From 1dee350268f632045203cf892f186e9c45f55a84 Mon Sep 17 00:00:00 2001
From: Matthew Penner <me@matthewp.io>
Date: Sun, 12 Jan 2025 14:22:18 -0700
Subject: [PATCH 01/46] server(filesystem): fix archive filesystem

Signed-off-by: Matthew Penner <me@matthewp.io>
---
 go.mod                        | 4 ++--
 go.sum                        | 4 ++++
 server/filesystem/compress.go | 4 ++--
 3 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/go.mod b/go.mod
index 9323df013..309ac054f 100644
--- a/go.mod
+++ b/go.mod
@@ -33,7 +33,7 @@ require (
 	github.com/klauspost/pgzip v1.2.6
 	github.com/magiconair/properties v1.8.9
 	github.com/mattn/go-colorable v0.1.13
-	github.com/mholt/archives v0.0.0-20241207175349-5e373c52f8aa
+	github.com/mholt/archives v0.1.0
 	github.com/mitchellh/colorstring v0.0.0-20190213212951-d06e56a500db
 	github.com/patrickmn/go-cache v2.1.0+incompatible
 	github.com/pkg/sftp v1.13.7
@@ -102,7 +102,7 @@ require (
 	github.com/opencontainers/go-digest v1.0.0 // indirect
 	github.com/opencontainers/image-spec v1.1.0 // indirect
 	github.com/pelletier/go-toml/v2 v2.2.3 // indirect
-	github.com/pierrec/lz4/v4 v4.1.21 // indirect
+	github.com/pierrec/lz4/v4 v4.1.22 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec // indirect
diff --git a/go.sum b/go.sum
index 727564297..4dde35736 100644
--- a/go.sum
+++ b/go.sum
@@ -265,6 +265,8 @@ github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d h1:5PJl274Y63IEHC+7izoQ
 github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d/go.mod h1:01TrycV0kFyexm33Z7vhZRXopbI8J3TDReVlkTgMUxE=
 github.com/mholt/archives v0.0.0-20241207175349-5e373c52f8aa h1:SzCiDuxF6489FegHHZe/ktxpRIDhu5IemNnWlW1Fquo=
 github.com/mholt/archives v0.0.0-20241207175349-5e373c52f8aa/go.mod h1:j/Ire/jm42GN7h90F5kzj6hf6ZFzEH66de+hmjEKu+I=
+github.com/mholt/archives v0.1.0 h1:FacgJyrjiuyomTuNA92X5GyRBRZjE43Y/lrzKIlF35Q=
+github.com/mholt/archives v0.1.0/go.mod h1:j/Ire/jm42GN7h90F5kzj6hf6ZFzEH66de+hmjEKu+I=
 github.com/mitchellh/colorstring v0.0.0-20190213212951-d06e56a500db h1:62I3jR2EmQ4l5rM/4FEfDWcRD+abF5XlKShorW5LRoQ=
 github.com/mitchellh/colorstring v0.0.0-20190213212951-d06e56a500db/go.mod h1:l0dey0ia/Uv7NcFFVbCLtqEBQbrT4OCwCSKTEv6enCw=
 github.com/moby/docker-image-spec v1.3.1 h1:jMKff3w6PgbfSa69GfNg+zN/XLhfXJGnEx3Nl2EsFP0=
@@ -294,6 +296,8 @@ github.com/pelletier/go-toml/v2 v2.2.3 h1:YmeHyLY8mFWbdkNWwpr+qIL2bEqT0o95WSdkNH
 github.com/pelletier/go-toml/v2 v2.2.3/go.mod h1:MfCQTFTvCcUyyvvwm1+G6H/jORL20Xlb6rzQu9GuUkc=
 github.com/pierrec/lz4/v4 v4.1.21 h1:yOVMLb6qSIDP67pl/5F7RepeKYu/VmTyEXvuMI5d9mQ=
 github.com/pierrec/lz4/v4 v4.1.21/go.mod h1:gZWDp/Ze/IJXGXf23ltt2EXimqmTUXEy0GFuRQyBid4=
+github.com/pierrec/lz4/v4 v4.1.22 h1:cKFw6uJDK+/gfw5BcDL0JL5aBsAFdsIT18eRtLj7VIU=
+github.com/pierrec/lz4/v4 v4.1.22/go.mod h1:gZWDp/Ze/IJXGXf23ltt2EXimqmTUXEy0GFuRQyBid4=
 github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA=
 github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
diff --git a/server/filesystem/compress.go b/server/filesystem/compress.go
index c21b690d6..f2775cb31 100644
--- a/server/filesystem/compress.go
+++ b/server/filesystem/compress.go
@@ -84,8 +84,8 @@ func (fs *Filesystem) archiverFileSystem(ctx context.Context, p string) (iofs.FS
 			// while ArchiveFS can't.
 			// zip.Reader doesn't suffer from issue #330 and #310 according to local test (but they should be fixed anyway)
 			return zip.NewReader(f, info.Size())
-		case archives.Archival:
-			return archives.ArchiveFS{Stream: io.NewSectionReader(f, 0, info.Size()), Format: ff, Context: ctx}, nil
+		case archives.Extraction:
+			return &archives.ArchiveFS{Stream: io.NewSectionReader(f, 0, info.Size()), Format: ff, Context: ctx}, nil
 		case archives.Compression:
 			return archiverext.FileFS{File: f, Compression: ff}, nil
 		}

From 0e96ef3edffe9978a13553b907899fdfe30d80c6 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sun, 12 Jan 2025 21:25:19 +0000
Subject: [PATCH 02/46] build(deps): bump golang.org/x/crypto from 0.30.0 to
 0.31.0 (#210)

Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.30.0 to 0.31.0.
- [Commits](https://github.com/golang/crypto/compare/v0.30.0...v0.31.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 8 ++------
 2 files changed, 3 insertions(+), 7 deletions(-)

diff --git a/go.mod b/go.mod
index 309ac054f..323fb5549 100644
--- a/go.mod
+++ b/go.mod
@@ -40,7 +40,7 @@ require (
 	github.com/sabhiram/go-gitignore v0.0.0-20210923224102-525f6e181f06
 	github.com/spf13/cobra v1.8.1
 	github.com/stretchr/testify v1.10.0
-	golang.org/x/crypto v0.30.0
+	golang.org/x/crypto v0.31.0
 	golang.org/x/sync v0.10.0
 	golang.org/x/sys v0.28.0
 	gopkg.in/ini.v1 v1.67.0
diff --git a/go.sum b/go.sum
index 4dde35736..3f5a2c384 100644
--- a/go.sum
+++ b/go.sum
@@ -263,8 +263,6 @@ github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D
 github.com/mgutz/ansi v0.0.0-20170206155736-9520e82c474b/go.mod h1:01TrycV0kFyexm33Z7vhZRXopbI8J3TDReVlkTgMUxE=
 github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d h1:5PJl274Y63IEHC+7izoQE9x6ikvDFZS2mDVS3drnohI=
 github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d/go.mod h1:01TrycV0kFyexm33Z7vhZRXopbI8J3TDReVlkTgMUxE=
-github.com/mholt/archives v0.0.0-20241207175349-5e373c52f8aa h1:SzCiDuxF6489FegHHZe/ktxpRIDhu5IemNnWlW1Fquo=
-github.com/mholt/archives v0.0.0-20241207175349-5e373c52f8aa/go.mod h1:j/Ire/jm42GN7h90F5kzj6hf6ZFzEH66de+hmjEKu+I=
 github.com/mholt/archives v0.1.0 h1:FacgJyrjiuyomTuNA92X5GyRBRZjE43Y/lrzKIlF35Q=
 github.com/mholt/archives v0.1.0/go.mod h1:j/Ire/jm42GN7h90F5kzj6hf6ZFzEH66de+hmjEKu+I=
 github.com/mitchellh/colorstring v0.0.0-20190213212951-d06e56a500db h1:62I3jR2EmQ4l5rM/4FEfDWcRD+abF5XlKShorW5LRoQ=
@@ -294,8 +292,6 @@ github.com/patrickmn/go-cache v2.1.0+incompatible h1:HRMgzkcYKYpi3C8ajMPV8OFXaaR
 github.com/patrickmn/go-cache v2.1.0+incompatible/go.mod h1:3Qf8kWWT7OJRJbdiICTKqZju1ZixQ/KpMGzzAfe6+WQ=
 github.com/pelletier/go-toml/v2 v2.2.3 h1:YmeHyLY8mFWbdkNWwpr+qIL2bEqT0o95WSdkNHvL12M=
 github.com/pelletier/go-toml/v2 v2.2.3/go.mod h1:MfCQTFTvCcUyyvvwm1+G6H/jORL20Xlb6rzQu9GuUkc=
-github.com/pierrec/lz4/v4 v4.1.21 h1:yOVMLb6qSIDP67pl/5F7RepeKYu/VmTyEXvuMI5d9mQ=
-github.com/pierrec/lz4/v4 v4.1.21/go.mod h1:gZWDp/Ze/IJXGXf23ltt2EXimqmTUXEy0GFuRQyBid4=
 github.com/pierrec/lz4/v4 v4.1.22 h1:cKFw6uJDK+/gfw5BcDL0JL5aBsAFdsIT18eRtLj7VIU=
 github.com/pierrec/lz4/v4 v4.1.22/go.mod h1:gZWDp/Ze/IJXGXf23ltt2EXimqmTUXEy0GFuRQyBid4=
 github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA=
@@ -409,8 +405,8 @@ golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8U
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4=
-golang.org/x/crypto v0.30.0 h1:RwoQn3GkWiMkzlX562cLB7OxWvjH1L8xutO2WoJcRoY=
-golang.org/x/crypto v0.30.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk=
+golang.org/x/crypto v0.31.0 h1:ihbySMvVjLAeSH1IbfcRTkD/iNscyz8rGzjF/E5hV6U=
+golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=

From 76a9f6dc5a3396a8e3b71fa1ebe2dcfa3ad93b3c Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sun, 12 Jan 2025 21:25:34 +0000
Subject: [PATCH 03/46] build(deps): bump golang.org/x/net from 0.32.0 to
 0.33.0 (#211)

Bumps [golang.org/x/net](https://github.com/golang/net) from 0.32.0 to 0.33.0.
- [Commits](https://github.com/golang/net/compare/v0.32.0...v0.33.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 323fb5549..dc995d78f 100644
--- a/go.mod
+++ b/go.mod
@@ -124,7 +124,7 @@ require (
 	go4.org v0.0.0-20230225012048-214862532bf5 // indirect
 	golang.org/x/arch v0.12.0 // indirect
 	golang.org/x/exp v0.0.0-20241204233417-43b7b7cde48d // indirect
-	golang.org/x/net v0.32.0 // indirect
+	golang.org/x/net v0.33.0 // indirect
 	golang.org/x/term v0.27.0 // indirect
 	golang.org/x/text v0.21.0 // indirect
 	golang.org/x/time v0.0.0-20220922220347-f3bd1da661af // indirect
diff --git a/go.sum b/go.sum
index 3f5a2c384..8a3d9b6d4 100644
--- a/go.sum
+++ b/go.sum
@@ -460,8 +460,8 @@ golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug
 golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
-golang.org/x/net v0.32.0 h1:ZqPmj8Kzc+Y6e0+skZsuACbx+wzMgo5MQsJh9Qd6aYI=
-golang.org/x/net v0.32.0/go.mod h1:CwU0IoeOlnQQWJ6ioyFrfRuomB8GKF6KbYXZVyeXNfs=
+golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I=
+golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=

From a55277da471a7b559e7fa45bb07024b7629e7ba2 Mon Sep 17 00:00:00 2001
From: Matthew Penner <me@matthewp.io>
Date: Sun, 12 Jan 2025 14:45:16 -0700
Subject: [PATCH 04/46] ufs: ensure `fsDirfd` always gets closed (fix file
 descriptor leak)

Signed-off-by: Matthew Penner <me@matthewp.io>
---
 internal/ufs/fs_unix.go | 21 +++++++++++++--------
 1 file changed, 13 insertions(+), 8 deletions(-)

diff --git a/internal/ufs/fs_unix.go b/internal/ufs/fs_unix.go
index a6842b2c4..87b83c773 100644
--- a/internal/ufs/fs_unix.go
+++ b/internal/ufs/fs_unix.go
@@ -621,7 +621,7 @@ func (fs *UnixFS) openat(dirfd int, name string, flag int, mode FileMode) (int,
 		if err == unix.EINTR {
 			continue
 		}
-		return 0, convertErrorType(err)
+		return -1, convertErrorType(err)
 	}
 
 	// If we are using openat2, we don't need the additional security checks.
@@ -681,11 +681,11 @@ func (fs *UnixFS) _openat(dirfd int, name string, flag int, mode uint32) (int, e
 	case err == nil:
 		return fd, nil
 	case err == unix.EINTR:
-		return 0, err
+		return -1, err
 	case err == unix.EAGAIN:
-		return 0, err
+		return -1, err
 	default:
-		return 0, &PathError{Op: "openat", Path: name, Err: err}
+		return -1, &PathError{Op: "openat", Path: name, Err: err}
 	}
 }
 
@@ -720,11 +720,11 @@ func (fs *UnixFS) _openat2(dirfd int, name string, flag, mode uint64) (int, erro
 	case err == nil:
 		return fd, nil
 	case err == unix.EINTR:
-		return 0, err
+		return -1, err
 	case err == unix.EAGAIN:
-		return 0, err
+		return -1, err
 	default:
-		return 0, &PathError{Op: "openat2", Path: name, Err: err}
+		return -1, &PathError{Op: "openat2", Path: name, Err: err}
 	}
 }
 
@@ -768,7 +768,11 @@ func (fs *UnixFS) safePath(path string) (dirfd int, file string, closeFd func(),
 	// trim slashes.
 	dir = strings.TrimSuffix(dir, "/")
 	dirfd, err = fs.openat(fsDirfd, dir, O_DIRECTORY|O_RDONLY, 0)
-	if dirfd != 0 {
+	if err != nil {
+		// An error occurred while opening the directory, but we already opened
+		// the filesystem root, so we still need to ensure it gets closed.
+		closeFd = func() { _ = unix.Close(fsDirfd) }
+	} else {	
 		// Set closeFd to close the newly opened directory file descriptor.
 		closeFd = func() {
 			_ = unix.Close(dirfd)
@@ -776,6 +780,7 @@ func (fs *UnixFS) safePath(path string) (dirfd int, file string, closeFd func(),
 		}
 	}
 
+
 	// Return dirfd, name, the closeFd func, and err
 	return
 }

From c6c235dbc07341d5f50606819624a2e4770648a7 Mon Sep 17 00:00:00 2001
From: Matthew Penner <me@matthewp.io>
Date: Sun, 12 Jan 2025 15:28:46 -0700
Subject: [PATCH 05/46] cron: batch deletions of activity logs to workaround
 sqlite limitation

Signed-off-by: Matthew Penner <me@matthewp.io>
---
 internal/cron/activity_cron.go | 23 ++++++++++++++++++-----
 internal/cron/sftp_cron.go     | 22 ++++++++++++++++++++--
 2 files changed, 38 insertions(+), 7 deletions(-)

diff --git a/internal/cron/activity_cron.go b/internal/cron/activity_cron.go
index 322104963..49fa31826 100644
--- a/internal/cron/activity_cron.go
+++ b/internal/cron/activity_cron.go
@@ -56,6 +56,7 @@ func (ac *activityCron) Run(ctx context.Context) error {
 		activities = append(activities, v)
 	}
 
+	// Delete any invalid activies
 	if len(ids) > 0 {
 		tx = database.Instance().WithContext(ctx).Where("id IN ?", ids).Delete(&models.Activity{})
 		if tx.Error != nil {
@@ -71,16 +72,28 @@ func (ac *activityCron) Run(ctx context.Context) error {
 		return errors.WrapIf(err, "cron: failed to send activity events to Panel")
 	}
 
-	// Add all the successful activities to the list of IDs to delete.
 	ids = make([]int, len(activities))
 	for i, v := range activities {
 		ids[i] = v.ID
 	}
 
-	// Delete all the activities that were sent to the Panel (or that were invalid).
-	tx = database.Instance().WithContext(ctx).Where("id IN ?", ids).Delete(&models.Activity{})
-	if tx.Error != nil {
-		return errors.WithStack(tx.Error)
+	// SQLite has a limitation of how many parameters we can specify in a single
+	// query, so we need to delete the activies in chunks of 32,000 instead of
+	// all at once.
+	i := 0
+	idsLen := len(ids)
+	for i < idsLen {
+		start := i
+		end := min(i+32000, idsLen)
+		batchSize := end - start
+
+		tx = database.Instance().WithContext(ctx).Where("id IN ?", ids[start:end]).Delete(&models.Activity{})
+		if tx.Error != nil {
+			return errors.WithStack(tx.Error)
+		}
+
+		i += batchSize
 	}
+
 	return nil
 }
diff --git a/internal/cron/sftp_cron.go b/internal/cron/sftp_cron.go
index 239e014e1..f51d835db 100644
--- a/internal/cron/sftp_cron.go
+++ b/internal/cron/sftp_cron.go
@@ -5,6 +5,7 @@ import (
 	"reflect"
 
 	"emperror.dev/errors"
+	"gorm.io/gorm"
 
 	"github.com/pterodactyl/wings/internal/database"
 	"github.com/pterodactyl/wings/internal/models"
@@ -83,9 +84,26 @@ func (sc *sftpCron) Run(ctx context.Context) error {
 	if err := sc.manager.Client().SendActivityLogs(ctx, events.Elements()); err != nil {
 		return errors.Wrap(err, "failed to send sftp activity logs to Panel")
 	}
-	if tx := database.Instance().Where("id IN ?", events.ids).Delete(&models.Activity{}); tx.Error != nil {
-		return errors.WithStack(tx.Error)
+
+	// SQLite has a limitation of how many parameters we can specify in a single
+	// query, so we need to delete the activies in chunks of 32,000 instead of
+	// all at once.
+	i := 0
+	idsLen := len(events.ids)
+	var tx *gorm.DB
+	for i < idsLen {
+		start := i
+		end := min(i+32000, idsLen)
+		batchSize := end - start
+
+		tx = database.Instance().WithContext(ctx).Where("id IN ?", events.ids[start:end]).Delete(&models.Activity{})
+		if tx.Error != nil {
+			return errors.WithStack(tx.Error)
+		}
+
+		i += batchSize
 	}
+
 	return nil
 }
 

From 77153ffbb19d445bc04012c967192ba275f13b44 Mon Sep 17 00:00:00 2001
From: Arnaud Lier <arnaud@lier.link>
Date: Fri, 14 Feb 2025 21:17:39 +0100
Subject: [PATCH 06/46] ci: fix broken commit hash (#212)

---
 .github/workflows/push.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/push.yaml b/.github/workflows/push.yaml
index 58e27cfb7..b79a9b9e8 100644
--- a/.github/workflows/push.yaml
+++ b/.github/workflows/push.yaml
@@ -44,8 +44,8 @@ jobs:
           CGO_ENABLED: 0
           SRC_PATH: github.com/pterodactyl/wings
         run: |
-          go build -v -trimpath -ldflags="-s -w -X ${SRC_PATH}/system.Version=dev-${GIT_COMMIT:0:7}" -o dist/wings ${SRC_PATH}
-          go build -v -trimpath -ldflags="-X ${SRC_PATH}/system.Version=dev-${GIT_COMMIT:0:7}" -o dist/wings_debug ${SRC_PATH}
+          go build -v -trimpath -ldflags="-s -w -X ${SRC_PATH}/system.Version=dev-${GITHUB_SHA:0:7}" -o dist/wings ${SRC_PATH}
+          go build -v -trimpath -ldflags="-X ${SRC_PATH}/system.Version=dev-${GITHUB_SHA:0:7}" -o dist/wings_debug ${SRC_PATH}
           chmod 755 dist/*
 
       - name: go test

From 25966e7838ba4121e29c91cc096ff2e387b77aa6 Mon Sep 17 00:00:00 2001
From: Matthew Penner <me@matthewp.io>
Date: Sun, 9 Mar 2025 19:19:22 -0600
Subject: [PATCH 07/46] system: prevent deadlock while sending to a SinkPool

Signed-off-by: Matthew Penner <me@matthewp.io>
---
 system/sink_pool.go | 28 +++++++++++++++++-----------
 1 file changed, 17 insertions(+), 11 deletions(-)

diff --git a/system/sink_pool.go b/system/sink_pool.go
index 38dab92e5..3d42527d0 100644
--- a/system/sink_pool.go
+++ b/system/sink_pool.go
@@ -31,8 +31,8 @@ func NewSinkPool() *SinkPool {
 // On adds a channel to the sink pool instance.
 func (p *SinkPool) On(c chan []byte) {
 	p.mu.Lock()
+	defer p.mu.Unlock()
 	p.sinks = append(p.sinks, c)
-	p.mu.Unlock()
 }
 
 // Off removes a given channel from the sink pool. If no matching sink is found
@@ -69,13 +69,11 @@ func (p *SinkPool) Off(c chan []byte) {
 func (p *SinkPool) Destroy() {
 	p.mu.Lock()
 	defer p.mu.Unlock()
-
 	for _, c := range p.sinks {
 		if c != nil {
 			close(c)
 		}
 	}
-
 	p.sinks = nil
 }
 
@@ -98,6 +96,7 @@ func (p *SinkPool) Destroy() {
 func (p *SinkPool) Push(data []byte) {
 	p.mu.RLock()
 	defer p.mu.RUnlock()
+
 	var wg sync.WaitGroup
 	wg.Add(len(p.sinks))
 	for _, c := range p.sinks {
@@ -105,15 +104,22 @@ func (p *SinkPool) Push(data []byte) {
 			defer wg.Done()
 			select {
 			case c <- data:
-			case <-time.After(time.Millisecond * 10):
-				// If there is nothing in the channel to read, but we also cannot write
-				// to the channel, just skip over sending data. If we don't do this you'll
-				// end up blocking the application on the channel read below.
-				if len(c) == 0 {
-					break
+			case <-time.After(10 * time.Millisecond):
+				// If we cannot send the message to the channel within 10ms,
+				// then try to drop the oldest message from the channel, then
+				// send our message.
+				select {
+				case <-c:
+					// Only attempt to send the message if we were able to make
+					// space for it on the channel.
+					select {
+					case c <- data:
+					default:
+					}
+				default:
+					// Do nothing, this is a fallthrough if there is nothing to
+					// read from c.
 				}
-				<-c
-				c <- data
 			}
 		}(c)
 	}

From 407b783aa5e4c6b1b74ec120b2a873bf19f96dc3 Mon Sep 17 00:00:00 2001
From: Matthew Penner <me@matthewp.io>
Date: Sun, 9 Mar 2025 19:19:29 -0600
Subject: [PATCH 08/46] ufs: improve error handling

Signed-off-by: Matthew Penner <me@matthewp.io>
---
 internal/ufs/error.go          | 175 ++++++++++++++++++++----------
 internal/ufs/fs_quota.go       |  16 ++-
 internal/ufs/fs_unix.go        | 187 ++++++++++++++++++++++-----------
 internal/ufs/mkdir_unix.go     |   6 +-
 internal/ufs/removeall_unix.go | 122 +++++++++++++++------
 internal/ufs/walk_unix.go      |   4 +-
 6 files changed, 346 insertions(+), 164 deletions(-)

diff --git a/internal/ufs/error.go b/internal/ufs/error.go
index dc563e45c..842d404fa 100644
--- a/internal/ufs/error.go
+++ b/internal/ufs/error.go
@@ -7,6 +7,7 @@ import (
 	"errors"
 	iofs "io/fs"
 	"os"
+	"syscall"
 
 	"golang.org/x/sys/unix"
 )
@@ -48,9 +49,9 @@ type PathError = iofs.PathError
 // SyscallError records an error from a specific system call.
 type SyscallError = os.SyscallError
 
-// NewSyscallError returns, as an error, a new SyscallError
-// with the given system call name and error details.
-// As a convenience, if err is nil, NewSyscallError returns nil.
+// NewSyscallError returns, as an error, a new [*os.SyscallError] with the
+// given system call name and error details. As a convenience, if err is nil,
+// [NewSyscallError] returns nil.
 func NewSyscallError(syscall string, err error) error {
 	return os.NewSyscallError(syscall, err)
 }
@@ -61,62 +62,122 @@ func convertErrorType(err error) error {
 	if err == nil {
 		return nil
 	}
+
 	var pErr *PathError
-	switch {
-	case errors.As(err, &pErr):
-		switch {
-		// File exists
-		case errors.Is(pErr.Err, unix.EEXIST):
-			return &PathError{
-				Op:   pErr.Op,
-				Path: pErr.Path,
-				Err:  ErrExist,
-			}
-		// Is a directory
-		case errors.Is(pErr.Err, unix.EISDIR):
-			return &PathError{
-				Op:   pErr.Op,
-				Path: pErr.Path,
-				Err:  ErrIsDirectory,
-			}
-		// Not a directory
-		case errors.Is(pErr.Err, unix.ENOTDIR):
-			return &PathError{
-				Op:   pErr.Op,
-				Path: pErr.Path,
-				Err:  ErrNotDirectory,
-			}
-		// No such file or directory
-		case errors.Is(pErr.Err, unix.ENOENT):
-			return &PathError{
-				Op:   pErr.Op,
-				Path: pErr.Path,
-				Err:  ErrNotExist,
-			}
-		// Operation not permitted
-		case errors.Is(pErr.Err, unix.EPERM):
-			return &PathError{
-				Op:   pErr.Op,
-				Path: pErr.Path,
-				Err:  ErrPermission,
-			}
-		// Invalid cross-device link
-		case errors.Is(pErr.Err, unix.EXDEV):
-			return &PathError{
-				Op:   pErr.Op,
-				Path: pErr.Path,
-				Err:  ErrBadPathResolution,
-			}
-		// Too many levels of symbolic links
-		case errors.Is(pErr.Err, unix.ELOOP):
-			return &PathError{
-				Op:   pErr.Op,
-				Path: pErr.Path,
-				Err:  ErrBadPathResolution,
-			}
-			// TODO: EROFS
-			// TODO: ENOTEMPTY
+	if errors.As(err, &pErr) {
+		if errno, ok := pErr.Err.(syscall.Errno); ok {
+			return errnoToPathError(errno, pErr.Op, pErr.Path)
+		}
+		return pErr
+	}
+
+	// If the error wasn't already a path error and is a errno, wrap it with
+	// details that we can use to know there is something wrong with our
+	// error wrapping somewhere.
+	var errno syscall.Errno
+	if errors.As(err, &errno) {
+		return &PathError{
+			Op:   "!(UNKNOWN)",
+			Path: "!(UNKNOWN)",
+			Err:  err,
 		}
 	}
+
 	return err
 }
+
+// ensurePathError ensures that err is a PathError. The op and path arguments
+// are only used of the error isn't already a PathError.
+func ensurePathError(err error, op, path string) error {
+	if err == nil {
+		return nil
+	}
+
+	// Check if the error is already a PathError.
+	var pErr *PathError
+	if errors.As(err, &pErr) {
+		// If underlying error is a errno, convert it.
+		//
+		// DO NOT USE `errors.As` or whatever here, the error will either be
+		// an errno, or it will be wrapped already.
+		if errno, ok := pErr.Err.(syscall.Errno); ok {
+			return errnoToPathError(errno, pErr.Op, pErr.Path)
+		}
+		// Return the PathError as-is without modification.
+		return pErr
+	}
+
+	// If the error is directly an errno, convert it to a PathError.
+	var errno syscall.Errno
+	if errors.As(err, &errno) {
+		return errnoToPathError(errno, op, path)
+	}
+
+	// Otherwise just wrap it as a PathError without any additional changes.
+	return &PathError{
+		Op:   op,
+		Path: path,
+		Err:  err,
+	}
+}
+
+// errnoToPathError converts an errno into a proper path error.
+func errnoToPathError(err syscall.Errno, op, path string) error {
+	switch err {
+	// File exists
+	case unix.EEXIST:
+		return &PathError{
+			Op:   op,
+			Path: path,
+			Err:  ErrExist,
+		}
+	// Is a directory
+	case unix.EISDIR:
+		return &PathError{
+			Op:   op,
+			Path: path,
+			Err:  ErrIsDirectory,
+		}
+	// Not a directory
+	case unix.ENOTDIR:
+		return &PathError{
+			Op:   op,
+			Path: path,
+			Err:  ErrNotDirectory,
+		}
+	// No such file or directory
+	case unix.ENOENT:
+		return &PathError{
+			Op:   op,
+			Path: path,
+			Err:  ErrNotExist,
+		}
+	// Operation not permitted
+	case unix.EPERM:
+		return &PathError{
+			Op:   op,
+			Path: path,
+			Err:  ErrPermission,
+		}
+	// Invalid cross-device link
+	case unix.EXDEV:
+		return &PathError{
+			Op:   op,
+			Path: path,
+			Err:  ErrBadPathResolution,
+		}
+	// Too many levels of symbolic links
+	case unix.ELOOP:
+		return &PathError{
+			Op:   op,
+			Path: path,
+			Err:  ErrBadPathResolution,
+		}
+	default:
+		return &PathError{
+			Op:   op,
+			Path: path,
+			Err:  err,
+		}
+	}
+}
diff --git a/internal/ufs/fs_quota.go b/internal/ufs/fs_quota.go
index 600a9fa43..cc89cbd0d 100644
--- a/internal/ufs/fs_quota.go
+++ b/internal/ufs/fs_quota.go
@@ -7,8 +7,12 @@ import (
 	"sync/atomic"
 )
 
