From 9c31e213ca6592bde5656bc1d497166fdcae52c5 Mon Sep 17 00:00:00 2001
From: kim <89579420+NyaaaWhatsUpDoc@users.noreply.github.com>
Date: Mon, 31 Mar 2025 18:58:09 +0000
Subject: [PATCH 01/15] add a security.md stub, until (if) we determine a
 fancier security process :waves hands like a ghost: (#3955)

---
 SECURITY.md | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 SECURITY.md

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 000000000..39e425bfe
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1 @@
+Please email security issues to: admin@gotosocial.org

From fdf23a91de791b813f65c244fd75e3262171f1b0 Mon Sep 17 00:00:00 2001
From: kim <89579420+NyaaaWhatsUpDoc@users.noreply.github.com>
Date: Tue, 1 Apr 2025 15:24:11 +0000
Subject: [PATCH 02/15] update modernc.org/sqlite to
 v1.37.0-concurrrency-workaround (#3958)

---
 go.mod                                        |   12 +-
 go.sum                                        |   36 +-
 vendor/golang.org/x/exp/LICENSE               |    4 +-
 .../x/exp/constraints/constraints.go          |   10 +-
 .../x/tools/go/ast/astutil/rewrite.go         |    2 +-
 .../golang.org/x/tools/go/ast/astutil/util.go |    2 +
 .../x/tools/go/packages/packages.go           |   12 +-
 .../x/tools/go/types/typeutil/map.go          |    9 +-
 .../x/tools/internal/event/keys/keys.go       |    6 +-
 .../x/tools/internal/event/label/label.go     |    6 +-
 .../x/tools/internal/gcimporter/bimport.go    |    2 +-
 .../x/tools/internal/gcimporter/iexport.go    |    6 +-
 .../x/tools/internal/gcimporter/iimport.go    |    2 +-
 .../tools/internal/gcimporter/ureader_yes.go  |    2 +-
 .../x/tools/internal/gopathwalk/walk.go       |    4 +-
 .../x/tools/internal/imports/fix.go           |    4 +-
 .../internal/packagesinternal/packages.go     |    2 +-
 .../x/tools/internal/stdlib/deps.go           |  359 +
 .../x/tools/internal/stdlib/import.go         |   89 +
 .../x/tools/internal/stdlib/manifest.go       |   20 +-
 .../x/tools/internal/stdlib/stdlib.go         |    2 +-
 .../x/tools/internal/typeparams/normalize.go  |    2 +-
 .../x/tools/internal/typesinternal/types.go   |    6 +-
 vendor/modernc.org/libc/CONTRIBUTORS          |    3 +-
 vendor/modernc.org/libc/build_all_targets.sh  |    2 +-
 vendor/modernc.org/libc/ccgo_linux_arm64.go   |  212 +-
 vendor/modernc.org/libc/ccgo_linux_loong64.go |    7 +-
 vendor/modernc.org/libc/etc.go                |   26 -
 vendor/modernc.org/libc/libc_all.go           |   18 +
 vendor/modernc.org/libc/libc_musl.go          |   23 -
 vendor/modernc.org/libc/mem.go                |   19 +
 vendor/modernc.org/libc/mem_brk.go            |   11 +
 vendor/modernc.org/libc/mem_brk_musl.go       |   11 +
 vendor/modernc.org/libc/mem_expvar.go         |   12 +
 vendor/modernc.org/libc/mem_musl.go           |   19 +
 vendor/modernc.org/libc/memgrind.go           |   11 +
 vendor/modernc.org/libc/memgrind_musl.go      |   11 +
 vendor/modernc.org/libc/musl_linux_amd64.go   | 7205 -----------------
 vendor/modernc.org/libc/pthread_musl.go       |  131 +-
 vendor/modernc.org/memory/LICENSE-LOGO        |    1 +
 vendor/modernc.org/memory/Makefile            |   29 +
 vendor/modernc.org/memory/README.md           |    4 +-
 vendor/modernc.org/memory/logo.png            |  Bin 0 -> 11369 bytes
 vendor/modernc.org/memory/memory.go           |   20 +-
 vendor/modernc.org/memory/mmap_darwin.go      |   19 -
 vendor/modernc.org/memory/mmap_freebsd_32.go  |   22 -
 vendor/modernc.org/memory/mmap_freebsd_64.go  |   22 -
 .../modernc.org/memory/mmap_illumos_amd64.go  |   91 -
 vendor/modernc.org/memory/mmap_linux_32.go    |   35 -
 vendor/modernc.org/memory/mmap_linux_64.go    |   26 -
 vendor/modernc.org/memory/mmap_linux_s390x.go |   23 -
 vendor/modernc.org/memory/mmap_netbsd_32.go   |   22 -
 vendor/modernc.org/memory/mmap_netbsd_64.go   |   22 -
 vendor/modernc.org/memory/mmap_openbsd.go     |   97 -
 vendor/modernc.org/memory/mmap_unix.go        |   22 +-
 vendor/modernc.org/memory/mmap_windows.go     |    2 +-
 vendor/modernc.org/sqlite/Makefile            |    4 +-
 vendor/modernc.org/sqlite/lib/mutex.go        |  249 +-
 .../sqlite/lib/sqlite_freebsd_386.go          |    4 +-
 .../sqlite/lib/sqlite_freebsd_arm.go          |    4 +-
 .../sqlite/lib/sqlite_linux_arm64.go          |  220 +-
 .../sqlite/lib/sqlite_openbsd_amd64.go        |    4 +-
 .../sqlite/lib/sqlite_openbsd_arm64.go        |    4 +-
 vendor/modules.txt                            |   24 +-
 64 files changed, 1070 insertions(+), 8220 deletions(-)
 create mode 100644 vendor/golang.org/x/tools/internal/stdlib/deps.go
 create mode 100644 vendor/golang.org/x/tools/internal/stdlib/import.go
 create mode 100644 vendor/modernc.org/libc/mem_expvar.go
 delete mode 100644 vendor/modernc.org/libc/musl_linux_amd64.go
 create mode 100644 vendor/modernc.org/memory/LICENSE-LOGO
 create mode 100644 vendor/modernc.org/memory/logo.png
 delete mode 100644 vendor/modernc.org/memory/mmap_darwin.go
 delete mode 100644 vendor/modernc.org/memory/mmap_freebsd_32.go
 delete mode 100644 vendor/modernc.org/memory/mmap_freebsd_64.go
 delete mode 100644 vendor/modernc.org/memory/mmap_illumos_amd64.go
 delete mode 100644 vendor/modernc.org/memory/mmap_linux_32.go
 delete mode 100644 vendor/modernc.org/memory/mmap_linux_64.go
 delete mode 100644 vendor/modernc.org/memory/mmap_linux_s390x.go
 delete mode 100644 vendor/modernc.org/memory/mmap_netbsd_32.go
 delete mode 100644 vendor/modernc.org/memory/mmap_netbsd_64.go
 delete mode 100644 vendor/modernc.org/memory/mmap_openbsd.go

diff --git a/go.mod b/go.mod
index 51d5954a6..93799e7cc 100644
--- a/go.mod
+++ b/go.mod
@@ -8,7 +8,7 @@ toolchain go1.23.3
 replace github.com/go-swagger/go-swagger => codeberg.org/superseriousbusiness/go-swagger v0.31.0-gts-go1.23-fix
 
 // Replace modernc/sqlite with our version that fixes the concurrency INTERRUPT issue
-replace modernc.org/sqlite => gitlab.com/NyaaaWhatsUpDoc/sqlite v1.36.2-concurrency-workaround
+replace modernc.org/sqlite => gitlab.com/NyaaaWhatsUpDoc/sqlite v1.37.0-concurrency-workaround
 
 require (
 	codeberg.org/gruf/go-bytes v1.0.2
@@ -211,16 +211,16 @@ require (
 	go.opentelemetry.io/proto/otlp v1.5.0 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
 	golang.org/x/arch v0.13.0 // indirect
-	golang.org/x/exp v0.0.0-20240222234643-814bf88cf225 // indirect
-	golang.org/x/mod v0.23.0 // indirect
+	golang.org/x/exp v0.0.0-20250305212735-054e65f0b394 // indirect
+	golang.org/x/mod v0.24.0 // indirect
 	golang.org/x/sync v0.12.0 // indirect
-	golang.org/x/tools v0.30.0 // indirect
+	golang.org/x/tools v0.31.0 // indirect
 	google.golang.org/genproto/googleapis/api v0.0.0-20250218202821-56aae31c358a // indirect
 	google.golang.org/genproto/googleapis/rpc v0.0.0-20250218202821-56aae31c358a // indirect
 	google.golang.org/grpc v1.71.0 // indirect
 	google.golang.org/protobuf v1.36.5 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
-	modernc.org/libc v1.61.13 // indirect
+	modernc.org/libc v1.62.1 // indirect
 	modernc.org/mathutil v1.7.1 // indirect
-	modernc.org/memory v1.8.2 // indirect
+	modernc.org/memory v1.9.1 // indirect
 )
diff --git a/go.sum b/go.sum
index 18e1f2f4a..4f38aa932 100644
--- a/go.sum
+++ b/go.sum
@@ -483,8 +483,8 @@ github.com/yudai/golcs v0.0.0-20170316035057-ecda9a501e82/go.mod h1:lgjkn3NuSvDf
 github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
 github.com/yuin/goldmark v1.7.8 h1:iERMLn0/QJeHFhxSt3p6PeN9mGnvIKSpG9YYorDMnic=
 github.com/yuin/goldmark v1.7.8/go.mod h1:uzxRWxtg69N339t3louHJ7+O03ezfj6PlliRlaOzY1E=
-gitlab.com/NyaaaWhatsUpDoc/sqlite v1.36.2-concurrency-workaround h1:1NAPhEPvJJbD+qwXi+IWtfvntCZRWF9frtqeQLtf+TE=
-gitlab.com/NyaaaWhatsUpDoc/sqlite v1.36.2-concurrency-workaround/go.mod h1:ADySlx7K4FdY5MaJcEv86hTJ0PjedAloTUuif0YS3ws=
+gitlab.com/NyaaaWhatsUpDoc/sqlite v1.37.0-concurrency-workaround h1:QbfrBqNKgAFSSK89fYf547vxDQuz8p6iJUzzAMrusNk=
+gitlab.com/NyaaaWhatsUpDoc/sqlite v1.37.0-concurrency-workaround/go.mod h1:5YiWv+YviqGMuGw4V+PNplcyaJ5v+vQd7TQOgkACoJM=
 go.mongodb.org/mongo-driver v1.14.0 h1:P98w8egYRjYe3XDjxhYJagTokP/H6HzlsnojRgZRd80=
 go.mongodb.org/mongo-driver v1.14.0/go.mod h1:Vzb0Mk/pa7e6cWw85R4F/endUC3u0U9jGcNU603k65c=
 go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJySYA=
@@ -527,8 +527,8 @@ golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v
 golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk=
 golang.org/x/crypto v0.36.0 h1:AnAEvhDddvBdpY+uR+MyHmuZzzNqXSe/GvuDeob5L34=
 golang.org/x/crypto v0.36.0/go.mod h1:Y4J0ReaxCR1IMaabaSMugxJES1EpwhBHhv2bDHklZvc=
-golang.org/x/exp v0.0.0-20240222234643-814bf88cf225 h1:LfspQV/FYTatPTr/3HzIcmiUFH7PGP+OQ6mgDYo3yuQ=
-golang.org/x/exp v0.0.0-20240222234643-814bf88cf225/go.mod h1:CxmFvTBINI24O/j8iY7H1xHzx2i4OsyguNBmN/uPtqc=
+golang.org/x/exp v0.0.0-20250305212735-054e65f0b394 h1:nDVHiLt8aIbd/VzvPWN6kSOPE7+F/fNFDSXLVYkE/Iw=
+golang.org/x/exp v0.0.0-20250305212735-054e65f0b394/go.mod h1:sIifuuw/Yco/y6yb6+bDNfyeQ/MdPUy/hKEMYQV17cM=
 golang.org/x/image v0.24.0 h1:AN7zRgVsbvmTfNyqIbbOraYL8mSwcKncEj8ofjgzcMQ=
 golang.org/x/image v0.24.0/go.mod h1:4b/ITuLfqYq1hqZcjofwctIhi7sZh2WaCjvsBNjjya8=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
@@ -536,8 +536,8 @@ golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/mod v0.15.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
 golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
-golang.org/x/mod v0.23.0 h1:Zb7khfcRGKk+kqfxFaP5tZqCnDZMjC5VtUBs87Hr6QM=
-golang.org/x/mod v0.23.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY=
+golang.org/x/mod v0.24.0 h1:ZfthKaKaT4NrhGVZHO1/WDTwGES4De8KtWO0SIbNJMU=
+golang.org/x/mod v0.24.0/go.mod h1:IXM97Txy2VM4PJ3gI61r1YEk/gAj6zAHN3AdZt6S9Ww=
 golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
@@ -616,8 +616,8 @@ golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc
 golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
 golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58=
 golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk=
-golang.org/x/tools v0.30.0 h1:BgcpHewrV5AUp2G9MebG4XPFI1E2W41zU1SaqVA9vJY=
-golang.org/x/tools v0.30.0/go.mod h1:c347cR/OJfw5TI+GfX7RUPNMdDRRbjvYTS0jPyvsVtY=
+golang.org/x/tools v0.31.0 h1:0EedkvKDbh+qistFTd0Bcwe/YLh4vHwWEkiI0toFIBU=
+golang.org/x/tools v0.31.0/go.mod h1:naFTU+Cev749tSJRXJlna0T3WxKvb1kWEx15xA4SdmQ=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 google.golang.org/genproto/googleapis/api v0.0.0-20250218202821-56aae31c358a h1:nwKuGPlUAt+aR+pcrkfFRrTU1BVrSmYyYMxYbUIVHr0=
 google.golang.org/genproto/googleapis/api v0.0.0-20250218202821-56aae31c358a/go.mod h1:3kWAYMk1I75K4vykHtKt2ycnOgpA6974V7bREqbsenU=
@@ -640,20 +640,20 @@ gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-modernc.org/cc/v4 v4.24.4 h1:TFkx1s6dCkQpd6dKurBNmpo+G8Zl4Sq/ztJ+2+DEsh0=
-modernc.org/cc/v4 v4.24.4/go.mod h1:uVtb5OGqUKpoLWhqwNQo/8LwvoiEBLvZXIQ/SmO6mL0=
-modernc.org/ccgo/v4 v4.23.16 h1:Z2N+kk38b7SfySC1ZkpGLN2vthNJP1+ZzGZIlH7uBxo=
-modernc.org/ccgo/v4 v4.23.16/go.mod h1:nNma8goMTY7aQZQNTyN9AIoJfxav4nvTnvKThAeMDdo=
+modernc.org/cc/v4 v4.25.2 h1:T2oH7sZdGvTaie0BRNFbIYsabzCxUQg8nLqCdQ2i0ic=
+modernc.org/cc/v4 v4.25.2/go.mod h1:uVtb5OGqUKpoLWhqwNQo/8LwvoiEBLvZXIQ/SmO6mL0=
+modernc.org/ccgo/v4 v4.25.1 h1:TFSzPrAGmDsdnhT9X2UrcPMI3N/mJ9/X9ykKXwLhDsU=
+modernc.org/ccgo/v4 v4.25.1/go.mod h1:njjuAYiPflywOOrm3B7kCB444ONP5pAVr8PIEoE0uDw=
 modernc.org/fileutil v1.3.0 h1:gQ5SIzK3H9kdfai/5x41oQiKValumqNTDXMvKo62HvE=
 modernc.org/fileutil v1.3.0/go.mod h1:XatxS8fZi3pS8/hKG2GH/ArUogfxjpEKs3Ku3aK4JyQ=
-modernc.org/gc/v2 v2.6.3 h1:aJVhcqAte49LF+mGveZ5KPlsp4tdGdAOT4sipJXADjw=
-modernc.org/gc/v2 v2.6.3/go.mod h1:YgIahr1ypgfe7chRuJi2gD7DBQiKSLMPgBQe9oIiito=
-modernc.org/libc v1.61.13 h1:3LRd6ZO1ezsFiX1y+bHd1ipyEHIJKvuprv0sLTBwLW8=
-modernc.org/libc v1.61.13/go.mod h1:8F/uJWL/3nNil0Lgt1Dpz+GgkApWh04N3el3hxJcA6E=
+modernc.org/gc/v2 v2.6.5 h1:nyqdV8q46KvTpZlsw66kWqwXRHdjIlJOhG6kxiV/9xI=
+modernc.org/gc/v2 v2.6.5/go.mod h1:YgIahr1ypgfe7chRuJi2gD7DBQiKSLMPgBQe9oIiito=
+modernc.org/libc v1.62.1 h1:s0+fv5E3FymN8eJVmnk0llBe6rOxCu/DEU+XygRbS8s=
+modernc.org/libc v1.62.1/go.mod h1:iXhATfJQLjG3NWy56a6WVU73lWOcdYVxsvwCgoPljuo=
 modernc.org/mathutil v1.7.1 h1:GCZVGXdaN8gTqB1Mf/usp1Y/hSqgI2vAGGP4jZMCxOU=
 modernc.org/mathutil v1.7.1/go.mod h1:4p5IwJITfppl0G4sUEDtCr4DthTaT47/N3aT6MhfgJg=
-modernc.org/memory v1.8.2 h1:cL9L4bcoAObu4NkxOlKWBWtNHIsnnACGF/TbqQ6sbcI=
-modernc.org/memory v1.8.2/go.mod h1:ZbjSvMO5NQ1A2i3bWeDiVMxIorXwdClKE/0SZ+BMotU=
+modernc.org/memory v1.9.1 h1:V/Z1solwAVmMW1yttq3nDdZPJqV1rM05Ccq6KMSZ34g=
+modernc.org/memory v1.9.1/go.mod h1:/JP4VbVC+K5sU2wZi9bHoq2MAkCnrt2r98UGeSK7Mjw=
 modernc.org/opt v0.1.4 h1:2kNGMRiUjrp4LcaPuLY2PzUfqM/w9N23quVwhKt5Qm8=
 modernc.org/opt v0.1.4/go.mod h1:03fq9lsNfvkYSfxrfUhZCWPk1lm4cq4N+Bh//bEtgns=
 modernc.org/sortutil v1.2.1 h1:+xyoGf15mM3NMlPDnFqrteY07klSFxLElE2PVuWIJ7w=
diff --git a/vendor/golang.org/x/exp/LICENSE b/vendor/golang.org/x/exp/LICENSE
index 6a66aea5e..2a7cf70da 100644
--- a/vendor/golang.org/x/exp/LICENSE
+++ b/vendor/golang.org/x/exp/LICENSE
@@ -1,4 +1,4 @@
-Copyright (c) 2009 The Go Authors. All rights reserved.
+Copyright 2009 The Go Authors.
 
 Redistribution and use in source and binary forms, with or without
 modification, are permitted provided that the following conditions are
@@ -10,7 +10,7 @@ notice, this list of conditions and the following disclaimer.
 copyright notice, this list of conditions and the following disclaimer
 in the documentation and/or other materials provided with the
 distribution.
-   * Neither the name of Google Inc. nor the names of its
+   * Neither the name of Google LLC nor the names of its
 contributors may be used to endorse or promote products derived from
 this software without specific prior written permission.
 
diff --git a/vendor/golang.org/x/exp/constraints/constraints.go b/vendor/golang.org/x/exp/constraints/constraints.go
index 2c033dff4..9d260bab1 100644
--- a/vendor/golang.org/x/exp/constraints/constraints.go
+++ b/vendor/golang.org/x/exp/constraints/constraints.go
@@ -6,6 +6,8 @@
 // with type parameters.
 package constraints
 
+import "cmp"
+
 // Signed is a constraint that permits any signed integer type.
 // If future releases of Go add new predeclared signed integer types,
 // this constraint will be modified to include them.
@@ -45,6 +47,8 @@ type Complex interface {
 // that supports the operators < <= >= >.
 // If future releases of Go add new ordered types,
 // this constraint will be modified to include them.
-type Ordered interface {
-	Integer | Float | ~string
-}
+//
+// This type is redundant since Go 1.21 introduced [cmp.Ordered].
+//
+//go:fix inline
+type Ordered = cmp.Ordered
diff --git a/vendor/golang.org/x/tools/go/ast/astutil/rewrite.go b/vendor/golang.org/x/tools/go/ast/astutil/rewrite.go
index 58934f766..5c8dbbb7a 100644
--- a/vendor/golang.org/x/tools/go/ast/astutil/rewrite.go
+++ b/vendor/golang.org/x/tools/go/ast/astutil/rewrite.go
@@ -183,7 +183,7 @@ type application struct {
 
 func (a *application) apply(parent ast.Node, name string, iter *iterator, n ast.Node) {
 	// convert typed nil into untyped nil
-	if v := reflect.ValueOf(n); v.Kind() == reflect.Ptr && v.IsNil() {
+	if v := reflect.ValueOf(n); v.Kind() == reflect.Pointer && v.IsNil() {
 		n = nil
 	}
 
diff --git a/vendor/golang.org/x/tools/go/ast/astutil/util.go b/vendor/golang.org/x/tools/go/ast/astutil/util.go
index ca71e3e10..c820b2084 100644
--- a/vendor/golang.org/x/tools/go/ast/astutil/util.go
+++ b/vendor/golang.org/x/tools/go/ast/astutil/util.go
@@ -8,4 +8,6 @@ import "go/ast"
 
 // Unparen returns e with any enclosing parentheses stripped.
 // Deprecated: use [ast.Unparen].
+//
+//go:fix inline
 func Unparen(e ast.Expr) ast.Expr { return ast.Unparen(e) }
diff --git a/vendor/golang.org/x/tools/go/packages/packages.go b/vendor/golang.org/x/tools/go/packages/packages.go
index c3a59b8eb..6665a04c1 100644
--- a/vendor/golang.org/x/tools/go/packages/packages.go
+++ b/vendor/golang.org/x/tools/go/packages/packages.go
@@ -141,6 +141,8 @@ const (
 	LoadAllSyntax = LoadSyntax | NeedDeps
 
 	// Deprecated: NeedExportsFile is a historical misspelling of NeedExportFile.
+	//
+	//go:fix inline
 	NeedExportsFile = NeedExportFile
 )
 
@@ -161,7 +163,7 @@ type Config struct {
 	// If the user provides a logger, debug logging is enabled.
 	// If the GOPACKAGESDEBUG environment variable is set to true,
 	// but the logger is nil, default to log.Printf.
-	Logf func(format string, args ...interface{})
+	Logf func(format string, args ...any)
 
 	// Dir is the directory in which to run the build system's query tool
 	// that provides information about the packages.
@@ -564,13 +566,13 @@ type ModuleError struct {
 }
 
 func init() {
-	packagesinternal.GetDepsErrors = func(p interface{}) []*packagesinternal.PackageError {
+	packagesinternal.GetDepsErrors = func(p any) []*packagesinternal.PackageError {
 		return p.(*Package).depsErrors
 	}
-	packagesinternal.SetModFile = func(config interface{}, value string) {
+	packagesinternal.SetModFile = func(config any, value string) {
 		config.(*Config).modFile = value
 	}
-	packagesinternal.SetModFlag = func(config interface{}, value string) {
+	packagesinternal.SetModFlag = func(config any, value string) {
 		config.(*Config).modFlag = value
 	}
 	packagesinternal.TypecheckCgo = int(typecheckCgo)
@@ -739,7 +741,7 @@ func newLoader(cfg *Config) *loader {
 		if debug {
 			ld.Config.Logf = log.Printf
 		} else {
-			ld.Config.Logf = func(format string, args ...interface{}) {}
+			ld.Config.Logf = func(format string, args ...any) {}
 		}
 	}
 	if ld.Config.Mode == 0 {
diff --git a/vendor/golang.org/x/tools/go/types/typeutil/map.go b/vendor/golang.org/x/tools/go/types/typeutil/map.go
index 43261147c..b6d542c64 100644
--- a/vendor/golang.org/x/tools/go/types/typeutil/map.go
+++ b/vendor/golang.org/x/tools/go/types/typeutil/map.go
@@ -389,8 +389,13 @@ func (hasher) hashTypeName(tname *types.TypeName) uint32 {
 	// path, and whether or not it is a package-level typename. It
 	// is rare for a package to define multiple local types with
 	// the same name.)
-	hash := uintptr(unsafe.Pointer(tname))
-	return uint32(hash ^ (hash >> 32))
+	ptr := uintptr(unsafe.Pointer(tname))
+	if unsafe.Sizeof(ptr) == 8 {
+		hash := uint64(ptr)
+		return uint32(hash ^ (hash >> 32))
+	} else {
+		return uint32(ptr)
+	}
 }
 
 // shallowHash computes a hash of t without looking at any of its
diff --git a/vendor/golang.org/x/tools/internal/event/keys/keys.go b/vendor/golang.org/x/tools/internal/event/keys/keys.go
index a02206e30..4cfa51b61 100644
--- a/vendor/golang.org/x/tools/internal/event/keys/keys.go
+++ b/vendor/golang.org/x/tools/internal/event/keys/keys.go
@@ -32,7 +32,7 @@ func (k *Value) Format(w io.Writer, buf []byte, l label.Label) {
 }
 
 // Get can be used to get a label for the key from a label.Map.
-func (k *Value) Get(lm label.Map) interface{} {
+func (k *Value) Get(lm label.Map) any {
 	if t := lm.Find(k); t.Valid() {
 		return k.From(t)
 	}
@@ -40,10 +40,10 @@ func (k *Value) Get(lm label.Map) interface{} {
 }
 
 // From can be used to get a value from a Label.
-func (k *Value) From(t label.Label) interface{} { return t.UnpackValue() }
+func (k *Value) From(t label.Label) any { return t.UnpackValue() }
 
 // Of creates a new Label with this key and the supplied value.
-func (k *Value) Of(value interface{}) label.Label { return label.OfValue(k, value) }
+func (k *Value) Of(value any) label.Label { return label.OfValue(k, value) }
 
 // Tag represents a key for tagging labels that have no value.
 // These are used when the existence of the label is the entire information it
diff --git a/vendor/golang.org/x/tools/internal/event/label/label.go b/vendor/golang.org/x/tools/internal/event/label/label.go
index 0f526e1f9..7c00ca2a6 100644
--- a/vendor/golang.org/x/tools/internal/event/label/label.go
+++ b/vendor/golang.org/x/tools/internal/event/label/label.go
@@ -32,7 +32,7 @@ type Key interface {
 type Label struct {
 	key     Key
 	packed  uint64
-	untyped interface{}
+	untyped any
 }
 
 // Map is the interface to a collection of Labels indexed by key.
@@ -76,13 +76,13 @@ type mapChain struct {
 // OfValue creates a new label from the key and value.
 // This method is for implementing new key types, label creation should
 // normally be done with the Of method of the key.
-func OfValue(k Key, value interface{}) Label { return Label{key: k, untyped: value} }
+func OfValue(k Key, value any) Label { return Label{key: k, untyped: value} }
 
 // UnpackValue assumes the label was built using LabelOfValue and returns the value
 // that was passed to that constructor.
 // This method is for implementing new key types, for type safety normal
 // access should be done with the From method of the key.
-func (t Label) UnpackValue() interface{} { return t.untyped }
+func (t Label) UnpackValue() any { return t.untyped }
 
 // Of64 creates a new label from a key and a uint64. This is often
 // used for non uint64 values that can be packed into a uint64.
diff --git a/vendor/golang.org/x/tools/internal/gcimporter/bimport.go b/vendor/golang.org/x/tools/internal/gcimporter/bimport.go
index d79a605ed..734c46198 100644
--- a/vendor/golang.org/x/tools/internal/gcimporter/bimport.go
+++ b/vendor/golang.org/x/tools/internal/gcimporter/bimport.go
@@ -14,7 +14,7 @@ import (
 	"sync"
 )
 
-func errorf(format string, args ...interface{}) {
+func errorf(format string, args ...any) {
 	panic(fmt.Sprintf(format, args...))
 }
 
diff --git a/vendor/golang.org/x/tools/internal/gcimporter/iexport.go b/vendor/golang.org/x/tools/internal/gcimporter/iexport.go
index 7dfc31a37..253d6493c 100644
--- a/vendor/golang.org/x/tools/internal/gcimporter/iexport.go
+++ b/vendor/golang.org/x/tools/internal/gcimporter/iexport.go
@@ -310,7 +310,7 @@ func IImportShallow(fset *token.FileSet, getPackages GetPackagesFunc, data []byt
 }
 
 // ReportFunc is the type of a function used to report formatted bugs.
-type ReportFunc = func(string, ...interface{})
+type ReportFunc = func(string, ...any)
 
 // Current bundled export format version. Increase with each format change.
 // 0: initial implementation
@@ -597,7 +597,7 @@ type filePositions struct {
 	needed []uint64 // unordered list of needed file offsets
 }
 
-func (p *iexporter) trace(format string, args ...interface{}) {
+func (p *iexporter) trace(format string, args ...any) {
 	if !trace {
 		// Call sites should also be guarded, but having this check here allows
 		// easily enabling/disabling debug trace statements.
@@ -1583,6 +1583,6 @@ func (e internalError) Error() string { return "gcimporter: " + string(e) }
 // "internalErrorf" as the former is used for bugs, whose cause is
 // internal inconsistency, whereas the latter is used for ordinary
 // situations like bad input, whose cause is external.
-func internalErrorf(format string, args ...interface{}) error {
+func internalErrorf(format string, args ...any) error {
 	return internalError(fmt.Sprintf(format, args...))
 }
diff --git a/vendor/golang.org/x/tools/internal/gcimporter/iimport.go b/vendor/golang.org/x/tools/internal/gcimporter/iimport.go
index 129439271..bc6c9741e 100644
--- a/vendor/golang.org/x/tools/internal/gcimporter/iimport.go
+++ b/vendor/golang.org/x/tools/internal/gcimporter/iimport.go
@@ -400,7 +400,7 @@ type iimporter struct {
 	indent int // for tracing support
 }
 
-func (p *iimporter) trace(format string, args ...interface{}) {
+func (p *iimporter) trace(format string, args ...any) {
 	if !trace {
 		// Call sites should also be guarded, but having this check here allows
 		// easily enabling/disabling debug trace statements.
diff --git a/vendor/golang.org/x/tools/internal/gcimporter/ureader_yes.go b/vendor/golang.org/x/tools/internal/gcimporter/ureader_yes.go
index 522287d18..37b4a39e9 100644
--- a/vendor/golang.org/x/tools/internal/gcimporter/ureader_yes.go
+++ b/vendor/golang.org/x/tools/internal/gcimporter/ureader_yes.go
@@ -574,7 +574,7 @@ func (pr *pkgReader) objIdx(idx pkgbits.Index) (*types.Package, string) {
 
 						recv := types.NewVar(fn.Pos(), fn.Pkg(), "", named)
 						typesinternal.SetVarKind(recv, typesinternal.RecvVar)
-						methods[i] = types.NewFunc(fn.Pos(), fn.Pkg(), fn.Name(), types.NewSignature(recv, sig.Params(), sig.Results(), sig.Variadic()))
+						methods[i] = types.NewFunc(fn.Pos(), fn.Pkg(), fn.Name(), types.NewSignatureType(recv, nil, nil, sig.Params(), sig.Results(), sig.Variadic()))
 					}
 
 					embeds := make([]types.Type, iface.NumEmbeddeds())
diff --git a/vendor/golang.org/x/tools/internal/gopathwalk/walk.go b/vendor/golang.org/x/tools/internal/gopathwalk/walk.go
index 836151551..984b79c2a 100644
--- a/vendor/golang.org/x/tools/internal/gopathwalk/walk.go
+++ b/vendor/golang.org/x/tools/internal/gopathwalk/walk.go
@@ -22,7 +22,7 @@ import (
 // Options controls the behavior of a Walk call.
 type Options struct {
 	// If Logf is non-nil, debug logging is enabled through this function.
-	Logf func(format string, args ...interface{})
+	Logf func(format string, args ...any)
 
 	// Search module caches. Also disables legacy goimports ignore rules.
 	ModulesEnabled bool
@@ -81,7 +81,7 @@ func WalkSkip(roots []Root, add func(root Root, dir string), skip func(root Root
 // walkDir creates a walker and starts fastwalk with this walker.
 func walkDir(root Root, add func(Root, string), skip func(root Root, dir string) bool, opts Options) {
 	if opts.Logf == nil {
-		opts.Logf = func(format string, args ...interface{}) {}
+		opts.Logf = func(format string, args ...any) {}
 	}
 	if _, err := os.Stat(root.Path); os.IsNotExist(err) {
 		opts.Logf("skipping nonexistent directory: %v", root.Path)
diff --git a/vendor/golang.org/x/tools/internal/imports/fix.go b/vendor/golang.org/x/tools/internal/imports/fix.go
index bf6b0aadd..737a9bfae 100644
--- a/vendor/golang.org/x/tools/internal/imports/fix.go
+++ b/vendor/golang.org/x/tools/internal/imports/fix.go
@@ -559,7 +559,7 @@ func fixImportsDefault(fset *token.FileSet, f *ast.File, filename string, env *P
 		return err
 	}
 	apply(fset, f, fixes)
-	return err
+	return nil
 }
 
 // getFixes gets the import fixes that need to be made to f in order to fix the imports.
@@ -1030,7 +1030,7 @@ func (e *ProcessEnv) GetResolver() (Resolver, error) {
 		//
 		// For gopls, we can optionally explicitly choose a resolver type, since we
 		// already know the view type.
-		if len(e.Env["GOMOD"]) == 0 && len(e.Env["GOWORK"]) == 0 {
+		if e.Env["GOMOD"] == "" && (e.Env["GOWORK"] == "" || e.Env["GOWORK"] == "off") {
 			e.resolver = newGopathResolver(e)
 			e.logf("created gopath resolver")
 		} else if r, err := newModuleResolver(e, e.ModCache); err != nil {
diff --git a/vendor/golang.org/x/tools/internal/packagesinternal/packages.go b/vendor/golang.org/x/tools/internal/packagesinternal/packages.go
index 784605914..25ebab663 100644
--- a/vendor/golang.org/x/tools/internal/packagesinternal/packages.go
+++ b/vendor/golang.org/x/tools/internal/packagesinternal/packages.go
@@ -17,4 +17,4 @@ var TypecheckCgo int
 var DepsErrors int // must be set as a LoadMode to call GetDepsErrors
 
 var SetModFlag = func(config any, value string) {}
-var SetModFile = func(config interface{}, value string) {}
+var SetModFile = func(config any, value string) {}
diff --git a/vendor/golang.org/x/tools/internal/stdlib/deps.go b/vendor/golang.org/x/tools/internal/stdlib/deps.go
new file mode 100644
index 000000000..7cca431cd
--- /dev/null
+++ b/vendor/golang.org/x/tools/internal/stdlib/deps.go
@@ -0,0 +1,359 @@
+// Copyright 2025 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Code generated by generate.go. DO NOT EDIT.
+
+package stdlib
+
+type pkginfo struct {
+	name string
+	deps string // list of indices of dependencies, as varint-encoded deltas
+}
+
+var deps = [...]pkginfo{
+	{"archive/tar", "\x03k\x03E5\x01\v\x01#\x01\x01\x02\x05\t\x02\x01\x02\x02\v"},
+	{"archive/zip", "\x02\x04a\a\x16\x0205\x01+\x05\x01\x10\x03\x02\r\x04"},
+	{"bufio", "\x03k}E\x13"},
+	{"bytes", "n+R\x03\fG\x02\x02"},
+	{"cmp", ""},
+	{"compress/bzip2", "\x02\x02\xe7\x01B"},
+	{"compress/flate", "\x02l\x03z\r\x024\x01\x03"},
+	{"compress/gzip", "\x02\x04a\a\x03\x15eT"},
+	{"compress/lzw", "\x02l\x03z"},
+	{"compress/zlib", "\x02\x04a\a\x03\x13\x01f"},
+	{"container/heap", "\xae\x02"},
+	{"container/list", ""},
+	{"container/ring", ""},
+	{"context", "n\\h\x01\f"},
+	{"crypto", "\x84\x01gD"},
+	{"crypto/aes", "\x10\n\a\x8e\x02"},
+	{"crypto/cipher", "\x03\x1e\x01\x01\x1d\x11\x1d,Q"},
+	{"crypto/des", "\x10\x13\x1d.,\x95\x01\x03"},
+	{"crypto/dsa", "@\x04*}\x0e"},
+	{"crypto/ecdh", "\x03\v\f\x0e\x04\x14\x04\r\x1d}"},
+	{"crypto/ecdsa", "\x0e\x05\x03\x04\x01\x0e\x16\x01\x04\f\x01\x1d}\x0e\x04K\x01"},
+	{"crypto/ed25519", "\x0e\x1c\x16\n\a\x1d}D"},
+	{"crypto/elliptic", "0>}\x0e9"},
+	{"crypto/fips140", " \x05\x91\x01"},
+	{"crypto/hkdf", "-\x12\x01.\x16"},
+	{"crypto/hmac", "\x1a\x14\x11\x01\x113"},
+	{"crypto/internal/boring", "\x0e\x02\rg"},
+	{"crypto/internal/boring/bbig", "\x1a\xdf\x01L"},
+	{"crypto/internal/boring/bcache", "\xb3\x02\x12"},
+	{"crypto/internal/boring/sig", ""},
+	{"crypto/internal/cryptotest", "\x03\r\n)\x0e\x1a\x06\x13\x12#\a\t\x11\x11\x11\x1b\x01\f\f\x05\n"},
+	{"crypto/internal/entropy", "E"},
+	{"crypto/internal/fips140", ">0}9\f\x15"},
+	{"crypto/internal/fips140/aes", "\x03\x1d\x03\x02\x13\x04\x01\x01\x05+\x8c\x015"},
+	{"crypto/internal/fips140/aes/gcm", " \x01\x02\x02\x02\x11\x04\x01\x06+\x8a\x01"},
+	{"crypto/internal/fips140/alias", "\xc5\x02"},
+	{"crypto/internal/fips140/bigmod", "%\x17\x01\x06+\x8c\x01"},
+	{"crypto/internal/fips140/check", " \x0e\x06\b\x02\xad\x01Z"},
+	{"crypto/internal/fips140/check/checktest", "%\xff\x01!"},
+	{"crypto/internal/fips140/drbg", "\x03\x1c\x01\x01\x04\x13\x04\b\x01)}\x0f8"},
+	{"crypto/internal/fips140/ecdh", "\x03\x1d\x05\x02\t\f2}\x0f8"},
+	{"crypto/internal/fips140/ecdsa", "\x03\x1d\x04\x01\x02\a\x02\x068}G"},
+	{"crypto/internal/fips140/ed25519", "\x03\x1d\x05\x02\x04\v8\xc1\x01\x03"},
+	{"crypto/internal/fips140/edwards25519", "%\a\f\x042\x8c\x018"},
+	{"crypto/internal/fips140/edwards25519/field", "%\x13\x042\x8c\x01"},
+	{"crypto/internal/fips140/hkdf", "\x03\x1d\x05\t\x06:"},
+	{"crypto/internal/fips140/hmac", "\x03\x1d\x14\x01\x018"},
+	{"crypto/internal/fips140/mlkem", "\x03\x1d\x05\x02\x0e\x03\x042"},
+	{"crypto/internal/fips140/nistec", "%\f\a\x042\x8c\x01*\x0e\x13"},
+	{"crypto/internal/fips140/nistec/fiat", "%\x136\x8c\x01"},
+	{"crypto/internal/fips140/pbkdf2", "\x03\x1d\x05\t\x06:"},
+	{"crypto/internal/fips140/rsa", "\x03\x1d\x04\x01\x02\r\x01\x01\x026}G"},
+	{"crypto/internal/fips140/sha256", "\x03\x1d\x1c\x01\x06+\x8c\x01"},
+	{"crypto/internal/fips140/sha3", "\x03\x1d\x18\x04\x011\x8c\x01K"},
+	{"crypto/internal/fips140/sha512", "\x03\x1d\x1c\x01\x06+\x8c\x01"},
+	{"crypto/internal/fips140/ssh", " \x05"},
+	{"crypto/internal/fips140/subtle", "#\x19\xbe\x01"},
+	{"crypto/internal/fips140/tls12", "\x03\x1d\x05\t\x06\x028"},
+	{"crypto/internal/fips140/tls13", "\x03\x1d\x05\b\a\b2"},
+	{"crypto/internal/fips140deps", ""},
+	{"crypto/internal/fips140deps/byteorder", "\x9a\x01"},
+	{"crypto/internal/fips140deps/cpu", "\xae\x01\a"},
+	{"crypto/internal/fips140deps/godebug", "\xb6\x01"},
+	{"crypto/internal/fips140hash", "5\x1a5\xc1\x01"},
+	{"crypto/internal/fips140only", "'\r\x01\x01N25"},
+	{"crypto/internal/fips140test", ""},
+	{"crypto/internal/hpke", "\x0e\x01\x01\x03\x1a\x1d$,`M"},
+	{"crypto/internal/impl", "\xb0\x02"},
+	{"crypto/internal/randutil", "\xeb\x01\x12"},
+	{"crypto/internal/sysrand", "\xd7\x01@\x1b\x01\f\x06"},
+	{"crypto/internal/sysrand/internal/seccomp", "n"},
+	{"crypto/md5", "\x0e2.\x16\x16`"},
+	{"crypto/mlkem", "/"},
+	{"crypto/pbkdf2", "2\r\x01.\x16"},
+	{"crypto/rand", "\x1a\x06\a\x19\x04\x01)}\x0eL"},
+	{"crypto/rc4", "#\x1d.\xc1\x01"},
+	{"crypto/rsa", "\x0e\f\x01\t\x0f\f\x01\x04\x06\a\x1d\x03\x1325\r\x01"},
+	{"crypto/sha1", "\x0e\f&.\x16\x16\x14L"},
+	{"crypto/sha256", "\x0e\f\x1aP"},
+	{"crypto/sha3", "\x0e'O\xc1\x01"},
+	{"crypto/sha512", "\x0e\f\x1cN"},
+	{"crypto/subtle", "8\x98\x01T"},
+	{"crypto/tls", "\x03\b\x02\x01\x01\x01\x01\x02\x01\x01\x01\x03\x01\a\x01\v\x02\n\x01\b\x05\x03\x01\x01\x01\x01\x02\x01\x02\x01\x18\x02\x03\x13\x16\x14\b5\x16\x16\r\t\x01\x01\x01\x02\x01\f\x06\x02\x01"},
+	{"crypto/tls/internal/fips140tls", " \x93\x02"},
+	{"crypto/x509", "\x03\v\x01\x01\x01\x01\x01\x01\x01\x011\x03\x02\x01\x01\x02\x05\x01\x0e\x06\x02\x02\x03E5\x03\t\x01\x01\x01\a\x10\x05\t\x05\v\x01\x02\r\x02\x01\x01\x02\x03\x01"},
+	{"crypto/x509/internal/macos", "\x03k'\x8f\x01\v\x10\x06"},
+	{"crypto/x509/pkix", "d\x06\a\x88\x01F"},
+	{"database/sql", "\x03\nK\x16\x03z\f\x06\"\x05\t\x02\x03\x01\f\x02\x02\x02"},
+	{"database/sql/driver", "\ra\x03\xae\x01\x10\x10"},
+	{"debug/buildinfo", "\x03X\x02\x01\x01\b\a\x03`\x18\x02\x01+\x10\x1e"},
+	{"debug/dwarf", "\x03d\a\x03z1\x12\x01\x01"},
+	{"debug/elf", "\x03\x06Q\r\a\x03`\x19\x01,\x18\x01\x15"},
+	{"debug/gosym", "\x03d\n\xbd\x01\x01\x01\x02"},
+	{"debug/macho", "\x03\x06Q\r\n`\x1a,\x18\x01"},
+	{"debug/pe", "\x03\x06Q\r\a\x03`\x1a,\x18\x01\x15"},
+	{"debug/plan9obj", "g\a\x03`\x1a,"},
+	{"embed", "n+:\x18\x01S"},
+	{"embed/internal/embedtest", ""},
+	{"encoding", ""},
+	{"encoding/ascii85", "\xeb\x01D"},
+	{"encoding/asn1", "\x03k\x03\x87\x01\x01&\x0e\x02\x01\x0f\x03\x01"},
+	{"encoding/base32", "\xeb\x01B\x02"},
+	{"encoding/base64", "\x9a\x01QB\x02"},
+	{"encoding/binary", "n}\r'\x0e\x05"},
+	{"encoding/csv", "\x02\x01k\x03zE\x11\x02"},
+	{"encoding/gob", "\x02`\x05\a\x03`\x1a\f\x01\x02\x1d\b\x13\x01\x0e\x02"},
+	{"encoding/hex", "n\x03zB\x03"},
+	{"encoding/json", "\x03\x01^\x04\b\x03z\r'\x0e\x02\x01\x02\x0f\x01\x01\x02"},
+	{"encoding/pem", "\x03c\b}B\x03"},
+	{"encoding/xml", "\x02\x01_\f\x03z4\x05\v\x01\x02\x0f\x02"},
+	{"errors", "\xca\x01{"},
+	{"expvar", "kK9\t\n\x15\r\t\x02\x03\x01\x10"},
+	{"flag", "b\f\x03z,\b\x05\t\x02\x01\x0f"},
+	{"fmt", "nE8\r\x1f\b\x0e\x02\x03\x11"},
+	{"go/ast", "\x03\x01m\x0f\x01j\x03)\b\x0e\x02\x01"},
+	{"go/ast/internal/tests", ""},
+	{"go/build", "\x02\x01k\x03\x01\x03\x02\a\x02\x01\x17\x1e\x04\x02\t\x14\x12\x01+\x01\x04\x01\a\t\x02\x01\x11\x02\x02"},
+	{"go/build/constraint", "n\xc1\x01\x01\x11\x02"},
+	{"go/constant", "q\x10w\x01\x015\x01\x02\x11"},
+	{"go/doc", "\x04m\x01\x06\t=-1\x11\x02\x01\x11\x02"},
+	{"go/doc/comment", "\x03n\xbc\x01\x01\x01\x01\x11\x02"},
+	{"go/format", "\x03n\x01\f\x01\x02jE"},
+	{"go/importer", "t\a\x01\x01\x04\x01i9"},
+	{"go/internal/gccgoimporter", "\x02\x01X\x13\x03\x05\v\x01g\x02,\x01\x05\x12\x01\v\b"},
+	{"go/internal/gcimporter", "\x02o\x10\x01/\x05\x0e',\x16\x03\x02"},
+	{"go/internal/srcimporter", "q\x01\x02\n\x03\x01i,\x01\x05\x13\x02\x13"},
+	{"go/parser", "\x03k\x03\x01\x03\v\x01j\x01+\x06\x13"},
+	{"go/printer", "q\x01\x03\x03\tj\r\x1f\x16\x02\x01\x02\n\x05\x02"},
+	{"go/scanner", "\x03n\x10j2\x11\x01\x12\x02"},
+	{"go/token", "\x04m\xbc\x01\x02\x03\x01\x0e\x02"},
+	{"go/types", "\x03\x01\x06d\x03\x01\x04\b\x03\x02\x15\x1e\x06+\x04\x03\n%\a\t\x01\x01\x01\x02\x01\x0e\x02\x02"},
+	{"go/version", "\xbb\x01u"},
+	{"hash", "\xeb\x01"},
+	{"hash/adler32", "n\x16\x16"},
+	{"hash/crc32", "n\x16\x16\x14\x84\x01\x01"},
+	{"hash/crc64", "n\x16\x16\x98\x01"},
+	{"hash/fnv", "n\x16\x16`"},
+	{"hash/maphash", "\x95\x01\x05\x1b\x03@M"},
+	{"html", "\xb0\x02\x02\x11"},
+	{"html/template", "\x03h\x06\x19,5\x01\v \x05\x01\x02\x03\r\x01\x02\v\x01\x03\x02"},
+	{"image", "\x02l\x1f^\x0f5\x03\x01"},
+	{"image/color", ""},
+	{"image/color/palette", "\x8d\x01"},
+	{"image/draw", "\x8c\x01\x01\x04"},
+	{"image/gif", "\x02\x01\x05f\x03\x1b\x01\x01\x01\vQ"},
+	{"image/internal/imageutil", "\x8c\x01"},
+	{"image/jpeg", "\x02l\x1e\x01\x04Z"},
+	{"image/png", "\x02\a^\n\x13\x02\x06\x01^D"},
+	{"index/suffixarray", "\x03d\a}\r*\v\x01"},
+	{"internal/abi", "\xb5\x01\x90\x01"},
+	{"internal/asan", "\xc5\x02"},
+	{"internal/bisect", "\xa4\x02\x0e\x01"},
+	{"internal/buildcfg", "qG_\x06\x02\x05\v\x01"},
+	{"internal/bytealg", "\xae\x01\x97\x01"},
+	{"internal/byteorder", ""},
+	{"internal/cfg", ""},
+	{"internal/chacha8rand", "\x9a\x01\x1b\x90\x01"},
+	{"internal/copyright", ""},
+	{"internal/coverage", ""},
+	{"internal/coverage/calloc", ""},
+	{"internal/coverage/cfile", "k\x06\x17\x16\x01\x02\x01\x01\x01\x01\x01\x01\x01$\x01\x1e,\x06\a\v\x01\x03\f\x06"},
+	{"internal/coverage/cformat", "\x04m-\x04I\f6\x01\x02\f"},
+	{"internal/coverage/cmerge", "q-Z"},
+	{"internal/coverage/decodecounter", "g\n-\v\x02@,\x18\x16"},
+	{"internal/coverage/decodemeta", "\x02e\n\x17\x16\v\x02@,"},
+	{"internal/coverage/encodecounter", "\x02e\n-\f\x01\x02>\f \x16"},
+	{"internal/coverage/encodemeta", "\x02\x01d\n\x13\x04\x16\r\x02>,."},
+	{"internal/coverage/pods", "\x04m-y\x06\x05\v\x02\x01"},
+	{"internal/coverage/rtcov", "\xc5\x02"},
+	{"internal/coverage/slicereader", "g\nzZ"},
+	{"internal/coverage/slicewriter", "qz"},
+	{"internal/coverage/stringtab", "q8\x04>"},
+	{"internal/coverage/test", ""},
+	{"internal/coverage/uleb128", ""},
+	{"internal/cpu", "\xc5\x02"},
+	{"internal/dag", "\x04m\xbc\x01\x03"},
+	{"internal/diff", "\x03n\xbd\x01\x02"},
+	{"internal/exportdata", "\x02\x01k\x03\x03]\x1a,\x01\x05\x12\x01\x02"},
+	{"internal/filepathlite", "n+:\x19A"},
+	{"internal/fmtsort", "\x04\x9b\x02\x0e"},
+	{"internal/fuzz", "\x03\nA\x19\x04\x03\x03\x01\f\x0355\r\x02\x1d\x01\x05\x02\x05\v\x01\x02\x01\x01\v\x04\x02"},
+	{"internal/goarch", ""},
+	{"internal/godebug", "\x97\x01 {\x01\x12"},
+	{"internal/godebugs", ""},
+	{"internal/goexperiment", ""},
+	{"internal/goos", ""},
+	{"internal/goroot", "\x97\x02\x01\x05\x13\x02"},
+	{"internal/gover", "\x04"},
+	{"internal/goversion", ""},
+	{"internal/itoa", ""},
+	{"internal/lazyregexp", "\x97\x02\v\x0e\x02"},
+	{"internal/lazytemplate", "\xeb\x01,\x19\x02\v"},
+	{"internal/msan", "\xc5\x02"},
+	{"internal/nettrace", ""},
+	{"internal/obscuretestdata", "f\x85\x01,"},
+	{"internal/oserror", "n"},
+	{"internal/pkgbits", "\x03K\x19\a\x03\x05\vj\x0e\x1e\r\v\x01"},
+	{"internal/platform", ""},
+	{"internal/poll", "nO\x1a\x149\x0e\x01\x01\v\x06"},
+	{"internal/profile", "\x03\x04g\x03z7\f\x01\x01\x0f"},
+	{"internal/profilerecord", ""},
+	{"internal/race", "\x95\x01\xb0\x01"},
+	{"internal/reflectlite", "\x95\x01 3<!"},
+	{"internal/routebsd", "n,w\x13\x10\x11"},
+	{"internal/runtime/atomic", "\xae\x01\x97\x01"},
+	{"internal/runtime/exithook", "\xcc\x01y"},
+	{"internal/runtime/maps", "\x95\x01\x01\x1f\v\t\x06\x01u"},
+	{"internal/runtime/math", "\xb5\x01"},
+	{"internal/runtime/sys", "\xae\x01\a\x04"},
+	{"internal/saferio", "\xeb\x01Z"},
+	{"internal/singleflight", "\xb2\x02"},
+	{"internal/stringslite", "\x99\x01\xac\x01"},
+	{"internal/sync", "\x95\x01 \x14j\x12"},
+	{"internal/synctest", "\xc5\x02"},
+	{"internal/syscall/execenv", "\xb4\x02"},
+	{"internal/syscall/unix", "\x95\x01\x8f\x01\x10\x11"},
+	{"internal/sysinfo", "\xae\x01\x84\x01\x02"},
+	{"internal/syslist", ""},
+	{"internal/testenv", "\x03\na\x02\x01*\x1a\x10'+\x01\x05\a\v\x01\x02\x02\x01\n"},
+	{"internal/testlog", "\xb2\x02\x01\x12"},
+	{"internal/testpty", "n\x03f@\x1d"},
+	{"internal/trace", "\x02\x01\x01\x06]\a\x03n\x03\x03\x06\x03\n5\x01\x02\x0f\x06"},
+	{"internal/trace/internal/testgen", "\x03d\nl\x03\x02\x03\x011\v\x0e"},
+	{"internal/trace/internal/tracev1", "\x03\x01c\a\x03t\x06\r5\x01"},
+	{"internal/trace/raw", "\x02e\nq\x03\x06D\x01\x11"},
+	{"internal/trace/testtrace", "\x02\x01k\x03l\x03\x06\x057\v\x02\x01"},
+	{"internal/trace/tracev2", ""},
+	{"internal/trace/traceviewer", "\x02^\v\x06\x1a<\x16\a\a\x04\t\n\x15\x01\x05\a\v\x01\x02\r"},
+	{"internal/trace/traceviewer/format", ""},
+	{"internal/trace/version", "qq\t"},
+	{"internal/txtar", "\x03n\xa6\x01\x19"},
+	{"internal/types/errors", "\xaf\x02"},
+	{"internal/unsafeheader", "\xc5\x02"},
+	{"internal/xcoff", "Z\r\a\x03`\x1a,\x18\x01"},
+	{"internal/zstd", "g\a\x03z\x0f"},
+	{"io", "n\xc4\x01"},
+	{"io/fs", "n+*(1\x11\x12\x04"},
+	{"io/ioutil", "\xeb\x01\x01+\x16\x03"},
+	{"iter", "\xc9\x01[!"},
+	{"log", "qz\x05'\r\x0e\x01\f"},
+	{"log/internal", ""},
+	{"log/slog", "\x03\nU\t\x03\x03z\x04\x01\x02\x02\x04'\x05\t\x02\x01\x02\x01\f\x02\x02\x02"},
+	{"log/slog/internal", ""},
+	{"log/slog/internal/benchmarks", "\ra\x03z\x06\x03;\x10"},
+	{"log/slog/internal/buffer", "\xb2\x02"},
+	{"log/slog/internal/slogtest", "\xf1\x01"},
+	{"log/syslog", "n\x03~\x12\x16\x19\x02\r"},
+	{"maps", "\xee\x01W"},
+	{"math", "\xfa\x01K"},
+	{"math/big", "\x03k\x03)Q\r\x02\x021\x02\x01\x02\x13"},
+	{"math/bits", "\xc5\x02"},
+	{"math/cmplx", "\xf8\x01\x02"},
+	{"math/rand", "\xb6\x01B:\x01\x12"},
+	{"math/rand/v2", "n,\x02\\\x02K"},
+	{"mime", "\x02\x01c\b\x03z\f \x16\x03\x02\x0f\x02"},
+	{"mime/multipart", "\x02\x01G$\x03E5\f\x01\x06\x02\x15\x02\x06\x10\x02\x01\x15"},
+	{"mime/quotedprintable", "\x02\x01nz"},
+	{"net", "\x04\ta+\x1d\a\x04\x05\x05\a\x01\x04\x14\x01%\x06\r\t\x05\x01\x01\v\x06\a"},
+	{"net/http", "\x02\x01\x04\x04\x02=\b\x14\x01\a\x03E5\x01\x03\b\x01\x02\x02\x02\x01\x02\x06\x02\x01\x01\n\x01\x01\x05\x01\x02\x05\t\x01\x01\x01\x02\x01\f\x02\x02\x02\b\x01\x01\x01"},
+	{"net/http/cgi", "\x02P\x1c\x03z\x04\b\n\x01\x13\x01\x01\x01\x04\x01\x05\x02\t\x02\x01\x0f\x0e"},
+	{"net/http/cookiejar", "\x04j\x03\x90\x01\x01\b\f\x17\x03\x02\r\x04"},
+	{"net/http/fcgi", "\x02\x01\nZ\a\x03z\x16\x01\x01\x14\x19\x02\r"},
+	{"net/http/httptest", "\x02\x01\nE\x02\x1c\x01z\x04\x12\x01\n\t\x02\x18\x01\x02\r\x0e"},
+	{"net/http/httptrace", "\rEo@\x14\n "},
+	{"net/http/httputil", "\x02\x01\na\x03z\x04\x0f\x03\x01\x05\x02\x01\v\x01\x1a\x02\r\x0e"},
+	{"net/http/internal", "\x02\x01k\x03z"},
+	{"net/http/internal/ascii", "\xb0\x02\x11"},
+	{"net/http/internal/httpcommon", "\ra\x03\x96\x01\x0e\x01\x18\x01\x01\x02\x1b\x02"},
+	{"net/http/internal/testcert", "\xb0\x02"},
+	{"net/http/pprof", "\x02\x01\nd\x19,\x11$\x04\x13\x14\x01\r\x06\x02\x01\x02\x01\x0f"},
+	{"net/internal/cgotest", "\xd7\x01n"},
+	{"net/internal/socktest", "q\xc1\x01\x02"},
+	{"net/mail", "\x02l\x03z\x04\x0f\x03\x14\x1b\x02\r\x04"},
+	{"net/netip", "\x04j+\x01#;\x025\x15"},
+	{"net/rpc", "\x02g\x05\x03\x10\n`\x04\x12\x01\x1d\x0e\x03\x02"},
+	{"net/rpc/jsonrpc", "k\x03\x03z\x16\x11 "},
+	{"net/smtp", "\x19.\v\x14\b\x03z\x16\x14\x1b"},
+	{"net/textproto", "\x02\x01k\x03z\r\t.\x01\x02\x13"},
+	{"net/url", "n\x03\x86\x01%\x11\x02\x01\x15"},
+	{"os", "n+\x19\v\t\r\x03\x01\x04\x10\x018\t\x05\x01\x01\v\x06"},
+	{"os/exec", "\x03\naH \x01\x14\x01+\x06\a\v\x01\x04\v"},
+	{"os/exec/internal/fdtest", "\xb4\x02"},
+	{"os/signal", "\r\x8a\x02\x16\x05\x02"},
+	{"os/user", "qfM\v\x01\x02\x02\x11"},
+	{"path", "n+\xaa\x01"},
+	{"path/filepath", "n+\x19:+\r\t\x03\x04\x0f"},
+	{"plugin", "n\xc4\x01\x13"},
+	{"reflect", "n'\x04\x1c\b\f\x05\x02\x18\x06\n,\v\x03\x0f\x02\x02"},
+	{"reflect/internal/example1", ""},
+	{"reflect/internal/example2", ""},
+	{"regexp", "\x03\xe8\x018\n\x02\x01\x02\x0f\x02"},
+	{"regexp/syntax", "\xad\x02\x01\x01\x01\x11\x02"},
+	{"runtime", "\x95\x01\x04\x01\x02\f\x06\a\x02\x01\x01\x0f\x04\x01\x01\x01\x01\x03\x0fc"},
+	{"runtime/cgo", "\xd0\x01b\x01\x12"},
+	{"runtime/coverage", "\xa0\x01K"},
+	{"runtime/debug", "qUQ\r\t\x02\x01\x0f\x06"},
+	{"runtime/internal/wasitest", ""},
+	{"runtime/metrics", "\xb7\x01A,!"},
+	{"runtime/pprof", "\x02\x01\x01\x03\x06Z\a\x03$3#\r\x1f\r\t\x01\x01\x01\x02\x02\b\x03\x06"},
+	{"runtime/race", ""},
+	{"runtime/trace", "\rdz9\x0e\x01\x12"},
+	{"slices", "\x04\xea\x01\fK"},
+	{"sort", "\xca\x0103"},
+	{"strconv", "n+:%\x02I"},
+	{"strings", "n'\x04:\x18\x03\f8\x0f\x02\x02"},
+	{"structs", ""},
+	{"sync", "\xc9\x01\vP\x0f\x12"},
+	{"sync/atomic", "\xc5\x02"},
+	{"syscall", "n'\x01\x03\x01\x1b\b\x03\x03\x06[\x0e\x01\x12"},
+	{"testing", "\x03\na\x02\x01X\x0f\x13\r\x04\x1b\x06\x02\x05\x03\x05\x01\x02\x01\x02\x01\f\x02\x02\x02"},
+	{"testing/fstest", "n\x03z\x01\v%\x11\x03\b\a"},
+	{"testing/internal/testdeps", "\x02\v\xa7\x01'\x10,\x03\x05\x03\b\x06\x02\r"},
+	{"testing/iotest", "\x03k\x03z\x04"},
+	{"testing/quick", "p\x01\x87\x01\x04#\x11\x0f"},
+	{"testing/slogtest", "\ra\x03\x80\x01.\x05\x11\n"},
+	{"text/scanner", "\x03nz,*\x02"},
+	{"text/tabwriter", "qzX"},
+	{"text/template", "n\x03B8\x01\v\x1f\x01\x05\x01\x02\x05\f\x02\f\x03\x02"},
+	{"text/template/parse", "\x03n\xb3\x01\v\x01\x11\x02"},
+	{"time", "n+\x1d\x1d'*\x0e\x02\x11"},
+	{"time/tzdata", "n\xc6\x01\x11"},
+	{"unicode", ""},
+	{"unicode/utf16", ""},
+	{"unicode/utf8", ""},
+	{"unique", "\x95\x01>\x01P\x0e\x13\x12"},
+	{"unsafe", ""},
+	{"vendor/golang.org/x/crypto/chacha20", "\x10W\a\x8c\x01*&"},
+	{"vendor/golang.org/x/crypto/chacha20poly1305", "\x10W\a\xd8\x01\x04\x01"},
+	{"vendor/golang.org/x/crypto/cryptobyte", "d\n\x03\x88\x01& \n"},
+	{"vendor/golang.org/x/crypto/cryptobyte/asn1", ""},
+	{"vendor/golang.org/x/crypto/internal/alias", "\xc5\x02"},
+	{"vendor/golang.org/x/crypto/internal/poly1305", "Q\x16\x93\x01"},
+	{"vendor/golang.org/x/net/dns/dnsmessage", "n"},
+	{"vendor/golang.org/x/net/http/httpguts", "\x81\x02\x14\x1b\x13\r"},
+	{"vendor/golang.org/x/net/http/httpproxy", "n\x03\x90\x01\x15\x01\x19\x13\r"},
+	{"vendor/golang.org/x/net/http2/hpack", "\x03k\x03zG"},
+	{"vendor/golang.org/x/net/idna", "q\x87\x018\x13\x10\x02\x01"},
+	{"vendor/golang.org/x/net/nettest", "\x03d\a\x03z\x11\x05\x16\x01\f\v\x01\x02\x02\x01\n"},
+	{"vendor/golang.org/x/sys/cpu", "\x97\x02\r\v\x01\x15"},
+	{"vendor/golang.org/x/text/secure/bidirule", "n\xd5\x01\x11\x01"},
+	{"vendor/golang.org/x/text/transform", "\x03k}X"},
+	{"vendor/golang.org/x/text/unicode/bidi", "\x03\bf~?\x15"},
+	{"vendor/golang.org/x/text/unicode/norm", "g\nzG\x11\x11"},
+	{"weak", "\x95\x01\x8f\x01!"},
+}
diff --git a/vendor/golang.org/x/tools/internal/stdlib/import.go b/vendor/golang.org/x/tools/internal/stdlib/import.go
new file mode 100644
index 000000000..f6909878a
--- /dev/null
+++ b/vendor/golang.org/x/tools/internal/stdlib/import.go
@@ -0,0 +1,89 @@
+// Copyright 2025 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package stdlib
+
+// This file provides the API for the import graph of the standard library.
+//
+// Be aware that the compiler-generated code for every package
+// implicitly depends on package "runtime" and a handful of others
+// (see runtimePkgs in GOROOT/src/cmd/internal/objabi/pkgspecial.go).
+
+import (
+	"encoding/binary"
+	"iter"
+	"slices"
+	"strings"
+)
+
+// Imports returns the sequence of packages directly imported by the
+// named standard packages, in name order.
+// The imports of an unknown package are the empty set.
+//
+// The graph is built into the application and may differ from the
+// graph in the Go source tree being analyzed by the application.
+func Imports(pkgs ...string) iter.Seq[string] {
+	return func(yield func(string) bool) {
+		for _, pkg := range pkgs {
+			if i, ok := find(pkg); ok {
+				var depIndex uint64
+				for data := []byte(deps[i].deps); len(data) > 0; {
+					delta, n := binary.Uvarint(data)
+					depIndex += delta
+					if !yield(deps[depIndex].name) {
+						return
+					}
+					data = data[n:]
+				}
+			}
+		}
+	}
+}
+
+// Dependencies returns the set of all dependencies of the named
+// standard packages, including the initial package,
+// in a deterministic topological order.
+// The dependencies of an unknown package are the empty set.
+//
+// The graph is built into the application and may differ from the
+// graph in the Go source tree being analyzed by the application.
+func Dependencies(pkgs ...string) iter.Seq[string] {
+	return func(yield func(string) bool) {
+		for _, pkg := range pkgs {
+			if i, ok := find(pkg); ok {
+				var seen [1 + len(deps)/8]byte // bit set of seen packages
+				var visit func(i int) bool
+				visit = func(i int) bool {
+					bit := byte(1) << (i % 8)
+					if seen[i/8]&bit == 0 {
+						seen[i/8] |= bit
+						var depIndex uint64
+						for data := []byte(deps[i].deps); len(data) > 0; {
+							delta, n := binary.Uvarint(data)
+							depIndex += delta
+							if !visit(int(depIndex)) {
+								return false
+							}
+							data = data[n:]
+						}
+						if !yield(deps[i].name) {
+							return false
+						}
+					}
+					return true
+				}
+				if !visit(i) {
+					return
+				}
+			}
+		}
+	}
+}
+
+// find returns the index of pkg in the deps table.
+func find(pkg string) (int, bool) {
+	return slices.BinarySearchFunc(deps[:], pkg, func(p pkginfo, n string) int {
+		return strings.Compare(p.name, n)
+	})
+}
diff --git a/vendor/golang.org/x/tools/internal/stdlib/manifest.go b/vendor/golang.org/x/tools/internal/stdlib/manifest.go
index 9f0b871ff..00776a31b 100644
--- a/vendor/golang.org/x/tools/internal/stdlib/manifest.go
+++ b/vendor/golang.org/x/tools/internal/stdlib/manifest.go
@@ -1,4 +1,4 @@
-// Copyright 2024 The Go Authors. All rights reserved.
+// Copyright 2025 The Go Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
@@ -2151,6 +2151,8 @@ var PackageSymbols = map[string][]Symbol{
 		{"(Type).String", Method, 0},
 		{"(Version).GoString", Method, 0},
 		{"(Version).String", Method, 0},
+		{"(VersionIndex).Index", Method, 24},
+		{"(VersionIndex).IsHidden", Method, 24},
 		{"ARM_MAGIC_TRAMP_NUMBER", Const, 0},
 		{"COMPRESS_HIOS", Const, 6},
 		{"COMPRESS_HIPROC", Const, 6},
@@ -3834,6 +3836,7 @@ var PackageSymbols = map[string][]Symbol{
 		{"SymType", Type, 0},
 		{"SymVis", Type, 0},
 		{"Symbol", Type, 0},
+		{"Symbol.HasVersion", Field, 24},
 		{"Symbol.Info", Field, 0},
 		{"Symbol.Library", Field, 13},
 		{"Symbol.Name", Field, 0},
@@ -3843,18 +3846,12 @@ var PackageSymbols = map[string][]Symbol{
 		{"Symbol.Value", Field, 0},
 		{"Symbol.Version", Field, 13},
 		{"Symbol.VersionIndex", Field, 24},
-		{"Symbol.VersionScope", Field, 24},
-		{"SymbolVersionScope", Type, 24},
 		{"Type", Type, 0},
 		{"VER_FLG_BASE", Const, 24},
 		{"VER_FLG_INFO", Const, 24},
 		{"VER_FLG_WEAK", Const, 24},
 		{"Version", Type, 0},
-		{"VersionScopeGlobal", Const, 24},
-		{"VersionScopeHidden", Const, 24},
-		{"VersionScopeLocal", Const, 24},
-		{"VersionScopeNone", Const, 24},
-		{"VersionScopeSpecific", Const, 24},
+		{"VersionIndex", Type, 24},
 	},
 	"debug/gosym": {
 		{"(*DecodingError).Error", Method, 0},
@@ -7122,6 +7119,7 @@ var PackageSymbols = map[string][]Symbol{
 		{"FormatFileInfo", Func, 21},
 		{"Glob", Func, 16},
 		{"GlobFS", Type, 16},
+		{"Lstat", Func, 25},
 		{"ModeAppend", Const, 16},
 		{"ModeCharDevice", Const, 16},
 		{"ModeDevice", Const, 16},
@@ -7146,6 +7144,8 @@ var PackageSymbols = map[string][]Symbol{
 		{"ReadDirFile", Type, 16},
 		{"ReadFile", Func, 16},
 		{"ReadFileFS", Type, 16},
+		{"ReadLink", Func, 25},
+		{"ReadLinkFS", Type, 25},
 		{"SkipAll", Var, 20},
 		{"SkipDir", Var, 16},
 		{"Stat", Func, 16},
@@ -9149,6 +9149,8 @@ var PackageSymbols = map[string][]Symbol{
 		{"(*ProcessState).SysUsage", Method, 0},
 		{"(*ProcessState).SystemTime", Method, 0},
 		{"(*ProcessState).UserTime", Method, 0},
+		{"(*Root).Chmod", Method, 25},
+		{"(*Root).Chown", Method, 25},
 		{"(*Root).Close", Method, 24},
 		{"(*Root).Create", Method, 24},
 		{"(*Root).FS", Method, 24},
@@ -16757,9 +16759,11 @@ var PackageSymbols = map[string][]Symbol{
 	},
 	"testing/fstest": {
 		{"(MapFS).Glob", Method, 16},
+		{"(MapFS).Lstat", Method, 25},
 		{"(MapFS).Open", Method, 16},
 		{"(MapFS).ReadDir", Method, 16},
 		{"(MapFS).ReadFile", Method, 16},
+		{"(MapFS).ReadLink", Method, 25},
 		{"(MapFS).Stat", Method, 16},
 		{"(MapFS).Sub", Method, 16},
 		{"MapFS", Type, 16},
diff --git a/vendor/golang.org/x/tools/internal/stdlib/stdlib.go b/vendor/golang.org/x/tools/internal/stdlib/stdlib.go
index 98904017f..3d96d3bf6 100644
--- a/vendor/golang.org/x/tools/internal/stdlib/stdlib.go
+++ b/vendor/golang.org/x/tools/internal/stdlib/stdlib.go
@@ -6,7 +6,7 @@
 
 // Package stdlib provides a table of all exported symbols in the
 // standard library, along with the version at which they first
-// appeared.
+// appeared. It also provides the import graph of std packages.
 package stdlib
 
 import (
diff --git a/vendor/golang.org/x/tools/internal/typeparams/normalize.go b/vendor/golang.org/x/tools/internal/typeparams/normalize.go
index 93c80fdc9..f49802b8e 100644
--- a/vendor/golang.org/x/tools/internal/typeparams/normalize.go
+++ b/vendor/golang.org/x/tools/internal/typeparams/normalize.go
@@ -120,7 +120,7 @@ type termSet struct {
 	terms    termlist
 }
 
-func indentf(depth int, format string, args ...interface{}) {
+func indentf(depth int, format string, args ...any) {
 	fmt.Fprintf(os.Stderr, strings.Repeat(".", depth)+format+"\n", args...)
 }
 
diff --git a/vendor/golang.org/x/tools/internal/typesinternal/types.go b/vendor/golang.org/x/tools/internal/typesinternal/types.go
index 345348796..edf0347ec 100644
--- a/vendor/golang.org/x/tools/internal/typesinternal/types.go
+++ b/vendor/golang.org/x/tools/internal/typesinternal/types.go
@@ -32,12 +32,14 @@ func SetUsesCgo(conf *types.Config) bool {
 	return true
 }
 
-// ReadGo116ErrorData extracts additional information from types.Error values
+// ErrorCodeStartEnd extracts additional information from types.Error values
 // generated by Go version 1.16 and later: the error code, start position, and
 // end position. If all positions are valid, start <= err.Pos <= end.
 //
 // If the data could not be read, the final result parameter will be false.
-func ReadGo116ErrorData(err types.Error) (code ErrorCode, start, end token.Pos, ok bool) {
+//
+// TODO(adonovan): eliminate start/end when proposal #71803 is accepted.
+func ErrorCodeStartEnd(err types.Error) (code ErrorCode, start, end token.Pos, ok bool) {
 	var data [3]int
 	// By coincidence all of these fields are ints, which simplifies things.
 	v := reflect.ValueOf(err)
diff --git a/vendor/modernc.org/libc/CONTRIBUTORS b/vendor/modernc.org/libc/CONTRIBUTORS
index ae506d9de..a750cf7d3 100644
--- a/vendor/modernc.org/libc/CONTRIBUTORS
+++ b/vendor/modernc.org/libc/CONTRIBUTORS
@@ -16,7 +16,8 @@ Jason DeBettencourt <jasond17@gmail.com>
 Koichi Shiraishi <zchee.io@gmail.com>
 Marius Orcsik <marius@federated.id>
 Patricio Whittingslow <graded.sp@gmail.com>
+Roman Khafizianov <roman@any.org>
 Scot C Bontrager <scot@indievisible.org>
 Steffen Butzer <steffen(dot)butzer@outlook.com>
 W. Michael Petullo <mike@flyn.org>
-ZHU Zijia <piggynl@outlook.com>
+ZHU Zijia <piggynl@outlook.com>
\ No newline at end of file
diff --git a/vendor/modernc.org/libc/build_all_targets.sh b/vendor/modernc.org/libc/build_all_targets.sh
index c682fae2b..f0b66aa00 100644
--- a/vendor/modernc.org/libc/build_all_targets.sh
+++ b/vendor/modernc.org/libc/build_all_targets.sh
@@ -1,5 +1,5 @@
 set -e
-for tag in none libc.dmesg libc.membrk libc.memgrind libc.strace
+for tag in none libc.dmesg libc.membrk libc.memgrind libc.strace libc.memexpvar
 do
 	echo "-tags=$tag"
 	echo "GOOS=darwin GOARCH=amd64"
diff --git a/vendor/modernc.org/libc/ccgo_linux_arm64.go b/vendor/modernc.org/libc/ccgo_linux_arm64.go
index e62081955..dd003c214 100644
--- a/vendor/modernc.org/libc/ccgo_linux_arm64.go
+++ b/vendor/modernc.org/libc/ccgo_linux_arm64.go
@@ -13867,7 +13867,7 @@ func X__ctype_get_mb_cur_max(tls *TLS) (r Tsize_t) {
 	}
 	var v1 int32
 	_ = v1
-	if !!(*(*uintptr)(unsafe.Pointer((*t__pthread)(unsafe.Pointer(___get_tp(tls))).Flocale)) != 0) {
+	if !!(*(*uintptr)(unsafe.Pointer((*t__pthread)(unsafe.Pointer(uintptr(___get_tp(tls)))).Flocale)) != 0) {
 		v1 = int32(4)
 	} else {
 		v1 = int32(1)
@@ -24948,7 +24948,7 @@ func X__reset_tls(tls *TLS) {
 	var mem, p uintptr
 	var self Tpthread_t
 	_, _, _, _, _ = i, mem, n, p, self
-	self = ___get_tp(tls)
+	self = uintptr(___get_tp(tls))
 	n = *(*Tuintptr_t)(unsafe.Pointer((*t__pthread)(unsafe.Pointer(self)).Fdtv))
 	if n != 0 {
 		p = X__libc.Ftls_head
@@ -24984,7 +24984,7 @@ func X__init_ssp(tls *TLS, entropy uintptr) {
 	 * still be detected. Endianness is taken care of
 	 * automatically. */
 	*(*uint8)(unsafe.Pointer(uintptr(unsafe.Pointer(&X__stack_chk_guard)) + 1)) = uint8(0)
-	(*t__pthread)(unsafe.Pointer(___get_tp(tls))).Fcanary = X__stack_chk_guard
+	(*t__pthread)(unsafe.Pointer(uintptr(___get_tp(tls)))).Fcanary = X__stack_chk_guard
 }
 
 func X__stack_chk_fail(tls *TLS) {
@@ -25593,7 +25593,7 @@ func Xstrerror(tls *TLS, e int32) (r uintptr) {
 		trc("tls=%v e=%v, (%v:)", tls, e, origin(2))
 		defer func() { trc("-> %v", r) }()
 	}
-	return X__strerror_l(tls, e, (*t__pthread)(unsafe.Pointer(___get_tp(tls))).Flocale)
+	return X__strerror_l(tls, e, (*t__pthread)(unsafe.Pointer(uintptr(___get_tp(tls)))).Flocale)
 }
 
 func Xstrerror_l(tls *TLS, e int32, loc Tlocale_t) (r uintptr) {
@@ -31053,7 +31053,7 @@ func X__lctrans_cur(tls *TLS, msg uintptr) (r uintptr) {
 		trc("tls=%v msg=%v, (%v:)", tls, msg, origin(2))
 		defer func() { trc("-> %v", r) }()
 	}
-	return X__lctrans_impl(tls, msg, *(*uintptr)(unsafe.Pointer((*t__pthread)(unsafe.Pointer(___get_tp(tls))).Flocale + 5*8)))
+	return X__lctrans_impl(tls, msg, *(*uintptr)(unsafe.Pointer((*t__pthread)(unsafe.Pointer(uintptr(___get_tp(tls)))).Flocale + 5*8)))
 }
 
 func _swapc(tls *TLS, x Tuint32_t, c int32) (r Tuint32_t) {
@@ -31654,7 +31654,7 @@ func Xdcngettext(tls *TLS, domainname uintptr, msgid1 uintptr, msgid2 uintptr, n
 	var _ /* z at bp+8 */ uintptr
 	_, _, _, _, _, _, _, _, _, _, _, _, _, _, _, _, _, _, _, _, _, _, _, _, _, _, _, _, _, _, _, _, _, _, _, _, _, _, _, _, _, _, _, _, _ = alt_modlen, catlen, catname, csp, dirlen, dirname, domlen, l, lm, loc, loclen, locname, locp, map1, modlen, modname, name, np, old, old_cats, old_errno, p3, plural, q, r, r1, rem, rule, trans, v, v10, v11, v12, v14, v15, v17, v18, v21, v23, v26, v3, v5, v6, v8, v9
 	defer func() { Xrealloc(tls, name, 0) }()
-	loc = (*t__pthread)(unsafe.Pointer(___get_tp(tls))).Flocale
+	loc = (*t__pthread)(unsafe.Pointer(uintptr(___get_tp(tls)))).Flocale
 	old_errno = *(*int32)(unsafe.Pointer(X__errno_location(tls)))
 	/* match gnu gettext behaviour */
 	if !(msgid1 != 0) {
@@ -98326,7 +98326,7 @@ func Xiconv(tls *TLS, cd Ticonv_t, in uintptr, inb uintptr, out uintptr, outb ui
 	*(*Tmbstate_t)(unsafe.Pointer(bp + 24)) = Tmbstate_t{}
 	type1 = *(*uint8)(unsafe.Pointer(map1 + uintptr(-Int32FromInt32(1))))
 	totype = *(*uint8)(unsafe.Pointer(tomap + uintptr(-Int32FromInt32(1))))
-	ploc = ___get_tp(tls) + 152
+	ploc = uintptr(___get_tp(tls)) + 152
 	loc = *(*Tlocale_t)(unsafe.Pointer(ploc))
 	if !(in != 0) || !(*(*uintptr)(unsafe.Pointer(in)) != 0) || !(*(*Tsize_t)(unsafe.Pointer(inb)) != 0) {
 		return uint64(0)
@@ -99360,7 +99360,7 @@ func X__nl_langinfo(tls *TLS, item Tnl_item) (r uintptr) {
 		trc("tls=%v item=%v, (%v:)", tls, item, origin(2))
 		defer func() { trc("-> %v", r) }()
 	}
-	return X__nl_langinfo_l(tls, item, (*t__pthread)(unsafe.Pointer(___get_tp(tls))).Flocale)
+	return X__nl_langinfo_l(tls, item, (*t__pthread)(unsafe.Pointer(uintptr(___get_tp(tls)))).Flocale)
 }
 
 func Xnl_langinfo(tls *TLS, item Tnl_item) (r uintptr) {
@@ -100078,7 +100078,7 @@ func Xstrcoll(tls *TLS, l uintptr, r uintptr) (r1 int32) {
 		trc("tls=%v l=%v r=%v, (%v:)", tls, l, r, origin(2))
 		defer func() { trc("-> %v", r1) }()
 	}
-	return X__strcoll_l(tls, l, r, (*t__pthread)(unsafe.Pointer(___get_tp(tls))).Flocale)
+	return X__strcoll_l(tls, l, r, (*t__pthread)(unsafe.Pointer(uintptr(___get_tp(tls)))).Flocale)
 }
 
 func Xstrcoll_l(tls *TLS, l uintptr, r uintptr, loc Tlocale_t) (r1 int32) {
@@ -100244,7 +100244,7 @@ func Xstrfmon(tls *TLS, s uintptr, n Tsize_t, fmt uintptr, va uintptr) (r Tssize
 	var ret Tssize_t
 	_, _ = ap, ret
 	ap = va
-	ret = _vstrfmon_l(tls, s, n, (*t__pthread)(unsafe.Pointer(___get_tp(tls))).Flocale, fmt, ap)
+	ret = _vstrfmon_l(tls, s, n, (*t__pthread)(unsafe.Pointer(uintptr(___get_tp(tls)))).Flocale, fmt, ap)
 	_ = ap
 	return ret
 }
@@ -100319,7 +100319,7 @@ func Xstrxfrm(tls *TLS, dest uintptr, src uintptr, n Tsize_t) (r Tsize_t) {
 		trc("tls=%v dest=%v src=%v n=%v, (%v:)", tls, dest, src, n, origin(2))
 		defer func() { trc("-> %v", r) }()
 	}
-	return X__strxfrm_l(tls, dest, src, n, (*t__pthread)(unsafe.Pointer(___get_tp(tls))).Flocale)
+	return X__strxfrm_l(tls, dest, src, n, (*t__pthread)(unsafe.Pointer(uintptr(___get_tp(tls)))).Flocale)
 }
 
 // C documentation
@@ -100408,7 +100408,7 @@ func X__uselocale(tls *TLS, new1 Tlocale_t) (r Tlocale_t) {
 	var global, old, v1, v2 Tlocale_t
 	var self Tpthread_t
 	_, _, _, _, _ = global, old, self, v1, v2
-	self = ___get_tp(tls)
+	self = uintptr(___get_tp(tls))
 	old = (*t__pthread)(unsafe.Pointer(self)).Flocale
 	global = uintptr(unsafe.Pointer(&X__libc)) + 56
 	if new1 != 0 {
@@ -100451,7 +100451,7 @@ func Xwcscoll(tls *TLS, l uintptr, r uintptr) (r1 int32) {
 		trc("tls=%v l=%v r=%v, (%v:)", tls, l, r, origin(2))
 		defer func() { trc("-> %v", r1) }()
 	}
-	return X__wcscoll_l(tls, l, r, (*t__pthread)(unsafe.Pointer(___get_tp(tls))).Flocale)
+	return X__wcscoll_l(tls, l, r, (*t__pthread)(unsafe.Pointer(uintptr(___get_tp(tls)))).Flocale)
 }
 
 // C documentation
@@ -100492,7 +100492,7 @@ func Xwcsxfrm(tls *TLS, dest uintptr, src uintptr, n Tsize_t) (r Tsize_t) {
 		trc("tls=%v dest=%v src=%v n=%v, (%v:)", tls, dest, src, n, origin(2))
 		defer func() { trc("-> %v", r) }()
 	}
-	return X__wcsxfrm_l(tls, dest, src, n, (*t__pthread)(unsafe.Pointer(___get_tp(tls))).Flocale)
+	return X__wcsxfrm_l(tls, dest, src, n, (*t__pthread)(unsafe.Pointer(uintptr(___get_tp(tls)))).Flocale)
 }
 
 // C documentation
@@ -102254,7 +102254,7 @@ func Xasinh(tls *TLS, x3 float64) (r float64) {
 					if uint64(8) == uint64(8) {
 						y1 = x3 + Float64FromFloat32(1.329227995784916e+36)
 					} else {
-						y2 = x3 + Float64FromFloat32(1.329227995784916e+36)
+						y2 = float64(x3 + Float64FromFloat32(1.329227995784916e+36))
 					}
 				}
 			}
@@ -103035,7 +103035,7 @@ func Xcbrt(tls *TLS, x float64) (r1 float64) {
 		hx = hx/uint32(3) + _B1
 	}
 	p1 = bp
-	*(*Tuint64_t)(unsafe.Pointer(p1)) = *(*Tuint64_t)(unsafe.Pointer(p1)) & (Uint64FromUint64(1) << Int32FromInt32(63))
+	*(*Tuint64_t)(unsafe.Pointer(p1)) = Tuint64_t(*(*Tuint64_t)(unsafe.Pointer(p1)) & (Uint64FromUint64(1) << Int32FromInt32(63)))
 	*(*Tuint64_t)(unsafe.Pointer(bp)) |= uint64(hx) << int32(32)
 	t = *(*float64)(unsafe.Pointer(bp))
 	/*
@@ -103061,7 +103061,7 @@ func Xcbrt(tls *TLS, x float64) (r1 float64) {
 	 * before the final error is larger than 0.667 ulps.
 	 */
 	*(*float64)(unsafe.Pointer(bp)) = t
-	*(*Tuint64_t)(unsafe.Pointer(bp)) = (*(*Tuint64_t)(unsafe.Pointer(bp)) + Uint64FromUint32(0x80000000)) & uint64(0xffffffffc0000000)
+	*(*Tuint64_t)(unsafe.Pointer(bp)) = uint64(*(*Tuint64_t)(unsafe.Pointer(bp))+Uint64FromUint32(0x80000000)) & uint64(0xffffffffc0000000)
 	t = *(*float64)(unsafe.Pointer(bp))
 	/* one step Newton iteration to 53 bits with error < 0.667 ulps */
 	s = t * t             /* t*t is exact */
@@ -103313,9 +103313,9 @@ func Xcopysign(tls *TLS, x float64, y float64) (r float64) {
 	}{}
 	*(*float64)(unsafe.Pointer(bp + 8)) = y
 	p1 = bp
-	*(*Tuint64_t)(unsafe.Pointer(p1)) = *(*Tuint64_t)(unsafe.Pointer(p1)) & (-Uint64FromUint64(1) / Uint64FromInt32(2))
+	*(*Tuint64_t)(unsafe.Pointer(p1)) = Tuint64_t(*(*Tuint64_t)(unsafe.Pointer(p1)) & (-Uint64FromUint64(1) / Uint64FromInt32(2)))
 	p2 = bp
-	*(*Tuint64_t)(unsafe.Pointer(p2)) = *(*Tuint64_t)(unsafe.Pointer(p2)) | *(*Tuint64_t)(unsafe.Pointer(bp + 8))&(Uint64FromUint64(1)<<Int32FromInt32(63))
+	*(*Tuint64_t)(unsafe.Pointer(p2)) = Tuint64_t(*(*Tuint64_t)(unsafe.Pointer(p2)) | *(*Tuint64_t)(unsafe.Pointer(bp + 8))&(Uint64FromUint64(1)<<Int32FromInt32(63)))
 	return *(*float64)(unsafe.Pointer(bp))
 }
 
@@ -103388,7 +103388,7 @@ func Xcos(tls *TLS, x3 float64) (r float64) {
 				if uint64(8) == uint64(8) {
 					y1 = x3 + Float64FromFloat32(1.329227995784916e+36)
 				} else {
-					y2 = x3 + Float64FromFloat32(1.329227995784916e+36)
+					y2 = float64(x3 + Float64FromFloat32(1.329227995784916e+36))
 				}
 			}
 			return float64(1)
@@ -103553,7 +103553,7 @@ func Xcosh(tls *TLS, x3 float64) (r float64) {
 				if uint64(8) == uint64(8) {
 					y1 = x3 + Float64FromFloat32(1.329227995784916e+36)
 				} else {
-					y2 = x3 + Float64FromFloat32(1.329227995784916e+36)
+					y2 = float64(x3 + Float64FromFloat32(1.329227995784916e+36))
 				}
 			}
 			return Float64FromInt32(1)
@@ -104050,7 +104050,7 @@ func _specialcase(tls *TLS, tmp Tdouble_t, sbits Tuint64_t, ki Tuint64_t) (r flo
 	_, _, _, _, _, _, _, _, _, _, _ = hi, lo, scale, y, y1, y2, y3, v1, v3, v5, v7
 	if ki&uint64(0x80000000) == uint64(0) {
 		/* k > 0, the exponent of scale might have overflowed by <= 460.  */
-		sbits = sbits - Uint64FromUint64(1009)<<Int32FromInt32(52)
+		sbits = Tuint64_t(sbits - Uint64FromUint64(1009)<<Int32FromInt32(52))
 		scale = *(*float64)(unsafe.Pointer(&sbits))
 		y3 = float64(5.486124068793689e+303) * (scale + scale*tmp)
 		y = y3
@@ -104060,7 +104060,7 @@ func _specialcase(tls *TLS, tmp Tdouble_t, sbits Tuint64_t, ki Tuint64_t) (r flo
 		return v1
 	}
 	/* k < 0, need special care in the subnormal range.  */
-	sbits = sbits + Uint64FromUint64(1022)<<Int32FromInt32(52)
+	sbits = Tuint64_t(sbits + Uint64FromUint64(1022)<<Int32FromInt32(52))
 	scale = *(*float64)(unsafe.Pointer(&sbits))
 	y3 = scale + scale*tmp
 	if y3 < float64(1) {
@@ -104340,7 +104340,7 @@ func _specialcase1(tls *TLS, tmp Tdouble_t, sbits Tuint64_t, ki Tuint64_t) (r fl
 	_, _, _, _, _, _, _, _, _, _, _ = hi, lo, scale, y, y1, y2, y3, v1, v3, v5, v7
 	if ki&uint64(0x80000000) == uint64(0) {
 		/* k > 0, the exponent of scale might have overflowed by 1.  */
-		sbits = sbits - Uint64FromUint64(1)<<Int32FromInt32(52)
+		sbits = Tuint64_t(sbits - Uint64FromUint64(1)<<Int32FromInt32(52))
 		scale = *(*float64)(unsafe.Pointer(&sbits))
 		y3 = Float64FromInt32(2) * (scale + scale*tmp)
 		y = y3
@@ -104350,7 +104350,7 @@ func _specialcase1(tls *TLS, tmp Tdouble_t, sbits Tuint64_t, ki Tuint64_t) (r fl
 		return v1
 	}
 	/* k < 0, need special care in the subnormal range.  */
-	sbits = sbits + Uint64FromUint64(1022)<<Int32FromInt32(52)
+	sbits = Tuint64_t(sbits + Uint64FromUint64(1022)<<Int32FromInt32(52))
 	scale = *(*float64)(unsafe.Pointer(&sbits))
 	y3 = scale + scale*tmp
 	if y3 < float64(1) {
@@ -104960,7 +104960,7 @@ func Xfabs(tls *TLS, x float64) (r float64) {
 	}{}
 	*(*float64)(unsafe.Pointer(bp)) = x
 	p1 = bp
-	*(*Tuint64_t)(unsafe.Pointer(p1)) = *(*Tuint64_t)(unsafe.Pointer(p1)) & (-Uint64FromUint64(1) / Uint64FromInt32(2))
+	*(*Tuint64_t)(unsafe.Pointer(p1)) = Tuint64_t(*(*Tuint64_t)(unsafe.Pointer(p1)) & (-Uint64FromUint64(1) / Uint64FromInt32(2)))
 	return *(*float64)(unsafe.Pointer(bp))
 }
 
@@ -105284,8 +105284,8 @@ func _normalize(tls *TLS, x float64) (r Tnum) {
 		}
 		e = v2
 	}
-	ix = ix & (Uint64FromUint64(1)<<Int32FromInt32(52) - Uint64FromInt32(1))
-	ix = ix | Uint64FromUint64(1)<<Int32FromInt32(52)
+	ix = Tuint64_t(ix & (Uint64FromUint64(1)<<Int32FromInt32(52) - Uint64FromInt32(1)))
+	ix = Tuint64_t(ix | Uint64FromUint64(1)<<Int32FromInt32(52))
 	ix <<= uint64(1)
 	e -= Int32FromInt32(0x3ff) + Int32FromInt32(52) + Int32FromInt32(1)
 	return Tnum{
@@ -105808,8 +105808,8 @@ func Xfmod(tls *TLS, x float64, y float64) (r float64) {
 		}
 		uxi <<= Uint64FromInt32(-ex + int32(1))
 	} else {
-		uxi = uxi & (-Uint64FromUint64(1) >> Int32FromInt32(12))
-		uxi = uxi | Uint64FromUint64(1)<<Int32FromInt32(52)
+		uxi = Tuint64_t(uxi & (-Uint64FromUint64(1) >> Int32FromInt32(12)))
+		uxi = Tuint64_t(uxi | Uint64FromUint64(1)<<Int32FromInt32(52))
 	}
 	if !(ey != 0) {
 		i = *(*Tuint64_t)(unsafe.Pointer(bp + 16)) << int32(12)
@@ -105826,9 +105826,9 @@ func Xfmod(tls *TLS, x float64, y float64) (r float64) {
 		*(*Tuint64_t)(unsafe.Pointer(bp + 16)) <<= Uint64FromInt32(-ey + int32(1))
 	} else {
 		p6 = bp + 16
-		*(*Tuint64_t)(unsafe.Pointer(p6)) = *(*Tuint64_t)(unsafe.Pointer(p6)) & (-Uint64FromUint64(1) >> Int32FromInt32(12))
+		*(*Tuint64_t)(unsafe.Pointer(p6)) = Tuint64_t(*(*Tuint64_t)(unsafe.Pointer(p6)) & (-Uint64FromUint64(1) >> Int32FromInt32(12)))
 		p7 = bp + 16
-		*(*Tuint64_t)(unsafe.Pointer(p7)) = *(*Tuint64_t)(unsafe.Pointer(p7)) | Uint64FromUint64(1)<<Int32FromInt32(52)
+		*(*Tuint64_t)(unsafe.Pointer(p7)) = Tuint64_t(*(*Tuint64_t)(unsafe.Pointer(p7)) | Uint64FromUint64(1)<<Int32FromInt32(52))
 	}
 	/* x mod y */
 	for {
@@ -105867,7 +105867,7 @@ func Xfmod(tls *TLS, x float64, y float64) (r float64) {
 	}
 	/* scale result */
 	if ex > 0 {
-		uxi = uxi - Uint64FromUint64(1)<<Int32FromInt32(52)
+		uxi = Tuint64_t(uxi - Uint64FromUint64(1)<<Int32FromInt32(52))
 		uxi |= Uint64FromInt32(ex) << int32(52)
 	} else {
 		uxi >>= Uint64FromInt32(-ex + int32(1))
@@ -106064,9 +106064,9 @@ func Xfrexp(tls *TLS, x float64, e uintptr) (r float64) {
 	}
 	*(*int32)(unsafe.Pointer(e)) = ee - int32(0x3fe)
 	p1 = bp
-	*(*Tuint64_t)(unsafe.Pointer(p1)) = *(*Tuint64_t)(unsafe.Pointer(p1)) & Uint64FromUint64(0x800fffffffffffff)
+	*(*Tuint64_t)(unsafe.Pointer(p1)) = Tuint64_t(*(*Tuint64_t)(unsafe.Pointer(p1)) & Uint64FromUint64(0x800fffffffffffff))
 	p2 = bp
-	*(*Tuint64_t)(unsafe.Pointer(p2)) = *(*Tuint64_t)(unsafe.Pointer(p2)) | Uint64FromUint64(0x3fe0000000000000)
+	*(*Tuint64_t)(unsafe.Pointer(p2)) = Tuint64_t(*(*Tuint64_t)(unsafe.Pointer(p2)) | Uint64FromUint64(0x3fe0000000000000))
 	return *(*float64)(unsafe.Pointer(bp))
 }
 
@@ -106179,9 +106179,9 @@ func Xhypot(tls *TLS, x float64, y float64) (r float64) {
 	*(*float64)(unsafe.Pointer(bp + 8)) = y
 	/* arrange |x| >= |y| */
 	p1 = bp
-	*(*Tuint64_t)(unsafe.Pointer(p1)) = *(*Tuint64_t)(unsafe.Pointer(p1)) & (-Uint64FromUint64(1) >> Int32FromInt32(1))
+	*(*Tuint64_t)(unsafe.Pointer(p1)) = Tuint64_t(*(*Tuint64_t)(unsafe.Pointer(p1)) & (-Uint64FromUint64(1) >> Int32FromInt32(1)))
 	p2 = bp + 8
-	*(*Tuint64_t)(unsafe.Pointer(p2)) = *(*Tuint64_t)(unsafe.Pointer(p2)) & (-Uint64FromUint64(1) >> Int32FromInt32(1))
+	*(*Tuint64_t)(unsafe.Pointer(p2)) = Tuint64_t(*(*Tuint64_t)(unsafe.Pointer(p2)) & (-Uint64FromUint64(1) >> Int32FromInt32(1)))
 	if *(*Tuint64_t)(unsafe.Pointer(bp)) < *(*Tuint64_t)(unsafe.Pointer(bp + 8)) {
 		ut = *(*struct {
 			Fi [0]Tuint64_t
@@ -109056,7 +109056,7 @@ func Xlog(tls *TLS, x1 float64) (r1 float64) {
 		/* x is subnormal, normalize it.  */
 		v9 = x1 * float64(4.503599627370496e+15)
 		ix = *(*Tuint64_t)(unsafe.Pointer(&v9))
-		ix = ix - Uint64FromUint64(52)<<Int32FromInt32(52)
+		ix = Tuint64_t(ix - Uint64FromUint64(52)<<Int32FromInt32(52))
 	}
 	/* x = 2^k z; where z is in range [OFF,2*OFF) and exact.
 	   The range is split into N subintervals.
@@ -109064,7 +109064,7 @@ func Xlog(tls *TLS, x1 float64) (r1 float64) {
 	tmp = ix - uint64(OFF)
 	i = Int32FromUint64(tmp >> (Int32FromInt32(52) - Int32FromInt32(LOG_TABLE_BITS)) % Uint64FromInt32(Int32FromInt32(1)<<Int32FromInt32(LOG_TABLE_BITS)))
 	k = int32(Int64FromUint64(tmp) >> int32(52)) /* arithmetic shift */
-	iz = ix - tmp&(Uint64FromUint64(0xfff)<<Int32FromInt32(52))
+	iz = uint64(ix - tmp&(Uint64FromUint64(0xfff)<<Int32FromInt32(52)))
 	invc = (*(*struct {
 		Finvc float64
 		Flogc float64
@@ -109077,7 +109077,7 @@ func Xlog(tls *TLS, x1 float64) (r1 float64) {
 	/* log(x) = log1p(z/c-1) + log(c) + k*Ln2.  */
 	/* r ~= z/c - 1, |r| < 1/(2*N).  */
 	/* rounding error: 0x1p-55/N.  */
-	r = X__builtin_fma(tls, z, invc, -Float64FromFloat64(1))
+	r = float64(X__builtin_fma(tls, z, invc, -Float64FromFloat64(1)))
 	kd = float64(k)
 	/* hi + lo = r + log(c) + k*Ln2.  */
 	w = kd*X__log_data.Fln2hi + logc
@@ -109530,7 +109530,7 @@ func Xlog2(tls *TLS, x1 float64) (r1 float64) {
 		}
 		r = x1 - float64(1)
 		hi = r * X__log2_data.Finvln2hi
-		lo = r*X__log2_data.Finvln2lo + X__builtin_fma(tls, r, X__log2_data.Finvln2hi, -hi)
+		lo = r*X__log2_data.Finvln2lo + float64(X__builtin_fma(tls, r, X__log2_data.Finvln2hi, -hi))
 		r2 = r * r /* rounding error: 0x1p-62.  */
 		r4 = r2 * r2
 		/* Worst-case error is less than 0.54 ULP (0.55 ULP without fma).  */
@@ -109560,7 +109560,7 @@ func Xlog2(tls *TLS, x1 float64) (r1 float64) {
 		/* x is subnormal, normalize it.  */
 		v9 = x1 * float64(4.503599627370496e+15)
 		ix = *(*Tuint64_t)(unsafe.Pointer(&v9))
-		ix = ix - Uint64FromUint64(52)<<Int32FromInt32(52)
+		ix = Tuint64_t(ix - Uint64FromUint64(52)<<Int32FromInt32(52))
 	}
 	/* x = 2^k z; where z is in range [OFF,2*OFF) and exact.
 	   The range is split into N subintervals.
@@ -109568,7 +109568,7 @@ func Xlog2(tls *TLS, x1 float64) (r1 float64) {
 	tmp = ix - uint64(OFF)
 	i = Int32FromUint64(tmp >> (Int32FromInt32(52) - Int32FromInt32(LOG2_TABLE_BITS)) % Uint64FromInt32(Int32FromInt32(1)<<Int32FromInt32(LOG2_TABLE_BITS)))
 	k = int32(Int64FromUint64(tmp) >> int32(52)) /* arithmetic shift */
-	iz = ix - tmp&(Uint64FromUint64(0xfff)<<Int32FromInt32(52))
+	iz = uint64(ix - tmp&(Uint64FromUint64(0xfff)<<Int32FromInt32(52)))
 	invc = (*(*struct {
 		Finvc float64
 		Flogc float64
@@ -109582,9 +109582,9 @@ func Xlog2(tls *TLS, x1 float64) (r1 float64) {
 	/* log2(x) = log2(z/c) + log2(c) + k.  */
 	/* r ~= z/c - 1, |r| < 1/(2*N).  */
 	/* rounding error: 0x1p-55/N.  */
-	r = X__builtin_fma(tls, z, invc, -Float64FromFloat64(1))
+	r = float64(X__builtin_fma(tls, z, invc, -Float64FromFloat64(1)))
 	t1 = r * X__log2_data.Finvln2hi
-	t2 = r*X__log2_data.Finvln2lo + X__builtin_fma(tls, r, X__log2_data.Finvln2hi, -t1)
+	t2 = r*X__log2_data.Finvln2lo + float64(X__builtin_fma(tls, r, X__log2_data.Finvln2hi, -t1))
 	/* hi + lo = r/ln2 + log2(c) + k.  */
 	t3 = kd + logc
 	hi = t3 + t1
@@ -110001,21 +110001,21 @@ func Xmodf(tls *TLS, x float64, iptr uintptr) (r float64) {
 			return x
 		}
 		p1 = bp
-		*(*Tuint64_t)(unsafe.Pointer(p1)) = *(*Tuint64_t)(unsafe.Pointer(p1)) & (Uint64FromUint64(1) << Int32FromInt32(63))
+		*(*Tuint64_t)(unsafe.Pointer(p1)) = Tuint64_t(*(*Tuint64_t)(unsafe.Pointer(p1)) & (Uint64FromUint64(1) << Int32FromInt32(63)))
 		return *(*float64)(unsafe.Pointer(bp))
 	}
 	/* no integral part*/
 	if e < 0 {
 		p2 = bp
-		*(*Tuint64_t)(unsafe.Pointer(p2)) = *(*Tuint64_t)(unsafe.Pointer(p2)) & (Uint64FromUint64(1) << Int32FromInt32(63))
+		*(*Tuint64_t)(unsafe.Pointer(p2)) = Tuint64_t(*(*Tuint64_t)(unsafe.Pointer(p2)) & (Uint64FromUint64(1) << Int32FromInt32(63)))
 		*(*float64)(unsafe.Pointer(iptr)) = *(*float64)(unsafe.Pointer(bp))
 		return x
 	}
-	mask = -Uint64FromUint64(1) >> Int32FromInt32(12) >> e
+	mask = uint64(-Uint64FromUint64(1) >> Int32FromInt32(12) >> e)
 	if *(*Tuint64_t)(unsafe.Pointer(bp))&mask == uint64(0) {
 		*(*float64)(unsafe.Pointer(iptr)) = x
 		p3 = bp
-		*(*Tuint64_t)(unsafe.Pointer(p3)) = *(*Tuint64_t)(unsafe.Pointer(p3)) & (Uint64FromUint64(1) << Int32FromInt32(63))
+		*(*Tuint64_t)(unsafe.Pointer(p3)) = Tuint64_t(*(*Tuint64_t)(unsafe.Pointer(p3)) & (Uint64FromUint64(1) << Int32FromInt32(63)))
 		return *(*float64)(unsafe.Pointer(bp))
 	}
 	*(*Tuint64_t)(unsafe.Pointer(bp)) &= ^mask
@@ -110170,13 +110170,13 @@ _2:
 	if *(*Tuint64_t)(unsafe.Pointer(bp + 8)) == *(*Tuint64_t)(unsafe.Pointer(bp + 16)) {
 		return y3
 	}
-	ax = *(*Tuint64_t)(unsafe.Pointer(bp + 8)) & (-Uint64FromUint64(1) / Uint64FromInt32(2))
-	ay = *(*Tuint64_t)(unsafe.Pointer(bp + 16)) & (-Uint64FromUint64(1) / Uint64FromInt32(2))
+	ax = uint64(*(*Tuint64_t)(unsafe.Pointer(bp + 8)) & (-Uint64FromUint64(1) / Uint64FromInt32(2)))
+	ay = uint64(*(*Tuint64_t)(unsafe.Pointer(bp + 16)) & (-Uint64FromUint64(1) / Uint64FromInt32(2)))
 	if ax == uint64(0) {
 		if ay == uint64(0) {
 			return y3
 		}
-		*(*Tuint64_t)(unsafe.Pointer(bp + 8)) = *(*Tuint64_t)(unsafe.Pointer(bp + 16))&(Uint64FromUint64(1)<<Int32FromInt32(63)) | uint64(1)
+		*(*Tuint64_t)(unsafe.Pointer(bp + 8)) = uint64(*(*Tuint64_t)(unsafe.Pointer(bp + 16))&(Uint64FromUint64(1)<<Int32FromInt32(63)) | uint64(1))
 	} else {
 		if ax > ay || (*(*Tuint64_t)(unsafe.Pointer(bp + 8))^*(*Tuint64_t)(unsafe.Pointer(bp + 16)))&(Uint64FromUint64(1)<<Int32FromInt32(63)) != 0 {
 			*(*Tuint64_t)(unsafe.Pointer(bp + 8))--
@@ -110481,7 +110481,7 @@ func _log_inline(tls *TLS, ix Tuint64_t, tail uintptr) (r1 Tdouble_t) {
 	tmp = ix - uint64(OFF2)
 	i = Int32FromUint64(tmp >> (Int32FromInt32(52) - Int32FromInt32(POW_LOG_TABLE_BITS)) % Uint64FromInt32(Int32FromInt32(1)<<Int32FromInt32(POW_LOG_TABLE_BITS)))
 	k = int32(Int64FromUint64(tmp) >> int32(52)) /* arithmetic shift */
-	iz = ix - tmp&(Uint64FromUint64(0xfff)<<Int32FromInt32(52))
+	iz = uint64(ix - tmp&(Uint64FromUint64(0xfff)<<Int32FromInt32(52)))
 	z = *(*float64)(unsafe.Pointer(&iz))
 	kd = float64(k)
 	/* log(x) = k*Ln2 + log(c) + log1p(z/c-1).  */
@@ -110505,7 +110505,7 @@ func _log_inline(tls *TLS, ix Tuint64_t, tail uintptr) (r1 Tdouble_t) {
 	})(unsafe.Pointer(uintptr(unsafe.Pointer(&X__pow_log_data)) + 72 + uintptr(i)*32))).Flogctail
 	/* Note: 1/c is j/N or j/N/2 where j is an integer in [N,2N) and
 	   |z/c - 1| < 1/N, so r = z/c - 1 is exactly representible.  */
-	r = X__builtin_fma(tls, z, invc, -Float64FromFloat64(1))
+	r = float64(X__builtin_fma(tls, z, invc, -Float64FromFloat64(1)))
 	/* k*Ln2 + log(c) + r.  */
 	t1 = kd*X__pow_log_data.Fln2hi + logc
 	t2 = t1 + r
@@ -110516,7 +110516,7 @@ func _log_inline(tls *TLS, ix Tuint64_t, tail uintptr) (r1 Tdouble_t) {
 	ar3 = r * ar2
 	/* k*Ln2 + log(c) + r + A[0]*r*r.  */
 	hi = t2 + ar2
-	lo3 = X__builtin_fma(tls, ar, r, -ar2)
+	lo3 = float64(X__builtin_fma(tls, ar, r, -ar2))
 	lo4 = t2 - hi + ar2
 	/* p = log1p(r) - r - A[0]*r*r.  */
 	p = ar3 * (*(*float64)(unsafe.Pointer(uintptr(unsafe.Pointer(&X__pow_log_data)) + 16 + 1*8)) + r**(*float64)(unsafe.Pointer(uintptr(unsafe.Pointer(&X__pow_log_data)) + 16 + 2*8)) + ar2*(*(*float64)(unsafe.Pointer(uintptr(unsafe.Pointer(&X__pow_log_data)) + 16 + 3*8))+r**(*float64)(unsafe.Pointer(uintptr(unsafe.Pointer(&X__pow_log_data)) + 16 + 4*8))+ar2*(*(*float64)(unsafe.Pointer(uintptr(unsafe.Pointer(&X__pow_log_data)) + 16 + 5*8))+r**(*float64)(unsafe.Pointer(uintptr(unsafe.Pointer(&X__pow_log_data)) + 16 + 6*8)))))
@@ -110542,7 +110542,7 @@ func _specialcase2(tls *TLS, tmp Tdouble_t, sbits Tuint64_t, ki Tuint64_t) (r fl
 	_, _, _, _, _, _, _, _, _, _, _, _, _ = hi, lo, one, scale, y, y1, y2, y3, v1, v3, v5, v6, v8
 	if ki&uint64(0x80000000) == uint64(0) {
 		/* k > 0, the exponent of scale might have overflowed by <= 460.  */
-		sbits = sbits - Uint64FromUint64(1009)<<Int32FromInt32(52)
+		sbits = Tuint64_t(sbits - Uint64FromUint64(1009)<<Int32FromInt32(52))
 		scale = *(*float64)(unsafe.Pointer(&sbits))
 		y3 = float64(5.486124068793689e+303) * (scale + scale*tmp)
 		y = y3
@@ -110552,7 +110552,7 @@ func _specialcase2(tls *TLS, tmp Tdouble_t, sbits Tuint64_t, ki Tuint64_t) (r fl
 		return v1
 	}
 	/* k < 0, need special care in the subnormal range.  */
-	sbits = sbits + Uint64FromUint64(1022)<<Int32FromInt32(52)
+	sbits = Tuint64_t(sbits + Uint64FromUint64(1022)<<Int32FromInt32(52))
 	/* Note: sbits is signed scale.  */
 	scale = *(*float64)(unsafe.Pointer(&sbits))
 	y3 = scale + scale*tmp
@@ -110812,12 +110812,12 @@ func Xpow(tls *TLS, x1 float64, y1 float64) (r float64) {
 			v15 = x1 * float64(4.503599627370496e+15)
 			ix = *(*Tuint64_t)(unsafe.Pointer(&v15))
 			ix &= uint64(0x7fffffffffffffff)
-			ix = ix - Uint64FromUint64(52)<<Int32FromInt32(52)
+			ix = Tuint64_t(ix - Uint64FromUint64(52)<<Int32FromInt32(52))
 		}
 	}
 	hi = _log_inline(tls, ix, bp)
 	ehi = y1 * hi
-	elo = y1**(*Tdouble_t)(unsafe.Pointer(bp)) + X__builtin_fma(tls, y1, hi, -ehi)
+	elo = y1**(*Tdouble_t)(unsafe.Pointer(bp)) + float64(X__builtin_fma(tls, y1, hi, -ehi))
 	return _exp_inline(tls, ehi, elo, sign_bias)
 }
 
@@ -111183,8 +111183,8 @@ func Xremquo(tls *TLS, x float64, y float64, quo uintptr) (r float64) {
 		}
 		uxi <<= Uint64FromInt32(-ex + int32(1))
 	} else {
-		uxi = uxi & (-Uint64FromUint64(1) >> Int32FromInt32(12))
-		uxi = uxi | Uint64FromUint64(1)<<Int32FromInt32(52)
+		uxi = Tuint64_t(uxi & (-Uint64FromUint64(1) >> Int32FromInt32(12)))
+		uxi = Tuint64_t(uxi | Uint64FromUint64(1)<<Int32FromInt32(52))
 	}
 	if !(ey != 0) {
 		i = *(*Tuint64_t)(unsafe.Pointer(bp + 16)) << int32(12)
@@ -111201,9 +111201,9 @@ func Xremquo(tls *TLS, x float64, y float64, quo uintptr) (r float64) {
 		*(*Tuint64_t)(unsafe.Pointer(bp + 16)) <<= Uint64FromInt32(-ey + int32(1))
 	} else {
 		p6 = bp + 16
-		*(*Tuint64_t)(unsafe.Pointer(p6)) = *(*Tuint64_t)(unsafe.Pointer(p6)) & (-Uint64FromUint64(1) >> Int32FromInt32(12))
+		*(*Tuint64_t)(unsafe.Pointer(p6)) = Tuint64_t(*(*Tuint64_t)(unsafe.Pointer(p6)) & (-Uint64FromUint64(1) >> Int32FromInt32(12)))
 		p7 = bp + 16
-		*(*Tuint64_t)(unsafe.Pointer(p7)) = *(*Tuint64_t)(unsafe.Pointer(p7)) | Uint64FromUint64(1)<<Int32FromInt32(52)
+		*(*Tuint64_t)(unsafe.Pointer(p7)) = Tuint64_t(*(*Tuint64_t)(unsafe.Pointer(p7)) | Uint64FromUint64(1)<<Int32FromInt32(52))
 	}
 	q = uint32(0)
 	if ex < ey {
@@ -111253,7 +111253,7 @@ end:
 	;
 	/* scale result and decide between |x| and |x|-|y| */
 	if ex > 0 {
-		uxi = uxi - Uint64FromUint64(1)<<Int32FromInt32(52)
+		uxi = Tuint64_t(uxi - Uint64FromUint64(1)<<Int32FromInt32(52))
 		uxi |= Uint64FromInt32(ex) << int32(52)
 	} else {
 		uxi >>= Uint64FromInt32(-ex + int32(1))
@@ -111611,7 +111611,7 @@ func Xround(tls *TLS, x3 float64) (r float64) {
 			if uint64(8) == uint64(8) {
 				y1 = x3 + _toint6
 			} else {
-				y2 = x3 + _toint6
+				y2 = float64(x3 + _toint6)
 			}
 		}
 		return Float64FromInt32(0) * *(*float64)(unsafe.Pointer(bp))
@@ -113368,7 +113368,7 @@ func Xtrunc(tls *TLS, x3 float64) (r float64) {
 	if e < int32(12) {
 		e = int32(1)
 	}
-	m = -Uint64FromUint64(1) >> e
+	m = uint64(-Uint64FromUint64(1) >> e)
 	if *(*Tuint64_t)(unsafe.Pointer(bp))&m == uint64(0) {
 		return x3
 	}
@@ -113378,7 +113378,7 @@ func Xtrunc(tls *TLS, x3 float64) (r float64) {
 		if uint64(8) == uint64(8) {
 			y1 = x3 + Float64FromFloat32(1.329227995784916e+36)
 		} else {
-			y2 = x3 + Float64FromFloat32(1.329227995784916e+36)
+			y2 = float64(x3 + Float64FromFloat32(1.329227995784916e+36))
 		}
 	}
 	*(*Tuint64_t)(unsafe.Pointer(bp)) &= ^m
@@ -116571,7 +116571,7 @@ func Xbtowc(tls *TLS, c int32) (r Twint_t) {
 	if Uint32FromInt32(b) < uint32(128) {
 		v1 = Uint32FromInt32(b)
 	} else {
-		if !!(*(*uintptr)(unsafe.Pointer((*t__pthread)(unsafe.Pointer(___get_tp(tls))).Flocale)) != 0) {
+		if !!(*(*uintptr)(unsafe.Pointer((*t__pthread)(unsafe.Pointer(uintptr(___get_tp(tls)))).Flocale)) != 0) {
 			v3 = int32(4)
 		} else {
 			v3 = int32(1)
@@ -116772,7 +116772,7 @@ func Xmbrtowc(tls *TLS, wc uintptr, src uintptr, n Tsize_t, st uintptr) (r Tsize
 			*(*Twchar_t)(unsafe.Pointer(wc)) = v1
 			return BoolUint64(!!(v1 != 0))
 		}
-		if !!(*(*uintptr)(unsafe.Pointer((*t__pthread)(unsafe.Pointer(___get_tp(tls))).Flocale)) != 0) {
+		if !!(*(*uintptr)(unsafe.Pointer((*t__pthread)(unsafe.Pointer(uintptr(___get_tp(tls)))).Flocale)) != 0) {
 			v2 = int32(4)
 		} else {
 			v2 = int32(1)
@@ -116943,7 +116943,7 @@ func Xmbsrtowcs(tls *TLS, ws uintptr, src uintptr, wn Tsize_t, st uintptr) (r Ts
 			goto resume0
 		}
 	}
-	if !!(*(*uintptr)(unsafe.Pointer((*t__pthread)(unsafe.Pointer(___get_tp(tls))).Flocale)) != 0) {
+	if !!(*(*uintptr)(unsafe.Pointer((*t__pthread)(unsafe.Pointer(uintptr(___get_tp(tls)))).Flocale)) != 0) {
 		v3 = int32(4)
 	} else {
 		v3 = int32(1)
@@ -117171,7 +117171,7 @@ func Xmbtowc(tls *TLS, wc uintptr, src uintptr, n Tsize_t) (r int32) {
 		*(*Twchar_t)(unsafe.Pointer(wc)) = v1
 		return BoolInt32(!!(v1 != 0))
 	}
-	if !!(*(*uintptr)(unsafe.Pointer((*t__pthread)(unsafe.Pointer(___get_tp(tls))).Flocale)) != 0) {
+	if !!(*(*uintptr)(unsafe.Pointer((*t__pthread)(unsafe.Pointer(uintptr(___get_tp(tls)))).Flocale)) != 0) {
 		v2 = int32(4)
 	} else {
 		v2 = int32(1)
@@ -117241,7 +117241,7 @@ func Xwcrtomb(tls *TLS, s uintptr, wc Twchar_t, st uintptr) (r Tsize_t) {
 		*(*uint8)(unsafe.Pointer(s)) = uint8(wc)
 		return uint64(1)
 	} else {
-		if !!(*(*uintptr)(unsafe.Pointer((*t__pthread)(unsafe.Pointer(___get_tp(tls))).Flocale)) != 0) {
+		if !!(*(*uintptr)(unsafe.Pointer((*t__pthread)(unsafe.Pointer(uintptr(___get_tp(tls)))).Flocale)) != 0) {
 			v1 = int32(4)
 		} else {
 			v1 = int32(1)
@@ -117448,7 +117448,7 @@ func Xwctob(tls *TLS, c Twint_t) (r int32) {
 	if c < uint32(128) {
 		return Int32FromUint32(c)
 	}
-	if !!(*(*uintptr)(unsafe.Pointer((*t__pthread)(unsafe.Pointer(___get_tp(tls))).Flocale)) != 0) {
+	if !!(*(*uintptr)(unsafe.Pointer((*t__pthread)(unsafe.Pointer(uintptr(___get_tp(tls)))).Flocale)) != 0) {
 		v1 = int32(4)
 	} else {
 		v1 = int32(1)
@@ -121074,10 +121074,10 @@ func X__h_errno_location(tls *TLS) (r uintptr) {
 		trc("tls=%v, (%v:)", tls, origin(2))
 		defer func() { trc("-> %v", r) }()
 	}
-	if !((*t__pthread)(unsafe.Pointer(___get_tp(tls))).Fstack != 0) {
+	if !((*t__pthread)(unsafe.Pointer(uintptr(___get_tp(tls)))).Fstack != 0) {
 		return uintptr(unsafe.Pointer(&Xh_errno))
 	}
-	return ___get_tp(tls) + 144
+	return uintptr(___get_tp(tls)) + 144
 }
 
 func Xherror(tls *TLS, msg uintptr) {
@@ -127885,7 +127885,7 @@ func _fnmatch_internal(tls *TLS, pat uintptr, m Tsize_t, str uintptr, n Tsize_t,
 			break
 		}
 		if v9 = uint32(*(*uint8)(unsafe.Pointer(s + uintptr(-Int32FromInt32(1))))) < uint32(128); !v9 {
-			if !!(*(*uintptr)(unsafe.Pointer((*t__pthread)(unsafe.Pointer(___get_tp(tls))).Flocale)) != 0) {
+			if !!(*(*uintptr)(unsafe.Pointer((*t__pthread)(unsafe.Pointer(uintptr(___get_tp(tls)))).Flocale)) != 0) {
 				v8 = int32(4)
 			} else {
 				v8 = int32(1)
@@ -134350,7 +134350,7 @@ func Xraise(tls *TLS, sig int32) (r int32) {
 	var _ /* set at bp+0 */ Tsigset_t
 	_ = ret
 	X__block_app_sigs(tls, bp)
-	ret = int32(X__syscall_ret(tls, Uint64FromInt64(X__syscall2(tls, int64(SYS_tkill), int64((*t__pthread)(unsafe.Pointer(___get_tp(tls))).Ftid), int64(sig)))))
+	ret = int32(X__syscall_ret(tls, Uint64FromInt64(X__syscall2(tls, int64(SYS_tkill), int64((*t__pthread)(unsafe.Pointer(uintptr(___get_tp(tls)))).Ftid), int64(sig)))))
 	X__restore_sigs(tls, bp)
 	return ret
 }
@@ -135144,13 +135144,13 @@ func _fstatat_statx(tls *TLS, fd int32, path uintptr, st uintptr, flag int32) (r
 		return ret
 	}
 	*(*Tstat)(unsafe.Pointer(st)) = Tstat{
-		Fst_dev:     uint64((*(*Tstatx1)(unsafe.Pointer(bp))).Fstx_dev_major)&Uint64FromUint64(0xfffff000)<<Int32FromInt32(32) | uint64((*(*Tstatx1)(unsafe.Pointer(bp))).Fstx_dev_major)&Uint64FromUint64(0x00000fff)<<Int32FromInt32(8) | uint64((*(*Tstatx1)(unsafe.Pointer(bp))).Fstx_dev_minor)&Uint64FromUint64(0xffffff00)<<Int32FromInt32(12) | uint64((*(*Tstatx1)(unsafe.Pointer(bp))).Fstx_dev_minor)&Uint64FromUint64(0x000000ff),
+		Fst_dev:     uint64(uint64((*(*Tstatx1)(unsafe.Pointer(bp))).Fstx_dev_major)&Uint64FromUint64(0xfffff000)<<Int32FromInt32(32) | uint64((*(*Tstatx1)(unsafe.Pointer(bp))).Fstx_dev_major)&Uint64FromUint64(0x00000fff)<<Int32FromInt32(8) | uint64((*(*Tstatx1)(unsafe.Pointer(bp))).Fstx_dev_minor)&Uint64FromUint64(0xffffff00)<<Int32FromInt32(12) | uint64((*(*Tstatx1)(unsafe.Pointer(bp))).Fstx_dev_minor)&Uint64FromUint64(0x000000ff)),
 		Fst_ino:     (*(*Tstatx1)(unsafe.Pointer(bp))).Fstx_ino,
 		Fst_mode:    uint32((*(*Tstatx1)(unsafe.Pointer(bp))).Fstx_mode),
 		Fst_nlink:   (*(*Tstatx1)(unsafe.Pointer(bp))).Fstx_nlink,
 		Fst_uid:     (*(*Tstatx1)(unsafe.Pointer(bp))).Fstx_uid,
 		Fst_gid:     (*(*Tstatx1)(unsafe.Pointer(bp))).Fstx_gid,
-		Fst_rdev:    uint64((*(*Tstatx1)(unsafe.Pointer(bp))).Fstx_rdev_major)&Uint64FromUint64(0xfffff000)<<Int32FromInt32(32) | uint64((*(*Tstatx1)(unsafe.Pointer(bp))).Fstx_rdev_major)&Uint64FromUint64(0x00000fff)<<Int32FromInt32(8) | uint64((*(*Tstatx1)(unsafe.Pointer(bp))).Fstx_rdev_minor)&Uint64FromUint64(0xffffff00)<<Int32FromInt32(12) | uint64((*(*Tstatx1)(unsafe.Pointer(bp))).Fstx_rdev_minor)&Uint64FromUint64(0x000000ff),
+		Fst_rdev:    uint64(uint64((*(*Tstatx1)(unsafe.Pointer(bp))).Fstx_rdev_major)&Uint64FromUint64(0xfffff000)<<Int32FromInt32(32) | uint64((*(*Tstatx1)(unsafe.Pointer(bp))).Fstx_rdev_major)&Uint64FromUint64(0x00000fff)<<Int32FromInt32(8) | uint64((*(*Tstatx1)(unsafe.Pointer(bp))).Fstx_rdev_minor)&Uint64FromUint64(0xffffff00)<<Int32FromInt32(12) | uint64((*(*Tstatx1)(unsafe.Pointer(bp))).Fstx_rdev_minor)&Uint64FromUint64(0x000000ff)),
 		Fst_size:    Int64FromUint64((*(*Tstatx1)(unsafe.Pointer(bp))).Fstx_size),
 		Fst_blksize: Int32FromUint32((*(*Tstatx1)(unsafe.Pointer(bp))).Fstx_blksize),
 		Fst_blocks:  Int64FromUint64((*(*Tstatx1)(unsafe.Pointer(bp))).Fstx_blocks),
@@ -136438,7 +136438,7 @@ func Xfgetc(tls *TLS, f1 uintptr) (r int32) {
 	_, _, _, _, _, _ = l, v1, v2, v4, v5, v6
 	v1 = f1
 	l = AtomicLoadPInt32(v1 + 140)
-	if l < 0 || l != 0 && l & ^Int32FromInt32(MAYBE_WAITERS) == (*t__pthread)(unsafe.Pointer(___get_tp(tls))).Ftid {
+	if l < 0 || l != 0 && l & ^Int32FromInt32(MAYBE_WAITERS) == (*t__pthread)(unsafe.Pointer(uintptr(___get_tp(tls)))).Ftid {
 		if (*TFILE)(unsafe.Pointer(v1)).Frpos != (*TFILE)(unsafe.Pointer(v1)).Frend {
 			v6 = v1 + 8
 			v5 = *(*uintptr)(unsafe.Pointer(v6))
@@ -136682,7 +136682,7 @@ func X__fgetwc_unlocked(tls *TLS, f uintptr) (r Twint_t) {
 	var ploc uintptr
 	var wc Twchar_t
 	_, _, _ = loc, ploc, wc
-	ploc = ___get_tp(tls) + 152
+	ploc = uintptr(___get_tp(tls)) + 152
 	loc = *(*Tlocale_t)(unsafe.Pointer(ploc))
 	if (*TFILE)(unsafe.Pointer(f)).Fmode <= 0 {
 		Xfwide(tls, f, int32(1))
@@ -136833,7 +136833,7 @@ func Xflockfile(tls *TLS, f uintptr) {
 		return
 	}
 	___lockfile(tls, f)
-	X__register_locked_file(tls, f, ___get_tp(tls))
+	X__register_locked_file(tls, f, uintptr(___get_tp(tls)))
 }
 
 type Tcookie = struct {
@@ -137333,7 +137333,7 @@ func Xfputc(tls *TLS, c1 int32, f1 uintptr) (r int32) {
 	v1 = c1
 	v2 = f1
 	l = AtomicLoadPInt32(v2 + 140)
-	if l < 0 || l != 0 && l & ^Int32FromInt32(MAYBE_WAITERS) == (*t__pthread)(unsafe.Pointer(___get_tp(tls))).Ftid {
+	if l < 0 || l != 0 && l & ^Int32FromInt32(MAYBE_WAITERS) == (*t__pthread)(unsafe.Pointer(uintptr(___get_tp(tls)))).Ftid {
 		if Int32FromUint8(Uint8FromInt32(v1)) != (*TFILE)(unsafe.Pointer(v2)).Flbf && (*TFILE)(unsafe.Pointer(v2)).Fwpos != (*TFILE)(unsafe.Pointer(v2)).Fwend {
 			v6 = Uint8FromInt32(v1)
 			v8 = v2 + 40
@@ -137385,7 +137385,7 @@ func X__fputwc_unlocked(tls *TLS, c Twchar_t, f uintptr) (r Twint_t) {
 	var v2 uint8
 	var _ /* mbc at bp+0 */ [4]uint8
 	_, _, _, _, _, _, _ = l, loc, ploc, v1, v2, v3, v4
-	ploc = ___get_tp(tls) + 152
+	ploc = uintptr(___get_tp(tls)) + 152
 	loc = *(*Tlocale_t)(unsafe.Pointer(ploc))
 	if (*TFILE)(unsafe.Pointer(f)).Fmode <= 0 {
 		Xfwide(tls, f, int32(1))
@@ -137477,7 +137477,7 @@ func Xfputws(tls *TLS, _ws uintptr, f uintptr) (r int32) {
 	var _ /* buf at bp+8 */ [1024]uint8
 	_, _, _, _, _, _, _ = __need_unlock, l, loc, ploc, v1, v2, v3
 	l = uint64(0)
-	ploc = ___get_tp(tls) + 152
+	ploc = uintptr(___get_tp(tls)) + 152
 	loc = *(*Tlocale_t)(unsafe.Pointer(ploc))
 	if AtomicLoadPInt32(f+140) >= 0 {
 		v1 = ___lockfile(tls, f)
@@ -137853,7 +137853,7 @@ func X__do_orphaned_stdio_locks(tls *TLS) {
 	}
 	var f uintptr
 	_ = f
-	f = (*t__pthread)(unsafe.Pointer(___get_tp(tls))).Fstdio_locks
+	f = (*t__pthread)(unsafe.Pointer(uintptr(___get_tp(tls)))).Fstdio_locks
 	for {
 		if !(f != 0) {
 			break
@@ -137881,7 +137881,7 @@ func X__unlist_locked_file(tls *TLS, f uintptr) {
 		if (*TFILE)(unsafe.Pointer(f)).Fprev_locked != 0 {
 			(*TFILE)(unsafe.Pointer((*TFILE)(unsafe.Pointer(f)).Fprev_locked)).Fnext_locked = (*TFILE)(unsafe.Pointer(f)).Fnext_locked
 		} else {
-			(*t__pthread)(unsafe.Pointer(___get_tp(tls))).Fstdio_locks = (*TFILE)(unsafe.Pointer(f)).Fnext_locked
+			(*t__pthread)(unsafe.Pointer(uintptr(___get_tp(tls)))).Fstdio_locks = (*TFILE)(unsafe.Pointer(f)).Fnext_locked
 		}
 	}
 }
@@ -137909,7 +137909,7 @@ func Xftrylockfile(tls *TLS, f uintptr) (r1 int32) {
 	var v10 bool
 	var v2 uintptr
 	_, _, _, _, _, _, _, _, _, _, _, _ = old, owner, r, self, tid, v, v1, v10, v2, v3, v6, v8
-	self = ___get_tp(tls)
+	self = uintptr(___get_tp(tls))
 	tid = (*t__pthread)(unsafe.Pointer(self)).Ftid
 	owner = AtomicLoadPInt32(f + 140)
 	if owner & ^Int32FromInt32(MAYBE_WAITERS) == tid {
@@ -137991,7 +137991,7 @@ func Xfwide(tls *TLS, f uintptr, mode int32) (r int32) {
 	__need_unlock = v1
 	if mode != 0 {
 		if !((*TFILE)(unsafe.Pointer(f)).Flocale != 0) {
-			if !!(*(*uintptr)(unsafe.Pointer((*t__pthread)(unsafe.Pointer(___get_tp(tls))).Flocale)) != 0) {
+			if !!(*(*uintptr)(unsafe.Pointer((*t__pthread)(unsafe.Pointer(uintptr(___get_tp(tls)))).Flocale)) != 0) {
 				v3 = int32(4)
 			} else {
 				v3 = int32(1)
@@ -138228,7 +138228,7 @@ func Xgetc(tls *TLS, f1 uintptr) (r int32) {
 	_, _, _, _, _, _ = l, v1, v2, v4, v5, v6
 	v1 = f1
 	l = AtomicLoadPInt32(v1 + 140)
-	if l < 0 || l != 0 && l & ^Int32FromInt32(MAYBE_WAITERS) == (*t__pthread)(unsafe.Pointer(___get_tp(tls))).Ftid {
+	if l < 0 || l != 0 && l & ^Int32FromInt32(MAYBE_WAITERS) == (*t__pthread)(unsafe.Pointer(uintptr(___get_tp(tls)))).Ftid {
 		if (*TFILE)(unsafe.Pointer(v1)).Frpos != (*TFILE)(unsafe.Pointer(v1)).Frend {
 			v6 = v1 + 8
 			v5 = *(*uintptr)(unsafe.Pointer(v6))
@@ -138383,7 +138383,7 @@ func Xgetchar(tls *TLS) (r int32) {
 	_, _, _, _, _, _ = l, v1, v2, v4, v5, v6
 	v1 = uintptr(unsafe.Pointer(&X__stdin_FILE))
 	l = AtomicLoadPInt32(v1 + 140)
-	if l < 0 || l != 0 && l & ^Int32FromInt32(MAYBE_WAITERS) == (*t__pthread)(unsafe.Pointer(___get_tp(tls))).Ftid {
+	if l < 0 || l != 0 && l & ^Int32FromInt32(MAYBE_WAITERS) == (*t__pthread)(unsafe.Pointer(uintptr(___get_tp(tls)))).Ftid {
 		if (*TFILE)(unsafe.Pointer(v1)).Frpos != (*TFILE)(unsafe.Pointer(v1)).Frend {
 			v6 = v1 + 8
 			v5 = *(*uintptr)(unsafe.Pointer(v6))
@@ -139130,7 +139130,7 @@ func Xputc(tls *TLS, c1 int32, f1 uintptr) (r int32) {
 	v1 = c1
 	v2 = f1
 	l = AtomicLoadPInt32(v2 + 140)
-	if l < 0 || l != 0 && l & ^Int32FromInt32(MAYBE_WAITERS) == (*t__pthread)(unsafe.Pointer(___get_tp(tls))).Ftid {
+	if l < 0 || l != 0 && l & ^Int32FromInt32(MAYBE_WAITERS) == (*t__pthread)(unsafe.Pointer(uintptr(___get_tp(tls)))).Ftid {
 		if Int32FromUint8(Uint8FromInt32(v1)) != (*TFILE)(unsafe.Pointer(v2)).Flbf && (*TFILE)(unsafe.Pointer(v2)).Fwpos != (*TFILE)(unsafe.Pointer(v2)).Fwend {
 			v6 = Uint8FromInt32(v1)
 			v8 = v2 + 40
@@ -139295,7 +139295,7 @@ func Xputchar(tls *TLS, c1 int32) (r int32) {
 	v1 = c1
 	v2 = uintptr(unsafe.Pointer(&X__stdout_FILE))
 	l = AtomicLoadPInt32(v2 + 140)
-	if l < 0 || l != 0 && l & ^Int32FromInt32(MAYBE_WAITERS) == (*t__pthread)(unsafe.Pointer(___get_tp(tls))).Ftid {
+	if l < 0 || l != 0 && l & ^Int32FromInt32(MAYBE_WAITERS) == (*t__pthread)(unsafe.Pointer(uintptr(___get_tp(tls)))).Ftid {
 		if Int32FromUint8(Uint8FromInt32(v1)) != (*TFILE)(unsafe.Pointer(v2)).Flbf && (*TFILE)(unsafe.Pointer(v2)).Fwpos != (*TFILE)(unsafe.Pointer(v2)).Fwend {
 			v6 = Uint8FromInt32(v1)
 			v8 = v2 + 40
@@ -139822,7 +139822,7 @@ func Xungetwc(tls *TLS, c Twint_t, f uintptr) (r Twint_t) {
 	var v3 bool
 	var _ /* mbc at bp+0 */ [4]uint8
 	_, _, _, _, _, _, _, _, _, _ = __need_unlock, l, loc, ploc, v1, v2, v3, v4, v5, p6
-	ploc = ___get_tp(tls) + 152
+	ploc = uintptr(___get_tp(tls)) + 152
 	loc = *(*Tlocale_t)(unsafe.Pointer(ploc))
 	if AtomicLoadPInt32(f+140) >= 0 {
 		v1 = ___lockfile(tls, f)
@@ -140074,7 +140074,7 @@ func _pop_arg(tls *TLS, arg uintptr, type1 int32, ap uintptr) {
 	case int32(_ULONG):
 		(*Targ)(unsafe.Pointer(arg)).Fi = VaUint64(&*(*Tva_list)(unsafe.Pointer(ap)))
 	case int32(_ULLONG):
-		(*Targ)(unsafe.Pointer(arg)).Fi = VaUint64(&*(*Tva_list)(unsafe.Pointer(ap)))
+		(*Targ)(unsafe.Pointer(arg)).Fi = uint64(VaUint64(&*(*Tva_list)(unsafe.Pointer(ap))))
 	case int32(_SHORT):
 		(*Targ)(unsafe.Pointer(arg)).Fi = Uint64FromInt16(int16(VaInt32(&*(*Tva_list)(unsafe.Pointer(ap)))))
 	case int32(_USHORT):
@@ -140096,7 +140096,7 @@ func _pop_arg(tls *TLS, arg uintptr, type1 int32, ap uintptr) {
 	case int32(_UIPTR):
 		(*Targ)(unsafe.Pointer(arg)).Fi = uint64(VaUintptr(&*(*Tva_list)(unsafe.Pointer(ap))))
 	case int32(_DBL):
-		*(*float64)(unsafe.Pointer(arg)) = VaFloat64(&*(*Tva_list)(unsafe.Pointer(ap)))
+		*(*float64)(unsafe.Pointer(arg)) = float64(VaFloat64(&*(*Tva_list)(unsafe.Pointer(ap))))
 	case int32(_LDBL):
 		*(*float64)(unsafe.Pointer(arg)) = VaFloat64(&*(*Tva_list)(unsafe.Pointer(ap)))
 	}
@@ -142251,7 +142251,7 @@ func _pop_arg1(tls *TLS, arg uintptr, type1 int32, ap uintptr) {
 	case int32(_ULONG):
 		(*Targ)(unsafe.Pointer(arg)).Fi = VaUint64(&*(*Tva_list)(unsafe.Pointer(ap)))
 	case int32(_ULLONG):
-		(*Targ)(unsafe.Pointer(arg)).Fi = VaUint64(&*(*Tva_list)(unsafe.Pointer(ap)))
+		(*Targ)(unsafe.Pointer(arg)).Fi = uint64(VaUint64(&*(*Tva_list)(unsafe.Pointer(ap))))
 	case int32(_SHORT):
 		(*Targ)(unsafe.Pointer(arg)).Fi = Uint64FromInt16(int16(VaInt32(&*(*Tva_list)(unsafe.Pointer(ap)))))
 	case int32(_USHORT):
@@ -142273,7 +142273,7 @@ func _pop_arg1(tls *TLS, arg uintptr, type1 int32, ap uintptr) {
 	case int32(_UIPTR):
 		(*Targ)(unsafe.Pointer(arg)).Fi = uint64(VaUintptr(&*(*Tva_list)(unsafe.Pointer(ap))))
 	case int32(_DBL):
-		*(*float64)(unsafe.Pointer(arg)) = VaFloat64(&*(*Tva_list)(unsafe.Pointer(ap)))
+		*(*float64)(unsafe.Pointer(arg)) = float64(VaFloat64(&*(*Tva_list)(unsafe.Pointer(ap))))
 	case int32(_LDBL):
 		*(*float64)(unsafe.Pointer(arg)) = VaFloat64(&*(*Tva_list)(unsafe.Pointer(ap)))
 	}
@@ -144435,7 +144435,7 @@ func Xstrtoul(tls *TLS, s uintptr, p uintptr, base int32) (r uint64) {
 		trc("tls=%v s=%v p=%v base=%v, (%v:)", tls, s, p, base, origin(2))
 		defer func() { trc("-> %v", r) }()
 	}
-	return _strtox1(tls, s, p, base, Uint64FromUint64(2)*Uint64FromInt64(0x7fffffffffffffff)+Uint64FromInt32(1))
+	return _strtox1(tls, s, p, base, uint64(Uint64FromUint64(2)*Uint64FromInt64(0x7fffffffffffffff)+Uint64FromInt32(1)))
 }
 
 func Xstrtol(tls *TLS, s uintptr, p uintptr, base int32) (r int64) {
@@ -144443,7 +144443,7 @@ func Xstrtol(tls *TLS, s uintptr, p uintptr, base int32) (r int64) {
 		trc("tls=%v s=%v p=%v base=%v, (%v:)", tls, s, p, base, origin(2))
 		defer func() { trc("-> %v", r) }()
 	}
-	return Int64FromUint64(_strtox1(tls, s, p, base, Uint64FromUint64(0)+Uint64FromInt64(-Int64FromInt64(0x7fffffffffffffff)-Int64FromInt32(1))))
+	return Int64FromUint64(_strtox1(tls, s, p, base, uint64(Uint64FromUint64(0)+Uint64FromInt64(-Int64FromInt64(0x7fffffffffffffff)-Int64FromInt32(1)))))
 }
 
 func Xstrtoimax(tls *TLS, s uintptr, p uintptr, base int32) (r Tintmax_t) {
@@ -144715,7 +144715,7 @@ func Xwcstoul(tls *TLS, s uintptr, p uintptr, base int32) (r uint64) {
 		trc("tls=%v s=%v p=%v base=%v, (%v:)", tls, s, p, base, origin(2))
 		defer func() { trc("-> %v", r) }()
 	}
-	return _wcstox1(tls, s, p, base, Uint64FromUint64(2)*Uint64FromInt64(0x7fffffffffffffff)+Uint64FromInt32(1))
+	return _wcstox1(tls, s, p, base, uint64(Uint64FromUint64(2)*Uint64FromInt64(0x7fffffffffffffff)+Uint64FromInt32(1)))
 }
 
 func Xwcstol(tls *TLS, s uintptr, p uintptr, base int32) (r int64) {
@@ -144723,7 +144723,7 @@ func Xwcstol(tls *TLS, s uintptr, p uintptr, base int32) (r int64) {
 		trc("tls=%v s=%v p=%v base=%v, (%v:)", tls, s, p, base, origin(2))
 		defer func() { trc("-> %v", r) }()
 	}
-	return Int64FromUint64(_wcstox1(tls, s, p, base, Uint64FromUint64(0)+Uint64FromInt64(-Int64FromInt64(0x7fffffffffffffff)-Int64FromInt32(1))))
+	return Int64FromUint64(_wcstox1(tls, s, p, base, uint64(Uint64FromUint64(0)+Uint64FromInt64(-Int64FromInt64(0x7fffffffffffffff)-Int64FromInt32(1)))))
 }
 
 func Xwcstoimax(tls *TLS, s uintptr, p uintptr, base int32) (r Tintmax_t) {
@@ -148815,7 +148815,7 @@ func _scan_trans(tls *TLS, t int64, local int32, alt uintptr) (r Tsize_t) {
 		if local != 0 {
 			off = Int32FromUint32(_zi_read32(tls, _types+uintptr(int32(6)*Int32FromUint8(*(*uint8)(unsafe.Pointer(_index + uintptr(m-uint64(1))))))))
 		}
-		if t-int64(off) < Int64FromUint64(x) {
+		if t-int64(off) < int64(Int64FromUint64(x)) {
 			n /= uint64(2)
 		} else {
 			a = m
@@ -148855,7 +148855,7 @@ func _scan_trans(tls *TLS, t int64, local int32, alt uintptr) (r Tsize_t) {
 		}
 		/* If t is before first transition, use the above-found type
 		 * and the index-zero (after transition) type as the alt. */
-		if t-int64(off) < Int64FromUint64(x) {
+		if t-int64(off) < int64(Int64FromUint64(x)) {
 			if alt != 0 {
 				*(*Tsize_t)(unsafe.Pointer(alt)) = uint64(*(*uint8)(unsafe.Pointer(_index)))
 			}
@@ -149975,7 +149975,7 @@ func Xstrftime(tls *TLS, s uintptr, n Tsize_t, f uintptr, tm uintptr) (r Tsize_t
 		trc("tls=%v s=%v n=%v f=%v tm=%v, (%v:)", tls, s, n, f, tm, origin(2))
 		defer func() { trc("-> %v", r) }()
 	}
-	return X__strftime_l(tls, s, n, f, tm, (*t__pthread)(unsafe.Pointer(___get_tp(tls))).Flocale)
+	return X__strftime_l(tls, s, n, f, tm, (*t__pthread)(unsafe.Pointer(uintptr(___get_tp(tls)))).Flocale)
 }
 
 func Xstrftime_l(tls *TLS, s uintptr, n Tsize_t, f uintptr, tm uintptr, loc Tlocale_t) (r Tsize_t) {
@@ -150719,7 +150719,7 @@ func Xwcsftime(tls *TLS, wcs uintptr, n Tsize_t, f uintptr, tm uintptr) (r Tsize
 		trc("tls=%v wcs=%v n=%v f=%v tm=%v, (%v:)", tls, wcs, n, f, tm, origin(2))
 		defer func() { trc("-> %v", r) }()
 	}
-	return X__wcsftime_l(tls, wcs, n, f, tm, (*t__pthread)(unsafe.Pointer(___get_tp(tls))).Flocale)
+	return X__wcsftime_l(tls, wcs, n, f, tm, (*t__pthread)(unsafe.Pointer(uintptr(___get_tp(tls)))).Flocale)
 }
 
 func Xwcsftime_l(tls *TLS, s uintptr, n Tsize_t, f uintptr, tm uintptr, loc Tlocale_t) (r Tsize_t) {
diff --git a/vendor/modernc.org/libc/ccgo_linux_loong64.go b/vendor/modernc.org/libc/ccgo_linux_loong64.go
index f2d05a87e..419658922 100644
--- a/vendor/modernc.org/libc/ccgo_linux_loong64.go
+++ b/vendor/modernc.org/libc/ccgo_linux_loong64.go
@@ -318,8 +318,9 @@ const __GCC_HAVE_SYNC_COMPARE_AND_SWAP_8 = 1
 const __GCC_IEC_559 = 2
 const __GCC_IEC_559_COMPLEX = 2
 const __GNUC_EXECUTION_CHARSET_NAME = "UTF-8"
-const __GNUC_MINOR__ = 1
-const __GNUC_PATCHLEVEL__ = 0
+const __GNUC_MINOR__ = 2
+const __GNUC_PATCHLEVEL__ = 1
+const __GNUC_RH_RELEASE__ = 6
 const __GNUC_STDC_INLINE__ = 1
 const __GNUC_WIDE_EXECUTION_CHARSET_NAME = "UTF-32LE"
 const __GNUC__ = 14
@@ -530,7 +531,7 @@ const __UTA_FBIT__ = 64
 const __UTA_IBIT__ = 64
 const __UTQ_FBIT__ = 128
 const __UTQ_IBIT__ = 0
-const __VERSION__ = "14.1.0 20240507 (Red Hat 14.1.0-1)"
+const __VERSION__ = "14.2.1 20241104 (Red Hat 14.2.1-6)"
 const __WCHAR_MAX__ = 2147483647
 const __WCHAR_MIN__ = -2147483648
 const __WCHAR_TYPE__ = 0
diff --git a/vendor/modernc.org/libc/etc.go b/vendor/modernc.org/libc/etc.go
index 9f12366fd..2d76cc499 100644
--- a/vendor/modernc.org/libc/etc.go
+++ b/vendor/modernc.org/libc/etc.go
@@ -592,32 +592,6 @@ func roundup(n, to uintptr) uintptr {
 	return n
 }
 
-func GoString(s uintptr) string {
-	if s == 0 {
-		return ""
-	}
-
-	var buf []byte
-	for {
-		b := *(*byte)(unsafe.Pointer(s))
-		if b == 0 {
-			return string(buf)
-		}
-
-		buf = append(buf, b)
-		s++
-	}
-}
-
-// GoBytes returns a byte slice from a C char* having length len bytes.
-func GoBytes(s uintptr, len int) []byte {
-	if len == 0 {
-		return nil
-	}
-
-	return (*RawMem)(unsafe.Pointer(s))[:len:len]
-}
-
 func Bool(v bool) bool { return v }
 
 func Bool32(b bool) int32 {
diff --git a/vendor/modernc.org/libc/libc_all.go b/vendor/modernc.org/libc/libc_all.go
index 6e3b97764..7bc730b76 100644
--- a/vendor/modernc.org/libc/libc_all.go
+++ b/vendor/modernc.org/libc/libc_all.go
@@ -32,3 +32,21 @@ func X__sync_sub_and_fetch[T constraints.Integer](t *TLS, p uintptr, v T) T {
 		panic(todo(""))
 	}
 }
+
+// GoString returns the value of a C string at s.
+func GoString(s uintptr) string {
+	if s == 0 {
+		return ""
+	}
+
+	p := s
+	for *(*byte)(unsafe.Pointer(p)) != 0 {
+		p++
+	}
+	return string(unsafe.Slice((*byte)(unsafe.Pointer(s)), p-s))
+}
+
+// GoBytes returns a byte slice from a C char* having length len bytes.
+func GoBytes(s uintptr, len int) []byte {
+	return unsafe.Slice((*byte)(unsafe.Pointer(s)), len)
+}
diff --git a/vendor/modernc.org/libc/libc_musl.go b/vendor/modernc.org/libc/libc_musl.go
index a385f7eef..e2d5220a0 100644
--- a/vendor/modernc.org/libc/libc_musl.go
+++ b/vendor/modernc.org/libc/libc_musl.go
@@ -229,29 +229,6 @@ func CString(s string) (uintptr, error) {
 	return p, nil
 }
 
-// GoBytes returns a byte slice from a C char* having length len bytes.
-func GoBytes(s uintptr, len int) []byte {
-	return unsafe.Slice((*byte)(unsafe.Pointer(s)), len)
-}
-
-// GoString returns the value of a C string at s.
-func GoString(s uintptr) string {
-	if s == 0 {
-		return ""
-	}
-
-	var buf []byte
-	for {
-		b := *(*byte)(unsafe.Pointer(s))
-		if b == 0 {
-			return string(buf)
-		}
-
-		buf = append(buf, b)
-		s++
-	}
-}
-
 func mustMalloc(sz Tsize_t) (r uintptr) {
 	if r = Xmalloc(nil, sz); r != 0 || sz == 0 {
 		return r
diff --git a/vendor/modernc.org/libc/mem.go b/vendor/modernc.org/libc/mem.go
index cf4644edc..df852c2d6 100644
--- a/vendor/modernc.org/libc/mem.go
+++ b/vendor/modernc.org/libc/mem.go
@@ -121,6 +121,25 @@ func UsableSize(p uintptr) types.Size_t {
 	return types.Size_t(memory.UintptrUsableSize(p))
 }
 
+type MemAllocatorStat struct {
+	Allocs int
+	Bytes  int
+	Mmaps  int
+}
+
+// MemStat returns the global memory allocator statistics.
+// should be compiled with the memory.counters build tag for the data to be available.
+func MemStat() MemAllocatorStat {
+	allocMu.Lock()
+	defer allocMu.Unlock()
+
+	return MemAllocatorStat{
+		Allocs: allocator.Allocs,
+		Bytes:  allocator.Bytes,
+		Mmaps:  allocator.Mmaps,
+	}
+}
+
 // MemAuditStart locks the memory allocator, initializes and enables memory
 // auditing. Finaly it unlocks the memory allocator.
 //
diff --git a/vendor/modernc.org/libc/mem_brk.go b/vendor/modernc.org/libc/mem_brk.go
index 3881d8e88..eb2032dba 100644
--- a/vendor/modernc.org/libc/mem_brk.go
+++ b/vendor/modernc.org/libc/mem_brk.go
@@ -93,6 +93,17 @@ func UsableSize(p uintptr) types.Size_t {
 	return types.Size_t(*(*uintptr)(unsafe.Pointer(p - uintptrSize)))
 }
 
+type MemAllocatorStat struct {
+	Allocs int
+	Bytes  int
+	Mmaps  int
+}
+
+// MemStat no-op for this build tag
+func MemStat() MemAllocatorStat {
+	return MemAllocatorStat{}
+}
+
 // MemAuditStart locks the memory allocator, initializes and enables memory
 // auditing. Finaly it unlocks the memory allocator.
 //
diff --git a/vendor/modernc.org/libc/mem_brk_musl.go b/vendor/modernc.org/libc/mem_brk_musl.go
index c42fb7be1..c0a4ade52 100644
--- a/vendor/modernc.org/libc/mem_brk_musl.go
+++ b/vendor/modernc.org/libc/mem_brk_musl.go
@@ -281,6 +281,17 @@ func UsableSize(p uintptr) Tsize_t {
 	return heapUsable[p]
 }
 
+type MemAllocatorStat struct {
+	Allocs int
+	Bytes  int
+	Mmaps  int
+}
+
+// MemStat no-op for this build tag
+func MemStat() MemAllocatorStat {
+	return MemAllocatorStat{}
+}
+
 // MemAuditStart locks the memory allocator, initializes and enables memory
 // auditing. Finaly it unlocks the memory allocator.
 //
diff --git a/vendor/modernc.org/libc/mem_expvar.go b/vendor/modernc.org/libc/mem_expvar.go
new file mode 100644
index 000000000..e2c5aae7a
--- /dev/null
+++ b/vendor/modernc.org/libc/mem_expvar.go
@@ -0,0 +1,12 @@
+//go:build libc.memexpvar
+
+package libc
+
+import "expvar"
+
+func init() {
+	// make sure to build with -tags=memory.counters to have the actual data accumulated in memory allocator
+	expvar.Publish("memory.allocator", expvar.Func(func() interface{} {
+		return MemStat()
+	}))
+}
diff --git a/vendor/modernc.org/libc/mem_musl.go b/vendor/modernc.org/libc/mem_musl.go
index 1d43cff1e..20f6c18b9 100644
--- a/vendor/modernc.org/libc/mem_musl.go
+++ b/vendor/modernc.org/libc/mem_musl.go
@@ -127,6 +127,25 @@ func UsableSize(p uintptr) Tsize_t {
 	return Tsize_t(memory.UintptrUsableSize(p))
 }
 
+type MemAllocatorStat struct {
+	Allocs int
+	Bytes  int
+	Mmaps  int
+}
+
+// MemStat returns the global memory allocator statistics.
+// should be compiled with the memory.counters build tag for the data to be available.
+func MemStat() MemAllocatorStat {
+	allocatorMu.Lock()
+	defer allocatorMu.Unlock()
+
+	return MemAllocatorStat{
+		Allocs: allocator.Allocs,
+		Bytes:  allocator.Bytes,
+		Mmaps:  allocator.Mmaps,
+	}
+}
+
 // MemAuditStart locks the memory allocator, initializes and enables memory
 // auditing. Finaly it unlocks the memory allocator.
 //
diff --git a/vendor/modernc.org/libc/memgrind.go b/vendor/modernc.org/libc/memgrind.go
index e43357ae7..ccf5d8a3e 100644
--- a/vendor/modernc.org/libc/memgrind.go
+++ b/vendor/modernc.org/libc/memgrind.go
@@ -269,6 +269,17 @@ func UsableSize(p uintptr) types.Size_t {
 	return types.Size_t(memory.UintptrUsableSize(p))
 }
 
+type MemAllocatorStat struct {
+	Allocs int
+	Bytes  int
+	Mmaps  int
+}
+
+// MemStat no-op for this build tag
+func MemStat() MemAllocatorStat {
+	return MemAllocatorStat{}
+}
+
 // MemAuditStart locks the memory allocator, initializes and enables memory
 // auditing. Finally it unlocks the memory allocator.
 //
diff --git a/vendor/modernc.org/libc/memgrind_musl.go b/vendor/modernc.org/libc/memgrind_musl.go
index 1ee38209d..1dc25ef2f 100644
--- a/vendor/modernc.org/libc/memgrind_musl.go
+++ b/vendor/modernc.org/libc/memgrind_musl.go
@@ -269,6 +269,17 @@ func UsableSize(p uintptr) Tsize_t {
 	return Tsize_t(memory.UintptrUsableSize(p))
 }
 
