Values{}
-	query.Set("name", createOptions.RepoName)
-
-	resp, err := cli.postRaw(ctx, "/plugins/create", query, createContext, headers)
-	ensureReaderClosed(resp)
-	return err
-}
diff --git a/vendor/github.com/docker/docker/client/plugin_disable.go b/vendor/github.com/docker/docker/client/plugin_disable.go
deleted file mode 100644
index 4049b1b6ac..0000000000
--- a/vendor/github.com/docker/docker/client/plugin_disable.go
+++ /dev/null
@@ -1,23 +0,0 @@
-package client
-
-import (
-	"context"
-	"net/url"
-
-	"github.com/docker/docker/api/types"
-)
-
-// PluginDisable disables a plugin
-func (cli *Client) PluginDisable(ctx context.Context, name string, options types.PluginDisableOptions) error {
-	name, err := trimID("plugin", name)
-	if err != nil {
-		return err
-	}
-	query := url.Values{}
-	if options.Force {
-		query.Set("force", "1")
-	}
-	resp, err := cli.post(ctx, "/plugins/"+name+"/disable", query, nil, nil)
-	ensureReaderClosed(resp)
-	return err
-}
diff --git a/vendor/github.com/docker/docker/client/plugin_enable.go b/vendor/github.com/docker/docker/client/plugin_enable.go
deleted file mode 100644
index 611856935d..0000000000
--- a/vendor/github.com/docker/docker/client/plugin_enable.go
+++ /dev/null
@@ -1,23 +0,0 @@
-package client
-
-import (
-	"context"
-	"net/url"
-	"strconv"
-
-	"github.com/docker/docker/api/types"
-)
-
-// PluginEnable enables a plugin
-func (cli *Client) PluginEnable(ctx context.Context, name string, options types.PluginEnableOptions) error {
-	name, err := trimID("plugin", name)
-	if err != nil {
-		return err
-	}
-	query := url.Values{}
-	query.Set("timeout", strconv.Itoa(options.Timeout))
-
-	resp, err := cli.post(ctx, "/plugins/"+name+"/enable", query, nil, nil)
-	ensureReaderClosed(resp)
-	return err
-}
diff --git a/vendor/github.com/docker/docker/client/plugin_inspect.go b/vendor/github.com/docker/docker/client/plugin_inspect.go
deleted file mode 100644
index eaedeb8a67..0000000000
--- a/vendor/github.com/docker/docker/client/plugin_inspect.go
+++ /dev/null
@@ -1,32 +0,0 @@
-package client
-
-import (
-	"bytes"
-	"context"
-	"encoding/json"
-	"io"
-
-	"github.com/docker/docker/api/types"
-)
-
-// PluginInspectWithRaw inspects an existing plugin
-func (cli *Client) PluginInspectWithRaw(ctx context.Context, name string) (*types.Plugin, []byte, error) {
-	name, err := trimID("plugin", name)
-	if err != nil {
-		return nil, nil, err
-	}
-	resp, err := cli.get(ctx, "/plugins/"+name+"/json", nil, nil)
-	defer ensureReaderClosed(resp)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	body, err := io.ReadAll(resp.Body)
-	if err != nil {
-		return nil, nil, err
-	}
-	var p types.Plugin
-	rdr := bytes.NewReader(body)
-	err = json.NewDecoder(rdr).Decode(&p)
-	return &p, body, err
-}
diff --git a/vendor/github.com/docker/docker/client/plugin_install.go b/vendor/github.com/docker/docker/client/plugin_install.go
deleted file mode 100644
index 5fd2ff2182..0000000000
--- a/vendor/github.com/docker/docker/client/plugin_install.go
+++ /dev/null
@@ -1,117 +0,0 @@
-package client
-
-import (
-	"context"
-	"encoding/json"
-	"io"
-	"net/http"
-	"net/url"
-
-	cerrdefs "github.com/containerd/errdefs"
-	"github.com/distribution/reference"
-	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/api/types/registry"
-	"github.com/pkg/errors"
-)
-
-// PluginInstall installs a plugin
-func (cli *Client) PluginInstall(ctx context.Context, name string, options types.PluginInstallOptions) (_ io.ReadCloser, retErr error) {
-	query := url.Values{}
-	if _, err := reference.ParseNormalizedNamed(options.RemoteRef); err != nil {
-		return nil, errors.Wrap(err, "invalid remote reference")
-	}
-	query.Set("remote", options.RemoteRef)
-
-	privileges, err := cli.checkPluginPermissions(ctx, query, options)
-	if err != nil {
-		return nil, err
-	}
-
-	// set name for plugin pull, if empty should default to remote reference
-	query.Set("name", name)
-
-	resp, err := cli.tryPluginPull(ctx, query, privileges, options.RegistryAuth)
-	if err != nil {
-		return nil, err
-	}
-
-	name = resp.Header.Get("Docker-Plugin-Name")
-
-	pr, pw := io.Pipe()
-	go func() { // todo: the client should probably be designed more around the actual api
-		_, err := io.Copy(pw, resp.Body)
-		if err != nil {
-			_ = pw.CloseWithError(err)
-			return
-		}
-		defer func() {
-			if retErr != nil {
-				delResp, _ := cli.delete(ctx, "/plugins/"+name, nil, nil)
-				ensureReaderClosed(delResp)
-			}
-		}()
-		if len(options.Args) > 0 {
-			if err := cli.PluginSet(ctx, name, options.Args); err != nil {
-				_ = pw.CloseWithError(err)
-				return
-			}
-		}
-
-		if options.Disabled {
-			_ = pw.Close()
-			return
-		}
-
-		enableErr := cli.PluginEnable(ctx, name, types.PluginEnableOptions{Timeout: 0})
-		_ = pw.CloseWithError(enableErr)
-	}()
-	return pr, nil
-}
-
-func (cli *Client) tryPluginPrivileges(ctx context.Context, query url.Values, registryAuth string) (*http.Response, error) {
-	return cli.get(ctx, "/plugins/privileges", query, http.Header{
-		registry.AuthHeader: {registryAuth},
-	})
-}
-
-func (cli *Client) tryPluginPull(ctx context.Context, query url.Values, privileges types.PluginPrivileges, registryAuth string) (*http.Response, error) {
-	return cli.post(ctx, "/plugins/pull", query, privileges, http.Header{
-		registry.AuthHeader: {registryAuth},
-	})
-}
-
-func (cli *Client) checkPluginPermissions(ctx context.Context, query url.Values, options types.PluginInstallOptions) (types.PluginPrivileges, error) {
-	resp, err := cli.tryPluginPrivileges(ctx, query, options.RegistryAuth)
-	if cerrdefs.IsUnauthorized(err) && options.PrivilegeFunc != nil {
-		// todo: do inspect before to check existing name before checking privileges
-		newAuthHeader, privilegeErr := options.PrivilegeFunc(ctx)
-		if privilegeErr != nil {
-			ensureReaderClosed(resp)
-			return nil, privilegeErr
-		}
-		options.RegistryAuth = newAuthHeader
-		resp, err = cli.tryPluginPrivileges(ctx, query, options.RegistryAuth)
-	}
-	if err != nil {
-		ensureReaderClosed(resp)
-		return nil, err
-	}
-
-	var privileges types.PluginPrivileges
-	if err := json.NewDecoder(resp.Body).Decode(&privileges); err != nil {
-		ensureReaderClosed(resp)
-		return nil, err
-	}
-	ensureReaderClosed(resp)
-
-	if !options.AcceptAllPermissions && options.AcceptPermissionsFunc != nil && len(privileges) > 0 {
-		accept, err := options.AcceptPermissionsFunc(ctx, privileges)
-		if err != nil {
-			return nil, err
-		}
-		if !accept {
-			return nil, errors.Errorf("permission denied while installing plugin %s", options.RemoteRef)
-		}
-	}
-	return privileges, nil
-}
diff --git a/vendor/github.com/docker/docker/client/plugin_list.go b/vendor/github.com/docker/docker/client/plugin_list.go
deleted file mode 100644
index f314e17f1e..0000000000
--- a/vendor/github.com/docker/docker/client/plugin_list.go
+++ /dev/null
@@ -1,33 +0,0 @@
-package client
-
-import (
-	"context"
-	"encoding/json"
-	"net/url"
-
-	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/api/types/filters"
-)
-
-// PluginList returns the installed plugins
-func (cli *Client) PluginList(ctx context.Context, filter filters.Args) (types.PluginsListResponse, error) {
-	var plugins types.PluginsListResponse
-	query := url.Values{}
-
-	if filter.Len() > 0 {
-		//nolint:staticcheck // ignore SA1019 for old code
-		filterJSON, err := filters.ToParamWithVersion(cli.version, filter)
-		if err != nil {
-			return plugins, err
-		}
-		query.Set("filters", filterJSON)
-	}
-	resp, err := cli.get(ctx, "/plugins", query, nil)
-	defer ensureReaderClosed(resp)
-	if err != nil {
-		return plugins, err
-	}
-
-	err = json.NewDecoder(resp.Body).Decode(&plugins)
-	return plugins, err
-}
diff --git a/vendor/github.com/docker/docker/client/plugin_push.go b/vendor/github.com/docker/docker/client/plugin_push.go
deleted file mode 100644
index 4574dcddbf..0000000000
--- a/vendor/github.com/docker/docker/client/plugin_push.go
+++ /dev/null
@@ -1,24 +0,0 @@
-package client
-
-import (
-	"context"
-	"io"
-	"net/http"
-
-	"github.com/docker/docker/api/types/registry"
-)
-
-// PluginPush pushes a plugin to a registry
-func (cli *Client) PluginPush(ctx context.Context, name string, registryAuth string) (io.ReadCloser, error) {
-	name, err := trimID("plugin", name)
-	if err != nil {
-		return nil, err
-	}
-	resp, err := cli.post(ctx, "/plugins/"+name+"/push", nil, nil, http.Header{
-		registry.AuthHeader: {registryAuth},
-	})
-	if err != nil {
-		return nil, err
-	}
-	return resp.Body, nil
-}
diff --git a/vendor/github.com/docker/docker/client/plugin_remove.go b/vendor/github.com/docker/docker/client/plugin_remove.go
deleted file mode 100644
index 2ba0a8ccc4..0000000000
--- a/vendor/github.com/docker/docker/client/plugin_remove.go
+++ /dev/null
@@ -1,25 +0,0 @@
-package client
-
-import (
-	"context"
-	"net/url"
-
-	"github.com/docker/docker/api/types"
-)
-
-// PluginRemove removes a plugin
-func (cli *Client) PluginRemove(ctx context.Context, name string, options types.PluginRemoveOptions) error {
-	name, err := trimID("plugin", name)
-	if err != nil {
-		return err
-	}
-
-	query := url.Values{}
-	if options.Force {
-		query.Set("force", "1")
-	}
-
-	resp, err := cli.delete(ctx, "/plugins/"+name, query, nil)
-	defer ensureReaderClosed(resp)
-	return err
-}
diff --git a/vendor/github.com/docker/docker/client/plugin_set.go b/vendor/github.com/docker/docker/client/plugin_set.go
deleted file mode 100644
index f0e4a0c305..0000000000
--- a/vendor/github.com/docker/docker/client/plugin_set.go
+++ /dev/null
@@ -1,17 +0,0 @@
-package client
-
-import (
-	"context"
-)
-
-// PluginSet modifies settings for an existing plugin
-func (cli *Client) PluginSet(ctx context.Context, name string, args []string) error {
-	name, err := trimID("plugin", name)
-	if err != nil {
-		return err
-	}
-
-	resp, err := cli.post(ctx, "/plugins/"+name+"/set", nil, args, nil)
-	ensureReaderClosed(resp)
-	return err
-}
diff --git a/vendor/github.com/docker/docker/client/plugin_upgrade.go b/vendor/github.com/docker/docker/client/plugin_upgrade.go
deleted file mode 100644
index cd0cf4d222..0000000000
--- a/vendor/github.com/docker/docker/client/plugin_upgrade.go
+++ /dev/null
@@ -1,47 +0,0 @@
-package client
-
-import (
-	"context"
-	"io"
-	"net/http"
-	"net/url"
-
-	"github.com/distribution/reference"
-	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/api/types/registry"
-	"github.com/pkg/errors"
-)
-
-// PluginUpgrade upgrades a plugin
-func (cli *Client) PluginUpgrade(ctx context.Context, name string, options types.PluginInstallOptions) (io.ReadCloser, error) {
-	name, err := trimID("plugin", name)
-	if err != nil {
-		return nil, err
-	}
-
-	if err := cli.NewVersionError(ctx, "1.26", "plugin upgrade"); err != nil {
-		return nil, err
-	}
-	query := url.Values{}
-	if _, err := reference.ParseNormalizedNamed(options.RemoteRef); err != nil {
-		return nil, errors.Wrap(err, "invalid remote reference")
-	}
-	query.Set("remote", options.RemoteRef)
-
-	privileges, err := cli.checkPluginPermissions(ctx, query, options)
-	if err != nil {
-		return nil, err
-	}
-
-	resp, err := cli.tryPluginUpgrade(ctx, query, privileges, name, options.RegistryAuth)
-	if err != nil {
-		return nil, err
-	}
-	return resp.Body, nil
-}
-
-func (cli *Client) tryPluginUpgrade(ctx context.Context, query url.Values, privileges types.PluginPrivileges, name, registryAuth string) (*http.Response, error) {
-	return cli.post(ctx, "/plugins/"+name+"/upgrade", query, privileges, http.Header{
-		registry.AuthHeader: {registryAuth},
-	})
-}
diff --git a/vendor/github.com/docker/docker/client/request.go b/vendor/github.com/docker/docker/client/request.go
deleted file mode 100644
index 254138fc22..0000000000
--- a/vendor/github.com/docker/docker/client/request.go
+++ /dev/null
@@ -1,322 +0,0 @@
-package client
-
-import (
-	"bytes"
-	"context"
-	"encoding/json"
-	"fmt"
-	"io"
-	"net"
-	"net/http"
-	"net/url"
-	"os"
-	"reflect"
-	"strings"
-
-	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/api/types/versions"
-	"github.com/pkg/errors"
-)
-
-// head sends an http request to the docker API using the method HEAD.
-func (cli *Client) head(ctx context.Context, path string, query url.Values, headers http.Header) (*http.Response, error) {
-	return cli.sendRequest(ctx, http.MethodHead, path, query, nil, headers)
-}
-
-// get sends an http request to the docker API using the method GET with a specific Go context.
-func (cli *Client) get(ctx context.Context, path string, query url.Values, headers http.Header) (*http.Response, error) {
-	return cli.sendRequest(ctx, http.MethodGet, path, query, nil, headers)
-}
-
-// post sends an http request to the docker API using the method POST with a specific Go context.
-func (cli *Client) post(ctx context.Context, path string, query url.Values, obj interface{}, headers http.Header) (*http.Response, error) {
-	body, headers, err := encodeBody(obj, headers)
-	if err != nil {
-		return nil, err
-	}
-	return cli.sendRequest(ctx, http.MethodPost, path, query, body, headers)
-}
-
-func (cli *Client) postRaw(ctx context.Context, path string, query url.Values, body io.Reader, headers http.Header) (*http.Response, error) {
-	return cli.sendRequest(ctx, http.MethodPost, path, query, body, headers)
-}
-
-func (cli *Client) put(ctx context.Context, path string, query url.Values, obj interface{}, headers http.Header) (*http.Response, error) {
-	body, headers, err := encodeBody(obj, headers)
-	if err != nil {
-		return nil, err
-	}
-	return cli.putRaw(ctx, path, query, body, headers)
-}
-
-// putRaw sends an http request to the docker API using the method PUT.
-func (cli *Client) putRaw(ctx context.Context, path string, query url.Values, body io.Reader, headers http.Header) (*http.Response, error) {
-	// PUT requests are expected to always have a body (apparently)
-	// so explicitly pass an empty body to sendRequest to signal that
-	// it should set the Content-Type header if not already present.
-	if body == nil {
-		body = http.NoBody
-	}
-	return cli.sendRequest(ctx, http.MethodPut, path, query, body, headers)
-}
-
-// delete sends an http request to the docker API using the method DELETE.
-func (cli *Client) delete(ctx context.Context, path string, query url.Values, headers http.Header) (*http.Response, error) {
-	return cli.sendRequest(ctx, http.MethodDelete, path, query, nil, headers)
-}
-
-func encodeBody(obj interface{}, headers http.Header) (io.Reader, http.Header, error) {
-	if obj == nil {
-		return nil, headers, nil
-	}
-	// encoding/json encodes a nil pointer as the JSON document `null`,
-	// irrespective of whether the type implements json.Marshaler or encoding.TextMarshaler.
-	// That is almost certainly not what the caller intended as the request body.
-	if reflect.TypeOf(obj).Kind() == reflect.Ptr && reflect.ValueOf(obj).IsNil() {
-		return nil, headers, nil
-	}
-
-	body, err := encodeData(obj)
-	if err != nil {
-		return nil, headers, err
-	}
-	if headers == nil {
-		headers = make(map[string][]string)
-	}
-	headers["Content-Type"] = []string{"application/json"}
-	return body, headers, nil
-}
-
-func (cli *Client) buildRequest(ctx context.Context, method, path string, body io.Reader, headers http.Header) (*http.Request, error) {
-	req, err := http.NewRequestWithContext(ctx, method, path, body)
-	if err != nil {
-		return nil, err
-	}
-	req = cli.addHeaders(req, headers)
-	req.URL.Scheme = cli.scheme
-	req.URL.Host = cli.addr
-
-	if cli.proto == "unix" || cli.proto == "npipe" {
-		// Override host header for non-tcp connections.
-		req.Host = DummyHost
-	}
-
-	if body != nil && req.Header.Get("Content-Type") == "" {
-		req.Header.Set("Content-Type", "text/plain")
-	}
-	return req, nil
-}
-
-func (cli *Client) sendRequest(ctx context.Context, method, path string, query url.Values, body io.Reader, headers http.Header) (*http.Response, error) {
-	req, err := cli.buildRequest(ctx, method, cli.getAPIPath(ctx, path, query), body, headers)
-	if err != nil {
-		return nil, err
-	}
-
-	resp, err := cli.doRequest(req)
-	switch {
-	case errors.Is(err, context.Canceled), errors.Is(err, context.DeadlineExceeded):
-		return nil, err
-	case err == nil:
-		return resp, cli.checkResponseErr(resp)
-	default:
-		return resp, err
-	}
-}
-
-func (cli *Client) doRequest(req *http.Request) (*http.Response, error) {
-	resp, err := cli.client.Do(req)
-	if err != nil {
-		if cli.scheme != "https" && strings.Contains(err.Error(), "malformed HTTP response") {
-			return nil, errConnectionFailed{fmt.Errorf("%v.\n* Are you trying to connect to a TLS-enabled daemon without TLS?", err)}
-		}
-
-		if cli.scheme == "https" && strings.Contains(err.Error(), "bad certificate") {
-			return nil, errConnectionFailed{errors.Wrap(err, "the server probably has client authentication (--tlsverify) enabled; check your TLS client certification settings")}
-		}
-
-		// Don't decorate context sentinel errors; users may be comparing to
-		// them directly.
-		if errors.Is(err, context.Canceled) || errors.Is(err, context.DeadlineExceeded) {
-			return nil, err
-		}
-
-		var uErr *url.Error
-		if errors.As(err, &uErr) {
-			var nErr *net.OpError
-			if errors.As(uErr.Err, &nErr) {
-				if os.IsPermission(nErr.Err) {
-					return nil, errConnectionFailed{errors.Wrapf(err, "permission denied while trying to connect to the Docker daemon socket at %v", cli.host)}
-				}
-			}
-		}
-
-		var nErr net.Error
-		if errors.As(err, &nErr) {
-			// FIXME(thaJeztah): any net.Error should be considered a connection error (but we should include the original error)?
-			if nErr.Timeout() {
-				return nil, connectionFailed(cli.host)
-			}
-			if strings.Contains(nErr.Error(), "connection refused") || strings.Contains(nErr.Error(), "dial unix") {
-				return nil, connectionFailed(cli.host)
-			}
-		}
-
-		// Although there's not a strongly typed error for this in go-winio,
-		// lots of people are using the default configuration for the docker
-		// daemon on Windows where the daemon is listening on a named pipe
-		// `//./pipe/docker_engine, and the client must be running elevated.
-		// Give users a clue rather than the not-overly useful message
-		// such as `error during connect: Get http://%2F%2F.%2Fpipe%2Fdocker_engine/v1.26/info:
-		// open //./pipe/docker_engine: The system cannot find the file specified.`.
-		// Note we can't string compare "The system cannot find the file specified" as
-		// this is localised - for example in French the error would be
-		// `open //./pipe/docker_engine: Le fichier spécifié est introuvable.`
-		if strings.Contains(err.Error(), `open //./pipe/docker_engine`) {
-			// Checks if client is running with elevated privileges
-			if f, elevatedErr := os.Open(`\\.\PHYSICALDRIVE0`); elevatedErr != nil {
-				err = errors.Wrap(err, "in the default daemon configuration on Windows, the docker client must be run with elevated privileges to connect")
-			} else {
-				_ = f.Close()
-				err = errors.Wrap(err, "this error may indicate that the docker daemon is not running")
-			}
-		}
-
-		return nil, errConnectionFailed{errors.Wrap(err, "error during connect")}
-	}
-
-	return resp, nil
-}
-
-func (cli *Client) checkResponseErr(serverResp *http.Response) (retErr error) {
-	if serverResp == nil {
-		return nil
-	}
-	if serverResp.StatusCode >= http.StatusOK && serverResp.StatusCode < http.StatusBadRequest {
-		return nil
-	}
-	defer func() {
-		retErr = httpErrorFromStatusCode(retErr, serverResp.StatusCode)
-	}()
-
-	var body []byte
-	var err error
-	var reqURL string
-	if serverResp.Request != nil {
-		reqURL = serverResp.Request.URL.String()
-	}
-	statusMsg := serverResp.Status
-	if statusMsg == "" {
-		statusMsg = http.StatusText(serverResp.StatusCode)
-	}
-	if serverResp.Body != nil {
-		bodyMax := 1 * 1024 * 1024 // 1 MiB
-		bodyR := &io.LimitedReader{
-			R: serverResp.Body,
-			N: int64(bodyMax),
-		}
-		body, err = io.ReadAll(bodyR)
-		if err != nil {
-			return err
-		}
-		if bodyR.N == 0 {
-			if reqURL != "" {
-				return fmt.Errorf("request returned %s with a message (> %d bytes) for API route and version %s, check if the server supports the requested API version", statusMsg, bodyMax, reqURL)
-			}
-			return fmt.Errorf("request returned %s with a message (> %d bytes); check if the server supports the requested API version", statusMsg, bodyMax)
-		}
-	}
-	if len(body) == 0 {
-		if reqURL != "" {
-			return fmt.Errorf("request returned %s for API route and version %s, check if the server supports the requested API version", statusMsg, reqURL)
-		}
-		return fmt.Errorf("request returned %s; check if the server supports the requested API version", statusMsg)
-	}
-
-	var daemonErr error
-	if serverResp.Header.Get("Content-Type") == "application/json" {
-		var errorResponse types.ErrorResponse
-		if err := json.Unmarshal(body, &errorResponse); err != nil {
-			return errors.Wrap(err, "Error reading JSON")
-		}
-		if errorResponse.Message == "" {
-			// Error-message is empty, which means that we successfully parsed the
-			// JSON-response (no error produced), but it didn't contain an error
-			// message. This could either be because the response was empty, or
-			// the response was valid JSON, but not with the expected schema
-			// ([types.ErrorResponse]).
-			//
-			// We cannot use "strict" JSON handling (json.NewDecoder with DisallowUnknownFields)
-			// due to the API using an open schema (we must anticipate fields
-			// being added to [types.ErrorResponse] in the future, and not
-			// reject those responses.
-			//
-			// For these cases, we construct an error with the status-code
-			// returned, but we could consider returning (a truncated version
-			// of) the actual response as-is.
-			//
-			// TODO(thaJeztah): consider adding a log.Debug to allow clients to debug the actual response when enabling debug logging.
-			daemonErr = fmt.Errorf(`API returned a %d (%s) but provided no error-message`,
-				serverResp.StatusCode,
-				http.StatusText(serverResp.StatusCode),
-			)
-		} else {
-			daemonErr = errors.New(strings.TrimSpace(errorResponse.Message))
-		}
-	} else {
-		// Fall back to returning the response as-is for API versions < 1.24
-		// that didn't support JSON error responses, and for situations
-		// where a plain text error is returned. This branch may also catch
-		// situations where a proxy is involved, returning a HTML response.
-		daemonErr = errors.New(strings.TrimSpace(string(body)))
-	}
-	return errors.Wrap(daemonErr, "Error response from daemon")
-}
-
-func (cli *Client) addHeaders(req *http.Request, headers http.Header) *http.Request {
-	// Add CLI Config's HTTP Headers BEFORE we set the Docker headers
-	// then the user can't change OUR headers
-	for k, v := range cli.customHTTPHeaders {
-		if versions.LessThan(cli.version, "1.25") && http.CanonicalHeaderKey(k) == "User-Agent" {
-			continue
-		}
-		req.Header.Set(k, v)
-	}
-
-	for k, v := range headers {
-		req.Header[http.CanonicalHeaderKey(k)] = v
-	}
-
-	if cli.userAgent != nil {
-		if *cli.userAgent == "" {
-			req.Header.Del("User-Agent")
-		} else {
-			req.Header.Set("User-Agent", *cli.userAgent)
-		}
-	}
-	return req
-}
-
-func encodeData(data interface{}) (*bytes.Buffer, error) {
-	params := bytes.NewBuffer(nil)
-	if data != nil {
-		if err := json.NewEncoder(params).Encode(data); err != nil {
-			return nil, err
-		}
-	}
-	return params, nil
-}
-
-func ensureReaderClosed(response *http.Response) {
-	if response != nil && response.Body != nil {
-		// Drain up to 512 bytes and close the body to let the Transport reuse the connection
-		// see https://github.com/google/go-github/pull/317/files#r57536827
-		//
-		// TODO(thaJeztah): see if this optimization is still needed, or already implemented in stdlib,
-		//   and check if context-cancellation should handle this as well. If still needed, consider
-		//   wrapping response.Body, or returning a "closer()" from [Client.sendRequest] and related
-		//   methods.
-		_, _ = io.CopyN(io.Discard, response.Body, 512)
-		_ = response.Body.Close()
-	}
-}
diff --git a/vendor/github.com/docker/docker/client/secret_create.go b/vendor/github.com/docker/docker/client/secret_create.go
deleted file mode 100644
index be4a1da456..0000000000
--- a/vendor/github.com/docker/docker/client/secret_create.go
+++ /dev/null
@@ -1,24 +0,0 @@
-package client
-
-import (
-	"context"
-	"encoding/json"
-
-	"github.com/docker/docker/api/types/swarm"
-)
-
-// SecretCreate creates a new secret.
-func (cli *Client) SecretCreate(ctx context.Context, secret swarm.SecretSpec) (swarm.SecretCreateResponse, error) {
-	if err := cli.NewVersionError(ctx, "1.25", "secret create"); err != nil {
-		return swarm.SecretCreateResponse{}, err
-	}
-	resp, err := cli.post(ctx, "/secrets/create", nil, secret, nil)
-	defer ensureReaderClosed(resp)
-	if err != nil {
-		return swarm.SecretCreateResponse{}, err
-	}
-
-	var response swarm.SecretCreateResponse
-	err = json.NewDecoder(resp.Body).Decode(&response)
-	return response, err
-}
diff --git a/vendor/github.com/docker/docker/client/secret_inspect.go b/vendor/github.com/docker/docker/client/secret_inspect.go
deleted file mode 100644
index f44c00e755..0000000000
--- a/vendor/github.com/docker/docker/client/secret_inspect.go
+++ /dev/null
@@ -1,37 +0,0 @@
-package client
-
-import (
-	"bytes"
-	"context"
-	"encoding/json"
-	"io"
-
-	"github.com/docker/docker/api/types/swarm"
-)
-
-// SecretInspectWithRaw returns the secret information with raw data
-func (cli *Client) SecretInspectWithRaw(ctx context.Context, id string) (swarm.Secret, []byte, error) {
-	id, err := trimID("secret", id)
-	if err != nil {
-		return swarm.Secret{}, nil, err
-	}
-	if err := cli.NewVersionError(ctx, "1.25", "secret inspect"); err != nil {
-		return swarm.Secret{}, nil, err
-	}
-	resp, err := cli.get(ctx, "/secrets/"+id, nil, nil)
-	defer ensureReaderClosed(resp)
-	if err != nil {
-		return swarm.Secret{}, nil, err
-	}
-
-	body, err := io.ReadAll(resp.Body)
-	if err != nil {
-		return swarm.Secret{}, nil, err
-	}
-
-	var secret swarm.Secret
-	rdr := bytes.NewReader(body)
-	err = json.NewDecoder(rdr).Decode(&secret)
-
-	return secret, body, err
-}
diff --git a/vendor/github.com/docker/docker/client/secret_list.go b/vendor/github.com/docker/docker/client/secret_list.go
deleted file mode 100644
index 2e37bda273..0000000000
--- a/vendor/github.com/docker/docker/client/secret_list.go
+++ /dev/null
@@ -1,37 +0,0 @@
-package client
-
-import (
-	"context"
-	"encoding/json"
-	"net/url"
-
-	"github.com/docker/docker/api/types/filters"
-	"github.com/docker/docker/api/types/swarm"
-)
-
-// SecretList returns the list of secrets.
-func (cli *Client) SecretList(ctx context.Context, options swarm.SecretListOptions) ([]swarm.Secret, error) {
-	if err := cli.NewVersionError(ctx, "1.25", "secret list"); err != nil {
-		return nil, err
-	}
-	query := url.Values{}
-
-	if options.Filters.Len() > 0 {
-		filterJSON, err := filters.ToJSON(options.Filters)
-		if err != nil {
-			return nil, err
-		}
-
-		query.Set("filters", filterJSON)
-	}
-
-	resp, err := cli.get(ctx, "/secrets", query, nil)
-	defer ensureReaderClosed(resp)
-	if err != nil {
-		return nil, err
-	}
-
-	var secrets []swarm.Secret
-	err = json.NewDecoder(resp.Body).Decode(&secrets)
-	return secrets, err
-}
diff --git a/vendor/github.com/docker/docker/client/secret_remove.go b/vendor/github.com/docker/docker/client/secret_remove.go
deleted file mode 100644
index d1044aaf85..0000000000
--- a/vendor/github.com/docker/docker/client/secret_remove.go
+++ /dev/null
@@ -1,17 +0,0 @@
-package client
-
-import "context"
-
-// SecretRemove removes a secret.
-func (cli *Client) SecretRemove(ctx context.Context, id string) error {
-	id, err := trimID("secret", id)
-	if err != nil {
-		return err
-	}
-	if err := cli.NewVersionError(ctx, "1.25", "secret remove"); err != nil {
-		return err
-	}
-	resp, err := cli.delete(ctx, "/secrets/"+id, nil, nil)
-	defer ensureReaderClosed(resp)
-	return err
-}
diff --git a/vendor/github.com/docker/docker/client/secret_update.go b/vendor/github.com/docker/docker/client/secret_update.go
deleted file mode 100644
index a0aff7cb69..0000000000
--- a/vendor/github.com/docker/docker/client/secret_update.go
+++ /dev/null
@@ -1,24 +0,0 @@
-package client
-
-import (
-	"context"
-	"net/url"
-
-	"github.com/docker/docker/api/types/swarm"
-)
-
-// SecretUpdate attempts to update a secret.
-func (cli *Client) SecretUpdate(ctx context.Context, id string, version swarm.Version, secret swarm.SecretSpec) error {
-	id, err := trimID("secret", id)
-	if err != nil {
-		return err
-	}
-	if err := cli.NewVersionError(ctx, "1.25", "secret update"); err != nil {
-		return err
-	}
-	query := url.Values{}
-	query.Set("version", version.String())
-	resp, err := cli.post(ctx, "/secrets/"+id+"/update", query, secret, nil)
-	ensureReaderClosed(resp)
-	return err
-}
diff --git a/vendor/github.com/docker/docker/client/service_inspect.go b/vendor/github.com/docker/docker/client/service_inspect.go
deleted file mode 100644
index cb25ade174..0000000000
--- a/vendor/github.com/docker/docker/client/service_inspect.go
+++ /dev/null
@@ -1,38 +0,0 @@
-package client
-
-import (
-	"bytes"
-	"context"
-	"encoding/json"
-	"fmt"
-	"io"
-	"net/url"
-
-	"github.com/docker/docker/api/types/swarm"
-)
-
-// ServiceInspectWithRaw returns the service information and the raw data.
-func (cli *Client) ServiceInspectWithRaw(ctx context.Context, serviceID string, opts swarm.ServiceInspectOptions) (swarm.Service, []byte, error) {
-	serviceID, err := trimID("service", serviceID)
-	if err != nil {
-		return swarm.Service{}, nil, err
-	}
-
-	query := url.Values{}
-	query.Set("insertDefaults", fmt.Sprintf("%v", opts.InsertDefaults))
-	resp, err := cli.get(ctx, "/services/"+serviceID, query, nil)
-	defer ensureReaderClosed(resp)
-	if err != nil {
-		return swarm.Service{}, nil, err
-	}
-
-	body, err := io.ReadAll(resp.Body)
-	if err != nil {
-		return swarm.Service{}, nil, err
-	}
-
-	var response swarm.Service
-	rdr := bytes.NewReader(body)
-	err = json.NewDecoder(rdr).Decode(&response)
-	return response, body, err
-}
diff --git a/vendor/github.com/docker/docker/client/service_list.go b/vendor/github.com/docker/docker/client/service_list.go
deleted file mode 100644
index 26b25ff0be..0000000000
--- a/vendor/github.com/docker/docker/client/service_list.go
+++ /dev/null
@@ -1,38 +0,0 @@
-package client
-
-import (
-	"context"
-	"encoding/json"
-	"net/url"
-
-	"github.com/docker/docker/api/types/filters"
-	"github.com/docker/docker/api/types/swarm"
-)
-
-// ServiceList returns the list of services.
-func (cli *Client) ServiceList(ctx context.Context, options swarm.ServiceListOptions) ([]swarm.Service, error) {
-	query := url.Values{}
-
-	if options.Filters.Len() > 0 {
-		filterJSON, err := filters.ToJSON(options.Filters)
-		if err != nil {
-			return nil, err
-		}
-
-		query.Set("filters", filterJSON)
-	}
-
-	if options.Status {
-		query.Set("status", "true")
-	}
-
-	resp, err := cli.get(ctx, "/services", query, nil)
-	defer ensureReaderClosed(resp)
-	if err != nil {
-		return nil, err
-	}
-
-	var services []swarm.Service
-	err = json.NewDecoder(resp.Body).Decode(&services)
-	return services, err
-}
diff --git a/vendor/github.com/docker/docker/client/service_logs.go b/vendor/github.com/docker/docker/client/service_logs.go
deleted file mode 100644
index 8bf0408261..0000000000
--- a/vendor/github.com/docker/docker/client/service_logs.go
+++ /dev/null
@@ -1,57 +0,0 @@
-package client
-
-import (
-	"context"
-	"io"
-	"net/url"
-	"time"
-
-	"github.com/docker/docker/api/types/container"
-	timetypes "github.com/docker/docker/api/types/time"
-	"github.com/pkg/errors"
-)
-
-// ServiceLogs returns the logs generated by a service in an io.ReadCloser.
-// It's up to the caller to close the stream.
-func (cli *Client) ServiceLogs(ctx context.Context, serviceID string, options container.LogsOptions) (io.ReadCloser, error) {
-	serviceID, err := trimID("service", serviceID)
-	if err != nil {
-		return nil, err
-	}
-
-	query := url.Values{}
-	if options.ShowStdout {
-		query.Set("stdout", "1")
-	}
-
-	if options.ShowStderr {
-		query.Set("stderr", "1")
-	}
-
-	if options.Since != "" {
-		ts, err := timetypes.GetTimestamp(options.Since, time.Now())
-		if err != nil {
-			return nil, errors.Wrap(err, `invalid value for "since"`)
-		}
-		query.Set("since", ts)
-	}
-
-	if options.Timestamps {
-		query.Set("timestamps", "1")
-	}
-
-	if options.Details {
-		query.Set("details", "1")
-	}
-
-	if options.Follow {
-		query.Set("follow", "1")
-	}
-	query.Set("tail", options.Tail)
-
-	resp, err := cli.get(ctx, "/services/"+serviceID+"/logs", query, nil)
-	if err != nil {
-		return nil, err
-	}
-	return resp.Body, nil
-}
diff --git a/vendor/github.com/docker/docker/client/service_remove.go b/vendor/github.com/docker/docker/client/service_remove.go
deleted file mode 100644
index 0c7cc571e0..0000000000
--- a/vendor/github.com/docker/docker/client/service_remove.go
+++ /dev/null
@@ -1,15 +0,0 @@
-package client
-
-import "context"
-
-// ServiceRemove kills and removes a service.
-func (cli *Client) ServiceRemove(ctx context.Context, serviceID string) error {
-	serviceID, err := trimID("service", serviceID)
-	if err != nil {
-		return err
-	}
-
-	resp, err := cli.delete(ctx, "/services/"+serviceID, nil, nil)
-	defer ensureReaderClosed(resp)
-	return err
-}
diff --git a/vendor/github.com/docker/docker/client/service_update.go b/vendor/github.com/docker/docker/client/service_update.go
deleted file mode 100644
index 278e305d02..0000000000
--- a/vendor/github.com/docker/docker/client/service_update.go
+++ /dev/null
@@ -1,89 +0,0 @@
-package client
-
-import (
-	"context"
-	"encoding/json"
-	"net/http"
-	"net/url"
-
-	"github.com/docker/docker/api/types/registry"
-	"github.com/docker/docker/api/types/swarm"
-	"github.com/docker/docker/api/types/versions"
-)
-
-// ServiceUpdate updates a Service. The version number is required to avoid conflicting writes.
-// It should be the value as set *before* the update. You can find this value in the Meta field
-// of swarm.Service, which can be found using ServiceInspectWithRaw.
-func (cli *Client) ServiceUpdate(ctx context.Context, serviceID string, version swarm.Version, service swarm.ServiceSpec, options swarm.ServiceUpdateOptions) (swarm.ServiceUpdateResponse, error) {
-	serviceID, err := trimID("service", serviceID)
-	if err != nil {
-		return swarm.ServiceUpdateResponse{}, err
-	}
-
-	// Make sure we negotiated (if the client is configured to do so),
-	// as code below contains API-version specific handling of options.
-	//
-	// Normally, version-negotiation (if enabled) would not happen until
-	// the API request is made.
-	if err := cli.checkVersion(ctx); err != nil {
-		return swarm.ServiceUpdateResponse{}, err
-	}
-
-	query := url.Values{}
-	if options.RegistryAuthFrom != "" {
-		query.Set("registryAuthFrom", options.RegistryAuthFrom)
-	}
-
-	if options.Rollback != "" {
-		query.Set("rollback", options.Rollback)
-	}
-
-	query.Set("version", version.String())
-
-	if err := validateServiceSpec(service); err != nil {
-		return swarm.ServiceUpdateResponse{}, err
-	}
-
-	// ensure that the image is tagged
-	var resolveWarning string
-	switch {
-	case service.TaskTemplate.ContainerSpec != nil:
-		if taggedImg := imageWithTagString(service.TaskTemplate.ContainerSpec.Image); taggedImg != "" {
-			service.TaskTemplate.ContainerSpec.Image = taggedImg
-		}
-		if options.QueryRegistry {
-			resolveWarning = resolveContainerSpecImage(ctx, cli, &service.TaskTemplate, options.EncodedRegistryAuth)
-		}
-	case service.TaskTemplate.PluginSpec != nil:
-		if taggedImg := imageWithTagString(service.TaskTemplate.PluginSpec.Remote); taggedImg != "" {
-			service.TaskTemplate.PluginSpec.Remote = taggedImg
-		}
-		if options.QueryRegistry {
-			resolveWarning = resolvePluginSpecRemote(ctx, cli, &service.TaskTemplate, options.EncodedRegistryAuth)
-		}
-	}
-
-	headers := http.Header{}
-	if versions.LessThan(cli.version, "1.30") {
-		// the custom "version" header was used by engine API before 20.10
-		// (API 1.30) to switch between client- and server-side lookup of
-		// image digests.
-		headers["version"] = []string{cli.version}
-	}
-	if options.EncodedRegistryAuth != "" {
-		headers[registry.AuthHeader] = []string{options.EncodedRegistryAuth}
-	}
-	resp, err := cli.post(ctx, "/services/"+serviceID+"/update", query, service, headers)
-	defer ensureReaderClosed(resp)
-	if err != nil {
-		return swarm.ServiceUpdateResponse{}, err
-	}
-
-	var response swarm.ServiceUpdateResponse
-	err = json.NewDecoder(resp.Body).Decode(&response)
-	if resolveWarning != "" {
-		response.Warnings = append(response.Warnings, resolveWarning)
-	}
-
-	return response, err
-}
diff --git a/vendor/github.com/docker/docker/client/swarm_get_unlock_key.go b/vendor/github.com/docker/docker/client/swarm_get_unlock_key.go
deleted file mode 100644
index 41151f6cd2..0000000000
--- a/vendor/github.com/docker/docker/client/swarm_get_unlock_key.go
+++ /dev/null
@@ -1,21 +0,0 @@
-package client
-
-import (
-	"context"
-	"encoding/json"
-
-	"github.com/docker/docker/api/types/swarm"
-)
-
-// SwarmGetUnlockKey retrieves the swarm's unlock key.
-func (cli *Client) SwarmGetUnlockKey(ctx context.Context) (swarm.UnlockKeyResponse, error) {
-	resp, err := cli.get(ctx, "/swarm/unlockkey", nil, nil)
-	defer ensureReaderClosed(resp)
-	if err != nil {
-		return swarm.UnlockKeyResponse{}, err
-	}
-
-	var response swarm.UnlockKeyResponse
-	err = json.NewDecoder(resp.Body).Decode(&response)
-	return response, err
-}
diff --git a/vendor/github.com/docker/docker/client/swarm_init.go b/vendor/github.com/docker/docker/client/swarm_init.go
deleted file mode 100644
index 7f29165493..0000000000
--- a/vendor/github.com/docker/docker/client/swarm_init.go
+++ /dev/null
@@ -1,21 +0,0 @@
-package client
-
-import (
-	"context"
-	"encoding/json"
-
-	"github.com/docker/docker/api/types/swarm"
-)
-
-// SwarmInit initializes the swarm.
-func (cli *Client) SwarmInit(ctx context.Context, req swarm.InitRequest) (string, error) {
-	resp, err := cli.post(ctx, "/swarm/init", nil, req, nil)
-	defer ensureReaderClosed(resp)
-	if err != nil {
-		return "", err
-	}
-
-	var response string
-	err = json.NewDecoder(resp.Body).Decode(&response)
-	return response, err
-}
diff --git a/vendor/github.com/docker/docker/client/swarm_inspect.go b/vendor/github.com/docker/docker/client/swarm_inspect.go
deleted file mode 100644
index 597693bd33..0000000000
--- a/vendor/github.com/docker/docker/client/swarm_inspect.go
+++ /dev/null
@@ -1,21 +0,0 @@
-package client
-
-import (
-	"context"
-	"encoding/json"
-
-	"github.com/docker/docker/api/types/swarm"
-)
-
-// SwarmInspect inspects the swarm.
-func (cli *Client) SwarmInspect(ctx context.Context) (swarm.Swarm, error) {
-	resp, err := cli.get(ctx, "/swarm", nil, nil)
-	defer ensureReaderClosed(resp)
-	if err != nil {
-		return swarm.Swarm{}, err
-	}
-
-	var response swarm.Swarm
-	err = json.NewDecoder(resp.Body).Decode(&response)
-	return response, err
-}
diff --git a/vendor/github.com/docker/docker/client/swarm_join.go b/vendor/github.com/docker/docker/client/swarm_join.go
deleted file mode 100644
index 446d4d0482..0000000000
--- a/vendor/github.com/docker/docker/client/swarm_join.go
+++ /dev/null
@@ -1,14 +0,0 @@
-package client
-
-import (
-	"context"
-
-	"github.com/docker/docker/api/types/swarm"
-)
-
-// SwarmJoin joins the swarm.
-func (cli *Client) SwarmJoin(ctx context.Context, req swarm.JoinRequest) error {
-	resp, err := cli.post(ctx, "/swarm/join", nil, req, nil)
-	ensureReaderClosed(resp)
-	return err
-}
diff --git a/vendor/github.com/docker/docker/client/swarm_leave.go b/vendor/github.com/docker/docker/client/swarm_leave.go
deleted file mode 100644
index 709e5adb35..0000000000
--- a/vendor/github.com/docker/docker/client/swarm_leave.go
+++ /dev/null
@@ -1,17 +0,0 @@
-package client
-
-import (
-	"context"
-	"net/url"
-)
-
-// SwarmLeave leaves the swarm.
-func (cli *Client) SwarmLeave(ctx context.Context, force bool) error {
-	query := url.Values{}
-	if force {
-		query.Set("force", "1")
-	}
-	resp, err := cli.post(ctx, "/swarm/leave", query, nil, nil)
-	ensureReaderClosed(resp)
-	return err
-}
diff --git a/vendor/github.com/docker/docker/client/swarm_unlock.go b/vendor/github.com/docker/docker/client/swarm_unlock.go
deleted file mode 100644
index e3c756b661..0000000000
--- a/vendor/github.com/docker/docker/client/swarm_unlock.go
+++ /dev/null
@@ -1,14 +0,0 @@
-package client
-
-import (
-	"context"
-
-	"github.com/docker/docker/api/types/swarm"
-)
-
-// SwarmUnlock unlocks locked swarm.
-func (cli *Client) SwarmUnlock(ctx context.Context, req swarm.UnlockRequest) error {
-	resp, err := cli.post(ctx, "/swarm/unlock", nil, req, nil)
-	ensureReaderClosed(resp)
-	return err
-}
diff --git a/vendor/github.com/docker/docker/client/swarm_update.go b/vendor/github.com/docker/docker/client/swarm_update.go
deleted file mode 100644
index 309ab194a4..0000000000
--- a/vendor/github.com/docker/docker/client/swarm_update.go
+++ /dev/null
@@ -1,21 +0,0 @@
-package client
-
-import (
-	"context"
-	"net/url"
-	"strconv"
-
-	"github.com/docker/docker/api/types/swarm"
-)
-
-// SwarmUpdate updates the swarm.
-func (cli *Client) SwarmUpdate(ctx context.Context, version swarm.Version, swarm swarm.Spec, flags swarm.UpdateFlags) error {
-	query := url.Values{}
-	query.Set("version", version.String())
-	query.Set("rotateWorkerToken", strconv.FormatBool(flags.RotateWorkerToken))
-	query.Set("rotateManagerToken", strconv.FormatBool(flags.RotateManagerToken))
-	query.Set("rotateManagerUnlockKey", strconv.FormatBool(flags.RotateManagerUnlockKey))
-	resp, err := cli.post(ctx, "/swarm/update", query, swarm, nil)
-	ensureReaderClosed(resp)
-	return err
-}
diff --git a/vendor/github.com/docker/docker/client/task_inspect.go b/vendor/github.com/docker/docker/client/task_inspect.go
deleted file mode 100644
index ca3924fc48..0000000000
--- a/vendor/github.com/docker/docker/client/task_inspect.go
+++ /dev/null
@@ -1,34 +0,0 @@
-package client
-
-import (
-	"bytes"
-	"context"
-	"encoding/json"
-	"io"
-
-	"github.com/docker/docker/api/types/swarm"
-)
-
-// TaskInspectWithRaw returns the task information and its raw representation.
-func (cli *Client) TaskInspectWithRaw(ctx context.Context, taskID string) (swarm.Task, []byte, error) {
-	taskID, err := trimID("task", taskID)
-	if err != nil {
-		return swarm.Task{}, nil, err
-	}
-
-	resp, err := cli.get(ctx, "/tasks/"+taskID, nil, nil)
-	defer ensureReaderClosed(resp)
-	if err != nil {
-		return swarm.Task{}, nil, err
-	}
-
-	body, err := io.ReadAll(resp.Body)
-	if err != nil {
-		return swarm.Task{}, nil, err
-	}
-
-	var response swarm.Task
-	rdr := bytes.NewReader(body)
-	err = json.NewDecoder(rdr).Decode(&response)
-	return response, body, err
-}
diff --git a/vendor/github.com/docker/docker/client/task_list.go b/vendor/github.com/docker/docker/client/task_list.go
deleted file mode 100644
index de743e99c5..0000000000
--- a/vendor/github.com/docker/docker/client/task_list.go
+++ /dev/null
@@ -1,34 +0,0 @@
-package client
-
-import (
-	"context"
-	"encoding/json"
-	"net/url"
-
-	"github.com/docker/docker/api/types/filters"
-	"github.com/docker/docker/api/types/swarm"
-)
-
-// TaskList returns the list of tasks.
-func (cli *Client) TaskList(ctx context.Context, options swarm.TaskListOptions) ([]swarm.Task, error) {
-	query := url.Values{}
-
-	if options.Filters.Len() > 0 {
-		filterJSON, err := filters.ToJSON(options.Filters)
-		if err != nil {
-			return nil, err
-		}
-
-		query.Set("filters", filterJSON)
-	}
-
-	resp, err := cli.get(ctx, "/tasks", query, nil)
-	defer ensureReaderClosed(resp)
-	if err != nil {
-		return nil, err
-	}
-
-	var tasks []swarm.Task
-	err = json.NewDecoder(resp.Body).Decode(&tasks)
-	return tasks, err
-}
diff --git a/vendor/github.com/docker/docker/client/task_logs.go b/vendor/github.com/docker/docker/client/task_logs.go
deleted file mode 100644
index baa55528a7..0000000000
--- a/vendor/github.com/docker/docker/client/task_logs.go
+++ /dev/null
@@ -1,51 +0,0 @@
-package client
-
-import (
-	"context"
-	"io"
-	"net/url"
-	"time"
-
-	"github.com/docker/docker/api/types/container"
-	timetypes "github.com/docker/docker/api/types/time"
-)
-
-// TaskLogs returns the logs generated by a task in an io.ReadCloser.
-// It's up to the caller to close the stream.
-func (cli *Client) TaskLogs(ctx context.Context, taskID string, options container.LogsOptions) (io.ReadCloser, error) {
-	query := url.Values{}
-	if options.ShowStdout {
-		query.Set("stdout", "1")
-	}
-
-	if options.ShowStderr {
-		query.Set("stderr", "1")
-	}
-
-	if options.Since != "" {
-		ts, err := timetypes.GetTimestamp(options.Since, time.Now())
-		if err != nil {
-			return nil, err
-		}
-		query.Set("since", ts)
-	}
-
-	if options.Timestamps {
-		query.Set("timestamps", "1")
-	}
-
-	if options.Details {
-		query.Set("details", "1")
-	}
-
-	if options.Follow {
-		query.Set("follow", "1")
-	}
-	query.Set("tail", options.Tail)
-
-	resp, err := cli.get(ctx, "/tasks/"+taskID+"/logs", query, nil)
-	if err != nil {
-		return nil, err
-	}
-	return resp.Body, nil
-}
diff --git a/vendor/github.com/docker/docker/client/utils.go b/vendor/github.com/docker/docker/client/utils.go
deleted file mode 100644
index 7b82f185ac..0000000000
--- a/vendor/github.com/docker/docker/client/utils.go
+++ /dev/null
@@ -1,83 +0,0 @@
-package client
-
-import (
-	"encoding/json"
-	"fmt"
-	"net/url"
-	"strings"
-
-	cerrdefs "github.com/containerd/errdefs"
-	"github.com/docker/docker/api/types/filters"
-	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
-)
-
-type emptyIDError string
-
-func (e emptyIDError) InvalidParameter() {}
-
-func (e emptyIDError) Error() string {
-	return "invalid " + string(e) + " name or ID: value is empty"
-}
-
-// trimID trims the given object-ID / name, returning an error if it's empty.
-func trimID(objType, id string) (string, error) {
-	id = strings.TrimSpace(id)
-	if id == "" {
-		return "", emptyIDError(objType)
-	}
-	return id, nil
-}
-
-// getFiltersQuery returns a url query with "filters" query term, based on the
-// filters provided.
-func getFiltersQuery(f filters.Args) (url.Values, error) {
-	query := url.Values{}
-	if f.Len() > 0 {
-		filterJSON, err := filters.ToJSON(f)
-		if err != nil {
-			return query, err
-		}
-		query.Set("filters", filterJSON)
-	}
-	return query, nil
-}
-
-// encodePlatforms marshals the given platform(s) to JSON format, to
-// be used for query-parameters for filtering / selecting platforms.
-func encodePlatforms(platform ...ocispec.Platform) ([]string, error) {
-	if len(platform) == 0 {
-		return []string{}, nil
-	}
-	if len(platform) == 1 {
-		p, err := encodePlatform(&platform[0])
-		if err != nil {
-			return nil, err
-		}
-		return []string{p}, nil
-	}
-
-	seen := make(map[string]struct{}, len(platform))
-	out := make([]string, 0, len(platform))
-	for i := range platform {
-		p, err := encodePlatform(&platform[i])
-		if err != nil {
-			return nil, err
-		}
-		if _, ok := seen[p]; !ok {
-			out = append(out, p)
-			seen[p] = struct{}{}
-		}
-	}
-	return out, nil
-}
-
-// encodePlatform marshals the given platform to JSON format, to
-// be used for query-parameters for filtering / selecting platforms. It
-// is used as a helper for encodePlatforms,
-func encodePlatform(platform *ocispec.Platform) (string, error) {
-	p, err := json.Marshal(platform)
-	if err != nil {
-		return "", fmt.Errorf("%w: invalid platform: %v", cerrdefs.ErrInvalidArgument, err)
-	}
-	return string(p), nil
-}
diff --git a/vendor/github.com/docker/docker/client/version.go b/vendor/github.com/docker/docker/client/version.go
deleted file mode 100644
index 046af16cc5..0000000000
--- a/vendor/github.com/docker/docker/client/version.go
+++ /dev/null
@@ -1,21 +0,0 @@
-package client
-
-import (
-	"context"
-	"encoding/json"
-
-	"github.com/docker/docker/api/types"
-)
-
-// ServerVersion returns information of the docker client and server host.
-func (cli *Client) ServerVersion(ctx context.Context) (types.Version, error) {
-	resp, err := cli.get(ctx, "/version", nil, nil)
-	defer ensureReaderClosed(resp)
-	if err != nil {
-		return types.Version{}, err
-	}
-
-	var server types.Version
-	err = json.NewDecoder(resp.Body).Decode(&server)
-	return server, err
-}
diff --git a/vendor/github.com/docker/docker/client/volume_create.go b/vendor/github.com/docker/docker/client/volume_create.go
deleted file mode 100644
index 1aad3f479c..0000000000
--- a/vendor/github.com/docker/docker/client/volume_create.go
+++ /dev/null
@@ -1,21 +0,0 @@
-package client
-
-import (
-	"context"
-	"encoding/json"
-
-	"github.com/docker/docker/api/types/volume"
-)
-
-// VolumeCreate creates a volume in the docker host.
-func (cli *Client) VolumeCreate(ctx context.Context, options volume.CreateOptions) (volume.Volume, error) {
-	resp, err := cli.post(ctx, "/volumes/create", nil, options, nil)
-	defer ensureReaderClosed(resp)
-	if err != nil {
-		return volume.Volume{}, err
-	}
-
-	var vol volume.Volume
-	err = json.NewDecoder(resp.Body).Decode(&vol)
-	return vol, err
-}
diff --git a/vendor/github.com/docker/docker/client/volume_inspect.go b/vendor/github.com/docker/docker/client/volume_inspect.go
deleted file mode 100644
index 389a4a71aa..0000000000
--- a/vendor/github.com/docker/docker/client/volume_inspect.go
+++ /dev/null
@@ -1,40 +0,0 @@
-package client
-
-import (
-	"bytes"
-	"context"
-	"encoding/json"
-	"io"
-
-	"github.com/docker/docker/api/types/volume"
-)
-
-// VolumeInspect returns the information about a specific volume in the docker host.
-func (cli *Client) VolumeInspect(ctx context.Context, volumeID string) (volume.Volume, error) {
-	vol, _, err := cli.VolumeInspectWithRaw(ctx, volumeID)
-	return vol, err
-}
-
-// VolumeInspectWithRaw returns the information about a specific volume in the docker host and its raw representation
-func (cli *Client) VolumeInspectWithRaw(ctx context.Context, volumeID string) (volume.Volume, []byte, error) {
-	volumeID, err := trimID("volume", volumeID)
-	if err != nil {
-		return volume.Volume{}, nil, err
-	}
-
-	resp, err := cli.get(ctx, "/volumes/"+volumeID, nil, nil)
-	defer ensureReaderClosed(resp)
-	if err != nil {
-		return volume.Volume{}, nil, err
-	}
-
-	body, err := io.ReadAll(resp.Body)
-	if err != nil {
-		return volume.Volume{}, nil, err
-	}
-
-	var vol volume.Volume
-	rdr := bytes.NewReader(body)
-	err = json.NewDecoder(rdr).Decode(&vol)
-	return vol, body, err
-}
diff --git a/vendor/github.com/docker/docker/client/volume_list.go b/vendor/github.com/docker/docker/client/volume_list.go
deleted file mode 100644
index 61ed518cd6..0000000000
--- a/vendor/github.com/docker/docker/client/volume_list.go
+++ /dev/null
@@ -1,33 +0,0 @@
-package client
-
-import (
-	"context"
-	"encoding/json"
-	"net/url"
-
-	"github.com/docker/docker/api/types/filters"
-	"github.com/docker/docker/api/types/volume"
-)
-
-// VolumeList returns the volumes configured in the docker host.
-func (cli *Client) VolumeList(ctx context.Context, options volume.ListOptions) (volume.ListResponse, error) {
-	query := url.Values{}
-
-	if options.Filters.Len() > 0 {
-		//nolint:staticcheck // ignore SA1019 for old code
-		filterJSON, err := filters.ToParamWithVersion(cli.version, options.Filters)
-		if err != nil {
-			return volume.ListResponse{}, err
-		}
-		query.Set("filters", filterJSON)
-	}
-	resp, err := cli.get(ctx, "/volumes", query, nil)
-	defer ensureReaderClosed(resp)
-	if err != nil {
-		return volume.ListResponse{}, err
-	}
-
-	var volumes volume.ListResponse
-	err = json.NewDecoder(resp.Body).Decode(&volumes)
-	return volumes, err
-}
diff --git a/vendor/github.com/docker/docker/client/volume_prune.go b/vendor/github.com/docker/docker/client/volume_prune.go
deleted file mode 100644
index e22f0072f9..0000000000
--- a/vendor/github.com/docker/docker/client/volume_prune.go
+++ /dev/null
@@ -1,35 +0,0 @@
-package client
-
-import (
-	"context"
-	"encoding/json"
-	"fmt"
-
-	"github.com/docker/docker/api/types/filters"
-	"github.com/docker/docker/api/types/volume"
-)
-
-// VolumesPrune requests the daemon to delete unused data
-func (cli *Client) VolumesPrune(ctx context.Context, pruneFilters filters.Args) (volume.PruneReport, error) {
-	if err := cli.NewVersionError(ctx, "1.25", "volume prune"); err != nil {
-		return volume.PruneReport{}, err
-	}
-
-	query, err := getFiltersQuery(pruneFilters)
-	if err != nil {
-		return volume.PruneReport{}, err
-	}
-
-	resp, err := cli.post(ctx, "/volumes/prune", query, nil, nil)
-	defer ensureReaderClosed(resp)
-	if err != nil {
-		return volume.PruneReport{}, err
-	}
-
-	var report volume.PruneReport
-	if err := json.NewDecoder(resp.Body).Decode(&report); err != nil {
-		return volume.PruneReport{}, fmt.Errorf("Error retrieving volume prune report: %v", err)
-	}
-
-	return report, nil
-}
diff --git a/vendor/github.com/docker/docker/client/volume_remove.go b/vendor/github.com/docker/docker/client/volume_remove.go
deleted file mode 100644
index e2a53fa9b8..0000000000
--- a/vendor/github.com/docker/docker/client/volume_remove.go
+++ /dev/null
@@ -1,34 +0,0 @@
-package client
-
-import (
-	"context"
-	"net/url"
-
-	"github.com/docker/docker/api/types/versions"
-)
-
-// VolumeRemove removes a volume from the docker host.
-func (cli *Client) VolumeRemove(ctx context.Context, volumeID string, force bool) error {
-	volumeID, err := trimID("volume", volumeID)
-	if err != nil {
-		return err
-	}
-
-	query := url.Values{}
-	if force {
-		// Make sure we negotiated (if the client is configured to do so),
-		// as code below contains API-version specific handling of options.
-		//
-		// Normally, version-negotiation (if enabled) would not happen until
-		// the API request is made.
-		if err := cli.checkVersion(ctx); err != nil {
-			return err
-		}
-		if versions.GreaterThanOrEqualTo(cli.version, "1.25") {
-			query.Set("force", "1")
-		}
-	}
-	resp, err := cli.delete(ctx, "/volumes/"+volumeID, query, nil)
-	defer ensureReaderClosed(resp)
-	return err
-}
diff --git a/vendor/github.com/docker/docker/client/volume_update.go b/vendor/github.com/docker/docker/client/volume_update.go
deleted file mode 100644
index 879932f008..0000000000
--- a/vendor/github.com/docker/docker/client/volume_update.go
+++ /dev/null
@@ -1,28 +0,0 @@
-package client
-
-import (
-	"context"
-	"net/url"
-
-	"github.com/docker/docker/api/types/swarm"
-	"github.com/docker/docker/api/types/volume"
-)
-
-// VolumeUpdate updates a volume. This only works for Cluster Volumes, and
-// only some fields can be updated.
-func (cli *Client) VolumeUpdate(ctx context.Context, volumeID string, version swarm.Version, options volume.UpdateOptions) error {
-	volumeID, err := trimID("volume", volumeID)
-	if err != nil {
-		return err
-	}
-	if err := cli.NewVersionError(ctx, "1.42", "volume update"); err != nil {
-		return err
-	}
-
-	query := url.Values{}
-	query.Set("version", version.String())
-
-	resp, err := cli.put(ctx, "/volumes/"+volumeID, query, options, nil)
-	ensureReaderClosed(resp)
-	return err
-}
diff --git a/vendor/github.com/docker/docker/pkg/jsonmessage/jsonmessage.go b/vendor/github.com/docker/docker/pkg/jsonmessage/jsonmessage.go
deleted file mode 100644
index 13df228c62..0000000000
--- a/vendor/github.com/docker/docker/pkg/jsonmessage/jsonmessage.go
+++ /dev/null
@@ -1,314 +0,0 @@
-package jsonmessage
-
-import (
-	"encoding/json"
-	"fmt"
-	"io"
-	"strings"
-	"time"
-
-	"github.com/docker/go-units"
-	"github.com/moby/term"
-	"github.com/morikuni/aec"
-)
-
-// RFC3339NanoFixed is time.RFC3339Nano with nanoseconds padded using zeros to
-// ensure the formatted time isalways the same number of characters.
-const RFC3339NanoFixed = "2006-01-02T15:04:05.000000000Z07:00"
-
-// JSONError wraps a concrete Code and Message, Code is
-// an integer error code, Message is the error message.
-type JSONError struct {
-	Code    int    `json:"code,omitempty"`
-	Message string `json:"message,omitempty"`
-}
-
-func (e *JSONError) Error() string {
-	return e.Message
-}
-
-// JSONProgress describes a progress message in a JSON stream.
-type JSONProgress struct {
-	// Current is the current status and value of the progress made towards Total.
-	Current int64 `json:"current,omitempty"`
-	// Total is the end value describing when we made 100% progress for an operation.
-	Total int64 `json:"total,omitempty"`
-	// Start is the initial value for the operation.
-	Start int64 `json:"start,omitempty"`
-	// HideCounts. if true, hides the progress count indicator (xB/yB).
-	HideCounts bool `json:"hidecounts,omitempty"`
-	// Units is the unit to print for progress. It defaults to "bytes" if empty.
-	Units string `json:"units,omitempty"`
-
-	// terminalFd is the fd of the current terminal, if any. It is used
-	// to get the terminal width.
-	terminalFd uintptr
-
-	// nowFunc is used to override the current time in tests.
-	nowFunc func() time.Time
-
-	// winSize is used to override the terminal width in tests.
-	winSize int
-}
-
-func (p *JSONProgress) String() string {
-	var (
-		width      = p.width()
-		pbBox      string
-		numbersBox string
-	)
-	if p.Current <= 0 && p.Total <= 0 {
-		return ""
-	}
-	if p.Total <= 0 {
-		switch p.Units {
-		case "":
-			return fmt.Sprintf("%8v", units.HumanSize(float64(p.Current)))
-		default:
-			return fmt.Sprintf("%d %s", p.Current, p.Units)
-		}
-	}
-
-	percentage := int(float64(p.Current)/float64(p.Total)*100) / 2
-	if percentage > 50 {
-		percentage = 50
-	}
-	if width > 110 {
-		// this number can't be negative gh#7136
-		numSpaces := 0
-		if 50-percentage > 0 {
-			numSpaces = 50 - percentage
-		}
-		pbBox = fmt.Sprintf("[%s>%s] ", strings.Repeat("=", percentage), strings.Repeat(" ", numSpaces))
-	}
-
-	switch {
-	case p.HideCounts:
-	case p.Units == "": // no units, use bytes
-		current := units.HumanSize(float64(p.Current))
-		total := units.HumanSize(float64(p.Total))
-
-		numbersBox = fmt.Sprintf("%8v/%v", current, total)
-
-		if p.Current > p.Total {
-			// remove total display if the reported current is wonky.
-			numbersBox = fmt.Sprintf("%8v", current)
-		}
-	default:
-		numbersBox = fmt.Sprintf("%d/%d %s", p.Current, p.Total, p.Units)
-
-		if p.Current > p.Total {
-			// remove total display if the reported current is wonky.
-			numbersBox = fmt.Sprintf("%d %s", p.Current, p.Units)
-		}
-	}
-
-	// Show approximation of remaining time if there's enough width.
-	var timeLeftBox string
-	if width > 50 {
-		if p.Current > 0 && p.Start > 0 && percentage < 50 {
-			fromStart := p.now().Sub(time.Unix(p.Start, 0))
-			perEntry := fromStart / time.Duration(p.Current)
-			left := time.Duration(p.Total-p.Current) * perEntry
-			timeLeftBox = " " + left.Round(time.Second).String()
-		}
-	}
-	return pbBox + numbersBox + timeLeftBox
-}
-
-// now returns the current time in UTC, but can be overridden in tests
-// by setting JSONProgress.nowFunc to a custom function.
-func (p *JSONProgress) now() time.Time {
-	if p.nowFunc != nil {
-		return p.nowFunc()
-	}
-	return time.Now().UTC()
-}
-
-// width returns the current terminal's width, but can be overridden
-// in tests by setting JSONProgress.winSize to a non-zero value.
-func (p *JSONProgress) width() int {
-	if p.winSize != 0 {
-		return p.winSize
-	}
-	ws, err := term.GetWinsize(p.terminalFd)
-	if err == nil {
-		return int(ws.Width)
-	}
-	return 200
-}
-
-// JSONMessage defines a message struct. It describes
-// the created time, where it from, status, ID of the
-// message. It's used for docker events.
-type JSONMessage struct {
-	Stream   string        `json:"stream,omitempty"`
-	Status   string        `json:"status,omitempty"`
-	Progress *JSONProgress `json:"progressDetail,omitempty"`
-
-	// ProgressMessage is a pre-formatted presentation of [Progress].
-	//
-	// Deprecated: this field is deprecated since docker v0.7.1 / API v1.8. Use the information in [Progress] instead. This field will be omitted in a future release.
-	ProgressMessage string     `json:"progress,omitempty"`
-	ID              string     `json:"id,omitempty"`
-	From            string     `json:"from,omitempty"`     // Deprecated: this field is no longer set in stream responses and should not be used.
-	Time            int64      `json:"time,omitempty"`     // Deprecated: this field is no longer set in stream responses and should not be used.
-	TimeNano        int64      `json:"timeNano,omitempty"` // Deprecated: this field is no longer set in stream responses and should not be used.
-	Error           *JSONError `json:"errorDetail,omitempty"`
-
-	// ErrorMessage contains errors encountered during the operation.
-	//
-	// Deprecated: this field is deprecated since docker v0.6.0 / API v1.4. Use [Error.Message] instead. This field will be omitted in a future release.
-	ErrorMessage string `json:"error,omitempty"` // deprecated
-	// Aux contains out-of-band data, such as digests for push signing and image id after building.
-	Aux *json.RawMessage `json:"aux,omitempty"`
-}
-
-func clearLine(out io.Writer) {
-	eraseMode := aec.EraseModes.All
-	cl := aec.EraseLine(eraseMode)
-	fmt.Fprint(out, cl)
-}
-
-func cursorUp(out io.Writer, l uint) {
-	fmt.Fprint(out, aec.Up(l))
-}
-
-func cursorDown(out io.Writer, l uint) {
-	fmt.Fprint(out, aec.Down(l))
-}
-
-// Display prints the JSONMessage to out. If isTerminal is true, it erases
-// the entire current line when displaying the progressbar. It returns an
-// error if the [JSONMessage.Error] field is non-nil.
-func (jm *JSONMessage) Display(out io.Writer, isTerminal bool) error {
-	if jm.Error != nil {
-		return jm.Error
-	}
-	var endl string
-	if isTerminal && jm.Stream == "" && jm.Progress != nil {
-		clearLine(out)
-		endl = "\r"
-		fmt.Fprint(out, endl)
-	} else if jm.Progress != nil && jm.Progress.String() != "" { // disable progressbar in non-terminal
-		return nil
-	}
-	if jm.TimeNano != 0 {
-		fmt.Fprintf(out, "%s ", time.Unix(0, jm.TimeNano).Format(RFC3339NanoFixed))
-	} else if jm.Time != 0 {
-		fmt.Fprintf(out, "%s ", time.Unix(jm.Time, 0).Format(RFC3339NanoFixed))
-	}
-	if jm.ID != "" {
-		fmt.Fprintf(out, "%s: ", jm.ID)
-	}
-	if jm.From != "" {
-		fmt.Fprintf(out, "(from %s) ", jm.From)
-	}
-	if jm.Progress != nil && isTerminal {
-		fmt.Fprintf(out, "%s %s%s", jm.Status, jm.Progress.String(), endl)
-	} else if jm.ProgressMessage != "" { // deprecated
-		fmt.Fprintf(out, "%s %s%s", jm.Status, jm.ProgressMessage, endl)
-	} else if jm.Stream != "" {
-		fmt.Fprintf(out, "%s%s", jm.Stream, endl)
-	} else {
-		fmt.Fprintf(out, "%s%s\n", jm.Status, endl)
-	}
-	return nil
-}
-
-// DisplayJSONMessagesStream reads a JSON message stream from in, and writes
-// each [JSONMessage] to out. It returns an error if an invalid JSONMessage
-// is received, or if a JSONMessage containers a non-zero [JSONMessage.Error].
-//
-// Presentation of the JSONMessage depends on whether a terminal is attached,
-// and on the terminal width. Progress bars ([JSONProgress]) are suppressed
-// on narrower terminals (< 110 characters).
-//
-//   - isTerminal describes if out is a terminal, in which case it prints
-//     a newline ("\n") at the end of each line and moves the cursor while
-//     displaying.
-//   - terminalFd is the fd of the current terminal (if any), and used
-//     to get the terminal width.
-//   - auxCallback allows handling the [JSONMessage.Aux] field. It is
-//     called if a JSONMessage contains an Aux field, in which case
-//     DisplayJSONMessagesStream does not present the JSONMessage.
-func DisplayJSONMessagesStream(in io.Reader, out io.Writer, terminalFd uintptr, isTerminal bool, auxCallback func(JSONMessage)) error {
-	var (
-		dec = json.NewDecoder(in)
-		ids = make(map[string]uint)
-	)
-
-	for {
-		var diff uint
-		var jm JSONMessage
-		if err := dec.Decode(&jm); err != nil {
-			if err == io.EOF {
-				break
-			}
-			return err
-		}
-
-		if jm.Aux != nil {
-			if auxCallback != nil {
-				auxCallback(jm)
-			}
-			continue
-		}
-
-		if jm.Progress != nil {
-			jm.Progress.terminalFd = terminalFd
-		}
-		if jm.ID != "" && (jm.Progress != nil || jm.ProgressMessage != "") {
-			line, ok := ids[jm.ID]
-			if !ok {
-				// NOTE: This approach of using len(id) to
-				// figure out the number of lines of history
-				// only works as long as we clear the history
-				// when we output something that's not
-				// accounted for in the map, such as a line
-				// with no ID.
-				line = uint(len(ids))
-				ids[jm.ID] = line
-				if isTerminal {
-					fmt.Fprintf(out, "\n")
-				}
-			}
-			diff = uint(len(ids)) - line
-			if isTerminal {
-				cursorUp(out, diff)
-			}
-		} else {
-			// When outputting something that isn't progress
-			// output, clear the history of previous lines. We
-			// don't want progress entries from some previous
-			// operation to be updated (for example, pull -a
-			// with multiple tags).
-			ids = make(map[string]uint)
-		}
-		err := jm.Display(out, isTerminal)
-		if jm.ID != "" && isTerminal {
-			cursorDown(out, diff)
-		}
-		if err != nil {
-			return err
-		}
-	}
-	return nil
-}
-
-// Stream is an io.Writer for output with utilities to get the output's file
-// descriptor and to detect whether it's a terminal.
-//
-// it is subset of the streams.Out type in
-// https://pkg.go.dev/github.com/docker/cli@v20.10.17+incompatible/cli/streams#Out
-type Stream interface {
-	io.Writer
-	FD() uintptr
-	IsTerminal() bool
-}
-
-// DisplayJSONMessagesToStream prints json messages to the output Stream. It is
-// used by the Docker CLI to print JSONMessage streams.
-func DisplayJSONMessagesToStream(in io.Reader, stream Stream, auxCallback func(JSONMessage)) error {
-	return DisplayJSONMessagesStream(in, stream, stream.FD(), stream.IsTerminal(), auxCallback)
-}
diff --git a/vendor/github.com/docker/go-connections/nat/nat.go b/vendor/github.com/docker/go-connections/nat/nat.go
deleted file mode 100644
index 1ffe0355dc..0000000000
--- a/vendor/github.com/docker/go-connections/nat/nat.go
+++ /dev/null
@@ -1,237 +0,0 @@
-// Package nat is a convenience package for manipulation of strings describing network ports.
-package nat
-
-import (
-	"errors"
-	"fmt"
-	"net"
-	"strconv"
-	"strings"
-)
-
-// PortBinding represents a binding between a Host IP address and a Host Port
-type PortBinding struct {
-	// HostIP is the host IP Address
-	HostIP string `json:"HostIp"`
-	// HostPort is the host port number
-	HostPort string
-}
-
-// PortMap is a collection of PortBinding indexed by Port
-type PortMap map[Port][]PortBinding
-
-// PortSet is a collection of structs indexed by Port
-type PortSet map[Port]struct{}
-
-// Port is a string containing port number and protocol in the format "80/tcp"
-type Port string
-
-// NewPort creates a new instance of a Port given a protocol and port number or port range
-func NewPort(proto, port string) (Port, error) {
-	// Check for parsing issues on "port" now so we can avoid having
-	// to check it later on.
-
-	portStartInt, portEndInt, err := ParsePortRangeToInt(port)
-	if err != nil {
-		return "", err
-	}
-
-	if portStartInt == portEndInt {
-		return Port(fmt.Sprintf("%d/%s", portStartInt, proto)), nil
-	}
-	return Port(fmt.Sprintf("%d-%d/%s", portStartInt, portEndInt, proto)), nil
-}
-
-// ParsePort parses the port number string and returns an int
-func ParsePort(rawPort string) (int, error) {
-	if rawPort == "" {
-		return 0, nil
-	}
-	port, err := strconv.ParseUint(rawPort, 10, 16)
-	if err != nil {
-		return 0, fmt.Errorf("invalid port '%s': %w", rawPort, errors.Unwrap(err))
-	}
-	return int(port), nil
-}
-
-// ParsePortRangeToInt parses the port range string and returns start/end ints
-func ParsePortRangeToInt(rawPort string) (int, int, error) {
-	if rawPort == "" {
-		return 0, 0, nil
-	}
-	start, end, err := ParsePortRange(rawPort)
-	if err != nil {
-		return 0, 0, err
-	}
-	return int(start), int(end), nil
-}
-
-// Proto returns the protocol of a Port
-func (p Port) Proto() string {
-	proto, _ := SplitProtoPort(string(p))
-	return proto
-}
-
-// Port returns the port number of a Port
-func (p Port) Port() string {
-	_, port := SplitProtoPort(string(p))
-	return port
-}
-
-// Int returns the port number of a Port as an int
-func (p Port) Int() int {
-	portStr := p.Port()
-	// We don't need to check for an error because we're going to
-	// assume that any error would have been found, and reported, in NewPort()
-	port, _ := ParsePort(portStr)
-	return port
-}
-
-// Range returns the start/end port numbers of a Port range as ints
-func (p Port) Range() (int, int, error) {
-	return ParsePortRangeToInt(p.Port())
-}
-
-// SplitProtoPort splits a port(range) and protocol, formatted as "<portnum>/[<proto>]"
-// "<startport-endport>/[<proto>]". It returns an empty string for both if
-// no port(range) is provided. If a port(range) is provided, but no protocol,
-// the default ("tcp") protocol is returned.
-//
-// SplitProtoPort does not validate or normalize the returned values.
-func SplitProtoPort(rawPort string) (proto string, port string) {
-	port, proto, _ = strings.Cut(rawPort, "/")
-	if port == "" {
-		return "", ""
-	}
-	if proto == "" {
-		proto = "tcp"
-	}
-	return proto, port
-}
-
-func validateProto(proto string) error {
-	switch proto {
-	case "tcp", "udp", "sctp":
-		// All good
-		return nil
-	default:
-		return errors.New("invalid proto: " + proto)
-	}
-}
-
-// ParsePortSpecs receives port specs in the format of ip:public:private/proto and parses
-// these in to the internal types
-func ParsePortSpecs(ports []string) (map[Port]struct{}, map[Port][]PortBinding, error) {
-	var (
-		exposedPorts = make(map[Port]struct{}, len(ports))
-		bindings     = make(map[Port][]PortBinding)
-	)
-	for _, p := range ports {
-		portMappings, err := ParsePortSpec(p)
-		if err != nil {
-			return nil, nil, err
-		}
-
-		for _, pm := range portMappings {
-			port := pm.Port
-			if _, ok := exposedPorts[port]; !ok {
-				exposedPorts[port] = struct{}{}
-			}
-			bindings[port] = append(bindings[port], pm.Binding)
-		}
-	}
-	return exposedPorts, bindings, nil
-}
-
-// PortMapping is a data object mapping a Port to a PortBinding
-type PortMapping struct {
-	Port    Port
-	Binding PortBinding
-}
-
-func (p *PortMapping) String() string {
-	return net.JoinHostPort(p.Binding.HostIP, p.Binding.HostPort+":"+string(p.Port))
-}
-
-func splitParts(rawport string) (hostIP, hostPort, containerPort string) {
-	parts := strings.Split(rawport, ":")
-
-	switch len(parts) {
-	case 1:
-		return "", "", parts[0]
-	case 2:
-		return "", parts[0], parts[1]
-	case 3:
-		return parts[0], parts[1], parts[2]
-	default:
-		n := len(parts)
-		return strings.Join(parts[:n-2], ":"), parts[n-2], parts[n-1]
-	}
-}
-
-// ParsePortSpec parses a port specification string into a slice of PortMappings
-func ParsePortSpec(rawPort string) ([]PortMapping, error) {
-	ip, hostPort, containerPort := splitParts(rawPort)
-	proto, containerPort := SplitProtoPort(containerPort)
-	proto = strings.ToLower(proto)
-	if err := validateProto(proto); err != nil {
-		return nil, err
-	}
-
-	if ip != "" && ip[0] == '[' {
-		// Strip [] from IPV6 addresses
-		rawIP, _, err := net.SplitHostPort(ip + ":")
-		if err != nil {
-			return nil, fmt.Errorf("invalid IP address %v: %w", ip, err)
-		}
-		ip = rawIP
-	}
-	if ip != "" && net.ParseIP(ip) == nil {
-		return nil, errors.New("invalid IP address: " + ip)
-	}
-	if containerPort == "" {
-		return nil, fmt.Errorf("no port specified: %s<empty>", rawPort)
-	}
-
-	startPort, endPort, err := ParsePortRange(containerPort)
-	if err != nil {
-		return nil, errors.New("invalid containerPort: " + containerPort)
-	}
-
-	var startHostPort, endHostPort uint64
-	if hostPort != "" {
-		startHostPort, endHostPort, err = ParsePortRange(hostPort)
-		if err != nil {
-			return nil, errors.New("invalid hostPort: " + hostPort)
-		}
-		if (endPort - startPort) != (endHostPort - startHostPort) {
-			// Allow host port range iff containerPort is not a range.
-			// In this case, use the host port range as the dynamic
-			// host port range to allocate into.
-			if endPort != startPort {
-				return nil, fmt.Errorf("invalid ranges specified for container and host Ports: %s and %s", containerPort, hostPort)
-			}
-		}
-	}
-
-	count := endPort - startPort + 1
-	ports := make([]PortMapping, 0, count)
-
-	for i := uint64(0); i < count; i++ {
-		cPort := Port(strconv.FormatUint(startPort+i, 10) + "/" + proto)
-		hPort := ""
-		if hostPort != "" {
-			hPort = strconv.FormatUint(startHostPort+i, 10)
-			// Set hostPort to a range only if there is a single container port
-			// and a dynamic host port.
-			if count == 1 && startHostPort != endHostPort {
-				hPort += "-" + strconv.FormatUint(endHostPort, 10)
-			}
-		}
-		ports = append(ports, PortMapping{
-			Port:    cPort,
-			Binding: PortBinding{HostIP: ip, HostPort: hPort},
-		})
-	}
-	return ports, nil
-}
diff --git a/vendor/github.com/docker/go-connections/nat/parse.go b/vendor/github.com/docker/go-connections/nat/parse.go
deleted file mode 100644
index 64affa2a90..0000000000
--- a/vendor/github.com/docker/go-connections/nat/parse.go
+++ /dev/null
@@ -1,33 +0,0 @@
-package nat
-
-import (
-	"errors"
-	"strconv"
-	"strings"
-)
-
-// ParsePortRange parses and validates the specified string as a port-range (8000-9000)
-func ParsePortRange(ports string) (uint64, uint64, error) {
-	if ports == "" {
-		return 0, 0, errors.New("empty string specified for ports")
-	}
-	if !strings.Contains(ports, "-") {
-		start, err := strconv.ParseUint(ports, 10, 16)
-		end := start
-		return start, end, err
-	}
-
-	parts := strings.Split(ports, "-")
-	start, err := strconv.ParseUint(parts[0], 10, 16)
-	if err != nil {
-		return 0, 0, err
-	}
-	end, err := strconv.ParseUint(parts[1], 10, 16)
-	if err != nil {
-		return 0, 0, err
-	}
-	if end < start {
-		return 0, 0, errors.New("invalid range specified for port: " + ports)
-	}
-	return start, end, nil
-}
diff --git a/vendor/github.com/docker/go-connections/nat/sort.go b/vendor/github.com/docker/go-connections/nat/sort.go
deleted file mode 100644
index b6eed145e1..0000000000
--- a/vendor/github.com/docker/go-connections/nat/sort.go
+++ /dev/null
@@ -1,96 +0,0 @@
-package nat
-
-import (
-	"sort"
-	"strings"
-)
-
-type portSorter struct {
-	ports []Port
-	by    func(i, j Port) bool
-}
-
-func (s *portSorter) Len() int {
-	return len(s.ports)
-}
-
-func (s *portSorter) Swap(i, j int) {
-	s.ports[i], s.ports[j] = s.ports[j], s.ports[i]
-}
-
-func (s *portSorter) Less(i, j int) bool {
-	ip := s.ports[i]
-	jp := s.ports[j]
-
-	return s.by(ip, jp)
-}
-
-// Sort sorts a list of ports using the provided predicate
-// This function should compare `i` and `j`, returning true if `i` is
-// considered to be less than `j`
-func Sort(ports []Port, predicate func(i, j Port) bool) {
-	s := &portSorter{ports, predicate}
-	sort.Sort(s)
-}
-
-type portMapEntry struct {
-	port    Port
-	binding PortBinding
-}
-
-type portMapSorter []portMapEntry
-
-func (s portMapSorter) Len() int      { return len(s) }
-func (s portMapSorter) Swap(i, j int) { s[i], s[j] = s[j], s[i] }
-
-// Less sorts the port so that the order is:
-// 1. port with larger specified bindings
-// 2. larger port
-// 3. port with tcp protocol
-func (s portMapSorter) Less(i, j int) bool {
-	pi, pj := s[i].port, s[j].port
-	hpi, hpj := toInt(s[i].binding.HostPort), toInt(s[j].binding.HostPort)
-	return hpi > hpj || pi.Int() > pj.Int() || (pi.Int() == pj.Int() && strings.ToLower(pi.Proto()) == "tcp")
-}
-
-// SortPortMap sorts the list of ports and their respected mapping. The ports
-// will explicit HostPort will be placed first.
-func SortPortMap(ports []Port, bindings PortMap) {
-	s := portMapSorter{}
-	for _, p := range ports {
-		if binding, ok := bindings[p]; ok && len(binding) > 0 {
-			for _, b := range binding {
-				s = append(s, portMapEntry{port: p, binding: b})
-			}
-			bindings[p] = []PortBinding{}
-		} else {
-			s = append(s, portMapEntry{port: p})
-		}
-	}
-
-	sort.Sort(s)
-	var (
-		i  int
-		pm = make(map[Port]struct{})
-	)
-	// reorder ports
-	for _, entry := range s {
-		if _, ok := pm[entry.port]; !ok {
-			ports[i] = entry.port
-			pm[entry.port] = struct{}{}
-			i++
-		}
-		// reorder bindings for this port
-		if _, ok := bindings[entry.port]; ok {
-			bindings[entry.port] = append(bindings[entry.port], entry.binding)
-		}
-	}
-}
-
-func toInt(s string) uint64 {
-	i, _, err := ParsePortRange(s)
-	if err != nil {
-		i = 0
-	}
-	return i
-}
diff --git a/vendor/github.com/docker/docker/LICENSE b/vendor/github.com/moby/moby/api/LICENSE
similarity index 93%
rename from vendor/github.com/docker/docker/LICENSE
rename to vendor/github.com/moby/moby/api/LICENSE
index 6d8d58fb67..d645695673 100644
--- a/vendor/github.com/docker/docker/LICENSE
+++ b/vendor/github.com/moby/moby/api/LICENSE
@@ -1,7 +1,7 @@
 
                                  Apache License
                            Version 2.0, January 2004
-                        https://www.apache.org/licenses/
+                        http://www.apache.org/licenses/
 
    TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
 
@@ -176,13 +176,24 @@
 
    END OF TERMS AND CONDITIONS
 
-   Copyright 2013-2018 Docker, Inc.
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright [yyyy] [name of copyright owner]
 
    Licensed under the Apache License, Version 2.0 (the "License");
    you may not use this file except in compliance with the License.
    You may obtain a copy of the License at
 
-       https://www.apache.org/licenses/LICENSE-2.0
+       http://www.apache.org/licenses/LICENSE-2.0
 
    Unless required by applicable law or agreed to in writing, software
    distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/vendor/github.com/moby/moby/api/pkg/authconfig/authconfig.go b/vendor/github.com/moby/moby/api/pkg/authconfig/authconfig.go
new file mode 100644
index 0000000000..d1b0105a68
--- /dev/null
+++ b/vendor/github.com/moby/moby/api/pkg/authconfig/authconfig.go
@@ -0,0 +1,96 @@
+package authconfig
+
+import (
+	"bytes"
+	"encoding/base64"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"io"
+
+	"github.com/moby/moby/api/types/registry"
+)
+
+// Encode serializes the auth configuration as a base64url encoded
+// ([RFC4648, section 5]) JSON string for sending through the X-Registry-Auth header.
+//
+// [RFC4648, section 5]: https://tools.ietf.org/html/rfc4648#section-5
+func Encode(authConfig registry.AuthConfig) (string, error) {
+	// Older daemons (or registries) may not handle an empty string,
+	// which resulted in an "io.EOF" when unmarshaling or decoding.
+	//
+	// FIXME(thaJeztah): find exactly what code-paths are impacted by this.
+	// if authConfig == (AuthConfig{}) { return "", nil }
+	buf, err := json.Marshal(authConfig)
+	if err != nil {
+		return "", errInvalidParameter{err}
+	}
+	return base64.URLEncoding.EncodeToString(buf), nil
+}
+
+// Decode decodes base64url encoded ([RFC4648, section 5]) JSON
+// authentication information as sent through the X-Registry-Auth header.
+//
+// This function always returns an [AuthConfig], even if an error occurs. It is up
+// to the caller to decide if authentication is required, and if the error can
+// be ignored.
+//
+// [RFC4648, section 5]: https://tools.ietf.org/html/rfc4648#section-5
+func Decode(authEncoded string) (*registry.AuthConfig, error) {
+	if authEncoded == "" {
+		return &registry.AuthConfig{}, nil
+	}
+
+	decoded, err := base64.URLEncoding.DecodeString(authEncoded)
+	if err != nil {
+		var e base64.CorruptInputError
+		if errors.As(err, &e) {
+			return &registry.AuthConfig{}, invalid(errors.New("must be a valid base64url-encoded string"))
+		}
+		return &registry.AuthConfig{}, invalid(err)
+	}
+
+	if bytes.Equal(decoded, []byte("{}")) {
+		return &registry.AuthConfig{}, nil
+	}
+
+	return decode(bytes.NewReader(decoded))
+}
+
+// DecodeRequestBody decodes authentication information as sent as JSON in the
+// body of a request. This function is to provide backward compatibility with old
+// clients and API versions. Current clients and API versions expect authentication
+// to be provided through the X-Registry-Auth header.
+//
+// Like [Decode], this function always returns an [AuthConfig], even if an
+// error occurs. It is up to the caller to decide if authentication is required,
+// and if the error can be ignored.
+func DecodeRequestBody(r io.ReadCloser) (*registry.AuthConfig, error) {
+	return decode(r)
+}
+
+func decode(r io.Reader) (*registry.AuthConfig, error) {
+	authConfig := &registry.AuthConfig{}
+	dec := json.NewDecoder(r)
+	if err := dec.Decode(authConfig); err != nil {
+		// always return an (empty) AuthConfig to increase compatibility with
+		// the existing API.
+		return &registry.AuthConfig{}, invalid(fmt.Errorf("invalid JSON: %w", err))
+	}
+	if dec.More() {
+		return &registry.AuthConfig{}, invalid(errors.New("multiple JSON documents not allowed"))
+	}
+	return authConfig, nil
+}
+
+func invalid(err error) error {
+	return errInvalidParameter{fmt.Errorf("invalid X-Registry-Auth header: %w", err)}
+}
+
+type errInvalidParameter struct{ error }
+
+func (errInvalidParameter) InvalidParameter() {}
+
+func (e errInvalidParameter) Cause() error { return e.error }
+
+func (e errInvalidParameter) Unwrap() error { return e.error }
diff --git a/vendor/github.com/docker/docker/pkg/stdcopy/stdcopy.go b/vendor/github.com/moby/moby/api/pkg/stdcopy/stdcopy.go
similarity index 50%
rename from vendor/github.com/docker/docker/pkg/stdcopy/stdcopy.go
rename to vendor/github.com/moby/moby/api/pkg/stdcopy/stdcopy.go
index 611432a626..948c6b6755 100644
--- a/vendor/github.com/docker/docker/pkg/stdcopy/stdcopy.go
+++ b/vendor/github.com/moby/moby/api/pkg/stdcopy/stdcopy.go
@@ -1,12 +1,10 @@
 package stdcopy
 
 import (
-	"bytes"
 	"encoding/binary"
 	"errors"
 	"fmt"
 	"io"
-	"sync"
 )
 
 // StdType is the type of standard stream
@@ -14,16 +12,13 @@ import (
 type StdType byte
 
 const (
-	// Stdin represents standard input stream type.
-	Stdin StdType = iota
-	// Stdout represents standard output stream type.
-	Stdout
-	// Stderr represents standard error steam type.
-	Stderr
-	// Systemerr represents errors originating from the system that make it
-	// into the multiplexed stream.
-	Systemerr
+	Stdin     StdType = 0 // Stdin represents standard input stream. It is present for completeness and should NOT be used. When reading the stream with [StdCopy] it is output on [Stdout].
+	Stdout    StdType = 1 // Stdout represents standard output stream.
+	Stderr    StdType = 2 // Stderr represents standard error steam.
+	Systemerr StdType = 3 // Systemerr represents errors originating from the system. When reading the stream with [StdCopy] it is returned as an error.
+)
 
+const (
 	stdWriterPrefixLen = 8
 	stdWriterFdIndex   = 0
 	stdWriterSizeIndex = 4
@@ -31,67 +26,28 @@ const (
 	startingBufLen = 32*1024 + stdWriterPrefixLen + 1
 )
 
-var bufPool = &sync.Pool{New: func() interface{} { return bytes.NewBuffer(nil) }}
-
-// stdWriter is wrapper of io.Writer with extra customized info.
-type stdWriter struct {
-	io.Writer
-	prefix byte
-}
-
-// Write sends the buffer to the underneath writer.
-// It inserts the prefix header before the buffer,
-// so stdcopy.StdCopy knows where to multiplex the output.
-// It makes stdWriter to implement io.Writer.
-func (w *stdWriter) Write(p []byte) (int, error) {
-	if w == nil || w.Writer == nil {
-		return 0, errors.New("writer not instantiated")
-	}
-	if p == nil {
-		return 0, nil
-	}
-
-	header := [stdWriterPrefixLen]byte{stdWriterFdIndex: w.prefix}
-	binary.BigEndian.PutUint32(header[stdWriterSizeIndex:], uint32(len(p)))
-	buf := bufPool.Get().(*bytes.Buffer)
-	buf.Write(header[:])
-	buf.Write(p)
-
-	n, err := w.Writer.Write(buf.Bytes())
-	n -= stdWriterPrefixLen
-	if n < 0 {
-		n = 0
-	}
-
-	buf.Reset()
-	bufPool.Put(buf)
-	return n, err
-}
-
-// NewStdWriter instantiates a new Writer.
-// Everything written to it will be encapsulated using a custom format,
-// and written to the underlying `w` stream.
-// This allows multiple write streams (e.g. stdout and stderr) to be muxed into a single connection.
-// `t` indicates the id of the stream to encapsulate.
-// It can be stdcopy.Stdin, stdcopy.Stdout, stdcopy.Stderr.
-func NewStdWriter(w io.Writer, t StdType) io.Writer {
-	return &stdWriter{
-		Writer: w,
-		prefix: byte(t),
-	}
-}
-
-// StdCopy is a modified version of io.Copy.
+// StdCopy is a modified version of [io.Copy] to de-multiplex messages
+// from "multiplexedSource" and copy them to destination streams
+// "destOut" and "destErr".
 //
-// StdCopy will demultiplex `src`, assuming that it contains two streams,
-// previously multiplexed together using a StdWriter instance.
-// As it reads from `src`, StdCopy will write to `dstout` and `dsterr`.
+// StdCopy demultiplexes "multiplexedSource", assuming that it contains
+// two streams, previously multiplexed using a writer created with
+// [NewStdWriter].
 //
-// StdCopy will read until it hits EOF on `src`. It will then return a nil error.
-// In other words: if `err` is non nil, it indicates a real underlying error.
+// As it reads from "multiplexedSource", StdCopy writes [Stdout] messages
+// to "destOut", and [Stderr] message to "destErr]. For backward-compatibility,
+// [Stdin] messages are output to "destOut". The [Systemerr] stream provides
+// errors produced by the daemon. It is returned as an error, and terminates
+// processing the stream.
 //
-// `written` will hold the total number of bytes written to `dstout` and `dsterr`.
-func StdCopy(dstout, dsterr io.Writer, src io.Reader) (written int64, _ error) {
+// StdCopy it reads until it hits [io.EOF] on "multiplexedSource", after
+// which it returns a nil error. In other words: any error returned indicates
+// a real underlying error, which may be when an unknown [StdType] stream
+// is received.
+//
+// The "written" return holds the total number of bytes written to "destOut"
+// and "destErr" combined.
+func StdCopy(destOut, destErr io.Writer, multiplexedSource io.Reader) (written int64, _ error) {
 	var (
 		buf       = make([]byte, startingBufLen)
 		bufLen    = len(buf)
@@ -105,7 +61,7 @@ func StdCopy(dstout, dsterr io.Writer, src io.Reader) (written int64, _ error) {
 		// Make sure we have at least a full header
 		for nr < stdWriterPrefixLen {
 			var nr2 int
-			nr2, err = src.Read(buf[nr:])
+			nr2, err = multiplexedSource.Read(buf[nr:])
 			nr += nr2
 			if errors.Is(err, io.EOF) {
 				if nr < stdWriterPrefixLen {
@@ -118,24 +74,24 @@ func StdCopy(dstout, dsterr io.Writer, src io.Reader) (written int64, _ error) {
 			}
 		}
 
-		stream := StdType(buf[stdWriterFdIndex])
 		// Check the first byte to know where to write
+		stream := StdType(buf[stdWriterFdIndex])
 		switch stream {
 		case Stdin:
 			fallthrough
 		case Stdout:
 			// Write on stdout
-			out = dstout
+			out = destOut
 		case Stderr:
 			// Write on stderr
-			out = dsterr
+			out = destErr
 		case Systemerr:
 			// If we're on Systemerr, we won't write anywhere.
 			// NB: if this code changes later, make sure you don't try to write
 			// to outstream if Systemerr is the stream
 			out = nil
 		default:
-			return 0, fmt.Errorf("Unrecognized input header: %d", buf[stdWriterFdIndex])
+			return 0, fmt.Errorf("unrecognized stream: %d", stream)
 		}
 
 		// Retrieve the size of the frame
@@ -151,7 +107,7 @@ func StdCopy(dstout, dsterr io.Writer, src io.Reader) (written int64, _ error) {
 		// While the amount of bytes read is less than the size of the frame + header, we keep reading
 		for nr < frameSize+stdWriterPrefixLen {
 			var nr2 int
-			nr2, err = src.Read(buf[nr:])
+			nr2, err = multiplexedSource.Read(buf[nr:])
 			nr += nr2
 			if errors.Is(err, io.EOF) {
 				if nr < frameSize+stdWriterPrefixLen {
diff --git a/vendor/github.com/docker/docker/api/types/blkiodev/blkio.go b/vendor/github.com/moby/moby/api/types/blkiodev/blkio.go
similarity index 100%
rename from vendor/github.com/docker/docker/api/types/blkiodev/blkio.go
rename to vendor/github.com/moby/moby/api/types/blkiodev/blkio.go
diff --git a/vendor/github.com/moby/moby/api/types/build/build.go b/vendor/github.com/moby/moby/api/types/build/build.go
new file mode 100644
index 0000000000..db98397734
--- /dev/null
+++ b/vendor/github.com/moby/moby/api/types/build/build.go
@@ -0,0 +1,16 @@
+package build
+
+// BuilderVersion sets the version of underlying builder to use
+type BuilderVersion string
+
+const (
+	// BuilderV1 is the first generation builder in docker daemon
+	BuilderV1 BuilderVersion = "1"
+	// BuilderBuildKit is builder based on moby/buildkit project
+	BuilderBuildKit BuilderVersion = "2"
+)
+
+// Result contains the image id of a successful build.
+type Result struct {
+	ID string
+}
diff --git a/vendor/github.com/docker/docker/api/types/build/cache.go b/vendor/github.com/moby/moby/api/types/build/cache.go
similarity index 66%
rename from vendor/github.com/docker/docker/api/types/build/cache.go
rename to vendor/github.com/moby/moby/api/types/build/cache.go
index 42c8404573..39dd23a5f3 100644
--- a/vendor/github.com/docker/docker/api/types/build/cache.go
+++ b/vendor/github.com/moby/moby/api/types/build/cache.go
@@ -2,18 +2,12 @@ package build
 
 import (
 	"time"
-
-	"github.com/docker/docker/api/types/filters"
 )
 
 // CacheRecord contains information about a build cache record.
 type CacheRecord struct {
 	// ID is the unique ID of the build cache record.
 	ID string
-	// Parent is the ID of the parent build cache record.
-	//
-	// Deprecated: deprecated in API v1.42 and up, as it was deprecated in BuildKit; use Parents instead.
-	Parent string `json:"Parent,omitempty"`
 	// Parents is the list of parent build cache record IDs.
 	Parents []string `json:" Parents,omitempty"`
 	// Type is the cache record type.
@@ -33,17 +27,6 @@ type CacheRecord struct {
 	UsageCount int
 }
 
-// CachePruneOptions hold parameters to prune the build cache.
-type CachePruneOptions struct {
-	All           bool
-	ReservedSpace int64
-	MaxUsedSpace  int64
-	MinFreeSpace  int64
-	Filters       filters.Args
-
-	KeepStorage int64 // Deprecated: deprecated in API 1.48.
-}
-
 // CachePruneReport contains the response for Engine API:
 // POST "/build/prune"
 type CachePruneReport struct {
diff --git a/vendor/github.com/moby/moby/api/types/build/disk_usage.go b/vendor/github.com/moby/moby/api/types/build/disk_usage.go
new file mode 100644
index 0000000000..3613797dba
--- /dev/null
+++ b/vendor/github.com/moby/moby/api/types/build/disk_usage.go
@@ -0,0 +1,36 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package build
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+// DiskUsage represents system data usage for build cache resources.
+//
+// swagger:model DiskUsage
+type DiskUsage struct {
+
+	// Count of active build cache records.
+	//
+	// Example: 1
+	ActiveCount int64 `json:"ActiveCount,omitempty"`
+
+	// List of build cache records.
+	//
+	Items []CacheRecord `json:"Items,omitempty"`
+
+	// Disk space that can be reclaimed by removing inactive build cache records.
+	//
+	// Example: 12345678
+	Reclaimable int64 `json:"Reclaimable,omitempty"`
+
+	// Count of all build cache records.
+	//
+	// Example: 4
+	TotalCount int64 `json:"TotalCount,omitempty"`
+
+	// Disk space in use by build cache records.
+	//
+	// Example: 98765432
+	TotalSize int64 `json:"TotalSize,omitempty"`
+}
diff --git a/vendor/github.com/moby/moby/api/types/checkpoint/create_request.go b/vendor/github.com/moby/moby/api/types/checkpoint/create_request.go
new file mode 100644
index 0000000000..c363783f2a
--- /dev/null
+++ b/vendor/github.com/moby/moby/api/types/checkpoint/create_request.go
@@ -0,0 +1,8 @@
+package checkpoint
+
+// CreateRequest holds parameters to create a checkpoint from a container.
+type CreateRequest struct {
+	CheckpointID  string
+	CheckpointDir string
+	Exit          bool
+}
diff --git a/vendor/github.com/docker/docker/api/types/checkpoint/list.go b/vendor/github.com/moby/moby/api/types/checkpoint/list.go
similarity index 100%
rename from vendor/github.com/docker/docker/api/types/checkpoint/list.go
rename to vendor/github.com/moby/moby/api/types/checkpoint/list.go
diff --git a/vendor/github.com/docker/docker/api/types/error_response.go b/vendor/github.com/moby/moby/api/types/common/error_response.go
similarity index 73%
rename from vendor/github.com/docker/docker/api/types/error_response.go
rename to vendor/github.com/moby/moby/api/types/common/error_response.go
index dc942d9d9e..b49d3eea0a 100644
--- a/vendor/github.com/docker/docker/api/types/error_response.go
+++ b/vendor/github.com/moby/moby/api/types/common/error_response.go
@@ -1,9 +1,13 @@
-package types
+// Code generated by go-swagger; DO NOT EDIT.
+
+package common
 
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
 
 // ErrorResponse Represents an error.
+// Example: {"message":"Something went wrong."}
+//
 // swagger:model ErrorResponse
 type ErrorResponse struct {
 
diff --git a/vendor/github.com/docker/docker/api/types/error_response_ext.go b/vendor/github.com/moby/moby/api/types/common/error_response_ext.go
similarity index 86%
rename from vendor/github.com/docker/docker/api/types/error_response_ext.go
rename to vendor/github.com/moby/moby/api/types/common/error_response_ext.go
index f84f034cd5..c92dfe4b12 100644
--- a/vendor/github.com/docker/docker/api/types/error_response_ext.go
+++ b/vendor/github.com/moby/moby/api/types/common/error_response_ext.go
@@ -1,4 +1,4 @@
-package types
+package common
 
