Merge branch 'public-single-node' into pmm-6401-read-prometheus-data-files

2024-12-01 14:47:38 +00:00 · 2021-03-02 21:46:03 +02:00 · 2021-03-02 21:46:03 +02:00 · 6197440bb9
commit 6197440bb9
parent 966e9c227a 1252ca44d8
348 changed files with 10407 additions and 810 deletions
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@ -16,7 +16,7 @@ jobs:
      - name: Setup Go
        uses: actions/setup-go@main
        with:
-          go-version: 1.15
+          go-version: 1.16
        id: go
      - name: Dependencies
        run: |
--- a/app/vmagent/README.md
+++ b/app/vmagent/README.md
@ -34,6 +34,7 @@ to `vmagent` (like the ability to push metrics instead of pulling them). We did
  are buffered at `-remoteWrite.tmpDataPath`. The buffered metrics are sent to remote storage as soon as connection
  to remote storage is recovered. The maximum disk usage for the buffer can be limited with `-remoteWrite.maxDiskUsagePerURL`.
 * Uses lower amounts of RAM, CPU, disk IO and network bandwidth compared to Prometheus.
 * Scrape targets can be spread among multiple `vmagent` instances when big number of targets must be scraped. See [these docs](#scraping-big-number-of-targets) for details.
 ## Quick Start
@ -227,6 +228,21 @@ Read more about relabeling in the following articles:
 * [relabel_configs vs metric_relabel_configs](https://www.robustperception.io/relabel_configs-vs-metric_relabel_configs)
 ## Scraping big number of targets
 A single `vmagent` instance can scrape tens of thousands of scrape targets. Sometimes this isn't enough due to limitations on CPU, network, RAM, etc.
 In this case scrape targets can be split among multiple `vmagent` instances (aka `vmagent` clustering).
 Each `vmagent` instance in the cluster must use identical `-promscrape.config` files with distinct `-promscrape.cluster.memberNum` values.
 The flag value must be in the range `0 ... N-1`, where `N` is the number of `vmagent` instances in the cluster.
 The number of `vmagent` instances in the cluster must be passed to `-promscrape.cluster.membersCount` command-line flag. For example, the following commands
 spread scrape targets among a cluster of two `vmagent` instances:
 ```
 /path/to/vmagent -promscrape.cluster.membersCount=2 -promscrape.cluster.memberNum=0 -promscrape.config=/path/to/config.yml ...
 /path/to/vmagent -promscrape.cluster.membersCount=2 -promscrape.cluster.memberNum=1 -promscrape.config=/path/to/config.yml ...
 ```
 ## Monitoring
 `vmagent` exports various metrics in Prometheus exposition format at `http://vmagent-host:8429/metrics` page. It is recommended setting up regular scraping of this page
@ -474,7 +490,7 @@ See the docs at https://victoriametrics.github.io/vmagent.html .
  -loggerOutput string
    	Output for the logs. Supported values: stderr, stdout (default "stderr")
  -loggerTimezone string
-    	Timezone to use for timestamps in logs. Local timezone can be used (default "UTC")
+    	Timezone to use for timestamps in logs. Timezone must be a valid IANA Time Zone. For example: America/New_York, Europe/Berlin, Etc/GMT+3 or Local (default "UTC")
  -loggerWarnsPerSecondLimit int
    	Per-second limit on the number of WARN messages. If more than the given number of warns are emitted per second, then the remaining warns are suppressed. Zero value disables the rate limit
  -maxConcurrentInserts int
@ -502,6 +518,10 @@ See the docs at https://victoriametrics.github.io/vmagent.html .
    	Trim timestamps for OpenTSDB HTTP data to this duration. Minimum practical duration is 1ms. Higher duration (i.e. 1s) may be used for reducing disk space usage for timestamp data (default 1ms)
  -pprofAuthKey string
    	Auth key for /debug/pprof. It overrides httpAuth settings
  -promscrape.cluster.memberNum int
    	The number of number in the cluster of scrapers. It must be an unique value in the range 0 ... promscrape.cluster.membersCount-1 across scrapers in the cluster
  -promscrape.cluster.membersCount int
    	The number of members in a cluster of scrapers. Each member must have an unique -promscrape.cluster.memberNum in the range 0 ... promscrape.cluster.membersCount-1 . Each member then scrapes roughly 1/N of all the targets. By default cluster scraping is disabled, i.e. a single scraper scrapes all the targets
  -promscrape.config string
    	Optional path to Prometheus config file with 'scrape_configs' section containing targets to scrape. See https://victoriametrics.github.io/#how-to-scrape-prometheus-exporters-such-as-node-exporter for details
  -promscrape.config.dryRun
@ -534,6 +554,8 @@ See the docs at https://victoriametrics.github.io/vmagent.html .
    	Interval for checking for changes in 'file_sd_config'. See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config for details (default 30s)
  -promscrape.gceSDCheckInterval gce_sd_configs
    	Interval for checking for changes in gce. This works only if gce_sd_configs is configured in '-promscrape.config' file. See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config for details (default 1m0s)
  -promscrape.kubernetes.apiServerTimeout duration
    	How frequently to reload the full state from Kuberntes API server (default 10m0s)
  -promscrape.kubernetesSDCheckInterval kubernetes_sd_configs
    	Interval for checking for changes in Kubernetes API server. This works only if kubernetes_sd_configs is configured in '-promscrape.config' file. See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#kubernetes_sd_config for details (default 30s)
  -promscrape.maxDroppedTargets droppedTargets
@ -559,7 +581,7 @@ See the docs at https://victoriametrics.github.io/vmagent.html .
    	Optional bearer auth token to use for -remoteWrite.url. If multiple args are set, then they are applied independently for the corresponding -remoteWrite.url
    	Supports array of values separated by comma or specified via multiple flags.
  -remoteWrite.flushInterval duration
-    	Interval for flushing the data to remote storage. Higher value reduces network bandwidth usage at the cost of delayed push of scraped data to remote storage. Minimum supported interval is 1 second (default 1s)
+    	Interval for flushing the data to remote storage. This option takes effect only when less than 10K data points per second are pushed to -remoteWrite.url (default 1s)
  -remoteWrite.label array
    	Optional label in the form 'name=value' to add to all the metrics before sending them to -remoteWrite.url. Pass multiple -remoteWrite.label flags in order to add multiple flags to metrics before sending them to remote storage
    	Supports array of values separated by comma or specified via multiple flags.
--- a/app/vmagent/remotewrite/client.go
+++ b/app/vmagent/remotewrite/client.go
@ -299,6 +299,9 @@ again:
 type rateLimiter struct {
 	perSecondLimit int64
 	// mu protects budget and deadline from concurrent access.
 	mu sync.Mutex
 	// The current budget. It is increased by perSecondLimit every second.
 	budget int64
@ -313,9 +316,12 @@ func (rl *rateLimiter) register(dataLen int, stopCh <-chan struct{}) {
 	if limit <= 0 {
 		return
 	}
 	rl.mu.Lock()
 	defer rl.mu.Unlock()
 	for rl.budget <= 0 {
-		now := time.Now()
+		if d := time.Until(rl.deadline); d > 0 {
 		if d := rl.deadline.Sub(now); d > 0 {
 			rl.limitReached.Inc()
 			t := timerpool.Get(d)
 			select {
@ -327,7 +333,7 @@ func (rl *rateLimiter) register(dataLen int, stopCh <-chan struct{}) {
 			}
 		}
 		rl.budget += limit
-		rl.deadline = now.Add(time.Second)
+		rl.deadline = time.Now().Add(time.Second)
 	}
 	rl.budget -= int64(dataLen)
 }
--- a/app/vmagent/remotewrite/pendingseries.go
+++ b/app/vmagent/remotewrite/pendingseries.go
@ -19,8 +19,7 @@ import (
 var (
 	flushInterval = flag.Duration("remoteWrite.flushInterval", time.Second, "Interval for flushing the data to remote storage. "+
-		"Higher value reduces network bandwidth usage at the cost of delayed push of scraped data to remote storage. "+
+		"This option takes effect only when less than 10K data points per second are pushed to -remoteWrite.url")
 		"Minimum supported interval is 1 second")
 	maxUnpackedBlockSize = flagutil.NewBytes("remoteWrite.maxBlockSize", 8*1024*1024, "The maximum size in bytes of unpacked request to send to remote storage. "+
 		"It shouldn't exceed -maxInsertRequestSize from VictoriaMetrics")
 )
--- a/app/vmalert/README.md
+++ b/app/vmalert/README.md
@ -197,7 +197,7 @@ to set `-datasource.appendTypePrefix` flag to `true`, so vmalert can adjust URL
 The shortlist of configuration flags is the following:
 ```
  -datasource.appendTypePrefix
-        Whether to add type prefix to -datasource.url based on the query type. Set to true if sending different query types to VMSelect URL.
+    	Whether to add type prefix to -datasource.url based on the query type. Set to true if sending different query types to VMSelect URL.
  -datasource.basicAuth.password string
    	Optional basic auth password for -datasource.url
  -datasource.basicAuth.username string
@ -206,6 +206,8 @@ The shortlist of configuration flags is the following:
    	Lookback defines how far to look into past when evaluating queries. For example, if datasource.lookback=5m then param "time" with value now()-5m will be added to every query.
  -datasource.maxIdleConnections int
    	Defines the number of idle (keep-alive connections) to configured datasource.Consider to set this value equal to the value: groups_total * group.concurrency. Too low value may result into high number of sockets in TIME_WAIT state. (default 100)
  -datasource.queryStep duration
    	queryStep defines how far a value can fallback to when evaluating queries. For example, if datasource.queryStep=15s then param "step" with value "15s" will be added to every query.
  -datasource.tlsCAFile string
    	Optional path to TLS CA file to use for verifying connections to -datasource.url. By default system CA is used
  -datasource.tlsCertFile string
@ -236,6 +238,8 @@ The shortlist of configuration flags is the following:
    	Supports array of values separated by comma or specified via multiple flags.
  -external.url string
    	External URL is used as alert's source for sent alerts to the notifier
  -fs.disableMmap
    	Whether to use pread() instead of mmap() for reading data files. By default mmap() is used for 64-bit arches and pread() is used for 32-bit arches, since they cannot read data files bigger than 2^32 bytes in memory. mmap() is usually faster for reading small data chunks than pread()
  -http.connTimeout duration
    	Incoming http connections are closed after the configured timeout. This may help spreading incoming load among a cluster of services behind load balancer. Note that the real timeout may be bigger by up to 10% as a protection from Thundering herd problem (default 2m0s)
  -http.disableResponseCompression
@ -264,6 +268,8 @@ The shortlist of configuration flags is the following:
    	Minimum level of errors to log. Possible values: INFO, WARN, ERROR, FATAL, PANIC (default "INFO")
  -loggerOutput string
    	Output for the logs. Supported values: stderr, stdout (default "stderr")
  -loggerTimezone string
    	Timezone to use for timestamps in logs. Timezone must be a valid IANA Time Zone. For example: America/New_York, Europe/Berlin, Etc/GMT+3 or Local (default "UTC")
  -loggerWarnsPerSecondLimit int
    	Per-second limit on the number of WARN messages. If more than the given number of warns are emitted per second, then the remaining warns are suppressed. Zero value disables the rate limit
  -memory.allowedBytes value
--- a/app/vmalert/remotewrite/remotewrite.go
+++ b/app/vmalert/remotewrite/remotewrite.go
@ -94,7 +94,7 @@ func NewClient(ctx context.Context, cfg Config) (*Client, error) {
 			Timeout:   cfg.WriteTimeout,
 			Transport: cfg.Transport,
 		},
-		addr:          strings.TrimSuffix(cfg.Addr, "/") + writePath,
+		addr:          strings.TrimSuffix(cfg.Addr, "/"),
 		baUser:        cfg.BasicAuthUser,
 		baPass:        cfg.BasicAuthPass,
 		flushInterval: cfg.FlushInterval,
@ -231,6 +231,7 @@ func (c *Client) send(ctx context.Context, data []byte) error {
 	if c.baPass != "" {
 		req.SetBasicAuth(c.baUser, c.baPass)
 	}
 	req.URL.Path += writePath
 	resp, err := c.c.Do(req.WithContext(ctx))
 	if err != nil {
 		return fmt.Errorf("error while sending request to %s: %w; Data len %d(%d)",
--- a/app/vmauth/README.md
+++ b/app/vmauth/README.md
@ -174,6 +174,8 @@ See the docs at https://victoriametrics.github.io/vmauth.html .
    	Whether to enable reading flags from environment variables additionally to command line. Command line flag values have priority over values from environment vars. Flags are read only from command line if this flag isn't set
  -envflag.prefix string
    	Prefix for environment variables if -envflag.enable is set
  -fs.disableMmap
    	Whether to use pread() instead of mmap() for reading data files. By default mmap() is used for 64-bit arches and pread() is used for 32-bit arches, since they cannot read data files bigger than 2^32 bytes in memory. mmap() is usually faster for reading small data chunks than pread()
  -http.connTimeout duration
    	Incoming http connections are closed after the configured timeout. This may help spreading incoming load among a cluster of services behind load balancer. Note that the real timeout may be bigger by up to 10% as a protection from Thundering herd problem (default 2m0s)
  -http.disableResponseCompression
@ -192,14 +194,20 @@ See the docs at https://victoriametrics.github.io/vmauth.html .
    	Username for HTTP Basic Auth. The authentication is disabled if empty. See also -httpAuth.password
  -httpListenAddr string
    	TCP address to listen for http connections (default ":8427")
  -loggerDisableTimestamps
    	Whether to disable writing timestamps in logs
  -loggerErrorsPerSecondLimit int
-    	Per-second limit on the number of ERROR messages. If more than the given number of errors are emitted per second, then the remaining errors are suppressed. Zero value disables the rate limit (default 10)
+    	Per-second limit on the number of ERROR messages. If more than the given number of errors are emitted per second, then the remaining errors are suppressed. Zero value disables the rate limit
  -loggerFormat string
    	Format for logs. Possible values: default, json (default "default")
  -loggerLevel string
    	Minimum level of errors to log. Possible values: INFO, WARN, ERROR, FATAL, PANIC (default "INFO")
  -loggerOutput string
    	Output for the logs. Supported values: stderr, stdout (default "stderr")
  -loggerTimezone string
    	Timezone to use for timestamps in logs. Timezone must be a valid IANA Time Zone. For example: America/New_York, Europe/Berlin, Etc/GMT+3 or Local (default "UTC")
  -loggerWarnsPerSecondLimit int
    	Per-second limit on the number of WARN messages. If more than the given number of warns are emitted per second, then the remaining warns are suppressed. Zero value disables the rate limit
  -memory.allowedBytes value
    	Allowed size of system memory VictoriaMetrics caches may occupy. This option overrides -memory.allowedPercent if set to non-zero value. Too low value may increase cache miss rate, which usually results in higher CPU and disk IO usage. Too high value may evict too much data from OS page cache, which will result in higher disk IO usage
    	Supports the following optional suffixes for values: KB, MB, GB, KiB, MiB, GiB (default 0)
--- a/app/vmbackup/README.md
+++ b/app/vmbackup/README.md
@ -191,14 +191,20 @@ See [this article](https://medium.com/@valyala/speeding-up-backups-for-big-time-
    	Prefix for environment variables if -envflag.enable is set
  -fs.disableMmap
    	Whether to use pread() instead of mmap() for reading data files. By default mmap() is used for 64-bit arches and pread() is used for 32-bit arches, since they cannot read data files bigger than 2^32 bytes in memory. mmap() is usually faster for reading small data chunks than pread()
  -loggerDisableTimestamps
    	Whether to disable writing timestamps in logs
  -loggerErrorsPerSecondLimit int
-    	Per-second limit on the number of ERROR messages. If more than the given number of errors are emitted per second, then the remaining errors are suppressed. Zero value disables the rate limit (default 10)
+    	Per-second limit on the number of ERROR messages. If more than the given number of errors are emitted per second, then the remaining errors are suppressed. Zero value disables the rate limit
  -loggerFormat string
    	Format for logs. Possible values: default, json (default "default")
  -loggerLevel string
    	Minimum level of errors to log. Possible values: INFO, WARN, ERROR, FATAL, PANIC (default "INFO")
  -loggerOutput string
    	Output for the logs. Supported values: stderr, stdout (default "stderr")
  -loggerTimezone string
    	Timezone to use for timestamps in logs. Timezone must be a valid IANA Time Zone. For example: America/New_York, Europe/Berlin, Etc/GMT+3 or Local (default "UTC")
  -loggerWarnsPerSecondLimit int
    	Per-second limit on the number of WARN messages. If more than the given number of warns are emitted per second, then the remaining warns are suppressed. Zero value disables the rate limit
  -maxBytesPerSecond value
    	The maximum upload speed. There is no limit if it is set to 0
    	Supports the following optional suffixes for values: KB, MB, GB, KiB, MiB, GiB (default 0)
--- a/app/vmbackupmanager/README.md
+++ b/app/vmbackupmanager/README.md
@ -0,0 +1,144 @@
 ## Victoria Metrics Backup Manager
 This service automates regular backup procedures. It supports the following backup intervals: **hourly**, **daily**, **weekly** and **monthly**. Multiple backup intervals may be configured simultaneously. I.e. the backup manager creates hourly backups every hour, while it creates daily backups every day, etc. Backup manager must have read access to the storage data, so best practice is to install it on the same machine (or as a sidecar) where the storage node is installed.
 The backup service makes a backup every hour and puts it to the latest folder and then copies data to the folders which represent the backup intervals (hourly, daily, weekly and monthly)
 The required flags for running the service are as follows:
 * -eula - should be true and means that you have the legal right to run a backup manager. That can either be a signed contract or an email with confirmation to run the service in a trial period
 * -storageDataPath - path to VictoriaMetrics or vmstorage data path to make backup from
 * -snapshot.createURL - VictoriaMetrics creates snapshot URL which will automatically be created during backup. Example: http://victoriametrics:8428/snaphsot/create
 * -dst - backup destination at s3, gcs or local filesystem
 * -credsFilePath - path to file with GCS or S3 credentials. Credentials are loaded from default locations if not set. See [https://cloud.google.com/iam/docs/creating-managing-service-account-keys](https://cloud.google.com/iam/docs/creating-managing-service-account-keys) and [https://docs.aws.amazon.com/general/latest/gr/aws-security-credentials.html](https://docs.aws.amazon.com/general/latest/gr/aws-security-credentials.html)
 Backup schedule is controlled by the following flags:
 * -disableHourly - disable hourly run. Default false
 * -disableDaily - disable daily run. Default false
 * -disableWeekly - disable weekly run. Default false
 * -disableMonthly - disable monthly run. Default false
 By default, all flags are turned on and Backup Manager backups data every hour for every interval (hourly, daily, weekly and monthly).
 The backup manager creates the following directory hierarchy at **-dst**:
 * /latest/ - contains the latest backup
 * /hourly/ - contains hourly backups. Each backup is named as *YYYY-MM-DD:HH*
 * /daily/ - contains daily backups. Each backup is named as *YYYY-MM-DD*
 * /weekly/ - contains weekly backups. Each backup is named as *YYYY-WW*
 * /monthly/ - contains monthly backups. Each backup is named as *YYYY-MM*
 To get the full list of supported flags please run the following command:
 ```console
 ./vmbackupmanager --help
 ```
 The service creates a **full** backup each run. This means that the system can be restored fully from any particular backup using vmrestore. Backup manager uploads only the data that has been changed or created since the most recent backup (incremental backup).
 *Please take into account that the first backup upload could take a significant amount of time as it needs to upload all of the data.*
 There are two flags which could help with performance tuning:
 * -maxBytesPerSecond - the maximum upload speed. There is no limit if it is set to 0
 * -concurrency - The number of concurrent workers. Higher concurrency may improve upload speed (default 10)
 ### Example of Usage
 GCS and cluster version. You need to have a credentials file in json format with following structure
 credentials.json
 ```json
 {
  "type": "service_account",
  "project_id": "<project>",
  "private_key_id": "",
  "private_key": "-----BEGIN PRIVATE KEY-----\-----END PRIVATE KEY-----\n",
  "client_email": “test@<project>.iam.gserviceaccount.com",
  "client_id": "",
  "auth_uri": "https://accounts.google.com/o/oauth2/auth",
  "token_uri": "https://oauth2.googleapis.com/token",
  "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
  "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/test%40<project>.iam.gserviceaccount.com"
 }
 ```
 Backup manager launched with the following configuration:
 ```console
 export NODE_IP=192.168.0.10
 export VMSTORAGE_ENDPOINT=http://127.0.0.1:8428
 ./vmbackupmanager -dst=gcs://vmstorage-data/$NODE_IP -credsFilePath=credentials.json -storageDataPath=/vmstorage-data -snapshot.createURL=$VMSTORAGE_ENDPOINT/snapshot/create -eula 
 ```
 Expected logs in vmbackupmanager:
 ```console
 info    lib/backup/actions/backup.go:131    server-side copied 81 out of 81 parts from GCS{bucket: "vmstorage-data", dir: "192.168.0.10//latest/"} to GCS{bucket: "vmstorage-data", dir: "192.168.0.10//weekly/2020-34/"} in 2.549833008s
 info    lib/backup/actions/backup.go:169    backed up 853315 bytes in 2.882 seconds; deleted 0 bytes; server-side copied 853315 bytes; uploaded 0 bytes 
 ```
 Expected logs in vmstorage:
 ```console
 info    VictoriaMetrics/lib/storage/table.go:146    creating table snapshot of "/vmstorage-data/data"...
 info    VictoriaMetrics/lib/storage/storage.go:311    deleting snapshot "/vmstorage-data/snapshots/20200818201959-162C760149895DDA"...
 info    VictoriaMetrics/lib/storage/storage.go:319    deleted snapshot "/vmstorage-data/snapshots/20200818201959-162C760149895DDA" in 0.169 seconds
 ```
 The result on the GCS bucket
 - The root folder
  ![root](root.png)
 - The latest folder
  ![latest](latest.png)
 ## Backup Retention Policy
 Backup retention policy is controlled by:
 * -keepLastHourly - keep the last N hourly backups. Disabled by default
 * -keepLastDaily - keep the last N daily backups. Disabled by default
 * -keepLastWeekly - keep the last N weekly backups. Disabled by default
 * -keepLastMonthly - keep the last N monthly backups. Disabled by default
 *Note*: 0 value in every keepLast flag results into deletion ALL backups for particular type (hourly, daily, weekly and monthly)
 Let’s assume we have a backup manager collecting daily backups for the past 10 days.
 ![daily](rp_daily_1.png)
 We enable backup retention policy for backup manager by using following configuration:
 ```console
 export NODE_IP=192.168.0.10
 export VMSTORAGE_ENDPOINT=http://127.0.0.1:8428
 ./vmbackupmanager -dst=gcs://vmstorage-data/$NODE_IP -credsFilePath=credentials.json -storageDataPath=/vmstorage-data -snapshot.createURL=$VMSTORAGE_ENDPOINT/snapshot/create
 -keepLastDaily=3 -eula
 ```
 Expected logs in backup manager on start:
 ```console
 info    lib/logger/flag.go:20    flag "keepLastDaily" = "3"
 ```
 Expected logs in backup manager during retention cycle:
 ```console
 info    app/vmbackupmanager/retention.go:106    daily backups to delete [daily/2021-02-13 daily/2021-02-12 daily/2021-02-11 daily/2021-02-10 daily/2021-02-09 daily/2021-02-08 daily/2021-02-07]
 ```
 The result on the GCS bucket. We see only 3 daily backups:
 ![daily](rp_daily_2.png)
--- a/app/vmbackupmanager/latest.png
+++ b/app/vmbackupmanager/latest.png
--- a/app/vmbackupmanager/root.png
+++ b/app/vmbackupmanager/root.png
--- a/app/vmbackupmanager/rp_daily_1.png
+++ b/app/vmbackupmanager/rp_daily_1.png
--- a/app/vmbackupmanager/rp_daily_2.png
+++ b/app/vmbackupmanager/rp_daily_2.png
--- a/app/vmrestore/README.md
+++ b/app/vmrestore/README.md
@ -91,14 +91,20 @@ i.e. the end result would be similar to [rsync --delete](https://askubuntu.com/q
    	Prefix for environment variables if -envflag.enable is set
  -fs.disableMmap
    	Whether to use pread() instead of mmap() for reading data files. By default mmap() is used for 64-bit arches and pread() is used for 32-bit arches, since they cannot read data files bigger than 2^32 bytes in memory. mmap() is usually faster for reading small data chunks than pread()
  -loggerDisableTimestamps
    	Whether to disable writing timestamps in logs
  -loggerErrorsPerSecondLimit int
-    	Per-second limit on the number of ERROR messages. If more than the given number of errors are emitted per second, then the remaining errors are suppressed. Zero value disables the rate limit (default 10)
+    	Per-second limit on the number of ERROR messages. If more than the given number of errors are emitted per second, then the remaining errors are suppressed. Zero value disables the rate limit
  -loggerFormat string
    	Format for logs. Possible values: default, json (default "default")
  -loggerLevel string
    	Minimum level of errors to log. Possible values: INFO, WARN, ERROR, FATAL, PANIC (default "INFO")
  -loggerOutput string
    	Output for the logs. Supported values: stderr, stdout (default "stderr")
  -loggerTimezone string
    	Timezone to use for timestamps in logs. Timezone must be a valid IANA Time Zone. For example: America/New_York, Europe/Berlin, Etc/GMT+3 or Local (default "UTC")
  -loggerWarnsPerSecondLimit int
    	Per-second limit on the number of WARN messages. If more than the given number of warns are emitted per second, then the remaining warns are suppressed. Zero value disables the rate limit
  -maxBytesPerSecond value
    	The maximum download speed. There is no limit if it is set to 0
    	Supports the following optional suffixes for values: KB, MB, GB, KiB, MiB, GiB (default 0)
--- a/app/vmselect/querystats/querystats.go
+++ b/app/vmselect/querystats/querystats.go
@ -89,7 +89,7 @@ func (qst *queryStatsTracker) writeJSONQueryStats(w io.Writer, topN int, maxLife
 	fmt.Fprintf(w, `],"topByAvgDuration":[`)
 	topByAvgDuration := qst.getTopByAvgDuration(topN, maxLifetime)
 	for i, r := range topByAvgDuration {
-		fmt.Fprintf(w, `{"query":%q,"timeRangeSeconds":%d,"avgDurationSeconds":%.3f}`, r.query, r.timeRangeSecs, r.duration.Seconds())
+		fmt.Fprintf(w, `{"query":%q,"timeRangeSeconds":%d,"avgDurationSeconds":%.3f,"count":%d}`, r.query, r.timeRangeSecs, r.duration.Seconds(), r.count)
 		if i+1 < len(topByAvgDuration) {
 			fmt.Fprintf(w, `,`)
 		}
@ -97,7 +97,7 @@ func (qst *queryStatsTracker) writeJSONQueryStats(w io.Writer, topN int, maxLife
 	fmt.Fprintf(w, `],"topBySumDuration":[`)
 	topBySumDuration := qst.getTopBySumDuration(topN, maxLifetime)
 	for i, r := range topBySumDuration {
-		fmt.Fprintf(w, `{"query":%q,"timeRangeSeconds":%d,"sumDurationSeconds":%.3f}`, r.query, r.timeRangeSecs, r.duration.Seconds())
+		fmt.Fprintf(w, `{"query":%q,"timeRangeSeconds":%d,"sumDurationSeconds":%.3f,"count":%d}`, r.query, r.timeRangeSecs, r.duration.Seconds(), r.count)
 		if i+1 < len(topBySumDuration) {
 			fmt.Fprintf(w, `,`)
 		}
@ -202,6 +202,7 @@ func (qst *queryStatsTracker) getTopByAvgDuration(topN int, maxLifetime time.Dur
 			query:         k.query,
 			timeRangeSecs: k.timeRangeSecs,
 			duration:      ks.sum / time.Duration(ks.count),
 			count:         ks.count,
 		})
 	}
 	sort.Slice(a, func(i, j int) bool {
@ -217,26 +218,35 @@ type queryStatByDuration struct {
 	query         string
 	timeRangeSecs int64
 	duration      time.Duration
 	count         int
 }
 func (qst *queryStatsTracker) getTopBySumDuration(topN int, maxLifetime time.Duration) []queryStatByDuration {
 	currentTime := time.Now()
 	qst.mu.Lock()
-	m := make(map[queryStatKey]time.Duration)
+	type countDuration struct {
 		count int
 		sum   time.Duration
 	}
 	m := make(map[queryStatKey]countDuration)
 	for _, r := range qst.a {
 		if r.matches(currentTime, maxLifetime) {
 			k := r.key()
-			m[k] = m[k] + r.duration
+			kd := m[k]
 			kd.count++
 			kd.sum += r.duration
 			m[k] = kd
 		}
 	}
 	qst.mu.Unlock()
 	var a []queryStatByDuration
-	for k, d := range m {
+	for k, kd := range m {
 		a = append(a, queryStatByDuration{
 			query:         k.query,
 			timeRangeSecs: k.timeRangeSecs,
-			duration:      d,
+			duration:      kd.sum,
 			count:         kd.count,
 		})
 	}
 	sort.Slice(a, func(i, j int) bool {
--- a/docs/CHANGELOG.md
+++ b/docs/CHANGELOG.md
@ -2,6 +2,10 @@
 # tip
 # [v1.55.0](https://github.com/VictoriaMetrics/VictoriaMetrics/releases/tag/v1.55.0)
 * FEATURE: add `sign(q)` and `clamp(q, min, max)` functions, which are planned to be added in [the upcoming Prometheus release](https://twitter.com/roidelapluie/status/1363428376162295811) . The `last_over_time(m[d])` function is already supported in [MetricsQL](https://victoriametrics.github.io/MetricsQL.html).
 * FEATURE: vmagent: add `scrape_align_interval` config option, which can be used for aligning scrapes to the beginning of the configured interval. See [these docs](https://victoriametrics.github.io/vmagent.html#troubleshooting) for details.
 * FEATURE: expose io-related metrics at `/metrics` page for every VictoriaMetrics component:
@ -11,19 +15,28 @@
  * `process_io_write_syscalls_total` - the number of write syscalls such as write and pwrite
  * `process_io_storage_read_bytes_total` - the number of bytes read from storage layer
  * `process_io_storage_written_bytes_total` - the number of bytes written to storage layer
-* FEATURE: vmagent: use watch API for Kuberntes service discovery. This should reduce load on Kuberntes API server when it tracks big number of objects (for example, 10K pods). This should also reduce the time needed for k8s targets discovery.
+* FEATURE: vmagent: add ability to spread scrape targets among multiple `vmagent` instances. See [these docs](https://victoriametrics.github.io/vmagent.html#scraping-big-number-of-targets) and [this issue](https://github.com/VictoriaMetrics/VictoriaMetrics/issues/1084) for details.
 * FEATURE: vmagent: use watch API for Kuberntes service discovery. This should reduce load on Kuberntes API server when it tracks big number of objects (for example, 10K pods). This should also reduce the time needed for k8s targets discovery. See [this issue](https://github.com/VictoriaMetrics/VictoriaMetrics/issues/1057) for details.
 * FEATURE: vmagent: export `vm_promscrape_target_relabel_duration_seconds` metric, which can be used for monitoring the time spend on relabeling for discovered targets.
 * FEATURE: vmagent: optimize [relabeling](https://victoriametrics.github.io/vmagent.html#relabeling) performance for common cases.
 * FEATURE: add `increase_pure(m[d])` function to MetricsQL. It works the same as `increase(m[d])` except of various edge cases. See [this issue](https://github.com/VictoriaMetrics/VictoriaMetrics/issues/962) for details.
 * FEATURE: increase accuracy for `buckets_limit(limit, buckets)` results for small `limit` values. See [MetricsQL docs](https://victoriametrics.github.io/MetricsQL.html) for details.