+type MemAllocatorStat struct {
+	Allocs int
+	Bytes  int
+	Mmaps  int
+}
+
+// MemStat no-op for this build tag
+func MemStat() MemAllocatorStat {
+	return MemAllocatorStat{}
+}
+
 func Xmalloc_usable_size(tls *TLS, p uintptr) (r Tsize_t) {
 	return UsableSize(p)
 }
diff --git a/vendor/modernc.org/libc/musl_linux_amd64.go b/vendor/modernc.org/libc/musl_linux_amd64.go
deleted file mode 100644
index 7d40d5f81..000000000
--- a/vendor/modernc.org/libc/musl_linux_amd64.go
+++ /dev/null
@@ -1,7205 +0,0 @@
-// Code generated by 'ccgo -export-externs X -hide __syscall0,__syscall1,__syscall2,__syscall3,__syscall4,__syscall5,__syscall6 -nostdinc -nostdlib -o ../musl_linux_amd64.go -pkgname libc -static-locals-prefix _s -Iarch/x86_64 -Iarch/generic -Iobj/src/internal -Isrc/include -Isrc/internal -Iobj/include -Iinclude copyright.c src/ctype/__ctype_b_loc.c src/ctype/isalnum.c src/ctype/isalpha.c src/ctype/isdigit.c src/ctype/islower.c src/ctype/isprint.c src/ctype/isupper.c src/ctype/isxdigit.c src/dirent/closedir.c src/dirent/opendir.c src/dirent/readdir.c src/internal/floatscan.c src/internal/intscan.c src/internal/shgetc.c src/locale/localeconv.c src/math/__fpclassify.c src/math/__fpclassifyf.c src/math/__fpclassifyl.c src/math/copysignl.c src/math/fabsl.c src/math/fmodl.c src/math/nanf.c src/math/rint.c src/math/scalbn.c src/math/scalbnl.c src/multibyte/internal.c src/multibyte/mbrtowc.c src/multibyte/mbsinit.c src/network/freeaddrinfo.c src/network/getaddrinfo.c src/network/gethostbyaddr.c src/network/gethostbyaddr_r.c src/network/gethostbyname.c src/network/gethostbyname2.c src/network/gethostbyname2_r.c src/network/gethostbyname_r.c src/network/getnameinfo.c src/network/h_errno.c src/network/inet_aton.c src/network/inet_ntop.c src/network/inet_pton.c src/network/lookup_ipliteral.c src/network/lookup_name.c src/network/lookup_serv.c src/prng/rand_r.c src/stdio/__lockfile.c src/stdio/__toread.c src/stdio/__uflow.c src/stdio/sscanf.c src/stdio/vfscanf.c src/stdio/vsscanf.c src/stdlib/bsearch.c src/stdlib/strtod.c src/stdlib/strtol.c src/string/strdup.c src/string/strlcat.c src/string/strlcpy.c src/string/strncasecmp.c src/string/strncat.c src/string/strnlen.c src/string/strspn.c src/string/strtok.c src/thread/pthread_attr_get.c src/thread/pthread_attr_setdetachstate.c src/thread/pthread_mutex_lock.c src/thread/pthread_mutexattr_destroy.c src/thread/pthread_mutexattr_init.c src/thread/pthread_mutexattr_settype.c', DO NOT EDIT.
-
-//go:build !(linux && amd64)
-
-package libc
-
-import (
-	"math"
-	"reflect"
-	"sync/atomic"
-	"unsafe"
-)
-
-var _ = math.Pi
-var _ reflect.Kind
-var _ atomic.Value
-var _ unsafe.Pointer
-
-// musl as a whole is licensed under the following standard MIT license:
-//
-// ----------------------------------------------------------------------
-// Copyright © 2005-2020 Rich Felker, et al.
-//
-// Permission is hereby granted, free of charge, to any person obtaining
-// a copy of this software and associated documentation files (the
-// "Software"), to deal in the Software without restriction, including
-// without limitation the rights to use, copy, modify, merge, publish,
-// distribute, sublicense, and/or sell copies of the Software, and to
-// permit persons to whom the Software is furnished to do so, subject to
-// the following conditions:
-//
-// The above copyright notice and this permission notice shall be
-// included in all copies or substantial portions of the Software.
-//
-// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
-// IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
-// CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
-// TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
-// SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-// ----------------------------------------------------------------------
-//
-// Authors/contributors include:
-//
-// A. Wilcox
-// Ada Worcester
-// Alex Dowad
-// Alex Suykov
-// Alexander Monakov
-// Andre McCurdy
-// Andrew Kelley
-// Anthony G. Basile
-// Aric Belsito
-// Arvid Picciani
-// Bartosz Brachaczek
-// Benjamin Peterson
-// Bobby Bingham
-// Boris Brezillon
-// Brent Cook
-// Chris Spiegel
-// Clément Vasseur
-// Daniel Micay
-// Daniel Sabogal
-// Daurnimator
-// David Carlier
-// David Edelsohn
-// Denys Vlasenko
-// Dmitry Ivanov
-// Dmitry V. Levin
-// Drew DeVault
-// Emil Renner Berthing
-// Fangrui Song
-// Felix Fietkau
-// Felix Janda
-// Gianluca Anzolin
-// Hauke Mehrtens
-// He X
-// Hiltjo Posthuma
-// Isaac Dunham
-// Jaydeep Patil
-// Jens Gustedt
-// Jeremy Huntwork
-// Jo-Philipp Wich
-// Joakim Sindholt
-// John Spencer
-// Julien Ramseier
-// Justin Cormack
-// Kaarle Ritvanen
-// Khem Raj
-// Kylie McClain
-// Leah Neukirchen
-// Luca Barbato
-// Luka Perkov
-// M Farkas-Dyck (Strake)
-// Mahesh Bodapati
-// Markus Wichmann
-// Masanori Ogino
-// Michael Clark
-// Michael Forney
-// Mikhail Kremnyov
-// Natanael Copa
-// Nicholas J. Kain
-// orc
-// Pascal Cuoq
-// Patrick Oppenlander
-// Petr Hosek
-// Petr Skocik
-// Pierre Carrier
-// Reini Urban
-// Rich Felker
-// Richard Pennington
-// Ryan Fairfax
-// Samuel Holland
-// Segev Finer
-// Shiz
-// sin
-// Solar Designer
-// Stefan Kristiansson
-// Stefan O'Rear
-// Szabolcs Nagy
-// Timo Teräs
-// Trutz Behn
-// Valentin Ochs
-// Will Dietz
-// William Haddon
-// William Pitcock
-//
-// Portions of this software are derived from third-party works licensed
-// under terms compatible with the above MIT license:
-//
-// The TRE regular expression implementation (src/regex/reg* and
-// src/regex/tre*) is Copyright © 2001-2008 Ville Laurikari and licensed
-// under a 2-clause BSD license (license text in the source files). The
-// included version has been heavily modified by Rich Felker in 2012, in
-// the interests of size, simplicity, and namespace cleanliness.
-//
-// Much of the math library code (src/math/* and src/complex/*) is
-// Copyright © 1993,2004 Sun Microsystems or
-// Copyright © 2003-2011 David Schultz or
-// Copyright © 2003-2009 Steven G. Kargl or
-// Copyright © 2003-2009 Bruce D. Evans or
-// Copyright © 2008 Stephen L. Moshier or
-// Copyright © 2017-2018 Arm Limited
-// and labelled as such in comments in the individual source files. All
-// have been licensed under extremely permissive terms.
-//
-// The ARM memcpy code (src/string/arm/memcpy.S) is Copyright © 2008
-// The Android Open Source Project and is licensed under a two-clause BSD
-// license. It was taken from Bionic libc, used on Android.
-//
-// The AArch64 memcpy and memset code (src/string/aarch64/*) are
-// Copyright © 1999-2019, Arm Limited.
-//
-// The implementation of DES for crypt (src/crypt/crypt_des.c) is
-// Copyright © 1994 David Burren. It is licensed under a BSD license.
-//
-// The implementation of blowfish crypt (src/crypt/crypt_blowfish.c) was
-// originally written by Solar Designer and placed into the public
-// domain. The code also comes with a fallback permissive license for use
-// in jurisdictions that may not recognize the public domain.
-//
-// The smoothsort implementation (src/stdlib/qsort.c) is Copyright © 2011
-// Valentin Ochs and is licensed under an MIT-style license.
-//
-// The x86_64 port was written by Nicholas J. Kain and is licensed under
-// the standard MIT terms.
-//
-// The mips and microblaze ports were originally written by Richard
-// Pennington for use in the ellcc project. The original code was adapted
-// by Rich Felker for build system and code conventions during upstream
-// integration. It is licensed under the standard MIT terms.
-//
-// The mips64 port was contributed by Imagination Technologies and is
-// licensed under the standard MIT terms.
-//
-// The powerpc port was also originally written by Richard Pennington,
-// and later supplemented and integrated by John Spencer. It is licensed
-// under the standard MIT terms.
-//
-// All other files which have no copyright comments are original works
-// produced specifically for use as part of this library, written either
-// by Rich Felker, the main author of the library, or by one or more
-// contibutors listed above. Details on authorship of individual files
-// can be found in the git version control history of the project. The
-// omission of copyright and license comments in each file is in the
-// interest of source tree size.
-//
-// In addition, permission is hereby granted for all public header files
-// (include/* and arch/*/bits/*) and crt files intended to be linked into
-// applications (crt/*, ldso/dlstart.c, and arch/*/crt_arch.h) to omit
-// the copyright notice and permission notice otherwise required by the
-// license, and to use these files without any requirement of
-// attribution. These files include substantial contributions from:
-//
-// Bobby Bingham
-// John Spencer
-// Nicholas J. Kain
-// Rich Felker
-// Richard Pennington
-// Stefan Kristiansson
-// Szabolcs Nagy
-//
-// all of whom have explicitly granted such permission.
-//
-// This file previously contained text expressing a belief that most of
-// the files covered by the above exception were sufficiently trivial not
-// to be subject to copyright, resulting in confusion over whether it
-// negated the permissions granted in the license. In the spirit of
-// permissive licensing, and of not having licensing issues being an
-// obstacle to adoption, that text has been removed.
-const ( /* copyright.c:194:1: */
-	__musl__copyright__ = 0
-)
-
-const ( /* nameser.h:117:1: */
-	ns_uop_delete = 0
-	ns_uop_add    = 1
-	ns_uop_max    = 2
-)
-
-const ( /* nameser.h:147:1: */
-	ns_t_invalid  = 0
-	ns_t_a        = 1
-	ns_t_ns       = 2
-	ns_t_md       = 3
-	ns_t_mf       = 4
-	ns_t_cname    = 5
-	ns_t_soa      = 6
-	ns_t_mb       = 7
-	ns_t_mg       = 8
-	ns_t_mr       = 9
-	ns_t_null     = 10
-	ns_t_wks      = 11
-	ns_t_ptr      = 12
-	ns_t_hinfo    = 13
-	ns_t_minfo    = 14
-	ns_t_mx       = 15
-	ns_t_txt      = 16
-	ns_t_rp       = 17
-	ns_t_afsdb    = 18
-	ns_t_x25      = 19
-	ns_t_isdn     = 20
-	ns_t_rt       = 21
-	ns_t_nsap     = 22
-	ns_t_nsap_ptr = 23
-	ns_t_sig      = 24
-	ns_t_key      = 25
-	ns_t_px       = 26
-	ns_t_gpos     = 27
-	ns_t_aaaa     = 28
-	ns_t_loc      = 29
-	ns_t_nxt      = 30
-	ns_t_eid      = 31
-	ns_t_nimloc   = 32
-	ns_t_srv      = 33
-	ns_t_atma     = 34
-	ns_t_naptr    = 35
-	ns_t_kx       = 36
-	ns_t_cert     = 37
-	ns_t_a6       = 38
-	ns_t_dname    = 39
-	ns_t_sink     = 40
-	ns_t_opt      = 41
-	ns_t_apl      = 42
-	ns_t_tkey     = 249
-	ns_t_tsig     = 250
-	ns_t_ixfr     = 251
-	ns_t_axfr     = 252
-	ns_t_mailb    = 253
-	ns_t_maila    = 254
-	ns_t_any      = 255
-	ns_t_zxfr     = 256
-	ns_t_max      = 65536
-)
-
-const ( /* nameser.h:210:1: */
-	ns_c_invalid = 0
-	ns_c_in      = 1
-	ns_c_2       = 2
-	ns_c_chaos   = 3
-	ns_c_hs      = 4
-	ns_c_none    = 254
-	ns_c_any     = 255
-	ns_c_max     = 65536
-)
-
-const ( /* nameser.h:221:1: */
-	ns_kt_rsa     = 1
-	ns_kt_dh      = 2
-	ns_kt_dsa     = 3
-	ns_kt_private = 254
-)
-
-const ( /* nameser.h:228:1: */
-	cert_t_pkix = 1
-	cert_t_spki = 2
-	cert_t_pgp  = 3
-	cert_t_url  = 253
-	cert_t_oid  = 254
-)
-
-const ( /* nameser.h:28:1: */
-	ns_s_qd  = 0
-	ns_s_zn  = 0
-	ns_s_an  = 1
-	ns_s_pr  = 1
-	ns_s_ns  = 2
-	ns_s_ud  = 2
-	ns_s_ar  = 3
-	ns_s_max = 4
-)
-
-const ( /* nameser.h:75:1: */
-	ns_f_qr     = 0
-	ns_f_opcode = 1
-	ns_f_aa     = 2
-	ns_f_tc     = 3
-	ns_f_rd     = 4
-	ns_f_ra     = 5
-	ns_f_z      = 6
-	ns_f_ad     = 7
-	ns_f_cd     = 8
-	ns_f_rcode  = 9
-	ns_f_max    = 10
-)
-
-const ( /* nameser.h:89:1: */
-	ns_o_query  = 0
-	ns_o_iquery = 1
-	ns_o_status = 2
-	ns_o_notify = 4
-	ns_o_update = 5
-	ns_o_max    = 6
-)
-
-const ( /* nameser.h:98:1: */
-	ns_r_noerror  = 0
-	ns_r_formerr  = 1
-	ns_r_servfail = 2
-	ns_r_nxdomain = 3
-	ns_r_notimpl  = 4
-	ns_r_refused  = 5
-	ns_r_yxdomain = 6
-	ns_r_yxrrset  = 7
-	ns_r_nxrrset  = 8
-	ns_r_notauth  = 9
-	ns_r_notzone  = 10
-	ns_r_max      = 11
-	ns_r_badvers  = 16
-	ns_r_badsig   = 16
-	ns_r_badkey   = 17
-	ns_r_badtime  = 18
-)
-
-const ( /* pthread_impl.h:58:1: */
-	DT_EXITING  = 0
-	DT_JOINABLE = 1
-	DT_DETACHED = 2
-)
-
-type ptrdiff_t = int64 /* <builtin>:3:26 */
-
-type size_t = uint64 /* <builtin>:9:23 */
-
-type wchar_t = int32 /* <builtin>:15:24 */
-
-type uint16_t = uint16 /* alltypes.h:126:25 */
-
-type uint32_t = uint32 /* alltypes.h:131:25 */
-
-type uint64_t = uint64 /* alltypes.h:136:25 */
-
-func __bswap32(tls *TLS, __x uint32_t) uint32_t { /* endian.h:24:26: */
-	return __x>>24 | __x>>8&uint32_t(0xff00) | __x<<8&uint32_t(0xff0000) | __x<<24
-}
-
-var table = [384]uint16{
-	uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0),
-	uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0),
-	uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0),
-	uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0),
-	uint16((0x200/256 | 0x200*256) % 65536), uint16((0x200/256 | 0x200*256) % 65536), uint16((0x200/256 | 0x200*256) % 65536), uint16((0x200/256 | 0x200*256) % 65536), uint16((0x200/256 | 0x200*256) % 65536), uint16((0x200/256 | 0x200*256) % 65536), uint16((0x200/256 | 0x200*256) % 65536), uint16((0x200/256 | 0x200*256) % 65536),
-	uint16((0x200/256 | 0x200*256) % 65536), uint16((0x320/256 | 0x320*256) % 65536), uint16((0x220/256 | 0x220*256) % 65536), uint16((0x220/256 | 0x220*256) % 65536), uint16((0x220/256 | 0x220*256) % 65536), uint16((0x220/256 | 0x220*256) % 65536), uint16((0x200/256 | 0x200*256) % 65536), uint16((0x200/256 | 0x200*256) % 65536),
-	uint16((0x200/256 | 0x200*256) % 65536), uint16((0x200/256 | 0x200*256) % 65536), uint16((0x200/256 | 0x200*256) % 65536), uint16((0x200/256 | 0x200*256) % 65536), uint16((0x200/256 | 0x200*256) % 65536), uint16((0x200/256 | 0x200*256) % 65536), uint16((0x200/256 | 0x200*256) % 65536), uint16((0x200/256 | 0x200*256) % 65536),
-	uint16((0x200/256 | 0x200*256) % 65536), uint16((0x200/256 | 0x200*256) % 65536), uint16((0x200/256 | 0x200*256) % 65536), uint16((0x200/256 | 0x200*256) % 65536), uint16((0x200/256 | 0x200*256) % 65536), uint16((0x200/256 | 0x200*256) % 65536), uint16((0x200/256 | 0x200*256) % 65536), uint16((0x200/256 | 0x200*256) % 65536),
-	uint16((0x160/256 | 0x160*256) % 65536), uint16((0x4c0/256 | 0x4c0*256) % 65536), uint16((0x4c0/256 | 0x4c0*256) % 65536), uint16((0x4c0/256 | 0x4c0*256) % 65536), uint16((0x4c0/256 | 0x4c0*256) % 65536), uint16((0x4c0/256 | 0x4c0*256) % 65536), uint16((0x4c0/256 | 0x4c0*256) % 65536), uint16((0x4c0/256 | 0x4c0*256) % 65536),
-	uint16((0x4c0/256 | 0x4c0*256) % 65536), uint16((0x4c0/256 | 0x4c0*256) % 65536), uint16((0x4c0/256 | 0x4c0*256) % 65536), uint16((0x4c0/256 | 0x4c0*256) % 65536), uint16((0x4c0/256 | 0x4c0*256) % 65536), uint16((0x4c0/256 | 0x4c0*256) % 65536), uint16((0x4c0/256 | 0x4c0*256) % 65536), uint16((0x4c0/256 | 0x4c0*256) % 65536),
-	uint16((0x8d8/256 | 0x8d8*256) % 65536), uint16((0x8d8/256 | 0x8d8*256) % 65536), uint16((0x8d8/256 | 0x8d8*256) % 65536), uint16((0x8d8/256 | 0x8d8*256) % 65536), uint16((0x8d8/256 | 0x8d8*256) % 65536), uint16((0x8d8/256 | 0x8d8*256) % 65536), uint16((0x8d8/256 | 0x8d8*256) % 65536), uint16((0x8d8/256 | 0x8d8*256) % 65536),
-	uint16((0x8d8/256 | 0x8d8*256) % 65536), uint16((0x8d8/256 | 0x8d8*256) % 65536), uint16((0x4c0/256 | 0x4c0*256) % 65536), uint16((0x4c0/256 | 0x4c0*256) % 65536), uint16((0x4c0/256 | 0x4c0*256) % 65536), uint16((0x4c0/256 | 0x4c0*256) % 65536), uint16((0x4c0/256 | 0x4c0*256) % 65536), uint16((0x4c0/256 | 0x4c0*256) % 65536),
-	uint16((0x4c0/256 | 0x4c0*256) % 65536), uint16((0x8d5/256 | 0x8d5*256) % 65536), uint16((0x8d5/256 | 0x8d5*256) % 65536), uint16((0x8d5/256 | 0x8d5*256) % 65536), uint16((0x8d5/256 | 0x8d5*256) % 65536), uint16((0x8d5/256 | 0x8d5*256) % 65536), uint16((0x8d5/256 | 0x8d5*256) % 65536), uint16((0x8c5/256 | 0x8c5*256) % 65536),
-	uint16((0x8c5/256 | 0x8c5*256) % 65536), uint16((0x8c5/256 | 0x8c5*256) % 65536), uint16((0x8c5/256 | 0x8c5*256) % 65536), uint16((0x8c5/256 | 0x8c5*256) % 65536), uint16((0x8c5/256 | 0x8c5*256) % 65536), uint16((0x8c5/256 | 0x8c5*256) % 65536), uint16((0x8c5/256 | 0x8c5*256) % 65536), uint16((0x8c5/256 | 0x8c5*256) % 65536),
-	uint16((0x8c5/256 | 0x8c5*256) % 65536), uint16((0x8c5/256 | 0x8c5*256) % 65536), uint16((0x8c5/256 | 0x8c5*256) % 65536), uint16((0x8c5/256 | 0x8c5*256) % 65536), uint16((0x8c5/256 | 0x8c5*256) % 65536), uint16((0x8c5/256 | 0x8c5*256) % 65536), uint16((0x8c5/256 | 0x8c5*256) % 65536), uint16((0x8c5/256 | 0x8c5*256) % 65536),
-	uint16((0x8c5/256 | 0x8c5*256) % 65536), uint16((0x8c5/256 | 0x8c5*256) % 65536), uint16((0x8c5/256 | 0x8c5*256) % 65536), uint16((0x4c0/256 | 0x4c0*256) % 65536), uint16((0x4c0/256 | 0x4c0*256) % 65536), uint16((0x4c0/256 | 0x4c0*256) % 65536), uint16((0x4c0/256 | 0x4c0*256) % 65536), uint16((0x4c0/256 | 0x4c0*256) % 65536),
-	uint16((0x4c0/256 | 0x4c0*256) % 65536), uint16((0x8d6/256 | 0x8d6*256) % 65536), uint16((0x8d6/256 | 0x8d6*256) % 65536), uint16((0x8d6/256 | 0x8d6*256) % 65536), uint16((0x8d6/256 | 0x8d6*256) % 65536), uint16((0x8d6/256 | 0x8d6*256) % 65536), uint16((0x8d6/256 | 0x8d6*256) % 65536), uint16((0x8c6/256 | 0x8c6*256) % 65536),
-	uint16((0x8c6/256 | 0x8c6*256) % 65536), uint16((0x8c6/256 | 0x8c6*256) % 65536), uint16((0x8c6/256 | 0x8c6*256) % 65536), uint16((0x8c6/256 | 0x8c6*256) % 65536), uint16((0x8c6/256 | 0x8c6*256) % 65536), uint16((0x8c6/256 | 0x8c6*256) % 65536), uint16((0x8c6/256 | 0x8c6*256) % 65536), uint16((0x8c6/256 | 0x8c6*256) % 65536),
-	uint16((0x8c6/256 | 0x8c6*256) % 65536), uint16((0x8c6/256 | 0x8c6*256) % 65536), uint16((0x8c6/256 | 0x8c6*256) % 65536), uint16((0x8c6/256 | 0x8c6*256) % 65536), uint16((0x8c6/256 | 0x8c6*256) % 65536), uint16((0x8c6/256 | 0x8c6*256) % 65536), uint16((0x8c6/256 | 0x8c6*256) % 65536), uint16((0x8c6/256 | 0x8c6*256) % 65536),
-	uint16((0x8c6/256 | 0x8c6*256) % 65536), uint16((0x8c6/256 | 0x8c6*256) % 65536), uint16((0x8c6/256 | 0x8c6*256) % 65536), uint16((0x4c0/256 | 0x4c0*256) % 65536), uint16((0x4c0/256 | 0x4c0*256) % 65536), uint16((0x4c0/256 | 0x4c0*256) % 65536), uint16((0x4c0/256 | 0x4c0*256) % 65536), uint16((0x200/256 | 0x200*256) % 65536),
-	uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0),
-	uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0),
-	uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0),
-	uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0), uint16(0),
-} /* __ctype_b_loc.c:9:29 */
-
-var ptable uintptr = 0 /* __ctype_b_loc.c:36:29 */
-
-func X__ctype_b_loc(tls *TLS) uintptr { /* __ctype_b_loc.c:38:22: */
-	if __ccgo_strace {
-		trc("tls=%v, (%v:)", tls, origin(2))
-	}
-	return uintptr(unsafe.Pointer(&ptable))
-}
-
-func __isspace(tls *TLS, _c int32) int32 { /* ctype.h:26:21: */
-	return Bool32(_c == ' ' || uint32(_c)-uint32('\t') < uint32(5))
-}
-
-type __locale_struct = struct{ cat [6]uintptr } /* alltypes.h:343:9 */
-
-type locale_t = uintptr /* alltypes.h:343:32 */
-
-func Xisalnum(tls *TLS, c int32) int32 { /* isalnum.c:3:5: */
-	if __ccgo_strace {
-		trc("tls=%v c=%v, (%v:)", tls, c, origin(2))
-	}
-	return Bool32(func() int32 {
-		if 0 != 0 {
-			return Xisalpha(tls, c)
-		}
-		return Bool32(uint32(c)|uint32(32)-uint32('a') < uint32(26))
-	}() != 0 || func() int32 {
-		if 0 != 0 {
-			return Xisdigit(tls, c)
-		}
-		return Bool32(uint32(c)-uint32('0') < uint32(10))
-	}() != 0)
-}
-
-func X__isalnum_l(tls *TLS, c int32, l locale_t) int32 { /* isalnum.c:8:5: */
-	if __ccgo_strace {
-		trc("tls=%v c=%v l=%v, (%v:)", tls, c, l, origin(2))
-	}
-	return Xisalnum(tls, c)
-}
-
-func Xisalpha(tls *TLS, c int32) int32 { /* isalpha.c:4:5: */
-	if __ccgo_strace {
-		trc("tls=%v c=%v, (%v:)", tls, c, origin(2))
-	}
-	return Bool32(uint32(c)|uint32(32)-uint32('a') < uint32(26))
-}
-
-func X__isalpha_l(tls *TLS, c int32, l locale_t) int32 { /* isalpha.c:9:5: */
-	if __ccgo_strace {
-		trc("tls=%v c=%v l=%v, (%v:)", tls, c, l, origin(2))
-	}
-	return Xisalpha(tls, c)
-}
-
-func Xisdigit(tls *TLS, c int32) int32 { /* isdigit.c:4:5: */
-	if __ccgo_strace {
-		trc("tls=%v c=%v, (%v:)", tls, c, origin(2))
-	}
-	return Bool32(uint32(c)-uint32('0') < uint32(10))
-}
-
-func X__isdigit_l(tls *TLS, c int32, l locale_t) int32 { /* isdigit.c:9:5: */
-	if __ccgo_strace {
-		trc("tls=%v c=%v l=%v, (%v:)", tls, c, l, origin(2))
-	}
-	return Xisdigit(tls, c)
-}
-
-func Xislower(tls *TLS, c int32) int32 { /* islower.c:4:5: */
-	if __ccgo_strace {
-		trc("tls=%v c=%v, (%v:)", tls, c, origin(2))
-	}
-	return Bool32(uint32(c)-uint32('a') < uint32(26))
-}
-
-func X__islower_l(tls *TLS, c int32, l locale_t) int32 { /* islower.c:9:5: */
-	if __ccgo_strace {
-		trc("tls=%v c=%v l=%v, (%v:)", tls, c, l, origin(2))
-	}
-	return Xislower(tls, c)
-}
-
-func Xisprint(tls *TLS, c int32) int32 { /* isprint.c:4:5: */
-	if __ccgo_strace {
-		trc("tls=%v c=%v, (%v:)", tls, c, origin(2))
-	}
-	return Bool32(uint32(c)-uint32(0x20) < uint32(0x5f))
-}
-
-func X__builtin_isprint(tls *TLS, c int32) int32 { /* isprint.c:4:5: */
-	if __ccgo_strace {
-		trc("tls=%v c=%v, (%v:)", tls, c, origin(2))
-	}
-	return Bool32(uint32(c)-uint32(0x20) < uint32(0x5f))
-}
-
-func X__isprint_l(tls *TLS, c int32, l locale_t) int32 { /* isprint.c:9:5: */
-	if __ccgo_strace {
-		trc("tls=%v c=%v l=%v, (%v:)", tls, c, l, origin(2))
-	}
-	return Xisprint(tls, c)
-}
-
-func Xisupper(tls *TLS, c int32) int32 { /* isupper.c:4:5: */
-	if __ccgo_strace {
-		trc("tls=%v c=%v, (%v:)", tls, c, origin(2))
-	}
-	return Bool32(uint32(c)-uint32('A') < uint32(26))
-}
-
-func X__isupper_l(tls *TLS, c int32, l locale_t) int32 { /* isupper.c:9:5: */
-	if __ccgo_strace {
-		trc("tls=%v c=%v l=%v, (%v:)", tls, c, l, origin(2))
-	}
-	return Xisupper(tls, c)
-}
-
-func Xisxdigit(tls *TLS, c int32) int32 { /* isxdigit.c:3:5: */
-	if __ccgo_strace {
-		trc("tls=%v c=%v, (%v:)", tls, c, origin(2))
-	}
-	return Bool32(func() int32 {
-		if 0 != 0 {
-			return Xisdigit(tls, c)
-		}
-		return Bool32(uint32(c)-uint32('0') < uint32(10))
-	}() != 0 || uint32(c)|uint32(32)-uint32('a') < uint32(6))
-}
-
-func X__isxdigit_l(tls *TLS, c int32, l locale_t) int32 { /* isxdigit.c:8:5: */
-	if __ccgo_strace {
-		trc("tls=%v c=%v l=%v, (%v:)", tls, c, l, origin(2))
-	}
-	return Xisxdigit(tls, c)
-}
-
-type off_t = int64 /* alltypes.h:162:16 */
-
-type ino_t = uint64 /* alltypes.h:167:25 */
-
-type dirent = struct {
-	d_ino    ino_t
-	d_off    off_t
-	d_reclen uint16
-	d_type   uint8
-	d_name   [256]int8
-	_        [5]byte
-} /* dirent.h:5:1 */
-
-type __dirstream = struct {
-	tell    off_t
-	fd      int32
-	buf_pos int32
-	buf_end int32
-	lock    [1]int32
-	buf     [2048]int8
-} /* dirent.h:20:9 */
-
-type DIR = __dirstream /* dirent.h:20:28 */
-
-type ssize_t = int64 /* alltypes.h:65:15 */
-
-type intptr_t = int64 /* alltypes.h:70:15 */
-
-type pid_t = int32 /* alltypes.h:235:13 */
-
-type uid_t = uint32 /* alltypes.h:245:18 */
-
-type gid_t = uint32 /* alltypes.h:250:18 */
-
-type useconds_t = uint32 /* alltypes.h:260:18 */
-
-type div_t = struct {
-	quot int32
-	rem  int32
-} /* stdlib.h:62:35 */
-type ldiv_t = struct {
-	quot int64
-	rem  int64
-} /* stdlib.h:63:36 */
-type lldiv_t = struct {
-	quot int64
-	rem  int64
-} /* stdlib.h:64:41 */
-
-func Xclosedir(tls *TLS, dir uintptr) int32 { /* closedir.c:6:5: */
-	if __ccgo_strace {
-		trc("tls=%v dir=%v, (%v:)", tls, dir, origin(2))
-	}
-	var ret int32 = Xclose(tls, (*DIR)(unsafe.Pointer(dir)).fd)
-	Xfree(tls, dir)
-	return ret
-}
-
-type mode_t = uint32 /* alltypes.h:152:18 */
-
-type iovec = struct {
-	iov_base uintptr
-	iov_len  size_t
-} /* alltypes.h:355:1 */
-
-type flock = struct {
-	l_type   int16
-	l_whence int16
-	_        [4]byte
-	l_start  off_t
-	l_len    off_t
-	l_pid    pid_t
-	_        [4]byte
-} /* fcntl.h:24:1 */
-
-type file_handle = struct {
-	_            [0]uint32
-	handle_bytes uint32
-	handle_type  int32
-} /* fcntl.h:167:1 */
-
-type f_owner_ex = struct {
-	__type int32
-	pid    pid_t
-} /* fcntl.h:172:1 */
-
-type syscall_arg_t = int64 /* syscall.h:22:14 */
-
-func Xopendir(tls *TLS, name uintptr) uintptr { /* opendir.c:8:5: */
-	if __ccgo_strace {
-		trc("tls=%v name=%v, (%v:)", tls, name, origin(2))
-	}
-	var fd int32
-	var dir uintptr
-
-	if AssignInt32(&fd, Xopen(tls, name, 00|0200000|02000000, 0)) < 0 {
-		return uintptr(0)
-	}
-	if !(int32(AssignUintptr(&dir, Xcalloc(tls, uint64(1), uint64(unsafe.Sizeof(DIR{}))))) != 0) {
-		X__syscall1(tls, int64(3), int64(fd))
-		return uintptr(0)
-	}
-	(*DIR)(unsafe.Pointer(dir)).fd = fd
-	return dir
-}
-
-type max_align_t = struct {
-	__ll int64
-	__ld float64
-} /* alltypes.h:41:54 */
-
-type dirstream_buf_alignment_check = [1]int8 /* readdir.c:7:14 */
-
-func Xreaddir(tls *TLS, dir uintptr) uintptr { /* readdir.c:10:15: */
-	if __ccgo_strace {
-		trc("tls=%v dir=%v, (%v:)", tls, dir, origin(2))
-	}
-	var de uintptr
-
-	if (*DIR)(unsafe.Pointer(dir)).buf_pos >= (*DIR)(unsafe.Pointer(dir)).buf_end {
-		var len int32 = int32(X__syscall3(tls, int64(217), int64((*DIR)(unsafe.Pointer(dir)).fd), int64(dir+24), int64(unsafe.Sizeof([2048]int8{}))))
-		if len <= 0 {
-			if len < 0 && len != -2 {
-				*(*int32)(unsafe.Pointer(X___errno_location(tls))) = -len
-			}
-			return uintptr(0)
-		}
-		(*DIR)(unsafe.Pointer(dir)).buf_end = len
-		(*DIR)(unsafe.Pointer(dir)).buf_pos = 0
-	}
-	de = dir + 24 + uintptr((*DIR)(unsafe.Pointer(dir)).buf_pos)
-	*(*int32)(unsafe.Pointer(dir + 12)) += int32((*dirent)(unsafe.Pointer(de)).d_reclen)
-	(*DIR)(unsafe.Pointer(dir)).tell = (*dirent)(unsafe.Pointer(de)).d_off
-	return de
-}
-
-type uintptr_t = uint64 /* alltypes.h:55:24 */
-
-type int8_t = int8 /* alltypes.h:96:25 */
-
-type int16_t = int16 /* alltypes.h:101:25 */
-
-type int32_t = int32 /* alltypes.h:106:25 */
-
-type int64_t = int64 /* alltypes.h:111:25 */
-
-type intmax_t = int64 /* alltypes.h:116:25 */
-
-type uint8_t = uint8 /* alltypes.h:121:25 */
-
-type uintmax_t = uint64 /* alltypes.h:146:25 */
-
-type int_fast8_t = int8_t   /* stdint.h:22:16 */
-type int_fast64_t = int64_t /* stdint.h:23:17 */
-
-type int_least8_t = int8_t   /* stdint.h:25:17 */
-type int_least16_t = int16_t /* stdint.h:26:17 */
-type int_least32_t = int32_t /* stdint.h:27:17 */
-type int_least64_t = int64_t /* stdint.h:28:17 */
-
-type uint_fast8_t = uint8_t   /* stdint.h:30:17 */
-type uint_fast64_t = uint64_t /* stdint.h:31:18 */
-
-type uint_least8_t = uint8_t   /* stdint.h:33:18 */
-type uint_least16_t = uint16_t /* stdint.h:34:18 */
-type uint_least32_t = uint32_t /* stdint.h:35:18 */
-type uint_least64_t = uint64_t /* stdint.h:36:18 */
-
-type int_fast16_t = int32_t   /* stdint.h:1:17 */
-type int_fast32_t = int32_t   /* stdint.h:2:17 */
-type uint_fast16_t = uint32_t /* stdint.h:3:18 */
-type uint_fast32_t = uint32_t /* stdint.h:4:18 */
-
-type _IO_FILE = struct {
-	flags        uint32
-	_            [4]byte
-	rpos         uintptr
-	rend         uintptr
-	close        uintptr
-	wend         uintptr
-	wpos         uintptr
-	mustbezero_1 uintptr
-	wbase        uintptr
-	read         uintptr
-	write        uintptr
-	seek         uintptr
-	buf          uintptr
-	buf_size     size_t
-	prev         uintptr
-	next         uintptr
-	fd           int32
-	pipe_pid     int32
-	lockcount    int64
-	mode         int32
-	lock         int32
-	lbf          int32
-	_            [4]byte
-	cookie       uintptr
-	off          off_t
-	getln_buf    uintptr
-	mustbezero_2 uintptr
-	shend        uintptr
-	shlim        off_t
-	shcnt        off_t
-	prev_locked  uintptr
-	next_locked  uintptr
-	locale       uintptr
-} /* alltypes.h:320:9 */
-
-type FILE = _IO_FILE /* alltypes.h:320:25 */
-
-type va_list = uintptr /* alltypes.h:326:27 */
-
-type _G_fpos64_t = struct {
-	_        [0]uint64
-	__opaque [16]int8
-} /* stdio.h:54:9 */
-
-type fpos_t = _G_fpos64_t /* stdio.h:58:3 */
-
-type float_t = float32 /* alltypes.h:29:15 */
-
-type double_t = float64 /* alltypes.h:34:16 */
-
-func __FLOAT_BITS(tls *TLS, __f float32) uint32 { /* math.h:55:26: */
-	bp := tls.Alloc(4)
-	defer tls.Free(4)
-
-	// var __u struct {__f float32;} at bp, 4
-
-	*(*float32)(unsafe.Pointer(bp)) = __f
-	return *(*uint32)(unsafe.Pointer(bp))
-}
-
-func __DOUBLE_BITS(tls *TLS, __f float64) uint64 { /* math.h:61:36: */
-	bp := tls.Alloc(8)
-	defer tls.Free(8)
-
-	// var __u struct {__f float64;} at bp, 8
-
-	*(*float64)(unsafe.Pointer(bp)) = __f
-	return *(*uint64)(unsafe.Pointer(bp))
-}
-
-type __pthread = struct {
-	self          uintptr
-	dtv           uintptr
-	prev          uintptr
-	next          uintptr
-	sysinfo       uintptr_t
-	canary        uintptr_t
-	canary2       uintptr_t
-	tid           int32
-	errno_val     int32
-	detach_state  int32
-	cancel        int32
-	canceldisable uint8
-	cancelasync   uint8
-	tsd_used      uint8 /* unsigned char tsd_used: 1, unsigned char dlerror_flag: 1 */
-	_             [5]byte
-	map_base      uintptr
-	map_size      size_t
-	stack         uintptr
-	stack_size    size_t
-	guard_size    size_t
-	result        uintptr
-	cancelbuf     uintptr
-	tsd           uintptr
-	robust_list   struct {
-		head    uintptr
-		off     int64
-		pending uintptr
-	}
-	timer_id      int32
-	_             [4]byte
-	locale        locale_t
-	killlock      [1]int32
-	_             [4]byte
-	dlerror_buf   uintptr
-	stdio_locks   uintptr
-	canary_at_end uintptr_t
-	dtv_copy      uintptr
-} /* alltypes.h:273:9 */
-
-func scanexp(tls *TLS, f uintptr, pok int32) int64 { /* floatscan.c:37:18: */
-	var c int32
-	var x int32
-	var y int64
-	var neg int32 = 0
-
-	c = func() int32 {
-		if (*FILE)(unsafe.Pointer(f)).rpos != (*FILE)(unsafe.Pointer(f)).shend {
-			return int32(*(*uint8)(unsafe.Pointer(PostIncUintptr(&(*FILE)(unsafe.Pointer(f)).rpos, 1))))
-		}
-		return X__shgetc(tls, f)
-	}()
-	if c == '+' || c == '-' {
-		neg = Bool32(c == '-')
-		c = func() int32 {
-			if (*FILE)(unsafe.Pointer(f)).rpos != (*FILE)(unsafe.Pointer(f)).shend {
-				return int32(*(*uint8)(unsafe.Pointer(PostIncUintptr(&(*FILE)(unsafe.Pointer(f)).rpos, 1))))
-			}
-			return X__shgetc(tls, f)
-		}()
-		if uint32(c-'0') >= 10 && pok != 0 {
-			if (*FILE)(unsafe.Pointer(f)).shlim >= int64(0) {
-				(*FILE)(unsafe.Pointer(f)).rpos--
-			} else {
-			}
-		}
-	}
-	if uint32(c-'0') >= 10 {
-		if (*FILE)(unsafe.Pointer(f)).shlim >= int64(0) {
-			(*FILE)(unsafe.Pointer(f)).rpos--
-		} else {
-		}
-		return -0x7fffffffffffffff - int64(1)
-	}
-	for x = 0; uint32(c-'0') < 10 && x < 0x7fffffff/10; c = func() int32 {
-		if (*FILE)(unsafe.Pointer(f)).rpos != (*FILE)(unsafe.Pointer(f)).shend {
-			return int32(*(*uint8)(unsafe.Pointer(PostIncUintptr(&(*FILE)(unsafe.Pointer(f)).rpos, 1))))
-		}
-		return X__shgetc(tls, f)
-	}() {
-		x = 10*x + c - '0'
-	}
-	for y = int64(x); uint32(c-'0') < 10 && y < 0x7fffffffffffffff/int64(100); c = func() int32 {
-		if (*FILE)(unsafe.Pointer(f)).rpos != (*FILE)(unsafe.Pointer(f)).shend {
-			return int32(*(*uint8)(unsafe.Pointer(PostIncUintptr(&(*FILE)(unsafe.Pointer(f)).rpos, 1))))
-		}
-		return X__shgetc(tls, f)
-	}() {
-		y = int64(10)*y + int64(c) - int64('0')
-	}
-	for ; uint32(c-'0') < 10; c = func() int32 {
-		if (*FILE)(unsafe.Pointer(f)).rpos != (*FILE)(unsafe.Pointer(f)).shend {
-			return int32(*(*uint8)(unsafe.Pointer(PostIncUintptr(&(*FILE)(unsafe.Pointer(f)).rpos, 1))))
-		}
-		return X__shgetc(tls, f)
-	}() {
-	}
-	if (*FILE)(unsafe.Pointer(f)).shlim >= int64(0) {
-		(*FILE)(unsafe.Pointer(f)).rpos--
-	} else {
-	}
-	if neg != 0 {
-		return -y
-	}
-	return y
-}
-
-func decfloat(tls *TLS, f uintptr, c int32, bits int32, emin int32, sign int32, pok int32) float64 { /* floatscan.c:64:20: */
-	bp := tls.Alloc(512)
-	defer tls.Free(512)
-
-	// var x [128]uint32_t at bp, 512
-
-	var i int32
-	var j int32
-	var k int32
-	var a int32
-	var z int32
-	var lrp int64 = int64(0)
-	var dc int64 = int64(0)
-	var e10 int64 = int64(0)
-	var lnz int32 = 0
-	var gotdig int32 = 0
-	var gotrad int32 = 0
-	var rp int32
-	var e2 int32
-	var emax int32 = -emin - bits + 3
-	var denormal int32 = 0
-	var y float64
-	var frac float64 = float64(0)
-	var bias float64 = float64(0)
-
-	j = 0
-	k = 0
-
-	// Don't let leading zeros consume buffer space
-	for ; c == '0'; c = func() int32 {
-		if (*FILE)(unsafe.Pointer(f)).rpos != (*FILE)(unsafe.Pointer(f)).shend {
-			return int32(*(*uint8)(unsafe.Pointer(PostIncUintptr(&(*FILE)(unsafe.Pointer(f)).rpos, 1))))
-		}
-		return X__shgetc(tls, f)
-	}() {
-		gotdig = 1
-	}
-	if c == '.' {
-		gotrad = 1
-		for c = func() int32 {
-			if (*FILE)(unsafe.Pointer(f)).rpos != (*FILE)(unsafe.Pointer(f)).shend {
-				return int32(*(*uint8)(unsafe.Pointer(PostIncUintptr(&(*FILE)(unsafe.Pointer(f)).rpos, 1))))
-			}
-			return X__shgetc(tls, f)
-		}(); c == '0'; c = func() int32 {
-			if (*FILE)(unsafe.Pointer(f)).rpos != (*FILE)(unsafe.Pointer(f)).shend {
-				return int32(*(*uint8)(unsafe.Pointer(PostIncUintptr(&(*FILE)(unsafe.Pointer(f)).rpos, 1))))
-			}
-			return X__shgetc(tls, f)
-		}() {
-			gotdig = 1
-			lrp--
-		}
-	}
-
-	*(*uint32_t)(unsafe.Pointer(bp)) = uint32_t(0)
-	for ; uint32(c-'0') < 10 || c == '.'; c = func() int32 {
-		if (*FILE)(unsafe.Pointer(f)).rpos != (*FILE)(unsafe.Pointer(f)).shend {
-			return int32(*(*uint8)(unsafe.Pointer(PostIncUintptr(&(*FILE)(unsafe.Pointer(f)).rpos, 1))))
-		}
-		return X__shgetc(tls, f)
-	}() {
-		if c == '.' {
-			if gotrad != 0 {
-				break
-			}
-			gotrad = 1
-			lrp = dc
-		} else if k < 128-3 {
-			dc++
-			if c != '0' {
-				lnz = int32(dc)
-			}
-			if j != 0 {
-				*(*uint32_t)(unsafe.Pointer(bp + uintptr(k)*4)) = *(*uint32_t)(unsafe.Pointer(bp + uintptr(k)*4))*uint32_t(10) + uint32_t(c) - uint32_t('0')
-			} else {
-				*(*uint32_t)(unsafe.Pointer(bp + uintptr(k)*4)) = uint32_t(c - '0')
-			}
-			if PreIncInt32(&j, 1) == 9 {
-				k++
-				j = 0
-			}
-			gotdig = 1
-		} else {
-			dc++
-			if c != '0' {
-				lnz = (128 - 4) * 9
-				*(*uint32_t)(unsafe.Pointer(bp + 124*4)) |= uint32_t(1)
-			}
-		}
-	}
-	if !(gotrad != 0) {
-		lrp = dc
-	}
-
-	if gotdig != 0 && c|32 == 'e' {
-		e10 = scanexp(tls, f, pok)
-		if e10 == -0x7fffffffffffffff-int64(1) {
-			if pok != 0 {
-				if (*FILE)(unsafe.Pointer(f)).shlim >= int64(0) {
-					(*FILE)(unsafe.Pointer(f)).rpos--
-				} else {
-				}
-			} else {
-				X__shlim(tls, f, int64(0))
-				return float64(0)
-			}
-			e10 = int64(0)
-		}
-		lrp = lrp + e10
-	} else if c >= 0 {
-		if (*FILE)(unsafe.Pointer(f)).shlim >= int64(0) {
-			(*FILE)(unsafe.Pointer(f)).rpos--
-		} else {
-		}
-	}
-	if !(gotdig != 0) {
-		*(*int32)(unsafe.Pointer(X___errno_location(tls))) = 22
-		X__shlim(tls, f, int64(0))
-		return float64(0)
-	}
-
-	// Handle zero specially to avoid nasty special cases later
-	if !(int32(*(*uint32_t)(unsafe.Pointer(bp))) != 0) {
-		return float64(sign) * 0.0
-	}
-
-	// Optimize small integers (w/no exponent) and over/under-flow
-	if lrp == dc && dc < int64(10) && (bits > 30 || *(*uint32_t)(unsafe.Pointer(bp))>>bits == uint32_t(0)) {
-		return float64(sign) * float64(*(*uint32_t)(unsafe.Pointer(bp)))
-	}
-	if lrp > int64(-emin/2) {
-		*(*int32)(unsafe.Pointer(X___errno_location(tls))) = 34
-		return float64(sign) * 1.79769313486231570815e+308 * 1.79769313486231570815e+308
-	}
-	if lrp < int64(emin-2*53) {
-		*(*int32)(unsafe.Pointer(X___errno_location(tls))) = 34
-		return float64(sign) * 2.22507385850720138309e-308 * 2.22507385850720138309e-308
-	}
-
-	// Align incomplete final B1B digit
-	if j != 0 {
-		for ; j < 9; j++ {
-			*(*uint32_t)(unsafe.Pointer(bp + uintptr(k)*4)) *= uint32_t(10)
-		}
-		k++
-		j = 0
-	}
-
-	a = 0
-	z = k
-	e2 = 0
-	rp = int32(lrp)
-
-	// Optimize small to mid-size integers (even in exp. notation)
-	if lnz < 9 && lnz <= rp && rp < 18 {
-		if rp == 9 {
-			return float64(sign) * float64(*(*uint32_t)(unsafe.Pointer(bp)))
-		}
-		if rp < 9 {
-			return float64(sign) * float64(*(*uint32_t)(unsafe.Pointer(bp))) / float64(_sp10s[8-rp])
-		}
-		var bitlim int32 = bits - 3*(rp-9)
-		if bitlim > 30 || *(*uint32_t)(unsafe.Pointer(bp))>>bitlim == uint32_t(0) {
-			return float64(sign) * float64(*(*uint32_t)(unsafe.Pointer(bp))) * float64(_sp10s[rp-10])
-		}
-	}
-
-	// Drop trailing zeros
-	for ; !(int32(*(*uint32_t)(unsafe.Pointer(bp + uintptr(z-1)*4))) != 0); z-- {
-	}
-
-	// Align radix point to B1B digit boundary
-	if rp%9 != 0 {
-		var rpm9 int32
-		if rp >= 0 {
-			rpm9 = rp % 9
-		} else {
-			rpm9 = rp%9 + 9
-		}
-		var p10 int32 = _sp10s[8-rpm9]
-		var carry uint32_t = uint32_t(0)
-		for k = a; k != z; k++ {
-			var tmp uint32_t = *(*uint32_t)(unsafe.Pointer(bp + uintptr(k)*4)) % uint32_t(p10)
-			*(*uint32_t)(unsafe.Pointer(bp + uintptr(k)*4)) = *(*uint32_t)(unsafe.Pointer(bp + uintptr(k)*4))/uint32_t(p10) + carry
-			carry = uint32_t(1000000000/p10) * tmp
-			if k == a && !(int32(*(*uint32_t)(unsafe.Pointer(bp + uintptr(k)*4))) != 0) {
-				a = (a + 1) & (128 - 1)
-				rp = rp - 9
-			}
-		}
-		if carry != 0 {
-			*(*uint32_t)(unsafe.Pointer(bp + uintptr(PostIncInt32(&z, 1))*4)) = carry
-		}
-		rp = rp + (9 - rpm9)
-	}
-
-	// Upscale until desired number of bits are left of radix point
-	for rp < 9*2 || rp == 9*2 && *(*uint32_t)(unsafe.Pointer(bp + uintptr(a)*4)) < _sth[0] {
-		var carry uint32_t = uint32_t(0)
-		e2 = e2 - 29
-		for k = (z - 1) & (128 - 1); ; k = (k - 1) & (128 - 1) {
-			var tmp uint64_t = uint64_t(*(*uint32_t)(unsafe.Pointer(bp + uintptr(k)*4)))<<29 + uint64_t(carry)
-			if tmp > uint64(1000000000) {
-				carry = uint32_t(tmp / uint64(1000000000))
-				*(*uint32_t)(unsafe.Pointer(bp + uintptr(k)*4)) = uint32_t(tmp % uint64(1000000000))
-			} else {
-				carry = uint32_t(0)
-				*(*uint32_t)(unsafe.Pointer(bp + uintptr(k)*4)) = uint32_t(tmp)
-			}
-			if k == (z-1)&(128-1) && k != a && !(int32(*(*uint32_t)(unsafe.Pointer(bp + uintptr(k)*4))) != 0) {
-				z = k
-			}
-			if k == a {
-				break
-			}
-		}
-		if carry != 0 {
-			rp = rp + 9
-			a = (a - 1) & (128 - 1)
-			if a == z {
-				z = (z - 1) & (128 - 1)
-				*(*uint32_t)(unsafe.Pointer(bp + uintptr((z-1)&(128-1))*4)) |= *(*uint32_t)(unsafe.Pointer(bp + uintptr(z)*4))
-			}
-			*(*uint32_t)(unsafe.Pointer(bp + uintptr(a)*4)) = carry
-		}
-	}
-
-	// Downscale until exactly number of bits are left of radix point
-	for {
-		var carry uint32_t = uint32_t(0)
-		var sh int32 = 1
-		for i = 0; i < 2; i++ {
-			k = (a + i) & (128 - 1)
-			if k == z || *(*uint32_t)(unsafe.Pointer(bp + uintptr(k)*4)) < _sth[i] {
-				i = 2
-				break
-			}
-			if *(*uint32_t)(unsafe.Pointer(bp + uintptr((a+i)&(128-1))*4)) > _sth[i] {
-				break
-			}
-		}
-		if i == 2 && rp == 9*2 {
-			break
-		}
-		// FIXME: find a way to compute optimal sh
-		if rp > 9+9*2 {
-			sh = 9
-		}
-		e2 = e2 + sh
-		for k = a; k != z; k = (k + 1) & (128 - 1) {
-			var tmp uint32_t = *(*uint32_t)(unsafe.Pointer(bp + uintptr(k)*4)) & uint32_t(int32(1)<<sh-1)
-			*(*uint32_t)(unsafe.Pointer(bp + uintptr(k)*4)) = *(*uint32_t)(unsafe.Pointer(bp + uintptr(k)*4))>>sh + carry
-			carry = uint32_t(int32(1000000000)>>sh) * tmp
-			if k == a && !(int32(*(*uint32_t)(unsafe.Pointer(bp + uintptr(k)*4))) != 0) {
-				a = (a + 1) & (128 - 1)
-				i--
-				rp = rp - 9
-			}
-		}
-		if carry != 0 {
-			if (z+1)&(128-1) != a {
-				*(*uint32_t)(unsafe.Pointer(bp + uintptr(z)*4)) = carry
-				z = (z + 1) & (128 - 1)
-			} else {
-				*(*uint32_t)(unsafe.Pointer(bp + uintptr((z-1)&(128-1))*4)) |= uint32_t(1)
-			}
-		}
-	}
-
-	// Assemble desired bits into floating point variable
-	for y = float64(AssignInt32(&i, 0)); i < 2; i++ {
-		if (a+i)&(128-1) == z {
-			*(*uint32_t)(unsafe.Pointer(bp + uintptr(AssignInt32(&z, (z+1)&(128-1))-1)*4)) = uint32_t(0)
-		}
-		y = 1000000000.0*y + float64(*(*uint32_t)(unsafe.Pointer(bp + uintptr((a+i)&(128-1))*4)))
-	}
-
-	y = y * float64(sign)
-
-	// Limit precision for denormal results
-	if bits > 53+e2-emin {
-		bits = 53 + e2 - emin
-		if bits < 0 {
-			bits = 0
-		}
-		denormal = 1
-	}
-
-	// Calculate bias term to force rounding, move out lower bits
-	if bits < 53 {
-		bias = Xcopysignl(tls, Xscalbn(tls, float64(1), 2*53-bits-1), y)
-		frac = Xfmodl(tls, y, Xscalbn(tls, float64(1), 53-bits))
-		y = y - frac
-		y = y + bias
-	}
-
-	// Process tail of decimal input so it can affect rounding
-	if (a+i)&(128-1) != z {
-		var t uint32_t = *(*uint32_t)(unsafe.Pointer(bp + uintptr((a+i)&(128-1))*4))
-		if t < uint32_t(500000000) && (t != 0 || (a+i+1)&(128-1) != z) {
-			frac = frac + 0.25*float64(sign)
-		} else if t > uint32_t(500000000) {
-			frac = frac + 0.75*float64(sign)
-		} else if t == uint32_t(500000000) {
-			if (a+i+1)&(128-1) == z {
-				frac = frac + 0.5*float64(sign)
-			} else {
-				frac = frac + 0.75*float64(sign)
-			}
-		}
-		if 53-bits >= 2 && !(Xfmodl(tls, frac, float64(1)) != 0) {
-			frac += 1
-		}
-	}
-
-	y = y + frac
-	y = y - bias
-
-	if (e2+53)&0x7fffffff > emax-5 {
-		if Xfabsl(tls, y) >= float64(float64(2))/2.22044604925031308085e-16 {
-			if denormal != 0 && bits == 53+e2-emin {
-				denormal = 0
-			}
-			y = y * 0.5
-			e2++
-		}
-		if e2+53 > emax || denormal != 0 && frac != 0 {
-			*(*int32)(unsafe.Pointer(X___errno_location(tls))) = 34
-		}
-	}
-
-	return Xscalbnl(tls, y, e2)
-}
-
-var _sth = [2]uint32_t{uint32_t(9007199), uint32_t(254740991)} /* floatscan.c:67:24 */
-var _sp10s = [8]int32{10, 100, 1000, 10000,
-	100000, 1000000, 10000000, 100000000} /* floatscan.c:80:19 */
-
-func hexfloat(tls *TLS, f uintptr, bits int32, emin int32, sign int32, pok int32) float64 { /* floatscan.c:315:20: */
-	var x uint32_t = uint32_t(0)
-	var y float64 = float64(0)
-	var scale float64 = float64(1)
-	var bias float64 = float64(0)
-	var gottail int32 = 0
-	var gotrad int32 = 0
-	var gotdig int32 = 0
-	var rp int64 = int64(0)
-	var dc int64 = int64(0)
-	var e2 int64 = int64(0)
-	var d int32
-	var c int32
-
-	c = func() int32 {
-		if (*FILE)(unsafe.Pointer(f)).rpos != (*FILE)(unsafe.Pointer(f)).shend {
-			return int32(*(*uint8)(unsafe.Pointer(PostIncUintptr(&(*FILE)(unsafe.Pointer(f)).rpos, 1))))
-		}
-		return X__shgetc(tls, f)
-	}()
-
-	// Skip leading zeros
-	for ; c == '0'; c = func() int32 {
-		if (*FILE)(unsafe.Pointer(f)).rpos != (*FILE)(unsafe.Pointer(f)).shend {
-			return int32(*(*uint8)(unsafe.Pointer(PostIncUintptr(&(*FILE)(unsafe.Pointer(f)).rpos, 1))))
-		}
-		return X__shgetc(tls, f)
-	}() {
-		gotdig = 1
-	}
-
-	if c == '.' {
-		gotrad = 1
-		c = func() int32 {
-			if (*FILE)(unsafe.Pointer(f)).rpos != (*FILE)(unsafe.Pointer(f)).shend {
-				return int32(*(*uint8)(unsafe.Pointer(PostIncUintptr(&(*FILE)(unsafe.Pointer(f)).rpos, 1))))
-			}
-			return X__shgetc(tls, f)
-		}()
-		// Count zeros after the radix point before significand
-		rp = int64(0)
-	__1:
-		if !(c == '0') {
-			goto __3
-		}
-		gotdig = 1
-		goto __2
-	__2:
-		c = func() int32 {
-			if (*FILE)(unsafe.Pointer(f)).rpos != (*FILE)(unsafe.Pointer(f)).shend {
-				return int32(*(*uint8)(unsafe.Pointer(PostIncUintptr(&(*FILE)(unsafe.Pointer(f)).rpos, 1))))
-			}
-			return X__shgetc(tls, f)
-		}()
-		rp--
-		goto __1
-		goto __3
-	__3:
-	}
-
-	for ; uint32(c-'0') < 10 || uint32(c|32-'a') < 6 || c == '.'; c = func() int32 {
-		if (*FILE)(unsafe.Pointer(f)).rpos != (*FILE)(unsafe.Pointer(f)).shend {
-			return int32(*(*uint8)(unsafe.Pointer(PostIncUintptr(&(*FILE)(unsafe.Pointer(f)).rpos, 1))))
-		}
-		return X__shgetc(tls, f)
-	}() {
-		if c == '.' {
-			if gotrad != 0 {
-				break
-			}
-			rp = dc
-			gotrad = 1
-		} else {
-			gotdig = 1
-			if c > '9' {
-				d = c | 32 + 10 - 'a'
-			} else {
-				d = c - '0'
-			}
-			if dc < int64(8) {
-				x = x*uint32_t(16) + uint32_t(d)
-			} else if dc < int64(53/4+1) {
-				y = y + float64(d)*AssignDivFloat64(&scale, float64(16))
-			} else if d != 0 && !(gottail != 0) {
-				y = y + 0.5*scale
-				gottail = 1
-			}
-			dc++
-		}
-	}
-	if !(gotdig != 0) {
-		if (*FILE)(unsafe.Pointer(f)).shlim >= int64(0) {
-			(*FILE)(unsafe.Pointer(f)).rpos--
-		} else {
-		}
-		if pok != 0 {
-			if (*FILE)(unsafe.Pointer(f)).shlim >= int64(0) {
-				(*FILE)(unsafe.Pointer(f)).rpos--
-			} else {
-			}
-			if gotrad != 0 {
-				if (*FILE)(unsafe.Pointer(f)).shlim >= int64(0) {
-					(*FILE)(unsafe.Pointer(f)).rpos--
-				} else {
-				}
-			}
-		} else {
-			X__shlim(tls, f, int64(0))
-		}
-		return float64(sign) * 0.0
-	}
-	if !(gotrad != 0) {
-		rp = dc
-	}
-	for dc < int64(8) {
-		x = x * uint32_t(16)
-		dc++
-	}
-	if c|32 == 'p' {
-		e2 = scanexp(tls, f, pok)
-		if e2 == -0x7fffffffffffffff-int64(1) {
-			if pok != 0 {
-				if (*FILE)(unsafe.Pointer(f)).shlim >= int64(0) {
-					(*FILE)(unsafe.Pointer(f)).rpos--
-				} else {
-				}
-			} else {
-				X__shlim(tls, f, int64(0))
-				return float64(0)
-			}
-			e2 = int64(0)
-		}
-	} else {
-		if (*FILE)(unsafe.Pointer(f)).shlim >= int64(0) {
-			(*FILE)(unsafe.Pointer(f)).rpos--
-		} else {
-		}
-	}
-	e2 = e2 + (int64(4)*rp - int64(32))
-
-	if !(x != 0) {
-		return float64(sign) * 0.0
-	}
-	if e2 > int64(-emin) {
-		*(*int32)(unsafe.Pointer(X___errno_location(tls))) = 34
-		return float64(sign) * 1.79769313486231570815e+308 * 1.79769313486231570815e+308
-	}
-	if e2 < int64(emin-2*53) {
-		*(*int32)(unsafe.Pointer(X___errno_location(tls))) = 34
-		return float64(sign) * 2.22507385850720138309e-308 * 2.22507385850720138309e-308
-	}
-
-	for x < 0x80000000 {
-		if y >= 0.5 {
-			x = x + (x + uint32_t(1))
-			y = y + (y - float64(1))
-		} else {
-			x = x + x
-			y = y + y
-		}
-		e2--
-	}
-
-	if int64(bits) > int64(32)+e2-int64(emin) {
-		bits = int32(int64(32) + e2 - int64(emin))
-		if bits < 0 {
-			bits = 0
-		}
-	}
-
-	if bits < 53 {
-		bias = Xcopysignl(tls, Xscalbn(tls, float64(1), 32+53-bits-1), float64(sign))
-	}
-
-	if bits < 32 && y != 0 && !(x&uint32_t(1) != 0) {
-		x++
-		y = float64(0)
-	}
-
-	y = bias + float64(sign)*float64(x) + float64(sign)*y
-	y = y - bias
-
-	if !(y != 0) {
-		*(*int32)(unsafe.Pointer(X___errno_location(tls))) = 34
-	}
-
-	return Xscalbnl(tls, y, int32(e2))
-}
-
-func X__floatscan(tls *TLS, f uintptr, prec int32, pok int32) float64 { /* floatscan.c:427:13: */
-	if __ccgo_strace {
-		trc("tls=%v f=%v prec=%v pok=%v, (%v:)", tls, f, prec, pok, origin(2))
-	}
-	var sign int32 = 1
-	var i size_t
-	var bits int32
-	var emin int32
-	var c int32
-
-	switch prec {
-	case 0:
-		bits = 24
-		emin = -125 - bits
-		break
-	case 1:
-		bits = 53
-		emin = -1021 - bits
-		break
-	case 2:
-		bits = 53
-		emin = -1021 - bits
-		break
-	default:
-		return float64(0)
-	}
-
-	for __isspace(tls, AssignInt32(&c, func() int32 {
-		if (*FILE)(unsafe.Pointer(f)).rpos != (*FILE)(unsafe.Pointer(f)).shend {
-			return int32(*(*uint8)(unsafe.Pointer(PostIncUintptr(&(*FILE)(unsafe.Pointer(f)).rpos, 1))))
-		}
-		return X__shgetc(tls, f)
-	}())) != 0 {
-	}
-
-	if c == '+' || c == '-' {
-		sign = sign - 2*Bool32(c == '-')
-		c = func() int32 {
-			if (*FILE)(unsafe.Pointer(f)).rpos != (*FILE)(unsafe.Pointer(f)).shend {
-				return int32(*(*uint8)(unsafe.Pointer(PostIncUintptr(&(*FILE)(unsafe.Pointer(f)).rpos, 1))))
-			}
-			return X__shgetc(tls, f)
-		}()
-	}
-
-	for i = uint64(0); i < uint64(8) && c|32 == int32(*(*int8)(unsafe.Pointer(ts /* "infinity" */ + uintptr(i)))); i++ {
-		if i < uint64(7) {
-			c = func() int32 {
-				if (*FILE)(unsafe.Pointer(f)).rpos != (*FILE)(unsafe.Pointer(f)).shend {
-					return int32(*(*uint8)(unsafe.Pointer(PostIncUintptr(&(*FILE)(unsafe.Pointer(f)).rpos, 1))))
-				}
-				return X__shgetc(tls, f)
-			}()
-		}
-	}
-	if i == uint64(3) || i == uint64(8) || i > uint64(3) && pok != 0 {
-		if i != uint64(8) {
-			if (*FILE)(unsafe.Pointer(f)).shlim >= int64(0) {
-				(*FILE)(unsafe.Pointer(f)).rpos--
-			} else {
-			}
-			if pok != 0 {
-				for ; i > uint64(3); i-- {
-					if (*FILE)(unsafe.Pointer(f)).shlim >= int64(0) {
-						(*FILE)(unsafe.Pointer(f)).rpos--
-					} else {
-					}
-				}
-			}
-		}
-		return float64(float32(sign) * X__builtin_inff(tls))
-	}
-	if !(i != 0) {
-		for i = uint64(0); i < uint64(3) && c|32 == int32(*(*int8)(unsafe.Pointer(ts + 9 /* "nan" */ + uintptr(i)))); i++ {
-			if i < uint64(2) {
-				c = func() int32 {
-					if (*FILE)(unsafe.Pointer(f)).rpos != (*FILE)(unsafe.Pointer(f)).shend {
-						return int32(*(*uint8)(unsafe.Pointer(PostIncUintptr(&(*FILE)(unsafe.Pointer(f)).rpos, 1))))
-					}
-					return X__shgetc(tls, f)
-				}()
-			}
-		}
-	}
-	if i == uint64(3) {
-		if func() int32 {
-			if (*FILE)(unsafe.Pointer(f)).rpos != (*FILE)(unsafe.Pointer(f)).shend {
-				return int32(*(*uint8)(unsafe.Pointer(PostIncUintptr(&(*FILE)(unsafe.Pointer(f)).rpos, 1))))
-			}
-			return X__shgetc(tls, f)
-		}() != '(' {
-			if (*FILE)(unsafe.Pointer(f)).shlim >= int64(0) {
-				(*FILE)(unsafe.Pointer(f)).rpos--
-			} else {
-			}
-			return float64(X__builtin_nanf(tls, ts+13))
-		}
-		for i = uint64(1); ; i++ {
-			c = func() int32 {
-				if (*FILE)(unsafe.Pointer(f)).rpos != (*FILE)(unsafe.Pointer(f)).shend {
-					return int32(*(*uint8)(unsafe.Pointer(PostIncUintptr(&(*FILE)(unsafe.Pointer(f)).rpos, 1))))
-				}
-				return X__shgetc(tls, f)
-			}()
-			if uint32(c-'0') < 10 || uint32(c-'A') < 26 || uint32(c-'a') < 26 || c == '_' {
-				continue
-			}
-			if c == ')' {
-				return float64(X__builtin_nanf(tls, ts+13))
-			}
-			if (*FILE)(unsafe.Pointer(f)).shlim >= int64(0) {
-				(*FILE)(unsafe.Pointer(f)).rpos--
-			} else {
-			}
-			if !(pok != 0) {
-				*(*int32)(unsafe.Pointer(X___errno_location(tls))) = 22
-				X__shlim(tls, f, int64(0))
-				return float64(0)
-			}
-			for PostDecUint64(&i, 1) != 0 {
-				if (*FILE)(unsafe.Pointer(f)).shlim >= int64(0) {
-					(*FILE)(unsafe.Pointer(f)).rpos--
-				} else {
-				}
-			}
-			return float64(X__builtin_nanf(tls, ts+13))
-		}
-		return float64(X__builtin_nanf(tls, ts+13))
-	}
-
-	if i != 0 {
-		if (*FILE)(unsafe.Pointer(f)).shlim >= int64(0) {
-			(*FILE)(unsafe.Pointer(f)).rpos--
-		} else {
-		}
-		*(*int32)(unsafe.Pointer(X___errno_location(tls))) = 22
-		X__shlim(tls, f, int64(0))
-		return float64(0)
-	}
-
-	if c == '0' {
-		c = func() int32 {
-			if (*FILE)(unsafe.Pointer(f)).rpos != (*FILE)(unsafe.Pointer(f)).shend {
-				return int32(*(*uint8)(unsafe.Pointer(PostIncUintptr(&(*FILE)(unsafe.Pointer(f)).rpos, 1))))
-			}
-			return X__shgetc(tls, f)
-		}()
-		if c|32 == 'x' {
-			return hexfloat(tls, f, bits, emin, sign, pok)
-		}
-		if (*FILE)(unsafe.Pointer(f)).shlim >= int64(0) {
-			(*FILE)(unsafe.Pointer(f)).rpos--
-		} else {
-		}
-		c = '0'
-	}
-
-	return decfloat(tls, f, c, bits, emin, sign, pok)
-}
-
-// Lookup table for digit values. -1==255>=36 -> invalid
-var table1 = [257]uint8{Uint8FromInt32(-1),
-	Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1),
-	Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1),
-	Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1),
-	uint8(0), uint8(1), uint8(2), uint8(3), uint8(4), uint8(5), uint8(6), uint8(7), uint8(8), uint8(9), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1),
-	Uint8FromInt32(-1), uint8(10), uint8(11), uint8(12), uint8(13), uint8(14), uint8(15), uint8(16), uint8(17), uint8(18), uint8(19), uint8(20), uint8(21), uint8(22), uint8(23), uint8(24),
-	uint8(25), uint8(26), uint8(27), uint8(28), uint8(29), uint8(30), uint8(31), uint8(32), uint8(33), uint8(34), uint8(35), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1),
-	Uint8FromInt32(-1), uint8(10), uint8(11), uint8(12), uint8(13), uint8(14), uint8(15), uint8(16), uint8(17), uint8(18), uint8(19), uint8(20), uint8(21), uint8(22), uint8(23), uint8(24),
-	uint8(25), uint8(26), uint8(27), uint8(28), uint8(29), uint8(30), uint8(31), uint8(32), uint8(33), uint8(34), uint8(35), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1),
-	Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1),
-	Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1),
-	Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1),
-	Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1),
-	Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1),
-	Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1),
-	Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1),
-	Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1), Uint8FromInt32(-1),
-} /* intscan.c:7:28 */
-
-func X__intscan(tls *TLS, f uintptr, base uint32, pok int32, lim uint64) uint64 { /* intscan.c:26:20: */
-	if __ccgo_strace {
-		trc("tls=%v f=%v base=%v pok=%v lim=%v, (%v:)", tls, f, base, pok, lim, origin(2))
-	}
-	var val uintptr
-	var c int32
-	var neg int32
-	var x uint32
-	var y uint64
-	var bs int32
-	val = uintptr(unsafe.Pointer(&table1)) + uintptr(1)
-	neg = 0
-	if !(base > uint32(36) || base == uint32(1)) {
-		goto __1
-	}
-	*(*int32)(unsafe.Pointer(X___errno_location(tls))) = 22
-	return uint64(0)
-__1:
-	;
-__2:
-	if !(__isspace(tls, AssignInt32(&c, func() int32 {
-		if (*FILE)(unsafe.Pointer(f)).rpos != (*FILE)(unsafe.Pointer(f)).shend {
-			return int32(*(*uint8)(unsafe.Pointer(PostIncUintptr(&(*FILE)(unsafe.Pointer(f)).rpos, 1))))
-		}
-		return X__shgetc(tls, f)
-	}())) != 0) {
-		goto __3
-	}
-	goto __2
-__3:
-	;
-	if !(c == '+' || c == '-') {
-		goto __4
-	}
-	neg = -Bool32(c == '-')
-	c = func() int32 {
-		if (*FILE)(unsafe.Pointer(f)).rpos != (*FILE)(unsafe.Pointer(f)).shend {
-			return int32(*(*uint8)(unsafe.Pointer(PostIncUintptr(&(*FILE)(unsafe.Pointer(f)).rpos, 1))))
-		}
-		return X__shgetc(tls, f)
-	}()
-__4:
-	;
-	if !((base == uint32(0) || base == uint32(16)) && c == '0') {
-		goto __5
-	}
-	c = func() int32 {
-		if (*FILE)(unsafe.Pointer(f)).rpos != (*FILE)(unsafe.Pointer(f)).shend {
-			return int32(*(*uint8)(unsafe.Pointer(PostIncUintptr(&(*FILE)(unsafe.Pointer(f)).rpos, 1))))
-		}
-		return X__shgetc(tls, f)
-	}()
-	if !(c|32 == 'x') {
-		goto __7
-	}
-	c = func() int32 {
-		if (*FILE)(unsafe.Pointer(f)).rpos != (*FILE)(unsafe.Pointer(f)).shend {
-			return int32(*(*uint8)(unsafe.Pointer(PostIncUintptr(&(*FILE)(unsafe.Pointer(f)).rpos, 1))))
-		}
-		return X__shgetc(tls, f)
-	}()
-	if !(int32(*(*uint8)(unsafe.Pointer(val + uintptr(c)))) >= 16) {
-		goto __9
-	}
-	if (*FILE)(unsafe.Pointer(f)).shlim >= int64(0) {
-		(*FILE)(unsafe.Pointer(f)).rpos--
-	} else {
-	}
-	if !(pok != 0) {
-		goto __10
-	}
-	if (*FILE)(unsafe.Pointer(f)).shlim >= int64(0) {
-		(*FILE)(unsafe.Pointer(f)).rpos--
-	} else {
-	}
-	goto __11
-__10:
-	X__shlim(tls, f, int64(0))
-__11:
-	;
-	return uint64(0)
-__9:
-	;
-	base = uint32(16)
-	goto __8
-__7:
-	if !(base == uint32(0)) {
-		goto __12
-	}
-	base = uint32(8)
-__12:
-	;
-__8:
-	;
-	goto __6
-__5:
-	if !(base == uint32(0)) {
-		goto __13
-	}
-	base = uint32(10)
-__13:
-	;
-	if !(uint32(*(*uint8)(unsafe.Pointer(val + uintptr(c)))) >= base) {
-		goto __14
-	}
-	if (*FILE)(unsafe.Pointer(f)).shlim >= int64(0) {
-		(*FILE)(unsafe.Pointer(f)).rpos--
-	} else {
-	}
-	X__shlim(tls, f, int64(0))
-	*(*int32)(unsafe.Pointer(X___errno_location(tls))) = 22
-	return uint64(0)
-__14:
-	;
-__6:
-	;
-	if !(base == uint32(10)) {
-		goto __15
-	}
-	x = uint32(0)
-__17:
-	if !(uint32(c-'0') < 10 && x <= 0xffffffff/uint32(10)-uint32(1)) {
-		goto __19
-	}
-	x = x*uint32(10) + uint32(c-'0')
-	goto __18
-__18:
-	c = func() int32 {
-		if (*FILE)(unsafe.Pointer(f)).rpos != (*FILE)(unsafe.Pointer(f)).shend {
-			return int32(*(*uint8)(unsafe.Pointer(PostIncUintptr(&(*FILE)(unsafe.Pointer(f)).rpos, 1))))
-		}
-		return X__shgetc(tls, f)
-	}()
-	goto __17
-	goto __19
-__19:
-	;
-	y = uint64(x)
-__20:
-	if !(uint32(c-'0') < 10 && y <= (2*uint64(0x7fffffffffffffff)+uint64(1))/uint64(10) && uint64(10)*y <= 2*uint64(0x7fffffffffffffff)+uint64(1)-uint64(c-'0')) {
-		goto __22
-	}
-	y = y*uint64(10) + uint64(c-'0')
-	goto __21
-__21:
-	c = func() int32 {
-		if (*FILE)(unsafe.Pointer(f)).rpos != (*FILE)(unsafe.Pointer(f)).shend {
-			return int32(*(*uint8)(unsafe.Pointer(PostIncUintptr(&(*FILE)(unsafe.Pointer(f)).rpos, 1))))
-		}
-		return X__shgetc(tls, f)
-	}()
-	goto __20
-	goto __22
-__22:
-	;
-	if !(uint32(c-'0') >= 10) {
-		goto __23
-	}
-	goto done
-__23:
-	;
-	goto __16
-__15:
-	if !!(base&(base-uint32(1)) != 0) {
-		goto __24
-	}
-	bs = int32(*(*int8)(unsafe.Pointer(ts + 14 + uintptr(uint32(0x17)*base>>5&uint32(7)))))
-	x = uint32(0)
-__26:
-	if !(uint32(*(*uint8)(unsafe.Pointer(val + uintptr(c)))) < base && x <= 0xffffffff/uint32(32)) {
-		goto __28
-	}
-	x = x<<bs | uint32(*(*uint8)(unsafe.Pointer(val + uintptr(c))))
-	goto __27
-__27:
-	c = func() int32 {
-		if (*FILE)(unsafe.Pointer(f)).rpos != (*FILE)(unsafe.Pointer(f)).shend {
-			return int32(*(*uint8)(unsafe.Pointer(PostIncUintptr(&(*FILE)(unsafe.Pointer(f)).rpos, 1))))
-		}
-		return X__shgetc(tls, f)
-	}()
-	goto __26
-	goto __28
-__28:
-	;
-	y = uint64(x)
-__29:
-	if !(uint32(*(*uint8)(unsafe.Pointer(val + uintptr(c)))) < base && y <= uint64(2*uint64(0x7fffffffffffffff)+uint64(1))>>bs) {
-		goto __31
-	}
-	y = y<<bs | uint64(*(*uint8)(unsafe.Pointer(val + uintptr(c))))
-	goto __30
-__30:
-	c = func() int32 {
-		if (*FILE)(unsafe.Pointer(f)).rpos != (*FILE)(unsafe.Pointer(f)).shend {
-			return int32(*(*uint8)(unsafe.Pointer(PostIncUintptr(&(*FILE)(unsafe.Pointer(f)).rpos, 1))))
-		}
-		return X__shgetc(tls, f)
-	}()
-	goto __29
-	goto __31
-__31:
-	;
-	goto __25
-__24:
-	x = uint32(0)
-__32:
-	if !(uint32(*(*uint8)(unsafe.Pointer(val + uintptr(c)))) < base && x <= 0xffffffff/uint32(36)-uint32(1)) {
-		goto __34
-	}
-	x = x*base + uint32(*(*uint8)(unsafe.Pointer(val + uintptr(c))))
-	goto __33
-__33:
-	c = func() int32 {
-		if (*FILE)(unsafe.Pointer(f)).rpos != (*FILE)(unsafe.Pointer(f)).shend {
-			return int32(*(*uint8)(unsafe.Pointer(PostIncUintptr(&(*FILE)(unsafe.Pointer(f)).rpos, 1))))
-		}
-		return X__shgetc(tls, f)
-	}()
-	goto __32
-	goto __34
-__34:
-	;
-	y = uint64(x)
-__35:
-	if !(uint32(*(*uint8)(unsafe.Pointer(val + uintptr(c)))) < base && y <= (2*uint64(0x7fffffffffffffff)+uint64(1))/uint64(base) && uint64(base)*y <= 2*uint64(0x7fffffffffffffff)+uint64(1)-uint64(*(*uint8)(unsafe.Pointer(val + uintptr(c))))) {
-		goto __37
-	}
-	y = y*uint64(base) + uint64(*(*uint8)(unsafe.Pointer(val + uintptr(c))))
-	goto __36
-__36:
-	c = func() int32 {
-		if (*FILE)(unsafe.Pointer(f)).rpos != (*FILE)(unsafe.Pointer(f)).shend {
-			return int32(*(*uint8)(unsafe.Pointer(PostIncUintptr(&(*FILE)(unsafe.Pointer(f)).rpos, 1))))
-		}
-		return X__shgetc(tls, f)
-	}()
-	goto __35
-	goto __37
-__37:
-	;
-__25:
-	;
-__16:
-	;
-	if !(uint32(*(*uint8)(unsafe.Pointer(val + uintptr(c)))) < base) {
-		goto __38
-	}
-__39:
-	if !(uint32(*(*uint8)(unsafe.Pointer(val + uintptr(c)))) < base) {
-		goto __41
-	}
-	goto __40
-__40:
-	c = func() int32 {
-		if (*FILE)(unsafe.Pointer(f)).rpos != (*FILE)(unsafe.Pointer(f)).shend {
-			return int32(*(*uint8)(unsafe.Pointer(PostIncUintptr(&(*FILE)(unsafe.Pointer(f)).rpos, 1))))
-		}
-		return X__shgetc(tls, f)
-	}()
-	goto __39
-	goto __41
-__41:
-	;
-	*(*int32)(unsafe.Pointer(X___errno_location(tls))) = 34
-	y = lim
-	if !(lim&uint64(1) != 0) {
-		goto __42
-	}
-	neg = 0
-__42:
-	;
-__38:
-	;
-done:
-	if (*FILE)(unsafe.Pointer(f)).shlim >= int64(0) {
-		(*FILE)(unsafe.Pointer(f)).rpos--
-	} else {
-	}
-	if !(y >= lim) {
-		goto __43
-	}
-	if !(!(lim&uint64(1) != 0) && !(neg != 0)) {
-		goto __44
-	}
-	*(*int32)(unsafe.Pointer(X___errno_location(tls))) = 34
-	return lim - uint64(1)
-	goto __45
-__44:
-	if !(y > lim) {
-		goto __46
-	}
-	*(*int32)(unsafe.Pointer(X___errno_location(tls))) = 34
-	return lim
-__46:
-	;
-__45:
-	;
-__43:
-	;
-	return y ^ uint64(neg) - uint64(neg)
-}
-
-// The shcnt field stores the number of bytes read so far, offset by
-// the value of buf-rpos at the last function call (__shlim or __shgetc),
-// so that between calls the inline shcnt macro can add rpos-buf to get
-// the actual count.
-
-func X__shlim(tls *TLS, f uintptr, lim off_t) { /* shgetc.c:8:6: */
-	if __ccgo_strace {
-		trc("tls=%v f=%v lim=%v, (%v:)", tls, f, lim, origin(2))
-	}
-	(*FILE)(unsafe.Pointer(f)).shlim = lim
-	(*FILE)(unsafe.Pointer(f)).shcnt = (int64((*FILE)(unsafe.Pointer(f)).buf) - int64((*FILE)(unsafe.Pointer(f)).rpos)) / 1
-	// If lim is nonzero, rend must be a valid pointer.
-	if lim != 0 && (int64((*FILE)(unsafe.Pointer(f)).rend)-int64((*FILE)(unsafe.Pointer(f)).rpos))/1 > lim {
-		(*FILE)(unsafe.Pointer(f)).shend = (*FILE)(unsafe.Pointer(f)).rpos + uintptr(lim)
-	} else {
-		(*FILE)(unsafe.Pointer(f)).shend = (*FILE)(unsafe.Pointer(f)).rend
-	}
-}
-
-func X__shgetc(tls *TLS, f uintptr) int32 { /* shgetc.c:19:5: */
-	if __ccgo_strace {
-		trc("tls=%v f=%v, (%v:)", tls, f, origin(2))
-	}
-	var c int32
-	var cnt off_t = (*FILE)(unsafe.Pointer(f)).shcnt + (int64((*FILE)(unsafe.Pointer(f)).rpos)-int64((*FILE)(unsafe.Pointer(f)).buf))/1
-	if (*FILE)(unsafe.Pointer(f)).shlim != 0 && cnt >= (*FILE)(unsafe.Pointer(f)).shlim || AssignInt32(&c, X__uflow(tls, f)) < 0 {
-		(*FILE)(unsafe.Pointer(f)).shcnt = (int64((*FILE)(unsafe.Pointer(f)).buf)-int64((*FILE)(unsafe.Pointer(f)).rpos))/1 + cnt
-		(*FILE)(unsafe.Pointer(f)).shend = (*FILE)(unsafe.Pointer(f)).rpos
-		(*FILE)(unsafe.Pointer(f)).shlim = int64(-1)
-		return -1
-	}
-	cnt++
-	if (*FILE)(unsafe.Pointer(f)).shlim != 0 && (int64((*FILE)(unsafe.Pointer(f)).rend)-int64((*FILE)(unsafe.Pointer(f)).rpos))/1 > (*FILE)(unsafe.Pointer(f)).shlim-cnt {
-		(*FILE)(unsafe.Pointer(f)).shend = (*FILE)(unsafe.Pointer(f)).rpos + uintptr((*FILE)(unsafe.Pointer(f)).shlim-cnt)
-	} else {
-		(*FILE)(unsafe.Pointer(f)).shend = (*FILE)(unsafe.Pointer(f)).rend
-	}
-	(*FILE)(unsafe.Pointer(f)).shcnt = (int64((*FILE)(unsafe.Pointer(f)).buf)-int64((*FILE)(unsafe.Pointer(f)).rpos))/1 + cnt
-	if (*FILE)(unsafe.Pointer(f)).rpos <= (*FILE)(unsafe.Pointer(f)).buf {
-		*(*uint8)(unsafe.Pointer((*FILE)(unsafe.Pointer(f)).rpos + UintptrFromInt32(-1))) = uint8(c)
-	}
-	return c
-}
-
-type lconv = struct {
-	decimal_point      uintptr
-	thousands_sep      uintptr
-	grouping           uintptr
-	int_curr_symbol    uintptr
-	currency_symbol    uintptr
-	mon_decimal_point  uintptr
-	mon_thousands_sep  uintptr
-	mon_grouping       uintptr
-	positive_sign      uintptr
-	negative_sign      uintptr
-	int_frac_digits    int8
-	frac_digits        int8
-	p_cs_precedes      int8
-	p_sep_by_space     int8
-	n_cs_precedes      int8
-	n_sep_by_space     int8
-	p_sign_posn        int8
-	n_sign_posn        int8
-	int_p_cs_precedes  int8
-	int_p_sep_by_space int8
-	int_n_cs_precedes  int8
-	int_n_sep_by_space int8
-	int_p_sign_posn    int8
-	int_n_sign_posn    int8
-	_                  [2]byte
-} /* locale.h:24:1 */
-
-// Support signed or unsigned plain-char
-
-// Implementation choices...
-
-// Arbitrary numbers...
-
-// POSIX/SUS requirements follow. These numbers come directly
-// from SUS and have nothing to do with the host system.
-
-var posix_lconv = lconv{decimal_point: ts + 23, thousands_sep: ts + 13, grouping: ts + 13, int_curr_symbol: ts + 13, currency_symbol: ts + 13, mon_decimal_point: ts + 13, mon_thousands_sep: ts + 13, mon_grouping: ts + 13, positive_sign: ts + 13, negative_sign: ts + 13, int_frac_digits: Int8FromInt32(255), frac_digits: Int8FromInt32(255), p_cs_precedes: Int8FromInt32(255), p_sep_by_space: Int8FromInt32(255), n_cs_precedes: Int8FromInt32(255), n_sep_by_space: Int8FromInt32(255), p_sign_posn: Int8FromInt32(255), n_sign_posn: Int8FromInt32(255), int_p_cs_precedes: Int8FromInt32(255), int_p_sep_by_space: Int8FromInt32(255), int_n_cs_precedes: Int8FromInt32(255), int_n_sep_by_space: Int8FromInt32(255), int_p_sign_posn: Int8FromInt32(255), int_n_sign_posn: Int8FromInt32(255)} /* localeconv.c:4:27 */
-
-func Xlocaleconv(tls *TLS) uintptr { /* localeconv.c:31:14: */
-	if __ccgo_strace {
-		trc("tls=%v, (%v:)", tls, origin(2))
-	}
-	return uintptr(unsafe.Pointer(&posix_lconv))
-}
-
-func X__fpclassify(tls *TLS, x float64) int32 { /* __fpclassify.c:4:5: */
-	if __ccgo_strace {
-		trc("tls=%v x=%v, (%v:)", tls, x, origin(2))
-	}
-	bp := tls.Alloc(8)
-	defer tls.Free(8)
-
-	*(*struct{ f float64 })(unsafe.Pointer(bp)) = func() (r struct{ f float64 }) {
-		*(*float64)(unsafe.Pointer(uintptr(unsafe.Pointer(&r)) + 0)) = x
-		return r
-	}()
-	var e int32 = int32(*(*uint64_t)(unsafe.Pointer(bp)) >> 52 & uint64(0x7ff))
-	if !(e != 0) {
-		if *(*uint64_t)(unsafe.Pointer(bp))<<1 != 0 {
-			return 3
-		}
-		return 2
-	}
-	if e == 0x7ff {
-		if *(*uint64_t)(unsafe.Pointer(bp))<<12 != 0 {
-			return 0
-		}
-		return 1
-	}
-	return 4
-}
-
-func X__fpclassifyf(tls *TLS, x float32) int32 { /* __fpclassifyf.c:4:5: */
-	if __ccgo_strace {
-		trc("tls=%v x=%v, (%v:)", tls, x, origin(2))
-	}
-	bp := tls.Alloc(4)
-	defer tls.Free(4)
-
-	*(*struct{ f float32 })(unsafe.Pointer(bp)) = func() (r struct{ f float32 }) {
-		*(*float32)(unsafe.Pointer(uintptr(unsafe.Pointer(&r)) + 0)) = x
-		return r
-	}()
-	var e int32 = int32(*(*uint32_t)(unsafe.Pointer(bp)) >> 23 & uint32_t(0xff))
-	if !(e != 0) {
-		if *(*uint32_t)(unsafe.Pointer(bp))<<1 != 0 {
-			return 3
-		}
-		return 2
-	}
-	if e == 0xff {
-		if *(*uint32_t)(unsafe.Pointer(bp))<<9 != 0 {
-			return 0
-		}
-		return 1
-	}
-	return 4
-}
-
-func X__fpclassifyl(tls *TLS, x float64) int32 { /* __fpclassifyl.c:4:5: */
-	if __ccgo_strace {
-		trc("tls=%v x=%v, (%v:)", tls, x, origin(2))
-	}
-	return X__fpclassify(tls, x)
-}
-
-func Xcopysignl(tls *TLS, x float64, y float64) float64 { /* copysignl.c:4:13: */
-	if __ccgo_strace {
-		trc("tls=%v x=%v y=%v, (%v:)", tls, x, y, origin(2))
-	}
-	return Xcopysign(tls, x, y)
-}
-
-func Xfabsl(tls *TLS, x float64) float64 { /* fabsl.c:3:13: */
-	if __ccgo_strace {
-		trc("tls=%v x=%v, (%v:)", tls, x, origin(2))
-	}
-	return Xfabs(tls, x)
-}
-
-func Xfmodl(tls *TLS, x float64, y float64) float64 { /* fmodl.c:4:13: */
-	if __ccgo_strace {
-		trc("tls=%v x=%v y=%v, (%v:)", tls, x, y, origin(2))
-	}
-	return Xfmod(tls, x, y)
-}
-
-func Xnanf(tls *TLS, s uintptr) float32 { /* nanf.c:3:7: */
-	if __ccgo_strace {
-		trc("tls=%v s=%v, (%v:)", tls, s, origin(2))
-	}
-	return X__builtin_nanf(tls, ts+13)
-}
-
-var toint double_t = float64(float64(1)) / 2.22044604925031308085e-16 /* rint.c:10:23 */
-
-func Xrint(tls *TLS, x float64) float64 { /* rint.c:12:8: */
-	if __ccgo_strace {
-		trc("tls=%v x=%v, (%v:)", tls, x, origin(2))
-	}
-	bp := tls.Alloc(8)
-	defer tls.Free(8)
-
-	*(*struct{ f float64 })(unsafe.Pointer(bp)) = func() (r struct{ f float64 }) {
-		*(*float64)(unsafe.Pointer(uintptr(unsafe.Pointer(&r)) + 0)) = x
-		return r
-	}()
-	var e int32 = int32(*(*uint64_t)(unsafe.Pointer(bp)) >> 52 & uint64(0x7ff))
-	var s int32 = int32(*(*uint64_t)(unsafe.Pointer(bp)) >> 63)
-	var y double_t
-
-	if e >= 0x3ff+52 {
-		return x
-	}
-	if s != 0 {
-		y = x - toint + toint
-	} else {
-		y = x + toint - toint
-	}
-	if y == float64(0) {
-		if s != 0 {
-			return -Float64FromFloat64(0.0)
-		}
-		return float64(0)
-	}
-	return y
-}
-
-func Xscalbn(tls *TLS, x float64, n int32) float64 { /* scalbn.c:4:8: */
-	if __ccgo_strace {
-		trc("tls=%v x=%v n=%v, (%v:)", tls, x, n, origin(2))
-	}
-	bp := tls.Alloc(8)
-	defer tls.Free(8)
-
-	// var u struct {f float64;} at bp, 8
-
-	var y double_t = x
-
-	if n > 1023 {
-		y = y * 0x1p1023
-		n = n - 1023
-		if n > 1023 {
-			y = y * 0x1p1023
-			n = n - 1023
-			if n > 1023 {
-				n = 1023
-			}
-		}
-	} else if n < -1022 {
-		// make sure final n < -53 to avoid double
-		// 		   rounding in the subnormal range
-		y = y * (float64(0x1p-1022) * 0x1p53)
-		n = n + (1022 - 53)
-		if n < -1022 {
-			y = y * (float64(0x1p-1022) * 0x1p53)
-			n = n + (1022 - 53)
-			if n < -1022 {
-				n = -1022
-			}
-		}
-	}
-	*(*uint64_t)(unsafe.Pointer(bp)) = uint64_t(0x3ff+n) << 52
-	x = y * *(*float64)(unsafe.Pointer(bp))
-	return x
-}
-
-func Xscalbnl(tls *TLS, x float64, n int32) float64 { /* scalbnl.c:4:13: */
-	if __ccgo_strace {
-		trc("tls=%v x=%v n=%v, (%v:)", tls, x, n, origin(2))
-	}
-	return Xscalbn(tls, x, n)
-}
-
-// Support signed or unsigned plain-char
-
-// Implementation choices...
-
-// Arbitrary numbers...
-
-// POSIX/SUS requirements follow. These numbers come directly
-// from SUS and have nothing to do with the host system.
-
-type __locale_map = struct {
-	__map    uintptr
-	map_size size_t
-	name     [24]int8
-	next     uintptr
-} /* alltypes.h:343:9 */
-
-type tls_module = struct {
-	next   uintptr
-	image  uintptr
-	len    size_t
-	size   size_t
-	align  size_t
-	offset size_t
-} /* libc.h:14:1 */
-
-type __libc = struct {
-	can_do_threads  int8
-	threaded        int8
-	secure          int8
-	need_locks      int8
-	threads_minus_1 int32
-	auxv            uintptr
-	tls_head        uintptr
-	tls_size        size_t
-	tls_align       size_t
-	tls_cnt         size_t
-	page_size       size_t
-	global_locale   struct{ cat [6]uintptr }
-} /* libc.h:20:1 */
-
-type time_t = int64 /* alltypes.h:85:16 */
-
-type clockid_t = int32 /* alltypes.h:214:13 */
-
-type timespec = struct {
-	tv_sec  time_t
-	tv_nsec int64
-} /* alltypes.h:229:1 */
-
-type pthread_t = uintptr /* alltypes.h:273:26 */
-
-type pthread_once_t = int32 /* alltypes.h:279:13 */
-
-type pthread_key_t = uint32 /* alltypes.h:284:18 */
-
-type pthread_spinlock_t = int32 /* alltypes.h:289:13 */
-
-type pthread_mutexattr_t = struct{ __attr uint32 } /* alltypes.h:294:37 */
-
-type pthread_condattr_t = struct{ __attr uint32 } /* alltypes.h:299:37 */
-
-type pthread_barrierattr_t = struct{ __attr uint32 } /* alltypes.h:304:37 */
-
-type pthread_rwlockattr_t = struct{ __attr [2]uint32 } /* alltypes.h:309:40 */
-
-type __sigset_t = struct{ __bits [16]uint64 } /* alltypes.h:349:9 */
-
-type sigset_t = __sigset_t /* alltypes.h:349:71 */
-
-type pthread_attr_t = struct {
-	__u struct {
-		_   [0]uint64
-		__i [14]int32
-	}
-} /* alltypes.h:372:147 */
-
-type pthread_mutex_t = struct {
-	__u struct {
-		_   [0]uint64
-		__i [10]int32
-	}
-} /* alltypes.h:377:157 */
-
-type pthread_cond_t = struct {
-	__u struct {
-		_   [0]uint64
-		__i [12]int32
-	}
-} /* alltypes.h:387:112 */
-
-type pthread_rwlock_t = struct {
-	__u struct {
-		_   [0]uint64
-		__i [14]int32
-	}
-} /* alltypes.h:397:139 */
-
-type pthread_barrier_t = struct {
-	__u struct {
-		_   [0]uint64
-		__i [8]int32
-	}
-} /* alltypes.h:402:137 */
-
-type sched_param = struct {
-	sched_priority int32
-	__reserved1    int32
-	__reserved2    [2]struct {
-		__reserved1 time_t
-		__reserved2 int64
-	}
-	__reserved3 int32
-	_           [4]byte
-} /* sched.h:19:1 */
-
-type timer_t = uintptr /* alltypes.h:209:14 */
-
-type clock_t = int64 /* alltypes.h:219:14 */
-
-type tm = struct {
-	tm_sec    int32
-	tm_min    int32
-	tm_hour   int32
-	tm_mday   int32
-	tm_mon    int32
-	tm_year   int32
-	tm_wday   int32
-	tm_yday   int32
-	tm_isdst  int32
-	_         [4]byte
-	tm_gmtoff int64
-	tm_zone   uintptr
-} /* time.h:38:1 */
-
-type itimerspec = struct {
-	it_interval struct {
-		tv_sec  time_t
-		tv_nsec int64
-	}
-	it_value struct {
-		tv_sec  time_t
-		tv_nsec int64
-	}
-} /* time.h:80:1 */
-
-type sigevent = struct {
-	sigev_value struct {
-		_         [0]uint64
-		sival_int int32
-		_         [4]byte
-	}
-	sigev_signo             int32
-	sigev_notify            int32
-	sigev_notify_function   uintptr
-	sigev_notify_attributes uintptr
-	__pad                   [32]int8
-} /* time.h:107:1 */
-
-type __ptcb = struct {
-	__f    uintptr
-	__x    uintptr
-	__next uintptr
-} /* alltypes.h:273:9 */
-
-type sigaltstack = struct {
-	ss_sp    uintptr
-	ss_flags int32
-	_        [4]byte
-	ss_size  size_t
-} /* signal.h:44:9 */
-
-type stack_t = sigaltstack /* signal.h:44:28 */
-
-type greg_t = int64        /* signal.h:59:19 */
-type gregset_t = [23]int64 /* signal.h:59:27 */
-type _fpstate = struct {
-	cwd       uint16
-	swd       uint16
-	ftw       uint16
-	fop       uint16
-	rip       uint64
-	rdp       uint64
-	mxcsr     uint32
-	mxcr_mask uint32
-	_st       [8]struct {
-		significand [4]uint16
-		exponent    uint16
-		padding     [3]uint16
-	}
-	_xmm    [16]struct{ element [4]uint32 }
-	padding [24]uint32
-} /* signal.h:60:9 */
-
-type fpregset_t = uintptr /* signal.h:71:3 */
-type sigcontext = struct {
-	r8          uint64
-	r9          uint64
-	r10         uint64
-	r11         uint64
-	r12         uint64
-	r13         uint64
-	r14         uint64
-	r15         uint64
-	rdi         uint64
-	rsi         uint64
-	rbp         uint64
-	rbx         uint64
-	rdx         uint64
-	rax         uint64
-	rcx         uint64
-	rsp         uint64
-	rip         uint64
-	eflags      uint64
-	cs          uint16
-	gs          uint16
-	fs          uint16
-	__pad0      uint16
-	err         uint64
-	trapno      uint64
-	oldmask     uint64
-	cr2         uint64
-	fpstate     uintptr
-	__reserved1 [8]uint64
-} /* signal.h:72:1 */
-
-type mcontext_t = struct {
-	gregs       gregset_t
-	fpregs      fpregset_t
-	__reserved1 [8]uint64
-} /* signal.h:84:3 */
-
-type __ucontext = struct {
-	uc_flags     uint64
-	uc_link      uintptr
-	uc_stack     stack_t
-	uc_mcontext  mcontext_t
-	uc_sigmask   sigset_t
-	__fpregs_mem [64]uint64
-} /* signal.h:97:9 */
-
-type ucontext_t = __ucontext /* signal.h:104:3 */
-
-type sigval = struct {
-	_         [0]uint64
-	sival_int int32
-	_         [4]byte
-} /* time.h:107:1 */
-
-type siginfo_t = struct {
-	si_signo    int32
-	si_errno    int32
-	si_code     int32
-	_           [4]byte
-	__si_fields struct {
-		_     [0]uint64
-		__pad [112]int8
-	}
-} /* signal.h:145:3 */
-
-type sigaction = struct {
-	__sa_handler struct{ sa_handler uintptr }
-	sa_mask      sigset_t
-	sa_flags     int32
-	_            [4]byte
-	sa_restorer  uintptr
-} /* signal.h:167:1 */
-
-type sig_t = uintptr /* signal.h:251:14 */
-
-type sig_atomic_t = int32 /* signal.h:269:13 */
-
-func a_cas(tls *TLS, p uintptr, t int32, s int32) int32 { /* atomic_arch.h:2:19: */
-	panic(`arch/x86_64/atomic_arch.h:4:2: assembler statements not supported`)
-	return t
-}
-
-func a_swap(tls *TLS, p uintptr, v int32) int32 { /* atomic_arch.h:20:19: */
-	panic(`arch/x86_64/atomic_arch.h:22:2: assembler statements not supported`)
-	return v
-}
-
-func a_or(tls *TLS, p uintptr, v int32) { /* atomic_arch.h:46:20: */
-	panic(`arch/x86_64/atomic_arch.h:48:2: assembler statements not supported`)
-}
-
-func a_or_64(tls *TLS, p uintptr, v uint64_t) { /* atomic_arch.h:62:20: */
-	panic(`arch/x86_64/atomic_arch.h:64:2: assembler statements not supported`)
-}
-
-func a_ctz_64(tls *TLS, x uint64_t) int32 { /* atomic_arch.h:112:19: */
-	panic(`arch/x86_64/atomic_arch.h:114:2: assembler statements not supported`)
-	return int32(x)
-}
-
-func a_ctz_32(tls *TLS, x uint32_t) int32 { /* atomic.h:256:19: */
-	return int32(_sdebruijn328[x&-x*uint32_t(0x076be629)>>27])
-}
-
-var _sdebruijn328 = [32]int8{
-	int8(0), int8(1), int8(23), int8(2), int8(29), int8(24), int8(19), int8(3), int8(30), int8(27), int8(25), int8(11), int8(20), int8(8), int8(4), int8(13),
-	int8(31), int8(22), int8(28), int8(18), int8(26), int8(10), int8(7), int8(12), int8(21), int8(17), int8(9), int8(6), int8(16), int8(5), int8(15), int8(14),
-} /* atomic.h:261:20 */
-
-type __timer = struct {
-	timerid int32
-	_       [4]byte
-	thread  pthread_t
-} /* pthread_impl.h:64:1 */
-
-func __pthread_self(tls *TLS) uintptr { /* pthread_arch.h:1:30: */
-	var self uintptr
-	panic(`arch/x86_64/pthread_arch.h:4:2: assembler statements not supported`)
-	return self
-}
-
-func __wake(tls *TLS, addr uintptr, cnt int32, priv int32) { /* pthread_impl.h:155:20: */
-	if priv != 0 {
-		priv = 128
-	}
-	if cnt < 0 {
-		cnt = 0x7fffffff
-	}
-	_ = Bool32(X__syscall3(tls, int64(202), int64(addr), int64(1|priv), int64(cnt)) != int64(-38) || X__syscall3(tls, int64(202), int64(addr), int64(1), int64(cnt)) != 0)
-}
-
-func __futexwait(tls *TLS, addr uintptr, val int32, priv int32) { /* pthread_impl.h:162:20: */
-	if priv != 0 {
-		priv = 128
-	}
-	_ = Bool32(X__syscall4(tls, int64(202), int64(addr), int64(0|priv), int64(val), int64(0)) != int64(-38) || X__syscall4(tls, int64(202), int64(addr), int64(0), int64(val), int64(0)) != 0)
-}
-
-var X__fsmu8 = [51]uint32_t{
-	func() uint32 {
-		if 0x2 < 2 {
-			return Uint32FromInt32(-1)
-		}
-		return func() uint32 {
-			if Int32(0x80) == Int32(0x80) {
-				return Uint32(Uint32(0x40) - Uint32FromInt32(0xc0))
-			}
-			return Uint32(Uint32(0) - Uint32FromInt32(0x80))
-		}()<<23 | uint32_t(0x2)
-	}(), func() uint32 {
-		if 0x3 < 2 {
-			return Uint32FromInt32(-1)
-		}
-		return func() uint32 {
-			if Int32(0x80) == Int32(0x80) {
-				return Uint32(Uint32(0x40) - Uint32FromInt32(0xc0))
-			}
-			return Uint32(Uint32(0) - Uint32FromInt32(0x80))
-		}()<<23 | uint32_t(0x3)
-	}(), func() uint32 {
-		if 0x4 < 2 {
-			return Uint32FromInt32(-1)
-		}
-		return func() uint32 {
-			if Int32(0x80) == Int32(0x80) {
-				return Uint32(Uint32(0x40) - Uint32FromInt32(0xc0))
-			}
-			return Uint32(Uint32(0) - Uint32FromInt32(0x80))
-		}()<<23 | uint32_t(0x4)
-	}(), func() uint32 {
-		if 0x5 < 2 {
-			return Uint32FromInt32(-1)
-		}
-		return func() uint32 {
-			if Int32(0x80) == Int32(0x80) {
-				return Uint32(Uint32(0x40) - Uint32FromInt32(0xc0))
-			}
-			return Uint32(Uint32(0) - Uint32FromInt32(0x80))
-		}()<<23 | uint32_t(0x5)
-	}(), func() uint32 {
-		if 0x6 < 2 {
-			return Uint32FromInt32(-1)
-		}
-		return func() uint32 {
-			if Int32(0x80) == Int32(0x80) {
-				return Uint32(Uint32(0x40) - Uint32FromInt32(0xc0))
-			}
-			return Uint32(Uint32(0) - Uint32FromInt32(0x80))
-		}()<<23 | uint32_t(0x6)
-	}(), func() uint32 {
-		if 0x7 < 2 {
-			return Uint32FromInt32(-1)
-		}
-		return func() uint32 {
-			if Int32(0x80) == Int32(0x80) {
-				return Uint32(Uint32(0x40) - Uint32FromInt32(0xc0))
-			}
-			return Uint32(Uint32(0) - Uint32FromInt32(0x80))
-		}()<<23 | uint32_t(0x7)
-	}(),
-	func() uint32 {
-		if 0x8 < 2 {
-			return Uint32FromInt32(-1)
-		}
-		return func() uint32 {
-			if Int32(0x80) == Int32(0x80) {
-				return Uint32(Uint32(0x40) - Uint32FromInt32(0xc0))
-			}
-			return Uint32(Uint32(0) - Uint32FromInt32(0x80))
-		}()<<23 | uint32_t(0x8)
-	}(), func() uint32 {
-		if 0x9 < 2 {
-			return Uint32FromInt32(-1)
-		}
-		return func() uint32 {
-			if Int32(0x80) == Int32(0x80) {
-				return Uint32(Uint32(0x40) - Uint32FromInt32(0xc0))
-			}
-			return Uint32(Uint32(0) - Uint32FromInt32(0x80))
-		}()<<23 | uint32_t(0x9)
-	}(), func() uint32 {
-		if 0xa < 2 {
-			return Uint32FromInt32(-1)
-		}
-		return func() uint32 {
-			if Int32(0x80) == Int32(0x80) {
-				return Uint32(Uint32(0x40) - Uint32FromInt32(0xc0))
-			}
-			return Uint32(Uint32(0) - Uint32FromInt32(0x80))
-		}()<<23 | uint32_t(0xa)
-	}(), func() uint32 {
-		if 0xb < 2 {
-			return Uint32FromInt32(-1)
-		}
-		return func() uint32 {
-			if Int32(0x80) == Int32(0x80) {
-				return Uint32(Uint32(0x40) - Uint32FromInt32(0xc0))
-			}
-			return Uint32(Uint32(0) - Uint32FromInt32(0x80))
-		}()<<23 | uint32_t(0xb)
-	}(), func() uint32 {
-		if 0xc < 2 {
-			return Uint32FromInt32(-1)
-		}
-		return func() uint32 {
-			if Int32(0x80) == Int32(0x80) {
-				return Uint32(Uint32(0x40) - Uint32FromInt32(0xc0))
-			}
-			return Uint32(Uint32(0) - Uint32FromInt32(0x80))
-		}()<<23 | uint32_t(0xc)
-	}(), func() uint32 {
-		if 0xd < 2 {
-			return Uint32FromInt32(-1)
-		}
-		return func() uint32 {
-			if Int32(0x80) == Int32(0x80) {
-				return Uint32(Uint32(0x40) - Uint32FromInt32(0xc0))
-			}
-			return Uint32(Uint32(0) - Uint32FromInt32(0x80))
-		}()<<23 | uint32_t(0xd)
-	}(), func() uint32 {
-		if 0xe < 2 {
-			return Uint32FromInt32(-1)
-		}
-		return func() uint32 {
-			if Int32(0x80) == Int32(0x80) {
-				return Uint32(Uint32(0x40) - Uint32FromInt32(0xc0))
-			}
-			return Uint32(Uint32(0) - Uint32FromInt32(0x80))
-		}()<<23 | uint32_t(0xe)
-	}(), func() uint32 {
-		if 0xf < 2 {
-			return Uint32FromInt32(-1)
-		}
-		return func() uint32 {
-			if Int32(0x80) == Int32(0x80) {
-				return Uint32(Uint32(0x40) - Uint32FromInt32(0xc0))
-			}
-			return Uint32(Uint32(0) - Uint32FromInt32(0x80))
-		}()<<23 | uint32_t(0xf)
-	}(),
-	func() uint32 {
-		if 0x0+16 < 2 {
-			return Uint32FromInt32(-1)
-		}
-		return func() uint32 {
-			if Int32(0x80) == Int32(0x80) {
-				return Uint32(Uint32(0x40) - Uint32FromInt32(0xc0))
-			}
-			return Uint32(Uint32(0) - Uint32FromInt32(0x80))
-		}()<<23 | uint32_t(0x0+16)
-	}(), func() uint32 {
-		if 0x1+16 < 2 {
-			return Uint32FromInt32(-1)
-		}
-		return func() uint32 {
-			if Int32(0x80) == Int32(0x80) {
-				return Uint32(Uint32(0x40) - Uint32FromInt32(0xc0))
-			}
-			return Uint32(Uint32(0) - Uint32FromInt32(0x80))
-		}()<<23 | uint32_t(0x1+16)
-	}(), func() uint32 {
-		if 0x2+16 < 2 {
-			return Uint32FromInt32(-1)
-		}
-		return func() uint32 {
-			if Int32(0x80) == Int32(0x80) {
-				return Uint32(Uint32(0x40) - Uint32FromInt32(0xc0))
-			}
-			return Uint32(Uint32(0) - Uint32FromInt32(0x80))
-		}()<<23 | uint32_t(0x2+16)
-	}(), func() uint32 {
-		if 0x3+16 < 2 {
-			return Uint32FromInt32(-1)
-		}
-		return func() uint32 {
-			if Int32(0x80) == Int32(0x80) {
-				return Uint32(Uint32(0x40) - Uint32FromInt32(0xc0))
-			}
-			return Uint32(Uint32(0) - Uint32FromInt32(0x80))
-		}()<<23 | uint32_t(0x3+16)
-	}(), func() uint32 {
-		if 0x4+16 < 2 {
-			return Uint32FromInt32(-1)
-		}
-		return func() uint32 {
-			if Int32(0x80) == Int32(0x80) {
-				return Uint32(Uint32(0x40) - Uint32FromInt32(0xc0))
-			}
-			return Uint32(Uint32(0) - Uint32FromInt32(0x80))
-		}()<<23 | uint32_t(0x4+16)
-	}(), func() uint32 {
-		if 0x5+16 < 2 {
-			return Uint32FromInt32(-1)
-		}
-		return func() uint32 {
-			if Int32(0x80) == Int32(0x80) {
-				return Uint32(Uint32(0x40) - Uint32FromInt32(0xc0))
-			}
-			return Uint32(Uint32(0) - Uint32FromInt32(0x80))
-		}()<<23 | uint32_t(0x5+16)
-	}(), func() uint32 {
-		if 0x6+16 < 2 {
-			return Uint32FromInt32(-1)
-		}
-		return func() uint32 {
-			if Int32(0x80) == Int32(0x80) {
-				return Uint32(Uint32(0x40) - Uint32FromInt32(0xc0))
-			}
-			return Uint32(Uint32(0) - Uint32FromInt32(0x80))
-		}()<<23 | uint32_t(0x6+16)
-	}(), func() uint32 {
-		if 0x7+16 < 2 {
-			return Uint32FromInt32(-1)
-		}
-		return func() uint32 {
-			if Int32(0x80) == Int32(0x80) {
-				return Uint32(Uint32(0x40) - Uint32FromInt32(0xc0))
-			}
-			return Uint32(Uint32(0) - Uint32FromInt32(0x80))
-		}()<<23 | uint32_t(0x7+16)
-	}(),
-	func() uint32 {
-		if 0x8+16 < 2 {
-			return Uint32FromInt32(-1)
-		}
-		return func() uint32 {
-			if Int32(0x80) == Int32(0x80) {
-				return Uint32(Uint32(0x40) - Uint32FromInt32(0xc0))
-			}
-			return Uint32(Uint32(0) - Uint32FromInt32(0x80))
-		}()<<23 | uint32_t(0x8+16)
-	}(), func() uint32 {
-		if 0x9+16 < 2 {
-			return Uint32FromInt32(-1)
-		}
-		return func() uint32 {
-			if Int32(0x80) == Int32(0x80) {
-				return Uint32(Uint32(0x40) - Uint32FromInt32(0xc0))
-			}
-			return Uint32(Uint32(0) - Uint32FromInt32(0x80))
-		}()<<23 | uint32_t(0x9+16)
-	}(), func() uint32 {
-		if 0xa+16 < 2 {
-			return Uint32FromInt32(-1)
-		}
-		return func() uint32 {
-			if Int32(0x80) == Int32(0x80) {
-				return Uint32(Uint32(0x40) - Uint32FromInt32(0xc0))
-			}
-			return Uint32(Uint32(0) - Uint32FromInt32(0x80))
-		}()<<23 | uint32_t(0xa+16)
-	}(), func() uint32 {
-		if 0xb+16 < 2 {
-			return Uint32FromInt32(-1)
-		}
-		return func() uint32 {
-			if Int32(0x80) == Int32(0x80) {
-				return Uint32(Uint32(0x40) - Uint32FromInt32(0xc0))
-			}
-			return Uint32(Uint32(0) - Uint32FromInt32(0x80))
-		}()<<23 | uint32_t(0xb+16)
-	}(), func() uint32 {
-		if 0xc+16 < 2 {
-			return Uint32FromInt32(-1)
-		}
-		return func() uint32 {
-			if Int32(0x80) == Int32(0x80) {
-				return Uint32(Uint32(0x40) - Uint32FromInt32(0xc0))
-			}
-			return Uint32(Uint32(0) - Uint32FromInt32(0x80))
-		}()<<23 | uint32_t(0xc+16)
-	}(), func() uint32 {
-		if 0xd+16 < 2 {
-			return Uint32FromInt32(-1)
-		}
-		return func() uint32 {
-			if Int32(0x80) == Int32(0x80) {
-				return Uint32(Uint32(0x40) - Uint32FromInt32(0xc0))
-			}
-			return Uint32(Uint32(0) - Uint32FromInt32(0x80))
-		}()<<23 | uint32_t(0xd+16)
-	}(), func() uint32 {
-		if 0xe+16 < 2 {
-			return Uint32FromInt32(-1)
-		}
-		return func() uint32 {
-			if Int32(0x80) == Int32(0x80) {
-				return Uint32(Uint32(0x40) - Uint32FromInt32(0xc0))
-			}
-			return Uint32(Uint32(0) - Uint32FromInt32(0x80))
-		}()<<23 | uint32_t(0xe+16)
-	}(), func() uint32 {
-		if 0xf+16 < 2 {
-			return Uint32FromInt32(-1)
-		}
-		return func() uint32 {
-			if Int32(0x80) == Int32(0x80) {
-				return Uint32(Uint32(0x40) - Uint32FromInt32(0xc0))
-			}
-			return Uint32(Uint32(0) - Uint32FromInt32(0x80))
-		}()<<23 | uint32_t(0xf+16)
-	}(),
-	func() uint32 {
-		if 0x0 == 0 {
-			return func() uint32 {
-				if Int32(0xa0) == Int32(0x80) {
-					return Uint32(Uint32(0x40) - Uint32FromInt32(0xc0))
-				}
-				return Uint32(Uint32(0) - Uint32FromInt32(0xa0))
-			}() << 23
-		}
-		return func() uint32 {
-			if 0x0 == 0xd {
-				return func() uint32 {
-					if Int32(0x80) == Int32(0x80) {
-						return Uint32(Uint32(0x40) - Uint32FromInt32(0xa0))
-					}
-					return Uint32(Uint32(0) - Uint32FromInt32(0x80))
-				}() << 23
-			}
-			return func() uint32 {
-				if Int32(0x80) == Int32(0x80) {
-					return Uint32(Uint32(0x40) - Uint32FromInt32(0xc0))
-				}
-				return Uint32(Uint32(0) - Uint32FromInt32(0x80))
-			}() << 23
-		}()
-	}() | uint32_t(func() uint32 {
-		if Int32(0x80) == Int32(0x80) {
-			return Uint32(Uint32(0x40) - Uint32FromInt32(0xc0))
-		}
-		return Uint32(Uint32(0) - Uint32FromInt32(0x80))
-	}()<<23)>>6 | uint32_t(0x0), func() uint32 {
-		if 0x1 == 0 {
-			return func() uint32 {
-				if Int32(0xa0) == Int32(0x80) {
-					return Uint32(Uint32(0x40) - Uint32FromInt32(0xc0))
-				}
-				return Uint32(Uint32(0) - Uint32FromInt32(0xa0))
-			}() << 23
-		}
-		return func() uint32 {
-			if 0x1 == 0xd {
-				return func() uint32 {
-					if Int32(0x80) == Int32(0x80) {
-						return Uint32(Uint32(0x40) - Uint32FromInt32(0xa0))
-					}
-					return Uint32(Uint32(0) - Uint32FromInt32(0x80))
-				}() << 23
-			}
-			return func() uint32 {
-				if Int32(0x80) == Int32(0x80) {
-					return Uint32(Uint32(0x40) - Uint32FromInt32(0xc0))
-				}
-				return Uint32(Uint32(0) - Uint32FromInt32(0x80))
-			}() << 23
-		}()
-	}() | uint32_t(func() uint32 {
-		if Int32(0x80) == Int32(0x80) {
-			return Uint32(Uint32(0x40) - Uint32FromInt32(0xc0))
-		}
-		return Uint32(Uint32(0) - Uint32FromInt32(0x80))
-	}()<<23)>>6 | uint32_t(0x1), func() uint32 {
-		if 0x2 == 0 {
-			return func() uint32 {
-				if Int32(0xa0) == Int32(0x80) {
-					return Uint32(Uint32(0x40) - Uint32FromInt32(0xc0))
-				}
-				return Uint32(Uint32(0) - Uint32FromInt32(0xa0))
-			}() << 23
-		}
-		return func() uint32 {
-			if 0x2 == 0xd {
-				return func() uint32 {
-					if Int32(0x80) == Int32(0x80) {
-						return Uint32(Uint32(0x40) - Uint32FromInt32(0xa0))
-					}
-					return Uint32(Uint32(0) - Uint32FromInt32(0x80))
-				}() << 23
-			}
-			return func() uint32 {
-				if Int32(0x80) == Int32(0x80) {
-					return Uint32(Uint32(0x40) - Uint32FromInt32(0xc0))
-				}
-				return Uint32(Uint32(0) - Uint32FromInt32(0x80))
-			}() << 23
-		}()
-	}() | uint32_t(func() uint32 {
-		if Int32(0x80) == Int32(0x80) {
-			return Uint32(Uint32(0x40) - Uint32FromInt32(0xc0))
-		}
-		return Uint32(Uint32(0) - Uint32FromInt32(0x80))
-	}()<<23)>>6 | uint32_t(0x2), func() uint32 {
-		if 0x3 == 0 {
-			return func() uint32 {
-				if Int32(0xa0) == Int32(0x80) {
-					return Uint32(Uint32(0x40) - Uint32FromInt32(0xc0))
-				}
-				return Uint32(Uint32(0) - Uint32FromInt32(0xa0))
-			}() << 23
-		}
-		return func() uint32 {
-			if 0x3 == 0xd {
-				return func() uint32 {
-					if Int32(0x80) == Int32(0x80) {
-						return Uint32(Uint32(0x40) - Uint32FromInt32(0xa0))
-					}
-					return Uint32(Uint32(0) - Uint32FromInt32(0x80))
-				}() << 23
-			}
-			return func() uint32 {
-				if Int32(0x80) == Int32(0x80) {
-					return Uint32(Uint32(0x40) - Uint32FromInt32(0xc0))
-				}
-				return Uint32(Uint32(0) - Uint32FromInt32(0x80))
-			}() << 23
-		}()
-	}() | uint32_t(func() uint32 {
-		if Int32(0x80) == Int32(0x80) {
-			return Uint32(Uint32(0x40) - Uint32FromInt32(0xc0))
-		}
-		return Uint32(Uint32(0) - Uint32FromInt32(0x80))
-	}()<<23)>>6 | uint32_t(0x3), func() uint32 {
-		if 0x4 == 0 {
-			return func() uint32 {
-				if Int32(0xa0) == Int32(0x80) {
-					return Uint32(Uint32(0x40) - Uint32FromInt32(0xc0))
-				}
-				return Uint32(Uint32(0) - Uint32FromInt32(0xa0))
-			}() << 23
-		}
-		return func() uint32 {
-			if 0x4 == 0xd {
-				return func() uint32 {
-					if Int32(0x80) == Int32(0x80) {
-						return Uint32(Uint32(0x40) - Uint32FromInt32(0xa0))
-					}
-					return Uint32(Uint32(0) - Uint32FromInt32(0x80))
-				}() << 23
-			}
-			return func() uint32 {
-				if Int32(0x80) == Int32(0x80) {
-					return Uint32(Uint32(0x40) - Uint32FromInt32(0xc0))
-				}
-				return Uint32(Uint32(0) - Uint32FromInt32(0x80))
-			}() << 23
-		}()
-	}() | uint32_t(func() uint32 {
-		if Int32(0x80) == Int32(0x80) {
-			return Uint32(Uint32(0x40) - Uint32FromInt32(0xc0))
-		}
-		return Uint32(Uint32(0) - Uint32FromInt32(0x80))
-	}()<<23)>>6 | uint32_t(0x4), func() uint32 {
-		if 0x5 == 0 {
-			return func() uint32 {
-				if Int32(0xa0) == Int32(0x80) {
-					return Uint32(Uint32(0x40) - Uint32FromInt32(0xc0))
-				}
-				return Uint32(Uint32(0) - Uint32FromInt32(0xa0))
-			}() << 23
-		}
-		return func() uint32 {
-			if 0x5 == 0xd {
-				return func() uint32 {
-					if Int32(0x80) == Int32(0x80) {
-						return Uint32(Uint32(0x40) - Uint32FromInt32(0xa0))
-					}
-					return Uint32(Uint32(0) - Uint32FromInt32(0x80))
-				}() << 23
-			}
-			return func() uint32 {
-				if Int32(0x80) == Int32(0x80) {
-					return Uint32(Uint32(0x40) - Uint32FromInt32(0xc0))
-				}
-				return Uint32(Uint32(0) - Uint32FromInt32(0x80))
-			}() << 23
-		}()
-	}() | uint32_t(func() uint32 {
-		if Int32(0x80) == Int32(0x80) {
-			return Uint32(Uint32(0x40) - Uint32FromInt32(0xc0))
-		}
-		return Uint32(Uint32(0) - Uint32FromInt32(0x80))
-	}()<<23)>>6 | uint32_t(0x5), func() uint32 {
-		if 0x6 == 0 {
-			return func() uint32 {
-				if Int32(0xa0) == Int32(0x80) {
-					return Uint32(Uint32(0x40) - Uint32FromInt32(0xc0))
-				}
-				return Uint32(Uint32(0) - Uint32FromInt32(0xa0))
-			}() << 23
-		}
-		return func() uint32 {
-			if 0x6 == 0xd {
-				return func() uint32 {
-					if Int32(0x80) == Int32(0x80) {
-						return Uint32(Uint32(0x40) - Uint32FromInt32(0xa0))
-					}
-					return Uint32(Uint32(0) - Uint32FromInt32(0x80))
-				}() << 23
-			}
-			return func() uint32 {
-				if Int32(0x80) == Int32(0x80) {
-					return Uint32(Uint32(0x40) - Uint32FromInt32(0xc0))
-				}
-				return Uint32(Uint32(0) - Uint32FromInt32(0x80))
-			}() << 23
-		}()
-	}() | uint32_t(func() uint32 {
-		if Int32(0x80) == Int32(0x80) {
-			return Uint32(Uint32(0x40) - Uint32FromInt32(0xc0))
-		}
-		return Uint32(Uint32(0) - Uint32FromInt32(0x80))
-	}()<<23)>>6 | uint32_t(0x6), func() uint32 {
-		if 0x7 == 0 {
-			return func() uint32 {
-				if Int32(0xa0) == Int32(0x80) {
-					return Uint32(Uint32(0x40) - Uint32FromInt32(0xc0))
-				}
-				return Uint32(Uint32(0) - Uint32FromInt32(0xa0))
-			}() << 23
-		}
-		return func() uint32 {
-			if 0x7 == 0xd {
-				return func() uint32 {
-					if Int32(0x80) == Int32(0x80) {
-						return Uint32(Uint32(0x40) - Uint32FromInt32(0xa0))
-					}
-					return Uint32(Uint32(0) - Uint32FromInt32(0x80))
-				}() << 23
-			}
-			return func() uint32 {
-				if Int32(0x80) == Int32(0x80) {
-					return Uint32(Uint32(0x40) - Uint32FromInt32(0xc0))
-				}
-				return Uint32(Uint32(0) - Uint32FromInt32(0x80))
-			}() << 23
-		}()
-	}() | uint32_t(func() uint32 {
-		if Int32(0x80) == Int32(0x80) {
-			return Uint32(Uint32(0x40) - Uint32FromInt32(0xc0))
-		}
-		return Uint32(Uint32(0) - Uint32FromInt32(0x80))
-	}()<<23)>>6 | uint32_t(0x7),
-	func() uint32 {
-		if 0x8 == 0 {
-			return func() uint32 {
-				if Int32(0xa0) == Int32(0x80) {
-					return Uint32(Uint32(0x40) - Uint32FromInt32(0xc0))
-				}
-				return Uint32(Uint32(0) - Uint32FromInt32(0xa0))
-			}() << 23
-		}
-		return func() uint32 {
-			if 0x8 == 0xd {
-				return func() uint32 {
-					if Int32(0x80) == Int32(0x80) {
-						return Uint32(Uint32(0x40) - Uint32FromInt32(0xa0))
-					}
-					return Uint32(Uint32(0) - Uint32FromInt32(0x80))
-				}() << 23
-			}
-			return func() uint32 {
-				if Int32(0x80) == Int32(0x80) {
-					return Uint32(Uint32(0x40) - Uint32FromInt32(0xc0))
-				}
-				return Uint32(Uint32(0) - Uint32FromInt32(0x80))
-			}() << 23
-		}()
-	}() | uint32_t(func() uint32 {
-		if Int32(0x80) == Int32(0x80) {
-			return Uint32(Uint32(0x40) - Uint32FromInt32(0xc0))
-		}
-		return Uint32(Uint32(0) - Uint32FromInt32(0x80))
-	}()<<23)>>6 | uint32_t(0x8), func() uint32 {
-		if 0x9 == 0 {
-			return func() uint32 {
-				if Int32(0xa0) == Int32(0x80) {
-					return Uint32(Uint32(0x40) - Uint32FromInt32(0xc0))
-				}
-				return Uint32(Uint32(0) - Uint32FromInt32(0xa0))
-			}() << 23
-		}
-		return func() uint32 {
-			if 0x9 == 0xd {
-				return func() uint32 {
-					if Int32(0x80) == Int32(0x80) {
-						return Uint32(Uint32(0x40) - Uint32FromInt32(0xa0))
-					}
-					return Uint32(Uint32(0) - Uint32FromInt32(0x80))
-				}() << 23
-			}
-			return func() uint32 {
-				if Int32(0x80) == Int32(0x80) {
-					return Uint32(Uint32(0x40) - Uint32FromInt32(0xc0))
-				}
-				return Uint32(Uint32(0) - Uint32FromInt32(0x80))
-			}() << 23
-		}()
-	}() | uint32_t(func() uint32 {
-		if Int32(0x80) == Int32(0x80) {
-			return Uint32(Uint32(0x40) - Uint32FromInt32(0xc0))
-		}
-		return Uint32(Uint32(0) - Uint32FromInt32(0x80))
-	}()<<23)>>6 | uint32_t(0x9), func() uint32 {
-		if 0xa == 0 {
-			return func() uint32 {
-				if Int32(0xa0) == Int32(0x80) {
-					return Uint32(Uint32(0x40) - Uint32FromInt32(0xc0))
-				}
-				return Uint32(Uint32(0) - Uint32FromInt32(0xa0))
-			}() << 23
-		}
-		return func() uint32 {
-			if 0xa == 0xd {
-				return func() uint32 {
-					if Int32(0x80) == Int32(0x80) {
-						return Uint32(Uint32(0x40) - Uint32FromInt32(0xa0))
-					}
-					return Uint32(Uint32(0) - Uint32FromInt32(0x80))
-				}() << 23
-			}
-			return func() uint32 {
-				if Int32(0x80) == Int32(0x80) {
-					return Uint32(Uint32(0x40) - Uint32FromInt32(0xc0))
-				}
-				return Uint32(Uint32(0) - Uint32FromInt32(0x80))
-			}() << 23
-		}()
-	}() | uint32_t(func() uint32 {
-		if Int32(0x80) == Int32(0x80) {
-			return Uint32(Uint32(0x40) - Uint32FromInt32(0xc0))
-		}
-		return Uint32(Uint32(0) - Uint32FromInt32(0x80))
-	}()<<23)>>6 | uint32_t(0xa), func() uint32 {
-		if 0xb == 0 {
-			return func() uint32 {
-				if Int32(0xa0) == Int32(0x80) {
-					return Uint32(Uint32(0x40) - Uint32FromInt32(0xc0))
-				}
-				return Uint32(Uint32(0) - Uint32FromInt32(0xa0))
-			}() << 23
-		}
-		return func() uint32 {
-			if 0xb == 0xd {
-				return func() uint32 {
-					if Int32(0x80) == Int32(0x80) {
-						return Uint32(Uint32(0x40) - Uint32FromInt32(0xa0))
-					}
-					return Uint32(Uint32(0) - Uint32FromInt32(0x80))
-				}() << 23
-			}
-			return func() uint32 {
-				if Int32(0x80) == Int32(0x80) {
-					return Uint32(Uint32(0x40) - Uint32FromInt32(0xc0))
-				}
-				return Uint32(Uint32(0) - Uint32FromInt32(0x80))
-			}() << 23
-		}()
-	}() | uint32_t(func() uint32 {
-		if Int32(0x80) == Int32(0x80) {
-			return Uint32(Uint32(0x40) - Uint32FromInt32(0xc0))
-		}
-		return Uint32(Uint32(0) - Uint32FromInt32(0x80))
-	}()<<23)>>6 | uint32_t(0xb), func() uint32 {
-		if 0xc == 0 {
-			return func() uint32 {
-				if Int32(0xa0) == Int32(0x80) {
-					return Uint32(Uint32(0x40) - Uint32FromInt32(0xc0))
-				}
-				return Uint32(Uint32(0) - Uint32FromInt32(0xa0))
-			}() << 23
-		}
-		return func() uint32 {
-			if 0xc == 0xd {
-				return func() uint32 {
-					if Int32(0x80) == Int32(0x80) {
-						return Uint32(Uint32(0x40) - Uint32FromInt32(0xa0))
-					}
-					return Uint32(Uint32(0) - Uint32FromInt32(0x80))
-				}() << 23
-			}
-			return func() uint32 {
-				if Int32(0x80) == Int32(0x80) {
-					return Uint32(Uint32(0x40) - Uint32FromInt32(0xc0))
-				}
-				return Uint32(Uint32(0) - Uint32FromInt32(0x80))
-			}() << 23
-		}()
-	}() | uint32_t(func() uint32 {
-		if Int32(0x80) == Int32(0x80) {
-			return Uint32(Uint32(0x40) - Uint32FromInt32(0xc0))
-		}
-		return Uint32(Uint32(0) - Uint32FromInt32(0x80))
-	}()<<23)>>6 | uint32_t(0xc), func() uint32 {
-		if 0xd == 0 {
-			return func() uint32 {
-				if Int32(0xa0) == Int32(0x80) {
-					return Uint32(Uint32(0x40) - Uint32FromInt32(0xc0))
-				}
-				return Uint32(Uint32(0) - Uint32FromInt32(0xa0))
-			}() << 23
-		}
-		return func() uint32 {
-			if 0xd == 0xd {
-				return func() uint32 {
-					if Int32(0x80) == Int32(0x80) {
-						return Uint32(Uint32(0x40) - Uint32FromInt32(0xa0))
-					}
-					return Uint32(Uint32(0) - Uint32FromInt32(0x80))
-				}() << 23
-			}
-			return func() uint32 {
-				if Int32(0x80) == Int32(0x80) {
-					return Uint32(Uint32(0x40) - Uint32FromInt32(0xc0))
-				}
-				return Uint32(Uint32(0) - Uint32FromInt32(0x80))
-			}() << 23
-		}()
-	}() | uint32_t(func() uint32 {
-		if Int32(0x80) == Int32(0x80) {
-			return Uint32(Uint32(0x40) - Uint32FromInt32(0xc0))
-		}
-		return Uint32(Uint32(0) - Uint32FromInt32(0x80))
-	}()<<23)>>6 | uint32_t(0xd), func() uint32 {
-		if 0xe == 0 {
-			return func() uint32 {
-				if Int32(0xa0) == Int32(0x80) {
-					return Uint32(Uint32(0x40) - Uint32FromInt32(0xc0))
-				}
-				return Uint32(Uint32(0) - Uint32FromInt32(0xa0))
-			}() << 23
-		}
-		return func() uint32 {
-			if 0xe == 0xd {
-				return func() uint32 {
-					if Int32(0x80) == Int32(0x80) {
-						return Uint32(Uint32(0x40) - Uint32FromInt32(0xa0))
-					}
-					return Uint32(Uint32(0) - Uint32FromInt32(0x80))
-				}() << 23
-			}
-			return func() uint32 {
-				if Int32(0x80) == Int32(0x80) {
-					return Uint32(Uint32(0x40) - Uint32FromInt32(0xc0))
-				}
-				return Uint32(Uint32(0) - Uint32FromInt32(0x80))
-			}() << 23
-		}()
-	}() | uint32_t(func() uint32 {
-		if Int32(0x80) == Int32(0x80) {
-			return Uint32(Uint32(0x40) - Uint32FromInt32(0xc0))
-		}
-		return Uint32(Uint32(0) - Uint32FromInt32(0x80))
-	}()<<23)>>6 | uint32_t(0xe), func() uint32 {
-		if 0xf == 0 {
-			return func() uint32 {
-				if Int32(0xa0) == Int32(0x80) {
-					return Uint32(Uint32(0x40) - Uint32FromInt32(0xc0))
-				}
-				return Uint32(Uint32(0) - Uint32FromInt32(0xa0))
-			}() << 23
-		}
-		return func() uint32 {
-			if 0xf == 0xd {
-				return func() uint32 {
-					if Int32(0x80) == Int32(0x80) {
-						return Uint32(Uint32(0x40) - Uint32FromInt32(0xa0))
-					}
-					return Uint32(Uint32(0) - Uint32FromInt32(0x80))
-				}() << 23
-			}
-			return func() uint32 {
-				if Int32(0x80) == Int32(0x80) {
-					return Uint32(Uint32(0x40) - Uint32FromInt32(0xc0))
-				}
-				return Uint32(Uint32(0) - Uint32FromInt32(0x80))
-			}() << 23
-		}()
-	}() | uint32_t(func() uint32 {
-		if Int32(0x80) == Int32(0x80) {
-			return Uint32(Uint32(0x40) - Uint32FromInt32(0xc0))
-		}
-		return Uint32(Uint32(0) - Uint32FromInt32(0x80))
-	}()<<23)>>6 | uint32_t(0xf),
-	func() uint32 {
-		if 0x0 >= 5 {
-			return uint32(0)
-		}
-		return func() uint32 {
-			if 0x0 == 0 {
-				return func() uint32 {
-					if Int32(0x90) == Int32(0x80) {
-						return Uint32(Uint32(0x40) - Uint32FromInt32(0xc0))
-					}
-					return Uint32(Uint32(0) - Uint32FromInt32(0x90))
-				}() << 23
-			}
-			return func() uint32 {
-				if 0x0 == 4 {
-					return func() uint32 {
-						if Int32(0x80) == Int32(0x80) {
-							return Uint32(Uint32(0x40) - Uint32FromInt32(0x90))
-						}
-						return Uint32(Uint32(0) - Uint32FromInt32(0x80))
-					}() << 23
-				}
-				return func() uint32 {
-					if Int32(0x80) == Int32(0x80) {
-						return Uint32(Uint32(0x40) - Uint32FromInt32(0xc0))
-					}
-					return Uint32(Uint32(0) - Uint32FromInt32(0x80))
-				}() << 23
-			}()
-		}()
-	}() | uint32_t(func() uint32 {
-		if Int32(0x80) == Int32(0x80) {
-			return Uint32(Uint32(0x40) - Uint32FromInt32(0xc0))
-		}
-		return Uint32(Uint32(0) - Uint32FromInt32(0x80))
-	}()<<23)>>6 | uint32_t(func() uint32 {
-		if Int32(0x80) == Int32(0x80) {
-			return Uint32(Uint32(0x40) - Uint32FromInt32(0xc0))
-		}
-		return Uint32(Uint32(0) - Uint32FromInt32(0x80))
-	}()<<23)>>12 | uint32_t(0x0), func() uint32 {
-		if 0x1 >= 5 {
-			return uint32(0)
-		}
-		return func() uint32 {
-			if 0x1 == 0 {
-				return func() uint32 {
-					if Int32(0x90) == Int32(0x80) {
-						return Uint32(Uint32(0x40) - Uint32FromInt32(0xc0))
-					}
-					return Uint32(Uint32(0) - Uint32FromInt32(0x90))
-				}() << 23
-			}
-			return func() uint32 {
-				if 0x1 == 4 {
-					return func() uint32 {
-						if Int32(0x80) == Int32(0x80) {
-							return Uint32(Uint32(0x40) - Uint32FromInt32(0x90))
-						}
-						return Uint32(Uint32(0) - Uint32FromInt32(0x80))
-					}() << 23
-				}
-				return func() uint32 {
-					if Int32(0x80) == Int32(0x80) {
-						return Uint32(Uint32(0x40) - Uint32FromInt32(0xc0))
-					}
-					return Uint32(Uint32(0) - Uint32FromInt32(0x80))
-				}() << 23
-			}()
-		}()
-	}() | uint32_t(func() uint32 {
-		if Int32(0x80) == Int32(0x80) {
-			return Uint32(Uint32(0x40) - Uint32FromInt32(0xc0))
-		}
-		return Uint32(Uint32(0) - Uint32FromInt32(0x80))
-	}()<<23)>>6 | uint32_t(func() uint32 {
-		if Int32(0x80) == Int32(0x80) {
-			return Uint32(Uint32(0x40) - Uint32FromInt32(0xc0))
-		}
-		return Uint32(Uint32(0) - Uint32FromInt32(0x80))
-	}()<<23)>>12 | uint32_t(0x1), func() uint32 {
-		if 0x2 >= 5 {
-			return uint32(0)
-		}
-		return func() uint32 {
-			if 0x2 == 0 {
-				return func() uint32 {
-					if Int32(0x90) == Int32(0x80) {
-						return Uint32(Uint32(0x40) - Uint32FromInt32(0xc0))
-					}
-					return Uint32(Uint32(0) - Uint32FromInt32(0x90))
-				}() << 23
-			}
-			return func() uint32 {
-				if 0x2 == 4 {
-					return func() uint32 {
-						if Int32(0x80) == Int32(0x80) {
-							return Uint32(Uint32(0x40) - Uint32FromInt32(0x90))
-						}
-						return Uint32(Uint32(0) - Uint32FromInt32(0x80))
-					}() << 23
-				}
-				return func() uint32 {
-					if Int32(0x80) == Int32(0x80) {
-						return Uint32(Uint32(0x40) - Uint32FromInt32(0xc0))
-					}
-					return Uint32(Uint32(0) - Uint32FromInt32(0x80))
-				}() << 23
-			}()
-		}()
-	}() | uint32_t(func() uint32 {
-		if Int32(0x80) == Int32(0x80) {
-			return Uint32(Uint32(0x40) - Uint32FromInt32(0xc0))
-		}
-		return Uint32(Uint32(0) - Uint32FromInt32(0x80))
-	}()<<23)>>6 | uint32_t(func() uint32 {
-		if Int32(0x80) == Int32(0x80) {
-			return Uint32(Uint32(0x40) - Uint32FromInt32(0xc0))
-		}
-		return Uint32(Uint32(0) - Uint32FromInt32(0x80))
-	}()<<23)>>12 | uint32_t(0x2), func() uint32 {
-		if 0x3 >= 5 {
-			return uint32(0)
-		}
-		return func() uint32 {
-			if 0x3 == 0 {
-				return func() uint32 {
-					if Int32(0x90) == Int32(0x80) {
-						return Uint32(Uint32(0x40) - Uint32FromInt32(0xc0))
-					}
-					return Uint32(Uint32(0) - Uint32FromInt32(0x90))
-				}() << 23
-			}
-			return func() uint32 {
-				if 0x3 == 4 {
-					return func() uint32 {
-						if Int32(0x80) == Int32(0x80) {
-							return Uint32(Uint32(0x40) - Uint32FromInt32(0x90))
-						}
-						return Uint32(Uint32(0) - Uint32FromInt32(0x80))
-					}() << 23
-				}
-				return func() uint32 {
-					if Int32(0x80) == Int32(0x80) {
-						return Uint32(Uint32(0x40) - Uint32FromInt32(0xc0))
-					}
-					return Uint32(Uint32(0) - Uint32FromInt32(0x80))
-				}() << 23
-			}()
-		}()
-	}() | uint32_t(func() uint32 {
-		if Int32(0x80) == Int32(0x80) {
-			return Uint32(Uint32(0x40) - Uint32FromInt32(0xc0))
-		}
-		return Uint32(Uint32(0) - Uint32FromInt32(0x80))
-	}()<<23)>>6 | uint32_t(func() uint32 {
-		if Int32(0x80) == Int32(0x80) {
-			return Uint32(Uint32(0x40) - Uint32FromInt32(0xc0))
-		}
-		return Uint32(Uint32(0) - Uint32FromInt32(0x80))
-	}()<<23)>>12 | uint32_t(0x3), func() uint32 {
-		if 0x4 >= 5 {
-			return uint32(0)
-		}
-		return func() uint32 {
-			if 0x4 == 0 {
-				return func() uint32 {
-					if Int32(0x90) == Int32(0x80) {
-						return Uint32(Uint32(0x40) - Uint32FromInt32(0xc0))
-					}
-					return Uint32(Uint32(0) - Uint32FromInt32(0x90))
-				}() << 23
-			}
-			return func() uint32 {
-				if 0x4 == 4 {
-					return func() uint32 {
-						if Int32(0x80) == Int32(0x80) {
-							return Uint32(Uint32(0x40) - Uint32FromInt32(0x90))
-						}
-						return Uint32(Uint32(0) - Uint32FromInt32(0x80))
-					}() << 23
-				}
-				return func() uint32 {
-					if Int32(0x80) == Int32(0x80) {
-						return Uint32(Uint32(0x40) - Uint32FromInt32(0xc0))
-					}
-					return Uint32(Uint32(0) - Uint32FromInt32(0x80))
-				}() << 23
-			}()
-		}()
-	}() | uint32_t(func() uint32 {
-		if Int32(0x80) == Int32(0x80) {
-			return Uint32(Uint32(0x40) - Uint32FromInt32(0xc0))
-		}
-		return Uint32(Uint32(0) - Uint32FromInt32(0x80))
-	}()<<23)>>6 | uint32_t(func() uint32 {
-		if Int32(0x80) == Int32(0x80) {
-			return Uint32(Uint32(0x40) - Uint32FromInt32(0xc0))
-		}
-		return Uint32(Uint32(0) - Uint32FromInt32(0x80))
-	}()<<23)>>12 | uint32_t(0x4),
-} /* internal.c:18:16 */
-
-type wint_t = uint32 /* alltypes.h:198:18 */
-
-type wctype_t = uint64 /* alltypes.h:203:23 */
-
-type __mbstate_t = struct {
-	__opaque1 uint32
-	__opaque2 uint32
-} /* alltypes.h:337:9 */
-
-type mbstate_t = __mbstate_t /* alltypes.h:337:63 */
-
-func Xmbrtowc(tls *TLS, wc uintptr, src uintptr, n size_t, st uintptr) size_t { /* mbrtowc.c:6:8: */
-	if __ccgo_strace {
-		trc("tls=%v wc=%v src=%v n=%v st=%v, (%v:)", tls, wc, src, n, st, origin(2))
-	}
-	bp := tls.Alloc(4)
-	defer tls.Free(4)
-
-	var c uint32
-	var s uintptr
-	var N uint32
-	// var dummy wchar_t at bp, 4
-	s = src
-	N = uint32(n)
-
-	if !!(st != 0) {
-		goto __1
-	}
-	st = uintptr(unsafe.Pointer(&_sinternal_state))
-__1:
-	;
-	c = *(*uint32)(unsafe.Pointer(st))
-
-	if !!(s != 0) {
-		goto __2
-	}
-	if !(c != 0) {
-		goto __4
-	}
-	goto ilseq
-__4:
-	;
-	return uint64(0)
-	goto __3
-__2:
-	if !!(wc != 0) {
-		goto __5
-	}
-	wc = bp /* &dummy */
-__5:
-	;
-__3:
-	;
-
-	if !!(n != 0) {
-		goto __6
-	}
-	return Uint64FromInt32(-2)
-__6:
-	;
-	if !!(c != 0) {
-		goto __7
-	}
-	if !(int32(*(*uint8)(unsafe.Pointer(s))) < 0x80) {
-		goto __8
-	}
-	return BoolUint64(!!(AssignPtrInt32(wc, wchar_t(*(*uint8)(unsafe.Pointer(s)))) != 0))
-__8:
-	;
-	if !(func() int32 {
-		if !!(int32(*(*uintptr)(unsafe.Pointer((*__pthread)(unsafe.Pointer(__pthread_self(tls))).locale))) != 0) {
-			return 4
-		}
-		return 1
-	}() == 1) {
-		goto __9
-	}
-	*(*wchar_t)(unsafe.Pointer(wc)) = 0xdfff & int32(int8(*(*uint8)(unsafe.Pointer(s))))
-	return 1
-__9:
-	;
-	if !(uint32(*(*uint8)(unsafe.Pointer(s)))-0xc2 > 0xf4-0xc2) {
-		goto __10
-	}
-	goto ilseq
-__10:
-	;
-	c = X__fsmu8[uint32(*(*uint8)(unsafe.Pointer(PostIncUintptr(&s, 1))))-0xc2]
-	n--
-__7:
-	;
-
-	if !(n != 0) {
-		goto __11
-	}
-	if !((int32(*(*uint8)(unsafe.Pointer(s)))>>3-0x10|(int32(*(*uint8)(unsafe.Pointer(s)))>>3+int32_t(c)>>26))&CplInt32(7) != 0) {
-		goto __12
-	}
-	goto ilseq
-__12:
-	;
-loop:
-	c = c<<6 | uint32(int32(*(*uint8)(unsafe.Pointer(PostIncUintptr(&s, 1))))-0x80)
-	n--
-	if !!(c&(uint32(1)<<31) != 0) {
-		goto __13
-	}
-	*(*uint32)(unsafe.Pointer(st)) = uint32(0)
-	*(*wchar_t)(unsafe.Pointer(wc)) = wchar_t(c)
-	return size_t(N) - n
-__13:
-	;
-	if !(n != 0) {
-		goto __14
-	}
-	if !(uint32(*(*uint8)(unsafe.Pointer(s)))-0x80 >= uint32(0x40)) {
-		goto __15
-	}
-	goto ilseq
-__15:
-	;
-	goto loop
-__14:
-	;
-__11:
-	;
-
-	*(*uint32)(unsafe.Pointer(st)) = c
-	return Uint64FromInt32(-2)
-ilseq:
-	*(*uint32)(unsafe.Pointer(st)) = uint32(0)
-	*(*int32)(unsafe.Pointer(X___errno_location(tls))) = 84
-	return Uint64FromInt32(-1)
-}
-
-var _sinternal_state uint32 /* mbrtowc.c:8:18: */
-
-func Xmbsinit(tls *TLS, st uintptr) int32 { /* mbsinit.c:3:5: */
-	if __ccgo_strace {
-		trc("tls=%v st=%v, (%v:)", tls, st, origin(2))
-	}
-	return Bool32(!(st != 0) || !(int32(*(*uint32)(unsafe.Pointer(st))) != 0))
-}
-
-type imaxdiv_t = struct {
-	quot intmax_t
-	rem  intmax_t
-} /* inttypes.h:14:40 */
-
-type socklen_t = uint32 /* alltypes.h:361:18 */
-
-type sa_family_t = uint16 /* alltypes.h:366:24 */
-
-type msghdr = struct {
-	msg_name       uintptr
-	msg_namelen    socklen_t
-	_              [4]byte
-	msg_iov        uintptr
-	msg_iovlen     int32
-	__pad1         int32
-	msg_control    uintptr
-	msg_controllen socklen_t
-	__pad2         int32
-	msg_flags      int32
-	_              [4]byte
-} /* socket.h:22:1 */
-
-type cmsghdr = struct {
-	cmsg_len   socklen_t
-	__pad1     int32
-	cmsg_level int32
-	cmsg_type  int32
-} /* socket.h:44:1 */
-
-type linger = struct {
-	l_onoff  int32
-	l_linger int32
-} /* socket.h:74:1 */
-
-type sockaddr = struct {
-	sa_family sa_family_t
-	sa_data   [14]int8
-} /* socket.h:367:1 */
-
-type sockaddr_storage = struct {
-	ss_family    sa_family_t
-	__ss_padding [118]int8
-	__ss_align   uint64
-} /* socket.h:372:1 */
-
-type in_port_t = uint16_t                 /* in.h:12:18 */
-type in_addr_t = uint32_t                 /* in.h:13:18 */
-type in_addr = struct{ s_addr in_addr_t } /* in.h:14:1 */
-
-type sockaddr_in = struct {
-	sin_family sa_family_t
-	sin_port   in_port_t
-	sin_addr   struct{ s_addr in_addr_t }
-	sin_zero   [8]uint8_t
-} /* in.h:16:1 */
-
-type in6_addr = struct {
-	__in6_union struct {
-		_         [0]uint32
-		__s6_addr [16]uint8_t
-	}
-} /* in.h:23:1 */
-
-type sockaddr_in6 = struct {
-	sin6_family   sa_family_t
-	sin6_port     in_port_t
-	sin6_flowinfo uint32_t
-	sin6_addr     struct {
-		__in6_union struct {
-			_         [0]uint32
-			__s6_addr [16]uint8_t
-		}
-	}
-	sin6_scope_id uint32_t
-} /* in.h:34:1 */
-
-type ipv6_mreq = struct {
-	ipv6mr_multiaddr struct {
-		__in6_union struct {
-			_         [0]uint32
-			__s6_addr [16]uint8_t
-		}
-	}
-	ipv6mr_interface uint32
-} /* in.h:42:1 */
-
-type ip_opts = struct {
-	ip_dst  struct{ s_addr in_addr_t }
-	ip_opts [40]int8
-} /* in.h:229:1 */
-
-type ip_mreq = struct {
-	imr_multiaddr struct{ s_addr in_addr_t }
-	imr_interface struct{ s_addr in_addr_t }
-} /* in.h:247:1 */
-
-type ip_mreqn = struct {
-	imr_multiaddr struct{ s_addr in_addr_t }
-	imr_address   struct{ s_addr in_addr_t }
-	imr_ifindex   int32
-} /* in.h:252:1 */
-
-type ip_mreq_source = struct {
-	imr_multiaddr  struct{ s_addr in_addr_t }
-	imr_interface  struct{ s_addr in_addr_t }
-	imr_sourceaddr struct{ s_addr in_addr_t }
-} /* in.h:258:1 */
-
-type ip_msfilter = struct {
-	imsf_multiaddr struct{ s_addr in_addr_t }
-	imsf_interface struct{ s_addr in_addr_t }
-	imsf_fmode     uint32_t
-	imsf_numsrc    uint32_t
-	imsf_slist     [1]struct{ s_addr in_addr_t }
-} /* in.h:264:1 */
-
-type group_req = struct {
-	gr_interface uint32_t
-	_            [4]byte
-	gr_group     struct {
-		ss_family    sa_family_t
-		__ss_padding [118]int8
-		__ss_align   uint64
-	}
-} /* in.h:275:1 */
-
-type group_source_req = struct {
-	gsr_interface uint32_t
-	_             [4]byte
-	gsr_group     struct {
-		ss_family    sa_family_t
-		__ss_padding [118]int8
-		__ss_align   uint64
-	}
-	gsr_source struct {
-		ss_family    sa_family_t
-		__ss_padding [118]int8
-		__ss_align   uint64
-	}
-} /* in.h:280:1 */
-
-type group_filter = struct {
-	gf_interface uint32_t
-	_            [4]byte
-	gf_group     struct {
-		ss_family    sa_family_t
-		__ss_padding [118]int8
-		__ss_align   uint64
-	}
-	gf_fmode  uint32_t
-	gf_numsrc uint32_t
-	gf_slist  [1]struct {
-		ss_family    sa_family_t
-		__ss_padding [118]int8
-		__ss_align   uint64
-	}
-} /* in.h:286:1 */
-
-type in_pktinfo = struct {
-	ipi_ifindex  int32
-	ipi_spec_dst struct{ s_addr in_addr_t }
-	ipi_addr     struct{ s_addr in_addr_t }
-} /* in.h:297:1 */
-
-type in6_pktinfo = struct {
-	ipi6_addr struct {
-		__in6_union struct {
-			_         [0]uint32
-			__s6_addr [16]uint8_t
-		}
-	}
-	ipi6_ifindex uint32
-} /* in.h:303:1 */
-
-type ip6_mtuinfo = struct {
-	ip6m_addr struct {
-		sin6_family   sa_family_t
-		sin6_port     in_port_t
-		sin6_flowinfo uint32_t
-		sin6_addr     struct {
-			__in6_union struct {
-				_         [0]uint32
-				__s6_addr [16]uint8_t
-			}
-		}
-		sin6_scope_id uint32_t
-	}
-	ip6m_mtu uint32_t
-} /* in.h:308:1 */
-
-type addrinfo = struct {
-	ai_flags     int32
-	ai_family    int32
-	ai_socktype  int32
-	ai_protocol  int32
-	ai_addrlen   socklen_t
-	_            [4]byte
-	ai_addr      uintptr
-	ai_canonname uintptr
-	ai_next      uintptr
-} /* netdb.h:16:1 */
-
-// Legacy functions follow (marked OBsolete in SUS)
-
-type netent = struct {
-	n_name     uintptr
-	n_aliases  uintptr
-	n_addrtype int32
-	n_net      uint32_t
-} /* netdb.h:62:1 */
-
-type hostent = struct {
-	h_name      uintptr
-	h_aliases   uintptr
-	h_addrtype  int32
-	h_length    int32
-	h_addr_list uintptr
-} /* netdb.h:69:1 */
-
-type servent = struct {
-	s_name    uintptr
-	s_aliases uintptr
-	s_port    int32
-	_         [4]byte
-	s_proto   uintptr
-} /* netdb.h:78:1 */
-
-type protoent = struct {
-	p_name    uintptr
-	p_aliases uintptr
-	p_proto   int32
-	_         [4]byte
-} /* netdb.h:85:1 */
-
-type aibuf = struct {
-	ai struct {
-		ai_flags     int32
-		ai_family    int32
-		ai_socktype  int32
-		ai_protocol  int32
-		ai_addrlen   socklen_t
-		_            [4]byte
-		ai_addr      uintptr
-		ai_canonname uintptr
-		ai_next      uintptr
-	}
-	sa struct {
-		sin struct {
-			sin_family sa_family_t
-			sin_port   in_port_t
-			sin_addr   struct{ s_addr in_addr_t }
-			sin_zero   [8]uint8_t
-		}
-		_ [12]byte
-	}
-	lock [1]int32
-	slot int16
-	ref  int16
-	_    [4]byte
-} /* lookup.h:10:1 */
-
-type sa = struct {
-	sin struct {
-		sin_family sa_family_t
-		sin_port   in_port_t
-		sin_addr   struct{ s_addr in_addr_t }
-		sin_zero   [8]uint8_t
-	}
-	_ [12]byte
-} /* lookup.h:10:1 */
-
-type address = struct {
-	family  int32
-	scopeid uint32
-	addr    [16]uint8_t
-	sortkey int32
-} /* lookup.h:20:1 */
-
-type service = struct {
-	port     uint16_t
-	proto    uint8
-	socktype uint8
-} /* lookup.h:27:1 */
-
-type resolvconf = struct {
-	ns [3]struct {
-		family  int32
-		scopeid uint32
-		addr    [16]uint8_t
-		sortkey int32
-	}
-	nns      uint32
-	attempts uint32
-	ndots    uint32
-	timeout  uint32
-} /* lookup.h:34:1 */
-
-func Xfreeaddrinfo(tls *TLS, p uintptr) { /* freeaddrinfo.c:7:6: */
-	if __ccgo_strace {
-		trc("tls=%v p=%v, (%v:)", tls, p, origin(2))
-	}
-	var cnt size_t
-	cnt = uint64(1)
-__1:
-	if !((*addrinfo)(unsafe.Pointer(p)).ai_next != 0) {
-		goto __3
-	}
-	goto __2
-__2:
-	cnt++
-	p = (*addrinfo)(unsafe.Pointer(p)).ai_next
-	goto __1
-	goto __3
-__3:
-	;
-	var b uintptr = p - uintptr(uint64(uintptr(0)))
-	b -= 88 * uintptr((*aibuf)(unsafe.Pointer(b)).slot)
-	//TODO LOCK(b->lock);
-	if !(int32(AssignSubPtrInt16(b+82, int16(cnt))) != 0) {
-		Xfree(tls, b)
-	}
-	//TODO else UNLOCK(b->lock);
-}
-
-func Xgetaddrinfo(tls *TLS, host uintptr, serv uintptr, hint uintptr, res uintptr) int32 { /* getaddrinfo.c:12:5: */
-	if __ccgo_strace {
-		trc("tls=%v host=%v serv=%v hint=%v res=%v, (%v:)", tls, host, serv, hint, res, origin(2))
-	}
-	bp := tls.Alloc(1608)
-	defer tls.Free(1608)
-
-	// var ports [2]service at bp, 8
-
-	// var addrs [48]address at bp+8, 1344
-
-	// var canon [256]int8 at bp+1352, 256
-
-	var outcanon uintptr
-	var nservs int32
-	var naddrs int32
-	var nais int32
-	var canon_len int32
-	var i int32
-	var j int32
-	var k int32
-	var family int32 = 0
-	var flags int32 = 0
-	var proto int32 = 0
-	var socktype int32 = 0
-	var out uintptr
-
-	if !(host != 0) && !(serv != 0) {
-		return -2
-	}
-
-	if hint != 0 {
-		family = (*addrinfo)(unsafe.Pointer(hint)).ai_family
-		flags = (*addrinfo)(unsafe.Pointer(hint)).ai_flags
-		proto = (*addrinfo)(unsafe.Pointer(hint)).ai_protocol
-		socktype = (*addrinfo)(unsafe.Pointer(hint)).ai_socktype
-
-		var mask int32 = 0x01 | 0x02 | 0x04 | 0x08 | 0x10 | 0x20 | 0x400
-		if flags&mask != flags {
-			return -1
-		}
-
-		switch family {
-		case 2:
-			fallthrough
-		case 10:
-			fallthrough
-		case 0:
-			break
-			fallthrough
-		default:
-			return -6
-		}
-	}
-
-	if flags&0x20 != 0 {
-		Xabort(tls) //TODO-
-		// 	/* Define the "an address is configured" condition for address
-		// 	 * families via ability to create a socket for the family plus
-		// 	 * routability of the loopback address for the family. */
-		// 	static const struct sockaddr_in lo4 = {
-		// 		.sin_family = AF_INET, .sin_port = 65535,
-		// 		.sin_addr.s_addr = __BYTE_ORDER == __BIG_ENDIAN
-		// 			? 0x7f000001 : 0x0100007f
-		// 	};
-		// 	static const struct sockaddr_in6 lo6 = {
-		// 		.sin6_family = AF_INET6, .sin6_port = 65535,
-		// 		.sin6_addr = IN6ADDR_LOOPBACK_INIT
-		// 	};
-		// 	int tf[2] = { AF_INET, AF_INET6 };
-		// 	const void *ta[2] = { &lo4, &lo6 };
-		// 	socklen_t tl[2] = { sizeof lo4, sizeof lo6 };
-		// 	for (i=0; i<2; i++) {
-		// 		if (family==tf[1-i]) continue;
-		// 		int s = socket(tf[i], SOCK_CLOEXEC|SOCK_DGRAM,
-		// 			IPPROTO_UDP);
-		// 		if (s>=0) {
-		// 			int cs;
-		// 			pthread_setcancelstate(
-		// 				PTHREAD_CANCEL_DISABLE, &cs);
-		// 			int r = connect(s, ta[i], tl[i]);
-		// 			pthread_setcancelstate(cs, 0);
-		// 			close(s);
-		// 			if (!r) continue;
-		// 		}
-		// 		switch (errno) {
-		// 		case EADDRNOTAVAIL:
-		// 		case EAFNOSUPPORT:
-		// 		case EHOSTUNREACH:
-		// 		case ENETDOWN:
-		// 		case ENETUNREACH:
-		// 			break;
-		// 		default:
-		// 			return EAI_SYSTEM;
-		// 		}
-		// 		if (family == tf[i]) return EAI_NONAME;
-		// 		family = tf[1-i];
-		// 	}
-	}
-
-	nservs = X__lookup_serv(tls, bp, serv, proto, socktype, flags)
-	if nservs < 0 {
-		return nservs
-	}
-
-	naddrs = X__lookup_name(tls, bp+8, bp+1352, host, family, flags)
-	if naddrs < 0 {
-		return naddrs
-	}
-
-	nais = nservs * naddrs
-	canon_len = int32(Xstrlen(tls, bp+1352))
-	out = Xcalloc(tls, uint64(1), uint64(nais)*uint64(unsafe.Sizeof(aibuf{}))+uint64(canon_len)+uint64(1))
-	if !(out != 0) {
-		return -10
-	}
-
-	if canon_len != 0 {
-		outcanon = out + uintptr(nais)*88
-		Xmemcpy(tls, outcanon, bp+1352, uint64(canon_len+1))
-	} else {
-		outcanon = uintptr(0)
-	}
-
-	for k = AssignInt32(&i, 0); i < naddrs; i++ {
-		j = 0
-	__1:
-		if !(j < nservs) {
-			goto __3
-		}
-		{
-			(*aibuf)(unsafe.Pointer(out + uintptr(k)*88)).slot = int16(k)
-			//TODO out[k].ai = (struct addrinfo){
-			//TODO 	.ai_family = addrs[i].family,
-			//TODO 	.ai_socktype = ports[j].socktype,
-			//TODO 	.ai_protocol = ports[j].proto,
-			//TODO 	.ai_addrlen = addrs[i].family == AF_INET
-			//TODO 		? sizeof(struct sockaddr_in)
-			//TODO 		: sizeof(struct sockaddr_in6),
-			//TODO 	.ai_addr = (void *)&out[k].sa,
-			//TODO 	.ai_canonname = outcanon };
-			(*aibuf)(unsafe.Pointer(out + uintptr(k)*88)).ai.ai_family = (*address)(unsafe.Pointer(bp + 8 + uintptr(i)*28)).family
-			(*aibuf)(unsafe.Pointer(out + uintptr(k)*88)).ai.ai_socktype = int32((*service)(unsafe.Pointer(bp + uintptr(j)*4)).socktype)
-			(*aibuf)(unsafe.Pointer(out + uintptr(k)*88)).ai.ai_protocol = int32((*service)(unsafe.Pointer(bp + uintptr(j)*4)).proto)
-			(*aibuf)(unsafe.Pointer(out + uintptr(k)*88)).ai.ai_addrlen = func() uint32 {
-				if (*address)(unsafe.Pointer(bp+8+uintptr(i)*28)).family == 2 {
-					return uint32(unsafe.Sizeof(sockaddr_in{}))
-				}
-				return uint32(unsafe.Sizeof(sockaddr_in6{}))
-			}()
-			(*aibuf)(unsafe.Pointer(out + uintptr(k)*88)).ai.ai_addr = out + uintptr(k)*88 + 48
-			(*aibuf)(unsafe.Pointer(out + uintptr(k)*88)).ai.ai_canonname = outcanon
-			if k != 0 {
-				(*aibuf)(unsafe.Pointer(out + uintptr(k-1)*88)).ai.ai_next = out + uintptr(k)*88
-			}
-			switch (*address)(unsafe.Pointer(bp + 8 + uintptr(i)*28)).family {
-			case 2:
-				(*sockaddr_in)(unsafe.Pointer(out + uintptr(k)*88 + 48)).sin_family = sa_family_t(2)
-				(*sockaddr_in)(unsafe.Pointer(out + uintptr(k)*88 + 48)).sin_port = Xhtons(tls, (*service)(unsafe.Pointer(bp+uintptr(j)*4)).port)
-				Xmemcpy(tls, out+uintptr(k)*88+48+4, bp+8+uintptr(i)*28+8, uint64(4))
-				break
-			case 10:
-				(*sockaddr_in6)(unsafe.Pointer(out + uintptr(k)*88 + 48)).sin6_family = sa_family_t(10)
-				(*sockaddr_in6)(unsafe.Pointer(out + uintptr(k)*88 + 48)).sin6_port = Xhtons(tls, (*service)(unsafe.Pointer(bp+uintptr(j)*4)).port)
-				(*sockaddr_in6)(unsafe.Pointer(out + uintptr(k)*88 + 48)).sin6_scope_id = (*address)(unsafe.Pointer(bp + 8 + uintptr(i)*28)).scopeid
-				Xmemcpy(tls, out+uintptr(k)*88+48+8, bp+8+uintptr(i)*28+8, uint64(16))
-				break
-			}
-
-		}
-		goto __2
-	__2:
-		j++
-		k++
-		goto __1
-		goto __3
-	__3:
-	}
-	(*aibuf)(unsafe.Pointer(out)).ref = int16(nais)
-	*(*uintptr)(unsafe.Pointer(res)) = out
-	return 0
-}
-
-type ucred = struct {
-	pid pid_t
-	uid uid_t
-	gid gid_t
-} /* socket.h:57:1 */
-
-type mmsghdr = struct {
-	msg_hdr struct {
-		msg_name       uintptr
-		msg_namelen    socklen_t
-		_              [4]byte
-		msg_iov        uintptr
-		msg_iovlen     int32
-		__pad1         int32
-		msg_control    uintptr
-		msg_controllen socklen_t
-		__pad2         int32
-		msg_flags      int32
-		_              [4]byte
-	}
-	msg_len uint32
-	_       [4]byte
-} /* socket.h:63:1 */
-
-func Xgethostbyaddr(tls *TLS, a uintptr, l socklen_t, af int32) uintptr { /* gethostbyaddr.c:7:16: */
-	if __ccgo_strace {
-		trc("tls=%v a=%v l=%v af=%v, (%v:)", tls, a, l, af, origin(2))
-	}
-	bp := tls.Alloc(8)
-	defer tls.Free(8)
-
-	var size size_t = uint64(63)
-	// var res uintptr at bp, 8
-
-	var err int32
-	for __ccgo := true; __ccgo; __ccgo = err == 34 {
-		Xfree(tls, _sh)
-		_sh = Xmalloc(tls, AssignAddUint64(&size, size+uint64(1)))
-		if !(_sh != 0) {
-			*(*int32)(unsafe.Pointer(X__h_errno_location(tls))) = 3
-			return uintptr(0)
-		}
-		err = Xgethostbyaddr_r(tls, a, l, af, _sh,
-			_sh+uintptr(1)*32, size-size_t(unsafe.Sizeof(hostent{})), bp, X__h_errno_location(tls))
-	}
-	if err != 0 {
-		return uintptr(0)
-	}
-	return _sh
-}
-
-var _sh uintptr /* gethostbyaddr.c:9:24: */
-
-func Xgethostbyaddr_r(tls *TLS, a uintptr, l socklen_t, af int32, h uintptr, buf uintptr, buflen size_t, res uintptr, err uintptr) int32 { /* gethostbyaddr_r.c:10:5: */
-	if __ccgo_strace {
-		trc("tls=%v a=%v l=%v af=%v h=%v buf=%v buflen=%v res=%v err=%v, (%v:)", tls, a, l, af, h, buf, buflen, res, err, origin(2))
-	}
-	bp := tls.Alloc(28)
-	defer tls.Free(28)
-
-	//TODO union {
-	//TODO 	struct sockaddr_in sin;
-	//TODO 	struct sockaddr_in6 sin6;
-	//TODO } sa = { .sin.sin_family = af };
-	*(*struct {
-		sin sockaddr_in
-		_   [12]byte
-	})(unsafe.Pointer(bp)) = struct {
-		sin sockaddr_in
-		_   [12]byte
-	}{} //TODO-
-	(*sockaddr_in)(unsafe.Pointer(bp)).sin_family = sa_family_t(af) //TODO-
-	var sl socklen_t
-	if af == 10 {
-		sl = uint32(unsafe.Sizeof(sockaddr_in6{}))
-	} else {
-		sl = uint32(unsafe.Sizeof(sockaddr_in{}))
-	}
-	var i int32
-
-	*(*uintptr)(unsafe.Pointer(res)) = uintptr(0)
-
-	// Load address argument into sockaddr structure
-	if af == 10 && l == socklen_t(16) {
-		Xmemcpy(tls, bp+8, a, uint64(16))
-	} else if af == 2 && l == socklen_t(4) {
-		Xmemcpy(tls, bp+4, a, uint64(4))
-	} else {
-		*(*int32)(unsafe.Pointer(err)) = 3
-		return 22
-	}
-
-	// Align buffer and check for space for pointers and ip address
-	i = int32(uintptr_t(buf) & (uint64(unsafe.Sizeof(uintptr(0))) - uint64(1)))
-	if !(i != 0) {
-		i = int32(unsafe.Sizeof(uintptr(0)))
-	}
-	if buflen <= uint64(5)*uint64(unsafe.Sizeof(uintptr(0)))-uint64(i)+uint64(l) {
-		return 34
-	}
-	buf += uintptr(uint64(unsafe.Sizeof(uintptr(0))) - uint64(i))
-	buflen = buflen - (uint64(5)*uint64(unsafe.Sizeof(uintptr(0))) - uint64(i) + uint64(l))
-
-	(*hostent)(unsafe.Pointer(h)).h_addr_list = buf
-	buf += uintptr(uint64(2) * uint64(unsafe.Sizeof(uintptr(0))))
-	(*hostent)(unsafe.Pointer(h)).h_aliases = buf
-	buf += uintptr(uint64(2) * uint64(unsafe.Sizeof(uintptr(0))))
-
-	*(*uintptr)(unsafe.Pointer((*hostent)(unsafe.Pointer(h)).h_addr_list)) = buf
-	Xmemcpy(tls, *(*uintptr)(unsafe.Pointer((*hostent)(unsafe.Pointer(h)).h_addr_list)), a, uint64(l))
-	buf += uintptr(l)
-	*(*uintptr)(unsafe.Pointer((*hostent)(unsafe.Pointer(h)).h_addr_list + 1*8)) = uintptr(0)
-	*(*uintptr)(unsafe.Pointer((*hostent)(unsafe.Pointer(h)).h_aliases)) = buf
-	*(*uintptr)(unsafe.Pointer((*hostent)(unsafe.Pointer(h)).h_aliases + 1*8)) = uintptr(0)
-
-	switch Xgetnameinfo(tls, bp, sl, buf, uint32(buflen), uintptr(0), uint32(0), 0) {
-	case -3:
-		*(*int32)(unsafe.Pointer(err)) = 2
-		return 11
-	case -12:
-		return 34
-	default:
-		fallthrough
-	case -10:
-		fallthrough
-	case -11:
-		fallthrough
-	case -4:
-		*(*int32)(unsafe.Pointer(err)) = 3
-		return *(*int32)(unsafe.Pointer(X___errno_location(tls)))
-	case 0:
-		break
-	}
-
-	(*hostent)(unsafe.Pointer(h)).h_addrtype = af
-	(*hostent)(unsafe.Pointer(h)).h_length = int32(l)
-	(*hostent)(unsafe.Pointer(h)).h_name = *(*uintptr)(unsafe.Pointer((*hostent)(unsafe.Pointer(h)).h_aliases))
-	*(*uintptr)(unsafe.Pointer(res)) = h
-	return 0
-}
-
-func Xgethostbyname(tls *TLS, name uintptr) uintptr { /* gethostbyname.c:8:16: */
-	if __ccgo_strace {
-		trc("tls=%v name=%v, (%v:)", tls, name, origin(2))
-	}
-	return Xgethostbyname2(tls, name, 2)
-}
-
-func Xgethostbyname2(tls *TLS, name uintptr, af int32) uintptr { /* gethostbyname2.c:8:16: */
-	if __ccgo_strace {
-		trc("tls=%v name=%v af=%v, (%v:)", tls, name, af, origin(2))
-	}
-	bp := tls.Alloc(8)
-	defer tls.Free(8)
-
-	var size size_t = uint64(63)
-	// var res uintptr at bp, 8
-
-	var err int32
-	for __ccgo := true; __ccgo; __ccgo = err == 34 {
-		Xfree(tls, _sh1)
-		_sh1 = Xmalloc(tls, AssignAddUint64(&size, size+uint64(1)))
-		if !(_sh1 != 0) {
-			*(*int32)(unsafe.Pointer(X__h_errno_location(tls))) = 3
-			return uintptr(0)
-		}
-		err = Xgethostbyname2_r(tls, name, af, _sh1,
-			_sh1+uintptr(1)*32, size-size_t(unsafe.Sizeof(hostent{})), bp, X__h_errno_location(tls))
-	}
-	if err != 0 {
-		return uintptr(0)
-	}
-	return _sh1
-}
-
-var _sh1 uintptr /* gethostbyname2.c:10:24: */
-
-func Xgethostbyname2_r(tls *TLS, name uintptr, af int32, h uintptr, buf uintptr, buflen size_t, res uintptr, err uintptr) int32 { /* gethostbyname2_r.c:11:5: */
-	if __ccgo_strace {
-		trc("tls=%v name=%v af=%v h=%v buf=%v buflen=%v res=%v err=%v, (%v:)", tls, name, af, h, buf, buflen, res, err, origin(2))
-	}
-	bp := tls.Alloc(1600)
-	defer tls.Free(1600)
-
-	// var addrs [48]address at bp, 1344
-
-	// var canon [256]int8 at bp+1344, 256
-
-	var i int32
-	var cnt int32
-	var align size_t
-	var need size_t
-
-	*(*uintptr)(unsafe.Pointer(res)) = uintptr(0)
-	cnt = X__lookup_name(tls, bp, bp+1344, name, af, 0x02)
-	if cnt < 0 {
-		switch cnt {
-		case -2:
-			*(*int32)(unsafe.Pointer(err)) = 1
-			return 2
-			fallthrough
-		case -3:
-			*(*int32)(unsafe.Pointer(err)) = 2
-			return 11
-			fallthrough
-		default:
-			fallthrough
-		case -4:
-			*(*int32)(unsafe.Pointer(err)) = 3
-			return 74
-			fallthrough
-		case -10:
-			fallthrough
-		case -11:
-			*(*int32)(unsafe.Pointer(err)) = 3
-			return *(*int32)(unsafe.Pointer(X___errno_location(tls)))
-		}
-	}
-
-	(*hostent)(unsafe.Pointer(h)).h_addrtype = af
-	(*hostent)(unsafe.Pointer(h)).h_length = func() int32 {
-		if af == 10 {
-			return 16
-		}
-		return 4
-	}()
-
-	// Align buffer
-	align = -uintptr_t(buf) & (uint64(unsafe.Sizeof(uintptr(0))) - uint64(1))
-
-	need = uint64(4) * uint64(unsafe.Sizeof(uintptr(0)))
-	need = need + uint64(cnt+1)*(uint64(unsafe.Sizeof(uintptr(0)))+uint64((*hostent)(unsafe.Pointer(h)).h_length))
-	need = need + (Xstrlen(tls, name) + uint64(1))
-	need = need + (Xstrlen(tls, bp+1344) + uint64(1))
-	need = need + align
-
-	if need > buflen {
-		return 34
-	}
-
-	buf += uintptr(align)
-	(*hostent)(unsafe.Pointer(h)).h_aliases = buf
-	buf += uintptr(uint64(3) * uint64(unsafe.Sizeof(uintptr(0))))
-	(*hostent)(unsafe.Pointer(h)).h_addr_list = buf
-	buf += uintptr(uint64(cnt+1) * uint64(unsafe.Sizeof(uintptr(0))))
-
-	for i = 0; i < cnt; i++ {
-		*(*uintptr)(unsafe.Pointer((*hostent)(unsafe.Pointer(h)).h_addr_list + uintptr(i)*8)) = buf
-		buf += uintptr((*hostent)(unsafe.Pointer(h)).h_length)
-		Xmemcpy(tls, *(*uintptr)(unsafe.Pointer((*hostent)(unsafe.Pointer(h)).h_addr_list + uintptr(i)*8)), bp+uintptr(i)*28+8, uint64((*hostent)(unsafe.Pointer(h)).h_length))
-	}
-	*(*uintptr)(unsafe.Pointer((*hostent)(unsafe.Pointer(h)).h_addr_list + uintptr(i)*8)) = uintptr(0)
-
-	(*hostent)(unsafe.Pointer(h)).h_name = AssignPtrUintptr((*hostent)(unsafe.Pointer(h)).h_aliases, buf)
-	Xstrcpy(tls, (*hostent)(unsafe.Pointer(h)).h_name, bp+1344)
-	buf += uintptr(Xstrlen(tls, (*hostent)(unsafe.Pointer(h)).h_name) + uint64(1))
-
-	if Xstrcmp(tls, (*hostent)(unsafe.Pointer(h)).h_name, name) != 0 {
-		*(*uintptr)(unsafe.Pointer((*hostent)(unsafe.Pointer(h)).h_aliases + 1*8)) = buf
-		Xstrcpy(tls, *(*uintptr)(unsafe.Pointer((*hostent)(unsafe.Pointer(h)).h_aliases + 1*8)), name)
-		buf += uintptr(Xstrlen(tls, *(*uintptr)(unsafe.Pointer((*hostent)(unsafe.Pointer(h)).h_aliases + 1*8))) + uint64(1))
-	} else {
-		*(*uintptr)(unsafe.Pointer((*hostent)(unsafe.Pointer(h)).h_aliases + 1*8)) = uintptr(0)
-	}
-
-	*(*uintptr)(unsafe.Pointer((*hostent)(unsafe.Pointer(h)).h_aliases + 2*8)) = uintptr(0)
-
-	*(*uintptr)(unsafe.Pointer(res)) = h
-	return 0
-}
-
-func Xgethostbyname_r(tls *TLS, name uintptr, h uintptr, buf uintptr, buflen size_t, res uintptr, err uintptr) int32 { /* gethostbyname_r.c:6:5: */
-	if __ccgo_strace {
-		trc("tls=%v name=%v h=%v buf=%v buflen=%v res=%v err=%v, (%v:)", tls, name, h, buf, buflen, res, err, origin(2))
-	}
-	return Xgethostbyname2_r(tls, name, 2, h, buf, buflen, res, err)
-}
-
-type if_nameindex = struct {
-	if_index uint32
-	_        [4]byte
-	if_name  uintptr
-} /* if.h:12:1 */
-
-type ifaddr = struct {
-	ifa_addr struct {
-		sa_family sa_family_t
-		sa_data   [14]int8
-	}
-	ifa_ifu struct {
-		ifu_broadaddr struct {
-			sa_family sa_family_t
-			sa_data   [14]int8
-		}
-	}
-	ifa_ifp  uintptr
-	ifa_next uintptr
-} /* if.h:51:1 */
-
-type ifmap = struct {
-	mem_start uint64
-	mem_end   uint64
-	base_addr uint16
-	irq       uint8
-	dma       uint8
-	port      uint8
-	_         [3]byte
-} /* if.h:64:1 */
-
-type ifreq = struct {
-	ifr_ifrn struct{ ifrn_name [16]int8 }
-	ifr_ifru struct {
-		_         [0]uint64
-		ifru_addr struct {
-			sa_family sa_family_t
-			sa_data   [14]int8
-		}
-		_ [8]byte
-	}
-} /* if.h:76:1 */
-
-type ifconf = struct {
-	ifc_len  int32
-	_        [4]byte
-	ifc_ifcu struct{ ifcu_buf uintptr }
-} /* if.h:116:1 */
-
-type ns_sect = uint32 /* nameser.h:37:3 */
-
-type __ns_msg = struct {
-	_msg      uintptr
-	_eom      uintptr
-	_id       uint16_t
-	_flags    uint16_t
-	_counts   [4]uint16_t
-	_         [4]byte
-	_sections [4]uintptr
-	_sect     ns_sect
-	_rrnum    int32
-	_msg_ptr  uintptr
-} /* nameser.h:39:9 */
-
-type ns_msg = __ns_msg /* nameser.h:46:3 */
-
-type _ns_flagdata = struct {
-	mask  int32
-	shift int32
-} /* nameser.h:48:1 */
-
-type __ns_rr = struct {
-	name     [1025]int8
-	_        [1]byte
-	__type   uint16_t
-	rr_class uint16_t
-	_        [2]byte
-	ttl      uint32_t
-	rdlength uint16_t
-	_        [2]byte
-	rdata    uintptr
-} /* nameser.h:59:9 */
-
-type ns_rr = __ns_rr /* nameser.h:66:3 */
-
-type ns_flag = uint32 /* nameser.h:87:3 */
-
-type ns_opcode = uint32 /* nameser.h:96:3 */
-
-type ns_rcode = uint32 /* nameser.h:115:3 */
-
-type ns_update_operation = uint32 /* nameser.h:121:3 */
-
-type ns_tsig_key1 = struct {
-	name [1025]int8
-	alg  [1025]int8
-	_    [6]byte
-	data uintptr
-	len  int32
-	_    [4]byte
-} /* nameser.h:123:1 */
-
-type ns_tsig_key = ns_tsig_key1 /* nameser.h:128:28 */
-
-type ns_tcp_tsig_state1 = struct {
-	counter int32
-	_       [4]byte
-	key     uintptr
-	ctx     uintptr
-	sig     [512]uint8
-	siglen  int32
-	_       [4]byte
-} /* nameser.h:130:1 */
-
-type ns_tcp_tsig_state = ns_tcp_tsig_state1 /* nameser.h:137:34 */
-
-type ns_type = uint32 /* nameser.h:200:3 */
-
-type ns_class = uint32 /* nameser.h:219:3 */
-
-type ns_key_types = uint32 /* nameser.h:226:3 */
-
-type ns_cert_types = uint32 /* nameser.h:234:3 */
-
-type HEADER = struct {
-	_       [0]uint32
-	id      uint32 /* unsigned id: 16, unsigned rd: 1, unsigned tc: 1, unsigned aa: 1, unsigned opcode: 4, unsigned qr: 1, unsigned rcode: 4, unsigned cd: 1, unsigned ad: 1, unsigned unused: 1, unsigned ra: 1 */
-	qdcount uint32 /* unsigned qdcount: 16, unsigned ancount: 16 */
-	nscount uint32 /* unsigned nscount: 16, unsigned arcount: 16 */
-} /* nameser.h:353:3 */
-
-// unused; purely for broken apps
-type __res_state = struct {
-	retrans     int32
-	retry       int32
-	options     uint64
-	nscount     int32
-	nsaddr_list [3]struct {
-		sin_family sa_family_t
-		sin_port   in_port_t
-		sin_addr   struct{ s_addr in_addr_t }
-		sin_zero   [8]uint8_t
-	}
-	id        uint16
-	_         [2]byte
-	dnsrch    [7]uintptr
-	defdname  [256]int8
-	pfcode    uint64
-	ndots     uint32 /* unsigned ndots: 4, unsigned nsort: 4, unsigned ipv6_unavail: 1, unsigned unused: 23 */
-	_         [4]byte
-	sort_list [10]struct {
-		addr struct{ s_addr in_addr_t }
-		mask uint32_t
-	}
-	qhook       uintptr
-	rhook       uintptr
-	res_h_errno int32
-	_vcsock     int32
-	_flags      uint32
-	_           [4]byte
-	_u          struct {
-		_   [0]uint64
-		pad [52]int8
-		_   [4]byte
-	}
-} /* resolv.h:26:9 */
-
-// unused; purely for broken apps
-type res_state = uintptr /* resolv.h:62:3 */
-
-type res_sym = struct {
-	number    int32
-	_         [4]byte
-	name      uintptr
-	humanname uintptr
-} /* resolv.h:70:1 */
-
-func itoa(tls *TLS, p uintptr, x uint32) uintptr { /* getnameinfo.c:18:13: */
-	p += uintptr(uint64(3) * uint64(unsafe.Sizeof(int32(0))))
-	*(*int8)(unsafe.Pointer(PreDecUintptr(&p, 1))) = int8(0)
-	for __ccgo := true; __ccgo; __ccgo = x != 0 {
-		*(*int8)(unsafe.Pointer(PreDecUintptr(&p, 1))) = int8(uint32('0') + x%uint32(10))
-		x = x / uint32(10)
-	}
-	return p
-}
-
-func mkptr4(tls *TLS, s uintptr, ip uintptr) { /* getnameinfo.c:28:13: */
-	bp := tls.Alloc(32)
-	defer tls.Free(32)
-
-	Xsprintf(tls, s, ts+25,
-		VaList(bp, int32(*(*uint8)(unsafe.Pointer(ip + 3))), int32(*(*uint8)(unsafe.Pointer(ip + 2))), int32(*(*uint8)(unsafe.Pointer(ip + 1))), int32(*(*uint8)(unsafe.Pointer(ip)))))
-}
-
-func mkptr6(tls *TLS, s uintptr, ip uintptr) { /* getnameinfo.c:34:13: */
-	var i int32
-	for i = 15; i >= 0; i-- {
-		*(*int8)(unsafe.Pointer(PostIncUintptr(&s, 1))) = _sxdigits[int32(*(*uint8)(unsafe.Pointer(ip + uintptr(i))))&15]
-		*(*int8)(unsafe.Pointer(PostIncUintptr(&s, 1))) = int8('.')
-		*(*int8)(unsafe.Pointer(PostIncUintptr(&s, 1))) = _sxdigits[int32(*(*uint8)(unsafe.Pointer(ip + uintptr(i))))>>4]
-		*(*int8)(unsafe.Pointer(PostIncUintptr(&s, 1))) = int8('.')
-	}
-	Xstrcpy(tls, s, ts+50)
-}
-
-var _sxdigits = *(*[17]int8)(unsafe.Pointer(ts + 59)) /* getnameinfo.c:36:20 */
-
-func reverse_hosts(tls *TLS, buf uintptr, a uintptr, scopeid uint32, family int32) { /* getnameinfo.c:45:13: */
-	bp := tls.Alloc(556)
-	defer tls.Free(556)
-
-	// var line [512]int8 at bp+16, 512
-
-	var p uintptr
-	var z uintptr
-	var _buf [1032]uint8
-	_ = _buf
-	// var atmp [16]uint8 at bp, 16
-
-	// var iplit address at bp+528, 28
-
-	//TODO FILE _f, *f = __fopen_rb_ca("/etc/hosts", &_f, _buf, sizeof _buf);
-	var f uintptr = Xfopen(tls, ts+76, ts+87)
-	if !(f != 0) {
-		return
-	}
-	if family == 2 {
-		Xmemcpy(tls, bp+uintptr(12), a, uint64(4))
-		Xmemcpy(tls, bp, ts+90, uint64(12))
-		a = bp /* &atmp[0] */
-	}
-	for Xfgets(tls, bp+16, int32(unsafe.Sizeof([512]int8{})), f) != 0 {
-		if AssignUintptr(&p, Xstrchr(tls, bp+16, '#')) != 0 {
-			*(*int8)(unsafe.Pointer(PostIncUintptr(&p, 1))) = int8('\n')
-			*(*int8)(unsafe.Pointer(p)) = int8(0)
-		}
-
-		for p = bp + 16; /* &line[0] */ *(*int8)(unsafe.Pointer(p)) != 0 && !(__isspace(tls, int32(*(*int8)(unsafe.Pointer(p)))) != 0); p++ {
-		}
-		*(*int8)(unsafe.Pointer(PostIncUintptr(&p, 1))) = int8(0)
-		if X__lookup_ipliteral(tls, bp+528, bp+16, 0) <= 0 {
-			continue
-		}
-
-		if (*address)(unsafe.Pointer(bp+528)).family == 2 {
-			Xmemcpy(tls, bp+528+8+uintptr(12), bp+528+8, uint64(4))
-			Xmemcpy(tls, bp+528+8, ts+90, uint64(12))
-			(*address)(unsafe.Pointer(bp + 528 /* &iplit */)).scopeid = uint32(0)
-		}
-
-		if Xmemcmp(tls, a, bp+528+8, uint64(16)) != 0 || (*address)(unsafe.Pointer(bp+528)).scopeid != scopeid {
-			continue
-		}
-
-		for ; *(*int8)(unsafe.Pointer(p)) != 0 && __isspace(tls, int32(*(*int8)(unsafe.Pointer(p)))) != 0; p++ {
-		}
-		for z = p; *(*int8)(unsafe.Pointer(z)) != 0 && !(__isspace(tls, int32(*(*int8)(unsafe.Pointer(z)))) != 0); z++ {
-		}
-		*(*int8)(unsafe.Pointer(z)) = int8(0)
-		if (int64(z)-int64(p))/1 < int64(256) {
-			Xmemcpy(tls, buf, p, uint64((int64(z)-int64(p))/1+int64(1)))
-			break
-		}
-	}
-	//TODO __fclose_ca(f);
-	Xfclose(tls, f)
-}
-
-func reverse_services(tls *TLS, buf uintptr, port int32, dgram int32) { /* getnameinfo.c:87:13: */
-	Xabort(tls) //TODO-
-	// unsigned long svport;
-	// char line[128], *p, *z;
-	// unsigned char _buf[1032];
-	// FILE _f, *f = __fopen_rb_ca("/etc/services", &_f, _buf, sizeof _buf);
-	// if (!f) return;
-	// while (fgets(line, sizeof line, f)) {
-	// 	if ((p=strchr(line, '#'))) *p++='\n', *p=0;
-
-	// 	for (p=line; *p && !isspace(*p); p++);
-	// 	if (!*p) continue;
-	// 	*p++ = 0;
-	// 	svport = strtoul(p, &z, 10);
-
-	// 	if (svport != port || z==p) continue;
-	// 	if (dgram && strncmp(z, "/udp", 4)) continue;
-	// 	if (!dgram && strncmp(z, "/tcp", 4)) continue;
-	// 	if (p-line > 32) continue;
-
-	// 	memcpy(buf, line, p-line);
-	// 	break;
-	// }
-	// __fclose_ca(f);
-}
-
-func Xgetnameinfo(tls *TLS, sa1 uintptr, sl socklen_t, node uintptr, nodelen socklen_t, serv uintptr, servlen socklen_t, flags int32) int32 { /* getnameinfo.c:125:5: */
-	if __ccgo_strace {
-		trc("tls=%v sa1=%v sl=%v node=%v nodelen=%v serv=%v servlen=%v flags=%v, (%v:)", tls, sa1, sl, node, nodelen, serv, servlen, flags, origin(2))
-	}
-	bp := tls.Alloc(347)
-	defer tls.Free(347)
-
-	// var ptr [78]int8 at bp, 78
-
-	// var buf [256]int8 at bp+78, 256
-
-	// var num [13]int8 at bp+334, 13
-
-	var af int32 = int32((*sockaddr)(unsafe.Pointer(sa1)).sa_family)
-	var a uintptr
-	var scopeid uint32
-
-	switch af {
-	case 2:
-		a = sa1 + 4
-		if uint64(sl) < uint64(unsafe.Sizeof(sockaddr_in{})) {
-			return -6
-		}
-		mkptr4(tls, bp, a)
-		scopeid = uint32(0)
-		break
-	case 10:
-		a = sa1 + 8
-		if uint64(sl) < uint64(unsafe.Sizeof(sockaddr_in6{})) {
-			return -6
-		}
-		if Xmemcmp(tls, a, ts+90, uint64(12)) != 0 {
-			mkptr6(tls, bp, a)
-		} else {
-			mkptr4(tls, bp, a+uintptr(12))
-		}
-		scopeid = (*sockaddr_in6)(unsafe.Pointer(sa1)).sin6_scope_id
-		break
-	default:
-		return -6
-	}
-
-	if node != 0 && nodelen != 0 {
-		*(*int8)(unsafe.Pointer(bp + 78)) = int8(0)
-		if !(flags&0x01 != 0) {
-			reverse_hosts(tls, bp+78, a, scopeid, af)
-		}
-		if !(int32(*(*int8)(unsafe.Pointer(bp + 78))) != 0) && !(flags&0x01 != 0) {
-			Xabort(tls) //TODO-
-			// unsigned char query[18+PTR_MAX], reply[512];
-			// int qlen = __res_mkquery(0, ptr, 1, RR_PTR,
-			// 	0, 0, 0, query, sizeof query);
-			// query[3] = 0; /* don't need AD flag */
-			// int rlen = __res_send(query, qlen, reply, sizeof reply);
-			// buf[0] = 0;
-			// if (rlen > 0)
-			// 	__dns_parse(reply, rlen, dns_parse_callback, buf);
-		}
-		if !(int32(*(*int8)(unsafe.Pointer(bp + 78))) != 0) {
-			if flags&0x08 != 0 {
-				return -2
-			}
-			Xinet_ntop(tls, af, a, bp+78, uint32(unsafe.Sizeof([256]int8{})))
-			if scopeid != 0 {
-				Xabort(tls) //TODO-
-				// char *p = 0, tmp[IF_NAMESIZE+1];
-				// if (!(flags & NI_NUMERICSCOPE) &&
-				//     (IN6_IS_ADDR_LINKLOCAL(a) ||
-				//      IN6_IS_ADDR_MC_LINKLOCAL(a)))
-				// 	p = if_indextoname(scopeid, tmp+1);
-				// if (!p)
-				// 	p = itoa(num, scopeid);
-				// *--p = '%';
-				// strcat(buf, p);
-			}
-		}
-		if Xstrlen(tls, bp+78) >= size_t(nodelen) {
-			return -12
-		}
-		Xstrcpy(tls, node, bp+78)
-	}
-
-	if serv != 0 && servlen != 0 {
-		var p uintptr = bp + 78 /* buf */
-		var port int32 = int32(Xntohs(tls, (*sockaddr_in)(unsafe.Pointer(sa1)).sin_port))
-		*(*int8)(unsafe.Pointer(bp + 78)) = int8(0)
-		if !(flags&0x02 != 0) {
-			reverse_services(tls, bp+78, port, flags&0x10)
-		}
-		if !(int32(*(*int8)(unsafe.Pointer(p))) != 0) {
-			p = itoa(tls, bp+334, uint32(port))
-		}
-		if Xstrlen(tls, p) >= size_t(servlen) {
-			return -12
-		}
-		Xstrcpy(tls, serv, p)
-	}
-
-	return 0
-}
-
-var Xh_errno int32 /* h_errno.c:4:5: */
-
-func X__h_errno_location(tls *TLS) uintptr { /* h_errno.c:6:5: */
-	if __ccgo_strace {
-		trc("tls=%v, (%v:)", tls, origin(2))
-	}
-	return uintptr(unsafe.Pointer(&Xh_errno))
-}
-
-func X__inet_aton(tls *TLS, s0 uintptr, dest uintptr) int32 { /* inet_aton.c:7:5: */
-	if __ccgo_strace {
-		trc("tls=%v s0=%v dest=%v, (%v:)", tls, s0, dest, origin(2))
-	}
-	bp := tls.Alloc(40)
-	defer tls.Free(40)
-
-	var s uintptr = s0
-	var d uintptr = dest
-	*(*[4]uint64)(unsafe.Pointer(bp /* a */)) = [4]uint64{0: uint64(0)}
-	// var z uintptr at bp+32, 8
-
-	var i int32
-
-	for i = 0; i < 4; i++ {
-		*(*uint64)(unsafe.Pointer(bp + uintptr(i)*8)) = Xstrtoul(tls, s, bp+32, 0)
-		if *(*uintptr)(unsafe.Pointer(bp + 32)) == s || *(*int8)(unsafe.Pointer(*(*uintptr)(unsafe.Pointer(bp + 32)))) != 0 && int32(*(*int8)(unsafe.Pointer(*(*uintptr)(unsafe.Pointer(bp + 32))))) != '.' || !(func() int32 {
-			if 0 != 0 {
-				return Xisdigit(tls, int32(*(*int8)(unsafe.Pointer(s))))
-			}
-			return Bool32(uint32(*(*int8)(unsafe.Pointer(s)))-uint32('0') < uint32(10))
-		}() != 0) {
-			return 0
-		}
-		if !(int32(*(*int8)(unsafe.Pointer(*(*uintptr)(unsafe.Pointer(bp + 32))))) != 0) {
-			break
-		}
-		s = *(*uintptr)(unsafe.Pointer(bp + 32)) + uintptr(1)
-	}
-	if i == 4 {
-		return 0
-	}
-	switch i {
-	case 0:
-		*(*uint64)(unsafe.Pointer(bp + 1*8)) = *(*uint64)(unsafe.Pointer(bp)) & uint64(0xffffff)
-		AssignShrPtrUint64(bp, int(24))
-		fallthrough
-	case 1:
-		*(*uint64)(unsafe.Pointer(bp + 2*8)) = *(*uint64)(unsafe.Pointer(bp + 1*8)) & uint64(0xffff)
-		AssignShrPtrUint64(bp+1*8, int(16))
-		fallthrough
-	case 2:
-		*(*uint64)(unsafe.Pointer(bp + 3*8)) = *(*uint64)(unsafe.Pointer(bp + 2*8)) & uint64(0xff)
-		AssignShrPtrUint64(bp+2*8, int(8))
-	}
-	for i = 0; i < 4; i++ {
-		if *(*uint64)(unsafe.Pointer(bp + uintptr(i)*8)) > uint64(255) {
-			return 0
-		}
-		*(*uint8)(unsafe.Pointer(d + uintptr(i))) = uint8(*(*uint64)(unsafe.Pointer(bp + uintptr(i)*8)))
-	}
-	return 1
-}
-
-func Xinet_ntop(tls *TLS, af int32, a0 uintptr, s uintptr, l socklen_t) uintptr { /* inet_ntop.c:7:12: */
-	if __ccgo_strace {
-		trc("tls=%v af=%v a0=%v s=%v l=%v, (%v:)", tls, af, a0, s, l, origin(2))
-	}
-	bp := tls.Alloc(276)
-	defer tls.Free(276)
-
-	var a uintptr = a0
-	var i int32
-	var j int32
-	var max int32
-	var best int32
-	// var buf [100]int8 at bp+176, 100
-
-	switch af {
-	case 2:
-		if socklen_t(Xsnprintf(tls, s, uint64(l), ts+103, VaList(bp, int32(*(*uint8)(unsafe.Pointer(a))), int32(*(*uint8)(unsafe.Pointer(a + 1))), int32(*(*uint8)(unsafe.Pointer(a + 2))), int32(*(*uint8)(unsafe.Pointer(a + 3)))))) < l {
-			return s
-		}
-		break
-	case 10:
-		if Xmemcmp(tls, a, ts+90, uint64(12)) != 0 {
-			Xsnprintf(tls, bp+176, uint64(unsafe.Sizeof([100]int8{})),
-				ts+115,
-				VaList(bp+32, 256*int32(*(*uint8)(unsafe.Pointer(a)))+int32(*(*uint8)(unsafe.Pointer(a + 1))), 256*int32(*(*uint8)(unsafe.Pointer(a + 2)))+int32(*(*uint8)(unsafe.Pointer(a + 3))),
-					256*int32(*(*uint8)(unsafe.Pointer(a + 4)))+int32(*(*uint8)(unsafe.Pointer(a + 5))), 256*int32(*(*uint8)(unsafe.Pointer(a + 6)))+int32(*(*uint8)(unsafe.Pointer(a + 7))),
-					256*int32(*(*uint8)(unsafe.Pointer(a + 8)))+int32(*(*uint8)(unsafe.Pointer(a + 9))), 256*int32(*(*uint8)(unsafe.Pointer(a + 10)))+int32(*(*uint8)(unsafe.Pointer(a + 11))),
-					256*int32(*(*uint8)(unsafe.Pointer(a + 12)))+int32(*(*uint8)(unsafe.Pointer(a + 13))), 256*int32(*(*uint8)(unsafe.Pointer(a + 14)))+int32(*(*uint8)(unsafe.Pointer(a + 15)))))
-		} else {
-			Xsnprintf(tls, bp+176, uint64(unsafe.Sizeof([100]int8{})),
-				ts+139,
-				VaList(bp+96, 256*int32(*(*uint8)(unsafe.Pointer(a)))+int32(*(*uint8)(unsafe.Pointer(a + 1))), 256*int32(*(*uint8)(unsafe.Pointer(a + 2)))+int32(*(*uint8)(unsafe.Pointer(a + 3))),
-					256*int32(*(*uint8)(unsafe.Pointer(a + 4)))+int32(*(*uint8)(unsafe.Pointer(a + 5))), 256*int32(*(*uint8)(unsafe.Pointer(a + 6)))+int32(*(*uint8)(unsafe.Pointer(a + 7))),
-					256*int32(*(*uint8)(unsafe.Pointer(a + 8)))+int32(*(*uint8)(unsafe.Pointer(a + 9))), 256*int32(*(*uint8)(unsafe.Pointer(a + 10)))+int32(*(*uint8)(unsafe.Pointer(a + 11))),
-					int32(*(*uint8)(unsafe.Pointer(a + 12))), int32(*(*uint8)(unsafe.Pointer(a + 13))), int32(*(*uint8)(unsafe.Pointer(a + 14))), int32(*(*uint8)(unsafe.Pointer(a + 15)))))
-		}
-		// Replace longest /(^0|:)[:0]{2,}/ with "::"
-		i = AssignInt32(&best, 0)
-		max = 2
-		for ; *(*int8)(unsafe.Pointer(bp + 176 + uintptr(i))) != 0; i++ {
-			if i != 0 && int32(*(*int8)(unsafe.Pointer(bp + 176 + uintptr(i)))) != ':' {
-				continue
-			}
-			j = int32(Xstrspn(tls, bp+176+uintptr(i), ts+169))
-			if j > max {
-				best = i
-				max = j
-			}
-		}
-		if max > 3 {
-			*(*int8)(unsafe.Pointer(bp + 176 + uintptr(best))) = AssignPtrInt8(bp+176+uintptr(best+1), int8(':'))
-			Xmemmove(tls, bp+176+uintptr(best)+uintptr(2), bp+176+uintptr(best)+uintptr(max), uint64(i-best-max+1))
-		}
-		if Xstrlen(tls, bp+176) < size_t(l) {
-			Xstrcpy(tls, s, bp+176)
-			return s
-		}
-		break
-	default:
-		*(*int32)(unsafe.Pointer(X___errno_location(tls))) = 97
-		return uintptr(0)
-	}
-	*(*int32)(unsafe.Pointer(X___errno_location(tls))) = 28
-	return uintptr(0)
-}
-
-func hexval(tls *TLS, c uint32) int32 { /* inet_pton.c:7:12: */
-	if c-uint32('0') < uint32(10) {
-		return int32(c - uint32('0'))
-	}
-	c = c | uint32(32)
-	if c-uint32('a') < uint32(6) {
-		return int32(c - uint32('a') + uint32(10))
-	}
-	return -1
-}
-
-func Xinet_pton(tls *TLS, af int32, s uintptr, a0 uintptr) int32 { /* inet_pton.c:15:5: */
-	if __ccgo_strace {
-		trc("tls=%v af=%v s=%v a0=%v, (%v:)", tls, af, s, a0, origin(2))
-	}
-	bp := tls.Alloc(16)
-	defer tls.Free(16)
-
-	// var ip [8]uint16_t at bp, 16
-
-	var a uintptr = a0
-	var i int32
-	var j int32
-	var v int32
-	var d int32
-	var brk int32 = -1
-	var need_v4 int32 = 0
-
-	if af == 2 {
-		for i = 0; i < 4; i++ {
-			for v = AssignInt32(&j, 0); j < 3 && func() int32 {
-				if 0 != 0 {
-					return Xisdigit(tls, int32(*(*int8)(unsafe.Pointer(s + uintptr(j)))))
-				}
-				return Bool32(uint32(*(*int8)(unsafe.Pointer(s + uintptr(j))))-uint32('0') < uint32(10))
-			}() != 0; j++ {
-				v = 10*v + int32(*(*int8)(unsafe.Pointer(s + uintptr(j)))) - '0'
-			}
-			if j == 0 || j > 1 && int32(*(*int8)(unsafe.Pointer(s))) == '0' || v > 255 {
-				return 0
-			}
-			*(*uint8)(unsafe.Pointer(a + uintptr(i))) = uint8(v)
-			if int32(*(*int8)(unsafe.Pointer(s + uintptr(j)))) == 0 && i == 3 {
-				return 1
-			}
-			if int32(*(*int8)(unsafe.Pointer(s + uintptr(j)))) != '.' {
-				return 0
-			}
-			s += uintptr(j + 1)
-		}
-		return 0
-	} else if af != 10 {
-		*(*int32)(unsafe.Pointer(X___errno_location(tls))) = 97
-		return -1
-	}
-
-	if int32(*(*int8)(unsafe.Pointer(s))) == ':' && int32(*(*int8)(unsafe.Pointer(PreIncUintptr(&s, 1)))) != ':' {
-		return 0
-	}
-
-	for i = 0; ; i++ {
-		if int32(*(*int8)(unsafe.Pointer(s))) == ':' && brk < 0 {
-			brk = i
-			*(*uint16_t)(unsafe.Pointer(bp + uintptr(i&7)*2)) = uint16_t(0)
-			if !(int32(*(*int8)(unsafe.Pointer(PreIncUintptr(&s, 1)))) != 0) {
-				break
-			}
-			if i == 7 {
-				return 0
-			}
-			continue
-		}
-		for v = AssignInt32(&j, 0); j < 4 && AssignInt32(&d, hexval(tls, uint32(*(*int8)(unsafe.Pointer(s + uintptr(j)))))) >= 0; j++ {
-			v = 16*v + d
-		}
-		if j == 0 {
-			return 0
-		}
-		*(*uint16_t)(unsafe.Pointer(bp + uintptr(i&7)*2)) = uint16_t(v)
-		if !(int32(*(*int8)(unsafe.Pointer(s + uintptr(j)))) != 0) && (brk >= 0 || i == 7) {
-			break
-		}
-		if i == 7 {
-			return 0
-		}
-		if int32(*(*int8)(unsafe.Pointer(s + uintptr(j)))) != ':' {
-			if int32(*(*int8)(unsafe.Pointer(s + uintptr(j)))) != '.' || i < 6 && brk < 0 {
-				return 0
-			}
-			need_v4 = 1
-			i++
-			break
-		}
-		s += uintptr(j + 1)
-	}
-	if brk >= 0 {
-		Xmemmove(tls, bp+uintptr(brk)*2+uintptr(7)*2-uintptr(i)*2, bp+uintptr(brk)*2, uint64(2*(i+1-brk)))
-		for j = 0; j < 7-i; j++ {
-			*(*uint16_t)(unsafe.Pointer(bp + uintptr(brk+j)*2)) = uint16_t(0)
-		}
-	}
-	for j = 0; j < 8; j++ {
-		*(*uint8)(unsafe.Pointer(PostIncUintptr(&a, 1))) = uint8(int32(*(*uint16_t)(unsafe.Pointer(bp + uintptr(j)*2))) >> 8)
-		*(*uint8)(unsafe.Pointer(PostIncUintptr(&a, 1))) = uint8(*(*uint16_t)(unsafe.Pointer(bp + uintptr(j)*2)))
-	}
-	if need_v4 != 0 && Xinet_pton(tls, 2, s, a-uintptr(4)) <= 0 {
-		return 0
-	}
-	return 1
-}
-
-func X__lookup_ipliteral(tls *TLS, buf uintptr, name uintptr, family int32) int32 { /* lookup_ipliteral.c:12:5: */
-	if __ccgo_strace {
-		trc("tls=%v buf=%v name=%v family=%v, (%v:)", tls, buf, name, family, origin(2))
-	}
-	bp := tls.Alloc(96)
-	defer tls.Free(96)
-
-	// var a4 in_addr at bp, 4
-
-	// var a6 in6_addr at bp+68, 16
-
-	if X__inet_aton(tls, name, bp) > 0 {
-		if family == 10 { // wrong family
-			return -2
-		}
-		Xmemcpy(tls, buf+8, bp, uint64(unsafe.Sizeof(in_addr{})))
-		(*address)(unsafe.Pointer(buf)).family = 2
-		(*address)(unsafe.Pointer(buf)).scopeid = uint32(0)
-		return 1
-	}
-	// var tmp [64]int8 at bp+4, 64
-
-	var p uintptr = Xstrchr(tls, name, '%')
-	// var z uintptr at bp+88, 8
-
-	var scopeid uint64 = uint64(0)
-	if p != 0 && (int64(p)-int64(name))/1 < int64(64) {
-		Xmemcpy(tls, bp+4, name, uint64((int64(p)-int64(name))/1))
-		*(*int8)(unsafe.Pointer(bp + 4 + uintptr((int64(p)-int64(name))/1))) = int8(0)
-		name = bp + 4 /* &tmp[0] */
-	}
-
-	if Xinet_pton(tls, 10, name, bp+68) <= 0 {
-		return 0
-	}
-	if family == 2 { // wrong family
-		return -2
-	}
-
-	Xmemcpy(tls, buf+8, bp+68, uint64(unsafe.Sizeof(in6_addr{})))
-	(*address)(unsafe.Pointer(buf)).family = 10
-	if p != 0 {
-		if func() int32 {
-			if 0 != 0 {
-				return Xisdigit(tls, int32(*(*int8)(unsafe.Pointer(PreIncUintptr(&p, 1)))))
-			}
-			return Bool32(uint32(*(*int8)(unsafe.Pointer(PreIncUintptr(&p, 1))))-uint32('0') < uint32(10))
-		}() != 0 {
-			scopeid = Xstrtoull(tls, p, bp+88, 10)
-		} else {
-			*(*uintptr)(unsafe.Pointer(bp + 88 /* z */)) = p - uintptr(1)
-		}
-		if *(*int8)(unsafe.Pointer(*(*uintptr)(unsafe.Pointer(bp + 88)))) != 0 {
-			Xabort(tls) //TODO-
-			// if (!IN6_IS_ADDR_LINKLOCAL(&a6) &&
-			//     !IN6_IS_ADDR_MC_LINKLOCAL(&a6))
-			// 	return EAI_NONAME;
-			// scopeid = if_nametoindex(p);
-			// if (!scopeid) return EAI_NONAME;
-		}
-		if scopeid > uint64(0xffffffff) {
-			return -2
-		}
-	}
-	(*address)(unsafe.Pointer(buf)).scopeid = uint32(scopeid)
-	return 1
-}
-
-func is_valid_hostname(tls *TLS, host uintptr) int32 { /* lookup_name.c:18:12: */
-	var s uintptr
-	//TODO if (strnlen(host, 255)-1 >= 254 || mbstowcs(0, host, 0) == -1) return 0;
-	if Xstrnlen(tls, host, uint64(255))-uint64(1) >= uint64(254) {
-		return 0
-	}
-	for s = host; int32(*(*uint8)(unsafe.Pointer(s))) >= 0x80 || int32(*(*uint8)(unsafe.Pointer(s))) == '.' || int32(*(*uint8)(unsafe.Pointer(s))) == '-' || Xisalnum(tls, int32(*(*uint8)(unsafe.Pointer(s)))) != 0; s++ {
-	}
-	return BoolInt32(!(*(*uint8)(unsafe.Pointer(s)) != 0))
-}
-
-var Xzero_struct_address address /* lookup_name.c:27:16: */
-
-func name_from_null(tls *TLS, buf uintptr, name uintptr, family int32, flags int32) int32 { /* lookup_name.c:29:12: */
-	var cnt int32 = 0
-	if name != 0 {
-		return 0
-	}
-	if flags&0x01 != 0 {
-		//TODO if (family != AF_INET6)
-		//TODO 	buf[cnt++] = (struct address){ .family = AF_INET };
-		if family != 10 {
-			var x = Xzero_struct_address
-			x.family = 2
-			*(*address)(unsafe.Pointer(buf + uintptr(PostIncInt32(&cnt, 1))*28)) = x
-		}
-		//TODO if (family != AF_INET)
-		//TODO 	buf[cnt++] = (struct address){ .family = AF_INET6 };
-		if family != 2 {
-			var x = Xzero_struct_address
-			x.family = 10
-			*(*address)(unsafe.Pointer(buf + uintptr(PostIncInt32(&cnt, 1))*28)) = x
-		}
-	} else {
-		Xabort(tls) //TODO-
-		// 	if (family != AF_INET6)
-		// 		buf[cnt++] = (struct address){ .family = AF_INET, .addr = { 127,0,0,1 } };
-		// 	if (family != AF_INET)
-		// 		buf[cnt++] = (struct address){ .family = AF_INET6, .addr = { [15] = 1 } };
-	}
-	return cnt
-}
-
-func name_from_numeric(tls *TLS, buf uintptr, name uintptr, family int32) int32 { /* lookup_name.c:58:12: */
-	return X__lookup_ipliteral(tls, buf, name, family)
-}
-
-func name_from_hosts(tls *TLS, buf uintptr, canon uintptr, name uintptr, family int32) int32 { /* lookup_name.c:63:12: */
-	bp := tls.Alloc(512)
-	defer tls.Free(512)
-
-	// var line [512]int8 at bp, 512
-
-	var l size_t = Xstrlen(tls, name)
-	var cnt int32 = 0
-	var badfam int32 = 0
-	var _buf [1032]uint8
-	_ = _buf
-	//TODO FILE _f, *f = __fopen_rb_ca("/etc/hosts", &_f, _buf, sizeof _buf);
-	var _f FILE
-	_ = _f
-	var f uintptr = Xfopen(tls, ts+76, ts+87)
-	if !(f != 0) {
-		switch *(*int32)(unsafe.Pointer(X___errno_location(tls))) {
-		case 2:
-			fallthrough
-		case 20:
-			fallthrough
-		case 13:
-			return 0
-			fallthrough
-		default:
-			return -11
-		}
-	}
-	for Xfgets(tls, bp, int32(unsafe.Sizeof([512]int8{})), f) != 0 && cnt < 48 {
-		var p uintptr
-		var z uintptr
-
-		if AssignUintptr(&p, Xstrchr(tls, bp, '#')) != 0 {
-			*(*int8)(unsafe.Pointer(PostIncUintptr(&p, 1))) = int8('\n')
-			*(*int8)(unsafe.Pointer(p)) = int8(0)
-		}
-		for p = bp + uintptr(1); AssignUintptr(&p, Xstrstr(tls, p, name)) != 0 && (!(__isspace(tls, int32(*(*int8)(unsafe.Pointer(p + UintptrFromInt32(-1))))) != 0) || !(__isspace(tls, int32(*(*int8)(unsafe.Pointer(p + uintptr(l))))) != 0)); p++ {
-		}
-		if !(p != 0) {
-			continue
-		}
-
-		// Isolate IP address to parse
-		for p = bp; /* &line[0] */ *(*int8)(unsafe.Pointer(p)) != 0 && !(__isspace(tls, int32(*(*int8)(unsafe.Pointer(p)))) != 0); p++ {
-		}
-		*(*int8)(unsafe.Pointer(PostIncUintptr(&p, 1))) = int8(0)
-		switch name_from_numeric(tls, buf+uintptr(cnt)*28, bp, family) {
-		case 1:
-			cnt++
-			break
-		case 0:
-			continue
-		default:
-			badfam = -2
-			continue
-		}
-
-		// Extract first name as canonical name
-		for ; *(*int8)(unsafe.Pointer(p)) != 0 && __isspace(tls, int32(*(*int8)(unsafe.Pointer(p)))) != 0; p++ {
-		}
-		for z = p; *(*int8)(unsafe.Pointer(z)) != 0 && !(__isspace(tls, int32(*(*int8)(unsafe.Pointer(z)))) != 0); z++ {
-		}
-		*(*int8)(unsafe.Pointer(z)) = int8(0)
-		if is_valid_hostname(tls, p) != 0 {
-			Xmemcpy(tls, canon, p, uint64((int64(z)-int64(p))/1+int64(1)))
-		}
-	}
-	//TODO __fclose_ca(f);
-	Xfclose(tls, f)
-	if cnt != 0 {
-		return cnt
-	}
-	return badfam
-}
-
-type dpc_ctx = struct {
-	addrs uintptr
-	canon uintptr
-	cnt   int32
-	_     [4]byte
-} /* lookup_name.c:112:1 */
-
-func name_from_dns_search(tls *TLS, buf uintptr, canon uintptr, name uintptr, family int32) int32 { /* lookup_name.c:191:12: */
-	return -1 //TODO-
-	Xabort(tls)
-	return int32(0) //TODO-
-	// char search[256];
-	// struct resolvconf conf;
-	// size_t l, dots;
-	// char *p, *z;
-
-	// if (__get_resolv_conf(&conf, search, sizeof search) < 0) return -1;
-
-	// /* Count dots, suppress search when >=ndots or name ends in
-	//  * a dot, which is an explicit request for global scope. */
-	// for (dots=l=0; name[l]; l++) if (name[l]=='.') dots++;
-	// if (dots >= conf.ndots || name[l-1]=='.') *search = 0;
-
-	// /* Strip final dot for canon, fail if multiple trailing dots. */
-	// if (name[l-1]=='.') l--;
-	// if (!l || name[l-1]=='.') return EAI_NONAME;
-
-	// /* This can never happen; the caller already checked length. */
-	// if (l >= 256) return EAI_NONAME;
-
-	// /* Name with search domain appended is setup in canon[]. This both
-	//  * provides the desired default canonical name (if the requested
-	//  * name is not a CNAME record) and serves as a buffer for passing
-	//  * the full requested name to name_from_dns. */
-	// memcpy(canon, name, l);
-	// canon[l] = '.';
-
-	// for (p=search; *p; p=z) {
-	// 	for (; isspace(*p); p++);
-	// 	for (z=p; *z && !isspace(*z); z++);
-	// 	if (z==p) break;
-	// 	if (z-p < 256 - l - 1) {
-	// 		memcpy(canon+l+1, p, z-p);
-	// 		canon[z-p+1+l] = 0;
-	// 		int cnt = name_from_dns(buf, canon, canon, family, &conf);
-	// 		if (cnt) return cnt;
-	// 	}
-	// }
-
-	// canon[l] = 0;
-	// return name_from_dns(buf, canon, name, family, &conf);
-}
-
-type policy = struct {
-	addr  [16]uint8
-	len   uint8
-	mask  uint8
-	prec  uint8
-	label uint8
-} /* lookup_name.c:237:14 */
-
-var defpolicy = [6]policy{
-	{addr: *(*[16]uint8)(unsafe.Pointer(ts + 172)), len: uint8(15), mask: uint8(0xff), prec: uint8(50)},
-	{addr: *(*[16]uint8)(unsafe.Pointer(ts + 189)), len: uint8(11), mask: uint8(0xff), prec: uint8(35), label: uint8(4)},
-	{addr: *(*[16]uint8)(unsafe.Pointer(ts + 205)), len: uint8(1), mask: uint8(0xff), prec: uint8(30), label: uint8(2)},
-	{addr: *(*[16]uint8)(unsafe.Pointer(ts + 221)), len: uint8(3), mask: uint8(0xff), prec: uint8(5), label: uint8(5)},
-	{addr: *(*[16]uint8)(unsafe.Pointer(ts + 237)), mask: uint8(0xfe), prec: uint8(3), label: uint8(13)},
-	// Last rule must match all addresses to stop loop.
-	{addr: *(*[16]uint8)(unsafe.Pointer(ts + 253)), prec: uint8(40), label: uint8(1)},
-} /* lookup_name.c:241:3 */
-
-func policyof(tls *TLS, a uintptr) uintptr { /* lookup_name.c:259:28: */
-	var i int32
-	for i = 0; ; i++ {
-		if Xmemcmp(tls, a, uintptr(unsafe.Pointer(&defpolicy))+uintptr(i)*20, uint64(defpolicy[i].len)) != 0 {
-			continue
-		}
-		if int32(*(*uint8_t)(unsafe.Pointer(a + uintptr(defpolicy[i].len))))&int32(defpolicy[i].mask) !=
-			int32(*(*uint8)(unsafe.Pointer(uintptr(unsafe.Pointer(&defpolicy)) + uintptr(i)*20 + uintptr(defpolicy[i].len)))) {
-			continue
-		}
-		return uintptr(unsafe.Pointer(&defpolicy)) + uintptr(i)*20
-	}
-	return uintptr(0)
-}
-
-func labelof(tls *TLS, a uintptr) int32 { /* lookup_name.c:272:12: */
-	return int32((*policy)(unsafe.Pointer(policyof(tls, a))).label)
-}
-
-func scopeof(tls *TLS, a uintptr) int32 { /* lookup_name.c:277:12: */
-	if int32(*(*uint8_t)(unsafe.Pointer(a))) == 0xff {
-		return int32(*(*uint8_t)(unsafe.Pointer(a + 1))) & 15
-	}
-	if int32(*(*uint8_t)(unsafe.Pointer(a))) == 0xfe && int32(*(*uint8_t)(unsafe.Pointer(a + 1)))&0xc0 == 0x80 {
-		return 2
-	}
-	if *(*uint32_t)(unsafe.Pointer(a)) == uint32_t(0) && *(*uint32_t)(unsafe.Pointer(a + 1*4)) == uint32_t(0) && *(*uint32_t)(unsafe.Pointer(a + 2*4)) == uint32_t(0) && int32(*(*uint8_t)(unsafe.Pointer(a + 12))) == 0 && int32(*(*uint8_t)(unsafe.Pointer(a + 13))) == 0 && int32(*(*uint8_t)(unsafe.Pointer(a + 14))) == 0 && int32(*(*uint8_t)(unsafe.Pointer(a + 15))) == 1 {
-		return 2
-	}
-	if int32(*(*uint8_t)(unsafe.Pointer(a))) == 0xfe && int32(*(*uint8_t)(unsafe.Pointer(a + 1)))&0xc0 == 0xc0 {
-		return 5
-	}
-	return 14
-}
-
-func prefixmatch(tls *TLS, s uintptr, d uintptr) int32 { /* lookup_name.c:286:12: */
-	// FIXME: The common prefix length should be limited to no greater
-	// than the nominal length of the prefix portion of the source
-	// address. However the definition of the source prefix length is
-	// not clear and thus this limiting is not yet implemented.
-	var i uint32
-	for i = uint32(0); i < uint32(128) && !((int32(*(*uint8_t)(unsafe.Pointer(s /* &.__in6_union */ /* &.__s6_addr */ + uintptr(i/uint32(8)))))^int32(*(*uint8_t)(unsafe.Pointer(d /* &.__in6_union */ /* &.__s6_addr */ + uintptr(i/uint32(8))))))&(int32(128)>>(i%uint32(8))) != 0); i++ {
-	}
-	return int32(i)
-}
-
-func addrcmp(tls *TLS, _a uintptr, _b uintptr) int32 { /* lookup_name.c:305:12: */
-	var a uintptr = _a
-	var b uintptr = _b
-	return (*address)(unsafe.Pointer(b)).sortkey - (*address)(unsafe.Pointer(a)).sortkey
-}
-
-func X__lookup_name(tls *TLS, buf uintptr, canon uintptr, name uintptr, family int32, flags int32) int32 { /* lookup_name.c:311:5: */
-	if __ccgo_strace {
-		trc("tls=%v buf=%v canon=%v name=%v family=%v flags=%v, (%v:)", tls, buf, canon, name, family, flags, origin(2))
-	}
-	bp := tls.Alloc(92)
-	defer tls.Free(92)
-
-	var cnt int32 = 0
-	var i int32
-	var j int32
-	_ = j
-
-	*(*int8)(unsafe.Pointer(canon)) = int8(0)
-	if name != 0 {
-		// reject empty name and check len so it fits into temp bufs
-		var l size_t = Xstrnlen(tls, name, uint64(255))
-		if l-uint64(1) >= uint64(254) {
-			return -2
-		}
-		Xmemcpy(tls, canon, name, l+uint64(1))
-	}
-
-	// Procedurally, a request for v6 addresses with the v4-mapped
-	// flag set is like a request for unspecified family, followed
-	// by filtering of the results.
-	if flags&0x08 != 0 {
-		if family == 10 {
-			family = 0
-		} else {
-			flags = flags - 0x08
-		}
-	}
-
-	// Try each backend until there's at least one result.
-	cnt = name_from_null(tls, buf, name, family, flags)
-	if !(cnt != 0) {
-		cnt = name_from_numeric(tls, buf, name, family)
-	}
-	if !(cnt != 0) && !(flags&0x04 != 0) {
-		cnt = name_from_hosts(tls, buf, canon, name, family)
-		if !(cnt != 0) {
-			cnt = name_from_dns_search(tls, buf, canon, name, family)
-		}
-	}
-	if cnt <= 0 {
-		if cnt != 0 {
-			return cnt
-		}
-		return -2
-	}
-
-	// Filter/transform results for v4-mapped lookup, if requested.
-	if flags&0x08 != 0 {
-		Xabort(tls) //TODO-
-		// 	if (!(flags & AI_ALL)) {
-		// 		/* If any v6 results exist, remove v4 results. */
-		// 		for (i=0; i<cnt && buf[i].family != AF_INET6; i++);
-		// 		if (i<cnt) {
-		// 			for (j=0; i<cnt; i++) {
-		// 				if (buf[i].family == AF_INET6)
-		// 					buf[j++] = buf[i];
-		// 			}
-		// 			cnt = i = j;
-		// 		}
-		// 	}
-		// 	/* Translate any remaining v4 results to v6 */
-		// 	for (i=0; i<cnt; i++) {
-		// 		if (buf[i].family != AF_INET) continue;
-		// 		memcpy(buf[i].addr+12, buf[i].addr, 4);
-		// 		memcpy(buf[i].addr, "\0\0\0\0\0\0\0\0\0\0\xff\xff", 12);
-		// 		buf[i].family = AF_INET6;
-		// 	}
-	}
-
-	// No further processing is needed if there are fewer than 2
-	// results or if there are only IPv4 results.
-	if cnt < 2 || family == 2 {
-		return cnt
-	}
-	for i = 0; i < cnt; i++ {
-		if (*address)(unsafe.Pointer(buf+uintptr(i)*28)).family != 2 {
-			break
-		}
-	}
-	if i == cnt {
-		return cnt
-	}
-	var cs int32
-	_ = cs
-	//TODO pthread_setcancelstate(PTHREAD_CANCEL_DISABLE, &cs);
-
-	// The following implements a subset of RFC 3484/6724 destination
-	// address selection by generating a single 31-bit sort key for
-	// each address. Rules 3, 4, and 7 are omitted for having
-	// excessive runtime and code size cost and dubious benefit.
-	// So far the label/precedence table cannot be customized.
-	for i = 0; i < cnt; i++ {
-		var family int32 = (*address)(unsafe.Pointer(buf + uintptr(i)*28)).family
-		var key int32 = 0
-		*(*sockaddr_in6)(unsafe.Pointer(bp + 28 /* sa6 */)) = sockaddr_in6{}
-		*(*sockaddr_in6)(unsafe.Pointer(bp /* da6 */)) = sockaddr_in6{sin6_family: sa_family_t(10), sin6_port: in_port_t(65535), sin6_scope_id: (*address)(unsafe.Pointer(buf + uintptr(i)*28)).scopeid}
-		*(*sockaddr_in)(unsafe.Pointer(bp + 72 /* sa4 */)) = sockaddr_in{}
-		*(*sockaddr_in)(unsafe.Pointer(bp + 56 /* da4 */)) = sockaddr_in{sin_family: sa_family_t(2), sin_port: in_port_t(65535)}
-		var sa1 uintptr
-		var da uintptr
-		// var salen socklen_t at bp+88, 4
-
-		var dalen socklen_t
-		if family == 10 {
-			Xmemcpy(tls, bp+8, buf+uintptr(i)*28+8, uint64(16))
-			da = bp /* &da6 */
-			dalen = socklen_t(unsafe.Sizeof(sockaddr_in6{}))
-			sa1 = bp + 28 /* &sa6 */
-			*(*socklen_t)(unsafe.Pointer(bp + 88 /* salen */)) = socklen_t(unsafe.Sizeof(sockaddr_in6{}))
-		} else {
-			Xmemcpy(tls, bp+28+8,
-				ts+90, uint64(12))
-			Xmemcpy(tls, bp+8+uintptr(12), buf+uintptr(i)*28+8, uint64(4))
-			Xmemcpy(tls, bp+8,
-				ts+90, uint64(12))
-			Xmemcpy(tls, bp+8+uintptr(12), buf+uintptr(i)*28+8, uint64(4))
-			Xmemcpy(tls, bp+56+4, buf+uintptr(i)*28+8, uint64(4))
-			da = bp + 56 /* &da4 */
-			dalen = socklen_t(unsafe.Sizeof(sockaddr_in{}))
-			sa1 = bp + 72 /* &sa4 */
-			*(*socklen_t)(unsafe.Pointer(bp + 88 /* salen */)) = socklen_t(unsafe.Sizeof(sockaddr_in{}))
-		}
-		var dpolicy uintptr = policyof(tls, bp+8)
-		var dscope int32 = scopeof(tls, bp+8)
-		var dlabel int32 = int32((*policy)(unsafe.Pointer(dpolicy)).label)
-		var dprec int32 = int32((*policy)(unsafe.Pointer(dpolicy)).prec)
-		var prefixlen int32 = 0
-		var fd int32 = Xsocket(tls, family, 2|02000000, 17)
-		if fd >= 0 {
-			if !(Xconnect(tls, fd, da, dalen) != 0) {
-				key = key | 0x40000000
-				if !(Xgetsockname(tls, fd, sa1, bp+88) != 0) {
-					if family == 2 {
-						Xmemcpy(tls,
-							bp+28+8+uintptr(12),
-							bp+72+4, uint64(4))
-					}
-					if dscope == scopeof(tls, bp+28+8) {
-						key = key | 0x20000000
-					}
-					if dlabel == labelof(tls, bp+28+8) {
-						key = key | 0x10000000
-					}
-					prefixlen = prefixmatch(tls, bp+28+8,
-						bp+8)
-				}
-			}
-			Xclose(tls, fd)
-		}
-		key = key | dprec<<20
-		key = key | (15-dscope)<<16
-		key = key | prefixlen<<8
-		key = key | (48-i)<<0
-		(*address)(unsafe.Pointer(buf + uintptr(i)*28)).sortkey = key
-	}
-	Xqsort(tls, buf, uint64(cnt), uint64(unsafe.Sizeof(address{})), *(*uintptr)(unsafe.Pointer(&struct {
-		f func(*TLS, uintptr, uintptr) int32
-	}{addrcmp})))
-
-	//TODO pthread_setcancelstate(cs, 0);
-
-	return cnt
-}
-
-func X__lookup_serv(tls *TLS, buf uintptr, name uintptr, proto int32, socktype int32, flags int32) int32 { /* lookup_serv.c:12:5: */
-	if __ccgo_strace {
-		trc("tls=%v buf=%v name=%v proto=%v socktype=%v flags=%v, (%v:)", tls, buf, name, proto, socktype, flags, origin(2))
-	}
-	bp := tls.Alloc(8)
-	defer tls.Free(8)
-
-	var line [128]int8
-	_ = line
-	var cnt int32 = 0
-	var p uintptr
-	_ = p
-	*(*uintptr)(unsafe.Pointer(bp /* z */)) = ts + 13 /* "" */
-	var port uint64 = uint64(0)
-
-	switch socktype {
-	case 1:
-		switch proto {
-		case 0:
-			proto = 6
-			fallthrough
-		case 6:
-			break
-		default:
-			return -8
-		}
-		break
-	case 2:
-		switch proto {
-		case 0:
-			proto = 17
-			fallthrough
-		case 17:
-			break
-		default:
-			return -8
-		}
-		fallthrough
-	case 0:
-		break
-	default:
-		if name != 0 {
-			return -8
-		}
-		(*service)(unsafe.Pointer(buf)).port = uint16_t(0)
-		(*service)(unsafe.Pointer(buf)).proto = uint8(proto)
-		(*service)(unsafe.Pointer(buf)).socktype = uint8(socktype)
-		return 1
-	}
-
-	if name != 0 {
-		if !(int32(*(*int8)(unsafe.Pointer(name))) != 0) {
-			return -8
-		}
-		port = Xstrtoul(tls, name, bp, 10)
-	}
-	if !(int32(*(*int8)(unsafe.Pointer(*(*uintptr)(unsafe.Pointer(bp))))) != 0) {
-		if port > uint64(65535) {
-			return -8
-		}
-		if proto != 17 {
-			(*service)(unsafe.Pointer(buf + uintptr(cnt)*4)).port = uint16_t(port)
-			(*service)(unsafe.Pointer(buf + uintptr(cnt)*4)).socktype = uint8(1)
-			(*service)(unsafe.Pointer(buf + uintptr(PostIncInt32(&cnt, 1))*4)).proto = uint8(6)
-		}
-		if proto != 6 {
-			(*service)(unsafe.Pointer(buf + uintptr(cnt)*4)).port = uint16_t(port)
-			(*service)(unsafe.Pointer(buf + uintptr(cnt)*4)).socktype = uint8(2)
-			(*service)(unsafe.Pointer(buf + uintptr(PostIncInt32(&cnt, 1))*4)).proto = uint8(17)
-		}
-		return cnt
-	}
-
-	if flags&0x400 != 0 {
-		return -2
-	}
-
-	var l size_t = Xstrlen(tls, name)
-	_ = l
-
-	Xabort(tls) //TODO-
-	// unsigned char _buf[1032];
-	// FILE _f, *f = __fopen_rb_ca("/etc/services", &_f, _buf, sizeof _buf);
-	// if (!f) switch (errno) {
-	// case ENOENT:
-	// case ENOTDIR:
-	// case EACCES:
-	// 	return EAI_SERVICE;
-	// default:
-	// 	return EAI_SYSTEM;
-	// }
-
-	Xabort(tls) //TODO-
-	// while (fgets(line, sizeof line, f) && cnt < MAXSERVS) {
-	// 	if ((p=strchr(line, '#'))) *p++='\n', *p=0;
-
-	// 	/* Find service name */
-	// 	for(p=line; (p=strstr(p, name)); p++) {
-	// 		if (p>line && !isspace(p[-1])) continue;
-	// 		if (p[l] && !isspace(p[l])) continue;
-	// 		break;
-	// 	}
-	// 	if (!p) continue;
-
-	// 	/* Skip past canonical name at beginning of line */
-	// 	for (p=line; *p && !isspace(*p); p++);
-
-	// 	port = strtoul(p, &z, 10);
-	// 	if (port > 65535 || z==p) continue;
-	// 	if (!strncmp(z, "/udp", 4)) {
-	// 		if (proto == IPPROTO_TCP) continue;
-	// 		buf[cnt].port = port;
-	// 		buf[cnt].socktype = SOCK_DGRAM;
-	// 		buf[cnt++].proto = IPPROTO_UDP;
-	// 	}
-	// 	if (!strncmp(z, "/tcp", 4)) {
-	// 		if (proto == IPPROTO_UDP) continue;
-	// 		buf[cnt].port = port;
-	// 		buf[cnt].socktype = SOCK_STREAM;
-	// 		buf[cnt++].proto = IPPROTO_TCP;
-	// 	}
-	// }
-	// __fclose_ca(f);
-	// return cnt > 0 ? cnt : EAI_SERVICE;
-	Xabort(tls)
-	return int32(0) //TODO-
-}
-
-func temper(tls *TLS, x uint32) uint32 { /* rand_r.c:3:17: */
-	x = x ^ x>>11
-	x = x ^ x<<7&0x9D2C5680
-	x = x ^ x<<15&0xEFC60000
-	x = x ^ x>>18
-	return x
-}
-
-func Xrand_r(tls *TLS, seed uintptr) int32 { /* rand_r.c:12:5: */
-	if __ccgo_strace {
-		trc("tls=%v seed=%v, (%v:)", tls, seed, origin(2))
-	}
-	return int32(temper(tls, AssignPtrUint32(seed, *(*uint32)(unsafe.Pointer(seed))*uint32(1103515245)+uint32(12345))) / uint32(2))
-}
-
-func X__lockfile(tls *TLS, f uintptr) int32 { /* __lockfile.c:4:5: */
-	if __ccgo_strace {
-		trc("tls=%v f=%v, (%v:)", tls, f, origin(2))
-	}
-	var owner int32 = (*FILE)(unsafe.Pointer(f)).lock
-	var tid int32 = (*__pthread)(unsafe.Pointer(__pthread_self(tls))).tid
-	if owner&CplInt32(0x40000000) == tid {
-		return 0
-	}
-	owner = a_cas(tls, f+140, 0, tid)
-	if !(owner != 0) {
-		return 1
-	}
-	for AssignInt32(&owner, a_cas(tls, f+140, 0, tid|0x40000000)) != 0 {
-		if owner&0x40000000 != 0 || a_cas(tls, f+140, owner, owner|0x40000000) == owner {
-			__futexwait(tls, f+140, owner|0x40000000, 1)
-		}
-	}
-	return 1
-}
-
-func X__unlockfile(tls *TLS, f uintptr) { /* __lockfile.c:19:6: */
-	if __ccgo_strace {
-		trc("tls=%v f=%v, (%v:)", tls, f, origin(2))
-	}
-	if a_swap(tls, f+140, 0)&0x40000000 != 0 {
-		__wake(tls, f+140, 1, 1)
-	}
-}
-
-func X__toread(tls *TLS, f uintptr) int32 { /* __toread.c:3:5: */
-	if __ccgo_strace {
-		trc("tls=%v f=%v, (%v:)", tls, f, origin(2))
-	}
-	*(*int32)(unsafe.Pointer(f + 136)) |= (*FILE)(unsafe.Pointer(f)).mode - 1
-	if (*FILE)(unsafe.Pointer(f)).wpos != (*FILE)(unsafe.Pointer(f)).wbase {
-		(*struct {
-			f func(*TLS, uintptr, uintptr, size_t) size_t
-		})(unsafe.Pointer(&struct{ uintptr }{(*FILE)(unsafe.Pointer(f)).write})).f(tls, f, uintptr(0), uint64(0))
-	}
-	(*FILE)(unsafe.Pointer(f)).wpos = AssignPtrUintptr(f+56, AssignPtrUintptr(f+32, uintptr(0)))
-	if (*FILE)(unsafe.Pointer(f)).flags&uint32(4) != 0 {
-		*(*uint32)(unsafe.Pointer(f)) |= uint32(32)
-		return -1
-	}
-	(*FILE)(unsafe.Pointer(f)).rpos = AssignPtrUintptr(f+16, (*FILE)(unsafe.Pointer(f)).buf+uintptr((*FILE)(unsafe.Pointer(f)).buf_size))
-	if (*FILE)(unsafe.Pointer(f)).flags&uint32(16) != 0 {
-		return -1
-	}
-	return 0
-}
-
-func X__toread_needs_stdio_exit(tls *TLS) { /* __toread.c:16:13: */
-	if __ccgo_strace {
-		trc("tls=%v, (%v:)", tls, origin(2))
-	}
-	X__builtin_abort(tls) //TODO-
-	// __stdio_exit_needed();
-}
-
-// This function assumes it will never be called if there is already
-// data buffered for reading.
-
-func X__uflow(tls *TLS, f uintptr) int32 { /* __uflow.c:6:5: */
-	if __ccgo_strace {
-		trc("tls=%v f=%v, (%v:)", tls, f, origin(2))
-	}
-	bp := tls.Alloc(1)
-	defer tls.Free(1)
-
-	// var c uint8 at bp, 1
-
-	if !(X__toread(tls, f) != 0) && (*struct {
-		f func(*TLS, uintptr, uintptr, size_t) size_t
-	})(unsafe.Pointer(&struct{ uintptr }{(*FILE)(unsafe.Pointer(f)).read})).f(tls, f, bp, uint64(1)) == uint64(1) {
-		return int32(*(*uint8)(unsafe.Pointer(bp)))
-	}
-	return -1
-}
-
-func Xsscanf(tls *TLS, s uintptr, fmt uintptr, va uintptr) int32 { /* sscanf.c:4:5: */
-	if __ccgo_strace {
-		trc("tls=%v s=%v fmt=%v va=%v, (%v:)", tls, s, fmt, va, origin(2))
-	}
-	var ret int32
-	var ap va_list
-	_ = ap
-	ap = va
-	ret = Xvsscanf(tls, s, fmt, ap)
-	_ = ap
-	return ret
-}
-
-type wctrans_t = uintptr /* wctype.h:20:19 */
-
-func store_int(tls *TLS, dest uintptr, size int32, i uint64) { /* vfscanf.c:22:13: */
-	if !(dest != 0) {
-		return
-	}
-	switch size {
-	case -2:
-		*(*int8)(unsafe.Pointer(dest)) = int8(i)
-		break
-	case -1:
-		*(*int16)(unsafe.Pointer(dest)) = int16(i)
-		break
-	case 0:
-		*(*int32)(unsafe.Pointer(dest)) = int32(i)
-		break
-	case 1:
-		*(*int64)(unsafe.Pointer(dest)) = int64(i)
-		break
-	case 3:
-		*(*int64)(unsafe.Pointer(dest)) = int64(i)
-		break
-	}
-}
-
-func arg_n(tls *TLS, ap va_list, n uint32) uintptr { /* vfscanf.c:44:13: */
-	var p uintptr
-	var i uint32
-	var ap2 va_list
-	_ = ap2
-	ap2 = ap
-	for i = n; i > uint32(1); i-- {
-		VaUintptr(&ap2)
-	}
-	p = VaUintptr(&ap2)
-	_ = ap2
-	return p
-}
-
-func Xvfscanf(tls *TLS, f uintptr, fmt uintptr, ap va_list) int32 { /* vfscanf.c:56:5: */
-	if __ccgo_strace {
-		trc("tls=%v f=%v fmt=%v ap=%v, (%v:)", tls, f, fmt, ap, origin(2))
-	}
-	bp := tls.Alloc(276)
-	defer tls.Free(276)
-
-	var width int32
-	var size int32
-	var alloc int32
-	var base int32
-	var p uintptr
-	var c int32
-	var t int32
-	var s uintptr
-	var wcs uintptr
-	// var st mbstate_t at bp+268, 8
-
-	var dest uintptr
-	var invert int32
-	var matches int32
-	var x uint64
-	var y float64
-	var pos off_t
-	// var scanset [257]uint8 at bp, 257
-
-	var i size_t
-	var k size_t
-	// var wc wchar_t at bp+260, 4
-
-	var __need_unlock int32
-	var tmp uintptr
-	var tmp1 uintptr
-	alloc = 0
-	dest = uintptr(0)
-	matches = 0
-	pos = int64(0)
-	__need_unlock = 0
-
-	if !!(int32((*FILE)(unsafe.Pointer(f)).rpos) != 0) {
-		goto __1
-	}
-	X__toread(tls, f)
-__1:
-	;
-	if !!(int32((*FILE)(unsafe.Pointer(f)).rpos) != 0) {
-		goto __2
-	}
-	goto input_fail
-__2:
-	;
-
-	p = fmt
-__3:
-	if !(*(*uint8)(unsafe.Pointer(p)) != 0) {
-		goto __5
-	}
-
-	alloc = 0
-
-	if !(__isspace(tls, int32(*(*uint8)(unsafe.Pointer(p)))) != 0) {
-		goto __6
-	}
-__7:
-	if !(__isspace(tls, int32(*(*uint8)(unsafe.Pointer(p + 1)))) != 0) {
-		goto __8
-	}
-	p++
-	goto __7
-__8:
-	;
-	X__shlim(tls, f, int64(0))
-__9:
-	if !(__isspace(tls, func() int32 {
-		if (*FILE)(unsafe.Pointer(f)).rpos != (*FILE)(unsafe.Pointer(f)).shend {
-			return int32(*(*uint8)(unsafe.Pointer(PostIncUintptr(&(*FILE)(unsafe.Pointer(f)).rpos, 1))))
-		}
-		return X__shgetc(tls, f)
-	}()) != 0) {
-		goto __10
-	}
-	goto __9
-__10:
-	;
-	if (*FILE)(unsafe.Pointer(f)).shlim >= int64(0) {
-		(*FILE)(unsafe.Pointer(f)).rpos--
-	} else {
-	}
-	pos = pos + ((*FILE)(unsafe.Pointer(f)).shcnt + (int64((*FILE)(unsafe.Pointer(f)).rpos)-int64((*FILE)(unsafe.Pointer(f)).buf))/1)
-	goto __4
-__6:
-	;
-	if !(int32(*(*uint8)(unsafe.Pointer(p))) != '%' || int32(*(*uint8)(unsafe.Pointer(p + 1))) == '%') {
-		goto __11
-	}
-	X__shlim(tls, f, int64(0))
-	if !(int32(*(*uint8)(unsafe.Pointer(p))) == '%') {
-		goto __12
-	}
-	p++
-__14:
-	if !(__isspace(tls, AssignInt32(&c, func() int32 {
-		if (*FILE)(unsafe.Pointer(f)).rpos != (*FILE)(unsafe.Pointer(f)).shend {
-			return int32(*(*uint8)(unsafe.Pointer(PostIncUintptr(&(*FILE)(unsafe.Pointer(f)).rpos, 1))))
-		}
-		return X__shgetc(tls, f)
-	}())) != 0) {
-		goto __15
-	}
-	goto __14
-__15:
-	;
-	goto __13
-__12:
-	c = func() int32 {
-		if (*FILE)(unsafe.Pointer(f)).rpos != (*FILE)(unsafe.Pointer(f)).shend {
-			return int32(*(*uint8)(unsafe.Pointer(PostIncUintptr(&(*FILE)(unsafe.Pointer(f)).rpos, 1))))
-		}
-		return X__shgetc(tls, f)
-	}()
-__13:
-	;
-	if !(c != int32(*(*uint8)(unsafe.Pointer(p)))) {
-		goto __16
-	}
-	if (*FILE)(unsafe.Pointer(f)).shlim >= int64(0) {
-		(*FILE)(unsafe.Pointer(f)).rpos--
-	} else {
-	}
-	if !(c < 0) {
-		goto __17
-	}
-	goto input_fail
-__17:
-	;
-	goto match_fail
-__16:
-	;
-	pos = pos + ((*FILE)(unsafe.Pointer(f)).shcnt + (int64((*FILE)(unsafe.Pointer(f)).rpos)-int64((*FILE)(unsafe.Pointer(f)).buf))/1)
-	goto __4
-__11:
-	;
-
-	p++
-	if !(int32(*(*uint8)(unsafe.Pointer(p))) == '*') {
-		goto __18
-	}
-	dest = uintptr(0)
-	p++
-	goto __19
-__18:
-	if !(func() int32 {
-		if 0 != 0 {
-			return Xisdigit(tls, int32(*(*uint8)(unsafe.Pointer(p))))
-		}
-		return Bool32(uint32(*(*uint8)(unsafe.Pointer(p)))-uint32('0') < uint32(10))
-	}() != 0 && int32(*(*uint8)(unsafe.Pointer(p + 1))) == '$') {
-		goto __20
-	}
-	dest = arg_n(tls, ap, uint32(int32(*(*uint8)(unsafe.Pointer(p)))-'0'))
-	p += uintptr(2)
-	goto __21
-__20:
-	dest = VaUintptr(&ap)
-__21:
-	;
-__19:
-	;
-
-	width = 0
-__22:
-	if !(func() int32 {
-		if 0 != 0 {
-			return Xisdigit(tls, int32(*(*uint8)(unsafe.Pointer(p))))
-		}
-		return Bool32(uint32(*(*uint8)(unsafe.Pointer(p)))-uint32('0') < uint32(10))
-	}() != 0) {
-		goto __24
-	}
-	width = 10*width + int32(*(*uint8)(unsafe.Pointer(p))) - '0'
-	goto __23
-__23:
-	p++
-	goto __22
-	goto __24
-__24:
-	;
-
-	if !(int32(*(*uint8)(unsafe.Pointer(p))) == 'm') {
-		goto __25
-	}
-	wcs = uintptr(0)
-	s = uintptr(0)
-	alloc = BoolInt32(!!(dest != 0))
-	p++
-	goto __26
-__25:
-	alloc = 0
-__26:
-	;
-
-	size = 0
-	switch int32(*(*uint8)(unsafe.Pointer(PostIncUintptr(&p, 1)))) {
-	case 'h':
-		goto __28
-	case 'l':
-		goto __29
-	case 'j':
-		goto __30
-	case 'z':
-		goto __31
-	case 't':
-		goto __32
-	case 'L':
-		goto __33
-	case 'd':
-		goto __34
-	case 'i':
-		goto __35
-	case 'o':
-		goto __36
-	case 'u':
-		goto __37
-	case 'x':
-		goto __38
-	case 'a':
-		goto __39
-	case 'e':
-		goto __40
-	case 'f':
-		goto __41
-	case 'g':
-		goto __42
-	case 'A':
-		goto __43
-	case 'E':
-		goto __44
-	case 'F':
-		goto __45
-	case 'G':
-		goto __46
-	case 'X':
-		goto __47
-	case 's':
-		goto __48
-	case 'c':
-		goto __49
-	case '[':
-		goto __50
-	case 'S':
-		goto __51
-	case 'C':
-		goto __52
-	case 'p':
-		goto __53
-	case 'n':
-		goto __54
-	default:
-		goto __55
-	}
-	goto __27
-__28:
-	if !(int32(*(*uint8)(unsafe.Pointer(p))) == 'h') {
-		goto __56
-	}
-	p++
-	size = -2
-	goto __57
-__56:
-	size = -1
-__57:
-	;
-	goto __27
-__29:
-	if !(int32(*(*uint8)(unsafe.Pointer(p))) == 'l') {
-		goto __58
-	}
-	p++
-	size = 3
-	goto __59
-__58:
-	size = 1
-__59:
-	;
-	goto __27
-__30:
-	size = 3
-	goto __27
-__31:
-__32:
-	size = 1
-	goto __27
-__33:
-	size = 2
-	goto __27
-__34:
-__35:
-__36:
-__37:
-__38:
-__39:
-__40:
-__41:
-__42:
-__43:
-__44:
-__45:
-__46:
-__47:
-__48:
-__49:
-__50:
-__51:
-__52:
-__53:
-__54:
-	p--
-	goto __27
-__55:
-	goto fmt_fail
-__27:
-	;
-
-	t = int32(*(*uint8)(unsafe.Pointer(p)))
-
-	// C or S
-	if !(t&0x2f == 3) {
-		goto __60
-	}
-	t = t | 32
-	size = 1
-__60:
-	;
-
-	switch t {
-	case 'c':
-		goto __62
-	case '[':
-		goto __63
-	case 'n':
-		goto __64
-	default:
-		goto __65
-	}
-	goto __61
-__62:
-	if !(width < 1) {
-		goto __66
-	}
-	width = 1
-__66:
-	;
-__63:
-	goto __61
-__64:
-	store_int(tls, dest, size, uint64(pos))
-	// do not increment match count, etc!
-	goto __4
-__65:
-	X__shlim(tls, f, int64(0))
-__67:
-	if !(__isspace(tls, func() int32 {
-		if (*FILE)(unsafe.Pointer(f)).rpos != (*FILE)(unsafe.Pointer(f)).shend {
-			return int32(*(*uint8)(unsafe.Pointer(PostIncUintptr(&(*FILE)(unsafe.Pointer(f)).rpos, 1))))
-		}
-		return X__shgetc(tls, f)
-	}()) != 0) {
-		goto __68
-	}
-	goto __67
-__68:
-	;
-	if (*FILE)(unsafe.Pointer(f)).shlim >= int64(0) {
-		(*FILE)(unsafe.Pointer(f)).rpos--
-	} else {
-	}
-	pos = pos + ((*FILE)(unsafe.Pointer(f)).shcnt + (int64((*FILE)(unsafe.Pointer(f)).rpos)-int64((*FILE)(unsafe.Pointer(f)).buf))/1)
-__61:
-	;
-
-	X__shlim(tls, f, int64(width))
-	if !(func() int32 {
-		if (*FILE)(unsafe.Pointer(f)).rpos != (*FILE)(unsafe.Pointer(f)).shend {
-			return int32(*(*uint8)(unsafe.Pointer(PostIncUintptr(&(*FILE)(unsafe.Pointer(f)).rpos, 1))))
-		}
-		return X__shgetc(tls, f)
-	}() < 0) {
-		goto __69
-	}
-	goto input_fail
-__69:
-	;
-	if (*FILE)(unsafe.Pointer(f)).shlim >= int64(0) {
-		(*FILE)(unsafe.Pointer(f)).rpos--
-	} else {
-	}
-
-	switch t {
-	case 's':
-		goto __71
-	case 'c':
-		goto __72
-	case '[':
-		goto __73
-	case 'p':
-		goto __74
-	case 'X':
-		goto __75
-	case 'x':
-		goto __76
-	case 'o':
-		goto __77
-	case 'd':
-		goto __78
-	case 'u':
-		goto __79
-	case 'i':
-		goto __80
-	case 'a':
-		goto __81
-	case 'A':
-		goto __82
-	case 'e':
-		goto __83
-	case 'E':
-		goto __84
-	case 'f':
-		goto __85
-	case 'F':
-		goto __86
-	case 'g':
-		goto __87
-	case 'G':
-		goto __88
-	}
-	goto __70
-__71:
-__72:
-__73:
-	if !(t == 'c' || t == 's') {
-		goto __89
-	}
-	Xmemset(tls, bp, -1, uint64(unsafe.Sizeof([257]uint8{})))
-	*(*uint8)(unsafe.Pointer(bp)) = uint8(0)
-	if !(t == 's') {
-		goto __91
-	}
-	*(*uint8)(unsafe.Pointer(bp + 10)) = uint8(0)
-	*(*uint8)(unsafe.Pointer(bp + 11)) = uint8(0)
-	*(*uint8)(unsafe.Pointer(bp + 12)) = uint8(0)
-	*(*uint8)(unsafe.Pointer(bp + 13)) = uint8(0)
-	*(*uint8)(unsafe.Pointer(bp + 14)) = uint8(0)
-	*(*uint8)(unsafe.Pointer(bp + 33)) = uint8(0)
-__91:
-	;
-	goto __90
-__89:
-	if !(int32(*(*uint8)(unsafe.Pointer(PreIncUintptr(&p, 1)))) == '^') {
-		goto __92
-	}
-	p++
-	invert = 1
-	goto __93
-__92:
-	invert = 0
-__93:
-	;
-	Xmemset(tls, bp, invert, uint64(unsafe.Sizeof([257]uint8{})))
-	*(*uint8)(unsafe.Pointer(bp)) = uint8(0)
-	if !(int32(*(*uint8)(unsafe.Pointer(p))) == '-') {
-		goto __94
-	}
-	p++
-	*(*uint8)(unsafe.Pointer(bp + 46)) = uint8(1 - invert)
-	goto __95
-__94:
-	if !(int32(*(*uint8)(unsafe.Pointer(p))) == ']') {
-		goto __96
-	}
-	p++
-	*(*uint8)(unsafe.Pointer(bp + 94)) = uint8(1 - invert)
-__96:
-	;
-__95:
-	;
-__97:
-	if !(int32(*(*uint8)(unsafe.Pointer(p))) != ']') {
-		goto __99
-	}
-	if !!(int32(*(*uint8)(unsafe.Pointer(p))) != 0) {
-		goto __100
-	}
-	goto fmt_fail
-__100:
-	;
-	if !(int32(*(*uint8)(unsafe.Pointer(p))) == '-' && *(*uint8)(unsafe.Pointer(p + 1)) != 0 && int32(*(*uint8)(unsafe.Pointer(p + 1))) != ']') {
-		goto __101
-	}
-	c = int32(*(*uint8)(unsafe.Pointer(PostIncUintptr(&p, 1) + UintptrFromInt32(-1))))
-__102:
-	if !(c < int32(*(*uint8)(unsafe.Pointer(p)))) {
-		goto __104
-	}
-	*(*uint8)(unsafe.Pointer(bp + uintptr(1+c))) = uint8(1 - invert)
-	goto __103
-__103:
-	c++
-	goto __102
-	goto __104
-__104:
-	;
-__101:
-	;
-	*(*uint8)(unsafe.Pointer(bp + uintptr(1+int32(*(*uint8)(unsafe.Pointer(p)))))) = uint8(1 - invert)
-	goto __98
-__98:
-	p++
-	goto __97
-	goto __99
-__99:
-	;
-__90:
-	;
-	wcs = uintptr(0)
-	s = uintptr(0)
-	i = uint64(0)
-	if t == 'c' {
-		k = uint64(uint32(width) + 1)
-	} else {
-		k = uint64(31)
-	}
-	if !(size == 1) {
-		goto __105
-	}
-	if !(alloc != 0) {
-		goto __107
-	}
-	wcs = Xmalloc(tls, k*size_t(unsafe.Sizeof(wchar_t(0))))
-	if !!(wcs != 0) {
-		goto __109
-	}
-	goto alloc_fail
-__109:
-	;
-	goto __108
-__107:
-	wcs = dest
-__108:
-	;
-	*(*mbstate_t)(unsafe.Pointer(bp + 268 /* st */)) = mbstate_t{}
-__110:
-	if !(*(*uint8)(unsafe.Pointer(bp + uintptr(AssignInt32(&c, func() int32 {
-		if (*FILE)(unsafe.Pointer(f)).rpos != (*FILE)(unsafe.Pointer(f)).shend {
-			return int32(*(*uint8)(unsafe.Pointer(PostIncUintptr(&(*FILE)(unsafe.Pointer(f)).rpos, 1))))
-		}
-		return X__shgetc(tls, f)
-	}())+1))) != 0) {
-		goto __111
-	}
-	switch Xmbrtowc(tls, bp+260, func() uintptr { *(*int8)(unsafe.Pointer(bp + 264)) = int8(c); return bp + 264 }(), uint64(1), bp+268 /* &st */) {
-	case Uint64FromInt32(-1):
-		goto __113
-	case Uint64FromInt32(-2):
-		goto __114
-	}
-	goto __112
-__113:
-	goto input_fail
-__114:
-	goto __110
-__112:
-	;
-	if !(wcs != 0) {
-		goto __115
-	}
-	*(*wchar_t)(unsafe.Pointer(wcs + uintptr(PostIncUint64(&i, 1))*4)) = *(*wchar_t)(unsafe.Pointer(bp + 260 /* wc */))
-__115:
-	;
-	if !(alloc != 0 && i == k) {
-		goto __116
-	}
-	k = k + (k + uint64(1))
-	tmp = Xrealloc(tls, wcs, k*size_t(unsafe.Sizeof(wchar_t(0))))
-	if !!(tmp != 0) {
-		goto __117
-	}
-	goto alloc_fail
-__117:
-	;
-	wcs = tmp
-__116:
-	;
-	goto __110
-__111:
-	;
-	if !!(Xmbsinit(tls, bp+268) != 0) {
-		goto __118
-	}
-	goto input_fail
-__118:
-	;
-	goto __106
-__105:
-	if !(alloc != 0) {
-		goto __119
-	}
-	s = Xmalloc(tls, k)
-	if !!(s != 0) {
-		goto __121
-	}
-	goto alloc_fail
-__121:
-	;
-__122:
-	if !(*(*uint8)(unsafe.Pointer(bp + uintptr(AssignInt32(&c, func() int32 {
-		if (*FILE)(unsafe.Pointer(f)).rpos != (*FILE)(unsafe.Pointer(f)).shend {
-			return int32(*(*uint8)(unsafe.Pointer(PostIncUintptr(&(*FILE)(unsafe.Pointer(f)).rpos, 1))))
-		}
-		return X__shgetc(tls, f)
-	}())+1))) != 0) {
-		goto __123
-	}
-	*(*int8)(unsafe.Pointer(s + uintptr(PostIncUint64(&i, 1)))) = int8(c)
-	if !(i == k) {
-		goto __124
-	}
-	k = k + (k + uint64(1))
-	tmp1 = Xrealloc(tls, s, k)
-	if !!(tmp1 != 0) {
-		goto __125
-	}
-	goto alloc_fail
-__125:
-	;
-	s = tmp1
-__124:
-	;
-	goto __122
-__123:
-	;
-	goto __120
-__119:
-	if !(AssignUintptr(&s, dest) != 0) {
-		goto __126
-	}
-__128:
-	if !(*(*uint8)(unsafe.Pointer(bp + uintptr(AssignInt32(&c, func() int32 {
-		if (*FILE)(unsafe.Pointer(f)).rpos != (*FILE)(unsafe.Pointer(f)).shend {
-			return int32(*(*uint8)(unsafe.Pointer(PostIncUintptr(&(*FILE)(unsafe.Pointer(f)).rpos, 1))))
-		}
-		return X__shgetc(tls, f)
-	}())+1))) != 0) {
-		goto __129
-	}
-	*(*int8)(unsafe.Pointer(s + uintptr(PostIncUint64(&i, 1)))) = int8(c)
-	goto __128
-__129:
-	;
-	goto __127
-__126:
-__130:
-	if !(*(*uint8)(unsafe.Pointer(bp + uintptr(AssignInt32(&c, func() int32 {
-		if (*FILE)(unsafe.Pointer(f)).rpos != (*FILE)(unsafe.Pointer(f)).shend {
-			return int32(*(*uint8)(unsafe.Pointer(PostIncUintptr(&(*FILE)(unsafe.Pointer(f)).rpos, 1))))
-		}
-		return X__shgetc(tls, f)
-	}())+1))) != 0) {
-		goto __131
-	}
-	goto __130
-__131:
-	;
-__127:
-	;
-__120:
-	;
-__106:
-	;
-	if (*FILE)(unsafe.Pointer(f)).shlim >= int64(0) {
-		(*FILE)(unsafe.Pointer(f)).rpos--
-	} else {
-	}
-	if !!((*FILE)(unsafe.Pointer(f)).shcnt+(int64((*FILE)(unsafe.Pointer(f)).rpos)-int64((*FILE)(unsafe.Pointer(f)).buf))/1 != 0) {
-		goto __132
-	}
-	goto match_fail
-__132:
-	;
-	if !(t == 'c' && (*FILE)(unsafe.Pointer(f)).shcnt+(int64((*FILE)(unsafe.Pointer(f)).rpos)-int64((*FILE)(unsafe.Pointer(f)).buf))/1 != off_t(width)) {
-		goto __133
-	}
-	goto match_fail
-__133:
-	;
-	if !(alloc != 0) {
-		goto __134
-	}
-	if !(size == 1) {
-		goto __135
-	}
-	*(*uintptr)(unsafe.Pointer(dest)) = wcs
-	goto __136
-__135:
-	*(*uintptr)(unsafe.Pointer(dest)) = s
-__136:
-	;
-__134:
-	;
-	if !(t != 'c') {
-		goto __137
-	}
-	if !(wcs != 0) {
-		goto __138
-	}
-	*(*wchar_t)(unsafe.Pointer(wcs + uintptr(i)*4)) = 0
-__138:
-	;
-	if !(s != 0) {
-		goto __139
-	}
-	*(*int8)(unsafe.Pointer(s + uintptr(i))) = int8(0)
-__139:
-	;
-__137:
-	;
-	goto __70
-__74:
-__75:
-__76:
-	base = 16
-	goto int_common
-__77:
-	base = 8
-	goto int_common
-__78:
-__79:
-	base = 10
-	goto int_common
-__80:
-	base = 0
-int_common:
-	x = X__intscan(tls, f, uint32(base), 0, 2*uint64(0x7fffffffffffffff)+uint64(1))
-	if !!((*FILE)(unsafe.Pointer(f)).shcnt+(int64((*FILE)(unsafe.Pointer(f)).rpos)-int64((*FILE)(unsafe.Pointer(f)).buf))/1 != 0) {
-		goto __140
-	}
-	goto match_fail
-__140:
-	;
-	if !(t == 'p' && dest != 0) {
-		goto __141
-	}
-	*(*uintptr)(unsafe.Pointer(dest)) = uintptr(uintptr_t(x))
-	goto __142
-__141:
-	store_int(tls, dest, size, x)
-__142:
-	;
-	goto __70
-__81:
-__82:
-__83:
-__84:
-__85:
-__86:
-__87:
-__88:
-	y = X__floatscan(tls, f, size, 0)
-	if !!((*FILE)(unsafe.Pointer(f)).shcnt+(int64((*FILE)(unsafe.Pointer(f)).rpos)-int64((*FILE)(unsafe.Pointer(f)).buf))/1 != 0) {
-		goto __143
-	}
-	goto match_fail
-__143:
-	;
-	if !(dest != 0) {
-		goto __144
-	}
-	switch size {
-	case 0:
-		goto __146
-	case 1:
-		goto __147
-	case 2:
-		goto __148
-	}
-	goto __145
-__146:
-	*(*float32)(unsafe.Pointer(dest)) = float32(y)
-	goto __145
-__147:
-	*(*float64)(unsafe.Pointer(dest)) = y
-	goto __145
-__148:
-	*(*float64)(unsafe.Pointer(dest)) = y
-	goto __145
-__145:
-	;
-__144:
-	;
-	goto __70
-__70:
-	;
-
-	pos = pos + ((*FILE)(unsafe.Pointer(f)).shcnt + (int64((*FILE)(unsafe.Pointer(f)).rpos)-int64((*FILE)(unsafe.Pointer(f)).buf))/1)
-	if !(dest != 0) {
-		goto __149
-	}
-	matches++
-__149:
-	;
-	goto __4
-__4:
-	p++
-	goto __3
-	goto __5
-__5:
-	;
-	if !(0 != 0) {
-		goto __150
-	}
-fmt_fail:
-alloc_fail:
-input_fail:
-	if !!(matches != 0) {
-		goto __151
-	}
-	matches--
-__151:
-	;
-match_fail:
-	if !(alloc != 0) {
-		goto __152
-	}
-	Xfree(tls, s)
-	Xfree(tls, wcs)
-__152:
-	;
-__150:
-	;
-__153:
-	if !(__need_unlock != 0) {
-		goto __156
-	}
-	X__unlockfile(tls, f)
-__156:
-	;
-	goto __154
-__154:
-	if 0 != 0 {
-		goto __153
-	}
-	goto __155
-__155:
-	;
-	return matches
-}
-
-func string_read(tls *TLS, f uintptr, buf uintptr, len size_t) size_t { /* vsscanf.c:4:15: */
-	var src uintptr = (*FILE)(unsafe.Pointer(f)).cookie
-	var k size_t = len + uint64(256)
-	var end uintptr = Xmemchr(tls, src, 0, k)
-	if end != 0 {
-		k = size_t((int64(end) - int64(src)) / 1)
-	}
-	if k < len {
-		len = k
-	}
-	Xmemcpy(tls, buf, src, len)
-	(*FILE)(unsafe.Pointer(f)).rpos = src + uintptr(len)
-	(*FILE)(unsafe.Pointer(f)).rend = src + uintptr(k)
-	(*FILE)(unsafe.Pointer(f)).cookie = src + uintptr(k)
-	return len
-}
-
-func Xvsscanf(tls *TLS, s uintptr, fmt uintptr, ap va_list) int32 { /* vsscanf.c:18:5: */
-	if __ccgo_strace {
-		trc("tls=%v s=%v fmt=%v ap=%v, (%v:)", tls, s, fmt, ap, origin(2))
-	}
-	bp := tls.Alloc(232)
-	defer tls.Free(232)
-
-	*(*FILE)(unsafe.Pointer(bp /* f */)) = FILE{read: *(*uintptr)(unsafe.Pointer(&struct {
-		f func(*TLS, uintptr, uintptr, size_t) size_t
-	}{string_read})), buf: s, lock: -1, cookie: s}
-	return Xvfscanf(tls, bp, fmt, ap)
-}
-
-func Xbsearch(tls *TLS, key uintptr, base uintptr, nel size_t, width size_t, cmp uintptr) uintptr { /* bsearch.c:3:6: */
-	if __ccgo_strace {
-		trc("tls=%v key=%v base=%v nel=%v width=%v cmp=%v, (%v:)", tls, key, base, nel, width, cmp, origin(2))
-	}
-	var try uintptr
-	var sign int32
-	for nel > uint64(0) {
-		try = base + uintptr(width*(nel/uint64(2)))
-		sign = (*struct {
-			f func(*TLS, uintptr, uintptr) int32
-		})(unsafe.Pointer(&struct{ uintptr }{cmp})).f(tls, key, try)
-		if sign < 0 {
-			nel = nel / uint64(2)
-		} else if sign > 0 {
-			base = try + uintptr(width)
-			nel = nel - (nel/uint64(2) + uint64(1))
-		} else {
-			return try
-		}
-	}
-	return uintptr(0)
-}
-
-func strtox(tls *TLS, s uintptr, p uintptr, prec int32) float64 { /* strtod.c:6:20: */
-	bp := tls.Alloc(232)
-	defer tls.Free(232)
-
-	// var f FILE at bp, 232
-
-	(*FILE)(unsafe.Pointer(bp)).buf = AssignPtrUintptr(bp+8, s)
-	(*FILE)(unsafe.Pointer(bp)).rend = UintptrFromInt32(-1)
-	X__shlim(tls, bp, int64(0))
-	var y float64 = X__floatscan(tls, bp, prec, 1)
-	var cnt off_t = (*FILE)(unsafe.Pointer(bp)).shcnt + (int64((*FILE)(unsafe.Pointer(bp)).rpos)-int64((*FILE)(unsafe.Pointer(bp)).buf))/1
-	if p != 0 {
-		*(*uintptr)(unsafe.Pointer(p)) = func() uintptr {
-			if cnt != 0 {
-				return s + uintptr(cnt)
-			}
-			return s
-		}()
-	}
-	return y
-}
-
-func Xstrtof(tls *TLS, s uintptr, p uintptr) float32 { /* strtod.c:17:7: */
-	if __ccgo_strace {
-		trc("tls=%v s=%v p=%v, (%v:)", tls, s, p, origin(2))
-	}
-	return float32(strtox(tls, s, p, 0))
-}
-
-func Xstrtod(tls *TLS, s uintptr, p uintptr) float64 { /* strtod.c:22:8: */
-	if __ccgo_strace {
-		trc("tls=%v s=%v p=%v, (%v:)", tls, s, p, origin(2))
-	}
-	return strtox(tls, s, p, 1)
-}
-
-func Xstrtold(tls *TLS, s uintptr, p uintptr) float64 { /* strtod.c:27:13: */
-	if __ccgo_strace {
-		trc("tls=%v s=%v p=%v, (%v:)", tls, s, p, origin(2))
-	}
-	return strtox(tls, s, p, 2)
-}
-
-func strtox1(tls *TLS, s uintptr, p uintptr, base int32, lim uint64) uint64 { /* strtol.c:8:27: */
-	bp := tls.Alloc(232)
-	defer tls.Free(232)
-
-	// var f FILE at bp, 232
-
-	(*FILE)(unsafe.Pointer(bp)).buf = AssignPtrUintptr(bp+8, s)
-	(*FILE)(unsafe.Pointer(bp)).rend = UintptrFromInt32(-1)
-	X__shlim(tls, bp, int64(0))
-	var y uint64 = X__intscan(tls, bp, uint32(base), 1, lim)
-	if p != 0 {
-		var cnt size_t = size_t((*FILE)(unsafe.Pointer(bp)).shcnt + (int64((*FILE)(unsafe.Pointer(bp)).rpos)-int64((*FILE)(unsafe.Pointer(bp)).buf))/1)
-		*(*uintptr)(unsafe.Pointer(p)) = s + uintptr(cnt)
-	}
-	return y
-}
-
-func Xstrtoull(tls *TLS, s uintptr, p uintptr, base int32) uint64 { /* strtol.c:21:20: */
-	if __ccgo_strace {
-		trc("tls=%v s=%v p=%v base=%v, (%v:)", tls, s, p, base, origin(2))
-	}
-	return strtox1(tls, s, p, base, 2*uint64(0x7fffffffffffffff)+uint64(1))
-}
-
-func Xstrtoll(tls *TLS, s uintptr, p uintptr, base int32) int64 { /* strtol.c:26:11: */
-	if __ccgo_strace {
-		trc("tls=%v s=%v p=%v base=%v, (%v:)", tls, s, p, base, origin(2))
-	}
-	return int64(strtox1(tls, s, p, base, Uint64FromInt64(-0x7fffffffffffffff-int64(1))))
-}
-
-func Xstrtoul(tls *TLS, s uintptr, p uintptr, base int32) uint64 { /* strtol.c:31:15: */
-	if __ccgo_strace {
-		trc("tls=%v s=%v p=%v base=%v, (%v:)", tls, s, p, base, origin(2))
-	}
-	return uint64(strtox1(tls, s, p, base, 2*uint64(0x7fffffffffffffff)+uint64(1)))
-}
-
-func Xstrtol(tls *TLS, s uintptr, p uintptr, base int32) int64 { /* strtol.c:36:6: */
-	if __ccgo_strace {
-		trc("tls=%v s=%v p=%v base=%v, (%v:)", tls, s, p, base, origin(2))
-	}
-	return int64(strtox1(tls, s, p, base, 0+Uint64FromInt64(Int64(-Int64(0x7fffffffffffffff))-Int64FromInt32(1))))
-}
-
-func Xstrtoimax(tls *TLS, s uintptr, p uintptr, base int32) intmax_t { /* strtol.c:41:10: */
-	if __ccgo_strace {
-		trc("tls=%v s=%v p=%v base=%v, (%v:)", tls, s, p, base, origin(2))
-	}
-	return intmax_t(Xstrtoll(tls, s, p, base))
-}
-
-func Xstrtoumax(tls *TLS, s uintptr, p uintptr, base int32) uintmax_t { /* strtol.c:46:11: */
-	if __ccgo_strace {
-		trc("tls=%v s=%v p=%v base=%v, (%v:)", tls, s, p, base, origin(2))
-	}
-	return uintmax_t(Xstrtoull(tls, s, p, base))
-}
-
-func Xstrdup(tls *TLS, s uintptr) uintptr { /* strdup.c:4:6: */
-	if __ccgo_strace {
-		trc("tls=%v s=%v, (%v:)", tls, s, origin(2))
-	}
-	var l size_t = Xstrlen(tls, s)
-	var d uintptr = Xmalloc(tls, l+uint64(1))
-	if !(d != 0) {
-		return uintptr(0)
-	}
-	return Xmemcpy(tls, d, s, l+uint64(1))
-}
-
-func Xstrlcat(tls *TLS, d uintptr, s uintptr, n size_t) size_t { /* strlcat.c:4:8: */
-	if __ccgo_strace {
-		trc("tls=%v d=%v s=%v n=%v, (%v:)", tls, d, s, n, origin(2))
-	}
-	var l size_t = Xstrnlen(tls, d, n)
-	if l == n {
-		return l + Xstrlen(tls, s)
-	}
-	return l + Xstrlcpy(tls, d+uintptr(l), s, n-l)
-}
-
-// Support signed or unsigned plain-char
-
-// Implementation choices...
-
-// Arbitrary numbers...
-
-// POSIX/SUS requirements follow. These numbers come directly
-// from SUS and have nothing to do with the host system.
-
-func Xstrlcpy(tls *TLS, d uintptr, s uintptr, n size_t) size_t { /* strlcpy.c:11:8: */
-	if __ccgo_strace {
-		trc("tls=%v d=%v s=%v n=%v, (%v:)", tls, d, s, n, origin(2))
-	}
-	var d0 uintptr
-	var wd uintptr
-	var ws uintptr
-	d0 = d
-
-	if !!(int32(PostDecUint64(&n, 1)) != 0) {
-		goto __1
-	}
-	goto finish
-__1:
-	;
-	if !(uintptr_t(s)&(uint64(unsafe.Sizeof(size_t(0)))-uint64(1)) == uintptr_t(d)&(uint64(unsafe.Sizeof(size_t(0)))-uint64(1))) {
-		goto __2
-	}
-__3:
-	if !(uintptr_t(s)&(uint64(unsafe.Sizeof(size_t(0)))-uint64(1)) != 0 && n != 0 && AssignPtrInt8(d, *(*int8)(unsafe.Pointer(s))) != 0) {
-		goto __5
-	}
-	goto __4
-__4:
-	n--
-	s++
-	d++
-	goto __3
-	goto __5
-__5:
-	;
-	if !(n != 0 && *(*int8)(unsafe.Pointer(s)) != 0) {
-		goto __6
-	}
-	wd = d
-	ws = s
-__7:
-	if !(n >= size_t(unsafe.Sizeof(size_t(0))) && !((*(*uint64)(unsafe.Pointer(ws))-Uint64(Uint64FromInt32(-1))/uint64(255)) & ^*(*uint64)(unsafe.Pointer(ws)) & (Uint64(Uint64FromInt32(-1))/uint64(255)*uint64(255/2+1)) != 0)) {
-		goto __9
-	}
-	*(*size_t)(unsafe.Pointer(wd)) = *(*uint64)(unsafe.Pointer(ws))
-	goto __8
-__8:
-	n = n - size_t(unsafe.Sizeof(size_t(0)))
-	ws += 8
-	wd += 8
-	goto __7
-	goto __9
-__9:
-	;
-	d = wd
-	s = ws
-__6:
-	;
-__2:
-	;
-__10:
-	if !(n != 0 && AssignPtrInt8(d, *(*int8)(unsafe.Pointer(s))) != 0) {
-		goto __12
-	}
-	goto __11
-__11:
-	n--
-	s++
-	d++
-	goto __10
-	goto __12
-__12:
-	;
-	*(*int8)(unsafe.Pointer(d)) = int8(0)
-finish:
-	return size_t((int64(d)-int64(d0))/1) + Xstrlen(tls, s)
-}
-
-func Xstrncasecmp(tls *TLS, _l uintptr, _r uintptr, n size_t) int32 { /* strncasecmp.c:4:5: */
-	if __ccgo_strace {
-		trc("tls=%v _l=%v _r=%v n=%v, (%v:)", tls, _l, _r, n, origin(2))
-	}
-	var l uintptr = _l
-	var r uintptr = _r
-	if !(int32(PostDecUint64(&n, 1)) != 0) {
-		return 0
-	}
-__1:
-	if !(*(*uint8)(unsafe.Pointer(l)) != 0 && *(*uint8)(unsafe.Pointer(r)) != 0 && n != 0 && (int32(*(*uint8)(unsafe.Pointer(l))) == int32(*(*uint8)(unsafe.Pointer(r))) || Xtolower(tls, int32(*(*uint8)(unsafe.Pointer(l)))) == Xtolower(tls, int32(*(*uint8)(unsafe.Pointer(r)))))) {
-		goto __3
-	}
-	goto __2
-__2:
-	l++
-	r++
-	n--
-	goto __1
-	goto __3
-__3:
-	;
-	return Xtolower(tls, int32(*(*uint8)(unsafe.Pointer(l)))) - Xtolower(tls, int32(*(*uint8)(unsafe.Pointer(r))))
-}
-
-func X__strncasecmp_l(tls *TLS, l uintptr, r uintptr, n size_t, loc locale_t) int32 { /* strncasecmp.c:12:5: */
-	if __ccgo_strace {
-		trc("tls=%v l=%v r=%v n=%v loc=%v, (%v:)", tls, l, r, n, loc, origin(2))
-	}
-	return Xstrncasecmp(tls, l, r, n)
-}
-
-func Xstrncat(tls *TLS, d uintptr, s uintptr, n size_t) uintptr { /* strncat.c:3:6: */
-	if __ccgo_strace {
-		trc("tls=%v d=%v s=%v n=%v, (%v:)", tls, d, s, n, origin(2))
-	}
-	var a uintptr = d
-	d += uintptr(Xstrlen(tls, d))
-	for n != 0 && *(*int8)(unsafe.Pointer(s)) != 0 {
-		n--
-		*(*int8)(unsafe.Pointer(PostIncUintptr(&d, 1))) = *(*int8)(unsafe.Pointer(PostIncUintptr(&s, 1)))
-	}
-	*(*int8)(unsafe.Pointer(PostIncUintptr(&d, 1))) = int8(0)
-	return a
-}
-
-func Xstrnlen(tls *TLS, s uintptr, n size_t) size_t { /* strnlen.c:3:8: */
-	if __ccgo_strace {
-		trc("tls=%v s=%v n=%v, (%v:)", tls, s, n, origin(2))
-	}
-	var p uintptr = Xmemchr(tls, s, 0, n)
-	if p != 0 {
-		return uint64((int64(p) - int64(s)) / 1)
-	}
-	return n
-}
-
-func Xstrspn(tls *TLS, s uintptr, c uintptr) size_t { /* strspn.c:6:8: */
-	if __ccgo_strace {
-		trc("tls=%v s=%v c=%v, (%v:)", tls, s, c, origin(2))
-	}
-	bp := tls.Alloc(32)
-	defer tls.Free(32)
-
-	var a uintptr = s
-	*(*[4]size_t)(unsafe.Pointer(bp /* byteset */)) = [4]size_t{0: uint64(0)}
-
-	if !(int32(*(*int8)(unsafe.Pointer(c))) != 0) {
-		return uint64(0)
-	}
-	if !(int32(*(*int8)(unsafe.Pointer(c + 1))) != 0) {
-		for ; int32(*(*int8)(unsafe.Pointer(s))) == int32(*(*int8)(unsafe.Pointer(c))); s++ {
-		}
-		return size_t((int64(s) - int64(a)) / 1)
-	}
-
-	for ; *(*int8)(unsafe.Pointer(c)) != 0 && AssignOrPtrUint64(bp+uintptr(size_t(*(*uint8)(unsafe.Pointer(c)))/(uint64(8)*uint64(unsafe.Sizeof(size_t(0)))))*8, size_t(uint64(1))<<(size_t(*(*uint8)(unsafe.Pointer(c)))%(uint64(8)*uint64(unsafe.Sizeof(size_t(0)))))) != 0; c++ {
-	}
-	for ; *(*int8)(unsafe.Pointer(s)) != 0 && *(*size_t)(unsafe.Pointer(bp + uintptr(size_t(*(*uint8)(unsafe.Pointer(s)))/(uint64(8)*uint64(unsafe.Sizeof(size_t(0)))))*8))&(size_t(uint64(1))<<(size_t(*(*uint8)(unsafe.Pointer(s)))%(uint64(8)*uint64(unsafe.Sizeof(size_t(0)))))) != 0; s++ {
-	}
-	return size_t((int64(s) - int64(a)) / 1)
-}
-
-func Xstrtok(tls *TLS, s uintptr, sep uintptr) uintptr { /* strtok.c:3:6: */
-	if __ccgo_strace {
-		trc("tls=%v s=%v sep=%v, (%v:)", tls, s, sep, origin(2))
-	}
-	if !(s != 0) && !(int32(AssignUintptr(&s, _sp)) != 0) {
-		return uintptr(0)
-	}
-	s += uintptr(Xstrspn(tls, s, sep))
-	if !(int32(*(*int8)(unsafe.Pointer(s))) != 0) {
-		return AssignPtrUintptr(uintptr(unsafe.Pointer(&_sp)), uintptr(0))
-	}
-	_sp = s + uintptr(Xstrcspn(tls, s, sep))
-	if *(*int8)(unsafe.Pointer(_sp)) != 0 {
-		*(*int8)(unsafe.Pointer(PostIncUintptr(&_sp, 1))) = int8(0)
-	} else {
-		_sp = uintptr(0)
-	}
-	return s
-}
-
-var _sp uintptr /* strtok.c:5:14: */
-
-func X__ccgo_pthreadAttrGetDetachState(tls *TLS, a uintptr) int32 { /* pthread_attr_get.c:3:5: */
-	if __ccgo_strace {
-		trc("tls=%v a=%v, (%v:)", tls, a, origin(2))
-	}
-	return *(*int32)(unsafe.Pointer(a + 6*4))
-}
-
-func Xpthread_attr_getdetachstate(tls *TLS, a uintptr, state uintptr) int32 { /* pthread_attr_get.c:7:5: */
-	if __ccgo_strace {
-		trc("tls=%v a=%v state=%v, (%v:)", tls, a, state, origin(2))
-	}
-	*(*int32)(unsafe.Pointer(state)) = *(*int32)(unsafe.Pointer(a + 6*4))
-	return 0
-}
-
-//
-// int pthread_attr_getguardsize(const pthread_attr_t *restrict a, size_t *restrict size)
-// {
-// 	*size = a->_a_guardsize;
-// 	return 0;
-// }
-//
-// int pthread_attr_getinheritsched(const pthread_attr_t *restrict a, int *restrict inherit)
-// {
-// 	*inherit = a->_a_sched;
-// 	return 0;
-// }
-//
-// int pthread_attr_getschedparam(const pthread_attr_t *restrict a, struct sched_param *restrict param)
-// {
-// 	param->sched_priority = a->_a_prio;
-// 	return 0;
-// }
-//
-// int pthread_attr_getschedpolicy(const pthread_attr_t *restrict a, int *restrict policy)
-// {
-// 	*policy = a->_a_policy;
-// 	return 0;
-// }
-//
-// int pthread_attr_getscope(const pthread_attr_t *restrict a, int *restrict scope)
-// {
-// 	*scope = PTHREAD_SCOPE_SYSTEM;
-// 	return 0;
-// }
-//
-// int pthread_attr_getstack(const pthread_attr_t *restrict a, void **restrict addr, size_t *restrict size)
-// {
-// 	if (!a->_a_stackaddr)
-// 		return EINVAL;
-// 	*size = a->_a_stacksize;
-// 	*addr = (void *)(a->_a_stackaddr - *size);
-// 	return 0;
-// }
-//
-// int pthread_attr_getstacksize(const pthread_attr_t *restrict a, size_t *restrict size)
-// {
-// 	*size = a->_a_stacksize;
-// 	return 0;
-// }
-//
-// int pthread_barrierattr_getpshared(const pthread_barrierattr_t *restrict a, int *restrict pshared)
-// {
-// 	*pshared = !!a->__attr;
-// 	return 0;
-// }
-//
-// int pthread_condattr_getclock(const pthread_condattr_t *restrict a, clockid_t *restrict clk)
-// {
-// 	*clk = a->__attr & 0x7fffffff;
-// 	return 0;
-// }
-//
-// int pthread_condattr_getpshared(const pthread_condattr_t *restrict a, int *restrict pshared)
-// {
-// 	*pshared = a->__attr>>31;
-// 	return 0;
-// }
-//
-// int pthread_mutexattr_getprotocol(const pthread_mutexattr_t *restrict a, int *restrict protocol)
-// {
-// 	*protocol = PTHREAD_PRIO_NONE;
-// 	return 0;
-// }
-// int pthread_mutexattr_getpshared(const pthread_mutexattr_t *restrict a, int *restrict pshared)
-// {
-// 	*pshared = a->__attr / 128U % 2;
-// 	return 0;
-// }
-//
-// int pthread_mutexattr_getrobust(const pthread_mutexattr_t *restrict a, int *restrict robust)
-// {
-// 	*robust = a->__attr / 4U % 2;
-// 	return 0;
-// }
-
-func X__ccgo_pthreadMutexattrGettype(tls *TLS, a uintptr) int32 { /* pthread_attr_get.c:93:5: */
-	if __ccgo_strace {
-		trc("tls=%v a=%v, (%v:)", tls, a, origin(2))
-	}
-	return int32((*pthread_mutexattr_t)(unsafe.Pointer(a)).__attr & uint32(3))
-}
-
-// int pthread_mutexattr_gettype(const pthread_mutexattr_t *restrict a, int *restrict type)
-// {
-// 	*type = a->__attr & 3;
-// 	return 0;
-// }
-//
-// int pthread_rwlockattr_getpshared(const pthread_rwlockattr_t *restrict a, int *restrict pshared)
-// {
-// 	*pshared = a->__attr[0];
-// 	return 0;
-// }
-
-func Xpthread_attr_setdetachstate(tls *TLS, a uintptr, state int32) int32 { /* pthread_attr_setdetachstate.c:3:5: */
-	if __ccgo_strace {
-		trc("tls=%v a=%v state=%v, (%v:)", tls, a, state, origin(2))
-	}
-	if uint32(state) > 1 {
-		return 22
-	}
-	*(*int32)(unsafe.Pointer(a + 6*4)) = state
-	return 0
-}
-
-func X__ccgo_getMutexType(tls *TLS, m uintptr) int32 { /* pthread_mutex_lock.c:3:5: */
-	if __ccgo_strace {
-		trc("tls=%v m=%v, (%v:)", tls, m, origin(2))
-	}
-	return *(*int32)(unsafe.Pointer(m)) & 15
-}
-
-// int __pthread_mutex_lock(pthread_mutex_t *m)
-// {
-// 	if ((m->_m_type&15) == PTHREAD_MUTEX_NORMAL
-// 	    && !a_cas(&m->_m_lock, 0, EBUSY))
-// 		return 0;
-//
-// 	return __pthread_mutex_timedlock(m, 0);
-// }
-//
-// weak_alias(__pthread_mutex_lock, pthread_mutex_lock);
-
-func Xpthread_mutexattr_destroy(tls *TLS, a uintptr) int32 { /* pthread_mutexattr_destroy.c:3:5: */
-	if __ccgo_strace {
-		trc("tls=%v a=%v, (%v:)", tls, a, origin(2))
-	}
-	return 0
-}
-
-func Xpthread_mutexattr_init(tls *TLS, a uintptr) int32 { /* pthread_mutexattr_init.c:3:5: */
-	if __ccgo_strace {
-		trc("tls=%v a=%v, (%v:)", tls, a, origin(2))
-	}
-	*(*pthread_mutexattr_t)(unsafe.Pointer(a)) = pthread_mutexattr_t{}
-	return 0
-}
-
-func Xpthread_mutexattr_settype(tls *TLS, a uintptr, type1 int32) int32 { /* pthread_mutexattr_settype.c:3:5: */
-	if __ccgo_strace {
-		trc("tls=%v a=%v type1=%v, (%v:)", tls, a, type1, origin(2))
-	}
-	if uint32(type1) > uint32(2) {
-		return 22
-	}
-	(*pthread_mutexattr_t)(unsafe.Pointer(a)).__attr = (*pthread_mutexattr_t)(unsafe.Pointer(a)).__attr&Uint32FromInt32(CplInt32(3)) | uint32(type1)
-	return 0
-}
-
-func init() {
-	*(*uintptr)(unsafe.Pointer(uintptr(unsafe.Pointer(&ptable)) + 0)) = uintptr(unsafe.Pointer(&table)) + uintptr(128)*2 // __ctype_b_loc.c:36:45:
-}
-
-var ts1 = "infinity\x00nan\x00\x00\x00\x01\x02\x04\a\x03\x06\x05\x00.\x00%d.%d.%d.%d.in-addr.arpa\x00ip6.arpa\x000123456789abcdef\x00/etc/hosts\x00rb\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\x00%d.%d.%d.%d\x00%x:%x:%x:%x:%x:%x:%x:%x\x00%x:%x:%x:%x:%x:%x:%d.%d.%d.%d\x00:0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\x00\x00\x00\x00 \x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xfc\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
-var ts = (*reflect.StringHeader)(unsafe.Pointer(&ts1)).Data
diff --git a/vendor/modernc.org/libc/pthread_musl.go b/vendor/modernc.org/libc/pthread_musl.go
index 01fa300f6..c051945af 100644
--- a/vendor/modernc.org/libc/pthread_musl.go
+++ b/vendor/modernc.org/libc/pthread_musl.go
@@ -22,14 +22,26 @@ type pthreadCleanupItem struct {
 	routine, arg uintptr
 }
 