 // Error returns the error message
 func (e ErrorResponse) Error() string {
diff --git a/vendor/github.com/docker/docker/api/types/common/id_response.go b/vendor/github.com/moby/moby/api/types/common/id_response.go
similarity index 87%
rename from vendor/github.com/docker/docker/api/types/common/id_response.go
rename to vendor/github.com/moby/moby/api/types/common/id_response.go
index 22e8c60a48..7dfe4bf12b 100644
--- a/vendor/github.com/docker/docker/api/types/common/id_response.go
+++ b/vendor/github.com/moby/moby/api/types/common/id_response.go
@@ -1,9 +1,12 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
 package common
 
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
 
 // IDResponse Response to an API call that returns just an Id
+//
 // swagger:model IDResponse
 type IDResponse struct {
 
diff --git a/vendor/github.com/docker/docker/api/types/container/change_type.go b/vendor/github.com/moby/moby/api/types/container/change_type.go
similarity index 87%
rename from vendor/github.com/docker/docker/api/types/container/change_type.go
rename to vendor/github.com/moby/moby/api/types/container/change_type.go
index fe8d6d3696..52fc99235b 100644
--- a/vendor/github.com/docker/docker/api/types/container/change_type.go
+++ b/vendor/github.com/moby/moby/api/types/container/change_type.go
@@ -1,3 +1,5 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
 package container
 
 // This file was generated by the swagger tool.
diff --git a/vendor/github.com/docker/docker/api/types/container/change_types.go b/vendor/github.com/moby/moby/api/types/container/change_types.go
similarity index 100%
rename from vendor/github.com/docker/docker/api/types/container/change_types.go
rename to vendor/github.com/moby/moby/api/types/container/change_types.go
diff --git a/vendor/github.com/docker/docker/api/types/container/commit.go b/vendor/github.com/moby/moby/api/types/container/commit.go
similarity index 76%
rename from vendor/github.com/docker/docker/api/types/container/commit.go
rename to vendor/github.com/moby/moby/api/types/container/commit.go
index 6fd1b0ead1..c5aab26ff4 100644
--- a/vendor/github.com/docker/docker/api/types/container/commit.go
+++ b/vendor/github.com/moby/moby/api/types/container/commit.go
@@ -1,6 +1,6 @@
 package container
 
-import "github.com/docker/docker/api/types/common"
+import "github.com/moby/moby/api/types/common"
 
 // CommitResponse response for the commit API call, containing the ID of the
 // image that was produced.
diff --git a/vendor/github.com/docker/docker/api/types/container/config.go b/vendor/github.com/moby/moby/api/types/container/config.go
similarity index 58%
rename from vendor/github.com/docker/docker/api/types/container/config.go
rename to vendor/github.com/moby/moby/api/types/container/config.go
index 0555416540..78fa9f9105 100644
--- a/vendor/github.com/docker/docker/api/types/container/config.go
+++ b/vendor/github.com/moby/moby/api/types/container/config.go
@@ -3,9 +3,8 @@ package container
 import (
 	"time"
 
-	"github.com/docker/docker/api/types/strslice"
-	"github.com/docker/go-connections/nat"
 	dockerspec "github.com/moby/docker-image-spec/specs-go/v1"
+	"github.com/moby/moby/api/types/network"
 )
 
 // MinimumDuration puts a minimum on user configured duration.
@@ -14,24 +13,6 @@ import (
 // Docker interprets it as 3 nanoseconds.
 const MinimumDuration = 1 * time.Millisecond
 
-// StopOptions holds the options to stop or restart a container.
-type StopOptions struct {
-	// Signal (optional) is the signal to send to the container to (gracefully)
-	// stop it before forcibly terminating the container with SIGKILL after the
-	// timeout expires. If not value is set, the default (SIGTERM) is used.
-	Signal string `json:",omitempty"`
-
-	// Timeout (optional) is the timeout (in seconds) to wait for the container
-	// to stop gracefully before forcibly terminating it with SIGKILL.
-	//
-	// - Use nil to use the default timeout (10 seconds).
-	// - Use '-1' to wait indefinitely.
-	// - Use '0' to not wait for the container to exit gracefully, and
-	//   immediately proceeds to forcibly terminating the container.
-	// - Other positive values are used as timeout (in seconds).
-	Timeout *int `json:",omitempty"`
-}
-
 // HealthConfig holds configuration settings for the HEALTHCHECK feature.
 type HealthConfig = dockerspec.HealthcheckConfig
 
@@ -48,26 +29,22 @@ type Config struct {
 	AttachStdin     bool                // Attach the standard input, makes possible user interaction
 	AttachStdout    bool                // Attach the standard output
 	AttachStderr    bool                // Attach the standard error
-	ExposedPorts    nat.PortSet         `json:",omitempty"` // List of exposed ports
+	ExposedPorts    network.PortSet     `json:",omitempty"` // List of exposed ports
 	Tty             bool                // Attach standard streams to a tty, including stdin if it is not closed.
 	OpenStdin       bool                // Open stdin
 	StdinOnce       bool                // If true, close stdin after the 1 attached client disconnects.
 	Env             []string            // List of environment variable to set in the container
-	Cmd             strslice.StrSlice   // Command to run when starting the container
+	Cmd             []string            // Command to run when starting the container
 	Healthcheck     *HealthConfig       `json:",omitempty"` // Healthcheck describes how to check the container is healthy
 	ArgsEscaped     bool                `json:",omitempty"` // True if command is already escaped (meaning treat as a command line) (Windows specific).
 	Image           string              // Name of the image as it was passed by the operator (e.g. could be symbolic)
 	Volumes         map[string]struct{} // List of volumes (mounts) used for the container
 	WorkingDir      string              // Current directory (PWD) in the command will be launched
-	Entrypoint      strslice.StrSlice   // Entrypoint to run when starting the container
+	Entrypoint      []string            // Entrypoint to run when starting the container
 	NetworkDisabled bool                `json:",omitempty"` // Is network disabled
-	// Mac Address of the container.
-	//
-	// Deprecated: this field is deprecated since API v1.44. Use EndpointSettings.MacAddress instead.
-	MacAddress  string            `json:",omitempty"`
-	OnBuild     []string          // ONBUILD metadata that were defined on the image Dockerfile
-	Labels      map[string]string // List of labels set to this container
-	StopSignal  string            `json:",omitempty"` // Signal to stop a container
-	StopTimeout *int              `json:",omitempty"` // Timeout (in seconds) to stop a container
-	Shell       strslice.StrSlice `json:",omitempty"` // Shell for shell-form of RUN, CMD, ENTRYPOINT
+	OnBuild         []string            `json:",omitempty"` // ONBUILD metadata that were defined on the image Dockerfile
+	Labels          map[string]string   // List of labels set to this container
+	StopSignal      string              `json:",omitempty"` // Signal to stop a container
+	StopTimeout     *int                `json:",omitempty"` // Timeout (in seconds) to stop a container
+	Shell           []string            `json:",omitempty"` // Shell for shell-form of RUN, CMD, ENTRYPOINT
 }
diff --git a/vendor/github.com/docker/docker/api/types/container/container.go b/vendor/github.com/moby/moby/api/types/container/container.go
similarity index 69%
rename from vendor/github.com/docker/docker/api/types/container/container.go
rename to vendor/github.com/moby/moby/api/types/container/container.go
index a191ca8bdb..bffb3de872 100644
--- a/vendor/github.com/docker/docker/api/types/container/container.go
+++ b/vendor/github.com/moby/moby/api/types/container/container.go
@@ -1,25 +1,14 @@
 package container
 
 import (
-	"io"
 	"os"
 	"time"
 
-	"github.com/docker/docker/api/types/mount"
-	"github.com/docker/docker/api/types/storage"
+	"github.com/moby/moby/api/types/mount"
+	"github.com/moby/moby/api/types/storage"
 	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
 )
 
-// ContainerUpdateOKBody OK response to ContainerUpdate operation
-//
-// Deprecated: use [UpdateResponse]. This alias will be removed in the next release.
-type ContainerUpdateOKBody = UpdateResponse
-
-// ContainerTopOKBody OK response to ContainerTop operation
-//
-// Deprecated: use [TopResponse]. This alias will be removed in the next release.
-type ContainerTopOKBody = TopResponse
-
 // PruneReport contains the response for Engine API:
 // POST "/containers/prune"
 type PruneReport struct {
@@ -38,30 +27,10 @@ type PathStat struct {
 	LinkTarget string      `json:"linkTarget"`
 }
 
-// CopyToContainerOptions holds information
-// about files to copy into a container
-type CopyToContainerOptions struct {
-	AllowOverwriteDirWithFile bool
-	CopyUIDGID                bool
-}
-
-// StatsResponseReader wraps an io.ReadCloser to read (a stream of) stats
-// for a container, as produced by the GET "/stats" endpoint.
-//
-// The OSType field is set to the server's platform to allow
-// platform-specific handling of the response.
-//
-// TODO(thaJeztah): remove this wrapper, and make OSType part of [StatsResponse].
-type StatsResponseReader struct {
-	Body   io.ReadCloser `json:"body"`
-	OSType string        `json:"ostype"`
-}
-
 // MountPoint represents a mount point configuration inside the container.
 // This is used for reporting the mountpoints in use by a container.
 type MountPoint struct {
-	// Type is the type of mount, see `Type<foo>` definitions in
-	// github.com/docker/docker/api/types/mount.Type
+	// Type is the type of mount, see [mount.Type] definitions for details.
 	Type mount.Type `json:",omitempty"`
 
 	// Name is the name reference to the underlying data defined by `Source`
@@ -128,7 +97,7 @@ type Summary struct {
 	ImageManifestDescriptor *ocispec.Descriptor `json:"ImageManifestDescriptor,omitempty"`
 	Command                 string
 	Created                 int64
-	Ports                   []Port
+	Ports                   []PortSummary
 	SizeRw                  int64 `json:",omitempty"`
 	SizeRootFs              int64 `json:",omitempty"`
 	Labels                  map[string]string
@@ -138,20 +107,14 @@ type Summary struct {
 		NetworkMode string            `json:",omitempty"`
 		Annotations map[string]string `json:",omitempty"`
 	}
+	Health          *HealthSummary `json:",omitempty"`
 	NetworkSettings *NetworkSettingsSummary
 	Mounts          []MountPoint
 }
 
-// ContainerJSONBase contains response of Engine API GET "/containers/{name:.*}/json"
-// for API version 1.18 and older.
-//
-// TODO(thaJeztah): combine ContainerJSONBase and InspectResponse into a single struct.
-// The split between ContainerJSONBase (ContainerJSONBase) and InspectResponse (InspectResponse)
-// was done in commit 6deaa58ba5f051039643cedceee97c8695e2af74 (https://github.com/moby/moby/pull/13675).
-// ContainerJSONBase contained all fields for API < 1.19, and InspectResponse
-// held fields that were added in API 1.19 and up. Given that the minimum
-// supported API version is now 1.24, we no longer use the separate type.
-type ContainerJSONBase struct {
+// InspectResponse is the response for the GET "/containers/{name:.*}/json"
+// endpoint.
+type InspectResponse struct {
 	ID              string `json:"Id"`
 	Created         string
 	Path            string
@@ -171,15 +134,15 @@ type ContainerJSONBase struct {
 	AppArmorProfile string
 	ExecIDs         []string
 	HostConfig      *HostConfig
-	GraphDriver     storage.DriverData
+
+	// GraphDriver contains information about the container's graph driver.
+	GraphDriver *storage.DriverData `json:"GraphDriver,omitempty"`
+
+	// Storage contains information about the storage used for the container's filesystem.
+	Storage *storage.Storage `json:"Storage,omitempty"`
+
 	SizeRw          *int64 `json:",omitempty"`
 	SizeRootFs      *int64 `json:",omitempty"`
-}
-
-// InspectResponse is the response for the GET "/containers/{name:.*}/json"
-// endpoint.
-type InspectResponse struct {
-	*ContainerJSONBase
 	Mounts          []MountPoint
 	Config          *Config
 	NetworkSettings *NetworkSettings
diff --git a/vendor/github.com/docker/docker/api/types/container/create_request.go b/vendor/github.com/moby/moby/api/types/container/create_request.go
similarity index 89%
rename from vendor/github.com/docker/docker/api/types/container/create_request.go
rename to vendor/github.com/moby/moby/api/types/container/create_request.go
index e98dd6ad44..decb208af0 100644
--- a/vendor/github.com/docker/docker/api/types/container/create_request.go
+++ b/vendor/github.com/moby/moby/api/types/container/create_request.go
@@ -1,6 +1,6 @@
 package container
 
-import "github.com/docker/docker/api/types/network"
+import "github.com/moby/moby/api/types/network"
 
 // CreateRequest is the request message sent to the server for container
 // create calls. It is a config wrapper that holds the container [Config]
diff --git a/vendor/github.com/docker/docker/api/types/container/create_response.go b/vendor/github.com/moby/moby/api/types/container/create_response.go
similarity index 70%
rename from vendor/github.com/docker/docker/api/types/container/create_response.go
rename to vendor/github.com/moby/moby/api/types/container/create_response.go
index aa0e7f7d07..39d761aa96 100644
--- a/vendor/github.com/docker/docker/api/types/container/create_response.go
+++ b/vendor/github.com/moby/moby/api/types/container/create_response.go
@@ -1,3 +1,5 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
 package container
 
 // This file was generated by the swagger tool.
@@ -5,15 +7,18 @@ package container
 
 // CreateResponse ContainerCreateResponse
 //
-// OK response to ContainerCreate operation
+// # OK response to ContainerCreate operation
+//
 // swagger:model CreateResponse
 type CreateResponse struct {
 
 	// The ID of the created container
+	// Example: ede54ee1afda366ab42f824e8a5ffd195155d853ceaec74a927f249ea270c743
 	// Required: true
 	ID string `json:"Id"`
 
 	// Warnings encountered when creating the container
+	// Example: []
 	// Required: true
 	Warnings []string `json:"Warnings"`
 }
diff --git a/vendor/github.com/moby/moby/api/types/container/disk_usage.go b/vendor/github.com/moby/moby/api/types/container/disk_usage.go
new file mode 100644
index 0000000000..c36721d3b0
--- /dev/null
+++ b/vendor/github.com/moby/moby/api/types/container/disk_usage.go
@@ -0,0 +1,36 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package container
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+// DiskUsage represents system data usage information for container resources.
+//
+// swagger:model DiskUsage
+type DiskUsage struct {
+
+	// Count of active containers.
+	//
+	// Example: 1
+	ActiveCount int64 `json:"ActiveCount,omitempty"`
+
+	// List of container summaries.
+	//
+	Items []Summary `json:"Items,omitempty"`
+
+	// Disk space that can be reclaimed by removing inactive containers.
+	//
+	// Example: 12345678
+	Reclaimable int64 `json:"Reclaimable,omitempty"`
+
+	// Count of all containers.
+	//
+	// Example: 4
+	TotalCount int64 `json:"TotalCount,omitempty"`
+
+	// Disk space in use by containers.
+	//
+	// Example: 98765432
+	TotalSize int64 `json:"TotalSize,omitempty"`
+}
diff --git a/vendor/github.com/docker/docker/api/types/container/errors.go b/vendor/github.com/moby/moby/api/types/container/errors.go
similarity index 100%
rename from vendor/github.com/docker/docker/api/types/container/errors.go
rename to vendor/github.com/moby/moby/api/types/container/errors.go
diff --git a/vendor/github.com/moby/moby/api/types/container/exec.go b/vendor/github.com/moby/moby/api/types/container/exec.go
new file mode 100644
index 0000000000..6895926aef
--- /dev/null
+++ b/vendor/github.com/moby/moby/api/types/container/exec.go
@@ -0,0 +1,35 @@
+package container
+
+import "github.com/moby/moby/api/types/common"
+
+// ExecCreateResponse is the response for a successful exec-create request.
+// It holds the ID of the exec that was created.
+//
+// TODO(thaJeztah): make this a distinct type.
+type ExecCreateResponse = common.IDResponse
+
+// ExecInspectResponse is the API response for the "GET /exec/{id}/json"
+// endpoint and holds information about and exec.
+type ExecInspectResponse struct {
+	ID            string `json:"ID"`
+	Running       bool   `json:"Running"`
+	ExitCode      *int   `json:"ExitCode"`
+	ProcessConfig *ExecProcessConfig
+	OpenStdin     bool   `json:"OpenStdin"`
+	OpenStderr    bool   `json:"OpenStderr"`
+	OpenStdout    bool   `json:"OpenStdout"`
+	CanRemove     bool   `json:"CanRemove"`
+	ContainerID   string `json:"ContainerID"`
+	DetachKeys    []byte `json:"DetachKeys"`
+	Pid           int    `json:"Pid"`
+}
+
+// ExecProcessConfig holds information about the exec process
+// running on the host.
+type ExecProcessConfig struct {
+	Tty        bool     `json:"tty"`
+	Entrypoint string   `json:"entrypoint"`
+	Arguments  []string `json:"arguments"`
+	Privileged *bool    `json:"privileged,omitempty"`
+	User       string   `json:"user,omitempty"`
+}
diff --git a/vendor/github.com/moby/moby/api/types/container/exec_create_request.go b/vendor/github.com/moby/moby/api/types/container/exec_create_request.go
new file mode 100644
index 0000000000..dd7437cd2f
--- /dev/null
+++ b/vendor/github.com/moby/moby/api/types/container/exec_create_request.go
@@ -0,0 +1,17 @@
+package container
+
+// ExecCreateRequest is a small subset of the Config struct that holds the configuration
+// for the exec feature of docker.
+type ExecCreateRequest struct {
+	User         string   // User that will run the command
+	Privileged   bool     // Is the container in privileged mode
+	Tty          bool     // Attach standard streams to a tty.
+	ConsoleSize  *[2]uint `json:",omitempty"` // Initial console size [height, width]
+	AttachStdin  bool     // Attach the standard input, makes possible user interaction
+	AttachStderr bool     // Attach the standard error
+	AttachStdout bool     // Attach the standard output
+	DetachKeys   string   // Escape keys for detach
+	Env          []string // Environment variables
+	WorkingDir   string   // Working directory
+	Cmd          []string // Execution commands and args
+}
diff --git a/vendor/github.com/moby/moby/api/types/container/exec_start_request.go b/vendor/github.com/moby/moby/api/types/container/exec_start_request.go
new file mode 100644
index 0000000000..4c2ba0a77c
--- /dev/null
+++ b/vendor/github.com/moby/moby/api/types/container/exec_start_request.go
@@ -0,0 +1,12 @@
+package container
+
+// ExecStartRequest is a temp struct used by execStart
+// Config fields is part of ExecConfig in runconfig package
+type ExecStartRequest struct {
+	// ExecStart will first check if it's detached
+	Detach bool
+	// Check if there's a tty
+	Tty bool
+	// Terminal size [height, width], unused if Tty == false
+	ConsoleSize *[2]uint `json:",omitempty"`
+}
diff --git a/vendor/github.com/docker/docker/api/types/container/filesystem_change.go b/vendor/github.com/moby/moby/api/types/container/filesystem_change.go
similarity index 90%
rename from vendor/github.com/docker/docker/api/types/container/filesystem_change.go
rename to vendor/github.com/moby/moby/api/types/container/filesystem_change.go
index 9e9c2ad1d5..b9ec83e521 100644
--- a/vendor/github.com/docker/docker/api/types/container/filesystem_change.go
+++ b/vendor/github.com/moby/moby/api/types/container/filesystem_change.go
@@ -1,3 +1,5 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
 package container
 
 // This file was generated by the swagger tool.
diff --git a/vendor/github.com/docker/docker/api/types/container/health.go b/vendor/github.com/moby/moby/api/types/container/health.go
similarity index 81%
rename from vendor/github.com/docker/docker/api/types/container/health.go
rename to vendor/github.com/moby/moby/api/types/container/health.go
index 96e91cc8d8..1a1ba84b40 100644
--- a/vendor/github.com/docker/docker/api/types/container/health.go
+++ b/vendor/github.com/moby/moby/api/types/container/health.go
@@ -7,9 +7,7 @@ import (
 )
 
 // HealthStatus is a string representation of the container's health.
-//
-// It currently is an alias for string, but may become a distinct type in future.
-type HealthStatus = string
+type HealthStatus string
 
 // Health states
 const (
@@ -26,6 +24,12 @@ type Health struct {
 	Log           []*HealthcheckResult // Log contains the last few results (oldest first)
 }
 
+// HealthSummary stores a summary of the container's healthcheck results.
+type HealthSummary struct {
+	Status        HealthStatus // Status is one of [NoHealthcheck], [Starting], [Healthy] or [Unhealthy].
+	FailingStreak int          // FailingStreak is the number of consecutive failures
+}
+
 // HealthcheckResult stores information about a single run of a healthcheck probe
 type HealthcheckResult struct {
 	Start    time.Time // Start is the time this check started
@@ -35,7 +39,10 @@ type HealthcheckResult struct {
 }
 
 var validHealths = []string{
-	NoHealthcheck, Starting, Healthy, Unhealthy,
+	string(NoHealthcheck),
+	string(Starting),
+	string(Healthy),
+	string(Unhealthy),
 }
 
 // ValidateHealthStatus checks if the provided string is a valid
diff --git a/vendor/github.com/docker/docker/api/types/container/hostconfig.go b/vendor/github.com/moby/moby/api/types/container/hostconfig.go
similarity index 92%
rename from vendor/github.com/docker/docker/api/types/container/hostconfig.go
rename to vendor/github.com/moby/moby/api/types/container/hostconfig.go
index 7a41436cc7..0f889c6512 100644
--- a/vendor/github.com/docker/docker/api/types/container/hostconfig.go
+++ b/vendor/github.com/moby/moby/api/types/container/hostconfig.go
@@ -3,14 +3,13 @@ package container
 import (
 	"errors"
 	"fmt"
+	"net/netip"
 	"strings"
 
-	"github.com/docker/docker/api/types/blkiodev"
-	"github.com/docker/docker/api/types/mount"
-	"github.com/docker/docker/api/types/network"
-	"github.com/docker/docker/api/types/strslice"
-	"github.com/docker/go-connections/nat"
 	"github.com/docker/go-units"
+	"github.com/moby/moby/api/types/blkiodev"
+	"github.com/moby/moby/api/types/mount"
+	"github.com/moby/moby/api/types/network"
 )
 
 // CgroupnsMode represents the cgroup namespace mode of the container
@@ -391,22 +390,12 @@ type Resources struct {
 	Devices              []DeviceMapping // List of devices to map inside the container
 	DeviceCgroupRules    []string        // List of rule to be added to the device cgroup
 	DeviceRequests       []DeviceRequest // List of device requests for device drivers
-
-	// KernelMemory specifies the kernel memory limit (in bytes) for the container.
-	// Deprecated: kernel 5.4 deprecated kmem.limit_in_bytes.
-	KernelMemory int64 `json:",omitempty"`
-	// Hard limit for kernel TCP buffer memory (in bytes).
-	//
-	// Deprecated: This field is deprecated and will be removed in the next release.
-	// Starting with 6.12, the kernel has deprecated kernel memory tcp accounting
-	// for cgroups v1.
-	KernelMemoryTCP   int64     `json:",omitempty"` // Hard limit for kernel TCP buffer memory (in bytes)
-	MemoryReservation int64     // Memory soft limit (in bytes)
-	MemorySwap        int64     // Total memory usage (memory + swap); set `-1` to enable unlimited swap
-	MemorySwappiness  *int64    // Tuning container memory swappiness behaviour
-	OomKillDisable    *bool     // Whether to disable OOM Killer or not
-	PidsLimit         *int64    // Setting PIDs limit for a container; Set `0` or `-1` for unlimited, or `null` to not change.
-	Ulimits           []*Ulimit // List of ulimits to be set in the container
+	MemoryReservation    int64           // Memory soft limit (in bytes)
+	MemorySwap           int64           // Total memory usage (memory + swap); set `-1` to enable unlimited swap
+	MemorySwappiness     *int64          // Tuning container memory swappiness behaviour
+	OomKillDisable       *bool           // Whether to disable OOM Killer or not
+	PidsLimit            *int64          // Setting PIDs limit for a container; Set `0` or `-1` for unlimited, or `null` to not change.
+	Ulimits              []*Ulimit       // List of ulimits to be set in the container
 
 	// Applicable to Windows
 	CPUCount           int64  `json:"CpuCount"`   // CPU count
@@ -432,7 +421,7 @@ type HostConfig struct {
 	ContainerIDFile string            // File (path) where the containerId is written
 	LogConfig       LogConfig         // Configuration of the logs for this container
 	NetworkMode     NetworkMode       // Network mode to use for the container
-	PortBindings    nat.PortMap       // Port mapping between the exposed port (container) and the host
+	PortBindings    network.PortMap   // Port mapping between the exposed port (container) and the host
 	RestartPolicy   RestartPolicy     // Restart policy to be used for the container
 	AutoRemove      bool              // Automatically remove container when it exits
 	VolumeDriver    string            // Name of the volume driver used to mount volumes
@@ -441,10 +430,10 @@ type HostConfig struct {
 	Annotations     map[string]string `json:",omitempty"` // Arbitrary non-identifying metadata attached to container and provided to the runtime
 
 	// Applicable to UNIX platforms
-	CapAdd          strslice.StrSlice // List of kernel capabilities to add to the container
-	CapDrop         strslice.StrSlice // List of kernel capabilities to remove from the container
+	CapAdd          []string          // List of kernel capabilities to add to the container
+	CapDrop         []string          // List of kernel capabilities to remove from the container
 	CgroupnsMode    CgroupnsMode      // Cgroup namespace mode to use for the container
-	DNS             []string          `json:"Dns"`        // List of DNS server to lookup
+	DNS             []netip.Addr      `json:"Dns"`        // List of DNS server to lookup
 	DNSOptions      []string          `json:"DnsOptions"` // List of DNSOption to look for
 	DNSSearch       []string          `json:"DnsSearch"`  // List of DNSSearch to look for
 	ExtraHosts      []string          // List of extra hosts
diff --git a/vendor/github.com/docker/docker/api/types/container/hostconfig_unix.go b/vendor/github.com/moby/moby/api/types/container/hostconfig_unix.go
similarity index 95%
rename from vendor/github.com/docker/docker/api/types/container/hostconfig_unix.go
rename to vendor/github.com/moby/moby/api/types/container/hostconfig_unix.go
index cd6a7a9be2..326a5da7eb 100644
--- a/vendor/github.com/docker/docker/api/types/container/hostconfig_unix.go
+++ b/vendor/github.com/moby/moby/api/types/container/hostconfig_unix.go
@@ -2,7 +2,7 @@
 
 package container
 
-import "github.com/docker/docker/api/types/network"
+import "github.com/moby/moby/api/types/network"
 
 // IsValid indicates if an isolation technology is valid
 func (i Isolation) IsValid() bool {
diff --git a/vendor/github.com/docker/docker/api/types/container/hostconfig_windows.go b/vendor/github.com/moby/moby/api/types/container/hostconfig_windows.go
similarity index 95%
rename from vendor/github.com/docker/docker/api/types/container/hostconfig_windows.go
rename to vendor/github.com/moby/moby/api/types/container/hostconfig_windows.go
index db63e190d1..977a376023 100644
--- a/vendor/github.com/docker/docker/api/types/container/hostconfig_windows.go
+++ b/vendor/github.com/moby/moby/api/types/container/hostconfig_windows.go
@@ -1,6 +1,6 @@
 package container
 
-import "github.com/docker/docker/api/types/network"
+import "github.com/moby/moby/api/types/network"
 
 // IsValid indicates if an isolation technology is valid
 func (i Isolation) IsValid() bool {
diff --git a/vendor/github.com/moby/moby/api/types/container/network_settings.go b/vendor/github.com/moby/moby/api/types/container/network_settings.go
new file mode 100644
index 0000000000..c51c0839d2
--- /dev/null
+++ b/vendor/github.com/moby/moby/api/types/container/network_settings.go
@@ -0,0 +1,22 @@
+package container
+
+import (
+	"github.com/moby/moby/api/types/network"
+)
+
+// NetworkSettings exposes the network settings in the api
+type NetworkSettings struct {
+	SandboxID  string // SandboxID uniquely represents a container's network stack
+	SandboxKey string // SandboxKey identifies the sandbox
+
+	// Ports is a collection of [network.PortBinding] indexed by [network.Port]
+	Ports network.PortMap
+
+	Networks map[string]*network.EndpointSettings
+}
+
+// NetworkSettingsSummary provides a summary of container's networks
+// in /containers/json
+type NetworkSettingsSummary struct {
+	Networks map[string]*network.EndpointSettings
+}
diff --git a/vendor/github.com/docker/docker/api/types/container/port.go b/vendor/github.com/moby/moby/api/types/container/port_summary.go
similarity index 56%
rename from vendor/github.com/docker/docker/api/types/container/port.go
rename to vendor/github.com/moby/moby/api/types/container/port_summary.go
index 895043cfe9..68148eece4 100644
--- a/vendor/github.com/docker/docker/api/types/container/port.go
+++ b/vendor/github.com/moby/moby/api/types/container/port_summary.go
@@ -1,14 +1,23 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
 package container
 
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
 
-// Port An open port on a container
-// swagger:model Port
-type Port struct {
+import (
+	"net/netip"
+)
+
+// PortSummary Describes a port-mapping between the container and the host.
+//
+// Example: {"PrivatePort":8080,"PublicPort":80,"Type":"tcp"}
+//
+// swagger:model PortSummary
+type PortSummary struct {
 
 	// Host IP address that the container's port is mapped to
-	IP string `json:"IP,omitempty"`
+	IP netip.Addr `json:"IP,omitempty"`
 
 	// Port on the container
 	// Required: true
@@ -19,5 +28,6 @@ type Port struct {
 
 	// type
 	// Required: true
+	// Enum: ["tcp","udp","sctp"]
 	Type string `json:"Type"`
 }
diff --git a/vendor/github.com/docker/docker/api/types/container/state.go b/vendor/github.com/moby/moby/api/types/container/state.go
similarity index 59%
rename from vendor/github.com/docker/docker/api/types/container/state.go
rename to vendor/github.com/moby/moby/api/types/container/state.go
index 78d5c4fe85..47c6d12490 100644
--- a/vendor/github.com/docker/docker/api/types/container/state.go
+++ b/vendor/github.com/moby/moby/api/types/container/state.go
@@ -6,9 +6,7 @@ import (
 )
 
 // ContainerState is a string representation of the container's current state.
-//
-// It currently is an alias for string, but may become a distinct type in the future.
-type ContainerState = string
+type ContainerState string
 
 const (
 	StateCreated    ContainerState = "created"    // StateCreated indicates the container is created, but not (yet) started.
@@ -20,8 +18,14 @@ const (
 	StateDead       ContainerState = "dead"       // StateDead indicates that the container failed to be deleted. Containers in this state are attempted to be cleaned up when the daemon restarts.
 )
 
-var validStates = []ContainerState{
-	StateCreated, StateRunning, StatePaused, StateRestarting, StateRemoving, StateExited, StateDead,
+var validStates = []string{
+	string(StateCreated),
+	string(StateRunning),
+	string(StatePaused),
+	string(StateRestarting),
+	string(StateRemoving),
+	string(StateExited),
+	string(StateDead),
 }
 
 // ValidateContainerState checks if the provided string is a valid
@@ -34,31 +38,3 @@ func ValidateContainerState(s ContainerState) error {
 		return errInvalidParameter{error: fmt.Errorf("invalid value for state (%s): must be one of %s", s, strings.Join(validStates, ", "))}
 	}
 }
-
-// StateStatus is used to return container wait results.
-// Implements exec.ExitCode interface.
-// This type is needed as State include a sync.Mutex field which make
-// copying it unsafe.
-type StateStatus struct {
-	exitCode int
-	err      error
-}
-
-// ExitCode returns current exitcode for the state.
-func (s StateStatus) ExitCode() int {
-	return s.exitCode
-}
-
-// Err returns current error for the state. Returns nil if the container had
-// exited on its own.
-func (s StateStatus) Err() error {
-	return s.err
-}
-
-// NewStateStatus returns a new StateStatus with the given exit code and error.
-func NewStateStatus(exitCode int, err error) StateStatus {
-	return StateStatus{
-		exitCode: exitCode,
-		err:      err,
-	}
-}
diff --git a/vendor/github.com/docker/docker/api/types/container/stats.go b/vendor/github.com/moby/moby/api/types/container/stats.go
similarity index 67%
rename from vendor/github.com/docker/docker/api/types/container/stats.go
rename to vendor/github.com/moby/moby/api/types/container/stats.go
index 3bfeb4849f..6a34f6ab76 100644
--- a/vendor/github.com/docker/docker/api/types/container/stats.go
+++ b/vendor/github.com/moby/moby/api/types/container/stats.go
@@ -147,31 +147,78 @@ type PidsStats struct {
 	Limit uint64 `json:"limit,omitempty"`
 }
 
-// Stats is Ultimate struct aggregating all types of stats of one container
-//
-// Deprecated: use [StatsResponse] instead. This type will be removed in the next release.
-type Stats = StatsResponse
-
 // StatsResponse aggregates all types of stats of one container.
 type StatsResponse struct {
+	// ID is the ID of the container for which the stats were collected.
+	ID string `json:"id,omitempty"`
+
+	// Name is the name of the container for which the stats were collected.
 	Name string `json:"name,omitempty"`
-	ID   string `json:"id,omitempty"`
 
-	// Common stats
-	Read    time.Time `json:"read"`
-	PreRead time.Time `json:"preread"`
+	// OSType is the OS of the container ("linux" or "windows") to allow
+	// platform-specific handling of stats.
+	OSType string `json:"os_type,omitempty"`
 
-	// Linux specific stats, not populated on Windows.
-	PidsStats  PidsStats  `json:"pids_stats,omitempty"`
+	// Read is the date and time at which this sample was collected.
+	Read time.Time `json:"read"`
+
+	// CPUStats contains CPU related info of the container.
+	CPUStats CPUStats `json:"cpu_stats,omitempty"`
+
+	// MemoryStats aggregates all memory stats since container inception on Linux.
+	// Windows returns stats for commit and private working set only.
+	MemoryStats MemoryStats `json:"memory_stats,omitempty"`
+
+	// Networks contains Nntwork statistics for the container per interface.
+	//
+	// This field is omitted if the container has no networking enabled.
+	Networks map[string]NetworkStats `json:"networks,omitempty"`
+
+	// -------------------------------------------------------------------------
+	// Linux-specific stats, not populated on Windows.
+	// -------------------------------------------------------------------------
+
+	// PidsStats contains Linux-specific stats of a container's process-IDs (PIDs).
+	//
+	// This field is Linux-specific and omitted for Windows containers.
+	PidsStats PidsStats `json:"pids_stats,omitempty"`
+
+	// BlkioStats stores all IO service stats for data read and write.
+	//
+	// This type is Linux-specific and holds many fields that are specific
+	// to cgroups v1.
+	//
+	// On a cgroup v2 host, all fields other than "io_service_bytes_recursive"
+	// are omitted or "null".
+	//
+	// This type is only populated on Linux and omitted for Windows containers.
 	BlkioStats BlkioStats `json:"blkio_stats,omitempty"`
 
-	// Windows specific stats, not populated on Linux.
-	NumProcs     uint32       `json:"num_procs"`
+	// -------------------------------------------------------------------------
+	// Windows-specific stats, not populated on Linux.
+	// -------------------------------------------------------------------------
+
+	// NumProcs is the number of processors on the system.
+	//
+	// This field is Windows-specific and always zero for Linux containers.
+	NumProcs uint32 `json:"num_procs"`
+
+	// StorageStats is the disk I/O stats for read/write on Windows.
+	//
+	// This type is Windows-specific and omitted for Linux containers.
 	StorageStats StorageStats `json:"storage_stats,omitempty"`
 
-	// Shared stats
-	CPUStats    CPUStats                `json:"cpu_stats,omitempty"`
-	PreCPUStats CPUStats                `json:"precpu_stats,omitempty"` // "Pre"="Previous"
-	MemoryStats MemoryStats             `json:"memory_stats,omitempty"`
-	Networks    map[string]NetworkStats `json:"networks,omitempty"`
+	// -------------------------------------------------------------------------
+	// PreRead and PreCPUStats contain the previous sample of stats for
+	// the container, and can be used to perform delta-calculation.
+	// -------------------------------------------------------------------------
+
+	// PreRead is the date and time at which this first sample was collected.
+	// This field is not propagated if the "one-shot" option is set. If the
+	// "one-shot" option is set, this field may be omitted, empty, or set
+	// to a default date (`0001-01-01T00:00:00Z`).
+	PreRead time.Time `json:"preread"`
+
+	// PreCPUStats contains the CPUStats of the previous sample.
+	PreCPUStats CPUStats `json:"precpu_stats,omitempty"`
 }
diff --git a/vendor/github.com/docker/docker/api/types/container/top_response.go b/vendor/github.com/moby/moby/api/types/container/top_response.go
similarity index 63%
rename from vendor/github.com/docker/docker/api/types/container/top_response.go
rename to vendor/github.com/moby/moby/api/types/container/top_response.go
index b4bae5ef03..966603617f 100644
--- a/vendor/github.com/docker/docker/api/types/container/top_response.go
+++ b/vendor/github.com/moby/moby/api/types/container/top_response.go
@@ -1,3 +1,5 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
 package container
 
 // This file was generated by the swagger tool.
@@ -6,13 +8,16 @@ package container
 // TopResponse ContainerTopResponse
 //
 // Container "top" response.
+//
 // swagger:model TopResponse
 type TopResponse struct {
 
 	// Each process running in the container, where each process
 	// is an array of values corresponding to the titles.
+	// Example: {"Processes":[["root","13642","882","0","17:03","pts/0","00:00:00","/bin/bash"],["root","13735","13642","0","17:06","pts/0","00:00:00","sleep 10"]]}
 	Processes [][]string `json:"Processes"`
 
 	// The ps column titles
+	// Example: {"Titles":["UID","PID","PPID","C","STIME","TTY","TIME","CMD"]}
 	Titles []string `json:"Titles"`
 }
diff --git a/vendor/github.com/docker/docker/api/types/container/update_response.go b/vendor/github.com/moby/moby/api/types/container/update_response.go
similarity index 76%
rename from vendor/github.com/docker/docker/api/types/container/update_response.go
rename to vendor/github.com/moby/moby/api/types/container/update_response.go
index e2b5bf5ac0..2f7263b141 100644
--- a/vendor/github.com/docker/docker/api/types/container/update_response.go
+++ b/vendor/github.com/moby/moby/api/types/container/update_response.go
@@ -1,3 +1,5 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
 package container
 
 // This file was generated by the swagger tool.
@@ -6,9 +8,11 @@ package container
 // UpdateResponse ContainerUpdateResponse
 //
 // Response for a successful container-update.
+//
 // swagger:model UpdateResponse
 type UpdateResponse struct {
 
 	// Warnings encountered when updating the container.
+	// Example: ["Published ports are discarded when using host network mode"]
 	Warnings []string `json:"Warnings"`
 }
diff --git a/vendor/github.com/docker/docker/api/types/container/wait_exit_error.go b/vendor/github.com/moby/moby/api/types/container/wait_exit_error.go
similarity index 86%
rename from vendor/github.com/docker/docker/api/types/container/wait_exit_error.go
rename to vendor/github.com/moby/moby/api/types/container/wait_exit_error.go
index ab56d4eed8..96a7770c34 100644
--- a/vendor/github.com/docker/docker/api/types/container/wait_exit_error.go
+++ b/vendor/github.com/moby/moby/api/types/container/wait_exit_error.go
@@ -1,9 +1,12 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
 package container
 
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
 
 // WaitExitError container waiting error, if any
+//
 // swagger:model WaitExitError
 type WaitExitError struct {
 
diff --git a/vendor/github.com/docker/docker/api/types/container/wait_response.go b/vendor/github.com/moby/moby/api/types/container/wait_response.go
similarity index 80%
rename from vendor/github.com/docker/docker/api/types/container/wait_response.go
rename to vendor/github.com/moby/moby/api/types/container/wait_response.go
index 84fc6afddc..68d3c38724 100644
--- a/vendor/github.com/docker/docker/api/types/container/wait_response.go
+++ b/vendor/github.com/moby/moby/api/types/container/wait_response.go
@@ -1,3 +1,5 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
 package container
 
 // This file was generated by the swagger tool.
@@ -5,7 +7,8 @@ package container
 
 // WaitResponse ContainerWaitResponse
 //
-// OK response to ContainerWait operation
+// # OK response to ContainerWait operation
+//
 // swagger:model WaitResponse
 type WaitResponse struct {
 
diff --git a/vendor/github.com/docker/docker/api/types/container/waitcondition.go b/vendor/github.com/moby/moby/api/types/container/waitcondition.go
similarity index 100%
rename from vendor/github.com/docker/docker/api/types/container/waitcondition.go
rename to vendor/github.com/moby/moby/api/types/container/waitcondition.go
diff --git a/vendor/github.com/docker/docker/api/types/events/events.go b/vendor/github.com/moby/moby/api/types/events/events.go
similarity index 90%
rename from vendor/github.com/docker/docker/api/types/events/events.go
rename to vendor/github.com/moby/moby/api/types/events/events.go
index 952c0ff242..b8393addd8 100644
--- a/vendor/github.com/docker/docker/api/types/events/events.go
+++ b/vendor/github.com/moby/moby/api/types/events/events.go
@@ -1,7 +1,5 @@
 package events
 
-import "github.com/docker/docker/api/types/filters"
-
 // Type is used for event-types.
 type Type string
 
@@ -112,15 +110,6 @@ type Actor struct {
 
 // Message represents the information an event contains
 type Message struct {
-	// Deprecated: use Action instead.
-	// Information from JSONMessage.
-	// With data only in container events.
-	Status string `json:"status,omitempty"`
-	// Deprecated: use Actor.ID instead.
-	ID string `json:"id,omitempty"`
-	// Deprecated: use Actor.Attributes["image"] instead.
-	From string `json:"from,omitempty"`
-
 	Type   Type
 	Action Action
 	Actor  Actor
@@ -130,10 +119,3 @@ type Message struct {
 	Time     int64 `json:"time,omitempty"`
 	TimeNano int64 `json:"timeNano,omitempty"`
 }
-
-// ListOptions holds parameters to filter events with.
-type ListOptions struct {
-	Since   string
-	Until   string
-	Filters filters.Args
-}
diff --git a/vendor/github.com/moby/moby/api/types/image/build_identity.go b/vendor/github.com/moby/moby/api/types/image/build_identity.go
new file mode 100644
index 0000000000..1e827dc430
--- /dev/null
+++ b/vendor/github.com/moby/moby/api/types/image/build_identity.go
@@ -0,0 +1,15 @@
+package image
+
+import (
+	"time"
+)
+
+// BuildIdentity contains build reference information if image was created via build.
+type BuildIdentity struct {
+	// Ref is the identifier for the build request. This reference can be used to
+	// look up the build details in BuildKit history API.
+	Ref string `json:"Ref,omitempty"`
+
+	// CreatedAt is the time when the build ran.
+	CreatedAt time.Time `json:"CreatedAt,omitempty"`
+}
diff --git a/vendor/github.com/docker/docker/api/types/image/delete_response.go b/vendor/github.com/moby/moby/api/types/image/delete_response.go
similarity index 89%
rename from vendor/github.com/docker/docker/api/types/image/delete_response.go
rename to vendor/github.com/moby/moby/api/types/image/delete_response.go
index 998620dc6a..b19119a381 100644
--- a/vendor/github.com/docker/docker/api/types/image/delete_response.go
+++ b/vendor/github.com/moby/moby/api/types/image/delete_response.go
@@ -1,9 +1,12 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
 package image
 
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
 
 // DeleteResponse delete response
+//
 // swagger:model DeleteResponse
 type DeleteResponse struct {
 
diff --git a/vendor/github.com/moby/moby/api/types/image/disk_usage.go b/vendor/github.com/moby/moby/api/types/image/disk_usage.go
new file mode 100644
index 0000000000..7297813c1d
--- /dev/null
+++ b/vendor/github.com/moby/moby/api/types/image/disk_usage.go
@@ -0,0 +1,36 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package image
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+// DiskUsage represents system data usage for image resources.
+//
+// swagger:model DiskUsage
+type DiskUsage struct {
+
+	// Count of active images.
+	//
+	// Example: 1
+	ActiveCount int64 `json:"ActiveCount,omitempty"`
+
+	// List of image summaries.
+	//
+	Items []Summary `json:"Items,omitempty"`
+
+	// Disk space that can be reclaimed by removing unused images.
+	//
+	// Example: 12345678
+	Reclaimable int64 `json:"Reclaimable,omitempty"`
+
+	// Count of all images.
+	//
+	// Example: 4
+	TotalCount int64 `json:"TotalCount,omitempty"`
+
+	// Disk space in use by images.
+	//
+	// Example: 98765432
+	TotalSize int64 `json:"TotalSize,omitempty"`
+}
diff --git a/vendor/github.com/docker/docker/api/types/image/image_history.go b/vendor/github.com/moby/moby/api/types/image/history_response_item.go
similarity index 56%
rename from vendor/github.com/docker/docker/api/types/image/image_history.go
rename to vendor/github.com/moby/moby/api/types/image/history_response_item.go
index a6cdab84d8..3de3181ab9 100644
--- a/vendor/github.com/docker/docker/api/types/image/image_history.go
+++ b/vendor/github.com/moby/moby/api/types/image/history_response_item.go
@@ -1,12 +1,14 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
 package image
 
-// ----------------------------------------------------------------------------
-// Code generated by `swagger generate operation`. DO NOT EDIT.
-//
-// See hack/generate-swagger-api.sh
-// ----------------------------------------------------------------------------
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
 
-// HistoryResponseItem individual image layer information in response to ImageHistory operation
+// HistoryResponseItem HistoryResponseItem
+//
+// individual image layer information in response to ImageHistory operation
+//
 // swagger:model HistoryResponseItem
 type HistoryResponseItem struct {
 
diff --git a/vendor/github.com/moby/moby/api/types/image/identity.go b/vendor/github.com/moby/moby/api/types/image/identity.go
new file mode 100644
index 0000000000..3e03045634
--- /dev/null
+++ b/vendor/github.com/moby/moby/api/types/image/identity.go
@@ -0,0 +1,15 @@
+package image
+
+// Identity holds information about the identity and origin of the image.
+// This is trusted information verified by the daemon and cannot be modified
+// by tagging an image to a different name.
+type Identity struct {
+	// Signature contains the properties of verified signatures for the image.
+	Signature []SignatureIdentity `json:"Signature,omitzero"`
+	// Pull contains remote location information if image was created via pull.
+	// If image was pulled via mirror, this contains the original repository location.
+	// After successful push this images also contains the pushed repository location.
+	Pull []PullIdentity `json:"Pull,omitzero"`
+	// Build contains build reference information if image was created via build.
+	Build []BuildIdentity `json:"Build,omitzero"`
+}
diff --git a/vendor/github.com/moby/moby/api/types/image/image.go b/vendor/github.com/moby/moby/api/types/image/image.go
new file mode 100644
index 0000000000..1c8990ae90
--- /dev/null
+++ b/vendor/github.com/moby/moby/api/types/image/image.go
@@ -0,0 +1,18 @@
+package image
+
+import (
+	"time"
+)
+
+// Metadata contains engine-local data about the image.
+type Metadata struct {
+	// LastTagTime is the date and time at which the image was last tagged.
+	LastTagTime time.Time `json:",omitempty"`
+}
+
+// PruneReport contains the response for Engine API:
+// POST "/images/prune"
+type PruneReport struct {
+	ImagesDeleted  []DeleteResponse
+	SpaceReclaimed uint64
+}
diff --git a/vendor/github.com/docker/docker/api/types/image/image_inspect.go b/vendor/github.com/moby/moby/api/types/image/image_inspect.go
similarity index 68%
rename from vendor/github.com/docker/docker/api/types/image/image_inspect.go
rename to vendor/github.com/moby/moby/api/types/image/image_inspect.go
index 1bec0b72b2..df09c9511b 100644
--- a/vendor/github.com/docker/docker/api/types/image/image_inspect.go
+++ b/vendor/github.com/moby/moby/api/types/image/image_inspect.go
@@ -1,9 +1,8 @@
 package image
 
 import (
-	"github.com/docker/docker/api/types/container"
-	"github.com/docker/docker/api/types/storage"
 	dockerspec "github.com/moby/docker-image-spec/specs-go/v1"
+	"github.com/moby/moby/api/types/storage"
 	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
 )
 
@@ -43,18 +42,9 @@ type InspectResponse struct {
 	// the manifest is generated and its digest calculated.
 	RepoDigests []string
 
-	// Parent is the ID of the parent image.
-	//
-	// Depending on how the image was created, this field may be empty and
-	// is only set for images that were built/created locally. This field
-	// is empty if the image was pulled from an image registry.
-	//
-	// Deprecated: this field is deprecated, and will be removed in the next release.
-	Parent string
-
 	// Comment is an optional message that can be set when committing or
-	// importing the image.
-	Comment string
+	// importing the image. This field is omitted if not set.
+	Comment string `json:",omitempty"`
 
 	// Created is the date and time at which the image was created, formatted in
 	// RFC 3339 nano-seconds (time.RFC3339Nano).
@@ -63,32 +53,10 @@ type InspectResponse struct {
 	// and omitted otherwise.
 	Created string `json:",omitempty"`
 
-	// Container is the ID of the container that was used to create the image.
-	//
-	// Depending on how the image was created, this field may be empty.
-	//
-	// Deprecated: this field is omitted in API v1.45, but kept for backward compatibility.
-	Container string `json:",omitempty"`
-
-	// ContainerConfig is an optional field containing the configuration of the
-	// container that was last committed when creating the image.
-	//
-	// Previous versions of Docker builder used this field to store build cache,
-	// and it is not in active use anymore.
-	//
-	// Deprecated: this field is omitted in API v1.45, but kept for backward compatibility.
-	ContainerConfig *container.Config `json:",omitempty"`
-
-	// DockerVersion is the version of Docker that was used to build the image.
-	//
-	// Depending on how the image was created, this field may be empty.
-	//
-	// Deprecated: this field is deprecated, and will be removed in the next release.
-	DockerVersion string
-
 	// Author is the name of the author that was specified when committing the
 	// image, or as specified through MAINTAINER (deprecated) in the Dockerfile.
-	Author string
+	// This field is omitted if not set.
+	Author string `json:",omitempty"`
 	Config *dockerspec.DockerOCIImageConfig
 
 	// Architecture is the hardware CPU architecture that the image runs on.
@@ -107,15 +75,9 @@ type InspectResponse struct {
 	// Size is the total size of the image including all layers it is composed of.
 	Size int64
 
-	// VirtualSize is the total size of the image including all layers it is
-	// composed of.
-	//
-	// Deprecated: this field is omitted in API v1.44, but kept for backward compatibility. Use Size instead.
-	VirtualSize int64 `json:"VirtualSize,omitempty"`
-
 	// GraphDriver holds information about the storage driver used to store the
 	// container's and image's filesystem.
-	GraphDriver storage.DriverData
+	GraphDriver *storage.DriverData `json:"GraphDriver,omitempty"`
 
 	// RootFS contains information about the image's RootFS, including the
 	// layer IDs.
@@ -143,4 +105,33 @@ type InspectResponse struct {
 	// WARNING: This is experimental and may change at any time without any backward
 	// compatibility.
 	Manifests []ManifestSummary `json:"Manifests,omitempty"`
+
+	// Identity holds information about the identity and origin of the image.
+	// This is trusted information verified by the daemon and cannot be modified
+	// by tagging an image to a different name.
+	Identity *Identity `json:"Identity,omitempty"`
 }
+
+// SignatureTimestampType is the type of timestamp used in the signature.
+type SignatureTimestampType string
+
+const (
+	SignatureTimestampTlog      SignatureTimestampType = "Tlog"
+	SignatureTimestampAuthority SignatureTimestampType = "TimestampAuthority"
+)
+
+// SignatureType is the type of signature format.
+type SignatureType string
+
+const (
+	SignatureTypeBundleV03       SignatureType = "bundle-v0.3"
+	SignatureTypeSimpleSigningV1 SignatureType = "simplesigning-v1"
+)
+
+// KnownSignerIdentity is an identifier for a special signer identity that is known to the implementation.
+type KnownSignerIdentity string
+
+const (
+	// KnownSignerDHI is the known identity for Docker Hardened Images.
+	KnownSignerDHI KnownSignerIdentity = "DHI"
+)
diff --git a/vendor/github.com/docker/docker/api/types/image/manifest.go b/vendor/github.com/moby/moby/api/types/image/manifest.go
similarity index 91%
rename from vendor/github.com/docker/docker/api/types/image/manifest.go
rename to vendor/github.com/moby/moby/api/types/image/manifest.go
index db8a00830e..bcd00a0797 100644
--- a/vendor/github.com/docker/docker/api/types/image/manifest.go
+++ b/vendor/github.com/moby/moby/api/types/image/manifest.go
@@ -73,6 +73,11 @@ type ImageProperties struct {
 	// Required: true
 	Platform ocispec.Platform `json:"Platform"`
 
+	// Identity holds information about the identity and origin of the image.
+	// For image list responses, this can duplicate Build/Pull fields across
+	// image manifests, because those parts of identity are image-level metadata.
+	Identity *Identity `json:"Identity,omitempty"`
+
 	Size struct {
 		// Unpacked is the size (in bytes) of the locally unpacked
 		// (uncompressed) image content that's directly usable by the containers
diff --git a/vendor/github.com/moby/moby/api/types/image/pull_identity.go b/vendor/github.com/moby/moby/api/types/image/pull_identity.go
new file mode 100644
index 0000000000..711492b5c5
--- /dev/null
+++ b/vendor/github.com/moby/moby/api/types/image/pull_identity.go
@@ -0,0 +1,8 @@
+package image
+
+// PullIdentity contains remote location information if image was created via pull.
+// If image was pulled via mirror, this contains the original repository location.
+type PullIdentity struct {
+	// Repository is the remote repository location the image was pulled from.
+	Repository string `json:"Repository,omitempty"`
+}
diff --git a/vendor/github.com/moby/moby/api/types/image/signature_identity.go b/vendor/github.com/moby/moby/api/types/image/signature_identity.go
new file mode 100644
index 0000000000..243c2997c4
--- /dev/null
+++ b/vendor/github.com/moby/moby/api/types/image/signature_identity.go
@@ -0,0 +1,26 @@
+package image
+
+// SignatureIdentity contains the properties of verified signatures for the image.
+type SignatureIdentity struct {
+	// Name is a textual description summarizing the type of signature.
+	Name string `json:"Name,omitempty"`
+	// Timestamps contains a list of verified signed timestamps for the signature.
+	Timestamps []SignatureTimestamp `json:"Timestamps,omitzero"`
+	// KnownSigner is an identifier for a special signer identity that is known to the implementation.
+	KnownSigner KnownSignerIdentity `json:"KnownSigner,omitempty"`
+	// DockerReference is the Docker image reference associated with the signature.
+	// This is an optional field only present in older hashedrecord signatures.
+	DockerReference string `json:"DockerReference,omitempty"`
+	// Signer contains information about the signer certificate used to sign the image.
+	Signer *SignerIdentity `json:"Signer,omitempty"`
+	// SignatureType is the type of signature format. E.g. "bundle-v0.3" or "hashedrecord".
+	SignatureType SignatureType `json:"SignatureType,omitempty"`
+
+	// Error contains error information if signature verification failed.
+	// Other fields will be empty in this case.
+	Error string `json:"Error,omitempty"`
+	// Warnings contains any warnings that occurred during signature verification.
+	// For example, if there was no internet connectivity and cached trust roots were used.
+	// Warning does not indicate a failed verification but may point to configuration issues.
+	Warnings []string `json:"Warnings,omitzero"`
+}
diff --git a/vendor/github.com/moby/moby/api/types/image/signature_timestamp.go b/vendor/github.com/moby/moby/api/types/image/signature_timestamp.go
new file mode 100644
index 0000000000..a975ef0eea
--- /dev/null
+++ b/vendor/github.com/moby/moby/api/types/image/signature_timestamp.go
@@ -0,0 +1,12 @@
+package image
+
+import (
+	"time"
+)
+
+// SignatureTimestamp contains information about a verified signed timestamp for an image signature.
+type SignatureTimestamp struct {
+	Type      SignatureTimestampType `json:"Type"`
+	URI       string                 `json:"URI"`
+	Timestamp time.Time              `json:"Timestamp"`
+}
diff --git a/vendor/github.com/moby/moby/api/types/image/signer_identity.go b/vendor/github.com/moby/moby/api/types/image/signer_identity.go
new file mode 100644
index 0000000000..87419e1484
--- /dev/null
+++ b/vendor/github.com/moby/moby/api/types/image/signer_identity.go
@@ -0,0 +1,57 @@
+package image
+
+// SignerIdentity contains information about the signer certificate used to sign the image.
+// This is [certificate.Summary] with deprecated fields removed and keys in Moby uppercase style.
+//
+// [certificate.Summary]: https://pkg.go.dev/github.com/sigstore/sigstore-go/pkg/fulcio/certificate#Summary
+type SignerIdentity struct {
+	CertificateIssuer      string `json:"CertificateIssuer"`
+	SubjectAlternativeName string `json:"SubjectAlternativeName"`
+	// The OIDC issuer. Should match `iss` claim of ID token or, in the case of
+	// a federated login like Dex it should match the issuer URL of the
+	// upstream issuer. The issuer is not set the extensions are invalid and
+	// will fail to render.
+	Issuer string `json:"Issuer,omitempty"` // OID 1.3.6.1.4.1.57264.1.8 and 1.3.6.1.4.1.57264.1.1 (Deprecated)
+
+	// Reference to specific build instructions that are responsible for signing.
+	BuildSignerURI string `json:"BuildSignerURI,omitempty"` // 1.3.6.1.4.1.57264.1.9
+
+	// Immutable reference to the specific version of the build instructions that is responsible for signing.
+	BuildSignerDigest string `json:"BuildSignerDigest,omitempty"` // 1.3.6.1.4.1.57264.1.10
+
+	// Specifies whether the build took place in platform-hosted cloud infrastructure or customer/self-hosted infrastructure.
+	RunnerEnvironment string `json:"RunnerEnvironment,omitempty"` // 1.3.6.1.4.1.57264.1.11
+
+	// Source repository URL that the build was based on.
+	SourceRepositoryURI string `json:"SourceRepositoryURI,omitempty"` // 1.3.6.1.4.1.57264.1.12
+
+	// Immutable reference to a specific version of the source code that the build was based upon.
+	SourceRepositoryDigest string `json:"SourceRepositoryDigest,omitempty"` // 1.3.6.1.4.1.57264.1.13
+
+	// Source Repository Ref that the build run was based upon.
+	SourceRepositoryRef string `json:"SourceRepositoryRef,omitempty"` // 1.3.6.1.4.1.57264.1.14
+
+	// Immutable identifier for the source repository the workflow was based upon.
+	SourceRepositoryIdentifier string `json:"SourceRepositoryIdentifier,omitempty"` // 1.3.6.1.4.1.57264.1.15
+
+	// Source repository owner URL of the owner of the source repository that the build was based on.
+	SourceRepositoryOwnerURI string `json:"SourceRepositoryOwnerURI,omitempty"` // 1.3.6.1.4.1.57264.1.16
+
+	// Immutable identifier for the owner of the source repository that the workflow was based upon.
+	SourceRepositoryOwnerIdentifier string `json:"SourceRepositoryOwnerIdentifier,omitempty"` // 1.3.6.1.4.1.57264.1.17
+
+	// Build Config URL to the top-level/initiating build instructions.
+	BuildConfigURI string `json:"BuildConfigURI,omitempty"` // 1.3.6.1.4.1.57264.1.18
+
+	// Immutable reference to the specific version of the top-level/initiating build instructions.
+	BuildConfigDigest string `json:"BuildConfigDigest,omitempty"` // 1.3.6.1.4.1.57264.1.19
+
+	// Event or action that initiated the build.
+	BuildTrigger string `json:"BuildTrigger,omitempty"` // 1.3.6.1.4.1.57264.1.20
+
+	// Run Invocation URL to uniquely identify the build execution.
+	RunInvocationURI string `json:"RunInvocationURI,omitempty"` // 1.3.6.1.4.1.57264.1.21
+
+	// Source repository visibility at the time of signing the certificate.
+	SourceRepositoryVisibilityAtSigning string `json:"SourceRepositoryVisibilityAtSigning,omitempty"` // 1.3.6.1.4.1.57264.1.22
+}
diff --git a/vendor/github.com/docker/docker/api/types/image/summary.go b/vendor/github.com/moby/moby/api/types/image/summary.go
similarity index 93%
rename from vendor/github.com/docker/docker/api/types/image/summary.go
rename to vendor/github.com/moby/moby/api/types/image/summary.go
index c5ae6ab9ca..3d4dd165a3 100644
--- a/vendor/github.com/docker/docker/api/types/image/summary.go
+++ b/vendor/github.com/moby/moby/api/types/image/summary.go
@@ -3,7 +3,6 @@ package image
 import ocispec "github.com/opencontainers/image-spec/specs-go/v1"
 
 type Summary struct {
-
 	// Number of containers using this image. Includes both stopped and running
 	// containers.
 	//
@@ -93,9 +92,4 @@ type Summary struct {
 	//
 	// Required: true
 	Size int64 `json:"Size"`
-
-	// Total size of the image including all layers it is composed of.
-	//
-	// Deprecated: this field is omitted in API v1.44, but kept for backward compatibility. Use Size instead.
-	VirtualSize int64 `json:"VirtualSize,omitempty"`
 }
diff --git a/vendor/github.com/moby/moby/api/types/jsonstream/json_error.go b/vendor/github.com/moby/moby/api/types/jsonstream/json_error.go
new file mode 100644
index 0000000000..0dcc9337db
--- /dev/null
+++ b/vendor/github.com/moby/moby/api/types/jsonstream/json_error.go
@@ -0,0 +1,15 @@
+package jsonstream
+
+// Error wraps a concrete Code and Message, Code is
+// an integer error code, Message is the error message.
+type Error struct {
+	Code    int    `json:"code,omitempty"`
+	Message string `json:"message,omitempty"`
+}
+
+func (e *Error) Error() string {
+	if e == nil {
+		return "<nil>"
+	}
+	return e.Message
+}
diff --git a/vendor/github.com/moby/moby/api/types/jsonstream/message.go b/vendor/github.com/moby/moby/api/types/jsonstream/message.go
new file mode 100644
index 0000000000..6b74bd9327
--- /dev/null
+++ b/vendor/github.com/moby/moby/api/types/jsonstream/message.go
@@ -0,0 +1,15 @@
+package jsonstream
+
+import "encoding/json"
+
+// Message defines a message struct. It describes
+// the created time, where it from, status, ID of the
+// message.
+type Message struct {
+	Stream   string           `json:"stream,omitempty"`
+	Status   string           `json:"status,omitempty"`
+	Progress *Progress        `json:"progressDetail,omitempty"`
+	ID       string           `json:"id,omitempty"`
+	Error    *Error           `json:"errorDetail,omitempty"`
+	Aux      *json.RawMessage `json:"aux,omitempty"` // Aux contains out-of-band data, such as digests for push signing and image id after building.
+}
diff --git a/vendor/github.com/moby/moby/api/types/jsonstream/progress.go b/vendor/github.com/moby/moby/api/types/jsonstream/progress.go
new file mode 100644
index 0000000000..5c38b3b5ef
--- /dev/null
+++ b/vendor/github.com/moby/moby/api/types/jsonstream/progress.go
@@ -0,0 +1,10 @@
+package jsonstream
+
+// Progress describes a progress message in a JSON stream.
+type Progress struct {
+	Current    int64  `json:"current,omitempty"`    // Current is the current status and value of the progress made towards Total.
+	Total      int64  `json:"total,omitempty"`      // Total is the end value describing when we made 100% progress for an operation.
+	Start      int64  `json:"start,omitempty"`      // Start is the initial value for the operation.
+	HideCounts bool   `json:"hidecounts,omitempty"` // HideCounts. if true, hides the progress count indicator (xB/yB).
+	Units      string `json:"units,omitempty"`      // Units is the unit to print for progress. It defaults to "bytes" if empty.
+}
diff --git a/vendor/github.com/docker/docker/api/types/mount/mount.go b/vendor/github.com/moby/moby/api/types/mount/mount.go
similarity index 100%
rename from vendor/github.com/docker/docker/api/types/mount/mount.go
rename to vendor/github.com/moby/moby/api/types/mount/mount.go
diff --git a/vendor/github.com/moby/moby/api/types/network/config_reference.go b/vendor/github.com/moby/moby/api/types/network/config_reference.go
new file mode 100644
index 0000000000..1158afe655
--- /dev/null
+++ b/vendor/github.com/moby/moby/api/types/network/config_reference.go
@@ -0,0 +1,20 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package network
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+// ConfigReference The config-only network source to provide the configuration for
+// this network.
+//
+// swagger:model ConfigReference
+type ConfigReference struct {
+
+	// The name of the config-only network that provides the network's
+	// configuration. The specified network must be an existing config-only
+	// network. Only network names are allowed, not network IDs.
+	//
+	// Example: config_only_network_01
+	Network string `json:"Network"`
+}
diff --git a/vendor/github.com/moby/moby/api/types/network/connect_request.go b/vendor/github.com/moby/moby/api/types/network/connect_request.go
new file mode 100644
index 0000000000..2ff14d3603
--- /dev/null
+++ b/vendor/github.com/moby/moby/api/types/network/connect_request.go
@@ -0,0 +1,20 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package network
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+// ConnectRequest NetworkConnectRequest represents the data to be used to connect a container to a network.
+//
+// swagger:model ConnectRequest
+type ConnectRequest struct {
+
+	// The ID or name of the container to connect to the network.
+	// Example: 3613f73ba0e4
+	// Required: true
+	Container string `json:"Container"`
+
+	// endpoint config
+	EndpointConfig *EndpointSettings `json:"EndpointConfig,omitempty"`
+}
diff --git a/vendor/github.com/docker/docker/api/types/network/create_response.go b/vendor/github.com/moby/moby/api/types/network/create_response.go
similarity index 71%
rename from vendor/github.com/docker/docker/api/types/network/create_response.go
rename to vendor/github.com/moby/moby/api/types/network/create_response.go
index c32b35bff5..1997059912 100644
--- a/vendor/github.com/docker/docker/api/types/network/create_response.go
+++ b/vendor/github.com/moby/moby/api/types/network/create_response.go
@@ -1,3 +1,5 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
 package network
 
 // This file was generated by the swagger tool.
@@ -5,11 +7,13 @@ package network
 
 // CreateResponse NetworkCreateResponse
 //
-// OK response to NetworkCreate operation
+// # OK response to NetworkCreate operation
+//
 // swagger:model CreateResponse
 type CreateResponse struct {
 
 	// The ID of the created network.
+	// Example: b5c4fc71e8022147cd25de22b22173de4e3b170134117172eb595cb91b4e7e5d
 	// Required: true
 	ID string `json:"Id"`
 
diff --git a/vendor/github.com/moby/moby/api/types/network/disconnect_request.go b/vendor/github.com/moby/moby/api/types/network/disconnect_request.go
new file mode 100644
index 0000000000..7b1f521e77
--- /dev/null
+++ b/vendor/github.com/moby/moby/api/types/network/disconnect_request.go
@@ -0,0 +1,21 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package network
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+// DisconnectRequest NetworkDisconnectRequest represents the data to be used to disconnect a container from a network.
+//
+// swagger:model DisconnectRequest
+type DisconnectRequest struct {
+
+	// The ID or name of the container to disconnect from the network.
+	// Example: 3613f73ba0e4
+	// Required: true
+	Container string `json:"Container"`
+
+	// Force the container to disconnect from the network.
+	// Example: false
+	Force bool `json:"Force"`
+}
diff --git a/vendor/github.com/moby/moby/api/types/network/endpoint.go b/vendor/github.com/moby/moby/api/types/network/endpoint.go
new file mode 100644
index 0000000000..c4c1766cf2
--- /dev/null
+++ b/vendor/github.com/moby/moby/api/types/network/endpoint.go
@@ -0,0 +1,74 @@
+package network
+
+import (
+	"maps"
+	"net/netip"
+	"slices"
+)
+
+// EndpointSettings stores the network endpoint details
+type EndpointSettings struct {
+	// Configuration data
+	IPAMConfig *EndpointIPAMConfig
+	Links      []string
+	Aliases    []string // Aliases holds the list of extra, user-specified DNS names for this endpoint.
+	DriverOpts map[string]string
+
+	// GwPriority determines which endpoint will provide the default gateway
+	// for the container. The endpoint with the highest priority will be used.
+	// If multiple endpoints have the same priority, they are lexicographically
+	// sorted based on their network name, and the one that sorts first is picked.
+	GwPriority int
+
+	// Operational data
+
+	NetworkID  string
+	EndpointID string
+	Gateway    netip.Addr
+	IPAddress  netip.Addr
+
+	// MacAddress may be used to specify a MAC address when the container is created.
+	// Once the container is running, it becomes operational data (it may contain a
+	// generated address).
+	MacAddress          HardwareAddr
+	IPPrefixLen         int
+	IPv6Gateway         netip.Addr
+	GlobalIPv6Address   netip.Addr
+	GlobalIPv6PrefixLen int
+	// DNSNames holds all the (non fully qualified) DNS names associated to this
+	// endpoint. The first entry is used to generate PTR records.
+	DNSNames []string
+}
+
+// Copy makes a deep copy of `EndpointSettings`
+func (es *EndpointSettings) Copy() *EndpointSettings {
+	if es == nil {
+		return nil
+	}
+
+	epCopy := *es
+	epCopy.IPAMConfig = es.IPAMConfig.Copy()
+	epCopy.Links = slices.Clone(es.Links)
+	epCopy.Aliases = slices.Clone(es.Aliases)
+	epCopy.DNSNames = slices.Clone(es.DNSNames)
+	epCopy.DriverOpts = maps.Clone(es.DriverOpts)
+
+	return &epCopy
+}
+
+// EndpointIPAMConfig represents IPAM configurations for the endpoint
+type EndpointIPAMConfig struct {
+	IPv4Address  netip.Addr   `json:"IPv4Address,omitzero"`
+	IPv6Address  netip.Addr   `json:"IPv6Address,omitzero"`
+	LinkLocalIPs []netip.Addr `json:"LinkLocalIPs,omitempty"`
+}
+
+// Copy makes a copy of the endpoint ipam config
+func (cfg *EndpointIPAMConfig) Copy() *EndpointIPAMConfig {
+	if cfg == nil {
+		return nil
+	}
+	cfgCopy := *cfg
+	cfgCopy.LinkLocalIPs = slices.Clone(cfg.LinkLocalIPs)
+	return &cfgCopy
+}
diff --git a/vendor/github.com/moby/moby/api/types/network/endpoint_resource.go b/vendor/github.com/moby/moby/api/types/network/endpoint_resource.go
new file mode 100644
index 0000000000..bf493ad5dd
--- /dev/null
+++ b/vendor/github.com/moby/moby/api/types/network/endpoint_resource.go
@@ -0,0 +1,35 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package network
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"net/netip"
+)
+
+// EndpointResource contains network resources allocated and used for a container in a network.
+//
+// swagger:model EndpointResource
+type EndpointResource struct {
+
+	// name
+	// Example: container_1
+	Name string `json:"Name"`
+
+	// endpoint ID
+	// Example: 628cadb8bcb92de107b2a1e516cbffe463e321f548feb37697cce00ad694f21a
+	EndpointID string `json:"EndpointID"`
+
+	// mac address
+	// Example: 02:42:ac:13:00:02
+	MacAddress HardwareAddr `json:"MacAddress"`
+
+	// IPv4 address
+	// Example: 172.19.0.2/16
+	IPv4Address netip.Prefix `json:"IPv4Address"`
+
+	// IPv6 address
+	IPv6Address netip.Prefix `json:"IPv6Address"`
+}
diff --git a/vendor/github.com/moby/moby/api/types/network/hwaddr.go b/vendor/github.com/moby/moby/api/types/network/hwaddr.go
new file mode 100644
index 0000000000..b2a4dfb1a1
--- /dev/null
+++ b/vendor/github.com/moby/moby/api/types/network/hwaddr.go
@@ -0,0 +1,39 @@
+package network
+
+import (
+	"encoding"
+	"fmt"
+	"net"
+)
+
+// A HardwareAddr represents a physical hardware address.
+// It implements [encoding.TextMarshaler] and [encoding.TextUnmarshaler]
+// in the absence of go.dev/issue/29678.
+type HardwareAddr net.HardwareAddr
+
+var (
+	_ encoding.TextMarshaler   = (HardwareAddr)(nil)
+	_ encoding.TextUnmarshaler = (*HardwareAddr)(nil)
+	_ fmt.Stringer             = (HardwareAddr)(nil)
+)
+
+func (m *HardwareAddr) UnmarshalText(text []byte) error {
+	if len(text) == 0 {
+		*m = nil
+		return nil
+	}
+	hw, err := net.ParseMAC(string(text))
+	if err != nil {
+		return err
+	}
+	*m = HardwareAddr(hw)
+	return nil
+}
+
+func (m HardwareAddr) MarshalText() ([]byte, error) {
+	return []byte(net.HardwareAddr(m).String()), nil
+}
+
+func (m HardwareAddr) String() string {
+	return net.HardwareAddr(m).String()
+}
diff --git a/vendor/github.com/moby/moby/api/types/network/inspect.go b/vendor/github.com/moby/moby/api/types/network/inspect.go
new file mode 100644
index 0000000000..cded5e6081
--- /dev/null
+++ b/vendor/github.com/moby/moby/api/types/network/inspect.go
@@ -0,0 +1,27 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package network
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+// Inspect The body of the "get network" http response message.
+//
+// swagger:model Inspect
+type Inspect struct {
+	Network
+
+	// Contains endpoints attached to the network.
+	//
+	// Example: {"19a4d5d687db25203351ed79d478946f861258f018fe384f229f2efa4b23513c":{"EndpointID":"628cadb8bcb92de107b2a1e516cbffe463e321f548feb37697cce00ad694f21a","IPv4Address":"172.19.0.2/16","IPv6Address":"","MacAddress":"02:42:ac:13:00:02","Name":"test"}}
+	Containers map[string]EndpointResource `json:"Containers"`
+
+	// List of services using the network. This field is only present for
+	// swarm scope networks, and omitted for local scope networks.
+	//
+	Services map[string]ServiceInfo `json:"Services,omitempty"`
+
+	// provides runtime information about the network such as the number of allocated IPs.
+	//
+	Status *Status `json:"Status,omitempty"`
+}
diff --git a/vendor/github.com/moby/moby/api/types/network/ipam.go b/vendor/github.com/moby/moby/api/types/network/ipam.go
new file mode 100644
index 0000000000..3fb357fc6c
--- /dev/null
+++ b/vendor/github.com/moby/moby/api/types/network/ipam.go
@@ -0,0 +1,22 @@
+package network
+
+import (
+	"net/netip"
+)
+
+// IPAM represents IP Address Management
+type IPAM struct {
+	Driver  string
+	Options map[string]string // Per network IPAM driver options
+	Config  []IPAMConfig
+}
+
+// IPAMConfig represents IPAM configurations
+type IPAMConfig struct {
+	Subnet     netip.Prefix          `json:"Subnet,omitzero"`
+	IPRange    netip.Prefix          `json:"IPRange,omitzero"`
+	Gateway    netip.Addr            `json:"Gateway,omitzero"`
+	AuxAddress map[string]netip.Addr `json:"AuxiliaryAddresses,omitempty"`
+}
+
+type SubnetStatuses = map[netip.Prefix]SubnetStatus
diff --git a/vendor/github.com/moby/moby/api/types/network/ipam_status.go b/vendor/github.com/moby/moby/api/types/network/ipam_status.go
new file mode 100644
index 0000000000..7eb4e8487e
--- /dev/null
+++ b/vendor/github.com/moby/moby/api/types/network/ipam_status.go
@@ -0,0 +1,16 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package network
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+// IPAMStatus IPAM status
+//
+// swagger:model IPAMStatus
+type IPAMStatus struct {
+
+	// subnets
+	// Example: {"172.16.0.0/16":{"DynamicIPsAvailable":65533,"IPsInUse":3},"2001:db8:abcd:0012::0/96":{"DynamicIPsAvailable":4294967291,"IPsInUse":5}}
+	Subnets SubnetStatuses `json:"Subnets,omitempty"`
+}
diff --git a/vendor/github.com/moby/moby/api/types/network/network.go b/vendor/github.com/moby/moby/api/types/network/network.go
new file mode 100644
index 0000000000..a7d9c0f6ad
--- /dev/null
+++ b/vendor/github.com/moby/moby/api/types/network/network.go
@@ -0,0 +1,100 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package network
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	timeext "time"
+)
+
+// Network network
+//
+// swagger:model Network
+type Network struct {
+
+	// Name of the network.
+	//
+	// Example: my_network
+	Name string `json:"Name"`
+
+	// ID that uniquely identifies a network on a single machine.
+	//
+	// Example: 7d86d31b1478e7cca9ebed7e73aa0fdeec46c5ca29497431d3007d2d9e15ed99
+	ID string `json:"Id"`
+
+	// Date and time at which the network was created in
+	// [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format with nano-seconds.
+	//
+	// Example: 2016-10-19T04:33:30.360899459Z
+	Created timeext.Time `json:"Created"`
+
+	// The level at which the network exists (e.g. `swarm` for cluster-wide
+	// or `local` for machine level)
+	//
+	// Example: local
+	Scope string `json:"Scope"`
+
+	// The name of the driver used to create the network (e.g. `bridge`,
+	// `overlay`).
+	//
+	// Example: overlay
+	Driver string `json:"Driver"`
+
+	// Whether the network was created with IPv4 enabled.
+	//
+	// Example: true
+	EnableIPv4 bool `json:"EnableIPv4"`
+
+	// Whether the network was created with IPv6 enabled.
+	//
+	// Example: false
+	EnableIPv6 bool `json:"EnableIPv6"`
+
+	// The network's IP Address Management.
+	//
+	IPAM IPAM `json:"IPAM"`
+
+	// Whether the network is created to only allow internal networking
+	// connectivity.
+	//
+	// Example: false
+	Internal bool `json:"Internal"`
+
+	// Whether a global / swarm scope network is manually attachable by regular
+	// containers from workers in swarm mode.
+	//
+	// Example: false
+	Attachable bool `json:"Attachable"`
+
+	// Whether the network is providing the routing-mesh for the swarm cluster.
+	//
+	// Example: false
+	Ingress bool `json:"Ingress"`
+
+	// config from
+	ConfigFrom ConfigReference `json:"ConfigFrom"`
+
+	// Whether the network is a config-only network. Config-only networks are
+	// placeholder networks for network configurations to be used by other
+	// networks. Config-only networks cannot be used directly to run containers
+	// or services.
+	//
+	ConfigOnly bool `json:"ConfigOnly"`
+
+	// Network-specific options uses when creating the network.
+	//
+	// Example: {"com.docker.network.bridge.default_bridge":"true","com.docker.network.bridge.enable_icc":"true","com.docker.network.bridge.enable_ip_masquerade":"true","com.docker.network.bridge.host_binding_ipv4":"0.0.0.0","com.docker.network.bridge.name":"docker0","com.docker.network.driver.mtu":"1500"}
+	Options map[string]string `json:"Options"`
+
+	// Metadata specific to the network being created.
+	//
+	// Example: {"com.example.some-label":"some-value","com.example.some-other-label":"some-other-value"}
+	Labels map[string]string `json:"Labels"`
+
+	// List of peer nodes for an overlay network. This field is only present
+	// for overlay networks, and omitted for other network types.
+	//
+	Peers []PeerInfo `json:"Peers,omitempty"`
+}
diff --git a/vendor/github.com/moby/moby/api/types/network/network_types.go b/vendor/github.com/moby/moby/api/types/network/network_types.go
new file mode 100644
index 0000000000..5401f55f82
--- /dev/null
+++ b/vendor/github.com/moby/moby/api/types/network/network_types.go
@@ -0,0 +1,43 @@
+package network
+
+const (
+	// NetworkDefault is a platform-independent alias to choose the platform-specific default network stack.
+	NetworkDefault = "default"
+	// NetworkHost is the name of the predefined network used when the NetworkMode host is selected (only available on Linux)
+	NetworkHost = "host"
+	// NetworkNone is the name of the predefined network used when the NetworkMode none is selected (available on both Linux and Windows)
+	NetworkNone = "none"
+	// NetworkBridge is the name of the default network on Linux
+	NetworkBridge = "bridge"
+	// NetworkNat is the name of the default network on Windows
+	NetworkNat = "nat"
+)
+
+// CreateRequest is the request message sent to the server for network create call.
+type CreateRequest struct {
+	Name       string            // Name is the requested name of the network.
+	Driver     string            // Driver is the driver-name used to create the network (e.g. `bridge`, `overlay`)
+	Scope      string            // Scope describes the level at which the network exists (e.g. `swarm` for cluster-wide or `local` for machine level).
+	EnableIPv4 *bool             `json:",omitempty"` // EnableIPv4 represents whether to enable IPv4.
+	EnableIPv6 *bool             `json:",omitempty"` // EnableIPv6 represents whether to enable IPv6.
+	IPAM       *IPAM             // IPAM is the network's IP Address Management.
+	Internal   bool              // Internal represents if the network is used internal only.
+	Attachable bool              // Attachable represents if the global scope is manually attachable by regular containers from workers in swarm mode.
+	Ingress    bool              // Ingress indicates the network is providing the routing-mesh for the swarm cluster.
+	ConfigOnly bool              // ConfigOnly creates a config-only network. Config-only networks are place-holder networks for network configurations to be used by other networks. ConfigOnly networks cannot be used directly to run containers or services.
+	ConfigFrom *ConfigReference  // ConfigFrom specifies the source which will provide the configuration for this network. The specified network must be a config-only network; see [CreateOptions.ConfigOnly].
+	Options    map[string]string // Options specifies the network-specific options to use for when creating the network.
+	Labels     map[string]string // Labels holds metadata specific to the network being created.
+}
+
+// NetworkingConfig represents the container's networking configuration for each of its interfaces
+// Carries the networking configs specified in the `docker run` and `docker network connect` commands
+type NetworkingConfig struct {
+	EndpointsConfig map[string]*EndpointSettings // Endpoint configs for each connecting network
+}
+
+// PruneReport contains the response for Engine API:
+// POST "/networks/prune"
+type PruneReport struct {
+	NetworksDeleted []string
+}
diff --git a/vendor/github.com/moby/moby/api/types/network/peer_info.go b/vendor/github.com/moby/moby/api/types/network/peer_info.go
new file mode 100644
index 0000000000..dc88ec16fa
--- /dev/null
+++ b/vendor/github.com/moby/moby/api/types/network/peer_info.go
@@ -0,0 +1,24 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package network
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"net/netip"
+)
+
+// PeerInfo represents one peer of an overlay network.
+//
+// swagger:model PeerInfo
+type PeerInfo struct {
+
+	// ID of the peer-node in the Swarm cluster.
+	// Example: 6869d7c1732b
+	Name string `json:"Name"`
+
+	// IP-address of the peer-node in the Swarm cluster.
+	// Example: 10.133.77.91
+	IP netip.Addr `json:"IP"`
+}
diff --git a/vendor/github.com/moby/moby/api/types/network/port.go b/vendor/github.com/moby/moby/api/types/network/port.go
new file mode 100644
index 0000000000..d12d55ab3d
--- /dev/null
+++ b/vendor/github.com/moby/moby/api/types/network/port.go
@@ -0,0 +1,372 @@
+package network
+
+import (
+	"errors"
+	"fmt"
+	"iter"
+	"net/netip"
+	"strconv"
+	"strings"
+	"unique"
+)
+
+// IPProtocol represents a network protocol for a port.
+type IPProtocol string
+
+const (
+	TCP  IPProtocol = "tcp"
+	UDP  IPProtocol = "udp"
+	SCTP IPProtocol = "sctp"
+)
+
+// Sentinel port proto value for zero Port and PortRange values.
+var protoZero unique.Handle[IPProtocol]
+
+// Port is a type representing a single port number and protocol in the format "<portnum>/[<proto>]".
+//
+// The zero port value, i.e. Port{}, is invalid; use [ParsePort] to create a valid Port value.
+type Port struct {
+	num   uint16
+	proto unique.Handle[IPProtocol]
+}
+
+// ParsePort parses s as a [Port].
+//
+// It normalizes the provided protocol such that "80/tcp", "80/TCP", and "80/tCp" are equivalent.
+// If a port number is provided, but no protocol, the default ("tcp") protocol is returned.
+func ParsePort(s string) (Port, error) {
+	if s == "" {
+		return Port{}, errors.New("invalid port: value is empty")
+	}
+
+	port, proto, _ := strings.Cut(s, "/")
+
+	portNum, err := parsePortNumber(port)
+	if err != nil {
+		return Port{}, fmt.Errorf("invalid port '%s': %w", port, err)
+	}
+
+	normalizedPortProto := normalizePortProto(proto)
+	return Port{num: portNum, proto: normalizedPortProto}, nil
+}
+
+// MustParsePort calls [ParsePort](s) and panics on error.
+//
+// It is intended for use in tests with hard-coded strings.
+func MustParsePort(s string) Port {
+	p, err := ParsePort(s)
+	if err != nil {
+		panic(err)
+	}
+	return p
+}
+
+// PortFrom returns a [Port] with the given number and protocol.
+//
+// If no protocol is specified (i.e. proto == ""), then PortFrom returns Port{}, false.
+func PortFrom(num uint16, proto IPProtocol) (p Port, ok bool) {
+	if proto == "" {
+		return Port{}, false
+	}
+	normalized := normalizePortProto(string(proto))
+	return Port{num: num, proto: normalized}, true
+}
+
+// Num returns p's port number.
+func (p Port) Num() uint16 {
+	return p.num
+}
+
+// Port returns p's port number as a string.
+//
+// It returns an empty string for zero-values.
+func (p Port) Port() string {
+	if p.proto == protoZero {
+		return ""
+	}
+	return strconv.Itoa(int(p.num))
+}
+
+// Proto returns p's network protocol.
+func (p Port) Proto() IPProtocol {
+	if p.proto == protoZero {
+		return ""
+	}
+	return p.proto.Value()
+}
+
+// IsZero reports whether p is the zero value.
+func (p Port) IsZero() bool {
+	return p.proto == protoZero
+}
+
+// IsValid reports whether p is an initialized valid port (not the zero value).
+func (p Port) IsValid() bool {
+	return p.proto != protoZero
+}
+
+// String returns a string representation of the port in the format "<portnum>/<proto>".
+// If the port is the zero value, it returns "invalid port", and users should
+// check [PortRange.IsValid] or [PortRange.IsZero] before using this method.
+func (p Port) String() string {
+	switch p.proto {
+	case protoZero:
+		return "invalid port"
+	default:
+		return string(p.AppendTo(nil))
+	}
+}
+
+// AppendText implements [encoding.TextAppender] interface.
+// It is the same as [Port.AppendTo] but returns an error to satisfy the interface.
+func (p Port) AppendText(b []byte) ([]byte, error) {
+	return p.AppendTo(b), nil
+}
+
+// AppendTo appends a text encoding of p to b and returns the extended buffer.
+func (p Port) AppendTo(b []byte) []byte {
+	if p.IsZero() {
+		return b
+	}
+	return fmt.Appendf(b, "%d/%s", p.num, p.proto.Value())
+}
+
+// MarshalText implements [encoding.TextMarshaler] interface.
+func (p Port) MarshalText() ([]byte, error) {
+	return p.AppendText(nil)
+}
+
+// UnmarshalText implements [encoding.TextUnmarshaler] interface.
+func (p *Port) UnmarshalText(text []byte) error {
+	if len(text) == 0 {
+		*p = Port{}
+		return nil
+	}
+
+	port, err := ParsePort(string(text))
+	if err != nil {
+		return err
+	}
+
+	*p = port
+	return nil
+}
+
+// Range returns a [PortRange] representing the single port.
+func (p Port) Range() PortRange {
+	return PortRange{start: p.num, end: p.num, proto: p.proto}
+}
+
+// PortSet is a collection of structs indexed by [Port].
+type PortSet = map[Port]struct{}
+
+// PortBinding represents a binding between a Host IP address and a Host Port.
+type PortBinding struct {
+	// HostIP is the host IP Address
+	HostIP netip.Addr `json:"HostIp"`
+	// HostPort is the host port number
+	HostPort string `json:"HostPort"`
+}
+
+// PortMap is a collection of [PortBinding] indexed by [Port].
+type PortMap = map[Port][]PortBinding
+
+// PortRange represents a range of port numbers and a protocol in the format "8000-9000/tcp".
+//
+// The zero port range value, i.e. PortRange{}, is invalid; use [ParsePortRange] to create a valid PortRange value.
+type PortRange struct {
+	start uint16
+	end   uint16
+	proto unique.Handle[IPProtocol]
+}
+
+// ParsePortRange parses s as a [PortRange].
+//
+// It normalizes the provided protocol such that "80-90/tcp", "80-90/TCP", and "80-90/tCp" are equivalent.
+// If a port number range is provided, but no protocol, the default ("tcp") protocol is returned.
+func ParsePortRange(s string) (PortRange, error) {
+	if s == "" {
+		return PortRange{}, errors.New("invalid port range: value is empty")
+	}
+
+	portRange, proto, _ := strings.Cut(s, "/")
+
+	start, end, ok := strings.Cut(portRange, "-")
+	startVal, err := parsePortNumber(start)
+	if err != nil {
+		return PortRange{}, fmt.Errorf("invalid start port '%s': %w", start, err)
+	}
+
+	portProto := normalizePortProto(proto)
+
+	if !ok || start == end {
+		return PortRange{start: startVal, end: startVal, proto: portProto}, nil
+	}
+
+	endVal, err := parsePortNumber(end)
+	if err != nil {
+		return PortRange{}, fmt.Errorf("invalid end port '%s': %w", end, err)
+	}
+	if endVal < startVal {
+		return PortRange{}, errors.New("invalid port range: " + s)
+	}
+	return PortRange{start: startVal, end: endVal, proto: portProto}, nil
+}
+
+// MustParsePortRange calls [ParsePortRange](s) and panics on error.
+// It is intended for use in tests with hard-coded strings.
+func MustParsePortRange(s string) PortRange {
+	pr, err := ParsePortRange(s)
+	if err != nil {
+		panic(err)
+	}
+	return pr
+}
+
+// PortRangeFrom returns a [PortRange] with the given start and end port numbers and protocol.
+//
+// If end < start or no protocol is specified (i.e. proto == ""), then PortRangeFrom returns PortRange{}, false.
+func PortRangeFrom(start, end uint16, proto IPProtocol) (pr PortRange, ok bool) {
+	if end < start || proto == "" {
+		return PortRange{}, false
+	}
+	normalized := normalizePortProto(string(proto))
+	return PortRange{start: start, end: end, proto: normalized}, true
+}
+
+// Start returns pr's start port number.
+func (pr PortRange) Start() uint16 {
+	return pr.start
+}
+
+// End returns pr's end port number.
+func (pr PortRange) End() uint16 {
+	return pr.end
+}
+
+// Proto returns pr's network protocol.
+func (pr PortRange) Proto() IPProtocol {
+	if pr.proto == protoZero {
+		return ""
+	}
+	return pr.proto.Value()
+}
+
+// IsZero reports whether pr is the zero value.
+func (pr PortRange) IsZero() bool {
+	return pr.proto == protoZero
+}
+
+// IsValid reports whether pr is an initialized valid port range (not the zero value).
+func (pr PortRange) IsValid() bool {
+	return pr.proto != protoZero
+}
+
+// String returns a string representation of the port range in the format
+// "<start>-<end>/<proto>" or "<portnum>/<proto>" (if start == end).
+//
+// If the port range is the zero value, it returns "invalid port range",
+// and users should check [PortRange.IsValid] or [PortRange.IsZero] before
+// using this method.
+func (pr PortRange) String() string {
+	switch pr.proto {
+	case protoZero:
+		return "invalid port range"
+	default:
+		return string(pr.AppendTo(nil))
+	}
+}
+
+// AppendText implements [encoding.TextAppender] interface.
+// It is the same as [PortRange.AppendTo] but returns an error to satisfy the interface.
+func (pr PortRange) AppendText(b []byte) ([]byte, error) {
+	return pr.AppendTo(b), nil
+}
+
+// AppendTo appends a text encoding of pr to b and returns the extended buffer.
+func (pr PortRange) AppendTo(b []byte) []byte {
+	if pr.IsZero() {
+		return b
+	}
+	if pr.start == pr.end {
+		return fmt.Appendf(b, "%d/%s", pr.start, pr.proto.Value())
+	}
+	return fmt.Appendf(b, "%d-%d/%s", pr.start, pr.end, pr.proto.Value())
+}
+
+// MarshalText implements [encoding.TextMarshaler] interface.
+func (pr PortRange) MarshalText() ([]byte, error) {
+	return pr.AppendText(nil)
+}
+
+// UnmarshalText implements [encoding.TextUnmarshaler] interface.
+func (pr *PortRange) UnmarshalText(text []byte) error {
+	if len(text) == 0 {
+		*pr = PortRange{}
+		return nil
+	}
+
+	portRange, err := ParsePortRange(string(text))
+	if err != nil {
+		return err
+	}
+	*pr = portRange
+	return nil
+}
+
+// Range returns pr.
+func (pr PortRange) Range() PortRange {
+	return pr
+}
+
+// All returns an iterator over all the individual ports in the range.
+//
+// For example:
+//
+//	for port := range pr.All() {
+//	    // ...
+//	}
+func (pr PortRange) All() iter.Seq[Port] {
+	return func(yield func(Port) bool) {
+		// Do not skip zero values here, because a zero-value means
+		// "map the port to an ephemeral host port".
+		//
+		// For example, "--port 80" is shorthand for "--port 0:80"
+		// ("--port <ephemeral port>:80").
+		for i := uint32(pr.Start()); i <= uint32(pr.End()); i++ {
+			if !yield(Port{num: uint16(i), proto: pr.proto}) {
+				return
+			}
+		}
+	}
+}
+
+// parsePortNumber parses rawPort into an int, unwrapping strconv errors
+// and returning a single "out of range" error for any value outside 0–65535.
+func parsePortNumber(rawPort string) (uint16, error) {
+	if rawPort == "" {
+		return 0, errors.New("value is empty")
+	}
+	port, err := strconv.ParseUint(rawPort, 10, 16)
+	if err != nil {
+		var numErr *strconv.NumError
+		if errors.As(err, &numErr) {
+			err = numErr.Err
+		}
+		return 0, err
+	}
+
+	return uint16(port), nil
+}
+
+// normalizePortProto normalizes the protocol string such that "tcp", "TCP", and "tCp" are equivalent.
+// If proto is not specified, it defaults to "tcp".
+func normalizePortProto(proto string) unique.Handle[IPProtocol] {
+	if proto == "" {
+		return unique.Make(TCP)
+	}
+
+	proto = strings.ToLower(proto)
+
+	return unique.Make(IPProtocol(proto))
+}
diff --git a/vendor/github.com/moby/moby/api/types/network/service_info.go b/vendor/github.com/moby/moby/api/types/network/service_info.go
new file mode 100644
index 0000000000..fdd92f1611
--- /dev/null
+++ b/vendor/github.com/moby/moby/api/types/network/service_info.go
@@ -0,0 +1,28 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package network
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"net/netip"
+)
+
+// ServiceInfo represents service parameters with the list of service's tasks
+//
+// swagger:model ServiceInfo
+type ServiceInfo struct {
+
+	// v IP
+	VIP netip.Addr `json:"VIP"`
+
+	// ports
+	Ports []string `json:"Ports"`
+
+	// local l b index
+	LocalLBIndex int `json:"LocalLBIndex"`
+
+	// tasks
+	Tasks []Task `json:"Tasks"`
+}
diff --git a/vendor/github.com/moby/moby/api/types/network/status.go b/vendor/github.com/moby/moby/api/types/network/status.go
new file mode 100644
index 0000000000..94f4b4b2ec
--- /dev/null
+++ b/vendor/github.com/moby/moby/api/types/network/status.go
@@ -0,0 +1,15 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package network
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+// Status provides runtime information about the network such as the number of allocated IPs.
+//
+// swagger:model Status
+type Status struct {
+
+	// IPAM
+	IPAM IPAMStatus `json:"IPAM"`
+}
diff --git a/vendor/github.com/moby/moby/api/types/network/subnet_status.go b/vendor/github.com/moby/moby/api/types/network/subnet_status.go
new file mode 100644
index 0000000000..dd62429f5f
--- /dev/null
+++ b/vendor/github.com/moby/moby/api/types/network/subnet_status.go
@@ -0,0 +1,20 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package network
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+// SubnetStatus subnet status
+//
+// swagger:model SubnetStatus
+type SubnetStatus struct {
+
+	// Number of IP addresses in the subnet that are in use or reserved and are therefore unavailable for allocation, saturating at 2<sup>64</sup> - 1.
+	//
+	IPsInUse uint64 `json:"IPsInUse"`
+
+	// Number of IP addresses within the network's IPRange for the subnet that are available for allocation, saturating at 2<sup>64</sup> - 1.
+	//
+	DynamicIPsAvailable uint64 `json:"DynamicIPsAvailable"`
+}
diff --git a/vendor/github.com/moby/moby/api/types/network/summary.go b/vendor/github.com/moby/moby/api/types/network/summary.go
new file mode 100644
index 0000000000..3f50ce2278
--- /dev/null
+++ b/vendor/github.com/moby/moby/api/types/network/summary.go
@@ -0,0 +1,13 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package network
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+// Summary Network list response item
+//
+// swagger:model Summary
+type Summary struct {
+	Network
+}
diff --git a/vendor/github.com/moby/moby/api/types/network/task.go b/vendor/github.com/moby/moby/api/types/network/task.go
new file mode 100644
index 0000000000..a547523a44
--- /dev/null
+++ b/vendor/github.com/moby/moby/api/types/network/task.go
@@ -0,0 +1,28 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package network
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"net/netip"
+)
+
+// Task carries the information about one backend task
+//
+// swagger:model Task
+type Task struct {
+
+	// name
+	Name string `json:"Name"`
+
+	// endpoint ID
+	EndpointID string `json:"EndpointID"`
+
+	// endpoint IP
+	EndpointIP netip.Addr `json:"EndpointIP"`
+
+	// info
+	Info map[string]string `json:"Info"`
+}
diff --git a/vendor/github.com/moby/moby/api/types/plugin/.gitignore b/vendor/github.com/moby/moby/api/types/plugin/.gitignore
new file mode 100644
index 0000000000..5cea8434d7
--- /dev/null
+++ b/vendor/github.com/moby/moby/api/types/plugin/.gitignore
@@ -0,0 +1 @@
+testdata/rapid/**
diff --git a/vendor/github.com/moby/moby/api/types/plugin/capability.go b/vendor/github.com/moby/moby/api/types/plugin/capability.go
new file mode 100644
index 0000000000..d53f77a1f1
--- /dev/null
+++ b/vendor/github.com/moby/moby/api/types/plugin/capability.go
@@ -0,0 +1,55 @@
+package plugin
+
+import (
+	"bytes"
+	"encoding"
+	"fmt"
+	"strings"
+)
+
+type CapabilityID struct {
+	Capability string
+	Prefix     string
+	Version    string
+}
+
+var (
+	_ fmt.Stringer             = CapabilityID{}
+	_ encoding.TextUnmarshaler = (*CapabilityID)(nil)
+	_ encoding.TextMarshaler   = CapabilityID{}
+)
+
+// String implements [fmt.Stringer] for CapabilityID
+func (t CapabilityID) String() string {
+	return fmt.Sprintf("%s.%s/%s", t.Prefix, t.Capability, t.Version)
+}
+
+// UnmarshalText implements [encoding.TextUnmarshaler] for CapabilityID
+func (t *CapabilityID) UnmarshalText(p []byte) error {
+	fqcap, version, _ := bytes.Cut(p, []byte{'/'})
+	idx := bytes.LastIndexByte(fqcap, '.')
+	if idx < 0 {
+		t.Prefix = ""
+		t.Capability = string(fqcap)
+	} else {
+		t.Prefix = string(fqcap[:idx])
+		t.Capability = string(fqcap[idx+1:])
+	}
+	t.Version = string(version)
+	return nil
+}
+
+// MarshalText implements [encoding.TextMarshaler] for CapabilityID
+func (t CapabilityID) MarshalText() ([]byte, error) {
+	// Assert that the value can be round-tripped successfully.
+	if strings.Contains(t.Capability, ".") {
+		return nil, fmt.Errorf("capability %q cannot contain a dot", t.Capability)
+	}
+	if strings.Contains(t.Prefix, "/") {
+		return nil, fmt.Errorf("prefix %q cannot contain a slash", t.Prefix)
+	}
+	if strings.Contains(t.Capability, "/") {
+		return nil, fmt.Errorf("capability %q cannot contain a slash", t.Capability)
+	}
+	return []byte(t.String()), nil
+}
diff --git a/vendor/github.com/docker/docker/api/types/plugin_device.go b/vendor/github.com/moby/moby/api/types/plugin/device.go
similarity index 72%
rename from vendor/github.com/docker/docker/api/types/plugin_device.go
rename to vendor/github.com/moby/moby/api/types/plugin/device.go
index 5699010675..ae96177047 100644
--- a/vendor/github.com/docker/docker/api/types/plugin_device.go
+++ b/vendor/github.com/moby/moby/api/types/plugin/device.go
@@ -1,11 +1,14 @@
-package types
+// Code generated by go-swagger; DO NOT EDIT.
+
+package plugin
 
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
 
-// PluginDevice plugin device
-// swagger:model PluginDevice
-type PluginDevice struct {
+// Device device
+//
+// swagger:model Device
+type Device struct {
 
 	// description
 	// Required: true
@@ -16,6 +19,7 @@ type PluginDevice struct {
 	Name string `json:"Name"`
 
 	// path
+	// Example: /dev/fuse
 	// Required: true
 	Path *string `json:"Path"`
 
diff --git a/vendor/github.com/docker/docker/api/types/plugin_env.go b/vendor/github.com/moby/moby/api/types/plugin/env.go
similarity index 77%
rename from vendor/github.com/docker/docker/api/types/plugin_env.go
rename to vendor/github.com/moby/moby/api/types/plugin/env.go
index 32962dc2eb..dcbe0b762d 100644
--- a/vendor/github.com/docker/docker/api/types/plugin_env.go
+++ b/vendor/github.com/moby/moby/api/types/plugin/env.go
@@ -1,11 +1,14 @@
-package types
+// Code generated by go-swagger; DO NOT EDIT.
+
+package plugin
 
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
 
-// PluginEnv plugin env
-// swagger:model PluginEnv
-type PluginEnv struct {
+// Env env
+//
+// swagger:model Env
+type Env struct {
 
 	// description
 	// Required: true
diff --git a/vendor/github.com/docker/docker/api/types/plugin_mount.go b/vendor/github.com/moby/moby/api/types/plugin/mount.go
similarity index 65%
rename from vendor/github.com/docker/docker/api/types/plugin_mount.go
rename to vendor/github.com/moby/moby/api/types/plugin/mount.go
index 5c031cf8b5..7970306cc8 100644
--- a/vendor/github.com/docker/docker/api/types/plugin_mount.go
+++ b/vendor/github.com/moby/moby/api/types/plugin/mount.go
@@ -1,25 +1,32 @@
-package types
+// Code generated by go-swagger; DO NOT EDIT.
+
+package plugin
 
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
 
-// PluginMount plugin mount
-// swagger:model PluginMount
-type PluginMount struct {
+// Mount mount
+//
+// swagger:model Mount
+type Mount struct {
 
 	// description
+	// Example: This is a mount that's used by the plugin.
 	// Required: true
 	Description string `json:"Description"`
 
 	// destination
+	// Example: /mnt/state
 	// Required: true
 	Destination string `json:"Destination"`
 
 	// name
+	// Example: some-mount
 	// Required: true
 	Name string `json:"Name"`
 
 	// options
+	// Example: ["rbind","rw"]
 	// Required: true
 	Options []string `json:"Options"`
 
@@ -28,10 +35,12 @@ type PluginMount struct {
 	Settable []string `json:"Settable"`
 
 	// source
+	// Example: /var/lib/docker/plugins/
 	// Required: true
 	Source *string `json:"Source"`
 
 	// type
+	// Example: bind
 	// Required: true
 	Type string `json:"Type"`
 }
diff --git a/vendor/github.com/docker/docker/api/types/plugin.go b/vendor/github.com/moby/moby/api/types/plugin/plugin.go
similarity index 52%
rename from vendor/github.com/docker/docker/api/types/plugin.go
rename to vendor/github.com/moby/moby/api/types/plugin/plugin.go
index a9eff28a04..3305170d5e 100644
--- a/vendor/github.com/docker/docker/api/types/plugin.go
+++ b/vendor/github.com/moby/moby/api/types/plugin/plugin.go
@@ -1,114 +1,126 @@
-package types
+// Code generated by go-swagger; DO NOT EDIT.
+
+package plugin
 
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
 
 // Plugin A plugin for the Engine API
+//
 // swagger:model Plugin
 type Plugin struct {
 
 	// config
 	// Required: true
-	Config PluginConfig `json:"Config"`
+	Config Config `json:"Config"`
 