-// Quota .
-// TODO: document
+// Quota is a wrapper around [*UnixFS] that provides the ability to limit the
+// disk usage of the filesystem.
+//
+// NOTE: this is not a full complete quota filesystem, it provides utilities for
+// tracking and checking the usage of the filesystem. The only operation that is
+// automatically accounted against the quota are file deletions.
 type Quota struct {
 	// fs is the underlying filesystem that runs the actual I/O operations.
 	*UnixFS
@@ -28,8 +32,7 @@ type Quota struct {
 	usage atomic.Int64
 }
 
-// NewQuota .
-// TODO: document
+// NewQuota creates a new Quota filesystem using an existing UnixFS and a limit.
 func NewQuota(fs *UnixFS, limit int64) *Quota {
 	qfs := Quota{UnixFS: fs}
 	qfs.limit.Store(limit)
@@ -105,6 +108,9 @@ func (fs *Quota) CanFit(size int64) bool {
 	return false
 }
 
+// Remove removes the named file or (empty) directory.
+//
+// If there is an error, it will be of type [*PathError].
 func (fs *Quota) Remove(name string) error {
 	// For information on why this interface is used here, check its
 	// documentation.
@@ -129,7 +135,7 @@ func (fs *Quota) Remove(name string) error {
 // it encounters. If the path does not exist, RemoveAll
 // returns nil (no error).
 //
-// If there is an error, it will be of type *PathError.
+// If there is an error, it will be of type [*PathError].
 func (fs *Quota) RemoveAll(name string) error {
 	name, err := fs.unsafePath(name)
 	if err != nil {
diff --git a/internal/ufs/fs_unix.go b/internal/ufs/fs_unix.go
index 87b83c773..dff36c9b8 100644
--- a/internal/ufs/fs_unix.go
+++ b/internal/ufs/fs_unix.go
@@ -81,7 +81,16 @@ func (fs *UnixFS) Chmod(name string, mode FileMode) error {
 	if err != nil {
 		return err
 	}
-	return convertErrorType(unix.Fchmodat(dirfd, name, uint32(mode), 0))
+	return fs.fchmodat("chmod", dirfd, name, mode)
+}
+
+// Chmodat is like Chmod but it takes a dirfd and name instead of a full path.
+func (fs *UnixFS) Chmodat(dirfd int, name string, mode FileMode) error {
+	return fs.fchmodat("chmodat", dirfd, name, mode)
+}
+
+func (fs *UnixFS) fchmodat(op string, dirfd int, name string, mode FileMode) error {
+	return ensurePathError(unix.Fchmodat(dirfd, name, uint32(mode), 0), op, name)
 }
 
 // Chown changes the numeric uid and gid of the named file.
@@ -93,7 +102,7 @@ func (fs *UnixFS) Chmod(name string, mode FileMode) error {
 // On Windows or Plan 9, Chown always returns the syscall.EWINDOWS or
 // EPLAN9 error, wrapped in *PathError.
 func (fs *UnixFS) Chown(name string, uid, gid int) error {
-	return fs.fchown(name, uid, gid, 0)
+	return ensurePathError(fs.fchown(name, uid, gid, 0), "chown", name)
 }
 
 // Lchown changes the numeric uid and gid of the named file.
@@ -106,7 +115,7 @@ func (fs *UnixFS) Chown(name string, uid, gid int) error {
 func (fs *UnixFS) Lchown(name string, uid, gid int) error {
 	// With AT_SYMLINK_NOFOLLOW, Fchownat acts like Lchown but allows us to
 	// pass a dirfd.
-	return fs.fchown(name, uid, gid, AT_SYMLINK_NOFOLLOW)
+	return ensurePathError(fs.fchown(name, uid, gid, AT_SYMLINK_NOFOLLOW), "lchown", name)
 }
 
 // fchown is a re-usable Fchownat syscall used by Chown and Lchown.
@@ -116,19 +125,19 @@ func (fs *UnixFS) fchown(name string, uid, gid, flags int) error {
 	if err != nil {
 		return err
 	}
-	return convertErrorType(unix.Fchownat(dirfd, name, uid, gid, flags))
+	return unix.Fchownat(dirfd, name, uid, gid, flags)
 }
 
 // Chownat is like Chown but allows passing an existing directory file
 // descriptor rather than needing to resolve one.
 func (fs *UnixFS) Chownat(dirfd int, name string, uid, gid int) error {
-	return convertErrorType(unix.Fchownat(dirfd, name, uid, gid, 0))
+	return ensurePathError(unix.Fchownat(dirfd, name, uid, gid, 0), "chownat", name)
 }
 
 // Lchownat is like Lchown but allows passing an existing directory file
 // descriptor rather than needing to resolve one.
 func (fs *UnixFS) Lchownat(dirfd int, name string, uid, gid int) error {
-	return convertErrorType(unix.Fchownat(dirfd, name, uid, gid, AT_SYMLINK_NOFOLLOW))
+	return ensurePathError(unix.Fchownat(dirfd, name, uid, gid, AT_SYMLINK_NOFOLLOW), "lchownat", name)
 }
 
 // Chtimes changes the access and modification times of the named
@@ -160,11 +169,9 @@ func (fs *UnixFS) Chtimesat(dirfd int, name string, atime, mtime time.Time) erro
 	}
 	set(0, atime)
 	set(1, mtime)
+
 	// This does support `AT_SYMLINK_NOFOLLOW` as well if needed.
-	if err := unix.UtimesNanoAt(dirfd, name, utimes[0:], 0); err != nil {
-		return convertErrorType(&PathError{Op: "chtimes", Path: name, Err: err})
-	}
-	return nil
+	return ensurePathError(unix.UtimesNanoAt(dirfd, name, utimes[0:], 0), "chtimes", name)
 }
 
 // Create creates or truncates the named file. If the file already exists,
@@ -188,11 +195,15 @@ func (fs *UnixFS) Mkdir(name string, mode FileMode) error {
 	if err != nil {
 		return err
 	}
-	return fs.Mkdirat(dirfd, name, mode)
+	return fs.mkdirat("mkdir", dirfd, name, mode)
 }
 
 func (fs *UnixFS) Mkdirat(dirfd int, name string, mode FileMode) error {
-	return convertErrorType(unix.Mkdirat(dirfd, name, uint32(mode)))
+	return fs.mkdirat("mkdirat", dirfd, name, mode)
+}
+
+func (fs *UnixFS) mkdirat(op string, dirfd int, name string, mode FileMode) error {
+	return ensurePathError(unix.Mkdirat(dirfd, name, uint32(mode)), op, name)
 }
 
 // MkdirAll creates a directory named path, along with any necessary
@@ -313,7 +324,7 @@ func (fs *UnixFS) RemoveStat(name string) (FileInfo, error) {
 		err = fs.unlinkat(dirfd, name, 0)
 	}
 	if err != nil {
-		return s, convertErrorType(&PathError{Op: "remove", Path: name, Err: err})
+		return s, ensurePathError(err, "rename", name)
 	}
 	return s, nil
 }
@@ -362,7 +373,7 @@ func (fs *UnixFS) Remove(name string) error {
 	if err1 != unix.ENOTDIR {
 		err = err1
 	}
-	return convertErrorType(&PathError{Op: "remove", Path: name, Err: err})
+	return ensurePathError(err, "remove", name)
 }
 
 // RemoveAll removes path and any children it contains.
@@ -377,6 +388,7 @@ func (fs *UnixFS) RemoveAll(name string) error {
 	if err != nil {
 		return err
 	}
+
 	// While removeAll internally checks this, I want to make sure we check it
 	// and return the proper error so our tests can ensure that this will never
 	// be a possibility.
@@ -387,9 +399,29 @@ func (fs *UnixFS) RemoveAll(name string) error {
 			Err:  ErrBadPathResolution,
 		}
 	}
+
 	return fs.removeAll(name)
 }
 
+// RemoveContents recursively removes the contents of name.
+//
+// It removes everything it can but returns the first error
+// it encounters. If the path does not exist, RemoveContents
+// returns nil (no error).
+//
+// If there is an error, it will be of type [*PathError].
+func (fs *UnixFS) RemoveContents(name string) error {
+	name, err := fs.unsafePath(name)
+	if err != nil {
+		return err
+	}
+
+	// Unlike RemoveAll, we don't remove `name` itself, only it's contents.
+	// So there is no need to check for a name of `.` here.
+
+	return fs.removeContents(name)
+}
+
 func (fs *UnixFS) unlinkat(dirfd int, name string, flags int) error {
 	return ignoringEINTR(func() error {
 		return unix.Unlinkat(dirfd, name, flags)
@@ -418,11 +450,11 @@ func (fs *UnixFS) Rename(oldpath, newpath string) error {
 	// While unix.Renameat ends up throwing a "device or resource busy" error,
 	// that doesn't mean we are protecting the system properly.
 	if oldname == "." {
-		return convertErrorType(&PathError{
+		return &PathError{
 			Op:   "rename",
 			Path: oldname,
 			Err:  ErrBadPathResolution,
-		})
+		}
 	}
 	// Stat the old target to return proper errors.
 	if _, err := fs.Lstatat(olddirfd, oldname); err != nil {
@@ -433,11 +465,11 @@ func (fs *UnixFS) Rename(oldpath, newpath string) error {
 	if err != nil {
 		closeFd2()
 		if !errors.Is(err, ErrNotExist) {
-			return convertErrorType(err)
+			return err
 		}
 		var pathErr *PathError
 		if !errors.As(err, &pathErr) {
-			return convertErrorType(err)
+			return err
 		}
 		if err := fs.MkdirAll(pathErr.Path, 0o755); err != nil {
 			return err
@@ -455,25 +487,28 @@ func (fs *UnixFS) Rename(oldpath, newpath string) error {
 	// While unix.Renameat ends up throwing a "device or resource busy" error,
 	// that doesn't mean we are protecting the system properly.
 	if newname == "." {
-		return convertErrorType(&PathError{
+		return &PathError{
 			Op:   "rename",
 			Path: newname,
 			Err:  ErrBadPathResolution,
-		})
+		}
 	}
 	// Stat the new target to return proper errors.
 	_, err = fs.Lstatat(newdirfd, newname)
 	switch {
 	case err == nil:
-		return convertErrorType(&PathError{
+		return &PathError{
 			Op:   "rename",
 			Path: newname,
 			Err:  ErrExist,
-		})
+		}
 	case !errors.Is(err, ErrNotExist):
 		return err
 	}
-	return unix.Renameat(olddirfd, oldname, newdirfd, newname)
+	if err := unix.Renameat(olddirfd, oldname, newdirfd, newname); err != nil {
+		return &LinkError{Op: "rename", Old: oldpath, New: newpath, Err: err}
+	}
+	return nil
 }
 
 // Stat returns a FileInfo describing the named file.
@@ -527,7 +562,7 @@ func (fs *UnixFS) _fstatat(op string, dirfd int, name string, flags int) (FileIn
 	if err := ignoringEINTR(func() error {
 		return unix.Fstatat(dirfd, name, &s.sys, flags)
 	}); err != nil {
-		return nil, &PathError{Op: op, Path: name, Err: err}
+		return nil, ensurePathError(err, op, name)
 	}
 	fillFileStatFromSys(&s, name)
 	return &s, nil
@@ -563,23 +598,42 @@ func (fs *UnixFS) Touch(path string, flag int, mode FileMode) (File, error) {
 	if flag&O_CREATE == 0 {
 		flag |= O_CREATE
 	}
-	dirfd, name, closeFd, err := fs.safePath(path)
+	dirfd, name, closeFd, err, _ := fs.TouchPath(path)
 	defer closeFd()
-	if err == nil {
-		return fs.OpenFileat(dirfd, name, flag, mode)
-	}
-	if !errors.Is(err, ErrNotExist) {
+	if err != nil {
 		return nil, err
 	}
+	return fs.OpenFileat(dirfd, name, flag, mode)
+}
+
+// TouchPath is like SafePath except that it will create any missing directories
+// in the path. Unlike SafePath, TouchPath returns an additional boolean which
+// indicates whether the parent directories already existed, this is intended to
+// be used as a way to know if the final destination could already exist.
+func (fs *UnixFS) TouchPath(path string) (int, string, func(), error, bool) {
+	dirfd, name, closeFd, err := fs.safePath(path)
+	switch {
+	case err == nil:
+		return dirfd, name, closeFd, nil, true
+	case !errors.Is(err, ErrNotExist):
+		return dirfd, name, closeFd, err, false
+	}
+
 	var pathErr *PathError
 	if !errors.As(err, &pathErr) {
-		return nil, err
+		return dirfd, name, closeFd, err, false
 	}
 	if err := fs.MkdirAll(pathErr.Path, 0o755); err != nil {
-		return nil, err
+		return dirfd, name, closeFd, err, false
 	}
-	// Try to open the file one more time after creating its parent directories.
-	return fs.OpenFile(path, flag, mode)
+
+	// Close the previous file descriptor since we are going to be opening
+	// a new one.
+	closeFd()
+
+	// Run safe path again now that the parent directories have been created.
+	dirfd, name, closeFd, err = fs.safePath(path)
+	return dirfd, name, closeFd, err, false
 }
 
 // WalkDir walks the file tree rooted at root, calling fn for each file or
@@ -621,7 +675,7 @@ func (fs *UnixFS) openat(dirfd int, name string, flag int, mode FileMode) (int,
 		if err == unix.EINTR {
 			continue
 		}
-		return -1, convertErrorType(err)
+		return 0, err
 	}
 
 	// If we are using openat2, we don't need the additional security checks.
@@ -646,24 +700,29 @@ func (fs *UnixFS) openat(dirfd int, name string, flag int, mode FileMode) (int,
 		if !errors.As(err, &pErr) {
 			return fd, fmt.Errorf("failed to evaluate symlink: %w", convertErrorType(err))
 		}
+
+		// Update the final path to whatever directory or path didn't exist while
+		// recursing any symlinks.
 		finalPath = pErr.Path
+		// Ensure the error is wrapped correctly.
+		err = convertErrorType(err)
 	}
 
 	// Check if the path is within our root.
 	if !fs.unsafeIsPathInsideOfBase(finalPath) {
-		return fd, convertErrorType(&PathError{
-			Op:   "openat",
+		op := "openat"
+		if fs.useOpenat2 {
+			op = "openat2"
+		}
+		return fd, &PathError{
+			Op:   op,
 			Path: name,
 			Err:  ErrBadPathResolution,
-		})
-	}
-
-	// This handles any hanging errors.
-	if err != nil {
-		return fd, convertErrorType(err)
+		}
 	}
 
-	return fd, nil
+	// Return the file descriptor and any potential error.
+	return fd, err
 }
 
 // _openat is a wrapper around unix.Openat. This method should never be directly
@@ -681,11 +740,11 @@ func (fs *UnixFS) _openat(dirfd int, name string, flag int, mode uint32) (int, e
 	case err == nil:
 		return fd, nil
 	case err == unix.EINTR:
-		return -1, err
+		return fd, err
 	case err == unix.EAGAIN:
-		return -1, err
+		return fd, err
 	default:
-		return -1, &PathError{Op: "openat", Path: name, Err: err}
+		return fd, ensurePathError(err, "openat", name)
 	}
 }
 
@@ -720,11 +779,11 @@ func (fs *UnixFS) _openat2(dirfd int, name string, flag, mode uint64) (int, erro
 	case err == nil:
 		return fd, nil
 	case err == unix.EINTR:
-		return -1, err
+		return fd, err
 	case err == unix.EAGAIN:
-		return -1, err
+		return fd, err
 	default:
-		return -1, &PathError{Op: "openat2", Path: name, Err: err}
+		return fd, ensurePathError(err, "openat2", name)
 	}
 }
 
@@ -746,7 +805,7 @@ func (fs *UnixFS) safePath(path string) (dirfd int, file string, closeFd func(),
 	// Open the base path. We use this as the sandbox root for any further
 	// operations.
 	var fsDirfd int
-	fsDirfd, err = unix.Openat(AT_EMPTY_PATH, fs.basePath, O_DIRECTORY|O_RDONLY, 0)
+	fsDirfd, err = fs._openat(AT_EMPTY_PATH, fs.basePath, O_DIRECTORY|O_RDONLY, 0)
 	if err != nil {
 		return
 	}
@@ -772,7 +831,7 @@ func (fs *UnixFS) safePath(path string) (dirfd int, file string, closeFd func(),
 		// An error occurred while opening the directory, but we already opened
 		// the filesystem root, so we still need to ensure it gets closed.
 		closeFd = func() { _ = unix.Close(fsDirfd) }
-	} else {	
+	} else {
 		// Set closeFd to close the newly opened directory file descriptor.
 		closeFd = func() {
 			_ = unix.Close(dirfd)
@@ -780,22 +839,24 @@ func (fs *UnixFS) safePath(path string) (dirfd int, file string, closeFd func(),
 		}
 	}
 
-
 	// Return dirfd, name, the closeFd func, and err
 	return
 }
 
-// unsafePath prefixes the given path and prefixes it with the filesystem's
-// base path, cleaning the result. The path returned by this function may not
-// be inside the filesystem's base path, additional checks are required to
-// safely use paths returned by this function.
+// unsafePath strips and joins the given path with the filesystem's base path,
+// cleaning the result. The cleaned path is then checked if it starts with the
+// filesystem's base path to obvious any obvious path traversal escapes. The
+// fully resolved path (if symlinks are followed) may not be within the
+// filesystem's base path, additional checks are required to safely use paths
+// returned by this function.
 func (fs *UnixFS) unsafePath(path string) (string, error) {
-	// Calling filepath.Clean on the joined directory will resolve it to the
-	// absolute path, removing any ../ type of resolution arguments, and leaving
-	// us with a direct path link.
+	// Calling filepath.Clean on the path will resolve it to it's absolute path,
+	// removing any path traversal arguments (such as ..), leaving us with an
+	// absolute path we can then use.
 	//
-	// This will also trim the existing root path off the beginning of the path
-	// passed to the function since that can get a bit messy.
+	// This will also trim the filesystem's base path from the given path and
+	// join the base path back on to ensure the path starts with the base path
+	// without appending it twice.
 	r := filepath.Clean(filepath.Join(fs.basePath, strings.TrimPrefix(path, fs.basePath)))
 
 	if fs.unsafeIsPathInsideOfBase(r) {
@@ -822,6 +883,10 @@ func (fs *UnixFS) unsafePath(path string) (string, error) {
 
 // unsafeIsPathInsideOfBase checks if the given path is inside the filesystem's
 // base path.
+//
+// NOTE: this method doesn't clean the given path or attempt to join the
+// filesystem's base path. This is purely a basic prefix check against the
+// given path.
 func (fs *UnixFS) unsafeIsPathInsideOfBase(path string) bool {
 	return strings.HasPrefix(
 		strings.TrimSuffix(path, "/")+"/",
diff --git a/internal/ufs/mkdir_unix.go b/internal/ufs/mkdir_unix.go
index 88d3938a9..eb2942b3a 100644
--- a/internal/ufs/mkdir_unix.go
+++ b/internal/ufs/mkdir_unix.go
@@ -10,10 +10,6 @@
 
 package ufs
 
-import (
-	"golang.org/x/sys/unix"
-)
-
 // mkdirAll is a recursive Mkdir implementation that properly handles symlinks.
 func (fs *UnixFS) mkdirAll(name string, mode FileMode) error {
 	// Fast path: if we can tell whether path is a directory or file, stop with success or error.
@@ -30,7 +26,7 @@ func (fs *UnixFS) mkdirAll(name string, mode FileMode) error {
 		if dir.IsDir() {
 			return nil
 		}
-		return convertErrorType(&PathError{Op: "mkdir", Path: name, Err: unix.ENOTDIR})
+		return &PathError{Op: "mkdir", Path: name, Err: ErrNotDirectory}
 	}
 
 	// Slow path: make sure parent exists and then call Mkdir for path.
diff --git a/internal/ufs/removeall_unix.go b/internal/ufs/removeall_unix.go
index 38a6e07f3..d756021af 100644
--- a/internal/ufs/removeall_unix.go
+++ b/internal/ufs/removeall_unix.go
@@ -52,60 +52,69 @@ func removeAll(fs unixFS, path string) error {
 	parentDir, base := splitPath(path)
 
 	parent, err := fs.Open(parentDir)
-	if errors.Is(err, ErrNotExist) {
+	if err != nil {
+		if !errors.Is(err, ErrNotExist) {
+			return err
+		}
 		// If parent does not exist, base cannot exist. Fail silently
 		return nil
 	}
-	if err != nil {
-		return err
-	}
 	defer parent.Close()
 
 	if err := removeAllFrom(fs, parent, base); err != nil {
 		if pathErr, ok := err.(*PathError); ok {
 			pathErr.Path = parentDir + string(os.PathSeparator) + pathErr.Path
-			err = pathErr
+			err = convertErrorType(pathErr)
+		} else {
+			err = ensurePathError(err, "removeallfrom", base)
 		}
-		return convertErrorType(err)
+		return err
 	}
 	return nil
 }
 
-func removeAllFrom(fs unixFS, parent File, base string) error {
-	parentFd := int(parent.Fd())
-	// Simple case: if Unlink (aka remove) works, we're done.
-	err := fs.unlinkat(parentFd, base, 0)
-	if err == nil || errors.Is(err, ErrNotExist) {
+func (fs *UnixFS) removeContents(path string) error {
+	return removeContents(fs, path)
+}
+
+func removeContents(fs unixFS, path string) error {
+	if path == "" {
+		// fail silently to retain compatibility with previous behavior
+		// of RemoveAll. See issue https://go.dev/issue/28830.
 		return nil
 	}
 
-	// EISDIR means that we have a directory, and we need to
-	// remove its contents.
-	// EPERM or EACCES means that we don't have write permission on
-	// the parent directory, but this entry might still be a directory
-	// whose contents need to be removed.
-	// Otherwise, just return the error.
-	if err != unix.EISDIR && err != unix.EPERM && err != unix.EACCES {
-		return &PathError{Op: "unlinkat", Path: base, Err: err}
-	}
+	// RemoveAll recurses by deleting the path base from
+	// its parent directory
+	parentDir, base := splitPath(path)
 
-	// Is this a directory we need to recurse into?
-	var statInfo unix.Stat_t
-	statErr := ignoringEINTR(func() error {
-		return unix.Fstatat(parentFd, base, &statInfo, AT_SYMLINK_NOFOLLOW)
-	})
-	if statErr != nil {
-		if errors.Is(statErr, ErrNotExist) {
-			return nil
+	parent, err := fs.Open(parentDir)
+	if err != nil {
+		if !errors.Is(err, ErrNotExist) {
+			return err
 		}
-		return &PathError{Op: "fstatat", Path: base, Err: statErr}
+		// If parent does not exist, base cannot exist. Fail silently
+		return nil
 	}
-	if statInfo.Mode&unix.S_IFMT != unix.S_IFDIR {
-		// Not a directory; return the error from the unix.Unlinkat.
-		return &PathError{Op: "unlinkat", Path: base, Err: err}
+	defer parent.Close()
+
+	if err := removeContentsFrom(fs, parent, base); err != nil {
+		if pathErr, ok := err.(*PathError); ok {
+			pathErr.Path = parentDir + string(os.PathSeparator) + pathErr.Path
+			err = convertErrorType(pathErr)
+		} else {
+			err = ensurePathError(err, "removecontentsfrom", base)
+		}
+		return err
 	}
+	return nil
+}
+
+// removeContentsFrom recursively removes all descendants of parent without
+// removing parent itself. Parent must be a directory.
+func removeContentsFrom(fs unixFS, parent File, base string) error {
+	parentFd := int(parent.Fd())
 
-	// Remove the directory's entries.
 	var recurseErr error
 	for {
 		const reqSize = 1024
@@ -168,6 +177,50 @@ func removeAllFrom(fs unixFS, parent File, base string) error {
 		}
 	}
 
+	return nil
+}
+
+func removeAllFrom(fs unixFS, parent File, base string) error {
+	parentFd := int(parent.Fd())
+
+	// Simple case: if Unlink (aka remove) works, we're done.
+	err := fs.unlinkat(parentFd, base, 0)
+	if err == nil || errors.Is(err, ErrNotExist) {
+		return nil
+	}
+
+	// EISDIR means that we have a directory, and we need to
+	// remove its contents.
+	// EPERM or EACCES means that we don't have write permission on
+	// the parent directory, but this entry might still be a directory
+	// whose contents need to be removed.
+	// Otherwise, just return the error.
+	if err != unix.EISDIR && err != unix.EPERM && err != unix.EACCES {
+		return &PathError{Op: "unlinkat", Path: base, Err: err}
+	}
+
+	// Is this a directory we need to recurse into?
+	var statInfo unix.Stat_t
+	statErr := ignoringEINTR(func() error {
+		return unix.Fstatat(parentFd, base, &statInfo, AT_SYMLINK_NOFOLLOW)
+	})
+	if statErr != nil {
+		if errors.Is(statErr, ErrNotExist) {
+			return nil
+		}
+		return &PathError{Op: "fstatat", Path: base, Err: statErr}
+	}
+	if statInfo.Mode&unix.S_IFMT != unix.S_IFDIR {
+		// Not a directory; return the error from the unix.Unlinkat.
+		return &PathError{Op: "unlinkat", Path: base, Err: err}
+	}
+
+	// Remove all contents will remove the contents of the directory.
+	//
+	// It was split out of this function to allow the deletion of the
+	// contents of a directory, without deleting the directory itself.
+	recurseErr := removeContentsFrom(fs, parent, base)
+
 	// Remove the directory itself.
 	unlinkErr := fs.unlinkat(parentFd, base, AT_REMOVEDIR)
 	if unlinkErr == nil || errors.Is(unlinkErr, ErrNotExist) {
@@ -177,7 +230,8 @@ func removeAllFrom(fs unixFS, parent File, base string) error {
 	if recurseErr != nil {
 		return recurseErr
 	}
-	return &PathError{Op: "unlinkat", Path: base, Err: unlinkErr}
+
+	return ensurePathError(err, "unlinkat", base)
 }
 
 // openFdAt opens path relative to the directory in fd.
diff --git a/internal/ufs/walk_unix.go b/internal/ufs/walk_unix.go
index 7b2413084..065afc229 100644
--- a/internal/ufs/walk_unix.go
+++ b/internal/ufs/walk_unix.go
@@ -199,7 +199,7 @@ func (fs *UnixFS) modeTypeFromDirent(de *unix.Dirent, fd int, name string) (File
 func (fs *UnixFS) modeType(dirfd int, name string) (FileMode, error) {
 	fi, err := fs.Lstatat(dirfd, name)
 	if err != nil {
-		return 0, fmt.Errorf("ufs: error finding mode type for %s during readDir: %w", name, convertErrorType(err))
+		return 0, fmt.Errorf("ufs: error finding mode type for %s during readDir: %w", name, err)
 	}
 	return fi.Mode() & ModeType, nil
 }
@@ -227,7 +227,7 @@ func (fs *UnixFS) readDir(fd int, name, relative string, b []byte) ([]DirEntry,
 				if err == unix.EINTR {
 					continue
 				}
-				return nil, fmt.Errorf("ufs: error with getdents during readDir: %w", convertErrorType(err))
+				return nil, ensurePathError(err, "getdents", name)
 			}
 			if n <= 0 {
 				// end of directory: normal exit

From 5e9a1c7139cc59654a53ab57e7e3123aff045996 Mon Sep 17 00:00:00 2001
From: Matthew Penner <me@matthewp.io>
Date: Sun, 9 Mar 2025 19:24:38 -0600
Subject: [PATCH 09/46] go: update to `1.23.7`, enable 1.24 in matrix

Signed-off-by: Matthew Penner <me@matthewp.io>
---
 .github/workflows/codeql.yaml  | 28 +++++++++------------
 .github/workflows/docker.yaml  | 16 ++++++------
 .github/workflows/push.yaml    | 25 +++++++++---------
 .github/workflows/release.yaml | 46 +++++++---------------------------
 Dockerfile                     |  2 +-
 flake.nix                      |  2 +-
 go.mod                         |  2 +-
 7 files changed, 44 insertions(+), 77 deletions(-)

diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml
index 5843e8adb..0d0e7a546 100644
--- a/.github/workflows/codeql.yaml
+++ b/.github/workflows/codeql.yaml
@@ -13,30 +13,26 @@ on:
 jobs:
   analyze:
     name: Analyze
-    runs-on: ubuntu-22.04
-
-    permissions:
-      actions: read
-      contents: read
-      security-events: write
-
+    runs-on: ubuntu-24.04
     strategy:
       fail-fast: false
       matrix:
         language:
-          - go
-
+          - language: go
+            build-mode: autobuild
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
     steps:
-      - name: Code Checkout
-        uses: actions/checkout@v4
+      - name: Code checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v2
+        uses: github/codeql-action/init@6bb031afdd8eb862ea3fc1848194185e076637e5 # v3.28.11
         with:
           languages: ${{ matrix.language }}
-
-      - name: Autobuild
-        uses: github/codeql-action/autobuild@v2
+          build-mode: ${{ matrix.build-mode }}
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v2
+        uses: github/codeql-action/analyze@6bb031afdd8eb862ea3fc1848194185e076637e5 # v3.28.11
diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml
index 55afe117c..844cfe88a 100644
--- a/.github/workflows/docker.yaml
+++ b/.github/workflows/docker.yaml
@@ -11,7 +11,7 @@ on:
 jobs:
   build-and-push:
     name: Build and Push
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     # Always run against a tag, even if the commit into the tag has [docker skip] within the commit message.
     if: "!contains(github.ref, 'develop') || (!contains(github.event.head_commit.message, 'skip docker') && !contains(github.event.head_commit.message, 'docker skip'))"
     permissions:
@@ -19,11 +19,11 @@ jobs:
       packages: write
     steps:
       - name: Code checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Docker metadata
         id: docker_meta
-        uses: docker/metadata-action@v5
+        uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0
         with:
           images: ghcr.io/${{ github.repository }}
           flavor: |
@@ -34,13 +34,13 @@ jobs:
             type=ref,event=branch
 
       - name: Setup QEMU
-        uses: docker/setup-qemu-action@v3
+        uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0
 
       - name: Setup Docker buildx
-        uses: docker/setup-buildx-action@v3
+        uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
 
       - name: Login to GitHub Container Registry
-        uses: docker/login-action@v3
+        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
@@ -53,7 +53,7 @@ jobs:
           echo "short_sha=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
 
       - name: Build and Push (tag)
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0
         if: "github.event_name == 'release' && github.event.action == 'published'"
         with:
           context: .
@@ -66,7 +66,7 @@ jobs:
           tags: ${{ steps.docker_meta.outputs.tags }}
 
       - name: Build and Push (develop)
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0
         if: "github.event_name == 'push' && contains(github.ref, 'develop')"
         with:
           context: .
diff --git a/.github/workflows/push.yaml b/.github/workflows/push.yaml
index b79a9b9e8..f3d073ed8 100644
--- a/.github/workflows/push.yaml
+++ b/.github/workflows/push.yaml
@@ -12,25 +12,24 @@ jobs:
   build-and-test:
     name: Build and Test
     runs-on: ${{ matrix.os }}
-    permissions:
-      contents: read
     strategy:
       fail-fast: false
       matrix:
-        os: [ubuntu-22.04]
-        go: ["1.22.10", "1.23.4"]
+        os: [ubuntu-24.04]
+        go: ["1.23.7", "1.24.1"]
         goos: [linux]
         goarch: [amd64, arm64]
-
+    permissions:
+      contents: read
     steps:
+      - name: Code checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
       - name: Setup Go
-        uses: actions/setup-go@v5
+        uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
         with:
           go-version: ${{ matrix.go }}
 
-      - name: Code checkout
-        uses: actions/checkout@v4
-
       - name: go mod download
         env:
           CGO_ENABLED: 0
@@ -63,15 +62,15 @@ jobs:
           go test -race $(go list ./...)
 