-// C version is 40 bytes (64b) and 24 bytes (32b).
-type pthreadMutex struct { // 64b        32b
-	sync.Mutex            //  0	8    0     8
-	count      int32      //  8	4    8     4
-	mType      uint32     // 12	4   12     4
-	outer      sync.Mutex // 16	8   16     8
-	owner      int32      // 24	4   24     4
-	//			 28         28
+// C original, unpatched version
+//
+// include/alltypes.h.in:86:TYPEDEF struct {
+//	union {
+//		int __i[sizeof(long)==8?10:6];
+//		volatile int __vi[sizeof(long)==8?10:6];
+//		volatile void *volatile __p[sizeof(long)==8?5:6];
+//	} __u;
+// } pthread_mutex_t;
+
+//TODO(jnml) can remove __ccgo_room patches now.
+
+// We overlay the C version with our version below. It must not be larger than
+// the C version.
+type pthreadMutex struct { // gc  64b       32b        | tinygo   64b       32b
+	sync.Mutex        //        0    8    0    4   |            0   16    0    8
+	count      int32  //        8    4    4    4   |           16    4    8    4
+	typ        uint32 //       12    4    8    4   |           20    4   12    4
+	owner      int32  //       16    4   12    4   |           24    4   16    4
+	//                         20        16        |           28        20
 }
 
 type pthreadConds struct {
@@ -39,7 +51,6 @@ type pthreadConds struct {
 
 var (
 	// Ensure there's enough space for unsafe type conversions.
-	_ [unsafe.Sizeof(sync.Mutex{}) - __CCGO_SIZEOF_GO_MUTEX]byte
 	_ [unsafe.Sizeof(Tpthread_mutex_t{}) - unsafe.Sizeof(pthreadMutex{})]byte
 	_ [unsafe.Sizeof(Tpthread_attr_t{}) - unsafe.Sizeof(pthreadAttr{})]byte
 
@@ -255,103 +266,75 @@ func Xpthread_self(tls *TLS) uintptr {
 func Xpthread_mutex_init(tls *TLS, m, a uintptr) int32 {
 	*(*Tpthread_mutex_t)(unsafe.Pointer(m)) = Tpthread_mutex_t{}
 	if a != 0 {
-		(*pthreadMutex)(unsafe.Pointer(m)).mType = (*Tpthread_mutexattr_t)(unsafe.Pointer(a)).F__attr
+		(*pthreadMutex)(unsafe.Pointer(m)).typ = (*Tpthread_mutexattr_t)(unsafe.Pointer(a)).F__attr
 	}
 	return 0
 }
 
-func Xpthread_mutex_destroy(tls *TLS, mutex uintptr) int32 {
+func Xpthread_mutex_destroy(tls *TLS, m uintptr) int32 {
+	*(*Tpthread_mutex_t)(unsafe.Pointer(m)) = Tpthread_mutex_t{}
 	return 0
 }
 
 func Xpthread_mutex_lock(tls *TLS, m uintptr) int32 {
-	(*pthreadMutex)(unsafe.Pointer(m)).outer.Lock()
-	owner := (*pthreadMutex)(unsafe.Pointer(m)).owner
-	typ := (*pthreadMutex)(unsafe.Pointer(m)).mType
-	switch typ {
+	switch typ := (*pthreadMutex)(unsafe.Pointer(m)).typ; typ {
 	case PTHREAD_MUTEX_NORMAL:
-		(*pthreadMutex)(unsafe.Pointer(m)).owner = tls.ID
-		(*pthreadMutex)(unsafe.Pointer(m)).outer.Unlock()
 		(*pthreadMutex)(unsafe.Pointer(m)).Lock()
+		return 0
 	case PTHREAD_MUTEX_RECURSIVE:
-		switch owner {
-		case 0:
+		if atomic.CompareAndSwapInt32(&((*pthreadMutex)(unsafe.Pointer(m)).owner), 0, tls.ID) {
 			(*pthreadMutex)(unsafe.Pointer(m)).count = 1
-			(*pthreadMutex)(unsafe.Pointer(m)).owner = tls.ID
-			(*pthreadMutex)(unsafe.Pointer(m)).outer.Unlock()
 			(*pthreadMutex)(unsafe.Pointer(m)).Lock()
 			return 0
-		case tls.ID:
-			(*pthreadMutex)(unsafe.Pointer(m)).count++
-			(*pthreadMutex)(unsafe.Pointer(m)).outer.Unlock()
-			return 0
-		default:
-		wait:
-			(*pthreadMutex)(unsafe.Pointer(m)).outer.Unlock()
-			(*pthreadMutex)(unsafe.Pointer(m)).Lock()
-			(*pthreadMutex)(unsafe.Pointer(m)).outer.Lock()
-			if (*pthreadMutex)(unsafe.Pointer(m)).owner != 0 {
-				goto wait
-			}
-
-			(*pthreadMutex)(unsafe.Pointer(m)).count = 1
-			(*pthreadMutex)(unsafe.Pointer(m)).owner = tls.ID
-			(*pthreadMutex)(unsafe.Pointer(m)).outer.Unlock()
-			return 0
+		}
+
+		if atomic.LoadInt32(&((*pthreadMutex)(unsafe.Pointer(m)).owner)) == tls.ID {
+			(*pthreadMutex)(unsafe.Pointer(m)).count++
+			return 0
+		}
+
+		for {
+			(*pthreadMutex)(unsafe.Pointer(m)).Lock()
+			if atomic.CompareAndSwapInt32(&((*pthreadMutex)(unsafe.Pointer(m)).owner), 0, tls.ID) {
+				(*pthreadMutex)(unsafe.Pointer(m)).count = 1
+				return 0
+			}
+
+			(*pthreadMutex)(unsafe.Pointer(m)).Unlock()
 		}
 	default:
-		panic(todo("typ=%v", typ))
+		panic(todo("", typ))
 	}
-	return 0
 }
 
 func Xpthread_mutex_trylock(tls *TLS, m uintptr) int32 {
-	(*pthreadMutex)(unsafe.Pointer(m)).outer.Lock()
-	owner := (*pthreadMutex)(unsafe.Pointer(m)).owner
-	typ := (*pthreadMutex)(unsafe.Pointer(m)).mType
-	switch typ {
+	switch typ := (*pthreadMutex)(unsafe.Pointer(m)).typ; typ {
 	case PTHREAD_MUTEX_NORMAL:
-		if owner != 0 {
-			(*pthreadMutex)(unsafe.Pointer(m)).outer.Unlock()
-			return EBUSY
+		if (*pthreadMutex)(unsafe.Pointer(m)).TryLock() {
+			return 0
 		}
 
-		(*pthreadMutex)(unsafe.Pointer(m)).owner = tls.ID
-		(*pthreadMutex)(unsafe.Pointer(m)).outer.Unlock()
-		(*pthreadMutex)(unsafe.Pointer(m)).Lock()
-		return 0
+		return EBUSY
 	default:
 		panic(todo("typ=%v", typ))
 	}
 }
 
 func Xpthread_mutex_unlock(tls *TLS, m uintptr) int32 {
-	(*pthreadMutex)(unsafe.Pointer(m)).outer.Lock()
-	count := (*pthreadMutex)(unsafe.Pointer(m)).count
-	owner := (*pthreadMutex)(unsafe.Pointer(m)).owner
-	typ := (*pthreadMutex)(unsafe.Pointer(m)).mType
-	switch typ {
+	switch typ := (*pthreadMutex)(unsafe.Pointer(m)).typ; typ {
 	case PTHREAD_MUTEX_NORMAL:
-		(*pthreadMutex)(unsafe.Pointer(m)).outer.Unlock()
 		(*pthreadMutex)(unsafe.Pointer(m)).Unlock()
 		return 0
 	case PTHREAD_MUTEX_RECURSIVE:
-		switch owner {
-		case tls.ID:
-			switch count {
-			case 1:
-				(*pthreadMutex)(unsafe.Pointer(m)).owner = 0
-				(*pthreadMutex)(unsafe.Pointer(m)).outer.Unlock()
-				(*pthreadMutex)(unsafe.Pointer(m)).Unlock()
-				return 0
-			default:
-				(*pthreadMutex)(unsafe.Pointer(m)).count--
-				(*pthreadMutex)(unsafe.Pointer(m)).outer.Unlock()
-				return 0
-			}
-		default:
-			panic(todo("", owner, tls.ID))
+		if atomic.LoadInt32(&((*pthreadMutex)(unsafe.Pointer(m)).owner)) != tls.ID {
+			return EPERM
 		}
+
+		if atomic.AddInt32(&((*pthreadMutex)(unsafe.Pointer(m)).count), -1) == 0 {
+			atomic.StoreInt32(&((*pthreadMutex)(unsafe.Pointer(m)).owner), 0)
+			(*pthreadMutex)(unsafe.Pointer(m)).Unlock()
+		}
+		return 0
 	default:
 		panic(todo("", typ))
 	}
@@ -404,9 +387,8 @@ func Xpthread_cond_timedwait(tls *TLS, c, m, ts uintptr) (r int32) {
 		}
 	}()
 
-	switch typ := (*pthreadMutex)(unsafe.Pointer(m)).mType; typ {
+	switch typ := (*pthreadMutex)(unsafe.Pointer(m)).typ; typ {
 	case PTHREAD_MUTEX_NORMAL:
-		(*pthreadMutex)(unsafe.Pointer(m)).owner = 0
 		(*pthreadMutex)(unsafe.Pointer(m)).Unlock()
 		select {
 		case <-ch:
@@ -414,7 +396,6 @@ func Xpthread_cond_timedwait(tls *TLS, c, m, ts uintptr) (r int32) {
 		case <-to:
 			r = ETIMEDOUT
 		}
-		(*pthreadMutex)(unsafe.Pointer(m)).owner = tls.ID
 		(*pthreadMutex)(unsafe.Pointer(m)).Lock()
 		return r
 	default:
diff --git a/vendor/modernc.org/memory/LICENSE-LOGO b/vendor/modernc.org/memory/LICENSE-LOGO
new file mode 100644
index 000000000..ec496d173
--- /dev/null
+++ b/vendor/modernc.org/memory/LICENSE-LOGO
@@ -0,0 +1 @@
+https://commons.wikimedia.org/wiki/File:Memory_infra_logo.png
diff --git a/vendor/modernc.org/memory/Makefile b/vendor/modernc.org/memory/Makefile
index f844f1314..40a91322c 100644
--- a/vendor/modernc.org/memory/Makefile
+++ b/vendor/modernc.org/memory/Makefile
@@ -37,30 +37,59 @@ editor:
 
 build_all_targets:
 	GOOS=darwin GOARCH=amd64 go build
+	GOOS=darwin GOARCH=amd64 staticcheck
 	GOOS=darwin GOARCH=arm64 go build
+	GOOS=darwin GOARCH=arm64 staticcheck
 	GOOS=freebsd GOARCH=386 go build
+	GOOS=freebsd GOARCH=386 staticcheck
 	GOOS=freebsd GOARCH=amd64 go build
+	GOOS=freebsd GOARCH=amd64 staticcheck
 	GOOS=freebsd GOARCH=arm go build
+	GOOS=freebsd GOARCH=arm staticcheck
 	GOOS=freebsd GOARCH=arm64 go build
+	GOOS=freebsd GOARCH=arm64 staticcheck
 	GOOS=illumos GOARCH=amd64 go build
+	GOOS=illumos GOARCH=amd64 staticcheck
 	GOOS=linux GOARCH=386 go build
+	GOOS=linux GOARCH=386 staticcheck
 	GOOS=linux GOARCH=amd64 go build
+	GOOS=linux GOARCH=amd64 staticcheck
 	GOOS=linux GOARCH=arm go build
+	GOOS=linux GOARCH=arm staticcheck
 	GOOS=linux GOARCH=arm64 go build
+	GOOS=linux GOARCH=arm64 staticcheck
 	GOOS=linux GOARCH=loong64 go build
+	GOOS=linux GOARCH=loong64 staticcheck
 	GOOS=linux GOARCH=mips go build
+	GOOS=linux GOARCH=mips staticcheck
 	GOOS=linux GOARCH=mips64le go build
+	GOOS=linux GOARCH=mips64le staticcheck
 	GOOS=linux GOARCH=mipsle go build
+	GOOS=linux GOARCH=mipsle staticcheck
+	GOOS=linux GOARCH=ppc64le go build
+	GOOS=linux GOARCH=ppc64le staticcheck
 	GOOS=linux GOARCH=riscv64 go build
+	GOOS=linux GOARCH=riscv64 staticcheck
 	GOOS=linux GOARCH=s390x go build
+	GOOS=linux GOARCH=s390x staticcheck
 	GOOS=netbsd GOARCH=386 go build
+	GOOS=netbsd GOARCH=386 staticcheck
 	GOOS=netbsd GOARCH=amd64 go build
+	GOOS=netbsd GOARCH=amd64 staticcheck
 	GOOS=netbsd GOARCH=arm go build
+	GOOS=netbsd GOARCH=arm staticcheck
 	GOOS=openbsd GOARCH=386 go build
+	GOOS=openbsd GOARCH=386 staticcheck
 	GOOS=openbsd GOARCH=amd64 go build
+	GOOS=openbsd GOARCH=amd64 staticcheck
 	GOOS=openbsd GOARCH=arm64 go build
+	GOOS=openbsd GOARCH=arm64 staticcheck
 	GOOS=windows GOARCH=386 go build
+	GOOS=windows GOARCH=386 staticcheck
 	GOOS=windows GOARCH=amd64 go build
+	GOOS=windows GOARCH=amd64 staticcheck
+	GOOS=windows GOARCH=arm64 go build
+	GOOS=windows GOARCH=arm64 staticcheck
 
 internalError:
 	egrep -ho '"internal error.*"' *.go | sort | cat -n
diff --git a/vendor/modernc.org/memory/README.md b/vendor/modernc.org/memory/README.md
index 9354a3650..02c301256 100644
--- a/vendor/modernc.org/memory/README.md
+++ b/vendor/modernc.org/memory/README.md
@@ -1,4 +1,4 @@
-# memory
+![logo-png](logo.png)
 
 Package memory implements a memory allocator.
 
@@ -10,4 +10,4 @@ Installation
 
     $ go get modernc.org/memory
 
-Documentation: [godoc.org/modernc.org/memory](http://godoc.org/modernc.org/memory)
+[![Go Reference](https://pkg.go.dev/badge/modernc.org/memory.0.svg)](https://pkg.go.dev/modernc.org/memory)
diff --git a/vendor/modernc.org/memory/logo.png b/vendor/modernc.org/memory/logo.png
new file mode 100644
index 0000000000000000000000000000000000000000..ba4eb2013e458967edff1047cca303008b9979e1
GIT binary patch
literal 11369
zcmV-vESA%WP)<h;3K|Lk000e1NJLTq0077U003PG1^@s6;PWYN0004lX+uL$Nkc;*
zaB^>EX>4Tx04R}tkv&MmKpe$iQ^gM|4rUN>$WWc^q9Ts93Pq?8YK2xEOfLO`CJjl7
zi=*ILaPVWX>fqw6tAnc`2!4RL3r>nIQsV!TLW>v=j{EWM-sA2aAT%mWx4YtiZa7vt
znUJ!%RjKC{VTkBM3?YTt=A1025IDZ>5#sAzjAsR(`*RFvd7A+ti8#(o%OTz%p4oIv
z&ilk7D=8ZBIq`%=7bJe<y6W>A=c2~~&lIgpdY)J$mWmy$b}%bhI`K4dRMQR07qUKU
zoVPgZl^Sc^lfN*MH&&LpPIDAVEMf^VB&evNj0zm;s|<q_8)@241o%fhzf3NbTxBqF
zET9S<isuLagWuiSg{etDDUtxXUtITN4CvVfnswLxK6c&a2@rk;u8g+7+5l!hNw2rH
z=n*iu4P0EeHFXcT+yRE4OvO?>DNIu+6oB_L`lcK(bPM#a`MtIFaryvcsH@ZsaBv8W
z7b$x^;N88Qz5RQp)!z?eR&t=HD^&^r000JJOGiWi{{YSa0H_wnxc~qF32;bRa{vG?
zBLDy{BLR4&KXw2B00(qQO+^Rk0~84@9Vxk2O8@`>8FWQhbVF}#ZDnqB07G(RVRU6=
zAa`kWXdp*PO;A^X4i^9bAOJ~3K~#9!?R|HAR8`vl_uMI&o-&#A9tbUzfFMN_q)1Z)
zbX9EoZqePJYgym2&4mT)s_U-0tCSUYWkt8)Du_}nh$uZFjgUZkGRaKpB$;~eJ?|eg
zId_K4ups1$zjvO`XFqJlGk2bQ&hwn}e4loJC`BnsQHoNOq7<blMJY;Aic*xKbVU#e
z_hI3>)h~cxLUekf^nZpZip$q-`|oo<R-XI8*mZXh5L`t-W=Cf&O8;l{gV3;t1s9!~
zC`BnUMHM7UQHm-^l%n+2NI5*vpU7-L(r*s0m%?w9*Yl!m&~Jc(@B?nN>^gR7LVHmQ
z0a#{?fi5HQD}BAEq5-|-4YDnxLK}mOo36h2`5{10Sv`6y8xX<yc-cvvU_{EC@gPdY
z#fhpQqV>b$;0N5Y&8ua`Xy`I6SDu0>2!}YG5hSo^UcrghCI@<Zx@DOdQ(P?KuGPb&
zj|=Q06y44~h*S(aUa!_btJ1K)1=0@dsaEg;Km5nFLIHDr1`-W%faq5cFYklHGZ1#X
zAw~<0GKTHQBHGYe-U0#Q@GCN>K<t#!Fze&M1r)@?d(r1{hS6Pu1igvL02M^oyS?bD
zZj?m^bTL}QT{{IPLmWFrdR=|+iNe>fAfrslc;e<C!4RWmpIMhbgvpbOWSN{#KK>Nx
zX=&_q9q_vFv+XaT%F#Y#tUxKgU33F(o;U|I@D1)R4!5`8hEG2Jc-VPex#|}D`q^ip
z(MSqf-CT<w?fQM#@jtufc1+D5&;It^>cdkBPh!J{SBIU~{1N#$@cyR|MUg4N{xc`A
z_M<;TMM9w~RVuLc_Q#-9NGDCjlv}WJ#R@naj$!BZS5G{Sd+xahG;k_&gy4~PUPQUA
z{_9te7FQ3p9@z!8!v84I<wNslrLrBZ8#cU()G4E&wix|FB=Bf;^@jII5Q2mCrRW^!
zWeVb|v*YZUv$F77T6z*M{r)8+&Kk`Yv%?Yjq}^3@2xaZHpaB8xuWiTSLto0mtKDwL
z3x9YK#==ZMK|nxI-_r(V7;HgA5wCx_0~{ClZz9E+Jx4JxFdz%Bdp`US{U(AKiwP7I
z1O%;pomYm5rBkRd+MEGxz!ado2uqPdHU%jvnvCS^bZ|N~0Km<A@kL!J96ongAeW+x
z$5=}iJBr1a6zqtLMWYPXfW?x8DU+u_pJ-;k-^8i$QH0;lF<CGwF`Ho!50`+_^mG)L
zlngtsTCEmSCrySTLFWhD1mJldl!nLOV-qu>;1mqls|)&|RH+~c!m#t2o0p48*`q*o
zs(>|0aG;^=%1{uaN`uj9`OL(klp=xC$)+G<#*9H)W;zJRF%!#Bq5;qs)*+J?pM-H4
zBZKTN5vJH!S$H*@6Hqv=5IU2AeHNooMI4`FPQ$oNiC2%=jijU`S$NfIwHRMG9#C=&
zTlDx`5JAD6<0PPj!`O@wPzJ0B3JUaipi-&eaSuOG&&bF`;m9#S-~=Otz*wdOF2gA@
zWG@)I?he8cvj0L;O;nr$>2Ve)0(Pmd&xPtOdr(tdEz3fV961tMH_w1ECz;`lmL6L~
zfM(X25T`X_a0~A^QG?>Q_F}*}{N{jOuSZ^C0rKx%z`R&auN&6BuCU{i^l>n1bPS|-
z9;-pgU-zMJpl|p+SZX!KUpEcu%cccDIzgYu30wbAlaLUC-1t;>vWS9+nyvd#b*z+`
zlEX=<$tf6n_W~GmQv>Tt(A;Z>hxcB%=MD7Z@-^G$UG@`Xq%jFk-t=H7NWbBGC@PvH
zi-P?1Z+{O3=^ht;y8Xq7ApQ37bFpI595$Z2mBVdy-;xESFI%<@zkc?)At3#M_g@Y>
z{*mb`Fm;5KGwQp^ho@qm#H+8qGVHwO<mBLkZT|`a>A?Oo#aOfNPeVbvLV-W5d^8lK
z7cRw$6)WKA?HzVrAN{ZY!aeui8v@cF-u@!WZFOJ2iPh@r#kOO+p$?b|qT7qcPf8#c
zZQQs4=~s=0+Tu5pyn+u_w<7{b2fl15N3VN;DTuSK9kplW0qG}Cmg41CevhPCV^|o(
z?ucv#d{})16&+232MGFV+i*xmkp8<@UWRde7Kp-cRMmA`p$rp);Y1N{9N7hKP;o>N
z)w>U4pub-pkiKU(T=7aK1B3u={Z|M`*DF*Qn-B!j1raG%t7UOT0>HFsS0gzq4MgLA
z6&LTpL9Q6RaD_jPb#W+6lt4PwrsBPX1T-`Zf3PqmB?Z%`T@9UC^4B*)i9M0Pr_q8j
z<}79mdpR@8va(QITs-W&>U28Hn0hrhqgn##J}*Q7=el4-0EG!bARQE%u>(-a1ky*0
z9Er)fWBf8e{U+b1ijpfsL3GL(WG81ruhtCC4K%!bUaah_ETm;+01E%^<@C9sRjR|=
znG~?Znvs{9E!oDr2)$k}3$G@V3Awqs(8n6t2_~K=KO!|g8F{H$0jnDD#JUj|7cUF1
z8jS||d3k_J!Ei>Kd(b^j&cPrYa#OQ{6a;W(IG|K2W#Ki+l7zghTo8_c223oyT6<ZZ
zeaRqQ$tjSgj|Ue(Xnda=O@BLx^0G2nCTCn>AyO7hgf82kW*}0E*8VQ=5hCevF?z(s
zNM5$y(s~?yYY$v5=dkl?G#XJbek{^&o5>W^<@2E372YIF)EHqH+;|8<&+%H6zq=pZ
zy*<Out5T`Nl<Q}~vTy=RHR<!Y(dp_7BSZvQCUZz6z5eY3s5n+43rJ5-OUIaRT?cKB
z<l$=_=!W+qvLl8Kq!*Zy@YKx@!Vn~Mtv9x!XwpPk6lCkxzaTw5otZ2HUKf7y&lgeU
zXbTI{?<$&)6%*&OeVg1#a9h1RAbrV_CHVET&q1q^cDK{bXCs32N3XdR)AEBr`YJD;
z)XM|X^Yint^UduHqyxbIGbh4>bfp3tzx7k*<^_QAqH?TQakDHS{gFo>#l820g7k;B
z|L)2F=~ibi-a5VqYULnE_o3mFV#r0CH*G@N)X|8sm;xZ3N1MAhGDvT%L~l?&(Lh~0
z>S}9c;kC516u;l_2PDlJ%iO%S-pF8bcl8mR>TF_XeP3-m4j(!s6G-pC?>4>+Q=uQE
z13+C@B#=(A_1Fgtq*IZidiP;CWs0Ql-Lo5>1QpZ)86bpQIUt>aVoZEGVl{@rZ5mm#
zjd*>_7Pw^y5~XKkVEV`jfQn-_eQ|9Wdc3Z%7G*4_#^j`Yzkm_|rfi&^UV{4i`eEml
z0=Q=SEEp^jNN-UY@NxaguyGq5r^4i<yg}DKs6Gq!>Ge2Kd}7#n?ds~n+?m$`TBU!U
z2w+y}@JW3sROcwk0Pn$=xOC`awCufd=Nhp6t-qqXd-#)9lao{YGN9%dNUv#cfZgf1
z<h<ugRuC1ZL{fqU@j4URJ*d+Mg+d;n9v>f%<fLS_%ZZdq8L(kQ)TlKe#hi@6m83pF
zHjo~pR>P8HL997}edd9{Z1;01R&NUM8UXYr0VbnKw$nK&IT@T<$&l&*<slAkEJ4Im
ziez(Ah?&i~MJN>VfOLbw5F!JF5EwL<XH72|q$>!A41GLQ0S|`I=SJI(<2ZWss4M_&
z%-FHWS#%XNS!Q;kHT8GF8zGWzRB4c`m4vLnq6y_Y55j7-4!?rLXmHicX-K+x3fpO2
zycey`p0K{GShW@wjghTXe@P=w?>madCVA4x=PX-@xH+R4NO$sHv^aZ)2n_|0Ye<AL
zknTeT5$*3C$KeBCgkYHAqO{aBOuS<rG+9zjP@Ah4{XWmv57I4KBc56Q0L+1U3;?h$
zv*NmIXQQug_){W&@r%bWZ~lB{(+gC@n(Z&+XlFxMb8uO~)%cHVmWNcIJ*9mTFTeEC
zu=6^8{CI5H_!>+mNkMCEO?Y_6%kYHpxU3p?EpDHBgY>~|z~;P7So6zY%Az1|zxJ1q
zP42X<0pH*L0yJExb<it#@%+k%VA4oAX0`=3EL^w%?QLzt&gbg8?!<ro*MBn^AcWxM
z{eQ>1RbPDlCRU%%jh*EOncrFP_|SBqR2KXJ03Up?3+=QYYO_%~K?b@b9G3*;?e+M_
z3CUySY_y~Jggj1#*47rh@#a>f%#c8OM}If?2)pdbwzE(cf6Pu0S5qer9{5}~6YI6D
ze}Zw0lnC11-#x^G1ps<ZiT6rBheoAlW_IhL3iS5$$inB*BS)}p?>kVNO>C}eI+`v^
z-Q}fY5TZbSYzktvew&Z-6y`}B6bc1=KHsoU&ZvR{6lRS8iBSYF2w+sI(G~$DCu$5B
zosiDzK}3xO$J0_}SxBSNgrW(PV2V#<7|1|WAcTair?zN}7?qHYL6k14EI5->CYypx
znJ@{QDJEcu6KFUEL{KQs5j~!Y7!jWu2p0Qm!xP7G&}cNWY?K)p87Ryg38GQ3jj$}H
zCQL~4YXRvBBnN?XPznsl2htPFiAYOMWs!7|(uk3CfWo9TAT=?CnGV#*!)P?h1JX4y
zNJ&jWtl7*y^HOn0`Z&WNIulZZLAsGgtW2r-0FauN22LZT<2$J@B1lh3u!Mkgg-etz
zl5RAa{4$^n0_obz1JW<~4Z1u7`0Yn;LdE$XCG@*t+g%E$(<#g3Y~H*H`|6KDosqyy
zth&CAh$hyj^`)q`Ng&r*)rymQ4#>i5O?5TatY3@7B@@|+;p9E=iQyx@duxuOw7Hs@
z4bHL_ocid9Yzp#|H9v!K)(8gD2Y3(E+|Z5Bpittuy>CEC6af=UgnidZbai#fV`jg<
z3vGHg)LBv?TC=nJ$}q7KH3mGk_<Kk&#0Cx!3hUe!ELyk#eKKToKK$^*m^*JCE0z(d
zi1qKjiW6N;VL|%B{3*D5<}&FsLBw<TwJg!;F=NKyg=b$tY=Y#_sIxWWe?Hg{7Njp5
zGZVK=nJ@9WT*Q`?*YL#S>tzwVS6=u%px{`YN42dH55D&@V$M+#hrr`kOYetq(9EWQ
zeO4Q8Jh>D$n{C+nym{pcJo3<^Qo$4mUOl)S@1H*W^_y4&yayjwA7}L-g2#vEFDu~o
zcw||`&-Q<YJ`JEw@Gp)C3TuR#bOM5!u4a5#A*GBvn>$fiSt$#zHk%FqdhcB%Pb*+M
zoxQIsB1k`FZwTSl)!K~{$B)Z)g8bv%?J$f?W$}gfzAh-kfOH+Fz`p7u&?+?yq+5?x
z$>PNXfU?puymxRP)CrOot-i~8Wt<=i!XecV4^tp8L$xB5IRj8AILLs}k(!!{Y)cBO
zNf#-FmQzJQAb?S&MY>5kiup7x;^O0ESxAjWi`<+X#2cmGCxRFeq?=Saq#Mo5#NtIA
zEEbDw3X-3l3stOv6`_lQ5H_1vpcJWkb5KS%g(@=>DwPT@mrDj5nt*IeDw6?12=uC$
zD+8pfIVG|ZQ$r%@8W#;jQHTE&NlQ;hUPcaxQUd9QpuSh<sz`#)gj`F81bkz8m=nyh
z2%Ju@Lw;@^VlC3|aU91op@*2ShB)LVh4N}il21WK<mZFasF{?BoL?D~=dkOeB62Kg
z5=f_j-lKq8t(Jw)L~|nYGO`&~A|QdX>MI1KzxeSssDnZJ-g4PM`s-U>!>5hKP-n!m
zQ{t?{7SY7oUtfx|b_t)js;nsfNFI=Wrltn#pIQ&|q6sVxGQfM_i%?Xw@60h&wA4tv
zmbaqfWBEY(FV_DOh8cNG@cPdK(topeE6b*!f(ZNWGTA`-haY|byUEKOH2}~!&~;^)
zSZ0j@KUw%~#Oq_(@oK%M8B3NdM!yUo{f9sNf0#300_hYYo_KE~io2V`g7o=$MYwau
zQmOOjQUT8k&tc=n4a3fB!KhJq`the>GD}5I_4XG0boZvPwF`?!U5!;m^O*HTmkRik
zWec8q@<~|)@3&9?Mk<(sKlt|Wjz0_m>3sr^Uo819j4^t~t9^PKmY*nrT?UYT<Bd1r
zp&$M@q^rrMFaCvH)knU56U)haaqw&@1L>ldN6V2@@Or(nEaKtAhr!3Hp^VcpC9t{s
zBAy_%-Bx^Bb&M^f+uDtq8hJXfbar%L&)z*qoSe@vhpn#*LWJV3nvNEHa{3ti+tc2Q
z@>2N%g}e5A09{@Z5QwC=^>>AB9H-$F_`IeB8dV@kRHU#L*T`0rUR70vy+=QTDo)Ro
zxv{7HN&)Ev@j4@ngCJea!(*}dfu{@<7as?6Y&;bDfCq(&Va<R+^Gl<QL4rP(DTps#
z0i8~sY+kiWjYNwD2|6j*=k<9bX7lP*eqNcaAE$uPBwseK#gc>=eJoQDC+`WHR7ojC
zoX!Z{V415(;Y%>f7A!Ux3`mSkU@|}eXqD<K1f(mJ7?GTbgh7x_fjC|brBVrx46fe1
zygZD{8wH{u45XV>+K3=M*${`(sks>3!bP)yl#~>C7Sd!y;n;DAO)|6J*Q(SJL3*+=
z0b>}i1Y#nO6B+5UDaeFzg&>;2>JQ>?!Vm_ed#Q+mlx!Gd^no)RFpC<*#Asx3^`@q#
zU|e1Sh(ZB?f)Ij(4dqt|NOuq5#eHu=HQ1ZC-vj%;3fVyVme*dxCk@3=rN^;jq9#mF
ztU(j&(*Q_kCf4aToY?o7Y#@Ezlj~u=p^&AzIDL^p`rewOsA#ESy?I>~@`CiAulpqo
z({lse6@fnAc|iJ}tx$2Ce_jQOjy+}Q?v@FpfAAsfMjzA}@$A%SxROBne=fKO@p=;z
zQ0t5)96o$V7Lfk^`|ih_`PT<U(kY(Wxd|l^K>FO=Nx1XsB`jHyE*9{D_jzpEv~k#Z
z9a&I-$JefhDKQkJ|9sCM!-Di13Z`L2(e)Dli$(l7ehZ#{`YBli@7c$n0Z~f|ai*gg
zKi>IDSdjjc8@>&LM#{yqPi;f-(c`e&?ZeLJlBG-W;C+t(3JIid{^DJHP;>O_H?ds2
z7sZWLFa~_!)F+_z<QdsOdU<&nG|9107&S}@x;*_6Pmtzb8;;bLGqc6l;Xq@9JQwKn
zba&&+!(Sp{Y&LWAwmUi_-euCz)rO<B6$sRk!rRe@GiT1oc7lBV<w3-x$AfVGn%kB>
zdw7seIGkvxgjS`+U^Z`iS*<KVLI9|*ufw78<4_p2%*3)fI<AZpB%rdAo0SlVf*>16
z7X=ZNfc?JzU?34eIw0}tKXJtK_NKa=M5&+O!A5KVLU<W6tsED)MUpV(m!m?D&5bDf
z`D5-=F7iwT@k&Jsk;*lzfGARbLpwHC1R$5^`prlRa=}m6Dpi=2ISL7S6Z2?TRdN2#
z-ZFsn@e{^l`nbtKHR&SulpjQ+vpcMcWS9~$HD|0ex#>I(%M>V#kB`I588bp6>Gk#&
zaAltWVQ!7eic7-OoN*z%)*LUFO+jYQoCTs*vdyl>-VEWyP>}AXB8oCcNuEp!*whKo
zX|=MrdUJDgF{4nD0Rn;&>lu`^oxR{wghaUEFzoloty}#=Q1TGRAr-)R3lJ29L%z|%
zqNrlO2km=G@!9_Uvecv(O)f(2f+<j^OLqNPhYjusDdcf#Ei!cRY&Kj~Ruu3242?2e
z5Te!TaLt_ANL)No0_nUL_5Ga;6NTWr7(G(8ewQ>M1kUmnRDN_AH8Po5OK({Y<IE8Z
zr1$e4)b)3UsY$089h(Z(;0YsA*giOkPxpQ#%ZZnhorB4@%|lFvnO&gM=<I^SdtMVy
zpp-U(kbMH7?<s-(Wxw3kcR>mQ029~Ut>Ph$Bm@r=;JX;wk`(}uq&4F4#rGjz7Zgcv
zY{E@9E<=C+@b^X9uwf&vn}0p?)r%1E%+Ady>1hcI(pMJD#OkXTvq(DS1^o88=dpS7
zreWuG;-pE~v}rR;mISt6HFUJ#7kgg|3({8?&cTYJ>;1eEfckj6vE@&A=9#BuQIN{2
zDiF2Ozb6OESpW0=4PijK4}ZV?F&H)az`Rn}TiUQ{<qBCq`U4OA2tWGq!%PMU0seUC
zJ$zVmERujXid6h51>I4(_U-<!gh5WO-Rc8S3E=+m>sNnBfsF*jG8ClyP~Ln7rT|D6
zeFEAm>trdn1%T71Ps5mDfkH23^LBZi5kY#Z!;X^rQ|vRodjKu1Ewb?H=yl*kNipIJ
z(wKs@od={h_1Gj{3BY$cWofcKNXJf`fGXJ-0O>%pqXUXC*iub6lr~ngY+gz!?57%J
z>r2qw+>8^aN}({sFfUfSqcf~>h*bR2t57bhdF;&#@<Cq^)+k%E?Hy3^LjYl2Qywb7
zHTXY~M{ln~wp*Z`PA3MuZua|b2<HXe0;t3*72t3>;gzX&MG$y6`Wzv@@1eql@hS@F
z^SWe<F9ASrzXLAHGah_Y3@da5fQJa7ybcUNkjbIocDpg)^MuHt7~V-!NeNk5^Vrr4
z4$xe%7pr{joBu3azxo{la$E4{I;9#{=M*xK4hmQe$$0*`XJv8qPMtOtb0*IWiGzGv
zaR|-Mp0FlXPFxDE9a$vRr00q#{rm{_?b|o(yqe94SaALPA<2q=uh@@pOPZgMhS?*e
zi->5hi01Mdy!-CIWD&eY^A>`rg5n_dCcIv<XE59l0@7#XjAtMn0PKcTyr}<;EbT`}
zjT(jPgJggZf=XLGPPW&DDl`?hRIYvNqWTbBlrMJ7`nwh@L3f=C(sPZ8AvNi3yNdC}
z!Gp4Z^zjoWAaBuB#IRInidu&qo(Ld4R;@*vP7=_8Q_VQJ;{ckQn};8yYqgku?JOiM
zD`F?CllP#pzbh<APl(YYSsTk%YM`_kr}iC2ZJj*5gl|}}45rxyAvNg@5kPuDY)VK?
zx@~7M4t)HnEFe8AGYdtx&qqw4CY=zVd7yg;NT*aBUB33M)0e}|8{T6D!FsM$X4dHO
zKl6hl=@izPEx2*nQduJD4?OUrA(8Z_-`^ZDl0GkI5>^LA(y>^;3&L+?iKLGjH449e
z;+c?0dV{?MKaT*?7mb{T6-9F;{uc@ObK>iG=4p9A`tP23VMrwX(f3~s8%h89!v6@3
zq+ivBl_zhO1*G4!{3iV9{&OPfU%nd-q+hhQUTmOn`4Ib$_o2GwtW<LA6Ja~sEE`B~
zsINyw%_(r&KrR?XNcZ-056pH)Cn_7OF^H0dJ}+#xc3F7s@9)Q{Q>S3cwy@uC?d^yN
z(ycvqoNAO(@dbwm)>bRzqKb-gaPe9eb8GCiM+E6r&1a!k#|-X~=sephOB@UU+S=Ov
zGN4nkb?)d3+tp+lfZq;_f{a_gI-OGT012a#UA!A!U%<`k^`W_`Sr+pO0NQOfwD)yG
zr8KZp!W#kj5&$mBqtoY<;vk(J=<RjL113ElG_^J(IbF}ZSiOQLqD#R=d35+(jCprY
z7dksTWmAwQYYX&-RMuJ1A$Y>t<QxIIco$qGpy;BA);246o|lEso}M1G^>sn5GBP)>
zCtPo4!hL7#y47!1uH9z4tO_#jSGQ^j@CG3m;^sA|VlaQyRMz%~P{5i}fEQo<oh%@I
z?%cVUH+#O+DNz)0sOmUc!gMyFpcrM&z>>n5(gix>fSO}v_~et}zd$D?IT^RCSOsIO
zRMSz{-h}Oy2Oxww{l{3cur!$0u|QXy6+3tCkVWurUv(?QKn#WeINjcWH%@*u1f)Af
z0SiY@g-L6WDhiVe@XAZSm&NNgY0^ZjxONef0S*MUovkRd)rTlF0SXD|KSn-r_wt&@
zwqDS^4Ce*u1#53rsyWrQlwcDFk{=eA5Dw{vcqoIqySHpVgpy);uHPycRe;>3S3{GX
z$h>IH{hjCS?rzaZ0@_#BfQlUl(cV7%W>$<k1{0@GM%pbi*xa~zFRTN-VL^JVS_iY%
zz!u6;+<?=24xy#BRTc%gX7Tk%m{-U=S#I8kmVxfD-Q9DHiBJS}ceidof@22{gHlnJ
zjc3B@1<>YL*j%+c9q9K(jKkE4RQw-G=?9g+dVAoa6=dA{+s&Ygy9uFp5|D8KBHoCY
zq&4BmCHDsvOi{Eow_xd#C9;6@O`HFSIrHX9t!W_Q$(@lw`Yi=Bv3mLv>6TkT#0$?o
zFH24Oq@p7H@sF>;6m-jNeMbv^79rjJ&ceA^Ir)0&0v%q&pSQe@r=F6hCjE3x4WLvE
zw&q2Ry$L@K1JWIW58LnfrQgl#Pv%93wGB5fzZrJ>@Yke2_~3(h@R3JCYtp~`7e0s_
zNe2J{z*!OEUV$jyRfxXNE7tzi^>0nA!gZ?&fOiPN><jS%yLm58H=SW19X=8EdaJx3
zz4{aoXk1JwMXzTd!frs&=IBIa{b{KY!hlbf?tcI<(BF?!Ri|J`m%49Qdpjb!LajYE
zRMbmeN!sT{t5u%U!w=FcKul^Tcul>w$RNG(40J&^9e35W!RwU=q_?-XqoTUfe;Za{
zoo$YPTQH>nP{4sJ;3$1SB#ONN7XDiW5kVt1Qx30&6jrYT4)_&9^zdk|sg^A*yRoqm
z=B{k05+soB5+g^a`veb~-O`0MuGS88bl7F#)#-Gi`b-Uy6Gt->tHawD5u`hKFIob;
z5(2nvU9x(ys%mRs9GwPmeu=RA2Ex|QD+ocW#{sSAX32`J4Ylxi<f#d=+3cw6vO;Y(
zvcyi8aB&U-5+T>{lIuZCDh+NNcTMO8I@uGj;ni1VIYkyPS%P`j&tn27QV}Q5mZQz>
z2y0>$T5@np(LAZM;belA^0PQ_VE9ws)6&v#&z*O}Xpowk)!Lfye)VAp!q5$6Vro8a
znG|&C(IkHtmfgEQltu8qd)K!?#n20M-Y)+P3KA+y{UVR$<7bClpkvRPh}So6MqAtP
z7fnr_HWhcyU%_NxuwbgPqw$i9rY_4BY$-t?o$qs@?k}IB`t)g8KzdeoHu6_q1AXuv
z*?pa1FU9nG-83)<f%NW@v#5Iab9Bnk<V>YfVRX@W<lHrf&5eimqCEmgH^t}>9}uE<
zL%09{3N}eZK~y?IfbQe9sM>K59bFx=D9Ds~vyif63X7zBcpt1`K{`dI(GmjE8{R&E
zilfD{$Us7T0w&(O2>RS)Ce$6SKJ<GpTsepB3O2LGfb}<gS87i~DXequ#^Oac$O6*W
ztXYdW*Ut^<?*7D%$c^I`<xR$2)0ax(cq7I0G0$SdhF6E3*TV7R@!F;>Fa`AjuD7?~
zClMOQ-Bd6gt0o7n*)kEYXKulhPdp)ug8X&!R(}e4KqG4GO?Y@`_{MQhExAw1#iD?H
z=4vdz=|)-b-Cg(GjfWn7B&56h#xLH%t}CS`{bb!KsV1ElVXu)dl3rC+1-&H}M5kg(
z(B+O?lit*A!_hOP%)}BM9<;PH%ff4KZ!eA?KMrG#MM`(?>x_uk8au5xR#VE(da=ii
z`nr1AFvyW3N5Gl2tVFoQ5k8V0!*M97t%P>4aU2D@&a}Ygk|*80sj&%1%T9pkRqPsQ
zYp?yX)TCdsiFGdddYw4)+J_;w>#!0b$XYQIhP<!V+p4qpEZRRRkxl5-W+O&^=Z1?m
zJqRJNe^~|FXJzNDW51lF%SuA_%9+f>x?pof5OMbPeem|kbNvBCimX+$U>K2#uUZH{
zY$n!_2O2dP@x4WmlN6e--bFlabS6yssq!&P$XBw<DW!;?l#AH0news95mx7Yao^*R
zecNovRunWS1H<rh%F92g98@M9zA2>8s-e)TzZtx0)R(jw$fsF=%BaQv55yr#QHoMj
zL826;sDeZ(N>K%gQk0?!5~V0b6(mYgiYiEyqVx@>%N7UWgMu^!{st2w4Q(SaSgI+6
z87ojJ&J*0MJ$Nh^_&j(l04M{UhyUH!NPJz)SOxj&*Lq#(91&dLI}$(dmpUJpdu*h&
zKHpe!k@IsgW50F<iPd;<_p~||ICZ!*_*+RP78JB2+w4y}Cj{78k^`lZ$HH+fAfNyN
zy8AWQax4e;OsR*(;LqLRMGm{mGhtLw%pTLk#@4i(u%|i&KbTPqwbGy5M?vt`u^eQ^
zxp3{sHpaslYa+gAjKiu)4baE<0*ghk@$&-AA8Etbv~Je(wxZdLLk(u!JG}-<&i{a3
zmm2>p$;N__9mq`VX78}~R2r)6#&aj0g4O+nUlYCBhi^}>Ws>3Ys_~cO*_e^pjlzr$
zw$h)UPD5>v2CJ{Chm!Lzw@5i`_#z)yrS)KXo}Im8MN=}4wHk42Q3G^pUw}u7m-dgw
zl#Fi7%D1txjrIiWu1>@)MGc78c>?oHu<ghQ<R|uF)`&L7LvxoA+so2$$K(dKCO(nF
z`zN!Jp!MOJQ7zzze@&XY^!Qt8CcZPZ4)J;qKmm~w?5)fI?^9y&#Crc&04+T_{IfI@
z_g>Y6Se=vo-oDB-SRH!YGrby=`lqj>UyFB2Gq7y59jOUDZ2tFErJ|u*hwsifEA<xh
zsPWc`EX>U6!I<<8HugYuDoWZ+m!u?@MM2DZ5AM58x{bBHCj&dm({R&-7EB*0Rm7cb
zN`*?}!4KvfWuG;6reV#YTzqS4B?^-LDd#>xfktaGGK>frySHK_cGM){`?JqL6Vt)=
zkKLzIFgdd;gojT{XQ0|<#J#gBVK(#z1OnK6umCrVv0?F~lWgp}$EM;`O9H-s-BAp-
zfokbCV_!ukR!!<g(Fp0e)}Cu|%4Qs_@C5}uPC))4P_z(&Gy<$5z|<iMqVeJWApRT!
z$@u%p49p+Zh2>MF&%Ms;(cxC$zU#`MQux!gMNxy7zRbn++|H19eE;wqobA-&+cQri
z-XNvx|91aqT$SAsGWK}QG#sck<Bn;kk)7zDI}Z=+JDHEEnGW1PM;d#gz5s8YOb=NT
z56_{xAsu;%Zv0@*QTF~v>oV}ni7c$1UX82-dqANHTJ2`=ZXNEQbCg*F#f=%*b}|$9
z&S*t)ywst-wR;YzSA+YmJ1)sedj@t_q~q42PK?Vfmgc{AHtbGS$h&p-C*i%abSxa*
zg(Xv@&t1-IQEWBgQm(4GEDA!;(b2(OV94hPTp~j`aDf&vloD{Dpp*;w{@_?jAqgWT
zYyk#Iq#OXk{+slS(C-9)c5d#hG!|ibIQJc-|1W+d3c}LLb$?^ErDNBxewhP#ivTyB
zZ_dQP!y-MOhP)#g!k_dv37HRs`F_YdBKWyO-zn1EiIn))BQWQRp!Fj|#&Vztn!od`
zUpP4#<bj4=tD$2f&QBDif34I{D0v`QIRKz?%{C{cSc|XF#V<<VKra>rT1ARCDd?Xm
zP#2vtMr|TU*kbmIwQrVCD!QUmbVX8=2>OO7Vk>~gP^f?LCRU565Uz5W_;$f5z~IrO
zb0E73$k^yS!%GMvcZVQw0?<dN>58Hn01J4PqA`XS!3!ioLFge6jEH2AomW9bLZ7ev
z#oNK{;+w~<Tm2_O@N9Ihqx4N95!hC-=FQ+6h&souU;P^n<dv^tVo`{6=p`FOv_+>n
zO5aF4L8&dwDbRa9Jbyj~A%t+ZjrTW_^LuF4-l2x5SQVY>D19S|kmZHz?$R)MUVkUy
zIJ)wDdT?G7ivWv2@Rzac@B9-HDG!3%If5lajv5Mh1YocYtDE<`?z}wU4)ksyoIirf
zQNZmJ5xAQk9v)D^|F4_(>#~QZ5JZ36!o^Ehg?k0ROVQ0!aDnHFR0O5|pqGc2Tzy`_
z@5Xco@!$*a=M#d)693<WV+X(Q;r-i+=bU%o#joa6r;y$c@IR9VcwwIt|2tC(xP6ql
zVR_Mi_1U@a=o5#&<KR^Vyhx-qA%HjVz2LEK-v51GL<kRFK5(rXFY)H~Q3!0T=#P{W
zz#|Z-&sjfS6v2!BXt#?8yEfXxo=Zc1PYAq+R{#e4S9o~B{ykTQfY5muTq~a#G?s*2
zs|A4g>bPIsu{Ch<;_Z}@Th13Jxsav}6o4=AZ%nv{C<sNKL1c^X6@f;V0!c9fOwyGN
zXd2)^2#~Io?z(e}K%-NE46Oj2g4v2_adJ>{K#E2h+wB87JPPFL1(wP{0n`m}&?+cW
zwNeg4kB^|s%OO)IKt-hIp6yq_93vt@C7r6BUV<Jkhg^fewi1sBG`kc?juBx{QuYqb
zE&><N0YD`MW|pscvp3wF6t2I+M!>Od_#C0g*GryXo&xnw1>#jA%xZ}jtDA#U0CM#r
z<Ank^)31O@B_cUS8r$V1==O2Q3VKHnpr%g&qe?`IMw*X4o}k^$AwwrX6L_!ypkY7(
ztwKbqMtW{P545^N*F*r&?Bt+6XHEKe!0J{YE9kitK#Pk5r9g&G8aw#h9Gw7l(4O7w
zBJheF@(hBMX&?YCE(KCGBJ@G?-{K;03k3N=^5&yJgHwS7m579pxg_Z4!yXQUEgw~b
zIuNO8Ls;D@T(|lK5KM@k$>%*18UQ?0zINL{cm-Mg4*+q|iTcK@XL0%3ZT}seh$uxV
rN>PeZl%f=+C`BnsQHoNOu2A}42TSAQ7v(b;00000NkvXXu0mjfUOkc3

literal 0
HcmV?d00001

diff --git a/vendor/modernc.org/memory/memory.go b/vendor/modernc.org/memory/memory.go
index c6d02df80..e25acda9b 100644
--- a/vendor/modernc.org/memory/memory.go
+++ b/vendor/modernc.org/memory/memory.go
@@ -57,7 +57,6 @@ import (
 	"fmt"
 	"math/bits"
 	"os"
-	"reflect"
 	"unsafe"
 )
 
@@ -352,12 +351,7 @@ func (a *Allocator) Calloc(size int) (r []byte, err error) {
 		return nil, err
 	}
 
-	var b []byte
-	sh := (*reflect.SliceHeader)(unsafe.Pointer(&b))
-	sh.Cap = usableSize(p)
-	sh.Data = p
-	sh.Len = size
-	return b, nil
+	return (*rawmem)(unsafe.Pointer(p))[:size:usableSize(p)], nil
 }
 
 // Close releases all OS resources used by a and sets it to its zero value.
@@ -396,11 +390,7 @@ func (a *Allocator) Malloc(size int) (r []byte, err error) {
 		return nil, err
 	}
 
-	sh := (*reflect.SliceHeader)(unsafe.Pointer(&r))
-	sh.Cap = usableSize(p)
-	sh.Data = p
-	sh.Len = size
-	return r, nil
+	return (*rawmem)(unsafe.Pointer(p))[:size:usableSize(p)], nil
 }
 
 // Realloc changes the size of the backing array of b to size bytes or returns
@@ -422,11 +412,7 @@ func (a *Allocator) Realloc(b []byte, size int) (r []byte, err error) {
 		return nil, err
 	}
 
-	sh := (*reflect.SliceHeader)(unsafe.Pointer(&r))
-	sh.Cap = usableSize(p)
-	sh.Data = p
-	sh.Len = size
-	return r, nil
+	return (*rawmem)(unsafe.Pointer(p))[:size:usableSize(p)], nil
 }
 
 // UsableSize reports the size of the memory block allocated at p, which must
diff --git a/vendor/modernc.org/memory/mmap_darwin.go b/vendor/modernc.org/memory/mmap_darwin.go
deleted file mode 100644
index d597cb45c..000000000
--- a/vendor/modernc.org/memory/mmap_darwin.go
+++ /dev/null
@@ -1,19 +0,0 @@
-// Copyright 2017 The Memory Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build amd64 || arm64
-// +build amd64 arm64
-
-package memory
-
-import (
-	_ "unsafe"
-)
-
-// Function syscall.mmap for darwin and openbsd calls internal/abi.FuncPCABI0,
-// which is implemented as a compile intrinsic so the code cannot be reused.
-// Using go:linkname directive to link mmapSyscall to syscall.mmap
-
-//go:linkname mmapSyscall syscall.mmap
-func mmapSyscall(addr uintptr, length uintptr, prot int, flags int, fd int, offset int64) (xaddr uintptr, err error)
diff --git a/vendor/modernc.org/memory/mmap_freebsd_32.go b/vendor/modernc.org/memory/mmap_freebsd_32.go
deleted file mode 100644
index 8b88f1b0e..000000000
--- a/vendor/modernc.org/memory/mmap_freebsd_32.go
+++ /dev/null
@@ -1,22 +0,0 @@
-// Copyright 2009 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE-GO file.
-
-//go:build (freebsd && 386) || (freebsd && arm)
-// +build freebsd,386 freebsd,arm
-
-package memory
-
-import (
-	"syscall"
-)
-
-// https://cs.opensource.google/go/go/+/refs/tags/go1.17.8:src/syscall/zsyscall_freebsd_386.go
-func mmapSyscall(addr uintptr, length uintptr, prot int, flag int, fd int, pos int64) (ret uintptr, err error) {
-	r0, _, e1 := syscall.Syscall9(syscall.SYS_MMAP, uintptr(addr), uintptr(length), uintptr(prot), uintptr(flag), uintptr(fd), uintptr(pos), uintptr(pos>>32), 0, 0)
-	ret = uintptr(r0)
-	if e1 != 0 {
-		err = e1
-	}
-	return
-}
diff --git a/vendor/modernc.org/memory/mmap_freebsd_64.go b/vendor/modernc.org/memory/mmap_freebsd_64.go
deleted file mode 100644
index 9a988bca1..000000000
--- a/vendor/modernc.org/memory/mmap_freebsd_64.go
+++ /dev/null
@@ -1,22 +0,0 @@
-// Copyright 2009 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE-GO file.
-
-//go:build (freebsd && amd64) || (freebsd && arm64)
-// +build freebsd,amd64 freebsd,arm64
-
-package memory
-
-import (
-	"syscall"
-)
-
-// https://cs.opensource.google/go/go/+/refs/tags/go1.17.8:src/syscall/zsyscall_freebsd_amd64.go;l=1337-1346
-func mmapSyscall(addr uintptr, length uintptr, prot int, flag int, fd int, pos int64) (ret uintptr, err error) {
-	r0, _, e1 := syscall.Syscall6(syscall.SYS_MMAP, uintptr(addr), uintptr(length), uintptr(prot), uintptr(flag), uintptr(fd), uintptr(pos))
-	ret = uintptr(r0)
-	if e1 != 0 {
-		err = e1
-	}
-	return
-}
diff --git a/vendor/modernc.org/memory/mmap_illumos_amd64.go b/vendor/modernc.org/memory/mmap_illumos_amd64.go
deleted file mode 100644
index 1006fe812..000000000
--- a/vendor/modernc.org/memory/mmap_illumos_amd64.go
+++ /dev/null
@@ -1,91 +0,0 @@
-// Copyright 2011 Evan Shaw. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE-MMAP-GO file.
-
-// Modifications (c) 2022 The Memory Authors.
-
-package memory // import "modernc.org/memory"
-
-import (
-	"os"
-	"syscall"
-	_ "unsafe"
-)
-
-const (
-	pageSizeLog = 20
-
-	// $ find /usr/include -name syscall.h
-	// /usr/include/sys/syscall.h
-	// $ grep -ni munmap /usr/include/sys/syscall.h
-	// 293:#define     SYS_munmap      117
-	// $ grep -ni mmap /usr/include/sys/syscall.h
-	// 291:#define	SYS_mmap	115
-	// 303:#define	SYS_mmapobj	127
-	// 442:#define	SYS_mmap64		214
-	// $
-	// $ uname -a
-	// SunOS omnios64 5.11 omnios-r151044-d3b715b9d1 i86pc i386 i86pc
-	// $
-	sys_MUNMAP = 117
-	sys_MMAP   = 214
-)
-
-var (
-	osPageMask = osPageSize - 1
-	osPageSize = os.Getpagesize()
-)
-
-//go:linkname mmapSyscall syscall.mmap
-func mmapSyscall(addr uintptr, length uintptr, prot int, flags int, fd int, offset int64) (xaddr uintptr, err error)
-
-func unmap(addr uintptr, size int) error {
-	_, _, errno := syscall.Syscall(sys_MUNMAP, addr, uintptr(size), 0)
-	if errno != 0 {
-		return errno
-	}
-
-	return nil
-}
-
-// pageSize aligned.
-func mmap(size int) (uintptr, int, error) {
-	size = roundup(size, osPageSize)
-	// The actual mmap syscall varies by architecture. mmapSyscall provides same
-	// functionality as the unexported funtion syscall.mmap and is declared in
-	// mmap_*_*.go and mmap_fallback.go. To add support for a new architecture,
-	// check function mmap in src/syscall/syscall_*_*.go or
-	// src/syscall/zsyscall_*_*.go in Go's source code.
-	p, err := mmapSyscall(0, uintptr(size+pageSize), syscall.PROT_READ|syscall.PROT_WRITE, syscall.MAP_PRIVATE|syscall.MAP_ANON, -1, 0)
-	if err != nil {
-		return 0, 0, err
-	}
-
-	n := size + pageSize
-	if p&uintptr(osPageMask) != 0 {
-		panic("internal error")
-	}
-
-	mod := int(p) & pageMask
-	if mod != 0 {
-		m := pageSize - mod
-		if err := unmap(p, m); err != nil {
-			return 0, 0, err
-		}
-
-		n -= m
-		p += uintptr(m)
-	}
-
-	if p&uintptr(pageMask) != 0 {
-		panic("internal error")
-	}
-
-	if n-size != 0 {
-		if err := unmap(p+uintptr(size), n-size); err != nil {
-			return 0, 0, err
-		}
-	}
-
-	return p, size, nil
-}
diff --git a/vendor/modernc.org/memory/mmap_linux_32.go b/vendor/modernc.org/memory/mmap_linux_32.go
deleted file mode 100644
index 207ad417d..000000000
--- a/vendor/modernc.org/memory/mmap_linux_32.go
+++ /dev/null
@@ -1,35 +0,0 @@
-// Copyright 2009 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE-GO file.
-
-//go:build linux && (386 || arm || mips || mipsle)
-// +build linux
-// +build 386 arm mips mipsle
-
-package memory
-
-import (
-	"syscall"
-)
-
-// Function syscall.mmap and syscall.mmap2 are same for linux/386, linux/arm,
-// linux/mips and linux/mipsle
-
-// https://cs.opensource.google/go/go/+/refs/tags/go1.17.8:src/syscall/syscall_linux_386.go;l=99-105
-func mmapSyscall(addr uintptr, length uintptr, prot int, flags int, fd int, offset int64) (xaddr uintptr, err error) {
-	page := uintptr(offset / 4096)
-	if offset != int64(page)*4096 {
-		return 0, syscall.EINVAL
-	}
-	return mmap2Syscall(addr, length, prot, flags, fd, page)
-}
-
-// https://cs.opensource.google/go/go/+/refs/tags/go1.17.8:src/syscall/zsyscall_linux_386.go;l=1361-1370
-func mmap2Syscall(addr uintptr, length uintptr, prot int, flags int, fd int, pageOffset uintptr) (xaddr uintptr, err error) {
-	r0, _, e1 := syscall.Syscall6(syscall.SYS_MMAP2, uintptr(addr), uintptr(length), uintptr(prot), uintptr(flags), uintptr(fd), uintptr(pageOffset))
-	xaddr = uintptr(r0)
-	if e1 != 0 {
-		err = e1
-	}
-	return
-}
diff --git a/vendor/modernc.org/memory/mmap_linux_64.go b/vendor/modernc.org/memory/mmap_linux_64.go
deleted file mode 100644
index 6b7e93dc1..000000000
--- a/vendor/modernc.org/memory/mmap_linux_64.go
+++ /dev/null
@@ -1,26 +0,0 @@
-// Copyright 2009 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE-GO file.
-
-//go:build linux && (amd64 || arm64 || mips64 || mips64le || riscv64 || ppc64le || loong64)
-// +build linux
-// +build amd64 arm64 mips64 mips64le riscv64 ppc64le loong64
-
-package memory
-
-import (
-	"syscall"
-)
-
-// Function syscall.mmap is same for linux/amd64, linux/arm64, linux/mips64,
-// linux/mips64le and linux/riscv64.
-
-// https://cs.opensource.google/go/go/+/refs/tags/go1.17.8:src/syscall/zsyscall_linux_amd64.go;l=1575-1584
-func mmapSyscall(addr uintptr, length uintptr, prot int, flags int, fd int, offset int64) (xaddr uintptr, err error) {
-	r0, _, e1 := syscall.Syscall6(syscall.SYS_MMAP, uintptr(addr), uintptr(length), uintptr(prot), uintptr(flags), uintptr(fd), uintptr(offset))
-	xaddr = uintptr(r0)
-	if e1 != 0 {
-		err = e1
-	}
-	return
-}
diff --git a/vendor/modernc.org/memory/mmap_linux_s390x.go b/vendor/modernc.org/memory/mmap_linux_s390x.go
deleted file mode 100644
index bf7260e52..000000000
--- a/vendor/modernc.org/memory/mmap_linux_s390x.go
+++ /dev/null
@@ -1,23 +0,0 @@
-// Copyright 2009 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE-GO file.
-
-package memory
-
-import (
-	"syscall"
-	"unsafe"
-)
-
-// https://cs.opensource.google/go/go/+/refs/tags/go1.17.8:src/syscall/syscall_linux_s390x.go;l=105-115
-// Linux on s390x uses the old mmap interface, which requires arguments to be passed in a struct.
-// mmap2 also requires arguments to be passed in a struct; it is currently not exposed in <asm/unistd.h>.
-func mmapSyscall(addr uintptr, length uintptr, prot int, flags int, fd int, offset int64) (xaddr uintptr, err error) {
-	mmap_args := [6]uintptr{addr, length, uintptr(prot), uintptr(flags), uintptr(fd), uintptr(offset)}
-	r0, _, e1 := syscall.Syscall(syscall.SYS_MMAP, uintptr(unsafe.Pointer(&mmap_args[0])), 0, 0)
-	xaddr = uintptr(r0)
-	if e1 != 0 {
-		err = e1
-	}
-	return
-}
diff --git a/vendor/modernc.org/memory/mmap_netbsd_32.go b/vendor/modernc.org/memory/mmap_netbsd_32.go
deleted file mode 100644
index 2c17038ae..000000000
--- a/vendor/modernc.org/memory/mmap_netbsd_32.go
+++ /dev/null
@@ -1,22 +0,0 @@
-// Copyright 2009 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE-GO file.
-
-//go:build (netbsd && 386) || (netbsd && arm)
-// +build netbsd,386 netbsd,arm
-
-package memory
-
-import (
-	"syscall"
-)
-
-// https://cs.opensource.google/go/go/+/refs/tags/go1.17.8:src/syscall/zsyscall_freebsd_386.go
-func mmapSyscall(addr uintptr, length uintptr, prot int, flag int, fd int, pos int64) (ret uintptr, err error) {
-	r0, _, e1 := syscall.Syscall9(syscall.SYS_MMAP, uintptr(addr), uintptr(length), uintptr(prot), uintptr(flag), uintptr(fd), 0, uintptr(pos), uintptr(pos>>32), 0)
-	ret = uintptr(r0)
-	if e1 != 0 {
-		err = e1
-	}
-	return
-}
diff --git a/vendor/modernc.org/memory/mmap_netbsd_64.go b/vendor/modernc.org/memory/mmap_netbsd_64.go
deleted file mode 100644
index 5c09a7bb0..000000000
--- a/vendor/modernc.org/memory/mmap_netbsd_64.go
+++ /dev/null
@@ -1,22 +0,0 @@
-// Copyright 2009 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE-GO file.
-
-//go:build netbsd && amd64
-// +build netbsd,amd64
-
-package memory
-
-import (
-	"syscall"
-)
-
-// https://cs.opensource.google/go/go/+/refs/tags/go1.17.8:src/syscall/zsyscall_netbsd_amd64.go;l=1190
-func mmapSyscall(addr uintptr, length uintptr, prot int, flag int, fd int, pos int64) (ret uintptr, err error) {
-	r0, _, e1 := syscall.Syscall9(syscall.SYS_MMAP, uintptr(addr), uintptr(length), uintptr(prot), uintptr(flag), uintptr(fd), 0, uintptr(pos), 0, 0)
-	ret = uintptr(r0)
-	if e1 != 0 {
-		err = e1
-	}
-	return
-}
diff --git a/vendor/modernc.org/memory/mmap_openbsd.go b/vendor/modernc.org/memory/mmap_openbsd.go
deleted file mode 100644
index 24cc0a424..000000000
--- a/vendor/modernc.org/memory/mmap_openbsd.go
+++ /dev/null
@@ -1,97 +0,0 @@
-// Copyright 2011 Evan Shaw. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE-MMAP-GO file.
-
-// Modifications (c) 2024 The Memory Authors.
-// Copyright 2024 The Memory Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build openbsd && (386 || amd64 || arm64)
-
-package memory
-
-import (
-	"fmt"
-	"os"
-	"sync"
-	"unsafe"
-
-	"golang.org/x/sys/unix"
-)
-
-// track what can be unmapped
-var allocmap map[uintptr][]byte
-var m sync.Mutex
-
-const pageSizeLog = 20
-
-var (
-	osPageMask = osPageSize - 1
-	osPageSize = os.Getpagesize()
-)
-
-func init() {
-	allocmap = make(map[uintptr][]byte)
-}
-
-func unmap(addr uintptr, size int) error {
-	if trace {
-		fmt.Fprintf(os.Stderr, "unmap %#x\n", addr)
-	}
-
-	a, ok := allocmap[addr]
-	if !ok {
-		if trace {
-			fmt.Fprintf(os.Stderr, "unmap %#x: not found\n", addr)
-		}
-		// panic("unmap called on unknown mapping")
-		return nil
-	}
-
-	if err := unix.Munmap(a); err != nil {
-		if trace {
-			fmt.Fprintf(os.Stderr, "unmap: %s\n", err.Error())
-		}
-		// panic(err.Error())
-		return err
-	}
-
-	m.Lock()
-	delete(allocmap, addr)
-	m.Unlock()
-
-	return nil
-}
-
-func mmap(size int) (uintptr, int, error) {
-	roundsize := roundup(size, osPageSize) + pageSize
-
-	b, err := unix.Mmap(-1, 0, roundsize, unix.PROT_READ|unix.PROT_WRITE, unix.MAP_PRIVATE|unix.MAP_ANON)
-	if err != nil {
-		return 0, 0, err
-	}
-
-	p := uintptr(unsafe.Pointer(&b[0]))
-
-	if trace {
-		fmt.Fprintf(os.Stderr, "mmap actual @%#x size: %#x\n", p, roundsize)
-	}
-
-	// waste all the space until the next page
-	r := (p + uintptr(pageSize)) &^ uintptr(pageMask)
-	nsize := (roundsize) - int((r - p))
-	if nsize < size {
-		panic("didn't allocate enough to meet initial request!")
-	}
-
-	if trace {
-		fmt.Fprintf(os.Stderr, "mmap page-rounded @%#x size: %#x\n", r, nsize)
-	}
-
-	m.Lock()
-	allocmap[r] = b
-	m.Unlock()
-
-	return r, nsize, nil
-}
diff --git a/vendor/modernc.org/memory/mmap_unix.go b/vendor/modernc.org/memory/mmap_unix.go
index de57b8823..ef6c9a539 100644
--- a/vendor/modernc.org/memory/mmap_unix.go
+++ b/vendor/modernc.org/memory/mmap_unix.go
@@ -2,16 +2,16 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE-MMAP-GO file.
 
-//go:build darwin || dragonfly || freebsd || linux || (solaris && !illumos) || netbsd
-// +build darwin dragonfly freebsd linux solaris,!illumos netbsd
+//go:build unix
 
 // Modifications (c) 2017 The Memory Authors.
 
 package memory // import "modernc.org/memory"
 
 import (
+	"golang.org/x/sys/unix"
 	"os"
-	"syscall"
+	"unsafe"
 )
 
 const pageSizeLog = 20
@@ -22,28 +22,18 @@ var (
 )
 
 func unmap(addr uintptr, size int) error {
-	_, _, errno := syscall.Syscall(syscall.SYS_MUNMAP, addr, uintptr(size), 0)
-	if errno != 0 {
-		return errno
-	}
-
-	return nil
+	return unix.MunmapPtr(unsafe.Pointer(addr), uintptr(size))
 }
 
 // pageSize aligned.
 func mmap(size int) (uintptr, int, error) {
 	size = roundup(size, osPageSize)
-
-	// The actual mmap syscall varies by architecture. mmapSyscall provides same
-	// functionality as the unexported funtion syscall.mmap and is declared in
-	// mmap_*_*.go and mmap_fallback.go. To add support for a new architecture,
-	// check function mmap in src/syscall/syscall_*_*.go or
-	// src/syscall/zsyscall_*_*.go in Go's source code.
-	p, err := mmapSyscall(0, uintptr(size+pageSize), syscall.PROT_READ|syscall.PROT_WRITE, syscall.MAP_PRIVATE|syscall.MAP_ANON, -1, 0)
+	up, err := unix.MmapPtr(-1, 0, nil, uintptr(size+pageSize), unix.PROT_READ|unix.PROT_WRITE, unix.MAP_PRIVATE|unix.MAP_ANON)
 	if err != nil {
 		return 0, 0, err
 	}
 
+	p := uintptr(up)
 	n := size + pageSize
 	if p&uintptr(osPageMask) != 0 {
 		panic("internal error")
diff --git a/vendor/modernc.org/memory/mmap_windows.go b/vendor/modernc.org/memory/mmap_windows.go
index f085a22ce..f88e51606 100644
--- a/vendor/modernc.org/memory/mmap_windows.go
+++ b/vendor/modernc.org/memory/mmap_windows.go
@@ -5,8 +5,8 @@
 package memory // import "modernc.org/memory"
 
 import (
-	"os"
 	syscall "golang.org/x/sys/windows"
+	"os"
 )
 
 const (
diff --git a/vendor/modernc.org/sqlite/Makefile b/vendor/modernc.org/sqlite/Makefile
index f1d70c7a6..a72da1c9e 100644
--- a/vendor/modernc.org/sqlite/Makefile
+++ b/vendor/modernc.org/sqlite/Makefile
@@ -56,13 +56,13 @@ clean:
 	go clean
 
 edit:
-	@if [ -f "Session.vim" ]; then gvim -S & else gvim -p Makefile go.mod builder.json all_test.go vendor_libsqlite3.go & fi
+	@if [ -f "Session.vim" ]; then gvim -S & else gvim -p Makefile go.mod builder.json all_test.go & fi
 
 editor:
 	gofmt -l -s -w .
 	go test -c -o /dev/null
 	go build -v  -o /dev/null ./...
-	go build -o /dev/null vendor_libsqlite3.go
+	cd vendor_libsqlite3 && go build -o /dev/null main.go
 
 test:
 	go test -v -timeout 24h
diff --git a/vendor/modernc.org/sqlite/lib/mutex.go b/vendor/modernc.org/sqlite/lib/mutex.go
index 0780f5f94..305b24610 100644
--- a/vendor/modernc.org/sqlite/lib/mutex.go
+++ b/vendor/modernc.org/sqlite/lib/mutex.go
@@ -59,170 +59,40 @@ var (
 		}{mutexNotheld})),
 	}
 
-	MutexCounters = libc.NewPerfCounter([]string{
-		"enter-fast",
-		"enter-recursive",
-		"enter-recursive-loop",
-		"try-fast",
-		"try-recursive",
-	})
-	MutexEnterCallers = libc.NewStackCapture(4)
+	mutexApp10   mutex
+	mutexApp20   mutex
+	mutexApp30   mutex
+	mutexLRU0    mutex
+	mutexMaster0 mutex
+	mutexMem0    mutex
+	mutexOpen0   mutex
+	mutexPMem0   mutex
+	mutexPRNG0   mutex
+	mutexVFS10   mutex
+	mutexVFS20   mutex
+	mutexVFS30   mutex
 
-	mutexes mutexPool
-
-	mutexApp1   = mutexes.alloc(false)
-	mutexApp2   = mutexes.alloc(false)
-	mutexApp3   = mutexes.alloc(false)
-	mutexLRU    = mutexes.alloc(false)
-	mutexMaster = mutexes.alloc(false)
-	mutexMem    = mutexes.alloc(false)
-	mutexOpen   = mutexes.alloc(false)
-	mutexPMem   = mutexes.alloc(false)
-	mutexPRNG   = mutexes.alloc(false)
-	mutexVFS1   = mutexes.alloc(false)
-	mutexVFS2   = mutexes.alloc(false)
-	mutexVFS3   = mutexes.alloc(false)
+	mutexApp1   = uintptr(unsafe.Pointer(&mutexApp10))
+	mutexApp2   = uintptr(unsafe.Pointer(&mutexApp20))
+	mutexApp3   = uintptr(unsafe.Pointer(&mutexApp30))
+	mutexLRU    = uintptr(unsafe.Pointer(&mutexLRU0))
+	mutexMaster = uintptr(unsafe.Pointer(&mutexMaster0))
+	mutexMem    = uintptr(unsafe.Pointer(&mutexMem0))
+	mutexOpen   = uintptr(unsafe.Pointer(&mutexOpen0))
+	mutexPMem   = uintptr(unsafe.Pointer(&mutexPMem0))
+	mutexPRNG   = uintptr(unsafe.Pointer(&mutexPRNG0))
+	mutexVFS1   = uintptr(unsafe.Pointer(&mutexVFS10))
+	mutexVFS2   = uintptr(unsafe.Pointer(&mutexVFS20))
+	mutexVFS3   = uintptr(unsafe.Pointer(&mutexVFS30))
 )
 
-type mutexPool struct {
-	sync.Mutex
-	a        []*[256]mutex
-	freeList []int
-}
-
-func mutexFromPtr(p uintptr) *mutex {
-	if p == 0 {
-		return nil
-	}
-
-	ix := p - 1
-
-	mutexes.Lock()
-	defer mutexes.Unlock()
-
-	return &mutexes.a[ix>>8][ix&255]
-}
-
-func (m *mutexPool) alloc(recursive bool) uintptr {
-	m.Lock()
-	defer m.Unlock()
-
-	n := len(m.freeList)
-	if n == 0 {
-		outer := len(m.a) << 8
-		m.a = append(m.a, &[256]mutex{})
-		for i := 0; i < 256; i++ {
-			m.freeList = append(m.freeList, outer+i)
-		}
-		n = len(m.freeList)
-	}
-	ix := m.freeList[n-1]
-	outer := ix >> 8
-	inner := ix & 255
-	m.freeList = m.freeList[:n-1]
-	p := &m.a[outer][inner]
-	p.poolIndex = ix
-	p.recursive = recursive
-	return uintptr(ix) + 1
-}
-
-func (m *mutexPool) free(p uintptr) {
-	ptr := mutexFromPtr(p)
-	ix := ptr.poolIndex
-	*ptr = mutex{}
-
-	m.Lock()
-	defer m.Unlock()
-
-	m.freeList = append(m.freeList, ix)
-}
-
 type mutex struct {
 	sync.Mutex
-	wait sync.Mutex
-
-	poolIndex int
-
-	cnt int32
-	id  int32
-
+	cnt       int32
+	id        int32 // tls.ID
 	recursive bool
 }
 
-func (m *mutex) enter(id int32) {
-	// MutexEnterCallers.Record()
-	if !m.recursive {
-		// MutexCounters.Inc(0)
-		m.Lock()
-		m.id = id
-		return
-	}
-
-	// MutexCounters.Inc(1)
-	for {
-		m.Lock()
-		switch m.id {
-		case 0:
-			m.cnt = 1
-			m.id = id
-			m.wait.Lock()
-			m.Unlock()
-			return
-		case id:
-			m.cnt++
-			m.Unlock()
-			return
-		}
-
-		// MutexCounters.Inc(2)
-		m.Unlock()
-		m.wait.Lock()
-		//lint:ignore SA2001 TODO report staticcheck issue
-		m.wait.Unlock()
-	}
-}
-
-func (m *mutex) try(id int32) int32 {
-	if !m.recursive {
-		// MutexCounters.Inc(3)
-		return SQLITE_BUSY
-	}
-
-	// MutexCounters.Inc(4)
-	m.Lock()
-	switch m.id {
-	case 0:
-		m.cnt = 1
-		m.id = id
-		m.wait.Lock()
-		m.Unlock()
-		return SQLITE_OK
-	case id:
-		m.cnt++
-		m.Unlock()
-		return SQLITE_OK
-	}
-
-	m.Unlock()
-	return SQLITE_BUSY
-}
-
-func (m *mutex) leave(id int32) {
-	if !m.recursive {
-		m.id = 0
-		m.Unlock()
-		return
-	}
-
-	m.Lock()
-	m.cnt--
-	if m.cnt == 0 {
-		m.id = 0
-		m.wait.Unlock()
-	}
-	m.Unlock()
-}
-
 // int (*xMutexInit)(void);
 //
 // The xMutexInit method defined by this structure is invoked as part of system
@@ -287,14 +157,15 @@ func mutexEnd(tls *libc.TLS) int32 { return SQLITE_OK }
 // SQLITE_MUTEX_RECURSIVE) is used then sqlite3_mutex_alloc() returns a
 // different mutex on every call. For the static mutex types, the same mutex is
 // returned on every call that has the same type number.
-func mutexAlloc(tls *libc.TLS, typ int32) uintptr {
-	defer func() {
-	}()
+func mutexAlloc(tls *libc.TLS, typ int32) (r uintptr) {
 	switch typ {
 	case SQLITE_MUTEX_FAST:
-		return mutexes.alloc(false)
+		r = libc.Xcalloc(tls, 1, types.Size_t(unsafe.Sizeof(mutex{})))
+		return r
 	case SQLITE_MUTEX_RECURSIVE:
-		return mutexes.alloc(true)
+		r = libc.Xcalloc(tls, 1, types.Size_t(unsafe.Sizeof(mutex{})))
+		(*mutex)(unsafe.Pointer(r)).recursive = true
+		return r
 	case SQLITE_MUTEX_STATIC_MASTER:
 		return mutexMaster
 	case SQLITE_MUTEX_STATIC_MEM:
@@ -325,7 +196,9 @@ func mutexAlloc(tls *libc.TLS, typ int32) uintptr {
 }
 
 // void (*xMutexFree)(sqlite3_mutex *);
-func mutexFree(tls *libc.TLS, m uintptr) { mutexes.free(m) }
+func mutexFree(tls *libc.TLS, m uintptr) {
+	libc.Xfree(tls, m)
+}
 
 // The sqlite3_mutex_enter() and sqlite3_mutex_try() routines attempt to enter
 // a mutex. If another thread is already within the mutex,
@@ -346,7 +219,34 @@ func mutexEnter(tls *libc.TLS, m uintptr) {
 	if m == 0 {
 		return
 	}
-	mutexFromPtr(m).enter(tls.ID)
+
+	if !(*mutex)(unsafe.Pointer(m)).recursive {
+		(*mutex)(unsafe.Pointer(m)).Lock()
+		(*mutex)(unsafe.Pointer(m)).id = tls.ID
+		return
+	}
+
+	id := tls.ID
+	if atomic.CompareAndSwapInt32(&(*mutex)(unsafe.Pointer(m)).id, 0, id) {
+		(*mutex)(unsafe.Pointer(m)).cnt = 1
+		(*mutex)(unsafe.Pointer(m)).Lock()
+		return
+	}
+
+	if atomic.LoadInt32(&(*mutex)(unsafe.Pointer(m)).id) == id {
+		(*mutex)(unsafe.Pointer(m)).cnt++
+		return
+	}
+
+	for {
+		(*mutex)(unsafe.Pointer(m)).Lock()
+		if atomic.CompareAndSwapInt32(&(*mutex)(unsafe.Pointer(m)).id, 0, id) {
+			(*mutex)(unsafe.Pointer(m)).cnt = 1
+			return
+		}
+
+		(*mutex)(unsafe.Pointer(m)).Unlock()
+	}
 }
 
 // int (*xMutexTry)(sqlite3_mutex *);
@@ -355,7 +255,13 @@ func mutexTry(tls *libc.TLS, m uintptr) int32 {
 		return SQLITE_OK
 	}
 
-	return mutexFromPtr(m).try(tls.ID)
+	if !(*mutex)(unsafe.Pointer(m)).recursive {
+		if (*mutex)(unsafe.Pointer(m)).TryLock() {
+			return SQLITE_OK
+		}
+	}
+
+	return SQLITE_BUSY
 }
 
 // void (*xMutexLeave)(sqlite3_mutex *);
@@ -364,7 +270,16 @@ func mutexLeave(tls *libc.TLS, m uintptr) {
 		return
 	}
 
-	mutexFromPtr(m).leave(tls.ID)
+	if !(*mutex)(unsafe.Pointer(m)).recursive {
+		(*mutex)(unsafe.Pointer(m)).id = 0
+		(*mutex)(unsafe.Pointer(m)).Unlock()
+		return
+	}
+
+	if atomic.AddInt32(&(*mutex)(unsafe.Pointer(m)).cnt, -1) == 0 {
+		atomic.StoreInt32(&(*mutex)(unsafe.Pointer(m)).id, 0)
+		(*mutex)(unsafe.Pointer(m)).Unlock()
+	}
 }
 
 // The sqlite3_mutex_held() and sqlite3_mutex_notheld() routines are intended
@@ -397,7 +312,7 @@ func mutexHeld(tls *libc.TLS, m uintptr) int32 {
 		return 1
 	}
 
-	return libc.Bool32(atomic.LoadInt32(&mutexFromPtr(m).id) == tls.ID)
+	return libc.Bool32(atomic.LoadInt32(&(*mutex)(unsafe.Pointer(m)).id) == tls.ID)
 }
 
 // int (*xMutexNotheld)(sqlite3_mutex *);
@@ -406,5 +321,5 @@ func mutexNotheld(tls *libc.TLS, m uintptr) int32 {
 		return 1
 	}
 
-	return libc.Bool32(atomic.LoadInt32(&mutexFromPtr(m).id) != tls.ID)
+	return libc.Bool32(atomic.LoadInt32(&(*mutex)(unsafe.Pointer(m)).id) != tls.ID)
 }
diff --git a/vendor/modernc.org/sqlite/lib/sqlite_freebsd_386.go b/vendor/modernc.org/sqlite/lib/sqlite_freebsd_386.go
index 3fc6a8302..8d6fc9939 100644
--- a/vendor/modernc.org/sqlite/lib/sqlite_freebsd_386.go
+++ b/vendor/modernc.org/sqlite/lib/sqlite_freebsd_386.go
@@ -113738,8 +113738,8 @@ var mu mutex
 func init() { mu.recursive = true }
 
 func Xsqlite3_initialize(tls *libc.TLS) int32 {
-	mu.enter(tls.ID)
-	defer mu.leave(tls.ID)
+	mutexEnter(tls, uintptr(unsafe.Pointer(&mu)))
+	defer mutexLeave(tls, uintptr(unsafe.Pointer(&mu)))
 
 	var pMainMtx uintptr
 	var rc int32
diff --git a/vendor/modernc.org/sqlite/lib/sqlite_freebsd_arm.go b/vendor/modernc.org/sqlite/lib/sqlite_freebsd_arm.go
index fd1930ace..ca50c9f3e 100644
--- a/vendor/modernc.org/sqlite/lib/sqlite_freebsd_arm.go
+++ b/vendor/modernc.org/sqlite/lib/sqlite_freebsd_arm.go
@@ -113799,8 +113799,8 @@ var mu mutex
 func init() { mu.recursive = true }
 
 func Xsqlite3_initialize(tls *libc.TLS) int32 {
-	mu.enter(tls.ID)
-	defer mu.leave(tls.ID)
+	mutexEnter(tls, uintptr(unsafe.Pointer(&mu)))
+	defer mutexLeave(tls, uintptr(unsafe.Pointer(&mu)))
 
 	var pMainMtx uintptr
 	var rc int32
diff --git a/vendor/modernc.org/sqlite/lib/sqlite_linux_arm64.go b/vendor/modernc.org/sqlite/lib/sqlite_linux_arm64.go
index e3af6dee9..1188413aa 100644
--- a/vendor/modernc.org/sqlite/lib/sqlite_linux_arm64.go
+++ b/vendor/modernc.org/sqlite/lib/sqlite_linux_arm64.go
@@ -14386,10 +14386,10 @@ func _toLocaltime(tls *libc.TLS, p uintptr, pCtx uintptr) (r int32) {
 		(*(*TDateTime)(unsafe.Pointer(bp + 64))).FY += iYearDiff
 		(*(*TDateTime)(unsafe.Pointer(bp + 64))).FvalidJD = uint8(0)
 		_computeJD(tls, bp+64)
-		*(*Ttime_t)(unsafe.Pointer(bp)) = int64((*(*TDateTime)(unsafe.Pointer(bp + 64))).FiJD/libc.Int64FromInt32(1000) - libc.Int64FromInt32(21086676)*libc.Int64FromInt32(10000))
+		*(*Ttime_t)(unsafe.Pointer(bp)) = (*(*TDateTime)(unsafe.Pointer(bp + 64))).FiJD/libc.Int64FromInt32(1000) - libc.Int64FromInt32(21086676)*libc.Int64FromInt32(10000)
 	} else {
 		iYearDiff = 0
-		*(*Ttime_t)(unsafe.Pointer(bp)) = int64((*TDateTime)(unsafe.Pointer(p)).FiJD/libc.Int64FromInt32(1000) - libc.Int64FromInt32(21086676)*libc.Int64FromInt32(10000))
+		*(*Ttime_t)(unsafe.Pointer(bp)) = (*TDateTime)(unsafe.Pointer(p)).FiJD/libc.Int64FromInt32(1000) - libc.Int64FromInt32(21086676)*libc.Int64FromInt32(10000)
 	}
 	if _osLocaltime(tls, bp, bp+8) != 0 {
 		Xsqlite3_result_error(tls, pCtx, __ccgo_ts+1212, -int32(1))
@@ -18748,7 +18748,7 @@ func Xsqlite3_str_vappendf(tls *libc.TLS, pAccum uintptr, fmt uintptr, ap Tva_li
 					if libc.Int32FromUint8(flag_long) == int32(2) {
 						v = libc.VaInt64(&ap)
 					} else {
-						v = int64(libc.VaInt64(&ap))
+						v = libc.VaInt64(&ap)
 					}
 				} else {
 					v = int64(libc.VaInt32(&ap))
@@ -18770,7 +18770,7 @@ func Xsqlite3_str_vappendf(tls *libc.TLS, pAccum uintptr, fmt uintptr, ap Tva_li
 					if libc.Int32FromUint8(flag_long) == int32(2) {
 						longvalue = libc.VaUint64(&ap)
 					} else {
-						longvalue = uint64(libc.VaUint64(&ap))
+						longvalue = libc.VaUint64(&ap)
 					}
 				} else {
 					longvalue = uint64(libc.VaUint32(&ap))
@@ -27188,7 +27188,7 @@ func _unixOpenSharedMemory(tls *libc.TLS, pDbFd uintptr) (r int32) {
 			goto shm_open_err
 		}
 		nShmFilename = int32(6) + libc.Int32FromUint64(libc.Xstrlen(tls, zBasePath))
-		pShmNode = Xsqlite3_malloc64(tls, uint64(uint64(96)+libc.Uint64FromInt32(nShmFilename)))
+		pShmNode = Xsqlite3_malloc64(tls, uint64(96)+libc.Uint64FromInt32(nShmFilename))
 		if pShmNode == uintptr(0) {
 			rc = int32(SQLITE_NOMEM)
 			goto shm_open_err
@@ -27363,7 +27363,7 @@ func _unixShmMap(tls *libc.TLS, fd uintptr, iRegion int32, szRegion int32, bExte
 				} else {
 					v2 = libc.Int32FromInt32(PROT_READ) | libc.Int32FromInt32(PROT_WRITE)
 				}
-				pMem = (*(*func(*libc.TLS, uintptr, Tsize_t, int32, int32, int32, Toff_t) uintptr)(unsafe.Pointer(&struct{ uintptr }{_aSyscall[int32(22)].FpCurrent})))(tls, uintptr(0), libc.Uint64FromInt32(nMap), v2, int32(MAP_SHARED), (*TunixShmNode)(unsafe.Pointer(pShmNode)).FhShm, int64(int64(szRegion)*libc.Int64FromUint16((*TunixShmNode)(unsafe.Pointer(pShmNode)).FnRegion)))
+				pMem = (*(*func(*libc.TLS, uintptr, Tsize_t, int32, int32, int32, Toff_t) uintptr)(unsafe.Pointer(&struct{ uintptr }{_aSyscall[int32(22)].FpCurrent})))(tls, uintptr(0), libc.Uint64FromInt32(nMap), v2, int32(MAP_SHARED), (*TunixShmNode)(unsafe.Pointer(pShmNode)).FhShm, int64(szRegion)*libc.Int64FromUint16((*TunixShmNode)(unsafe.Pointer(pShmNode)).FnRegion))
 				if pMem == uintptr(-libc.Int32FromInt32(1)) {
 					rc = _unixLogErrorAtLine(tls, libc.Int32FromInt32(SQLITE_IOERR)|libc.Int32FromInt32(21)<<libc.Int32FromInt32(8), __ccgo_ts+3620, (*TunixShmNode)(unsafe.Pointer(pShmNode)).FzFilename, int32(43513))
 					goto shmpage_out
@@ -29973,12 +29973,12 @@ func _memdbOpen(tls *libc.TLS, pVfs uintptr, zName uintptr, pFd uintptr, flags i
 			i++
 		}
 		if p == uintptr(0) {
-			p = _sqlite3Malloc(tls, uint64(uint64(72)+libc.Uint64FromInt32(szName)+uint64(3)))
+			p = _sqlite3Malloc(tls, uint64(72)+libc.Uint64FromInt32(szName)+uint64(3))
 			if p == uintptr(0) {
 				Xsqlite3_mutex_leave(tls, pVfsMutex)
 				return int32(SQLITE_NOMEM)
 			}
-			apNew = _sqlite3Realloc(tls, _memdb_g.FapMemStore, uint64(uint64(8)*libc.Uint64FromInt32(_memdb_g.FnMemStore+libc.Int32FromInt32(1))))
+			apNew = _sqlite3Realloc(tls, _memdb_g.FapMemStore, uint64(8)*libc.Uint64FromInt32(_memdb_g.FnMemStore+libc.Int32FromInt32(1)))
 			if apNew == uintptr(0) {
 				Xsqlite3_free(tls, p)
 				Xsqlite3_mutex_leave(tls, pVfsMutex)
@@ -38246,7 +38246,7 @@ func _sqlite3PagerOpen(tls *libc.TLS, pVfs uintptr, ppPager uintptr, zFilename u
 	 ** specific formatting and order of the various filenames, so if the format
 	 ** changes here, be sure to change it there as well.
 	 */
-	pPtr = _sqlite3MallocZero(tls, uint64((libc.Uint64FromInt64(312)+libc.Uint64FromInt32(7))&libc.Uint64FromInt32(^libc.Int32FromInt32(7))+libc.Uint64FromInt32((pcacheSize+libc.Int32FromInt32(7)) & ^libc.Int32FromInt32(7))+libc.Uint64FromInt32(((*Tsqlite3_vfs)(unsafe.Pointer(pVfs)).FszOsFile+libc.Int32FromInt32(7)) & ^libc.Int32FromInt32(7))+libc.Uint64FromInt32(journalFileSize*int32(2))+uint64(__SIZEOF_POINTER__)+uint64(4)+libc.Uint64FromInt32(nPathname)+uint64(1)+libc.Uint64FromInt32(nUriByte)+libc.Uint64FromInt32(nPathname)+uint64(8)+uint64(1)+libc.Uint64FromInt32(nPathname)+uint64(4)+uint64(1)+uint64(3)))
+	pPtr = _sqlite3MallocZero(tls, (libc.Uint64FromInt64(312)+libc.Uint64FromInt32(7))&libc.Uint64FromInt32(^libc.Int32FromInt32(7))+libc.Uint64FromInt32((pcacheSize+libc.Int32FromInt32(7)) & ^libc.Int32FromInt32(7))+libc.Uint64FromInt32(((*Tsqlite3_vfs)(unsafe.Pointer(pVfs)).FszOsFile+libc.Int32FromInt32(7)) & ^libc.Int32FromInt32(7))+libc.Uint64FromInt32(journalFileSize*int32(2))+uint64(__SIZEOF_POINTER__)+uint64(4)+libc.Uint64FromInt32(nPathname)+uint64(1)+libc.Uint64FromInt32(nUriByte)+libc.Uint64FromInt32(nPathname)+uint64(8)+uint64(1)+libc.Uint64FromInt32(nPathname)+uint64(4)+uint64(1)+uint64(3))
 	if !(pPtr != 0) {
 		_sqlite3DbFree(tls, uintptr(0), zPathname)
 		return int32(SQLITE_NOMEM)
@@ -40011,7 +40011,7 @@ func _pagerOpenSavepoint(tls *libc.TLS, pPager uintptr, nSavepoint int32) (r int
 	 ** if the allocation fails. Otherwise, zero the new portion in case a
 	 ** malloc failure occurs while populating it in the for(...) loop below.
 	 */
-	aNew = _sqlite3Realloc(tls, (*TPager)(unsafe.Pointer(pPager)).FaSavepoint, uint64(uint64(56)*libc.Uint64FromInt32(nSavepoint)))
+	aNew = _sqlite3Realloc(tls, (*TPager)(unsafe.Pointer(pPager)).FaSavepoint, uint64(56)*libc.Uint64FromInt32(nSavepoint))
 	if !(aNew != 0) {
 		return int32(SQLITE_NOMEM)
 	}
@@ -41488,7 +41488,7 @@ func _walIndexPageRealloc(tls *libc.TLS, pWal uintptr, iPage int32, ppPage uintp
 	}
 	/* Request a pointer to the required page from the VFS */
 	if libc.Int32FromUint8((*TWal)(unsafe.Pointer(pWal)).FexclusiveMode) == int32(WAL_HEAPMEMORY_MODE) {
-		*(*uintptr)(unsafe.Pointer((*TWal)(unsafe.Pointer(pWal)).FapWiData + uintptr(iPage)*8)) = _sqlite3MallocZero(tls, uint64(libc.Uint64FromInt64(2)*libc.Uint64FromInt32(libc.Int32FromInt32(HASHTABLE_NPAGE)*libc.Int32FromInt32(2))+libc.Uint64FromInt32(HASHTABLE_NPAGE)*libc.Uint64FromInt64(4)))
+		*(*uintptr)(unsafe.Pointer((*TWal)(unsafe.Pointer(pWal)).FapWiData + uintptr(iPage)*8)) = _sqlite3MallocZero(tls, libc.Uint64FromInt64(2)*libc.Uint64FromInt32(libc.Int32FromInt32(HASHTABLE_NPAGE)*libc.Int32FromInt32(2))+libc.Uint64FromInt32(HASHTABLE_NPAGE)*libc.Uint64FromInt64(4))
 		if !(*(*uintptr)(unsafe.Pointer((*TWal)(unsafe.Pointer(pWal)).FapWiData + uintptr(iPage)*8)) != 0) {
 			rc = int32(SQLITE_NOMEM)
 		}
@@ -42111,7 +42111,7 @@ func _walIndexRecover(tls *libc.TLS, pWal uintptr) (r int32) {
 		}
 		/* Malloc a buffer to read frames into. */
 		szFrame = szPage + int32(WAL_FRAME_HDRSIZE)
-		aFrame = Xsqlite3_malloc64(tls, uint64(libc.Uint64FromInt32(szFrame)+(libc.Uint64FromInt64(2)*libc.Uint64FromInt32(libc.Int32FromInt32(HASHTABLE_NPAGE)*libc.Int32FromInt32(2))+libc.Uint64FromInt32(HASHTABLE_NPAGE)*libc.Uint64FromInt64(4))))
+		aFrame = Xsqlite3_malloc64(tls, libc.Uint64FromInt32(szFrame)+(libc.Uint64FromInt64(2)*libc.Uint64FromInt32(libc.Int32FromInt32(HASHTABLE_NPAGE)*libc.Int32FromInt32(2))+libc.Uint64FromInt32(HASHTABLE_NPAGE)*libc.Uint64FromInt64(4)))
 		if !(aFrame != 0) {
 			rc = int32(SQLITE_NOMEM)
 			goto recovery_error
@@ -42323,7 +42323,7 @@ func _sqlite3WalOpen(tls *libc.TLS, pVfs uintptr, pDbFd uintptr, zWalName uintpt
 	 */
 	/* Allocate an instance of struct Wal to return. */
 	*(*uintptr)(unsafe.Pointer(ppWal)) = uintptr(0)
-	pRet = _sqlite3MallocZero(tls, uint64(uint64(160)+libc.Uint64FromInt32((*Tsqlite3_vfs)(unsafe.Pointer(pVfs)).FszOsFile)))
+	pRet = _sqlite3MallocZero(tls, uint64(160)+libc.Uint64FromInt32((*Tsqlite3_vfs)(unsafe.Pointer(pVfs)).FszOsFile))
 	if !(pRet != 0) {
 		return int32(SQLITE_NOMEM)
 	}
@@ -48006,7 +48006,7 @@ func _zeroPage(tls *libc.TLS, pPage uintptr, flags int32) {
 	if libc.Int32FromUint16((*TBtShared)(unsafe.Pointer(pBt)).FbtsFlags)&int32(BTS_FAST_SECURE) != 0 {
 		libc.Xmemset(tls, data+uintptr(hdr), 0, uint64((*TBtShared)(unsafe.Pointer(pBt)).FusableSize-uint32(hdr)))
 	}
-	*(*uint8)(unsafe.Pointer(data + uintptr(hdr))) = uint8(libc.Uint8FromInt32(flags))
+	*(*uint8)(unsafe.Pointer(data + uintptr(hdr))) = libc.Uint8FromInt32(flags)
 	if flags&int32(PTF_LEAF) == 0 {
 		v1 = int32(12)
 	} else {
@@ -50792,7 +50792,7 @@ func _accessPayload(tls *libc.TLS, pCur uintptr, offset Tu32, amt Tu32, pBuf uin
 				if _sqlite3FaultSim(tls, int32(413)) != 0 {
 					aNew = uintptr(0)
 				} else {
-					aNew = _sqlite3Realloc(tls, (*TBtCursor)(unsafe.Pointer(pCur)).FaOverflow, uint64(libc.Uint64FromInt32(nOvfl*int32(2))*uint64(4)))
+					aNew = _sqlite3Realloc(tls, (*TBtCursor)(unsafe.Pointer(pCur)).FaOverflow, libc.Uint64FromInt32(nOvfl*int32(2))*uint64(4))
 				}
 				if aNew == uintptr(0) {
 					return int32(SQLITE_NOMEM)
@@ -59384,7 +59384,7 @@ func _valueFromFunction(tls *libc.TLS, db uintptr, p uintptr, enc Tu8, aff Tu8,
 		return SQLITE_OK
 	}
 	if pList != 0 {
-		apVal = _sqlite3DbMallocZero(tls, db, uint64(uint64(8)*libc.Uint64FromInt32(nVal)))
+		apVal = _sqlite3DbMallocZero(tls, db, uint64(8)*libc.Uint64FromInt32(nVal))
 		if apVal == uintptr(0) {
 			rc = int32(SQLITE_NOMEM)
 			goto value_from_function_out
@@ -60518,7 +60518,7 @@ func _resizeResolveLabel(tls *libc.TLS, p uintptr, v uintptr, j int32) {
 	var nNewSize int32
 	_ = nNewSize
 	nNewSize = int32(10) - (*TParse)(unsafe.Pointer(p)).FnLabel
-	(*TParse)(unsafe.Pointer(p)).FaLabel = _sqlite3DbReallocOrFree(tls, (*TParse)(unsafe.Pointer(p)).Fdb, (*TParse)(unsafe.Pointer(p)).FaLabel, uint64(libc.Uint64FromInt32(nNewSize)*uint64(4)))
+	(*TParse)(unsafe.Pointer(p)).FaLabel = _sqlite3DbReallocOrFree(tls, (*TParse)(unsafe.Pointer(p)).Fdb, (*TParse)(unsafe.Pointer(p)).FaLabel, libc.Uint64FromInt32(nNewSize)*uint64(4))
 	if (*TParse)(unsafe.Pointer(p)).FaLabel == uintptr(0) {
 		(*TParse)(unsafe.Pointer(p)).FnLabelAlloc = 0
 	} else {
@@ -62091,7 +62091,7 @@ func _sqlite3VdbeSetNumCols(tls *libc.TLS, p uintptr, nResColumn int32) {
 	v1 = libc.Uint16FromInt32(nResColumn)
 	(*TVdbe)(unsafe.Pointer(p)).FnResAlloc = v1
 	(*TVdbe)(unsafe.Pointer(p)).FnResColumn = v1
-	(*TVdbe)(unsafe.Pointer(p)).FaColName = _sqlite3DbMallocRawNN(tls, db, uint64(uint64(56)*libc.Uint64FromInt32(n)))
+	(*TVdbe)(unsafe.Pointer(p)).FaColName = _sqlite3DbMallocRawNN(tls, db, uint64(56)*libc.Uint64FromInt32(n))
 	if (*TVdbe)(unsafe.Pointer(p)).FaColName == uintptr(0) {
 		return
 	}
@@ -67056,7 +67056,7 @@ func Xsqlite3_preupdate_new(tls *libc.TLS, db uintptr, iIdx int32, ppValue uintp
 		 ** caller may modify the value text encoding.
 		 */
 		if !((*TPreUpdate)(unsafe.Pointer(p)).FaNew != 0) {
-			(*TPreUpdate)(unsafe.Pointer(p)).FaNew = _sqlite3DbMallocZero(tls, db, uint64(uint64(56)*libc.Uint64FromInt16((*TVdbeCursor)(unsafe.Pointer((*TPreUpdate)(unsafe.Pointer(p)).FpCsr)).FnField)))
+			(*TPreUpdate)(unsafe.Pointer(p)).FaNew = _sqlite3DbMallocZero(tls, db, uint64(56)*libc.Uint64FromInt16((*TVdbeCursor)(unsafe.Pointer((*TPreUpdate)(unsafe.Pointer(p)).FpCsr)).FnField))
 			if !((*TPreUpdate)(unsafe.Pointer(p)).FaNew != 0) {
 				rc = int32(SQLITE_NOMEM)
 				goto preupdate_new_out
@@ -70886,7 +70886,7 @@ func _sqlite3VdbeExec(tls *libc.TLS, p uintptr) (r int32) {
 					goto abort_due_to_error
 				}
 				/* Create a new savepoint structure. */
-				pNew = _sqlite3DbMallocRawNN(tls, db, uint64(uint64(32)+libc.Uint64FromInt32(nName)+uint64(1)))
+				pNew = _sqlite3DbMallocRawNN(tls, db, uint64(32)+libc.Uint64FromInt32(nName)+uint64(1))
 				if pNew != 0 {
 					(*TSavepoint)(unsafe.Pointer(pNew)).FzName = pNew + 1*32
 					libc.Xmemcpy(tls, (*TSavepoint)(unsafe.Pointer(pNew)).FzName, zName, libc.Uint64FromInt32(nName+int32(1)))
@@ -74134,7 +74134,7 @@ func _sqlite3VdbeExec(tls *libc.TLS, p uintptr) (r int32) {
 		 **
 		 ** Note: We could avoid this by using a regular memory cell from aMem[] for
 		 ** the accumulator, instead of allocating one here. */
-		nAlloc = uint64(libc.Uint64FromInt64(56) + libc.Uint64FromInt32(n4-libc.Int32FromInt32(1))*libc.Uint64FromInt64(8))
+		nAlloc = libc.Uint64FromInt64(56) + libc.Uint64FromInt32(n4-libc.Int32FromInt32(1))*libc.Uint64FromInt64(8)
 		pCtx = _sqlite3DbMallocRawNN(tls, db, nAlloc+uint64(56))
 		if pCtx == uintptr(0) {
 			goto no_mem
@@ -83153,7 +83153,7 @@ func _sqlite3ExprAlloc(tls *libc.TLS, db uintptr, op int32, pToken uintptr, dequ
 			nExtra = libc.Int32FromUint32((*TToken)(unsafe.Pointer(pToken)).Fn + uint32(1)) /* tag-20240227-a */
 		}
 	}
-	pNew = _sqlite3DbMallocRawNN(tls, db, uint64(uint64(72)+libc.Uint64FromInt32(nExtra)))
+	pNew = _sqlite3DbMallocRawNN(tls, db, uint64(72)+libc.Uint64FromInt32(nExtra))
 	if pNew != 0 {
 		libc.Xmemset(tls, pNew, 0, uint64(72))
 		(*TExpr)(unsafe.Pointer(pNew)).Fop = libc.Uint8FromInt32(op)
@@ -84205,7 +84205,7 @@ func _sqlite3IdListDup(tls *libc.TLS, db uintptr, p uintptr) (r uintptr) {
 	if p == uintptr(0) {
 		return uintptr(0)
 	}
-	pNew = _sqlite3DbMallocRawNN(tls, db, uint64(uint64(16)+libc.Uint64FromInt32((*TIdList)(unsafe.Pointer(p)).FnId-libc.Int32FromInt32(1))*uint64(8)))
+	pNew = _sqlite3DbMallocRawNN(tls, db, uint64(16)+libc.Uint64FromInt32((*TIdList)(unsafe.Pointer(p)).FnId-libc.Int32FromInt32(1))*uint64(8))
 	if pNew == uintptr(0) {
 		return uintptr(0)
 	}
@@ -84337,7 +84337,7 @@ var _zeroItem = TExprList_item{}
 func _sqlite3ExprListAppendNew(tls *libc.TLS, db uintptr, pExpr uintptr) (r uintptr) {
 	var pItem, pList uintptr
 	_, _ = pItem, pList
-	pList = _sqlite3DbMallocRawNN(tls, db, uint64(libc.Uint64FromInt64(40)+libc.Uint64FromInt64(32)*libc.Uint64FromInt32(4)))
+	pList = _sqlite3DbMallocRawNN(tls, db, libc.Uint64FromInt64(40)+libc.Uint64FromInt64(32)*libc.Uint64FromInt32(4))
 	if pList == uintptr(0) {
 		_sqlite3ExprDelete(tls, db, pExpr)
 		return uintptr(0)
@@ -84355,7 +84355,7 @@ func _sqlite3ExprListAppendGrow(tls *libc.TLS, db uintptr, pList uintptr, pExpr
 	var v1 int32
 	_, _, _, _ = pItem, pNew, v1, v2
 	*(*int32)(unsafe.Pointer(pList + 4)) *= int32(2)
-	pNew = _sqlite3DbRealloc(tls, db, pList, uint64(uint64(40)+libc.Uint64FromInt32((*TExprList)(unsafe.Pointer(pList)).FnAlloc-libc.Int32FromInt32(1))*uint64(32)))
+	pNew = _sqlite3DbRealloc(tls, db, pList, uint64(40)+libc.Uint64FromInt32((*TExprList)(unsafe.Pointer(pList)).FnAlloc-libc.Int32FromInt32(1))*uint64(32))
 	if pNew == uintptr(0) {
 		_sqlite3ExprListDelete(tls, db, pList)
 		_sqlite3ExprDelete(tls, db, pExpr)
@@ -86452,7 +86452,7 @@ func _sqlite3ExprCodeIN(tls *libc.TLS, pParse uintptr, pExpr uintptr, destIfFals
 	}
 	zAff = _exprINAffinity(tls, pParse, pExpr)
 	nVector = _sqlite3ExprVectorSize(tls, (*TExpr)(unsafe.Pointer(pExpr)).FpLeft)
-	aiMap = _sqlite3DbMallocZero(tls, (*TParse)(unsafe.Pointer(pParse)).Fdb, uint64(libc.Uint64FromInt32(nVector)*uint64(4)))
+	aiMap = _sqlite3DbMallocZero(tls, (*TParse)(unsafe.Pointer(pParse)).Fdb, libc.Uint64FromInt32(nVector)*uint64(4))
 	if (*Tsqlite3)(unsafe.Pointer((*TParse)(unsafe.Pointer(pParse)).Fdb)).FmallocFailed != 0 {
 		goto sqlite3ExprCodeIN_oom_error
 	}
@@ -90423,7 +90423,7 @@ func _sqlite3AlterBeginAddColumn(tls *libc.TLS, pParse uintptr, pSrc uintptr) {
 	(*TTable)(unsafe.Pointer(pNew)).FnTabRef = uint32(1)
 	(*TTable)(unsafe.Pointer(pNew)).FnCol = (*TTable)(unsafe.Pointer(pTab)).FnCol
 	nAlloc = (int32((*TTable)(unsafe.Pointer(pNew)).FnCol)-int32(1))/int32(8)*int32(8) + int32(8)
-	(*TTable)(unsafe.Pointer(pNew)).FaCol = _sqlite3DbMallocZero(tls, db, uint64(uint64(16)*libc.Uint64FromInt32(nAlloc)))
+	(*TTable)(unsafe.Pointer(pNew)).FaCol = _sqlite3DbMallocZero(tls, db, uint64(16)*libc.Uint64FromInt32(nAlloc))
 	(*TTable)(unsafe.Pointer(pNew)).FzName = _sqlite3MPrintf(tls, db, __ccgo_ts+10968, libc.VaList(bp+8, (*TTable)(unsafe.Pointer(pTab)).FzName))
 	if !((*TTable)(unsafe.Pointer(pNew)).FaCol != 0) || !((*TTable)(unsafe.Pointer(pNew)).FzName != 0) {
 		goto exit_begin_add_column
@@ -93580,7 +93580,7 @@ func _analyzeOneTable(tls *libc.TLS, pParse uintptr, pTab uintptr, pOnlyIdx uint
 		return
 	}
 	if (*Tsqlite3)(unsafe.Pointer(db)).FxPreUpdateCallback != 0 {
-		pStat1 = _sqlite3DbMallocZero(tls, db, uint64(libc.Uint64FromInt64(104)+libc.Uint64FromInt32(13)))
+		pStat1 = _sqlite3DbMallocZero(tls, db, libc.Uint64FromInt64(104)+libc.Uint64FromInt32(13))
 		if pStat1 == uintptr(0) {
 			return
 		}
@@ -93707,7 +93707,7 @@ func _analyzeOneTable(tls *libc.TLS, pParse uintptr, pTab uintptr, pOnlyIdx uint
 		addrNextRow = _sqlite3VdbeCurrentAddr(tls, v)
 		if nColTest > 0 {
 			endDistinctTest = _sqlite3VdbeMakeLabel(tls, pParse) /* Array of jump instruction addresses */
-			aGotoChng = _sqlite3DbMallocRawNN(tls, db, uint64(uint64(4)*libc.Uint64FromInt32(nColTest)))
+			aGotoChng = _sqlite3DbMallocRawNN(tls, db, uint64(4)*libc.Uint64FromInt32(nColTest))
 			if aGotoChng == uintptr(0) {
 				goto _13
 			}
@@ -94226,7 +94226,7 @@ func _analysisLoader(tls *libc.TLS, pData uintptr, argc int32, argv uintptr, Not
 		 ** sqlite_stat1 entries for this index. In that case just clobber
 		 ** the old data with the new instead of allocating a new array.  */
 		if (*TIndex)(unsafe.Pointer(pIndex)).FaiRowEst == uintptr(0) {
-			(*TIndex)(unsafe.Pointer(pIndex)).FaiRowEst = _sqlite3MallocZero(tls, uint64(uint64(8)*libc.Uint64FromInt32(nCol)))
+			(*TIndex)(unsafe.Pointer(pIndex)).FaiRowEst = _sqlite3MallocZero(tls, uint64(8)*libc.Uint64FromInt32(nCol))
 			if (*TIndex)(unsafe.Pointer(pIndex)).FaiRowEst == uintptr(0) {
 				_sqlite3OomFault(tls, (*TanalysisInfo)(unsafe.Pointer(pInfo)).Fdb)
 			}
@@ -94429,8 +94429,8 @@ func _loadStatTbl(tls *libc.TLS, db uintptr, zSql1 uintptr, zSql2 uintptr, zDb u
 		(*TIndex)(unsafe.Pointer(pIdx)).FnSampleCol = nIdxCol
 		(*TIndex)(unsafe.Pointer(pIdx)).FmxSample = nSample
 		nByte = libc.Int64FromUint64((libc.Uint64FromInt64(40)*libc.Uint64FromInt32(nSample) + libc.Uint64FromInt32(7)) & libc.Uint64FromInt32(^libc.Int32FromInt32(7)))
-		nByte = Ti64(uint64(nByte) + uint64(libc.Uint64FromInt64(8)*libc.Uint64FromInt32(nIdxCol)*libc.Uint64FromInt32(3)*libc.Uint64FromInt32(nSample)))
-		nByte = Ti64(uint64(nByte) + uint64(libc.Uint64FromInt32(nIdxCol)*libc.Uint64FromInt64(8))) /* Space for Index.aAvgEq[] */
+		nByte = Ti64(uint64(nByte) + libc.Uint64FromInt64(8)*libc.Uint64FromInt32(nIdxCol)*libc.Uint64FromInt32(3)*libc.Uint64FromInt32(nSample))
+		nByte = Ti64(uint64(nByte) + libc.Uint64FromInt32(nIdxCol)*libc.Uint64FromInt64(8)) /* Space for Index.aAvgEq[] */
 		(*TIndex)(unsafe.Pointer(pIdx)).FaSample = _sqlite3DbMallocZero(tls, db, libc.Uint64FromInt64(nByte))
 		if (*TIndex)(unsafe.Pointer(pIdx)).FaSample == uintptr(0) {
 			Xsqlite3_finalize(tls, *(*uintptr)(unsafe.Pointer(bp)))
@@ -94830,13 +94830,13 @@ func _attachFunc(tls *libc.TLS, context uintptr, NotUsed int32, argv uintptr) {
 		 ** hash tables.
 		 */
 		if (*Tsqlite3)(unsafe.Pointer(db)).FaDb == db+696 {
-			aNew = _sqlite3DbMallocRawNN(tls, db, uint64(libc.Uint64FromInt64(32)*libc.Uint64FromInt32(3)))
+			aNew = _sqlite3DbMallocRawNN(tls, db, libc.Uint64FromInt64(32)*libc.Uint64FromInt32(3))
 			if aNew == uintptr(0) {
 				return
 			}
 			libc.Xmemcpy(tls, aNew, (*Tsqlite3)(unsafe.Pointer(db)).FaDb, libc.Uint64FromInt64(32)*libc.Uint64FromInt32(2))
 		} else {
-			aNew = _sqlite3DbRealloc(tls, db, (*Tsqlite3)(unsafe.Pointer(db)).FaDb, uint64(uint64(32)*libc.Uint64FromInt32((*Tsqlite3)(unsafe.Pointer(db)).FnDb+libc.Int32FromInt32(1))))
+			aNew = _sqlite3DbRealloc(tls, db, (*Tsqlite3)(unsafe.Pointer(db)).FaDb, uint64(32)*libc.Uint64FromInt32((*Tsqlite3)(unsafe.Pointer(db)).FnDb+libc.Int32FromInt32(1)))
 			if aNew == uintptr(0) {
 				return
 			}
@@ -100766,7 +100766,7 @@ func _sqlite3IdListAppend(tls *libc.TLS, pParse uintptr, pList uintptr, pToken u
 			return uintptr(0)
 		}
 	} else {
-		pNew = _sqlite3DbRealloc(tls, db, pList, uint64(uint64(16)+libc.Uint64FromInt32((*TIdList)(unsafe.Pointer(pList)).FnId)*uint64(8)))
+		pNew = _sqlite3DbRealloc(tls, db, pList, uint64(16)+libc.Uint64FromInt32((*TIdList)(unsafe.Pointer(pList)).FnId)*uint64(8))
 		if pNew == uintptr(0) {
 			_sqlite3IdListDelete(tls, db, pList)
 			return uintptr(0)
@@ -102222,7 +102222,7 @@ func _findCollSeqEntry(tls *libc.TLS, db uintptr, zName uintptr, create int32) (
 	pColl = _sqlite3HashFind(tls, db+648, zName)
 	if uintptr(0) == pColl && create != 0 {
 		nName = _sqlite3Strlen30(tls, zName) + int32(1)
-		pColl = _sqlite3DbMallocZero(tls, db, uint64(libc.Uint64FromInt32(3)*libc.Uint64FromInt64(40)+libc.Uint64FromInt32(nName)))
+		pColl = _sqlite3DbMallocZero(tls, db, libc.Uint64FromInt32(3)*libc.Uint64FromInt64(40)+libc.Uint64FromInt32(nName))
 		if pColl != 0 {
 			pDel = uintptr(0)
 			(*(*TCollSeq)(unsafe.Pointer(pColl))).FzName = pColl + 3*40
@@ -102572,7 +102572,7 @@ func _sqlite3FindFunction(tls *libc.TLS, db uintptr, zName uintptr, nArg int32,
 	 ** new entry to the hash table and return it.
 	 */
 	if v2 = createFlag != 0 && bestScore < int32(FUNC_PERFECT_MATCH); v2 {
-		v1 = _sqlite3DbMallocZero(tls, db, uint64(uint64(72)+libc.Uint64FromInt32(nName)+uint64(1)))
+		v1 = _sqlite3DbMallocZero(tls, db, uint64(72)+libc.Uint64FromInt32(nName)+uint64(1))
 		pBest = v1
 	}
 	if v2 && v1 != uintptr(0) {
@@ -105384,7 +105384,7 @@ func _trimFunc(tls *libc.TLS, context uintptr, argc int32, argv uintptr) {
 				nChar++
 			}
 			if nChar > 0 {
-				azChar = _contextMalloc(tls, context, libc.Int64FromUint64(libc.Uint64FromInt64(int64(nChar))*uint64(libc.Uint64FromInt64(8)+libc.Uint64FromInt64(4))))
+				azChar = _contextMalloc(tls, context, libc.Int64FromUint64(libc.Uint64FromInt64(int64(nChar))*(libc.Uint64FromInt64(8)+libc.Uint64FromInt64(4))))
 				if azChar == uintptr(0) {
 					return
 				}
@@ -106118,7 +106118,7 @@ func _groupConcatStep(tls *libc.TLS, context uintptr, argc int32, argv uintptr)
 					pnsl = (*TGroupConcatCtx)(unsafe.Pointer(pGCC)).FpnSepLengths
 					if pnsl == uintptr(0) {
 						/* First separator length variation seen, start tracking them. */
-						pnsl = Xsqlite3_malloc64(tls, uint64(libc.Uint64FromInt32((*TGroupConcatCtx)(unsafe.Pointer(pGCC)).FnAccum+libc.Int32FromInt32(1))*uint64(4)))
+						pnsl = Xsqlite3_malloc64(tls, libc.Uint64FromInt32((*TGroupConcatCtx)(unsafe.Pointer(pGCC)).FnAccum+libc.Int32FromInt32(1))*uint64(4))
 						if pnsl != uintptr(0) {
 							i = 0
 							nA = (*TGroupConcatCtx)(unsafe.Pointer(pGCC)).FnAccum - int32(1)
@@ -106129,7 +106129,7 @@ func _groupConcatStep(tls *libc.TLS, context uintptr, argc int32, argv uintptr)
 							}
 						}
 					} else {
-						pnsl = Xsqlite3_realloc64(tls, pnsl, uint64(libc.Uint64FromInt32((*TGroupConcatCtx)(unsafe.Pointer(pGCC)).FnAccum)*uint64(4)))
+						pnsl = Xsqlite3_realloc64(tls, pnsl, libc.Uint64FromInt32((*TGroupConcatCtx)(unsafe.Pointer(pGCC)).FnAccum)*uint64(4))
 					}
 					if pnsl != uintptr(0) {
 						if (*TGroupConcatCtx)(unsafe.Pointer(pGCC)).FnAccum > 0 {
@@ -107487,7 +107487,7 @@ func _sqlite3FkLocateIndex(tls *libc.TLS, pParse uintptr, pParent uintptr, pFKey
 		}
 	} else {
 		if paiCol != 0 {
-			aiCol = _sqlite3DbMallocRawNN(tls, (*TParse)(unsafe.Pointer(pParse)).Fdb, uint64(libc.Uint64FromInt32(nCol)*uint64(4)))
+			aiCol = _sqlite3DbMallocRawNN(tls, (*TParse)(unsafe.Pointer(pParse)).Fdb, libc.Uint64FromInt32(nCol)*uint64(4))
 			if !(aiCol != 0) {
 				return int32(1)
 			}
@@ -108775,7 +108775,7 @@ func _fkActionTrigger(tls *libc.TLS, pParse uintptr, pTab uintptr, pFKey uintptr
 		/* Disable lookaside memory allocation */
 		(*Tsqlite3)(unsafe.Pointer(db)).Flookaside.FbDisable++
 		(*Tsqlite3)(unsafe.Pointer(db)).Flookaside.Fsz = uint16(0)
-		pTrigger = _sqlite3DbMallocZero(tls, db, uint64(libc.Uint64FromInt64(72)+libc.Uint64FromInt64(96)+libc.Uint64FromInt32(nFrom)+uint64(1)))
+		pTrigger = _sqlite3DbMallocZero(tls, db, libc.Uint64FromInt64(72)+libc.Uint64FromInt64(96)+libc.Uint64FromInt32(nFrom)+uint64(1))
 		if pTrigger != 0 {
 			v4 = pTrigger + 1*72
 			(*TTrigger)(unsafe.Pointer(pTrigger)).Fstep_list = v4
@@ -110053,7 +110053,7 @@ func _sqlite3Insert(tls *libc.TLS, pParse uintptr, pTabList uintptr, pSelect uin
 	 */
 	bIdListInOrder = libc.BoolUint8((*TTable)(unsafe.Pointer(pTab)).FtabFlags&libc.Uint32FromInt32(libc.Int32FromInt32(TF_OOOHidden)|libc.Int32FromInt32(TF_HasStored)) == uint32(0))
 	if pColumn != 0 {
-		aTabColMap = _sqlite3DbMallocZero(tls, db, uint64(libc.Uint64FromInt16((*TTable)(unsafe.Pointer(pTab)).FnCol)*uint64(4)))
+		aTabColMap = _sqlite3DbMallocZero(tls, db, libc.Uint64FromInt16((*TTable)(unsafe.Pointer(pTab)).FnCol)*uint64(4))
 		if aTabColMap == uintptr(0) {
 			goto insert_cleanup
 		}
@@ -110258,7 +110258,7 @@ func _sqlite3Insert(tls *libc.TLS, pParse uintptr, pTabList uintptr, pSelect uin
 	/* If this is not a view, open the table and and all indices */
 	if !(isView != 0) {
 		nIdx = _sqlite3OpenTableAndIndices(tls, pParse, pTab, int32(OP_OpenWrite), uint8(0), -int32(1), uintptr(0), bp, bp+4)
-		aRegIdx = _sqlite3DbMallocRawNN(tls, db, uint64(uint64(4)*libc.Uint64FromInt32(nIdx+libc.Int32FromInt32(2))))
+		aRegIdx = _sqlite3DbMallocRawNN(tls, db, uint64(4)*libc.Uint64FromInt32(nIdx+libc.Int32FromInt32(2)))
 		if aRegIdx == uintptr(0) {
 			goto insert_cleanup
 		}
@@ -111147,7 +111147,7 @@ func _sqlite3GenerateConstraintChecks(tls *libc.TLS, pParse uintptr, pTab uintpt
 				}
 				(*(*TIndexIterator)(unsafe.Pointer(bp + 8))).FeType = int32(1)
 				*(*int32)(unsafe.Pointer(bp + 8 + 8)) = nIdx
-				nByte = uint64((libc.Uint64FromInt64(16)+libc.Uint64FromInt32(1))*libc.Uint64FromInt32(nIdx) + libc.Uint64FromInt32(nIdx))
+				nByte = (libc.Uint64FromInt64(16)+libc.Uint64FromInt32(1))*libc.Uint64FromInt32(nIdx) + libc.Uint64FromInt32(nIdx)
 				*(*uintptr)(unsafe.Pointer(bp + 8 + 8 + 8)) = _sqlite3DbMallocZero(tls, db, nByte)
 				if *(*uintptr)(unsafe.Pointer(bp + 8 + 8 + 8)) == uintptr(0) {
 					return
@@ -112385,7 +112385,7 @@ func Xsqlite3_exec(tls *libc.TLS, db uintptr, zSql uintptr, xCallback Tsqlite3_c
 			if xCallback != 0 && (int32(SQLITE_ROW) == rc || int32(SQLITE_DONE) == rc && !(callbackIsInit != 0) && (*Tsqlite3)(unsafe.Pointer(db)).Fflags&uint64(SQLITE_NullCallback) != 0) {
 				if !(callbackIsInit != 0) {
 					nCol = Xsqlite3_column_count(tls, *(*uintptr)(unsafe.Pointer(bp + 8)))
-					azCols = _sqlite3DbMallocRaw(tls, db, uint64(libc.Uint64FromInt32(libc.Int32FromInt32(2)*nCol+libc.Int32FromInt32(1))*uint64(8)))
+					azCols = _sqlite3DbMallocRaw(tls, db, libc.Uint64FromInt32(libc.Int32FromInt32(2)*nCol+libc.Int32FromInt32(1))*uint64(8))
 					if azCols == uintptr(0) {
 						goto exec_out
 					}
@@ -113148,7 +113148,7 @@ func _sqlite3LoadExtension(tls *libc.TLS, db uintptr, zFile uintptr, zProc uintp
 	pVfs = (*Tsqlite3)(unsafe.Pointer(db)).FpVfs
 	*(*uintptr)(unsafe.Pointer(bp)) = uintptr(0)
 	zAltEntry = uintptr(0)
-	nMsg = uint64(libc.Xstrlen(tls, zFile))
+	nMsg = libc.Xstrlen(tls, zFile)
 	if pzErrMsg != 0 {
 		*(*uintptr)(unsafe.Pointer(pzErrMsg)) = uintptr(0)
 	}
@@ -113197,7 +113197,7 @@ func _sqlite3LoadExtension(tls *libc.TLS, db uintptr, zFile uintptr, zProc uintp
 		if zAltFile == uintptr(0) {
 			return int32(SQLITE_NOMEM)
 		}
-		if nMsg+uint64(libc.Xstrlen(tls, _azEndings[ii]))+uint64(1) <= uint64(FILENAME_MAX) {
+		if nMsg+libc.Xstrlen(tls, _azEndings[ii])+uint64(1) <= uint64(FILENAME_MAX) {
 			handle = _sqlite3OsDlOpen(tls, pVfs, zAltFile)
 		}
 		Xsqlite3_free(tls, zAltFile)
@@ -113266,7 +113266,7 @@ func _sqlite3LoadExtension(tls *libc.TLS, db uintptr, zFile uintptr, zProc uintp
 	}
 	if xInit == uintptr(0) {
 		if pzErrMsg != 0 {
-			nMsg += uint64(libc.Xstrlen(tls, zEntry) + uint64(300))
+			nMsg += libc.Xstrlen(tls, zEntry) + uint64(300)
 			v7 = Xsqlite3_malloc64(tls, nMsg)
 			*(*uintptr)(unsafe.Pointer(bp)) = v7
 			*(*uintptr)(unsafe.Pointer(pzErrMsg)) = v7
@@ -113294,7 +113294,7 @@ func _sqlite3LoadExtension(tls *libc.TLS, db uintptr, zFile uintptr, zProc uintp
 		return int32(SQLITE_ERROR)
 	}
 	/* Append the new shared library handle to the db->aExtension array. */
-	aHandle = _sqlite3DbMallocZero(tls, db, uint64(uint64(8)*libc.Uint64FromInt32((*Tsqlite3)(unsafe.Pointer(db)).FnExtension+libc.Int32FromInt32(1))))
+	aHandle = _sqlite3DbMallocZero(tls, db, uint64(8)*libc.Uint64FromInt32((*Tsqlite3)(unsafe.Pointer(db)).FnExtension+libc.Int32FromInt32(1)))
 	if aHandle == uintptr(0) {
 		return int32(SQLITE_NOMEM)
 	}
@@ -115889,7 +115889,7 @@ func _sqlite3Pragma(tls *libc.TLS, pParse uintptr, pId1 uintptr, pId2 uintptr, p
 			if pObjTab != 0 {
 				cnt++
 			}
-			aRoot = _sqlite3DbMallocRawNN(tls, db, uint64(uint64(4)*libc.Uint64FromInt32(cnt+libc.Int32FromInt32(1))))
+			aRoot = _sqlite3DbMallocRawNN(tls, db, uint64(4)*libc.Uint64FromInt32(cnt+libc.Int32FromInt32(1)))
 			if aRoot == uintptr(0) {
 				break
 			}
@@ -120100,7 +120100,7 @@ func _sqlite3KeyInfoAlloc(tls *libc.TLS, db uintptr, N int32, X int32) (r uintpt
 	var p uintptr
 	_, _ = nExtra, p
 	nExtra = libc.Int32FromUint64(libc.Uint64FromInt32(N+X)*(libc.Uint64FromInt64(8)+libc.Uint64FromInt32(1)) - uint64(8))
-	p = _sqlite3DbMallocRawNN(tls, db, uint64(uint64(40)+libc.Uint64FromInt32(nExtra)))
+	p = _sqlite3DbMallocRawNN(tls, db, uint64(40)+libc.Uint64FromInt32(nExtra))
 	if p != 0 {
 		(*TKeyInfo)(unsafe.Pointer(p)).FaSortFlags = p + 32 + uintptr(N+X)*8
 		(*TKeyInfo)(unsafe.Pointer(p)).FnKeyField = libc.Uint16FromInt32(N)
@@ -120721,7 +120721,7 @@ func _sqlite3ColumnsFromExprList(tls *libc.TLS, pParse uintptr, pEList uintptr,
 	_sqlite3HashInit(tls, bp+8)
 	if pEList != 0 {
 		nCol = (*TExprList)(unsafe.Pointer(pEList)).FnExpr
-		aCol = _sqlite3DbMallocZero(tls, db, uint64(uint64(16)*libc.Uint64FromInt32(nCol)))
+		aCol = _sqlite3DbMallocZero(tls, db, uint64(16)*libc.Uint64FromInt32(nCol))
 		if nCol > int32(32767) {
 			nCol = int32(32767)
 		}
@@ -122093,7 +122093,7 @@ func _multiSelectOrderBy(tls *libc.TLS, pParse uintptr, p uintptr, pDest uintptr
 	 ** to the right and the left are evaluated, they use the correct
 	 ** collation.
 	 */
-	aPermute = _sqlite3DbMallocRawNN(tls, db, uint64(uint64(4)*libc.Uint64FromInt32(nOrderBy+libc.Int32FromInt32(1))))
+	aPermute = _sqlite3DbMallocRawNN(tls, db, uint64(4)*libc.Uint64FromInt32(nOrderBy+libc.Int32FromInt32(1)))
 	if aPermute != 0 {
 		*(*Tu32)(unsafe.Pointer(aPermute)) = libc.Uint32FromInt32(nOrderBy)
 		i = int32(1)
@@ -123464,7 +123464,7 @@ func _constInsert(tls *libc.TLS, pConst uintptr, pColumn uintptr, pValue uintptr
 		(*TWhereConst)(unsafe.Pointer(pConst)).FbHasAffBlob = int32(1)
 	}
 	(*TWhereConst)(unsafe.Pointer(pConst)).FnConst++
-	(*TWhereConst)(unsafe.Pointer(pConst)).FapExpr = _sqlite3DbReallocOrFree(tls, (*TParse)(unsafe.Pointer((*TWhereConst)(unsafe.Pointer(pConst)).FpParse)).Fdb, (*TWhereConst)(unsafe.Pointer(pConst)).FapExpr, uint64(libc.Uint64FromInt32((*TWhereConst)(unsafe.Pointer(pConst)).FnConst*int32(2))*uint64(8)))
+	(*TWhereConst)(unsafe.Pointer(pConst)).FapExpr = _sqlite3DbReallocOrFree(tls, (*TParse)(unsafe.Pointer((*TWhereConst)(unsafe.Pointer(pConst)).FpParse)).Fdb, (*TWhereConst)(unsafe.Pointer(pConst)).FapExpr, libc.Uint64FromInt32((*TWhereConst)(unsafe.Pointer(pConst)).FnConst*int32(2))*uint64(8))
 	if (*TWhereConst)(unsafe.Pointer(pConst)).FapExpr == uintptr(0) {
 		(*TWhereConst)(unsafe.Pointer(pConst)).FnConst = 0
 	} else {
@@ -129563,7 +129563,7 @@ func _sqlite3Update(tls *libc.TLS, pParse uintptr, pTabList uintptr, pChanges ui
 	/* Allocate space for aXRef[], aRegIdx[], and aToOpen[].
 	 ** Initialize aXRef[] and aToOpen[] to their default values.
 	 */
-	aXRef = _sqlite3DbMallocRawNN(tls, db, uint64(uint64(4)*libc.Uint64FromInt32(int32((*TTable)(unsafe.Pointer(pTab)).FnCol)+nIdx+libc.Int32FromInt32(1))+libc.Uint64FromInt32(nIdx)+uint64(2)))
+	aXRef = _sqlite3DbMallocRawNN(tls, db, uint64(4)*libc.Uint64FromInt32(int32((*TTable)(unsafe.Pointer(pTab)).FnCol)+nIdx+libc.Int32FromInt32(1))+libc.Uint64FromInt32(nIdx)+uint64(2))
 	if aXRef == uintptr(0) {
 		goto update_cleanup
 	}
@@ -131364,7 +131364,7 @@ func _sqlite3VtabCreateModule(tls *libc.TLS, db uintptr, zName uintptr, pModule
 		pMod = uintptr(0)
 	} else {
 		nName = _sqlite3Strlen30(tls, zName)
-		pMod = _sqlite3Malloc(tls, uint64(uint64(48)+libc.Uint64FromInt32(nName)+uint64(1)))
+		pMod = _sqlite3Malloc(tls, uint64(48)+libc.Uint64FromInt32(nName)+uint64(1))
 		if pMod == uintptr(0) {
 			_sqlite3OomFault(tls, db)
 			return uintptr(0)
@@ -132700,7 +132700,7 @@ func _sqlite3VtabOverloadFunction(tls *libc.TLS, db uintptr, pDef uintptr, nArg
 	}
 	/* Create a new ephemeral function definition for the overloaded
 	 ** function */
-	pNew = _sqlite3DbMallocZero(tls, db, uint64(uint64(72)+libc.Uint64FromInt32(_sqlite3Strlen30(tls, (*TFuncDef)(unsafe.Pointer(pDef)).FzName))+uint64(1)))
+	pNew = _sqlite3DbMallocZero(tls, db, uint64(72)+libc.Uint64FromInt32(_sqlite3Strlen30(tls, (*TFuncDef)(unsafe.Pointer(pDef)).FzName))+uint64(1))
 	if pNew == uintptr(0) {
 		return pDef
 	}
@@ -134401,7 +134401,7 @@ func _codeINTerm(tls *libc.TLS, pParse uintptr, pTerm uintptr, pLevel uintptr, i
 			db = (*TParse)(unsafe.Pointer(pParse)).Fdb
 			pX = _removeUnindexableInClauseTerms(tls, pParse, iEq, pLoop, pX)
 			if !((*Tsqlite3)(unsafe.Pointer(db)).FmallocFailed != 0) {
-				aiMap = _sqlite3DbMallocZero(tls, (*TParse)(unsafe.Pointer(pParse)).Fdb, uint64(uint64(4)*libc.Uint64FromInt32(nEq)))
+				aiMap = _sqlite3DbMallocZero(tls, (*TParse)(unsafe.Pointer(pParse)).Fdb, uint64(4)*libc.Uint64FromInt32(nEq))
 				eType = _sqlite3FindInIndex(tls, pParse, pX, uint32(IN_INDEX_LOOP), uintptr(0), aiMap, bp)
 				(*TExpr)(unsafe.Pointer(pExpr)).FiTable = *(*int32)(unsafe.Pointer(bp))
 			}
@@ -134413,7 +134413,7 @@ func _codeINTerm(tls *libc.TLS, pParse uintptr, pTerm uintptr, pLevel uintptr, i
 			} else {
 				v3 = n
 			}
-			aiMap = _sqlite3DbMallocZero(tls, (*TParse)(unsafe.Pointer(pParse)).Fdb, uint64(uint64(4)*libc.Uint64FromInt32(v3)))
+			aiMap = _sqlite3DbMallocZero(tls, (*TParse)(unsafe.Pointer(pParse)).Fdb, uint64(4)*libc.Uint64FromInt32(v3))
 			eType = _sqlite3FindInIndex(tls, pParse, pX, uint32(IN_INDEX_LOOP), uintptr(0), aiMap, bp)
 		}
 		pX = pExpr
@@ -134451,10 +134451,10 @@ func _codeINTerm(tls *libc.TLS, pParse uintptr, pTerm uintptr, pLevel uintptr, i
 	})(unsafe.Pointer(pLevel + 72))).FaInLoop = _sqlite3WhereRealloc(tls, (*TWhereClause)(unsafe.Pointer((*TWhereTerm)(unsafe.Pointer(pTerm)).FpWC)).FpWInfo, (*(*struct {
 		FnIn     int32
 		FaInLoop uintptr
-	})(unsafe.Pointer(pLevel + 72))).FaInLoop, uint64(uint64(20)*libc.Uint64FromInt32((*(*struct {
+	})(unsafe.Pointer(pLevel + 72))).FaInLoop, uint64(20)*libc.Uint64FromInt32((*(*struct {
 		FnIn     int32
 		FaInLoop uintptr
-	})(unsafe.Pointer(pLevel + 72))).FnIn)))
+	})(unsafe.Pointer(pLevel + 72))).FnIn))
 	pIn = (*(*struct {
 		FnIn     int32
 		FaInLoop uintptr
@@ -134774,7 +134774,7 @@ func _codeDeferredSeek(tls *libc.TLS, pWInfo uintptr, pIdx uintptr, iCur int32,
 	}
 	if v2 && (*TParse)(unsafe.Pointer(v1)).FwriteMask == uint32(0) {
 		pTab = (*TIndex)(unsafe.Pointer(pIdx)).FpTable
-		ai = _sqlite3DbMallocZero(tls, (*TParse)(unsafe.Pointer(pParse)).Fdb, uint64(uint64(4)*libc.Uint64FromInt32(int32((*TTable)(unsafe.Pointer(pTab)).FnCol)+libc.Int32FromInt32(1))))
+		ai = _sqlite3DbMallocZero(tls, (*TParse)(unsafe.Pointer(pParse)).Fdb, uint64(4)*libc.Uint64FromInt32(int32((*TTable)(unsafe.Pointer(pTab)).FnCol)+libc.Int32FromInt32(1)))
 		if ai != 0 {
 			*(*Tu32)(unsafe.Pointer(ai)) = libc.Uint32FromInt16((*TTable)(unsafe.Pointer(pTab)).FnCol)
 			i = 0
@@ -135800,7 +135800,7 @@ func _sqlite3WhereCodeOneLoopStart(tls *libc.TLS, pParse uintptr, v uintptr, pWI
 							 */
 							if libc.Int32FromUint8((*TWhereInfo)(unsafe.Pointer(pWInfo)).FnLevel) > int32(1) { /* Original list of tables */
 								nNotReady = libc.Int32FromUint8((*TWhereInfo)(unsafe.Pointer(pWInfo)).FnLevel) - iLevel - int32(1)
-								pOrTab = _sqlite3DbMallocRawNN(tls, db, uint64(uint64(88)+libc.Uint64FromInt32(nNotReady)*uint64(80)))
+								pOrTab = _sqlite3DbMallocRawNN(tls, db, uint64(88)+libc.Uint64FromInt32(nNotReady)*uint64(80))
 								if pOrTab == uintptr(0) {
 									return notReady
 								}
@@ -136585,7 +136585,7 @@ func _whereClauseInsert(tls *libc.TLS, pWC uintptr, p uintptr, wtFlags Tu16) (r
 	if (*TWhereClause)(unsafe.Pointer(pWC)).FnTerm >= (*TWhereClause)(unsafe.Pointer(pWC)).FnSlot {
 		pOld = (*TWhereClause)(unsafe.Pointer(pWC)).Fa
 		db = (*TParse)(unsafe.Pointer((*TWhereInfo)(unsafe.Pointer((*TWhereClause)(unsafe.Pointer(pWC)).FpWInfo)).FpParse)).Fdb
-		(*TWhereClause)(unsafe.Pointer(pWC)).Fa = _sqlite3WhereMalloc(tls, (*TWhereClause)(unsafe.Pointer(pWC)).FpWInfo, uint64(uint64(56)*libc.Uint64FromInt32((*TWhereClause)(unsafe.Pointer(pWC)).FnSlot)*uint64(2)))
+		(*TWhereClause)(unsafe.Pointer(pWC)).Fa = _sqlite3WhereMalloc(tls, (*TWhereClause)(unsafe.Pointer(pWC)).FpWInfo, uint64(56)*libc.Uint64FromInt32((*TWhereClause)(unsafe.Pointer(pWC)).FnSlot)*uint64(2))
 		if (*TWhereClause)(unsafe.Pointer(pWC)).Fa == uintptr(0) {
 			if libc.Int32FromUint16(wtFlags)&int32(TERM_DYNAMIC) != 0 {
 				_sqlite3ExprDelete(tls, db, p)
@@ -140195,7 +140195,7 @@ func _allocateIndexInfo(tls *libc.TLS, pWInfo uintptr, pWC uintptr, mUnusable TB
 	}
 	/* Allocate the sqlite3_index_info structure
 	 */
-	pIdxInfo = _sqlite3DbMallocZero(tls, (*TParse)(unsafe.Pointer(pParse)).Fdb, uint64(uint64(96)+(libc.Uint64FromInt64(12)+libc.Uint64FromInt64(8))*libc.Uint64FromInt32(nTerm)+uint64(8)*libc.Uint64FromInt32(nOrderBy)+uint64(40)+uint64(8)*libc.Uint64FromInt32(nTerm)))
+	pIdxInfo = _sqlite3DbMallocZero(tls, (*TParse)(unsafe.Pointer(pParse)).Fdb, uint64(96)+(libc.Uint64FromInt64(12)+libc.Uint64FromInt64(8))*libc.Uint64FromInt32(nTerm)+uint64(8)*libc.Uint64FromInt32(nOrderBy)+uint64(40)+uint64(8)*libc.Uint64FromInt32(nTerm))
 	if pIdxInfo == uintptr(0) {
 		_sqlite3ErrorMsg(tls, pParse, __ccgo_ts+1637, 0)
 		return uintptr(0)
@@ -141195,7 +141195,7 @@ func _whereLoopResize(tls *libc.TLS, db uintptr, p uintptr, n int32) (r int32) {
 		return SQLITE_OK
 	}
 	n = (n + int32(7)) & ^libc.Int32FromInt32(7)
-	paNew = _sqlite3DbMallocRawNN(tls, db, uint64(uint64(8)*libc.Uint64FromInt32(n)))
+	paNew = _sqlite3DbMallocRawNN(tls, db, uint64(8)*libc.Uint64FromInt32(n))
 	if paNew == uintptr(0) {
 		return int32(SQLITE_NOMEM)
 	}
@@ -145883,7 +145883,7 @@ func _sqlite3WhereBegin(tls *libc.TLS, pParse uintptr, pTabList uintptr, pWhere
 	if nTabList > int32(1) {
 		nByteWInfo = libc.Int32FromUint64(libc.Uint64FromInt32(nByteWInfo) + libc.Uint64FromInt32(nTabList-libc.Int32FromInt32(1))*libc.Uint64FromInt64(104))
 	}
-	pWInfo = _sqlite3DbMallocRawNN(tls, db, uint64(libc.Uint64FromInt32(nByteWInfo)+uint64(104)))
+	pWInfo = _sqlite3DbMallocRawNN(tls, db, libc.Uint64FromInt32(nByteWInfo)+uint64(104))
 	if (*Tsqlite3)(unsafe.Pointer(db)).FmallocFailed != 0 {
 		_sqlite3DbFree(tls, db, pWInfo)
 		pWInfo = uintptr(0)
@@ -156953,13 +156953,13 @@ func _yyGrowStack(tls *libc.TLS, p uintptr) (r int32) {
 	newSize = oldSize*int32(2) + int32(100)
 	idx = int32((int64((*TyyParser)(unsafe.Pointer(p)).Fyytos) - int64((*TyyParser)(unsafe.Pointer(p)).Fyystack)) / 24)
 	if (*TyyParser)(unsafe.Pointer(p)).Fyystack == p+32 {
-		pNew = _parserStackRealloc(tls, uintptr(0), uint64(libc.Uint64FromInt32(newSize)*uint64(24)))
+		pNew = _parserStackRealloc(tls, uintptr(0), libc.Uint64FromInt32(newSize)*uint64(24))
 		if pNew == uintptr(0) {
 			return int32(1)
 		}
 		libc.Xmemcpy(tls, pNew, (*TyyParser)(unsafe.Pointer(p)).Fyystack, libc.Uint64FromInt32(oldSize)*uint64(24))
 	} else {
-		pNew = _parserStackRealloc(tls, (*TyyParser)(unsafe.Pointer(p)).Fyystack, uint64(libc.Uint64FromInt32(newSize)*uint64(24)))
+		pNew = _parserStackRealloc(tls, (*TyyParser)(unsafe.Pointer(p)).Fyystack, libc.Uint64FromInt32(newSize)*uint64(24))
 		if pNew == uintptr(0) {
 			return int32(1)
 		}
@@ -167673,7 +167673,7 @@ func Xsqlite3_create_filename(tls *libc.TLS, zDatabase uintptr, zJournal uintptr
 		if !(i < nParam*int32(2)) {
 			break
 		}
-		nByte = Tsqlite3_int64(uint64(nByte) + uint64(libc.Xstrlen(tls, *(*uintptr)(unsafe.Pointer(azParam + uintptr(i)*8)))+libc.Uint64FromInt32(1)))
+		nByte = Tsqlite3_int64(uint64(nByte) + (libc.Xstrlen(tls, *(*uintptr)(unsafe.Pointer(azParam + uintptr(i)*8))) + libc.Uint64FromInt32(1)))
 		goto _1
 	_1:
 		;
@@ -168366,7 +168366,7 @@ func _sqlite3ConnectionUnlocked(tls *libc.TLS, db uintptr) {
 			_sqlite3BeginBenignMalloc(tls)
 			if !(aDyn != 0) && nArg == libc.Int32FromUint64(libc.Uint64FromInt64(128)/libc.Uint64FromInt64(8)) || aDyn != 0 && nArg == libc.Int32FromUint64(libc.Uint64FromInt32(_sqlite3MallocSize(tls, aDyn))/libc.Uint64FromInt64(8)) {
 				/* The aArg[] array needs to grow. */
-				pNew = _sqlite3Malloc(tls, uint64(libc.Uint64FromInt32(nArg)*uint64(8)*uint64(2)))
+				pNew = _sqlite3Malloc(tls, libc.Uint64FromInt32(nArg)*uint64(8)*uint64(2))
 				if pNew != 0 {
 					libc.Xmemcpy(tls, pNew, aArg, libc.Uint64FromInt32(nArg)*uint64(8))
 					Xsqlite3_free(tls, aDyn)
@@ -176420,7 +176420,7 @@ func _writeInt64(tls *libc.TLS, p uintptr, _i Ti64) (r int32) {
 	bp := tls.Alloc(16)
 	defer tls.Free(16)
 	*(*Ti64)(unsafe.Pointer(bp)) = _i
-	*(*Ti64)(unsafe.Pointer(bp)) = libc.Int64FromUint64(libc.X__builtin_bswap64(tls, uint64(libc.Uint64FromInt64(*(*Ti64)(unsafe.Pointer(bp))))))
+	*(*Ti64)(unsafe.Pointer(bp)) = libc.Int64FromUint64(libc.X__builtin_bswap64(tls, libc.Uint64FromInt64(*(*Ti64)(unsafe.Pointer(bp)))))
 	libc.Xmemcpy(tls, p, bp, uint64(8))
 	return int32(8)
 }
@@ -176526,7 +176526,7 @@ func _nodeHashDelete(tls *libc.TLS, pRtree uintptr, pNode uintptr) {
 func _nodeNew(tls *libc.TLS, pRtree uintptr, pParent uintptr) (r uintptr) {
 	var pNode uintptr
 	_ = pNode
-	pNode = Xsqlite3_malloc64(tls, uint64(uint64(40)+libc.Uint64FromInt32((*TRtree)(unsafe.Pointer(pRtree)).FiNodeSize)))
+	pNode = Xsqlite3_malloc64(tls, uint64(40)+libc.Uint64FromInt32((*TRtree)(unsafe.Pointer(pRtree)).FiNodeSize))
 	if pNode != 0 {
 		libc.Xmemset(tls, pNode, 0, uint64(40)+libc.Uint64FromInt32((*TRtree)(unsafe.Pointer(pRtree)).FiNodeSize))
 		(*TRtreeNode)(unsafe.Pointer(pNode)).FzData = pNode + 1*40
@@ -176600,7 +176600,7 @@ func _nodeAcquire(tls *libc.TLS, pRtree uintptr, iNode Ti64, pParent uintptr, pp
 		}
 	} else {
 		if (*TRtree)(unsafe.Pointer(pRtree)).FiNodeSize == Xsqlite3_blob_bytes(tls, (*TRtree)(unsafe.Pointer(pRtree)).FpNodeBlob) {
-			pNode = Xsqlite3_malloc64(tls, uint64(uint64(40)+libc.Uint64FromInt32((*TRtree)(unsafe.Pointer(pRtree)).FiNodeSize)))
+			pNode = Xsqlite3_malloc64(tls, uint64(40)+libc.Uint64FromInt32((*TRtree)(unsafe.Pointer(pRtree)).FiNodeSize))
 			if !(pNode != 0) {
 				rc = int32(SQLITE_NOMEM)
 			} else {
@@ -177431,7 +177431,7 @@ func _rtreeEnqueue(tls *libc.TLS, pCur uintptr, rScore TRtreeDValue, iLevel Tu8)
 	_, _, _, _, _, _, _ = i, j, nNew, pNew, pParent, v1, v2
 	if (*TRtreeCursor)(unsafe.Pointer(pCur)).FnPoint >= (*TRtreeCursor)(unsafe.Pointer(pCur)).FnPointAlloc {
 		nNew = (*TRtreeCursor)(unsafe.Pointer(pCur)).FnPointAlloc*int32(2) + int32(8)
-		pNew = Xsqlite3_realloc64(tls, (*TRtreeCursor)(unsafe.Pointer(pCur)).FaPoint, uint64(libc.Uint64FromInt32(nNew)*uint64(24)))
+		pNew = Xsqlite3_realloc64(tls, (*TRtreeCursor)(unsafe.Pointer(pCur)).FaPoint, libc.Uint64FromInt32(nNew)*uint64(24))
 		if pNew == uintptr(0) {
 			return uintptr(0)
 		}
@@ -177889,7 +177889,7 @@ func _rtreeFilter(tls *libc.TLS, pVtabCursor uintptr, idxNum int32, idxStr uintp
 		 */
 		rc = _nodeAcquire(tls, pRtree, int64(1), uintptr(0), bp)
 		if rc == SQLITE_OK && argc > 0 {
-			(*TRtreeCursor)(unsafe.Pointer(pCsr)).FaConstraint = Xsqlite3_malloc64(tls, uint64(uint64(24)*libc.Uint64FromInt32(argc)))
+			(*TRtreeCursor)(unsafe.Pointer(pCsr)).FaConstraint = Xsqlite3_malloc64(tls, uint64(24)*libc.Uint64FromInt32(argc))
 			(*TRtreeCursor)(unsafe.Pointer(pCsr)).FnConstraint = argc
 			if !((*TRtreeCursor)(unsafe.Pointer(pCsr)).FaConstraint != 0) {
 				rc = int32(SQLITE_NOMEM)
@@ -178788,7 +178788,7 @@ func _SplitNode(tls *libc.TLS, pRtree uintptr, pNode uintptr, pCell uintptr, iHe
 	/* Allocate an array and populate it with a copy of pCell and
 	 ** all cells from node pLeft. Then zero the original node.
 	 */
-	aCell = Xsqlite3_malloc64(tls, uint64((libc.Uint64FromInt64(48)+libc.Uint64FromInt64(4))*libc.Uint64FromInt32(nCell+libc.Int32FromInt32(1))))
+	aCell = Xsqlite3_malloc64(tls, (libc.Uint64FromInt64(48)+libc.Uint64FromInt64(4))*libc.Uint64FromInt32(nCell+libc.Int32FromInt32(1)))
 	if !(aCell != 0) {
 		rc = int32(SQLITE_NOMEM)
 		goto splitnode_out
@@ -179977,7 +179977,7 @@ func _rtreeInit(tls *libc.TLS, db uintptr, pAux uintptr, argc int32, argv uintpt
 	/* Allocate the sqlite3_vtab structure */
 	nDb = libc.Int32FromUint64(libc.Xstrlen(tls, *(*uintptr)(unsafe.Pointer(argv + 1*8))))
 	nName = libc.Int32FromUint64(libc.Xstrlen(tls, *(*uintptr)(unsafe.Pointer(argv + 2*8))))
-	pRtree = Xsqlite3_malloc64(tls, uint64(uint64(968)+libc.Uint64FromInt32(nDb)+libc.Uint64FromInt32(nName*int32(2))+uint64(8)))
+	pRtree = Xsqlite3_malloc64(tls, uint64(968)+libc.Uint64FromInt32(nDb)+libc.Uint64FromInt32(nName*int32(2))+uint64(8))
 	if !(pRtree != 0) {
 		return int32(SQLITE_NOMEM)
 	}
@@ -180990,7 +180990,7 @@ func _geopolyParseJson(tls *libc.TLS, z uintptr, pRc uintptr) (r uintptr) {
 			(*(*TGeoParse)(unsafe.Pointer(bp))).Fz++
 			if (*(*TGeoParse)(unsafe.Pointer(bp))).FnVertex >= (*(*TGeoParse)(unsafe.Pointer(bp))).FnAlloc {
 				(*(*TGeoParse)(unsafe.Pointer(bp))).FnAlloc = (*(*TGeoParse)(unsafe.Pointer(bp))).FnAlloc*int32(2) + int32(16)
-				aNew = Xsqlite3_realloc64(tls, (*(*TGeoParse)(unsafe.Pointer(bp))).Fa, uint64(libc.Uint64FromInt32((*(*TGeoParse)(unsafe.Pointer(bp))).FnAlloc)*uint64(4)*uint64(2)))
+				aNew = Xsqlite3_realloc64(tls, (*(*TGeoParse)(unsafe.Pointer(bp))).Fa, libc.Uint64FromInt32((*(*TGeoParse)(unsafe.Pointer(bp))).FnAlloc)*uint64(4)*uint64(2))
 				if aNew == uintptr(0) {
 					rc = int32(SQLITE_NOMEM)
 					(*(*TGeoParse)(unsafe.Pointer(bp))).FnErr++
@@ -181035,7 +181035,7 @@ func _geopolyParseJson(tls *libc.TLS, z uintptr, pRc uintptr) (r uintptr) {
 		if v2 && libc.Int32FromUint8(_geopolySkipSpace(tls, bp)) == libc.Int32FromInt32(0) {
 			*(*int32)(unsafe.Pointer(bp + 32)) = int32(1)
 			(*(*TGeoParse)(unsafe.Pointer(bp))).FnVertex-- /* Remove the redundant vertex at the end */
-			pOut = Xsqlite3_malloc64(tls, libc.Uint64FromInt64(40)+uint64(libc.Uint64FromInt64(4)*libc.Uint64FromInt32(2))*libc.Uint64FromInt64(int64((*(*TGeoParse)(unsafe.Pointer(bp))).FnVertex)-libc.Int64FromInt32(4)))
+			pOut = Xsqlite3_malloc64(tls, libc.Uint64FromInt64(40)+libc.Uint64FromInt64(4)*libc.Uint64FromInt32(2)*libc.Uint64FromInt64(int64((*(*TGeoParse)(unsafe.Pointer(bp))).FnVertex)-libc.Int64FromInt32(4)))
 			*(*int32)(unsafe.Pointer(bp + 32)) = int32(1)
 			if pOut == uintptr(0) {
 				goto parse_json_err
@@ -181097,7 +181097,7 @@ func _geopolyFuncParam(tls *libc.TLS, pCtx uintptr, pVal uintptr, pRc uintptr) (
 		}
 		nVertex = libc.Int32FromUint8(*(*uint8)(unsafe.Pointer(a + 1)))<<int32(16) + libc.Int32FromUint8(*(*uint8)(unsafe.Pointer(a + 2)))<<int32(8) + libc.Int32FromUint8(*(*uint8)(unsafe.Pointer(a + 3)))
 		if (libc.Int32FromUint8(*(*uint8)(unsafe.Pointer(a))) == 0 || libc.Int32FromUint8(*(*uint8)(unsafe.Pointer(a))) == int32(1)) && libc.Uint64FromInt32(nVertex*int32(2))*uint64(4)+uint64(4) == uint64(libc.Uint32FromInt32(nByte)) {
-			p = Xsqlite3_malloc64(tls, uint64(uint64(40)+libc.Uint64FromInt32((nVertex-int32(1))*int32(2))*uint64(4)))
+			p = Xsqlite3_malloc64(tls, uint64(40)+libc.Uint64FromInt32((nVertex-int32(1))*int32(2))*uint64(4))
 			if p == uintptr(0) {
 				if pRc != 0 {
 					*(*int32)(unsafe.Pointer(pRc)) = int32(SQLITE_NOMEM)
@@ -181465,7 +181465,7 @@ func _geopolyRegularFunc(tls *libc.TLS, context uintptr, argc int32, argv uintpt
 	if n > int32(1000) {
 		n = int32(1000)
 	}
-	p = Xsqlite3_malloc64(tls, uint64(uint64(40)+libc.Uint64FromInt32((n-int32(1))*int32(2))*uint64(4)))
+	p = Xsqlite3_malloc64(tls, uint64(40)+libc.Uint64FromInt32((n-int32(1))*int32(2))*uint64(4))
 	if p == uintptr(0) {
 		Xsqlite3_result_error_nomem(tls, context)
 		return
@@ -181567,7 +181567,7 @@ func _geopolyBBox(tls *libc.TLS, context uintptr, pPoly uintptr, aCoord uintptr,
 	goto geopolyBboxFill
 geopolyBboxFill:
 	;
-	pOut = Xsqlite3_realloc64(tls, p, uint64(libc.Uint64FromInt64(40)+libc.Uint64FromInt64(4)*libc.Uint64FromInt32(2)*libc.Uint64FromInt32(libc.Int32FromInt32(4)-libc.Int32FromInt32(4))))
+	pOut = Xsqlite3_realloc64(tls, p, libc.Uint64FromInt64(40)+libc.Uint64FromInt64(4)*libc.Uint64FromInt32(2)*libc.Uint64FromInt32(libc.Int32FromInt32(4)-libc.Int32FromInt32(4)))
 	if pOut == uintptr(0) {
 		Xsqlite3_free(tls, p)
 		if context != 0 {
@@ -182376,7 +182376,7 @@ func _geopolyInit(tls *libc.TLS, db uintptr, pAux uintptr, argc int32, argv uint
 	if !(pRtree != 0) {
 		return int32(SQLITE_NOMEM)
 	}
-	libc.Xmemset(tls, pRtree, 0, uint64(uint64(968)+libc.Uint64FromInt64(nDb)+libc.Uint64FromInt64(nName*int64(2))+uint64(8)))
+	libc.Xmemset(tls, pRtree, 0, uint64(968)+libc.Uint64FromInt64(nDb)+libc.Uint64FromInt64(nName*int64(2))+uint64(8))
 	(*TRtree)(unsafe.Pointer(pRtree)).FnBusy = uint32(1)
 	(*TRtree)(unsafe.Pointer(pRtree)).Fbase.FpModule = uintptr(unsafe.Pointer(&_rtreeModule))
 	(*TRtree)(unsafe.Pointer(pRtree)).FzDb = pRtree + 1*968
@@ -186944,7 +186944,7 @@ func _rbuCaptureWalRead(tls *libc.TLS, pRbu uintptr, iOff Ti64, iAmt int32) (r i
 			v1 = int32(64)
 		}
 		nNew = v1 * int32(2)
-		aNew = Xsqlite3_realloc64(tls, (*Tsqlite3rbu)(unsafe.Pointer(pRbu)).FaFrame, uint64(libc.Uint64FromInt32(nNew)*uint64(8)))
+		aNew = Xsqlite3_realloc64(tls, (*Tsqlite3rbu)(unsafe.Pointer(pRbu)).FaFrame, libc.Uint64FromInt32(nNew)*uint64(8))
 		if aNew == uintptr(0) {
 			return int32(SQLITE_NOMEM)
 		}
@@ -189878,7 +189878,7 @@ func _statDecodePage(tls *libc.TLS, pBt uintptr, p uintptr) (r int32) {
 		_sqlite3BtreeEnter(tls, pBt)
 		nUsable = szPage - _sqlite3BtreeGetReserveNoMutex(tls, pBt)
 		_sqlite3BtreeLeave(tls, pBt)
-		(*TStatPage)(unsafe.Pointer(p)).FaCell = Xsqlite3_malloc64(tls, uint64(libc.Uint64FromInt32((*TStatPage)(unsafe.Pointer(p)).FnCell+libc.Int32FromInt32(1))*uint64(32)))
+		(*TStatPage)(unsafe.Pointer(p)).FaCell = Xsqlite3_malloc64(tls, libc.Uint64FromInt32((*TStatPage)(unsafe.Pointer(p)).FnCell+libc.Int32FromInt32(1))*uint64(32))
 		if (*TStatPage)(unsafe.Pointer(p)).FaCell == uintptr(0) {
 			return int32(SQLITE_NOMEM)
 		}
@@ -189925,7 +189925,7 @@ func _statDecodePage(tls *libc.TLS, pBt uintptr, p uintptr) (r int32) {
 					}
 					(*TStatCell)(unsafe.Pointer(pCell)).FnLastOvfl = libc.Int32FromUint32(*(*Tu32)(unsafe.Pointer(bp)) - libc.Uint32FromInt32(nLocal) - libc.Uint32FromInt32((nOvfl-int32(1))*(nUsable-int32(4))))
 					(*TStatCell)(unsafe.Pointer(pCell)).FnOvfl = nOvfl
-					(*TStatCell)(unsafe.Pointer(pCell)).FaOvfl = Xsqlite3_malloc64(tls, uint64(uint64(4)*libc.Uint64FromInt32(nOvfl)))
+					(*TStatCell)(unsafe.Pointer(pCell)).FaOvfl = Xsqlite3_malloc64(tls, uint64(4)*libc.Uint64FromInt32(nOvfl))
 					if (*TStatCell)(unsafe.Pointer(pCell)).FaOvfl == uintptr(0) {
 						return int32(SQLITE_NOMEM)
 					}
@@ -191555,7 +191555,7 @@ func _sessionGrowHash(tls *libc.TLS, pSession uintptr, bPatchset int32, pTab uin
 			}
 			return SQLITE_OK
 		}
-		libc.Xmemset(tls, apNew, 0, uint64(uint64(8)*libc.Uint64FromInt64(nNew)))
+		libc.Xmemset(tls, apNew, 0, uint64(8)*libc.Uint64FromInt64(nNew))
 		i = 0
 		for {
 			if !(i < (*TSessionTable)(unsafe.Pointer(pTab)).FnChange) {
@@ -191687,10 +191687,10 @@ func _sessionTableInfo(tls *libc.TLS, pSession uintptr, db uintptr, zDb uintptr,
 		bRowid = 0
 	}
 	nDbCol += bRowid
-	nByte = Tsqlite3_int64(uint64(nByte) + uint64(libc.Xstrlen(tls, __ccgo_ts+29902)))
+	nByte = Tsqlite3_int64(uint64(nByte) + libc.Xstrlen(tls, __ccgo_ts+29902))
 	rc = Xsqlite3_reset(tls, *(*uintptr)(unsafe.Pointer(bp)))
 	if rc == SQLITE_OK {
-		nByte = Tsqlite3_int64(uint64(nByte) + uint64(libc.Uint64FromInt32(nDbCol)*(libc.Uint64FromInt64(8)*libc.Uint64FromInt32(2)+libc.Uint64FromInt64(4)+libc.Uint64FromInt64(1)+libc.Uint64FromInt32(1)+libc.Uint64FromInt32(1))))
+		nByte = Tsqlite3_int64(uint64(nByte) + libc.Uint64FromInt32(nDbCol)*(libc.Uint64FromInt64(8)*libc.Uint64FromInt32(2)+libc.Uint64FromInt64(4)+libc.Uint64FromInt64(1)+libc.Uint64FromInt32(1)+libc.Uint64FromInt32(1)))
 		pAlloc = _sessionMalloc64(tls, pSession, nByte)
 		if pAlloc == uintptr(0) {
 			rc = int32(SQLITE_NOMEM)
@@ -191819,7 +191819,7 @@ func _sessionInitTable(tls *libc.TLS, pSession uintptr, pTab uintptr, db uintptr
 			}
 			if pSession != 0 && (*Tsqlite3_session)(unsafe.Pointer(pSession)).FbEnableSize != 0 {
 				p3 = pSession + 64
-				*(*Ti64)(unsafe.Pointer(p3)) = Ti64(uint64(*(*Ti64)(unsafe.Pointer(p3))) + uint64(libc.Uint64FromInt32(libc.Int32FromInt32(1)+_sessionVarintLen(tls, (*TSessionTable)(unsafe.Pointer(pTab)).FnCol)+(*TSessionTable)(unsafe.Pointer(pTab)).FnCol)+libc.Xstrlen(tls, (*TSessionTable)(unsafe.Pointer(pTab)).FzName)+libc.Uint64FromInt32(1)))
+				*(*Ti64)(unsafe.Pointer(p3)) = Ti64(uint64(*(*Ti64)(unsafe.Pointer(p3))) + (libc.Uint64FromInt32(libc.Int32FromInt32(1)+_sessionVarintLen(tls, (*TSessionTable)(unsafe.Pointer(pTab)).FnCol)+(*TSessionTable)(unsafe.Pointer(pTab)).FnCol) + libc.Xstrlen(tls, (*TSessionTable)(unsafe.Pointer(pTab)).FzName) + libc.Uint64FromInt32(1)))
 			}
 		}
 	}
@@ -193078,7 +193078,7 @@ func Xsqlite3session_create(tls *libc.TLS, db uintptr, zDb uintptr, ppSession ui
 	/* Zero the output value in case an error occurs. */
 	*(*uintptr)(unsafe.Pointer(ppSession)) = uintptr(0)
 	/* Allocate and populate the new session object. */
-	pNew = Xsqlite3_malloc64(tls, uint64(uint64(136)+libc.Uint64FromInt32(nDb)+uint64(1)))
+	pNew = Xsqlite3_malloc64(tls, uint64(136)+libc.Uint64FromInt32(nDb)+uint64(1))
 	if !(pNew != 0) {
 		return int32(SQLITE_NOMEM)
 	}
@@ -195097,7 +195097,7 @@ func _sessionChangesetInvert(tls *libc.TLS, pInput uintptr, xOutput uintptr, pOu
 			}
 		case int32(SQLITE_UPDATE):
 			if uintptr(0) == apVal {
-				apVal = Xsqlite3_malloc64(tls, uint64(uint64(8)*libc.Uint64FromInt32(*(*int32)(unsafe.Pointer(bp + 24)))*uint64(2)))
+				apVal = Xsqlite3_malloc64(tls, uint64(8)*libc.Uint64FromInt32(*(*int32)(unsafe.Pointer(bp + 24)))*uint64(2))
 				if uintptr(0) == apVal {
 					*(*int32)(unsafe.Pointer(bp)) = int32(SQLITE_NOMEM)
 					goto finished_invert
@@ -196505,7 +196505,7 @@ func _sessionChangeMerge(tls *libc.TLS, pTab uintptr, bRebase int32, bPatchset i
 	pNew = uintptr(0)
 	rc = SQLITE_OK
 	if !(pExist != 0) {
-		pNew = Xsqlite3_malloc64(tls, uint64(uint64(32)+libc.Uint64FromInt32(nRec)))
+		pNew = Xsqlite3_malloc64(tls, uint64(32)+libc.Uint64FromInt32(nRec))
 		if !(pNew != 0) {
 			return int32(SQLITE_NOMEM)
 		}
@@ -196875,7 +196875,7 @@ func _sessionChangesetFindTable(tls *libc.TLS, pGrp uintptr, zTab uintptr, pIter
 	}
 	/* If one was not found above, create a new table now */
 	if !(pTab != 0) {
-		pTab = Xsqlite3_malloc64(tls, uint64(uint64(88)+libc.Uint64FromInt32(*(*int32)(unsafe.Pointer(bp + 8)))+libc.Uint64FromInt32(nTab)+uint64(1)))
+		pTab = Xsqlite3_malloc64(tls, uint64(88)+libc.Uint64FromInt32(*(*int32)(unsafe.Pointer(bp + 8)))+libc.Uint64FromInt32(nTab)+uint64(1))
 		if !(pTab != 0) {
 			return int32(SQLITE_NOMEM)
 		}
@@ -199942,7 +199942,7 @@ func _fts5SentenceFinderAdd(tls *libc.TLS, p uintptr, iAdd int32) (r int32) {
 			v1 = int32(64)
 		}
 		nNew = v1
-		aNew = Xsqlite3_realloc64(tls, (*TFts5SFinder)(unsafe.Pointer(p)).FaFirst, uint64(libc.Uint64FromInt32(nNew)*uint64(4)))
+		aNew = Xsqlite3_realloc64(tls, (*TFts5SFinder)(unsafe.Pointer(p)).FaFirst, libc.Uint64FromInt32(nNew)*uint64(4))
 		if aNew == uintptr(0) {
 			return int32(SQLITE_NOMEM)
 		}
@@ -201472,7 +201472,7 @@ func _fts5ConfigParseSpecial(tls *libc.TLS, pConfig uintptr, zCmd uintptr, zArg
 	if Xsqlite3_strnicmp(tls, __ccgo_ts+35421, zCmd, nCmd) == 0 {
 		p1 = zArg
 		nArg = libc.Int64FromUint64(libc.Xstrlen(tls, zArg) + uint64(1))
-		azArg = _sqlite3Fts5MallocZero(tls, bp, libc.Int64FromUint64(uint64(libc.Uint64FromInt64(8)+libc.Uint64FromInt32(2))*libc.Uint64FromInt64(nArg)))
+		azArg = _sqlite3Fts5MallocZero(tls, bp, libc.Int64FromUint64((libc.Uint64FromInt64(8)+libc.Uint64FromInt32(2))*libc.Uint64FromInt64(nArg)))
 		if azArg != 0 {
 			pSpace = azArg + uintptr(nArg)*8
 			if (*TFts5Config)(unsafe.Pointer(pConfig)).Ft.FazArg != 0 {
@@ -204401,7 +204401,7 @@ func _fts5ParseTokenize(tls *libc.TLS, pContext uintptr, tflags int32, pToken ui
 				v2 = 0
 			}
 			nNew = SZALLOC + v2
-			pNew = Xsqlite3_realloc64(tls, pPhrase, uint64(uint64(72)+uint64(40)*libc.Uint64FromInt32(nNew)))
+			pNew = Xsqlite3_realloc64(tls, pPhrase, uint64(72)+uint64(40)*libc.Uint64FromInt32(nNew))
 			if pNew == uintptr(0) {
 				*(*int32)(unsafe.Pointer(bp)) = int32(SQLITE_NOMEM)
 			} else {
@@ -204725,7 +204725,7 @@ func _fts5ParseColset(tls *libc.TLS, pParse uintptr, p uintptr, iCol int32) (r u
 		v1 = 0
 	}
 	nCol = v1 /* New colset object to return */
-	pNew = Xsqlite3_realloc64(tls, p, uint64(uint64(8)+uint64(4)*libc.Uint64FromInt32(nCol)))
+	pNew = Xsqlite3_realloc64(tls, p, uint64(8)+uint64(4)*libc.Uint64FromInt32(nCol))
 	if pNew == uintptr(0) {
 		(*TFts5Parse)(unsafe.Pointer(pParse)).Frc = int32(SQLITE_NOMEM)
 	} else {
@@ -205309,7 +205309,7 @@ func _sqlite3Fts5ExprClearPoslists(tls *libc.TLS, pExpr uintptr, bLive int32) (r
 	var i int32
 	var pBuf, pNode, pRet uintptr
 	_, _, _, _ = i, pBuf, pNode, pRet
-	pRet = Xsqlite3_malloc64(tls, uint64(uint64(16)*libc.Uint64FromInt32((*TFts5Expr)(unsafe.Pointer(pExpr)).FnPhrase)))
+	pRet = Xsqlite3_malloc64(tls, uint64(16)*libc.Uint64FromInt32((*TFts5Expr)(unsafe.Pointer(pExpr)).FnPhrase))
 	if pRet != 0 {
 		libc.Xmemset(tls, pRet, 0, uint64(16)*libc.Uint64FromInt32((*TFts5Expr)(unsafe.Pointer(pExpr)).FnPhrase))
 		i = 0
@@ -205903,7 +205903,7 @@ func _fts5HashResize(tls *libc.TLS, pHash uintptr) (r int32) {
 	_, _, _, _, _, _ = apNew, apOld, i, iHash, nNew, p
 	nNew = (*TFts5Hash)(unsafe.Pointer(pHash)).FnSlot * int32(2)
 	apOld = (*TFts5Hash)(unsafe.Pointer(pHash)).FaSlot
-	apNew = Xsqlite3_malloc64(tls, uint64(libc.Uint64FromInt32(nNew)*uint64(8)))
+	apNew = Xsqlite3_malloc64(tls, libc.Uint64FromInt32(nNew)*uint64(8))
 	if !(apNew != 0) {
 		return int32(SQLITE_NOMEM)
 	}
@@ -206215,7 +206215,7 @@ func _fts5HashEntrySort(tls *libc.TLS, pHash uintptr, pTerm uintptr, nTerm int32
 	_, _, _, _, _, _, _ = ap, i, iSlot, nMergeSlot, pEntry, pIter, pList
 	nMergeSlot = int32(32)
 	*(*uintptr)(unsafe.Pointer(ppSorted)) = uintptr(0)
-	ap = Xsqlite3_malloc64(tls, uint64(uint64(8)*libc.Uint64FromInt32(nMergeSlot)))
+	ap = Xsqlite3_malloc64(tls, uint64(8)*libc.Uint64FromInt32(nMergeSlot))
 	if !(ap != 0) {
 		return int32(SQLITE_NOMEM)
 	}
@@ -208702,7 +208702,7 @@ func _fts5SegIterReverseInitPage(tls *libc.TLS, p uintptr, pIter uintptr) {
 		/* If necessary, grow the pIter->aRowidOffset[] array. */
 		if iRowidOffset >= (*TFts5SegIter)(unsafe.Pointer(pIter)).FnRowidOffset {
 			nNew = (*TFts5SegIter)(unsafe.Pointer(pIter)).FnRowidOffset + int32(8)
-			aNew = Xsqlite3_realloc64(tls, (*TFts5SegIter)(unsafe.Pointer(pIter)).FaRowidOffset, uint64(libc.Uint64FromInt32(nNew)*uint64(4)))
+			aNew = Xsqlite3_realloc64(tls, (*TFts5SegIter)(unsafe.Pointer(pIter)).FaRowidOffset, libc.Uint64FromInt32(nNew)*uint64(4))
 			if aNew == uintptr(0) {
 				(*TFts5Index)(unsafe.Pointer(p)).Frc = int32(SQLITE_NOMEM)
 				break
@@ -210954,7 +210954,7 @@ func _fts5WriteDlidxGrow(tls *libc.TLS, p uintptr, pWriter uintptr, nLvl int32)
 	var nByte Tsize_t
 	_, _ = aDlidx, nByte
 	if (*TFts5Index)(unsafe.Pointer(p)).Frc == SQLITE_OK && nLvl >= (*TFts5SegWriter)(unsafe.Pointer(pWriter)).FnDlidx {
-		aDlidx = Xsqlite3_realloc64(tls, (*TFts5SegWriter)(unsafe.Pointer(pWriter)).FaDlidx, uint64(uint64(32)*libc.Uint64FromInt32(nLvl)))
+		aDlidx = Xsqlite3_realloc64(tls, (*TFts5SegWriter)(unsafe.Pointer(pWriter)).FaDlidx, uint64(32)*libc.Uint64FromInt32(nLvl))
 		if aDlidx == uintptr(0) {
 			(*TFts5Index)(unsafe.Pointer(p)).Frc = int32(SQLITE_NOMEM)
 		} else {
@@ -212671,7 +212671,7 @@ func _fts5IndexOptimizeStruct(tls *libc.TLS, p uintptr, pStruct uintptr) (r uint
 		;
 		i++
 	}
-	nByte = Tsqlite3_int64(uint64(nByte) + uint64(libc.Uint64FromInt32((*TFts5Structure)(unsafe.Pointer(pStruct)).FnLevel+libc.Int32FromInt32(1))*libc.Uint64FromInt64(16)))
+	nByte = Tsqlite3_int64(uint64(nByte) + libc.Uint64FromInt32((*TFts5Structure)(unsafe.Pointer(pStruct)).FnLevel+libc.Int32FromInt32(1))*libc.Uint64FromInt64(16))
 	pNew = _sqlite3Fts5MallocZero(tls, p+60, nByte)
 	if pNew != 0 {
 		nByte = libc.Int64FromUint64(libc.Uint64FromInt32(nSeg) * uint64(56))
@@ -218237,7 +218237,7 @@ func _fts5CacheInstArray(tls *libc.TLS, pCsr uintptr) (r int32) {
 						v3 = int32(32)
 					}
 					nNewSize = v3
-					aInst = Xsqlite3_realloc64(tls, (*TFts5Cursor)(unsafe.Pointer(pCsr)).FaInst, uint64(libc.Uint64FromInt32(nNewSize)*uint64(4)*uint64(3)))
+					aInst = Xsqlite3_realloc64(tls, (*TFts5Cursor)(unsafe.Pointer(pCsr)).FaInst, libc.Uint64FromInt32(nNewSize)*uint64(4)*uint64(3))
 					if aInst != 0 {
 						(*TFts5Cursor)(unsafe.Pointer(pCsr)).FaInst = aInst
 						(*TFts5Cursor)(unsafe.Pointer(pCsr)).FnInstAlloc = nNewSize
@@ -221078,7 +221078,7 @@ func _sqlite3Fts5StorageIntegrity(tls *libc.TLS, p uintptr, iArg int32) (r int32
 	rc = SQLITE_OK
 	libc.Xmemset(tls, bp, 0, uint64(40))
 	(*(*TFts5IntegrityCtx)(unsafe.Pointer(bp))).FpConfig = (*TFts5Storage)(unsafe.Pointer(p)).FpConfig
-	aTotalSize = Xsqlite3_malloc64(tls, uint64(libc.Uint64FromInt32((*TFts5Config)(unsafe.Pointer(pConfig)).FnCol)*(libc.Uint64FromInt64(4)+libc.Uint64FromInt64(8))))
+	aTotalSize = Xsqlite3_malloc64(tls, libc.Uint64FromInt32((*TFts5Config)(unsafe.Pointer(pConfig)).FnCol)*(libc.Uint64FromInt64(4)+libc.Uint64FromInt64(8)))
 	if !(aTotalSize != 0) {
 		return int32(SQLITE_NOMEM)
 	}
@@ -221704,7 +221704,7 @@ func _fts5UnicodeAddExceptions(tls *libc.TLS, p uintptr, z uintptr, bTokenChars
 	rc = SQLITE_OK
 	n = libc.Int32FromUint64(libc.Xstrlen(tls, z))
 	if n > 0 {
-		aNew = Xsqlite3_realloc64(tls, (*TUnicode61Tokenizer)(unsafe.Pointer(p)).FaiException, uint64(libc.Uint64FromInt32(n+(*TUnicode61Tokenizer)(unsafe.Pointer(p)).FnException)*uint64(4)))
+		aNew = Xsqlite3_realloc64(tls, (*TUnicode61Tokenizer)(unsafe.Pointer(p)).FaiException, libc.Uint64FromInt32(n+(*TUnicode61Tokenizer)(unsafe.Pointer(p)).FnException)*uint64(4))
 		if aNew != 0 {
 			nNew = (*TUnicode61Tokenizer)(unsafe.Pointer(p)).FnException
 			zCsr = z
@@ -221843,7 +221843,7 @@ func _fts5UnicodeCreate(tls *libc.TLS, pUnused uintptr, azArg uintptr, nArg int3
 			libc.Xmemset(tls, p, 0, uint64(192))
 			(*TUnicode61Tokenizer)(unsafe.Pointer(p)).FeRemoveDiacritic = int32(FTS5_REMOVE_DIACRITICS_SIMPLE)
 			(*TUnicode61Tokenizer)(unsafe.Pointer(p)).FnFold = int32(64)
-			(*TUnicode61Tokenizer)(unsafe.Pointer(p)).FaFold = Xsqlite3_malloc64(tls, uint64(libc.Uint64FromInt32((*TUnicode61Tokenizer)(unsafe.Pointer(p)).FnFold)*uint64(1)))
+			(*TUnicode61Tokenizer)(unsafe.Pointer(p)).FaFold = Xsqlite3_malloc64(tls, libc.Uint64FromInt32((*TUnicode61Tokenizer)(unsafe.Pointer(p)).FnFold)*uint64(1))
 			if (*TUnicode61Tokenizer)(unsafe.Pointer(p)).FaFold == uintptr(0) {
 				rc = int32(SQLITE_NOMEM)
 			}
diff --git a/vendor/modernc.org/sqlite/lib/sqlite_openbsd_amd64.go b/vendor/modernc.org/sqlite/lib/sqlite_openbsd_amd64.go
index 184d08ccb..bed28f24d 100644
--- a/vendor/modernc.org/sqlite/lib/sqlite_openbsd_amd64.go
+++ b/vendor/modernc.org/sqlite/lib/sqlite_openbsd_amd64.go
@@ -113181,8 +113181,8 @@ var mu mutex
 func init() { mu.recursive = true }
 