 * FEATURE: vmagent: initial support for Windows build with `CGO_ENABLED=0 GOOS=windows go build -mod=vendor ./app/vmagent`. See [this](https://github.com/VictoriaMetrics/VictoriaMetrics/issues/70) and [this issue](https://github.com/VictoriaMetrics/VictoriaMetrics/issues/1036).
 * FEATURE: vmagent: support WebIdentityToken auth in EC2 service discovery. See [this issue](https://github.com/VictoriaMetrics/VictoriaMetrics/issues/1080) for details.
 * FEATURE: vmalert: properly process query params in `-datasource.url` and `-remoteRead.url` command-line flags. See [this issue](https://github.com/VictoriaMetrics/VictoriaMetrics/issues/1087) for details.
 * BUGFIX: vmagent: properly apply `-remoteWrite.rateLimit` when `-remoteWrite.queues` is greater than 1. Previously there was a data race, which could prevent from proper rate limiting.
 * BUGFIX: vmagent: properly perform graceful shutdown on `SIGINT` and `SIGTERM` signals. The graceful shutdown has been broken in `v1.54.0`. See https://github.com/VictoriaMetrics/VictoriaMetrics/issues/1065
 * BUGFIX: reduce the probability of `duplicate time series` errors when querying Kubernetes metrics.
 * BUGFIX: properly calculate `histogram_quantile()` over time series with only a single non-zero bucket with `{le="+Inf"}`. Previously `NaN` was returned, now the value for the last bucket before `{le="+Inf"}` is returned like Prometheus does.
 * BUGFIX: vmselect: do not cache partial query results on timeout when receiving data from `vmstorage` nodes. See https://github.com/VictoriaMetrics/VictoriaMetrics/pull/1085
 * BUGFIX: properly handle `stale NFS file handle` error.
 * BUGFIX: properly cache query results when `extra_label` query arg is used. Previously the cached results could clash for different `extra_label` values. See https://github.com/VictoriaMetrics/VictoriaMetrics/pull/1095
 * BUGFIX: fix `http: superfluous response.WriteHeader call` issue. See https://github.com/VictoriaMetrics/VictoriaMetrics/issues/1078
 * BUGFIX: fix arm64 builds due to the issue in `github.com/golang/snappy`. See https://github.com/VictoriaMetrics/VictoriaMetrics/issues/1074
 * BUGFIX: fix `index out of range [1024819115206086200] with length 27` panic, which could occur when `1e-9` value is passed to VictoriaMetrics histogram. See https://github.com/VictoriaMetrics/VictoriaMetrics/issues/1096
 * BUGFIX: fix parsing for Graphite line with empty tags such as `foo; 123 456`. See https://github.com/VictoriaMetrics/VictoriaMetrics/issues/1100
 * BUGFIX: unescape only `\\`, `\n` and `\"` in label names when parsing Prometheus text exposition format as Prometheus does. Previously other escape sequences could be improperly unescaped.
 # [v1.54.1](https://github.com/VictoriaMetrics/VictoriaMetrics/releases/tag/v1.54.1)
--- a/docs/vmagent.md
+++ b/docs/vmagent.md
@ -34,6 +34,7 @@ to `vmagent` (like the ability to push metrics instead of pulling them). We did
  are buffered at `-remoteWrite.tmpDataPath`. The buffered metrics are sent to remote storage as soon as connection
  to remote storage is recovered. The maximum disk usage for the buffer can be limited with `-remoteWrite.maxDiskUsagePerURL`.
 * Uses lower amounts of RAM, CPU, disk IO and network bandwidth compared to Prometheus.
 * Scrape targets can be spread among multiple `vmagent` instances when big number of targets must be scraped. See [these docs](#scraping-big-number-of-targets) for details.
 ## Quick Start
@ -227,6 +228,21 @@ Read more about relabeling in the following articles:
 * [relabel_configs vs metric_relabel_configs](https://www.robustperception.io/relabel_configs-vs-metric_relabel_configs)
 ## Scraping big number of targets
 A single `vmagent` instance can scrape tens of thousands of scrape targets. Sometimes this isn't enough due to limitations on CPU, network, RAM, etc.
 In this case scrape targets can be split among multiple `vmagent` instances (aka `vmagent` clustering).
 Each `vmagent` instance in the cluster must use identical `-promscrape.config` files with distinct `-promscrape.cluster.memberNum` values.
 The flag value must be in the range `0 ... N-1`, where `N` is the number of `vmagent` instances in the cluster.
 The number of `vmagent` instances in the cluster must be passed to `-promscrape.cluster.membersCount` command-line flag. For example, the following commands
 spread scrape targets among a cluster of two `vmagent` instances:
 ```
 /path/to/vmagent -promscrape.cluster.membersCount=2 -promscrape.cluster.memberNum=0 -promscrape.config=/path/to/config.yml ...
 /path/to/vmagent -promscrape.cluster.membersCount=2 -promscrape.cluster.memberNum=1 -promscrape.config=/path/to/config.yml ...
 ```
 ## Monitoring
 `vmagent` exports various metrics in Prometheus exposition format at `http://vmagent-host:8429/metrics` page. It is recommended setting up regular scraping of this page
@ -474,7 +490,7 @@ See the docs at https://victoriametrics.github.io/vmagent.html .
  -loggerOutput string
    	Output for the logs. Supported values: stderr, stdout (default "stderr")
  -loggerTimezone string
-    	Timezone to use for timestamps in logs. Local timezone can be used (default "UTC")
+    	Timezone to use for timestamps in logs. Timezone must be a valid IANA Time Zone. For example: America/New_York, Europe/Berlin, Etc/GMT+3 or Local (default "UTC")
  -loggerWarnsPerSecondLimit int
    	Per-second limit on the number of WARN messages. If more than the given number of warns are emitted per second, then the remaining warns are suppressed. Zero value disables the rate limit
  -maxConcurrentInserts int
@ -502,6 +518,10 @@ See the docs at https://victoriametrics.github.io/vmagent.html .
    	Trim timestamps for OpenTSDB HTTP data to this duration. Minimum practical duration is 1ms. Higher duration (i.e. 1s) may be used for reducing disk space usage for timestamp data (default 1ms)
  -pprofAuthKey string
    	Auth key for /debug/pprof. It overrides httpAuth settings
  -promscrape.cluster.memberNum int
    	The number of number in the cluster of scrapers. It must be an unique value in the range 0 ... promscrape.cluster.membersCount-1 across scrapers in the cluster
  -promscrape.cluster.membersCount int
    	The number of members in a cluster of scrapers. Each member must have an unique -promscrape.cluster.memberNum in the range 0 ... promscrape.cluster.membersCount-1 . Each member then scrapes roughly 1/N of all the targets. By default cluster scraping is disabled, i.e. a single scraper scrapes all the targets
  -promscrape.config string
    	Optional path to Prometheus config file with 'scrape_configs' section containing targets to scrape. See https://victoriametrics.github.io/#how-to-scrape-prometheus-exporters-such-as-node-exporter for details
  -promscrape.config.dryRun
@ -534,6 +554,8 @@ See the docs at https://victoriametrics.github.io/vmagent.html .
    	Interval for checking for changes in 'file_sd_config'. See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config for details (default 30s)
  -promscrape.gceSDCheckInterval gce_sd_configs
    	Interval for checking for changes in gce. This works only if gce_sd_configs is configured in '-promscrape.config' file. See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config for details (default 1m0s)
  -promscrape.kubernetes.apiServerTimeout duration
    	How frequently to reload the full state from Kuberntes API server (default 10m0s)
  -promscrape.kubernetesSDCheckInterval kubernetes_sd_configs
    	Interval for checking for changes in Kubernetes API server. This works only if kubernetes_sd_configs is configured in '-promscrape.config' file. See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#kubernetes_sd_config for details (default 30s)
  -promscrape.maxDroppedTargets droppedTargets
@ -559,7 +581,7 @@ See the docs at https://victoriametrics.github.io/vmagent.html .
    	Optional bearer auth token to use for -remoteWrite.url. If multiple args are set, then they are applied independently for the corresponding -remoteWrite.url
    	Supports array of values separated by comma or specified via multiple flags.
  -remoteWrite.flushInterval duration
-    	Interval for flushing the data to remote storage. Higher value reduces network bandwidth usage at the cost of delayed push of scraped data to remote storage. Minimum supported interval is 1 second (default 1s)
+    	Interval for flushing the data to remote storage. This option takes effect only when less than 10K data points per second are pushed to -remoteWrite.url (default 1s)
  -remoteWrite.label array
    	Optional label in the form 'name=value' to add to all the metrics before sending them to -remoteWrite.url. Pass multiple -remoteWrite.label flags in order to add multiple flags to metrics before sending them to remote storage
    	Supports array of values separated by comma or specified via multiple flags.
--- a/docs/vmalert.md
+++ b/docs/vmalert.md
@ -197,7 +197,7 @@ to set `-datasource.appendTypePrefix` flag to `true`, so vmalert can adjust URL
 The shortlist of configuration flags is the following:
 ```
  -datasource.appendTypePrefix
-        Whether to add type prefix to -datasource.url based on the query type. Set to true if sending different query types to VMSelect URL.
+    	Whether to add type prefix to -datasource.url based on the query type. Set to true if sending different query types to VMSelect URL.
  -datasource.basicAuth.password string
    	Optional basic auth password for -datasource.url
  -datasource.basicAuth.username string
@ -206,6 +206,8 @@ The shortlist of configuration flags is the following:
    	Lookback defines how far to look into past when evaluating queries. For example, if datasource.lookback=5m then param "time" with value now()-5m will be added to every query.
  -datasource.maxIdleConnections int
    	Defines the number of idle (keep-alive connections) to configured datasource.Consider to set this value equal to the value: groups_total * group.concurrency. Too low value may result into high number of sockets in TIME_WAIT state. (default 100)
  -datasource.queryStep duration
    	queryStep defines how far a value can fallback to when evaluating queries. For example, if datasource.queryStep=15s then param "step" with value "15s" will be added to every query.
  -datasource.tlsCAFile string
    	Optional path to TLS CA file to use for verifying connections to -datasource.url. By default system CA is used
  -datasource.tlsCertFile string
@ -236,6 +238,8 @@ The shortlist of configuration flags is the following:
    	Supports array of values separated by comma or specified via multiple flags.
  -external.url string
    	External URL is used as alert's source for sent alerts to the notifier
  -fs.disableMmap
    	Whether to use pread() instead of mmap() for reading data files. By default mmap() is used for 64-bit arches and pread() is used for 32-bit arches, since they cannot read data files bigger than 2^32 bytes in memory. mmap() is usually faster for reading small data chunks than pread()
  -http.connTimeout duration
    	Incoming http connections are closed after the configured timeout. This may help spreading incoming load among a cluster of services behind load balancer. Note that the real timeout may be bigger by up to 10% as a protection from Thundering herd problem (default 2m0s)
  -http.disableResponseCompression
@ -264,6 +268,8 @@ The shortlist of configuration flags is the following:
    	Minimum level of errors to log. Possible values: INFO, WARN, ERROR, FATAL, PANIC (default "INFO")
  -loggerOutput string
    	Output for the logs. Supported values: stderr, stdout (default "stderr")
  -loggerTimezone string
    	Timezone to use for timestamps in logs. Timezone must be a valid IANA Time Zone. For example: America/New_York, Europe/Berlin, Etc/GMT+3 or Local (default "UTC")
  -loggerWarnsPerSecondLimit int
    	Per-second limit on the number of WARN messages. If more than the given number of warns are emitted per second, then the remaining warns are suppressed. Zero value disables the rate limit
  -memory.allowedBytes value
--- a/docs/vmauth.md
+++ b/docs/vmauth.md
@ -174,6 +174,8 @@ See the docs at https://victoriametrics.github.io/vmauth.html .
    	Whether to enable reading flags from environment variables additionally to command line. Command line flag values have priority over values from environment vars. Flags are read only from command line if this flag isn't set
  -envflag.prefix string
    	Prefix for environment variables if -envflag.enable is set
  -fs.disableMmap
    	Whether to use pread() instead of mmap() for reading data files. By default mmap() is used for 64-bit arches and pread() is used for 32-bit arches, since they cannot read data files bigger than 2^32 bytes in memory. mmap() is usually faster for reading small data chunks than pread()
  -http.connTimeout duration
    	Incoming http connections are closed after the configured timeout. This may help spreading incoming load among a cluster of services behind load balancer. Note that the real timeout may be bigger by up to 10% as a protection from Thundering herd problem (default 2m0s)
  -http.disableResponseCompression
@ -192,14 +194,20 @@ See the docs at https://victoriametrics.github.io/vmauth.html .
    	Username for HTTP Basic Auth. The authentication is disabled if empty. See also -httpAuth.password
  -httpListenAddr string
    	TCP address to listen for http connections (default ":8427")
  -loggerDisableTimestamps
    	Whether to disable writing timestamps in logs
  -loggerErrorsPerSecondLimit int
-    	Per-second limit on the number of ERROR messages. If more than the given number of errors are emitted per second, then the remaining errors are suppressed. Zero value disables the rate limit (default 10)
+    	Per-second limit on the number of ERROR messages. If more than the given number of errors are emitted per second, then the remaining errors are suppressed. Zero value disables the rate limit
  -loggerFormat string
    	Format for logs. Possible values: default, json (default "default")
  -loggerLevel string
    	Minimum level of errors to log. Possible values: INFO, WARN, ERROR, FATAL, PANIC (default "INFO")
  -loggerOutput string
    	Output for the logs. Supported values: stderr, stdout (default "stderr")
  -loggerTimezone string
    	Timezone to use for timestamps in logs. Timezone must be a valid IANA Time Zone. For example: America/New_York, Europe/Berlin, Etc/GMT+3 or Local (default "UTC")
  -loggerWarnsPerSecondLimit int
    	Per-second limit on the number of WARN messages. If more than the given number of warns are emitted per second, then the remaining warns are suppressed. Zero value disables the rate limit
  -memory.allowedBytes value
    	Allowed size of system memory VictoriaMetrics caches may occupy. This option overrides -memory.allowedPercent if set to non-zero value. Too low value may increase cache miss rate, which usually results in higher CPU and disk IO usage. Too high value may evict too much data from OS page cache, which will result in higher disk IO usage
    	Supports the following optional suffixes for values: KB, MB, GB, KiB, MiB, GiB (default 0)
--- a/docs/vmbackup.md
+++ b/docs/vmbackup.md
@ -191,14 +191,20 @@ See [this article](https://medium.com/@valyala/speeding-up-backups-for-big-time-
    	Prefix for environment variables if -envflag.enable is set
  -fs.disableMmap
    	Whether to use pread() instead of mmap() for reading data files. By default mmap() is used for 64-bit arches and pread() is used for 32-bit arches, since they cannot read data files bigger than 2^32 bytes in memory. mmap() is usually faster for reading small data chunks than pread()
  -loggerDisableTimestamps
    	Whether to disable writing timestamps in logs
  -loggerErrorsPerSecondLimit int
-    	Per-second limit on the number of ERROR messages. If more than the given number of errors are emitted per second, then the remaining errors are suppressed. Zero value disables the rate limit (default 10)
+    	Per-second limit on the number of ERROR messages. If more than the given number of errors are emitted per second, then the remaining errors are suppressed. Zero value disables the rate limit
  -loggerFormat string
    	Format for logs. Possible values: default, json (default "default")
  -loggerLevel string
    	Minimum level of errors to log. Possible values: INFO, WARN, ERROR, FATAL, PANIC (default "INFO")
  -loggerOutput string
    	Output for the logs. Supported values: stderr, stdout (default "stderr")
  -loggerTimezone string
    	Timezone to use for timestamps in logs. Timezone must be a valid IANA Time Zone. For example: America/New_York, Europe/Berlin, Etc/GMT+3 or Local (default "UTC")
  -loggerWarnsPerSecondLimit int
    	Per-second limit on the number of WARN messages. If more than the given number of warns are emitted per second, then the remaining warns are suppressed. Zero value disables the rate limit
  -maxBytesPerSecond value
    	The maximum upload speed. There is no limit if it is set to 0
    	Supports the following optional suffixes for values: KB, MB, GB, KiB, MiB, GiB (default 0)
--- a/docs/vmrestore.md
+++ b/docs/vmrestore.md
@ -91,14 +91,20 @@ i.e. the end result would be similar to [rsync --delete](https://askubuntu.com/q
    	Prefix for environment variables if -envflag.enable is set
  -fs.disableMmap
    	Whether to use pread() instead of mmap() for reading data files. By default mmap() is used for 64-bit arches and pread() is used for 32-bit arches, since they cannot read data files bigger than 2^32 bytes in memory. mmap() is usually faster for reading small data chunks than pread()
  -loggerDisableTimestamps
    	Whether to disable writing timestamps in logs
  -loggerErrorsPerSecondLimit int
-    	Per-second limit on the number of ERROR messages. If more than the given number of errors are emitted per second, then the remaining errors are suppressed. Zero value disables the rate limit (default 10)
+    	Per-second limit on the number of ERROR messages. If more than the given number of errors are emitted per second, then the remaining errors are suppressed. Zero value disables the rate limit
  -loggerFormat string
    	Format for logs. Possible values: default, json (default "default")
  -loggerLevel string
    	Minimum level of errors to log. Possible values: INFO, WARN, ERROR, FATAL, PANIC (default "INFO")
  -loggerOutput string
    	Output for the logs. Supported values: stderr, stdout (default "stderr")
  -loggerTimezone string
    	Timezone to use for timestamps in logs. Timezone must be a valid IANA Time Zone. For example: America/New_York, Europe/Berlin, Etc/GMT+3 or Local (default "UTC")
  -loggerWarnsPerSecondLimit int
    	Per-second limit on the number of WARN messages. If more than the given number of warns are emitted per second, then the remaining warns are suppressed. Zero value disables the rate limit
  -maxBytesPerSecond value
    	The maximum download speed. There is no limit if it is set to 0
    	Supports the following optional suffixes for values: KB, MB, GB, KiB, MiB, GiB (default 0)
--- a/go.mod
+++ b/go.mod
@ -1,27 +1,28 @@
 module github.com/VictoriaMetrics/VictoriaMetrics
 require (
-	cloud.google.com/go v0.77.0 // indirect
+	cloud.google.com/go v0.78.0 // indirect
-	cloud.google.com/go/storage v1.13.0
+	cloud.google.com/go/storage v1.14.0
 	github.com/VictoriaMetrics/fastcache v1.5.7
 	// Do not use the original github.com/valyala/fasthttp because of issues
 	// like https://github.com/valyala/fasthttp/commit/996610f021ff45fdc98c2ce7884d5fa4e7f9199b
 	github.com/VictoriaMetrics/fasthttp v1.0.12
-	github.com/VictoriaMetrics/metrics v1.15.0
+	github.com/VictoriaMetrics/metrics v1.15.2
 	github.com/VictoriaMetrics/metricsql v0.12.0
-	github.com/aws/aws-sdk-go v1.37.12
+	github.com/aws/aws-sdk-go v1.37.22
 	github.com/cespare/xxhash/v2 v2.1.1
 	github.com/cheggaaa/pb/v3 v3.0.6
 	github.com/cpuguy83/go-md2man/v2 v2.0.0 // indirect
 	github.com/fatih/color v1.10.0 // indirect
 	github.com/go-kit/kit v0.10.0
-	github.com/golang/snappy v0.0.2
+	github.com/golang/snappy v0.0.3
 	github.com/influxdata/influxdb v1.8.4
-	github.com/klauspost/compress v1.11.7
+	github.com/klauspost/compress v1.11.9
 	github.com/mattn/go-runewidth v0.0.10 // indirect
 	github.com/oklog/ulid v1.3.1
 	github.com/prometheus/client_golang v1.9.0 // indirect
 	github.com/prometheus/common v0.18.0 // indirect
 	github.com/prometheus/procfs v0.6.0 // indirect
 	github.com/prometheus/prometheus v1.8.2-0.20201119142752-3ad25a6dc3d9
 	github.com/rivo/uniseg v0.2.0 // indirect
@ -33,10 +34,14 @@ require (
 	github.com/valyala/gozstd v1.9.0
 	github.com/valyala/histogram v1.1.2
 	github.com/valyala/quicktemplate v1.6.3
-	go.opencensus.io v0.22.6 // indirect
+	go.opencensus.io v0.23.0 // indirect
-	golang.org/x/oauth2 v0.0.0-20210216194517-16ff1888fd2e
+	golang.org/x/net v0.0.0-20210226172049-e18ecbb05110 // indirect
-	golang.org/x/sys v0.0.0-20210216163648-f7da38b97c65
+	golang.org/x/oauth2 v0.0.0-20210220000619-9bb904979d93
 	golang.org/x/sync v0.0.0-20210220032951-036812b2e83c // indirect
 	golang.org/x/sys v0.0.0-20210301091718-77cc2087c03b
 	google.golang.org/api v0.40.0
 	google.golang.org/genproto v0.0.0-20210302174412-5ede27ff9881 // indirect
 	google.golang.org/grpc v1.36.0 // indirect
 	gopkg.in/yaml.v2 v2.4.0
 )
--- a/go.sum
+++ b/go.sum
@ -18,8 +18,8 @@ cloud.google.com/go v0.65.0/go.mod h1:O5N8zS7uWy9vkA9vayVHs65eM1ubvY4h553ofrNHOb
 cloud.google.com/go v0.72.0/go.mod h1:M+5Vjvlc2wnp6tjzE102Dw08nGShTscUx2nZMufOKPI=
 cloud.google.com/go v0.74.0/go.mod h1:VV1xSbzvo+9QJOxLDaJfTjx5e+MePCpCWwvftOeQmWk=
 cloud.google.com/go v0.75.0/go.mod h1:VGuuCn7PG0dwsd5XPVm2Mm3wlh3EL55/79EKB6hlPTY=
-cloud.google.com/go v0.77.0 h1:qA5V5+uQf6Mgr+tmFI8UT3D/ELyhIYkPwNGao/3Y+sQ=
+cloud.google.com/go v0.78.0 h1:oKpsiyKMfVpwR3zSAkQixGzlVE5ovitBuO0qSmCf0bI=
-cloud.google.com/go v0.77.0/go.mod h1:R8fYSLIilC247Iu8WS2OGHw1E/Ufn7Pd7HiDjTqiURs=
+cloud.google.com/go v0.78.0/go.mod h1:QjdrLG0uq+YwhjoVOLsS1t7TW8fs36kLs4XO5R5ECHg=
 cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o=
 cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE=
 cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc=
@ -38,8 +38,8 @@ cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0Zeo
 cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk=
 cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs=
 cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0=
-cloud.google.com/go/storage v1.13.0 h1:amPvhCOI+Hltp6rPu+62YdwhIrjf+34PKVAL4HwgYwk=
+cloud.google.com/go/storage v1.14.0 h1:6RRlFMv1omScs6iq2hfE3IvgE+l6RfJPampq8UZc5TU=
-cloud.google.com/go/storage v1.13.0/go.mod h1:pqFyBUK3zZqMIIU5+8NaZq6/Ma3ClgUg9Hv5jfuJnvo=
+cloud.google.com/go/storage v1.14.0/go.mod h1:GrKmX003DSIwi9o29oFT7YDnHYwZoctc3fOKtUw0Xmo=
 collectd.org v0.3.0/go.mod h1:A/8DzQBkF6abtvrT2j/AU/4tiBgJWYyh0y/oB/4MlWE=
 dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
 github.com/Azure/azure-sdk-for-go v48.2.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
@ -85,8 +85,8 @@ github.com/VictoriaMetrics/fastcache v1.5.7/go.mod h1:ptDBkNMQI4RtmVo8VS/XwRY6Ro
 github.com/VictoriaMetrics/fasthttp v1.0.12 h1:Ag0E119yrH4BTxVyjKD9TeiSImtG9bUcg/stItLJhSE=
 github.com/VictoriaMetrics/fasthttp v1.0.12/go.mod h1:3SeUL4zwB/p/a9aEeRc6gdlbrtNHXBJR6N376EgiSHU=
 github.com/VictoriaMetrics/metrics v1.12.2/go.mod h1:Z1tSfPfngDn12bTfZSCqArT3OPY3u88J12hSoOhuiRE=
-github.com/VictoriaMetrics/metrics v1.15.0 h1:HGmGaILioC4vNk6UhkcwLIaDlg5y4MVganq1verl5js=
+github.com/VictoriaMetrics/metrics v1.15.2 h1:w/GD8L9tm+gvx1oZvAofRRXwammiicdI0jgLghA2Gdo=
-github.com/VictoriaMetrics/metrics v1.15.0/go.mod h1:Z1tSfPfngDn12bTfZSCqArT3OPY3u88J12hSoOhuiRE=
+github.com/VictoriaMetrics/metrics v1.15.2/go.mod h1:Z1tSfPfngDn12bTfZSCqArT3OPY3u88J12hSoOhuiRE=
 github.com/VictoriaMetrics/metricsql v0.12.0 h1:NMIu0MPBmGP34g4RUjI1U0xW5XYp7IVNXe9KtZI3PFQ=
 github.com/VictoriaMetrics/metricsql v0.12.0/go.mod h1:ylO7YITho/Iw6P71oEaGyHbO94bGoGtzWfLGqFhMIg8=
 github.com/VividCortex/ewma v1.1.1 h1:MnEK4VOv6n0RSY4vtRe3h11qjxL3+t0B8yOL8iMXdcM=
@ -123,8 +123,8 @@ github.com/aws/aws-lambda-go v1.13.3/go.mod h1:4UKl9IzQMoD+QF79YdCuzCwp8VbmG4VAQ
 github.com/aws/aws-sdk-go v1.27.0/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
 github.com/aws/aws-sdk-go v1.34.28/go.mod h1:H7NKnBqNVzoTJpGfLrQkkD+ytBA93eiDYi/+8rV9s48=
 github.com/aws/aws-sdk-go v1.35.31/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro=
-github.com/aws/aws-sdk-go v1.37.12 h1:rPdjZTlzHn+sbLEO+i535g+WpGf7QBDLYI7rDok+FHo=
+github.com/aws/aws-sdk-go v1.37.22 h1:cyZp8TvUbH9rrShdrwULtCj4pB5szddrw9aKHUsw1Ic=
-github.com/aws/aws-sdk-go v1.37.12/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro=
+github.com/aws/aws-sdk-go v1.37.22/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro=
 github.com/aws/aws-sdk-go-v2 v0.18.0/go.mod h1:JWVYvqSMppoMJC0x5wdwiImzgXTI9FuZwxzkQq9wy+g=
 github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
 github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
@ -366,8 +366,9 @@ github.com/golang/protobuf v1.4.3 h1:JjCZWpVbqXDqFVmTfYWEVTMIYrL/NPdPSCHPJ0T/raM
 github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
 github.com/golang/snappy v0.0.0-20180518054509-2e65f85255db/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
 github.com/golang/snappy v0.0.1/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
 github.com/golang/snappy v0.0.2 h1:aeE13tS0IiQgFjYdoL8qN3K1N2bXXtI6Vi51/y7BpMw=
 github.com/golang/snappy v0.0.2/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
 github.com/golang/snappy v0.0.3 h1:fHPg5GQYlCeLIPB9BZqMVR5nR9A+IM5zcgeTdjMYmLA=
 github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
 github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
 github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
 github.com/google/flatbuffers v1.11.0/go.mod h1:1AeVuKshWv4vARoZatz6mlQ0JxURH0Kv5+zNeJKJCa8=
@ -507,8 +508,8 @@ github.com/klauspost/compress v1.9.5/go.mod h1:RyIbtBH6LamlWaDj8nUwkbUhJ87Yi3uG0
 github.com/klauspost/compress v1.10.7/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs=
 github.com/klauspost/compress v1.11.0/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs=
 github.com/klauspost/compress v1.11.3/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs=
-github.com/klauspost/compress v1.11.7 h1:0hzRabrMN4tSTvMfnL3SCv1ZGeAP23ynzodBgaHeMeg=
+github.com/klauspost/compress v1.11.9 h1:5OCMOdde1TCT2sookEuVeEZzA8bmRSFV3AwPDZAG8AA=
-github.com/klauspost/compress v1.11.7/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs=
+github.com/klauspost/compress v1.11.9/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs=
 github.com/klauspost/cpuid v0.0.0-20170728055534-ae7887de9fa5/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek=
 github.com/klauspost/crc32 v0.0.0-20161016154125-cb6bfca970f6/go.mod h1:+ZoRqAPRLkC4NPOvfYeR5KNOrY6TD+/sAC3HXPZgDYg=
 github.com/klauspost/pgzip v1.0.2-0.20170402124221-0bf5dcad4ada/go.mod h1:Ch1tH69qFZu15pkjo5kYi6mth2Zzwzt50oCQKQE9RUs=
@ -671,8 +672,9 @@ github.com/prometheus/common v0.7.0/go.mod h1:DjGbpBbp5NYNiECxcL/VnbXCCaQpKd3tt2
 github.com/prometheus/common v0.9.1/go.mod h1:yhUN8i9wzaXS3w1O07YhxHEBxD+W35wd8bs7vj7HSQ4=
 github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo=
 github.com/prometheus/common v0.14.0/go.mod h1:U+gB1OBLb1lF3O42bTCL+FK18tX9Oar16Clt/msog/s=
 github.com/prometheus/common v0.15.0 h1:4fgOnadei3EZvgRwxJ7RMpG1k1pOZth5Pc13tyspaKM=
 github.com/prometheus/common v0.15.0/go.mod h1:U+gB1OBLb1lF3O42bTCL+FK18tX9Oar16Clt/msog/s=
 github.com/prometheus/common v0.18.0 h1:WCVKW7aL6LEe1uryfI9dnEc2ZqNB1Fn0ok930v0iL1Y=
 github.com/prometheus/common v0.18.0/go.mod h1:U+gB1OBLb1lF3O42bTCL+FK18tX9Oar16Clt/msog/s=
 github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
 github.com/prometheus/procfs v0.0.0-20190117184657-bf6a532e95b1/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
 github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
@ -795,8 +797,8 @@ go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
 go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
 go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
 go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk=
-go.opencensus.io v0.22.6 h1:BdkrbWrzDlV9dnbzoP7sfN+dHheJ4J9JOaYxcUDL+ok=
+go.opencensus.io v0.23.0 h1:gqCw0LfLxScz8irSi8exQc7fyQ0fKQU/qnC/X8+V/1M=
-go.opencensus.io v0.22.6/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E=
+go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E=
 go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
 go.uber.org/atomic v1.5.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ=
 go.uber.org/atomic v1.7.0 h1:ADUqmZGgLDDfbSL9ZmPxKTybcoEYHgpYfELNoN+7hsw=
@ -909,8 +911,9 @@ golang.org/x/net v0.0.0-20201031054903-ff519b6c9102/go.mod h1:sp8m0HH+o8qH0wwXwY
 golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20201209123823-ac852fbbde11/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20210119194325-5f4716e94777 h1:003p0dJM77cxMSyCPFphvZf/Y5/NXf5fzg6ufd1/Oew=
 golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110 h1:qWPm9rbaAMKs8Bq/9LRpbMqxWRVUAQwMI9fVrssnTfw=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@ -919,9 +922,9 @@ golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4Iltr
 golang.org/x/oauth2 v0.0.0-20200902213428-5d25da1a8d43/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20201109201403-9fd604954f58/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20201208152858-08078c50e5b5/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20210113205817-d3ed898aa8a3/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
+golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20210216194517-16ff1888fd2e h1:xxTKAjlluPXFVQnUNoBO7OvmNNE/RpmyUeLVFSYiQQ0=
+golang.org/x/oauth2 v0.0.0-20210220000619-9bb904979d93 h1:alLDrZkL34Y2bnGHfvC1CYBRBXCXgx8AC2vY4MRtYX4=
-golang.org/x/oauth2 v0.0.0-20210216194517-16ff1888fd2e/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
+golang.org/x/oauth2 v0.0.0-20210220000619-9bb904979d93/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@ -932,8 +935,9 @@ golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201207232520-09787c993a3a h1:DcqTD9SDLc+1P/r1EmRBwnVsrOwW+kk2vWf9n+1sGhs=
 golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c h1:5KslGYwFpkhGh+Q16bwMP3cOontH8FOep7tGV86Y7SQ=
 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@ -999,8 +1003,10 @@ golang.org/x/sys v0.0.0-20201214210602-f9fddec55a1e/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20210104204734-6f8348627aad/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210216163648-f7da38b97c65 h1:pTMjDVnP5eVRRlWO76rEWJ8JoC6Lf1CmyjPZXRiy2Sw=
+golang.org/x/sys v0.0.0-20210220050731-9a76102bfb43/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210216163648-f7da38b97c65/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210225134936-a50acf3fe073/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210301091718-77cc2087c03b h1:kHlr0tATeLRMEiZJu5CknOw/E8V6h69sXXQFGoPtjcc=
 golang.org/x/sys v0.0.0-20210301091718-77cc2087c03b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@ -1116,7 +1122,6 @@ google.golang.org/api v0.29.0/go.mod h1:Lcubydp8VUV7KeIHD9z2Bys/sm/vGKnG1UHuDBSr
 google.golang.org/api v0.30.0/go.mod h1:QGmEvQ87FHZNiUVJkT14jQNYJ4ZJjdRF23ZXz5138Fc=
 google.golang.org/api v0.35.0/go.mod h1:/XrVsuzM0rZmrsbjJutiuftIzeuTQcEeaYcSk/mQ1dg=
 google.golang.org/api v0.36.0/go.mod h1:+z5ficQTmoYpPn8LCUNVpK5I7hwkpjbcgqA7I34qYtE=
 google.golang.org/api v0.38.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjRCQ8=
 google.golang.org/api v0.40.0 h1:uWrpz12dpVPn7cojP82mk02XDgTJLDPc2KbVTxrWb4A=
 google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjRCQ8=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
@ -1167,9 +1172,10 @@ google.golang.org/genproto v0.0.0-20201201144952-b05cb90ed32e/go.mod h1:FWY/as6D
 google.golang.org/genproto v0.0.0-20201210142538-e3217bee35cc/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20201214200347-8c77b98c765d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20210108203827-ffc7fda8c3d7/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20210203152818-3206188e46ba/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20210222152913-aa3ee6e6a81c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20210212180131-e7f2df4ecc2d h1:Edhcm0CKDPLQIecHCp5Iz57Lo7MfT6zUFBAlocmOjcY=
+google.golang.org/genproto v0.0.0-20210226172003-ab064af71705/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20210212180131-e7f2df4ecc2d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20210302174412-5ede27ff9881 h1:SYuy3hIRsBIROE0aZwsJZOEJNC/n9/p0FmLEU9C31AE=
 google.golang.org/genproto v0.0.0-20210302174412-5ede27ff9881/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.20.0/go.mod h1:chYK+tFQF0nDUGJgXMSgLCQk3phJEuONr2DCgLDdAQM=
@ -1191,8 +1197,9 @@ google.golang.org/grpc v1.31.1/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM
 google.golang.org/grpc v1.33.1/go.mod h1:fr5YgcSWrqhRRxogOsw7RzIpsmvOZ6IcH4kBYTpR3n0=
 google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc=
 google.golang.org/grpc v1.34.0/go.mod h1:WotjhfgOW/POjDeRt8vscBtXq+2VjORFy659qA51WJ8=
 google.golang.org/grpc v1.35.0 h1:TwIQcH3es+MojMVojxxfQ3l3OF2KzlRxML2xZq0kRo8=
 google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
 google.golang.org/grpc v1.36.0 h1:o1bcQ6imQMIOpdrO3SWf2z5RV72WbDwdXuK0MDlc8As=
 google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
 google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
 google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
--- a/lib/httpserver/httpserver.go
+++ b/lib/httpserver/httpserver.go
@ -328,9 +328,9 @@ func maybeGzipResponseWriter(w http.ResponseWriter, r *http.Request) http.Respon
 	zw := getGzipWriter(w)
 	bw := getBufioWriter(zw)
 	zrw := &gzipResponseWriter{
-		ResponseWriter: w,
+		rw: w,
-		zw:             zw,
+		zw: zw,
-		bw:             bw,
+		bw: bw,
 	}
 	return zrw
 }
@ -376,7 +376,7 @@ func putGzipWriter(zw *gzip.Writer) {
 var gzipWriterPool sync.Pool
 type gzipResponseWriter struct {
-	http.ResponseWriter
+	rw         http.ResponseWriter
 	zw         *gzip.Writer
 	bw         *bufio.Writer
 	statusCode int
@ -385,6 +385,12 @@ type gzipResponseWriter struct {
 	disableCompression bool
 }
 // Implements http.ResponseWriter.Header method.