 	// True if the plugin is running. False if the plugin is not running, only installed.
+	// Example: true
 	// Required: true
 	Enabled bool `json:"Enabled"`
 
 	// Id
+	// Example: 5724e2c8652da337ab2eedd19fc6fc0ec908e4bd907c7421bf6a8dfc70c4c078
 	ID string `json:"Id,omitempty"`
 
 	// name
+	// Example: tiborvass/sample-volume-plugin
 	// Required: true
 	Name string `json:"Name"`
 
 	// plugin remote reference used to push/pull the plugin
+	// Example: localhost:5000/tiborvass/sample-volume-plugin:latest
 	PluginReference string `json:"PluginReference,omitempty"`
 
 	// settings
 	// Required: true
-	Settings PluginSettings `json:"Settings"`
+	Settings Settings `json:"Settings"`
 }
 
-// PluginConfig The config of a plugin.
-// swagger:model PluginConfig
-type PluginConfig struct {
+// Config The config of a plugin.
+//
+// swagger:model Config
+type Config struct {
 
 	// args
 	// Required: true
-	Args PluginConfigArgs `json:"Args"`
+	Args Args `json:"Args"`
 
 	// description
+	// Example: A sample volume plugin for Docker
 	// Required: true
 	Description string `json:"Description"`
 
-	// Docker Version used to create the plugin.
-	//
-	// Depending on how the plugin was created, this field may be empty or omitted.
-	//
-	// Deprecated: this field is no longer set, and will be removed in the next API version.
-	DockerVersion string `json:"DockerVersion,omitempty"`
-
 	// documentation
+	// Example: https://docs.docker.com/engine/extend/plugins/
 	// Required: true
 	Documentation string `json:"Documentation"`
 
 	// entrypoint
+	// Example: ["/usr/bin/sample-volume-plugin","/data"]
 	// Required: true
 	Entrypoint []string `json:"Entrypoint"`
 
 	// env
+	// Example: [{"Description":"If set, prints debug messages","Name":"DEBUG","Settable":null,"Value":"0"}]
 	// Required: true
-	Env []PluginEnv `json:"Env"`
+	Env []Env `json:"Env"`
 
 	// interface
 	// Required: true
-	Interface PluginConfigInterface `json:"Interface"`
+	Interface Interface `json:"Interface"`
 
 	// ipc host
+	// Example: false
 	// Required: true
 	IpcHost bool `json:"IpcHost"`
 
 	// linux
 	// Required: true
-	Linux PluginConfigLinux `json:"Linux"`
+	Linux LinuxConfig `json:"Linux"`
 
 	// mounts
 	// Required: true
-	Mounts []PluginMount `json:"Mounts"`
+	Mounts []Mount `json:"Mounts"`
 
 	// network
 	// Required: true
-	Network PluginConfigNetwork `json:"Network"`
+	Network NetworkConfig `json:"Network"`
 
 	// pid host
+	// Example: false
 	// Required: true
 	PidHost bool `json:"PidHost"`
 
 	// propagated mount
+	// Example: /mnt/volumes
 	// Required: true
 	PropagatedMount string `json:"PropagatedMount"`
 
 	// user
-	User PluginConfigUser `json:"User,omitempty"`
+	User User `json:"User,omitempty"`
 
 	// work dir
+	// Example: /bin/
 	// Required: true
 	WorkDir string `json:"WorkDir"`
 
 	// rootfs
-	Rootfs *PluginConfigRootfs `json:"rootfs,omitempty"`
+	Rootfs *RootFS `json:"rootfs,omitempty"`
 }
 
-// PluginConfigArgs plugin config args
-// swagger:model PluginConfigArgs
-type PluginConfigArgs struct {
+// Args args
+//
+// swagger:model Args
+type Args struct {
 
 	// description
+	// Example: command line arguments
 	// Required: true
 	Description string `json:"Description"`
 
 	// name
+	// Example: args
 	// Required: true
 	Name string `json:"Name"`
 
@@ -121,73 +133,90 @@ type PluginConfigArgs struct {
 	Value []string `json:"Value"`
 }
 
-// PluginConfigInterface The interface between Docker and the plugin
-// swagger:model PluginConfigInterface
-type PluginConfigInterface struct {
+// Interface The interface between Docker and the plugin
+//
+// swagger:model Interface
+type Interface struct {
 
 	// Protocol to use for clients connecting to the plugin.
+	// Example: some.protocol/v1.0
+	// Enum: ["","moby.plugins.http/v1"]
 	ProtocolScheme string `json:"ProtocolScheme,omitempty"`
 
 	// socket
+	// Example: plugins.sock
 	// Required: true
 	Socket string `json:"Socket"`
 
 	// types
+	// Example: ["docker.volumedriver/1.0"]
 	// Required: true
-	Types []PluginInterfaceType `json:"Types"`
+	Types []CapabilityID `json:"Types"`
 }
 
-// PluginConfigLinux plugin config linux
-// swagger:model PluginConfigLinux
-type PluginConfigLinux struct {
+// LinuxConfig linux config
+//
+// swagger:model LinuxConfig
+type LinuxConfig struct {
 
 	// allow all devices
+	// Example: false
 	// Required: true
 	AllowAllDevices bool `json:"AllowAllDevices"`
 
 	// capabilities
+	// Example: ["CAP_SYS_ADMIN","CAP_SYSLOG"]
 	// Required: true
 	Capabilities []string `json:"Capabilities"`
 
 	// devices
 	// Required: true
-	Devices []PluginDevice `json:"Devices"`
+	Devices []Device `json:"Devices"`
 }
 
-// PluginConfigNetwork plugin config network
-// swagger:model PluginConfigNetwork
-type PluginConfigNetwork struct {
+// NetworkConfig network config
+//
+// swagger:model NetworkConfig
+type NetworkConfig struct {
 
 	// type
+	// Example: host
 	// Required: true
 	Type string `json:"Type"`
 }
 
-// PluginConfigRootfs plugin config rootfs
-// swagger:model PluginConfigRootfs
-type PluginConfigRootfs struct {
+// RootFS root f s
+//
+// swagger:model RootFS
+type RootFS struct {
 
 	// diff ids
+	// Example: ["sha256:675532206fbf3030b8458f88d6e26d4eb1577688a25efec97154c94e8b6b4887","sha256:e216a057b1cb1efc11f8a268f37ef62083e70b1b38323ba252e25ac88904a7e8"]
 	DiffIds []string `json:"diff_ids"`
 
 	// type
+	// Example: layers
 	Type string `json:"type,omitempty"`
 }
 
-// PluginConfigUser plugin config user
-// swagger:model PluginConfigUser
-type PluginConfigUser struct {
+// User user
+//
+// swagger:model User
+type User struct {
 
 	// g ID
+	// Example: 1000
 	GID uint32 `json:"GID,omitempty"`
 
 	// UID
+	// Example: 1000
 	UID uint32 `json:"UID,omitempty"`
 }
 
-// PluginSettings Settings that can be modified by users.
-// swagger:model PluginSettings
-type PluginSettings struct {
+// Settings user-configurable settings for the plugin.
+//
+// swagger:model Settings
+type Settings struct {
 
 	// args
 	// Required: true
@@ -195,13 +224,14 @@ type PluginSettings struct {
 
 	// devices
 	// Required: true
-	Devices []PluginDevice `json:"Devices"`
+	Devices []Device `json:"Devices"`
 
 	// env
+	// Example: ["DEBUG=0"]
 	// Required: true
 	Env []string `json:"Env"`
 
 	// mounts
 	// Required: true
-	Mounts []PluginMount `json:"Mounts"`
+	Mounts []Mount `json:"Mounts"`
 }
diff --git a/vendor/github.com/moby/moby/api/types/plugin/plugin_responses.go b/vendor/github.com/moby/moby/api/types/plugin/plugin_responses.go
new file mode 100644
index 0000000000..91b327eb47
--- /dev/null
+++ b/vendor/github.com/moby/moby/api/types/plugin/plugin_responses.go
@@ -0,0 +1,33 @@
+package plugin
+
+import (
+	"sort"
+)
+
+// ListResponse contains the response for the Engine API
+type ListResponse []Plugin
+
+// Privilege describes a permission the user has to accept
+// upon installing a plugin.
+type Privilege struct {
+	Name        string
+	Description string
+	Value       []string
+}
+
+// Privileges is a list of Privilege
+type Privileges []Privilege
+
+func (s Privileges) Len() int {
+	return len(s)
+}
+
+func (s Privileges) Less(i, j int) bool {
+	return s[i].Name < s[j].Name
+}
+
+func (s Privileges) Swap(i, j int) {
+	sort.Strings(s[i].Value)
+	sort.Strings(s[j].Value)
+	s[i], s[j] = s[j], s[i]
+}
diff --git a/vendor/github.com/moby/moby/api/types/registry/auth_response.go b/vendor/github.com/moby/moby/api/types/registry/auth_response.go
new file mode 100644
index 0000000000..94c2e1bb36
--- /dev/null
+++ b/vendor/github.com/moby/moby/api/types/registry/auth_response.go
@@ -0,0 +1,21 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package registry
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+// AuthResponse An identity token was generated successfully.
+//
+// swagger:model AuthResponse
+type AuthResponse struct {
+
+	// An opaque token used to authenticate a user after a successful login
+	// Example: 9cbaf023786cd7...
+	IdentityToken string `json:"IdentityToken,omitempty"`
+
+	// The status of the authentication
+	// Example: Login Succeeded
+	// Required: true
+	Status string `json:"Status"`
+}
diff --git a/vendor/github.com/moby/moby/api/types/registry/authconfig.go b/vendor/github.com/moby/moby/api/types/registry/authconfig.go
new file mode 100644
index 0000000000..b612feebaa
--- /dev/null
+++ b/vendor/github.com/moby/moby/api/types/registry/authconfig.go
@@ -0,0 +1,35 @@
+package registry
+
+import "context"
+
+// AuthHeader is the name of the header used to send encoded registry
+// authorization credentials for registry operations (push/pull).
+const AuthHeader = "X-Registry-Auth"
+
+// RequestAuthConfig is a function interface that clients can supply
+// to retry operations after getting an authorization error.
+//
+// The function must return the [AuthHeader] value ([AuthConfig]), encoded
+// in base64url format ([RFC4648, section 5]), which can be decoded by
+// [DecodeAuthConfig].
+//
+// It must return an error if the privilege request fails.
+//
+// [RFC4648, section 5]: https://tools.ietf.org/html/rfc4648#section-5
+type RequestAuthConfig func(context.Context) (string, error)
+
+// AuthConfig contains authorization information for connecting to a Registry.
+type AuthConfig struct {
+	Username string `json:"username,omitempty"`
+	Password string `json:"password,omitempty"`
+	Auth     string `json:"auth,omitempty"`
+
+	ServerAddress string `json:"serveraddress,omitempty"`
+
+	// IdentityToken is used to authenticate the user and get
+	// an access token for the registry.
+	IdentityToken string `json:"identitytoken,omitempty"`
+
+	// RegistryToken is a bearer token to be sent to a registry
+	RegistryToken string `json:"registrytoken,omitempty"`
+}
diff --git a/vendor/github.com/moby/moby/api/types/registry/registry.go b/vendor/github.com/moby/moby/api/types/registry/registry.go
new file mode 100644
index 0000000000..7361228d66
--- /dev/null
+++ b/vendor/github.com/moby/moby/api/types/registry/registry.go
@@ -0,0 +1,67 @@
+package registry
+
+import (
+	"net/netip"
+
+	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
+)
+
+// ServiceConfig stores daemon registry services configuration.
+type ServiceConfig struct {
+	InsecureRegistryCIDRs []netip.Prefix        `json:"InsecureRegistryCIDRs"`
+	IndexConfigs          map[string]*IndexInfo `json:"IndexConfigs"`
+	Mirrors               []string
+}
+
+// IndexInfo contains information about a registry
+//
+// RepositoryInfo Examples:
+//
+//	{
+//	  "Index" : {
+//	    "Name" : "docker.io",
+//	    "Mirrors" : ["https://registry-2.docker.io/v1/", "https://registry-3.docker.io/v1/"],
+//	    "Secure" : true,
+//	    "Official" : true,
+//	  },
+//	  "RemoteName" : "library/debian",
+//	  "LocalName" : "debian",
+//	  "CanonicalName" : "docker.io/debian"
+//	  "Official" : true,
+//	}
+//
+//	{
+//	  "Index" : {
+//	    "Name" : "127.0.0.1:5000",
+//	    "Mirrors" : [],
+//	    "Secure" : false,
+//	    "Official" : false,
+//	  },
+//	  "RemoteName" : "user/repo",
+//	  "LocalName" : "127.0.0.1:5000/user/repo",
+//	  "CanonicalName" : "127.0.0.1:5000/user/repo",
+//	  "Official" : false,
+//	}
+type IndexInfo struct {
+	// Name is the name of the registry, such as "docker.io"
+	Name string
+	// Mirrors is a list of mirrors, expressed as URIs
+	Mirrors []string
+	// Secure is set to false if the registry is part of the list of
+	// insecure registries. Insecure registries accept HTTP and/or accept
+	// HTTPS with certificates from unknown CAs.
+	Secure bool
+	// Official indicates whether this is an official registry
+	Official bool
+}
+
+// DistributionInspect describes the result obtained from contacting the
+// registry to retrieve image metadata
+type DistributionInspect struct {
+	// Descriptor contains information about the manifest, including
+	// the content addressable digest
+	Descriptor ocispec.Descriptor
+	// Platforms contains the list of platforms supported by the image,
+	// obtained by parsing the manifest
+	Platforms []ocispec.Platform
+}
diff --git a/vendor/github.com/docker/docker/api/types/registry/search.go b/vendor/github.com/moby/moby/api/types/registry/search.go
similarity index 63%
rename from vendor/github.com/docker/docker/api/types/registry/search.go
rename to vendor/github.com/moby/moby/api/types/registry/search.go
index 994ca4c6f9..bd79462f60 100644
--- a/vendor/github.com/docker/docker/api/types/registry/search.go
+++ b/vendor/github.com/moby/moby/api/types/registry/search.go
@@ -1,26 +1,5 @@
 package registry
 
-import (
-	"context"
-
-	"github.com/docker/docker/api/types/filters"
-)
-
-// SearchOptions holds parameters to search images with.
-type SearchOptions struct {
-	RegistryAuth string
-
-	// PrivilegeFunc is a function that clients can supply to retry operations
-	// after getting an authorization error. This function returns the registry
-	// authentication header value in base64 encoded format, or an error if the
-	// privilege request fails.
-	//
-	// For details, refer to [github.com/docker/docker/api/types/registry.RequestAuthConfig].
-	PrivilegeFunc func(context.Context) (string, error)
-	Filters       filters.Args
-	Limit         int
-}
-
 // SearchResult describes a search result returned from a registry
 type SearchResult struct {
 	// StarCount indicates the number of stars this repository has
diff --git a/vendor/github.com/docker/docker/api/types/storage/driver_data.go b/vendor/github.com/moby/moby/api/types/storage/driver_data.go
similarity index 61%
rename from vendor/github.com/docker/docker/api/types/storage/driver_data.go
rename to vendor/github.com/moby/moby/api/types/storage/driver_data.go
index 009e213095..65d5b4c20e 100644
--- a/vendor/github.com/docker/docker/api/types/storage/driver_data.go
+++ b/vendor/github.com/moby/moby/api/types/storage/driver_data.go
@@ -1,3 +1,5 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
 package storage
 
 // This file was generated by the swagger tool.
@@ -14,10 +16,12 @@ type DriverData struct {
 	// This information is driver-specific, and depends on the storage-driver
 	// in use, and should be used for informational purposes only.
 	//
+	// Example: {"MergedDir":"/var/lib/docker/overlay2/ef749362d13333e65fc95c572eb525abbe0052e16e086cb64bc3b98ae9aa6d74/merged","UpperDir":"/var/lib/docker/overlay2/ef749362d13333e65fc95c572eb525abbe0052e16e086cb64bc3b98ae9aa6d74/diff","WorkDir":"/var/lib/docker/overlay2/ef749362d13333e65fc95c572eb525abbe0052e16e086cb64bc3b98ae9aa6d74/work"}
 	// Required: true
 	Data map[string]string `json:"Data"`
 
 	// Name of the storage driver.
+	// Example: overlay2
 	// Required: true
 	Name string `json:"Name"`
 }
diff --git a/vendor/github.com/moby/moby/api/types/storage/root_f_s_storage.go b/vendor/github.com/moby/moby/api/types/storage/root_f_s_storage.go
new file mode 100644
index 0000000000..d82f2b6bcb
--- /dev/null
+++ b/vendor/github.com/moby/moby/api/types/storage/root_f_s_storage.go
@@ -0,0 +1,16 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package storage
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+// RootFSStorage Information about the storage used for the container's root filesystem.
+//
+// swagger:model RootFSStorage
+type RootFSStorage struct {
+
+	// Information about the snapshot used for the container's root filesystem.
+	//
+	Snapshot *RootFSStorageSnapshot `json:"Snapshot,omitempty"`
+}
diff --git a/vendor/github.com/moby/moby/api/types/storage/root_f_s_storage_snapshot.go b/vendor/github.com/moby/moby/api/types/storage/root_f_s_storage_snapshot.go
new file mode 100644
index 0000000000..dd2b82d245
--- /dev/null
+++ b/vendor/github.com/moby/moby/api/types/storage/root_f_s_storage_snapshot.go
@@ -0,0 +1,15 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package storage
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+// RootFSStorageSnapshot Information about a snapshot backend of the container's root filesystem.
+//
+// swagger:model RootFSStorageSnapshot
+type RootFSStorageSnapshot struct {
+
+	// Name of the snapshotter.
+	Name string `json:"Name,omitempty"`
+}
diff --git a/vendor/github.com/moby/moby/api/types/storage/storage.go b/vendor/github.com/moby/moby/api/types/storage/storage.go
new file mode 100644
index 0000000000..77843db970
--- /dev/null
+++ b/vendor/github.com/moby/moby/api/types/storage/storage.go
@@ -0,0 +1,16 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package storage
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+// Storage Information about the storage used by the container.
+//
+// swagger:model Storage
+type Storage struct {
+
+	// Information about the storage used for the container's root filesystem.
+	//
+	RootFS *RootFSStorage `json:"RootFS,omitempty"`
+}
diff --git a/vendor/github.com/docker/docker/api/types/swarm/common.go b/vendor/github.com/moby/moby/api/types/swarm/common.go
similarity index 100%
rename from vendor/github.com/docker/docker/api/types/swarm/common.go
rename to vendor/github.com/moby/moby/api/types/swarm/common.go
diff --git a/vendor/github.com/docker/docker/api/types/swarm/config.go b/vendor/github.com/moby/moby/api/types/swarm/config.go
similarity index 90%
rename from vendor/github.com/docker/docker/api/types/swarm/config.go
rename to vendor/github.com/moby/moby/api/types/swarm/config.go
index 80a6ffdb9a..b029f2af85 100644
--- a/vendor/github.com/docker/docker/api/types/swarm/config.go
+++ b/vendor/github.com/moby/moby/api/types/swarm/config.go
@@ -2,8 +2,6 @@ package swarm
 
 import (
 	"os"
-
-	"github.com/docker/docker/api/types/filters"
 )
 
 // Config represents a config.
@@ -55,8 +53,3 @@ type ConfigCreateResponse struct {
 	// ID is the id of the created config.
 	ID string
 }
-
-// ConfigListOptions holds parameters to list configs
-type ConfigListOptions struct {
-	Filters filters.Args
-}
diff --git a/vendor/github.com/docker/docker/api/types/swarm/container.go b/vendor/github.com/moby/moby/api/types/swarm/container.go
similarity index 96%
rename from vendor/github.com/docker/docker/api/types/swarm/container.go
rename to vendor/github.com/moby/moby/api/types/swarm/container.go
index f9416bacca..268565ec8a 100644
--- a/vendor/github.com/docker/docker/api/types/swarm/container.go
+++ b/vendor/github.com/moby/moby/api/types/swarm/container.go
@@ -1,10 +1,11 @@
 package swarm
 
 import (
+	"net/netip"
 	"time"
 
-	"github.com/docker/docker/api/types/container"
-	"github.com/docker/docker/api/types/mount"
+	"github.com/moby/moby/api/types/container"
+	"github.com/moby/moby/api/types/mount"
 )
 
 // DNSConfig specifies DNS related configurations in resolver configuration file (resolv.conf)
@@ -14,7 +15,7 @@ import (
 // TODO: `domain` is not supported yet.
 type DNSConfig struct {
 	// Nameservers specifies the IP addresses of the name servers
-	Nameservers []string `json:",omitempty"`
+	Nameservers []netip.Addr `json:",omitempty"`
 	// Search specifies the search list for host-name lookup
 	Search []string `json:",omitempty"`
 	// Options allows certain internal resolver variables to be modified
diff --git a/vendor/github.com/docker/docker/api/types/swarm/network.go b/vendor/github.com/moby/moby/api/types/swarm/network.go
similarity index 69%
rename from vendor/github.com/docker/docker/api/types/swarm/network.go
rename to vendor/github.com/moby/moby/api/types/swarm/network.go
index 4b88072339..b32c308f69 100644
--- a/vendor/github.com/docker/docker/api/types/swarm/network.go
+++ b/vendor/github.com/moby/moby/api/types/swarm/network.go
@@ -1,7 +1,10 @@
 package swarm
 
 import (
-	"github.com/docker/docker/api/types/network"
+	"cmp"
+	"net/netip"
+
+	"github.com/moby/moby/api/types/network"
 )
 
 // Endpoint represents an endpoint.
@@ -30,7 +33,7 @@ const (
 // PortConfig represents the config of a port.
 type PortConfig struct {
 	Name     string             `json:",omitempty"`
-	Protocol PortConfigProtocol `json:",omitempty"`
+	Protocol network.IPProtocol `json:",omitempty"`
 	// TargetPort is the port inside the container
 	TargetPort uint32 `json:",omitempty"`
 	// PublishedPort is the port on the swarm hosts
@@ -39,6 +42,27 @@ type PortConfig struct {
 	PublishMode PortConfigPublishMode `json:",omitempty"`
 }
 
+// Compare returns the lexical ordering of p and other, and can be used
+// with [slices.SortFunc].
+//
+// The comparison is performed in the following priority order:
+//  1. PublishedPort (host port)
+//  2. TargetPort (container port)
+//  3. Protocol
+//  4. PublishMode
+func (p PortConfig) Compare(other PortConfig) int {
+	if n := cmp.Compare(p.PublishedPort, other.PublishedPort); n != 0 {
+		return n
+	}
+	if n := cmp.Compare(p.TargetPort, other.TargetPort); n != 0 {
+		return n
+	}
+	if n := cmp.Compare(p.Protocol, other.Protocol); n != 0 {
+		return n
+	}
+	return cmp.Compare(p.PublishMode, other.PublishMode)
+}
+
 // PortConfigPublishMode represents the mode in which the port is to
 // be published.
 type PortConfigPublishMode string
@@ -52,24 +76,14 @@ const (
 	PortConfigPublishModeHost PortConfigPublishMode = "host"
 )
 
-// PortConfigProtocol represents the protocol of a port.
-type PortConfigProtocol string
-
-const (
-	// TODO(stevvooe): These should be used generally, not just for PortConfig.
-
-	// PortConfigProtocolTCP TCP
-	PortConfigProtocolTCP PortConfigProtocol = "tcp"
-	// PortConfigProtocolUDP UDP
-	PortConfigProtocolUDP PortConfigProtocol = "udp"
-	// PortConfigProtocolSCTP SCTP
-	PortConfigProtocolSCTP PortConfigProtocol = "sctp"
-)
-
 // EndpointVirtualIP represents the virtual ip of a port.
 type EndpointVirtualIP struct {
 	NetworkID string `json:",omitempty"`
-	Addr      string `json:",omitempty"`
+
+	// Addr is the virtual ip address.
+	// This field accepts CIDR notation, for example `10.0.0.1/24`, to maintain backwards
+	// compatibility, but only the IP address is used.
+	Addr netip.Prefix `json:"Addr,omitzero"`
 }
 
 // Network represents a network.
@@ -103,8 +117,12 @@ type NetworkAttachmentConfig struct {
 
 // NetworkAttachment represents a network attachment.
 type NetworkAttachment struct {
-	Network   Network  `json:",omitempty"`
-	Addresses []string `json:",omitempty"`
+	Network Network `json:",omitempty"`
+
+	// Addresses contains the IP addresses associated with the endpoint in the network.
+	// This field accepts CIDR notation, for example `10.0.0.1/24`, to maintain backwards
+	// compatibility, but only the IP address is used.
+	Addresses []netip.Prefix `json:",omitempty"`
 }
 
 // IPAMOptions represents ipam options.
@@ -115,7 +133,7 @@ type IPAMOptions struct {
 
 // IPAMConfig represents ipam configuration.
 type IPAMConfig struct {
-	Subnet  string `json:",omitempty"`
-	Range   string `json:",omitempty"`
-	Gateway string `json:",omitempty"`
+	Subnet  netip.Prefix `json:"Subnet,omitzero"`
+	Range   netip.Prefix `json:"Range,omitzero"`
+	Gateway netip.Addr   `json:"Gateway,omitzero"`
 }
diff --git a/vendor/github.com/docker/docker/api/types/swarm/node.go b/vendor/github.com/moby/moby/api/types/swarm/node.go
similarity index 92%
rename from vendor/github.com/docker/docker/api/types/swarm/node.go
rename to vendor/github.com/moby/moby/api/types/swarm/node.go
index 2018a031bb..9523799b67 100644
--- a/vendor/github.com/docker/docker/api/types/swarm/node.go
+++ b/vendor/github.com/moby/moby/api/types/swarm/node.go
@@ -1,7 +1,5 @@
 package swarm
 
-import "github.com/docker/docker/api/types/filters"
-
 // Node represents a node.
 type Node struct {
 	ID string
@@ -133,19 +131,9 @@ const (
 )
 
 // Topology defines the CSI topology of this node. This type is a duplicate of
-// github.com/docker/docker/api/types.Topology. Because the type definition
+// [github.com/moby/moby/api/types/volume.Topology]. Because the type definition
 // is so simple and to avoid complicated structure or circular imports, we just
 // duplicate it here. See that type for full documentation
 type Topology struct {
 	Segments map[string]string `json:",omitempty"`
 }
-
-// NodeListOptions holds parameters to list nodes with.
-type NodeListOptions struct {
-	Filters filters.Args
-}
-
-// NodeRemoveOptions holds parameters to remove nodes with.
-type NodeRemoveOptions struct {
-	Force bool
-}
diff --git a/vendor/github.com/docker/docker/api/types/swarm/runtime.go b/vendor/github.com/moby/moby/api/types/swarm/runtime.go
similarity index 68%
rename from vendor/github.com/docker/docker/api/types/swarm/runtime.go
rename to vendor/github.com/moby/moby/api/types/swarm/runtime.go
index 3fda4ca65d..23ea712c47 100644
--- a/vendor/github.com/docker/docker/api/types/swarm/runtime.go
+++ b/vendor/github.com/moby/moby/api/types/swarm/runtime.go
@@ -1,7 +1,5 @@
 package swarm
 
-import "github.com/docker/docker/api/types/swarm/runtime"
-
 // RuntimeType is the type of runtime used for the TaskSpec
 type RuntimeType string
 
@@ -30,8 +28,18 @@ type NetworkAttachmentSpec struct {
 
 // RuntimeSpec defines the base payload which clients can specify for creating
 // a service with the plugin runtime.
-type RuntimeSpec = runtime.PluginSpec
+type RuntimeSpec struct {
+	Name       string              `json:"name,omitempty"`
+	Remote     string              `json:"remote,omitempty"`
+	Privileges []*RuntimePrivilege `json:"privileges,omitempty"`
+	Disabled   bool                `json:"disabled,omitempty"`
+	Env        []string            `json:"env,omitempty"`
+}
 
 // RuntimePrivilege describes a permission the user has to accept
 // upon installing a plugin.
-type RuntimePrivilege = runtime.PluginPrivilege
+type RuntimePrivilege struct {
+	Name        string   `json:"name,omitempty"`
+	Description string   `json:"description,omitempty"`
+	Value       []string `json:"value,omitempty"`
+}
diff --git a/vendor/github.com/docker/docker/api/types/swarm/secret.go b/vendor/github.com/moby/moby/api/types/swarm/secret.go
similarity index 87%
rename from vendor/github.com/docker/docker/api/types/swarm/secret.go
rename to vendor/github.com/moby/moby/api/types/swarm/secret.go
index d9482ab56d..0e27ed9b07 100644
--- a/vendor/github.com/docker/docker/api/types/swarm/secret.go
+++ b/vendor/github.com/moby/moby/api/types/swarm/secret.go
@@ -2,8 +2,6 @@ package swarm
 
 import (
 	"os"
-
-	"github.com/docker/docker/api/types/filters"
 )
 
 // Secret represents a secret.
@@ -25,7 +23,7 @@ type SecretSpec struct {
 	// This field is only used to create the secret, and is not returned
 	// by other endpoints.
 	//
-	// [MaxSecretSize]: https://pkg.go.dev/github.com/moby/swarmkit/v2@v2.0.0-20250103191802-8c1959736554/api/validation#MaxSecretSize
+	// [MaxSecretSize]: https://pkg.go.dev/github.com/moby/swarmkit/v2@v2.0.0/api/validation#MaxSecretSize
 	Data []byte `json:",omitempty"`
 
 	// Driver is the name of the secrets driver used to fetch the secret's
@@ -59,8 +57,3 @@ type SecretCreateResponse struct {
 	// ID is the id of the created secret.
 	ID string
 }
-
-// SecretListOptions holds parameters to list secrets
-type SecretListOptions struct {
-	Filters filters.Args
-}
diff --git a/vendor/github.com/docker/docker/api/types/swarm/service.go b/vendor/github.com/moby/moby/api/types/swarm/service.go
similarity index 71%
rename from vendor/github.com/docker/docker/api/types/swarm/service.go
rename to vendor/github.com/moby/moby/api/types/swarm/service.go
index 56c660c1f0..0b678dea33 100644
--- a/vendor/github.com/docker/docker/api/types/swarm/service.go
+++ b/vendor/github.com/moby/moby/api/types/swarm/service.go
@@ -2,8 +2,6 @@ package swarm
 
 import (
 	"time"
-
-	"github.com/docker/docker/api/types/filters"
 )
 
 // Service represents a service.
@@ -37,12 +35,7 @@ type ServiceSpec struct {
 	Mode           ServiceMode   `json:",omitempty"`
 	UpdateConfig   *UpdateConfig `json:",omitempty"`
 	RollbackConfig *UpdateConfig `json:",omitempty"`
-
-	// Networks specifies which networks the service should attach to.
-	//
-	// Deprecated: This field is deprecated since v1.44. The Networks field in TaskSpec should be used instead.
-	Networks     []NetworkAttachmentConfig `json:",omitempty"`
-	EndpointSpec *EndpointSpec             `json:",omitempty"`
+	EndpointSpec   *EndpointSpec `json:",omitempty"`
 }
 
 // ServiceMode represents the mode of a service.
@@ -113,18 +106,27 @@ type ReplicatedJob struct {
 // This type is deliberately empty.
 type GlobalJob struct{}
 
+// FailureAction is the action to perform when updating a service fails.
+type FailureAction string
+
 const (
 	// UpdateFailureActionPause PAUSE
-	UpdateFailureActionPause = "pause"
+	UpdateFailureActionPause FailureAction = "pause"
 	// UpdateFailureActionContinue CONTINUE
-	UpdateFailureActionContinue = "continue"
+	UpdateFailureActionContinue FailureAction = "continue"
 	// UpdateFailureActionRollback ROLLBACK
-	UpdateFailureActionRollback = "rollback"
+	UpdateFailureActionRollback FailureAction = "rollback"
+)
 
+// UpdateOrder is the order of operations when rolling out or rolling back
+// an updated tasks for a service.
+type UpdateOrder string
+
+const (
 	// UpdateOrderStopFirst STOP_FIRST
-	UpdateOrderStopFirst = "stop-first"
+	UpdateOrderStopFirst UpdateOrder = "stop-first"
 	// UpdateOrderStartFirst START_FIRST
-	UpdateOrderStartFirst = "start-first"
+	UpdateOrderStartFirst UpdateOrder = "start-first"
 )
 
 // UpdateConfig represents the update configuration.
@@ -137,7 +139,7 @@ type UpdateConfig struct {
 	Delay time.Duration `json:",omitempty"`
 
 	// FailureAction is the action to take when an update failures.
-	FailureAction string `json:",omitempty"`
+	FailureAction FailureAction `json:",omitempty"`
 
 	// Monitor indicates how long to monitor a task for failure after it is
 	// created. If the task fails by ending up in one of the states
@@ -163,7 +165,7 @@ type UpdateConfig struct {
 	// Order indicates the order of operations when rolling out an updated
 	// task. Either the old task is shut down before the new task is
 	// started, or the new task is started before the old task is shut down.
-	Order string
+	Order UpdateOrder
 }
 
 // ServiceStatus represents the number of running tasks in a service and the
@@ -205,68 +207,12 @@ type JobStatus struct {
 	LastExecution time.Time `json:",omitempty"`
 }
 
-// ServiceCreateOptions contains the options to use when creating a service.
-type ServiceCreateOptions struct {
-	// EncodedRegistryAuth is the encoded registry authorization credentials to
-	// use when updating the service.
-	//
-	// This field follows the format of the X-Registry-Auth header.
-	EncodedRegistryAuth string
-
-	// QueryRegistry indicates whether the service update requires
-	// contacting a registry. A registry may be contacted to retrieve
-	// the image digest and manifest, which in turn can be used to update
-	// platform or other information about the service.
-	QueryRegistry bool
-}
+// RegistryAuthSource defines options for the "registryAuthFrom" query parameter
+// on service update.
+type RegistryAuthSource string
 
 // Values for RegistryAuthFrom in ServiceUpdateOptions
 const (
-	RegistryAuthFromSpec         = "spec"
-	RegistryAuthFromPreviousSpec = "previous-spec"
+	RegistryAuthFromSpec         RegistryAuthSource = "spec"
+	RegistryAuthFromPreviousSpec RegistryAuthSource = "previous-spec"
 )
-
-// ServiceUpdateOptions contains the options to be used for updating services.
-type ServiceUpdateOptions struct {
-	// EncodedRegistryAuth is the encoded registry authorization credentials to
-	// use when updating the service.
-	//
-	// This field follows the format of the X-Registry-Auth header.
-	EncodedRegistryAuth string
-
-	// TODO(stevvooe): Consider moving the version parameter of ServiceUpdate
-	// into this field. While it does open API users up to racy writes, most
-	// users may not need that level of consistency in practice.
-
-	// RegistryAuthFrom specifies where to find the registry authorization
-	// credentials if they are not given in EncodedRegistryAuth. Valid
-	// values are "spec" and "previous-spec".
-	RegistryAuthFrom string
-
-	// Rollback indicates whether a server-side rollback should be
-	// performed. When this is set, the provided spec will be ignored.
-	// The valid values are "previous" and "none". An empty value is the
-	// same as "none".
-	Rollback string
-
-	// QueryRegistry indicates whether the service update requires
-	// contacting a registry. A registry may be contacted to retrieve
-	// the image digest and manifest, which in turn can be used to update
-	// platform or other information about the service.
-	QueryRegistry bool
-}
-
-// ServiceListOptions holds parameters to list services with.
-type ServiceListOptions struct {
-	Filters filters.Args
-
-	// Status indicates whether the server should include the service task
-	// count of running and desired tasks.
-	Status bool
-}
-
-// ServiceInspectOptions holds parameters related to the "service inspect"
-// operation.
-type ServiceInspectOptions struct {
-	InsertDefaults bool
-}
diff --git a/vendor/github.com/docker/docker/api/types/swarm/service_create_response.go b/vendor/github.com/moby/moby/api/types/swarm/service_create_response.go
similarity index 73%
rename from vendor/github.com/docker/docker/api/types/swarm/service_create_response.go
rename to vendor/github.com/moby/moby/api/types/swarm/service_create_response.go
index 9a268ff1b9..ebbc097d90 100644
--- a/vendor/github.com/docker/docker/api/types/swarm/service_create_response.go
+++ b/vendor/github.com/moby/moby/api/types/swarm/service_create_response.go
@@ -1,3 +1,5 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
 package swarm
 
 // This file was generated by the swagger tool.
@@ -10,11 +12,13 @@ package swarm
 type ServiceCreateResponse struct {
 
 	// The ID of the created service.
+	// Example: ak7w3gjqoa3kuz8xcpnyy0pvl
 	ID string `json:"ID,omitempty"`
 
 	// Optional warning message.
 	//
 	// FIXME(thaJeztah): this should have "omitempty" in the generated type.
 	//
+	// Example: ["unable to pin image doesnotexist:latest to digest: image library/doesnotexist:latest not found"]
 	Warnings []string `json:"Warnings"`
 }
diff --git a/vendor/github.com/docker/docker/api/types/swarm/service_update_response.go b/vendor/github.com/moby/moby/api/types/swarm/service_update_response.go
similarity index 66%
rename from vendor/github.com/docker/docker/api/types/swarm/service_update_response.go
rename to vendor/github.com/moby/moby/api/types/swarm/service_update_response.go
index 0417467dae..b7649096a0 100644
--- a/vendor/github.com/docker/docker/api/types/swarm/service_update_response.go
+++ b/vendor/github.com/moby/moby/api/types/swarm/service_update_response.go
@@ -1,9 +1,13 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
 package swarm
 
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
 
 // ServiceUpdateResponse service update response
+// Example: {"Warnings":["unable to pin image doesnotexist:latest to digest: image library/doesnotexist:latest not found"]}
+//
 // swagger:model ServiceUpdateResponse
 type ServiceUpdateResponse struct {
 
diff --git a/vendor/github.com/docker/docker/api/types/swarm/swarm.go b/vendor/github.com/moby/moby/api/types/swarm/swarm.go
similarity index 92%
rename from vendor/github.com/docker/docker/api/types/swarm/swarm.go
rename to vendor/github.com/moby/moby/api/types/swarm/swarm.go
index 38f3e6666d..8421850310 100644
--- a/vendor/github.com/docker/docker/api/types/swarm/swarm.go
+++ b/vendor/github.com/moby/moby/api/types/swarm/swarm.go
@@ -1,6 +1,7 @@
 package swarm
 
 import (
+	"net/netip"
 	"time"
 )
 
@@ -12,7 +13,7 @@ type ClusterInfo struct {
 	Spec                   Spec
 	TLSInfo                TLSInfo
 	RootRotationInProgress bool
-	DefaultAddrPool        []string
+	DefaultAddrPool        []netip.Prefix
 	SubnetSize             uint32
 	DataPathPort           uint32
 }
@@ -159,7 +160,7 @@ type InitRequest struct {
 	Spec             Spec
 	AutoLockManagers bool
 	Availability     NodeAvailability
-	DefaultAddrPool  []string
+	DefaultAddrPool  []netip.Prefix
 	SubnetSize       uint32
 }
 
@@ -213,29 +214,12 @@ type Info struct {
 	Warnings []string `json:",omitempty"`
 }
 
-// Status provides information about the current swarm status and role,
-// obtained from the "Swarm" header in the API response.
-type Status struct {
-	// NodeState represents the state of the node.
-	NodeState LocalNodeState
-
-	// ControlAvailable indicates if the node is a swarm manager.
-	ControlAvailable bool
-}
-
 // Peer represents a peer.
 type Peer struct {
 	NodeID string
 	Addr   string
 }
 
-// UpdateFlags contains flags for SwarmUpdate.
-type UpdateFlags struct {
-	RotateWorkerToken      bool
-	RotateManagerToken     bool
-	RotateManagerUnlockKey bool
-}
-
 // UnlockKeyResponse contains the response for Engine API:
 // GET /swarm/unlockkey
 type UnlockKeyResponse struct {
diff --git a/vendor/github.com/docker/docker/api/types/swarm/task.go b/vendor/github.com/moby/moby/api/types/swarm/task.go
similarity index 91%
rename from vendor/github.com/docker/docker/api/types/swarm/task.go
rename to vendor/github.com/moby/moby/api/types/swarm/task.go
index e143f844fa..e2633037df 100644
--- a/vendor/github.com/docker/docker/api/types/swarm/task.go
+++ b/vendor/github.com/moby/moby/api/types/swarm/task.go
@@ -2,8 +2,6 @@ package swarm
 
 import (
 	"time"
-
-	"github.com/docker/docker/api/types/filters"
 )
 
 // TaskState represents the state of a task.
@@ -111,14 +109,14 @@ type Limit struct {
 	Pids        int64 `json:",omitempty"`
 }
 
-// GenericResource represents a "user defined" resource which can
+// GenericResource represents a "user-defined" resource which can
 // be either an integer (e.g: SSD=3) or a string (e.g: SSD=sda1)
 type GenericResource struct {
 	NamedResourceSpec    *NamedGenericResource    `json:",omitempty"`
 	DiscreteResourceSpec *DiscreteGenericResource `json:",omitempty"`
 }
 
-// NamedGenericResource represents a "user defined" resource which is defined
+// NamedGenericResource represents a "user-defined" resource which is defined
 // as a string.
 // "Kind" is used to describe the Kind of a resource (e.g: "GPU", "FPGA", "SSD", ...)
 // Value is used to identify the resource (GPU="UUID-1", FPGA="/dev/sdb5", ...)
@@ -127,7 +125,7 @@ type NamedGenericResource struct {
 	Value string `json:",omitempty"`
 }
 
-// DiscreteGenericResource represents a "user defined" resource which is defined
+// DiscreteGenericResource represents a "user-defined" resource which is defined
 // as an integer
 // "Kind" is used to describe the Kind of a resource (e.g: "GPU", "FPGA", "SSD", ...)
 // Value is used to count the resource (SSD=5, HDD=3, ...)
@@ -140,6 +138,17 @@ type DiscreteGenericResource struct {
 type ResourceRequirements struct {
 	Limits       *Limit     `json:",omitempty"`
 	Reservations *Resources `json:",omitempty"`
+
+	// Amount of swap in bytes - can only be used together with a memory limit
+	// -1 means unlimited
+	// a null pointer keeps the default behaviour of granting twice the memory
+	// amount in swap
+	SwapBytes *int64 `json:"SwapBytes,omitzero"`
+
+	// Tune container memory swappiness (0 to 100) - if not specified, defaults
+	// to the container OS's default - generally 60, or the value predefined in
+	// the image; set to -1 to unset a previously set value
+	MemorySwappiness *int64 `json:"MemorySwappiness,omitzero"`
 }
 
 // Placement represents orchestration parameters.
@@ -223,8 +232,3 @@ type VolumeAttachment struct {
 	// in the ContainerSpec, that this volume fulfills.
 	Target string `json:",omitempty"`
 }
-
-// TaskListOptions holds parameters to list tasks with.
-type TaskListOptions struct {
-	Filters filters.Args
-}
diff --git a/vendor/github.com/moby/moby/api/types/system/disk_usage.go b/vendor/github.com/moby/moby/api/types/system/disk_usage.go
new file mode 100644
index 0000000000..33230aed23
--- /dev/null
+++ b/vendor/github.com/moby/moby/api/types/system/disk_usage.go
@@ -0,0 +1,31 @@
+package system
+
+import (
+	"github.com/moby/moby/api/types/build"
+	"github.com/moby/moby/api/types/container"
+	"github.com/moby/moby/api/types/image"
+	"github.com/moby/moby/api/types/volume"
+)
+
+// DiskUsageObject represents an object type used for disk usage query filtering.
+type DiskUsageObject string
+
+const (
+	// ContainerObject represents a container DiskUsageObject.
+	ContainerObject DiskUsageObject = "container"
+	// ImageObject represents an image DiskUsageObject.
+	ImageObject DiskUsageObject = "image"
+	// VolumeObject represents a volume DiskUsageObject.
+	VolumeObject DiskUsageObject = "volume"
+	// BuildCacheObject represents a build-cache DiskUsageObject.
+	BuildCacheObject DiskUsageObject = "build-cache"
+)
+
+// DiskUsage contains response of Engine API:
+// GET "/system/df"
+type DiskUsage struct {
+	ImageUsage      *image.DiskUsage     `json:"ImageUsage,omitempty"`
+	ContainerUsage  *container.DiskUsage `json:"ContainerUsage,omitempty"`
+	VolumeUsage     *volume.DiskUsage    `json:"VolumeUsage,omitempty"`
+	BuildCacheUsage *build.DiskUsage     `json:"BuildCacheUsage,omitempty"`
+}
diff --git a/vendor/github.com/docker/docker/api/types/system/info.go b/vendor/github.com/moby/moby/api/types/system/info.go
similarity index 80%
rename from vendor/github.com/docker/docker/api/types/system/info.go
rename to vendor/github.com/moby/moby/api/types/system/info.go
index 0f39099d8a..20df949e42 100644
--- a/vendor/github.com/docker/docker/api/types/system/info.go
+++ b/vendor/github.com/moby/moby/api/types/system/info.go
@@ -1,32 +1,28 @@
 package system
 
 import (
-	"github.com/docker/docker/api/types/container"
-	"github.com/docker/docker/api/types/registry"
-	"github.com/docker/docker/api/types/swarm"
+	"net/netip"
+
+	"github.com/moby/moby/api/types/container"
+	"github.com/moby/moby/api/types/registry"
+	"github.com/moby/moby/api/types/swarm"
 )
 
 // Info contains response of Engine API:
 // GET "/info"
 type Info struct {
-	ID                string
-	Containers        int
-	ContainersRunning int
-	ContainersPaused  int
-	ContainersStopped int
-	Images            int
-	Driver            string
-	DriverStatus      [][2]string
-	SystemStatus      [][2]string `json:",omitempty"` // SystemStatus is only propagated by the Swarm standalone API
-	Plugins           PluginsInfo
-	MemoryLimit       bool
-	SwapLimit         bool
-	KernelMemory      bool `json:",omitempty"` // Deprecated: kernel 5.4 deprecated kmem.limit_in_bytes
-	// KernelMemoryLimit is not supported on cgroups v2.
-	//
-	// Deprecated: This field is deprecated and will be removed in the next release.
-	// Starting with kernel 6.12, the kernel has deprecated kernel memory tcp accounting
-	KernelMemoryTCP    bool `json:",omitempty"` // KernelMemoryTCP is not supported on cgroups v2.
+	ID                 string
+	Containers         int
+	ContainersRunning  int
+	ContainersPaused   int
+	ContainersStopped  int
+	Images             int
+	Driver             string
+	DriverStatus       [][2]string
+	SystemStatus       [][2]string `json:",omitempty"` // SystemStatus is only propagated by the Swarm standalone API
+	Plugins            PluginsInfo
+	MemoryLimit        bool
+	SwapLimit          bool
 	CPUCfsPeriod       bool `json:"CpuCfsPeriod"`
 	CPUCfsQuota        bool `json:"CpuCfsQuota"`
 	CPUShares          bool
@@ -78,6 +74,7 @@ type Info struct {
 	FirewallBackend     *FirewallInfo        `json:"FirewallBackend,omitempty"`
 	CDISpecDirs         []string
 	DiscoveredDevices   []DeviceInfo `json:",omitempty"`
+	NRI                 *NRIInfo     `json:",omitempty"`
 
 	Containerd *ContainerdInfo `json:",omitempty"`
 
@@ -143,16 +140,11 @@ type PluginsInfo struct {
 type Commit struct {
 	// ID is the actual commit ID or version of external tool.
 	ID string
-
-	// Expected is the commit ID of external tool expected by dockerd as set at build time.
-	//
-	// Deprecated: this field is no longer used in API v1.49, but kept for backward-compatibility with older API versions.
-	Expected string `json:",omitempty"`
 }
 
 // NetworkAddressPool is a temp struct used by [Info] struct.
 type NetworkAddressPool struct {
-	Base string
+	Base netip.Prefix
 	Size int
 }
 
@@ -172,3 +164,8 @@ type DeviceInfo struct {
 	// Example: CDI FQDN like "vendor.com/gpu=0", or other driver-specific device ID
 	ID string `json:"ID"`
 }
+
+// NRIInfo describes the NRI configuration.
+type NRIInfo struct {
+	Info [][2]string `json:"Info,omitempty"`
+}
diff --git a/vendor/github.com/docker/docker/api/types/system/runtime.go b/vendor/github.com/moby/moby/api/types/system/runtime.go
similarity index 79%
rename from vendor/github.com/docker/docker/api/types/system/runtime.go
rename to vendor/github.com/moby/moby/api/types/system/runtime.go
index d077295a0d..33cad36746 100644
--- a/vendor/github.com/docker/docker/api/types/system/runtime.go
+++ b/vendor/github.com/moby/moby/api/types/system/runtime.go
@@ -9,8 +9,8 @@ type Runtime struct {
 
 	// Shimv2 runtime configuration. Mutually exclusive with the legacy config above.
 
-	Type    string                 `json:"runtimeType,omitempty"`
-	Options map[string]interface{} `json:"options,omitempty"`
+	Type    string         `json:"runtimeType,omitempty"`
+	Options map[string]any `json:"options,omitempty"`
 }
 
 // RuntimeWithStatus extends [Runtime] to hold [RuntimeStatus].
diff --git a/vendor/github.com/moby/moby/api/types/system/version_response.go b/vendor/github.com/moby/moby/api/types/system/version_response.go
new file mode 100644
index 0000000000..61cd1b6e2f
--- /dev/null
+++ b/vendor/github.com/moby/moby/api/types/system/version_response.go
@@ -0,0 +1,58 @@
+package system
+
+// VersionResponse contains information about the Docker server host.
+// GET "/version"
+type VersionResponse struct {
+	// Platform is the platform (product name) the server is running on.
+	Platform PlatformInfo `json:",omitempty"`
+
+	// Version is the version of the daemon.
+	Version string
+
+	// APIVersion is the highest API version supported by the server.
+	APIVersion string `json:"ApiVersion"`
+
+	// MinAPIVersion is the minimum API version the server supports.
+	MinAPIVersion string `json:"MinAPIVersion,omitempty"`
+
+	// Os is the operating system the server runs on.
+	Os string
+
+	// Arch is the hardware architecture the server runs on.
+	Arch string
+
+	// Components contains version information for the components making
+	// up the server. Information in this field is for informational
+	// purposes, and not part of the API contract.
+	Components []ComponentVersion `json:",omitempty"`
+
+	// The following fields are deprecated, they relate to the Engine component and are kept for backwards compatibility
+
+	GitCommit     string `json:",omitempty"`
+	GoVersion     string `json:",omitempty"`
+	KernelVersion string `json:",omitempty"`
+	Experimental  bool   `json:",omitempty"`
+	BuildTime     string `json:",omitempty"`
+}
+
+// PlatformInfo holds information about the platform (product name) the
+// server is running on.
+type PlatformInfo struct {
+	// Name is the name of the platform (for example, "Docker Engine - Community",
+	// or "Docker Desktop 4.49.0 (208003)")
+	Name string
+}
+
+// ComponentVersion describes the version information for a specific component.
+type ComponentVersion struct {
+	Name    string
+	Version string
+
+	// Details contains Key/value pairs of strings with additional information
+	// about the component. These values are intended for informational purposes
+	// only, and their content is not defined, and not part of the API
+	// specification.
+	//
+	// These messages can be printed by the client as information to the user.
+	Details map[string]string `json:",omitempty"`
+}
diff --git a/vendor/github.com/moby/moby/api/types/types.go b/vendor/github.com/moby/moby/api/types/types.go
new file mode 100644
index 0000000000..5da64796e8
--- /dev/null
+++ b/vendor/github.com/moby/moby/api/types/types.go
@@ -0,0 +1,33 @@
+package types
+
+// MediaType represents an HTTP media type (MIME type) used in API
+// Content-Type and Accept headers.
+//
+// In addition to standard media types (for example, "application/json"),
+// this package defines vendor-specific vendor media types for streaming
+// endpoints, such as raw TTY streams and multiplexed stdout/stderr streams.
+type MediaType = string
+
+const (
+	// MediaTypeRawStream is a vendor-specific media type for raw TTY streams.
+	MediaTypeRawStream MediaType = "application/vnd.docker.raw-stream"
+
+	// MediaTypeMultiplexedStream is a vendor-specific media type for streams
+	// where stdin, stdout, and stderr are multiplexed into a single byte stream.
+	//
+	// Use stdcopy.StdCopy (https://pkg.go.dev/github.com/moby/moby/api/pkg/stdcopy)
+	// to demultiplex the stream.
+	MediaTypeMultiplexedStream MediaType = "application/vnd.docker.multiplexed-stream"
+
+	// MediaTypeJSON is the media type for JSON objects.
+	MediaTypeJSON MediaType = "application/json"
+
+	// MediaTypeNDJSON is the media type for newline-delimited JSON streams (https://github.com/ndjson/ndjson-spec).
+	MediaTypeNDJSON MediaType = "application/x-ndjson"
+
+	// MediaTypeJSONLines is the media type for JSON Lines streams (https://jsonlines.org/).
+	MediaTypeJSONLines MediaType = "application/jsonl"
+
+	// MediaTypeJSONSequence is the media type for JSON text sequences (RFC 7464).
+	MediaTypeJSONSequence MediaType = "application/json-seq"
+)
diff --git a/vendor/github.com/docker/docker/api/types/volume/cluster_volume.go b/vendor/github.com/moby/moby/api/types/volume/cluster_volume.go
similarity index 99%
rename from vendor/github.com/docker/docker/api/types/volume/cluster_volume.go
rename to vendor/github.com/moby/moby/api/types/volume/cluster_volume.go
index 618a481620..07b75d12a0 100644
--- a/vendor/github.com/docker/docker/api/types/volume/cluster_volume.go
+++ b/vendor/github.com/moby/moby/api/types/volume/cluster_volume.go
@@ -1,7 +1,7 @@
 package volume
 
 import (
-	"github.com/docker/docker/api/types/swarm"
+	"github.com/moby/moby/api/types/swarm"
 )
 
 // ClusterVolume contains options and information specific to, and only present
diff --git a/vendor/github.com/docker/docker/api/types/volume/create_options.go b/vendor/github.com/moby/moby/api/types/volume/create_request.go
similarity index 65%
rename from vendor/github.com/docker/docker/api/types/volume/create_options.go
rename to vendor/github.com/moby/moby/api/types/volume/create_request.go
index 37c41a6096..3217df8270 100644
--- a/vendor/github.com/docker/docker/api/types/volume/create_options.go
+++ b/vendor/github.com/moby/moby/api/types/volume/create_request.go
@@ -1,29 +1,36 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
 package volume
 
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
 
-// CreateOptions VolumeConfig
+// CreateRequest VolumeConfig
 //
-// Volume configuration
-// swagger:model CreateOptions
-type CreateOptions struct {
+// # Volume configuration
+//
+// swagger:model CreateRequest
+type CreateRequest struct {
 
 	// cluster volume spec
 	ClusterVolumeSpec *ClusterVolumeSpec `json:"ClusterVolumeSpec,omitempty"`
 
 	// Name of the volume driver to use.
+	// Example: custom
 	Driver string `json:"Driver,omitempty"`
 
 	// A mapping of driver options and values. These options are
 	// passed directly to the driver and are driver specific.
 	//
+	// Example: {"device":"tmpfs","o":"size=100m,uid=1000","type":"tmpfs"}
 	DriverOpts map[string]string `json:"DriverOpts,omitempty"`
 
 	// User-defined key/value metadata.
+	// Example: {"com.example.some-label":"some-value","com.example.some-other-label":"some-other-value"}
 	Labels map[string]string `json:"Labels,omitempty"`
 
 	// The new volume's name. If not specified, Docker generates a name.
 	//
+	// Example: tardis
 	Name string `json:"Name,omitempty"`
 }
diff --git a/vendor/github.com/moby/moby/api/types/volume/disk_usage.go b/vendor/github.com/moby/moby/api/types/volume/disk_usage.go
new file mode 100644
index 0000000000..e2afbac659
--- /dev/null
+++ b/vendor/github.com/moby/moby/api/types/volume/disk_usage.go
@@ -0,0 +1,36 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package volume
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+// DiskUsage represents system data usage for volume resources.
+//
+// swagger:model DiskUsage
+type DiskUsage struct {
+
+	// Count of active volumes.
+	//
+	// Example: 1
+	ActiveCount int64 `json:"ActiveCount,omitempty"`
+
+	// List of volumes.
+	//
+	Items []Volume `json:"Items,omitempty"`
+
+	// Disk space that can be reclaimed by removing inactive volumes.
+	//
+	// Example: 12345678
+	Reclaimable int64 `json:"Reclaimable,omitempty"`
+
+	// Count of all volumes.
+	//
+	// Example: 4
+	TotalCount int64 `json:"TotalCount,omitempty"`
+
+	// Disk space in use by volumes.
+	//
+	// Example: 98765432
+	TotalSize int64 `json:"TotalSize,omitempty"`
+}
diff --git a/vendor/github.com/docker/docker/api/types/volume/list_response.go b/vendor/github.com/moby/moby/api/types/volume/list_response.go
similarity index 74%
rename from vendor/github.com/docker/docker/api/types/volume/list_response.go
rename to vendor/github.com/moby/moby/api/types/volume/list_response.go
index ca5192a2a9..f257762f09 100644
--- a/vendor/github.com/docker/docker/api/types/volume/list_response.go
+++ b/vendor/github.com/moby/moby/api/types/volume/list_response.go
@@ -1,3 +1,5 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
 package volume
 
 // This file was generated by the swagger tool.
@@ -5,14 +7,16 @@ package volume
 
 // ListResponse VolumeListResponse
 //
-// Volume list response
+// # Volume list response
+//
 // swagger:model ListResponse
 type ListResponse struct {
 
 	// List of volumes
-	Volumes []*Volume `json:"Volumes"`
+	Volumes []Volume `json:"Volumes"`
 
 	// Warnings that occurred when fetching the list of volumes.
 	//
+	// Example: []
 	Warnings []string `json:"Warnings"`
 }
diff --git a/vendor/github.com/docker/docker/api/types/volume/options.go b/vendor/github.com/moby/moby/api/types/volume/prune_report.go
similarity index 52%
rename from vendor/github.com/docker/docker/api/types/volume/options.go
rename to vendor/github.com/moby/moby/api/types/volume/prune_report.go
index 875524fbc2..7f501d01a7 100644
--- a/vendor/github.com/docker/docker/api/types/volume/options.go
+++ b/vendor/github.com/moby/moby/api/types/volume/prune_report.go
@@ -1,12 +1,5 @@
 package volume
 
-import "github.com/docker/docker/api/types/filters"
-
-// ListOptions holds parameters to list volumes.
-type ListOptions struct {
-	Filters filters.Args
-}
-
 // PruneReport contains the response for Engine API:
 // POST "/volumes/prune"
 type PruneReport struct {
diff --git a/vendor/github.com/docker/docker/api/types/volume/volume.go b/vendor/github.com/moby/moby/api/types/volume/volume.go
similarity index 81%
rename from vendor/github.com/docker/docker/api/types/volume/volume.go
rename to vendor/github.com/moby/moby/api/types/volume/volume.go
index ea7d555e5b..524ebfb8ac 100644
--- a/vendor/github.com/docker/docker/api/types/volume/volume.go
+++ b/vendor/github.com/moby/moby/api/types/volume/volume.go
@@ -1,9 +1,12 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
 package volume
 
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
 
 // Volume volume
+//
 // swagger:model Volume
 type Volume struct {
 
@@ -11,33 +14,41 @@ type Volume struct {
 	ClusterVolume *ClusterVolume `json:"ClusterVolume,omitempty"`
 
 	// Date/Time the volume was created.
+	// Example: 2016-06-07T20:31:11.853781916Z
 	CreatedAt string `json:"CreatedAt,omitempty"`
 
 	// Name of the volume driver used by the volume.
+	// Example: custom
 	// Required: true
 	Driver string `json:"Driver"`
 
 	// User-defined key/value metadata.
+	// Example: {"com.example.some-label":"some-value","com.example.some-other-label":"some-other-value"}
 	// Required: true
 	Labels map[string]string `json:"Labels"`
 
 	// Mount path of the volume on the host.
+	// Example: /var/lib/docker/volumes/tardis
 	// Required: true
 	Mountpoint string `json:"Mountpoint"`
 
 	// Name of the volume.
+	// Example: tardis
 	// Required: true
 	Name string `json:"Name"`
 
 	// The driver specific options used when creating the volume.
 	//
+	// Example: {"device":"tmpfs","o":"size=100m,uid=1000","type":"tmpfs"}
 	// Required: true
 	Options map[string]string `json:"Options"`
 
 	// The level at which the volume exists. Either `global` for cluster-wide,
 	// or `local` for machine level.
 	//
+	// Example: local
 	// Required: true
+	// Enum: ["local","global"]
 	Scope string `json:"Scope"`
 
 	// Low-level details about the volume, provided by the volume driver.
@@ -47,7 +58,8 @@ type Volume struct {
 	// The `Status` field is optional, and is omitted if the volume driver
 	// does not support this feature.
 	//
-	Status map[string]interface{} `json:"Status,omitempty"`
+	// Example: {"hello":"world"}
+	Status map[string]any `json:"Status,omitempty"`
 
 	// usage data
 	UsageData *UsageData `json:"UsageData,omitempty"`
diff --git a/vendor/github.com/moby/moby/client/LICENSE b/vendor/github.com/moby/moby/client/LICENSE
new file mode 100644
index 0000000000..d645695673
--- /dev/null
+++ b/vendor/github.com/moby/moby/client/LICENSE
@@ -0,0 +1,202 @@
+
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright [yyyy] [name of copyright owner]
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
diff --git a/vendor/github.com/moby/moby/client/README.md b/vendor/github.com/moby/moby/client/README.md
new file mode 100644
index 0000000000..aed3e641d9
--- /dev/null
+++ b/vendor/github.com/moby/moby/client/README.md
@@ -0,0 +1,57 @@
+# Go client for the Docker Engine API
+
+[![PkgGoDev](https://pkg.go.dev/badge/github.com/moby/moby/client)](https://pkg.go.dev/github.com/moby/moby/client)
+![GitHub License](https://img.shields.io/github/license/moby/moby)
+[![Go Report Card](https://goreportcard.com/badge/github.com/moby/moby/client)](https://goreportcard.com/report/github.com/moby/moby/client)
+[![OpenSSF Scorecard](https://api.scorecard.dev/projects/github.com/moby/moby/badge)](https://scorecard.dev/viewer/?uri=github.com/moby/moby)
+[![OpenSSF Best Practices](https://www.bestpractices.dev/projects/10989/badge)](https://www.bestpractices.dev/projects/10989)
+
+The `docker` command uses this package to communicate with the daemon. It can
+also be used by your own Go applications to do anything the command-line
+interface does; running containers, pulling or pushing images, etc.
+
+For example, to list all containers (the equivalent of `docker ps --all`):
+
+```go
+package main
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/moby/moby/client"
+)
+
+func main() {
+	// Create a new client with "client.FromEnv" (configuring the client
+	// from commonly used environment variables such as DOCKER_HOST and
+	// DOCKER_API_VERSION) and set a custom User-Agent.
+	//
+	// API-version negotiation is enabled by default to allow downgrading
+	// the API version when connecting with an older daemon version.
+	apiClient, err := client.New(
+		client.FromEnv,
+		client.WithUserAgent("my-application/1.0.0"),
+	)
+	if err != nil {
+		panic(err)
+	}
+	defer apiClient.Close()
+
+	// List all containers (both stopped and running).
+	result, err := apiClient.ContainerList(context.Background(), client.ContainerListOptions{
+		All: true,
+	})
+	if err != nil {
+		panic(err)
+	}
+
+	// Print each container's ID, status and the image it was created from.
+	fmt.Printf("%s  %-22s  %s\n", "ID", "STATUS", "IMAGE")
+	for _, ctr := range result.Items {
+		fmt.Printf("%s  %-22s  %s\n", ctr.ID, ctr.Status, ctr.Image)
+	}
+}
+```
+
+Full documentation is available on [pkg.go.dev](https://pkg.go.dev/github.com/moby/moby/client).
diff --git a/vendor/github.com/moby/moby/client/auth.go b/vendor/github.com/moby/moby/client/auth.go
new file mode 100644
index 0000000000..8baf39d2cf
--- /dev/null
+++ b/vendor/github.com/moby/moby/client/auth.go
@@ -0,0 +1,14 @@
+package client
+
+import (
+	"context"
+
+	"github.com/moby/moby/api/types/registry"
+)
+
+// staticAuth creates a privilegeFn from the given registryAuth.
+func staticAuth(registryAuth string) registry.RequestAuthConfig {
+	return func(ctx context.Context) (string, error) {
+		return registryAuth, nil
+	}
+}
diff --git a/vendor/github.com/moby/moby/client/build_cancel.go b/vendor/github.com/moby/moby/client/build_cancel.go
new file mode 100644
index 0000000000..a31dced979
--- /dev/null
+++ b/vendor/github.com/moby/moby/client/build_cancel.go
@@ -0,0 +1,23 @@
+package client
+
+import (
+	"context"
+	"net/url"
+)
+
+// BuildCancelOptions holds options for [Client.BuildCancel].
+type BuildCancelOptions struct{}
+
+// BuildCancelResult holds the result of [Client.BuildCancel].
+type BuildCancelResult struct{}
+
+// BuildCancel requests the daemon to cancel the ongoing build request
+// with the given id.
+func (cli *Client) BuildCancel(ctx context.Context, id string, _ BuildCancelOptions) (BuildCancelResult, error) {
+	query := url.Values{}
+	query.Set("id", id)
+
+	resp, err := cli.post(ctx, "/build/cancel", query, nil, nil)
+	defer ensureReaderClosed(resp)
+	return BuildCancelResult{}, err
+}
diff --git a/vendor/github.com/moby/moby/client/build_prune.go b/vendor/github.com/moby/moby/client/build_prune.go
new file mode 100644
index 0000000000..a22e9685e2
--- /dev/null
+++ b/vendor/github.com/moby/moby/client/build_prune.go
@@ -0,0 +1,67 @@
+package client
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"net/url"
+	"strconv"
+
+	"github.com/moby/moby/api/types/build"
+	"github.com/moby/moby/client/pkg/versions"
+)
+
+// BuildCachePruneOptions hold parameters to prune the build cache.
+type BuildCachePruneOptions struct {
+	All           bool
+	ReservedSpace int64
+	MaxUsedSpace  int64
+	MinFreeSpace  int64
+	Filters       Filters
+}
+
+// BuildCachePruneResult holds the result from the BuildCachePrune method.
+type BuildCachePruneResult struct {
+	Report build.CachePruneReport
+}
+
+// BuildCachePrune requests the daemon to delete unused cache data.
+func (cli *Client) BuildCachePrune(ctx context.Context, opts BuildCachePruneOptions) (BuildCachePruneResult, error) {
+	var out BuildCachePruneResult
+	query := url.Values{}
+	if opts.All {
+		query.Set("all", "1")
+	}
+
+	if opts.ReservedSpace != 0 {
+		// Prior to API v1.48, 'keep-storage' was used to set the reserved space for the build cache.
+		// TODO(austinvazquez): remove once API v1.47 is no longer supported. See https://github.com/moby/moby/issues/50902
+		if versions.LessThanOrEqualTo(cli.version, "1.47") {
+			query.Set("keep-storage", strconv.Itoa(int(opts.ReservedSpace)))
+		} else {
+			query.Set("reserved-space", strconv.Itoa(int(opts.ReservedSpace)))
+		}
+	}
+	if opts.MaxUsedSpace != 0 {
+		query.Set("max-used-space", strconv.Itoa(int(opts.MaxUsedSpace)))
+	}
+	if opts.MinFreeSpace != 0 {
+		query.Set("min-free-space", strconv.Itoa(int(opts.MinFreeSpace)))
+	}
+	opts.Filters.updateURLValues(query)
+
+	resp, err := cli.post(ctx, "/build/prune", query, nil, nil)
+	defer ensureReaderClosed(resp)
+
+	if err != nil {
+		return BuildCachePruneResult{}, err
+	}
+
+	report := build.CachePruneReport{}
+	if err := json.NewDecoder(resp.Body).Decode(&report); err != nil {
+		return BuildCachePruneResult{}, fmt.Errorf("error retrieving disk usage: %w", err)
+	}
+
+	out.Report = report
+	return out, nil
+}
diff --git a/vendor/github.com/moby/moby/client/checkpoint_create.go b/vendor/github.com/moby/moby/client/checkpoint_create.go
new file mode 100644
index 0000000000..b3ba5459d0
--- /dev/null
+++ b/vendor/github.com/moby/moby/client/checkpoint_create.go
@@ -0,0 +1,36 @@
+package client
+
+import (
+	"context"
+
+	"github.com/moby/moby/api/types/checkpoint"
+)
+
+// CheckpointCreateOptions holds parameters to create a checkpoint from a container.
+type CheckpointCreateOptions struct {
+	CheckpointID  string
+	CheckpointDir string
+	Exit          bool
+}
+
+// CheckpointCreateResult holds the result from [client.CheckpointCreate].
+type CheckpointCreateResult struct {
+	// Add future fields here
+}
+
+// CheckpointCreate creates a checkpoint from the given container.
+func (cli *Client) CheckpointCreate(ctx context.Context, containerID string, options CheckpointCreateOptions) (CheckpointCreateResult, error) {
+	containerID, err := trimID("container", containerID)
+	if err != nil {
+		return CheckpointCreateResult{}, err
+	}
+	requestBody := checkpoint.CreateRequest{
+		CheckpointID:  options.CheckpointID,
+		CheckpointDir: options.CheckpointDir,
+		Exit:          options.Exit,
+	}
+
+	resp, err := cli.post(ctx, "/containers/"+containerID+"/checkpoints", nil, requestBody, nil)
+	defer ensureReaderClosed(resp)
+	return CheckpointCreateResult{}, err
+}
diff --git a/vendor/github.com/moby/moby/client/checkpoint_list.go b/vendor/github.com/moby/moby/client/checkpoint_list.go
new file mode 100644
index 0000000000..5815f836a1
--- /dev/null
+++ b/vendor/github.com/moby/moby/client/checkpoint_list.go
@@ -0,0 +1,38 @@
+package client
+
+import (
+	"context"
+	"encoding/json"
+	"net/url"
+
+	"github.com/moby/moby/api/types/checkpoint"
+)
+
+// CheckpointListOptions holds parameters to list checkpoints for a container.
+type CheckpointListOptions struct {
+	CheckpointDir string
+}
+
+// CheckpointListResult holds the result from the CheckpointList method.
+type CheckpointListResult struct {
+	Items []checkpoint.Summary
+}
+
+// CheckpointList returns the checkpoints of the given container in the docker host.
+func (cli *Client) CheckpointList(ctx context.Context, container string, options CheckpointListOptions) (CheckpointListResult, error) {
+	var out CheckpointListResult
+
+	query := url.Values{}
+	if options.CheckpointDir != "" {
+		query.Set("dir", options.CheckpointDir)
+	}
+
+	resp, err := cli.get(ctx, "/containers/"+container+"/checkpoints", query, nil)
+	defer ensureReaderClosed(resp)
+	if err != nil {
+		return out, err
+	}
+
+	err = json.NewDecoder(resp.Body).Decode(&out.Items)
+	return out, err
+}
diff --git a/vendor/github.com/moby/moby/client/checkpoint_remove.go b/vendor/github.com/moby/moby/client/checkpoint_remove.go
new file mode 100644
index 0000000000..8042c50882
--- /dev/null
+++ b/vendor/github.com/moby/moby/client/checkpoint_remove.go
@@ -0,0 +1,34 @@
+package client
+
+import (
+	"context"
+	"net/url"
+)
+
+// CheckpointRemoveOptions holds parameters to delete a checkpoint from a container.
+type CheckpointRemoveOptions struct {
+	CheckpointID  string
+	CheckpointDir string
+}
+
+// CheckpointRemoveResult represents the result of [Client.CheckpointRemove].
+type CheckpointRemoveResult struct {
+	// No fields currently; placeholder for future use.
+}
+
+// CheckpointRemove deletes the checkpoint with the given name from the given container.
+func (cli *Client) CheckpointRemove(ctx context.Context, containerID string, options CheckpointRemoveOptions) (CheckpointRemoveResult, error) {
+	containerID, err := trimID("container", containerID)
+	if err != nil {
+		return CheckpointRemoveResult{}, err
+	}
+
+	query := url.Values{}
+	if options.CheckpointDir != "" {
+		query.Set("dir", options.CheckpointDir)
+	}
+
+	resp, err := cli.delete(ctx, "/containers/"+containerID+"/checkpoints/"+options.CheckpointID, query, nil)
+	defer ensureReaderClosed(resp)
+	return CheckpointRemoveResult{}, err
+}
diff --git a/vendor/github.com/docker/docker/client/client.go b/vendor/github.com/moby/moby/client/client.go
similarity index 60%
rename from vendor/github.com/docker/docker/client/client.go
rename to vendor/github.com/moby/moby/client/client.go
index 8acfb7f490..89ba88ee5c 100644
--- a/vendor/github.com/docker/docker/client/client.go
+++ b/vendor/github.com/moby/moby/client/client.go
@@ -6,10 +6,10 @@ https://docs.docker.com/reference/api/engine/
 
 # Usage
 
-You use the library by constructing a client object using [NewClientWithOpts]
+You use the library by constructing a client object using [New]
 and calling methods on it. The client can be configured from environment
-variables by passing the [FromEnv] option, or configured manually by passing any
-of the other available [Opts].
+variables by passing the [FromEnv] option. Other options can be configured
+manually by passing any of the available [Opt] options.
 
 For example, to list running containers (the equivalent of "docker ps"):
 
@@ -18,24 +18,33 @@ For example, to list running containers (the equivalent of "docker ps"):
 	import (
 		"context"
 		"fmt"
+		"log"
 
-		"github.com/docker/docker/api/types/container"
-		"github.com/docker/docker/client"
+		"github.com/moby/moby/client"
 	)
 
 	func main() {
-		cli, err := client.NewClientWithOpts(client.FromEnv)
+		// Create a new client that handles common environment variables
+		// for configuration (DOCKER_HOST, DOCKER_API_VERSION), and does
+		// API-version negotiation to allow downgrading the API version
+		// when connecting with an older daemon version.
+		apiClient, err := client.New(client.FromEnv)
 		if err != nil {
-			panic(err)
+			log.Fatal(err)
 		}
 
-		containers, err := cli.ContainerList(context.Background(), container.ListOptions{})
+		// List all containers (both stopped and running).
+		result, err := apiClient.ContainerList(context.Background(), client.ContainerListOptions{
+			All: true,
+		})
 		if err != nil {
-			panic(err)
+			log.Fatal(err)
 		}
 
-		for _, ctr := range containers {
-			fmt.Printf("%s %s\n", ctr.ID, ctr.Image)
+		// Print each container's ID, status and the image it was created from.
+		fmt.Printf("%s  %-22s  %s\n", "ID", "STATUS", "IMAGE")
+		for _, ctr := range result.Items {
+			fmt.Printf("%s  %-22s  %s\n", ctr.ID, ctr.Status, ctr.Image)
 		}
 	}
 */
@@ -44,20 +53,23 @@ package client
 import (
 	"context"
 	"crypto/tls"
+	"errors"
+	"fmt"
 	"net"
 	"net/http"
 	"net/url"
 	"path"
+	"runtime"
+	"slices"
 	"strings"
 	"sync"
 	"sync/atomic"
 	"time"
 
-	"github.com/docker/docker/api"
-	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/api/types/versions"
+	cerrdefs "github.com/containerd/errdefs"
 	"github.com/docker/go-connections/sockets"
-	"github.com/pkg/errors"
+	"github.com/moby/moby/client/internal/mod"
+	"github.com/moby/moby/client/pkg/versions"
 	"go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp"
 )
 
@@ -91,12 +103,21 @@ import (
 // [Go stdlib]: https://github.com/golang/go/blob/6244b1946bc2101b01955468f1be502dbadd6807/src/net/http/transport.go#L558-L569
 const DummyHost = "api.moby.localhost"
 
-// fallbackAPIVersion is the version to fallback to if API-version negotiation
-// fails. This version is the highest version of the API before API-version
-// negotiation was introduced. If negotiation fails (or no API version was
-// included in the API response), we assume the API server uses the most
-// recent version before negotiation was introduced.
-const fallbackAPIVersion = "1.24"
+// MaxAPIVersion is the highest REST API version supported by the client.
+// If API-version negotiation is enabled, the client may downgrade its API version.
+// Similarly, the [WithAPIVersion] and [WithAPIVersionFromEnv] options allow
+// overriding the version and disable API-version negotiation.
+//
+// This version may be lower than the version of the api library module used.
+const MaxAPIVersion = "1.54"
+
+// MinAPIVersion is the minimum API version supported by the client. API versions
+// below this version are not considered when performing API-version negotiation.
+const MinAPIVersion = "1.40"
+
+// defaultUserAgent returns the default User-Agent to use if none is set.
+// It defaults to "moby-client/<module version> os/arch"
+var defaultUserAgent = sync.OnceValue(userAgent)
 
 // Ensure that Client always implements APIClient.
 var _ APIClient = &Client{}
@@ -104,35 +125,7 @@ var _ APIClient = &Client{}
 // Client is the API client that performs all operations
 // against a docker server.
 type Client struct {
-	// scheme sets the scheme for the client
-	scheme string
-	// host holds the server address to connect to
-	host string
-	// proto holds the client protocol i.e. unix.
-	proto string
-	// addr holds the client address.
-	addr string
-	// basePath holds the path to prepend to the requests.
-	basePath string
-	// client used to send and receive http requests.
-	client *http.Client
-	// version of the server to talk to.
-	version string
-	// userAgent is the User-Agent header to use for HTTP requests. It takes
-	// precedence over User-Agent headers set in customHTTPHeaders, and other
-	// header variables. When set to an empty string, the User-Agent header
-	// is removed, and no header is sent.
-	userAgent *string
-	// custom HTTP headers configured by users.
-	customHTTPHeaders map[string]string
-	// manualOverride is set to true when the version was set by users.
-	manualOverride bool
-
-	// negotiateVersion indicates if the client should automatically negotiate
-	// the API version to use when making requests. API version negotiation is
-	// performed on the first request, after which negotiated is set to "true"
-	// so that subsequent requests do not re-negotiate.
-	negotiateVersion bool
+	clientConfig
 
 	// negotiated indicates that API version negotiation took place
 	negotiated atomic.Bool
@@ -140,8 +133,6 @@ type Client struct {
 	// negotiateLock is used to single-flight the version negotiation process
 	negotiateLock sync.Mutex
 
-	traceOpts []otelhttp.Option
-
 	// When the client transport is an *http.Transport (default) we need to do some extra things (like closing idle connections).
 	// Store the original transport as the http.Client transport will be wrapped with tracing libs.
 	baseTransport *http.Transport
@@ -172,21 +163,32 @@ func CheckRedirect(_ *http.Request, via []*http.Request) error {
 	return ErrRedirect
 }
 
-// NewClientWithOpts initializes a new API client with a default HTTPClient, and
+// NewClientWithOpts initializes a new API client.
+//
+// Deprecated: use [New]. This function will be removed in the next release.
+//
+//go:fix inline
+func NewClientWithOpts(ops ...Opt) (*Client, error) {
+	return New(ops...)
+}
+
+// New initializes a new API client with a default HTTPClient, and
 // default API host and version. It also initializes the custom HTTP headers to
 // add to each request.
 //
 // It takes an optional list of [Opt] functional arguments, which are applied in
 // the order they're provided, which allows modifying the defaults when creating
 // the client. For example, the following initializes a client that configures
-// itself with values from environment variables ([FromEnv]), and has automatic
-// API version negotiation enabled ([WithAPIVersionNegotiation]).
+// itself with values from environment variables ([FromEnv]).
 //
-//	cli, err := client.NewClientWithOpts(
-//		client.FromEnv,
-//		client.WithAPIVersionNegotiation(),
-//	)
-func NewClientWithOpts(ops ...Opt) (*Client, error) {
+// By default, the client automatically negotiates the API version to use when
+// making requests. API version negotiation is performed on the first request;
+// subsequent requests do not re-negotiate. Use [WithAPIVersion] or
+// [WithAPIVersionFromEnv] to configure the client with a fixed API version
+// and disable API version negotiation.
+//
+//	cli, err := client.New(client.FromEnv)
+func New(ops ...Opt) (*Client, error) {
 	hostURL, err := ParseHostURL(DefaultDockerHost)
 	if err != nil {
 		return nil, err
@@ -197,25 +199,36 @@ func NewClientWithOpts(ops ...Opt) (*Client, error) {
 		return nil, err
 	}
 	c := &Client{
-		host:    DefaultDockerHost,
-		version: api.DefaultVersion,
-		client:  client,
-		proto:   hostURL.Scheme,
-		addr:    hostURL.Host,
-
-		traceOpts: []otelhttp.Option{
-			otelhttp.WithSpanNameFormatter(func(_ string, req *http.Request) string {
-				return req.Method + " " + req.URL.Path
-			}),
+		clientConfig: clientConfig{
+			host:    DefaultDockerHost,
+			version: MaxAPIVersion,
+			client:  client,
+			proto:   hostURL.Scheme,
+			addr:    hostURL.Host,
+			traceOpts: []otelhttp.Option{
+				otelhttp.WithSpanNameFormatter(func(_ string, req *http.Request) string {
+					return req.Method + " " + req.URL.Path
+				}),
+			},
 		},
 	}
+	cfg := &c.clientConfig
 
 	for _, op := range ops {
-		if err := op(c); err != nil {
+		if op == nil {
+			continue
+		}
+		if err := op(cfg); err != nil {
 			return nil, err
 		}
 	}
 
+	if cfg.envAPIVersion != "" {
+		c.setAPIVersion(cfg.envAPIVersion)
+	} else if cfg.manualAPIVersion != "" {
+		c.setAPIVersion(cfg.manualAPIVersion)
+	}
+
 	if tr, ok := c.client.Transport.(*http.Transport); ok {
 		// Store the base transport before we wrap it in tracing libs below
 		// This is used, as an example, to close idle connections when the client is closed
@@ -237,6 +250,13 @@ func NewClientWithOpts(ops ...Opt) (*Client, error) {
 
 	c.client.Transport = otelhttp.NewTransport(c.client.Transport, c.traceOpts...)
 
+	if len(cfg.responseHooks) > 0 {
+		c.client.Transport = &responseHookTransport{
+			base:  c.client.Transport,
+			hooks: slices.Clone(cfg.responseHooks),
+		}
+	}
+
 	return c, nil
 }
 
@@ -281,23 +301,13 @@ func (cli *Client) Close() error {
 // be negotiated when making the actual requests, and for which cases
 // we cannot do the negotiation lazily.
 func (cli *Client) checkVersion(ctx context.Context) error {
-	if !cli.manualOverride && cli.negotiateVersion && !cli.negotiated.Load() {
-		// Ensure exclusive write access to version and negotiated fields
-		cli.negotiateLock.Lock()
-		defer cli.negotiateLock.Unlock()
-
-		// May have been set during last execution of critical zone
-		if cli.negotiated.Load() {
-			return nil
-		}
-
-		ping, err := cli.Ping(ctx)
-		if err != nil {
-			return err
-		}
-		cli.negotiateAPIVersionPing(ping)
+	if cli.negotiated.Load() {
+		return nil
 	}
-	return nil
+	_, err := cli.Ping(ctx, PingOptions{
+		NegotiateAPIVersion: true,
+	})
+	return err
 }
 
 // getAPIPath returns the versioned request path to call the API.
@@ -318,82 +328,46 @@ func (cli *Client) ClientVersion() string {
 	return cli.version
 }
 
-// NegotiateAPIVersion queries the API and updates the version to match the API
-// version. NegotiateAPIVersion downgrades the client's API version to match the
-// APIVersion if the ping version is lower than the default version. If the API
-// version reported by the server is higher than the maximum version supported
-// by the client, it uses the client's maximum version.
+// negotiateAPIVersion updates the version to match the API version from
+// the ping response.
 //
-// If a manual override is in place, either through the "DOCKER_API_VERSION"
-// ([EnvOverrideAPIVersion]) environment variable, or if the client is initialized
-// with a fixed version ([WithVersion]), no negotiation is performed.
-//
-// If the API server's ping response does not contain an API version, or if the
-// client did not get a successful ping response, it assumes it is connected with
-// an old daemon that does not support API version negotiation, in which case it
-// downgrades to the latest version of the API before version negotiation was
-// added (1.24).
-func (cli *Client) NegotiateAPIVersion(ctx context.Context) {
-	if !cli.manualOverride {
-		// Avoid concurrent modification of version-related fields
-		cli.negotiateLock.Lock()
-		defer cli.negotiateLock.Unlock()
-
-		ping, err := cli.Ping(ctx)
-		if err != nil {
-			// FIXME(thaJeztah): Ping returns an error when failing to connect to the API; we should not swallow the error here, and instead returning it.
-			return
-		}
-		cli.negotiateAPIVersionPing(ping)
+// It returns an error if version is invalid, or lower than the minimum
+// supported API version in which case the client's API version is not
+// updated, and negotiation is not marked as completed.
+func (cli *Client) negotiateAPIVersion(pingVersion string) error {
+	var err error
+	pingVersion, err = parseAPIVersion(pingVersion)
+	if err != nil {
+		return err
 	}
-}
 
-// NegotiateAPIVersionPing downgrades the client's API version to match the
-// APIVersion in the ping response. If the API version in pingResponse is higher
-// than the maximum version supported by the client, it uses the client's maximum
-// version.
-//
-// If a manual override is in place, either through the "DOCKER_API_VERSION"
-// ([EnvOverrideAPIVersion]) environment variable, or if the client is initialized
-// with a fixed version ([WithVersion]), no negotiation is performed.
-//
-// If the API server's ping response does not contain an API version, we assume
-// we are connected with an old daemon without API version negotiation support,
-// and downgrade to the latest version of the API before version negotiation was
-// added (1.24).
-func (cli *Client) NegotiateAPIVersionPing(pingResponse types.Ping) {
-	if !cli.manualOverride {
-		// Avoid concurrent modification of version-related fields
-		cli.negotiateLock.Lock()
-		defer cli.negotiateLock.Unlock()
-
-		cli.negotiateAPIVersionPing(pingResponse)
-	}
-}
-
-// negotiateAPIVersionPing queries the API and updates the version to match the
-// API version from the ping response.
-func (cli *Client) negotiateAPIVersionPing(pingResponse types.Ping) {
-	// default to the latest version before versioning headers existed
-	if pingResponse.APIVersion == "" {
-		pingResponse.APIVersion = fallbackAPIVersion
+	if versions.LessThan(pingVersion, MinAPIVersion) {
+		return cerrdefs.ErrInvalidArgument.WithMessage(fmt.Sprintf("API version %s is not supported by this client: the minimum supported API version is %s", pingVersion, MinAPIVersion))
 	}
 
 	// if the client is not initialized with a version, start with the latest supported version
-	if cli.version == "" {
-		cli.version = api.DefaultVersion
+	negotiatedVersion := cli.version
+	if negotiatedVersion == "" {
+		negotiatedVersion = MaxAPIVersion
 	}
 
 	// if server version is lower than the client version, downgrade
-	if versions.LessThan(pingResponse.APIVersion, cli.version) {
-		cli.version = pingResponse.APIVersion
+	if versions.LessThan(pingVersion, negotiatedVersion) {
+		negotiatedVersion = pingVersion
 	}
 
 	// Store the results, so that automatic API version negotiation (if enabled)
 	// won't be performed on the next request.
-	if cli.negotiateVersion {
-		cli.negotiated.Store(true)
-	}
+	cli.setAPIVersion(negotiatedVersion)
+	return nil
+}
+
+// setAPIVersion sets the client's API version and marks API version negotiation
+// as completed, so that automatic API version negotiation (if enabled) won't
+// be performed on the next request.
+func (cli *Client) setAPIVersion(version string) {
+	cli.version = version
+	cli.negotiated.Store(true)
 }
 
 // DaemonHost returns the host address used by the client
@@ -401,18 +375,12 @@ func (cli *Client) DaemonHost() string {
 	return cli.host
 }
 
-// HTTPClient returns a copy of the HTTP client bound to the server
-func (cli *Client) HTTPClient() *http.Client {
-	c := *cli.client
-	return &c
-}
-
 // ParseHostURL parses a url string, validates the string is a host url, and
 // returns the parsed URL
 func ParseHostURL(host string) (*url.URL, error) {
 	proto, addr, ok := strings.Cut(host, "://")
 	if !ok || addr == "" {
-		return nil, errors.Errorf("unable to parse docker host `%s`", host)
+		return nil, fmt.Errorf("unable to parse docker host `%s`", host)
 	}
 