 func Xsqlite3_initialize(tls *libc.TLS) int32 {
-	mu.enter(tls.ID)
-	defer mu.leave(tls.ID)
+	mutexEnter(tls, uintptr(unsafe.Pointer(&mu)))
+	defer mutexLeave(tls, uintptr(unsafe.Pointer(&mu)))
 
 	var pMainMtx uintptr
 	var rc int32
diff --git a/vendor/modernc.org/sqlite/lib/sqlite_openbsd_arm64.go b/vendor/modernc.org/sqlite/lib/sqlite_openbsd_arm64.go
index 349839cec..3764e7ac9 100644
--- a/vendor/modernc.org/sqlite/lib/sqlite_openbsd_arm64.go
+++ b/vendor/modernc.org/sqlite/lib/sqlite_openbsd_arm64.go
@@ -113186,8 +113186,8 @@ var mu mutex
 func init() { mu.recursive = true }
 
 func Xsqlite3_initialize(tls *libc.TLS) int32 {
-	mu.enter(tls.ID)
-	defer mu.leave(tls.ID)
+	mutexEnter(tls, uintptr(unsafe.Pointer(&mu)))
+	defer mutexLeave(tls, uintptr(unsafe.Pointer(&mu)))
 
 	var pMainMtx uintptr
 	var rc int32
diff --git a/vendor/modules.txt b/vendor/modules.txt
index 5b20c6326..3acec9ac2 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -1065,8 +1065,8 @@ golang.org/x/crypto/scrypt
 golang.org/x/crypto/sha3
 golang.org/x/crypto/ssh
 golang.org/x/crypto/ssh/internal/bcrypt_pbkdf
-# golang.org/x/exp v0.0.0-20240222234643-814bf88cf225
-## explicit; go 1.20
+# golang.org/x/exp v0.0.0-20250305212735-054e65f0b394
+## explicit; go 1.23.0
 golang.org/x/exp/constraints
 # golang.org/x/image v0.24.0
 ## explicit; go 1.18
@@ -1074,8 +1074,8 @@ golang.org/x/image/riff
 golang.org/x/image/vp8
 golang.org/x/image/vp8l
 golang.org/x/image/webp
-# golang.org/x/mod v0.23.0
-## explicit; go 1.22.0
+# golang.org/x/mod v0.24.0
+## explicit; go 1.23.0
 golang.org/x/mod/internal/lazyregexp
 golang.org/x/mod/module
 golang.org/x/mod/semver
@@ -1134,8 +1134,8 @@ golang.org/x/text/transform
 golang.org/x/text/unicode/bidi
 golang.org/x/text/unicode/norm
 golang.org/x/text/width
-# golang.org/x/tools v0.30.0
-## explicit; go 1.22.0
+# golang.org/x/tools v0.31.0
+## explicit; go 1.23.0
 golang.org/x/tools/go/ast/astutil
 golang.org/x/tools/go/gcexportdata
 golang.org/x/tools/go/packages
@@ -1281,8 +1281,8 @@ gopkg.in/yaml.v2
 # gopkg.in/yaml.v3 v3.0.1
 ## explicit
 gopkg.in/yaml.v3
-# modernc.org/libc v1.61.13
-## explicit; go 1.21
+# modernc.org/libc v1.62.1
+## explicit; go 1.23.0
 modernc.org/libc
 modernc.org/libc/errno
 modernc.org/libc/fcntl
@@ -1312,10 +1312,10 @@ modernc.org/libc/wctype
 # modernc.org/mathutil v1.7.1
 ## explicit; go 1.21
 modernc.org/mathutil
-# modernc.org/memory v1.8.2
-## explicit; go 1.21
+# modernc.org/memory v1.9.1
+## explicit; go 1.23.0
 modernc.org/memory
-# modernc.org/sqlite v0.0.0-00010101000000-000000000000 => gitlab.com/NyaaaWhatsUpDoc/sqlite v1.36.2-concurrency-workaround
+# modernc.org/sqlite v0.0.0-00010101000000-000000000000 => gitlab.com/NyaaaWhatsUpDoc/sqlite v1.37.0-concurrency-workaround
 ## explicit; go 1.23.0
 modernc.org/sqlite
 modernc.org/sqlite/lib
@@ -1323,4 +1323,4 @@ modernc.org/sqlite/lib
 ## explicit; go 1.22.0
 mvdan.cc/xurls/v2
 # github.com/go-swagger/go-swagger => codeberg.org/superseriousbusiness/go-swagger v0.31.0-gts-go1.23-fix
-# modernc.org/sqlite => gitlab.com/NyaaaWhatsUpDoc/sqlite v1.36.2-concurrency-workaround
+# modernc.org/sqlite => gitlab.com/NyaaaWhatsUpDoc/sqlite v1.37.0-concurrency-workaround

From b0873972ecb6d9977a36898d8281649d38c17df7 Mon Sep 17 00:00:00 2001
From: kim <89579420+NyaaaWhatsUpDoc@users.noreply.github.com>
Date: Tue, 1 Apr 2025 16:21:59 +0000
Subject: [PATCH 03/15] [chore] bump golang.org/x/net@v0.38.0,
 github.com/gin-contrib/cors@v1.7.4, github.com/spf13/viper@v1.20.1,
 github.com/tdewolff/minify/v2@v2.22.4 (#3959)

---
 go.mod                                        |    8 +-
 go.sum                                        |   16 +-
 .../github.com/gin-contrib/cors/.golangci.yml |    1 -
 vendor/github.com/gin-contrib/cors/config.go  |   14 +-
 vendor/github.com/gin-contrib/cors/cors.go    |   10 +
 vendor/github.com/spf13/viper/viper.go        |   32 +-
 vendor/golang.org/x/net/html/atom/table.go    | 1256 +++++++++--------
 vendor/golang.org/x/net/html/parse.go         |    4 +-
 vendor/golang.org/x/net/html/token.go         |   18 +-
 vendor/golang.org/x/net/http2/frame.go        |   11 +
 vendor/golang.org/x/net/http2/h2c/h2c.go      |   14 +-
 vendor/golang.org/x/net/http2/server.go       |    5 +-
 .../x/net/publicsuffix/data/children          |  Bin 2976 -> 3484 bytes
 .../golang.org/x/net/publicsuffix/data/nodes  |  Bin 46610 -> 50500 bytes
 .../golang.org/x/net/publicsuffix/data/text   |    2 +-
 vendor/golang.org/x/net/publicsuffix/list.go  |    2 +-
 vendor/golang.org/x/net/publicsuffix/table.go |   12 +-
 vendor/modules.txt                            |   10 +-
 18 files changed, 734 insertions(+), 681 deletions(-)

diff --git a/go.mod b/go.mod
index 93799e7cc..c23748996 100644
--- a/go.mod
+++ b/go.mod
@@ -37,7 +37,7 @@ require (
 	github.com/SherClockHolmes/webpush-go v1.4.0
 	github.com/buckket/go-blurhash v1.1.0
 	github.com/coreos/go-oidc/v3 v3.12.0
-	github.com/gin-contrib/cors v1.7.3
+	github.com/gin-contrib/cors v1.7.4
 	github.com/gin-contrib/gzip v1.2.2
 	github.com/gin-contrib/sessions v1.0.2
 	github.com/gin-gonic/gin v1.10.0
@@ -59,9 +59,9 @@ require (
 	github.com/prometheus/client_golang v1.21.1
 	github.com/rivo/uniseg v0.4.7
 	github.com/spf13/cobra v1.9.1
-	github.com/spf13/viper v1.20.0
+	github.com/spf13/viper v1.20.1
 	github.com/stretchr/testify v1.10.0
-	github.com/tdewolff/minify/v2 v2.22.3
+	github.com/tdewolff/minify/v2 v2.22.4
 	github.com/technologize/otel-go-contrib v1.1.1
 	github.com/temoto/robotstxt v1.1.2
 	github.com/tetratelabs/wazero v1.9.0
@@ -84,7 +84,7 @@ require (
 	go.uber.org/automaxprocs v1.6.0
 	golang.org/x/crypto v0.36.0
 	golang.org/x/image v0.24.0
-	golang.org/x/net v0.37.0
+	golang.org/x/net v0.38.0
 	golang.org/x/oauth2 v0.27.0
 	golang.org/x/sys v0.31.0
 	golang.org/x/text v0.23.0
diff --git a/go.sum b/go.sum
index 4f38aa932..88fb45e71 100644
--- a/go.sum
+++ b/go.sum
@@ -133,8 +133,8 @@ github.com/gabriel-vasile/mimetype v1.4.8 h1:FfZ3gj38NjllZIeJAmMhr+qKL8Wu+nOoI3G
 github.com/gabriel-vasile/mimetype v1.4.8/go.mod h1:ByKUIKGjh1ODkGM1asKUbQZOLGrPjydw3hYPU2YU9t8=
 github.com/gavv/httpexpect v2.0.0+incompatible h1:1X9kcRshkSKEjNJJxX9Y9mQ5BRfbxU5kORdjhlA1yX8=
 github.com/gavv/httpexpect v2.0.0+incompatible/go.mod h1:x+9tiU1YnrOvnB725RkpoLv1M62hOWzwo5OXotisrKc=
-github.com/gin-contrib/cors v1.7.3 h1:hV+a5xp8hwJoTw7OY+a70FsL8JkVVFTXw9EcfrYUdns=
-github.com/gin-contrib/cors v1.7.3/go.mod h1:M3bcKZhxzsvI+rlRSkkxHyljJt1ESd93COUvemZ79j4=
+github.com/gin-contrib/cors v1.7.4 h1:/fC6/wk7rCRtqKqki8lLr2Xq+hnV49aXDLIuSek9g4k=
+github.com/gin-contrib/cors v1.7.4/go.mod h1:vGc/APSgLMlQfEJV5NAzkrAHb0C8DetL3K6QZuvGii0=
 github.com/gin-contrib/gzip v1.2.2 h1:iUU/EYCM8ENfkjmZaVrxbjF/ZC267Iqv5S0MMCMEliI=
 github.com/gin-contrib/gzip v1.2.2/go.mod h1:C1a5cacjlDsS20cKnHlZRCPUu57D3qH6B2pV0rl+Y/s=
 github.com/gin-contrib/sessions v1.0.2 h1:UaIjUvTH1cMeOdj3in6dl+Xb6It8RiKRF9Z1anbUyCA=
@@ -388,8 +388,8 @@ github.com/spf13/cobra v1.9.1 h1:CXSaggrXdbHK9CF+8ywj8Amf7PBRmPCOJugH954Nnlo=
 github.com/spf13/cobra v1.9.1/go.mod h1:nDyEzZ8ogv936Cinf6g1RU9MRY64Ir93oCnqb9wxYW0=
 github.com/spf13/pflag v1.0.6 h1:jFzHGLGAlb3ruxLB8MhbI6A8+AQX/2eW4qeyNZXNp2o=
 github.com/spf13/pflag v1.0.6/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
-github.com/spf13/viper v1.20.0 h1:zrxIyR3RQIOsarIrgL8+sAvALXul9jeEPa06Y0Ph6vY=
-github.com/spf13/viper v1.20.0/go.mod h1:P9Mdzt1zoHIG8m2eZQinpiBjo6kCmZSKBClNNqjJvu4=
+github.com/spf13/viper v1.20.1 h1:ZMi+z/lvLyPSCoNtFCpqjy0S4kPbirhpTMwl8BkW9X4=
+github.com/spf13/viper v1.20.1/go.mod h1:P9Mdzt1zoHIG8m2eZQinpiBjo6kCmZSKBClNNqjJvu4=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
 github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
@@ -406,8 +406,8 @@ github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOf
 github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 github.com/subosito/gotenv v1.6.0 h1:9NlTDc1FTs4qu0DDq7AEtTPNw6SVm7uBMsUCUjABIf8=
 github.com/subosito/gotenv v1.6.0/go.mod h1:Dk4QP5c2W3ibzajGcXpNraDfq2IrhjMIvMSWPKKo0FU=
-github.com/tdewolff/minify/v2 v2.22.3 h1:iWXbYdEwvyMXq+KoZlM7Aybp2ASq1VTibUIUxtiyfWo=
-github.com/tdewolff/minify/v2 v2.22.3/go.mod h1:K/R8TT7aivpcU8QCNUU1UdR6etfnFPr7L11TO/X7shk=
+github.com/tdewolff/minify/v2 v2.22.4 h1:0/8K2fheOuYr5B4e5oCE1hGBVX6DQHLP0EGzdsDlYeg=
+github.com/tdewolff/minify/v2 v2.22.4/go.mod h1:K/R8TT7aivpcU8QCNUU1UdR6etfnFPr7L11TO/X7shk=
 github.com/tdewolff/parse/v2 v2.7.21 h1:OCuPFtGr4mXdnfKikQlUb0n654ROJANhBqCk+wioJ/A=
 github.com/tdewolff/parse/v2 v2.7.21/go.mod h1:I7TXO37t3aSG9SlPUBefAhgIF8nt7yYUwVGgETIoBcA=
 github.com/tdewolff/test v1.0.11 h1:FdLbwQVHxqG16SlkGveC0JVyrJN62COWTRyUFzfbtBE=
@@ -554,8 +554,8 @@ golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
 golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk=
 golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44=
 golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM=
-golang.org/x/net v0.37.0 h1:1zLorHbz+LYj7MQlSf1+2tPIIgibq2eL5xkrGk6f+2c=
-golang.org/x/net v0.37.0/go.mod h1:ivrbrMbzFq5J41QOQh0siUuly180yBYtLp+CKbEaFx8=
+golang.org/x/net v0.38.0 h1:vRMAPTMaeGqVhG5QyLJHqNDwecKTomGeqbnfZyKlBI8=
+golang.org/x/net v0.38.0/go.mod h1:ivrbrMbzFq5J41QOQh0siUuly180yBYtLp+CKbEaFx8=
 golang.org/x/oauth2 v0.27.0 h1:da9Vo7/tDv5RH/7nZDz1eMGS/q1Vv1N/7FCrBhI9I3M=
 golang.org/x/oauth2 v0.27.0/go.mod h1:onh5ek6nERTohokkhCD/y2cV4Do3fxFHFuAejCkRWT8=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
diff --git a/vendor/github.com/gin-contrib/cors/.golangci.yml b/vendor/github.com/gin-contrib/cors/.golangci.yml
index d59c99bd4..67edf0ac8 100644
--- a/vendor/github.com/gin-contrib/cors/.golangci.yml
+++ b/vendor/github.com/gin-contrib/cors/.golangci.yml
@@ -7,7 +7,6 @@ linters:
     - dogsled
     - dupl
     - errcheck
-    - exportloopref
     - exhaustive
     - gochecknoinits
     - goconst
diff --git a/vendor/github.com/gin-contrib/cors/config.go b/vendor/github.com/gin-contrib/cors/config.go
index 8a295e3db..a955c3171 100644
--- a/vendor/github.com/gin-contrib/cors/config.go
+++ b/vendor/github.com/gin-contrib/cors/config.go
@@ -2,6 +2,7 @@ package cors
 
 import (
 	"net/http"
+	"regexp"
 	"strings"
 
 	"github.com/gin-gonic/gin"
@@ -122,21 +123,32 @@ func (cors *cors) isOriginValid(c *gin.Context, origin string) bool {
 	return valid
 }
 
+var originRegex = regexp.MustCompile(`^/(.+)/[gimuy]?$`)
+
 func (cors *cors) validateOrigin(origin string) bool {
 	if cors.allowAllOrigins {
 		return true
 	}
+
 	for _, value := range cors.allowOrigins {
-		if value == origin {
+		if !originRegex.MatchString(value) && value == origin {
+			return true
+		}
+
+		if originRegex.MatchString(value) &&
+			regexp.MustCompile(originRegex.FindStringSubmatch(value)[1]).MatchString(origin) {
 			return true
 		}
 	}
+
 	if len(cors.wildcardOrigins) > 0 && cors.validateWildcardOrigin(origin) {
 		return true
 	}
+
 	if cors.allowOriginFunc != nil {
 		return cors.allowOriginFunc(origin)
 	}
+
 	return false
 }
 
diff --git a/vendor/github.com/gin-contrib/cors/cors.go b/vendor/github.com/gin-contrib/cors/cors.go
index 2261df759..cacb34a6c 100644
--- a/vendor/github.com/gin-contrib/cors/cors.go
+++ b/vendor/github.com/gin-contrib/cors/cors.go
@@ -3,6 +3,7 @@ package cors
 import (
 	"errors"
 	"fmt"
+	"regexp"
 	"strings"
 	"time"
 
@@ -103,8 +104,17 @@ func (c Config) getAllowedSchemas() []string {
 	return allowedSchemas
 }
 
+var regexpBasedOrigin = regexp.MustCompile(`^\/(.+)\/[gimuy]?$`)
+
 func (c Config) validateAllowedSchemas(origin string) bool {
 	allowedSchemas := c.getAllowedSchemas()
+
+	if regexpBasedOrigin.MatchString(origin) {
+		// Normalize regexp-based origins
+		origin = regexpBasedOrigin.FindStringSubmatch(origin)[1]
+		origin = strings.Replace(origin, "?", "", 1)
+	}
+
 	for _, schema := range allowedSchemas {
 		if strings.HasPrefix(origin, schema) {
 			return true
diff --git a/vendor/github.com/spf13/viper/viper.go b/vendor/github.com/spf13/viper/viper.go
index f900e58b1..a58d757bd 100644
--- a/vendor/github.com/spf13/viper/viper.go
+++ b/vendor/github.com/spf13/viper/viper.go
@@ -1535,27 +1535,29 @@ func (v *Viper) MergeInConfig() error {
 func ReadConfig(in io.Reader) error { return v.ReadConfig(in) }
 
 func (v *Viper) ReadConfig(in io.Reader) error {
-	if v.configType == "" {
-		return errors.New("cannot decode configuration: config type is not set")
+	config := make(map[string]any)
+
+	err := v.unmarshalReader(in, config)
+	if err != nil {
+		return err
 	}
 
-	v.config = make(map[string]any)
-	return v.unmarshalReader(in, v.config)
+	v.config = config
+
+	return nil
 }
 
 // MergeConfig merges a new configuration with an existing config.
 func MergeConfig(in io.Reader) error { return v.MergeConfig(in) }
 
 func (v *Viper) MergeConfig(in io.Reader) error {
-	if v.configType == "" {
-		return errors.New("cannot decode configuration: config type is not set")
-	}
+	config := make(map[string]any)
 
-	cfg := make(map[string]any)
-	if err := v.unmarshalReader(in, cfg); err != nil {
+	if err := v.unmarshalReader(in, config); err != nil {
 		return err
 	}
-	return v.MergeConfigMap(cfg)
+
+	return v.MergeConfigMap(config)
 }
 
 // MergeConfigMap merges the configuration from the map given with an existing config.
@@ -1662,15 +1664,21 @@ func (v *Viper) writeConfig(filename string, force bool) error {
 }
 
 func (v *Viper) unmarshalReader(in io.Reader, c map[string]any) error {
+	format := strings.ToLower(v.getConfigType())
+	if format == "" {
+		return errors.New("cannot decode configuration: unable to determine config type")
+	}
+
 	buf := new(bytes.Buffer)
 	buf.ReadFrom(in)
 
-	format := strings.ToLower(v.getConfigType())
-
+	// TODO: remove this once SupportedExts is deprecated/removed
 	if !slices.Contains(SupportedExts, format) {
 		return UnsupportedConfigError(format)
 	}
 
+	// TODO: return [UnsupportedConfigError] if the registry does not contain the format
+	// TODO: consider deprecating this error type
 	decoder, err := v.decoderRegistry.Decoder(format)
 	if err != nil {
 		return ConfigParseError{err}
diff --git a/vendor/golang.org/x/net/html/atom/table.go b/vendor/golang.org/x/net/html/atom/table.go
index 2a938864c..b460e6f72 100644
--- a/vendor/golang.org/x/net/html/atom/table.go
+++ b/vendor/golang.org/x/net/html/atom/table.go
@@ -11,23 +11,23 @@ const (
 	AcceptCharset             Atom = 0x1a0e
 	Accesskey                 Atom = 0x2c09
 	Acronym                   Atom = 0xaa07
-	Action                    Atom = 0x27206
-	Address                   Atom = 0x6f307
+	Action                    Atom = 0x26506
+	Address                   Atom = 0x6f107
 	Align                     Atom = 0xb105
-	Allowfullscreen           Atom = 0x2080f
+	Allowfullscreen           Atom = 0x3280f
 	Allowpaymentrequest       Atom = 0xc113
 	Allowusermedia            Atom = 0xdd0e
 	Alt                       Atom = 0xf303
 	Annotation                Atom = 0x1c90a
 	AnnotationXml             Atom = 0x1c90e
-	Applet                    Atom = 0x31906
-	Area                      Atom = 0x35604
-	Article                   Atom = 0x3fc07
+	Applet                    Atom = 0x30806
+	Area                      Atom = 0x35004
+	Article                   Atom = 0x3f607
 	As                        Atom = 0x3c02
 	Aside                     Atom = 0x10705
 	Async                     Atom = 0xff05
 	Audio                     Atom = 0x11505
-	Autocomplete              Atom = 0x2780c
+	Autocomplete              Atom = 0x26b0c
 	Autofocus                 Atom = 0x12109
 	Autoplay                  Atom = 0x13c08
 	B                         Atom = 0x101
@@ -43,34 +43,34 @@ const (
 	Br                        Atom = 0x202
 	Button                    Atom = 0x19106
 	Canvas                    Atom = 0x10306
-	Caption                   Atom = 0x23107
-	Center                    Atom = 0x22006
-	Challenge                 Atom = 0x29b09
+	Caption                   Atom = 0x22407
+	Center                    Atom = 0x21306
+	Challenge                 Atom = 0x28e09
 	Charset                   Atom = 0x2107
-	Checked                   Atom = 0x47907
+	Checked                   Atom = 0x5b507
 	Cite                      Atom = 0x19c04
-	Class                     Atom = 0x56405
-	Code                      Atom = 0x5c504
+	Class                     Atom = 0x55805
+	Code                      Atom = 0x5ee04
 	Col                       Atom = 0x1ab03
 	Colgroup                  Atom = 0x1ab08
 	Color                     Atom = 0x1bf05
 	Cols                      Atom = 0x1c404
 	Colspan                   Atom = 0x1c407
 	Command                   Atom = 0x1d707
-	Content                   Atom = 0x58b07
-	Contenteditable           Atom = 0x58b0f
-	Contextmenu               Atom = 0x3800b
+	Content                   Atom = 0x57b07
+	Contenteditable           Atom = 0x57b0f
+	Contextmenu               Atom = 0x37a0b
 	Controls                  Atom = 0x1de08
-	Coords                    Atom = 0x1ea06
-	Crossorigin               Atom = 0x1fb0b
-	Data                      Atom = 0x4a504
-	Datalist                  Atom = 0x4a508
-	Datetime                  Atom = 0x2b808
-	Dd                        Atom = 0x2d702
+	Coords                    Atom = 0x1f006
+	Crossorigin               Atom = 0x1fa0b
+	Data                      Atom = 0x49904
+	Datalist                  Atom = 0x49908
+	Datetime                  Atom = 0x2ab08
+	Dd                        Atom = 0x2bf02
 	Default                   Atom = 0x10a07
-	Defer                     Atom = 0x5c705
-	Del                       Atom = 0x45203
-	Desc                      Atom = 0x56104
+	Defer                     Atom = 0x5f005
+	Del                       Atom = 0x44c03
+	Desc                      Atom = 0x55504
 	Details                   Atom = 0x7207
 	Dfn                       Atom = 0x8703
 	Dialog                    Atom = 0xbb06
@@ -78,106 +78,106 @@ const (
 	Dirname                   Atom = 0x9307
 	Disabled                  Atom = 0x16408
 	Div                       Atom = 0x16b03
-	Dl                        Atom = 0x5e602
-	Download                  Atom = 0x46308
+	Dl                        Atom = 0x5d602
+	Download                  Atom = 0x45d08
 	Draggable                 Atom = 0x17a09
-	Dropzone                  Atom = 0x40508
-	Dt                        Atom = 0x64b02
+	Dropzone                  Atom = 0x3ff08
+	Dt                        Atom = 0x64002
 	Em                        Atom = 0x6e02
 	Embed                     Atom = 0x6e05
-	Enctype                   Atom = 0x28d07
-	Face                      Atom = 0x21e04
-	Fieldset                  Atom = 0x22608
-	Figcaption                Atom = 0x22e0a
-	Figure                    Atom = 0x24806
+	Enctype                   Atom = 0x28007
+	Face                      Atom = 0x21104
+	Fieldset                  Atom = 0x21908
+	Figcaption                Atom = 0x2210a
+	Figure                    Atom = 0x23b06
 	Font                      Atom = 0x3f04
 	Footer                    Atom = 0xf606
-	For                       Atom = 0x25403
-	ForeignObject             Atom = 0x2540d
-	Foreignobject             Atom = 0x2610d
-	Form                      Atom = 0x26e04
-	Formaction                Atom = 0x26e0a
-	Formenctype               Atom = 0x2890b
-	Formmethod                Atom = 0x2a40a
-	Formnovalidate            Atom = 0x2ae0e
-	Formtarget                Atom = 0x2c00a
+	For                       Atom = 0x24703
+	ForeignObject             Atom = 0x2470d
+	Foreignobject             Atom = 0x2540d
+	Form                      Atom = 0x26104
+	Formaction                Atom = 0x2610a
+	Formenctype               Atom = 0x27c0b
+	Formmethod                Atom = 0x2970a
+	Formnovalidate            Atom = 0x2a10e
+	Formtarget                Atom = 0x2b30a
 	Frame                     Atom = 0x8b05
 	Frameset                  Atom = 0x8b08
 	H1                        Atom = 0x15c02
-	H2                        Atom = 0x2de02
-	H3                        Atom = 0x30d02
-	H4                        Atom = 0x34502
-	H5                        Atom = 0x34f02
-	H6                        Atom = 0x64d02
-	Head                      Atom = 0x33104
-	Header                    Atom = 0x33106
-	Headers                   Atom = 0x33107
+	H2                        Atom = 0x56102
+	H3                        Atom = 0x2cd02
+	H4                        Atom = 0x2fc02
+	H5                        Atom = 0x33f02
+	H6                        Atom = 0x34902
+	Head                      Atom = 0x32004
+	Header                    Atom = 0x32006
+	Headers                   Atom = 0x32007
 	Height                    Atom = 0x5206
-	Hgroup                    Atom = 0x2ca06
-	Hidden                    Atom = 0x2d506
-	High                      Atom = 0x2db04
+	Hgroup                    Atom = 0x64206
+	Hidden                    Atom = 0x2bd06
+	High                      Atom = 0x2ca04
 	Hr                        Atom = 0x15702
-	Href                      Atom = 0x2e004
-	Hreflang                  Atom = 0x2e008
+	Href                      Atom = 0x2cf04
+	Hreflang                  Atom = 0x2cf08
 	Html                      Atom = 0x5604
-	HttpEquiv                 Atom = 0x2e80a
+	HttpEquiv                 Atom = 0x2d70a
 	I                         Atom = 0x601
-	Icon                      Atom = 0x58a04
+	Icon                      Atom = 0x57a04
 	Id                        Atom = 0x10902
-	Iframe                    Atom = 0x2fc06
-	Image                     Atom = 0x30205
-	Img                       Atom = 0x30703
-	Input                     Atom = 0x44b05
-	Inputmode                 Atom = 0x44b09
-	Ins                       Atom = 0x20403
-	Integrity                 Atom = 0x23f09
+	Iframe                    Atom = 0x2eb06
+	Image                     Atom = 0x2f105
+	Img                       Atom = 0x2f603
+	Input                     Atom = 0x44505
+	Inputmode                 Atom = 0x44509
+	Ins                       Atom = 0x20303
+	Integrity                 Atom = 0x23209
 	Is                        Atom = 0x16502
-	Isindex                   Atom = 0x30f07
-	Ismap                     Atom = 0x31605
-	Itemid                    Atom = 0x38b06
+	Isindex                   Atom = 0x2fe07
+	Ismap                     Atom = 0x30505
+	Itemid                    Atom = 0x38506
 	Itemprop                  Atom = 0x19d08
-	Itemref                   Atom = 0x3cd07
-	Itemscope                 Atom = 0x67109
-	Itemtype                  Atom = 0x31f08
+	Itemref                   Atom = 0x3c707
+	Itemscope                 Atom = 0x66f09
+	Itemtype                  Atom = 0x30e08
 	Kbd                       Atom = 0xb903
 	Keygen                    Atom = 0x3206
 	Keytype                   Atom = 0xd607
 	Kind                      Atom = 0x17704
 	Label                     Atom = 0x5905
-	Lang                      Atom = 0x2e404
+	Lang                      Atom = 0x2d304
 	Legend                    Atom = 0x18106
 	Li                        Atom = 0xb202
 	Link                      Atom = 0x17404
-	List                      Atom = 0x4a904
-	Listing                   Atom = 0x4a907
+	List                      Atom = 0x49d04
+	Listing                   Atom = 0x49d07
 	Loop                      Atom = 0x5d04
 	Low                       Atom = 0xc303
 	Main                      Atom = 0x1004
 	Malignmark                Atom = 0xb00a
-	Manifest                  Atom = 0x6d708
-	Map                       Atom = 0x31803
+	Manifest                  Atom = 0x6d508
+	Map                       Atom = 0x30703
 	Mark                      Atom = 0xb604
-	Marquee                   Atom = 0x32707
-	Math                      Atom = 0x32e04
-	Max                       Atom = 0x33d03
-	Maxlength                 Atom = 0x33d09
+	Marquee                   Atom = 0x31607
+	Math                      Atom = 0x31d04
+	Max                       Atom = 0x33703
+	Maxlength                 Atom = 0x33709
 	Media                     Atom = 0xe605
 	Mediagroup                Atom = 0xe60a
-	Menu                      Atom = 0x38704
-	Menuitem                  Atom = 0x38708
-	Meta                      Atom = 0x4b804
+	Menu                      Atom = 0x38104
+	Menuitem                  Atom = 0x38108
+	Meta                      Atom = 0x4ac04
 	Meter                     Atom = 0x9805
-	Method                    Atom = 0x2a806
-	Mglyph                    Atom = 0x30806
-	Mi                        Atom = 0x34702
-	Min                       Atom = 0x34703
-	Minlength                 Atom = 0x34709
-	Mn                        Atom = 0x2b102
+	Method                    Atom = 0x29b06
+	Mglyph                    Atom = 0x2f706
+	Mi                        Atom = 0x34102
+	Min                       Atom = 0x34103
+	Minlength                 Atom = 0x34109
+	Mn                        Atom = 0x2a402
 	Mo                        Atom = 0xa402
-	Ms                        Atom = 0x67402
-	Mtext                     Atom = 0x35105
-	Multiple                  Atom = 0x35f08
-	Muted                     Atom = 0x36705
+	Ms                        Atom = 0x67202
+	Mtext                     Atom = 0x34b05
+	Multiple                  Atom = 0x35908
+	Muted                     Atom = 0x36105
 	Name                      Atom = 0x9604
 	Nav                       Atom = 0x1303
 	Nobr                      Atom = 0x3704
@@ -185,101 +185,101 @@ const (
 	Noframes                  Atom = 0x8908
 	Nomodule                  Atom = 0xa208
 	Nonce                     Atom = 0x1a605
-	Noscript                  Atom = 0x21608
-	Novalidate                Atom = 0x2b20a
-	Object                    Atom = 0x26806
+	Noscript                  Atom = 0x2c208
+	Novalidate                Atom = 0x2a50a
+	Object                    Atom = 0x25b06
 	Ol                        Atom = 0x13702
 	Onabort                   Atom = 0x19507
-	Onafterprint              Atom = 0x2360c
-	Onautocomplete            Atom = 0x2760e
-	Onautocompleteerror       Atom = 0x27613
-	Onauxclick                Atom = 0x61f0a
-	Onbeforeprint             Atom = 0x69e0d
-	Onbeforeunload            Atom = 0x6e70e
-	Onblur                    Atom = 0x56d06
+	Onafterprint              Atom = 0x2290c
+	Onautocomplete            Atom = 0x2690e
+	Onautocompleteerror       Atom = 0x26913
+	Onauxclick                Atom = 0x6140a
+	Onbeforeprint             Atom = 0x69c0d
+	Onbeforeunload            Atom = 0x6e50e
+	Onblur                    Atom = 0x1ea06
 	Oncancel                  Atom = 0x11908
 	Oncanplay                 Atom = 0x14d09
 	Oncanplaythrough          Atom = 0x14d10
-	Onchange                  Atom = 0x41b08
-	Onclick                   Atom = 0x2f507
-	Onclose                   Atom = 0x36c07
-	Oncontextmenu             Atom = 0x37e0d
-	Oncopy                    Atom = 0x39106
-	Oncuechange               Atom = 0x3970b
-	Oncut                     Atom = 0x3a205
-	Ondblclick                Atom = 0x3a70a
-	Ondrag                    Atom = 0x3b106
-	Ondragend                 Atom = 0x3b109
-	Ondragenter               Atom = 0x3ba0b
-	Ondragexit                Atom = 0x3c50a
-	Ondragleave               Atom = 0x3df0b
-	Ondragover                Atom = 0x3ea0a
-	Ondragstart               Atom = 0x3f40b
-	Ondrop                    Atom = 0x40306
-	Ondurationchange          Atom = 0x41310
-	Onemptied                 Atom = 0x40a09
-	Onended                   Atom = 0x42307
-	Onerror                   Atom = 0x42a07
-	Onfocus                   Atom = 0x43107
-	Onhashchange              Atom = 0x43d0c
-	Oninput                   Atom = 0x44907
-	Oninvalid                 Atom = 0x45509
-	Onkeydown                 Atom = 0x45e09
-	Onkeypress                Atom = 0x46b0a
-	Onkeyup                   Atom = 0x48007
-	Onlanguagechange          Atom = 0x48d10
-	Onload                    Atom = 0x49d06
-	Onloadeddata              Atom = 0x49d0c
-	Onloadedmetadata          Atom = 0x4b010
-	Onloadend                 Atom = 0x4c609
-	Onloadstart               Atom = 0x4cf0b
-	Onmessage                 Atom = 0x4da09
-	Onmessageerror            Atom = 0x4da0e
-	Onmousedown               Atom = 0x4e80b
-	Onmouseenter              Atom = 0x4f30c
-	Onmouseleave              Atom = 0x4ff0c
-	Onmousemove               Atom = 0x50b0b
-	Onmouseout                Atom = 0x5160a
-	Onmouseover               Atom = 0x5230b
-	Onmouseup                 Atom = 0x52e09
-	Onmousewheel              Atom = 0x53c0c
-	Onoffline                 Atom = 0x54809
-	Ononline                  Atom = 0x55108
-	Onpagehide                Atom = 0x5590a
-	Onpageshow                Atom = 0x5730a
-	Onpaste                   Atom = 0x57f07
-	Onpause                   Atom = 0x59a07
-	Onplay                    Atom = 0x5a406
-	Onplaying                 Atom = 0x5a409
-	Onpopstate                Atom = 0x5ad0a
-	Onprogress                Atom = 0x5b70a
-	Onratechange              Atom = 0x5cc0c
-	Onrejectionhandled        Atom = 0x5d812
-	Onreset                   Atom = 0x5ea07
-	Onresize                  Atom = 0x5f108
-	Onscroll                  Atom = 0x60008
-	Onsecuritypolicyviolation Atom = 0x60819
-	Onseeked                  Atom = 0x62908
-	Onseeking                 Atom = 0x63109
-	Onselect                  Atom = 0x63a08
-	Onshow                    Atom = 0x64406
-	Onsort                    Atom = 0x64f06
-	Onstalled                 Atom = 0x65909
-	Onstorage                 Atom = 0x66209
-	Onsubmit                  Atom = 0x66b08
-	Onsuspend                 Atom = 0x67b09
+	Onchange                  Atom = 0x41508
+	Onclick                   Atom = 0x2e407
+	Onclose                   Atom = 0x36607
+	Oncontextmenu             Atom = 0x3780d
+	Oncopy                    Atom = 0x38b06
+	Oncuechange               Atom = 0x3910b
+	Oncut                     Atom = 0x39c05
+	Ondblclick                Atom = 0x3a10a
+	Ondrag                    Atom = 0x3ab06
+	Ondragend                 Atom = 0x3ab09
+	Ondragenter               Atom = 0x3b40b
+	Ondragexit                Atom = 0x3bf0a
+	Ondragleave               Atom = 0x3d90b
+	Ondragover                Atom = 0x3e40a
+	Ondragstart               Atom = 0x3ee0b
+	Ondrop                    Atom = 0x3fd06
+	Ondurationchange          Atom = 0x40d10
+	Onemptied                 Atom = 0x40409
+	Onended                   Atom = 0x41d07
+	Onerror                   Atom = 0x42407
+	Onfocus                   Atom = 0x42b07
+	Onhashchange              Atom = 0x4370c
+	Oninput                   Atom = 0x44307
+	Oninvalid                 Atom = 0x44f09
+	Onkeydown                 Atom = 0x45809
+	Onkeypress                Atom = 0x4650a
+	Onkeyup                   Atom = 0x47407
+	Onlanguagechange          Atom = 0x48110
+	Onload                    Atom = 0x49106
+	Onloadeddata              Atom = 0x4910c
+	Onloadedmetadata          Atom = 0x4a410
+	Onloadend                 Atom = 0x4ba09
+	Onloadstart               Atom = 0x4c30b
+	Onmessage                 Atom = 0x4ce09
+	Onmessageerror            Atom = 0x4ce0e
+	Onmousedown               Atom = 0x4dc0b
+	Onmouseenter              Atom = 0x4e70c
+	Onmouseleave              Atom = 0x4f30c
+	Onmousemove               Atom = 0x4ff0b
+	Onmouseout                Atom = 0x50a0a
+	Onmouseover               Atom = 0x5170b
+	Onmouseup                 Atom = 0x52209
+	Onmousewheel              Atom = 0x5300c
+	Onoffline                 Atom = 0x53c09
+	Ononline                  Atom = 0x54508
+	Onpagehide                Atom = 0x54d0a
+	Onpageshow                Atom = 0x5630a
+	Onpaste                   Atom = 0x56f07
+	Onpause                   Atom = 0x58a07
+	Onplay                    Atom = 0x59406
+	Onplaying                 Atom = 0x59409
+	Onpopstate                Atom = 0x59d0a
+	Onprogress                Atom = 0x5a70a
+	Onratechange              Atom = 0x5bc0c
+	Onrejectionhandled        Atom = 0x5c812
+	Onreset                   Atom = 0x5da07
+	Onresize                  Atom = 0x5e108
+	Onscroll                  Atom = 0x5f508
+	Onsecuritypolicyviolation Atom = 0x5fd19
+	Onseeked                  Atom = 0x61e08
+	Onseeking                 Atom = 0x62609
+	Onselect                  Atom = 0x62f08
+	Onshow                    Atom = 0x63906
+	Onsort                    Atom = 0x64d06
+	Onstalled                 Atom = 0x65709
+	Onstorage                 Atom = 0x66009
+	Onsubmit                  Atom = 0x66908
+	Onsuspend                 Atom = 0x67909
 	Ontimeupdate              Atom = 0x400c
-	Ontoggle                  Atom = 0x68408
-	Onunhandledrejection      Atom = 0x68c14
-	Onunload                  Atom = 0x6ab08
-	Onvolumechange            Atom = 0x6b30e
-	Onwaiting                 Atom = 0x6c109
-	Onwheel                   Atom = 0x6ca07
+	Ontoggle                  Atom = 0x68208
+	Onunhandledrejection      Atom = 0x68a14
+	Onunload                  Atom = 0x6a908
+	Onvolumechange            Atom = 0x6b10e
+	Onwaiting                 Atom = 0x6bf09
+	Onwheel                   Atom = 0x6c807
 	Open                      Atom = 0x1a304
 	Optgroup                  Atom = 0x5f08
-	Optimum                   Atom = 0x6d107
-	Option                    Atom = 0x6e306
-	Output                    Atom = 0x51d06
+	Optimum                   Atom = 0x6cf07
+	Option                    Atom = 0x6e106
+	Output                    Atom = 0x51106
 	P                         Atom = 0xc01
 	Param                     Atom = 0xc05
 	Pattern                   Atom = 0x6607
@@ -288,466 +288,468 @@ const (
 	Placeholder               Atom = 0x1310b
 	Plaintext                 Atom = 0x1b209
 	Playsinline               Atom = 0x1400b
-	Poster                    Atom = 0x2cf06
-	Pre                       Atom = 0x47003
-	Preload                   Atom = 0x48607
-	Progress                  Atom = 0x5b908
-	Prompt                    Atom = 0x53606
-	Public                    Atom = 0x58606
+	Poster                    Atom = 0x64706
+	Pre                       Atom = 0x46a03
+	Preload                   Atom = 0x47a07
+	Progress                  Atom = 0x5a908
+	Prompt                    Atom = 0x52a06
+	Public                    Atom = 0x57606
 	Q                         Atom = 0xcf01
 	Radiogroup                Atom = 0x30a
 	Rb                        Atom = 0x3a02
-	Readonly                  Atom = 0x35708
-	Referrerpolicy            Atom = 0x3d10e
-	Rel                       Atom = 0x48703
-	Required                  Atom = 0x24c08
+	Readonly                  Atom = 0x35108
+	Referrerpolicy            Atom = 0x3cb0e
+	Rel                       Atom = 0x47b03
+	Required                  Atom = 0x23f08
 	Reversed                  Atom = 0x8008
 	Rows                      Atom = 0x9c04
 	Rowspan                   Atom = 0x9c07
-	Rp                        Atom = 0x23c02
+	Rp                        Atom = 0x22f02
 	Rt                        Atom = 0x19a02
 	Rtc                       Atom = 0x19a03
 	Ruby                      Atom = 0xfb04
 	S                         Atom = 0x2501
 	Samp                      Atom = 0x7804
 	Sandbox                   Atom = 0x12907
-	Scope                     Atom = 0x67505
-	Scoped                    Atom = 0x67506
-	Script                    Atom = 0x21806
-	Seamless                  Atom = 0x37108
-	Section                   Atom = 0x56807
-	Select                    Atom = 0x63c06
-	Selected                  Atom = 0x63c08
-	Shape                     Atom = 0x1e505
-	Size                      Atom = 0x5f504
-	Sizes                     Atom = 0x5f505
-	Slot                      Atom = 0x1ef04
-	Small                     Atom = 0x20605
-	Sortable                  Atom = 0x65108
-	Sorted                    Atom = 0x33706
-	Source                    Atom = 0x37806
-	Spacer                    Atom = 0x43706
+	Scope                     Atom = 0x67305
+	Scoped                    Atom = 0x67306
+	Script                    Atom = 0x2c406
+	Seamless                  Atom = 0x36b08
+	Search                    Atom = 0x55c06
+	Section                   Atom = 0x1e507
+	Select                    Atom = 0x63106
+	Selected                  Atom = 0x63108
+	Shape                     Atom = 0x1f505
+	Size                      Atom = 0x5e504
+	Sizes                     Atom = 0x5e505
+	Slot                      Atom = 0x20504
+	Small                     Atom = 0x32605
+	Sortable                  Atom = 0x64f08
+	Sorted                    Atom = 0x37206
+	Source                    Atom = 0x43106
+	Spacer                    Atom = 0x46e06
 	Span                      Atom = 0x9f04
-	Spellcheck                Atom = 0x4740a
-	Src                       Atom = 0x5c003
-	Srcdoc                    Atom = 0x5c006
-	Srclang                   Atom = 0x5f907
-	Srcset                    Atom = 0x6f906
-	Start                     Atom = 0x3fa05
-	Step                      Atom = 0x58304
+	Spellcheck                Atom = 0x5b00a
+	Src                       Atom = 0x5e903
+	Srcdoc                    Atom = 0x5e906
+	Srclang                   Atom = 0x6f707
+	Srcset                    Atom = 0x6fe06
+	Start                     Atom = 0x3f405
+	Step                      Atom = 0x57304
 	Strike                    Atom = 0xd206
-	Strong                    Atom = 0x6dd06
-	Style                     Atom = 0x6ff05
-	Sub                       Atom = 0x66d03
-	Summary                   Atom = 0x70407
-	Sup                       Atom = 0x70b03
-	Svg                       Atom = 0x70e03
-	System                    Atom = 0x71106
-	Tabindex                  Atom = 0x4be08
-	Table                     Atom = 0x59505
-	Target                    Atom = 0x2c406
+	Strong                    Atom = 0x6db06
+	Style                     Atom = 0x70405
+	Sub                       Atom = 0x66b03
+	Summary                   Atom = 0x70907
+	Sup                       Atom = 0x71003
+	Svg                       Atom = 0x71303
+	System                    Atom = 0x71606
+	Tabindex                  Atom = 0x4b208
+	Table                     Atom = 0x58505
+	Target                    Atom = 0x2b706
 	Tbody                     Atom = 0x2705
 	Td                        Atom = 0x9202
-	Template                  Atom = 0x71408
-	Textarea                  Atom = 0x35208
+	Template                  Atom = 0x71908
+	Textarea                  Atom = 0x34c08
 	Tfoot                     Atom = 0xf505
 	Th                        Atom = 0x15602
-	Thead                     Atom = 0x33005
+	Thead                     Atom = 0x31f05
 	Time                      Atom = 0x4204
 	Title                     Atom = 0x11005
 	Tr                        Atom = 0xcc02
 	Track                     Atom = 0x1ba05
-	Translate                 Atom = 0x1f209
+	Translate                 Atom = 0x20809
 	Tt                        Atom = 0x6802
 	Type                      Atom = 0xd904
-	Typemustmatch             Atom = 0x2900d
+	Typemustmatch             Atom = 0x2830d
 	U                         Atom = 0xb01
 	Ul                        Atom = 0xa702
 	Updateviacache            Atom = 0x460e
-	Usemap                    Atom = 0x59e06
+	Usemap                    Atom = 0x58e06
 	Value                     Atom = 0x1505
 	Var                       Atom = 0x16d03
-	Video                     Atom = 0x2f105
-	Wbr                       Atom = 0x57c03
-	Width                     Atom = 0x64905
-	Workertype                Atom = 0x71c0a
-	Wrap                      Atom = 0x72604
+	Video                     Atom = 0x2e005
+	Wbr                       Atom = 0x56c03
+	Width                     Atom = 0x63e05
+	Workertype                Atom = 0x7210a
+	Wrap                      Atom = 0x72b04
 	Xmp                       Atom = 0x12f03
 )
 
-const hash0 = 0x81cdf10e
+const hash0 = 0x84f70e16
 
 const maxAtomLen = 25
 
 var table = [1 << 9]Atom{
-	0x1:   0xe60a,  // mediagroup
-	0x2:   0x2e404, // lang
-	0x4:   0x2c09,  // accesskey
-	0x5:   0x8b08,  // frameset
-	0x7:   0x63a08, // onselect
-	0x8:   0x71106, // system
-	0xa:   0x64905, // width
-	0xc:   0x2890b, // formenctype
-	0xd:   0x13702, // ol
-	0xe:   0x3970b, // oncuechange
-	0x10:  0x14b03, // bdo
-	0x11:  0x11505, // audio
-	0x12:  0x17a09, // draggable
-	0x14:  0x2f105, // video
-	0x15:  0x2b102, // mn
-	0x16:  0x38704, // menu
-	0x17:  0x2cf06, // poster
-	0x19:  0xf606,  // footer
-	0x1a:  0x2a806, // method
-	0x1b:  0x2b808, // datetime
-	0x1c:  0x19507, // onabort
-	0x1d:  0x460e,  // updateviacache
-	0x1e:  0xff05,  // async
-	0x1f:  0x49d06, // onload
-	0x21:  0x11908, // oncancel
-	0x22:  0x62908, // onseeked
-	0x23:  0x30205, // image
-	0x24:  0x5d812, // onrejectionhandled
-	0x26:  0x17404, // link
-	0x27:  0x51d06, // output
-	0x28:  0x33104, // head
-	0x29:  0x4ff0c, // onmouseleave
-	0x2a:  0x57f07, // onpaste
-	0x2b:  0x5a409, // onplaying
-	0x2c:  0x1c407, // colspan
-	0x2f:  0x1bf05, // color
-	0x30:  0x5f504, // size
-	0x31:  0x2e80a, // http-equiv
-	0x33:  0x601,   // i
-	0x34:  0x5590a, // onpagehide
-	0x35:  0x68c14, // onunhandledrejection
-	0x37:  0x42a07, // onerror
-	0x3a:  0x3b08,  // basefont
-	0x3f:  0x1303,  // nav
-	0x40:  0x17704, // kind
-	0x41:  0x35708, // readonly
-	0x42:  0x30806, // mglyph
-	0x44:  0xb202,  // li
-	0x46:  0x2d506, // hidden
-	0x47:  0x70e03, // svg
-	0x48:  0x58304, // step
-	0x49:  0x23f09, // integrity
-	0x4a:  0x58606, // public
-	0x4c:  0x1ab03, // col
-	0x4d:  0x1870a, // blockquote
-	0x4e:  0x34f02, // h5
-	0x50:  0x5b908, // progress
-	0x51:  0x5f505, // sizes
-	0x52:  0x34502, // h4
-	0x56:  0x33005, // thead
-	0x57:  0xd607,  // keytype
-	0x58:  0x5b70a, // onprogress
-	0x59:  0x44b09, // inputmode
-	0x5a:  0x3b109, // ondragend
-	0x5d:  0x3a205, // oncut
-	0x5e:  0x43706, // spacer
-	0x5f:  0x1ab08, // colgroup
-	0x62:  0x16502, // is
-	0x65:  0x3c02,  // as
-	0x66:  0x54809, // onoffline
-	0x67:  0x33706, // sorted
-	0x69:  0x48d10, // onlanguagechange
-	0x6c:  0x43d0c, // onhashchange
-	0x6d:  0x9604,  // name
-	0x6e:  0xf505,  // tfoot
-	0x6f:  0x56104, // desc
-	0x70:  0x33d03, // max
-	0x72:  0x1ea06, // coords
-	0x73:  0x30d02, // h3
-	0x74:  0x6e70e, // onbeforeunload
-	0x75:  0x9c04,  // rows
-	0x76:  0x63c06, // select
-	0x77:  0x9805,  // meter
-	0x78:  0x38b06, // itemid
-	0x79:  0x53c0c, // onmousewheel
-	0x7a:  0x5c006, // srcdoc
-	0x7d:  0x1ba05, // track
-	0x7f:  0x31f08, // itemtype
-	0x82:  0xa402,  // mo
-	0x83:  0x41b08, // onchange
-	0x84:  0x33107, // headers
-	0x85:  0x5cc0c, // onratechange
-	0x86:  0x60819, // onsecuritypolicyviolation
-	0x88:  0x4a508, // datalist
-	0x89:  0x4e80b, // onmousedown
-	0x8a:  0x1ef04, // slot
-	0x8b:  0x4b010, // onloadedmetadata
-	0x8c:  0x1a06,  // accept
-	0x8d:  0x26806, // object
-	0x91:  0x6b30e, // onvolumechange
-	0x92:  0x2107,  // charset
-	0x93:  0x27613, // onautocompleteerror
-	0x94:  0xc113,  // allowpaymentrequest
-	0x95:  0x2804,  // body
-	0x96:  0x10a07, // default
-	0x97:  0x63c08, // selected
-	0x98:  0x21e04, // face
-	0x99:  0x1e505, // shape
-	0x9b:  0x68408, // ontoggle
-	0x9e:  0x64b02, // dt
-	0x9f:  0xb604,  // mark
-	0xa1:  0xb01,   // u
-	0xa4:  0x6ab08, // onunload
-	0xa5:  0x5d04,  // loop
-	0xa6:  0x16408, // disabled
-	0xaa:  0x42307, // onended
-	0xab:  0xb00a,  // malignmark
-	0xad:  0x67b09, // onsuspend
-	0xae:  0x35105, // mtext
-	0xaf:  0x64f06, // onsort
-	0xb0:  0x19d08, // itemprop
-	0xb3:  0x67109, // itemscope
-	0xb4:  0x17305, // blink
-	0xb6:  0x3b106, // ondrag
-	0xb7:  0xa702,  // ul
-	0xb8:  0x26e04, // form
-	0xb9:  0x12907, // sandbox
-	0xba:  0x8b05,  // frame
-	0xbb:  0x1505,  // value
-	0xbc:  0x66209, // onstorage
-	0xbf:  0xaa07,  // acronym
-	0xc0:  0x19a02, // rt
-	0xc2:  0x202,   // br
-	0xc3:  0x22608, // fieldset
-	0xc4:  0x2900d, // typemustmatch
-	0xc5:  0xa208,  // nomodule
-	0xc6:  0x6c07,  // noembed
-	0xc7:  0x69e0d, // onbeforeprint
-	0xc8:  0x19106, // button
-	0xc9:  0x2f507, // onclick
-	0xca:  0x70407, // summary
-	0xcd:  0xfb04,  // ruby
-	0xce:  0x56405, // class
-	0xcf:  0x3f40b, // ondragstart
-	0xd0:  0x23107, // caption
-	0xd4:  0xdd0e,  // allowusermedia
-	0xd5:  0x4cf0b, // onloadstart
-	0xd9:  0x16b03, // div
-	0xda:  0x4a904, // list
-	0xdb:  0x32e04, // math
-	0xdc:  0x44b05, // input
-	0xdf:  0x3ea0a, // ondragover
-	0xe0:  0x2de02, // h2
-	0xe2:  0x1b209, // plaintext
-	0xe4:  0x4f30c, // onmouseenter
-	0xe7:  0x47907, // checked
-	0xe8:  0x47003, // pre
-	0xea:  0x35f08, // multiple
-	0xeb:  0xba03,  // bdi
-	0xec:  0x33d09, // maxlength
-	0xed:  0xcf01,  // q
-	0xee:  0x61f0a, // onauxclick
-	0xf0:  0x57c03, // wbr
-	0xf2:  0x3b04,  // base
-	0xf3:  0x6e306, // option
-	0xf5:  0x41310, // ondurationchange
-	0xf7:  0x8908,  // noframes
-	0xf9:  0x40508, // dropzone
-	0xfb:  0x67505, // scope
-	0xfc:  0x8008,  // reversed
-	0xfd:  0x3ba0b, // ondragenter
-	0xfe:  0x3fa05, // start
-	0xff:  0x12f03, // xmp
-	0x100: 0x5f907, // srclang
-	0x101: 0x30703, // img
-	0x104: 0x101,   // b
-	0x105: 0x25403, // for
-	0x106: 0x10705, // aside
-	0x107: 0x44907, // oninput
-	0x108: 0x35604, // area
-	0x109: 0x2a40a, // formmethod
-	0x10a: 0x72604, // wrap
-	0x10c: 0x23c02, // rp
-	0x10d: 0x46b0a, // onkeypress
-	0x10e: 0x6802,  // tt
-	0x110: 0x34702, // mi
-	0x111: 0x36705, // muted
-	0x112: 0xf303,  // alt
-	0x113: 0x5c504, // code
-	0x114: 0x6e02,  // em
-	0x115: 0x3c50a, // ondragexit
-	0x117: 0x9f04,  // span
-	0x119: 0x6d708, // manifest
-	0x11a: 0x38708, // menuitem
-	0x11b: 0x58b07, // content
-	0x11d: 0x6c109, // onwaiting
-	0x11f: 0x4c609, // onloadend
-	0x121: 0x37e0d, // oncontextmenu
-	0x123: 0x56d06, // onblur
-	0x124: 0x3fc07, // article
-	0x125: 0x9303,  // dir
-	0x126: 0xef04,  // ping
-	0x127: 0x24c08, // required
-	0x128: 0x45509, // oninvalid
-	0x129: 0xb105,  // align
-	0x12b: 0x58a04, // icon
-	0x12c: 0x64d02, // h6
-	0x12d: 0x1c404, // cols
-	0x12e: 0x22e0a, // figcaption
-	0x12f: 0x45e09, // onkeydown
-	0x130: 0x66b08, // onsubmit
-	0x131: 0x14d09, // oncanplay
-	0x132: 0x70b03, // sup
-	0x133: 0xc01,   // p
-	0x135: 0x40a09, // onemptied
-	0x136: 0x39106, // oncopy
-	0x137: 0x19c04, // cite
-	0x138: 0x3a70a, // ondblclick
-	0x13a: 0x50b0b, // onmousemove
-	0x13c: 0x66d03, // sub
-	0x13d: 0x48703, // rel
-	0x13e: 0x5f08,  // optgroup
-	0x142: 0x9c07,  // rowspan
-	0x143: 0x37806, // source
-	0x144: 0x21608, // noscript
-	0x145: 0x1a304, // open
-	0x146: 0x20403, // ins
-	0x147: 0x2540d, // foreignObject
-	0x148: 0x5ad0a, // onpopstate
-	0x14a: 0x28d07, // enctype
-	0x14b: 0x2760e, // onautocomplete
-	0x14c: 0x35208, // textarea
-	0x14e: 0x2780c, // autocomplete
-	0x14f: 0x15702, // hr
-	0x150: 0x1de08, // controls
-	0x151: 0x10902, // id
-	0x153: 0x2360c, // onafterprint
-	0x155: 0x2610d, // foreignobject
-	0x156: 0x32707, // marquee
-	0x157: 0x59a07, // onpause
-	0x158: 0x5e602, // dl
-	0x159: 0x5206,  // height
-	0x15a: 0x34703, // min
-	0x15b: 0x9307,  // dirname
-	0x15c: 0x1f209, // translate
-	0x15d: 0x5604,  // html
-	0x15e: 0x34709, // minlength
-	0x15f: 0x48607, // preload
-	0x160: 0x71408, // template
-	0x161: 0x3df0b, // ondragleave
-	0x162: 0x3a02,  // rb
-	0x164: 0x5c003, // src
-	0x165: 0x6dd06, // strong
-	0x167: 0x7804,  // samp
-	0x168: 0x6f307, // address
-	0x169: 0x55108, // ononline
-	0x16b: 0x1310b, // placeholder
-	0x16c: 0x2c406, // target
-	0x16d: 0x20605, // small
-	0x16e: 0x6ca07, // onwheel
-	0x16f: 0x1c90a, // annotation
-	0x170: 0x4740a, // spellcheck
-	0x171: 0x7207,  // details
-	0x172: 0x10306, // canvas
-	0x173: 0x12109, // autofocus
-	0x174: 0xc05,   // param
-	0x176: 0x46308, // download
-	0x177: 0x45203, // del
-	0x178: 0x36c07, // onclose
-	0x179: 0xb903,  // kbd
-	0x17a: 0x31906, // applet
-	0x17b: 0x2e004, // href
-	0x17c: 0x5f108, // onresize
-	0x17e: 0x49d0c, // onloadeddata
-	0x180: 0xcc02,  // tr
-	0x181: 0x2c00a, // formtarget
-	0x182: 0x11005, // title
-	0x183: 0x6ff05, // style
-	0x184: 0xd206,  // strike
-	0x185: 0x59e06, // usemap
-	0x186: 0x2fc06, // iframe
-	0x187: 0x1004,  // main
-	0x189: 0x7b07,  // picture
-	0x18c: 0x31605, // ismap
-	0x18e: 0x4a504, // data
-	0x18f: 0x5905,  // label
-	0x191: 0x3d10e, // referrerpolicy
-	0x192: 0x15602, // th
-	0x194: 0x53606, // prompt
-	0x195: 0x56807, // section
-	0x197: 0x6d107, // optimum
-	0x198: 0x2db04, // high
-	0x199: 0x15c02, // h1
-	0x19a: 0x65909, // onstalled
-	0x19b: 0x16d03, // var
-	0x19c: 0x4204,  // time
-	0x19e: 0x67402, // ms
-	0x19f: 0x33106, // header
-	0x1a0: 0x4da09, // onmessage
-	0x1a1: 0x1a605, // nonce
-	0x1a2: 0x26e0a, // formaction
-	0x1a3: 0x22006, // center
-	0x1a4: 0x3704,  // nobr
-	0x1a5: 0x59505, // table
-	0x1a6: 0x4a907, // listing
-	0x1a7: 0x18106, // legend
-	0x1a9: 0x29b09, // challenge
-	0x1aa: 0x24806, // figure
-	0x1ab: 0xe605,  // media
-	0x1ae: 0xd904,  // type
-	0x1af: 0x3f04,  // font
-	0x1b0: 0x4da0e, // onmessageerror
-	0x1b1: 0x37108, // seamless
-	0x1b2: 0x8703,  // dfn
-	0x1b3: 0x5c705, // defer
-	0x1b4: 0xc303,  // low
-	0x1b5: 0x19a03, // rtc
-	0x1b6: 0x5230b, // onmouseover
-	0x1b7: 0x2b20a, // novalidate
-	0x1b8: 0x71c0a, // workertype
-	0x1ba: 0x3cd07, // itemref
-	0x1bd: 0x1,     // a
-	0x1be: 0x31803, // map
-	0x1bf: 0x400c,  // ontimeupdate
-	0x1c0: 0x15e07, // bgsound
-	0x1c1: 0x3206,  // keygen
-	0x1c2: 0x2705,  // tbody
-	0x1c5: 0x64406, // onshow
-	0x1c7: 0x2501,  // s
-	0x1c8: 0x6607,  // pattern
-	0x1cc: 0x14d10, // oncanplaythrough
-	0x1ce: 0x2d702, // dd
-	0x1cf: 0x6f906, // srcset
-	0x1d0: 0x17003, // big
-	0x1d2: 0x65108, // sortable
-	0x1d3: 0x48007, // onkeyup
-	0x1d5: 0x5a406, // onplay
-	0x1d7: 0x4b804, // meta
-	0x1d8: 0x40306, // ondrop
-	0x1da: 0x60008, // onscroll
-	0x1db: 0x1fb0b, // crossorigin
-	0x1dc: 0x5730a, // onpageshow
-	0x1dd: 0x4,     // abbr
-	0x1de: 0x9202,  // td
-	0x1df: 0x58b0f, // contenteditable
-	0x1e0: 0x27206, // action
-	0x1e1: 0x1400b, // playsinline
-	0x1e2: 0x43107, // onfocus
-	0x1e3: 0x2e008, // hreflang
-	0x1e5: 0x5160a, // onmouseout
-	0x1e6: 0x5ea07, // onreset
-	0x1e7: 0x13c08, // autoplay
-	0x1e8: 0x63109, // onseeking
-	0x1ea: 0x67506, // scoped
-	0x1ec: 0x30a,   // radiogroup
-	0x1ee: 0x3800b, // contextmenu
-	0x1ef: 0x52e09, // onmouseup
-	0x1f1: 0x2ca06, // hgroup
-	0x1f2: 0x2080f, // allowfullscreen
-	0x1f3: 0x4be08, // tabindex
-	0x1f6: 0x30f07, // isindex
-	0x1f7: 0x1a0e,  // accept-charset
-	0x1f8: 0x2ae0e, // formnovalidate
-	0x1fb: 0x1c90e, // annotation-xml
-	0x1fc: 0x6e05,  // embed
-	0x1fd: 0x21806, // script
-	0x1fe: 0xbb06,  // dialog
-	0x1ff: 0x1d707, // command
+	0x1:   0x3ff08, // dropzone
+	0x2:   0x3b08,  // basefont
+	0x3:   0x23209, // integrity
+	0x4:   0x43106, // source
+	0x5:   0x2c09,  // accesskey
+	0x6:   0x1a06,  // accept
+	0x7:   0x6c807, // onwheel
+	0xb:   0x47407, // onkeyup
+	0xc:   0x32007, // headers
+	0xd:   0x67306, // scoped
+	0xe:   0x67909, // onsuspend
+	0xf:   0x8908,  // noframes
+	0x10:  0x1fa0b, // crossorigin
+	0x11:  0x2e407, // onclick
+	0x12:  0x3f405, // start
+	0x13:  0x37a0b, // contextmenu
+	0x14:  0x5e903, // src
+	0x15:  0x1c404, // cols
+	0x16:  0xbb06,  // dialog
+	0x17:  0x47a07, // preload
+	0x18:  0x3c707, // itemref
+	0x1b:  0x2f105, // image
+	0x1d:  0x4ba09, // onloadend
+	0x1e:  0x45d08, // download
+	0x1f:  0x46a03, // pre
+	0x23:  0x2970a, // formmethod
+	0x24:  0x71303, // svg
+	0x25:  0xcf01,  // q
+	0x26:  0x64002, // dt
+	0x27:  0x1de08, // controls
+	0x2a:  0x2804,  // body
+	0x2b:  0xd206,  // strike
+	0x2c:  0x3910b, // oncuechange
+	0x2d:  0x4c30b, // onloadstart
+	0x2e:  0x2fe07, // isindex
+	0x2f:  0xb202,  // li
+	0x30:  0x1400b, // playsinline
+	0x31:  0x34102, // mi
+	0x32:  0x30806, // applet
+	0x33:  0x4ce09, // onmessage
+	0x35:  0x13702, // ol
+	0x36:  0x1a304, // open
+	0x39:  0x14d09, // oncanplay
+	0x3a:  0x6bf09, // onwaiting
+	0x3b:  0x11908, // oncancel
+	0x3c:  0x6a908, // onunload
+	0x3e:  0x53c09, // onoffline
+	0x3f:  0x1a0e,  // accept-charset
+	0x40:  0x32004, // head
+	0x42:  0x3ab09, // ondragend
+	0x43:  0x1310b, // placeholder
+	0x44:  0x2b30a, // formtarget
+	0x45:  0x2540d, // foreignobject
+	0x47:  0x400c,  // ontimeupdate
+	0x48:  0xdd0e,  // allowusermedia
+	0x4a:  0x69c0d, // onbeforeprint
+	0x4b:  0x5604,  // html
+	0x4c:  0x9f04,  // span
+	0x4d:  0x64206, // hgroup
+	0x4e:  0x16408, // disabled
+	0x4f:  0x4204,  // time
+	0x51:  0x42b07, // onfocus
+	0x53:  0xb00a,  // malignmark
+	0x55:  0x4650a, // onkeypress
+	0x56:  0x55805, // class
+	0x57:  0x1ab08, // colgroup
+	0x58:  0x33709, // maxlength
+	0x59:  0x5a908, // progress
+	0x5b:  0x70405, // style
+	0x5c:  0x2a10e, // formnovalidate
+	0x5e:  0x38b06, // oncopy
+	0x60:  0x26104, // form
+	0x61:  0xf606,  // footer
+	0x64:  0x30a,   // radiogroup
+	0x66:  0xfb04,  // ruby
+	0x67:  0x4ff0b, // onmousemove
+	0x68:  0x19d08, // itemprop
+	0x69:  0x2d70a, // http-equiv
+	0x6a:  0x15602, // th
+	0x6c:  0x6e02,  // em
+	0x6d:  0x38108, // menuitem
+	0x6e:  0x63106, // select
+	0x6f:  0x48110, // onlanguagechange
+	0x70:  0x31f05, // thead
+	0x71:  0x15c02, // h1
+	0x72:  0x5e906, // srcdoc
+	0x75:  0x9604,  // name
+	0x76:  0x19106, // button
+	0x77:  0x55504, // desc
+	0x78:  0x17704, // kind
+	0x79:  0x1bf05, // color
+	0x7c:  0x58e06, // usemap
+	0x7d:  0x30e08, // itemtype
+	0x7f:  0x6d508, // manifest
+	0x81:  0x5300c, // onmousewheel
+	0x82:  0x4dc0b, // onmousedown
+	0x84:  0xc05,   // param
+	0x85:  0x2e005, // video
+	0x86:  0x4910c, // onloadeddata
+	0x87:  0x6f107, // address
+	0x8c:  0xef04,  // ping
+	0x8d:  0x24703, // for
+	0x8f:  0x62f08, // onselect
+	0x90:  0x30703, // map
+	0x92:  0xc01,   // p
+	0x93:  0x8008,  // reversed
+	0x94:  0x54d0a, // onpagehide
+	0x95:  0x3206,  // keygen
+	0x96:  0x34109, // minlength
+	0x97:  0x3e40a, // ondragover
+	0x98:  0x42407, // onerror
+	0x9a:  0x2107,  // charset
+	0x9b:  0x29b06, // method
+	0x9c:  0x101,   // b
+	0x9d:  0x68208, // ontoggle
+	0x9e:  0x2bd06, // hidden
+	0xa0:  0x3f607, // article
+	0xa2:  0x63906, // onshow
+	0xa3:  0x64d06, // onsort
+	0xa5:  0x57b0f, // contenteditable
+	0xa6:  0x66908, // onsubmit
+	0xa8:  0x44f09, // oninvalid
+	0xaa:  0x202,   // br
+	0xab:  0x10902, // id
+	0xac:  0x5d04,  // loop
+	0xad:  0x5630a, // onpageshow
+	0xb0:  0x2cf04, // href
+	0xb2:  0x2210a, // figcaption
+	0xb3:  0x2690e, // onautocomplete
+	0xb4:  0x49106, // onload
+	0xb6:  0x9c04,  // rows
+	0xb7:  0x1a605, // nonce
+	0xb8:  0x68a14, // onunhandledrejection
+	0xbb:  0x21306, // center
+	0xbc:  0x59406, // onplay
+	0xbd:  0x33f02, // h5
+	0xbe:  0x49d07, // listing
+	0xbf:  0x57606, // public
+	0xc2:  0x23b06, // figure
+	0xc3:  0x57a04, // icon
+	0xc4:  0x1ab03, // col
+	0xc5:  0x47b03, // rel
+	0xc6:  0xe605,  // media
+	0xc7:  0x12109, // autofocus
+	0xc8:  0x19a02, // rt
+	0xca:  0x2d304, // lang
+	0xcc:  0x49908, // datalist
+	0xce:  0x2eb06, // iframe
+	0xcf:  0x36105, // muted
+	0xd0:  0x6140a, // onauxclick
+	0xd2:  0x3c02,  // as
+	0xd6:  0x3fd06, // ondrop
+	0xd7:  0x1c90a, // annotation
+	0xd8:  0x21908, // fieldset
+	0xdb:  0x2cf08, // hreflang
+	0xdc:  0x4e70c, // onmouseenter
+	0xdd:  0x2a402, // mn
+	0xde:  0xe60a,  // mediagroup
+	0xdf:  0x9805,  // meter
+	0xe0:  0x56c03, // wbr
+	0xe2:  0x63e05, // width
+	0xe3:  0x2290c, // onafterprint
+	0xe4:  0x30505, // ismap
+	0xe5:  0x1505,  // value
+	0xe7:  0x1303,  // nav
+	0xe8:  0x54508, // ononline
+	0xe9:  0xb604,  // mark
+	0xea:  0xc303,  // low
+	0xeb:  0x3ee0b, // ondragstart
+	0xef:  0x12f03, // xmp
+	0xf0:  0x22407, // caption
+	0xf1:  0xd904,  // type
+	0xf2:  0x70907, // summary
+	0xf3:  0x6802,  // tt
+	0xf4:  0x20809, // translate
+	0xf5:  0x1870a, // blockquote
+	0xf8:  0x15702, // hr
+	0xfa:  0x2705,  // tbody
+	0xfc:  0x7b07,  // picture
+	0xfd:  0x5206,  // height
+	0xfe:  0x19c04, // cite
+	0xff:  0x2501,  // s
+	0x101: 0xff05,  // async
+	0x102: 0x56f07, // onpaste
+	0x103: 0x19507, // onabort
+	0x104: 0x2b706, // target
+	0x105: 0x14b03, // bdo
+	0x106: 0x1f006, // coords
+	0x107: 0x5e108, // onresize
+	0x108: 0x71908, // template
+	0x10a: 0x3a02,  // rb
+	0x10b: 0x2a50a, // novalidate
+	0x10c: 0x460e,  // updateviacache
+	0x10d: 0x71003, // sup
+	0x10e: 0x6c07,  // noembed
+	0x10f: 0x16b03, // div
+	0x110: 0x6f707, // srclang
+	0x111: 0x17a09, // draggable
+	0x112: 0x67305, // scope
+	0x113: 0x5905,  // label
+	0x114: 0x22f02, // rp
+	0x115: 0x23f08, // required
+	0x116: 0x3780d, // oncontextmenu
+	0x117: 0x5e504, // size
+	0x118: 0x5b00a, // spellcheck
+	0x119: 0x3f04,  // font
+	0x11a: 0x9c07,  // rowspan
+	0x11b: 0x10a07, // default
+	0x11d: 0x44307, // oninput
+	0x11e: 0x38506, // itemid
+	0x11f: 0x5ee04, // code
+	0x120: 0xaa07,  // acronym
+	0x121: 0x3b04,  // base
+	0x125: 0x2470d, // foreignObject
+	0x126: 0x2ca04, // high
+	0x127: 0x3cb0e, // referrerpolicy
+	0x128: 0x33703, // max
+	0x129: 0x59d0a, // onpopstate
+	0x12a: 0x2fc02, // h4
+	0x12b: 0x4ac04, // meta
+	0x12c: 0x17305, // blink
+	0x12e: 0x5f508, // onscroll
+	0x12f: 0x59409, // onplaying
+	0x130: 0xc113,  // allowpaymentrequest
+	0x131: 0x19a03, // rtc
+	0x132: 0x72b04, // wrap
+	0x134: 0x8b08,  // frameset
+	0x135: 0x32605, // small
+	0x137: 0x32006, // header
+	0x138: 0x40409, // onemptied
+	0x139: 0x34902, // h6
+	0x13a: 0x35908, // multiple
+	0x13c: 0x52a06, // prompt
+	0x13f: 0x28e09, // challenge
+	0x141: 0x4370c, // onhashchange
+	0x142: 0x57b07, // content
+	0x143: 0x1c90e, // annotation-xml
+	0x144: 0x36607, // onclose
+	0x145: 0x14d10, // oncanplaythrough
+	0x148: 0x5170b, // onmouseover
+	0x149: 0x64f08, // sortable
+	0x14a: 0xa402,  // mo
+	0x14b: 0x2cd02, // h3
+	0x14c: 0x2c406, // script
+	0x14d: 0x41d07, // onended
+	0x14f: 0x64706, // poster
+	0x150: 0x7210a, // workertype
+	0x153: 0x1f505, // shape
+	0x154: 0x4,     // abbr
+	0x155: 0x1,     // a
+	0x156: 0x2bf02, // dd
+	0x157: 0x71606, // system
+	0x158: 0x4ce0e, // onmessageerror
+	0x159: 0x36b08, // seamless
+	0x15a: 0x2610a, // formaction
+	0x15b: 0x6e106, // option
+	0x15c: 0x31d04, // math
+	0x15d: 0x62609, // onseeking
+	0x15e: 0x39c05, // oncut
+	0x15f: 0x44c03, // del
+	0x160: 0x11005, // title
+	0x161: 0x11505, // audio
+	0x162: 0x63108, // selected
+	0x165: 0x3b40b, // ondragenter
+	0x166: 0x46e06, // spacer
+	0x167: 0x4a410, // onloadedmetadata
+	0x168: 0x44505, // input
+	0x16a: 0x58505, // table
+	0x16b: 0x41508, // onchange
+	0x16e: 0x5f005, // defer
+	0x171: 0x50a0a, // onmouseout
+	0x172: 0x20504, // slot
+	0x175: 0x3704,  // nobr
+	0x177: 0x1d707, // command
+	0x17a: 0x7207,  // details
+	0x17b: 0x38104, // menu
+	0x17c: 0xb903,  // kbd
+	0x17d: 0x57304, // step
+	0x17e: 0x20303, // ins
+	0x17f: 0x13c08, // autoplay
+	0x182: 0x34103, // min
+	0x183: 0x17404, // link
+	0x185: 0x40d10, // ondurationchange
+	0x186: 0x9202,  // td
+	0x187: 0x8b05,  // frame
+	0x18a: 0x2ab08, // datetime
+	0x18b: 0x44509, // inputmode
+	0x18c: 0x35108, // readonly
+	0x18d: 0x21104, // face
+	0x18f: 0x5e505, // sizes
+	0x191: 0x4b208, // tabindex
+	0x192: 0x6db06, // strong
+	0x193: 0xba03,  // bdi
+	0x194: 0x6fe06, // srcset
+	0x196: 0x67202, // ms
+	0x197: 0x5b507, // checked
+	0x198: 0xb105,  // align
+	0x199: 0x1e507, // section
+	0x19b: 0x6e05,  // embed
+	0x19d: 0x15e07, // bgsound
+	0x1a2: 0x49d04, // list
+	0x1a3: 0x61e08, // onseeked
+	0x1a4: 0x66009, // onstorage
+	0x1a5: 0x2f603, // img
+	0x1a6: 0xf505,  // tfoot
+	0x1a9: 0x26913, // onautocompleteerror
+	0x1aa: 0x5fd19, // onsecuritypolicyviolation
+	0x1ad: 0x9303,  // dir
+	0x1ae: 0x9307,  // dirname
+	0x1b0: 0x5a70a, // onprogress
+	0x1b2: 0x65709, // onstalled
+	0x1b5: 0x66f09, // itemscope
+	0x1b6: 0x49904, // data
+	0x1b7: 0x3d90b, // ondragleave
+	0x1b8: 0x56102, // h2
+	0x1b9: 0x2f706, // mglyph
+	0x1ba: 0x16502, // is
+	0x1bb: 0x6e50e, // onbeforeunload
+	0x1bc: 0x2830d, // typemustmatch
+	0x1bd: 0x3ab06, // ondrag
+	0x1be: 0x5da07, // onreset
+	0x1c0: 0x51106, // output
+	0x1c1: 0x12907, // sandbox
+	0x1c2: 0x1b209, // plaintext
+	0x1c4: 0x34c08, // textarea
+	0x1c7: 0xd607,  // keytype
+	0x1c8: 0x34b05, // mtext
+	0x1c9: 0x6b10e, // onvolumechange
+	0x1ca: 0x1ea06, // onblur
+	0x1cb: 0x58a07, // onpause
+	0x1cd: 0x5bc0c, // onratechange
+	0x1ce: 0x10705, // aside
+	0x1cf: 0x6cf07, // optimum
+	0x1d1: 0x45809, // onkeydown
+	0x1d2: 0x1c407, // colspan
+	0x1d3: 0x1004,  // main
+	0x1d4: 0x66b03, // sub
+	0x1d5: 0x25b06, // object
+	0x1d6: 0x55c06, // search
+	0x1d7: 0x37206, // sorted
+	0x1d8: 0x17003, // big
+	0x1d9: 0xb01,   // u
+	0x1db: 0x26b0c, // autocomplete
+	0x1dc: 0xcc02,  // tr
+	0x1dd: 0xf303,  // alt
+	0x1df: 0x7804,  // samp
+	0x1e0: 0x5c812, // onrejectionhandled
+	0x1e1: 0x4f30c, // onmouseleave
+	0x1e2: 0x28007, // enctype
+	0x1e3: 0xa208,  // nomodule
+	0x1e5: 0x3280f, // allowfullscreen
+	0x1e6: 0x5f08,  // optgroup
+	0x1e8: 0x27c0b, // formenctype
+	0x1e9: 0x18106, // legend
+	0x1ea: 0x10306, // canvas
+	0x1eb: 0x6607,  // pattern
+	0x1ec: 0x2c208, // noscript
+	0x1ed: 0x601,   // i
+	0x1ee: 0x5d602, // dl
+	0x1ef: 0xa702,  // ul
+	0x1f2: 0x52209, // onmouseup
+	0x1f4: 0x1ba05, // track
+	0x1f7: 0x3a10a, // ondblclick
+	0x1f8: 0x3bf0a, // ondragexit
+	0x1fa: 0x8703,  // dfn
+	0x1fc: 0x26506, // action
+	0x1fd: 0x35004, // area
+	0x1fe: 0x31607, // marquee
+	0x1ff: 0x16d03, // var
 }
 
 const atomText = "abbradiogrouparamainavalueaccept-charsetbodyaccesskeygenobrb" +
@@ -758,26 +760,26 @@ const atomText = "abbradiogrouparamainavalueaccept-charsetbodyaccesskeygenobrb"
 	"dboxmplaceholderautoplaysinlinebdoncanplaythrough1bgsoundisa" +
 	"bledivarbigblinkindraggablegendblockquotebuttonabortcitempro" +
 	"penoncecolgrouplaintextrackcolorcolspannotation-xmlcommandco" +
-	"ntrolshapecoordslotranslatecrossoriginsmallowfullscreenoscri" +
-	"ptfacenterfieldsetfigcaptionafterprintegrityfigurequiredfore" +
-	"ignObjectforeignobjectformactionautocompleteerrorformenctype" +
-	"mustmatchallengeformmethodformnovalidatetimeformtargethgroup" +
-	"osterhiddenhigh2hreflanghttp-equivideonclickiframeimageimgly" +
-	"ph3isindexismappletitemtypemarqueematheadersortedmaxlength4m" +
-	"inlength5mtextareadonlymultiplemutedoncloseamlessourceoncont" +
-	"extmenuitemidoncopyoncuechangeoncutondblclickondragendondrag" +
-	"enterondragexitemreferrerpolicyondragleaveondragoverondragst" +
-	"articleondropzonemptiedondurationchangeonendedonerroronfocus" +
-	"paceronhashchangeoninputmodeloninvalidonkeydownloadonkeypres" +
-	"spellcheckedonkeyupreloadonlanguagechangeonloadeddatalisting" +
-	"onloadedmetadatabindexonloadendonloadstartonmessageerroronmo" +
-	"usedownonmouseenteronmouseleaveonmousemoveonmouseoutputonmou" +
-	"seoveronmouseupromptonmousewheelonofflineononlineonpagehides" +
-	"classectionbluronpageshowbronpastepublicontenteditableonpaus" +
-	"emaponplayingonpopstateonprogressrcdocodeferonratechangeonre" +
-	"jectionhandledonresetonresizesrclangonscrollonsecuritypolicy" +
-	"violationauxclickonseekedonseekingonselectedonshowidth6onsor" +
-	"tableonstalledonstorageonsubmitemscopedonsuspendontoggleonun" +
-	"handledrejectionbeforeprintonunloadonvolumechangeonwaitingon" +
-	"wheeloptimumanifestrongoptionbeforeunloaddressrcsetstylesumm" +
-	"arysupsvgsystemplateworkertypewrap"
+	"ntrolsectionblurcoordshapecrossoriginslotranslatefacenterfie" +
+	"ldsetfigcaptionafterprintegrityfigurequiredforeignObjectfore" +
+	"ignobjectformactionautocompleteerrorformenctypemustmatchalle" +
+	"ngeformmethodformnovalidatetimeformtargethiddenoscripthigh3h" +
+	"reflanghttp-equivideonclickiframeimageimglyph4isindexismappl" +
+	"etitemtypemarqueematheadersmallowfullscreenmaxlength5minleng" +
+	"th6mtextareadonlymultiplemutedoncloseamlessortedoncontextmen" +
+	"uitemidoncopyoncuechangeoncutondblclickondragendondragentero" +
+	"ndragexitemreferrerpolicyondragleaveondragoverondragstarticl" +
+	"eondropzonemptiedondurationchangeonendedonerroronfocusourceo" +
+	"nhashchangeoninputmodeloninvalidonkeydownloadonkeypresspacer" +
+	"onkeyupreloadonlanguagechangeonloadeddatalistingonloadedmeta" +
+	"databindexonloadendonloadstartonmessageerroronmousedownonmou" +
+	"seenteronmouseleaveonmousemoveonmouseoutputonmouseoveronmous" +
+	"eupromptonmousewheelonofflineononlineonpagehidesclassearch2o" +
+	"npageshowbronpastepublicontenteditableonpausemaponplayingonp" +
+	"opstateonprogresspellcheckedonratechangeonrejectionhandledon" +
+	"resetonresizesrcdocodeferonscrollonsecuritypolicyviolationau" +
+	"xclickonseekedonseekingonselectedonshowidthgrouposteronsorta" +
+	"bleonstalledonstorageonsubmitemscopedonsuspendontoggleonunha" +
+	"ndledrejectionbeforeprintonunloadonvolumechangeonwaitingonwh" +
+	"eeloptimumanifestrongoptionbeforeunloaddressrclangsrcsetstyl" +
+	"esummarysupsvgsystemplateworkertypewrap"
diff --git a/vendor/golang.org/x/net/html/parse.go b/vendor/golang.org/x/net/html/parse.go
index 643c674e3..518ee4c94 100644
--- a/vendor/golang.org/x/net/html/parse.go
+++ b/vendor/golang.org/x/net/html/parse.go
@@ -924,7 +924,7 @@ func inBodyIM(p *parser) bool {
 			p.addElement()
 			p.im = inFramesetIM
 			return true
-		case a.Address, a.Article, a.Aside, a.Blockquote, a.Center, a.Details, a.Dialog, a.Dir, a.Div, a.Dl, a.Fieldset, a.Figcaption, a.Figure, a.Footer, a.Header, a.Hgroup, a.Main, a.Menu, a.Nav, a.Ol, a.P, a.Section, a.Summary, a.Ul:
+		case a.Address, a.Article, a.Aside, a.Blockquote, a.Center, a.Details, a.Dialog, a.Dir, a.Div, a.Dl, a.Fieldset, a.Figcaption, a.Figure, a.Footer, a.Header, a.Hgroup, a.Main, a.Menu, a.Nav, a.Ol, a.P, a.Search, a.Section, a.Summary, a.Ul:
 			p.popUntil(buttonScope, a.P)
 			p.addElement()
 		case a.H1, a.H2, a.H3, a.H4, a.H5, a.H6:
@@ -1136,7 +1136,7 @@ func inBodyIM(p *parser) bool {
 				return false
 			}
 			return true
-		case a.Address, a.Article, a.Aside, a.Blockquote, a.Button, a.Center, a.Details, a.Dialog, a.Dir, a.Div, a.Dl, a.Fieldset, a.Figcaption, a.Figure, a.Footer, a.Header, a.Hgroup, a.Listing, a.Main, a.Menu, a.Nav, a.Ol, a.Pre, a.Section, a.Summary, a.Ul:
+		case a.Address, a.Article, a.Aside, a.Blockquote, a.Button, a.Center, a.Details, a.Dialog, a.Dir, a.Div, a.Dl, a.Fieldset, a.Figcaption, a.Figure, a.Footer, a.Header, a.Hgroup, a.Listing, a.Main, a.Menu, a.Nav, a.Ol, a.Pre, a.Search, a.Section, a.Summary, a.Ul:
 			p.popUntil(defaultScope, p.tok.DataAtom)
 		case a.Form:
 			if p.oe.contains(a.Template) {
diff --git a/vendor/golang.org/x/net/html/token.go b/vendor/golang.org/x/net/html/token.go
index 3c57880d6..6598c1f7b 100644
--- a/vendor/golang.org/x/net/html/token.go
+++ b/vendor/golang.org/x/net/html/token.go
@@ -839,8 +839,22 @@ func (z *Tokenizer) readStartTag() TokenType {
 	if raw {
 		z.rawTag = strings.ToLower(string(z.buf[z.data.start:z.data.end]))
 	}
-	// Look for a self-closing token like "<br/>".
-	if z.err == nil && z.buf[z.raw.end-2] == '/' {
+	// Look for a self-closing token (e.g. <br/>).
+	//
+	// Originally, we did this by just checking that the last character of the
+	// tag (ignoring the closing bracket) was a solidus (/) character, but this
+	// is not always accurate.
+	//
+	// We need to be careful that we don't misinterpret a non-self-closing tag
+	// as self-closing, as can happen if the tag contains unquoted attribute
+	// values (i.e. <p a=/>).
+	//
+	// To avoid this, we check that the last non-bracket character of the tag
+	// (z.raw.end-2) isn't the same character as the last non-quote character of
+	// the last attribute of the tag (z.pendingAttr[1].end-1), if the tag has
+	// attributes.
+	nAttrs := len(z.attr)
+	if z.err == nil && z.buf[z.raw.end-2] == '/' && (nAttrs == 0 || z.raw.end-2 != z.attr[nAttrs-1][1].end-1) {
 		return SelfClosingTagToken
 	}
 	return StartTagToken
diff --git a/vendor/golang.org/x/net/http2/frame.go b/vendor/golang.org/x/net/http2/frame.go
index 81faec7e7..97bd8b06f 100644
--- a/vendor/golang.org/x/net/http2/frame.go
+++ b/vendor/golang.org/x/net/http2/frame.go
@@ -225,6 +225,11 @@ var fhBytes = sync.Pool{
 	},
 }
 
+func invalidHTTP1LookingFrameHeader() FrameHeader {
+	fh, _ := readFrameHeader(make([]byte, frameHeaderLen), strings.NewReader("HTTP/1.1 "))
+	return fh
+}
+
 // ReadFrameHeader reads 9 bytes from r and returns a FrameHeader.
 // Most users should use Framer.ReadFrame instead.
 func ReadFrameHeader(r io.Reader) (FrameHeader, error) {
@@ -503,10 +508,16 @@ func (fr *Framer) ReadFrame() (Frame, error) {
 		return nil, err
 	}
 	if fh.Length > fr.maxReadSize {
+		if fh == invalidHTTP1LookingFrameHeader() {
+			return nil, fmt.Errorf("http2: failed reading the frame payload: %w, note that the frame header looked like an HTTP/1.1 header", err)
+		}
 		return nil, ErrFrameTooLarge
 	}
 	payload := fr.getReadBuf(fh.Length)
 	if _, err := io.ReadFull(fr.r, payload); err != nil {
+		if fh == invalidHTTP1LookingFrameHeader() {
+			return nil, fmt.Errorf("http2: failed reading the frame payload: %w, note that the frame header looked like an HTTP/1.1 header", err)
+		}
 		return nil, err
 	}
 	f, err := typeFrameParser(fh.Type)(fr.frameCache, fh, fr.countError, payload)
diff --git a/vendor/golang.org/x/net/http2/h2c/h2c.go b/vendor/golang.org/x/net/http2/h2c/h2c.go
index 2d6bf861b..19e94791d 100644
--- a/vendor/golang.org/x/net/http2/h2c/h2c.go
+++ b/vendor/golang.org/x/net/http2/h2c/h2c.go
@@ -132,11 +132,8 @@ func (s h2cHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 // of the body, and reforward the client preface on the net.Conn this function
 // creates.
 func initH2CWithPriorKnowledge(w http.ResponseWriter) (net.Conn, error) {
-	hijacker, ok := w.(http.Hijacker)
-	if !ok {
-		return nil, errors.New("h2c: connection does not support Hijack")
-	}
-	conn, rw, err := hijacker.Hijack()
+	rc := http.NewResponseController(w)
+	conn, rw, err := rc.Hijack()
 	if err != nil {
 		return nil, err
 	}
@@ -163,10 +160,6 @@ func h2cUpgrade(w http.ResponseWriter, r *http.Request) (_ net.Conn, settings []
 	if err != nil {
 		return nil, nil, err
 	}
-	hijacker, ok := w.(http.Hijacker)
-	if !ok {
-		return nil, nil, errors.New("h2c: connection does not support Hijack")
-	}
 
 	body, err := io.ReadAll(r.Body)
 	if err != nil {
@@ -174,7 +167,8 @@ func h2cUpgrade(w http.ResponseWriter, r *http.Request) (_ net.Conn, settings []
 	}
 	r.Body = io.NopCloser(bytes.NewBuffer(body))
 
-	conn, rw, err := hijacker.Hijack()
+	rc := http.NewResponseController(w)
+	conn, rw, err := rc.Hijack()
 	if err != nil {
 		return nil, nil, err
 	}
diff --git a/vendor/golang.org/x/net/http2/server.go b/vendor/golang.org/x/net/http2/server.go
index b640deb0e..51fca38f6 100644
--- a/vendor/golang.org/x/net/http2/server.go
+++ b/vendor/golang.org/x/net/http2/server.go
@@ -1068,7 +1068,10 @@ func (sc *serverConn) serve(conf http2Config) {
 
 func (sc *serverConn) handlePingTimer(lastFrameReadTime time.Time) {
 	if sc.pingSent {
-		sc.vlogf("timeout waiting for PING response")
+		sc.logf("timeout waiting for PING response")
+		if f := sc.countErrorFunc; f != nil {
+			f("conn_close_lost_ping")
+		}
 		sc.conn.Close()
 		return
 	}
diff --git a/vendor/golang.org/x/net/publicsuffix/data/children b/vendor/golang.org/x/net/publicsuffix/data/children
index 08261bffd196fd6942b4cebb5ff06e0ffe53808d..986a246a6c05ca5b49c1d9f3f7fc84cb6628b64e 100644
GIT binary patch
literal 3484
zcmV~$2S8JI9suCHk@x<8g#Z>x5h%R(3rVOG5qoywsKjUppdunfb~vqq0~NP*FqDKK
zA}F9B5ch0xwA5`vGzlO$5U?zR=$&=6=&9&^pFkiGI12;<Ux7d{Ngxn}3j~6Afj~ek
zxp|UE6P_p1Z(bm_-@Hs@GwwuAmKU*u;fbADGD6FYCh|kZ6Q#`eL}|!kqBLs>S87Zn
z%9wPbEM#dyS=KV5f>};f8aERMnQY>qF^4!5vXeNJRn8qU?oT)za)3K*tRzk_Rm6#`
zU%3;;bHr)pJaIbY3UMauDsjeWB+h1;xL=L8xLT%}s|{)4YP0TgwZ?ngIp#ihF604s
zE~}M0XMD(=XWF>)A?@7dkPhy$age(b@`=0365Lf2&0UkT+;tXn*X0h}4c3vnVRGhf
z%0J_7X1j65?9Vw9JDf9_ytsO~4_9yEII|o$v&oOUl`Z9N%fI4on?`XK`54Y(3gE2r
zK+b9k;%ug`xdzj>T%#$NYcfsc?qtik=Ij~7J(G%fkR3y`vWY}nb~4eCoyK*TR&kHm
z)x;xtCefF@hInGyPdsI-i0ABK;x&7L_*-rv{xLO?0`@)$^#W3i^2x92^<+TKF)|Pt
z$??-I<oKK>a(w+AG6*%36Q;M2U+1)v6YC$5!KjZ6p8kOk&KV?w>p$|7&?j<Au7ICn
z9zssVL&=a_2VSli&dYPXdAa$^#Oc_FpPuW>PdD?V5<{X=F_sL?4Im?PC-9Nxx%^xl
z#m`mD<L8>A`6wL2M=4^-s9ZH4WnMteQ^b+;aufJyMIs-gNa17g5?-CVlvJBnkqhu@
zenD;~A7@@m#^X(V0^Up}D7Ntl=Ivx+ZZ?^eyMs*6)$!@(OXO0;Wqz6YD!*J|;xo)<
zer0YmzuJ6{&s6-$XPUeCHHsd7jrlRZR?)|=&Fv@GnxB%J@H29g;sd!UcaYp<{z&$l
zKao#|9^&8MKFojI`4|83_B;O5%=aJ|ItZ*%07D$SVTe)&LoEI<R5=1f%26Q7n+Q%0
z-++_lI~ZmOhR+;k!e@C(a8;_n-5~<pm9gM%QNtH`ap0Mk2%eTS@KUCOx5F~<QD%Uz
z!v+9{%>c?g0E-sHdHEpC+XYg~evl~-fWJc}j8Im?NQV<JT6r4AI9!CWmO2Q?yAI<m
zMhJ3fhM>F_m|(dF6Z6{O8;c#jw>*O%9NxeWd2b<D`3@%M4Z@UA2BtY;m=@{^)2wa~
z66y{LM-Nbhia}xZgBe;WD6L;Xs5TJ7trH-^aVkV;e}q|~ArR@PfXL7}5NVBsxuH=I
z?HCQwp~(<!O@aB^R8WU50=0G}sI9ADfp#^-Th~H@b}J-@W<j#H08$)xL5g-aq*(WW
z#<3XwZ7qR?j#aQwTMdgs4OE)r5l9QY0BP2Xu+;H)SYf>a8IBE*p>2ef);o}?y$@@&
z-LO8?4jV#W!e;G1u-Qh!&ngPG=!B4^8Uk5556Bh`ha8m`<l8vVi-JL~ngn{?WYF8D
zK!Io~6sUfL0^Kwyu!X=bksNlZro%3s0(RMEK%r<R6snX^s0)Qcn+kS|!eF;59Cqs>
zV7F}+6p3a-k!lVU=^~-XHW&7YqF|419u$k_L$N9rifw8rQN>Xux&$b(CBj}^Qqn$^
z2KLz&Ql+Aws7lphs8Vf*DxDUpY&xh`<wLct0BS^qP@~!nHMSx!h>F3WDxnOzy>LXe
z502<+s3SH592FgcqpHKyQQZ+ZYC8(YM91Km>Np(Joq%JulW<&giaM@34aaq7;JEE9
zoKXD&Cv>&c3EMg9r0P6%N_3GrrK_XPs4h{zh;CA~A`5j+)IwdbJ)nNK^-y)9zo1U_
zg8IYu5-y3}z$M*VxMX_=msRhnCfy)3HH1)i!sOJQd<EQTm;udUGpXkMP-t#YL5ouu
z)si1hJ!+T*oek@t%V{gs6}An!8n!2Ohh-;q=jTFq!w#xHY$w&9Uqkgb7^tUChp1-_
zhpGRDoud9~sHI+oU8eqNFjE6g_hBIH0X2}{O8w92A@w1@ml_Ov1%vtjz+l4wd~|w4
zeQJ113!FaDq_cpg8j+ZGcB1KUXECjJp@q)FXkoZ3&FbC6Y~z<=6z)SKJx339=4l80
zNZM6Dj&^gNMZ1O1q1_rI>Cc^`X!pi>w1+;9_Gr}5p3bSXmwqw*rSo#yN1sXihHs>~
z#-C}>XVcKAqy6;xv{b)`_IKV-`-fN4W1MT~vHChXF#H-FsJGJN8*Sns=Vp4MzJ;C~
zZl`}N5Yp3JhS72tS6bfWMJoz?=ou~&Ix<2=$3#TZF$GKLbeA-7dPJQ#z2FaVdebF(
zsmo>Y(ugbKr3F{TOPj8Vm$_W0mp9!IuW-3duZXbFD+;XQ6-_pAhD(DuBcf5fGNMVm
zvgxjPRm6Sqs)APWYL|y}W<fi>&ZV2~aruw9XLcUlJ6lWlH5UkFvkwS^=2Qy5n{!t<
zx#guWJdzbg-kmIrE{YN^jMNBMxzz|a6+IB<6nzxx?(xF2bH5e-anCHgwdaknA?hpP
z{rlew+lu3aoyBRwC+=HPo<vooJSnbBd2;`t@I`Tza3JcM@S}SxBP@Q)IF@|QxXzov
zNWX|+MwXOmMm{*pOqllz^REZ3l8ImRFq2DqnUH9PQMP(8QPF`+QmdL-6rInk+j~T^
z-s8Dsee?^-`n@kT>sw!GHh8>dwzU4u<m?;D6zt=fz4Jqu@_i}Hv4^XeQ^QX&wZrR}
zy7?`Vx`!{BoAX~Y<`_4oF~(2RSUQ=x(>8@^DV@pOi<!kdERAN`N*6I5o@vbEwhYD|
zQ_MW^+{^TPRxnT7s+s?K9%G)z{K~xWyvV#Py&`$pW@KKKnwWu@Tg*UdEAyu9A@k1j
zPv%|B6XsoMKl7pODf7wmH7h9nz!F|0OT^MFZWl_2cuCnIu`+f@yFcsDK7tjM1+p&f
z->}2l<*cjMOxCq5oONxV#kzUTX5C`vu%EX_vhM9MtVdZK>+PjseabRe-}a3x-@cU<
zx9?;nv4yOpeXmsNRVtOnma)?Ia&~U}0cn(Xj5JCe%g$G;rSr=dvhzC@u`%91Nn_ND
zr7`78q%j?7Y^*w6s`g$cUErM|T~MAWjZ?2><H|Qk<2p7<6V#ie3FX_RiQZY##PS?z
zV#f|?l6ohbRIX){I&^HZcfK^aLoZEH7fMsgi&%~K9yV27!lss&vx~g<vuWzXY<l@c
zc7^vPcBR^aMtI*vBjS&v5fvw7BRWr_k-n#7BjZn_kriiTqvFq^Q5CglROdO_Xy5Z_
zbo>R`=+291jPLJgOnjYeZ2TW+Y{gYHw(}Ya@V$-#;%~?TDsG~HP9qxUYeM7V>(RIh
zvn<f}77C2Fpuh?%3hcDW#``v)@$rqa@tsYwAm3&*p|b^j-Pwk|^ZgV35dQ-G(D^?U
z?E4-~^8J7&B?yqZl8`OnR>>A5WXcv)u0e6!TC|v3FI(JoTDFAyMYbg2SJ{%vTG^7W
zb102FkCt{_Kr0fiqm`T$t?X(+ncRJpnb3(cE4xr;S2tQ;*@KQJyh6Y6XV7nnPtb4O
z{iu$AhAt<*K-c*}bfd=sncy>I>hVJLRX*re5|1oN{>YjXfUH$Ps0k*ZJMbfFNt!Ne
zsfs`yRkLIrJ*&_oSdIRKOw^sU9(7mc%6ec2>g~xx_MSrY1WHkVQU&U-szLod2K21w
z5E|$?h2B6LdRx_w-t~0L-d8<CA9|jn!K&Aof&qUj*#Xnlj+jXvhLP9<<6d7pL@dP)
z$ujKJ8-SgAgRyt-RQ#oQHTFr)#6Hy<Fel!Kx#Vq_7jMUWbq?lxcVH0j#E_ha{i?Ot
zKY0)Kudcx(sttII_#_VKt@9rzHsNu}^>|#b**{Qx8wXZf@I<i<PfYH`--#dN@2g+n
zN!0^*(qj@&eN5r#$4)r*aVk#oTY*zj^88aC7x`=aiv2YyB{<b@FaCE;8D9JNAYNDV
z46jdljyL$d#2X&}jW^c3!JAUv;mv-7c(YxAe>PBfi-hstqCt481mmrC2fWSTgttqE
z;q7);oMmvw*_z=vN8*ih?7leH0C<N+f_F;%@lN|loM#w=wVH8QFA2hW`y^aon2L94
zLU5r(feY<Qyjv57izE@a$UX<}F+|~F&3s%UQR5POJl<<a!uvEDTq;?JOYMtsnIRpQ
zOP1qudj{UGS&jGG*Wd$&b+|&a5m!on#+CMM_@E&hS7~<OYKazC+x56cQiyBpyYV4S
zF+Qv*$43p7_^ACTJ}o(hPiwB=Glr}9ro@PiQdewD{Q?{NJg`aXiOs2A_*SYPzTM}K
pt*K+MtuF{SrGAT>`ljLLR5@-w6zcy#s=^QZ;&EHwPq;&x{(qypHu(Sm

literal 2976
zcmV~$2|!cz9{}*Z_uKou?|Oj#4Hc+y{2pwic?6dCm5S&aq#^<{bZmeZXlf>Ant2d9
zAj7n62y6^dOHh;)?<|4g+qgkM!Hwa4ba~~G|IbGvkx2SWB$7ahL^4Gpk<5`uBpQiC
zLamwc8?|Of9kr(V3iWxlNbQ=@Lg_Q#qq1v;Q@J>t`mSaSm4_!&dom-b{D^2OKQo=m
zuUSbIMXaKVGB;5cyqU5@Y^N-lJE&5eNtH$zsM1VhP-%@R>0m^D(7~Dl>PSQpRfa2q
z$|5SMqnW=@M{6!n75E}m5pkJ15m8N@jBrp@5uH?3jf*-P;ik?<JPbOY`6TFk%~R?E
zen!=1KBsK8{?rwgryRARR0}(rYMrT~+G^)gPBxB4Gq=#l=1ISm)sOyP<Pds*Z3gWP
z0_`0+hxX2zOAmy3^q{Qy^dOs>_Q_gE%WYcPAJ!B9$P79#YXb?iZKZ=?8yyt6oes|0
zp$)d>k&wteBqVDu{hn=~b_g7#hejTv!=Q|WMcPPMRvihmT_NF-A_>oOkZ@Z)JqjA=
zQCW@jC|fi6Fsp@(&T1!PB74Z#EEhf2c8eYdx5>DyJ7j#;J$k(D5t)$n2R*^|H<=ju
z4?PK<(39agJ=^w*7Gy(-O7=cc%^FEmbsvx@SvWnfZWJ9O6X=*(DmrFo6dh9+O;_#w
zgs!^MOR8tPNwqkT)Nq4IjoydUa(<*%c$d_Qa$*w$NFB$MI(;yy6BR_{ltdKXC!#ov
z*trqJt{+M4Vi<7<;iO*wA*mO~kp^KrY0yt3jlv|-sGmxjxQ|JbFr74WGf1-#Nt(r3
zq=gemtDqvS`njZyn@8G&`J`PROWH*>xhgCqSM`acgIh#81P$pBlSrqaBc1vb(#55c
zYur+DO-Lix#B_3<TSdBs&q%j^9qHk|AU#3`xuM@cZit(SQ}~)V_1_Q|x0Ser?ZhSS
zAier;Nw2tzxCK3N>vQNneJ<$}^T<tM54ow|OKx-f$ZcUixh)ouJ6sXDqc@W~VllZZ
zSjj!^0J$d|BKO3@^nLDU`o8`Mc_5T)A95Asp}vy-OFT*b5o^g~u7Nxj8p&g^i98Wn
z$P;}Vc_Oxxr@~e8RNqOSie2Oxca44~TqiHMZt_C7Ltg0bk{9AV`XzUtyc8agm->g~
zrTB=v;{G77#6QVv?jQQK@R)urKB529KcnApFOWohg=iH*$Sy-tdq2cvzl|V!5R!Qi
zUZx60Z`nh5PBoP0vWM{=9>bB`K9cwMSdaX(GmyXiOFqD3BOjppiVw)%gaYiFk;3C^
zUZFA|MYa(s>?Ray&qqT%tmyshLuiD@aWq18PB$X^JPP-?fWlRFK0Moj!tM3wBUJ<X
zD7zDlv3H@d9&R+w-iO9}+(+Y8570!_Lo_-22|wBXADZIvhMy88K~o$Qn(B$r)F>&M
z=3w~gp8fdgIsMUe#{e`l>TMM1kfXU#Jeup6f#!M6L@|y?6dUykip_~d3mgkjeAGgu
z_Dn(xbC#k{qgJ9to~zMfM+VY(evPy_TTpV&E|eOThf;HlD9vF)D|1eu)lp~A>YQq{
z*0Tn!kFuk$qq@;n$7{6Bi$mL@J<xV9Pn7A^AARfPgLZnoi+1J)qrF}VWQv}TOu5U@
zk=*5cnb&c?EV_~}%l(Bft3Sz?d!6FTqpSGx+|%e-^cntG?j>}r{x?+N^*dh?eVIQV
zUCke_uj5Zdi~NaP2Vdz`&sRn_@|C$w=%iOOs*3JFXQEwFl6yCpH0}!K`|E@GIoZMd
z?i^|G?p&#2cb+u4(Ij2nv`3oJR4d&)*DcL%`d6AaFI>8Bz%1#3=6LDxydS0K23(O=
z5BO6m#&}B~wG5NKh&ju!Z{KCO)^{22`6Cz~@41ZJTf+qZ@OesbYhFr-_nwrH`9Cnj
zy!SF;t(DBUA4KM3?|aPbfxygZ3uSbBr!mV0=B6x*En(KQ9bneQiXrRvwlSLrwliDX
zo-;caaLk_e5XQXV6Q;EN8>VVden{0mXGm3hZ^-FE?v&FD`ch8syUAQ!aEqxP^qQ$3
z?9H@Y9m8}Dj$`h`EoJWiXkq^Pv7C8+wI<}>I5(!Q-o#7?i#<99r+WH?<9_j@a6iLD
zJisssd&kelK8Cs2*PzAk_@rWDNW;9(E*#vEjYB&2U}eXTicp^-Jj7teLppxKL*swO
z?;FbS@c83+c*kix!f+Ok=(vEx4Ht2EM?L<~rvZ;PwBj*7J$Q`4iN|&H;)y=@@g&1z
zJgMUao*e%YPcgj4LIRBi<1mHLIUK8eM_^ULNE~ha0M9Xw!}Ah8#xV)A@O)zwj`f{~
zV-x1%*v?oSXN<$~#zi>3Q;XF`9bV+S9BVo=ur^^EPB!kusm46KywikNB>b#cVJuUu
z=q$%+2}kkX&I-jozc|G{bv!nx6BGth5;k;cu~Ds4nEX-{`F=|k`KC0*e)USc-?Un>
zziW-6P`y@B*tJ1Xq~53~GHp_r{WdGi>Mhu8`bJ^y+KMfH+Z2|r?YLO|Ew-9=Vry3}
zE>(YrfATZppVWtNS=V8FOnr(?RbOIL3yf@Pw@JA~p3g2x+^<|xP{1zfE>tcpC}Nj(
z7qiRcR^_t95_Va^0p)UeDZ4!J5WBqKuyRGgPwa~BayCtVlub)K#-<fiDAT%+v+42^
zY<glPn_ln>o8Em=xiaw-yRzUkyR!QXyGnjmxhnA-yQ<*4@-z7b<!6b%vTNj**tK#S
zyIyW**C$?QHxzWUUnbsSzbv@RZcMz#ZY+4n8WJBV4TVWcqrX;ZT$HRd7N)Q!|5Wy1
z&r;=~!Xo9No?_);f2;EFq7vod!UOE#o>KNm;X$^%=Qw-R|14YKe~zu_xy+vEsbwqu
z8`#Q4jcjFM6I<oq%=Yy-*}seSuz%mU!v3>ZWFHqf*vB`T+2;W*?8_pj^5u<3?CYXG
zKoam2BpM0O8VaO=GQgVtz-oMfHOql@`U7VU01wS@@N#|-+AnZC_y$f0_0=SUuQ>($
z%&DP%&gCH2tbl;Pbr2Nz6%fsK;LSUMcjiK{<~s;Be-8?C9)xL3p<(7a2y<S6QBDy?
zn_EK1n0sKXrWeKq-h@e-J21)oFHCm6fT_+mFwMfkG?y1lxAcPu%K(_=@`KqHCB#{V
zK%8q4Bm^yngrsCpyHa3b&<a@SN`p@=tKd`D8c0l93yGF>km&jXG(qb@=h_0vLEk}Y
z&~8{}F+iHDG&DWv1f(ZbLb~f0SetYT)><5})>RLm2Q@%OQX_0|xnPs!Hf(Y|g)OdU
zu#X@xXyc)fB!Rg%Bh;eZ7HTQp5o+npgyP<Bp+u{Plf~b|DQy>2k#4B!b;9XlH=NPl
zg0ti<ob7!8=ZgP;^V+}R0(la8LHisol7Hc1?<@GV_zhg*X}IK;!f#d<e%HMPmw8XP
z?CuZM*0-TXHwbEZU#NAz3pQ&2)aeM=`4F(XM}or|4)wZ^pn)F?4eklhsGAH;{8VUi
zPlsmfOlZ-~hE_fbTHSM?%^Cykx&?5RPk^iLPocxQ7&>_^bh?wFOSc5B@yp<vI}NT|
zS3$RK4fOEqpvRp7H>?}MsoM-r>o?%iZG~R<4si2&=;O2D7QY*A=?rjRXN3FKGI-!F
zmr1NAWONBFqx;^Hp=3^mN<3vupO*~x4VFRjJ2F{ckc>-K$~^mq$@&G4mh~^0AnV`v
a@p}W4r^yDE#L9e<7sz~*lVpA+DgOrzLVp1O

diff --git a/vendor/golang.org/x/net/publicsuffix/data/nodes b/vendor/golang.org/x/net/publicsuffix/data/nodes
index 1dae6ede8f292889cb4252aa473312fea1bac46a..38b8999600c8cb35fbceee1b938b5de72da1345f 100644
GIT binary patch
literal 50500
zcmc${b(kDg+V}sd>YnbI9-qm?1$TF+-N#*l;Igntmf*>_#0d}}xVyVerpG4<fh4f7
zxZAS0v%J^0X2<~VvJd;bd;Na@oU6L4>eQ)o?sNP7EhybS0q(M9a3^$>=!dEkf)Jmd
z08dsgR6o!L@q3c7xpRB4ZMdfms?JG)f~{R@Qo-}N54;sE;I^6Ix!DHM#w6^X@*b!=
zJAr*wc`ww*`$%#>ZG!Ln1XN$xPg3_5Jy3Dm0F-YX#Npn-3*j#lQ2&7gLURTow2uP{
z^P6#Wn<kX62|@I!ekeb<1L8-A!PjhusvrBoy=^~E_oN;OkF-M7NFfA6i=g%&y^w!G
zA5=fq0`(0Y;D0ItW%dCm+Nl-to11X1I;;_jR_GNvqa?eFe2~9O9~7L_0}X=_QoAQK
zf_q0h_+E8@_mn=Ue9BImyQ~+2sR<}J*H2n^o~hTjlOA4T2hXL$q<8P4|6+QDR|m;*
zKi>nfLqbqjq!|hf=%^1Wwi<vkvlYUx_d?nGN#wfYCb`{(P2lM;q2^E<+jsBog}`wE
zc5v^|1Ku5ap=eG(@9PAAkp_9B9o#!;LGy<om^A|4E!&}F^L8lsb30TvhuLA{fx}R-
z<p3O(+|Q2gUK7gBNkGH)P0(<#9qNzqLA=q1`D|GaJ9c|bh~_1M@6TGTgL<JN?u6h<
z2Sn%Fq4G2*c)s<qbHHY@^T@V6?BZM32*p|b?6T@8FO)8CfwDTS`CiRX;<Bqrg8B=5
z>>BhY*md}0FVudnb$c}xY7WyYXkHr1Qy{*VpWRBjv^@7~r0@FJZTNi?iq7q1cQ+=4
zUuuDd-G-rHo~S*o3Eb2C;I0+j*Y-l-11GqT41oKTR&XyAH9e)X&xXMhOt5=*dk=WF
zOa{*}G4PzE6K6ZXbAB6mt{7y`?&Kc!^6c8fUftKXuy=4#JA1#7G6<1f5)i5OYlHQ$
zkLS)F_UYNt%f6nwwP)_Ov2S;o7rZMH;9cGfzNUm4k;U8EWh;D8nBibQ&k8@}rzb(#
zymly_;Z)-S@0UKPIA;KYIW17UyB6TJRyA!<Ior<u{uAsF=+OJ#-3)>6`XRC*0nyMP
z#5ZdP-|U2@&Ije0b`J2YFgdWG)eF%F^{PiVLCFl!^BIj0JzabM)h6&(n;h6Z)eHHx
z{cspg@I{?aIxPv@;a;eDr3Gpq41xQo6ezjF0i{zN9O};ULfMvKC_6U@<tJ$eObtQB
z*&?a4`yl#?okP1Pn7G}yd%=Bs5X#O=hT6RY&~RoeG~BM0c_56td!&ze<(qb>n-d~F
zSY?v$dE84`x4Q>?uO(68d9?*RZ#lqyoD=d_IjLCnp$&@nO6HzbAEt<}wSjk%6TCB%
z!Mm9@`*yA1-E{$Yy~E&*>1=rnyhjaiZ`p;t;GJs+?}Z_#yi6V3)vsm%s&5^D(0xtZ
z+q1b=`g5K5d>DMj2>8-M;M*nuzU_VB+p%BG0Qb4mHRioLxo`arJ>2i>_HutukI4g(
zi^UFgN9{JfJlK!srKbskPbGopVL$i|71x{F520fn5O~-Ifq(iTdXtYw+y|Nv_=_Lv
zPu1DK1fZ^0i~RH;1U|Dv&5dD*mL@^y+d;^W^+Uetgqq#$Jn`c04xS9%py6ID^8QKd
zaj&1A?&(ev-5sq^5R5?OrGrqXv-S5kgFm3{m+;c-o!v<9;7#ITi){3{57is(Vu$dF
zn&&;mZcYtB&HhbL`;n+Ur3Ff!Yl8S=eNfdbdO5ovYCjG_>GfKGgM9S$UD5-guoihZ
zLBIRh9&jHkLSNZJfA28~2A=zLh(Y(oCWGC_n+%1I(cT{lLg>YQDB5FC&4}ne2H{x&
zDE)Q_vpdrZ<=+f~`v^NDZl``8?PKKGpo7)!iC$Lso#BO=_%LhwXCzqr*ZDyx4uqk6
zLl7d*4nUQ}n0w186o^k&yxa>_r=>vc8%Yq1hy@*=fSR5BJY5nJV+^%HaAODxF7iY9
zdW(Pu!FR4GXMP(`cQ^Gw`FUZeGJ3&xt=Rt!ec-#v$upj&2>5OlS@flVZ$OgsU0wI?
z0Qml{W&C)6XA)nTn2E0&!S~O8h+QN};<ST*dtG-x2>d=D&xYsfl6y_?&-OvAMvQxl
zcJQC+2me_u;J>O33a;vd@+mIxKWO9G?vEv?-dBHLL?CdWX!5`Th+dKm{v|dD9TtM1
zgiYuby}2&};jjbB_Vt1L^hStGYf{q&HLWdBIx`5qNByj?I-m~%SJ)u-&mij)$JxaG
zy-;Vfv%&L_$%YLVHL=lc)3&-w41Sp(8Y-PyidKm1-^0fKy?dbS!(N{2{h*QO-P5HN
z+-g^o1SQpCzEgrc-+i!V+#?Qmt#;moAh-|igZ#xNRJ8U<(urL!wn15okH5NKZUk?0
z8~9T-2dODgv!g`OHKNYcLH^o(O|O3TL;Ok`_`4*#_qXvv;p<)~+S|(u-G9?gxjz}|
za>G#fj25c254@)bpngjyFXnHT1m2f=cyYjM@;CQM;yF2eP`FroaIYlrzZ8Pl(ISD8
zM*h~<(*rfDdm-G_2H`uLQbd|1Ih!OGL`}1kd8zOL$&^=J5ZSL6A_umE`!+v#E@%bc
zn-1`&4?%Rg#Ny62UP`>6CEHV?Evbi>gR3QzleN{}6Q_AdTy!7;(cRP>(gLw)3d9-$
z5Id_6VoL^jIdQt5SNtyyfOo38nyQz+bN~u&7sLCwiC4O%QB+K6=GE?kMqYDIZG?DD
zztk;t)jI$sT}@E0mv+w<8`;9fYpaqPdEK4W2vsNgq2&Gqgzj$P_3mSOc%%FBMyQ+R
zfSRMlEPJdb%A4JLc)>qiG`U9<+*b|qR_QYJe6ar8+Xn@w4uSu^A&8$A<gM;z8+f)!
zhhSQ(=y`;<-N8mEoj%Avy4QR8#NE*Y(LJS3?`lGUxP|*D=>na}eA1obh1fNk>{Aj@
zyI(&9%S4#x+W55F-U!uedLi!WgLrlugyQ0&xjxKQ?V63Ldg<v2K6B@ZsHGx$uM0xS
zJGyQw8=tM-%!K$M?GX3sRnKUJ`ic;QFVX(^XS0#*o@j!1N*9#8kqPk^6Gry%k3E=)
zoJJ$Zy@v@Qk$m*RX7GF?CBbk&Oe<aeS+9}PJ=|#IdguZFvH%olr127mk=uK&c9h!>
zF-Maz!S_>-G2yTIHi+L~hx~0*jJ*7FO(U=SPL1H%K4W6>-95&{?!&b3Jt3$%uS+_A
z04lB@f`CsPq&5Q8g#!@VAeuB}e@vI8GbEFzC!qZ9pfM@DTca_l`+jL;6Kqg;X%a;9
z2f*`#7`HST|3oQ}>sp{FPm1+^(h2AHg6F$tsCjImjyj<1EpfBU^d1=jh~6NzOiF%m
z<$y7{@cLe3if5f4YRdYJDLp%R!MB_Eeb@)lb9>c@d2A(yk{&Ro7K<j`Z%HglPREKQ
zt&Wu*)+mdhae*;)bxxx(&ApvzOzSo!QWq!G^cvIMcQ-=e)`L*;lpo3h4r6-veWo$P
zJEzB((LLFO((779_kIZ498jDj^+RGd?1_Tk6@c)7m{D85njt8^Aq0{6$q<(|SDdHy
zo!(^3^u5{xrMC|nGkXp)jalwYE!055*sP#G0D%{pq58ccDA`skv!euQMZ(x@WGii)
zA<_L%yRmurVNJ>D8d`@8gzbmGyJG^X>ikfAj(Avxw&{{#WAo=`HX2*F(@lt!*r58S
zCd^eIHbQt|!q{TfZjHv4?#p|OEjRS_LT$MNd~<stw6_iN*EShj)uwBMB?ZBIc>wZn
zZ-e~Xr0m=ywdX#m$y+o-Wcdi>f09tsXKb}<h0NDJud#K0Pmi&6_Z?Efh7-m%firp_
z@J$osf0;10S>^UZ!H%sE540HDhK3rAZC`n}(b%r6rP0`KmCH1?uPy8`w(ri7X?d4y
z&i;O52k%4D{!g+)bX}9NV|TU*Zl|d8%_d_fcZ&~d+%j7}8!!&6{Z7n$7a0RL`-}rO
zG|GmUB%VFV1+h?zagh6J3F{dN<Dl+?8^QCqWayqv#=+gY$PV4f52Yf#m?r?i(<J2D
zrC$v?j6>Y@rg2EO;f2s5sqv|r#9cMnGaL~Aqy=+T!ZZp!?@QJmX@iCz6A-&UVHEak
zX+qV*38TpKx|rM9J}B8$`{O6k+SSr0e`r<H1s+GUQPiC#QPk3B6uWn_8O4eHnxJB#
zNWLy%l(_388ylLye}!adUaL{kTiR-rdOs3xKdKEXq^m^kX@NqS3hv$}qiW+EpHc0e
z<u$4YuWN>a2O?1aV3L&2W+>b}3<ZCc;pEh|zh2aSp53VNOxNPQ-DK1xww2DXZ9itB
z#B0?0j_85ft))gCA@aFh>e1bO;J-t<&mCPx?b`1o4DV_M|EuB_bNh`t?_pu^Z<M-q
zm*nbQ&0?T-h);7Gb!*@3GwKUZX*BA)*LjVGRWroLkJBZ`iQA?mL*VIV<FMGtJ;q^u
zG9CkWi&e?@P*~XlfkT~8*s0Al&u<*=F6x1*;UOqo-Umh6V1-u(jKf!Di;DZ~Q1-Fx
zX&J_akHny`CjcdHMxn5;9SYZUg1aaIg&T*BBRu<<#u14<Ok;NJ$tGj=I-67yo6k7X
zlkgfxZjk&f$`*@U-wH(s2f%+=5W?*N<0$twQvKScCk9+l^yL7=PY*&tyM$ba4XV0j
zhu#o_vP{umR-c-FDA`SK^llj3+lUixqo3OhK>hn#-&-7zpBj~J+YCkB>b^lEXpp9L
zwi8O0_o^9!*bI3Cj+Rgg`HZ8wzeyNJyH9I0j$Wh5F3Ferv5f=54>cRdxP3hkTw*tl
zbr+iun<cHv)odK^F18sbJo8W^H2l*B1%s`|iSEt3P`M%*%CGBHBPYUULGU+84z5gs
z$~Tgs@|^*w{8(1`$BUr~T~}lS?;R4y4pH`Zy-@H?vvFc~NZyan5)gbTVVvYXQhRk<
zAJi>(LGU$+)T9MaErlvF)d98Bolta4n{m>rt^CHHx<^doWcR6Zt=%9|K3l{uKJI&5
zGX6<B6i&75o)+WewO>gi6R89q@Il}!s}X0oG+~_LyT&w5>7J~Y7SpePK$fBO&cJnY
z!Of5~E$K7<JSf>1&XaKPX^WrRY@F&&ky>$AFBFTF*6!;xPVG+7uE-PH45&F=hQ!~S
zA+&`=^!a_pX{$m#Q2d>?)qC2A=U7Jp<8=4_azLEdYn<MFfLDG;?XoLnCG40C`8Uaa
zd(;nwxk(U@cR=}f@_sxn%Bi)1dzQ^O!>tAN=gOFRO=P=91pJWCnBxwb#+>d{J>$3*
zsLqn&uvpvl7&$Lw*H%3udGv@R#J)q|-h9CLOYr$5C_YZ)n2_1`m{im6Ta3SS`{lGd
zz6I*GkVB}j)i^UIJ-gt;W~jVNs>>M;<IGhKX?=5oP;^|tm>aC@G3IuksQ(@b8fOLG
z9x%@8&X-87lHt^)2gOD5mq?vi9EAF7qY!OMg3=cpP<LXJ8oira(&cQudAHtjw#_)Z
zzQJysz2=B!<D8PaqTrn-C2()KMCBVP*ss?(r~7lQ%#A(9x$a8YE+>gG&XH?F1YEJ7
zbkWKX1l$fNa>|tXKnBqdea5+~a<wuNB0)*mqJ$Sp9&9zvb6;p0=XD>gpHBvi^F4=}
z#`)c5qjABDSBv4TOfu%>f01O&_do4};AA;qzmxjrOM<Fx#2Mx{Lvg!a`iW*^e)pC=
zP`!gRt?lK{`AX8|9#O<S^7P)b42s0piZ5z18oPUYpk!sUMrDKYqomC(?K7G@e>UY^
zNEl5$Cwh(MRl9qQ7I&Y_+&{HI^xA~c(!IhoTHP}6V>`)da{e&5@0K}Y7e9T;XLNMC
zyv9xLNnYco!6)_lvMWk=Oo9AA%ZYmLpmDQ*QloK;`&cR94+fy<$w4STT!i$Yd`tN@
z<CaxBHyXFP-|#|lf&39a_CfG0&BpQ|#MVm>`!E5;o2%KnABscLC-dbRf6WfXWm1%C
zqQ<Q~SBrxjpw~ZBO^eR9YG1ZBgZKPa<2KJk&EL)P0G%L>;x(~{60snUNOVq%nl|ye
zkeULB9VEBX?JdS_-N|y%ykt|Od;iu4p1bVE?S7B6pa&$0%k9SPy<v&53sWKg0g0^R
z+n{ijcIb=JS{{*%KY1Y(kA%T1iRd4Y4!lt^`GY3o4tJr}ZKe%MW@#cy>}q7vUepTJ
zFGwzY5rbex41DsM`dVUgJ9I*LQYwTW?Sklm3m{f80;T&($l1G~FnIwKozMlv6;b1k
z7tdP&4KEKv$t`Q4q*tPMAPS{P#Za2k38fibP@20IN)KHCrT!R{hBBZus-F$I<n-0X
zou#e1ZE-S`-jo8R59`EZE+~CM9elh9%4QWqnVcbIUv)y+k6lpiTnOb8T~I#bIVj&h
z2IV3Bj0{70TtDklp#1R&l)teC%0C!^iqtNs$cjM4#6?iCc_&otD#!kwIyy*a{krbh
zHBfP;nx-PCXitTTi{nsnt&X0ELB*Tu-~-+9!9u7Er9x%#VyKkAv$B2|Dvuw6%Bwq!
zJD<NnXKz{yl@I7BA*tpZfht!QRHa9u>Z}f^x<e<vUJX@0#i4rQTBzPE6RNk=(T?k&
zdRHCood(tWWkdBrB~TsIQJGHEbg5Yc)eXAs2>o|-5mX;v3e_j;y3^G2oC2smXEju}
z<wEt6B~X2_eqO5PD)n-&dU;Yu!)jhx4K=5^pk~ejsF|zgoDQhbl+;{52sJlH)D%KZ
zPnU65&2T5wysq0m?=tRs@v8{b8eyn)rb6w`!%(|h6l&!~tPRJZwn`qp8eP)Z1+~(1
zYByv+?K?536WP`$k3fBD2h>kahXy(J8$y>rLtzy($cNXkybBtxDuagWW6*HRFf`oN
z2@UtALc?QO(C}0?H1tQIVf`9tcu~#w3L|v*jJu;h*&t%b9H|#){ao5et;4u`AZ9}4
z-#Q@rt(1gUlfnIs_S@wH#yvi9vsj<axTjl&dwz>#&r*e_2IS&8IbqzJ|7D|b@6)B0
zrsXv5E51j@irnfs3NZSQNq`}rrM)sR>eCvv=`2&mQr>g+)FX4{t(C7{Zm-{7;yy9~
zWshA9mAjRKr+f(N&Im(Ivt;t?G9=byK}o}f5IA)Z{KX1J49llgJ`8o|$b9YV8jG-%
zY}q*$$8ncQDQ{D_LE(_<rZtKdh+b}xE38x7Kv4zn&Wg4iszy<Ok|QJx@6<C~3Ulo4
zfD&14kqyZ*bBE+e{@JA*cC8t8B#(N8EkCgLB3Wn`$y9h>Jn>0Cgl`j5EmnA7MFCje
zyzs4xG#nop^C(4Z;;gn|D7`2I#nMZPZyW^Ay<HH#sS7NVyX=i&2z=TBwF8|{G&cs-
zl_OA|$b(qn&t^f{$HP$csytcyv`LD~{J$X?3M@V(Wwxll0}7-f7N2WrX+vY0R=y%3
zmX=YyLvTz8$Ct=4ZBu~a`?N7;ZV`h;2iDS#FZ}3oi&U)tJlER5^|4l8Hl1~1+G=U~
zvU)vlNqN_anVZQus@ujpwcG^%s^{2FGBebHb#HRJ3`&uiTfyD&4*YV#x#ekdC&_E7
z2f6n(!4*$|jP5?nr9FK>?J)4v0Lk;?Nig}<J~hLnI9_Uk)T`{6%NGrSYfc9w9p44h
zHuID6%JD<EQl9Mv`@u0rUn}{AR?H<b6_T70FtVIrKc*dwd109LNgqtu#|gO?x2Wla
zG-og7(wC!<^n@QK?bQxUTZC)T<qphw#Wqsyo)pL$j6(KtDd5~^0BonGU|y(bM(P<s
zuwC2)B>TWNu@7vCR?OuCLCks1`H<BR0%v0YI4A^0QX}T#>%>OB)hcM(t#Fq$b-s2j
zls2qeUQTNj3U*Zt=-{8%&6>$7kDOSC%R`^y7d^{IwuKxnr^sWtr!>{8d=Rng8R{?f
zlmVFep#zN5n!vTB3mgT0aGb24FSU?iu?&Y-8i2cpjDc4>$V{$Df#k#1K=RS)jIL^~
z+_SEih9GlN9NZ2snd_GhLZ%Fu5{C~`%I%o*w)A4o+e3|x7CIEHi|gI?_mO2q3cWkq
z$yOvOXO#x&Ns@Lg;wqS<>$crQIV%;5F4ccB58Wroy8Bu`<6g20r4?9XF_wui^$f*f
zbH;o5y?d$7k)8KDJzL8&!JXq}iu;0oru2W7!i3?41>}`1&LHo_6APGFa_#~qZkRsI
zq_WRanDojODNHUnbBM{^t_V!q{OLd3n2WD-GS&N5l&Qmaq%bYIuz+d(Cl)Y0dPD}(
z`{OQV)VvyH#<Pnvm|1gT0W<rqC}382pnzHZyRT-m>c=B&_UyR}*u1VU&gL4`7Ip6r
zv&AblF1FP8w%nK$VXMk1DVUeeO=YW|f;d|TJK}8JvyF>w^52QDjb33}y~4Ju_RD8G
zPt6*(+vp!+d$-=m*fR|2vdhMgvgd^V&ClPx&N}f&@BPii#-91V9ESDtH(iZC_un7=
z=C<Gb{P*|%tFz-Bj1Tf({b$|#i%V{cjZNbJ@ZYA%9=}d09=~A!<7{{|l(LDJSl-Za
z?(Hs;3sX+4f6xAr1IH<Mz9Hx1|M0X;!ojlREql<hz%{0lh!5=)kCw30&~{=Olj4}o
z2Z}%YB?w0PV1^=|7Sr-<u?pN@dX#RW#;Kpr8VaM%hrn&Cz}xEq&m51Gj``p=3~*yW
z?m9`PblqXoy>^}O>By%49QtX~9d<PnbOIfv>x5zbR5MG>dYy2n5l45MYFs*DSCgz}
zOZ_)V4XggI=^USuaS?5;k$C4QM>pfCFy-O)F;2}$2+ZDom~n^;lJncaesnU}&uD|R
z{p>JfzgEbQd)D<`3mCH!kUOm(Cgt{zriM|!g<|=qjL1Qf1m!lFmX=OvDG7?@*PSXq
ztCUKMRQxwc50n4?7h`VpjkyDTeKI3Y8<5SeaLuoEhVeVt^o(&z96wvy9v&N-a=b>f
zkct%{a%Y9cI`z(#_CL=B(JHA?8`?Ee#l<z!l2h9l6_xcL4?@GIG77Djp$I*6noM7X
zIr2YKex1Z;*%d!)Ewu+pn!evYHtiM4NGS~DgS%u<9^5YFM#&>`j^gLZNl-Um`sow$
z!sbZJm4Cx6Y44XUUbjGgbmjWhUEqVTGLF2K5MHnNrPAmM-jy%h8<BrfuAv8IcPqus
zdz&s1v6g?W(AFgRxug|T-P{C4XDFXbomzQXB?@8tI^_AZyhkUdL*2Jwh}$JsbEP;u
zE@{8k#~!0<MX@HrN~O79N_m?6oyy7bdF9#JODy9s?fplTC7=|P*uK)zL>AUO`;~_1
zle4R64_)_~hI^LIw(DM>Iz2(IzhwCtHgkfN&)^Sga^y|+-y@~+5ve2>D5{{vE0`}|
zntBf0Fu)#`-1jNWQFEXkzK5P+r4%HZpy2)%sH$p$@-tJwyGWGygpEDj$7wbO6}i=%
zx)lm=|2POyX+~vd%Z<B8zH2La?nNb64QR$KvRK)wTrm039a1`8`I*|wmbPK8lGf}|
z+KksD1>+DsNU;-3@hVkXUa&t1RhrXMOLZ0l_1&q&r!ACV_MHYfL5jbn9Cyk+_N<ao
z_GyC3Wg@eXNM*AjsJSW(vAQr6o!J8AO>$4H>x8N|Mxgpl#T!LjMam*9njoV7QtJ`c
z9qY89o4k@9c~Z+)X%ZD&tC-aUf%7zQ>4~FcyIMaL2`(;|$4e1>i;Bw+ZGwzDWVTp#
zqq0OT+I1I6-BMnpd#18ZXX~fZb==qJKZQN5D5G0pJ1b)6o~5(W^sS(ed#<ii0LAl?
zlsku-)8qr4s%J>BSl)Qcx9*;$|I9`}!$8A8TL=vU4Fe6sreUCApkbh4BrDj7hLNPe
zAsPl6hN0LK8U`AMp<$q5pkbIAh9%!nPyo63(J;_3exJi7%PaYN{BN54?P(`=Fv<yk
zV~dY-LaPHy(&gMK@)mWvn>0iJf`Mk8qcu|c?RW>siQvxe!R*>2FedY22YbN?CdM9K
zqNEj%f|Hhp>{Y_46~uJc%NmpDaL-gPma?rVqx9X;#q+Mx2}Kn`pY^ccvmSN2i^={k
zE8&^zdtl1zons=)Q7JR%_%)DmZwgFamkJr*wu9}?2nQr4CPCKy{V;Kdp)v7pX$8MF
zLM;8@puoGGkTH9JgPR_1;}G8gez14-|7>+!zjo|pChgk>r1x^r(EdISc7L0Y!Rs7t
z%oX1?amXqqP)~n%2yAi1NkmtkOBKG@G{xhVt3}kcAzdd)V$Jioh%QYO!n2q8#@^TJ
zVBBES;(2NmILvYPgJV(z&&%Nfyw%ZUm@&<ccjW6R<h&EcKg~A)DN=xPzHmb3^@Es~
zoY@6w^ZFsHD2{nq!7%=wyN3uk6{XF)Eka=NmD020A%gDP1_&m)Z7_9<4$M}imaw*q
z*mKXMLB^MvkaBhsWM8aiUJ9_%2d-oM+8<uX-aLUX_Du`S{I&^S-$#kjBW&}$VBf_L
zhEfU9#iNaKYe$b<UPAe=L<sdh+E1iH3+g&7L8NDCkm$PUt&pVbgzPiY!TzXxRgVvX
zxikz(=Q;`7{Wij#l07)J5uKf2KQ95(rlvsZqe)}7Wa^VmqjyBr{ckU}u2X-p-<-8h
zpgdZXo@r@<mi?<$_{GAH8ro7<M|bF4<zg#Oddk~T^84K#6pRYeRgGg3(f5`3+Cyq&
zuPQZ+u-yLP<Fs)iVu#OZ&s?cZJXxV`rEU2xF~Q2%iYu7o*TumMB@$eyD3rDBFYkfW
zJx9i<E_jn}YtdPGPT~*tP`YmK1wS*(5tA~vLWouXFIXv}R?prOy$~#wi(jsG%fno=
zei#mOi7W4?f$!dkIp1Yc@bXX!CBe^9DD>^$M&atlC`BXtuElJe>7=+jxe>GTOdsZg
z#wcdjzH2G+Z$1PQK3WJl(QHWXSp;T%>e$M-<h#x}J{@w3myE5dwZ7H~EpqW6>EK`7
zo7NbG)P2`dqCu9%_Fel+b93AVL+P@pX29-OG*bN8d}mCZDbHB3WNh6g^mM?~uzV<*
z`%FV*Av&;JW}0zxX?ri_i!QfAdQ~!JYn6S}cQfk1x$FlU<`vSy9ZI;*xgY?pqoUxF
zOqp<0JC#!&TnJMxlm_o}sY#dHYZ#_IG7NcZ3LyQpY$~-1iw8#*Li&lFkp8DIWUm{9
z^kEld%`AZFt?RiecR>h}8XS;QUIgibX_)g07eLmGHpt1`02x1Ih}vV2`*jQ^EFXa6
zciLgP9AGHOZ|Gu_gm0dZ4@npHjZ!;#TdaZU=e2?B{1D`wG|W{mbgBF2Gr@RVo5|h7
z)$Z%W8D5n+vOy-w1A|;WFMT!4INZfGo`<85Q8^6G`7UtY7KYqQlfm^vvN*c@Yub{I
zLt~J-$J1Q1Y(WHb-t-*EeJvI8iev?TH3F`_pynzW%xj&H`cWsCkEMcL$ptBS5lH>8
z4JPa^ZmXOQ+i7XwTJ8knCnuOK>S|vxp5C=!J}+X`Gt75mV1AVfwxS5w6}hngm=BH@
zV_>^5A8hw81l!su*n=Zr@7Hs`?c>@h(IUt_KLQS(hOC3126XY%$dXacdhN4Q2Eh?&
zhm4D2knvFw<TYe)UFC`L4$A*L;l3p>Wn}<TqVj02jzjKcE->Fu0sHgqkW?`MNk_Ip
z($QM@lk~GuO}l<Bb3)Pz9bK;fu2yrCF1|(o-LA8D=)e2aJglZ$&1zlpijEX_PWnU_
zf1#gW>*(7MIF_opvJD(p>*zWsIBwLDI(0muqi!_`HGTSTNEbgd01ox+cuObV(Fx^5
zJ3dzPh5q|i*J)*(41hDG4V-x*xF5AYBpg^4hivuid^rG)yPtuHiqd9(<dUv8Jf;TZ
zxJCfw?;7hDLGs%&kv~d>>|Ki??XM|d6W?`x*$J-wJHU0wVsQBvL27w2*KIgD2eLK`
zbA8~$0Z3i;G)$P=!S&sL*2Uk8vOA?^?34!6pM4r^&H|V+umBwEBj9XX3eJ1O;Qafu
z;QU4;u&dmpC&VCmUOA+EGz6(7Qjd=6fYhdSkb3I~<SF`<cULN;9~p<t<|VS|hat_M
z54px#$h%zL>F@$bTQ~vIHY|m-*G3@Sl?mz7#Vz()3+a*7kY23j@ED{&w-z$CTmspr
z#31v6g^>AXCS+|LhpgQTVDg+|$bNPKOzdxiiQnhLq{Gu-a^@14yx$s_tSvOnmIc$@
z@<$A&Lh5^&!16&zcIHFIIYofH`x9<U;RdNVH>}>u0coBlupK!BY0HuT<t^nZb=Q7b
zlp712t(eQcT*HlPol7C7Ee;d*l2YXChs<|f^4e#B(UQ+ir3Z~bM!X&J=5=w?MXOTe
z#J9oB*IY2+0vF7DcM)Xxiy@<+12Qz(8Oo!`I7~-pi|1Sr0{dUv#Tm2|lCYVnOCU2#
zbD#IK=Qwj#h?@(y$cId2)nzKTJEx@`a*i2>R9hQ24~?X9OaHWsU_!T;(IqKhyq^qt
z3UN-ks0Ai0abd1pvKX^DZyBUc)GmA5QpUPqLSh-rIIbVF^ZH~+*}nxc9PN;H+*07D
z0kEgJAoHjpn7H)<ZY{hbiCa59TO^s{gQ=TKJDePYEKeuqlE4CRjcA5;DgoO?$=v37
zzZIs)-N6Toz_>+Q&Ak{<>J{>yv(pgJI>c?gS1a@pTnDzt+Q9bs;xQLe%2pYWvN8rq
zfn;zV*a6uGlt8vW9WqZ0!{oI?F!hmquuswY?kW~}To~*($xU^ew7!>h;#KY1w^u{P
zKBDnELy*3emPh7hwt^OUl`hC=Nd~rB2-CiPhC7BY=;zMtrz4QNXBT8I(o28zjKVN!
zkh^m#xUTJh-0z>}&R62Y;QD$2WSlO^bdLPg52nL}`AcBZ<q~7hSxdW^yUNcW9MfZy
zw^<0ev&49$9%XMnjM@3oYH-w*z{Kk5F!Ato?s~RS-M=C7$%}D!$V`Up4_%OR*$8Cc
zJOJ6ZcEGgr)4+T&4YEHT=I*7R7DD!y`uUB_f}{+X(rt3jtYk5_1NFZ2V7A@hqe^c7
z8tGv*^8ME-$j~6)|KY<&WH4L4|D#@fHOkTQ{U58q!}0R{pD;L3z=_Xv6mXIP04Klj
zcw|(4Gh0sR7**d+Q9R((m-^zIrg*>^FTFp^Ulb2GbHisToTYfcInPf?;XH)`F6i%w
zGf$y_QO#{ebu+kbkArK$QgEEG6kLZFgCmv?Ig5&6s{V8Ao(VbUh>K3ww0|0hJo^He
zG&v44k`{uoPdOM>8)@v%?ErIY`S0J>lAWmqtyu!OZ!Cd4e;Q2OX*Eo_y&9&MyZ|%i
zUkWoWoB%VfUk)=bD}$L2OomyuGL3XOO>5qX&~oJ!DYUIUbBGQ_E;?7$tf5Phi-n5C
zRJ}ahNp<~5E7iS!K#$#|hR#SY5b60CJ^HmqYc{?W#q7Kz1+#Nu0cPuo1(=;jWMH<&
zU6_}>8pT|;I0N%CooKnD0JD8S*X_O<^HQzWvU3+;uI!6rE}uS(x$^yC%qweLn9Dy)
z!MrFbf_aI;HH`&v%+`)LX5%(4%!ThnF!jFXqBDmuFY*sz&T~bmtsm~B_T`aQ>i#2T
z`*+{c{!}sb>a<>+HvD%w9kuwLD&{cte3*JZ{J+=p5$f~^bvpaM*QqrTN2=!|)$>vR
zy`GQ$kGlFb{aK?rMx#1LqdN9K>gspbeADtAr=E{f&&U7wdOqPl>gw0;d*c7Yy(d}s
z{wMb8pY-~F((9l62cGM?X}#E7=$H2I?@saf#hUC>{+Hd4PtLFVv&iDl8vUO&`cwZv
z_kWP#o%SDfH9kJQ<>?yG=^D@(|4}c$H;Hr9-yHS#m;XwC)*#RPkGlHx3tH1YSEHJ%
zQJwWiy85-h<o90H8rs?F`E2!k&L8Rdf0SV7s=ss9-+BL){;WZsuTIZbrx*M$JN@;X
z&ijvg`Src?HJ14rOXGjk%kQm1Q}kx3@gMclte%_IbIX6FXKU&#@@ZAit?Ie$5A<wp
zdy9ttcZ|n+WV;^Ou19wKfAGl8Kl+T{ywUj5ZsK)a|GlmjXbu)=4i^3|JN-SP86WQW
zA}`X@7U^k=|LD{H9~OCujEg0*E0!v!XsPUqWy&d9CcEN7<rG~gyJER=ik8c+xJWrg
z7s;f!SUE)(%Z9i_IYpPqhFGDTq7||sE>%v^rLrL|Q%=!kvLP;4I??5_Ayz7#Xr<DL
zu24GB71GDAEcXv_rIj1y*h1-N|Nk~}<c*HNI{M8|YkcxgI_6_8`f3n!-t}!V*kYLT
zZtTLGmu16j-eAMLXcr%tm-Q;XCHqpje&$>92;Y$cu7w5QII#d+M`VB_F5_`=229m|
zNmuCX?yDi^+yyeBhGF{q!!Y5q6v#`8z@#ZDU>3x|lyR2+P6TFNp-jp%hrrk`AB>tc
zvYuqyD^F`?pC9sS?J#kp9i{~A;5^F?sbN2)ZD|LdQCw|`9VYDI2V1B^jhs$1f@%sz
z-^iT5TG_{EhcK5-T@8F|j@@BJk}^82Ae>x7E5cxFmdSWh5co?Qq^pK9>v;Xll><U~
zGI?w4++wBrq)llCbH5<u2q(tsk0Kwp`zylS-hEvWcX&_j#q7#aY;m~{GE@MIN}ddb
z-6ww91T(hsLGpDiazL1n7i)xR+sXlZRR~f(Y#I%kjk%sDDG_5+cC;1za|`rgG@`A9
z94p6gJh*Gc_^g}+k4nbIqp#zaj3zE_iW!E54`Kyw@>746Co_I;o~H}wOF%|f*H}c+
z`MS!a6<8WgvFvVztWr7gZ;*%7u28K8uKcS9to+GJ<+ECMSe447k)%!eS5~2-m7U-|
z+RKCCv*Zw0x|2Nl57l+7feBmm@K9ev7Y}<r?1hvsTflZk6XrZ+Vv*j@!$N|=en0}u
zR}^3UzcWWiBWzY^!BEJ>_%NMEdaiN8jDuQvbVgMR;C~iU|2zPbj*WuD5r)(n`Gzld
z!K7KqkXsdk?8lx4`$qYs*E&W$<!0L!I=V!z_Vb4zC)v-VU8gSMvGA^P&z{)<X+1%h
z@oogn=Nyo9mjh@{gOtf5U_Rl3l!*f{MakwfPDp|56Vt%hRb$!7H5OU6+>j}gI$`2J
z<%@LbwlgA-amXNKD6X6F=$f(MbF!J>anrRJru4|O^GqtFUEIPGwF<#nq3LN)D|vWc
z8)UUEhb*o1w1?z#v#U9MA?C7`3Y6|ACy_T5oVEg(IQ%?Jd@fJn3xz$^Sh-+2ddz|^
zu&6!xx<x$RGf`VZ_y=eYI$pNH^xP1*j#aL+vfz|n{bWL^DjcY7e_+~ZX7y7IDn7CM
zd<qB-Kvvxvp6a@`7xSWP<f2glZ1Qq3EmsFjxX=kxQxuy>YQgM$E1_nPRcou|ncYs#
zLgigssSJ){KV&GvHlA&5joEo$A7uV16=qcS(35ew1Cmc#BYxV1x$Km|(WGj#X`O;T
zt%@5|DVNyh!JL<@Cho<&)M&(9Vr#@~y0}p%yqL|Zlv1K~ciEtLacP2XUBZf|23Vz^
z){!~Cr5AEu5=YumDd8Uk!6DF*Od&ZbKbsswK_o#g7^RBw9oGve5om@=owMYHb?w&-
znU~17xuzLr?wJJX8~Pw?k^J5k``@4kJ??-R4M~vukOS<ei!i;-B<z#KsRc$bc{2qG
zPgVd*X`EK_oK58*R>Fou5Eu?sM2=@H{Hv@wE2C_jBmFut;TMd@`@Aw6l)pB5hjJmt
zZyOJZTkOkSqP#DqJcxr}vk*!)Wxcp9c&$w->sAV0^aEv1ZOXN>n2}YGV)Z9xG~n|#
zL9(2;)~g1(e$IopUaNS+&nfWHd7IL<6a$Ywq~f-MO-US^h7nUPlQr<sBtQ!+L2=#R
zWV?DA6bZJ<RR3%;l*kJ(T>6ur;q^a>7?kyb(mk!lb(fH^Ha)|7OKUyGL&OS`kLJRT
zUpGFC-#pw30*_}RWVMg5CUkP^D9aelfSnReX025?Z-_*#$;r7s2onUD<5C$}nLWTd
ze|b9Vh98iRc3-6|z1ajg`zmKb>G+ejD+DCaEN#S+>{eHsM91iGe=*X3HCMk*3Lcj!
zD)<=PLa7J3Aa_aoSUydjFfS@63E(SNDKgU(1NtdX&8)FUI_pC)X~_WOZ76{$rURy|
z($?4%`^@mRF`9wn4J4`fcpXgtOK9xfthvv=JPZ?FR+wXLCvc03?k^Ehi$wEw5Enh5
z3DS3!`gVQ)m})S-XN;bINAiU~_{QqM#WqJbo$Cr!<o+yIpR;(Fc~5AppyD^HKRTVF
z*x#HO717#E*4a&!7QeV|(=$d_>o*;YpS6@H+v*f8#mLwKj9*+Ph>r1#Evg$o`<pFp
zg<+=LDzLU+Q@fRl`5TR5{1U5|x^q<2Ze`y7JUOGR<=?ZaiDxPyansXADe?LyunPw$
zNti3+{aJ}D<<mN#qE~g5D#fw#TB@#4hUD|ZKUW+o&86n~RH)xP1sY6M^rfiE?<Q6B
zedYS)BdzWHn|DipQ!yo#8Ra#oa_EgPB%j$kn!82nDGDYo?}wR(s01jr39^4spmf#{
zuht&?bLMiOLUX@B364S@NmdcRkUW3OZGTboBUW!Eomn$!@y_wr4{xXJRErI3OS<3n
z0k<m8NIl1LR7!VB64Y!dKtf3{!TgObfUi-&4GOkfFlH8rn1$`-o!U3HZbhdJLNK5z
z`}@KWQi{T8!JG7Ui%ttISb}r=$AAp1=Z<nwK><Xb)z;9?^Q`TM`gtn4SDp1ZyRnF&
zV5Vx4l&xt^yT_$`DG`mOaTlJd{8$wwT9PSK)sGfgSS(Fly)jBsQjSYDDxp|%#?o2G
z=SneLrYstO%vmZa&+XyOaY`J&&aK*YD<Rg}lEo(|`&}pn)fU8^Wg7@Z)yjaic2C_~
zsvMVet`-udTd8nXMwuWHe?jfms``{cS20cN_RpUa$J|1^vsT)z5+&<B0(IgqN_ZaK
zLYDc^tlCX!bK_#n8o1}^pX>O1C3@sMK?Yb9p%O#oD2>+YkLLL*Y0rDNu2W#ss!dCO
zU_IpKm;EvyZql(*m=6kqE1{ei)f?E448b&&%bR~!9>w}7B**iCV^)K07n!9ux5K1|
ztY*<z4(X(0+s9(ZX=lV>dUtTF5Fwzkq()?YUfhbga+>bAUy7kr(+Mwjf%BX$-d?k_
zlXvoWcJa<jPc?&6Xb@?8g<;}9+IZJcabVuH*}S{HvmbIhhsRP+b2pUzVgcR@1(ok}
zQad;<lRdcCAQ&?T#?tqa1qhe+w^ZI+|KgDHOZs85Y*TAJl3!37;tLBP_2D6ye6tk3
zX?ET(X;9XrbldFvg`6gN>AEzE**;f;49L=ys+;K?E7E)a!i!t@AQX~0cdZSx>(F-0
zc@G6KFS}AnXA%xMsS6-;T{0iEZk5D`=Bfl_xqA6<bt0;Oehji#cJWd9F*3++Z|9@L
zy@QZeXTx0lPH?mo@$a4om4u*_hh&#i>7FjgK4c9fnMyq{yCA1f!F$E0EnOgOAC=hb
zD-%z}EE%oRm9_Ae=4*KaMzgJjt2=6t3!*JefM%oV10pHsAptNxX~t}MTRN)@@{At`
zVA^~A{C(gCA0N9{_w(_ZK0E*Lo~m?&^xmHn6MlU({_{5?;Wzx*+LzPc?)Z7Re_b$W
z&8fvf#%tkc94n44Gssos2iJYQkeVXa5))2fzp7ybo*bPkmw=MZ1CbF3XQ^1pOi>+>
z7_F>N@9;(l#PYy5RVC3y7lKDP#~vX$Rkg<<sI0Zv-=wH3TipUXE;vc3Gy*%WeXAcz
zS1yF;6{?1gN=yjJ*qx(n%`e1Nl;0k6srLGkOdTzO+7nd4v-%?NP0y8}S1AM<pWskE
zwiGCew+YNfEKSHkH3tchHL6rr0r*<jz3!J(L?bv^H`(B}lD@xN1fI0T;I=S%CG$MT
zi~A(2t6i15+9gEDu0rsiTqJ~D^(WR>q77z&>qa*U>gMG1F>qb)!O0N*=4lB3pzc?w
zdVcOR&~RQ66boaa_?<Mt=L)XcP@%Rk8+^0ne^F+?{~}d6uSf;Ag@Zd=FC%DM3$peX
z-1ZX*zLhFg5)iD<u8N?o)QI`I&(eQx@oXWw7Oxh<!M1D0xIl2<45+(mA><3{)t#jp
zotp&pHCqe1h3=gzMCP;A-wM67)M=lP@%)0ZwW?eq2dKd1!Uf>JSXsM*<P4-NhCuo{
z2xLDEfxL?#Fm(e2X03(5mIV;lMkjVy1c6;9Kw!^Y2<*ECLh?(6kJEqzt66k|(D$y^
z>q}@>36#ttdAHKuf)|U!?Un=$=Ln_Xf+8>i0+|xdVzFxVE#$+(goOW30s=c&fa52%
zLD|z`2<Ejyt?F@VkCCtzUZ49o;XfazS(_~?7A#+EjsVE!2=j4g(NMYseOP6_hYEn~
z&<K=Ph<1gRXJO=dE>!j2B`r|XAzbWFL*SjPs;!rVmhyT&6u-4vV37S|bqN;Ooh9zV
zUl&67`vRysP}r^uw2$5sZpwQq+1X8EQF+p}83Mdg8B}3H01B$E&Tq_z{I-n(3XMbl
zvNe!@aSp#IO&L`tEPOaweEC<j@@eG~=`X@$tGHUMSp^WWttGovwqCqe8*D`!iZ1UO
z(^dRC2tcb*@2eV<surQhY%b8@fX4i70K7-4sO~&vZ{PfLEk*2|5EP!44~279LxFa{
zs3=!yO6feIn>-MPLPJoXLa)w$L3e~z#$)Zgk{&2*?@%F@6bBWv1c!x8E2v0MOC!|$
zq&ljf`c;G^bRsM1dxExenFA`8iY$h;(gG2SZpeh--uX~>aRJm_nI`ZfZNxo$pt7S6
z8eWxJ_O1TgRJRipUTMi40{#&wvgIqSTPf;%PG<OXDsP&e3_jt}2G&U;3be|jl5Nik
z0-GHYw!^+6vrqJ@0-g%b(i>UTKLU?(2X#k=Y!V?krI+iv+(rnLiE%fH5>o{HBOsEZ
zl_OB6vj3VRgqowO1*?WA{-ucK1)s3rr3g<G`3U34J5&yV_(t$eDTP2uu0V4|r~g<A
zf#xCzyjTLk`=5c}_sMFqAoTrW2&b=yux}ZJ?_2`m_X;7hR|!NKpMl8p7eegZ5{NAn
zrsrFWpz5M!5F1_!@zkdwzI6c<q%MVm$wg35n*#;M=;xAkP&jQd6b=<b;WPUAg8(D)
zG&y_frO(qMZzbrp9W>)sDdOrzC}|er(~Sbi9n$Kn@S^a{_!w|fRqF@@l?xjz>xB3k
zA=w=vjG50CLecUC;8_@j;2jGfl$r{4zSR)>tB`q4?t=KIg7#S__4kS(RIC%Ho}}r#
zPa3>1m^^kHRGcq3r%3{}+`$3$sJKnABJR_~$OObx^tB%O-D)VlQh*y0UfzS$mBIs_
zJV8zm2-5zuiBNXcMNqb}0?J+Mp*(vTRD>>siX%&)&RGccyZjaE&w3u}+g^bB6_cU<
zmK9L{*d(Z5qvnO@pkeD$XxMQhG-$ON_FJzAhiFZ8K$eP)Dz7X(B05)0K_<YsN@A5j
zTAbfv!@p5ZymM6pC<sGK2eDQr_jcusou!P`GklO2vB3->j*VIvHj~dISxJ08xK9Ag
znm)cLdPXU<DzG;dM6&tXVd^pRqhBGzQ^@+r;zN-82-$;=Q((q>Hkfp}jMmHBVTzFF
zQmaES^_3RBSiOU)gJ-MuM&*Q){@w!Fs;XtG9Gr*!Y%Mxw56H<Y{aH}RwmEjN<*Rn7
zPVe!0vdRVga>w*S`jguGg8blO8)Q7|;LDOu<;;5JvfUU5+lfA~Ck4Qs)vTr!?6Vbd
z`Z&s$1FbE56<XostAWRc__|=Y8Egd#ZT&;TP5D{yIRss7$vk5?#Mc9k7MSr?K&H7O
zP68n!;{0U}xI-_9N^21aOv<Nyd=sfl;hUk{L2$_{l(nptZ)11$@$K_JgdlAT2j96L
zRdK>KNqo0vdv$O4A@$1?zK<N+%J;oy3O{&MOOc%0$q#G7$zYV|jyL71JEoZ*BL}<q
zad<*A|ExMBz&}^NmkjCtK7R5(D|8rDrDR+_EE_^GjJ*`&lOxIy)|&Ab!Ia$F3~8<X
z{M3`FrM*08P*mG*@Yj8nEqt5eGe7mp=`;k%BDjnb`V7POa?mikUmi5f{C=eeUl%gW
zSJpKfHVfv|_DF|eFVm+mrf=N}DLXr1y4+dD7xFsK^&9q)!+VXSy3d_P(lde)O;a_m
z+u=1F7WSv3P#MnEVVELlYV!<1h)fsu$=j_keWPj`N)&(lo9u4Ym}I`*0-2xMA@g%h
zQ$iMoK=93XRgcpyi$%rJdE1I!PVP4x{g3t<&hU9o!`Z!=BAHjU8Yv#tD&z<XZ%VSP
z)Xn;hlz|r<hRavmVz`FtoknW43Y@c4-D+0$LG}{SuKfII=P3)gF#;(<L7w)8?2pP8
zBX!-)14dfpjt(PjwSXk2r4AbDv0|r@K9t-FQ)>c{B+&KLlbT`LkD^5R*Rmd#6JOFL
z`%gj0F6lQiO0U(sz2`78hVNFD%Y7<r_(-YGhbp3Tm%=d8P=cqVL&-x!!Y&s^XpfM;
zP7*_YU%*q}#GvGw5h%H_14>p4CGBbb_s<xVDjU2sTj*zU?Uo*^|4xlU*|(|_K7J9D
zcdA*WpYN#oRG36x2ysjxSd}W6sa)lP$~F3_%HqoP`nj<asy`GemsRq9R{_-AD~zoj
zRe4_|P^}i>ZV9Hiw$lZ**SMg5yAfze)4;Q&+Ru`IZI1kFpT~^M(1XcF=HNj?Mpopt
z4kK%=ps!p5(zNoVP)!oluwYo-r_0MUAVIZv5`?!GaR1Iytgj3}WJl>1iXBJR2u!I)
zufI(jlx`&j{1Yd{6<#Sys9<`v1Iq7^%Be_AnO7g7+1M)lU13~S3#{@r2Sil<QX;2>
zH(N;Q*Ga1q%6e>OK=|ImMf``LKrhkw&J9E45`A?+JhAdTp)u7b3w2j2iCreyqw;+T
zQ8TbX-`x0KaF3}Ghy+xGE=)xWSTS-zI|QE4M`*<5LoW#MuV@g$U+Eh`4+&83DHW?<
zDqyUfB#0d*o$Ijxl<gwC!*3+~_3?+u$3jr<64rf_2L7>tYS#xLAR{UNI(^CKGC{8D
z>mbo>1rDa7$@s&9em+zvuQEm}v!&5W&ctS`dS1LFv|dQ_DNZO8R8{CL{dc*L6wen}
z!hwQZT{sM}BQ@qH^o$-MbndL`bd9g_Wf%C~6Q-ifhoW3{uNe=QI-y*p$+1s_(fB6^
zRDG|>vEW*#`XQuRyl{!|Z7&n{?4Ioq$x?Z{7QXz2J}sWmM-NYiY73;{DdBuB>xZ(#
z+M!J7ts%*+xJraWUnWD*DZ*m?lT^AZ<+v0H<li75u%PuuDG=UL@rpTud|TH6h35)_
zS%|YmH>N|Vc>pRF>9$~>W?Zp%3xzfof!M_Yg|8A$>ct{&*;e7b<uLt8w5w0RRLs}x
zsy3r)D;dk*4nXa#LlFK<1iZc8ZKx1xKhTyGURu#^+9bR7L0!HEzDE<3sg@%8h^Aen
z=RUd>g11V)Y8P1Q3K3F|DEmSo1LWx|N*~E|o7@H7_03R~qbc4^z~tiXwZdccX3AmE
z7=n<#`%u4^03u)Q7@H<<Mmp5AYuYcBr&4}-Pq`pN_Y^Xywt??cZJ{5vtzOpl`&b`M
zXbM63B_Sx&S6HeJ8HRjWn${wR1&<d}VPS1bD+E;07oINE=Z(Tf`&1jOMnJlkHETNy
zb9BpoXqeUtrP_Xx2mBB}SnIKye$LfS&JY%Zg)%%<rkhF(<K;r2mI+lTq3M|<HAUZ^
zD!oe7dADBSc#Y+m7Vrwcxc&k$ioXj6Q+viM$yAXcD1EUnZ?-(@6VtUkdf$_@tuh38
zt|A8Sz1ot3@s8xmiLdV;1&<Y9`%spMtg(81XCO3BpXupuhBA3h>b4WX-ID^5Zxpo1
z7P3~o^|2`-g6o4bp~plj_ArDG)Ye!jD%PwOY%8-_IC3R(gjagCjDD#urCSPk^pFmS
zO%~fk`$)LD5tokogs6#DRkfSGD(#f3`=LOkgWe4B5`8tL@Gc1|VPeIlcojS&Geaa$
zTc@8dXpR2vgvi4k!mkq$_MVDxWGM_NEb4HtNIq#0V)IpkTddC=ydvwfWC$uA7QlLs
zEaqzQwL+mjOZ6+>M(gpYzNa*3htR`<#T5i|s9K-LcyJvA&kKzaYv_p8;1_6a)YR9_
zPSQ6}p6iFYZA6{dYsSS!f>rt^gCJrer|I)HnG(JFR93-tBFrWFu#bFw*2_dI1lGHm
zh-PasygYSp2nhCK@x%uOymF`L^gVqNYM~b8GjV~K%-m};A^NaD!_U=+X_n~ITQOlE
zCh4mc_v_1E1%i2gPH5d9%3snY3~ceH%J;M$!k`QK2BF|)CqxCWUw4RXXCaEX@6-Z#
zIw16>M9l52V{;$7N}nIom?JmnYh-_kL3Fars!O$<uWyG2S?ZPPBBXWVTz%p%aeV=2
zL<4$2_X>tJQd0yqG8NoQ(!l%AJ_xl5NbMiun78Pw29Jr_#nwHO^u3ck#C&g91JTX3
zh3frKaizY_rFyXN%c99!v>~drMhQiiY83}-)2h}e%<C2(`XmA+r>DrtA$opK7NmmS
zMQ3RKL=1I8g0B0dRUOEn6zFS_a2u_i64Y0jd?&U+eXn-+3Vqy2QoQ7}R^8h^wwb*0
zc!f=QSU!^POC%8MNE3zWwUmY(`I9go9}-g13NZlXrj#!iTKqi`sQXkOUlOw{QCVMT
zrL~M&lryxMl$KY%RE~-#QXx7;rnK+`LuZR;>l+Wg7c_O>=zU+vhsbQXEWDCiWfJt8
zYnp_)oPVhNSCRqwwazg?U-z5_^g+8wUaW6I8q{qbhWypyb^B{am537W6^6Z7U-0Y&
zQ2t{YR0@VBcxD?!-xX(-tS#GBpOe~J)6^}Zxmt~=uIze!GwekfT@oiHtK>u3N(_E|
z0OH^2I|KFdRCX)HP4GN5Kgm~mOfnRDMF;Z)eY&SUMx<KH!m~8oZ-uv6C4TRaE-+QZ
zdb+TSx`iq~SEA?<eTJ?~6Dx5X$xjoZi<fLGh~68;vwNlc94GBY9k}1rLg@o&`5|r2
zFSVeP#Ff{}+oO+Mxy5L!^_7@NvhcknFsk+zt9n$V_mrknpEaopN~GSX&3>tHL$w}3
z6@M1)r>?frHvLFAPmc?IdA1ZZePFEaixe>w2^Kj_Enyhe1`FLRQkkQfl$uh~DUl_e
zChF9KX174(e#!1-?PEmam91e3zQQ}jCzU>xzq>;FR|{lWiK!MF_AAS=<O6*pXnWyZ
z4@wu6jH+^{K%sQP__qpZeJR1WTQfwr6fo)$Va<^Ah&|N7?()3<q?mQFK=oDR9SQo?
zi03R2uB7y}*azYkf+`IwF)&n_GWJEH!o5W=(-%N=Gg%X|qTMS5?DU;5r+$*E`=qFD
zI|+v=+PcaJjZ2;OeLXTJ&m%_)UHde>>Qy2$aTV`FgHZ34B-ZzPBG)TWAZ})<AEnBQ
zjcz0QTi*%A*9e97eZl8mk^}_;R0*G_?xmR*uac-dPU56afK5t`^~nQX^sIo0Cx{<N
z8MAnMtwvDzhM2x|mGJTUTFYr#tz)(3m$gELICbO{DH!_HPH?Tz@&7E$E`1~{KV1^%
zX@zxmmFxapN&DBeT@KJQ`ow|zr8<8pzFRJ?G9>2vjZ6y3^Gb2d{ESX9vj0=unTJPN
zo^AhpCJEWdMhFA~wAxx+Pyt0nrOcMuXR=L_$u`xxVOvqrR%=}Y2?P>Z6cKlE*Ser>
zt$PTBgk4-wz^!#D?z?rV-|@R=lEJ*R-*SA%`~EXWlF7_G^E~%+-Pd(q=XIXs-k=bH
zm)oVl0Z8DE4oKAx;UENqss1~1Or-Ry4kH7N^WmgI(K$$)d5{zPE#kyvv~>r1v2Y?Z
zyYWl7pi6Q-h4ou88ra_x6b|9$gazzBoYa|w#WRnue+s>c2iUjx=3ad9n$f6;enXJP
z`m%NhEvxCIbjMI!9L`Ta$5#uppV|+(FG-@EH&8U(N|t*irQpka+CR|`qu170uwL?w
z$JfJ8x_`-hso|rIQs^u8vJ;VVWAHYzEhKqg1V`^CLq-*@<z_<APB5bt;FH&r)-rw{
zXdF1%RS^E-`DAkibe#65Y<btiXZWNz0VTrKay4v~8qZ|`Q>A*$x&M|ZFdSdT<H_$I
z-AKswN!8do`4@5-NpV^NeAONh@ayr9YHO1=!p2BF*r)K#XOa+@ZKogX71y$0DL3pB
zbhS_w076P^xFIIYBWzxE%eb*;`lPCfgiT5}C#G4Ikm5{6>o4c--ho?23o++zw$$0+
z?IgI>?;|@)lI7(72;N2W;A=KR$Zp;jaGJ!R&EB|Hs%H-fv=euq2N5<#BVbygV_96M
z5ZA~%-9MxI1+B4#uDKh&iYZ4-9CA_)JHUq=FQLtc|D`!sjqh({ZzNb=9F+XK5Sc%c
z?pF(XHwTiNvDr8YOU?&z+^fe(tB?J13R^FVS)uD#?b(z|#CG49#Zpr>o<rYLFHA;2
zunmRhnPv~5X2Mq{_6_^neQev4NcR`h|AnYoa{%JvyD>#0{&_~x*1<+2{0-KF$V~+v
zVTYK;i8vnDk4Ek?awN|d(&<%{X(V^1=5+1nm#TmrOo`HjF|gx=Ho}9sXE@nxV_`I>
zqDa>@E&zZ)w#}D8ig*I?6q~5fcht!v2tgNBNscdYsEG2-arHARCk!gt@-g`?>Im+O
z!%2j|Vdt(mh;(K$XX8t%lL}(VG%oTq!dC;jdGu_mtS%{pePC=7%L2Xiz)Qp-OiJwe
zRFy{&t}BU{$C5lzd{^BFTQds>zvEd~Ac4Ui@`F(va}TQ76)ZiLx2Z{jFvQ({<gZJ~
zeIDl{m*R6lE)^q*sknzP{R$?r{9iNSItVu6Jcv742$N4@MLa@6KbghA%68zh=d32A
z6;oW?h#?af)PD%u3CNCz`q%Rw_xV(ePw68%K4HHc!HF2{mYUhJqB+B)IM9np{TfRK
zcDkxD9a1GZjrUOsHhAIwvj_ky`Z;ix<8+oN;j4KLmDgG@w_ZSwRhy|(2(;xCCe65h
z;4JLg%>t=l9h~MFNaS3sD`f8dlz3)aZ2mMuYQjU%u?i;d7B<&-UlOgTM|#6R7Tzw_
z#*f)%z3ZjMLs{N`8ZHH<vYwaElj^3em+C|T&An=>iKd6JXCX<byM%}i?&Da^Vg(oV
z-p%)=Ad2RoREREn4AzzBYHG=^InU+XBu@jWoJB?fMYXaH-|O^#DTW|Y_<nBU-R#7G
z4N(gNk#x3+f0581>XDkiV*i*%$>R!16~}`K0;pB}qdXZ@gYV)d^8xJ|m^J=)Xt<G$
z)K0|!w{o)-9|I^sKiTmy_xVMDHSD40;+b@-b_oq+5BD^SIxvA1@ifWtW$Z^`c*CV`
zWc|yf#w>#Gi@btHTJynF4mPgQU)W)np`zckPzs#EUP~42^x^FKO1>2SmR2&n2mc<g
zmG;ajeNql&o}y@*H0lGipZ<U<2$~XUjO+-|sVvVUrEi0B12fo;W3X#Cx!wn)DO=fq
zPM{Jw9jXcu(@Vq1Rhuh$?x0xCXKipgeUvDXS7;Yb2JoXZ;QJU<gN5V{vrW87t~Zm=
zJd-`Sr9T-N?AL%cp2ePm)m`v$(&PnXH>VN*?xH#_<_RKP+@Ouw<x+)<%r^kkxe-uo
zC7*%tN?;tRRVAen+!XKU#Gx#Tn)-RX3oe>Rk_ExQY3T!sp#ST?1K8mS79q`um=it&
zrHB8=TwiL~Cd4(ONY%H{SqTBpR$Rmx0*ZBt{r9bOq*(#p3?1Q9j-ZNFyn=Ye1@++L
z8Tk{N>%%Djx3GD20Ajh=k7fZ*?e3L)YpADT8hd|ALi%N9608a2Q8cuWgRm?NPUA;`
z)q@950LNhaRD2{lS>ty`q|ldyTtq>uKjMzxA3S?KU-enCrMpn*T+ETq!lRT8H#~)`
z3UJSJ0sc`0s2JYl^(S#DFlY;pfencqsvl3_;9aa@U}4V~utN%on%#h1ESeC`ZSKac
zN#xFtW1M#qf$TvL`UiQJ`!`GeCznY6zi*QQ+|#B6Fd@>UbS=FdQvLTlTuvf_qEh57
z?gb3vn+U3|on4amE(4>nS${_KuE~~SM^d<dORVEURc@!Cr2S}sJRdlNe>IjU0Fo}O
z5+Zj%RQiYydLvizv+K6pjNQ;IN^WW)hl6MfAQ=U%jUBXE3e00=%LB55SNA+Nv<vyZ
zb2)$QEdI3|RUuULvso$y3#3NueC$BLrk*jNlkX_tj^j9g=i{cjfvYf<)BZfz4UyV&
zH5rB3E7(#iE@F?m4Rq@qzR@01aoh#mtQUVhJ0d%i7nsG1MY`|LZITZmV&4u{qPXp|
zST81(tSgZG^9z%01XGPUR#OIn64(C=?=J5Ba*7|<Z1Q%}8Smi~Q<&8G9kev?`f!~J
zYK0|oxD2<=xmi+UF+kZDfVcD<9E@)mEGT>*3F#!NqFn@Yirc_Hxzf~cp$~w3*3h3>
zWnwHSB7<GEi~;yAqCOf0@J8e}*V6qFFN+YR-eTYCX5YGL9f%x})y?+#G2p;9D&{He
zQVdhbU;!Lv<}d5ehw~Cy{cBkKx6Ze+f}gZmS(`p(q%9#h*}8X9UUMhAL71y>OOE8l
ze5A4fdNoa?ke35Glb{NGXNP$a26zj80|1r<jQb&lCz^J?v%p`DBX&l3*)MS<V!>69
zB%MK_*oDby9Z;<4h*j?}$s)H^d^4RNz%FVlKT*`%#fcb6SjW%WocpQ~os#EC5}R8o
zhaY7f03SC`Y-dx4HADtraEsV1P$uwf=k4T}fV|#GROQpS`iGIfa8A9~vP&{IR!^{u
zyvEmxZ<HL^L^*FG7tMy_P)`(HNr|$A-p(@kn2&*oyy^ou=gS~m7}*b(laC;sfiSmx
zvO$W!&r0M%)xvRboWLyv<P-RrS2Eq)x~W(M<5-xug4lO7;&xbf4>;x?;N$gtLByl#
zDd+65g;JQr)m};gvycnLU~BjTfJ+R#BGHiKUJ4*|*aoQuaK+@njZNkj;!?29M$wt|
zok^z)P|;8KwUV7U*p2-*3)A^E1ey~;Cca{aCA|z0f;?lX%IEWuMV(TZZfR^OwF`xb
zxl?@I1K6B{3a#Z`zf{r6eROY!6h4A%?nKg$Uy-DO9Xfu&T}x1?WK_ri&UF(xTsmj9
zlLug2AGca9EIr>x1nH%G<nOv9|5Ad&t}sO=W<=vjY_@Zoo<>J!obfKCB}4>{{@fH!
zYzfn;12EmGWv<OE{?I%+IwLSu0wD2&>zPPhN01JD#=bhNK#GhbyC!FC#!x)4frf&e
z%Y)UdgF?dK*>%@Z2S95K4BH_2C$d43I(vUbA$F5ray~+=y9mNARJh6rX$s%NO-f?N
zHYs!-t%_Gr`aXl5m{K8jL{JLCfiyj;rWzIllHH~RNZ{U!X>mS7n8WllM1RW;a$Mfe
zTfue+V@(%J%azKX4@f~EDc=(Wcqk}Q{PX;eQA5z}^9x+yWNIOZ1o02&Qv{PM1Ee(M
zmGc1XKy_C++@Flu;Rw4LpX*sk?~dgYJCG`sB(?b)KJB3_;6Q4eVeFC}9Bv2o7R{kL
zlzmO5X(B^39!|o6LDRSYBTJq#*N_!z{sBg|0p(_7w@oT(PKkFjm*OT)$t2z$uq*Nj
zzyeJqlOel4UC7N&9LnTa4(*j%Ku$v6vK${J@d^+MW}<Hk2H>q=!)+ieokPn7@9%i#
zKx!44NcBWZ&AWwb*-Ecy4X>c!HN}PN1$v(g=wbYZB~XQUJX8U%;h=#mdeNzL`e;SX
z!IW<jI}<C+*Gw9~dTzws(M}0!`tk0|X!+qaXl@}VAX~*AKn@cL537*8CvTD}>-lap
z0Q`j!Y7)F#_izC~ltO2a8ZhwdpM;M)s-0&2HLoHU<*n@aruhMC4IE=yWxnGG{~yEJ
zy_Xa5P(bp(){)$b609)8MuYL2nq^FkbKzN>m`+EhJjF}f7aPq`^v$@+kpCMptL0e9
zEjc&=nwm*6<4ES6n;E_{WH&Q>SH<w1;m9>?#q*E3yBNTS83C$g_%1bQmzua4au^A+
zK63c>pKvJ#CvI8*oJ;S*0EpIkHKEF!lI9D5^w_cr@Od;6^dU$M=3Kd|x!-8gcz3cB
zldihp)w{=0uA6Zh#42Oduq`Mwg_!USd<XS!a9q@A*r(2OLcSiRtU2Qq+@Y>TZOOsR
zbhy*0ujRraG{Mg{4hDncaH)UU*Wb)5jM~BwKH-G#{_FhUUQ<GYZ*O>qsn19p!Qiv0
z;ir9F6g4@e5eLnaZGKvMa^^dqv4Z?Jdacq;nM}oBf^@{gYh|08i@%i_v*c>kU&Sr?
z!x28$17r$}mYGo|Gh1bj#h7F#t~n!KiFslskhA{!Uk3sAI{E>vgT(hpeT5;bIB`QT
z4wA5$nQkV-7?(N}UkY=f28Tt4oaZ55!RR;)nZPsSVTsu^vrdg}Jnxq}(uB~0QI%&B
zPR9F;e>O8tmK*ia3L3e*HhnSbk2&cwL%<r3vzM`ZDf<Hal*3KC0ruw&o20SKxtdQK
zJrbvvoj5kY4ot@|)P~!7(O&=z<^h3l;m1K4&H|(~XWUHh6;IiK1OaNM6WrF1)}8=I
zbIIJ~gq9iJF~)G_aE*5KzE(~u3MAf{#W3Xj8I_D7lh29Eh~G&n(wJ|V3Nq$`M$QJ>
zNUdFCx=m<FUBS}7GS$70(c09@%vUg{Q{0GYXrU*r{tp*xDV`gtm!+Of{cW$y&1+NF
zJY@;ssHHw)F3|i-Du9}QPTjEP)EV>oAtxs>!uP|4zOT1RX^RZ``eu?fb<C+_Nu4$G
z;X^*xe55g}F;{xXKd0W$ZeyXFCI7>7;Cyecb#V7RF6$8ILMC_FX3az5B4eUr6wqx)
zMWoC#BT~t1hRjN#kCvkGyB>v&^&_OB;R|>`KRY&@hmleSz21y<Mbc>OcZ?SL$jOZB
zJ>F?e>RYu%%3O}@L`|oZF$<@)2l}i-ubWpOjko0`@4T{4k<&p2U2*O*2D;S`Zxb1G
zYqn3yzb8jZ$FH~S^9|Nvk@j+_=%3lvVK*vQDx=S727}W__gjbOP77Fv@AylRH90sf
zWKDkltR+&;ax~pbw^~z1{*iBVHw4yq^JJSlB`B3L(qRPA%^g3CA-(kTIaf?38aa-V
zGdrXlXrU>!^U<e4^~OxX2%Q^I^MsT+CWILmr%M@kGspMKt<pH0(DNQaZ08XKe5(-6
zt*Wx7Y+SuwQtK8YM{Z4xEcaMPEc+2kCQNA<5%LVC<1#KlZiSZkut%U$@4`TY>TcYf
zXajX_lCqF$&aN6Jjr*!sD!CEh@@NJ}QP)OOTN;Z73A2Jmf+anIAP71vBbgE}TF2WX
zoo#fnjg)j^rtsW_(&*)WDPs?+_jGuNGhjOG+)ODSZILmTb;)++k!YIyVZC*v5r!@U
zE+6q{4@~F{Qa&`Cg!D6F+xeIUC-$=54c4^C&JL*{4co`nn2s6!XBf4^Zf;M`ujYW^
zrGK9X!`?3ye$ru0d;YgXke~HR#rqAD3LrBUJQPc6E~^6t21J$z^p&ln++T09j_OBe
zXG~fEC7mrvOPM^bxpC*py#P(^U`|q6IRl1}5mZj^%9lp&<kv9)$@T_heIS~WQ|4Po
zJ6}ylDJh(kJvIZsg@B&A+h-l!L5Y%8ce!<p7!ff(E5@oLokm)5gU32%X=lGwv~05p
z`quPqr_Z;JUD1ShgL<q(!@Ue}G7Bo~)`Z=fuv-&$Yw6gnWni~v!)`6}JinC1DbB^w
zy=+2`l-A8e0Ul|>8O^-akcTmlct^jPB@G7*89s`KQW(=n#%J}VSyQ+4rdvmZccN&6
zk(-faF+T~HEb}Y>cjR+)s?#5VK7Sn~ZCAN8oXO52qz}?=1~{MID%-r5`((TF6~@AG
zVafOg`6?8UEMyo=1%xV%?b5t8)^uaklDTRvsu57uuXb6-R({S0(Q8wHH{Fj2lI4}{
zQgm#}rei>gQjJmAuw01691QxgV<0^;GvBF%#c>Hh3fz6;3uPSg>{%{rMnd{!)(^H+
zBLbtrd2wS`XVei)L^owYDy&<N(|==cEMlJBBrJ)eVpPreBo#7)V02FQwd0sQAhDfr
z6A#(E%$8uny7>%~zL|8Z<Vmb&*dc7!^hy?)QPznSh?;ZH4Ep<xpB=Vl+M}&fOEc(d
z2gIFI=^~#r-<sKdzRj{bche|%aiJ8nNb;G;ZJDzHQ+4LXpmmr3ZUghCBs*{~t4;^A
zM5oPt3&|7g{AdT&ClcFE0HH7(G;b!D+YL0r8BU143O1KP+i5B_#Po8h=9e9k=VE|M
z9Nn8&&X<~R&6gTI7+9YK?Da9=MNgI#{AW-K9TJiPPgA7-8Th>flo)IA`Zm85sDju5
zIU@#nxcXoqqzFB}7n!Jfl&%}Z9S0`1@j6Q1d*Mt3;4I!o!=no(%>9rayFp!^p_u<U
zW2%_**oOo8KxOdJ()CS-E3`ZyIqq$<?A^C=o@+BLhx;qYBhc-tXpA@sOXg~M*Kd-d
zCGbxhDC^Nos{0D0sD!z(<GZAotz3$|2`T+2V1j-M?OdSjWzYvufp=su2KpRz?RMBy
z{UE&=KB>GDlpTSurkV7?a3FEzarAlfrSj#V8Z^G_=>^z;L6uqwRI&vo$5MdCrF~Mv
z#dNyv1ZjI8i2n-;av1w=XPVTAxkowVpvJ%BRu2K#%~fzu>9rjF=eJ5VSHRpOw!6>c
zWvc+#?}qU5BwV$%i|~tvb?N~8aRLMww$gYINJCnNCFKsylbSwWD7oGR7dQ;g7>q41
zvy9&RFbMpVD_9KFS%oFM1@r7XSo~wDO%H(4^8_=VwcxC8a^cH(=Ug1}z&B!hXz4!5
zs*8htoeGkGr-17_ls!J>(+awhCPUEzkX}wn{i=nM?{_c^=v)N9ZQ}u(?yis&G0@d)
zP8}^j7mGD;8tdgX5a#hAsr>wG%jtt(=XZi>IXT5xce^)$<R8cb!)Sp?8!hMB6*kM|
z%wS-83M_^LX<nVgRd^UvIUlTz>5QD9vF}=)Wx1Y9gLR5TTM%ojAOmW_>-qH#(~9D9
zgXaXnKm(W3uIU~oH8IjrMYiNP)NQ!~TUmM)z?F1hqO74XQX}C}T>T|<sv~q;MzSX1
z6S|ggN-!t$%mT1_fb$aRl`1eouEgfNa&fLyb2<Vjmw?TIe1`7sltR6mrBFZIqfJmT
zxfEfn4Z^<yN<5RU+Z-sH=LV!O5h;9uSBjqket#ZrjAwwG(F%=#6gAM0ZX65jij6^w
z7bgDs&>Bfyf{5J(&H~n)2crH>yVP<vw18t+5p^u;44%#4{hrH}s;`1l@Oz@!JAD25
zz+P}a%usf$4N6)j{nayIbRV!zYWNIV?GmUFe`NZ?F!6s5(P1KuG`QG-ICn)FM-LUr
zi`<2$52b-du(_8}E;y8B3k#|05kSR0-k#P%pq}{m+SVje6b6+Hd_oY!R>DO`%zXe<
z!nNg=yFap63U8;o^ek-GopgQQX}8M5J*=yAx<PbwOoG-DzFewiVkv}LRP`~e_J=sM
zW9c+(ht7K!uq)X}d|Q?jBa^N^nP54c0J?a%)PTC33zAOlE1b?_`mOSA?C%0_i5rpN
zvqQ&kc@8}B#D2@;nL*d>Dbyegg&Va1&o+o1O$#hfH(q)1J@YKDaqFv@+-`ZhQ5vYY
z07Lsb*wxr3;v4&=Iz)q7VDVQlhT^PeXS!~k<#TuejSqzAP~K<xc6~=%k!h^zX84Y8
zGWSH!CP>%F@x&IXViA+Om(xjF!UzG%JdU5R`@skC{nXrfX5NY=@Le{09<SZaSPO$I
zQIgs4T{P=32B~VMvv&aay{}J-0~0uRaU#GJs%K|demnkom5AMidtr7#evJ<!c20#u
z%B-b#44~{MG(oO_$&1KJ^j&Cv*x5R)a;bbV_&u$%Y9#Y~=fFKWC&XsWDR~zn0el8`
zKZkn*MwT=V>+o#%?C7)nYcFk;D&Vb$R)DF}v<<hzb2|nD*DChpL!e!*WNv5W7Ri1B
z!a8$V^0&{IYT<@D_zKR8pknd{QFf~cl1J62FbuSU0D23}uuk6eLyj3w)(Cq*MKNrz
z1GtO?El(PQc3;CKp)u0(Fc)PfxBZt;Jn;9cWEQ3JWuWJ$7=CJ{owTvT3fR#avO~*r
zV1Vnm&@Y9sI;l7bGjbT%_9N+wlL0upwn+^R_$3tp)3kpoClan%n2xhyVFtLC_ma9W
zgj6vDJl0LO&&AlB(`N;Cv@Vbu08txpd8&Q|!2Uj1{KY;iSXDyb1^mU0!E99#*=sSJ
z<E3p@up3OPfz6@%lQt>b#q#O$S|Kw`@8G&Q>8>}Fa4g60rE!0W52KaB>{9Jh*-{lW
zQ^#4kk}F6%gq~&<y@ZNBViTJ~#Wj#$SJUB*(xw~%%l4yTR%lIOs}!F>ZgB@2^L_OA
z?jva<QHo55+XGJ_^faBq3)zntK8a^!O7S+*!A0Qwk8yGyW6bhZwkPx$U8j(4HMCpd
z%FWPuw{qQfF{1uD(gOHKR_@8R!cV`)9Y2R`B#HzJ?1ZML7D~}AL=}?Cs#e<7t&C`P
zGpyOq!=_rP=B+L%>RBvB1JzPAvQ3IsFO#D6#Zt6sixfSPe_@_8I-7@cJEiDC9*~`g
z-pAh_<`wKm(e0H|ZTkqRcJ*ed7NeWmM?z9v`ckQ`I4spo=V4|*s&j0X>d-o^JDZ=*
z<>8KEsqTTNrMf@y@MxY?*Ui6h@7Kfst51Jcs{d(`R6nU$s-IpV)z4s<z+NELyS7O6
z{%ulyc!^XW%a`i!iAeRU;U5sH>ihV0<7TP;%Ni+m_*N<AE0kiPA}Ll`A;qG_QjC^W
z?8L=V>=blAep4yM&LY2B#81~0NU@uE_SR}Cc6YuMdoWLm_43fqYoFO7#a`gomw3hQ
zpcH$1vlM$bB*k!|iG3E48lHVxYWRGa)bMq#)bOv%rA8b1eJ($hF0vwx<6e*&F$HQo
zVx-hKdyCY#tX69LBQtS-UMw{}xlL+(yFhB(15x;+u+%i7NNS3AN=+y7aPlIl374X#
zGoYiMT`e_T!2fmf>@psfcS%iGZ<Cs?yIg8|JR~*s<Vj7v4Bl?!wJ-87FK?BaUV}07
zuV<y^bUdGPc_?E3qZHYWLo1}_Dg1gQPaMs!2)s5U<lNlAPt81>&?PmW^o-PeS4e8c
z)2I3VDyjLQ#ZvRbyzH@Jskxsw-Ly?=-qvYFcJ1KTo&5UhRZ{bN)l$oZ;Zn;11yai)
zT~f>Ei=~!-hNPBn!&1xlT~d6+Rw=%JNQ&D#rMPQ}6mMQC#ZO>>cs5U*9g*T4{H=?B
zUK*C-n|T()!T1|jChawi$EH1Vz-@D{pH9Le6RLN-z4HhE%oFBip=x6L3IZceor$-S
zO^GLJ-ebadKc<}qpH2N_-Z}Ma>L>FC=C!H6nV(W0WPUR5Yz}Q-plk{fF!glt_HEJ#
zT%FS|cT1%csDFWljmn$>V2yvbeK{bxfdn3hO#rc|;nOs!;S)CDFNwv-lkJ7z)&`P#
zmW>(shYn)7dttuFwVIqO^)i5I+oh1x(!W5p^XIN4rkXheDYqFpbX#zsI}ru%W0~nE
zQ_$;(f*NHvU{~Ag{nCUL`BIke86XwJn2&3>YPPnQThT~+DES373-iOfDiO$NOEyMQ
zXsEG$OgTP|MzP31qJ_W9#H<-f-J|=hS|ekY;RcTY^wft-tlBo@=ZqU;*{DLP?6;j(
zovQ_(y{kc<wg6J@@Ji!mV+F|ou`v?N_S1nG^boY+&z=B12k}nRkV!AYX>w3<dd#Ca
zQVDl$+Kh;lcG0%ILC@UPAi|@zNyF=hOL+)Bmz1KcaB06Z=6$fVUxN;A-6Z91M~H40
zXXsTP-avv613qK1XN1lTYHGyz@+WPQva11G8RE~s8bh_!$S@eFlk6dv{nyw%8>q8%
ze_ZYiqFLJ~6?b9F_7mLtQ1}~nF&3WK#u?1A<od28T$!?d%iM$P_Em_9u+!!KJ!r)O
z%Xq7oHb`T}(%-t5wiBMuIm}<0uJq_)ep-OK-NX2%tp`xU#X7H()@t4wqd#s%d*P$!
z86=Qyxb1Xz(huCC&4vlJj6$98v(82R%=i=Mw*z(|9cC;`v#-Kzl+4`Nj@l6TGM!uT
zM8ZKFZ7-qTWeg>ShFSv3Ch5?rJOLgi<Qa81FQb)gu<JCGwS@GQ9^juJ;#vC1qb9T>
zo(IbUp-a)#(hUBEszb<4S+Dcjr%_c#zsZ=9Cp`L$1v#2Y!g*UL77f}iqx@>sb)VE~
z)!T0eCarW?_1y$KWb>2kHdw57qYX&}F^!wOz`Yp*0?k7pJtGWFuU8gr_v{)R0qOCj
ztw`rebK1X0yqkotcvps$w)sDas;0og)Df6imk`eUVLQ%Xo2kf^>KL28<cMYNq>y+D
zxJ<o)$4^FPPlH~Ativ0iNB?k1p&I~KY=fQoRBw^ybIblj%%Zu{Fq)I)al|?pLifGC
zPHMiK@*hS@)&$6h<4Fu}*eEsFL3S9$9{UnQtaofob^s$&bEV*qfGdY*NMpZ(cmgh9
z;5Ku(^*6vTR=HHl0Cpi0pn)^dmp?L+>~jXrqq1p6#N_HUsfa2+_rPJ&1SEUxF9G?y
z1NZk?AhYlLthi}4)}eLaMH4kQ%<(~yHd~B?S(%oy;ZoK8)JLc^mt(?OVQ2cH4HDo+
z7@Q|C!u&YdHR*J0My6C1V07?wm^z<88UA`Baw}LvtOQtXA>&3jFTQb@RCEY~o;DDS
zi40e|v!v1)jO@I?I5pJb(SL(H@_e~8;%)l6bAakLGd6q$2*FX%VYV~M$tal3Y)ZI2
zH1KO2G`Xdc&tQLRV$Rwi1hL~O^|`c_>yRO&^B62=0QOO;gmGl%en^Fo*BgqViy=JK
z*u_=}TweVRlV%?PsetSR(-%q>4yH!Ht>F%``uAxq{1mvuPbnCr*lX#KYM}2`&_gRM
z+91UsLKa*>jc7{q_ZLbPJHRMjp>PL24xI&29VDT;9B>6a-x{<hDrP~)KbF4VCI%6*
z!8g8eC53)RpR+;AfOBm0nsq`5IE!-bW#GlvnIYPVhiX4GwP}n{+2C`H1;3hr-rV)D
zXAkpA%_UjVIJ6R53K`0Q?iAb)AOLQUhY3*61C(ERD7;V|8&X3S(g#&@xKOL1sev}e
z8Mh6*LOg(YSJ~4mHQeIolCk(h{B1nE2gVp1KuD`r^DZ!Tf|Du4=vt0oq^KGkscd4p
zRC5^%?k0K(Z*ZQOJk4SA3c{K7Fy~+dHl4RJDdnS-CMt(_XGjfzY@y|V92X+ea3R(E
zurw+DHtKN*q*ec(mzBWh>Nb56NY&jOBx-)O$TfryqUnv?o*^NGt|FE&KwR;0n$$EN
z_#GqFTC|27#1bQ7XQb<bFih=;MmFNL;8>1w<X6m0J?55zi%8#)<@0PsXz)}b*M+FG
zG=s4G8HnKvD1u~FRSeWtJpfCpVy#s93lcu`K&z4As=g5xb&ZV&5+KuoL2^3nXM8Pw
zO=Wm{g}y<qK`MaS;r65$3&AOjY4KL6ml>Xd^HQu`SnV|jF%m<cDfXvzQY}%%e(>64
z>SqGH_aSC}rlQyP>|Aa{s2kkV#t_23Wx$_(Uk6$BQ__75D{_lbB^<I>{5zi&@=n`j
z85ly4xF+@)`cXL#aVdD0Aq<Vwj$=Z>kPkA?4mlAC1`|1mb>%>_uJp&lq){wK)AvhI
zPzLktR0q(+COg=n`83l3Gy>s?HXtxdHGRpPU39cj^)VvznQ2f}xNgNyms_XqL~DHL
z^(8|wZ)$mMN!4-jin6;fAHlCYvx&`N;#}*r7f3XXQH#zX2ZnK!@m^oDcb9f;dotO{
zetdzH$9Rs7Dap}`J=QEkHYyABN;bl<QAN+Y2DPmt(yUpRKS|3E94==L?P~PLP41Kb
zR~o8BTUE9q2}T!c<XS0j_gbkaj&(O}gsc~Oq@vEX$<FO{x6hZY>%xB7mh!htZ>3dx
zi(9r8bD5O-F4sD}ZFrk(ZBKScqdrAL4Tv!R+H@%oR;O*X*ZP&C%Y{oXqRrXVR$JJU
z&0WhGGH22(3$s-IH!Fe#oVqK5PjYh_PTP<rI+$wwn<uO@OrzA)Rzv>9Y}-RV$mj`<
zM-a(QUp#T(w8X2UWO&E11(G_Ot7=bk&{yOCTn<WP8;vw3maZqRrLBQT%Cl*gN#hV`
zkv&B3#34n_BsG}0SgJXSds>&F#KBK_R&v9&TMnrS^D4U>14|j-3{NhH!SywKI6Gtj
zI~vn=8xJgRJKO+!77rLf*+=uBHA!{t)QQNs79Ex!lI-*pST5(;Jdp)GICZts4(INE
zZ?1I~)=|>Lv;p;MqOG|l4YAEwn56w}y;SzM1u$GNjd=_4x4Hqlobf)lHOFIblWiqX
zr;X{%%!k?&T*-tvfJu(g2G{5jaA#<i*g7x__#2*0pZTN_5%dnP&yj6j9S-Md9;xu2
zblDbVqW*2$fawmBm;Y|%3^8;uY&mm_8%u!liw776dj(KRkJQpDc?T=fOCXdykzt*?
z=*pg?gMn3q=RML9BkuGh{kIH8u`h67$eSjJkb}X^dE@|RF*-6^8o|i6#eS5!GUL8Q
z)`5G!;wGQe@HVI}em3T!q+!2fF2%4Hv!#*eWhH}FE)rQqqfzkQPL0@&c;n`cQpq{}
z$&h9-7oESkPZ~8IHWkq<t*`={_;M+q=wqT;$!qW(DM3w0%l?+q66KMRZ)Zz_K2<ag
zCHGYuq`ZT9mZ+C^cbk;agC=D%!b$lBXbkes<7Tu;nFkgs5!`a#AtAk)`Ut(7QRB;#
z!EFNA`gn#@3o|;T!jE81eHfHRZe1r8UYWjk{3|+tU=gO4g(+$h8%D>#;!i!hub`Ft
zAX>$#;KsQ(4j+aDGlr(9*`8z!7Y6^&P^ryMVuY8?LQ*rm1WeJ)MrHnaUrWWjHgUtU
zI}h18Q|1M@xh2RWiGLnkNU2qvS~){1NJl2Y7tf)@YX_YZ98R*OBj|z-8nmU?Ac4j=
zH@AyPTysdH{`0A`UA)%1q;eXhLRtaXwM!lCQdux$UAl>0o00lAo?K&VdSzQUn{Nc!
zyxc=3c>mhH8KHYQKn(JDOn^836@kY|ir7e<53jRY?L|Mhe~s&hvy3-=iv-Q6{jzVF
zufMOWV4g_qAIUe}J06%EZv4#Lq~3o9P9+(_6OQ4hq8DJU{4L#@XU>p^b80S%i#jUt
z&Io~-ch3J6Wx?Pkmwx<QDSzz%W@)afSrI9t5fettYxg<Mz;`ngD2voNT(beaa2n>7
zbfFHR%S|sjf_a*KBw-WdjZ~7AP=RN(tOgZ*TMuUvET|%qFV#lbt==SWsvdCUFyF{v
zJdUqP0}RG<BbVZW0;UIArDn8jgD*0h79r`Kj)vN=JEiI|^jtsYST+Je0|SM&Bbz{{
z)%ku8qyacoXV7?sb!GI?4R_1`9V#P?%U8@~>IlrJ_EqK<!Hgnk5}6YlyM)tuG=GEe
z5`2`>m-TE1GphInF_FF2c_UR3b1e3=`5s<806KG|@)-fi{f?6XQ`P~3*$uZd9`+>t
zJcR81bcdDhkgCdPA^wP_<4x$EUj)Ht7A@GLf|C6@XbUfF#sk17)jYuTD5XcpbTS7c
zNb257#RGHAQ&Sa*ufPb4DTB;wNo(7?2?d2mt&?n*W>^c>u=(dA(Kdd>RZ`*fXQeSO
z7fU0KtCB`VpP{KtJQ&>be20<Yotr7!ypm;Bhxs7G-4Db28l96br56#iClt!oP3X({
zn93Efy7<eWHQ(LdZ_VHQMj)BzWTJDD^L3lGz{xCQ+Et{cbBG7VLJ<=S<49ThB<U|8
zdGYz%q{0i(>HRKED*OW&=yO3tbGKLv?LTg{7Ixcg)*}1JR%=mriOuS?PjOnE-AOkY
ztIKZhvAVi{@3by2?`X9y?>>&T5lyoe2d>Ss7I%NzYG7+?iT#{bY3w0hYf1NSnBn+3
z+gfTb?Xi}27qwc;92u?FvhGuRtSii-E;@*N^~$x@6+Q3wSXbKbvsqVm|H3JayC!HY
zx0l+itDMK%tgE^UY}N`B`E$?AvR15_+-hBIzqZG^y8B+IwX*!&9&2THk<GfsUe;q>
z)6F=N_4r)tT6>?(x_14XR_i*?9j(d9gTO^|t?PQ4TdnIIpY>SR_hhtMH`q&htQ)$A
zIjtK_p<PI&p8Kav>&EWN9_uFi5k1yT-6!=}H`_PaB->vC*3C<vCU5T#S*si~ZPu#w
z|FBuN*q`aKZdp^<YTaso!)e{RrliNZ%^q@Ew{`#0Y2EJ4>9KC_8%0V?7)iufT;%>o
zf6d_tvL0pc{=Yw}|L&u=mTv?_G@onVO4&?4WK7Zi^U=4^7%~6i+rm)T8gxlcCM>b>
zr7ndNIL7e^w=NX!|NN%^56}L0pRm2Z+yBqQ<$I*>0ob4MKfRuZeyvo+a_B(*lF9{A
zDc#`TY|AkZ+UsT0)2ut^F(kFGWI~j$21uzqmsK*DBDTy1&Ihe%tVc5w-!zjPr_!EO
z@@YPNuLQD&opT`&Kcz=v{gF$V_e*_-S*L>so=l=K0&v2SbH*SvLEen7Lo$y6?B)pU
z34AX6Qz5n9*MZk9^uh-r6f+wXq*RC?!rP2;q&X4ZUnABw8p+1j;o;$j>pF&fgDNI*
zRL?`VV;_th1Q+%QFxrEVaM%Fb>#xi^BTQs}5!w-*;JSMmR=*7rB{rre6HK6Gj6l{Q
zr&u!&F3troZ;_OAF<?;s81%Re@c&Rb^x^c9g1zcH`EFBCRX!Mg7&(X+{NA?^1`~az
zN&wwT1ko#h!cPZ*;2J@1yiyt}kV8d--3?#Q>kmjRc1D<YR7v(;SS1TNYwyB-dI04r
zBvLECXZ{xrq14JrT^Z9CN|5H+%K6o{U@k)-J&;COqNW{e&ZIes`ELSa4Cbu$FK&^l
zH=wR~GMR4~#GMmi=pw)v#g?e{mt>$Q_civS+Sv!62LHjvIXRLs98A~@;xOnyx!!S3
zf#m3bRP#9m>JLIvBXh#Tk;y4OFd`NIZlhFu54A3zF^bN>D7xmOPsx@><H$SuOk53~
z>XU6gv;V2DZ@xz&p&I-i230d@RB$}`<lw+o>YKX}T1Wt}lm+Isro(3HGCO%w>P~6M
sVr>|(W)LI$Kd3cQ2V@Wea}{!Sk<G34%C-a^{9bt?i`pEE^S!zM3j_W_rvLx|