 func (zrw *gzipResponseWriter) Header() http.Header {
 	return zrw.rw.Header()
 }
 // Implements http.ResponseWriter.Write method.
 func (zrw *gzipResponseWriter) Write(p []byte) (int, error) {
 	if !zrw.firstWriteDone {
 		h := zrw.Header()
@ -407,11 +413,12 @@ func (zrw *gzipResponseWriter) Write(p []byte) (int, error) {
 		zrw.firstWriteDone = true
 	}
 	if zrw.disableCompression {
-		return zrw.ResponseWriter.Write(p)
+		return zrw.rw.Write(p)
 	}
 	return zrw.bw.Write(p)
 }
 // Implements http.ResponseWriter.WriteHeader method.
 func (zrw *gzipResponseWriter) WriteHeader(statusCode int) {
 	zrw.statusCode = statusCode
 }
@ -420,11 +427,14 @@ func (zrw *gzipResponseWriter) writeHeader() {
 	if zrw.statusCode == 0 {
 		zrw.statusCode = http.StatusOK
 	}
-	zrw.ResponseWriter.WriteHeader(zrw.statusCode)
+	zrw.rw.WriteHeader(zrw.statusCode)
 }
 // Implements http.Flusher
 func (zrw *gzipResponseWriter) Flush() {
 	if !zrw.firstWriteDone {
 		_, _ = zrw.Write(nil)
 	}
 	if !zrw.disableCompression {
 		if err := zrw.bw.Flush(); err != nil && !isTrivialNetworkError(err) {
 			logger.Warnf("gzipResponseWriter.Flush (buffer): %s", err)
@ -433,15 +443,14 @@ func (zrw *gzipResponseWriter) Flush() {
 			logger.Warnf("gzipResponseWriter.Flush (gzip): %s", err)
 		}
 	}
-	if fw, ok := zrw.ResponseWriter.(http.Flusher); ok {
+	if fw, ok := zrw.rw.(http.Flusher); ok {
 		fw.Flush()
 	}
 }
 func (zrw *gzipResponseWriter) Close() error {
 	if !zrw.firstWriteDone {
-		zrw.writeHeader()
+		_, _ = zrw.Write(nil)
 		return nil
 	}
 	zrw.Flush()
 	var err error
--- a/lib/promrelabel/relabel.go
+++ b/lib/promrelabel/relabel.go
@ -225,17 +225,6 @@ func (prc *parsedRelabelConfig) apply(labels []prompbmarshal.Label, labelsOffset
 		}
 		return labels
 	case "labeldrop":
 		keepSrc := true
 		for i := range src {
 			label := &src[i]
 			if prc.matchString(label.Name) {
 				keepSrc = false
 				break
 			}
 		}
 		if keepSrc {
 			return labels
 		}
 		dst := labels[:labelsOffset]
 		for i := range src {
 			label := &src[i]
@ -245,17 +234,6 @@ func (prc *parsedRelabelConfig) apply(labels []prompbmarshal.Label, labelsOffset
 		}
 		return dst
 	case "labelkeep":
 		keepSrc := true
 		for i := range src {
 			label := &src[i]
 			if !prc.matchString(label.Name) {
 				keepSrc = false
 				break
 			}
 		}
 		if keepSrc {
 			return labels
 		}
 		dst := labels[:labelsOffset]
 		for i := range src {
 			label := &src[i]
--- a/lib/promscrape/config.go
+++ b/lib/promscrape/config.go
@ -7,14 +7,13 @@ import (
 	"net/url"
 	"path/filepath"
 	"sort"
 	"strconv"
 	"strings"
 	"sync"
 	"time"
 	"github.com/VictoriaMetrics/VictoriaMetrics/lib/bytesutil"
 	"github.com/VictoriaMetrics/VictoriaMetrics/lib/cgroup"
 	"github.com/VictoriaMetrics/VictoriaMetrics/lib/envtemplate"
 	"github.com/VictoriaMetrics/VictoriaMetrics/lib/fasttime"
 	"github.com/VictoriaMetrics/VictoriaMetrics/lib/logger"
 	"github.com/VictoriaMetrics/VictoriaMetrics/lib/promauth"
 	"github.com/VictoriaMetrics/VictoriaMetrics/lib/prompbmarshal"
@ -29,6 +28,7 @@ import (
 	"github.com/VictoriaMetrics/VictoriaMetrics/lib/promscrape/discovery/openstack"
 	"github.com/VictoriaMetrics/VictoriaMetrics/lib/proxy"
 	"github.com/VictoriaMetrics/metrics"
 	xxhash "github.com/cespare/xxhash/v2"
 	"gopkg.in/yaml.v2"
 )
@ -42,6 +42,11 @@ var (
 	dropOriginalLabels = flag.Bool("promscrape.dropOriginalLabels", false, "Whether to drop original labels for scrape targets at /targets and /api/v1/targets pages. "+
 		"This may be needed for reducing memory usage when original labels for big number of scrape targets occupy big amounts of memory. "+
 		"Note that this reduces debuggability for improper per-target relabeling configs")
 	clusterMembersCount = flag.Int("promscrape.cluster.membersCount", 0, "The number of members in a cluster of scrapers. "+
 		"Each member must have an unique -promscrape.cluster.memberNum in the range 0 ... promscrape.cluster.membersCount-1 . "+
 		"Each member then scrapes roughly 1/N of all the targets. By default cluster scraping is disabled, i.e. a single scraper scrapes all the targets")
 	clusterMemberNum = flag.Int("promscrape.cluster.memberNum", 0, "The number of number in the cluster of scrapers. "+
 		"It must be an unique value in the range 0 ... promscrape.cluster.membersCount-1 across scrapers in the cluster")
 )
 // Config represents essential parts from Prometheus config defined at https://prometheus.io/docs/prometheus/latest/configuration/configuration/
@ -53,6 +58,15 @@ type Config struct {
 	baseDir string
 }
 func (cfg *Config) mustStop() {
 	startTime := time.Now()
 	logger.Infof("stopping service discovery routines...")
 	for i := range cfg.ScrapeConfigs {
 		cfg.ScrapeConfigs[i].mustStop()
 	}
 	logger.Infof("stopped service discovery routines in %.3f seconds", time.Since(startTime).Seconds())
 }
 // GlobalConfig represents essential parts for `global` section of Prometheus config.
 //
 // See https://prometheus.io/docs/prometheus/latest/configuration/configuration/
@ -85,7 +99,7 @@ type ScrapeConfig struct {
 	OpenStackSDConfigs   []openstack.SDConfig        `yaml:"openstack_sd_configs,omitempty"`
 	ConsulSDConfigs      []consul.SDConfig           `yaml:"consul_sd_configs,omitempty"`
 	EurekaSDConfigs      []eureka.SDConfig           `yaml:"eureka_sd_configs,omitempty"`
-	DockerSwarmConfigs   []dockerswarm.SDConfig      `yaml:"dockerswarm_sd_configs,omitempty"`
+	DockerSwarmSDConfigs []dockerswarm.SDConfig      `yaml:"dockerswarm_sd_configs,omitempty"`
 	DNSSDConfigs         []dns.SDConfig              `yaml:"dns_sd_configs,omitempty"`
 	EC2SDConfigs         []ec2.SDConfig              `yaml:"ec2_sd_configs,omitempty"`
 	GCESDConfigs         []gce.SDConfig              `yaml:"gce_sd_configs,omitempty"`
@ -103,6 +117,33 @@ type ScrapeConfig struct {
 	swc *scrapeWorkConfig
 }
 func (sc *ScrapeConfig) mustStop() {
 	for i := range sc.KubernetesSDConfigs {
 		sc.KubernetesSDConfigs[i].MustStop()
 	}
 	for i := range sc.OpenStackSDConfigs {
 		sc.OpenStackSDConfigs[i].MustStop()
 	}
 	for i := range sc.ConsulSDConfigs {
 		sc.ConsulSDConfigs[i].MustStop()
 	}
 	for i := range sc.EurekaSDConfigs {
 		sc.EurekaSDConfigs[i].MustStop()
 	}
 	for i := range sc.DockerSwarmSDConfigs {
 		sc.DockerSwarmSDConfigs[i].MustStop()
 	}
 	for i := range sc.DNSSDConfigs {
 		sc.DNSSDConfigs[i].MustStop()
 	}
 	for i := range sc.EC2SDConfigs {
 		sc.EC2SDConfigs[i].MustStop()
 	}
 	for i := range sc.GCESDConfigs {
 		sc.GCESDConfigs[i].MustStop()
 	}
 }
 // FileSDConfig represents file-based service discovery config.
 //
 // See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config
@ -199,10 +240,23 @@ func (cfg *Config) getKubernetesSDScrapeWork(prev []*ScrapeWork) []*ScrapeWork {
 		ok := true
 		for j := range sc.KubernetesSDConfigs {
 			sdc := &sc.KubernetesSDConfigs[j]
-			var okLocal bool
+			swos, err := sdc.GetScrapeWorkObjects(cfg.baseDir, func(metaLabels map[string]string) interface{} {
-			dst, okLocal = appendSDScrapeWork(dst, sdc, cfg.baseDir, sc.swc, "kubernetes_sd_config")
+				target := metaLabels["__address__"]
-			if ok {
+				sw, err := sc.swc.getScrapeWork(target, nil, metaLabels)
-				ok = okLocal
+				if err != nil {
 					logger.Errorf("cannot create kubernetes_sd_config target target %q for job_name %q: %s", target, sc.swc.jobName, err)
 					return nil
 				}
 				return sw
 			})
 			if err != nil {
 				logger.Errorf("skipping kubernetes_sd_config targets for job_name %q because of error: %s", sc.swc.jobName, err)
 				ok = false
 				break
 			}
 			for _, swo := range swos {
 				sw := swo.(*ScrapeWork)
 				dst = append(dst, sw)
 			}
 		}
 		if ok {
@ -210,7 +264,7 @@ func (cfg *Config) getKubernetesSDScrapeWork(prev []*ScrapeWork) []*ScrapeWork {
 		}
 		swsPrev := swsPrevByJob[sc.swc.jobName]
 		if len(swsPrev) > 0 {
-			logger.Errorf("there were errors when discovering kubernetes targets for job %q, so preserving the previous targets", sc.swc.jobName)
+			logger.Errorf("there were errors when discovering kubernetes_sd_config targets for job %q, so preserving the previous targets", sc.swc.jobName)
 			dst = append(dst[:dstLen], swsPrev...)
 		}
 	}
@ -253,8 +307,8 @@ func (cfg *Config) getDockerSwarmSDScrapeWork(prev []*ScrapeWork) []*ScrapeWork
 		sc := &cfg.ScrapeConfigs[i]
 		dstLen := len(dst)
 		ok := true
-		for j := range sc.DockerSwarmConfigs {
+		for j := range sc.DockerSwarmSDConfigs {
-			sdc := &sc.DockerSwarmConfigs[j]
+			sdc := &sc.DockerSwarmSDConfigs[j]
 			var okLocal bool
 			dst, okLocal = appendSDScrapeWork(dst, sdc, cfg.baseDir, sc.swc, "dockerswarm_sd_config")
 			if ok {
@ -513,8 +567,6 @@ func getScrapeWorkConfig(sc *ScrapeConfig, baseDir string, globalCfg *GlobalConf
 		disableKeepAlive:     sc.DisableKeepAlive,
 		streamParse:          sc.StreamParse,
 		scrapeAlignInterval:  sc.ScrapeAlignInterval,
 		cache: newScrapeWorkCache(),
 	}
 	return swc, nil
 }
@ -538,57 +590,6 @@ type scrapeWorkConfig struct {
 	disableKeepAlive     bool
 	streamParse          bool
 	scrapeAlignInterval  time.Duration
 	cache *scrapeWorkCache
 }
 type scrapeWorkCache struct {
 	mu              sync.Mutex
 	m               map[string]*scrapeWorkEntry
 	lastCleanupTime uint64
 }
 type scrapeWorkEntry struct {
 	sw             *ScrapeWork
 	lastAccessTime uint64
 }
 func newScrapeWorkCache() *scrapeWorkCache {
 	return &scrapeWorkCache{
 		m: make(map[string]*scrapeWorkEntry),
 	}
 }
 func (swc *scrapeWorkCache) Get(key string) *ScrapeWork {
 	currentTime := fasttime.UnixTimestamp()
 	swc.mu.Lock()
 	swe := swc.m[key]
 	if swe != nil {
 		swe.lastAccessTime = currentTime
 	}
 	swc.mu.Unlock()
 	if swe == nil {
 		return nil
 	}
 	return swe.sw
 }
 func (swc *scrapeWorkCache) Set(key string, sw *ScrapeWork) {
 	currentTime := fasttime.UnixTimestamp()
 	swc.mu.Lock()
 	swc.m[key] = &scrapeWorkEntry{
 		sw:             sw,
 		lastAccessTime: currentTime,
 	}
 	if currentTime > swc.lastCleanupTime+10*60 {
 		for k, swe := range swc.m {
 			if currentTime > swe.lastAccessTime+2*60 {
 				delete(swc.m, k)
 			}
 		}
 		swc.lastCleanupTime = currentTime
 	}
 	swc.mu.Unlock()
 }
 type targetLabelsGetter interface {
@ -611,9 +612,9 @@ func appendScrapeWorkForTargetLabels(dst []*ScrapeWork, swc *scrapeWorkConfig, t
 		sw  *ScrapeWork
 		err error
 	}
 	resultCh := make(chan result)
 	workCh := make(chan map[string]string)
 	goroutines := cgroup.AvailableCPUs()
 	resultCh := make(chan result, len(targetLabels))
 	workCh := make(chan map[string]string, goroutines)
 	for i := 0; i < goroutines; i++ {
 		go func() {
 			for metaLabels := range workCh {
@ -712,23 +713,20 @@ func (stc *StaticConfig) appendScrapeWork(dst []*ScrapeWork, swc *scrapeWorkConf
 	return dst
 }
-func (swc *scrapeWorkConfig) getScrapeWork(target string, extraLabels, metaLabels map[string]string) (*ScrapeWork, error) {
+func appendScrapeWorkKey(dst []byte, target string, extraLabels, metaLabels map[string]string) []byte {
-	key := getScrapeWorkKey(extraLabels, metaLabels)
+	dst = append(dst, target...)
-	if sw := swc.cache.Get(key); sw != nil {
+	dst = append(dst, ',')
-		return sw, nil
+	dst = appendSortedKeyValuePairs(dst, extraLabels)
-	}
+	dst = appendSortedKeyValuePairs(dst, metaLabels)
-	sw, err := swc.getScrapeWorkReal(target, extraLabels, metaLabels)
+	return dst
 	if err != nil {
 		swc.cache.Set(key, sw)
 	}
 	return sw, err
 }
-func getScrapeWorkKey(extraLabels, metaLabels map[string]string) string {
+func needSkipScrapeWork(key string) bool {
-	var b []byte
+	if *clusterMembersCount <= 0 {
-	b = appendSortedKeyValuePairs(b, extraLabels)
+		return false
-	b = appendSortedKeyValuePairs(b, metaLabels)
+	}
-	return string(b)
+	h := int(xxhash.Sum64(bytesutil.ToUnsafeBytes(key)))
 	return (h % *clusterMembersCount) != *clusterMemberNum
 }
 func appendSortedKeyValuePairs(dst []byte, m map[string]string) []byte {
@ -738,16 +736,27 @@ func appendSortedKeyValuePairs(dst []byte, m map[string]string) []byte {
 	}
 	sort.Strings(keys)
 	for _, k := range keys {
-		dst = strconv.AppendQuote(dst, k)
+		// Do not use strconv.AppendQuote, since it is slow according to CPU profile.
-		dst = append(dst, ':')
+		dst = append(dst, k...)
-		dst = strconv.AppendQuote(dst, m[k])
+		dst = append(dst, '=')
 		dst = append(dst, m[k]...)
 		dst = append(dst, ',')
 	}
 	dst = append(dst, '\n')
 	return dst
 }
-func (swc *scrapeWorkConfig) getScrapeWorkReal(target string, extraLabels, metaLabels map[string]string) (*ScrapeWork, error) {
+var scrapeWorkKeyBufPool bytesutil.ByteBufferPool
 func (swc *scrapeWorkConfig) getScrapeWork(target string, extraLabels, metaLabels map[string]string) (*ScrapeWork, error) {
 	// Verify whether the scrape work must be skipped.
 	bb := scrapeWorkKeyBufPool.Get()
 	defer scrapeWorkKeyBufPool.Put(bb)
 	bb.B = appendScrapeWorkKey(bb.B[:0], target, extraLabels, metaLabels)
 	if needSkipScrapeWork(bytesutil.ToUnsafeString(bb.B)) {
 		return nil, nil
 	}
 	labels := mergeLabels(swc.jobName, swc.scheme, target, swc.metricsPath, extraLabels, swc.externalLabels, metaLabels, swc.params)
 	var originalLabels []prompbmarshal.Label
 	if !*dropOriginalLabels {
@ -884,7 +893,7 @@ func getParamsFromLabels(labels []prompbmarshal.Label, paramsOrig map[string][]s
 func mergeLabels(job, scheme, target, metricsPath string, extraLabels, externalLabels, metaLabels map[string]string, params map[string][]string) []prompbmarshal.Label {
 	// See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config
-	m := make(map[string]string)
+	m := make(map[string]string, 4+len(externalLabels)+len(params)+len(extraLabels)+len(metaLabels))
 	for k, v := range externalLabels {
 		m[k] = v
 	}
--- a/lib/promscrape/config_test.go
+++ b/lib/promscrape/config_test.go
@ -4,6 +4,7 @@ import (
 	"crypto/tls"
 	"fmt"
 	"reflect"
 	"strconv"
 	"testing"
 	"time"
@ -444,6 +445,11 @@ func resetNonEssentialFields(sws []*ScrapeWork) {
 	}
 }
 // String returns human-readable representation for sw.
 func (sw *ScrapeWork) String() string {
 	return strconv.Quote(sw.key())
 }
 func TestGetFileSDScrapeWorkSuccess(t *testing.T) {
 	f := func(data string, expectedSws []*ScrapeWork) {
 		t.Helper()
@ -463,7 +469,7 @@ func TestGetFileSDScrapeWorkSuccess(t *testing.T) {
 			}
 		}
 		if !reflect.DeepEqual(sws, expectedSws) {
-			t.Fatalf("unexpected scrapeWork; got\n%v\nwant\n%v", sws, expectedSws)
+			t.Fatalf("unexpected scrapeWork; got\n%+v\nwant\n%+v", sws, expectedSws)
 		}
 	}
 	f(`
@ -608,7 +614,7 @@ func TestGetStaticScrapeWorkSuccess(t *testing.T) {
 		}
 		resetNonEssentialFields(sws)
 		if !reflect.DeepEqual(sws, expectedSws) {
-			t.Fatalf("unexpected scrapeWork; got\n%v\nwant\n%v", sws, expectedSws)
+			t.Fatalf("unexpected scrapeWork; got\n%+v\nwant\n%+v", sws, expectedSws)
 		}
 	}
 	f(``, nil)
--- a/lib/promscrape/discovery/consul/api.go
+++ b/lib/promscrape/discovery/consul/api.go
@ -20,6 +20,10 @@ type apiConfig struct {
 	consulWatcher *consulWatcher
 }
 func (ac *apiConfig) mustStop() {
 	ac.consulWatcher.mustStop()
 }
 var configMap = discoveryutils.NewConfigMap()
 func getAPIConfig(sdc *SDConfig, baseDir string) (*apiConfig, error) {
--- a/lib/promscrape/discovery/consul/consul.go
+++ b/lib/promscrape/discovery/consul/consul.go
@ -37,3 +37,13 @@ func (sdc *SDConfig) GetLabels(baseDir string) ([]map[string]string, error) {
 	ms := getServiceNodesLabels(cfg)
 	return ms, nil
 }
 // MustStop stops further usage for sdc.
 func (sdc *SDConfig) MustStop() {
 	v := configMap.Delete(sdc)
 	if v != nil {
 		// v can be nil if GetLabels wasn't called yet.
 		cfg := v.(*apiConfig)
 		cfg.mustStop()
 	}
 }
--- a/lib/promscrape/discovery/consul/watch.go
+++ b/lib/promscrape/discovery/consul/watch.go
@ -27,12 +27,12 @@ type consulWatcher struct {
 	watchServices         []string
 	watchTags             []string
-	// servicesLock protects services and servicesLastAccessTime
+	// servicesLock protects services
-	servicesLock           sync.Mutex
+	servicesLock sync.Mutex
-	services               map[string]*serviceWatcher
+	services     map[string]*serviceWatcher
 	servicesLastAccessTime time.Time
-	wg sync.WaitGroup
+	wg     sync.WaitGroup
 	stopCh chan struct{}
 }
 type serviceWatcher struct {
@ -55,18 +55,25 @@ func newConsulWatcher(client *discoveryutils.Client, sdc *SDConfig, datacenter s
 		serviceNodesQueryArgs += "&tag=" + url.QueryEscape(tag)
 	}
 	cw := &consulWatcher{
-		client:                 client,
+		client:                client,
-		serviceNamesQueryArgs:  baseQueryArgs,
+		serviceNamesQueryArgs: baseQueryArgs,
-		serviceNodesQueryArgs:  serviceNodesQueryArgs,
+		serviceNodesQueryArgs: serviceNodesQueryArgs,
-		watchServices:          sdc.Services,
+		watchServices:         sdc.Services,
-		watchTags:              sdc.Tags,
+		watchTags:             sdc.Tags,
-		services:               make(map[string]*serviceWatcher),
+		services:              make(map[string]*serviceWatcher),
-		servicesLastAccessTime: time.Now(),
+		stopCh:                make(chan struct{}),
 	}
 	go cw.watchForServicesUpdates()
 	return cw
 }
 func (cw *consulWatcher) mustStop() {
 	close(cw.stopCh)
 	// Do not wait for the watcher to stop, since it may take
 	// up to discoveryutils.BlockingClientReadTimeout to complete.
 	// TODO: add ability to cancel blocking requests.
 }
 // watchForServicesUpdates watches for new services and updates it in cw.
 func (cw *consulWatcher) watchForServicesUpdates() {
 	checkInterval := getCheckInterval()
@ -129,13 +136,12 @@ func (cw *consulWatcher) watchForServicesUpdates() {
 	logger.Infof("started Consul service watcher for %q", clientAddr)
 	f()
-	for range ticker.C {
+	for {
-		cw.servicesLock.Lock()
+		select {
-		lastAccessTime := cw.servicesLastAccessTime
+		case <-ticker.C:
-		cw.servicesLock.Unlock()
+			f()
-		if time.Since(lastAccessTime) > 3*checkInterval {
+		case <-cw.stopCh:
-			// The given cw is no longer used. Stop all service watchers and exit.
+			logger.Infof("stopping Consul service watchers for %q", clientAddr)
 			logger.Infof("starting to stop Consul service watchers for %q", clientAddr)
 			startTime := time.Now()
 			cw.servicesLock.Lock()
 			for _, sw := range cw.services {
@ -146,8 +152,6 @@ func (cw *consulWatcher) watchForServicesUpdates() {
 			logger.Infof("stopped Consul service watcher for %q in %.3f seconds", clientAddr, time.Since(startTime).Seconds())
 			return
 		}
 		f()
 	}
 }
@ -236,7 +240,6 @@ func (cw *consulWatcher) getServiceNodesSnapshot() []ServiceNode {
 	for _, sw := range cw.services {
 		sns = append(sns, sw.serviceNodes...)
 	}
 	cw.servicesLastAccessTime = time.Now()
 	cw.servicesLock.Unlock()
 	return sns
 }
--- a/lib/promscrape/discovery/dns/dns.go
+++ b/lib/promscrape/discovery/dns/dns.go
@ -46,6 +46,11 @@ func (sdc *SDConfig) GetLabels(baseDir string) ([]map[string]string, error) {
 	}
 }
 // MustStop stops further usage for sdc.
 func (sdc *SDConfig) MustStop() {
 	// nothing to do
 }
 func getSRVAddrLabels(ctx context.Context, sdc *SDConfig) []map[string]string {
 	type result struct {
 		name string
--- a/lib/promscrape/discovery/dockerswarm/dockerswarm.go
+++ b/lib/promscrape/discovery/dockerswarm/dockerswarm.go
@ -47,3 +47,8 @@ func (sdc *SDConfig) GetLabels(baseDir string) ([]map[string]string, error) {
 		return nil, fmt.Errorf("unexpected `role`: %q; must be one of `tasks`, `services` or `nodes`; skipping it", sdc.Role)
 	}
 }
 // MustStop stops further usage for sdc.
 func (sdc *SDConfig) MustStop() {
 	configMap.Delete(sdc)
 }
--- a/lib/promscrape/discovery/ec2/api.go
+++ b/lib/promscrape/discovery/ec2/api.go
@ -12,19 +12,16 @@ import (
 	"sync"
 	"time"
 	"github.com/VictoriaMetrics/VictoriaMetrics/lib/logger"
 	"github.com/VictoriaMetrics/VictoriaMetrics/lib/promscrape/discoveryutils"
 )
 const (
 	awsAccessKeyEnv = "AWS_ACCESS_KEY_ID"
 	awsSecretKeyEnv = "AWS_SECRET_ACCESS_KEY"
 )
 type apiConfig struct {
-	region  string
+	region       string
-	roleARN string
+	roleARN      string
-	filters string
+	webTokenPath string
-	port    int
+	filters      string
 	port         int
 	ec2Endpoint string
 	stsEndpoint string
@ -79,9 +76,16 @@ func newAPIConfig(sdc *SDConfig) (*apiConfig, error) {
 	cfg.ec2Endpoint = buildAPIEndpoint(sdc.Endpoint, region, "ec2")
 	cfg.stsEndpoint = buildAPIEndpoint(sdc.Endpoint, region, "sts")
 	if cfg.roleARN == "" {
 		cfg.roleARN = os.Getenv("AWS_ROLE_ARN")
 	}
 	cfg.webTokenPath = os.Getenv("AWS_WEB_IDENTITY_TOKEN_FILE")
 	if cfg.webTokenPath != "" && cfg.roleARN == "" {
 		return nil, fmt.Errorf("roleARN is missing for AWS_WEB_IDENTITY_TOKEN_FILE=%q, set it either in `ec2_sd_config` or via env var AWS_ROLE_ARN", cfg.webTokenPath)
 	}
 	// explicitly set credentials has priority over env variables
-	cfg.defaultAccessKey = os.Getenv(awsAccessKeyEnv)
+	cfg.defaultAccessKey = os.Getenv("AWS_ACCESS_KEY_ID")
-	cfg.defaultSecretKey = os.Getenv(awsSecretKeyEnv)
+	cfg.defaultSecretKey = os.Getenv("AWS_SECRET_ACCESS_KEY")
 	if len(sdc.AccessKey) > 0 {
 		cfg.defaultAccessKey = sdc.AccessKey
 	}
@ -108,6 +112,10 @@ func getFiltersQueryString(filters []Filter) string {
 }
 func getDefaultRegion() (string, error) {
 	envRegion := os.Getenv("AWS_REGION")
 	if envRegion != "" {
 		return envRegion, nil
 	}
 	data, err := getMetadataByPath("dynamic/instance-identity/document")
 	if err != nil {
 		return "", err
@ -156,6 +164,13 @@ func getAPICredentials(cfg *apiConfig) (*apiCredentials, error) {
 		AccessKeyID:     cfg.defaultAccessKey,
 		SecretAccessKey: cfg.defaultSecretKey,
 	}
 	if len(cfg.webTokenPath) > 0 {
 		token, err := ioutil.ReadFile(cfg.webTokenPath)
 		if err != nil {
 			return nil, fmt.Errorf("cannot read webToken from path: %q, err: %w", cfg.webTokenPath, err)
 		}
 		return getRoleWebIdentityCredentials(cfg.stsEndpoint, cfg.roleARN, string(token))
 	}
 	// we need instance credentials if dont have access keys
 	if len(acNew.AccessKeyID) == 0 && len(acNew.SecretAccessKey) == 0 {
@ -175,12 +190,12 @@ func getAPICredentials(cfg *apiConfig) (*apiCredentials, error) {
 		acNew = ac
 	}
 	if len(acNew.AccessKeyID) == 0 {
-		return nil, fmt.Errorf("missing `access_key`, you can set it with %s env var, "+
+		return nil, fmt.Errorf("missing `access_key`, you can set it with env var AWS_ACCESS_KEY_ID, " +
-			"directly at `ec2_sd_config` as `access_key` or use instance iam role", awsAccessKeyEnv)
+			"directly at `ec2_sd_config` as `access_key` or use instance iam role")
 	}
 	if len(acNew.SecretAccessKey) == 0 {
-		return nil, fmt.Errorf("missing `secret_key`, you can set it with %s env var,"+
+		return nil, fmt.Errorf("missing `secret_key`, you can set it with env var AWS_SECRET_ACCESS_KEY," +
-			"directly at `ec2_sd_config` as `secret_key` or use instance iam role", awsSecretKeyEnv)
+			"directly at `ec2_sd_config` as `secret_key` or use instance iam role")
 	}
 	return acNew, nil
 }
@ -263,42 +278,73 @@ func getMetadataByPath(apiPath string) ([]byte, error) {
 	return readResponseBody(resp, apiURL)
 }
-// getRoleARNCredentials obtains credentials fo the given roleARN.