       - name: Upload Release Artifact
-        uses: actions/upload-artifact@v4
-        if: ${{ (github.ref == 'refs/heads/develop' || github.event_name == 'pull_request') && matrix.go == '1.22.10' }}
+        uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1
+        if: ${{ (github.ref == 'refs/heads/develop' || github.event_name == 'pull_request') && matrix.go == '1.23.7' }}
         with:
           name: wings_linux_${{ matrix.goarch }}
           path: dist/wings
 
       - name: Upload Debug Artifact
-        uses: actions/upload-artifact@v4
-        if: ${{ (github.ref == 'refs/heads/develop' || github.event_name == 'pull_request') && matrix.go == '1.22.10' }}
+        uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1
+        if: ${{ (github.ref == 'refs/heads/develop' || github.event_name == 'pull_request') && matrix.go == '1.23.7' }}
         with:
           name: wings_linux_${{ matrix.goarch }}_debug
           path: dist/wings_debug
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index f9bfd7b19..e5326105c 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -8,18 +8,18 @@ on:
 jobs:
   release:
     name: Release
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     permissions:
       contents: write # write is required to create releases and push.
 
     steps:
-      - name: Code Checkout
-        uses: actions/checkout@v4
+      - name: Code checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Setup Go
-        uses: actions/setup-go@v5
+        uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
         with:
-          go-version: "1.22.10"
+          go-version: "1.23.7"
 
       - name: Build release binaries
         env:
@@ -59,41 +59,13 @@ jobs:
           git push
 
       - name: Create release
-        id: create_release
-        uses: softprops/action-gh-release@v1
+        uses: softprops/action-gh-release@c95fe1489396fe8a9eb87c0abf8aa5b2ef267fda # v2.2.1
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:
           draft: true
           prerelease: ${{ contains(github.ref, 'rc') || contains(github.ref, 'beta') || contains(github.ref, 'alpha') }}
           body_path: ./RELEASE_CHANGELOG
-
-      - name: Upload amd64 binary
-        uses: actions/upload-release-asset@v1
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        with:
-          upload_url: ${{ steps.create_release.outputs.upload_url }}
-          asset_path: dist/wings_linux_amd64
-          asset_name: wings_linux_amd64
-          asset_content_type: application/octet-stream
-
-      - name: Upload arm64 binary
-        uses: actions/upload-release-asset@v1
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        with:
-          upload_url: ${{ steps.create_release.outputs.upload_url }}
-          asset_path: dist/wings_linux_arm64
-          asset_name: wings_linux_arm64
-          asset_content_type: application/octet-stream
-
-      - name: Upload checksum
-        uses: actions/upload-release-asset@v1
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        with:
-          upload_url: ${{ steps.create_release.outputs.upload_url }}
-          asset_path: ./checksums.txt
-          asset_name: checksums.txt
-          asset_content_type: text/plain
+          files: |
+            dist/*
+            checksums.txt
diff --git a/Dockerfile b/Dockerfile
index cf7fe3664..64de90708 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,5 +1,5 @@
 # Stage 1 (Build)
-FROM golang:1.22.10-alpine AS builder
+FROM golang:1.23.7-alpine AS builder
 
 ARG VERSION
 RUN apk add --update --no-cache git make mailcap
diff --git a/flake.nix b/flake.nix
index ce9888e8e..c2e07706f 100644
--- a/flake.nix
+++ b/flake.nix
@@ -24,7 +24,7 @@
       in {
          devShells.default = pkgs.mkShell {
           buildInputs = with pkgs; [
-            go_1_22
+            go_1_23
             gofumpt
             golangci-lint
             gotools
diff --git a/go.mod b/go.mod
index dc995d78f..724f054a7 100644
--- a/go.mod
+++ b/go.mod
@@ -1,6 +1,6 @@
 module github.com/pterodactyl/wings
 
-go 1.22.2
+go 1.23
 
 require (
 	emperror.dev/errors v0.8.1

From d0e73328816956ed5ac0d88383a1d07d4543cb3a Mon Sep 17 00:00:00 2001
From: Matthew Penner <me@matthewp.io>
Date: Sun, 9 Mar 2025 19:25:18 -0600
Subject: [PATCH 10/46] ci: add dependabot for `github-actions` and `gomod`

Signed-off-by: Matthew Penner <me@matthewp.io>
---
 .github/dependabot.yaml | 10 ++++++++++
 1 file changed, 10 insertions(+)
 create mode 100644 .github/dependabot.yaml

diff --git a/.github/dependabot.yaml b/.github/dependabot.yaml
new file mode 100644
index 000000000..5087519e6
--- /dev/null
+++ b/.github/dependabot.yaml
@@ -0,0 +1,10 @@
+version: 2
+updates:
+  - package-ecosystem: github-actions
+    directory: /
+    schedule:
+      interval: monthly
+  - package-ecosystem: gomod
+    directory: /
+    schedule:
+      interval: weekly

From 7f63162d1d13ae9e6d4c12c9a4543d0ed243008a Mon Sep 17 00:00:00 2001
From: Matthew Penner <me@matthewp.io>
Date: Sun, 9 Mar 2025 19:25:22 -0600
Subject: [PATCH 11/46] nix: update flake.lock
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Flake lock file updates:

• Updated input 'flake-parts':
    'github:hercules-ci/flake-parts/205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9?narHash=sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c%3D' (2024-12-04)
  → 'github:hercules-ci/flake-parts/f4330d22f1c5d2ba72d3d22df5597d123fdb60a9?narHash=sha256-%2Bu2UunDA4Cl5Fci3m7S643HzKmIDAe%2BfiXrLqYsR2fs%3D' (2025-03-07)
• Updated input 'flake-parts/nixpkgs-lib':
    'https://github.com/NixOS/nixpkgs/archive/5487e69da40cbd611ab2cadee0b4637225f7cfae.tar.gz?narHash=sha256-1qRH7uAUsyQI7R1Uwl4T%2BXvdNv778H0Nb5njNrqvylY%3D' (2024-12-01)
  → 'github:nix-community/nixpkgs.lib/147dee35aab2193b174e4c0868bd80ead5ce755c?narHash=sha256-oiwv/ZK/2FhGxrCkQkB83i7GnWXPPLzoqFHpDD3uYpk%3D' (2025-03-02)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/d0797a04b81caeae77bcff10a9dde78bc17f5661?narHash=sha256-kEsTJTUQfQFIJOcLYFt/RvNxIK653ZkTBIs4DG%2BcBns%3D' (2024-12-05)
  → 'github:NixOS/nixpkgs/36fd87baa9083f34f7f5027900b62ee6d09b1f2f?narHash=sha256-Wh7esNh7G24qYleLvgOSY/7HlDUzWaL/n4qzlBePpiw%3D' (2025-03-07)
• Updated input 'treefmt-nix':
    'github:numtide/treefmt-nix/50862ba6a8a0255b87377b9d2d4565e96f29b410?narHash=sha256-qKL3vjO%2BIXFQ0nTinFDqNq/sbbnnS5bMI1y0xX215fU%3D' (2024-12-05)
  → 'github:numtide/treefmt-nix/3d0579f5cc93436052d94b73925b48973a104204?narHash=sha256-mL1szCeIsjh6Khn3nH2cYtwO5YXG6gBiTw1A30iGeDU%3D' (2025-02-17)
---
 .envrc     |  9 ++++++++-
 flake.lock | 33 ++++++++++++++++++---------------
 2 files changed, 26 insertions(+), 16 deletions(-)

diff --git a/.envrc b/.envrc
index 3550a30f2..187c42f90 100644
--- a/.envrc
+++ b/.envrc
@@ -1 +1,8 @@
-use flake
+#!/usr/bin/env sh
+
+# Load the flake's `devShells.${currentSystem}.default`.
+if ! use flake .; then
+	echo 'The development shell was unable to be built.' >&2
+	echo 'The development environment was not loaded.' >&2
+	echo 'Please make the necessary changes in flake.nix to fix any issues and hit enter to try again.' >&2
+fi
diff --git a/flake.lock b/flake.lock
index 90ce41092..bdf0fea92 100644
--- a/flake.lock
+++ b/flake.lock
@@ -5,11 +5,11 @@
         "nixpkgs-lib": "nixpkgs-lib"
       },
       "locked": {
-        "lastModified": 1733312601,
-        "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=",
+        "lastModified": 1741352980,
+        "narHash": "sha256-+u2UunDA4Cl5Fci3m7S643HzKmIDAe+fiXrLqYsR2fs=",
         "owner": "hercules-ci",
         "repo": "flake-parts",
-        "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9",
+        "rev": "f4330d22f1c5d2ba72d3d22df5597d123fdb60a9",
         "type": "github"
       },
       "original": {
@@ -20,11 +20,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1733392399,
-        "narHash": "sha256-kEsTJTUQfQFIJOcLYFt/RvNxIK653ZkTBIs4DG+cBns=",
+        "lastModified": 1741379970,
+        "narHash": "sha256-Wh7esNh7G24qYleLvgOSY/7HlDUzWaL/n4qzlBePpiw=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "d0797a04b81caeae77bcff10a9dde78bc17f5661",
+        "rev": "36fd87baa9083f34f7f5027900b62ee6d09b1f2f",
         "type": "github"
       },
       "original": {
@@ -36,14 +36,17 @@
     },
     "nixpkgs-lib": {
       "locked": {
-        "lastModified": 1733096140,
-        "narHash": "sha256-1qRH7uAUsyQI7R1Uwl4T+XvdNv778H0Nb5njNrqvylY=",
-        "type": "tarball",
-        "url": "https://github.com/NixOS/nixpkgs/archive/5487e69da40cbd611ab2cadee0b4637225f7cfae.tar.gz"
+        "lastModified": 1740877520,
+        "narHash": "sha256-oiwv/ZK/2FhGxrCkQkB83i7GnWXPPLzoqFHpDD3uYpk=",
+        "owner": "nix-community",
+        "repo": "nixpkgs.lib",
+        "rev": "147dee35aab2193b174e4c0868bd80ead5ce755c",
+        "type": "github"
       },
       "original": {
-        "type": "tarball",
-        "url": "https://github.com/NixOS/nixpkgs/archive/5487e69da40cbd611ab2cadee0b4637225f7cfae.tar.gz"
+        "owner": "nix-community",
+        "repo": "nixpkgs.lib",
+        "type": "github"
       }
     },
     "root": {
@@ -60,11 +63,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1733440889,
-        "narHash": "sha256-qKL3vjO+IXFQ0nTinFDqNq/sbbnnS5bMI1y0xX215fU=",
+        "lastModified": 1739829690,
+        "narHash": "sha256-mL1szCeIsjh6Khn3nH2cYtwO5YXG6gBiTw1A30iGeDU=",
         "owner": "numtide",
         "repo": "treefmt-nix",
-        "rev": "50862ba6a8a0255b87377b9d2d4565e96f29b410",
+        "rev": "3d0579f5cc93436052d94b73925b48973a104204",
         "type": "github"
       },
       "original": {

From a4ff433d9512fdfd722afe44d3a4ca52f1893668 Mon Sep 17 00:00:00 2001
From: Matthew Penner <me@matthewp.io>
Date: Sun, 9 Mar 2025 19:26:13 -0600
Subject: [PATCH 12/46] chore: remove outdated `wings-api.paw`

Signed-off-by: Matthew Penner <me@matthewp.io>
---
 wings-api.paw | Bin 21104 -> 0 bytes
 1 file changed, 0 insertions(+), 0 deletions(-)
 delete mode 100644 wings-api.paw