 	var basePath string
@@ -474,3 +442,14 @@ func (cli *Client) dialer() func(context.Context) (net.Conn, error) {
 		}
 	}
 }
+
+func userAgent() string {
+	const defaultVersion = "v0.0.0+unknown"
+	const moduleName = "github.com/moby/moby/client"
+
+	version := defaultVersion
+	if v := mod.Version(moduleName); v != "" {
+		version = v
+	}
+	return "moby-client/" + version + " " + runtime.GOOS + "/" + runtime.GOARCH
+}
diff --git a/vendor/github.com/moby/moby/client/client_interfaces.go b/vendor/github.com/moby/moby/client/client_interfaces.go
new file mode 100644
index 0000000000..4bbd45a6e5
--- /dev/null
+++ b/vendor/github.com/moby/moby/client/client_interfaces.go
@@ -0,0 +1,242 @@
+package client
+
+import (
+	"context"
+	"io"
+	"net"
+)
+
+// APIClient is an interface that clients that talk with a docker server must implement.
+type APIClient interface {
+	stableAPIClient
+	CheckpointAPIClient // CheckpointAPIClient is still experimental.
+}
+
+type stableAPIClient interface {
+	ConfigAPIClient
+	ContainerAPIClient
+	DistributionAPIClient
+	RegistrySearchClient
+	ExecAPIClient
+	ImageBuildAPIClient
+	ImageAPIClient
+	NetworkAPIClient
+	PluginAPIClient
+	SystemAPIClient
+	VolumeAPIClient
+	ClientVersion() string
+	DaemonHost() string
+	ServerVersion(ctx context.Context, options ServerVersionOptions) (ServerVersionResult, error)
+	HijackDialer
+	Dialer() func(context.Context) (net.Conn, error)
+	Close() error
+	SwarmManagementAPIClient
+}
+
+// SwarmManagementAPIClient defines all methods for managing Swarm-specific
+// objects.
+type SwarmManagementAPIClient interface {
+	SwarmAPIClient
+	NodeAPIClient
+	ServiceAPIClient
+	TaskAPIClient
+	SecretAPIClient
+	ConfigAPIClient
+}
+
+// HijackDialer defines methods for a hijack dialer.
+type HijackDialer interface {
+	DialHijack(ctx context.Context, url, proto string, meta map[string][]string) (net.Conn, error)
+}
+
+// CheckpointAPIClient defines API client methods for the checkpoints.
+//
+// Experimental: checkpoint and restore is still an experimental feature,
+// and only available if the daemon is running with experimental features
+// enabled.
+type CheckpointAPIClient interface {
+	CheckpointCreate(ctx context.Context, container string, options CheckpointCreateOptions) (CheckpointCreateResult, error)
+	CheckpointRemove(ctx context.Context, container string, options CheckpointRemoveOptions) (CheckpointRemoveResult, error)
+	CheckpointList(ctx context.Context, container string, options CheckpointListOptions) (CheckpointListResult, error)
+}
+
+// ContainerAPIClient defines API client methods for the containers
+type ContainerAPIClient interface {
+	ContainerCreate(ctx context.Context, options ContainerCreateOptions) (ContainerCreateResult, error)
+	ContainerInspect(ctx context.Context, container string, options ContainerInspectOptions) (ContainerInspectResult, error)
+	ContainerList(ctx context.Context, options ContainerListOptions) (ContainerListResult, error)
+	ContainerUpdate(ctx context.Context, container string, updateConfig ContainerUpdateOptions) (ContainerUpdateResult, error)
+	ContainerRemove(ctx context.Context, container string, options ContainerRemoveOptions) (ContainerRemoveResult, error)
+	ContainerPrune(ctx context.Context, opts ContainerPruneOptions) (ContainerPruneResult, error)
+
+	ContainerLogs(ctx context.Context, container string, options ContainerLogsOptions) (ContainerLogsResult, error)
+
+	ContainerStart(ctx context.Context, container string, options ContainerStartOptions) (ContainerStartResult, error)
+	ContainerStop(ctx context.Context, container string, options ContainerStopOptions) (ContainerStopResult, error)
+	ContainerRestart(ctx context.Context, container string, options ContainerRestartOptions) (ContainerRestartResult, error)
+	ContainerPause(ctx context.Context, container string, options ContainerPauseOptions) (ContainerPauseResult, error)
+	ContainerUnpause(ctx context.Context, container string, options ContainerUnpauseOptions) (ContainerUnpauseResult, error)
+	ContainerWait(ctx context.Context, container string, options ContainerWaitOptions) ContainerWaitResult
+	ContainerKill(ctx context.Context, container string, options ContainerKillOptions) (ContainerKillResult, error)
+
+	ContainerRename(ctx context.Context, container string, options ContainerRenameOptions) (ContainerRenameResult, error)
+	ContainerResize(ctx context.Context, container string, options ContainerResizeOptions) (ContainerResizeResult, error)
+	ContainerAttach(ctx context.Context, container string, options ContainerAttachOptions) (ContainerAttachResult, error)
+	ContainerCommit(ctx context.Context, container string, options ContainerCommitOptions) (ContainerCommitResult, error)
+	ContainerDiff(ctx context.Context, container string, options ContainerDiffOptions) (ContainerDiffResult, error)
+	ContainerExport(ctx context.Context, container string, options ContainerExportOptions) (ContainerExportResult, error)
+
+	ContainerStats(ctx context.Context, container string, options ContainerStatsOptions) (ContainerStatsResult, error)
+	ContainerTop(ctx context.Context, container string, options ContainerTopOptions) (ContainerTopResult, error)
+
+	ContainerStatPath(ctx context.Context, container string, options ContainerStatPathOptions) (ContainerStatPathResult, error)
+	CopyFromContainer(ctx context.Context, container string, options CopyFromContainerOptions) (CopyFromContainerResult, error)
+	CopyToContainer(ctx context.Context, container string, options CopyToContainerOptions) (CopyToContainerResult, error)
+}
+
+type ExecAPIClient interface {
+	ExecCreate(ctx context.Context, container string, options ExecCreateOptions) (ExecCreateResult, error)
+	ExecInspect(ctx context.Context, execID string, options ExecInspectOptions) (ExecInspectResult, error)
+	ExecResize(ctx context.Context, execID string, options ExecResizeOptions) (ExecResizeResult, error)
+
+	ExecStart(ctx context.Context, execID string, options ExecStartOptions) (ExecStartResult, error)
+	ExecAttach(ctx context.Context, execID string, options ExecAttachOptions) (ExecAttachResult, error)
+}
+
+// DistributionAPIClient defines API client methods for the registry
+type DistributionAPIClient interface {
+	DistributionInspect(ctx context.Context, image string, options DistributionInspectOptions) (DistributionInspectResult, error)
+}
+
+type RegistrySearchClient interface {
+	ImageSearch(ctx context.Context, term string, options ImageSearchOptions) (ImageSearchResult, error)
+}
+
+// ImageBuildAPIClient defines API client methods for building images
+// using the REST API.
+type ImageBuildAPIClient interface {
+	ImageBuild(ctx context.Context, context io.Reader, options ImageBuildOptions) (ImageBuildResult, error)
+	BuildCachePrune(ctx context.Context, opts BuildCachePruneOptions) (BuildCachePruneResult, error)
+	BuildCancel(ctx context.Context, id string, opts BuildCancelOptions) (BuildCancelResult, error)
+}
+
+// ImageAPIClient defines API client methods for the images
+type ImageAPIClient interface {
+	ImageImport(ctx context.Context, source ImageImportSource, ref string, options ImageImportOptions) (ImageImportResult, error)
+
+	ImageList(ctx context.Context, options ImageListOptions) (ImageListResult, error)
+	ImagePull(ctx context.Context, ref string, options ImagePullOptions) (ImagePullResponse, error)
+	ImagePush(ctx context.Context, ref string, options ImagePushOptions) (ImagePushResponse, error)
+	ImageRemove(ctx context.Context, image string, options ImageRemoveOptions) (ImageRemoveResult, error)
+	ImageTag(ctx context.Context, options ImageTagOptions) (ImageTagResult, error)
+	ImagePrune(ctx context.Context, opts ImagePruneOptions) (ImagePruneResult, error)
+
+	ImageInspect(ctx context.Context, image string, _ ...ImageInspectOption) (ImageInspectResult, error)
+	ImageHistory(ctx context.Context, image string, _ ...ImageHistoryOption) (ImageHistoryResult, error)
+
+	ImageLoad(ctx context.Context, input io.Reader, _ ...ImageLoadOption) (ImageLoadResult, error)
+	ImageSave(ctx context.Context, images []string, _ ...ImageSaveOption) (ImageSaveResult, error)
+}
+
+// NetworkAPIClient defines API client methods for the networks
+type NetworkAPIClient interface {
+	NetworkCreate(ctx context.Context, name string, options NetworkCreateOptions) (NetworkCreateResult, error)
+	NetworkInspect(ctx context.Context, network string, options NetworkInspectOptions) (NetworkInspectResult, error)
+	NetworkList(ctx context.Context, options NetworkListOptions) (NetworkListResult, error)
+	NetworkRemove(ctx context.Context, network string, options NetworkRemoveOptions) (NetworkRemoveResult, error)
+	NetworkPrune(ctx context.Context, opts NetworkPruneOptions) (NetworkPruneResult, error)
+
+	NetworkConnect(ctx context.Context, network string, options NetworkConnectOptions) (NetworkConnectResult, error)
+	NetworkDisconnect(ctx context.Context, network string, options NetworkDisconnectOptions) (NetworkDisconnectResult, error)
+}
+
+// NodeAPIClient defines API client methods for the nodes
+type NodeAPIClient interface {
+	NodeInspect(ctx context.Context, nodeID string, options NodeInspectOptions) (NodeInspectResult, error)
+	NodeList(ctx context.Context, options NodeListOptions) (NodeListResult, error)
+	NodeUpdate(ctx context.Context, nodeID string, options NodeUpdateOptions) (NodeUpdateResult, error)
+	NodeRemove(ctx context.Context, nodeID string, options NodeRemoveOptions) (NodeRemoveResult, error)
+}
+
+// PluginAPIClient defines API client methods for the plugins
+type PluginAPIClient interface {
+	PluginCreate(ctx context.Context, createContext io.Reader, options PluginCreateOptions) (PluginCreateResult, error)
+	PluginInstall(ctx context.Context, name string, options PluginInstallOptions) (PluginInstallResult, error)
+	PluginInspect(ctx context.Context, name string, options PluginInspectOptions) (PluginInspectResult, error)
+	PluginList(ctx context.Context, options PluginListOptions) (PluginListResult, error)
+	PluginRemove(ctx context.Context, name string, options PluginRemoveOptions) (PluginRemoveResult, error)
+
+	PluginEnable(ctx context.Context, name string, options PluginEnableOptions) (PluginEnableResult, error)
+	PluginDisable(ctx context.Context, name string, options PluginDisableOptions) (PluginDisableResult, error)
+	PluginUpgrade(ctx context.Context, name string, options PluginUpgradeOptions) (PluginUpgradeResult, error)
+	PluginPush(ctx context.Context, name string, options PluginPushOptions) (PluginPushResult, error)
+	PluginSet(ctx context.Context, name string, options PluginSetOptions) (PluginSetResult, error)
+}
+
+// ServiceAPIClient defines API client methods for the services
+type ServiceAPIClient interface {
+	ServiceCreate(ctx context.Context, options ServiceCreateOptions) (ServiceCreateResult, error)
+	ServiceInspect(ctx context.Context, serviceID string, options ServiceInspectOptions) (ServiceInspectResult, error)
+	ServiceList(ctx context.Context, options ServiceListOptions) (ServiceListResult, error)
+	ServiceUpdate(ctx context.Context, serviceID string, options ServiceUpdateOptions) (ServiceUpdateResult, error)
+	ServiceRemove(ctx context.Context, serviceID string, options ServiceRemoveOptions) (ServiceRemoveResult, error)
+
+	ServiceLogs(ctx context.Context, serviceID string, options ServiceLogsOptions) (ServiceLogsResult, error)
+}
+
+// TaskAPIClient defines API client methods to manage swarm tasks.
+type TaskAPIClient interface {
+	TaskInspect(ctx context.Context, taskID string, options TaskInspectOptions) (TaskInspectResult, error)
+	TaskList(ctx context.Context, options TaskListOptions) (TaskListResult, error)
+
+	TaskLogs(ctx context.Context, taskID string, options TaskLogsOptions) (TaskLogsResult, error)
+}
+
+// SwarmAPIClient defines API client methods for the swarm
+type SwarmAPIClient interface {
+	SwarmInit(ctx context.Context, options SwarmInitOptions) (SwarmInitResult, error)
+	SwarmJoin(ctx context.Context, options SwarmJoinOptions) (SwarmJoinResult, error)
+	SwarmInspect(ctx context.Context, options SwarmInspectOptions) (SwarmInspectResult, error)
+	SwarmUpdate(ctx context.Context, options SwarmUpdateOptions) (SwarmUpdateResult, error)
+	SwarmLeave(ctx context.Context, options SwarmLeaveOptions) (SwarmLeaveResult, error)
+
+	SwarmGetUnlockKey(ctx context.Context) (SwarmGetUnlockKeyResult, error)
+	SwarmUnlock(ctx context.Context, options SwarmUnlockOptions) (SwarmUnlockResult, error)
+}
+
+// SystemAPIClient defines API client methods for the system
+type SystemAPIClient interface {
+	Events(ctx context.Context, options EventsListOptions) EventsResult
+	Info(ctx context.Context, options InfoOptions) (SystemInfoResult, error)
+	RegistryLogin(ctx context.Context, auth RegistryLoginOptions) (RegistryLoginResult, error)
+	DiskUsage(ctx context.Context, options DiskUsageOptions) (DiskUsageResult, error)
+	Ping(ctx context.Context, options PingOptions) (PingResult, error)
+}
+
+// VolumeAPIClient defines API client methods for the volumes
+type VolumeAPIClient interface {
+	VolumeCreate(ctx context.Context, options VolumeCreateOptions) (VolumeCreateResult, error)
+	VolumeInspect(ctx context.Context, volumeID string, options VolumeInspectOptions) (VolumeInspectResult, error)
+	VolumeList(ctx context.Context, options VolumeListOptions) (VolumeListResult, error)
+	VolumeUpdate(ctx context.Context, volumeID string, options VolumeUpdateOptions) (VolumeUpdateResult, error)
+	VolumeRemove(ctx context.Context, volumeID string, options VolumeRemoveOptions) (VolumeRemoveResult, error)
+	VolumePrune(ctx context.Context, options VolumePruneOptions) (VolumePruneResult, error)
+}
+
+// SecretAPIClient defines API client methods for secrets
+type SecretAPIClient interface {
+	SecretCreate(ctx context.Context, options SecretCreateOptions) (SecretCreateResult, error)
+	SecretInspect(ctx context.Context, id string, options SecretInspectOptions) (SecretInspectResult, error)
+	SecretList(ctx context.Context, options SecretListOptions) (SecretListResult, error)
+	SecretUpdate(ctx context.Context, id string, options SecretUpdateOptions) (SecretUpdateResult, error)
+	SecretRemove(ctx context.Context, id string, options SecretRemoveOptions) (SecretRemoveResult, error)
+}
+
+// ConfigAPIClient defines API client methods for configs
+type ConfigAPIClient interface {
+	ConfigCreate(ctx context.Context, options ConfigCreateOptions) (ConfigCreateResult, error)
+	ConfigInspect(ctx context.Context, id string, options ConfigInspectOptions) (ConfigInspectResult, error)
+	ConfigList(ctx context.Context, options ConfigListOptions) (ConfigListResult, error)
+	ConfigUpdate(ctx context.Context, id string, options ConfigUpdateOptions) (ConfigUpdateResult, error)
+	ConfigRemove(ctx context.Context, id string, options ConfigRemoveOptions) (ConfigRemoveResult, error)
+}
diff --git a/vendor/github.com/moby/moby/client/client_options.go b/vendor/github.com/moby/moby/client/client_options.go
new file mode 100644
index 0000000000..3992557230
--- /dev/null
+++ b/vendor/github.com/moby/moby/client/client_options.go
@@ -0,0 +1,427 @@
+package client
+
+import (
+	"context"
+	"crypto/tls"
+	"errors"
+	"fmt"
+	"net"
+	"net/http"
+	"os"
+	"path/filepath"
+	"strings"
+	"time"
+
+	cerrdefs "github.com/containerd/errdefs"
+	"github.com/docker/go-connections/sockets"
+	"github.com/docker/go-connections/tlsconfig"
+	"go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp"
+	"go.opentelemetry.io/otel/trace"
+)
+
+type clientConfig struct {
+	// scheme sets the scheme for the client
+	scheme string
+	// host holds the server address to connect to
+	host string
+	// proto holds the client protocol i.e. unix.
+	proto string
+	// addr holds the client address.
+	addr string
+	// basePath holds the path to prepend to the requests.
+	basePath string
+	// client used to send and receive http requests.
+	client *http.Client
+	// version of the server to talk to.
+	version string
+	// userAgent is the User-Agent header to use for HTTP requests. It takes
+	// precedence over User-Agent headers set in customHTTPHeaders, and other
+	// header variables. When set to an empty string, the User-Agent header
+	// is removed, and no header is sent.
+	userAgent *string
+	// custom HTTP headers configured by users.
+	customHTTPHeaders map[string]string
+
+	// manualAPIVersion contains the API version set by users. This field
+	// will only be non-empty if a valid-formed version was set through
+	// [WithAPIVersion].
+	//
+	// If both manualAPIVersion and envAPIVersion are set, manualAPIVersion
+	// takes precedence. Either field disables API-version negotiation.
+	manualAPIVersion string
+
+	// envAPIVersion contains the API version set by users. This field
+	// will only be non-empty if a valid-formed version was set through
+	// [WithAPIVersionFromEnv].
+	//
+	// If both manualAPIVersion and envAPIVersion are set, manualAPIVersion
+	// takes precedence. Either field disables API-version negotiation.
+	envAPIVersion string
+
+	// responseHooks is a list of custom response hooks to call on responses.
+	responseHooks []ResponseHook
+
+	// traceOpts is a list of options to configure the tracing span.
+	traceOpts []otelhttp.Option
+}
+
+// ResponseHook is called for each HTTP response returned by the daemon.
+// Hooks are invoked in the order they were added.
+//
+// Hooks must not read or close resp.Body.
+type ResponseHook func(*http.Response)
+
+// Opt is a configuration option to initialize a [Client].
+type Opt func(*clientConfig) error
+
+// FromEnv configures the client with values from environment variables. It
+// is the equivalent of using the [WithTLSClientConfigFromEnv], [WithHostFromEnv],
+// and [WithAPIVersionFromEnv] options.
+//
+// FromEnv uses the following environment variables:
+//
+//   - DOCKER_HOST ([EnvOverrideHost]) to set the URL to the docker server.
+//   - DOCKER_API_VERSION ([EnvOverrideAPIVersion]) to set the version of the
+//     API to use, leave empty for latest.
+//   - DOCKER_CERT_PATH ([EnvOverrideCertPath]) to specify the directory from
+//     which to load the TLS certificates ("ca.pem", "cert.pem", "key.pem').
+//   - DOCKER_TLS_VERIFY ([EnvTLSVerify]) to enable or disable TLS verification
+//     (off by default).
+func FromEnv(c *clientConfig) error {
+	ops := []Opt{
+		WithTLSClientConfigFromEnv(),
+		WithHostFromEnv(),
+		WithAPIVersionFromEnv(),
+	}
+	for _, op := range ops {
+		if err := op(c); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+// WithDialContext applies the dialer to the client transport. This can be
+// used to set the Timeout and KeepAlive settings of the client. It returns
+// an error if the client does not have a [http.Transport] configured.
+func WithDialContext(dialContext func(ctx context.Context, network, addr string) (net.Conn, error)) Opt {
+	return func(c *clientConfig) error {
+		if transport, ok := c.client.Transport.(*http.Transport); ok {
+			transport.DialContext = dialContext
+			return nil
+		}
+		return fmt.Errorf("cannot apply dialer to transport: %T", c.client.Transport)
+	}
+}
+
+// WithHost overrides the client host with the specified one.
+func WithHost(host string) Opt {
+	return func(c *clientConfig) error {
+		hostURL, err := ParseHostURL(host)
+		if err != nil {
+			return err
+		}
+		c.host = host
+		c.proto = hostURL.Scheme
+		c.addr = hostURL.Host
+		c.basePath = hostURL.Path
+		if transport, ok := c.client.Transport.(*http.Transport); ok {
+			return sockets.ConfigureTransport(transport, c.proto, c.addr)
+		}
+		// For test transports, we skip transport configuration but still
+		// set the host fields so that the client can use them for headers
+		if _, ok := c.client.Transport.(testRoundTripper); ok {
+			return nil
+		}
+		return fmt.Errorf("cannot apply host to transport: %T", c.client.Transport)
+	}
+}
+
+// testRoundTripper allows us to inject a mock-transport for testing. We define it
+// here so we can detect the tlsconfig and return nil for only this type.
+type testRoundTripper func(*http.Request) (*http.Response, error)
+
+func (tf testRoundTripper) RoundTrip(req *http.Request) (*http.Response, error) {
+	return tf(req)
+}
+
+// WithHostFromEnv overrides the client host with the host specified in the
+// DOCKER_HOST ([EnvOverrideHost]) environment variable. If DOCKER_HOST is not set,
+// or set to an empty value, the host is not modified.
+func WithHostFromEnv() Opt {
+	return func(c *clientConfig) error {
+		if host := os.Getenv(EnvOverrideHost); host != "" {
+			return WithHost(host)(c)
+		}
+		return nil
+	}
+}
+
+// WithHTTPClient overrides the client's HTTP client with the specified one.
+func WithHTTPClient(client *http.Client) Opt {
+	return func(c *clientConfig) error {
+		if client != nil {
+			// Make a clone of client so modifications do not affect
+			// the caller's client. Clone here instead of in New()
+			// as other options (WithHost) also mutate c.client.
+			// Cloned clients share the same CookieJar as the
+			// original.
+			hc := *client
+			if ht, ok := hc.Transport.(*http.Transport); ok {
+				hc.Transport = ht.Clone()
+			}
+			c.client = &hc
+		}
+		return nil
+	}
+}
+
+// WithTimeout configures the time limit for requests made by the HTTP client.
+func WithTimeout(timeout time.Duration) Opt {
+	return func(c *clientConfig) error {
+		c.client.Timeout = timeout
+		return nil
+	}
+}
+
+// WithUserAgent configures the User-Agent header to use for HTTP requests.
+// It overrides any User-Agent set in headers. When set to an empty string,
+// the User-Agent header is removed, and no header is sent.
+func WithUserAgent(ua string) Opt {
+	return func(c *clientConfig) error {
+		c.userAgent = &ua
+		return nil
+	}
+}
+
+// WithHTTPHeaders appends custom HTTP headers to the client's default headers.
+// It does not allow overriding built-in headers (such as "User-Agent").
+// Also see [WithUserAgent].
+//
+// It replaces any existing custom headers. Keys are case-insensitive and
+// canonicalized using [http.CanonicalHeaderKey]. If multiple entries map
+// to the same canonical key, a [cerrdefs.ErrInvalidArgument] is returned.
+func WithHTTPHeaders(headers map[string]string) Opt {
+	return func(c *clientConfig) error {
+		c.customHTTPHeaders = make(map[string]string)
+		for k, v := range headers {
+			k = http.CanonicalHeaderKey(k)
+			_, ok := c.customHTTPHeaders[k]
+			if ok {
+				return cerrdefs.ErrInvalidArgument.WithMessage(fmt.Sprintf("duplicate custom HTTP header (%s)", k))
+			}
+			c.customHTTPHeaders[k] = v
+		}
+		return nil
+	}
+}
+
+// WithScheme overrides the client scheme with the specified one.
+func WithScheme(scheme string) Opt {
+	return func(c *clientConfig) error {
+		c.scheme = scheme
+		return nil
+	}
+}
+
+// WithTLSClientConfig configures the client's existing HTTP transport to use TLS.
+// The minimum TLS version is TLS 1.2.
+//
+// If caFile is non-empty, it specifies the CA certificate file to use for
+// server verification, and replaces the system root pool for that verification.
+// If certFile is empty, the system root pool is used.
+//
+// If either certFile or keyFile is set, both must point to readable files
+// containing a valid client certificate and unencrypted private key, or this
+// option returns an error.
+//
+// If both certPath and keyPath are empty, no client certificate is configured.
+// The connection will use TLS without client authentication (i.e., not mTLS).
+func WithTLSClientConfig(caFile, certFile, keyFile string) Opt {
+	return func(c *clientConfig) error {
+		transport, ok := c.client.Transport.(*http.Transport)
+		if !ok {
+			return fmt.Errorf("cannot configure TLS: unsupported HTTP transport %T", c.client.Transport)
+		}
+		config, err := tlsconfig.Client(tlsconfig.Options{
+			CAFile:             caFile,
+			CertFile:           certFile,
+			KeyFile:            keyFile,
+			ExclusiveRootPools: true,
+			MinVersion:         tls.VersionTLS12,
+		})
+		if err != nil {
+			return fmt.Errorf("configure TLS: %w", err)
+		}
+		transport.TLSClientConfig = config
+		return nil
+	}
+}
+
+// WithTLSClientConfigFromEnv configures the client for TLS using the
+// DOCKER_CERT_PATH ([EnvOverrideCertPath]) and DOCKER_TLS_VERIFY
+// ([EnvTLSVerify]) environment variables. The minimum TLS version is TLS 1.2.
+//
+// If DOCKER_CERT_PATH is unset or empty, this option leaves the client
+// unchanged.
+//
+// When DOCKER_CERT_PATH is set, the following files are loaded from that
+// directory:
+//
+//   - "ca.pem" as the CA certificate
+//   - "cert.pem" as the client certificate
+//   - "key.pem" as the client private key
+//
+// These files must exist, be readable, and contain valid TLS material, or this
+// option returns an error. A client certificate is always loaded from "cert.pem"
+// and "key.pem" (mTLS is expected).
+//
+// If DOCKER_TLS_VERIFY is set to a non-empty value, server certificate
+// verification is enabled. In that case, "ca.pem" is added to the system root
+// pool used for verification.
+//
+// If DOCKER_TLS_VERIFY is unset or empty, server certificate verification is
+// disabled.
+func WithTLSClientConfigFromEnv() Opt {
+	return func(c *clientConfig) error {
+		dockerCertPath := os.Getenv(EnvOverrideCertPath)
+		if dockerCertPath == "" {
+			return nil
+		}
+		tlsConfig, err := tlsconfig.Client(tlsconfig.Options{
+			CAFile:             filepath.Join(dockerCertPath, "ca.pem"),
+			CertFile:           filepath.Join(dockerCertPath, "cert.pem"),
+			KeyFile:            filepath.Join(dockerCertPath, "key.pem"),
+			InsecureSkipVerify: os.Getenv(EnvTLSVerify) == "",
+			MinVersion:         tls.VersionTLS12,
+		})
+		if err != nil {
+			return fmt.Errorf("configure TLS from %q: %w", EnvOverrideCertPath+"="+dockerCertPath, err)
+		}
+
+		// FIXME(thaJeztah): unlike WithTLSClientConfig, this option replaces the client's http.Client and transport; consider updating just the transport.
+		c.client = &http.Client{
+			Transport:     &http.Transport{TLSClientConfig: tlsConfig},
+			CheckRedirect: CheckRedirect,
+		}
+		return nil
+	}
+}
+
+// WithAPIVersion overrides the client's API version with the specified one,
+// and disables API version negotiation. If an empty version is provided,
+// this option is ignored to allow version negotiation. The given version
+// should be formatted "<major>.<minor>" (for example, "1.52"). It returns
+// an error if the given value not in the correct format.
+//
+// WithAPIVersion does not validate if the client supports the given version,
+// and callers should verify if the version lower than the maximum supported
+// version as defined by [MaxAPIVersion].
+//
+// [WithAPIVersionFromEnv] takes precedence if [WithAPIVersion] and
+// [WithAPIVersionFromEnv] are both set.
+func WithAPIVersion(version string) Opt {
+	return func(c *clientConfig) error {
+		version = strings.TrimSpace(version)
+		if val := strings.TrimPrefix(version, "v"); val != "" {
+			ver, err := parseAPIVersion(val)
+			if err != nil {
+				return fmt.Errorf("invalid API version (%s): %w", version, err)
+			}
+			c.manualAPIVersion = ver
+		}
+		return nil
+	}
+}
+
+// WithVersion overrides the client version with the specified one.
+//
+// Deprecated: use [WithAPIVersion] instead.
+//
+//go:fix inline
+func WithVersion(version string) Opt {
+	return WithAPIVersion(version)
+}
+
+// WithAPIVersionFromEnv overrides the client version with the version specified in
+// the DOCKER_API_VERSION ([EnvOverrideAPIVersion]) environment variable.
+// If DOCKER_API_VERSION is not set, or set to an empty value, the version
+// is not modified.
+//
+// WithAPIVersion does not validate if the client supports the given version,
+// and callers should verify if the version lower than the maximum supported
+// version as defined by [MaxAPIVersion].
+//
+// [WithAPIVersionFromEnv] takes precedence if [WithAPIVersion] and
+// [WithAPIVersionFromEnv] are both set.
+func WithAPIVersionFromEnv() Opt {
+	return func(c *clientConfig) error {
+		version := strings.TrimSpace(os.Getenv(EnvOverrideAPIVersion))
+		if val := strings.TrimPrefix(version, "v"); val != "" {
+			ver, err := parseAPIVersion(val)
+			if err != nil {
+				return fmt.Errorf("invalid API version (%s): %w", version, err)
+			}
+			c.envAPIVersion = ver
+		}
+		return nil
+	}
+}
+
+// WithVersionFromEnv overrides the client version with the version specified in
+// the DOCKER_API_VERSION ([EnvOverrideAPIVersion]) environment variable.
+//
+// Deprecated: use [WithAPIVersionFromEnv] instead.
+//
+//go:fix inline
+func WithVersionFromEnv() Opt {
+	return WithAPIVersionFromEnv()
+}
+
+// WithAPIVersionNegotiation enables automatic API version negotiation for the client.
+// With this option enabled, the client automatically negotiates the API version
+// to use when making requests. API version negotiation is performed on the first
+// request; subsequent requests do not re-negotiate.
+//
+// Deprecated: API-version negotiation is now enabled by default and this options
+// is now a no-op.
+//
+// Use [WithAPIVersion] or [WithAPIVersionFromEnv] to set a fixed API version
+// instead of using automatic negotiation.
+func WithAPIVersionNegotiation() Opt {
+	return func(c *clientConfig) error {
+		return nil
+	}
+}
+
+// WithTraceProvider sets the trace provider for the client.
+// If this is not set then the global trace provider is used.
+func WithTraceProvider(provider trace.TracerProvider) Opt {
+	return func(c *clientConfig) error {
+		c.traceOpts = append(c.traceOpts, otelhttp.WithTracerProvider(provider))
+		return nil
+	}
+}
+
+// WithTraceOptions sets tracing span options for the client.
+func WithTraceOptions(opts ...otelhttp.Option) Opt {
+	return func(c *clientConfig) error {
+		c.traceOpts = append(c.traceOpts, opts...)
+		return nil
+	}
+}
+
+// WithResponseHook adds a ResponseHook to the client. ResponseHooks are called
+// for each HTTP response returned by the daemon. Hooks are invoked in the order
+// they were added.
+//
+// Hooks must not read or close resp.Body.
+func WithResponseHook(h ResponseHook) Opt {
+	return func(c *clientConfig) error {
+		if h == nil {
+			return errors.New("invalid response hook: hook is nil")
+		}
+		c.responseHooks = append(c.responseHooks, h)
+		return nil
+	}
+}
diff --git a/vendor/github.com/moby/moby/client/client_responsehook.go b/vendor/github.com/moby/moby/client/client_responsehook.go
new file mode 100644
index 0000000000..7c93f111c7
--- /dev/null
+++ b/vendor/github.com/moby/moby/client/client_responsehook.go
@@ -0,0 +1,23 @@
+package client
+
+import (
+	"net/http"
+)
+
+type responseHookTransport struct {
+	base  http.RoundTripper
+	hooks []ResponseHook
+}
+
+func (t *responseHookTransport) RoundTrip(req *http.Request) (*http.Response, error) {
+	resp, err := t.base.RoundTrip(req)
+	if err != nil {
+		return resp, err
+	}
+
+	for _, h := range t.hooks {
+		h(resp)
+	}
+
+	return resp, nil
+}
diff --git a/vendor/github.com/docker/docker/client/client_unix.go b/vendor/github.com/moby/moby/client/client_unix.go
similarity index 100%
rename from vendor/github.com/docker/docker/client/client_unix.go
rename to vendor/github.com/moby/moby/client/client_unix.go
diff --git a/vendor/github.com/docker/docker/client/client_windows.go b/vendor/github.com/moby/moby/client/client_windows.go
similarity index 100%
rename from vendor/github.com/docker/docker/client/client_windows.go
rename to vendor/github.com/moby/moby/client/client_windows.go
diff --git a/vendor/github.com/moby/moby/client/config_create.go b/vendor/github.com/moby/moby/client/config_create.go
new file mode 100644
index 0000000000..874e2c947c
--- /dev/null
+++ b/vendor/github.com/moby/moby/client/config_create.go
@@ -0,0 +1,34 @@
+package client
+
+import (
+	"context"
+	"encoding/json"
+
+	"github.com/moby/moby/api/types/swarm"
+)
+
+// ConfigCreateOptions holds options for creating a config.
+type ConfigCreateOptions struct {
+	Spec swarm.ConfigSpec
+}
+
+// ConfigCreateResult holds the result from the ConfigCreate method.
+type ConfigCreateResult struct {
+	ID string
+}
+
+// ConfigCreate creates a new config.
+func (cli *Client) ConfigCreate(ctx context.Context, options ConfigCreateOptions) (ConfigCreateResult, error) {
+	resp, err := cli.post(ctx, "/configs/create", nil, options.Spec, nil)
+	defer ensureReaderClosed(resp)
+	if err != nil {
+		return ConfigCreateResult{}, err
+	}
+
+	var out swarm.ConfigCreateResponse
+	err = json.NewDecoder(resp.Body).Decode(&out)
+	if err != nil {
+		return ConfigCreateResult{}, err
+	}
+	return ConfigCreateResult{ID: out.ID}, nil
+}
diff --git a/vendor/github.com/moby/moby/client/config_inspect.go b/vendor/github.com/moby/moby/client/config_inspect.go
new file mode 100644
index 0000000000..0bf0ff7916
--- /dev/null
+++ b/vendor/github.com/moby/moby/client/config_inspect.go
@@ -0,0 +1,35 @@
+package client
+
+import (
+	"context"
+	"encoding/json"
+
+	"github.com/moby/moby/api/types/swarm"
+)
+
+// ConfigInspectOptions holds options for inspecting a config.
+type ConfigInspectOptions struct {
+	// Add future optional parameters here
+}
+
+// ConfigInspectResult holds the result from the ConfigInspect method.
+type ConfigInspectResult struct {
+	Config swarm.Config
+	Raw    json.RawMessage
+}
+
+// ConfigInspect returns the config information with raw data
+func (cli *Client) ConfigInspect(ctx context.Context, id string, options ConfigInspectOptions) (ConfigInspectResult, error) {
+	id, err := trimID("config", id)
+	if err != nil {
+		return ConfigInspectResult{}, err
+	}
+	resp, err := cli.get(ctx, "/configs/"+id, nil, nil)
+	if err != nil {
+		return ConfigInspectResult{}, err
+	}
+
+	var out ConfigInspectResult
+	out.Raw, err = decodeWithRaw(resp, &out.Config)
+	return out, err
+}
diff --git a/vendor/github.com/moby/moby/client/config_list.go b/vendor/github.com/moby/moby/client/config_list.go
new file mode 100644
index 0000000000..ee5e7fee7a
--- /dev/null
+++ b/vendor/github.com/moby/moby/client/config_list.go
@@ -0,0 +1,38 @@
+package client
+
+import (
+	"context"
+	"encoding/json"
+	"net/url"
+
+	"github.com/moby/moby/api/types/swarm"
+)
+
+// ConfigListOptions holds parameters to list configs
+type ConfigListOptions struct {
+	Filters Filters
+}
+
+// ConfigListResult holds the result from the [client.ConfigList] method.
+type ConfigListResult struct {
+	Items []swarm.Config
+}
+
+// ConfigList returns the list of configs.
+func (cli *Client) ConfigList(ctx context.Context, options ConfigListOptions) (ConfigListResult, error) {
+	query := url.Values{}
+	options.Filters.updateURLValues(query)
+
+	resp, err := cli.get(ctx, "/configs", query, nil)
+	defer ensureReaderClosed(resp)
+	if err != nil {
+		return ConfigListResult{}, err
+	}
+
+	var out ConfigListResult
+	err = json.NewDecoder(resp.Body).Decode(&out.Items)
+	if err != nil {
+		return ConfigListResult{}, err
+	}
+	return out, nil
+}
diff --git a/vendor/github.com/moby/moby/client/config_remove.go b/vendor/github.com/moby/moby/client/config_remove.go
new file mode 100644
index 0000000000..5cde5e1439
--- /dev/null
+++ b/vendor/github.com/moby/moby/client/config_remove.go
@@ -0,0 +1,27 @@
+package client
+
+import "context"
+
+// ConfigRemoveOptions holds options for [Client.ConfigRemove].
+type ConfigRemoveOptions struct {
+	// Add future optional parameters here
+}
+
+// ConfigRemoveResult holds the result of [Client.ConfigRemove].
+type ConfigRemoveResult struct {
+	// Add future fields here
+}
+
+// ConfigRemove removes a config.
+func (cli *Client) ConfigRemove(ctx context.Context, id string, options ConfigRemoveOptions) (ConfigRemoveResult, error) {
+	id, err := trimID("config", id)
+	if err != nil {
+		return ConfigRemoveResult{}, err
+	}
+	resp, err := cli.delete(ctx, "/configs/"+id, nil, nil)
+	defer ensureReaderClosed(resp)
+	if err != nil {
+		return ConfigRemoveResult{}, err
+	}
+	return ConfigRemoveResult{}, nil
+}
diff --git a/vendor/github.com/moby/moby/client/config_update.go b/vendor/github.com/moby/moby/client/config_update.go
new file mode 100644
index 0000000000..31bdd79569
--- /dev/null
+++ b/vendor/github.com/moby/moby/client/config_update.go
@@ -0,0 +1,33 @@
+package client
+
+import (
+	"context"
+	"net/url"
+
+	"github.com/moby/moby/api/types/swarm"
+)
+
+// ConfigUpdateOptions holds options for updating a config.
+type ConfigUpdateOptions struct {
+	Version swarm.Version
+	Spec    swarm.ConfigSpec
+}
+
+// ConfigUpdateResult holds the result of [Client.ConfigUpdate].
+type ConfigUpdateResult struct{}
+
+// ConfigUpdate attempts to update a config
+func (cli *Client) ConfigUpdate(ctx context.Context, id string, options ConfigUpdateOptions) (ConfigUpdateResult, error) {
+	id, err := trimID("config", id)
+	if err != nil {
+		return ConfigUpdateResult{}, err
+	}
+	query := url.Values{}
+	query.Set("version", options.Version.String())
+	resp, err := cli.post(ctx, "/configs/"+id+"/update", query, options.Spec, nil)
+	defer ensureReaderClosed(resp)
+	if err != nil {
+		return ConfigUpdateResult{}, err
+	}
+	return ConfigUpdateResult{}, nil
+}
diff --git a/vendor/github.com/moby/moby/client/container_attach.go b/vendor/github.com/moby/moby/client/container_attach.go
new file mode 100644
index 0000000000..ce84122d32
--- /dev/null
+++ b/vendor/github.com/moby/moby/client/container_attach.go
@@ -0,0 +1,86 @@
+package client
+
+import (
+	"context"
+	"net/http"
+	"net/url"
+)
+
+// ContainerAttachOptions holds parameters to attach to a container.
+type ContainerAttachOptions struct {
+	Stream     bool
+	Stdin      bool
+	Stdout     bool
+	Stderr     bool
+	DetachKeys string
+	Logs       bool
+}
+
+// ContainerAttachResult is the result from attaching to a container.
+type ContainerAttachResult struct {
+	HijackedResponse
+}
+
+// ContainerAttach attaches a connection to a container in the server.
+// It returns a [HijackedResponse] with the hijacked connection
+// and a reader to get output. It's up to the caller to close
+// the hijacked connection by calling [HijackedResponse.Close].
+//
+// The stream format on the response uses one of two formats:
+//
+//   - If the container is using a TTY, there is only a single stream (stdout)
+//     and data is copied directly from the container output stream, no extra
+//     multiplexing or headers.
+//   - If the container is *not* using a TTY, streams for stdout and stderr are
+//     multiplexed.
+//
+// The format of the multiplexed stream is defined in the [stdcopy] package,
+// and as follows:
+//
+//	[8]byte{STREAM_TYPE, 0, 0, 0, SIZE1, SIZE2, SIZE3, SIZE4}[]byte{OUTPUT}
+//
+// STREAM_TYPE can be 1 for [Stdout] and 2 for [Stderr]. Refer to [stdcopy.StdType]
+// for details. SIZE1, SIZE2, SIZE3, and SIZE4 are four bytes of uint32 encoded
+// as big endian, this is the size of OUTPUT. You can use [stdcopy.StdCopy]
+// to demultiplex this stream.
+//
+// [stdcopy]: https://pkg.go.dev/github.com/moby/moby/api/pkg/stdcopy
+// [stdcopy.StdCopy]: https://pkg.go.dev/github.com/moby/moby/api/pkg/stdcopy#StdCopy
+// [stdcopy.StdType]: https://pkg.go.dev/github.com/moby/moby/api/pkg/stdcopy#StdType
+// [Stdout]: https://pkg.go.dev/github.com/moby/moby/api/pkg/stdcopy#Stdout
+// [Stderr]: https://pkg.go.dev/github.com/moby/moby/api/pkg/stdcopy#Stderr
+func (cli *Client) ContainerAttach(ctx context.Context, containerID string, options ContainerAttachOptions) (ContainerAttachResult, error) {
+	containerID, err := trimID("container", containerID)
+	if err != nil {
+		return ContainerAttachResult{}, err
+	}
+
+	query := url.Values{}
+	if options.Stream {
+		query.Set("stream", "1")
+	}
+	if options.Stdin {
+		query.Set("stdin", "1")
+	}
+	if options.Stdout {
+		query.Set("stdout", "1")
+	}
+	if options.Stderr {
+		query.Set("stderr", "1")
+	}
+	if options.DetachKeys != "" {
+		query.Set("detachKeys", options.DetachKeys)
+	}
+	if options.Logs {
+		query.Set("logs", "1")
+	}
+
+	hijacked, err := cli.postHijacked(ctx, "/containers/"+containerID+"/attach", query, nil, http.Header{
+		"Content-Type": {"text/plain"},
+	})
+	if err != nil {
+		return ContainerAttachResult{}, err
+	}
+
+	return ContainerAttachResult{HijackedResponse: hijacked}, nil
+}
diff --git a/vendor/github.com/docker/docker/client/container_commit.go b/vendor/github.com/moby/moby/client/container_commit.go
similarity index 56%
rename from vendor/github.com/docker/docker/client/container_commit.go
rename to vendor/github.com/moby/moby/client/container_commit.go
index 2b5b9852fb..79da44a54f 100644
--- a/vendor/github.com/docker/docker/client/container_commit.go
+++ b/vendor/github.com/moby/moby/client/container_commit.go
@@ -7,25 +7,40 @@ import (
 	"net/url"
 
 	"github.com/distribution/reference"
-	"github.com/docker/docker/api/types/container"
+	"github.com/moby/moby/api/types/container"
 )
 
+// ContainerCommitOptions holds parameters to commit changes into a container.
+type ContainerCommitOptions struct {
+	Reference string
+	Comment   string
+	Author    string
+	Changes   []string
+	NoPause   bool // NoPause disables pausing the container during commit.
+	Config    *container.Config
+}
+
+// ContainerCommitResult is the result from committing a container.
+type ContainerCommitResult struct {
+	ID string
+}
+
 // ContainerCommit applies changes to a container and creates a new tagged image.
-func (cli *Client) ContainerCommit(ctx context.Context, containerID string, options container.CommitOptions) (container.CommitResponse, error) {
+func (cli *Client) ContainerCommit(ctx context.Context, containerID string, options ContainerCommitOptions) (ContainerCommitResult, error) {
 	containerID, err := trimID("container", containerID)
 	if err != nil {
-		return container.CommitResponse{}, err
+		return ContainerCommitResult{}, err
 	}
 
 	var repository, tag string
 	if options.Reference != "" {
 		ref, err := reference.ParseNormalizedNamed(options.Reference)
 		if err != nil {
-			return container.CommitResponse{}, err
+			return ContainerCommitResult{}, err
 		}
 
-		if _, isCanonical := ref.(reference.Canonical); isCanonical {
-			return container.CommitResponse{}, errors.New("refusing to create a tag with a digest reference")
+		if _, ok := ref.(reference.Digested); ok {
+			return ContainerCommitResult{}, errors.New("refusing to create a tag with a digest reference")
 		}
 		ref = reference.TagNameOnly(ref)
 
@@ -44,7 +59,7 @@ func (cli *Client) ContainerCommit(ctx context.Context, containerID string, opti
 	for _, change := range options.Changes {
 		query.Add("changes", change)
 	}
-	if !options.Pause {
+	if options.NoPause {
 		query.Set("pause", "0")
 	}
 
@@ -52,9 +67,9 @@ func (cli *Client) ContainerCommit(ctx context.Context, containerID string, opti
 	resp, err := cli.post(ctx, "/commit", query, options.Config, nil)
 	defer ensureReaderClosed(resp)
 	if err != nil {
-		return response, err
+		return ContainerCommitResult{}, err
 	}
 
 	err = json.NewDecoder(resp.Body).Decode(&response)
-	return response, err
+	return ContainerCommitResult{ID: response.ID}, err
 }
diff --git a/vendor/github.com/docker/docker/client/container_copy.go b/vendor/github.com/moby/moby/client/container_copy.go
similarity index 54%
rename from vendor/github.com/docker/docker/client/container_copy.go
rename to vendor/github.com/moby/moby/client/container_copy.go
index 7c4130dc7f..b37d1765f4 100644
--- a/vendor/github.com/docker/docker/client/container_copy.go
+++ b/vendor/github.com/moby/moby/client/container_copy.go
@@ -11,37 +11,63 @@ import (
 	"path/filepath"
 	"strings"
 
-	"github.com/docker/docker/api/types/container"
+	"github.com/moby/moby/api/types/container"
 )
 
+// ContainerStatPathOptions holds options for [Client.ContainerStatPath].
+type ContainerStatPathOptions struct {
+	Path string
+}
+
+// ContainerStatPathResult holds the result of [Client.ContainerStatPath].
+type ContainerStatPathResult struct {
+	Stat container.PathStat
+}
+
 // ContainerStatPath returns stat information about a path inside the container filesystem.
-func (cli *Client) ContainerStatPath(ctx context.Context, containerID, path string) (container.PathStat, error) {
+func (cli *Client) ContainerStatPath(ctx context.Context, containerID string, options ContainerStatPathOptions) (ContainerStatPathResult, error) {
 	containerID, err := trimID("container", containerID)
 	if err != nil {
-		return container.PathStat{}, err
+		return ContainerStatPathResult{}, err
 	}
 
 	query := url.Values{}
-	query.Set("path", filepath.ToSlash(path)) // Normalize the paths used in the API.
+	query.Set("path", filepath.ToSlash(options.Path)) // Normalize the paths used in the API.
 
 	resp, err := cli.head(ctx, "/containers/"+containerID+"/archive", query, nil)
 	defer ensureReaderClosed(resp)
 	if err != nil {
-		return container.PathStat{}, err
+		return ContainerStatPathResult{}, err
 	}
-	return getContainerPathStatFromHeader(resp.Header)
+	stat, err := getContainerPathStatFromHeader(resp.Header)
+	if err != nil {
+		return ContainerStatPathResult{}, err
+	}
+	return ContainerStatPathResult{Stat: stat}, nil
 }
 
+// CopyToContainerOptions holds information
+// about files to copy into a container
+type CopyToContainerOptions struct {
+	DestinationPath           string
+	Content                   io.Reader
+	AllowOverwriteDirWithFile bool
+	CopyUIDGID                bool
+}
+
+// CopyToContainerResult holds the result of [Client.CopyToContainer].
+type CopyToContainerResult struct{}
+
 // CopyToContainer copies content into the container filesystem.
 // Note that `content` must be a Reader for a TAR archive
-func (cli *Client) CopyToContainer(ctx context.Context, containerID, dstPath string, content io.Reader, options container.CopyToContainerOptions) error {
+func (cli *Client) CopyToContainer(ctx context.Context, containerID string, options CopyToContainerOptions) (CopyToContainerResult, error) {
 	containerID, err := trimID("container", containerID)
 	if err != nil {
-		return err
+		return CopyToContainerResult{}, err
 	}
 
 	query := url.Values{}
-	query.Set("path", filepath.ToSlash(dstPath)) // Normalize the paths used in the API.
+	query.Set("path", filepath.ToSlash(options.DestinationPath)) // Normalize the paths used in the API.
 	// Do not allow for an existing directory to be overwritten by a non-directory and vice versa.
 	if !options.AllowOverwriteDirWithFile {
 		query.Set("noOverwriteDirNonDir", "true")
@@ -51,29 +77,40 @@ func (cli *Client) CopyToContainer(ctx context.Context, containerID, dstPath str
 		query.Set("copyUIDGID", "true")
 	}
 
-	response, err := cli.putRaw(ctx, "/containers/"+containerID+"/archive", query, content, nil)
+	response, err := cli.putRaw(ctx, "/containers/"+containerID+"/archive", query, options.Content, nil)
 	defer ensureReaderClosed(response)
 	if err != nil {
-		return err
+		return CopyToContainerResult{}, err
 	}
 
-	return nil
+	return CopyToContainerResult{}, nil
+}
+
+// CopyFromContainerOptions holds options for [Client.CopyFromContainer].
+type CopyFromContainerOptions struct {
+	SourcePath string
+}
+
+// CopyFromContainerResult holds the result of [Client.CopyFromContainer].
+type CopyFromContainerResult struct {
+	Content io.ReadCloser
+	Stat    container.PathStat
 }
 
 // CopyFromContainer gets the content from the container and returns it as a Reader
 // for a TAR archive to manipulate it in the host. It's up to the caller to close the reader.
-func (cli *Client) CopyFromContainer(ctx context.Context, containerID, srcPath string) (io.ReadCloser, container.PathStat, error) {
+func (cli *Client) CopyFromContainer(ctx context.Context, containerID string, options CopyFromContainerOptions) (CopyFromContainerResult, error) {
 	containerID, err := trimID("container", containerID)
 	if err != nil {
-		return nil, container.PathStat{}, err
+		return CopyFromContainerResult{}, err
 	}
 
 	query := make(url.Values, 1)
-	query.Set("path", filepath.ToSlash(srcPath)) // Normalize the paths used in the API.
+	query.Set("path", filepath.ToSlash(options.SourcePath)) // Normalize the paths used in the API.
 
 	resp, err := cli.get(ctx, "/containers/"+containerID+"/archive", query, nil)
 	if err != nil {
-		return nil, container.PathStat{}, err
+		return CopyFromContainerResult{}, err
 	}
 
 	// In order to get the copy behavior right, we need to know information
@@ -84,9 +121,10 @@ func (cli *Client) CopyFromContainer(ctx context.Context, containerID, srcPath s
 	// can be when copying a file/dir from one location to another file/dir.
 	stat, err := getContainerPathStatFromHeader(resp.Header)
 	if err != nil {
-		return nil, stat, fmt.Errorf("unable to get resource stat from response: %s", err)
+		ensureReaderClosed(resp)
+		return CopyFromContainerResult{Stat: stat}, fmt.Errorf("unable to get resource stat from response: %s", err)
 	}
-	return resp.Body, stat, err
+	return CopyFromContainerResult{Content: resp.Body, Stat: stat}, nil
 }
 
 func getContainerPathStatFromHeader(header http.Header) (container.PathStat, error) {
diff --git a/vendor/github.com/moby/moby/client/container_create.go b/vendor/github.com/moby/moby/client/container_create.go
new file mode 100644
index 0000000000..d941a37207
--- /dev/null
+++ b/vendor/github.com/moby/moby/client/container_create.go
@@ -0,0 +1,125 @@
+package client
+
+import (
+	"context"
+	"encoding/json"
+	"net/url"
+	"path"
+	"sort"
+	"strings"
+
+	cerrdefs "github.com/containerd/errdefs"
+	"github.com/moby/moby/api/types/container"
+	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
+)
+
+// ContainerCreate creates a new container based on the given configuration.
+// It can be associated with a name, but it's not mandatory.
+func (cli *Client) ContainerCreate(ctx context.Context, options ContainerCreateOptions) (ContainerCreateResult, error) {
+	cfg := options.Config
+
+	if cfg == nil {
+		cfg = &container.Config{}
+	}
+
+	if options.Image != "" {
+		if cfg.Image != "" {
+			return ContainerCreateResult{}, cerrdefs.ErrInvalidArgument.WithMessage("either Image or config.Image should be set")
+		}
+		newCfg := *cfg
+		newCfg.Image = options.Image
+		cfg = &newCfg
+	}
+
+	if cfg.Image == "" {
+		return ContainerCreateResult{}, cerrdefs.ErrInvalidArgument.WithMessage("config.Image or Image is required")
+	}
+
+	var response container.CreateResponse
+
+	if options.HostConfig != nil {
+		options.HostConfig.CapAdd = normalizeCapabilities(options.HostConfig.CapAdd)
+		options.HostConfig.CapDrop = normalizeCapabilities(options.HostConfig.CapDrop)
+	}
+
+	query := url.Values{}
+	if options.Platform != nil {
+		if p := formatPlatform(*options.Platform); p != "unknown" {
+			query.Set("platform", p)
+		}
+	}
+
+	if options.Name != "" {
+		query.Set("name", options.Name)
+	}
+
+	body := container.CreateRequest{
+		Config:           cfg,
+		HostConfig:       options.HostConfig,
+		NetworkingConfig: options.NetworkingConfig,
+	}
+
+	resp, err := cli.post(ctx, "/containers/create", query, body, nil)
+	defer ensureReaderClosed(resp)
+	if err != nil {
+		return ContainerCreateResult{}, err
+	}
+
+	err = json.NewDecoder(resp.Body).Decode(&response)
+	return ContainerCreateResult{ID: response.ID, Warnings: response.Warnings}, err
+}
+
+// formatPlatform returns a formatted string representing platform (e.g., "linux/arm/v7").
+//
+// It is a fork of [platforms.Format], and does not yet support "os.version",
+// as [platforms.FormatAll] does.
+//
+// [platforms.Format]: https://github.com/containerd/platforms/blob/v1.0.0-rc.1/platforms.go#L309-L316
+// [platforms.FormatAll]: https://github.com/containerd/platforms/blob/v1.0.0-rc.1/platforms.go#L318-L330
+func formatPlatform(platform ocispec.Platform) string {
+	if platform.OS == "" {
+		return "unknown"
+	}
+	return path.Join(platform.OS, platform.Architecture, platform.Variant)
+}
+
+// allCapabilities is a magic value for "all capabilities"
+const allCapabilities = "ALL"
+
+// normalizeCapabilities normalizes capabilities to their canonical form,
+// removes duplicates, and sorts the results.
+//
+// It is similar to [caps.NormalizeLegacyCapabilities],
+// but performs no validation based on supported capabilities.
+//
+// [caps.NormalizeLegacyCapabilities]: https://github.com/moby/moby/blob/v28.3.2/oci/caps/utils.go#L56
+func normalizeCapabilities(caps []string) []string {
+	var normalized []string
+
+	unique := make(map[string]struct{})
+	for _, c := range caps {
+		c = normalizeCap(c)
+		if _, ok := unique[c]; ok {
+			continue
+		}
+		unique[c] = struct{}{}
+		normalized = append(normalized, c)
+	}
+
+	sort.Strings(normalized)
+	return normalized
+}
+
+// normalizeCap normalizes a capability to its canonical format by upper-casing
+// and adding a "CAP_" prefix (if not yet present). It also accepts the "ALL"
+// magic-value.
+func normalizeCap(capability string) string {
+	capability = strings.ToUpper(capability)
+	if capability == allCapabilities {
+		return capability
+	}
+	if !strings.HasPrefix(capability, "CAP_") {
+		capability = "CAP_" + capability
+	}
+	return capability
+}
diff --git a/vendor/github.com/moby/moby/client/container_create_opts.go b/vendor/github.com/moby/moby/client/container_create_opts.go
new file mode 100644
index 0000000000..8580e20d3a
--- /dev/null
+++ b/vendor/github.com/moby/moby/client/container_create_opts.go
@@ -0,0 +1,25 @@
+package client
+
+import (
+	"github.com/moby/moby/api/types/container"
+	"github.com/moby/moby/api/types/network"
+	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
+)
+
+// ContainerCreateOptions holds parameters to create a container.
+type ContainerCreateOptions struct {
+	Config           *container.Config
+	HostConfig       *container.HostConfig
+	NetworkingConfig *network.NetworkingConfig
+	Platform         *ocispec.Platform
+	Name             string
+
+	// Image is a shortcut for Config.Image - only one of Image or Config.Image should be set.
+	Image string
+}
+
+// ContainerCreateResult is the result from creating a container.
+type ContainerCreateResult struct {
+	ID       string
+	Warnings []string
+}
diff --git a/vendor/github.com/docker/docker/client/container_diff.go b/vendor/github.com/moby/moby/client/container_diff.go
similarity index 66%
rename from vendor/github.com/docker/docker/client/container_diff.go
rename to vendor/github.com/moby/moby/client/container_diff.go
index 3848e3117e..ec904337e0 100644
--- a/vendor/github.com/docker/docker/client/container_diff.go
+++ b/vendor/github.com/moby/moby/client/container_diff.go
@@ -5,26 +5,26 @@ import (
 	"encoding/json"
 	"net/url"
 
-	"github.com/docker/docker/api/types/container"
+	"github.com/moby/moby/api/types/container"
 )
 
 // ContainerDiff shows differences in a container filesystem since it was started.
-func (cli *Client) ContainerDiff(ctx context.Context, containerID string) ([]container.FilesystemChange, error) {
+func (cli *Client) ContainerDiff(ctx context.Context, containerID string, options ContainerDiffOptions) (ContainerDiffResult, error) {
 	containerID, err := trimID("container", containerID)
 	if err != nil {
-		return nil, err
+		return ContainerDiffResult{}, err
 	}
 
 	resp, err := cli.get(ctx, "/containers/"+containerID+"/changes", url.Values{}, nil)
 	defer ensureReaderClosed(resp)
 	if err != nil {
-		return nil, err
+		return ContainerDiffResult{}, err
 	}
 
 	var changes []container.FilesystemChange
 	err = json.NewDecoder(resp.Body).Decode(&changes)
 	if err != nil {
-		return nil, err
+		return ContainerDiffResult{}, err
 	}
-	return changes, err
+	return ContainerDiffResult{Changes: changes}, err
 }
diff --git a/vendor/github.com/moby/moby/client/container_diff_opts.go b/vendor/github.com/moby/moby/client/container_diff_opts.go
new file mode 100644
index 0000000000..5e3c37ab4e
--- /dev/null
+++ b/vendor/github.com/moby/moby/client/container_diff_opts.go
@@ -0,0 +1,13 @@
+package client
+
+import "github.com/moby/moby/api/types/container"
+
+// ContainerDiffOptions holds parameters to show differences in a container filesystem.
+type ContainerDiffOptions struct {
+	// Currently no options, but this allows for future extensibility
+}
+
+// ContainerDiffResult is the result from showing differences in a container filesystem.
+type ContainerDiffResult struct {
+	Changes []container.FilesystemChange
+}
diff --git a/vendor/github.com/moby/moby/client/container_exec.go b/vendor/github.com/moby/moby/client/container_exec.go
new file mode 100644
index 0000000000..30ed00ea52
--- /dev/null
+++ b/vendor/github.com/moby/moby/client/container_exec.go
@@ -0,0 +1,203 @@
+package client
+
+import (
+	"context"
+	"encoding/json"
+	"net/http"
+
+	cerrdefs "github.com/containerd/errdefs"
+	"github.com/moby/moby/api/types/container"
+)
+
+// ExecCreateOptions is a small subset of the Config struct that holds the configuration
+// for the exec feature of docker.
+type ExecCreateOptions struct {
+	User         string      // User that will run the command
+	Privileged   bool        // Is the container in privileged mode
+	TTY          bool        // Attach standard streams to a tty.
+	ConsoleSize  ConsoleSize // Initial terminal size [height, width], unused if TTY == false
+	AttachStdin  bool        // Attach the standard input, makes possible user interaction
+	AttachStderr bool        // Attach the standard error
+	AttachStdout bool        // Attach the standard output
+	DetachKeys   string      // Escape keys for detach
+	Env          []string    // Environment variables
+	WorkingDir   string      // Working directory
+	Cmd          []string    // Execution commands and args
+}
+
+// ExecCreateResult holds the result of creating a container exec.
+type ExecCreateResult struct {
+	ID string
+}
+
+// ExecCreate creates a new exec configuration to run an exec process.
+func (cli *Client) ExecCreate(ctx context.Context, containerID string, options ExecCreateOptions) (ExecCreateResult, error) {
+	containerID, err := trimID("container", containerID)
+	if err != nil {
+		return ExecCreateResult{}, err
+	}
+
+	consoleSize, err := getConsoleSize(options.TTY, options.ConsoleSize)
+	if err != nil {
+		return ExecCreateResult{}, err
+	}
+
+	req := container.ExecCreateRequest{
+		User:         options.User,
+		Privileged:   options.Privileged,
+		Tty:          options.TTY,
+		ConsoleSize:  consoleSize,
+		AttachStdin:  options.AttachStdin,
+		AttachStderr: options.AttachStderr,
+		AttachStdout: options.AttachStdout,
+		DetachKeys:   options.DetachKeys,
+		Env:          options.Env,
+		WorkingDir:   options.WorkingDir,
+		Cmd:          options.Cmd,
+	}
+
+	resp, err := cli.post(ctx, "/containers/"+containerID+"/exec", nil, req, nil)
+	defer ensureReaderClosed(resp)
+	if err != nil {
+		return ExecCreateResult{}, err
+	}
+
+	var response container.ExecCreateResponse
+	err = json.NewDecoder(resp.Body).Decode(&response)
+	return ExecCreateResult{ID: response.ID}, err
+}
+
+type ConsoleSize struct {
+	Height, Width uint
+}
+
+// ExecStartOptions holds options for starting a container exec.
+type ExecStartOptions struct {
+	// ExecStart will first check if it's detached
+	Detach bool
+	// Check if there's a tty
+	TTY bool
+	// Terminal size [height, width], unused if TTY == false
+	ConsoleSize ConsoleSize
+}
+
+// ExecStartResult holds the result of starting a container exec.
+type ExecStartResult struct{}
+
+// ExecStart starts an exec process already created in the docker host.
+func (cli *Client) ExecStart(ctx context.Context, execID string, options ExecStartOptions) (ExecStartResult, error) {
+	consoleSize, err := getConsoleSize(options.TTY, options.ConsoleSize)
+	if err != nil {
+		return ExecStartResult{}, err
+	}
+
+	req := container.ExecStartRequest{
+		Detach:      options.Detach,
+		Tty:         options.TTY,
+		ConsoleSize: consoleSize,
+	}
+	resp, err := cli.post(ctx, "/exec/"+execID+"/start", nil, req, nil)
+	defer ensureReaderClosed(resp)
+	return ExecStartResult{}, err
+}
+
+// ExecAttachOptions holds options for attaching to a container exec.
+type ExecAttachOptions struct {
+	// Check if there's a tty
+	TTY bool
+	// Terminal size [height, width], unused if TTY == false
+	ConsoleSize ConsoleSize `json:",omitzero"`
+}
+
+// ExecAttachResult holds the result of attaching to a container exec.
+type ExecAttachResult struct {
+	HijackedResponse
+}
+
+// ExecAttach attaches a connection to an exec process in the server.
+//
+// It returns a [HijackedResponse] with the hijacked connection
+// and a reader to get output. It's up to the caller to close
+// the hijacked connection by calling [HijackedResponse.Close].
+//
+// The stream format on the response uses one of two formats:
+//
+//   - If the container is using a TTY, there is only a single stream (stdout)
+//     and data is copied directly from the container output stream, no extra
+//     multiplexing or headers.
+//   - If the container is *not* using a TTY, streams for stdout and stderr are
+//     multiplexed.
+//
+// You can use [stdcopy.StdCopy] to demultiplex this stream. Refer to
+// [Client.ContainerAttach] for details about the multiplexed stream.
+//
+// [stdcopy.StdCopy]: https://pkg.go.dev/github.com/moby/moby/api/pkg/stdcopy#StdCopy
+func (cli *Client) ExecAttach(ctx context.Context, execID string, options ExecAttachOptions) (ExecAttachResult, error) {
+	consoleSize, err := getConsoleSize(options.TTY, options.ConsoleSize)
+	if err != nil {
+		return ExecAttachResult{}, err
+	}
+	req := container.ExecStartRequest{
+		Detach:      false,
+		Tty:         options.TTY,
+		ConsoleSize: consoleSize,
+	}
+	response, err := cli.postHijacked(ctx, "/exec/"+execID+"/start", nil, req, http.Header{
+		"Content-Type": {"application/json"},
+	})
+	return ExecAttachResult{HijackedResponse: response}, err
+}
+
+func getConsoleSize(hasTTY bool, consoleSize ConsoleSize) (*[2]uint, error) {
+	if consoleSize.Height != 0 || consoleSize.Width != 0 {
+		if !hasTTY {
+			return nil, cerrdefs.ErrInvalidArgument.WithMessage("console size is only supported when TTY is enabled")
+		}
+		return &[2]uint{consoleSize.Height, consoleSize.Width}, nil
+	}
+	return nil, nil
+}
+
+// ExecInspectOptions holds options for inspecting a container exec.
+type ExecInspectOptions struct{}
+
+// ExecInspectResult holds the result of inspecting a container exec.
+//
+// It provides a subset of the information included in [container.ExecInspectResponse].
+//
+// TODO(thaJeztah): include all fields of [container.ExecInspectResponse] ?
+type ExecInspectResult struct {
+	ID          string
+	ContainerID string
+	Running     bool
+	ExitCode    int
+	PID         int
+}
+
+// ExecInspect returns information about a specific exec process on the docker host.
+func (cli *Client) ExecInspect(ctx context.Context, execID string, options ExecInspectOptions) (ExecInspectResult, error) {
+	resp, err := cli.get(ctx, "/exec/"+execID+"/json", nil, nil)
+	defer ensureReaderClosed(resp)
+	if err != nil {
+		return ExecInspectResult{}, err
+	}
+
+	var response container.ExecInspectResponse
+	err = json.NewDecoder(resp.Body).Decode(&response)
+	if err != nil {
+		return ExecInspectResult{}, err
+	}
+
+	var ec int
+	if response.ExitCode != nil {
+		ec = *response.ExitCode
+	}
+
+	return ExecInspectResult{
+		ID:          response.ID,
+		ContainerID: response.ContainerID,
+		Running:     response.Running,
+		ExitCode:    ec,
+		PID:         response.Pid,
+	}, nil
+}
diff --git a/vendor/github.com/moby/moby/client/container_export.go b/vendor/github.com/moby/moby/client/container_export.go
new file mode 100644
index 0000000000..2d33efb7d8
--- /dev/null
+++ b/vendor/github.com/moby/moby/client/container_export.go
@@ -0,0 +1,47 @@
+package client
+
+import (
+	"context"
+	"io"
+	"net/url"
+)
+
+// ContainerExportOptions specifies options for container export operations.
+type ContainerExportOptions struct {
+	// Currently no options are defined for ContainerExport
+}
+
+// ContainerExportResult represents the result of a container export operation.
+type ContainerExportResult interface {
+	io.ReadCloser
+}
+
+// ContainerExport retrieves the raw contents of a container
+// and returns them as an [io.ReadCloser]. It's up to the caller
+// to close the stream.
+//
+// The underlying [io.ReadCloser] is automatically closed if the context is canceled,
+func (cli *Client) ContainerExport(ctx context.Context, containerID string, options ContainerExportOptions) (ContainerExportResult, error) {
+	containerID, err := trimID("container", containerID)
+	if err != nil {
+		return nil, err
+	}
+
+	resp, err := cli.get(ctx, "/containers/"+containerID+"/export", url.Values{}, nil)
+	if err != nil {
+		return nil, err
+	}
+
+	return &containerExportResult{
+		ReadCloser: newCancelReadCloser(ctx, resp.Body),
+	}, nil
+}
+
+type containerExportResult struct {
+	io.ReadCloser
+}
+
+var (
+	_ io.ReadCloser         = (*containerExportResult)(nil)
+	_ ContainerExportResult = (*containerExportResult)(nil)
+)
diff --git a/vendor/github.com/moby/moby/client/container_inspect.go b/vendor/github.com/moby/moby/client/container_inspect.go
new file mode 100644
index 0000000000..4f12c46577
--- /dev/null
+++ b/vendor/github.com/moby/moby/client/container_inspect.go
@@ -0,0 +1,47 @@
+package client
+
+import (
+	"context"
+	"encoding/json"
+	"net/url"
+
+	"github.com/moby/moby/api/types/container"
+)
+
+// ContainerInspectOptions holds options for inspecting a container using
+// the [Client.ConfigInspect] method.
+type ContainerInspectOptions struct {
+	// Size controls whether the container's filesystem size should be calculated.
+	// When set, the [container.InspectResponse.SizeRw] and [container.InspectResponse.SizeRootFs]
+	// fields in [ContainerInspectResult.Container] are populated with the result.
+	//
+	// Calculating the size can be a costly operation, and should not be used
+	// unless needed.
+	Size bool
+}
+
+// ContainerInspectResult holds the result from the [Client.ConfigInspect] method.
+type ContainerInspectResult struct {
+	Container container.InspectResponse
+	Raw       json.RawMessage
+}
+
+// ContainerInspect returns the container information.
+func (cli *Client) ContainerInspect(ctx context.Context, containerID string, options ContainerInspectOptions) (ContainerInspectResult, error) {
+	containerID, err := trimID("container", containerID)
+	if err != nil {
+		return ContainerInspectResult{}, err
+	}
+
+	query := url.Values{}
+	if options.Size {
+		query.Set("size", "1")
+	}
+	resp, err := cli.get(ctx, "/containers/"+containerID+"/json", query, nil)
+	if err != nil {
+		return ContainerInspectResult{}, err
+	}
+	var out ContainerInspectResult
+	out.Raw, err = decodeWithRaw(resp, &out.Container)
+	return out, err
+}
diff --git a/vendor/github.com/moby/moby/client/container_kill.go b/vendor/github.com/moby/moby/client/container_kill.go
new file mode 100644
index 0000000000..ae7a4ebd8b
--- /dev/null
+++ b/vendor/github.com/moby/moby/client/container_kill.go
@@ -0,0 +1,39 @@
+package client
+
+import (
+	"context"
+	"net/url"
+)
+
+// ContainerKillOptions holds options for [Client.ContainerKill].
+type ContainerKillOptions struct {
+	// Signal (optional) is the signal to send to the container to (gracefully)
+	// stop it before forcibly terminating the container with SIGKILL after a
+	// timeout. If no value is set, the default (SIGKILL) is used.
+	Signal string `json:",omitempty"`
+}
+
+// ContainerKillResult holds the result of [Client.ContainerKill],
+type ContainerKillResult struct {
+	// Add future fields here.
+}
+
+// ContainerKill terminates the container process but does not remove the container from the docker host.
+func (cli *Client) ContainerKill(ctx context.Context, containerID string, options ContainerKillOptions) (ContainerKillResult, error) {
+	containerID, err := trimID("container", containerID)
+	if err != nil {
+		return ContainerKillResult{}, err
+	}
+
+	query := url.Values{}
+	if options.Signal != "" {
+		query.Set("signal", options.Signal)
+	}
+
+	resp, err := cli.post(ctx, "/containers/"+containerID+"/kill", query, nil, nil)
+	defer ensureReaderClosed(resp)
+	if err != nil {
+		return ContainerKillResult{}, err
+	}
+	return ContainerKillResult{}, nil
+}
diff --git a/vendor/github.com/moby/moby/client/container_list.go b/vendor/github.com/moby/moby/client/container_list.go
new file mode 100644
index 0000000000..d9334c544e
--- /dev/null
+++ b/vendor/github.com/moby/moby/client/container_list.go
@@ -0,0 +1,66 @@
+package client
+
+import (
+	"context"
+	"encoding/json"
+	"net/url"
+	"strconv"
+
+	"github.com/moby/moby/api/types/container"
+)
+
+// ContainerListOptions holds parameters to list containers with.
+type ContainerListOptions struct {
+	Size    bool
+	All     bool
+	Limit   int
+	Filters Filters
+
+	// Latest is non-functional and should not be used. Use Limit: 1 instead.
+	//
+	// Deprecated: the Latest option is non-functional and should not be used. Use Limit: 1 instead.
+	Latest bool
+
+	// Since is no longer supported. Use the "since" filter instead.
+	//
+	// Deprecated: the Since option is no longer supported since docker 1.12 (API 1.24). Use the "since" filter instead.
+	Since string
+
+	// Before is no longer supported. Use the "since" filter instead.
+	//
+	// Deprecated: the Before option is no longer supported since docker 1.12 (API 1.24). Use the "before" filter instead.
+	Before string
+}
+
+type ContainerListResult struct {
+	Items []container.Summary
+}
+
+// ContainerList returns the list of containers in the docker host.
+func (cli *Client) ContainerList(ctx context.Context, options ContainerListOptions) (ContainerListResult, error) {
+	query := url.Values{}
+
+	if options.All {
+		query.Set("all", "1")
+	}
+
+	if options.Limit > 0 {
+		query.Set("limit", strconv.Itoa(options.Limit))
+	}
+
+	if options.Size {
+		query.Set("size", "1")
+	}
+
+	options.Filters.updateURLValues(query)
+
+	resp, err := cli.get(ctx, "/containers/json", query, nil)
+	defer ensureReaderClosed(resp)
+	if err != nil {
+		return ContainerListResult{}, err
+	}
+
+	var containers []container.Summary
+	err = json.NewDecoder(resp.Body).Decode(&containers)
+	return ContainerListResult{Items: containers}, err
+}
diff --git a/vendor/github.com/moby/moby/client/container_logs.go b/vendor/github.com/moby/moby/client/container_logs.go
new file mode 100644
index 0000000000..b26a3568ab
--- /dev/null
+++ b/vendor/github.com/moby/moby/client/container_logs.go
@@ -0,0 +1,134 @@
+package client
+
+import (
+	"context"
+	"fmt"
+	"io"
+	"net/url"
+	"time"
+
+	"github.com/moby/moby/client/internal/timestamp"
+)
+
+// ContainerLogsOptions holds parameters to filter logs with.
+type ContainerLogsOptions struct {
+	ShowStdout bool
+	ShowStderr bool
+	Since      string
+	Until      string
+	Timestamps bool
+	Follow     bool
+	Tail       string
+	Details    bool
+}
+
+// ContainerLogsResult is the result of a container logs operation.
+type ContainerLogsResult interface {
+	io.ReadCloser
+}
+
+// ContainerLogs returns the logs generated by a container in an [io.ReadCloser].
+// It's up to the caller to close the stream.
+//
+// The underlying [io.ReadCloser] is automatically closed if the context is canceled,
+//
+// The stream format on the response uses one of two formats:
+//
+//   - If the container is using a TTY, there is only a single stream (stdout)
+//     and data is copied directly from the container output stream, no extra
+//     multiplexing or headers.
+//   - If the container is *not* using a TTY, streams for stdout and stderr are
+//     multiplexed.
+//
+// The format of the multiplexed stream is defined in the [stdcopy] package,
+// and as follows:
+//
+//	[8]byte{STREAM_TYPE, 0, 0, 0, SIZE1, SIZE2, SIZE3, SIZE4}[]byte{OUTPUT}
+//
+// STREAM_TYPE can be 1 for [Stdout] and 2 for [Stderr]. Refer to [stdcopy.StdType]
+// for details. SIZE1, SIZE2, SIZE3, and SIZE4 are four bytes of uint32 encoded
+// as big endian, this is the size of OUTPUT. You can use [stdcopy.StdCopy]
+// to demultiplex this stream.
+//
+// [stdcopy]: https://pkg.go.dev/github.com/moby/moby/api/pkg/stdcopy
+// [stdcopy.StdCopy]: https://pkg.go.dev/github.com/moby/moby/api/pkg/stdcopy#StdCopy
+// [stdcopy.StdType]: https://pkg.go.dev/github.com/moby/moby/api/pkg/stdcopy#StdType
+// [Stdout]: https://pkg.go.dev/github.com/moby/moby/api/pkg/stdcopy#Stdout
+// [Stderr]: https://pkg.go.dev/github.com/moby/moby/api/pkg/stdcopy#Stderr
+func (cli *Client) ContainerLogs(ctx context.Context, containerID string, options ContainerLogsOptions) (ContainerLogsResult, error) {
+	containerID, err := trimID("container", containerID)
+	if err != nil {
+		return nil, err
+	}
+
+	query := url.Values{}
+	if options.ShowStdout {
+		query.Set("stdout", "1")
+	}
+
+	if options.ShowStderr {
+		query.Set("stderr", "1")
+	}
+
+	if options.Since != "" {
+		ts, err := timestamp.GetTimestamp(options.Since, time.Now())
+		if err != nil {
+			return nil, fmt.Errorf(`invalid value for "since": %w`, err)
+		}
+		query.Set("since", ts)
+	}
+
+	if options.Until != "" {
+		ts, err := timestamp.GetTimestamp(options.Until, time.Now())
+		if err != nil {
+			return nil, fmt.Errorf(`invalid value for "until": %w`, err)
+		}
+		query.Set("until", ts)
+	}
+
+	if options.Timestamps {
+		query.Set("timestamps", "1")
+	}
+
+	if options.Details {
+		query.Set("details", "1")
+	}
+
+	if options.Follow {
+		query.Set("follow", "1")
+	}
+
+	switch options.Tail {
+	case "", "all":
+		// don't send option; default is to show all logs.
+		//
+		// The default on the daemon-side is to show all logs; account for
+		// some special values. The CLI may set a magic "all" value that's
+		// used as default.
+		//
+		// Given that the default is to show all logs, we can ignore these
+		// values, and don't send "tail".
+		//
+		// see https://github.com/moby/moby/blob/0df791cb72b568eeadba2267fe9a5040d12b0487/daemon/logs.go#L75-L78
+		// see https://github.com/moby/moby/blob/4d20b6fe56dfb2b06f4a5dd1f32913215a9c317b/daemon/cluster/services.go#L425-L449
+	default:
+		query.Set("tail", options.Tail)
+	}
+
+	resp, err := cli.get(ctx, "/containers/"+containerID+"/logs", query, nil)
+	if err != nil {
+		return nil, err
+	}
+	return &containerLogsResult{
+		ReadCloser: newCancelReadCloser(ctx, resp.Body),
+	}, nil
+}
+
+type containerLogsResult struct {
+	io.ReadCloser
+}
+
+var (
+	_ io.ReadCloser       = (*containerLogsResult)(nil)
+	_ ContainerLogsResult = (*containerLogsResult)(nil)
+)
diff --git a/vendor/github.com/moby/moby/client/container_pause.go b/vendor/github.com/moby/moby/client/container_pause.go
new file mode 100644
index 0000000000..07669c8970
--- /dev/null
+++ b/vendor/github.com/moby/moby/client/container_pause.go
@@ -0,0 +1,28 @@
+package client
+
+import "context"
+
+// ContainerPauseOptions holds options for [Client.ContainerPause].
+type ContainerPauseOptions struct {
+	// Add future optional parameters here.
+}
+
+// ContainerPauseResult holds the result of [Client.ContainerPause],
+type ContainerPauseResult struct {
+	// Add future fields here.
+}
+
+// ContainerPause pauses the main process of a given container without terminating it.
+func (cli *Client) ContainerPause(ctx context.Context, containerID string, options ContainerPauseOptions) (ContainerPauseResult, error) {
+	containerID, err := trimID("container", containerID)
+	if err != nil {
+		return ContainerPauseResult{}, err
+	}
+
+	resp, err := cli.post(ctx, "/containers/"+containerID+"/pause", nil, nil, nil)
+	defer ensureReaderClosed(resp)
+	if err != nil {
+		return ContainerPauseResult{}, err
+	}
+	return ContainerPauseResult{}, nil
+}
diff --git a/vendor/github.com/moby/moby/client/container_prune.go b/vendor/github.com/moby/moby/client/container_prune.go
new file mode 100644
index 0000000000..f826f8b6fb
--- /dev/null
+++ b/vendor/github.com/moby/moby/client/container_prune.go
@@ -0,0 +1,39 @@
+package client
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"net/url"
+
+	"github.com/moby/moby/api/types/container"
+)
+
+// ContainerPruneOptions holds parameters to prune containers.
+type ContainerPruneOptions struct {
+	Filters Filters
+}
+
+// ContainerPruneResult holds the result from the [Client.ContainerPrune] method.
+type ContainerPruneResult struct {
+	Report container.PruneReport
+}
+
+// ContainerPrune requests the daemon to delete unused data
+func (cli *Client) ContainerPrune(ctx context.Context, opts ContainerPruneOptions) (ContainerPruneResult, error) {
+	query := url.Values{}
+	opts.Filters.updateURLValues(query)
+
+	resp, err := cli.post(ctx, "/containers/prune", query, nil, nil)
+	defer ensureReaderClosed(resp)
+	if err != nil {
+		return ContainerPruneResult{}, err
+	}
+
+	var report container.PruneReport
+	if err := json.NewDecoder(resp.Body).Decode(&report); err != nil {
+		return ContainerPruneResult{}, fmt.Errorf("Error retrieving disk usage: %v", err)
+	}
+
+	return ContainerPruneResult{Report: report}, nil
+}
diff --git a/vendor/github.com/docker/docker/client/container_remove.go b/vendor/github.com/moby/moby/client/container_remove.go
similarity index 51%
rename from vendor/github.com/docker/docker/client/container_remove.go
rename to vendor/github.com/moby/moby/client/container_remove.go
index b1a2ce6b83..0fbfa05fa1 100644
--- a/vendor/github.com/docker/docker/client/container_remove.go
+++ b/vendor/github.com/moby/moby/client/container_remove.go
@@ -3,15 +3,25 @@ package client
 import (
 	"context"
 	"net/url"
-
-	"github.com/docker/docker/api/types/container"
 )
 
+// ContainerRemoveOptions holds parameters to remove containers.
+type ContainerRemoveOptions struct {
+	RemoveVolumes bool
+	RemoveLinks   bool
+	Force         bool
+}
+
+// ContainerRemoveResult holds the result of [Client.ContainerRemove],
+type ContainerRemoveResult struct {
+	// Add future fields here.
+}
+
 // ContainerRemove kills and removes a container from the docker host.
-func (cli *Client) ContainerRemove(ctx context.Context, containerID string, options container.RemoveOptions) error {
+func (cli *Client) ContainerRemove(ctx context.Context, containerID string, options ContainerRemoveOptions) (ContainerRemoveResult, error) {
 	containerID, err := trimID("container", containerID)
 	if err != nil {
-		return err
+		return ContainerRemoveResult{}, err
 	}
 
 	query := url.Values{}
@@ -28,5 +38,8 @@ func (cli *Client) ContainerRemove(ctx context.Context, containerID string, opti
 
 	resp, err := cli.delete(ctx, "/containers/"+containerID, query, nil)
 	defer ensureReaderClosed(resp)
-	return err
+	if err != nil {
+		return ContainerRemoveResult{}, err
+	}
+	return ContainerRemoveResult{}, nil
 }
diff --git a/vendor/github.com/moby/moby/client/container_rename.go b/vendor/github.com/moby/moby/client/container_rename.go
new file mode 100644
index 0000000000..4fd28a4986
--- /dev/null
+++ b/vendor/github.com/moby/moby/client/container_rename.go
@@ -0,0 +1,39 @@
+package client
+
+import (
+	"context"
+	"net/url"
+	"strings"
+
+	cerrdefs "github.com/containerd/errdefs"
+)
+
+// ContainerRenameOptions represents the options for renaming a container.
+type ContainerRenameOptions struct {
+	NewName string
+}
+
+// ContainerRenameResult represents the result of a container rename operation.
+type ContainerRenameResult struct {
+	// This struct can be expanded in the future if needed
+}
+
+// ContainerRename changes the name of a given container.
+func (cli *Client) ContainerRename(ctx context.Context, containerID string, options ContainerRenameOptions) (ContainerRenameResult, error) {
+	containerID, err := trimID("container", containerID)
+	if err != nil {
+		return ContainerRenameResult{}, err
+	}
+	options.NewName = strings.TrimSpace(options.NewName)
+	if options.NewName == "" || strings.TrimPrefix(options.NewName, "/") == "" {
+		// daemons before v29.0 did not handle the canonical name ("/") well
+		// let's be nice and validate it here before sending
+		return ContainerRenameResult{}, cerrdefs.ErrInvalidArgument.WithMessage("new name cannot be blank")
+	}
+
+	query := url.Values{}
+	query.Set("name", options.NewName)
+	resp, err := cli.post(ctx, "/containers/"+containerID+"/rename", query, nil, nil)
+	defer ensureReaderClosed(resp)
+	return ContainerRenameResult{}, err
+}
diff --git a/vendor/github.com/moby/moby/client/container_resize.go b/vendor/github.com/moby/moby/client/container_resize.go
new file mode 100644
index 0000000000..8ce26fb585
--- /dev/null
+++ b/vendor/github.com/moby/moby/client/container_resize.go
@@ -0,0 +1,64 @@
+package client
+
+import (
+	"context"
+	"net/url"
+	"strconv"
+)
+
+// ContainerResizeOptions holds parameters to resize a TTY.
+// It can be used to resize container TTYs and
+// exec process TTYs too.
+type ContainerResizeOptions struct {
+	Height uint
+	Width  uint
+}
+
+// ContainerResizeResult holds the result of [Client.ContainerResize],
+type ContainerResizeResult struct {
+	// Add future fields here.
+}
+
+// ContainerResize changes the size of the pseudo-TTY for a container.
+func (cli *Client) ContainerResize(ctx context.Context, containerID string, options ContainerResizeOptions) (ContainerResizeResult, error) {
+	containerID, err := trimID("container", containerID)
+	if err != nil {
+		return ContainerResizeResult{}, err
+	}
+	// FIXME(thaJeztah): the API / backend accepts uint32, but container.ResizeOptions uses uint.
+	query := url.Values{}
+	query.Set("h", strconv.FormatUint(uint64(options.Height), 10))
+	query.Set("w", strconv.FormatUint(uint64(options.Width), 10))
+
+	resp, err := cli.post(ctx, "/containers/"+containerID+"/resize", query, nil, nil)
+	defer ensureReaderClosed(resp)
+	if err != nil {
+		return ContainerResizeResult{}, err
+	}
+	return ContainerResizeResult{}, nil
+}
+
+// ExecResizeOptions holds options for resizing a container exec TTY.
+type ExecResizeOptions ContainerResizeOptions
+
+// ExecResizeResult holds the result of resizing a container exec TTY.
+type ExecResizeResult struct{}
+
+// ExecResize changes the size of the tty for an exec process running inside a container.
+func (cli *Client) ExecResize(ctx context.Context, execID string, options ExecResizeOptions) (ExecResizeResult, error) {
+	execID, err := trimID("exec", execID)
+	if err != nil {
+		return ExecResizeResult{}, err
+	}
+	// FIXME(thaJeztah): the API / backend accepts uint32, but container.ResizeOptions uses uint.
+	query := url.Values{}
+	query.Set("h", strconv.FormatUint(uint64(options.Height), 10))
+	query.Set("w", strconv.FormatUint(uint64(options.Width), 10))
+
+	resp, err := cli.post(ctx, "/exec/"+execID+"/resize", query, nil, nil)
+	defer ensureReaderClosed(resp)
+	if err != nil {
+		return ExecResizeResult{}, err
+	}
+	return ExecResizeResult{}, nil
+}
diff --git a/vendor/github.com/moby/moby/client/container_restart.go b/vendor/github.com/moby/moby/client/container_restart.go
new file mode 100644
index 0000000000..e883f75891
--- /dev/null
+++ b/vendor/github.com/moby/moby/client/container_restart.go
@@ -0,0 +1,54 @@
+package client
+
+import (
+	"context"
+	"net/url"
+	"strconv"
+)
+
+// ContainerRestartOptions holds options for [Client.ContainerRestart].
+type ContainerRestartOptions struct {
+	// Signal (optional) is the signal to send to the container to (gracefully)
+	// stop it before forcibly terminating the container with SIGKILL after the
+	// timeout expires. If no value is set, the default (SIGTERM) is used.
+	Signal string `json:",omitempty"`
+
+	// Timeout (optional) is the timeout (in seconds) to wait for the container
+	// to stop gracefully before forcibly terminating it with SIGKILL.
+	//
+	// - Use nil to use the default timeout (10 seconds).
+	// - Use '-1' to wait indefinitely.
+	// - Use '0' to not wait for the container to exit gracefully, and
+	//   immediately proceeds to forcibly terminating the container.
+	// - Other positive values are used as timeout (in seconds).
+	Timeout *int `json:",omitempty"`
+}
+
+// ContainerRestartResult holds the result of [Client.ContainerRestart],
+type ContainerRestartResult struct {
+	// Add future fields here.
+}
+
+// ContainerRestart stops, and starts a container again.
+// It makes the daemon wait for the container to be up again for
+// a specific amount of time, given the timeout.
+func (cli *Client) ContainerRestart(ctx context.Context, containerID string, options ContainerRestartOptions) (ContainerRestartResult, error) {
+	containerID, err := trimID("container", containerID)
+	if err != nil {
+		return ContainerRestartResult{}, err
+	}
+
+	query := url.Values{}
+	if options.Timeout != nil {
+		query.Set("t", strconv.Itoa(*options.Timeout))
+	}
+	if options.Signal != "" {
+		query.Set("signal", options.Signal)
+	}
+	resp, err := cli.post(ctx, "/containers/"+containerID+"/restart", query, nil, nil)
+	defer ensureReaderClosed(resp)
+	if err != nil {
+		return ContainerRestartResult{}, err
+	}
+	return ContainerRestartResult{}, nil
+}
diff --git a/vendor/github.com/docker/docker/client/container_start.go b/vendor/github.com/moby/moby/client/container_start.go
similarity index 51%
rename from vendor/github.com/docker/docker/client/container_start.go
rename to vendor/github.com/moby/moby/client/container_start.go
index c7206e320a..dfb821d1d1 100644
--- a/vendor/github.com/docker/docker/client/container_start.go
+++ b/vendor/github.com/moby/moby/client/container_start.go
@@ -3,15 +3,24 @@ package client
 import (
 	"context"
 	"net/url"
-
-	"github.com/docker/docker/api/types/container"
 )
 
+// ContainerStartOptions holds options for [Client.ContainerStart].
+type ContainerStartOptions struct {
+	CheckpointID  string
+	CheckpointDir string
+}
+
+// ContainerStartResult holds the result of [Client.ContainerStart],
+type ContainerStartResult struct {
+	// Add future fields here.
+}
+
 // ContainerStart sends a request to the docker daemon to start a container.
-func (cli *Client) ContainerStart(ctx context.Context, containerID string, options container.StartOptions) error {
+func (cli *Client) ContainerStart(ctx context.Context, containerID string, options ContainerStartOptions) (ContainerStartResult, error) {
 	containerID, err := trimID("container", containerID)
 	if err != nil {
-		return err
+		return ContainerStartResult{}, err
 	}
 
 	query := url.Values{}
@@ -23,6 +32,9 @@ func (cli *Client) ContainerStart(ctx context.Context, containerID string, optio
 	}
 
 	resp, err := cli.post(ctx, "/containers/"+containerID+"/start", query, nil, nil)
-	ensureReaderClosed(resp)
-	return err
+	defer ensureReaderClosed(resp)
+	if err != nil {
+		return ContainerStartResult{}, err
+	}
+	return ContainerStartResult{}, nil
 }
diff --git a/vendor/github.com/moby/moby/client/container_stats.go b/vendor/github.com/moby/moby/client/container_stats.go
new file mode 100644
index 0000000000..277769dbff
--- /dev/null
+++ b/vendor/github.com/moby/moby/client/container_stats.go
@@ -0,0 +1,75 @@
+package client
+
+import (
+	"context"
+	"io"
+	"net/url"
+)
+
+// ContainerStatsOptions holds parameters to retrieve container statistics
+// using the [Client.ContainerStats] method.
+type ContainerStatsOptions struct {
+	// Stream enables streaming [container.StatsResponse] results instead
+	// of collecting a single sample. If enabled, the client remains attached
+	// until the [ContainerStatsResult.Body] is closed or the context is
+	// cancelled.
+	Stream bool
+
+	// IncludePreviousSample asks the daemon to  collect a prior sample to populate the
+	// [container.StatsResponse.PreRead] and [container.StatsResponse.PreCPUStats]
+	// fields.
+	//
+	// It set, the daemon collects two samples at a one-second interval before
+	// returning the result. The first sample populates the PreCPUStats (“previous
+	// CPU”) field, allowing delta calculations for CPU usage. If false, only
+	// a single sample is taken and returned immediately, leaving PreRead and
+	// PreCPUStats empty.
+	//
+	// This option has no effect if Stream is enabled. If Stream is enabled,
+	// [container.StatsResponse.PreCPUStats] is never populated for the first
+	// record.
+	IncludePreviousSample bool
+}
+
+// ContainerStatsResult holds the result from [Client.ContainerStats].
+//
+// It wraps an [io.ReadCloser] that provides one or more [container.StatsResponse]
+// objects for a container, as produced by the "GET /containers/{id}/stats" endpoint.
+// If streaming is disabled, the stream contains a single record.
+type ContainerStatsResult struct {
+	Body io.ReadCloser
+}
+
+// ContainerStats retrieves live resource usage statistics for the specified
+// container. The caller must close the [io.ReadCloser] in the returned result
+// to release associated resources.
+//
+// The underlying [io.ReadCloser] is automatically closed if the context is canceled,
+func (cli *Client) ContainerStats(ctx context.Context, containerID string, options ContainerStatsOptions) (ContainerStatsResult, error) {
+	containerID, err := trimID("container", containerID)
+	if err != nil {
+		return ContainerStatsResult{}, err
+	}
+
+	query := url.Values{}
+	if options.Stream {
+		query.Set("stream", "true")
+	} else {
+		// Note: daemons before v29.0 return an error if both set: "cannot have stream=true and one-shot=true"
+		//
+		// TODO(thaJeztah): consider making "stream=false" the default for the API as well, or using Accept Header to switch.
+		query.Set("stream", "false")
+		if !options.IncludePreviousSample {
+			query.Set("one-shot", "true")
+		}
+	}
+
+	resp, err := cli.get(ctx, "/containers/"+containerID+"/stats", query, nil)
+	if err != nil {
+		return ContainerStatsResult{}, err
+	}
+
+	return ContainerStatsResult{
+		Body: newCancelReadCloser(ctx, resp.Body),
+	}, nil
+}
diff --git a/vendor/github.com/moby/moby/client/container_stop.go b/vendor/github.com/moby/moby/client/container_stop.go
new file mode 100644
index 0000000000..d4d47d8fd4
--- /dev/null
+++ b/vendor/github.com/moby/moby/client/container_stop.go
@@ -0,0 +1,58 @@
+package client
+
+import (
+	"context"
+	"net/url"
+	"strconv"
+)
+
+// ContainerStopOptions holds the options for [Client.ContainerStop].
+type ContainerStopOptions struct {
+	// Signal (optional) is the signal to send to the container to (gracefully)
+	// stop it before forcibly terminating the container with SIGKILL after the
+	// timeout expires. If no value is set, the default (SIGTERM) is used.
+	Signal string `json:",omitempty"`
+
+	// Timeout (optional) is the timeout (in seconds) to wait for the container
+	// to stop gracefully before forcibly terminating it with SIGKILL.
+	//
+	// - Use nil to use the default timeout (10 seconds).
+	// - Use '-1' to wait indefinitely.
+	// - Use '0' to not wait for the container to exit gracefully, and
+	//   immediately proceeds to forcibly terminating the container.
+	// - Other positive values are used as timeout (in seconds).
+	Timeout *int `json:",omitempty"`
+}
+
+// ContainerStopResult holds the result of [Client.ContainerStop],
+type ContainerStopResult struct {
+	// Add future fields here.
+}
+
+// ContainerStop stops a container. In case the container fails to stop
+// gracefully within a time frame specified by the timeout argument,
+// it is forcefully terminated (killed).
+//
+// If the timeout is nil, the container's StopTimeout value is used, if set,
+// otherwise the engine default. A negative timeout value can be specified,
+// meaning no timeout, i.e. no forceful termination is performed.
+func (cli *Client) ContainerStop(ctx context.Context, containerID string, options ContainerStopOptions) (ContainerStopResult, error) {
+	containerID, err := trimID("container", containerID)
+	if err != nil {
+		return ContainerStopResult{}, err
+	}
+
+	query := url.Values{}
+	if options.Timeout != nil {
+		query.Set("t", strconv.Itoa(*options.Timeout))
+	}
+	if options.Signal != "" {
+		query.Set("signal", options.Signal)
+	}
+	resp, err := cli.post(ctx, "/containers/"+containerID+"/stop", query, nil, nil)
+	defer ensureReaderClosed(resp)
+	if err != nil {
+		return ContainerStopResult{}, err
+	}
+	return ContainerStopResult{}, nil
+}
diff --git a/vendor/github.com/moby/moby/client/container_top.go b/vendor/github.com/moby/moby/client/container_top.go
new file mode 100644
index 0000000000..dc0af8ae48
--- /dev/null
+++ b/vendor/github.com/moby/moby/client/container_top.go
@@ -0,0 +1,44 @@
+package client
+
+import (
+	"context"
+	"encoding/json"
+	"net/url"
+	"strings"
+
+	"github.com/moby/moby/api/types/container"
+)
+
+// ContainerTopOptions defines options for container top operations.
+type ContainerTopOptions struct {
+	Arguments []string
+}
+
+// ContainerTopResult represents the result of a ContainerTop operation.
+type ContainerTopResult struct {
+	Processes [][]string
+	Titles    []string
+}
+
+// ContainerTop shows process information from within a container.
+func (cli *Client) ContainerTop(ctx context.Context, containerID string, options ContainerTopOptions) (ContainerTopResult, error) {
+	containerID, err := trimID("container", containerID)
+	if err != nil {
+		return ContainerTopResult{}, err
+	}
+
+	query := url.Values{}
+	if len(options.Arguments) > 0 {
+		query.Set("ps_args", strings.Join(options.Arguments, " "))
+	}
+
+	resp, err := cli.get(ctx, "/containers/"+containerID+"/top", query, nil)
+	defer ensureReaderClosed(resp)
+	if err != nil {
+		return ContainerTopResult{}, err
+	}
+
+	var response container.TopResponse
+	err = json.NewDecoder(resp.Body).Decode(&response)
+	return ContainerTopResult{Processes: response.Processes, Titles: response.Titles}, err
+}
diff --git a/vendor/github.com/moby/moby/client/container_unpause.go b/vendor/github.com/moby/moby/client/container_unpause.go
new file mode 100644
index 0000000000..627d60c960
--- /dev/null
+++ b/vendor/github.com/moby/moby/client/container_unpause.go
@@ -0,0 +1,28 @@
+package client
+
+import "context"
+
+// ContainerUnpauseOptions holds options for [Client.ContainerUnpause].
+type ContainerUnpauseOptions struct {
+	// Add future optional parameters here.
+}
+
+// ContainerUnpauseResult holds the result of [Client.ContainerUnpause],
+type ContainerUnpauseResult struct {
+	// Add future fields here.
+}
+
+// ContainerUnpause resumes the process execution within a container.
+func (cli *Client) ContainerUnpause(ctx context.Context, containerID string, options ContainerUnpauseOptions) (ContainerUnpauseResult, error) {
+	containerID, err := trimID("container", containerID)
+	if err != nil {
+		return ContainerUnpauseResult{}, err
+	}
+
+	resp, err := cli.post(ctx, "/containers/"+containerID+"/unpause", nil, nil, nil)
+	defer ensureReaderClosed(resp)
+	if err != nil {
+		return ContainerUnpauseResult{}, err
+	}
+	return ContainerUnpauseResult{}, nil
+}
diff --git a/vendor/github.com/moby/moby/client/container_update.go b/vendor/github.com/moby/moby/client/container_update.go
new file mode 100644
index 0000000000..a1d4d249a9
--- /dev/null
+++ b/vendor/github.com/moby/moby/client/container_update.go
@@ -0,0 +1,46 @@
+package client
+
+import (
+	"context"
+	"encoding/json"
+
+	"github.com/moby/moby/api/types/container"
+)
+
+// ContainerUpdateOptions holds options for [Client.ContainerUpdate].
+type ContainerUpdateOptions struct {
+	Resources     *container.Resources
+	RestartPolicy *container.RestartPolicy
+}
+
+// ContainerUpdateResult is the result from updating a container.
+type ContainerUpdateResult struct {
+	// Warnings encountered when updating the container.
+	Warnings []string
+}
+
+// ContainerUpdate updates the resources of a container.
+func (cli *Client) ContainerUpdate(ctx context.Context, containerID string, options ContainerUpdateOptions) (ContainerUpdateResult, error) {
+	containerID, err := trimID("container", containerID)
+	if err != nil {
+		return ContainerUpdateResult{}, err
+	}
+
+	updateConfig := container.UpdateConfig{}
+	if options.Resources != nil {
+		updateConfig.Resources = *options.Resources
+	}
+	if options.RestartPolicy != nil {
+		updateConfig.RestartPolicy = *options.RestartPolicy
+	}
+
+	resp, err := cli.post(ctx, "/containers/"+containerID+"/update", nil, updateConfig, nil)
+	defer ensureReaderClosed(resp)
+	if err != nil {
+		return ContainerUpdateResult{}, err
+	}
+
+	var response container.UpdateResponse
+	err = json.NewDecoder(resp.Body).Decode(&response)
+	return ContainerUpdateResult{Warnings: response.Warnings}, err
+}
diff --git a/vendor/github.com/moby/moby/client/container_wait.go b/vendor/github.com/moby/moby/client/container_wait.go
new file mode 100644
index 0000000000..6f71ed0518
--- /dev/null
+++ b/vendor/github.com/moby/moby/client/container_wait.go
@@ -0,0 +1,92 @@
+package client
+
+import (
+	"bytes"
+	"context"
+	"encoding/json"
+	"errors"
+	"io"
+	"net/url"
+
+	"github.com/moby/moby/api/types/container"
+)
+
+const containerWaitErrorMsgLimit = 2 * 1024 /* Max: 2KiB */
+
+// ContainerWaitOptions holds options for [Client.ContainerWait].
+type ContainerWaitOptions struct {
+	Condition container.WaitCondition
+}
+
+// ContainerWaitResult defines the result from the [Client.ContainerWait] method.
+type ContainerWaitResult struct {
+	Result <-chan container.WaitResponse
+	Error  <-chan error
+}
+
+// ContainerWait waits until the specified container is in a certain state
+// indicated by the given condition, either;
+//
+//   - "not-running" ([container.WaitConditionNotRunning]) (default)
+//   - "next-exit" ([container.WaitConditionNextExit])
+//   - "removed" ([container.WaitConditionRemoved])
+//
+// ContainerWait blocks until the request has been acknowledged by the server
+// (with a response header), then returns two channels on which the caller can
+// wait for the exit status of the container or an error if there was a problem
+// either beginning the wait request or in getting the response. This allows the
+// caller to synchronize ContainerWait with other calls, such as specifying a
+// "next-exit" condition ([container.WaitConditionNextExit]) before issuing a
+// [Client.ContainerStart] request.
+func (cli *Client) ContainerWait(ctx context.Context, containerID string, options ContainerWaitOptions) ContainerWaitResult {
+	resultC := make(chan container.WaitResponse)
+	errC := make(chan error, 1)
+
+	containerID, err := trimID("container", containerID)
+	if err != nil {
+		errC <- err
+		return ContainerWaitResult{Result: resultC, Error: errC}
+	}
+
+	query := url.Values{}
+	if options.Condition != "" {
+		query.Set("condition", string(options.Condition))
+	}
+
+	resp, err := cli.post(ctx, "/containers/"+containerID+"/wait", query, nil, nil)
+	if err != nil {
+		defer ensureReaderClosed(resp)
+		errC <- err
+		return ContainerWaitResult{Result: resultC, Error: errC}
+	}
+
+	go func() {
+		defer ensureReaderClosed(resp)
+
+		responseText := bytes.NewBuffer(nil)
+		stream := io.TeeReader(resp.Body, responseText)
+
+		var res container.WaitResponse
+		if err := json.NewDecoder(stream).Decode(&res); err != nil {
+			// NOTE(nicks): The /wait API does not work well with HTTP proxies.
+			// At any time, the proxy could cut off the response stream.
+			//
+			// But because the HTTP status has already been written, the proxy's
+			// only option is to write a plaintext error message.
+			//
+			// If there's a JSON parsing error, read the real error message
+			// off the body and send it to the client.
+			if errors.As(err, new(*json.SyntaxError)) {
+				_, _ = io.ReadAll(io.LimitReader(stream, containerWaitErrorMsgLimit))
+				errC <- errors.New(responseText.String())
+			} else {
+				errC <- err
+			}
+			return
+		}
+
+		resultC <- res
+	}()
+
+	return ContainerWaitResult{Result: resultC, Error: errC}
+}
diff --git a/vendor/github.com/moby/moby/client/distribution_inspect.go b/vendor/github.com/moby/moby/client/distribution_inspect.go
new file mode 100644
index 0000000000..ffbf869d3c
--- /dev/null
+++ b/vendor/github.com/moby/moby/client/distribution_inspect.go
@@ -0,0 +1,45 @@
+package client
+
+import (
+	"context"
+	"encoding/json"
+	"net/http"
+	"net/url"
+
+	"github.com/moby/moby/api/types/registry"
+)
+
+// DistributionInspectResult holds the result of the DistributionInspect operation.
+type DistributionInspectResult struct {
+	registry.DistributionInspect
+}
+
+// DistributionInspectOptions holds options for the DistributionInspect operation.
+type DistributionInspectOptions struct {
+	EncodedRegistryAuth string
+}
+
+// DistributionInspect returns the image digest with the full manifest.
+func (cli *Client) DistributionInspect(ctx context.Context, imageRef string, options DistributionInspectOptions) (DistributionInspectResult, error) {
+	if imageRef == "" {
+		return DistributionInspectResult{}, objectNotFoundError{object: "distribution", id: imageRef}
+	}
+
+	var headers http.Header
+	if options.EncodedRegistryAuth != "" {
+		headers = http.Header{
+			registry.AuthHeader: {options.EncodedRegistryAuth},
+		}
+	}
+
+	// Contact the registry to retrieve digest and platform information
+	resp, err := cli.get(ctx, "/distribution/"+imageRef+"/json", url.Values{}, headers)
+	defer ensureReaderClosed(resp)
+	if err != nil {
+		return DistributionInspectResult{}, err
+	}
+
+	var distributionInspect registry.DistributionInspect
+	err = json.NewDecoder(resp.Body).Decode(&distributionInspect)
+	return DistributionInspectResult{DistributionInspect: distributionInspect}, err
+}
diff --git a/vendor/github.com/docker/docker/client/envvars.go b/vendor/github.com/moby/moby/client/envvars.go
similarity index 72%
rename from vendor/github.com/docker/docker/client/envvars.go
rename to vendor/github.com/moby/moby/client/envvars.go
index abe122d18e..a02295d162 100644
--- a/vendor/github.com/docker/docker/client/envvars.go
+++ b/vendor/github.com/moby/moby/client/envvars.go
@@ -4,16 +4,16 @@ const (
 	// EnvOverrideHost is the name of the environment variable that can be used
 	// to override the default host to connect to (DefaultDockerHost).
 	//
-	// This env-var is read by FromEnv and WithHostFromEnv and when set to a
+	// This env-var is read by [FromEnv] and [WithHostFromEnv] and when set to a
 	// non-empty value, takes precedence over the default host (which is platform
 	// specific), or any host already set.
 	EnvOverrideHost = "DOCKER_HOST"
 
 	// EnvOverrideAPIVersion is the name of the environment variable that can
-	// be used to override the API version to use. Value should be
+	// be used to override the API version to use. Value must be
 	// formatted as MAJOR.MINOR, for example, "1.19".
 	//
-	// This env-var is read by FromEnv and WithVersionFromEnv and when set to a
+	// This env-var is read by [FromEnv] and [WithAPIVersionFromEnv] and when set to a
 	// non-empty value, takes precedence over API version negotiation.
 	//
 	// This environment variable should be used for debugging purposes only, as
@@ -23,16 +23,15 @@ const (
 	// EnvOverrideCertPath is the name of the environment variable that can be
 	// used to specify the directory from which to load the TLS certificates
 	// (ca.pem, cert.pem, key.pem) from. These certificates are used to configure
-	// the Client for a TCP connection protected by TLS client authentication.
+	// the [Client] for a TCP connection protected by TLS client authentication.
 	//
 	// TLS certificate verification is enabled by default if the Client is configured
-	// to use a TLS connection. Refer to EnvTLSVerify below to learn how to
+	// to use a TLS connection. Refer to [EnvTLSVerify] below to learn how to
 	// disable verification for testing purposes.
 	//
 	// WARNING: Access to the remote API is equivalent to root access to the
 	// host where the daemon runs. Do not expose the API without protection,
-	// and only if needed. Make sure you are familiar with the "daemon attack
-	// surface" (https://docs.docker.com/go/attack-surface/).
+	// and only if needed. Make sure you are familiar with the ["daemon attack surface"].
 	//
 	// For local access to the API, it is recommended to connect with the daemon
 	// using the default local socket connection (on Linux), or the named pipe
@@ -43,11 +42,14 @@ const (
 	// configuration if the host is accessible using ssh.
 	//
 	// If you cannot use the alternatives above, and you must expose the API over
-	// a TCP connection, refer to https://docs.docker.com/engine/security/protect-access/
+	// a TCP connection. Refer to [Protect the Docker daemon socket]
 	// to learn how to configure the daemon and client to use a TCP connection
 	// with TLS client authentication. Make sure you know the differences between
 	// a regular TLS connection and a TLS connection protected by TLS client
 	// authentication, and verify that the API cannot be accessed by other clients.
+	//
+	// ["daemon attack surface"]: https://docs.docker.com/go/attack-surface/
+	// [Protect the Docker daemon socket]: https://docs.docker.com/engine/security/protect-access/
 	EnvOverrideCertPath = "DOCKER_CERT_PATH"
 
 	// EnvTLSVerify is the name of the environment variable that can be used to
@@ -59,26 +61,26 @@ const (
 	//
 	// WARNING: Access to the remote API is equivalent to root access to the
 	// host where the daemon runs. Do not expose the API without protection,
-	// and only if needed. Make sure you are familiar with the "daemon attack
-	// surface" (https://docs.docker.com/go/attack-surface/).
+	// and only if needed. Make sure you are familiar with the ["daemon attack surface"].
 	//
 	// Before setting up your client and daemon to use a TCP connection with TLS
 	// client authentication, consider using one of the alternatives mentioned
-	// in EnvOverrideCertPath above.
+	// in [EnvOverrideCertPath].
 	//
 	// Disabling TLS certificate verification (for testing purposes)
 	//
 	// TLS certificate verification is enabled by default if the Client is configured
 	// to use a TLS connection, and it is highly recommended to keep verification
-	// enabled to prevent machine-in-the-middle attacks. Refer to the documentation
-	// at https://docs.docker.com/engine/security/protect-access/ and pages linked
-	// from that page to learn how to configure the daemon and client to use a
-	// TCP connection with TLS client authentication enabled.
+	// enabled to prevent machine-in-the-middle attacks. Refer to [Protect the Docker daemon socket]
+	// in the documentation and pages linked from that page to learn how to
+	// configure the daemon and client to use a TCP connection with TLS client
+	// authentication enabled.
 	//
 	// Set the "DOCKER_TLS_VERIFY" environment to an empty string ("") to
 	// disable TLS certificate verification. Disabling verification is insecure,
-	// so should only be done for testing purposes. From the Go documentation
-	// (https://pkg.go.dev/crypto/tls#Config):
+	// so should only be done for testing purposes.
+	//
+	// From the[crypto/tls.Config] documentation:
 	//
 	// InsecureSkipVerify controls whether a client verifies the server's
 	// certificate chain and host name. If InsecureSkipVerify is true, crypto/tls
@@ -86,5 +88,8 @@ const (
 	// certificate. In this mode, TLS is susceptible to machine-in-the-middle
 	// attacks unless custom verification is used. This should be used only for
 	// testing or in combination with VerifyConnection or VerifyPeerCertificate.
+	//
+	// ["daemon attack surface"]: https://docs.docker.com/go/attack-surface/
+	// [Protect the Docker daemon socket]: https://docs.docker.com/engine/security/protect-access/
 	EnvTLSVerify = "DOCKER_TLS_VERIFY"
 )
diff --git a/vendor/github.com/docker/docker/client/errors.go b/vendor/github.com/moby/moby/client/errors.go
similarity index 76%
rename from vendor/github.com/docker/docker/client/errors.go
rename to vendor/github.com/moby/moby/client/errors.go
index 9e3a2538f2..9fbfa7666e 100644
--- a/vendor/github.com/docker/docker/client/errors.go
+++ b/vendor/github.com/moby/moby/client/errors.go
@@ -8,7 +8,7 @@ import (
 
 	cerrdefs "github.com/containerd/errdefs"
 	"github.com/containerd/errdefs/pkg/errhttp"
-	"github.com/docker/docker/api/types/versions"
+	"github.com/moby/moby/client/pkg/versions"
 )
 
 // errConnectionFailed implements an error returned when connection failed.
@@ -30,13 +30,6 @@ func IsErrConnectionFailed(err error) bool {
 	return errors.As(err, &errConnectionFailed{})
 }
 
-// ErrorConnectionFailed returns an error with host in the error message when connection to docker daemon failed.
-//
-// Deprecated: this function was only used internally, and will be removed in the next release.
-func ErrorConnectionFailed(host string) error {
-	return connectionFailed(host)
-}
-
 // connectionFailed returns an error with host in the error message when connection
 // to docker daemon failed.
 func connectionFailed(host string) error {
@@ -49,14 +42,6 @@ func connectionFailed(host string) error {
 	return errConnectionFailed{error: err}
 }
 
-// IsErrNotFound returns true if the error is a NotFound error, which is returned
-// by the API when some object is not found. It is an alias for [cerrdefs.IsNotFound].
-//
-// Deprecated: use [cerrdefs.IsNotFound] instead.
-func IsErrNotFound(err error) bool {
-	return cerrdefs.IsNotFound(err)
-}
-
 type objectNotFoundError struct {
 	object string
 	id     string
@@ -68,12 +53,12 @@ func (e objectNotFoundError) Error() string {
 	return fmt.Sprintf("Error: No such %s: %s", e.object, e.id)
 }
 
-// NewVersionError returns an error if the APIVersion required is less than the
+// requiresVersion returns an error if the APIVersion required is less than the
 // current supported version.
 //
 // It performs API-version negotiation if the Client is configured with this
 // option, otherwise it assumes the latest API version is used.
-func (cli *Client) NewVersionError(ctx context.Context, APIrequired, feature string) error {
+func (cli *Client) requiresVersion(ctx context.Context, apiRequired, feature string) error {
 	// Make sure we negotiated (if the client is configured to do so),
 	// as code below contains API-version specific handling of options.
 	//
@@ -82,8 +67,8 @@ func (cli *Client) NewVersionError(ctx context.Context, APIrequired, feature str
 	if err := cli.checkVersion(ctx); err != nil {
 		return err
 	}
-	if cli.version != "" && versions.LessThan(cli.version, APIrequired) {
-		return fmt.Errorf("%q requires API version %s, but the Docker daemon API version is %s", feature, APIrequired, cli.version)
+	if cli.version != "" && versions.LessThan(cli.version, apiRequired) {
+		return fmt.Errorf("%q requires API version %s, but the Docker daemon API version is %s", feature, apiRequired, cli.version)
 	}
 	return nil
 }
diff --git a/vendor/github.com/moby/moby/client/filters.go b/vendor/github.com/moby/moby/client/filters.go
new file mode 100644
index 0000000000..3669ae0d47
--- /dev/null
+++ b/vendor/github.com/moby/moby/client/filters.go
@@ -0,0 +1,58 @@
+package client
+
+import (
+	"encoding/json"
+	"maps"
+	"net/url"
+)
+
+// Filters describes a predicate for an API request.
+//
+// Each entry in the map is a filter term.
+// Each term is evaluated against the set of values.
+// A filter term is satisfied if any one of the values in the set is a match.
+// An item matches the filters when all terms are satisfied.
+//
+// Like all other map types in Go, the zero value is empty and read-only.
+type Filters map[string]map[string]bool
+
+// Add appends values to the value-set of term.
+//
+// The receiver f is returned for chaining.
+//
+//	f := make(Filters).Add("name", "foo", "bar").Add("status", "exited")
+func (f Filters) Add(term string, values ...string) Filters {
+	if _, ok := f[term]; !ok {
+		f[term] = make(map[string]bool)
+	}
+	for _, v := range values {
+		f[term][v] = true
+	}
+	return f
+}
+
+// Clone returns a deep copy of f.
+func (f Filters) Clone() Filters {
+	out := make(Filters, len(f))
+	for term, values := range f {
+		inner := make(map[string]bool, len(values))
+		maps.Copy(inner, values)
+		out[term] = inner
+	}
+	return out
+}
+
+// updateURLValues sets the "filters" key in values to the marshalled value of
+// f, replacing any existing values. When f is empty, any existing "filters" key
+// is removed.
+func (f Filters) updateURLValues(values url.Values) {
+	if len(f) > 0 {
+		b, err := json.Marshal(f)
+		if err != nil {
+			panic(err) // Marshaling builtin types should never fail
+		}
+		values.Set("filters", string(b))
+	} else {
+		values.Del("filters")
+	}
+}
diff --git a/vendor/github.com/docker/docker/client/hijack.go b/vendor/github.com/moby/moby/client/hijack.go
similarity index 65%
rename from vendor/github.com/docker/docker/client/hijack.go
rename to vendor/github.com/moby/moby/client/hijack.go
index 01d121a62e..31c44e5988 100644
--- a/vendor/github.com/docker/docker/client/hijack.go
+++ b/vendor/github.com/moby/moby/client/hijack.go
@@ -9,33 +9,25 @@ import (
 	"net/url"
 	"time"
 
-	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/api/types/versions"
-	"github.com/pkg/errors"
 	"go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp"
 )
 
 // postHijacked sends a POST request and hijacks the connection.
-func (cli *Client) postHijacked(ctx context.Context, path string, query url.Values, body interface{}, headers map[string][]string) (types.HijackedResponse, error) {
-	bodyEncoded, err := encodeData(body)
+func (cli *Client) postHijacked(ctx context.Context, path string, query url.Values, body any, headers map[string][]string) (HijackedResponse, error) {
+	jsonBody, err := jsonEncode(body)
 	if err != nil {
-		return types.HijackedResponse{}, err
+		return HijackedResponse{}, err
 	}
-	req, err := cli.buildRequest(ctx, http.MethodPost, cli.getAPIPath(ctx, path, query), bodyEncoded, headers)
+	req, err := cli.buildRequest(ctx, http.MethodPost, cli.getAPIPath(ctx, path, query), jsonBody, headers)
 	if err != nil {
-		return types.HijackedResponse{}, err
+		return HijackedResponse{}, err
 	}
 	conn, mediaType, err := setupHijackConn(cli.dialer(), req, "tcp")
 	if err != nil {
-		return types.HijackedResponse{}, err
+		return HijackedResponse{}, err
 	}
 
-	if versions.LessThan(cli.ClientVersion(), "1.42") {
-		// Prior to 1.42, Content-Type is always set to raw-stream and not relevant
-		mediaType = ""
-	}
-
-	return types.NewHijackedResponse(conn, mediaType), nil
+	return NewHijackedResponse(conn, mediaType), nil
 }
 
 // DialHijack returns a hijacked connection with negotiated protocol proto.
@@ -57,18 +49,18 @@ func setupHijackConn(dialer func(context.Context) (net.Conn, error), req *http.R
 
 	conn, err := dialer(ctx)
 	if err != nil {
-		return nil, "", errors.Wrap(err, "cannot connect to the Docker daemon. Is 'docker daemon' running on this host?")
+		return nil, "", fmt.Errorf("cannot connect to the Docker daemon. Is 'docker daemon' running on this host?: %w", err)
 	}
 	defer func() {
 		if retErr != nil {
-			conn.Close()
+			_ = conn.Close()
 		}
 	}()
 