+// getRoleWebIdentityCredentials obtains credentials fo the given roleARN with webToken.
-func getRoleARNCredentials(region, stsEndpoint, roleARN string, creds *apiCredentials) (*apiCredentials, error) {
+// https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRoleWithWebIdentity.html
-	data, err := getSTSAPIResponse(region, stsEndpoint, roleARN, creds)
+// aws IRSA for kubernetes.
 // https://aws.amazon.com/blogs/opensource/introducing-fine-grained-iam-roles-service-accounts/
 func getRoleWebIdentityCredentials(stsEndpoint, roleARN string, token string) (*apiCredentials, error) {
 	data, err := getSTSAPIResponse("AssumeRoleWithWebIdentity", stsEndpoint, roleARN, func(apiURL string) (*http.Request, error) {
 		apiURL += fmt.Sprintf("&WebIdentityToken=%s", url.QueryEscape(token))
 		return http.NewRequest("GET", apiURL, nil)
 	})
 	if err != nil {
 		return nil, err
 	}
-	return parseARNCredentials(data)
+	return parseARNCredentials(data, "AssumeRoleWithWebIdentity")
 }
 // getRoleARNCredentials obtains credentials fo the given roleARN.
 func getRoleARNCredentials(region, stsEndpoint, roleARN string, creds *apiCredentials) (*apiCredentials, error) {
 	data, err := getSTSAPIResponse("AssumeRole", stsEndpoint, roleARN, func(apiURL string) (*http.Request, error) {
 		return newSignedRequest(apiURL, "sts", region, creds)
 	})
 	if err != nil {
 		return nil, err
 	}
 	return parseARNCredentials(data, "AssumeRole")
 }
 // parseARNCredentials parses apiCredentials from AssumeRole response.
 //
 // See https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html
-func parseARNCredentials(data []byte) (*apiCredentials, error) {
+func parseARNCredentials(data []byte, role string) (*apiCredentials, error) {
 	var arr AssumeRoleResponse
 	if err := xml.Unmarshal(data, &arr); err != nil {
 		return nil, fmt.Errorf("cannot parse AssumeRoleResponse response from %q: %w", data, err)
 	}
 	var cred assumeCredentials
 	switch role {
 	case "AssumeRole":
 		cred = arr.AssumeRoleResult.Credentials
 	case "AssumeRoleWithWebIdentity":
 		cred = arr.AssumeRoleWithWebIdentityResult.Credentials
 	default:
 		logger.Panicf("BUG: unexpected role: %q", role)
 	}
 	return &apiCredentials{
-		AccessKeyID:     arr.AssumeRoleResult.Credentials.AccessKeyID,
+		AccessKeyID:     cred.AccessKeyID,
-		SecretAccessKey: arr.AssumeRoleResult.Credentials.SecretAccessKey,
+		SecretAccessKey: cred.SecretAccessKey,
-		Token:           arr.AssumeRoleResult.Credentials.SessionToken,
+		Token:           cred.SessionToken,
-		Expiration:      arr.AssumeRoleResult.Credentials.Expiration,
+		Expiration:      cred.Expiration,
 	}, nil
 }
 type assumeCredentials struct {
 	AccessKeyID     string    `xml:"AccessKeyId"`
 	SecretAccessKey string    `xml:"SecretAccessKey"`
 	SessionToken    string    `xml:"SessionToken"`
 	Expiration      time.Time `xml:"Expiration"`
 }
 // AssumeRoleResponse represents AssumeRole response
 //
 // See https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html
 type AssumeRoleResponse struct {
 	AssumeRoleResult struct {
-		Credentials struct {
+		Credentials assumeCredentials
-			AccessKeyID     string    `xml:"AccessKeyId"`
+	}
-			SecretAccessKey string    `xml:"SecretAccessKey"`
+	AssumeRoleWithWebIdentityResult struct {
-			SessionToken    string    `xml:"SessionToken"`
+		Credentials assumeCredentials
 			Expiration      time.Time `xml:"Expiration"`
 		}
 	}
 }
@ -319,18 +365,18 @@ func buildAPIEndpoint(customEndpoint, region, service string) string {
 	return endpoint
 }
-// getSTSAPIResponse makes request to aws sts api with role_arn
+// getSTSAPIResponse makes request to aws sts api with roleARN
 // and returns temporary credentials with expiration time
 //
 // See https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html
-func getSTSAPIResponse(region, stsEndpoint, roleARN string, creds *apiCredentials) ([]byte, error) {
+func getSTSAPIResponse(action, stsEndpoint, roleARN string, reqBuilder func(apiURL string) (*http.Request, error)) ([]byte, error) {
 	// See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Query-Requests.html
-	apiURL := fmt.Sprintf("%s?Action=%s", stsEndpoint, "AssumeRole")
+	apiURL := fmt.Sprintf("%s?Action=%s", stsEndpoint, action)
 	apiURL += "&Version=2011-06-15"
 	apiURL += fmt.Sprintf("&RoleArn=%s", roleARN)
 	// we have to provide unique session name for cloudtrail audit
 	apiURL += "&RoleSessionName=vmagent-ec2-discovery"
-	req, err := newSignedRequest(apiURL, "sts", region, creds)
+	req, err := reqBuilder(apiURL)
 	if err != nil {
 		return nil, fmt.Errorf("cannot create signed request: %w", err)
 	}
--- a/lib/promscrape/discovery/ec2/api_test.go
+++ b/lib/promscrape/discovery/ec2/api_test.go
@ -51,7 +51,7 @@ func TestParseMetadataSecurityCredentialsSuccess(t *testing.T) {
 func TestParseARNCredentialsFailure(t *testing.T) {
 	f := func(s string) {
 		t.Helper()
-		creds, err := parseARNCredentials([]byte(s))
+		creds, err := parseARNCredentials([]byte(s), "")
 		if err == nil {
 			t.Fatalf("expecting non-nil error")
 		}
@ -64,6 +64,18 @@ func TestParseARNCredentialsFailure(t *testing.T) {
 }
 func TestParseARNCredentialsSuccess(t *testing.T) {
 	f := func(data, role string, credsExpected *apiCredentials) {
 		t.Helper()
 		creds, err := parseARNCredentials([]byte(data), role)
 		if err != nil {
 			t.Fatalf("unexpected error: %s", err)
 		}
 		if !reflect.DeepEqual(creds, credsExpected) {
 			t.Fatalf("unexpected creds;\ngot\n%+v\nwant\n%+v", creds, credsExpected)
 		}
 	}
 	// See https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html
 	s := `<AssumeRoleResponse xmlns="https://sts.amazonaws.com/doc/2011-06-15/">
  <AssumeRoleResult>
@ -90,10 +102,6 @@ func TestParseARNCredentialsSuccess(t *testing.T) {
  </ResponseMetadata>
 </AssumeRoleResponse>
 `
 	creds, err := parseARNCredentials([]byte(s))
 	if err != nil {
 		t.Fatalf("unexpected error: %s", err)
 	}
 	credsExpected := &apiCredentials{
 		AccessKeyID:     "ASIAIOSFODNN7EXAMPLE",
 		SecretAccessKey: "wJalrXUtnFEMI/K7MDENG/bPxRfiCYzEXAMPLEKEY",
@ -106,9 +114,35 @@ func TestParseARNCredentialsSuccess(t *testing.T) {
      `,
 		Expiration: mustParseRFC3339("2019-11-09T13:34:41Z"),
 	}
-	if !reflect.DeepEqual(creds, credsExpected) {
+	s2 := `<AssumeRoleWithWebIdentityResponse xmlns="https://sts.amazonaws.com/doc/2011-06-15/">
-		t.Fatalf("unexpected creds;\ngot\n%+v\nwant\n%+v", creds, credsExpected)
+  <AssumeRoleWithWebIdentityResult>
    <Audience>sts.amazonaws.com</Audience>
    <AssumedRoleUser>
      <AssumedRoleId>AROA2X6NOXN27E3OGMK3T:vmagent-ec2-discovery</AssumedRoleId>
      <Arn>arn:aws:sts::111111111:assumed-role/eks-role-9N0EFKEDJ1X/vmagent-ec2-discovery</Arn>
    </AssumedRoleUser>
    <Provider>arn:aws:iam::111111111:oidc-provider/oidc.eks.eu-west-1.amazonaws.com/id/111111111</Provider>
    <Credentials>
      <AccessKeyId>ASIABYASSDASF</AccessKeyId>
      <SecretAccessKey>asffasfasf/RvxIQpCid4iRMGm56nnRs2oKgV</SecretAccessKey>
      <SessionToken>asfafsassssssssss/MlyKUPOYAiEAq5HgS19Mf8SJ3kIKU3NCztDeZW5EUW4NrPrPyXQ8om0q/AQIjv//////////</SessionToken>
      <Expiration>2021-03-01T13:38:15Z</Expiration>
    </Credentials>
    <SubjectFromWebIdentityToken>system:serviceaccount:default:vmagent</SubjectFromWebIdentityToken>
  </AssumeRoleWithWebIdentityResult>
  <ResponseMetadata>
    <RequestId>1214124-7bb0-4673-ad6d-af9e67fc1141</RequestId>
  </ResponseMetadata>
 </AssumeRoleWithWebIdentityResponse>`
 	credsExpected2 := &apiCredentials{
 		AccessKeyID:     "ASIABYASSDASF",
 		SecretAccessKey: "asffasfasf/RvxIQpCid4iRMGm56nnRs2oKgV",
 		Token:           "asfafsassssssssss/MlyKUPOYAiEAq5HgS19Mf8SJ3kIKU3NCztDeZW5EUW4NrPrPyXQ8om0q/AQIjv//////////",
 		Expiration:      mustParseRFC3339("2021-03-01T13:38:15Z"),
 	}
 	f(s, "AssumeRole", credsExpected)
 	f(s2, "AssumeRoleWithWebIdentity", credsExpected2)
 }
 func mustParseRFC3339(s string) time.Time {
--- a/lib/promscrape/discovery/ec2/ec2.go
+++ b/lib/promscrape/discovery/ec2/ec2.go
@ -42,3 +42,8 @@ func (sdc *SDConfig) GetLabels(baseDir string) ([]map[string]string, error) {
 	}
 	return ms, nil
 }
 // MustStop stops further usage for sdc.
 func (sdc *SDConfig) MustStop() {
 	configMap.Delete(sdc)
 }
--- a/lib/promscrape/discovery/eureka/eureka.go
+++ b/lib/promscrape/discovery/eureka/eureka.go
@ -102,6 +102,11 @@ func (sdc *SDConfig) GetLabels(baseDir string) ([]map[string]string, error) {
 	return addInstanceLabels(apps, port), nil
 }
 // MustStop stops further usage for sdc.
 func (sdc *SDConfig) MustStop() {
 	configMap.Delete(sdc)
 }
 func addInstanceLabels(apps *applications, port int) []map[string]string {
 	var ms []map[string]string
 	for _, app := range apps.Applications {
--- a/lib/promscrape/discovery/gce/gce.go
+++ b/lib/promscrape/discovery/gce/gce.go
@ -56,3 +56,8 @@ func (sdc *SDConfig) GetLabels(baseDir string) ([]map[string]string, error) {
 	ms := getInstancesLabels(cfg)
 	return ms, nil
 }
 // MustStop stops further usage for sdc.
 func (sdc *SDConfig) MustStop() {
 	configMap.Delete(sdc)
 }
--- a/lib/promscrape/discovery/kubernetes/api.go
+++ b/lib/promscrape/discovery/kubernetes/api.go
@ -1,6 +1,7 @@
 package kubernetes
 import (
 	"context"
 	"encoding/json"
 	"errors"
 	"flag"
@ -16,30 +17,34 @@ import (
 	"sync"
 	"time"
 	"github.com/VictoriaMetrics/VictoriaMetrics/lib/fasttime"
 	"github.com/VictoriaMetrics/VictoriaMetrics/lib/logger"
 	"github.com/VictoriaMetrics/VictoriaMetrics/lib/promauth"
 	"github.com/VictoriaMetrics/VictoriaMetrics/lib/promscrape/discoveryutils"
 	"github.com/VictoriaMetrics/metrics"
 )
-var apiServerTimeout = flag.Duration("promscrape.kubernetes.apiServerTimeout", 10*time.Minute, "How frequently to reload the full state from Kuberntes API server")
+var apiServerTimeout = flag.Duration("promscrape.kubernetes.apiServerTimeout", 30*time.Minute, "How frequently to reload the full state from Kuberntes API server")
 // apiConfig contains config for API server
 type apiConfig struct {
 	aw *apiWatcher
 }
 func (ac *apiConfig) mustStop() {
 	ac.aw.mustStop()
 }
 var configMap = discoveryutils.NewConfigMap()
-func getAPIConfig(sdc *SDConfig, baseDir string) (*apiConfig, error) {
+func getAPIConfig(sdc *SDConfig, baseDir string, swcFunc ScrapeWorkConstructorFunc) (*apiConfig, error) {
-	v, err := configMap.Get(sdc, func() (interface{}, error) { return newAPIConfig(sdc, baseDir) })
+	v, err := configMap.Get(sdc, func() (interface{}, error) { return newAPIConfig(sdc, baseDir, swcFunc) })
 	if err != nil {
 		return nil, err
 	}
 	return v.(*apiConfig), nil
 }
-func newAPIConfig(sdc *SDConfig, baseDir string) (*apiConfig, error) {
+func newAPIConfig(sdc *SDConfig, baseDir string, swcFunc ScrapeWorkConstructorFunc) (*apiConfig, error) {
 	ac, err := promauth.NewConfig(baseDir, sdc.BasicAuth, sdc.BearerToken, sdc.BearerTokenFile, sdc.TLSConfig)
 	if err != nil {
 		return nil, fmt.Errorf("cannot parse auth config: %w", err)
@ -92,7 +97,7 @@ func newAPIConfig(sdc *SDConfig, baseDir string) (*apiConfig, error) {
 		},
 		Timeout: *apiServerTimeout,
 	}
-	aw := newAPIWatcher(client, apiServer, ac.Authorization, sdc.Namespaces.Names, sdc.Selectors)
+	aw := newAPIWatcher(client, apiServer, ac.Authorization, sdc.Namespaces.Names, sdc.Selectors, swcFunc)
 	cfg := &apiConfig{
 		aw: aw,
 	}
@ -136,48 +141,59 @@ type apiWatcher struct {
 	// Selectors to apply during watch
 	selectors []Selector
-	// mu protects watchersByURL and lastAccessTime
+	// Constructor for creating ScrapeWork objects from labels.
 	swcFunc ScrapeWorkConstructorFunc
 	// mu protects watchersByURL
 	mu sync.Mutex
-	// a map of watchers keyed by request paths
+	// a map of watchers keyed by request urls
 	watchersByURL map[string]*urlWatcher
-	// The last time the apiWatcher was queried for cached objects.
+	stopFunc func()
-	// It is used for stopping unused watchers.
+	stopCtx  context.Context
-	lastAccessTime uint64
+	wg       sync.WaitGroup
 }
-func newAPIWatcher(client *http.Client, apiServer, authorization string, namespaces []string, selectors []Selector) *apiWatcher {
+func (aw *apiWatcher) mustStop() {
 	aw.stopFunc()
 	aw.wg.Wait()
 }
 func newAPIWatcher(client *http.Client, apiServer, authorization string, namespaces []string, selectors []Selector, swcFunc ScrapeWorkConstructorFunc) *apiWatcher {
 	stopCtx, stopFunc := context.WithCancel(context.Background())
 	return &apiWatcher{
 		apiServer:     apiServer,
 		authorization: authorization,
 		client:        client,
 		namespaces:    namespaces,
 		selectors:     selectors,
 		swcFunc:       swcFunc,
 		watchersByURL: make(map[string]*urlWatcher),
-		lastAccessTime: fasttime.UnixTimestamp(),
+		stopFunc: stopFunc,
 		stopCtx:  stopCtx,
 	}
 }
-// getLabelsForRole returns all the sets of labels for the given role.
+// getScrapeWorkObjectsForRole returns all the ScrapeWork objects for the given role.
-func (aw *apiWatcher) getLabelsForRole(role string) []map[string]string {
+func (aw *apiWatcher) getScrapeWorkObjectsForRole(role string) []interface{} {
-	var ms []map[string]string
+	aw.startWatchersForRole(role)
 	var swos []interface{}
 	aw.mu.Lock()
 	for _, uw := range aw.watchersByURL {
 		if uw.role != role {
 			continue
 		}
 		uw.mu.Lock()
-		for _, labels := range uw.labelsByKey {
+		for _, swosLocal := range uw.swosByKey {
-			ms = append(ms, labels...)
+			swos = append(swos, swosLocal...)
 		}
 		uw.mu.Unlock()
 	}
 	aw.lastAccessTime = fasttime.UnixTimestamp()
 	aw.mu.Unlock()
-	return ms
+	return swos
 }
 // getObjectByRole returns an object with the given (namespace, name) key and the given role.
@ -200,7 +216,6 @@ func (aw *apiWatcher) getObjectByRole(role, namespace, name string) object {
 			break
 		}
 	}
 	aw.lastAccessTime = fasttime.UnixTimestamp()
 	aw.mu.Unlock()
 	return o
 }
@ -216,32 +231,50 @@ func (aw *apiWatcher) startWatchersForRole(role string) {
 func (aw *apiWatcher) startWatcherForURL(role, apiURL string, parseObject parseObjectFunc, parseObjectList parseObjectListFunc) {
 	aw.mu.Lock()
 	defer aw.mu.Unlock()
 	if aw.watchersByURL[apiURL] != nil {
 		// Watcher for the given path already exists.
 		aw.mu.Unlock()
 		return
 	}
 	uw := aw.newURLWatcher(role, apiURL, parseObject, parseObjectList)
 	resourceVersion := uw.reloadObjects()
 	aw.watchersByURL[apiURL] = uw
 	aw.mu.Unlock()
 	uw.watchersCount.Inc()
 	uw.watchersCreated.Inc()
 	resourceVersion := uw.reloadObjects()
 	aw.wg.Add(1)
 	go func() {
 		defer aw.wg.Done()
 		logger.Infof("started watcher for %q", apiURL)
 		uw.watchForUpdates(resourceVersion)
 		logger.Infof("stopped watcher for %q", apiURL)
 		uw.mu.Lock()
 		uw.objectsCount.Add(-len(uw.objectsByKey))
 		uw.objectsRemoved.Add(len(uw.objectsByKey))
 		uw.mu.Unlock()
 		aw.mu.Lock()
 		delete(aw.watchersByURL, apiURL)
 		aw.mu.Unlock()
 		uw.watchersCount.Dec()
 		uw.watchersStopped.Inc()
 	}()
 }
-// needStop returns true if aw wasn't used for long time.
+// needStop returns true if aw must be stopped.
 func (aw *apiWatcher) needStop() bool {
-	aw.mu.Lock()
+	select {
-	defer aw.mu.Unlock()
+	case <-aw.stopCtx.Done():
-	return fasttime.UnixTimestamp() > aw.lastAccessTime+5*60
+		return true
 	default:
 		return false
 	}
 }
 // doRequest performs http request to the given requestURL.
 func (aw *apiWatcher) doRequest(requestURL string) (*http.Response, error) {
-	req, err := http.NewRequest("GET", requestURL, nil)
+	req, err := http.NewRequestWithContext(aw.stopCtx, "GET", requestURL, nil)
 	if err != nil {
 		logger.Fatalf("cannot create a request for %q: %s", requestURL, err)
 	}
@ -259,15 +292,23 @@ type urlWatcher struct {
 	parseObject     parseObjectFunc
 	parseObjectList parseObjectListFunc
-	// mu protects objectsByKey and labelsByKey
+	// mu protects objectsByKey and swosByKey
 	mu sync.Mutex
 	// objectsByKey contains the latest state for objects obtained from apiURL
 	objectsByKey map[string]object
-	labelsByKey  map[string][]map[string]string
+	swosByKey    map[string][]interface{}
 	// the parent apiWatcher
 	aw *apiWatcher
 	watchersCount   *metrics.Counter
 	watchersCreated *metrics.Counter
 	watchersStopped *metrics.Counter
 	objectsCount   *metrics.Counter
 	objectsAdded   *metrics.Counter
 	objectsRemoved *metrics.Counter
 }
 func (aw *apiWatcher) newURLWatcher(role, apiURL string, parseObject parseObjectFunc, parseObjectList parseObjectListFunc) *urlWatcher {
@ -279,18 +320,29 @@ func (aw *apiWatcher) newURLWatcher(role, apiURL string, parseObject parseObject
 		parseObjectList: parseObjectList,
 		objectsByKey: make(map[string]object),
-		labelsByKey:  make(map[string][]map[string]string),
+		swosByKey:    make(map[string][]interface{}),
 		aw: aw,
 		watchersCount:   metrics.GetOrCreateCounter(fmt.Sprintf(`vm_promscrape_discovery_kubernetes_url_watchers{role=%q}`, role)),
 		watchersCreated: metrics.GetOrCreateCounter(fmt.Sprintf(`vm_promscrape_discovery_kubernetes_url_watchers_created_total{role=%q}`, role)),
 		watchersStopped: metrics.GetOrCreateCounter(fmt.Sprintf(`vm_promscrape_discovery_kubernetes_url_watchers_stopped_total{role=%q}`, role)),
 		objectsCount:   metrics.GetOrCreateCounter(fmt.Sprintf(`vm_promscrape_discovery_kubernetes_objects{role=%q}`, role)),
 		objectsAdded:   metrics.GetOrCreateCounter(fmt.Sprintf(`vm_promscrape_discovery_kubernetes_objects_added_total{role=%q}`, role)),
 		objectsRemoved: metrics.GetOrCreateCounter(fmt.Sprintf(`vm_promscrape_discovery_kubernetes_objects_removed_total{role=%q}`, role)),
 	}
 }
 // reloadObjects reloads objects to the latest state and returns resourceVersion for the latest state.
 func (uw *urlWatcher) reloadObjects() string {
 	aw := uw.aw
 	requestURL := uw.apiURL
-	resp, err := uw.aw.doRequest(requestURL)
+	resp, err := aw.doRequest(requestURL)
 	if err != nil {
-		logger.Errorf("error when performing a request to %q: %s", requestURL, err)
+		if !aw.needStop() {
 			logger.Errorf("error when performing a request to %q: %s", requestURL, err)
 		}
 		return ""
 	}
 	body, _ := ioutil.ReadAll(resp.Body)
@ -301,15 +353,40 @@ func (uw *urlWatcher) reloadObjects() string {
 	}
 	objectsByKey, metadata, err := uw.parseObjectList(body)
 	if err != nil {
-		logger.Errorf("cannot parse response from %q: %s", requestURL, err)
+		if !aw.needStop() {
 			logger.Errorf("cannot parse response from %q: %s", requestURL, err)
 		}
 		return ""
 	}
 	swosByKey := make(map[string][]interface{}, len(objectsByKey))
 	for k, o := range objectsByKey {
 		labels := o.getTargetLabels(aw)
 		swos := getScrapeWorkObjectsForLabels(aw.swcFunc, labels)
 		if len(swos) > 0 {
 			swosByKey[k] = swos
 		}
 	}
 	uw.mu.Lock()
 	uw.objectsAdded.Add(len(objectsByKey))
 	uw.objectsRemoved.Add(len(uw.objectsByKey))
 	uw.objectsCount.Add(len(objectsByKey) - len(uw.objectsByKey))
 	uw.objectsByKey = objectsByKey
 	uw.swosByKey = swosByKey
 	uw.mu.Unlock()
 	return metadata.ResourceVersion
 }
 func getScrapeWorkObjectsForLabels(swcFunc ScrapeWorkConstructorFunc, labelss []map[string]string) []interface{} {
 	swos := make([]interface{}, 0, len(labelss))
 	for _, labels := range labelss {
 		swo := swcFunc(labels)
 		if swo != nil {
 			swos = append(swos, swo)
 		}
 	}
 	return swos
 }
 // watchForUpdates watches for object updates starting from resourceVersion and updates the corresponding objects to the latest state.
 //
 // See https://kubernetes.io/docs/reference/using-api/api-concepts/#efficient-detection-of-changes
@ -331,18 +408,19 @@ func (uw *urlWatcher) watchForUpdates(resourceVersion string) {
 	}
 	timeoutSeconds := time.Duration(0.9 * float64(aw.client.Timeout)).Seconds()
 	apiURL += delimiter + "watch=1&timeoutSeconds=" + strconv.Itoa(int(timeoutSeconds))
 	logger.Infof("started watcher for %q", apiURL)
 	for {
 		if aw.needStop() {
 			logger.Infof("stopped unused watcher for %q", apiURL)
 			return
 		}
 		requestURL := apiURL
 		if resourceVersion != "" {
-			requestURL += "&resourceVersion=" + url.QueryEscape(resourceVersion) + "&resourceVersionMatch=NotOlderThan"
+			requestURL += "&resourceVersion=" + url.QueryEscape(resourceVersion)
 		}
 		resp, err := aw.doRequest(requestURL)
 		if err != nil {
 			if aw.needStop() {
 				return
 			}
 			logger.Errorf("error when performing a request to %q: %s", requestURL, err)
 			backoffSleep()
 			resourceVersion = uw.reloadObjects()
@ -365,6 +443,9 @@ func (uw *urlWatcher) watchForUpdates(resourceVersion string) {
 		err = uw.readObjectUpdateStream(resp.Body)
 		_ = resp.Body.Close()
 		if err != nil {
 			if aw.needStop() {
 				return
 			}
 			if !errors.Is(err, io.EOF) {
 				logger.Errorf("error when reading WatchEvent stream from %q: %s", requestURL, err)
 			}
@ -377,6 +458,7 @@ func (uw *urlWatcher) watchForUpdates(resourceVersion string) {
 // readObjectUpdateStream reads Kuberntes watch events from r and updates locally cached objects according to the received events.
 func (uw *urlWatcher) readObjectUpdateStream(r io.Reader) error {
 	aw := uw.aw
 	d := json.NewDecoder(r)
 	var we WatchEvent
 	for {
@ -391,16 +473,29 @@ func (uw *urlWatcher) readObjectUpdateStream(r io.Reader) error {
 		switch we.Type {
 		case "ADDED", "MODIFIED":
 			uw.mu.Lock()
 			if uw.objectsByKey[key] == nil {
 				uw.objectsAdded.Inc()
 				uw.objectsCount.Inc()
 			}
 			uw.objectsByKey[key] = o
 			uw.mu.Unlock()
-			labels := o.getTargetLabels(uw.aw)
+			labels := o.getTargetLabels(aw)
 			swos := getScrapeWorkObjectsForLabels(aw.swcFunc, labels)
 			uw.mu.Lock()
-			uw.labelsByKey[key] = labels
+			if len(swos) > 0 {
 				uw.swosByKey[key] = swos
 			} else {
 				delete(uw.swosByKey, key)
 			}
 			uw.mu.Unlock()
 		case "DELETED":
 			uw.mu.Lock()
 			if uw.objectsByKey[key] != nil {
 				uw.objectsRemoved.Inc()
 				uw.objectsCount.Dec()
 			}
 			delete(uw.objectsByKey, key)
-			delete(uw.labelsByKey, key)
+			delete(uw.swosByKey, key)
 			uw.mu.Unlock()
 		default:
 			return fmt.Errorf("unexpected WatchEvent type %q for role %q", we.Type, uw.role)
--- a/lib/promscrape/discovery/kubernetes/endpoints_test.go
+++ b/lib/promscrape/discovery/kubernetes/endpoints_test.go
@ -1,7 +1,6 @@
 package kubernetes
 import (
 	"reflect"
 	"testing"
 	"github.com/VictoriaMetrics/VictoriaMetrics/lib/prompbmarshal"
@ -107,7 +106,7 @@ func TestParseEndpointsListSuccess(t *testing.T) {
 			"__meta_kubernetes_namespace":                     "default",
 		}),
 	}
-	if !reflect.DeepEqual(sortedLabelss, expectedLabelss) {
+	if !areEqualLabelss(sortedLabelss, expectedLabelss) {
 		t.Fatalf("unexpected labels:\ngot\n%v\nwant\n%v", sortedLabelss, expectedLabelss)
 	}
 }
--- a/lib/promscrape/discovery/kubernetes/endpointslices_test.go
+++ b/lib/promscrape/discovery/kubernetes/endpointslices_test.go
@ -1,7 +1,6 @@
 package kubernetes
 import (
 	"reflect"
 	"testing"
 	"github.com/VictoriaMetrics/VictoriaMetrics/lib/prompbmarshal"
@ -282,7 +281,7 @@ func TestParseEndpointSliceListSuccess(t *testing.T) {
 			"__meta_kubernetes_namespace":                                                      "kube-system",
 		}),
 	}
-	if !reflect.DeepEqual(sortedLabelss, expectedLabelss) {
+	if !areEqualLabelss(sortedLabelss, expectedLabelss) {
 		t.Fatalf("unexpected labels,\ngot:\n%v,\nwant:\n%v", sortedLabelss, expectedLabelss)
 	}
--- a/lib/promscrape/discovery/kubernetes/ingress_test.go
+++ b/lib/promscrape/discovery/kubernetes/ingress_test.go
@ -1,7 +1,6 @@
 package kubernetes
 import (
 	"reflect"
 	"testing"
 	"github.com/VictoriaMetrics/VictoriaMetrics/lib/prompbmarshal"
@ -92,7 +91,7 @@ func TestParseIngressListSuccess(t *testing.T) {
 			"__meta_kubernetes_namespace":      "default",
 		}),
 	}
-	if !reflect.DeepEqual(sortedLabelss, expectedLabelss) {
+	if !areEqualLabelss(sortedLabelss, expectedLabelss) {
 		t.Fatalf("unexpected labels:\ngot\n%v\nwant\n%v", sortedLabelss, expectedLabelss)
 	}
 }
--- a/lib/promscrape/discovery/kubernetes/kubernetes.go
+++ b/lib/promscrape/discovery/kubernetes/kubernetes.go
@ -37,16 +37,31 @@ type Selector struct {
 	Field string `yaml:"field"`
 }
-// GetLabels returns labels for the given sdc and baseDir.