diff --git a/wings-api.paw b/wings-api.paw
deleted file mode 100644
index af01f9c6e041240ed4be513d378e9f571771e70e..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 21104
zcmd6P2Y3|K+W(odyCIET5+EUAvm2IdvShN;OA-hWs#NJpAkNOrLZk$f0HUI2RZuM0
zuH}k_W<|wbuX@E^QLv$6#g3q&qGI{KGrOCD_>t$i-}C=2d0?}{?Cd%3`MvG;zUS08
zw^$?eHXR{EWY8J#V*eTUN%GZwVe%CXO}>uXlzJaZy`tEXg-xw(Ec-el5Q!*6BNuYJ
zrn;uh3N5o*TAP{|&k8liPPB}+*5g8Yi!r|mE>8=!H81Ifh}G-2`iOeuK^bT&nueyM
z8E7V&g^okVquHnd%|UZfBRT=;D25DVA`8XQJTxCQp%c*pv=A*qi%~OLf=)s$s1>!L
zrRX%Y5}k)GK$oJ+(3NN%x(;nbH=|q7UFdFf4|)JSj<%s^(5vV*^g7yw-a#LuPtfP+
zYl0w1!bP|V50OFiAaaSGL~o)G(T^BNlo1s~goqLnp%Ej9k;E8cEHROoMocG;BTT{~
z<`YfCVxpN?PMl1vAXX9yVhwQ~aUpRjaTRe5aW`=faX;|@@gVUi@ig%~@iOrVv4{Aa
z_=5P7_=?z1{7C#n{7Sk=H`#;CBzuy*$wD$j4kXLT3bKlfk`gJC)#ONW6giq4LyjdU
zkQ2#i<aBZtIftA}#>si)d~zYVgj`OZLY_)u@?7!)@?!Ez@@jG&xt_d@yq&y*yoY>%
ze4Koe+(o`a?k3+SKOpyzUy=LBU&vp{-^o8HiprvTQh8KAsz2qY22g{jC?!xeR4r9U
zji8R9CQ`>y$5V5txs*XIpqi;x>Qw49>I~{^>OAUv>LTiDY8`bQbv?D2x|P~OZKWQj
z9-$ti9;cq7o~B-=UZHkSyQq(-kEu_ouc&XSAE`fSL{oGIolEzk`_q0pNSD%KI!X()
zLJy&b(ZlJ{^aT1?x`CcU&!rpb6KIQ$(~Ie5dKrBReI|Vty_!CszKp(-UPs?W-%Z~~
z-%me4|BHT#evW>Lew}`Uew*G+e?oswe@`Evf1(f4zqvA8*)Fdu-&NqMaz$OdOK^!U
z%~j{BcTIFna!qy}>zXn>w0P;lg*#CXl!>xXHj1JtGbc{1T41ecJsw_D7@iR_7V537
zTfL<y2j!xk$cuca7s^BVs5k0^`l13<i29)-RE+u~KPo{16hx(H01Bajs0@WsIjTSr
zGze892327aQ<%ms?8Y9PfqURgoQ1P-4$j3ru^0PrFPw+-ac|rQ_r(Rc5ck7HxES}x
zeq4eBIEYK}0DCAb;t-DnBq9mPNI@#nP&KMSwP-LJg6cqfhoRx99*saF(I_+;jX`74
zF=!kbk0zjrXcC%?j>REdg{$#sJQ>f#jkpP)gipn1;q&l6@IUb;d@FtcKZc*iFX5f|
z9sDu=3Ln6~BnXrsJPD#_f+$E3!30sBAfgGP8p~d{H{09GTj2G3Ltet`@#c8*yoKHp
zFX_$j=6dtJ{k)X7hqtG<x3|a}^wQo;uh-khTk3Urv%EfUUvGc!fY)IemZ9b7WV8aE
z0`}q5Mz3$;)M0IHElshdZPpBZ;Zm!0?!>8+TbdT>Ei1-ZD`c@@;?$9g+nU-|Ow<=y
zn89Uu;N0;OMl>5s7g>wj#x9OG?{Jp)bhPGHbViq-)$s0I9PaW{0q-KX@--OA`M7)s
zx)7~J7om%fPl8}Ee8;ThuU6}fiBl&6em27YUovar)JcxX^P(N_(SM-J(G|x5hFW3h
zi|64%joy&RYX%pWEXFW+mJt<;XEe#=8CFzcq9Ut&+=?f^?<(}qMsLrFQztBK(_;&*
zsm?Ptp{vl<&KD)$CvUw5T?>#M*3zP{*odw{mn5%VkJdMO^CnIm(PXrNIR;Tp(3ebX
zHmyzQdb9yu0wSE+23{a_^$i&Drgp*KfNliCd=uO=#agJhS*HELR*)=<6&wZGPO(mc
zWoR4S(!6v@T6u0ox1%W=(H3+Y<}kkz-GR1Z0gG6ku|#iyb(jTSV4(@WB^Tpfv}OYu
z2-vPnzJCxsb_3{0F=$9{)Dw{I1Dt1qo=C|F{Tn?2<4MWGne8U@?~eICiJo%io4TQ6
z+MCdm=xKBbV5H+(@*AH;Yi>f%0RZyQi%C#m6_!2&YbiKX&YWts*#0cNo;#gYRHV2i
zX`04preQLoB<PH4sRE-Kvc{XdWvRT<Ri1C6x4_N44FasiLvhV<?E*~8?p^eLQg*vR
zc7r#f5738r2(H8OoTV)bC+jVMxi)7Uww2mrOD-2|NJ?^FpvN|#K43#YQuhDvMQgTt
z^Uyair$Y3tGqVHe2Xp{_4#LkF=-1?I?SJtwm}@Q`?##FzkHGctGZKEncvMOXwsKU?
z7-21hA*2LB&`CJQc{Rp@3}T!tFrunhj2hQjhL<!+P+~DnF)c4@^v*f8v~lUuCbP7<
z)RJOcOywm;kLesE#zdWo#n?DwvH~xuaaD=O<E53QjcqHISa7?!0@SU^NWvYiCv~Z{
zw0d^wh>_z*P8(S|XQh{D^brR-zQTy9aZQpHMu@WpBkHQkXu82NvK$v=jumy86}$Bn
z@W`&iaEy=r(bQygSymJ=2AUjKU@|fXlHhrfky(?IRZ(DhBL=ryi<dREG%vPo(G0z%
z$<}9>nj9BJUe@Cb%W5!8EoL%0r}B&}h-_Tf1VPXQ_;8a6A8U#?SuOAxqj^!)!llN7
z6=3=nHMdob{OglPBqf#{>dMN}hN!-zsUf<IYlyZc!Q2ontvveFI9-d&ag&J)aUP~-
zO0dWZ&lsAa33{AWSi}0;sY!9gP&rd)q?n>GA{&z#EzWX`Z0Qy&u?nZ_|M}GBtn8v=
zL>7^aW)L}`V`K4nJm&cE6Tmk(Vn`_&;U#*ZDH{kMK4t@vhsR;L(c8BrX~;%3w@m+w
zq7i*<MJonFlvFgL2(7sp6lgW!M|nhm2s#Qh5?9~}U^FJ;Nshu)cEP(E<72$c$qX-w
zpduWvFfmP47}?<ChAFU`%Gq)}3}{EfyYAR=z<XK;%ag`Pv_w6w#+eu^gE2Bdt6~x_
zGjUT<;))nIHC6}x$mygXh5(BS_R5G`09{ptA;~d=VY!&1n=#W=Vp_L`bW{*odW>WB
zxWTA`tb&qQBIt)DF@m9pl4!7^$(l!lc*@hH6{iclD@&K9^lAF^u_Hh~INOSdCdZfp
z7-dn6fsIylK&{DYk|OaYSeVk4ha;zwV9-nlImhCucuX2DEWx+KMZi<A>{wSqwn4#w
zZ%TopIt_}!0E#+dXgesT0Vt;98EH_=?N|X*1G}NAF$UBKhH0`2ql3v{Ks!`jG7K;V
z-Lp`(L0F_OHanqWw1WyZ#_NhDaE!nK*hHR#KtqXJfIW`4Vle?6Sgg@IyJJYIpmUNA
zc9|12FlDMNGcg5*#3~BdWI;FLs@yG5fQfEi0^{kboa2b`XqF@5S$KAbh$j)p+9IBe
zkJ~^@!N=Pg>FdzQF_vzoogOjcFtHz>7W*8~$426WcCj~rKF+~&(_%L}=BNmoq_R?+
zu_OUhMO6Tpk|{C<Z<wMfgRZEyx$cH84qMtbzqzI96x|N3Itf1+<yn#$)9t6TRt%O`
z7Y!yR8sHl(!;pAMx45{~RV7)K=fpVN60<~5Ne+gm>beXnDRP{p36h|x-5S|ZRZ=wI
zYj{CoOog{#Y@n9_Hu%n%CYweq#)EGDuc{<#8l0?XU}Gczyr_VW)NNpbHDE1?jmv@_
z`>RSWAQqzIh(%z`bsWbhG<tiFpKt_cmsZs!L@R_(#7RU8j$vaX(MBxACbl5-T;}8p
zGtA~idQ&p+Bu=rzB|oHC$#98)tY8BQL7J6P=rhrp8;G+2RjV9K%>z8mPoimZ+Vo!F
zC|O)%<ruH(Oq|t0$yA8uV;tBxQB`@>5LD1OuB#ecL|hCchaCr=h!^6T^zbhuE(bM0
zTQIkQxB@RoTbh5`1M7&8iEEv>j<^nnwVK#q4-Oq5Zs>^Xh%L@FC&9ssV8|7Cu`}>`
z+}tUyTjE?xraYC?$1XOllhgCM&zYCR#R0z}AcKQcMU+@D+p?oE;Q38XQaHtE^d8@#
zSQcly9EcM%#h$(ZMh(nujFBW!vRD&dv~DWa=#kSvoj^H49Zy&Fm;|7e!B8sTMPyk5
z<q$bW0=H@kilnfL?M05RwntYEnX}>sgk&;UXgjdCz%IvG27IE)>s;K3$8Ed(-x1IK
z#l}8NJOccg4Xzfvv;$m^5l?hZEr@NzleiVPr9t+L4YH18f_TB!jsTDkDeZVA3A*h7
ztvq4}vC{$Fo1H-SUMJ8k188O7<@jWHt;Z`mf$o&fpqo+OVnJ4!M%`x)>QsqSby<ut
zCd42hd<cbOU_cq&G$B^7;)2LajXrX12Qa{u>4L>cU`sRr2FF1V<m3`D){KjBHD+2;
zw}4T4YQy3{prO<b>l;d|;WrVimTHI=V_F;-M@Z@zRTWgQ<D71A8Vh;4(NJ2M{FohA
zHyM^qJ|sWAsA;ifwCM4+j$7LFmbRr!>XYs|dDn^hGCjb|TGYz%>ID0jlas%ksJ8@?
zp?Vek+WrW$*;rt;)Hg3~150MX_3D5#Y<uA8VW)0(E-ljMrH0c`YL9beYP5h}`?EIf
zmAaxYT-a<luB^*Lmo&Guwc1x^&v9;ap1Q=o01r&g-M(bsW?$qbNtQZ)QLEL~2E>Q+
zi1v{#vKBSBtg!EA+aKDxTz4MZaiyub>mA0DrCl$WO|1*;D;&#<?au*1C_Uwqmg+02
z;3?51kTy4)5Ie6}*bp^<@2IxL-c=$t*=IkjeURWZk`kS5&&U4LP#Q^oCJ>n8%&}qd
z$_Cr>cL|~_-jcz~sf;el8lc8x!6L>4$cH66-Q`utf4T?A$&;q03?b8jcU^^i63i)B
zSUbA4bg;{s7KiU(WmV-ARqW>Dk7@`lNC7yASr}Qjoi?knjIKh8uPKHiaiS^6tQ`&h
zcNoI<#P%;1aWC-=YH*^?)9@J`QRlbB_jc6z9bUPCIDk(-dLDStwvj!7ib_QYhwRuh
z51jBHXf=sQ!nS~5_bM=kzX^P%W9uLfZ0J}!JKQmN@G8Jb*tSXnXUWG^h_4~fw=`4a
zt!{?=ZOsd;PBAB$k&H!TL*x{Rg^*FTp$CtS#Ua)*lo+cUDle-N4{o)fV?;VD0AT~!
zfneC5(0PEZsY&n&OR^x`kLz*1TVOpZnjn-lG&Tl_X<P)$ZkuSJhT;$hN``2NBBx6F
z-=awbr4kj$N#ceIALb;H(PZ%crl}bQObwDqJ6rwFXp+Oy6*8O5L3147oQ+qv1BdjI
z?F0guhgYRsDA~t`M+Z$n_Osz}0HDzy6_O=nz=20SK;s->+Rnvm((vd+i`hJq95dsL
zD)K<LK=uG37sQh$h>jOTfj7nO<>aM@(*$HVi4QTRYrJBIP7uzCq6C>S<j0H*u~l3X
zG>HBWO9;()OjT9zdm4O7<l?|@@`l00dC0L9%amBj=5UT4bsaGwBnOd|XfDY>uyO&u
z2%ismUppt7PW4mKG0Bp49!_%j!VRQ=*J62QDn)eiaZ))<`ZXYZvKC~XN7lg_3?qkw
za$XEF&%l?!8eEDmgWoG>B<0lT-P)lM3NRoRAB!_!Ng@2REC^!-8R$F+OB8{(En+uw
zV8@d*fPGxLsG&3f9yIAk8bB5h2Xu0tcCy^*Z3}SfU2j;>v~Xe4^MK!3={THFcUX?D
z#>Y~DC6a7&ZU;(+0u$5Y0D~CI3P3;VmSQVlx7HGd2czgzr6I?mMshqX<Q4ex+2beF
zH#aY6vX0SPlB+Wbt=U9QhP9Z2uY?u23WHhfIl_wTOBc2Urdq9bsW=q}k~5QWATTyD
z&D0oBZSXxj2joahhY@qYX9+et#aUglD)M-8HadZ9fFZ2I>+#i%-hM|+7CUo+WFr}a
zsF*x~)bTa=+Kr?^n)o_=J(g#sDW%z+yjyZEO*Ya>pfZ<q1LPw6eFaqIQtwYfYc`WD
zWUHg^8}P=Yo~LKG!kHbb0V@pLE@R3tCsE-c(>Eb$inF{1W)Qd;9`x{}4p0Ia02~_d
zdlo1itQ}Zr-O^P^Q6QC8ZIza~X&L6XwJoV`h&DtyjjsZJx=LcJ#A=mQ*~1+txsp5`
z>5fD<<D2l+X-!O!XLk|WDsnZx0pFOmgKKPg41x+}N*)&;CZ9`e`CLj~=E&z}d`nmP
z{L_(-#OWpwnLvogfT0v+0XP~{f>aV15^!RoXj<_`ZznEI*E!aZ!CopF&{go?7Nc1P
zd_WUrQM6(T&vD(ub{i-k#|wWE#<k>i(1~E@Ra@}g?RgcsfxHn-*-UOEH=*5-y5ELx
z$AdAqnY@X-nY@L(72kok;ydwOSUxU|sMeYDJ26`1R`l3LRDjB%@Y_F?ZISod+1CIl
z`X;k4(kY7dg|cxe6qdbEBo0DJxEGX;Q~&>OTf`mN8~K!zt&vXyf8i(X(iTtz<Vzjd
z8o9%{mZS*o!SjFxxz|~SdVF7}Z0&yMTACu5+`QZZb#_Xc<a^FC0bQx+;HDVCj5~B8
zgd4g9gq5aQf-10_W^r9YV<37oh${p}5Dai9rpiG{07_`Q0TDA0V^A&XX8h9;8vov*
zC9ERF;s(?ipz;J%3<qij;SZ1(;NKuc<l|B|QE=2?26PV`0R+Sl&)MXN%rmMCpi{Xx
z#NhD7Nn6^<c%=Q=e|^nI&`mwAfLSusIII!Sgb;+N5>%vOF$f<uo!9M%@W@m9|5Ed@
z%UMfoH2y_NKO#Ry24Po!9>foKL~NgupQl58@(cV>+ERUOt4*hfZND9{t%hjfdlVvn
zAb)f$R0Tu}j{q(BFZ^iIQgtcpfXx9U17XgKHk--YS)UP87=r^Wn;H;SdN+fGzeH@m
zIVxtF05gl#n79PaP!z#)Yrx7eiehtf5Kc?H)kVd0P7^uVkikCydoK!#1|yPzCsQ@a
z;&dS<v26D&p&fJ_E@28$1Tr0;@HpPq?h`1Q@^tnIR0h=p{~JG%k~EcVOF9ocf6^yV
z-mX4@$_Jl7^``nb5`Pju)x{@J#f~I+%K$=$g=EH#VMOqfz_WsjkmFEIQbmJ<i8p$u
zcUXhCqCy!1Dq%W=HsE9-+0wz^f+Qj2jmco6#O@WD56cUv02M@*LrXt{pT{Sp{2~>i
z!XSfo`k5-HD)6)TxwH%_ZKK`~_e>dWinV3XK{!()5YCi@@+ifT!V4g+7n5?B3f2FV
z;iZN+vgl6LxJz_I4WovmxT6^_<L&L5L5-wFr!|8bgI`IHb(}r6-q3fES}%y-oK%;Z
zf>u-0sOioK?Ns+w`1=~(k=Be(sje<ToD6v_RQ*hF;gTXkVOxMy!vtWO3Sd#{u1D^g
z>QW7k2w0%~RJ(g1&H_Oz#^TU^!9x9#S2Y8&Sn&QL5QUvnU5Jq&y@K$G*9BnnfK7(6
z84xl^3NLDg71NCF>FQCv1E?wsv?R~Ob-^wKKn*9xL+S)2a8qG5juUu$?ngGE{}-t)
zbpoZMc@Css$8U8&+N9=nf%JT;3BQ5gOv7ZM4e2m0PD6UhVUTXKA-xp&spSq}-iA11
zR}w0-lGJ9Cna1_$&Z2h5eRRcjf;tn;cX0hKe!m0PtEh7T*VJnK-UjMiy!)u+4t0S&
z^bTJ@U7Yd-)MbG9%c(1z3D~~i1Ni$P{^$sZw|EYc77kJtT?0h2kitWki^1qTSQ^e$
zpupHYe3c$X?oihz5pPr3oD7eKTpe-%@H#QWPRIq;R4rB%ppE1(#EXgo#YTbQpnL=I
zkPHN#34ER|sT@QpoTWRI%h5Bwqar>YgD?(q6rkQENN8ZB&<AC!nkp$Obb%O9K>6=N
z{03?xYI1<{3I41DI5$u?*}%CG@7X}zj6eM!YSGkfhe77fw2{0AAafsef4h<V93b-r
z{xS`jPPJ$OXjJgkPz=@W769G=$Oy1hVA|w36zO@+>90BZ0+s$vEt-1NfesX0A%ipo
zCLXhEdA6O@bg0IfnkhkH+D<x6fKI3O5Fnc%&jS7$8WaF*4vxWvGL~ooa^N>z>|Ryn
zsL&DZE;?vMV0hq~;G0-TA|xoM8iJ%)vLWb#{J&d^Hf1>`KzagM3vlNm@I4@YOJ#Tt
znr9Tq&7d9aFSTgu32GZUk$MtB%f0wp{55nLcA*zWIHl!uDDVvRJlIX@S#l%(2H&=k
zdVzWo@5B4C+|bG9Lq8$(=~3HlBWm*p$z+b&i5}YwwDKSn1ePHK^5{OmHKhLU9owM3
z3-H?Qfa^N|*7r$RO^fNR=~5cC$655a&O^Wi20{=_$c7Bb?$9%13<OIY5WT#huw5w>
z>T~J~=&ipA=J*5t2}jej`I`C$bOIVW`3=-Q{A1ese`jZ|xhNl65PPHt_!Bf!Qg(CU
zYAV%Uh!4U5EAY?GFoANLGJ{Lme42EIshO7SGz}WiM+Y5nzzeGqSP~va4Au$^iX?Th
z`Lv66qlJ#@{)&HVS6#XXot2Jd=xlr_HB7pvt)>y^Bu&OLbY4nL={{&RT|gJMtLg7B
z%s=p-X*KN>%SfgGst6H`#j|#k1TZz42BE%U%DgNIf@R6wtZW}<+3A2I0v!~}giL|a
z9I{J+;*JL0gA5pKNGb*3eJ!D@WtV^<hIS?>{luV?O4J}zgPM>G3Jq;#&~69A?Otqq
zRP}_USutXOBFg~m0F?qZUVv7`xMV>8pCU_^)0EN)*PSxm|BG0L4$%YAB0EJ%5U?YI
zZckF^a(WPGWjotPSJH3`nINb%RGg4J2nv^i3WVgHsXbbSG=<jaY8x^M!j&N0NwA~=
zJ=9rE6-W`_Rbvbfi(^NBkU)d;2h$1Ji>WKXE=i5vQ$g~n22u&AK%nq|H&J2H#hA^{
zTM$R6mIBSN(BBX<x>tkgR>Au4l#U)jk3@@Y5<Wp>B#2CWeoF7@G4wH@P!8ozk4q3e
z(qfv})$!3&K%?lX^fa(qp!oDG`Z!xWSqUN=>=!71g2+h_x$s-%oGxw(Y-pGF0Y^Ka
zLB2Z{8uX#GLxh$En712Mp^gOl5Q9csAPk|8jprnTho*Y)dELu;hwE00)e`7NbF3)<
zISDHVt7|tgD^P<~p~;B>B2woS=)2Pu<G(8Ap<}dxnrYKsX<vfqogln(x;U})!q1~m
z1Vy3e6D<j%7j#n53+ROjA}>MY+woA(b|%x|(vxnCUShi~KWuV=4KNVr7ek`!O?d@+
zxeb_(RF^&#+!%ctK;`tLCiSr~(l@C~GiT`YTJ*(jX`Nb?w2%-$Dk?NpLkSTUS%Z}Z
zDkH|kHK=iFnj*7W*JgYATzU=c4g<b6K@=v4;&#TCzJR_6CI=f7l1=vX#q=c!qF;h2
zO2hjf_GmlURQf90L6^bio1_z_uW{H_`dSC<>+Kn!1N7z&c9rh5yCgyMPilbQnO%K?
zDCr<r6GXtdnqpX|jfc&2>1p5VOq(^qyhBS2)Cn9i2ig>43KVs1=WSV<1mPpFKb?B8
zptY6bAWZ=O0UeIe3<Ern3_Vyf%R*C@pv9r-uzPyY-h<Vt^}ql!%97#x;oBixg$6L_
z@Pb^&l%aZU@<2&-vkGxkucL!gg=K|!({4W%Z7Ls>4T^A_%yTRYJ7rWmC_J*)=?*&r
zAO6pZ#YgI?|BGpTh<+HIWT({$qBKDaY)`D|N9lh92-~?L`U!elf*6n>LTL~_ZG*0;
zLxr9{Ood*yRp=E|NWYp?p)#DCAktL5V@K0SddoplcRX>|DC-^iUDRSnSqTEPb5KW|
z^*;S!dz|%Af{3Jt>}*KsNTKO3QYke3HS*Kn(EIFxLWl(qtHfYS;JH-}{JXZwD-d1D
zCbV1Gw$*M;h3-4M(goym9Cnky&I7KS&hT(XmHyF@gsIA~4M7H-;C0{;xwy=zF$?^K
zVgNg+=mu=#=u%sXL1rD3WN265?KoP{>@6B51k=DfDyp5Yb+hxZG*#IB3rv2Ye}z4)
zj;&%7gw$cHes_^asxG-G7wvMn+zEn95PX6V5(I3pa?%M`4;wgDctFZpxpM6Hy<m%B
z(t5dk_In>}I!wLq-PPK;3LWd_>IbV8a`m^@3>|O<JFJ^4>|C?2gOitG1;M;3&O(B9
zQ#)I?^ad&$mX$M8U2iE^y11l)15$*uphHTEK^g`PE6`mOgX|P~?V#b@fR-kRd^>lj
zL-!>F;?SxBJtN@gZIVS3ZBiJv6~q)7EKzrN4s}$J{_Kb&bV(8nS%i!iI;nsowEIl#
zeH3h*gWhOGkfD*aTlVv)7ES?3sjR*Aj|K3FK+`}34@@RlQIj*`rpPLPUuO9~vvA$o
zHDrRv(qS2acxNGH00)!|#!P55lH#Cbn)>$*wB4Zq|5uE6$EJxccF!fd6x5ashiekV
z;P!CXRqd)xhr_PH38FTwaYJnl>eve68Uc3CHPSW8-el(*>pI3Y&eoJ638D_ehPnhX
zG(ikY5cXcXZpFj)*11r3`sWXeh*d5Y)4_wrCD!KOf$dRcyBGpV2`A_>w1suEW1#yH
zvCQc)h|+kd!rQHhh5_AO29$S!d6yua=Rmvue!EzAJk)=@@OG;v?5Bl2VU{^8bs)iO
zuIa8BGZ*Pg?4uAcfihsfWGV135^STcBcCU?lkdT<`TgWi)L_^ZKa8rkt0vS~Y8*9z
znnWE-O{Jz&Ghv_nY}hB?Na?Us-lFDFO|V~n5$u>h3HHn{rIu4GVCVcw*g2n|o&!4Q
zCD<GPD(sGboqCgcn|g<Ok9wc_5cbLMp+2L&fW7j2seQ0t{(I^N>L==F>R0MF*f~!E
z@sUAi!QOcvolo}x?xG)E414GUu!lZGmqB_Pft0q2W@(-lX_;2(YPuG7)eohILykAf
zPUq<H^hA0xJ%ye|&wxDbcnIvzpx44)`fKUy=?(Oq^h5M3^sDp^*h&8;?4*B(evbxk
zPk&7Bp}(ZRrhlOSgx&N#VK04uSBa|}_R@>4*)G$y%(c?B+I5lZO4l{68(fdLwz*z&
zedhYnb<p*T>yYbrcecCG?RN*<rS7o1!ac~%xJCD1_bB&R_c-?i_YAl0Hr$qbp1aAt
zz`e-5%)QEef%|gz7Wdum$KB7l-*WGAzw6%Z{=of_`xE!4?$6!(-9Nj3^#nb#NA*;D
zYCS_dV?5J6$9oz)b3KN~^33xzd6s*y=Pb`E&pDopJ(qbd_gv{&?|I(yqUUALcF${`
zot`&5Z+Uik-u3MEeBk-W^NHtE&*z>mJzsmi@$C0}=lMB<$e=PJ8I>6qWUS3xm3ejM
zHJR6CuFu?<d3)x=nU7{Zp1Cdasmy0GKg|3xb8qIp%x^P)$;!;i&dSa5X7$R-&+3y^
zkkv1%IP0{mRaxg`-I4ux_UqYiX1|^NPWF4*UuN&k-k1Gd_JQmlv;W8;a;O|vPHs*~
zPB3Rc&cK{-PDRe394054!{uC>vo7b_oTqY2bCp~zw<dRRZe8y9+)25|=1$9<kvl7Q
zVeZo0lXFkWJuP=t?iIOL<zAh8P40EM>vK2eZqB_i_vW5GdlvNU*K?S6ig%v3$-BV2
z$lL5a$NLZOKfUX`*LpX4H+ygN-t67#z2Ez|cboSq?=#-*-W}f8y>EIy@P6gp>)q%5
z*89Ep2k%ebgFfUVeHFeTzM;P1z7f7rzNx+$zFEH6zB#@|-+bQ!-y&bL?_}Qw-zMJ;
zzMFiv__p|N_igpv<-5mspYH+RL%v6RkNO_>J>h%O_q6X>-}AohzPEkv^dfrA&0C$f
zF7MjB>+?3`ZOXed@4mbT@*c{2EbrfW+wz{udpYmbyd8P3=k3n>Fz@5MJ$c{c_sK8F
z@0VYk@6Qk9m*$7^%ks<fBl(s2Rrzc_pD*Ui`D%W3er^7c{E_(+^C#yo@7tsAyn?F=
zZZFtca96=S1@{$fD|ou#*@71eUMhH{;ERIq3VtZ~so>{AqOezCeqo=&g2H}<#fARD
zKw)WNsPL@93kug3-q-K7exLRGqTg5j_V(M??@+%#ick?%<SOzMd5iLjdKdLA3KVfg
zLXlLY6lp~@MT3j#iiQ={7i}uKt>})TH;RSgF~!Fek1w8BJh|8`KB>5^cv<m^;!}%P
z7OyH^TYO3JWyO~lUst@f_^#r6itj6ap!lKUM~WXUe!TdJ;^+FG(tm>=`F;L8e{X+Z
z{{VlbU+_zQ#jp8m{1f~${ImRL`2XR*!he<jYX3F<hy2g@U-ZB1-|m0i|EB+K|2zIq
z{QLbs`w#hl_y1XvQIb`XQ_{1fpd?r_pk!c4xTK<FP>EO~m&_@7t>m+kFG{{D*;}%&
z<WK+w$N(Ma5y%SU1bPMv0!4xTfs#OZU{HVwL<4GISfD;IGB7$YHZU$QEifanGVp%j
zK;Xx~!N4zpL&1!oFPInX9qbz{43-8%!Lnd^FcPc`%E2MQ(ZTV-iNVRiDZ$ynxxo{H
zvEYK>vf#<VQ-Y@jPY>eYnZfgeYl9aDFAc5>J{5c>_+0RX;7h?*g0BX51YZxn8GJkV
zPVl|p`@s)`9|!jYKMQ^l{3^IN_<itD@b}VC>6xLkLRW>Z4qX$vF0?*$d+5&4-J$zJ
z4}=~HZ3{gedN%ZYXh-Oi(5Io#Ltloz4t*2aANnqIAoSzF=>z8uJYnED13w-3>%iXz
z{!xa?$g-Yg`DJ~|3d;JIm6Qd`29#BnMa#G{p{%y7u54IYecAZ3>18v^jw_p8Hm9ty
zY<}5^WtWtFS@uU5g~>1-c8BxA1>t_-;&3oLAUrS}4zpn)EQOWu&~SZtWO#IVa(H%l
zPPj3whmEimo)=yaZVN99UmLzVd~f*v@Ppxp!_S6a2)`8G9)2ynGyGoogYZY;Pr`e{
zzlZ-UC(5aESGlLWM|oCxPI=Gr#pTP(SCp@>_*cbi6+0{5sCcVlSH)))UsrrnvA^Pn
zik~WeuJ|=VMck2$NM<B2(kD_7=@%Igsfw@>J|afsh#IMm)JMigCPtP<&Wl_SSsS@H
za%trH$i~R#$W4)3B3mL)M_!4%7TFnjBl3P^f8@K!fyj@MgOOh%ha$g6{v1RMI$==L
zpap|2t-Pc1$;ziIpRIhp^2N%xE8nf$UHM_<$CZ03e`W}VX535$<6}yh5L3pKGZChe
zsbb)y07hiiF`JninU|~HuR2imW7WZ`U#bp8eNlgOKy+X<9IcF2McF7Ht&5I{j*Cu+
zPKwTo>QN(VMdwAEq6?yJ(KDin=vmQK(Q~3}qUT31j{Y;cF1juHR&-bN-RSP<2hqLJ
z{n78DKSY0u{>&1ro6TS|*=)8q8)D1YayG(NvQ@w<@GQjL>`-<%+r*yEV)jh-Y<4w!
z8G8kL6}yhTmc5?6ncc$P&TeHNWS?hWWM5{tv#+r`**Dm?*j?<qTs2qEjpP>c=knL`
z*Yg|s8~B^}d-;d>NBBqiZT!>xbNmbZPX0~)ZT=np6aF*)3;rwq0RJ2Rr$7p{;1)6j
zpO7b13l9n}3)_Vq!W+U{!XDvs;Y(q!uwVF2_*M8__){drOtDDxi$QUKI8Y3W5h!Ct
zp{P?QP8Uy;HcAgj4@v)$9+$RBuS&b6kEKtg&!xT6e(8JZ2iYz6lndm3a<S}}19GW6
zNUnk^125OeqvWyjIC-KxS)L+KlN)49o+q!BH_121H_Kb(+vSJl$K@yFC*|kl7v)#v
zSLI#ud-D78hw_*5UU{GVt^A8psti=ZN`+FXRKa#UXi8OJgR@ej3|8ut;mQbQlrly+
zMj5Y6RHiBo%3NiY^0Ahum1_|wGqM`5)oCNNQQ8=7f;L&3s!iACLXpydeG!YbleAWC
zsdl=yM!P^;t6id9rd_UGsa>nxsNJk>*Y;?iX<ur4wSC$l?T>0yO;x+AGpc>n`PF@@
z3#x<Fe6?6DS8LTZ)kCU>Ro7RKtR7u`Q}vzIcUSMKsjit+b8OADnwd4n)x>L>Yfh?Z
ztyx;Lyav~tRkONgP0a;0Yiq8oxw__>n(JzAs=2l1wwgO?9;kV^=3h0B)jV7CLd{Dx
zuhhI%i)yJ_SFNWuvo^anx7J&mSKGU`Z*5_1QEmU)Ky7JlsJ5)Oyf#u>Su55KuC1$$
z*FH7m*&*)@d4I@9L-q{$Y{-EjKMnbL$e|&B)S<c_b=h^fb>6zdx=0;U$JX(6Vx3Y~
zT{pO{u5MV}q&ll^UftTE_YQq#=!-*lBIgfDCSP4MldtK2hrZE%L>EC)w99?&nr<G=
z<&AhUii-RDO9H`xWt9vk$&-(rGIiSY88c@ccl_)|Bi^*Ixn=3er=FfzwK{crQV$4#
z^7{S#xk)$X<o5LXdUZbc=*Ilsefky@LYcrm`p7=`s2o=`dj08BY2dt>g)@>TiH&VP
z0i(6i+aFH;u`jo_S&I#8lzlMD^5&KWsat2KK5ice(C7^u;bCL+*7<O3Px8r)-on4V
zCH<&ra1hCk%&gMTh5`0TO^x1O9VZK=9;56CmsdoNbUaY|xjYqv+D`}aQB!whflcdl
zG*AxYc@lIu%fp95Y0+W7czzf#xlkF>MvWN7O3DaPtgnaf;eizS%dtSbXg@xAXoQ#A
z3Cp3>Puija>}v-PsT(?M_>oVQ+A?C~sL^A_9y4zIgo!|McR61QhwwmLhQt43GyRcE
z;T@;j{N1+guC<3wCv_Zlve1!sg>>FxaM&SFoo}DkVp(I`tVKH-vgXXSk!eDTH_03L
z_To*`u3D5>_Y&9V*80<azw-P$Z`m^Mt7W&o-ge>6(Us3n!^I%v6ZARlCk@%D;ieN}
zgW#km`&W3LITxPu+{>eC_1(Ab`ByOZ%|kDJDxY`W+2_{(F#X|R-%C%M`9WD0Jf|UR
zo_!}<_1L<_sOs%2-f`_Y@W>wWjIZa&!L$00KO{YQbM(6dcRP2UXx~})?7f$tvtr<-
zmo(k`_==@d)a%O6d;5m%cYJsMpSM)qa9`QY&Yg?wJ0D@^Pn((h(fO|({QdolaE~|Y
z*WTH4-yZ&|T{qqM@CzAted^q~#J=--dg#})Pa1AoKi%TKV#|!^<*#m1j`{HT>y#`1
zykGcu^Ht8Bt@fRNtgm}@`K#BJuOIy2_Sc_UTT^_`OSfz`mxrG^^!msbN8UWpxpSF)
zXU@T&O4P?LeW~K3c@34Nvmg2X;MvBm_1oth==oUj#tW;ScJ5qZ-`VHg_!+UEhupQb
zV%W(Cx88KCYkJ|A>Zj@}r#_O;zy0!A+nhU3v+o?S<ILYa+<PGV^8U?NNAC5iD-SNa
zXSH|470S1Ra<`8E=0)euGweIhxoz;rd(YDLOxgWGuU*FE%`eVc+WgBmPxQ$7aMb?E
z8@0#a&T#peXZ_7#P-mV!sLM%EGln<WXJf%f&OT@3*>FbJUpRvE&YuN`FF|W`iX!kq
zoofJM;N&$04ktVjjv-uu&PM0M;e-D`S2zcBT>}RY-hgg`0|>Xkkyu;d7{Ytt;K3gV
zL=1ofLdFr3i79ZD;0$5`v4l94IGebDxCo97Tt}=YZY6Fbb`o#HA%XjdgTybew=kQ`
zwYQy-`D7omfb2&WlYTNlmclWCuq}!d;h;bjjtZ<Lhmb?b;p7N7GSDDbkY~X`fVYtM
z!tsA^k)M#?Q*JoyFOQNb6^M*+KwZoL%HnhiQ>&<(;rPC-4jr)zsD?k_h(4Q6U>vGo
zCLFwX8l9jw(>Kyv9D3jl`e*uApaOck3SDI`2511uH5z!XsY$m(5-Im{LD~%^UtQDx
E9~K@1u>b%7


From 91ed7f25e154e424f968f17d040c3dc0b9e69d95 Mon Sep 17 00:00:00 2001
From: Matthew Penner <me@matthewp.io>
Date: Sun, 9 Mar 2025 19:26:32 -0600
Subject: [PATCH 13/46] chore: add `.editorconfig`

Signed-off-by: Matthew Penner <me@matthewp.io>
---
 .editorconfig | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)
 create mode 100644 .editorconfig

diff --git a/.editorconfig b/.editorconfig
new file mode 100644
index 000000000..8c6ba4c37
--- /dev/null
+++ b/.editorconfig
@@ -0,0 +1,21 @@
+root = true
+
+[*]
+indent_style = tab
+indent_size = 4
+tab_width = 4
+end_of_line = lf
+charset = utf-8
+trim_trailing_whitespace = true
+insert_final_newline = true
+
+[*.go]
+max_line_length = 100
+
+[*.md]
+trim_trailing_whitespace = false
+
+[*.{md,nix,yaml}]
+indent_style = space
+indent_size = 2
+tab_width = 2

From d49607de0e4f0a8d1f8638917d21f27e5329cb86 Mon Sep 17 00:00:00 2001
From: Matthew Penner <me@matthewp.io>
Date: Sun, 9 Mar 2025 19:48:43 -0600
Subject: [PATCH 14/46] feat: add support for loading token from env and file
 (`WINGS_TOKEN` and `WINGS_TOKEN_ID`)

Signed-off-by: Matthew Penner <me@matthewp.io>
---
 cmd/root.go                     |  3 +-
 config/config.go                | 61 +++++++++++++++++++++++++++++++++
 router/middleware/middleware.go |  3 +-
 3 files changed, 64 insertions(+), 3 deletions(-)

diff --git a/cmd/root.go b/cmd/root.go
index 4bb5f454c..0bb038832 100644
--- a/cmd/root.go
+++ b/cmd/root.go
@@ -125,9 +125,10 @@ func rootCmdRun(cmd *cobra.Command, _ []string) {
 		return
 	}
 
+	t := config.Get().Token
 	pclient := remote.New(
 		config.Get().PanelLocation,
-		remote.WithCredentials(config.Get().AuthenticationTokenId, config.Get().AuthenticationToken),
+		remote.WithCredentials(t.ID, t.Token),
 		remote.WithHttpClient(&http.Client{
 			Timeout: time.Second * time.Duration(config.Get().RemoteQuery.Timeout),
 		}),
diff --git a/config/config.go b/config/config.go
index ab7ad3707..254802bc0 100644
--- a/config/config.go
+++ b/config/config.go
@@ -1,6 +1,7 @@
 package config
 
 import (
+	"bytes"
 	"context"
 	"crypto/tls"
 	"fmt"
@@ -294,7 +295,14 @@ type ConsoleThrottles struct {
 	Period uint64 `json:"line_reset_interval" yaml:"line_reset_interval" default:"100"`
 }
 
+type Token struct {
+	ID    string
+	Token string
+}
+
 type Configuration struct {
+	Token Token `json:"-"`
+
 	// The location from which this configuration instance was instantiated.
 	path string
 
@@ -564,6 +572,26 @@ func FromFile(path string) error {
 		return err
 	}
 
+	c.Token = Token{
+		ID:    os.Getenv("WINGS_TOKEN_ID"),
+		Token: os.Getenv("WINGS_TOKEN"),
+	}
+	if c.Token.ID == "" {
+		c.Token.ID = c.AuthenticationTokenId
+	}
+	if c.Token.Token == "" {
+		c.Token.Token = c.AuthenticationToken
+	}
+
+	c.Token.ID, err = Expand(c.Token.ID)
+	if err != nil {
+		return err
+	}
+	c.Token.Token, err = Expand(c.Token.Token)
+	if err != nil {
+		return err
+	}
+
 	// Store this configuration in the global state.
 	Set(c)
 	return nil
@@ -766,3 +794,36 @@ func UseOpenat2() bool {
 		return true
 	}
 }
+
+// Expand expands an input string by calling [os.ExpandEnv] to expand all
+// environment variables, then checks if the value is prefixed with `file://`
+// to support reading the value from a file.
+//
+// NOTE: the order of expanding environment variables first then checking if
+// the value references a file is important. This behaviour allows a user to
+// pass a value like `file://${CREDENTIALS_DIRECTORY}/token` to allow us to
+// work with credentials loaded by systemd's `LoadCredential` (or `LoadCredentialEncrypted`)
+// options without the user needing to assume the path of `CREDENTIALS_DIRECTORY`
+// or use a preStart script to read the files for us.
+func Expand(v string) (string, error) {
+	// Expand environment variables within the string.
+	//
+	// NOTE: this may cause issues if the string contains `$` and doesn't intend
+	// on getting expanded, however we are using this for our tokens which are
+	// all alphanumeric characters only.
+	v = os.ExpandEnv(v)
+
+	// Handle files.
+	const filePrefix = "file://"
+	if strings.HasPrefix(v, filePrefix) {
+		p := v[len(filePrefix):]
+
+		b, err := os.ReadFile(p)
+		if err != nil {
+			return "", nil
+		}
+		v = string(bytes.TrimRight(bytes.TrimRight(b, "\r"), "\n"))
+	}
+
+	return v, nil
+}
diff --git a/router/middleware/middleware.go b/router/middleware/middleware.go
index cd37a9e59..190871149 100644
--- a/router/middleware/middleware.go
+++ b/router/middleware/middleware.go
@@ -168,7 +168,6 @@ func RequireAuthorization() gin.HandlerFunc {
 		// We don't put this value outside this function since the node's authentication
 		// token can be changed on the fly and the config.Get() call returns a copy, so
 		// if it is rotated this value will never properly get updated.
-		token := config.Get().AuthenticationToken
 		auth := strings.SplitN(c.GetHeader("Authorization"), " ", 2)
 		if len(auth) != 2 || auth[0] != "Bearer" {
 			c.Header("WWW-Authenticate", "Bearer")
@@ -179,7 +178,7 @@ func RequireAuthorization() gin.HandlerFunc {
 		// All requests to Wings must be authorized with the authentication token present in
 		// the Wings configuration file. Remeber, all requests to Wings come from the Panel
 		// backend, or using a signed JWT for temporary authentication.
-		if subtle.ConstantTimeCompare([]byte(auth[1]), []byte(token)) != 1 {
+		if subtle.ConstantTimeCompare([]byte(auth[1]), []byte(config.Get().Token.Token)) != 1 {
 			c.AbortWithStatusJSON(http.StatusForbidden, gin.H{"error": "You are not authorized to access this endpoint."})
 			return
 		}