 	// When we set up a TCP connection for hijack, there could be long periods
 	// of inactivity (a long running command with no output) that in certain
 	// network setups may cause ECONNTIMEOUT, leaving the client in an unknown
-	// state. Setting TCP KeepAlive on the socket connection will prohibit
+	// state. Setting TCP KeepAlive on the socket connection prohibits
 	// ECONNTIMEOUT unless the socket connection truly is broken
 	if tcpConn, ok := conn.(*net.TCPConn); ok {
 		_ = tcpConn.SetKeepAlive(true)
@@ -91,7 +83,7 @@ func setupHijackConn(dialer func(context.Context) (net.Conn, error), req *http.R
 		// If there is buffered content, wrap the connection.  We return an
 		// object that implements CloseWrite if the underlying connection
 		// implements it.
-		if _, ok := hc.Conn.(types.CloseWriter); ok {
+		if _, ok := hc.Conn.(CloseWriter); ok {
 			conn = &hijackedConnCloseWriter{hc}
 		} else {
 			conn = hc
@@ -131,9 +123,50 @@ type hijackedConnCloseWriter struct {
 	*hijackedConn
 }
 
-var _ types.CloseWriter = &hijackedConnCloseWriter{}
+var _ CloseWriter = &hijackedConnCloseWriter{}
 
 func (c *hijackedConnCloseWriter) CloseWrite() error {
-	conn := c.Conn.(types.CloseWriter)
+	conn := c.Conn.(CloseWriter)
 	return conn.CloseWrite()
 }
+
+// NewHijackedResponse initializes a [HijackedResponse] type.
+func NewHijackedResponse(conn net.Conn, mediaType string) HijackedResponse {
+	return HijackedResponse{Conn: conn, Reader: bufio.NewReader(conn), mediaType: mediaType}
+}
+
+// HijackedResponse holds connection information for a hijacked request.
+type HijackedResponse struct {
+	mediaType string
+	Conn      net.Conn
+	Reader    *bufio.Reader
+}
+
+// Close closes the hijacked connection and reader.
+func (h *HijackedResponse) Close() {
+	h.Conn.Close()
+}
+
+// MediaType let client know if HijackedResponse hold a raw or multiplexed stream.
+// returns false if HTTP Content-Type is not relevant, and the container must be
+// inspected.
+func (h *HijackedResponse) MediaType() (string, bool) {
+	if h.mediaType == "" {
+		return "", false
+	}
+	return h.mediaType, true
+}
+
+// CloseWriter is an interface that implements structs
+// that close input streams to prevent from writing.
+type CloseWriter interface {
+	CloseWrite() error
+}
+
+// CloseWrite closes a readWriter for writing.
+func (h *HijackedResponse) CloseWrite() error {
+	if conn, ok := h.Conn.(CloseWriter); ok {
+		return conn.CloseWrite()
+	}
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/client/image_build.go b/vendor/github.com/moby/moby/client/image_build.go
similarity index 76%
rename from vendor/github.com/docker/docker/client/image_build.go
rename to vendor/github.com/moby/moby/client/image_build.go
index 1ed0878bfd..67ac204aaf 100644
--- a/vendor/github.com/docker/docker/client/image_build.go
+++ b/vendor/github.com/moby/moby/client/image_build.go
@@ -8,25 +8,24 @@ import (
 	"net/http"
 	"net/url"
 	"strconv"
-	"strings"
 
-	"github.com/docker/docker/api/types/build"
-	"github.com/docker/docker/api/types/container"
-	"github.com/docker/docker/api/types/network"
+	cerrdefs "github.com/containerd/errdefs"
+	"github.com/moby/moby/api/types/container"
+	"github.com/moby/moby/api/types/network"
 )
 
 // ImageBuild sends a request to the daemon to build images.
-// The Body in the response implements an io.ReadCloser and it's up to the caller to
+// The Body in the response implements an [io.ReadCloser] and it's up to the caller to
 // close it.
-func (cli *Client) ImageBuild(ctx context.Context, buildContext io.Reader, options build.ImageBuildOptions) (build.ImageBuildResponse, error) {
+func (cli *Client) ImageBuild(ctx context.Context, buildContext io.Reader, options ImageBuildOptions) (ImageBuildResult, error) {
 	query, err := cli.imageBuildOptionsToQuery(ctx, options)
 	if err != nil {
-		return build.ImageBuildResponse{}, err
+		return ImageBuildResult{}, err
 	}
 
-	buf, err := json.Marshal(options.AuthConfigs)
+	buf, err := json.Marshal(options.AuthConfigs) // #nosec G117 -- ignore "Marshaled struct field "Password" (JSON key "password") matches secret pattern"
 	if err != nil {
-		return build.ImageBuildResponse{}, err
+		return ImageBuildResult{}, err
 	}
 
 	headers := http.Header{}
@@ -35,16 +34,15 @@ func (cli *Client) ImageBuild(ctx context.Context, buildContext io.Reader, optio
 
 	resp, err := cli.postRaw(ctx, "/build", query, buildContext, headers)
 	if err != nil {
-		return build.ImageBuildResponse{}, err
+		return ImageBuildResult{}, err
 	}
 
-	return build.ImageBuildResponse{
-		Body:   resp.Body,
-		OSType: resp.Header.Get("Ostype"),
+	return ImageBuildResult{
+		Body: resp.Body,
 	}, nil
 }
 
-func (cli *Client) imageBuildOptionsToQuery(ctx context.Context, options build.ImageBuildOptions) (url.Values, error) {
+func (cli *Client) imageBuildOptionsToQuery(_ context.Context, options ImageBuildOptions) (url.Values, error) {
 	query := url.Values{}
 	if len(options.Tags) > 0 {
 		query["t"] = options.Tags
@@ -81,9 +79,7 @@ func (cli *Client) imageBuildOptionsToQuery(ctx context.Context, options build.I
 	}
 
 	if options.Squash {
-		if err := cli.NewVersionError(ctx, "1.25", "squash"); err != nil {
-			return query, err
-		}
+		// TODO(thaJeztah): squash is experimental, and deprecated when using BuildKit?
 		query.Set("squash", "1")
 	}
 
@@ -158,11 +154,12 @@ func (cli *Client) imageBuildOptionsToQuery(ctx context.Context, options build.I
 	if options.SessionID != "" {
 		query.Set("session", options.SessionID)
 	}
-	if options.Platform != "" {
-		if err := cli.NewVersionError(ctx, "1.32", "platform"); err != nil {
-			return query, err
+	if len(options.Platforms) > 0 {
+		if len(options.Platforms) > 1 {
+			// TODO(thaJeztah): update API spec and add equivalent check on the daemon. We need this still for older daemons, which would ignore it.
+			return query, cerrdefs.ErrInvalidArgument.WithMessage("specifying multiple platforms is not yet supported")
 		}
-		query.Set("platform", strings.ToLower(options.Platform))
+		query.Set("platform", formatPlatform(options.Platforms[0]))
 	}
 	if options.BuildID != "" {
 		query.Set("buildid", options.BuildID)
diff --git a/vendor/github.com/docker/docker/api/types/build/build.go b/vendor/github.com/moby/moby/client/image_build_opts.go
similarity index 75%
rename from vendor/github.com/docker/docker/api/types/build/build.go
rename to vendor/github.com/moby/moby/client/image_build_opts.go
index c43a0e21ea..f65ad0f2bf 100644
--- a/vendor/github.com/docker/docker/api/types/build/build.go
+++ b/vendor/github.com/moby/moby/client/image_build_opts.go
@@ -1,27 +1,14 @@
-package build
+package client
 
 import (
 	"io"
 
-	"github.com/docker/docker/api/types/container"
-	"github.com/docker/docker/api/types/registry"
+	"github.com/moby/moby/api/types/build"
+	"github.com/moby/moby/api/types/container"
+	"github.com/moby/moby/api/types/registry"
+	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
 )
 
-// BuilderVersion sets the version of underlying builder to use
-type BuilderVersion string
-
-const (
-	// BuilderV1 is the first generation builder in docker daemon
-	BuilderV1 BuilderVersion = "1"
-	// BuilderBuildKit is builder based on moby/buildkit project
-	BuilderBuildKit BuilderVersion = "2"
-)
-
-// Result contains the image id of a successful build.
-type Result struct {
-	ID string
-}
-
 // ImageBuildOptions holds the information
 // necessary to build images.
 type ImageBuildOptions struct {
@@ -64,9 +51,11 @@ type ImageBuildOptions struct {
 	ExtraHosts  []string // List of extra hosts
 	Target      string
 	SessionID   string
-	Platform    string
+	// Platforms selects the platforms to build the image for. Multiple platforms
+	// can be provided if the daemon supports multi-platform builds.
+	Platforms []ocispec.Platform
 	// Version specifies the version of the underlying builder to use
-	Version BuilderVersion
+	Version build.BuilderVersion
 	// BuildID is an optional identifier that can be passed together with the
 	// build request. The same identifier can be used to gracefully cancel the
 	// build with the cancel request.
@@ -82,10 +71,9 @@ type ImageBuildOutput struct {
 	Attrs map[string]string
 }
 
-// ImageBuildResponse holds information
+// ImageBuildResult holds information
 // returned by a server after building
 // an image.
-type ImageBuildResponse struct {
-	Body   io.ReadCloser
-	OSType string
+type ImageBuildResult struct {
+	Body io.ReadCloser
 }
diff --git a/vendor/github.com/docker/docker/client/image_history.go b/vendor/github.com/moby/moby/client/image_history.go
similarity index 75%
rename from vendor/github.com/docker/docker/client/image_history.go
rename to vendor/github.com/moby/moby/client/image_history.go
index fce8b80e18..8618f1553e 100644
--- a/vendor/github.com/docker/docker/client/image_history.go
+++ b/vendor/github.com/moby/moby/client/image_history.go
@@ -6,7 +6,6 @@ import (
 	"fmt"
 	"net/url"
 
-	"github.com/docker/docker/api/types/image"
 	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
 )
 
@@ -22,24 +21,24 @@ func ImageHistoryWithPlatform(platform ocispec.Platform) ImageHistoryOption {
 }
 
 // ImageHistory returns the changes in an image in history format.
-func (cli *Client) ImageHistory(ctx context.Context, imageID string, historyOpts ...ImageHistoryOption) ([]image.HistoryResponseItem, error) {
+func (cli *Client) ImageHistory(ctx context.Context, imageID string, historyOpts ...ImageHistoryOption) (ImageHistoryResult, error) {
 	query := url.Values{}
 
 	var opts imageHistoryOpts
 	for _, o := range historyOpts {
 		if err := o.Apply(&opts); err != nil {
-			return nil, err
+			return ImageHistoryResult{}, err
 		}
 	}
 
 	if opts.apiOptions.Platform != nil {
-		if err := cli.NewVersionError(ctx, "1.48", "platform"); err != nil {
-			return nil, err
+		if err := cli.requiresVersion(ctx, "1.48", "platform"); err != nil {
+			return ImageHistoryResult{}, err
 		}
 
 		p, err := encodePlatform(opts.apiOptions.Platform)
 		if err != nil {
-			return nil, err
+			return ImageHistoryResult{}, err
 		}
 		query.Set("platform", p)
 	}
@@ -47,10 +46,10 @@ func (cli *Client) ImageHistory(ctx context.Context, imageID string, historyOpts
 	resp, err := cli.get(ctx, "/images/"+imageID+"/history", query, nil)
 	defer ensureReaderClosed(resp)
 	if err != nil {
-		return nil, err
+		return ImageHistoryResult{}, err
 	}
 
-	var history []image.HistoryResponseItem
-	err = json.NewDecoder(resp.Body).Decode(&history)
+	var history ImageHistoryResult
+	err = json.NewDecoder(resp.Body).Decode(&history.Items)
 	return history, err
 }
diff --git a/vendor/github.com/docker/docker/client/image_history_opts.go b/vendor/github.com/moby/moby/client/image_history_opts.go
similarity index 53%
rename from vendor/github.com/docker/docker/client/image_history_opts.go
rename to vendor/github.com/moby/moby/client/image_history_opts.go
index 6d3494dd0b..7fc57afd1c 100644
--- a/vendor/github.com/docker/docker/client/image_history_opts.go
+++ b/vendor/github.com/moby/moby/client/image_history_opts.go
@@ -1,7 +1,8 @@
 package client
 
 import (
-	"github.com/docker/docker/api/types/image"
+	"github.com/moby/moby/api/types/image"
+	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
 )
 
 // ImageHistoryOption is a type representing functional options for the image history operation.
@@ -15,5 +16,14 @@ func (f imageHistoryOptionFunc) Apply(o *imageHistoryOpts) error {
 }
 
 type imageHistoryOpts struct {
-	apiOptions image.HistoryOptions
+	apiOptions imageHistoryOptions
+}
+
+type imageHistoryOptions struct {
+	// Platform from the manifest list to use for history.
+	Platform *ocispec.Platform
+}
+
+type ImageHistoryResult struct {
+	Items []image.HistoryResponseItem
 }
diff --git a/vendor/github.com/moby/moby/client/image_import.go b/vendor/github.com/moby/moby/client/image_import.go
new file mode 100644
index 0000000000..6c9f22866f
--- /dev/null
+++ b/vendor/github.com/moby/moby/client/image_import.go
@@ -0,0 +1,66 @@
+package client
+
+import (
+	"context"
+	"io"
+	"net/url"
+
+	"github.com/distribution/reference"
+)
+
+// ImageImportResult holds the response body returned by the daemon for image import.
+type ImageImportResult interface {
+	io.ReadCloser
+}
+
+// ImageImport creates a new image based on the source options. It returns the
+// JSON content in the [ImageImportResult].
+//
+// The underlying [io.ReadCloser] is automatically closed if the context is canceled,
+func (cli *Client) ImageImport(ctx context.Context, source ImageImportSource, ref string, options ImageImportOptions) (ImageImportResult, error) {
+	if ref != "" {
+		// Check if the given image name can be resolved
+		if _, err := reference.ParseNormalizedNamed(ref); err != nil {
+			return nil, err
+		}
+	}
+
+	query := url.Values{}
+	if source.SourceName != "" {
+		query.Set("fromSrc", source.SourceName)
+	}
+	if ref != "" {
+		query.Set("repo", ref)
+	}
+	if options.Tag != "" {
+		query.Set("tag", options.Tag)
+	}
+	if options.Message != "" {
+		query.Set("message", options.Message)
+	}
+	if p := formatPlatform(options.Platform); p != "unknown" {
+		// TODO(thaJeztah): would we ever support multiple platforms here? (would require multiple rootfs tars as well?)
+		query.Set("platform", p)
+	}
+	for _, change := range options.Changes {
+		query.Add("changes", change)
+	}
+
+	resp, err := cli.postRaw(ctx, "/images/create", query, source.Source, nil)
+	if err != nil {
+		return nil, err
+	}
+	return &imageImportResult{
+		ReadCloser: newCancelReadCloser(ctx, resp.Body),
+	}, nil
+}
+
+// ImageImportResult holds the response body returned by the daemon for image import.
+type imageImportResult struct {
+	io.ReadCloser
+}
+
+var (
+	_ io.ReadCloser     = (*imageImportResult)(nil)
+	_ ImageImportResult = (*imageImportResult)(nil)
+)
diff --git a/vendor/github.com/moby/moby/client/image_import_opts.go b/vendor/github.com/moby/moby/client/image_import_opts.go
new file mode 100644
index 0000000000..c70473bdd5
--- /dev/null
+++ b/vendor/github.com/moby/moby/client/image_import_opts.go
@@ -0,0 +1,21 @@
+package client
+
+import (
+	"io"
+
+	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
+)
+
+// ImageImportSource holds source information for ImageImport
+type ImageImportSource struct {
+	Source     io.Reader // Source is the data to send to the server to create this image from. You must set SourceName to "-" to leverage this.
+	SourceName string    // SourceName is the name of the image to pull. Set to "-" to leverage the Source attribute.
+}
+
+// ImageImportOptions holds information to import images from the client host.
+type ImageImportOptions struct {
+	Tag      string           // Tag is the name to tag this image with. This attribute is deprecated.
+	Message  string           // Message is the message to tag the image with
+	Changes  []string         // Changes are the raw changes to apply to this image
+	Platform ocispec.Platform // Platform is the target platform of the image
+}
diff --git a/vendor/github.com/moby/moby/client/image_inspect.go b/vendor/github.com/moby/moby/client/image_inspect.go
new file mode 100644
index 0000000000..635931fd03
--- /dev/null
+++ b/vendor/github.com/moby/moby/client/image_inspect.go
@@ -0,0 +1,62 @@
+package client
+
+import (
+	"bytes"
+	"context"
+	"encoding/json"
+	"fmt"
+	"io"
+	"net/url"
+)
+
+// ImageInspect returns the image information.
+func (cli *Client) ImageInspect(ctx context.Context, imageID string, inspectOpts ...ImageInspectOption) (ImageInspectResult, error) {
+	if imageID == "" {
+		return ImageInspectResult{}, objectNotFoundError{object: "image", id: imageID}
+	}
+
+	var opts imageInspectOpts
+	for _, opt := range inspectOpts {
+		if err := opt.Apply(&opts); err != nil {
+			return ImageInspectResult{}, fmt.Errorf("error applying image inspect option: %w", err)
+		}
+	}
+
+	query := url.Values{}
+	if opts.apiOptions.Manifests {
+		if err := cli.requiresVersion(ctx, "1.48", "manifests"); err != nil {
+			return ImageInspectResult{}, err
+		}
+		query.Set("manifests", "1")
+	}
+
+	if opts.apiOptions.Platform != nil {
+		if err := cli.requiresVersion(ctx, "1.49", "platform"); err != nil {
+			return ImageInspectResult{}, err
+		}
+		platform, err := encodePlatform(opts.apiOptions.Platform)
+		if err != nil {
+			return ImageInspectResult{}, err
+		}
+		query.Set("platform", platform)
+	}
+
+	resp, err := cli.get(ctx, "/images/"+imageID+"/json", query, nil)
+	defer ensureReaderClosed(resp)
+	if err != nil {
+		return ImageInspectResult{}, err
+	}
+
+	buf := opts.raw
+	if buf == nil {
+		buf = &bytes.Buffer{}
+	}
+
+	if _, err := io.Copy(buf, resp.Body); err != nil {
+		return ImageInspectResult{}, err
+	}
+
+	var response ImageInspectResult
+	err = json.Unmarshal(buf.Bytes(), &response)
+	return response, err
+}
diff --git a/vendor/github.com/docker/docker/client/image_inspect_opts.go b/vendor/github.com/moby/moby/client/image_inspect_opts.go
similarity index 70%
rename from vendor/github.com/docker/docker/client/image_inspect_opts.go
rename to vendor/github.com/moby/moby/client/image_inspect_opts.go
index 655cbf0b7a..266c1fe815 100644
--- a/vendor/github.com/docker/docker/client/image_inspect_opts.go
+++ b/vendor/github.com/moby/moby/client/image_inspect_opts.go
@@ -3,7 +3,7 @@ package client
 import (
 	"bytes"
 
-	"github.com/docker/docker/api/types/image"
+	"github.com/moby/moby/api/types/image"
 	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
 )
 
@@ -28,8 +28,9 @@ func ImageInspectWithRawResponse(raw *bytes.Buffer) ImageInspectOption {
 
 // ImageInspectWithManifests sets manifests API option for the image inspect operation.
 // This option is only available for API version 1.48 and up.
-// With this option set, the image inspect operation response will have the
-// [image.InspectResponse.Manifests] field populated if the server is multi-platform capable.
+// With this option set, the image inspect operation response includes
+// the [image.InspectResponse.Manifests] field if the server is multi-platform
+// capable.
 func ImageInspectWithManifests(manifests bool) ImageInspectOption {
 	return imageInspectOptionFunc(func(clientOpts *imageInspectOpts) error {
 		clientOpts.apiOptions.Manifests = manifests
@@ -39,7 +40,7 @@ func ImageInspectWithManifests(manifests bool) ImageInspectOption {
 
 // ImageInspectWithPlatform sets platform API option for the image inspect operation.
 // This option is only available for API version 1.49 and up.
-// With this option set, the image inspect operation will return information for the
+// With this option set, the image inspect operation returns information for the
 // specified platform variant of the multi-platform image.
 func ImageInspectWithPlatform(platform *ocispec.Platform) ImageInspectOption {
 	return imageInspectOptionFunc(func(clientOpts *imageInspectOpts) error {
@@ -48,15 +49,21 @@ func ImageInspectWithPlatform(platform *ocispec.Platform) ImageInspectOption {
 	})
 }
 
-// ImageInspectWithAPIOpts sets the API options for the image inspect operation.
-func ImageInspectWithAPIOpts(opts image.InspectOptions) ImageInspectOption {
-	return imageInspectOptionFunc(func(clientOpts *imageInspectOpts) error {
-		clientOpts.apiOptions = opts
-		return nil
-	})
-}
-
 type imageInspectOpts struct {
 	raw        *bytes.Buffer
-	apiOptions image.InspectOptions
+	apiOptions imageInspectOptions
+}
+
+type imageInspectOptions struct {
+	// Manifests returns the image manifests.
+	Manifests bool
+
+	// Platform selects the specific platform of a multi-platform image to inspect.
+	//
+	// This option is only available for API version 1.49 and up.
+	Platform *ocispec.Platform
+}
+
+type ImageInspectResult struct {
+	image.InspectResponse
 }
diff --git a/vendor/github.com/moby/moby/client/image_list.go b/vendor/github.com/moby/moby/client/image_list.go
new file mode 100644
index 0000000000..8570709a7f
--- /dev/null
+++ b/vendor/github.com/moby/moby/client/image_list.go
@@ -0,0 +1,61 @@
+package client
+
+import (
+	"context"
+	"encoding/json"
+	"net/url"
+
+	"github.com/moby/moby/api/types/image"
+	"github.com/moby/moby/client/pkg/versions"
+)
+
+// ImageList returns a list of images in the docker host.
+//
+// Experimental: Set the [image.ListOptions.Manifest] option
+// to include [image.Summary.Manifests] with information about image manifests.
+// This is experimental and might change in the future without any backward
+// compatibility.
+func (cli *Client) ImageList(ctx context.Context, options ImageListOptions) (ImageListResult, error) {
+	var images []image.Summary
+
+	query := url.Values{}
+
+	options.Filters.updateURLValues(query)
+	if options.All {
+		query.Set("all", "1")
+	}
+	if options.SharedSize {
+		query.Set("shared-size", "1")
+	}
+	if options.Manifests {
+		// Make sure we negotiated (if the client is configured to do so),
+		// as code below contains API-version specific handling of options.
+		//
+		// Normally, version-negotiation (if enabled) would not happen until
+		// the API request is made.
+		if err := cli.checkVersion(ctx); err != nil {
+			return ImageListResult{}, err
+		}
+
+		if versions.GreaterThanOrEqualTo(cli.version, "1.47") {
+			query.Set("manifests", "1")
+		}
+	}
+	if options.Identity {
+		if err := cli.requiresVersion(ctx, "1.54", "identity"); err != nil {
+			return ImageListResult{}, err
+		}
+		// Identity data in image list is scoped to manifests.
+		query.Set("manifests", "1")
+		query.Set("identity", "1")
+	}
+
+	resp, err := cli.get(ctx, "/images/json", query, nil)
+	defer ensureReaderClosed(resp)
+	if err != nil {
+		return ImageListResult{}, err
+	}
+
+	err = json.NewDecoder(resp.Body).Decode(&images)
+	return ImageListResult{Items: images}, err
+}
diff --git a/vendor/github.com/moby/moby/client/image_list_opts.go b/vendor/github.com/moby/moby/client/image_list_opts.go
new file mode 100644
index 0000000000..297ab960c5
--- /dev/null
+++ b/vendor/github.com/moby/moby/client/image_list_opts.go
@@ -0,0 +1,27 @@
+package client
+
+import "github.com/moby/moby/api/types/image"
+
+// ImageListOptions holds parameters to list images with.
+type ImageListOptions struct {
+	// All controls whether all images in the graph are filtered, or just
+	// the heads.
+	All bool
+
+	// Filters is a JSON-encoded set of filter arguments.
+	Filters Filters
+
+	// SharedSize indicates whether the shared size of images should be computed.
+	SharedSize bool
+
+	// Manifests indicates whether the image manifests should be returned.
+	Manifests bool
+
+	// Identity indicates whether image identity information should be returned.
+	Identity bool
+}
+
+// ImageListResult holds the result from ImageList.
+type ImageListResult struct {
+	Items []image.Summary
+}
diff --git a/vendor/github.com/moby/moby/client/image_load.go b/vendor/github.com/moby/moby/client/image_load.go
new file mode 100644
index 0000000000..ec5fcae6eb
--- /dev/null
+++ b/vendor/github.com/moby/moby/client/image_load.go
@@ -0,0 +1,64 @@
+package client
+
+import (
+	"context"
+	"io"
+	"net/http"
+	"net/url"
+)
+
+// ImageLoadResult returns information to the client about a load process.
+// It implements [io.ReadCloser] and must be closed to avoid a resource leak.
+type ImageLoadResult interface {
+	io.ReadCloser
+}
+
+// ImageLoad loads an image in the docker host from the client host. It's up
+// to the caller to close the [ImageLoadResult] returned by this function.
+//
+// The underlying [io.ReadCloser] is automatically closed if the context is canceled,
+func (cli *Client) ImageLoad(ctx context.Context, input io.Reader, loadOpts ...ImageLoadOption) (ImageLoadResult, error) {
+	var opts imageLoadOpts
+	for _, opt := range loadOpts {
+		if err := opt.Apply(&opts); err != nil {
+			return nil, err
+		}
+	}
+
+	query := url.Values{}
+	query.Set("quiet", "0")
+	if opts.apiOptions.Quiet {
+		query.Set("quiet", "1")
+	}
+	if len(opts.apiOptions.Platforms) > 0 {
+		if err := cli.requiresVersion(ctx, "1.48", "platform"); err != nil {
+			return nil, err
+		}
+
+		p, err := encodePlatforms(opts.apiOptions.Platforms...)
+		if err != nil {
+			return nil, err
+		}
+		query["platform"] = p
+	}
+
+	resp, err := cli.postRaw(ctx, "/images/load", query, input, http.Header{
+		"Content-Type": {"application/x-tar"},
+	})
+	if err != nil {
+		return nil, err
+	}
+	return &imageLoadResult{
+		ReadCloser: newCancelReadCloser(ctx, resp.Body),
+	}, nil
+}
+
+// imageLoadResult returns information to the client about a load process.
+type imageLoadResult struct {
+	io.ReadCloser
+}
+
+var (
+	_ io.ReadCloser   = (*imageLoadResult)(nil)
+	_ ImageLoadResult = (*imageLoadResult)(nil)
+)
diff --git a/vendor/github.com/docker/docker/client/image_load_opts.go b/vendor/github.com/moby/moby/client/image_load_opts.go
similarity index 69%
rename from vendor/github.com/docker/docker/client/image_load_opts.go
rename to vendor/github.com/moby/moby/client/image_load_opts.go
index ebcedd41ff..aeb4fcf839 100644
--- a/vendor/github.com/docker/docker/client/image_load_opts.go
+++ b/vendor/github.com/moby/moby/client/image_load_opts.go
@@ -3,7 +3,6 @@ package client
 import (
 	"fmt"
 
-	"github.com/docker/docker/api/types/image"
 	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
 )
 
@@ -18,7 +17,16 @@ func (f imageLoadOptionFunc) Apply(o *imageLoadOpts) error {
 }
 
 type imageLoadOpts struct {
-	apiOptions image.LoadOptions
+	apiOptions imageLoadOptions
+}
+
+type imageLoadOptions struct {
+	// Quiet suppresses progress output
+	Quiet bool
+
+	// Platforms selects the platforms to load if the image is a
+	// multi-platform image and has multiple variants.
+	Platforms []ocispec.Platform
 }
 
 // ImageLoadWithQuiet sets the quiet option for the image load operation.
@@ -30,6 +38,10 @@ func ImageLoadWithQuiet(quiet bool) ImageLoadOption {
 }
 
 // ImageLoadWithPlatforms sets the platforms to be loaded from the image.
+//
+// Platform is an optional parameter that specifies the platform to load from
+// the provided multi-platform image. Passing a platform only has an effect
+// if the input image is a multi-platform image.
 func ImageLoadWithPlatforms(platforms ...ocispec.Platform) ImageLoadOption {
 	return imageLoadOptionFunc(func(opt *imageLoadOpts) error {
 		if opt.apiOptions.Platforms != nil {
diff --git a/vendor/github.com/moby/moby/client/image_prune.go b/vendor/github.com/moby/moby/client/image_prune.go
new file mode 100644
index 0000000000..7f3a25b898
--- /dev/null
+++ b/vendor/github.com/moby/moby/client/image_prune.go
@@ -0,0 +1,39 @@
+package client
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"net/url"
+
+	"github.com/moby/moby/api/types/image"
+)
+
+// ImagePruneOptions holds parameters to prune images.
+type ImagePruneOptions struct {
+	Filters Filters
+}
+
+// ImagePruneResult holds the result from the [Client.ImagePrune] method.
+type ImagePruneResult struct {
+	Report image.PruneReport
+}
+
+// ImagePrune requests the daemon to delete unused data
+func (cli *Client) ImagePrune(ctx context.Context, opts ImagePruneOptions) (ImagePruneResult, error) {
+	query := url.Values{}
+	opts.Filters.updateURLValues(query)
+
+	resp, err := cli.post(ctx, "/images/prune", query, nil, nil)
+	defer ensureReaderClosed(resp)
+	if err != nil {
+		return ImagePruneResult{}, err
+	}
+
+	var report image.PruneReport
+	if err := json.NewDecoder(resp.Body).Decode(&report); err != nil {
+		return ImagePruneResult{}, fmt.Errorf("Error retrieving disk usage: %v", err)
+	}
+
+	return ImagePruneResult{Report: report}, nil
+}
diff --git a/vendor/github.com/moby/moby/client/image_pull.go b/vendor/github.com/moby/moby/client/image_pull.go
new file mode 100644
index 0000000000..11c0afa418
--- /dev/null
+++ b/vendor/github.com/moby/moby/client/image_pull.go
@@ -0,0 +1,93 @@
+package client
+
+import (
+	"context"
+	"io"
+	"iter"
+	"net/http"
+	"net/url"
+
+	cerrdefs "github.com/containerd/errdefs"
+	"github.com/distribution/reference"
+	"github.com/moby/moby/api/types/jsonstream"
+	"github.com/moby/moby/api/types/registry"
+	"github.com/moby/moby/client/internal"
+)
+
+type ImagePullResponse interface {
+	io.ReadCloser
+	JSONMessages(ctx context.Context) iter.Seq2[jsonstream.Message, error]
+	Wait(ctx context.Context) error
+}
+
+// ImagePull requests the docker host to pull an image from a remote registry.
+// It executes the privileged function if the operation is unauthorized
+// and it tries one more time.
+// Callers can:
+//   - use [ImagePullResponse.Wait] to wait for pull to complete
+//   - use [ImagePullResponse.JSONMessages] to monitor pull progress as a sequence
+//     of JSONMessages, [ImagePullResponse.Close] does not need to be called in this case.
+//   - use the [io.Reader] interface and call [ImagePullResponse.Close] after processing.
+func (cli *Client) ImagePull(ctx context.Context, refStr string, options ImagePullOptions) (ImagePullResponse, error) {
+	// FIXME(vdemeester): there is currently used in a few way in docker/docker
+	// - if not in trusted content, ref is used to pass the whole reference, and tag is empty
+	// - if in trusted content, ref is used to pass the reference name, and tag for the digest
+	//
+	// ref; https://github.com/docker-archive-public/docker.engine-api/pull/162
+
+	ref, err := reference.ParseNormalizedNamed(refStr)
+	if err != nil {
+		return nil, err
+	}
+
+	query := url.Values{}
+	query.Set("fromImage", ref.Name())
+	if !options.All {
+		query.Set("tag", getAPITagFromNamedRef(ref))
+	}
+	if len(options.Platforms) > 0 {
+		if len(options.Platforms) > 1 {
+			// TODO(thaJeztah): update API spec and add equivalent check on the daemon. We need this still for older daemons, which would ignore it.
+			return nil, cerrdefs.ErrInvalidArgument.WithMessage("specifying multiple platforms is not yet supported")
+		}
+		query.Set("platform", formatPlatform(options.Platforms[0]))
+	}
+	resp, err := cli.tryImageCreate(ctx, query, staticAuth(options.RegistryAuth))
+	if cerrdefs.IsUnauthorized(err) && options.PrivilegeFunc != nil {
+		resp, err = cli.tryImageCreate(ctx, query, options.PrivilegeFunc)
+	}
+	if err != nil {
+		return nil, err
+	}
+
+	return internal.NewJSONMessageStream(resp.Body), nil
+}
+
+// getAPITagFromNamedRef returns a tag from the specified reference.
+// This function is necessary as long as the docker "server" api expects
+// digests to be sent as tags and makes a distinction between the name
+// and tag/digest part of a reference.
+func getAPITagFromNamedRef(ref reference.Named) string {
+	if digested, ok := ref.(reference.Digested); ok {
+		return digested.Digest().String()
+	}
+	ref = reference.TagNameOnly(ref)
+	if tagged, ok := ref.(reference.Tagged); ok {
+		return tagged.Tag()
+	}
+	return ""
+}
+
+func (cli *Client) tryImageCreate(ctx context.Context, query url.Values, resolveAuth registry.RequestAuthConfig) (*http.Response, error) {
+	hdr := http.Header{}
+	if resolveAuth != nil {
+		registryAuth, err := resolveAuth(ctx)
+		if err != nil {
+			return nil, err
+		}
+		if registryAuth != "" {
+			hdr.Set(registry.AuthHeader, registryAuth)
+		}
+	}
+	return cli.post(ctx, "/images/create", query, nil, hdr)
+}
diff --git a/vendor/github.com/moby/moby/client/image_pull_opts.go b/vendor/github.com/moby/moby/client/image_pull_opts.go
new file mode 100644
index 0000000000..1b78185dda
--- /dev/null
+++ b/vendor/github.com/moby/moby/client/image_pull_opts.go
@@ -0,0 +1,25 @@
+package client
+
+import (
+	"context"
+
+	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
+)
+
+// ImagePullOptions holds information to pull images.
+type ImagePullOptions struct {
+	All          bool
+	RegistryAuth string // RegistryAuth is the base64 encoded credentials for the registry
+
+	// PrivilegeFunc is a function that clients can supply to retry operations
+	// after getting an authorization error. This function returns the registry
+	// authentication header value in base64 encoded format, or an error if the
+	// privilege request fails.
+	//
+	// For details, refer to [github.com/moby/moby/api/types/registry.RequestAuthConfig].
+	PrivilegeFunc func(context.Context) (string, error)
+
+	// Platforms selects the platforms to pull. Multiple platforms can be
+	// specified if the image ia a multi-platform image.
+	Platforms []ocispec.Platform
+}
diff --git a/vendor/github.com/docker/docker/client/image_push.go b/vendor/github.com/moby/moby/client/image_push.go
similarity index 56%
rename from vendor/github.com/docker/docker/client/image_push.go
rename to vendor/github.com/moby/moby/client/image_push.go
index 8dbe0b1e5c..5dd8bc1407 100644
--- a/vendor/github.com/docker/docker/client/image_push.go
+++ b/vendor/github.com/moby/moby/client/image_push.go
@@ -6,26 +6,38 @@ import (
 	"errors"
 	"fmt"
 	"io"
+	"iter"
 	"net/http"
 	"net/url"
 
 	cerrdefs "github.com/containerd/errdefs"
 	"github.com/distribution/reference"
-	"github.com/docker/docker/api/types/image"
-	"github.com/docker/docker/api/types/registry"
+	"github.com/moby/moby/api/types/jsonstream"
+	"github.com/moby/moby/api/types/registry"
+	"github.com/moby/moby/client/internal"
 )
 
+type ImagePushResponse interface {
+	io.ReadCloser
+	JSONMessages(ctx context.Context) iter.Seq2[jsonstream.Message, error]
+	Wait(ctx context.Context) error
+}
+
 // ImagePush requests the docker host to push an image to a remote registry.
 // It executes the privileged function if the operation is unauthorized
 // and it tries one more time.
-// It's up to the caller to handle the io.ReadCloser and close it properly.
-func (cli *Client) ImagePush(ctx context.Context, image string, options image.PushOptions) (io.ReadCloser, error) {
+// Callers can
+//   - use [ImagePushResponse.Wait] to wait for push to complete
+//   - use [ImagePushResponse.JSONMessages] to monitor pull progress as a sequence
+//     of JSONMessages, [ImagePushResponse.Close] does not need to be called in this case.
+//   - use the [io.Reader] interface and call [ImagePushResponse.Close] after processing.
+func (cli *Client) ImagePush(ctx context.Context, image string, options ImagePushOptions) (ImagePushResponse, error) {
 	ref, err := reference.ParseNormalizedNamed(image)
 	if err != nil {
 		return nil, err
 	}
 
-	if _, isCanonical := ref.(reference.Canonical); isCanonical {
+	if _, ok := ref.(reference.Digested); ok {
 		return nil, errors.New("cannot push a digest reference")
 	}
 
@@ -38,7 +50,7 @@ func (cli *Client) ImagePush(ctx context.Context, image string, options image.Pu
 	}
 
 	if options.Platform != nil {
-		if err := cli.NewVersionError(ctx, "1.46", "platform"); err != nil {
+		if err := cli.requiresVersion(ctx, "1.46", "platform"); err != nil {
 			return nil, err
 		}
 
@@ -51,21 +63,28 @@ func (cli *Client) ImagePush(ctx context.Context, image string, options image.Pu
 		query.Set("platform", string(pJson))
 	}
 
-	resp, err := cli.tryImagePush(ctx, ref.Name(), query, options.RegistryAuth)
+	resp, err := cli.tryImagePush(ctx, ref.Name(), query, staticAuth(options.RegistryAuth))
 	if cerrdefs.IsUnauthorized(err) && options.PrivilegeFunc != nil {
-		newAuthHeader, privilegeErr := options.PrivilegeFunc(ctx)
-		if privilegeErr != nil {
-			return nil, privilegeErr
-		}
-		resp, err = cli.tryImagePush(ctx, ref.Name(), query, newAuthHeader)
+		resp, err = cli.tryImagePush(ctx, ref.Name(), query, options.PrivilegeFunc)
 	}
 	if err != nil {
 		return nil, err
 	}
-	return resp.Body, nil
+	return internal.NewJSONMessageStream(resp.Body), nil
 }
 
-func (cli *Client) tryImagePush(ctx context.Context, imageID string, query url.Values, registryAuth string) (*http.Response, error) {
+func (cli *Client) tryImagePush(ctx context.Context, imageID string, query url.Values, resolveAuth registry.RequestAuthConfig) (*http.Response, error) {
+	hdr := http.Header{}
+	if resolveAuth != nil {
+		registryAuth, err := resolveAuth(ctx)
+		if err != nil {
+			return nil, err
+		}
+		if registryAuth != "" {
+			hdr.Set(registry.AuthHeader, registryAuth)
+		}
+	}
+
 	// Always send a body (which may be an empty JSON document ("{}")) to prevent
 	// EOF errors on older daemons which had faulty fallback code for handling
 	// authentication in the body when no auth-header was set, resulting in;
@@ -75,7 +94,5 @@ func (cli *Client) tryImagePush(ctx context.Context, imageID string, query url.V
 	// We use [http.NoBody], which gets marshaled to an empty JSON document.
 	//
 	// see: https://github.com/moby/moby/commit/ea29dffaa541289591aa44fa85d2a596ce860e16
-	return cli.post(ctx, "/images/"+imageID+"/push", query, http.NoBody, http.Header{
-		registry.AuthHeader: {registryAuth},
-	})
+	return cli.post(ctx, "/images/"+imageID+"/push", query, http.NoBody, hdr)
 }
diff --git a/vendor/github.com/moby/moby/client/image_push_opts.go b/vendor/github.com/moby/moby/client/image_push_opts.go
new file mode 100644
index 0000000000..591c6b6057
--- /dev/null
+++ b/vendor/github.com/moby/moby/client/image_push_opts.go
@@ -0,0 +1,26 @@
+package client
+
+import (
+	"context"
+
+	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
+)
+
+// ImagePushOptions holds information to push images.
+type ImagePushOptions struct {
+	All          bool
+	RegistryAuth string // RegistryAuth is the base64 encoded credentials for the registry
+
+	// PrivilegeFunc is a function that clients can supply to retry operations
+	// after getting an authorization error. This function returns the registry
+	// authentication header value in base64 encoded format, or an error if the
+	// privilege request fails.
+	//
+	// For details, refer to [github.com/moby/moby/api/types/registry.RequestAuthConfig].
+	PrivilegeFunc func(context.Context) (string, error)
+
+	// Platform is an optional field that selects a specific platform to push
+	// when the image is a multi-platform image.
+	// Using this will only push a single platform-specific manifest.
+	Platform *ocispec.Platform `json:",omitempty"`
+}
diff --git a/vendor/github.com/docker/docker/client/image_remove.go b/vendor/github.com/moby/moby/client/image_remove.go
similarity index 75%
rename from vendor/github.com/docker/docker/client/image_remove.go
rename to vendor/github.com/moby/moby/client/image_remove.go
index 8f357c729a..095b4f04c4 100644
--- a/vendor/github.com/docker/docker/client/image_remove.go
+++ b/vendor/github.com/moby/moby/client/image_remove.go
@@ -5,11 +5,11 @@ import (
 	"encoding/json"
 	"net/url"
 
-	"github.com/docker/docker/api/types/image"
+	"github.com/moby/moby/api/types/image"
 )
 
 // ImageRemove removes an image from the docker host.
-func (cli *Client) ImageRemove(ctx context.Context, imageID string, options image.RemoveOptions) ([]image.DeleteResponse, error) {
+func (cli *Client) ImageRemove(ctx context.Context, imageID string, options ImageRemoveOptions) (ImageRemoveResult, error) {
 	query := url.Values{}
 
 	if options.Force {
@@ -22,7 +22,7 @@ func (cli *Client) ImageRemove(ctx context.Context, imageID string, options imag
 	if len(options.Platforms) > 0 {
 		p, err := encodePlatforms(options.Platforms...)
 		if err != nil {
-			return nil, err
+			return ImageRemoveResult{}, err
 		}
 		query["platforms"] = p
 	}
@@ -30,10 +30,10 @@ func (cli *Client) ImageRemove(ctx context.Context, imageID string, options imag
 	resp, err := cli.delete(ctx, "/images/"+imageID, query, nil)
 	defer ensureReaderClosed(resp)
 	if err != nil {
-		return nil, err
+		return ImageRemoveResult{}, err
 	}
 
 	var dels []image.DeleteResponse
 	err = json.NewDecoder(resp.Body).Decode(&dels)
-	return dels, err
+	return ImageRemoveResult{Items: dels}, err
 }
diff --git a/vendor/github.com/moby/moby/client/image_remove_opts.go b/vendor/github.com/moby/moby/client/image_remove_opts.go
new file mode 100644
index 0000000000..3b5d8a77f7
--- /dev/null
+++ b/vendor/github.com/moby/moby/client/image_remove_opts.go
@@ -0,0 +1,18 @@
+package client
+
+import (
+	"github.com/moby/moby/api/types/image"
+	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
+)
+
+// ImageRemoveOptions holds parameters to remove images.
+type ImageRemoveOptions struct {
+	Platforms     []ocispec.Platform
+	Force         bool
+	PruneChildren bool
+}
+
+// ImageRemoveResult holds the delete responses returned by the daemon.
+type ImageRemoveResult struct {
+	Items []image.DeleteResponse
+}
diff --git a/vendor/github.com/docker/docker/client/image_save.go b/vendor/github.com/moby/moby/client/image_save.go
similarity index 51%
rename from vendor/github.com/docker/docker/client/image_save.go
rename to vendor/github.com/moby/moby/client/image_save.go
index d2102becf1..508f88b7d2 100644
--- a/vendor/github.com/docker/docker/client/image_save.go
+++ b/vendor/github.com/moby/moby/client/image_save.go
@@ -6,11 +6,18 @@ import (
 	"net/url"
 )
 
-// ImageSave retrieves one or more images from the docker host as an io.ReadCloser.
+type ImageSaveResult interface {
+	io.ReadCloser
+}
+
+// ImageSave retrieves one or more images from the docker host as an
+// [ImageSaveResult]. Callers should close the reader, but the underlying
+// [io.ReadCloser] is automatically closed if the context is canceled,
 //
-// Platforms is an optional parameter that specifies the platforms to save from the image.
-// This is only has effect if the input image is a multi-platform image.
-func (cli *Client) ImageSave(ctx context.Context, imageIDs []string, saveOpts ...ImageSaveOption) (io.ReadCloser, error) {
+// Platforms is an optional parameter that specifies the platforms to save
+// from the image. Passing a platform only has an effect if the input image
+// is a multi-platform image.
+func (cli *Client) ImageSave(ctx context.Context, imageIDs []string, saveOpts ...ImageSaveOption) (ImageSaveResult, error) {
 	var opts imageSaveOpts
 	for _, opt := range saveOpts {
 		if err := opt.Apply(&opts); err != nil {
@@ -23,7 +30,7 @@ func (cli *Client) ImageSave(ctx context.Context, imageIDs []string, saveOpts ..
 	}
 
 	if len(opts.apiOptions.Platforms) > 0 {
-		if err := cli.NewVersionError(ctx, "1.48", "platform"); err != nil {
+		if err := cli.requiresVersion(ctx, "1.48", "platform"); err != nil {
 			return nil, err
 		}
 		p, err := encodePlatforms(opts.apiOptions.Platforms...)
@@ -37,5 +44,16 @@ func (cli *Client) ImageSave(ctx context.Context, imageIDs []string, saveOpts ..
 	if err != nil {
 		return nil, err
 	}
-	return resp.Body, nil
+	return &imageSaveResult{
+		ReadCloser: newCancelReadCloser(ctx, resp.Body),
+	}, nil
 }
+
+type imageSaveResult struct {
+	io.ReadCloser
+}
+
+var (
+	_ io.ReadCloser   = (*imageSaveResult)(nil)
+	_ ImageSaveResult = (*imageSaveResult)(nil)
+)
diff --git a/vendor/github.com/docker/docker/client/image_save_opts.go b/vendor/github.com/moby/moby/client/image_save_opts.go
similarity index 60%
rename from vendor/github.com/docker/docker/client/image_save_opts.go
rename to vendor/github.com/moby/moby/client/image_save_opts.go
index acd8f282b3..9c0b3b74a4 100644
--- a/vendor/github.com/docker/docker/client/image_save_opts.go
+++ b/vendor/github.com/moby/moby/client/image_save_opts.go
@@ -3,7 +3,6 @@ package client
 import (
 	"fmt"
 
-	"github.com/docker/docker/api/types/image"
 	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
 )
 
@@ -17,8 +16,11 @@ func (f imageSaveOptionFunc) Apply(o *imageSaveOpts) error {
 	return f(o)
 }
 
-// ImageSaveWithPlatforms sets the platforms to be saved from the image.
+// ImageSaveWithPlatforms sets the platforms to be saved from the image. It
+// produces an error if platforms are already set. This option only has an
+// effect if the input image is a multi-platform image.
 func ImageSaveWithPlatforms(platforms ...ocispec.Platform) ImageSaveOption {
+	// TODO(thaJeztah): verify the GoDoc; do we produce an error for a single-platform image without the given platform?
 	return imageSaveOptionFunc(func(opt *imageSaveOpts) error {
 		if opt.apiOptions.Platforms != nil {
 			return fmt.Errorf("platforms already set to %v", opt.apiOptions.Platforms)
@@ -29,5 +31,11 @@ func ImageSaveWithPlatforms(platforms ...ocispec.Platform) ImageSaveOption {
 }
 
 type imageSaveOpts struct {
-	apiOptions image.SaveOptions
+	apiOptions imageSaveOptions
+}
+
+type imageSaveOptions struct {
+	// Platforms selects the platforms to save if the image is a
+	// multi-platform image and has multiple variants.
+	Platforms []ocispec.Platform
 }
diff --git a/vendor/github.com/docker/docker/client/image_search.go b/vendor/github.com/moby/moby/client/image_search.go
similarity index 73%
rename from vendor/github.com/docker/docker/client/image_search.go
rename to vendor/github.com/moby/moby/client/image_search.go
index 8f5343b9da..6e280906a2 100644
--- a/vendor/github.com/docker/docker/client/image_search.go
+++ b/vendor/github.com/moby/moby/client/image_search.go
@@ -8,13 +8,12 @@ import (
 	"strconv"
 
 	cerrdefs "github.com/containerd/errdefs"
-	"github.com/docker/docker/api/types/filters"
-	"github.com/docker/docker/api/types/registry"
+	"github.com/moby/moby/api/types/registry"
 )
 
 // ImageSearch makes the docker host search by a term in a remote registry.
 // The list of results is not sorted in any fashion.
-func (cli *Client) ImageSearch(ctx context.Context, term string, options registry.SearchOptions) ([]registry.SearchResult, error) {
+func (cli *Client) ImageSearch(ctx context.Context, term string, options ImageSearchOptions) (ImageSearchResult, error) {
 	var results []registry.SearchResult
 	query := url.Values{}
 	query.Set("term", term)
@@ -22,29 +21,23 @@ func (cli *Client) ImageSearch(ctx context.Context, term string, options registr
 		query.Set("limit", strconv.Itoa(options.Limit))
 	}
 
-	if options.Filters.Len() > 0 {
-		filterJSON, err := filters.ToJSON(options.Filters)
-		if err != nil {
-			return results, err
-		}
-		query.Set("filters", filterJSON)
-	}
+	options.Filters.updateURLValues(query)
 
 	resp, err := cli.tryImageSearch(ctx, query, options.RegistryAuth)
 	defer ensureReaderClosed(resp)
 	if cerrdefs.IsUnauthorized(err) && options.PrivilegeFunc != nil {
 		newAuthHeader, privilegeErr := options.PrivilegeFunc(ctx)
 		if privilegeErr != nil {
-			return results, privilegeErr
+			return ImageSearchResult{}, privilegeErr
 		}
 		resp, err = cli.tryImageSearch(ctx, query, newAuthHeader)
 	}
 	if err != nil {
-		return results, err
+		return ImageSearchResult{}, err
 	}
 
 	err = json.NewDecoder(resp.Body).Decode(&results)
-	return results, err
+	return ImageSearchResult{Items: results}, err
 }
 
 func (cli *Client) tryImageSearch(ctx context.Context, query url.Values, registryAuth string) (*http.Response, error) {
diff --git a/vendor/github.com/moby/moby/client/image_search_opts.go b/vendor/github.com/moby/moby/client/image_search_opts.go
new file mode 100644
index 0000000000..95a7d41fa0
--- /dev/null
+++ b/vendor/github.com/moby/moby/client/image_search_opts.go
@@ -0,0 +1,27 @@
+package client
+
+import (
+	"context"
+
+	"github.com/moby/moby/api/types/registry"
+)
+
+// ImageSearchResult wraps results returned by ImageSearch.
+type ImageSearchResult struct {
+	Items []registry.SearchResult
+}
+
+// ImageSearchOptions holds parameters to search images with.
+type ImageSearchOptions struct {
+	RegistryAuth string
+
+	// PrivilegeFunc is a function that clients can supply to retry operations
+	// after getting an authorization error. This function returns the registry
+	// authentication header value in base64 encoded format, or an error if the
+	// privilege request fails.
+	//
+	// For details, refer to [github.com/moby/moby/api/types/registry.RequestAuthConfig].
+	PrivilegeFunc func(context.Context) (string, error)
+	Filters       Filters
+	Limit         int
+}
diff --git a/vendor/github.com/moby/moby/client/image_tag.go b/vendor/github.com/moby/moby/client/image_tag.go
new file mode 100644
index 0000000000..37272914f6
--- /dev/null
+++ b/vendor/github.com/moby/moby/client/image_tag.go
@@ -0,0 +1,50 @@
+package client
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"net/url"
+
+	"github.com/distribution/reference"
+)
+
+// ImageTagOptions holds options for [Client.ImageTag].
+type ImageTagOptions struct {
+	Source string
+	Target string
+}
+
+// ImageTagResult holds the result of [Client.ImageTag].
+type ImageTagResult struct{}
+
+// ImageTag tags an image in the docker host
+func (cli *Client) ImageTag(ctx context.Context, options ImageTagOptions) (ImageTagResult, error) {
+	source := options.Source
+	target := options.Target
+
+	if _, err := reference.ParseAnyReference(source); err != nil {
+		return ImageTagResult{}, fmt.Errorf("error parsing reference: %q is not a valid repository/tag: %w", source, err)
+	}
+
+	ref, err := reference.ParseNormalizedNamed(target)
+	if err != nil {
+		return ImageTagResult{}, fmt.Errorf("error parsing reference: %q is not a valid repository/tag: %w", target, err)
+	}
+
+	if _, ok := ref.(reference.Digested); ok {
+		return ImageTagResult{}, errors.New("refusing to create a tag with a digest reference")
+	}
+
+	ref = reference.TagNameOnly(ref)
+
+	query := url.Values{}
+	query.Set("repo", ref.Name())
+	if tagged, ok := ref.(reference.Tagged); ok {
+		query.Set("tag", tagged.Tag())
+	}
+
+	resp, err := cli.post(ctx, "/images/"+source+"/tag", query, nil, nil)
+	defer ensureReaderClosed(resp)
+	return ImageTagResult{}, err
+}
diff --git a/vendor/github.com/moby/moby/client/internal/json-stream.go b/vendor/github.com/moby/moby/client/internal/json-stream.go
new file mode 100644
index 0000000000..07d07bd7e3
--- /dev/null
+++ b/vendor/github.com/moby/moby/client/internal/json-stream.go
@@ -0,0 +1,50 @@
+package internal
+
+import (
+	"encoding/json"
+	"io"
+	"slices"
+
+	"github.com/moby/moby/api/types"
+)
+
+const rs = 0x1E
+
+type DecoderFn func(v any) error
+
+// NewJSONStreamDecoder builds adequate DecoderFn to read json records formatted with specified content-type
+func NewJSONStreamDecoder(r io.Reader, contentType string) DecoderFn {
+	switch contentType {
+	case types.MediaTypeJSONSequence:
+		return json.NewDecoder(NewRSFilterReader(r)).Decode
+	case types.MediaTypeJSON, types.MediaTypeNDJSON, types.MediaTypeJSONLines:
+		fallthrough
+	default:
+		return json.NewDecoder(r).Decode
+	}
+}
+
+// RSFilterReader wraps an io.Reader and filters out ASCII RS characters
+type RSFilterReader struct {
+	reader io.Reader
+	buffer []byte
+}
+
+// NewRSFilterReader creates a new RSFilterReader that filters out RS characters
+func NewRSFilterReader(r io.Reader) *RSFilterReader {
+	return &RSFilterReader{
+		reader: r,
+		buffer: make([]byte, 4096), // Internal buffer for reading chunks
+	}
+}
+
+// Read implements the io.Reader interface, filtering out RS characters
+func (r *RSFilterReader) Read(p []byte) (n int, err error) {
+	if len(p) == 0 {
+		return 0, nil
+	}
+
+	n, err = r.reader.Read(p)
+	filtered := slices.DeleteFunc(p[:n], func(b byte) bool { return b == rs })
+	return len(filtered), err
+}
diff --git a/vendor/github.com/moby/moby/client/internal/jsonmessages.go b/vendor/github.com/moby/moby/client/internal/jsonmessages.go
new file mode 100644
index 0000000000..31262fd8e2
--- /dev/null
+++ b/vendor/github.com/moby/moby/client/internal/jsonmessages.go
@@ -0,0 +1,84 @@
+package internal
+
+import (
+	"context"
+	"encoding/json"
+	"errors"
+	"io"
+	"iter"
+	"sync"
+
+	"github.com/moby/moby/api/types/jsonstream"
+)
+
+func NewJSONMessageStream(rc io.ReadCloser) Stream {
+	if rc == nil {
+		panic("nil io.ReadCloser")
+	}
+	return Stream{
+		rc:    rc,
+		close: sync.OnceValue(rc.Close),
+	}
+}
+
+type Stream struct {
+	rc    io.ReadCloser
+	close func() error
+}
+
+// Read implements io.ReadCloser
+func (r Stream) Read(p []byte) (n int, err error) {
+	if r.rc == nil {
+		return 0, io.EOF
+	}
+	return r.rc.Read(p)
+}
+
+// Close implements io.ReadCloser
+func (r Stream) Close() error {
+	if r.close == nil {
+		return nil
+	}
+	return r.close()
+}
+
+var _ io.ReadCloser = Stream{}
+
+// JSONMessages decodes the response stream as a sequence of JSONMessages.
+// if stream ends or context is cancelled, the underlying [io.Reader] is closed.
+func (r Stream) JSONMessages(ctx context.Context) iter.Seq2[jsonstream.Message, error] {
+	stop := context.AfterFunc(ctx, func() {
+		_ = r.Close()
+	})
+	dec := json.NewDecoder(r)
+	return func(yield func(jsonstream.Message, error) bool) {
+		defer func() {
+			stop() // unregister AfterFunc
+			r.Close()
+		}()
+		for {
+			var jm jsonstream.Message
+			err := dec.Decode(&jm)
+			if errors.Is(err, io.EOF) {
+				break
+			}
+			if ctx.Err() != nil {
+				yield(jm, ctx.Err())
+				return
+			}
+			if !yield(jm, err) {
+				return
+			}
+		}
+	}
+}
+
+// Wait waits for operation to complete and detects errors reported as JSONMessage
+func (r Stream) Wait(ctx context.Context) error {
+	for _, err := range r.JSONMessages(ctx) {
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}
diff --git a/vendor/github.com/moby/moby/client/internal/mod/mod.go b/vendor/github.com/moby/moby/client/internal/mod/mod.go
new file mode 100644
index 0000000000..355eb95326
--- /dev/null
+++ b/vendor/github.com/moby/moby/client/internal/mod/mod.go
@@ -0,0 +1,226 @@
+// Package mod provides a small helper to extract a module's version
+// from [debug.BuildInfo] without depending on [golang.org/x/mod].
+//
+// [golang.org/x/mod]: https://pkg.go.dev/golang.org/x/mod
+package mod
+
+import (
+	"fmt"
+	"runtime/debug"
+	"strconv"
+	"strings"
+	"sync"
+)
+
+var readBuildInfo = sync.OnceValues(debug.ReadBuildInfo)
+
+// Version returns a best-effort version string for the given module path,
+// similar to [mod.Version] in the daemon.
+//
+// If the module is present in [debug.BuildInfo] dependencies, its version
+// is returned. Tagged versions are returned as-is (with "+incompatible"
+// stripped). [Pseudo-versions] are normalized to:
+//
+//	<base>+<revision>[+meta...][+dirty]
+//
+// Where "<base>" matches the behavior of [module.PseudoVersionBase] (i.e.,
+// downgrade to the previous tag for non-prerelease Pseudo-versions).
+//
+// If the module is replaced (for example via go.work or replace directives),
+// or no usable version information is available, Version returns an empty string.
+//
+// The returned value is intended for display purposes (e.g., in a default
+// User-Agent), not for version comparison.
+//
+// [mod.Version]: https://pkg.go.dev/github.com/moby/moby/v2@v2.0.0-beta.7/daemon/internal/builder-next/worker/mod#Version
+// [module.PseudoVersionBase]: https://pkg.go.dev/golang.org/x/mod@v0.34.0/module#PseudoVersionBase
+// [Pseudo-versions]: https://cs.opensource.google/go/x/mod/+/refs/tags/v0.34.0:module/pseudo.go;l=5-33
+func Version(name string) string {
+	bi, ok := readBuildInfo()
+	if !ok || bi == nil {
+		return ""
+	}
+	return moduleVersion(name, bi)
+}
+
+func moduleVersion(name string, bi *debug.BuildInfo) (modVersion string) {
+	if bi == nil {
+		return ""
+	}
+
+	// Check if we're the main module.
+	if v, ok := getVersion(name, &bi.Main); ok {
+		return v
+	}
+
+	// iterate over all dependencies and find name
+	for _, dep := range bi.Deps {
+		if v, ok := getVersion(name, dep); ok {
+			return v
+		}
+	}
+
+	return ""
+}
+
+func getVersion(name string, dep *debug.Module) (string, bool) {
+	if dep == nil || dep.Path != name {
+		return "", false
+	}
+
+	v := dep.Version
+	if dep.Replace != nil && dep.Replace.Version != "" {
+		v = dep.Replace.Version
+	}
+	if v == "" || v == "(devel)" {
+		return "", true
+	}
+
+	return normalize(v), true
+}
+
+// normalize converts a Go module version into a display-friendly form:
+//
+//   - strips "+incompatible" unconditionally
+//   - if pseudo: vX.Y.Z[-pre][+rev][+meta...][+dirty]
+//   - if tagged: vX.Y.Z[-pre][+meta...][+dirty]
+func normalize(v string) string {
+	base, metas, dirty := splitMetadata(v)
+
+	out := base
+	if base2, rev, undoPatch, ok := splitPseudo(base); ok {
+		if undoPatch {
+			// Downgrade the patch version that was raised by pseudo-versions:
+			//
+			//	(2) vX.Y.(Z+1)-0.yyyymmddhhmmss-abcdef123456
+			if major, minor, patch, ok := parseSemVer(base2); ok && patch > 0 {
+				patch--
+				base2 = fmt.Sprintf("v%d.%d.%d", major, minor, patch)
+			}
+		}
+		// Go pseudo rev is typically 12, but be defensive.
+		if len(rev) > 12 {
+			rev = rev[:12]
+		}
+		out = base2 + "+" + rev
+	}
+
+	// Preserve other metadata (except for "+incompatible").
+	for _, m := range metas {
+		out += m
+	}
+	if dirty {
+		// +dirty goes last
+		out += "+dirty"
+	}
+	return out
+}
+
+func splitMetadata(v string) (base string, metas []string, dirty bool) {
+	base, meta, ok := strings.Cut(v, "+")
+	if !ok || meta == "" {
+		return base, nil, false
+	}
+	for m := range strings.SplitSeq(meta, "+") {
+		// drop incompatible, extract dirty, preserve everything else.
+		switch m {
+		case "incompatible", "":
+			// drop "+incompatible" and empty strings
+		case "dirty":
+			dirty = true
+		default:
+			metas = append(metas, "+"+m)
+		}
+	}
+
+	return base, metas, dirty
+}
+
+// splitPseudo splits a pseudo-version into base + revision, and reports whether
+// it is a (Z+1) pseudo that needs patch undo.
+//
+// Supported (after stripping +incompatible/+dirty metadata):
+//
+// (1) vX.0.0-yyyymmddhhmmss-abcdef123456
+// (2) vX.Y.(Z+1)-0.yyyymmddhhmmss-abcdef123456
+// (4) vX.Y.Z-pre.0.yyyymmddhhmmss-abcdef123456
+func splitPseudo(v string) (base, rev string, undoPatch bool, ok bool) {
+	// Split off revision at the last '-'.
+	last := strings.LastIndexByte(v, '-')
+	if last < 0 || last+1 >= len(v) {
+		return "", "", false, false
+	}
+	rev = v[last+1:]
+	left := v[:last]
+
+	// First try the dot-joined timestamp forms:
+	//   ...-0.<ts>   (release pseudo; undoPatch)
+	//   ....0.<ts>   (prerelease pseudo; preserve prerelease)
+	if dot := strings.LastIndexByte(left, '.'); dot > 0 && dot+1 < len(left) {
+		ts := left[dot+1:]
+		if isTimestamp(ts) {
+			prefix := left[:dot] // ends with "-0" or ".0" for forms (2)/(4)
+			switch {
+			case strings.HasSuffix(prefix, "-0"):
+				// (2) vX.Y.(Z+1)-0.yyyymmddhhmmss-abcdef123456
+				return prefix[:len(prefix)-2], rev, true, true
+			case strings.HasSuffix(prefix, ".0"):
+				// (4) vX.Y.Z-pre.0.yyyymmddhhmmss-abcdef123456
+				return prefix[:len(prefix)-2], rev, false, true
+			}
+		}
+	}
+
+	// Fall back to form (1): ...-<ts>-<rev>
+	//
+	// (1) vX.0.0-yyyymmddhhmmss-abcdef123456
+	if dash := strings.LastIndexByte(left, '-'); dash > 0 && dash+1 < len(left) {
+		ts := left[dash+1:]
+		if isTimestamp(ts) {
+			return left[:dash], rev, false, true
+		}
+	}
+
+	return "", "", false, false
+}
+
+// isTimestamp checks whether s is a timestamp ("yyyymmddhhmmss")
+// component in a module version (vX.0.0-yyyymmddhhmmss-abcdef123456).
+func isTimestamp(s string) bool {
+	if len(s) != 14 {
+		return false
+	}
+	for i := range len(s) {
+		c := s[i]
+		if c < '0' || c > '9' {
+			return false
+		}
+	}
+	return true
+}
+
+// parseSemVer parses "vX.Y.Z" into numeric components.
+// It intentionally handles only the strict three-segment core form.
+func parseSemVer(v string) (major, minor, patch int, ok bool) {
+	if len(v) < 2 || v[0] != 'v' {
+		return 0, 0, 0, false
+	}
+	parts := strings.Split(v[1:], ".")
+	if len(parts) != 3 {
+		return 0, 0, 0, false
+	}
+	var err error
+	major, err = strconv.Atoi(parts[0])
+	if err != nil {
+		return 0, 0, 0, false
+	}
+	minor, err = strconv.Atoi(parts[1])
+	if err != nil {
+		return 0, 0, 0, false
+	}
+	patch, err = strconv.Atoi(parts[2])
+	if err != nil {
+		return 0, 0, 0, false
+	}
+	return major, minor, patch, true
+}
diff --git a/vendor/github.com/docker/docker/api/types/time/timestamp.go b/vendor/github.com/moby/moby/client/internal/timestamp/timestamp.go
similarity index 99%
rename from vendor/github.com/docker/docker/api/types/time/timestamp.go
rename to vendor/github.com/moby/moby/client/internal/timestamp/timestamp.go
index 0e1df38a43..7b175f0c93 100644
--- a/vendor/github.com/docker/docker/api/types/time/timestamp.go
+++ b/vendor/github.com/moby/moby/client/internal/timestamp/timestamp.go
@@ -1,4 +1,4 @@
-package time
+package timestamp
 
 import (
 	"fmt"
diff --git a/vendor/github.com/moby/moby/client/login.go b/vendor/github.com/moby/moby/client/login.go
new file mode 100644
index 0000000000..b295080ab7
--- /dev/null
+++ b/vendor/github.com/moby/moby/client/login.go
@@ -0,0 +1,45 @@
+package client
+
+import (
+	"context"
+	"encoding/json"
+	"net/url"
+
+	"github.com/moby/moby/api/types/registry"
+)
+
+type RegistryLoginOptions struct {
+	Username      string
+	Password      string
+	ServerAddress string
+	IdentityToken string
+	RegistryToken string
+}
+
+// RegistryLoginResult holds the result of a RegistryLogin query.
+type RegistryLoginResult struct {
+	Auth registry.AuthResponse
+}
+
+// RegistryLogin authenticates the docker server with a given docker registry.
+// It returns unauthorizedError when the authentication fails.
+func (cli *Client) RegistryLogin(ctx context.Context, options RegistryLoginOptions) (RegistryLoginResult, error) {
+	auth := registry.AuthConfig{
+		Username:      options.Username,
+		Password:      options.Password,
+		ServerAddress: options.ServerAddress,
+		IdentityToken: options.IdentityToken,
+		RegistryToken: options.RegistryToken,
+	}
+
+	resp, err := cli.post(ctx, "/auth", url.Values{}, auth, nil)
+	defer ensureReaderClosed(resp)
+
+	if err != nil {
+		return RegistryLoginResult{}, err
+	}
+
+	var response registry.AuthResponse
+	err = json.NewDecoder(resp.Body).Decode(&response)
+	return RegistryLoginResult{Auth: response}, err
+}
diff --git a/vendor/github.com/moby/moby/client/network_connect.go b/vendor/github.com/moby/moby/client/network_connect.go
new file mode 100644
index 0000000000..40db955a90
--- /dev/null
+++ b/vendor/github.com/moby/moby/client/network_connect.go
@@ -0,0 +1,40 @@
+package client
+
+import (
+	"context"
+
+	"github.com/moby/moby/api/types/network"
+)
+
+// NetworkConnectOptions represents the data to be used to connect a container to the
+// network.
+type NetworkConnectOptions struct {
+	Container      string
+	EndpointConfig *network.EndpointSettings
+}
+
+// NetworkConnectResult represents the result of a NetworkConnect operation.
+type NetworkConnectResult struct {
+	// Currently empty; placeholder for future fields.
+}
+
+// NetworkConnect connects a container to an existent network in the docker host.
+func (cli *Client) NetworkConnect(ctx context.Context, networkID string, options NetworkConnectOptions) (NetworkConnectResult, error) {
+	networkID, err := trimID("network", networkID)
+	if err != nil {
+		return NetworkConnectResult{}, err
+	}
+
+	containerID, err := trimID("container", options.Container)
+	if err != nil {
+		return NetworkConnectResult{}, err
+	}
+
+	nc := network.ConnectRequest{
+		Container:      containerID,
+		EndpointConfig: options.EndpointConfig,
+	}
+	resp, err := cli.post(ctx, "/networks/"+networkID+"/connect", nil, nc, nil)
+	defer ensureReaderClosed(resp)
+	return NetworkConnectResult{}, err
+}
diff --git a/vendor/github.com/moby/moby/client/network_create.go b/vendor/github.com/moby/moby/client/network_create.go
new file mode 100644
index 0000000000..25ea32af45
--- /dev/null
+++ b/vendor/github.com/moby/moby/client/network_create.go
@@ -0,0 +1,69 @@
+package client
+
+import (
+	"context"
+	"encoding/json"
+
+	"github.com/moby/moby/api/types/network"
+)
+
+// NetworkCreateOptions holds options to create a network.
+type NetworkCreateOptions struct {
+	Driver     string            // Driver is the driver-name used to create the network (e.g. `bridge`, `overlay`)
+	Scope      string            // Scope describes the level at which the network exists (e.g. `swarm` for cluster-wide or `local` for machine level).
+	EnableIPv4 *bool             // EnableIPv4 represents whether to enable IPv4.
+	EnableIPv6 *bool             // EnableIPv6 represents whether to enable IPv6.
+	IPAM       *network.IPAM     // IPAM is the network's IP Address Management.
+	Internal   bool              // Internal represents if the network is used internal only.
+	Attachable bool              // Attachable represents if the global scope is manually attachable by regular containers from workers in swarm mode.
+	Ingress    bool              // Ingress indicates the network is providing the routing-mesh for the swarm cluster.
+	ConfigOnly bool              // ConfigOnly creates a config-only network. Config-only networks are place-holder networks for network configurations to be used by other networks. ConfigOnly networks cannot be used directly to run containers or services.
+	ConfigFrom string            // ConfigFrom specifies the source which will provide the configuration for this network. The specified network must be a config-only network; see [CreateOptions.ConfigOnly].
+	Options    map[string]string // Options specifies the network-specific options to use for when creating the network.
+	Labels     map[string]string // Labels holds metadata specific to the network being created.
+}
+
+// NetworkCreateResult represents the result of a network create operation.
+type NetworkCreateResult struct {
+	ID string
+
+	Warning []string
+}
+
+// NetworkCreate creates a new network in the docker host.
+func (cli *Client) NetworkCreate(ctx context.Context, name string, options NetworkCreateOptions) (NetworkCreateResult, error) {
+	req := network.CreateRequest{
+		Name:       name,
+		Driver:     options.Driver,
+		Scope:      options.Scope,
+		EnableIPv4: options.EnableIPv4,
+		EnableIPv6: options.EnableIPv6,
+		IPAM:       options.IPAM,
+		Internal:   options.Internal,
+		Attachable: options.Attachable,
+		Ingress:    options.Ingress,
+		ConfigOnly: options.ConfigOnly,
+		Options:    options.Options,
+		Labels:     options.Labels,
+	}
+
+	if options.ConfigFrom != "" {
+		req.ConfigFrom = &network.ConfigReference{Network: options.ConfigFrom}
+	}
+
+	resp, err := cli.post(ctx, "/networks/create", nil, req, nil)
+	defer ensureReaderClosed(resp)
+	if err != nil {
+		return NetworkCreateResult{}, err
+	}
+
+	var response network.CreateResponse
+	err = json.NewDecoder(resp.Body).Decode(&response)
+
+	var warnings []string
+	if response.Warning != "" {
+		warnings = []string{response.Warning}
+	}
+
+	return NetworkCreateResult{ID: response.ID, Warning: warnings}, err
+}
diff --git a/vendor/github.com/moby/moby/client/network_disconnect.go b/vendor/github.com/moby/moby/client/network_disconnect.go
new file mode 100644
index 0000000000..64a1796b8d
--- /dev/null
+++ b/vendor/github.com/moby/moby/client/network_disconnect.go
@@ -0,0 +1,40 @@
+package client
+
+import (
+	"context"
+
+	"github.com/moby/moby/api/types/network"
+)
+
+// NetworkDisconnectOptions represents the data to be used to disconnect a container
+// from the network.
+type NetworkDisconnectOptions struct {
+	Container string
+	Force     bool
+}
+
+// NetworkDisconnectResult represents the result of a NetworkDisconnect operation.
+type NetworkDisconnectResult struct {
+	// Currently empty; placeholder for future fields.
+}
+
+// NetworkDisconnect disconnects a container from an existent network in the docker host.
+func (cli *Client) NetworkDisconnect(ctx context.Context, networkID string, options NetworkDisconnectOptions) (NetworkDisconnectResult, error) {
+	networkID, err := trimID("network", networkID)
+	if err != nil {
+		return NetworkDisconnectResult{}, err
+	}
+
+	containerID, err := trimID("container", options.Container)
+	if err != nil {
+		return NetworkDisconnectResult{}, err
+	}
+
+	req := network.DisconnectRequest{
+		Container: containerID,
+		Force:     options.Force,
+	}
+	resp, err := cli.post(ctx, "/networks/"+networkID+"/disconnect", nil, req, nil)
+	defer ensureReaderClosed(resp)
+	return NetworkDisconnectResult{}, err
+}
diff --git a/vendor/github.com/moby/moby/client/network_inspect.go b/vendor/github.com/moby/moby/client/network_inspect.go
new file mode 100644
index 0000000000..7757805276
--- /dev/null
+++ b/vendor/github.com/moby/moby/client/network_inspect.go
@@ -0,0 +1,39 @@
+package client
+
+import (
+	"context"
+	"encoding/json"
+	"net/url"
+
+	"github.com/moby/moby/api/types/network"
+)
+
+// NetworkInspectResult contains the result of a network inspection.
+type NetworkInspectResult struct {
+	Network network.Inspect
+	Raw     json.RawMessage
+}
+
+// NetworkInspect returns the information for a specific network configured in the docker host.
+func (cli *Client) NetworkInspect(ctx context.Context, networkID string, options NetworkInspectOptions) (NetworkInspectResult, error) {
+	networkID, err := trimID("network", networkID)
+	if err != nil {
+		return NetworkInspectResult{}, err
+	}
+	query := url.Values{}
+	if options.Verbose {
+		query.Set("verbose", "true")
+	}
+	if options.Scope != "" {
+		query.Set("scope", options.Scope)
+	}
+
+	resp, err := cli.get(ctx, "/networks/"+networkID, query, nil)
+	if err != nil {
+		return NetworkInspectResult{}, err
+	}
+
+	var out NetworkInspectResult
+	out.Raw, err = decodeWithRaw(resp, &out.Network)
+	return out, err
+}
diff --git a/vendor/github.com/moby/moby/client/network_inspect_opts.go b/vendor/github.com/moby/moby/client/network_inspect_opts.go
new file mode 100644
index 0000000000..d83f113e17
--- /dev/null
+++ b/vendor/github.com/moby/moby/client/network_inspect_opts.go
@@ -0,0 +1,7 @@
+package client
+
+// NetworkInspectOptions holds parameters to inspect network.
+type NetworkInspectOptions struct {
+	Scope   string
+	Verbose bool
+}
diff --git a/vendor/github.com/moby/moby/client/network_list.go b/vendor/github.com/moby/moby/client/network_list.go
new file mode 100644
index 0000000000..d65f560974
--- /dev/null
+++ b/vendor/github.com/moby/moby/client/network_list.go
@@ -0,0 +1,28 @@
+package client
+
+import (
+	"context"
+	"encoding/json"
+	"net/url"
+
+	"github.com/moby/moby/api/types/network"
+)
+
+// NetworkListResult holds the result from the [Client.NetworkList] method.
+type NetworkListResult struct {
+	Items []network.Summary
+}
+
+// NetworkList returns the list of networks configured in the docker host.
+func (cli *Client) NetworkList(ctx context.Context, options NetworkListOptions) (NetworkListResult, error) {
+	query := url.Values{}
+	options.Filters.updateURLValues(query)
+	resp, err := cli.get(ctx, "/networks", query, nil)
+	defer ensureReaderClosed(resp)
+	if err != nil {
+		return NetworkListResult{}, err
+	}
+	var res NetworkListResult
+	err = json.NewDecoder(resp.Body).Decode(&res.Items)
+	return res, err
+}
diff --git a/vendor/github.com/moby/moby/client/network_list_opts.go b/vendor/github.com/moby/moby/client/network_list_opts.go
new file mode 100644
index 0000000000..0d21ab3138
--- /dev/null
+++ b/vendor/github.com/moby/moby/client/network_list_opts.go
@@ -0,0 +1,6 @@
+package client
+
+// NetworkListOptions holds parameters to filter the list of networks with.
+type NetworkListOptions struct {
+	Filters Filters
+}
diff --git a/vendor/github.com/moby/moby/client/network_prune.go b/vendor/github.com/moby/moby/client/network_prune.go
new file mode 100644
index 0000000000..55f7cac029
--- /dev/null
+++ b/vendor/github.com/moby/moby/client/network_prune.go
@@ -0,0 +1,39 @@
+package client
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"net/url"
+
+	"github.com/moby/moby/api/types/network"
+)
+
+// NetworkPruneOptions holds parameters to prune networks.
+type NetworkPruneOptions struct {
+	Filters Filters
+}
+
+// NetworkPruneResult holds the result from the [Client.NetworkPrune] method.
+type NetworkPruneResult struct {
+	Report network.PruneReport
+}
+
+// NetworkPrune requests the daemon to delete unused networks
+func (cli *Client) NetworkPrune(ctx context.Context, opts NetworkPruneOptions) (NetworkPruneResult, error) {
+	query := url.Values{}
+	opts.Filters.updateURLValues(query)
+
+	resp, err := cli.post(ctx, "/networks/prune", query, nil, nil)
+	defer ensureReaderClosed(resp)
+	if err != nil {
+		return NetworkPruneResult{}, err
+	}
+
+	var report network.PruneReport
+	if err := json.NewDecoder(resp.Body).Decode(&report); err != nil {
+		return NetworkPruneResult{}, fmt.Errorf("Error retrieving network prune report: %v", err)
+	}
+
+	return NetworkPruneResult{Report: report}, nil
+}
diff --git a/vendor/github.com/moby/moby/client/network_remove.go b/vendor/github.com/moby/moby/client/network_remove.go
new file mode 100644
index 0000000000..2bceb0d934
--- /dev/null
+++ b/vendor/github.com/moby/moby/client/network_remove.go
@@ -0,0 +1,26 @@
+package client
+
+import (
+	"context"
+)
+
+// NetworkRemoveOptions specifies options for removing a network.
+type NetworkRemoveOptions struct {
+	// No options currently; placeholder for future use.
+}
+
+// NetworkRemoveResult represents the result of a network removal operation.
+type NetworkRemoveResult struct {
+	// No fields currently; placeholder for future use.
+}
+
+// NetworkRemove removes an existent network from the docker host.
+func (cli *Client) NetworkRemove(ctx context.Context, networkID string, options NetworkRemoveOptions) (NetworkRemoveResult, error) {
+	networkID, err := trimID("network", networkID)
+	if err != nil {
+		return NetworkRemoveResult{}, err
+	}
+	resp, err := cli.delete(ctx, "/networks/"+networkID, nil, nil)
+	defer ensureReaderClosed(resp)
+	return NetworkRemoveResult{}, err
+}
diff --git a/vendor/github.com/moby/moby/client/node_inspect.go b/vendor/github.com/moby/moby/client/node_inspect.go
new file mode 100644
index 0000000000..ed482152cc
--- /dev/null
+++ b/vendor/github.com/moby/moby/client/node_inspect.go
@@ -0,0 +1,42 @@
+package client
+
+import (
+	"bytes"
+	"context"
+	"encoding/json"
+	"io"
+
+	"github.com/moby/moby/api/types/swarm"
+)
+
+// NodeInspectOptions holds parameters to inspect nodes with.
+type NodeInspectOptions struct{}
+
+// NodeInspectResult holds the result of [Client.NodeInspect].
+type NodeInspectResult struct {
+	Node swarm.Node
+	Raw  json.RawMessage
+}
+
+// NodeInspect returns the node information.
+func (cli *Client) NodeInspect(ctx context.Context, nodeID string, options NodeInspectOptions) (NodeInspectResult, error) {
+	nodeID, err := trimID("node", nodeID)
+	if err != nil {
+		return NodeInspectResult{}, err
+	}
+	resp, err := cli.get(ctx, "/nodes/"+nodeID, nil, nil)
+	defer ensureReaderClosed(resp)
+	if err != nil {
+		return NodeInspectResult{}, err
+	}
+
+	body, err := io.ReadAll(resp.Body)
+	if err != nil {
+		return NodeInspectResult{}, err
+	}
+
+	var response swarm.Node
+	rdr := bytes.NewReader(body)
+	err = json.NewDecoder(rdr).Decode(&response)
+	return NodeInspectResult{Node: response, Raw: body}, err
+}
diff --git a/vendor/github.com/moby/moby/client/node_list.go b/vendor/github.com/moby/moby/client/node_list.go
new file mode 100644
index 0000000000..aec3355e40
--- /dev/null
+++ b/vendor/github.com/moby/moby/client/node_list.go
@@ -0,0 +1,34 @@
+package client
+
+import (
+	"context"
+	"encoding/json"
+	"net/url"
+
+	"github.com/moby/moby/api/types/swarm"
+)
+
+// NodeListOptions holds parameters to list nodes with.
+type NodeListOptions struct {
+	Filters Filters
+}
+
+// NodeListResult holds the result of [Client.NodeList].
+type NodeListResult struct {
+	Items []swarm.Node
+}
+
+// NodeList returns the list of nodes.
+func (cli *Client) NodeList(ctx context.Context, options NodeListOptions) (NodeListResult, error) {
+	query := url.Values{}
+	options.Filters.updateURLValues(query)
+	resp, err := cli.get(ctx, "/nodes", query, nil)
+	defer ensureReaderClosed(resp)
+	if err != nil {
+		return NodeListResult{}, err
+	}
+
+	var nodes []swarm.Node
+	err = json.NewDecoder(resp.Body).Decode(&nodes)
+	return NodeListResult{Items: nodes}, err
+}
diff --git a/vendor/github.com/docker/docker/client/node_remove.go b/vendor/github.com/moby/moby/client/node_remove.go
similarity index 53%
rename from vendor/github.com/docker/docker/client/node_remove.go
rename to vendor/github.com/moby/moby/client/node_remove.go
index 644fe13810..2a88cf80e3 100644
--- a/vendor/github.com/docker/docker/client/node_remove.go
+++ b/vendor/github.com/moby/moby/client/node_remove.go
@@ -3,15 +3,21 @@ package client
 import (
 	"context"
 	"net/url"
-
-	"github.com/docker/docker/api/types/swarm"
 )
 
+// NodeRemoveOptions holds parameters to remove nodes with.
+type NodeRemoveOptions struct {
+	Force bool
+}
+
+// NodeRemoveResult holds the result of [Client.NodeRemove].
+type NodeRemoveResult struct{}
+
 // NodeRemove removes a Node.
-func (cli *Client) NodeRemove(ctx context.Context, nodeID string, options swarm.NodeRemoveOptions) error {
+func (cli *Client) NodeRemove(ctx context.Context, nodeID string, options NodeRemoveOptions) (NodeRemoveResult, error) {
 	nodeID, err := trimID("node", nodeID)
 	if err != nil {
-		return err
+		return NodeRemoveResult{}, err
 	}
 
 	query := url.Values{}
@@ -21,5 +27,5 @@ func (cli *Client) NodeRemove(ctx context.Context, nodeID string, options swarm.
 
 	resp, err := cli.delete(ctx, "/nodes/"+nodeID, query, nil)
 	defer ensureReaderClosed(resp)
-	return err
+	return NodeRemoveResult{}, err
 }
diff --git a/vendor/github.com/moby/moby/client/node_update.go b/vendor/github.com/moby/moby/client/node_update.go
new file mode 100644
index 0000000000..24f87a4df5
--- /dev/null
+++ b/vendor/github.com/moby/moby/client/node_update.go
@@ -0,0 +1,31 @@
+package client
+
+import (
+	"context"
+	"net/url"
+
+	"github.com/moby/moby/api/types/swarm"
+)
+
+// NodeUpdateOptions holds parameters to update nodes with.
+type NodeUpdateOptions struct {
+	Version swarm.Version
+	Spec    swarm.NodeSpec
+}
+
+// NodeUpdateResult holds the result of [Client.NodeUpdate].
+type NodeUpdateResult struct{}
+
+// NodeUpdate updates a Node.
+func (cli *Client) NodeUpdate(ctx context.Context, nodeID string, options NodeUpdateOptions) (NodeUpdateResult, error) {
+	nodeID, err := trimID("node", nodeID)
+	if err != nil {
+		return NodeUpdateResult{}, err
+	}
+
+	query := url.Values{}
+	query.Set("version", options.Version.String())
+	resp, err := cli.post(ctx, "/nodes/"+nodeID+"/update", query, options.Spec, nil)
+	defer ensureReaderClosed(resp)
+	return NodeUpdateResult{}, err
+}
diff --git a/vendor/github.com/moby/moby/client/ping.go b/vendor/github.com/moby/moby/client/ping.go
new file mode 100644
index 0000000000..d315e4b98b
--- /dev/null
+++ b/vendor/github.com/moby/moby/client/ping.go
@@ -0,0 +1,166 @@
+package client
+
+import (
+	"context"
+	"net/http"
+	"path"
+	"strings"
+
+	"github.com/moby/moby/api/types/build"
+	"github.com/moby/moby/api/types/swarm"
+)
+
+// PingOptions holds options for [client.Ping].
+type PingOptions struct {
+	// NegotiateAPIVersion queries the API and updates the version to match the API
+	// version. NegotiateAPIVersion downgrades the client's API version to match the
+	// APIVersion if the ping version is lower than the default version. If the API
+	// version reported by the server is higher than the maximum version supported
+	// by the client, it uses the client's maximum version.
+	//
+	// If a manual override is in place, either through the "DOCKER_API_VERSION"
+	// ([EnvOverrideAPIVersion]) environment variable, or if the client is initialized
+	// with a fixed version ([WithAPIVersion]), no negotiation is performed.
+	//
+	// If the API server's ping response does not contain an API version, or if the
+	// client did not get a successful ping response, it assumes it is connected with
+	// an old daemon that does not support API version negotiation, in which case it
+	// downgrades to the lowest supported API version.
+	NegotiateAPIVersion bool
+
+	// ForceNegotiate forces the client to re-negotiate the API version, even if
+	// API-version negotiation already happened or it the client is configured
+	// with a fixed version (using [WithAPIVersion] or [WithAPIVersionFromEnv]).
+	//
+	// This option has no effect if NegotiateAPIVersion is not set.
+	ForceNegotiate bool
+}
+
+// PingResult holds the result of a [Client.Ping] API call.
+type PingResult struct {
+	APIVersion     string
+	OSType         string
+	Experimental   bool
+	BuilderVersion build.BuilderVersion
+
+	// SwarmStatus provides information about the current swarm status of the
+	// engine, obtained from the "Swarm" header in the API response.
+	//
+	// It can be a nil struct if the API version does not provide this header
+	// in the ping response, or if an error occurred, in which case the client
+	// should use other ways to get the current swarm status, such as the /swarm
+	// endpoint.
+	SwarmStatus *SwarmStatus
+}
+
+// SwarmStatus provides information about the current swarm status and role,
+// obtained from the "Swarm" header in the API response.
+type SwarmStatus struct {
+	// NodeState represents the state of the node.
+	NodeState swarm.LocalNodeState
+
+	// ControlAvailable indicates if the node is a swarm manager.
+	ControlAvailable bool
+}
+
+// Ping pings the server and returns the value of the "Docker-Experimental",
+// "Builder-Version", "OS-Type" & "API-Version" headers. It attempts to use
+// a HEAD request on the endpoint, but falls back to GET if HEAD is not supported
+// by the daemon. It ignores internal server errors returned by the API, which
+// may be returned if the daemon is in an unhealthy state, but returns errors
+// for other non-success status codes, failing to connect to the API, or failing
+// to parse the API response.
+func (cli *Client) Ping(ctx context.Context, options PingOptions) (PingResult, error) {
+	if !options.NegotiateAPIVersion {
+		// No API version negotiation needed; just return ping response.
+		return cli.ping(ctx)
+	}
+	if cli.negotiated.Load() && !options.ForceNegotiate {
+		// API version was already negotiated or manually set.
+		return cli.ping(ctx)
+	}
+
+	// Ensure exclusive write access to version and negotiated fields
+	cli.negotiateLock.Lock()
+	defer cli.negotiateLock.Unlock()
+
+	ping, err := cli.ping(ctx)
+	if err != nil {
+		return ping, err
+	}
+
+	if cli.negotiated.Load() && !options.ForceNegotiate {
+		// API version was already negotiated or manually set.
+		//
+		// We check cli.negotiated again under lock, to account for race
+		// conditions with the check at the start of this function.
+		return ping, nil
+	}
+
+	if ping.APIVersion == "" {
+		cli.setAPIVersion(MaxAPIVersion)
+		return ping, nil
+	}
+
+	return ping, cli.negotiateAPIVersion(ping.APIVersion)
+}
+
+func (cli *Client) ping(ctx context.Context) (PingResult, error) {
+	// Using cli.buildRequest() + cli.doRequest() instead of cli.sendRequest()
+	// because ping requests are used during API version negotiation, so we want
+	// to hit the non-versioned /_ping endpoint, not /v1.xx/_ping
+	req, err := cli.buildRequest(ctx, http.MethodHead, path.Join(cli.basePath, "/_ping"), nil, nil)
+	if err != nil {
+		return PingResult{}, err
+	}
+	resp, err := cli.doRequest(req)
+	defer ensureReaderClosed(resp)
+	if err == nil && resp.StatusCode == http.StatusOK {
+		// Fast-path; successfully connected using a HEAD request and
+		// we got a "OK" (200) status. For non-200 status-codes, we fall
+		// back to doing a GET request, as a HEAD request won't have a
+		// response-body to get error details from.
+		return newPingResult(resp), nil
+	}
+	// close to allow reusing connection.
+	ensureReaderClosed(resp)
+
+	// HEAD failed or returned a non-OK status; fallback to GET.
+	req2, err := cli.buildRequest(ctx, http.MethodGet, path.Join(cli.basePath, "/_ping"), nil, nil)
+	if err != nil {
+		return PingResult{}, err
+	}
+	resp, err = cli.doRequest(req2)
+	defer ensureReaderClosed(resp)
+	if err != nil {
+		// Failed to connect.
+		return PingResult{}, err
+	}
+
+	// GET request succeeded but may have returned a non-200 status.
+	// Return a Ping response, together with any error returned by
+	// the API server.
+	return newPingResult(resp), checkResponseErr(resp)
+}
+
+func newPingResult(resp *http.Response) PingResult {
+	if resp == nil {
+		return PingResult{}
+	}
+	var swarmStatus *SwarmStatus
+	if si := resp.Header.Get("Swarm"); si != "" {
+		state, role, _ := strings.Cut(si, "/")
+		swarmStatus = &SwarmStatus{
+			NodeState:        swarm.LocalNodeState(state),
+			ControlAvailable: role == "manager",
+		}
+	}
+
+	return PingResult{
+		APIVersion:     resp.Header.Get("Api-Version"),
+		OSType:         resp.Header.Get("Ostype"),
+		Experimental:   resp.Header.Get("Docker-Experimental") == "true",
+		BuilderVersion: build.BuilderVersion(resp.Header.Get("Builder-Version")),
+		SwarmStatus:    swarmStatus,
+	}
+}
diff --git a/vendor/github.com/moby/moby/client/pkg/jsonmessage/jsonmessage.go b/vendor/github.com/moby/moby/client/pkg/jsonmessage/jsonmessage.go
new file mode 100644
index 0000000000..e3ac43afd4
--- /dev/null
+++ b/vendor/github.com/moby/moby/client/pkg/jsonmessage/jsonmessage.go
@@ -0,0 +1,294 @@
+package jsonmessage
+
+import (
+	"encoding/json"
+	"errors"
+	"fmt"
+	"io"
+	"iter"
+	"strings"
+	"time"
+
+	"github.com/docker/go-units"
+	"github.com/moby/moby/api/types/jsonstream"
+	"github.com/moby/term"
+)
+
+var timeNow = time.Now // For overriding in tests.
+
+// RFC3339NanoFixed is time.RFC3339Nano with nanoseconds padded using zeros to
+// ensure the formatted time is always the same number of characters.
+const RFC3339NanoFixed = "2006-01-02T15:04:05.000000000Z07:00"
+
+// DisplayOpt configures behavior for [DisplayStream] and [DisplayMessages].
+// Options are applied in order; if an option returns an error, processing
+// stops and the error is returned to the caller.
+type DisplayOpt func(*displayOpts) error
+
+type displayOpts struct {
+	auxCallback func(jsonstream.Message)
+}
+
+// WithAuxCallback registers a callback that is invoked for auxiliary
+// jsonstream messages as they are processed. The callback is optional;
+// if not provided, auxiliary messages are ignored.
+func WithAuxCallback(fn func(jsonstream.Message)) DisplayOpt {
+	return func(opts *displayOpts) error {
+		opts.auxCallback = fn
+		return nil
+	}
+}
+
+func RenderTUIProgress(p jsonstream.Progress, width uint16) string {
+	var (
+		pbBox      string
+		numbersBox string
+	)
+	if p.Current <= 0 && p.Total <= 0 {
+		return ""
+	}
+	if p.Total <= 0 {
+		switch p.Units {
+		case "":
+			return fmt.Sprintf("%8v", units.HumanSize(float64(p.Current)))
+		default:
+			return fmt.Sprintf("%d %s", p.Current, p.Units)
+		}
+	}
+
+	percentage := min(int(float64(p.Current)/float64(p.Total)*100)/2, 50)
+	if width > 110 {
+		// this number can't be negative gh#7136
+		numSpaces := max(50-percentage, 0)
+		pbBox = fmt.Sprintf("[%s>%s] ", strings.Repeat("=", percentage), strings.Repeat(" ", numSpaces))
+	}
+
+	switch {
+	case p.HideCounts:
+	case p.Units == "": // no units, use bytes
+		current := units.HumanSize(float64(p.Current))
+		total := units.HumanSize(float64(p.Total))
+
+		numbersBox = fmt.Sprintf("%8v/%v", current, total)
+
+		if p.Current > p.Total {
+			// remove total display if the reported current is wonky.
+			numbersBox = fmt.Sprintf("%8v", current)
+		}
+	default:
+		numbersBox = fmt.Sprintf("%d/%d %s", p.Current, p.Total, p.Units)
+
+		if p.Current > p.Total {
+			// remove total display if the reported current is wonky.
+			numbersBox = fmt.Sprintf("%d %s", p.Current, p.Units)
+		}
+	}
+
+	// Show approximation of remaining time if there's enough width.
+	var timeLeftBox string
+	if width > 50 {
+		if p.Current > 0 && p.Start > 0 && percentage < 50 {
+			fromStart := timeNow().UTC().Sub(time.Unix(p.Start, 0))
+			perEntry := fromStart / time.Duration(p.Current)
+			left := time.Duration(p.Total-p.Current) * perEntry
+			timeLeftBox = " " + left.Round(time.Second).String()
+		}
+	}
+	return pbBox + numbersBox + timeLeftBox
+}
+
+// We can probably use [aec.EmptyBuilder] for managing the output, but
+// currently we're doing it all manually, so defining some consts for
+// the basics we use.
+//
+// [aec.EmptyBuilder]: https://pkg.go.dev/github.com/morikuni/aec#EmptyBuilder
+const (
+	ansiEraseLine     = "\x1b[2K"  // Erase entire line
+	ansiCursorUpFmt   = "\x1b[%dA" // Move cursor up N lines
+	ansiCursorDownFmt = "\x1b[%dB" // Move cursor down N lines
+)
+
+func clearLine(out io.Writer) {
+	_, _ = out.Write([]byte(ansiEraseLine))
+}
+
+func cursorUp(out io.Writer, l uint) {
+	if l == 0 {
+		return
+	}
+	_, _ = fmt.Fprintf(out, ansiCursorUpFmt, l)
+}
+
+func cursorDown(out io.Writer, l uint) {
+	if l == 0 {
+		return
+	}
+	_, _ = fmt.Fprintf(out, ansiCursorDownFmt, l)
+}
+
+// Display prints the JSONMessage to out. If isTerminal is true, it erases
+// the entire current line when displaying the progressbar. It returns an
+// error if the [JSONMessage.Error] field is non-nil.
+func Display(jm jsonstream.Message, out io.Writer, isTerminal bool, width uint16) error {
+	if jm.Error != nil {
+		return jm.Error
+	}
+	var endl string
+	if isTerminal && jm.Stream == "" && jm.Progress != nil {
+		clearLine(out)
+		endl = "\r"
+		_, _ = fmt.Fprint(out, endl)
+	} else if jm.Progress != nil && (jm.Progress.Current > 0 || jm.Progress.Total > 0) { // disable progressbar in non-terminal
+		return nil
+	}
+	if jm.ID != "" {
+		_, _ = fmt.Fprintf(out, "%s: ", jm.ID)
+	}
+	if jm.Progress != nil && isTerminal {
+		if width == 0 {
+			width = 200
+		}
+		_, _ = fmt.Fprintf(out, "%s %s%s", jm.Status, RenderTUIProgress(*jm.Progress, width), endl)
+	} else if jm.Stream != "" {
+		_, _ = fmt.Fprintf(out, "%s%s", jm.Stream, endl)
+	} else {
+		_, _ = fmt.Fprintf(out, "%s%s\n", jm.Status, endl)
+	}
+	return nil
+}
+
+type JSONMessagesStream = iter.Seq2[jsonstream.Message, error]
+
+// DisplayJSONMessagesStream is like [DisplayStream], but allows the caller to
+// explicitly provide the terminal file descriptor and whether out is a terminal.
+func DisplayJSONMessagesStream(in io.Reader, out io.Writer, terminalFd uintptr, isTerminal bool, auxCallback func(jsonstream.Message)) error {
+	var opts []DisplayOpt
+	if auxCallback != nil {
+		opts = append(opts, WithAuxCallback(auxCallback))
+	}
+	return displayJSONMessagesStream(in, out, terminalFd, isTerminal, opts...)
+}
+
+// DisplayStream reads a JSON message stream from in, and writes each
+// [jsonstream.Message] to out. See [DisplayMessages] for details.
+func DisplayStream(in io.Reader, out io.Writer, opts ...DisplayOpt) error {
+	terminalFd, isTerminal := term.GetFdInfo(out)
+	return displayJSONMessagesStream(in, out, terminalFd, isTerminal, opts...)
+}
+
+func displayJSONMessagesStream(in io.Reader, out io.Writer, terminalFd uintptr, isTerminal bool, opts ...DisplayOpt) error {
+	dec := json.NewDecoder(in)
+	f := func(yield func(jsonstream.Message, error) bool) {
+		for {
+			var jm jsonstream.Message
+			err := dec.Decode(&jm)
+			if errors.Is(err, io.EOF) {
+				break
+			}
+			if !yield(jm, err) {
+				return
+			}
+		}
+	}
+
+	return displayJSONMessages(f, out, terminalFd, isTerminal, opts...)
+}
+
+// DisplayJSONMessages is like [DisplayMessages], but allows the caller to
+// explicitly provide the terminal file descriptor and whether out is a terminal.
+func DisplayJSONMessages(messages iter.Seq2[jsonstream.Message, error], out io.Writer, terminalFd uintptr, isTerminal bool, auxCallback func(jsonstream.Message)) error {
+	var opts []DisplayOpt
+	if auxCallback != nil {
+		opts = append(opts, WithAuxCallback(auxCallback))
+	}
+	return displayJSONMessages(messages, out, terminalFd, isTerminal, opts...)
+}
+
+// DisplayMessages writes each [jsonstream.Message] from stream to out.
+// It returns an error if an invalid [jsonstream.Message] is received, or if
+// a message contains a non-zero [jsonstream.Message.Error].
+//
+// Presentation of the message depends on whether out is a terminal, and on the
+// terminal width. Progress bars ([jsonstream.Progress]) are suppressed on
+// narrower terminals (< 110 characters). If out is a terminal, it prints a
+// newline ("\n") at the end of each line and moves the cursor while displaying.
+//
+// auxCallback allows handling the [jsonstream.Message.Aux] field. It is called
+// if a message contains an Aux field, in which case DisplayMessages does not
+// present the message.
+func DisplayMessages(messages iter.Seq2[jsonstream.Message, error], out io.Writer, opts ...DisplayOpt) error {
+	terminalFd, isTerminal := term.GetFdInfo(out)
+	return displayJSONMessages(messages, out, terminalFd, isTerminal, opts...)
+}
+
+func displayJSONMessages(messages iter.Seq2[jsonstream.Message, error], out io.Writer, terminalFd uintptr, isTerminal bool, opts ...DisplayOpt) error {
+	var cfg displayOpts
+	for _, opt := range opts {
+		if opt == nil {
+			continue
+		}
+		if err := opt(&cfg); err != nil {
+			return err
+		}
+	}
+	auxCallback := cfg.auxCallback
+
+	ids := make(map[string]uint)
+	var width uint16 = 200
+	if isTerminal {
+		ws, err := term.GetWinsize(terminalFd)
+		if err == nil {
+			width = ws.Width
+		}
+	}
+
+	for jm, err := range messages {
+		var diff uint
+		if err != nil {
+			return err
+		}
+
+		if jm.Aux != nil {
+			if auxCallback != nil {
+				auxCallback(jm)
+			}
+			continue
+		}
+
+		if jm.ID != "" && jm.Progress != nil {
+			line, ok := ids[jm.ID]
+			if !ok {
+				// NOTE: This approach of using len(id) to
+				// figure out the number of lines of history
+				// only works as long as we clear the history
+				// when we output something that's not
+				// accounted for in the map, such as a line
+				// with no ID.
+				line = uint(len(ids))
+				ids[jm.ID] = line
+				if isTerminal {
+					_, _ = fmt.Fprintf(out, "\n")
+				}
+			}
+			diff = uint(len(ids)) - line
+			if isTerminal {
+				cursorUp(out, diff)
+			}
+		} else {
+			// When outputting something that isn't progress
+			// output, clear the history of previous lines. We
+			// don't want progress entries from some previous
+			// operation to be updated (for example, pull -a
+			// with multiple tags).
+			ids = make(map[string]uint)
+		}
+		err := Display(jm, out, isTerminal, width)
+		if jm.ID != "" && isTerminal {
+			cursorDown(out, diff)
+		}
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/api/types/versions/compare.go b/vendor/github.com/moby/moby/client/pkg/versions/compare.go
similarity index 91%
rename from vendor/github.com/docker/docker/api/types/versions/compare.go
rename to vendor/github.com/moby/moby/client/pkg/versions/compare.go
index 1a0325c7ed..fa0ad9b5a3 100644
--- a/vendor/github.com/docker/docker/api/types/versions/compare.go
+++ b/vendor/github.com/moby/moby/client/pkg/versions/compare.go
@@ -16,11 +16,8 @@ func compare(v1, v2 string) int {
 		otherTab = strings.Split(v2, ".")
 	)
 