+// ScrapeWorkConstructorFunc must construct ScrapeWork object for the given metaLabels.
-func (sdc *SDConfig) GetLabels(baseDir string) ([]map[string]string, error) {
+type ScrapeWorkConstructorFunc func(metaLabels map[string]string) interface{}
-	cfg, err := getAPIConfig(sdc, baseDir)
+
 // GetScrapeWorkObjects returns ScrapeWork objects for the given sdc and baseDir.
 //
 // swcFunc is used for constructing such objects.
 func (sdc *SDConfig) GetScrapeWorkObjects(baseDir string, swcFunc ScrapeWorkConstructorFunc) ([]interface{}, error) {
 	cfg, err := getAPIConfig(sdc, baseDir, swcFunc)
 	if err != nil {
 		return nil, fmt.Errorf("cannot create API config: %w", err)
 	}
 	switch sdc.Role {
 	case "node", "pod", "service", "endpoints", "endpointslices", "ingress":
-		return cfg.aw.getLabelsForRole(sdc.Role), nil
+		return cfg.aw.getScrapeWorkObjectsForRole(sdc.Role), nil
 	default:
 		return nil, fmt.Errorf("unexpected `role`: %q; must be one of `node`, `pod`, `service`, `endpoints`, `endpointslices` or `ingress`; skipping it", sdc.Role)
 	}
 }
 // MustStop stops further usage for sdc.
 func (sdc *SDConfig) MustStop() {
 	v := configMap.Delete(sdc)
 	if v != nil {
 		// v can be nil if GetLabels wasn't called yet.
 		cfg := v.(*apiConfig)
 		cfg.mustStop()
 	}
 }
--- a/lib/promscrape/discovery/kubernetes/node_test.go
+++ b/lib/promscrape/discovery/kubernetes/node_test.go
@ -2,6 +2,8 @@ package kubernetes
 import (
 	"reflect"
 	"sort"
 	"strconv"
 	"testing"
 	"github.com/VictoriaMetrics/VictoriaMetrics/lib/prompbmarshal"
@ -276,7 +278,7 @@ func TestParseNodeListSuccess(t *testing.T) {
 			"__meta_kubernetes_node_address_Hostname":   "m01",
 		}),
 	}
-	if !reflect.DeepEqual(sortedLabelss, expectedLabelss) {
+	if !areEqualLabelss(sortedLabelss, expectedLabelss) {
 		t.Fatalf("unexpected labels:\ngot\n%v\nwant\n%v", sortedLabelss, expectedLabelss)
 	}
 }
@ -291,3 +293,26 @@ func getSortedLabelss(objectsByKey map[string]object) [][]prompbmarshal.Label {
 	}
 	return result
 }
 func areEqualLabelss(a, b [][]prompbmarshal.Label) bool {
 	sortLabelss(a)
 	sortLabelss(b)
 	return reflect.DeepEqual(a, b)
 }
 func sortLabelss(a [][]prompbmarshal.Label) {
 	sort.Slice(a, func(i, j int) bool {
 		return marshalLabels(a[i]) < marshalLabels(a[j])
 	})
 }
 func marshalLabels(a []prompbmarshal.Label) string {
 	var b []byte
 	for _, label := range a {
 		b = strconv.AppendQuote(b, label.Name)
 		b = append(b, ':')
 		b = strconv.AppendQuote(b, label.Value)
 		b = append(b, ',')
 	}
 	return string(b)
 }
--- a/lib/promscrape/discovery/kubernetes/pod_test.go
+++ b/lib/promscrape/discovery/kubernetes/pod_test.go
@ -1,7 +1,6 @@
 package kubernetes
 import (
 	"reflect"
 	"testing"
 	"github.com/VictoriaMetrics/VictoriaMetrics/lib/prompbmarshal"
@ -274,7 +273,7 @@ func TestParsePodListSuccess(t *testing.T) {
 			"__meta_kubernetes_pod_annotationpresent_kubernetes_io_config_source": "true",
 		}),
 	}
-	if !reflect.DeepEqual(sortedLabelss, expectedLabelss) {
+	if !areEqualLabelss(sortedLabelss, expectedLabelss) {
 		t.Fatalf("unexpected labels:\ngot\n%v\nwant\n%v", sortedLabelss, expectedLabelss)
 	}
 }
--- a/lib/promscrape/discovery/kubernetes/service_test.go
+++ b/lib/promscrape/discovery/kubernetes/service_test.go
@ -1,7 +1,6 @@
 package kubernetes
 import (
 	"reflect"
 	"testing"
 	"github.com/VictoriaMetrics/VictoriaMetrics/lib/prompbmarshal"
@ -169,7 +168,7 @@ func TestParseServiceListSuccess(t *testing.T) {
 			"__meta_kubernetes_service_annotationpresent_prometheus_io_scrape": "true",
 		}),
 	}
-	if !reflect.DeepEqual(sortedLabelss, expectedLabelss) {
+	if !areEqualLabelss(sortedLabelss, expectedLabelss) {
 		t.Fatalf("unexpected labels:\ngot\n%v\nwant\n%v", sortedLabelss, expectedLabelss)
 	}
 }
--- a/lib/promscrape/discovery/openstack/openstack.go
+++ b/lib/promscrape/discovery/openstack/openstack.go
@ -46,3 +46,8 @@ func (sdc *SDConfig) GetLabels(baseDir string) ([]map[string]string, error) {
 		return nil, fmt.Errorf("unexpected `role`: %q; must be one of `instance` or `hypervisor`; skipping it", sdc.Role)
 	}
 }
 // MustStop stops further usage for sdc.
 func (sdc *SDConfig) MustStop() {
 	configMap.Delete(sdc)
 }
--- a/lib/promscrape/discoveryutils/config_map.go
+++ b/lib/promscrape/discoveryutils/config_map.go
@ -2,24 +2,25 @@ package discoveryutils
 import (
 	"sync"
 	"time"
-	"github.com/VictoriaMetrics/VictoriaMetrics/lib/fasttime"
+	"github.com/VictoriaMetrics/metrics"
 )
 // ConfigMap is a map for storing discovery api configs.
 //
 // It automatically removes old configs which weren't accessed recently.
 type ConfigMap struct {
-	mu         sync.Mutex
+	mu sync.Mutex
-	m          map[interface{}]*configMapEntry
+	m  map[interface{}]interface{}
-	hasCleaner bool
+
 	entriesCount *metrics.Counter
 }
 // NewConfigMap creates ConfigMap
 func NewConfigMap() *ConfigMap {
 	return &ConfigMap{
-		m: make(map[interface{}]*configMapEntry),
+		m:            make(map[interface{}]interface{}),
 		entriesCount: metrics.GetOrCreateCounter(`vm_promscrape_discoveryutils_configmap_entries_count`),
 	}
 }
@ -32,42 +33,30 @@ func (cm *ConfigMap) Get(key interface{}, newConfig func() (interface{}, error))
 	cm.mu.Lock()
 	defer cm.mu.Unlock()
-	if !cm.hasCleaner {
+	cfg := cm.m[key]
-		cm.hasCleaner = true
+	if cfg != nil {
-		go cm.cleaner()
+		return cfg, nil
 	}
 	e := cm.m[key]
 	if e != nil {
 		e.lastAccessTime = fasttime.UnixTimestamp()
 		return e.cfg, nil
 	}
 	cfg, err := newConfig()
 	if err != nil {
 		return nil, err
 	}
-	cm.m[key] = &configMapEntry{
+	cm.m[key] = cfg
-		cfg:            cfg,
+	cm.entriesCount.Inc()
 		lastAccessTime: fasttime.UnixTimestamp(),
 	}
 	return cfg, nil
 }
-func (cm *ConfigMap) cleaner() {
+// Delete deletes config for the given key from cm and returns it.
-	tc := time.NewTicker(15 * time.Minute)
+func (cm *ConfigMap) Delete(key interface{}) interface{} {
-	for range tc.C {
+	cm.mu.Lock()
-		currentTime := fasttime.UnixTimestamp()
+	defer cm.mu.Unlock()
 		cm.mu.Lock()
 		for k, e := range cm.m {
 			if currentTime-e.lastAccessTime > 10*60 {
 				delete(cm.m, k)
 			}
 		}
 		cm.mu.Unlock()
 	}
 }
-type configMapEntry struct {
+	cfg := cm.m[key]
-	cfg            interface{}
+	if cfg == nil {
-	lastAccessTime uint64
+		// The cfg can be missing if it wasn't accessed yet.
 		return nil
 	}
 	cm.entriesCount.Dec()
 	delete(cm.m, key)
 	return cfg
 }
--- a/lib/promscrape/scraper.go
+++ b/lib/promscrape/scraper.go
@ -129,6 +129,7 @@ func runScraper(configFile string, pushData func(wr *prompbmarshal.WriteRequest)
 				logger.Infof("nothing changed in %q", configFile)
 				goto waitForChans
 			}
 			cfg.mustStop()
 			cfg = cfgNew
 			data = dataNew
 		case <-tickerCh:
@ -141,9 +142,11 @@ func runScraper(configFile string, pushData func(wr *prompbmarshal.WriteRequest)
 				// Nothing changed since the previous loadConfig
 				goto waitForChans
 			}
 			cfg.mustStop()
 			cfg = cfgNew
 			data = dataNew
 		case <-globalStopCh:
 			cfg.mustStop()
 			logger.Infof("stopping Prometheus scrapers")
 			startTime := time.Now()
 			scs.stop()
--- a/lib/promscrape/scrapework.go
+++ b/lib/promscrape/scrapework.go
@ -183,7 +183,7 @@ func (sw *scrapeWork) run(stopCh <-chan struct{}) {
 		// This also makes consistent scrape times across restarts
 		// for a target with the same ScrapeURL and labels.
 		key := fmt.Sprintf("ScrapeURL=%s, Labels=%s", sw.Config.ScrapeURL, sw.Config.LabelsString())
-		h := uint32(xxhash.Sum64([]byte(key)))
+		h := uint32(xxhash.Sum64(bytesutil.ToUnsafeBytes(key)))
 		randSleep = uint64(float64(scrapeInterval) * (float64(h) / (1 << 32)))
 		sleepOffset := uint64(time.Now().UnixNano()) % uint64(scrapeInterval)
 		if randSleep < sleepOffset {
--- a/lib/protoparser/graphite/parser.go
+++ b/lib/protoparser/graphite/parser.go
@ -71,7 +71,7 @@ func (r *Row) UnmarshalMetricAndTags(s string, tagsPool []Tag) ([]Tag, error) {
 		var err error
 		tagsPool, err = unmarshalTags(tagsPool, s[n+1:])
 		if err != nil {
-			return tagsPool, fmt.Errorf("cannot umarshal tags: %w", err)
+			return tagsPool, fmt.Errorf("cannot unmarshal tags: %w", err)
 		}
 		tags := tagsPool[tagsStart:]
 		r.Tags = tags[:len(tags):len(tags)]
@ -171,18 +171,14 @@ func unmarshalTags(dst []Tag, s string) ([]Tag, error) {
 		n := strings.IndexByte(s, ';')
 		if n < 0 {
 			// The last tag found
-			if err := tag.unmarshal(s); err != nil {
+			tag.unmarshal(s)
 				return dst[:len(dst)-1], err
 			}
 			if len(tag.Key) == 0 || len(tag.Value) == 0 {
 				// Skip empty tag
 				dst = dst[:len(dst)-1]
 			}
 			return dst, nil
 		}
-		if err := tag.unmarshal(s[:n]); err != nil {
+		tag.unmarshal(s[:n])
 			return dst[:len(dst)-1], err
 		}
 		s = s[n+1:]
 		if len(tag.Key) == 0 || len(tag.Value) == 0 {
 			// Skip empty tag
@ -202,13 +198,16 @@ func (t *Tag) reset() {
 	t.Value = ""
 }
-func (t *Tag) unmarshal(s string) error {
+func (t *Tag) unmarshal(s string) {
 	t.reset()
 	n := strings.IndexByte(s, '=')
 	if n < 0 {
-		return fmt.Errorf("missing tag value for %q", s)
+		// Empty tag value.
 		// See https://github.com/VictoriaMetrics/VictoriaMetrics/issues/1100
 		t.Key = s
 		t.Value = s[len(s):]
 	} else {
 		t.Key = s[:n]
 		t.Value = s[n+1:]
 	}
 	t.Key = s[:n]
 	t.Value = s[n+1:]
 	return nil
 }
--- a/lib/protoparser/graphite/parser_test.go
+++ b/lib/protoparser/graphite/parser_test.go
@ -19,7 +19,6 @@ func TestUnmarshalMetricAndTagsFailure(t *testing.T) {
 	f("")
 	f(";foo=bar")
 	f(" ")
 	f("foo;bar")
 	f("foo ;bar=baz")
 	f("f oo;bar=baz")
 	f("foo;bar=baz   ")
@ -80,12 +79,6 @@ func TestRowsUnmarshalFailure(t *testing.T) {
 	// Missing value
 	f("aaa")
 	// missing tag
 	f("aa; 12 34")
 	// missing tag value
 	f("aa;bb 23 34")
 	// unexpected space in tag value
 	// See https://github.com/VictoriaMetrics/VictoriaMetrics/issues/99
 	f("s;tag1=aaa1;tag2=bb b2;tag3=ccc3 1")
@ -187,6 +180,31 @@ func TestRowsUnmarshalSuccess(t *testing.T) {
 		}},
 	})
 	// Empty tags
 	// See https://github.com/VictoriaMetrics/VictoriaMetrics/issues/1100
 	f("foo; 1", &Rows{
 		Rows: []Row{{
 			Metric: "foo",
 			Tags:   []Tag{},
 			Value:  1,
 		}},
 	})
 	f("foo; 1 2", &Rows{
 		Rows: []Row{{
 			Metric:    "foo",
 			Tags:      []Tag{},
 			Value:     1,
 			Timestamp: 2,
 		}},
 	})
 	// Empty tag name or value
 	f("foo;bar 1 2", &Rows{
 		Rows: []Row{{
 			Metric:    "foo",
 			Tags:      []Tag{},
 			Value:     1,
 			Timestamp: 2,
 		}},
 	})
 	f("foo;bar=baz;aa=;x=y;=z 1 2", &Rows{
 		Rows: []Row{{
 			Metric: "foo",
--- a/lib/protoparser/prometheus/parser.go
+++ b/lib/protoparser/prometheus/parser.go
@ -2,7 +2,6 @@ package prometheus
 import (
 	"fmt"
 	"strconv"
 	"strings"
 	"github.com/VictoriaMetrics/VictoriaMetrics/lib/logger"
@ -264,11 +263,7 @@ func unmarshalTags(dst []Tag, s string, noEscapes bool) (string, []Tag, error) {
 			if n < 0 {
 				return s, dst, fmt.Errorf("missing closing quote for tag value %q", s)
 			}
-			var err error
+			value = unescapeValue(s[1:n])
 			value, err = unescapeValue(s[:n+1])
 			if err != nil {
 				return s, dst, fmt.Errorf("cannot unescape value %q for tag %q: %w", s[:n+1], key, err)
 			}
 			s = s[n+1:]
 		}
 		if len(key) > 0 {
@ -324,16 +319,41 @@ func findClosingQuote(s string) int {
 	}
 }
-func unescapeValue(s string) (string, error) {
+func unescapeValue(s string) string {
 	if len(s) < 2 || s[0] != '"' || s[len(s)-1] != '"' {
 		return "", fmt.Errorf("unexpected tag value: %q", s)
 	}
 	n := strings.IndexByte(s, '\\')
 	if n < 0 {
 		// Fast path - nothing to unescape
-		return s[1 : len(s)-1], nil
+		return s
 	}
-	return strconv.Unquote(s)
+	b := make([]byte, 0, len(s))
 	for {
 		b = append(b, s[:n]...)
 		s = s[n+1:]
 		if len(s) == 0 {
 			b = append(b, '\\')
 			break
 		}
 		// label_value can be any sequence of UTF-8 characters, but the backslash (\), double-quote ("),
 		// and line feed (\n) characters have to be escaped as \\, \", and \n, respectively.
 		// See https://github.com/prometheus/docs/blob/master/content/docs/instrumenting/exposition_formats.md
 		switch s[0] {
 		case '\\':
 			b = append(b, '\\')
 		case '"':
 			b = append(b, '"')
 		case 'n':
 			b = append(b, '\n')
 		default:
 			b = append(b, '\\', s[0])
 		}
 		s = s[1:]
 		n = strings.IndexByte(s, '\\')
 		if n < 0 {
 			b = append(b, s...)
 			break
 		}
 	}
 	return string(b)
 }
 func prevBackslashesCount(s string) int {
--- a/lib/protoparser/prometheus/parser_test.go
+++ b/lib/protoparser/prometheus/parser_test.go
@ -46,41 +46,22 @@ func TestFindClosingQuote(t *testing.T) {
 	f(`"foo\"bar\"baz"`, 14)
 }
-func TestUnescapeValueFailure(t *testing.T) {
+func TestUnescapeValue(t *testing.T) {
 	f := func(s string) {
 		t.Helper()
 		ss, err := unescapeValue(s)
 		if err == nil {
 			t.Fatalf("expecting error")
 		}
 		if ss != "" {
 			t.Fatalf("expecting empty string; got %q", ss)
 		}
 	}
 	f(``)
 	f(`foobar`)
 	f(`"foobar`)
 	f(`foobar"`)
 	f(`"foobar\"`)
 	f(` "foobar"`)
 	f(`"foobar" `)
 }
 func TestUnescapeValueSuccess(t *testing.T) {
 	f := func(s, resultExpected string) {
 		t.Helper()
-		result, err := unescapeValue(s)
+		result := unescapeValue(s)
 		if err != nil {
 			t.Fatalf("unexpected error: %s", err)
 		}
 		if result != resultExpected {
 			t.Fatalf("unexpected result; got %q; want %q", result, resultExpected)
 		}
 	}
-	f(`""`, "")
+	f(``, "")
-	f(`"f"`, "f")
+	f(`f`, "f")
-	f(`"foobar"`, "foobar")
+	f(`foobar`, "foobar")
-	f(`"\"\n\t"`, "\"\n\t")
+	f(`\"\n\t`, "\"\n\\t")
 	// Edge cases
 	f(`foo\bar`, "foo\\bar")
 	f(`foo\`, "foo\\")
 }
 func TestRowsUnmarshalFailure(t *testing.T) {
@ -203,6 +184,24 @@ cassandra_token_ownership_ratio 78.9`, &Rows{
 		}},
 	})
 	// Incorrectly escaped backlash. This is real-world case, which must be supported.
 	f(`mssql_sql_server_active_transactions_sec{loginname="domain\somelogin",env="develop"} 56`, &Rows{
 		Rows: []Row{{
 			Metric: "mssql_sql_server_active_transactions_sec",
 			Tags: []Tag{
 				{
 					Key:   "loginname",
 					Value: "domain\\somelogin",
 				},
 				{
 					Key:   "env",
 					Value: "develop",
 				},
 			},
 			Value: 56,
 		}},
 	})
 	// Exemplars - see https://github.com/OpenObservability/OpenMetrics/blob/master/OpenMetrics.md#exemplars-1
 	f(`foo_bucket{le="10",a="#b"} 17 # {trace_id="oHg5SJ#YRHA0"} 9.8 1520879607.789
 	   abc 123 456 # foobar
--- a/lib/storage/block_header_test.go
+++ b/lib/storage/block_header_test.go
@ -47,7 +47,7 @@ func testBlockHeaderMarshalUnmarshal(t *testing.T, bh *blockHeader) {
 	var bh1 blockHeader
 	tail, err := bh1.Unmarshal(dst)
 	if err != nil {
-		t.Fatalf("cannot umarshal bh=%+v from dst=%x: %s", bh, dst, err)
+		t.Fatalf("cannot unmarshal bh=%+v from dst=%x: %s", bh, dst, err)
 	}
 	if len(tail) > 0 {
 		t.Fatalf("unexpected tail left after unmarshaling of bh=%+v: %x", bh, tail)
--- a/vendor/cloud.google.com/go/CHANGES.md
+++ b/vendor/cloud.google.com/go/CHANGES.md
@ -1,6 +1,25 @@
 # Changes
 ## [0.78.0](https://www.github.com/googleapis/google-cloud-go/compare/v0.77.0...v0.78.0) (2021-02-22)
 ### Features
 * **area120/tables:** Added ListWorkspaces, GetWorkspace, BatchDeleteRows APIs. ([16597fa](https://www.github.com/googleapis/google-cloud-go/commit/16597fa1ce549053c7183e8456e23f554a5501de))
 * **area120/tables:** Added ListWorkspaces, GetWorkspace, BatchDeleteRows APIs. ([0bd21d7](https://www.github.com/googleapis/google-cloud-go/commit/0bd21d793f75924e5a2d033c58e8aaef89cf8113))
 * **dialogflow:** add additional_bindings to Dialogflow v2 ListIntents API docs: update copyrights and session docs ([0bd21d7](https://www.github.com/googleapis/google-cloud-go/commit/0bd21d793f75924e5a2d033c58e8aaef89cf8113))
 * **documentai:** Update documentai/v1beta3 protos ([613ced7](https://www.github.com/googleapis/google-cloud-go/commit/613ced702bbc82a154a4d3641b483f71c7cd1af4))
 * **gkehub:** Update Membership API v1beta1 proto ([613ced7](https://www.github.com/googleapis/google-cloud-go/commit/613ced702bbc82a154a4d3641b483f71c7cd1af4))
 * **servicecontrol:** Update the ruby_cloud_gapic_library rules for the libraries published to google-cloud-ruby to the form that works with build_gen (separate parameters for ruby_cloud_title and ruby_cloud_description). chore: Update Bazel-Ruby rules version. chore: Update build_gen version. ([0bd21d7](https://www.github.com/googleapis/google-cloud-go/commit/0bd21d793f75924e5a2d033c58e8aaef89cf8113))
 * **speech:** Support Model Adaptation. ([0bd21d7](https://www.github.com/googleapis/google-cloud-go/commit/0bd21d793f75924e5a2d033c58e8aaef89cf8113))
 ### Bug Fixes
 * **dialogflow/cx:** RunTestCase http template. PHP REST client lib can be generated. feat: Support transition route group coverage for Test Cases. ([613ced7](https://www.github.com/googleapis/google-cloud-go/commit/613ced702bbc82a154a4d3641b483f71c7cd1af4))
 * **errorreporting:** Fixes ruby gem build ([0bd21d7](https://www.github.com/googleapis/google-cloud-go/commit/0bd21d793f75924e5a2d033c58e8aaef89cf8113))
 ## [0.77.0](https://www.github.com/googleapis/google-cloud-go/compare/v0.76.0...v0.77.0) (2021-02-16)
--- a/vendor/cloud.google.com/go/README.md
+++ b/vendor/cloud.google.com/go/README.md
@ -54,6 +54,7 @@ make backwards-incompatible changes.
 | [Monitoring][cloud-monitoring]                  | stable | [`cloud.google.com/go/monitoring/apiv3`](https://pkg.go.dev/cloud.google.com/go/monitoring/apiv3)                             |
 | [OS Login][cloud-oslogin]                       | stable | [`cloud.google.com/go/oslogin/apiv1`](https://pkg.go.dev/cloud.google.com/go/oslogin/apiv1)                                   |
 | [Pub/Sub][cloud-pubsub]                         | stable | [`cloud.google.com/go/pubsub`](https://pkg.go.dev/cloud.google.com/go/pubsub)                                                 |
 | [Pub/Sub Lite][cloud-pubsublite]                | beta   | [`cloud.google.com/go/pubsublite`](https://pkg.go.dev/cloud.google.com/go/pubsublite)                                                 |
 | [Phishing Protection][cloud-phishingprotection] | alpha  | [`cloud.google.com/go/phishingprotection/apiv1beta1`](https://pkg.go.dev/cloud.google.com/go/phishingprotection/apiv1beta1)   |
 | [reCAPTCHA Enterprise][cloud-recaptcha]         | alpha  | [`cloud.google.com/go/recaptchaenterprise/apiv1beta1`](https://pkg.go.dev/cloud.google.com/go/recaptchaenterprise/apiv1beta1) |
 | [Recommender][cloud-recommender]                | beta   | [`cloud.google.com/go/recommender/apiv1beta1`](https://pkg.go.dev/cloud.google.com/go/recommender/apiv1beta1)                 |
@ -150,6 +151,7 @@ for more information.
 [cloud-irm]: https://cloud.google.com/incident-response/docs/concepts
 [cloud-kms]: https://cloud.google.com/kms/
 [cloud-pubsub]: https://cloud.google.com/pubsub/
 [cloud-pubsublite]: https://cloud.google.com/pubsub/lite
 [cloud-storage]: https://cloud.google.com/storage/
 [cloud-language]: https://cloud.google.com/natural-language
 [cloud-logging]: https://cloud.google.com/logging/
--- a/vendor/cloud.google.com/go/go.mod
+++ b/vendor/cloud.google.com/go/go.mod
@ -15,11 +15,11 @@ require (
 	golang.org/x/lint v0.0.0-20201208152925-83fdc39ff7b5
 	golang.org/x/mod v0.4.1 // indirect
 	golang.org/x/net v0.0.0-20210119194325-5f4716e94777
-	golang.org/x/oauth2 v0.0.0-20210113205817-d3ed898aa8a3
+	golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99
-	golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c // indirect
+	golang.org/x/sys v0.0.0-20210220050731-9a76102bfb43 // indirect
 	golang.org/x/text v0.3.5
 	golang.org/x/tools v0.1.0
 	google.golang.org/api v0.40.0
-	google.golang.org/genproto v0.0.0-20210212180131-e7f2df4ecc2d
+	google.golang.org/genproto v0.0.0-20210222152913-aa3ee6e6a81c
 	google.golang.org/grpc v1.35.0
 )
--- a/vendor/cloud.google.com/go/go.sum
+++ b/vendor/cloud.google.com/go/go.sum
@ -262,8 +262,8 @@ golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4Iltr
 golang.org/x/oauth2 v0.0.0-20200902213428-5d25da1a8d43/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20201109201403-9fd604954f58/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20201208152858-08078c50e5b5/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20210113205817-d3ed898aa8a3 h1:BaN3BAqnopnKjvl+15DYP6LLrbBHfbfmlFYzmFj/Q9Q=
+golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99 h1:5vD4XjIc0X5+kHZjx4UecYdjA6mJo+XXNoaW0EjU5Os=
-golang.org/x/oauth2 v0.0.0-20210113205817-d3ed898aa8a3/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
+golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@ -305,9 +305,10 @@ golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201201145000-ef89a241ccb3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210104204734-6f8348627aad/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4 h1:myAQVi0cGEoqQVR5POX+8RR2mrocKqNN1hmeMqhX27k=
 golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c h1:VwygUrnw9jn88c4u8GD3rZQbqrP/tgas88tPUbBxQrk=
+golang.org/x/sys v0.0.0-20210220050731-9a76102bfb43 h1:SgQ6LNaYJU0JIuEHv9+s6EbhSCwYeAf5Yvj6lpYlqAE=
-golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210220050731-9a76102bfb43/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@ -434,8 +435,8 @@ google.golang.org/genproto v0.0.0-20201109203340-2640f1f9cdfb/go.mod h1:FWY/as6D
 google.golang.org/genproto v0.0.0-20201201144952-b05cb90ed32e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20201210142538-e3217bee35cc/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20201214200347-8c77b98c765d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20210212180131-e7f2df4ecc2d h1:Edhcm0CKDPLQIecHCp5Iz57Lo7MfT6zUFBAlocmOjcY=
+google.golang.org/genproto v0.0.0-20210222152913-aa3ee6e6a81c h1:7A9LQhrZmuCPI79/sYSbscFqBp4XFYf6oaIQuV1xji4=
-google.golang.org/genproto v0.0.0-20210212180131-e7f2df4ecc2d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20210222152913-aa3ee6e6a81c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
 google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
--- a/vendor/cloud.google.com/go/internal/.repo-metadata-full.json
+++ b/vendor/cloud.google.com/go/internal/.repo-metadata-full.json
@ -29,7 +29,7 @@
    "language": "Go",
    "client_library_type": "generated",
    "docs_url": "https://pkg.go.dev/cloud.google.com/go/appengine/apiv1",
-    "release_level": "beta"
+    "release_level": "ga"
  },
  "cloud.google.com/go/area120/tables/apiv1alpha1": {
    "distribution_name": "cloud.google.com/go/area120/tables/apiv1alpha1",
@ -221,7 +221,7 @@
    "language": "Go",
    "client_library_type": "generated",
    "docs_url": "https://pkg.go.dev/cloud.google.com/go/channel/apiv1",
-    "release_level": "beta"
+    "release_level": "ga"
  },
  "cloud.google.com/go/cloudbuild/apiv1/v2": {
    "distribution_name": "cloud.google.com/go/cloudbuild/apiv1/v2",
--- a/vendor/cloud.google.com/go/storage/CHANGES.md
+++ b/vendor/cloud.google.com/go/storage/CHANGES.md
@ -1,5 +1,9 @@
 # Changes
 ## v1.14.0
 - Updates to various dependencies.
