Update module github.com/prometheus/client_golang to v1.19.1

2024-06-04 20:15:03 +00:00
10 changed files with 246 additions and 626 deletions
--- a/go.mod
+++ b/go.mod
@@ -6,10 +6,10 @@ require (
 	github.com/genuinetools/amicontained v0.4.3
 	github.com/ibm-messaging/mq-golang v2.0.0+incompatible
 	github.com/prometheus/client_golang v1.19.1
-	github.com/prometheus/client_model v0.6.1
+	github.com/prometheus/client_model v0.5.0
 	golang.org/x/crypto v0.24.0
 	golang.org/x/sys v0.21.0
-	software.sslmate.com/src/go-pkcs12 v0.4.0
+	software.sslmate.com/src/go-pkcs12 v0.0.0-20200830195227-52f69702a001
 )
 require (
--- a/go.sum
+++ b/go.sum
@@ -35,7 +35,6 @@ github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvq
 github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
 github.com/golang/protobuf v1.4.3 h1:JjCZWpVbqXDqFVmTfYWEVTMIYrL/NPdPSCHPJ0T/raM=
 github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
 github.com/golang/protobuf v1.5.0 h1:LUVKkCeviFUMKqHa4tXIIij/lbhnMbP7Fn5wKdKkRh4=
 github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
 github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
 github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
@@ -82,8 +81,8 @@ github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:
 github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
 github.com/prometheus/client_model v0.2.0 h1:uq5h0d+GuxiXLJLNABMgp2qUWDPiLvgCzz2dUR+/W/M=
 github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
-github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E=
+github.com/prometheus/client_model v0.5.0 h1:VQw1hfvPvk3Uv6Qf29VrPF32JB6rtbgI6cYPYQjL0Qw=
-github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY=
+github.com/prometheus/client_model v0.5.0/go.mod h1:dTiFglRmd66nLR9Pv9f0mZi7B7fk5Pm3gvsjB5tr+kI=
 github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
 github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo=
 github.com/prometheus/common v0.26.0 h1:iMAkS2TDoNWnKM+Kopnx/8tnEStIfpYA0ur0xQzzhMQ=
@@ -167,5 +166,3 @@ gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 software.sslmate.com/src/go-pkcs12 v0.0.0-20200830195227-52f69702a001 h1:AVd6O+azYjVQYW1l55IqkbL8/JxjrLtO6q4FCmV8N5c=
 software.sslmate.com/src/go-pkcs12 v0.0.0-20200830195227-52f69702a001/go.mod h1:/xvNRWUqm0+/ZMiF4EX00vrSCMsE4/NHb+Pt3freEeQ=
 software.sslmate.com/src/go-pkcs12 v0.4.0 h1:H2g08FrTvSFKUj+D309j1DPfk5APnIdAQAB8aEykJ5k=
 software.sslmate.com/src/go-pkcs12 v0.4.0/go.mod h1:Qiz0EyvDRJjjxGyUQa2cCNZn/wMyzrRJ/qcDXOQazLI=
--- a/vendor/github.com/prometheus/client_model/go/metrics.pb.go
+++ b/vendor/github.com/prometheus/client_model/go/metrics.pb.go
@@ -483,8 +483,6 @@ type Histogram struct {
 	// histograms.
 	PositiveDelta []int64   `protobuf:"zigzag64,13,rep,name=positive_delta,json=positiveDelta" json:"positive_delta,omitempty"` // Count delta of each bucket compared to previous one (or to zero for 1st bucket).
 	PositiveCount []float64 `protobuf:"fixed64,14,rep,name=positive_count,json=positiveCount" json:"positive_count,omitempty"`  // Absolute count of each bucket.
 	// Only used for native histograms. These exemplars MUST have a timestamp.
 	Exemplars []*Exemplar `protobuf:"bytes,16,rep,name=exemplars" json:"exemplars,omitempty"`
 }
 func (x *Histogram) Reset() {
@@ -624,13 +622,6 @@ func (x *Histogram) GetPositiveCount() []float64 {
 	return nil
 }
 func (x *Histogram) GetExemplars() []*Exemplar {
 	if x != nil {
 		return x.Exemplars
 	}
 	return nil
 }
 // A Bucket of a conventional histogram, each of which is treated as
 // an individual counter-like time series by Prometheus.