-	maxVer := len(currTab)
-	if len(otherTab) > maxVer {
-		maxVer = len(otherTab)
-	}
-	for i := 0; i < maxVer; i++ {
+	maxVer := max(len(otherTab), len(currTab))
+	for i := range maxVer {
 		var currInt, otherInt int
 
 		if len(currTab) > i {
diff --git a/vendor/github.com/moby/moby/client/plugin_create.go b/vendor/github.com/moby/moby/client/plugin_create.go
new file mode 100644
index 0000000000..c1a2dd5a6c
--- /dev/null
+++ b/vendor/github.com/moby/moby/client/plugin_create.go
@@ -0,0 +1,31 @@
+package client
+
+import (
+	"context"
+	"io"
+	"net/http"
+	"net/url"
+)
+
+// PluginCreateOptions hold all options to plugin create.
+type PluginCreateOptions struct {
+	RepoName string
+}
+
+// PluginCreateResult represents the result of a plugin create operation.
+type PluginCreateResult struct {
+	// Currently empty; can be extended in the future if needed.
+}
+
+// PluginCreate creates a plugin
+func (cli *Client) PluginCreate(ctx context.Context, createContext io.Reader, createOptions PluginCreateOptions) (PluginCreateResult, error) {
+	headers := http.Header(make(map[string][]string))
+	headers.Set("Content-Type", "application/x-tar")
+
+	query := url.Values{}
+	query.Set("name", createOptions.RepoName)
+
+	resp, err := cli.postRaw(ctx, "/plugins/create", query, createContext, headers)
+	defer ensureReaderClosed(resp)
+	return PluginCreateResult{}, err
+}
diff --git a/vendor/github.com/moby/moby/client/plugin_disable.go b/vendor/github.com/moby/moby/client/plugin_disable.go
new file mode 100644
index 0000000000..65ab0aa004
--- /dev/null
+++ b/vendor/github.com/moby/moby/client/plugin_disable.go
@@ -0,0 +1,31 @@
+package client
+
+import (
+	"context"
+	"net/url"
+)
+
+// PluginDisableOptions holds parameters to disable plugins.
+type PluginDisableOptions struct {
+	Force bool
+}
+
+// PluginDisableResult represents the result of a plugin disable operation.
+type PluginDisableResult struct {
+	// Currently empty; can be extended in the future if needed.
+}
+
+// PluginDisable disables a plugin
+func (cli *Client) PluginDisable(ctx context.Context, name string, options PluginDisableOptions) (PluginDisableResult, error) {
+	name, err := trimID("plugin", name)
+	if err != nil {
+		return PluginDisableResult{}, err
+	}
+	query := url.Values{}
+	if options.Force {
+		query.Set("force", "1")
+	}
+	resp, err := cli.post(ctx, "/plugins/"+name+"/disable", query, nil, nil)
+	defer ensureReaderClosed(resp)
+	return PluginDisableResult{}, err
+}
diff --git a/vendor/github.com/moby/moby/client/plugin_enable.go b/vendor/github.com/moby/moby/client/plugin_enable.go
new file mode 100644
index 0000000000..7c3e26b67a
--- /dev/null
+++ b/vendor/github.com/moby/moby/client/plugin_enable.go
@@ -0,0 +1,31 @@
+package client
+
+import (
+	"context"
+	"net/url"
+	"strconv"
+)
+
+// PluginEnableOptions holds parameters to enable plugins.
+type PluginEnableOptions struct {
+	Timeout int
+}
+
+// PluginEnableResult represents the result of a plugin enable operation.
+type PluginEnableResult struct {
+	// Currently empty; can be extended in the future if needed.
+}
+
+// PluginEnable enables a plugin
+func (cli *Client) PluginEnable(ctx context.Context, name string, options PluginEnableOptions) (PluginEnableResult, error) {
+	name, err := trimID("plugin", name)
+	if err != nil {
+		return PluginEnableResult{}, err
+	}
+	query := url.Values{}
+	query.Set("timeout", strconv.Itoa(options.Timeout))
+
+	resp, err := cli.post(ctx, "/plugins/"+name+"/enable", query, nil, nil)
+	defer ensureReaderClosed(resp)
+	return PluginEnableResult{}, err
+}
diff --git a/vendor/github.com/moby/moby/client/plugin_inspect.go b/vendor/github.com/moby/moby/client/plugin_inspect.go
new file mode 100644
index 0000000000..8caf06a8e0
--- /dev/null
+++ b/vendor/github.com/moby/moby/client/plugin_inspect.go
@@ -0,0 +1,35 @@
+package client
+
+import (
+	"context"
+	"encoding/json"
+
+	"github.com/moby/moby/api/types/plugin"
+)
+
+// PluginInspectOptions holds parameters to inspect a plugin.
+type PluginInspectOptions struct {
+	// Add future optional parameters here
+}
+
+// PluginInspectResult holds the result from the [Client.PluginInspect] method.
+type PluginInspectResult struct {
+	Plugin plugin.Plugin
+	Raw    json.RawMessage
+}
+
+// PluginInspect inspects an existing plugin
+func (cli *Client) PluginInspect(ctx context.Context, name string, options PluginInspectOptions) (PluginInspectResult, error) {
+	name, err := trimID("plugin", name)
+	if err != nil {
+		return PluginInspectResult{}, err
+	}
+	resp, err := cli.get(ctx, "/plugins/"+name+"/json", nil, nil)
+	if err != nil {
+		return PluginInspectResult{}, err
+	}
+
+	var out PluginInspectResult
+	out.Raw, err = decodeWithRaw(resp, &out.Plugin)
+	return out, err
+}
diff --git a/vendor/github.com/moby/moby/client/plugin_install.go b/vendor/github.com/moby/moby/client/plugin_install.go
new file mode 100644
index 0000000000..a589b2e1fd
--- /dev/null
+++ b/vendor/github.com/moby/moby/client/plugin_install.go
@@ -0,0 +1,175 @@
+package client
+
+import (
+	"context"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"io"
+	"net/http"
+	"net/url"
+
+	cerrdefs "github.com/containerd/errdefs"
+	"github.com/distribution/reference"
+	"github.com/moby/moby/api/types/plugin"
+	"github.com/moby/moby/api/types/registry"
+)
+
+// PluginInstallOptions holds parameters to install a plugin.
+type PluginInstallOptions struct {
+	Disabled             bool
+	AcceptAllPermissions bool
+	RegistryAuth         string // RegistryAuth is the base64 encoded credentials for the registry
+	RemoteRef            string // RemoteRef is the plugin name on the registry
+
+	// PrivilegeFunc is a function that clients can supply to retry operations
+	// after getting an authorization error. This function returns the registry
+	// authentication header value in base64 encoded format, or an error if the
+	// privilege request fails.
+	//
+	// For details, refer to [github.com/moby/moby/api/types/registry.RequestAuthConfig].
+	PrivilegeFunc         func(context.Context) (string, error)
+	AcceptPermissionsFunc func(context.Context, plugin.Privileges) (bool, error)
+	Args                  []string
+}
+
+// PluginInstallResult holds the result of a plugin install operation.
+// It is an io.ReadCloser from which the caller can read installation progress or result.
+type PluginInstallResult struct {
+	io.ReadCloser
+}
+
+// PluginInstall installs a plugin
+func (cli *Client) PluginInstall(ctx context.Context, name string, options PluginInstallOptions) (_ PluginInstallResult, retErr error) {
+	query := url.Values{}
+	if _, err := reference.ParseNormalizedNamed(options.RemoteRef); err != nil {
+		return PluginInstallResult{}, fmt.Errorf("invalid remote reference: %w", err)
+	}
+	query.Set("remote", options.RemoteRef)
+
+	privileges, err := cli.checkPluginPermissions(ctx, query, &options)
+	if err != nil {
+		return PluginInstallResult{}, err
+	}
+
+	// set name for plugin pull, if empty should default to remote reference
+	query.Set("name", name)
+
+	resp, err := cli.tryPluginPull(ctx, query, privileges, options.RegistryAuth)
+	if err != nil {
+		return PluginInstallResult{}, err
+	}
+
+	name = resp.Header.Get("Docker-Plugin-Name")
+
+	pr, pw := io.Pipe()
+	go func() { // todo: the client should probably be designed more around the actual api
+		_, err := io.Copy(pw, resp.Body)
+		if err != nil {
+			_ = pw.CloseWithError(err)
+			return
+		}
+		defer func() {
+			if retErr != nil {
+				delResp, _ := cli.delete(ctx, "/plugins/"+name, nil, nil)
+				ensureReaderClosed(delResp)
+			}
+		}()
+		if len(options.Args) > 0 {
+			if _, err := cli.PluginSet(ctx, name, PluginSetOptions{Args: options.Args}); err != nil {
+				_ = pw.CloseWithError(err)
+				return
+			}
+		}
+
+		if options.Disabled {
+			_ = pw.Close()
+			return
+		}
+
+		_, enableErr := cli.PluginEnable(ctx, name, PluginEnableOptions{Timeout: 0})
+		_ = pw.CloseWithError(enableErr)
+	}()
+	return PluginInstallResult{pr}, nil
+}
+
+func (cli *Client) tryPluginPrivileges(ctx context.Context, query url.Values, registryAuth string) (*http.Response, error) {
+	return cli.get(ctx, "/plugins/privileges", query, http.Header{
+		registry.AuthHeader: {registryAuth},
+	})
+}
+
+func (cli *Client) tryPluginPull(ctx context.Context, query url.Values, privileges plugin.Privileges, registryAuth string) (*http.Response, error) {
+	return cli.post(ctx, "/plugins/pull", query, privileges, http.Header{
+		registry.AuthHeader: {registryAuth},
+	})
+}
+
+func (cli *Client) checkPluginPermissions(ctx context.Context, query url.Values, options pluginOptions) (plugin.Privileges, error) {
+	resp, err := cli.tryPluginPrivileges(ctx, query, options.getRegistryAuth())
+	if cerrdefs.IsUnauthorized(err) && options.getPrivilegeFunc() != nil {
+		// TODO: do inspect before to check existing name before checking privileges
+		newAuthHeader, privilegeErr := options.getPrivilegeFunc()(ctx)
+		if privilegeErr != nil {
+			ensureReaderClosed(resp)
+			return nil, privilegeErr
+		}
+		options.setRegistryAuth(newAuthHeader)
+		resp, err = cli.tryPluginPrivileges(ctx, query, options.getRegistryAuth())
+	}
+	if err != nil {
+		ensureReaderClosed(resp)
+		return nil, err
+	}
+
+	var privileges plugin.Privileges
+	if err := json.NewDecoder(resp.Body).Decode(&privileges); err != nil {
+		ensureReaderClosed(resp)
+		return nil, err
+	}
+	ensureReaderClosed(resp)
+
+	if !options.getAcceptAllPermissions() && options.getAcceptPermissionsFunc() != nil && len(privileges) > 0 {
+		accept, err := options.getAcceptPermissionsFunc()(ctx, privileges)
+		if err != nil {
+			return nil, err
+		}
+		if !accept {
+			return nil, errors.New("permission denied while installing plugin " + options.getRemoteRef())
+		}
+	}
+	return privileges, nil
+}
+
+type pluginOptions interface {
+	getRegistryAuth() string
+	setRegistryAuth(string)
+	getPrivilegeFunc() func(context.Context) (string, error)
+	getAcceptAllPermissions() bool
+	getAcceptPermissionsFunc() func(context.Context, plugin.Privileges) (bool, error)
+	getRemoteRef() string
+}
+
+func (o *PluginInstallOptions) getRegistryAuth() string {
+	return o.RegistryAuth
+}
+
+func (o *PluginInstallOptions) setRegistryAuth(auth string) {
+	o.RegistryAuth = auth
+}
+
+func (o *PluginInstallOptions) getPrivilegeFunc() func(context.Context) (string, error) {
+	return o.PrivilegeFunc
+}
+
+func (o *PluginInstallOptions) getAcceptAllPermissions() bool {
+	return o.AcceptAllPermissions
+}
+
+func (o *PluginInstallOptions) getAcceptPermissionsFunc() func(context.Context, plugin.Privileges) (bool, error) {
+	return o.AcceptPermissionsFunc
+}
+
+func (o *PluginInstallOptions) getRemoteRef() string {
+	return o.RemoteRef
+}
diff --git a/vendor/github.com/moby/moby/client/plugin_list.go b/vendor/github.com/moby/moby/client/plugin_list.go
new file mode 100644
index 0000000000..cbd90b407a
--- /dev/null
+++ b/vendor/github.com/moby/moby/client/plugin_list.go
@@ -0,0 +1,35 @@
+package client
+
+import (
+	"context"
+	"encoding/json"
+	"net/url"
+
+	"github.com/moby/moby/api/types/plugin"
+)
+
+// PluginListOptions holds parameters to list plugins.
+type PluginListOptions struct {
+	Filters Filters
+}
+
+// PluginListResult represents the result of a plugin list operation.
+type PluginListResult struct {
+	Items []plugin.Plugin
+}
+
+// PluginList returns the installed plugins
+func (cli *Client) PluginList(ctx context.Context, options PluginListOptions) (PluginListResult, error) {
+	query := url.Values{}
+
+	options.Filters.updateURLValues(query)
+	resp, err := cli.get(ctx, "/plugins", query, nil)
+	defer ensureReaderClosed(resp)
+	if err != nil {
+		return PluginListResult{}, err
+	}
+
+	var plugins plugin.ListResponse
+	err = json.NewDecoder(resp.Body).Decode(&plugins)
+	return PluginListResult{Items: plugins}, err
+}
diff --git a/vendor/github.com/moby/moby/client/plugin_push.go b/vendor/github.com/moby/moby/client/plugin_push.go
new file mode 100644
index 0000000000..4ba25d1336
--- /dev/null
+++ b/vendor/github.com/moby/moby/client/plugin_push.go
@@ -0,0 +1,34 @@
+package client
+
+import (
+	"context"
+	"io"
+	"net/http"
+
+	"github.com/moby/moby/api/types/registry"
+)
+
+// PluginPushOptions holds parameters to push a plugin.
+type PluginPushOptions struct {
+	RegistryAuth string // RegistryAuth is the base64 encoded credentials for the registry
+}
+
+// PluginPushResult is the result of a plugin push operation
+type PluginPushResult struct {
+	io.ReadCloser
+}
+
+// PluginPush pushes a plugin to a registry
+func (cli *Client) PluginPush(ctx context.Context, name string, options PluginPushOptions) (PluginPushResult, error) {
+	name, err := trimID("plugin", name)
+	if err != nil {
+		return PluginPushResult{}, err
+	}
+	resp, err := cli.post(ctx, "/plugins/"+name+"/push", nil, nil, http.Header{
+		registry.AuthHeader: {options.RegistryAuth},
+	})
+	if err != nil {
+		return PluginPushResult{}, err
+	}
+	return PluginPushResult{resp.Body}, nil
+}
diff --git a/vendor/github.com/moby/moby/client/plugin_remove.go b/vendor/github.com/moby/moby/client/plugin_remove.go
new file mode 100644
index 0000000000..229f408582
--- /dev/null
+++ b/vendor/github.com/moby/moby/client/plugin_remove.go
@@ -0,0 +1,33 @@
+package client
+
+import (
+	"context"
+	"net/url"
+)
+
+// PluginRemoveOptions holds parameters to remove plugins.
+type PluginRemoveOptions struct {
+	Force bool
+}
+
+// PluginRemoveResult represents the result of a plugin removal.
+type PluginRemoveResult struct {
+	// Currently empty; can be extended in the future if needed.
+}
+
+// PluginRemove removes a plugin
+func (cli *Client) PluginRemove(ctx context.Context, name string, options PluginRemoveOptions) (PluginRemoveResult, error) {
+	name, err := trimID("plugin", name)
+	if err != nil {
+		return PluginRemoveResult{}, err
+	}
+
+	query := url.Values{}
+	if options.Force {
+		query.Set("force", "1")
+	}
+
+	resp, err := cli.delete(ctx, "/plugins/"+name, query, nil)
+	defer ensureReaderClosed(resp)
+	return PluginRemoveResult{}, err
+}
diff --git a/vendor/github.com/moby/moby/client/plugin_set.go b/vendor/github.com/moby/moby/client/plugin_set.go
new file mode 100644
index 0000000000..c1f6bb5fac
--- /dev/null
+++ b/vendor/github.com/moby/moby/client/plugin_set.go
@@ -0,0 +1,27 @@
+package client
+
+import (
+	"context"
+)
+
+// PluginSetOptions defines options for modifying a plugin's settings.
+type PluginSetOptions struct {
+	Args []string
+}
+
+// PluginSetResult represents the result of a plugin set operation.
+type PluginSetResult struct {
+	// Currently empty; can be extended in the future if needed.
+}
+
+// PluginSet modifies settings for an existing plugin
+func (cli *Client) PluginSet(ctx context.Context, name string, options PluginSetOptions) (PluginSetResult, error) {
+	name, err := trimID("plugin", name)
+	if err != nil {
+		return PluginSetResult{}, err
+	}
+
+	resp, err := cli.post(ctx, "/plugins/"+name+"/set", nil, options.Args, nil)
+	defer ensureReaderClosed(resp)
+	return PluginSetResult{}, err
+}
diff --git a/vendor/github.com/moby/moby/client/plugin_upgrade.go b/vendor/github.com/moby/moby/client/plugin_upgrade.go
new file mode 100644
index 0000000000..f9df6e5843
--- /dev/null
+++ b/vendor/github.com/moby/moby/client/plugin_upgrade.go
@@ -0,0 +1,89 @@
+package client
+
+import (
+	"context"
+	"fmt"
+	"io"
+	"net/http"
+	"net/url"
+
+	"github.com/distribution/reference"
+	"github.com/moby/moby/api/types/plugin"
+	"github.com/moby/moby/api/types/registry"
+)
+
+// PluginUpgradeOptions holds parameters to upgrade a plugin.
+type PluginUpgradeOptions struct {
+	Disabled             bool
+	AcceptAllPermissions bool
+	RegistryAuth         string // RegistryAuth is the base64 encoded credentials for the registry
+	RemoteRef            string // RemoteRef is the plugin name on the registry
+
+	// PrivilegeFunc is a function that clients can supply to retry operations
+	// after getting an authorization error. This function returns the registry
+	// authentication header value in base64 encoded format, or an error if the
+	// privilege request fails.
+	//
+	// For details, refer to [github.com/moby/moby/api/types/registry.RequestAuthConfig].
+	PrivilegeFunc         func(context.Context) (string, error)
+	AcceptPermissionsFunc func(context.Context, plugin.Privileges) (bool, error)
+	Args                  []string
+}
+
+// PluginUpgradeResult holds the result of a plugin upgrade operation.
+type PluginUpgradeResult io.ReadCloser
+
+// PluginUpgrade upgrades a plugin
+func (cli *Client) PluginUpgrade(ctx context.Context, name string, options PluginUpgradeOptions) (PluginUpgradeResult, error) {
+	name, err := trimID("plugin", name)
+	if err != nil {
+		return nil, err
+	}
+
+	query := url.Values{}
+	if _, err := reference.ParseNormalizedNamed(options.RemoteRef); err != nil {
+		return nil, fmt.Errorf("invalid remote reference: %w", err)
+	}
+	query.Set("remote", options.RemoteRef)
+
+	privileges, err := cli.checkPluginPermissions(ctx, query, &options)
+	if err != nil {
+		return nil, err
+	}
+
+	resp, err := cli.tryPluginUpgrade(ctx, query, privileges, name, options.RegistryAuth)
+	if err != nil {
+		return nil, err
+	}
+	return resp.Body, nil
+}
+
+func (cli *Client) tryPluginUpgrade(ctx context.Context, query url.Values, privileges plugin.Privileges, name, registryAuth string) (*http.Response, error) {
+	return cli.post(ctx, "/plugins/"+name+"/upgrade", query, privileges, http.Header{
+		registry.AuthHeader: {registryAuth},
+	})
+}
+
+func (o *PluginUpgradeOptions) getRegistryAuth() string {
+	return o.RegistryAuth
+}
+
+func (o *PluginUpgradeOptions) setRegistryAuth(auth string) {
+	o.RegistryAuth = auth
+}
+
+func (o *PluginUpgradeOptions) getPrivilegeFunc() func(context.Context) (string, error) {
+	return o.PrivilegeFunc
+}
+
+func (o *PluginUpgradeOptions) getAcceptAllPermissions() bool {
+	return o.AcceptAllPermissions
+}
+
+func (o *PluginUpgradeOptions) getAcceptPermissionsFunc() func(context.Context, plugin.Privileges) (bool, error) {
+	return o.AcceptPermissionsFunc
+}
+
+func (o *PluginUpgradeOptions) getRemoteRef() string {
+	return o.RemoteRef
+}
diff --git a/vendor/github.com/moby/moby/client/request.go b/vendor/github.com/moby/moby/client/request.go
new file mode 100644
index 0000000000..10ed36dc67
--- /dev/null
+++ b/vendor/github.com/moby/moby/client/request.go
@@ -0,0 +1,381 @@
+package client
+
+import (
+	"bytes"
+	"context"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"io"
+	"net"
+	"net/http"
+	"net/url"
+	"os"
+	"reflect"
+	"strings"
+
+	"github.com/moby/moby/api/types/common"
+)
+
+// head sends an http request to the docker API using the method HEAD.
+func (cli *Client) head(ctx context.Context, path string, query url.Values, headers http.Header) (*http.Response, error) {
+	return cli.sendRequest(ctx, http.MethodHead, path, query, nil, headers)
+}
+
+// get sends an http request to the docker API using the method GET with a specific Go context.
+func (cli *Client) get(ctx context.Context, path string, query url.Values, headers http.Header) (*http.Response, error) {
+	return cli.sendRequest(ctx, http.MethodGet, path, query, nil, headers)
+}
+
+// post sends an http POST request to the API.
+func (cli *Client) post(ctx context.Context, path string, query url.Values, body any, headers http.Header) (*http.Response, error) {
+	jsonBody, headers, err := prepareJSONRequest(body, headers)
+	if err != nil {
+		return nil, err
+	}
+	return cli.sendRequest(ctx, http.MethodPost, path, query, jsonBody, headers)
+}
+
+func (cli *Client) postRaw(ctx context.Context, path string, query url.Values, body io.Reader, headers http.Header) (*http.Response, error) {
+	return cli.sendRequest(ctx, http.MethodPost, path, query, body, headers)
+}
+
+func (cli *Client) put(ctx context.Context, path string, query url.Values, body any, headers http.Header) (*http.Response, error) {
+	jsonBody, headers, err := prepareJSONRequest(body, headers)
+	if err != nil {
+		return nil, err
+	}
+	return cli.putRaw(ctx, path, query, jsonBody, headers)
+}
+
+// putRaw sends an http request to the docker API using the method PUT.
+func (cli *Client) putRaw(ctx context.Context, path string, query url.Values, body io.Reader, headers http.Header) (*http.Response, error) {
+	// PUT requests are expected to always have a body (apparently)
+	// so explicitly pass an empty body to sendRequest to signal that
+	// it should set the Content-Type header if not already present.
+	if body == nil {
+		body = http.NoBody
+	}
+	return cli.sendRequest(ctx, http.MethodPut, path, query, body, headers)
+}
+
+// delete sends an http request to the docker API using the method DELETE.
+func (cli *Client) delete(ctx context.Context, path string, query url.Values, headers http.Header) (*http.Response, error) {
+	return cli.sendRequest(ctx, http.MethodDelete, path, query, nil, headers)
+}
+
+// prepareJSONRequest encodes the given body to JSON and returns it as an [io.Reader], and sets the Content-Type
+// header. If body is nil, or a nil-interface, a "nil" body is returned without
+// error.
+func prepareJSONRequest(body any, headers http.Header) (io.Reader, http.Header, error) {
+	jsonBody, err := jsonEncode(body)
+	if err != nil {
+		return nil, headers, err
+	}
+	if jsonBody == nil || jsonBody == http.NoBody {
+		// no content-type is set on empty requests.
+		return jsonBody, headers, nil
+	}
+
+	hdr := http.Header{}
+	if headers != nil {
+		hdr = headers.Clone()
+	}
+
+	// TODO(thaJeztah): should this return an error if a different Content-Type is already set?
+	hdr.Set("Content-Type", "application/json")
+	return jsonBody, hdr, nil
+}
+
+func (cli *Client) buildRequest(ctx context.Context, method, path string, body io.Reader, headers http.Header) (*http.Request, error) {
+	req, err := http.NewRequestWithContext(ctx, method, path, body)
+	if err != nil {
+		return nil, err
+	}
+	req = cli.addHeaders(req, headers)
+	req.URL.Scheme = cli.scheme
+	req.URL.Host = cli.addr
+
+	if cli.proto == "unix" || cli.proto == "npipe" {
+		// Override host header for non-tcp connections.
+		req.Host = DummyHost
+	}
+
+	return req, nil
+}
+
+func (cli *Client) sendRequest(ctx context.Context, method, path string, query url.Values, body io.Reader, headers http.Header) (*http.Response, error) {
+	req, err := cli.buildRequest(ctx, method, cli.getAPIPath(ctx, path, query), body, headers)
+	if err != nil {
+		return nil, err
+	}
+
+	resp, err := cli.doRequest(req)
+	if err != nil {
+		// Failed to connect or context error.
+		return resp, err
+	}
+
+	// Successfully made a request; return the response and handle any
+	// API HTTP response errors.
+	return resp, checkResponseErr(resp)
+}
+
+// doRequest sends an HTTP request and returns an HTTP response. It is a
+// wrapper around [http.Client.Do] with extra handling to decorate errors.
+//
+// Otherwise, it behaves identical to [http.Client.Do]; an error is returned
+// when failing to make a connection, On error, any Response can be ignored.
+// A non-2xx status code doesn't cause an error.
+func (cli *Client) doRequest(req *http.Request) (*http.Response, error) {
+	resp, err := cli.client.Do(req) // #nosec G704 -- ignore "SSRF via taint analysis"; API client intentionally sends caller-provided requests/URLs.
+	if err == nil {
+		return resp, nil
+	}
+
+	if cli.scheme != "https" && strings.Contains(err.Error(), "malformed HTTP response") {
+		return nil, errConnectionFailed{fmt.Errorf("%w.\n* Are you trying to connect to a TLS-enabled daemon without TLS?", err)}
+	}
+
+	const (
+		// Go 1.25 /  TLS 1.3 may produce a generic "handshake failure"
+		// whereas TLS 1.2 may produce a "bad certificate" TLS alert.
+		// See https://github.com/golang/go/issues/56371
+		//
+		// > https://tip.golang.org/doc/go1.12#tls_1_3
+		// >
+		// > In TLS 1.3 the client is the last one to speak in the handshake, so if
+		// > it causes an error to occur on the server, it will be returned on the
+		// > client by the first Read, not by Handshake. For example, that will be
+		// > the case if the server rejects the client certificate.
+		//
+		// https://github.com/golang/go/blob/go1.25.1/src/crypto/tls/alert.go#L71-L72
+		alertBadCertificate   = "bad certificate"   // go1.24 / TLS 1.2
+		alertHandshakeFailure = "handshake failure" // go1.25 / TLS 1.3
+	)
+
+	// TODO(thaJeztah): see if we can use errors.As for a [crypto/tls.AlertError] instead of bare string matching.
+	if cli.scheme == "https" && (strings.Contains(err.Error(), alertHandshakeFailure) || strings.Contains(err.Error(), alertBadCertificate)) {
+		return nil, errConnectionFailed{fmt.Errorf("the server probably has client authentication (--tlsverify) enabled; check your TLS client certification settings: %w", err)}
+	}
+
+	// Don't decorate context sentinel errors; users may be comparing to
+	// them directly.
+	if errors.Is(err, context.Canceled) || errors.Is(err, context.DeadlineExceeded) {
+		return nil, err
+	}
+
+	if errors.Is(err, os.ErrPermission) {
+		// Don't include request errors (Get "http://%2Fvar%2Frun%2Fdocker.sock/v1.51/version"),
+		// which are irrelevant if we weren't able to connect.
+		return nil, errConnectionFailed{fmt.Errorf("permission denied while trying to connect to the docker API at %v", cli.host)}
+	}
+	if errors.Is(err, os.ErrNotExist) {
+		// Unwrap the error to remove request errors (Get "http://%2Fvar%2Frun%2Fdocker.sock/v1.51/version"),
+		// which are irrelevant if we weren't able to connect.
+		err = errors.Unwrap(err)
+		return nil, errConnectionFailed{fmt.Errorf("failed to connect to the docker API at %v; check if the path is correct and if the daemon is running: %w", cli.host, err)}
+	}
+	var dnsErr *net.DNSError
+	if errors.As(err, &dnsErr) {
+		return nil, errConnectionFailed{fmt.Errorf("failed to connect to the docker API at %v: %w", cli.host, dnsErr)}
+	}
+
+	var nErr net.Error
+	if errors.As(err, &nErr) {
+		// FIXME(thaJeztah): any net.Error should be considered a connection error (but we should include the original error)?
+		if nErr.Timeout() {
+			return nil, connectionFailed(cli.host)
+		}
+		if strings.Contains(nErr.Error(), "connection refused") || strings.Contains(nErr.Error(), "dial unix") {
+			return nil, connectionFailed(cli.host)
+		}
+	}
+
+	// Although there's not a strongly typed error for this in go-winio,
+	// lots of people are using the default configuration for the docker
+	// daemon on Windows where the daemon is listening on a named pipe
+	// ("//./pipe/docker_engine"), and the client must be running elevated.
+	//
+	// Give users a clue rather than the not-overly useful message such as;
+	//
+	// 	open //./pipe/docker_engine: The system cannot find the file specified.
+	//
+	// Note we can't string compare "The system cannot find the file specified" as
+	// this is localized; for example. in French the error would be;
+	//
+	//	open //./pipe/docker_engine: Le fichier spécifié est introuvable.
+	if strings.Contains(err.Error(), `open //./pipe/docker_engine`) {
+		// Checks if client is running with elevated privileges
+		if f, elevatedErr := os.Open(`\\.\PHYSICALDRIVE0`); elevatedErr != nil {
+			err = fmt.Errorf("in the default daemon configuration on Windows, the docker client must be run with elevated privileges to connect: %w", err)
+		} else {
+			_ = f.Close()
+			err = fmt.Errorf("this error may indicate that the docker daemon is not running: %w", err)
+		}
+	}
+
+	return nil, errConnectionFailed{fmt.Errorf("error during connect: %w", err)}
+}
+
+func checkResponseErr(serverResp *http.Response) (retErr error) {
+	if serverResp == nil {
+		return nil
+	}
+	if serverResp.StatusCode >= http.StatusOK && serverResp.StatusCode < http.StatusBadRequest {
+		return nil
+	}
+	defer func() {
+		retErr = httpErrorFromStatusCode(retErr, serverResp.StatusCode)
+	}()
+
+	var body []byte
+	var err error
+	var reqURL string
+	if serverResp.Request != nil {
+		reqURL = serverResp.Request.URL.String()
+	}
+	statusMsg := serverResp.Status
+	if statusMsg == "" {
+		statusMsg = http.StatusText(serverResp.StatusCode)
+	}
+	var reqMethod string
+	if serverResp.Request != nil {
+		reqMethod = serverResp.Request.Method
+	}
+	if serverResp.Body != nil && reqMethod != http.MethodHead {
+		bodyMax := 1 * 1024 * 1024 // 1 MiB
+		bodyR := &io.LimitedReader{
+			R: serverResp.Body,
+			N: int64(bodyMax),
+		}
+		body, err = io.ReadAll(bodyR)
+		if err != nil {
+			return err
+		}
+		if bodyR.N == 0 {
+			if reqURL != "" {
+				return fmt.Errorf("request returned %s with a message (> %d bytes) for API route and version %s, check if the server supports the requested API version", statusMsg, bodyMax, reqURL)
+			}
+			return fmt.Errorf("request returned %s with a message (> %d bytes); check if the server supports the requested API version", statusMsg, bodyMax)
+		}
+	}
+	if len(body) == 0 {
+		if reqURL != "" {
+			return fmt.Errorf("request returned %s for API route and version %s, check if the server supports the requested API version", statusMsg, reqURL)
+		}
+		return fmt.Errorf("request returned %s; check if the server supports the requested API version", statusMsg)
+	}
+
+	var daemonErr error
+	if serverResp.Header.Get("Content-Type") == "application/json" {
+		var errorResponse common.ErrorResponse
+		if err := json.Unmarshal(body, &errorResponse); err != nil {
+			return fmt.Errorf("error reading JSON: %w", err)
+		}
+		if errorResponse.Message == "" {
+			// Error-message is empty, which means that we successfully parsed the
+			// JSON-response (no error produced), but it didn't contain an error
+			// message. This could either be because the response was empty, or
+			// the response was valid JSON, but not with the expected schema
+			// ([common.ErrorResponse]).
+			//
+			// We cannot use "strict" JSON handling (json.NewDecoder with DisallowUnknownFields)
+			// due to the API using an open schema (we must anticipate fields
+			// being added to [common.ErrorResponse] in the future, and not
+			// reject those responses.
+			//
+			// For these cases, we construct an error with the status-code
+			// returned, but we could consider returning (a truncated version
+			// of) the actual response as-is.
+			//
+			// TODO(thaJeztah): consider adding a log.Debug to allow clients to debug the actual response when enabling debug logging.
+			daemonErr = fmt.Errorf(`API returned a %d (%s) but provided no error-message`,
+				serverResp.StatusCode,
+				http.StatusText(serverResp.StatusCode),
+			)
+		} else {
+			daemonErr = errors.New(strings.TrimSpace(errorResponse.Message))
+		}
+	} else {
+		// Fall back to returning the response as-is for situations where a
+		// plain text error is returned. This branch may also catch
+		// situations where a proxy is involved, returning an HTML response.
+		daemonErr = errors.New(strings.TrimSpace(string(body)))
+	}
+	return fmt.Errorf("Error response from daemon: %w", daemonErr)
+}
+
+func (cli *Client) addHeaders(req *http.Request, headers http.Header) *http.Request {
+	// Add CLI Config's HTTP Headers BEFORE we set the Docker headers
+	// then the user can't change OUR headers
+	for k, v := range cli.customHTTPHeaders {
+		req.Header.Set(k, v)
+	}
+
+	for k, v := range headers {
+		req.Header[http.CanonicalHeaderKey(k)] = v
+	}
+
+	if cli.userAgent == nil {
+		// No custom User-Agent set: use the default.
+		if req.Header.Get("User-Agent") == "" {
+			req.Header.Set("User-Agent", defaultUserAgent())
+		}
+	} else if *cli.userAgent == "" {
+		// User-Agent set to empty value; remove User-Agent.
+		req.Header.Del("User-Agent")
+	} else {
+		// Custom User-Agent set.
+		req.Header.Set("User-Agent", *cli.userAgent)
+	}
+	return req
+}
+
+func jsonEncode(data any) (io.Reader, error) {
+	switch x := data.(type) {
+	case nil:
+		return http.NoBody, nil
+	case io.Reader:
+		// http.NoBody or other readers
+		return x, nil
+	case json.RawMessage:
+		if len(x) == 0 {
+			return http.NoBody, nil
+		}
+		return bytes.NewReader(x), nil
+	}
+
+	// encoding/json encodes a nil pointer as the JSON document `null`,
+	// irrespective of whether the type implements json.Marshaler or encoding.TextMarshaler.
+	// That is almost certainly not what the caller intended as the request body.
+	if v := reflect.ValueOf(data); v.Kind() == reflect.Pointer && v.IsNil() {
+		return http.NoBody, nil
+	}
+
+	b, err := json.Marshal(data)
+	if err != nil {
+		return nil, err
+	}
+	return bytes.NewReader(b), nil
+}
+
+func ensureReaderClosed(response *http.Response) {
+	if response == nil || response.Body == nil {
+		return
+	}
+	if response.ContentLength == 0 || (response.Request != nil && response.Request.Method == http.MethodHead) {
+		// No need to drain head requests or zero-length responses.
+		_ = response.Body.Close()
+		return
+	}
+	// Drain up to 512 bytes and close the body to let the Transport reuse the connection
+	// see https://github.com/google/go-github/pull/317/files#r57536827
+	//
+	// TODO(thaJeztah): see if this optimization is still needed, or already implemented in stdlib,
+	//   and check if context-cancellation should handle this as well. If still needed, consider
+	//   wrapping response.Body, or returning a "closer()" from [Client.sendRequest] and related
+	//   methods.
+	_, _ = io.CopyN(io.Discard, response.Body, 512)
+	_ = response.Body.Close()
+}
diff --git a/vendor/github.com/moby/moby/client/secret_create.go b/vendor/github.com/moby/moby/client/secret_create.go
new file mode 100644
index 0000000000..8e59a42ce7
--- /dev/null
+++ b/vendor/github.com/moby/moby/client/secret_create.go
@@ -0,0 +1,34 @@
+package client
+
+import (
+	"context"
+	"encoding/json"
+
+	"github.com/moby/moby/api/types/swarm"
+)
+
+// SecretCreateOptions holds options for creating a secret.
+type SecretCreateOptions struct {
+	Spec swarm.SecretSpec
+}
+
+// SecretCreateResult holds the result from the [Client.SecretCreate] method.
+type SecretCreateResult struct {
+	ID string
+}
+
+// SecretCreate creates a new secret.
+func (cli *Client) SecretCreate(ctx context.Context, options SecretCreateOptions) (SecretCreateResult, error) {
+	resp, err := cli.post(ctx, "/secrets/create", nil, options.Spec, nil)
+	defer ensureReaderClosed(resp)
+	if err != nil {
+		return SecretCreateResult{}, err
+	}
+
+	var out swarm.ConfigCreateResponse
+	err = json.NewDecoder(resp.Body).Decode(&out)
+	if err != nil {
+		return SecretCreateResult{}, err
+	}
+	return SecretCreateResult{ID: out.ID}, nil
+}
diff --git a/vendor/github.com/moby/moby/client/secret_inspect.go b/vendor/github.com/moby/moby/client/secret_inspect.go
new file mode 100644
index 0000000000..fefd4cd23d
--- /dev/null
+++ b/vendor/github.com/moby/moby/client/secret_inspect.go
@@ -0,0 +1,35 @@
+package client
+
+import (
+	"context"
+	"encoding/json"
+
+	"github.com/moby/moby/api/types/swarm"
+)
+
+// SecretInspectOptions holds options for inspecting a secret.
+type SecretInspectOptions struct {
+	// Add future optional parameters here
+}
+
+// SecretInspectResult holds the result from the [Client.SecretInspect]. method.
+type SecretInspectResult struct {
+	Secret swarm.Secret
+	Raw    json.RawMessage
+}
+
+// SecretInspect returns the secret information with raw data.
+func (cli *Client) SecretInspect(ctx context.Context, id string, options SecretInspectOptions) (SecretInspectResult, error) {
+	id, err := trimID("secret", id)
+	if err != nil {
+		return SecretInspectResult{}, err
+	}
+	resp, err := cli.get(ctx, "/secrets/"+id, nil, nil)
+	if err != nil {
+		return SecretInspectResult{}, err
+	}
+
+	var out SecretInspectResult
+	out.Raw, err = decodeWithRaw(resp, &out.Secret)
+	return out, err
+}
diff --git a/vendor/github.com/moby/moby/client/secret_list.go b/vendor/github.com/moby/moby/client/secret_list.go
new file mode 100644
index 0000000000..be36955757
--- /dev/null
+++ b/vendor/github.com/moby/moby/client/secret_list.go
@@ -0,0 +1,38 @@
+package client
+
+import (
+	"context"
+	"encoding/json"
+	"net/url"
+
+	"github.com/moby/moby/api/types/swarm"
+)
+
+// SecretListOptions holds parameters to list secrets
+type SecretListOptions struct {
+	Filters Filters
+}
+
+// SecretListResult holds the result from the [client.SecretList] method.
+type SecretListResult struct {
+	Items []swarm.Secret
+}
+
+// SecretList returns the list of secrets.
+func (cli *Client) SecretList(ctx context.Context, options SecretListOptions) (SecretListResult, error) {
+	query := url.Values{}
+	options.Filters.updateURLValues(query)
+
+	resp, err := cli.get(ctx, "/secrets", query, nil)
+	defer ensureReaderClosed(resp)
+	if err != nil {
+		return SecretListResult{}, err
+	}
+
+	var out SecretListResult
+	err = json.NewDecoder(resp.Body).Decode(&out.Items)
+	if err != nil {
+		return SecretListResult{}, err
+	}
+	return out, nil
+}
diff --git a/vendor/github.com/moby/moby/client/secret_remove.go b/vendor/github.com/moby/moby/client/secret_remove.go
new file mode 100644
index 0000000000..42cbfec9e1
--- /dev/null
+++ b/vendor/github.com/moby/moby/client/secret_remove.go
@@ -0,0 +1,27 @@
+package client
+
+import "context"
+
+// SecretRemoveOptions holds options for [Client.SecretRemove].
+type SecretRemoveOptions struct {
+	// Add future optional parameters here
+}
+
+// SecretRemoveResult holds the result of [Client.SecretRemove].
+type SecretRemoveResult struct {
+	// Add future fields here
+}
+
+// SecretRemove removes a secret.
+func (cli *Client) SecretRemove(ctx context.Context, id string, options SecretRemoveOptions) (SecretRemoveResult, error) {
+	id, err := trimID("secret", id)
+	if err != nil {
+		return SecretRemoveResult{}, err
+	}
+	resp, err := cli.delete(ctx, "/secrets/"+id, nil, nil)
+	defer ensureReaderClosed(resp)
+	if err != nil {
+		return SecretRemoveResult{}, err
+	}
+	return SecretRemoveResult{}, nil
+}
diff --git a/vendor/github.com/moby/moby/client/secret_update.go b/vendor/github.com/moby/moby/client/secret_update.go
new file mode 100644
index 0000000000..d50fba4d45
--- /dev/null
+++ b/vendor/github.com/moby/moby/client/secret_update.go
@@ -0,0 +1,33 @@
+package client
+
+import (
+	"context"
+	"net/url"
+
+	"github.com/moby/moby/api/types/swarm"
+)
+
+// SecretUpdateOptions holds options for updating a secret.
+type SecretUpdateOptions struct {
+	Version swarm.Version
+	Spec    swarm.SecretSpec
+}
+
+// SecretUpdateResult holds the result of [Client.SecretUpdate].
+type SecretUpdateResult struct{}
+
+// SecretUpdate attempts to update a secret.
+func (cli *Client) SecretUpdate(ctx context.Context, id string, options SecretUpdateOptions) (SecretUpdateResult, error) {
+	id, err := trimID("secret", id)
+	if err != nil {
+		return SecretUpdateResult{}, err
+	}
+	query := url.Values{}
+	query.Set("version", options.Version.String())
+	resp, err := cli.post(ctx, "/secrets/"+id+"/update", query, options.Spec, nil)
+	defer ensureReaderClosed(resp)
+	if err != nil {
+		return SecretUpdateResult{}, err
+	}
+	return SecretUpdateResult{}, nil
+}
diff --git a/vendor/github.com/docker/docker/client/service_create.go b/vendor/github.com/moby/moby/client/service_create.go
similarity index 54%
rename from vendor/github.com/docker/docker/client/service_create.go
rename to vendor/github.com/moby/moby/client/service_create.go
index db7566a85d..319bca6f4c 100644
--- a/vendor/github.com/docker/docker/client/service_create.go
+++ b/vendor/github.com/moby/moby/client/service_create.go
@@ -3,122 +3,131 @@ package client
 import (
 	"context"
 	"encoding/json"
+	"errors"
 	"fmt"
 	"net/http"
 	"strings"
 
 	"github.com/distribution/reference"
-	"github.com/docker/docker/api/types/registry"
-	"github.com/docker/docker/api/types/swarm"
-	"github.com/docker/docker/api/types/versions"
+	"github.com/moby/moby/api/types/registry"
+	"github.com/moby/moby/api/types/swarm"
 	"github.com/opencontainers/go-digest"
-	"github.com/pkg/errors"
 )
 
-// ServiceCreate creates a new service.
-func (cli *Client) ServiceCreate(ctx context.Context, service swarm.ServiceSpec, options swarm.ServiceCreateOptions) (swarm.ServiceCreateResponse, error) {
-	var response swarm.ServiceCreateResponse
+// ServiceCreateOptions contains the options to use when creating a service.
+type ServiceCreateOptions struct {
+	Spec swarm.ServiceSpec
 
-	// Make sure we negotiated (if the client is configured to do so),
-	// as code below contains API-version specific handling of options.
+	// EncodedRegistryAuth is the encoded registry authorization credentials to
+	// use when updating the service.
 	//
-	// Normally, version-negotiation (if enabled) would not happen until
-	// the API request is made.
-	if err := cli.checkVersion(ctx); err != nil {
-		return response, err
-	}
+	// This field follows the format of the X-Registry-Auth header.
+	EncodedRegistryAuth string
 
+	// QueryRegistry indicates whether the service update requires
+	// contacting a registry. A registry may be contacted to retrieve
+	// the image digest and manifest, which in turn can be used to update
+	// platform or other information about the service.
+	QueryRegistry bool
+}
+
+// ServiceCreateResult represents the result of creating a service.
+type ServiceCreateResult struct {
+	// ID is the ID of the created service.
+	ID string
+
+	// Warnings is a list of warnings that occurred during service creation.
+	Warnings []string
+}
+
+// ServiceCreate creates a new service.
+func (cli *Client) ServiceCreate(ctx context.Context, options ServiceCreateOptions) (ServiceCreateResult, error) {
 	// Make sure containerSpec is not nil when no runtime is set or the runtime is set to container
-	if service.TaskTemplate.ContainerSpec == nil && (service.TaskTemplate.Runtime == "" || service.TaskTemplate.Runtime == swarm.RuntimeContainer) {
-		service.TaskTemplate.ContainerSpec = &swarm.ContainerSpec{}
+	if options.Spec.TaskTemplate.ContainerSpec == nil && (options.Spec.TaskTemplate.Runtime == "" || options.Spec.TaskTemplate.Runtime == swarm.RuntimeContainer) {
+		options.Spec.TaskTemplate.ContainerSpec = &swarm.ContainerSpec{}
 	}
 
-	if err := validateServiceSpec(service); err != nil {
-		return response, err
-	}
-	if versions.LessThan(cli.version, "1.30") {
-		if err := validateAPIVersion(service, cli.version); err != nil {
-			return response, err
-		}
+	if err := validateServiceSpec(options.Spec); err != nil {
+		return ServiceCreateResult{}, err
 	}
 
 	// ensure that the image is tagged
-	var resolveWarning string
+	var warnings []string
 	switch {
-	case service.TaskTemplate.ContainerSpec != nil:
-		if taggedImg := imageWithTagString(service.TaskTemplate.ContainerSpec.Image); taggedImg != "" {
-			service.TaskTemplate.ContainerSpec.Image = taggedImg
+	case options.Spec.TaskTemplate.ContainerSpec != nil:
+		if taggedImg := imageWithTagString(options.Spec.TaskTemplate.ContainerSpec.Image); taggedImg != "" {
+			options.Spec.TaskTemplate.ContainerSpec.Image = taggedImg
 		}
 		if options.QueryRegistry {
-			resolveWarning = resolveContainerSpecImage(ctx, cli, &service.TaskTemplate, options.EncodedRegistryAuth)
+			if warning := resolveContainerSpecImage(ctx, cli, &options.Spec.TaskTemplate, options.EncodedRegistryAuth); warning != "" {
+				warnings = append(warnings, warning)
+			}
 		}
-	case service.TaskTemplate.PluginSpec != nil:
-		if taggedImg := imageWithTagString(service.TaskTemplate.PluginSpec.Remote); taggedImg != "" {
-			service.TaskTemplate.PluginSpec.Remote = taggedImg
+	case options.Spec.TaskTemplate.PluginSpec != nil:
+		if taggedImg := imageWithTagString(options.Spec.TaskTemplate.PluginSpec.Remote); taggedImg != "" {
+			options.Spec.TaskTemplate.PluginSpec.Remote = taggedImg
 		}
 		if options.QueryRegistry {
-			resolveWarning = resolvePluginSpecRemote(ctx, cli, &service.TaskTemplate, options.EncodedRegistryAuth)
+			if warning := resolvePluginSpecRemote(ctx, cli, &options.Spec.TaskTemplate, options.EncodedRegistryAuth); warning != "" {
+				warnings = append(warnings, warning)
+			}
 		}
 	}
 
 	headers := http.Header{}
-	if versions.LessThan(cli.version, "1.30") {
-		// the custom "version" header was used by engine API before 20.10
-		// (API 1.30) to switch between client- and server-side lookup of
-		// image digests.
-		headers["version"] = []string{cli.version}
-	}
 	if options.EncodedRegistryAuth != "" {
 		headers[registry.AuthHeader] = []string{options.EncodedRegistryAuth}
 	}
-	resp, err := cli.post(ctx, "/services/create", nil, service, headers)
+	resp, err := cli.post(ctx, "/services/create", nil, options.Spec, headers)
 	defer ensureReaderClosed(resp)
 	if err != nil {
-		return response, err
+		return ServiceCreateResult{}, err
 	}
 
+	var response swarm.ServiceCreateResponse
 	err = json.NewDecoder(resp.Body).Decode(&response)
-	if resolveWarning != "" {
-		response.Warnings = append(response.Warnings, resolveWarning)
-	}
+	warnings = append(warnings, response.Warnings...)
 
-	return response, err
+	return ServiceCreateResult{
+		ID:       response.ID,
+		Warnings: warnings,
+	}, err
 }
 
 func resolveContainerSpecImage(ctx context.Context, cli DistributionAPIClient, taskSpec *swarm.TaskSpec, encodedAuth string) string {
-	var warning string
-	if img, imgPlatforms, err := imageDigestAndPlatforms(ctx, cli, taskSpec.ContainerSpec.Image, encodedAuth); err != nil {
-		warning = digestWarning(taskSpec.ContainerSpec.Image)
-	} else {
-		taskSpec.ContainerSpec.Image = img
-		if len(imgPlatforms) > 0 {
-			if taskSpec.Placement == nil {
-				taskSpec.Placement = &swarm.Placement{}
-			}
-			taskSpec.Placement.Platforms = imgPlatforms
-		}
+	img, imgPlatforms, err := imageDigestAndPlatforms(ctx, cli, taskSpec.ContainerSpec.Image, encodedAuth)
+	if err != nil {
+		return digestWarning(taskSpec.ContainerSpec.Image)
 	}
-	return warning
+	taskSpec.ContainerSpec.Image = img
+	if len(imgPlatforms) > 0 {
+		if taskSpec.Placement == nil {
+			taskSpec.Placement = &swarm.Placement{}
+		}
+		taskSpec.Placement.Platforms = imgPlatforms
+	}
+	return ""
 }
 
 func resolvePluginSpecRemote(ctx context.Context, cli DistributionAPIClient, taskSpec *swarm.TaskSpec, encodedAuth string) string {
-	var warning string
-	if img, imgPlatforms, err := imageDigestAndPlatforms(ctx, cli, taskSpec.PluginSpec.Remote, encodedAuth); err != nil {
-		warning = digestWarning(taskSpec.PluginSpec.Remote)
-	} else {
-		taskSpec.PluginSpec.Remote = img
-		if len(imgPlatforms) > 0 {
-			if taskSpec.Placement == nil {
-				taskSpec.Placement = &swarm.Placement{}
-			}
-			taskSpec.Placement.Platforms = imgPlatforms
-		}
+	img, imgPlatforms, err := imageDigestAndPlatforms(ctx, cli, taskSpec.PluginSpec.Remote, encodedAuth)
+	if err != nil {
+		return digestWarning(taskSpec.PluginSpec.Remote)
 	}
-	return warning
+	taskSpec.PluginSpec.Remote = img
+	if len(imgPlatforms) > 0 {
+		if taskSpec.Placement == nil {
+			taskSpec.Placement = &swarm.Placement{}
+		}
+		taskSpec.Placement.Platforms = imgPlatforms
+	}
+	return ""
 }
 
 func imageDigestAndPlatforms(ctx context.Context, cli DistributionAPIClient, image, encodedAuth string) (string, []swarm.Platform, error) {
-	distributionInspect, err := cli.DistributionInspect(ctx, image, encodedAuth)
+	distributionInspect, err := cli.DistributionInspect(ctx, image, DistributionInspectOptions{
+		EncodedRegistryAuth: encodedAuth,
+	})
 	var platforms []swarm.Platform
 	if err != nil {
 		return "", nil, err
@@ -154,7 +163,7 @@ func imageDigestAndPlatforms(ctx context.Context, cli DistributionAPIClient, ima
 func imageWithDigestString(image string, dgst digest.Digest) string {
 	namedRef, err := reference.ParseNormalizedNamed(image)
 	if err == nil {
-		if _, isCanonical := namedRef.(reference.Canonical); !isCanonical {
+		if _, hasDigest := namedRef.(reference.Digested); !hasDigest {
 			// ensure that image gets a default tag if none is provided
 			img, err := reference.WithDigest(namedRef, dgst)
 			if err == nil {
@@ -195,18 +204,3 @@ func validateServiceSpec(s swarm.ServiceSpec) error {
 	}
 	return nil
 }
-
-func validateAPIVersion(c swarm.ServiceSpec, apiVersion string) error {
-	for _, m := range c.TaskTemplate.ContainerSpec.Mounts {
-		if m.BindOptions != nil {
-			if m.BindOptions.NonRecursive && versions.LessThan(apiVersion, "1.40") {
-				return errors.Errorf("bind-recursive=disabled requires API v1.40 or later")
-			}
-			// ReadOnlyNonRecursive can be safely ignored when API < 1.44
-			if m.BindOptions.ReadOnlyForceRecursive && versions.LessThan(apiVersion, "1.44") {
-				return errors.Errorf("bind-recursive=readonly requires API v1.44 or later")
-			}
-		}
-	}
-	return nil
-}
diff --git a/vendor/github.com/moby/moby/client/service_inspect.go b/vendor/github.com/moby/moby/client/service_inspect.go
new file mode 100644
index 0000000000..9bda43f861
--- /dev/null
+++ b/vendor/github.com/moby/moby/client/service_inspect.go
@@ -0,0 +1,40 @@
+package client
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"net/url"
+
+	"github.com/moby/moby/api/types/swarm"
+)
+
+// ServiceInspectOptions holds parameters related to the service inspect operation.
+type ServiceInspectOptions struct {
+	InsertDefaults bool
+}
+
+// ServiceInspectResult represents the result of a service inspect operation.
+type ServiceInspectResult struct {
+	Service swarm.Service
+	Raw     json.RawMessage
+}
+
+// ServiceInspect retrieves detailed information about a specific service by its ID.
+func (cli *Client) ServiceInspect(ctx context.Context, serviceID string, options ServiceInspectOptions) (ServiceInspectResult, error) {
+	serviceID, err := trimID("service", serviceID)
+	if err != nil {
+		return ServiceInspectResult{}, err
+	}
+
+	query := url.Values{}
+	query.Set("insertDefaults", fmt.Sprintf("%v", options.InsertDefaults))
+	resp, err := cli.get(ctx, "/services/"+serviceID, query, nil)
+	if err != nil {
+		return ServiceInspectResult{}, err
+	}
+
+	var out ServiceInspectResult
+	out.Raw, err = decodeWithRaw(resp, &out.Service)
+	return out, err
+}
diff --git a/vendor/github.com/moby/moby/client/service_list.go b/vendor/github.com/moby/moby/client/service_list.go
new file mode 100644
index 0000000000..94b5204be3
--- /dev/null
+++ b/vendor/github.com/moby/moby/client/service_list.go
@@ -0,0 +1,44 @@
+package client
+
+import (
+	"context"
+	"encoding/json"
+	"net/url"
+
+	"github.com/moby/moby/api/types/swarm"
+)
+
+// ServiceListOptions holds parameters to list services with.
+type ServiceListOptions struct {
+	Filters Filters
+
+	// Status indicates whether the server should include the service task
+	// count of running and desired tasks.
+	Status bool
+}
+
+// ServiceListResult represents the result of a service list operation.
+type ServiceListResult struct {
+	Items []swarm.Service
+}
+
+// ServiceList returns the list of services.
+func (cli *Client) ServiceList(ctx context.Context, options ServiceListOptions) (ServiceListResult, error) {
+	query := url.Values{}
+
+	options.Filters.updateURLValues(query)
+
+	if options.Status {
+		query.Set("status", "true")
+	}
+
+	resp, err := cli.get(ctx, "/services", query, nil)
+	defer ensureReaderClosed(resp)
+	if err != nil {
+		return ServiceListResult{}, err
+	}
+
+	var services []swarm.Service
+	err = json.NewDecoder(resp.Body).Decode(&services)
+	return ServiceListResult{Items: services}, err
+}
diff --git a/vendor/github.com/moby/moby/client/service_logs.go b/vendor/github.com/moby/moby/client/service_logs.go
new file mode 100644
index 0000000000..911b63cb76
--- /dev/null
+++ b/vendor/github.com/moby/moby/client/service_logs.go
@@ -0,0 +1,106 @@
+package client
+
+import (
+	"context"
+	"fmt"
+	"io"
+	"net/url"
+	"time"
+
+	"github.com/moby/moby/client/internal/timestamp"
+)
+
+// ServiceLogsOptions holds parameters to filter logs with.
+type ServiceLogsOptions struct {
+	ShowStdout bool
+	ShowStderr bool
+	Since      string
+	Until      string
+	Timestamps bool
+	Follow     bool
+	Tail       string
+	Details    bool
+}
+
+// ServiceLogsResult holds the result of a service logs operation.
+// It implements [io.ReadCloser].
+// It's up to the caller to close the stream.
+type ServiceLogsResult interface {
+	io.ReadCloser
+}
+
+// ServiceLogs returns the logs generated by a service in a [ServiceLogsResult].
+// as an [io.ReadCloser]. Callers should close the stream.
+//
+// The underlying [io.ReadCloser] is automatically closed if the context is canceled,
+func (cli *Client) ServiceLogs(ctx context.Context, serviceID string, options ServiceLogsOptions) (ServiceLogsResult, error) {
+	// TODO(thaJeztah): this function needs documentation about the format of the stream (similar to for container logs)
+	// TODO(thaJeztah): migrate CLI utilities to the client where suitable; https://github.com/docker/cli/blob/v29.0.0-rc.1/cli/command/service/logs.go#L73-L348
+
+	serviceID, err := trimID("service", serviceID)
+	if err != nil {
+		return nil, err
+	}
+
+	query := url.Values{}
+	if options.ShowStdout {
+		query.Set("stdout", "1")
+	}
+
+	if options.ShowStderr {
+		query.Set("stderr", "1")
+	}
+
+	if options.Since != "" {
+		ts, err := timestamp.GetTimestamp(options.Since, time.Now())
+		if err != nil {
+			return nil, fmt.Errorf(`invalid value for "since": %w`, err)
+		}
+		query.Set("since", ts)
+	}
+
+	if options.Timestamps {
+		query.Set("timestamps", "1")
+	}
+
+	if options.Details {
+		query.Set("details", "1")
+	}
+
+	if options.Follow {
+		query.Set("follow", "1")
+	}
+	switch options.Tail {
+	case "", "all":
+		// don't send option; default is to show all logs.
+		//
+		// The default on the daemon-side is to show all logs; account for
+		// some special values. The CLI may set a magic "all" value that's
+		// used as default.
+		//
+		// Given that the default is to show all logs, we can ignore these
+		// values, and don't send "tail".
+		//
+		// see https://github.com/moby/moby/blob/0df791cb72b568eeadba2267fe9a5040d12b0487/daemon/logs.go#L75-L78
+		// see https://github.com/moby/moby/blob/4d20b6fe56dfb2b06f4a5dd1f32913215a9c317b/daemon/cluster/services.go#L425-L449
+	default:
+		query.Set("tail", options.Tail)
+	}
+
+	resp, err := cli.get(ctx, "/services/"+serviceID+"/logs", query, nil)
+	if err != nil {
+		return nil, err
+	}
+	return &serviceLogsResult{
+		ReadCloser: newCancelReadCloser(ctx, resp.Body),
+	}, nil
+}
+
+type serviceLogsResult struct {
+	io.ReadCloser
+}
+
+var (
+	_ io.ReadCloser     = (*serviceLogsResult)(nil)
+	_ ServiceLogsResult = (*serviceLogsResult)(nil)
+)
diff --git a/vendor/github.com/moby/moby/client/service_remove.go b/vendor/github.com/moby/moby/client/service_remove.go
new file mode 100644
index 0000000000..163689b693
--- /dev/null
+++ b/vendor/github.com/moby/moby/client/service_remove.go
@@ -0,0 +1,25 @@
+package client
+
+import "context"
+
+// ServiceRemoveOptions contains options for removing a service.
+type ServiceRemoveOptions struct {
+	// No options currently; placeholder for future use
+}
+
+// ServiceRemoveResult contains the result of removing a service.
+type ServiceRemoveResult struct {
+	// No fields currently; placeholder for future use
+}
+
+// ServiceRemove kills and removes a service.
+func (cli *Client) ServiceRemove(ctx context.Context, serviceID string, options ServiceRemoveOptions) (ServiceRemoveResult, error) {
+	serviceID, err := trimID("service", serviceID)
+	if err != nil {
+		return ServiceRemoveResult{}, err
+	}
+
+	resp, err := cli.delete(ctx, "/services/"+serviceID, nil, nil)
+	defer ensureReaderClosed(resp)
+	return ServiceRemoveResult{}, err
+}
diff --git a/vendor/github.com/moby/moby/client/service_update.go b/vendor/github.com/moby/moby/client/service_update.go
new file mode 100644
index 0000000000..2505fe4b8e
--- /dev/null
+++ b/vendor/github.com/moby/moby/client/service_update.go
@@ -0,0 +1,114 @@
+package client
+
+import (
+	"context"
+	"encoding/json"
+	"net/http"
+	"net/url"
+
+	"github.com/moby/moby/api/types/registry"
+	"github.com/moby/moby/api/types/swarm"
+)
+
+// ServiceUpdateOptions contains the options to be used for updating services.
+type ServiceUpdateOptions struct {
+	Version swarm.Version
+	Spec    swarm.ServiceSpec
+
+	// EncodedRegistryAuth is the encoded registry authorization credentials to
+	// use when updating the service.
+	//
+	// This field follows the format of the X-Registry-Auth header.
+	EncodedRegistryAuth string
+
+	// TODO(stevvooe): Consider moving the version parameter of ServiceUpdate
+	// into this field. While it does open API users up to racy writes, most
+	// users may not need that level of consistency in practice.
+
+	// RegistryAuthFrom specifies where to find the registry authorization
+	// credentials if they are not given in EncodedRegistryAuth. Valid
+	// values are "spec" and "previous-spec".
+	RegistryAuthFrom swarm.RegistryAuthSource
+
+	// Rollback indicates whether a server-side rollback should be
+	// performed. When this is set, the provided spec will be ignored.
+	// The valid values are "previous" and "none". An empty value is the
+	// same as "none".
+	Rollback string
+
+	// QueryRegistry indicates whether the service update requires
+	// contacting a registry. A registry may be contacted to retrieve
+	// the image digest and manifest, which in turn can be used to update
+	// platform or other information about the service.
+	QueryRegistry bool
+}
+
+// ServiceUpdateResult represents the result of a service update.
+type ServiceUpdateResult struct {
+	// Warnings contains any warnings that occurred during the update.
+	Warnings []string
+}
+
+// ServiceUpdate updates a Service. The version number is required to avoid
+// conflicting writes. It must be the value as set *before* the update.
+// You can find this value in the [swarm.Service.Meta] field, which can
+// be found using [Client.ServiceInspectWithRaw].
+func (cli *Client) ServiceUpdate(ctx context.Context, serviceID string, options ServiceUpdateOptions) (ServiceUpdateResult, error) {
+	serviceID, err := trimID("service", serviceID)
+	if err != nil {
+		return ServiceUpdateResult{}, err
+	}
+
+	if err := validateServiceSpec(options.Spec); err != nil {
+		return ServiceUpdateResult{}, err
+	}
+
+	query := url.Values{}
+	if options.RegistryAuthFrom != "" {
+		query.Set("registryAuthFrom", string(options.RegistryAuthFrom))
+	}
+
+	if options.Rollback != "" {
+		query.Set("rollback", options.Rollback)
+	}
+
+	query.Set("version", options.Version.String())
+
+	// ensure that the image is tagged
+	var warnings []string
+	switch {
+	case options.Spec.TaskTemplate.ContainerSpec != nil:
+		if taggedImg := imageWithTagString(options.Spec.TaskTemplate.ContainerSpec.Image); taggedImg != "" {
+			options.Spec.TaskTemplate.ContainerSpec.Image = taggedImg
+		}
+		if options.QueryRegistry {
+			if warning := resolveContainerSpecImage(ctx, cli, &options.Spec.TaskTemplate, options.EncodedRegistryAuth); warning != "" {
+				warnings = append(warnings, warning)
+			}
+		}
+	case options.Spec.TaskTemplate.PluginSpec != nil:
+		if taggedImg := imageWithTagString(options.Spec.TaskTemplate.PluginSpec.Remote); taggedImg != "" {
+			options.Spec.TaskTemplate.PluginSpec.Remote = taggedImg
+		}
+		if options.QueryRegistry {
+			if warning := resolvePluginSpecRemote(ctx, cli, &options.Spec.TaskTemplate, options.EncodedRegistryAuth); warning != "" {
+				warnings = append(warnings, warning)
+			}
+		}
+	}
+
+	headers := http.Header{}
+	if options.EncodedRegistryAuth != "" {
+		headers.Set(registry.AuthHeader, options.EncodedRegistryAuth)
+	}
+	resp, err := cli.post(ctx, "/services/"+serviceID+"/update", query, options.Spec, headers)
+	defer ensureReaderClosed(resp)
+	if err != nil {
+		return ServiceUpdateResult{}, err
+	}
+
+	var response swarm.ServiceUpdateResponse
+	err = json.NewDecoder(resp.Body).Decode(&response)
+	warnings = append(warnings, response.Warnings...)
+	return ServiceUpdateResult{Warnings: warnings}, err
+}
diff --git a/vendor/github.com/moby/moby/client/swarm_get_unlock_key.go b/vendor/github.com/moby/moby/client/swarm_get_unlock_key.go
new file mode 100644
index 0000000000..03ecce4094
--- /dev/null
+++ b/vendor/github.com/moby/moby/client/swarm_get_unlock_key.go
@@ -0,0 +1,26 @@
+package client
+
+import (
+	"context"
+	"encoding/json"
+
+	"github.com/moby/moby/api/types/swarm"
+)
+
+// SwarmGetUnlockKeyResult contains the swarm unlock key.
+type SwarmGetUnlockKeyResult struct {
+	Key string
+}
+
+// SwarmGetUnlockKey retrieves the swarm's unlock key.
+func (cli *Client) SwarmGetUnlockKey(ctx context.Context) (SwarmGetUnlockKeyResult, error) {
+	resp, err := cli.get(ctx, "/swarm/unlockkey", nil, nil)
+	defer ensureReaderClosed(resp)
+	if err != nil {
+		return SwarmGetUnlockKeyResult{}, err
+	}
+
+	var response swarm.UnlockKeyResponse
+	err = json.NewDecoder(resp.Body).Decode(&response)
+	return SwarmGetUnlockKeyResult{Key: response.UnlockKey}, err
+}
diff --git a/vendor/github.com/moby/moby/client/swarm_init.go b/vendor/github.com/moby/moby/client/swarm_init.go
new file mode 100644
index 0000000000..caad560856
--- /dev/null
+++ b/vendor/github.com/moby/moby/client/swarm_init.go
@@ -0,0 +1,54 @@
+package client
+
+import (
+	"context"
+	"encoding/json"
+	"net/netip"
+
+	"github.com/moby/moby/api/types/swarm"
+)
+
+// SwarmInitOptions contains options for initializing a new swarm.
+type SwarmInitOptions struct {
+	ListenAddr       string
+	AdvertiseAddr    string
+	DataPathAddr     string
+	DataPathPort     uint32
+	ForceNewCluster  bool
+	Spec             swarm.Spec
+	AutoLockManagers bool
+	Availability     swarm.NodeAvailability
+	DefaultAddrPool  []netip.Prefix
+	SubnetSize       uint32
+}
+
+// SwarmInitResult contains the result of a SwarmInit operation.
+type SwarmInitResult struct {
+	NodeID string
+}
+
+// SwarmInit initializes the swarm.
+func (cli *Client) SwarmInit(ctx context.Context, options SwarmInitOptions) (SwarmInitResult, error) {
+	req := swarm.InitRequest{
+		ListenAddr:       options.ListenAddr,
+		AdvertiseAddr:    options.AdvertiseAddr,
+		DataPathAddr:     options.DataPathAddr,
+		DataPathPort:     options.DataPathPort,
+		ForceNewCluster:  options.ForceNewCluster,
+		Spec:             options.Spec,
+		AutoLockManagers: options.AutoLockManagers,
+		Availability:     options.Availability,
+		DefaultAddrPool:  options.DefaultAddrPool,
+		SubnetSize:       options.SubnetSize,
+	}
+
+	resp, err := cli.post(ctx, "/swarm/init", nil, req, nil)
+	defer ensureReaderClosed(resp)
+	if err != nil {
+		return SwarmInitResult{}, err
+	}
+
+	var nodeID string
+	err = json.NewDecoder(resp.Body).Decode(&nodeID)
+	return SwarmInitResult{NodeID: nodeID}, err
+}
diff --git a/vendor/github.com/moby/moby/client/swarm_inspect.go b/vendor/github.com/moby/moby/client/swarm_inspect.go
new file mode 100644
index 0000000000..40e1d018a8
--- /dev/null
+++ b/vendor/github.com/moby/moby/client/swarm_inspect.go
@@ -0,0 +1,31 @@
+package client
+
+import (
+	"context"
+	"encoding/json"
+
+	"github.com/moby/moby/api/types/swarm"
+)
+
+// SwarmInspectOptions holds options for inspecting a swarm.
+type SwarmInspectOptions struct {
+	// Add future optional parameters here
+}
+
+// SwarmInspectResult represents the result of a SwarmInspect operation.
+type SwarmInspectResult struct {
+	Swarm swarm.Swarm
+}
+
+// SwarmInspect inspects the swarm.
+func (cli *Client) SwarmInspect(ctx context.Context, options SwarmInspectOptions) (SwarmInspectResult, error) {
+	resp, err := cli.get(ctx, "/swarm", nil, nil)
+	defer ensureReaderClosed(resp)
+	if err != nil {
+		return SwarmInspectResult{}, err
+	}
+
+	var s swarm.Swarm
+	err = json.NewDecoder(resp.Body).Decode(&s)
+	return SwarmInspectResult{Swarm: s}, err
+}
diff --git a/vendor/github.com/moby/moby/client/swarm_join.go b/vendor/github.com/moby/moby/client/swarm_join.go
new file mode 100644
index 0000000000..66a7544821
--- /dev/null
+++ b/vendor/github.com/moby/moby/client/swarm_join.go
@@ -0,0 +1,38 @@
+package client
+
+import (
+	"context"
+
+	"github.com/moby/moby/api/types/swarm"
+)
+
+// SwarmJoinOptions specifies options for joining a swarm.
+type SwarmJoinOptions struct {
+	ListenAddr    string
+	AdvertiseAddr string
+	DataPathAddr  string
+	RemoteAddrs   []string
+	JoinToken     string // accept by secret
+	Availability  swarm.NodeAvailability
+}
+
+// SwarmJoinResult contains the result of joining a swarm.
+type SwarmJoinResult struct {
+	// No fields currently; placeholder for future use
+}
+
+// SwarmJoin joins the swarm.
+func (cli *Client) SwarmJoin(ctx context.Context, options SwarmJoinOptions) (SwarmJoinResult, error) {
+	req := swarm.JoinRequest{
+		ListenAddr:    options.ListenAddr,
+		AdvertiseAddr: options.AdvertiseAddr,
+		DataPathAddr:  options.DataPathAddr,
+		RemoteAddrs:   options.RemoteAddrs,
+		JoinToken:     options.JoinToken,
+		Availability:  options.Availability,
+	}
+
+	resp, err := cli.post(ctx, "/swarm/join", nil, req, nil)
+	defer ensureReaderClosed(resp)
+	return SwarmJoinResult{}, err
+}
diff --git a/vendor/github.com/moby/moby/client/swarm_leave.go b/vendor/github.com/moby/moby/client/swarm_leave.go
new file mode 100644
index 0000000000..a65a13de3f
--- /dev/null
+++ b/vendor/github.com/moby/moby/client/swarm_leave.go
@@ -0,0 +1,25 @@
+package client
+
+import (
+	"context"
+	"net/url"
+)
+
+// SwarmLeaveOptions contains options for leaving a swarm.
+type SwarmLeaveOptions struct {
+	Force bool
+}
+
+// SwarmLeaveResult represents the result of a SwarmLeave operation.
+type SwarmLeaveResult struct{}
+
+// SwarmLeave leaves the swarm.
+func (cli *Client) SwarmLeave(ctx context.Context, options SwarmLeaveOptions) (SwarmLeaveResult, error) {
+	query := url.Values{}
+	if options.Force {
+		query.Set("force", "1")
+	}
+	resp, err := cli.post(ctx, "/swarm/leave", query, nil, nil)
+	defer ensureReaderClosed(resp)
+	return SwarmLeaveResult{}, err
+}
diff --git a/vendor/github.com/moby/moby/client/swarm_unlock.go b/vendor/github.com/moby/moby/client/swarm_unlock.go
new file mode 100644
index 0000000000..92335afb54
--- /dev/null
+++ b/vendor/github.com/moby/moby/client/swarm_unlock.go
@@ -0,0 +1,25 @@
+package client
+
+import (
+	"context"
+
+	"github.com/moby/moby/api/types/swarm"
+)
+
+// SwarmUnlockOptions specifies options for unlocking a swarm.
+type SwarmUnlockOptions struct {
+	Key string
+}
+
+// SwarmUnlockResult represents the result of unlocking a swarm.
+type SwarmUnlockResult struct{}
+
+// SwarmUnlock unlocks locked swarm.
+func (cli *Client) SwarmUnlock(ctx context.Context, options SwarmUnlockOptions) (SwarmUnlockResult, error) {
+	req := &swarm.UnlockRequest{
+		UnlockKey: options.Key,
+	}
+	resp, err := cli.post(ctx, "/swarm/unlock", nil, req, nil)
+	defer ensureReaderClosed(resp)
+	return SwarmUnlockResult{}, err
+}
diff --git a/vendor/github.com/moby/moby/client/swarm_update.go b/vendor/github.com/moby/moby/client/swarm_update.go
new file mode 100644
index 0000000000..81f62b2c02
--- /dev/null
+++ b/vendor/github.com/moby/moby/client/swarm_update.go
@@ -0,0 +1,33 @@
+package client
+
+import (
+	"context"
+	"net/url"
+	"strconv"
+
+	"github.com/moby/moby/api/types/swarm"
+)
+
+// SwarmUpdateOptions contains options for updating a swarm.
+type SwarmUpdateOptions struct {
+	Version                swarm.Version
+	Spec                   swarm.Spec
+	RotateWorkerToken      bool
+	RotateManagerToken     bool
+	RotateManagerUnlockKey bool
+}
+
+// SwarmUpdateResult represents the result of a SwarmUpdate operation.
+type SwarmUpdateResult struct{}
+
+// SwarmUpdate updates the swarm.
+func (cli *Client) SwarmUpdate(ctx context.Context, options SwarmUpdateOptions) (SwarmUpdateResult, error) {
+	query := url.Values{}
+	query.Set("version", options.Version.String())
+	query.Set("rotateWorkerToken", strconv.FormatBool(options.RotateWorkerToken))
+	query.Set("rotateManagerToken", strconv.FormatBool(options.RotateManagerToken))
+	query.Set("rotateManagerUnlockKey", strconv.FormatBool(options.RotateManagerUnlockKey))
+	resp, err := cli.post(ctx, "/swarm/update", query, options.Spec, nil)
+	defer ensureReaderClosed(resp)
+	return SwarmUpdateResult{}, err
+}
diff --git a/vendor/github.com/moby/moby/client/system_disk_usage.go b/vendor/github.com/moby/moby/client/system_disk_usage.go
new file mode 100644
index 0000000000..c5df1e1b19
--- /dev/null
+++ b/vendor/github.com/moby/moby/client/system_disk_usage.go
@@ -0,0 +1,327 @@
+package client
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"net/url"
+	"slices"
+
+	"github.com/moby/moby/api/types/build"
+	"github.com/moby/moby/api/types/container"
+	"github.com/moby/moby/api/types/image"
+	"github.com/moby/moby/api/types/system"
+	"github.com/moby/moby/api/types/volume"
+	"github.com/moby/moby/client/pkg/versions"
+)
+
+// DiskUsageOptions holds parameters for [Client.DiskUsage] operations.
+type DiskUsageOptions struct {
+	// Containers controls whether container disk usage should be computed.
+	Containers bool
+
+	// Images controls whether image disk usage should be computed.
+	Images bool
+
+	// BuildCache controls whether build cache disk usage should be computed.
+	BuildCache bool
+
+	// Volumes controls whether volume disk usage should be computed.
+	Volumes bool
+
+	// Verbose enables more detailed disk usage information.
+	Verbose bool
+}
+
+// DiskUsageResult is the result of [Client.DiskUsage] operations.
+type DiskUsageResult struct {
+	// Containers holds container disk usage information.
+	Containers ContainersDiskUsage
+
+	// Images holds image disk usage information.
+	Images ImagesDiskUsage
+
+	// BuildCache holds build cache disk usage information.
+	BuildCache BuildCacheDiskUsage
+
+	// Volumes holds volume disk usage information.
+	Volumes VolumesDiskUsage
+}
+
+// ContainersDiskUsage contains disk usage information for containers.
+type ContainersDiskUsage struct {
+	// ActiveCount is the number of active containers.
+	ActiveCount int64
+
+	// TotalCount is the total number of containers.
+	TotalCount int64
+
+	// Reclaimable is the amount of disk space that can be reclaimed.
+	Reclaimable int64
+
+	// TotalSize is the total disk space used by all containers.
+	TotalSize int64
+
+	// Items holds detailed information about each container.
+	Items []container.Summary
+}
+
+// ImagesDiskUsage contains disk usage information for images.
+type ImagesDiskUsage struct {
+	// ActiveCount is the number of active images.
+	ActiveCount int64
+
+	// TotalCount is the total number of images.
+	TotalCount int64
+
+	// Reclaimable is the amount of disk space that can be reclaimed.
+	Reclaimable int64
+
+	// TotalSize is the total disk space used by all images.
+	TotalSize int64
+
+	// Items holds detailed information about each image.
+	Items []image.Summary
+}
+
+// VolumesDiskUsage contains disk usage information for volumes.
+type VolumesDiskUsage struct {
+	// ActiveCount is the number of active volumes.
+	ActiveCount int64
+
+	// TotalCount is the total number of volumes.
+	TotalCount int64
+
+	// Reclaimable is the amount of disk space that can be reclaimed.
+	Reclaimable int64
+
+	// TotalSize is the total disk space used by all volumes.
+	TotalSize int64
+
+	// Items holds detailed information about each volume.
+	Items []volume.Volume
+}
+
+// BuildCacheDiskUsage contains disk usage information for build cache.
+type BuildCacheDiskUsage struct {
+	// ActiveCount is the number of active build cache records.
+	ActiveCount int64
+
+	// TotalCount is the total number of build cache records.
+	TotalCount int64
+
+	// Reclaimable is the amount of disk space that can be reclaimed.
+	Reclaimable int64
+
+	// TotalSize is the total disk space used by all build cache records.
+	TotalSize int64
+
+	// Items holds detailed information about each build cache record.
+	Items []build.CacheRecord
+}
+
+// DiskUsage requests the current data usage from the daemon.
+func (cli *Client) DiskUsage(ctx context.Context, options DiskUsageOptions) (DiskUsageResult, error) {
+	query := url.Values{}
+
+	for _, t := range []struct {
+		flag   bool
+		sysObj system.DiskUsageObject
+	}{
+		{options.Containers, system.ContainerObject},
+		{options.Images, system.ImageObject},
+		{options.Volumes, system.VolumeObject},
+		{options.BuildCache, system.BuildCacheObject},
+	} {
+		if t.flag {
+			query.Add("type", string(t.sysObj))
+		}
+	}
+
+	if options.Verbose {
+		query.Set("verbose", "1")
+	}
+
+	resp, err := cli.get(ctx, "/system/df", query, nil)
+	defer ensureReaderClosed(resp)
+	if err != nil {
+		return DiskUsageResult{}, err
+	}
+
+	if versions.LessThan(cli.version, "1.52") {
+		// Generate result from a legacy response.
+		var du legacyDiskUsage
+		if err := json.NewDecoder(resp.Body).Decode(&du); err != nil {
+			return DiskUsageResult{}, fmt.Errorf("retrieving disk usage: %v", err)
+		}
+
+		return diskUsageResultFromLegacyAPI(&du), nil
+	}
+
+	var du system.DiskUsage
+	if err := json.NewDecoder(resp.Body).Decode(&du); err != nil {
+		return DiskUsageResult{}, fmt.Errorf("retrieving disk usage: %v", err)
+	}
+
+	var r DiskUsageResult
+	if idu := du.ImageUsage; idu != nil {
+		r.Images = ImagesDiskUsage{
+			ActiveCount: idu.ActiveCount,
+			Reclaimable: idu.Reclaimable,
+			TotalCount:  idu.TotalCount,
+			TotalSize:   idu.TotalSize,
+		}
+
+		if options.Verbose {
+			r.Images.Items = slices.Clone(idu.Items)
+		}
+	}
+
+	if cdu := du.ContainerUsage; cdu != nil {
+		r.Containers = ContainersDiskUsage{
+			ActiveCount: cdu.ActiveCount,
+			Reclaimable: cdu.Reclaimable,
+			TotalCount:  cdu.TotalCount,
+			TotalSize:   cdu.TotalSize,
+		}
+
+		if options.Verbose {
+			r.Containers.Items = slices.Clone(cdu.Items)
+		}
+	}
+
+	if bdu := du.BuildCacheUsage; bdu != nil {
+		r.BuildCache = BuildCacheDiskUsage{
+			ActiveCount: bdu.ActiveCount,
+			Reclaimable: bdu.Reclaimable,
+			TotalCount:  bdu.TotalCount,
+			TotalSize:   bdu.TotalSize,
+		}
+
+		if options.Verbose {
+			r.BuildCache.Items = slices.Clone(bdu.Items)
+		}
+	}
+
+	if vdu := du.VolumeUsage; vdu != nil {
+		r.Volumes = VolumesDiskUsage{
+			ActiveCount: vdu.ActiveCount,
+			Reclaimable: vdu.Reclaimable,
+			TotalCount:  vdu.TotalCount,
+			TotalSize:   vdu.TotalSize,
+		}
+
+		if options.Verbose {
+			r.Volumes.Items = slices.Clone(vdu.Items)
+		}
+	}
+
+	return r, nil
+}
+
+// legacyDiskUsage is the response as was used by API < v1.52.
+type legacyDiskUsage struct {
+	LayersSize int64               `json:"LayersSize,omitempty"`
+	Images     []image.Summary     `json:"Images,omitzero"`
+	Containers []container.Summary `json:"Containers,omitzero"`
+	Volumes    []volume.Volume     `json:"Volumes,omitzero"`
+	BuildCache []build.CacheRecord `json:"BuildCache,omitzero"`
+}
+
+func diskUsageResultFromLegacyAPI(du *legacyDiskUsage) DiskUsageResult {
+	return DiskUsageResult{
+		Images:     imageDiskUsageFromLegacyAPI(du),
+		Containers: containerDiskUsageFromLegacyAPI(du),
+		BuildCache: buildCacheDiskUsageFromLegacyAPI(du),
+		Volumes:    volumeDiskUsageFromLegacyAPI(du),
+	}
+}
+
+func imageDiskUsageFromLegacyAPI(du *legacyDiskUsage) ImagesDiskUsage {
+	idu := ImagesDiskUsage{
+		TotalSize:  du.LayersSize,
+		TotalCount: int64(len(du.Images)),
+		Items:      du.Images,
+	}
+
+	for _, i := range idu.Items {
+		if i.Containers > 0 {
+			idu.ActiveCount++
+		} else if i.Size != -1 && i.SharedSize != -1 {
+			// Only count reclaimable size if we have size information
+			idu.Reclaimable += (i.Size - i.SharedSize)
+		}
+	}
+
+	return idu
+}
+
+func containerDiskUsageFromLegacyAPI(du *legacyDiskUsage) ContainersDiskUsage {
+	cdu := ContainersDiskUsage{
+		TotalCount: int64(len(du.Containers)),
+		Items:      du.Containers,
+	}
+
+	var used int64
+	for _, c := range cdu.Items {
+		cdu.TotalSize += c.SizeRw
+		switch c.State {
+		case container.StateRunning, container.StatePaused, container.StateRestarting:
+			cdu.ActiveCount++
+			used += c.SizeRw
+		case container.StateCreated, container.StateRemoving, container.StateExited, container.StateDead:
+			// not active
+		}
+	}
+
+	cdu.Reclaimable = cdu.TotalSize - used
+	return cdu
+}
+
+func buildCacheDiskUsageFromLegacyAPI(du *legacyDiskUsage) BuildCacheDiskUsage {
+	bdu := BuildCacheDiskUsage{
+		TotalCount: int64(len(du.BuildCache)),
+		Items:      du.BuildCache,
+	}
+
+	var used int64
+	for _, b := range du.BuildCache {
+		if !b.Shared {
+			bdu.TotalSize += b.Size
+		}
+
+		if b.InUse {
+			bdu.ActiveCount++
+			if !b.Shared {
+				used += b.Size
+			}
+		}
+	}
+
+	bdu.Reclaimable = bdu.TotalSize - used
+	return bdu
+}
+
+func volumeDiskUsageFromLegacyAPI(du *legacyDiskUsage) VolumesDiskUsage {
+	vdu := VolumesDiskUsage{
+		TotalCount: int64(len(du.Volumes)),
+		Items:      du.Volumes,
+	}
+
+	var used int64
+	for _, v := range vdu.Items {
+		// Ignore volumes with no usage data
+		if v.UsageData != nil {
+			if v.UsageData.RefCount > 0 {
+				vdu.ActiveCount++
+				used += v.UsageData.Size
+			}
+			if v.UsageData.Size > 0 {
+				vdu.TotalSize += v.UsageData.Size
+			}
+		}
+	}
+
+	vdu.Reclaimable = vdu.TotalSize - used
+	return vdu
+}
diff --git a/vendor/github.com/moby/moby/client/system_events.go b/vendor/github.com/moby/moby/client/system_events.go
new file mode 100644
index 0000000000..b0ca71a19b
--- /dev/null
+++ b/vendor/github.com/moby/moby/client/system_events.go
@@ -0,0 +1,115 @@
+package client
+
+import (
+	"context"
+	"net/http"
+	"net/url"
+	"time"
+
+	"github.com/moby/moby/api/types"
+	"github.com/moby/moby/api/types/events"
+	"github.com/moby/moby/client/internal"
+	"github.com/moby/moby/client/internal/timestamp"
+)
+
+// EventsListOptions holds parameters to filter events with.
+type EventsListOptions struct {
+	Since   string
+	Until   string
+	Filters Filters
+}
+
+// EventsResult holds the result of an Events query.
+type EventsResult struct {
+	Messages <-chan events.Message
+	Err      <-chan error
+}
+
+// Events returns a stream of events in the daemon. It's up to the caller to close the stream
+// by cancelling the context. Once the stream has been completely read an [io.EOF] error is
+// sent over the error channel. If an error is sent, all processing is stopped. It's up
+// to the caller to reopen the stream in the event of an error by reinvoking this method.
+func (cli *Client) Events(ctx context.Context, options EventsListOptions) EventsResult {
+	messages := make(chan events.Message)
+	errs := make(chan error, 1)
+
+	started := make(chan struct{})
+	go func() {
+		defer close(errs)
+
+		query, err := buildEventsQueryParams(options)
+		if err != nil {
+			close(started)
+			errs <- err
+			return
+		}
+
+		headers := http.Header{}
+		headers.Add("Accept", types.MediaTypeJSONLines) // Implicit q=1.0; in case server doesn't parse correctly.
+		headers.Add("Accept", types.MediaTypeNDJSON+";q=0.9")
+		headers.Add("Accept", types.MediaTypeJSONSequence+";q=0.5")
+		resp, err := cli.get(ctx, "/events", query, headers)
+		if err != nil {
+			close(started)
+			errs <- err
+			return
+		}
+		defer resp.Body.Close()
+
+		contentType := resp.Header.Get("Content-Type")
+		decoder := internal.NewJSONStreamDecoder(resp.Body, contentType)
+
+		close(started)
+		for {
+			select {
+			case <-ctx.Done():
+				errs <- ctx.Err()
+				return
+			default:
+				var event events.Message
+				if err := decoder(&event); err != nil {
+					errs <- err
+					return
+				}
+
+				select {
+				case messages <- event:
+				case <-ctx.Done():
+					errs <- ctx.Err()
+					return
+				}
+			}
+		}
+	}()
+	<-started
+
+	return EventsResult{
+		Messages: messages,
+		Err:      errs,
+	}
+}
+
+func buildEventsQueryParams(options EventsListOptions) (url.Values, error) {
+	query := url.Values{}
+	ref := time.Now()
+
+	if options.Since != "" {
+		ts, err := timestamp.GetTimestamp(options.Since, ref)
+		if err != nil {
+			return nil, err
+		}
+		query.Set("since", ts)
+	}
+
+	if options.Until != "" {
+		ts, err := timestamp.GetTimestamp(options.Until, ref)
+		if err != nil {
+			return nil, err
+		}
+		query.Set("until", ts)
+	}
+
+	options.Filters.updateURLValues(query)
+
+	return query, nil
+}
diff --git a/vendor/github.com/moby/moby/client/system_info.go b/vendor/github.com/moby/moby/client/system_info.go
new file mode 100644
index 0000000000..b4241742d7
--- /dev/null
+++ b/vendor/github.com/moby/moby/client/system_info.go
@@ -0,0 +1,36 @@
+package client
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"net/url"
+
+	"github.com/moby/moby/api/types/system"
+)
+
+// InfoOptions holds options for [Client.Info].
+type InfoOptions struct {
+	// No options currently; placeholder for future use
+}
+
+// SystemInfoResult holds the result of [Client.Info].
+type SystemInfoResult struct {
+	Info system.Info
+}
+
+// Info returns information about the docker server.
+func (cli *Client) Info(ctx context.Context, options InfoOptions) (SystemInfoResult, error) {
+	resp, err := cli.get(ctx, "/info", url.Values{}, nil)
+	defer ensureReaderClosed(resp)
+	if err != nil {
+		return SystemInfoResult{}, err
+	}
+
+	var info system.Info
+	if err := json.NewDecoder(resp.Body).Decode(&info); err != nil {
+		return SystemInfoResult{}, fmt.Errorf("Error reading remote info: %v", err)
+	}
+
+	return SystemInfoResult{Info: info}, nil
+}
diff --git a/vendor/github.com/moby/moby/client/task_inspect.go b/vendor/github.com/moby/moby/client/task_inspect.go
new file mode 100644
index 0000000000..96edcb09f2
--- /dev/null
+++ b/vendor/github.com/moby/moby/client/task_inspect.go
@@ -0,0 +1,36 @@
+package client
+
+import (
+	"context"
+	"encoding/json"
+
+	"github.com/moby/moby/api/types/swarm"
+)
+
+// TaskInspectOptions contains options for inspecting a task.
+type TaskInspectOptions struct {
+	// Currently no options are defined.
+}
+
+// TaskInspectResult contains the result of a task inspection.
+type TaskInspectResult struct {
+	Task swarm.Task
+	Raw  json.RawMessage
+}
+
+// TaskInspect returns the task information and its raw representation.
+func (cli *Client) TaskInspect(ctx context.Context, taskID string, options TaskInspectOptions) (TaskInspectResult, error) {
+	taskID, err := trimID("task", taskID)
+	if err != nil {
+		return TaskInspectResult{}, err
+	}
+
+	resp, err := cli.get(ctx, "/tasks/"+taskID, nil, nil)
+	if err != nil {
+		return TaskInspectResult{}, err
+	}
+
+	var out TaskInspectResult
+	out.Raw, err = decodeWithRaw(resp, &out.Task)
+	return out, err
+}
diff --git a/vendor/github.com/moby/moby/client/task_list.go b/vendor/github.com/moby/moby/client/task_list.go
new file mode 100644
index 0000000000..5f7c41bb9d
--- /dev/null
+++ b/vendor/github.com/moby/moby/client/task_list.go
@@ -0,0 +1,36 @@
+package client
+
+import (
+	"context"
+	"encoding/json"
+	"net/url"
+
+	"github.com/moby/moby/api/types/swarm"
+)
+
+// TaskListOptions holds parameters to list tasks with.
+type TaskListOptions struct {
+	Filters Filters
+}
+
+// TaskListResult contains the result of a task list operation.
+type TaskListResult struct {
+	Items []swarm.Task
+}
+
+// TaskList returns the list of tasks.
+func (cli *Client) TaskList(ctx context.Context, options TaskListOptions) (TaskListResult, error) {
+	query := url.Values{}
+
+	options.Filters.updateURLValues(query)
+
+	resp, err := cli.get(ctx, "/tasks", query, nil)
+	defer ensureReaderClosed(resp)
+	if err != nil {
+		return TaskListResult{}, err
+	}
+
+	var tasks []swarm.Task
+	err = json.NewDecoder(resp.Body).Decode(&tasks)
+	return TaskListResult{Items: tasks}, err
+}
diff --git a/vendor/github.com/moby/moby/client/task_logs.go b/vendor/github.com/moby/moby/client/task_logs.go
new file mode 100644
index 0000000000..0174ad4650
--- /dev/null
+++ b/vendor/github.com/moby/moby/client/task_logs.go
@@ -0,0 +1,84 @@
+package client
+
+import (
+	"context"
+	"io"
+	"net/url"
+	"time"
+
+	"github.com/moby/moby/client/internal/timestamp"
+)
+
+// TaskLogsOptions holds parameters to filter logs with.
+type TaskLogsOptions struct {
+	ShowStdout bool
+	ShowStderr bool
+	Since      string
+	Until      string
+	Timestamps bool
+	Follow     bool
+	Tail       string
+	Details    bool
+}
+
+// TaskLogsResult holds the result of a task logs operation.
+// It implements [io.ReadCloser].
+type TaskLogsResult interface {
+	io.ReadCloser
+}
+
+// TaskLogs returns the logs generated by a service in a [TaskLogsResult].
+// as an [io.ReadCloser]. Callers should close the stream.
+//
+// The underlying [io.ReadCloser] is automatically closed if the context is canceled,
+func (cli *Client) TaskLogs(ctx context.Context, taskID string, options TaskLogsOptions) (TaskLogsResult, error) {
+	// TODO(thaJeztah): this function needs documentation about the format of the stream (similar to for container logs)
+	// TODO(thaJeztah): migrate CLI utilities to the client where suitable; https://github.com/docker/cli/blob/v29.0.0-rc.1/cli/command/service/logs.go#L73-L348
+
+	query := url.Values{}
+	if options.ShowStdout {
+		query.Set("stdout", "1")
+	}
+
+	if options.ShowStderr {
+		query.Set("stderr", "1")
+	}
+
+	if options.Since != "" {
+		ts, err := timestamp.GetTimestamp(options.Since, time.Now())
+		if err != nil {
+			return nil, err
+		}
+		query.Set("since", ts)
+	}
+
+	if options.Timestamps {
+		query.Set("timestamps", "1")
+	}
+
+	if options.Details {
+		query.Set("details", "1")
+	}
+
+	if options.Follow {
+		query.Set("follow", "1")
+	}
+	query.Set("tail", options.Tail)
+
+	resp, err := cli.get(ctx, "/tasks/"+taskID+"/logs", query, nil)
+	if err != nil {
+		return nil, err
+	}
+	return &taskLogsResult{
+		ReadCloser: newCancelReadCloser(ctx, resp.Body),
+	}, nil
+}
+
+type taskLogsResult struct {
+	io.ReadCloser
+}
+
+var (
+	_ io.ReadCloser       = (*taskLogsResult)(nil)
+	_ ContainerLogsResult = (*taskLogsResult)(nil)
+)
diff --git a/vendor/github.com/moby/moby/client/utils.go b/vendor/github.com/moby/moby/client/utils.go
new file mode 100644
index 0000000000..1c0d09dfa2
--- /dev/null
+++ b/vendor/github.com/moby/moby/client/utils.go
@@ -0,0 +1,154 @@
+package client
+
+import (
+	"bytes"
+	"context"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"io"
+	"net/http"
+	"strconv"
+	"strings"
+	"sync"
+
+	cerrdefs "github.com/containerd/errdefs"
+	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
+)
+
+type emptyIDError string
+
+func (e emptyIDError) InvalidParameter() {}
+
+func (e emptyIDError) Error() string {
+	return "invalid " + string(e) + " name or ID: value is empty"
+}
+
+// trimID trims the given object-ID / name, returning an error if it's empty.
+func trimID(objType, id string) (string, error) {
+	id = strings.TrimSpace(id)
+	if id == "" {
+		return "", emptyIDError(objType)
+	}
+	return id, nil
+}
+
+// parseAPIVersion checks v to be a well-formed ("<major>.<minor>")
+// API version. It returns an error if the value is empty or does not
+// have the correct format, but does not validate if the API version is
+// within the supported range ([MinAPIVersion] <= v <= [MaxAPIVersion]).
+//
+// It returns version after normalizing, or an error if validation failed.
+func parseAPIVersion(version string) (string, error) {
+	if strings.TrimPrefix(strings.TrimSpace(version), "v") == "" {
+		return "", cerrdefs.ErrInvalidArgument.WithMessage("value is empty")
+	}
+	major, minor, err := parseMajorMinor(version)
+	if err != nil {
+		return "", err
+	}
+	return fmt.Sprintf("%d.%d", major, minor), nil
+}
+
+// parseMajorMinor is a helper for parseAPIVersion.
+func parseMajorMinor(v string) (major, minor int, _ error) {
+	if strings.HasPrefix(v, "v") {
+		return 0, 0, cerrdefs.ErrInvalidArgument.WithMessage("must be formatted <major>.<minor>")
+	}
+	if strings.TrimSpace(v) == "" {
+		return 0, 0, cerrdefs.ErrInvalidArgument.WithMessage("value is empty")
+	}
+
+	majVer, minVer, ok := strings.Cut(v, ".")
+	if !ok {
+		return 0, 0, cerrdefs.ErrInvalidArgument.WithMessage("must be formatted <major>.<minor>")
+	}
+	major, err := strconv.Atoi(majVer)
+	if err != nil {
+		return 0, 0, cerrdefs.ErrInvalidArgument.WithMessage("invalid major version: must be formatted <major>.<minor>")
+	}
+	minor, err = strconv.Atoi(minVer)
+	if err != nil {
+		return 0, 0, cerrdefs.ErrInvalidArgument.WithMessage("invalid minor version: must be formatted <major>.<minor>")
+	}
+	return major, minor, nil
+}
+
+// encodePlatforms marshals the given platform(s) to JSON format, to
+// be used for query-parameters for filtering / selecting platforms.
+func encodePlatforms(platform ...ocispec.Platform) ([]string, error) {
+	if len(platform) == 0 {
+		return []string{}, nil
+	}
+	if len(platform) == 1 {
+		p, err := encodePlatform(&platform[0])
+		if err != nil {
+			return nil, err
+		}
+		return []string{p}, nil
+	}
+
+	seen := make(map[string]struct{}, len(platform))
+	out := make([]string, 0, len(platform))
+	for i := range platform {
+		p, err := encodePlatform(&platform[i])
+		if err != nil {
+			return nil, err
+		}
+		if _, ok := seen[p]; !ok {
+			out = append(out, p)
+			seen[p] = struct{}{}
+		}
+	}
+	return out, nil
+}
+
+// encodePlatform marshals the given platform to JSON format, to
+// be used for query-parameters for filtering / selecting platforms. It
+// is used as a helper for encodePlatforms,
+func encodePlatform(platform *ocispec.Platform) (string, error) {
+	p, err := json.Marshal(platform)
+	if err != nil {
+		return "", fmt.Errorf("%w: invalid platform: %v", cerrdefs.ErrInvalidArgument, err)
+	}
+	return string(p), nil
+}
+
+func decodeWithRaw[T any](resp *http.Response, out *T) (raw json.RawMessage, _ error) {
+	if resp == nil || resp.Body == nil {
+		return nil, errors.New("empty response")
+	}
+	defer ensureReaderClosed(resp)
+
+	var buf bytes.Buffer
+	tr := io.TeeReader(resp.Body, &buf)
+	err := json.NewDecoder(tr).Decode(out)
+	if err != nil {
+		return nil, err
+	}
+	return buf.Bytes(), nil
+}
+
+// newCancelReadCloser wraps rc so it's automatically closed when ctx is canceled.
+// Close is idempotent and returns the first error from rc.Close.
+func newCancelReadCloser(ctx context.Context, rc io.ReadCloser) io.ReadCloser {
+	crc := &cancelReadCloser{
+		rc:    rc,
+		close: sync.OnceValue(rc.Close),
+	}
+	crc.stop = context.AfterFunc(ctx, func() { _ = crc.close() })
+	return crc
+}
+
+type cancelReadCloser struct {
+	rc    io.ReadCloser
+	close func() error
+	stop  func() bool
+}
+
+func (c *cancelReadCloser) Read(p []byte) (int, error) { return c.rc.Read(p) }
+
+func (c *cancelReadCloser) Close() error {
+	c.stop() // unregister AfterFunc
+	return c.close()
+}
diff --git a/vendor/github.com/moby/moby/client/version.go b/vendor/github.com/moby/moby/client/version.go
new file mode 100644
index 0000000000..7fa5a3fa09
--- /dev/null
+++ b/vendor/github.com/moby/moby/client/version.go
@@ -0,0 +1,81 @@
+package client
+
+import (
+	"context"
+	"encoding/json"
+
+	"github.com/moby/moby/api/types/system"
+)
+
+// ServerVersionOptions specifies options for the server version request.
+type ServerVersionOptions struct {
+	// Currently no options are supported.
+}
+
+// ServerVersionResult contains information about the Docker server host.
+type ServerVersionResult struct {
+	// Platform is the platform (product name) the server is running on.
+	Platform PlatformInfo
+
+	// Version is the version of the daemon.
+	Version string
+
+	// APIVersion is the highest API version supported by the server.
+	APIVersion string
+
+	// MinAPIVersion is the minimum API version the server supports.
+	MinAPIVersion string
+
+	// Os is the operating system the server runs on.
+	Os string
+
+	// Arch is the hardware architecture the server runs on.
+	Arch string
+
+	// Experimental indicates that the daemon runs with experimental
+	// features enabled.
+	//
+	// Deprecated: this field will be removed in the next version.
+	Experimental bool
+
+	// Components contains version information for the components making
+	// up the server. Information in this field is for informational
+	// purposes, and not part of the API contract.
+	Components []system.ComponentVersion
+}
+
+// PlatformInfo holds information about the platform (product name) the
+// server is running on.
+type PlatformInfo struct {
+	// Name is the name of the platform (for example, "Docker Engine - Community",
+	// or "Docker Desktop 4.49.0 (208003)")
+	Name string
+}
+
+// ServerVersion returns information of the Docker server host.
+func (cli *Client) ServerVersion(ctx context.Context, _ ServerVersionOptions) (ServerVersionResult, error) {
+	resp, err := cli.get(ctx, "/version", nil, nil)
+	defer ensureReaderClosed(resp)
+	if err != nil {
+		return ServerVersionResult{}, err
+	}
+
+	var v system.VersionResponse
+	err = json.NewDecoder(resp.Body).Decode(&v)
+	if err != nil {
+		return ServerVersionResult{}, err
+	}
+
+	return ServerVersionResult{
+		Platform: PlatformInfo{
+			Name: v.Platform.Name,
+		},
+		Version:       v.Version,
+		APIVersion:    v.APIVersion,
+		MinAPIVersion: v.MinAPIVersion,
+		Os:            v.Os,
+		Arch:          v.Arch,
+		Experimental:  v.Experimental, //nolint:staticcheck // ignore deprecated field.
+		Components:    v.Components,
+	}, nil
+}
diff --git a/vendor/github.com/moby/moby/client/volume_create.go b/vendor/github.com/moby/moby/client/volume_create.go
new file mode 100644
index 0000000000..674e063357
--- /dev/null
+++ b/vendor/github.com/moby/moby/client/volume_create.go
@@ -0,0 +1,42 @@
+package client
+
+import (
+	"context"
+	"encoding/json"
+
+	"github.com/moby/moby/api/types/volume"
+)
+
+// VolumeCreateOptions specifies the options to create a volume.
+type VolumeCreateOptions struct {
+	Name              string
+	Driver            string
+	DriverOpts        map[string]string
+	Labels            map[string]string
+	ClusterVolumeSpec *volume.ClusterVolumeSpec
+}
+
+// VolumeCreateResult is the result of a volume creation.
+type VolumeCreateResult struct {
+	Volume volume.Volume
+}
+
+// VolumeCreate creates a volume in the docker host.
+func (cli *Client) VolumeCreate(ctx context.Context, options VolumeCreateOptions) (VolumeCreateResult, error) {
+	createRequest := volume.CreateRequest{
+		Name:              options.Name,
+		Driver:            options.Driver,
+		DriverOpts:        options.DriverOpts,
+		Labels:            options.Labels,
+		ClusterVolumeSpec: options.ClusterVolumeSpec,
+	}
+	resp, err := cli.post(ctx, "/volumes/create", nil, createRequest, nil)
+	defer ensureReaderClosed(resp)
+	if err != nil {
+		return VolumeCreateResult{}, err
+	}
+
+	var v volume.Volume
+	err = json.NewDecoder(resp.Body).Decode(&v)
+	return VolumeCreateResult{Volume: v}, err
+}
diff --git a/vendor/github.com/moby/moby/client/volume_inspect.go b/vendor/github.com/moby/moby/client/volume_inspect.go
new file mode 100644
index 0000000000..cf00236a2a
--- /dev/null
+++ b/vendor/github.com/moby/moby/client/volume_inspect.go
@@ -0,0 +1,36 @@
+package client
+
+import (
+	"context"
+	"encoding/json"
+
+	"github.com/moby/moby/api/types/volume"
+)
+
+// VolumeInspectOptions holds options for inspecting a volume.
+type VolumeInspectOptions struct {
+	// Add future optional parameters here
+}
+
+// VolumeInspectResult holds the result from the [Client.VolumeInspect] method.
+type VolumeInspectResult struct {
+	Volume volume.Volume
+	Raw    json.RawMessage
+}
+
+// VolumeInspect returns the information about a specific volume in the docker host.
+func (cli *Client) VolumeInspect(ctx context.Context, volumeID string, options VolumeInspectOptions) (VolumeInspectResult, error) {
+	volumeID, err := trimID("volume", volumeID)
+	if err != nil {
+		return VolumeInspectResult{}, err
+	}
+
+	resp, err := cli.get(ctx, "/volumes/"+volumeID, nil, nil)
+	if err != nil {
+		return VolumeInspectResult{}, err
+	}
+
+	var out VolumeInspectResult
+	out.Raw, err = decodeWithRaw(resp, &out.Volume)
+	return out, err
+}
diff --git a/vendor/github.com/moby/moby/client/volume_list.go b/vendor/github.com/moby/moby/client/volume_list.go
new file mode 100644
index 0000000000..989a0292ec
--- /dev/null
+++ b/vendor/github.com/moby/moby/client/volume_list.go
@@ -0,0 +1,46 @@
+package client
+
+import (
+	"context"
+	"encoding/json"
+	"net/url"
+
+	"github.com/moby/moby/api/types/volume"
+)
+
+// VolumeListOptions holds parameters to list volumes.
+type VolumeListOptions struct {
+	Filters Filters
+}
+
+// VolumeListResult holds the result from the [Client.VolumeList] method.
+type VolumeListResult struct {
+	// List of volumes.
+	Items []volume.Volume
+
+	// Warnings that occurred when fetching the list of volumes.
+	Warnings []string
+}
+
+// VolumeList returns the volumes configured in the docker host.
+func (cli *Client) VolumeList(ctx context.Context, options VolumeListOptions) (VolumeListResult, error) {
+	query := url.Values{}
+
+	options.Filters.updateURLValues(query)
+	resp, err := cli.get(ctx, "/volumes", query, nil)
+	defer ensureReaderClosed(resp)
+	if err != nil {
+		return VolumeListResult{}, err
+	}
+
+	var apiResp volume.ListResponse
+	err = json.NewDecoder(resp.Body).Decode(&apiResp)
+	if err != nil {
+		return VolumeListResult{}, err
+	}
+
+	return VolumeListResult{
+		Items:    apiResp.Volumes,
+		Warnings: apiResp.Warnings,
+	}, nil
+}
diff --git a/vendor/github.com/moby/moby/client/volume_prune.go b/vendor/github.com/moby/moby/client/volume_prune.go
new file mode 100644
index 0000000000..eec0f482ba
--- /dev/null
+++ b/vendor/github.com/moby/moby/client/volume_prune.go
@@ -0,0 +1,55 @@
+package client
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"net/url"
+
+	cerrdefs "github.com/containerd/errdefs"
+	"github.com/moby/moby/api/types/volume"
+)
+
+// VolumePruneOptions holds parameters to prune volumes.
+type VolumePruneOptions struct {
+	// All controls whether named volumes should also be pruned. By
+	// default, only anonymous volumes are pruned.
+	All bool
+
+	// Filters to apply when pruning.
+	Filters Filters
+}
+
+// VolumePruneResult holds the result from the [Client.VolumePrune] method.
+type VolumePruneResult struct {
+	Report volume.PruneReport
+}
+
+// VolumePrune requests the daemon to delete unused data
+func (cli *Client) VolumePrune(ctx context.Context, options VolumePruneOptions) (VolumePruneResult, error) {
+	if options.All {
+		if _, ok := options.Filters["all"]; ok {
+			return VolumePruneResult{}, cerrdefs.ErrInvalidArgument.WithMessage(`conflicting options: cannot specify both "all" and "all" filter`)
+		}
+		if options.Filters == nil {
+			options.Filters = Filters{}
+		}
+		options.Filters.Add("all", "true")
+	}
+
+	query := url.Values{}
+	options.Filters.updateURLValues(query)
+
+	resp, err := cli.post(ctx, "/volumes/prune", query, nil, nil)
+	defer ensureReaderClosed(resp)
+	if err != nil {
+		return VolumePruneResult{}, err
+	}
+
+	var report volume.PruneReport
+	if err := json.NewDecoder(resp.Body).Decode(&report); err != nil {
+		return VolumePruneResult{}, fmt.Errorf("error retrieving volume prune report: %v", err)
+	}
+
+	return VolumePruneResult{Report: report}, nil
+}
diff --git a/vendor/github.com/moby/moby/client/volume_remove.go b/vendor/github.com/moby/moby/client/volume_remove.go
new file mode 100644
index 0000000000..0449e08d4a
--- /dev/null
+++ b/vendor/github.com/moby/moby/client/volume_remove.go
@@ -0,0 +1,36 @@
+package client
+
+import (
+	"context"
+	"net/url"
+)
+
+// VolumeRemoveOptions holds options for [Client.VolumeRemove].
+type VolumeRemoveOptions struct {
+	// Force the removal of the volume
+	Force bool
+}
+
+// VolumeRemoveResult holds the result of [Client.VolumeRemove],
+type VolumeRemoveResult struct {
+	// Add future fields here.
+}
+
+// VolumeRemove removes a volume from the docker host.
+func (cli *Client) VolumeRemove(ctx context.Context, volumeID string, options VolumeRemoveOptions) (VolumeRemoveResult, error) {
+	volumeID, err := trimID("volume", volumeID)
+	if err != nil {
+		return VolumeRemoveResult{}, err
+	}
+
+	query := url.Values{}
+	if options.Force {
+		query.Set("force", "1")
+	}
+	resp, err := cli.delete(ctx, "/volumes/"+volumeID, query, nil)
+	defer ensureReaderClosed(resp)
+	if err != nil {
+		return VolumeRemoveResult{}, err
+	}
+	return VolumeRemoveResult{}, nil
+}
diff --git a/vendor/github.com/moby/moby/client/volume_update.go b/vendor/github.com/moby/moby/client/volume_update.go
new file mode 100644
index 0000000000..5aa2a0aa17
--- /dev/null
+++ b/vendor/github.com/moby/moby/client/volume_update.go
@@ -0,0 +1,40 @@
+package client
+
+import (
+	"context"
+	"net/url"
+
+	"github.com/moby/moby/api/types/swarm"
+	"github.com/moby/moby/api/types/volume"
+)
+
+// VolumeUpdateOptions holds options for [Client.VolumeUpdate].
+type VolumeUpdateOptions struct {
+	Version swarm.Version
+	// Spec is the ClusterVolumeSpec to update the volume to.
+	Spec *volume.ClusterVolumeSpec `json:"Spec,omitempty"`
+}
+
+// VolumeUpdateResult holds the result of [Client.VolumeUpdate],
+type VolumeUpdateResult struct {
+	// Add future fields here.
+}
+
+// VolumeUpdate updates a volume. This only works for Cluster Volumes, and
+// only some fields can be updated.
+func (cli *Client) VolumeUpdate(ctx context.Context, volumeID string, options VolumeUpdateOptions) (VolumeUpdateResult, error) {
+	volumeID, err := trimID("volume", volumeID)
+	if err != nil {
+		return VolumeUpdateResult{}, err
+	}
+
+	query := url.Values{}
+	query.Set("version", options.Version.String())
+
+	resp, err := cli.put(ctx, "/volumes/"+volumeID, query, options, nil)
+	defer ensureReaderClosed(resp)
+	if err != nil {
+		return VolumeUpdateResult{}, err
+	}
+	return VolumeUpdateResult{}, nil
+}
diff --git a/vendor/github.com/moby/patternmatcher/patternmatcher.go b/vendor/github.com/moby/patternmatcher/patternmatcher.go
index 37a1a59ac4..216dea671e 100644
--- a/vendor/github.com/moby/patternmatcher/patternmatcher.go
+++ b/vendor/github.com/moby/patternmatcher/patternmatcher.go
@@ -331,14 +331,20 @@ func (p *Pattern) match(path string) (bool, error) {
 		// **/foo matches "foo"
 		return suffix[0] == os.PathSeparator && path == suffix[1:], nil
 	case regexpMatch:
+		if p.regexp == nil {
+			return false, filepath.ErrBadPattern
+		}
 		return p.regexp.MatchString(path), nil
+	case unknownMatch:
+		return false, filepath.ErrBadPattern
+	default:
+		return false, nil
 	}
-
-	return false, nil
 }
 
 func (p *Pattern) compile(sl string) error {
 	regStr := "^"
+	detectedType := exactMatch // assume exact match
 	pattern := p.cleanedPattern
 	// Go through the pattern and convert it to a regexp.
 	// We use a scanner so we can support utf-8 chars.
@@ -350,7 +356,6 @@ func (p *Pattern) compile(sl string) error {
 		escSL += `\`
 	}
 