 ## [1.13.0](https://www.github.com/googleapis/google-cloud-go/compare/storage/v1.12.0...v1.13.0) (2021-02-03)
--- a/vendor/cloud.google.com/go/storage/go.mod
+++ b/vendor/cloud.google.com/go/storage/go.mod
@ -8,10 +8,10 @@ require (
 	github.com/google/go-cmp v0.5.4
 	github.com/googleapis/gax-go/v2 v2.0.5
 	golang.org/x/mod v0.4.1 // indirect
-	golang.org/x/oauth2 v0.0.0-20210113205817-d3ed898aa8a3
+	golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99
-	golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c // indirect
+	golang.org/x/sys v0.0.0-20210225134936-a50acf3fe073 // indirect
 	golang.org/x/tools v0.1.0 // indirect
-	google.golang.org/api v0.38.0
+	google.golang.org/api v0.40.0
-	google.golang.org/genproto v0.0.0-20210203152818-3206188e46ba
+	google.golang.org/genproto v0.0.0-20210226172003-ab064af71705
 	google.golang.org/grpc v1.35.0
 )
--- a/vendor/cloud.google.com/go/storage/go.sum
+++ b/vendor/cloud.google.com/go/storage/go.sum
@ -4,50 +4,30 @@ cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSR
 cloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6AU=
 cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY=
 cloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTjc=
 cloud.google.com/go v0.46.3 h1:AVXDdKsrtX33oR9fbCMu/+c1o8Ofjq6Ku/MInaLVg5Y=
 cloud.google.com/go v0.46.3/go.mod h1:a6bKKbmY7er1mI7TEI4lsAkts/mkhTSZK8w33B4RAg0=
 cloud.google.com/go v0.50.0/go.mod h1:r9sluTvynVuxRIOHXQEHMFffphuXHOMZMycpNR5e6To=
 cloud.google.com/go v0.52.0 h1:GGslhk/BU052LPlnI1vpp3fcbUs+hQ3E+Doti/3/vF8=
 cloud.google.com/go v0.52.0/go.mod h1:pXajvRH/6o3+F9jDHZWQ5PbGhn+o8w9qiu/CffaVdO4=
 cloud.google.com/go v0.53.0 h1:MZQCQQaRwOrAcuKjiHWHrgKykt4fZyuwF2dtiG3fGW8=
 cloud.google.com/go v0.53.0/go.mod h1:fp/UouUEsRkN6ryDKNW/Upv/JBKnv6WDthjR6+vze6M=
 cloud.google.com/go v0.54.0 h1:3ithwDMr7/3vpAMXiH+ZQnYbuIsh+OPhUPMFC9enmn0=
 cloud.google.com/go v0.54.0/go.mod h1:1rq2OEkV3YMf6n/9ZvGWI3GWw0VoqH/1x2nd8Is/bPc=
 cloud.google.com/go v0.56.0 h1:WRz29PgAsVEyPSDHyk+0fpEkwEFyfhHn+JbksT6gIL4=
 cloud.google.com/go v0.56.0/go.mod h1:jr7tqZxxKOVYizybht9+26Z/gUq7tiRzu+ACVAMbKVk=
 cloud.google.com/go v0.57.0 h1:EpMNVUorLiZIELdMZbCYX/ByTFCdoYopYAGxaGVz9ms=
 cloud.google.com/go v0.57.0/go.mod h1:oXiQ6Rzq3RAkkY7N6t3TcE6jE+CIBBbA36lwQ1JyzZs=
 cloud.google.com/go v0.62.0 h1:RmDygqvj27Zf3fCQjQRtLyC7KwFcHkeJitcO0OoGOcA=
 cloud.google.com/go v0.62.0/go.mod h1:jmCYTdRCQuc1PHIIJ/maLInMho30T/Y0M4hTdTShOYc=
 cloud.google.com/go v0.65.0 h1:Dg9iHVQfrhq82rUNu9ZxUDrJLaxFUe/HlCVaLyRruq8=
 cloud.google.com/go v0.65.0/go.mod h1:O5N8zS7uWy9vkA9vayVHs65eM1ubvY4h553ofrNHObY=
 cloud.google.com/go v0.72.0 h1:eWRCuwubtDrCJG0oSUMgnsbD4CmPFQF2ei4OFbXvwww=
 cloud.google.com/go v0.72.0/go.mod h1:M+5Vjvlc2wnp6tjzE102Dw08nGShTscUx2nZMufOKPI=
 cloud.google.com/go v0.74.0/go.mod h1:VV1xSbzvo+9QJOxLDaJfTjx5e+MePCpCWwvftOeQmWk=
 cloud.google.com/go v0.75.0 h1:XgtDnVJRCPEUG21gjFiRPz4zI1Mjg16R+NYQjfmU4XY=
 cloud.google.com/go v0.75.0/go.mod h1:VGuuCn7PG0dwsd5XPVm2Mm3wlh3EL55/79EKB6hlPTY=
 cloud.google.com/go/bigquery v1.0.1 h1:hL+ycaJpVE9M7nLoiXb/Pn10ENE2u+oddxbD8uu0ZVU=
 cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o=
 cloud.google.com/go/bigquery v1.3.0 h1:sAbMqjY1PEQKZBWfbu6Y6bsupJ9c4QdHnzg/VvYTLcE=
 cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE=
 cloud.google.com/go/bigquery v1.4.0 h1:xE3CPsOgttP4ACBePh79zTKALtXwn/Edhcr16R5hMWU=
 cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc=
 cloud.google.com/go/bigquery v1.5.0 h1:K2NyuHRuv15ku6eUpe0DQk5ZykPMnSOnvuVf6IHcjaE=
 cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg=
 cloud.google.com/go/bigquery v1.7.0 h1:a/O/bK/vWrYGOTFtH8di4rBxMZnmkjy+Y5LxpDwo+dA=
 cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc=
 cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ=
 cloud.google.com/go/datastore v1.0.0 h1:Kt+gOPPp2LEPWp8CSfxhsM8ik9CcyE/gYu+0r+RnZvM=
 cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE=
 cloud.google.com/go/datastore v1.1.0 h1:/May9ojXjRkPBNVrq+oWLqmWCkr4OU5uRY29bu0mRyQ=
 cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk=
 cloud.google.com/go/pubsub v1.0.1 h1:W9tAK3E57P75u0XLLR82LZyw8VpAnhmyTOxW9qzmyj8=
 cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I=
 cloud.google.com/go/pubsub v1.1.0 h1:9/vpR43S4aJaROxqQHQ3nH9lfyKKV0dC3vOmnw8ebQQ=
 cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw=
 cloud.google.com/go/pubsub v1.2.0 h1:Lpy6hKgdcl7a3WGSfJIFmxmcdjSpP6OmBEfcOv1Y680=
 cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA=
 cloud.google.com/go/pubsub v1.3.1 h1:ukjixP1wl0LpnZ6LWtZJ0mX5tBmjp1f8Sqer8Z2OMUU=
 cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU=
 cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw=
 cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos=
@ -55,7 +35,6 @@ cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohl
 cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs=
 cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0=
 dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
 github.com/BurntSushi/toml v0.3.1 h1:WXkYYl6Yr3qBf1K79EBnL4mak0OimBfB0XUf9Vl28OQ=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
@ -76,10 +55,8 @@ github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7
 github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b h1:VKtxabqXZkF25pY9ekfRL6a582T4P37/31XEstQ5p58=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
 github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7 h1:5ZkaAPbicIKTF2I64qf5Fh8Aa83Q/dnOafMYV0OMwjA=
 github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e h1:1r7pUrabqp18hOBcwBwiTsbnFeTZHV9eER/QT5JVZxY=
 github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
@ -92,46 +69,33 @@ github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt
 github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4=
 github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.3.2 h1:6nsPYzhq5kReh6QImI3k5qWzO4PEbvbIW2cwSfR/6xs=
 github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.3.3 h1:gyjaxf+svBWX08ZjK86iN9geUJF0H6gp2IRKX6Nf6/I=
 github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
 github.com/golang/protobuf v1.3.4 h1:87PNWwrRvUSnqS4dlcBU/ftvOIBep4sYuBLlh6rX2wk=
 github.com/golang/protobuf v1.3.4/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
 github.com/golang/protobuf v1.3.5 h1:F768QJ1E9tib+q5Sc8MkdJi1RxLTbRcTf8LJV56aRls=
 github.com/golang/protobuf v1.3.5/go.mod h1:6O5/vntMXwX2lRkT1hjjk0nAC1IDOTvTlVgjlRvqsdk=
 github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8=
 github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA=
 github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs=
 github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w=
 github.com/golang/protobuf v1.4.0 h1:oOuy+ugB+P/kBdUnG5QaMXSIyJ1q38wWSojYCb3z5VQ=
 github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0=
 github.com/golang/protobuf v1.4.1 h1:ZFgWrT+bLgsYPirOnRfKLYJLvssAegOj/hgyMFdJZe0=
 github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8=
 github.com/golang/protobuf v1.4.2 h1:+Z5KGCizgyZCbGh1KZqA0fcLLkwbsjIzS4aV2v7wJX0=
 github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
 github.com/golang/protobuf v1.4.3 h1:JjCZWpVbqXDqFVmTfYWEVTMIYrL/NPdPSCHPJ0T/raM=
 github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
 github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
 github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
 github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
 github.com/google/go-cmp v0.3.0 h1:crn/baboCvb5fXaQ0IJ1SGTsTVrWpDsCWC8EGETZijY=
 github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
 github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
 github.com/google/go-cmp v0.4.0 h1:xsAVV57WRhGj6kEIi8ReJzQlHHqcBYCElAvkovg3B/4=
 github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.4.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.0 h1:/QaMHBdZ26BB3SSst0Iwl10Epc+xhTquomWX0oZEB6w=
 github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.1 h1:JFrFEBb2xKufg6XkJsJr+WbKb4FQlURi5RUcBveYu9k=
 github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.2 h1:X2ev0eStA3AbceY54o37/0PQ/UWqKEiiO2dKL5OPaFM=
 github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.4 h1:L8R9j+yAqZuZjsqh/z+F1NCffTKKLShY6zXTItVIZ8M=
 github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/martian v2.1.0+incompatible h1:/CP5g8u/VJHijgedC/Legn3BAbAaWPgecwXBIDzw5no=
 github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
 github.com/google/martian/v3 v3.0.0 h1:pMen7vLs8nvgEYhywH3KDWJIJTeEr2ULsVWHWYHQyBs=
 github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0=
 github.com/google/martian/v3 v3.1.0 h1:wCKgOCHuUEVfsaQLpPSJb7VdYCdTVZQAuOdYm1yc/60=
 github.com/google/martian/v3 v3.1.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0=
@ -151,11 +115,9 @@ github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+
 github.com/googleapis/gax-go/v2 v2.0.5 h1:sjZBwGj9Jlw33ImPtvFviGYvseOtDM7hkSKB7+Tv3SM=
 github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
 github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
 github.com/hashicorp/golang-lru v0.5.1 h1:0hERBMJE1eitiLkihrMvRVBYAkpHzc/J3QdDN+dAcgU=
 github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
 github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
 github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
 github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024 h1:rBMNdlhTLzJjJSDIjNEXX1Pz3Hmwmz91v+zycvx9PJc=
 github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU=
 github.com/jstemmer/go-junit-report v0.9.1 h1:6QPYqodiu3GuPL+7mfx+NwDdp2eTkp9IfEUpgAwUN0o=
 github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk=
@ -174,13 +136,9 @@ github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9de
 github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
 go.opencensus.io v0.22.0 h1:C9hSCOW830chIVkdja34wa6Ky+IzWllkUinR+BtRZd4=
 go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
 go.opencensus.io v0.22.2 h1:75k/FF0Q2YM8QYo07VPddOLBslDt1MZOdEslOHvmzAs=
 go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
 go.opencensus.io v0.22.3 h1:8sGtKOrtQqkN1bp2AtX+misvLIlOmsEsNd+9NIcPEm8=
 go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
 go.opencensus.io v0.22.4 h1:LYy1Hy3MJdrCdMwwzxA/dRok4ejH+RwNGbuoD9fCjto=
 go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
 go.opencensus.io v0.22.5 h1:dntmOdLpSpHlVqbW5Eay97DelsZHe+55D+xC6i0dDS0=
 go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk=
@ -192,17 +150,12 @@ golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPh
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
 golang.org/x/exp v0.0.0-20190829153037-c13cbed26979 h1:Agxu5KLo8o7Bb634SVDnhIfpTvxmzUwhbYAzBvXt6h4=
 golang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek=
 golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY=
 golang.org/x/exp v0.0.0-20191129062945-2f5052295587/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
 golang.org/x/exp v0.0.0-20191227195350-da58074b4299 h1:zQpM52jfKHG6II1ISZY1ZcpygvuSFZpLwfluuF89XOg=
 golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a h1:7Wlg8L54In96HTWOaI4sreLJ6qfyGuvSau5el3fK41Y=
 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
 golang.org/x/exp v0.0.0-20200207192155-f17229e696bd h1:zkO/Lhoka23X63N9OSzpSeROEUQ5ODw47tM3YWjygbs=
 golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM=
 golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6 h1:QE6XYQK6naiK1EPAe1g/ILLxN5RBoH5xkJk3CqlMI/Y=
 golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU=
 golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
 golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
@ -211,14 +164,10 @@ golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvx
 golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
 golang.org/x/lint v0.0.0-20190409202823-959b441ac422/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
 golang.org/x/lint v0.0.0-20190909230951-414d861bb4ac h1:8R1esu+8QioDxo4E4mX6bFztO+dMTM49DNAaWfO5OeY=
 golang.org/x/lint v0.0.0-20190909230951-414d861bb4ac/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
 golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
 golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f h1:J5lckAjkw6qYlOZNj90mLYNTEKDvWeuc1yieZ8qUzUE=
 golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRuDixDT3tpyyb+LUpUlRWLxfhWrs=
 golang.org/x/lint v0.0.0-20200130185559-910be7a94367 h1:0IiAsCRByjO2QjX7ZPkw5oU9x+n1YqRL802rjC0c3Aw=
 golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
 golang.org/x/lint v0.0.0-20200302205851-738671d3881b h1:Wh+f8QHJXR411sJR8/vRBTZ7YapZaRvUcLFFJhusH0k=
 golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
 golang.org/x/lint v0.0.0-20201208152925-83fdc39ff7b5 h1:2M3HP5CCK1Si9FQhwnzYhXdG6DXeebvUHFpre8QvbyI=
 golang.org/x/lint v0.0.0-20201208152925-83fdc39ff7b5/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
@ -226,14 +175,10 @@ golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU
 golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o=
 golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc=
 golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY=
 golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee h1:WG0RUwxtNT4qqaXX3DPA8zHFNm/D9xaBpxzHt1WcA/E=
 golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
 golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
 golang.org/x/mod v0.2.0 h1:KU7oHjnv3XNWfa5COkzUifxZmxp1TyI7ImMXqFxLwvQ=
 golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.3.0 h1:RM4zey1++hCTbCVQfnWeKs9/IEsaBLA8vTkd0WVtmH4=
 golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.0 h1:8pl+sMODzuvGJkmj2W4kZihvVb5mKm8pB/X44PIQHv8=
 golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.1 h1:Kvvh58BN8Y9/lBi7hTekvtMpm07eUZ0ck5pRHpsMWrY=
 golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
@ -246,65 +191,44 @@ golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn
 golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859 h1:R/3boaszxrf1GEUWTVDzSKVwLmSJpwZ1yqXm8j0v2QI=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa h1:F+8P+gmewFQYRk6JoLQLwjBCTu3mcIURZfNkVweuRKA=
 golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200202094626-16171245cfb2 h1:CCH4IOTTfewWjGOlSp+zGcjutRKlBEZQ6wTn8ozI/nI=
 golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200222125558-5a598a2470a0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200226121028-0de0cce0169b h1:0mm1VjtFUOIlE1SbDlwjYaDxZVDP2S5ou6y0gSgXHu8=
 golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200301022130-244492dfa37a h1:GuSPYbZzB5/dcLNCwLQLsg3obCJtX9IJhpXkvY7kzk0=
 golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e h1:3G+cUijn7XD+S4eJFddp53Pv7+slrESplyjG25HgL+k=
 golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
 golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5 h1:WQ8q63x+f/zpC8Ac1s9wLElVoHhm32p6tudrU72n1QA=
 golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
 golang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
 golang.org/x/net v0.0.0-20200513185701-a91f0712d120/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
 golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2 h1:eDrdRpKgkcCqKZQwyZRyeFZgfqt37SL7Kv3tok06cKE=
 golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
 golang.org/x/net v0.0.0-20200625001655-4c5254603344 h1:vGXIOMxbNfDTk/aXCmfdLgkrSV+Z2tcbze+pEc3v5W4=
 golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
 golang.org/x/net v0.0.0-20200707034311-ab3426394381 h1:VXak5I6aEWmAXeQjA+QSZzlgNrpq9mjcfDemuexIKsU=
 golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
 golang.org/x/net v0.0.0-20200822124328-c89045814202 h1:VvcQYSHwXgi7W+TpUR6A9g6Up98WAHf3f/ulnJ62IyA=
 golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
 golang.org/x/net v0.0.0-20201021035429-f5854403a974 h1:IX6qOQeG5uLjB/hjjwjedwfjND0hgjPMMyO1RoIXQNI=
 golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20201031054903-ff519b6c9102 h1:42cLlJJdEh+ySyeUUbEQ5bsTiq8voBeTuweGVkY6Puw=
 golang.org/x/net v0.0.0-20201031054903-ff519b6c9102/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20201209123823-ac852fbbde11/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20201224014010-6772e930b67b h1:iFwSg7t5GZmB/Q5TjiEAsdoLDrdJRC1RiF2WhuV29Qw=
 golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45 h1:SVwTIAaPC2U/AvvLNZ2a7OVsmBpC8L5BlwK1whH3hm0=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d h1:TzXSXBo42m9gQenoE3b9BGiEpg5IG2JkU5FkPIawgtw=
 golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20200902213428-5d25da1a8d43 h1:ld7aEMNHoBnnDAX15v1T6z31v8HwR2A9FYOuAhWqkwc=
 golang.org/x/oauth2 v0.0.0-20200902213428-5d25da1a8d43/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20201109201403-9fd604954f58 h1:Mj83v+wSRNEar42a/MQgxk9X42TdEmrOl9i+y8WbxLo=
 golang.org/x/oauth2 v0.0.0-20201109201403-9fd604954f58/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20201208152858-08078c50e5b5 h1:Lm4OryKCca1vehdsWogr9N4t7NfZxLbJoc/H0w4K4S4=
 golang.org/x/oauth2 v0.0.0-20201208152858-08078c50e5b5/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20210113205817-d3ed898aa8a3 h1:BaN3BAqnopnKjvl+15DYP6LLrbBHfbfmlFYzmFj/Q9Q=
+golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99 h1:5vD4XjIc0X5+kHZjx4UecYdjA6mJo+XXNoaW0EjU5Os=
-golang.org/x/oauth2 v0.0.0-20210113205817-d3ed898aa8a3/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
+golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58 h1:8gQV6CLnAEikrhgkHFbMAEhagSSnXWGV915qUMm9mrU=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e h1:vcxGaoTs7kV8m5Np9uUNQin4BrLOthgV7252N8V+FwY=
 golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a h1:WXEvlFVvvGxCJLG6REjsT03iWnKLEWinaScsxF2Vm2o=
 golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@ -316,55 +240,37 @@ golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0 h1:HyfiK1WMnHj5FXFXatD+Qs1A/xC2Run6RzeW1SyHxpc=
 golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200113162924-86b910548bc1 h1:gZpLHxUX5BdYLA08Lj4YCJNN/jk7KtquiArPoeX0WvA=
 golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200122134326-e047566fdf82 h1:ywK/j/KkyTHcdyYSZNXGjMwgmDSfjglYZ3vStQ/gSCU=
 golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5 h1:LfCXLvNmTYH9kEmVgqbnsWfruoXZIrh4YBgqVHtDvw0=
 golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200212091648-12a6c2dcc1e4 h1:sfkvUWPNGwSV+8/fNqctR5lS2AqCSqYwXdrjCxp/dXo=
 golang.org/x/sys v0.0.0-20200212091648-12a6c2dcc1e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae h1:/WDfKMnPU+m5M4xB+6x4kaepxRw6jWvR5iDRdvjHgy8=
 golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527 h1:uYVVQ9WP/Ds2ROhcaGPeIdVq0RIXVLwsHlnvJ+cT1So=
 golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd h1:xhmwyvizuTgC2qz7ZlMluP20uW+C3Rm0FD/WLDX8884=
 golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200331124033-c3d80250170d h1:nc5K6ox/4lTFbMVSL9WRR81ixkcwXThoiF6yf+R9scA=
 golang.org/x/sys v0.0.0-20200331124033-c3d80250170d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200501052902-10377860bb8e h1:hq86ru83GdWTlfQFZGO4nZJTU4Bs2wfHl8oFHRaXsfc=
 golang.org/x/sys v0.0.0-20200501052902-10377860bb8e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200523222454-059865788121 h1:rITEj+UZHYC927n8GT97eC3zrpzXdb/voyeOuVKS46o=
 golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200803210538-64077c9b5642 h1:B6caxRw+hozq68X2MY7jEpZh/cr4/aHLv9xU8Kkadrw=
 golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200905004654-be1d3432aa8f h1:Fqb3ao1hUmOR3GkUOg/Y+BadLwykBIzs5q8Ez2SbHyc=
 golang.org/x/sys v0.0.0-20200905004654-be1d3432aa8f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f h1:+Nyd8tzPX9R7BWHguqsrbFdRx3WQ/1ib8I44HXV5yTA=
 golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201201145000-ef89a241ccb3 h1:kzM6+9dur93BcC2kVlYl34cHU+TYZLanmpSJHVMmL64=
 golang.org/x/sys v0.0.0-20201201145000-ef89a241ccb3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210104204734-6f8348627aad/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4 h1:myAQVi0cGEoqQVR5POX+8RR2mrocKqNN1hmeMqhX27k=
 golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c h1:VwygUrnw9jn88c4u8GD3rZQbqrP/tgas88tPUbBxQrk=
+golang.org/x/sys v0.0.0-20210225134936-a50acf3fe073 h1:8qxJSnu+7dRq6upnbntrmriWByIakBuct5OM/MdQC1M=
-golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210225134936-a50acf3fe073/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2 h1:tW2bmiBqwgJj/UpqtC8EpXEZVYOwU0yG4iWbprSVAcs=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3 h1:cokOdA+Jmi5PJGXLlLllQSgYigAEfHXJAERHVMaCc2k=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.4 h1:0YWbFKbhXG/wIiuHDSKpS0Iy7FSA+u45VtBMfQcFTTc=
 golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
@ -384,7 +290,6 @@ golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgw
 golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
 golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
 golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff h1:On1qIo75ByTwFJ4/W2bIqHcwJ9XAqtSWUs8GwRrIhtc=
 golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
@ -394,32 +299,22 @@ golang.org/x/tools v0.0.0-20191125144606-a911d9008d1f/go.mod h1:b+2E5dAYhXwXZwtn
 golang.org/x/tools v0.0.0-20191130070609-6e064ea0cf2d/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191216173652-a0e659d51361/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/tools v0.0.0-20191227053925-7b8e75db28f4/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/tools v0.0.0-20200117161641-43d50277825c h1:2EA2K0k9bcvvEDlqD8xdlOhCOqq+O/p9Voqi4x9W1YU=
 golang.org/x/tools v0.0.0-20200117161641-43d50277825c/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/tools v0.0.0-20200122220014-bf1340f18c4a h1:7YaEqUc1tUg0yDwvdX+3U5bwrBg7u3FFAZ5D8gUs4/c=
 golang.org/x/tools v0.0.0-20200122220014-bf1340f18c4a/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/tools v0.0.0-20200204074204-1cc6d1ef6c74 h1:KW20qMcLRWuIgjdCpHFJbVZA7zsDKtFXPNcm7/eI5ZA=
 golang.org/x/tools v0.0.0-20200204074204-1cc6d1ef6c74/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/tools v0.0.0-20200207183749-b753a1ba74fa/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/tools v0.0.0-20200212150539-ea181f53ac56 h1:DFtSed2q3HtNuVazwVDZ4nSRS/JrZEig0gz2BY4VNrg=
 golang.org/x/tools v0.0.0-20200212150539-ea181f53ac56/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/tools v0.0.0-20200224181240-023911ca70b2/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/tools v0.0.0-20200227222343-706bc42d1f0d h1:7M9AXzLrJWWGdDYtBblPHBTnHtaN6KKQ98OYb35mLlY=
 golang.org/x/tools v0.0.0-20200227222343-706bc42d1f0d/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb h1:iKlO7ROJc6SttHKlxzwGytRtBUqX4VARrNTgP2YLX5M=
 golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw=
 golang.org/x/tools v0.0.0-20200312045724-11d5b4c81c7d h1:3K34ovZAOnVaUPxanr0j4ghTZTPTA0CnXvjCl+5lZqk=
 golang.org/x/tools v0.0.0-20200312045724-11d5b4c81c7d/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw=
 golang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4 h1:kDtqNkeBrZb8B+atrj50B5XLHpzXXqcCdZPP/ApQ5NY=
 golang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8=
 golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d h1:lzLdP95xJmMpwQ6LUHwrc5V7js93hTiY7gkznu0BgmY=
 golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20200618134242-20370b0cb4b2/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
 golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d h1:szSOL78iTCl0LF1AMjhSWJj8tIM0KixlUUnBtYXsmd8=
 golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
 golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
 golang.org/x/tools v0.0.0-20200904185747-39188db58858/go.mod h1:Cj7w3i3Rnn0Xh82ur9kSqwfTHTeVxaDqrfMjpcNT6bE=
@ -451,18 +346,15 @@ google.golang.org/api v0.24.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0M
 google.golang.org/api v0.28.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE=
 google.golang.org/api v0.29.0/go.mod h1:Lcubydp8VUV7KeIHD9z2Bys/sm/vGKnG1UHuDBSrHWM=
 google.golang.org/api v0.30.0/go.mod h1:QGmEvQ87FHZNiUVJkT14jQNYJ4ZJjdRF23ZXz5138Fc=
 google.golang.org/api v0.35.0 h1:TBCmTTxUrRDA1iTctnK/fIeitxIZ+TQuaf0j29fmCGo=
 google.golang.org/api v0.35.0/go.mod h1:/XrVsuzM0rZmrsbjJutiuftIzeuTQcEeaYcSk/mQ1dg=
 google.golang.org/api v0.36.0 h1:l2Nfbl2GPXdWorv+dT2XfinX2jOOw4zv1VhLstx+6rE=
 google.golang.org/api v0.36.0/go.mod h1:+z5ficQTmoYpPn8LCUNVpK5I7hwkpjbcgqA7I34qYtE=
-google.golang.org/api v0.38.0 h1:vDyWk6eup8eQAidaZ31sNWIn8tZEL8qpbtGkBD4ytQo=
+google.golang.org/api v0.40.0 h1:uWrpz12dpVPn7cojP82mk02XDgTJLDPc2KbVTxrWb4A=
-google.golang.org/api v0.38.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjRCQ8=
+google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjRCQ8=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0=
 google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
 google.golang.org/appengine v1.6.6 h1:lMO5rYAqUxkmaj76jAkRUvt5JZgFymx/+Q5Mzfivuhc=
 google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
 google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c=
 google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
@ -501,8 +393,8 @@ google.golang.org/genproto v0.0.0-20201201144952-b05cb90ed32e/go.mod h1:FWY/as6D
 google.golang.org/genproto v0.0.0-20201210142538-e3217bee35cc/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20201214200347-8c77b98c765d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20210108203827-ffc7fda8c3d7/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20210203152818-3206188e46ba h1:np3A9jnmE/eMtrOwwvUycmQ1XoLyj5nqZ41bAyYLqJ0=
+google.golang.org/genproto v0.0.0-20210226172003-ab064af71705 h1:PYBmACG+YEv8uQPW0r1kJj8tR+gkF0UWq7iFdUezwEw=
-google.golang.org/genproto v0.0.0-20210203152818-3206188e46ba/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20210226172003-ab064af71705/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
 google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
@ -517,7 +409,6 @@ google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM
 google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
 google.golang.org/grpc v1.31.1/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
 google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc=
 google.golang.org/grpc v1.34.0 h1:raiipEjMOIC/TO2AvyTxP25XFdLxNIBwzDh3FM3XztI=
 google.golang.org/grpc v1.34.0/go.mod h1:WotjhfgOW/POjDeRt8vscBtXq+2VjORFy659qA51WJ8=
 google.golang.org/grpc v1.35.0 h1:TwIQcH3es+MojMVojxxfQ3l3OF2KzlRxML2xZq0kRo8=
 google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
--- a/vendor/github.com/VictoriaMetrics/metrics/histogram.go
+++ b/vendor/github.com/VictoriaMetrics/metrics/histogram.go
@ -86,14 +86,6 @@ func (h *Histogram) Update(v float64) {
 		return
 	}
 	bucketIdx := (math.Log10(v) - e10Min) * bucketsPerDecimal
 	idx := uint(bucketIdx)
 	if bucketIdx == float64(idx) {
 		// Edge case for 10^n values, which must go to the lower bucket
 		// according to Prometheus logic for `le`-based histograms.
 		idx--
 	}
 	decimalBucketIdx := idx / bucketsPerDecimal
 	offset := idx % bucketsPerDecimal
 	h.mu.Lock()
 	h.sum += v
 	if bucketIdx < 0 {
@ -101,6 +93,14 @@ func (h *Histogram) Update(v float64) {
 	} else if bucketIdx >= bucketsCount {
 		h.upper++
 	} else {
 		idx := uint(bucketIdx)
 		if bucketIdx == float64(idx) && idx > 0 {
 			// Edge case for 10^n values, which must go to the lower bucket
 			// according to Prometheus logic for `le`-based histograms.
 			idx--
 		}
 		decimalBucketIdx := idx / bucketsPerDecimal
 		offset := idx % bucketsPerDecimal
 		db := h.decimalBuckets[decimalBucketIdx]
 		if db == nil {
 			var b [bucketsPerDecimal]uint64
--- a/vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/assume_role_provider.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/assume_role_provider.go
@ -95,7 +95,7 @@ import (
 // StdinTokenProvider will prompt on stderr and read from stdin for a string value.
 // An error is returned if reading from stdin fails.
 //
-// Use this function go read MFA tokens from stdin. The function makes no attempt
+// Use this function to read MFA tokens from stdin. The function makes no attempt
 // to make atomic prompts from stdin across multiple gorouties.
 //
 // Using StdinTokenProvider with multiple AssumeRoleProviders, or Credentials will
--- a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go
@ -1765,7 +1765,10 @@ var awsPartition = partition{
 		"contact-lens": service{
 			Endpoints: endpoints{
 				"ap-northeast-1": endpoint{},
 				"ap-southeast-2": endpoint{},
 				"eu-central-1":   endpoint{},
 				"eu-west-2":      endpoint{},
 				"us-east-1":      endpoint{},
 				"us-west-2":      endpoint{},
 			},
@ -3847,11 +3850,12 @@ var awsPartition = partition{
 						Region: "us-west-2",
 					},
 				},
-				"sa-east-1": endpoint{},
+				"me-south-1": endpoint{},
-				"us-east-1": endpoint{},
+				"sa-east-1":  endpoint{},
-				"us-east-2": endpoint{},
+				"us-east-1":  endpoint{},
-				"us-west-1": endpoint{},
+				"us-east-2":  endpoint{},
-				"us-west-2": endpoint{},
+				"us-west-1":  endpoint{},
 				"us-west-2":  endpoint{},
 			},
 		},
 		"lambda": service{
@ -6582,6 +6586,8 @@ var awsPartition = partition{
 		"transfer": service{
 			Endpoints: endpoints{
 				"af-south-1":     endpoint{},
 				"ap-east-1":      endpoint{},
 				"ap-northeast-1": endpoint{},
 				"ap-northeast-2": endpoint{},
 				"ap-south-1":     endpoint{},
@ -6623,11 +6629,12 @@ var awsPartition = partition{
 						Region: "us-west-2",
 					},
 				},
-				"sa-east-1": endpoint{},
+				"me-south-1": endpoint{},
-				"us-east-1": endpoint{},
+				"sa-east-1":  endpoint{},
-				"us-east-2": endpoint{},
+				"us-east-1":  endpoint{},
-				"us-west-1": endpoint{},
+				"us-east-2":  endpoint{},
-				"us-west-2": endpoint{},
+				"us-west-1":  endpoint{},
 				"us-west-2":  endpoint{},
 			},
 		},
 		"translate": service{
@ -10381,6 +10388,19 @@ var awsisobPartition = partition{
 				"us-isob-east-1": endpoint{},
 			},
 		},
 		"route53": service{
 			PartitionEndpoint: "aws-iso-b-global",
 			IsRegionalized:    boxedFalse,
 			Endpoints: endpoints{
 				"aws-iso-b-global": endpoint{
 					Hostname: "route53.sc2s.sgov.gov",
 					CredentialScope: credentialScope{
 						Region: "us-isob-east-1",
 					},
 				},
 			},
 		},
 		"s3": service{
 			Defaults: endpoint{
 				Protocols:         []string{"http", "https"},
--- a/vendor/github.com/aws/aws-sdk-go/aws/version.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/version.go
@ -5,4 +5,4 @@ package aws
 const SDKName = "aws-sdk-go"
 // SDKVersion is the version of this SDK
-const SDKVersion = "1.37.12"
+const SDKVersion = "1.37.22"
--- a/vendor/github.com/aws/aws-sdk-go/service/s3/api.go
+++ b/vendor/github.com/aws/aws-sdk-go/service/s3/api.go
@ -2852,9 +2852,12 @@ func (c *S3) GetBucketEncryptionRequest(input *GetBucketEncryptionInput) (req *r
 // GetBucketEncryption API operation for Amazon Simple Storage Service.
 //
-// Returns the default encryption configuration for an Amazon S3 bucket. For
+// Returns the default encryption configuration for an Amazon S3 bucket. If
-// information about the Amazon S3 default encryption feature, see Amazon S3
+// the bucket does not have a default encryption configuration, GetBucketEncryption
-// Default Bucket Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html).
+// returns ServerSideEncryptionConfigurationNotFoundError.