 type Bucket struct {
@@ -932,7 +923,6 @@ type MetricFamily struct {
 	Help   *string     `protobuf:"bytes,2,opt,name=help" json:"help,omitempty"`
 	Type   *MetricType `protobuf:"varint,3,opt,name=type,enum=io.prometheus.client.MetricType" json:"type,omitempty"`
 	Metric []*Metric   `protobuf:"bytes,4,rep,name=metric" json:"metric,omitempty"`
 	Unit   *string     `protobuf:"bytes,5,opt,name=unit" json:"unit,omitempty"`
 }
 func (x *MetricFamily) Reset() {
@@ -995,13 +985,6 @@ func (x *MetricFamily) GetMetric() []*Metric {
 	return nil
 }
 func (x *MetricFamily) GetUnit() string {
 	if x != nil && x.Unit != nil {
 		return *x.Unit
 	}
 	return ""
 }
 var File_io_prometheus_client_metrics_proto protoreflect.FileDescriptor
 var file_io_prometheus_client_metrics_proto_rawDesc = []byte{
@@ -1045,7 +1028,7 @@ var file_io_prometheus_client_metrics_proto_rawDesc = []byte{
 	0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x10, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x64,
 	0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x22, 0x1f, 0x0a, 0x07, 0x55, 0x6e, 0x74,
 	0x79, 0x70, 0x65, 0x64, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x01, 0x20,
-	0x01, 0x28, 0x01, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x22, 0xea, 0x05, 0x0a, 0x09, 0x48,
+	0x01, 0x28, 0x01, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x22, 0xac, 0x05, 0x0a, 0x09, 0x48,
 	0x69, 0x73, 0x74, 0x6f, 0x67, 0x72, 0x61, 0x6d, 0x12, 0x21, 0x0a, 0x0c, 0x73, 0x61, 0x6d, 0x70,
 	0x6c, 0x65, 0x5f, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0b,
 	0x73, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x12, 0x2c, 0x0a, 0x12, 0x73,
@@ -1088,84 +1071,79 @@ var file_io_prometheus_client_metrics_proto_rawDesc = []byte{
 	0x03, 0x28, 0x12, 0x52, 0x0d, 0x70, 0x6f, 0x73, 0x69, 0x74, 0x69, 0x76, 0x65, 0x44, 0x65, 0x6c,
 	0x74, 0x61, 0x12, 0x25, 0x0a, 0x0e, 0x70, 0x6f, 0x73, 0x69, 0x74, 0x69, 0x76, 0x65, 0x5f, 0x63,
 	0x6f, 0x75, 0x6e, 0x74, 0x18, 0x0e, 0x20, 0x03, 0x28, 0x01, 0x52, 0x0d, 0x70, 0x6f, 0x73, 0x69,
-	0x74, 0x69, 0x76, 0x65, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x12, 0x3c, 0x0a, 0x09, 0x65, 0x78, 0x65,
+	0x74, 0x69, 0x76, 0x65, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x22, 0xc6, 0x01, 0x0a, 0x06, 0x42, 0x75,
-	0x6d, 0x70, 0x6c, 0x61, 0x72, 0x73, 0x18, 0x10, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1e, 0x2e, 0x69,
+	0x63, 0x6b, 0x65, 0x74, 0x12, 0x29, 0x0a, 0x10, 0x63, 0x75, 0x6d, 0x75, 0x6c, 0x61, 0x74, 0x69,
-	0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65, 0x75, 0x73, 0x2e, 0x63, 0x6c, 0x69,
+	0x76, 0x65, 0x5f, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0f,
-	0x65, 0x6e, 0x74, 0x2e, 0x45, 0x78, 0x65, 0x6d, 0x70, 0x6c, 0x61, 0x72, 0x52, 0x09, 0x65, 0x78,
+	0x63, 0x75, 0x6d, 0x75, 0x6c, 0x61, 0x74, 0x69, 0x76, 0x65, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x12,
-	0x65, 0x6d, 0x70, 0x6c, 0x61, 0x72, 0x73, 0x22, 0xc6, 0x01, 0x0a, 0x06, 0x42, 0x75, 0x63, 0x6b,
+	0x34, 0x0a, 0x16, 0x63, 0x75, 0x6d, 0x75, 0x6c, 0x61, 0x74, 0x69, 0x76, 0x65, 0x5f, 0x63, 0x6f,
-	0x65, 0x74, 0x12, 0x29, 0x0a, 0x10, 0x63, 0x75, 0x6d, 0x75, 0x6c, 0x61, 0x74, 0x69, 0x76, 0x65,
+	0x75, 0x6e, 0x74, 0x5f, 0x66, 0x6c, 0x6f, 0x61, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x01, 0x52,
-	0x5f, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0f, 0x63, 0x75,
+	0x14, 0x63, 0x75, 0x6d, 0x75, 0x6c, 0x61, 0x74, 0x69, 0x76, 0x65, 0x43, 0x6f, 0x75, 0x6e, 0x74,
-	0x6d, 0x75, 0x6c, 0x61, 0x74, 0x69, 0x76, 0x65, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x12, 0x34, 0x0a,
+	0x46, 0x6c, 0x6f, 0x61, 0x74, 0x12, 0x1f, 0x0a, 0x0b, 0x75, 0x70, 0x70, 0x65, 0x72, 0x5f, 0x62,
-	0x16, 0x63, 0x75, 0x6d, 0x75, 0x6c, 0x61, 0x74, 0x69, 0x76, 0x65, 0x5f, 0x63, 0x6f, 0x75, 0x6e,
+	0x6f, 0x75, 0x6e, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x01, 0x52, 0x0a, 0x75, 0x70, 0x70, 0x65,
-	0x74, 0x5f, 0x66, 0x6c, 0x6f, 0x61, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x01, 0x52, 0x14, 0x63,
+	0x72, 0x42, 0x6f, 0x75, 0x6e, 0x64, 0x12, 0x3a, 0x0a, 0x08, 0x65, 0x78, 0x65, 0x6d, 0x70, 0x6c,
-	0x75, 0x6d, 0x75, 0x6c, 0x61, 0x74, 0x69, 0x76, 0x65, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x46, 0x6c,
+	0x61, 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1e, 0x2e, 0x69, 0x6f, 0x2e, 0x70, 0x72,