From 59905a6b69ca8cdb700e43fa8f064103c5f5f23e Mon Sep 17 00:00:00 2001
From: Matthew Penner <me@matthewp.io>
Date: Sun, 9 Mar 2025 19:50:03 -0600
Subject: [PATCH 15/46] go: update dependencies

Signed-off-by: Matthew Penner <me@matthewp.io>
---
 go.mod |  74 +++++++++++-----------
 go.sum | 193 +++++++++++++++++++++++++++++----------------------------
 2 files changed, 137 insertions(+), 130 deletions(-)

diff --git a/go.mod b/go.mod
index 724f054a7..eee39bc0f 100644
--- a/go.mod
+++ b/go.mod
@@ -1,6 +1,8 @@
 module github.com/pterodactyl/wings
 
-go 1.23
+go 1.23.0
+
+toolchain go1.23.6
 
 require (
 	emperror.dev/errors v0.8.1
@@ -10,15 +12,15 @@ require (
 	github.com/acobaugh/osrelease v0.1.0
 	github.com/apex/log v1.9.0
 	github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2
-	github.com/beevik/etree v1.4.1
+	github.com/beevik/etree v1.5.0
 	github.com/buger/jsonparser v1.1.1
 	github.com/cenkalti/backoff/v4 v4.3.0
 	github.com/creasty/defaults v1.8.0
-	github.com/docker/docker v27.3.1+incompatible
+	github.com/docker/docker v28.0.1+incompatible
 	github.com/docker/go-connections v0.5.0
 	github.com/fatih/color v1.18.0
 	github.com/franela/goblin v0.0.0-20211003143422-0a4f594942bf
-	github.com/gabriel-vasile/mimetype v1.4.7
+	github.com/gabriel-vasile/mimetype v1.4.8
 	github.com/gammazero/workerpool v1.1.3
 	github.com/gbrlsnchs/jwt/v3 v3.0.1
 	github.com/gin-gonic/gin v1.10.0
@@ -29,20 +31,20 @@ require (
 	github.com/iancoleman/strcase v0.3.0
 	github.com/icza/dyno v0.0.0-20230330125955-09f820a8d9c0
 	github.com/juju/ratelimit v1.0.2
-	github.com/klauspost/compress v1.17.11
+	github.com/klauspost/compress v1.18.0
 	github.com/klauspost/pgzip v1.2.6
 	github.com/magiconair/properties v1.8.9
-	github.com/mattn/go-colorable v0.1.13
+	github.com/mattn/go-colorable v0.1.14
 	github.com/mholt/archives v0.1.0
 	github.com/mitchellh/colorstring v0.0.0-20190213212951-d06e56a500db
 	github.com/patrickmn/go-cache v2.1.0+incompatible
 	github.com/pkg/sftp v1.13.7
 	github.com/sabhiram/go-gitignore v0.0.0-20210923224102-525f6e181f06
-	github.com/spf13/cobra v1.8.1
+	github.com/spf13/cobra v1.9.1
 	github.com/stretchr/testify v1.10.0
-	golang.org/x/crypto v0.31.0
-	golang.org/x/sync v0.10.0
-	golang.org/x/sys v0.28.0
+	golang.org/x/crypto v0.36.0
+	golang.org/x/sync v0.12.0
+	golang.org/x/sys v0.31.0
 	gopkg.in/ini.v1 v1.67.0
 	gopkg.in/yaml.v2 v2.4.0
 	gopkg.in/yaml.v3 v3.0.1
@@ -52,15 +54,14 @@ require (
 require (
 	github.com/Microsoft/go-winio v0.6.2 // indirect
 	github.com/Microsoft/hcsshim v0.12.9 // indirect
-	github.com/STARRY-S/zip v0.2.1 // indirect
+	github.com/STARRY-S/zip v0.2.2 // indirect
 	github.com/andybalholm/brotli v1.1.1 // indirect
 	github.com/bodgit/plumbing v1.3.0 // indirect
 	github.com/bodgit/sevenzip v1.6.0 // indirect
 	github.com/bodgit/windows v1.0.1 // indirect
-	github.com/bytedance/sonic v1.12.5 // indirect
-	github.com/bytedance/sonic/loader v0.2.1 // indirect
-	github.com/cloudwego/base64x v0.1.4 // indirect
-	github.com/cloudwego/iasm v0.2.0 // indirect
+	github.com/bytedance/sonic v1.13.1 // indirect
+	github.com/bytedance/sonic/loader v0.2.4 // indirect
+	github.com/cloudwego/base64x v0.1.5 // indirect
 	github.com/containerd/log v0.1.0 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/distribution/reference v0.6.0 // indirect
@@ -69,14 +70,14 @@ require (
 	github.com/dustin/go-humanize v1.0.1 // indirect
 	github.com/felixge/httpsnoop v1.0.4 // indirect
 	github.com/gammazero/deque v1.0.0 // indirect
-	github.com/gin-contrib/sse v0.1.0 // indirect
+	github.com/gin-contrib/sse v1.0.0 // indirect
 	github.com/glebarez/go-sqlite v1.22.0 // indirect
 	github.com/go-logr/logr v1.4.2 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/go-playground/locales v0.14.1 // indirect
 	github.com/go-playground/universal-translator v0.18.1 // indirect
-	github.com/go-playground/validator/v10 v10.23.0 // indirect
-	github.com/goccy/go-json v0.10.3 // indirect
+	github.com/go-playground/validator/v10 v10.25.0 // indirect
+	github.com/goccy/go-json v0.10.5 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/hashicorp/go-multierror v1.1.1 // indirect
@@ -86,7 +87,7 @@ require (
 	github.com/jinzhu/now v1.1.5 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
 	github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 // indirect
-	github.com/klauspost/cpuid/v2 v2.2.9 // indirect
+	github.com/klauspost/cpuid/v2 v2.2.10 // indirect
 	github.com/kr/fs v0.1.0 // indirect
 	github.com/leodido/go-urn v1.4.0 // indirect
 	github.com/magefile/mage v1.15.0 // indirect
@@ -98,9 +99,9 @@ require (
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/morikuni/aec v1.0.0 // indirect
 	github.com/ncruces/go-strftime v0.1.9 // indirect
-	github.com/nwaples/rardecode/v2 v2.0.1 // indirect
+	github.com/nwaples/rardecode/v2 v2.1.1 // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
-	github.com/opencontainers/image-spec v1.1.0 // indirect
+	github.com/opencontainers/image-spec v1.1.1 // indirect
 	github.com/pelletier/go-toml/v2 v2.2.3 // indirect
 	github.com/pierrec/lz4/v4 v4.1.22 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
@@ -109,30 +110,31 @@ require (
 	github.com/robfig/cron/v3 v3.0.1 // indirect
 	github.com/sirupsen/logrus v1.9.3 // indirect
 	github.com/sorairolake/lzip-go v0.3.5 // indirect
-	github.com/spf13/pflag v1.0.5 // indirect
+	github.com/spf13/pflag v1.0.6 // indirect
 	github.com/therootcompany/xz v1.0.1 // indirect
 	github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
 	github.com/ugorji/go/codec v1.2.12 // indirect
 	github.com/ulikunitz/xz v0.5.12 // indirect
-	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.57.0 // indirect
-	go.opentelemetry.io/otel v1.32.0 // indirect
+	go.opentelemetry.io/auto/sdk v1.1.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.60.0 // indirect
+	go.opentelemetry.io/otel v1.35.0 // indirect
 	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.24.0 // indirect
-	go.opentelemetry.io/otel/metric v1.32.0 // indirect
-	go.opentelemetry.io/otel/trace v1.32.0 // indirect
+	go.opentelemetry.io/otel/metric v1.35.0 // indirect
+	go.opentelemetry.io/otel/trace v1.35.0 // indirect
 	go.uber.org/atomic v1.11.0 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
 	go4.org v0.0.0-20230225012048-214862532bf5 // indirect
-	golang.org/x/arch v0.12.0 // indirect
-	golang.org/x/exp v0.0.0-20241204233417-43b7b7cde48d // indirect
-	golang.org/x/net v0.33.0 // indirect
-	golang.org/x/term v0.27.0 // indirect
-	golang.org/x/text v0.21.0 // indirect
+	golang.org/x/arch v0.15.0 // indirect
+	golang.org/x/exp v0.0.0-20250305212735-054e65f0b394 // indirect
+	golang.org/x/net v0.37.0 // indirect
+	golang.org/x/term v0.30.0 // indirect
+	golang.org/x/text v0.23.0 // indirect
 	golang.org/x/time v0.0.0-20220922220347-f3bd1da661af // indirect
 	golang.org/x/xerrors v0.0.0-20240903120638-7835f813f4da // indirect
-	google.golang.org/protobuf v1.35.2 // indirect
+	google.golang.org/protobuf v1.36.5 // indirect
 	gotest.tools/v3 v3.0.2 // indirect
-	modernc.org/libc v1.61.4 // indirect
-	modernc.org/mathutil v1.6.0 // indirect
-	modernc.org/memory v1.8.0 // indirect
-	modernc.org/sqlite v1.34.2 // indirect
+	modernc.org/libc v1.61.13 // indirect
+	modernc.org/mathutil v1.7.1 // indirect
+	modernc.org/memory v1.8.2 // indirect
+	modernc.org/sqlite v1.36.0 // indirect
 )
diff --git a/go.sum b/go.sum
index 8a3d9b6d4..910946c65 100644
--- a/go.sum
+++ b/go.sum
@@ -34,8 +34,8 @@ github.com/NYTimes/logrotate v1.0.0 h1:6jFGbon6jOtpy3t3kwZZKS4Gdmf1C/Wv5J4ll4Xn5
 github.com/NYTimes/logrotate v1.0.0/go.mod h1:GxNz1cSw1c6t99PXoZlw+nm90H6cyQyrH66pjVv7x88=
 github.com/Netflix/go-expect v0.0.0-20220104043353-73e0943537d2 h1:+vx7roKuyA63nhn5WAunQHLTznkw5W8b1Xc0dNjp83s=
 github.com/Netflix/go-expect v0.0.0-20220104043353-73e0943537d2/go.mod h1:HBCaDeC1lPdgDeDbhX8XFpy1jqjK0IBG8W5K+xYqA0w=
-github.com/STARRY-S/zip v0.2.1 h1:pWBd4tuSGm3wtpoqRZZ2EAwOmcHK6XFf7bU9qcJXyFg=
-github.com/STARRY-S/zip v0.2.1/go.mod h1:xNvshLODWtC4EJ702g7cTYn13G53o1+X9BWnPFpcWV4=
+github.com/STARRY-S/zip v0.2.2 h1:8QeCbIi1Z9U5MgoDARJR1ClbBo9RD46SmVy+dl0woCk=
+github.com/STARRY-S/zip v0.2.2/go.mod h1:lqJ9JdeRipyOQJrYSOtpNAiaesFO6zVDsE8GIGFaoSk=
 github.com/acobaugh/osrelease v0.1.0 h1:Yb59HQDGGNhCj4suHaFQQfBps5wyoKLSSX/J/+UifRE=
 github.com/acobaugh/osrelease v0.1.0/go.mod h1:4bFEs0MtgHNHBrmHCt67gNisnabCRAlzdVasCEGHTWY=
 github.com/andybalholm/brotli v1.1.1 h1:PR2pgnyFznKEugtsUo0xLdDop5SKXd5Qf5ysW+7XdTA=
@@ -49,8 +49,8 @@ github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3d
 github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
 github.com/aws/aws-sdk-go v1.20.6/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
 github.com/aybabtme/rgbterm v0.0.0-20170906152045-cc83f3b3ce59/go.mod h1:q/89r3U2H7sSsE2t6Kca0lfwTK8JdoNGS/yzM/4iH5I=
-github.com/beevik/etree v1.4.1 h1:PmQJDDYahBGNKDcpdX8uPy1xRCwoCGVUiW669MEirVI=
-github.com/beevik/etree v1.4.1/go.mod h1:gPNJNaBGVZ9AwsidazFZyygnd+0pAU38N4D+WemwKNs=
+github.com/beevik/etree v1.5.0 h1:iaQZFSDS+3kYZiGoc9uKeOkUY3nYMXOKLl6KIJxiJWs=
+github.com/beevik/etree v1.5.0/go.mod h1:gPNJNaBGVZ9AwsidazFZyygnd+0pAU38N4D+WemwKNs=
 github.com/bodgit/plumbing v1.3.0 h1:pf9Itz1JOQgn7vEOE7v7nlEfBykYqvUYioC61TwWCFU=
 github.com/bodgit/plumbing v1.3.0/go.mod h1:JOTb4XiRu5xfnmdnDJo6GmSbSbtSyufrsyZFByMtKEs=
 github.com/bodgit/sevenzip v1.6.0 h1:a4R0Wu6/P1o1pP/3VV++aEOcyeBxeO/xE2Y9NSTrr6A=
@@ -59,11 +59,11 @@ github.com/bodgit/windows v1.0.1 h1:tF7K6KOluPYygXa3Z2594zxlkbKPAOvqr97etrGNIz4=
 github.com/bodgit/windows v1.0.1/go.mod h1:a6JLwrB4KrTR5hBpp8FI9/9W9jJfeQ2h4XDXU74ZCdM=
 github.com/buger/jsonparser v1.1.1 h1:2PnMjfWD7wBILjqQbt530v576A/cAbQvEW9gGIpYMUs=
 github.com/buger/jsonparser v1.1.1/go.mod h1:6RYKKt7H4d4+iWqouImQ9R2FZql3VbhNgx27UK13J/0=
-github.com/bytedance/sonic v1.12.5 h1:hoZxY8uW+mT+OpkcUWw4k0fDINtOcVavEsGfzwzFU/w=
-github.com/bytedance/sonic v1.12.5/go.mod h1:B8Gt/XvtZ3Fqj+iSKMypzymZxw/FVwgIGKzMzT9r/rk=
+github.com/bytedance/sonic v1.13.1 h1:Jyd5CIvdFnkOWuKXr+wm4Nyk2h0yAFsr8ucJgEasO3g=
+github.com/bytedance/sonic v1.13.1/go.mod h1:o68xyaF9u2gvVBuGHPlUVCy+ZfmNNO5ETf1+KgkJhz4=
 github.com/bytedance/sonic/loader v0.1.1/go.mod h1:ncP89zfokxS5LZrJxl5z0UJcsk4M4yY2JpfqGeCtNLU=
-github.com/bytedance/sonic/loader v0.2.1 h1:1GgorWTqf12TA8mma4DDSbaQigE2wOgQo7iCjjJv3+E=
-github.com/bytedance/sonic/loader v0.2.1/go.mod h1:ncP89zfokxS5LZrJxl5z0UJcsk4M4yY2JpfqGeCtNLU=
+github.com/bytedance/sonic/loader v0.2.4 h1:ZWCw4stuXUsn1/+zQDqeE7JKP+QO47tz7QCNan80NzY=
+github.com/bytedance/sonic/loader v0.2.4/go.mod h1:N8A3vUdtUebEY2/VQC0MyhYeKUFosQU6FxH2JmUe6VI=
 github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8=
 github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
@@ -71,13 +71,12 @@ github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWR
 github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
 github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
-github.com/cloudwego/base64x v0.1.4 h1:jwCgWpFanWmN8xoIUHa2rtzmkd5J2plF/dnLS6Xd/0Y=
-github.com/cloudwego/base64x v0.1.4/go.mod h1:0zlkT4Wn5C6NdauXdJRhSKRlJvmclQ1hhJgA0rcu/8w=
-github.com/cloudwego/iasm v0.2.0 h1:1KNIy1I1H9hNNFEEH3DVnI4UujN+1zjpuk6gwHLTssg=
+github.com/cloudwego/base64x v0.1.5 h1:XPciSp1xaq2VCSt6lF0phncD4koWyULpl5bUxbfCyP4=
+github.com/cloudwego/base64x v0.1.5/go.mod h1:0zlkT4Wn5C6NdauXdJRhSKRlJvmclQ1hhJgA0rcu/8w=
 github.com/cloudwego/iasm v0.2.0/go.mod h1:8rXZaNYT2n95jn+zTI1sDr+IgcD2GVs0nlbbQPiEFhY=
 github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I=
 github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo=
-github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
+github.com/cpuguy83/go-md2man/v2 v2.0.6/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g=
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/creack/pty v1.1.11/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/creack/pty v1.1.17 h1:QeVUsEDNrLBW4tMgZHvxy18sKtr6VI492kBhUfhDJNI=
@@ -89,8 +88,8 @@ github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5QvfrDyIgxBk=
 github.com/distribution/reference v0.6.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E=
-github.com/docker/docker v27.3.1+incompatible h1:KttF0XoteNTicmUtBO0L2tP+J7FGRFTjaEF4k6WdhfI=
-github.com/docker/docker v27.3.1+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
+github.com/docker/docker v28.0.1+incompatible h1:FCHjSRdXhNRFjlHMTv4jUNlIBbTeRjrWfeFuJp7jpo0=
+github.com/docker/docker v28.0.1+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
 github.com/docker/go-connections v0.5.0 h1:USnMq7hx7gwdVZq1L49hLXaFtUdTADjXGp+uj1Br63c=
 github.com/docker/go-connections v0.5.0/go.mod h1:ov60Kzw0kKElRwhNs9UlUHAE/F9Fe6GLaXnqyDdmEXc=
 github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4=
@@ -110,16 +109,16 @@ github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSw
 github.com/franela/goblin v0.0.0-20211003143422-0a4f594942bf h1:NrF81UtW8gG2LBGkXFQFqlfNnvMt9WdB46sfdJY4oqc=
 github.com/franela/goblin v0.0.0-20211003143422-0a4f594942bf/go.mod h1:VzmDKDJVZI3aJmnRI9VjAn9nJ8qPPsN1fqzr9dqInIo=
 github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
-github.com/gabriel-vasile/mimetype v1.4.7 h1:SKFKl7kD0RiPdbht0s7hFtjl489WcQ1VyPW8ZzUMYCA=
-github.com/gabriel-vasile/mimetype v1.4.7/go.mod h1:GDlAgAyIRT27BhFl53XNAFtfjzOkLaF35JdEG0P7LtU=
+github.com/gabriel-vasile/mimetype v1.4.8 h1:FfZ3gj38NjllZIeJAmMhr+qKL8Wu+nOoI3GqacKw1NM=
+github.com/gabriel-vasile/mimetype v1.4.8/go.mod h1:ByKUIKGjh1ODkGM1asKUbQZOLGrPjydw3hYPU2YU9t8=
 github.com/gammazero/deque v1.0.0 h1:LTmimT8H7bXkkCy6gZX7zNLtkbz4NdS2z8LZuor3j34=
 github.com/gammazero/deque v1.0.0/go.mod h1:iflpYvtGfM3U8S8j+sZEKIak3SAKYpA5/SQewgfXDKo=
 github.com/gammazero/workerpool v1.1.3 h1:WixN4xzukFoN0XSeXF6puqEqFTl2mECI9S6W44HWy9Q=
 github.com/gammazero/workerpool v1.1.3/go.mod h1:wPjyBLDbyKnUn2XwwyD3EEwo9dHutia9/fwNmSHWACc=
 github.com/gbrlsnchs/jwt/v3 v3.0.1 h1:lbUmgAKpxnClrKloyIwpxm4OuWeDl5wLk52G91ODPw4=
 github.com/gbrlsnchs/jwt/v3 v3.0.1/go.mod h1:AncDcjXz18xetI3A6STfXq2w+LuTx8pQ8bGEwRN8zVM=
-github.com/gin-contrib/sse v0.1.0 h1:Y/yl/+YNO8GZSjAhjMsSuLt29uWRFHdHYUb5lYOV9qE=
-github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm+fLHvGI=
+github.com/gin-contrib/sse v1.0.0 h1:y3bT1mUWUxDpW4JLQg/HnTqV4rozuW4tC9eFKTxYI9E=
+github.com/gin-contrib/sse v1.0.0/go.mod h1:zNuFdwarAygJBht0NTKiSi3jRf6RbqeILZ9Sp6Slhe0=
 github.com/gin-gonic/gin v1.10.0 h1:nTuyha1TYqgedzytsKYqna+DfLos46nTv2ygFy86HFU=
 github.com/gin-gonic/gin v1.10.0/go.mod h1:4PMNQiOhvDRa013RKVbsiNwoyezlm2rm0uX/T7kzp5Y=
 github.com/glebarez/go-sqlite v1.22.0 h1:uAcMJhaA6r3LHMTFgP0SifzgXg46yJkgxqyuyec+ruQ=
@@ -142,10 +141,10 @@ github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/o
 github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY=
 github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY=
 github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY=
-github.com/go-playground/validator/v10 v10.23.0 h1:/PwmTwZhS0dPkav3cdK9kV1FsAmrL8sThn8IHr/sO+o=
-github.com/go-playground/validator/v10 v10.23.0/go.mod h1:dbuPbCMFw/DrkbEynArYaCwl3amGuJotoKCe95atGMM=
-github.com/goccy/go-json v0.10.3 h1:KZ5WoDbxAIgm2HNbYckL0se1fHD6rz5j4ywS6ebzDqA=
-github.com/goccy/go-json v0.10.3/go.mod h1:oq7eo15ShAhp70Anwd5lgX2pLfOS3QCiwU/PULtXL6M=
+github.com/go-playground/validator/v10 v10.25.0 h1:5Dh7cjvzR7BRZadnsVOzPhWsrwUr0nmsZJxEAnFLNO8=
+github.com/go-playground/validator/v10 v10.25.0/go.mod h1:GGzBIJMuE98Ic/kJsBXbz1x/7cByt++cQ+YOuDM5wus=
+github.com/goccy/go-json v0.10.5 h1:Fq85nIqj+gXn/S5ahsiTlK3TmC85qgirsdTP/+DeaC4=
+github.com/goccy/go-json v0.10.5/go.mod h1:oq7eo15ShAhp70Anwd5lgX2pLfOS3QCiwU/PULtXL6M=
 github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
 github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
@@ -167,8 +166,8 @@ github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMyw
 github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
 github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
-github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8=
+github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
 github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
@@ -223,12 +222,12 @@ github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51/go.mod h1:C
 github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
 github.com/klauspost/compress v1.4.1/go.mod h1:RyIbtBH6LamlWaDj8nUwkbUhJ87Yi3uG0guNDohfE1A=
-github.com/klauspost/compress v1.17.11 h1:In6xLpyWOi1+C7tXUUWv2ot1QvBjxevKAaI6IXrJmUc=
-github.com/klauspost/compress v1.17.11/go.mod h1:pMDklpSncoRMuLFrf1W9Ss9KT+0rH90U12bZKk7uwG0=
+github.com/klauspost/compress v1.18.0 h1:c/Cqfb0r+Yi+JtIEq73FWXVkRonBlf0CRNYc8Zttxdo=
+github.com/klauspost/compress v1.18.0/go.mod h1:2Pp+KzxcywXVXMr50+X0Q/Lsb43OQHYWRCY2AiWywWQ=
 github.com/klauspost/cpuid v1.2.0/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek=
 github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg=
-github.com/klauspost/cpuid/v2 v2.2.9 h1:66ze0taIn2H33fBvCkXuv9BmCwDfafmiIVpKV9kKGuY=
-github.com/klauspost/cpuid/v2 v2.2.9/go.mod h1:rqkxqrZ1EhYM9G+hXH7YdowN5R5RGN6NK4QwQ3WMXF8=
+github.com/klauspost/cpuid/v2 v2.2.10 h1:tBs3QSyvjDyFTq3uoc/9xFpCuOsJQFNPiAhYdw2skhE=
+github.com/klauspost/cpuid/v2 v2.2.10/go.mod h1:hqwkgyIinND0mEev00jJYCxPNVRVXFQeu1XKlok6oO0=
 github.com/klauspost/pgzip v1.2.6 h1:8RXeL5crjEUFnR2/Sn6GJNWtSQ3Dk8pq4CL3jvdDyjU=
 github.com/klauspost/pgzip v1.2.6/go.mod h1:Ch1tH69qFZu15pkjo5kYi6mth2Zzwzt50oCQKQE9RUs=
 github.com/knz/go-libedit v1.10.1/go.mod h1:MZTVkCWyz0oBc7JOWP3wNAzd002ZbM/5hgShxwh4x8M=
@@ -238,8 +237,9 @@ github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFB
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
 github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
 github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
-github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0=
 github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk=
+github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
+github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
@@ -253,11 +253,10 @@ github.com/magiconair/properties v1.8.9 h1:nWcCbLq1N2v/cpNsy5WvQ37Fb+YElfq20WJ/a
 github.com/magiconair/properties v1.8.9/go.mod h1:Dhd985XPs7jluiymwWYZ0G4Z61jb3vdS329zhj2hYo0=
 github.com/mattn/go-colorable v0.1.1/go.mod h1:FuOcm+DKB9mbwrcAfNl7/TZVBZ6rcnceauSikq3lYCQ=
 github.com/mattn/go-colorable v0.1.2/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE=
-github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA=
-github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=
+github.com/mattn/go-colorable v0.1.14 h1:9A9LHSqF/7dyVVX6g0U9cwm9pG3kP9gSzcuIPHPsaIE=
+github.com/mattn/go-colorable v0.1.14/go.mod h1:6LmQG8QLFO4G5z1gPvYEzlUgJ2wF+stgPZH1UqBm1s8=
 github.com/mattn/go-isatty v0.0.5/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s=
 github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s=
-github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
 github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
 github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
 github.com/mgutz/ansi v0.0.0-20170206155736-9520e82c474b/go.mod h1:01TrycV0kFyexm33Z7vhZRXopbI8J3TDReVlkTgMUxE=
@@ -280,14 +279,14 @@ github.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A=
 github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc=
 github.com/ncruces/go-strftime v0.1.9 h1:bY0MQC28UADQmHmaF5dgpLmImcShSi2kHU9XLdhx/f4=
 github.com/ncruces/go-strftime v0.1.9/go.mod h1:Fwc5htZGVVkseilnfgOVb9mKy6w1naJmn9CehxcKcls=
-github.com/nwaples/rardecode/v2 v2.0.1 h1:3MN6/R+Y4c7e+21U3yhWuUcf72sYmcmr6jtiuAVSH1A=
-github.com/nwaples/rardecode/v2 v2.0.1/go.mod h1:yntwv/HfMc/Hbvtq9I19D1n58te3h6KsqCf3GxyfBGY=
+github.com/nwaples/rardecode/v2 v2.1.1 h1:OJaYalXdliBUXPmC8CZGQ7oZDxzX1/5mQmgn0/GASew=
+github.com/nwaples/rardecode/v2 v2.1.1/go.mod h1:7uz379lSxPe6j9nvzxUZ+n7mnJNgjsRNb6IbvGVHRmw=
 github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
 github.com/onsi/gomega v1.5.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
-github.com/opencontainers/image-spec v1.1.0 h1:8SG7/vwALn54lVB/0yZ/MMwhFrPYtpEHQb2IpWsCzug=
-github.com/opencontainers/image-spec v1.1.0/go.mod h1:W4s4sFTMaBeK1BQLXbG4AdM2szdn85PY75RI83NrTrM=
+github.com/opencontainers/image-spec v1.1.1 h1:y0fUlFfIZhPF1W537XOLg0/fcx6zcHCJwooC2xJA040=
+github.com/opencontainers/image-spec v1.1.1/go.mod h1:qpqAh3Dmcf36wStyyWU+kCeDgrGnAve2nCC8+7h8Q0M=
 github.com/patrickmn/go-cache v2.1.0+incompatible h1:HRMgzkcYKYpi3C8ajMPV8OFXaaRUnok+kx1WdO15EQc=
 github.com/patrickmn/go-cache v2.1.0+incompatible/go.mod h1:3Qf8kWWT7OJRJbdiICTKqZju1ZixQ/KpMGzzAfe6+WQ=
 github.com/pelletier/go-toml/v2 v2.2.3 h1:YmeHyLY8mFWbdkNWwpr+qIL2bEqT0o95WSdkNHvL12M=
@@ -310,8 +309,9 @@ github.com/robfig/cron/v3 v3.0.1/go.mod h1:eQICP3HwyT7UooqI/z+Ov+PtYAWygg1TEWWzG
 github.com/rogpeppe/fastuuid v1.1.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ=
 github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
 github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
-github.com/rogpeppe/go-internal v1.8.1 h1:geMPLpDpQOgVyCg5z5GoRwLHepNdb71NXb67XFkP+Eg=
 github.com/rogpeppe/go-internal v1.8.1/go.mod h1:JeRgkft04UBgHMgCIwADu4Pn6Mtm5d4nPKWu0nJ5d+o=
+github.com/rogpeppe/go-internal v1.13.1 h1:KvO1DLK/DRN07sQ1LQKScxyZJuNnedQ5/wKSR38lUII=
+github.com/rogpeppe/go-internal v1.13.1/go.mod h1:uMEvuHeurkdAXX61udpOXGD/AzZDWNMNyH2VO9fmH0o=
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/rwcarlsen/goexif v0.0.0-20190401172101-9e8deecbddbd/go.mod h1:hPqNNc0+uJM6H+SuU8sEs5K5IQeKccPqeSjfgcKGgPk=
 github.com/sabhiram/go-gitignore v0.0.0-20210923224102-525f6e181f06 h1:OkMGxebDjyw0ULyrTYWeN0UNCCkmCWfjPnIA2W6oviI=
@@ -324,14 +324,15 @@ github.com/smartystreets/go-aws-auth v0.0.0-20180515143844-0c1422d1fdb9/go.mod h
 github.com/smartystreets/gunit v1.0.0/go.mod h1:qwPWnhz6pn0NnRBP++URONOVyNkPyr4SauJk4cUOwJs=
 github.com/sorairolake/lzip-go v0.3.5 h1:ms5Xri9o1JBIWvOFAorYtUNik6HI3HgBTkISiqu0Cwg=
 github.com/sorairolake/lzip-go v0.3.5/go.mod h1:N0KYq5iWrMXI0ZEXKXaS9hCyOjZUQdBDEIbXfoUwbdk=
-github.com/spf13/cobra v1.8.1 h1:e5/vxKd/rZsfSJMUX1agtjeTDf+qv1/JdBF8gg5k9ZM=
-github.com/spf13/cobra v1.8.1/go.mod h1:wHxEcudfqmLYa8iTfL+OuZPbBZkmvliBWKIezN3kD9Y=
+github.com/spf13/cobra v1.9.1 h1:CXSaggrXdbHK9CF+8ywj8Amf7PBRmPCOJugH954Nnlo=
+github.com/spf13/cobra v1.9.1/go.mod h1:nDyEzZ8ogv936Cinf6g1RU9MRY64Ir93oCnqb9wxYW0=
 github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
-github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
-github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
+github.com/spf13/pflag v1.0.6 h1:jFzHGLGAlb3ruxLB8MhbI6A8+AQX/2eW4qeyNZXNp2o=
+github.com/spf13/pflag v1.0.6/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
 github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
+github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
 github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
@@ -340,6 +341,7 @@ github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
 github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
 github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
+github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
 github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=
 github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 github.com/therootcompany/xz v1.0.1 h1:CmOtsn1CbtmyYiusbfmhmkpAAETj0wBIH6kCYaX+xzw=
@@ -367,20 +369,24 @@ go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
 go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
 go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
 go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
-go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.57.0 h1:DheMAlT6POBP+gh8RUH19EOTnQIor5QE0uSRPtzCpSw=
-go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.57.0/go.mod h1:wZcGmeVO9nzP67aYSLDqXNWK87EZWhi7JWj1v7ZXf94=
-go.opentelemetry.io/otel v1.32.0 h1:WnBN+Xjcteh0zdk01SVqV55d/m62NJLJdIyb4y/WO5U=
-go.opentelemetry.io/otel v1.32.0/go.mod h1:00DCVSB0RQcnzlwyTfqtxSm+DRr9hpYrHjNGiBHVQIg=
+go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJySYA=
+go.opentelemetry.io/auto/sdk v1.1.0/go.mod h1:3wSPjt5PWp2RhlCcmmOial7AvC4DQqZb7a7wCow3W8A=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.60.0 h1:sbiXRNDSWJOTobXh5HyQKjq6wUC5tNybqjIqDpAY4CU=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.60.0/go.mod h1:69uWxva0WgAA/4bu2Yy70SLDBwZXuQ6PbBpbsa5iZrQ=
+go.opentelemetry.io/otel v1.35.0 h1:xKWKPxrxB6OtMCbmMY021CqC45J+3Onta9MqjhnusiQ=
+go.opentelemetry.io/otel v1.35.0/go.mod h1:UEqy8Zp11hpkUrL73gSlELM0DupHoiq72dR+Zqel/+Y=
 go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.24.0 h1:t6wl9SPayj+c7lEIFgm4ooDBZVb01IhLB4InpomhRw8=
 go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.24.0/go.mod h1:iSDOcsnSA5INXzZtwaBPrKp/lWu/V14Dd+llD0oI2EA=
 go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.24.0 h1:Xw8U6u2f8DK2XAkGRFV7BBLENgnTGX9i4rQRxJf+/vs=
 go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.24.0/go.mod h1:6KW1Fm6R/s6Z3PGXwSJN2K4eT6wQB3vXX6CVnYX9NmM=
-go.opentelemetry.io/otel/metric v1.32.0 h1:xV2umtmNcThh2/a/aCP+h64Xx5wsj8qqnkYZktzNa0M=
-go.opentelemetry.io/otel/metric v1.32.0/go.mod h1:jH7CIbbK6SH2V2wE16W05BHCtIDzauciCRLoc/SyMv8=
-go.opentelemetry.io/otel/sdk v1.28.0 h1:b9d7hIry8yZsgtbmM0DKyPWMMUMlK9NEKuIG4aBqWyE=
-go.opentelemetry.io/otel/sdk v1.28.0/go.mod h1:oYj7ClPUA7Iw3m+r7GeEjz0qckQRJK2B8zjcZEfu7Pg=
-go.opentelemetry.io/otel/trace v1.32.0 h1:WIC9mYrXf8TmY/EXuULKc8hR17vE+Hjv2cssQDe03fM=
-go.opentelemetry.io/otel/trace v1.32.0/go.mod h1:+i4rkvCraA+tG6AzwloGaCtkx53Fa+L+V8e9a7YvhT8=
+go.opentelemetry.io/otel/metric v1.35.0 h1:0znxYu2SNyuMSQT4Y9WDWej0VpcsxkuklLa4/siN90M=
+go.opentelemetry.io/otel/metric v1.35.0/go.mod h1:nKVFgxBZ2fReX6IlyW28MgZojkoAkJGaE8CpgeAU3oE=
+go.opentelemetry.io/otel/sdk v1.35.0 h1:iPctf8iprVySXSKJffSS79eOjl9pvxV9ZqOWT0QejKY=
+go.opentelemetry.io/otel/sdk v1.35.0/go.mod h1:+ga1bZliga3DxJ3CQGg3updiaAJoNECOgJREo9KHGQg=
+go.opentelemetry.io/otel/sdk/metric v1.35.0 h1:1RriWBmCKgkeHEhM7a2uMjMUfP7MsOF5JpUCaEqEI9o=
+go.opentelemetry.io/otel/sdk/metric v1.35.0/go.mod h1:is6XYCUMpcKi+ZsOvfluY5YstFnhW0BidkR+gL+qN+w=
+go.opentelemetry.io/otel/trace v1.35.0 h1:dPpEfJu1sDIqruz7BHFG3c7528f6ddfSWfFDVt/xgMs=
+go.opentelemetry.io/otel/trace v1.35.0/go.mod h1:WUk7DtFp1Aw2MkvqGdwiXYDZZNvA/1J8o6xRXLrIkyc=
 go.opentelemetry.io/proto/otlp v1.1.0 h1:2Di21piLrCqJ3U3eXGCTPHE9R8Nh+0uglSnOyxikMeI=
 go.opentelemetry.io/proto/otlp v1.1.0/go.mod h1:GpBHCBWiqvVLDqmHZsoMM3C5ySeKTC7ej/RNTae6MdY=
 go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
@@ -394,8 +400,8 @@ go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
 go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
 go4.org v0.0.0-20230225012048-214862532bf5 h1:nifaUDeh+rPaBCMPMQHZmvJf+QdpLFnuQPwx+LxVmtc=
 go4.org v0.0.0-20230225012048-214862532bf5/go.mod h1:F57wTi5Lrj6WLyswp5EYV1ncrEbFGHD4hhz6S1ZYeaU=
-golang.org/x/arch v0.12.0 h1:UsYJhbzPYGsT0HbEdmYcqtCv8UNGvnaL561NnIUvaKg=
-golang.org/x/arch v0.12.0/go.mod h1:FEVrYAQjsQXMVJ1nsMoVVXPZg6p2JE2mx8psSWTDQys=
+golang.org/x/arch v0.15.0 h1:QtOrQd0bTUnhNVNndMpLHNWrDmYzZ2KDqSrEymqInZw=
+golang.org/x/arch v0.15.0/go.mod h1:JmwW7aLIoRUKgaTzhkiEFxvcEiQGyOg9BMonBJUS7EE=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20190426145343-a29dc8fdc734/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
@@ -405,8 +411,8 @@ golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8U
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4=
-golang.org/x/crypto v0.31.0 h1:ihbySMvVjLAeSH1IbfcRTkD/iNscyz8rGzjF/E5hV6U=
-golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk=
+golang.org/x/crypto v0.36.0 h1:AnAEvhDddvBdpY+uR+MyHmuZzzNqXSe/GvuDeob5L34=
+golang.org/x/crypto v0.36.0/go.mod h1:Y4J0ReaxCR1IMaabaSMugxJES1EpwhBHhv2bDHklZvc=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
@@ -415,8 +421,8 @@ golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE
 golang.org/x/exp v0.0.0-20191129062945-2f5052295587/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
 golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
 golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM=
-golang.org/x/exp v0.0.0-20241204233417-43b7b7cde48d h1:0olWaB5pg3+oychR51GUVCEsGkeCU/2JxjBgIo4f3M0=
-golang.org/x/exp v0.0.0-20241204233417-43b7b7cde48d/go.mod h1:qj5a5QZpwLU2NLQudwIN5koi3beDhSAlJwa67PuM98c=
+golang.org/x/exp v0.0.0-20250305212735-054e65f0b394 h1:nDVHiLt8aIbd/VzvPWN6kSOPE7+F/fNFDSXLVYkE/Iw=
+golang.org/x/exp v0.0.0-20250305212735-054e65f0b394/go.mod h1:sIifuuw/Yco/y6yb6+bDNfyeQ/MdPUy/hKEMYQV17cM=
 golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
 golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
@@ -437,8 +443,8 @@ golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
 golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
-golang.org/x/mod v0.22.0 h1:D4nJWe9zXqHOmWqj4VMOJhvzj7bEZg4wEYa759z1pH4=
-golang.org/x/mod v0.22.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY=
+golang.org/x/mod v0.24.0 h1:ZfthKaKaT4NrhGVZHO1/WDTwGES4De8KtWO0SIbNJMU=
+golang.org/x/mod v0.24.0/go.mod h1:IXM97Txy2VM4PJ3gI61r1YEk/gAj6zAHN3AdZt6S9Ww=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -460,8 +466,8 @@ golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug
 golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
-golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I=
-golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4=
+golang.org/x/net v0.37.0 h1:1zLorHbz+LYj7MQlSf1+2tPIIgibq2eL5xkrGk6f+2c=
+golang.org/x/net v0.37.0/go.mod h1:ivrbrMbzFq5J41QOQh0siUuly180yBYtLp+CKbEaFx8=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -476,8 +482,8 @@ golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.10.0 h1:3NQrjDixjgGwUOCaF8w2+VYHv0Ve/vGYSbdkTa98gmQ=
-golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
+golang.org/x/sync v0.12.0 h1:MHc5BpPuC30uJk597Ri8TV3CNZcTLu6B6z4lJy+g6Jw=
+golang.org/x/sync v0.12.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -499,20 +505,19 @@ golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA=
-golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.31.0 h1:ioabZlmFYtWhL+TRYpcnNlLwhyxaM9kWTDEmfnprqik=
+golang.org/x/sys v0.31.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
 golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo=
 golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0=
-golang.org/x/term v0.27.0 h1:WP60Sv1nlK1T6SupCHbXzSaN0b9wUmsPoRS9b61A23Q=
-golang.org/x/term v0.27.0/go.mod h1:iMsnZpn0cago0GOrHO2+Y7u7JPn5AylBrcoWkElMTSM=
+golang.org/x/term v0.30.0 h1:PQ39fJZ+mfadBm0y5WlL4vlM7Sx1Hgf13sMIY2+QS9Y=
+golang.org/x/term v0.30.0/go.mod h1:NYYFdzHoI5wRh/h5tDMdMqCqPJZEuNqVR5xJLd/n67g=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -523,8 +528,8 @@ golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
 golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
-golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo=
-golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ=
+golang.org/x/text v0.23.0 h1:D71I7dUrlY+VX0gQShAThNGHFxZ13dGLBHQLVl1mJlY=
+golang.org/x/text v0.23.0/go.mod h1:/BLNzu4aZCJ1+kcD0DNRotWKage4q2rGVAg4o22unh4=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20220922220347-f3bd1da661af h1:Yx9k8YCG3dvF87UAn2tu2HQLf2dt/eR1bXxpLMWeH+Y=
@@ -559,8 +564,8 @@ golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roY
 golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
 golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
-golang.org/x/tools v0.28.0 h1:WuB6qZ4RPCQo5aP3WdKZS7i595EdWqWR8vqJTlwTVK8=
-golang.org/x/tools v0.28.0/go.mod h1:dcIOrVd3mfQKTgrDVQHqCPMWy6lnhfhtX3hLXYVLfRw=
+golang.org/x/tools v0.31.0 h1:0EedkvKDbh+qistFTd0Bcwe/YLh4vHwWEkiI0toFIBU=
+golang.org/x/tools v0.31.0/go.mod h1:naFTU+Cev749tSJRXJlna0T3WxKvb1kWEx15xA4SdmQ=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
@@ -607,8 +612,8 @@ google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8
 google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
 google.golang.org/grpc v1.67.0 h1:IdH9y6PF5MPSdAntIcpjQ+tXO41pcQsfZV2RxtQgVcw=
 google.golang.org/grpc v1.67.0/go.mod h1:1gLDyUQU7CTLJI90u3nXZ9ekeghjeM7pTDZlqFNg2AA=
-google.golang.org/protobuf v1.35.2 h1:8Ar7bF+apOIoThw1EdZl0p1oWvMqTHmpA2fRTyZO8io=
-google.golang.org/protobuf v1.35.2/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
+google.golang.org/protobuf v1.36.5 h1:tPhr+woSbjfYvY6/GPufUoYizxw1cF/yFoxJ2fmpwlM=
+google.golang.org/protobuf v1.36.5/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
@@ -636,28 +641,28 @@ honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWh
 honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
-modernc.org/cc/v4 v4.23.1 h1:WqJoPL3x4cUufQVHkXpXX7ThFJ1C4ik80i2eXEXbhD8=
-modernc.org/cc/v4 v4.23.1/go.mod h1:HM7VJTZbUCR3rV8EYBi9wxnJ0ZBRiGE5OeGXNA0IsLQ=
-modernc.org/ccgo/v4 v4.23.1 h1:N49a7JiWGWV7lkPE4yYcvjkBGZQi93/JabRYjdWmJXc=
-modernc.org/ccgo/v4 v4.23.1/go.mod h1:JoIUegEIfutvoWV/BBfDFpPpfR2nc3U0jKucGcbmwDU=
+modernc.org/cc/v4 v4.24.4 h1:TFkx1s6dCkQpd6dKurBNmpo+G8Zl4Sq/ztJ+2+DEsh0=
+modernc.org/cc/v4 v4.24.4/go.mod h1:uVtb5OGqUKpoLWhqwNQo/8LwvoiEBLvZXIQ/SmO6mL0=
+modernc.org/ccgo/v4 v4.23.16 h1:Z2N+kk38b7SfySC1ZkpGLN2vthNJP1+ZzGZIlH7uBxo=
+modernc.org/ccgo/v4 v4.23.16/go.mod h1:nNma8goMTY7aQZQNTyN9AIoJfxav4nvTnvKThAeMDdo=
 modernc.org/fileutil v1.3.0 h1:gQ5SIzK3H9kdfai/5x41oQiKValumqNTDXMvKo62HvE=
 modernc.org/fileutil v1.3.0/go.mod h1:XatxS8fZi3pS8/hKG2GH/ArUogfxjpEKs3Ku3aK4JyQ=
-modernc.org/gc/v2 v2.5.0 h1:bJ9ChznK1L1mUtAQtxi0wi5AtAs5jQuw4PrPHO5pb6M=
-modernc.org/gc/v2 v2.5.0/go.mod h1:wzN5dK1AzVGoH6XOzc3YZ+ey/jPgYHLuVckd62P0GYU=
-modernc.org/libc v1.61.4 h1:wVyqEx6tlltte9lPTjq0kDAdtdM9c4JH8rU6M1ZVawA=
-modernc.org/libc v1.61.4/go.mod h1:VfXVuM/Shh5XsMNrh3C6OkfL78G3loa4ZC/Ljv9k7xc=
-modernc.org/mathutil v1.6.0 h1:fRe9+AmYlaej+64JsEEhoWuAYBkOtQiMEU7n/XgfYi4=
-modernc.org/mathutil v1.6.0/go.mod h1:Ui5Q9q1TR2gFm0AQRqQUaBWFLAhQpCwNcuhBOSedWPo=
-modernc.org/memory v1.8.0 h1:IqGTL6eFMaDZZhEWwcREgeMXYwmW83LYW8cROZYkg+E=
-modernc.org/memory v1.8.0/go.mod h1:XPZ936zp5OMKGWPqbD3JShgd/ZoQ7899TUuQqxY+peU=
-modernc.org/opt v0.1.3 h1:3XOZf2yznlhC+ibLltsDGzABUGVx8J6pnFMS3E4dcq4=
-modernc.org/opt v0.1.3/go.mod h1:WdSiB5evDcignE70guQKxYUl14mgWtbClRi5wmkkTX0=
-modernc.org/sortutil v1.2.0 h1:jQiD3PfS2REGJNzNCMMaLSp/wdMNieTbKX920Cqdgqc=
-modernc.org/sortutil v1.2.0/go.mod h1:TKU2s7kJMf1AE84OoiGppNHJwvB753OYfNl2WRb++Ss=
-modernc.org/sqlite v1.34.2 h1:J9n76TPsfYYkFkZ9Uy1QphILYifiVEwwOT7yP5b++2Y=
-modernc.org/sqlite v1.34.2/go.mod h1:dnR723UrTtjKpoHCAMN0Q/gZ9MT4r+iRvIBb9umWFkU=
-modernc.org/strutil v1.2.0 h1:agBi9dp1I+eOnxXeiZawM8F4LawKv4NzGWSaLfyeNZA=
-modernc.org/strutil v1.2.0/go.mod h1:/mdcBmfOibveCTBxUl5B5l6W+TTH1FXPLHZE6bTosX0=
+modernc.org/gc/v2 v2.6.3 h1:aJVhcqAte49LF+mGveZ5KPlsp4tdGdAOT4sipJXADjw=
+modernc.org/gc/v2 v2.6.3/go.mod h1:YgIahr1ypgfe7chRuJi2gD7DBQiKSLMPgBQe9oIiito=
+modernc.org/libc v1.61.13 h1:3LRd6ZO1ezsFiX1y+bHd1ipyEHIJKvuprv0sLTBwLW8=
+modernc.org/libc v1.61.13/go.mod h1:8F/uJWL/3nNil0Lgt1Dpz+GgkApWh04N3el3hxJcA6E=
+modernc.org/mathutil v1.7.1 h1:GCZVGXdaN8gTqB1Mf/usp1Y/hSqgI2vAGGP4jZMCxOU=
+modernc.org/mathutil v1.7.1/go.mod h1:4p5IwJITfppl0G4sUEDtCr4DthTaT47/N3aT6MhfgJg=
+modernc.org/memory v1.8.2 h1:cL9L4bcoAObu4NkxOlKWBWtNHIsnnACGF/TbqQ6sbcI=
+modernc.org/memory v1.8.2/go.mod h1:ZbjSvMO5NQ1A2i3bWeDiVMxIorXwdClKE/0SZ+BMotU=
+modernc.org/opt v0.1.4 h1:2kNGMRiUjrp4LcaPuLY2PzUfqM/w9N23quVwhKt5Qm8=
+modernc.org/opt v0.1.4/go.mod h1:03fq9lsNfvkYSfxrfUhZCWPk1lm4cq4N+Bh//bEtgns=
+modernc.org/sortutil v1.2.1 h1:+xyoGf15mM3NMlPDnFqrteY07klSFxLElE2PVuWIJ7w=
+modernc.org/sortutil v1.2.1/go.mod h1:7ZI3a3REbai7gzCLcotuw9AC4VZVpYMjDzETGsSMqJE=
+modernc.org/sqlite v1.36.0 h1:EQXNRn4nIS+gfsKeUTymHIz1waxuv5BzU7558dHSfH8=
+modernc.org/sqlite v1.36.0/go.mod h1:7MPwH7Z6bREicF9ZVUR78P1IKuxfZ8mRIDHD0iD+8TU=
+modernc.org/strutil v1.2.1 h1:UneZBkQA+DX2Rp35KcM69cSsNES9ly8mQWD71HKlOA0=
+modernc.org/strutil v1.2.1/go.mod h1:EHkiggD70koQxjVdSBM3JKM7k6L0FbGE5eymy9i3B9A=
 modernc.org/token v1.1.0 h1:Xl7Ap9dKaEs5kLoOQeQmPWevfnk/DM5qcLcYlA8ys6Y=
 modernc.org/token v1.1.0/go.mod h1:UGzOrNV1mAFSEB63lOFHIpNRUVMvYTc6yu1SMY/XTDM=
 nullprogram.com/x/optparse v1.0.0/go.mod h1:KdyPE+Igbe0jQUrVfMqDMeJQIJZEuyV7pjYmp6pbG50=