 //
 // For information about the Amazon S3 default encryption feature, see Amazon
 // S3 Default Bucket Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html).
 //
 // To use this operation, you must have permission to perform the s3:GetEncryptionConfiguration
 // action. The bucket owner has this permission by default. The bucket owner
@ -5042,6 +5045,8 @@ func (c *S3) GetObjectTaggingRequest(input *GetObjectTaggingInput) (req *request
 //
 //    * PutObjectTagging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObjectTagging.html)
 //
 //    * DeleteObjectTagging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteObjectTagging.html)
 //
 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
 // with awserr.Error's Code and Message methods to get detailed information about
 // the error.
@ -5302,8 +5307,12 @@ func (c *S3) HeadBucketRequest(input *HeadBucketInput) (req *request.Request, ou
 //
 // This operation is useful to determine if a bucket exists and you have permission
 // to access it. The operation returns a 200 OK if the bucket exists and you
-// have permission to access it. Otherwise, the operation might return responses
+// have permission to access it.
-// such as 404 Not Found and 403 Forbidden.
+//
 // If the bucket does not exist or you do not have permission to access it,
 // the HEAD request returns a generic 404 Not Found or 403 Forbidden code. A
 // message body is not included, so you cannot determine the exception beyond
 // these error codes.
 //
 // To use this operation, you must have permissions to perform the s3:ListBucket
 // action. The bucket owner has this permission by default and can grant this
@ -5394,7 +5403,9 @@ func (c *S3) HeadObjectRequest(input *HeadObjectInput) (req *request.Request, ou
 //
 // A HEAD request has the same options as a GET operation on an object. The
 // response is identical to the GET response except that there is no response
-// body.
+// body. Because of this, if the HEAD request generates an error, it returns
 // a generic 404 Not Found or 403 Forbidden code. It is not possible to retrieve
 // the exact exception beyond these error codes.
 //
 // If you encrypt an object by using server-side encryption with customer-provided
 // encryption keys (SSE-C) when you store the object in Amazon S3, then when
@ -5409,11 +5420,14 @@ func (c *S3) HeadObjectRequest(input *HeadObjectInput) (req *request.Request, ou
 // For more information about SSE-C, see Server-Side Encryption (Using Customer-Provided
 // Encryption Keys) (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html).
 //
-// Encryption request headers, like x-amz-server-side-encryption, should not
+//    * Encryption request headers, like x-amz-server-side-encryption, should
-// be sent for GET requests if your object uses server-side encryption with
+//    not be sent for GET requests if your object uses server-side encryption
-// CMKs stored in AWS KMS (SSE-KMS) or server-side encryption with Amazon S3–managed
+//    with CMKs stored in AWS KMS (SSE-KMS) or server-side encryption with Amazon
-// encryption keys (SSE-S3). If your object does use these types of keys, you’ll
+//    S3–managed encryption keys (SSE-S3). If your object does use these types
-// get an HTTP 400 BadRequest error.
+//    of keys, you’ll get an HTTP 400 BadRequest error.
 //
 //    * The last modified property in this case is the creation date of the
 //    object.
 //
 // Request headers are limited to 8 KB in size. For more information, see Common
 // Request Headers (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTCommonRequestHeaders.html).
@ -6482,7 +6496,8 @@ func (c *S3) ListObjectsV2Request(input *ListObjectsV2Input) (req *request.Reque
 // the request parameters as selection criteria to return a subset of the objects
 // in a bucket. A 200 OK response can contain valid or invalid XML. Make sure
 // to design your application to parse the contents of the response and handle
-// it appropriately.
+// it appropriately. Objects are returned sorted in an ascending order of the
 // respective key names in the list.
 //
 // To use this operation, you must have READ access to the bucket.
 //
@ -7415,7 +7430,8 @@ func (c *S3) PutBucketIntelligentTieringConfigurationRequest(input *PutBucketInt
 // PutBucketIntelligentTieringConfiguration API operation for Amazon Simple Storage Service.
 //
-// Puts a S3 Intelligent-Tiering configuration to the specified bucket.
+// Puts a S3 Intelligent-Tiering configuration to the specified bucket. You
 // can have up to 1,000 S3 Intelligent-Tiering configurations per bucket.
 //
 // The S3 Intelligent-Tiering storage class is designed to optimize storage
 // costs by automatically moving data to the most cost-effective storage access
@ -7442,6 +7458,22 @@ func (c *S3) PutBucketIntelligentTieringConfigurationRequest(input *PutBucketInt
 //
 //    * ListBucketIntelligentTieringConfigurations (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketIntelligentTieringConfigurations.html)
 //
 // You only need S3 Intelligent-Tiering enabled on a bucket if you want to automatically
 // move objects stored in the S3 Intelligent-Tiering storage class to the Archive
 // Access or Deep Archive Access tier.
 //
 // Special Errors
 //
 //    * HTTP 400 Bad Request Error Code: InvalidArgument Cause: Invalid Argument
 //
 //    * HTTP 400 Bad Request Error Code: TooManyConfigurations Cause: You are
 //    attempting to create a new configuration but have already reached the
 //    1,000-configuration limit.
 //
 //    * HTTP 403 Forbidden Error Code: AccessDenied Cause: You are not the owner
 //    of the specified bucket, or you do not have the s3:PutIntelligentTieringConfiguration
 //    bucket permission to set the configuration on the bucket.
 //
 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
 // with awserr.Error's Code and Message methods to get detailed information about
 // the error.
@ -9751,6 +9783,8 @@ func (c *S3) PutObjectTaggingRequest(input *PutObjectTaggingInput) (req *request
 //
 //    * GetObjectTagging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectTagging.html)
 //
 //    * DeleteObjectTagging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteObjectTagging.html)
 //
 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
 // with awserr.Error's Code and Message methods to get detailed information about
 // the error.
@ -12341,6 +12375,10 @@ type Condition struct {
 	// the parent element Condition is specified and sibling HttpErrorCodeReturnedEquals
 	// is not specified. If both conditions are specified, both must be true for
 	// the redirect to be applied.
 	//
 	// Replacement must be made for object keys containing special characters (such
 	// as carriage returns) when using XML requests. For more information, see XML
 	// related object key constraints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints).
 	KeyPrefixEquals *string `type:"string"`
 }
@ -13083,10 +13121,10 @@ type CopyObjectResult struct {
 	// Returns the ETag of the new object. The ETag reflects only changes to the
 	// contents of an object, not its metadata. The source and destination ETag
-	// is identical for a successfully copied object.
+	// is identical for a successfully copied non-multipart object.
 	ETag *string `type:"string"`
-	// Returns the date that the object was last modified.
+	// Creation date of the object.
 	LastModified *time.Time `type:"timestamp"`
 }
@ -15667,7 +15705,8 @@ type DeleteObjectTaggingInput struct {
 	// error.
 	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
-	// Name of the object key.
+	// The key that identifies the object in the bucket from which to remove all
 	// tags.
 	//
 	// Key is a required field
 	Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"`
@ -16821,6 +16860,10 @@ type ErrorDocument struct {
 	// The object key name to use when a 4XX class error occurs.
 	//
 	// Replacement must be made for object keys containing special characters (such
 	// as carriage returns) when using XML requests. For more information, see XML
 	// related object key constraints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints).
 	//
 	// Key is a required field
 	Key *string `min:"1" type:"string" required:"true"`
 }
@ -19565,14 +19608,14 @@ type GetObjectInput struct {
 	// Sets the Expires header of the response.
 	ResponseExpires *time.Time `location:"querystring" locationName:"response-expires" type:"timestamp" timestampFormat:"rfc822"`
-	// Specifies the algorithm to use to when encrypting the object (for example,
+	// Specifies the algorithm to use to when decrypting the object (for example,
 	// AES256).
 	SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"`
-	// Specifies the customer-provided encryption key for Amazon S3 to use in encrypting
+	// Specifies the customer-provided encryption key for Amazon S3 used to encrypt
-	// data. This value is used to store the object and then it is discarded; Amazon
+	// the data. This value is used to decrypt the object when recovering it and
-	// S3 does not store the encryption key. The key must be appropriate for use
+	// must match the one used when storing the data. The key must be appropriate
-	// with the algorithm specified in the x-amz-server-side-encryption-customer-algorithm
+	// for use with the algorithm specified in the x-amz-server-side-encryption-customer-algorithm
 	// header.
 	SSECustomerKey *string `marshal-as:"blob" location:"header" locationName:"x-amz-server-side-encryption-customer-key" type:"string" sensitive:"true"`
@ -20103,7 +20146,7 @@ type GetObjectOutput struct {
 	// The date and time at which the object is no longer cacheable.
 	Expires *string `location:"header" locationName:"Expires" type:"string"`
-	// Last modified date of the object
+	// Creation date of the object.
 	LastModified *time.Time `location:"header" locationName:"Last-Modified" type:"timestamp"`
 	// A map of metadata to store with the object in S3.
@ -20570,6 +20613,13 @@ type GetObjectTaggingInput struct {
 	// Key is a required field
 	Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"`
 	// Confirms that the requester knows that they will be charged for the request.
 	// Bucket owners need not specify this parameter in their requests. For information
 	// about downloading objects from requester pays buckets, see Downloading Objects
 	// in Requestor Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
 	// in the Amazon S3 Developer Guide.
 	RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"`
 	// The versionId of the object for which to get the tagging information.
 	VersionId *string `location:"querystring" locationName:"versionId" type:"string"`
 }
@ -20631,6 +20681,12 @@ func (s *GetObjectTaggingInput) SetKey(v string) *GetObjectTaggingInput {
 	return s
 }
 // SetRequestPayer sets the RequestPayer field's value.
 func (s *GetObjectTaggingInput) SetRequestPayer(v string) *GetObjectTaggingInput {
 	s.RequestPayer = &v
 	return s
 }
 // SetVersionId sets the VersionId field's value.
 func (s *GetObjectTaggingInput) SetVersionId(v string) *GetObjectTaggingInput {
 	s.VersionId = &v
@ -21555,7 +21611,7 @@ type HeadObjectOutput struct {
 	// The date and time at which the object is no longer cacheable.
 	Expires *string `location:"header" locationName:"Expires" type:"string"`
-	// Last modified date of the object
+	// Creation date of the object.
 	LastModified *time.Time `location:"header" locationName:"Last-Modified" type:"timestamp"`
 	// A map of metadata to store with the object in S3.
@ -21881,6 +21937,10 @@ type IndexDocument struct {
 	// with the key name images/index.html) The suffix must not be empty and must
 	// not include a slash character.
 	//
 	// Replacement must be made for object keys containing special characters (such
 	// as carriage returns) when using XML requests. For more information, see XML
 	// related object key constraints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints).
 	//
 	// Suffix is a required field
 	Suffix *string `type:"string" required:"true"`
 }
@ -22164,6 +22224,10 @@ type IntelligentTieringFilter struct {
 	// An object key name prefix that identifies the subset of objects to which
 	// the rule applies.
 	//
 	// Replacement must be made for object keys containing special characters (such
 	// as carriage returns) when using XML requests. For more information, see XML
 	// related object key constraints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints).
 	Prefix *string `type:"string"`
 	// A container of a key value name pair.
@ -22911,6 +22975,10 @@ type LifecycleRule struct {
 	// Prefix identifying one or more objects to which the rule applies. This is
 	// No longer used; use Filter instead.
 	//
 	// Replacement must be made for object keys containing special characters (such
 	// as carriage returns) when using XML requests. For more information, see XML
 	// related object key constraints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints).
 	//
 	// Deprecated: Prefix has been deprecated
 	Prefix *string `deprecated:"true" type:"string"`
@ -23073,6 +23141,10 @@ type LifecycleRuleFilter struct {
 	And *LifecycleRuleAndOperator `type:"structure"`
 	// Prefix identifying one or more objects to which the rule applies.
 	//
 	// Replacement must be made for object keys containing special characters (such
 	// as carriage returns) when using XML requests. For more information, see XML
 	// related object key constraints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints).
 	Prefix *string `type:"string"`
 	// This tag must exist in the object's tag set in order for the rule to apply.
@ -24579,8 +24651,8 @@ func (s ListObjectsInput) updateArnableField(v string) (interface{}, error) {
 type ListObjectsOutput struct {
 	_ struct{} `type:"structure"`
-	// All of the keys rolled up in a common prefix count as a single return when
+	// All of the keys (up to 1,000) rolled up in a common prefix count as a single
-	// calculating the number of returns.
+	// return when calculating the number of returns.
 	//
 	// A response can contain CommonPrefixes only if you specify a delimiter.
 	//
@ -24891,8 +24963,8 @@ func (s ListObjectsV2Input) updateArnableField(v string) (interface{}, error) {
 type ListObjectsV2Output struct {
 	_ struct{} `type:"structure"`
-	// All of the keys rolled up into a common prefix count as a single return when
+	// All of the keys (up to 1,000) rolled up into a common prefix count as a single
-	// calculating the number of returns.
+	// return when calculating the number of returns.
 	//
 	// A response can contain CommonPrefixes only if you specify a delimiter.
 	//
@ -24936,8 +25008,8 @@ type ListObjectsV2Output struct {
 	IsTruncated *bool `type:"boolean"`
 	// KeyCount is the number of keys returned with this request. KeyCount will
-	// always be less than equals to MaxKeys field. Say you ask for 50 keys, your
+	// always be less than or equals to MaxKeys field. Say you ask for 50 keys,
-	// result will include less than equals 50 keys
+	// your result will include less than equals 50 keys
 	KeyCount *int64 `type:"integer"`
 	// Sets the maximum number of keys returned in the response. By default the
@ -26195,7 +26267,7 @@ type Object struct {
 	// the object.
 	Key *string `min:"1" type:"string"`
-	// The date the Object was Last Modified
+	// Creation date of the object.
 	LastModified *time.Time `type:"timestamp"`
 	// The owner of the object
@ -26258,7 +26330,11 @@ func (s *Object) SetStorageClass(v string) *Object {
 type ObjectIdentifier struct {
 	_ struct{} `type:"structure"`
-	// Key name of the object to delete.
+	// Key name of the object.
 	//
 	// Replacement must be made for object keys containing special characters (such
 	// as carriage returns) when using XML requests. For more information, see XML
 	// related object key constraints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints).
 	//
 	// Key is a required field
 	Key *string `min:"1" type:"string" required:"true"`
@ -30815,6 +30891,13 @@ type PutObjectTaggingInput struct {
 	// Key is a required field
 	Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"`
 	// Confirms that the requester knows that they will be charged for the request.
 	// Bucket owners need not specify this parameter in their requests. For information
 	// about downloading objects from requester pays buckets, see Downloading Objects
 	// in Requestor Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
 	// in the Amazon S3 Developer Guide.
 	RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"`
 	// Container for the TagSet and Tag elements
 	//
 	// Tagging is a required field
@ -30889,6 +30972,12 @@ func (s *PutObjectTaggingInput) SetKey(v string) *PutObjectTaggingInput {
 	return s
 }
 // SetRequestPayer sets the RequestPayer field's value.
 func (s *PutObjectTaggingInput) SetRequestPayer(v string) *PutObjectTaggingInput {
 	s.RequestPayer = &v
 	return s
 }
 // SetTagging sets the Tagging field's value.
 func (s *PutObjectTaggingInput) SetTagging(v *Tagging) *PutObjectTaggingInput {
 	s.Tagging = v
@ -31275,11 +31364,19 @@ type Redirect struct {
 	// and in the Redirect set ReplaceKeyPrefixWith to /documents. Not required
 	// if one of the siblings is present. Can be present only if ReplaceKeyWith
 	// is not provided.
 	//
 	// Replacement must be made for object keys containing special characters (such
 	// as carriage returns) when using XML requests. For more information, see XML
 	// related object key constraints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints).
 	ReplaceKeyPrefixWith *string `type:"string"`
 	// The specific object key to use in the redirect request. For example, redirect
 	// request to error.html. Not required if one of the siblings is present. Can
 	// be present only if ReplaceKeyPrefixWith is not provided.
 	//
 	// Replacement must be made for object keys containing special characters (such
 	// as carriage returns) when using XML requests. For more information, see XML
 	// related object key constraints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints).
 	ReplaceKeyWith *string `type:"string"`
 }
@ -31529,6 +31626,10 @@ type ReplicationRule struct {
 	// the rule applies. The maximum prefix length is 1,024 characters. To include
 	// all objects in a bucket, specify an empty string.
 	//
 	// Replacement must be made for object keys containing special characters (such
 	// as carriage returns) when using XML requests. For more information, see XML
 	// related object key constraints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints).
 	//
 	// Deprecated: Prefix has been deprecated
 	Prefix *string `deprecated:"true" type:"string"`
@ -31737,6 +31838,10 @@ type ReplicationRuleFilter struct {
 	// An object key name prefix that identifies the subset of objects to which
 	// the rule applies.
 	//
 	// Replacement must be made for object keys containing special characters (such
 	// as carriage returns) when using XML requests. For more information, see XML
 	// related object key constraints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints).
 	Prefix *string `type:"string"`
 	// A container for specifying a tag key and value.
@ -32332,6 +32437,10 @@ type Rule struct {
 	// Object key prefix that identifies one or more objects to which this rule
 	// applies.
 	//
 	// Replacement must be made for object keys containing special characters (such
 	// as carriage returns) when using XML requests. For more information, see XML
 	// related object key constraints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints).
 	//
 	// Prefix is a required field
 	Prefix *string `type:"string" required:"true"`
--- a/vendor/github.com/golang/snappy/decode_arm64.s
+++ b/vendor/github.com/golang/snappy/decode_arm64.s
@ -70,7 +70,7 @@ loop:
 	// x := uint32(src[s] >> 2)
 	// switch
 	MOVW $60, R1
-	ADD  R4>>2, ZR, R4
+	LSRW $2, R4, R4
 	CMPW R4, R1
 	BLS  tagLit60Plus
@ -111,13 +111,12 @@ doLit:
 	// is contiguous in memory and so it needs to leave enough source bytes to
 	// read the next tag without refilling buffers, but Go's Decode assumes
 	// contiguousness (the src argument is a []byte).
-	MOVD $16, R1
+	CMP $16, R4
-	CMP  R1, R4
+	BGT callMemmove
-	BGT  callMemmove
+	CMP $16, R2
-	CMP  R1, R2
+	BLT callMemmove
-	BLT  callMemmove
+	CMP $16, R3
-	CMP  R1, R3
+	BLT callMemmove
 	BLT  callMemmove
 	// !!! Implement the copy from src to dst as a 16-byte load and store.
 	// (Decode's documentation says that dst and src must not overlap.)
@ -130,9 +129,8 @@ doLit:
 	// Note that on arm64, it is legal and cheap to issue unaligned 8-byte or
 	// 16-byte loads and stores. This technique probably wouldn't be as
 	// effective on architectures that are fussier about alignment.
-
+	LDP 0(R6), (R14, R15)
-	VLD1 0(R6), [V0.B16]
+	STP (R14, R15), 0(R7)
 	VST1 [V0.B16], 0(R7)
 	// d += length
 	// s += length
@ -210,8 +208,7 @@ tagLit61:
 	B     doLit
 tagLit62Plus:
-	MOVW $62, R1
+	CMPW $62, R4
 	CMPW R1, R4
 	BHI  tagLit63
 	// case x == 62:
@ -273,10 +270,9 @@ tagCopy:
 	// We have a copy tag. We assume that:
 	//	- R3 == src[s] & 0x03
 	//	- R4 == src[s]
-	MOVD $2, R1
+	CMP $2, R3
-	CMP  R1, R3
+	BEQ tagCopy2
-	BEQ  tagCopy2
+	BGT tagCopy4
 	BGT  tagCopy4
 	// case tagCopy1:
 	// s += 2
@ -346,13 +342,11 @@ doCopy:
 	// }
 	// copy 16 bytes
 	// d += length
-	MOVD $16, R1
+	CMP  $16, R4
 	MOVD $8, R0
 	CMP  R1, R4
 	BGT  slowForwardCopy
-	CMP  R0, R5
+	CMP  $8, R5
 	BLT  slowForwardCopy
-	CMP  R1, R14
+	CMP  $16, R14
 	BLT  slowForwardCopy
 	MOVD 0(R15), R2
 	MOVD R2, 0(R7)
@ -426,8 +420,7 @@ makeOffsetAtLeast8:
 	//   // The two previous lines together means that d-offset, and therefore
 	//   // R15, is unchanged.
 	// }
-	MOVD $8, R1
+	CMP  $8, R5
 	CMP  R1, R5
 	BGE  fixUpSlowForwardCopy
 	MOVD (R15), R3
 	MOVD R3, (R7)
@ -477,9 +470,7 @@ verySlowForwardCopy:
 	ADD  $1, R15, R15
 	ADD  $1, R7, R7
 	SUB  $1, R4, R4
-	MOVD $0, R1
+	CBNZ R4, verySlowForwardCopy
 	CMP  R1, R4
 	BNE  verySlowForwardCopy
 	B    loop
 	// The code above handles copy tags.
--- a/vendor/github.com/golang/snappy/encode_arm64.s
+++ b/vendor/github.com/golang/snappy/encode_arm64.s
@ -35,11 +35,9 @@ TEXT ·emitLiteral(SB), NOSPLIT, $32-56
 	MOVW R3, R4
 	SUBW $1, R4, R4
-	MOVW $60, R2
+	CMPW $60, R4
 	CMPW R2, R4
 	BLT  oneByte
-	MOVW $256, R2
+	CMPW $256, R4
 	CMPW R2, R4
 	BLT  twoBytes
 threeBytes:
@ -98,8 +96,7 @@ TEXT ·emitCopy(SB), NOSPLIT, $0-48
 loop0:
 	// for length >= 68 { etc }
-	MOVW $68, R2
+	CMPW $68, R3
 	CMPW R2, R3
 	BLT  step1
 	// Emit a length 64 copy, encoded as 3 bytes.
@ -112,9 +109,8 @@ loop0:
 step1:
 	// if length > 64 { etc }
-	MOVD $64, R2
+	CMP $64, R3
-	CMP  R2, R3
+	BLE step2
 	BLE  step2
 	// Emit a length 60 copy, encoded as 3 bytes.
 	MOVD $0xee, R2
@ -125,11 +121,9 @@ step1:
 step2:
 	// if length >= 12 || offset >= 2048 { goto step3 }
-	MOVD $12, R2
+	CMP  $12, R3
 	CMP  R2, R3
 	BGE  step3
-	MOVW $2048, R2
+	CMPW $2048, R11
 	CMPW R2, R11
 	BGE  step3
 	// Emit the remaining copy, encoded as 2 bytes.
@ -295,27 +289,24 @@ varTable:
 	// var table [maxTableSize]uint16
 	//
 	// In the asm code, unlike the Go code, we can zero-initialize only the
-	// first tableSize elements. Each uint16 element is 2 bytes and each VST1
+	// first tableSize elements. Each uint16 element is 2 bytes and each
-	// writes 64 bytes, so we can do only tableSize/32 writes instead of the
+	// iterations writes 64 bytes, so we can do only tableSize/32 writes
-	// 2048 writes that would zero-initialize all of table's 32768 bytes.
+	// instead of the 2048 writes that would zero-initialize all of table's
-	// This clear could overrun the first tableSize elements, but it won't
+	// 32768 bytes. This clear could overrun the first tableSize elements, but
-	// overrun the allocated stack size.
+	// it won't overrun the allocated stack size.
 	ADD  $128, RSP, R17
 	MOVD R17, R4
 	// !!! R6 = &src[tableSize]
 	ADD R6<<1, R17, R6
 	// zero the SIMD registers
 	VEOR V0.B16, V0.B16, V0.B16
 	VEOR V1.B16, V1.B16, V1.B16
 	VEOR V2.B16, V2.B16, V2.B16
 	VEOR V3.B16, V3.B16, V3.B16
 memclr:
-	VST1.P [V0.B16, V1.B16, V2.B16, V3.B16], 64(R4)
+	STP.P (ZR, ZR), 64(R4)
-	CMP    R4, R6
+	STP   (ZR, ZR), -48(R4)
-	BHI    memclr
+	STP   (ZR, ZR), -32(R4)
 	STP   (ZR, ZR), -16(R4)
 	CMP   R4, R6
 	BHI   memclr
 	// !!! R6 = &src[0]
 	MOVD R7, R6
@ -404,8 +395,7 @@ fourByteMatch:
 	// on inputMargin in encode.go.
 	MOVD R7, R3
 	SUB  R10, R3, R3
-	MOVD $16, R2
+	CMP  $16, R3
 	CMP  R2, R3
 	BLE  emitLiteralFastPath
 	// ----------------------------------------
@ -454,18 +444,21 @@ inlineEmitLiteralMemmove:
 	MOVD R3, 24(RSP)
 	// Finish the "d +=" part of "d += emitLiteral(etc)".
-	ADD  R3, R8, R8
+	ADD   R3, R8, R8
-	MOVD R7, 80(RSP)
+	MOVD  R7, 80(RSP)
-	MOVD R8, 88(RSP)
+	MOVD  R8, 88(RSP)
-	MOVD R15, 120(RSP)
+	MOVD  R15, 120(RSP)
-	CALL runtime·memmove(SB)
+	CALL  runtime·memmove(SB)
-	MOVD 64(RSP), R5
+	MOVD  64(RSP), R5
-	MOVD 72(RSP), R6
+	MOVD  72(RSP), R6
-	MOVD 80(RSP), R7
+	MOVD  80(RSP), R7
-	MOVD 88(RSP), R8
+	MOVD  88(RSP), R8
-	MOVD 96(RSP), R9
+	MOVD  96(RSP), R9
-	MOVD 120(RSP), R15
+	MOVD  120(RSP), R15
-	B    inner1
+	ADD   $128, RSP, R17
 	MOVW  $0xa7bd, R16
 	MOVKW $(0x1e35<<16), R16
 	B     inner1
 inlineEmitLiteralEnd:
 	// End inline of the emitLiteral call.
@ -489,9 +482,9 @@ emitLiteralFastPath:
 	// Note that on arm64, it is legal and cheap to issue unaligned 8-byte or
 	// 16-byte loads and stores. This technique probably wouldn't be as
 	// effective on architectures that are fussier about alignment.
-	VLD1 0(R10), [V0.B16]
+	LDP 0(R10), (R0, R1)
-	VST1 [V0.B16], 0(R8)
+	STP (R0, R1), 0(R8)
-	ADD  R3, R8, R8
+	ADD R3, R8, R8
 inner1:
 	// for { etc }
--- a/vendor/github.com/klauspost/compress/zstd/enc_best.go
+++ b/vendor/github.com/klauspost/compress/zstd/enc_best.go
@ -112,7 +112,7 @@ func (e *bestFastEncoder) Encode(blk *blockEnc, src []byte) {
 	// Override src
 	src = e.hist
 	sLimit := int32(len(src)) - inputMargin
-	const kSearchStrength = 12
+	const kSearchStrength = 10
 	// nextEmit is where in src the next emitLiteral should start from.
 	nextEmit := s
@ -186,9 +186,11 @@ encodeLoop:
 			best = bestOf(best, matchAt(s-offset1+1, s+1, uint32(cv>>8), 1))
 			best = bestOf(best, matchAt(s-offset2+1, s+1, uint32(cv>>8), 2))
 			best = bestOf(best, matchAt(s-offset3+1, s+1, uint32(cv>>8), 3))
-			best = bestOf(best, matchAt(s-offset1+3, s+3, uint32(cv>>24), 1))
+			if best.length > 0 {
-			best = bestOf(best, matchAt(s-offset2+3, s+3, uint32(cv>>24), 2))
+				best = bestOf(best, matchAt(s-offset1+3, s+3, uint32(cv>>24), 1))
-			best = bestOf(best, matchAt(s-offset3+3, s+3, uint32(cv>>24), 3))
+				best = bestOf(best, matchAt(s-offset2+3, s+3, uint32(cv>>24), 2))
 				best = bestOf(best, matchAt(s-offset3+3, s+3, uint32(cv>>24), 3))
 			}
 		}
 		// Load next and check...
 		e.longTable[nextHashL] = prevEntry{offset: s + e.cur, prev: candidateL.offset}
--- a/vendor/github.com/klauspost/compress/zstd/enc_fast.go
+++ b/vendor/github.com/klauspost/compress/zstd/enc_fast.go
@ -78,7 +78,7 @@ func (e *fastEncoder) Encode(blk *blockEnc, src []byte) {
 	// TEMPLATE
 	const hashLog = tableBits
 	// seems global, but would be nice to tweak.
-	const kSearchStrength = 8
+	const kSearchStrength = 7
 	// nextEmit is where in src the next emitLiteral should start from.
 	nextEmit := s
--- a/vendor/github.com/prometheus/common/model/time.go
+++ b/vendor/github.com/prometheus/common/model/time.go
@ -254,6 +254,18 @@ func (d Duration) String() string {
 	return r
 }
 // MarshalText implements the encoding.TextMarshaler interface.
 func (d *Duration) MarshalText() ([]byte, error) {
 	return []byte(d.String()), nil
 }
 // UnmarshalText implements the encoding.TextUnmarshaler interface.
 func (d *Duration) UnmarshalText(text []byte) error {
 	var err error
 	*d, err = ParseDuration(string(text))
 	return err
 }
 // MarshalYAML implements the yaml.Marshaler interface.
 func (d Duration) MarshalYAML() (interface{}, error) {
 	return d.String(), nil
--- a/vendor/golang.org/x/net/context/go17.go
+++ b/vendor/golang.org/x/net/context/go17.go
@ -2,6 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 //go:build go1.7
 // +build go1.7
 package context
--- a/vendor/golang.org/x/net/context/go19.go
+++ b/vendor/golang.org/x/net/context/go19.go
@ -2,6 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 //go:build go1.9
 // +build go1.9
 package context
--- a/vendor/golang.org/x/net/context/pre_go17.go
+++ b/vendor/golang.org/x/net/context/pre_go17.go
@ -2,6 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 //go:build !go1.7
 // +build !go1.7
 package context
--- a/vendor/golang.org/x/net/context/pre_go19.go
+++ b/vendor/golang.org/x/net/context/pre_go19.go
@ -2,6 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 //go:build !go1.9
 // +build !go1.9
 package context
--- a/vendor/golang.org/x/net/http2/go111.go
+++ b/vendor/golang.org/x/net/http2/go111.go
@ -2,6 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 //go:build go1.11
 // +build go1.11
 package http2
--- a/vendor/golang.org/x/net/http2/not_go111.go
+++ b/vendor/golang.org/x/net/http2/not_go111.go
@ -2,6 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 //go:build !go1.11
 // +build !go1.11
 package http2
--- a/vendor/golang.org/x/net/http2/server.go
+++ b/vendor/golang.org/x/net/http2/server.go
@ -1293,7 +1293,9 @@ func (sc *serverConn) startGracefulShutdown() {
 	sc.shutdownOnce.Do(func() { sc.sendServeMsg(gracefulShutdownMsg) })
 }
-// After sending GOAWAY, the connection will close after goAwayTimeout.
+// After sending GOAWAY with an error code (non-graceful shutdown), the
 // connection will close after goAwayTimeout.
 //
 // If we close the connection immediately after sending GOAWAY, there may
 // be unsent data in our kernel receive buffer, which will cause the kernel
 // to send a TCP RST on close() instead of a FIN. This RST will abort the
@ -1629,23 +1631,37 @@ func (sc *serverConn) processSettingInitialWindowSize(val uint32) error {
 func (sc *serverConn) processData(f *DataFrame) error {
 	sc.serveG.check()
-	if sc.inGoAway && sc.goAwayCode != ErrCodeNo {
+	id := f.Header().StreamID
 	if sc.inGoAway && (sc.goAwayCode != ErrCodeNo || id > sc.maxClientStreamID) {
 		// Discard all DATA frames if the GOAWAY is due to an
 		// error, or:
 		//
 		// Section 6.8: After sending a GOAWAY frame, the sender
 		// can discard frames for streams initiated by the
 		// receiver with identifiers higher than the identified
 		// last stream.
 		return nil
 	}
 	data := f.Data()
-	// "If a DATA frame is received whose stream is not in "open"
+	data := f.Data()
 	// or "half closed (local)" state, the recipient MUST respond
 	// with a stream error (Section 5.4.2) of type STREAM_CLOSED."
 	id := f.Header().StreamID
 	state, st := sc.state(id)
 	if id == 0 || state == stateIdle {
 		// Section 6.1: "DATA frames MUST be associated with a
 		// stream. If a DATA frame is received whose stream
 		// identifier field is 0x0, the recipient MUST respond
 		// with a connection error (Section 5.4.1) of type
 		// PROTOCOL_ERROR."