-	0x6f, 0x61, 0x74, 0x12, 0x1f, 0x0a, 0x0b, 0x75, 0x70, 0x70, 0x65, 0x72, 0x5f, 0x62, 0x6f, 0x75,
+	0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65, 0x75, 0x73, 0x2e, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e,
-	0x6e, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x01, 0x52, 0x0a, 0x75, 0x70, 0x70, 0x65, 0x72, 0x42,
+	0x45, 0x78, 0x65, 0x6d, 0x70, 0x6c, 0x61, 0x72, 0x52, 0x08, 0x65, 0x78, 0x65, 0x6d, 0x70, 0x6c,
-	0x6f, 0x75, 0x6e, 0x64, 0x12, 0x3a, 0x0a, 0x08, 0x65, 0x78, 0x65, 0x6d, 0x70, 0x6c, 0x61, 0x72,
+	0x61, 0x72, 0x22, 0x3c, 0x0a, 0x0a, 0x42, 0x75, 0x63, 0x6b, 0x65, 0x74, 0x53, 0x70, 0x61, 0x6e,
-	0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1e, 0x2e, 0x69, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x6d,
+	0x12, 0x16, 0x0a, 0x06, 0x6f, 0x66, 0x66, 0x73, 0x65, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x11,
-	0x65, 0x74, 0x68, 0x65, 0x75, 0x73, 0x2e, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e, 0x45, 0x78,
+	0x52, 0x06, 0x6f, 0x66, 0x66, 0x73, 0x65, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x6c, 0x65, 0x6e, 0x67,
-	0x65, 0x6d, 0x70, 0x6c, 0x61, 0x72, 0x52, 0x08, 0x65, 0x78, 0x65, 0x6d, 0x70, 0x6c, 0x61, 0x72,
+	0x74, 0x68, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x06, 0x6c, 0x65, 0x6e, 0x67, 0x74, 0x68,
-	0x22, 0x3c, 0x0a, 0x0a, 0x42, 0x75, 0x63, 0x6b, 0x65, 0x74, 0x53, 0x70, 0x61, 0x6e, 0x12, 0x16,
+	0x22, 0x91, 0x01, 0x0a, 0x08, 0x45, 0x78, 0x65, 0x6d, 0x70, 0x6c, 0x61, 0x72, 0x12, 0x35, 0x0a,
 	0x0a, 0x06, 0x6f, 0x66, 0x66, 0x73, 0x65, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x11, 0x52, 0x06,
 	0x6f, 0x66, 0x66, 0x73, 0x65, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x6c, 0x65, 0x6e, 0x67, 0x74, 0x68,
 	0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x06, 0x6c, 0x65, 0x6e, 0x67, 0x74, 0x68, 0x22, 0x91,
 	0x01, 0x0a, 0x08, 0x45, 0x78, 0x65, 0x6d, 0x70, 0x6c, 0x61, 0x72, 0x12, 0x35, 0x0a, 0x05, 0x6c,
 	0x61, 0x62, 0x65, 0x6c, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x69, 0x6f, 0x2e,
 	0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65, 0x75, 0x73, 0x2e, 0x63, 0x6c, 0x69, 0x65, 0x6e,
 	0x74, 0x2e, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x50, 0x61, 0x69, 0x72, 0x52, 0x05, 0x6c, 0x61, 0x62,
 	0x65, 0x6c, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28,
 	0x01, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x38, 0x0a, 0x09, 0x74, 0x69, 0x6d, 0x65,
 	0x73, 0x74, 0x61, 0x6d, 0x70, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f,
 	0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69,
 	0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x09, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61,
 	0x6d, 0x70, 0x22, 0xff, 0x02, 0x0a, 0x06, 0x4d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x12, 0x35, 0x0a,
 	0x05, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x69,
 	0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65, 0x75, 0x73, 0x2e, 0x63, 0x6c, 0x69,
 	0x65, 0x6e, 0x74, 0x2e, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x50, 0x61, 0x69, 0x72, 0x52, 0x05, 0x6c,
-	0x61, 0x62, 0x65, 0x6c, 0x12, 0x31, 0x0a, 0x05, 0x67, 0x61, 0x75, 0x67, 0x65, 0x18, 0x02, 0x20,
+	0x61, 0x62, 0x65, 0x6c, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20,
-	0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x69, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68,
+	0x01, 0x28, 0x01, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x38, 0x0a, 0x09, 0x74, 0x69,
-	0x65, 0x75, 0x73, 0x2e, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e, 0x47, 0x61, 0x75, 0x67, 0x65,
+	0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e,
-	0x52, 0x05, 0x67, 0x61, 0x75, 0x67, 0x65, 0x12, 0x37, 0x0a, 0x07, 0x63, 0x6f, 0x75, 0x6e, 0x74,
+	0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e,
-	0x65, 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x69, 0x6f, 0x2e, 0x70, 0x72,
+	0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x09, 0x74, 0x69, 0x6d, 0x65, 0x73,
-	0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65, 0x75, 0x73, 0x2e, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e,
+	0x74, 0x61, 0x6d, 0x70, 0x22, 0xff, 0x02, 0x0a, 0x06, 0x4d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x12,
-	0x43, 0x6f, 0x75, 0x6e, 0x74, 0x65, 0x72, 0x52, 0x07, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x65, 0x72,