literal 46610
zcmagHb$DFW`u_ddqj9UIf)^;(Vuhl6+%j>O;uMGCT1s3hv{2loxVtBrcv6GnZU@(c
z9rV5Kos<B-bKdVi>l#^m&)RD}dOtEyQtSg?)DOXv?HXKAaZfXp?wNpKe<RfNxFLRh
z5_WT;7yG7o3sihC2o;q>8iv7K)Byf1dvTa0^-#D^1B6QgI6B{~huS;sIKu}uLh!97
zoLx)0As9(O<>x_M=GOI4c7_{@v-@y$?&F2%54ztyF7WS`1mV>#@O|pXZBDR(@6LYk
zY}*W#IfLL^GXRB$^+2J~3<dvc#@(6jg{qS^WnLx(E?NhnSP#_R<%E)(dLjSDK`<Kz
zp{g?kMW%l3_5?}h3Ekj-)DE%P?Id+>(*TiEolrET9_n5jB*o11g7?rKh~KK8oauy$
zlY2<@ywwQiWIGf*;UKkhTQ7tj_mdXAxe>zQcG5aiyCLvG3&d83$?Tk459Sm75O~!A
z3tZMKCsh8?4^_{)z^wOc2!Qv%7IHdg*F*3M9}~>Oz2IMCXF}&rHVFRK#6;7yL3|%S
zl<gAGL%YF$)j9}Y>HxE+2TYxL{LToJoYDa$FC;<fsbMI6vK8VFwleXR>=dZ{y&o3L
zYG#sotQSi6O+eku2B_P!5vrEjp>)0-+ooh2lR9&3Q2DQ3h+X1>P@5lWJT2h6+y&uc
zKh$pR2D7|@DX}HpOnG5)H&eaU_28{;W@;xksC}aeO1JPqU7rJrO8puFQ1^X;+`x@K
zay$3$2G7cXh8XxSjDaWM0M9kaP<5uCX=bz@JiT`C^e33s)zS@-!%~=T-lV;MqZjIS
zXorGl{NVXg^S*b0*OAcB1JUJf@TN6^cbW^lv-`vv4d5+F0`G8w>D}|Y!8?Bd!k2e|
z_k%EazYl`<hko#F)ymASgKcc#{nZP;$-Qimm^{FizCU!uz9NugwC1O5Y?+wX%~s~I
z^=$3iw;O!>CfK@jVK)@p8ldER9oe-B(Rd@&zSSXmu|wgGec*e^0r@imP|%<i9MrF2
z2>kE*pzP6pC^<C%!TlW?TpHX^^kyU5l-qhButg69kMDs{s2PI#$#Aw7xxN*Ad3J~#
znt;+9dZ6r;1lyVm>)FoVCnoL|UurGE+j`ip`*a)Bydf&-utQ+qZf2P?ypVrsGkDgy
zp>|ye!qovVXZRtuV=n~tnKwNGMYp=3{45tcnA_KbzaR`1?R`)^H2@`s8%lQcYtZTM
ztNq(Ii5)tV>e<m;P!GQC`oR1)3}xR3pj`5xe5WKRzoL~LI~O#uXV)(dh=kni<+;_%
zUS0Qhvrp%uZU|R3F@K~#0A(qCP<4}tbx}Y2nTZ4xT%fm!0T%fVj({&L%0AW&We#oA
zVr@jThTb&ry{-eWwSa$%4)AZ=&!V2~{ovn2!yzH4yi(sb^=asb+7I0jIyJ$m-Zgsi
zxAn!_y36Oo;Qv)Z!QBLblm-Z-xiq*rwR5oz0$EW`D=G1ETF)CcPWKPhb9y3MyOG@l
z#W_8k>3O?ea!8wfVge#ICj`5+fA{r3{{1e9tm^~MB|fO_ZUj$tg0sz-4Ll1qZ=nl{
zzY0L!p)Saq6^8r|dZ6;`0jRn*0Fjhd$ZzO_{5{+d*{PB926t-ad^2W;>U-^wcj5q4
zztG49p6~l1{z(uDRwYB_6$4Orr-nazz#9}x9_MATH(_IOmtWHM4?7o{KZu#;^g!h0
zX7D~^hxnOps4K8T`IIpD26gbcddfj36o-Ql*ijNG8iddtdYBD%F6_d_l1M_7_>-NB
z%y~BOmifTEu8E8KZ%9x-P@7DH`9M95o?<Db#gf3@W{6G+Leatj4Z~uC7!<$U3*|j+
z*gA8(P<F@wn0q;BGL3pDJ=8~Y^yxmDJCh}!A8)0_TqEUhT?(z{Z$8@0H~XMy-2fDH
zN^foGhsu53Q1D)gL{$%zxB8*tjR<Y8OCJTa*`|bL)Z0UQ^jSYdpAA81UI+>{^gzM8
zqUY3B2#8n%C%I|wK3+t#Q!B)(B>?W#@K7%Vo({1zdTbj6o@<1_`^gaaasUF~>g~5J
z5crSi?-w^qJEwTD^*JR4_U?ncr&=I*uylN(Ue)zO@Ms^)ynE^J?$Nxnd=Ng~0i~yf
zAt<dDY;1zibScAU15gxbhmgO4Wt|`Eq`&b)=*46Rrz9Yp+5)A|4np<8y2183WNFUe
z20KKz($U7-AX=?6e_Ur7@j~G1ga#2@VH4yZB4UU)LivIw2ro`R=*~XyZs~)-joO?W
z9W3{x*0a24M>{J_dp!hJHh^iDdbhVg)l(8_RW??1RZ6Gq-^0b7-`QAcZru%K_c$~-
zq3XLPsQROim7Pu-l>Q(V>T7`D)j_EH*(vR3gR<Xx^~wRh6d#n#wX@1RwHu<3ham8s
zLqjq|Jv|V6Ow9CIE2~C&dmyh@t8Y($=VfWI`~;U2e(i;#<GftbIU?PCP!iOX3_xvG
zGt|8-$xzt~wUr?*4Qy<Z4(;aB-dE~bZPwL8@qJ0)&u@alYa79@$^O+X5N(hQJKM|Z
z#3weWIzm);y&IxyMX`T0O1a9YjQKT$xhyzeie-K~#EKdrR+a?8U?X^c?1Ru{%@Fuu
z5c2X{peAPLvi=QX5~*WPS2vgYKCnS_Zy9JGYE{3up}IdA@)l}nXo9?pb%Sg5>W*H>
zdo0Z5ozFCKMR1`c^$7_LqSI$vp!oOz_`C_O=uVgMxzf*-=Dd2Y>^iX<;->^5cB$_2
zb_<wMA5?Yd;BS;}+-T=2bFXf$?hM(W;$A(+UXoXPIl0EX!^XAd!CnYUMwkc7e)*_J
z!w}b*4oT%JH2L}=@U{+c-LM$jbTokHrUb;#64QO&2HrdSxZZoR4)n1&luyvPEl%b7
z&S^HtuWRLw?ou0fnn*VJd%3eSMN)odKbWsHK;>7h+-16DUe1+u^HBoIe(Hnr0l$=b
z1NU?uC{uUeMu?|4A)eI&k(IIzCp2JNJIxF6X?nYzoqNqJF|i0PvY`*c8FujBnBd;t
z+r%@sB|-ck8C1vVxZia{_~D?0zMr)wGHj0TfXK9U;Ek?;yjvPrmtWqEt=Dd2UFRH8
z`;`f(I$PrAT=8$U2xMa)L_Q9I|BfEkd*|6$-?PaJ1r;)TBx&Lco7v#|UcP}0x%llq
zHgq0T&&G;}8zBCMlw5f-8`nML<$3=GJ@kfNp6@%u#tWTqdZD~B1Qj2}<SI0Qzb=_g
zo-O=PCBlq*TOjX4nO0dos6J52@Fh2R3^C%teZ1%ywDDqBrbPWlJ1j_YLSbt^)TB#U
ze=SpdhPJLlj>L37FPYM6`G<;pes)0hg0*^;4E_qy_=$~ByiRt`_WGekVy4Ucd1>TK
z$%r4FyzJRgR`_Q@UQT=`lQ>i2RgP0&JMG_gvR>E9eYl{BS4^MGvhrpqu8|p#D#bTZ
zoE&O^SaBM!tj(_HRnx5J)y@fCFem5$Cir>HBSjVWw}R&d>54sqyw>%sm)Fh4dS34o
z3x#fz2$Eaic`pcsHO*lDZ0C(=X;ebX3DFN5z?T%%5CQ)x8B|9MfbUjO`$bx5v7I-1
z`s$(NkuYzX2iNmvXSRHt*Al#4@LK?i_s~PHj6m_eVw?i0*~5IiJs8tYdIxyN_r1jR
zZZ`RO0jM4tgg~PY3Pkq>Z%a*VFQ4wU6yABk>E&I|m-P@^B0fLZj;*uD3&HjT?{*b-
z^PXAg<-NW?WIzAmlF20QY4JhKGE){Mz%RqUWQ`N@W&P*>;DQ2s7z&(0@SiWK_k0Wr
z_LSkjr<3>1Qc+!vm-iDnHa;-JGC%xwJ{VXl;jvcB4f^=7E8PYK=eZ!he-r=myjjn`
zx&~}~R5I7gN1gNQ`8f8RmybI`athzpk+lZ-B&6M_*{K<7=SU~F`S`TUYXj5Jb}qE@
znRk)+_cl2?i`@JeSg-T=P4-5Uj~~}J`62$XHAJEMiza?DJ0wdw8u+QxE~TC?-f}eX
zpUxD~OG1|U)ji<J(Ltq4#s+oVR|fgn>$354=S>n-S4z>RuY&5+WxxE~0EPE9L;g0s
z*gBVX8>yb*Zm53Q2cF>s#Ln;;shwxlL-^kbBh4oj?Kw%O^>q>i@`8|Wnc_LkP?pmH
zwY!N|Cp8-BX0|j*L9dbCH6$IdQV;!=w5~H@WOO_GASPqcd#eQeH_b+7_-dDt*?XJh
zP<sff9Q_dcNL;&xmV1=lnDo4(!I*4L>NX~Kek5X;kPN|>Wob=vK%v~01v3N26mwE9
zc((IFu+?Eq>CBV(|J-Lx^&ThZ@wh&0-90vAYWE-dA}dMy(hj~KB<tn}z;8M=q#C(}
zlSN2g`ET1gAi6SW<Zjrq6{5chD!Eidc&R+s*By{|TF97|U+FZat*@&$rh5*z88f_3
z^+J594s>Y@ib}!|-m1r#(RrB7m>CwAg|mH7v5g-JkCbIJ%WcfuaE08yN{6w9Sy~U3
zd$&QM;FE$2Wg6V(G`8rD>Bs#J4XIH0xc1=5VJLi7Hce~@3I~&*a6=Rd-;^W!=8&;v
zXRzMb%D1!E*sAB6gt2u|ay=9!HyB&@`EABFrL(#PxX2kOl|Xq_X4Ltzy{~REw&|QM
z2jABS(WizW7!noV)dz(O`oaH>+=4fgAap|qRNXHdvr`hdGYC}=3Yqv+f=7;BxU>-p
zK9o0hcMyu7kOMQVUFL5ily(jo+XjEuw*TygV3S~~5sBuJHVEC{3kwVxhDSCS+jd=L
zH?}kPlesnGGPYZ{e*g+KrRWY9#6EBsv&<aHrj#CId-FwE{||~&-s&-S?Cwe!vpplC
z>=EgdWzELy&Ky~m+smnO^=OcT5R;oGQ@2ic_WYa#9^o`zfh*pvGa*(brJ1jNUM-@Q
zQ{y{HT4SWg*vXuxoAwJ>_{47P)Y%}`ZIH<smwcYu4v{@W;QM7M_<olH-$RDinJvc7
z<(KpuJ9qEzFm~x$-)-z_ZmTmYm$NL#r1<k@$ZKo`^8wM&e3v{Wr?Fdj>sBb+DgafJ
z8lY;LHAs#xNf^8J-qUT&F;lu>0TBqiF3;voff5IZ2pc3j&+doFbxp=xbCm-^3kD!|
zN;AZs5Qwm8z?j>a+YNaqG(u6ADE3FUvAcPkW#@Q}-8-jtgZY7^;|Kced^;5H)@1DA
zkzG<Cci1bznBOZ>*`dkUqx)<b6GJ`5o~F?ab$iJnUlfGuktC@2y%nlEg#R7vH1=G3
zcruh7=78`We(;_v3-70dv6ts3>DnEg;0X$S+gsr1vvy;z&fI!qZ}UWflqUwD_9;vF
z>X2`f1M^HWl$bgrvlR-{+o0r)7Gv-JeI<tqg=&1;3>DwWBmKo`%rm#r1KuL{=3-IA
zX+dM&;6s8*1$u`2TA-+<+1ST(yY$Q}K`8&c*Vt#nwq9dj-;c6~CN&%T4u|`V`Mx5d
zWheWf@M0I_H#S1aJQ*=UNNfC22;SKXRS!vHA8yy+Fy?n%Av2(<!Pw87P!I8c*^T|W
zOo3BZ`HlTceoFz*g$Xb(75sFGjN{{ajQzV8>9V-jIKVtcNZ|bfla{nV`FySUI_;?`
zQ*wK)McT!CxJ(ysuW>+URy~yW$q`#^2k+hzs(bet2YTn&j03wf1f;ywYaHbH*k&Bm
zxwzXn__YQn6wH$-nA~faq4Q*RPws`nDf*3D1dH6=1O<&c#$zQ9_VgQOXR_DumdHXb
zK1?3LJo&_*%E|mx6#Hp0lpfU!rEmHSZ)b)L3Qw22KG6=9C+f%+ISrrpV;huDvm3t7
zKfH#&`?qc*5OUQ+)j$)}<k^it*YbKJXznC6o6wG5H3Xg(ZSe&XX-75~k<MJNadhHN
zud%S}JF#x2?3|J|$iGcIcyHJ^rr^eU<5+WIHxxeOgxX&RAavjWl<%DfzMT`svHjn8
zjpICfO5}dn3`IAI10JzMc&VJE4<+!9NQjy2P^2v`dbJTk*9*)2O<eYwoSLtPjN`h`
z^FrY?ZBAAciZkU}PIo}@44KI@#pk=ajN{D#8`RyQ1BkXj;WBZQEd7FI!v9{8x%x_r
z<X=cbKA4XO!86xs9N)FL1!`j&%w8~Ee&Yn6<-7bxAo*m6aYFAoGED`J23r#l-B}*#
zZc>KF%H!L&0m{6~ptw$8$a=|_sZOZ-y%&nlZ7@#s3Ck#cK$77>NzB7#aUbCX-;r)8
zytx^wwidmt?f_qL2UIRhg-}4l6%w2G#2|06hO3rBal8ZKZS7FFZ3h&6F#_eMcR)pJ
zyK&-cC#6BnH7QX1eg+i(dl-s;Xor#sE1_h{5R}XqhLUYEpyY_9P_j^1{c-tFa^eV-
zoEe3ZRU^hpCD*4w$!%dMxo;3kp3>WAbgRx(D0yc&lzdSHrHdm_x}+US+lQg_$~ctX
zHUy;)UIwL)r$XuLDNy>hhTl@5Y=-1oo`#}yD68p!vWxUZt3F$v4`o*lLD@qoQ1)yT
z$_6!M<1mzcxD3j^jYHYbg;4fKDwJ=L2IV_+KzT_F%9m$Axwf->^)je1hM^*@04lOl
zp<-$jDz=S4#a_wANiQFy&&+jDp}ns-UGpy2XIJX7YucgW{RmXfDuBvE^Putw4acs7
z%0-z_dAeSmy8$W}uZPNdz3tGH<wa1rY86!8lns^l=0oK}F%5e4s3t$T94ep9g39g*
zP}#Q;Du>gca$N>gKED(y-@F7WKhc!$^!7&$zs8^{Z5>o)4@1?IRH)j1DO4x7Lv?x{
zRA*_J5P@n>466M}P#tU2umY-&8a7U@UX%jW&1q15&9HIuYuD@Bo5N6j*DzE+IRw?u
z$VPuoZ{O1GKS_q_&%#i%MJm)Btl`KEs5vtRHQMpoP%6|$2B9_{hdRZ3>JGjf>Oz%J
zw;}>{H^!ju!Aqg;u@0zvMpL>pB=mN01JteE2z9RvLEQ(s%V%*|Fil6>-(Z|lmL#dX
zrDbA^kDd!bc|2&G(xos*N%<fIACsjZPswwoG|uU6W0Bb?RsMFuSkyVk3)ONc^X0V_
z?X5W2XLjS%^(i*vG|!Oiu;G5=w8Z|F#7w}1Lc6TKF%)dn?Xw)6fDHPXKj?=ZmA$sm
z3q~MG5WlpBtR>4w9G~n>SA47DGARG31i}ZkK_n=UBVRPROs3=!7egTD5(sQ9t$UZC
zx+6jmX^n!%Yy(f4qKva-hANa-dU|v$Oys-J2bEt0#-c3+cdUibrFl?(w!$3W#KEIb
zg|E9Ee6OU8MHM_wS*nc+>itK747qsbdGZJnVJM!T4CdvV(dp<u%SJKjQC!(VlS_Vx
z3axF1!f)g+jJTn6oo@eD23Sa7bT}1?ca+;KAS(ELNJA9r-Vi<{q2PU6&dQ_1V0q>K
zGKrDzB2e>O3WQG64X#&Uc-u)3Oxf%&`27-iPq%}=Uy8I;DyCe1@`*!Z2Cn(C;9gmb
zmT?z3KY7gD%5TuVq)4Yo3CFM09();)FdrEc=2oO;{Pf4q(mG`8TkA861T2ae|16Lv
z^w*-2iHXg$A(9%u-#-XsoP4Z#bs}%$ZlMtJtnCr$Bi%3M>ZUO=GrfYNw-vEku$)sC
z%76{qa$zzy#}G{EXwuLQX^9?eOJd28dr1T)**n0t#sSU`Lood?7o<8|;4%ln_ERf3
zd)+X3pI*qlpdBXUHDYVttsRW-^TFP~6q2qTB-z%LAi3edWXN0`h3vvMNLt+w&Rvqh
zae@mFdY=BV6R;bQbyw<W<Tj;KTVjQ=tbM6e@YLcS3#lB1S?Wc9f|<t;pzK&7C*m?|
z*F0wk3X6oq&hm~G=JgZ{?u~C|-OOuRz&LOij0OkT57V{tnn<@;*LkClbcO9QqFX1E
z(SC9SQqEZmDHo)VZE>oARb$>DWX($hb4oXvC3hz2VPu@#ym>9TlO5O^ioMvDIO@k<
zEuSaj#4d;E!US2?`TDvW$<{;XSkEg6n3#UUdP?srveFzD5US@mL-2c!K9dvYxlM+{
zIr2YdcaQEt*7K()k1fr)yFdy3nqscm-GAQdf8M~qzcLp7*X^z4qIkSZ(OeXOLKvQ*
zP=!PI8o6FbvstkYt?KWDKKfXKo~;A5z@+iBG`Eq&l+!=T0e`>tA54NAUPIo5eKfM7
zUz5oF$7SO?Y4J=*j*ew88y5`yMO;sgAM!kt2Yfold1=_1$_8M1b~~V8&Lm||SjXcz
z<RUOHGr)Y*1Lmz=V6N{1@1Q=r%LATeUEpc+DDtf-B6Jf2CSBv){A@|Oi%s7e`gV#n
zPoJe)ll3-JcSeI#Z`1Xyp;tCdnWP`G>n+w7nrG9HWL>K%F1<Qj-=^qovcCQMp8jR;
z|Gsr1>d_5zNIY0PWAnFw{i|kh%uaz61tMMNCV}h17D%7p2rk9cGd~Z2>+t~C+Zteo
z+;wL`-)L42wUtu170RuM2}FIlfAg07xdJO%T7G!%n25Aau<EtY7!W$XX3r4~7LX!H
zMGk6@wB%I+Z~xa*^5<`i3*YhkmE4##wm#+9jOKn6eW1|bUJ@v}secdIIn&#rs!J46
z7KZY}<p#+#FiYKxO0L?rR#>pj;AT!1$rr5=sA%EEdqu&LW;HvtjPZHATR``D@*ylf
zze=uAA`bZ*l!YWC+P_%-d6!(7TLsbFFO|Q)fPfuR#)#UKcn!#7sX8q<mTTqlD~Nf#
zG|nxOiJwV$D2=Hirl?j+1WctORb8e>P>PYaP_IO>WrDptljQ6jE3WMq*#EuckP>6e
zsG>n%wnF96J}9@Zh1%Jz5dKbX_!52lo*in=PB3G1|6JkC$qMa)7k?ERdb%85xxW4?
zWy0*&0D0PME57f!U!MtT8rx#6zC+Buo#3ninPp9KtCEH4R_XC8v?Zp{={!MKiW3J<
z)x2GsA#|`dqR4_kbe9hWh(D`qD+Ss$hnUeVb>g2T9QY$msnM3m_Y0nskolpUtWKo`
zJgKdl(g4-V8<-go1nhZ1S2&etbWa%anw9akk3f9sRez1(m~=h)Ynz2&{wG3zh1z>8
z!_X_}MT*{x_hajlQR%hd1eb*QI>EU5A&W|?8styMgHXAP7O7pc1gP(K-5@9g{AW4Z
z)8x5Y=EB~}IeABz?=^bpP}ss4q4?DZcynaOJ~IHGjY8RNGT*j|f^V*zscC|RU-2o%
z=TorB4*A#UT0>xx5Owo#F^&)$&;2@-44K4A81f#VZP$)l%G#2^o;A{gJBu~G(EWb(
zkI`=B^}aEokoNFqA#Ek-S!8Q&BRfagXy*Bf<;V0^s>qb1Z7OPHMQW_jM_5r0bCQ54
z!33s|a&wjD33WCVS2IN*7P@L4saH}griES#hV%q=+2U?Mraj6NMBIaxftG=mVb?N7
zHKLY*mSI=G2t{C$v<$Qihn9hsftG=mftG=mfk0lg3`@VEWuRpkS_WFi{}yg8t^R+B
zzSL+NWAaZzP~@|fWpi0tZNe{`V_BKkh-Xfca<#mezuzzUP?4Fa)1p7*N11zcW4p)*
zjOjP?@i9YW?AL_inAzQ9CP}bOZx!!R;AT`!nA5c5GI31BVoXJct%LFp>6Hbsws*5l
z-`jpLlDfzA(R2xg+?&@*;|#*o{e~fH(f~LvX=B^99|a)0u^DomgJZhedLm2j|K0Q(
z{et)Vnbp+eX8T}W54ir_H)iIgotZJV`iY0OV7sKOf$gpQQ!Z<RWW`M_+tHjQRQyjB
zV;SX^(6Y5zLP4N*nF8k028uzB?xal{F|Kec_icuf-u2LRXv5}H&`rlpVkwc?{xxoF
zs~&C!N?c$}iZJ_yYeVc*DLpfz(9cdIe?%cEBZ*xmoZkXTvToAOOv1MO<Y8=$IqmGS
zy3hw{GY8o<OL2BbazDE!whOVF|Mdj6rKKs@E*olr<hE4ytPxh=IzIqeGnyc0ax!qI
zf6NHX?y|FUoF<t0RRcSB-y+BOE7^%nq9%cq2!R|Ol!iF^D%Z<yo0dhG6DkQZ_f?&i
z(Pn3N|EGQI5xlY)QkD)vM(;9kE4t*C)^&V3z?|meeazKlxV0W8UXlWiH++zJvz(B#
zonuD1<C+A!U-aMRo$X|ge|%wGhSCdBnwn*_Sq6~y^e^W->YZ4UT9Uy$Pt2(tQrqej
z_8wJtL$=L&Yl;MXs?J>6ML979t0iA78lO=Q(QkE^cf|pzx=g7m=1iqGC`)DHQzOcr
zkYjh4ZnavX?@HO(vM3Zv9^=ba#ngS9{e_}5FZ&dQ<)=uNc-Cu?iivm?hbUAUu_?6M
z{6k@5$tDXdv@o*j^V(s-4q8Tva&RYhv-hhfw=u7DeiYkkM+@^hPxE41CDUN^0Om(w
zYIHfID+O<XFxm;T1MF+<hC}{`7-HWQFKti;n0y@V#<*KBae-XMANs}~D{D&!xNesU
z)IR^|Ufb%Av!Wge=4Za@hfF1%S+<YG;>d;4U|XeR595$NY|ZU{$bG8^xJ=&X?NMNT
zH~U@Pn+{Vy55g9X6b<Q+`Qs4St5&jq)yZuz<E|m#lUA7c@c`uBnGe&~yue|r9t%l&
zdm;Do4Ul_#9=NW$6kJ!xXFn@L<dX`M9~_1m^F*CH=nF~Kq<9h-w}d#{790lKVa;Gu
zvYSl_z&W$mg5%JpQEI~QhQK}?f@wl8C*6<<hNA!`9H>|K>v<P-bNEQVAJY269Kqr=
z$hbMm5iecc4w<(_A;lSm%>4$yHsFNZB}tHZPb=_#D;PWIl}O$&)?-_B^;&Efeg8a6
zREELC|H$9JA{C~5+X}9YZg8z=hskp~VDeD`NZU06X#&nuQ}r<YN#NWy4RX(ML&_8F
zFy;FsnAWo#W;SHN%#IGZ6dmArMZ<f^;PiKZGrA01TgSjPb1k^{kHhrLA#k3Z3a-g9
zaNC?5Idx4Tq*o_{@lGaWy_N}%%(Y;9b;GDwI<oH;As7t<khx(PrgUBmleb#OQI$tK
z!TDSVOf0w<rnNRf>Pe}BK(ywIQo#OA1l(8aw04jH-PH|AN&!d;XgFNMF&a+Nw`YbR
z=>omFNUvHoxlP}$(A$-IdxM5s_4WaM@tEE|qbpP?kkqZW19~O!EJ=CINiS&Fq{%O7
zo`ABXcQyRW4atNc*{&f=Z?pR$c`LozL9di9o4k*t_k2xJes;1~gYw~$OEjfgZ)^1G
zD7`u^1ey2B>%A`ww%zg|qc#L-E1Dqb)0HswdbxOR;YhthV_I^?Cmn#&0Vh-!!NkEf
zNPi_6+>&7&GX!bpi#8foKw8^!NV{Tyqh7tc7*bXYaCGQeH>5pL0EQCfChpzF(cRON
zA?M>k4I_{h%7+=*OXcsc2j_9i!DZxudoP{QaVx>Ss1@8js~|Z!4#~4MycC0!W6B`g
zNQRj&i4E$LA?3CWkn-g)q)l57X$N&cn(+3tR|{dvO+%2rUmPYiE{ADz+aY~H8l<n@
z1nHYrLi%qp$jB{#jQ!FfBfJhWE*gQ1HVs#%!o=p~Fr}gpGG6Y0j9(>Mri)Hf(;)lk
ze8{<MC1mfK2iZ#M%04?CvR_{c6YtD|$+gR1%Cr{9-8~DY-74-8_Mi4c0odjaK+0aa
z>El^|pufx;23aTzU}4XVeUN@&15DmiKwjn`q+itw98?eK&LqhFPailx5;k{YJI90u
zgV<UI;~cYg`bLiR6gnX1)*!fEOaa@`agKdqnb3gMNnpFTgX8QOI%K8tPrpv0<>G9}
zyj-exO+RElDyDnd4eo0s>ufU6wl9RNozoyotFjQZtb;-vx4{#KEXl;IvL@ii0dP)}
z+<m$qxXH`$u|I}6zOQc*Oso|QskGJPS(+zEdGZWBTV52V2i=ew&Xlb(41A>B-F+40
zei6iW(RQNj9w($v8-VO>har7w5zM?V1kUeMAeW__P$(aJ`m1T2(Cp8EiL(-rTjK(U
zG<LRRQ+9q7+sfmX!px(?;M%g46C>LP!6wO&^{)(=@t#(%lnjK|<%Zf|S}+3kld`~Z
zxf`}fT0e%8q?#F!`kI8>wz6{+49l%~9<tXigY1`*VCsC`KxE<g*C064B`jx3&^Adb
z=O%&Mu0wIAfO}S&+>8`RJ6;TSvba_rRkpy3oMr8h@rQK4`*CoNtmMRjBA0O6r7-!6
zVNR;^i^U(w1KUfweRBjRE4-K4SO`-Ujht|Rb#5y-sr&AMF_SL&x3yzPp#4tmRaXkO
zB?D=k94{Y&+*eXKd9Y5u>uQHAVftA=33|@ePBtxtoFyrol2g9|a+>oXr!53IH!X+U
z30_XQZk7}5M@d`F5xN?)vwzo;Ar1^*n9M<a_vT}EzP%3b(1+{rdv-}7=-F>MVNY!a
zQO|j4qo#}Pn!DRZO_w}Rdmj0<{&ou9I3r4t`EW8N)%FNw=9&l<k*iY1tQ*%oD}lGO
z!Pq$t#{7+7)D(ent|V963gDqUm}Xn5E0#j;>uX`!t7YJrF3EL>B*<VPOgJqMCTtp!
z&6*1nH@ymzCTX~LB1|5c2)XV}Fg@>5n6a{y%AOe!s;^9Gqc(BKAPZhNJ()vGUToul
zszoUr@am~@0TfJ}T5lhHb>ORuQaGsU|NR0QHgd2oJ6M;Q#nH$=ueGc>kEVDu#cNF&
zH?jZzL)I5QP4@klW%#v>fR+(>UO)8zdzYXlhcr24P5v)G6xNi8rbPbNl&Ge}G$r<b
z|74yf$2B?re^1WW<N{6p$I=S*_=W%F@vY4+(q+ZEtoVPexkOV+HKp|bUPhTFmuqtQ
z|2?@vlPmwrnya+tDy_Ntf02N-`Wnrv(Y)IK-+6VKSEqRk{%?9YM3WEsUmJF))_mB1
zS+i}4&~AHGlgw#_S0?vkYnU{Q?c!(*+mh{l*sfgLfURM!9g<TT<^Bt&R_vX(*FnmM
z>%iD01&sZcgHf9S#(8OAwC4d2C&M(m=yXj495W)2o6;uMmHHe?hY1R=On9*k(z1JC
z>WvPVF6UzU=Z)al-4Dr1;F|WOACjJT0QdVLHO&F;m4g~aAbq=L4a-LtX}hZ12V{q^
zHA`-wkOl%}t;?(!OV*(+LV#q8J|Z*VL_fHf1R+U@>KRH!&&m;G@vW{E>~FubaV&gc
z-xvgAlYT?t8tcxsxq7QiHk(2&Ni_+u380%H6gKHcCphG3V%cyTB(C4o3Iy{BCKz)S
zCJ6(z{9g<BP$1H)I-pT7PGJNqQ1uTS$%0eIaio7jO#(<_Ho<|y!vAvZpU9IjvN@h-
zh2yLhsEYFpYqBZp+Hx(eWb=Q7j;st*3nuj{l}kT<#>V|*^eW^s>OtyZCVbt^nTga6
z&hjbW%qR$8TcT(Xi(Q<hqCZ@RH^9txIhp@&MDZ{29?P*qSepIdIA`~$cEq*3k8_Nj
z0>IQ_a2zAw@0ua7UEK<{PZe#sECpuBRGWCQG<Hb=xK5Szzh!XLZLzhT7lhPZ3m|j1
zHrZ=EoYQ!0KIevCNdxyIgD`DF5N5n18|i2lBxMC5?ZGrin>!4Xcb8Qlr)I`!(sZvy
zAbUrt{9k0Ze<V&(u+y>x)8@28(vvBWd75l9StFV4t&q9288W|FJ7&^3g3CodGI}3&
za$dog(sUx=N#$auANyg-Tct4N%MNg@7fcn6LRwuM+r?)jL-w$YwoUS#PrMu^pYtLZ
zsR|8hu%b|Ub#AAOUW-^Q)|m9F9dg&p9y*{0>=!j^kX4@$q<6Fr+mhxGxPFR5QmhHv
zMVSp6S~-9H?QLU0Zwn0_k9S+Qx9r4BRd8pJifwr;p+RWl2`+3a4v>d?X9!#U(LG$S
z>QVU`DvB_Ulxd~l<Tzb91$<bRuj{=Aa4RJF7aA8LGEV4LKxX{gzk`5(nHPUmoMP3c
zDTFhMMgASU9lvSdG)>uFSZ+o=OIAJR#MZFC9h{wlFvl+wa5?^y7EWXK{w;iA-PFo|
zv3ON%RUg>L2ibEs1I~pP`)IJRW(y51nxlAtp3--hLK;>iM11Zq&?B58RtqH2IDSRm
zl|q1Yg~iGL3>&{Ji${=(>!~D~#xJuLZte4*z>zi2g03uS@z+QF6Nvi9?JZPj90Z*5
zP6sVRKZ@F~c8rquXt3BAh{M!1Nwjt<JKuJ+peBitNe4(Of0uyF>*b>KDr4)p-qE#m
zgs)jfN1w8v4At)&CrBy>1zak*VDj7Y^CV9#T{fx>EI})gD}guq2;-~&Z#!hky1$(2
zpHfsABo@VD?53>0+g0=;6ubIm<ta>)*3icKRRtTmFB$UZOoEI#TaNv1@?HIq-rKL*
zQaM-?gOHos^jG+#;91G0<;p7%`0csQ3DrvrArf|vJ*9O#g&z#Sgr8LC{)e*Uk5sn*
ztz#sLZ|7lfD`VB7A?tZ_XA6%VC)Pg+Wc&e(+#+;sSk8U|DX&-h?dHe7IQP;3Oios;
z^1s~WpSnl4x73N}zReju7GsYi{-aCVe0yy3r2Q=2`1jk7PqC5<oZg5|L9VJ){y$hZ
zr~;w!E3EVQpZBx8yBQzIptl0F`dtgsvzBHtgcZ*GherHwfu&km5C6!Xu;h!C0P@d=
z*5-^aa?&?{MlSyT<e}Roy;Z1)s=&sturKZ#gPu$8k3e~~vO14X8OzqJbSd9)OXW6N
z3627$s}~PLZFvN0e{P35BNghNjKP8_QsoN;YXAA;)|3C^q3yLDV<}LRx9SJ?lSz=$
z-ZL6IAxEXenbMqwlA$tAbwkco{a{m7+4w2gRZ1M*L1OdMZnecwJB|`%lK)){kEb?S
zxVOa%*6v#JZ+s&nf2bN?^4a3r&`ly>6(@KOQPrTZYwO2@A1iHIofWKp1=e{K?X61c
zlU0wc+H0%w*{VhMouKv^$|>^K3_y+8w4_z-3wBWko$B8TRF`Fue4)~qD*mOkWEE6c
zKW>#8#CK91L6J~<*-a%b)nGm88q4zjQzBhubv-Ch26oa}jo_Xm{if)b4&Z8Y{^r1!
zWgQltBaT<(`%nDdw(`!+65XOJOA_k#*I0M9J}Z{;vQ&{}n~m?EwK+nRaC|EeMlCCJ
z?X}jm7DbFtw!*EZ^6IUCw8h;;JKCW{RUeg|q9Kca)jP%tK3j^QF0N9NKb5-Gdc#ye
z%L)^DgvO8ahjs9#LSQ8-2QjY@l~~y#D(AO|!BmQt^;rHFm1&}cgHg_tA?!U_QdzaR
zri!V?sn}ewIS%XXQKh#sYeq%A(jTpuh*eB5`fLilc}~+4DMic5!<+cQ1eo~8rGE`_
z*{&G``-?%yx+HbX(sG?0g4Ab&FnQl(nEGBjq%2qlxi^f!q`4_Dxn5qDl74L0D*ULV
zpBb+O$1;Dcjs(-3en_ur#<qNI2DsFWAo=7GZYX}ZV{8SJU+91dOJdy6m(;?I!K8L>
zd_(mCxaEkQ8HO4A^n=}*4U+_H=|FFabhUzgbrU$MT48doLvi+Au(!5A_MARQyJeW0
zUVV5_fV1p&>6s~aH!IaK1(N5a!HnbVqr87}Ajdyu2|9Y@=v*De*4`lpaQ{|rzD$Xb
z?A5?6k?t03OP)%?cG+jm*y^*JVaBI<koEikx71(m<W|R!OradvqPq#_Do*9rH-1mU
zRzHw{^!JlS?MduP!$~{V4p|D&HgA$+x4NG-<yS@^$#ipjqO%n;4s}4vJW=+HcJ3%Y
zRS@QewUE3(LjSO&Q6*x#_W8lh&f{t)%p6qasB*VPV`K72M-v#-C1}(sR1LXP71tJ0
zX(jR*Spi7OZN%2}nk4$!{jBMX*}2W!+r@1?eh0VLs6>v%jxo^lAFsyWPFGnyR*Ku7
zQrRN;ae5wAxPSVR*0)wR<T%4xf?_=Deq0PY_g0^iKl8Ik8Rt(;%!dk4NUph_Q}X7S
zG6Q;*%XFxU+SMp3bc-BWs|(bkRESil@ZzyHrSB;y`kGR&t}g@Msbx@e?j_(m>jkiS
zI++r$<_RMZDblsaNc<~3#A@tRQ7Z#OLBbl<rB*d81M~V3s9d95HCcUTn^rKOTpTN}
zMFmk+AFbEhEC{^hhw>XILCyISAkf(W6?2E6_St@@z9<4!3dfa9)~&2=N7pDTHlR?R
z%r}qv6j?2bYSlQY>M_-}Jhl<ME0qnoG6THV7pUuy0>kT+lJ>4HJ6M8IZH7vMY8>+Q
zdcC?>jf8YR3B2$rTC;ix1-}SG(Y&=|J%oG$tE0cJhZxHt97=(rhl`--@eNRL*jgw!
zDotI2`k`Wv5ETB9thPWBbIPX)C8t3sP3gf_r=P2oC8g#)RzIF`8SC?_*8E6S`dAHa
zzLN@c>Qp6i%_k)>_f)o=I@Of8^P%{V^f6Kievl7U@1`rOPU^(4fnSxZzL+**zJln7
zNYpP>W?_r;meu0q-4Fz$YS?7;An8$BnR_XOQk0pl1|y+Y*F)&diy`#x3J85z2BA+c
zh0s^aA@uJI2>qZhe$I!`Z<~}Q^a6z4%OG-s+Ht68-0BZfc6$ISb`cFphsIQOG|CzZ
zxcOGLLi&IzpC4TbMNe)3+fcjmOQf=vXd~3U!81ddXNvsPUaQ3ST4gHkIskFirB?r_
zB(@*bti#HPI#~y=O8zp{rdbUI{1qw`+gXLnUn;}isi)joW{+~|%%V0ZT_IvniN96Y
z?^W2-D-%0j(hA;fwHDQW#nd&Y;Ltb}95DjnsjBx=hLB$w#Fmna{!#$ZKk}jc5G{OX
zFH~;Pt3hR|g`z*DJOmEW+v!Rxo33gOb@{4!e=QU~w_0zPLjF7HkpF%$e@O@%wJ22C
zUU#p`azE|kuC-Nq7!{IN>>^rIDpDlRGF{ZQ<WMzGcr*|EPpD6pfURJW$~=w|#VWJQ
zE16v!QQ6mlVz71Mtpg<rKGk+!t2Ha{D^Da^cy2lrUa%Aj4-r-+1#ab~g%4Gh=*P+f
z?G}a2Rk3iJIyDq3k6RXiIZ1_a$~~$cu!<eD(yf)Rr)@F=UdX%Lr$GhIKii<l5;9w>
z6kE=yze72sYqcQNI~Of0fZ%(}lpCs&qPLfVd7l=feU3lwgqmx$B?UU3KeOe$+p6Zf
zKy?YqLK@9SSMWKgtj_RHNf6m03Cb>2)$daxU|Ch(DY9+fYk}$$^jWYMB0iZos)sFp
zMMZj6&Yfyn&0GzhL9hx;GnOgO!={`VRoVts7h~=z%6V)A{HhHPPt{uX?B#CnugZ;A
z+L4vMmp@Bi)XRyhS1tF)x^uF!Uaox+e5Xsio>Kxo4S^&3p?trUD&sDM@R7w3KBox6
z%61KZc`-y(P!=gGfyg7p5Z&)$h?cK_s4Bjqs^p5UFM-&E9EhE#z9e_&L*8HxRLsbR
z>fhHxJT(L2TW*B-rx!zh(JCnLW<x<<78E>`2?ZnBP`F<q6jiIbM%{2cH;OB^5&>tb
z4D@8Nn)RrADE&u0bwaXF3zgSWc%B&ILgfIdsM9<?29bgx<@*dl{0CLupD+yGS?N%8
znrZ;|N`b(EOCkJ`TB{tb+OOMHw04)u6JHZsZL7S^GIf1XH=%+XB^{Sb6sSJbe9I1H
zPpBc%M=F5zi#Zj&_MafHLoF6Zi$t$p21VDWL7~zSir&}hZ;%8LitV{guU?k|`d~7Y
z`c^~fiF$R-B~W^EF_dk(1j^pcftuwjp!UeAP<wm@)SmS!)LvEzwbyI7_hqQ<odUI+
z%Aqc|1nRa~4Rt#`4|Q`&Ao<XG?(V*|k$bERI?FY;%y`R=uqh?-zd-_){Sva8g#2l5
zSY`_EOQ%@oOi4ZW#rA08zRo#K;M}i?`%Ct5LGBr0NZ%(6IR_+xy-c>$o{BC>Z5s~?
zB>G0Cl{yyL1P$3vh`@|@l~=!w8yqJMDDv%uB&BYo?%2!yYj+d;^!xy%1~trcLUxK<
zxfKmyTQ4yuL?nGp3pmsTz_Gp$94(FDR6ellA=!GDgdyqV9!L&1LQX;gK<GXX2(z5&
z;(_u<0$}8|fO}pZIIHa7I<Oa9K3Q5m)exPfD8;%V9vFNvz=M%b-8|U8aFB;W%l+UC
zM<L^BrDG}S(b8{ITVzW~wauK@&qKX>%R;AIb7ebpr9!ewbq#eg$vMXXX*&dXIJSL+
zheviEfV86>kiDpnNAh0o<&l@?2`=C0;!$%)1^(NeJo?(aCYW}UA7-B3#$&NtT|Cx%
zN`%MD(!;>T?L59txluXh03@BE#IYM1c_MaSlqUu+>EX$;qk4IAU8d~u^Lu$pJ%0%Q
zVuQ@rl;hPih-&;{`uno8Cx*Z_S?Bv`52UvSd8%9O_A(YW^K@QeGf#Klp|FnnoTQ!9
z2$NHkpwf}xnfT3pJoCnOtvsvlD@<Aw;@Q5}8+p!Zx8lwlq|;y650kp&%H)S&#*+?6
zx}y(V-#X|VxxqnK)k!UMty3qH33)O(r*zY8bsjOES4zPHqQ5yo$f*)y{dq5>Df!iY
zOD{OzP%?#F{j9H>AnRLU*WW1%Zgv8uZ7Bp?Dd9O^2o{kgII~#fSm>gAFyJR)e&HtZ
z!t3d<#TG$&L-`71+#-kQcSYE)aM3$7shK|S7ESaGxA)T@Q$a<_E)8-IMY|`8M3WMb
z<{p6b3+357*a*{4?FYxrPWoTGtDk}J+YtuVs|J7C8LbQ!<hC$4yloI1=k!9(x5`*O
zMXRq>R-NFsX>H9g`Nby4+@TM$KMgVzk|UeET^~bzPlv(zFXh~Y2Ee|*PF3-q1!>E`
z*Dix#NL~7-#~@fE!~X!)uYRefeM*@tetQs#e^CMU?<%oQ)i6ystB|acS*pEm(q|V(
zp|nAz&O0oJvVAh3O!25P^*Aa!S(VSH#-L0k;1$QKDtVC_<StgZ@<l3UZqVE2C{*p%
z0oB{6UblETRF|hhwQ5JI-yepWt%jgRmCrS^+M#AY`49_)o7sn<&aHCW33`MxhhahX
zFvF3bTNxfI7-S?bBbkv6DyW@#xH=|yWf`Rl!xInI`cz7y692;X07NA+V#lal;Nbwo
zM0MT=Ly%`{hkU!9?F#j{RB>QvgZln%k}BV%YTj#A<tP1H>`_~#*(!vw%)A_#@eivp
z$1iH6_Pq?@D^yjHr!F4qj#YP#Oz{Vr)ND-c`-BkqR!QJ(sjf7Gs>j(!-9j%?pE0$C
z46RYo>4Y9A-rb>&Kx$^QK}{$Jg;=Y8+AA}!=r@(;sBuF~W?98Al2;PuQT5M>T+^x>
zNIU=B0nxWqn*8!IwJ~!--gT0lvz-ugt7vy8wX>TUhS)>8pH>x*tB_-*nuJV}N<CI>
zi@uIPe4VB!iO6%Gsy!p>&-$wqN*z*_hs&C~K}|iRPP~saL*!t&4_Oh&JJ1c~7pkM7
zbbRCsHOWlvgMwCBrQfT3=utJ0xk?RHrZquuUzwZ_$d{~)Lg3#nC`&X!QLdT_O43A+
zlBuBvJi$xUW2R8H{O>w=g}XfJE*4d$UGzxx)UisG4rzsg$!g-MgZJGaEb==I)5B1C
zvidMj3qkw^RV=CAxx^<2>(?;E)!;R{ooud&+LztrfAnZ~MFJJSwnKP->xtAmRn4A?
zUvG!t>#}Lo#WMbSBb42d4iR-m_J1XFf3XfZuE$c-oBWAwP<(<akk_d7%g*{tG02L2
z)nxB}b#(YdonN0;TU=$zh9=3;nXC4yOOm1XcJ;B|RnK<S3Miixh4`Z~%Y4#h@}mMT
zider@(a=SrL^UpqD<#sK(FY~U+l=+MLFJ4vM5l*Tf8HQ2Yl7HbI+;CH0Jc%iz}+fw
ztruJ_#;H+(vp=ThoTsQe>Wk`W+^5F8b4BgiCVylt#EbRNrz`hdeRadq(-k4<EwO>`
zVNv_NYRZ$MJ!q2G`-r+B?xNcIC&a5qt5Ew~6$n{}EH5UaJk@GdnuY6IAU`DuD%G$!
zaKA|YH2Ih7)X(EcZQUKJg*so)dyNeLa1T_xC|RPYbnIzsrFyLAbZw=ifJ&(1$EkB^
zr7Db;>c>CUwJGZP)2!vbqUT*Bnk-UNsDG=Z=m~AuQ7Xpmk`H#f8VzcPD#}{H9~YCn
zwN}TYM^#rx)02RFGXjNYNiv+KhC@3Gb(tv9@{wrmGtH}1HJeYJe%AIu^i*{wQwu8p
z<UuGXZG*hoDuWNDgSnz#&9SY{Zt8-(a1f%q3l_-_Li9oXkajKlj(k|PBq{w=Y=5l0
zciAd+7pT%qohZY5E5adN8~aLfL#=o!jv0Y6t3_qH1k~YLq{K-6<0@c}N(?`ymNO*^
zk*LdI{CxEbQW~*E0{NRHPZLQ{p#G<^FOyXoFL!;B`mji1R$V7ILvkZe^?4OHie6-@
z<tf42+dK%Rv(>`zO^L&$az;a{)RS>nq>jhYA01F5@fuB00jEvddAmgT=Y`-Y35^kJ
z<mo(#e>EPsu@%adNnWdzf-*^4pBm6cng$@hOC5$XlORt`t14SNz!On>JariN?xKE-
zTSmto#ynfAN>gVAt;PFq-Q|X6sNPw=>CdfDA!!>_2*>=cPn;~GR;oo<$%jETs4r|3
zWR|a}<x6VaIbS0DOP#*jct<CMAb*0euXEMANV3UWC%V5`oeREJE8l(rA7`np($S)9
z#l}1;&5IR8Ao#t`_bo|z?R}nFuUTs@b*X#$XEH0)^0H7(bHhzZP_;$@+7~4#J`usa
zqkz$-7Hzv+>Hnz1!S1OLYgNyX7IDBXX%b}OX@wT@w^qNeLG^aXlPHxUHNW>mzD;|-
zBpvc9r6Dd>AZVvXs5neb$zGOdR%T6p*MOw_07UMPuDx8RdWQhmyQOv2RlqE31HaX-
zP#vDbjeStIv-+bSu4ef|>N$F|+Hc;WyL=dfxKh@ww$W96s{g1GY9Li^UZoB`aT%^<
zE~p(=|1~j_U%M8aBVJI4u$lwKTW92n!nB=hmO)JY1!AfWuHIF>9oDPS)@(7XG-BN?
z;xbEE-l*mpYDrvlUIaXM1|hhMqKw;1v!68#(R*~~W-Yg0@azk%5V=ff<GB%t&5A?p
zXT`F<(dnz%aeiFeG)s!_tUSnX5~*CG9g?Cie@+rJN0fM@jF>k@)QwZJE+q^Rw|4C+
z_3QgdfpCewz@Z~haEj`H9@UmSBrW;1#K@I8#$+`^>k=HJDh>0d*cjE7tH+V&qyUtj
zBR04)D27n~Kh=2V?<8q){vd>w2}x}ijbEnQTNcVABB=+Z&jadvq@F~D>Zn<Cr+Sb)
zB&jTjFm#Uq9M#MR-4e7%Nv@^HusKe*pBjO1Pnrl_%|y;jhC0<WL~U*0s|Z2#Ua7^?
zrIU{oR&b#VksZ`6Ug`b*jpEB~)Z*!*2o!{+Fa$ppEfBxm)(XK>Bufg!J*T%p*@^v-
z=g@KQrar<)>x{0@W(ynkD6=89w}vaVVP8o|KP-2>Dj7UswW{is<tAkqJy?67!WGZ)
zIuA8yDVL>X*))0Tm=OC}diqnbq>Aq>qA9vp4f>?`3W}xZ6<;mSlDv9E?Qhh6#1g}y
z+1l(2B)ylb<NH<WcPJfIwy+IiY5GTr+3E>%onTUB5$4^{4tYK5$}hJiE^pS;?1qY{
zuoiXQ^*knfLrsyrMG}HL3oVnqmiHgka_=BcQOD?rg4tGk<ihq2y;=%+<!X5(x7j=`
z0kx{FDpIS%K%2<t99ekxXb*N3wSOfxjf>!<&#MX~+mDnO{#>$7QYF4oHQ&4H+Gpep
zNSakESIsg%iqyu@bFbvfNEGsqlOolhNyK)Mczstw|3xveEOXC9H7|2DLPU+V%LIm0
zso_h>zS2=qwI!7?X36%N`7$8{K!hqpYZs|ktavcIxB3#REq&?2B#0?*-RkyRZW)@B
zw4IMO>faC4+RQ5IRHK<90VE}Ug#vyP#oEQ)iqu5E7lGU?!|*88eD5gMkUlS|)aqxd
z1I>dX3msJPYEj);qS%{MwZDh<`C^ezxr~#qWo=5s=3g#OkttL<M=E~{F|o4qEsM5F
zH9v8oGi4{}%onW%k6KyAd}=j(zPyRzBuRAjZqvUrSO!bgOENTXRtq4tG>D%rthwC@
zkzKUX0m%{p6+Sh^t5cOw#eRcOq&CG-xj{8I>o-(tVE$^gz?JG%qe1Un)pvI)K|rWg
z;1o$wISu)#V!BJz1iC?wy6X_+Ylq5@(H~`0iLI0eADtj0^#lDO#BS;@<<qJLrQ@gd
zLB(u!30D^~^E8pIHoGWIN<_#+o>zYwqb#J@o}#*4^_L^(scnK&BKO<nkUuQj=MH%+
z&q`D&a%L8&-}ULDXAxn<CD2_h-eUuzCYd;%DSGv$nlcWmDWkM$m;N7Od@$!UK&V4T
zrKNU$lO-eLJ-oL#PdO8XXUTm~BR@;w=4Z(vI#KqnJmy%f6q+hB%F~1?tc~hXE!Gv)
zP0+$$5$~&OVxFMWf*lo&OqW1OkAYVhyr)?nxcaS|@<Xc|#o{?~c^(nFOh~9PmVA;r
zon^K<b*cYzzCbMR*DVl!RyO)liQM<q!pqwS3o_dv{DH{Uaz`YGVl#F6XGmDq3+}Cy
zu+&~vU!Ee}sN)$)g}mfp@Ek3?UHLxoT~)EUi<q-ns$BoIP^3S)F)O4m_f`jab*C(l
zp;@d<W51k%e0KrlkLdp#%5?w&ri*H2u0Eix+qMmApO%%Yw3*sx<PLwMq{461uS)-}
zQl>ab&51JeB>&=1io0j18K24%BSVr0YF$#Xj|^N{poRLEBFjedeW(>Yp+69jaX0F7
z_Cz56895<xQL2BD-@PONl_yy|qx2uCG4BpCdS{AZiv>Vz)gbF%9U-?8H7V?wzpGku
z9wdA1xs4L=GW^dJ6|1$GMLGF`AuDc?;oqfz^nGgPC7U%?CmTeWN#18HPL_A4WW4ev
z5_3TzC%fp|FBEL5ka40ive-gdEo<cPUaChpQ)b>`p)<Ejc3vn!ktF3RnVo-(&Nodg
z*(;uYRIK)<lt`Y|{G%Fn_NvXA$lLNs%sEo7_b5+L0CwmYd6h>fEcTq*(hKD*+9Fw|
zq*_d@kQtz2NZ)%hIx@vV*K2*hN-8U`>APOyL6mJ;#)(^+L}{1#$4E}<Kx1*sOO+y!
zMG-kz2C1ygI(2vVsttNxK-Rh>x+%P*{83T%RuUdE{qp1)TAI!~MY?CA<hYVILr1TL
zm<*dT>Dr>1vfu>*j*71%h3EVvl;n>T2;Zwn=KaEgmP_hwQadprF+y;OD$3|9S1d+`
zT&aw<ykcp!gEy<is*~iju9eJrRH?Baiq)oxLxom&f=y$PMf7s3S+BU~ZT;`a?rNkq
zk_J(q7QTm^>TjeaFVHbsyebbUI4pZZMnc(>`XhiM>F(S0UloesdR~)jB!{T{G2w|J
zStGK!d@@&y?oz*8{m)cXRo(G3WG$Vbz9~5}vc$S&#|hW_G7PoSp%&N>Dipuzk9dmi
z3qsj$qA>lzj$ig<_{OCWm-A==YSG5clGPUy?WU>Scd-QC<mFI^no>Ncy=okRisuzF
z{lX2tE#zx#C1#fnwGPiRx2k8!wpF!6sTJXMN+Svjii-52el;hlb4Vu2<a|xHmx~t*
z$R#@@4q>&|k4#k4e}z)~=c)bNMUs>H>k4xZ#aC08L-9Zw)G2{5Z)%9=dUMs!C|gx@
zpF3ev{s82tCqlMDwK)eiLbgDsiT@6Q`#cMYmJn3UMO<xS3uN%cM#Nyt)mHOck(4B6
zM9@{KvK&h?^B|xc`hr3+yW(nvc4^qXWNZtiD|V^DzX+*Z#+dhP1q7F>J?&BvO|FE#
zBtzv)xmsHZH8?@+_x>P6t`Hx|Q!2?493xL8PnpZLbAwPLz$Nym`X0GcA^Jfx`1B88
z!Rsw_)vp~FyF4HpNq-oSzprG;3Nhjhn)izoRi$)eg~HmutKE-N|7svN+#`^v?AQS)
z{Yo2gfXw|*be0MVcx6I(PLM~nb3YU|sY`CFV5KJIB9`l4Z1R)~acLST>OtgMQSmAP
zh&oW8{#vN`I?+M0Jc4)szvj+6O0M$C_WM?+>fGv9OKJszFu{apzyyO0RP3tis_LAo
zgG><FFyv?xB%#pCGGLoDfMFP!3?>+C(`qG@g-FIAF!qq6NG6I|zjLemO7(cN)~xl`
zy!THnwd&TbTlaq7`Ode`K6|q+97F)cSS5N5akn4bg2$L5b*|qpfeaE!7GO;(h*%Mn
zs>F+|gWxo6$AaB_$ng1BepU}02j*L9_X??zWIM5q<EA8~<k1|0taW4_7AuoU0@0LB
zY%a(yxQ!=~^HZ)#_Rf%+zh!SfnizXHL*Np^Yds%BqcMpDc<L$O3AFw)>$op(b7_5+
zwXi{W9ISr+f-G{ET+h{`*_ytYB!N(sd@Us<KW>&%)tjUg>9lPDEJRvL7k+@}+YKY?
zQx+h)-Mf(RijPNR^jyB^)^gHNW+TgcBcUMT2T4t^aVMd-2i0~sJDY2{NPxT;e7)ow
zNUj1%CPDaO%ZOoL^Jw2AP98<kf+9oa4B!~{LiKIn?b{h#V|kV*rlgi$w(Gm#HCRg&
z&EpV4OJWO9;zMNX6WRVJ$tQbQ)$V6@gZp$7ZEZhepi|cod?F4|dufrBg2CQ({D2g^
zAG#BfI?Mu;h!Q(lQk!S6DBT&6QboLsOG=RkNqQIZv!=7Ou`(rQ03x7$-0(c}7u&do
zk9n43nf8-;*HXzVp--*coGl}`Yt+kVzyF=V&;<bmcp|}{JsbEK=}h8E(u!j!zP!i?
zqyH_$s+$G~XpHAenP+E9sRZ^<B#V|&1Rnwa0}E<I^Rb0Zb=uDc0iA?;phVlhH354i
z@|lPaGfr8a`hcT*_9Uk!DyLEu1sIO@EQ6=>1Mg%`-_5WfOY1><G4wGH@6YUyevg23
z6Ic~$rb#fP;CVbeWYq)z!dD`Zkc1@GxGkm?sjpXR#ro~kj*)(`7cVJqyB~n~DYlWX
zG)Rf*tfo8^D<Y-)36|#pfC1k%y-70mE=ktSv!%Wn7>5D2HnbvB_ZNWV0|^S{T;Ka-
z01UYLo4B!tI2?p8$}h;JsE7q|>`H#cB$)@520OjJ{bo|C;Bo(&am6@D?#@6bn+shw
zPf9ohOW^$Ykv!i4mfj1<G53WYcQg9{aEq=xp=ML_iX6a>G|C{n43MLqz<mWHVjlaM
z_xNo;V%Q!AfSAuDnMal42-se`T*Y1u6321HQUX!mOe49}-b`^a{eBw)4LrO_Ebn;8
zMDGRI0%7jDeT_5)xH7YrMDq#m1~f#2e1i9|vJ<nr#*pk7%g3JJZQ!x3*jOQDo;;X9
z3nb9gyjIGrVP}KJbmO@IW$cdIP`Hl}BbpF!%Ur?$zNAd*dW)5~gh2K<djoRd$R(tW
zPq5KpnGL;*tUu>#Kx04oA)?Zx$=!3<$j&4=LEI&YctH4pnc4I*O|FtzPtNra08amU
zsd*KJC2=imOl+pa=CivarHg;TXYWZ!4Tw=ui&kefN!Au_&N3Ee>g=J-Z1D&Raj*;n
zoHIT$Jc=qIv<?i$ZAgNuoq)nP?SBoo5gr}`(cB1=sF?l!!`u>Z<@%Q>;jp{wno6~=
z5MneDxIGUD1i6qvoHGw$i1P$Li@~3!V%&)9U>9-?^_P<15~-v3VZ>OX+XkAXrVB_!
z$XOHA#`>qi^<!rp7zLH<3g#+!cGo^EvxigW1vQ8V5eB5j7umw%&_R5e!cz1e+3Oe_
zFUZ#IcSL^A%{hR_crhauq_?%1tc857D~2F&9m4(8s2bOkGR+#^)48}e%T7ZjgMpsb
z^l7*)HE<IRf~zHG!1O6~2%FovxCYcPr?-;lU^x<jwvfu;F-Ns8IgVil>m><?V9M@R
zlOxnq`Du#NHxXY$cN}__qZ8Sf-8hrgh3^ex^ku^*IdwQm?PE)pMrJZZHKXlvu9W(8
znhd462e#bf+$PF)78%-i-H?R?8|XU@-bAz|fErJs?XPTL7C?|kwa$9ZY**9(QzE&Q
ziG4Xw8n7$;C+hpeHOr6_lhOCyn`leDJI&rS{5miYJt2X8ilz2Az~yLP76WJ~X9(Ou
zRz=Kdr1IT#G38rQtA@YL$(Gcb@dZeM7`9TCPCUlS#O9*=H4;Ns?7jo>=zE1d@!!FW
zZh#n_NBIXRBDouT?Bz_(JE$`;!eV3BvFT^mJBxkPN^T<c_yjSm_eBbuOrbDyy6f$c
zNO;9UDe(jrNi{5Jq_s_KDS}Iva~uzV)g^rn%kkSJXlddGY<e4inSanQ0|FG-Wj%{J
zJ2c=JE7vrT--qEiWd4n{`^~iyObK@>g8a3??K?5*t~s*7;Iy7DqwpA!)TFsw%GXHO
zmd9lmtsh3r&!NiuJV`ZLI=pT`@3U?f$p|kkum`MSLo^}bdp$|6E*(u=)|F>p<aOm4
z?Je}}+-yUhDb!gDkagvG-?qaS<#7D1y%WL7z+nJFkmBt3M($>c!y9fT?J-_j9~IgD
z)l?o)b&UQyk%s#hp$(<&Tju$=xD-1ULrDyyB5z@Qy3YzehG|<7+vd(}!;wq--Qi}N
z1SGsyyX~!a;oHpeWPO!I)|oSM^?^~tojI-wsCOqv4*Aai<4)4z|8x?>Kj*pCz@2db
z)MPTi-l_Q54vjzFx22}*ndvm~3m+#xg!Y_|?QpR5hwgk*?_C`=+!c_AP<++f5&7m!
z$(O2%3Z$`<haXS-XT;c@&k{!Y)q2USzrxz3?9Ara<&F~T<g(^0dXY>20|;s7vv}8H
z<G>xZT(j4xxWkR`?g9FBHfZc!SH=;P2_<d!J5bWzVK`dvNY1^_xfVMlrvuL#z}(-l
zb1#Z_Ev6u#BSFxZOg0x}?Ymr%{SLR2#soV#i}j89*372Oh+A^@kX|lc$OFX<il$=a
z?}Ks>BFhEqD2Ff-3l<?>wg{1*UnQl2o7PDMx0Xr;xA8C7xD(i-*exl*h15Be=l07y
zY1G%Vq#7u0`K#bNzM3yp;<9MJW8wjYQVF<^JvVFmGg*hqn~G`9hZA^zL@%#6nhPoo
zXFIv9!>H~N((cXh;aF=;GTwgRcMUx+mbhOu($Z`9D(88aE<_HQ);q+DQr@GmVC01$
z|HpKR=cq>HG^e7%ZTHzZZCK{i4)MOo{w#ctE;^cWM!xN}9S#{8nC|Zw87g*&_mvjl
z?Sjmx-V4%R@U?@zX>T{oocVHYgxlN47kP8WzAfieHaYDCxfeMy5#65tk)L4a`>y9<
z*OGG?b_J#<ZI9c#_qkJz1|dAXcNiAd{b+8b_Iqs|#Bk944)0#sPc@S;m(|YthL6r$
z%Ql4dcJ#C5D9^z!=EdfqtyUAza?IP*D3yHPD2?4l=lz?ITHi!G>Z<`>mPq5r$9X}B
zX+MOR_G_2?h=}?3c}gn3uS6=P^gHpPl-^lhla>m<nWuNJzpYa8AGAR#oHIiz!9=R^
zXOZme_Fs!2*ORHN$fK`_=^TV}Y^sj0Gowyxkj6lQDOfv4?=>kZRVtzPuH0BE)qa|k
z+m&4XFp?i^TPknasQ1e*YLLnord{<A-vTF@6?C-VQHTh%H9mUEjJ_LIN|U}qxeqFh
z2{4-WVl}(FqQDBN=%T1pH+z9J`VGX|w#?#Xq2v_7<SkmP_g9f<mfg3()ldAOY4a+5
zxa5H+rP^Ik7aPSzBAr-xQcCh42+<n5Q$OC1eq5ak(6K29td>g93M;)FArgp?;}2Oa
zm7$~L3Ik%(ZPI_%h3LwZEJ<dyN=C!OD};k)T7M?wXWDlbV;#I^N){kBw^xZ&{)%7Q
z+K{O${Zm5n9fE!=y_=P^p}4wq_oGm^mi}%;Rw}<nh;B0EW)r7FcR_&t*3Mc=vs^(6
zy{~NvebkDfZUH8&wHP;5!=bNwU|d!KuI7uiS=~1z-#*%U#aw;d0+ToIiv}3>>8zS_
z1%SBq$d>(Xwp6xwZC3KlpInm_dMn&xqg3@HbRl4Hns`c8OOZa_I)J9hQ;4upnIF|e
zJL^)vK50RWrTTHdJ{ed+2mEf+^l6I58dE_wtzG|X`O@gctMus-HtwkMe|Bv;=?ba6
zYgUT|YspLSHxT{?!rvhO2Xmy7TWPYT6V3;<DGwg4P-7B~1LH2lRpT4KR1Q*EK86>v
zv?BEXN?x0;4`>(tF#Q6j#}T0rpKAM;P@1<tId0oJQ%Y)uoezqWhs#~zV-ac0^O%&}
zy+Xd3C!@oR)Fy%(nmEWKL%c_19<~ia9?Dg2;gHX)r6Ui`0Y65O`QPM8HHc|Cm(7xI
z22C_obu_F097R{Mkvs}`<HjI?i;S(sPV3h8a_Z1OfqYV|=g6v?w}dN^aQ1S2;YC{$
ze9=ggcK~|_(?76?X+hA7u|C{SZNab{#9Li*g1*IFSJ8pa-JJEqV!J1M;`Y|#cwy(O
zhShGrvgUS55G;^|Coh!B=dN-!IkK82Q`7n?u+S&fKS-7K5jNknf<?#9(pQ6*4(aRu
z+0<*7Pz(Hkb~rj{gQu*)ku4_mz-wv!V2u<8bdOX(9fFn;`8m9d@2`<M3&G`M0Lf4a
z!VreKzNHF^WKY+=Z1KiNrMA#YsSUI-{wX!X%K;zD6H?nH?BgE?+?xa{*}hQ<;@gsW
z4J3;MsGb&rG(xrEyC~P34zf6o>%$5%00NYL5IFTISZk$Ra|{>KcdnAU3G0cg>6v;G
zIyC1CV9p(YZX7%i#1K2`j-z-(+=CwjgdPP8WWlgpL;sg>HL%PLz7Ko*7D`|*Ks0<|
zofMt`QT@=X^!1>hoBhgaebd?kwDuXu-E2S;G%xIt1^)^g?IAj}5XTN4H(lzRIiIde
zC}h~9C40G(2SZE25-$V*(Z-#O&xHZ;FO+{qhox53Gn<Z@E%oCr6=Lc(FXqzjhENPp
zmN*X(e><?(cB+R|uR9lkXwKgx1!3uR?FmSE3wUA?$|x5Aray}|0a$JnWUL-0R`N)$
z>gYTv^D~&=;EDA$bWq?KQ4ge2-+h(78KT9o??oWi^MPZgQ6ty~{E7lp40G<-`RkyY
zVB&}pc^q%@#F-403xQbop!T#6P<Ab5Nvojb!dy-t48<3z`ruYjtAiWp+kxv>4RHC#
zv=qIpSjzllrPSjTNtt;(1q8Vw%VSde1>Es>R!h-O=x}=n9P^z5sk=EQ^=`yZvk_la
zs*#aBkp^K1)R)s2jmUQf1f%s7%Ftm9tmi;s{1v4m?qBj2$Qg(##3~1*RzQjL?Wl9m
zw%MNs8>!?@9+8q-w-sx9FW7bRI6jMjbn<k5<wum$`*=AHod1LYZ6BO8q;K)OR}AsI
zOdd}GkLzG35b)n9<5w^e?*qR&Vz$10;m;V~;~JW}7u;+RYSR#H1z;#CTArc{sXZZu
z7jFg4JCyPn78gODR&O%msQ*;h6XZVW3LrR`{f#u!w=P?QyCb#AmDmDa2myp!+z+9o
zB@ZqMPP^%wC>Nsb(2QtW+dIWl?_H&gFc7p$@OncIA^mEZlzyM0^0omf{Ye?2iu%I8
z@^TCG);lO3ECpM-6NLF5{=A?0;ZI5NpMo;o3jgJ6P`YD)fSJjecIXH<5&&p8ilM9!
zQ?b;^(iV7nhSWW7meg@PW8-8vC!bSaxRODAG!@UIIder)itP&dfhZcf0CFT%_}G46
zOEgipLS*j$oI~KMr6a`2JAscMgU^2|#aMdD(vXZJZF8mgUC>wXOKkwi3!esDxg177
zV~Lbb5Zub=ODUQ$q6cx@IUMpFMWpY8t6U74cL)Y;$jCP${ubCUN6O&M7LKfz!X-R_
z?_K3+?XjDrrV6n7O5(<3@aONXa-1-hP)%s#+OESgsPq%KPkygN>ZCjxh=IXB!_&f;
zAxv*onogfKhG_j?37fx$x;Bn5as~Yrh&xBbRHKv<*&T1x^JY8F5Pk_k^mluXrm6+#
z-e>{<LvhC!i_ezYSJ8!YFlhI@G#ow(S_OW`H;Btb{PY=4o>^RUZmW0l2E&-=UI`jX
zK_>JY#uc=W2(V`TeAWsGqJ2<@B2#BL`5}y&Ll=XFo-)hHf9U`;3~;5(@bJPvWbCGa
zB7O(3^~3p6^KTgKs314rM5PcZiqMhZou3nsLrE!oFSMiJN~yOTIvX7I0L>GDyJ5i6
zzR}I<(y|5^91Zq<7&CD=82u3H`e*UrsXfJ;qE12J3%bOgfjN+3u8yIPimF1r#q9SO
z8{1jN25ep6NmH+gVlLhHI#?-u^Z=(1t^|+Rjd+E4UIUuE;TVAotHtg&2$n;@cQ~Q9
zo=QOO1$jSWwNo%S7WoXs&pRfwe8MbD{fTvfigB3Ug1`_82e8q)_M&eBJLL$S8~yYI
zhskm?UsBtqy)$w+6{3?lm_;sH$Eo(DvJ4-o#fbFfaGo|nrnsH3ehdhBggJc!<p$Vo
z9n`!Ueul;OUkDG2!Mz_UlbWyyZW;wa4?wc%Kmre(#pX!DDKul{_!&&KJK)YxPf7F4
zo6lS=b=*Nq)~%4(cENgZmnNx?Jx&uNJMb4kyT3run!zl)i(m;~zUwoP_l;oJ#)`Nk
zBK2Gd+xo&Mox&~kv!%9^NPymAu8yS$m&dA>_oP!4x{@*_xkZ%AO+t5S-^}T&u5yaZ
zskrYPQY#3`^$>v~yTu&8^}RQp#T`P~BaBc_^D|76B3>FO&|>A)iZ*x$%X{ce$|jqb
z0Y@>NY3FK&#UBN_55?C?t#_@JVnM#Bisd+5@AwC4I1eFe)PD%|%Y&fxP-%!QrNBtP
za{y*~dKwGqBTVrdx#L*%wr}OWz%Y%SNwRn*HI{LV`@4vV6N%5C7COcKi>WF=ZE6{y
zn|v|N4v3Jq{3hWPKacf!|2dRpN&GubfU4I*!zD2>{w?;x;~>dWt#2Em`5ph&wvDw?
z+w&Wwc7LVRUb;nUuWFLoM^{Vj<LE!1gwO3B<x=}z3#9h_8m0DwQd0Ym*GugIY;Uo`
zXm490wI9zLr&dWF2QQI2jwzEmq8p@+1pm5Zl+-a7E8JBW+rotI*hqg5()S(jrlgJ!
zu<$(kX{j^1S?Wyi(u{OTC*HR+VbtEqpZBy$oiC1(I{#54b$(JQb^a5J;4e2xo!jxl
z&0i>W`J1J#YHV*KjZ#<RBB|?4-o2<o>bi8E)V1iBQrEvPkh<>W-3J#-U5{*%x*q3^
z)f~K*KR0s7a~$$lXx*RFcj8+pbr)Ak-DO*(?%grP#nYnu2fX~ST<Sh*zSJGy&j_E0
zv#2-XecOgOPKK90^e84Qk}`)@OPM3EJ3YEW$^;iknFQ~)taC~-onxd7iXxelua<fW
z(^Ajj&q_T_{HuGD)N_2L)U&8b>bbf?>iNxlspsAnsfQce^ARuLFFl{HmwLJS-ojR?
zw|0ZnyAPhq`=_MdAEc$;gL(I`Mya=Dp48jHAsMW2r|{X6=S#h(ZIpT;LHAzqwA4G7
zk1gTl*PP{M-o0m&)cXJ@c!*Ct%AbGa&t<%<;kfm@pzhTB3<?MD@y3U|e7sod{U@LJ
zifj3{P3kMEkormxL8wSMB`=L$AoY!_l=>z-C-oh)Me1uyNqs$prDL&bdyju@E0g*@
zDVO^GiPLULqtrhpCH4Pkp49*2MN&Ve4*gST3_g=L&gPJ7`M>KHNc}gJOZ_j?)9}VZ
zsejw(ti6qS+yoqE9&R@~{Ob&abr#aN_si5y2lIv<oJK+^wi}5$pLI`gD{3UX(e^Uc
zb@Xk$cfEhvnY}-~f7uD_v)=#Nzq~K9f7zMs(mb@*Lpi<ezirZMZ(JyqJb~iu11qG`
zi&@Z44mo93_cMdL5K%9y@diVP=FbQccaf#gOj$2;pwl1?-3EVVqDWIyRroG!-6|J3
zNUuSsW#{{yiXtc@{@npNkbf}Ty9nU22=nlY>mpL#)5VguPLrw@lsHvA^#0p%=2J6i
zeq3^%KsCF!TB`XiZY|HubgDKf>WpfAr%alJ<e<sk)zQw7f6ivfG>xsK;Q^B765|=f
z7$8}Tor<%$&}?CxYLh1`nmj8DIr`4n>{MTYT(z0EjDN6Mnou&&sfo63km_g<D!O>C
z<bM?Rk^|Ocy+}&g>U+K;`S?b<Xrnoh05n>iB>zo3ZAbKw3wjqw1&?l&3fnjB2sD<S
zjcLpju#un5lPWGLl}1ILl*Zn)S{k32ElqkA?~uQ*m&)EkYM5zS_Tl`jL5Epzn3A?3
zl_r!o{`I6(ig<VBF>|HSjq9XJtVzr}(}f}XS4pC+z=I)+s$r8F<cPsU^`kMVq6t~P
z4>0Em4`e~b@dsm-g@uIY8R2shu3D{XyScuP<~p^R3s*~Z53Z3Wz*-yii#b`aaKcMq
zbAaw<+*$KQsZ_m`ucQmiT;HlzApUVVBDWMV^TvgpQBNbBRBi|#^;*4-`h^+hQ6;ki
znX5O)exU}nGP428U&X&r`7$G;yirtTkn6HSns2#JZdq3M^MBNYO%YcJZJFzg53@ZN
zK8~SZx0Dw^F(3MgLjTIlQQVpwB3MGD$}#KOKZk~`YpKlFpljv2^`TSgqeLQV%;wUD
z4T<YFTlhRb|9GF2hv-rrdP}Z(pLu;?*(cPFgnONk85%J=Ls`bD89c-1jBZ4EU6ZFf
zqX!9nCjV+owu((Koa=^*u^yC|1^k93m~&u06M?QntKAB@<L^OzWkx*@9ys-0oZBEx
z)zO_^5NgQk66aKYa>P=1KoLjkN8eRpGg#9LWL{0!>VwYw{H%v`PEd_bU!K*Njy{Z>
z#6wiv2cUDDKCBa+6LJmAG#}aeO75Romi`3PbP2(C8jQgY*v<h|R6ie)`to4Q{Smo~
zvv8*W1+DwHgP<Xj6hmw__8@sXs9)?VG#^Kb=-oH619}C6SvCzteJHk3o6TGUZTgz&
zQgx}lP-o(00!}^w80VpWx>5*G@yAy?6U<n&BM8#w<Vj^$v$2~7SrBGOcP;j_%_%8e
z&Ccd>;DndiQhZF?A>HJ$5a~I>ap}9+zxmm9Oob%o$N&5c^hV&1xBdcyUYm^@09;Uw
zjbDiTYZ=<_C=B&&B`I%(8b-%(-)5jra(U+~=xmk1!WZxpZe{aGKS=}zZ1fzE%4TEz
zQCUX3+w@~Q*o=lKnx&Tw+qd-su^JlCLAQhr*1$6$mAIM)pag~gPVNn=+wwQ~W(~B$
z{)9U;7ydIFHg~N3iF>*QR?cpq$sa>;Lsu;_ZHClTOfM)_!mSHw`vP=|Ji(UxECfKu
zv1i&cQ>wa!jSiddaF9LS-@rTH<2dN}>GQ!Jn&{$uoUIJfyKUDOO3h~j62a&9MIgQd
zpLp816S4U<;pNmdAkp+RB<di4O+`4EqI~CZC_gZKI;!Xd{z*z|f<GRE{@C$QT&f)e
zLV969>RiHbgb&x2gnoMk`;@oX3oU4ndY+*R0{var@Az#Pp|7)9hT@yNn#w%==k076
z`_|J6i^N1do=x@Fg{3}#tq2Xyt(UU-xfHtgxAftH0aVkR-wNd>0{#~VS<J_3r<qzu
z`&TQa4nMFu@|Hcj(9<;$O)+9@`gJH@&rm2>N?+iEAW9E{UiM?&hq+*UCJ(*|^yBsA
zQu;LrgpAnOe8@q_=r!EP{`WBZ6FEE7?b1v67)l(?AHiE<D4X6~XgeV?&bz3`xtej`
zAQ!g)>d<yVLAQ?%Rkp}mpzr;jYqomw>poa(;MDu_ay5>@vtb}!&&z92?{P1#M>M1U
ztFY9tKR4&j8MMPe3f{z!-_8zqJJ$Auj3R`<3jB1(@u!zI+TgdLJaHy)zE{Q{395lR
zb_#ew0U_lGi?LudKT6|DD;+2^iJkio3$_RNKTF>%Ba5B0+}SntB{31N<ob6=#R)u?
zHU<t|DUCjaD;>E4kG5b}8ay7i;me4z509jwIR~3UF{`BK*Acm4MfNfp;fmX}xY;ZE
zVMgWh=vakM@H{wa4vWECN$gs3)+oDDJ0$lG83BoW!~2AV8&lw~r5)4id3KxZ5HHkw
z<vlk*0T#N^hw`3K;dcGwnSMcYXT=$#^6o;(=W`Q(`(9_y4a<qFI}ZV?)44z9Hik+e
zi3lgvyOiS?5fdTe79S6@M#CD|HR<KfUe7|!HUkkq3VKFU^KC84*6#9Ng=@g0DC>Dr
zszBPi{6}2#XRDmOjs8=&ASx9A@|v=F#T)1~XO=sAFZ{Gns-nM4o6uxK3C7YMKb<)R
zP-!$7>$2}-O|oXWvrlFl1~%{~{SBmzpUjm;eHoWZa4@ajb$Yfydu3NlzJ;r1%eQ3L
z>29gkH+{@X`R1*T$T$Cf47`2{wJ9$o-<*$NPb{6CHJ5R1J@*D58e!Jh0P!BYH=}aK
zWDcJzaswjTHY{?+?g;<o|M-RtnxdPRJNsLW)HYK&2iw}6^OZ(gDZHP4PD<VGPoT=(
zUOddc3#}pwkUG1zFi_V5z94~&PmB#p(FKT*KTBiM0>Ye$CztXr1>}MkR!Nh-rolkV
zq^8qo{5h~vYE1#q6$BC7fE`nQWp)t`I6<kmw~;S$hDUa7&^ch!en@yxoeS`!jolWY
zv>$MmaqzP2iW8vHA1LGnf1yAL*HTQ`eYc^kV752uEc6L6@SLb(1@m1d4wLrm-I8te
zUNbuFq3BDu2JZae$s3=PcBw;<(6p^FmsTEQ(u|CV<2IAcxTFZdQ+G}yaZ>j#hBL6e
ziqFfJ?>a~|@Eu*f|HAVkQq7(7vU>l{)6witsC)&*JJw(452QF}HORM!{AyHYg?x+8
z7@n6o<6wu;L_(T#BaFIcbKe#Czm64b=iz9~VDBux@;v#jUQ>{DA*ebZH^x^%Tt{3#
zywxS=v+iggNnyhqC|QxSHXVVfruDFm-0X>TX4|DT)1Vurhu6Yf0fnjw=VGdf?0X$W
z9}7?#Y>=w=PfC-J%_<}!O*(l%s?PIg!&e^FrJ_YJ5c6lt4O#_aXH9=z-5)VGB53))
zA?bh?V3DirRwT;LLf7xMVrjzLF{%8-gj5c)Sdn2XLvR~M4L9#i<Ri0zOsYH;5QgwI
z2}zuSfz5Jbm@{h@^hXFjC*m=ZkM|?tYZ7vgwFRrB(kbw6&`8$Wxze};h->HW6x^yy
zhDVe4+}xd#k(<dQY$$v0epjd}#qH1wY4%yyYnt7sS-9KCF%J(Tx7hN;VA$bf?i$Jt
z*OZZM(D?Wr#-Ot`WrqY~WE|KKu+O?vk_97Y4fQ+);>32_YPmma=d<Mewwyg;;70BS
z=0WafM+^<Zd(+(ea{|<P96|*4UtgLXe>OENt<^ij;lUf@-iY;so4L1cPM&j&*;`l9
z)9*)q7>`KTf4XkLdbtEHr-JR0sjPnw`K4MCzFWdh(4N)~o(v--9SiGbFp<8SV8nEZ
zC1*InWg!y2k)^||I)YG;!;@HNOoSKevpq)p`L>Ac!2TS$lQ|iWyUpdH)I-xXUXX!%
zxhW1wpe6qK`wm+)_;Da9pz3Sw#nmUUw+A*1ewFV;>{qsbFwBmQQJl0(Gd~vZ#=7_P
zi#(|vOv{W_ri`8^RazD~vJ%@E@=Qf6`q)|Qn!V)CINNqh%qhoASsEeZMMl$^&F-W(
z0q+K0WTKWmouAZd*w5OXOs=r|w+P3z0oJT#-2Vd+=(jgYtpkA2Xb43=*(u{TEGTpc
zyA#8LW|Lzc(nRIVC-snNb^ng~ApFF1eM;(nex6i+8)ezg2Bgqod=|JU{bgEeM0X}|
zJ0jYjvM|4}A}ji8lIO<fO8u6e^hv<hz)JCN(1!z2YWfVy4TC1|618m~1#<|PJyB||
zM35k0QuFCp?6C-EkX#5|!VAb)U_9FI*P}GB2fB?8CnZ3+^4Ew820x+TdoNj4r6aXG
zNJWfIT<Fq})LO$1@}{WN`#O*IDQdV!py>4nmS}b{5n2Q6A-jv$$T-bO+3j-e(b~ba
zHxxMahIWriM5O%iRZiTHj<QFf#=dy1RP|hqRJZ%n(u7x9q=`R9jU6(cw{FFsU+yIA
z%*MZOd<Wsy8#YRQZd37v&GHQq1hsw`qBc`?C+c@%k;Q%|wqZNmOURo=vv7EOH0s17
zzg{EPm@DrUQd1FQjVEY^6*wSHd?YTFVfJmwUCpmHNj~9<DAbbKgVh|Fl&X8uPD7w9
z<TMP{_?%>*GUOx&_Xs(uz`i~wHJEjOangaahn)1_V<D$8SP*g=2k}#H9l(XTF5hVi
zkPk&$mpe^^bIGYM_dCsjL`W(Lu9hZTH_K@r?4Rbe1WJ8Q%ivx^PHW(hA*Xe4sn2P%
zQCu~P?LT5WnTuvPZG*Rmoc74(A*X$CD_f6Ul1@jUe45i4IA)sDIXEihblD0~eQw<8
zTGl+|bO)M4PWNEk=Vam=LQZB`$mjF~dP7dnpc8U>1CypXy~_>_IepRDT$S|)>=}0Y
zhOU|B^oJ8ePXDr&A!kZpzaeMJ;MgJOr?zJwg^G0Pd9$3K4z^Eojtw*qImZr84>`vL
zH(`L*J<mCA*_%G+`1(H&ImZtkIpmxWsPs7}Ec@X!XKL_{kTZ4g`$Nu&p?jw}C$2du
z<eZc^ohfeAaopz2C+`3KpLy8T6^>_R`fp#_|M*XEItIO4cNnS+>mY!bAKHI;_4UMO
zJEZ?&gfq8Jrw@|70c)f8Jc7)|;C*4K9*Ld*`lSE;cmKz4*p9#L|KjETfABkYeB92-
zUVhqZdBn&*z=Cg1<oEKN!U0yH9d|6wDOc?Q$hPwd#2(fVmgs6`%E%%ToH}gYXE2MU
z&X$9CX^(d*FQ1H_!lF4sueJea`IVKEywlsj^e)%URj}=f9)U(98YCSEhNY^|fpkb0
zo}(U*a7dbMOUH$5k}ji(bsDlFBlcc_KNwzz6cnU5y9b>#@<yIUR_>8PsgsS<6#6<^
z&!#hxtyTy<Wcz^)$TxQZz;@Fe96J$|_yyQNa9Bd!v}{uo?tt`@+5m8L2&+9s0ZRwX
z{Hx=9*iXw~^0HkDk?~CNp-Tc<+tm+?l~(82@d$B_z=i>o+|xdYV@LC|Y_swokfw?`
z3qzpgN`PrpWLgkAX*mk+OaT3e1O!YdX#oTsW4}OJU`2@(fr-^R^(m=+d6^XIg?V-Y
z`Nri?s!l*h^S5YgLP)fpR;%pUt+NhByF<3+@gA9#i7ZdF-41{H22Q6n<qKdShMtv(
zy&XXnhFjhVdTP^BE49it#MC>V;$IiR=6i$&b`(!K_COQ`Ve+0+5WynNGn+xrSI~76
z#7Ho7c)1ihXQ9+~;3BE>-_lZd=X$B<qIFW$X!P`(H%c|vtd(lukB{a%#?0Ym?tnCw
zKIXCLt&ja*Y?djf7r<k5-d`i%Y{bv4jJngb`rl@hL2x#nWA_n;Yx10PY}|V{B0PgK
z5zwwTg{=N&+qpmqz%L~id-`r$6%eMkPqEXxz{1Fc^-gai(L1x9#UKWIGQfAz7c=Br
T9ApbRvP-bRZy$@^vHU*)cf$A?

diff --git a/vendor/golang.org/x/net/publicsuffix/data/text b/vendor/golang.org/x/net/publicsuffix/data/text
index 7e516413f..b151d97de 100644
--- a/vendor/golang.org/x/net/publicsuffix/data/text
+++ b/vendor/golang.org/x/net/publicsuffix/data/text
@@ -1 +1 @@
-birkenesoddtangentinglogoweirbitbucketrzynishikatakayamatta-varjjatjomembersaltdalovepopartysfjordiskussionsbereichatinhlfanishikatsuragitappassenger-associationishikawazukamiokameokamakurazakitaurayasudabitternidisrechtrainingloomy-routerbjarkoybjerkreimdbalsan-suedtirololitapunkapsienamsskoganeibmdeveloperauniteroirmemorialombardiadempresashibetsukumiyamagasakinderoyonagunicloudevelopmentaxiijimarriottayninhaccanthobby-siteval-d-aosta-valleyoriikaracolognebinatsukigataiwanumatajimidsundgcahcesuolocustomer-ocimperiautoscanalytics-gatewayonagoyaveroykenflfanpachihayaakasakawaiishopitsitemasekd1kappenginedre-eikerimo-siemenscaledekaascolipicenoboribetsucks3-eu-west-3utilities-16-balestrandabergentappsseekloges3-eu-west-123paginawebcamauction-acornfshostrodawaraktyubinskaunicommbank123kotisivultrobjectselinogradimo-i-rana4u2-localhostrolekanieruchomoscientistordal-o-g-i-nikolaevents3-ap-northeast-2-ddnsking123homepagefrontappchizip61123saitamakawababia-goracleaningheannakadomarineat-urlimanowarudakuneustarostwodzislawdev-myqnapcloudcontrolledgesuite-stagingdyniamusementdllclstagehirnikonantomobelementorayokosukanoyakumoliserniaurland-4-salernord-aurdalipaywhirlimiteddnslivelanddnss3-ap-south-123siteweberlevagangaviikanonji234lima-cityeats3-ap-southeast-123webseiteambulancechireadmyblogspotaribeiraogakicks-assurfakefurniturealmpmninoheguribigawaurskog-holandinggfarsundds3-ap-southeast-20001wwwedeployokote123hjemmesidealerdalaheadjuegoshikibichuobiraustevollimombetsupplyokoze164-balena-devices3-ca-central-123websiteleaf-south-12hparliamentatsunobninsk8s3-eu-central-1337bjugnishimerablackfridaynightjxn--11b4c3ditchyouripatriabloombergretaijindustriesteinkjerbloxcmsaludivtasvuodnakaiwanairlinekobayashimodatecnologiablushakotanishinomiyashironomniwebview-assetsalvadorbmoattachmentsamegawabmsamnangerbmwellbeingzonebnrweatherchannelsdvrdnsamparalleluxenishinoomotegotsukishiwadavvenjargamvikarpaczest-a-la-maisondre-landivttasvuotnakamai-stagingloppennebomlocalzonebonavstackartuzybondigitaloceanspacesamsclubartowest1-usamsunglugsmall-webspacebookonlineboomlaakesvuemielecceboschristmasakilatiron-riopretoeidsvollovesickaruizawabostik-serverrankoshigayachtsandvikcoromantovalle-d-aostakinouebostonakijinsekikogentlentapisa-geekarumaifmemsetkmaxxn--12c1fe0bradescotksatmpaviancapitalonebouncemerckmsdscloudiybounty-fullensakerrypropertiesangovtoyosatoyokawaboutiquebecologialaichaugiangmbhartiengiangminakamichiharaboutireservdrangedalpusercontentoyotapfizerboyfriendoftheinternetflixn--12cfi8ixb8lublindesnesanjosoyrovnoticiasannanishinoshimattelemarkasaokamikitayamatsurinfinitigopocznore-og-uvdalucaniabozen-sudtiroluccanva-appstmnishiokoppegardray-dnsupdaterbozen-suedtirolukowesteuropencraftoyotomiyazakinsurealtypeformesswithdnsannohekinanporovigonohejinternationaluroybplacedogawarabikomaezakirunordkappgfoggiabrandrayddns5ybrasiliadboxoslockerbresciaogashimadachicappadovaapstemp-dnswatchest-mon-blogueurodirumagazinebrindisiciliabroadwaybroke-itvedestrandraydnsanokashibatakashimashikiyosatokigawabrokerbrothermesserlifestylebtimnetzpisdnpharmaciensantamariakebrowsersafetymarketingmodumetacentrumeteorappharmacymruovatlassian-dev-builderschaefflerbrumunddalutskashiharabrusselsantoandreclaimsanukintlon-2bryanskiptveterinaireadthedocsaobernardovre-eikerbrynebwestus2bzhitomirbzzwhitesnowflakecommunity-prochowicecomodalenissandoycompanyaarphdfcbankasumigaurawa-mazowszexn--1ck2e1bambinagisobetsuldalpha-myqnapcloudaccess3-us-east-2ixboxeroxfinityolasiteastus2comparemarkerryhotelsaves-the-whalessandria-trani-barletta-andriatranibarlettaandriacomsecaasnesoddeno-stagingrondarcondoshifteditorxn--1ctwolominamatarnobrzegrongrossetouchijiwadedyn-berlincolnissayokoshibahikariyaltakazakinzais-a-bookkeepermarshallstatebankasuyalibabahccavuotnagaraholtaleniwaizumiotsurugashimaintenanceomutazasavonarviikaminoyamaxunispaceconferenceconstructionflashdrivefsncf-ipfsaxoconsuladobeio-static-accesscamdvrcampaniaconsultantranoyconsultingroundhandlingroznysaitohnoshookuwanakayamangyshlakdnepropetrovskanlandyndns-freeboxostrowwlkpmgrphilipsyno-dschokokekscholarshipschoolbusinessebycontactivetrailcontagematsubaravendbambleborkdalvdalcest-le-patron-rancherkasydneyukuhashimokawavoues3-sa-east-1contractorskenissedalcookingruecoolblogdnsfor-better-thanhhoarairforcentralus-1cooperativano-frankivskodjeephonefosschoolsztynsetransiphotographysiocoproductionschulplattforminamiechizenisshingucciprianiigatairaumalatvuopmicrolightinguidefinimaringatlancastercorsicafjschulservercosenzakopanecosidnshome-webservercellikescandypopensocialcouchpotatofrieschwarzgwangjuh-ohtawaramotoineppueblockbusternopilawacouncilcouponscrapper-sitecozoravennaharimalborkaszubytemarketscrappinguitarscrysecretrosnubananarepublic-inquiryurihonjoyenthickaragandaxarnetbankanzakiwielunnerepairbusanagochigasakishimabarakawaharaolbia-tempio-olbiatempioolbialowiezachpomorskiengiangjesdalolipopmcdirepbodyn53cqcxn--1lqs03niyodogawacrankyotobetsumidaknongujaratmallcrdyndns-homednscwhminamifuranocreditcardyndns-iphutholdingservehttpbincheonl-ams-1creditunionionjukujitawaravpagecremonashorokanaiecrewhoswholidaycricketnedalcrimeast-kazakhstanangercrotonecrowniphuyencrsvp4cruiseservehumourcuisinellair-traffic-controllagdenesnaaseinet-freakserveircasertainaircraftingvolloansnasaarlanduponthewifidelitypedreamhostersaotomeldaluxurycuneocupcakecuritibacgiangiangryggeecurvalled-aostargets-itranslatedyndns-mailcutegirlfriendyndns-office-on-the-webhoptogurafedoraprojectransurlfeirafembetsukuis-a-bruinsfanfermodenakasatsunairportrapaniizaferraraferraris-a-bulls-fanferrerotikagoshimalopolskanittedalfetsundyndns-wikimobetsumitakagildeskaliszkolamericanfamilydservemp3fgunmaniwamannorth-kazakhstanfhvalerfilegear-augustowiiheyakagefilegear-deatnuniversitysvardofilegear-gbizfilegear-iefilegear-jpmorgangwonporterfilegear-sg-1filminamiizukamiminefinalchikugokasellfyis-a-candidatefinancefinnoyfirebaseappiemontefirenetlifylkesbiblackbaudcdn-edgestackhero-networkinggroupowiathletajimabaria-vungtaudiopsysharpigboatshawilliamhillfirenzefirestonefireweblikes-piedmontravelersinsurancefirmdalegalleryfishingoldpoint2thisamitsukefitjarfitnessettsurugiminamimakis-a-catererfjalerfkatsushikabeebyteappilottonsberguovdageaidnunjargausdalflekkefjordyndns-workservep2phxn--1lqs71dyndns-remotewdyndns-picserveminecraftransporteflesbergushikamifuranorthflankatsuyamashikokuchuoflickragerokunohealthcareershellflierneflirfloginlinefloppythonanywherealtorfloraflorencefloripalmasfjordenfloristanohatajiris-a-celticsfanfloromskogxn--2m4a15eflowershimokitayamafltravinhlonganflynnhosting-clusterfncashgabadaddjabbottoyourafndyndns1fnwkzfolldalfoolfor-ourfor-somegurownproviderfor-theaterfordebianforexrotheworkpccwinbar0emmafann-arborlandd-dnsiskinkyowariasahikawarszawashtenawsmppl-wawsglobalacceleratorahimeshimakanegasakievennodebalancern4t3l3p0rtatarantours3-ap-northeast-123minsidaarborteaches-yogano-ipifony-123miwebaccelastx4432-b-datacenterprisesakijobservableusercontentateshinanomachintaifun-dnsdojournalistoloseyouriparisor-fronavuotnarashinoharaetnabudejjunipereggio-emilia-romagnaroyboltateyamajureggiocalabriakrehamnayoro0o0forgotdnshimonitayanagithubpreviewsaikisarazure-mobileirfjordynnservepicservequakeforli-cesena-forlicesenaforlillehammerfeste-ipimientaketomisatoolshimonosekikawaforsalegoismailillesandefjordynservebbservesarcasmileforsandasuolodingenfortalfortefosneshimosuwalkis-a-chefashionstorebaseljordyndns-serverisignfotrdynulvikatowicefoxn--2scrj9casinordlandurbanamexnetgamersapporomurafozfr-1fr-par-1fr-par-2franamizuhoboleslawiecommerce-shoppingyeongnamdinhachijohanamakisofukushimaoris-a-conservativegarsheiheijis-a-cparachutingfredrikstadynv6freedesktopazimuthaibinhphuocelotenkawakayamagnetcieszynh-servebeero-stageiseiroumugifuchungbukharag-cloud-championshiphoplixn--30rr7yfreemyiphosteurovisionredumbrellangevagrigentobishimadridvagsoygardenebakkeshibechambagricoharugbydgoszczecin-berlindasdaburfreesitefreetlshimotsukefreisennankokubunjis-a-cubicle-slavellinodeobjectshimotsumafrenchkisshikindleikangerfreseniushinichinanfriuli-v-giuliafriuli-ve-giuliafriuli-vegiuliafriuli-venezia-giuliafriuli-veneziagiuliafriuli-vgiuliafriuliv-giuliafriulive-giuliafriulivegiuliafriulivenezia-giuliafriuliveneziagiuliafriulivgiuliafrlfroganshinjotelulubin-vpncateringebunkyonanaoshimamateramockashiwarafrognfrolandynvpnpluservicesevastopolitiendafrom-akamaized-stagingfrom-alfrom-arfrom-azurewebsiteshikagamiishibuyabukihokuizumobaragusabaerobaticketshinjukuleuvenicefrom-campobassociatest-iserveblogsytenrissadistdlibestadultrentin-sudtirolfrom-coachaseljeducationcillahppiacenzaganfrom-ctrentin-sued-tirolfrom-dcatfooddagestangefrom-decagliarikuzentakataikillfrom-flapymntrentin-suedtirolfrom-gap-east-1from-higashiagatsumagoianiafrom-iafrom-idyroyrvikingulenfrom-ilfrom-in-the-bandairtelebitbridgestonemurorangecloudplatform0from-kshinkamigototalfrom-kyfrom-langsonyantakahamalselveruminamiminowafrom-malvikaufentigerfrom-mdfrom-mein-vigorlicefrom-mifunefrom-mnfrom-modshinshinotsurgeryfrom-mshinshirofrom-mtnfrom-ncatholicurus-4from-ndfrom-nefrom-nhs-heilbronnoysundfrom-njshintokushimafrom-nminamioguni5from-nvalledaostargithubusercontentrentino-a-adigefrom-nycaxiaskvollpagesardegnarutolgaulardalvivanovoldafrom-ohdancefrom-okegawassamukawataris-a-democratrentino-aadigefrom-orfrom-panasonichernovtsykkylvenneslaskerrylogisticsardiniafrom-pratohmamurogawatsonrenderfrom-ris-a-designerimarugame-hostyhostingfrom-schmidtre-gauldalfrom-sdfrom-tnfrom-txn--32vp30hachinoheavyfrom-utsiracusagaeroclubmedecin-addrammenuorodoyerfrom-val-daostavalleyfrom-vtrentino-alto-adigefrom-wafrom-wiardwebthingsjcbnpparibashkiriafrom-wvallee-aosteroyfrom-wyfrosinonefrostabackplaneapplebesbyengerdalp1froyal-commissionfruskydivingfujiiderafujikawaguchikonefujiminokamoenairtrafficplexus-2fujinomiyadapliefujiokazakinkobearalvahkikonaibetsubame-south-1fujisatoshoeshintomikasaharafujisawafujishiroishidakabiratoridediboxn--3bst00minamisanrikubetsupportrentino-altoadigefujitsuruokakamigaharafujiyoshidappnodearthainguyenfukayabeardubaikawagoefukuchiyamadatsunanjoburgfukudomigawafukuis-a-doctorfukumitsubishigakirkeneshinyoshitomiokamisatokamachippubetsuikitchenfukuokakegawafukuroishikariwakunigamigrationfukusakirovogradoyfukuyamagatakaharunusualpersonfunabashiriuchinadattorelayfunagatakahashimamakiryuohkurafunahashikamiamakusatsumasendaisenergyeongginowaniihamatamakinoharafundfunkfeuerfuoiskujukuriyamandalfuosskoczowindowskrakowinefurubirafurudonordreisa-hockeynutwentertainmentrentino-s-tirolfurukawajimangolffanshiojirishirifujiedafusoctrangfussagamiharafutabayamaguchinomihachimanagementrentino-stirolfutboldlygoingnowhere-for-more-og-romsdalfuttsurutashinais-a-financialadvisor-aurdalfuturecmshioyamelhushirahamatonbetsurnadalfuturehostingfuturemailingfvghakuis-a-gurunzenhakusandnessjoenhaldenhalfmoonscalebookinghostedpictetrentino-sud-tirolhalsakakinokiaham-radio-opinbar1hamburghammarfeastasiahamurakamigoris-a-hard-workershiraokamisunagawahanamigawahanawahandavvesiidanangodaddyn-o-saurealestatefarmerseinehandcrafteducatorprojectrentino-sudtirolhangglidinghangoutrentino-sued-tirolhannannestadhannosegawahanoipinkazohanyuzenhappouzshiratakahagianghasamap-northeast-3hasaminami-alpshishikuis-a-hunterhashbanghasudazaifudaigodogadobeioruntimedio-campidano-mediocampidanomediohasura-appinokokamikoaniikappudopaashisogndalhasvikazteleportrentino-suedtirolhatogayahoooshikamagayaitakamoriokakudamatsuehatoyamazakitahiroshimarcheapartmentshisuifuettertdasnetzhatsukaichikaiseiyoichipshitaramahattfjelldalhayashimamotobusells-for-lesshizukuishimoichilloutsystemscloudsitehazuminobushibukawahelplfinancialhelsinkitakamiizumisanofidonnakamurataitogliattinnhemneshizuokamitondabayashiogamagoriziahemsedalhepforgeblockshoujis-a-knightpointtokaizukamaishikshacknetrentinoa-adigehetemlbfanhigashichichibuzentsujiiehigashihiroshimanehigashiizumozakitakatakanabeautychyattorneyagawakkanaioirasebastopoleangaviikadenagahamaroyhigashikagawahigashikagurasoedahigashikawakitaaikitakyushunantankazunovecorebungoonow-dnshowahigashikurumeinforumzhigashimatsushimarnardalhigashimatsuyamakitaakitadaitoigawahigashimurayamamotorcycleshowtimeloyhigashinarusells-for-uhigashinehigashiomitamanoshiroomghigashiosakasayamanakakogawahigashishirakawamatakanezawahigashisumiyoshikawaminamiaikitamihamadahigashitsunospamproxyhigashiurausukitamotosunnydayhigashiyamatokoriyamanashiibaclieu-1higashiyodogawahigashiyoshinogaris-a-landscaperspectakasakitanakagusukumoldeliveryhippyhiraizumisatohokkaidontexistmein-iservschulecznakaniikawatanagurahirakatashinagawahiranais-a-lawyerhirarahiratsukaeruhirayaizuwakamatsubushikusakadogawahitachiomiyaginozawaonsensiositehitachiotaketakaokalmykiahitraeumtgeradegreehjartdalhjelmelandholyhomegoodshwinnersiiitesilkddiamondsimple-urlhomeipioneerhomelinkyard-cloudjiffyresdalhomelinuxn--3ds443ghomeofficehomesecuritymacaparecidahomesecuritypchiryukyuragiizehomesenseeringhomeskleppippugliahomeunixn--3e0b707ehondahonjyoitakarazukaluganskfh-muensterhornindalhorsells-itrentinoaadigehortendofinternet-dnsimplesitehospitalhotelwithflightsirdalhotmailhoyangerhoylandetakasagooglecodespotrentinoalto-adigehungyenhurdalhurumajis-a-liberalhyllestadhyogoris-a-libertarianhyugawarahyundaiwafuneis-very-evillasalleitungsenis-very-goodyearis-very-niceis-very-sweetpepperugiais-with-thebandoomdnstraceisk01isk02jenv-arubacninhbinhdinhktistoryjeonnamegawajetztrentinostiroljevnakerjewelryjgorajlljls-sto1jls-sto2jls-sto3jmpixolinodeusercontentrentinosud-tiroljnjcloud-ver-jpchitosetogitsuliguriajoyokaichibahcavuotnagaivuotnagaokakyotambabymilk3jozis-a-musicianjpnjprsolarvikhersonlanxessolundbeckhmelnitskiyamasoykosaigawakosakaerodromegalloabatobamaceratachikawafaicloudineencoreapigeekoseis-a-painterhostsolutionslupskhakassiakosheroykoshimizumakis-a-patsfankoshughesomakosugekotohiradomainstitutekotourakouhokumakogenkounosupersalevangerkouyamasudakouzushimatrixn--3pxu8khplaystation-cloudyclusterkozagawakozakis-a-personaltrainerkozowiosomnarviklabudhabikinokawachinaganoharamcocottekpnkppspbarcelonagawakepnord-odalwaysdatabaseballangenkainanaejrietisalatinabenogiehtavuoatnaamesjevuemielnombrendlyngen-rootaruibxos3-us-gov-west-1krasnikahokutokonamegatakatoris-a-photographerokussldkrasnodarkredstonekrelliankristiansandcatsoowitdkmpspawnextdirectrentinosudtirolkristiansundkrodsheradkrokstadelvaldaostavangerkropyvnytskyis-a-playershiftcryptonomichinomiyakekryminamiyamashirokawanabelaudnedalnkumamotoyamatsumaebashimofusakatakatsukis-a-republicanonoichinosekigaharakumanowtvaokumatorinokumejimatsumotofukekumenanyokkaichirurgiens-dentistes-en-francekundenkunisakis-a-rockstarachowicekunitachiaraisaijolsterkunitomigusukukis-a-socialistgstagekunneppubtlsopotrentinosued-tirolkuokgroupizzakurgankurobegetmyipirangalluplidlugolekagaminorddalkurogimimozaokinawashirosatochiokinoshimagentositempurlkuroisodegaurakuromatsunais-a-soxfankuronkurotakikawasakis-a-studentalkushirogawakustanais-a-teacherkassyncloudkusuppliesor-odalkutchanelkutnokuzumakis-a-techietipslzkvafjordkvalsundkvamsterdamnserverbaniakvanangenkvinesdalkvinnheradkviteseidatingkvitsoykwpspdnsor-varangermishimatsusakahogirlymisugitokorozawamitakeharamitourismartlabelingmitoyoakemiuramiyazurecontainerdpoliticaobangmiyotamatsukuris-an-actormjondalenmonzabrianzaramonzaebrianzamonzaedellabrianzamordoviamorenapolicemoriyamatsuuramoriyoshiminamiashigaramormonstermoroyamatsuzakis-an-actressmushcdn77-sslingmortgagemoscowithgoogleapiszmoseushimogosenmosjoenmoskenesorreisahayakawakamiichikawamisatottoris-an-anarchistjordalshalsenmossortlandmosviknx-serversusakiyosupabaseminemotegit-reposoruminanomoviemovimientokyotangotembaixadattowebhareidsbergmozilla-iotrentinosuedtirolmtranbytomaridagawalmartrentinsud-tirolmuikaminokawanishiaizubangemukoelnmunakatanemuosattemupkomatsushimassa-carrara-massacarraramassabuzzmurmanskomforbar2murotorcraftranakatombetsumy-gatewaymusashinodesakegawamuseumincomcastoripressorfoldmusicapetownnews-stagingmutsuzawamy-vigormy-wanggoupilemyactivedirectorymyamazeplaymyasustor-elvdalmycdmycloudnsoundcastorjdevcloudfunctionsokndalmydattolocalcertificationmyddnsgeekgalaxymydissentrentinsudtirolmydobissmarterthanyoumydrobofageometre-experts-comptablesowamydspectruminisitemyeffectrentinsued-tirolmyfastly-edgekey-stagingmyfirewalledreplittlestargardmyforuminterecifedextraspace-to-rentalstomakomaibaramyfritzmyftpaccesspeedpartnermyhome-servermyjinomykolaivencloud66mymailermymediapchoseikarugalsacemyokohamamatsudamypeplatformsharis-an-artistockholmestrandmypetsphinxn--41amyphotoshibajddarvodkafjordvaporcloudmypictureshinomypsxn--42c2d9amysecuritycamerakermyshopblockspjelkavikommunalforbundmyshopifymyspreadshopselectrentinsuedtirolmytabitordermythic-beastspydebergmytis-a-anarchistg-buildermytuleap-partnersquaresindevicenzamyvnchoshichikashukudoyamakeuppermywirecipescaracallypoivronpokerpokrovskommunepolkowicepoltavalle-aostavernpomorzeszowithyoutuberspacekitagawaponpesaro-urbino-pesarourbinopesaromasvuotnaritakurashikis-bykleclerchitachinakagawaltervistaipeigersundynamic-dnsarlpordenonepornporsangerporsangugeporsgrunnanpoznanpraxihuanprdprgmrprimetelprincipeprivatelinkomonowruzhgorodeoprivatizehealthinsuranceprofesionalprogressivegasrlpromonza-e-della-brianzaptokuyamatsushigepropertysnesrvarggatrevisogneprotectionprotonetroandindependent-inquest-a-la-masionprudentialpruszkowiwatsukiyonotaireserve-onlineprvcyonabarumbriaprzeworskogpunyufuelpupulawypussycatanzarowixsitepvhachirogatakahatakaishimojis-a-geekautokeinotteroypvtrogstadpwchowderpzqhadanorthwesternmutualqldqotoyohashimotoshimaqponiatowadaqslgbtroitskomorotsukagawaqualifioapplatter-applatterplcube-serverquangngais-certifiedugit-pagespeedmobilizeroticaltanissettailscaleforcequangninhthuanquangtritonoshonais-foundationquickconnectromsakuragawaquicksytestreamlitapplumbingouvaresearchitectesrhtrentoyonakagyokutoyakomakizunokunimimatakasugais-an-engineeringquipelementstrippertuscanytushungrytuvalle-daostamayukis-into-animeiwamizawatuxfamilytuyenquangbinhthuantwmailvestnesuzukis-gonevestre-slidreggio-calabriavestre-totennishiawakuravestvagoyvevelstadvibo-valentiaavibovalentiavideovinhphuchromedicinagatorogerssarufutsunomiyawakasaikaitakokonoevinnicarbonia-iglesias-carboniaiglesiascarboniavinnytsiavipsinaapplurinacionalvirginanmokurennebuvirtual-userveexchangevirtualservervirtualuserveftpodhalevisakurais-into-carsnoasakuholeckodairaviterboliviajessheimmobilienvivianvivoryvixn--45br5cylvlaanderennesoyvladikavkazimierz-dolnyvladimirvlogintoyonezawavmintsorocabalashovhachiojiyahikobierzycevologdanskoninjambylvolvolkswagencyouvolyngdalvoorlopervossevangenvotevotingvotoyonovps-hostrowiechungnamdalseidfjordynathomebuiltwithdarkhangelskypecorittogojomeetoystre-slidrettozawawmemergencyahabackdropalermochizukikirarahkkeravjuwmflabsvalbardunloppadualstackomvuxn--3hcrj9chonanbuskerudynamisches-dnsarpsborgripeeweeklylotterywoodsidellogliastradingworse-thanhphohochiminhadselbuyshouseshirakolobrzegersundongthapmircloudletshiranukamishihorowowloclawekonskowolawawpdevcloudwpenginepoweredwphostedmailwpmucdnipropetrovskygearappodlasiellaknoluoktagajobojis-an-entertainerwpmudevcdnaccessojamparaglidingwritesthisblogoipodzonewroclawmcloudwsseoullensvanguardianwtcp4wtfastlylbanzaicloudappspotagereporthruherecreationinomiyakonojorpelandigickarasjohkameyamatotakadawuozuerichardlillywzmiuwajimaxn--4it797konsulatrobeepsondriobranconagareyamaizuruhrxn--4pvxs4allxn--54b7fta0ccistrondheimpertrixcdn77-secureadymadealstahaugesunderxn--55qw42gxn--55qx5dxn--5dbhl8dxn--5js045dxn--5rtp49citadelhichisochimkentozsdell-ogliastraderxn--5rtq34kontuminamiuonumatsunoxn--5su34j936bgsgxn--5tzm5gxn--6btw5axn--6frz82gxn--6orx2rxn--6qq986b3xlxn--7t0a264citicarrdrobakamaiorigin-stagingmxn--12co0c3b4evalleaostaobaomoriguchiharaffleentrycloudflare-ipfstcgroupaaskimitsubatamibulsan-suedtirolkuszczytnoopscbgrimstadrrxn--80aaa0cvacationsvchoyodobashichinohealth-carereforminamidaitomanaustdalxn--80adxhksveioxn--80ao21axn--80aqecdr1axn--80asehdbarclaycards3-us-west-1xn--80aswgxn--80aukraanghkeliwebpaaskoyabeagleboardxn--8dbq2axn--8ltr62konyvelohmusashimurayamassivegridxn--8pvr4uxn--8y0a063axn--90a1affinitylotterybnikeisencowayxn--90a3academiamicable-modemoneyxn--90aeroportsinfolionetworkangerxn--90aishobaraxn--90amckinseyxn--90azhytomyrxn--9dbq2axn--9et52uxn--9krt00axn--andy-iraxn--aroport-byanagawaxn--asky-iraxn--aurskog-hland-jnbarclays3-us-west-2xn--avery-yuasakurastoragexn--b-5gaxn--b4w605ferdxn--balsan-sdtirol-nsbsvelvikongsbergxn--bck1b9a5dre4civilaviationfabricafederation-webredirectmediatechnologyeongbukashiwazakiyosembokutamamuraxn--bdddj-mrabdxn--bearalvhki-y4axn--berlevg-jxaxn--bhcavuotna-s4axn--bhccavuotna-k7axn--bidr-5nachikatsuuraxn--bievt-0qa2xn--bjarky-fyanaizuxn--bjddar-ptarumizusawaxn--blt-elabcienciamallamaceiobbcn-north-1xn--bmlo-graingerxn--bod-2natalxn--bozen-sdtirol-2obanazawaxn--brnny-wuacademy-firewall-gatewayxn--brnnysund-m8accident-investigation-aptibleadpagesquare7xn--brum-voagatrustkanazawaxn--btsfjord-9zaxn--bulsan-sdtirol-nsbarefootballooningjovikarasjoketokashikiyokawaraxn--c1avgxn--c2br7gxn--c3s14misakis-a-therapistoiaxn--cck2b3baremetalombardyn-vpndns3-website-ap-northeast-1xn--cckwcxetdxn--cesena-forl-mcbremangerxn--cesenaforl-i8axn--cg4bkis-into-cartoonsokamitsuexn--ciqpnxn--clchc0ea0b2g2a9gcdxn--czr694bargainstantcloudfrontdoorestauranthuathienhuebinordre-landiherokuapparochernigovernmentjeldsundiscordsays3-website-ap-southeast-1xn--czrs0trvaroyxn--czru2dxn--czrw28barrel-of-knowledgeapplinziitatebayashijonawatebizenakanojoetsumomodellinglassnillfjordiscordsezgoraxn--d1acj3barrell-of-knowledgecomputermezproxyzgorzeleccoffeedbackanagawarmiastalowa-wolayangroupars3-website-ap-southeast-2xn--d1alfaststacksevenassigdalxn--d1atrysiljanxn--d5qv7z876clanbibaiduckdnsaseboknowsitallxn--davvenjrga-y4axn--djrs72d6uyxn--djty4koobindalxn--dnna-grajewolterskluwerxn--drbak-wuaxn--dyry-iraxn--e1a4cldmail-boxaxn--eckvdtc9dxn--efvn9svn-repostuff-4-salexn--efvy88haebaruericssongdalenviknaklodzkochikushinonsenasakuchinotsuchiurakawaxn--ehqz56nxn--elqq16hagakhanhhoabinhduongxn--eveni-0qa01gaxn--f6qx53axn--fct429kooris-a-nascarfanxn--fhbeiarnxn--finny-yuaxn--fiq228c5hsbcleverappsassarinuyamashinazawaxn--fiq64barsycenterprisecloudcontrolappgafanquangnamasteigenoamishirasatochigifts3-website-eu-west-1xn--fiqs8swidnicaravanylvenetogakushimotoganexn--fiqz9swidnikitagatakkomaganexn--fjord-lraxn--fjq720axn--fl-ziaxn--flor-jraxn--flw351exn--forl-cesena-fcbsswiebodzindependent-commissionxn--forlcesena-c8axn--fpcrj9c3dxn--frde-granexn--frna-woaxn--frya-hraxn--fzc2c9e2clickrisinglesjaguarxn--fzys8d69uvgmailxn--g2xx48clinicasacampinagrandebungotakadaemongolianishitosashimizunaminamiawajikintuitoyotsukaidownloadrudtvsaogoncapooguyxn--gckr3f0fastvps-serveronakanotoddenxn--gecrj9cliniquedaklakasamatsudoesntexisteingeekasserversicherungroks-theatrentin-sud-tirolxn--ggaviika-8ya47hagebostadxn--gildeskl-g0axn--givuotna-8yandexcloudxn--gjvik-wuaxn--gk3at1exn--gls-elacaixaxn--gmq050is-into-gamessinamsosnowieconomiasadojin-dslattuminamitanexn--gmqw5axn--gnstigbestellen-zvbrplsbxn--45brj9churcharterxn--gnstigliefern-wobihirosakikamijimayfirstorfjordxn--h-2failxn--h1ahnxn--h1alizxn--h2breg3eveneswinoujsciencexn--h2brj9c8clothingdustdatadetectrani-andria-barletta-trani-andriaxn--h3cuzk1dienbienxn--hbmer-xqaxn--hcesuolo-7ya35barsyonlinehimejiiyamanouchikujoinvilleirvikarasuyamashikemrevistathellequipmentjmaxxxjavald-aostatics3-website-sa-east-1xn--hebda8basicserversejny-2xn--hery-iraxn--hgebostad-g3axn--hkkinen-5waxn--hmmrfeasta-s4accident-prevention-k3swisstufftoread-booksnestudioxn--hnefoss-q1axn--hobl-iraxn--holtlen-hxaxn--hpmir-xqaxn--hxt814exn--hyanger-q1axn--hylandet-54axn--i1b6b1a6a2exn--imr513nxn--indery-fyaotsusonoxn--io0a7is-leetrentinoaltoadigexn--j1adpohlxn--j1aefauskedsmokorsetagayaseralingenovaraxn--j1ael8basilicataniaxn--j1amhaibarakisosakitahatakamatsukawaxn--j6w193gxn--jlq480n2rgxn--jlster-byasakaiminatoyookananiimiharuxn--jrpeland-54axn--jvr189misasaguris-an-accountantsmolaquilaocais-a-linux-useranishiaritabashikaoizumizakitashiobaraxn--k7yn95exn--karmy-yuaxn--kbrq7oxn--kcrx77d1x4axn--kfjord-iuaxn--klbu-woaxn--klt787dxn--kltp7dxn--kltx9axn--klty5xn--45q11circlerkstagentsasayamaxn--koluokta-7ya57haiduongxn--kprw13dxn--kpry57dxn--kput3is-lostre-toteneis-a-llamarumorimachidaxn--krager-gyasugitlabbvieeexn--kranghke-b0axn--krdsherad-m8axn--krehamn-dxaxn--krjohka-hwab49jdfastly-terrariuminamiiseharaxn--ksnes-uuaxn--kvfjord-nxaxn--kvitsy-fyasuokanmakiwakuratexn--kvnangen-k0axn--l-1fairwindsynology-diskstationxn--l1accentureklamborghinikkofuefukihabororosynology-dsuzakadnsaliastudynaliastrynxn--laheadju-7yatominamibosoftwarendalenugxn--langevg-jxaxn--lcvr32dxn--ldingen-q1axn--leagaviika-52basketballfinanzjaworznoticeableksvikaratsuginamikatagamilanotogawaxn--lesund-huaxn--lgbbat1ad8jejuxn--lgrd-poacctulaspeziaxn--lhppi-xqaxn--linds-pramericanexpresservegame-serverxn--loabt-0qaxn--lrdal-sraxn--lrenskog-54axn--lt-liacn-northwest-1xn--lten-granvindafjordxn--lury-iraxn--m3ch0j3axn--mely-iraxn--merker-kuaxn--mgb2ddesxn--mgb9awbfbsbxn--1qqw23axn--mgba3a3ejtunesuzukamogawaxn--mgba3a4f16axn--mgba3a4fra1-deloittexn--mgba7c0bbn0axn--mgbaakc7dvfsxn--mgbaam7a8haiphongonnakatsugawaxn--mgbab2bdxn--mgbah1a3hjkrdxn--mgbai9a5eva00batsfjordiscountry-snowplowiczeladzlgleezeu-2xn--mgbai9azgqp6jelasticbeanstalkharkovalleeaostexn--mgbayh7gparasitexn--mgbbh1a71exn--mgbc0a9azcgxn--mgbca7dzdoxn--mgbcpq6gpa1axn--mgberp4a5d4a87gxn--mgberp4a5d4arxn--mgbgu82axn--mgbi4ecexposedxn--mgbpl2fhskopervikhmelnytskyivalleedaostexn--mgbqly7c0a67fbcngroks-thisayamanobeatsaudaxn--mgbqly7cvafricargoboavistanbulsan-sudtirolxn--mgbt3dhdxn--mgbtf8flatangerxn--mgbtx2bauhauspostman-echofunatoriginstances3-website-us-east-1xn--mgbx4cd0abkhaziaxn--mix082fbx-osewienxn--mix891fbxosexyxn--mjndalen-64axn--mk0axindependent-inquiryxn--mk1bu44cnpyatigorskjervoyagexn--mkru45is-not-certifiedxn--mlatvuopmi-s4axn--mli-tlavagiskexn--mlselv-iuaxn--moreke-juaxn--mori-qsakuratanxn--mosjen-eyatsukannamihokksundxn--mot-tlavangenxn--mre-og-romsdal-qqbuservecounterstrikexn--msy-ula0hair-surveillancexn--mtta-vrjjat-k7aflakstadaokayamazonaws-cloud9guacuiababybluebiteckidsmynasushiobaracingrok-freeddnsfreebox-osascoli-picenogatabuseating-organicbcgjerdrumcprequalifymelbourneasypanelblagrarq-authgear-stagingjerstadeltaishinomakilovecollegefantasyleaguenoharauthgearappspacehosted-by-previderehabmereitattoolforgerockyombolzano-altoadigeorgeorgiauthordalandroideporteatonamidorivnebetsukubankanumazuryomitanocparmautocodebergamoarekembuchikumagayagawafflecelloisirs3-external-180reggioemiliaromagnarusawaustrheimbalsan-sudtirolivingitpagexlivornobserveregruhostingivestbyglandroverhalladeskjakamaiedge-stagingivingjemnes3-eu-west-2038xn--muost-0qaxn--mxtq1misawaxn--ngbc5azdxn--ngbe9e0axn--ngbrxn--4dbgdty6ciscofreakamaihd-stagingriwataraindroppdalxn--nit225koryokamikawanehonbetsuwanouchikuhokuryugasakis-a-nursellsyourhomeftpiwatexn--nmesjevuemie-tcbalatinord-frontierxn--nnx388axn--nodessakurawebsozais-savedxn--nqv7fs00emaxn--nry-yla5gxn--ntso0iqx3axn--ntsq17gxn--nttery-byaeservehalflifeinsurancexn--nvuotna-hwaxn--nyqy26axn--o1achernivtsicilynxn--4dbrk0cexn--o3cw4hakatanortonkotsunndalxn--o3cyx2axn--od0algardxn--od0aq3beneventodayusuharaxn--ogbpf8fldrvelvetromsohuissier-justicexn--oppegrd-ixaxn--ostery-fyatsushiroxn--osyro-wuaxn--otu796dxn--p1acfedjeezxn--p1ais-slickharkivallee-d-aostexn--pgbs0dhlx3xn--porsgu-sta26fedorainfraclouderaxn--pssu33lxn--pssy2uxn--q7ce6axn--q9jyb4cnsauheradyndns-at-homedepotenzamamicrosoftbankasukabedzin-brbalsfjordietgoryoshiokanravocats3-fips-us-gov-west-1xn--qcka1pmcpenzapposxn--qqqt11misconfusedxn--qxa6axn--qxamunexus-3xn--rady-iraxn--rdal-poaxn--rde-ulazioxn--rdy-0nabaris-uberleetrentinos-tirolxn--rennesy-v1axn--rhkkervju-01afedorapeoplefrakkestadyndns-webhostingujogaszxn--rholt-mragowoltlab-democraciaxn--rhqv96gxn--rht27zxn--rht3dxn--rht61exn--risa-5naturalxn--risr-iraxn--rland-uuaxn--rlingen-mxaxn--rmskog-byawaraxn--rny31hakodatexn--rovu88bentleyusuitatamotorsitestinglitchernihivgubs3-website-us-west-1xn--rros-graphicsxn--rskog-uuaxn--rst-0naturbruksgymnxn--rsta-framercanvasxn--rvc1e0am3exn--ryken-vuaxn--ryrvik-byawatahamaxn--s-1faitheshopwarezzoxn--s9brj9cntraniandriabarlettatraniandriaxn--sandnessjen-ogbentrendhostingliwiceu-3xn--sandy-yuaxn--sdtirol-n2axn--seral-lraxn--ses554gxn--sgne-graphoxn--4gbriminiserverxn--skierv-utazurestaticappspaceusercontentunkongsvingerxn--skjervy-v1axn--skjk-soaxn--sknit-yqaxn--sknland-fxaxn--slat-5navigationxn--slt-elabogadobeaemcloud-fr1xn--smla-hraxn--smna-gratangenxn--snase-nraxn--sndre-land-0cbeppublishproxyuufcfanirasakindependent-panelomonza-brianzaporizhzhedmarkarelianceu-4xn--snes-poaxn--snsa-roaxn--sr-aurdal-l8axn--sr-fron-q1axn--sr-odal-q1axn--sr-varanger-ggbeskidyn-ip24xn--srfold-byaxn--srreisa-q1axn--srum-gratis-a-bloggerxn--stfold-9xaxn--stjrdal-s1axn--stjrdalshalsen-sqbestbuyshoparenagasakikuchikuseihicampinashikiminohostfoldnavyuzawaxn--stre-toten-zcbetainaboxfuselfipartindependent-reviewegroweibolognagasukeu-north-1xn--t60b56axn--tckweddingxn--tiq49xqyjelenia-goraxn--tjme-hraxn--tn0agrocerydxn--tnsberg-q1axn--tor131oxn--trany-yuaxn--trentin-sd-tirol-rzbhzc66xn--trentin-sdtirol-7vbialystokkeymachineu-south-1xn--trentino-sd-tirol-c3bielawakuyachimataharanzanishiazaindielddanuorrindigenamerikawauevje-og-hornnes3-website-us-west-2xn--trentino-sdtirol-szbiella-speziaxn--trentinosd-tirol-rzbieszczadygeyachiyodaeguamfamscompute-1xn--trentinosdtirol-7vbievat-band-campaignieznoorstaplesakyotanabellunordeste-idclkarlsoyxn--trentinsd-tirol-6vbifukagawalbrzycharitydalomzaporizhzhiaxn--trentinsdtirol-nsbigv-infolkebiblegnicalvinklein-butterhcloudiscoursesalangenishigotpantheonsitexn--trgstad-r1axn--trna-woaxn--troms-zuaxn--tysvr-vraxn--uc0atventuresinstagingxn--uc0ay4axn--uist22hakonexn--uisz3gxn--unjrga-rtashkenturindalxn--unup4yxn--uuwu58axn--vads-jraxn--valle-aoste-ebbturystykaneyamazoexn--valle-d-aoste-ehboehringerikexn--valleaoste-e7axn--valledaoste-ebbvadsoccertmgreaterxn--vard-jraxn--vegrshei-c0axn--vermgensberater-ctb-hostingxn--vermgensberatung-pwbiharstadotsubetsugarulezajskiervaksdalondonetskarmoyxn--vestvgy-ixa6oxn--vg-yiabruzzombieidskogasawarackmazerbaijan-mayenbaidarmeniaxn--vgan-qoaxn--vgsy-qoa0jellybeanxn--vgu402coguchikuzenishiwakinvestmentsaveincloudyndns-at-workisboringsakershusrcfdyndns-blogsitexn--vhquvestfoldxn--vler-qoaxn--vre-eiker-k8axn--vrggt-xqadxn--vry-yla5gxn--vuq861bihoronobeokagakikugawalesundiscoverdalondrinaplesknsalon-1xn--w4r85el8fhu5dnraxn--w4rs40lxn--wcvs22dxn--wgbh1communexn--wgbl6axn--xhq521bikedaejeonbuk0xn--xkc2al3hye2axn--xkc2dl3a5ee0hakubackyardshiraois-a-greenxn--y9a3aquarelleasingxn--yer-znavois-very-badxn--yfro4i67oxn--ygarden-p1axn--ygbi2ammxn--4it168dxn--ystre-slidre-ujbiofficialorenskoglobodoes-itcouldbeworldishangrilamdongnairkitapps-audibleasecuritytacticsxn--0trq7p7nnishiharaxn--zbx025dxn--zf0ao64axn--zf0avxlxn--zfr164bipartsaloonishiizunazukindustriaxnbayernxz
\ No newline at end of file
+bolzano-altoadigevje-og-hornnes3-website-us-west-2bomlocustomer-ocienciabonavstackarasjoketokuyamashikokuchuobondigitaloceanspacesakurastoragextraspace-to-rentalstomakomaibarabonesakuratanishikatakazakindustriesteinkjerepbodynaliasnesoddeno-staginglobodoes-itcouldbeworfarsundiskussionsbereichateblobanazawarszawashtenawsapprunnerdpoliticaarparliamenthickarasuyamasoybookonlineboomladeskierniewiceboschristmasakilovecollegefantasyleaguedagestangebostik-serveronagasukeyword-oncillahppictetcieszynishikatsuragit-repostre-totendofinternet-dnsakurawebredirectmeiwamizawabostonakijinsekikogentlentapisa-geekaratsuginamikatagamimozaporizhzhegurinfinitigooglecode-builder-stg-buildereporthruhereclaimsakyotanabellunord-odalvdalcest-le-patron-k3salangenishikawazukamishihorobotdashgabadaddjabbotthuathienhuebouncemerckmsdscloudisrechtrafficplexus-4boutiquebecologialaichaugianglogowegroweibolognagasakikugawaltervistaikillondonetskarelianceboutireserve-onlineboyfriendoftheinternetflixn--11b4c3ditchyouriparmabozen-sudtirolondrinaplesknsalatrobeneventoeidsvollorenskogloomy-gatewaybozen-suedtirolovableprojectjeldsundivtasvuodnakamai-stagingloppennebplaceditorxn--12c1fe0bradescotaruinternationalovepoparochernihivgubamblebtimnetzjaworznotebook-fips3-fips-us-gov-east-1brandivttasvuotnakamuratajirintlon-2brasiliadboxoslodingenishimerabravendbarcelonagawakuyabukikiraragusabaerobatickets3-fips-us-gov-west-1bresciaogashimadachicappabianiceobridgestonebrindisiciliabroadwaybroke-itvedestrandixn--12cfi8ixb8lovesickarlsoybrokerevistathellebrothermesserlidlplfinancialpusercontentjmaxxxn--12co0c3b4evalleaostargets-itjomeldalucaniabrumunddaluccampobassociatesalon-1brusselsaloonishinomiyashironobryanskiervadsoccerhcloudyclusterbrynebweirbzhitomirumaintenanceclothingdustdatadetectoyouracngovtoystre-slidrettozawacnpyatigorskjakamaiedge-stagingreatercnsapporocntozsdeliverycodebergrayjayleaguesardegnarutoshimatta-varjjatranatalcodespotenzakopanecoffeedbackanagawatsonrendercommunity-prochowicecomockashiharacompanyantaishinomakimobetsulifestylefrakkestadurumisakindlegnicahcesuolohmusashimurayamaizuruhr-uni-bochuminamiechizenisshingucciminamifuranocomparemarkerryhotelsardiniacomputercomsecretrosnubarclays3-me-south-1condoshiibabymilk3conferenceconstructioniyodogawaconsuladobeio-static-accesscamdvrcampaniaconsultantranbyconsultingretakamoriokakudamatsuecontactivetrail-central-1contagematsubaracontractorstabacgiangiangryconvexecute-apictureshinordkappaviacookingrimstadynathomebuiltwithdarklangevagrarchitectestingripeeweeklylotterycooperativano-frankivskjervoyagecoprofesionalchikugodaddyn-o-saureadymadethis-a-anarchistjordalshalsenl-ams-1corsicafederationfabricable-modemoneycosenzamamidorivnecosidnsdojoburgriwataraindroppdalcouchpotatofriesarlcouncilcouponstackitagawacozoracpservernamegataitogodoesntexisteingeekashiwaracqcxn--1lqs71dyndns-at-homedepotrani-andria-barletta-trani-andriacrankyotobetsulubin-dsldyndns-at-workisboringsakershusrcfdyndns-blogsiteleaf-south-1crdyndns-freeboxosarpsborgroks-theatrentin-sud-tirolcreditcardyndns-homednsarufutsunomiyawakasaikaitakokonoecreditunioncremonasharis-a-bulls-fancrewp2cricketnedalcrimeast-kazakhstanangercrispawnextdirectraniandriabarlettatraniandriacrminamiiseharacrotonecrownipfizercrsasayamacruisesaseboknowsitallcryptonomichiharacuisinellamdongnairflowersassaris-a-candidatecuneocuritibackdropalermobarag-cloud-charitydalp1cutegirlfriendyndns-ipgwangjulvikashiwazakizunokuniminamiashigarafedoraprojectransiphdfcbankasserverrankoshigayakagefeirafembetsukubankasukabeautypedreamhosterscrapper-sitefermodalenferraraferraris-a-celticsfanferreroticallynxn--2scrj9cargoboavistanbulsan-sudtiroluhanskarmoyfetsundyndns-remotewdhlx3fgroundhandlingroznyfhvalerfilegear-sg-1filminamiminowafinalfinancefinnoyfirebaseapphilipscrappingrphonefosscryptedyndns-serverdalfirenetgamerscrysecuritytacticscwestus2firenzeaburfirestonefirmdaleilaocairportranslatedyndns-webhareidsbergroks-thisayamanobearalvahkikonaikawachinaganoharamcoachampionshiphoplixn--1qqw23afishingokasellfyresdalfitjarfitnessettsurugashimamurogawafjalerfkasumigaurayasudaflesbergrueflickragerotikagoshimandalflierneflirflogintohmangoldpoint2thisamitsukefloppymntransportefloraclegovcloudappservehttpbincheonflorencefloripadualstackasuyakumoduminamioguni5floristanohatakaharunservehumourfloromskoguidefinimalopolskanittedalfltransurlflutterflowhitesnowflakeflyfncarrdiyfndyndns-wikinkobayashimofusadojin-the-bandairlinemurorangecloudplatformshakotanpachihayaakasakawaharacingrondarfoolfor-ourfor-somedusajserveircasacampinagrandebulsan-suedtirolukowesleyfor-theaterfordebianforexrotheworkpccwhminamisanrikubetsupersaleksvikaszubytemarketingvollforgotdnserveminecraftrapanikkoelnforli-cesena-forlicesenaforlikescandypopensocialforsalesforceforsandasuoloisirservemp3fortalfosneservep2photographysiofotravelersinsurancefoxn--30rr7yfozfr-1fr-par-1fr-par-2franalytics-gatewayfredrikstadyndns-worksauheradyndns-mailfreedesktopazimuthaibinhphuocprapidyndns1freemyiphostyhostinguitarservepicservequakefreesitefreetlservesarcasmilefreightravinhlonganfrenchkisshikirovogradoyfreseniuservicebuskerudynnsaveincloudyndns-office-on-the-webflowtest-iservebloginlinefriuli-v-giuliarafriuli-ve-giuliafriuli-vegiuliafriuli-venezia-giuliafriuli-veneziagiuliafriuli-vgiuliafriuliv-giuliafriulive-giuliafriulivegiuliafriulivenezia-giuliafriuliveneziagiuliafriulivgiuliafrlfrogansevastopolitiendafrognfrolandynservebbsaves-the-whalessandria-trani-barletta-andriatranibarlettaandriafrom-akamaiorigin-stagingujaratmetacentruminamitanefrom-alfrom-arfrom-azureedgecompute-1from-caltanissettainaircraftraeumtgeradealstahaugesunderfrom-cockpitrdynuniversitysvardofrom-ctrentin-sudtirolfrom-dcasertaipeigersundnparsaltdaluroyfrom-decafjsevenassieradzfrom-flatangerfrom-gap-southeast-3from-higashiagatsumagoianiafrom-iafrom-idynv6from-ilfrom-in-vpncashorokanaiefrom-ksewhoswholidayfrom-kyfrom-langsonyatomigrationfrom-mangyshlakamaized-stagingujohanamakinoharafrom-mdynvpnplusavonarviikamisatokonamerikawauefrom-meetrentin-sued-tirolfrom-mihamadanangoguchilloutsystemscloudscalebookinghosteurodirfrom-mnfrom-modellingulenfrom-msexyfrom-mtnfrom-ncasinordeste-idclkarpaczest-a-la-maisondre-landray-dnsaludrayddns-ipartintuitjxn--1ck2e1barclaycards3-globalatinabelementorayomitanobservableusercontentateyamauth-fipstmninomiyakonojosoyrovnoticeableitungsenirasakibxos3-ca-central-180reggio-emilia-romagnaroyolasitebinordlandeus-canvasitebizenakanojogaszkolamericanfamilyds3-ap-south-12hparallelimodxboxeroxjavald-aostaticsxmitakeharaugustow-corp-staticblitzgorzeleccocotteatonamifunebetsuikirkenes3-ap-northeast-2ixn--0trq7p7nninjambylive-oninohekinanporovigonnakasatsunaibigawaukraanghkembuchikumagayagawakkanaibetsubame-central-123websitebuildersvp4from-ndyroyrvikingrongrossetouchijiwadedyn-berlincolnfrom-nefrom-nhlfanfrom-njsheezyfrom-nminamiuonumatsunofrom-nvalled-aostargithubusercontentrentin-suedtirolfrom-nysagamiharafrom-ohdancefrom-okegawafrom-orfrom-palmasfjordenfrom-pratohnoshookuwanakanotoddenfrom-ris-a-chefashionstorebaseljordyndns-picsbssaudafrom-schmidtre-gauldalfrom-sdfrom-tnfrom-txn--32vp30hachinoheavyfrom-utsiracusagemakerfrom-val-daostavalleyfrom-vtrentino-a-adigefrom-wafrom-wiardwebspaceconfigunmarnardalfrom-wvalledaostarnobrzeguovdageaidnunjargausdalfrom-wyfrosinonefrostalowa-wolawafroyal-commissionfruskydivingushikamifuranorth-kazakhstanfujiiderafujikawaguchikonefujiminokamoenairtelebitbucketrzynh-servebeero-stageiseiroutingthecloudfujinomiyadappnodearthainguyenfujiokazakiryuohkurafujisatoshoeshellfujisawafujishiroishidakabiratoridediboxafujitsuruokakamigaharafujiyoshidatsunanjoetsumidaklakasamatsudogadobeioruntimedicinakaiwanairforcentralus-1fukayabeagleboardfukuchiyamadattorelayfukudomigawafukuis-a-conservativefsnoasakakinokiafukumitsubishigakisarazure-apigeefukuokakegawafukuroishikariwakunigamiharuovatlassian-dev-builderfukusakishiwadattoweberlevagangaviikanonjis-a-cpanelfukuyamagatakahashimamakisofukushimaniwamannordre-landfunabashiriuchinadavvenjargamvikatowicefunagatakahatakaishimokawafunahashikamiamakusatsumasendaisenergyeonggiizefundfunkfeuerfunnelshimonitayanagitapphutholdingsmall-websozais-a-cubicle-slaveroykenfuoiskujukuriyamaoris-a-democratrentino-aadigefuosskodjeezfurubirafurudonordreisa-hockeynutwentertainmentrentino-alto-adigefurukawaiishoppingxn--3bst00minamiyamashirokawanabeepsondriobranconagarahkkeravjunusualpersonfusoctrangyeongnamdinhs-heilbronnoysundfussaikisosakitahatakamatsukawafutabayamaguchinomihachimanagementrentino-altoadigefutboldlygoingnowhere-for-more-og-romsdalfuttsurutashinairtrafficmanagerfuturecmshimonosekikawafuturehosting-clusterfuturemailingzfvghakuis-a-doctoruncontainershimotsukehakusandnessjoenhaldenhalfmoonscaleforcehalsaitamatsukuris-a-financialadvisor-aurdalham-radio-ophuyenhamburghammarfeastasiahamurakamigoris-a-fullstackaufentigerhanamigawahanawahandahandcraftedugit-pages-researchedmarketplacehangglidinghangoutrentino-s-tirolhannannestadhannoshiroomghanoiphxn--3ds443ghanyuzenhappoumuginowaniihamatamakawajimap-southeast-4hasamazoncognitoigawahasaminami-alpshimotsumahashbanghasudahasura-appigboatshinichinanhasvikautokeinotionhatenablogspotrentino-stirolhatenadiaryhatinhachiojiyachiyodazaifudaigojomedio-campidano-mediocampidanomediohatogayachtshinjournalistorfjordhatoyamazakitakatakanezawahatsukaichikawamisatohokkaidontexistmein-iservschulegalleryhattfjelldalhayashimamotobusells-for-lesshinjukuleuvenicehazuminobushibuyahabacninhbinhdinhktrentino-sud-tirolhelpgfoggiahelsinkitakyushunantankazohemneshinkamigotoyokawahemsedalhepforgeblockshinshinotsupplyhetemlbfanheyflowienhigashichichibuzzhigashihiroshimanehigashiizumozakitamihokksundhigashikagawahigashikagurasoedahigashikawakitaaikitamotosumy-routerhigashikurumegurownproviderhigashimatsushimarriottrentino-sudtirolhigashimatsuyamakitaakitadaitomanaustdalhigashimurayamamotorcycleshinshirohigashinarusells-for-uzhhorodhigashinehigashiomitamamurausukitanakagusukumodshintokushimahigashiosakasayamanakakogawahigashishirakawamatakaokalmykiahigashisumiyoshikawaminamiaikitashiobarahigashitsunospamproxyhigashiurawa-mazowszexposeducatorprojectrentino-sued-tirolhigashiyamatokoriyamanashijonawatehigashiyodogawahigashiyoshinogaris-a-geekazunotogawahippythonanywherealminanohiraizumisatokaizukaluganskddiamondshintomikasaharahirakatashinagawahiranais-a-goodyearhirarahiratsukagawahirayahikobeatshinyoshitomiokamisunagawahitachiomiyakehitachiotaketakarazukamaishimodatehitradinghjartdalhjelmelandholyhomegoodshiojirishirifujiedahomeipikehomelinuxn--3e0b707ehomesecuritymacaparecidahomesecuritypcateringebungotakadaptableclerc66116-balsfjordeltaiwanumatajimidsundeportebinatsukigatakahamalvik8s3-ap-northeast-3utilities-12charstadaokagakirunocelotenkawadlugolekadena4ufcfanimsiteasypanelblagrigentobishimafeloansncf-ipfstdlibestadultatarantoyonakagyokutoyonezawapartments3-ap-northeast-123webseiteckidsmynascloudfrontierimo-siemenscaledekaascolipicenoboribetsubsc-paywhirlimitedds3-accesspoint-fips3-ap-east-123miwebaccelastx4432-b-datacenterprisesakihokuizumoarekepnord-aurdalipaynow-dns-dynamic-dnsabruzzombieidskogasawarackmazerbaijan-mayenbaidarmeniajureggio-calabriaknoluoktagajoboji234lima-citychyattorneyagawafflecellclstagehirnayorobninsk123kotisivultrobjectselinogradimo-i-ranamizuhobby-siteaches-yogano-ip-ddnsgeekgalaxyzgierzgorakrehamnfshostrowwlkpnftstorage164-balsan-suedtirolillyokozeastus2000123paginawebadorsiteshikagamiishibechambagricoharugbydgoszczecin-addrammenuorogerscbgdyniaktyubinskaunicommuneustarostwodzislawdev-myqnapcloudflarecn-northwest-123sitewebcamauction-acornikonantotalimanowarudakunexus-2038homesenseeringhomeskleppilottottoris-a-greenhomeunixn--3hcrj9catfoodraydnsalvadorhondahonjyoitakasagonohejis-a-guruzshioyaltakkolobrzegersundongthapmircloudnshome-webservercelliguriahornindalhorsells-itrentino-suedtirolhorteneiheijis-a-hard-workershirahamatonbetsupportrentinoa-adigehospitalhotelwithflightshirakomaganehotmailhoyangerhoylandetakasakitaurahrsnillfjordhungyenhurdalhurumajis-a-hunterhyllestadhyogoris-a-knightpointtokashikitchenhypernodessaitokamachippubetsubetsugaruhyugawarahyundaiwafuneis-uberleetrentinoaltoadigeis-very-badis-very-evillasalleirvikharkovallee-d-aosteis-very-goodis-very-niceis-very-sweetpepperugiais-with-thebandoomdnsiskinkyowariasahikawaisk01isk02jellybeanjenv-arubahcavuotnagahamaroygardenflfanjeonnamsosnowiecaxiaskoyabenoopssejny-1jetztrentinos-tiroljevnakerjewelryjlljls-sto1jls-sto2jls-sto365jmpioneerjnjcloud-ver-jpcatholicurus-3joyentrentinostiroljoyokaichibahccavuotnagaivuotnagaokakyotambabybluebitemasekd1jozis-a-llamashikiwakuratejpmorgangwonjpnjprshoujis-a-musiciankoseis-a-painterhostsolutionshiraokamitsuekosheroykoshimizumakis-a-patsfankoshugheshwiiheyahoooshikamagayaitakashimarshallstatebankhplaystation-cloudsitekosugekotohiradomainsurealtypo3serverkotourakouhokumakogenkounosunnydaykouyamatlabcn-north-1kouzushimatrixn--41akozagawakozakis-a-personaltrainerkozowilliamhillkppspdnsigdalkrasnikahokutokyotangopocznore-og-uvdalkrasnodarkredumbrellapykrelliankristiansandcatsiiitesilklabudhabikinokawabajddarqhachirogatakanabeardubaioiraseekatsushikabedzin-brb-hostingkristiansundkrodsheradkrokstadelvaldaostavangerkropyvnytskyis-a-photographerokuappinkfh-muensterkrymisasaguris-a-playershiftrentinoaadigekumamotoyamatsumaebashimogosenkumanowtvalleedaostekumatorinokumejimatsumotofukekumenanyokkaichirurgiens-dentistes-en-francekundenkunisakis-a-republicanonoichinosekigaharakunitachiaraisaijorpelandkunitomigusukukis-a-rockstarachowicekunneppubtlsimple-urlkuokgroupiwatekurgankurobeebyteappleykurogiminamiawajikis-a-socialistockholmestrandkuroisodegaurakuromatsunais-a-soxfankuronkurotakikawasakis-a-studentalkushirogawakustanais-a-teacherkassyncloudkusupabaseminekutchanelkutnokuzumakis-a-techietis-a-liberalkvafjordkvalsundkvamfamplifyappchizip6kvanangenkvinesdalkvinnheradkviteseidatingkvitsoykwpspectrumisawamjondalenmonza-brianzapposirdalmonza-e-della-brianzaptonsbergmonzabrianzaramonzaebrianzamonzaedellabrianzamordoviamorenapolicemoriyamatsushigemoriyoshiminamibosoftwarendalenugmormonstermoroyamatsuuramortgagemoscowinbarrel-of-knowledgekey-stagingjerstadigickaracolognemrstudio-prodoyonagoyauthgearapps-1and1moseushimoichikuzenmosjoenmoskenesiskomakis-a-therapistoiamosslupskmpspbaremetalpha-myqnapcloudaccess3-sa-east-1mosviknx-serversicherungmotegirlymoviemovimientoolslzmtrainingmuikamiokameokameyamatotakadamukodairamunakatanemuosattemupixolinodeusercontentrentinosud-tirolmurmanskomatsushimasudamurotorcraftrentinosudtirolmusashinodesakatakayamatsuzakis-an-accountantshiratakahagiangmuseumisconfusedmusicanthoboleslawiecommerce-shopitsitevaksdalmutsuzawamutualmy-vigormy-wanggoupilemyactivedirectorymyaddrangedalmyamazeplaymyasustor-elvdalmycloudnasushiobaramydattolocalcertrentinosued-tirolmydbservermyddnskingmydissentrentinosuedtirolmydnsmolaquilarvikomforbargainstitutemp-dnswatches3-us-east-2mydobissmarterthanyoumydrobofageorgeorgiamydsmushcdn77-securecipescaracalculatorskenmyeffectrentinsud-tirolmyfastly-edgemyfirewalledreplittlestargardmyforumishimatsusakahoginozawaonsennanmokurennebuyshousesimplesitemyfritzmyftpaccessojampanasonichernovtsydneymyhome-servermyjinomykolaivencloud66mymailermymediapchiryukyuragifuchungbukharanzanishinoomotegoismailillehammerfeste-ipartsamegawamynetnamegawamyokohamamatsudamypepizzamypetsokananiimilanoticiassurfastly-terrariuminamiizukaminoyamaxunison-servicesaxomyphotoshibalena-devicesokndalmypiemontemypsxn--42c2d9amyrdbxn--45br5cylmysecuritycamerakermyshopblocksolardalmyshopifymyspreadshopselectrentinsudtirolmytabitordermythic-beastsolundbeckommunalforbundmytis-a-bloggermytuleap-partnersomamyvnchitachinakagawassamukawatarittogitsuldalutskartuzymywirebungoonoplurinacionalpmnpodhalepodlasiellakdnepropetrovskanlandpodzonepohlpoivronpokerpokrovskomonotteroypolkowicepoltavalle-aostavernpolyspacepomorzeszowindowsserveftplatter-appkommuneponpesaro-urbino-pesarourbinopesaromasvuotnaritakurashikis-an-actresshishikuis-a-libertarianpordenonepornporsangerporsangugeporsgrunnanpoznanpraxihuanprdprereleaseoullensakerprgmrprimetelprincipenzaprivatelinkyard-cloudletsomnarvikomorotsukaminokawanishiaizubangeprivatizehealthinsuranceprogressivegarsheiyufueliv-dnsoowinepromoliserniapropertysnesopotrentinsued-tirolprotectionprotonetrentinsuedtirolprudentialpruszkowinnersor-odalprvcyprzeworskogpunyukis-an-anarchistoloseyouripinokofuefukihabororoshisogndalpupulawypussycatanzarowiosor-varangerpvhackerpvtrentoyosatoyookaneyamazoepwchitosetogliattipsamnangerpzqotoyohashimotoyakokamimineqponiatowadaqslgbtrevisognequalifioapplatterpl-wawsappspacehostedpicardquangngais-an-artistordalquangninhthuanquangtritonoshonais-an-engineeringquickconnectroandindependent-inquest-a-la-masionquicksytesorfoldquipelementsorocabalestrandabergamochizukijobservablehqldquizzesorreisahayakawakamiichinomiyagithubpreviewskrakowitdkontoguraswinoujscienceswissphinxn--45brj9chonanbunkyonanaoshimaringatlanbibaiduckdnsamparachutinglugsjcbnpparibashkiriasyno-dspjelkavikongsbergsynology-diskstationsynology-dspockongsvingertushungrytuvalle-daostaobaolbia-tempio-olbiatempioolbialowiezaganquangnamasteigenoamishirasatochigiftsrhtrogstadtuxfamilytuyenquangbinhthuantwmailvegasrlvelvetromsohuissier-justiceventurestaurantrustkanieruchomoscientistoripresspydebergvestfoldvestnesrvaomoriguchiharaffleentrycloudflare-ipfsortlandvestre-slidrecreationvestre-totennishiawakuravestvagoyvevelstadvfstreakusercontentroitskoninfernovecorealtorvibo-valentiavibovalentiavideovinhphuchoshichikashukudoyamakeupartysfjordrivelandrobakamaihd-stagingmbhartinnishinoshimattelemarkhangelskaruizawavinnicapitalonevinnytsiavipsinaapplockervirginankokubunjis-byklecznagatorokunohealth-carereformincommbankhakassiavirtual-uservecounterstrikevirtualservervirtualuserveexchangevisakuholeckobierzyceviterboliviajessheimperiavivianvivoryvixn--45q11chowdervlaanderennesoyvladikavkazimierz-dolnyvladimirvlogisticstreamlitapplcube-serversusakis-an-actorvmitourismartlabelingvolvologdanskontumintshowavolyngdalvoorlopervossevangenvotevotingvotoyotap-southeast-5vps-hostreaklinkstrippervusercontentrvaporcloudwiwatsukiyonotairesindevicenzaokinawashirosatochiokinoshimagazinewixsitewixstudio-fipstrynwjgorawkzwloclawekonyvelolipopmcdirwmcloudwmelhustudynamisches-dnsorumisugitomobegetmyipifony-2wmflabstuff-4-salewoodsidell-ogliastrapiapplinzis-certifiedworldworse-thanhphohochiminhadanorthflankatsuyamassa-carrara-massacarraramassabunzenwowithgoogleapiszwpdevcloudwpenginepoweredwphostedmailwpmucdn77-sslingwpmudevelopmentrysiljanewaywpsquaredwritesthisblogoiplumbingotpantheonsitewroclawsglobalacceleratorahimeshimakanegasakievennodebalancernwtcp4wtfastlylbarefootballooningjerdrumemergencyonabarumemorialivornobservereitatsunofficialolitapunkapsienamsskoganeindependent-panelombardiademfakefurniturealestatefarmerseinemrnotebooks-prodeomniwebthings3-object-lambdauthgear-stagingivestbyglandroverhallair-traffic-controllagdenesnaaseinet-freaks3-deprecatedgcagliarissadistgstagempresashibetsukuiitatebayashikaoirmembers3-eu-central-1kapp-ionosegawafaicloudineat-urlive-websitehimejibmdevinapps3-ap-southeast-1337wuozuerichardlillesandefjordwwwithyoutuberspacewzmiuwajimaxn--4it797koobindalxn--4pvxs4allxn--54b7fta0cchromediatechnologyeongbukarumaifmemsetkmaxxn--1ctwolominamatarpitksatmalluxenishiokoppegardrrxn--55qw42gxn--55qx5dxn--5dbhl8dxn--5js045dxn--5rtp49chungnamdalseidfjordtvsangotsukitahiroshimarcherkasykkylvenneslaskerrypropertiesanjotelulublindesnesannanishitosashimizunaminamidaitolgaularavellinodeobjectsannoheliohostrodawaraxn--5rtq34kooris-a-nascarfanxn--5su34j936bgsgxn--5tzm5gxn--6btw5axn--6frz82gxn--6orx2rxn--6qq986b3xlxn--7t0a264churchaselfipirangallupsunappgafanishiwakinuyamashinazawaxn--80aaa0cvacationstufftoread-booksnesoundcastreak-linkomvuxn--3pxu8khmelnitskiyamassivegridxn--80adxhksurnadalxn--80ao21axn--80aqecdr1axn--80asehdbarrell-of-knowledgesuite-stagingjesdalombardyn-vpndns3-us-gov-east-1xn--80aswgxn--80audnedalnxn--8dbq2axn--8ltr62kopervikhmelnytskyivalleeaostexn--8pvr4uxn--8y0a063axn--90a1affinitylotterybnikeisencoreapiacenzachpomorskiengiangxn--90a3academiamibubbleappspotagerxn--90aeroportsinfolkebibleasingrok-freeddnsfreebox-osascoli-picenogatachikawakayamadridvagsoyerxn--90aishobaraoxn--90amckinseyxn--90azhytomyradweblikes-piedmontuckerxn--9dbq2axn--9et52uxn--9krt00axn--andy-iraxn--aroport-byameloyxn--asky-iraxn--aurskog-hland-jnbarsycenterprisecloudbeesusercontentattoolforgerockyonagunicloudiscordsays3-us-gov-west-1xn--avery-yuasakuragawaxn--b-5gaxn--b4w605ferdxn--balsan-sdtirol-nsbarsyonlinequipmentaveusercontentawktoyonomurauthordalandroidienbienishiazaiiyamanouchikujolsterehabmereisenishigotembaixadavvesiidaknongivingjemnes3-eu-north-1xn--bck1b9a5dre4ciprianiigatairaumalatvuopmicrosoftbankasaokamikoaniikappudopaaskvollocaltonetlifyinvestmentsanokashibatakatsukiyosembokutamakiyosunndaluxuryxn--bdddj-mrabdxn--bearalvhki-y4axn--berlevg-jxaxn--bhcavuotna-s4axn--bhccavuotna-k7axn--bidr-5nachikatsuuraxn--bievt-0qa2hosted-by-previderxn--bjarky-fyanagawaxn--bjddar-ptarumizusawaxn--blt-elabkhaziamallamaceiobbcircleaningmodelscapetownnews-stagingmxn--1lqs03nissandoyxn--bmlo-grafana-developerauniterois-coolblogdnshisuifuettertdasnetzxn--bod-2naturalxn--bozen-sdtirol-2obihirosakikamijimayfirstorjdevcloudjiffyxn--brnny-wuacademy-firewall-gatewayxn--brnnysund-m8accident-investigation-aptibleadpagespeedmobilizeropslattumbriaxn--brum-voagatulaspeziaxn--btsfjord-9zaxn--bulsan-sdtirol-nsbasicserver-on-webpaaskimitsubatamicrolightingjovikaragandautoscanaryggeemrappui-productions3-eu-west-1xn--c1avgxn--c2br7gxn--c3s14mitoyoakexn--cck2b3basilicataniavocats3-eu-west-2xn--cckwcxetdxn--cesena-forl-mcbremangerxn--cesenaforl-i8axn--cg4bkis-foundationxn--ciqpnxn--clchc0ea0b2g2a9gcdn77-storagencymrulezajskiptveterinaireadthedocs-hostedogawarabikomaezakishimabarakawagoexn--czr694basketballfinanzlgkpmglassessments3-us-west-1xn--czrs0t0xn--czru2dxn--d1acj3batsfjordiscordsezpisdnipropetrovskygearapparasiteu-2xn--d1alfastvps-serverisignxn--d1atunesquaresinstagingxn--d5qv7z876ciscofreakadns-cloudflareglobalashovhachijoinvilleirfjorduponthewifidelitypeformesswithdnsantamariakexn--davvenjrga-y4axn--djrs72d6uyxn--djty4koryokamikawanehonbetsuwanouchikuhokuryugasakis-a-nursellsyourhomeftpinbrowsersafetymarketshiraois-a-landscaperspectakasugais-a-lawyerxn--dnna-graingerxn--drbak-wuaxn--dyry-iraxn--e1a4cistrondheimeteorappassenger-associationissayokoshibahikariyalibabacloudcsantoandrecifedexperts-comptablesanukinzais-a-bruinsfanissedalvivanovoldaxn--eckvdtc9dxn--efvn9surveysowaxn--efvy88hadselbuzentsujiiexn--ehqz56nxn--elqq16haebaruericssongdalenviknakatombetsumitakagildeskaliszxn--eveni-0qa01gaxn--f6qx53axn--fct429kosaigawaxn--fhbeiarnxn--finny-yuaxn--fiq228c5hsbcitadelhichisochimkentmpatriaxn--fiq64bauhauspostman-echofunatoriginstances3-us-west-2xn--fiqs8susonoxn--fiqz9suzakarpattiaaxn--fjord-lraxn--fjq720axn--fl-ziaxn--flor-jraxn--flw351exn--forl-cesena-fcbentleyoriikarasjohkamikitayamatsurindependent-review-credentialless-staticblitzw-staticblitzxn--forlcesena-c8axn--fpcrj9c3dxn--frde-grajewolterskluwerxn--frna-woaxn--frya-hraxn--fzc2c9e2citicaravanylvenetogakushimotoganexn--fzys8d69uvgmailxn--g2xx48civilaviationionjukujitawaravennaharimalborkdalxn--gckr3f0fauskedsmokorsetagayaseralingenovaraxn--gecrj9clancasterxn--ggaviika-8ya47hagakhanhhoabinhduongxn--gildeskl-g0axn--givuotna-8yanaizuxn--gjvik-wuaxn--gk3at1exn--gls-elacaixaxn--gmq050is-gonexn--gmqw5axn--gnstigbestellen-zvbentrendhostingleezeu-3xn--gnstigliefern-wobiraxn--h-2failxn--h1ahnxn--h1alizxn--h2breg3evenesuzukanazawaxn--h2brj9c8cldmail-boxfuseljeducationporterxn--h3cuzk1dielddanuorris-into-animein-vigorlicexn--hbmer-xqaxn--hcesuolo-7ya35beppublic-inquiryoshiokanumazuryurihonjouwwebhoptokigawavoues3-eu-west-3xn--hebda8beskidyn-ip24xn--hery-iraxn--hgebostad-g3axn--hkkinen-5waxn--hmmrfeasta-s4accident-prevention-fleeklogesquare7xn--hnefoss-q1axn--hobl-iraxn--holtlen-hxaxn--hpmir-xqaxn--hxt814exn--hyanger-q1axn--hylandet-54axn--i1b6b1a6a2exn--imr513nxn--indery-fyandexcloudxn--io0a7is-into-carshitaramaxn--j1adpdnsupdaterxn--j1aefbsbxn--2m4a15exn--j1ael8bestbuyshoparenagareyamagentositenrikuzentakataharaholtalengerdalwaysdatabaseballangenkainanaejrietiengiangheannakadomarineen-rootaribeiraogakicks-assnasaarlandiscountry-snowplowiczeladzxn--j1amhagebostadxn--j6w193gxn--jlq480n2rgxn--jlster-byaotsurgeryxn--jrpeland-54axn--jvr189mittwaldserverxn--k7yn95exn--karmy-yuaxn--kbrq7oxn--kcrx77d1x4axn--kfjord-iuaxn--klbu-woaxn--klt787dxn--kltp7dxn--kltx9axn--klty5xn--4dbgdty6choyodobashichinohealthcareersamsclubartowest1-usamsungminakamichikaiseiyoichipsandvikcoromantovalle-d-aostakinouexn--koluokta-7ya57haibarakitakamiizumisanofidonnakaniikawatanaguraxn--kprw13dxn--kpry57dxn--kput3is-into-cartoonshizukuishimojis-a-linux-useranishiaritabashikshacknetlibp2pimientaketomisatourshiranukamitondabayashiogamagoriziaxn--krager-gyasakaiminatoyotomiyazakis-into-gamessinaklodzkochikushinonsenasakuchinotsuchiurakawaxn--kranghke-b0axn--krdsherad-m8axn--krehamn-dxaxn--krjohka-hwab49jdfirmalselveruminisitexn--ksnes-uuaxn--kvfjord-nxaxn--kvitsy-fyasugitlabbvieeexn--kvnangen-k0axn--l-1fairwindsuzukis-an-entertainerxn--l1accentureklamborghinikolaeventsvalbardunloppadoval-d-aosta-valleyxn--laheadju-7yasuokannamimatakatoris-leetrentinoalto-adigexn--langevg-jxaxn--lcvr32dxn--ldingen-q1axn--leagaviika-52bhzc01xn--lesund-huaxn--lgbbat1ad8jejuxn--lgrd-poacctfcloudflareanycastcgroupowiat-band-campaignoredstonedre-eikerxn--lhppi-xqaxn--linds-pramericanexpresservegame-serverxn--loabt-0qaxn--lrdal-sraxn--lrenskog-54axn--lt-liaclerkstagentsaobernardovre-eikerxn--lten-granexn--lury-iraxn--m3ch0j3axn--mely-iraxn--merker-kuaxn--mgb2ddesvchoseikarugalsacexn--mgb9awbfbx-oschokokekscholarshipschoolbusinessebytomaridagawarmiastapleschoolsztynsetranoyxn--mgba3a3ejtunkonsulatinowruzhgorodxn--mgba3a4f16axn--mgba3a4fra1-dellogliastraderxn--mgba7c0bbn0axn--mgbaam7a8haiduongxn--mgbab2bdxn--mgbah1a3hjkrdxn--mgbai9a5eva00bialystokkeymachineu-4xn--mgbai9azgqp6jelasticbeanstalkhersonlanxesshizuokamogawaxn--mgbayh7gparaglidingxn--mgbbh1a71exn--mgbc0a9azcgxn--mgbca7dzdoxn--mgbcpq6gpa1axn--mgberp4a5d4a87gxn--mgberp4a5d4arxn--mgbgu82axn--mgbi4ecexperimentsveioxn--mgbpl2fhskypecoris-localhostcertificationxn--mgbqly7c0a67fbclever-clouderavpagexn--mgbqly7cvafricapooguyxn--mgbt3dhdxn--mgbtf8fldrvareservdxn--mgbtx2bielawalbrzycharternopilawalesundiscourses3-website-ap-northeast-1xn--mgbx4cd0abogadobeaemcloud-ip-dynamica-west-1xn--mix082fbxoschulplattforminamimakis-a-catererxn--mix891fedjeepharmacienschulserverxn--mjndalen-64axn--mk0axindependent-inquiryxn--mk1bu44cleverappsaogoncanva-appsaotomelbournexn--mkru45is-lostrolekamakurazakiwielunnerxn--mlatvuopmi-s4axn--mli-tlavagiskexn--mlselv-iuaxn--moreke-juaxn--mori-qsakurais-not-axn--mosjen-eyatsukanoyaizuwakamatsubushikusakadogawaxn--mot-tlavangenxn--mre-og-romsdal-qqbuservebolturindalxn--msy-ula0haiphongolffanshimosuwalkis-a-designerxn--mtta-vrjjat-k7aflakstadotsurugimbiella-speziaxarnetbankanzakiyosatokorozawaustevollpagest-mon-blogueurovision-ranchernigovernmentdllivingitpagemprendeatnuh-ohtawaramotoineppueblockbusterniizaustrheimdbambinagisobetsucks3-ap-southeast-2xn--muost-0qaxn--mxtq1miuraxn--ngbc5azdxn--ngbe9e0axn--ngbrxn--4dbrk0cexn--nit225kosakaerodromegalloabatobamaceratabusebastopoleangaviikafjordxn--nmesjevuemie-tcbalsan-sudtirolkuszczytnord-fron-riopretodayxn--nnx388axn--nodeloittexn--nqv7fs00emaxn--nry-yla5gxn--ntso0iqx3axn--ntsq17gxn--nttery-byaeservehalflifeinsurancexn--nvuotna-hwaxn--nyqy26axn--o1achernivtsicilyxn--o3cw4hair-surveillancexn--o3cyx2axn--od0algardxn--od0aq3bielskoczoweddinglitcheap-south-2xn--ogbpf8flekkefjordxn--oppegrd-ixaxn--ostery-fyatsushiroxn--osyro-wuaxn--otu796dxn--p1acfolksvelvikonskowolayangroupippugliaxn--p1ais-not-certifiedxn--pgbs0dhakatanortonkotsumomodenakatsugawaxn--porsgu-sta26fedorainfracloudfunctionschwarzgwesteuropencraftransfer-webappharmacyou2-localplayerxn--pssu33lxn--pssy2uxn--q7ce6axn--q9jyb4clickrisinglesjaguarvodkagaminombrendlyngenebakkeshibukawakeliwebhostingouv0xn--qcka1pmcprequalifymeinforumzxn--qqqt11miyazure-mobilevangerxn--qxa6axn--qxamiyotamanoxn--rady-iraxn--rdal-poaxn--rde-ulazioxn--rdy-0nabaris-savedxn--rennesy-v1axn--rhkkervju-01afedorapeopleikangerxn--rholt-mragowoltlab-democraciaxn--rhqv96gxn--rht27zxn--rht3dxn--rht61exn--risa-5naturbruksgymnxn--risr-iraxn--rland-uuaxn--rlingen-mxaxn--rmskog-byawaraxn--rny31hakodatexn--rovu88bieszczadygeyachimataijinderoyusuharazurefdietateshinanomachintaifun-dnsaliases121xn--rros-granvindafjordxn--rskog-uuaxn--rst-0navigationxn--rsta-framercanvasvn-repospeedpartnerxn--rvc1e0am3exn--ryken-vuaxn--ryrvik-byawatahamaxn--s-1faitheshopwarezzoxn--s9brj9clientoyotsukaidownloadurbanamexnetfylkesbiblackbaudcdn-edgestackhero-networkinggroupperxn--sandnessjen-ogbizxn--sandy-yuaxn--sdtirol-n2axn--seral-lraxn--ses554gxn--sgne-graphicswidnicaobangxn--skierv-utazurecontainerimamateramombetsupplieswidnikitagatamayukuhashimokitayamaxn--skjervy-v1axn--skjk-soaxn--sknit-yqaxn--sknland-fxaxn--slat-5navoizumizakis-slickharkivallee-aosteroyxn--slt-elabievathletajimabaria-vungtaudiopsys3-website-ap-southeast-1xn--smla-hraxn--smna-gratangenxn--snase-nraxn--sndre-land-0cbifukagawalmartaxiijimarugame-hostrowieconomiasagaeroclubmedecin-berlindasdaeguambulancechireadmyblogsytecnologiazurestaticappspaceusercontentproxy9guacuiababia-goraclecloudappschaefflereggiocalabriaurland-4-salernooreggioemiliaromagnarusawaurskog-holandinggff5xn--snes-poaxn--snsa-roaxn--sr-aurdal-l8axn--sr-fron-q1axn--sr-odal-q1axn--sr-varanger-ggbigv-infolldalomoldegreeu-central-2xn--srfold-byaxn--srreisa-q1axn--srum-gratis-a-bookkeepermashikexn--stfold-9xaxn--stjrdal-s1axn--stjrdalshalsen-sqbiharvanedgeappengineu-south-1xn--stre-toten-zcbihoronobeokayamagasakikuchikuseihicampinashikiminohostfoldiscoverbaniazurewebsitests3-external-1xn--t60b56axn--tckwebview-assetswiebodzindependent-commissionxn--tiq49xqyjelenia-goraxn--tjme-hraxn--tn0agrocerydxn--tnsberg-q1axn--tor131oxn--trany-yuaxn--trentin-sd-tirol-rzbikedaejeonbuk0emmafann-arborlandd-dnsfor-better-thanhhoarairkitapps-audiblebesbyencowayokosukanraetnaamesjevuemielnogiehtavuoatnabudejjuniper2-ddnss3-123minsidaarborteamsterdamnserverseating-organicbcg123homepagexl-o-g-i-navyokote123hjemmesidealerdalaheadjuegoshikibichuo0o0g0xn--trentin-sdtirol-7vbiomutazas3-website-ap-southeast-2xn--trentino-sd-tirol-c3birkenesoddtangentapps3-website-eu-west-1xn--trentino-sdtirol-szbittermezproxyusuitatamotors3-website-sa-east-1xn--trentinosd-tirol-rzbjarkoyuullensvanguardisharparisor-fronishiharaxn--trentinosdtirol-7vbjerkreimmobilieniwaizumiotsukumiyamazonaws-cloud9xn--trentinsd-tirol-6vbjugnieznorddalomzaporizhzhiaxn--trentinsdtirol-nsblackfridaynightayninhaccalvinklein-butterepairbusanagochigasakindigenakayamarumorimachidaxn--trgstad-r1axn--trna-woaxn--troms-zuaxn--tysvr-vraxn--uc0atvarggatromsakegawaxn--uc0ay4axn--uist22hakonexn--uisz3gxn--unjrga-rtashkenturystykanmakiyokawaraxn--unup4yxn--uuwu58axn--vads-jraxn--valle-aoste-ebbtuscanyxn--valle-d-aoste-ehboehringerikerxn--valleaoste-e7axn--valledaoste-ebbvaapstempurlxn--vard-jraxn--vegrshei-c0axn--vermgensberater-ctb-hostingxn--vermgensberatung-pwbloombergentingliwiceu-south-2xn--vestvgy-ixa6oxn--vg-yiablushangrilaakesvuemieleccevervaultgoryuzawaxn--vgan-qoaxn--vgsy-qoa0j0xn--vgu402clinicarbonia-iglesias-carboniaiglesiascarboniaxn--vhquvaroyxn--vler-qoaxn--vre-eiker-k8axn--vrggt-xqadxn--vry-yla5gxn--vuq861bmoattachments3-website-us-east-1xn--w4r85el8fhu5dnraxn--w4rs40lxn--wcvs22dxn--wgbh1cliniquenoharaxn--wgbl6axn--xhq521bms3-website-us-gov-west-1xn--xkc2al3hye2axn--xkc2dl3a5ee0hakubaclieu-1xn--y9a3aquarelleborkangerxn--yer-znavuotnarashinoharaxn--yfro4i67oxn--ygarden-p1axn--ygbi2ammxn--4gbriminiserverxn--ystre-slidre-ujbmwcloudnonproddaemongolianishiizunazukindustriaxn--zbx025dxn--zf0avxn--4it168dxn--zfr164bnrweatherchannelsdvrdns3-website-us-west-1xnbayernxz
\ No newline at end of file
diff --git a/vendor/golang.org/x/net/publicsuffix/list.go b/vendor/golang.org/x/net/publicsuffix/list.go
index 56069d042..047cb30eb 100644
--- a/vendor/golang.org/x/net/publicsuffix/list.go
+++ b/vendor/golang.org/x/net/publicsuffix/list.go
@@ -77,7 +77,7 @@ func (list) String() string {
 // privately managed domain (and in practice, not a top level domain) or an
 // unmanaged top level domain (and not explicitly mentioned in the
 // publicsuffix.org list). For example, "foo.org" and "foo.co.uk" are ICANN
-// domains, "foo.dyndns.org" and "foo.blogspot.co.uk" are private domains and
+// domains, "foo.dyndns.org" is a private domain and
 // "cromulent" is an unmanaged top level domain.
 //
 // Use cases for distinguishing ICANN domains like "foo.com" from private
diff --git a/vendor/golang.org/x/net/publicsuffix/table.go b/vendor/golang.org/x/net/publicsuffix/table.go
index 78d400fa6..0fadf9527 100644
--- a/vendor/golang.org/x/net/publicsuffix/table.go
+++ b/vendor/golang.org/x/net/publicsuffix/table.go
@@ -4,7 +4,7 @@ package publicsuffix
 
 import _ "embed"
 