 		//
 		// Section 5.1: "Receiving any frame other than HEADERS
 		// or PRIORITY on a stream in this state MUST be
 		// treated as a connection error (Section 5.4.1) of
 		// type PROTOCOL_ERROR."
 		return ConnectionError(ErrCodeProtocol)
 	}
 	// "If a DATA frame is received whose stream is not in "open"
 	// or "half closed (local)" state, the recipient MUST respond
 	// with a stream error (Section 5.4.2) of type STREAM_CLOSED."
 	if st == nil || state != stateOpen || st.gotTrailerHeader || st.resetQueued {
 		// This includes sending a RST_STREAM if the stream is
 		// in stateHalfClosedLocal (which currently means that
--- a/vendor/golang.org/x/net/idna/idna10.0.0.go
+++ b/vendor/golang.org/x/net/idna/idna10.0.0.go
@ -4,6 +4,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 //go:build go1.10
 // +build go1.10
 // Package idna implements IDNA2008 using the compatibility processing
--- a/vendor/golang.org/x/net/idna/idna9.0.0.go
+++ b/vendor/golang.org/x/net/idna/idna9.0.0.go
@ -4,6 +4,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 //go:build !go1.10
 // +build !go1.10
 // Package idna implements IDNA2008 using the compatibility processing
--- a/vendor/golang.org/x/net/idna/tables10.0.0.go
+++ b/vendor/golang.org/x/net/idna/tables10.0.0.go
@ -1,5 +1,6 @@
 // Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
 //go:build go1.10 && !go1.13
 // +build go1.10,!go1.13
 package idna
--- a/vendor/golang.org/x/net/idna/tables11.0.0.go
+++ b/vendor/golang.org/x/net/idna/tables11.0.0.go
@ -1,5 +1,6 @@
 // Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
 //go:build go1.13 && !go1.14
 // +build go1.13,!go1.14
 package idna
--- a/vendor/golang.org/x/net/idna/tables12.0.0.go
+++ b/vendor/golang.org/x/net/idna/tables12.0.0.go
@ -1,5 +1,6 @@
 // Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
 //go:build go1.14 && !go1.16
 // +build go1.14,!go1.16
 package idna
--- a/vendor/golang.org/x/net/idna/tables13.0.0.go
+++ b/vendor/golang.org/x/net/idna/tables13.0.0.go
@ -1,5 +1,6 @@
 // Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
 //go:build go1.16
 // +build go1.16
 package idna
--- a/vendor/golang.org/x/net/idna/tables9.0.0.go
+++ b/vendor/golang.org/x/net/idna/tables9.0.0.go
@ -1,5 +1,6 @@
 // Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
 //go:build !go1.10
 // +build !go1.10
 package idna
--- a/vendor/golang.org/x/oauth2/google/appengine_gen1.go
+++ b/vendor/golang.org/x/oauth2/google/appengine_gen1.go
@ -2,6 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 //go:build appengine
 // +build appengine
 // This file applies to App Engine first generation runtimes (<= Go 1.9).
--- a/vendor/golang.org/x/oauth2/google/appengine_gen2_flex.go
+++ b/vendor/golang.org/x/oauth2/google/appengine_gen2_flex.go
@ -2,6 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 //go:build !appengine
 // +build !appengine
 // This file applies to App Engine second generation runtimes (>= Go 1.11) and App Engine flexible.
--- a/vendor/golang.org/x/oauth2/google/default.go
+++ b/vendor/golang.org/x/oauth2/google/default.go
@ -21,6 +21,10 @@ import (
 // Credentials holds Google credentials, including "Application Default Credentials".
 // For more details, see:
 // https://developers.google.com/accounts/docs/application-default-credentials
 // Credentials from external accounts (workload identity federation) are used to
 // identify a particular application from an on-prem or non-Google Cloud platform
 // including Amazon Web Services (AWS), Microsoft Azure or any identity provider
 // that supports OpenID Connect (OIDC).
 type Credentials struct {
 	ProjectID   string // may be empty
 	TokenSource oauth2.TokenSource
@ -65,6 +69,10 @@ func DefaultTokenSource(ctx context.Context, scope ...string) (oauth2.TokenSourc
 //
 //   1. A JSON file whose path is specified by the
 //      GOOGLE_APPLICATION_CREDENTIALS environment variable.
 //      For workload identity federation, refer to
 //      https://cloud.google.com/iam/docs/how-to#using-workload-identity-federation on
 //      how to generate the JSON configuration file for on-prem/non-Google cloud
 //      platforms.
 //   2. A JSON file in a location known to the gcloud command-line tool.
 //      On Windows, this is %APPDATA%/gcloud/application_default_credentials.json.
 //      On other systems, $HOME/.config/gcloud/application_default_credentials.json.
@ -119,8 +127,10 @@ func FindDefaultCredentials(ctx context.Context, scopes ...string) (*Credentials
 // CredentialsFromJSON obtains Google credentials from a JSON value. The JSON can
 // represent either a Google Developers Console client_credentials.json file (as in
-// ConfigFromJSON) or a Google Developers service account key file (as in
+// ConfigFromJSON), a Google Developers service account key file (as in
-// JWTConfigFromJSON).
+// JWTConfigFromJSON) or the JSON configuration file for workload identity federation
 // in non-Google cloud platforms (see
 // https://cloud.google.com/iam/docs/how-to#using-workload-identity-federation).
 func CredentialsFromJSON(ctx context.Context, jsonData []byte, scopes ...string) (*Credentials, error) {
 	var f credentialsFile
 	if err := json.Unmarshal(jsonData, &f); err != nil {
--- a/vendor/golang.org/x/oauth2/google/doc.go
+++ b/vendor/golang.org/x/oauth2/google/doc.go
@ -4,13 +4,16 @@
 // Package google provides support for making OAuth2 authorized and authenticated
 // HTTP requests to Google APIs. It supports the Web server flow, client-side
-// credentials, service accounts, Google Compute Engine service accounts, and Google
+// credentials, service accounts, Google Compute Engine service accounts, Google
-// App Engine service accounts.
+// App Engine service accounts and workload identity federation from non-Google
 // cloud platforms.
 //
 // A brief overview of the package follows. For more information, please read
 // https://developers.google.com/accounts/docs/OAuth2
 // and
 // https://developers.google.com/accounts/docs/application-default-credentials.
 // For more information on using workload identity federation, refer to
 // https://cloud.google.com/iam/docs/how-to#using-workload-identity-federation.
 //
 // OAuth2 Configs
 //
@ -19,6 +22,35 @@
 // the other by JWTConfigFromJSON. The returned Config can be used to obtain a TokenSource or
 // create an http.Client.
 //
 // Workload Identity Federation
 //
 // Using workload identity federation, your application can access Google Cloud
 // resources from Amazon Web Services (AWS), Microsoft Azure or any identity
 // provider that supports OpenID Connect (OIDC).
 // Traditionally, applications running outside Google Cloud have used service
 // account keys to access Google Cloud resources. Using identity federation,
 // you can allow your workload to impersonate a service account.
 // This lets you access Google Cloud resources directly, eliminating the
 // maintenance and security burden associated with service account keys.
 //
 // Follow the detailed instructions on how to configure Workload Identity Federation
 // in various platforms:
 //
 //   Amazon Web Services (AWS): https://cloud.google.com/iam/docs/access-resources-aws
 //   Microsoft Azure: https://cloud.google.com/iam/docs/access-resources-azure
 //   OIDC identity provider: https://cloud.google.com/iam/docs/access-resources-oidc
 //
 // For OIDC providers, the library can retrieve OIDC tokens either from a
 // local file location (file-sourced credentials) or from a local server
 // (URL-sourced credentials).
 // For file-sourced credentials, a background process needs to be continuously
 // refreshing the file location with a new OIDC token prior to expiration.
 // For tokens with one hour lifetimes, the token needs to be updated in the file
 // every hour. The token can be stored directly as plain text or in JSON format.
 // For URL-sourced credentials, a local server needs to host a GET endpoint to
 // return the OIDC token. The response can be in plain text or JSON.
 // Additional required request headers can also be specified.
 //
 //
 // Credentials
 //
@ -29,6 +61,13 @@
 // FindDefaultCredentials looks in some well-known places for a credentials file, and
 // will call AppEngineTokenSource or ComputeTokenSource as needed.
 //
 // Application Default Credentials also support workload identity federation to
 // access Google Cloud resources from non-Google Cloud platforms including Amazon
 // Web Services (AWS), Microsoft Azure or any identity provider that supports
 // OpenID Connect (OIDC). Workload identity federation is recommended for
 // non-Google Cloud environments as it avoids the need to download, manage and
 // store service account private keys locally.
 //
 // DefaultClient and DefaultTokenSource are convenience methods. They first call FindDefaultCredentials,
 // then use the credentials to construct an http.Client or an oauth2.TokenSource.
 //
--- a/vendor/golang.org/x/oauth2/google/internal/externalaccount/basecredentials.go
+++ b/vendor/golang.org/x/oauth2/google/internal/externalaccount/basecredentials.go
@ -45,7 +45,7 @@ func (c *Config) TokenSource(ctx context.Context) oauth2.TokenSource {
 		ctx:    ctx,
 		url:    c.ServiceAccountImpersonationURL,
 		scopes: scopes,
-		ts: oauth2.ReuseTokenSource(nil, ts),
+		ts:     oauth2.ReuseTokenSource(nil, ts),
 	}
 	return oauth2.ReuseTokenSource(nil, imp)
 }
@ -124,7 +124,7 @@ func (ts tokenSource) Token() (*oauth2.Token, error) {
 	if err != nil {
 		return nil, err
 	}
-	stsRequest := STSTokenExchangeRequest{
+	stsRequest := stsTokenExchangeRequest{
 		GrantType:          "urn:ietf:params:oauth:grant-type:token-exchange",
 		Audience:           conf.Audience,
 		Scope:              conf.Scopes,
@ -134,12 +134,12 @@ func (ts tokenSource) Token() (*oauth2.Token, error) {
 	}
 	header := make(http.Header)
 	header.Add("Content-Type", "application/x-www-form-urlencoded")
-	clientAuth := ClientAuthentication{
+	clientAuth := clientAuthentication{
 		AuthStyle:    oauth2.AuthStyleInHeader,
 		ClientID:     conf.ClientID,
 		ClientSecret: conf.ClientSecret,
 	}
-	stsResp, err := ExchangeToken(ts.ctx, conf.TokenURL, &stsRequest, clientAuth, header, nil)
+	stsResp, err := exchangeToken(ts.ctx, conf.TokenURL, &stsRequest, clientAuth, header, nil)
 	if err != nil {
 		return nil, err
 	}
--- a/vendor/golang.org/x/oauth2/google/internal/externalaccount/clientauth.go
+++ b/vendor/golang.org/x/oauth2/google/internal/externalaccount/clientauth.go
@ -11,15 +11,15 @@ import (
 	"net/url"
 )
-// ClientAuthentication represents an OAuth client ID and secret and the mechanism for passing these credentials as stated in rfc6749#2.3.1.
+// clientAuthentication represents an OAuth client ID and secret and the mechanism for passing these credentials as stated in rfc6749#2.3.1.
-type ClientAuthentication struct {
+type clientAuthentication struct {
 	// AuthStyle can be either basic or request-body
 	AuthStyle    oauth2.AuthStyle
 	ClientID     string
 	ClientSecret string
 }
-func (c *ClientAuthentication) InjectAuthentication(values url.Values, headers http.Header) {
+func (c *clientAuthentication) InjectAuthentication(values url.Values, headers http.Header) {
 	if c.ClientID == "" || c.ClientSecret == "" || values == nil || headers == nil {
 		return
 	}
--- a/vendor/golang.org/x/oauth2/google/internal/externalaccount/sts_exchange.go
+++ b/vendor/golang.org/x/oauth2/google/internal/externalaccount/sts_exchange.go
@ -18,11 +18,11 @@ import (
 	"golang.org/x/oauth2"
 )
-// ExchangeToken performs an oauth2 token exchange with the provided endpoint.
+// exchangeToken performs an oauth2 token exchange with the provided endpoint.
 // The first 4 fields are all mandatory.  headers can be used to pass additional
 // headers beyond the bare minimum required by the token exchange.  options can
 // be used to pass additional JSON-structured options to the remote server.
-func ExchangeToken(ctx context.Context, endpoint string, request *STSTokenExchangeRequest, authentication ClientAuthentication, headers http.Header, options map[string]interface{}) (*STSTokenExchangeResponse, error) {
+func exchangeToken(ctx context.Context, endpoint string, request *stsTokenExchangeRequest, authentication clientAuthentication, headers http.Header, options map[string]interface{}) (*stsTokenExchangeResponse, error) {
 	client := oauth2.NewClient(ctx, nil)
@ -68,7 +68,7 @@ func ExchangeToken(ctx context.Context, endpoint string, request *STSTokenExchan
 	if c := resp.StatusCode; c < 200 || c > 299 {
 		return nil, fmt.Errorf("oauth2/google: status code %d: %s", c, body)
 	}
-	var stsResp STSTokenExchangeResponse
+	var stsResp stsTokenExchangeResponse
 	err = json.Unmarshal(body, &stsResp)
 	if err != nil {
 		return nil, fmt.Errorf("oauth2/google: failed to unmarshal response body from Secure Token Server: %v", err)
@ -78,8 +78,8 @@ func ExchangeToken(ctx context.Context, endpoint string, request *STSTokenExchan
 	return &stsResp, nil
 }
-// STSTokenExchangeRequest contains fields necessary to make an oauth2 token exchange.
+// stsTokenExchangeRequest contains fields necessary to make an oauth2 token exchange.
-type STSTokenExchangeRequest struct {
+type stsTokenExchangeRequest struct {
 	ActingParty struct {
 		ActorToken     string
 		ActorTokenType string
@ -93,8 +93,8 @@ type STSTokenExchangeRequest struct {
 	SubjectTokenType   string
 }
-// STSTokenExchangeResponse is used to decode the remote server response during an oauth2 token exchange.
+// stsTokenExchangeResponse is used to decode the remote server response during an oauth2 token exchange.
-type STSTokenExchangeResponse struct {
+type stsTokenExchangeResponse struct {
 	AccessToken     string `json:"access_token"`
 	IssuedTokenType string `json:"issued_token_type"`
 	TokenType       string `json:"token_type"`
--- a/vendor/golang.org/x/oauth2/internal/client_appengine.go
+++ b/vendor/golang.org/x/oauth2/internal/client_appengine.go
@ -2,6 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 //go:build appengine
 // +build appengine
 package internal
--- a/vendor/golang.org/x/sys/unix/aliases.go
+++ b/vendor/golang.org/x/sys/unix/aliases.go
@ -2,7 +2,8 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
-// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris
+//go:build (aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos) && go1.9
 // +build aix darwin dragonfly freebsd linux netbsd openbsd solaris zos
 // +build go1.9
 package unix
--- a/vendor/golang.org/x/sys/unix/asm_zos_s390x.s
+++ b/vendor/golang.org/x/sys/unix/asm_zos_s390x.s
@ -0,0 +1,426 @@
 // Copyright 2020 The Go Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 //go:build zos && s390x && gc
 // +build zos
 // +build s390x
 // +build gc
 #include "textflag.h"
 #define PSALAA            1208(R0)
 #define GTAB64(x)           80(x)
 #define LCA64(x)            88(x)
 #define CAA(x)               8(x)
 #define EDCHPXV(x)        1016(x)       // in the CAA
 #define SAVSTACK_ASYNC(x)  336(x)       // in the LCA
 // SS_*, where x=SAVSTACK_ASYNC
 #define SS_LE(x)             0(x)
 #define SS_GO(x)             8(x)
 #define SS_ERRNO(x)         16(x)
 #define SS_ERRNOJR(x)       20(x)
 #define LE_CALL BYTE $0x0D; BYTE $0x76; // BL R7, R6
 TEXT ·clearErrno(SB),NOSPLIT,$0-0
 	BL	addrerrno<>(SB)
 	MOVD	$0, 0(R3)
 	RET
 // Returns the address of errno in R3.
 TEXT addrerrno<>(SB),NOSPLIT|NOFRAME,$0-0
 	// Get library control area (LCA).
 	MOVW	PSALAA, R8
 	MOVD	LCA64(R8), R8
 	// Get __errno FuncDesc.
 	MOVD	CAA(R8), R9
 	MOVD	EDCHPXV(R9), R9
 	ADD	$(0x156*16), R9
 	LMG	0(R9), R5, R6
 	// Switch to saved LE stack.
 	MOVD	SAVSTACK_ASYNC(R8), R9
 	MOVD	0(R9), R4
 	MOVD	$0, 0(R9)
 	// Call __errno function.
 	LE_CALL
 	NOPH
 	// Switch back to Go stack.
 	XOR	R0, R0      // Restore R0 to $0.
 	MOVD	R4, 0(R9)   // Save stack pointer.
 	RET
 TEXT ·syscall_syscall(SB),NOSPLIT,$0-56
 	BL	runtime·entersyscall(SB)
 	MOVD	a1+8(FP), R1
 	MOVD	a2+16(FP), R2
 	MOVD	a3+24(FP), R3
 	// Get library control area (LCA).
 	MOVW	PSALAA, R8
 	MOVD	LCA64(R8), R8
 	// Get function.
 	MOVD	CAA(R8), R9
 	MOVD	EDCHPXV(R9), R9
 	MOVD	trap+0(FP), R5
 	SLD	$4, R5
 	ADD	R5, R9
 	LMG	0(R9), R5, R6
 	// Restore LE stack.
 	MOVD	SAVSTACK_ASYNC(R8), R9
 	MOVD	0(R9), R4
 	MOVD	$0, 0(R9)
 	// Call function.
 	LE_CALL
 	NOPH
 	XOR	R0, R0      // Restore R0 to $0.
 	MOVD	R4, 0(R9)   // Save stack pointer.
 	MOVD	R3, r1+32(FP)
 	MOVD	R0, r2+40(FP)
 	MOVD	R0, err+48(FP)
 	MOVW	R3, R4
 	CMP	R4, $-1
 	BNE	done
 	BL	addrerrno<>(SB)
 	MOVWZ	0(R3), R3
 	MOVD	R3, err+48(FP)
 done:
 	BL	runtime·exitsyscall(SB)
 	RET
 TEXT ·syscall_rawsyscall(SB),NOSPLIT,$0-56
 	MOVD	a1+8(FP), R1
 	MOVD	a2+16(FP), R2
 	MOVD	a3+24(FP), R3
 	// Get library control area (LCA).
 	MOVW	PSALAA, R8
 	MOVD	LCA64(R8), R8
 	// Get function.
 	MOVD	CAA(R8), R9
 	MOVD	EDCHPXV(R9), R9
 	MOVD	trap+0(FP), R5
 	SLD	$4, R5
 	ADD	R5, R9
 	LMG	0(R9), R5, R6
 	// Restore LE stack.
 	MOVD	SAVSTACK_ASYNC(R8), R9
 	MOVD	0(R9), R4
 	MOVD	$0, 0(R9)
 	// Call function.
 	LE_CALL
 	NOPH
 	XOR	R0, R0      // Restore R0 to $0.
 	MOVD	R4, 0(R9)   // Save stack pointer.
 	MOVD	R3, r1+32(FP)
 	MOVD	R0, r2+40(FP)
 	MOVD	R0, err+48(FP)
 	MOVW	R3, R4
 	CMP	R4, $-1
 	BNE	done
 	BL	addrerrno<>(SB)
 	MOVWZ	0(R3), R3
 	MOVD	R3, err+48(FP)
 done:
 	RET
 TEXT ·syscall_syscall6(SB),NOSPLIT,$0-80
 	BL	runtime·entersyscall(SB)
 	MOVD	a1+8(FP), R1
 	MOVD	a2+16(FP), R2
 	MOVD	a3+24(FP), R3
 	// Get library control area (LCA).
 	MOVW	PSALAA, R8
 	MOVD	LCA64(R8), R8
 	// Get function.
 	MOVD	CAA(R8), R9
 	MOVD	EDCHPXV(R9), R9
 	MOVD	trap+0(FP), R5
 	SLD	$4, R5
 	ADD	R5, R9
 	LMG	0(R9), R5, R6
 	// Restore LE stack.
 	MOVD	SAVSTACK_ASYNC(R8), R9
 	MOVD	0(R9), R4
 	MOVD	$0, 0(R9)
 	// Fill in parameter list.
 	MOVD	a4+32(FP), R12
 	MOVD	R12, (2176+24)(R4)
 	MOVD	a5+40(FP), R12
 	MOVD	R12, (2176+32)(R4)
 	MOVD	a6+48(FP), R12
 	MOVD	R12, (2176+40)(R4)
 	// Call function.
 	LE_CALL
 	NOPH
 	XOR	R0, R0      // Restore R0 to $0.
 	MOVD	R4, 0(R9)   // Save stack pointer.
 	MOVD	R3, r1+56(FP)
 	MOVD	R0, r2+64(FP)
 	MOVD	R0, err+72(FP)
 	MOVW	R3, R4
 	CMP	R4, $-1
 	BNE	done
 	BL	addrerrno<>(SB)
 	MOVWZ	0(R3), R3
 	MOVD	R3, err+72(FP)
 done:
 	BL	runtime·exitsyscall(SB)
 	RET
 TEXT ·syscall_rawsyscall6(SB),NOSPLIT,$0-80
 	MOVD	a1+8(FP), R1
 	MOVD	a2+16(FP), R2
 	MOVD	a3+24(FP), R3
 	// Get library control area (LCA).
 	MOVW	PSALAA, R8
 	MOVD	LCA64(R8), R8
 	// Get function.
 	MOVD	CAA(R8), R9
 	MOVD	EDCHPXV(R9), R9
 	MOVD	trap+0(FP), R5
 	SLD	$4, R5
 	ADD	R5, R9
 	LMG	0(R9), R5, R6
 	// Restore LE stack.
 	MOVD	SAVSTACK_ASYNC(R8), R9
 	MOVD	0(R9), R4
 	MOVD	$0, 0(R9)
 	// Fill in parameter list.
 	MOVD	a4+32(FP), R12
 	MOVD	R12, (2176+24)(R4)
 	MOVD	a5+40(FP), R12
 	MOVD	R12, (2176+32)(R4)
 	MOVD	a6+48(FP), R12
 	MOVD	R12, (2176+40)(R4)
 	// Call function.
 	LE_CALL
 	NOPH
 	XOR	R0, R0      // Restore R0 to $0.
 	MOVD	R4, 0(R9)   // Save stack pointer.
 	MOVD	R3, r1+56(FP)
 	MOVD	R0, r2+64(FP)
 	MOVD	R0, err+72(FP)
 	MOVW	R3, R4
 	CMP	R4, $-1
 	BNE	done
 	BL	·rrno<>(SB)
 	MOVWZ	0(R3), R3
 	MOVD	R3, err+72(FP)
 done:
 	RET
 TEXT ·syscall_syscall9(SB),NOSPLIT,$0
 	BL	runtime·entersyscall(SB)
 	MOVD	a1+8(FP), R1
 	MOVD	a2+16(FP), R2
 	MOVD	a3+24(FP), R3
 	// Get library control area (LCA).
 	MOVW	PSALAA, R8
 	MOVD	LCA64(R8), R8
 	// Get function.
 	MOVD	CAA(R8), R9
 	MOVD	EDCHPXV(R9), R9
 	MOVD	trap+0(FP), R5
 	SLD	$4, R5
 	ADD	R5, R9
 	LMG	0(R9), R5, R6
 	// Restore LE stack.
 	MOVD	SAVSTACK_ASYNC(R8), R9
 	MOVD	0(R9), R4
 	MOVD	$0, 0(R9)
 	// Fill in parameter list.
 	MOVD	a4+32(FP), R12
 	MOVD	R12, (2176+24)(R4)
 	MOVD	a5+40(FP), R12
 	MOVD	R12, (2176+32)(R4)
 	MOVD	a6+48(FP), R12
 	MOVD	R12, (2176+40)(R4)
 	MOVD	a7+56(FP), R12
 	MOVD	R12, (2176+48)(R4)
 	MOVD	a8+64(FP), R12
 	MOVD	R12, (2176+56)(R4)
 	MOVD	a9+72(FP), R12
 	MOVD	R12, (2176+64)(R4)
 	// Call function.
 	LE_CALL
 	NOPH
 	XOR	R0, R0      // Restore R0 to $0.
 	MOVD	R4, 0(R9)   // Save stack pointer.
 	MOVD	R3, r1+80(FP)
 	MOVD	R0, r2+88(FP)
 	MOVD	R0, err+96(FP)
 	MOVW	R3, R4
 	CMP	R4, $-1
 	BNE	done
 	BL	addrerrno<>(SB)
 	MOVWZ	0(R3), R3
 	MOVD	R3, err+96(FP)
 done:
        BL	runtime·exitsyscall(SB)
        RET
 TEXT ·syscall_rawsyscall9(SB),NOSPLIT,$0
 	MOVD	a1+8(FP), R1
 	MOVD	a2+16(FP), R2
 	MOVD	a3+24(FP), R3
 	// Get library control area (LCA).
 	MOVW	PSALAA, R8
 	MOVD	LCA64(R8), R8
 	// Get function.
 	MOVD	CAA(R8), R9
 	MOVD	EDCHPXV(R9), R9
 	MOVD	trap+0(FP), R5
 	SLD	$4, R5
 	ADD	R5, R9
 	LMG	0(R9), R5, R6
 	// Restore LE stack.
 	MOVD	SAVSTACK_ASYNC(R8), R9
 	MOVD	0(R9), R4
 	MOVD	$0, 0(R9)
 	// Fill in parameter list.
 	MOVD	a4+32(FP), R12
 	MOVD	R12, (2176+24)(R4)
 	MOVD	a5+40(FP), R12
 	MOVD	R12, (2176+32)(R4)
 	MOVD	a6+48(FP), R12
 	MOVD	R12, (2176+40)(R4)
 	MOVD	a7+56(FP), R12
 	MOVD	R12, (2176+48)(R4)
 	MOVD	a8+64(FP), R12
 	MOVD	R12, (2176+56)(R4)
 	MOVD	a9+72(FP), R12
 	MOVD	R12, (2176+64)(R4)
 	// Call function.
 	LE_CALL
 	NOPH
 	XOR	R0, R0      // Restore R0 to $0.
 	MOVD	R4, 0(R9)   // Save stack pointer.
 	MOVD	R3, r1+80(FP)
 	MOVD	R0, r2+88(FP)
 	MOVD	R0, err+96(FP)
 	MOVW	R3, R4
 	CMP	R4, $-1
 	BNE	done
 	BL	addrerrno<>(SB)
 	MOVWZ	0(R3), R3
 	MOVD	R3, err+96(FP)
 done:
 	RET
 // func svcCall(fnptr unsafe.Pointer, argv *unsafe.Pointer, dsa *uint64)
 TEXT ·svcCall(SB),NOSPLIT,$0
 	BL	runtime·save_g(SB)   // Save g and stack pointer
 	MOVW	PSALAA, R8
 	MOVD	LCA64(R8), R8
 	MOVD	SAVSTACK_ASYNC(R8), R9
 	MOVD	R15, 0(R9)
 	MOVD	argv+8(FP), R1       // Move function arguments into registers
 	MOVD	dsa+16(FP), g
 	MOVD	fnptr+0(FP), R15
 	BYTE	$0x0D                // Branch to function
 	BYTE	$0xEF
 	BL	runtime·load_g(SB)   // Restore g and stack pointer
 	MOVW	PSALAA, R8
 	MOVD	LCA64(R8), R8
 	MOVD	SAVSTACK_ASYNC(R8), R9
 	MOVD	0(R9), R15
 	RET
 // func svcLoad(name *byte) unsafe.Pointer
 TEXT ·svcLoad(SB),NOSPLIT,$0
 	MOVD	R15, R2          // Save go stack pointer
 	MOVD	name+0(FP), R0   // Move SVC args into registers
 	MOVD	$0x80000000, R1
 	MOVD	$0, R15
 	BYTE	$0x0A            // SVC 08 LOAD
 	BYTE	$0x08
 	MOVW	R15, R3          // Save return code from SVC
 	MOVD	R2, R15          // Restore go stack pointer
 	CMP	R3, $0           // Check SVC return code
 	BNE	error
 	MOVD	$-2, R3          // Reset last bit of entry point to zero
 	AND	R0, R3
 	MOVD	R3, addr+8(FP)   // Return entry point returned by SVC
 	CMP	R0, R3           // Check if last bit of entry point was set
 	BNE	done
 	MOVD	R15, R2          // Save go stack pointer
 	MOVD	$0, R15          // Move SVC args into registers (entry point still in r0 from SVC 08)
 	BYTE	$0x0A            // SVC 09 DELETE
 	BYTE	$0x09
 	MOVD	R2, R15          // Restore go stack pointer
 error:
 	MOVD	$0, addr+8(FP)   // Return 0 on failure
 done:
 	XOR	R0, R0           // Reset r0 to 0
 	RET
 // func svcUnload(name *byte, fnptr unsafe.Pointer) int64
 TEXT ·svcUnload(SB),NOSPLIT,$0
 	MOVD	R15, R2          // Save go stack pointer
 	MOVD	name+0(FP), R0   // Move SVC args into registers
 	MOVD	addr+8(FP), R15
 	BYTE	$0x0A            // SVC 09
 	BYTE	$0x09
 	XOR	R0, R0           // Reset r0 to 0
 	MOVD	R15, R1          // Save SVC return code
 	MOVD	R2, R15          // Restore go stack pointer
 	MOVD	R1, rc+0(FP)     // Return SVC return code
 	RET
 // func gettid() uint64
 TEXT ·gettid(SB), NOSPLIT, $0
 	// Get library control area (LCA).
 	MOVW PSALAA, R8
 	MOVD LCA64(R8), R8
 	// Get CEECAATHDID
 	MOVD CAA(R8), R9
 	MOVD 0x3D0(R9), R9
 	MOVD R9, ret+0(FP)
 	RET
--- a/vendor/golang.org/x/sys/unix/cap_freebsd.go
+++ b/vendor/golang.org/x/sys/unix/cap_freebsd.go
@ -2,6 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 //go:build freebsd
 // +build freebsd
 package unix
--- a/vendor/golang.org/x/sys/unix/constants.go
+++ b/vendor/golang.org/x/sys/unix/constants.go
@ -2,7 +2,8 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
-// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris
+//go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos
 // +build aix darwin dragonfly freebsd linux netbsd openbsd solaris zos
 package unix
--- a/vendor/golang.org/x/sys/unix/dev_aix_ppc.go
+++ b/vendor/golang.org/x/sys/unix/dev_aix_ppc.go
@ -2,8 +2,8 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
-// +build aix
+//go:build aix && ppc
-// +build ppc
+// +build aix,ppc
 // Functions to access/create device major and minor numbers matching the
 // encoding used by AIX.
--- a/vendor/golang.org/x/sys/unix/dev_aix_ppc64.go
+++ b/vendor/golang.org/x/sys/unix/dev_aix_ppc64.go
@ -2,8 +2,8 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
-// +build aix
+//go:build aix && ppc64
-// +build ppc64
+// +build aix,ppc64
 // Functions to access/create device major and minor numbers matching the
 // encoding used AIX.
--- a/Show more
+++ b/Show more