+	0x35, 0x0a, 0x05, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1f,
-	0x12, 0x37, 0x0a, 0x07, 0x73, 0x75, 0x6d, 0x6d, 0x61, 0x72, 0x79, 0x18, 0x04, 0x20, 0x01, 0x28,
+	0x2e, 0x69, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65, 0x75, 0x73, 0x2e, 0x63,
-	0x0b, 0x32, 0x1d, 0x2e, 0x69, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65, 0x75,
+	0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x50, 0x61, 0x69, 0x72, 0x52,
-	0x73, 0x2e, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e, 0x53, 0x75, 0x6d, 0x6d, 0x61, 0x72, 0x79,
+	0x05, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x12, 0x31, 0x0a, 0x05, 0x67, 0x61, 0x75, 0x67, 0x65, 0x18,
-	0x52, 0x07, 0x73, 0x75, 0x6d, 0x6d, 0x61, 0x72, 0x79, 0x12, 0x37, 0x0a, 0x07, 0x75, 0x6e, 0x74,
+	0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x69, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x6d, 0x65,
-	0x79, 0x70, 0x65, 0x64, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x69, 0x6f, 0x2e,
+	0x74, 0x68, 0x65, 0x75, 0x73, 0x2e, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e, 0x47, 0x61, 0x75,
 	0x67, 0x65, 0x52, 0x05, 0x67, 0x61, 0x75, 0x67, 0x65, 0x12, 0x37, 0x0a, 0x07, 0x63, 0x6f, 0x75,
 	0x6e, 0x74, 0x65, 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x69, 0x6f, 0x2e,
 	0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65, 0x75, 0x73, 0x2e, 0x63, 0x6c, 0x69, 0x65, 0x6e,
-	0x74, 0x2e, 0x55, 0x6e, 0x74, 0x79, 0x70, 0x65, 0x64, 0x52, 0x07, 0x75, 0x6e, 0x74, 0x79, 0x70,
+	0x74, 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x65, 0x72, 0x52, 0x07, 0x63, 0x6f, 0x75, 0x6e, 0x74,
-	0x65, 0x64, 0x12, 0x3d, 0x0a, 0x09, 0x68, 0x69, 0x73, 0x74, 0x6f, 0x67, 0x72, 0x61, 0x6d, 0x18,
+	0x65, 0x72, 0x12, 0x37, 0x0a, 0x07, 0x73, 0x75, 0x6d, 0x6d, 0x61, 0x72, 0x79, 0x18, 0x04, 0x20,
-	0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x69, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x6d, 0x65,
+	0x01, 0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x69, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68,
-	0x74, 0x68, 0x65, 0x75, 0x73, 0x2e, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e, 0x48, 0x69, 0x73,
+	0x65, 0x75, 0x73, 0x2e, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e, 0x53, 0x75, 0x6d, 0x6d, 0x61,
-	0x74, 0x6f, 0x67, 0x72, 0x61, 0x6d, 0x52, 0x09, 0x68, 0x69, 0x73, 0x74, 0x6f, 0x67, 0x72, 0x61,
+	0x72, 0x79, 0x52, 0x07, 0x73, 0x75, 0x6d, 0x6d, 0x61, 0x72, 0x79, 0x12, 0x37, 0x0a, 0x07, 0x75,
-	0x6d, 0x12, 0x21, 0x0a, 0x0c, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x5f, 0x6d,
+	0x6e, 0x74, 0x79, 0x70, 0x65, 0x64, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x69,
-	0x73, 0x18, 0x06, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0b, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61,
+	0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65, 0x75, 0x73, 0x2e, 0x63, 0x6c, 0x69,
-	0x6d, 0x70, 0x4d, 0x73, 0x22, 0xb6, 0x01, 0x0a, 0x0c, 0x4d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x46,
+	0x65, 0x6e, 0x74, 0x2e, 0x55, 0x6e, 0x74, 0x79, 0x70, 0x65, 0x64, 0x52, 0x07, 0x75, 0x6e, 0x74,
-	0x61, 0x6d, 0x69, 0x6c, 0x79, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20,
+	0x79, 0x70, 0x65, 0x64, 0x12, 0x3d, 0x0a, 0x09, 0x68, 0x69, 0x73, 0x74, 0x6f, 0x67, 0x72, 0x61,
-	0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x68, 0x65, 0x6c,
+	0x6d, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x69, 0x6f, 0x2e, 0x70, 0x72, 0x6f,
-	0x70, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x68, 0x65, 0x6c, 0x70, 0x12, 0x34, 0x0a,
+	0x6d, 0x65, 0x74, 0x68, 0x65, 0x75, 0x73, 0x2e, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e, 0x48,
-	0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x20, 0x2e, 0x69, 0x6f,
+	0x69, 0x73, 0x74, 0x6f, 0x67, 0x72, 0x61, 0x6d, 0x52, 0x09, 0x68, 0x69, 0x73, 0x74, 0x6f, 0x67,
-	0x2e, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65, 0x75, 0x73, 0x2e, 0x63, 0x6c, 0x69, 0x65,
+	0x72, 0x61, 0x6d, 0x12, 0x21, 0x0a, 0x0c, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70,
-	0x6e, 0x74, 0x2e, 0x4d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x54, 0x79, 0x70, 0x65, 0x52, 0x04, 0x74,
+	0x5f, 0x6d, 0x73, 0x18, 0x06, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0b, 0x74, 0x69, 0x6d, 0x65, 0x73,
-	0x79, 0x70, 0x65, 0x12, 0x34, 0x0a, 0x06, 0x6d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x18, 0x04, 0x20,