-const version = "publicsuffix.org's public_suffix_list.dat, git revision 63cbc63d470d7b52c35266aa96c4c98c96ec499c (2023-08-03T10:01:25Z)"
+const version = "publicsuffix.org's public_suffix_list.dat, git revision 2c960dac3d39ba521eb5db9da192968f5be0aded (2025-03-18T07:22:13Z)"
 
 const (
 	nodesBits           = 40
@@ -26,7 +26,7 @@ const (
 )
 
 // numTLD is the number of top level domains.
-const numTLD = 1474
+const numTLD = 1454
 
 // text is the combined text of all labels.
 //
@@ -63,8 +63,8 @@ var nodes uint40String
 //go:embed data/children
 var children uint32String
 
-// max children 743 (capacity 1023)
-// max text offset 30876 (capacity 65535)
+// max children 870 (capacity 1023)
+// max text offset 31785 (capacity 65535)
 // max text length 31 (capacity 63)
-// max hi 9322 (capacity 16383)
-// max lo 9317 (capacity 16383)
+// max hi 10100 (capacity 16383)
+// max lo 10095 (capacity 16383)
diff --git a/vendor/modules.txt b/vendor/modules.txt
index 3acec9ac2..a6317e4d9 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -391,8 +391,8 @@ github.com/gabriel-vasile/mimetype
 github.com/gabriel-vasile/mimetype/internal/charset
 github.com/gabriel-vasile/mimetype/internal/json
 github.com/gabriel-vasile/mimetype/internal/magic
-# github.com/gin-contrib/cors v1.7.3
-## explicit; go 1.21.0
+# github.com/gin-contrib/cors v1.7.4
+## explicit; go 1.23.0
 github.com/gin-contrib/cors
 # github.com/gin-contrib/gzip v1.2.2
 ## explicit; go 1.21.0
@@ -791,7 +791,7 @@ github.com/spf13/cobra
 # github.com/spf13/pflag v1.0.6
 ## explicit; go 1.12
 github.com/spf13/pflag
-# github.com/spf13/viper v1.20.0
+# github.com/spf13/viper v1.20.1
 ## explicit; go 1.21.0
 github.com/spf13/viper
 github.com/spf13/viper/internal/encoding/dotenv
@@ -808,7 +808,7 @@ github.com/stretchr/testify/suite
 # github.com/subosito/gotenv v1.6.0
 ## explicit; go 1.18
 github.com/subosito/gotenv
-# github.com/tdewolff/minify/v2 v2.22.3
+# github.com/tdewolff/minify/v2 v2.22.4
 ## explicit; go 1.23.0
 github.com/tdewolff/minify/v2
 github.com/tdewolff/minify/v2/html
@@ -1079,7 +1079,7 @@ golang.org/x/image/webp
 golang.org/x/mod/internal/lazyregexp
 golang.org/x/mod/module
 golang.org/x/mod/semver
-# golang.org/x/net v0.37.0
+# golang.org/x/net v0.38.0
 ## explicit; go 1.23.0
 golang.org/x/net/bpf
 golang.org/x/net/context

From 57c5f68e1a6182c0fa476359742d15182f0a95cb Mon Sep 17 00:00:00 2001
From: tobi <31960611+tsmethurst@users.noreply.github.com>
Date: Wed, 2 Apr 2025 12:39:38 +0200
Subject: [PATCH 04/15] [bugfix] Fix update users query in migration (#3963)

---
 .../migrations/20250310144102_application_management.go      | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/internal/db/bundb/migrations/20250310144102_application_management.go b/internal/db/bundb/migrations/20250310144102_application_management.go
index 46ff9926b..e20cd2921 100644
--- a/internal/db/bundb/migrations/20250310144102_application_management.go
+++ b/internal/db/bundb/migrations/20250310144102_application_management.go
@@ -81,12 +81,13 @@ func init() {
 				return err
 			}
 
-			// Set instance app
-			// ID on all users.
+			// Set instance app ID on
+			// users where it's null.
 			if _, err := tx.
 				NewUpdate().
 				Table("users").
 				Set("? = ?", bun.Ident("created_by_application_id"), instanceAppID).
+				Where("? IS NULL", bun.Ident("created_by_application_id")).
 				Exec(ctx); err != nil {
 				return err
 			}

From 6473886c8e4c713a6f5686e289985a0ebf3e9a82 Mon Sep 17 00:00:00 2001
From: Kelson Vibber <kelson@pobox.com>
Date: Thu, 3 Apr 2025 00:43:21 -0700
Subject: [PATCH 05/15] [bugfix] Fix Atkinson Hyperlegible font embedding on
 Ecks Pee theme. (#3964)

Most browsers just take the second src line and they're fine, but Tor
has trouble displaying the woff version on Linux. With two separate lines
it doesn't fall back correctly.
---
 web/assets/themes/ecks-pee.css | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/web/assets/themes/ecks-pee.css b/web/assets/themes/ecks-pee.css
index f474f800c..a85e5da0b 100644
--- a/web/assets/themes/ecks-pee.css
+++ b/web/assets/themes/ecks-pee.css
@@ -93,29 +93,29 @@
   font-family: "Atkinson Hyperlegible";
   font-weight: normal;
   font-style: normal;
-  src: url(/assets/fonts/Atkinson-Hyperlegible-Regular-102a.woff2) format('woff2');
-  src: url(/assets/fonts/Atkinson-Hyperlegible-Regular-102.woff) format('woff');
+  src: url(/assets/fonts/Atkinson-Hyperlegible-Regular-102a.woff2) format('woff2'),
+       url(/assets/fonts/Atkinson-Hyperlegible-Regular-102.woff) format('woff');
 }
 @font-face {
   font-family: "Atkinson Hyperlegible";
   font-weight: bold;
   font-style: normal;
-  src: url(/assets/fonts/Atkinson-Hyperlegible-Bold-102a.woff2) format('woff2');
-  src: url(/assets/fonts/Atkinson-Hyperlegible-Bold-102.woff) format('woff');
+  src: url(/assets/fonts/Atkinson-Hyperlegible-Bold-102a.woff2) format('woff2'),
+      url(/assets/fonts/Atkinson-Hyperlegible-Bold-102.woff) format('woff');
 }
 @font-face {
   font-family: "Atkinson Hyperlegible";
   font-weight: normal;
   font-style: italic;
-  src: url(/assets/fonts/Atkinson-Hyperlegible-Italic-102a.woff2) format('woff2');
-  src: url(/assets/fonts/Atkinson-Hyperlegible-Italic-102.woff) format('woff');
+  src: url(/assets/fonts/Atkinson-Hyperlegible-Italic-102a.woff2) format('woff2'),
+       url(/assets/fonts/Atkinson-Hyperlegible-Italic-102.woff) format('woff');
 }
 @font-face {
   font-family: "Atkinson Hyperlegible";
   font-weight: bold;
   font-style: italic;
-  src: url(/assets/fonts/Atkinson-Hyperlegible-BoldItalic-102a.woff2) format('woff2');
-  src: url(/assets/fonts/Atkinson-Hyperlegible-BoldItalic-102.woff) format('woff');
+  src: url(/assets/fonts/Atkinson-Hyperlegible-BoldItalic-102a.woff2) format('woff2'),
+       url(/assets/fonts/Atkinson-Hyperlegible-BoldItalic-102.woff) format('woff');
 }
 
 /* Main page background */

From db4b85715966ee590c6cdff5cc52e592b66e3d17 Mon Sep 17 00:00:00 2001
From: kim <89579420+NyaaaWhatsUpDoc@users.noreply.github.com>
Date: Fri, 4 Apr 2025 15:34:38 +0000
Subject: [PATCH 06/15] [chore] bump ncruces/go-sqlite3 to v0.25.0 (#3966)

---
 go.mod                                        |   2 +-
 go.sum                                        |   4 +-
 .../github.com/ncruces/go-sqlite3/README.md   |  22 +-
 vendor/github.com/ncruces/go-sqlite3/blob.go  |   9 +-
 .../github.com/ncruces/go-sqlite3/config.go   |  16 +-
 vendor/github.com/ncruces/go-sqlite3/conn.go  |  79 +++-----
 vendor/github.com/ncruces/go-sqlite3/const.go |   7 +-
 .../github.com/ncruces/go-sqlite3/context.go  |  10 +-
 .../ncruces/go-sqlite3/driver/driver.go       | 188 +++++++++++-------
 .../ncruces/go-sqlite3/driver/time.go         |  11 +-
 vendor/github.com/ncruces/go-sqlite3/error.go |  18 +-
 vendor/github.com/ncruces/go-sqlite3/func.go  | 159 +++++++++++----
 .../ncruces/go-sqlite3/internal/util/error.go |   4 +-
 .../ncruces/go-sqlite3/internal/util/mem.go   |   5 +-
 .../github.com/ncruces/go-sqlite3/sqlite.go   |  38 ++--
 vendor/github.com/ncruces/go-sqlite3/stmt.go  | 140 ++++++++++---
 vendor/github.com/ncruces/go-sqlite3/txn.go   |  24 +--
 .../ncruces/go-sqlite3/util/osutil/open.go    |  16 --
 .../go-sqlite3/util/osutil/open_windows.go    | 115 -----------
 .../ncruces/go-sqlite3/util/osutil/osfs.go    |  33 ---
 .../ncruces/go-sqlite3/util/osutil/osutil.go  |   2 -
 .../go-sqlite3/util/sql3util/sql3util.go      |   2 +-
 vendor/github.com/ncruces/go-sqlite3/value.go |   8 +-
 .../ncruces/go-sqlite3/vfs/README.md          |  35 +++-
 .../github.com/ncruces/go-sqlite3/vfs/cksm.go |  24 ++-
 .../github.com/ncruces/go-sqlite3/vfs/file.go |  28 ++-
 .../ncruces/go-sqlite3/vfs/os_bsd.go          |  27 ++-
 .../ncruces/go-sqlite3/vfs/os_darwin.go       |  22 +-
 .../ncruces/go-sqlite3/vfs/os_linux.go        |  46 ++++-
 .../ncruces/go-sqlite3/vfs/os_std.go          |   2 +-
 .../ncruces/go-sqlite3/vfs/os_unix.go         |  13 +-
 .../ncruces/go-sqlite3/vfs/os_windows.go      |  35 +---
 .../ncruces/go-sqlite3/vfs/shm_bsd.go         |  15 +-
 .../ncruces/go-sqlite3/vfs/shm_windows.go     |  23 +--
 vendor/github.com/ncruces/go-sqlite3/vtab.go  |  29 ++-
 vendor/modules.txt                            |   3 +-
 36 files changed, 636 insertions(+), 578 deletions(-)
 delete mode 100644 vendor/github.com/ncruces/go-sqlite3/util/osutil/open.go
 delete mode 100644 vendor/github.com/ncruces/go-sqlite3/util/osutil/open_windows.go
 delete mode 100644 vendor/github.com/ncruces/go-sqlite3/util/osutil/osfs.go
 delete mode 100644 vendor/github.com/ncruces/go-sqlite3/util/osutil/osutil.go

diff --git a/go.mod b/go.mod
index c23748996..479002530 100644
--- a/go.mod
+++ b/go.mod
@@ -54,7 +54,7 @@ require (
 	github.com/miekg/dns v1.1.64
 	github.com/minio/minio-go/v7 v7.0.85
 	github.com/mitchellh/mapstructure v1.5.0
-	github.com/ncruces/go-sqlite3 v0.24.0
+	github.com/ncruces/go-sqlite3 v0.25.0
 	github.com/oklog/ulid v1.3.1
 	github.com/prometheus/client_golang v1.21.1
 	github.com/rivo/uniseg v0.4.7
diff --git a/go.sum b/go.sum
index 88fb45e71..f886b0e89 100644
--- a/go.sum
+++ b/go.sum
@@ -322,8 +322,8 @@ github.com/moul/http2curl v1.0.0 h1:dRMWoAtb+ePxMlLkrCbAqh4TlPHXvoGUSQ323/9Zahs=
 github.com/moul/http2curl v1.0.0/go.mod h1:8UbvGypXm98wA/IqH45anm5Y2Z6ep6O31QGOAZ3H0fQ=
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
-github.com/ncruces/go-sqlite3 v0.24.0 h1:Z4jfmzu2NCd4SmyFwLT2OmF3EnTZbqwATvdiuNHNhLA=
-github.com/ncruces/go-sqlite3 v0.24.0/go.mod h1:/Vs8ACZHjJ1SA6E9RZUn3EyB1OP3nDQ4z/ar+0fplTQ=
+github.com/ncruces/go-sqlite3 v0.25.0 h1:trugKUs98Zwy9KwRr/EUxZHL92LYt7UqcKqAfpGpK+I=
+github.com/ncruces/go-sqlite3 v0.25.0/go.mod h1:n6Z7036yFilJx04yV0mi5JWaF66rUmXn1It9Ux8dx68=
 github.com/ncruces/go-strftime v0.1.9 h1:bY0MQC28UADQmHmaF5dgpLmImcShSi2kHU9XLdhx/f4=
 github.com/ncruces/go-strftime v0.1.9/go.mod h1:Fwc5htZGVVkseilnfgOVb9mKy6w1naJmn9CehxcKcls=
 github.com/ncruces/julianday v1.0.0 h1:fH0OKwa7NWvniGQtxdJRxAgkBMolni2BjDHaWTxqt7M=
diff --git a/vendor/github.com/ncruces/go-sqlite3/README.md b/vendor/github.com/ncruces/go-sqlite3/README.md
index cac6ee6b8..94fd9950b 100644
--- a/vendor/github.com/ncruces/go-sqlite3/README.md
+++ b/vendor/github.com/ncruces/go-sqlite3/README.md
@@ -65,17 +65,20 @@ db.QueryRow(`SELECT sqlite_version()`).Scan(&version)
 This module replaces the SQLite [OS Interface](https://sqlite.org/vfs.html)
 (aka VFS) with a [pure Go](vfs/) implementation,
 which has advantages and disadvantages.
-
 Read more about the Go VFS design [here](vfs/README.md).
 
+Because each database connection executes within a Wasm sandboxed environment,
+memory usage will be higher than alternatives.
+
 ### Testing
 
 This project aims for [high test coverage](https://github.com/ncruces/go-sqlite3/wiki/Test-coverage-report).
 It also benefits greatly from [SQLite's](https://sqlite.org/testing.html) and
-[wazero's](https://tetrate.io/blog/introducing-wazero-from-tetrate/#:~:text=Rock%2Dsolid%20test%20approach) thorough testing.
+[wazero's](https://tetrate.io/blog/introducing-wazero-from-tetrate/#:~:text=Rock%2Dsolid%20test%20approach)
+thorough testing.
 
 Every commit is [tested](https://github.com/ncruces/go-sqlite3/wiki/Support-matrix) on
-Linux (amd64/arm64/386/riscv64/ppc64le/s390x), macOS (amd64/arm64),
+Linux (amd64/arm64/386/riscv64/ppc64le/s390x), macOS (arm64/amd64),
 Windows (amd64), FreeBSD (amd64/arm64), OpenBSD (amd64), NetBSD (amd64/arm64),
 DragonFly BSD (amd64), illumos (amd64), and Solaris (amd64).
 
@@ -84,12 +87,21 @@ The Go VFS is tested by running SQLite's
 
 ### Performance
 
-Perfomance of the [`database/sql`](https://pkg.go.dev/database/sql) driver is
+Performance of the [`database/sql`](https://pkg.go.dev/database/sql) driver is
 [competitive](https://github.com/cvilsmeier/go-sqlite-bench) with alternatives.
 
-The Wasm and VFS layers are also tested by running SQLite's
+The Wasm and VFS layers are also benchmarked by running SQLite's
 [speedtest1](https://github.com/sqlite/sqlite/blob/master/test/speedtest1.c).
 
+### Concurrency
+
+This module behaves similarly to SQLite in [multi-thread](https://sqlite.org/threadsafe.html) mode:
+it is goroutine-safe, provided that no single database connection, or object derived from it,
+is used concurrently by multiple goroutines.
+
+The [`database/sql`](https://pkg.go.dev/database/sql) API is safe to use concurrently,
+according to its documentation.
+
 ### FAQ, issues, new features
 
 For questions, please see [Discussions](https://github.com/ncruces/go-sqlite3/discussions/categories/q-a).
diff --git a/vendor/github.com/ncruces/go-sqlite3/blob.go b/vendor/github.com/ncruces/go-sqlite3/blob.go
index 2fac72045..ea7caf9d8 100644
--- a/vendor/github.com/ncruces/go-sqlite3/blob.go
+++ b/vendor/github.com/ncruces/go-sqlite3/blob.go
@@ -31,6 +31,10 @@ var _ io.ReadWriteSeeker = &Blob{}
 //
 // https://sqlite.org/c3ref/blob_open.html
 func (c *Conn) OpenBlob(db, table, column string, row int64, write bool) (*Blob, error) {
+	if c.interrupt.Err() != nil {
+		return nil, INTERRUPT
+	}
+
 	defer c.arena.mark()()
 	blobPtr := c.arena.new(ptrlen)
 	dbPtr := c.arena.string(db)
@@ -42,7 +46,6 @@ func (c *Conn) OpenBlob(db, table, column string, row int64, write bool) (*Blob,
 		flags = 1
 	}
 
-	c.checkInterrupt(c.handle)
 	rc := res_t(c.call("sqlite3_blob_open", stk_t(c.handle),
 		stk_t(dbPtr), stk_t(tablePtr), stk_t(columnPtr),
 		stk_t(row), stk_t(flags), stk_t(blobPtr)))
@@ -253,7 +256,9 @@ func (b *Blob) Seek(offset int64, whence int) (int64, error) {
 //
 // https://sqlite.org/c3ref/blob_reopen.html
 func (b *Blob) Reopen(row int64) error {
-	b.c.checkInterrupt(b.c.handle)
+	if b.c.interrupt.Err() != nil {
+		return INTERRUPT
+	}
 	err := b.c.error(res_t(b.c.call("sqlite3_blob_reopen", stk_t(b.handle), stk_t(row))))
 	b.bytes = int64(int32(b.c.call("sqlite3_blob_bytes", stk_t(b.handle))))
 	b.offset = 0
diff --git a/vendor/github.com/ncruces/go-sqlite3/config.go b/vendor/github.com/ncruces/go-sqlite3/config.go
index 17166b9c5..3921fe98a 100644
--- a/vendor/github.com/ncruces/go-sqlite3/config.go
+++ b/vendor/github.com/ncruces/go-sqlite3/config.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"fmt"
 	"strconv"
+	"sync/atomic"
 
 	"github.com/tetratelabs/wazero/api"
 
@@ -48,6 +49,15 @@ func (c *Conn) Config(op DBConfig, arg ...bool) (bool, error) {
 	return util.ReadBool(c.mod, argsPtr), c.error(rc)
 }
 
+var defaultLogger atomic.Pointer[func(code ExtendedErrorCode, msg string)]
+
+// ConfigLog sets up the default error logging callback for new connections.
+//
+// https://sqlite.org/errlog.html
+func ConfigLog(cb func(code ExtendedErrorCode, msg string)) {
+	defaultLogger.Store(&cb)
+}
+
 // ConfigLog sets up the error logging callback for the connection.
 //
 // https://sqlite.org/errlog.html
@@ -265,6 +275,10 @@ func traceCallback(ctx context.Context, mod api.Module, evt TraceEvent, pDB, pAr
 //
 // https://sqlite.org/c3ref/wal_checkpoint_v2.html
 func (c *Conn) WALCheckpoint(schema string, mode CheckpointMode) (nLog, nCkpt int, err error) {
+	if c.interrupt.Err() != nil {
+		return 0, 0, INTERRUPT
+	}
+
 	defer c.arena.mark()()
 	nLogPtr := c.arena.new(ptrlen)
 	nCkptPtr := c.arena.new(ptrlen)
@@ -378,6 +392,6 @@ func (c *Conn) EnableChecksums(schema string) error {
 	}
 
 	// Checkpoint the WAL.
-	_, _, err = c.WALCheckpoint(schema, CHECKPOINT_RESTART)
+	_, _, err = c.WALCheckpoint(schema, CHECKPOINT_FULL)
 	return err
 }
diff --git a/vendor/github.com/ncruces/go-sqlite3/conn.go b/vendor/github.com/ncruces/go-sqlite3/conn.go
index 9f9251e9f..7e88d8c85 100644
--- a/vendor/github.com/ncruces/go-sqlite3/conn.go
+++ b/vendor/github.com/ncruces/go-sqlite3/conn.go
@@ -25,7 +25,6 @@ type Conn struct {
 	*sqlite
 
 	interrupt  context.Context
-	pending    *Stmt
 	stmts      []*Stmt
 	busy       func(context.Context, int) bool
 	log        func(xErrorCode, string)
@@ -41,6 +40,7 @@ type Conn struct {
 	busylst time.Time
 	arena   arena
 	handle  ptr_t
+	gosched uint8
 }
 
 // Open calls [OpenFlags] with [OPEN_READWRITE], [OPEN_CREATE] and [OPEN_URI].
@@ -49,7 +49,7 @@ func Open(filename string) (*Conn, error) {
 }
 
 // OpenContext is like [Open] but includes a context,
-// which is used to interrupt the process of opening the connectiton.
+// which is used to interrupt the process of opening the connection.
 func OpenContext(ctx context.Context, filename string) (*Conn, error) {
 	return newConn(ctx, filename, OPEN_READWRITE|OPEN_CREATE|OPEN_URI)
 }
@@ -92,6 +92,9 @@ func newConn(ctx context.Context, filename string, flags OpenFlag) (ret *Conn, _
 	}()
 
 	c.ctx = context.WithValue(c.ctx, connKey{}, c)
+	if logger := defaultLogger.Load(); logger != nil {
+		c.ConfigLog(*logger)
+	}
 	c.arena = c.newArena()
 	c.handle, err = c.openDB(filename, flags)
 	if err == nil {
@@ -117,7 +120,7 @@ func (c *Conn) openDB(filename string, flags OpenFlag) (ptr_t, error) {
 		return 0, err
 	}
 
-	c.call("sqlite3_progress_handler_go", stk_t(handle), 100)
+	c.call("sqlite3_progress_handler_go", stk_t(handle), 1000)
 	if flags|OPEN_URI != 0 && strings.HasPrefix(filename, "file:") {
 		var pragmas strings.Builder
 		if _, after, ok := strings.Cut(filename, "?"); ok {
@@ -129,7 +132,6 @@ func (c *Conn) openDB(filename string, flags OpenFlag) (ptr_t, error) {
 			}
 		}
 		if pragmas.Len() != 0 {
-			c.checkInterrupt(handle)
 			pragmaPtr := c.arena.string(pragmas.String())
 			rc := res_t(c.call("sqlite3_exec", stk_t(handle), stk_t(pragmaPtr), 0, 0, 0))
 			if err := c.sqlite.error(rc, handle, pragmas.String()); err != nil {
@@ -163,9 +165,6 @@ func (c *Conn) Close() error {
 		return nil
 	}
 
-	c.pending.Close()
-	c.pending = nil
-
 	rc := res_t(c.call("sqlite3_close", stk_t(c.handle)))
 	if err := c.error(rc); err != nil {
 		return err
@@ -180,11 +179,16 @@ func (c *Conn) Close() error {
 //
 // https://sqlite.org/c3ref/exec.html
 func (c *Conn) Exec(sql string) error {
-	defer c.arena.mark()()
-	sqlPtr := c.arena.string(sql)
+	if c.interrupt.Err() != nil {
+		return INTERRUPT
+	}
+	return c.exec(sql)
+}
 
-	c.checkInterrupt(c.handle)
-	rc := res_t(c.call("sqlite3_exec", stk_t(c.handle), stk_t(sqlPtr), 0, 0, 0))
+func (c *Conn) exec(sql string) error {
+	defer c.arena.mark()()
+	textPtr := c.arena.string(sql)
+	rc := res_t(c.call("sqlite3_exec", stk_t(c.handle), stk_t(textPtr), 0, 0, 0))
 	return c.error(rc, sql)
 }
 
@@ -203,20 +207,22 @@ func (c *Conn) PrepareFlags(sql string, flags PrepareFlag) (stmt *Stmt, tail str
 	if len(sql) > _MAX_SQL_LENGTH {
 		return nil, "", TOOBIG
 	}
+	if c.interrupt.Err() != nil {
+		return nil, "", INTERRUPT
+	}
 
 	defer c.arena.mark()()
 	stmtPtr := c.arena.new(ptrlen)
 	tailPtr := c.arena.new(ptrlen)
-	sqlPtr := c.arena.string(sql)
+	textPtr := c.arena.string(sql)
 
-	c.checkInterrupt(c.handle)
 	rc := res_t(c.call("sqlite3_prepare_v3", stk_t(c.handle),
-		stk_t(sqlPtr), stk_t(len(sql)+1), stk_t(flags),
+		stk_t(textPtr), stk_t(len(sql)+1), stk_t(flags),
 		stk_t(stmtPtr), stk_t(tailPtr)))
 
-	stmt = &Stmt{c: c}
+	stmt = &Stmt{c: c, sql: sql}
 	stmt.handle = util.Read32[ptr_t](c.mod, stmtPtr)
-	if sql := sql[util.Read32[ptr_t](c.mod, tailPtr)-sqlPtr:]; sql != "" {
+	if sql := sql[util.Read32[ptr_t](c.mod, tailPtr)-textPtr:]; sql != "" {
 		tail = sql
 	}
 
@@ -337,43 +343,17 @@ func (c *Conn) GetInterrupt() context.Context {
 //
 // https://sqlite.org/c3ref/interrupt.html
 func (c *Conn) SetInterrupt(ctx context.Context) (old context.Context) {
+	if ctx == nil {
+		panic("nil Context")
+	}
 	old = c.interrupt
 	c.interrupt = ctx
-
-	if ctx == old || ctx.Done() == old.Done() {
-		return old
-	}
-
-	// A busy SQL statement prevents SQLite from ignoring an interrupt
-	// that comes before any other statements are started.
-	if c.pending == nil {
-		defer c.arena.mark()()
-		stmtPtr := c.arena.new(ptrlen)
-		loopPtr := c.arena.string(`WITH RECURSIVE c(x) AS (VALUES(0) UNION ALL SELECT x FROM c) SELECT x FROM c`)
-		c.call("sqlite3_prepare_v3", stk_t(c.handle), stk_t(loopPtr), math.MaxUint64,
-			stk_t(PREPARE_PERSISTENT), stk_t(stmtPtr), 0)
-		c.pending = &Stmt{c: c}
-		c.pending.handle = util.Read32[ptr_t](c.mod, stmtPtr)
-	}
-
-	if old.Done() != nil && ctx.Err() == nil {
-		c.pending.Reset()
-	}
-	if ctx.Done() != nil {
-		c.pending.Step()
-	}
 	return old
 }
 
-func (c *Conn) checkInterrupt(handle ptr_t) {
-	if c.interrupt.Err() != nil {
-		c.call("sqlite3_interrupt", stk_t(handle))
-	}
-}
-
 func progressCallback(ctx context.Context, mod api.Module, _ ptr_t) (interrupt int32) {
 	if c, ok := ctx.Value(connKey{}).(*Conn); ok {
-		if c.interrupt.Done() != nil {
+		if c.gosched++; c.gosched%16 == 0 {
 			runtime.Gosched()
 		}
 		if c.interrupt.Err() != nil {
@@ -429,11 +409,8 @@ func (c *Conn) BusyHandler(cb func(ctx context.Context, count int) (retry bool))
 
 func busyCallback(ctx context.Context, mod api.Module, pDB ptr_t, count int32) (retry int32) {
 	if c, ok := ctx.Value(connKey{}).(*Conn); ok && c.handle == pDB && c.busy != nil {
-		interrupt := c.interrupt
-		if interrupt == nil {
-			interrupt = context.Background()
-		}
-		if interrupt.Err() == nil && c.busy(interrupt, int(count)) {
+		if interrupt := c.interrupt; interrupt.Err() == nil &&
+			c.busy(interrupt, int(count)) {
 			retry = 1
 		}
 	}
diff --git a/vendor/github.com/ncruces/go-sqlite3/const.go b/vendor/github.com/ncruces/go-sqlite3/const.go
index 82d80515e..522f68bfb 100644
--- a/vendor/github.com/ncruces/go-sqlite3/const.go
+++ b/vendor/github.com/ncruces/go-sqlite3/const.go
@@ -11,10 +11,9 @@ const (
 	_ROW  = 100 /* sqlite3_step() has another row ready */
 	_DONE = 101 /* sqlite3_step() has finished executing */
 
-	_MAX_NAME         = 1e6 // Self-imposed limit for most NUL terminated strings.
-	_MAX_LENGTH       = 1e9
-	_MAX_SQL_LENGTH   = 1e9
-	_MAX_FUNCTION_ARG = 100
+	_MAX_NAME       = 1e6 // Self-imposed limit for most NUL terminated strings.
+	_MAX_LENGTH     = 1e9
+	_MAX_SQL_LENGTH = 1e9
 
 	ptrlen = util.PtrLen
 	intlen = util.IntLen
diff --git a/vendor/github.com/ncruces/go-sqlite3/context.go b/vendor/github.com/ncruces/go-sqlite3/context.go
index 637ddc282..abee4ec1e 100644
--- a/vendor/github.com/ncruces/go-sqlite3/context.go
+++ b/vendor/github.com/ncruces/go-sqlite3/context.go
@@ -89,20 +89,26 @@ func (ctx Context) ResultText(value string) {
 }
 
 // ResultRawText sets the text result of the function to a []byte.
-// Returning a nil slice is the same as calling [Context.ResultNull].
 //
 // https://sqlite.org/c3ref/result_blob.html
 func (ctx Context) ResultRawText(value []byte) {
+	if len(value) == 0 {
+		ctx.ResultText("")
+		return
+	}
 	ptr := ctx.c.newBytes(value)
 	ctx.c.call("sqlite3_result_text_go",
 		stk_t(ctx.handle), stk_t(ptr), stk_t(len(value)))
 }
 
 // ResultBlob sets the result of the function to a []byte.
-// Returning a nil slice is the same as calling [Context.ResultNull].
 //
 // https://sqlite.org/c3ref/result_blob.html
 func (ctx Context) ResultBlob(value []byte) {
+	if len(value) == 0 {
+		ctx.ResultZeroBlob(0)
+		return
+	}
 	ptr := ctx.c.newBytes(value)
 	ctx.c.call("sqlite3_result_blob_go",
 		stk_t(ctx.handle), stk_t(ptr), stk_t(len(value)))
diff --git a/vendor/github.com/ncruces/go-sqlite3/driver/driver.go b/vendor/github.com/ncruces/go-sqlite3/driver/driver.go
index 21799aeb2..9250cf39d 100644
--- a/vendor/github.com/ncruces/go-sqlite3/driver/driver.go
+++ b/vendor/github.com/ncruces/go-sqlite3/driver/driver.go
@@ -20,22 +20,45 @@
 //   - a [serializable] transaction is always "immediate";
 //   - a [read-only] transaction is always "deferred".
 //
+// # Datatypes In SQLite
+//
+// SQLite is dynamically typed.
+// Columns can mostly hold any value regardless of their declared type.
+// SQLite supports most [driver.Value] types out of the box,
+// but bool and [time.Time] require special care.
+//
+// Booleans can be stored on any column type and scanned back to a *bool.
+// However, if scanned to a *any, booleans may either become an
+// int64, string or bool, depending on the declared type of the column.
+// If you use BOOLEAN for your column type,
+// 1 and 0 will always scan as true and false.
+//
 // # Working with time
 //
+// Time values can similarly be stored on any column type.
 // The time encoding/decoding format can be specified using "_timefmt":
 //
 //	sql.Open("sqlite3", "file:demo.db?_timefmt=sqlite")
 //
-// Possible values are: "auto" (the default), "sqlite", "rfc3339";
+// Special values are: "auto" (the default), "sqlite", "rfc3339";
 //   - "auto" encodes as RFC 3339 and decodes any [format] supported by SQLite;
 //   - "sqlite" encodes as SQLite and decodes any [format] supported by SQLite;
 //   - "rfc3339" encodes and decodes RFC 3339 only.
 //
-// If you encode as RFC 3339 (the default),
-// consider using the TIME [collating sequence] to produce a time-ordered sequence.
+// You can also set "_timefmt" to an arbitrary [sqlite3.TimeFormat] or [time.Layout].
 //
-// To scan values in other formats, [sqlite3.TimeFormat.Scanner] may be helpful.
-// To bind values in other formats, [sqlite3.TimeFormat.Encode] them before binding.
+// If you encode as RFC 3339 (the default),
+// consider using the TIME [collating sequence] to produce time-ordered sequences.
+//
+// If you encode as RFC 3339 (the default),
+// time values will scan back to a *time.Time unless your column type is TEXT.
+// Otherwise, if scanned to a *any, time values may either become an
+// int64, float64 or string, depending on the time format and declared type of the column.
+// If you use DATE, TIME, DATETIME, or TIMESTAMP for your column type,
+// "_timefmt" will be used to decode values.
+//
+// To scan values in custom formats, [sqlite3.TimeFormat.Scanner] may be helpful.
+// To bind values in custom formats, [sqlite3.TimeFormat.Encode] them before binding.
 //
 // When using a custom time struct, you'll have to implement
 // [database/sql/driver.Valuer] and [database/sql.Scanner].
@@ -48,7 +71,7 @@
 // The Scan method needs to take into account that the value it receives can be of differing types.
 // It can already be a [time.Time], if the driver decoded the value according to "_timefmt" rules.
 // Or it can be a: string, int64, float64, []byte, or nil,
-// depending on the column type and what whoever wrote the value.
+// depending on the column type and whoever wrote the value.
 // [sqlite3.TimeFormat.Decode] may help.
 //
 // # Setting PRAGMAs
@@ -358,13 +381,10 @@ func (c *conn) Commit() error {
 }
 
 func (c *conn) Rollback() error {
-	err := c.Conn.Exec(`ROLLBACK` + c.txReset)
-	if errors.Is(err, sqlite3.INTERRUPT) {
-		old := c.Conn.SetInterrupt(context.Background())
-		defer c.Conn.SetInterrupt(old)
-		err = c.Conn.Exec(`ROLLBACK` + c.txReset)
-	}
-	return err
+	// ROLLBACK even if interrupted.
+	old := c.Conn.SetInterrupt(context.Background())
+	defer c.Conn.SetInterrupt(old)
+	return c.Conn.Exec(`ROLLBACK` + c.txReset)
 }
 
 func (c *conn) Prepare(query string) (driver.Stmt, error) {
@@ -598,6 +618,28 @@ const (
 	_TIME
 )
 
+func scanFromDecl(decl string) scantype {
+	// These types are only used before we have rows,
+	// and otherwise as type hints.
+	// The first few ensure STRICT tables are strictly typed.
+	// The other two are type hints for booleans and time.
+	switch decl {
+	case "INT", "INTEGER":
+		return _INT
+	case "REAL":
+		return _REAL
+	case "TEXT":
+		return _TEXT
+	case "BLOB":
+		return _BLOB
+	case "BOOLEAN":
+		return _BOOL
+	case "DATE", "TIME", "DATETIME", "TIMESTAMP":
+		return _TIME
+	}
+	return _ANY
+}
+
 var (
 	// Ensure these interfaces are implemented:
 	_ driver.RowsColumnTypeDatabaseTypeName = &rows{}
@@ -622,6 +664,18 @@ func (r *rows) Columns() []string {
 	return r.names
 }
 
+func (r *rows) scanType(index int) scantype {
+	if r.scans == nil {
+		count := r.Stmt.ColumnCount()
+		scans := make([]scantype, count)
+		for i := range scans {
+			scans[i] = scanFromDecl(strings.ToUpper(r.Stmt.ColumnDeclType(i)))
+		}
+		r.scans = scans
+	}
+	return r.scans[index]
+}
+
 func (r *rows) loadColumnMetadata() {
 	if r.nulls == nil {
 		count := r.Stmt.ColumnCount()
@@ -635,24 +689,7 @@ func (r *rows) loadColumnMetadata() {
 					r.Stmt.ColumnTableName(i),
 					col)
 				types[i] = strings.ToUpper(types[i])
-				// These types are only used before we have rows,
-				// and otherwise as type hints.
-				// The first few ensure STRICT tables are strictly typed.
-				// The other two are type hints for booleans and time.
-				switch types[i] {
-				case "INT", "INTEGER":
-					scans[i] = _INT
-				case "REAL":
-					scans[i] = _REAL
-				case "TEXT":
-					scans[i] = _TEXT
-				case "BLOB":
-					scans[i] = _BLOB
-				case "BOOLEAN":
-					scans[i] = _BOOL
-				case "DATE", "TIME", "DATETIME", "TIMESTAMP":
-					scans[i] = _TIME
-				}
+				scans[i] = scanFromDecl(types[i])
 			}
 		}
 		r.nulls = nulls
@@ -661,27 +698,15 @@ func (r *rows) loadColumnMetadata() {
 	}
 }
 
-func (r *rows) declType(index int) string {
-	if r.types == nil {
-		count := r.Stmt.ColumnCount()
-		types := make([]string, count)
-		for i := range types {
-			types[i] = strings.ToUpper(r.Stmt.ColumnDeclType(i))
-		}
-		r.types = types
-	}
-	return r.types[index]
-}
-
 func (r *rows) ColumnTypeDatabaseTypeName(index int) string {
 	r.loadColumnMetadata()
-	decltype := r.types[index]
-	if len := len(decltype); len > 0 && decltype[len-1] == ')' {
-		if i := strings.LastIndexByte(decltype, '('); i >= 0 {
-			decltype = decltype[:i]
+	decl := r.types[index]
+	if len := len(decl); len > 0 && decl[len-1] == ')' {
+		if i := strings.LastIndexByte(decl, '('); i >= 0 {
+			decl = decl[:i]
 		}
 	}
-	return strings.TrimSpace(decltype)
+	return strings.TrimSpace(decl)
 }
 
 func (r *rows) ColumnTypeNullable(index int) (nullable, ok bool) {
@@ -748,36 +773,49 @@ func (r *rows) Next(dest []driver.Value) error {
 	}
 
 	data := unsafe.Slice((*any)(unsafe.SliceData(dest)), len(dest))
-	err := r.Stmt.Columns(data...)
+	if err := r.Stmt.ColumnsRaw(data...); err != nil {
+		return err
+	}
 	for i := range dest {
-		if t, ok := r.decodeTime(i, dest[i]); ok {
-			dest[i] = t
-		}
-	}
-	return err
-}
-
-func (r *rows) decodeTime(i int, v any) (_ time.Time, ok bool) {
-	switch v := v.(type) {
-	case int64, float64:
-		// could be a time value
-	case string:
-		if r.tmWrite != "" && r.tmWrite != time.RFC3339 && r.tmWrite != time.RFC3339Nano {
+		scan := r.scanType(i)
+		switch v := dest[i].(type) {
+		case int64:
+			if scan == _BOOL {
+				switch v {
+				case 1:
+					dest[i] = true
+				case 0:
+					dest[i] = false
+				}
+				continue
+			}
+		case []byte:
+			if len(v) == cap(v) { // a BLOB
+				continue
+			}
+			if scan != _TEXT {
+				switch r.tmWrite {
+				case "", time.RFC3339, time.RFC3339Nano:
+					t, ok := maybeTime(v)
+					if ok {
+						dest[i] = t
+						continue
+					}
+				}
+			}
+			dest[i] = string(v)
+		case float64:
 			break
+		default:
+			continue
 		}
-		t, ok := maybeTime(v)
-		if ok {
-			return t, true
+		if scan == _TIME {
+			t, err := r.tmRead.Decode(dest[i])
+			if err == nil {
+				dest[i] = t
+				continue
+			}
 		}
-	default:
-		return
 	}
-	switch r.declType(i) {
-	case "DATE", "TIME", "DATETIME", "TIMESTAMP":
-		// could be a time value
-	default:
-		return
-	}
-	t, err := r.tmRead.Decode(v)
-	return t, err == nil
+	return nil
 }
diff --git a/vendor/github.com/ncruces/go-sqlite3/driver/time.go b/vendor/github.com/ncruces/go-sqlite3/driver/time.go
index b3ebdd263..4d48bd8dc 100644
--- a/vendor/github.com/ncruces/go-sqlite3/driver/time.go
+++ b/vendor/github.com/ncruces/go-sqlite3/driver/time.go
@@ -1,12 +1,15 @@
 package driver
 
-import "time"
+import (
+	"bytes"
+	"time"
+)
 
 // Convert a string in [time.RFC3339Nano] format into a [time.Time]
 // if it roundtrips back to the same string.
 // This way times can be persisted to, and recovered from, the database,
 // but if a string is needed, [database/sql] will recover the same string.
-func maybeTime(text string) (_ time.Time, _ bool) {
+func maybeTime(text []byte) (_ time.Time, _ bool) {
 	// Weed out (some) values that can't possibly be
 	// [time.RFC3339Nano] timestamps.
 	if len(text) < len("2006-01-02T15:04:05Z") {
@@ -21,8 +24,8 @@ func maybeTime(text string) (_ time.Time, _ bool) {
 
 	// Slow path.
 	var buf [len(time.RFC3339Nano)]byte
-	date, err := time.Parse(time.RFC3339Nano, text)
-	if err == nil && text == string(date.AppendFormat(buf[:0], time.RFC3339Nano)) {
+	date, err := time.Parse(time.RFC3339Nano, string(text))
+	if err == nil && bytes.Equal(text, date.AppendFormat(buf[:0], time.RFC3339Nano)) {
 		return date, true
 	}
 	return
diff --git a/vendor/github.com/ncruces/go-sqlite3/error.go b/vendor/github.com/ncruces/go-sqlite3/error.go
index 6d4bd63f8..59982eafd 100644
--- a/vendor/github.com/ncruces/go-sqlite3/error.go
+++ b/vendor/github.com/ncruces/go-sqlite3/error.go
@@ -2,7 +2,6 @@ package sqlite3
 
 import (
 	"errors"
-	"strconv"
 	"strings"
 
 	"github.com/ncruces/go-sqlite3/internal/util"
@@ -12,7 +11,6 @@ import (
 //
 // https://sqlite.org/c3ref/errcode.html
 type Error struct {
-	str  string
 	msg  string
 	sql  string
 	code res_t
@@ -29,19 +27,13 @@ func (e *Error) Code() ErrorCode {
 //
 // https://sqlite.org/rescode.html
 func (e *Error) ExtendedCode() ExtendedErrorCode {
-	return ExtendedErrorCode(e.code)
+	return xErrorCode(e.code)
 }
 
 // Error implements the error interface.
 func (e *Error) Error() string {
 	var b strings.Builder
-	b.WriteString("sqlite3: ")
-
-	if e.str != "" {
-		b.WriteString(e.str)
-	} else {
-		b.WriteString(strconv.Itoa(int(e.code)))
-	}
+	b.WriteString(util.ErrorCodeString(uint32(e.code)))
 
 	if e.msg != "" {
 		b.WriteString(": ")
@@ -103,12 +95,12 @@ func (e ErrorCode) Error() string {
 
 // Temporary returns true for [BUSY] errors.
 func (e ErrorCode) Temporary() bool {
-	return e == BUSY
+	return e == BUSY || e == INTERRUPT
 }
 
 // ExtendedCode returns the extended error code for this error.
 func (e ErrorCode) ExtendedCode() ExtendedErrorCode {
-	return ExtendedErrorCode(e)
+	return xErrorCode(e)
 }
 
 // Error implements the error interface.
@@ -133,7 +125,7 @@ func (e ExtendedErrorCode) As(err any) bool {
 
 // Temporary returns true for [BUSY] errors.
 func (e ExtendedErrorCode) Temporary() bool {
-	return ErrorCode(e) == BUSY
+	return ErrorCode(e) == BUSY || ErrorCode(e) == INTERRUPT
 }
 
 // Timeout returns true for [BUSY_TIMEOUT] errors.
diff --git a/vendor/github.com/ncruces/go-sqlite3/func.go b/vendor/github.com/ncruces/go-sqlite3/func.go
index f907fa940..16b43056d 100644
--- a/vendor/github.com/ncruces/go-sqlite3/func.go
+++ b/vendor/github.com/ncruces/go-sqlite3/func.go
@@ -3,7 +3,9 @@ package sqlite3
 import (
 	"context"
 	"io"
+	"iter"
 	"sync"
+	"sync/atomic"
 
 	"github.com/tetratelabs/wazero/api"
 
@@ -45,7 +47,7 @@ func (c Conn) AnyCollationNeeded() error {
 // CreateCollation defines a new collating sequence.
 //
 // https://sqlite.org/c3ref/create_collation.html
-func (c *Conn) CreateCollation(name string, fn func(a, b []byte) int) error {
+func (c *Conn) CreateCollation(name string, fn CollatingFunction) error {
 	var funcPtr ptr_t
 	defer c.arena.mark()()
 	namePtr := c.arena.string(name)
@@ -57,6 +59,10 @@ func (c *Conn) CreateCollation(name string, fn func(a, b []byte) int) error {
 	return c.error(rc)
 }
 
+// Collating function is the type of a collation callback.
+// Implementations must not retain a or b.
+type CollatingFunction func(a, b []byte) int
+
 // CreateFunction defines a new scalar SQL function.
 //
 // https://sqlite.org/c3ref/create_function.html
@@ -77,34 +83,67 @@ func (c *Conn) CreateFunction(name string, nArg int, flag FunctionFlag, fn Scala
 // Implementations must not retain arg.
 type ScalarFunction func(ctx Context, arg ...Value)
 
-// CreateWindowFunction defines a new aggregate or aggregate window SQL function.
-// If fn returns a [WindowFunction], then an aggregate window function is created.
-// If fn returns an [io.Closer], it will be called to free resources.
+// CreateAggregateFunction defines a new aggregate SQL function.
 //
 // https://sqlite.org/c3ref/create_function.html
-func (c *Conn) CreateWindowFunction(name string, nArg int, flag FunctionFlag, fn func() AggregateFunction) error {
+func (c *Conn) CreateAggregateFunction(name string, nArg int, flag FunctionFlag, fn AggregateSeqFunction) error {
 	var funcPtr ptr_t
 	defer c.arena.mark()()
 	namePtr := c.arena.string(name)
-	call := "sqlite3_create_aggregate_function_go"
 	if fn != nil {
-		agg := fn()
-		if c, ok := agg.(io.Closer); ok {
-			if err := c.Close(); err != nil {
-				return err
+		funcPtr = util.AddHandle(c.ctx, AggregateConstructor(func() AggregateFunction {
+			var a aggregateFunc
+			coro := func(yieldCoro func(struct{}) bool) {
+				seq := func(yieldSeq func([]Value) bool) {
+					for yieldSeq(a.arg) {
+						if !yieldCoro(struct{}{}) {
+							break
+						}
+					}
+				}
+				fn(&a.ctx, seq)
 			}
-		}
-		if _, ok := agg.(WindowFunction); ok {
-			call = "sqlite3_create_window_function_go"
-		}
-		funcPtr = util.AddHandle(c.ctx, fn)
+			a.next, a.stop = iter.Pull(coro)
+			return &a
+		}))
 	}
-	rc := res_t(c.call(call,
+	rc := res_t(c.call("sqlite3_create_aggregate_function_go",
 		stk_t(c.handle), stk_t(namePtr), stk_t(nArg),
 		stk_t(flag), stk_t(funcPtr)))
 	return c.error(rc)
 }
 
+// AggregateSeqFunction is the type of an aggregate SQL function.
+// Implementations must not retain the slices yielded by seq.
+type AggregateSeqFunction func(ctx *Context, seq iter.Seq[[]Value])
+
+// CreateWindowFunction defines a new aggregate or aggregate window SQL function.
+// If fn returns a [WindowFunction], an aggregate window function is created.
+// If fn returns an [io.Closer], it will be called to free resources.
+//
+// https://sqlite.org/c3ref/create_function.html
+func (c *Conn) CreateWindowFunction(name string, nArg int, flag FunctionFlag, fn AggregateConstructor) error {
+	var funcPtr ptr_t
+	defer c.arena.mark()()
+	namePtr := c.arena.string(name)
+	if fn != nil {
+		funcPtr = util.AddHandle(c.ctx, AggregateConstructor(func() AggregateFunction {
+			agg := fn()
+			if win, ok := agg.(WindowFunction); ok {
+				return win
+			}
+			return windowFunc{agg, name}
+		}))
+	}
+	rc := res_t(c.call("sqlite3_create_window_function_go",
+		stk_t(c.handle), stk_t(namePtr), stk_t(nArg),
+		stk_t(flag), stk_t(funcPtr)))
+	return c.error(rc)
+}
+
+// AggregateConstructor is a an [AggregateFunction] constructor.
+type AggregateConstructor func() AggregateFunction
+
 // AggregateFunction is the interface an aggregate function should implement.
 //
 // https://sqlite.org/appfunc.html
@@ -153,26 +192,24 @@ func collationCallback(ctx context.Context, mod api.Module, pArg, pDB ptr_t, eTe
 }
 
 func compareCallback(ctx context.Context, mod api.Module, pApp ptr_t, nKey1 int32, pKey1 ptr_t, nKey2 int32, pKey2 ptr_t) uint32 {
-	fn := util.GetHandle(ctx, pApp).(func(a, b []byte) int)
+	fn := util.GetHandle(ctx, pApp).(CollatingFunction)
 	return uint32(fn(util.View(mod, pKey1, int64(nKey1)), util.View(mod, pKey2, int64(nKey2))))
 }
 
 func funcCallback(ctx context.Context, mod api.Module, pCtx, pApp ptr_t, nArg int32, pArg ptr_t) {
-	args := getFuncArgs()
-	defer putFuncArgs(args)
 	db := ctx.Value(connKey{}).(*Conn)
+	args := callbackArgs(db, nArg, pArg)
+	defer returnArgs(args)
 	fn := util.GetHandle(db.ctx, pApp).(ScalarFunction)
-	callbackArgs(db, args[:nArg], pArg)
-	fn(Context{db, pCtx}, args[:nArg]...)
+	fn(Context{db, pCtx}, *args...)
 }
 
 func stepCallback(ctx context.Context, mod api.Module, pCtx, pAgg, pApp ptr_t, nArg int32, pArg ptr_t) {
-	args := getFuncArgs()
-	defer putFuncArgs(args)
 	db := ctx.Value(connKey{}).(*Conn)
-	callbackArgs(db, args[:nArg], pArg)
+	args := callbackArgs(db, nArg, pArg)
+	defer returnArgs(args)
 	fn, _ := callbackAggregate(db, pAgg, pApp)
-	fn.Step(Context{db, pCtx}, args[:nArg]...)
+	fn.Step(Context{db, pCtx}, *args...)
 }
 
 func valueCallback(ctx context.Context, mod api.Module, pCtx, pAgg, pApp ptr_t, final int32) {
@@ -196,12 +233,11 @@ func valueCallback(ctx context.Context, mod api.Module, pCtx, pAgg, pApp ptr_t,
 }
 
 func inverseCallback(ctx context.Context, mod api.Module, pCtx, pAgg ptr_t, nArg int32, pArg ptr_t) {
-	args := getFuncArgs()
-	defer putFuncArgs(args)
 	db := ctx.Value(connKey{}).(*Conn)
-	callbackArgs(db, args[:nArg], pArg)
+	args := callbackArgs(db, nArg, pArg)
+	defer returnArgs(args)
 	fn := util.GetHandle(db.ctx, pAgg).(WindowFunction)
-	fn.Inverse(Context{db, pCtx}, args[:nArg]...)
+	fn.Inverse(Context{db, pCtx}, *args...)
 }
 
 func callbackAggregate(db *Conn, pAgg, pApp ptr_t) (AggregateFunction, ptr_t) {
@@ -211,7 +247,7 @@ func callbackAggregate(db *Conn, pAgg, pApp ptr_t) (AggregateFunction, ptr_t) {
 	}
 
 	// We need to create the aggregate.
-	fn := util.GetHandle(db.ctx, pApp).(func() AggregateFunction)()
+	fn := util.GetHandle(db.ctx, pApp).(AggregateConstructor)()
 	if pAgg != 0 {
 		handle := util.AddHandle(db.ctx, fn)
 		util.Write32(db.mod, pAgg, handle)
@@ -220,25 +256,64 @@ func callbackAggregate(db *Conn, pAgg, pApp ptr_t) (AggregateFunction, ptr_t) {
 	return fn, 0
 }
 
-func callbackArgs(db *Conn, arg []Value, pArg ptr_t) {
-	for i := range arg {
-		arg[i] = Value{
+var (
+	valueArgsPool sync.Pool
+	valueArgsLen  atomic.Int32
+)
+
+func callbackArgs(db *Conn, nArg int32, pArg ptr_t) *[]Value {
+	arg, ok := valueArgsPool.Get().(*[]Value)
+	if !ok || cap(*arg) < int(nArg) {
+		max := valueArgsLen.Or(nArg) | nArg
+		lst := make([]Value, max)
+		arg = &lst
+	}
+	lst := (*arg)[:nArg]
+	for i := range lst {
+		lst[i] = Value{
 			c:      db,
 			handle: util.Read32[ptr_t](db.mod, pArg+ptr_t(i)*ptrlen),
 		}
 	}
+	*arg = lst
+	return arg
 }
 
-var funcArgsPool sync.Pool
-
-func putFuncArgs(p *[_MAX_FUNCTION_ARG]Value) {
-	funcArgsPool.Put(p)
+func returnArgs(p *[]Value) {
+	valueArgsPool.Put(p)
 }
 
-func getFuncArgs() *[_MAX_FUNCTION_ARG]Value {
-	if p := funcArgsPool.Get(); p == nil {
-		return new([_MAX_FUNCTION_ARG]Value)
-	} else {
-		return p.(*[_MAX_FUNCTION_ARG]Value)
+type aggregateFunc struct {
+	next func() (struct{}, bool)
+	stop func()
+	ctx  Context
+	arg  []Value
+}
+
+func (a *aggregateFunc) Step(ctx Context, arg ...Value) {
+	a.ctx = ctx
+	a.arg = append(a.arg[:0], arg...)
+	if _, more := a.next(); !more {
+		a.stop()
 	}
 }
+
+func (a *aggregateFunc) Value(ctx Context) {
+	a.ctx = ctx
+	a.stop()
+}
+
+func (a *aggregateFunc) Close() error {
+	a.stop()
+	return nil
+}
+
+type windowFunc struct {
+	AggregateFunction
+	name string
+}
+
+func (w windowFunc) Inverse(ctx Context, arg ...Value) {
+	// Implementing inverse allows certain queries that don't really need it to succeed.
+	ctx.ResultError(util.ErrorString(w.name + ": may not be used as a window function"))
+}
diff --git a/vendor/github.com/ncruces/go-sqlite3/internal/util/error.go b/vendor/github.com/ncruces/go-sqlite3/internal/util/error.go
index 2aecac96e..76769ed2e 100644
--- a/vendor/github.com/ncruces/go-sqlite3/internal/util/error.go
+++ b/vendor/github.com/ncruces/go-sqlite3/internal/util/error.go
@@ -75,7 +75,7 @@ func ErrorCodeString(rc uint32) string {
 		return "sqlite3: unable to open database file"
 	case PROTOCOL:
 		return "sqlite3: locking protocol"
-	case FORMAT:
+	case EMPTY:
 		break
 	case SCHEMA:
 		return "sqlite3: database schema has changed"
@@ -91,7 +91,7 @@ func ErrorCodeString(rc uint32) string {
 		break
 	case AUTH:
 		return "sqlite3: authorization denied"
-	case EMPTY:
+	case FORMAT:
 		break
 	case RANGE:
 		return "sqlite3: column index out of range"
diff --git a/vendor/github.com/ncruces/go-sqlite3/internal/util/mem.go b/vendor/github.com/ncruces/go-sqlite3/internal/util/mem.go
index d2fea08b4..90c0e9e54 100644
--- a/vendor/github.com/ncruces/go-sqlite3/internal/util/mem.go
+++ b/vendor/github.com/ncruces/go-sqlite3/internal/util/mem.go
@@ -135,11 +135,10 @@ func ReadString(mod api.Module, ptr Ptr_t, maxlen int64) string {
 			panic(RangeErr)
 		}
 	}
-	if i := bytes.IndexByte(buf, 0); i < 0 {
-		panic(NoNulErr)
-	} else {
+	if i := bytes.IndexByte(buf, 0); i >= 0 {
 		return string(buf[:i])
 	}
+	panic(NoNulErr)
 }
 
 func WriteBytes(mod api.Module, ptr Ptr_t, b []byte) {
diff --git a/vendor/github.com/ncruces/go-sqlite3/sqlite.go b/vendor/github.com/ncruces/go-sqlite3/sqlite.go
index 9e2d1d381..c05a86fde 100644
--- a/vendor/github.com/ncruces/go-sqlite3/sqlite.go
+++ b/vendor/github.com/ncruces/go-sqlite3/sqlite.go
@@ -120,33 +120,33 @@ func (sqlt *sqlite) error(rc res_t, handle ptr_t, sql ...string) error {
 		return nil
 	}
 
-	err := Error{code: rc}
-
-	if err.Code() == NOMEM || err.ExtendedCode() == IOERR_NOMEM {
+	if ErrorCode(rc) == NOMEM || xErrorCode(rc) == IOERR_NOMEM {
 		panic(util.OOMErr)
 	}
 
-	if ptr := ptr_t(sqlt.call("sqlite3_errstr", stk_t(rc))); ptr != 0 {
-		err.str = util.ReadString(sqlt.mod, ptr, _MAX_NAME)
-	}
-
 	if handle != 0 {
+		var msg, query string
 		if ptr := ptr_t(sqlt.call("sqlite3_errmsg", stk_t(handle))); ptr != 0 {
-			err.msg = util.ReadString(sqlt.mod, ptr, _MAX_LENGTH)
+			msg = util.ReadString(sqlt.mod, ptr, _MAX_LENGTH)
+			switch {
+			case msg == "not an error":
+				msg = ""
+			case msg == util.ErrorCodeString(uint32(rc))[len("sqlite3: "):]:
+				msg = ""
+			}
 		}
 
 		if len(sql) != 0 {
 			if i := int32(sqlt.call("sqlite3_error_offset", stk_t(handle))); i != -1 {
-				err.sql = sql[0][i:]
+				query = sql[0][i:]
 			}
 		}
-	}
 
-	switch err.msg {
-	case err.str, "not an error":
-		err.msg = ""
+		if msg != "" || query != "" {
+			return &Error{code: rc, msg: msg, sql: query}
+		}
 	}
-	return &err
+	return xErrorCode(rc)
 }
 
 func (sqlt *sqlite) getfn(name string) api.Function {
@@ -212,14 +212,10 @@ func (sqlt *sqlite) realloc(ptr ptr_t, size int64) ptr_t {
 }
 
 func (sqlt *sqlite) newBytes(b []byte) ptr_t {
-	if (*[0]byte)(b) == nil {
+	if len(b) == 0 {
 		return 0
 	}
-	size := len(b)
-	if size == 0 {
-		size = 1
-	}
-	ptr := sqlt.new(int64(size))
+	ptr := sqlt.new(int64(len(b)))
 	util.WriteBytes(sqlt.mod, ptr, b)
 	return ptr
 }
@@ -288,7 +284,7 @@ func (a *arena) new(size int64) ptr_t {
 }
 
 func (a *arena) bytes(b []byte) ptr_t {
-	if (*[0]byte)(b) == nil {
+	if len(b) == 0 {
 		return 0
 	}
 	ptr := a.new(int64(len(b)))
diff --git a/vendor/github.com/ncruces/go-sqlite3/stmt.go b/vendor/github.com/ncruces/go-sqlite3/stmt.go
index 4e17d1039..1ea726ea1 100644
--- a/vendor/github.com/ncruces/go-sqlite3/stmt.go
+++ b/vendor/github.com/ncruces/go-sqlite3/stmt.go
@@ -106,7 +106,14 @@ func (s *Stmt) Busy() bool {
 //
 // https://sqlite.org/c3ref/step.html
 func (s *Stmt) Step() bool {
-	s.c.checkInterrupt(s.c.handle)
+	if s.c.interrupt.Err() != nil {
+		s.err = INTERRUPT
+		return false
+	}
+	return s.step()
+}
+
+func (s *Stmt) step() bool {
 	rc := res_t(s.c.call("sqlite3_step", stk_t(s.handle)))
 	switch rc {
 	case _ROW:
@@ -131,7 +138,11 @@ func (s *Stmt) Err() error {
 // Exec is a convenience function that repeatedly calls [Stmt.Step] until it returns false,
 // then calls [Stmt.Reset] to reset the statement and get any error that occurred.
 func (s *Stmt) Exec() error {
-	for s.Step() {
+	if s.c.interrupt.Err() != nil {
+		return INTERRUPT
+	}
+	// TODO: implement this in C.
+	for s.step() {
 	}
 	return s.Reset()
 }
@@ -254,13 +265,15 @@ func (s *Stmt) BindText(param int, value string) error {
 
 // BindRawText binds a []byte to the prepared statement as text.
 // The leftmost SQL parameter has an index of 1.
-// Binding a nil slice is the same as calling [Stmt.BindNull].
 //
 // https://sqlite.org/c3ref/bind_blob.html
 func (s *Stmt) BindRawText(param int, value []byte) error {
 	if len(value) > _MAX_LENGTH {
 		return TOOBIG
 	}
+	if len(value) == 0 {
+		return s.BindText(param, "")
+	}
 	ptr := s.c.newBytes(value)
 	rc := res_t(s.c.call("sqlite3_bind_text_go",
 		stk_t(s.handle), stk_t(param),
@@ -270,13 +283,15 @@ func (s *Stmt) BindRawText(param int, value []byte) error {
 
 // BindBlob binds a []byte to the prepared statement.
 // The leftmost SQL parameter has an index of 1.
-// Binding a nil slice is the same as calling [Stmt.BindNull].
 //
 // https://sqlite.org/c3ref/bind_blob.html
 func (s *Stmt) BindBlob(param int, value []byte) error {
 	if len(value) > _MAX_LENGTH {
 		return TOOBIG
 	}
+	if len(value) == 0 {
+		return s.BindZeroBlob(param, 0)
+	}
 	ptr := s.c.newBytes(value)
 	rc := res_t(s.c.call("sqlite3_bind_blob_go",
 		stk_t(s.handle), stk_t(param),
@@ -560,7 +575,7 @@ func (s *Stmt) ColumnBlob(col int, buf []byte) []byte {
 func (s *Stmt) ColumnRawText(col int) []byte {
 	ptr := ptr_t(s.c.call("sqlite3_column_text",
 		stk_t(s.handle), stk_t(col)))
-	return s.columnRawBytes(col, ptr)
+	return s.columnRawBytes(col, ptr, 1)
 }
 
 // ColumnRawBlob returns the value of the result column as a []byte.
@@ -572,10 +587,10 @@ func (s *Stmt) ColumnRawText(col int) []byte {
 func (s *Stmt) ColumnRawBlob(col int) []byte {
 	ptr := ptr_t(s.c.call("sqlite3_column_blob",
 		stk_t(s.handle), stk_t(col)))
-	return s.columnRawBytes(col, ptr)
+	return s.columnRawBytes(col, ptr, 0)
 }
 
-func (s *Stmt) columnRawBytes(col int, ptr ptr_t) []byte {
+func (s *Stmt) columnRawBytes(col int, ptr ptr_t, nul int32) []byte {
 	if ptr == 0 {
 		rc := res_t(s.c.call("sqlite3_errcode", stk_t(s.c.handle)))
 		if rc != _ROW && rc != _DONE {
@@ -586,7 +601,7 @@ func (s *Stmt) columnRawBytes(col int, ptr ptr_t) []byte {
 
 	n := int32(s.c.call("sqlite3_column_bytes",
 		stk_t(s.handle), stk_t(col)))
-	return util.View(s.c.mod, ptr, int64(n))
+	return util.View(s.c.mod, ptr, int64(n+nul))[:n]
 }
 
 // ColumnJSON parses the JSON-encoded value of the result column
@@ -633,22 +648,12 @@ func (s *Stmt) ColumnValue(col int) Value {
 // [INTEGER] columns will be retrieved as int64 values,
 // [FLOAT] as float64, [NULL] as nil,
 // [TEXT] as string, and [BLOB] as []byte.
-// Any []byte are owned by SQLite and may be invalidated by
-// subsequent calls to [Stmt] methods.
 func (s *Stmt) Columns(dest ...any) error {
-	defer s.c.arena.mark()()
-	count := int64(len(dest))
-	typePtr := s.c.arena.new(count)
-	dataPtr := s.c.arena.new(count * 8)
-
-	rc := res_t(s.c.call("sqlite3_columns_go",
-		stk_t(s.handle), stk_t(count), stk_t(typePtr), stk_t(dataPtr)))
-	if err := s.c.error(rc); err != nil {
+	types, ptr, err := s.columns(int64(len(dest)))
+	if err != nil {
 		return err
 	}
 
-	types := util.View(s.c.mod, typePtr, count)
-
 	// Avoid bounds checks on types below.
 	if len(types) != len(dest) {
 		panic(util.AssertErr())
@@ -657,26 +662,95 @@ func (s *Stmt) Columns(dest ...any) error {
 	for i := range dest {
 		switch types[i] {
 		case byte(INTEGER):
-			dest[i] = util.Read64[int64](s.c.mod, dataPtr)
+			dest[i] = util.Read64[int64](s.c.mod, ptr)
 		case byte(FLOAT):
-			dest[i] = util.ReadFloat64(s.c.mod, dataPtr)
+			dest[i] = util.ReadFloat64(s.c.mod, ptr)
 		case byte(NULL):
 			dest[i] = nil
-		default:
-			ptr := util.Read32[ptr_t](s.c.mod, dataPtr+0)
-			if ptr == 0 {
-				dest[i] = []byte{}
-				continue
-			}
-			len := util.Read32[int32](s.c.mod, dataPtr+4)
-			buf := util.View(s.c.mod, ptr, int64(len))
-			if types[i] == byte(TEXT) {
+		case byte(TEXT):
+			len := util.Read32[int32](s.c.mod, ptr+4)
+			if len != 0 {
+				ptr := util.Read32[ptr_t](s.c.mod, ptr)
+				buf := util.View(s.c.mod, ptr, int64(len))
 				dest[i] = string(buf)
 			} else {
-				dest[i] = buf
+				dest[i] = ""
+			}
+		case byte(BLOB):
+			len := util.Read32[int32](s.c.mod, ptr+4)
+			if len != 0 {
+				ptr := util.Read32[ptr_t](s.c.mod, ptr)
+				buf := util.View(s.c.mod, ptr, int64(len))
+				tmp, _ := dest[i].([]byte)
+				dest[i] = append(tmp[:0], buf...)
+			} else {
+				dest[i], _ = dest[i].([]byte)
 			}
 		}
-		dataPtr += 8
+		ptr += 8
 	}
 	return nil
 }
+
+// ColumnsRaw populates result columns into the provided slice.
+// The slice must have [Stmt.ColumnCount] length.
+//
+// [INTEGER] columns will be retrieved as int64 values,
+// [FLOAT] as float64, [NULL] as nil,
+// [TEXT] and [BLOB] as []byte.
+// Any []byte are owned by SQLite and may be invalidated by
+// subsequent calls to [Stmt] methods.
+func (s *Stmt) ColumnsRaw(dest ...any) error {
+	types, ptr, err := s.columns(int64(len(dest)))
+	if err != nil {
+		return err
+	}
+
+	// Avoid bounds checks on types below.
+	if len(types) != len(dest) {
+		panic(util.AssertErr())
+	}
+
+	for i := range dest {
+		switch types[i] {
+		case byte(INTEGER):
+			dest[i] = util.Read64[int64](s.c.mod, ptr)
+		case byte(FLOAT):
+			dest[i] = util.ReadFloat64(s.c.mod, ptr)
+		case byte(NULL):
+			dest[i] = nil
+		default:
+			len := util.Read32[int32](s.c.mod, ptr+4)
+			if len == 0 && types[i] == byte(BLOB) {
+				dest[i] = []byte{}
+			} else {
+				cap := len
+				if types[i] == byte(TEXT) {
+					cap++
+				}
+				ptr := util.Read32[ptr_t](s.c.mod, ptr)
+				buf := util.View(s.c.mod, ptr, int64(cap))[:len]
+				dest[i] = buf
+			}
+		}
+		ptr += 8
+	}
+	return nil
+}
+
+func (s *Stmt) columns(count int64) ([]byte, ptr_t, error) {
+	defer s.c.arena.mark()()
+	typePtr := s.c.arena.new(count)
+	dataPtr := s.c.arena.new(count * 8)
+
+	rc := res_t(s.c.call("sqlite3_columns_go",
+		stk_t(s.handle), stk_t(count), stk_t(typePtr), stk_t(dataPtr)))
+	if rc == res_t(MISUSE) {
+		return nil, 0, MISUSE
+	}
+	if err := s.c.error(rc); err != nil {
+		return nil, 0, err
+	}
+
+	return util.View(s.c.mod, typePtr, count), dataPtr, nil
+}
diff --git a/vendor/github.com/ncruces/go-sqlite3/txn.go b/vendor/github.com/ncruces/go-sqlite3/txn.go
index b24789f87..931b89958 100644
--- a/vendor/github.com/ncruces/go-sqlite3/txn.go
+++ b/vendor/github.com/ncruces/go-sqlite3/txn.go
@@ -2,7 +2,6 @@ package sqlite3
 
 import (
 	"context"
-	"errors"
 	"math/rand"
 	"runtime"
 	"strconv"
@@ -21,11 +20,13 @@ type Txn struct {
 }
 
 // Begin starts a deferred transaction.
+// It panics if a transaction is in-progress.
+// For nested transactions, use [Conn.Savepoint].
 //
 // https://sqlite.org/lang_transaction.html
 func (c *Conn) Begin() Txn {
 	// BEGIN even if interrupted.
-	err := c.txnExecInterrupted(`BEGIN DEFERRED`)
+	err := c.exec(`BEGIN DEFERRED`)
 	if err != nil {
 		panic(err)
 	}
@@ -120,7 +121,8 @@ func (tx Txn) Commit() error {
 //
 // https://sqlite.org/lang_transaction.html
 func (tx Txn) Rollback() error {
-	return tx.c.txnExecInterrupted(`ROLLBACK`)
+	// ROLLBACK even if interrupted.
+	return tx.c.exec(`ROLLBACK`)
 }
 
 // Savepoint is a marker within a transaction
@@ -143,7 +145,7 @@ func (c *Conn) Savepoint() Savepoint {
 	// Names can be reused, but this makes catching bugs more likely.
 	name = QuoteIdentifier(name + "_" + strconv.Itoa(int(rand.Int31())))
 
-	err := c.txnExecInterrupted(`SAVEPOINT ` + name)
+	err := c.exec(`SAVEPOINT ` + name)
 	if err != nil {
 		panic(err)
 	}
@@ -199,7 +201,7 @@ func (s Savepoint) Release(errp *error) {
 		return
 	}
 	// ROLLBACK and RELEASE even if interrupted.
-	err := s.c.txnExecInterrupted(`ROLLBACK TO ` + s.name + `; RELEASE ` + s.name)
+	err := s.c.exec(`ROLLBACK TO ` + s.name + `; RELEASE ` + s.name)
 	if err != nil {
 		panic(err)
 	}
@@ -212,17 +214,7 @@ func (s Savepoint) Release(errp *error) {
 // https://sqlite.org/lang_transaction.html
 func (s Savepoint) Rollback() error {
 	// ROLLBACK even if interrupted.
-	return s.c.txnExecInterrupted(`ROLLBACK TO ` + s.name)
-}
-
-func (c *Conn) txnExecInterrupted(sql string) error {
-	err := c.Exec(sql)
-	if errors.Is(err, INTERRUPT) {
-		old := c.SetInterrupt(context.Background())
-		defer c.SetInterrupt(old)
-		err = c.Exec(sql)
-	}
-	return err
+	return s.c.exec(`ROLLBACK TO ` + s.name)
 }
 
 // TxnState determines the transaction state of a database.
diff --git a/vendor/github.com/ncruces/go-sqlite3/util/osutil/open.go b/vendor/github.com/ncruces/go-sqlite3/util/osutil/open.go
deleted file mode 100644
index 0242ad032..000000000
--- a/vendor/github.com/ncruces/go-sqlite3/util/osutil/open.go
+++ /dev/null
@@ -1,16 +0,0 @@
-//go:build !windows
-
-package osutil
-
-import (
-	"io/fs"
-	"os"
-)
-
-// OpenFile behaves the same as [os.OpenFile],
-// except on Windows it sets [syscall.FILE_SHARE_DELETE].
-//
-// See: https://go.dev/issue/32088#issuecomment-502850674
-func OpenFile(name string, flag int, perm fs.FileMode) (*os.File, error) {
-	return os.OpenFile(name, flag, perm)
-}
diff --git a/vendor/github.com/ncruces/go-sqlite3/util/osutil/open_windows.go b/vendor/github.com/ncruces/go-sqlite3/util/osutil/open_windows.go
deleted file mode 100644
index febaf846e..000000000
--- a/vendor/github.com/ncruces/go-sqlite3/util/osutil/open_windows.go
+++ /dev/null
@@ -1,115 +0,0 @@
-package osutil
-
-import (
-	"io/fs"
-	"os"
-	. "syscall"
-	"unsafe"
-)
-
-// OpenFile behaves the same as [os.OpenFile],
-// except on Windows it sets [syscall.FILE_SHARE_DELETE].
-//
-// See: https://go.dev/issue/32088#issuecomment-502850674
-func OpenFile(name string, flag int, perm fs.FileMode) (*os.File, error) {
-	if name == "" {
-		return nil, &os.PathError{Op: "open", Path: name, Err: ENOENT}
-	}
-	r, e := syscallOpen(name, flag|O_CLOEXEC, uint32(perm.Perm()))
-	if e != nil {
-		return nil, &os.PathError{Op: "open", Path: name, Err: e}
-	}
-	return os.NewFile(uintptr(r), name), nil
-}
-
-// syscallOpen is a copy of [syscall.Open]
-// that uses [syscall.FILE_SHARE_DELETE].
-//
-// https://go.dev/src/syscall/syscall_windows.go
-func syscallOpen(path string, mode int, perm uint32) (fd Handle, err error) {
-	if len(path) == 0 {
-		return InvalidHandle, ERROR_FILE_NOT_FOUND
-	}
-	pathp, err := UTF16PtrFromString(path)
-	if err != nil {
-		return InvalidHandle, err
-	}
-	var access uint32
-	switch mode & (O_RDONLY | O_WRONLY | O_RDWR) {
-	case O_RDONLY:
-		access = GENERIC_READ
-	case O_WRONLY:
-		access = GENERIC_WRITE
-	case O_RDWR:
-		access = GENERIC_READ | GENERIC_WRITE
-	}
-	if mode&O_CREAT != 0 {
-		access |= GENERIC_WRITE
-	}
-	if mode&O_APPEND != 0 {
-		access &^= GENERIC_WRITE
-		access |= FILE_APPEND_DATA
-	}
-	sharemode := uint32(FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE)
-	var sa *SecurityAttributes
-	if mode&O_CLOEXEC == 0 {
-		sa = makeInheritSa()
-	}
-	var createmode uint32
-	switch {
-	case mode&(O_CREAT|O_EXCL) == (O_CREAT | O_EXCL):
-		createmode = CREATE_NEW
-	case mode&(O_CREAT|O_TRUNC) == (O_CREAT | O_TRUNC):
-		createmode = CREATE_ALWAYS
-	case mode&O_CREAT == O_CREAT:
-		createmode = OPEN_ALWAYS
-	case mode&O_TRUNC == O_TRUNC:
-		createmode = TRUNCATE_EXISTING
-	default:
-		createmode = OPEN_EXISTING
-	}
-	var attrs uint32 = FILE_ATTRIBUTE_NORMAL
-	if perm&S_IWRITE == 0 {
-		attrs = FILE_ATTRIBUTE_READONLY
-		if createmode == CREATE_ALWAYS {
-			const _ERROR_BAD_NETPATH = Errno(53)
-			// We have been asked to create a read-only file.
-			// If the file already exists, the semantics of
-			// the Unix open system call is to preserve the
-			// existing permissions. If we pass CREATE_ALWAYS
-			// and FILE_ATTRIBUTE_READONLY to CreateFile,
-			// and the file already exists, CreateFile will
-			// change the file permissions.
-			// Avoid that to preserve the Unix semantics.
-			h, e := CreateFile(pathp, access, sharemode, sa, TRUNCATE_EXISTING, FILE_ATTRIBUTE_NORMAL, 0)
-			switch e {
-			case ERROR_FILE_NOT_FOUND, _ERROR_BAD_NETPATH, ERROR_PATH_NOT_FOUND:
-				// File does not exist. These are the same
-				// errors as Errno.Is checks for ErrNotExist.
-				// Carry on to create the file.
-			default:
-				// Success or some different error.
-				return h, e
-			}
-		}
-	}
-	if createmode == OPEN_EXISTING && access == GENERIC_READ {
-		// Necessary for opening directory handles.
-		attrs |= FILE_FLAG_BACKUP_SEMANTICS
-	}
-	if mode&O_SYNC != 0 {
-		const _FILE_FLAG_WRITE_THROUGH = 0x80000000
-		attrs |= _FILE_FLAG_WRITE_THROUGH
-	}
-	if mode&O_NONBLOCK != 0 {
-		attrs |= FILE_FLAG_OVERLAPPED
-	}
-	return CreateFile(pathp, access, sharemode, sa, createmode, attrs, 0)
-}
-
-func makeInheritSa() *SecurityAttributes {
-	var sa SecurityAttributes
-	sa.Length = uint32(unsafe.Sizeof(sa))
-	sa.InheritHandle = 1
-	return &sa
-}
diff --git a/vendor/github.com/ncruces/go-sqlite3/util/osutil/osfs.go b/vendor/github.com/ncruces/go-sqlite3/util/osutil/osfs.go
deleted file mode 100644
index 2e1195934..000000000
--- a/vendor/github.com/ncruces/go-sqlite3/util/osutil/osfs.go
+++ /dev/null
@@ -1,33 +0,0 @@
-package osutil
-
-import (
-	"io/fs"
-	"os"
-)
-
-// FS implements [fs.FS], [fs.StatFS], and [fs.ReadFileFS]
-// using package [os].
-//
-// This filesystem does not respect [fs.ValidPath] rules,
-// and fails [testing/fstest.TestFS]!
-//
-// Still, it can be a useful tool to unify implementations
-// that can access either the [os] filesystem or an [fs.FS].
-// It's OK to use this to open files, but you should avoid
-// opening directories, resolving paths, or walking the file system.
-type FS struct{}
-
-// Open implements [fs.FS].
-func (FS) Open(name string) (fs.File, error) {
-	return OpenFile(name, os.O_RDONLY, 0)
-}
-
-// ReadFileFS implements [fs.StatFS].
-func (FS) Stat(name string) (fs.FileInfo, error) {
-	return os.Stat(name)
-}
-
-// ReadFile implements [fs.ReadFileFS].
-func (FS) ReadFile(name string) ([]byte, error) {
-	return os.ReadFile(name)
-}
diff --git a/vendor/github.com/ncruces/go-sqlite3/util/osutil/osutil.go b/vendor/github.com/ncruces/go-sqlite3/util/osutil/osutil.go
deleted file mode 100644
index 83444e906..000000000
--- a/vendor/github.com/ncruces/go-sqlite3/util/osutil/osutil.go
+++ /dev/null
@@ -1,2 +0,0 @@
-// Package osutil implements operating system utilities.
-package osutil
diff --git a/vendor/github.com/ncruces/go-sqlite3/util/sql3util/sql3util.go b/vendor/github.com/ncruces/go-sqlite3/util/sql3util/sql3util.go
index 6be61927d..f2e33c0b2 100644
--- a/vendor/github.com/ncruces/go-sqlite3/util/sql3util/sql3util.go
+++ b/vendor/github.com/ncruces/go-sqlite3/util/sql3util/sql3util.go
@@ -5,5 +5,5 @@ package sql3util
 //
 // https://sqlite.org/fileformat.html#pages
 func ValidPageSize(s int) bool {
-	return 512 <= s && s <= 65536 && s&(s-1) == 0
+	return s&(s-1) == 0 && 512 <= s && s <= 65536
 }
diff --git a/vendor/github.com/ncruces/go-sqlite3/value.go b/vendor/github.com/ncruces/go-sqlite3/value.go
index a2399fba0..6753027b5 100644
--- a/vendor/github.com/ncruces/go-sqlite3/value.go
+++ b/vendor/github.com/ncruces/go-sqlite3/value.go
@@ -139,7 +139,7 @@ func (v Value) Blob(buf []byte) []byte {
 // https://sqlite.org/c3ref/value_blob.html
 func (v Value) RawText() []byte {
 	ptr := ptr_t(v.c.call("sqlite3_value_text", v.protected()))
-	return v.rawBytes(ptr)
+	return v.rawBytes(ptr, 1)
 }
 
 // RawBlob returns the value as a []byte.
@@ -149,16 +149,16 @@ func (v Value) RawText() []byte {
 // https://sqlite.org/c3ref/value_blob.html
 func (v Value) RawBlob() []byte {
 	ptr := ptr_t(v.c.call("sqlite3_value_blob", v.protected()))
-	return v.rawBytes(ptr)
+	return v.rawBytes(ptr, 0)
 }
 
-func (v Value) rawBytes(ptr ptr_t) []byte {
+func (v Value) rawBytes(ptr ptr_t, nul int32) []byte {
 	if ptr == 0 {
 		return nil
 	}
 
 	n := int32(v.c.call("sqlite3_value_bytes", v.protected()))
-	return util.View(v.c.mod, ptr, int64(n))
+	return util.View(v.c.mod, ptr, int64(n+nul))[:n]
 }
 
 // Pointer gets the pointer associated with this value,
diff --git a/vendor/github.com/ncruces/go-sqlite3/vfs/README.md b/vendor/github.com/ncruces/go-sqlite3/vfs/README.md
index 4e987ce3f..17c24ec65 100644
--- a/vendor/github.com/ncruces/go-sqlite3/vfs/README.md
+++ b/vendor/github.com/ncruces/go-sqlite3/vfs/README.md
@@ -6,22 +6,30 @@ It replaces the default SQLite VFS with a **pure Go** implementation,
 and exposes [interfaces](https://pkg.go.dev/github.com/ncruces/go-sqlite3/vfs#VFS)
 that should allow you to implement your own [custom VFSes](#custom-vfses).
 
-Since it is a from scratch reimplementation,
-there are naturally some ways it deviates from the original.
+See the [support matrix](https://github.com/ncruces/go-sqlite3/wiki/Support-matrix)
+for the list of supported OS and CPU architectures.
 
-The main differences are [file locking](#file-locking) and [WAL mode](#write-ahead-logging) support.
+Since this is a from scratch reimplementation,
+there are naturally some ways it deviates from the original.
+It's also not as battle tested as the original.
+
+The main differences to be aware of are
+[file locking](#file-locking) and
+[WAL mode](#write-ahead-logging) support.
 
 ### File Locking
 
-POSIX advisory locks, which SQLite uses on Unix, are
-[broken by design](https://github.com/sqlite/sqlite/blob/b74eb0/src/os_unix.c#L1073-L1161).
+POSIX advisory locks,
+which SQLite uses on [Unix](https://github.com/sqlite/sqlite/blob/5d60f4/src/os_unix.c#L13-L14),
+are [broken by design](https://github.com/sqlite/sqlite/blob/5d60f4/src/os_unix.c#L1074-L1162).
 Instead, on Linux and macOS, this package uses
 [OFD locks](https://www.gnu.org/software/libc/manual/html_node/Open-File-Description-Locks.html)
 to synchronize access to database files.
 
 This package can also use
 [BSD locks](https://man.freebsd.org/cgi/man.cgi?query=flock&sektion=2),
-albeit with reduced concurrency (`BEGIN IMMEDIATE` behaves like `BEGIN EXCLUSIVE`).
+albeit with reduced concurrency (`BEGIN IMMEDIATE` behaves like `BEGIN EXCLUSIVE`,
+[docs](https://sqlite.org/lang_transaction.html#immediate)).
 BSD locks are the default on BSD and illumos,
 but you can opt into them with the `sqlite3_flock` build tag.
 
@@ -44,11 +52,11 @@ to check if your build supports file locking.
 
 ### Write-Ahead Logging
 
-On Unix, this package may use `mmap` to implement
+On Unix, this package uses `mmap` to implement
 [shared-memory for the WAL-index](https://sqlite.org/wal.html#implementation_of_shared_memory_for_the_wal_index),
 like SQLite.
 
-On Windows, this package may use `MapViewOfFile`, like SQLite.
+On Windows, this package uses `MapViewOfFile`, like SQLite.
 
 You can also opt into a cross-platform, in-process, memory sharing implementation
 with the `sqlite3_dotlk` build tag.
@@ -63,6 +71,11 @@ you must disable connection pooling by calling
 You can use [`vfs.SupportsSharedMemory`](https://pkg.go.dev/github.com/ncruces/go-sqlite3/vfs#SupportsSharedMemory)
 to check if your build supports shared memory.
 
+### Blocking Locks
+
+On Windows and macOS, this package implements
+[Wal-mode blocking locks](https://sqlite.org/src/doc/tip/doc/wal-lock.md).
+
 ### Batch-Atomic Write
 
 On Linux, this package may support
@@ -94,8 +107,10 @@ The VFS can be customized with a few build tags:
 > [`unix-flock` VFS](https://sqlite.org/compile.html#enable_locking_style);
 > `sqlite3_dotlk` builds are compatible with the
 > [`unix-dotfile` VFS](https://sqlite.org/compile.html#enable_locking_style).
-> If incompatible file locking is used, accessing databases concurrently with
-> _other_ SQLite libraries will eventually corrupt data.
+
+> [!CAUTION]
+> Concurrently accessing databases using incompatible VFSes
+> will eventually corrupt data.
 
 ### Custom VFSes
 
diff --git a/vendor/github.com/ncruces/go-sqlite3/vfs/cksm.go b/vendor/github.com/ncruces/go-sqlite3/vfs/cksm.go
index 041defec3..0ff7b6f18 100644
--- a/vendor/github.com/ncruces/go-sqlite3/vfs/cksm.go
+++ b/vendor/github.com/ncruces/go-sqlite3/vfs/cksm.go
@@ -49,9 +49,7 @@ func (c cksmFile) ReadAt(p []byte, off int64) (n int, err error) {
 	n, err = c.File.ReadAt(p, off)
 	p = p[:n]
 
-	// SQLite is reading the header of a database file.
-	if c.isDB && off == 0 && len(p) >= 100 &&
-		bytes.HasPrefix(p, []byte("SQLite format 3\000")) {
+	if isHeader(c.isDB, p, off) {
 		c.init((*[100]byte)(p))
 	}
 
@@ -67,9 +65,7 @@ func (c cksmFile) ReadAt(p []byte, off int64) (n int, err error) {
 }
 
 func (c cksmFile) WriteAt(p []byte, off int64) (n int, err error) {
-	// SQLite is writing the first page of a database file.
-	if c.isDB && off == 0 && len(p) >= 100 &&
-		bytes.HasPrefix(p, []byte("SQLite format 3\000")) {
+	if isHeader(c.isDB, p, off) {
 		c.init((*[100]byte)(p))
 	}
 
@@ -116,9 +112,11 @@ func (c cksmFile) fileControl(ctx context.Context, mod api.Module, op _FcntlOpco
 		c.inCkpt = true
 	case _FCNTL_CKPT_DONE:
 		c.inCkpt = false
-	}
-	if rc := vfsFileControlImpl(ctx, mod, c, op, pArg); rc != _NOTFOUND {
-		return rc
+	case _FCNTL_PRAGMA:
+		rc := vfsFileControlImpl(ctx, mod, c, op, pArg)
+		if rc != _NOTFOUND {
+			return rc
+		}
 	}
 	return vfsFileControlImpl(ctx, mod, c.File, op, pArg)
 }
@@ -135,6 +133,14 @@ func (f *cksmFlags) init(header *[100]byte) {
 	}
 }
 
+func isHeader(isDB bool, p []byte, off int64) bool {
+	check := sql3util.ValidPageSize(len(p))
+	if isDB {
+		check = off == 0 && len(p) >= 100
+	}
+	return check && bytes.HasPrefix(p, []byte("SQLite format 3\000"))
+}
+
 func cksmCompute(a []byte) (cksm [8]byte) {
 	var s1, s2 uint32
 	for len(a) >= 8 {
diff --git a/vendor/github.com/ncruces/go-sqlite3/vfs/file.go b/vendor/github.com/ncruces/go-sqlite3/vfs/file.go
index 0a3c9d622..65409823c 100644
--- a/vendor/github.com/ncruces/go-sqlite3/vfs/file.go
+++ b/vendor/github.com/ncruces/go-sqlite3/vfs/file.go
@@ -6,9 +6,8 @@ import (
 	"io/fs"
 	"os"
 	"path/filepath"
+	"runtime"
 	"syscall"
-
-	"github.com/ncruces/go-sqlite3/util/osutil"
 )
 
 type vfsOS struct{}
@@ -40,7 +39,7 @@ func (vfsOS) Delete(path string, syncDir bool) error {
 	if err != nil {
 		return err
 	}
-	if canSyncDirs && syncDir {
+	if isUnix && syncDir {
 		f, err := os.Open(filepath.Dir(path))
 		if err != nil {
 			return _OK
@@ -96,7 +95,7 @@ func (vfsOS) OpenFilename(name *Filename, flags OpenFlag) (File, OpenFlag, error
 	if name == nil {
 		f, err = os.CreateTemp(os.Getenv("SQLITE_TMPDIR"), "*.db")
 	} else {
-		f, err = osutil.OpenFile(name.String(), oflags, 0666)
+		f, err = os.OpenFile(name.String(), oflags, 0666)
 	}
 	if err != nil {
 		if name == nil {
@@ -118,15 +117,17 @@ func (vfsOS) OpenFilename(name *Filename, flags OpenFlag) (File, OpenFlag, error
 			return nil, flags, _IOERR_FSTAT
 		}
 	}
-	if flags&OPEN_DELETEONCLOSE != 0 {
+	if isUnix && flags&OPEN_DELETEONCLOSE != 0 {
 		os.Remove(f.Name())
 	}
 
 	file := vfsFile{
 		File:     f,
 		psow:     true,
+		atomic:   osBatchAtomic(f),
 		readOnly: flags&OPEN_READONLY != 0,
-		syncDir:  canSyncDirs && isCreate && isJournl,
+		syncDir:  isUnix && isCreate && isJournl,
+		delete:   !isUnix && flags&OPEN_DELETEONCLOSE != 0,
 		shm:      NewSharedMemory(name.String()+"-shm", flags),
 	}
 	return &file, flags, nil
@@ -139,6 +140,8 @@ type vfsFile struct {
 	readOnly bool
 	keepWAL  bool
 	syncDir  bool
+	atomic   bool
+	delete   bool
 	psow     bool
 }
 
@@ -152,6 +155,9 @@ var (
 )
 
 func (f *vfsFile) Close() error {
+	if f.delete {
+		defer os.Remove(f.Name())
+	}
 	if f.shm != nil {
 		f.shm.Close()
 	}
@@ -175,7 +181,7 @@ func (f *vfsFile) Sync(flags SyncFlag) error {
 	if err != nil {
 		return err
 	}
-	if canSyncDirs && f.syncDir {
+	if isUnix && f.syncDir {
 		f.syncDir = false
 		d, err := os.Open(filepath.Dir(f.File.Name()))
 		if err != nil {
@@ -200,12 +206,15 @@ func (f *vfsFile) SectorSize() int {
 
 func (f *vfsFile) DeviceCharacteristics() DeviceCharacteristic {
 	ret := IOCAP_SUBPAGE_READ
-	if osBatchAtomic(f.File) {
+	if f.atomic {
 		ret |= IOCAP_BATCH_ATOMIC
 	}
 	if f.psow {
 		ret |= IOCAP_POWERSAFE_OVERWRITE
 	}
+	if runtime.GOOS == "windows" {
+		ret |= IOCAP_UNDELETABLE_WHEN_OPEN
+	}
 	return ret
 }
 
@@ -214,6 +223,9 @@ func (f *vfsFile) SizeHint(size int64) error {
 }
 
 func (f *vfsFile) HasMoved() (bool, error) {
+	if runtime.GOOS == "windows" {
+		return false, nil
+	}
 	fi, err := f.Stat()
 	if err != nil {
 		return false, err
diff --git a/vendor/github.com/ncruces/go-sqlite3/vfs/os_bsd.go b/vendor/github.com/ncruces/go-sqlite3/vfs/os_bsd.go
index 4f6fadef4..4542f8e7c 100644
--- a/vendor/github.com/ncruces/go-sqlite3/vfs/os_bsd.go
+++ b/vendor/github.com/ncruces/go-sqlite3/vfs/os_bsd.go
@@ -50,11 +50,15 @@ func osDowngradeLock(file *os.File, _ LockLevel) _ErrorCode {
 }
 
 func osReleaseLock(file *os.File, _ LockLevel) _ErrorCode {
-	err := unix.Flock(int(file.Fd()), unix.LOCK_UN)
-	if err != nil {
-		return _IOERR_UNLOCK
+	for {
+		err := unix.Flock(int(file.Fd()), unix.LOCK_UN)
+		if err == nil {
+			return _OK
+		}
+		if err != unix.EINTR {
+			return _IOERR_UNLOCK
+		}
 	}
-	return _OK
 }
 
 func osCheckReservedLock(file *os.File) (bool, _ErrorCode) {
@@ -89,13 +93,18 @@ func osLock(file *os.File, typ int16, start, len int64, def _ErrorCode) _ErrorCo
 }
 
 func osUnlock(file *os.File, start, len int64) _ErrorCode {
-	err := unix.FcntlFlock(file.Fd(), unix.F_SETLK, &unix.Flock_t{
+	lock := unix.Flock_t{
 		Type:  unix.F_UNLCK,
 		Start: start,
 		Len:   len,
-	})
-	if err != nil {
-		return _IOERR_UNLOCK
 	}
-	return _OK
+	for {
+		err := unix.FcntlFlock(file.Fd(), unix.F_SETLK, &lock)
+		if err == nil {
+			return _OK
+		}
+		if err != unix.EINTR {
+			return _IOERR_UNLOCK
+		}
+	}
 }
diff --git a/vendor/github.com/ncruces/go-sqlite3/vfs/os_darwin.go b/vendor/github.com/ncruces/go-sqlite3/vfs/os_darwin.go
index 07de7c3d8..ee08e9a7b 100644
--- a/vendor/github.com/ncruces/go-sqlite3/vfs/os_darwin.go
+++ b/vendor/github.com/ncruces/go-sqlite3/vfs/os_darwin.go
@@ -27,7 +27,12 @@ func osSync(file *os.File, fullsync, _ /*dataonly*/ bool) error {
 	if fullsync {
 		return file.Sync()
 	}
-	return unix.Fsync(int(file.Fd()))
+	for {
+		err := unix.Fsync(int(file.Fd()))
+		if err != unix.EINTR {
+			return err
+		}
+	}
 }
 
 func osAllocate(file *os.File, size int64) error {
@@ -85,13 +90,18 @@ func osLock(file *os.File, typ int16, start, len int64, timeout time.Duration, d
 }
 
 func osUnlock(file *os.File, start, len int64) _ErrorCode {
-	err := unix.FcntlFlock(file.Fd(), _F_OFD_SETLK, &unix.Flock_t{
+	lock := unix.Flock_t{
 		Type:  unix.F_UNLCK,
 		Start: start,
 		Len:   len,
-	})
-	if err != nil {
-		return _IOERR_UNLOCK
 	}
-	return _OK
+	for {
+		err := unix.FcntlFlock(file.Fd(), _F_OFD_SETLK, &lock)
+		if err == nil {
+			return _OK
+		}
+		if err != unix.EINTR {
+			return _IOERR_UNLOCK
+		}
+	}
 }
diff --git a/vendor/github.com/ncruces/go-sqlite3/vfs/os_linux.go b/vendor/github.com/ncruces/go-sqlite3/vfs/os_linux.go
index 6199c7b00..d112c5a99 100644
--- a/vendor/github.com/ncruces/go-sqlite3/vfs/os_linux.go
+++ b/vendor/github.com/ncruces/go-sqlite3/vfs/os_linux.go
@@ -3,6 +3,7 @@
 package vfs
 
 import (
+	"io"
 	"os"
 	"time"
 
@@ -11,14 +12,36 @@ import (
 
 func osSync(file *os.File, _ /*fullsync*/, _ /*dataonly*/ bool) error {
 	// SQLite trusts Linux's fdatasync for all fsync's.
-	return unix.Fdatasync(int(file.Fd()))
+	for {
+		err := unix.Fdatasync(int(file.Fd()))
+		if err != unix.EINTR {
+			return err
+		}
+	}
 }
 
 func osAllocate(file *os.File, size int64) error {
 	if size == 0 {
 		return nil
 	}
-	return unix.Fallocate(int(file.Fd()), 0, 0, size)
+	for {
+		err := unix.Fallocate(int(file.Fd()), 0, 0, size)
+		if err == unix.EOPNOTSUPP {
+			break
+		}
+		if err != unix.EINTR {
+			return err
+		}
+	}
+	off, err := file.Seek(0, io.SeekEnd)
+	if err != nil {
+		return err
+	}
+	if size <= off {
+		return nil
+	}
+	return file.Truncate(size)
+
 }
 
 func osReadLock(file *os.File, start, len int64, timeout time.Duration) _ErrorCode {
@@ -37,22 +60,27 @@ func osLock(file *os.File, typ int16, start, len int64, timeout time.Duration, d
 	}
 	var err error
 	switch {
-	case timeout < 0:
-		err = unix.FcntlFlock(file.Fd(), unix.F_OFD_SETLKW, &lock)
 	default:
 		err = unix.FcntlFlock(file.Fd(), unix.F_OFD_SETLK, &lock)
+	case timeout < 0:
+		err = unix.FcntlFlock(file.Fd(), unix.F_OFD_SETLKW, &lock)
 	}
 	return osLockErrorCode(err, def)
 }
 
 func osUnlock(file *os.File, start, len int64) _ErrorCode {
-	err := unix.FcntlFlock(file.Fd(), unix.F_OFD_SETLK, &unix.Flock_t{
+	lock := unix.Flock_t{
 		Type:  unix.F_UNLCK,
 		Start: start,
 		Len:   len,
-	})
-	if err != nil {
-		return _IOERR_UNLOCK
 	}
-	return _OK
+	for {
+		err := unix.FcntlFlock(file.Fd(), unix.F_OFD_SETLK, &lock)
+		if err == nil {
+			return _OK
+		}
+		if err != unix.EINTR {
+			return _IOERR_UNLOCK
+		}
+	}
 }
diff --git a/vendor/github.com/ncruces/go-sqlite3/vfs/os_std.go b/vendor/github.com/ncruces/go-sqlite3/vfs/os_std.go
index 0d0ca24c9..a48c71e9f 100644
--- a/vendor/github.com/ncruces/go-sqlite3/vfs/os_std.go
+++ b/vendor/github.com/ncruces/go-sqlite3/vfs/os_std.go
@@ -8,8 +8,8 @@ import (
 )
 
 const (
+	isUnix      = false
 	_O_NOFOLLOW = 0
-	canSyncDirs = false
 )
 
 func osAccess(path string, flags AccessFlag) error {
diff --git a/vendor/github.com/ncruces/go-sqlite3/vfs/os_unix.go b/vendor/github.com/ncruces/go-sqlite3/vfs/os_unix.go
index 9f42b5f6c..ec312ccd3 100644
--- a/vendor/github.com/ncruces/go-sqlite3/vfs/os_unix.go
+++ b/vendor/github.com/ncruces/go-sqlite3/vfs/os_unix.go
@@ -10,8 +10,8 @@ import (
 )
 
 const (
+	isUnix      = true
 	_O_NOFOLLOW = unix.O_NOFOLLOW
-	canSyncDirs = true
 )
 
 func osAccess(path string, flags AccessFlag) error {
@@ -65,10 +65,15 @@ func osTestLock(file *os.File, start, len int64) (int16, _ErrorCode) {
 		Start: start,
 		Len:   len,
 	}
-	if unix.FcntlFlock(file.Fd(), unix.F_GETLK, &lock) != nil {
-		return 0, _IOERR_CHECKRESERVEDLOCK
+	for {
+		err := unix.FcntlFlock(file.Fd(), unix.F_GETLK, &lock)
+		if err == nil {
+			return lock.Type, _OK
+		}
+		if err != unix.EINTR {
+			return 0, _IOERR_CHECKRESERVEDLOCK
+		}
 	}
-	return lock.Type, _OK
 }
 
 func osLockErrorCode(err error, def _ErrorCode) _ErrorCode {
diff --git a/vendor/github.com/ncruces/go-sqlite3/vfs/os_windows.go b/vendor/github.com/ncruces/go-sqlite3/vfs/os_windows.go
index ecce3cfa2..0a6693de5 100644
--- a/vendor/github.com/ncruces/go-sqlite3/vfs/os_windows.go
+++ b/vendor/github.com/ncruces/go-sqlite3/vfs/os_windows.go
@@ -135,12 +135,10 @@ func osWriteLock(file *os.File, start, len uint32, timeout time.Duration) _Error
 func osLock(file *os.File, flags, start, len uint32, timeout time.Duration, def _ErrorCode) _ErrorCode {
 	var err error
 	switch {
-	case timeout == 0:
+	default:
 		err = osLockEx(file, flags|windows.LOCKFILE_FAIL_IMMEDIATELY, start, len)
 	case timeout < 0:
 		err = osLockEx(file, flags, start, len)
-	default:
-		err = osLockExTimeout(file, flags, start, len, timeout)
 	}
 	return osLockErrorCode(err, def)
 }
@@ -162,37 +160,6 @@ func osLockEx(file *os.File, flags, start, len uint32) error {
 		0, len, 0, &windows.Overlapped{Offset: start})
 }
 
-func osLockExTimeout(file *os.File, flags, start, len uint32, timeout time.Duration) error {
-	event, err := windows.CreateEvent(nil, 1, 0, nil)
-	if err != nil {
-		return err
-	}
-	defer windows.CloseHandle(event)
-
-	fd := windows.Handle(file.Fd())
-	overlapped := &windows.Overlapped{
-		Offset: start,
-		HEvent: event,
-	}
-
-	err = windows.LockFileEx(fd, flags, 0, len, 0, overlapped)
-	if err != windows.ERROR_IO_PENDING {
-		return err
-	}
-
-	ms := (timeout + time.Millisecond - 1) / time.Millisecond
-	rc, err := windows.WaitForSingleObject(event, uint32(ms))
-	if rc == windows.WAIT_OBJECT_0 {
-		return nil
-	}
-	defer windows.CancelIoEx(fd, overlapped)
-
-	if err != nil {
-		return err
-	}
-	return windows.Errno(rc)
-}
-
 func osLockErrorCode(err error, def _ErrorCode) _ErrorCode {
 	if err == nil {
 		return _OK
diff --git a/vendor/github.com/ncruces/go-sqlite3/vfs/shm_bsd.go b/vendor/github.com/ncruces/go-sqlite3/vfs/shm_bsd.go
index 11e7bb2fd..be1495d99 100644
--- a/vendor/github.com/ncruces/go-sqlite3/vfs/shm_bsd.go
+++ b/vendor/github.com/ncruces/go-sqlite3/vfs/shm_bsd.go
@@ -68,16 +68,11 @@ func (s *vfsShm) Close() error {
 	panic(util.AssertErr())
 }
 
-func (s *vfsShm) shmOpen() _ErrorCode {
+func (s *vfsShm) shmOpen() (rc _ErrorCode) {
 	if s.vfsShmParent != nil {
 		return _OK
 	}
 
-	var f *os.File
-	// Close file on error.
-	// Keep this here to avoid confusing checklocks.
-	defer func() { f.Close() }()
-
 	vfsShmListMtx.Lock()
 	defer vfsShmListMtx.Unlock()
 
@@ -98,11 +93,16 @@ func (s *vfsShm) shmOpen() _ErrorCode {
 	}
 
 	// Always open file read-write, as it will be shared.
-	f, err = os.OpenFile(s.path,
+	f, err := os.OpenFile(s.path,
 		os.O_RDWR|os.O_CREATE|_O_NOFOLLOW, 0666)
 	if err != nil {
 		return _CANTOPEN
 	}
+	defer func() {
+		if rc != _OK {
+			f.Close()
+		}
+	}()
 
 	// Dead man's switch.
 	if lock, rc := osTestLock(f, _SHM_DMS, 1); rc != _OK {
@@ -131,7 +131,6 @@ func (s *vfsShm) shmOpen() _ErrorCode {
 		File: f,
 		info: fi,
 	}
-	f = nil // Don't close the file.
 	for i, g := range vfsShmList {
 		if g == nil {
 			vfsShmList[i] = s.vfsShmParent
diff --git a/vendor/github.com/ncruces/go-sqlite3/vfs/shm_windows.go b/vendor/github.com/ncruces/go-sqlite3/vfs/shm_windows.go
index ed2e93f8e..7cc5b2a23 100644
--- a/vendor/github.com/ncruces/go-sqlite3/vfs/shm_windows.go
+++ b/vendor/github.com/ncruces/go-sqlite3/vfs/shm_windows.go
@@ -7,14 +7,11 @@ import (
 	"io"
 	"os"
 	"sync"
-	"syscall"
-	"time"
 
 	"github.com/tetratelabs/wazero/api"
 	"golang.org/x/sys/windows"
 
 	"github.com/ncruces/go-sqlite3/internal/util"
-	"github.com/ncruces/go-sqlite3/util/osutil"
 )
 
 type vfsShm struct {
@@ -33,8 +30,6 @@ type vfsShm struct {
 	sync.Mutex
 }
 
-var _ blockingSharedMemory = &vfsShm{}
-
 func (s *vfsShm) Close() error {
 	// Unmap regions.
 	for _, r := range s.regions {
@@ -48,8 +43,7 @@ func (s *vfsShm) Close() error {
 
 func (s *vfsShm) shmOpen() _ErrorCode {
 	if s.File == nil {
-		f, err := osutil.OpenFile(s.path,
-			os.O_RDWR|os.O_CREATE|syscall.O_NONBLOCK, 0666)
+		f, err := os.OpenFile(s.path, os.O_RDWR|os.O_CREATE, 0666)
 		if err != nil {
 			return _CANTOPEN
 		}
@@ -67,7 +61,7 @@ func (s *vfsShm) shmOpen() _ErrorCode {
 			return _IOERR_SHMOPEN
 		}
 	}
-	rc := osReadLock(s.File, _SHM_DMS, 1, time.Millisecond)
+	rc := osReadLock(s.File, _SHM_DMS, 1, 0)
 	s.fileLock = rc == _OK
 	return rc
 }
@@ -135,11 +129,6 @@ func (s *vfsShm) shmMap(ctx context.Context, mod api.Module, id, size int32, ext
 }
 
 func (s *vfsShm) shmLock(offset, n int32, flags _ShmFlag) (rc _ErrorCode) {
-	var timeout time.Duration
-	if s.blocking {
-		timeout = time.Millisecond
-	}
-
 	switch {
 	case flags&_SHM_LOCK != 0:
 		defer s.shmAcquire(&rc)
@@ -151,9 +140,9 @@ func (s *vfsShm) shmLock(offset, n int32, flags _ShmFlag) (rc _ErrorCode) {
 	case flags&_SHM_UNLOCK != 0:
 		return osUnlock(s.File, _SHM_BASE+uint32(offset), uint32(n))
 	case flags&_SHM_SHARED != 0:
-		return osReadLock(s.File, _SHM_BASE+uint32(offset), uint32(n), timeout)
+		return osReadLock(s.File, _SHM_BASE+uint32(offset), uint32(n), 0)
 	case flags&_SHM_EXCLUSIVE != 0:
-		return osWriteLock(s.File, _SHM_BASE+uint32(offset), uint32(n), timeout)
+		return osWriteLock(s.File, _SHM_BASE+uint32(offset), uint32(n), 0)
 	default:
 		panic(util.AssertErr())
 	}
@@ -184,7 +173,3 @@ func (s *vfsShm) shmUnmap(delete bool) {
 		os.Remove(s.path)
 	}
 }
-
-func (s *vfsShm) shmEnableBlocking(block bool) {
-	s.blocking = block
-}
diff --git a/vendor/github.com/ncruces/go-sqlite3/vtab.go b/vendor/github.com/ncruces/go-sqlite3/vtab.go
index 884aaaa0c..16ff2806b 100644
--- a/vendor/github.com/ncruces/go-sqlite3/vtab.go
+++ b/vendor/github.com/ncruces/go-sqlite3/vtab.go
@@ -79,9 +79,12 @@ func implements[T any](typ reflect.Type) bool {
 //
 // https://sqlite.org/c3ref/declare_vtab.html
 func (c *Conn) DeclareVTab(sql string) error {
+	if c.interrupt.Err() != nil {
+		return INTERRUPT
+	}
 	defer c.arena.mark()()
-	sqlPtr := c.arena.string(sql)
-	rc := res_t(c.call("sqlite3_declare_vtab", stk_t(c.handle), stk_t(sqlPtr)))
+	textPtr := c.arena.string(sql)
+	rc := res_t(c.call("sqlite3_declare_vtab", stk_t(c.handle), stk_t(textPtr)))
 	return c.error(rc)
 }
 
@@ -162,6 +165,7 @@ type VTabDestroyer interface {
 }
 
 // A VTabUpdater allows a virtual table to be updated.
+// Implementations must not retain arg.
 type VTabUpdater interface {
 	VTab
 	// https://sqlite.org/vtab.html#xupdate
@@ -241,6 +245,7 @@ type VTabSavepointer interface {
 // to loop through the virtual table.
 // A VTabCursor may optionally implement
 // [io.Closer] to free resources.
+// Implementations of Filter must not retain arg.
 //
 // https://sqlite.org/c3ref/vtab_cursor.html
 type VTabCursor interface {
@@ -489,12 +494,12 @@ func vtabBestIndexCallback(ctx context.Context, mod api.Module, pVTab, pIdxInfo
 }
 
 func vtabUpdateCallback(ctx context.Context, mod api.Module, pVTab ptr_t, nArg int32, pArg, pRowID ptr_t) res_t {
-	vtab := vtabGetHandle(ctx, mod, pVTab).(VTabUpdater)
-
 	db := ctx.Value(connKey{}).(*Conn)
-	args := make([]Value, nArg)
-	callbackArgs(db, args, pArg)
-	rowID, err := vtab.Update(args...)
+	args := callbackArgs(db, nArg, pArg)
+	defer returnArgs(args)
+
+	vtab := vtabGetHandle(ctx, mod, pVTab).(VTabUpdater)
+	rowID, err := vtab.Update(*args...)
 	if err == nil {
 		util.Write64(mod, pRowID, rowID)
 	}
@@ -593,15 +598,17 @@ func cursorCloseCallback(ctx context.Context, mod api.Module, pCur ptr_t) res_t
 }
 
 func cursorFilterCallback(ctx context.Context, mod api.Module, pCur ptr_t, idxNum int32, idxStr ptr_t, nArg int32, pArg ptr_t) res_t {
-	cursor := vtabGetHandle(ctx, mod, pCur).(VTabCursor)
 	db := ctx.Value(connKey{}).(*Conn)
-	args := make([]Value, nArg)
-	callbackArgs(db, args, pArg)
+	args := callbackArgs(db, nArg, pArg)
+	defer returnArgs(args)
+
 	var idxName string
 	if idxStr != 0 {
 		idxName = util.ReadString(mod, idxStr, _MAX_LENGTH)
 	}
-	err := cursor.Filter(int(idxNum), idxName, args...)
+
+	cursor := vtabGetHandle(ctx, mod, pCur).(VTabCursor)
+	err := cursor.Filter(int(idxNum), idxName, *args...)
 	return vtabError(ctx, mod, pCur, _CURSOR_ERROR, err)
 }
 
diff --git a/vendor/modules.txt b/vendor/modules.txt
index a6317e4d9..5e421a2da 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -691,7 +691,7 @@ github.com/modern-go/reflect2
 # github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822
 ## explicit
 github.com/munnerz/goautoneg
-# github.com/ncruces/go-sqlite3 v0.24.0
+# github.com/ncruces/go-sqlite3 v0.25.0
 ## explicit; go 1.23.0
 github.com/ncruces/go-sqlite3
 github.com/ncruces/go-sqlite3/driver
@@ -699,7 +699,6 @@ github.com/ncruces/go-sqlite3/embed
 github.com/ncruces/go-sqlite3/internal/alloc
 github.com/ncruces/go-sqlite3/internal/dotlk
 github.com/ncruces/go-sqlite3/internal/util
-github.com/ncruces/go-sqlite3/util/osutil
 github.com/ncruces/go-sqlite3/util/sql3util
 github.com/ncruces/go-sqlite3/vfs
 github.com/ncruces/go-sqlite3/vfs/memdb

From b1844323314dd1f0832f1fcdb765a7f67ca01dbc Mon Sep 17 00:00:00 2001
From: tobi <31960611+tsmethurst@users.noreply.github.com>
Date: Fri, 4 Apr 2025 18:29:22 +0200
Subject: [PATCH 07/15] [feature] Allow editing domain blocks/allows, fix
 comment import (#3967)

* start implementing editing of existing domain permissions

* [feature] Allow editing domain blocks/allows, fix comment import

* [bugfix] Use "comment" via /api/v1/instance

* fix the stuff
---
 docs/admin/domain_permission_subscriptions.md |  21 ++
 docs/api/swagger.yaml                         | 116 +++++++-
 internal/api/client/admin/admin.go            |   2 +
 .../api/client/admin/domainallowupdate.go     |  91 +++++++
 .../api/client/admin/domainblockupdate.go     |  91 +++++++
 internal/api/client/admin/domainpermission.go |  89 +++++-
 .../admin/domainpermissiondraftcreate.go      |   7 +-
 .../domainpermissionsubscriptiontest_test.go  |  28 +-
 .../client/instance/instancepeersget_test.go  |  10 +-
 internal/api/model/domain.go                  |  17 +-
 internal/db/bundb/domain.go                   |   4 +-
 internal/db/bundb/domain_test.go              |  14 +-
 .../domainpermissionsubscription_test.go      |   2 +-
 internal/db/domain.go                         |   8 +-
 internal/gtsmodel/domainallow.go              |   2 +-
 internal/gtsmodel/domainblock.go              |   2 +-
 internal/processing/admin/domainallow.go      |  50 +++-
 internal/processing/admin/domainblock.go      |  50 +++-
 internal/processing/admin/domainpermission.go | 179 +++++++++---
 internal/processing/instance.go               |   6 +-
 internal/subscriptions/domainperms.go         |  39 +--
 internal/subscriptions/subscriptions_test.go  |   4 +-
 internal/typeutils/internaltofrontend.go      |   6 +-
 testrig/transportcontroller.go                |   2 +-
 .../query/admin/domain-permissions/import.ts  |  38 +--
 .../query/admin/domain-permissions/update.ts  |  43 +++
 .../settings/lib/types/domain-permission.ts   |   8 +-
 web/source/settings/style.css                 |  41 ++-
 .../moderation/domain-permissions/detail.tsx  | 255 +++++++++++-------
 .../domain-permissions/import-export.tsx      |   2 +-
 .../moderation/domain-permissions/process.tsx | 103 ++++---
 .../settings/views/moderation/router.tsx      |   4 +-
 32 files changed, 1021 insertions(+), 313 deletions(-)
 create mode 100644 internal/api/client/admin/domainallowupdate.go
 create mode 100644 internal/api/client/admin/domainblockupdate.go

diff --git a/docs/admin/domain_permission_subscriptions.md b/docs/admin/domain_permission_subscriptions.md
index 77ec831e1..78518e187 100644
--- a/docs/admin/domain_permission_subscriptions.md
+++ b/docs/admin/domain_permission_subscriptions.md
@@ -113,6 +113,27 @@ nothanks.com,suspend,false,false,,false
 
 JSON lists use content type `application/json`.
 