-	p.matchType = exactMatch
 	for i := 0; scan.Peek() != scanner.EOF; i++ {
 		ch := scan.Next()
 
@@ -366,32 +371,32 @@ func (p *Pattern) compile(sl string) error {
 
 				if scan.Peek() == scanner.EOF {
 					// is "**EOF" - to align with .gitignore just accept all
-					if p.matchType == exactMatch {
-						p.matchType = prefixMatch
+					if detectedType == exactMatch {
+						detectedType = prefixMatch
 					} else {
 						regStr += ".*"
-						p.matchType = regexpMatch
+						detectedType = regexpMatch
 					}
 				} else {
 					// is "**"
 					// Note that this allows for any # of /'s (even 0) because
 					// the .* will eat everything, even /'s
 					regStr += "(.*" + escSL + ")?"
-					p.matchType = regexpMatch
+					detectedType = regexpMatch
 				}
 
 				if i == 0 {
-					p.matchType = suffixMatch
+					detectedType = suffixMatch
 				}
 			} else {
 				// is "*" so map it to anything but "/"
 				regStr += "[^" + escSL + "]*"
-				p.matchType = regexpMatch
+				detectedType = regexpMatch
 			}
 		} else if ch == '?' {
 			// "?" is any char except "/"
 			regStr += "[^" + escSL + "]"
-			p.matchType = regexpMatch
+			detectedType = regexpMatch
 		} else if shouldEscape(ch) {
 			// Escape some regexp special chars that have no meaning
 			// in golang's filepath.Match
@@ -408,31 +413,29 @@ func (p *Pattern) compile(sl string) error {
 			}
 			if scan.Peek() != scanner.EOF {
 				regStr += `\` + string(scan.Next())
-				p.matchType = regexpMatch
+				detectedType = regexpMatch
 			} else {
 				regStr += `\`
 			}
 		} else if ch == '[' || ch == ']' {
 			regStr += string(ch)
-			p.matchType = regexpMatch
+			detectedType = regexpMatch
 		} else {
 			regStr += string(ch)
 		}
 	}
 
-	if p.matchType != regexpMatch {
-		return nil
+	if detectedType == regexpMatch {
+		regStr += "$"
+
+		re, err := regexp.Compile(regStr)
+		if err != nil {
+			return err
+		}
+
+		p.regexp = re
 	}
-
-	regStr += "$"
-
-	re, err := regexp.Compile(regStr)
-	if err != nil {
-		return err
-	}
-
-	p.regexp = re
-	p.matchType = regexpMatch
+	p.matchType = detectedType
 	return nil
 }
 
diff --git a/vendor/github.com/morikuni/aec/LICENSE b/vendor/github.com/morikuni/aec/LICENSE
deleted file mode 100644
index 1c26401641..0000000000
--- a/vendor/github.com/morikuni/aec/LICENSE
+++ /dev/null
@@ -1,21 +0,0 @@
-The MIT License (MIT)
-
-Copyright (c) 2016 Taihei Morikuni
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.
diff --git a/vendor/github.com/morikuni/aec/README.md b/vendor/github.com/morikuni/aec/README.md
deleted file mode 100644
index 3cbc4343ee..0000000000
--- a/vendor/github.com/morikuni/aec/README.md
+++ /dev/null
@@ -1,178 +0,0 @@
-# aec
-
-[![GoDoc](https://godoc.org/github.com/morikuni/aec?status.svg)](https://godoc.org/github.com/morikuni/aec)
-
-Go wrapper for ANSI escape code.
-
-## Install
-
-```bash
-go get github.com/morikuni/aec
-```
-
-## Features
-
-ANSI escape codes depend on terminal environment.  
-Some of these features may not work.  
-Check supported Font-Style/Font-Color features with [checkansi](./checkansi).
-
-[Wikipedia](https://en.wikipedia.org/wiki/ANSI_escape_code) for more detail.
-
-### Cursor
-
-- `Up(n)`
-- `Down(n)`
-- `Right(n)`
-- `Left(n)`
-- `NextLine(n)`
-- `PreviousLine(n)`
-- `Column(col)`
-- `Position(row, col)`
-- `Save`
-- `Restore`
-- `Hide`
-- `Show`
-- `Report`
-
-### Erase
-
-- `EraseDisplay(mode)`
-- `EraseLine(mode)`
-
-### Scroll
-
-- `ScrollUp(n)`
-- `ScrollDown(n)`
-
-### Font Style
-
-- `Bold`
-- `Faint`
-- `Italic`
-- `Underline`
-- `BlinkSlow`
-- `BlinkRapid`
-- `Inverse`
-- `Conceal`
-- `CrossOut`
-- `Frame`
-- `Encircle`
-- `Overline`
-
-### Font Color
-
-Foreground color.
-
-- `DefaultF`
-- `BlackF`
-- `RedF`
-- `GreenF`
-- `YellowF`
-- `BlueF`
-- `MagentaF`
-- `CyanF`
-- `WhiteF`
-- `LightBlackF`
-- `LightRedF`
-- `LightGreenF`
-- `LightYellowF`
-- `LightBlueF`
-- `LightMagentaF`
-- `LightCyanF`
-- `LightWhiteF`
-- `Color3BitF(color)`
-- `Color8BitF(color)`
-- `FullColorF(r, g, b)`
-
-Background color.
-
-- `DefaultB`
-- `BlackB`
-- `RedB`
-- `GreenB`
-- `YellowB`
-- `BlueB`
-- `MagentaB`
-- `CyanB`
-- `WhiteB`
-- `LightBlackB`
-- `LightRedB`
-- `LightGreenB`
-- `LightYellowB`
-- `LightBlueB`
-- `LightMagentaB`
-- `LightCyanB`
-- `LightWhiteB`
-- `Color3BitB(color)`
-- `Color8BitB(color)`
-- `FullColorB(r, g, b)`
-
-### Color Converter
-
-24bit RGB color to ANSI color.
-
-- `NewRGB3Bit(r, g, b)`
-- `NewRGB8Bit(r, g, b)`
-
-### Builder
-
-To mix these features.
-
-```go
-custom := aec.EmptyBuilder.Right(2).RGB8BitF(128, 255, 64).RedB().ANSI
-custom.Apply("Hello World")
-```
-
-## Usage
-
-1. Create ANSI by `aec.XXX().With(aec.YYY())` or `aec.EmptyBuilder.XXX().YYY().ANSI`
-2. Print ANSI by `fmt.Print(ansi, "some string", aec.Reset)` or `fmt.Print(ansi.Apply("some string"))`
-
-`aec.Reset` should be added when using font style or font color features.
-
-## Example
-
-Simple progressbar.
-
-![sample](./sample.gif)
-
-```go
-package main
-
-import (
-	"fmt"
-	"strings"
-	"time"
-
-	"github.com/morikuni/aec"
-)
-
-func main() {
-	const n = 20
-	builder := aec.EmptyBuilder
-
-	up2 := aec.Up(2)
-	col := aec.Column(n + 2)
-	bar := aec.Color8BitF(aec.NewRGB8Bit(64, 255, 64))
-	label := builder.LightRedF().Underline().With(col).Right(1).ANSI
-
-	// for up2
-	fmt.Println()
-	fmt.Println()
-
-	for i := 0; i <= n; i++ {
-		fmt.Print(up2)
-		fmt.Println(label.Apply(fmt.Sprint(i, "/", n)))
-		fmt.Print("[")
-		fmt.Print(bar.Apply(strings.Repeat("=", i)))
-		fmt.Println(col.Apply("]"))
-		time.Sleep(100 * time.Millisecond)
-	}
-}
-```
-
-## License
-
-[MIT](./LICENSE)
-
-
diff --git a/vendor/github.com/morikuni/aec/aec.go b/vendor/github.com/morikuni/aec/aec.go
deleted file mode 100644
index 566be6eb1e..0000000000
--- a/vendor/github.com/morikuni/aec/aec.go
+++ /dev/null
@@ -1,137 +0,0 @@
-package aec
-
-import "fmt"
-
-// EraseMode is listed in a variable EraseModes.
-type EraseMode uint
-
-var (
-	// EraseModes is a list of EraseMode.
-	EraseModes struct {
-		// All erase all.
-		All EraseMode
-
-		// Head erase to head.
-		Head EraseMode
-
-		// Tail erase to tail.
-		Tail EraseMode
-	}
-
-	// Save saves the cursor position.
-	Save ANSI
-
-	// Restore restores the cursor position.
-	Restore ANSI
-
-	// Hide hides the cursor.
-	Hide ANSI
-
-	// Show shows the cursor.
-	Show ANSI
-
-	// Report reports the cursor position.
-	Report ANSI
-)
-
-// Up moves up the cursor.
-func Up(n uint) ANSI {
-	if n == 0 {
-		return empty
-	}
-	return newAnsi(fmt.Sprintf(esc+"%dA", n))
-}
-
-// Down moves down the cursor.
-func Down(n uint) ANSI {
-	if n == 0 {
-		return empty
-	}
-	return newAnsi(fmt.Sprintf(esc+"%dB", n))
-}
-
-// Right moves right the cursor.
-func Right(n uint) ANSI {
-	if n == 0 {
-		return empty
-	}
-	return newAnsi(fmt.Sprintf(esc+"%dC", n))
-}
-
-// Left moves left the cursor.
-func Left(n uint) ANSI {
-	if n == 0 {
-		return empty
-	}
-	return newAnsi(fmt.Sprintf(esc+"%dD", n))
-}
-
-// NextLine moves down the cursor to head of a line.
-func NextLine(n uint) ANSI {
-	if n == 0 {
-		return empty
-	}
-	return newAnsi(fmt.Sprintf(esc+"%dE", n))
-}
-
-// PreviousLine moves up the cursor to head of a line.
-func PreviousLine(n uint) ANSI {
-	if n == 0 {
-		return empty
-	}
-	return newAnsi(fmt.Sprintf(esc+"%dF", n))
-}
-
-// Column set the cursor position to a given column.
-func Column(col uint) ANSI {
-	return newAnsi(fmt.Sprintf(esc+"%dG", col))
-}
-
-// Position set the cursor position to a given absolute position.
-func Position(row, col uint) ANSI {
-	return newAnsi(fmt.Sprintf(esc+"%d;%dH", row, col))
-}
-
-// EraseDisplay erases display by given EraseMode.
-func EraseDisplay(m EraseMode) ANSI {
-	return newAnsi(fmt.Sprintf(esc+"%dJ", m))
-}
-
-// EraseLine erases lines by given EraseMode.
-func EraseLine(m EraseMode) ANSI {
-	return newAnsi(fmt.Sprintf(esc+"%dK", m))
-}
-
-// ScrollUp scrolls up the page.
-func ScrollUp(n int) ANSI {
-	if n == 0 {
-		return empty
-	}
-	return newAnsi(fmt.Sprintf(esc+"%dS", n))
-}
-
-// ScrollDown scrolls down the page.
-func ScrollDown(n int) ANSI {
-	if n == 0 {
-		return empty
-	}
-	return newAnsi(fmt.Sprintf(esc+"%dT", n))
-}
-
-func init() {
-	EraseModes = struct {
-		All  EraseMode
-		Head EraseMode
-		Tail EraseMode
-	}{
-		Tail: 0,
-		Head: 1,
-		All:  2,
-	}
-
-	Save = newAnsi(esc + "s")
-	Restore = newAnsi(esc + "u")
-	Hide = newAnsi(esc + "?25l")
-	Show = newAnsi(esc + "?25h")
-	Report = newAnsi(esc + "6n")
-}
diff --git a/vendor/github.com/morikuni/aec/ansi.go b/vendor/github.com/morikuni/aec/ansi.go
deleted file mode 100644
index e60722e6e6..0000000000
--- a/vendor/github.com/morikuni/aec/ansi.go
+++ /dev/null
@@ -1,59 +0,0 @@
-package aec
-
-import (
-	"fmt"
-	"strings"
-)
-
-const esc = "\x1b["
-
-// Reset resets SGR effect.
-const Reset string = "\x1b[0m"
-
-var empty = newAnsi("")
-
-// ANSI represents ANSI escape code.
-type ANSI interface {
-	fmt.Stringer
-
-	// With adapts given ANSIs.
-	With(...ANSI) ANSI
-
-	// Apply wraps given string in ANSI.
-	Apply(string) string
-}
-
-type ansiImpl string
-
-func newAnsi(s string) *ansiImpl {
-	r := ansiImpl(s)
-	return &r
-}
-
-func (a *ansiImpl) With(ansi ...ANSI) ANSI {
-	return concat(append([]ANSI{a}, ansi...))
-}
-
-func (a *ansiImpl) Apply(s string) string {
-	return a.String() + s + Reset
-}
-
-func (a *ansiImpl) String() string {
-	return string(*a)
-}
-
-// Apply wraps given string in ANSIs.
-func Apply(s string, ansi ...ANSI) string {
-	if len(ansi) == 0 {
-		return s
-	}
-	return concat(ansi).Apply(s)
-}
-
-func concat(ansi []ANSI) ANSI {
-	strs := make([]string, 0, len(ansi))
-	for _, p := range ansi {
-		strs = append(strs, p.String())
-	}
-	return newAnsi(strings.Join(strs, ""))
-}
diff --git a/vendor/github.com/morikuni/aec/builder.go b/vendor/github.com/morikuni/aec/builder.go
deleted file mode 100644
index 13bd002d4e..0000000000
--- a/vendor/github.com/morikuni/aec/builder.go
+++ /dev/null
@@ -1,388 +0,0 @@
-package aec
-
-// Builder is a lightweight syntax to construct customized ANSI.
-type Builder struct {
-	ANSI ANSI
-}
-
-// EmptyBuilder is an initialized Builder.
-var EmptyBuilder *Builder
-
-// NewBuilder creates a Builder from existing ANSI.
-func NewBuilder(a ...ANSI) *Builder {
-	return &Builder{concat(a)}
-}
-
-// With is a syntax for With.
-func (builder *Builder) With(a ...ANSI) *Builder {
-	return NewBuilder(builder.ANSI.With(a...))
-}
-
-// Up is a syntax for Up.
-func (builder *Builder) Up(n uint) *Builder {
-	return builder.With(Up(n))
-}
-
-// Down is a syntax for Down.
-func (builder *Builder) Down(n uint) *Builder {
-	return builder.With(Down(n))
-}
-
-// Right is a syntax for Right.
-func (builder *Builder) Right(n uint) *Builder {
-	return builder.With(Right(n))
-}
-
-// Left is a syntax for Left.
-func (builder *Builder) Left(n uint) *Builder {
-	return builder.With(Left(n))
-}
-
-// NextLine is a syntax for NextLine.
-func (builder *Builder) NextLine(n uint) *Builder {
-	return builder.With(NextLine(n))
-}
-
-// PreviousLine is a syntax for PreviousLine.
-func (builder *Builder) PreviousLine(n uint) *Builder {
-	return builder.With(PreviousLine(n))
-}
-
-// Column is a syntax for Column.
-func (builder *Builder) Column(col uint) *Builder {
-	return builder.With(Column(col))
-}
-
-// Position is a syntax for Position.
-func (builder *Builder) Position(row, col uint) *Builder {
-	return builder.With(Position(row, col))
-}
-
-// EraseDisplay is a syntax for EraseDisplay.
-func (builder *Builder) EraseDisplay(m EraseMode) *Builder {
-	return builder.With(EraseDisplay(m))
-}
-
-// EraseLine is a syntax for EraseLine.
-func (builder *Builder) EraseLine(m EraseMode) *Builder {
-	return builder.With(EraseLine(m))
-}
-
-// ScrollUp is a syntax for ScrollUp.
-func (builder *Builder) ScrollUp(n int) *Builder {
-	return builder.With(ScrollUp(n))
-}
-
-// ScrollDown is a syntax for ScrollDown.
-func (builder *Builder) ScrollDown(n int) *Builder {
-	return builder.With(ScrollDown(n))
-}
-
-// Save is a syntax for Save.
-func (builder *Builder) Save() *Builder {
-	return builder.With(Save)
-}
-
-// Restore is a syntax for Restore.
-func (builder *Builder) Restore() *Builder {
-	return builder.With(Restore)
-}
-
-// Hide is a syntax for Hide.
-func (builder *Builder) Hide() *Builder {
-	return builder.With(Hide)
-}
-
-// Show is a syntax for Show.
-func (builder *Builder) Show() *Builder {
-	return builder.With(Show)
-}
-
-// Report is a syntax for Report.
-func (builder *Builder) Report() *Builder {
-	return builder.With(Report)
-}
-
-// Bold is a syntax for Bold.
-func (builder *Builder) Bold() *Builder {
-	return builder.With(Bold)
-}
-
-// Faint is a syntax for Faint.
-func (builder *Builder) Faint() *Builder {
-	return builder.With(Faint)
-}
-
-// Italic is a syntax for Italic.
-func (builder *Builder) Italic() *Builder {
-	return builder.With(Italic)
-}
-
-// Underline is a syntax for Underline.
-func (builder *Builder) Underline() *Builder {
-	return builder.With(Underline)
-}
-
-// BlinkSlow is a syntax for BlinkSlow.
-func (builder *Builder) BlinkSlow() *Builder {
-	return builder.With(BlinkSlow)
-}
-
-// BlinkRapid is a syntax for BlinkRapid.
-func (builder *Builder) BlinkRapid() *Builder {
-	return builder.With(BlinkRapid)
-}
-
-// Inverse is a syntax for Inverse.
-func (builder *Builder) Inverse() *Builder {
-	return builder.With(Inverse)
-}
-
-// Conceal is a syntax for Conceal.
-func (builder *Builder) Conceal() *Builder {
-	return builder.With(Conceal)
-}
-
-// CrossOut is a syntax for CrossOut.
-func (builder *Builder) CrossOut() *Builder {
-	return builder.With(CrossOut)
-}
-
-// BlackF is a syntax for BlackF.
-func (builder *Builder) BlackF() *Builder {
-	return builder.With(BlackF)
-}
-
-// RedF is a syntax for RedF.
-func (builder *Builder) RedF() *Builder {
-	return builder.With(RedF)
-}
-
-// GreenF is a syntax for GreenF.
-func (builder *Builder) GreenF() *Builder {
-	return builder.With(GreenF)
-}
-
-// YellowF is a syntax for YellowF.
-func (builder *Builder) YellowF() *Builder {
-	return builder.With(YellowF)
-}
-
-// BlueF is a syntax for BlueF.
-func (builder *Builder) BlueF() *Builder {
-	return builder.With(BlueF)
-}
-
-// MagentaF is a syntax for MagentaF.
-func (builder *Builder) MagentaF() *Builder {
-	return builder.With(MagentaF)
-}
-
-// CyanF is a syntax for CyanF.
-func (builder *Builder) CyanF() *Builder {
-	return builder.With(CyanF)
-}
-
-// WhiteF is a syntax for WhiteF.
-func (builder *Builder) WhiteF() *Builder {
-	return builder.With(WhiteF)
-}
-
-// DefaultF is a syntax for DefaultF.
-func (builder *Builder) DefaultF() *Builder {
-	return builder.With(DefaultF)
-}
-
-// BlackB is a syntax for BlackB.
-func (builder *Builder) BlackB() *Builder {
-	return builder.With(BlackB)
-}
-
-// RedB is a syntax for RedB.
-func (builder *Builder) RedB() *Builder {
-	return builder.With(RedB)
-}
-
-// GreenB is a syntax for GreenB.
-func (builder *Builder) GreenB() *Builder {
-	return builder.With(GreenB)
-}
-
-// YellowB is a syntax for YellowB.
-func (builder *Builder) YellowB() *Builder {
-	return builder.With(YellowB)
-}
-
-// BlueB is a syntax for BlueB.
-func (builder *Builder) BlueB() *Builder {
-	return builder.With(BlueB)
-}
-
-// MagentaB is a syntax for MagentaB.
-func (builder *Builder) MagentaB() *Builder {
-	return builder.With(MagentaB)
-}
-
-// CyanB is a syntax for CyanB.
-func (builder *Builder) CyanB() *Builder {
-	return builder.With(CyanB)
-}
-
-// WhiteB is a syntax for WhiteB.
-func (builder *Builder) WhiteB() *Builder {
-	return builder.With(WhiteB)
-}
-
-// DefaultB is a syntax for DefaultB.
-func (builder *Builder) DefaultB() *Builder {
-	return builder.With(DefaultB)
-}
-
-// Frame is a syntax for Frame.
-func (builder *Builder) Frame() *Builder {
-	return builder.With(Frame)
-}
-
-// Encircle is a syntax for Encircle.
-func (builder *Builder) Encircle() *Builder {
-	return builder.With(Encircle)
-}
-
-// Overline is a syntax for Overline.
-func (builder *Builder) Overline() *Builder {
-	return builder.With(Overline)
-}
-
-// LightBlackF is a syntax for LightBlueF.
-func (builder *Builder) LightBlackF() *Builder {
-	return builder.With(LightBlackF)
-}
-
-// LightRedF is a syntax for LightRedF.
-func (builder *Builder) LightRedF() *Builder {
-	return builder.With(LightRedF)
-}
-
-// LightGreenF is a syntax for LightGreenF.
-func (builder *Builder) LightGreenF() *Builder {
-	return builder.With(LightGreenF)
-}
-
-// LightYellowF is a syntax for LightYellowF.
-func (builder *Builder) LightYellowF() *Builder {
-	return builder.With(LightYellowF)
-}
-
-// LightBlueF is a syntax for LightBlueF.
-func (builder *Builder) LightBlueF() *Builder {
-	return builder.With(LightBlueF)
-}
-
-// LightMagentaF is a syntax for LightMagentaF.
-func (builder *Builder) LightMagentaF() *Builder {
-	return builder.With(LightMagentaF)
-}
-
-// LightCyanF is a syntax for LightCyanF.
-func (builder *Builder) LightCyanF() *Builder {
-	return builder.With(LightCyanF)
-}
-
-// LightWhiteF is a syntax for LightWhiteF.
-func (builder *Builder) LightWhiteF() *Builder {
-	return builder.With(LightWhiteF)
-}
-
-// LightBlackB is a syntax for LightBlackB.
-func (builder *Builder) LightBlackB() *Builder {
-	return builder.With(LightBlackB)
-}
-
-// LightRedB is a syntax for LightRedB.
-func (builder *Builder) LightRedB() *Builder {
-	return builder.With(LightRedB)
-}
-
-// LightGreenB is a syntax for LightGreenB.
-func (builder *Builder) LightGreenB() *Builder {
-	return builder.With(LightGreenB)
-}
-
-// LightYellowB is a syntax for LightYellowB.
-func (builder *Builder) LightYellowB() *Builder {
-	return builder.With(LightYellowB)
-}
-
-// LightBlueB is a syntax for LightBlueB.
-func (builder *Builder) LightBlueB() *Builder {
-	return builder.With(LightBlueB)
-}
-
-// LightMagentaB is a syntax for LightMagentaB.
-func (builder *Builder) LightMagentaB() *Builder {
-	return builder.With(LightMagentaB)
-}
-
-// LightCyanB is a syntax for LightCyanB.
-func (builder *Builder) LightCyanB() *Builder {
-	return builder.With(LightCyanB)
-}
-
-// LightWhiteB is a syntax for LightWhiteB.
-func (builder *Builder) LightWhiteB() *Builder {
-	return builder.With(LightWhiteB)
-}
-
-// Color3BitF is a syntax for Color3BitF.
-func (builder *Builder) Color3BitF(c RGB3Bit) *Builder {
-	return builder.With(Color3BitF(c))
-}
-
-// Color3BitB is a syntax for Color3BitB.
-func (builder *Builder) Color3BitB(c RGB3Bit) *Builder {
-	return builder.With(Color3BitB(c))
-}
-
-// Color8BitF is a syntax for Color8BitF.
-func (builder *Builder) Color8BitF(c RGB8Bit) *Builder {
-	return builder.With(Color8BitF(c))
-}
-
-// Color8BitB is a syntax for Color8BitB.
-func (builder *Builder) Color8BitB(c RGB8Bit) *Builder {
-	return builder.With(Color8BitB(c))
-}
-
-// FullColorF is a syntax for FullColorF.
-func (builder *Builder) FullColorF(r, g, b uint8) *Builder {
-	return builder.With(FullColorF(r, g, b))
-}
-
-// FullColorB is a syntax for FullColorB.
-func (builder *Builder) FullColorB(r, g, b uint8) *Builder {
-	return builder.With(FullColorB(r, g, b))
-}
-
-// RGB3BitF is a syntax for Color3BitF with NewRGB3Bit.
-func (builder *Builder) RGB3BitF(r, g, b uint8) *Builder {
-	return builder.Color3BitF(NewRGB3Bit(r, g, b))
-}
-
-// RGB3BitB is a syntax for Color3BitB with NewRGB3Bit.
-func (builder *Builder) RGB3BitB(r, g, b uint8) *Builder {
-	return builder.Color3BitB(NewRGB3Bit(r, g, b))
-}
-
-// RGB8BitF is a syntax for Color8BitF with NewRGB8Bit.
-func (builder *Builder) RGB8BitF(r, g, b uint8) *Builder {
-	return builder.Color8BitF(NewRGB8Bit(r, g, b))
-}
-
-// RGB8BitB is a syntax for Color8BitB with NewRGB8Bit.
-func (builder *Builder) RGB8BitB(r, g, b uint8) *Builder {
-	return builder.Color8BitB(NewRGB8Bit(r, g, b))
-}
-
-func init() {
-	EmptyBuilder = &Builder{empty}
-}
diff --git a/vendor/github.com/morikuni/aec/sample.gif b/vendor/github.com/morikuni/aec/sample.gif
deleted file mode 100644
index c6c613bb70..0000000000
Binary files a/vendor/github.com/morikuni/aec/sample.gif and /dev/null differ
diff --git a/vendor/github.com/morikuni/aec/sgr.go b/vendor/github.com/morikuni/aec/sgr.go
deleted file mode 100644
index 0ba3464e6d..0000000000
--- a/vendor/github.com/morikuni/aec/sgr.go
+++ /dev/null
@@ -1,202 +0,0 @@
-package aec
-
-import (
-	"fmt"
-)
-
-// RGB3Bit is a 3bit RGB color.
-type RGB3Bit uint8
-
-// RGB8Bit is a 8bit RGB color.
-type RGB8Bit uint8
-
-func newSGR(n uint) ANSI {
-	return newAnsi(fmt.Sprintf(esc+"%dm", n))
-}
-
-// NewRGB3Bit create a RGB3Bit from given RGB.
-func NewRGB3Bit(r, g, b uint8) RGB3Bit {
-	return RGB3Bit((r >> 7) | ((g >> 6) & 0x2) | ((b >> 5) & 0x4))
-}
-
-// NewRGB8Bit create a RGB8Bit from given RGB.
-func NewRGB8Bit(r, g, b uint8) RGB8Bit {
-	return RGB8Bit(16 + 36*(r/43) + 6*(g/43) + b/43)
-}
-
-// Color3BitF set the foreground color of text.
-func Color3BitF(c RGB3Bit) ANSI {
-	return newAnsi(fmt.Sprintf(esc+"%dm", c+30))
-}
-
-// Color3BitB set the background color of text.
-func Color3BitB(c RGB3Bit) ANSI {
-	return newAnsi(fmt.Sprintf(esc+"%dm", c+40))
-}
-
-// Color8BitF set the foreground color of text.
-func Color8BitF(c RGB8Bit) ANSI {
-	return newAnsi(fmt.Sprintf(esc+"38;5;%dm", c))
-}
-
-// Color8BitB set the background color of text.
-func Color8BitB(c RGB8Bit) ANSI {
-	return newAnsi(fmt.Sprintf(esc+"48;5;%dm", c))
-}
-
-// FullColorF set the foreground color of text.
-func FullColorF(r, g, b uint8) ANSI {
-	return newAnsi(fmt.Sprintf(esc+"38;2;%d;%d;%dm", r, g, b))
-}
-
-// FullColorB set the foreground color of text.
-func FullColorB(r, g, b uint8) ANSI {
-	return newAnsi(fmt.Sprintf(esc+"48;2;%d;%d;%dm", r, g, b))
-}
-
-// Style
-var (
-	// Bold set the text style to bold or increased intensity.
-	Bold ANSI
-
-	// Faint set the text style to faint.
-	Faint ANSI
-
-	// Italic set the text style to italic.
-	Italic ANSI
-
-	// Underline set the text style to underline.
-	Underline ANSI
-
-	// BlinkSlow set the text style to slow blink.
-	BlinkSlow ANSI
-
-	// BlinkRapid set the text style to rapid blink.
-	BlinkRapid ANSI
-
-	// Inverse swap the foreground color and background color.
-	Inverse ANSI
-
-	// Conceal set the text style to conceal.
-	Conceal ANSI
-
-	// CrossOut set the text style to crossed out.
-	CrossOut ANSI
-
-	// Frame set the text style to framed.
-	Frame ANSI
-
-	// Encircle set the text style to encircled.
-	Encircle ANSI
-
-	// Overline set the text style to overlined.
-	Overline ANSI
-)
-
-// Foreground color of text.
-var (
-	// DefaultF is the default color of foreground.
-	DefaultF ANSI
-
-	// Normal color
-	BlackF   ANSI
-	RedF     ANSI
-	GreenF   ANSI
-	YellowF  ANSI
-	BlueF    ANSI
-	MagentaF ANSI
-	CyanF    ANSI
-	WhiteF   ANSI
-
-	// Light color
-	LightBlackF   ANSI
-	LightRedF     ANSI
-	LightGreenF   ANSI
-	LightYellowF  ANSI
-	LightBlueF    ANSI
-	LightMagentaF ANSI
-	LightCyanF    ANSI
-	LightWhiteF   ANSI
-)
-
-// Background color of text.
-var (
-	// DefaultB is the default color of background.
-	DefaultB ANSI
-
-	// Normal color
-	BlackB   ANSI
-	RedB     ANSI
-	GreenB   ANSI
-	YellowB  ANSI
-	BlueB    ANSI
-	MagentaB ANSI
-	CyanB    ANSI
-	WhiteB   ANSI
-
-	// Light color
-	LightBlackB   ANSI
-	LightRedB     ANSI
-	LightGreenB   ANSI
-	LightYellowB  ANSI
-	LightBlueB    ANSI
-	LightMagentaB ANSI
-	LightCyanB    ANSI
-	LightWhiteB   ANSI
-)
-
-func init() {
-	Bold = newSGR(1)
-	Faint = newSGR(2)
-	Italic = newSGR(3)
-	Underline = newSGR(4)
-	BlinkSlow = newSGR(5)
-	BlinkRapid = newSGR(6)
-	Inverse = newSGR(7)
-	Conceal = newSGR(8)
-	CrossOut = newSGR(9)
-
-	BlackF = newSGR(30)
-	RedF = newSGR(31)
-	GreenF = newSGR(32)
-	YellowF = newSGR(33)
-	BlueF = newSGR(34)
-	MagentaF = newSGR(35)
-	CyanF = newSGR(36)
-	WhiteF = newSGR(37)
-
-	DefaultF = newSGR(39)
-
-	BlackB = newSGR(40)
-	RedB = newSGR(41)
-	GreenB = newSGR(42)
-	YellowB = newSGR(43)
-	BlueB = newSGR(44)
-	MagentaB = newSGR(45)
-	CyanB = newSGR(46)
-	WhiteB = newSGR(47)
-
-	DefaultB = newSGR(49)
-
-	Frame = newSGR(51)
-	Encircle = newSGR(52)
-	Overline = newSGR(53)
-
-	LightBlackF = newSGR(90)
-	LightRedF = newSGR(91)
-	LightGreenF = newSGR(92)
-	LightYellowF = newSGR(93)
-	LightBlueF = newSGR(94)
-	LightMagentaF = newSGR(95)
-	LightCyanF = newSGR(96)
-	LightWhiteF = newSGR(97)
-
-	LightBlackB = newSGR(100)
-	LightRedB = newSGR(101)
-	LightGreenB = newSGR(102)
-	LightYellowB = newSGR(103)
-	LightBlueB = newSGR(104)
-	LightMagentaB = newSGR(105)
-	LightCyanB = newSGR(106)
-	LightWhiteB = newSGR(107)
-}
diff --git a/vendor/github.com/shirou/gopsutil/v4/cpu/cpu_aix_cgo.go b/vendor/github.com/shirou/gopsutil/v4/cpu/cpu_aix_cgo.go
index 559dc5feaf..8bd84de6cc 100644
--- a/vendor/github.com/shirou/gopsutil/v4/cpu/cpu_aix_cgo.go
+++ b/vendor/github.com/shirou/gopsutil/v4/cpu/cpu_aix_cgo.go
@@ -27,16 +27,16 @@ func TimesWithContext(ctx context.Context, percpu bool) ([]TimesStat, error) {
 			ret = append(ret, *ct)
 		}
 	} else {
-		c, err := perfstat.CpuUtilTotalStat()
+		c, err := perfstat.CpuTotalStat()
 		if err != nil {
 			return nil, err
 		}
 		ct := &TimesStat{
 			CPU:    "cpu-total",
-			Idle:   float64(c.IdlePct),
-			User:   float64(c.UserPct),
-			System: float64(c.KernPct),
-			Iowait: float64(c.WaitPct),
+			Idle:   float64(c.Idle),
+			User:   float64(c.User),
+			System: float64(c.Sys),
+			Iowait: float64(c.Wait),
 		}
 		ret = append(ret, *ct)
 	}
@@ -48,19 +48,32 @@ func InfoWithContext(ctx context.Context) ([]InfoStat, error) {
 	if err != nil {
 		return nil, err
 	}
+	p, err := perfstat.LparInfo()
+	if err != nil {
+		return nil, err
+	}
 	info := InfoStat{
-		CPU:   0,
-		Mhz:   float64(c.ProcessorHz / 1000000),
-		Cores: int32(c.NCpusCfg),
+		CPU:       0,
+		ModelName: c.Description,
+		Mhz:       float64(c.ProcessorHz / 1000000),
+		Cores:     int32(p.OnlineVCpus),
 	}
 	result := []InfoStat{info}
 	return result, nil
 }
 
 func CountsWithContext(ctx context.Context, logical bool) (int, error) {
-	c, err := perfstat.CpuTotalStat()
+	if logical {
+		c, err := perfstat.CpuTotalStat()
+		if err != nil {
+			return 0, err
+		}
+		return c.NCpusCfg, nil
+	}
+	// For physical count, use the number of online virtual CPUs (before SMT multiplications).
+	p, err := perfstat.LparInfo()
 	if err != nil {
 		return 0, err
 	}
-	return c.NCpusCfg, nil
+	return int(p.OnlineVCpus), nil
 }
diff --git a/vendor/github.com/shirou/gopsutil/v4/cpu/cpu_darwin_arm64.go b/vendor/github.com/shirou/gopsutil/v4/cpu/cpu_darwin_arm64.go
index 2effcadf8d..c9628a6d72 100644
--- a/vendor/github.com/shirou/gopsutil/v4/cpu/cpu_darwin_arm64.go
+++ b/vendor/github.com/shirou/gopsutil/v4/cpu/cpu_darwin_arm64.go
@@ -6,24 +6,38 @@ package cpu
 import (
 	"encoding/binary"
 	"fmt"
+	"sync"
 	"unsafe"
 
 	"github.com/shirou/gopsutil/v4/internal/common"
 )
 
+// Keep IOKit and CoreFoundation libraries open for the process lifetime.
+// See: https://github.com/shirou/gopsutil/issues/1832
+var (
+	cpuLibOnce sync.Once
+	cpuIOKit   *common.IOKitLib
+	cpuCF      *common.CoreFoundationLib
+	cpuLibErr  error
+)
+
+func initCPULibraries() {
+	cpuIOKit, cpuLibErr = common.NewIOKitLib()
+	if cpuLibErr != nil {
+		return
+	}
+	cpuCF, cpuLibErr = common.NewCoreFoundationLib()
+}
+
 // https://github.com/shoenig/go-m1cpu/blob/v0.1.6/cpu.go
 func getFrequency() (float64, error) {
-	iokit, err := common.NewIOKitLib()
-	if err != nil {
-		return 0, err
+	cpuLibOnce.Do(initCPULibraries)
+	if cpuLibErr != nil {
+		return 0, cpuLibErr
 	}
-	defer iokit.Close()
 
-	corefoundation, err := common.NewCoreFoundationLib()
-	if err != nil {
-		return 0, err
-	}
-	defer corefoundation.Close()
+	iokit := cpuIOKit
+	corefoundation := cpuCF
 
 	matching := iokit.IOServiceMatching("AppleARMIODevice")
 
diff --git a/vendor/github.com/shirou/gopsutil/v4/internal/common/common.go b/vendor/github.com/shirou/gopsutil/v4/internal/common/common.go
index f0d3c45466..dce15b3b4b 100644
--- a/vendor/github.com/shirou/gopsutil/v4/internal/common/common.go
+++ b/vendor/github.com/shirou/gopsutil/v4/internal/common/common.go
@@ -334,7 +334,7 @@ func PathExists(filename string) bool {
 
 // PathExistsWithContents returns the filename exists and it is not empty
 func PathExistsWithContents(filename string) bool {
-	info, err := os.Stat(filename) //nolint:gosec // filename is constructed from system paths, not user input
+	info, err := os.Stat(filename)
 	if err != nil {
 		return false
 	}
diff --git a/vendor/github.com/shirou/gopsutil/v4/internal/common/common_darwin.go b/vendor/github.com/shirou/gopsutil/v4/internal/common/common_darwin.go
index 384b4c5a72..caa1b8d981 100644
--- a/vendor/github.com/shirou/gopsutil/v4/internal/common/common_darwin.go
+++ b/vendor/github.com/shirou/gopsutil/v4/internal/common/common_darwin.go
@@ -7,6 +7,7 @@ import (
 	"errors"
 	"fmt"
 	"math"
+	"sync"
 	"unsafe"
 
 	"github.com/ebitengine/purego"
@@ -16,6 +17,7 @@ import (
 type library struct {
 	handle uintptr
 	fnMap  map[string]any
+	mu     sync.RWMutex
 }
 
 // library paths
@@ -41,15 +43,29 @@ func (lib *library) Dlsym(symbol string) (uintptr, error) {
 	return purego.Dlsym(lib.handle, symbol)
 }
 
+// getFunc resolves a function pointer from the library, caching it in fnMap.
+// Thread-safe via double-checked locking to support shared library handles.
 func getFunc[T any](lib *library, symbol string) T {
-	var dlfun *dlFunc[T]
+	// Fast path: read lock only
+	lib.mu.RLock()
 	if f, ok := lib.fnMap[symbol].(*dlFunc[T]); ok {
-		dlfun = f
-	} else {
-		dlfun = newDlfunc[T](symbol)
-		dlfun.init(lib.handle)
-		lib.fnMap[symbol] = dlfun
+		lib.mu.RUnlock()
+		return f.fn
 	}
+	lib.mu.RUnlock()
+
+	// Slow path: write lock for first-time resolution
+	lib.mu.Lock()
+	defer lib.mu.Unlock()
+
+	// Double-check after acquiring write lock
+	if f, ok := lib.fnMap[symbol].(*dlFunc[T]); ok {
+		return f.fn
+	}
+
+	dlfun := newDlfunc[T](symbol)
+	dlfun.init(lib.handle)
+	lib.fnMap[symbol] = dlfun
 	return dlfun.fn
 }
 
diff --git a/vendor/github.com/shirou/gopsutil/v4/mem/mem_linux.go b/vendor/github.com/shirou/gopsutil/v4/mem/mem_linux.go
index 9d969ba839..a888c5bada 100644
--- a/vendor/github.com/shirou/gopsutil/v4/mem/mem_linux.go
+++ b/vendor/github.com/shirou/gopsutil/v4/mem/mem_linux.go
@@ -18,13 +18,6 @@ import (
 	"github.com/shirou/gopsutil/v4/internal/common"
 )
 
-// WillBeDeletedOptOutMemAvailableCalc is a context key to opt out of calculating Mem.Used.
-// This is not documented, and will be removed in Mar. 2026. This constant will be removed
-// in the future, but it is currently public. The reason is that making it public allows
-// developers to notice its removal when their build fails.
-// See https://github.com/shirou/gopsutil/issues/1873
-const WillBeDeletedOptOutMemAvailableCalc = "optOutMemAvailableCalc"
-
 func VirtualMemory() (*VirtualMemoryStat, error) {
 	return VirtualMemoryWithContext(context.Background())
 }
@@ -325,16 +318,7 @@ func fillFromMeminfoWithContext(ctx context.Context) (*VirtualMemoryStat, *ExVir
 			ret.Available = ret.Cached + ret.Free
 		}
 	}
-	// Opt-Out of calculating Mem.Used if the context has the context key set to true.
-	// This is used for backward compatibility with applications that expect the old calculation method.
-	// However, we plan to standardize on using MemAvailable in the future.
-	// Therefore, please avoid using this opt-out unless it is absolutely necessary.
-	// see https://github.com/shirou/gopsutil/issues/1873
-	if val, ok := ctx.Value(WillBeDeletedOptOutMemAvailableCalc).(bool); ok && val {
-		ret.Used = ret.Total - ret.Free - ret.Buffers - ret.Cached
-	} else {
-		ret.Used = ret.Total - ret.Available
-	}
+	ret.Used = ret.Total - ret.Available
 
 	ret.UsedPercent = float64(ret.Used) / float64(ret.Total) * 100.0
 
diff --git a/vendor/github.com/shirou/gopsutil/v4/mem/mem_openbsd.go b/vendor/github.com/shirou/gopsutil/v4/mem/mem_openbsd.go
index 1cb785f049..69d8a81161 100644
--- a/vendor/github.com/shirou/gopsutil/v4/mem/mem_openbsd.go
+++ b/vendor/github.com/shirou/gopsutil/v4/mem/mem_openbsd.go
@@ -38,19 +38,6 @@ func VirtualMemoryWithContext(_ context.Context) (*VirtualMemoryStat, error) {
 	}
 	p := uint64(uvmexp.Pagesize)
 
-	ret := &VirtualMemoryStat{
-		Total:    uint64(uvmexp.Npages) * p,
-		Free:     uint64(uvmexp.Free) * p,
-		Active:   uint64(uvmexp.Active) * p,
-		Inactive: uint64(uvmexp.Inactive) * p,
-		Cached:   0, // not available
-		Wired:    uint64(uvmexp.Wired) * p,
-	}
-
-	ret.Available = ret.Inactive + ret.Cached + ret.Free
-	ret.Used = ret.Total - ret.Available
-	ret.UsedPercent = float64(ret.Used) / float64(ret.Total) * 100.0
-
 	mib := []int32{CTLVfs, VfsGeneric, VfsBcacheStat}
 	buf, length, err := common.CallSyscall(mib)
 	if err != nil {
@@ -64,7 +51,23 @@ func VirtualMemoryWithContext(_ context.Context) (*VirtualMemoryStat, error) {
 	if err := binary.Read(br, binary.LittleEndian, &bcs); err != nil {
 		return nil, err
 	}
-	ret.Buffers = uint64(bcs.Numbufpages) * p
+	// On OpenBSD, the buffer cache is the closest equivalent to both
+	// Linux's Buffers and Cached memory.
+	bcache := uint64(bcs.Numbufpages) * p
+
+	ret := &VirtualMemoryStat{
+		Total:    uint64(uvmexp.Npages) * p,
+		Free:     uint64(uvmexp.Free) * p,
+		Active:   uint64(uvmexp.Active) * p,
+		Inactive: uint64(uvmexp.Inactive) * p,
+		Cached:   bcache,
+		Buffers:  bcache,
+		Wired:    uint64(uvmexp.Wired) * p,
+	}
+
+	ret.Available = ret.Inactive + ret.Cached + ret.Free
+	ret.Used = ret.Total - ret.Available
+	ret.UsedPercent = float64(ret.Used) / float64(ret.Total) * 100.0
 
 	return ret, nil
 }
diff --git a/vendor/github.com/shirou/gopsutil/v4/net/net_aix_cgo.go b/vendor/github.com/shirou/gopsutil/v4/net/net_aix_cgo.go
index f7da4ce139..717863692e 100644
--- a/vendor/github.com/shirou/gopsutil/v4/net/net_aix_cgo.go
+++ b/vendor/github.com/shirou/gopsutil/v4/net/net_aix_cgo.go
@@ -23,8 +23,9 @@ func IOCountersWithContext(ctx context.Context, pernic bool) ([]IOCountersStat,
 			BytesRecv:   uint64(netif.IBytes),
 			PacketsSent: uint64(netif.OPackets),
 			PacketsRecv: uint64(netif.IPackets),
-			Errin:       uint64(netif.OErrors),
-			Errout:      uint64(netif.IErrors),
+			Errin:       uint64(netif.IErrors),
+			Errout:      uint64(netif.OErrors),
+			Dropin:      uint64(netif.IfIqDrops),
 			Dropout:     uint64(netif.XmitDrops),
 		}
 		iocounters = append(iocounters, n)
diff --git a/vendor/github.com/shirou/gopsutil/v4/net/net_darwin.go b/vendor/github.com/shirou/gopsutil/v4/net/net_darwin.go
index c47e0c37f7..9531ad5b18 100644
--- a/vendor/github.com/shirou/gopsutil/v4/net/net_darwin.go
+++ b/vendor/github.com/shirou/gopsutil/v4/net/net_darwin.go
@@ -54,15 +54,13 @@ func parseNetstatLine(line string) (stat *IOCountersStat, linkID *uint, err erro
 
 	parsed := make([]uint64, 0, 7)
 	vv := []string{
-		columns[base+3], // Ipkts == PacketsRecv
-		columns[base+4], // Ierrs == Errin
-		columns[base+5], // Ibytes == BytesRecv
-		columns[base+6], // Opkts == PacketsSent
-		columns[base+7], // Oerrs == Errout
-		columns[base+8], // Obytes == BytesSent
-	}
-	if len(columns) == 12 {
-		vv = append(vv, columns[base+10])
+		columns[base+3],  // Ipkts == PacketsRecv
+		columns[base+4],  // Ierrs == Errin
+		columns[base+5],  // Ibytes == BytesRecv
+		columns[base+6],  // Opkts == PacketsSent
+		columns[base+7],  // Oerrs == Errout
+		columns[base+8],  // Obytes == BytesSent
+		columns[base+10], // Drop == Dropout
 	}
 
 	for _, target := range vv {
@@ -85,9 +83,7 @@ func parseNetstatLine(line string) (stat *IOCountersStat, linkID *uint, err erro
 		PacketsSent: parsed[3],
 		Errout:      parsed[4],
 		BytesSent:   parsed[5],
-	}
-	if len(parsed) == 7 {
-		stat.Dropout = parsed[6]
+		Dropout:     parsed[6],
 	}
 	return stat, linkID, nil
 }
diff --git a/vendor/github.com/shirou/gopsutil/v4/net/net_linux.go b/vendor/github.com/shirou/gopsutil/v4/net/net_linux.go
index d1e7f0ce77..a3dd17aac1 100644
--- a/vendor/github.com/shirou/gopsutil/v4/net/net_linux.go
+++ b/vendor/github.com/shirou/gopsutil/v4/net/net_linux.go
@@ -348,6 +348,7 @@ type connTmp struct {
 	pid      int32
 	boundPid int32
 	path     string
+	inode    string
 }
 
 func ConnectionsWithContext(ctx context.Context, kind string) ([]ConnectionStat, error) {
@@ -405,6 +406,19 @@ func connectionsPidMaxWithoutUidsWithContext(ctx context.Context, kind string, p
 	return statsFromInodesWithContext(ctx, root, pid, tmap, inodes, skipUids)
 }
 
+// connectionDedupKey builds a key to deduplicate connections.
+// For inet sockets, the tuple (type, src, dst, status) is sufficient.
+// For unix sockets, unnamed sockets share the same empty address,
+// so pid, fd, and inode must be included to avoid incorrect deduplication.
+// The inode is especially important when pid/fd are unavailable (e.g.,
+// unprivileged queries where inode-to-pid mapping fails).
+func connectionDedupKey(family uint32, c connTmp) string {
+	if family == syscall.AF_UNIX {
+		return fmt.Sprintf("%d-%d-%s-%d-%s:%d-%s:%d-%s", c.pid, c.fd, c.inode, c.sockType, c.laddr.IP, c.laddr.Port, c.raddr.IP, c.raddr.Port, c.status)
+	}
+	return fmt.Sprintf("%d-%s:%d-%s:%d-%s", c.sockType, c.laddr.IP, c.laddr.Port, c.raddr.IP, c.raddr.Port, c.status)
+}
+
 func statsFromInodesWithContext(ctx context.Context, root string, pid int32, tmap []netConnectionKindType, inodes map[string][]inodeMap, skipUids bool) ([]ConnectionStat, error) {
 	dupCheckMap := make(map[string]struct{})
 	var ret []ConnectionStat
@@ -412,7 +426,6 @@ func statsFromInodesWithContext(ctx context.Context, root string, pid int32, tma
 	var err error
 	for _, t := range tmap {
 		var path string
-		var connKey string
 		var ls []connTmp
 		if pid == 0 {
 			path = fmt.Sprintf("%s/net/%s", root, t.filename)
@@ -429,10 +442,7 @@ func statsFromInodesWithContext(ctx context.Context, root string, pid int32, tma
 			return nil, err
 		}
 		for _, c := range ls {
-			// Build TCP key to id the connection uniquely
-			// socket type, src ip, src port, dst ip, dst port and state should be enough
-			// to prevent duplications.
-			connKey = fmt.Sprintf("%d-%s:%d-%s:%d-%s", c.sockType, c.laddr.IP, c.laddr.Port, c.raddr.IP, c.raddr.Port, c.status)
+			connKey := connectionDedupKey(t.family, c)
 			if _, ok := dupCheckMap[connKey]; ok {
 				continue
 			}
@@ -728,6 +738,7 @@ func processInet(file string, kind netConnectionKindType, inodes map[string][]in
 			raddr:    ra,
 			status:   status,
 			pid:      pid,
+			inode:    inode,
 		})
 	}
 
@@ -785,6 +796,7 @@ func processUnix(file string, kind netConnectionKindType, inodes map[string][]in
 				pid:    pair.pid,
 				status: "NONE",
 				path:   path,
+				inode:  inode,
 			})
 		}
 	}
diff --git a/vendor/github.com/shirou/gopsutil/v4/process/process_darwin.go b/vendor/github.com/shirou/gopsutil/v4/process/process_darwin.go
index d7fb921cbf..35c34adb3d 100644
--- a/vendor/github.com/shirou/gopsutil/v4/process/process_darwin.go
+++ b/vendor/github.com/shirou/gopsutil/v4/process/process_darwin.go
@@ -133,7 +133,7 @@ func (p *Process) GidsWithContext(_ context.Context) ([]uint32, error) {
 	}
 
 	gids := make([]uint32, 0, 3)
-	gids = append(gids, uint32(k.Eproc.Pcred.P_rgid), uint32(k.Eproc.Pcred.P_rgid), uint32(k.Eproc.Pcred.P_svgid))
+	gids = append(gids, uint32(k.Eproc.Pcred.P_rgid), uint32(k.Eproc.Ucred.Groups[0]), uint32(k.Eproc.Pcred.P_svgid))
 
 	return gids, nil
 }
@@ -465,9 +465,8 @@ func (p *Process) MemoryInfoWithContext(_ context.Context) (*MemoryInfoStat, err
 	funcs.lib.ProcPidInfo(p.Pid, common.PROC_PIDTASKINFO, 0, uintptr(unsafe.Pointer(&ti)), int32(unsafe.Sizeof(ti)))
 
 	ret := &MemoryInfoStat{
-		RSS:  uint64(ti.Resident_size),
-		VMS:  uint64(ti.Virtual_size),
-		Swap: uint64(ti.Pageins),
+		RSS: uint64(ti.Resident_size),
+		VMS: uint64(ti.Virtual_size),
 	}
 	return ret, nil
 }
diff --git a/vendor/github.com/shirou/gopsutil/v4/process/process_posix.go b/vendor/github.com/shirou/gopsutil/v4/process/process_posix.go
index 06642238df..9f0e93f31a 100644
--- a/vendor/github.com/shirou/gopsutil/v4/process/process_posix.go
+++ b/vendor/github.com/shirou/gopsutil/v4/process/process_posix.go
@@ -111,7 +111,7 @@ func PidExistsWithContext(ctx context.Context, pid int32) (bool, error) {
 	defer proc.Release()
 
 	if isMount(common.HostProcWithContext(ctx)) { // if /<HOST_PROC>/proc exists and is mounted, check if /<HOST_PROC>/proc/<PID> folder exists
-		_, err := os.Stat(common.HostProcWithContext(ctx, strconv.Itoa(int(pid)))) //nolint:gosec // pid is int32, path traversal is not possible
+		_, err := os.Stat(common.HostProcWithContext(ctx, strconv.Itoa(int(pid))))
 		if os.IsNotExist(err) {
 			return false, nil
 		}
diff --git a/vendor/github.com/stretchr/objx/README.md b/vendor/github.com/stretchr/objx/README.md
index 78dc1f8b03..e9ba830735 100644
--- a/vendor/github.com/stretchr/objx/README.md
+++ b/vendor/github.com/stretchr/objx/README.md
@@ -1,8 +1,6 @@
 # Objx
 [![Build Status](https://travis-ci.org/stretchr/objx.svg?branch=master)](https://travis-ci.org/stretchr/objx)
 [![Go Report Card](https://goreportcard.com/badge/github.com/stretchr/objx)](https://goreportcard.com/report/github.com/stretchr/objx)
-[![Maintainability](https://api.codeclimate.com/v1/badges/1d64bc6c8474c2074f2b/maintainability)](https://codeclimate.com/github/stretchr/objx/maintainability)
-[![Test Coverage](https://api.codeclimate.com/v1/badges/1d64bc6c8474c2074f2b/test_coverage)](https://codeclimate.com/github/stretchr/objx/test_coverage)
 [![Sourcegraph](https://sourcegraph.com/github.com/stretchr/objx/-/badge.svg)](https://sourcegraph.com/github.com/stretchr/objx)
 [![GoDoc](https://pkg.go.dev/badge/github.com/stretchr/objx?utm_source=godoc)](https://pkg.go.dev/github.com/stretchr/objx)
 
@@ -19,49 +17,62 @@ Objx provides the `objx.Map` type, which is a `map[string]interface{}` that expo
 ### Pattern
 Objx uses a predictable pattern to make access data from within `map[string]interface{}` easy. Call one of the `objx.` functions to create your `objx.Map` to get going:
 
-    m, err := objx.FromJSON(json)
+```go
+m, err := objx.FromJSON(json)
+```
 
 NOTE: Any methods or functions with the `Must` prefix will panic if something goes wrong, the rest will be optimistic and try to figure things out without panicking.
 
 Use `Get` to access the value you're interested in.  You can use dot and array
 notation too:
 
-     m.Get("places[0].latlng")
+```go
+m.Get("places[0].latlng")
+```
 
 Once you have sought the `Value` you're interested in, you can use the `Is*` methods to determine its type.
 
-     if m.Get("code").IsStr() { // Your code... }
+```go
+if m.Get("code").IsStr() { // Your code... }
+```
 
 Or you can just assume the type, and use one of the strong type methods to extract the real value:
 
-    m.Get("code").Int()
+```go
+m.Get("code").Int()
+```
 
 If there's no value there (or if it's the wrong type) then a default value will be returned, or you can be explicit about the default value.
 
-     Get("code").Int(-1)
-
+```go
+Get("code").Int(-1)
+```
 If you're dealing with a slice of data as a value, Objx provides many useful methods for iterating, manipulating and selecting that data.  You can find out more by exploring the index below.
 
 ### Reading data
 A simple example of how to use Objx:
 
-    // Use MustFromJSON to make an objx.Map from some JSON
-    m := objx.MustFromJSON(`{"name": "Mat", "age": 30}`)
+```go
+// Use MustFromJSON to make an objx.Map from some JSON
+m := objx.MustFromJSON(`{"name": "Mat", "age": 30}`)
 
-    // Get the details
-    name := m.Get("name").Str()
-    age := m.Get("age").Int()
+// Get the details
+name := m.Get("name").Str()
+age := m.Get("age").Int()
 
-    // Get their nickname (or use their name if they don't have one)
-    nickname := m.Get("nickname").Str(name)
+// Get their nickname (or use their name if they don't have one)
+nickname := m.Get("nickname").Str(name)
+```
 
 ### Ranging
 Since `objx.Map` is a `map[string]interface{}` you can treat it as such.  For example, to `range` the data, do what you would expect:
 
-    m := objx.MustFromJSON(json)
-    for key, value := range m {
-      // Your code...
-    }
+```go
+m := objx.MustFromJSON(json)
+for key, value := range m {
+  // Your code...
+}
+```
 
 ## Installation
 To install Objx, use go get:
diff --git a/vendor/github.com/testcontainers/testcontainers-go/.gitignore b/vendor/github.com/testcontainers/testcontainers-go/.gitignore
index 1693b100b6..c13cb1fb44 100644
--- a/vendor/github.com/testcontainers/testcontainers-go/.gitignore
+++ b/vendor/github.com/testcontainers/testcontainers-go/.gitignore
@@ -26,3 +26,8 @@ coverage.out
 
 # Usage metrics script binary
 usage-metrics/scripts/collect-metrics
+
+# Gas Town / Claude Code agent artifacts
+.beads/
+.claude/
+.runtime/
diff --git a/vendor/github.com/testcontainers/testcontainers-go/.golangci.yml b/vendor/github.com/testcontainers/testcontainers-go/.golangci.yml
index 6f68a9370f..bd3e9de7b1 100644
--- a/vendor/github.com/testcontainers/testcontainers-go/.golangci.yml
+++ b/vendor/github.com/testcontainers/testcontainers-go/.golangci.yml
@@ -8,6 +8,7 @@ formatters:
         - standard
         - default
         - prefix(github.com/testcontainers)
+
 linters:
   enable:
     - errorlint
@@ -115,4 +116,5 @@ output:
       path: stdout
 run:
   relative-path-mode: gitroot
+
 version: "2"
diff --git a/vendor/github.com/testcontainers/testcontainers-go/AI.md b/vendor/github.com/testcontainers/testcontainers-go/AI.md
index c66a8c69b8..f90971bb83 100644
--- a/vendor/github.com/testcontainers/testcontainers-go/AI.md
+++ b/vendor/github.com/testcontainers/testcontainers-go/AI.md
@@ -14,15 +14,15 @@ This is a **Go monorepo** containing:
 ## Environment Setup
 
 ### Go Version
-- **Required**: Go 1.25.7
+- **Required**: Go 1.25.9
 - **Tool**: Use [gvm](https://github.com/andrewkroh/gvm) for version management
 - **CRITICAL**: Always run this before ANY Go command:
   ```bash
   # For Apple Silicon (M1/M2/M3)
-  eval "$(gvm 1.25.7 --arch=arm64)"
+  eval "$(gvm 1.25.9 --arch=arm64)"
 
   # For Intel/AMD (x86_64)
-  eval "$(gvm 1.25.7 --arch=amd64)"
+  eval "$(gvm 1.25.9 --arch=amd64)"
   ```
 
 ### Project Structure
@@ -171,14 +171,14 @@ func Run(ctx context.Context, img string, opts ...testcontainers.ContainerCustom
 ### When Tests Fail
 1. **Read the error message carefully** - it usually tells you exactly what's wrong
 2. **Check if it's a lint issue** - run `make pre-commit` first
-3. **Verify Go version** - ensure using Go 1.25.7
+3. **Verify Go version** - ensure using Go 1.25.9
 4. **Check Docker** - some tests require Docker daemon running
 
 ## Common Pitfalls to Avoid
 
 ### Code Issues
 - ❌ Using interface types as return values
-- ❌ Forgetting to run `eval "$(gvm 1.25.7 --arch=arm64)"`
+- ❌ Forgetting to run `eval "$(gvm 1.25.9 --arch=arm64)"`
 - ❌ Not handling errors from built-in options
 - ❌ Using module-specific container names (`PostgresContainer`)
 - ❌ Calling `.Customize()` method instead of direct function call
diff --git a/vendor/github.com/testcontainers/testcontainers-go/Pipfile b/vendor/github.com/testcontainers/testcontainers-go/Pipfile
index 28f9305d01..f7a1fb066b 100644
--- a/vendor/github.com/testcontainers/testcontainers-go/Pipfile
+++ b/vendor/github.com/testcontainers/testcontainers-go/Pipfile
@@ -8,7 +8,7 @@ verify_ssl = true
 [packages]
 mkdocs = "==1.5.3"
 mkdocs-codeinclude-plugin = "==0.3.1"
-mkdocs-include-markdown-plugin = "==7.2.1"
+mkdocs-include-markdown-plugin = "==7.2.2"
 mkdocs-material = "==9.5.18"
 mkdocs-markdownextradata-plugin = "==0.2.6"
 
diff --git a/vendor/github.com/testcontainers/testcontainers-go/Pipfile.lock b/vendor/github.com/testcontainers/testcontainers-go/Pipfile.lock
index ff0b12f9d6..111787b02e 100644
--- a/vendor/github.com/testcontainers/testcontainers-go/Pipfile.lock
+++ b/vendor/github.com/testcontainers/testcontainers-go/Pipfile.lock
@@ -1,7 +1,7 @@
 {
     "_meta": {
         "hash": {
-            "sha256": "c30436cdeb31baa333fdc82d0679532754a1ea51be468b4fd83da0de242b70cf"
+            "sha256": "d2dc50d3b1c6818dd8a8fb4fa7a60013292b7f173db53d3e996bf43b4191ad70"
         },
         "pipfile-spec": 6,
         "requires": {
@@ -34,109 +34,146 @@
         },
         "certifi": {
             "hashes": [
-                "sha256:6b31f564a415d79ee77df69d757bb49a5bb53bd9f756cbbe24394ffd6fc1f4b2",
-                "sha256:8ea99dbdfaaf2ba2f9bac77b9249ef62ec5218e7c2b2e903378ed5fccf765995"
+                "sha256:027692e4402ad994f1c42e52a4997a9763c646b73e4096e4d5d6db8af1d6f0fa",
+                "sha256:e887ab5cee78ea814d3472169153c2d12cd43b14bd03329a39a9c6e2e80bfba7"
             ],
             "markers": "python_version >= '3.7'",
-            "version": "==2025.7.14"
+            "version": "==2026.2.25"
         },
         "charset-normalizer": {
             "hashes": [
-                "sha256:005fa3432484527f9732ebd315da8da8001593e2cf46a3d817669f062c3d9ed4",
-                "sha256:046595208aae0120559a67693ecc65dd75d46f7bf687f159127046628178dc45",
-                "sha256:0c29de6a1a95f24b9a1aa7aefd27d2487263f00dfd55a77719b530788f75cff7",
-                "sha256:0c8c57f84ccfc871a48a47321cfa49ae1df56cd1d965a09abe84066f6853b9c0",
-                "sha256:0f5d9ed7f254402c9e7d35d2f5972c9bbea9040e99cd2861bd77dc68263277c7",
-                "sha256:18dd2e350387c87dabe711b86f83c9c78af772c748904d372ade190b5c7c9d4d",
-                "sha256:1b1bde144d98e446b056ef98e59c256e9294f6b74d7af6846bf5ffdafd687a7d",
-                "sha256:1c95a1e2902a8b722868587c0e1184ad5c55631de5afc0eb96bc4b0d738092c0",
-                "sha256:1cad5f45b3146325bb38d6855642f6fd609c3f7cad4dbaf75549bf3b904d3184",
-                "sha256:21b2899062867b0e1fde9b724f8aecb1af14f2778d69aacd1a5a1853a597a5db",
-                "sha256:24498ba8ed6c2e0b56d4acbf83f2d989720a93b41d712ebd4f4979660db4417b",
-                "sha256:25a23ea5c7edc53e0f29bae2c44fcb5a1aa10591aae107f2a2b2583a9c5cbc64",
-                "sha256:289200a18fa698949d2b39c671c2cc7a24d44096784e76614899a7ccf2574b7b",
-                "sha256:28a1005facc94196e1fb3e82a3d442a9d9110b8434fc1ded7a24a2983c9888d8",
-                "sha256:32fc0341d72e0f73f80acb0a2c94216bd704f4f0bce10aedea38f30502b271ff",
-                "sha256:36b31da18b8890a76ec181c3cf44326bf2c48e36d393ca1b72b3f484113ea344",
-                "sha256:3c21d4fca343c805a52c0c78edc01e3477f6dd1ad7c47653241cf2a206d4fc58",
-                "sha256:3fddb7e2c84ac87ac3a947cb4e66d143ca5863ef48e4a5ecb83bd48619e4634e",
-                "sha256:43e0933a0eff183ee85833f341ec567c0980dae57c464d8a508e1b2ceb336471",
-                "sha256:4a476b06fbcf359ad25d34a057b7219281286ae2477cc5ff5e3f70a246971148",
-                "sha256:4e594135de17ab3866138f496755f302b72157d115086d100c3f19370839dd3a",
-                "sha256:50bf98d5e563b83cc29471fa114366e6806bc06bc7a25fd59641e41445327836",
-                "sha256:5a9979887252a82fefd3d3ed2a8e3b937a7a809f65dcb1e068b090e165bbe99e",
-                "sha256:5baececa9ecba31eff645232d59845c07aa030f0c81ee70184a90d35099a0e63",
-                "sha256:5bf4545e3b962767e5c06fe1738f951f77d27967cb2caa64c28be7c4563e162c",
-                "sha256:6333b3aa5a12c26b2a4d4e7335a28f1475e0e5e17d69d55141ee3cab736f66d1",
-                "sha256:65c981bdbd3f57670af8b59777cbfae75364b483fa8a9f420f08094531d54a01",
-                "sha256:68a328e5f55ec37c57f19ebb1fdc56a248db2e3e9ad769919a58672958e8f366",
-                "sha256:6a0289e4589e8bdfef02a80478f1dfcb14f0ab696b5a00e1f4b8a14a307a3c58",
-                "sha256:6b66f92b17849b85cad91259efc341dce9c1af48e2173bf38a85c6329f1033e5",
-                "sha256:6c9379d65defcab82d07b2a9dfbfc2e95bc8fe0ebb1b176a3190230a3ef0e07c",
-                "sha256:6fc1f5b51fa4cecaa18f2bd7a003f3dd039dd615cd69a2afd6d3b19aed6775f2",
-                "sha256:70f7172939fdf8790425ba31915bfbe8335030f05b9913d7ae00a87d4395620a",
-                "sha256:721c76e84fe669be19c5791da68232ca2e05ba5185575086e384352e2c309597",
-                "sha256:7222ffd5e4de8e57e03ce2cef95a4c43c98fcb72ad86909abdfc2c17d227fc1b",
-                "sha256:75d10d37a47afee94919c4fab4c22b9bc2a8bf7d4f46f87363bcf0573f3ff4f5",
-                "sha256:76af085e67e56c8816c3ccf256ebd136def2ed9654525348cfa744b6802b69eb",
-                "sha256:770cab594ecf99ae64c236bc9ee3439c3f46be49796e265ce0cc8bc17b10294f",
-                "sha256:7a6ab32f7210554a96cd9e33abe3ddd86732beeafc7a28e9955cdf22ffadbab0",
-                "sha256:7c48ed483eb946e6c04ccbe02c6b4d1d48e51944b6db70f697e089c193404941",
-                "sha256:7f56930ab0abd1c45cd15be65cc741c28b1c9a34876ce8c17a2fa107810c0af0",
-                "sha256:8075c35cd58273fee266c58c0c9b670947c19df5fb98e7b66710e04ad4e9ff86",
-                "sha256:8272b73e1c5603666618805fe821edba66892e2870058c94c53147602eab29c7",
-                "sha256:82d8fd25b7f4675d0c47cf95b594d4e7b158aca33b76aa63d07186e13c0e0ab7",
-                "sha256:844da2b5728b5ce0e32d863af26f32b5ce61bc4273a9c720a9f3aa9df73b1455",
-                "sha256:8755483f3c00d6c9a77f490c17e6ab0c8729e39e6390328e42521ef175380ae6",
-                "sha256:915f3849a011c1f593ab99092f3cecfcb4d65d8feb4a64cf1bf2d22074dc0ec4",
-                "sha256:926ca93accd5d36ccdabd803392ddc3e03e6d4cd1cf17deff3b989ab8e9dbcf0",
-                "sha256:982bb1e8b4ffda883b3d0a521e23abcd6fd17418f6d2c4118d257a10199c0ce3",
-                "sha256:98f862da73774290f251b9df8d11161b6cf25b599a66baf087c1ffe340e9bfd1",
-                "sha256:9cbfacf36cb0ec2897ce0ebc5d08ca44213af24265bd56eca54bee7923c48fd6",
-                "sha256:a370b3e078e418187da8c3674eddb9d983ec09445c99a3a263c2011993522981",
-                "sha256:a955b438e62efdf7e0b7b52a64dc5c3396e2634baa62471768a64bc2adb73d5c",
-                "sha256:aa6af9e7d59f9c12b33ae4e9450619cf2488e2bbe9b44030905877f0b2324980",
-                "sha256:aa88ca0b1932e93f2d961bf3addbb2db902198dca337d88c89e1559e066e7645",
-                "sha256:aaeeb6a479c7667fbe1099af9617c83aaca22182d6cf8c53966491a0f1b7ffb7",
-                "sha256:aaf27faa992bfee0264dc1f03f4c75e9fcdda66a519db6b957a3f826e285cf12",
-                "sha256:b2680962a4848b3c4f155dc2ee64505a9c57186d0d56b43123b17ca3de18f0fa",
-                "sha256:b2d318c11350e10662026ad0eb71bb51c7812fc8590825304ae0bdd4ac283acd",
-                "sha256:b33de11b92e9f75a2b545d6e9b6f37e398d86c3e9e9653c4864eb7e89c5773ef",
-                "sha256:b3daeac64d5b371dea99714f08ffc2c208522ec6b06fbc7866a450dd446f5c0f",
-                "sha256:be1e352acbe3c78727a16a455126d9ff83ea2dfdcbc83148d2982305a04714c2",
-                "sha256:bee093bf902e1d8fc0ac143c88902c3dfc8941f7ea1d6a8dd2bcb786d33db03d",
-                "sha256:c72fbbe68c6f32f251bdc08b8611c7b3060612236e960ef848e0a517ddbe76c5",
-                "sha256:c9e36a97bee9b86ef9a1cf7bb96747eb7a15c2f22bdb5b516434b00f2a599f02",
-                "sha256:cddf7bd982eaa998934a91f69d182aec997c6c468898efe6679af88283b498d3",
-                "sha256:cf713fe9a71ef6fd5adf7a79670135081cd4431c2943864757f0fa3a65b1fafd",
-                "sha256:d11b54acf878eef558599658b0ffca78138c8c3655cf4f3a4a673c437e67732e",
-                "sha256:d41c4d287cfc69060fa91cae9683eacffad989f1a10811995fa309df656ec214",
-                "sha256:d524ba3f1581b35c03cb42beebab4a13e6cdad7b36246bd22541fa585a56cccd",
-                "sha256:daac4765328a919a805fa5e2720f3e94767abd632ae410a9062dff5412bae65a",
-                "sha256:db4c7bf0e07fc3b7d89ac2a5880a6a8062056801b83ff56d8464b70f65482b6c",
-                "sha256:dc7039885fa1baf9be153a0626e337aa7ec8bf96b0128605fb0d77788ddc1681",
-                "sha256:dccab8d5fa1ef9bfba0590ecf4d46df048d18ffe3eec01eeb73a42e0d9e7a8ba",
-                "sha256:dedb8adb91d11846ee08bec4c8236c8549ac721c245678282dcb06b221aab59f",
-                "sha256:e45ba65510e2647721e35323d6ef54c7974959f6081b58d4ef5d87c60c84919a",
-                "sha256:e53efc7c7cee4c1e70661e2e112ca46a575f90ed9ae3fef200f2a25e954f4b28",
-                "sha256:e635b87f01ebc977342e2697d05b56632f5f879a4f15955dfe8cef2448b51691",
-                "sha256:e70e990b2137b29dc5564715de1e12701815dacc1d056308e2b17e9095372a82",
-                "sha256:e8082b26888e2f8b36a042a58307d5b917ef2b1cacab921ad3323ef91901c71a",
-                "sha256:e8323a9b031aa0393768b87f04b4164a40037fb2a3c11ac06a03ffecd3618027",
-                "sha256:e92fca20c46e9f5e1bb485887d074918b13543b1c2a1185e69bb8d17ab6236a7",
-                "sha256:eb30abc20df9ab0814b5a2524f23d75dcf83cde762c161917a2b4b7b55b1e518",
-                "sha256:eba9904b0f38a143592d9fc0e19e2df0fa2e41c3c3745554761c5f6447eedabf",
-                "sha256:ef8de666d6179b009dce7bcb2ad4c4a779f113f12caf8dc77f0162c29d20490b",
-                "sha256:efd387a49825780ff861998cd959767800d54f8308936b21025326de4b5a42b9",
-                "sha256:f0aa37f3c979cf2546b73e8222bbfa3dc07a641585340179d768068e3455e544",
-                "sha256:f4074c5a429281bf056ddd4c5d3b740ebca4d43ffffe2ef4bf4d2d05114299da",
-                "sha256:f69a27e45c43520f5487f27627059b64aaf160415589230992cec34c5e18a509",
-                "sha256:fb707f3e15060adf5b7ada797624a6c6e0138e2a26baa089df64c68ee98e040f",
-                "sha256:fcbe676a55d7445b22c10967bceaaf0ee69407fbe0ece4d032b6eb8d4565982a",
-                "sha256:fdb20a30fe1175ecabed17cbf7812f7b804b8a315a25f24678bcdf120a90077f"
+                "sha256:06a7e86163334edfc5d20fe104db92fcd666e5a5df0977cb5680a506fe26cc8e",
+                "sha256:0c173ce3a681f309f31b87125fecec7a5d1347261ea11ebbb856fa6006b23c8c",
+                "sha256:0e28d62a8fc7a1fa411c43bd65e346f3bce9716dc51b897fbe930c5987b402d5",
+                "sha256:0e901eb1049fdb80f5bd11ed5ea1e498ec423102f7a9b9e4645d5b8204ff2815",
+                "sha256:11afb56037cbc4b1555a34dd69151e8e069bee82e613a73bef6e714ce733585f",
+                "sha256:150b8ce8e830eb7ccb029ec9ca36022f756986aaaa7956aad6d9ec90089338c0",
+                "sha256:172985e4ff804a7ad08eebec0a1640ece87ba5041d565fff23c8f99c1f389484",
+                "sha256:197c1a244a274bb016dd8b79204850144ef77fe81c5b797dc389327adb552407",
+                "sha256:1ae6b62897110aa7c79ea2f5dd38d1abca6db663687c0b1ad9aed6f6bae3d9d6",
+                "sha256:1cf0a70018692f85172348fe06d3a4b63f94ecb055e13a00c644d368eb82e5b8",
+                "sha256:1ed80ff870ca6de33f4d953fda4d55654b9a2b340ff39ab32fa3adbcd718f264",
+                "sha256:22c6f0c2fbc31e76c3b8a86fba1a56eda6166e238c29cdd3d14befdb4a4e4815",
+                "sha256:231d4da14bcd9301310faf492051bee27df11f2bc7549bc0bb41fef11b82daa2",
+                "sha256:259695e2ccc253feb2a016303543d691825e920917e31f894ca1a687982b1de4",
+                "sha256:2a24157fa36980478dd1770b585c0f30d19e18f4fb0c47c13aa568f871718579",
+                "sha256:2b1a63e8224e401cafe7739f77efd3f9e7f5f2026bda4aead8e59afab537784f",
+                "sha256:2bd9d128ef93637a5d7a6af25363cf5dec3fa21cf80e68055aad627f280e8afa",
+                "sha256:2e1d8ca8611099001949d1cdfaefc510cf0f212484fe7c565f735b68c78c3c95",
+                "sha256:2ef7fedc7a6ecbe99969cd09632516738a97eeb8bd7258bf8a0f23114c057dab",
+                "sha256:2f7fdd9b6e6c529d6a2501a2d36b240109e78a8ceaef5687cfcfa2bbe671d297",
+                "sha256:30f445ae60aad5e1f8bdbb3108e39f6fbc09f4ea16c815c66578878325f8f15a",
+                "sha256:31215157227939b4fb3d740cd23fe27be0439afef67b785a1eb78a3ae69cba9e",
+                "sha256:34315ff4fc374b285ad7f4a0bf7dcbfe769e1b104230d40f49f700d4ab6bbd84",
+                "sha256:3516bbb8d42169de9e61b8520cbeeeb716f12f4ecfe3fd30a9919aa16c806ca8",
+                "sha256:3778fd7d7cd04ae8f54651f4a7a0bd6e39a0cf20f801720a4c21d80e9b7ad6b0",
+                "sha256:39f5068d35621da2881271e5c3205125cc456f54e9030d3f723288c873a71bf9",
+                "sha256:404a1e552cf5b675a87f0651f8b79f5f1e6fd100ee88dc612f89aa16abd4486f",
+                "sha256:419a9d91bd238052642a51938af8ac05da5b3343becde08d5cdeab9046df9ee1",
+                "sha256:423fb7e748a08f854a08a222b983f4df1912b1daedce51a72bd24fe8f26a1843",
+                "sha256:4482481cb0572180b6fd976a4d5c72a30263e98564da68b86ec91f0fe35e8565",
+                "sha256:461598cd852bfa5a61b09cae2b1c02e2efcd166ee5516e243d540ac24bfa68a7",
+                "sha256:47955475ac79cc504ef2704b192364e51d0d473ad452caedd0002605f780101c",
+                "sha256:48696db7f18afb80a068821504296eb0787d9ce239b91ca15059d1d3eaacf13b",
+                "sha256:4be9f4830ba8741527693848403e2c457c16e499100963ec711b1c6f2049b7c7",
+                "sha256:4d1d02209e06550bdaef34af58e041ad71b88e624f5d825519da3a3308e22687",
+                "sha256:4f41da960b196ea355357285ad1316a00099f22d0929fe168343b99b254729c9",
+                "sha256:517ad0e93394ac532745129ceabdf2696b609ec9f87863d337140317ebce1c14",
+                "sha256:51fb3c322c81d20567019778cb5a4a6f2dc1c200b886bc0d636238e364848c89",
+                "sha256:5273b9f0b5835ff0350c0828faea623c68bfa65b792720c453e22b25cc72930f",
+                "sha256:530d548084c4a9f7a16ed4a294d459b4f229db50df689bfe92027452452943a0",
+                "sha256:530e8cebeea0d76bdcf93357aa5e41336f48c3dc709ac52da2bb167c5b8271d9",
+                "sha256:54fae94be3d75f3e573c9a1b5402dc593de19377013c9a0e4285e3d402dd3a2a",
+                "sha256:572d7c822caf521f0525ba1bce1a622a0b85cf47ffbdae6c9c19e3b5ac3c4389",
+                "sha256:58c948d0d086229efc484fe2f30c2d382c86720f55cd9bc33591774348ad44e0",
+                "sha256:5d11595abf8dd942a77883a39d81433739b287b6aa71620f15164f8096221b30",
+                "sha256:5f8ddd609f9e1af8c7bd6e2aca279c931aefecd148a14402d4e368f3171769fd",
+                "sha256:5feb91325bbceade6afab43eb3b508c63ee53579fe896c77137ded51c6b6958e",
+                "sha256:60c74963d8350241a79cb8feea80e54d518f72c26db618862a8f53e5023deaf9",
+                "sha256:613f19aa6e082cf96e17e3ffd89383343d0d589abda756b7764cf78361fd41dc",
+                "sha256:659a1e1b500fac8f2779dd9e1570464e012f43e580371470b45277a27baa7532",
+                "sha256:695f5c2823691a25f17bc5d5ffe79fa90972cc34b002ac6c843bb8a1720e950d",
+                "sha256:69dd852c2f0ad631b8b60cfbe25a28c0058a894de5abb566619c205ce0550eae",
+                "sha256:6cceb5473417d28edd20c6c984ab6fee6c6267d38d906823ebfe20b03d607dc2",
+                "sha256:71be7e0e01753a89cf024abf7ecb6bca2c81738ead80d43004d9b5e3f1244e64",
+                "sha256:74119174722c4349af9708993118581686f343adc1c8c9c007d59be90d077f3f",
+                "sha256:74a2e659c7ecbc73562e2a15e05039f1e22c75b7c7618b4b574a3ea9118d1557",
+                "sha256:7504e9b7dc05f99a9bbb4525c67a2c155073b44d720470a148b34166a69c054e",
+                "sha256:79090741d842f564b1b2827c0b82d846405b744d31e84f18d7a7b41c20e473ff",
+                "sha256:7a6967aaf043bceabab5412ed6bd6bd26603dae84d5cb75bf8d9a74a4959d398",
+                "sha256:7bda6eebafd42133efdca535b04ccb338ab29467b3f7bf79569883676fc628db",
+                "sha256:7edbed096e4a4798710ed6bc75dcaa2a21b68b6c356553ac4823c3658d53743a",
+                "sha256:7f9019c9cb613f084481bd6a100b12e1547cf2efe362d873c2e31e4035a6fa43",
+                "sha256:802168e03fba8bbc5ce0d866d589e4b1ca751d06edee69f7f3a19c5a9fe6b597",
+                "sha256:80d0a5615143c0b3225e5e3ef22c8d5d51f3f72ce0ea6fb84c943546c7b25b6c",
+                "sha256:82060f995ab5003a2d6e0f4ad29065b7672b6593c8c63559beefe5b443242c3e",
+                "sha256:836ab36280f21fc1a03c99cd05c6b7af70d2697e374c7af0b61ed271401a72a2",
+                "sha256:8761ac29b6c81574724322a554605608a9960769ea83d2c73e396f3df896ad54",
+                "sha256:87725cfb1a4f1f8c2fc9890ae2f42094120f4b44db9360be5d99a4c6b0e03a9e",
+                "sha256:899d28f422116b08be5118ef350c292b36fc15ec2daeb9ea987c89281c7bb5c4",
+                "sha256:8bc5f0687d796c05b1e28ab0d38a50e6309906ee09375dd3aff6a9c09dd6e8f4",
+                "sha256:8bea55c4eef25b0b19a0337dc4e3f9a15b00d569c77211fa8cde38684f234fb7",
+                "sha256:8e5a94886bedca0f9b78fecd6afb6629142fd2605aa70a125d49f4edc6037ee6",
+                "sha256:90ca27cd8da8118b18a52d5f547859cc1f8354a00cd1e8e5120df3e30d6279e5",
+                "sha256:92734d4d8d187a354a556626c221cd1a892a4e0802ccb2af432a1d85ec012194",
+                "sha256:947cf925bc916d90adba35a64c82aace04fa39b46b52d4630ece166655905a69",
+                "sha256:95b52c68d64c1878818687a473a10547b3292e82b6f6fe483808fb1468e2f52f",
+                "sha256:97d0235baafca5f2b09cf332cc275f021e694e8362c6bb9c96fc9a0eb74fc316",
+                "sha256:9ca4c0b502ab399ef89248a2c84c54954f77a070f28e546a85e91da627d1301e",
+                "sha256:9cc4fc6c196d6a8b76629a70ddfcd4635a6898756e2d9cac5565cf0654605d73",
+                "sha256:9cc6e6d9e571d2f863fa77700701dae73ed5f78881efc8b3f9a4398772ff53e8",
+                "sha256:a056d1ad2633548ca18ffa2f85c202cfb48b68615129143915b8dc72a806a923",
+                "sha256:a26611d9987b230566f24a0a125f17fe0de6a6aff9f25c9f564aaa2721a5fb88",
+                "sha256:a4474d924a47185a06411e0064b803c68be044be2d60e50e8bddcc2649957c1f",
+                "sha256:a4ea868bc28109052790eb2b52a9ab33f3aa7adc02f96673526ff47419490e21",
+                "sha256:a9e68c9d88823b274cf1e72f28cb5dc89c990edf430b0bfd3e2fb0785bfeabf4",
+                "sha256:aa9cccf4a44b9b62d8ba8b4dd06c649ba683e4bf04eea606d2e94cfc2d6ff4d6",
+                "sha256:ab30e5e3e706e3063bc6de96b118688cb10396b70bb9864a430f67df98c61ecc",
+                "sha256:ac2393c73378fea4e52aa56285a3d64be50f1a12395afef9cce47772f60334c2",
+                "sha256:ad8faf8df23f0378c6d527d8b0b15ea4a2e23c89376877c598c4870d1b2c7866",
+                "sha256:b35b200d6a71b9839a46b9b7fff66b6638bb52fc9658aa58796b0326595d3021",
+                "sha256:b3694e3f87f8ac7ce279d4355645b3c878d24d1424581b46282f24b92f5a4ae2",
+                "sha256:b4ff1d35e8c5bd078be89349b6f3a845128e685e751b6ea1169cf2160b344c4d",
+                "sha256:bbc8c8650c6e51041ad1be191742b8b421d05bbd3410f43fa2a00c8db87678e8",
+                "sha256:bc72863f4d9aba2e8fd9085e63548a324ba706d2ea2c83b260da08a59b9482de",
+                "sha256:bf625105bb9eef28a56a943fec8c8a98aeb80e7d7db99bd3c388137e6eb2d237",
+                "sha256:c2274ca724536f173122f36c98ce188fd24ce3dad886ec2b7af859518ce008a4",
+                "sha256:c45a03a4c69820a399f1dda9e1d8fbf3562eda46e7720458180302021b08f778",
+                "sha256:c8ae56368f8cc97c7e40a7ee18e1cedaf8e780cd8bc5ed5ac8b81f238614facb",
+                "sha256:c907cdc8109f6c619e6254212e794d6548373cc40e1ec75e6e3823d9135d29cc",
+                "sha256:ca0276464d148c72defa8bb4390cce01b4a0e425f3b50d1435aa6d7a18107602",
+                "sha256:cd5e2801c89992ed8c0a3f0293ae83c159a60d9a5d685005383ef4caca77f2c4",
+                "sha256:d08ec48f0a1c48d75d0356cea971921848fb620fdeba805b28f937e90691209f",
+                "sha256:d1a2ee9c1499fc8f86f4521f27a973c914b211ffa87322f4ee33bb35392da2c5",
+                "sha256:d5f5d1e9def3405f60e3ca8232d56f35c98fb7bf581efcc60051ebf53cb8b611",
+                "sha256:d60377dce4511655582e300dc1e5a5f24ba0cb229005a1d5c8d0cb72bb758ab8",
+                "sha256:d73beaac5e90173ac3deb9928a74763a6d230f494e4bfb422c217a0ad8e629bf",
+                "sha256:d7de2637729c67d67cf87614b566626057e95c303bc0a55ffe391f5205e7003d",
+                "sha256:dad6e0f2e481fffdcf776d10ebee25e0ef89f16d691f1e5dee4b586375fdc64b",
+                "sha256:dda86aba335c902b6149a02a55b38e96287157e609200811837678214ba2b1db",
+                "sha256:df01808ee470038c3f8dc4f48620df7225c49c2d6639e38f96e6d6ac6e6f7b0e",
+                "sha256:e1f6e2f00a6b8edb562826e4632e26d063ac10307e80f7461f7de3ad8ef3f077",
+                "sha256:e25369dc110d58ddf29b949377a93e0716d72a24f62bad72b2b39f155949c1fd",
+                "sha256:e3c701e954abf6fc03a49f7c579cc80c2c6cc52525340ca3186c41d3f33482ef",
+                "sha256:e5bcc1a1ae744e0bb59641171ae53743760130600da8db48cbb6e4918e186e4e",
+                "sha256:e68c14b04827dd76dcbd1aeea9e604e3e4b78322d8faf2f8132c7138efa340a8",
+                "sha256:e8aeb10fcbe92767f0fa69ad5a72deca50d0dca07fbde97848997d778a50c9fe",
+                "sha256:e985a16ff513596f217cee86c21371b8cd011c0f6f056d0920aa2d926c544058",
+                "sha256:ecbbd45615a6885fe3240eb9db73b9e62518b611850fdf8ab08bd56de7ad2b17",
+                "sha256:ee4ec14bc1680d6b0afab9aea2ef27e26d2024f18b24a2d7155a52b60da7e833",
+                "sha256:ef5960d965e67165d75b7c7ffc60a83ec5abfc5c11b764ec13ea54fbef8b4421",
+                "sha256:f0cdaecd4c953bfae0b6bb64910aaaca5a424ad9c72d85cb88417bb9814f7550",
+                "sha256:f1ce721c8a7dfec21fcbdfe04e8f68174183cf4e8188e0645e92aa23985c57ff",
+                "sha256:f50498891691e0864dc3da965f340fada0771f6142a378083dc4608f4ea513e2",
+                "sha256:f5ea69428fa1b49573eef0cc44a1d43bebd45ad0c611eb7d7eac760c7ae771bc",
+                "sha256:f61aa92e4aad0be58eb6eb4e0c21acf32cf8065f4b2cae5665da756c4ceef982",
+                "sha256:f6e4333fb15c83f7d1482a76d45a0818897b3d33f00efd215528ff7c51b8e35d",
+                "sha256:f820f24b09e3e779fe84c3c456cb4108a7aa639b0d1f02c28046e11bfcd088ed",
+                "sha256:f98059e4fcd3e3e4e2d632b7cf81c2faae96c43c60b569e9c621468082f1d104",
+                "sha256:fcce033e4021347d80ed9c66dcf1e7b1546319834b74445f561d2e2221de5659"
             ],
             "markers": "python_version >= '3.7'",
-            "version": "==3.4.2"
+            "version": "==3.4.6"
         },
         "click": {
             "hashes": [
@@ -163,11 +200,11 @@
         },
         "idna": {
             "hashes": [
-                "sha256:12f65c9b470abda6dc35cf8e63cc574b1c52b11df2c86030af0ac09b01b13ea9",
-                "sha256:946d195a0d259cbba61165e88e65941f16e9b36ea6ddb97f00452bae8b1287d3"
+                "sha256:771a87f49d9defaf64091e6e6fe9c18d4833f140bd19464795bc32d966ca37ea",
+                "sha256:795dafcc9c04ed0c1fb032c2aa73654d8e8c5023a7df64a53f39190ada629902"
             ],
-            "markers": "python_version >= '3.6'",
-            "version": "==3.10"
+            "markers": "python_version >= '3.8'",
+            "version": "==3.11"
         },
         "importlib-metadata": {
             "hashes": [
@@ -316,12 +353,12 @@
         },
         "mkdocs-include-markdown-plugin": {
             "hashes": [
-                "sha256:30da634c568ea5d5f9e5881d51f80ac30d8c5f891cec160344ad7a0fdaea6286",
-                "sha256:5d94db87b06cd303619dbaebba5f7f43a3ded7fd7709451d26f08c176376ffec"
+                "sha256:f052ccb741eccf498116b826c1d78a2d761c56747372594709441cee0963fbc9",
+                "sha256:f2ec4487cf32d3e33ca528f9366f20fb9280ded9c8d1630eb2bbda244962dcd1"
             ],
             "index": "pypi",
             "markers": "python_version >= '3.9'",
-            "version": "==7.2.1"
+            "version": "==7.2.2"
         },
         "mkdocs-markdownextradata-plugin": {
             "hashes": [
@@ -373,19 +410,20 @@
         },
         "platformdirs": {
             "hashes": [
-                "sha256:9170634f126f8efdae22fb58ae8a0eaa86f38365bc57897a6c4f781d1f5875bd",
-                "sha256:9a33809944b9db043ad67ca0db94b14bf452cc6aeaac46a88ea55b26e2e9d291"
+                "sha256:1ec356301b7dc906d83f371c8f487070e99d3ccf9e501686456394622a01a934",
+                "sha256:68a9a4619a666ea6439f2ff250c12a853cd1cbd5158d258bd824a7df6be2f868"
             ],
             "markers": "python_version >= '3.10'",
-            "version": "==4.9.2"
+            "version": "==4.9.4"
         },
         "pygments": {
             "hashes": [
-                "sha256:636cb2477cec7f8952536970bc533bc43743542f70392ae026374600add5b887",
-                "sha256:86540386c03d588bb81d44bc3928634ff26449851e99741617ecb9037ee5ec0b"
+                "sha256:6757cd03768053ff99f3039c1a36d6c0aa0b263438fcab17520b30a303a82b5f",
+                "sha256:81a9e26dd42fd28a23a2d169d86d7ac03b46e2f8b59ed4698fb4785f946d0176"
             ],
-            "markers": "python_version >= '3.8'",
-            "version": "==2.19.2"
+            "index": "pypi",
+            "markers": "python_version >= '3.9'",
+            "version": "==2.20.0"
         },
         "pymdown-extensions": {
             "hashes": [
@@ -586,12 +624,12 @@
         },
         "requests": {
             "hashes": [
-                "sha256:27babd3cda2a6d50b30443204ee89830707d396671944c998b5975b031ac2b2c",
-                "sha256:27d0316682c8a29834d3264820024b62a36942083d52caf2f14c0591336d3422"
+                "sha256:3324635456fa185245e24865e810cecec7b4caf933d7eb133dcde67d48cee69b",
+                "sha256:c7ebc5e8b0f21837386ad0e1c8fe8b829fa5f544d8df3b2253bff14ef29d7652"
             ],
             "index": "pypi",
-            "markers": "python_version >= '3.8'",
-            "version": "==2.32.4"
+            "markers": "python_version >= '3.10'",
+            "version": "==2.33.0"
         },
         "six": {
             "hashes": [
@@ -606,7 +644,6 @@
                 "sha256:1b62b6884944a57dbe321509ab94fd4d3b307075e0c2eae991ac71ee15ad38ed",
                 "sha256:bf272323e553dfb2e87d9bfd225ca7b0f467b919d7bbd355436d3fd37cb0acd4"
             ],
-            "index": "pypi",
             "markers": "python_version >= '3.9'",
             "version": "==2.6.3"
         },
diff --git a/vendor/github.com/testcontainers/testcontainers-go/cleanup.go b/vendor/github.com/testcontainers/testcontainers-go/cleanup.go
index bd9371355c..2f84486367 100644
--- a/vendor/github.com/testcontainers/testcontainers-go/cleanup.go
+++ b/vendor/github.com/testcontainers/testcontainers-go/cleanup.go
@@ -6,6 +6,8 @@ import (
 	"fmt"
 	"reflect"
 	"time"
+
+	"github.com/moby/moby/client"
 )
 
 // TerminateOptions is a type that holds the options for terminating a container.
@@ -48,15 +50,15 @@ func (o *TerminateOptions) Cleanup() error {
 	if len(o.volumes) == 0 {
 		return nil
 	}
-	client, err := NewDockerClientWithOpts(o.ctx)
+	apiClient, err := NewDockerClientWithOpts(o.ctx)
 	if err != nil {
 		return fmt.Errorf("docker client: %w", err)
 	}
-	defer client.Close()
+	defer apiClient.Close()
 	// Best effort to remove all volumes.
 	var errs []error
 	for _, volume := range o.volumes {
-		if errRemove := client.VolumeRemove(o.ctx, volume, true); errRemove != nil {
+		if _, errRemove := apiClient.VolumeRemove(o.ctx, volume, client.VolumeRemoveOptions{Force: true}); errRemove != nil {
 			errs = append(errs, fmt.Errorf("volume remove %q: %w", volume, errRemove))
 		}
 	}
diff --git a/vendor/github.com/testcontainers/testcontainers-go/commons-test.mk b/vendor/github.com/testcontainers/testcontainers-go/commons-test.mk
index bb86a9fab4..50f8a2e996 100644
--- a/vendor/github.com/testcontainers/testcontainers-go/commons-test.mk
+++ b/vendor/github.com/testcontainers/testcontainers-go/commons-test.mk
@@ -14,6 +14,9 @@ $(GOBIN)/gotestsum:
 $(GOBIN)/mockery:
 	$(call go_install,github.com/vektra/mockery/v2@v2.53.4)
 
+$(GOBIN)/gci:
+	$(call go_install,github.com/daixiang0/gci@v0.13.5)
+
 .PHONY: install
 install: $(GOBIN)/golangci-lint $(GOBIN)/gotestsum $(GOBIN)/mockery
 
@@ -30,9 +33,10 @@ dependencies-scan:
 
 .PHONY: lint
 lint: $(GOBIN)/golangci-lint
-	golangci-lint run --verbose -c $(ROOT_DIR)/.golangci.yml --fix
+	golangci-lint run -c $(ROOT_DIR)/.golangci.yml --fix
 
 .PHONY: generate
+generate: $(GOBIN)/gci
 generate: $(GOBIN)/mockery
 	go generate ./...
 