+	0x74, 0x61, 0x6d, 0x70, 0x4d, 0x73, 0x22, 0xa2, 0x01, 0x0a, 0x0c, 0x4d, 0x65, 0x74, 0x72, 0x69,
-	0x03, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x69, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68,
+	0x63, 0x46, 0x61, 0x6d, 0x69, 0x6c, 0x79, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18,
-	0x65, 0x75, 0x73, 0x2e, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e, 0x4d, 0x65, 0x74, 0x72, 0x69,
+	0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x68,
-	0x63, 0x52, 0x06, 0x6d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x12, 0x12, 0x0a, 0x04, 0x75, 0x6e, 0x69,
+	0x65, 0x6c, 0x70, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x68, 0x65, 0x6c, 0x70, 0x12,
-	0x74, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x75, 0x6e, 0x69, 0x74, 0x2a, 0x62, 0x0a,
+	0x34, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x20, 0x2e,
-	0x0a, 0x4d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x54, 0x79, 0x70, 0x65, 0x12, 0x0b, 0x0a, 0x07, 0x43,
+	0x69, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65, 0x75, 0x73, 0x2e, 0x63, 0x6c,
-	0x4f, 0x55, 0x4e, 0x54, 0x45, 0x52, 0x10, 0x00, 0x12, 0x09, 0x0a, 0x05, 0x47, 0x41, 0x55, 0x47,
+	0x69, 0x65, 0x6e, 0x74, 0x2e, 0x4d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x54, 0x79, 0x70, 0x65, 0x52,
-	0x45, 0x10, 0x01, 0x12, 0x0b, 0x0a, 0x07, 0x53, 0x55, 0x4d, 0x4d, 0x41, 0x52, 0x59, 0x10, 0x02,
+	0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x34, 0x0a, 0x06, 0x6d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x18,
-	0x12, 0x0b, 0x0a, 0x07, 0x55, 0x4e, 0x54, 0x59, 0x50, 0x45, 0x44, 0x10, 0x03, 0x12, 0x0d, 0x0a,
+	0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x69, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x6d, 0x65,
-	0x09, 0x48, 0x49, 0x53, 0x54, 0x4f, 0x47, 0x52, 0x41, 0x4d, 0x10, 0x04, 0x12, 0x13, 0x0a, 0x0f,
+	0x74, 0x68, 0x65, 0x75, 0x73, 0x2e, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e, 0x4d, 0x65, 0x74,
-	0x47, 0x41, 0x55, 0x47, 0x45, 0x5f, 0x48, 0x49, 0x53, 0x54, 0x4f, 0x47, 0x52, 0x41, 0x4d, 0x10,
+	0x72, 0x69, 0x63, 0x52, 0x06, 0x6d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x2a, 0x62, 0x0a, 0x0a, 0x4d,
-	0x05, 0x42, 0x52, 0x0a, 0x14, 0x69, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65,
+	0x65, 0x74, 0x72, 0x69, 0x63, 0x54, 0x79, 0x70, 0x65, 0x12, 0x0b, 0x0a, 0x07, 0x43, 0x4f, 0x55,
-	0x75, 0x73, 0x2e, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5a, 0x3a, 0x67, 0x69, 0x74, 0x68, 0x75,
+	0x4e, 0x54, 0x45, 0x52, 0x10, 0x00, 0x12, 0x09, 0x0a, 0x05, 0x47, 0x41, 0x55, 0x47, 0x45, 0x10,
-	0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65, 0x75, 0x73,
+	0x01, 0x12, 0x0b, 0x0a, 0x07, 0x53, 0x55, 0x4d, 0x4d, 0x41, 0x52, 0x59, 0x10, 0x02, 0x12, 0x0b,
-	0x2f, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x6c, 0x2f, 0x67, 0x6f,
+	0x0a, 0x07, 0x55, 0x4e, 0x54, 0x59, 0x50, 0x45, 0x44, 0x10, 0x03, 0x12, 0x0d, 0x0a, 0x09, 0x48,
-	0x3b, 0x69, 0x6f, 0x5f, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65, 0x75, 0x73, 0x5f, 0x63,
+	0x49, 0x53, 0x54, 0x4f, 0x47, 0x52, 0x41, 0x4d, 0x10, 0x04, 0x12, 0x13, 0x0a, 0x0f, 0x47, 0x41,
-	0x6c, 0x69, 0x65, 0x6e, 0x74,
+	0x55, 0x47, 0x45, 0x5f, 0x48, 0x49, 0x53, 0x54, 0x4f, 0x47, 0x52, 0x41, 0x4d, 0x10, 0x05, 0x42,
 	0x52, 0x0a, 0x14, 0x69, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65, 0x75, 0x73,
 	0x2e, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5a, 0x3a, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e,
 	0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65, 0x75, 0x73, 0x2f, 0x63,
 	0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x6c, 0x2f, 0x67, 0x6f, 0x3b, 0x69,
 	0x6f, 0x5f, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65, 0x75, 0x73, 0x5f, 0x63, 0x6c, 0x69,
 	0x65, 0x6e, 0x74,
 }
 var (
@@ -1207,23 +1185,22 @@ var file_io_prometheus_client_metrics_proto_depIdxs = []int32{
 	13, // 5: io.prometheus.client.Histogram.created_timestamp:type_name -> google.protobuf.Timestamp
 	9,  // 6: io.prometheus.client.Histogram.negative_span:type_name -> io.prometheus.client.BucketSpan
 	9,  // 7: io.prometheus.client.Histogram.positive_span:type_name -> io.prometheus.client.BucketSpan
-	10, // 8: io.prometheus.client.Histogram.exemplars:type_name -> io.prometheus.client.Exemplar