From 91e016249ce07c49c857a49ac9388c16a01fa343 Mon Sep 17 00:00:00 2001
From: Matthew Penner <me@matthewp.io>
Date: Sun, 9 Mar 2025 19:51:20 -0600
Subject: [PATCH 16/46] ci: fix codeql workflow matrix

Signed-off-by: Matthew Penner <me@matthewp.io>
---
 .github/workflows/codeql.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml
index 0d0e7a546..cc0e75a7c 100644
--- a/.github/workflows/codeql.yaml
+++ b/.github/workflows/codeql.yaml
@@ -17,7 +17,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        language:
+        include:
           - language: go
             build-mode: autobuild
     permissions:

From 4b4e8f8fa0ef19e9aa95940bb073ac8ca653cc09 Mon Sep 17 00:00:00 2001
From: Matthew Penner <me@matthewp.io>
Date: Sun, 9 Mar 2025 20:00:45 -0600
Subject: [PATCH 17/46] system: fix test relying on reflection to determine if
 mutex is locked

Signed-off-by: Matthew Penner <me@matthewp.io>
---
 system/sink_pool_test.go | 18 ++++--------------
 1 file changed, 4 insertions(+), 14 deletions(-)

diff --git a/system/sink_pool_test.go b/system/sink_pool_test.go
index 7d0fa0910..e6cd53ac6 100644
--- a/system/sink_pool_test.go
+++ b/system/sink_pool_test.go
@@ -2,7 +2,6 @@ package system
 
 import (
 	"fmt"
-	"reflect"
 	"sync"
 	"testing"
 	"time"
@@ -11,20 +10,11 @@ import (
 )
 
 func MutexLocked(m *sync.RWMutex) bool {
-	v := reflect.ValueOf(m).Elem()
-
-	state := v.FieldByName("w").FieldByName("state")
-
-	readerCountField := v.FieldByName("readerCount")
-	// go1.20 changed readerCount to an atomic
-	// ref; https://github.com/golang/go/commit/e509452727b469d89a3fc4a7d1cbf9d3f110efee
-	var readerCount int64
-	if readerCountField.Kind() == reflect.Struct {
-		readerCount = readerCountField.FieldByName("v").Int()
-	} else {
-		readerCount = readerCountField.Int()
+	unlocked := m.TryLock()
+	if unlocked {
+		m.Unlock()
 	}
-	return state.Int()&1 == 1 || readerCount > 0
+	return !unlocked
 }
 
 func TestSink(t *testing.T) {

From 9535aae52e7fdf695c2b6b169b7cf0aab71f6ef9 Mon Sep 17 00:00:00 2001
From: Matthew Penner <me@matthewp.io>
Date: Mon, 10 Mar 2025 12:35:46 -0600
Subject: [PATCH 18/46] fix: `Duplicated key token in config` panic

Signed-off-by: Matthew Penner <me@matthewp.io>
---
 config/config.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/config/config.go b/config/config.go
index 254802bc0..3bf57c626 100644
--- a/config/config.go
+++ b/config/config.go
@@ -301,7 +301,7 @@ type Token struct {
 }
 
 type Configuration struct {
-	Token Token `json:"-"`
+	Token Token `json:"-" yaml:"-"`
 
 	// The location from which this configuration instance was instantiated.
 	path string

From 49b04fe9bb707cfcc2ba72bc4b5d8cdd797e86b5 Mon Sep 17 00:00:00 2001
From: Matthew Penner <me@matthewp.io>
Date: Mon, 10 Mar 2025 12:40:52 -0600
Subject: [PATCH 19/46] fix: use of old `AuthenticationToken` value

Signed-off-by: Matthew Penner <me@matthewp.io>
---
 config/config.go | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/config/config.go b/config/config.go
index 3bf57c626..2d0438af0 100644
--- a/config/config.go
+++ b/config/config.go
@@ -369,11 +369,11 @@ func NewAtPath(path string) (*Configuration, error) {
 // will be paused until it is complete.
 func Set(c *Configuration) {
 	mu.Lock()
-	if _config == nil || _config.AuthenticationToken != c.AuthenticationToken {
-		_jwtAlgo = jwt.NewHS256([]byte(c.AuthenticationToken))
+	defer mu.Unlock()
+	if _config == nil || _config.Token.Token != c.Token.Token {
+		_jwtAlgo = jwt.NewHS256([]byte(c.Token.Token))
 	}
 	_config = c
-	mu.Unlock()
 }
 
 // SetDebugViaFlag tracks if the application is running in debug mode because of
@@ -381,9 +381,9 @@ func Set(c *Configuration) {
 // change to the disk.
 func SetDebugViaFlag(d bool) {
 	mu.Lock()
+	defer mu.Unlock()
 	_config.Debug = d
 	_debugViaFlag = d
-	mu.Unlock()
 }
 
 // Get returns the global configuration instance. This is a thread-safe operation
@@ -408,8 +408,8 @@ func Get() *Configuration {
 // the global configuration.
 func Update(callback func(c *Configuration)) {
 	mu.Lock()
+	defer mu.Unlock()
 	callback(_config)
-	mu.Unlock()
 }
 
 // GetJwtAlgorithm returns the in-memory JWT algorithm.

From f18726c8740bd58bf8b1c0e08e2e06a968dd55e3 Mon Sep 17 00:00:00 2001
From: Matthew Penner <me@matthewp.io>
Date: Mon, 10 Mar 2025 12:54:25 -0600
Subject: [PATCH 20/46] chore: avoid exiting if config file is not writable

Signed-off-by: Matthew Penner <me@matthewp.io>
---
 cmd/root.go | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/cmd/root.go b/cmd/root.go
index 0bb038832..25d9ff206 100644
--- a/cmd/root.go
+++ b/cmd/root.go
@@ -13,6 +13,7 @@ import (
 	"path/filepath"
 	"runtime"
 	"strconv"
+	"syscall"
 	"time"
 
 	"github.com/NYTimes/logrotate"
@@ -103,6 +104,7 @@ func rootCmdRun(cmd *cobra.Command, _ []string) {
 
 	if err := config.ConfigureTimezone(); err != nil {
 		log.WithField("error", err).Fatal("failed to detect system timezone or use supplied configuration value")
+		return
 	}
 	log.WithField("timezone", config.Get().System.Timezone).Info("configured wings with system timezone")
 	if err := config.ConfigureDirectories(); err != nil {
@@ -111,9 +113,11 @@ func rootCmdRun(cmd *cobra.Command, _ []string) {
 	}
 	if err := config.EnsurePterodactylUser(); err != nil {
 		log.WithField("error", err).Fatal("failed to create pterodactyl system user")
+		return
 	}
 	if err := config.ConfigurePasswd(); err != nil {
 		log.WithField("error", err).Fatal("failed to configure container passwd file")
+		return
 	}
 	log.WithFields(log.Fields{
 		"username": config.Get().System.Username,
@@ -136,19 +140,26 @@ func rootCmdRun(cmd *cobra.Command, _ []string) {
 
 	if err := database.Initialize(); err != nil {
 		log.WithField("error", err).Fatal("failed to initialize database")
+		return
 	}
 
 	manager, err := server.NewManager(cmd.Context(), pclient)
 	if err != nil {
 		log.WithField("error", err).Fatal("failed to load server configurations")
+		return
 	}
 
 	if err := environment.ConfigureDocker(cmd.Context()); err != nil {
 		log.WithField("error", err).Fatal("failed to configure docker environment")
+		return
 	}
 
 	if err := config.WriteToDisk(config.Get()); err != nil {
-		log.WithField("error", err).Fatal("failed to write configuration to disk")
+		if !errors.Is(err, syscall.EROFS) {
+			log.WithField("error", err).Error("failed to write configuration to disk")
+		} else {
+			log.WithField("error", err).Debug("failed to write configuration to disk")
+		}
 	}
 
 	// Just for some nice log output.