diff --git a/vendor/github.com/testcontainers/testcontainers-go/container.go b/vendor/github.com/testcontainers/testcontainers-go/container.go
index 49c421a7d0..b7f0b653e7 100644
--- a/vendor/github.com/testcontainers/testcontainers-go/container.go
+++ b/vendor/github.com/testcontainers/testcontainers-go/container.go
@@ -13,13 +13,12 @@ import (
 	"time"
 
 	"github.com/cpuguy83/dockercfg"
-	"github.com/docker/docker/api/types/build"
-	"github.com/docker/docker/api/types/container"
-	"github.com/docker/docker/api/types/network"
-	"github.com/docker/docker/api/types/registry"
-	"github.com/docker/go-connections/nat"
 	"github.com/google/uuid"
 	"github.com/moby/go-archive"
+	"github.com/moby/moby/api/types/container"
+	"github.com/moby/moby/api/types/network"
+	"github.com/moby/moby/api/types/registry"
+	"github.com/moby/moby/client"
 	"github.com/moby/patternmatcher/ignorefile"
 
 	tcexec "github.com/testcontainers/testcontainers-go/exec"
@@ -34,23 +33,23 @@ import (
 type DeprecatedContainer interface {
 	GetHostEndpoint(ctx context.Context, port string) (string, string, error)
 	GetIPAddress(ctx context.Context) (string, error)
-	LivenessCheckPorts(ctx context.Context) (nat.PortSet, error)
+	LivenessCheckPorts(ctx context.Context) (network.PortSet, error)
 	Terminate(ctx context.Context) error
 }
 
 // Container allows getting info about and controlling a single container instance
 type Container interface {
-	GetContainerID() string                                                        // get the container id from the provider
-	Endpoint(context.Context, string) (string, error)                              // get proto://ip:port string for the lowest exposed port
-	PortEndpoint(ctx context.Context, port nat.Port, proto string) (string, error) // get proto://ip:port string for the given exposed port
-	Host(context.Context) (string, error)                                          // get host where the container port is exposed
-	Inspect(context.Context) (*container.InspectResponse, error)                   // get container info
-	MappedPort(context.Context, nat.Port) (nat.Port, error)                        // get externally mapped port for a container port
-	Ports(context.Context) (nat.PortMap, error)                                    // Deprecated: Use c.Inspect(ctx).NetworkSettings.Ports instead
-	SessionID() string                                                             // get session id
-	IsRunning() bool                                                               // IsRunning returns true if the container is running, false otherwise.
-	Start(context.Context) error                                                   // start the container
-	Stop(context.Context, *time.Duration) error                                    // stop the container
+	GetContainerID() string                                                      // get the container id from the provider
+	Endpoint(context.Context, string) (string, error)                            // get proto://ip:port string for the lowest exposed port
+	PortEndpoint(ctx context.Context, port string, proto string) (string, error) // get proto://ip:port string for the given exposed port
+	Host(context.Context) (string, error)                                        // get host where the container port is exposed
+	Inspect(context.Context) (*container.InspectResponse, error)                 // get container info
+	MappedPort(context.Context, string) (network.Port, error)                    // get externally mapped port for a container port
+	Ports(context.Context) (network.PortMap, error)                              // Deprecated: Use c.Inspect(ctx).NetworkSettings.Ports instead
+	SessionID() string                                                           // get session id
+	IsRunning() bool                                                             // IsRunning returns true if the container is running, false otherwise.
+	Start(context.Context) error                                                 // start the container
+	Stop(context.Context, *time.Duration) error                                  // stop the container
 
 	// Terminate stops and removes the container and its image if it was built and not flagged as kept.
 	Terminate(ctx context.Context, opts ...TerminateOption) error
@@ -75,15 +74,15 @@ type Container interface {
 
 // ImageBuildInfo defines what is needed to build an image
 type ImageBuildInfo interface {
-	BuildOptions() (build.ImageBuildOptions, error) // converts the ImageBuildInfo to a build.ImageBuildOptions
-	GetContext() (io.Reader, error)                 // the path to the build context
-	GetDockerfile() string                          // the relative path to the Dockerfile, including the file itself
-	GetRepo() string                                // get repo label for image
-	GetTag() string                                 // get tag label for image
-	BuildLogWriter() io.Writer                      // for output of build log, use io.Discard to disable the output
-	ShouldBuildImage() bool                         // return true if the image needs to be built
-	GetBuildArgs() map[string]*string               // return the environment args used to build the Dockerfile
-	GetAuthConfigs() map[string]registry.AuthConfig // Deprecated. Testcontainers will detect registry credentials automatically. Return the auth configs to be able to pull from an authenticated docker registry
+	BuildOptions() (client.ImageBuildOptions, error) // converts the ImageBuildInfo to a build.ImageBuildOptions
+	GetContext() (io.Reader, error)                  // the path to the build context
+	GetDockerfile() string                           // the relative path to the Dockerfile, including the file itself
+	GetRepo() string                                 // get repo label for image
+	GetTag() string                                  // get tag label for image
+	BuildLogWriter() io.Writer                       // for output of build log, use io.Discard to disable the output
+	ShouldBuildImage() bool                          // return true if the image needs to be built
+	GetBuildArgs() map[string]*string                // return the environment args used to build the Dockerfile
+	GetAuthConfigs() map[string]registry.AuthConfig  // Deprecated. Testcontainers will detect registry credentials automatically. Return the auth configs to be able to pull from an authenticated docker registry
 }
 
 // FromDockerfile represents the parameters needed to build an image from a Dockerfile
@@ -105,7 +104,7 @@ type FromDockerfile struct {
 	// BuildOptionsModifier Modifier for the build options before image build. Use it for
 	// advanced configurations while building the image. Please consider that the modifier
 	// is called after the default build options are set.
-	BuildOptionsModifier func(*build.ImageBuildOptions)
+	BuildOptionsModifier func(*client.ImageBuildOptions)
 }
 
 type ContainerFile struct {
@@ -435,8 +434,8 @@ func (c *ContainerRequest) BuildLogWriter() io.Writer {
 // BuildOptions returns the image build options when building a Docker image from a Dockerfile.
 // It will apply some defaults and finally call the BuildOptionsModifier from the FromDockerfile struct,
 // if set.
-func (c *ContainerRequest) BuildOptions() (build.ImageBuildOptions, error) {
-	buildOptions := build.ImageBuildOptions{
+func (c *ContainerRequest) BuildOptions() (client.ImageBuildOptions, error) {
+	buildOptions := client.ImageBuildOptions{
 		Remove:      true,
 		ForceRemove: true,
 	}
@@ -452,7 +451,7 @@ func (c *ContainerRequest) BuildOptions() (build.ImageBuildOptions, error) {
 	// Make sure the auth configs from the Dockerfile are set right after the user-defined build options.
 	authsFromDockerfile, err := getAuthConfigsFromDockerfile(c)
 	if err != nil {
-		return build.ImageBuildOptions{}, fmt.Errorf("auth configs from Dockerfile: %w", err)
+		return client.ImageBuildOptions{}, fmt.Errorf("auth configs from Dockerfile: %w", err)
 	}
 
 	if buildOptions.AuthConfigs == nil {
@@ -468,7 +467,7 @@ func (c *ContainerRequest) BuildOptions() (build.ImageBuildOptions, error) {
 	for _, is := range c.ImageSubstitutors {
 		modifiedTag, err := is.Substitute(tag)
 		if err != nil {
-			return build.ImageBuildOptions{}, fmt.Errorf("failed to substitute image %s with %s: %w", tag, is.Description(), err)
+			return client.ImageBuildOptions{}, fmt.Errorf("failed to substitute image %s with %s: %w", tag, is.Description(), err)
 		}
 
 		if modifiedTag != tag {
@@ -487,10 +486,10 @@ func (c *ContainerRequest) BuildOptions() (build.ImageBuildOptions, error) {
 	if !c.ShouldKeepBuiltImage() {
 		dst := GenericLabels()
 		if err = core.MergeCustomLabels(dst, c.Labels); err != nil {
-			return build.ImageBuildOptions{}, err
+			return client.ImageBuildOptions{}, err
 		}
 		if err = core.MergeCustomLabels(dst, buildOptions.Labels); err != nil {
-			return build.ImageBuildOptions{}, err
+			return client.ImageBuildOptions{}, err
 		}
 		buildOptions.Labels = dst
 	}
@@ -498,7 +497,7 @@ func (c *ContainerRequest) BuildOptions() (build.ImageBuildOptions, error) {
 	// Do this as late as possible to ensure we don't leak the context on error/panic.
 	buildContext, err := c.GetContext()
 	if err != nil {
-		return build.ImageBuildOptions{}, err
+		return client.ImageBuildOptions{}, err
 	}
 
 	buildOptions.Context = buildContext
diff --git a/vendor/github.com/testcontainers/testcontainers-go/docker.go b/vendor/github.com/testcontainers/testcontainers-go/docker.go
index 9cfe50fcc3..03633f4922 100644
--- a/vendor/github.com/testcontainers/testcontainers-go/docker.go
+++ b/vendor/github.com/testcontainers/testcontainers-go/docker.go
@@ -4,9 +4,7 @@ import (
 	"archive/tar"
 	"bufio"
 	"context"
-	"encoding/base64"
 	"encoding/binary"
-	"encoding/json"
 	"errors"
 	"fmt"
 	"io"
@@ -17,22 +15,20 @@ import (
 	"path/filepath"
 	"regexp"
 	"slices"
+	"strconv"
 	"sync"
+	"sync/atomic"
 	"time"
 
 	"github.com/cenkalti/backoff/v4"
 	"github.com/containerd/errdefs"
 	"github.com/containerd/platforms"
-	"github.com/docker/docker/api/types/build"
-	"github.com/docker/docker/api/types/container"
-	"github.com/docker/docker/api/types/filters"
-	"github.com/docker/docker/api/types/image"
-	"github.com/docker/docker/api/types/network"
-	"github.com/docker/docker/client"
-	"github.com/docker/docker/pkg/jsonmessage"
-	"github.com/docker/docker/pkg/stdcopy"
-	"github.com/docker/go-connections/nat"
-	"github.com/moby/term"
+	"github.com/moby/moby/api/pkg/authconfig"
+	"github.com/moby/moby/api/pkg/stdcopy"
+	"github.com/moby/moby/api/types/container"
+	"github.com/moby/moby/api/types/network"
+	"github.com/moby/moby/client"
+	"github.com/moby/moby/client/pkg/jsonmessage"
 	specs "github.com/opencontainers/image-spec/specs-go/v1"
 
 	tcexec "github.com/testcontainers/testcontainers-go/exec"
@@ -74,7 +70,7 @@ type DockerContainer struct {
 	Image        string
 	exposedPorts []string // a reference to the container's requested exposed ports. It allows checking they are ready before any wait strategy
 
-	isRunning     bool
+	isRunning     atomic.Bool
 	imageWasBuilt bool
 	// keepBuiltImage makes Terminate not remove the image if imageWasBuilt.
 	keepBuiltImage    bool
@@ -96,7 +92,7 @@ type DockerContainer struct {
 	logger               log.Logger
 	lifecycleHooks       []ContainerLifecycleHooks
 
-	healthStatus string // container health status, will default to healthStatusNone if no healthcheck is present
+	healthStatus container.HealthStatus // container health status, will default to healthStatusNone if no healthcheck is present
 }
 
 // SetLogger sets the logger for the container
@@ -119,7 +115,7 @@ func (c *DockerContainer) GetContainerID() string {
 }
 
 func (c *DockerContainer) IsRunning() bool {
-	return c.isRunning
+	return c.isRunning.Load()
 }
 
 // Endpoint gets proto://host:port string for the lowest numbered exposed port
@@ -131,20 +127,20 @@ func (c *DockerContainer) Endpoint(ctx context.Context, proto string) (string, e
 	}
 
 	// Get lowest numbered bound port.
-	var lowestPort nat.Port
+	var lowestPort network.Port
 	for port := range inspect.NetworkSettings.Ports {
-		if lowestPort == "" || port.Int() < lowestPort.Int() {
+		if lowestPort.IsZero() || port.Num() < lowestPort.Num() {
 			lowestPort = port
 		}
 	}
 
-	return c.PortEndpoint(ctx, lowestPort, proto)
+	return c.PortEndpoint(ctx, lowestPort.String(), proto)
 }
 
 // PortEndpoint gets proto://host:port string for the given exposed port
 // It returns proto://host:port or proto://[IPv6host]:port string for the given exposed port.
 // It returns just host:port or [IPv6host]:port if proto is blank.
-func (c *DockerContainer) PortEndpoint(ctx context.Context, port nat.Port, proto string) (string, error) {
+func (c *DockerContainer) PortEndpoint(ctx context.Context, port string, proto string) (string, error) {
 	host, err := c.Host(ctx)
 	if err != nil {
 		return "", err
@@ -181,40 +177,56 @@ func (c *DockerContainer) Inspect(ctx context.Context) (*container.InspectRespon
 		return nil, err
 	}
 
-	return jsonRaw, nil
+	return &jsonRaw.Container, nil
 }
 
 // MappedPort gets externally mapped port for a container port
-func (c *DockerContainer) MappedPort(ctx context.Context, port nat.Port) (nat.Port, error) {
+func (c *DockerContainer) MappedPort(ctx context.Context, port string) (network.Port, error) {
 	inspect, err := c.Inspect(ctx)
 	if err != nil {
-		return "", fmt.Errorf("inspect: %w", err)
+		return network.Port{}, fmt.Errorf("inspect: %w", err)
 	}
+	// The old nat.Port type (a plain string) accepted empty strings:
+	// nat.SplitProtoPort("") returns ("", ""), so Port() == "" and
+	// no container port matches, yielding "not found".
+	// See https://github.com/docker/go-connections/blob/v0.6.0/nat/nat.go#L101-L110
+	// Skip parsing here to preserve that behavior and avoid a
+	// ParsePort error on empty input.
+	var nwPort network.Port
+	if port != "" {
+		nwPort, err = network.ParsePort(port)
+		if err != nil {
+			return network.Port{}, err
+		}
+	}
+
 	if inspect.HostConfig.NetworkMode == "host" {
-		return port, nil
+		return nwPort, nil
 	}
 
 	ports := inspect.NetworkSettings.Ports
 
 	for k, p := range ports {
-		if k.Port() != port.Port() {
+		if k.Num() != nwPort.Num() {
 			continue
 		}
-		if port.Proto() != "" && k.Proto() != port.Proto() {
+		if nwPort.Proto() != "" && k.Proto() != nwPort.Proto() {
 			continue
 		}
 		if len(p) == 0 {
 			continue
 		}
-		return nat.NewPort(k.Proto(), p[0].HostPort)
+		pNum, _ := strconv.ParseUint(p[0].HostPort, 10, 16)
+		hPort, _ := network.PortFrom(uint16(pNum), k.Proto())
+		return hPort, nil
 	}
 
-	return "", errdefs.ErrNotFound.WithMessage(fmt.Sprintf("port %q not found", port))
+	return network.Port{}, errdefs.ErrNotFound.WithMessage(fmt.Sprintf("port %q not found", nwPort))
 }
 
 // Deprecated: use c.Inspect(ctx).NetworkSettings.Ports instead.
 // Ports gets the exposed ports for the container.
-func (c *DockerContainer) Ports(ctx context.Context) (nat.PortMap, error) {
+func (c *DockerContainer) Ports(ctx context.Context) (network.PortMap, error) {
 	inspect, err := c.Inspect(ctx)
 	if err != nil {
 		return nil, err
@@ -234,7 +246,7 @@ func (c *DockerContainer) Start(ctx context.Context) error {
 		return fmt.Errorf("starting hook: %w", err)
 	}
 
-	if err := c.provider.client.ContainerStart(ctx, c.ID, container.StartOptions{}); err != nil {
+	if _, err := c.provider.client.ContainerStart(ctx, c.ID, client.ContainerStartOptions{}); err != nil {
 		return fmt.Errorf("container start: %w", err)
 	}
 	defer c.provider.Close()
@@ -244,7 +256,7 @@ func (c *DockerContainer) Start(ctx context.Context) error {
 		return fmt.Errorf("started hook: %w", err)
 	}
 
-	c.isRunning = true
+	c.isRunning.Store(true)
 
 	err = c.readiedHook(ctx)
 	if err != nil {
@@ -278,20 +290,20 @@ func (c *DockerContainer) Stop(ctx context.Context, timeout *time.Duration) erro
 		return fmt.Errorf("stopping hook: %w", err)
 	}
 
-	var options container.StopOptions
+	var options client.ContainerStopOptions
 
 	if timeout != nil {
 		timeoutSeconds := int(timeout.Seconds())
 		options.Timeout = &timeoutSeconds
 	}
 
-	if err := c.provider.client.ContainerStop(ctx, c.ID, options); err != nil {
+	if _, err := c.provider.client.ContainerStop(ctx, c.ID, options); err != nil {
 		return fmt.Errorf("container stop: %w", err)
 	}
 
 	defer c.provider.Close()
 
-	c.isRunning = false
+	c.isRunning.Store(false)
 
 	err = c.stoppedHook(ctx)
 	if err != nil {
@@ -331,17 +343,17 @@ func (c *DockerContainer) Terminate(ctx context.Context, opts ...TerminateOption
 
 	// TODO: Handle errors from ContainerRemove more correctly, e.g. should we
 	// run the terminated hook?
-	errs := []error{
-		c.terminatingHook(ctx),
-		c.provider.client.ContainerRemove(ctx, c.GetContainerID(), container.RemoveOptions{
-			RemoveVolumes: true,
-			Force:         true,
-		}),
-		c.terminatedHook(ctx),
-	}
+	var errs []error
+	errs = append(errs, c.terminatingHook(ctx))
+	_, err = c.provider.client.ContainerRemove(ctx, c.GetContainerID(), client.ContainerRemoveOptions{
+		RemoveVolumes: true,
+		Force:         true,
+	})
+	errs = append(errs, err)
+	errs = append(errs, c.terminatedHook(ctx))
 
 	if c.imageWasBuilt && !c.keepBuiltImage {
-		_, err := c.provider.client.ImageRemove(ctx, c.Image, image.RemoveOptions{
+		_, err := c.provider.client.ImageRemove(ctx, c.Image, client.ImageRemoveOptions{
 			Force:         true,
 			PruneChildren: true,
 		})
@@ -349,7 +361,7 @@ func (c *DockerContainer) Terminate(ctx context.Context, opts ...TerminateOption
 	}
 
 	c.sessionID = ""
-	c.isRunning = false
+	c.isRunning.Store(false)
 
 	if err = options.Cleanup(); err != nil {
 		errs = append(errs, err)
@@ -359,9 +371,9 @@ func (c *DockerContainer) Terminate(ctx context.Context, opts ...TerminateOption
 }
 
 // update container raw info
-func (c *DockerContainer) inspectRawContainer(ctx context.Context) (*container.InspectResponse, error) {
+func (c *DockerContainer) inspectRawContainer(ctx context.Context) (*client.ContainerInspectResult, error) {
 	defer c.provider.Close()
-	inspect, err := c.provider.client.ContainerInspect(ctx, c.ID)
+	inspect, err := c.provider.client.ContainerInspect(ctx, c.ID, client.ContainerInspectOptions{})
 	if err != nil {
 		return nil, err
 	}
@@ -372,12 +384,10 @@ func (c *DockerContainer) inspectRawContainer(ctx context.Context) (*container.I
 // Logs will fetch both STDOUT and STDERR from the current container. Returns a
 // ReadCloser and leaves it up to the caller to extract what it wants.
 func (c *DockerContainer) Logs(ctx context.Context) (io.ReadCloser, error) {
-	options := container.LogsOptions{
+	rc, err := c.provider.client.ContainerLogs(ctx, c.ID, client.ContainerLogsOptions{
 		ShowStdout: true,
 		ShowStderr: true,
-	}
-
-	rc, err := c.provider.client.ContainerLogs(ctx, c.ID, options)
+	})
 	if err != nil {
 		return nil, err
 	}
@@ -469,7 +479,7 @@ func (c *DockerContainer) State(ctx context.Context) (*container.State, error) {
 	if err != nil {
 		return nil, err
 	}
-	return inspect.State, nil
+	return inspect.Container.State, nil
 }
 
 // Networks gets the names of the networks the container is attached to.
@@ -497,14 +507,13 @@ func (c *DockerContainer) ContainerIP(ctx context.Context) (string, error) {
 		return "", err
 	}
 
-	//nolint:staticcheck // SA1019: IPAddress is deprecated, but we need it for compatibility until v29
-	ip := inspect.NetworkSettings.IPAddress
-	if ip == "" {
-		// use IP from "Networks" if only single network defined
-		networks := inspect.NetworkSettings.Networks
-		if len(networks) == 1 {
-			for _, v := range networks {
-				ip = v.IPAddress
+	var ip string
+	//  IPAddress is deprecated; use IP from "Networks" if only single network defined
+	networks := inspect.NetworkSettings.Networks
+	if len(networks) == 1 {
+		for _, v := range networks {
+			if v.IPAddress.IsValid() {
+				ip = v.IPAddress.String()
 			}
 		}
 	}
@@ -522,7 +531,9 @@ func (c *DockerContainer) ContainerIPs(ctx context.Context) ([]string, error) {
 	networks := inspect.NetworkSettings.Networks
 	ips := make([]string, 0, len(networks))
 	for _, nw := range networks {
-		ips = append(ips, nw.IPAddress)
+		if nw.IPAddress.IsValid() {
+			ips = append(ips, nw.IPAddress.String())
+		}
 	}
 
 	return ips, nil
@@ -564,12 +575,12 @@ func (c *DockerContainer) Exec(ctx context.Context, cmd []string, options ...tce
 		o.Apply(processOptions)
 	}
 
-	response, err := cli.ContainerExecCreate(ctx, c.ID, processOptions.ExecConfig)
+	response, err := cli.ExecCreate(ctx, c.ID, processOptions.ExecConfig)
 	if err != nil {
 		return 0, nil, fmt.Errorf("container exec create: %w", err)
 	}
 
-	hijack, err := cli.ContainerExecAttach(ctx, response.ID, container.ExecAttachOptions{})
+	hijack, err := cli.ExecAttach(ctx, response.ID, client.ExecAttachOptions{})
 	if err != nil {
 		return 0, nil, fmt.Errorf("container exec attach: %w", err)
 	}
@@ -584,7 +595,7 @@ func (c *DockerContainer) Exec(ctx context.Context, cmd []string, options ...tce
 
 	var exitCode int
 	for {
-		execResp, err := cli.ContainerExecInspect(ctx, response.ID)
+		execResp, err := cli.ExecInspect(ctx, response.ID, client.ExecInspectOptions{})
 		if err != nil {
 			return 0, nil, fmt.Errorf("container exec inspect: %w", err)
 		}
@@ -614,13 +625,15 @@ func (fc *FileFromContainer) Close() error {
 }
 
 func (c *DockerContainer) CopyFileFromContainer(ctx context.Context, filePath string) (io.ReadCloser, error) {
-	r, _, err := c.provider.client.CopyFromContainer(ctx, c.ID, filePath)
+	r, err := c.provider.client.CopyFromContainer(ctx, c.ID, client.CopyFromContainerOptions{
+		SourcePath: filePath,
+	})
 	if err != nil {
 		return nil, err
 	}
 	defer c.provider.Close()
 
-	tarReader := tar.NewReader(r)
+	tarReader := tar.NewReader(r.Content)
 
 	// if we got here we have exactly one file in the TAR-stream
 	// so we advance the index by one so the next call to Read will start reading it
@@ -630,7 +643,7 @@ func (c *DockerContainer) CopyFileFromContainer(ctx context.Context, filePath st
 	}
 
 	ret := &FileFromContainer{
-		underlying: &r,
+		underlying: &r.Content,
 		tarreader:  tarReader,
 	}
 
@@ -658,7 +671,10 @@ func (c *DockerContainer) CopyDirToContainer(ctx context.Context, hostDirPath st
 	// create the directory under its parent
 	parent := filepath.Dir(containerParentPath)
 
-	err = c.provider.client.CopyToContainer(ctx, c.ID, parent, buff, container.CopyToContainerOptions{})
+	_, err = c.provider.client.CopyToContainer(ctx, c.ID, client.CopyToContainerOptions{
+		DestinationPath: parent,
+		Content:         buff,
+	})
 	if err != nil {
 		return err
 	}
@@ -716,7 +732,10 @@ func (c *DockerContainer) copyToContainer(ctx context.Context, fileContent func(
 		return err
 	}
 
-	err = c.provider.client.CopyToContainer(ctx, c.ID, "/", buffer, container.CopyToContainerOptions{})
+	_, err = c.provider.client.CopyToContainer(ctx, c.ID, client.CopyToContainerOptions{
+		DestinationPath: "/",
+		Content:         buffer,
+	})
 	if err != nil {
 		return err
 	}
@@ -817,7 +836,7 @@ func (c *DockerContainer) logProducer(stdout, stderr io.Writer) {
 	defer c.provider.Close()
 
 	// Setup the log options, start from the beginning.
-	options := &container.LogsOptions{
+	options := &client.ContainerLogsOptions{
 		ShowStdout: true,
 		ShowStderr: true,
 		Follow:     true,
@@ -831,7 +850,7 @@ func (c *DockerContainer) logProducer(stdout, stderr io.Writer) {
 
 // copyLogsTimeout copies logs from the container to stdout and stderr with a timeout.
 // It returns true if the log production should be retried, false otherwise.
-func (c *DockerContainer) copyLogsTimeout(stdout, stderr io.Writer, options *container.LogsOptions) bool {
+func (c *DockerContainer) copyLogsTimeout(stdout, stderr io.Writer, options *client.ContainerLogsOptions) bool {
 	timeoutCtx, cancel := context.WithTimeout(c.logProductionCtx, *c.logProductionTimeout)
 	defer cancel()
 
@@ -858,7 +877,7 @@ func (c *DockerContainer) copyLogsTimeout(stdout, stderr io.Writer, options *con
 }
 
 // copyLogs copies logs from the container to stdout and stderr.
-func (c *DockerContainer) copyLogs(ctx context.Context, stdout, stderr io.Writer, options container.LogsOptions) error {
+func (c *DockerContainer) copyLogs(ctx context.Context, stdout, stderr io.Writer, options client.ContainerLogsOptions) error {
 	rc, err := c.provider.client.ContainerLogs(ctx, c.GetContainerID(), options)
 	if err != nil {
 		return fmt.Errorf("container logs: %w", err)
@@ -966,7 +985,8 @@ func (n *DockerNetwork) Remove(ctx context.Context) error {
 
 	defer n.provider.Close()
 
-	return n.provider.client.NetworkRemove(ctx, n.ID)
+	_, err := n.provider.client.NetworkRemove(ctx, n.ID, client.NetworkRemoveOptions{})
+	return err
 }
 
 func (n *DockerNetwork) SetTerminationSignal(signal chan bool) {
@@ -1006,22 +1026,22 @@ var _ ContainerProvider = (*DockerProvider)(nil)
 
 // BuildImage will build and image from context and Dockerfile, then return the tag
 func (p *DockerProvider) BuildImage(ctx context.Context, img ImageBuildInfo) (string, error) {
-	var buildOptions build.ImageBuildOptions
+	var buildOptions client.ImageBuildOptions
 	resp, err := backoff.RetryNotifyWithData(
-		func() (build.ImageBuildResponse, error) {
+		func() (client.ImageBuildResult, error) {
 			var err error
 			buildOptions, err = img.BuildOptions()
 			if err != nil {
-				return build.ImageBuildResponse{}, backoff.Permanent(fmt.Errorf("build options: %w", err))
+				return client.ImageBuildResult{}, backoff.Permanent(fmt.Errorf("build options: %w", err))
 			}
 			defer tryClose(buildOptions.Context) // release resources in any case
 
 			resp, err := p.client.ImageBuild(ctx, buildOptions.Context, buildOptions)
 			if err != nil {
 				if isPermanentClientError(err) {
-					return build.ImageBuildResponse{}, backoff.Permanent(fmt.Errorf("build image: %w", err))
+					return client.ImageBuildResult{}, backoff.Permanent(fmt.Errorf("build image: %w", err))
 				}
-				return build.ImageBuildResponse{}, err
+				return client.ImageBuildResult{}, err
 			}
 			defer p.Close()
 
@@ -1037,13 +1057,10 @@ func (p *DockerProvider) BuildImage(ctx context.Context, img ImageBuildInfo) (st
 	}
 	defer resp.Body.Close()
 
-	output := img.BuildLogWriter()
-
 	// Always process the output, even if it is not printed
 	// to ensure that errors during the build process are
 	// correctly handled.
-	termFd, isTerm := term.GetFdInfo(output)
-	if err = jsonmessage.DisplayJSONMessagesStream(resp.Body, output, termFd, isTerm, nil); err != nil {
+	if err = jsonmessage.DisplayStream(resp.Body, img.BuildLogWriter()); err != nil {
 		return "", fmt.Errorf("build image: %w", err)
 	}
 
@@ -1155,8 +1172,11 @@ func (p *DockerProvider) CreateContainer(ctx context.Context, req ContainerReque
 		}
 
 		if shouldPullImage {
-			pullOpt := image.PullOptions{
-				Platform: req.ImagePlatform, // may be empty
+			pullOpt := client.ImagePullOptions{}
+			if req.ImagePlatform != "" {
+				if pf, err := platforms.Parse(req.ImagePlatform); err == nil {
+					pullOpt.Platforms = append(pullOpt.Platforms, pf)
+				}
 			}
 			if err := p.attemptToPullImage(ctx, imageName, pullOpt); err != nil {
 				return nil, err
@@ -1228,7 +1248,13 @@ func (p *DockerProvider) CreateContainer(ctx context.Context, req ContainerReque
 		return nil, err
 	}
 
-	resp, err := p.client.ContainerCreate(ctx, dockerInput, hostConfig, networkingConfig, platform, req.Name)
+	resp, err := p.client.ContainerCreate(ctx, client.ContainerCreateOptions{
+		Config:           dockerInput,
+		HostConfig:       hostConfig,
+		NetworkingConfig: networkingConfig,
+		Platform:         platform,
+		Name:             req.Name,
+	})
 	if err != nil {
 		return nil, fmt.Errorf("container create: %w", err)
 	}
@@ -1243,7 +1269,10 @@ func (p *DockerProvider) CreateContainer(ctx context.Context, req ContainerReque
 				endpointSetting := network.EndpointSettings{
 					Aliases: req.NetworkAliases[n],
 				}
-				err = p.client.NetworkConnect(ctx, nw.ID, resp.ID, &endpointSetting)
+				_, err = p.client.NetworkConnect(ctx, nw.ID, client.NetworkConnectOptions{
+					Container:      resp.ID,
+					EndpointConfig: &endpointSetting,
+				})
 				if err != nil {
 					return nil, fmt.Errorf("network connect: %w", err)
 				}
@@ -1288,15 +1317,17 @@ func (p *DockerProvider) findContainerByName(ctx context.Context, name string) (
 	}
 
 	// Note that, 'name' filter will use regex to find the containers
-	filter := filters.NewArgs(filters.Arg("name", fmt.Sprintf("^%s$", name)))
-	containers, err := p.client.ContainerList(ctx, container.ListOptions{All: true, Filters: filter})
+	containers, err := p.client.ContainerList(ctx, client.ContainerListOptions{
+		All:     true,
+		Filters: make(client.Filters).Add("name", fmt.Sprintf("^%s$", name)),
+	})
 	if err != nil {
 		return nil, fmt.Errorf("container list: %w", err)
 	}
 	defer p.Close()
 
-	if len(containers) > 0 {
-		return &containers[0], nil
+	if len(containers.Items) > 0 {
+		return &containers.Items[0], nil
 	}
 	return nil, nil
 }
@@ -1400,10 +1431,10 @@ func (p *DockerProvider) ReuseOrCreateContainer(ctx context.Context, req Contain
 	// a paused container. The Docker Engine returns the "cannot start a paused container,
 	// try unpause instead" error.
 	switch dcState.Status {
-	case "running":
+	case container.StateRunning:
 		// cannot re-start a running container, but we still need
 		// to call the startup hooks.
-	case "paused":
+	case container.StatePaused:
 		// TODO: we should unpause the container here.
 		return nil, fmt.Errorf("cannot start a paused container: %w", errors.ErrUnsupported)
 	default:
@@ -1417,7 +1448,7 @@ func (p *DockerProvider) ReuseOrCreateContainer(ctx context.Context, req Contain
 		return nil, err
 	}
 
-	dc.isRunning = true
+	dc.isRunning.Store(true)
 
 	err = dc.readiedHook(ctx)
 	if err != nil {
@@ -1429,17 +1460,16 @@ func (p *DockerProvider) ReuseOrCreateContainer(ctx context.Context, req Contain
 
 // attemptToPullImage tries to pull the image while respecting the ctx cancellations.
 // Besides, if the image cannot be pulled due to ErrorNotFound then no need to retry but terminate immediately.
-func (p *DockerProvider) attemptToPullImage(ctx context.Context, tag string, pullOpt image.PullOptions) error {
+func (p *DockerProvider) attemptToPullImage(ctx context.Context, tag string, pullOpt client.ImagePullOptions) error {
 	registry, imageAuth, err := DockerImageAuth(ctx, tag)
 	if err != nil {
 		p.Logger.Printf("No image auth found for %s. Setting empty credentials for the image: %s. This is expected for public images. Details: %s", registry, tag, err)
 	} else {
 		// see https://github.com/docker/docs/blob/e8e1204f914767128814dca0ea008644709c117f/engine/api/sdk/examples.md?plain=1#L649-L657
-		encodedJSON, err := json.Marshal(imageAuth)
-		if err != nil {
+		if encodedAuth, err := authconfig.Encode(imageAuth); err != nil {
 			p.Logger.Printf("Failed to marshal image auth. Setting empty credentials for the image: %s. Error is: %s", tag, err)
 		} else {
-			pullOpt.RegistryAuth = base64.URLEncoding.EncodeToString(encodedJSON)
+			pullOpt.RegistryAuth = encodedAuth
 		}
 	}
 
@@ -1475,7 +1505,7 @@ func (p *DockerProvider) attemptToPullImage(ctx context.Context, tag string, pul
 // Health measure the healthiness of the provider. Right now we leverage the
 // docker-client Info endpoint to see if the daemon is reachable.
 func (p *DockerProvider) Health(ctx context.Context) error {
-	_, err := p.client.Info(ctx)
+	_, err := p.client.Info(ctx, client.InfoOptions{})
 	defer p.Close()
 
 	return err
@@ -1577,7 +1607,7 @@ func (p *DockerProvider) CreateNetwork(ctx context.Context, req NetworkRequest)
 		req.Labels = make(map[string]string)
 	}
 
-	nc := network.CreateOptions{
+	nc := client.NetworkCreateOptions{
 		Driver:     req.Driver,
 		Internal:   req.Internal,
 		EnableIPv6: req.EnableIPv6,
@@ -1629,14 +1659,14 @@ func (p *DockerProvider) CreateNetwork(ctx context.Context, req NetworkRequest)
 
 // GetNetwork returns the object representing the network identified by its name
 func (p *DockerProvider) GetNetwork(ctx context.Context, req NetworkRequest) (network.Inspect, error) {
-	networkResource, err := p.client.NetworkInspect(ctx, req.Name, network.InspectOptions{
+	networkResource, err := p.client.NetworkInspect(ctx, req.Name, client.NetworkInspectOptions{
 		Verbose: true,
 	})
 	if err != nil {
 		return network.Inspect{}, err
 	}
 
-	return networkResource, err
+	return networkResource.Network, err
 }
 
 func (p *DockerProvider) GetGatewayIP(ctx context.Context) (string, error) {
@@ -1656,8 +1686,8 @@ func (p *DockerProvider) getGatewayIP(ctx context.Context, defaultNetwork string
 
 	var ip string
 	for _, cfg := range nw.IPAM.Config {
-		if cfg.Gateway != "" {
-			ip = cfg.Gateway
+		if cfg.Gateway.IsValid() {
+			ip = cfg.Gateway.String()
 			break
 		}
 	}
@@ -1683,7 +1713,7 @@ func (p *DockerProvider) ensureDefaultNetworkLocked(ctx context.Context) (string
 		return p.defaultNetwork, nil
 	}
 
-	networkResources, err := p.client.NetworkList(ctx, network.ListOptions{})
+	networkResources, err := p.client.NetworkList(ctx, client.NetworkListOptions{})
 	if err != nil {
 		return "", fmt.Errorf("network list: %w", err)
 	}
@@ -1691,8 +1721,8 @@ func (p *DockerProvider) ensureDefaultNetworkLocked(ctx context.Context) (string
 	// TODO: remove once we have docker context support via #2810
 	// Prefer the default bridge network if it exists.
 	// This makes the results stable as network list order is not guaranteed.
-	for _, net := range networkResources {
-		switch net.Name {
+	for _, nw := range networkResources.Items {
+		switch nw.Name {
 		case p.defaultBridgeNetworkName:
 			p.defaultNetwork = p.defaultBridgeNetworkName
 			return p.defaultNetwork, nil
@@ -1706,7 +1736,7 @@ func (p *DockerProvider) ensureDefaultNetworkLocked(ctx context.Context) (string
 	}
 
 	// Create a bridge network for the container communications.
-	_, err = p.client.NetworkCreate(ctx, ReaperDefault, network.CreateOptions{
+	_, err = p.client.NetworkCreate(ctx, ReaperDefault, client.NetworkCreateOptions{
 		Driver:     Bridge,
 		Attachable: true,
 		Labels:     GenericLabels(),
@@ -1736,7 +1766,6 @@ func (p *DockerProvider) ContainerFromType(ctx context.Context, response contain
 		Image:         response.Image,
 		imageWasBuilt: false,
 		sessionID:     response.Labels[core.LabelSessionID],
-		isRunning:     response.State == "running",
 		exposedPorts:  exposedPorts,
 		provider:      p,
 		logger:        p.Logger,
@@ -1744,6 +1773,7 @@ func (p *DockerProvider) ContainerFromType(ctx context.Context, response contain
 			DefaultLoggingHook(p.Logger),
 		},
 	}
+	ctr.isRunning.Store(response.State == "running")
 
 	if err = ctr.connectReaper(ctx); err != nil {
 		return nil, err
@@ -1755,14 +1785,14 @@ func (p *DockerProvider) ContainerFromType(ctx context.Context, response contain
 	}(ctr)
 
 	// populate the raw representation of the container
-	jsonRaw, err := ctr.inspectRawContainer(ctx)
+	resp, err := ctr.inspectRawContainer(ctx)
 	if err != nil {
 		// Return the container to allow caller to clean up.
 		return ctr, fmt.Errorf("inspect raw container: %w", err)
 	}
 
 	// the health status of the container, if any
-	if health := jsonRaw.State.Health; health != nil {
+	if health := resp.Container.State.Health; health != nil {
 		ctr.healthStatus = health.Status
 	}
 
@@ -1774,12 +1804,12 @@ func (p *DockerProvider) ContainerFromType(ctx context.Context, response contain
 func (p *DockerProvider) ListImages(ctx context.Context) ([]ImageInfo, error) {
 	images := []ImageInfo{}
 
-	imageList, err := p.client.ImageList(ctx, image.ListOptions{})
+	imageList, err := p.client.ImageList(ctx, client.ImageListOptions{})
 	if err != nil {
 		return images, fmt.Errorf("listing images %w", err)
 	}
 
-	for _, img := range imageList {
+	for _, img := range imageList.Items {
 		for _, tag := range img.RepoTags {
 			images = append(images, ImageInfo{ID: img.ID, Name: tag})
 		}
@@ -1838,7 +1868,7 @@ func SaveDockerImageWithPlatforms(platforms ...specs.Platform) SaveImageOption {
 
 // PullImage pulls image from registry
 func (p *DockerProvider) PullImage(ctx context.Context, img string) error {
-	return p.attemptToPullImage(ctx, img, image.PullOptions{})
+	return p.attemptToPullImage(ctx, img, client.ImagePullOptions{})
 }
 
 var permanentClientErrors = []func(error) bool{
diff --git a/vendor/github.com/testcontainers/testcontainers-go/docker_auth.go b/vendor/github.com/testcontainers/testcontainers-go/docker_auth.go
index 6472a9738e..eaa313f957 100644
--- a/vendor/github.com/testcontainers/testcontainers-go/docker_auth.go
+++ b/vendor/github.com/testcontainers/testcontainers-go/docker_auth.go
@@ -14,7 +14,8 @@ import (
 	"sync"
 
 	"github.com/cpuguy83/dockercfg"
-	"github.com/docker/docker/api/types/registry"
+	"github.com/moby/moby/api/types/registry"
+	"github.com/moby/moby/client"
 
 	"github.com/testcontainers/testcontainers-go/internal/core"
 )
@@ -87,18 +88,18 @@ func getRegistryAuth(reg string, cfgs map[string]registry.AuthConfig) (registry.
 // It will use the docker daemon to get the default registry, returning "https://index.docker.io/v1/" if
 // it fails to get the information from the daemon
 func defaultRegistry(ctx context.Context) string {
-	client, err := NewDockerClientWithOpts(ctx)
+	apiClient, err := NewDockerClientWithOpts(ctx)
 	if err != nil {
 		return core.IndexDockerIO
 	}
-	defer client.Close()
+	defer apiClient.Close()
 
-	info, err := client.Info(ctx)
+	info, err := apiClient.Info(ctx, client.InfoOptions{})
 	if err != nil {
 		return core.IndexDockerIO
 	}
 
-	return info.IndexServerAddress
+	return info.Info.IndexServerAddress
 }
 
 // authConfigResult is a result looking up auth details for key.
@@ -205,7 +206,6 @@ func getDockerAuthConfigs() (map[string]registry.AuthConfig, error) {
 
 			ac := registry.AuthConfig{
 				Auth:          v.Auth,
-				Email:         v.Email,
 				IdentityToken: v.IdentityToken,
 				Password:      v.Password,
 				RegistryToken: v.RegistryToken,
diff --git a/vendor/github.com/testcontainers/testcontainers-go/docker_client.go b/vendor/github.com/testcontainers/testcontainers-go/docker_client.go
index ea6522406e..ae4ff511dd 100644
--- a/vendor/github.com/testcontainers/testcontainers-go/docker_client.go
+++ b/vendor/github.com/testcontainers/testcontainers-go/docker_client.go
@@ -6,11 +6,7 @@ import (
 	"strings"
 	"sync"
 
-	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/api/types/events"
-	"github.com/docker/docker/api/types/registry"
-	"github.com/docker/docker/api/types/system"
-	"github.com/docker/docker/client"
+	"github.com/moby/moby/client"
 
 	"github.com/testcontainers/testcontainers-go/internal"
 	"github.com/testcontainers/testcontainers-go/internal/core"
@@ -25,7 +21,7 @@ type DockerClient struct {
 
 var (
 	// dockerInfo stores the docker info to be reused in the Info method
-	dockerInfo     system.Info
+	dockerInfo     client.SystemInfoResult
 	dockerInfoSet  bool
 	dockerInfoLock sync.Mutex
 )
@@ -34,25 +30,25 @@ var (
 var _ client.SystemAPIClient = &DockerClient{}
 
 // Events returns a channel to listen to events that happen to the docker daemon.
-func (c *DockerClient) Events(ctx context.Context, options events.ListOptions) (<-chan events.Message, <-chan error) {
+func (c *DockerClient) Events(ctx context.Context, options client.EventsListOptions) client.EventsResult {
 	return c.Client.Events(ctx, options)
 }
 
 // Info returns information about the docker server. The result of Info is cached
 // and reused every time Info is called.
 // It will also print out the docker server info, and the resolved Docker paths, to the default logger.
-func (c *DockerClient) Info(ctx context.Context) (system.Info, error) {
+func (c *DockerClient) Info(ctx context.Context, options client.InfoOptions) (client.SystemInfoResult, error) {
 	dockerInfoLock.Lock()
 	defer dockerInfoLock.Unlock()
 	if dockerInfoSet {
 		return dockerInfo, nil
 	}
 
-	info, err := c.Client.Info(ctx)
+	res, err := c.Client.Info(ctx, options)
 	if err != nil {
-		return info, fmt.Errorf("failed to retrieve docker info: %w", err)
+		return res, fmt.Errorf("failed to retrieve docker info: %w", err)
 	}
-	dockerInfo = info
+	dockerInfo = res
 	dockerInfoSet = true
 
 	infoMessage := `%v - Connected to docker: 
@@ -67,23 +63,27 @@ func (c *DockerClient) Info(ctx context.Context) (system.Info, error) {
   Test ProcessID: %s
 `
 	infoLabels := ""
-	if len(dockerInfo.Labels) > 0 {
+	if len(dockerInfo.Info.Labels) > 0 {
 		infoLabels = `
   Labels:`
 		var infoLabelsSb72 strings.Builder
-		for _, lb := range dockerInfo.Labels {
+		for _, lb := range dockerInfo.Info.Labels {
 			infoLabelsSb72.WriteString("\n    " + lb)
 		}
 		infoLabels += infoLabelsSb72.String()
 	}
 
+	host, err := core.ExtractDockerHost(ctx)
+	if err != nil {
+		return dockerInfo, err
+	}
 	log.Printf(infoMessage, packagePath,
-		dockerInfo.ServerVersion,
+		dockerInfo.Info.ServerVersion,
 		c.ClientVersion(),
-		dockerInfo.OperatingSystem, dockerInfo.MemTotal/1024/1024,
+		dockerInfo.Info.OperatingSystem, dockerInfo.Info.MemTotal/1024/1024,
 		infoLabels,
 		internal.Version,
-		core.MustExtractDockerHost(ctx),
+		host,
 		core.MustExtractDockerSocket(ctx),
 		core.SessionID(),
 		core.ProcessID(),
@@ -93,18 +93,18 @@ func (c *DockerClient) Info(ctx context.Context) (system.Info, error) {
 }
 
 // RegistryLogin logs into a Docker registry.
-func (c *DockerClient) RegistryLogin(ctx context.Context, auth registry.AuthConfig) (registry.AuthenticateOKBody, error) {
-	return c.Client.RegistryLogin(ctx, auth)
+func (c *DockerClient) RegistryLogin(ctx context.Context, options client.RegistryLoginOptions) (client.RegistryLoginResult, error) {
+	return c.Client.RegistryLogin(ctx, options)
 }
 
 // DiskUsage returns the disk usage of all images.
-func (c *DockerClient) DiskUsage(ctx context.Context, options types.DiskUsageOptions) (types.DiskUsage, error) {
+func (c *DockerClient) DiskUsage(ctx context.Context, options client.DiskUsageOptions) (client.DiskUsageResult, error) {
 	return c.Client.DiskUsage(ctx, options)
 }
 
 // Ping pings the docker server.
-func (c *DockerClient) Ping(ctx context.Context) (types.Ping, error) {
-	return c.Client.Ping(ctx)
+func (c *DockerClient) Ping(ctx context.Context, options client.PingOptions) (client.PingResult, error) {
+	return c.Client.Ping(ctx, options)
 }
 
 // Deprecated: Use NewDockerClientWithOpts instead.
@@ -127,18 +127,18 @@ func NewDockerClientWithOpts(ctx context.Context, opt ...client.Opt) (*DockerCli
 		Client: dockerClient,
 	}
 
-	if _, err = tcClient.Info(ctx); err != nil {
+	if _, err = tcClient.Info(ctx, client.InfoOptions{}); err != nil {
 		// Fallback to environment, including the original options
 		if len(opt) == 0 {
-			opt = []client.Opt{client.FromEnv, client.WithAPIVersionNegotiation()}
+			opt = []client.Opt{client.FromEnv}
 		}
 
-		dockerClient, err := client.NewClientWithOpts(opt...)
+		apiClient, err := client.New(opt...)
 		if err != nil {
 			return nil, err
 		}
 
-		tcClient.Client = dockerClient
+		tcClient.Client = apiClient
 	}
 	defer tcClient.Close()
 
diff --git a/vendor/github.com/testcontainers/testcontainers-go/docker_mounts.go b/vendor/github.com/testcontainers/testcontainers-go/docker_mounts.go
index 9609d92caa..5d654b9a60 100644
--- a/vendor/github.com/testcontainers/testcontainers-go/docker_mounts.go
+++ b/vendor/github.com/testcontainers/testcontainers-go/docker_mounts.go
@@ -4,7 +4,7 @@ import (
 	"errors"
 	"path/filepath"
 
-	"github.com/docker/docker/api/types/mount"
+	"github.com/moby/moby/api/types/mount"
 
 	"github.com/testcontainers/testcontainers-go/log"
 )
diff --git a/vendor/github.com/testcontainers/testcontainers-go/exec/processor.go b/vendor/github.com/testcontainers/testcontainers-go/exec/processor.go
index 36f1db1cff..072c7512ee 100644
--- a/vendor/github.com/testcontainers/testcontainers-go/exec/processor.go
+++ b/vendor/github.com/testcontainers/testcontainers-go/exec/processor.go
@@ -6,13 +6,13 @@ import (
 	"io"
 	"sync"
 
-	"github.com/docker/docker/api/types/container"
-	"github.com/docker/docker/pkg/stdcopy"
+	"github.com/moby/moby/api/pkg/stdcopy"
+	"github.com/moby/moby/client"
 )
 
 // ProcessOptions defines options applicable to the reader processor
 type ProcessOptions struct {
-	ExecConfig container.ExecOptions
+	ExecConfig client.ExecCreateOptions
 	Reader     io.Reader
 }
 
@@ -23,7 +23,7 @@ type ProcessOptions struct {
 // - attach stderr: true
 func NewProcessOptions(cmd []string) *ProcessOptions {
 	return &ProcessOptions{
-		ExecConfig: container.ExecOptions{
+		ExecConfig: client.ExecCreateOptions{
 			Cmd:          cmd,
 			AttachStdout: true,
 			AttachStderr: true,
diff --git a/vendor/github.com/testcontainers/testcontainers-go/generate.go b/vendor/github.com/testcontainers/testcontainers-go/generate.go
index 19ae49695d..c1c5c5fd97 100644
--- a/vendor/github.com/testcontainers/testcontainers-go/generate.go
+++ b/vendor/github.com/testcontainers/testcontainers-go/generate.go
@@ -1,3 +1,4 @@
 package testcontainers
 
 //go:generate mockery
+//go:generate gci write -s standard -s default -s prefix(github.com/testcontainers) .
diff --git a/vendor/github.com/testcontainers/testcontainers-go/image.go b/vendor/github.com/testcontainers/testcontainers-go/image.go
index 11154d8625..38557e7706 100644
--- a/vendor/github.com/testcontainers/testcontainers-go/image.go
+++ b/vendor/github.com/testcontainers/testcontainers-go/image.go
@@ -3,7 +3,7 @@ package testcontainers
 import (
 	"context"
 
-	"github.com/docker/docker/client"
+	"github.com/moby/moby/client"
 )
 
 // ImageInfo represents summary information of an image
diff --git a/vendor/github.com/testcontainers/testcontainers-go/internal/core/client.go b/vendor/github.com/testcontainers/testcontainers-go/internal/core/client.go
index 04a54bcbc5..795e6640c6 100644
--- a/vendor/github.com/testcontainers/testcontainers-go/internal/core/client.go
+++ b/vendor/github.com/testcontainers/testcontainers-go/internal/core/client.go
@@ -4,7 +4,7 @@ import (
 	"context"
 	"path/filepath"
 
-	"github.com/docker/docker/client"
+	"github.com/moby/moby/client"
 
 	"github.com/testcontainers/testcontainers-go/internal"
 	"github.com/testcontainers/testcontainers-go/internal/config"
@@ -12,11 +12,14 @@ import (
 
 // NewClient returns a new docker client extracting the docker host from the different alternatives
 func NewClient(ctx context.Context, ops ...client.Opt) (*client.Client, error) {
+	dockerHost, err := ExtractDockerHost(ctx)
+	if err != nil {
+		return nil, err
+	}
+
 	tcConfig := config.Read()
 
-	dockerHost := MustExtractDockerHost(ctx)
-
-	opts := []client.Opt{client.FromEnv, client.WithAPIVersionNegotiation()}
+	opts := []client.Opt{client.FromEnv}
 	if dockerHost != "" {
 		opts = append(opts, client.WithHost(dockerHost))
 
@@ -41,7 +44,7 @@ func NewClient(ctx context.Context, ops ...client.Opt) (*client.Client, error) {
 	// passed options have priority over the default ones
 	opts = append(opts, ops...)
 
-	cli, err := client.NewClientWithOpts(opts...)
+	cli, err := client.New(opts...)
 	if err != nil {
 		return nil, err
 	}
diff --git a/vendor/github.com/testcontainers/testcontainers-go/internal/core/docker_host.go b/vendor/github.com/testcontainers/testcontainers-go/internal/core/docker_host.go
index 73ff0a9776..fbb2e2b059 100644
--- a/vendor/github.com/testcontainers/testcontainers-go/internal/core/docker_host.go
+++ b/vendor/github.com/testcontainers/testcontainers-go/internal/core/docker_host.go
@@ -9,7 +9,7 @@ import (
 	"strings"
 	"sync"
 
-	"github.com/docker/docker/client"
+	"github.com/moby/moby/client"
 
 	"github.com/testcontainers/testcontainers-go/internal/config"
 )
@@ -31,8 +31,9 @@ var (
 )
 
 var (
-	dockerHostCache string
-	dockerHostOnce  sync.Once
+	dockerHostCache    string
+	dockerHostErrCache error
+	dockerHostOnce     sync.Once
 )
 
 var (
@@ -59,13 +60,13 @@ func DefaultGatewayIP() (string, error) {
 // dockerHostCheck Use a vanilla Docker client to check if the Docker host is reachable.
 // It will avoid recursive calls to this function.
 var dockerHostCheck = func(ctx context.Context, host string) error {
-	cli, err := client.NewClientWithOpts(client.FromEnv, client.WithHost(host), client.WithAPIVersionNegotiation())
+	cli, err := client.New(client.FromEnv, client.WithHost(host))
 	if err != nil {
 		return fmt.Errorf("new client: %w", err)
 	}
 	defer cli.Close()
 
-	_, err = cli.Info(ctx)
+	_, err = cli.Info(ctx, client.InfoOptions{})
 	if err != nil {
 		return fmt.Errorf("docker info: %w", err)
 	}
@@ -85,16 +86,18 @@ var dockerHostCheck = func(ctx context.Context, host string) error {
 //  6. Rootless docker socket path.
 //  7. Else, because the Docker host is not set, it panics.
 func MustExtractDockerHost(ctx context.Context) string {
+	host, err := ExtractDockerHost(ctx)
+	if err != nil {
+		panic(err)
+	}
+	return host
+}
+
+func ExtractDockerHost(ctx context.Context) (string, error) {
 	dockerHostOnce.Do(func() {
-		cache, err := extractDockerHost(ctx)
-		if err != nil {
-			panic(err)
-		}
-
-		dockerHostCache = cache
+		dockerHostCache, dockerHostErrCache = extractDockerHost(ctx)
 	})
-
-	return dockerHostCache
+	return dockerHostCache, dockerHostErrCache
 }
 
 // MustExtractDockerSocket Extracts the docker socket from the different alternatives, removing the socket schema and
@@ -198,13 +201,13 @@ func extractDockerSocketFromClient(ctx context.Context, cli client.APIClient) st
 		return checkDockerSocketFn(testcontainersDockerSocket)
 	}
 
-	info, err := cli.Info(ctx)
+	info, err := cli.Info(ctx, client.InfoOptions{})
 	if err != nil {
 		panic(err) // Docker Info is required to get the Operating System
 	}
 
 	// Because Docker Desktop runs in a VM, we need to use the default docker path for rootless docker
-	if info.OperatingSystem == "Docker Desktop" {
+	if info.Info.OperatingSystem == "Docker Desktop" {
 		if IsWindows() {
 			return WindowsDockerSocketPath
 		}
diff --git a/vendor/github.com/testcontainers/testcontainers-go/internal/core/docker_socket.go b/vendor/github.com/testcontainers/testcontainers-go/internal/core/docker_socket.go
index b0c0c8481b..d34929014a 100644
--- a/vendor/github.com/testcontainers/testcontainers-go/internal/core/docker_socket.go
+++ b/vendor/github.com/testcontainers/testcontainers-go/internal/core/docker_socket.go
@@ -4,7 +4,7 @@ import (
 	"net/url"
 	"strings"
 
-	"github.com/docker/docker/client"
+	"github.com/moby/moby/client"
 )
 
 // DockerSocketSchema is the unix schema.
diff --git a/vendor/github.com/testcontainers/testcontainers-go/internal/core/labels.go b/vendor/github.com/testcontainers/testcontainers-go/internal/core/labels.go
index 198fdae7c8..fdfee742f9 100644
--- a/vendor/github.com/testcontainers/testcontainers-go/internal/core/labels.go
+++ b/vendor/github.com/testcontainers/testcontainers-go/internal/core/labels.go
@@ -62,11 +62,11 @@ func MergeCustomLabels(dst, src map[string]string) error {
 	if dst == nil {
 		return errors.New("destination map is nil")
 	}
-	for key, value := range src {
+	for key := range src {
 		if strings.HasPrefix(key, LabelBase) {
 			return fmt.Errorf("key %q has %q prefix", key, LabelBase)
 		}
-		dst[key] = value
 	}
+	maps.Copy(dst, src)
 	return nil
 }
diff --git a/vendor/github.com/testcontainers/testcontainers-go/internal/core/network/network.go b/vendor/github.com/testcontainers/testcontainers-go/internal/core/network/network.go
index 787065aec9..55081b3fb3 100644
--- a/vendor/github.com/testcontainers/testcontainers-go/internal/core/network/network.go
+++ b/vendor/github.com/testcontainers/testcontainers-go/internal/core/network/network.go
@@ -4,8 +4,8 @@ import (
 	"context"
 	"fmt"
 
-	"github.com/docker/docker/api/types/filters"
-	"github.com/docker/docker/api/types/network"
+	"github.com/moby/moby/api/types/network"
+	"github.com/moby/moby/client"
 
 	"github.com/testcontainers/testcontainers-go/internal/core"
 )
@@ -19,17 +19,17 @@ const (
 )
 
 // Get returns a network by its ID.
-func Get(ctx context.Context, id string) (network.Inspect, error) {
+func Get(ctx context.Context, id string) (network.Summary, error) {
 	return get(ctx, FilterByID, id)
 }
 
 // GetByName returns a network by its name.
-func GetByName(ctx context.Context, name string) (network.Inspect, error) {
+func GetByName(ctx context.Context, name string) (network.Summary, error) {
 	return get(ctx, FilterByName, name)
 }
 
-func get(ctx context.Context, filter string, value string) (network.Inspect, error) {
-	var nw network.Inspect // initialize to the zero value
+func get(ctx context.Context, filter string, value string) (network.Summary, error) {
+	var nw network.Summary // initialize to the zero value
 
 	cli, err := core.NewClient(ctx)
 	if err != nil {
@@ -37,16 +37,16 @@ func get(ctx context.Context, filter string, value string) (network.Inspect, err
 	}
 	defer cli.Close()
 
-	list, err := cli.NetworkList(ctx, network.ListOptions{
-		Filters: filters.NewArgs(filters.Arg(filter, value)),
+	list, err := cli.NetworkList(ctx, client.NetworkListOptions{
+		Filters: make(client.Filters).Add(filter, value),
 	})
 	if err != nil {
 		return nw, fmt.Errorf("failed to list networks: %w", err)
 	}
 
-	if len(list) == 0 {
+	if len(list.Items) == 0 {
 		return nw, fmt.Errorf("network %s not found (filtering by %s)", value, filter)
 	}
 
-	return list[0], nil
+	return list.Items[0], nil
 }
diff --git a/vendor/github.com/testcontainers/testcontainers-go/internal/version.go b/vendor/github.com/testcontainers/testcontainers-go/internal/version.go
index 295c1a6a77..ebe1f04371 100644
--- a/vendor/github.com/testcontainers/testcontainers-go/internal/version.go
+++ b/vendor/github.com/testcontainers/testcontainers-go/internal/version.go
@@ -1,4 +1,4 @@
 package internal
 
 // Version is the next development version of the application
-const Version = "0.41.0"
+const Version = "0.42.0"
diff --git a/vendor/github.com/testcontainers/testcontainers-go/lifecycle.go b/vendor/github.com/testcontainers/testcontainers-go/lifecycle.go
index 7aedd54f56..90516df78e 100644
--- a/vendor/github.com/testcontainers/testcontainers-go/lifecycle.go
+++ b/vendor/github.com/testcontainers/testcontainers-go/lifecycle.go
@@ -9,9 +9,8 @@ import (
 	"strings"
 	"time"
 
-	"github.com/docker/docker/api/types/container"
-	"github.com/docker/docker/api/types/network"
-	"github.com/docker/go-connections/nat"
+	"github.com/moby/moby/api/types/container"
+	"github.com/moby/moby/api/types/network"
 
 	"github.com/testcontainers/testcontainers-go/log"
 )
@@ -233,7 +232,7 @@ var defaultReadinessHook = func() ContainerLifecycleHooks {
 					}
 				}
 
-				dockerContainer.isRunning = true
+				dockerContainer.isRunning.Store(true)
 
 				return nil
 			},
@@ -522,32 +521,29 @@ func (p *DockerProvider) preCreateContainerHook(ctx context.Context, req Contain
 
 	networkingConfig.EndpointsConfig = endpointSettings
 
+	// Expose ports automatically if the container request exposes zero ports and the container
+	// does not run in a container network. The NetworkMode check must be done after the pre-creation
+	// Modifiers are called, so the network mode is already set.
 	exposedPorts := req.ExposedPorts
-	// this check must be done after the pre-creation Modifiers are called, so the network mode is already set
 	if len(exposedPorts) == 0 && !hostConfig.NetworkMode.IsContainer() {
 		image, err := p.client.ImageInspect(ctx, dockerInput.Image)
 		if err != nil {
 			return err
 		}
-		for p := range image.Config.ExposedPorts {
-			exposedPorts = append(exposedPorts, string(p))
+
+		exposedPorts = exposedPorts[:0]
+		for port := range image.Config.ExposedPorts {
+			exposedPorts = append(exposedPorts, port)
 		}
 	}
 
-	exposedPortSet, exposedPortMap, err := nat.ParsePortSpecs(exposedPorts)
+	exposedPortSet, err := parseExposedPorts(exposedPorts)
 	if err != nil {
 		return err
 	}
 
 	dockerInput.ExposedPorts = exposedPortSet
-
-	// only exposing those ports automatically if the container request exposes zero ports and the container does not run in a container network
-	if len(exposedPorts) == 0 && !hostConfig.NetworkMode.IsContainer() {
-		hostConfig.PortBindings = exposedPortMap
-	} else {
-		hostConfig.PortBindings = mergePortBindings(hostConfig.PortBindings, exposedPortMap, req.ExposedPorts)
-	}
-
+	hostConfig.PortBindings = mergePortBindings(hostConfig.PortBindings, exposedPortSet)
 	return nil
 }
 
@@ -597,32 +593,57 @@ func combineContainerHooks(defaultHooks, userDefinedHooks []ContainerLifecycleHo
 	return hooks
 }
 
-func mergePortBindings(configPortMap, exposedPortMap nat.PortMap, exposedPorts []string) nat.PortMap {
-	if exposedPortMap == nil {
-		exposedPortMap = make(map[nat.Port][]nat.PortBinding)
-	}
+func parseExposedPorts(specs []string) (network.PortSet, error) {
+	exposed := make(network.PortSet, len(specs))
+	for _, s := range specs {
+		pr, err := network.ParsePortRange(s)
+		if err != nil {
+			return nil, fmt.Errorf("invalid exposed port %q: %w", s, err)
+		}
 
-	mappedPorts := make(map[string]struct{}, len(exposedPorts))
-	for _, p := range exposedPorts {
-		p = strings.Split(p, "/")[0]
-		mappedPorts[p] = struct{}{}
-	}
-
-	for k, v := range configPortMap {
-		if _, ok := mappedPorts[k.Port()]; ok {
-			exposedPortMap[k] = v
+		for p := range pr.All() {
+			exposed[p] = struct{}{}
 		}
 	}
+	return exposed, nil
+}
 
-	// Fix: Ensure that ports with empty HostPort get "0" for automatic allocation
-	// This fixes the UDP port binding issue where ports were getting HostPort:0 instead of being allocated
-	for k, v := range exposedPortMap {
-		for i := range v {
-			if v[i].HostPort == "" {
-				v[i].HostPort = "0" // Tell Docker to allocate a random port
+// mergePortBindings returns a PortMap for the given exposedPortSet.
+//
+// For each port in exposedPortSet, a binding is ensured:
+//   - If configPortMap contains bindings for that port, those bindings are used.
+//   - Otherwise, a default binding with HostPort "0" (ephemeral allocation)
+//     is assigned.
+//
+// Bindings for ports not present in exposedPortSet are not preserved.
+// Any binding with an empty HostPort is normalized to "0".
+//
+// TODO(thaJeztah): this logic seems the reverse of the docker CLI, which
+// exposes ports if the user requests a port-mapping (i.e., if a port-mapping
+// is requested, but not exposed, we map the port *and* add an entry to
+// ExposedPorts). The logic here is the reverse; any port "mapped" in
+// HostConfig.PortBindings is dropped if is not exposed.
+func mergePortBindings(configPortMap network.PortMap, exposedPortSet network.PortSet) network.PortMap {
+	if len(exposedPortSet) == 0 {
+		return network.PortMap{}
+	}
+
+	exposedPortMap := make(network.PortMap, len(exposedPortSet))
+	for p := range exposedPortSet {
+		bindings := configPortMap[p]
+		if len(bindings) == 0 {
+			exposedPortMap[p] = []network.PortBinding{{HostPort: "0"}}
+			continue
+		}
+
+		// Fix: Ensure that ports with empty HostPort get "0" for automatic allocation
+		// This fixes the UDP port binding issue where ports were getting HostPort:0 instead of being allocated
+		for i := range bindings {
+			if bindings[i].HostPort == "" {
+				bindings[i].HostPort = "0" // Tell Docker to allocate a random port
 			}
 		}
-		exposedPortMap[k] = v
+		exposedPortMap[p] = bindings
 	}
 
 	return exposedPortMap
diff --git a/vendor/github.com/testcontainers/testcontainers-go/mkdocs.yml b/vendor/github.com/testcontainers/testcontainers-go/mkdocs.yml
index e4e13b8093..b77c004fec 100644
--- a/vendor/github.com/testcontainers/testcontainers-go/mkdocs.yml
+++ b/vendor/github.com/testcontainers/testcontainers-go/mkdocs.yml
@@ -162,4 +162,4 @@ nav:
     - Getting help: getting_help.md
 edit_uri: edit/main/docs/
 extra:
-    latest_version: v0.41.0
+    latest_version: v0.42.0
diff --git a/vendor/github.com/testcontainers/testcontainers-go/modules/opensearch/opensearch.go b/vendor/github.com/testcontainers/testcontainers-go/modules/opensearch/opensearch.go
index 9b2b4b9260..71d0a96f56 100644
--- a/vendor/github.com/testcontainers/testcontainers-go/modules/opensearch/opensearch.go
+++ b/vendor/github.com/testcontainers/testcontainers-go/modules/opensearch/opensearch.go
@@ -7,8 +7,8 @@ import (
 	"io"
 	"time"
 
-	"github.com/docker/docker/api/types/container"
 	"github.com/docker/go-units"
+	"github.com/moby/moby/api/types/container"
 
 	"github.com/testcontainers/testcontainers-go"
 	"github.com/testcontainers/testcontainers-go/wait"
diff --git a/vendor/github.com/testcontainers/testcontainers-go/network.go b/vendor/github.com/testcontainers/testcontainers-go/network.go
index e0cc83f510..c5fa4eb526 100644
--- a/vendor/github.com/testcontainers/testcontainers-go/network.go
+++ b/vendor/github.com/testcontainers/testcontainers-go/network.go
@@ -3,7 +3,7 @@ package testcontainers
 import (
 	"context"
 
-	"github.com/docker/docker/api/types/network"
+	"github.com/moby/moby/api/types/network"
 
 	"github.com/testcontainers/testcontainers-go/internal/core"
 )
diff --git a/vendor/github.com/testcontainers/testcontainers-go/options.go b/vendor/github.com/testcontainers/testcontainers-go/options.go
index 6e5f455d87..4a629cbe31 100644
--- a/vendor/github.com/testcontainers/testcontainers-go/options.go
+++ b/vendor/github.com/testcontainers/testcontainers-go/options.go
@@ -9,8 +9,8 @@ import (
 	"time"
 
 	"dario.cat/mergo"
-	"github.com/docker/docker/api/types/container"
-	"github.com/docker/docker/api/types/network"
+	"github.com/moby/moby/api/types/container"
+	"github.com/moby/moby/api/types/network"
 
 	tcexec "github.com/testcontainers/testcontainers-go/exec"
 	"github.com/testcontainers/testcontainers-go/internal/core"
diff --git a/vendor/github.com/testcontainers/testcontainers-go/port_forwarding.go b/vendor/github.com/testcontainers/testcontainers-go/port_forwarding.go
index 6a3c623864..493a407155 100644
--- a/vendor/github.com/testcontainers/testcontainers-go/port_forwarding.go
+++ b/vendor/github.com/testcontainers/testcontainers-go/port_forwarding.go
@@ -10,8 +10,8 @@ import (
 	"sync"
 	"time"
 
-	"github.com/docker/docker/api/types/container"
 	"github.com/google/uuid"
+	"github.com/moby/moby/api/types/container"
 	"golang.org/x/crypto/ssh"
 
 	"github.com/testcontainers/testcontainers-go/internal/core/network"
@@ -107,14 +107,12 @@ func exposeHostPorts(ctx context.Context, req *ContainerRequest, ports ...int) (
 		return sshdConnectHook, fmt.Errorf("inspect sshd container: %w", err)
 	}
 
-	// TODO: remove once we have docker context support via #2810
-	//nolint:staticcheck // SA1019: IPAddress is deprecated, but we need it for compatibility until v29
-	sshdIP := inspect.NetworkSettings.IPAddress
-	if sshdIP == "" {
-		single := len(inspect.NetworkSettings.Networks) == 1
-		for name, network := range inspect.NetworkSettings.Networks {
-			if name == sshdFirstNetwork || single {
-				sshdIP = network.IPAddress
+	var sshdIP string
+	single := len(inspect.NetworkSettings.Networks) == 1
+	for name, nw := range inspect.NetworkSettings.Networks {
+		if name == sshdFirstNetwork || single {
+			if nw.IPAddress.IsValid() {
+				sshdIP = nw.IPAddress.String()
 				break
 			}
 		}
diff --git a/vendor/github.com/testcontainers/testcontainers-go/provider.go b/vendor/github.com/testcontainers/testcontainers-go/provider.go
index d2347b7f3b..210f451fc6 100644
--- a/vendor/github.com/testcontainers/testcontainers-go/provider.go
+++ b/vendor/github.com/testcontainers/testcontainers-go/provider.go
@@ -141,15 +141,18 @@ func NewDockerProvider(provOpts ...DockerProviderOption) (*DockerProvider, error
 	}
 
 	ctx := context.Background()
+	host, err := core.ExtractDockerHost(ctx)
+	if err != nil {
+		return nil, err
+	}
 	c, err := NewDockerClientWithOpts(ctx)
 	if err != nil {
 		return nil, err
 	}
-
 	return &DockerProvider{
 		DockerProviderOptions: o,
-		host:                  core.MustExtractDockerHost(ctx),
 		client:                c,
+		host:                  host,
 		config:                config.Read(),
 	}, nil
 }
diff --git a/vendor/github.com/testcontainers/testcontainers-go/reaper.go b/vendor/github.com/testcontainers/testcontainers-go/reaper.go
index 4f5c555e56..f42c5bf4fc 100644
--- a/vendor/github.com/testcontainers/testcontainers-go/reaper.go
+++ b/vendor/github.com/testcontainers/testcontainers-go/reaper.go
@@ -15,10 +15,9 @@ import (
 
 	"github.com/cenkalti/backoff/v4"
 	"github.com/containerd/errdefs"
-	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/api/types/container"
-	"github.com/docker/docker/api/types/filters"
-	"github.com/docker/go-connections/nat"
+	"github.com/moby/moby/api/types/container"
+	"github.com/moby/moby/api/types/network"
+	"github.com/moby/moby/client"
 
 	"github.com/testcontainers/testcontainers-go/internal/config"
 	"github.com/testcontainers/testcontainers-go/internal/core"
@@ -41,7 +40,7 @@ var (
 
 	// defaultReaperPort is the default port that the reaper listens on if not
 	// overridden by the RYUK_PORT environment variable.
-	defaultReaperPort = nat.Port("8080/tcp")
+	defaultReaperPort = network.MustParsePort("8080/tcp")
 
 	// errReaperNotFound is returned when no reaper container is found.
 	errReaperNotFound = errors.New("reaper not found")
@@ -95,9 +94,9 @@ type reaperSpawner struct {
 }
 
 // port returns the port that a new reaper should listen on.
-func (r *reaperSpawner) port() nat.Port {
+func (r *reaperSpawner) port() network.Port {
 	if port := os.Getenv("RYUK_PORT"); port != "" {
-		natPort, err := nat.NewPort("tcp", port)
+		natPort, err := network.ParsePort(port + "/tcp")
 		if err != nil {
 			panic(fmt.Sprintf("invalid RYUK_PORT value %q: %s", port, err))
 		}
@@ -170,14 +169,13 @@ func (r *reaperSpawner) lookupContainer(ctx context.Context, sessionID string) (
 
 	provider.SetClient(dockerClient)
 
-	opts := container.ListOptions{
+	opts := client.ContainerListOptions{
 		All: true,
-		Filters: filters.NewArgs(
-			filters.Arg("label", fmt.Sprintf("%s=%s", core.LabelSessionID, sessionID)),
-			filters.Arg("label", fmt.Sprintf("%s=%t", core.LabelReaper, true)),
-			filters.Arg("label", fmt.Sprintf("%s=%t", core.LabelRyuk, true)),
-			filters.Arg("name", reaperContainerNameFromSessionID(sessionID)),
-		),
+		Filters: make(client.Filters).
+			Add("label", fmt.Sprintf("%s=%s", core.LabelSessionID, sessionID)).
+			Add("label", fmt.Sprintf("%s=%t", core.LabelReaper, true)).
+			Add("label", fmt.Sprintf("%s=%t", core.LabelRyuk, true)).
+			Add("name", reaperContainerNameFromSessionID(sessionID)),
 	}
 
 	return backoff.RetryWithData(
@@ -187,29 +185,26 @@ func (r *reaperSpawner) lookupContainer(ctx context.Context, sessionID string) (
 				return nil, fmt.Errorf("container list: %w", err)
 			}
 
-			if len(resp) == 0 {
+			if len(resp.Items) == 0 {
 				// No reaper container not found.
 				return nil, backoff.Permanent(errReaperNotFound)
 			}
 
-			if len(resp) > 1 {
-				return nil, fmt.Errorf("found %d reaper containers for session ID %q", len(resp), sessionID)
+			if len(resp.Items) > 1 {
+				return nil, fmt.Errorf("found %d reaper containers for session ID %q", len(resp.Items), sessionID)
 			}
 
-			r, err := provider.ContainerFromType(ctx, resp[0])
+			r, err := provider.ContainerFromType(ctx, resp.Items[0])
 			if err != nil {
 				return nil, fmt.Errorf("from docker: %w", err)
 			}
 
-			switch {
-			case r.healthStatus == types.Healthy,
-				r.healthStatus == types.NoHealthcheck:
+			switch r.healthStatus {
+			case "", container.Healthy, container.NoHealthcheck:
 				return r, nil
-			case r.healthStatus != "":
+			default:
 				return nil, fmt.Errorf("container not healthy: %s", r.healthStatus)
 			}
-
-			return r, nil
 		},
 		backoff.WithContext(r.backoff(), ctx),
 	)
@@ -225,7 +220,7 @@ func (r *reaperSpawner) isRunning(ctx context.Context, ctr Container) error {
 	if !state.Running {
 		// Use NotFound error to indicate the container is not running
 		// and should be recreated.
-		return errdefs.ErrNotFound.WithMessage("container state: " + state.Status)
+		return errdefs.ErrNotFound.WithMessage("container state: " + string(state.Status))
 	}
 
 	return nil
@@ -381,9 +376,9 @@ func (r *reaperSpawner) newReaper(ctx context.Context, sessionID string, provide
 	tcConfig := provider.Config().Config
 	req := ContainerRequest{
 		Image:        config.ReaperDefaultImage,
-		ExposedPorts: []string{string(port)},
+		ExposedPorts: []string{port.String()},
 		Labels:       core.DefaultLabels(sessionID),
-		WaitingFor:   wait.ForListeningPort(port),
+		WaitingFor:   wait.ForListeningPort(port.String()),
 		Name:         reaperContainerNameFromSessionID(sessionID),
 		HostConfigModifier: func(hc *container.HostConfig) {
 			hc.AutoRemove = true
@@ -428,7 +423,7 @@ func (r *reaperSpawner) newReaper(ctx context.Context, sessionID string, provide
 		return nil, fmt.Errorf("run container: %w", err)
 	}
 
-	endpoint, err := c.PortEndpoint(ctx, port, "")
+	endpoint, err := c.PortEndpoint(ctx, port.String(), "")
 	if err != nil {
 		return nil, fmt.Errorf("port endpoint: %w", err)
 	}
diff --git a/vendor/github.com/testcontainers/testcontainers-go/testing.go b/vendor/github.com/testcontainers/testcontainers-go/testing.go
index 704af99c32..47b3609282 100644
--- a/vendor/github.com/testcontainers/testcontainers-go/testing.go
+++ b/vendor/github.com/testcontainers/testcontainers-go/testing.go
@@ -4,10 +4,13 @@ import (
 	"context"
 	"fmt"
 	"io"
+	"os"
 	"regexp"
+	"strings"
 	"testing"
 
 	"github.com/containerd/errdefs"
+	"github.com/moby/moby/client"
 	"github.com/stretchr/testify/require"
 )
 
@@ -39,16 +42,25 @@ func SkipIfProviderIsNotHealthy(t *testing.T) {
 }
 
 // SkipIfDockerDesktop is a utility function capable of skipping tests
-// if tests are run using Docker Desktop.
+// if tests are run using Docker Desktop or another VM-based Docker
+// environment (e.g. colima) where host network access is not available.
 func SkipIfDockerDesktop(t *testing.T, ctx context.Context) {
 	t.Helper()
+
+	// Colima runs Docker inside a Linux VM, so host networking doesn't work
+	// the same way as native Docker on Linux. Detect it via DOCKER_HOST which
+	// typically contains the colima socket path.
+	if strings.Contains(os.Getenv("DOCKER_HOST"), "colima") {
+		t.Skip("Skipping test that requires host network access when running in colima")
+	}
+
 	cli, err := NewDockerClientWithOpts(ctx)
 	require.NoErrorf(t, err, "failed to create docker client: %s", err)
 
-	info, err := cli.Info(ctx)
+	res, err := cli.Info(ctx, client.InfoOptions{})
 	require.NoErrorf(t, err, "failed to get docker info: %s", err)
 
-	if info.OperatingSystem == "Docker Desktop" {
+	if res.Info.OperatingSystem == "Docker Desktop" {
 		t.Skip("Skipping test that requires host network access when running in Docker Desktop")
 	}
 }
@@ -60,10 +72,10 @@ func SkipIfNotDockerDesktop(t *testing.T, ctx context.Context) {
 	cli, err := NewDockerClientWithOpts(ctx)
 	require.NoErrorf(t, err, "failed to create docker client: %s", err)
 
-	info, err := cli.Info(ctx)
+	res, err := cli.Info(ctx, client.InfoOptions{})
 	require.NoErrorf(t, err, "failed to get docker info: %s", err)
 
-	if info.OperatingSystem != "Docker Desktop" {
+	if res.Info.OperatingSystem != "Docker Desktop" {
 		t.Skip("Skipping test that needs Docker Desktop")
 	}
 }
diff --git a/vendor/github.com/testcontainers/testcontainers-go/wait/health.go b/vendor/github.com/testcontainers/testcontainers-go/wait/health.go
index c2a273830c..6df6f0de6c 100644
--- a/vendor/github.com/testcontainers/testcontainers-go/wait/health.go
+++ b/vendor/github.com/testcontainers/testcontainers-go/wait/health.go
@@ -4,7 +4,7 @@ import (
 	"context"
 	"time"
 
-	"github.com/docker/docker/api/types"
+	"github.com/moby/moby/api/types/container"
 )
 
 // Implement interface
@@ -87,7 +87,7 @@ func (ws *HealthStrategy) WaitUntilReady(ctx context.Context, target StrategyTar
 			if err := checkState(state); err != nil {
 				return err
 			}
-			if state.Health == nil || state.Health.Status != types.Healthy {
+			if state.Health == nil || state.Health.Status != container.Healthy {
 				time.Sleep(ws.PollInterval)
 				continue
 			}
diff --git a/vendor/github.com/testcontainers/testcontainers-go/wait/host_port.go b/vendor/github.com/testcontainers/testcontainers-go/wait/host_port.go
index 706e348967..60cf5e4e5f 100644
--- a/vendor/github.com/testcontainers/testcontainers-go/wait/host_port.go
+++ b/vendor/github.com/testcontainers/testcontainers-go/wait/host_port.go
@@ -8,7 +8,7 @@ import (
 	"os"
 	"time"
 
-	"github.com/docker/go-connections/nat"
+	"github.com/moby/moby/api/types/network"
 
 	"github.com/testcontainers/testcontainers-go/log"
 )
@@ -32,7 +32,7 @@ var (
 type HostPortStrategy struct {
 	// Port is a string containing port number and protocol in the format "80/tcp"
 	// which
-	Port nat.Port
+	Port string
 	// all WaitStrategies should have a startupTimeout to avoid waiting infinitely
 	timeout      *time.Duration
 	PollInterval time.Duration
@@ -50,7 +50,7 @@ type HostPortStrategy struct {
 
 // NewHostPortStrategy constructs a default host port strategy that waits for the given
 // port to be exposed. The default startup timeout is 60 seconds.
-func NewHostPortStrategy(port nat.Port) *HostPortStrategy {
+func NewHostPortStrategy(port string) *HostPortStrategy {
 	return &HostPortStrategy{
 		Port:         port,
 		PollInterval: defaultPollInterval(),
@@ -64,7 +64,7 @@ func NewHostPortStrategy(port nat.Port) *HostPortStrategy {
 // ForListeningPort returns a host port strategy that waits for the given port
 // to be exposed and bound internally the container.
 // Alias for `NewHostPortStrategy(port)`.
-func ForListeningPort(port nat.Port) *HostPortStrategy {
+func ForListeningPort(port string) *HostPortStrategy {
 	return NewHostPortStrategy(port)
 }
 
@@ -76,7 +76,7 @@ func ForExposedPort() *HostPortStrategy {
 
 // ForMappedPort returns a host port strategy that waits for the given port
 // to be mapped without accessing the port itself.
-func ForMappedPort(port nat.Port) *HostPortStrategy {
+func ForMappedPort(port string) *HostPortStrategy {
 	return NewHostPortStrategy(port).SkipInternalCheck().SkipExternalCheck()
 }
 
@@ -118,7 +118,7 @@ func (hp *HostPortStrategy) Timeout() *time.Duration {
 func (hp *HostPortStrategy) String() string {
 	port := "first exposed port"
 	if hp.Port != "" {
-		port = fmt.Sprintf("port %s", hp.Port)
+		port = "port " + hp.Port
 	}
 
 	var checks string
@@ -139,15 +139,15 @@ func (hp *HostPortStrategy) String() string {
 // detectInternalPort returns the lowest internal port that is currently bound.
 // If no internal port is found, it returns the zero nat.Port value which
 // can be checked against an empty string.
-func (hp *HostPortStrategy) detectInternalPort(ctx context.Context, target StrategyTarget) (nat.Port, error) {
-	var internalPort nat.Port
+func (hp *HostPortStrategy) detectInternalPort(ctx context.Context, target StrategyTarget) (network.Port, error) {
+	var internalPort network.Port
 	inspect, err := target.Inspect(ctx)
 	if err != nil {
 		return internalPort, fmt.Errorf("inspect: %w", err)
 	}
 
 	for port := range inspect.NetworkSettings.Ports {
-		if internalPort == "" || port.Int() < internalPort.Int() {
+		if internalPort.IsZero() || port.Num() < internalPort.Num() {
 			internalPort = port
 		}
 	}
@@ -167,9 +167,17 @@ func (hp *HostPortStrategy) WaitUntilReady(ctx context.Context, target StrategyT
 
 	waitInterval := hp.PollInterval
 
-	internalPort := hp.Port
+	var internalPort network.Port
+	if hp.Port != "" {
+		p, err := network.ParsePort(hp.Port)
+		if err != nil {
+			return err
+		}
+		internalPort = p
+	}
+
 	i := 0
-	if internalPort == "" {
+	if internalPort.IsZero() {
 		var err error
 		// Port is not specified, so we need to detect it.
 		internalPort, err = hp.detectInternalPort(ctx, target)
@@ -177,7 +185,7 @@ func (hp *HostPortStrategy) WaitUntilReady(ctx context.Context, target StrategyT
 			return fmt.Errorf("detect internal port: %w", err)
 		}
 
-		for internalPort == "" {
+		for internalPort.IsZero() {
 			select {
 			case <-ctx.Done():
 				return fmt.Errorf("detect internal port: retries: %d, last err: %w, ctx err: %w", i, err, ctx.Err())
@@ -194,10 +202,10 @@ func (hp *HostPortStrategy) WaitUntilReady(ctx context.Context, target StrategyT
 		}
 	}
 
-	port, err := target.MappedPort(ctx, internalPort)
+	port, err := target.MappedPort(ctx, internalPort.String())
 	i = 0
 
-	for port == "" {
+	for port.IsZero() {
 		i++
 
 		select {
@@ -207,7 +215,7 @@ func (hp *HostPortStrategy) WaitUntilReady(ctx context.Context, target StrategyT
 			if err := checkTarget(ctx, target); err != nil {
 				return fmt.Errorf("mapped port: check target: retries: %d, port: %q, last err: %w", i, port, err)
 			}
-			port, err = target.MappedPort(ctx, internalPort)
+			port, err = target.MappedPort(ctx, internalPort.String())
 			if err != nil {
 				log.Printf("mapped port: retries: %d, port: %q, err: %s\n", i, port, err)
 			}
@@ -245,7 +253,7 @@ func (hp *HostPortStrategy) WaitUntilReady(ctx context.Context, target StrategyT
 	return nil
 }
 
-func externalCheck(ctx context.Context, ipAddress string, port nat.Port, target StrategyTarget, waitInterval time.Duration) error {
+func externalCheck(ctx context.Context, ipAddress string, port network.Port, target StrategyTarget, waitInterval time.Duration) error {
 	proto := port.Proto()
 
 	dialer := net.Dialer{}
@@ -254,7 +262,7 @@ func externalCheck(ctx context.Context, ipAddress string, port nat.Port, target
 		if err := checkTarget(ctx, target); err != nil {
 			return fmt.Errorf("check target: retries: %d address: %s: %w", i, address, err)
 		}
-		conn, err := dialer.DialContext(ctx, proto, address)
+		conn, err := dialer.DialContext(ctx, string(proto), address)
 		if err != nil {
 			var v *net.OpError
 			if errors.As(err, &v) {
@@ -269,13 +277,13 @@ func externalCheck(ctx context.Context, ipAddress string, port nat.Port, target
 			return fmt.Errorf("dial: %w", err)
 		}
 
-		conn.Close()
+		_ = conn.Close()
 		return nil
 	}
 }
 
-func internalCheck(ctx context.Context, internalPort nat.Port, target StrategyTarget) error {
-	command := buildInternalCheckCommand(internalPort.Int())
+func internalCheck(ctx context.Context, internalPort network.Port, target StrategyTarget) error {
+	command := buildInternalCheckCommand(internalPort.Num())
 	for {
 		if ctx.Err() != nil {
 			return ctx.Err()
@@ -302,7 +310,7 @@ func internalCheck(ctx context.Context, internalPort nat.Port, target StrategyTa
 	}
 }
 
-func buildInternalCheckCommand(internalPort int) string {
+func buildInternalCheckCommand(internalPort uint16) string {
 	command := `(
 					cat /proc/net/tcp* | awk '{print $2}' | grep -i :%04x ||
 					nc -vz -w 1 localhost %d ||
diff --git a/vendor/github.com/testcontainers/testcontainers-go/wait/http.go b/vendor/github.com/testcontainers/testcontainers-go/wait/http.go
index 81f4c34bbe..95208290c8 100644
--- a/vendor/github.com/testcontainers/testcontainers-go/wait/http.go
+++ b/vendor/github.com/testcontainers/testcontainers-go/wait/http.go
@@ -14,7 +14,7 @@ import (
 	"strings"
 	"time"
 
-	"github.com/docker/go-connections/nat"
+	"github.com/moby/moby/api/types/network"
 )
 
 // Implement interface
@@ -28,7 +28,7 @@ type HTTPStrategy struct {
 	timeout *time.Duration
 
 	// additional properties
-	Port                   nat.Port
+	Port                   network.Port
 	Path                   string
 	StatusCodeMatcher      func(status int) bool
 	ResponseMatcher        func(body io.Reader) bool
@@ -44,10 +44,10 @@ type HTTPStrategy struct {
 	ForceIPv4LocalHost     bool
 }
 
-// NewHTTPStrategy constructs a HTTP strategy waiting on port 80 and status code 200
+// NewHTTPStrategy constructs an HTTP strategy waiting on port 80 and status code 200
 func NewHTTPStrategy(path string) *HTTPStrategy {
 	return &HTTPStrategy{
-		Port:                   "",
+		Port:                   network.Port{},
 		Path:                   path,
 		StatusCodeMatcher:      defaultStatusCodeMatcher,
 		ResponseMatcher:        func(_ io.Reader) bool { return true },
@@ -78,8 +78,10 @@ func (ws *HTTPStrategy) WithStartupTimeout(timeout time.Duration) *HTTPStrategy
 
 // WithPort set the port to wait for.
 // Default is the lowest numbered port.
-func (ws *HTTPStrategy) WithPort(port nat.Port) *HTTPStrategy {
-	ws.Port = port
+func (ws *HTTPStrategy) WithPort(port string) *HTTPStrategy {
+	if p, err := network.ParsePort(port); err == nil {
+		ws.Port = p
+	}
 	return ws
 }
 
@@ -162,7 +164,7 @@ func (ws *HTTPStrategy) String() string {
 	}
 
 	port := "default"
-	if ws.Port != "" {
+	if !ws.Port.IsZero() {
 		port = ws.Port.Port()
 	}
 
@@ -188,8 +190,9 @@ func (ws *HTTPStrategy) WaitUntilReady(ctx context.Context, target StrategyTarge
 		ipAddress = strings.Replace(ipAddress, "localhost", "127.0.0.1", 1)
 	}
 
-	var mappedPort nat.Port
-	if ws.Port == "" {
+	var mappedPort network.Port
+	if ws.Port.IsZero() {
+		// No specific port requested; inspect container to find lowest exposed TCP port.
 		// We wait one polling interval before we grab the ports
 		// otherwise they might not be bound yet on startup.
 		select {
@@ -209,28 +212,29 @@ func (ws *HTTPStrategy) WaitUntilReady(ctx context.Context, target StrategyTarge
 		}
 
 		// Find the lowest numbered exposed tcp port.
-		var lowestPort nat.Port
+		var lowestPort network.Port
 		var hostPort string
 		for port, bindings := range inspect.NetworkSettings.Ports {
 			if len(bindings) == 0 || port.Proto() != "tcp" {
 				continue
 			}
 
-			if lowestPort == "" || port.Int() < lowestPort.Int() {
+			if lowestPort.IsZero() || port.Num() < lowestPort.Num() {
 				lowestPort = port
 				hostPort = bindings[0].HostPort
 			}
 		}
 
-		if lowestPort == "" {
+		if lowestPort.IsZero() {
 			return errors.New("no exposed tcp ports or mapped ports - cannot wait for status")
 		}
 
-		mappedPort, _ = nat.NewPort(lowestPort.Proto(), hostPort)
+		hPort, _ := strconv.ParseUint(hostPort, 10, 16)
+		mappedPort, _ = network.PortFrom(uint16(hPort), lowestPort.Proto())
 	} else {
-		mappedPort, err = target.MappedPort(ctx, ws.Port)
-
-		for mappedPort == "" {
+		// Specific port requested; use MappedPort to resolve it.
+		mappedPort, err = target.MappedPort(ctx, ws.Port.String())
+		for mappedPort.IsZero() {
 			select {
 			case <-ctx.Done():
 				return fmt.Errorf("%w: %w", ctx.Err(), err)
@@ -239,7 +243,7 @@ func (ws *HTTPStrategy) WaitUntilReady(ctx context.Context, target StrategyTarge
 					return err
 				}
 
-				mappedPort, err = target.MappedPort(ctx, ws.Port)
+				mappedPort, err = target.MappedPort(ctx, ws.Port.String())
 			}
 		}
 
@@ -289,7 +293,7 @@ func (ws *HTTPStrategy) WaitUntilReady(ctx context.Context, target StrategyTarge
 	}
 
 	client := http.Client{Transport: tripper, Timeout: time.Second}
-	address := net.JoinHostPort(ipAddress, strconv.Itoa(mappedPort.Int()))
+	address := net.JoinHostPort(ipAddress, mappedPort.Port())
 
 	endpoint, err := url.Parse(ws.Path)
 	if err != nil {
diff --git a/vendor/github.com/testcontainers/testcontainers-go/wait/nop.go b/vendor/github.com/testcontainers/testcontainers-go/wait/nop.go
index 633a97cc5e..8a23e7ea66 100644
--- a/vendor/github.com/testcontainers/testcontainers-go/wait/nop.go
+++ b/vendor/github.com/testcontainers/testcontainers-go/wait/nop.go
@@ -5,8 +5,8 @@ import (
 	"io"
 	"time"
 
-	"github.com/docker/docker/api/types/container"
-	"github.com/docker/go-connections/nat"
+	"github.com/moby/moby/api/types/container"
+	"github.com/moby/moby/api/types/network"
 
 	"github.com/testcontainers/testcontainers-go/exec"
 )
@@ -61,12 +61,15 @@ func (st NopStrategyTarget) Inspect(_ context.Context) (*container.InspectRespon
 }
 
 // Deprecated: use Inspect instead
-func (st NopStrategyTarget) Ports(_ context.Context) (nat.PortMap, error) {
+func (st NopStrategyTarget) Ports(_ context.Context) (network.PortMap, error) {
 	return nil, nil
 }
 
-func (st NopStrategyTarget) MappedPort(_ context.Context, n nat.Port) (nat.Port, error) {
-	return n, nil
+func (st NopStrategyTarget) MappedPort(_ context.Context, n string) (network.Port, error) {
+	if n == "" {
+		return network.Port{}, nil
+	}
+	return network.ParsePort(n)
 }
 
 func (st NopStrategyTarget) Logs(_ context.Context) (io.ReadCloser, error) {
diff --git a/vendor/github.com/testcontainers/testcontainers-go/wait/sql.go b/vendor/github.com/testcontainers/testcontainers-go/wait/sql.go
index c9a9dbad3a..5d0228a075 100644
--- a/vendor/github.com/testcontainers/testcontainers-go/wait/sql.go
+++ b/vendor/github.com/testcontainers/testcontainers-go/wait/sql.go
@@ -6,7 +6,7 @@ import (
 	"fmt"
 	"time"
 
-	"github.com/docker/go-connections/nat"
+	"github.com/moby/moby/api/types/network"
 )
 
 var (
@@ -17,7 +17,7 @@ var (
 const defaultForSQLQuery = "SELECT 1"
 
 // ForSQL constructs a new waitForSql strategy for the given driver
-func ForSQL(port nat.Port, driver string, url func(host string, port nat.Port) string) *waitForSQL {
+func ForSQL(port string, driver string, url func(host string, port string) string) *waitForSQL {
 	return &waitForSQL{
 		Port:           port,
 		URL:            url,
@@ -31,9 +31,9 @@ func ForSQL(port nat.Port, driver string, url func(host string, port nat.Port) s
 type waitForSQL struct {
 	timeout *time.Duration
 
-	URL            func(host string, port nat.Port) string
+	URL            func(host string, port string) string
 	Driver         string
-	Port           nat.Port
+	Port           string
 	startupTimeout time.Duration
 	PollInterval   time.Duration
 	query          string
@@ -65,7 +65,10 @@ func (w *waitForSQL) Timeout() *time.Duration {
 func (w *waitForSQL) String() string {
 	port := "default"
 	if w.Port != "" {
-		port = w.Port.Port()
+		p, err := network.ParsePort(w.Port)
+		if err == nil {
+			port = p.Port()
+		}
 	}
 
 	query := ""
@@ -96,10 +99,10 @@ func (w *waitForSQL) WaitUntilReady(ctx context.Context, target StrategyTarget)
 	ticker := time.NewTicker(w.PollInterval)
 	defer ticker.Stop()
 
-	var port nat.Port
+	var port network.Port
 	port, err = target.MappedPort(ctx, w.Port)
 
-	for port == "" {
+	for port.IsZero() {
 		select {
 		case <-ctx.Done():
 			return fmt.Errorf("%w: %w", ctx.Err(), err)
@@ -111,7 +114,7 @@ func (w *waitForSQL) WaitUntilReady(ctx context.Context, target StrategyTarget)
 		}
 	}
 
-	db, err := sql.Open(w.Driver, w.URL(host, port))
+	db, err := sql.Open(w.Driver, w.URL(host, port.String()))
 	if err != nil {
 		return fmt.Errorf("sql.Open: %w", err)
 	}
diff --git a/vendor/github.com/testcontainers/testcontainers-go/wait/wait.go b/vendor/github.com/testcontainers/testcontainers-go/wait/wait.go
index ca5a7dbf2c..43485001a9 100644
--- a/vendor/github.com/testcontainers/testcontainers-go/wait/wait.go
+++ b/vendor/github.com/testcontainers/testcontainers-go/wait/wait.go
@@ -7,8 +7,8 @@ import (
 	"io"
 	"time"
 
-	"github.com/docker/docker/api/types/container"
-	"github.com/docker/go-connections/nat"
+	"github.com/moby/moby/api/types/container"
+	"github.com/moby/moby/api/types/network"
 
 	"github.com/testcontainers/testcontainers-go/exec"
 )
@@ -26,8 +26,8 @@ type StrategyTimeout interface {
 type StrategyTarget interface {
 	Host(context.Context) (string, error)
 	Inspect(context.Context) (*container.InspectResponse, error)
-	Ports(ctx context.Context) (nat.PortMap, error) // Deprecated: use Inspect instead
-	MappedPort(context.Context, nat.Port) (nat.Port, error)
+	Ports(ctx context.Context) (network.PortMap, error) // Deprecated: use Inspect instead
+	MappedPort(context.Context, string) (network.Port, error)
 	Logs(context.Context) (io.ReadCloser, error)
 	Exec(context.Context, []string, ...exec.ProcessOption) (int, io.Reader, error)
 	State(context.Context) (*container.State, error)
@@ -49,7 +49,7 @@ func checkState(state *container.State) error {
 		return nil
 	case state.OOMKilled:
 		return errors.New("container crashed with out-of-memory (OOMKilled)")
-	case state.Status == "exited":
+	case state.Status == container.StateExited:
 		return fmt.Errorf("container exited with code %d", state.ExitCode)
 	default:
 		return fmt.Errorf("unexpected container status %q", state.Status)
diff --git a/vendor/modules.txt b/vendor/modules.txt
index e877e7dcc9..d2311fbe2f 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -389,35 +389,8 @@ github.com/distribution/reference
 ## explicit
 github.com/dlclark/regexp2
 github.com/dlclark/regexp2/syntax
-# github.com/docker/docker v28.5.2+incompatible
-## explicit
-github.com/docker/docker/api
-github.com/docker/docker/api/types
-github.com/docker/docker/api/types/blkiodev
-github.com/docker/docker/api/types/build
-github.com/docker/docker/api/types/checkpoint
-github.com/docker/docker/api/types/common
-github.com/docker/docker/api/types/container
-github.com/docker/docker/api/types/events
-github.com/docker/docker/api/types/filters
-github.com/docker/docker/api/types/image
-github.com/docker/docker/api/types/mount
-github.com/docker/docker/api/types/network
-github.com/docker/docker/api/types/registry
-github.com/docker/docker/api/types/storage
-github.com/docker/docker/api/types/strslice
-github.com/docker/docker/api/types/swarm
-github.com/docker/docker/api/types/swarm/runtime
-github.com/docker/docker/api/types/system
-github.com/docker/docker/api/types/time
-github.com/docker/docker/api/types/versions
-github.com/docker/docker/api/types/volume
-github.com/docker/docker/client
-github.com/docker/docker/pkg/jsonmessage
-github.com/docker/docker/pkg/stdcopy
 # github.com/docker/go-connections v0.6.0
 ## explicit; go 1.18
-github.com/docker/go-connections/nat
 github.com/docker/go-connections/sockets
 github.com/docker/go-connections/tlsconfig
 # github.com/docker/go-units v0.5.0
@@ -1121,7 +1094,36 @@ github.com/moby/docker-image-spec/specs-go/v1
 github.com/moby/go-archive
 github.com/moby/go-archive/compression
 github.com/moby/go-archive/tarheader
-# github.com/moby/patternmatcher v0.6.0
+# github.com/moby/moby/api v1.54.1
+## explicit; go 1.24
+github.com/moby/moby/api/pkg/authconfig
+github.com/moby/moby/api/pkg/stdcopy
+github.com/moby/moby/api/types
+github.com/moby/moby/api/types/blkiodev
+github.com/moby/moby/api/types/build
+github.com/moby/moby/api/types/checkpoint
+github.com/moby/moby/api/types/common
+github.com/moby/moby/api/types/container
+github.com/moby/moby/api/types/events
+github.com/moby/moby/api/types/image
+github.com/moby/moby/api/types/jsonstream
+github.com/moby/moby/api/types/mount
+github.com/moby/moby/api/types/network
+github.com/moby/moby/api/types/plugin
+github.com/moby/moby/api/types/registry
+github.com/moby/moby/api/types/storage
+github.com/moby/moby/api/types/swarm
+github.com/moby/moby/api/types/system
+github.com/moby/moby/api/types/volume
+# github.com/moby/moby/client v0.4.0
+## explicit; go 1.24
+github.com/moby/moby/client
+github.com/moby/moby/client/internal
+github.com/moby/moby/client/internal/mod
+github.com/moby/moby/client/internal/timestamp
+github.com/moby/moby/client/pkg/jsonmessage
+github.com/moby/moby/client/pkg/versions
+# github.com/moby/patternmatcher v0.6.1
 ## explicit; go 1.19
 github.com/moby/patternmatcher
 github.com/moby/patternmatcher/ignorefile
@@ -1147,9 +1149,6 @@ github.com/modern-go/reflect2
 # github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826
 ## explicit
 github.com/mohae/deepcopy
-# github.com/morikuni/aec v1.0.0
-## explicit
-github.com/morikuni/aec
 # github.com/mschoch/smat v0.2.0
 ## explicit; go 1.13
 github.com/mschoch/smat
@@ -1999,7 +1998,7 @@ github.com/shamaton/msgpack/v2/internal/encoding
 github.com/shamaton/msgpack/v2/internal/stream/decoding
 github.com/shamaton/msgpack/v2/internal/stream/encoding
 github.com/shamaton/msgpack/v2/time
-# github.com/shirou/gopsutil/v4 v4.26.2
+# github.com/shirou/gopsutil/v4 v4.26.3
 ## explicit; go 1.24.0
 github.com/shirou/gopsutil/v4/common
 github.com/shirou/gopsutil/v4/cpu
@@ -2052,7 +2051,7 @@ github.com/spf13/viper/internal/encoding/json
 github.com/spf13/viper/internal/encoding/toml
 github.com/spf13/viper/internal/encoding/yaml
 github.com/spf13/viper/internal/features
-# github.com/stretchr/objx v0.5.2
+# github.com/stretchr/objx v0.5.3
 ## explicit; go 1.20
 github.com/stretchr/objx
 # github.com/stretchr/testify v1.11.1
@@ -2074,7 +2073,7 @@ github.com/tchap/go-patricia/v2/patricia
 ## explicit
 github.com/test-go/testify/mock
 github.com/test-go/testify/require
-# github.com/testcontainers/testcontainers-go v0.41.0
+# github.com/testcontainers/testcontainers-go v0.42.0
 ## explicit; go 1.25.0
 github.com/testcontainers/testcontainers-go
 github.com/testcontainers/testcontainers-go/exec
@@ -2084,7 +2083,7 @@ github.com/testcontainers/testcontainers-go/internal/core
 github.com/testcontainers/testcontainers-go/internal/core/network
 github.com/testcontainers/testcontainers-go/log
 github.com/testcontainers/testcontainers-go/wait
-# github.com/testcontainers/testcontainers-go/modules/opensearch v0.41.0
+# github.com/testcontainers/testcontainers-go/modules/opensearch v0.42.0
 ## explicit; go 1.25.0
 github.com/testcontainers/testcontainers-go/modules/opensearch
 # github.com/theckman/yacspin v0.13.12