+	10, // 8: io.prometheus.client.Bucket.exemplar:type_name -> io.prometheus.client.Exemplar
-	10, // 9: io.prometheus.client.Bucket.exemplar:type_name -> io.prometheus.client.Exemplar
+	1,  // 9: io.prometheus.client.Exemplar.label:type_name -> io.prometheus.client.LabelPair
-	1,  // 10: io.prometheus.client.Exemplar.label:type_name -> io.prometheus.client.LabelPair
+	13, // 10: io.prometheus.client.Exemplar.timestamp:type_name -> google.protobuf.Timestamp
-	13, // 11: io.prometheus.client.Exemplar.timestamp:type_name -> google.protobuf.Timestamp
+	1,  // 11: io.prometheus.client.Metric.label:type_name -> io.prometheus.client.LabelPair
-	1,  // 12: io.prometheus.client.Metric.label:type_name -> io.prometheus.client.LabelPair
+	2,  // 12: io.prometheus.client.Metric.gauge:type_name -> io.prometheus.client.Gauge
-	2,  // 13: io.prometheus.client.Metric.gauge:type_name -> io.prometheus.client.Gauge
+	3,  // 13: io.prometheus.client.Metric.counter:type_name -> io.prometheus.client.Counter
-	3,  // 14: io.prometheus.client.Metric.counter:type_name -> io.prometheus.client.Counter
+	5,  // 14: io.prometheus.client.Metric.summary:type_name -> io.prometheus.client.Summary
-	5,  // 15: io.prometheus.client.Metric.summary:type_name -> io.prometheus.client.Summary
+	6,  // 15: io.prometheus.client.Metric.untyped:type_name -> io.prometheus.client.Untyped
-	6,  // 16: io.prometheus.client.Metric.untyped:type_name -> io.prometheus.client.Untyped
+	7,  // 16: io.prometheus.client.Metric.histogram:type_name -> io.prometheus.client.Histogram
-	7,  // 17: io.prometheus.client.Metric.histogram:type_name -> io.prometheus.client.Histogram
+	0,  // 17: io.prometheus.client.MetricFamily.type:type_name -> io.prometheus.client.MetricType
-	0,  // 18: io.prometheus.client.MetricFamily.type:type_name -> io.prometheus.client.MetricType
+	11, // 18: io.prometheus.client.MetricFamily.metric:type_name -> io.prometheus.client.Metric
-	11, // 19: io.prometheus.client.MetricFamily.metric:type_name -> io.prometheus.client.Metric
+	19, // [19:19] is the sub-list for method output_type
-	20, // [20:20] is the sub-list for method output_type
+	19, // [19:19] is the sub-list for method input_type
-	20, // [20:20] is the sub-list for method input_type
+	19, // [19:19] is the sub-list for extension type_name
-	20, // [20:20] is the sub-list for extension type_name
+	19, // [19:19] is the sub-list for extension extendee
-	20, // [20:20] is the sub-list for extension extendee
+	0,  // [0:19] is the sub-list for field type_name
 	0,  // [0:20] is the sub-list for field type_name
 }
 func init() { file_io_prometheus_client_metrics_proto_init() }
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -20,7 +20,7 @@ github.com/ibm-messaging/mq-golang/mqmetric
 github.com/prometheus/client_golang/prometheus
 github.com/prometheus/client_golang/prometheus/internal
 github.com/prometheus/client_golang/prometheus/promhttp
-# github.com/prometheus/client_model v0.6.1
+# github.com/prometheus/client_model v0.5.0
 ## explicit; go 1.19
 github.com/prometheus/client_model/go
 # github.com/prometheus/common v0.48.0
@@ -75,7 +75,7 @@ google.golang.org/protobuf/reflect/protoregistry
 google.golang.org/protobuf/runtime/protoiface
 google.golang.org/protobuf/runtime/protoimpl
 google.golang.org/protobuf/types/known/timestamppb
-# software.sslmate.com/src/go-pkcs12 v0.4.0
+# software.sslmate.com/src/go-pkcs12 v0.0.0-20200830195227-52f69702a001
-## explicit; go 1.19
+## explicit
 software.sslmate.com/src/go-pkcs12
 software.sslmate.com/src/go-pkcs12/internal/rc2
--- a/vendor/software.sslmate.com/src/go-pkcs12/README.md
+++ b/vendor/software.sslmate.com/src/go-pkcs12/README.md
@@ -1,6 +1,6 @@
 # package pkcs12
-[![Documentation](https://pkg.go.dev/badge/software.sslmate.com/src/go-pkcs12)](https://pkg.go.dev/software.sslmate.com/src/go-pkcs12)
+[![GoDoc](https://godoc.org/software.sslmate.com/src/go-pkcs12?status.svg)](https://godoc.org/software.sslmate.com/src/go-pkcs12)
    import "software.sslmate.com/src/go-pkcs12" 
@@ -11,12 +11,14 @@ do not support newer formats.  Since PKCS#12 uses weak encryption
 primitives, it SHOULD NOT be used for new applications.
 Note that only DER-encoded PKCS#12 files are supported, even though PKCS#12
-allows BER encoding.  This is because encoding/asn1 only supports DER.
+allows BER encoding.  This is becuase encoding/asn1 only supports DER.