+```json
+[
+  {
+    "domain": "bumfaces.net",
+    "suspended_at": "2020-05-13T13:29:12.000Z",
+    "comment": "big jerks"
+  },
+  {
+    "domain": "peepee.poopoo",
+    "suspended_at": "2020-05-13T13:29:12.000Z",
+    "comment": "harassment"
+  },
+  {
+    "domain": "nothanks.com",
+    "suspended_at": "2020-05-13T13:29:12.000Z"
+  }
+]
+```
+
+As an alternative to `"comment"`, `"public_comment"` will also work:
+
 ```json
 [
   {
diff --git a/docs/api/swagger.yaml b/docs/api/swagger.yaml
index e1c1c14e9..778b1c843 100644
--- a/docs/api/swagger.yaml
+++ b/docs/api/swagger.yaml
@@ -1099,13 +1099,22 @@ definitions:
     domain:
         description: Domain represents a remote domain
         properties:
+            comment:
+                description: |-
+                    If the domain is blocked, what's the publicly-stated reason for the block.
+                    Alternative to `public_comment` to be used when serializing/deserializing via /api/v1/instance.
+                example: they smell
+                type: string
+                x-go-name: Comment
             domain:
                 description: The hostname of the domain.
                 example: example.org
                 type: string
                 x-go-name: Domain
             public_comment:
-                description: If the domain is blocked, what's the publicly-stated reason for the block.
+                description: |-
+                    If the domain is blocked, what's the publicly-stated reason for the block.
+                    Alternative to `comment` to be used when serializing/deserializing NOT via /api/v1/instance.
                 example: they smell
                 type: string
                 x-go-name: PublicComment
@@ -1124,6 +1133,13 @@ definitions:
         x-go-package: github.com/superseriousbusiness/gotosocial/internal/api/model
     domainPermission:
         properties:
+            comment:
+                description: |-
+                    If the domain is blocked, what's the publicly-stated reason for the block.
+                    Alternative to `public_comment` to be used when serializing/deserializing via /api/v1/instance.
+                example: they smell
+                type: string
+                x-go-name: Comment
             created_at:
                 description: Time at which the permission entry was created (ISO 8601 Datetime).
                 example: "2021-07-30T09:20:25+00:00"
@@ -1162,7 +1178,9 @@ definitions:
                 type: string
                 x-go-name: PrivateComment
             public_comment:
-                description: If the domain is blocked, what's the publicly-stated reason for the block.
+                description: |-
+                    If the domain is blocked, what's the publicly-stated reason for the block.
+                    Alternative to `comment` to be used when serializing/deserializing NOT via /api/v1/instance.
                 example: they smell
                 type: string
                 x-go-name: PublicComment
@@ -5823,6 +5841,53 @@ paths:
             summary: View domain allow with the given ID.
             tags:
                 - admin
+        put:
+            consumes:
+                - multipart/form-data
+            operationId: domainAllowUpdate
+            parameters:
+                - description: The id of the domain allow.
+                  in: path
+                  name: id
+                  required: true
+                  type: string
+                - description: Obfuscate the name of the domain when serving it publicly. Eg., `example.org` becomes something like `ex***e.org`.
+                  in: formData
+                  name: obfuscate
+                  type: boolean
+                - description: Public comment about this domain allow. This will be displayed alongside the domain allow if you choose to share allows.
+                  in: formData
+                  name: public_comment
+                  type: string
+                - description: Private comment about this domain allow. Will only be shown to other admins, so this is a useful way of internally keeping track of why a certain domain ended up allowed.
+                  in: formData
+                  name: private_comment
+                  type: string
+            produces:
+                - application/json
+            responses:
+                "200":
+                    description: The updated domain allow.
+                    schema:
+                        $ref: '#/definitions/domainPermission'
+                "400":
+                    description: bad request
+                "401":
+                    description: unauthorized
+                "403":
+                    description: forbidden
+                "404":
+                    description: not found
+                "406":
+                    description: not acceptable
+                "500":
+                    description: internal server error
+            security:
+                - OAuth2 Bearer:
+                    - admin:write:domain_allows
+            summary: Update a single domain allow.
+            tags:
+                - admin
     /api/v1/admin/domain_blocks:
         get:
             operationId: domainBlocksGet
@@ -5990,6 +6055,53 @@ paths:
             summary: View domain block with the given ID.
             tags:
                 - admin
+        put:
+            consumes:
+                - multipart/form-data
+            operationId: domainBlockUpdate
+            parameters:
+                - description: The id of the domain block.
+                  in: path
+                  name: id
+                  required: true
+                  type: string
+                - description: Obfuscate the name of the domain when serving it publicly. Eg., `example.org` becomes something like `ex***e.org`.
+                  in: formData
+                  name: obfuscate
+                  type: boolean
+                - description: Public comment about this domain block. This will be displayed alongside the domain block if you choose to share blocks.
+                  in: formData
+                  name: public_comment
+                  type: string
+                - description: Private comment about this domain block. Will only be shown to other admins, so this is a useful way of internally keeping track of why a certain domain ended up blocked.
+                  in: formData
+                  name: private_comment
+                  type: string
+            produces:
+                - application/json
+            responses:
+                "200":
+                    description: The updated domain block.
+                    schema:
+                        $ref: '#/definitions/domainPermission'
+                "400":
+                    description: bad request
+                "401":
+                    description: unauthorized
+                "403":
+                    description: forbidden
+                "404":
+                    description: not found
+                "406":
+                    description: not acceptable
+                "500":
+                    description: internal server error
+            security:
+                - OAuth2 Bearer:
+                    - admin:write:domain_blocks
+            summary: Update a single domain block.
+            tags:
+                - admin
     /api/v1/admin/domain_keys_expire:
         post:
             consumes:
diff --git a/internal/api/client/admin/admin.go b/internal/api/client/admin/admin.go
index a5a16f35f..01a5796ae 100644
--- a/internal/api/client/admin/admin.go
+++ b/internal/api/client/admin/admin.go
@@ -102,12 +102,14 @@ func (m *Module) Route(attachHandler func(method string, path string, f ...gin.H
 	attachHandler(http.MethodPost, DomainBlocksPath, m.DomainBlocksPOSTHandler)
 	attachHandler(http.MethodGet, DomainBlocksPath, m.DomainBlocksGETHandler)
 	attachHandler(http.MethodGet, DomainBlocksPathWithID, m.DomainBlockGETHandler)
+	attachHandler(http.MethodPut, DomainBlocksPathWithID, m.DomainBlockUpdatePUTHandler)
 	attachHandler(http.MethodDelete, DomainBlocksPathWithID, m.DomainBlockDELETEHandler)
 
 	// domain allow stuff
 	attachHandler(http.MethodPost, DomainAllowsPath, m.DomainAllowsPOSTHandler)
 	attachHandler(http.MethodGet, DomainAllowsPath, m.DomainAllowsGETHandler)
 	attachHandler(http.MethodGet, DomainAllowsPathWithID, m.DomainAllowGETHandler)
+	attachHandler(http.MethodPut, DomainAllowsPathWithID, m.DomainAllowUpdatePUTHandler)
 	attachHandler(http.MethodDelete, DomainAllowsPathWithID, m.DomainAllowDELETEHandler)
 
 	// domain permission draft stuff
diff --git a/internal/api/client/admin/domainallowupdate.go b/internal/api/client/admin/domainallowupdate.go
new file mode 100644
index 000000000..02edfdfef
--- /dev/null
+++ b/internal/api/client/admin/domainallowupdate.go
@@ -0,0 +1,91 @@
+// GoToSocial
+// Copyright (C) GoToSocial Authors admin@gotosocial.org
+// SPDX-License-Identifier: AGPL-3.0-or-later
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package admin
+
+import (
+	"github.com/gin-gonic/gin"
+	"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
+)
+
+// DomainAllowUpdatePUTHandler swagger:operation PUT /api/v1/admin/domain_allows/{id} domainAllowUpdate
+//
+// Update a single domain allow.
+//
+//	---
+//	tags:
+//	- admin
+//
+//	consumes:
+//	- multipart/form-data
+//
+//	produces:
+//	- application/json
+//
+//	parameters:
+//	-
+//		name: id
+//		type: string
+//		description: The id of the domain allow.
+//		in: path
+//		required: true
+//	-
+//		name: obfuscate
+//		in: formData
+//		description: >-
+//			Obfuscate the name of the domain when serving it publicly.
+//			Eg., `example.org` becomes something like `ex***e.org`.
+//		type: boolean
+//	-
+//		name: public_comment
+//		in: formData
+//		description: >-
+//			Public comment about this domain allow.
+//			This will be displayed alongside the domain allow if you choose to share allows.
+//		type: string
+//	-
+//		name: private_comment
+//		in: formData
+//		description: >-
+//			Private comment about this domain allow. Will only be shown to other admins, so this
+//			is a useful way of internally keeping track of why a certain domain ended up allowed.
+//		type: string
+//
+//	security:
+//	- OAuth2 Bearer:
+//		- admin:write:domain_allows
+//
+//	responses:
+//		'200':
+//			description: The updated domain allow.
+//			schema:
+//				"$ref": "#/definitions/domainPermission"
+//		'400':
+//			description: bad request
+//		'401':
+//			description: unauthorized
+//		'403':
+//			description: forbidden
+//		'404':
+//			description: not found
+//		'406':
+//			description: not acceptable
+//		'500':
+//			description: internal server error
+func (m *Module) DomainAllowUpdatePUTHandler(c *gin.Context) {
+	m.updateDomainPermission(c, gtsmodel.DomainPermissionAllow)
+}
diff --git a/internal/api/client/admin/domainblockupdate.go b/internal/api/client/admin/domainblockupdate.go
new file mode 100644
index 000000000..0fbe72aa8
--- /dev/null
+++ b/internal/api/client/admin/domainblockupdate.go
@@ -0,0 +1,91 @@
+// GoToSocial
+// Copyright (C) GoToSocial Authors admin@gotosocial.org
+// SPDX-License-Identifier: AGPL-3.0-or-later
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package admin
+
+import (
+	"github.com/gin-gonic/gin"
+	"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
+)
+
+// DomainBlockUpdatePUTHandler swagger:operation PUT /api/v1/admin/domain_blocks/{id} domainBlockUpdate
+//
+// Update a single domain block.
+//
+//	---
+//	tags:
+//	- admin
+//
+//	consumes:
+//	- multipart/form-data
+//
+//	produces:
+//	- application/json
+//
+//	parameters:
+//	-
+//		name: id
+//		type: string
+//		description: The id of the domain block.
+//		in: path
+//		required: true
+//	-
+//		name: obfuscate
+//		in: formData
+//		description: >-
+//			Obfuscate the name of the domain when serving it publicly.
+//			Eg., `example.org` becomes something like `ex***e.org`.
+//		type: boolean
+//	-
+//		name: public_comment
+//		in: formData
+//		description: >-
+//			Public comment about this domain block.
+//			This will be displayed alongside the domain block if you choose to share blocks.
+//		type: string
+//	-
+//		name: private_comment
+//		in: formData
+//		description: >-
+//			Private comment about this domain block. Will only be shown to other admins, so this
+//			is a useful way of internally keeping track of why a certain domain ended up blocked.
+//		type: string
+//
+//	security:
+//	- OAuth2 Bearer:
+//		- admin:write:domain_blocks
+//
+//	responses:
+//		'200':
+//			description: The updated domain block.
+//			schema:
+//				"$ref": "#/definitions/domainPermission"
+//		'400':
+//			description: bad request
+//		'401':
+//			description: unauthorized
+//		'403':
+//			description: forbidden
+//		'404':
+//			description: not found
+//		'406':
+//			description: not acceptable
+//		'500':
+//			description: internal server error
+func (m *Module) DomainBlockUpdatePUTHandler(c *gin.Context) {
+	m.updateDomainPermission(c, gtsmodel.DomainPermissionBlock)
+}
diff --git a/internal/api/client/admin/domainpermission.go b/internal/api/client/admin/domainpermission.go
index c64c90eb2..91b95334b 100644
--- a/internal/api/client/admin/domainpermission.go
+++ b/internal/api/client/admin/domainpermission.go
@@ -29,6 +29,7 @@ import (
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
 	"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
+	"github.com/superseriousbusiness/gotosocial/internal/util"
 )
 
 type singleDomainPermCreate func(
@@ -112,7 +113,7 @@ func (m *Module) createDomainPermissions(
 	if importing && form.Domains.Size == 0 {
 		err = errors.New("import was specified but list of domains is empty")
 	} else if !importing && form.Domain == "" {
-		err = errors.New("empty domain provided")
+		err = errors.New("no domain provided")
 	}
 
 	if err != nil {
@@ -122,14 +123,14 @@ func (m *Module) createDomainPermissions(
 
 	if !importing {
 		// Single domain permission creation.
-		domainBlock, _, errWithCode := single(
+		perm, _, errWithCode := single(
 			c.Request.Context(),
 			permType,
 			authed.Account,
 			form.Domain,
-			form.Obfuscate,
-			form.PublicComment,
-			form.PrivateComment,
+			util.PtrOrZero(form.Obfuscate),
+			util.PtrOrZero(form.PublicComment),
+			util.PtrOrZero(form.PrivateComment),
 			"", // No sub ID for single perm creation.
 		)
 
@@ -138,7 +139,7 @@ func (m *Module) createDomainPermissions(
 			return
 		}
 
-		apiutil.JSON(c, http.StatusOK, domainBlock)
+		apiutil.JSON(c, http.StatusOK, perm)
 		return
 	}
 
@@ -177,6 +178,82 @@ func (m *Module) createDomainPermissions(
 	apiutil.JSON(c, http.StatusOK, domainPerms)
 }
 
+func (m *Module) updateDomainPermission(
+	c *gin.Context,
+	permType gtsmodel.DomainPermissionType,
+) {
+	// Scope differs based on permType.
+	var requireScope apiutil.Scope
+	if permType == gtsmodel.DomainPermissionBlock {
+		requireScope = apiutil.ScopeAdminWriteDomainBlocks
+	} else {
+		requireScope = apiutil.ScopeAdminWriteDomainAllows
+	}
+
+	authed, errWithCode := apiutil.TokenAuth(c,
+		true, true, true, true,
+		requireScope,
+	)
+	if errWithCode != nil {
+		apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
+		return
+	}
+
+	if !*authed.User.Admin {
+		err := fmt.Errorf("user %s not an admin", authed.User.ID)
+		apiutil.ErrorHandler(c, gtserror.NewErrorForbidden(err, err.Error()), m.processor.InstanceGetV1)
+		return
+	}
+
+	if authed.Account.IsMoving() {
+		apiutil.ForbiddenAfterMove(c)
+		return
+	}
+
+	if _, err := apiutil.NegotiateAccept(c, apiutil.JSONAcceptHeaders...); err != nil {
+		apiutil.ErrorHandler(c, gtserror.NewErrorNotAcceptable(err, err.Error()), m.processor.InstanceGetV1)
+		return
+	}
+
+	permID, errWithCode := apiutil.ParseID(c.Param(apiutil.IDKey))
+	if errWithCode != nil {
+		apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
+		return
+	}
+
+	// Parse + validate form.
+	form := new(apimodel.DomainPermissionRequest)
+	if err := c.ShouldBind(form); err != nil {
+		apiutil.ErrorHandler(c, gtserror.NewErrorBadRequest(err, err.Error()), m.processor.InstanceGetV1)
+		return
+	}
+
+	if form.Obfuscate == nil &&
+		form.PrivateComment == nil &&
+		form.PublicComment == nil {
+		const errText = "empty form submitted"
+		errWithCode := gtserror.NewErrorBadRequest(errors.New(errText), errText)
+		apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
+		return
+	}
+
+	perm, errWithCode := m.processor.Admin().DomainPermissionUpdate(
+		c.Request.Context(),
+		permType,
+		permID,
+		form.Obfuscate,
+		form.PublicComment,
+		form.PrivateComment,
+		nil, // Can't update perm sub ID this way yet.
+	)
+	if errWithCode != nil {
+		apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
+		return
+	}
+
+	apiutil.JSON(c, http.StatusOK, perm)
+}
+
 // deleteDomainPermission deletes a single domain permission (block or allow).
 func (m *Module) deleteDomainPermission(
 	c *gin.Context,
diff --git a/internal/api/client/admin/domainpermissiondraftcreate.go b/internal/api/client/admin/domainpermissiondraftcreate.go
index b8d3085e9..e7fcd2c40 100644
--- a/internal/api/client/admin/domainpermissiondraftcreate.go
+++ b/internal/api/client/admin/domainpermissiondraftcreate.go
@@ -26,6 +26,7 @@ import (
 	apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
+	"github.com/superseriousbusiness/gotosocial/internal/util"
 )
 
 // DomainPermissionDraftsPOSTHandler swagger:operation POST /api/v1/admin/domain_permission_drafts domainPermissionDraftCreate
@@ -148,9 +149,9 @@ func (m *Module) DomainPermissionDraftsPOSTHandler(c *gin.Context) {
 		authed.Account,
 		form.Domain,
 		permType,
-		form.Obfuscate,
-		form.PublicComment,
-		form.PrivateComment,
+		util.PtrOrZero(form.Obfuscate),
+		util.PtrOrZero(form.PublicComment),
+		util.PtrOrZero(form.PrivateComment),
 	)
 	if errWithCode != nil {
 		apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
diff --git a/internal/api/client/admin/domainpermissionsubscriptiontest_test.go b/internal/api/client/admin/domainpermissionsubscriptiontest_test.go
index c03b950a9..4ac366520 100644
--- a/internal/api/client/admin/domainpermissionsubscriptiontest_test.go
+++ b/internal/api/client/admin/domainpermissionsubscriptiontest_test.go
@@ -97,14 +97,21 @@ func (suite *DomainPermissionSubscriptionTestTestSuite) TestDomainPermissionSubs
 	suite.Equal(`[
   {
     "domain": "bumfaces.net",
-    "public_comment": "big jerks"
+    "public_comment": "big jerks",
+    "obfuscate": false,
+    "private_comment": ""
   },
   {
     "domain": "peepee.poopoo",
-    "public_comment": "harassment"
+    "public_comment": "harassment",
+    "obfuscate": false,
+    "private_comment": ""
   },
   {
-    "domain": "nothanks.com"
+    "domain": "nothanks.com",
+    "public_comment": "",
+    "obfuscate": false,
+    "private_comment": ""
   }
 ]`, dst.String())
 
@@ -177,13 +184,22 @@ func (suite *DomainPermissionSubscriptionTestTestSuite) TestDomainPermissionSubs
 	// Ensure expected.
 	suite.Equal(`[
   {
-    "domain": "bumfaces.net"
+    "domain": "bumfaces.net",
+    "public_comment": "",
+    "obfuscate": false,
+    "private_comment": ""
   },
   {
-    "domain": "peepee.poopoo"
+    "domain": "peepee.poopoo",
+    "public_comment": "",
+    "obfuscate": false,
+    "private_comment": ""
   },
   {
-    "domain": "nothanks.com"
+    "domain": "nothanks.com",
+    "public_comment": "",
+    "obfuscate": false,
+    "private_comment": ""
   }
 ]`, dst.String())
 
diff --git a/internal/api/client/instance/instancepeersget_test.go b/internal/api/client/instance/instancepeersget_test.go
index a2c81cc4e..2421205f7 100644
--- a/internal/api/client/instance/instancepeersget_test.go
+++ b/internal/api/client/instance/instancepeersget_test.go
@@ -136,7 +136,7 @@ func (suite *InstancePeersGetTestSuite) TestInstancePeersGetOnlySuspended() {
   {
     "domain": "replyguys.com",
     "suspended_at": "2020-05-13T13:29:12.000Z",
-    "public_comment": "reply-guying to tech posts"
+    "comment": "reply-guying to tech posts"
   }
 ]`, dst.String())
 }
@@ -186,7 +186,7 @@ func (suite *InstancePeersGetTestSuite) TestInstancePeersGetOnlySuspendedAuthori
   {
     "domain": "replyguys.com",
     "suspended_at": "2020-05-13T13:29:12.000Z",
-    "public_comment": "reply-guying to tech posts"
+    "comment": "reply-guying to tech posts"
   }
 ]`, dst.String())
 }
@@ -219,7 +219,7 @@ func (suite *InstancePeersGetTestSuite) TestInstancePeersGetAll() {
   {
     "domain": "replyguys.com",
     "suspended_at": "2020-05-13T13:29:12.000Z",
-    "public_comment": "reply-guying to tech posts"
+    "comment": "reply-guying to tech posts"
   }
 ]`, dst.String())
 }
@@ -263,12 +263,12 @@ func (suite *InstancePeersGetTestSuite) TestInstancePeersGetAllWithObfuscated()
   {
     "domain": "o*g.*u**.t**.*or*t.*r**ev**",
     "suspended_at": "2021-06-09T10:34:55.000Z",
-    "public_comment": "just absolutely the worst, wowza"
+    "comment": "just absolutely the worst, wowza"
   },
   {
     "domain": "replyguys.com",
     "suspended_at": "2020-05-13T13:29:12.000Z",
-    "public_comment": "reply-guying to tech posts"
+    "comment": "reply-guying to tech posts"
   }
 ]`, dst.String())
 }
diff --git a/internal/api/model/domain.go b/internal/api/model/domain.go
index 94a190f63..8d94321d0 100644
--- a/internal/api/model/domain.go
+++ b/internal/api/model/domain.go
@@ -33,8 +33,13 @@ type Domain struct {
 	// example: 2021-07-30T09:20:25+00:00
 	SilencedAt string `json:"silenced_at,omitempty"`
 	// If the domain is blocked, what's the publicly-stated reason for the block.
+	// Alternative to `public_comment` to be used when serializing/deserializing via /api/v1/instance.
 	// example: they smell
-	PublicComment string `form:"public_comment" json:"public_comment,omitempty"`
+	Comment *string `form:"comment" json:"comment,omitempty"`
+	// If the domain is blocked, what's the publicly-stated reason for the block.
+	// Alternative to `comment` to be used when serializing/deserializing NOT via /api/v1/instance.
+	// example: they smell
+	PublicComment *string `form:"public_comment" json:"public_comment,omitempty"`
 }
 
 // DomainPermission represents a permission applied to one domain (explicit block/allow).
@@ -48,10 +53,10 @@ type DomainPermission struct {
 	ID string `json:"id,omitempty"`
 	// Obfuscate the domain name when serving this domain permission entry publicly.
 	// example: false
-	Obfuscate bool `json:"obfuscate,omitempty"`
+	Obfuscate *bool `json:"obfuscate,omitempty"`
 	// Private comment for this permission entry, visible to this instance's admins only.
 	// example: they are poopoo
-	PrivateComment string `json:"private_comment,omitempty"`
+	PrivateComment *string `json:"private_comment,omitempty"`
 	// If applicable, the ID of the subscription that caused this domain permission entry to be created.
 	// example: 01FBW25TF5J67JW3HFHZCSD23K
 	SubscriptionID string `json:"subscription_id,omitempty"`
@@ -80,14 +85,14 @@ type DomainPermissionRequest struct {
 	// Obfuscate the domain name when displaying this permission entry publicly.
 	// Ie., instead of 'example.org' show something like 'e**mpl*.or*'.
 	// example: false
-	Obfuscate bool `form:"obfuscate" json:"obfuscate"`
+	Obfuscate *bool `form:"obfuscate" json:"obfuscate"`
 	// Private comment for other admins on why this permission entry was created.
 	// example: don't like 'em!!!!
-	PrivateComment string `form:"private_comment" json:"private_comment"`
+	PrivateComment *string `form:"private_comment" json:"private_comment"`
 	// Public comment on why this permission entry was created.
 	// Will be visible to requesters at /api/v1/instance/peers if this endpoint is exposed.
 	// example: foss dorks 😫
-	PublicComment string `form:"public_comment" json:"public_comment"`
+	PublicComment *string `form:"public_comment" json:"public_comment"`
 	// Permission type to create (only applies to domain permission drafts, not explicit blocks and allows).
 	PermissionType string `form:"permission_type" json:"permission_type"`
 }
diff --git a/internal/db/bundb/domain.go b/internal/db/bundb/domain.go
index 925387bd9..23b9abc74 100644
--- a/internal/db/bundb/domain.go
+++ b/internal/db/bundb/domain.go
@@ -36,7 +36,7 @@ type domainDB struct {
 	state *state.State
 }
 
-func (d *domainDB) CreateDomainAllow(ctx context.Context, allow *gtsmodel.DomainAllow) (err error) {
+func (d *domainDB) PutDomainAllow(ctx context.Context, allow *gtsmodel.DomainAllow) (err error) {
 	// Normalize the domain as punycode, note the extra
 	// validation step for domain name write operations.
 	allow.Domain, err = util.PunifySafely(allow.Domain)
@@ -162,7 +162,7 @@ func (d *domainDB) DeleteDomainAllow(ctx context.Context, domain string) error {
 	return nil
 }
 
-func (d *domainDB) CreateDomainBlock(ctx context.Context, block *gtsmodel.DomainBlock) error {
+func (d *domainDB) PutDomainBlock(ctx context.Context, block *gtsmodel.DomainBlock) error {
 	var err error
 
 	// Normalize the domain as punycode, note the extra
diff --git a/internal/db/bundb/domain_test.go b/internal/db/bundb/domain_test.go
index 8164259e8..a56f469c4 100644
--- a/internal/db/bundb/domain_test.go
+++ b/internal/db/bundb/domain_test.go
@@ -46,7 +46,7 @@ func (suite *DomainTestSuite) TestIsDomainBlocked() {
 	suite.NoError(err)
 	suite.False(blocked)
 
-	err = suite.db.CreateDomainBlock(ctx, domainBlock)
+	err = suite.db.PutDomainBlock(ctx, domainBlock)
 	suite.NoError(err)
 
 	// domain block now exists
@@ -75,7 +75,7 @@ func (suite *DomainTestSuite) TestIsDomainBlockedWithAllow() {
 	suite.False(blocked)
 
 	// Block this domain.
-	if err := suite.db.CreateDomainBlock(ctx, domainBlock); err != nil {
+	if err := suite.db.PutDomainBlock(ctx, domainBlock); err != nil {
 		suite.FailNow(err.Error())
 	}
 
@@ -96,7 +96,7 @@ func (suite *DomainTestSuite) TestIsDomainBlockedWithAllow() {
 		CreatedByAccount:   suite.testAccounts["admin_account"],
 	}
 
-	if err := suite.db.CreateDomainAllow(ctx, domainAllow); err != nil {
+	if err := suite.db.PutDomainAllow(ctx, domainAllow); err != nil {
 		suite.FailNow(err.Error())
 	}
 
@@ -124,7 +124,7 @@ func (suite *DomainTestSuite) TestIsDomainBlockedWildcard() {
 	suite.NoError(err)
 	suite.False(blocked)
 
-	err = suite.db.CreateDomainBlock(ctx, domainBlock)
+	err = suite.db.PutDomainBlock(ctx, domainBlock)
 	suite.NoError(err)
 
 	// Start with the base block domain
@@ -164,7 +164,7 @@ func (suite *DomainTestSuite) TestIsDomainBlockedNonASCII() {
 	suite.NoError(err)
 	suite.False(blocked)
 
-	err = suite.db.CreateDomainBlock(ctx, domainBlock)
+	err = suite.db.PutDomainBlock(ctx, domainBlock)
 	suite.NoError(err)
 
 	// domain block now exists
@@ -200,7 +200,7 @@ func (suite *DomainTestSuite) TestIsDomainBlockedNonASCII2() {
 	suite.NoError(err)
 	suite.False(blocked)
 
-	err = suite.db.CreateDomainBlock(ctx, domainBlock)
+	err = suite.db.PutDomainBlock(ctx, domainBlock)
 	suite.NoError(err)
 
 	// domain block now exists
@@ -232,7 +232,7 @@ func (suite *DomainTestSuite) TestIsOtherDomainBlockedWildcardAndExplicit() {
 	}
 
 	for _, block := range blocks {
-		if err := suite.db.CreateDomainBlock(ctx, block); err != nil {
+		if err := suite.db.PutDomainBlock(ctx, block); err != nil {
 			suite.FailNow(err.Error())
 		}
 	}
diff --git a/internal/db/bundb/domainpermissionsubscription_test.go b/internal/db/bundb/domainpermissionsubscription_test.go
index 732befbff..7a5cf8685 100644
--- a/internal/db/bundb/domainpermissionsubscription_test.go
+++ b/internal/db/bundb/domainpermissionsubscription_test.go
@@ -80,7 +80,7 @@ func (suite *DomainPermissionSubscriptionTestSuite) TestCount() {
 
 	// Whack the perms in the db.
 	for _, perm := range perms {
-		if err := suite.state.DB.CreateDomainBlock(ctx, perm); err != nil {
+		if err := suite.state.DB.PutDomainBlock(ctx, perm); err != nil {
 			suite.FailNow(err.Error())
 		}
 	}
diff --git a/internal/db/domain.go b/internal/db/domain.go
index 643538e7e..95a2f0755 100644
--- a/internal/db/domain.go
+++ b/internal/db/domain.go
@@ -31,8 +31,8 @@ type Domain interface {
 		Block/allow storage + retrieval functions.
 	*/
 
-	// CreateDomainAllow puts the given instance-level domain allow into the database.
-	CreateDomainAllow(ctx context.Context, allow *gtsmodel.DomainAllow) error
+	// PutDomainAllow puts the given instance-level domain allow into the database.
+	PutDomainAllow(ctx context.Context, allow *gtsmodel.DomainAllow) error
 
 	// GetDomainAllow returns one instance-level domain allow with the given domain, if it exists.
 	GetDomainAllow(ctx context.Context, domain string) (*gtsmodel.DomainAllow, error)
@@ -49,8 +49,8 @@ type Domain interface {
 	// DeleteDomainAllow deletes an instance-level domain allow with the given domain, if it exists.
 	DeleteDomainAllow(ctx context.Context, domain string) error
 
-	// CreateDomainBlock puts the given instance-level domain block into the database.
-	CreateDomainBlock(ctx context.Context, block *gtsmodel.DomainBlock) error
+	// PutDomainBlock puts the given instance-level domain block into the database.
+	PutDomainBlock(ctx context.Context, block *gtsmodel.DomainBlock) error
 
 	// GetDomainBlock returns one instance-level domain block with the given domain, if it exists.
 	GetDomainBlock(ctx context.Context, domain string) (*gtsmodel.DomainBlock, error)
diff --git a/internal/gtsmodel/domainallow.go b/internal/gtsmodel/domainallow.go
index 3a7ca8774..f6aedbbba 100644
--- a/internal/gtsmodel/domainallow.go
+++ b/internal/gtsmodel/domainallow.go
@@ -26,7 +26,7 @@ type DomainAllow struct {
 	UpdatedAt          time.Time `bun:"type:timestamptz,nullzero,notnull,default:current_timestamp"` // when was item last updated
 	Domain             string    `bun:",nullzero,notnull"`                                           // domain to allow. Eg. 'whatever.com'
 	CreatedByAccountID string    `bun:"type:CHAR(26),nullzero,notnull"`                              // Account ID of the creator of this allow
-	CreatedByAccount   *Account  `bun:"rel:belongs-to"`                                              // Account corresponding to createdByAccountID
+	CreatedByAccount   *Account  `bun:"-"`                                                           // Account corresponding to createdByAccountID
 	PrivateComment     string    `bun:""`                                                            // Private comment on this allow, viewable to admins
 	PublicComment      string    `bun:""`                                                            // Public comment on this allow, viewable (optionally) by everyone
 	Obfuscate          *bool     `bun:",nullzero,notnull,default:false"`                             // whether the domain name should appear obfuscated when displaying it publicly
diff --git a/internal/gtsmodel/domainblock.go b/internal/gtsmodel/domainblock.go
index 4a0e1c5b7..fb0921c25 100644
--- a/internal/gtsmodel/domainblock.go
+++ b/internal/gtsmodel/domainblock.go
@@ -26,7 +26,7 @@ type DomainBlock struct {
 	UpdatedAt          time.Time `bun:"type:timestamptz,nullzero,notnull,default:current_timestamp"` // when was item last updated
 	Domain             string    `bun:",nullzero,notnull"`                                           // domain to block. Eg. 'whatever.com'
 	CreatedByAccountID string    `bun:"type:CHAR(26),nullzero,notnull"`                              // Account ID of the creator of this block
-	CreatedByAccount   *Account  `bun:"rel:belongs-to"`                                              // Account corresponding to createdByAccountID
+	CreatedByAccount   *Account  `bun:"-"`                                                           // Account corresponding to createdByAccountID
 	PrivateComment     string    `bun:""`                                                            // Private comment on this block, viewable to admins
 	PublicComment      string    `bun:""`                                                            // Public comment on this block, viewable (optionally) by everyone
 	Obfuscate          *bool     `bun:",nullzero,notnull,default:false"`                             // whether the domain name should appear obfuscated when displaying it publicly
diff --git a/internal/processing/admin/domainallow.go b/internal/processing/admin/domainallow.go
index 02101ccff..134351ad5 100644
--- a/internal/processing/admin/domainallow.go
+++ b/internal/processing/admin/domainallow.go
@@ -60,7 +60,7 @@ func (p *Processor) createDomainAllow(
 		}
 
 		// Insert the new allow into the database.
-		if err := p.state.DB.CreateDomainAllow(ctx, domainAllow); err != nil {
+		if err := p.state.DB.PutDomainAllow(ctx, domainAllow); err != nil {
 			err = gtserror.Newf("db error putting domain allow %s: %w", domain, err)
 			return nil, "", gtserror.NewErrorInternalError(err)
 		}
@@ -92,6 +92,54 @@ func (p *Processor) createDomainAllow(
 	return apiDomainAllow, action.ID, nil
 }
 
+func (p *Processor) updateDomainAllow(
+	ctx context.Context,
+	domainAllowID string,
+	obfuscate *bool,
+	publicComment *string,
+	privateComment *string,
+	subscriptionID *string,
+) (*apimodel.DomainPermission, gtserror.WithCode) {
+	domainAllow, err := p.state.DB.GetDomainAllowByID(ctx, domainAllowID)
+	if err != nil {
+		if !errors.Is(err, db.ErrNoEntries) {
+			// Real error.
+			err = gtserror.Newf("db error getting domain allow: %w", err)
+			return nil, gtserror.NewErrorInternalError(err)
+		}
+
+		// There are just no entries for this ID.
+		err = fmt.Errorf("no domain allow entry exists with ID %s", domainAllowID)
+		return nil, gtserror.NewErrorNotFound(err, err.Error())
+	}
+
+	var columns []string
+	if obfuscate != nil {
+		domainAllow.Obfuscate = obfuscate
+		columns = append(columns, "obfuscate")
+	}
+	if publicComment != nil {
+		domainAllow.PublicComment = *publicComment
+		columns = append(columns, "public_comment")
+	}
+	if privateComment != nil {
+		domainAllow.PrivateComment = *privateComment
+		columns = append(columns, "private_comment")
+	}
+	if subscriptionID != nil {
+		domainAllow.SubscriptionID = *subscriptionID
+		columns = append(columns, "subscription_id")
+	}
+
+	// Update the domain allow.
+	if err := p.state.DB.UpdateDomainAllow(ctx, domainAllow, columns...); err != nil {
+		err = gtserror.Newf("db error updating domain allow: %w", err)
+		return nil, gtserror.NewErrorInternalError(err)
+	}
+
+	return p.apiDomainPerm(ctx, domainAllow, false)
+}
+
 func (p *Processor) deleteDomainAllow(
 	ctx context.Context,
 	adminAcct *gtsmodel.Account,
diff --git a/internal/processing/admin/domainblock.go b/internal/processing/admin/domainblock.go
index 249df744c..3dd5a256f 100644
--- a/internal/processing/admin/domainblock.go
+++ b/internal/processing/admin/domainblock.go
@@ -60,7 +60,7 @@ func (p *Processor) createDomainBlock(
 		}
 
 		// Insert the new block into the database.
-		if err := p.state.DB.CreateDomainBlock(ctx, domainBlock); err != nil {
+		if err := p.state.DB.PutDomainBlock(ctx, domainBlock); err != nil {
 			err = gtserror.Newf("db error putting domain block %s: %w", domain, err)
 			return nil, "", gtserror.NewErrorInternalError(err)
 		}
@@ -93,6 +93,54 @@ func (p *Processor) createDomainBlock(
 	return apiDomainBlock, action.ID, nil
 }
 
+func (p *Processor) updateDomainBlock(
+	ctx context.Context,
+	domainBlockID string,
+	obfuscate *bool,
+	publicComment *string,
+	privateComment *string,
+	subscriptionID *string,
+) (*apimodel.DomainPermission, gtserror.WithCode) {
+	domainBlock, err := p.state.DB.GetDomainBlockByID(ctx, domainBlockID)
+	if err != nil {
+		if !errors.Is(err, db.ErrNoEntries) {
+			// Real error.
+			err = gtserror.Newf("db error getting domain block: %w", err)
+			return nil, gtserror.NewErrorInternalError(err)
+		}
+
+		// There are just no entries for this ID.
+		err = fmt.Errorf("no domain block entry exists with ID %s", domainBlockID)
+		return nil, gtserror.NewErrorNotFound(err, err.Error())
+	}
+
+	var columns []string
+	if obfuscate != nil {
+		domainBlock.Obfuscate = obfuscate
+		columns = append(columns, "obfuscate")
+	}
+	if publicComment != nil {
+		domainBlock.PublicComment = *publicComment
+		columns = append(columns, "public_comment")
+	}
+	if privateComment != nil {
+		domainBlock.PrivateComment = *privateComment
+		columns = append(columns, "private_comment")
+	}
+	if subscriptionID != nil {
+		domainBlock.SubscriptionID = *subscriptionID
+		columns = append(columns, "subscription_id")
+	}
+
+	// Update the domain block.
+	if err := p.state.DB.UpdateDomainBlock(ctx, domainBlock, columns...); err != nil {
+		err = gtserror.Newf("db error updating domain block: %w", err)
+		return nil, gtserror.NewErrorInternalError(err)
+	}
+
+	return p.apiDomainPerm(ctx, domainBlock, false)
+}
+
 func (p *Processor) deleteDomainBlock(
 	ctx context.Context,
 	adminAcct *gtsmodel.Account,
diff --git a/internal/processing/admin/domainpermission.go b/internal/processing/admin/domainpermission.go
index 55800f458..04ee2ab26 100644
--- a/internal/processing/admin/domainpermission.go
+++ b/internal/processing/admin/domainpermission.go
@@ -18,6 +18,7 @@
 package admin
 
 import (
+	"cmp"
 	"context"
 	"encoding/json"
 	"errors"
@@ -29,6 +30,7 @@ import (
 	"github.com/superseriousbusiness/gotosocial/internal/db"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
 	"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
+	"github.com/superseriousbusiness/gotosocial/internal/util"
 )
 
 // DomainPermissionCreate creates an instance-level permission
@@ -84,6 +86,50 @@ func (p *Processor) DomainPermissionCreate(
 	}
 }
 
+// DomainPermissionUpdate updates a domain permission
+// of the given permissionType, with the given ID.
+func (p *Processor) DomainPermissionUpdate(
+	ctx context.Context,
+	permissionType gtsmodel.DomainPermissionType,
+	permID string,
+	obfuscate *bool,
+	publicComment *string,
+	privateComment *string,
+	subscriptionID *string,
+) (*apimodel.DomainPermission, gtserror.WithCode) {
+	switch permissionType {
+
+	// Explicitly block a domain.
+	case gtsmodel.DomainPermissionBlock:
+		return p.updateDomainBlock(
+			ctx,
+			permID,
+			obfuscate,
+			publicComment,
+			privateComment,
+			subscriptionID,
+		)
+
+	// Explicitly allow a domain.
+	case gtsmodel.DomainPermissionAllow:
+		return p.updateDomainAllow(
+			ctx,
+			permID,
+			obfuscate,
+			publicComment,
+			privateComment,
+			subscriptionID,
+		)
+
+	// 🎵 Why don't we all strap bombs to our chests,
+	// and ride our bikes to the next G7 picnic?
+	// Seems easier with every clock-tick. 🎵
+	default:
+		err := gtserror.Newf("unrecognized permission type %d", permissionType)
+		return nil, gtserror.NewErrorInternalError(err)
+	}
+}
+
 // DomainPermissionDelete removes one domain block with the given ID,
 // and processes side effects of removing the block asynchronously.
 //
@@ -153,14 +199,14 @@ func (p *Processor) DomainPermissionsImport(
 	}
 	defer file.Close()
 
-	// Parse file as slice of domain blocks.
-	domainPerms := make([]*apimodel.DomainPermission, 0)
-	if err := json.NewDecoder(file).Decode(&domainPerms); err != nil {
+	// Parse file as slice of domain permissions.
+	apiDomainPerms := make([]*apimodel.DomainPermission, 0)
+	if err := json.NewDecoder(file).Decode(&apiDomainPerms); err != nil {
 		err = gtserror.Newf("error parsing attachment as domain permissions: %w", err)
 		return nil, gtserror.NewErrorBadRequest(err, err.Error())
 	}
 
-	count := len(domainPerms)
+	count := len(apiDomainPerms)
 	if count == 0 {
 		err = gtserror.New("error importing domain permissions: 0 entries provided")
 		return nil, gtserror.NewErrorBadRequest(err, err.Error())
@@ -170,52 +216,97 @@ func (p *Processor) DomainPermissionsImport(
 	// between successes and errors so that the caller can
 	// try failed imports again if desired.
 	multiStatusEntries := make([]apimodel.MultiStatusEntry, 0, count)
-
-	for _, domainPerm := range domainPerms {
-		var (
-			domain         = domainPerm.Domain.Domain
-			obfuscate      = domainPerm.Obfuscate
-			publicComment  = domainPerm.PublicComment
-			privateComment = domainPerm.PrivateComment
-			subscriptionID = "" // No sub ID for imports.
-			errWithCode    gtserror.WithCode
+	for _, apiDomainPerm := range apiDomainPerms {
+		multiStatusEntries = append(
+			multiStatusEntries,
+			p.importOrUpdateDomainPerm(
+				ctx,
+				permissionType,
+				account,
+				apiDomainPerm,
+			),
 		)
-
-		domainPerm, _, errWithCode = p.DomainPermissionCreate(
-			ctx,
-			permissionType,
-			account,
-			domain,
-			obfuscate,
-			publicComment,
-			privateComment,
-			subscriptionID,
-		)
-
-		var entry *apimodel.MultiStatusEntry
-
-		if errWithCode != nil {
-			entry = &apimodel.MultiStatusEntry{
-				// Use the failed domain entry as the resource value.
-				Resource: domain,
-				Message:  errWithCode.Safe(),
-				Status:   errWithCode.Code(),
-			}
-		} else {
-			entry = &apimodel.MultiStatusEntry{
-				// Use successfully created API model domain block as the resource value.
-				Resource: domainPerm,
-				Message:  http.StatusText(http.StatusOK),
-				Status:   http.StatusOK,
-			}
-		}
-
-		multiStatusEntries = append(multiStatusEntries, *entry)
 	}
 
 	return apimodel.NewMultiStatus(multiStatusEntries), nil
 }
 
+func (p *Processor) importOrUpdateDomainPerm(
+	ctx context.Context,
+	permType gtsmodel.DomainPermissionType,
+	account *gtsmodel.Account,
+	apiDomainPerm *apimodel.DomainPermission,
+) apimodel.MultiStatusEntry {
+	var (
+		domain         = apiDomainPerm.Domain.Domain
+		obfuscate      = apiDomainPerm.Obfuscate
+		publicComment  = cmp.Or(apiDomainPerm.PublicComment, apiDomainPerm.Comment)
+		privateComment = apiDomainPerm.PrivateComment
+		subscriptionID = "" // No sub ID for imports.
+	)
+
+	// Check if this domain
+	// perm already exists.
+	var (
+		domainPerm gtsmodel.DomainPermission
+		err        error
+	)
+	if permType == gtsmodel.DomainPermissionBlock {
+		domainPerm, err = p.state.DB.GetDomainBlock(ctx, domain)
+	} else {
+		domainPerm, err = p.state.DB.GetDomainAllow(ctx, domain)
+	}
+
+	if err != nil && !errors.Is(err, db.ErrNoEntries) {
+		// Real db error.
+		return apimodel.MultiStatusEntry{
+			Resource: domain,
+			Message:  "db error checking for existence of domain permission",
+			Status:   http.StatusInternalServerError,
+		}
+	}
+
+	var errWithCode gtserror.WithCode
+	if domainPerm != nil {
+		// Permission already exists, update it.
+		apiDomainPerm, errWithCode = p.DomainPermissionUpdate(
+			ctx,
+			permType,
+			domainPerm.GetID(),
+			obfuscate,
+			publicComment,
+			privateComment,
+			nil,
+		)
+	} else {
+		// Permission didn't exist yet, create it.
+		apiDomainPerm, _, errWithCode = p.DomainPermissionCreate(
+			ctx,
+			permType,
+			account,
+			domain,
+			util.PtrOrZero(obfuscate),
+			util.PtrOrZero(publicComment),
+			util.PtrOrZero(privateComment),
+			subscriptionID,
+		)
+	}
+
+	if errWithCode != nil {
+		return apimodel.MultiStatusEntry{
+			Resource: domain,
+			Message:  errWithCode.Safe(),
+			Status:   errWithCode.Code(),
+		}
+	}
+
+	return apimodel.MultiStatusEntry{
+		Resource: apiDomainPerm,
+		Message:  http.StatusText(http.StatusOK),
+		Status:   http.StatusOK,
+	}
+}
+
 // DomainPermissionsGet returns all existing domain
 // permissions of the requested type. If export is
 // true, the format will be suitable for writing out
diff --git a/internal/processing/instance.go b/internal/processing/instance.go
index 4cbbb742a..e723c751e 100644
--- a/internal/processing/instance.go
+++ b/internal/processing/instance.go
@@ -106,9 +106,9 @@ func (p *Processor) InstancePeersGet(ctx context.Context, includeSuspended bool,
 			}
 
 			domains = append(domains, &apimodel.Domain{
-				Domain:        d,
-				SuspendedAt:   util.FormatISO8601(domainBlock.CreatedAt),
-				PublicComment: domainBlock.PublicComment,
+				Domain:      d,
+				SuspendedAt: util.FormatISO8601(domainBlock.CreatedAt),
+				Comment:     &domainBlock.PublicComment,
 			})
 		}
 	}
diff --git a/internal/subscriptions/domainperms.go b/internal/subscriptions/domainperms.go
index c9f569f94..8da9064f6 100644
--- a/internal/subscriptions/domainperms.go
+++ b/internal/subscriptions/domainperms.go
@@ -438,7 +438,7 @@ func (s *Subscriptions) processDomainPermission(
 				Obfuscate:          wantedPerm.GetObfuscate(),
 				SubscriptionID:     permSub.ID,
 			}
-			insertF = func() error { return s.state.DB.CreateDomainBlock(ctx, domainBlock) }
+			insertF = func() error { return s.state.DB.PutDomainBlock(ctx, domainBlock) }
 
 			action = &gtsmodel.AdminAction{
 				ID:             id.NewULID(),
@@ -461,7 +461,7 @@ func (s *Subscriptions) processDomainPermission(
 				Obfuscate:          wantedPerm.GetObfuscate(),
 				SubscriptionID:     permSub.ID,
 			}
-			insertF = func() error { return s.state.DB.CreateDomainAllow(ctx, domainAllow) }
+			insertF = func() error { return s.state.DB.PutDomainAllow(ctx, domainAllow) }
 
 			action = &gtsmodel.AdminAction{
 				ID:             id.NewULID(),
@@ -564,13 +564,13 @@ func permsFromCSV(
 
 	for i, columnHeader := range columnHeaders {
 		// Remove leading # if present.
-		normal := strings.TrimLeft(columnHeader, "#")
+		columnHeader = strings.TrimLeft(columnHeader, "#")
 
 		// Find index of each column header we
 		// care about, ensuring no duplicates.
-		switch normal {
+		switch {
 
-		case "domain":
+		case columnHeader == "domain":
 			if domainI != nil {
 				body.Close()
 				err := gtserror.NewfAt(3, "duplicate domain column header in csv: %+v", columnHeaders)
@@ -578,7 +578,7 @@ func permsFromCSV(
 			}
 			domainI = &i
 
-		case "severity":
+		case columnHeader == "severity":
 			if severityI != nil {
 				body.Close()
 				err := gtserror.NewfAt(3, "duplicate severity column header in csv: %+v", columnHeaders)
@@ -586,15 +586,15 @@ func permsFromCSV(
 			}
 			severityI = &i
 
-		case "public_comment":
+		case columnHeader == "public_comment" || columnHeader == "comment":
 			if publicCommentI != nil {
 				body.Close()
-				err := gtserror.NewfAt(3, "duplicate public_comment column header in csv: %+v", columnHeaders)
+				err := gtserror.NewfAt(3, "duplicate public_comment or comment column header in csv: %+v", columnHeaders)
 				return nil, err
 			}
 			publicCommentI = &i
 
-		case "obfuscate":
+		case columnHeader == "obfuscate":
 			if obfuscateI != nil {
 				body.Close()
 				err := gtserror.NewfAt(3, "duplicate obfuscate column header in csv: %+v", columnHeaders)
@@ -674,15 +674,15 @@ func permsFromCSV(
 			perm.SetPublicComment(record[*publicCommentI])
 		}
 
+		var obfuscate bool
 		if obfuscateI != nil {
-			obfuscate, err := strconv.ParseBool(record[*obfuscateI])
+			obfuscate, err = strconv.ParseBool(record[*obfuscateI])
 			if err != nil {
 				l.Warnf("couldn't parse obfuscate field of record: %+v", record)
 				continue
 			}
-
-			perm.SetObfuscate(&obfuscate)
 		}
+		perm.SetObfuscate(&obfuscate)
 
 		// We're done.
 		perms = append(perms, perm)
@@ -742,8 +742,9 @@ func permsFromJSON(
 		}
 
 		// Set remaining fields.
-		perm.SetPublicComment(apiPerm.PublicComment)
-		perm.SetObfuscate(&apiPerm.Obfuscate)
+		publicComment := cmp.Or(apiPerm.PublicComment, apiPerm.Comment)
+		perm.SetPublicComment(util.PtrOrZero(publicComment))
+		perm.SetObfuscate(util.Ptr(util.PtrOrZero(apiPerm.Obfuscate)))
 
 		// We're done.
 		perms = append(perms, perm)
@@ -792,9 +793,15 @@ func permsFromPlain(
 		var perm gtsmodel.DomainPermission
 		switch permType {
 		case gtsmodel.DomainPermissionBlock:
-			perm = &gtsmodel.DomainBlock{Domain: domain}
+			perm = &gtsmodel.DomainBlock{
+				Domain:    domain,
+				Obfuscate: util.Ptr(false),
+			}
 		case gtsmodel.DomainPermissionAllow:
-			perm = &gtsmodel.DomainAllow{Domain: domain}
+			perm = &gtsmodel.DomainAllow{
+				Domain:    domain,
+				Obfuscate: util.Ptr(false),
+			}
 		}
 
 		// We're done.
diff --git a/internal/subscriptions/subscriptions_test.go b/internal/subscriptions/subscriptions_test.go
index 133db4b7c..4441d8c15 100644
--- a/internal/subscriptions/subscriptions_test.go
+++ b/internal/subscriptions/subscriptions_test.go
@@ -775,7 +775,7 @@ func (suite *SubscriptionsTestSuite) TestAdoption() {
 		existingBlock2,
 		existingBlock3,
 	} {
-		if err := testStructs.State.DB.CreateDomainBlock(
+		if err := testStructs.State.DB.PutDomainBlock(
 			ctx, block,
 		); err != nil {
 			suite.FailNow(err.Error())
@@ -876,7 +876,7 @@ func (suite *SubscriptionsTestSuite) TestDomainAllowsAndBlocks() {
 	}
 
 	// Store existing allow.
-	if err := testStructs.State.DB.CreateDomainAllow(ctx, existingAllow); err != nil {
+	if err := testStructs.State.DB.PutDomainAllow(ctx, existingAllow); err != nil {
 		suite.FailNow(err.Error())
 	}
 
diff --git a/internal/typeutils/internaltofrontend.go b/internal/typeutils/internaltofrontend.go
index b0f5d12fa..62a1ebc1e 100644
--- a/internal/typeutils/internaltofrontend.go
+++ b/internal/typeutils/internaltofrontend.go
@@ -2182,7 +2182,7 @@ func (c *Converter) DomainPermToAPIDomainPerm(
 	domainPerm := &apimodel.DomainPermission{
 		Domain: apimodel.Domain{
 			Domain:        domain,
-			PublicComment: d.GetPublicComment(),
+			PublicComment: util.Ptr(d.GetPublicComment()),
 		},
 	}
 
@@ -2193,8 +2193,8 @@ func (c *Converter) DomainPermToAPIDomainPerm(
 	}
 
 	domainPerm.ID = d.GetID()
-	domainPerm.Obfuscate = util.PtrOrZero(d.GetObfuscate())
-	domainPerm.PrivateComment = d.GetPrivateComment()
+	domainPerm.Obfuscate = d.GetObfuscate()
+	domainPerm.PrivateComment = util.Ptr(d.GetPrivateComment())
 	domainPerm.SubscriptionID = d.GetSubscriptionID()
 	domainPerm.CreatedBy = d.GetCreatedByAccountID()
 	if createdAt := d.GetCreatedAt(); !createdAt.IsZero() {
diff --git a/testrig/transportcontroller.go b/testrig/transportcontroller.go
index bbcb3901d..d66c71179 100644
--- a/testrig/transportcontroller.go
+++ b/testrig/transportcontroller.go
@@ -627,7 +627,7 @@ nothanks.com`
   {
     "domain": "bumfaces.net",
     "suspended_at": "2020-05-13T13:29:12.000Z",
-    "public_comment": "big jerks"
+    "comment": "big jerks"
   },
     {
     "domain": "peepee.poopoo",
diff --git a/web/source/settings/lib/query/admin/domain-permissions/import.ts b/web/source/settings/lib/query/admin/domain-permissions/import.ts
index cbcf44964..a83448a1f 100644
--- a/web/source/settings/lib/query/admin/domain-permissions/import.ts
+++ b/web/source/settings/lib/query/admin/domain-permissions/import.ts
@@ -40,39 +40,19 @@ function importEntriesProcessor(formData: ImportDomainPermsParams): (_entry: Dom
 
 	// Override each obfuscate entry if necessary.
 	if (formData.obfuscate !== undefined) {
-		const obfuscateEntry = (entry: DomainPerm) => {
+		processingFuncs.push((entry: DomainPerm) => {
 			entry.obfuscate = formData.obfuscate;
-		};
-		processingFuncs.push(obfuscateEntry);
+		});
 	}
 
-	// Check whether we need to append or replace
-	// private_comment and public_comment.
+	// Check whether we need to replace
+	// private_comment and/or public_comment.
 	["private_comment","public_comment"].forEach((commentType) => {
-		let text = formData.commentType?.trim();
-		if (!text) {
-			return;
-		}
-
-		switch(formData[`${commentType}_behavior`]) {
-			case "append":
-				const appendComment = (entry: DomainPerm) => {
-					if (entry.commentType == undefined) {
-						entry.commentType = text;
-					} else {
-						entry.commentType = [entry.commentType, text].join("\n");
-					}
-				};
-
-				processingFuncs.push(appendComment);
-				break;
-			case "replace":
-				const replaceComment = (entry: DomainPerm) => {
-					entry.commentType = text;
-				};
-
-				processingFuncs.push(replaceComment);
-				break;
+		if (formData[`replace_${commentType}`]) {
+			const text = formData[commentType]?.trim();
+			processingFuncs.push((entry: DomainPerm) => {
+				entry[commentType] = text;
+			});
 		}
 	});
 
diff --git a/web/source/settings/lib/query/admin/domain-permissions/update.ts b/web/source/settings/lib/query/admin/domain-permissions/update.ts
index a6b4b2039..396c30d6e 100644
--- a/web/source/settings/lib/query/admin/domain-permissions/update.ts
+++ b/web/source/settings/lib/query/admin/domain-permissions/update.ts
@@ -22,6 +22,7 @@ import { gtsApi } from "../../gts-api";
 import {
 	replaceCacheOnMutation,
 	removeFromCacheOnMutation,
+	updateCacheOnMutation,
 } from "../../query-modifiers";
 import { listToKeyedObject } from "../../transforms";
 import type {
@@ -55,6 +56,36 @@ const extended = gtsApi.injectEndpoints({
 			...replaceCacheOnMutation("domainAllows")
 		}),
 
+		updateDomainBlock: build.mutation<DomainPerm, any>({
+			query: ({ id, ...formData}) => ({
+				method: "PUT",
+				url: `/api/v1/admin/domain_blocks/${id}`,
+				asForm: true,
+				body: formData,
+				discardEmpty: false
+			}),
+			...updateCacheOnMutation("domainBlocks", {
+				key: (_draft, newData) => {
+					return newData.domain;
+				}
+			})
+		}),
+
+		updateDomainAllow: build.mutation<DomainPerm, any>({
+			query: ({ id, ...formData}) => ({
+				method: "PUT",
+				url: `/api/v1/admin/domain_allows/${id}`,
+				asForm: true,
+				body: formData,
+				discardEmpty: false
+			}),
+			...updateCacheOnMutation("domainAllows", {
+				key: (_draft, newData) => {
+					return newData.domain;
+				}
+			})
+		}),
+
 		removeDomainBlock: build.mutation<DomainPerm, string>({
 			query: (id) => ({
 				method: "DELETE",
@@ -91,6 +122,16 @@ const useAddDomainBlockMutation = extended.useAddDomainBlockMutation;
  */
 const useAddDomainAllowMutation = extended.useAddDomainAllowMutation;
 
+/**
+ * Update a single domain permission (block) by PUTing to `/api/v1/admin/domain_blocks/{id}`.
+ */
+const useUpdateDomainBlockMutation = extended.useUpdateDomainBlockMutation;
+
+/**
+ * Update a single domain permission (allow) by PUTing to `/api/v1/admin/domain_allows/{id}`.
+ */
+const useUpdateDomainAllowMutation = extended.useUpdateDomainAllowMutation;
+
 /**
  * Remove a single domain permission (block) by DELETEing to `/api/v1/admin/domain_blocks/{id}`.
  */
@@ -104,6 +145,8 @@ const useRemoveDomainAllowMutation = extended.useRemoveDomainAllowMutation;
 export {
 	useAddDomainBlockMutation,
 	useAddDomainAllowMutation,
+	useUpdateDomainBlockMutation,
+	useUpdateDomainAllowMutation,
 	useRemoveDomainBlockMutation,
 	useRemoveDomainAllowMutation
 };
diff --git a/web/source/settings/lib/types/domain-permission.ts b/web/source/settings/lib/types/domain-permission.ts
index c4560d79b..27c4b56c9 100644
--- a/web/source/settings/lib/types/domain-permission.ts
+++ b/web/source/settings/lib/types/domain-permission.ts
@@ -46,8 +46,8 @@ export interface DomainPerm {
 	valid?: boolean;
 	checked?: boolean;
 	commentType?: string;
-	private_comment_behavior?: "append" | "replace";
-	public_comment_behavior?: "append" | "replace";
+	replace_private_comment?: boolean;
+	replace_public_comment?: boolean;
 }
 
 /**
@@ -65,8 +65,8 @@ const domainPermStripOnImport: Set<keyof DomainPerm> = new Set([
 	"valid",
 	"checked",
 	"commentType",
-	"private_comment_behavior",
-	"public_comment_behavior",
+	"replace_private_comment",
+	"replace_public_comment",
 ]);
 
 /**
diff --git a/web/source/settings/style.css b/web/source/settings/style.css
index fc146cdd7..c05072043 100644
--- a/web/source/settings/style.css
+++ b/web/source/settings/style.css
@@ -618,6 +618,15 @@ span.form-info {
 	}
 }
 
+section > div.domain-block,
+section > div.domain-allow {
+	height: 100%;
+
+	> a {
+		margin-top: auto;
+	}
+}
+
 .domain-permissions-list {
 	p {
 		margin-top: 0;
@@ -976,32 +985,26 @@ button.tab-button {
 
 .domain-perm-import-list {
 	.checkbox-list-wrapper {
-		overflow-x: auto;
 		display: grid;
 		gap: 1rem;
 	}
 
 	.checkbox-list {
+		overflow-x: auto;
 
 		.header {
+			align-items: center;
 			input[type="checkbox"] {
-				align-self: start;
 				height: 1.5rem;
 			}
 		}
 
 		.entry {
-			gap: 0;
-			width: 100%;
-			grid-template-columns: auto minmax(25ch, 2fr) minmax(40ch, 1fr);
-			grid-template-rows: auto 1fr;
-
-			input[type="checkbox"] {
-				margin-right: 1rem;
-			}
+			grid-template-columns: auto max(50%, 14rem) 1fr;
+			column-gap: 1rem;
+			align-items: center;
 
 			.domain-input {
-				margin-right: 0.5rem;
 				display: grid;
 				grid-template-columns: 1fr $fa-fw;
 				gap: 0.5rem;
@@ -1020,13 +1023,21 @@ button.tab-button {
 			}
 
 			p {
-				align-self: center;
 				margin: 0;
-				grid-column: 4;
-				grid-row: 1 / span 2;
 			}
 		}
 	}
+
+	.set-comment-checkbox {
+		display: flex;
+		flex-direction: column;
+		gap: 0.25rem;
+
+		padding: 0.5rem 1rem 1rem 1rem;
+		width: 100%;
+		border: 0.1rem solid var(--gray1);
+		border-radius: 0.1rem;
+	}
 }
 
 .import-export {
@@ -1406,6 +1417,7 @@ button.tab-button {
 	}
 }
 
+.domain-permission-details,
 .domain-permission-draft-details,
 .domain-permission-exclude-details,
 .domain-permission-subscription-details {
@@ -1414,6 +1426,7 @@ button.tab-button {
 	}
 }
 
+.domain-permission-details,
 .domain-permission-drafts-view,
 .domain-permission-draft-details,
 .domain-permission-subscriptions-view,
diff --git a/web/source/settings/views/moderation/domain-permissions/detail.tsx b/web/source/settings/views/moderation/domain-permissions/detail.tsx
index 0105d9615..e8ef487e3 100644
--- a/web/source/settings/views/moderation/domain-permissions/detail.tsx
+++ b/web/source/settings/views/moderation/domain-permissions/detail.tsx
@@ -32,8 +32,18 @@ import Loading from "../../../components/loading";
 import BackButton from "../../../components/back-button";
 import MutationButton from "../../../components/form/mutation-button";
 
-import { useDomainAllowsQuery, useDomainBlocksQuery } from "../../../lib/query/admin/domain-permissions/get";
-import { useAddDomainAllowMutation, useAddDomainBlockMutation, useRemoveDomainAllowMutation, useRemoveDomainBlockMutation } from "../../../lib/query/admin/domain-permissions/update";
+import { 
+	useDomainAllowsQuery,
+	useDomainBlocksQuery,
+} from "../../../lib/query/admin/domain-permissions/get";
+import {
+	useAddDomainAllowMutation,
+	useAddDomainBlockMutation,
+	useRemoveDomainAllowMutation,
+	useRemoveDomainBlockMutation,
+	useUpdateDomainAllowMutation,
+	useUpdateDomainBlockMutation,
+} from "../../../lib/query/admin/domain-permissions/update";
 import { DomainPerm } from "../../../lib/types/domain-permission";
 import { NoArg } from "../../../lib/types/query";
 import { Error } from "../../../components/error";
@@ -41,8 +51,10 @@ import { useBaseUrl } from "../../../lib/navigation/util";
 import { PermType } from "../../../lib/types/perm";
 import { useCapitalize } from "../../../lib/util";
 import { formDomainValidator } from "../../../lib/util/formvalidators";
+import UsernameLozenge from "../../../components/username-lozenge";
+import { FormSubmitEvent } from "../../../lib/form/types";
 
-export default function DomainPermDetail() {
+export default function DomainPermView() {
 	const baseUrl = useBaseUrl();
 	const search = useSearch();
 
@@ -101,33 +113,16 @@ export default function DomainPermDetail() {
 		? blocks[domain]
 		: allows[domain];
 	
-	// Render different into content depending on
-	// if we have a perm already for this domain.
-	let infoContent: React.JSX.Element;
-	if (existingPerm === undefined) {
-		infoContent = (
-			<span>
-				No stored {permType} yet, you can add one below:
-			</span>
-		);
-	} else {
-		infoContent = (
-			<div className="info">
-				<i className="fa fa-fw fa-exclamation-triangle" aria-hidden="true"></i>
-				<b>Editing existing domain {permTypeRaw} isn't implemented yet, <a href="https://github.com/superseriousbusiness/gotosocial/issues/1198" target="_blank" rel="noopener noreferrer">check here for progress</a></b>
-			</div>
-		);
-	}
+	const title = <span>Domain {permType} for {domain}</span>;
 
 	return (
-		<div>
-			<h1 className="text-cutoff">
-				<BackButton to={`~${baseUrl}/${permTypeRaw}`} />
-				{" "}
-				Domain {permType} for {domain}
-			</h1>
-			{infoContent}
-			<DomainPermForm
+		<div className="domain-permission-details">
+			<h1><BackButton to={`~${baseUrl}/${permTypeRaw}`} /> {title}</h1>
+			{ existingPerm
+				? <DomainPermDetails perm={existingPerm} permType={permType} />
+				: <span>No stored {permType} yet, you can add one below:</span>
+			}
+			<CreateOrUpdateDomainPerm
 				defaultDomain={domain}
 				perm={existingPerm}
 				permType={permType}
@@ -136,23 +131,75 @@ export default function DomainPermDetail() {
 	);
 }
 
-interface DomainPermFormProps {
+interface DomainPermDetailsProps {
+	perm: DomainPerm,
+	permType: PermType,
+}
+
+function DomainPermDetails({
+	perm,
+	permType
+}: DomainPermDetailsProps) {
+	const baseUrl = useBaseUrl();
+	const [ location ] = useLocation();
+	
+	const created = useMemo(() => {
+		if (perm.created_at) {
+			return new Date(perm.created_at).toDateString();
+		}
+		return "unknown";
+	}, [perm.created_at]);
+
+	return (
+		<dl className="info-list">
+			<div className="info-list-entry">
+				<dt>Created</dt>
+				<dd><time dateTime={perm.created_at}>{created}</time></dd>
+			</div>
+			<div className="info-list-entry">
+				<dt>Created By</dt>
+				<dd>
+					<UsernameLozenge
+						account={perm.created_by}
+						linkTo={`~/settings/moderation/accounts/${perm.created_by}`}
+						backLocation={`~${baseUrl}${location}`}
+					/>
+				</dd>
+			</div>
+			<div className="info-list-entry">
+				<dt>Domain</dt>
+				<dd>{perm.domain}</dd>
+			</div>
+			<div className="info-list-entry">
+				<dt>Permission type</dt>
+				<dd className={`permission-type ${permType}`}>
+					<i
+						aria-hidden={true}
+						className={`fa fa-${permType === "allow" ? "check" : "close"}`}
+					></i>
+					{permType}
+				</dd>
+			</div>
+			<div className="info-list-entry">
+				<dt>Subscription ID</dt>
+				<dd>{perm.subscription_id ?? "[none]"}</dd>
+			</div>
+		</dl>
+	);
+}
+
+interface CreateOrUpdateDomainPermProps {
 	defaultDomain: string;
 	perm?: DomainPerm;
 	permType: PermType;
 }
 
-function DomainPermForm({ defaultDomain, perm, permType }: DomainPermFormProps) {
+function CreateOrUpdateDomainPerm({
+	defaultDomain,
+	perm,
+	permType
+}: CreateOrUpdateDomainPermProps) {
 	const isExistingPerm = perm !== undefined;
-	const disabledForm = isExistingPerm
-		? {
-			disabled: true,
-			title: "Domain permissions currently cannot be edited."
-		}
-		: {
-			disabled: false,
-			title: "",
-		};
 
 	const form = {
 		domain: useTextInput("domain", {
@@ -161,8 +208,8 @@ function DomainPermForm({ defaultDomain, perm, permType }: DomainPermFormProps)
 			validator: formDomainValidator,
 		}),
 		obfuscate: useBoolInput("obfuscate", { source: perm }),
-		commentPrivate: useTextInput("private_comment", { source: perm }),
-		commentPublic: useTextInput("public_comment", { source: perm })
+		privateComment: useTextInput("private_comment", { source: perm }),
+		publicComment: useTextInput("public_comment", { source: perm })
 	};
 
 	// Check which perm type we're meant to be handling
@@ -171,112 +218,132 @@ function DomainPermForm({ defaultDomain, perm, permType }: DomainPermFormProps)
 	// react is like "weh" (mood), but we can decide
 	// which ones to use conditionally.
 	const [ addBlock, addBlockResult ] = useAddDomainBlockMutation();
+	const [ updateBlock, updateBlockResult ] = useUpdateDomainBlockMutation({ fixedCacheKey: perm?.id });
 	const [ removeBlock, removeBlockResult] = useRemoveDomainBlockMutation({ fixedCacheKey: perm?.id });
 	const [ addAllow, addAllowResult ] = useAddDomainAllowMutation();
+	const [ updateAllow, updateAllowResult ] = useUpdateDomainAllowMutation({ fixedCacheKey: perm?.id });
 	const [ removeAllow, removeAllowResult ] = useRemoveDomainAllowMutation({ fixedCacheKey: perm?.id });
 	
 	const [
-		addTrigger,
-		addResult,
+		createOrUpdateTrigger,
+		createOrUpdateResult,
 		removeTrigger,
 		removeResult,
 	] = useMemo(() => {
-		return permType == "block"
-			? [
-				addBlock,
-				addBlockResult,
-				removeBlock,
-				removeBlockResult,
-			]
-			: [
-				addAllow,
-				addAllowResult,
-				removeAllow,
-				removeAllowResult,
-			];
-	}, [permType,
-		addBlock, addBlockResult, removeBlock, removeBlockResult,
-		addAllow, addAllowResult, removeAllow, removeAllowResult,
+		switch (true) {
+			case (permType === "block" && !isExistingPerm):
+				return [ addBlock, addBlockResult, removeBlock, removeBlockResult ];
+			case (permType === "block"):
+				return [ updateBlock, updateBlockResult, removeBlock, removeBlockResult ];
+			case !isExistingPerm:
+				return [ addAllow, addAllowResult, removeAllow, removeAllowResult ];
+			default:
+				return [ updateAllow, updateAllowResult, removeAllow, removeAllowResult ];
+		}
+	}, [permType, isExistingPerm,
+		addBlock, addBlockResult, updateBlock, updateBlockResult, removeBlock, removeBlockResult,
+		addAllow, addAllowResult, updateAllow, updateAllowResult, removeAllow, removeAllowResult,
 	]);
 
-	// Use appropriate submission params for this permType.
-	const [submitForm, submitFormResult] = useFormSubmit(form, [addTrigger, addResult], { changedOnly: false });
+	// Use appropriate submission params for this
+	// permType, and whether we're creating or updating.
+	const [submit, submitResult] = useFormSubmit(
+		form,
+		[ createOrUpdateTrigger, createOrUpdateResult ],
+		{
+			changedOnly: isExistingPerm,
+			// If we're updating an existing perm,
+			// insert the perm ID into the mutation
+			// data before submitting. Otherwise just
+			// return the mutationData unmodified.
+			customizeMutationArgs: (mutationData) => {
+				if (isExistingPerm) {
+					return {
+						id: perm?.id,
+						...mutationData,
+					};
+				} else {
+					return mutationData;
+				}
+			},
+		},
+	);
 
 	// Uppercase first letter of given permType.
 	const permTypeUpper = useCapitalize(permType);
 
 	const [location, setLocation] = useLocation();
-
-	function verifyUrlThenSubmit(e) {
+	function onSubmit(e: FormSubmitEvent) {
 		// Adding a new domain permissions happens on a url like
 		// "/settings/admin/domain-permissions/:permType/domain.com",
 		// but if domain input changes, that doesn't match anymore
 		// and causes issues later on so, before submitting the form,
 		// silently change url, and THEN submit.
-		let correctUrl = `/${permType}s/${form.domain.value}`;
-		if (location != correctUrl) {
-			setLocation(correctUrl);
+		if (!isExistingPerm) {
+			let correctUrl = `/${permType}s/${form.domain.value}`;
+			if (location != correctUrl) {
+				setLocation(correctUrl);
+			}
 		}
-		return submitForm(e);
+		return submit(e);
 	}
 
 	return (
-		<form onSubmit={verifyUrlThenSubmit}>
-			<TextInput
-				field={form.domain}
-				label="Domain"
-				placeholder="example.com"
-				autoCapitalize="none"
-				spellCheck="false"
-				{...disabledForm}
-			/>
+		<form onSubmit={onSubmit}>
+			{ !isExistingPerm && 
+				<TextInput
+					field={form.domain}
+					label="Domain"
+					placeholder="example.com"
+					autoCapitalize="none"
+					spellCheck="false"
+				/>
+			}
 
 			<Checkbox
 				field={form.obfuscate}
 				label="Obfuscate domain in public lists"
-				{...disabledForm}
 			/>
 
 			<TextArea
-				field={form.commentPrivate}
+				field={form.privateComment}
 				label="Private comment"
 				autoCapitalize="sentences"
 				rows={3}
-				{...disabledForm}
 			/>
 
 			<TextArea
-				field={form.commentPublic}
+				field={form.publicComment}
 				label="Public comment"
 				autoCapitalize="sentences"
 				rows={3}
-				{...disabledForm}
 			/>
 
 			<div className="action-buttons row">
 				<MutationButton
-					label={permTypeUpper}
-					result={submitFormResult}
-					showError={false}
-					{...disabledForm}
+					label={isExistingPerm ? "Update " + permType.toString() : permTypeUpper}
+					result={submitResult}
+					disabled={
+						isExistingPerm &&
+						!form.obfuscate.hasChanged() &&
+						!form.privateComment.hasChanged() &&
+						!form.publicComment.hasChanged()
+					}
 				/>
 
-				{
-					isExistingPerm &&
-					<MutationButton
+				{ isExistingPerm &&
+					<button
 						type="button"
 						onClick={() => removeTrigger(perm.id?? "")}
-						label="Remove"
-						result={removeResult}
 						className="button danger"
-						showError={false}
-						disabled={!isExistingPerm}
-					/>
+					>
+						Remove {permType.toString()}
+					</button>
 				}
 			</div>
 
 			<>
-				{addResult.error && <Error error={addResult.error} />}
+				{createOrUpdateResult.error && <Error error={createOrUpdateResult.error} />}
 				{removeResult.error && <Error error={removeResult.error} />}
 			</>
 
diff --git a/web/source/settings/views/moderation/domain-permissions/import-export.tsx b/web/source/settings/views/moderation/domain-permissions/import-export.tsx
index 89f385107..d3541c6e7 100644
--- a/web/source/settings/views/moderation/domain-permissions/import-export.tsx
+++ b/web/source/settings/views/moderation/domain-permissions/import-export.tsx
@@ -61,7 +61,7 @@ export default function ImportExport() {
 									>
 										&lt; back
 									</span>
-									&nbsp; Confirm import of domain {form.permType.value}s:
+									&nbsp; Confirm {form.permType.value}s:
 								</h1>
 								<ProcessImport
 									list={parseResult.data}
diff --git a/web/source/settings/views/moderation/domain-permissions/process.tsx b/web/source/settings/views/moderation/domain-permissions/process.tsx
index d54d7399c..7338e4424 100644
--- a/web/source/settings/views/moderation/domain-permissions/process.tsx
+++ b/web/source/settings/views/moderation/domain-permissions/process.tsx
@@ -24,14 +24,12 @@ import { isValidDomainPermission, hasBetterScope } from "../../../lib/util/domai
 import {
 	useTextInput,
 	useBoolInput,
-	useRadioInput,
 	useCheckListInput,
 } from "../../../lib/form";
 
 import {
 	Select,
 	TextArea,
-	RadioGroup,
 	Checkbox,
 	TextInput,
 } from "../../../components/form/inputs";
@@ -113,84 +111,81 @@ function ImportList({ list, data: domainPerms, permType }: ImportListProps) {
 		privateComment: useTextInput("private_comment", {
 			defaultValue: `Imported on ${new Date().toLocaleString()}`
 		}),
-		privateCommentBehavior: useRadioInput("private_comment_behavior", {
-			defaultValue: "append",
-			options: {
-				append: "Append to",
-				replace: "Replace"
-			}
-		}),
+		replacePrivateComment: useBoolInput("replace_private_comment", { defaultValue: false }),
 		publicComment: useTextInput("public_comment"),
-		publicCommentBehavior: useRadioInput("public_comment_behavior", {
-			defaultValue: "append",
-			options: {
-				append: "Append to",
-				replace: "Replace"
-			}
-		}),
+		replacePublicComment: useBoolInput("replace_public_comment", { defaultValue: false }),
 		permType: permType,
 	};
 
-	const [importDomains, importResult] = useFormSubmit(form, useImportDomainPermsMutation(), { changedOnly: false });
+	const [importDomains, importResult] = useFormSubmit(
+		form,
+		useImportDomainPermsMutation(),
+		{ changedOnly: false },
+	);
 
 	return (
-		<>
-			<form
-				onSubmit={importDomains}
-				className="domain-perm-import-list"
-			>
-				<span>{list.length} domain{list.length != 1 ? "s" : ""} in this list</span>
+		<form
+			onSubmit={importDomains}
+			className="domain-perm-import-list"
+		>
+			<span>{list.length} domain{list.length != 1 ? "s" : ""} in this list</span>
 
-				{hasComment.both &&
+			{hasComment.both &&
 					<Select field={showComment} options={
 						<>
 							<option value="public_comment">Show public comments</option>
 							<option value="private_comment">Show private comments</option>
 						</>
 					} />
-				}
+			}
 
-				<div className="checkbox-list-wrapper">
-					<DomainCheckList
-						field={form.domains}
-						domainPerms={domainPerms}
-						commentType={showComment.value as "public_comment" | "private_comment"}
-						permType={form.permType}
-					/>
-				</div>
+			<div className="checkbox-list-wrapper">
+				<DomainCheckList
+					field={form.domains}
+					domainPerms={domainPerms}
+					commentType={showComment.value as "public_comment" | "private_comment"}
+					permType={form.permType}
+				/>
+			</div>
 
+			<Checkbox
+				field={form.obfuscate}
+				label="Obfuscate domains in public lists"
+			/>
+
+			<div className="set-comment-checkbox">
+				<Checkbox
+					field={form.replacePrivateComment}
+					label="Set/replace private comment(s) to:"
+				/>
 				<TextArea
 					field={form.privateComment}
-					label="Private comment"
 					rows={3}
+					disabled={!form.replacePrivateComment.value}
+					placeholder="Private comment"
 				/>
-				<RadioGroup
-					field={form.privateCommentBehavior}
-					label="imported private comment"
-				/>
+			</div>
 
+			<div className="set-comment-checkbox">
+				<Checkbox
+					field={form.replacePublicComment}
+					label="Set/replace public comment(s) to:"
+				/>
 				<TextArea
 					field={form.publicComment}
-					label="Public comment"
 					rows={3}
+					disabled={!form.replacePublicComment.value}
+					placeholder="Public comment"
 				/>
-				<RadioGroup
-					field={form.publicCommentBehavior}
-					label="imported public comment"
-				/>
+			</div>
 
-				<Checkbox
-					field={form.obfuscate}
-					label="Obfuscate domains in public lists"
-				/>
 
-				<MutationButton
-					label="Import"
-					disabled={false}
-					result={importResult}
-				/>
-			</form>
-		</>
+			<MutationButton
+				label="Import"
+				disabled={false}
+				result={importResult}
+			/>
+		</form>
 	);
 }
 
diff --git a/web/source/settings/views/moderation/router.tsx b/web/source/settings/views/moderation/router.tsx
index 90214188f..e92a64641 100644
--- a/web/source/settings/views/moderation/router.tsx
+++ b/web/source/settings/views/moderation/router.tsx
@@ -25,7 +25,7 @@ import ReportDetail from "./reports/detail";
 import { ErrorBoundary } from "../../lib/navigation/error";
 import ImportExport from "./domain-permissions/import-export";
 import DomainPermissionsOverview from "./domain-permissions/overview";
-import DomainPermDetail from "./domain-permissions/detail";
+import DomainPermView from "./domain-permissions/detail";
 import AccountsSearch from "./accounts";
 import AccountsPending from "./accounts/pending";
 import AccountDetail from "./accounts/detail";
@@ -160,7 +160,7 @@ function ModerationDomainPermsRouter() {
 						<Route path="/subscriptions/preview" component={DomainPermissionSubscriptionsPreview} />
 						<Route path="/subscriptions/:permSubId" component={DomainPermissionSubscriptionDetail} />
 						<Route path="/:permType" component={DomainPermissionsOverview} />
-						<Route path="/:permType/:domain" component={DomainPermDetail} />
+						<Route path="/:permType/:domain" component={DomainPermView} />
 						<Route><Redirect to="/blocks"/></Route>
 					</Switch>
 				</ErrorBoundary>

From 650be1e8d0a805ab41ea9ce599023b87fffa18a3 Mon Sep 17 00:00:00 2001
From: tobi <31960611+tsmethurst@users.noreply.github.com>
Date: Sat, 5 Apr 2025 15:25:21 +0200
Subject: [PATCH 08/15] [feature] Allow deleting avatar + header via settings
 panel (#3970)

---
 web/source/settings/lib/query/user/index.ts | 21 +++++++-
 web/source/settings/style.css               |  6 +++
 web/source/settings/views/user/profile.tsx  | 54 +++++++++++++++++----
 3 files changed, 70 insertions(+), 11 deletions(-)

diff --git a/web/source/settings/lib/query/user/index.ts b/web/source/settings/lib/query/user/index.ts
index 0df926eb3..80aeea2a4 100644
--- a/web/source/settings/lib/query/user/index.ts
+++ b/web/source/settings/lib/query/user/index.ts
@@ -26,10 +26,11 @@ import type {
 import type { Theme } from "../../types/theme";
 import { User } from "../../types/user";
 import { DefaultInteractionPolicies, UpdateDefaultInteractionPolicies } from "../../types/interaction";
+import { Account } from "../../types/account";
 
 const extended = gtsApi.injectEndpoints({
 	endpoints: (build) => ({
-		updateCredentials: build.mutation({
+		updateCredentials: build.mutation<Account, any>({
 			query: (formData) => ({
 				method: "PATCH",
 				url: `/api/v1/accounts/update_credentials`,
@@ -39,6 +40,22 @@ const extended = gtsApi.injectEndpoints({
 			}),
 			...replaceCacheOnMutation("verifyCredentials")
 		}),
+
+		deleteHeader: build.mutation<Account, void>({
+			query: (_) => ({
+				method: "DELETE",
+				url: `/api/v1/profile/header`,
+			}),
+			...replaceCacheOnMutation("verifyCredentials")
+		}),
+
+		deleteAvatar: build.mutation<Account, void>({
+			query: (_) => ({
+				method: "DELETE",
+				url: `/api/v1/profile/avatar`,
+			}),
+			...replaceCacheOnMutation("verifyCredentials")
+		}),
 		
 		user: build.query<User, void>({
 			query: () => ({url: `/api/v1/user`})
@@ -122,6 +139,8 @@ const extended = gtsApi.injectEndpoints({
 
 export const {
 	useUpdateCredentialsMutation,
+	useDeleteHeaderMutation,
+	useDeleteAvatarMutation,
 	useUserQuery,
 	usePasswordChangeMutation,
 	useEmailChangeMutation,
diff --git a/web/source/settings/style.css b/web/source/settings/style.css
index c05072043..2afb44c42 100644
--- a/web/source/settings/style.css
+++ b/web/source/settings/style.css
@@ -447,6 +447,12 @@ section.with-sidebar > form {
 	flex-direction: column;
 	justify-content: space-around;
 	gap: 0.5rem;
+
+	.delete-header-button,
+	.delete-avatar-button {
+		margin-top: 0.5rem;
+		font-size: 1rem;
+	}
 }
 
 /*
diff --git a/web/source/settings/views/user/profile.tsx b/web/source/settings/views/user/profile.tsx
index 9ea948337..d6fcbf56d 100644
--- a/web/source/settings/views/user/profile.tsx
+++ b/web/source/settings/views/user/profile.tsx
@@ -17,7 +17,7 @@
 	along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 
-import React, { useMemo } from "react";
+import React, { useMemo, useState } from "react";
 
 import {
 	useTextInput,
@@ -41,7 +41,7 @@ import FormWithData from "../../lib/form/form-with-data";
 import FakeProfile from "../../components/profile";
 import MutationButton from "../../components/form/mutation-button";
 
-import { useAccountThemesQuery } from "../../lib/query/user";
+import { useAccountThemesQuery, useDeleteAvatarMutation, useDeleteHeaderMutation } from "../../lib/query/user";
 import { useUpdateCredentialsMutation } from "../../lib/query/user";
 import { useVerifyCredentialsQuery } from "../../lib/query/login";
 import { useInstanceV1Query } from "../../lib/query/gts-api";
@@ -116,17 +116,23 @@ function UserProfileForm({ data: profile }: UserProfileFormProps) {
 		theme: useTextInput("theme", { source: profile }),
 	};
 
+	const [ noHeader, setNoHeader ] = useState(!profile.header_media_id);
+	const [ deleteHeader, deleteHeaderRes ] = useDeleteHeaderMutation();
+	const [ noAvatar, setNoAvatar ] = useState(!profile.avatar_media_id);
+	const [ deleteAvatar, deleteAvatarRes ] = useDeleteAvatarMutation();
+
 	const [submitForm, result] = useFormSubmit(form, useUpdateCredentialsMutation(), {
 		changedOnly: true,
-		onFinish: () => {
-			form.avatar.reset();
-			form.header.reset();
+		onFinish: (res) => {
+			if ('data' in res) {
+				form.avatar.reset();
+				form.header.reset();
+				setNoAvatar(!res.data.avatar_media_id);
+				setNoHeader(!res.data.header_media_id);
+			}
 		}
 	});
 
-	const noAvatarSet = !profile.avatar_media_id;
-	const noHeaderSet = !profile.header_media_id;
-
 	return (
 		<form className="user-profile" onSubmit={submitForm}>
 			<h1>Profile</h1>
@@ -152,7 +158,21 @@ function UserProfileForm({ data: profile }: UserProfileFormProps) {
 						label="Image description; only settable if not using default header"
 						placeholder="A green field with pink flowers."
 						autoCapitalize="sentences"
-						disabled={noHeaderSet && !form.header.value}
+						disabled={noHeader && !form.header.value}
+					/>
+					<MutationButton
+						className="delete-header-button"
+						label="Delete header"
+						disabled={noHeader}
+						result={deleteHeaderRes}
+						onClick={(e) => {
+							e.preventDefault();
+							deleteHeader().then(res => {
+								if ('data' in res) {
+									setNoHeader(true);
+								}
+							});
+						}}
 					/>
 				</fieldset>
 				
@@ -168,7 +188,21 @@ function UserProfileForm({ data: profile }: UserProfileFormProps) {
 						label="Image description; only settable if not using default avatar"
 						placeholder="A cute drawing of a smiling sloth."
 						autoCapitalize="sentences"
-						disabled={noAvatarSet && !form.avatar.value}
+						disabled={noAvatar && !form.avatar.value}
+					/>
+					<MutationButton
+						className="delete-avatar-button"
+						label="Delete avatar"
+						disabled={noAvatar}
+						result={deleteAvatarRes}
+						onClick={(e) => {
+							e.preventDefault();
+							deleteAvatar().then(res => {
+								if ('data' in res) {
+									setNoAvatar(true);
+								}
+							});
+						}}
 					/>
 				</fieldset>
 

From 8ae2440da3a9b66c379c5a9444b50e758deef61b Mon Sep 17 00:00:00 2001
From: tobi <31960611+tsmethurst@users.noreply.github.com>
Date: Sun, 6 Apr 2025 14:39:40 +0200
Subject: [PATCH 09/15] [chore] Migrate accounts to new table, relax uniqueness
 constraint of actor `url` and collections (#3928)

* [chore] Migrate accounts to new table, relax uniqueness constraint of actor url and collections

* fiddle with it! (that's what she said)

* remove unused cache fields

* sillyness

* fix tiny whoopsie
---
 .../api/activitypub/users/inboxpost_test.go   |   3 +-
 .../api/client/accounts/accountverify_test.go |   2 +-
 .../api/client/admin/accountsgetv2_test.go    |   2 +-
 internal/api/client/search/searchget_test.go  |   3 +-
 .../wellknown/webfinger/webfingerget_test.go  |   3 +-
 internal/cache/db.go                          |   7 +-
 internal/cache/size.go                        |   9 +-
 internal/db/account.go                        |  34 +-
 internal/db/bundb/account.go                  | 148 ++++---
 internal/db/bundb/account_test.go             | 125 ++----
 internal/db/bundb/admin.go                    |   5 +-
 internal/db/bundb/basic_test.go               |   3 +-
 ...0321131230_relax_account_uri_uniqueness.go | 398 ++++++++++++++++++
 .../common/common.go                          |  26 ++
 .../new/account.go                            |  98 +++++
 .../old/account.go                            |  70 +++
 internal/db/error.go                          |   4 +
 internal/federation/authenticate.go           |   2 +
 internal/federation/dereferencing/account.go  |  54 ++-
 .../federation/dereferencing/account_test.go  |  19 +-
 internal/federation/dereferencing/status.go   |  52 ++-
 internal/federation/federatingdb/followers.go |   2 +-
 internal/federation/federatingdb/following.go |   2 +-
 internal/federation/federatingdb/outbox.go    |   4 +-
 internal/federation/federatingdb/util.go      |  64 +--
 internal/gtsmodel/account.go                  | 343 ++++++++++++---
 internal/processing/account/alias.go          |   5 +
 internal/processing/account/delete.go         |   4 +-
 internal/processing/account/delete_test.go    |   2 +-
 internal/processing/account/get.go            |   3 +
 internal/processing/account/move.go           |   6 +-
 internal/processing/account/update.go         |   4 +-
 internal/processing/search/get.go             |  39 +-
 .../processing/workers/fromfediapi_move.go    |   3 +
 internal/trans/import_test.go                 |   3 +-
 internal/trans/model/account.go               |   4 +-
 internal/typeutils/astointernal.go            |  19 +-
 internal/typeutils/astointernal_test.go       |   3 +-
 internal/typeutils/internaltoas.go            |   5 +-
 internal/typeutils/internaltoas_test.go       |   3 +-
 internal/typeutils/internaltofrontend.go      |   5 +-
 internal/typeutils/internaltofrontend_test.go |   4 +-
 testrig/testmodels.go                         | 270 ++++--------
 43 files changed, 1298 insertions(+), 566 deletions(-)
 create mode 100644 internal/db/bundb/migrations/20250321131230_relax_account_uri_uniqueness.go
 create mode 100644 internal/db/bundb/migrations/20250321131230_relax_account_uri_uniqueness/common/common.go
 create mode 100644 internal/db/bundb/migrations/20250321131230_relax_account_uri_uniqueness/new/account.go
 create mode 100644 internal/db/bundb/migrations/20250321131230_relax_account_uri_uniqueness/old/account.go

diff --git a/internal/api/activitypub/users/inboxpost_test.go b/internal/api/activitypub/users/inboxpost_test.go
index 4f8e76190..4c23ba27b 100644
--- a/internal/api/activitypub/users/inboxpost_test.go
+++ b/internal/api/activitypub/users/inboxpost_test.go
@@ -376,10 +376,9 @@ func (suite *InboxPostTestSuite) TestPostUpdate() {
 	suite.EqualValues(requestingAccount.HeaderMediaAttachment, dbUpdatedAccount.HeaderMediaAttachment)
 	suite.EqualValues(requestingAccount.HeaderRemoteURL, dbUpdatedAccount.HeaderRemoteURL)
 	suite.EqualValues(requestingAccount.Note, dbUpdatedAccount.Note)
-	suite.EqualValues(requestingAccount.Memorial, dbUpdatedAccount.Memorial)
+	suite.EqualValues(requestingAccount.MemorializedAt, dbUpdatedAccount.MemorializedAt)
 	suite.EqualValues(requestingAccount.AlsoKnownAsURIs, dbUpdatedAccount.AlsoKnownAsURIs)
 	suite.EqualValues(requestingAccount.MovedToURI, dbUpdatedAccount.MovedToURI)
-	suite.EqualValues(requestingAccount.Bot, dbUpdatedAccount.Bot)
 	suite.EqualValues(requestingAccount.Locked, dbUpdatedAccount.Locked)
 	suite.EqualValues(requestingAccount.Discoverable, dbUpdatedAccount.Discoverable)
 	suite.EqualValues(requestingAccount.URI, dbUpdatedAccount.URI)
diff --git a/internal/api/client/accounts/accountverify_test.go b/internal/api/client/accounts/accountverify_test.go
index df5c21389..eaa22abcf 100644
--- a/internal/api/client/accounts/accountverify_test.go
+++ b/internal/api/client/accounts/accountverify_test.go
@@ -88,7 +88,7 @@ func (suite *AccountVerifyTestSuite) TestAccountVerifyGet() {
 	suite.Equal(testAccount.Username, apimodelAccount.Acct)
 	suite.Equal(testAccount.DisplayName, apimodelAccount.DisplayName)
 	suite.Equal(*testAccount.Locked, apimodelAccount.Locked)
-	suite.Equal(*testAccount.Bot, apimodelAccount.Bot)
+	suite.False(apimodelAccount.Bot)
 	suite.WithinDuration(testAccount.CreatedAt, createdAt, 30*time.Second) // we lose a bit of accuracy serializing so fuzz this a bit
 	suite.Equal(testAccount.URL, apimodelAccount.URL)
 	suite.Equal("http://localhost:8080/fileserver/01F8MH1H7YV1Z7D2C8K2730QBF/avatar/original/01F8MH58A357CV5K7R7TJMSH6S.jpg", apimodelAccount.Avatar)
diff --git a/internal/api/client/admin/accountsgetv2_test.go b/internal/api/client/admin/accountsgetv2_test.go
index 339c97431..2a2c89780 100644
--- a/internal/api/client/admin/accountsgetv2_test.go
+++ b/internal/api/client/admin/accountsgetv2_test.go
@@ -204,7 +204,7 @@ func (suite *AccountsGetTestSuite) TestAccountsGetFromTop() {
       "display_name": "",
       "locked": false,
       "discoverable": true,
-      "bot": false,
+      "bot": true,
       "created_at": "2020-05-17T13:10:59.000Z",
       "note": "",
       "url": "http://localhost:8080/@localhost:8080",
diff --git a/internal/api/client/search/searchget_test.go b/internal/api/client/search/searchget_test.go
index 53f0a993c..7d5b73572 100644
--- a/internal/api/client/search/searchget_test.go
+++ b/internal/api/client/search/searchget_test.go
@@ -31,7 +31,6 @@ import (
 	"testing"
 
 	"github.com/stretchr/testify/suite"
-	"github.com/superseriousbusiness/gotosocial/internal/ap"
 	"github.com/superseriousbusiness/gotosocial/internal/api/client/search"
 	apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
@@ -1402,7 +1401,7 @@ func (suite *SearchGetTestSuite) TestSearchRemoteInstanceAccountPartial() {
 		FollowersURI:          "http://" + theirDomain + "/users/" + theirDomain + "/followers",
 		FollowingURI:          "http://" + theirDomain + "/users/" + theirDomain + "/following",
 		FeaturedCollectionURI: "http://" + theirDomain + "/users/" + theirDomain + "/collections/featured",
-		ActorType:             ap.ActorPerson,
+		ActorType:             gtsmodel.AccountActorTypePerson,
 		PrivateKey:            key,
 		PublicKey:             &key.PublicKey,
 	}); err != nil {
diff --git a/internal/api/wellknown/webfinger/webfingerget_test.go b/internal/api/wellknown/webfinger/webfingerget_test.go
index 1707584a5..94c084146 100644
--- a/internal/api/wellknown/webfinger/webfingerget_test.go
+++ b/internal/api/wellknown/webfinger/webfingerget_test.go
@@ -30,7 +30,6 @@ import (
 	"testing"
 
 	"github.com/stretchr/testify/suite"
-	"github.com/superseriousbusiness/gotosocial/internal/ap"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/api/wellknown/webfinger"
 	"github.com/superseriousbusiness/gotosocial/internal/cleaner"
@@ -124,7 +123,7 @@ func (suite *WebfingerGetTestSuite) funkifyAccountDomain(host string, accountDom
 		FollowingURI:          "http://" + host + "/users/new_account_domain_user/following",
 		FollowersURI:          "http://" + host + "/users/new_account_domain_user/followers",
 		FeaturedCollectionURI: "http://" + host + "/users/new_account_domain_user/collections/featured",
-		ActorType:             ap.ActorPerson,
+		ActorType:             gtsmodel.AccountActorTypePerson,
 		PrivateKey:            privateKey,
 		PublicKey:             publicKey,
 		PublicKeyURI:          "http://" + host + "/users/new_account_domain_user/main-key",
diff --git a/internal/cache/db.go b/internal/cache/db.go
index 695b19b8f..82cd9ac5f 100644
--- a/internal/cache/db.go
+++ b/internal/cache/db.go
@@ -306,13 +306,8 @@ func (c *Caches) initAccount() {
 		Indices: []structr.IndexConfig{
 			{Fields: "ID"},
 			{Fields: "URI"},
-			{Fields: "URL"},
-			{Fields: "Username,Domain", AllowZero: true},
 			{Fields: "PublicKeyURI"},
-			{Fields: "InboxURI"},
-			{Fields: "OutboxURI"},
-			{Fields: "FollowersURI"},
-			{Fields: "FollowingURI"},
+			{Fields: "Username,Domain", AllowZero: true},
 		},
 		MaxSize:    cap,
 		IgnoreErr:  ignoreErrors,
diff --git a/internal/cache/size.go b/internal/cache/size.go
index cdaf3a03b..9a30d5f08 100644
--- a/internal/cache/size.go
+++ b/internal/cache/size.go
@@ -240,13 +240,12 @@ func sizeofAccount() uintptr {
 		DisplayName:             exampleUsername,
 		Note:                    exampleText,
 		NoteRaw:                 exampleText,
-		Memorial:                func() *bool { ok := false; return &ok }(),
+		MemorializedAt:          exampleTime,
 		CreatedAt:               exampleTime,
 		UpdatedAt:               exampleTime,
 		FetchedAt:               exampleTime,
-		Bot:                     func() *bool { ok := true; return &ok }(),
-		Locked:                  func() *bool { ok := true; return &ok }(),
-		Discoverable:            func() *bool { ok := false; return &ok }(),
+		Locked:                  util.Ptr(true),
+		Discoverable:            util.Ptr(false),
 		URI:                     exampleURI,
 		URL:                     exampleURI,
 		InboxURI:                exampleURI,
@@ -254,7 +253,7 @@ func sizeofAccount() uintptr {
 		FollowersURI:            exampleURI,
 		FollowingURI:            exampleURI,
 		FeaturedCollectionURI:   exampleURI,
-		ActorType:               ap.ActorPerson,
+		ActorType:               gtsmodel.AccountActorTypePerson,
 		PrivateKey:              &rsa.PrivateKey{},
 		PublicKey:               &rsa.PublicKey{},
 		PublicKeyURI:            exampleURI,
diff --git a/internal/db/account.go b/internal/db/account.go
index cfb81308f..0caac3453 100644
--- a/internal/db/account.go
+++ b/internal/db/account.go
@@ -27,37 +27,37 @@ import (
 
 // Account contains functions related to account getting/setting/creation.
 type Account interface {
-	// GetAccountByID returns one account with the given ID, or an error if something goes wrong.
+	// GetAccountByID returns one account with the given ID.
 	GetAccountByID(ctx context.Context, id string) (*gtsmodel.Account, error)
 
 	// GetAccountsByIDs returns accounts corresponding to given IDs.
 	GetAccountsByIDs(ctx context.Context, ids []string) ([]*gtsmodel.Account, error)
 
-	// GetAccountByURI returns one account with the given URI, or an error if something goes wrong.
+	// GetAccountByURI returns one account with the given ActivityStreams URI.
 	GetAccountByURI(ctx context.Context, uri string) (*gtsmodel.Account, error)
 
-	// GetAccountByURL returns one account with the given URL, or an error if something goes wrong.
-	GetAccountByURL(ctx context.Context, uri string) (*gtsmodel.Account, error)
+	// GetOneAccountByURL returns *one* account with the given ActivityStreams URL.
+	// If more than one account has the given url, ErrMultipleEntries will be returned.
+	GetOneAccountByURL(ctx context.Context, url string) (*gtsmodel.Account, error)
 
-	// GetAccountByUsernameDomain returns one account with the given username and domain, or an error if something goes wrong.
+	// GetAccountsByURL returns accounts with the given ActivityStreams URL.
+	GetAccountsByURL(ctx context.Context, url string) ([]*gtsmodel.Account, error)
+
+	// GetAccountByUsernameDomain returns one account with the given username and domain.
 	GetAccountByUsernameDomain(ctx context.Context, username string, domain string) (*gtsmodel.Account, error)
 
-	// GetAccountByPubkeyID returns one account with the given public key URI (ID), or an error if something goes wrong.
+	// GetAccountByPubkeyID returns one account with the given public key URI (ID).
 	GetAccountByPubkeyID(ctx context.Context, id string) (*gtsmodel.Account, error)
 
-	// GetAccountByInboxURI returns one account with the given inbox_uri, or an error if something goes wrong.
-	GetAccountByInboxURI(ctx context.Context, uri string) (*gtsmodel.Account, error)
+	// GetOneAccountByInboxURI returns one account with the given inbox_uri.
+	// If more than one account has the given URL, ErrMultipleEntries will be returned.
+	GetOneAccountByInboxURI(ctx context.Context, uri string) (*gtsmodel.Account, error)
 
-	// GetAccountByOutboxURI returns one account with the given outbox_uri, or an error if something goes wrong.
-	GetAccountByOutboxURI(ctx context.Context, uri string) (*gtsmodel.Account, error)
+	// GetOneAccountByOutboxURI returns one account with the given outbox_uri.
+	// If more than one account has the given uri, ErrMultipleEntries will be returned.
+	GetOneAccountByOutboxURI(ctx context.Context, uri string) (*gtsmodel.Account, error)
 
-	// GetAccountByFollowingURI returns one account with the given following_uri, or an error if something goes wrong.
-	GetAccountByFollowingURI(ctx context.Context, uri string) (*gtsmodel.Account, error)
-
-	// GetAccountByFollowersURI returns one account with the given followers_uri, or an error if something goes wrong.
-	GetAccountByFollowersURI(ctx context.Context, uri string) (*gtsmodel.Account, error)
-
-	// GetAccountByMovedToURI returns any accounts with given moved_to_uri set.
+	// GetAccountsByMovedToURI returns any accounts with given moved_to_uri set.
 	GetAccountsByMovedToURI(ctx context.Context, uri string) ([]*gtsmodel.Account, error)
 
 	// GetAccounts returns accounts
diff --git a/internal/db/bundb/account.go b/internal/db/bundb/account.go
index aacfcd247..88a923ecf 100644
--- a/internal/db/bundb/account.go
+++ b/internal/db/bundb/account.go
@@ -121,18 +121,46 @@ func (a *accountDB) GetAccountByURI(ctx context.Context, uri string) (*gtsmodel.
 	)
 }
 
-func (a *accountDB) GetAccountByURL(ctx context.Context, url string) (*gtsmodel.Account, error) {
-	return a.getAccount(
-		ctx,
-		"URL",
-		func(account *gtsmodel.Account) error {
-			return a.db.NewSelect().
-				Model(account).
-				Where("? = ?", bun.Ident("account.url"), url).
-				Scan(ctx)
-		},
-		url,
-	)
+func (a *accountDB) GetOneAccountByURL(ctx context.Context, url string) (*gtsmodel.Account, error) {
+	// Select IDs of all
+	// accounts with this url.
+	var ids []string
+	if err := a.db.NewSelect().
+		TableExpr("? AS ?", bun.Ident("accounts"), bun.Ident("account")).
+		Column("account.id").
+		Where("? = ?", bun.Ident("account.url"), url).
+		Scan(ctx, &ids); err != nil {
+		return nil, err
+	}
+
+	// Ensure exactly one account.
+	if len(ids) == 0 {
+		return nil, db.ErrNoEntries
+	}
+	if len(ids) > 1 {
+		return nil, db.ErrMultipleEntries
+	}
+
+	return a.GetAccountByID(ctx, ids[0])
+}
+
+func (a *accountDB) GetAccountsByURL(ctx context.Context, url string) ([]*gtsmodel.Account, error) {
+	// Select IDs of all
+	// accounts with this url.
+	var ids []string
+	if err := a.db.NewSelect().
+		TableExpr("? AS ?", bun.Ident("accounts"), bun.Ident("account")).
+		Column("account.id").
+		Where("? = ?", bun.Ident("account.url"), url).
+		Scan(ctx, &ids); err != nil {
+		return nil, err
+	}
+
+	if len(ids) == 0 {
+		return nil, db.ErrNoEntries
+	}
+
+	return a.GetAccountsByIDs(ctx, ids)
 }
 
 func (a *accountDB) GetAccountByUsernameDomain(ctx context.Context, username string, domain string) (*gtsmodel.Account, error) {
@@ -184,60 +212,50 @@ func (a *accountDB) GetAccountByPubkeyID(ctx context.Context, id string) (*gtsmo
 	)
 }
 
-func (a *accountDB) GetAccountByInboxURI(ctx context.Context, uri string) (*gtsmodel.Account, error) {
-	return a.getAccount(
-		ctx,
-		"InboxURI",
-		func(account *gtsmodel.Account) error {
-			return a.db.NewSelect().
-				Model(account).
-				Where("? = ?", bun.Ident("account.inbox_uri"), uri).
-				Scan(ctx)
-		},
-		uri,
-	)
+func (a *accountDB) GetOneAccountByInboxURI(ctx context.Context, inboxURI string) (*gtsmodel.Account, error) {
+	// Select IDs of all accounts
+	// with this inbox_uri.
+	var ids []string
+	if err := a.db.NewSelect().
+		TableExpr("? AS ?", bun.Ident("accounts"), bun.Ident("account")).
+		Column("account.id").
+		Where("? = ?", bun.Ident("account.inbox_uri"), inboxURI).
+		Scan(ctx, &ids); err != nil {
+		return nil, err
+	}
+
+	// Ensure exactly one account.
+	if len(ids) == 0 {
+		return nil, db.ErrNoEntries
+	}
+	if len(ids) > 1 {
+		return nil, db.ErrMultipleEntries
+	}
+
+	return a.GetAccountByID(ctx, ids[0])
 }
 
-func (a *accountDB) GetAccountByOutboxURI(ctx context.Context, uri string) (*gtsmodel.Account, error) {
-	return a.getAccount(
-		ctx,
-		"OutboxURI",
-		func(account *gtsmodel.Account) error {
-			return a.db.NewSelect().
-				Model(account).
-				Where("? = ?", bun.Ident("account.outbox_uri"), uri).
-				Scan(ctx)
-		},
-		uri,
-	)
-}
+func (a *accountDB) GetOneAccountByOutboxURI(ctx context.Context, outboxURI string) (*gtsmodel.Account, error) {
+	// Select IDs of all accounts
+	// with this outbox_uri.
+	var ids []string
+	if err := a.db.NewSelect().
+		TableExpr("? AS ?", bun.Ident("accounts"), bun.Ident("account")).
+		Column("account.id").
+		Where("? = ?", bun.Ident("account.outbox_uri"), outboxURI).
+		Scan(ctx, &ids); err != nil {
+		return nil, err
+	}
 
-func (a *accountDB) GetAccountByFollowersURI(ctx context.Context, uri string) (*gtsmodel.Account, error) {
-	return a.getAccount(
-		ctx,
-		"FollowersURI",
-		func(account *gtsmodel.Account) error {
-			return a.db.NewSelect().
-				Model(account).
-				Where("? = ?", bun.Ident("account.followers_uri"), uri).
-				Scan(ctx)
-		},
-		uri,
-	)
-}
+	// Ensure exactly one account.
+	if len(ids) == 0 {
+		return nil, db.ErrNoEntries
+	}
+	if len(ids) > 1 {
+		return nil, db.ErrMultipleEntries
+	}
 
-func (a *accountDB) GetAccountByFollowingURI(ctx context.Context, uri string) (*gtsmodel.Account, error) {
-	return a.getAccount(
-		ctx,
-		"FollowingURI",
-		func(account *gtsmodel.Account) error {
-			return a.db.NewSelect().
-				Model(account).
-				Where("? = ?", bun.Ident("account.following_uri"), uri).
-				Scan(ctx)
-		},
-		uri,
-	)
+	return a.GetAccountByID(ctx, ids[0])
 }
 
 func (a *accountDB) GetInstanceAccount(ctx context.Context, domain string) (*gtsmodel.Account, error) {
@@ -587,7 +605,11 @@ func (a *accountDB) GetAccounts(
 	return a.state.DB.GetAccountsByIDs(ctx, accountIDs)
 }
 
-func (a *accountDB) getAccount(ctx context.Context, lookup string, dbQuery func(*gtsmodel.Account) error, keyParts ...any) (*gtsmodel.Account, error) {
+func (a *accountDB) getAccount(
+	ctx context.Context,
+	lookup string,
+	dbQuery func(*gtsmodel.Account) error, keyParts ...any,
+) (*gtsmodel.Account, error) {
 	// Fetch account from database cache with loader callback
 	account, err := a.state.Caches.DB.Account.LoadOne(lookup, func() (*gtsmodel.Account, error) {
 		var account gtsmodel.Account
diff --git a/internal/db/bundb/account_test.go b/internal/db/bundb/account_test.go
index e3d36855e..ffd44de79 100644
--- a/internal/db/bundb/account_test.go
+++ b/internal/db/bundb/account_test.go
@@ -32,11 +32,10 @@ import (
 	"github.com/stretchr/testify/suite"
 	"github.com/superseriousbusiness/gotosocial/internal/ap"
 	"github.com/superseriousbusiness/gotosocial/internal/db"
-	"github.com/superseriousbusiness/gotosocial/internal/db/bundb"
+	"github.com/superseriousbusiness/gotosocial/internal/gtscontext"
 	"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
 	"github.com/superseriousbusiness/gotosocial/internal/paging"
 	"github.com/superseriousbusiness/gotosocial/internal/util"
-	"github.com/uptrace/bun"
 )
 
 type AccountTestSuite struct {
@@ -255,7 +254,20 @@ func (suite *AccountTestSuite) TestGetAccountBy() {
 				if account.URL == "" {
 					return nil, sentinelErr
 				}
-				return suite.db.GetAccountByURL(ctx, account.URL)
+				return suite.db.GetOneAccountByURL(ctx, account.URL)
+			},
+
+			"url_multi": func() (*gtsmodel.Account, error) {
+				if account.URL == "" {
+					return nil, sentinelErr
+				}
+
+				accounts, err := suite.db.GetAccountsByURL(ctx, account.URL)
+				if err != nil {
+					return nil, err
+				}
+
+				return accounts[0], nil
 			},
 
 			"username@domain": func() (*gtsmodel.Account, error) {
@@ -281,28 +293,14 @@ func (suite *AccountTestSuite) TestGetAccountBy() {
 				if account.InboxURI == "" {
 					return nil, sentinelErr
 				}
-				return suite.db.GetAccountByInboxURI(ctx, account.InboxURI)
+				return suite.db.GetOneAccountByInboxURI(ctx, account.InboxURI)
 			},
 
 			"outbox_uri": func() (*gtsmodel.Account, error) {
 				if account.OutboxURI == "" {
 					return nil, sentinelErr
 				}
-				return suite.db.GetAccountByOutboxURI(ctx, account.OutboxURI)
-			},
-
-			"following_uri": func() (*gtsmodel.Account, error) {
-				if account.FollowingURI == "" {
-					return nil, sentinelErr
-				}
-				return suite.db.GetAccountByFollowingURI(ctx, account.FollowingURI)
-			},
-
-			"followers_uri": func() (*gtsmodel.Account, error) {
-				if account.FollowersURI == "" {
-					return nil, sentinelErr
-				}
-				return suite.db.GetAccountByFollowersURI(ctx, account.FollowersURI)
+				return suite.db.GetOneAccountByOutboxURI(ctx, account.OutboxURI)
 			},
 		} {
 
@@ -345,71 +343,37 @@ func (suite *AccountTestSuite) TestGetAccountBy() {
 	}
 }
 
-func (suite *AccountTestSuite) TestUpdateAccount() {
+func (suite *AccountTestSuite) TestGetAccountsByURLMulti() {
 	ctx := context.Background()
 
-	testAccount := suite.testAccounts["local_account_1"]
-
-	testAccount.DisplayName = "new display name!"
-	testAccount.EmojiIDs = []string{"01GD36ZKWTKY3T1JJ24JR7KY1Q", "01GD36ZV904SHBHNAYV6DX5QEF"}
-
-	err := suite.db.UpdateAccount(ctx, testAccount)
-	suite.NoError(err)
-
-	updated, err := suite.db.GetAccountByID(ctx, testAccount.ID)
-	suite.NoError(err)
-	suite.Equal("new display name!", updated.DisplayName)
-	suite.Equal([]string{"01GD36ZKWTKY3T1JJ24JR7KY1Q", "01GD36ZV904SHBHNAYV6DX5QEF"}, updated.EmojiIDs)
-	suite.WithinDuration(time.Now(), updated.UpdatedAt, 5*time.Second)
-
-	// get account without cache + make sure it's really in the db as desired
-	dbService, ok := suite.db.(*bundb.DBService)
-	if !ok {
-		panic("db was not *bundb.DBService")
+	// Update admin account to have the same url as zork.
+	testAccount1 := suite.testAccounts["local_account_1"]
+	testAccount2 := new(gtsmodel.Account)
+	*testAccount2 = *suite.testAccounts["admin_account"]
+	testAccount2.URL = testAccount1.URL
+	if err := suite.state.DB.UpdateAccount(ctx, testAccount2, "url"); err != nil {
+		suite.FailNow(err.Error())
 	}
 
-	noCache := &gtsmodel.Account{}
-	err = dbService.DB().
-		NewSelect().
-		Model(noCache).
-		Where("? = ?", bun.Ident("account.id"), testAccount.ID).
-		Relation("AvatarMediaAttachment").
-		Relation("HeaderMediaAttachment").
-		Relation("Emojis").
-		Scan(ctx)
+	// Select all accounts with that URL.
+	// Should return 2.
+	accounts, err := suite.state.DB.GetAccountsByURL(
+		gtscontext.SetBarebones(ctx),
+		testAccount1.URL,
+	)
+	if err != nil {
+		suite.FailNow(err.Error())
+	}
+	suite.Len(accounts, 2)
 
-	suite.NoError(err)
-	suite.Equal("new display name!", noCache.DisplayName)
-	suite.Equal([]string{"01GD36ZKWTKY3T1JJ24JR7KY1Q", "01GD36ZV904SHBHNAYV6DX5QEF"}, noCache.EmojiIDs)
-	suite.WithinDuration(time.Now(), noCache.UpdatedAt, 5*time.Second)
-	suite.NotNil(noCache.AvatarMediaAttachment)
-	suite.NotNil(noCache.HeaderMediaAttachment)
-
-	// update again to remove emoji associations
-	testAccount.EmojiIDs = []string{}
-
-	err = suite.db.UpdateAccount(ctx, testAccount)
-	suite.NoError(err)
-
-	updated, err = suite.db.GetAccountByID(ctx, testAccount.ID)
-	suite.NoError(err)
-	suite.Equal("new display name!", updated.DisplayName)
-	suite.Empty(updated.EmojiIDs)
-	suite.WithinDuration(time.Now(), updated.UpdatedAt, 5*time.Second)
-
-	err = dbService.DB().
-		NewSelect().
-		Model(noCache).
-		Where("? = ?", bun.Ident("account.id"), testAccount.ID).
-		Relation("AvatarMediaAttachment").
-		Relation("HeaderMediaAttachment").
-		Relation("Emojis").
-		Scan(ctx)
-
-	suite.NoError(err)
-	suite.Equal("new display name!", noCache.DisplayName)
-	suite.Empty(noCache.EmojiIDs)
-	suite.WithinDuration(time.Now(), noCache.UpdatedAt, 5*time.Second)
+	// Try to select one account with that URL.
+	// Should error.
+	account, err := suite.state.DB.GetOneAccountByURL(
+		gtscontext.SetBarebones(ctx),
+		testAccount1.URL,
+	)
+	suite.Nil(account)
+	suite.ErrorIs(err, db.ErrMultipleEntries)
 }
 
 func (suite *AccountTestSuite) TestInsertAccountWithDefaults() {
@@ -422,7 +386,7 @@ func (suite *AccountTestSuite) TestInsertAccountWithDefaults() {
 		Domain:       "example.org",
 		URI:          "https://example.org/users/test_service",
 		URL:          "https://example.org/@test_service",
-		ActorType:    ap.ActorService,
+		ActorType:    gtsmodel.AccountActorTypeService,
 		PublicKey:    &key.PublicKey,
 		PublicKeyURI: "https://example.org/users/test_service#main-key",
 	}
@@ -433,7 +397,6 @@ func (suite *AccountTestSuite) TestInsertAccountWithDefaults() {
 	suite.WithinDuration(time.Now(), newAccount.CreatedAt, 30*time.Second)
 	suite.WithinDuration(time.Now(), newAccount.UpdatedAt, 30*time.Second)
 	suite.True(*newAccount.Locked)
-	suite.False(*newAccount.Bot)
 	suite.False(*newAccount.Discoverable)
 }
 
diff --git a/internal/db/bundb/admin.go b/internal/db/bundb/admin.go
index 02f10f44f..12cb6a6f7 100644
--- a/internal/db/bundb/admin.go
+++ b/internal/db/bundb/admin.go
@@ -28,7 +28,6 @@ import (
 	"time"
 
 	"github.com/google/uuid"
-	"github.com/superseriousbusiness/gotosocial/internal/ap"
 	"github.com/superseriousbusiness/gotosocial/internal/config"
 	"github.com/superseriousbusiness/gotosocial/internal/db"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
@@ -131,7 +130,7 @@ func (a *adminDB) NewSignup(ctx context.Context, newSignup gtsmodel.NewSignup) (
 			FollowingURI:          uris.FollowingURI,
 			FollowersURI:          uris.FollowersURI,
 			FeaturedCollectionURI: uris.FeaturedCollectionURI,
-			ActorType:             ap.ActorPerson,
+			ActorType:             gtsmodel.AccountActorTypePerson,
 			PrivateKey:            privKey,
 			PublicKey:             &privKey.PublicKey,
 			PublicKeyURI:          uris.PublicKeyURI,
@@ -283,7 +282,7 @@ func (a *adminDB) CreateInstanceAccount(ctx context.Context) error {
 		PrivateKey:            key,
 		PublicKey:             &key.PublicKey,
 		PublicKeyURI:          newAccountURIs.PublicKeyURI,
-		ActorType:             ap.ActorPerson,
+		ActorType:             gtsmodel.AccountActorTypeService,
 		URI:                   newAccountURIs.UserURI,
 		InboxURI:              newAccountURIs.InboxURI,
 		OutboxURI:             newAccountURIs.OutboxURI,
diff --git a/internal/db/bundb/basic_test.go b/internal/db/bundb/basic_test.go
index 1f2d1ac48..4c5ea8d18 100644
--- a/internal/db/bundb/basic_test.go
+++ b/internal/db/bundb/basic_test.go
@@ -55,7 +55,7 @@ func (suite *BasicTestSuite) TestPutAccountWithBunDefaultFields() {
 		URL:          "https://example.org/@test",
 		InboxURI:     "https://example.org/users/test/inbox",
 		OutboxURI:    "https://example.org/users/test/outbox",
-		ActorType:    "Person",
+		ActorType:    gtsmodel.AccountActorTypePerson,
 		PublicKeyURI: "https://example.org/test#main-key",
 		PublicKey:    &key.PublicKey,
 	}
@@ -87,7 +87,6 @@ func (suite *BasicTestSuite) TestPutAccountWithBunDefaultFields() {
 	suite.Empty(a.NoteRaw)
 	suite.Empty(a.AlsoKnownAsURIs)
 	suite.Empty(a.MovedToURI)
-	suite.False(*a.Bot)
 	// Locked is especially important, since it's a bool that defaults
 	// to true, which is why we use pointers for bools in the first place
 	suite.True(*a.Locked)
diff --git a/internal/db/bundb/migrations/20250321131230_relax_account_uri_uniqueness.go b/internal/db/bundb/migrations/20250321131230_relax_account_uri_uniqueness.go
new file mode 100644
index 000000000..acc37529d
--- /dev/null
+++ b/internal/db/bundb/migrations/20250321131230_relax_account_uri_uniqueness.go
@@ -0,0 +1,398 @@
+// GoToSocial
+// Copyright (C) GoToSocial Authors admin@gotosocial.org
+// SPDX-License-Identifier: AGPL-3.0-or-later
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package migrations
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"strings"
+
+	"github.com/superseriousbusiness/gotosocial/internal/config"
+	"github.com/superseriousbusiness/gotosocial/internal/db"
+	new_gtsmodel "github.com/superseriousbusiness/gotosocial/internal/db/bundb/migrations/20250321131230_relax_account_uri_uniqueness/new"
+	old_gtsmodel "github.com/superseriousbusiness/gotosocial/internal/db/bundb/migrations/20250321131230_relax_account_uri_uniqueness/old"
+	"github.com/superseriousbusiness/gotosocial/internal/log"
+
+	"github.com/uptrace/bun"
+	"github.com/uptrace/bun/dialect"
+)
+
+func init() {
+	up := func(ctx context.Context, bdb *bun.DB) error {
+		log.Info(ctx, "converting accounts to new model; this may take a while, please don't interrupt!")
+
+		return bdb.RunInTx(ctx, nil, func(ctx context.Context, tx bun.Tx) error {
+
+			var (
+				// We have to use different
+				// syntax for this query
+				// depending on dialect.
+				dbDialect = tx.Dialect().Name()
+
+				// ID for paging.
+				maxID string
+
+				// Batch size for
+				// selecting + updating.
+				batchsz = 100
+
+				// Number of accounts
+				// updated so far.
+				updated int
+
+				// We need to know our own host
+				// for updating instance account.
+				host = config.GetHost()
+			)
+
+			// Create the new accounts table.
+			if _, err := tx.
+				NewCreateTable().
+				ModelTableExpr("new_accounts").
+				Model(&new_gtsmodel.Account{}).
+				Exec(ctx); err != nil {
+				return err
+			}
+
+			// Count number of accounts
+			// we need to update.
+			total, err := tx.
+				NewSelect().
+				Table("accounts").
+				Count(ctx)
+			if err != nil && !errors.Is(err, db.ErrNoEntries) {
+				return err
+			}
+
+			// Create a subquery for
+			// Postgres to reuse.
+			var orderQPG *bun.RawQuery
+			if dbDialect == dialect.PG {
+				orderQPG = tx.NewRaw(
+					"(COALESCE(?, ?) || ? || ?) COLLATE ?",
+					bun.Ident("domain"), "",
+					"/@",
+					bun.Ident("username"),
+					bun.Ident("C"),
+				)
+			}
+
+			var orderQSqlite *bun.RawQuery
+			if dbDialect == dialect.SQLite {
+				orderQSqlite = tx.NewRaw(
+					"(COALESCE(?, ?) || ? || ?)",
+					bun.Ident("domain"), "",
+					"/@",
+					bun.Ident("username"),
+				)
+			}
+
+			for {
+				// Batch of old model account IDs to select.
+				oldAccountIDs := make([]string, 0, batchsz)
+
+				// Start building IDs query.
+				idsQ := tx.
+					NewSelect().
+					Table("accounts").
+					Column("id").
+					Limit(batchsz)
+
+				if dbDialect == dialect.SQLite {
+					// For SQLite we can just select
+					// our indexed expression once
+					// as a column alias.
+					idsQ = idsQ.
+						ColumnExpr(
+							"(COALESCE(?, ?) || ? || ?) AS ?",
+							bun.Ident("domain"), "",
+							"/@",
+							bun.Ident("username"),
+							bun.Ident("domain_username"),
+						)
+				}
+
+				// Return only accounts with `[domain]/@[username]`
+				// later in the alphabet (a-z) than provided maxID.
+				if maxID != "" {
+					if dbDialect == dialect.SQLite {
+						idsQ = idsQ.Where("? > ?", bun.Ident("domain_username"), maxID)
+					} else {
+						idsQ = idsQ.Where("? > ?", orderQPG, maxID)
+					}
+				}
+
+				// Page down.
+				// It's counterintuitive because it
+				// says ASC in the query, but we're
+				// going forwards in the alphabet,
+				// and z > a in a string comparison.
+				if dbDialect == dialect.SQLite {
+					idsQ = idsQ.OrderExpr("? ASC", bun.Ident("domain_username"))
+				} else {
+					idsQ = idsQ.OrderExpr("? ASC", orderQPG)
+				}
+
+				// Select this batch, providing a
+				// slice to throw away username_domain.
+				err := idsQ.Scan(ctx, &oldAccountIDs, new([]string))
+				if err != nil {
+					return err
+				}
+
+				l := len(oldAccountIDs)
+				if len(oldAccountIDs) == 0 {
+					// Nothing left
+					// to update.
+					break
+				}
+
+				// Get ready to select old accounts by their IDs.
+				oldAccounts := make([]*old_gtsmodel.Account, 0, l)
+				batchQ := tx.
+					NewSelect().
+					Model(&oldAccounts).
+					Where("? IN (?)", bun.Ident("id"), bun.In(oldAccountIDs))
+
+				// Order batch by usernameDomain
+				// to ensure paging consistent.
+				if dbDialect == dialect.SQLite {
+					batchQ = batchQ.OrderExpr("? ASC", orderQSqlite)
+				} else {
+					batchQ = batchQ.OrderExpr("? ASC", orderQPG)
+				}
+
+				// Select old accounts.
+				if err := batchQ.Scan(ctx); err != nil {
+					return err
+				}
+
+				// Convert old accounts into new accounts.
+				newAccounts := make([]*new_gtsmodel.Account, 0, l)
+				for _, oldAccount := range oldAccounts {
+
+					var actorType new_gtsmodel.AccountActorType
+					if oldAccount.Domain == "" && oldAccount.Username == host {
+						// This is our instance account, override actor
+						// type to Service, as previously it was just person.
+						actorType = new_gtsmodel.AccountActorTypeService
+					} else {
+						// Not our instance account, just parse new actor type.
+						actorType = new_gtsmodel.ParseAccountActorType(oldAccount.ActorType)
+					}
+
+					if actorType == new_gtsmodel.AccountActorTypeUnknown {
+						// This should not really happen, but it if does
+						// just warn + set to person rather than failing.
+						log.Warnf(ctx,
+							"account %s actor type %s was not a recognized actor type, falling back to Person",
+							oldAccount.ID, oldAccount.ActorType,
+						)
+						actorType = new_gtsmodel.AccountActorTypePerson
+					}
+
+					newAccount := &new_gtsmodel.Account{
+						ID:                      oldAccount.ID,
+						CreatedAt:               oldAccount.CreatedAt,
+						UpdatedAt:               oldAccount.UpdatedAt,
+						FetchedAt:               oldAccount.FetchedAt,
+						Username:                oldAccount.Username,
+						Domain:                  oldAccount.Domain,
+						AvatarMediaAttachmentID: oldAccount.AvatarMediaAttachmentID,
+						AvatarRemoteURL:         oldAccount.AvatarRemoteURL,
+						HeaderMediaAttachmentID: oldAccount.HeaderMediaAttachmentID,
+						HeaderRemoteURL:         oldAccount.HeaderRemoteURL,
+						DisplayName:             oldAccount.DisplayName,
+						EmojiIDs:                oldAccount.EmojiIDs,
+						Fields:                  oldAccount.Fields,
+						FieldsRaw:               oldAccount.FieldsRaw,
+						Note:                    oldAccount.Note,
+						NoteRaw:                 oldAccount.NoteRaw,
+						AlsoKnownAsURIs:         oldAccount.AlsoKnownAsURIs,
+						MovedToURI:              oldAccount.MovedToURI,
+						MoveID:                  oldAccount.MoveID,
+						Locked:                  oldAccount.Locked,
+						Discoverable:            oldAccount.Discoverable,
+						URI:                     oldAccount.URI,
+						URL:                     oldAccount.URL,
+						InboxURI:                oldAccount.InboxURI,
+						SharedInboxURI:          oldAccount.SharedInboxURI,
+						OutboxURI:               oldAccount.OutboxURI,
+						FollowingURI:            oldAccount.FollowingURI,
+						FollowersURI:            oldAccount.FollowersURI,
+						FeaturedCollectionURI:   oldAccount.FeaturedCollectionURI,
+						ActorType:               actorType,
+						PrivateKey:              oldAccount.PrivateKey,
+						PublicKey:               oldAccount.PublicKey,
+						PublicKeyURI:            oldAccount.PublicKeyURI,
+						PublicKeyExpiresAt:      oldAccount.PublicKeyExpiresAt,
+						SensitizedAt:            oldAccount.SensitizedAt,
+						SilencedAt:              oldAccount.SilencedAt,
+						SuspendedAt:             oldAccount.SuspendedAt,
+						SuspensionOrigin:        oldAccount.SuspensionOrigin,
+					}
+
+					newAccounts = append(newAccounts, newAccount)
+				}
+
+				// Insert this batch of accounts.
+				res, err := tx.
+					NewInsert().
+					Model(&newAccounts).
+					Returning("").
+					Exec(ctx)
+				if err != nil {
+					return err
+				}
+
+				rowsAffected, err := res.RowsAffected()
+				if err != nil {
+					return err
+				}
+
+				// Add to updated count.
+				updated += int(rowsAffected)
+				if updated == total {
+					// Done.
+					break
+				}
+
+				// Set next page.
+				fromAcct := oldAccounts[l-1]
+				maxID = fromAcct.Domain + "/@" + fromAcct.Username
+
+				// Log helpful message to admin.
+				log.Infof(ctx,
+					"migrated %d of %d accounts (next page will be from %s)",
+					updated, total, maxID,
+				)
+			}
+
+			if total != int(updated) {
+				// Return error here in order to rollback the whole transaction.
+				return fmt.Errorf("total=%d does not match updated=%d", total, updated)
+			}
+
+			log.Infof(ctx, "finished migrating %d accounts", total)
+
+			// Drop the old table.
+			log.Info(ctx, "dropping old accounts table")
+			if _, err := tx.
+				NewDropTable().
+				Table("accounts").
+				Exec(ctx); err != nil {
+				return err
+			}
+
+			// Rename new table to old table.
+			log.Info(ctx, "renaming new accounts table")
+			if _, err := tx.
+				ExecContext(
+					ctx,
+					"ALTER TABLE ? RENAME TO ?",
+					bun.Ident("new_accounts"),
+					bun.Ident("accounts"),
+				); err != nil {
+				return err
+			}
+
+			// Add all account indexes to the new table.
+			log.Info(ctx, "recreating indexes on new accounts table")
+			for index, columns := range map[string][]string{
+				"accounts_domain_idx":        {"domain"},
+				"accounts_uri_idx":           {"uri"},
+				"accounts_url_idx":           {"url"},
+				"accounts_inbox_uri_idx":     {"inbox_uri"},
+				"accounts_outbox_uri_idx":    {"outbox_uri"},
+				"accounts_followers_uri_idx": {"followers_uri"},
+				"accounts_following_uri_idx": {"following_uri"},
+			} {
+				if _, err := tx.
+					NewCreateIndex().
+					Table("accounts").
+					Index(index).
+					Column(columns...).
+					Exec(ctx); err != nil {
+					return err
+				}
+			}
+
+			if dbDialect == dialect.PG {
+				log.Info(ctx, "moving postgres constraints from old table to new table")
+
+				type spec struct {
+					old     string
+					new     string
+					columns []string
+				}
+
+				// Rename uniqueness constraints from
+				// "new_accounts_*" to "accounts_*".
+				for _, spec := range []spec{
+					{
+						old:     "new_accounts_pkey",
+						new:     "accounts_pkey",
+						columns: []string{"id"},
+					},
+					{
+						old:     "new_accounts_uri_key",
+						new:     "accounts_uri_key",
+						columns: []string{"uri"},
+					},
+					{
+						old:     "new_accounts_public_key_uri_key",
+						new:     "accounts_public_key_uri_key",
+						columns: []string{"public_key_uri"},
+					},
+				} {
+					if _, err := tx.ExecContext(
+						ctx,
+						"ALTER TABLE ? DROP CONSTRAINT IF EXISTS ?",
+						bun.Ident("public.accounts"),
+						bun.Safe(spec.old),
+					); err != nil {
+						return err
+					}
+
+					if _, err := tx.ExecContext(
+						ctx,
+						"ALTER TABLE ? ADD CONSTRAINT ? UNIQUE(?)",
+						bun.Ident("public.accounts"),
+						bun.Safe(spec.new),
+						bun.Safe(strings.Join(spec.columns, ",")),
+					); err != nil {
+						return err
+					}
+				}
+			}
+
+			return nil
+		})
+	}
+
+	down := func(ctx context.Context, db *bun.DB) error {
+		return db.RunInTx(ctx, nil, func(ctx context.Context, tx bun.Tx) error {
+			return nil
+		})
+	}
+
+	if err := Migrations.Register(up, down); err != nil {
+		panic(err)
+	}
+}
diff --git a/internal/db/bundb/migrations/20250321131230_relax_account_uri_uniqueness/common/common.go b/internal/db/bundb/migrations/20250321131230_relax_account_uri_uniqueness/common/common.go
new file mode 100644
index 000000000..8db9f1c31
--- /dev/null
+++ b/internal/db/bundb/migrations/20250321131230_relax_account_uri_uniqueness/common/common.go
@@ -0,0 +1,26 @@
+// GoToSocial
+// Copyright (C) GoToSocial Authors admin@gotosocial.org
+// SPDX-License-Identifier: AGPL-3.0-or-later
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package common
+
+import "time"
+
+type Field struct {
+	Name       string
+	Value      string
+	VerifiedAt time.Time `bun:",nullzero"`
+}
diff --git a/internal/db/bundb/migrations/20250321131230_relax_account_uri_uniqueness/new/account.go b/internal/db/bundb/migrations/20250321131230_relax_account_uri_uniqueness/new/account.go
new file mode 100644
index 000000000..55fa7f1b4
--- /dev/null
+++ b/internal/db/bundb/migrations/20250321131230_relax_account_uri_uniqueness/new/account.go
@@ -0,0 +1,98 @@
+// GoToSocial
+// Copyright (C) GoToSocial Authors admin@gotosocial.org
+// SPDX-License-Identifier: AGPL-3.0-or-later
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package gtsmodel
+
+import (
+	"crypto/rsa"
+	"strings"
+	"time"
+
+	"github.com/superseriousbusiness/gotosocial/internal/db/bundb/migrations/20250321131230_relax_account_uri_uniqueness/common"
+	"github.com/uptrace/bun"
+)
+
+type Account struct {
+	bun.BaseModel           `bun:"table:new_accounts"`
+	ID                      string           `bun:"type:CHAR(26),pk,nullzero,notnull,unique"`
+	CreatedAt               time.Time        `bun:"type:timestamptz,nullzero,notnull,default:current_timestamp"`
+	UpdatedAt               time.Time        `bun:"type:timestamptz,nullzero,notnull,default:current_timestamp"`
+	FetchedAt               time.Time        `bun:"type:timestamptz,nullzero"`
+	Username                string           `bun:",nullzero,notnull,unique:accounts_username_domain_uniq"`
+	Domain                  string           `bun:",nullzero,unique:accounts_username_domain_uniq"`
+	AvatarMediaAttachmentID string           `bun:"type:CHAR(26),nullzero"`
+	AvatarRemoteURL         string           `bun:",nullzero"`
+	HeaderMediaAttachmentID string           `bun:"type:CHAR(26),nullzero"`
+	HeaderRemoteURL         string           `bun:",nullzero"`
+	DisplayName             string           `bun:",nullzero"`
+	EmojiIDs                []string         `bun:"emojis,array"`
+	Fields                  []*common.Field  `bun:",nullzero"`
+	FieldsRaw               []*common.Field  `bun:",nullzero"`
+	Note                    string           `bun:",nullzero"`
+	NoteRaw                 string           `bun:",nullzero"`
+	MemorializedAt          time.Time        `bun:"type:timestamptz,nullzero"`
+	AlsoKnownAsURIs         []string         `bun:"also_known_as_uris,array"`
+	MovedToURI              string           `bun:",nullzero"`
+	MoveID                  string           `bun:"type:CHAR(26),nullzero"`
+	Locked                  *bool            `bun:",nullzero,notnull,default:true"`
+	Discoverable            *bool            `bun:",nullzero,notnull,default:false"`
+	URI                     string           `bun:",nullzero,notnull,unique"`
+	URL                     string           `bun:",nullzero"`
+	InboxURI                string           `bun:",nullzero"`
+	SharedInboxURI          *string          `bun:""`
+	OutboxURI               string           `bun:",nullzero"`
+	FollowingURI            string           `bun:",nullzero"`
+	FollowersURI            string           `bun:",nullzero"`
+	FeaturedCollectionURI   string           `bun:",nullzero"`
+	ActorType               AccountActorType `bun:",nullzero,notnull"`
+	PrivateKey              *rsa.PrivateKey  `bun:""`
+	PublicKey               *rsa.PublicKey   `bun:",notnull"`
+	PublicKeyURI            string           `bun:",nullzero,notnull,unique"`
+	PublicKeyExpiresAt      time.Time        `bun:"type:timestamptz,nullzero"`
+	SensitizedAt            time.Time        `bun:"type:timestamptz,nullzero"`
+	SilencedAt              time.Time        `bun:"type:timestamptz,nullzero"`
+	SuspendedAt             time.Time        `bun:"type:timestamptz,nullzero"`
+	SuspensionOrigin        string           `bun:"type:CHAR(26),nullzero"`
+}
+
+type AccountActorType int16
+
+const (
+	AccountActorTypeUnknown      AccountActorType = 0
+	AccountActorTypeApplication  AccountActorType = 1 // https://www.w3.org/TR/activitystreams-vocabulary/#dfn-application
+	AccountActorTypeGroup        AccountActorType = 2 // https://www.w3.org/TR/activitystreams-vocabulary/#dfn-group
+	AccountActorTypeOrganization AccountActorType = 3 // https://www.w3.org/TR/activitystreams-vocabulary/#dfn-organization
+	AccountActorTypePerson       AccountActorType = 4 // https://www.w3.org/TR/activitystreams-vocabulary/#dfn-person
+	AccountActorTypeService      AccountActorType = 5 // https://www.w3.org/TR/activitystreams-vocabulary/#dfn-service
+)
+
+func ParseAccountActorType(in string) AccountActorType {
+	switch strings.ToLower(in) {
+	case "application":
+		return AccountActorTypeApplication
+	case "group":
+		return AccountActorTypeGroup
+	case "organization":
+		return AccountActorTypeOrganization
+	case "person":
+		return AccountActorTypePerson
+	case "service":
+		return AccountActorTypeService
+	default:
+		return AccountActorTypeUnknown
+	}
+}
diff --git a/internal/db/bundb/migrations/20250321131230_relax_account_uri_uniqueness/old/account.go b/internal/db/bundb/migrations/20250321131230_relax_account_uri_uniqueness/old/account.go
new file mode 100644
index 000000000..a630805d4
--- /dev/null
+++ b/internal/db/bundb/migrations/20250321131230_relax_account_uri_uniqueness/old/account.go
@@ -0,0 +1,70 @@
+// GoToSocial
+// Copyright (C) GoToSocial Authors admin@gotosocial.org
+// SPDX-License-Identifier: AGPL-3.0-or-later
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package gtsmodel
+
+import (
+	"crypto/rsa"
+	"time"
+
+	"github.com/superseriousbusiness/gotosocial/internal/db/bundb/migrations/20250321131230_relax_account_uri_uniqueness/common"
+	"github.com/uptrace/bun"
+)
+
+type Account struct {
+	bun.BaseModel           `bun:"table:accounts"`
+	ID                      string          `bun:"type:CHAR(26),pk,nullzero,notnull,unique"`
+	CreatedAt               time.Time       `bun:"type:timestamptz,nullzero,notnull,default:current_timestamp"`
+	UpdatedAt               time.Time       `bun:"type:timestamptz,nullzero,notnull,default:current_timestamp"`
+	FetchedAt               time.Time       `bun:"type:timestamptz,nullzero"`
+	Username                string          `bun:",nullzero,notnull,unique:usernamedomain"`
+	Domain                  string          `bun:",nullzero,unique:usernamedomain"`
+	AvatarMediaAttachmentID string          `bun:"type:CHAR(26),nullzero"`
+	AvatarRemoteURL         string          `bun:",nullzero"`
+	HeaderMediaAttachmentID string          `bun:"type:CHAR(26),nullzero"`
+	HeaderRemoteURL         string          `bun:",nullzero"`
+	DisplayName             string          `bun:""`
+	EmojiIDs                []string        `bun:"emojis,array"`
+	Fields                  []*common.Field `bun:""`
+	FieldsRaw               []*common.Field `bun:""`
+	Note                    string          `bun:""`
+	NoteRaw                 string          `bun:""`
+	Memorial                *bool           `bun:",default:false"`
+	AlsoKnownAsURIs         []string        `bun:"also_known_as_uris,array"`
+	MovedToURI              string          `bun:",nullzero"`
+	MoveID                  string          `bun:"type:CHAR(26),nullzero"`
+	Bot                     *bool           `bun:",default:false"`
+	Locked                  *bool           `bun:",default:true"`
+	Discoverable            *bool           `bun:",default:false"`
+	URI                     string          `bun:",nullzero,notnull,unique"`
+	URL                     string          `bun:",nullzero,unique"`
+	InboxURI                string          `bun:",nullzero,unique"`
+	SharedInboxURI          *string         `bun:""`
+	OutboxURI               string          `bun:",nullzero,unique"`
+	FollowingURI            string          `bun:",nullzero,unique"`
+	FollowersURI            string          `bun:",nullzero,unique"`
+	FeaturedCollectionURI   string          `bun:",nullzero,unique"`
+	ActorType               string          `bun:",nullzero,notnull"`
+	PrivateKey              *rsa.PrivateKey `bun:""`
+	PublicKey               *rsa.PublicKey  `bun:",notnull"`
+	PublicKeyURI            string          `bun:",nullzero,notnull,unique"`
+	PublicKeyExpiresAt      time.Time       `bun:"type:timestamptz,nullzero"`
+	SensitizedAt            time.Time       `bun:"type:timestamptz,nullzero"`
+	SilencedAt              time.Time       `bun:"type:timestamptz,nullzero"`
+	SuspendedAt             time.Time       `bun:"type:timestamptz,nullzero"`
+	SuspensionOrigin        string          `bun:"type:CHAR(26),nullzero"`
+}
diff --git a/internal/db/error.go b/internal/db/error.go
index 43dd34df7..eccb219b3 100644
--- a/internal/db/error.go
+++ b/internal/db/error.go
@@ -29,4 +29,8 @@ var (
 
 	// ErrAlreadyExists is returned when a conflict was encountered in the db when doing an insert.
 	ErrAlreadyExists = errors.New("already exists")
+
+	// ErrMultipleEntries is returned when multiple entries
+	// are found in the db when only one entry is sought.
+	ErrMultipleEntries = errors.New("multiple entries")
 )
diff --git a/internal/federation/authenticate.go b/internal/federation/authenticate.go
index 7d84774fd..363568f8b 100644
--- a/internal/federation/authenticate.go
+++ b/internal/federation/authenticate.go
@@ -199,9 +199,11 @@ func (f *Federator) AuthenticateFederatedRequest(ctx context.Context, requestedU
 		}
 
 		// Dereference the account located at owner URI.
+		// Use exact URI match, not URL match.
 		pubKeyAuth.Owner, _, err = f.GetAccountByURI(ctx,
 			requestedUsername,
 			pubKeyAuth.OwnerURI,
+			false,
 		)
 		if err != nil {
 			if gtserror.StatusCode(err) == http.StatusGone {
diff --git a/internal/federation/dereferencing/account.go b/internal/federation/dereferencing/account.go
index 77de954c8..f882eb7c3 100644
--- a/internal/federation/dereferencing/account.go
+++ b/internal/federation/dereferencing/account.go
@@ -24,6 +24,7 @@ import (
 	"net/url"
 	"time"
 
+	errorsv2 "codeberg.org/gruf/go-errors/v2"
 	"codeberg.org/superseriousbusiness/activity/pub"
 	"github.com/superseriousbusiness/gotosocial/internal/ap"
 	"github.com/superseriousbusiness/gotosocial/internal/config"
@@ -88,14 +89,30 @@ func accountFresh(
 	return !time.Now().After(staleAt)
 }
 
-// GetAccountByURI will attempt to fetch an accounts by its URI, first checking the database. In the case of a newly-met remote model, or a remote model
-// whose last_fetched date is beyond a certain interval, the account will be dereferenced. In the case of dereferencing, some low-priority account information
-// may be enqueued for asynchronous fetching, e.g. featured account statuses (pins). An ActivityPub object indicates the account was dereferenced.
-func (d *Dereferencer) GetAccountByURI(ctx context.Context, requestUser string, uri *url.URL) (*gtsmodel.Account, ap.Accountable, error) {
+// GetAccountByURI will attempt to fetch an accounts by its
+// URI, first checking the database. In the case of a newly-met
+// remote model, or a remote model whose last_fetched date is
+// beyond a certain interval, the account will be dereferenced.
+// In the case of dereferencing, some low-priority account info
+// may be enqueued for asynchronous fetching, e.g. pinned statuses.
+// An ActivityPub object indicates the account was dereferenced.
+//
+// if tryURL is true, then the database will also check for a *single*
+// account where uri == account.url, not just uri == account.uri.
+// Because url does not guarantee uniqueness, you should only set
+// tryURL to true when doing searches set in motion by a user,
+// ie., when it's not important that an exact account is returned.
+func (d *Dereferencer) GetAccountByURI(
+	ctx context.Context,
+	requestUser string,
+	uri *url.URL,
+	tryURL bool,
+) (*gtsmodel.Account, ap.Accountable, error) {
 	// Fetch and dereference account if necessary.
 	account, accountable, err := d.getAccountByURI(ctx,
 		requestUser,
 		uri,
+		tryURL,
 	)
 	if err != nil {
 		return nil, nil, err
@@ -117,8 +134,15 @@ func (d *Dereferencer) GetAccountByURI(ctx context.Context, requestUser string,
 	return account, accountable, nil
 }
 
-// getAccountByURI is a package internal form of .GetAccountByURI() that doesn't bother dereferencing featured posts on update.
-func (d *Dereferencer) getAccountByURI(ctx context.Context, requestUser string, uri *url.URL) (*gtsmodel.Account, ap.Accountable, error) {
+// getAccountByURI is a package internal form of
+// .GetAccountByURI() that doesn't bother dereferencing
+// featured posts on update.
+func (d *Dereferencer) getAccountByURI(
+	ctx context.Context,
+	requestUser string,
+	uri *url.URL,
+	tryURL bool,
+) (*gtsmodel.Account, ap.Accountable, error) {
 	var (
 		account *gtsmodel.Account
 		uriStr  = uri.String()
@@ -126,9 +150,8 @@ func (d *Dereferencer) getAccountByURI(ctx context.Context, requestUser string,
 	)
 
 	// Search the database for existing account with URI.
+	// URI is unique so if we get a hit it's that account for sure.
 	account, err = d.state.DB.GetAccountByURI(
-		// request a barebones object, it may be in the
-		// db but with related models not yet dereferenced.
 		gtscontext.SetBarebones(ctx),
 		uriStr,
 	)
@@ -136,13 +159,20 @@ func (d *Dereferencer) getAccountByURI(ctx context.Context, requestUser string,
 		return nil, nil, gtserror.Newf("error checking database for account %s by uri: %w", uriStr, err)
 	}
 
-	if account == nil {
-		// Else, search the database for existing by URL.
-		account, err = d.state.DB.GetAccountByURL(
+	if account == nil && tryURL {
+		// Else if we're permitted, search the database for *ONE*
+		// account with this URL. This can return multiple hits
+		// so check for ErrMultipleEntries. If we get exactly one
+		// hit it's *probably* the account we're looking for.
+		account, err = d.state.DB.GetOneAccountByURL(
 			gtscontext.SetBarebones(ctx),
 			uriStr,
 		)
-		if err != nil && !errors.Is(err, db.ErrNoEntries) {
+		if err != nil && !errorsv2.IsV2(
+			err,
+			db.ErrNoEntries,
+			db.ErrMultipleEntries,
+		) {
 			return nil, nil, gtserror.Newf("error checking database for account %s by url: %w", uriStr, err)
 		}
 	}
diff --git a/internal/federation/dereferencing/account_test.go b/internal/federation/dereferencing/account_test.go
index 8bcfce2d2..4af885468 100644
--- a/internal/federation/dereferencing/account_test.go
+++ b/internal/federation/dereferencing/account_test.go
@@ -54,6 +54,7 @@ func (suite *AccountTestSuite) TestDereferenceGroup() {
 		context.Background(),
 		fetchingAccount.Username,
 		groupURL,
+		false,
 	)
 	suite.NoError(err)
 	suite.NotNil(group)
@@ -67,7 +68,7 @@ func (suite *AccountTestSuite) TestDereferenceGroup() {
 	dbGroup, err := suite.db.GetAccountByURI(context.Background(), group.URI)
 	suite.NoError(err)
 	suite.Equal(group.ID, dbGroup.ID)
-	suite.Equal(ap.ActorGroup, dbGroup.ActorType)
+	suite.Equal(ap.ActorGroup, dbGroup.ActorType.String())
 }
 
 func (suite *AccountTestSuite) TestDereferenceService() {
@@ -78,6 +79,7 @@ func (suite *AccountTestSuite) TestDereferenceService() {
 		context.Background(),
 		fetchingAccount.Username,
 		serviceURL,
+		false,
 	)
 	suite.NoError(err)
 	suite.NotNil(service)
@@ -91,7 +93,7 @@ func (suite *AccountTestSuite) TestDereferenceService() {
 	dbService, err := suite.db.GetAccountByURI(context.Background(), service.URI)
 	suite.NoError(err)
 	suite.Equal(service.ID, dbService.ID)
-	suite.Equal(ap.ActorService, dbService.ActorType)
+	suite.Equal(ap.ActorService, dbService.ActorType.String())
 	suite.Equal("example.org", dbService.Domain)
 }
 
@@ -110,6 +112,7 @@ func (suite *AccountTestSuite) TestDereferenceLocalAccountAsRemoteURL() {
 		context.Background(),
 		fetchingAccount.Username,
 		testrig.URLMustParse(targetAccount.URI),
+		false,
 	)
 	suite.NoError(err)
 	suite.NotNil(fetchedAccount)
@@ -129,6 +132,7 @@ func (suite *AccountTestSuite) TestDereferenceLocalAccountAsRemoteURLNoSharedInb
 		context.Background(),
 		fetchingAccount.Username,
 		testrig.URLMustParse(targetAccount.URI),
+		false,
 	)
 	suite.NoError(err)
 	suite.NotNil(fetchedAccount)
@@ -143,6 +147,7 @@ func (suite *AccountTestSuite) TestDereferenceLocalAccountAsUsername() {
 		context.Background(),
 		fetchingAccount.Username,
 		testrig.URLMustParse(targetAccount.URI),
+		false,
 	)
 	suite.NoError(err)
 	suite.NotNil(fetchedAccount)
@@ -157,6 +162,7 @@ func (suite *AccountTestSuite) TestDereferenceLocalAccountAsUsernameDomain() {
 		context.Background(),
 		fetchingAccount.Username,
 		testrig.URLMustParse(targetAccount.URI),
+		false,
 	)
 	suite.NoError(err)
 	suite.NotNil(fetchedAccount)
@@ -213,6 +219,7 @@ func (suite *AccountTestSuite) TestDereferenceLocalAccountWithUnknownUserURI() {
 		context.Background(),
 		fetchingAccount.Username,
 		testrig.URLMustParse("http://localhost:8080/users/thisaccountdoesnotexist"),
+		false,
 	)
 	suite.True(gtserror.IsUnretrievable(err))
 	suite.EqualError(err, db.ErrNoEntries.Error())
@@ -265,7 +272,7 @@ func (suite *AccountTestSuite) TestDereferenceLocalAccountByRedirect() {
 	uri := testrig.URLMustParse("https://this-will-be-redirected.butts/")
 
 	// Try dereference the test URI, since it correctly redirects to us it should return our account.
-	account, accountable, err := suite.dereferencer.GetAccountByURI(ctx, fetchingAccount.Username, uri)
+	account, accountable, err := suite.dereferencer.GetAccountByURI(ctx, fetchingAccount.Username, uri, false)
 	suite.NoError(err)
 	suite.Nil(accountable)
 	suite.NotNil(account)
@@ -318,7 +325,7 @@ func (suite *AccountTestSuite) TestDereferenceMasqueradingLocalAccount() {
 	)
 
 	// Try dereference the test URI, since it correctly redirects to us it should return our account.
-	account, accountable, err := suite.dereferencer.GetAccountByURI(ctx, fetchingAccount.Username, uri)
+	account, accountable, err := suite.dereferencer.GetAccountByURI(ctx, fetchingAccount.Username, uri, false)
 	suite.NotNil(err)
 	suite.Nil(account)
 	suite.Nil(accountable)
@@ -341,6 +348,7 @@ func (suite *AccountTestSuite) TestDereferenceRemoteAccountWithNonMatchingURI()
 		context.Background(),
 		fetchingAccount.Username,
 		testrig.URLMustParse(remoteAltURI),
+		false,
 	)
 	suite.Equal(err.Error(), fmt.Sprintf("enrichAccount: account uri %s does not match %s", remoteURI, remoteAltURI))
 	suite.Nil(fetchedAccount)
@@ -357,6 +365,7 @@ func (suite *AccountTestSuite) TestDereferenceRemoteAccountWithUnexpectedKeyChan
 	remoteAcc, _, err := suite.dereferencer.GetAccountByURI(ctx,
 		fetchingAcc.Username,
 		testrig.URLMustParse(remoteURI),
+		false,
 	)
 	suite.NoError(err)
 	suite.NotNil(remoteAcc)
@@ -395,6 +404,7 @@ func (suite *AccountTestSuite) TestDereferenceRemoteAccountWithExpectedKeyChange
 	remoteAcc, _, err := suite.dereferencer.GetAccountByURI(ctx,
 		fetchingAcc.Username,
 		testrig.URLMustParse(remoteURI),
+		false,
 	)
 	suite.NoError(err)
 	suite.NotNil(remoteAcc)
@@ -436,6 +446,7 @@ func (suite *AccountTestSuite) TestRefreshFederatedRemoteAccountWithKeyChange()
 	remoteAcc, _, err := suite.dereferencer.GetAccountByURI(ctx,
 		fetchingAcc.Username,
 		testrig.URLMustParse(remoteURI),
+		false,
 	)
 	suite.NoError(err)
 	suite.NotNil(remoteAcc)
diff --git a/internal/federation/dereferencing/status.go b/internal/federation/dereferencing/status.go
index 2718187cf..d99bae15b 100644
--- a/internal/federation/dereferencing/status.go
+++ b/internal/federation/dereferencing/status.go
@@ -454,7 +454,8 @@ func (d *Dereferencer) enrichStatus(
 
 	// Ensure we have the author account of the status dereferenced (+ up-to-date). If this is a new status
 	// (i.e. status.AccountID == "") then any error here is irrecoverable. status.AccountID must ALWAYS be set.
-	if _, _, err := d.getAccountByURI(ctx, requestUser, attributedTo); err != nil && status.AccountID == "" {
+	// We want the exact URI match here as well, not the imprecise URL match.
+	if _, _, err := d.getAccountByURI(ctx, requestUser, attributedTo, false); err != nil && status.AccountID == "" {
 
 		// Note that we specifically DO NOT wrap the error, instead collapsing it as string.
 		// Errors fetching an account do not necessarily relate to dereferencing the status.
@@ -671,7 +672,7 @@ func (d *Dereferencer) fetchStatusMentions(
 
 		// Search existing status for a mention already stored,
 		// else ensure new mention's target account is populated.
-		mention, alreadyExists, err = d.getPopulatedMention(ctx,
+		mention, alreadyExists, err = d.populateMentionTarget(ctx,
 			requestUser,
 			existing,
 			mention,
@@ -1290,7 +1291,7 @@ func (d *Dereferencer) handleStatusEdit(
 	return cols, nil
 }
 
-// getPopulatedMention tries to populate the given
+// populateMentionTarget tries to populate the given
 // mention with the correct TargetAccount and (if not
 // yet set) TargetAccountURI, returning the populated
 // mention.
@@ -1302,7 +1303,13 @@ func (d *Dereferencer) handleStatusEdit(
 // Otherwise, this function will try to parse first
 // the Href of the mention, and then the namestring,
 // to see who it targets, and go fetch that account.
-func (d *Dereferencer) getPopulatedMention(
+//
+// Note: Ordinarily it would make sense to try the
+// namestring first, as it definitely can't be a URL
+// rather than a URI, but because some remotes do
+// silly things like only provide `@username` instead
+// of `@username@domain`, we try by URI first.
+func (d *Dereferencer) populateMentionTarget(
 	ctx context.Context,
 	requestUser string,
 	existing *gtsmodel.Status,
@@ -1312,8 +1319,9 @@ func (d *Dereferencer) getPopulatedMention(
 	bool, // True if mention already exists in the DB.
 	error,
 ) {
-	// Mentions can be created using Name or Href.
-	// Prefer Href (TargetAccountURI), fall back to Name.
+	// Mentions can be created using `name` or `href`.
+	//
+	// Prefer `href` (TargetAccountURI), fall back to Name.
 	if mention.TargetAccountURI != "" {
 
 		// Look for existing mention with target account's URI, if so use this.
@@ -1323,19 +1331,24 @@ func (d *Dereferencer) getPopulatedMention(
 		}
 
 		// Ensure that mention account URI is parseable.
-		accountURI, err := url.Parse(mention.TargetAccountURI)
+		targetAccountURI, err := url.Parse(mention.TargetAccountURI)
 		if err != nil {
 			err := gtserror.Newf("invalid account uri %q: %w", mention.TargetAccountURI, err)
 			return nil, false, err
 		}
 
-		// Ensure we have  account of the mention target dereferenced.
+		// Ensure we have the account of
+		// the mention target dereferenced.
+		//
+		// Use exact URI match only, not URL,
+		// as we want to be precise here.
 		mention.TargetAccount, _, err = d.getAccountByURI(ctx,
 			requestUser,
-			accountURI,
+			targetAccountURI,
+			false,
 		)
 		if err != nil {
-			err := gtserror.Newf("failed to dereference account %s: %w", accountURI, err)
+			err := gtserror.Newf("failed to dereference account %s: %w", targetAccountURI, err)
 			return nil, false, err
 		}
 	} else {
@@ -1353,17 +1366,32 @@ func (d *Dereferencer) getPopulatedMention(
 			return existingMention, true, nil
 		}
 
-		// Ensure we have the account of the mention target dereferenced.
+		// Ensure we have the account of
+		// the mention target dereferenced.
+		//
+		// This might fail if the remote does
+		// something silly like only setting
+		// `@username` and not `@username@domain`.
 		mention.TargetAccount, _, err = d.getAccountByUsernameDomain(ctx,
 			requestUser,
 			username,
 			domain,
 		)
-		if err != nil {
+		if err != nil && !errors.Is(err, db.ErrNoEntries) {
 			err := gtserror.Newf("failed to dereference account %s: %w", mention.NameString, err)
 			return nil, false, err
 		}
 
+		if mention.TargetAccount == nil {
+			// Probably failed for abovementioned
+			// silly reason. Nothing we can do about it.
+			err := gtserror.Newf(
+				"failed to populate mention target account (badly formatted namestring?) %s: %w",
+				mention.NameString, err,
+			)
+			return nil, false, err
+		}
+
 		// Look for existing mention with target account's URI, if so use this.
 		existingMention, ok = existing.GetMentionByTargetURI(mention.TargetAccountURI)
 		if ok && existingMention.ID != "" {
diff --git a/internal/federation/federatingdb/followers.go b/internal/federation/federatingdb/followers.go
index eb46ce83f..eb224960e 100644
--- a/internal/federation/federatingdb/followers.go
+++ b/internal/federation/federatingdb/followers.go
@@ -33,7 +33,7 @@ import (
 //
 // The library makes this call only after acquiring a lock first.
 func (f *federatingDB) Followers(ctx context.Context, actorIRI *url.URL) (followers vocab.ActivityStreamsCollection, err error) {
-	acct, err := f.getAccountForIRI(ctx, actorIRI)
+	acct, err := f.state.DB.GetAccountByURI(ctx, actorIRI.String())
 	if err != nil {
 		return nil, err
 	}
diff --git a/internal/federation/federatingdb/following.go b/internal/federation/federatingdb/following.go
index fc7b45268..793bdc9d5 100644
--- a/internal/federation/federatingdb/following.go
+++ b/internal/federation/federatingdb/following.go
@@ -32,7 +32,7 @@ import (
 //
 // The library makes this call only after acquiring a lock first.
 func (f *federatingDB) Following(ctx context.Context, actorIRI *url.URL) (following vocab.ActivityStreamsCollection, err error) {
-	acct, err := f.getAccountForIRI(ctx, actorIRI)
+	acct, err := f.state.DB.GetAccountByURI(ctx, actorIRI.String())
 	if err != nil {
 		return nil, err
 	}
diff --git a/internal/federation/federatingdb/outbox.go b/internal/federation/federatingdb/outbox.go
index 7bcc1f37a..116dde56f 100644
--- a/internal/federation/federatingdb/outbox.go
+++ b/internal/federation/federatingdb/outbox.go
@@ -46,12 +46,12 @@ func (f *federatingDB) SetOutbox(ctx context.Context, outbox vocab.ActivityStrea
 	return nil
 }
 
-// OutboxForInbox fetches the corresponding actor's outbox IRI for the
+// OutboxForInbox fetches the corresponding local actor's outbox IRI for the
 // actor's inbox IRI.
 //
 // The library makes this call only after acquiring a lock first.
 func (f *federatingDB) OutboxForInbox(ctx context.Context, inboxIRI *url.URL) (outboxIRI *url.URL, err error) {
-	acct, err := f.getAccountForIRI(ctx, inboxIRI)
+	acct, err := f.state.DB.GetOneAccountByInboxURI(ctx, inboxIRI.String())
 	if err != nil {
 		return nil, err
 	}
diff --git a/internal/federation/federatingdb/util.go b/internal/federation/federatingdb/util.go
index 47390c0f6..6d5334076 100644
--- a/internal/federation/federatingdb/util.go
+++ b/internal/federation/federatingdb/util.go
@@ -28,7 +28,6 @@ import (
 	"codeberg.org/superseriousbusiness/activity/streams/vocab"
 	"github.com/superseriousbusiness/gotosocial/internal/ap"
 	"github.com/superseriousbusiness/gotosocial/internal/config"
-	"github.com/superseriousbusiness/gotosocial/internal/db"
 	"github.com/superseriousbusiness/gotosocial/internal/gtscontext"
 	"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
 	"github.com/superseriousbusiness/gotosocial/internal/id"
@@ -126,83 +125,30 @@ func (f *federatingDB) NewID(ctx context.Context, t vocab.Type) (idURL *url.URL,
 	return url.Parse(fmt.Sprintf("%s://%s/%s", config.GetProtocol(), config.GetHost(), newID))
 }
 
-// ActorForOutbox fetches the actor's IRI for the given outbox IRI.
+// ActorForOutbox fetches the local actor's IRI for the given outbox IRI.
 //
 // The library makes this call only after acquiring a lock first.
 func (f *federatingDB) ActorForOutbox(ctx context.Context, outboxIRI *url.URL) (actorIRI *url.URL, err error) {
-	acct, err := f.getAccountForIRI(ctx, outboxIRI)
+	acct, err := f.state.DB.GetOneAccountByOutboxURI(ctx, outboxIRI.String())
 	if err != nil {
 		return nil, err
 	}
 	return url.Parse(acct.URI)
 }
 
-// ActorForInbox fetches the actor's IRI for the given outbox IRI.
+// ActorForInbox fetches the local actor's IRI for the given inbox IRI.
 //
 // The library makes this call only after acquiring a lock first.
 func (f *federatingDB) ActorForInbox(ctx context.Context, inboxIRI *url.URL) (actorIRI *url.URL, err error) {
-	acct, err := f.getAccountForIRI(ctx, inboxIRI)
+	acct, err := f.state.DB.GetOneAccountByInboxURI(ctx, inboxIRI.String())
 	if err != nil {
 		return nil, err
 	}
 	return url.Parse(acct.URI)
 }
 
-// getAccountForIRI returns the account that corresponds to or owns the given IRI.
-func (f *federatingDB) getAccountForIRI(ctx context.Context, iri *url.URL) (*gtsmodel.Account, error) {
-	var (
-		acct *gtsmodel.Account
-		err  error
-	)
-
-	switch {
-	case uris.IsUserPath(iri):
-		if acct, err = f.state.DB.GetAccountByURI(ctx, iri.String()); err != nil {
-			if err == db.ErrNoEntries {
-				return nil, fmt.Errorf("no actor found that corresponds to uri %s", iri.String())
-			}
-			return nil, fmt.Errorf("db error searching for actor with uri %s", iri.String())
-		}
-		return acct, nil
-	case uris.IsInboxPath(iri):
-		if acct, err = f.state.DB.GetAccountByInboxURI(ctx, iri.String()); err != nil {
-			if err == db.ErrNoEntries {
-				return nil, fmt.Errorf("no actor found that corresponds to inbox %s", iri.String())
-			}
-			return nil, fmt.Errorf("db error searching for actor with inbox %s", iri.String())
-		}
-		return acct, nil
-	case uris.IsOutboxPath(iri):
-		if acct, err = f.state.DB.GetAccountByOutboxURI(ctx, iri.String()); err != nil {
-			if err == db.ErrNoEntries {
-				return nil, fmt.Errorf("no actor found that corresponds to outbox %s", iri.String())
-			}
-			return nil, fmt.Errorf("db error searching for actor with outbox %s", iri.String())
-		}
-		return acct, nil
-	case uris.IsFollowersPath(iri):
-		if acct, err = f.state.DB.GetAccountByFollowersURI(ctx, iri.String()); err != nil {
-			if err == db.ErrNoEntries {
-				return nil, fmt.Errorf("no actor found that corresponds to followers_uri %s", iri.String())
-			}
-			return nil, fmt.Errorf("db error searching for actor with followers_uri %s", iri.String())
-		}
-		return acct, nil
-	case uris.IsFollowingPath(iri):
-		if acct, err = f.state.DB.GetAccountByFollowingURI(ctx, iri.String()); err != nil {
-			if err == db.ErrNoEntries {
-				return nil, fmt.Errorf("no actor found that corresponds to following_uri %s", iri.String())
-			}
-			return nil, fmt.Errorf("db error searching for actor with following_uri %s", iri.String())
-		}
-		return acct, nil
-	default:
-		return nil, fmt.Errorf("getActorForIRI: iri %s not recognised", iri)
-	}
-}
-
 // collectFollows takes a slice of iris and converts them into ActivityStreamsCollection of IRIs.
-func (f *federatingDB) collectIRIs(ctx context.Context, iris []*url.URL) (vocab.ActivityStreamsCollection, error) {
+func (f *federatingDB) collectIRIs(_ context.Context, iris []*url.URL) (vocab.ActivityStreamsCollection, error) {
 	collection := streams.NewActivityStreamsCollection()
 	items := streams.NewActivityStreamsItemsProperty()
 	for _, i := range iris {
diff --git a/internal/gtsmodel/account.go b/internal/gtsmodel/account.go
index bb07b8b16..d681304ba 100644
--- a/internal/gtsmodel/account.go
+++ b/internal/gtsmodel/account.go
@@ -31,57 +31,247 @@ import (
 	"github.com/superseriousbusiness/gotosocial/internal/log"
 )
 
-// Account represents either a local or a remote fediverse
-// account, gotosocial or otherwise (mastodon, pleroma, etc).
+// Account represents either a local or a remote ActivityPub actor.
+// https://www.w3.org/TR/activitypub/#actor-objects
 type Account struct {
-	ID                      string           `bun:"type:CHAR(26),pk,nullzero,notnull,unique"`                    // id of this item in the database
-	CreatedAt               time.Time        `bun:"type:timestamptz,nullzero,notnull,default:current_timestamp"` // when was item created.
-	UpdatedAt               time.Time        `bun:"type:timestamptz,nullzero,notnull,default:current_timestamp"` // when was item was last updated.
-	FetchedAt               time.Time        `bun:"type:timestamptz,nullzero"`                                   // when was item (remote) last fetched.
-	Username                string           `bun:",nullzero,notnull,unique:usernamedomain"`                     // Username of the account, should just be a string of [a-zA-Z0-9_]. Can be added to domain to create the full username in the form ``[username]@[domain]`` eg., ``user_96@example.org``. Username and domain should be unique *with* each other
-	Domain                  string           `bun:",nullzero,unique:usernamedomain"`                             // Domain of the account, will be null if this is a local account, otherwise something like ``example.org``. Should be unique with username.
-	AvatarMediaAttachmentID string           `bun:"type:CHAR(26),nullzero"`                                      // Database ID of the media attachment, if present
-	AvatarMediaAttachment   *MediaAttachment `bun:"rel:belongs-to"`                                              // MediaAttachment corresponding to avatarMediaAttachmentID
-	AvatarRemoteURL         string           `bun:",nullzero"`                                                   // For a non-local account, where can the header be fetched?
-	HeaderMediaAttachmentID string           `bun:"type:CHAR(26),nullzero"`                                      // Database ID of the media attachment, if present
-	HeaderMediaAttachment   *MediaAttachment `bun:"rel:belongs-to"`                                              // MediaAttachment corresponding to headerMediaAttachmentID
-	HeaderRemoteURL         string           `bun:",nullzero"`                                                   // For a non-local account, where can the header be fetched?
-	DisplayName             string           `bun:""`                                                            // DisplayName for this account. Can be empty, then just the Username will be used for display purposes.
-	EmojiIDs                []string         `bun:"emojis,array"`                                                // Database IDs of any emojis used in this account's bio, display name, etc
-	Emojis                  []*Emoji         `bun:"attached_emojis,m2m:account_to_emojis"`                       // Emojis corresponding to emojiIDs. https://bun.uptrace.dev/guide/relations.html#many-to-many-relation
-	Fields                  []*Field         `bun:""`                                                            // A slice of of fields that this account has added to their profile.
-	FieldsRaw               []*Field         `bun:""`                                                            // The raw (unparsed) content of fields that this account has added to their profile, without conversion to HTML, only available when requester = target
-	Note                    string           `bun:""`                                                            // A note that this account has on their profile (ie., the account's bio/description of themselves)
-	NoteRaw                 string           `bun:""`                                                            // The raw contents of .Note without conversion to HTML, only available when requester = target
-	Memorial                *bool            `bun:",default:false"`                                              // Is this a memorial account, ie., has the user passed away?
-	AlsoKnownAsURIs         []string         `bun:"also_known_as_uris,array"`                                    // This account is associated with these account URIs.
-	AlsoKnownAs             []*Account       `bun:"-"`                                                           // This account is associated with these accounts (field not stored in the db).
-	MovedToURI              string           `bun:",nullzero"`                                                   // This account has (or claims to have) moved to this account URI. Even if this field is set the move may not yet have been processed. Check `move` for this.
-	MovedTo                 *Account         `bun:"-"`                                                           // This account has moved to this account (field not stored in the db).
-	MoveID                  string           `bun:"type:CHAR(26),nullzero"`                                      // ID of a Move in the database for this account. Only set if we received or created a Move activity for which this account URI was the origin.
-	Move                    *Move            `bun:"-"`                                                           // Move corresponding to MoveID, if set.
-	Bot                     *bool            `bun:",default:false"`                                              // Does this account identify itself as a bot?
-	Locked                  *bool            `bun:",default:true"`                                               // Does this account need an approval for new followers?
-	Discoverable            *bool            `bun:",default:false"`                                              // Should this account be shown in the instance's profile directory?
-	URI                     string           `bun:",nullzero,notnull,unique"`                                    // ActivityPub URI for this account.
-	URL                     string           `bun:",nullzero,unique"`                                            // Web URL for this account's profile
-	InboxURI                string           `bun:",nullzero,unique"`                                            // Address of this account's ActivityPub inbox, for sending activity to
-	SharedInboxURI          *string          `bun:""`                                                            // Address of this account's ActivityPub sharedInbox. Gotcha warning: this is a string pointer because it has three possible states: 1. We don't know yet if the account has a shared inbox -- null. 2. We know it doesn't have a shared inbox -- empty string. 3. We know it does have a shared inbox -- url string.
-	OutboxURI               string           `bun:",nullzero,unique"`                                            // Address of this account's activitypub outbox
-	FollowingURI            string           `bun:",nullzero,unique"`                                            // URI for getting the following list of this account
-	FollowersURI            string           `bun:",nullzero,unique"`                                            // URI for getting the followers list of this account
-	FeaturedCollectionURI   string           `bun:",nullzero,unique"`                                            // URL for getting the featured collection list of this account
-	ActorType               string           `bun:",nullzero,notnull"`                                           // What type of activitypub actor is this account?
-	PrivateKey              *rsa.PrivateKey  `bun:""`                                                            // Privatekey for signing activitypub requests, will only be defined for local accounts
-	PublicKey               *rsa.PublicKey   `bun:",notnull"`                                                    // Publickey for authorizing signed activitypub requests, will be defined for both local and remote accounts
-	PublicKeyURI            string           `bun:",nullzero,notnull,unique"`                                    // Web-reachable location of this account's public key
-	PublicKeyExpiresAt      time.Time        `bun:"type:timestamptz,nullzero"`                                   // PublicKey will expire/has expired at given time, and should be fetched again as appropriate. Only ever set for remote accounts.
-	SensitizedAt            time.Time        `bun:"type:timestamptz,nullzero"`                                   // When was this account set to have all its media shown as sensitive?
-	SilencedAt              time.Time        `bun:"type:timestamptz,nullzero"`                                   // When was this account silenced (eg., statuses only visible to followers, not public)?
-	SuspendedAt             time.Time        `bun:"type:timestamptz,nullzero"`                                   // When was this account suspended (eg., don't allow it to log in/post, don't accept media/posts from this account)
-	SuspensionOrigin        string           `bun:"type:CHAR(26),nullzero"`                                      // id of the database entry that caused this account to become suspended -- can be an account ID or a domain block ID
-	Settings                *AccountSettings `bun:"-"`                                                           // gtsmodel.AccountSettings for this account.
-	Stats                   *AccountStats    `bun:"-"`                                                           // gtsmodel.AccountStats for this account.
+	// Database ID of the account.
+	ID string `bun:"type:CHAR(26),pk,nullzero,notnull,unique"`
+
+	// Datetime when the account was created.
+	// Corresponds to ActivityStreams `published` prop.
+	CreatedAt time.Time `bun:"type:timestamptz,nullzero,notnull,default:current_timestamp"`
+
+	// Datetime when was the account was last updated,
+	// ie., when the actor last sent out an Update
+	// activity, or if never, when it was `published`.
+	UpdatedAt time.Time `bun:"type:timestamptz,nullzero,notnull,default:current_timestamp"`
+
+	// Datetime when the account was last fetched /
+	// dereferenced by this GoToSocial instance.
+	FetchedAt time.Time `bun:"type:timestamptz,nullzero"`
+
+	// Username of the account.
+	//
+	// Corresponds to AS `preferredUsername` prop, which gives
+	// no uniqueness guarantee. However, we do enforce uniqueness
+	// for it as, in practice, it always is and we rely on this.
+	Username string `bun:",nullzero,notnull,unique:accounts_username_domain_uniq"`
+
+	// Domain of the account, discovered via webfinger.
+	//
+	// Null if this is a local account, otherwise
+	// something like `example.org`.
+	Domain string `bun:",nullzero,unique:accounts_username_domain_uniq"`
+
+	// Database ID of the account's avatar MediaAttachment, if set.
+	AvatarMediaAttachmentID string `bun:"type:CHAR(26),nullzero"`
+
+	// MediaAttachment corresponding to AvatarMediaAttachmentID.
+	AvatarMediaAttachment *MediaAttachment `bun:"-"`
+
+	// URL of the avatar media.
+	//
+	// Null for local accounts.
+	AvatarRemoteURL string `bun:",nullzero"`
+
+	// Database ID of the account's header MediaAttachment, if set.
+	HeaderMediaAttachmentID string `bun:"type:CHAR(26),nullzero"`
+
+	// MediaAttachment corresponding to HeaderMediaAttachmentID.
+	HeaderMediaAttachment *MediaAttachment `bun:"-"`
+
+	// URL of the header media.
+	//
+	// Null for local accounts.
+	HeaderRemoteURL string `bun:",nullzero"`
+
+	// Display name for this account, if set.
+	//
+	// Corresponds to the ActivityStreams `name` property.
+	//
+	// If null, fall back to username for display purposes.
+	DisplayName string `bun:",nullzero"`
+
+	// Database IDs of any emojis used in
+	// this account's bio, display name, etc
+	EmojiIDs []string `bun:"emojis,array"`
+
+	// Emojis corresponding to EmojiIDs.
+	Emojis []*Emoji `bun:"-"`
+
+	// A slice of of key/value fields that
+	// this account has added to their profile.
+	//
+	// Corresponds to schema.org PropertyValue types in `attachments`.
+	Fields []*Field `bun:",nullzero"`
+
+	// The raw (unparsed) content of fields that this
+	// account has added to their profile, before
+	// conversion to HTML.
+	//
+	// Only set for local accounts.
+	FieldsRaw []*Field `bun:",nullzero"`
+
+	// A note that this account has on their profile
+	// (ie., the account's bio/description of themselves).
+	//
+	// Corresponds to the ActivityStreams `summary` property.
+	Note string `bun:",nullzero"`
+
+	// The raw (unparsed) version of Note, before conversion to HTML.
+	//
+	// Only set for local accounts.
+	NoteRaw string `bun:",nullzero"`
+
+	// ActivityPub URI/IDs by which this account is also known.
+	//
+	// Corresponds to the ActivityStreams `alsoKnownAs` property.
+	AlsoKnownAsURIs []string `bun:"also_known_as_uris,array"`
+
+	// Accounts matching AlsoKnownAsURIs.
+	AlsoKnownAs []*Account `bun:"-"`
+
+	// URI/ID to which the account has (or claims to have) moved.
+	//
+	// Corresponds to the ActivityStreams `movedTo` property.
+	//
+	// Even if this field is set the move may not yet have been
+	// processed. Check `move` for this.
+	MovedToURI string `bun:",nullzero"`
+
+	// Account matching MovedToURI.
+	MovedTo *Account `bun:"-"`
+
+	// ID of a Move in the database for this account.
+	// Only set if we received or created a Move activity
+	// for which this account URI was the origin.
+	MoveID string `bun:"type:CHAR(26),nullzero"`
+
+	// Move corresponding to MoveID, if set.
+	Move *Move `bun:"-"`
+
+	// True if account requires manual approval of Follows.
+	//
+	// Corresponds to AS `manuallyApprovesFollowers` prop.
+	Locked *bool `bun:",nullzero,notnull,default:true"`
+
+	// True if account has opted in to being shown in
+	// directories and exposed to search engines.
+	//
+	// Corresponds to the toot `discoverable` property.
+	Discoverable *bool `bun:",nullzero,notnull,default:false"`
+
+	// ActivityPub URI/ID for this account.
+	//
+	// Must be set, must be unique.
+	URI string `bun:",nullzero,notnull,unique"`
+
+	// URL at which a web representation of this
+	// account should be available, if set.
+	//
+	// Corresponds to ActivityStreams `url` prop.
+	URL string `bun:",nullzero"`
+
+	// URI of the actor's inbox.
+	//
+	// Corresponds to ActivityPub `inbox` property.
+	//
+	// According to AP this MUST be set, but some
+	// implementations don't set it for service actors.
+	InboxURI string `bun:",nullzero"`
+
+	// URI/ID of this account's sharedInbox, if set.
+	//
+	// Corresponds to ActivityPub `endpoints.sharedInbox`.
+	//
+	// Gotcha warning: this is a string pointer because
+	// it has three possible states:
+	//
+	//   1. null: We don't know (yet) if actor has a shared inbox.
+	//   2. empty: We know it doesn't have a shared inbox.
+	//   3. not empty: We know it does have a shared inbox.
+	SharedInboxURI *string `bun:""`
+
+	// URI/ID of the actor's outbox.
+	//
+	// Corresponds to ActivityPub `outbox` property.
+	//
+	// According to AP this MUST be set, but some
+	// implementations don't set it for service actors.
+	OutboxURI string `bun:",nullzero"`
+
+	// URI/ID of the actor's following collection.
+	//
+	// Corresponds to ActivityPub `following` property.
+	//
+	// According to AP this SHOULD be set.
+	FollowingURI string `bun:",nullzero"`
+
+	// URI/ID of the actor's followers collection.
+	//
+	// Corresponds to ActivityPub `followers` property.
+	//
+	// According to AP this SHOULD be set.
+	FollowersURI string `bun:",nullzero"`
+
+	// URI/ID of the actor's featured collection.
+	//
+	// Corresponds to the Toot `featured` property.
+	FeaturedCollectionURI string `bun:",nullzero"`
+
+	// ActivityStreams type of the actor.
+	//
+	// Application, Group, Organization, Person, or Service.
+	ActorType AccountActorType `bun:",nullzero,notnull"`
+
+	// Private key for signing http requests.
+	//
+	// Only defined for local accounts
+	PrivateKey *rsa.PrivateKey `bun:""`
+
+	// Public key for authorizing signed http requests.
+	//
+	// Defined for both local and remote accounts
+	PublicKey *rsa.PublicKey `bun:",notnull"`
+
+	// Dereferenceable location of this actor's public key.
+	//
+	// Corresponds to https://w3id.org/security/v1 `publicKey.id`.
+	PublicKeyURI string `bun:",nullzero,notnull,unique"`
+
+	// Datetime at which public key will expire/has expired,
+	// and should be fetched again as appropriate.
+	//
+	// Only ever set for remote accounts.
+	PublicKeyExpiresAt time.Time `bun:"type:timestamptz,nullzero"`
+
+	// Datetime at which account was marked as a "memorial",
+	// ie., user owning the account has passed away.
+	MemorializedAt time.Time `bun:"type:timestamptz,nullzero"`
+
+	// Datetime at which account was set to
+	// have all its media shown as sensitive.
+	SensitizedAt time.Time `bun:"type:timestamptz,nullzero"`
+
+	// Datetime at which account was silenced.
+	SilencedAt time.Time `bun:"type:timestamptz,nullzero"`
+
+	// Datetime at which account was suspended.
+	SuspendedAt time.Time `bun:"type:timestamptz,nullzero"`
+
+	// ID of the database entry that caused this account to
+	// be suspended. Can be an account ID or a domain block ID.
+	SuspensionOrigin string `bun:"type:CHAR(26),nullzero"`
+
+	// gtsmodel.AccountSettings for this account.
+	//
+	// Local, non-instance-actor accounts only.
+	Settings *AccountSettings `bun:"-"`
+
+	// gtsmodel.AccountStats for this account.
+	//
+	// Local accounts only.
+	Stats *AccountStats `bun:"-"`
 }
 
 // UsernameDomain returns account @username@domain (missing domain if local).
@@ -215,6 +405,59 @@ type Field struct {
 	VerifiedAt time.Time `bun:",nullzero"` // This field was verified at (optional).
 }
 
+// AccountActorType is the ActivityStreams type of an actor.
+type AccountActorType enumType
+
+const (
+	AccountActorTypeUnknown      AccountActorType = 0
+	AccountActorTypeApplication  AccountActorType = 1 // https://www.w3.org/TR/activitystreams-vocabulary/#dfn-application
+	AccountActorTypeGroup        AccountActorType = 2 // https://www.w3.org/TR/activitystreams-vocabulary/#dfn-group
+	AccountActorTypeOrganization AccountActorType = 3 // https://www.w3.org/TR/activitystreams-vocabulary/#dfn-organization
+	AccountActorTypePerson       AccountActorType = 4 // https://www.w3.org/TR/activitystreams-vocabulary/#dfn-person
+	AccountActorTypeService      AccountActorType = 5 // https://www.w3.org/TR/activitystreams-vocabulary/#dfn-service
+)
+
+// String returns a stringified form of AccountActorType.
+func (t AccountActorType) String() string {
+	switch t {
+	case AccountActorTypeApplication:
+		return "Application"
+	case AccountActorTypeGroup:
+		return "Group"
+	case AccountActorTypeOrganization:
+		return "Organization"
+	case AccountActorTypePerson:
+		return "Person"
+	case AccountActorTypeService:
+		return "Service"
+	default:
+		panic("invalid notification type")
+	}
+}
+
+// ParseAccountActorType returns an
+// actor type from the given value.
+func ParseAccountActorType(in string) AccountActorType {
+	switch strings.ToLower(in) {
+	case "application":
+		return AccountActorTypeApplication
+	case "group":
+		return AccountActorTypeGroup
+	case "organization":
+		return AccountActorTypeOrganization
+	case "person":
+		return AccountActorTypePerson
+	case "service":
+		return AccountActorTypeService
+	default:
+		return AccountActorTypeUnknown
+	}
+}
+
+func (t AccountActorType) IsBot() bool {
+	return t == AccountActorTypeApplication || t == AccountActorTypeService
+}
+
 // Relationship describes a requester's relationship with another account.
 type Relationship struct {
 	ID                  string // The account id.
diff --git a/internal/processing/account/alias.go b/internal/processing/account/alias.go
index d7d4cf547..ca27a518c 100644
--- a/internal/processing/account/alias.go
+++ b/internal/processing/account/alias.go
@@ -107,9 +107,14 @@ func (p *Processor) Alias(
 		}
 
 		// Ensure we have account dereferenced.
+		//
+		// As this comes from user input, allow checking
+		// by URL to make things easier, not just to an
+		// exact AP URI (which a user might not even know).
 		targetAccount, _, err := p.federator.GetAccountByURI(ctx,
 			account.Username,
 			newAKA.uri,
+			true,
 		)
 		if err != nil {
 			err := fmt.Errorf(
diff --git a/internal/processing/account/delete.go b/internal/processing/account/delete.go
index ab64c3270..2d3ef88de 100644
--- a/internal/processing/account/delete.go
+++ b/internal/processing/account/delete.go
@@ -528,7 +528,7 @@ func stubbifyAccount(account *gtsmodel.Account, origin string) []string {
 	account.Fields = nil
 	account.Note = ""
 	account.NoteRaw = ""
-	account.Memorial = util.Ptr(false)
+	account.MemorializedAt = never
 	account.AlsoKnownAsURIs = nil
 	account.MovedToURI = ""
 	account.Discoverable = util.Ptr(false)
@@ -546,7 +546,7 @@ func stubbifyAccount(account *gtsmodel.Account, origin string) []string {
 		"fields",
 		"note",
 		"note_raw",
-		"memorial",
+		"memorialized_at",
 		"also_known_as_uris",
 		"moved_to_uri",
 		"discoverable",
diff --git a/internal/processing/account/delete_test.go b/internal/processing/account/delete_test.go
index ee6fe1dfc..587071a11 100644
--- a/internal/processing/account/delete_test.go
+++ b/internal/processing/account/delete_test.go
@@ -64,7 +64,7 @@ func (suite *AccountDeleteTestSuite) TestAccountDeleteLocal() {
 	suite.Nil(updatedAccount.Fields)
 	suite.Zero(updatedAccount.Note)
 	suite.Zero(updatedAccount.NoteRaw)
-	suite.False(*updatedAccount.Memorial)
+	suite.Zero(updatedAccount.MemorializedAt)
 	suite.Empty(updatedAccount.AlsoKnownAsURIs)
 	suite.False(*updatedAccount.Discoverable)
 	suite.WithinDuration(time.Now(), updatedAccount.SuspendedAt, 1*time.Minute)
diff --git a/internal/processing/account/get.go b/internal/processing/account/get.go
index eac0f0c3f..33eb4c101 100644
--- a/internal/processing/account/get.go
+++ b/internal/processing/account/get.go
@@ -66,10 +66,13 @@ func (p *Processor) Get(ctx context.Context, requestingAccount *gtsmodel.Account
 
 		// Perform a last-minute fetch of target account to
 		// ensure remote account header / avatar is cached.
+		//
+		// Match by URI only.
 		latest, _, err := p.federator.GetAccountByURI(
 			gtscontext.SetFastFail(ctx),
 			requestingAccount.Username,
 			targetAccountURI,
+			false,
 		)
 		if err != nil {
 			log.Errorf(ctx, "error fetching latest target account: %v", err)
diff --git a/internal/processing/account/move.go b/internal/processing/account/move.go
index 1c5209e70..c8665cf04 100644
--- a/internal/processing/account/move.go
+++ b/internal/processing/account/move.go
@@ -119,11 +119,15 @@ func (p *Processor) MoveSelf(
 	unlock := p.state.ProcessingLocks.Lock(lockKey)
 	defer unlock()
 
-	// Ensure we have a valid, up-to-date representation of the target account.
+	// Ensure we have a valid, up-to-date
+	// representation of the target account.
+	//
+	// Match by uri only.
 	targetAcct, targetAcctable, err = p.federator.GetAccountByURI(
 		ctx,
 		originAcct.Username,
 		targetAcctURI,
+		false,
 	)
 	if err != nil {
 		const text = "error dereferencing moved_to_uri"
diff --git a/internal/processing/account/update.go b/internal/processing/account/update.go
index a833d72c1..60d2cb8f6 100644
--- a/internal/processing/account/update.go
+++ b/internal/processing/account/update.go
@@ -78,8 +78,8 @@ func (p *Processor) Update(ctx context.Context, account *gtsmodel.Account, form
 	}
 
 	if form.Bot != nil {
-		account.Bot = form.Bot
-		acctColumns = append(acctColumns, "bot")
+		account.ActorType = gtsmodel.AccountActorTypeService
+		acctColumns = append(acctColumns, "actor_type")
 	}
 
 	if form.Locked != nil {
diff --git a/internal/processing/search/get.go b/internal/processing/search/get.go
index d1462cf53..7a65bed1d 100644
--- a/internal/processing/search/get.go
+++ b/internal/processing/search/get.go
@@ -490,7 +490,7 @@ func (p *Processor) byURI(
 
 	if includeAccounts(queryType) {
 		// Check if URI points to an account.
-		foundAccount, err := p.accountByURI(ctx, requestingAccount, uri, resolve)
+		foundAccounts, err := p.accountsByURI(ctx, requestingAccount, uri, resolve)
 		if err != nil {
 			// Check for semi-expected error types.
 			// On one of these, we can continue.
@@ -508,7 +508,9 @@ func (p *Processor) byURI(
 		} else {
 			// Hit! Return early since it's extremely unlikely
 			// a status and an account will have the same URL.
-			appendAccount(foundAccount)
+			for _, foundAccount := range foundAccounts {
+				appendAccount(foundAccount)
+			}
 			return nil
 		}
 	}
@@ -544,35 +546,42 @@ func (p *Processor) byURI(
 	return nil
 }
 
-// accountByURI looks for one account with the given URI.
+// accountsByURI looks for one account with the given URI/ID,
+// then if nothing is found, multiple accounts with the given URL.
+//
 // If resolve is false, it will only look in the database.
 // If resolve is true, it will try to resolve the account
 // from remote using the URI, if necessary.
 //
 // Will return either a hit, ErrNotRetrievable, ErrWrongType,
 // or a real error that the caller should handle.
-func (p *Processor) accountByURI(
+func (p *Processor) accountsByURI(
 	ctx context.Context,
 	requestingAccount *gtsmodel.Account,
 	uri *url.URL,
 	resolve bool,
-) (*gtsmodel.Account, error) {
+) ([]*gtsmodel.Account, error) {
 	if resolve {
 		// We're allowed to resolve, leave the
 		// rest up to the dereferencer functions.
+		//
+		// Allow dereferencing by URL and not just URI;
+		// there are many cases where someone might
+		// paste a URL into the search bar.
 		account, _, err := p.federator.GetAccountByURI(
 			gtscontext.SetFastFail(ctx),
 			requestingAccount.Username,
 			uri,
+			true,
 		)
 
-		return account, err
+		return []*gtsmodel.Account{account}, err
 	}
 
 	// We're not allowed to resolve; search database only.
 	uriStr := uri.String() // stringify uri just once
 
-	// Search by ActivityPub URI.
+	// Search for single acct by ActivityPub URI.
 	account, err := p.state.DB.GetAccountByURI(ctx, uriStr)
 	if err != nil && !errors.Is(err, db.ErrNoEntries) {
 		err = gtserror.Newf("error checking database for account using URI %s: %w", uriStr, err)
@@ -581,22 +590,22 @@ func (p *Processor) accountByURI(
 
 	if account != nil {
 		// We got a hit! No need to continue.
-		return account, nil
+		return []*gtsmodel.Account{account}, nil
 	}
 
-	// No hit yet. Fallback to try by URL.
-	account, err = p.state.DB.GetAccountByURL(ctx, uriStr)
+	// No hit yet. Fallback to look for any accounts with URL.
+	accounts, err := p.state.DB.GetAccountsByURL(ctx, uriStr)
 	if err != nil && !errors.Is(err, db.ErrNoEntries) {
-		err = gtserror.Newf("error checking database for account using URL %s: %w", uriStr, err)
+		err = gtserror.Newf("error checking database for accounts using URL %s: %w", uriStr, err)
 		return nil, err
 	}
 
-	if account != nil {
-		// We got a hit! No need to continue.
-		return account, nil
+	if len(accounts) != 0 {
+		// We got hits! No need to continue.
+		return accounts, nil
 	}
 
-	err = fmt.Errorf("account %s could not be retrieved locally and we cannot resolve", uriStr)
+	err = fmt.Errorf("account(s) %s could not be retrieved locally and we cannot resolve", uriStr)
 	return nil, gtserror.SetUnretrievable(err)
 }
 
diff --git a/internal/processing/workers/fromfediapi_move.go b/internal/processing/workers/fromfediapi_move.go
index d1e43c0c7..d2f06de5d 100644
--- a/internal/processing/workers/fromfediapi_move.go
+++ b/internal/processing/workers/fromfediapi_move.go
@@ -303,10 +303,13 @@ func (p *fediAPI) MoveAccount(ctx context.Context, fMsg *messages.FromFediAPI) e
 	}
 
 	// Account to which the Move is taking place.
+	//
+	// Match by uri only.
 	targetAcct, targetAcctable, err := p.federate.GetAccountByURI(
 		ctx,
 		fMsg.Receiving.Username,
 		targetAcctURI,
+		false,
 	)
 	if err != nil {
 		return gtserror.Newf(
diff --git a/internal/trans/import_test.go b/internal/trans/import_test.go
index 5177ec45b..12094f27e 100644
--- a/internal/trans/import_test.go
+++ b/internal/trans/import_test.go
@@ -103,8 +103,7 @@ func (suite *ImportMinimalTestSuite) TestImportMinimalOK() {
 	suite.Equal(testAccountBefore.DisplayName, testAccountAfter.DisplayName)
 	suite.Equal(testAccountBefore.Note, testAccountAfter.Note)
 	suite.Equal(testAccountBefore.NoteRaw, testAccountAfter.NoteRaw)
-	suite.Equal(testAccountBefore.Memorial, testAccountAfter.Memorial)
-	suite.Equal(testAccountBefore.Bot, testAccountAfter.Bot)
+	suite.Equal(testAccountBefore.MemorializedAt, testAccountAfter.MemorializedAt)
 	suite.Equal(testAccountBefore.Locked, testAccountAfter.Locked)
 	suite.Equal(testAccountBefore.URI, testAccountAfter.URI)
 	suite.Equal(testAccountBefore.URL, testAccountAfter.URL)
diff --git a/internal/trans/model/account.go b/internal/trans/model/account.go
index 097dea3a3..ffcb0d5ae 100644
--- a/internal/trans/model/account.go
+++ b/internal/trans/model/account.go
@@ -34,8 +34,6 @@ type Account struct {
 	DisplayName           string          `json:"displayName,omitempty" bun:",nullzero"`
 	Note                  string          `json:"note,omitempty" bun:",nullzero"`
 	NoteRaw               string          `json:"noteRaw,omitempty" bun:",nullzero"`
-	Memorial              *bool           `json:"memorial"`
-	Bot                   *bool           `json:"bot"`
 	Locked                *bool           `json:"locked"`
 	Discoverable          *bool           `json:"discoverable"`
 	URI                   string          `json:"uri" bun:",nullzero"`
@@ -45,7 +43,7 @@ type Account struct {
 	FollowingURI          string          `json:"followingUri" bun:",nullzero"`
 	FollowersURI          string          `json:"followersUri" bun:",nullzero"`
 	FeaturedCollectionURI string          `json:"featuredCollectionUri" bun:",nullzero"`
-	ActorType             string          `json:"actorType" bun:",nullzero"`
+	ActorType             int16           `json:"actorType" bun:",nullzero"`
 	PrivateKey            *rsa.PrivateKey `json:"-" mapstructure:"-"`
 	PrivateKeyString      string          `json:"privateKey,omitempty" mapstructure:"privateKey" bun:"-"`
 	PublicKey             *rsa.PublicKey  `json:"-" mapstructure:"-"`
diff --git a/internal/typeutils/astointernal.go b/internal/typeutils/astointernal.go
index 741e1509e..80e1de378 100644
--- a/internal/typeutils/astointernal.go
+++ b/internal/typeutils/astointernal.go
@@ -70,19 +70,10 @@ func (c *Converter) ASRepresentationToAccount(
 	acct.URI = uri
 
 	// Check whether account is a usable actor type.
-	switch acct.ActorType = accountable.GetTypeName(); acct.ActorType {
-
-	// people, groups, and organizations aren't bots
-	case ap.ActorPerson, ap.ActorGroup, ap.ActorOrganization:
-		acct.Bot = util.Ptr(false)
-
-	// apps and services are
-	case ap.ActorApplication, ap.ActorService:
-		acct.Bot = util.Ptr(true)
-
-	// we don't know what this is!
-	default:
-		err := gtserror.Newf("unusable actor type for %s", uri)
+	actorTypeName := accountable.GetTypeName()
+	acct.ActorType = gtsmodel.ParseAccountActorType(actorTypeName)
+	if acct.ActorType == gtsmodel.AccountActorTypeUnknown {
+		err := gtserror.Newf("unusable actor type %s for %s", actorTypeName, uri)
 		return nil, gtserror.SetMalformed(err)
 	}
 
@@ -161,7 +152,7 @@ func (c *Converter) ASRepresentationToAccount(
 	acct.Note = ap.ExtractSummary(accountable)
 
 	// Assume not memorial (todo)
-	acct.Memorial = util.Ptr(false)
+	acct.MemorializedAt = time.Time{}
 
 	// Extract 'manuallyApprovesFollowers' aka locked account (default = true).
 	manuallyApprovesFollowers := ap.GetManuallyApprovesFollowers(accountable)
diff --git a/internal/typeutils/astointernal_test.go b/internal/typeutils/astointernal_test.go
index 67b7d75af..589a22df9 100644
--- a/internal/typeutils/astointernal_test.go
+++ b/internal/typeutils/astointernal_test.go
@@ -204,7 +204,6 @@ func (suite *ASToInternalTestSuite) TestParseOwncastService() {
 	suite.Equal("https://owncast.example.org/logo/external", acct.HeaderRemoteURL)
 	suite.Equal("Rob's Owncast Server", acct.DisplayName)
 	suite.Equal("linux audio stuff", acct.Note)
-	suite.True(*acct.Bot)
 	suite.False(*acct.Locked)
 	suite.True(*acct.Discoverable)
 	suite.Equal("https://owncast.example.org/federation/user/rgh", acct.URI)
@@ -212,7 +211,7 @@ func (suite *ASToInternalTestSuite) TestParseOwncastService() {
 	suite.Equal("https://owncast.example.org/federation/user/rgh/inbox", acct.InboxURI)
 	suite.Equal("https://owncast.example.org/federation/user/rgh/outbox", acct.OutboxURI)
 	suite.Equal("https://owncast.example.org/federation/user/rgh/followers", acct.FollowersURI)
-	suite.Equal("Service", acct.ActorType)
+	suite.Equal(gtsmodel.AccountActorTypeService, acct.ActorType)
 	suite.Equal("https://owncast.example.org/federation/user/rgh#main-key", acct.PublicKeyURI)
 
 	acct.ID = "01G42D57DTCJQE8XT9KD4K88RK"
diff --git a/internal/typeutils/internaltoas.go b/internal/typeutils/internaltoas.go
index 7d420de2c..4e6c6da77 100644
--- a/internal/typeutils/internaltoas.go
+++ b/internal/typeutils/internaltoas.go
@@ -36,7 +36,6 @@ import (
 	"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
 	"github.com/superseriousbusiness/gotosocial/internal/log"
 	"github.com/superseriousbusiness/gotosocial/internal/uris"
-	"github.com/superseriousbusiness/gotosocial/internal/util"
 	"github.com/superseriousbusiness/gotosocial/internal/util/xslices"
 )
 
@@ -49,7 +48,7 @@ func (c *Converter) AccountToAS(
 	// accountable is a service if this
 	// is a bot account, otherwise a person.
 	var accountable ap.Accountable
-	if util.PtrOrZero(a.Bot) {
+	if a.ActorType.IsBot() {
 		accountable = streams.NewActivityStreamsService()
 	} else {
 		accountable = streams.NewActivityStreamsPerson()
@@ -393,7 +392,7 @@ func (c *Converter) AccountToASMinimal(
 	// accountable is a service if this
 	// is a bot account, otherwise a person.
 	var accountable ap.Accountable
-	if util.PtrOrZero(a.Bot) {
+	if a.ActorType.IsBot() {
 		accountable = streams.NewActivityStreamsService()
 	} else {
 		accountable = streams.NewActivityStreamsPerson()
diff --git a/internal/typeutils/internaltoas_test.go b/internal/typeutils/internaltoas_test.go
index 32f835da1..0db705ca7 100644
--- a/internal/typeutils/internaltoas_test.go
+++ b/internal/typeutils/internaltoas_test.go
@@ -27,7 +27,6 @@ import (
 	"github.com/superseriousbusiness/gotosocial/internal/ap"
 	"github.com/superseriousbusiness/gotosocial/internal/db"
 	"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
-	"github.com/superseriousbusiness/gotosocial/internal/util"
 	"github.com/superseriousbusiness/gotosocial/testrig"
 )
 
@@ -100,7 +99,7 @@ func (suite *InternalToASTestSuite) TestAccountToASBot() {
 	*testAccount = *suite.testAccounts["local_account_1"] // take zork for this test
 
 	// Update zork to be a bot.
-	testAccount.Bot = util.Ptr(true)
+	testAccount.ActorType = gtsmodel.AccountActorTypeService
 	if err := suite.state.DB.UpdateAccount(context.Background(), testAccount); err != nil {
 		suite.FailNow(err.Error())
 	}
diff --git a/internal/typeutils/internaltofrontend.go b/internal/typeutils/internaltofrontend.go
index 62a1ebc1e..7584e2b26 100644
--- a/internal/typeutils/internaltofrontend.go
+++ b/internal/typeutils/internaltofrontend.go
@@ -361,7 +361,6 @@ func (c *Converter) accountToAPIAccountPublic(ctx context.Context, a *gtsmodel.A
 	var (
 		locked       = util.PtrOrValue(a.Locked, true)
 		discoverable = util.PtrOrValue(a.Discoverable, false)
-		bot          = util.PtrOrValue(a.Bot, false)
 	)
 
 	// Remaining properties are simple and
@@ -374,7 +373,7 @@ func (c *Converter) accountToAPIAccountPublic(ctx context.Context, a *gtsmodel.A
 		DisplayName:       a.DisplayName,
 		Locked:            locked,
 		Discoverable:      discoverable,
-		Bot:               bot,
+		Bot:               a.ActorType.IsBot(),
 		CreatedAt:         util.FormatISO8601(a.CreatedAt),
 		Note:              a.Note,
 		URL:               a.URL,
@@ -518,7 +517,7 @@ func (c *Converter) AccountToAPIAccountBlocked(ctx context.Context, a *gtsmodel.
 		ID:        a.ID,
 		Username:  a.Username,
 		Acct:      acct,
-		Bot:       *a.Bot,
+		Bot:       a.ActorType.IsBot(),
 		CreatedAt: util.FormatISO8601(a.CreatedAt),
 		URL:       a.URL,
 		// Empty array (not nillable).
diff --git a/internal/typeutils/internaltofrontend_test.go b/internal/typeutils/internaltofrontend_test.go
index d70c210f3..da83e4e55 100644
--- a/internal/typeutils/internaltofrontend_test.go
+++ b/internal/typeutils/internaltofrontend_test.go
@@ -404,7 +404,7 @@ func (suite *InternalToFrontendTestSuite) TestLocalInstanceAccountToFrontendPubl
   "display_name": "",
   "locked": false,
   "discoverable": true,
-  "bot": false,
+  "bot": true,
   "created_at": "2020-05-17T13:10:59.000Z",
   "note": "",
   "url": "http://localhost:8080/@localhost:8080",
@@ -444,7 +444,7 @@ func (suite *InternalToFrontendTestSuite) TestLocalInstanceAccountToFrontendBloc
   "display_name": "",
   "locked": false,
   "discoverable": false,
-  "bot": false,
+  "bot": true,
   "created_at": "2020-05-17T13:10:59.000Z",
   "note": "",
   "url": "http://localhost:8080/@localhost:8080",
diff --git a/testrig/testmodels.go b/testrig/testmodels.go
index 08ca3b943..e12ac3405 100644
--- a/testrig/testmodels.go
+++ b/testrig/testmodels.go
@@ -292,104 +292,63 @@ func NewTestAccounts() map[string]*gtsmodel.Account {
 