From e311206d6beff4ee1f76c57ecd7ac10e10dd973b Mon Sep 17 00:00:00 2001
From: Matthew Penner <me@matthewp.io>
Date: Mon, 17 Mar 2025 12:16:29 -0600
Subject: [PATCH 21/46] config: handle old `AuthenticationToken` value

Signed-off-by: Matthew Penner <me@matthewp.io>
---
 config/config.go | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/config/config.go b/config/config.go
index 2d0438af0..d210fda39 100644
--- a/config/config.go
+++ b/config/config.go
@@ -370,8 +370,13 @@ func NewAtPath(path string) (*Configuration, error) {
 func Set(c *Configuration) {
 	mu.Lock()
 	defer mu.Unlock()
-	if _config == nil || _config.Token.Token != c.Token.Token {
-		_jwtAlgo = jwt.NewHS256([]byte(c.Token.Token))
+	token := c.Token.Token
+	if token == "" {
+		c.Token.Token = c.AuthenticationToken
+		token = c.Token.Token
+	}
+	if _config == nil || _config.Token.Token != token {
+		_jwtAlgo = jwt.NewHS256([]byte(token))
 	}
 	_config = c
 }

From d5097e5f59c6d0d0081440aa5e6c0bec74944370 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 17 Mar 2025 12:23:14 -0600
Subject: [PATCH 22/46] build(deps): bump github.com/pkg/sftp from 1.13.7 to
 1.13.8 (#215)

Bumps [github.com/pkg/sftp](https://github.com/pkg/sftp) from 1.13.7 to 1.13.8.
- [Release notes](https://github.com/pkg/sftp/releases)
- [Commits](https://github.com/pkg/sftp/compare/v1.13.7...v1.13.8)

---
updated-dependencies:
- dependency-name: github.com/pkg/sftp
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod |  2 +-
 go.sum | 36 +++++++++++++++++++++++++++++++-----
 2 files changed, 32 insertions(+), 6 deletions(-)

diff --git a/go.mod b/go.mod
index eee39bc0f..e79383e46 100644
--- a/go.mod
+++ b/go.mod
@@ -38,7 +38,7 @@ require (
 	github.com/mholt/archives v0.1.0
 	github.com/mitchellh/colorstring v0.0.0-20190213212951-d06e56a500db
 	github.com/patrickmn/go-cache v2.1.0+incompatible
-	github.com/pkg/sftp v1.13.7
+	github.com/pkg/sftp v1.13.8
 	github.com/sabhiram/go-gitignore v0.0.0-20210923224102-525f6e181f06
 	github.com/spf13/cobra v1.9.1
 	github.com/stretchr/testify v1.10.0
diff --git a/go.sum b/go.sum
index 910946c65..45b213e34 100644
--- a/go.sum
+++ b/go.sum
@@ -166,6 +166,7 @@ github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMyw
 github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
 github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8=
 github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
@@ -297,8 +298,8 @@ github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsK
 github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
-github.com/pkg/sftp v1.13.7 h1:uv+I3nNJvlKZIQGSr8JVQLNHFU9YhhNpvC14Y6KgmSM=
-github.com/pkg/sftp v1.13.7/go.mod h1:KMKI0t3T6hfA+lTR/ssZdunHo+uwq7ghoN09/FSu3DY=
+github.com/pkg/sftp v1.13.8 h1:Xt7eJ/xqXv7s0VuzFw7JXhZj6Oc1zI6l4GK8KP9sFB0=
+github.com/pkg/sftp v1.13.8/go.mod h1:DmvEkvKE2lshEeuo2JMp06yqcx9HVnR7e3zqQl42F3U=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
@@ -410,7 +411,10 @@ golang.org/x/crypto v0.0.0-20190927123631-a832865fa7ad/go.mod h1:yigFU9vqHzYiE8U
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4=
+golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc=
+golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU=
+golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8=
+golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk=
 golang.org/x/crypto v0.36.0 h1:AnAEvhDddvBdpY+uR+MyHmuZzzNqXSe/GvuDeob5L34=
 golang.org/x/crypto v0.36.0/go.mod h1:Y4J0ReaxCR1IMaabaSMugxJES1EpwhBHhv2bDHklZvc=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
@@ -443,6 +447,9 @@ golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
 golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
+golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
+golang.org/x/mod v0.15.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
+golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
 golang.org/x/mod v0.24.0 h1:ZfthKaKaT4NrhGVZHO1/WDTwGES4De8KtWO0SIbNJMU=
 golang.org/x/mod v0.24.0/go.mod h1:IXM97Txy2VM4PJ3gI61r1YEk/gAj6zAHN3AdZt6S9Ww=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -466,6 +473,9 @@ golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug
 golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
+golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk=
+golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44=
+golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM=
 golang.org/x/net v0.37.0 h1:1zLorHbz+LYj7MQlSf1+2tPIIgibq2eL5xkrGk6f+2c=
 golang.org/x/net v0.37.0/go.mod h1:ivrbrMbzFq5J41QOQh0siUuly180yBYtLp+CKbEaFx8=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
@@ -482,6 +492,10 @@ golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=
+golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
+golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
+golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sync v0.12.0 h1:MHc5BpPuC30uJk597Ri8TV3CNZcTLu6B6z4lJy+g6Jw=
 golang.org/x/sync v0.12.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -508,14 +522,21 @@ golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.31.0 h1:ioabZlmFYtWhL+TRYpcnNlLwhyxaM9kWTDEmfnprqik=
 golang.org/x/sys v0.31.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
+golang.org/x/telemetry v0.0.0-20240228155512-f48c80bd79b2/go.mod h1:TeRTkGYfJXctD9OcfyVLyj2J3IxLnKwHJR8f4D8a3YE=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
 golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo=
-golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0=
+golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU=
+golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk=
+golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY=
+golang.org/x/term v0.27.0/go.mod h1:iMsnZpn0cago0GOrHO2+Y7u7JPn5AylBrcoWkElMTSM=
 golang.org/x/term v0.30.0 h1:PQ39fJZ+mfadBm0y5WlL4vlM7Sx1Hgf13sMIY2+QS9Y=
 golang.org/x/term v0.30.0/go.mod h1:NYYFdzHoI5wRh/h5tDMdMqCqPJZEuNqVR5xJLd/n67g=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -527,7 +548,10 @@ golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
+golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
 golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
+golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
+golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ=
 golang.org/x/text v0.23.0 h1:D71I7dUrlY+VX0gQShAThNGHFxZ13dGLBHQLVl1mJlY=
 golang.org/x/text v0.23.0/go.mod h1:/BLNzu4aZCJ1+kcD0DNRotWKage4q2rGVAg4o22unh4=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
@@ -564,6 +588,8 @@ golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roY
 golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
 golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
+golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58=
+golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk=
 golang.org/x/tools v0.31.0 h1:0EedkvKDbh+qistFTd0Bcwe/YLh4vHwWEkiI0toFIBU=
 golang.org/x/tools v0.31.0/go.mod h1:naFTU+Cev749tSJRXJlna0T3WxKvb1kWEx15xA4SdmQ=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=

From 9ff918bf0b99f1774d3c8920c7b8e69d65e2663a Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 24 Mar 2025 13:10:55 -0600
Subject: [PATCH 23/46] build(deps): bump github.com/docker/docker (#216)

Bumps [github.com/docker/docker](https://github.com/docker/docker) from 28.0.1+incompatible to 28.0.2+incompatible.
- [Release notes](https://github.com/docker/docker/releases)
- [Commits](https://github.com/docker/docker/compare/v28.0.1...v28.0.2)

---
updated-dependencies:
- dependency-name: github.com/docker/docker
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index e79383e46..5a0ddeadd 100644
--- a/go.mod
+++ b/go.mod
@@ -16,7 +16,7 @@ require (
 	github.com/buger/jsonparser v1.1.1
 	github.com/cenkalti/backoff/v4 v4.3.0
 	github.com/creasty/defaults v1.8.0
-	github.com/docker/docker v28.0.1+incompatible
+	github.com/docker/docker v28.0.2+incompatible
 	github.com/docker/go-connections v0.5.0
 	github.com/fatih/color v1.18.0
 	github.com/franela/goblin v0.0.0-20211003143422-0a4f594942bf
diff --git a/go.sum b/go.sum
index 45b213e34..e44bbf824 100644
--- a/go.sum
+++ b/go.sum
@@ -88,8 +88,8 @@ github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5QvfrDyIgxBk=
 github.com/distribution/reference v0.6.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E=
-github.com/docker/docker v28.0.1+incompatible h1:FCHjSRdXhNRFjlHMTv4jUNlIBbTeRjrWfeFuJp7jpo0=
-github.com/docker/docker v28.0.1+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
+github.com/docker/docker v28.0.2+incompatible h1:9BILleFwug5FSSqWBgVevgL3ewDJfWWWyZVqlDMttE8=
+github.com/docker/docker v28.0.2+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
 github.com/docker/go-connections v0.5.0 h1:USnMq7hx7gwdVZq1L49hLXaFtUdTADjXGp+uj1Br63c=
 github.com/docker/go-connections v0.5.0/go.mod h1:ov60Kzw0kKElRwhNs9UlUHAE/F9Fe6GLaXnqyDdmEXc=
 github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4=

From 81e8c9a8c4959a8b0c2484e1468d5b1e5c0131d3 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 31 Mar 2025 11:43:17 -0600
Subject: [PATCH 24/46] build(deps): bump github.com/pkg/sftp from 1.13.8 to
 1.13.9 (#218)

Bumps [github.com/pkg/sftp](https://github.com/pkg/sftp) from 1.13.8 to 1.13.9.
- [Release notes](https://github.com/pkg/sftp/releases)
- [Commits](https://github.com/pkg/sftp/compare/v1.13.8...v1.13.9)

---
updated-dependencies:
- dependency-name: github.com/pkg/sftp
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 4 ++--
 go.sum | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/go.mod b/go.mod
index 5a0ddeadd..7b6e92203 100644
--- a/go.mod
+++ b/go.mod
@@ -2,7 +2,7 @@ module github.com/pterodactyl/wings
 
 go 1.23.0
 
-toolchain go1.23.6
+toolchain go1.24.1
 
 require (
 	emperror.dev/errors v0.8.1
@@ -38,7 +38,7 @@ require (
 	github.com/mholt/archives v0.1.0
 	github.com/mitchellh/colorstring v0.0.0-20190213212951-d06e56a500db
 	github.com/patrickmn/go-cache v2.1.0+incompatible
-	github.com/pkg/sftp v1.13.8
+	github.com/pkg/sftp v1.13.9
 	github.com/sabhiram/go-gitignore v0.0.0-20210923224102-525f6e181f06
 	github.com/spf13/cobra v1.9.1
 	github.com/stretchr/testify v1.10.0
diff --git a/go.sum b/go.sum
index e44bbf824..b9f40eadb 100644
--- a/go.sum
+++ b/go.sum
@@ -298,8 +298,8 @@ github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsK
 github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
-github.com/pkg/sftp v1.13.8 h1:Xt7eJ/xqXv7s0VuzFw7JXhZj6Oc1zI6l4GK8KP9sFB0=
-github.com/pkg/sftp v1.13.8/go.mod h1:DmvEkvKE2lshEeuo2JMp06yqcx9HVnR7e3zqQl42F3U=
+github.com/pkg/sftp v1.13.9 h1:4NGkvGudBL7GteO3m6qnaQ4pC0Kvf0onSVc9gR3EWBw=
+github.com/pkg/sftp v1.13.9/go.mod h1:OBN7bVXdstkFFN/gdnHPUb5TE8eb8G1Rp9wCItqjkkA=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=

From 104fe1aace6f025abcb4a52ffd3cda504f2b9ac9 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 31 Mar 2025 11:43:36 -0600
Subject: [PATCH 25/46] build(deps): bump github.com/docker/docker (#217)

Bumps [github.com/docker/docker](https://github.com/docker/docker) from 28.0.2+incompatible to 28.0.4+incompatible.
- [Release notes](https://github.com/docker/docker/releases)
- [Commits](https://github.com/docker/docker/compare/v28.0.2...v28.0.4)

---
updated-dependencies:
- dependency-name: github.com/docker/docker
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 7b6e92203..d707d99e1 100644
--- a/go.mod
+++ b/go.mod
@@ -16,7 +16,7 @@ require (
 	github.com/buger/jsonparser v1.1.1
 	github.com/cenkalti/backoff/v4 v4.3.0
 	github.com/creasty/defaults v1.8.0
-	github.com/docker/docker v28.0.2+incompatible
+	github.com/docker/docker v28.0.4+incompatible
 	github.com/docker/go-connections v0.5.0
 	github.com/fatih/color v1.18.0
 	github.com/franela/goblin v0.0.0-20211003143422-0a4f594942bf
diff --git a/go.sum b/go.sum
index b9f40eadb..244e4a2a7 100644
--- a/go.sum
+++ b/go.sum
@@ -88,8 +88,8 @@ github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5QvfrDyIgxBk=
 github.com/distribution/reference v0.6.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E=
-github.com/docker/docker v28.0.2+incompatible h1:9BILleFwug5FSSqWBgVevgL3ewDJfWWWyZVqlDMttE8=
-github.com/docker/docker v28.0.2+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
+github.com/docker/docker v28.0.4+incompatible h1:JNNkBctYKurkw6FrHfKqY0nKIDf5nrbxjVBtS+cdcok=
+github.com/docker/docker v28.0.4+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
 github.com/docker/go-connections v0.5.0 h1:USnMq7hx7gwdVZq1L49hLXaFtUdTADjXGp+uj1Br63c=
 github.com/docker/go-connections v0.5.0/go.mod h1:ov60Kzw0kKElRwhNs9UlUHAE/F9Fe6GLaXnqyDdmEXc=
 github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4=

From 489af48eb96b955a0231721aae69700eb02f03d7 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 1 Apr 2025 11:49:06 -0600
Subject: [PATCH 26/46] build(deps): bump docker/login-action from 3.3.0 to
 3.4.0 (#222)

Bumps [docker/login-action](https://github.com/docker/login-action) from 3.3.0 to 3.4.0.
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](https://github.com/docker/login-action/compare/9780b0c442fbb1117ed29e0efdff1e18412f7567...74a5d142397b4f367a81961eba4e8cd7edddf772)

---
updated-dependencies:
- dependency-name: docker/login-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/workflows/docker.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml
index 844cfe88a..6460ef455 100644
--- a/.github/workflows/docker.yaml
+++ b/.github/workflows/docker.yaml
@@ -40,7 +40,7 @@ jobs:
         uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
 
       - name: Login to GitHub Container Registry
-        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
+        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
         with:
           registry: ghcr.io
           username: ${{ github.actor }}

From cecdc8c61270bceeaae8e9923f077629b4002f17 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 1 Apr 2025 11:49:28 -0600
Subject: [PATCH 27/46] build(deps): bump github/codeql-action from 3.28.11 to
 3.28.13 (#221)

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.28.11 to 3.28.13.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/6bb031afdd8eb862ea3fc1848194185e076637e5...1b549b9259bda1cb5ddde3b41741a82a2d15a841)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/workflows/codeql.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml
index cc0e75a7c..de616f639 100644
--- a/.github/workflows/codeql.yaml
+++ b/.github/workflows/codeql.yaml
@@ -29,10 +29,10 @@ jobs:
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@6bb031afdd8eb862ea3fc1848194185e076637e5 # v3.28.11
+        uses: github/codeql-action/init@1b549b9259bda1cb5ddde3b41741a82a2d15a841 # v3.28.13
         with:
           languages: ${{ matrix.language }}
           build-mode: ${{ matrix.build-mode }}
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@6bb031afdd8eb862ea3fc1848194185e076637e5 # v3.28.11
+        uses: github/codeql-action/analyze@1b549b9259bda1cb5ddde3b41741a82a2d15a841 # v3.28.13

From 74fd19c86f294bc217b444e5ceced3a725de3d60 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 1 Apr 2025 11:50:36 -0600
Subject: [PATCH 28/46] build(deps): bump actions/setup-go from 5.3.0 to 5.4.0
 (#220)

Bumps [actions/setup-go](https://github.com/actions/setup-go) from 5.3.0 to 5.4.0.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](https://github.com/actions/setup-go/compare/f111f3307d8850f501ac008e886eec1fd1932a34...0aaccfd150d50ccaeb58ebd88d36e91967a5f35b)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/workflows/push.yaml    | 2 +-
 .github/workflows/release.yaml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/push.yaml b/.github/workflows/push.yaml
index f3d073ed8..eff089288 100644
--- a/.github/workflows/push.yaml
+++ b/.github/workflows/push.yaml
@@ -26,7 +26,7 @@ jobs:
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Setup Go
-        uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
+        uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5.4.0
         with:
           go-version: ${{ matrix.go }}
 
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index e5326105c..716bee707 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -17,7 +17,7 @@ jobs:
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Setup Go
-        uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
+        uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5.4.0
         with:
           go-version: "1.23.7"
 

From 3d90ac59090d95d49d76446d5731b91b8c7236fe Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 1 Apr 2025 11:50:49 -0600
Subject: [PATCH 29/46] build(deps): bump actions/upload-artifact from 4.6.1 to
 4.6.2 (#219)

Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.6.1 to 4.6.2.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1...ea165f8d65b6e75b540449e92b4886f43607fa02)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/workflows/push.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/push.yaml b/.github/workflows/push.yaml
index eff089288..508f658c6 100644
--- a/.github/workflows/push.yaml
+++ b/.github/workflows/push.yaml
@@ -62,14 +62,14 @@ jobs:
           go test -race $(go list ./...)
 
       - name: Upload Release Artifact
-        uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
         if: ${{ (github.ref == 'refs/heads/develop' || github.event_name == 'pull_request') && matrix.go == '1.23.7' }}
         with:
           name: wings_linux_${{ matrix.goarch }}
           path: dist/wings
 
       - name: Upload Debug Artifact
-        uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
         if: ${{ (github.ref == 'refs/heads/develop' || github.event_name == 'pull_request') && matrix.go == '1.23.7' }}
         with:
           name: wings_linux_${{ matrix.goarch }}_debug

From a4e16748b0bbf384614008d111d41c93492b1f9c Mon Sep 17 00:00:00 2001
From: Matthew Penner <me@matthewp.io>
Date: Tue, 1 Apr 2025 13:31:48 -0600
Subject: [PATCH 30/46] flake: switch to `go_1_24`

Signed-off-by: Matthew Penner <me@matthewp.io>
---
 flake.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/flake.nix b/flake.nix
index c2e07706f..a45999387 100644
--- a/flake.nix
+++ b/flake.nix
@@ -24,7 +24,7 @@
       in {
          devShells.default = pkgs.mkShell {
           buildInputs = with pkgs; [
-            go_1_23
+            go_1_24
             gofumpt
             golangci-lint
             gotools

From 0bc3df9306d9560f4e34a1bbbdd29fa8c056981a Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 7 Apr 2025 10:03:37 -0600
Subject: [PATCH 31/46] build(deps): bump github.com/mholt/archives from 0.1.0
 to 0.1.1 (#226)

---
 go.mod | 3 ++-
 go.sum | 6 ++++--
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index d707d99e1..270ad32e0 100644
--- a/go.mod
+++ b/go.mod
@@ -35,7 +35,7 @@ require (
 	github.com/klauspost/pgzip v1.2.6
 	github.com/magiconair/properties v1.8.9
 	github.com/mattn/go-colorable v0.1.14
-	github.com/mholt/archives v0.1.0
+	github.com/mholt/archives v0.1.1
 	github.com/mitchellh/colorstring v0.0.0-20190213212951-d06e56a500db
 	github.com/patrickmn/go-cache v2.1.0+incompatible
 	github.com/pkg/sftp v1.13.9
@@ -93,6 +93,7 @@ require (
 	github.com/magefile/mage v1.15.0 // indirect
 	github.com/mattn/go-isatty v0.0.20 // indirect
 	github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d // indirect
+	github.com/minio/minlz v1.0.0 // indirect
 	github.com/moby/docker-image-spec v1.3.1 // indirect
 	github.com/moby/term v0.0.0-20220808134915-39b0c02b01ae // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
diff --git a/go.sum b/go.sum
index 244e4a2a7..3f0bc2ed8 100644
--- a/go.sum
+++ b/go.sum
@@ -263,8 +263,10 @@ github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D
 github.com/mgutz/ansi v0.0.0-20170206155736-9520e82c474b/go.mod h1:01TrycV0kFyexm33Z7vhZRXopbI8J3TDReVlkTgMUxE=
 github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d h1:5PJl274Y63IEHC+7izoQE9x6ikvDFZS2mDVS3drnohI=
 github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d/go.mod h1:01TrycV0kFyexm33Z7vhZRXopbI8J3TDReVlkTgMUxE=
-github.com/mholt/archives v0.1.0 h1:FacgJyrjiuyomTuNA92X5GyRBRZjE43Y/lrzKIlF35Q=
-github.com/mholt/archives v0.1.0/go.mod h1:j/Ire/jm42GN7h90F5kzj6hf6ZFzEH66de+hmjEKu+I=
+github.com/mholt/archives v0.1.1 h1:c7J3qXN1FB54y0qiUXiq9Bxk4eCUc8pdXWwOhZdRzeY=
+github.com/mholt/archives v0.1.1/go.mod h1:FQVz01Q2uXKB/35CXeW/QFO23xT+hSCGZHVtha78U4I=
+github.com/minio/minlz v1.0.0 h1:Kj7aJZ1//LlTP1DM8Jm7lNKvvJS2m74gyyXXn3+uJWQ=
+github.com/minio/minlz v1.0.0/go.mod h1:qT0aEB35q79LLornSzeDH75LBf3aH1MV+jB5w9Wasec=
 github.com/mitchellh/colorstring v0.0.0-20190213212951-d06e56a500db h1:62I3jR2EmQ4l5rM/4FEfDWcRD+abF5XlKShorW5LRoQ=
 github.com/mitchellh/colorstring v0.0.0-20190213212951-d06e56a500db/go.mod h1:l0dey0ia/Uv7NcFFVbCLtqEBQbrT4OCwCSKTEv6enCw=
 github.com/moby/docker-image-spec v1.3.1 h1:jMKff3w6PgbfSa69GfNg+zN/XLhfXJGnEx3Nl2EsFP0=

From 9533f4f04af028ce98a73d349775f3efaa75314d Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 7 Apr 2025 10:03:50 -0600
Subject: [PATCH 32/46] build(deps): bump golang.org/x/sys from 0.31.0 to
 0.32.0 (#225)

---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 270ad32e0..e2aa4c3db 100644
--- a/go.mod
+++ b/go.mod
@@ -44,7 +44,7 @@ require (
 	github.com/stretchr/testify v1.10.0
 	golang.org/x/crypto v0.36.0
 	golang.org/x/sync v0.12.0
-	golang.org/x/sys v0.31.0
+	golang.org/x/sys v0.32.0
 	gopkg.in/ini.v1 v1.67.0
 	gopkg.in/yaml.v2 v2.4.0
 	gopkg.in/yaml.v3 v3.0.1
diff --git a/go.sum b/go.sum
index 3f0bc2ed8..a7a2f0e20 100644
--- a/go.sum
+++ b/go.sum
@@ -528,8 +528,8 @@ golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/sys v0.31.0 h1:ioabZlmFYtWhL+TRYpcnNlLwhyxaM9kWTDEmfnprqik=
-golang.org/x/sys v0.31.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
+golang.org/x/sys v0.32.0 h1:s77OFDvIQeibCmezSnk/q6iAfkdiQaJi4VzroCFrN20=
+golang.org/x/sys v0.32.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
 golang.org/x/telemetry v0.0.0-20240228155512-f48c80bd79b2/go.mod h1:TeRTkGYfJXctD9OcfyVLyj2J3IxLnKwHJR8f4D8a3YE=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=

From 3ea9e6991a1f51b18d53a84c47b1055ef3fbedf4 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 7 Apr 2025 10:16:08 -0600
Subject: [PATCH 33/46] build(deps): bump golang.org/x/sync from 0.12.0 to
 0.13.0 (#224)

---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index e2aa4c3db..d64e73a58 100644
--- a/go.mod
+++ b/go.mod
@@ -43,7 +43,7 @@ require (
 	github.com/spf13/cobra v1.9.1
 	github.com/stretchr/testify v1.10.0
 	golang.org/x/crypto v0.36.0
-	golang.org/x/sync v0.12.0
+	golang.org/x/sync v0.13.0
 	golang.org/x/sys v0.32.0
 	gopkg.in/ini.v1 v1.67.0
 	gopkg.in/yaml.v2 v2.4.0
diff --git a/go.sum b/go.sum
index a7a2f0e20..d77b7dac7 100644
--- a/go.sum
+++ b/go.sum
@@ -498,8 +498,8 @@ golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=
 golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
-golang.org/x/sync v0.12.0 h1:MHc5BpPuC30uJk597Ri8TV3CNZcTLu6B6z4lJy+g6Jw=
-golang.org/x/sync v0.12.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
+golang.org/x/sync v0.13.0 h1:AauUjRAJ9OSnvULf/ARrrVywoJDy0YS2AwQ98I37610=
+golang.org/x/sync v0.13.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=

From 3855eecb602eebe7361dfe7223547a99db3720ba Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 7 Apr 2025 10:30:52 -0600
Subject: [PATCH 34/46] build(deps): bump golang.org/x/crypto from 0.36.0 to
 0.37.0 (#223)

Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.36.0 to 0.37.0.
- [Commits](https://github.com/golang/crypto/compare/v0.36.0...v0.37.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-version: 0.37.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod |  6 +++---
 go.sum | 12 ++++++------
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/go.mod b/go.mod
index d64e73a58..e76614ec8 100644
--- a/go.mod
+++ b/go.mod
@@ -42,7 +42,7 @@ require (
 	github.com/sabhiram/go-gitignore v0.0.0-20210923224102-525f6e181f06
 	github.com/spf13/cobra v1.9.1
 	github.com/stretchr/testify v1.10.0
-	golang.org/x/crypto v0.36.0
+	golang.org/x/crypto v0.37.0
 	golang.org/x/sync v0.13.0
 	golang.org/x/sys v0.32.0
 	gopkg.in/ini.v1 v1.67.0
@@ -128,8 +128,8 @@ require (
 	golang.org/x/arch v0.15.0 // indirect
 	golang.org/x/exp v0.0.0-20250305212735-054e65f0b394 // indirect
 	golang.org/x/net v0.37.0 // indirect
-	golang.org/x/term v0.30.0 // indirect
-	golang.org/x/text v0.23.0 // indirect
+	golang.org/x/term v0.31.0 // indirect
+	golang.org/x/text v0.24.0 // indirect
 	golang.org/x/time v0.0.0-20220922220347-f3bd1da661af // indirect
 	golang.org/x/xerrors v0.0.0-20240903120638-7835f813f4da // indirect
 	google.golang.org/protobuf v1.36.5 // indirect
diff --git a/go.sum b/go.sum
index d77b7dac7..78bad02a1 100644
--- a/go.sum
+++ b/go.sum
@@ -417,8 +417,8 @@ golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliY
 golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU=
 golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8=
 golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk=
-golang.org/x/crypto v0.36.0 h1:AnAEvhDddvBdpY+uR+MyHmuZzzNqXSe/GvuDeob5L34=
-golang.org/x/crypto v0.36.0/go.mod h1:Y4J0ReaxCR1IMaabaSMugxJES1EpwhBHhv2bDHklZvc=
+golang.org/x/crypto v0.37.0 h1:kJNSjF/Xp7kU0iB2Z+9viTPMW4EqqsrywMXLJOOsXSE=
+golang.org/x/crypto v0.37.0/go.mod h1:vg+k43peMZ0pUMhYmVAWysMK35e6ioLh3wB8ZCAfbVc=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
@@ -539,8 +539,8 @@ golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU=
 golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk=
 golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY=
 golang.org/x/term v0.27.0/go.mod h1:iMsnZpn0cago0GOrHO2+Y7u7JPn5AylBrcoWkElMTSM=
-golang.org/x/term v0.30.0 h1:PQ39fJZ+mfadBm0y5WlL4vlM7Sx1Hgf13sMIY2+QS9Y=
-golang.org/x/term v0.30.0/go.mod h1:NYYFdzHoI5wRh/h5tDMdMqCqPJZEuNqVR5xJLd/n67g=
+golang.org/x/term v0.31.0 h1:erwDkOK1Msy6offm1mOgvspSkslFnIGsFnxOKoufg3o=
+golang.org/x/term v0.31.0/go.mod h1:R4BeIy7D95HzImkxGkTW1UQTtP54tio2RyHz7PwK0aw=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -554,8 +554,8 @@ golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
 golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ=
-golang.org/x/text v0.23.0 h1:D71I7dUrlY+VX0gQShAThNGHFxZ13dGLBHQLVl1mJlY=
-golang.org/x/text v0.23.0/go.mod h1:/BLNzu4aZCJ1+kcD0DNRotWKage4q2rGVAg4o22unh4=
+golang.org/x/text v0.24.0 h1:dd5Bzh4yt5KYA8f9CJHCP4FB4D51c2c6JvN37xJJkJ0=
+golang.org/x/text v0.24.0/go.mod h1:L8rBsPeo2pSS+xqN0d5u2ikmjtmoJbDBT1b7nHvFCdU=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20220922220347-f3bd1da661af h1:Yx9k8YCG3dvF87UAn2tu2HQLf2dt/eR1bXxpLMWeH+Y=