 This package is forked from `golang.org/x/crypto/pkcs12`, which is frozen.
 The implementation is distilled from https://tools.ietf.org/html/rfc7292
 and referenced documents.
 This repository holds supplementary Go cryptography libraries.
 ## Import Path
 Note that although the source code and issue tracker for this package are hosted
@@ -26,6 +28,11 @@ on GitHub, the import path is:
 Please be sure to use this path when you `go get` and `import` this package.
 ## Download/Install
 The easiest way to install is to run `go get -u software.sslmate.com/src/go-pkcs12`. You
 can also manually git clone the repository to `$GOPATH/src/software.sslmate.com/src/go-pkcs12`.
 ## Report Issues / Send Patches
 Open an issue or PR at https://github.com/SSLMate/go-pkcs12
--- a/vendor/software.sslmate.com/src/go-pkcs12/bmp-string.go
+++ b/vendor/software.sslmate.com/src/go-pkcs12/bmp-string.go
@@ -9,27 +9,14 @@ import (
 	"unicode/utf16"
 )
-// bmpStringZeroTerminated returns s encoded in UCS-2 with a zero terminator.
+// bmpString returns s encoded in UCS-2 with a zero terminator.
 func bmpStringZeroTerminated(s string) ([]byte, error) {
 	// References:
 	// https://tools.ietf.org/html/rfc7292#appendix-B.1
 	// The above RFC provides the info that BMPStrings are NULL terminated.
 	ret, err := bmpString(s)
 	if err != nil {
 		return nil, err
 	}
 	return append(ret, 0, 0), nil
 }
 // bmpString returns s encoded in UCS-2
 func bmpString(s string) ([]byte, error) {
 	// References:
 	// https://tools.ietf.org/html/rfc7292#appendix-B.1
 	// https://en.wikipedia.org/wiki/Plane_(Unicode)#Basic_Multilingual_Plane
 	//  - non-BMP characters are encoded in UTF 16 by using a surrogate pair of 16-bit codes
 	//	  EncodeRune returns 0xfffd if the rune does not need special encoding
 	//  - the above RFC provides the info that BMPStrings are NULL terminated.
 	ret := make([]byte, 0, 2*len(s)+2)
@@ -40,7 +27,7 @@ func bmpString(s string) ([]byte, error) {
 		ret = append(ret, byte(r/256), byte(r%256))
 	}
-	return ret, nil
+	return append(ret, 0, 0), nil
 }
 func decodeBMPString(bmpString []byte) (string, error) {
--- a/vendor/software.sslmate.com/src/go-pkcs12/crypto.go
+++ b/vendor/software.sslmate.com/src/go-pkcs12/crypto.go
@@ -16,7 +16,6 @@ import (
 	"encoding/asn1"
 	"errors"
 	"hash"
 	"io"
 	"golang.org/x/crypto/pbkdf2"
 	"software.sslmate.com/src/go-pkcs12/internal/rc2"
@@ -24,14 +23,11 @@ import (
 var (
 	oidPBEWithSHAAnd3KeyTripleDESCBC = asn1.ObjectIdentifier([]int{1, 2, 840, 113549, 1, 12, 1, 3})
 	oidPBEWithSHAAnd128BitRC2CBC     = asn1.ObjectIdentifier([]int{1, 2, 840, 113549, 1, 12, 1, 5})
 	oidPBEWithSHAAnd40BitRC2CBC      = asn1.ObjectIdentifier([]int{1, 2, 840, 113549, 1, 12, 1, 6})
 	oidPBES2                         = asn1.ObjectIdentifier([]int{1, 2, 840, 113549, 1, 5, 13})
 	oidPBKDF2                        = asn1.ObjectIdentifier([]int{1, 2, 840, 113549, 1, 5, 12})
 	oidHmacWithSHA1                  = asn1.ObjectIdentifier([]int{1, 2, 840, 113549, 2, 7})
 	oidHmacWithSHA256                = asn1.ObjectIdentifier([]int{1, 2, 840, 113549, 2, 9})
 	oidAES128CBC                     = asn1.ObjectIdentifier([]int{2, 16, 840, 1, 101, 3, 4, 1, 2})
 	oidAES192CBC                     = asn1.ObjectIdentifier([]int{2, 16, 840, 1, 101, 3, 4, 1, 22})
 	oidAES256CBC                     = asn1.ObjectIdentifier([]int{2, 16, 840, 1, 101, 3, 4, 1, 42})
 )
@@ -59,20 +55,6 @@ func (shaWithTripleDESCBC) deriveIV(salt, password []byte, iterations int) []byt
 	return pbkdf(sha1Sum, 20, 64, salt, password, iterations, 2, 8)
 }
 type shaWith128BitRC2CBC struct{}
 func (shaWith128BitRC2CBC) create(key []byte) (cipher.Block, error) {
 	return rc2.New(key, len(key)*8)
 }
 func (shaWith128BitRC2CBC) deriveKey(salt, password []byte, iterations int) []byte {
 	return pbkdf(sha1Sum, 20, 64, salt, password, iterations, 1, 16)
 }
 func (shaWith128BitRC2CBC) deriveIV(salt, password []byte, iterations int) []byte {