 	accounts := map[string]*gtsmodel.Account{
 		"instance_account": {
-			ID:                      "01AY6P665V14JJR0AFVRT7311Y",
-			Username:                "localhost:8080",
-			AvatarMediaAttachmentID: "",
-			HeaderMediaAttachmentID: "",
-			DisplayName:             "",
-			Fields:                  []*gtsmodel.Field{},
-			Note:                    "",
-			NoteRaw:                 "",
-			Memorial:                util.Ptr(false),
-			MovedToURI:              "",
-			CreatedAt:               TimeMustParse("2020-05-17T13:10:59Z"),
-			UpdatedAt:               TimeMustParse("2020-05-17T13:10:59Z"),
-			Bot:                     util.Ptr(false),
-			Locked:                  util.Ptr(false),
-			Discoverable:            util.Ptr(true),
-			URI:                     "http://localhost:8080/users/localhost:8080",
-			URL:                     "http://localhost:8080/@localhost:8080",
-			PublicKeyURI:            "http://localhost:8080/users/localhost:8080#main-key",
-			FetchedAt:               time.Time{},
-			InboxURI:                "http://localhost:8080/users/localhost:8080/inbox",
-			OutboxURI:               "http://localhost:8080/users/localhost:8080/outbox",
-			FollowersURI:            "http://localhost:8080/users/localhost:8080/followers",
-			FollowingURI:            "http://localhost:8080/users/localhost:8080/following",
-			FeaturedCollectionURI:   "http://localhost:8080/users/localhost:8080/collections/featured",
-			ActorType:               ap.ActorPerson,
-			PrivateKey:              &rsa.PrivateKey{},
-			PublicKey:               &rsa.PublicKey{},
-			SensitizedAt:            time.Time{},
-			SilencedAt:              time.Time{},
-			SuspendedAt:             time.Time{},
-			SuspensionOrigin:        "",
+			ID:                    "01AY6P665V14JJR0AFVRT7311Y",
+			Username:              "localhost:8080",
+			CreatedAt:             TimeMustParse("2020-05-17T13:10:59Z"),
+			UpdatedAt:             TimeMustParse("2020-05-17T13:10:59Z"),
+			Locked:                util.Ptr(false),
+			Discoverable:          util.Ptr(true),
+			URI:                   "http://localhost:8080/users/localhost:8080",
+			URL:                   "http://localhost:8080/@localhost:8080",
+			PublicKeyURI:          "http://localhost:8080/users/localhost:8080#main-key",
+			InboxURI:              "http://localhost:8080/users/localhost:8080/inbox",
+			OutboxURI:             "http://localhost:8080/users/localhost:8080/outbox",
+			FollowersURI:          "http://localhost:8080/users/localhost:8080/followers",
+			FollowingURI:          "http://localhost:8080/users/localhost:8080/following",
+			FeaturedCollectionURI: "http://localhost:8080/users/localhost:8080/collections/featured",
+			ActorType:             gtsmodel.AccountActorTypeService,
+			PrivateKey:            &rsa.PrivateKey{},
+			PublicKey:             &rsa.PublicKey{},
 		},
 		"unconfirmed_account": {
-			ID:                      "01F8MH0BBE4FHXPH513MBVFHB0",
-			Username:                "weed_lord420",
-			AvatarMediaAttachmentID: "",
-			HeaderMediaAttachmentID: "",
-			DisplayName:             "",
-			Fields:                  []*gtsmodel.Field{},
-			Note:                    "",
-			Memorial:                util.Ptr(false),
-			MovedToURI:              "",
-			CreatedAt:               TimeMustParse("2022-06-04T13:12:00Z"),
-			UpdatedAt:               TimeMustParse("2022-06-04T13:12:00Z"),
-			Bot:                     util.Ptr(false),
-			Locked:                  util.Ptr(false),
-			Discoverable:            util.Ptr(false),
-			URI:                     "http://localhost:8080/users/weed_lord420",
-			URL:                     "http://localhost:8080/@weed_lord420",
-			FetchedAt:               time.Time{},
-			InboxURI:                "http://localhost:8080/users/weed_lord420/inbox",
-			OutboxURI:               "http://localhost:8080/users/weed_lord420/outbox",
-			FollowersURI:            "http://localhost:8080/users/weed_lord420/followers",
-			FollowingURI:            "http://localhost:8080/users/weed_lord420/following",
-			FeaturedCollectionURI:   "http://localhost:8080/users/weed_lord420/collections/featured",
-			ActorType:               ap.ActorPerson,
-			PrivateKey:              &rsa.PrivateKey{},
-			PublicKey:               &rsa.PublicKey{},
-			PublicKeyURI:            "http://localhost:8080/users/weed_lord420#main-key",
-			SensitizedAt:            time.Time{},
-			SilencedAt:              time.Time{},
-			SuspendedAt:             time.Time{},
-			SuspensionOrigin:        "",
-			Settings:                settings["unconfirmed_account"],
+			ID:                    "01F8MH0BBE4FHXPH513MBVFHB0",
+			Username:              "weed_lord420",
+			CreatedAt:             TimeMustParse("2022-06-04T13:12:00Z"),
+			UpdatedAt:             TimeMustParse("2022-06-04T13:12:00Z"),
+			Locked:                util.Ptr(false),
+			Discoverable:          util.Ptr(false),
+			URI:                   "http://localhost:8080/users/weed_lord420",
+			URL:                   "http://localhost:8080/@weed_lord420",
+			InboxURI:              "http://localhost:8080/users/weed_lord420/inbox",
+			OutboxURI:             "http://localhost:8080/users/weed_lord420/outbox",
+			FollowersURI:          "http://localhost:8080/users/weed_lord420/followers",
+			FollowingURI:          "http://localhost:8080/users/weed_lord420/following",
+			FeaturedCollectionURI: "http://localhost:8080/users/weed_lord420/collections/featured",
+			ActorType:             gtsmodel.AccountActorTypePerson,
+			PrivateKey:            &rsa.PrivateKey{},
+			PublicKey:             &rsa.PublicKey{},
+			PublicKeyURI:          "http://localhost:8080/users/weed_lord420#main-key",
+			Settings:              settings["unconfirmed_account"],
 		},
 		"admin_account": {
-			ID:                      "01F8MH17FWEB39HZJ76B6VXSKF",
-			Username:                "admin",
-			AvatarMediaAttachmentID: "",
-			HeaderMediaAttachmentID: "",
-			DisplayName:             "",
-			Fields:                  []*gtsmodel.Field{},
-			Note:                    "",
-			NoteRaw:                 "",
-			Memorial:                util.Ptr(false),
-			MovedToURI:              "",
-			CreatedAt:               TimeMustParse("2022-05-17T13:10:59Z"),
-			UpdatedAt:               TimeMustParse("2022-05-17T13:10:59Z"),
-			Bot:                     util.Ptr(false),
-			Locked:                  util.Ptr(false),
-			Discoverable:            util.Ptr(true),
-			URI:                     "http://localhost:8080/users/admin",
-			URL:                     "http://localhost:8080/@admin",
-			PublicKeyURI:            "http://localhost:8080/users/admin#main-key",
-			FetchedAt:               time.Time{},
-			InboxURI:                "http://localhost:8080/users/admin/inbox",
-			OutboxURI:               "http://localhost:8080/users/admin/outbox",
-			FollowersURI:            "http://localhost:8080/users/admin/followers",
-			FollowingURI:            "http://localhost:8080/users/admin/following",
-			FeaturedCollectionURI:   "http://localhost:8080/users/admin/collections/featured",
-			ActorType:               ap.ActorPerson,
-			PrivateKey:              &rsa.PrivateKey{},
-			PublicKey:               &rsa.PublicKey{},
-			SensitizedAt:            time.Time{},
-			SilencedAt:              time.Time{},
-			SuspendedAt:             time.Time{},
-			SuspensionOrigin:        "",
-			Settings:                settings["admin_account"],
+			ID:                    "01F8MH17FWEB39HZJ76B6VXSKF",
+			Username:              "admin",
+			CreatedAt:             TimeMustParse("2022-05-17T13:10:59Z"),
+			UpdatedAt:             TimeMustParse("2022-05-17T13:10:59Z"),
+			Locked:                util.Ptr(false),
+			Discoverable:          util.Ptr(true),
+			URI:                   "http://localhost:8080/users/admin",
+			URL:                   "http://localhost:8080/@admin",
+			PublicKeyURI:          "http://localhost:8080/users/admin#main-key",
+			InboxURI:              "http://localhost:8080/users/admin/inbox",
+			OutboxURI:             "http://localhost:8080/users/admin/outbox",
+			FollowersURI:          "http://localhost:8080/users/admin/followers",
+			FollowingURI:          "http://localhost:8080/users/admin/following",
+			FeaturedCollectionURI: "http://localhost:8080/users/admin/collections/featured",
+			ActorType:             gtsmodel.AccountActorTypePerson,
+			PrivateKey:            &rsa.PrivateKey{},
+			PublicKey:             &rsa.PublicKey{},
+			Settings:              settings["admin_account"],
 		},
 		"local_account_1": {
 			ID:                      "01F8MH1H7YV1Z7D2C8K2730QBF",
@@ -397,40 +356,29 @@ func NewTestAccounts() map[string]*gtsmodel.Account {
 			AvatarMediaAttachmentID: "01F8MH58A357CV5K7R7TJMSH6S",
 			HeaderMediaAttachmentID: "01PFPMWK2FF0D9WMHEJHR07C3Q",
 			DisplayName:             "original zork (he/they)",
-			Fields:                  []*gtsmodel.Field{},
 			Note:                    "<p>hey yo this is my profile!</p>",
 			NoteRaw:                 "hey yo this is my profile!",
-			Memorial:                util.Ptr(false),
-			MovedToURI:              "",
 			CreatedAt:               TimeMustParse("2022-05-20T11:09:18Z"),
 			UpdatedAt:               TimeMustParse("2022-05-20T11:09:18Z"),
-			Bot:                     util.Ptr(false),
 			Locked:                  util.Ptr(false),
 			Discoverable:            util.Ptr(true),
 			URI:                     "http://localhost:8080/users/the_mighty_zork",
 			URL:                     "http://localhost:8080/@the_mighty_zork",
-			FetchedAt:               time.Time{},
 			InboxURI:                "http://localhost:8080/users/the_mighty_zork/inbox",
 			OutboxURI:               "http://localhost:8080/users/the_mighty_zork/outbox",
 			FollowersURI:            "http://localhost:8080/users/the_mighty_zork/followers",
 			FollowingURI:            "http://localhost:8080/users/the_mighty_zork/following",
 			FeaturedCollectionURI:   "http://localhost:8080/users/the_mighty_zork/collections/featured",
-			ActorType:               ap.ActorPerson,
+			ActorType:               gtsmodel.AccountActorTypePerson,
 			PrivateKey:              &rsa.PrivateKey{},
 			PublicKey:               &rsa.PublicKey{},
 			PublicKeyURI:            "http://localhost:8080/users/the_mighty_zork/main-key",
-			SensitizedAt:            time.Time{},
-			SilencedAt:              time.Time{},
-			SuspendedAt:             time.Time{},
-			SuspensionOrigin:        "",
 			Settings:                settings["local_account_1"],
 		},
 		"local_account_2": {
-			ID:                      "01F8MH5NBDF2MV7CTC4Q5128HF",
-			Username:                "1happyturtle",
-			AvatarMediaAttachmentID: "",
-			HeaderMediaAttachmentID: "",
-			DisplayName:             "happy little turtle :3",
+			ID:          "01F8MH5NBDF2MV7CTC4Q5128HF",
+			Username:    "1happyturtle",
+			DisplayName: "happy little turtle :3",
 			Fields: []*gtsmodel.Field{
 				{
 					Name:  "should you follow me?",
@@ -453,29 +401,21 @@ func NewTestAccounts() map[string]*gtsmodel.Account {
 			},
 			Note:                  "<p>i post about things that concern me</p>",
 			NoteRaw:               "i post about things that concern me",
-			Memorial:              util.Ptr(false),
-			MovedToURI:            "",
 			CreatedAt:             TimeMustParse("2022-06-04T13:12:00Z"),
 			UpdatedAt:             TimeMustParse("2022-06-04T13:12:00Z"),
-			Bot:                   util.Ptr(false),
 			Locked:                util.Ptr(true),
 			Discoverable:          util.Ptr(false),
 			URI:                   "http://localhost:8080/users/1happyturtle",
 			URL:                   "http://localhost:8080/@1happyturtle",
-			FetchedAt:             time.Time{},
 			InboxURI:              "http://localhost:8080/users/1happyturtle/inbox",
 			OutboxURI:             "http://localhost:8080/users/1happyturtle/outbox",
 			FollowersURI:          "http://localhost:8080/users/1happyturtle/followers",
 			FollowingURI:          "http://localhost:8080/users/1happyturtle/following",
 			FeaturedCollectionURI: "http://localhost:8080/users/1happyturtle/collections/featured",
-			ActorType:             ap.ActorPerson,
+			ActorType:             gtsmodel.AccountActorTypePerson,
 			PrivateKey:            &rsa.PrivateKey{},
 			PublicKey:             &rsa.PublicKey{},
 			PublicKeyURI:          "http://localhost:8080/users/1happyturtle#main-key",
-			SensitizedAt:          time.Time{},
-			SilencedAt:            time.Time{},
-			SuspendedAt:           time.Time{},
-			SuspensionOrigin:      "",
 			Settings:              settings["local_account_2"],
 		},
 		"local_account_3": {
@@ -483,7 +423,6 @@ func NewTestAccounts() map[string]*gtsmodel.Account {
 			Username:                "media_mogul",
 			AvatarMediaAttachmentID: "01JPHQZ0ZHC2AXJK1JQNXRXQZN",
 			HeaderMediaAttachmentID: "01JPHRB7F2RXPTEQFRYC85EPD9",
-			DisplayName:             "",
 			Fields: []*gtsmodel.Field{
 				{
 					Name:  "I'm going to post a lot of",
@@ -506,29 +445,21 @@ func NewTestAccounts() map[string]*gtsmodel.Account {
 			},
 			Note:                  "<p>I'm a test account that posts a shitload of media and I have my account rendered in \"gallery\" mode</p>",
 			NoteRaw:               "I'm a test account that posts a shitload of media and I have my account rendered in \"gallery\" mode",
-			Memorial:              util.Ptr(false),
-			MovedToURI:            "",
 			CreatedAt:             TimeMustParse("2025-03-15T11:08:00Z"),
 			UpdatedAt:             TimeMustParse("2025-03-15T11:08:00Z"),
-			Bot:                   util.Ptr(false),
 			Locked:                util.Ptr(false),
 			Discoverable:          util.Ptr(false),
 			URI:                   "http://localhost:8080/users/media_mogul",
 			URL:                   "http://localhost:8080/@media_mogul",
-			FetchedAt:             time.Time{},
 			InboxURI:              "http://localhost:8080/users/media_mogul/inbox",
 			OutboxURI:             "http://localhost:8080/users/media_mogul/outbox",
 			FollowersURI:          "http://localhost:8080/users/media_mogul/followers",
 			FollowingURI:          "http://localhost:8080/users/media_mogul/following",
 			FeaturedCollectionURI: "http://localhost:8080/users/media_mogul/collections/featured",
-			ActorType:             ap.ActorPerson,
+			ActorType:             gtsmodel.AccountActorTypePerson,
 			PrivateKey:            &rsa.PrivateKey{},
 			PublicKey:             &rsa.PublicKey{},
 			PublicKeyURI:          "http://localhost:8080/users/media_mogul#main-key",
-			SensitizedAt:          time.Time{},
-			SilencedAt:            time.Time{},
-			SuspendedAt:           time.Time{},
-			SuspensionOrigin:      "",
 			Settings:              settings["local_account_3"],
 		},
 		"remote_account_1": {
@@ -536,129 +467,92 @@ func NewTestAccounts() map[string]*gtsmodel.Account {
 			Username:              "foss_satan",
 			Domain:                "fossbros-anonymous.io",
 			DisplayName:           "big gerald",
-			Fields:                []*gtsmodel.Field{},
 			Note:                  "i post about like, i dunno, stuff, or whatever!!!!",
-			Memorial:              util.Ptr(false),
-			MovedToURI:            "",
 			CreatedAt:             TimeMustParse("2021-09-26T12:52:36+02:00"),
 			UpdatedAt:             TimeMustParse("2022-06-04T13:12:00Z"),
-			Bot:                   util.Ptr(false),
 			Locked:                util.Ptr(false),
 			Discoverable:          util.Ptr(true),
 			URI:                   "http://fossbros-anonymous.io/users/foss_satan",
 			URL:                   "http://fossbros-anonymous.io/@foss_satan",
-			FetchedAt:             time.Time{},
 			InboxURI:              "http://fossbros-anonymous.io/users/foss_satan/inbox",
 			SharedInboxURI:        util.Ptr("http://fossbros-anonymous.io/inbox"),
 			OutboxURI:             "http://fossbros-anonymous.io/users/foss_satan/outbox",
 			FollowersURI:          "http://fossbros-anonymous.io/users/foss_satan/followers",
 			FollowingURI:          "http://fossbros-anonymous.io/users/foss_satan/following",
 			FeaturedCollectionURI: "http://fossbros-anonymous.io/users/foss_satan/collections/featured",
-			ActorType:             ap.ActorPerson,
+			ActorType:             gtsmodel.AccountActorTypePerson,
 			PrivateKey:            &rsa.PrivateKey{},
 			PublicKey:             &rsa.PublicKey{},
 			PublicKeyURI:          "http://fossbros-anonymous.io/users/foss_satan/main-key",
-			SensitizedAt:          time.Time{},
-			SilencedAt:            time.Time{},
-			SuspendedAt:           time.Time{},
-			SuspensionOrigin:      "",
 		},
 		"remote_account_2": {
 			ID:                    "01FHMQX3GAABWSM0S2VZEC2SWC",
 			Username:              "Some_User",
 			Domain:                "example.org",
 			DisplayName:           "some user",
-			Fields:                []*gtsmodel.Field{},
 			Note:                  "i'm a real son of a gun",
-			Memorial:              util.Ptr(false),
-			MovedToURI:            "",
 			CreatedAt:             TimeMustParse("2020-08-10T14:13:28+02:00"),
 			UpdatedAt:             TimeMustParse("2022-06-04T13:12:00Z"),
-			Bot:                   util.Ptr(false),
 			Locked:                util.Ptr(true),
 			Discoverable:          util.Ptr(true),
 			URI:                   "http://example.org/users/Some_User",
 			URL:                   "http://example.org/@Some_User",
-			FetchedAt:             time.Time{},
 			InboxURI:              "http://example.org/users/Some_User/inbox",
 			SharedInboxURI:        util.Ptr(""),
 			OutboxURI:             "http://example.org/users/Some_User/outbox",
 			FollowersURI:          "http://example.org/users/Some_User/followers",
 			FollowingURI:          "http://example.org/users/Some_User/following",
 			FeaturedCollectionURI: "http://example.org/users/Some_User/collections/featured",
-			ActorType:             ap.ActorPerson,
+			ActorType:             gtsmodel.AccountActorTypePerson,
 			PrivateKey:            &rsa.PrivateKey{},
 			PublicKey:             &rsa.PublicKey{},
 			PublicKeyURI:          "http://example.org/users/Some_User#main-key",
-			SensitizedAt:          time.Time{},
-			SilencedAt:            time.Time{},
-			SuspendedAt:           time.Time{},
-			SuspensionOrigin:      "",
 		},
 		"remote_account_3": {
 			ID:                      "062G5WYKY35KKD12EMSM3F8PJ8",
 			Username:                "her_fuckin_maj",
 			Domain:                  "thequeenisstillalive.technology",
 			DisplayName:             "lizzzieeeeeeeeeeee",
-			Fields:                  []*gtsmodel.Field{},
 			Note:                    "if i die blame charles don't let that fuck become king",
-			Memorial:                util.Ptr(false),
-			MovedToURI:              "",
 			CreatedAt:               TimeMustParse("2020-08-10T14:13:28+02:00"),
 			UpdatedAt:               TimeMustParse("2022-06-04T13:12:00Z"),
-			Bot:                     util.Ptr(false),
 			Locked:                  util.Ptr(true),
 			Discoverable:            util.Ptr(true),
 			URI:                     "http://thequeenisstillalive.technology/users/her_fuckin_maj",
 			URL:                     "http://thequeenisstillalive.technology/@her_fuckin_maj",
-			FetchedAt:               time.Time{},
 			InboxURI:                "http://thequeenisstillalive.technology/users/her_fuckin_maj/inbox",
 			SharedInboxURI:          util.Ptr(""),
 			OutboxURI:               "http://thequeenisstillalive.technology/users/her_fuckin_maj/outbox",
 			FollowersURI:            "http://thequeenisstillalive.technology/users/her_fuckin_maj/followers",
 			FollowingURI:            "http://thequeenisstillalive.technology/users/her_fuckin_maj/following",
 			FeaturedCollectionURI:   "http://thequeenisstillalive.technology/users/her_fuckin_maj/collections/featured",
-			ActorType:               ap.ActorPerson,
+			ActorType:               gtsmodel.AccountActorTypePerson,
 			PrivateKey:              &rsa.PrivateKey{},
 			PublicKey:               &rsa.PublicKey{},
 			PublicKeyURI:            "http://thequeenisstillalive.technology/users/her_fuckin_maj#main-key",
-			SensitizedAt:            time.Time{},
-			SilencedAt:              time.Time{},
-			SuspendedAt:             time.Time{},
-			SuspensionOrigin:        "",
 			HeaderMediaAttachmentID: "01PFPMWK2FF0D9WMHEJHR07C3R",
 		},
 		"remote_account_4": {
-			ID:                      "07GZRBAEMBNKGZ8Z9VSKSXKR98",
-			Username:                "üser",
-			Domain:                  "xn--xample-ova.org",
-			DisplayName:             "",
-			Note:                    "",
-			Memorial:                util.Ptr(false),
-			MovedToURI:              "",
-			CreatedAt:               TimeMustParse("2020-08-10T14:13:28+02:00"),
-			UpdatedAt:               TimeMustParse("2022-06-04T13:12:00Z"),
-			Bot:                     util.Ptr(false),
-			Locked:                  util.Ptr(false),
-			Discoverable:            util.Ptr(false),
-			URI:                     "https://xn--xample-ova.org/users/%C3%BCser",
-			URL:                     "https://xn--xample-ova.org/users/@%C3%BCser",
-			FetchedAt:               time.Time{},
-			InboxURI:                "https://xn--xample-ova.org/users/%C3%BCser/inbox",
-			SharedInboxURI:          util.Ptr(""),
-			OutboxURI:               "https://xn--xample-ova.org/users/%C3%BCser/outbox",
-			FollowersURI:            "https://xn--xample-ova.org/users/%C3%BCser/followers",
-			FollowingURI:            "https://xn--xample-ova.org/users/%C3%BCser/following",
-			FeaturedCollectionURI:   "https://xn--xample-ova.org/users/%C3%BCser/collections/featured",
-			ActorType:               ap.ActorPerson,
-			PrivateKey:              &rsa.PrivateKey{},
-			PublicKey:               &rsa.PublicKey{},
-			PublicKeyURI:            "https://xn--xample-ova.org/users/%C3%BCser#main-key",
-			SensitizedAt:            time.Time{},
-			SilencedAt:              time.Time{},
-			SuspendedAt:             time.Time{},
-			SuspensionOrigin:        "",
-			HeaderMediaAttachmentID: "",
+			ID:                    "07GZRBAEMBNKGZ8Z9VSKSXKR98",
+			Username:              "üser",
+			Domain:                "xn--xample-ova.org",
+			CreatedAt:             TimeMustParse("2020-08-10T14:13:28+02:00"),
+			UpdatedAt:             TimeMustParse("2022-06-04T13:12:00Z"),
+			Locked:                util.Ptr(false),
+			Discoverable:          util.Ptr(false),
+			URI:                   "https://xn--xample-ova.org/users/%C3%BCser",
+			URL:                   "https://xn--xample-ova.org/users/@%C3%BCser",
+			FetchedAt:             time.Time{},
+			InboxURI:              "https://xn--xample-ova.org/users/%C3%BCser/inbox",
+			SharedInboxURI:        util.Ptr(""),
+			OutboxURI:             "https://xn--xample-ova.org/users/%C3%BCser/outbox",
+			FollowersURI:          "https://xn--xample-ova.org/users/%C3%BCser/followers",
+			FollowingURI:          "https://xn--xample-ova.org/users/%C3%BCser/following",
+			FeaturedCollectionURI: "https://xn--xample-ova.org/users/%C3%BCser/collections/featured",
+			ActorType:             gtsmodel.AccountActorTypePerson,
+			PrivateKey:            &rsa.PrivateKey{},
+			PublicKey:             &rsa.PublicKey{},
+			PublicKeyURI:          "https://xn--xample-ova.org/users/%C3%BCser#main-key",
 		},
 	}
 

From e263d236223defbbdf9762cca57720da1d77c3ca Mon Sep 17 00:00:00 2001
From: tobi <31960611+tsmethurst@users.noreply.github.com>
Date: Sun, 6 Apr 2025 14:55:35 +0200
Subject: [PATCH 10/15] [bugfix] Change email `Date` header to use RFC2822
 (#3972)

---
 internal/email/common.go |  3 ++-
 internal/util/time.go    | 16 +++++++++++++---
 2 files changed, 15 insertions(+), 4 deletions(-)

diff --git a/internal/email/common.go b/internal/email/common.go
index 25a469a39..68e3b429b 100644
--- a/internal/email/common.go
+++ b/internal/email/common.go
@@ -31,6 +31,7 @@ import (
 	"github.com/google/uuid"
 	"github.com/superseriousbusiness/gotosocial/internal/config"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
+	"github.com/superseriousbusiness/gotosocial/internal/util"
 )
 
 func (s *sender) sendTemplate(template string, subject string, data any, toAddresses ...string) error {
@@ -105,7 +106,7 @@ func assembleMessage(mailSubject string, mailBody string, mailFrom string, msgID
 		// msg headers.'
 		msg.WriteString("To: Undisclosed Recipients:;" + CRLF)
 	}
-	msg.WriteString("Date: " + time.Now().Format(time.RFC822Z) + CRLF)
+	msg.WriteString("Date: " + util.FormatRFC2822(time.Now()) + CRLF)
 	msg.WriteString("From: " + mailFrom + CRLF)
 	msg.WriteString("Message-ID: <" + uuid.New().String() + "@" + msgIDHost + ">" + CRLF)
 	msg.WriteString("Subject: " + mailSubject + CRLF)
diff --git a/internal/util/time.go b/internal/util/time.go
index 0f874986a..9ea8d0c93 100644
--- a/internal/util/time.go
+++ b/internal/util/time.go
@@ -19,9 +19,11 @@ package util
 
 import "time"
 
-// ISO8601 is a formatter for serializing times that forces ISO8601 behavior.
-const ISO8601 = "2006-01-02T15:04:05.000Z"
-const ISO8601Date = "2006-01-02"
+const (
+	ISO8601     = "2006-01-02T15:04:05.000Z"
+	ISO8601Date = "2006-01-02"
+	RFC2822     = "Mon, 02 Jan 2006 15:04:05 -0700"
+)
 
 // FormatISO8601 converts the given time to UTC and then formats it
 // using the ISO8601 const, which the Mastodon API is able to understand.
@@ -39,3 +41,11 @@ func FormatISO8601Date(t time.Time) string {
 func ParseISO8601(in string) (time.Time, error) {
 	return time.Parse(ISO8601, in)
 }
+
+// FormatRFC2822 converts the given time to local and then formats it using
+// the RFC2822 const, which conforms with email Date header requirements.
+//
+// See: https://www.rfc-editor.org/rfc/rfc2822#section-3.3
+func FormatRFC2822(t time.Time) string {
+	return t.Local().Format(RFC2822)
+}

From 2cc5d6269d2ad3326c4ba4c6378fb0e9404646d0 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 7 Apr 2025 11:03:57 +0100
Subject: [PATCH 11/15] [chore]: Bump codeberg.org/gruf/go-structr from 0.9.0
 to 0.9.6 (#3973)

Bumps codeberg.org/gruf/go-structr from 0.9.0 to 0.9.6.

---
updated-dependencies:
- dependency-name: codeberg.org/gruf/go-structr
  dependency-version: 0.9.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod                                        |   4 +-
 go.sum                                        |   8 +-
 .../codeberg.org/gruf/go-mangler/helpers.go   |   2 +-
 vendor/codeberg.org/gruf/go-structr/TODO.md   |   5 -
 vendor/codeberg.org/gruf/go-structr/index.go  |  37 ++-
 vendor/codeberg.org/gruf/go-structr/item.go   |   4 +-
 vendor/codeberg.org/gruf/go-structr/list.go   |   4 +-
 .../codeberg.org/gruf/go-structr/runtime.go   |  25 +-
 .../codeberg.org/gruf/go-structr/timeline.go  | 303 +++++++++++++-----
 vendor/modules.txt                            |   4 +-
 10 files changed, 280 insertions(+), 116 deletions(-)
 delete mode 100644 vendor/codeberg.org/gruf/go-structr/TODO.md

diff --git a/go.mod b/go.mod
index 479002530..ceb2ba932 100644
--- a/go.mod
+++ b/go.mod
@@ -27,7 +27,7 @@ require (
 	codeberg.org/gruf/go-runners v1.6.3
 	codeberg.org/gruf/go-sched v1.2.4
 	codeberg.org/gruf/go-storage v0.2.0
-	codeberg.org/gruf/go-structr v0.9.0
+	codeberg.org/gruf/go-structr v0.9.6
 	codeberg.org/superseriousbusiness/activity v1.13.0-gts
 	codeberg.org/superseriousbusiness/exif-terminator v0.10.0
 	codeberg.org/superseriousbusiness/httpsig v1.3.0-SSB
@@ -96,7 +96,7 @@ require (
 
 require (
 	codeberg.org/gruf/go-fastpath/v2 v2.0.0 // indirect
-	codeberg.org/gruf/go-mangler v1.4.3 // indirect
+	codeberg.org/gruf/go-mangler v1.4.4 // indirect
 	codeberg.org/gruf/go-maps v1.0.4 // indirect
 	codeberg.org/superseriousbusiness/go-jpeg-image-structure/v2 v2.1.0-SSB // indirect
 	codeberg.org/superseriousbusiness/go-png-image-structure/v2 v2.1.0-SSB // indirect
diff --git a/go.sum b/go.sum
index f886b0e89..f78c94231 100644
--- a/go.sum
+++ b/go.sum
@@ -24,8 +24,8 @@ codeberg.org/gruf/go-list v0.0.0-20240425093752-494db03d641f h1:Ss6Z+vygy+jOGhj9
 codeberg.org/gruf/go-list v0.0.0-20240425093752-494db03d641f/go.mod h1:F9pl4h34iuVN7kucKam9fLwsItTc+9mmaKt7pNXRd/4=
 codeberg.org/gruf/go-loosy v0.0.0-20231007123304-bb910d1ab5c4 h1:IXwfoU7f2whT6+JKIKskNl/hBlmWmnF1vZd84Eb3cyA=
 codeberg.org/gruf/go-loosy v0.0.0-20231007123304-bb910d1ab5c4/go.mod h1:fiO8HE1wjZCephcYmRRsVnNI/i0+mhy44Z5dQalS0rM=
-codeberg.org/gruf/go-mangler v1.4.3 h1:mdtcbGDyj0AS9LE/H1imQreICVn6BQiks554jzdAozc=
-codeberg.org/gruf/go-mangler v1.4.3/go.mod h1:mDmW8Ia352RvNFaXoP9K60TgcmCZJtX0j6wm3vjAsJE=
+codeberg.org/gruf/go-mangler v1.4.4 h1:moQl7FSSLLaByS7w5UP7b3Z7r2ex/F4IpvSp+PyRWK4=
+codeberg.org/gruf/go-mangler v1.4.4/go.mod h1:mDmW8Ia352RvNFaXoP9K60TgcmCZJtX0j6wm3vjAsJE=
 codeberg.org/gruf/go-maps v1.0.4 h1:K+Ww4vvR3TZqm5jqrKVirmguZwa3v1VUvmig2SE8uxY=
 codeberg.org/gruf/go-maps v1.0.4/go.mod h1:ASX7osM7kFwt5O8GfGflcFjrwYGD8eIuRLl/oMjhEi8=
 codeberg.org/gruf/go-mempool v0.0.0-20240507125005-cef10d64a760 h1:m2/UCRXhjDwAg4vyji6iKCpomKw6P4PmBOUi5DvAMH4=
@@ -38,8 +38,8 @@ codeberg.org/gruf/go-sched v1.2.4 h1:ddBB9o0D/2oU8NbQ0ldN5aWxogpXPRBATWi58+p++Hw
 codeberg.org/gruf/go-sched v1.2.4/go.mod h1:wad6l+OcYGWMA2TzNLMmLObsrbBDxdJfEy5WvTgBjNk=
 codeberg.org/gruf/go-storage v0.2.0 h1:mKj3Lx6AavEkuXXtxqPhdq+akW9YwrnP16yQBF7K5ZI=
 codeberg.org/gruf/go-storage v0.2.0/go.mod h1:o3GzMDE5QNUaRnm/daUzFqvuAaC4utlgXDXYO79sWKU=
-codeberg.org/gruf/go-structr v0.9.0 h1:UYw8igp3I4UBnlsRyDR2AbF3g7NPEP7HBrQs1I15218=
-codeberg.org/gruf/go-structr v0.9.0/go.mod h1:mUvBvn4q1iM/I+d3Fj1w/gxGUU/Ve9GpiNo6dPmBJnk=
+codeberg.org/gruf/go-structr v0.9.6 h1:FSbJ1A0ubTQB82rC0K4o6qyiqrDGH1t9ivttm8Zy64o=
+codeberg.org/gruf/go-structr v0.9.6/go.mod h1:9k5hYztZ4PsBS+m1v5hUTeFiVUBTLF5VA7d9cd1OEMs=
 codeberg.org/superseriousbusiness/activity v1.13.0-gts h1:4WZLc/SNt+Vt5x2UjL2n6V5dHlIL9ECudUPx8Ld5rxw=
 codeberg.org/superseriousbusiness/activity v1.13.0-gts/go.mod h1:enxU1Lva4OcK6b/NBXscoHSEgEMsKJvdHrQFifQxp4o=
 codeberg.org/superseriousbusiness/exif-terminator v0.10.0 h1:FiLX/AK07tzceS36I+kOP2aEH+aytjPSIlFoYePMEyg=
diff --git a/vendor/codeberg.org/gruf/go-mangler/helpers.go b/vendor/codeberg.org/gruf/go-mangler/helpers.go
index f64663e62..71d45e201 100644
--- a/vendor/codeberg.org/gruf/go-mangler/helpers.go
+++ b/vendor/codeberg.org/gruf/go-mangler/helpers.go
@@ -1,4 +1,4 @@
-//go:build go1.19 || go1.20 || go1.21 || go1.22 || go1.23
+//go:build go1.19 && !go1.25
 
 package mangler
 
diff --git a/vendor/codeberg.org/gruf/go-structr/TODO.md b/vendor/codeberg.org/gruf/go-structr/TODO.md
deleted file mode 100644
index 41f99a619..000000000
--- a/vendor/codeberg.org/gruf/go-structr/TODO.md
+++ /dev/null
@@ -1,5 +0,0 @@
-## Timeline Todos
-
-- optimize store() to operate on sorted list
-
-- finish writing code comments
\ No newline at end of file
diff --git a/vendor/codeberg.org/gruf/go-structr/index.go b/vendor/codeberg.org/gruf/go-structr/index.go
index eed2e4eea..23d3ffaee 100644
--- a/vendor/codeberg.org/gruf/go-structr/index.go
+++ b/vendor/codeberg.org/gruf/go-structr/index.go
@@ -1,6 +1,7 @@
 package structr
 
 import (
+	"os"
 	"reflect"
 	"strings"
 	"sync"
@@ -244,6 +245,39 @@ func (i *Index) key(buf *byteutil.Buffer, parts []unsafe.Pointer) string {
 	return string(buf.B)
 }
 
+// add will attempt to add given index entry to appropriate
+// doubly-linked-list in index hashmap. in the case of an
+// existing entry in a "unique" index, it will return false.
+func (i *Index) add(key string, item *indexed_item) bool {
+	// Look for existing.
+	l := i.data.Get(key)
+
+	if l == nil {
+
+		// Allocate new.
+		l = new_list()
+		i.data.Put(key, l)
+
+	} else if is_unique(i.flags) {
+
+		// Collision!
+		return false
+	}
+
+	// Prepare new index entry.
+	entry := new_index_entry()
+	entry.item = item
+	entry.key = key
+	entry.index = i
+
+	// Add ourselves to item's index tracker.
+	item.indexed = append(item.indexed, entry)
+
+	// Add entry to index list.
+	l.push_front(&entry.elem)
+	return true
+}
+
 // append will append the given index entry to appropriate
 // doubly-linked-list in index hashmap. this handles case of
 // overwriting "unique" index entries, and removes from given
@@ -403,7 +437,8 @@ func new_index_entry() *index_entry {
 func free_index_entry(entry *index_entry) {
 	if entry.elem.next != nil ||
 		entry.elem.prev != nil {
-		should_not_reach(false)
+		msg := assert("entry not in use")
+		os.Stderr.WriteString(msg + "\n")
 		return
 	}
 	entry.key = ""
diff --git a/vendor/codeberg.org/gruf/go-structr/item.go b/vendor/codeberg.org/gruf/go-structr/item.go
index 12700fa87..08f054907 100644
--- a/vendor/codeberg.org/gruf/go-structr/item.go
+++ b/vendor/codeberg.org/gruf/go-structr/item.go
@@ -1,6 +1,7 @@
 package structr
 
 import (
+	"os"
 	"sync"
 	"unsafe"
 )
@@ -37,7 +38,8 @@ func free_indexed_item(item *indexed_item) {
 	if len(item.indexed) > 0 ||
 		item.elem.next != nil ||
 		item.elem.prev != nil {
-		should_not_reach(false)
+		msg := assert("item not in use")
+		os.Stderr.WriteString(msg + "\n")
 		return
 	}
 	item.data = nil
diff --git a/vendor/codeberg.org/gruf/go-structr/list.go b/vendor/codeberg.org/gruf/go-structr/list.go
index 7657472c7..3f69a1309 100644
--- a/vendor/codeberg.org/gruf/go-structr/list.go
+++ b/vendor/codeberg.org/gruf/go-structr/list.go
@@ -1,6 +1,7 @@
 package structr
 
 import (
+	"os"
 	"sync"
 	"unsafe"
 )
@@ -43,7 +44,8 @@ func free_list(list *list) {
 	if list.head != nil ||
 		list.tail != nil ||
 		list.len != 0 {
-		should_not_reach(false)
+		msg := assert("list not in use")
+		os.Stderr.WriteString(msg + "\n")
 		return
 	}
 	list_pool.Put(list)
diff --git a/vendor/codeberg.org/gruf/go-structr/runtime.go b/vendor/codeberg.org/gruf/go-structr/runtime.go
index cd7f8d7a1..b75dfeba0 100644
--- a/vendor/codeberg.org/gruf/go-structr/runtime.go
+++ b/vendor/codeberg.org/gruf/go-structr/runtime.go
@@ -1,10 +1,9 @@
-//go:build go1.22 || go1.23
+//go:build go1.22 && !go1.25
 
 package structr
 
 import (
 	"fmt"
-	"os"
 	"reflect"
 	"runtime"
 	"strings"
@@ -140,7 +139,7 @@ func extract_fields(ptr unsafe.Pointer, fields []struct_field) []unsafe.Pointer
 	// Prepare slice of field value pointers.
 	ptrs := make([]unsafe.Pointer, len(fields))
 	if len(ptrs) != len(fields) {
-		panic("BCE")
+		panic(assert("BCE"))
 	}
 
 	for i, field := range fields {
@@ -264,12 +263,12 @@ func panicf(format string, args ...any) {
 	panic(fmt.Sprintf(format, args...))
 }
 
-// should_not_reach can be called to indicated a
-// block of code should not be able to be reached,
-// else it prints callsite info with a BUG report.
+// assert can be called to indicated a block
+// of code should not be able to be reached,
+// it returns a BUG report with callsite.
 //
 //go:noinline
-func should_not_reach(exit bool) {
+func assert(assert string) string {
 	pcs := make([]uintptr, 1)
 	_ = runtime.Callers(2, pcs)
 	fn := runtime.FuncForPC(pcs[0])
@@ -280,9 +279,11 @@ func should_not_reach(exit bool) {
 			funcname = funcname[i+1:]
 		}
 	}
-	if exit {
-		panic("BUG: assertion failed in " + funcname)
-	} else {
-		os.Stderr.WriteString("BUG: assertion failed in " + funcname + "\n")
-	}
+	var buf strings.Builder
+	buf.Grow(32 + len(assert) + len(funcname))
+	buf.WriteString("BUG: assertion \"")
+	buf.WriteString(assert)
+	buf.WriteString("\" failed in ")
+	buf.WriteString(funcname)
+	return buf.String()
 }
diff --git a/vendor/codeberg.org/gruf/go-structr/timeline.go b/vendor/codeberg.org/gruf/go-structr/timeline.go
index 7a9c17f70..0eb1e3aa5 100644
--- a/vendor/codeberg.org/gruf/go-structr/timeline.go
+++ b/vendor/codeberg.org/gruf/go-structr/timeline.go
@@ -2,6 +2,7 @@ package structr
 
 import (
 	"cmp"
+	"os"
 	"reflect"
 	"slices"
 	"sync"
@@ -43,7 +44,7 @@ type TimelineConfig[StructType any, PK cmp.Ordered] struct {
 	// case only a single field is permitted, though
 	// it may be nested, and as described above the
 	// type must conform to cmp.Ordered.
-	PKey string
+	PKey IndexConfig
 
 	// Indices defines indices to create
 	// in the Timeline for the receiving
@@ -103,14 +104,11 @@ func (t *Timeline[T, PK]) Init(config TimelineConfig[T, PK]) {
 	t.mutex.Lock()
 	defer t.mutex.Unlock()
 
-	// The first index is created from PKey.
+	// The first index is created from PKey,
+	// other indices are created as expected.
 	t.indices = make([]Index, len(config.Indices)+1)
 	t.indices[0].ptr = unsafe.Pointer(t)
-	t.indices[0].init(rt, IndexConfig{
-		Fields:    config.PKey,
-		AllowZero: true,
-		Multiple:  true,
-	}, 0)
+	t.indices[0].init(rt, config.PKey, 0)
 	if len(t.indices[0].fields) > 1 {
 		panic("primary key must contain only 1 field")
 	}
@@ -119,8 +117,7 @@ func (t *Timeline[T, PK]) Init(config TimelineConfig[T, PK]) {
 		t.indices[i+1].init(rt, cfg, 0)
 	}
 
-	// Before extracting
-	// first index for pkey.
+	// Extract pkey details from index.
 	field := t.indices[0].fields[0]
 	t.pkey = pkey_field{
 		rtype:   field.rtype,
@@ -207,7 +204,7 @@ func (t *Timeline[T, PK]) Insert(values ...T) {
 	// Allocate a slice of our value wrapping struct type.
 	with_keys := make([]value_with_pk[T, PK], len(values))
 	if len(with_keys) != len(values) {
-		panic("BCE")
+		panic(assert("BCE"))
 	}
 
 	// Range the provided values.
@@ -387,6 +384,54 @@ func (t *Timeline[T, PK]) Range(dir Direction) func(yield func(T) bool) {
 	}
 }
 
+// RangeUnsafe is functionally similar to Range(), except it does not pass *copies* of
+// data. It allows you to operate on the data directly and modify it. As such it can also
+// be more performant to use this function, even for read-write operations.
+//
+// Please note that the entire Timeline{} will be locked for the duration of the range
+// operation, i.e. from the beginning of the first yield call until the end of the last.
+func (t *Timeline[T, PK]) RangeUnsafe(dir Direction) func(yield func(T) bool) {
+	return func(yield func(T) bool) {
+		if t.copy == nil {
+			panic("not initialized")
+		} else if yield == nil {
+			panic("nil func")
+		}
+
+		// Acquire lock.
+		t.mutex.Lock()
+		defer t.mutex.Unlock()
+
+		switch dir {
+		case Asc:
+			// Iterate through linked list from bottom (i.e. tail).
+			for prev := t.list.tail; prev != nil; prev = prev.prev {
+
+				// Extract item from list element.
+				item := (*timeline_item)(prev.data)
+
+				// Pass to given function.
+				if !yield(item.data.(T)) {
+					break
+				}
+			}
+
+		case Desc:
+			// Iterate through linked list from top (i.e. head).
+			for next := t.list.head; next != nil; next = next.next {
+
+				// Extract item from list element.
+				item := (*timeline_item)(next.data)
+
+				// Pass to given function.
+				if !yield(item.data.(T)) {
+					break
+				}
+			}
+		}
+	}
+}
+
 // RangeKeys will iterate over all values for given keys in the given index.
 //
 // Please note that the entire Timeline{} will be locked for the duration of the range
@@ -430,6 +475,48 @@ func (t *Timeline[T, PK]) RangeKeys(index *Index, keys ...Key) func(yield func(T
 	}
 }
 
+// RangeKeysUnsafe is functionally similar to RangeKeys(), except it does not pass *copies*
+// of data. It allows you to operate on the data directly and modify it. As such it can also
+// be more performant to use this function, even for read-write operations.
+//
+// Please note that the entire Timeline{} will be locked for the duration of the range
+// operation, i.e. from the beginning of the first yield call until the end of the last.
+func (t *Timeline[T, PK]) RangeKeysUnsafe(index *Index, keys ...Key) func(yield func(T) bool) {
+	return func(yield func(T) bool) {
+		if t.copy == nil {
+			panic("not initialized")
+		} else if index == nil {
+			panic("no index given")
+		} else if index.ptr != unsafe.Pointer(t) {
+			panic("invalid index for timeline")
+		} else if yield == nil {
+			panic("nil func")
+		}
+
+		// Acquire lock.
+		t.mutex.Lock()
+		defer t.mutex.Unlock()
+
+		for _, key := range keys {
+			var done bool
+
+			// Iterate over values in index under key.
+			index.get(key.key, func(i *indexed_item) {
+
+				// Cast to timeline_item type.
+				item := to_timeline_item(i)
+
+				// Pass value data to yield function.
+				done = done || !yield(item.data.(T))
+			})
+
+			if done {
+				break
+			}
+		}
+	}
+}
+
 // Trim will remove entries from the timeline in given
 // direction, ensuring timeline is no larger than 'max'.
 // If 'max' >= t.Len(), this function is a no-op.
@@ -538,7 +625,7 @@ func (t *Timeline[T, PK]) select_asc(min PK, max *PK, length *int) (values []T)
 		pkey := *(*PK)(item.pk)
 
 		// Check below min.
-		if pkey < min {
+		if pkey <= min {
 			continue
 		}
 
@@ -661,7 +748,7 @@ func (t *Timeline[T, PK]) select_desc(min *PK, max PK, length *int) (values []T)
 		pkey := *(*PK)(item.pk)
 
 		// Check above max.
-		if pkey > max {
+		if pkey >= max {
 			continue
 		}
 
@@ -804,60 +891,25 @@ func (t *Timeline[T, PK]) store_one(last *list_elem, value value_with_pk[T, PK])
 	t_item.data = value.v
 	t_item.pk = value.kptr
 
+	// Get zero'th index, i.e.
+	// the primary key index.
+	idx0 := (&t.indices[0])
+
 	// Acquire key buf.
 	buf := new_buffer()
 
-	// Convert to indexed_item ptr.
-	i_item := from_timeline_item(t_item)
-
-	// Append already-extracted
-	// primary key to 0th index.
-	idx := (&t.indices[0])
+	// Calculate index key from already extracted
+	// primary key, checking for zero return value.
 	partptrs := []unsafe.Pointer{value.kptr}
-	key := idx.key(buf, partptrs)
-	evicted := idx.append(key, i_item)
-	if evicted != nil {
-
-		// This item is no longer
-		// indexed, remove from list.
-		t.list.remove(&evicted.elem)
-
-		// Now convert from index_item ptr
-		// and release it to global mem pool.
-		evicted := to_timeline_item(evicted)
-		free_timeline_item(evicted)
+	key := idx0.key(buf, partptrs)
+	if key == "" { // i.e. (!allow_zero && pkey == zero)
+		free_timeline_item(t_item)
+		free_buffer(buf)
+		return last
 	}
 
-	for i := 1; i < len(t.indices); i++ {
-		// Get current index ptr.
-		idx := (&t.indices[i])
-
-		// Extract fields comprising index key from value.
-		parts := extract_fields(value.vptr, idx.fields)
-
-		// Calculate this index key.
-		key := idx.key(buf, parts)
-		if key == "" {
-			continue
-		}
-
-		// Append this item to index.
-		evicted := idx.append(key, i_item)
-		if evicted != nil {
-
-			// This item is no longer
-			// indexed, remove from list.
-			t.list.remove(&evicted.elem)
-
-			// Now convert from index_item ptr
-			// and release it to global mem pool.
-			evicted := to_timeline_item(evicted)
-			free_timeline_item(evicted)
-		}
-	}
-
-	// Done with buf.
-	free_buffer(buf)
+	// Convert to indexed_item pointer.
+	i_item := from_timeline_item(t_item)
 
 	if last == nil {
 		// No previous element was provided, this is
@@ -869,50 +921,127 @@ func (t *Timeline[T, PK]) store_one(last *list_elem, value value_with_pk[T, PK])
 			// The easiest case, this will
 			// be the first item in list.
 			t.list.push_front(&t_item.elem)
-			return t.list.head
+			last = t.list.head // return value
+			goto indexing
 		}
 
 		// Extract head item and its primary key.
 		headItem := (*timeline_item)(t.list.head.data)
 		headPK := *(*PK)(headItem.pk)
-		if value.k >= headPK {
+		if value.k > headPK {
 
 			// Another easier case, this also
 			// will be the first item in list.
 			t.list.push_front(&t_item.elem)
+			last = t.list.head // return value
+			goto indexing
+		}
+
+		// Check (and drop) if pkey is a collision!
+		if value.k == headPK && is_unique(idx0.flags) {
+			free_timeline_item(t_item)
+			free_buffer(buf)
 			return t.list.head
 		}
 
-		// Set last=head
-		// to work from.
-		last = t.list.head
+		// Set last = head.next
+		// as next to work from.
+		last = t.list.head.next
 	}
 
-	// Iterate through linked list
-	// from head to find location.
-	for next := last.next; //
-	next != nil; next = next.next {
+	// Iterate through list from head
+	// to find location. Optimized into two
+	// cases to minimize loop CPU cycles.
+	if is_unique(idx0.flags) {
+		for next := last; //
+		next != nil; next = next.next {
 
-		// Extract item and it's primary key.
-		nextItem := (*timeline_item)(next.data)
-		nextPK := *(*PK)(nextItem.pk)
+			// Extract item and it's primary key.
+			nextItem := (*timeline_item)(next.data)
+			nextPK := *(*PK)(nextItem.pk)
 
-		// If pkey smaller than
-		// cursor's, keep going.
-		if value.k < nextPK {
-			continue
+			// If pkey smaller than
+			// cursor's, keep going.
+			if value.k < nextPK {
+				continue
+			}
+
+			// Check (and drop) if
+			// pkey is a collision!
+			if value.k == nextPK {
+				free_timeline_item(t_item)
+				free_buffer(buf)
+				return next
+			}
+
+			// New pkey is larger than cursor,
+			// insert into list just before it.
+			t.list.insert(&t_item.elem, next.prev)
+			last = next // return value
+			goto indexing
 		}
+	} else {
+		for next := last; //
+		next != nil; next = next.next {
 
-		// New pkey is larger than cursor,
-		// insert into list just before it.
-		t.list.insert(&t_item.elem, next.prev)
-		return next
+			// Extract item and it's primary key.
+			nextItem := (*timeline_item)(next.data)
+			nextPK := *(*PK)(nextItem.pk)
+
+			// If pkey smaller than
+			// cursor's, keep going.
+			if value.k < nextPK {
+				continue
+			}
+
+			// New pkey is larger than cursor,
+			// insert into list just before it.
+			t.list.insert(&t_item.elem, next.prev)
+			last = next // return value
+			goto indexing
+		}
 	}
 
 	// We reached the end of the
 	// list, insert at tail pos.
 	t.list.push_back(&t_item.elem)
-	return t.list.tail
+	last = t.list.tail // return value
+	goto indexing
+
+indexing:
+	// Append already-extracted
+	// primary key to 0th index.
+	_ = idx0.add(key, i_item)
+
+	// Insert item into each of indices.
+	for i := 1; i < len(t.indices); i++ {
+
+		// Get current index ptr.
+		idx := (&t.indices[i])
+
+		// Extract fields comprising index key from value.
+		parts := extract_fields(value.vptr, idx.fields)
+
+		// Calculate this index key,
+		// checking for zero values.
+		key := idx.key(buf, parts)
+		if key == "" {
+			continue
+		}
+
+		// Add this item to index,
+		// checking for collisions.
+		if !idx.add(key, i_item) {
+
+			t.delete(t_item)
+			free_buffer(buf)
+			return last
+		}
+	}
+
+	// Done with bufs.
+	free_buffer(buf)
+	return last
 }
 
 func (t *Timeline[T, PK]) delete(i *timeline_item) {
@@ -957,7 +1086,7 @@ func init() {
 	// we rely on this to allow a ptr to one to be a ptr to either of them.
 	const off = unsafe.Offsetof(timeline_item{}.indexed_item)
 	if off != 0 {
-		panic("invalid timeline_item{}.indexed_item offset")
+		panic(assert("offset_of(timeline_item{}.indexed_item) = 0"))
 	}
 }
 
@@ -971,10 +1100,9 @@ func from_timeline_item(item *timeline_item) *indexed_item {
 func to_timeline_item(item *indexed_item) *timeline_item {
 	to := (*timeline_item)(unsafe.Pointer(item))
 	if to.ck != ^uint(0) {
-		// ensure check bits are
-		// set indicating it was a
-		// timeline_item originally.
-		should_not_reach(true)
+		// ensure check bits are set indicating
+		// it was a timeline_item originally.
+		panic(assert("check bits are set"))
 	}
 	return to
 }
@@ -999,7 +1127,8 @@ func free_timeline_item(item *timeline_item) {
 	if len(item.indexed) > 0 ||
 		item.elem.next != nil ||
 		item.elem.prev != nil {
-		should_not_reach(false)
+		msg := assert("item not in use")
+		os.Stderr.WriteString(msg + "\n")
 		return
 	}
 	item.data = nil
diff --git a/vendor/modules.txt b/vendor/modules.txt
index 5e421a2da..1886a386e 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -38,7 +38,7 @@ codeberg.org/gruf/go-kv/format
 # codeberg.org/gruf/go-list v0.0.0-20240425093752-494db03d641f
 ## explicit; go 1.21.3
 codeberg.org/gruf/go-list
-# codeberg.org/gruf/go-mangler v1.4.3
+# codeberg.org/gruf/go-mangler v1.4.4
 ## explicit; go 1.19
 codeberg.org/gruf/go-mangler
 # codeberg.org/gruf/go-maps v1.0.4
@@ -63,7 +63,7 @@ codeberg.org/gruf/go-storage/disk
 codeberg.org/gruf/go-storage/internal
 codeberg.org/gruf/go-storage/memory
 codeberg.org/gruf/go-storage/s3
-# codeberg.org/gruf/go-structr v0.9.0
+# codeberg.org/gruf/go-structr v0.9.6
 ## explicit; go 1.22
 codeberg.org/gruf/go-structr
 # codeberg.org/superseriousbusiness/activity v1.13.0-gts

From 4232d617823bff8905672b86748adb2b2461fa9a Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 7 Apr 2025 11:04:45 +0100
Subject: [PATCH 12/15] [chore]: Bump codeberg.org/gruf/go-mutexes from 1.5.1
 to 1.5.2 (#3976)

Bumps codeberg.org/gruf/go-mutexes from 1.5.1 to 1.5.2.

---
updated-dependencies:
- dependency-name: codeberg.org/gruf/go-mutexes
  dependency-version: 1.5.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod                                        |  2 +-
 go.sum                                        |  4 +-
 vendor/codeberg.org/gruf/go-mutexes/map.go    | 28 +------------
 .../gruf/go-mutexes/map_unsafe.go             | 41 +++++++++++++++++++
 vendor/modules.txt                            |  2 +-
 5 files changed, 47 insertions(+), 30 deletions(-)
 create mode 100644 vendor/codeberg.org/gruf/go-mutexes/map_unsafe.go

diff --git a/go.mod b/go.mod
index ceb2ba932..219897701 100644
--- a/go.mod
+++ b/go.mod
@@ -23,7 +23,7 @@ require (
 	codeberg.org/gruf/go-kv v1.6.5
 	codeberg.org/gruf/go-list v0.0.0-20240425093752-494db03d641f
 	codeberg.org/gruf/go-mempool v0.0.0-20240507125005-cef10d64a760
-	codeberg.org/gruf/go-mutexes v1.5.1
+	codeberg.org/gruf/go-mutexes v1.5.2
 	codeberg.org/gruf/go-runners v1.6.3
 	codeberg.org/gruf/go-sched v1.2.4
 	codeberg.org/gruf/go-storage v0.2.0
diff --git a/go.sum b/go.sum
index f78c94231..7d7bb3ab0 100644
--- a/go.sum
+++ b/go.sum
@@ -30,8 +30,8 @@ codeberg.org/gruf/go-maps v1.0.4 h1:K+Ww4vvR3TZqm5jqrKVirmguZwa3v1VUvmig2SE8uxY=
 codeberg.org/gruf/go-maps v1.0.4/go.mod h1:ASX7osM7kFwt5O8GfGflcFjrwYGD8eIuRLl/oMjhEi8=
 codeberg.org/gruf/go-mempool v0.0.0-20240507125005-cef10d64a760 h1:m2/UCRXhjDwAg4vyji6iKCpomKw6P4PmBOUi5DvAMH4=
 codeberg.org/gruf/go-mempool v0.0.0-20240507125005-cef10d64a760/go.mod h1:E3RcaCFNq4zXpvaJb8lfpPqdUAmSkP5F1VmMiEUYTEk=
-codeberg.org/gruf/go-mutexes v1.5.1 h1:xICU0WXhWr6wf+Iror4eE3xT+xnXNPrO6o77D/G6QuY=
-codeberg.org/gruf/go-mutexes v1.5.1/go.mod h1:rPEqQ/y6CmGITaZ3GPTMQVsoZAOzbsAHyIaLsJcOqVE=
+codeberg.org/gruf/go-mutexes v1.5.2 h1:rp2o774ApGUVtOHDksqtBiqIcvniVfgFWSazszDluy0=
+codeberg.org/gruf/go-mutexes v1.5.2/go.mod h1:AnhagsMzUISL/nBVwhnHwDwTZOAxMILwCOG8/wKOblg=
 codeberg.org/gruf/go-runners v1.6.3 h1:To/AX7eTrWuXrTkA3RA01YTP5zha1VZ68LQ+0D4RY7E=
 codeberg.org/gruf/go-runners v1.6.3/go.mod h1:oXAaUmG2VxoKttpCqZGv5nQBeSvZSR2BzIk7h1yTRlU=
 codeberg.org/gruf/go-sched v1.2.4 h1:ddBB9o0D/2oU8NbQ0ldN5aWxogpXPRBATWi58+p++Hw=
diff --git a/vendor/codeberg.org/gruf/go-mutexes/map.go b/vendor/codeberg.org/gruf/go-mutexes/map.go
index 4b721cec4..2f21ae0bb 100644
--- a/vendor/codeberg.org/gruf/go-mutexes/map.go
+++ b/vendor/codeberg.org/gruf/go-mutexes/map.go
@@ -2,7 +2,6 @@ package mutexes
 
 import (
 	"sync"
-	"sync/atomic"
 	"unsafe"
 
 	"codeberg.org/gruf/go-mempool"
@@ -185,34 +184,11 @@ func (mu *rwmutex) Unlock() bool {
 		// Fully unlocked.
 		mu.t = 0
 
-		// NOTE: must remain in
-		// sync with runtime.notifyList{}.
-		//
-		// goexperiment.staticlockranking
-		// does change it slightly, but
-		// this does not alter the first
-		// 2 fields which are all we need.
-		type notifyList struct {
-			_      uint32
-			notify uint32
-			// ... other fields
-		}
-
-		// NOTE: must remain in
-		// sync with sync.Cond{}.
-		type syncCond struct {
-			_ struct{}
-			L sync.Locker
-			n notifyList
-			// ... other fields
-		}
-
 		// Awake all blocked goroutines and check
 		// for change in the last notified ticket.
-		cptr := (*syncCond)(unsafe.Pointer(&mu.c))
-		before := atomic.LoadUint32(&cptr.n.notify)
+		before := syncCond_last_ticket(&mu.c)
 		mu.c.Broadcast() // awakes all blocked!
-		after := atomic.LoadUint32(&cptr.n.notify)
+		after := syncCond_last_ticket(&mu.c)
 
 		// If ticket changed, this indicates
 		// AT LEAST one goroutine was awoken.
diff --git a/vendor/codeberg.org/gruf/go-mutexes/map_unsafe.go b/vendor/codeberg.org/gruf/go-mutexes/map_unsafe.go
new file mode 100644
index 000000000..a59c13015
--- /dev/null
+++ b/vendor/codeberg.org/gruf/go-mutexes/map_unsafe.go
@@ -0,0 +1,41 @@
+//go:build go1.22 && !go1.25
+
+package mutexes
+
+import (
+	"sync"
+	"sync/atomic"
+	"unsafe"
+)
+
+// syncCond_last_ticket is an unsafe function that returns
+// the ticket of the last awoken / notified goroutine by a
+// a sync.Cond{}. it relies on expected memory layout.
+func syncCond_last_ticket(c *sync.Cond) uint32 {
+
+	// NOTE: must remain in
+	// sync with runtime.notifyList{}.
+	//
+	// goexperiment.staticlockranking
+	// does change it slightly, but
+	// this does not alter the first
+	// 2 fields which are all we need.
+	type notifyList struct {
+		_      atomic.Uint32
+		notify uint32
+		// ... other fields
+	}
+
+	// NOTE: must remain in
+	// sync with sync.Cond{}.
+	type syncCond struct {
+		_ struct{}
+		L sync.Locker
+		n notifyList
+		// ... other fields
+	}
+
+	// This field must be atomcially accessed.
+	cptr := (*syncCond)(unsafe.Pointer(c))
+	return atomic.LoadUint32(&cptr.n.notify)
+}
diff --git a/vendor/modules.txt b/vendor/modules.txt
index 1886a386e..d9e199f56 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -47,7 +47,7 @@ codeberg.org/gruf/go-maps
 # codeberg.org/gruf/go-mempool v0.0.0-20240507125005-cef10d64a760
 ## explicit; go 1.22.2
 codeberg.org/gruf/go-mempool
-# codeberg.org/gruf/go-mutexes v1.5.1
+# codeberg.org/gruf/go-mutexes v1.5.2
 ## explicit; go 1.22.2
 codeberg.org/gruf/go-mutexes
 # codeberg.org/gruf/go-runners v1.6.3

From 920e20c2d2cff73d6dbdba108e19bc50261d3003 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 7 Apr 2025 11:04:56 +0100
Subject: [PATCH 13/15] [chore]: Bump golang.org/x/crypto from 0.36.0 to 0.37.0
 (#3975)

Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.36.0 to 0.37.0.
- [Commits](https://github.com/golang/crypto/compare/v0.36.0...v0.37.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-version: 0.37.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod                                        |   8 +-
 go.sum                                        |  20 +--
 vendor/golang.org/x/crypto/acme/jws.go        |   2 +-
 .../x/crypto/internal/poly1305/mac_noasm.go   |   2 +-
 .../poly1305/{sum_amd64.go => sum_asm.go}     |   2 +-
 .../x/crypto/internal/poly1305/sum_loong64.s  | 123 +++++++++++++++
 .../x/crypto/internal/poly1305/sum_ppc64x.go  |  47 ------
 vendor/golang.org/x/crypto/ssh/handshake.go   |   3 +-
 vendor/golang.org/x/sync/errgroup/errgroup.go |   3 +-
 vendor/golang.org/x/sys/cpu/cpu.go            |  12 ++
 .../golang.org/x/sys/cpu/cpu_linux_loong64.go |  22 +++
 .../golang.org/x/sys/cpu/cpu_linux_noinit.go  |   2 +-
 vendor/golang.org/x/sys/cpu/cpu_loong64.go    |  38 +++++
 vendor/golang.org/x/sys/cpu/cpu_loong64.s     |  13 ++
 vendor/golang.org/x/sys/cpu/parse.go          |   4 +-
 .../golang.org/x/sys/unix/syscall_darwin.go   | 149 +++++++++++++++++-
 vendor/golang.org/x/sys/unix/syscall_linux.go |  42 ++---
 .../x/sys/unix/zsyscall_darwin_amd64.go       |  84 ++++++++++
 .../x/sys/unix/zsyscall_darwin_amd64.s        |  20 +++
 .../x/sys/unix/zsyscall_darwin_arm64.go       |  84 ++++++++++
 .../x/sys/unix/zsyscall_darwin_arm64.s        |  20 +++
 .../golang.org/x/sys/windows/registry/key.go  |  13 +-
 .../x/sys/windows/registry/value.go           |   6 +-
 .../golang.org/x/sys/windows/types_windows.go |  27 ++++
 vendor/modules.txt                            |   8 +-
 25 files changed, 650 insertions(+), 104 deletions(-)
 rename vendor/golang.org/x/crypto/internal/poly1305/{sum_amd64.go => sum_asm.go} (94%)
 create mode 100644 vendor/golang.org/x/crypto/internal/poly1305/sum_loong64.s
 delete mode 100644 vendor/golang.org/x/crypto/internal/poly1305/sum_ppc64x.go
 create mode 100644 vendor/golang.org/x/sys/cpu/cpu_linux_loong64.go
 create mode 100644 vendor/golang.org/x/sys/cpu/cpu_loong64.s

diff --git a/go.mod b/go.mod
index 219897701..d5ad019fe 100644
--- a/go.mod
+++ b/go.mod
@@ -82,12 +82,12 @@ require (
 	go.opentelemetry.io/otel/sdk/metric v1.34.0
 	go.opentelemetry.io/otel/trace v1.35.0
 	go.uber.org/automaxprocs v1.6.0
-	golang.org/x/crypto v0.36.0
+	golang.org/x/crypto v0.37.0
 	golang.org/x/image v0.24.0
 	golang.org/x/net v0.38.0
 	golang.org/x/oauth2 v0.27.0
-	golang.org/x/sys v0.31.0
-	golang.org/x/text v0.23.0
+	golang.org/x/sys v0.32.0
+	golang.org/x/text v0.24.0
 	gopkg.in/mcuadros/go-syslog.v2 v2.3.0
 	gopkg.in/yaml.v3 v3.0.1
 	modernc.org/sqlite v0.0.0-00010101000000-000000000000
@@ -213,7 +213,7 @@ require (
 	golang.org/x/arch v0.13.0 // indirect
 	golang.org/x/exp v0.0.0-20250305212735-054e65f0b394 // indirect
 	golang.org/x/mod v0.24.0 // indirect
-	golang.org/x/sync v0.12.0 // indirect
+	golang.org/x/sync v0.13.0 // indirect
 	golang.org/x/tools v0.31.0 // indirect
 	google.golang.org/genproto/googleapis/api v0.0.0-20250218202821-56aae31c358a // indirect
 	google.golang.org/genproto/googleapis/rpc v0.0.0-20250218202821-56aae31c358a // indirect
diff --git a/go.sum b/go.sum
index 7d7bb3ab0..f90bcac9e 100644
--- a/go.sum
+++ b/go.sum
@@ -525,8 +525,8 @@ golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliY
 golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU=
 golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8=
 golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk=
-golang.org/x/crypto v0.36.0 h1:AnAEvhDddvBdpY+uR+MyHmuZzzNqXSe/GvuDeob5L34=
-golang.org/x/crypto v0.36.0/go.mod h1:Y4J0ReaxCR1IMaabaSMugxJES1EpwhBHhv2bDHklZvc=
+golang.org/x/crypto v0.37.0 h1:kJNSjF/Xp7kU0iB2Z+9viTPMW4EqqsrywMXLJOOsXSE=
+golang.org/x/crypto v0.37.0/go.mod h1:vg+k43peMZ0pUMhYmVAWysMK35e6ioLh3wB8ZCAfbVc=
 golang.org/x/exp v0.0.0-20250305212735-054e65f0b394 h1:nDVHiLt8aIbd/VzvPWN6kSOPE7+F/fNFDSXLVYkE/Iw=
 golang.org/x/exp v0.0.0-20250305212735-054e65f0b394/go.mod h1:sIifuuw/Yco/y6yb6+bDNfyeQ/MdPUy/hKEMYQV17cM=
 golang.org/x/image v0.24.0 h1:AN7zRgVsbvmTfNyqIbbOraYL8mSwcKncEj8ofjgzcMQ=
@@ -565,8 +565,8 @@ golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=
 golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
-golang.org/x/sync v0.12.0 h1:MHc5BpPuC30uJk597Ri8TV3CNZcTLu6B6z4lJy+g6Jw=
-golang.org/x/sync v0.12.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
+golang.org/x/sync v0.13.0 h1:AauUjRAJ9OSnvULf/ARrrVywoJDy0YS2AwQ98I37610=
+golang.org/x/sync v0.13.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -583,8 +583,8 @@ golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/sys v0.31.0 h1:ioabZlmFYtWhL+TRYpcnNlLwhyxaM9kWTDEmfnprqik=
-golang.org/x/sys v0.31.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
+golang.org/x/sys v0.32.0 h1:s77OFDvIQeibCmezSnk/q6iAfkdiQaJi4VzroCFrN20=
+golang.org/x/sys v0.32.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
 golang.org/x/telemetry v0.0.0-20240228155512-f48c80bd79b2/go.mod h1:TeRTkGYfJXctD9OcfyVLyj2J3IxLnKwHJR8f4D8a3YE=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
@@ -595,8 +595,8 @@ golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU=
 golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk=
 golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY=
 golang.org/x/term v0.27.0/go.mod h1:iMsnZpn0cago0GOrHO2+Y7u7JPn5AylBrcoWkElMTSM=
-golang.org/x/term v0.30.0 h1:PQ39fJZ+mfadBm0y5WlL4vlM7Sx1Hgf13sMIY2+QS9Y=
-golang.org/x/term v0.30.0/go.mod h1:NYYFdzHoI5wRh/h5tDMdMqCqPJZEuNqVR5xJLd/n67g=
+golang.org/x/term v0.31.0 h1:erwDkOK1Msy6offm1mOgvspSkslFnIGsFnxOKoufg3o=
+golang.org/x/term v0.31.0/go.mod h1:R4BeIy7D95HzImkxGkTW1UQTtP54tio2RyHz7PwK0aw=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
@@ -607,8 +607,8 @@ golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
 golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ=
-golang.org/x/text v0.23.0 h1:D71I7dUrlY+VX0gQShAThNGHFxZ13dGLBHQLVl1mJlY=
-golang.org/x/text v0.23.0/go.mod h1:/BLNzu4aZCJ1+kcD0DNRotWKage4q2rGVAg4o22unh4=
+golang.org/x/text v0.24.0 h1:dd5Bzh4yt5KYA8f9CJHCP4FB4D51c2c6JvN37xJJkJ0=
+golang.org/x/text v0.24.0/go.mod h1:L8rBsPeo2pSS+xqN0d5u2ikmjtmoJbDBT1b7nHvFCdU=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
diff --git a/vendor/golang.org/x/crypto/acme/jws.go b/vendor/golang.org/x/crypto/acme/jws.go
index b38828d85..685027566 100644
--- a/vendor/golang.org/x/crypto/acme/jws.go
+++ b/vendor/golang.org/x/crypto/acme/jws.go
@@ -92,7 +92,7 @@ func jwsEncodeJSON(claimset interface{}, key crypto.Signer, kid KeyID, nonce, ur
 	if err != nil {
 		return nil, err
 	}
-	phead := base64.RawURLEncoding.EncodeToString([]byte(phJSON))
+	phead := base64.RawURLEncoding.EncodeToString(phJSON)
 	var payload string
 	if val, ok := claimset.(string); ok {
 		payload = val
diff --git a/vendor/golang.org/x/crypto/internal/poly1305/mac_noasm.go b/vendor/golang.org/x/crypto/internal/poly1305/mac_noasm.go
index bd896bdc7..8d99551fe 100644
--- a/vendor/golang.org/x/crypto/internal/poly1305/mac_noasm.go
+++ b/vendor/golang.org/x/crypto/internal/poly1305/mac_noasm.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-//go:build (!amd64 && !ppc64le && !ppc64 && !s390x) || !gc || purego
+//go:build (!amd64 && !loong64 && !ppc64le && !ppc64 && !s390x) || !gc || purego
 
 package poly1305
 
diff --git a/vendor/golang.org/x/crypto/internal/poly1305/sum_amd64.go b/vendor/golang.org/x/crypto/internal/poly1305/sum_asm.go
similarity index 94%
rename from vendor/golang.org/x/crypto/internal/poly1305/sum_amd64.go
rename to vendor/golang.org/x/crypto/internal/poly1305/sum_asm.go
index 164cd47d3..315b84ac3 100644
--- a/vendor/golang.org/x/crypto/internal/poly1305/sum_amd64.go
+++ b/vendor/golang.org/x/crypto/internal/poly1305/sum_asm.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-//go:build gc && !purego
+//go:build gc && !purego && (amd64 || loong64 || ppc64 || ppc64le)
 
 package poly1305
 
diff --git a/vendor/golang.org/x/crypto/internal/poly1305/sum_loong64.s b/vendor/golang.org/x/crypto/internal/poly1305/sum_loong64.s
new file mode 100644
index 000000000..bc8361da4
--- /dev/null
+++ b/vendor/golang.org/x/crypto/internal/poly1305/sum_loong64.s
@@ -0,0 +1,123 @@
+// Copyright 2025 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build gc && !purego
+
+// func update(state *macState, msg []byte)
+TEXT ·update(SB), $0-32
+	MOVV	state+0(FP), R4
+	MOVV	msg_base+8(FP), R5
+	MOVV	msg_len+16(FP), R6
+
+	MOVV	$0x10, R7
+
+	MOVV	(R4), R8	// h0
+	MOVV	8(R4), R9	// h1
+	MOVV	16(R4), R10	// h2
+	MOVV	24(R4), R11	// r0
+	MOVV	32(R4), R12	// r1
+
+	BLT	R6, R7, bytes_between_0_and_15
+
+loop:
+	MOVV	(R5), R14	// msg[0:8]
+	MOVV	8(R5), R16	// msg[8:16]
+	ADDV	R14, R8, R8	// h0 (x1 + y1 = z1', if z1' < x1 then z1' overflow)
+	ADDV	R16, R9, R27
+	SGTU	R14, R8, R24	// h0.carry
+	SGTU	R9, R27, R28
+	ADDV	R27, R24, R9	// h1
+	SGTU	R27, R9, R24
+	OR	R24, R28, R24	// h1.carry
+	ADDV	$0x01, R24, R24
+	ADDV	R10, R24, R10	// h2
+
+	ADDV	$16, R5, R5	// msg = msg[16:]
+
+multiply:
+	MULV	R8, R11, R14	// h0r0.lo
+	MULHVU	R8, R11, R15	// h0r0.hi
+	MULV	R9, R11, R13	// h1r0.lo
+	MULHVU	R9, R11, R16	// h1r0.hi
+	ADDV	R13, R15, R15
+	SGTU	R13, R15, R24
+	ADDV	R24, R16, R16
+	MULV	R10, R11, R25
+	ADDV	R16, R25, R25
+	MULV	R8, R12, R13	// h0r1.lo
+	MULHVU	R8, R12, R16	// h0r1.hi
+	ADDV	R13, R15, R15
+	SGTU	R13, R15, R24
+	ADDV	R24, R16, R16
+	MOVV	R16, R8
+	MULV	R10, R12, R26	// h2r1
+	MULV	R9, R12, R13	// h1r1.lo
+	MULHVU	R9, R12, R16	// h1r1.hi
+	ADDV	R13, R25, R25
+	ADDV	R16, R26, R27
+	SGTU	R13, R25, R24
+	ADDV	R27, R24, R26
+	ADDV	R8, R25, R25
+	SGTU	R8, R25, R24
+	ADDV	R24, R26, R26
+	AND	$3, R25, R10
+	AND	$-4, R25, R17
+	ADDV	R17, R14, R8
+	ADDV	R26, R15, R27
+	SGTU	R17, R8, R24
+	SGTU	R26, R27, R28
+	ADDV	R27, R24, R9
+	SGTU	R27, R9, R24
+	OR	R24, R28, R24
+	ADDV	R24, R10, R10
+	SLLV	$62, R26, R27
+	SRLV	$2, R25, R28
+	SRLV	$2, R26, R26
+	OR	R27, R28, R25
+	ADDV	R25, R8, R8
+	ADDV	R26, R9, R27
+	SGTU	R25, R8, R24
+	SGTU	R26, R27, R28
+	ADDV	R27, R24, R9
+	SGTU	R27, R9, R24
+	OR	R24, R28, R24
+	ADDV	R24, R10, R10
+
+	SUBV	$16, R6, R6
+	BGE	R6, R7, loop
+
+bytes_between_0_and_15:
+	BEQ	R6, R0, done
+	MOVV	$1, R14
+	XOR	R15, R15
+	ADDV	R6, R5, R5
+
+flush_buffer:
+	MOVBU	-1(R5), R25
+	SRLV	$56, R14, R24
+	SLLV	$8, R15, R28
+	SLLV	$8, R14, R14
+	OR	R24, R28, R15
+	XOR	R25, R14, R14
+	SUBV	$1, R6, R6
+	SUBV	$1, R5, R5
+	BNE	R6, R0, flush_buffer
+
+	ADDV	R14, R8, R8
+	SGTU	R14, R8, R24
+	ADDV	R15, R9, R27
+	SGTU	R15, R27, R28
+	ADDV	R27, R24, R9
+	SGTU	R27, R9, R24
+	OR	R24, R28, R24
+	ADDV	R10, R24, R10
+
+	MOVV	$16, R6
+	JMP	multiply
+
+done:
+	MOVV	R8, (R4)
+	MOVV	R9, 8(R4)
+	MOVV	R10, 16(R4)
+	RET
diff --git a/vendor/golang.org/x/crypto/internal/poly1305/sum_ppc64x.go b/vendor/golang.org/x/crypto/internal/poly1305/sum_ppc64x.go
deleted file mode 100644
index 1a1679aaa..000000000
--- a/vendor/golang.org/x/crypto/internal/poly1305/sum_ppc64x.go
+++ /dev/null
@@ -1,47 +0,0 @@
-// Copyright 2019 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build gc && !purego && (ppc64 || ppc64le)
-
-package poly1305
-
-//go:noescape
-func update(state *macState, msg []byte)
-
-// mac is a wrapper for macGeneric that redirects calls that would have gone to
-// updateGeneric to update.
-//
-// Its Write and Sum methods are otherwise identical to the macGeneric ones, but
-// using function pointers would carry a major performance cost.
-type mac struct{ macGeneric }
-
-func (h *mac) Write(p []byte) (int, error) {
-	nn := len(p)
-	if h.offset > 0 {
-		n := copy(h.buffer[h.offset:], p)
-		if h.offset+n < TagSize {
-			h.offset += n
-			return nn, nil
-		}
-		p = p[n:]
-		h.offset = 0
-		update(&h.macState, h.buffer[:])
-	}
-	if n := len(p) - (len(p) % TagSize); n > 0 {
-		update(&h.macState, p[:n])
-		p = p[n:]
-	}
-	if len(p) > 0 {
-		h.offset += copy(h.buffer[h.offset:], p)
-	}
-	return nn, nil
-}
-
-func (h *mac) Sum(out *[16]byte) {
-	state := h.macState
-	if h.offset > 0 {
-		update(&state, h.buffer[:h.offset])
-	}
-	finalize(out, &state.h, &state.s)
-}
diff --git a/vendor/golang.org/x/crypto/ssh/handshake.go b/vendor/golang.org/x/crypto/ssh/handshake.go
index c9202b05d..b6bf546b4 100644
--- a/vendor/golang.org/x/crypto/ssh/handshake.go
+++ b/vendor/golang.org/x/crypto/ssh/handshake.go
@@ -5,7 +5,6 @@
 package ssh
 
 import (
-	"crypto/rand"
 	"errors"
 	"fmt"
 	"io"
@@ -501,7 +500,7 @@ func (t *handshakeTransport) sendKexInit() error {
 		CompressionClientServer: supportedCompressions,
 		CompressionServerClient: supportedCompressions,
 	}
-	io.ReadFull(rand.Reader, msg.Cookie[:])
+	io.ReadFull(t.config.Rand, msg.Cookie[:])
 
 	// We mutate the KexAlgos slice, in order to add the kex-strict extension algorithm,
 	// and possibly to add the ext-info extension algorithm. Since the slice may be the
diff --git a/vendor/golang.org/x/sync/errgroup/errgroup.go b/vendor/golang.org/x/sync/errgroup/errgroup.go
index a4ea5d14f..f8c3c0926 100644
--- a/vendor/golang.org/x/sync/errgroup/errgroup.go
+++ b/vendor/golang.org/x/sync/errgroup/errgroup.go
@@ -18,7 +18,7 @@ import (
 type token struct{}
 
 // A Group is a collection of goroutines working on subtasks that are part of
-// the same overall task.
+// the same overall task. A Group should not be reused for different tasks.
 //
 // A zero Group is valid, has no limit on the number of active goroutines,
 // and does not cancel on error.
@@ -61,6 +61,7 @@ func (g *Group) Wait() error {
 }
 
 // Go calls the given function in a new goroutine.
+// The first call to Go must happen before a Wait.
 // It blocks until the new goroutine can be added without the number of
 // active goroutines in the group exceeding the configured limit.
 //
diff --git a/vendor/golang.org/x/sys/cpu/cpu.go b/vendor/golang.org/x/sys/cpu/cpu.go
index 9c105f23a..2e73ee197 100644
--- a/vendor/golang.org/x/sys/cpu/cpu.go
+++ b/vendor/golang.org/x/sys/cpu/cpu.go
@@ -149,6 +149,18 @@ var ARM struct {
 	_           CacheLinePad
 }
 
+// The booleans in Loong64 contain the correspondingly named cpu feature bit.
+// The struct is padded to avoid false sharing.
+var Loong64 struct {
+	_         CacheLinePad
+	HasLSX    bool // support 128-bit vector extension
+	HasLASX   bool // support 256-bit vector extension
+	HasCRC32  bool // support CRC instruction
+	HasLAM_BH bool // support AM{SWAP/ADD}[_DB].{B/H} instruction
+	HasLAMCAS bool // support AMCAS[_DB].{B/H/W/D} instruction
+	_         CacheLinePad
+}
+
 // MIPS64X contains the supported CPU features of the current mips64/mips64le
 // platforms. If the current platform is not mips64/mips64le or the current
 // operating system is not Linux then all feature flags are false.
diff --git a/vendor/golang.org/x/sys/cpu/cpu_linux_loong64.go b/vendor/golang.org/x/sys/cpu/cpu_linux_loong64.go
new file mode 100644
index 000000000..4f3411432
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_linux_loong64.go
@@ -0,0 +1,22 @@
+// Copyright 2025 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package cpu
+
+// HWCAP bits. These are exposed by the Linux kernel.
+const (
+	hwcap_LOONGARCH_LSX  = 1 << 4
+	hwcap_LOONGARCH_LASX = 1 << 5
+)
+
+func doinit() {
+	// TODO: Features that require kernel support like LSX and LASX can
+	// be detected here once needed in std library or by the compiler.
+	Loong64.HasLSX = hwcIsSet(hwCap, hwcap_LOONGARCH_LSX)
+	Loong64.HasLASX = hwcIsSet(hwCap, hwcap_LOONGARCH_LASX)
+}
+
+func hwcIsSet(hwc uint, val uint) bool {
+	return hwc&val != 0
+}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_linux_noinit.go b/vendor/golang.org/x/sys/cpu/cpu_linux_noinit.go
index 7d902b684..a428dec9c 100644
--- a/vendor/golang.org/x/sys/cpu/cpu_linux_noinit.go
+++ b/vendor/golang.org/x/sys/cpu/cpu_linux_noinit.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-//go:build linux && !arm && !arm64 && !mips64 && !mips64le && !ppc64 && !ppc64le && !s390x && !riscv64
+//go:build linux && !arm && !arm64 && !loong64 && !mips64 && !mips64le && !ppc64 && !ppc64le && !s390x && !riscv64
 
 package cpu
 
diff --git a/vendor/golang.org/x/sys/cpu/cpu_loong64.go b/vendor/golang.org/x/sys/cpu/cpu_loong64.go
index 558635850..45ecb29ae 100644
--- a/vendor/golang.org/x/sys/cpu/cpu_loong64.go
+++ b/vendor/golang.org/x/sys/cpu/cpu_loong64.go
@@ -8,5 +8,43 @@ package cpu
 
 const cacheLineSize = 64
 
+// Bit fields for CPUCFG registers, Related reference documents:
+// https://loongson.github.io/LoongArch-Documentation/LoongArch-Vol1-EN.html#_cpucfg
+const (
+	// CPUCFG1 bits
+	cpucfg1_CRC32 = 1 << 25
+
+	// CPUCFG2 bits
+	cpucfg2_LAM_BH = 1 << 27
+	cpucfg2_LAMCAS = 1 << 28
+)
+
 func initOptions() {
+	options = []option{
+		{Name: "lsx", Feature: &Loong64.HasLSX},
+		{Name: "lasx", Feature: &Loong64.HasLASX},
+		{Name: "crc32", Feature: &Loong64.HasCRC32},
+		{Name: "lam_bh", Feature: &Loong64.HasLAM_BH},
+		{Name: "lamcas", Feature: &Loong64.HasLAMCAS},
+	}
+
+	// The CPUCFG data on Loong64 only reflects the hardware capabilities,
+	// not the kernel support status, so features such as LSX and LASX that
+	// require kernel support cannot be obtained from the CPUCFG data.
+	//
+	// These features only require hardware capability support and do not
+	// require kernel specific support, so they can be obtained directly
+	// through CPUCFG
+	cfg1 := get_cpucfg(1)
+	cfg2 := get_cpucfg(2)
+
+	Loong64.HasCRC32 = cfgIsSet(cfg1, cpucfg1_CRC32)
+	Loong64.HasLAMCAS = cfgIsSet(cfg2, cpucfg2_LAMCAS)
+	Loong64.HasLAM_BH = cfgIsSet(cfg2, cpucfg2_LAM_BH)
+}
+
+func get_cpucfg(reg uint32) uint32
+
+func cfgIsSet(cfg uint32, val uint32) bool {
+	return cfg&val != 0
 }
diff --git a/vendor/golang.org/x/sys/cpu/cpu_loong64.s b/vendor/golang.org/x/sys/cpu/cpu_loong64.s
new file mode 100644
index 000000000..71cbaf1ce
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_loong64.s
@@ -0,0 +1,13 @@
+// Copyright 2025 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+#include "textflag.h"
+
+// func get_cpucfg(reg uint32) uint32
+TEXT ·get_cpucfg(SB), NOSPLIT|NOFRAME, $0
+	MOVW	reg+0(FP), R5
+	// CPUCFG R5, R4 = 0x00006ca4
+	WORD	$0x00006ca4
+	MOVW	R4, ret+8(FP)
+	RET
diff --git a/vendor/golang.org/x/sys/cpu/parse.go b/vendor/golang.org/x/sys/cpu/parse.go
index 762b63d68..56a7e1a17 100644
--- a/vendor/golang.org/x/sys/cpu/parse.go
+++ b/vendor/golang.org/x/sys/cpu/parse.go
@@ -13,7 +13,7 @@ import "strconv"
 // https://golang.org/cl/209597.
 func parseRelease(rel string) (major, minor, patch int, ok bool) {
 	// Strip anything after a dash or plus.
-	for i := 0; i < len(rel); i++ {
+	for i := range len(rel) {
 		if rel[i] == '-' || rel[i] == '+' {
 			rel = rel[:i]
 			break
@@ -21,7 +21,7 @@ func parseRelease(rel string) (major, minor, patch int, ok bool) {
 	}
 
 	next := func() (int, bool) {
-		for i := 0; i < len(rel); i++ {
+		for i := range len(rel) {
 			if rel[i] == '.' {
 				ver, err := strconv.Atoi(rel[:i])
 				rel = rel[i+1:]
diff --git a/vendor/golang.org/x/sys/unix/syscall_darwin.go b/vendor/golang.org/x/sys/unix/syscall_darwin.go
index 099867dee..798f61ad3 100644
--- a/vendor/golang.org/x/sys/unix/syscall_darwin.go
+++ b/vendor/golang.org/x/sys/unix/syscall_darwin.go
@@ -602,7 +602,150 @@ func Connectx(fd int, srcIf uint32, srcAddr, dstAddr Sockaddr, associd SaeAssocI
 	return
 }
 
-//sys	connectx(fd int, endpoints *SaEndpoints, associd SaeAssocID, flags uint32, iov []Iovec, n *uintptr, connid *SaeConnID) (err error)
+// sys	connectx(fd int, endpoints *SaEndpoints, associd SaeAssocID, flags uint32, iov []Iovec, n *uintptr, connid *SaeConnID) (err error)
+const minIovec = 8
+
+func Readv(fd int, iovs [][]byte) (n int, err error) {
+	if !darwinKernelVersionMin(11, 0, 0) {
+		return 0, ENOSYS
+	}
+
+	iovecs := make([]Iovec, 0, minIovec)
+	iovecs = appendBytes(iovecs, iovs)
+	n, err = readv(fd, iovecs)
+	readvRacedetect(iovecs, n, err)
+	return n, err
+}
+
+func Preadv(fd int, iovs [][]byte, offset int64) (n int, err error) {
+	if !darwinKernelVersionMin(11, 0, 0) {
+		return 0, ENOSYS
+	}
+	iovecs := make([]Iovec, 0, minIovec)
+	iovecs = appendBytes(iovecs, iovs)
+	n, err = preadv(fd, iovecs, offset)
+	readvRacedetect(iovecs, n, err)
+	return n, err
+}
+
+func Writev(fd int, iovs [][]byte) (n int, err error) {
+	if !darwinKernelVersionMin(11, 0, 0) {
+		return 0, ENOSYS
+	}
+
+	iovecs := make([]Iovec, 0, minIovec)
+	iovecs = appendBytes(iovecs, iovs)
+	if raceenabled {
+		raceReleaseMerge(unsafe.Pointer(&ioSync))
+	}
+	n, err = writev(fd, iovecs)
+	writevRacedetect(iovecs, n)
+	return n, err
+}
+
+func Pwritev(fd int, iovs [][]byte, offset int64) (n int, err error) {
+	if !darwinKernelVersionMin(11, 0, 0) {
+		return 0, ENOSYS
+	}
+
+	iovecs := make([]Iovec, 0, minIovec)
+	iovecs = appendBytes(iovecs, iovs)
+	if raceenabled {
+		raceReleaseMerge(unsafe.Pointer(&ioSync))
+	}
+	n, err = pwritev(fd, iovecs, offset)
+	writevRacedetect(iovecs, n)
+	return n, err
+}
+
+func appendBytes(vecs []Iovec, bs [][]byte) []Iovec {
+	for _, b := range bs {
+		var v Iovec
+		v.SetLen(len(b))
+		if len(b) > 0 {
+			v.Base = &b[0]
+		} else {
+			v.Base = (*byte)(unsafe.Pointer(&_zero))
+		}
+		vecs = append(vecs, v)
+	}
+	return vecs
+}
+
+func writevRacedetect(iovecs []Iovec, n int) {
+	if !raceenabled {
+		return
+	}
+	for i := 0; n > 0 && i < len(iovecs); i++ {
+		m := int(iovecs[i].Len)
+		if m > n {
+			m = n
+		}
+		n -= m
+		if m > 0 {
+			raceReadRange(unsafe.Pointer(iovecs[i].Base), m)
+		}
+	}
+}
+
+func readvRacedetect(iovecs []Iovec, n int, err error) {
+	if !raceenabled {
+		return
+	}
+	for i := 0; n > 0 && i < len(iovecs); i++ {
+		m := int(iovecs[i].Len)
+		if m > n {
+			m = n
+		}
+		n -= m
+		if m > 0 {
+			raceWriteRange(unsafe.Pointer(iovecs[i].Base), m)
+		}
+	}
+	if err == nil {
+		raceAcquire(unsafe.Pointer(&ioSync))
+	}
+}
+
+func darwinMajorMinPatch() (maj, min, patch int, err error) {
+	var un Utsname
+	err = Uname(&un)
+	if err != nil {
+		return
+	}
+
+	var mmp [3]int
+	c := 0
+Loop:
+	for _, b := range un.Release[:] {
+		switch {
+		case b >= '0' && b <= '9':
+			mmp[c] = 10*mmp[c] + int(b-'0')
+		case b == '.':
+			c++
+			if c > 2 {
+				return 0, 0, 0, ENOTSUP
+			}
+		case b == 0:
+			break Loop
+		default:
+			return 0, 0, 0, ENOTSUP
+		}
+	}
+	if c != 2 {
+		return 0, 0, 0, ENOTSUP
+	}
+	return mmp[0], mmp[1], mmp[2], nil
+}
+
+func darwinKernelVersionMin(maj, min, patch int) bool {
+	actualMaj, actualMin, actualPatch, err := darwinMajorMinPatch()
+	if err != nil {
+		return false
+	}
+	return actualMaj > maj || actualMaj == maj && (actualMin > min || actualMin == min && actualPatch >= patch)
+}
+
 //sys	sendfile(infd int, outfd int, offset int64, len *int64, hdtr unsafe.Pointer, flags int) (err error)
 
 //sys	shmat(id int, addr uintptr, flag int) (ret uintptr, err error)
@@ -705,3 +848,7 @@ func Connectx(fd int, srcIf uint32, srcAddr, dstAddr Sockaddr, associd SaeAssocI
 //sys	write(fd int, p []byte) (n int, err error)
 //sys	mmap(addr uintptr, length uintptr, prot int, flag int, fd int, pos int64) (ret uintptr, err error)
 //sys	munmap(addr uintptr, length uintptr) (err error)
+//sys	readv(fd int, iovecs []Iovec) (n int, err error)
+//sys	preadv(fd int, iovecs []Iovec, offset int64) (n int, err error)
+//sys	writev(fd int, iovecs []Iovec) (n int, err error)
+//sys	pwritev(fd int, iovecs []Iovec, offset int64) (n int, err error)
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux.go b/vendor/golang.org/x/sys/unix/syscall_linux.go
index 230a94549..4958a6570 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux.go
@@ -13,6 +13,7 @@ package unix
 
 import (
 	"encoding/binary"
+	"slices"
 	"strconv"
 	"syscall"
 	"time"
@@ -417,7 +418,7 @@ func (sa *SockaddrUnix) sockaddr() (unsafe.Pointer, _Socklen, error) {
 		return nil, 0, EINVAL
 	}
 	sa.raw.Family = AF_UNIX
-	for i := 0; i < n; i++ {
+	for i := range n {
 		sa.raw.Path[i] = int8(name[i])
 	}
 	// length is family (uint16), name, NUL.
@@ -507,7 +508,7 @@ func (sa *SockaddrL2) sockaddr() (unsafe.Pointer, _Socklen, error) {
 	psm := (*[2]byte)(unsafe.Pointer(&sa.raw.Psm))
 	psm[0] = byte(sa.PSM)
 	psm[1] = byte(sa.PSM >> 8)
-	for i := 0; i < len(sa.Addr); i++ {
+	for i := range len(sa.Addr) {
 		sa.raw.Bdaddr[i] = sa.Addr[len(sa.Addr)-1-i]
 	}
 	cid := (*[2]byte)(unsafe.Pointer(&sa.raw.Cid))
@@ -589,11 +590,11 @@ func (sa *SockaddrCAN) sockaddr() (unsafe.Pointer, _Socklen, error) {
 	sa.raw.Family = AF_CAN
 	sa.raw.Ifindex = int32(sa.Ifindex)
 	rx := (*[4]byte)(unsafe.Pointer(&sa.RxID))
-	for i := 0; i < 4; i++ {
+	for i := range 4 {
 		sa.raw.Addr[i] = rx[i]
 	}
 	tx := (*[4]byte)(unsafe.Pointer(&sa.TxID))
-	for i := 0; i < 4; i++ {
+	for i := range 4 {
 		sa.raw.Addr[i+4] = tx[i]
 	}
 	return unsafe.Pointer(&sa.raw), SizeofSockaddrCAN, nil
@@ -618,11 +619,11 @@ func (sa *SockaddrCANJ1939) sockaddr() (unsafe.Pointer, _Socklen, error) {
 	sa.raw.Family = AF_CAN
 	sa.raw.Ifindex = int32(sa.Ifindex)
 	n := (*[8]byte)(unsafe.Pointer(&sa.Name))
-	for i := 0; i < 8; i++ {
+	for i := range 8 {
 		sa.raw.Addr[i] = n[i]
 	}
 	p := (*[4]byte)(unsafe.Pointer(&sa.PGN))
-	for i := 0; i < 4; i++ {
+	for i := range 4 {
 		sa.raw.Addr[i+8] = p[i]
 	}
 	sa.raw.Addr[12] = sa.Addr
@@ -911,7 +912,7 @@ func (sa *SockaddrIUCV) sockaddr() (unsafe.Pointer, _Socklen, error) {
 	// These are EBCDIC encoded by the kernel, but we still need to pad them
 	// with blanks. Initializing with blanks allows the caller to feed in either
 	// a padded or an unpadded string.
-	for i := 0; i < 8; i++ {
+	for i := range 8 {
 		sa.raw.Nodeid[i] = ' '
 		sa.raw.User_id[i] = ' '
 		sa.raw.Name[i] = ' '
@@ -1148,7 +1149,7 @@ func anyToSockaddr(fd int, rsa *RawSockaddrAny) (Sockaddr, error) {
 		var user [8]byte
 		var name [8]byte
 
-		for i := 0; i < 8; i++ {
+		for i := range 8 {
 			user[i] = byte(pp.User_id[i])
 			name[i] = byte(pp.Name[i])
 		}
@@ -1173,11 +1174,11 @@ func anyToSockaddr(fd int, rsa *RawSockaddrAny) (Sockaddr, error) {
 				Ifindex: int(pp.Ifindex),
 			}
 			name := (*[8]byte)(unsafe.Pointer(&sa.Name))
-			for i := 0; i < 8; i++ {
+			for i := range 8 {
 				name[i] = pp.Addr[i]
 			}
 			pgn := (*[4]byte)(unsafe.Pointer(&sa.PGN))
-			for i := 0; i < 4; i++ {
+			for i := range 4 {
 				pgn[i] = pp.Addr[i+8]
 			}
 			addr := (*[1]byte)(unsafe.Pointer(&sa.Addr))
@@ -1188,11 +1189,11 @@ func anyToSockaddr(fd int, rsa *RawSockaddrAny) (Sockaddr, error) {
 				Ifindex: int(pp.Ifindex),
 			}
 			rx := (*[4]byte)(unsafe.Pointer(&sa.RxID))
-			for i := 0; i < 4; i++ {
+			for i := range 4 {
 				rx[i] = pp.Addr[i]
 			}
 			tx := (*[4]byte)(unsafe.Pointer(&sa.TxID))
-			for i := 0; i < 4; i++ {
+			for i := range 4 {
 				tx[i] = pp.Addr[i+4]
 			}
 			return sa, nil
@@ -2216,10 +2217,7 @@ func readvRacedetect(iovecs []Iovec, n int, err error) {
 		return
 	}
 	for i := 0; n > 0 && i < len(iovecs); i++ {
-		m := int(iovecs[i].Len)
-		if m > n {
-			m = n
-		}
+		m := min(int(iovecs[i].Len), n)
 		n -= m
 		if m > 0 {
 			raceWriteRange(unsafe.Pointer(iovecs[i].Base), m)
@@ -2270,10 +2268,7 @@ func writevRacedetect(iovecs []Iovec, n int) {
 		return
 	}
 	for i := 0; n > 0 && i < len(iovecs); i++ {
-		m := int(iovecs[i].Len)
-		if m > n {
-			m = n
-		}
+		m := min(int(iovecs[i].Len), n)
 		n -= m
 		if m > 0 {
 			raceReadRange(unsafe.Pointer(iovecs[i].Base), m)
@@ -2320,12 +2315,7 @@ func isGroupMember(gid int) bool {
 		return false
 	}
 
-	for _, g := range groups {
-		if g == gid {
-			return true
-		}
-	}
-	return false
+	return slices.Contains(groups, gid)
 }
 
 func isCapDacOverrideSet() bool {
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.go
index 24b346e1a..813c05b66 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.go
@@ -2512,6 +2512,90 @@ var libc_munmap_trampoline_addr uintptr
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func readv(fd int, iovecs []Iovec) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(iovecs) > 0 {
+		_p0 = unsafe.Pointer(&iovecs[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := syscall_syscall(libc_readv_trampoline_addr, uintptr(fd), uintptr(_p0), uintptr(len(iovecs)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_readv_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_readv readv "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func preadv(fd int, iovecs []Iovec, offset int64) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(iovecs) > 0 {
+		_p0 = unsafe.Pointer(&iovecs[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := syscall_syscall6(libc_preadv_trampoline_addr, uintptr(fd), uintptr(_p0), uintptr(len(iovecs)), uintptr(offset), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_preadv_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_preadv preadv "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func writev(fd int, iovecs []Iovec) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(iovecs) > 0 {
+		_p0 = unsafe.Pointer(&iovecs[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := syscall_syscall(libc_writev_trampoline_addr, uintptr(fd), uintptr(_p0), uintptr(len(iovecs)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_writev_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_writev writev "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func pwritev(fd int, iovecs []Iovec, offset int64) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(iovecs) > 0 {
+		_p0 = unsafe.Pointer(&iovecs[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := syscall_syscall6(libc_pwritev_trampoline_addr, uintptr(fd), uintptr(_p0), uintptr(len(iovecs)), uintptr(offset), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_pwritev_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_pwritev pwritev "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Fstat(fd int, stat *Stat_t) (err error) {
 	_, _, e1 := syscall_syscall(libc_fstat64_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0)
 	if e1 != 0 {
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.s b/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.s
index ebd213100..fda328582 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.s
+++ b/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.s
@@ -738,6 +738,26 @@ TEXT libc_munmap_trampoline<>(SB),NOSPLIT,$0-0
 GLOBL	·libc_munmap_trampoline_addr(SB), RODATA, $8
 DATA	·libc_munmap_trampoline_addr(SB)/8, $libc_munmap_trampoline<>(SB)
 
+TEXT libc_readv_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_readv(SB)
+GLOBL	·libc_readv_trampoline_addr(SB), RODATA, $8
+DATA	·libc_readv_trampoline_addr(SB)/8, $libc_readv_trampoline<>(SB)
+
+TEXT libc_preadv_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_preadv(SB)
+GLOBL	·libc_preadv_trampoline_addr(SB), RODATA, $8
+DATA	·libc_preadv_trampoline_addr(SB)/8, $libc_preadv_trampoline<>(SB)
+
+TEXT libc_writev_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_writev(SB)
+GLOBL	·libc_writev_trampoline_addr(SB), RODATA, $8
+DATA	·libc_writev_trampoline_addr(SB)/8, $libc_writev_trampoline<>(SB)
+
+TEXT libc_pwritev_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_pwritev(SB)
+GLOBL	·libc_pwritev_trampoline_addr(SB), RODATA, $8
+DATA	·libc_pwritev_trampoline_addr(SB)/8, $libc_pwritev_trampoline<>(SB)
+
 TEXT libc_fstat64_trampoline<>(SB),NOSPLIT,$0-0
 	JMP	libc_fstat64(SB)
 GLOBL	·libc_fstat64_trampoline_addr(SB), RODATA, $8
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.go b/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.go
index 824b9c2d5..e6f58f3c6 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.go
@@ -2512,6 +2512,90 @@ var libc_munmap_trampoline_addr uintptr
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func readv(fd int, iovecs []Iovec) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(iovecs) > 0 {
+		_p0 = unsafe.Pointer(&iovecs[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := syscall_syscall(libc_readv_trampoline_addr, uintptr(fd), uintptr(_p0), uintptr(len(iovecs)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_readv_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_readv readv "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func preadv(fd int, iovecs []Iovec, offset int64) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(iovecs) > 0 {
+		_p0 = unsafe.Pointer(&iovecs[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := syscall_syscall6(libc_preadv_trampoline_addr, uintptr(fd), uintptr(_p0), uintptr(len(iovecs)), uintptr(offset), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_preadv_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_preadv preadv "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func writev(fd int, iovecs []Iovec) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(iovecs) > 0 {
+		_p0 = unsafe.Pointer(&iovecs[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := syscall_syscall(libc_writev_trampoline_addr, uintptr(fd), uintptr(_p0), uintptr(len(iovecs)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_writev_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_writev writev "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func pwritev(fd int, iovecs []Iovec, offset int64) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(iovecs) > 0 {
+		_p0 = unsafe.Pointer(&iovecs[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := syscall_syscall6(libc_pwritev_trampoline_addr, uintptr(fd), uintptr(_p0), uintptr(len(iovecs)), uintptr(offset), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_pwritev_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_pwritev pwritev "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Fstat(fd int, stat *Stat_t) (err error) {
 	_, _, e1 := syscall_syscall(libc_fstat_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0)
 	if e1 != 0 {
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.s b/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.s
index 4f178a229..7f8998b90 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.s
+++ b/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.s
@@ -738,6 +738,26 @@ TEXT libc_munmap_trampoline<>(SB),NOSPLIT,$0-0
 GLOBL	·libc_munmap_trampoline_addr(SB), RODATA, $8
 DATA	·libc_munmap_trampoline_addr(SB)/8, $libc_munmap_trampoline<>(SB)
 
+TEXT libc_readv_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_readv(SB)
+GLOBL	·libc_readv_trampoline_addr(SB), RODATA, $8
+DATA	·libc_readv_trampoline_addr(SB)/8, $libc_readv_trampoline<>(SB)
+
+TEXT libc_preadv_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_preadv(SB)
+GLOBL	·libc_preadv_trampoline_addr(SB), RODATA, $8
+DATA	·libc_preadv_trampoline_addr(SB)/8, $libc_preadv_trampoline<>(SB)
+
+TEXT libc_writev_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_writev(SB)
+GLOBL	·libc_writev_trampoline_addr(SB), RODATA, $8
+DATA	·libc_writev_trampoline_addr(SB)/8, $libc_writev_trampoline<>(SB)
+
+TEXT libc_pwritev_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_pwritev(SB)
+GLOBL	·libc_pwritev_trampoline_addr(SB), RODATA, $8
+DATA	·libc_pwritev_trampoline_addr(SB)/8, $libc_pwritev_trampoline<>(SB)
+
 TEXT libc_fstat_trampoline<>(SB),NOSPLIT,$0-0
 	JMP	libc_fstat(SB)
 GLOBL	·libc_fstat_trampoline_addr(SB), RODATA, $8
diff --git a/vendor/golang.org/x/sys/windows/registry/key.go b/vendor/golang.org/x/sys/windows/registry/key.go
index fd8632444..39aeeb644 100644
--- a/vendor/golang.org/x/sys/windows/registry/key.go
+++ b/vendor/golang.org/x/sys/windows/registry/key.go
@@ -164,7 +164,12 @@ loopItems:
 func CreateKey(k Key, path string, access uint32) (newk Key, openedExisting bool, err error) {
 	var h syscall.Handle
 	var d uint32
-	err = regCreateKeyEx(syscall.Handle(k), syscall.StringToUTF16Ptr(path),
+	var pathPointer *uint16
+	pathPointer, err = syscall.UTF16PtrFromString(path)
+	if err != nil {
+		return 0, false, err
+	}
+	err = regCreateKeyEx(syscall.Handle(k), pathPointer,
 		0, nil, _REG_OPTION_NON_VOLATILE, access, nil, &h, &d)
 	if err != nil {
 		return 0, false, err
@@ -174,7 +179,11 @@ func CreateKey(k Key, path string, access uint32) (newk Key, openedExisting bool
 
 // DeleteKey deletes the subkey path of key k and its values.
 func DeleteKey(k Key, path string) error {
-	return regDeleteKey(syscall.Handle(k), syscall.StringToUTF16Ptr(path))
+	pathPointer, err := syscall.UTF16PtrFromString(path)
+	if err != nil {
+		return err
+	}
+	return regDeleteKey(syscall.Handle(k), pathPointer)
 }
 
 // A KeyInfo describes the statistics of a key. It is returned by Stat.
diff --git a/vendor/golang.org/x/sys/windows/registry/value.go b/vendor/golang.org/x/sys/windows/registry/value.go
index 74db26b94..a1bcbb236 100644
--- a/vendor/golang.org/x/sys/windows/registry/value.go
+++ b/vendor/golang.org/x/sys/windows/registry/value.go
@@ -340,7 +340,11 @@ func (k Key) SetBinaryValue(name string, value []byte) error {
 
 // DeleteValue removes a named value from the key k.
 func (k Key) DeleteValue(name string) error {
-	return regDeleteValue(syscall.Handle(k), syscall.StringToUTF16Ptr(name))
+	namePointer, err := syscall.UTF16PtrFromString(name)
+	if err != nil {
+		return err
+	}
+	return regDeleteValue(syscall.Handle(k), namePointer)
 }
 
 // ReadValueNames returns the value names of key k.
diff --git a/vendor/golang.org/x/sys/windows/types_windows.go b/vendor/golang.org/x/sys/windows/types_windows.go
index 9d138de5f..ad67df2fd 100644
--- a/vendor/golang.org/x/sys/windows/types_windows.go
+++ b/vendor/golang.org/x/sys/windows/types_windows.go
@@ -1074,6 +1074,7 @@ const (
 	IP_ADD_MEMBERSHIP  = 0xc
 	IP_DROP_MEMBERSHIP = 0xd
 	IP_PKTINFO         = 0x13
+	IP_MTU_DISCOVER    = 0x47
 
 	IPV6_V6ONLY         = 0x1b
 	IPV6_UNICAST_HOPS   = 0x4
@@ -1083,6 +1084,7 @@ const (
 	IPV6_JOIN_GROUP     = 0xc
 	IPV6_LEAVE_GROUP    = 0xd
 	IPV6_PKTINFO        = 0x13
+	IPV6_MTU_DISCOVER   = 0x47
 
 	MSG_OOB       = 0x1
 	MSG_PEEK      = 0x2
@@ -1132,6 +1134,15 @@ const (
 	WSASYS_STATUS_LEN  = 128
 )
 
+// enum PMTUD_STATE from ws2ipdef.h
+const (
+	IP_PMTUDISC_NOT_SET = 0
+	IP_PMTUDISC_DO      = 1
+	IP_PMTUDISC_DONT    = 2
+	IP_PMTUDISC_PROBE   = 3
+	IP_PMTUDISC_MAX     = 4
+)
+
 type WSABuf struct {
 	Len uint32
 	Buf *byte
@@ -1146,6 +1157,22 @@ type WSAMsg struct {
 	Flags       uint32
 }
 
+type WSACMSGHDR struct {
+	Len   uintptr
+	Level int32
+	Type  int32
+}
+
+type IN_PKTINFO struct {
+	Addr    [4]byte
+	Ifindex uint32
+}
+
+type IN6_PKTINFO struct {
+	Addr    [16]byte
+	Ifindex uint32
+}
+
 // Flags for WSASocket
 const (
 	WSA_FLAG_OVERLAPPED             = 0x01
diff --git a/vendor/modules.txt b/vendor/modules.txt
index d9e199f56..5ef9f2a05 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -1043,7 +1043,7 @@ go.uber.org/multierr
 # golang.org/x/arch v0.13.0
 ## explicit; go 1.18
 golang.org/x/arch/x86/x86asm
-# golang.org/x/crypto v0.36.0
+# golang.org/x/crypto v0.37.0
 ## explicit; go 1.23.0
 golang.org/x/crypto/acme
 golang.org/x/crypto/acme/autocert
@@ -1101,17 +1101,17 @@ golang.org/x/net/trace
 ## explicit; go 1.23.0
 golang.org/x/oauth2
 golang.org/x/oauth2/internal
-# golang.org/x/sync v0.12.0
+# golang.org/x/sync v0.13.0
 ## explicit; go 1.23.0
 golang.org/x/sync/errgroup
 golang.org/x/sync/semaphore
-# golang.org/x/sys v0.31.0
+# golang.org/x/sys v0.32.0
 ## explicit; go 1.23.0
 golang.org/x/sys/cpu
 golang.org/x/sys/unix
 golang.org/x/sys/windows
 golang.org/x/sys/windows/registry
-# golang.org/x/text v0.23.0
+# golang.org/x/text v0.24.0
 ## explicit; go 1.23.0
 golang.org/x/text/cases
 golang.org/x/text/encoding

From e0ea77b7306b959525a0d5c015f4c69832ce9f01 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 7 Apr 2025 11:05:22 +0100
Subject: [PATCH 14/15] [chore]: Bump github.com/tdewolff/minify/v2 from 2.22.4
 to 2.23.0 (#3974)

Bumps [github.com/tdewolff/minify/v2](https://github.com/tdewolff/minify) from 2.22.4 to 2.23.0.
- [Release notes](https://github.com/tdewolff/minify/releases)
- [Commits](https://github.com/tdewolff/minify/compare/v2.22.4...v2.23.0)

---
updated-dependencies:
- dependency-name: github.com/tdewolff/minify/v2
  dependency-version: 2.23.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod                                        |  4 +--
 go.sum                                        |  8 ++---
 vendor/github.com/tdewolff/minify/v2/Makefile |  1 +
 .../tdewolff/minify/v2/html/html.go           | 11 +++---
 .../github.com/tdewolff/minify/v2/publish.sh  | 35 +++++++++++++++++++
 .../github.com/tdewolff/parse/v2/html/lex.go  | 10 +++---
 vendor/modules.txt                            |  6 ++--
 7 files changed, 56 insertions(+), 19 deletions(-)
 create mode 100644 vendor/github.com/tdewolff/minify/v2/publish.sh

diff --git a/go.mod b/go.mod
index d5ad019fe..b917cc3cf 100644
--- a/go.mod
+++ b/go.mod
@@ -61,7 +61,7 @@ require (
 	github.com/spf13/cobra v1.9.1
 	github.com/spf13/viper v1.20.1
 	github.com/stretchr/testify v1.10.0
-	github.com/tdewolff/minify/v2 v2.22.4
+	github.com/tdewolff/minify/v2 v2.23.0
 	github.com/technologize/otel-go-contrib v1.1.1
 	github.com/temoto/robotstxt v1.1.2
 	github.com/tetratelabs/wazero v1.9.0
@@ -197,7 +197,7 @@ require (
 	github.com/spf13/cast v1.7.1 // indirect
 	github.com/spf13/pflag v1.0.6 // indirect
 	github.com/subosito/gotenv v1.6.0 // indirect
-	github.com/tdewolff/parse/v2 v2.7.21 // indirect
+	github.com/tdewolff/parse/v2 v2.7.22 // indirect
 	github.com/tmthrgd/go-hex v0.0.0-20190904060850-447a3041c3bc // indirect
 	github.com/toqueteos/webbrowser v1.2.0 // indirect
 	github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
diff --git a/go.sum b/go.sum
index f90bcac9e..38a6321c5 100644
--- a/go.sum
+++ b/go.sum
@@ -406,10 +406,10 @@ github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOf
 github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 github.com/subosito/gotenv v1.6.0 h1:9NlTDc1FTs4qu0DDq7AEtTPNw6SVm7uBMsUCUjABIf8=
 github.com/subosito/gotenv v1.6.0/go.mod h1:Dk4QP5c2W3ibzajGcXpNraDfq2IrhjMIvMSWPKKo0FU=
-github.com/tdewolff/minify/v2 v2.22.4 h1:0/8K2fheOuYr5B4e5oCE1hGBVX6DQHLP0EGzdsDlYeg=
-github.com/tdewolff/minify/v2 v2.22.4/go.mod h1:K/R8TT7aivpcU8QCNUU1UdR6etfnFPr7L11TO/X7shk=
-github.com/tdewolff/parse/v2 v2.7.21 h1:OCuPFtGr4mXdnfKikQlUb0n654ROJANhBqCk+wioJ/A=
-github.com/tdewolff/parse/v2 v2.7.21/go.mod h1:I7TXO37t3aSG9SlPUBefAhgIF8nt7yYUwVGgETIoBcA=
+github.com/tdewolff/minify/v2 v2.23.0 h1:ZdVmMkGYApnUpmOL/H/PCEk6qg6OFHzVDXgk07z9TW0=
+github.com/tdewolff/minify/v2 v2.23.0/go.mod h1:ll/rxPfOGIgN9G4JXg+3jMtPTPEnEJB3nGtEG08sHl8=
+github.com/tdewolff/parse/v2 v2.7.22 h1:ROVbrjtp5RoXi22YSZaOks5DaOcXBJ3PZO5hyyQ9Bbs=
+github.com/tdewolff/parse/v2 v2.7.22/go.mod h1:I7TXO37t3aSG9SlPUBefAhgIF8nt7yYUwVGgETIoBcA=
 github.com/tdewolff/test v1.0.11 h1:FdLbwQVHxqG16SlkGveC0JVyrJN62COWTRyUFzfbtBE=
 github.com/tdewolff/test v1.0.11/go.mod h1:XPuWBzvdUzhCuxWO1ojpXsyzsA5bFoS3tO/Q3kFuTG8=
 github.com/technologize/otel-go-contrib v1.1.1 h1:wZH9aSPNWZWIkEh3vfaKfMb15AJ80jJ1aVj/4GZdqIw=
diff --git a/vendor/github.com/tdewolff/minify/v2/Makefile b/vendor/github.com/tdewolff/minify/v2/Makefile
index 9eede2839..1fdc76ca8 100644
--- a/vendor/github.com/tdewolff/minify/v2/Makefile
+++ b/vendor/github.com/tdewolff/minify/v2/Makefile
@@ -49,6 +49,7 @@ release:
 		fi; \
 		rm -rf dist/$$t; \
 	done
+	./publish.sh
 
 clean:
 	echo "Cleaning dist/"
diff --git a/vendor/github.com/tdewolff/minify/v2/html/html.go b/vendor/github.com/tdewolff/minify/v2/html/html.go
index ce5e96dc3..45643c5d8 100644
--- a/vendor/github.com/tdewolff/minify/v2/html/html.go
+++ b/vendor/github.com/tdewolff/minify/v2/html/html.go
@@ -145,11 +145,11 @@ func (o *Minifier) Minify(m *minify.M, w io.Writer, r io.Reader, _ map[string]st
 				w.Write(t.Data)
 			}
 			omitSpace = false
+		case html.TemplateToken:
+			w.Write(t.Data)
+			omitSpace = false
 		case html.TextToken:
-			if t.HasTemplate {
-				w.Write(t.Data)
-				omitSpace = parse.IsWhitespace(t.Data[len(t.Data)-1])
-			} else if rawTagHash != 0 {
+			if rawTagHash != 0 && !t.HasTemplate {
 				if rawTagHash == Style || rawTagHash == Script || rawTagHash == Iframe {
 					var mimetype []byte
 					var params map[string]string
@@ -196,7 +196,7 @@ func (o *Minifier) Minify(m *minify.M, w io.Writer, r io.Reader, _ map[string]st
 							t.Data = t.Data[:len(t.Data)-1]
 							omitSpace = false
 							break
-						} else if next.TokenType == html.TextToken && !parse.IsAllWhitespace(next.Data) {
+						} else if next.TokenType == html.TextToken && !parse.IsAllWhitespace(next.Data) || next.TokenType == html.TemplateToken {
 							// stop looking when text encountered
 							break
 						} else if next.TokenType == html.StartTagToken || next.TokenType == html.EndTagToken || next.TokenType == html.SvgToken || next.TokenType == html.MathToken {
@@ -215,7 +215,6 @@ func (o *Minifier) Minify(m *minify.M, w io.Writer, r io.Reader, _ map[string]st
 						i++
 					}
 				}
-
 				w.Write(t.Data)
 			}
 		case html.StartTagToken, html.EndTagToken:
diff --git a/vendor/github.com/tdewolff/minify/v2/publish.sh b/vendor/github.com/tdewolff/minify/v2/publish.sh
new file mode 100644
index 000000000..0e56de5f6
--- /dev/null
+++ b/vendor/github.com/tdewolff/minify/v2/publish.sh
@@ -0,0 +1,35 @@
+#!/bin/sh
+
+VERSION=`git describe --tags --abbrev=0 | cut -c 2-`
+
+cd dist
+echo ""
+echo "Downloading v$VERSION.tar.gz..."
+wget -q --show-progress https://github.com/tdewolff/minify/archive/v$VERSION.tar.gz
+SHA256=`sha256sum v$VERSION.tar.gz`
+SHA256=( $SHA256 )
+
+echo ""
+echo "Releasing for AUR..."
+cd /home/taco/dev/aur/minify
+sed -i "s/^pkgver=.*$/pkgver=$VERSION/" PKGBUILD
+sed -i "s/^sha256sums=.*$/sha256sums=('$SHA256')/" PKGBUILD
+./build.sh
+git commit -am "Update to v$VERSION"
+git push
+cd -
+
+echo ""
+echo "Releasing for Homebrew..."
+cd /home/taco/dev/brew/homebrew-tap/Formula
+sed -i "s,^  url \".*\"$,  url \"https://github.com/tdewolff/minify/archive/v$VERSION.tar.gz\"," minify.rb
+sed -i "s/^  sha256 \".*\"$/  sha256 \"$SHA256\"/" minify.rb
+git commit -am "Update to v$VERSION"
+git push
+cd -
+
+#echo ""
+#echo "Releasing Python bindings..."
+#cd ../bindings/py
+#make publish
+#cd -
diff --git a/vendor/github.com/tdewolff/parse/v2/html/lex.go b/vendor/github.com/tdewolff/parse/v2/html/lex.go
index 8774ea264..8e2719504 100644
--- a/vendor/github.com/tdewolff/parse/v2/html/lex.go
+++ b/vendor/github.com/tdewolff/parse/v2/html/lex.go
@@ -23,6 +23,7 @@ const (
 	TextToken
 	SvgToken
 	MathToken
+	TemplateToken
 )
 
 // String returns the string representation of a TokenType.
@@ -185,18 +186,19 @@ func (l *Lexer) Next() (TokenType, []byte) {
 			} else if c == '!' {
 				l.r.Move(2)
 				return l.readMarkup()
-			} else if 0 < len(l.tmplBegin) && l.at(l.tmplBegin...) {
-				l.r.Move(len(l.tmplBegin))
-				l.moveTemplate()
-				l.hasTmpl = true
 			} else if c == '?' {
 				l.r.Move(1)
 				return CommentToken, l.shiftBogusComment()
 			}
 		} else if 0 < len(l.tmplBegin) && l.at(l.tmplBegin...) {
+			if 0 < l.r.Pos() {
+				l.text = l.r.Shift()
+				return TextToken, l.text
+			}
 			l.r.Move(len(l.tmplBegin))
 			l.moveTemplate()
 			l.hasTmpl = true
+			return TemplateToken, l.r.Shift()
 		} else if c == 0 && l.r.Err() != nil {
 			if 0 < l.r.Pos() {
 				l.text = l.r.Shift()
diff --git a/vendor/modules.txt b/vendor/modules.txt
index 5ef9f2a05..76943afdc 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -807,11 +807,11 @@ github.com/stretchr/testify/suite
 # github.com/subosito/gotenv v1.6.0
 ## explicit; go 1.18
 github.com/subosito/gotenv
-# github.com/tdewolff/minify/v2 v2.22.4
-## explicit; go 1.23.0
+# github.com/tdewolff/minify/v2 v2.23.0
+## explicit; go 1.18.0
 github.com/tdewolff/minify/v2
 github.com/tdewolff/minify/v2/html
-# github.com/tdewolff/parse/v2 v2.7.21
+# github.com/tdewolff/parse/v2 v2.7.22
 ## explicit; go 1.13
 github.com/tdewolff/parse/v2
 github.com/tdewolff/parse/v2/buffer

From bce643286c6a136db47f2cf7bf3c4fa16a9d6a00 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 7 Apr 2025 11:05:51 +0100
Subject: [PATCH 15/15] [chore]: Bump github.com/minio/minio-go/v7 from 7.0.85
 to 7.0.89 (#3977)

Bumps [github.com/minio/minio-go/v7](https://github.com/minio/minio-go) from 7.0.85 to 7.0.89.
- [Release notes](https://github.com/minio/minio-go/releases)
- [Commits](https://github.com/minio/minio-go/compare/v7.0.85...v7.0.89)

---
updated-dependencies:
- dependency-name: github.com/minio/minio-go/v7
  dependency-version: 7.0.89
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod                                        |   5 +-
 go.sum                                        |  10 +-
 .../klauspost/cpuid/v2/.goreleaser.yml        |  23 +-
 .../github.com/klauspost/cpuid/v2/README.md   |   6 +
 vendor/github.com/klauspost/cpuid/v2/cpuid.go |  10 +-
 .../klauspost/cpuid/v2/detect_arm64.go        |  14 +-
 .../klauspost/cpuid/v2/featureid_string.go    | 432 +++++++++---------
 .../klauspost/cpuid/v2/os_darwin_arm64.go     |   6 +
 .../klauspost/cpuid/v2/os_linux_arm64.go      |  78 ++++
 vendor/github.com/minio/crc64nvme/LICENSE     | 202 ++++++++
 vendor/github.com/minio/crc64nvme/README.md   |  20 +
 vendor/github.com/minio/crc64nvme/crc64.go    | 180 ++++++++
 .../github.com/minio/crc64nvme/crc64_amd64.go |  15 +
 .../github.com/minio/crc64nvme/crc64_amd64.s  | 157 +++++++
 .../github.com/minio/crc64nvme/crc64_arm64.go |  15 +
 .../github.com/minio/crc64nvme/crc64_arm64.s  | 157 +++++++
 .../github.com/minio/crc64nvme/crc64_other.go |  11 +
 .../minio/minio-go/v7/.golangci.yml           |  85 +++-
 .../minio-go/v7/api-bucket-notification.go    |   1 -
 .../minio-go/v7/api-bucket-versioning.go      |   1 +
 .../minio/minio-go/v7/api-compose-object.go   |   9 +-
 .../minio/minio-go/v7/api-datatypes.go        |   2 +
 .../minio/minio-go/v7/api-get-object-acl.go   |  12 +-
 .../github.com/minio/minio-go/v7/api-list.go  |  66 ++-
 .../minio-go/v7/api-put-object-streaming.go   |   1 -
 .../minio/minio-go/v7/api-put-object.go       |   5 +-
 .../minio/minio-go/v7/api-remove.go           |   5 +-
 .../minio/minio-go/v7/api-s3-datatypes.go     |   1 -
 .../minio/minio-go/v7/api-select.go           |   2 -
 vendor/github.com/minio/minio-go/v7/api.go    |   4 +-
 .../github.com/minio/minio-go/v7/checksum.go  |   7 +-
 .../v7/pkg/credentials/assume_role.go         |   5 +
 .../v7/pkg/credentials/sts_custom_identity.go |   6 +
 .../v7/pkg/credentials/sts_ldap_identity.go   |   6 +
 .../v7/pkg/credentials/sts_tls_identity.go    |   6 +
 .../v7/pkg/credentials/sts_web_identity.go    |  10 +-
 .../minio-go/v7/pkg/lifecycle/lifecycle.go    |   6 +-
 .../v7/pkg/notification/notification.go       |   9 +-
 .../v7/pkg/replication/replication.go         |  48 +-
 .../minio/minio-go/v7/pkg/s3utils/utils.go    |  40 +-
 ...st-signature-streaming-unsigned-trailer.go |   1 -
 .../pkg/signer/request-signature-streaming.go |   1 -
 .../v7/pkg/signer/request-signature-v2.go     |   2 +-
 .../v7/pkg/signer/request-signature-v4.go     |   4 +-
 vendor/github.com/minio/minio-go/v7/utils.go  |  11 +-
 vendor/modules.txt                            |  11 +-
 46 files changed, 1337 insertions(+), 371 deletions(-)
 create mode 100644 vendor/github.com/minio/crc64nvme/LICENSE
 create mode 100644 vendor/github.com/minio/crc64nvme/README.md
 create mode 100644 vendor/github.com/minio/crc64nvme/crc64.go
 create mode 100644 vendor/github.com/minio/crc64nvme/crc64_amd64.go
 create mode 100644 vendor/github.com/minio/crc64nvme/crc64_amd64.s
 create mode 100644 vendor/github.com/minio/crc64nvme/crc64_arm64.go
 create mode 100644 vendor/github.com/minio/crc64nvme/crc64_arm64.s
 create mode 100644 vendor/github.com/minio/crc64nvme/crc64_other.go

diff --git a/go.mod b/go.mod
index b917cc3cf..2ce378146 100644
--- a/go.mod
+++ b/go.mod
@@ -52,7 +52,7 @@ require (
 	github.com/k3a/html2text v1.2.1
 	github.com/microcosm-cc/bluemonday v1.0.27
 	github.com/miekg/dns v1.1.64
-	github.com/minio/minio-go/v7 v7.0.85
+	github.com/minio/minio-go/v7 v7.0.89
 	github.com/mitchellh/mapstructure v1.5.0
 	github.com/ncruces/go-sqlite3 v0.25.0
 	github.com/oklog/ulid v1.3.1
@@ -164,12 +164,13 @@ require (
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
 	github.com/klauspost/compress v1.18.0 // indirect
-	github.com/klauspost/cpuid/v2 v2.2.9 // indirect
+	github.com/klauspost/cpuid/v2 v2.2.10 // indirect
 	github.com/kr/pretty v0.3.1 // indirect
 	github.com/kr/text v0.2.0 // indirect
 	github.com/leodido/go-urn v1.4.0 // indirect
 	github.com/mailru/easyjson v0.7.7 // indirect
 	github.com/mattn/go-isatty v0.0.20 // indirect
+	github.com/minio/crc64nvme v1.0.1 // indirect
 	github.com/minio/md5-simd v1.1.2 // indirect
 	github.com/mitchellh/copystructure v1.2.0 // indirect
 	github.com/mitchellh/reflectwalk v1.0.2 // indirect
diff --git a/go.sum b/go.sum
index 38a6321c5..2af18d8ce 100644
--- a/go.sum
+++ b/go.sum
@@ -280,8 +280,8 @@ github.com/klauspost/compress v1.18.0 h1:c/Cqfb0r+Yi+JtIEq73FWXVkRonBlf0CRNYc8Zt
 github.com/klauspost/compress v1.18.0/go.mod h1:2Pp+KzxcywXVXMr50+X0Q/Lsb43OQHYWRCY2AiWywWQ=
 github.com/klauspost/cpuid/v2 v2.0.1/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg=
 github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg=
-github.com/klauspost/cpuid/v2 v2.2.9 h1:66ze0taIn2H33fBvCkXuv9BmCwDfafmiIVpKV9kKGuY=
-github.com/klauspost/cpuid/v2 v2.2.9/go.mod h1:rqkxqrZ1EhYM9G+hXH7YdowN5R5RGN6NK4QwQ3WMXF8=
+github.com/klauspost/cpuid/v2 v2.2.10 h1:tBs3QSyvjDyFTq3uoc/9xFpCuOsJQFNPiAhYdw2skhE=
+github.com/klauspost/cpuid/v2 v2.2.10/go.mod h1:hqwkgyIinND0mEev00jJYCxPNVRVXFQeu1XKlok6oO0=
 github.com/knz/go-libedit v1.10.1/go.mod h1:MZTVkCWyz0oBc7JOWP3wNAzd002ZbM/5hgShxwh4x8M=
 github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
 github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
@@ -299,10 +299,12 @@ github.com/microcosm-cc/bluemonday v1.0.27 h1:MpEUotklkwCSLeH+Qdx1VJgNqLlpY2KXwX
 github.com/microcosm-cc/bluemonday v1.0.27/go.mod h1:jFi9vgW+H7c3V0lb6nR74Ib/DIB5OBs92Dimizgw2cA=
 github.com/miekg/dns v1.1.64 h1:wuZgD9wwCE6XMT05UU/mlSko71eRSXEAm2EbjQXLKnQ=
 github.com/miekg/dns v1.1.64/go.mod h1:Dzw9769uoKVaLuODMDZz9M6ynFU6Em65csPuoi8G0ck=
+github.com/minio/crc64nvme v1.0.1 h1:DHQPrYPdqK7jQG/Ls5CTBZWeex/2FMS3G5XGkycuFrY=
+github.com/minio/crc64nvme v1.0.1/go.mod h1:eVfm2fAzLlxMdUGc0EEBGSMmPwmXD5XiNRpnu9J3bvg=
 github.com/minio/md5-simd v1.1.2 h1:Gdi1DZK69+ZVMoNHRXJyNcxrMA4dSxoYHZSQbirFg34=
 github.com/minio/md5-simd v1.1.2/go.mod h1:MzdKDxYpY2BT9XQFocsiZf/NKVtR7nkE4RoEpN+20RM=
-github.com/minio/minio-go/v7 v7.0.85 h1:9psTLS/NTvC3MWoyjhjXpwcKoNbkongaCSF3PNpSuXo=
-github.com/minio/minio-go/v7 v7.0.85/go.mod h1:57YXpvc5l3rjPdhqNrDsvVlY0qPI6UTk1bflAe+9doY=
+github.com/minio/minio-go/v7 v7.0.89 h1:hx4xV5wwTUfyv8LarhJAwNecnXpoTsj9v3f3q/ZkiJU=
+github.com/minio/minio-go/v7 v7.0.89/go.mod h1:2rFnGAp02p7Dddo1Fq4S2wYOfpF0MUTSeLTRC90I204=
 github.com/mitchellh/copystructure v1.0.0/go.mod h1:SNtv71yrdKgLRyLFxmLdkAbkKEFWgYaq1OVrnRcwhnw=
 github.com/mitchellh/copystructure v1.2.0 h1:vpKXTN4ewci03Vljg/q9QvCGUDttBOGBIa15WveJJGw=
 github.com/mitchellh/copystructure v1.2.0/go.mod h1:qLl+cE2AmVv+CoeAwDPye/v+N2HKCj9FbZEVFJRxO9s=
diff --git a/vendor/github.com/klauspost/cpuid/v2/.goreleaser.yml b/vendor/github.com/klauspost/cpuid/v2/.goreleaser.yml
index 944cc0007..1b695b62c 100644
--- a/vendor/github.com/klauspost/cpuid/v2/.goreleaser.yml
+++ b/vendor/github.com/klauspost/cpuid/v2/.goreleaser.yml
@@ -1,5 +1,4 @@
-# This is an example goreleaser.yaml file with some sane defaults.
-# Make sure to check the documentation at http://goreleaser.com
+version: 2
 
 builds:
   -
@@ -27,16 +26,7 @@ builds:
 archives:
   -
     id: cpuid
-    name_template: "cpuid-{{ .Os }}_{{ .Arch }}_{{ .Version }}"
-    replacements:
-      aix: AIX
-      darwin: OSX
-      linux: Linux
-      windows: Windows
-      386: i386
-      amd64: x86_64
-      freebsd: FreeBSD
-      netbsd: NetBSD
+    name_template: "cpuid-{{ .Os }}_{{ .Arch }}{{ if .Arm }}v{{ .Arm }}{{ end }}"
     format_overrides:
       - goos: windows
         format: zip
@@ -44,8 +34,6 @@ archives:
       - LICENSE
 checksum:
   name_template: 'checksums.txt'
-snapshot:
-  name_template: "{{ .Tag }}-next"
 changelog:
   sort: asc
   filters:
@@ -58,7 +46,7 @@ changelog:
 
 nfpms:
   -
-    file_name_template: "cpuid_package_{{ .Version }}_{{ .Os }}_{{ .Arch }}"
+    file_name_template: "cpuid_package_{{ .Os }}_{{ .Arch }}{{ if .Arm }}v{{ .Arm }}{{ end }}"
     vendor: Klaus Post
     homepage: https://github.com/klauspost/cpuid
     maintainer: Klaus Post <klauspost@gmail.com>
@@ -67,8 +55,3 @@ nfpms:
     formats:
       - deb
       - rpm
-    replacements:
-      darwin: Darwin
-      linux: Linux
-      freebsd: FreeBSD
-      amd64: x86_64
diff --git a/vendor/github.com/klauspost/cpuid/v2/README.md b/vendor/github.com/klauspost/cpuid/v2/README.md
index f06ba51c5..e59d3d0c0 100644
--- a/vendor/github.com/klauspost/cpuid/v2/README.md
+++ b/vendor/github.com/klauspost/cpuid/v2/README.md
@@ -282,7 +282,9 @@ Exit Code 1
 | AMXINT8            | Tile computational operations on 8-bit integers                                                                                                                                    |
 | AMXFP16            | Tile computational operations on FP16 numbers                                                                                                                                      |
 | AMXFP8             | Tile computational operations on FP8 numbers                                                                                                                                      |
+| AMXCOMPLEX         | Tile computational operations on complex numbers                                                                                                                                   |
 | AMXTILE            | Tile architecture                                                                                                                                                                  |
+| AMXTF32            | Matrix Multiplication of TF32 Tiles into Packed Single Precision Tile                                                                                                              |
 | APX_F              | Intel APX                                                                                                                                                                          |
 | AVX                | AVX functions                                                                                                                                                                      |
 | AVX10              | If set the Intel AVX10 Converged Vector ISA is supported                                                                                                                           |
@@ -480,12 +482,16 @@ Exit Code 1
 | DCPOP        | Data cache clean to Point of Persistence (DC CVAP)               |
 | EVTSTRM      | Generic timer                                                    |
 | FCMA         | Floatin point complex number addition and multiplication         |
+| FHM          | FMLAL and FMLSL instructions                                     |
 | FP           | Single-precision and double-precision floating point             |
 | FPHP         | Half-precision floating point                                    |
 | GPA          | Generic Pointer Authentication                                   |
 | JSCVT        | Javascript-style double->int convert (FJCVTZS)                   |
 | LRCPC        | Weaker release consistency (LDAPR, etc)                          |
 | PMULL        | Polynomial Multiply instructions (PMULL/PMULL2)                  |
+| RNDR         | Random Number instructions                                       |
+| TLB          | Outer Shareable and TLB range maintenance instructions           |
+| TS           | Flag manipulation instructions                                   |
 | SHA1         | SHA-1 instructions (SHA1C, etc)                                  |
 | SHA2         | SHA-2 instructions (SHA256H, etc)                                |
 | SHA3         | SHA-3 instructions (EOR3, RAXI, XAR, BCAX)                       |
diff --git a/vendor/github.com/klauspost/cpuid/v2/cpuid.go b/vendor/github.com/klauspost/cpuid/v2/cpuid.go
index db99eb62f..8103fb343 100644
--- a/vendor/github.com/klauspost/cpuid/v2/cpuid.go
+++ b/vendor/github.com/klauspost/cpuid/v2/cpuid.go
@@ -83,6 +83,8 @@ const (
 	AMXINT8                              // Tile computational operations on 8-bit integers
 	AMXFP8                               // Tile computational operations on FP8 numbers
 	AMXTILE                              // Tile architecture
+	AMXTF32                              // Tile architecture
+	AMXCOMPLEX                           // Matrix Multiplication of TF32 Tiles into Packed Single Precision Tile
 	APX_F                                // Intel APX
 	AVX                                  // AVX functions
 	AVX10                                // If set the Intel AVX10 Converged Vector ISA is supported
@@ -282,12 +284,16 @@ const (
 	DCPOP    // Data cache clean to Point of Persistence (DC CVAP)
 	EVTSTRM  // Generic timer
 	FCMA     // Floatin point complex number addition and multiplication
+	FHM      // FMLAL and FMLSL instructions
 	FP       // Single-precision and double-precision floating point
 	FPHP     // Half-precision floating point
 	GPA      // Generic Pointer Authentication
 	JSCVT    // Javascript-style double->int convert (FJCVTZS)
 	LRCPC    // Weaker release consistency (LDAPR, etc)
 	PMULL    // Polynomial Multiply instructions (PMULL/PMULL2)
+	RNDR     // Random Number instructions
+	TLB      // Outer Shareable and TLB range maintenance instructions
+	TS       // Flag manipulation instructions
 	SHA1     // SHA-1 instructions (SHA1C, etc)
 	SHA2     // SHA-2 instructions (SHA256H, etc)
 	SHA3     // SHA-3 instructions (EOR3, RAXI, XAR, BCAX)
@@ -532,7 +538,7 @@ func (c CPUInfo) Ia32TscAux() uint32 {
 	return ecx
 }
 
-// SveLengths returns arm SVE vector and predicate lengths.
+// SveLengths returns arm SVE vector and predicate lengths in bits.
 // Will return 0, 0 if SVE is not enabled or otherwise unable to detect.
 func (c CPUInfo) SveLengths() (vl, pl uint64) {
 	if !c.Has(SVE) {
@@ -1284,6 +1290,8 @@ func support() flagSet {
 		// CPUID.(EAX=7, ECX=1).EDX
 		fs.setIf(edx1&(1<<4) != 0, AVXVNNIINT8)
 		fs.setIf(edx1&(1<<5) != 0, AVXNECONVERT)
+		fs.setIf(edx1&(1<<7) != 0, AMXTF32)
+		fs.setIf(edx1&(1<<8) != 0, AMXCOMPLEX)
 		fs.setIf(edx1&(1<<10) != 0, AVXVNNIINT16)
 		fs.setIf(edx1&(1<<14) != 0, PREFETCHI)
 		fs.setIf(edx1&(1<<19) != 0, AVX10)
diff --git a/vendor/github.com/klauspost/cpuid/v2/detect_arm64.go b/vendor/github.com/klauspost/cpuid/v2/detect_arm64.go
index 566743d22..9ae32d607 100644
--- a/vendor/github.com/klauspost/cpuid/v2/detect_arm64.go
+++ b/vendor/github.com/klauspost/cpuid/v2/detect_arm64.go
@@ -157,6 +157,10 @@ func addInfo(c *CPUInfo, safe bool) {
 	// x--------------------------------------------------x
 	// | Name                         |  bits   | visible |
 	// |--------------------------------------------------|
+	// | RNDR                         | [63-60] |    y    |
+	// |--------------------------------------------------|
+	// | TLB                          | [59-56] |    y    |
+	// |--------------------------------------------------|
 	// | TS                           | [55-52] |    y    |
 	// |--------------------------------------------------|
 	// | FHM                          | [51-48] |    y    |
@@ -182,12 +186,10 @@ func addInfo(c *CPUInfo, safe bool) {
 	// | AES                          | [7-4]   |    y    |
 	// x--------------------------------------------------x
 
-	// if instAttrReg0&(0xf<<52) != 0 {
-	// 	fmt.Println("TS")
-	// }
-	// if instAttrReg0&(0xf<<48) != 0 {
-	// 	fmt.Println("FHM")
-	// }
+	f.setIf(instAttrReg0&(0xf<<60) != 0, RNDR)
+	f.setIf(instAttrReg0&(0xf<<56) != 0, TLB)
+	f.setIf(instAttrReg0&(0xf<<52) != 0, TS)
+	f.setIf(instAttrReg0&(0xf<<48) != 0, FHM)
 	f.setIf(instAttrReg0&(0xf<<44) != 0, ASIMDDP)
 	f.setIf(instAttrReg0&(0xf<<40) != 0, SM4)
 	f.setIf(instAttrReg0&(0xf<<36) != 0, SM3)
diff --git a/vendor/github.com/klauspost/cpuid/v2/featureid_string.go b/vendor/github.com/klauspost/cpuid/v2/featureid_string.go
index e7f874a7e..04760c1af 100644
--- a/vendor/github.com/klauspost/cpuid/v2/featureid_string.go
+++ b/vendor/github.com/klauspost/cpuid/v2/featureid_string.go
@@ -17,223 +17,229 @@ func _() {
 	_ = x[AMXINT8-7]
 	_ = x[AMXFP8-8]
 	_ = x[AMXTILE-9]
-	_ = x[APX_F-10]
-	_ = x[AVX-11]
-	_ = x[AVX10-12]
-	_ = x[AVX10_128-13]
-	_ = x[AVX10_256-14]
-	_ = x[AVX10_512-15]
-	_ = x[AVX2-16]
-	_ = x[AVX512BF16-17]
-	_ = x[AVX512BITALG-18]
-	_ = x[AVX512BW-19]
-	_ = x[AVX512CD-20]
-	_ = x[AVX512DQ-21]
-	_ = x[AVX512ER-22]
-	_ = x[AVX512F-23]
-	_ = x[AVX512FP16-24]
-	_ = x[AVX512IFMA-25]
-	_ = x[AVX512PF-26]
-	_ = x[AVX512VBMI-27]
-	_ = x[AVX512VBMI2-28]
-	_ = x[AVX512VL-29]
-	_ = x[AVX512VNNI-30]
-	_ = x[AVX512VP2INTERSECT-31]
-	_ = x[AVX512VPOPCNTDQ-32]
-	_ = x[AVXIFMA-33]
-	_ = x[AVXNECONVERT-34]
-	_ = x[AVXSLOW-35]
-	_ = x[AVXVNNI-36]
-	_ = x[AVXVNNIINT8-37]
-	_ = x[AVXVNNIINT16-38]
-	_ = x[BHI_CTRL-39]
-	_ = x[BMI1-40]
-	_ = x[BMI2-41]
-	_ = x[CETIBT-42]
-	_ = x[CETSS-43]
-	_ = x[CLDEMOTE-44]
-	_ = x[CLMUL-45]
-	_ = x[CLZERO-46]
-	_ = x[CMOV-47]
-	_ = x[CMPCCXADD-48]
-	_ = x[CMPSB_SCADBS_SHORT-49]
-	_ = x[CMPXCHG8-50]
-	_ = x[CPBOOST-51]
-	_ = x[CPPC-52]
-	_ = x[CX16-53]
-	_ = x[EFER_LMSLE_UNS-54]
-	_ = x[ENQCMD-55]
-	_ = x[ERMS-56]
-	_ = x[F16C-57]
-	_ = x[FLUSH_L1D-58]
-	_ = x[FMA3-59]
-	_ = x[FMA4-60]
-	_ = x[FP128-61]
-	_ = x[FP256-62]
-	_ = x[FSRM-63]
-	_ = x[FXSR-64]
-	_ = x[FXSROPT-65]
-	_ = x[GFNI-66]
-	_ = x[HLE-67]
-	_ = x[HRESET-68]
-	_ = x[HTT-69]
-	_ = x[HWA-70]
-	_ = x[HYBRID_CPU-71]
-	_ = x[HYPERVISOR-72]
-	_ = x[IA32_ARCH_CAP-73]
-	_ = x[IA32_CORE_CAP-74]
-	_ = x[IBPB-75]
-	_ = x[IBPB_BRTYPE-76]
-	_ = x[IBRS-77]
-	_ = x[IBRS_PREFERRED-78]
-	_ = x[IBRS_PROVIDES_SMP-79]
-	_ = x[IBS-80]
-	_ = x[IBSBRNTRGT-81]
-	_ = x[IBSFETCHSAM-82]
-	_ = x[IBSFFV-83]
-	_ = x[IBSOPCNT-84]
-	_ = x[IBSOPCNTEXT-85]
-	_ = x[IBSOPSAM-86]
-	_ = x[IBSRDWROPCNT-87]
-	_ = x[IBSRIPINVALIDCHK-88]
-	_ = x[IBS_FETCH_CTLX-89]
-	_ = x[IBS_OPDATA4-90]
-	_ = x[IBS_OPFUSE-91]
-	_ = x[IBS_PREVENTHOST-92]
-	_ = x[IBS_ZEN4-93]
-	_ = x[IDPRED_CTRL-94]
-	_ = x[INT_WBINVD-95]
-	_ = x[INVLPGB-96]
-	_ = x[KEYLOCKER-97]
-	_ = x[KEYLOCKERW-98]
-	_ = x[LAHF-99]
-	_ = x[LAM-100]
-	_ = x[LBRVIRT-101]
-	_ = x[LZCNT-102]
-	_ = x[MCAOVERFLOW-103]
-	_ = x[MCDT_NO-104]
-	_ = x[MCOMMIT-105]
-	_ = x[MD_CLEAR-106]
-	_ = x[MMX-107]
-	_ = x[MMXEXT-108]
-	_ = x[MOVBE-109]
-	_ = x[MOVDIR64B-110]
-	_ = x[MOVDIRI-111]
-	_ = x[MOVSB_ZL-112]
-	_ = x[MOVU-113]
-	_ = x[MPX-114]
-	_ = x[MSRIRC-115]
-	_ = x[MSRLIST-116]
-	_ = x[MSR_PAGEFLUSH-117]
-	_ = x[NRIPS-118]
-	_ = x[NX-119]
-	_ = x[OSXSAVE-120]
-	_ = x[PCONFIG-121]
-	_ = x[POPCNT-122]
-	_ = x[PPIN-123]
-	_ = x[PREFETCHI-124]
-	_ = x[PSFD-125]
-	_ = x[RDPRU-126]
-	_ = x[RDRAND-127]
-	_ = x[RDSEED-128]
-	_ = x[RDTSCP-129]
-	_ = x[RRSBA_CTRL-130]
-	_ = x[RTM-131]
-	_ = x[RTM_ALWAYS_ABORT-132]
-	_ = x[SBPB-133]
-	_ = x[SERIALIZE-134]
-	_ = x[SEV-135]
-	_ = x[SEV_64BIT-136]
-	_ = x[SEV_ALTERNATIVE-137]
-	_ = x[SEV_DEBUGSWAP-138]
-	_ = x[SEV_ES-139]
-	_ = x[SEV_RESTRICTED-140]
-	_ = x[SEV_SNP-141]
-	_ = x[SGX-142]
-	_ = x[SGXLC-143]
-	_ = x[SHA-144]
-	_ = x[SME-145]
-	_ = x[SME_COHERENT-146]
-	_ = x[SPEC_CTRL_SSBD-147]
-	_ = x[SRBDS_CTRL-148]
-	_ = x[SRSO_MSR_FIX-149]
-	_ = x[SRSO_NO-150]
-	_ = x[SRSO_USER_KERNEL_NO-151]
-	_ = x[SSE-152]
-	_ = x[SSE2-153]
-	_ = x[SSE3-154]
-	_ = x[SSE4-155]
-	_ = x[SSE42-156]
-	_ = x[SSE4A-157]
-	_ = x[SSSE3-158]
-	_ = x[STIBP-159]
-	_ = x[STIBP_ALWAYSON-160]
-	_ = x[STOSB_SHORT-161]
-	_ = x[SUCCOR-162]
-	_ = x[SVM-163]
-	_ = x[SVMDA-164]
-	_ = x[SVMFBASID-165]
-	_ = x[SVML-166]
-	_ = x[SVMNP-167]
-	_ = x[SVMPF-168]
-	_ = x[SVMPFT-169]
-	_ = x[SYSCALL-170]
-	_ = x[SYSEE-171]
-	_ = x[TBM-172]
-	_ = x[TDX_GUEST-173]
-	_ = x[TLB_FLUSH_NESTED-174]
-	_ = x[TME-175]
-	_ = x[TOPEXT-176]
-	_ = x[TSCRATEMSR-177]
-	_ = x[TSXLDTRK-178]
-	_ = x[VAES-179]
-	_ = x[VMCBCLEAN-180]
-	_ = x[VMPL-181]
-	_ = x[VMSA_REGPROT-182]
-	_ = x[VMX-183]
-	_ = x[VPCLMULQDQ-184]
-	_ = x[VTE-185]
-	_ = x[WAITPKG-186]
-	_ = x[WBNOINVD-187]
-	_ = x[WRMSRNS-188]
-	_ = x[X87-189]
-	_ = x[XGETBV1-190]
-	_ = x[XOP-191]
-	_ = x[XSAVE-192]
-	_ = x[XSAVEC-193]
-	_ = x[XSAVEOPT-194]
-	_ = x[XSAVES-195]
-	_ = x[AESARM-196]
-	_ = x[ARMCPUID-197]
-	_ = x[ASIMD-198]
-	_ = x[ASIMDDP-199]
-	_ = x[ASIMDHP-200]
-	_ = x[ASIMDRDM-201]
-	_ = x[ATOMICS-202]
-	_ = x[CRC32-203]
-	_ = x[DCPOP-204]
-	_ = x[EVTSTRM-205]
-	_ = x[FCMA-206]
-	_ = x[FP-207]
-	_ = x[FPHP-208]
-	_ = x[GPA-209]
-	_ = x[JSCVT-210]
-	_ = x[LRCPC-211]
-	_ = x[PMULL-212]
-	_ = x[SHA1-213]
-	_ = x[SHA2-214]
-	_ = x[SHA3-215]
-	_ = x[SHA512-216]
-	_ = x[SM3-217]
-	_ = x[SM4-218]
-	_ = x[SVE-219]
-	_ = x[lastID-220]
+	_ = x[AMXTF32-10]
+	_ = x[AMXCOMPLEX-11]
+	_ = x[APX_F-12]
+	_ = x[AVX-13]
+	_ = x[AVX10-14]
+	_ = x[AVX10_128-15]
+	_ = x[AVX10_256-16]
+	_ = x[AVX10_512-17]
+	_ = x[AVX2-18]
+	_ = x[AVX512BF16-19]
+	_ = x[AVX512BITALG-20]
+	_ = x[AVX512BW-21]
+	_ = x[AVX512CD-22]
+	_ = x[AVX512DQ-23]
+	_ = x[AVX512ER-24]
+	_ = x[AVX512F-25]
+	_ = x[AVX512FP16-26]
+	_ = x[AVX512IFMA-27]
+	_ = x[AVX512PF-28]
+	_ = x[AVX512VBMI-29]
+	_ = x[AVX512VBMI2-30]
+	_ = x[AVX512VL-31]
+	_ = x[AVX512VNNI-32]
+	_ = x[AVX512VP2INTERSECT-33]
+	_ = x[AVX512VPOPCNTDQ-34]
+	_ = x[AVXIFMA-35]
+	_ = x[AVXNECONVERT-36]
+	_ = x[AVXSLOW-37]
+	_ = x[AVXVNNI-38]
+	_ = x[AVXVNNIINT8-39]
+	_ = x[AVXVNNIINT16-40]
+	_ = x[BHI_CTRL-41]
+	_ = x[BMI1-42]
+	_ = x[BMI2-43]
+	_ = x[CETIBT-44]
+	_ = x[CETSS-45]
+	_ = x[CLDEMOTE-46]
+	_ = x[CLMUL-47]
+	_ = x[CLZERO-48]
+	_ = x[CMOV-49]
+	_ = x[CMPCCXADD-50]
+	_ = x[CMPSB_SCADBS_SHORT-51]
+	_ = x[CMPXCHG8-52]
+	_ = x[CPBOOST-53]
+	_ = x[CPPC-54]
+	_ = x[CX16-55]
+	_ = x[EFER_LMSLE_UNS-56]
+	_ = x[ENQCMD-57]
+	_ = x[ERMS-58]
+	_ = x[F16C-59]
+	_ = x[FLUSH_L1D-60]
+	_ = x[FMA3-61]
+	_ = x[FMA4-62]
+	_ = x[FP128-63]
+	_ = x[FP256-64]
+	_ = x[FSRM-65]
+	_ = x[FXSR-66]
+	_ = x[FXSROPT-67]
+	_ = x[GFNI-68]
+	_ = x[HLE-69]
+	_ = x[HRESET-70]
+	_ = x[HTT-71]
+	_ = x[HWA-72]
+	_ = x[HYBRID_CPU-73]
+	_ = x[HYPERVISOR-74]
+	_ = x[IA32_ARCH_CAP-75]
+	_ = x[IA32_CORE_CAP-76]
+	_ = x[IBPB-77]
+	_ = x[IBPB_BRTYPE-78]
+	_ = x[IBRS-79]
+	_ = x[IBRS_PREFERRED-80]
+	_ = x[IBRS_PROVIDES_SMP-81]
+	_ = x[IBS-82]
+	_ = x[IBSBRNTRGT-83]
+	_ = x[IBSFETCHSAM-84]
+	_ = x[IBSFFV-85]
+	_ = x[IBSOPCNT-86]
+	_ = x[IBSOPCNTEXT-87]
+	_ = x[IBSOPSAM-88]
+	_ = x[IBSRDWROPCNT-89]
+	_ = x[IBSRIPINVALIDCHK-90]
+	_ = x[IBS_FETCH_CTLX-91]
+	_ = x[IBS_OPDATA4-92]
+	_ = x[IBS_OPFUSE-93]
+	_ = x[IBS_PREVENTHOST-94]
+	_ = x[IBS_ZEN4-95]
+	_ = x[IDPRED_CTRL-96]
+	_ = x[INT_WBINVD-97]
+	_ = x[INVLPGB-98]
+	_ = x[KEYLOCKER-99]
+	_ = x[KEYLOCKERW-100]
+	_ = x[LAHF-101]
+	_ = x[LAM-102]
+	_ = x[LBRVIRT-103]
+	_ = x[LZCNT-104]
+	_ = x[MCAOVERFLOW-105]
+	_ = x[MCDT_NO-106]
+	_ = x[MCOMMIT-107]
+	_ = x[MD_CLEAR-108]
+	_ = x[MMX-109]
+	_ = x[MMXEXT-110]
+	_ = x[MOVBE-111]
+	_ = x[MOVDIR64B-112]
+	_ = x[MOVDIRI-113]
+	_ = x[MOVSB_ZL-114]
+	_ = x[MOVU-115]
+	_ = x[MPX-116]
+	_ = x[MSRIRC-117]
+	_ = x[MSRLIST-118]
+	_ = x[MSR_PAGEFLUSH-119]
+	_ = x[NRIPS-120]
+	_ = x[NX-121]
+	_ = x[OSXSAVE-122]
+	_ = x[PCONFIG-123]
+	_ = x[POPCNT-124]
+	_ = x[PPIN-125]
+	_ = x[PREFETCHI-126]
+	_ = x[PSFD-127]
+	_ = x[RDPRU-128]
+	_ = x[RDRAND-129]
+	_ = x[RDSEED-130]
+	_ = x[RDTSCP-131]
+	_ = x[RRSBA_CTRL-132]
+	_ = x[RTM-133]
+	_ = x[RTM_ALWAYS_ABORT-134]
+	_ = x[SBPB-135]
+	_ = x[SERIALIZE-136]
+	_ = x[SEV-137]
+	_ = x[SEV_64BIT-138]
+	_ = x[SEV_ALTERNATIVE-139]
+	_ = x[SEV_DEBUGSWAP-140]
+	_ = x[SEV_ES-141]
+	_ = x[SEV_RESTRICTED-142]
+	_ = x[SEV_SNP-143]
+	_ = x[SGX-144]
+	_ = x[SGXLC-145]
+	_ = x[SHA-146]
+	_ = x[SME-147]
+	_ = x[SME_COHERENT-148]
+	_ = x[SPEC_CTRL_SSBD-149]
+	_ = x[SRBDS_CTRL-150]
+	_ = x[SRSO_MSR_FIX-151]
+	_ = x[SRSO_NO-152]
+	_ = x[SRSO_USER_KERNEL_NO-153]
+	_ = x[SSE-154]
+	_ = x[SSE2-155]
+	_ = x[SSE3-156]
+	_ = x[SSE4-157]
+	_ = x[SSE42-158]
+	_ = x[SSE4A-159]
+	_ = x[SSSE3-160]
+	_ = x[STIBP-161]
+	_ = x[STIBP_ALWAYSON-162]
+	_ = x[STOSB_SHORT-163]
+	_ = x[SUCCOR-164]
+	_ = x[SVM-165]
+	_ = x[SVMDA-166]
+	_ = x[SVMFBASID-167]
+	_ = x[SVML-168]
+	_ = x[SVMNP-169]
+	_ = x[SVMPF-170]
+	_ = x[SVMPFT-171]
+	_ = x[SYSCALL-172]
+	_ = x[SYSEE-173]
+	_ = x[TBM-174]
+	_ = x[TDX_GUEST-175]
+	_ = x[TLB_FLUSH_NESTED-176]
+	_ = x[TME-177]
+	_ = x[TOPEXT-178]
+	_ = x[TSCRATEMSR-179]
+	_ = x[TSXLDTRK-180]
+	_ = x[VAES-181]
+	_ = x[VMCBCLEAN-182]
+	_ = x[VMPL-183]
+	_ = x[VMSA_REGPROT-184]
+	_ = x[VMX-185]
+	_ = x[VPCLMULQDQ-186]
+	_ = x[VTE-187]
+	_ = x[WAITPKG-188]
+	_ = x[WBNOINVD-189]
+	_ = x[WRMSRNS-190]
+	_ = x[X87-191]
+	_ = x[XGETBV1-192]
+	_ = x[XOP-193]
+	_ = x[XSAVE-194]
+	_ = x[XSAVEC-195]
+	_ = x[XSAVEOPT-196]
+	_ = x[XSAVES-197]
+	_ = x[AESARM-198]
+	_ = x[ARMCPUID-199]
+	_ = x[ASIMD-200]
+	_ = x[ASIMDDP-201]
+	_ = x[ASIMDHP-202]
+	_ = x[ASIMDRDM-203]
+	_ = x[ATOMICS-204]
+	_ = x[CRC32-205]
+	_ = x[DCPOP-206]
+	_ = x[EVTSTRM-207]
+	_ = x[FCMA-208]
+	_ = x[FHM-209]
+	_ = x[FP-210]
+	_ = x[FPHP-211]
+	_ = x[GPA-212]
+	_ = x[JSCVT-213]
+	_ = x[LRCPC-214]
+	_ = x[PMULL-215]
+	_ = x[RNDR-216]
+	_ = x[TLB-217]
+	_ = x[TS-218]
+	_ = x[SHA1-219]
+	_ = x[SHA2-220]
+	_ = x[SHA3-221]
+	_ = x[SHA512-222]
+	_ = x[SM3-223]
+	_ = x[SM4-224]
+	_ = x[SVE-225]
+	_ = x[lastID-226]
 	_ = x[firstID-0]
 }
 
-const _FeatureID_name = "firstIDADXAESNIAMD3DNOWAMD3DNOWEXTAMXBF16AMXFP16AMXINT8AMXFP8AMXTILEAPX_FAVXAVX10AVX10_128AVX10_256AVX10_512AVX2AVX512BF16AVX512BITALGAVX512BWAVX512CDAVX512DQAVX512ERAVX512FAVX512FP16AVX512IFMAAVX512PFAVX512VBMIAVX512VBMI2AVX512VLAVX512VNNIAVX512VP2INTERSECTAVX512VPOPCNTDQAVXIFMAAVXNECONVERTAVXSLOWAVXVNNIAVXVNNIINT8AVXVNNIINT16BHI_CTRLBMI1BMI2CETIBTCETSSCLDEMOTECLMULCLZEROCMOVCMPCCXADDCMPSB_SCADBS_SHORTCMPXCHG8CPBOOSTCPPCCX16EFER_LMSLE_UNSENQCMDERMSF16CFLUSH_L1DFMA3FMA4FP128FP256FSRMFXSRFXSROPTGFNIHLEHRESETHTTHWAHYBRID_CPUHYPERVISORIA32_ARCH_CAPIA32_CORE_CAPIBPBIBPB_BRTYPEIBRSIBRS_PREFERREDIBRS_PROVIDES_SMPIBSIBSBRNTRGTIBSFETCHSAMIBSFFVIBSOPCNTIBSOPCNTEXTIBSOPSAMIBSRDWROPCNTIBSRIPINVALIDCHKIBS_FETCH_CTLXIBS_OPDATA4IBS_OPFUSEIBS_PREVENTHOSTIBS_ZEN4IDPRED_CTRLINT_WBINVDINVLPGBKEYLOCKERKEYLOCKERWLAHFLAMLBRVIRTLZCNTMCAOVERFLOWMCDT_NOMCOMMITMD_CLEARMMXMMXEXTMOVBEMOVDIR64BMOVDIRIMOVSB_ZLMOVUMPXMSRIRCMSRLISTMSR_PAGEFLUSHNRIPSNXOSXSAVEPCONFIGPOPCNTPPINPREFETCHIPSFDRDPRURDRANDRDSEEDRDTSCPRRSBA_CTRLRTMRTM_ALWAYS_ABORTSBPBSERIALIZESEVSEV_64BITSEV_ALTERNATIVESEV_DEBUGSWAPSEV_ESSEV_RESTRICTEDSEV_SNPSGXSGXLCSHASMESME_COHERENTSPEC_CTRL_SSBDSRBDS_CTRLSRSO_MSR_FIXSRSO_NOSRSO_USER_KERNEL_NOSSESSE2SSE3SSE4SSE42SSE4ASSSE3STIBPSTIBP_ALWAYSONSTOSB_SHORTSUCCORSVMSVMDASVMFBASIDSVMLSVMNPSVMPFSVMPFTSYSCALLSYSEETBMTDX_GUESTTLB_FLUSH_NESTEDTMETOPEXTTSCRATEMSRTSXLDTRKVAESVMCBCLEANVMPLVMSA_REGPROTVMXVPCLMULQDQVTEWAITPKGWBNOINVDWRMSRNSX87XGETBV1XOPXSAVEXSAVECXSAVEOPTXSAVESAESARMARMCPUIDASIMDASIMDDPASIMDHPASIMDRDMATOMICSCRC32DCPOPEVTSTRMFCMAFPFPHPGPAJSCVTLRCPCPMULLSHA1SHA2SHA3SHA512SM3SM4SVElastID"
+const _FeatureID_name = "firstIDADXAESNIAMD3DNOWAMD3DNOWEXTAMXBF16AMXFP16AMXINT8AMXFP8AMXTILEAMXTF32AMXCOMPLEXAPX_FAVXAVX10AVX10_128AVX10_256AVX10_512AVX2AVX512BF16AVX512BITALGAVX512BWAVX512CDAVX512DQAVX512ERAVX512FAVX512FP16AVX512IFMAAVX512PFAVX512VBMIAVX512VBMI2AVX512VLAVX512VNNIAVX512VP2INTERSECTAVX512VPOPCNTDQAVXIFMAAVXNECONVERTAVXSLOWAVXVNNIAVXVNNIINT8AVXVNNIINT16BHI_CTRLBMI1BMI2CETIBTCETSSCLDEMOTECLMULCLZEROCMOVCMPCCXADDCMPSB_SCADBS_SHORTCMPXCHG8CPBOOSTCPPCCX16EFER_LMSLE_UNSENQCMDERMSF16CFLUSH_L1DFMA3FMA4FP128FP256FSRMFXSRFXSROPTGFNIHLEHRESETHTTHWAHYBRID_CPUHYPERVISORIA32_ARCH_CAPIA32_CORE_CAPIBPBIBPB_BRTYPEIBRSIBRS_PREFERREDIBRS_PROVIDES_SMPIBSIBSBRNTRGTIBSFETCHSAMIBSFFVIBSOPCNTIBSOPCNTEXTIBSOPSAMIBSRDWROPCNTIBSRIPINVALIDCHKIBS_FETCH_CTLXIBS_OPDATA4IBS_OPFUSEIBS_PREVENTHOSTIBS_ZEN4IDPRED_CTRLINT_WBINVDINVLPGBKEYLOCKERKEYLOCKERWLAHFLAMLBRVIRTLZCNTMCAOVERFLOWMCDT_NOMCOMMITMD_CLEARMMXMMXEXTMOVBEMOVDIR64BMOVDIRIMOVSB_ZLMOVUMPXMSRIRCMSRLISTMSR_PAGEFLUSHNRIPSNXOSXSAVEPCONFIGPOPCNTPPINPREFETCHIPSFDRDPRURDRANDRDSEEDRDTSCPRRSBA_CTRLRTMRTM_ALWAYS_ABORTSBPBSERIALIZESEVSEV_64BITSEV_ALTERNATIVESEV_DEBUGSWAPSEV_ESSEV_RESTRICTEDSEV_SNPSGXSGXLCSHASMESME_COHERENTSPEC_CTRL_SSBDSRBDS_CTRLSRSO_MSR_FIXSRSO_NOSRSO_USER_KERNEL_NOSSESSE2SSE3SSE4SSE42SSE4ASSSE3STIBPSTIBP_ALWAYSONSTOSB_SHORTSUCCORSVMSVMDASVMFBASIDSVMLSVMNPSVMPFSVMPFTSYSCALLSYSEETBMTDX_GUESTTLB_FLUSH_NESTEDTMETOPEXTTSCRATEMSRTSXLDTRKVAESVMCBCLEANVMPLVMSA_REGPROTVMXVPCLMULQDQVTEWAITPKGWBNOINVDWRMSRNSX87XGETBV1XOPXSAVEXSAVECXSAVEOPTXSAVESAESARMARMCPUIDASIMDASIMDDPASIMDHPASIMDRDMATOMICSCRC32DCPOPEVTSTRMFCMAFHMFPFPHPGPAJSCVTLRCPCPMULLRNDRTLBTSSHA1SHA2SHA3SHA512SM3SM4SVElastID"
 
-var _FeatureID_index = [...]uint16{0, 7, 10, 15, 23, 34, 41, 48, 55, 61, 68, 73, 76, 81, 90, 99, 108, 112, 122, 134, 142, 150, 158, 166, 173, 183, 193, 201, 211, 222, 230, 240, 258, 273, 280, 292, 299, 306, 317, 329, 337, 341, 345, 351, 356, 364, 369, 375, 379, 388, 406, 414, 421, 425, 429, 443, 449, 453, 457, 466, 470, 474, 479, 484, 488, 492, 499, 503, 506, 512, 515, 518, 528, 538, 551, 564, 568, 579, 583, 597, 614, 617, 627, 638, 644, 652, 663, 671, 683, 699, 713, 724, 734, 749, 757, 768, 778, 785, 794, 804, 808, 811, 818, 823, 834, 841, 848, 856, 859, 865, 870, 879, 886, 894, 898, 901, 907, 914, 927, 932, 934, 941, 948, 954, 958, 967, 971, 976, 982, 988, 994, 1004, 1007, 1023, 1027, 1036, 1039, 1048, 1063, 1076, 1082, 1096, 1103, 1106, 1111, 1114, 1117, 1129, 1143, 1153, 1165, 1172, 1191, 1194, 1198, 1202, 1206, 1211, 1216, 1221, 1226, 1240, 1251, 1257, 1260, 1265, 1274, 1278, 1283, 1288, 1294, 1301, 1306, 1309, 1318, 1334, 1337, 1343, 1353, 1361, 1365, 1374, 1378, 1390, 1393, 1403, 1406, 1413, 1421, 1428, 1431, 1438, 1441, 1446, 1452, 1460, 1466, 1472, 1480, 1485, 1492, 1499, 1507, 1514, 1519, 1524, 1531, 1535, 1537, 1541, 1544, 1549, 1554, 1559, 1563, 1567, 1571, 1577, 1580, 1583, 1586, 1592}
+var _FeatureID_index = [...]uint16{0, 7, 10, 15, 23, 34, 41, 48, 55, 61, 68, 75, 85, 90, 93, 98, 107, 116, 125, 129, 139, 151, 159, 167, 175, 183, 190, 200, 210, 218, 228, 239, 247, 257, 275, 290, 297, 309, 316, 323, 334, 346, 354, 358, 362, 368, 373, 381, 386, 392, 396, 405, 423, 431, 438, 442, 446, 460, 466, 470, 474, 483, 487, 491, 496, 501, 505, 509, 516, 520, 523, 529, 532, 535, 545, 555, 568, 581, 585, 596, 600, 614, 631, 634, 644, 655, 661, 669, 680, 688, 700, 716, 730, 741, 751, 766, 774, 785, 795, 802, 811, 821, 825, 828, 835, 840, 851, 858, 865, 873, 876, 882, 887, 896, 903, 911, 915, 918, 924, 931, 944, 949, 951, 958, 965, 971, 975, 984, 988, 993, 999, 1005, 1011, 1021, 1024, 1040, 1044, 1053, 1056, 1065, 1080, 1093, 1099, 1113, 1120, 1123, 1128, 1131, 1134, 1146, 1160, 1170, 1182, 1189, 1208, 1211, 1215, 1219, 1223, 1228, 1233, 1238, 1243, 1257, 1268, 1274, 1277, 1282, 1291, 1295, 1300, 1305, 1311, 1318, 1323, 1326, 1335, 1351, 1354, 1360, 1370, 1378, 1382, 1391, 1395, 1407, 1410, 1420, 1423, 1430, 1438, 1445, 1448, 1455, 1458, 1463, 1469, 1477, 1483, 1489, 1497, 1502, 1509, 1516, 1524, 1531, 1536, 1541, 1548, 1552, 1555, 1557, 1561, 1564, 1569, 1574, 1579, 1583, 1586, 1588, 1592, 1596, 1600, 1606, 1609, 1612, 1615, 1621}
 
 func (i FeatureID) String() string {
 	if i < 0 || i >= FeatureID(len(_FeatureID_index)-1) {
diff --git a/vendor/github.com/klauspost/cpuid/v2/os_darwin_arm64.go b/vendor/github.com/klauspost/cpuid/v2/os_darwin_arm64.go
index 84b1acd21..6f0b33ca6 100644
--- a/vendor/github.com/klauspost/cpuid/v2/os_darwin_arm64.go
+++ b/vendor/github.com/klauspost/cpuid/v2/os_darwin_arm64.go
@@ -96,9 +96,11 @@ func tryToFillCPUInfoFomSysctl(c *CPUInfo) {
 	setFeature(c, "hw.optional.arm.FEAT_DPB", DCPOP)
 	// setFeature(c, "", EVTSTRM)
 	setFeature(c, "hw.optional.arm.FEAT_FCMA", FCMA)
+	setFeature(c, "hw.optional.arm.FEAT_FHM", FHM)
 	setFeature(c, "hw.optional.arm.FEAT_FP", FP)
 	setFeature(c, "hw.optional.arm.FEAT_FP16", FPHP)
 	setFeature(c, "hw.optional.arm.FEAT_PAuth", GPA)
+	setFeature(c, "hw.optional.arm.FEAT_RNG", RNDR)
 	setFeature(c, "hw.optional.arm.FEAT_JSCVT", JSCVT)
 	setFeature(c, "hw.optional.arm.FEAT_LRCPC", LRCPC)
 	setFeature(c, "hw.optional.arm.FEAT_PMULL", PMULL)
@@ -106,6 +108,10 @@ func tryToFillCPUInfoFomSysctl(c *CPUInfo) {
 	setFeature(c, "hw.optional.arm.FEAT_SHA256", SHA2)
 	setFeature(c, "hw.optional.arm.FEAT_SHA3", SHA3)
 	setFeature(c, "hw.optional.arm.FEAT_SHA512", SHA512)
+	setFeature(c, "hw.optional.arm.FEAT_TLBIOS", TLB)
+	setFeature(c, "hw.optional.arm.FEAT_TLBIRANGE", TLB)
+	setFeature(c, "hw.optional.arm.FEAT_FlagM", TS)
+	setFeature(c, "hw.optional.arm.FEAT_FlagM2", TS)
 	// setFeature(c, "", SM3)
 	// setFeature(c, "", SM4)
 	setFeature(c, "hw.optional.arm.FEAT_SVE", SVE)
diff --git a/vendor/github.com/klauspost/cpuid/v2/os_linux_arm64.go b/vendor/github.com/klauspost/cpuid/v2/os_linux_arm64.go
index ee278b9e4..d96d24438 100644
--- a/vendor/github.com/klauspost/cpuid/v2/os_linux_arm64.go
+++ b/vendor/github.com/klauspost/cpuid/v2/os_linux_arm64.go
@@ -39,6 +39,80 @@ const (
 	hwcap_SHA512   = 1 << 21
 	hwcap_SVE      = 1 << 22
 	hwcap_ASIMDFHM = 1 << 23
+	hwcap_DIT      = 1 << 24
+	hwcap_USCAT    = 1 << 25
+	hwcap_ILRCPC   = 1 << 26
+	hwcap_FLAGM    = 1 << 27
+	hwcap_SSBS     = 1 << 28
+	hwcap_SB       = 1 << 29
+	hwcap_PACA     = 1 << 30
+	hwcap_PACG     = 1 << 31
+	hwcap_GCS      = 1 << 32
+
+	hwcap2_DCPODP      = 1 << 0
+	hwcap2_SVE2        = 1 << 1
+	hwcap2_SVEAES      = 1 << 2
+	hwcap2_SVEPMULL    = 1 << 3
+	hwcap2_SVEBITPERM  = 1 << 4
+	hwcap2_SVESHA3     = 1 << 5
+	hwcap2_SVESM4      = 1 << 6
+	hwcap2_FLAGM2      = 1 << 7
+	hwcap2_FRINT       = 1 << 8
+	hwcap2_SVEI8MM     = 1 << 9
+	hwcap2_SVEF32MM    = 1 << 10
+	hwcap2_SVEF64MM    = 1 << 11
+	hwcap2_SVEBF16     = 1 << 12
+	hwcap2_I8MM        = 1 << 13
+	hwcap2_BF16        = 1 << 14
+	hwcap2_DGH         = 1 << 15
+	hwcap2_RNG         = 1 << 16
+	hwcap2_BTI         = 1 << 17
+	hwcap2_MTE         = 1 << 18
+	hwcap2_ECV         = 1 << 19
+	hwcap2_AFP         = 1 << 20
+	hwcap2_RPRES       = 1 << 21
+	hwcap2_MTE3        = 1 << 22
+	hwcap2_SME         = 1 << 23
+	hwcap2_SME_I16I64  = 1 << 24
+	hwcap2_SME_F64F64  = 1 << 25
+	hwcap2_SME_I8I32   = 1 << 26
+	hwcap2_SME_F16F32  = 1 << 27
+	hwcap2_SME_B16F32  = 1 << 28
+	hwcap2_SME_F32F32  = 1 << 29
+	hwcap2_SME_FA64    = 1 << 30
+	hwcap2_WFXT        = 1 << 31
+	hwcap2_EBF16       = 1 << 32
+	hwcap2_SVE_EBF16   = 1 << 33
+	hwcap2_CSSC        = 1 << 34
+	hwcap2_RPRFM       = 1 << 35
+	hwcap2_SVE2P1      = 1 << 36
+	hwcap2_SME2        = 1 << 37
+	hwcap2_SME2P1      = 1 << 38
+	hwcap2_SME_I16I32  = 1 << 39
+	hwcap2_SME_BI32I32 = 1 << 40
+	hwcap2_SME_B16B16  = 1 << 41
+	hwcap2_SME_F16F16  = 1 << 42
+	hwcap2_MOPS        = 1 << 43
+	hwcap2_HBC         = 1 << 44
+	hwcap2_SVE_B16B16  = 1 << 45
+	hwcap2_LRCPC3      = 1 << 46
+	hwcap2_LSE128      = 1 << 47
+	hwcap2_FPMR        = 1 << 48
+	hwcap2_LUT         = 1 << 49
+	hwcap2_FAMINMAX    = 1 << 50
+	hwcap2_F8CVT       = 1 << 51
+	hwcap2_F8FMA       = 1 << 52
+	hwcap2_F8DP4       = 1 << 53
+	hwcap2_F8DP2       = 1 << 54
+	hwcap2_F8E4M3      = 1 << 55
+	hwcap2_F8E5M2      = 1 << 56
+	hwcap2_SME_LUTV2   = 1 << 57
+	hwcap2_SME_F8F16   = 1 << 58
+	hwcap2_SME_F8F32   = 1 << 59
+	hwcap2_SME_SF8FMA  = 1 << 60
+	hwcap2_SME_SF8DP4  = 1 << 61
+	hwcap2_SME_SF8DP2  = 1 << 62
+	hwcap2_POE         = 1 << 63
 )
 
 func detectOS(c *CPUInfo) bool {
@@ -104,11 +178,15 @@ func detectOS(c *CPUInfo) bool {
 	c.featureSet.setIf(isSet(hwcap, hwcap_DCPOP), DCPOP)
 	c.featureSet.setIf(isSet(hwcap, hwcap_EVTSTRM), EVTSTRM)
 	c.featureSet.setIf(isSet(hwcap, hwcap_FCMA), FCMA)
+	c.featureSet.setIf(isSet(hwcap, hwcap_ASIMDFHM), FHM)
 	c.featureSet.setIf(isSet(hwcap, hwcap_FP), FP)
 	c.featureSet.setIf(isSet(hwcap, hwcap_FPHP), FPHP)
 	c.featureSet.setIf(isSet(hwcap, hwcap_JSCVT), JSCVT)
 	c.featureSet.setIf(isSet(hwcap, hwcap_LRCPC), LRCPC)
 	c.featureSet.setIf(isSet(hwcap, hwcap_PMULL), PMULL)
+	c.featureSet.setIf(isSet(hwcap, hwcap2_RNG), RNDR)
+	// c.featureSet.setIf(isSet(hwcap, hwcap_), TLB)
+	// c.featureSet.setIf(isSet(hwcap, hwcap_), TS)
 	c.featureSet.setIf(isSet(hwcap, hwcap_SHA1), SHA1)
 	c.featureSet.setIf(isSet(hwcap, hwcap_SHA2), SHA2)
 	c.featureSet.setIf(isSet(hwcap, hwcap_SHA3), SHA3)
diff --git a/vendor/github.com/minio/crc64nvme/LICENSE b/vendor/github.com/minio/crc64nvme/LICENSE
new file mode 100644
index 000000000..d64569567
--- /dev/null
+++ b/vendor/github.com/minio/crc64nvme/LICENSE
@@ -0,0 +1,202 @@
+
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright [yyyy] [name of copyright owner]
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
diff --git a/vendor/github.com/minio/crc64nvme/README.md b/vendor/github.com/minio/crc64nvme/README.md
new file mode 100644
index 000000000..977dfcc88
--- /dev/null
+++ b/vendor/github.com/minio/crc64nvme/README.md
@@ -0,0 +1,20 @@
+
+## crc64nvme
+
+This Golang package calculates CRC64 checksums using carryless-multiplication accelerated with SIMD instructions for both ARM and x86. It is based on the NVME polynomial as specified in the [NVM Express® NVM Command Set Specification](https://nvmexpress.org/wp-content/uploads/NVM-Express-NVM-Command-Set-Specification-1.0d-2023.12.28-Ratified.pdf).
+
+The code is based on the [crc64fast-nvme](https://github.com/awesomized/crc64fast-nvme.git) package in Rust and is released under the Apache 2.0 license.
+
+For more background on the exact technique used, see this [Fast CRC Computation for Generic Polynomials Using PCLMULQDQ Instruction](https://web.archive.org/web/20131224125630/https://www.intel.com/content/dam/www/public/us/en/documents/white-papers/fast-crc-computation-generic-polynomials-pclmulqdq-paper.pdf) paper.
+
+### Performance
+
+To follow.
+
+### Requirements
+
+All Go versions >= 1.22 are supported.
+
+### Contributing
+
+Contributions are welcome, please send PRs for any enhancements.
diff --git a/vendor/github.com/minio/crc64nvme/crc64.go b/vendor/github.com/minio/crc64nvme/crc64.go
new file mode 100644
index 000000000..40ac28c76
--- /dev/null
+++ b/vendor/github.com/minio/crc64nvme/crc64.go
@@ -0,0 +1,180 @@
+// Copyright (c) 2025 Minio Inc. All rights reserved.
+// Use of this source code is governed by a license that can be
+// found in the LICENSE file.
+
+// Package crc64nvme implements the 64-bit cyclic redundancy check with NVME polynomial.
+package crc64nvme
+
+import (
+	"encoding/binary"
+	"errors"
+	"hash"
+	"sync"
+	"unsafe"
+)
+
+const (
+	// The size of a CRC-64 checksum in bytes.
+	Size = 8
+
+	// The NVME polynoimial (reversed, as used by Go)
+	NVME = 0x9a6c9329ac4bc9b5
+)
+
+var (
+	// precalculated table.
+	nvmeTable = makeTable(NVME)
+)
+
+// table is a 256-word table representing the polynomial for efficient processing.
+type table [256]uint64
+
+var (
+	slicing8TablesBuildOnce sync.Once
+	slicing8TableNVME       *[8]table
+)
+
+func buildSlicing8TablesOnce() {
+	slicing8TablesBuildOnce.Do(buildSlicing8Tables)
+}
+
+func buildSlicing8Tables() {
+	slicing8TableNVME = makeSlicingBy8Table(makeTable(NVME))
+}
+
+func makeTable(poly uint64) *table {
+	t := new(table)
+	for i := 0; i < 256; i++ {
+		crc := uint64(i)
+		for j := 0; j < 8; j++ {
+			if crc&1 == 1 {
+				crc = (crc >> 1) ^ poly
+			} else {
+				crc >>= 1
+			}
+		}
+		t[i] = crc
+	}
+	return t
+}
+
+func makeSlicingBy8Table(t *table) *[8]table {
+	var helperTable [8]table
+	helperTable[0] = *t
+	for i := 0; i < 256; i++ {
+		crc := t[i]
+		for j := 1; j < 8; j++ {
+			crc = t[crc&0xff] ^ (crc >> 8)
+			helperTable[j][i] = crc
+		}
+	}
+	return &helperTable
+}
+
+// digest represents the partial evaluation of a checksum.
+type digest struct {
+	crc uint64
+}
+
+// New creates a new hash.Hash64 computing the CRC-64 checksum using the
+// NVME polynomial. Its Sum method will lay the
+// value out in big-endian byte order. The returned Hash64 also
+// implements [encoding.BinaryMarshaler] and [encoding.BinaryUnmarshaler] to
+// marshal and unmarshal the internal state of the hash.
+func New() hash.Hash64 { return &digest{0} }
+
+func (d *digest) Size() int { return Size }
+
+func (d *digest) BlockSize() int { return 1 }
+
+func (d *digest) Reset() { d.crc = 0 }
+
+const (
+	magic         = "crc\x02"
+	marshaledSize = len(magic) + 8 + 8
+)
+
+func (d *digest) MarshalBinary() ([]byte, error) {
+	b := make([]byte, 0, marshaledSize)
+	b = append(b, magic...)
+	b = binary.BigEndian.AppendUint64(b, tableSum)
+	b = binary.BigEndian.AppendUint64(b, d.crc)
+	return b, nil
+}
+
+func (d *digest) UnmarshalBinary(b []byte) error {
+	if len(b) < len(magic) || string(b[:len(magic)]) != magic {
+		return errors.New("hash/crc64: invalid hash state identifier")
+	}
+	if len(b) != marshaledSize {
+		return errors.New("hash/crc64: invalid hash state size")
+	}
+	if tableSum != binary.BigEndian.Uint64(b[4:]) {
+		return errors.New("hash/crc64: tables do not match")
+	}
+	d.crc = binary.BigEndian.Uint64(b[12:])
+	return nil
+}
+
+func update(crc uint64, p []byte) uint64 {
+	if hasAsm && len(p) > 127 {
+		ptr := unsafe.Pointer(&p[0])
+		if align := (uintptr(ptr)+15)&^0xf - uintptr(ptr); align > 0 {
+			// Align to 16-byte boundary.
+			crc = update(crc, p[:align])
+			p = p[align:]
+		}
+		runs := len(p) / 128
+		crc = updateAsm(crc, p[:128*runs])
+		return update(crc, p[128*runs:])
+	}
+
+	buildSlicing8TablesOnce()
+	crc = ^crc
+	// table comparison is somewhat expensive, so avoid it for small sizes
+	for len(p) >= 64 {
+		var helperTable = slicing8TableNVME
+		// Update using slicing-by-8
+		for len(p) > 8 {
+			crc ^= binary.LittleEndian.Uint64(p)
+			crc = helperTable[7][crc&0xff] ^
+				helperTable[6][(crc>>8)&0xff] ^
+				helperTable[5][(crc>>16)&0xff] ^
+				helperTable[4][(crc>>24)&0xff] ^
+				helperTable[3][(crc>>32)&0xff] ^
+				helperTable[2][(crc>>40)&0xff] ^
+				helperTable[1][(crc>>48)&0xff] ^
+				helperTable[0][crc>>56]
+			p = p[8:]
+		}
+	}
+	// For reminders or small sizes
+	for _, v := range p {
+		crc = nvmeTable[byte(crc)^v] ^ (crc >> 8)
+	}
+	return ^crc
+}
+
+// Update returns the result of adding the bytes in p to the crc.
+func Update(crc uint64, p []byte) uint64 {
+	return update(crc, p)
+}
+
+func (d *digest) Write(p []byte) (n int, err error) {
+	d.crc = update(d.crc, p)
+	return len(p), nil
+}
+
+func (d *digest) Sum64() uint64 { return d.crc }
+
+func (d *digest) Sum(in []byte) []byte {
+	s := d.Sum64()
+	return append(in, byte(s>>56), byte(s>>48), byte(s>>40), byte(s>>32), byte(s>>24), byte(s>>16), byte(s>>8), byte(s))
+}
+
+// Checksum returns the CRC-64 checksum of data
+// using the NVME polynomial.
+func Checksum(data []byte) uint64 { return update(0, data) }
+
+// ISO tablesum of NVME poly
+const tableSum = 0x8ddd9ee4402c7163
diff --git a/vendor/github.com/minio/crc64nvme/crc64_amd64.go b/vendor/github.com/minio/crc64nvme/crc64_amd64.go
new file mode 100644
index 000000000..fc8538bc3
--- /dev/null
+++ b/vendor/github.com/minio/crc64nvme/crc64_amd64.go
@@ -0,0 +1,15 @@
+// Copyright (c) 2025 Minio Inc. All rights reserved.
+// Use of this source code is governed by a license that can be
+// found in the LICENSE file.
+
+//go:build !noasm && !appengine && !gccgo
+
+package crc64nvme
+
+import (
+	"github.com/klauspost/cpuid/v2"
+)
+
+var hasAsm = cpuid.CPU.Supports(cpuid.SSE2, cpuid.CLMUL, cpuid.SSE4)
+
+func updateAsm(crc uint64, p []byte) (checksum uint64)
diff --git a/vendor/github.com/minio/crc64nvme/crc64_amd64.s b/vendor/github.com/minio/crc64nvme/crc64_amd64.s
new file mode 100644
index 000000000..9782321fd
--- /dev/null
+++ b/vendor/github.com/minio/crc64nvme/crc64_amd64.s
@@ -0,0 +1,157 @@
+// Copyright (c) 2025 Minio Inc. All rights reserved.
+// Use of this source code is governed by a license that can be
+// found in the LICENSE file.
+
+//go:build !noasm && !appengine && !gccgo
+
+#include "textflag.h"
+
+TEXT ·updateAsm(SB), $0-40
+	MOVQ crc+0(FP), AX    // checksum
+	MOVQ p_base+8(FP), SI // start pointer
+	MOVQ p_len+16(FP), CX // length of buffer
+	NOTQ AX
+	SHRQ $7, CX
+	CMPQ CX, $1
+	JLT  skip128
+
+	VMOVDQA 0x00(SI), X0
+	VMOVDQA 0x10(SI), X1
+	VMOVDQA 0x20(SI), X2
+	VMOVDQA 0x30(SI), X3
+	VMOVDQA 0x40(SI), X4
+	VMOVDQA 0x50(SI), X5
+	VMOVDQA 0x60(SI), X6
+	VMOVDQA 0x70(SI), X7
+	MOVQ    AX, X8
+	PXOR    X8, X0
+	CMPQ    CX, $1
+	JE      tail128
+
+	MOVQ   $0xa1ca681e733f9c40, AX
+	MOVQ   AX, X8
+	MOVQ   $0x5f852fb61e8d92dc, AX
+	PINSRQ $0x1, AX, X9
+
+loop128:
+	ADDQ      $128, SI
+	SUBQ      $1, CX
+	VMOVDQA   X0, X10
+	PCLMULQDQ $0x00, X8, X10
+	PCLMULQDQ $0x11, X9, X0
+	PXOR      X10, X0
+	PXOR      0(SI), X0
+	VMOVDQA   X1, X10
+	PCLMULQDQ $0x00, X8, X10
+	PCLMULQDQ $0x11, X9, X1
+	PXOR      X10, X1
+	PXOR      0x10(SI), X1
+	VMOVDQA   X2, X10
+	PCLMULQDQ $0x00, X8, X10
+	PCLMULQDQ $0x11, X9, X2
+	PXOR      X10, X2
+	PXOR      0x20(SI), X2
+	VMOVDQA   X3, X10
+	PCLMULQDQ $0x00, X8, X10
+	PCLMULQDQ $0x11, X9, X3
+	PXOR      X10, X3
+	PXOR      0x30(SI), X3
+	VMOVDQA   X4, X10
+	PCLMULQDQ $0x00, X8, X10
+	PCLMULQDQ $0x11, X9, X4
+	PXOR      X10, X4
+	PXOR      0x40(SI), X4
+	VMOVDQA   X5, X10
+	PCLMULQDQ $0x00, X8, X10
+	PCLMULQDQ $0x11, X9, X5
+	PXOR      X10, X5
+	PXOR      0x50(SI), X5
+	VMOVDQA   X6, X10
+	PCLMULQDQ $0x00, X8, X10
+	PCLMULQDQ $0x11, X9, X6
+	PXOR      X10, X6
+	PXOR      0x60(SI), X6
+	VMOVDQA   X7, X10
+	PCLMULQDQ $0x00, X8, X10
+	PCLMULQDQ $0x11, X9, X7
+	PXOR      X10, X7
+	PXOR      0x70(SI), X7
+	CMPQ      CX, $1
+	JGT       loop128
+
+tail128:
+	MOVQ      $0xd083dd594d96319d, AX
+	MOVQ      AX, X11
+	PCLMULQDQ $0x00, X0, X11
+	MOVQ      $0x946588403d4adcbc, AX
+	PINSRQ    $0x1, AX, X12
+	PCLMULQDQ $0x11, X12, X0
+	PXOR      X11, X7
+	PXOR      X0, X7
+	MOVQ      $0x3c255f5ebc414423, AX
+	MOVQ      AX, X11
+	PCLMULQDQ $0x00, X1, X11
+	MOVQ      $0x34f5a24e22d66e90, AX
+	PINSRQ    $0x1, AX, X12
+	PCLMULQDQ $0x11, X12, X1
+	PXOR      X11, X1
+	PXOR      X7, X1
+	MOVQ      $0x7b0ab10dd0f809fe, AX
+	MOVQ      AX, X11
+	PCLMULQDQ $0x00, X2, X11
+	MOVQ      $0x03363823e6e791e5, AX
+	PINSRQ    $0x1, AX, X12
+	PCLMULQDQ $0x11, X12, X2
+	PXOR      X11, X2
+	PXOR      X1, X2
+	MOVQ      $0x0c32cdb31e18a84a, AX
+	MOVQ      AX, X11
+	PCLMULQDQ $0x00, X3, X11
+	MOVQ      $0x62242240ace5045a, AX
+	PINSRQ    $0x1, AX, X12
+	PCLMULQDQ $0x11, X12, X3
+	PXOR      X11, X3
+	PXOR      X2, X3
+	MOVQ      $0xbdd7ac0ee1a4a0f0, AX
+	MOVQ      AX, X11
+	PCLMULQDQ $0x00, X4, X11
+	MOVQ      $0xa3ffdc1fe8e82a8b, AX
+	PINSRQ    $0x1, AX, X12
+	PCLMULQDQ $0x11, X12, X4
+	PXOR      X11, X4
+	PXOR      X3, X4
+	MOVQ      $0xb0bc2e589204f500, AX
+	MOVQ      AX, X11
+	PCLMULQDQ $0x00, X5, X11
+	MOVQ      $0xe1e0bb9d45d7a44c, AX
+	PINSRQ    $0x1, AX, X12
+	PCLMULQDQ $0x11, X12, X5
+	PXOR      X11, X5
+	PXOR      X4, X5
+	MOVQ      $0xeadc41fd2ba3d420, AX
+	MOVQ      AX, X11
+	PCLMULQDQ $0x00, X6, X11
+	MOVQ      $0x21e9761e252621ac, AX
+	PINSRQ    $0x1, AX, X12
+	PCLMULQDQ $0x11, X12, X6
+	PXOR      X11, X6
+	PXOR      X5, X6
+	MOVQ      AX, X5
+	PCLMULQDQ $0x00, X6, X5
+	PSHUFD    $0xee, X6, X6
+	PXOR      X5, X6
+	MOVQ      $0x27ecfa329aef9f77, AX
+	MOVQ      AX, X4
+	PCLMULQDQ $0x00, X4, X6
+	PEXTRQ    $0, X6, BX
+	MOVQ      $0x34d926535897936b, AX
+	MOVQ      AX, X4
+	PCLMULQDQ $0x00, X4, X6
+	PXOR      X5, X6
+	PEXTRQ    $1, X6, AX
+	XORQ      BX, AX
+
+skip128:
+	NOTQ AX
+	MOVQ AX, checksum+32(FP)
+	RET
diff --git a/vendor/github.com/minio/crc64nvme/crc64_arm64.go b/vendor/github.com/minio/crc64nvme/crc64_arm64.go
new file mode 100644
index 000000000..c77c819ce
--- /dev/null
+++ b/vendor/github.com/minio/crc64nvme/crc64_arm64.go
@@ -0,0 +1,15 @@
+// Copyright (c) 2025 Minio Inc. All rights reserved.
+// Use of this source code is governed by a license that can be
+// found in the LICENSE file.
+
+//go:build !noasm && !appengine && !gccgo
+
+package crc64nvme
+
+import (
+	"github.com/klauspost/cpuid/v2"
+)
+
+var hasAsm = cpuid.CPU.Supports(cpuid.ASIMD) && cpuid.CPU.Supports(cpuid.PMULL)
+
+func updateAsm(crc uint64, p []byte) (checksum uint64)
diff --git a/vendor/github.com/minio/crc64nvme/crc64_arm64.s b/vendor/github.com/minio/crc64nvme/crc64_arm64.s
new file mode 100644
index 000000000..229a10fb7
--- /dev/null
+++ b/vendor/github.com/minio/crc64nvme/crc64_arm64.s
@@ -0,0 +1,157 @@
+// Copyright (c) 2025 Minio Inc. All rights reserved.
+// Use of this source code is governed by a license that can be
+// found in the LICENSE file.
+
+//go:build !noasm && !appengine && !gccgo
+
+#include "textflag.h"
+
+TEXT ·updateAsm(SB), $0-40
+	MOVD crc+0(FP), R0    // checksum
+	MOVD p_base+8(FP), R1 // start pointer
+	MOVD p_len+16(FP), R2 // length of buffer
+	MOVD  $·const(SB), R3 // constants
+	MVN  R0, R0
+	LSR  $7, R2, R2
+	CMP  $1, R2
+	BLT  skip128
+
+	FLDPQ (R1), (F0, F1)
+	FLDPQ 32(R1), (F2, F3)
+	FLDPQ 64(R1), (F4, F5)
+	FLDPQ 96(R1), (F6, F7)
+	FMOVD R0, F8
+	VMOVI $0, V9.B16
+	VMOV  V9.D[0], V8.D[1]
+	VEOR  V8.B16, V0.B16, V0.B16
+	CMP   $1, R2
+	BEQ   tail128
+
+	MOVD  112(R3), R4
+	MOVD  120(R3), R5
+	FMOVD R4, F8
+	VDUP  R5, V9.D2
+
+loop128:
+	ADD     $128, R1, R1
+	SUB     $1, R2, R2
+	VPMULL  V0.D1, V8.D1, V10.Q1
+	VPMULL2 V0.D2, V9.D2, V0.Q1
+	FLDPQ   (R1), (F11, F12)
+	VEOR3   V0.B16, V11.B16, V10.B16, V0.B16
+	VPMULL  V1.D1, V8.D1, V10.Q1
+	VPMULL2 V1.D2, V9.D2, V1.Q1
+	VEOR3   V1.B16, V12.B16, V10.B16, V1.B16
+	VPMULL  V2.D1, V8.D1, V10.Q1
+	VPMULL2 V2.D2, V9.D2, V2.Q1
+	FLDPQ   32(R1), (F11, F12)
+	VEOR3   V2.B16, V11.B16, V10.B16, V2.B16
+	VPMULL  V3.D1, V8.D1, V10.Q1
+	VPMULL2 V3.D2, V9.D2, V3.Q1
+	VEOR3   V3.B16, V12.B16, V10.B16, V3.B16
+	VPMULL  V4.D1, V8.D1, V10.Q1
+	VPMULL2 V4.D2, V9.D2, V4.Q1
+	FLDPQ   64(R1), (F11, F12)
+	VEOR3   V4.B16, V11.B16, V10.B16, V4.B16
+	VPMULL  V5.D1, V8.D1, V10.Q1
+	VPMULL2 V5.D2, V9.D2, V5.Q1
+	VEOR3   V5.B16, V12.B16, V10.B16, V5.B16
+	VPMULL  V6.D1, V8.D1, V10.Q1
+	VPMULL2 V6.D2, V9.D2, V6.Q1
+	FLDPQ   96(R1), (F11, F12)
+	VEOR3   V6.B16, V11.B16, V10.B16, V6.B16
+	VPMULL  V7.D1, V8.D1, V10.Q1
+	VPMULL2 V7.D2, V9.D2, V7.Q1
+	VEOR3   V7.B16, V12.B16, V10.B16, V7.B16
+	CMP     $1, R2
+	BHI     loop128
+
+tail128:
+	MOVD    (R3), R4
+	FMOVD   R4, F11
+	VPMULL  V0.D1, V11.D1, V11.Q1
+	MOVD    8(R3), R4
+	VDUP    R4, V12.D2
+	VPMULL2 V0.D2, V12.D2, V0.Q1
+	VEOR3   V0.B16, V7.B16, V11.B16, V7.B16
+	MOVD    16(R3), R4
+	FMOVD   R4, F11
+	VPMULL  V1.D1, V11.D1, V11.Q1
+	MOVD    24(R3), R4
+	VDUP    R4, V12.D2
+	VPMULL2 V1.D2, V12.D2, V1.Q1
+	VEOR3   V1.B16, V11.B16, V7.B16, V1.B16
+	MOVD    32(R3), R4
+	FMOVD   R4, F11
+	VPMULL  V2.D1, V11.D1, V11.Q1
+	MOVD    40(R3), R4
+	VDUP    R4, V12.D2
+	VPMULL2 V2.D2, V12.D2, V2.Q1
+	VEOR3   V2.B16, V11.B16, V1.B16, V2.B16
+	MOVD    48(R3), R4
+	FMOVD   R4, F11
+	VPMULL  V3.D1, V11.D1, V11.Q1
+	MOVD    56(R3), R4
+	VDUP    R4, V12.D2
+	VPMULL2 V3.D2, V12.D2, V3.Q1
+	VEOR3   V3.B16, V11.B16, V2.B16, V3.B16
+	MOVD    64(R3), R4
+	FMOVD   R4, F11
+	VPMULL  V4.D1, V11.D1, V11.Q1
+	MOVD    72(R3), R4
+	VDUP    R4, V12.D2
+	VPMULL2 V4.D2, V12.D2, V4.Q1
+	VEOR3   V4.B16, V11.B16, V3.B16, V4.B16
+	MOVD    80(R3), R4
+	FMOVD   R4, F11
+	VPMULL  V5.D1, V11.D1, V11.Q1
+	MOVD    88(R3), R4
+	VDUP    R4, V12.D2
+	VPMULL2 V5.D2, V12.D2, V5.Q1
+	VEOR3   V5.B16, V11.B16, V4.B16, V5.B16
+	MOVD    96(R3), R4
+	FMOVD   R4, F11
+	VPMULL  V6.D1, V11.D1, V11.Q1
+	MOVD    104(R3), R4
+	VDUP    R4, V12.D2
+	VPMULL2 V6.D2, V12.D2, V6.Q1
+	VEOR3   V6.B16, V11.B16, V5.B16, V6.B16
+	FMOVD   R4, F5
+	VPMULL  V6.D1, V5.D1, V5.Q1
+	VDUP    V6.D[1], V6.D2
+	VEOR    V5.B8, V6.B8, V6.B8
+	MOVD    128(R3), R4
+	FMOVD   R4, F4
+	VPMULL  V4.D1, V6.D1, V6.Q1
+	FMOVD   F6, R4
+	MOVD    136(R3), R5
+	FMOVD   R5, F4
+	VPMULL  V4.D1, V6.D1, V6.Q1
+	VEOR    V6.B16, V5.B16, V6.B16
+	VMOV    V6.D[1], R5
+	EOR     R4, R5, R0
+
+skip128:
+	MVN  R0, R0
+	MOVD R0, checksum+32(FP)
+	RET
+
+DATA ·const+0x000(SB)/8, $0xd083dd594d96319d // K_959
+DATA ·const+0x008(SB)/8, $0x946588403d4adcbc // K_895
+DATA ·const+0x010(SB)/8, $0x3c255f5ebc414423 // K_831
+DATA ·const+0x018(SB)/8, $0x34f5a24e22d66e90 // K_767
+DATA ·const+0x020(SB)/8, $0x7b0ab10dd0f809fe // K_703
+DATA ·const+0x028(SB)/8, $0x03363823e6e791e5 // K_639
+DATA ·const+0x030(SB)/8, $0x0c32cdb31e18a84a // K_575
+DATA ·const+0x038(SB)/8, $0x62242240ace5045a // K_511
+DATA ·const+0x040(SB)/8, $0xbdd7ac0ee1a4a0f0 // K_447
+DATA ·const+0x048(SB)/8, $0xa3ffdc1fe8e82a8b // K_383
+DATA ·const+0x050(SB)/8, $0xb0bc2e589204f500 // K_319
+DATA ·const+0x058(SB)/8, $0xe1e0bb9d45d7a44c // K_255
+DATA ·const+0x060(SB)/8, $0xeadc41fd2ba3d420 // K_191
+DATA ·const+0x068(SB)/8, $0x21e9761e252621ac // K_127
+DATA ·const+0x070(SB)/8, $0xa1ca681e733f9c40 // K_1087
+DATA ·const+0x078(SB)/8, $0x5f852fb61e8d92dc // K_1023
+DATA ·const+0x080(SB)/8, $0x27ecfa329aef9f77 // MU
+DATA ·const+0x088(SB)/8, $0x34d926535897936b // POLY
+GLOBL ·const(SB), (NOPTR+RODATA), $144
diff --git a/vendor/github.com/minio/crc64nvme/crc64_other.go b/vendor/github.com/minio/crc64nvme/crc64_other.go
new file mode 100644
index 000000000..467958c69
--- /dev/null
+++ b/vendor/github.com/minio/crc64nvme/crc64_other.go
@@ -0,0 +1,11 @@
+// Copyright (c) 2025 Minio Inc. All rights reserved.
+// Use of this source code is governed by a license that can be
+// found in the LICENSE file.
+
+//go:build (!amd64 || noasm || appengine || gccgo) && (!arm64 || noasm || appengine || gccgo)
+
+package crc64nvme
+
+var hasAsm = false
+
+func updateAsm(crc uint64, p []byte) (checksum uint64) { panic("should not be reached") }
diff --git a/vendor/github.com/minio/minio-go/v7/.golangci.yml b/vendor/github.com/minio/minio-go/v7/.golangci.yml
index 875b949c6..88442e0cf 100644
--- a/vendor/github.com/minio/minio-go/v7/.golangci.yml
+++ b/vendor/github.com/minio/minio-go/v7/.golangci.yml
@@ -1,27 +1,72 @@
-linters-settings:
-  misspell:
-    locale: US
-
+version: "2"
 linters:
   disable-all: true
   enable:
-    - typecheck
-    - goimports
-    - misspell
-    - revive
+    - durationcheck
+    - gocritic
+    - gomodguard
     - govet
     - ineffassign
-    - gosimple
+    - misspell
+    - revive
+    - staticcheck
+    - unconvert
     - unused
-    - gocritic
-
+    - usetesting
+    - whitespace
+  settings:
+    misspell:
+      locale: US
+    staticcheck:
+      checks:
+        - all
+        - -SA1008
+        - -SA1019
+        - -SA4000
+        - -SA9004
+        - -ST1000
+        - -ST1005
+        - -ST1016
+        - -ST1021
+        - -ST1020
+        - -U1000
+  exclusions:
+    generated: lax
+    rules:
+      - path: (.+)\.go$
+        text: "empty-block:"
+      - path: (.+)\.go$
+        text: "unused-parameter:"
+      - path: (.+)\.go$
+        text: "dot-imports:"
+      - path: (.+)\.go$
+        text: "singleCaseSwitch: should rewrite switch statement to if statement"
+      - path: (.+)\.go$
+        text: "unlambda: replace"
+      - path: (.+)\.go$
+        text: "captLocal:"
+      - path: (.+)\.go$
+        text: "should have a package comment"
+      - path: (.+)\.go$
+        text: "ifElseChain:"
+      - path: (.+)\.go$
+        text: "elseif:"
+      - path: (.+)\.go$
+        text: "Error return value of"
+      - path: (.+)\.go$
+        text: "unnecessary conversion"
+      - path: (.+)\.go$
+        text: "Error return value is not checked"
 issues:
-  exclude-use-default: false
-  exclude:
-      # todo fix these when we get enough time.
-      - "singleCaseSwitch: should rewrite switch statement to if statement"
-      - "unlambda: replace"
-      - "captLocal:"
-      - "ifElseChain:"
-      - "elseif:"
-      - "should have a package comment"
+  max-issues-per-linter: 100
+  max-same-issues: 100
+formatters:
+  enable:
+    - gofumpt
+    - goimports
+  exclusions:
+    generated: lax
+    paths:
+      - third_party$
+      - builtin$
+      - examples$
diff --git a/vendor/github.com/minio/minio-go/v7/api-bucket-notification.go b/vendor/github.com/minio/minio-go/v7/api-bucket-notification.go
index ad8eada4a..33811b98f 100644
--- a/vendor/github.com/minio/minio-go/v7/api-bucket-notification.go
+++ b/vendor/github.com/minio/minio-go/v7/api-bucket-notification.go
@@ -251,7 +251,6 @@ func (c *Client) ListenBucketNotification(ctx context.Context, bucketName, prefi
 
 			// Close current connection before looping further.
 			closeResponse(resp)
-
 		}
 	}(notificationInfoCh)
 
diff --git a/vendor/github.com/minio/minio-go/v7/api-bucket-versioning.go b/vendor/github.com/minio/minio-go/v7/api-bucket-versioning.go
index 8c84e4f27..045e3c38e 100644
--- a/vendor/github.com/minio/minio-go/v7/api-bucket-versioning.go
+++ b/vendor/github.com/minio/minio-go/v7/api-bucket-versioning.go
@@ -90,6 +90,7 @@ type BucketVersioningConfiguration struct {
 	// Requires versioning to be enabled
 	ExcludedPrefixes []ExcludedPrefix `xml:",omitempty"`
 	ExcludeFolders   bool             `xml:",omitempty"`
+	PurgeOnDelete    string           `xml:",omitempty"`
 }
 
 // Various supported states
diff --git a/vendor/github.com/minio/minio-go/v7/api-compose-object.go b/vendor/github.com/minio/minio-go/v7/api-compose-object.go
index bb595626e..2574c135a 100644
--- a/vendor/github.com/minio/minio-go/v7/api-compose-object.go
+++ b/vendor/github.com/minio/minio-go/v7/api-compose-object.go
@@ -30,6 +30,7 @@ import (
 	"github.com/google/uuid"
 	"github.com/minio/minio-go/v7/pkg/encrypt"
 	"github.com/minio/minio-go/v7/pkg/s3utils"
+	"github.com/minio/minio-go/v7/pkg/tags"
 )
 
 // CopyDestOptions represents options specified by user for CopyObject/ComposeObject APIs
@@ -98,8 +99,8 @@ func (opts CopyDestOptions) Marshal(header http.Header) {
 	const replaceDirective = "REPLACE"
 	if opts.ReplaceTags {
 		header.Set(amzTaggingHeaderDirective, replaceDirective)
-		if tags := s3utils.TagEncode(opts.UserTags); tags != "" {
-			header.Set(amzTaggingHeader, tags)
+		if tags, _ := tags.NewTags(opts.UserTags, true); tags != nil {
+			header.Set(amzTaggingHeader, tags.String())
 		}
 	}
 
@@ -236,7 +237,9 @@ func (c *Client) copyObjectDo(ctx context.Context, srcBucket, srcObject, destBuc
 	}
 
 	if len(dstOpts.UserTags) != 0 {
-		headers.Set(amzTaggingHeader, s3utils.TagEncode(dstOpts.UserTags))
+		if tags, _ := tags.NewTags(dstOpts.UserTags, true); tags != nil {
+			headers.Set(amzTaggingHeader, tags.String())
+		}
 	}
 
 	reqMetadata := requestMetadata{
diff --git a/vendor/github.com/minio/minio-go/v7/api-datatypes.go b/vendor/github.com/minio/minio-go/v7/api-datatypes.go
index 8a8fd8898..2118c7c77 100644
--- a/vendor/github.com/minio/minio-go/v7/api-datatypes.go
+++ b/vendor/github.com/minio/minio-go/v7/api-datatypes.go
@@ -212,6 +212,8 @@ type ObjectInfo struct {
 	// not to be confused with `Expires` HTTP header.
 	Expiration       time.Time
 	ExpirationRuleID string
+	// NumVersions is the number of versions of the object.
+	NumVersions int
 
 	Restore *RestoreInfo
 
diff --git a/vendor/github.com/minio/minio-go/v7/api-get-object-acl.go b/vendor/github.com/minio/minio-go/v7/api-get-object-acl.go
index 9041d99e9..5864f0260 100644
--- a/vendor/github.com/minio/minio-go/v7/api-get-object-acl.go
+++ b/vendor/github.com/minio/minio-go/v7/api-get-object-acl.go
@@ -135,16 +135,16 @@ func getAmzGrantACL(aCPolicy *accessControlPolicy) map[string][]string {
 	res := map[string][]string{}
 
 	for _, g := range grants {
-		switch {
-		case g.Permission == "READ":
+		switch g.Permission {
+		case "READ":
 			res["X-Amz-Grant-Read"] = append(res["X-Amz-Grant-Read"], "id="+g.Grantee.ID)
-		case g.Permission == "WRITE":
+		case "WRITE":
 			res["X-Amz-Grant-Write"] = append(res["X-Amz-Grant-Write"], "id="+g.Grantee.ID)
-		case g.Permission == "READ_ACP":
+		case "READ_ACP":
 			res["X-Amz-Grant-Read-Acp"] = append(res["X-Amz-Grant-Read-Acp"], "id="+g.Grantee.ID)
-		case g.Permission == "WRITE_ACP":
+		case "WRITE_ACP":
 			res["X-Amz-Grant-Write-Acp"] = append(res["X-Amz-Grant-Write-Acp"], "id="+g.Grantee.ID)
-		case g.Permission == "FULL_CONTROL":
+		case "FULL_CONTROL":
 			res["X-Amz-Grant-Full-Control"] = append(res["X-Amz-Grant-Full-Control"], "id="+g.Grantee.ID)
 		}
 	}
diff --git a/vendor/github.com/minio/minio-go/v7/api-list.go b/vendor/github.com/minio/minio-go/v7/api-list.go
index 31b6edf2e..26d35c4c2 100644
--- a/vendor/github.com/minio/minio-go/v7/api-list.go
+++ b/vendor/github.com/minio/minio-go/v7/api-list.go
@@ -22,6 +22,7 @@ import (
 	"fmt"
 	"net/http"
 	"net/url"
+	"slices"
 	"time"
 
 	"github.com/minio/minio-go/v7/pkg/s3utils"
@@ -421,20 +422,17 @@ func (c *Client) listObjectVersions(ctx context.Context, bucketName string, opts
 		var (
 			keyMarker       = ""
 			versionIDMarker = ""
+			preName         = ""
+			preKey          = ""
+			perVersions     []Version
+			numVersions     int
 		)
-
-		for {
-			// Get list of objects a maximum of 1000 per request.
-			result, err := c.listObjectVersionsQuery(ctx, bucketName, opts, keyMarker, versionIDMarker, delimiter)
-			if err != nil {
-				sendObjectInfo(ObjectInfo{
-					Err: err,
-				})
-				return
+		send := func(vers []Version) {
+			if opts.WithVersions && opts.ReverseVersions {
+				slices.Reverse(vers)
+				numVersions = len(vers)
 			}
-
-			// If contents are available loop through and send over channel.
-			for _, version := range result.Versions {
+			for _, version := range vers {
 				info := ObjectInfo{
 					ETag:           trimEtag(version.ETag),
 					Key:            version.Key,
@@ -448,6 +446,7 @@ func (c *Client) listObjectVersions(ctx context.Context, bucketName string, opts
 					UserTags:       version.UserTags,
 					UserMetadata:   version.UserMetadata,
 					Internal:       version.Internal,
+					NumVersions:    numVersions,
 				}
 				select {
 				// Send object version info.
@@ -457,6 +456,38 @@ func (c *Client) listObjectVersions(ctx context.Context, bucketName string, opts
 					return
 				}
 			}
+		}
+		for {
+			// Get list of objects a maximum of 1000 per request.
+			result, err := c.listObjectVersionsQuery(ctx, bucketName, opts, keyMarker, versionIDMarker, delimiter)
+			if err != nil {
+				sendObjectInfo(ObjectInfo{
+					Err: err,
+				})
+				return
+			}
+			if opts.WithVersions && opts.ReverseVersions {
+				for _, version := range result.Versions {
+					if preName == "" {
+						preName = result.Name
+						preKey = version.Key
+					}
+					if result.Name == preName && preKey == version.Key {
+						// If the current name is same as previous name,
+						// we need to append the version to the previous version.
+						perVersions = append(perVersions, version)
+						continue
+					}
+					// Send the file versions.
+					send(perVersions)
+					perVersions = perVersions[:0]
+					perVersions = append(perVersions, version)
+					preName = result.Name
+					preKey = version.Key
+				}
+			} else {
+				send(result.Versions)
+			}
 
 			// Send all common prefixes if any.
 			// NOTE: prefixes are only present if the request is delimited.
@@ -480,8 +511,17 @@ func (c *Client) listObjectVersions(ctx context.Context, bucketName string, opts
 				versionIDMarker = result.NextVersionIDMarker
 			}
 
+			// If context is canceled, return here.
+			if contextCanceled(ctx) {
+				return
+			}
+
 			// Listing ends result is not truncated, return right here.
 			if !result.IsTruncated {
+				// sent the lasted file with versions
+				if opts.ReverseVersions && len(perVersions) > 0 {
+					send(perVersions)
+				}
 				return
 			}
 		}
@@ -683,6 +723,8 @@ func (c *Client) listObjectsQuery(ctx context.Context, bucketName, objectPrefix,
 
 // ListObjectsOptions holds all options of a list object request
 type ListObjectsOptions struct {
+	// ReverseVersions - reverse the order of the object versions
+	ReverseVersions bool
 	// Include objects versions in the listing
 	WithVersions bool
 	// Include objects metadata in the listing
diff --git a/vendor/github.com/minio/minio-go/v7/api-put-object-streaming.go b/vendor/github.com/minio/minio-go/v7/api-put-object-streaming.go
index 3ff3b69ef..82c0ae9e4 100644
--- a/vendor/github.com/minio/minio-go/v7/api-put-object-streaming.go
+++ b/vendor/github.com/minio/minio-go/v7/api-put-object-streaming.go
@@ -350,7 +350,6 @@ func (c *Client) putObjectMultipartStreamOptionalChecksum(ctx context.Context, b
 	// Part number always starts with '1'.
 	var partNumber int
 	for partNumber = 1; partNumber <= totalPartsCount; partNumber++ {
-
 		// Proceed to upload the part.
 		if partNumber == totalPartsCount {
 			partSize = lastPartSize
diff --git a/vendor/github.com/minio/minio-go/v7/api-put-object.go b/vendor/github.com/minio/minio-go/v7/api-put-object.go
index 098175784..ce4834790 100644
--- a/vendor/github.com/minio/minio-go/v7/api-put-object.go
+++ b/vendor/github.com/minio/minio-go/v7/api-put-object.go
@@ -30,6 +30,7 @@ import (
 
 	"github.com/minio/minio-go/v7/pkg/encrypt"
 	"github.com/minio/minio-go/v7/pkg/s3utils"
+	"github.com/minio/minio-go/v7/pkg/tags"
 	"golang.org/x/net/http/httpguts"
 )
 
@@ -229,7 +230,9 @@ func (opts PutObjectOptions) Header() (header http.Header) {
 	}
 
 	if len(opts.UserTags) != 0 {
-		header.Set(amzTaggingHeader, s3utils.TagEncode(opts.UserTags))
+		if tags, _ := tags.NewTags(opts.UserTags, true); tags != nil {
+			header.Set(amzTaggingHeader, tags.String())
+		}
 	}
 
 	for k, v := range opts.UserMetadata {
diff --git a/vendor/github.com/minio/minio-go/v7/api-remove.go b/vendor/github.com/minio/minio-go/v7/api-remove.go
index 523431351..5b4443ec5 100644
--- a/vendor/github.com/minio/minio-go/v7/api-remove.go
+++ b/vendor/github.com/minio/minio-go/v7/api-remove.go
@@ -392,10 +392,7 @@ func (c *Client) removeObjects(ctx context.Context, bucketName string, objectsCh
 	defer close(resultCh)
 
 	// Loop over entries by 1000 and call MultiDelete requests
-	for {
-		if finish {
-			break
-		}
+	for !finish {
 		count := 0
 		var batch []ObjectInfo
 
diff --git a/vendor/github.com/minio/minio-go/v7/api-s3-datatypes.go b/vendor/github.com/minio/minio-go/v7/api-s3-datatypes.go
index 5e015fb82..08a5a7b6e 100644
--- a/vendor/github.com/minio/minio-go/v7/api-s3-datatypes.go
+++ b/vendor/github.com/minio/minio-go/v7/api-s3-datatypes.go
@@ -194,7 +194,6 @@ func (l *ListVersionsResult) UnmarshalXML(d *xml.Decoder, _ xml.StartElement) (e
 			default:
 				return errors.New("unrecognized option:" + tagName)
 			}
-
 		}
 	}
 	return nil
diff --git a/vendor/github.com/minio/minio-go/v7/api-select.go b/vendor/github.com/minio/minio-go/v7/api-select.go
index 628d967ff..4fb4db9ba 100644
--- a/vendor/github.com/minio/minio-go/v7/api-select.go
+++ b/vendor/github.com/minio/minio-go/v7/api-select.go
@@ -609,7 +609,6 @@ func (s *SelectResults) start(pipeWriter *io.PipeWriter) {
 				closeResponse(s.resp)
 				return
 			}
-
 		}
 	}()
 }
@@ -669,7 +668,6 @@ func extractHeader(body io.Reader, myHeaders http.Header) error {
 		}
 
 		myHeaders.Set(headerTypeName, headerValueName)
-
 	}
 	return nil
 }
diff --git a/vendor/github.com/minio/minio-go/v7/api.go b/vendor/github.com/minio/minio-go/v7/api.go
index ff9f69118..b64f57615 100644
--- a/vendor/github.com/minio/minio-go/v7/api.go
+++ b/vendor/github.com/minio/minio-go/v7/api.go
@@ -155,7 +155,7 @@ type Options struct {
 // Global constants.
 const (
 	libraryName    = "minio-go"
-	libraryVersion = "v7.0.85"
+	libraryVersion = "v7.0.89"
 )
 
 // User Agent should always following the below style.
@@ -598,7 +598,7 @@ func (c *Client) do(req *http.Request) (resp *http.Response, err error) {
 
 	// If trace is enabled, dump http request and response,
 	// except when the traceErrorsOnly enabled and the response's status code is ok
-	if c.isTraceEnabled && !(c.traceErrorsOnly && resp.StatusCode == http.StatusOK) {
+	if c.isTraceEnabled && (!c.traceErrorsOnly || resp.StatusCode != http.StatusOK) {
 		err = c.dumpHTTP(req, resp)
 		if err != nil {
 			return nil, err
diff --git a/vendor/github.com/minio/minio-go/v7/checksum.go b/vendor/github.com/minio/minio-go/v7/checksum.go
index 8e4c27ce4..c7456cda2 100644
--- a/vendor/github.com/minio/minio-go/v7/checksum.go
+++ b/vendor/github.com/minio/minio-go/v7/checksum.go
@@ -30,6 +30,8 @@ import (
 	"math/bits"
 	"net/http"
 	"sort"
+
+	"github.com/minio/crc64nvme"
 )
 
 // ChecksumType contains information about the checksum type.
@@ -152,9 +154,6 @@ func (c ChecksumType) RawByteLen() int {
 
 const crc64NVMEPolynomial = 0xad93d23594c93659
 
-// crc64 uses reversed polynomials.
-var crc64Table = crc64.MakeTable(bits.Reverse64(crc64NVMEPolynomial))
-
 // Hasher returns a hasher corresponding to the checksum type.
 // Returns nil if no checksum.
 func (c ChecksumType) Hasher() hash.Hash {
@@ -168,7 +167,7 @@ func (c ChecksumType) Hasher() hash.Hash {
 	case ChecksumSHA256:
 		return sha256.New()
 	case ChecksumCRC64NVME:
-		return crc64.New(crc64Table)
+		return crc64nvme.New()
 	}
 	return nil
 }
diff --git a/vendor/github.com/minio/minio-go/v7/pkg/credentials/assume_role.go b/vendor/github.com/minio/minio-go/v7/pkg/credentials/assume_role.go
index cd0a641bd..415b07095 100644
--- a/vendor/github.com/minio/minio-go/v7/pkg/credentials/assume_role.go
+++ b/vendor/github.com/minio/minio-go/v7/pkg/credentials/assume_role.go
@@ -104,6 +104,8 @@ type STSAssumeRoleOptions struct {
 	RoleARN         string
 	RoleSessionName string
 	ExternalID      string
+
+	TokenRevokeType string // Optional, used for token revokation (MinIO only extension)
 }
 
 // NewSTSAssumeRole returns a pointer to a new
@@ -161,6 +163,9 @@ func getAssumeRoleCredentials(clnt *http.Client, endpoint string, opts STSAssume
 	if opts.ExternalID != "" {
 		v.Set("ExternalId", opts.ExternalID)
 	}
+	if opts.TokenRevokeType != "" {
+		v.Set("TokenRevokeType", opts.TokenRevokeType)
+	}
 
 	u, err := url.Parse(endpoint)
 	if err != nil {
diff --git a/vendor/github.com/minio/minio-go/v7/pkg/credentials/sts_custom_identity.go b/vendor/github.com/minio/minio-go/v7/pkg/credentials/sts_custom_identity.go
index 0021f9315..162f460ee 100644
--- a/vendor/github.com/minio/minio-go/v7/pkg/credentials/sts_custom_identity.go
+++ b/vendor/github.com/minio/minio-go/v7/pkg/credentials/sts_custom_identity.go
@@ -69,6 +69,9 @@ type CustomTokenIdentity struct {
 	// RequestedExpiry is to set the validity of the generated credentials
 	// (this value bounded by server).
 	RequestedExpiry time.Duration
+
+	// Optional, used for token revokation
+	TokenRevokeType string
 }
 
 // RetrieveWithCredContext with Retrieve optionally cred context
@@ -98,6 +101,9 @@ func (c *CustomTokenIdentity) RetrieveWithCredContext(cc *CredContext) (value Va
 	if c.RequestedExpiry != 0 {
 		v.Set("DurationSeconds", fmt.Sprintf("%d", int(c.RequestedExpiry.Seconds())))
 	}
+	if c.TokenRevokeType != "" {
+		v.Set("TokenRevokeType", c.TokenRevokeType)
+	}
 
 	u.RawQuery = v.Encode()
 
diff --git a/vendor/github.com/minio/minio-go/v7/pkg/credentials/sts_ldap_identity.go b/vendor/github.com/minio/minio-go/v7/pkg/credentials/sts_ldap_identity.go
index e63997e6e..31fe10ae0 100644
--- a/vendor/github.com/minio/minio-go/v7/pkg/credentials/sts_ldap_identity.go
+++ b/vendor/github.com/minio/minio-go/v7/pkg/credentials/sts_ldap_identity.go
@@ -73,6 +73,9 @@ type LDAPIdentity struct {
 	// RequestedExpiry is the configured expiry duration for credentials
 	// requested from LDAP.
 	RequestedExpiry time.Duration
+
+	// Optional, used for token revokation
+	TokenRevokeType string
 }
 
 // NewLDAPIdentity returns new credentials object that uses LDAP
@@ -152,6 +155,9 @@ func (k *LDAPIdentity) RetrieveWithCredContext(cc *CredContext) (value Value, er
 	if k.RequestedExpiry != 0 {
 		v.Set("DurationSeconds", fmt.Sprintf("%d", int(k.RequestedExpiry.Seconds())))
 	}
+	if k.TokenRevokeType != "" {
+		v.Set("TokenRevokeType", k.TokenRevokeType)
+	}
 
 	req, err := http.NewRequest(http.MethodPost, u.String(), strings.NewReader(v.Encode()))
 	if err != nil {
diff --git a/vendor/github.com/minio/minio-go/v7/pkg/credentials/sts_tls_identity.go b/vendor/github.com/minio/minio-go/v7/pkg/credentials/sts_tls_identity.go
index c904bbeac..2a35a51a4 100644
--- a/vendor/github.com/minio/minio-go/v7/pkg/credentials/sts_tls_identity.go
+++ b/vendor/github.com/minio/minio-go/v7/pkg/credentials/sts_tls_identity.go
@@ -80,6 +80,9 @@ type STSCertificateIdentity struct {
 	// Certificate is the client certificate that is used for
 	// STS authentication.
 	Certificate tls.Certificate
+
+	// Optional, used for token revokation
+	TokenRevokeType string
 }
 
 // NewSTSCertificateIdentity returns a STSCertificateIdentity that authenticates
@@ -122,6 +125,9 @@ func (i *STSCertificateIdentity) RetrieveWithCredContext(cc *CredContext) (Value
 	queryValues := url.Values{}
 	queryValues.Set("Action", "AssumeRoleWithCertificate")
 	queryValues.Set("Version", STSVersion)
+	if i.TokenRevokeType != "" {
+		queryValues.Set("TokenRevokeType", i.TokenRevokeType)
+	}
 	endpointURL.RawQuery = queryValues.Encode()
 
 	req, err := http.NewRequest(http.MethodPost, endpointURL.String(), nil)
diff --git a/vendor/github.com/minio/minio-go/v7/pkg/credentials/sts_web_identity.go b/vendor/github.com/minio/minio-go/v7/pkg/credentials/sts_web_identity.go
index 235258893..a9987255e 100644
--- a/vendor/github.com/minio/minio-go/v7/pkg/credentials/sts_web_identity.go
+++ b/vendor/github.com/minio/minio-go/v7/pkg/credentials/sts_web_identity.go
@@ -93,6 +93,9 @@ type STSWebIdentity struct {
 
 	// roleSessionName is the identifier for the assumed role session.
 	roleSessionName string
+
+	// Optional, used for token revokation
+	TokenRevokeType string
 }
 
 // NewSTSWebIdentity returns a pointer to a new
@@ -135,7 +138,7 @@ func WithPolicy(policy string) func(*STSWebIdentity) {
 }
 
 func getWebIdentityCredentials(clnt *http.Client, endpoint, roleARN, roleSessionName string, policy string,
-	getWebIDTokenExpiry func() (*WebIdentityToken, error),
+	getWebIDTokenExpiry func() (*WebIdentityToken, error), tokenRevokeType string,
 ) (AssumeRoleWithWebIdentityResponse, error) {
 	idToken, err := getWebIDTokenExpiry()
 	if err != nil {
@@ -168,6 +171,9 @@ func getWebIdentityCredentials(clnt *http.Client, endpoint, roleARN, roleSession
 		v.Set("Policy", policy)
 	}
 	v.Set("Version", STSVersion)
+	if tokenRevokeType != "" {
+		v.Set("TokenRevokeType", tokenRevokeType)
+	}
 
 	u, err := url.Parse(endpoint)
 	if err != nil {
@@ -236,7 +242,7 @@ func (m *STSWebIdentity) RetrieveWithCredContext(cc *CredContext) (Value, error)
 		return Value{}, errors.New("STS endpoint unknown")
 	}
 
-	a, err := getWebIdentityCredentials(client, stsEndpoint, m.RoleARN, m.roleSessionName, m.Policy, m.GetWebIDTokenExpiry)
+	a, err := getWebIdentityCredentials(client, stsEndpoint, m.RoleARN, m.roleSessionName, m.Policy, m.GetWebIDTokenExpiry, m.TokenRevokeType)
 	if err != nil {
 		return Value{}, err
 	}
diff --git a/vendor/github.com/minio/minio-go/v7/pkg/lifecycle/lifecycle.go b/vendor/github.com/minio/minio-go/v7/pkg/lifecycle/lifecycle.go
index 344af2b78..7ed98b0d1 100644
--- a/vendor/github.com/minio/minio-go/v7/pkg/lifecycle/lifecycle.go
+++ b/vendor/github.com/minio/minio-go/v7/pkg/lifecycle/lifecycle.go
@@ -192,7 +192,7 @@ func (t Transition) IsDaysNull() bool {
 
 // IsDateNull returns true if date field is null
 func (t Transition) IsDateNull() bool {
-	return t.Date.Time.IsZero()
+	return t.Date.IsZero()
 }
 
 // IsNull returns true if no storage-class is set.
@@ -323,7 +323,7 @@ type ExpirationDate struct {
 // MarshalXML encodes expiration date if it is non-zero and encodes
 // empty string otherwise
 func (eDate ExpirationDate) MarshalXML(e *xml.Encoder, startElement xml.StartElement) error {
-	if eDate.Time.IsZero() {
+	if eDate.IsZero() {
 		return nil
 	}
 	return e.EncodeElement(eDate.Format(time.RFC3339), startElement)
@@ -392,7 +392,7 @@ func (e Expiration) IsDaysNull() bool {
 
 // IsDateNull returns true if date field is null
 func (e Expiration) IsDateNull() bool {
-	return e.Date.Time.IsZero()
+	return e.Date.IsZero()
 }
 
 // IsDeleteMarkerExpirationEnabled returns true if the auto-expiration of delete marker is enabled
diff --git a/vendor/github.com/minio/minio-go/v7/pkg/notification/notification.go b/vendor/github.com/minio/minio-go/v7/pkg/notification/notification.go
index 151ca21e8..31f29bcb1 100644
--- a/vendor/github.com/minio/minio-go/v7/pkg/notification/notification.go
+++ b/vendor/github.com/minio/minio-go/v7/pkg/notification/notification.go
@@ -283,7 +283,6 @@ func (b *Configuration) AddTopic(topicConfig Config) bool {
 	for _, n := range b.TopicConfigs {
 		// If new config matches existing one
 		if n.Topic == newTopicConfig.Arn.String() && newTopicConfig.Filter == n.Filter {
-
 			existingConfig := set.NewStringSet()
 			for _, v := range n.Events {
 				existingConfig.Add(string(v))
@@ -308,7 +307,6 @@ func (b *Configuration) AddQueue(queueConfig Config) bool {
 	newQueueConfig := QueueConfig{Config: queueConfig, Queue: queueConfig.Arn.String()}
 	for _, n := range b.QueueConfigs {
 		if n.Queue == newQueueConfig.Arn.String() && newQueueConfig.Filter == n.Filter {
-
 			existingConfig := set.NewStringSet()
 			for _, v := range n.Events {
 				existingConfig.Add(string(v))
@@ -333,7 +331,6 @@ func (b *Configuration) AddLambda(lambdaConfig Config) bool {
 	newLambdaConfig := LambdaConfig{Config: lambdaConfig, Lambda: lambdaConfig.Arn.String()}
 	for _, n := range b.LambdaConfigs {
 		if n.Lambda == newLambdaConfig.Arn.String() && newLambdaConfig.Filter == n.Filter {
-
 			existingConfig := set.NewStringSet()
 			for _, v := range n.Events {
 				existingConfig.Add(string(v))
@@ -372,7 +369,7 @@ func (b *Configuration) RemoveTopicByArnEventsPrefixSuffix(arn Arn, events []Eve
 	removeIndex := -1
 	for i, v := range b.TopicConfigs {
 		// if it matches events and filters, mark the index for deletion
-		if v.Topic == arn.String() && v.Config.Equal(events, prefix, suffix) {
+		if v.Topic == arn.String() && v.Equal(events, prefix, suffix) {
 			removeIndex = i
 			break // since we have at most one matching config
 		}
@@ -400,7 +397,7 @@ func (b *Configuration) RemoveQueueByArnEventsPrefixSuffix(arn Arn, events []Eve
 	removeIndex := -1
 	for i, v := range b.QueueConfigs {
 		// if it matches events and filters, mark the index for deletion
-		if v.Queue == arn.String() && v.Config.Equal(events, prefix, suffix) {
+		if v.Queue == arn.String() && v.Equal(events, prefix, suffix) {
 			removeIndex = i
 			break // since we have at most one matching config
 		}
@@ -428,7 +425,7 @@ func (b *Configuration) RemoveLambdaByArnEventsPrefixSuffix(arn Arn, events []Ev
 	removeIndex := -1
 	for i, v := range b.LambdaConfigs {
 		// if it matches events and filters, mark the index for deletion
-		if v.Lambda == arn.String() && v.Config.Equal(events, prefix, suffix) {
+		if v.Lambda == arn.String() && v.Equal(events, prefix, suffix) {
 			removeIndex = i
 			break // since we have at most one matching config
 		}
diff --git a/vendor/github.com/minio/minio-go/v7/pkg/replication/replication.go b/vendor/github.com/minio/minio-go/v7/pkg/replication/replication.go
index 65a2f75e9..55636ad48 100644
--- a/vendor/github.com/minio/minio-go/v7/pkg/replication/replication.go
+++ b/vendor/github.com/minio/minio-go/v7/pkg/replication/replication.go
@@ -868,8 +868,20 @@ type ReplQNodeStats struct {
 	XferStats    map[MetricName]XferStats            `json:"transferSummary"`
 	TgtXferStats map[string]map[MetricName]XferStats `json:"tgtTransferStats"`
 
-	QStats   InQueueMetric `json:"queueStats"`
-	MRFStats ReplMRFStats  `json:"mrfStats"`
+	QStats   InQueueMetric  `json:"queueStats"`
+	MRFStats ReplMRFStats   `json:"mrfStats"`
+	Retries  CounterSummary `json:"retries"`
+	Errors   CounterSummary `json:"errors"`
+}
+
+// CounterSummary denotes the stats counter summary
+type CounterSummary struct {
+	// Counted last 1hr
+	Last1hr uint64 `json:"last1hr"`
+	// Counted last 1m
+	Last1m uint64 `json:"last1m"`
+	// Total counted since uptime
+	Total uint64 `json:"total"`
 }
 
 // ReplQueueStats holds stats for replication queue across nodes
@@ -914,8 +926,10 @@ type ReplQStats struct {
 	XferStats    map[MetricName]XferStats            `json:"xferStats"`
 	TgtXferStats map[string]map[MetricName]XferStats `json:"tgtXferStats"`
 
-	QStats   InQueueMetric `json:"qStats"`
-	MRFStats ReplMRFStats  `json:"mrfStats"`
+	QStats   InQueueMetric  `json:"qStats"`
+	MRFStats ReplMRFStats   `json:"mrfStats"`
+	Retries  CounterSummary `json:"retries"`
+	Errors   CounterSummary `json:"errors"`
 }
 
 // QStats returns cluster level stats for objects in replication queue
@@ -958,6 +972,12 @@ func (q ReplQueueStats) QStats() (r ReplQStats) {
 		r.MRFStats.LastFailedCount += node.MRFStats.LastFailedCount
 		r.MRFStats.TotalDroppedCount += node.MRFStats.TotalDroppedCount
 		r.MRFStats.TotalDroppedBytes += node.MRFStats.TotalDroppedBytes
+		r.Retries.Last1hr += node.Retries.Last1hr
+		r.Retries.Last1m += node.Retries.Last1m
+		r.Retries.Total += node.Retries.Total
+		r.Errors.Last1hr += node.Errors.Last1hr
+		r.Errors.Last1m += node.Errors.Last1m
+		r.Errors.Total += node.Errors.Total
 		r.Uptime += node.Uptime
 	}
 	if len(q.Nodes) > 0 {
@@ -968,7 +988,21 @@ func (q ReplQueueStats) QStats() (r ReplQStats) {
 
 // MetricsV2 represents replication metrics for a bucket.
 type MetricsV2 struct {
-	Uptime       int64          `json:"uptime"`
-	CurrentStats Metrics        `json:"currStats"`
-	QueueStats   ReplQueueStats `json:"queueStats"`
+	Uptime       int64                   `json:"uptime"`
+	CurrentStats Metrics                 `json:"currStats"`
+	QueueStats   ReplQueueStats          `json:"queueStats"`
+	DowntimeInfo map[string]DowntimeInfo `json:"downtimeInfo"`
+}
+
+// DowntimeInfo represents the downtime info
+type DowntimeInfo struct {
+	Duration Stat `json:"duration"`
+	Count    Stat `json:"count"`
+}
+
+// Stat represents the aggregates
+type Stat struct {
+	Total int64 `json:"total"`
+	Avg   int64 `json:"avg"`
+	Max   int64 `json:"max"`
 }
diff --git a/vendor/github.com/minio/minio-go/v7/pkg/s3utils/utils.go b/vendor/github.com/minio/minio-go/v7/pkg/s3utils/utils.go
index 80fd029d8..eb631249b 100644
--- a/vendor/github.com/minio/minio-go/v7/pkg/s3utils/utils.go
+++ b/vendor/github.com/minio/minio-go/v7/pkg/s3utils/utils.go
@@ -218,7 +218,7 @@ func IsAmazonPrivateLinkEndpoint(endpointURL url.URL) bool {
 	if endpointURL == sentinelURL {
 		return false
 	}
-	return amazonS3HostPrivateLink.MatchString(endpointURL.Host)
+	return amazonS3HostPrivateLink.MatchString(endpointURL.Hostname())
 }
 
 // IsGoogleEndpoint - Match if it is exactly Google cloud storage endpoint.
@@ -261,44 +261,6 @@ func QueryEncode(v url.Values) string {
 	return buf.String()
 }
 
-// TagDecode - decodes canonical tag into map of key and value.
-func TagDecode(ctag string) map[string]string {
-	if ctag == "" {
-		return map[string]string{}
-	}
-	tags := strings.Split(ctag, "&")
-	tagMap := make(map[string]string, len(tags))
-	var err error
-	for _, tag := range tags {
-		kvs := strings.SplitN(tag, "=", 2)
-		if len(kvs) == 0 {
-			return map[string]string{}
-		}
-		if len(kvs) == 1 {
-			return map[string]string{}
-		}
-		tagMap[kvs[0]], err = url.PathUnescape(kvs[1])
-		if err != nil {
-			continue
-		}
-	}
-	return tagMap
-}
-
-// TagEncode - encodes tag values in their URL encoded form. In
-// addition to the percent encoding performed by urlEncodePath() used
-// here, it also percent encodes '/' (forward slash)
-func TagEncode(tags map[string]string) string {
-	if tags == nil {
-		return ""
-	}
-	values := url.Values{}
-	for k, v := range tags {
-		values[k] = []string{v}
-	}
-	return QueryEncode(values)
-}
-
 // if object matches reserved string, no need to encode them
 var reservedObjectNames = regexp.MustCompile("^[a-zA-Z0-9-_.~/]+$")
 
diff --git a/vendor/github.com/minio/minio-go/v7/pkg/signer/request-signature-streaming-unsigned-trailer.go b/vendor/github.com/minio/minio-go/v7/pkg/signer/request-signature-streaming-unsigned-trailer.go
index 77540e2d8..e18002b8d 100644
--- a/vendor/github.com/minio/minio-go/v7/pkg/signer/request-signature-streaming-unsigned-trailer.go
+++ b/vendor/github.com/minio/minio-go/v7/pkg/signer/request-signature-streaming-unsigned-trailer.go
@@ -212,7 +212,6 @@ func (s *StreamingUSReader) Read(buf []byte) (int, error) {
 				}
 				return 0, err
 			}
-
 		}
 	}
 	return s.buf.Read(buf)
diff --git a/vendor/github.com/minio/minio-go/v7/pkg/signer/request-signature-streaming.go b/vendor/github.com/minio/minio-go/v7/pkg/signer/request-signature-streaming.go
index 1c2f1dc9d..fcd0dfd76 100644
--- a/vendor/github.com/minio/minio-go/v7/pkg/signer/request-signature-streaming.go
+++ b/vendor/github.com/minio/minio-go/v7/pkg/signer/request-signature-streaming.go
@@ -387,7 +387,6 @@ func (s *StreamingReader) Read(buf []byte) (int, error) {
 				}
 				return 0, err
 			}
-
 		}
 	}
 	return s.buf.Read(buf)
diff --git a/vendor/github.com/minio/minio-go/v7/pkg/signer/request-signature-v2.go b/vendor/github.com/minio/minio-go/v7/pkg/signer/request-signature-v2.go
index fa4f8c91e..f65c36c7d 100644
--- a/vendor/github.com/minio/minio-go/v7/pkg/signer/request-signature-v2.go
+++ b/vendor/github.com/minio/minio-go/v7/pkg/signer/request-signature-v2.go
@@ -148,7 +148,7 @@ func SignV2(req http.Request, accessKeyID, secretAccessKey string, virtualHost b
 
 	// Prepare auth header.
 	authHeader := new(bytes.Buffer)
-	authHeader.WriteString(fmt.Sprintf("%s %s:", signV2Algorithm, accessKeyID))
+	fmt.Fprintf(authHeader, "%s %s:", signV2Algorithm, accessKeyID)
 	encoder := base64.NewEncoder(base64.StdEncoding, authHeader)
 	encoder.Write(hm.Sum(nil))
 	encoder.Close()
diff --git a/vendor/github.com/minio/minio-go/v7/pkg/signer/request-signature-v4.go b/vendor/github.com/minio/minio-go/v7/pkg/signer/request-signature-v4.go
index ffd251451..09ece53a0 100644
--- a/vendor/github.com/minio/minio-go/v7/pkg/signer/request-signature-v4.go
+++ b/vendor/github.com/minio/minio-go/v7/pkg/signer/request-signature-v4.go
@@ -128,8 +128,8 @@ func getCanonicalHeaders(req http.Request, ignoredHeaders map[string]bool) strin
 	for _, k := range headers {
 		buf.WriteString(k)
 		buf.WriteByte(':')
-		switch {
-		case k == "host":
+		switch k {
+		case "host":
 			buf.WriteString(getHostAddr(&req))
 			buf.WriteByte('\n')
 		default:
diff --git a/vendor/github.com/minio/minio-go/v7/utils.go b/vendor/github.com/minio/minio-go/v7/utils.go
index cd7d2c27e..027bb6ce3 100644
--- a/vendor/github.com/minio/minio-go/v7/utils.go
+++ b/vendor/github.com/minio/minio-go/v7/utils.go
@@ -41,6 +41,7 @@ import (
 
 	md5simd "github.com/minio/md5-simd"
 	"github.com/minio/minio-go/v7/pkg/s3utils"
+	"github.com/minio/minio-go/v7/pkg/tags"
 )
 
 func trimEtag(etag string) string {
@@ -322,7 +323,13 @@ func ToObjectInfo(bucketName, objectName string, h http.Header) (ObjectInfo, err
 			userMetadata[strings.TrimPrefix(k, "X-Amz-Meta-")] = v[0]
 		}
 	}
-	userTags := s3utils.TagDecode(h.Get(amzTaggingHeader))
+
+	userTags, err := tags.ParseObjectTags(h.Get(amzTaggingHeader))
+	if err != nil {
+		return ObjectInfo{}, ErrorResponse{
+			Code: "InternalError",
+		}
+	}
 
 	var tagCount int
 	if count := h.Get(amzTaggingCount); count != "" {
@@ -373,7 +380,7 @@ func ToObjectInfo(bucketName, objectName string, h http.Header) (ObjectInfo, err
 		// which are not part of object metadata.
 		Metadata:     metadata,
 		UserMetadata: userMetadata,
-		UserTags:     userTags,
+		UserTags:     userTags.ToMap(),
 		UserTagCount: tagCount,
 		Restore:      restore,
 
diff --git a/vendor/modules.txt b/vendor/modules.txt
index 76943afdc..e0ed3d27c 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -628,8 +628,8 @@ github.com/klauspost/compress/internal/snapref
 github.com/klauspost/compress/s2
 github.com/klauspost/compress/zstd
 github.com/klauspost/compress/zstd/internal/xxhash
-# github.com/klauspost/cpuid/v2 v2.2.9
-## explicit; go 1.20
+# github.com/klauspost/cpuid/v2 v2.2.10
+## explicit; go 1.22
 github.com/klauspost/cpuid/v2
 # github.com/kr/pretty v0.3.1
 ## explicit; go 1.12
@@ -656,11 +656,14 @@ github.com/microcosm-cc/bluemonday/css
 # github.com/miekg/dns v1.1.64
 ## explicit; go 1.22.0
 github.com/miekg/dns
+# github.com/minio/crc64nvme v1.0.1
+## explicit; go 1.22
+github.com/minio/crc64nvme
 # github.com/minio/md5-simd v1.1.2
 ## explicit; go 1.14
 github.com/minio/md5-simd
-# github.com/minio/minio-go/v7 v7.0.85
-## explicit; go 1.22
+# github.com/minio/minio-go/v7 v7.0.89
+## explicit; go 1.23.0
 github.com/minio/minio-go/v7
 github.com/minio/minio-go/v7/pkg/cors
 github.com/minio/minio-go/v7/pkg/credentials