From ae1192f760c1d8077e4b38e731b5a3ae5a5e2192 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 16 Apr 2025 17:45:26 -0600
Subject: [PATCH 35/46] build(deps): bump golang.org/x/net from 0.37.0 to
 0.38.0 (#229)

Bumps [golang.org/x/net](https://github.com/golang/net) from 0.37.0 to 0.38.0.
- [Commits](https://github.com/golang/net/compare/v0.37.0...v0.38.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-version: 0.38.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index e76614ec8..9166af7c9 100644
--- a/go.mod
+++ b/go.mod
@@ -127,7 +127,7 @@ require (
 	go4.org v0.0.0-20230225012048-214862532bf5 // indirect
 	golang.org/x/arch v0.15.0 // indirect
 	golang.org/x/exp v0.0.0-20250305212735-054e65f0b394 // indirect
-	golang.org/x/net v0.37.0 // indirect
+	golang.org/x/net v0.38.0 // indirect
 	golang.org/x/term v0.31.0 // indirect
 	golang.org/x/text v0.24.0 // indirect
 	golang.org/x/time v0.0.0-20220922220347-f3bd1da661af // indirect
diff --git a/go.sum b/go.sum
index 78bad02a1..8fa19f612 100644
--- a/go.sum
+++ b/go.sum
@@ -478,8 +478,8 @@ golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
 golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk=
 golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44=
 golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM=
-golang.org/x/net v0.37.0 h1:1zLorHbz+LYj7MQlSf1+2tPIIgibq2eL5xkrGk6f+2c=
-golang.org/x/net v0.37.0/go.mod h1:ivrbrMbzFq5J41QOQh0siUuly180yBYtLp+CKbEaFx8=
+golang.org/x/net v0.38.0 h1:vRMAPTMaeGqVhG5QyLJHqNDwecKTomGeqbnfZyKlBI8=
+golang.org/x/net v0.38.0/go.mod h1:ivrbrMbzFq5J41QOQh0siUuly180yBYtLp+CKbEaFx8=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=

From 2a94eb0af53da7294d8b1ab3aebacb072e0121fc Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 28 Apr 2025 09:24:27 -0600
Subject: [PATCH 36/46] build(deps): bump gorm.io/gorm from 1.25.12 to 1.26.0
 (#234)

Bumps [gorm.io/gorm](https://github.com/go-gorm/gorm) from 1.25.12 to 1.26.0.
- [Release notes](https://github.com/go-gorm/gorm/releases)
- [Commits](https://github.com/go-gorm/gorm/compare/v1.25.12...v1.26.0)

---
updated-dependencies:
- dependency-name: gorm.io/gorm
  dependency-version: 1.26.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 9166af7c9..faa22fc8b 100644
--- a/go.mod
+++ b/go.mod
@@ -48,7 +48,7 @@ require (
 	gopkg.in/ini.v1 v1.67.0
 	gopkg.in/yaml.v2 v2.4.0
 	gopkg.in/yaml.v3 v3.0.1
-	gorm.io/gorm v1.25.12
+	gorm.io/gorm v1.26.0
 )
 
 require (
diff --git a/go.sum b/go.sum
index 8fa19f612..fd7cb7485 100644
--- a/go.sum
+++ b/go.sum
@@ -660,8 +660,8 @@ gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C
 gopkg.in/yaml.v3 v3.0.0-20200605160147-a5ece683394c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gorm.io/gorm v1.25.12 h1:I0u8i2hWQItBq1WfE0o2+WuL9+8L21K9e2HHSTE/0f8=
-gorm.io/gorm v1.25.12/go.mod h1:xh7N7RHfYlNc5EmcI/El95gXusucDrQnHXe0+CgWcLQ=
+gorm.io/gorm v1.26.0 h1:9lqQVPG5aNNS6AyHdRiwScAVnXHg/L/Srzx55G5fOgs=
+gorm.io/gorm v1.26.0/go.mod h1:8Z33v652h4//uMA76KjeDH8mJXPm1QNCYrMeatR0DOE=
 gotest.tools/v3 v3.0.2 h1:kG1BFyqVHuQoVQiR1bWGnfz/fmHvvuiSPIV7rvl360E=
 gotest.tools/v3 v3.0.2/go.mod h1:3SzNCllyD9/Y+b5r9JIKQ474KzkZyqLqEfYqMsX94Bk=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=

From cb391bcbb807e2f8f4a353265d70d66b4a424253 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 1 May 2025 18:40:52 +0000
Subject: [PATCH 37/46] build(deps): bump docker/build-push-action from 6.15.0
 to 6.16.0 (#235)

---
 .github/workflows/docker.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml
index 6460ef455..a9c428088 100644
--- a/.github/workflows/docker.yaml
+++ b/.github/workflows/docker.yaml
@@ -53,7 +53,7 @@ jobs:
           echo "short_sha=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
 
       - name: Build and Push (tag)
-        uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0
+        uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6.16.0
         if: "github.event_name == 'release' && github.event.action == 'published'"
         with:
           context: .
@@ -66,7 +66,7 @@ jobs:
           tags: ${{ steps.docker_meta.outputs.tags }}
 
       - name: Build and Push (develop)
-        uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0
+        uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6.16.0
         if: "github.event_name == 'push' && contains(github.ref, 'develop')"
         with:
           context: .

From 25aaf127f6a11741ea6be58b89ae26f6157f4eac Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 1 May 2025 18:41:54 +0000
Subject: [PATCH 38/46] build(deps): bump softprops/action-gh-release from
 2.2.1 to 2.2.2 (#236)

---
 .github/workflows/release.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 716bee707..bd103be12 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -59,7 +59,7 @@ jobs:
           git push
 
       - name: Create release
-        uses: softprops/action-gh-release@c95fe1489396fe8a9eb87c0abf8aa5b2ef267fda # v2.2.1
+        uses: softprops/action-gh-release@da05d552573ad5aba039eaac05058a918a7bf631 # v2.2.2
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:

From d2b4e983f521f567af1e8c15af3b9b1c59ef4526 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 1 May 2025 18:42:06 +0000
Subject: [PATCH 39/46] build(deps): bump github/codeql-action from 3.28.13 to
 3.28.16 (#237)

---
 .github/workflows/codeql.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml
index de616f639..a75d66424 100644
--- a/.github/workflows/codeql.yaml
+++ b/.github/workflows/codeql.yaml
@@ -29,10 +29,10 @@ jobs:
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@1b549b9259bda1cb5ddde3b41741a82a2d15a841 # v3.28.13
+        uses: github/codeql-action/init@28deaeda66b76a05916b6923827895f2b14ab387 # v3.28.16
         with:
           languages: ${{ matrix.language }}
           build-mode: ${{ matrix.build-mode }}
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@1b549b9259bda1cb5ddde3b41741a82a2d15a841 # v3.28.13
+        uses: github/codeql-action/analyze@28deaeda66b76a05916b6923827895f2b14ab387 # v3.28.16

From 35d2e0f0400872ee3edcfc8f675b9581371f3c1c Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 13 May 2025 13:51:06 -0600
Subject: [PATCH 40/46] build(deps): bump golang.org/x/sys from 0.32.0 to
 0.33.0 (#238)

Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.32.0 to 0.33.0.
- [Commits](https://github.com/golang/sys/compare/v0.32.0...v0.33.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sys
  dependency-version: 0.33.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index faa22fc8b..60876b64c 100644
--- a/go.mod
+++ b/go.mod
@@ -44,7 +44,7 @@ require (
 	github.com/stretchr/testify v1.10.0
 	golang.org/x/crypto v0.37.0
 	golang.org/x/sync v0.13.0
-	golang.org/x/sys v0.32.0
+	golang.org/x/sys v0.33.0
 	gopkg.in/ini.v1 v1.67.0
 	gopkg.in/yaml.v2 v2.4.0
 	gopkg.in/yaml.v3 v3.0.1
diff --git a/go.sum b/go.sum
index fd7cb7485..121591e39 100644
--- a/go.sum
+++ b/go.sum
@@ -528,8 +528,8 @@ golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/sys v0.32.0 h1:s77OFDvIQeibCmezSnk/q6iAfkdiQaJi4VzroCFrN20=
-golang.org/x/sys v0.32.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
+golang.org/x/sys v0.33.0 h1:q3i8TbbEz+JRD9ywIRlyRAQbM0qF7hu24q3teo2hbuw=
+golang.org/x/sys v0.33.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
 golang.org/x/telemetry v0.0.0-20240228155512-f48c80bd79b2/go.mod h1:TeRTkGYfJXctD9OcfyVLyj2J3IxLnKwHJR8f4D8a3YE=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=

From a94d4ec5e53376cd4b45e586442454712e76f51a Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 2 Jun 2025 10:24:03 -0600
Subject: [PATCH 41/46] build(deps): bump actions/setup-go from 5.4.0 to 5.5.0
 (#242)

---
 .github/workflows/push.yaml    | 2 +-
 .github/workflows/release.yaml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/push.yaml b/.github/workflows/push.yaml
index 508f658c6..559864cdb 100644
--- a/.github/workflows/push.yaml
+++ b/.github/workflows/push.yaml
@@ -26,7 +26,7 @@ jobs:
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Setup Go
-        uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5.4.0
+        uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
         with:
           go-version: ${{ matrix.go }}
 
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index bd103be12..e3151dc5e 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -17,7 +17,7 @@ jobs:
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Setup Go
-        uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5.4.0
+        uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
         with:
           go-version: "1.23.7"
 

From b7d442ecc07f83b01bf0e6795eecb0bd89ee2576 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 2 Jun 2025 10:24:12 -0600
Subject: [PATCH 42/46] build(deps): bump github/codeql-action from 3.28.16 to
 3.28.18 (#243)

---
 .github/workflows/codeql.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml
index a75d66424..285cf697c 100644
--- a/.github/workflows/codeql.yaml
+++ b/.github/workflows/codeql.yaml
@@ -29,10 +29,10 @@ jobs:
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@28deaeda66b76a05916b6923827895f2b14ab387 # v3.28.16
+        uses: github/codeql-action/init@ff0a06e83cb2de871e5a09832bc6a81e7276941f # v3.28.18
         with:
           languages: ${{ matrix.language }}
           build-mode: ${{ matrix.build-mode }}
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@28deaeda66b76a05916b6923827895f2b14ab387 # v3.28.16
+        uses: github/codeql-action/analyze@ff0a06e83cb2de871e5a09832bc6a81e7276941f # v3.28.18

From b6f07bc9590bb2e52ab7b3a4dff9d1a053dfaf75 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 2 Jun 2025 10:24:23 -0600
Subject: [PATCH 43/46] build(deps): bump docker/build-push-action from 6.16.0
 to 6.18.0 (#244)

---
 .github/workflows/docker.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml
index a9c428088..2d026e62a 100644
--- a/.github/workflows/docker.yaml
+++ b/.github/workflows/docker.yaml
@@ -53,7 +53,7 @@ jobs:
           echo "short_sha=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
 
       - name: Build and Push (tag)
-        uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6.16.0
+        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
         if: "github.event_name == 'release' && github.event.action == 'published'"
         with:
           context: .
@@ -66,7 +66,7 @@ jobs:
           tags: ${{ steps.docker_meta.outputs.tags }}
 
       - name: Build and Push (develop)
-        uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6.16.0
+        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
         if: "github.event_name == 'push' && contains(github.ref, 'develop')"
         with:
           context: .

From d1f2c4e641877e8cc3cbc930c3d360f4c33b1dab Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 2 Jun 2025 10:26:13 -0600
Subject: [PATCH 44/46] build(deps): bump github.com/docker/docker (#245)

---
 go.mod |  5 ++++-
 go.sum | 12 ++++++++++--
 2 files changed, 14 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 60876b64c..da8fa65f7 100644
--- a/go.mod
+++ b/go.mod
@@ -16,7 +16,7 @@ require (
 	github.com/buger/jsonparser v1.1.1
 	github.com/cenkalti/backoff/v4 v4.3.0
 	github.com/creasty/defaults v1.8.0
-	github.com/docker/docker v28.0.4+incompatible
+	github.com/docker/docker v28.2.2+incompatible
 	github.com/docker/go-connections v0.5.0
 	github.com/fatih/color v1.18.0
 	github.com/franela/goblin v0.0.0-20211003143422-0a4f594942bf
@@ -62,6 +62,8 @@ require (
 	github.com/bytedance/sonic v1.13.1 // indirect
 	github.com/bytedance/sonic/loader v0.2.4 // indirect
 	github.com/cloudwego/base64x v0.1.5 // indirect
+	github.com/containerd/errdefs v0.3.0 // indirect
+	github.com/containerd/errdefs/pkg v0.3.0 // indirect
 	github.com/containerd/log v0.1.0 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/distribution/reference v0.6.0 // indirect
@@ -95,6 +97,7 @@ require (
 	github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d // indirect
 	github.com/minio/minlz v1.0.0 // indirect
 	github.com/moby/docker-image-spec v1.3.1 // indirect
+	github.com/moby/sys/atomicwriter v0.1.0 // indirect
 	github.com/moby/term v0.0.0-20220808134915-39b0c02b01ae // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
diff --git a/go.sum b/go.sum
index 121591e39..f8d217860 100644
--- a/go.sum
+++ b/go.sum
@@ -74,6 +74,10 @@ github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDk
 github.com/cloudwego/base64x v0.1.5 h1:XPciSp1xaq2VCSt6lF0phncD4koWyULpl5bUxbfCyP4=
 github.com/cloudwego/base64x v0.1.5/go.mod h1:0zlkT4Wn5C6NdauXdJRhSKRlJvmclQ1hhJgA0rcu/8w=
 github.com/cloudwego/iasm v0.2.0/go.mod h1:8rXZaNYT2n95jn+zTI1sDr+IgcD2GVs0nlbbQPiEFhY=
+github.com/containerd/errdefs v0.3.0 h1:FSZgGOeK4yuT/+DnF07/Olde/q4KBoMsaamhXxIMDp4=
+github.com/containerd/errdefs v0.3.0/go.mod h1:+YBYIdtsnF4Iw6nWZhJcqGSg/dwvV7tyJ/kCkyJ2k+M=
+github.com/containerd/errdefs/pkg v0.3.0 h1:9IKJ06FvyNlexW690DXuQNx2KA2cUJXx151Xdx3ZPPE=
+github.com/containerd/errdefs/pkg v0.3.0/go.mod h1:NJw6s9HwNuRhnjJhM7pylWwMyAkmCQvQ4GpJHEqRLVk=
 github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I=
 github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo=
 github.com/cpuguy83/go-md2man/v2 v2.0.6/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g=
@@ -88,8 +92,8 @@ github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5QvfrDyIgxBk=
 github.com/distribution/reference v0.6.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E=
-github.com/docker/docker v28.0.4+incompatible h1:JNNkBctYKurkw6FrHfKqY0nKIDf5nrbxjVBtS+cdcok=
-github.com/docker/docker v28.0.4+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
+github.com/docker/docker v28.2.2+incompatible h1:CjwRSksz8Yo4+RmQ339Dp/D2tGO5JxwYeqtMOEe0LDw=
+github.com/docker/docker v28.2.2+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
 github.com/docker/go-connections v0.5.0 h1:USnMq7hx7gwdVZq1L49hLXaFtUdTADjXGp+uj1Br63c=
 github.com/docker/go-connections v0.5.0/go.mod h1:ov60Kzw0kKElRwhNs9UlUHAE/F9Fe6GLaXnqyDdmEXc=
 github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4=
@@ -271,6 +275,10 @@ github.com/mitchellh/colorstring v0.0.0-20190213212951-d06e56a500db h1:62I3jR2Em
 github.com/mitchellh/colorstring v0.0.0-20190213212951-d06e56a500db/go.mod h1:l0dey0ia/Uv7NcFFVbCLtqEBQbrT4OCwCSKTEv6enCw=
 github.com/moby/docker-image-spec v1.3.1 h1:jMKff3w6PgbfSa69GfNg+zN/XLhfXJGnEx3Nl2EsFP0=
 github.com/moby/docker-image-spec v1.3.1/go.mod h1:eKmb5VW8vQEh/BAr2yvVNvuiJuY6UIocYsFu/DxxRpo=
+github.com/moby/sys/atomicwriter v0.1.0 h1:kw5D/EqkBwsBFi0ss9v1VG3wIkVhzGvLklJ+w3A14Sw=
+github.com/moby/sys/atomicwriter v0.1.0/go.mod h1:Ul8oqv2ZMNHOceF643P6FKPXeCmYtlQMvpizfsSoaWs=
+github.com/moby/sys/sequential v0.6.0 h1:qrx7XFUd/5DxtqcoH1h438hF5TmOvzC/lspjy7zgvCU=
+github.com/moby/sys/sequential v0.6.0/go.mod h1:uyv8EUTrca5PnDsdMGXhZe6CCe8U/UiTWd+lL+7b/Ko=
 github.com/moby/term v0.0.0-20220808134915-39b0c02b01ae h1:O4SWKdcHVCvYqyDV+9CJA1fcDN2L11Bule0iFy3YlAI=
 github.com/moby/term v0.0.0-20220808134915-39b0c02b01ae/go.mod h1:E2VnQOmVuvZB6UYnnDB0qG5Nq/1tD9acaOpo6xmt0Kw=
 github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=

From 56bb2ce2985e8011ef77c83fff486cacef6bf6ab Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 9 Jun 2025 10:17:57 -0600
Subject: [PATCH 45/46] build(deps): bump golang.org/x/crypto from 0.37.0 to
 0.39.0 (#246)

Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.37.0 to 0.39.0.
- [Commits](https://github.com/golang/crypto/compare/v0.37.0...v0.39.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-version: 0.39.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod |  8 ++++----
 go.sum | 24 ++++++++++++------------
 2 files changed, 16 insertions(+), 16 deletions(-)

diff --git a/go.mod b/go.mod
index da8fa65f7..b65fb5402 100644
--- a/go.mod
+++ b/go.mod
@@ -42,8 +42,8 @@ require (
 	github.com/sabhiram/go-gitignore v0.0.0-20210923224102-525f6e181f06
 	github.com/spf13/cobra v1.9.1
 	github.com/stretchr/testify v1.10.0
-	golang.org/x/crypto v0.37.0
-	golang.org/x/sync v0.13.0
+	golang.org/x/crypto v0.39.0
+	golang.org/x/sync v0.15.0
 	golang.org/x/sys v0.33.0
 	gopkg.in/ini.v1 v1.67.0
 	gopkg.in/yaml.v2 v2.4.0
@@ -131,8 +131,8 @@ require (
 	golang.org/x/arch v0.15.0 // indirect
 	golang.org/x/exp v0.0.0-20250305212735-054e65f0b394 // indirect
 	golang.org/x/net v0.38.0 // indirect
-	golang.org/x/term v0.31.0 // indirect
-	golang.org/x/text v0.24.0 // indirect
+	golang.org/x/term v0.32.0 // indirect
+	golang.org/x/text v0.26.0 // indirect
 	golang.org/x/time v0.0.0-20220922220347-f3bd1da661af // indirect
 	golang.org/x/xerrors v0.0.0-20240903120638-7835f813f4da // indirect
 	google.golang.org/protobuf v1.36.5 // indirect
diff --git a/go.sum b/go.sum
index f8d217860..57dda2c67 100644
--- a/go.sum
+++ b/go.sum
@@ -425,8 +425,8 @@ golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliY
 golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU=
 golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8=
 golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk=
-golang.org/x/crypto v0.37.0 h1:kJNSjF/Xp7kU0iB2Z+9viTPMW4EqqsrywMXLJOOsXSE=
-golang.org/x/crypto v0.37.0/go.mod h1:vg+k43peMZ0pUMhYmVAWysMK35e6ioLh3wB8ZCAfbVc=
+golang.org/x/crypto v0.39.0 h1:SHs+kF4LP+f+p14esP5jAoDpHU8Gu/v9lFRK6IT5imM=
+golang.org/x/crypto v0.39.0/go.mod h1:L+Xg3Wf6HoL4Bn4238Z6ft6KfEpN0tJGo53AAPC632U=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
@@ -460,8 +460,8 @@ golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/mod v0.15.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
 golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
-golang.org/x/mod v0.24.0 h1:ZfthKaKaT4NrhGVZHO1/WDTwGES4De8KtWO0SIbNJMU=
-golang.org/x/mod v0.24.0/go.mod h1:IXM97Txy2VM4PJ3gI61r1YEk/gAj6zAHN3AdZt6S9Ww=
+golang.org/x/mod v0.25.0 h1:n7a+ZbQKQA/Ysbyb0/6IbB1H/X41mKgbhfv7AfG/44w=
+golang.org/x/mod v0.25.0/go.mod h1:IXM97Txy2VM4PJ3gI61r1YEk/gAj6zAHN3AdZt6S9Ww=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -506,8 +506,8 @@ golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=
 golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
-golang.org/x/sync v0.13.0 h1:AauUjRAJ9OSnvULf/ARrrVywoJDy0YS2AwQ98I37610=
-golang.org/x/sync v0.13.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
+golang.org/x/sync v0.15.0 h1:KWH3jNZsfyT6xfAfKiz6MRNmd46ByHDYaZ7KSkCtdW8=
+golang.org/x/sync v0.15.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -547,8 +547,8 @@ golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU=
 golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk=
 golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY=
 golang.org/x/term v0.27.0/go.mod h1:iMsnZpn0cago0GOrHO2+Y7u7JPn5AylBrcoWkElMTSM=
-golang.org/x/term v0.31.0 h1:erwDkOK1Msy6offm1mOgvspSkslFnIGsFnxOKoufg3o=
-golang.org/x/term v0.31.0/go.mod h1:R4BeIy7D95HzImkxGkTW1UQTtP54tio2RyHz7PwK0aw=
+golang.org/x/term v0.32.0 h1:DR4lr0TjUs3epypdhTOkMmuF5CDFJ/8pOnbzMZPQ7bg=
+golang.org/x/term v0.32.0/go.mod h1:uZG1FhGx848Sqfsq4/DlJr3xGGsYMu/L5GW4abiaEPQ=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -562,8 +562,8 @@ golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
 golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ=
-golang.org/x/text v0.24.0 h1:dd5Bzh4yt5KYA8f9CJHCP4FB4D51c2c6JvN37xJJkJ0=
-golang.org/x/text v0.24.0/go.mod h1:L8rBsPeo2pSS+xqN0d5u2ikmjtmoJbDBT1b7nHvFCdU=
+golang.org/x/text v0.26.0 h1:P42AVeLghgTYr4+xUnTRKDMqpar+PtX7KWuNQL21L8M=
+golang.org/x/text v0.26.0/go.mod h1:QK15LZJUUQVJxhz7wXgxSy/CJaTFjd0G+YLonydOVQA=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20220922220347-f3bd1da661af h1:Yx9k8YCG3dvF87UAn2tu2HQLf2dt/eR1bXxpLMWeH+Y=
@@ -600,8 +600,8 @@ golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc
 golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
 golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58=
 golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk=
-golang.org/x/tools v0.31.0 h1:0EedkvKDbh+qistFTd0Bcwe/YLh4vHwWEkiI0toFIBU=
-golang.org/x/tools v0.31.0/go.mod h1:naFTU+Cev749tSJRXJlna0T3WxKvb1kWEx15xA4SdmQ=
+golang.org/x/tools v0.33.0 h1:4qz2S3zmRxbGIhDIAgjxvFutSvH5EfnsYrRBj0UI0bc=
+golang.org/x/tools v0.33.0/go.mod h1:CIJMaWEY88juyUfo7UbgPqbC8rU2OqfAV1h2Qp0oMYI=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=

From ccae51322435b8332679fbb4f526b7e52826aafa Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 16 Jun 2025 11:47:30 -0600
Subject: [PATCH 46/46] build(deps): bump github.com/gin-gonic/gin from 1.10.0
 to 1.10.1 (#247)

Bumps [github.com/gin-gonic/gin](https://github.com/gin-gonic/gin) from 1.10.0 to 1.10.1.
- [Release notes](https://github.com/gin-gonic/gin/releases)
- [Changelog](https://github.com/gin-gonic/gin/blob/master/CHANGELOG.md)
- [Commits](https://github.com/gin-gonic/gin/compare/v1.10.0...v1.10.1)

---
updated-dependencies:
- dependency-name: github.com/gin-gonic/gin
  dependency-version: 1.10.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index b65fb5402..7f94f82eb 100644
--- a/go.mod
+++ b/go.mod
@@ -23,7 +23,7 @@ require (
 	github.com/gabriel-vasile/mimetype v1.4.8
 	github.com/gammazero/workerpool v1.1.3
 	github.com/gbrlsnchs/jwt/v3 v3.0.1
-	github.com/gin-gonic/gin v1.10.0
+	github.com/gin-gonic/gin v1.10.1
 	github.com/glebarez/sqlite v1.11.0
 	github.com/go-co-op/gocron v1.37.0
 	github.com/google/uuid v1.6.0
diff --git a/go.sum b/go.sum
index 57dda2c67..8fae73d4c 100644
--- a/go.sum
+++ b/go.sum
@@ -123,8 +123,8 @@ github.com/gbrlsnchs/jwt/v3 v3.0.1 h1:lbUmgAKpxnClrKloyIwpxm4OuWeDl5wLk52G91ODPw
 github.com/gbrlsnchs/jwt/v3 v3.0.1/go.mod h1:AncDcjXz18xetI3A6STfXq2w+LuTx8pQ8bGEwRN8zVM=
 github.com/gin-contrib/sse v1.0.0 h1:y3bT1mUWUxDpW4JLQg/HnTqV4rozuW4tC9eFKTxYI9E=
 github.com/gin-contrib/sse v1.0.0/go.mod h1:zNuFdwarAygJBht0NTKiSi3jRf6RbqeILZ9Sp6Slhe0=
-github.com/gin-gonic/gin v1.10.0 h1:nTuyha1TYqgedzytsKYqna+DfLos46nTv2ygFy86HFU=
-github.com/gin-gonic/gin v1.10.0/go.mod h1:4PMNQiOhvDRa013RKVbsiNwoyezlm2rm0uX/T7kzp5Y=
+github.com/gin-gonic/gin v1.10.1 h1:T0ujvqyCSqRopADpgPgiTT63DUQVSfojyME59Ei63pQ=
+github.com/gin-gonic/gin v1.10.1/go.mod h1:4PMNQiOhvDRa013RKVbsiNwoyezlm2rm0uX/T7kzp5Y=
 github.com/glebarez/go-sqlite v1.22.0 h1:uAcMJhaA6r3LHMTFgP0SifzgXg46yJkgxqyuyec+ruQ=
 github.com/glebarez/go-sqlite v1.22.0/go.mod h1:PlBIdHe0+aUEFn+r2/uthrWq4FxbzugL0L8Li6yQJbc=
 github.com/glebarez/sqlite v1.11.0 h1:wSG0irqzP6VurnMEpFGer5Li19RpIRi2qvQz++w0GMw=