 	return pbkdf(sha1Sum, 20, 64, salt, password, iterations, 2, 8)
 }
 type shaWith40BitRC2CBC struct{}
 func (shaWith40BitRC2CBC) create(key []byte) (cipher.Block, error) {
@@ -98,8 +80,6 @@ func pbeCipherFor(algorithm pkix.AlgorithmIdentifier, password []byte) (cipher.B
 	switch {
 	case algorithm.Algorithm.Equal(oidPBEWithSHAAnd3KeyTripleDESCBC):
 		cipherType = shaWithTripleDESCBC{}
 	case algorithm.Algorithm.Equal(oidPBEWithSHAAnd128BitRC2CBC):
 		cipherType = shaWith128BitRC2CBC{}
 	case algorithm.Algorithm.Equal(oidPBEWithSHAAnd40BitRC2CBC):
 		cipherType = shaWith40BitRC2CBC{}
 	case algorithm.Algorithm.Equal(oidPBES2):
@@ -166,7 +146,6 @@ func pbDecrypt(info decryptable, password []byte) (decrypted []byte, err error)
 	if len(decrypted) < psLen {
 		return nil, ErrDecryption
 	}
 	ps := decrypted[len(decrypted)-psLen:]
 	decrypted = decrypted[:len(decrypted)-psLen]
 	if bytes.Compare(ps, bytes.Repeat([]byte{byte(psLen)}, psLen)) != 0 {
@@ -176,30 +155,30 @@ func pbDecrypt(info decryptable, password []byte) (decrypted []byte, err error)
 	return
 }
-//	PBES2-params ::= SEQUENCE {
+// PBES2-params ::= SEQUENCE {
-//		keyDerivationFunc AlgorithmIdentifier {{PBES2-KDFs}},
+// 	keyDerivationFunc AlgorithmIdentifier {{PBES2-KDFs}},
-//		encryptionScheme AlgorithmIdentifier {{PBES2-Encs}}
+// 	encryptionScheme AlgorithmIdentifier {{PBES2-Encs}}
-//	}
+// }
 type pbes2Params struct {
 	Kdf              pkix.AlgorithmIdentifier
 	EncryptionScheme pkix.AlgorithmIdentifier
 }
-//	PBKDF2-params ::= SEQUENCE {
+// PBKDF2-params ::= SEQUENCE {
-//	    salt CHOICE {
+//     salt CHOICE {
-//	      specified OCTET STRING,
+//       specified OCTET STRING,
-//	      otherSource AlgorithmIdentifier {{PBKDF2-SaltSources}}
+//       otherSource AlgorithmIdentifier {{PBKDF2-SaltSources}}
-//	    },
+//     },
-//	    iterationCount INTEGER (1..MAX),
+//     iterationCount INTEGER (1..MAX),
-//	    keyLength INTEGER (1..MAX) OPTIONAL,
+//     keyLength INTEGER (1..MAX) OPTIONAL,
-//	    prf AlgorithmIdentifier {{PBKDF2-PRFs}} DEFAULT
+//     prf AlgorithmIdentifier {{PBKDF2-PRFs}} DEFAULT
-//	    algid-hmacWithSHA1
+//     algid-hmacWithSHA1
-//	}
+// }
 type pbkdf2Params struct {
 	Salt       asn1.RawValue
 	Iterations int
-	KeyLength  int                      `asn1:"optional"`
+	KeyLength  int `asn1:"optional"`
-	Prf        pkix.AlgorithmIdentifier `asn1:"optional"`
+	Prf        pkix.AlgorithmIdentifier
 }
 func pbes2CipherFor(algorithm pkix.AlgorithmIdentifier, password []byte) (cipher.Block, []byte, error) {
@@ -228,28 +207,21 @@ func pbes2CipherFor(algorithm pkix.AlgorithmIdentifier, password []byte) (cipher
 		prf = sha1.New
 	case kdfParams.Prf.Algorithm.Equal(asn1.ObjectIdentifier([]int{})):
 		prf = sha1.New
 	default:
 		return nil, nil, NotImplementedError("pbes2 prf " + kdfParams.Prf.Algorithm.String() + " is not supported")
 	}
-	var keyLen int
+	key := pbkdf2.Key(password, kdfParams.Salt.Bytes, kdfParams.Iterations, 32, prf)
 	switch {
 	case params.EncryptionScheme.Algorithm.Equal(oidAES256CBC):
 		keyLen = 32
 	case params.EncryptionScheme.Algorithm.Equal(oidAES192CBC):
 		keyLen = 24
 	case params.EncryptionScheme.Algorithm.Equal(oidAES128CBC):
 		keyLen = 16
 	default:
 		return nil, nil, NotImplementedError("pbes2 algorithm " + params.EncryptionScheme.Algorithm.String() + " is not supported")
 	}
 	key := pbkdf2.Key(password, kdfParams.Salt.Bytes, kdfParams.Iterations, keyLen, prf)
 	iv := params.EncryptionScheme.Parameters.Bytes
-	block, err := aes.NewCipher(key)
+	var block cipher.Block
-	if err != nil {
+	switch {
-		return nil, nil, err
+	case params.EncryptionScheme.Algorithm.Equal(oidAES256CBC):
 		b, err := aes.NewCipher(key)
 		if err != nil {
 			return nil, nil, err
 		}
 		block = b
 	default:
 		return nil, nil, NotImplementedError("pbes2 algorithm " + params.EncryptionScheme.Algorithm.String() + " is not supported")
 	}
 	return block, iv, nil
 }
@@ -291,31 +263,3 @@ type encryptable interface {
 	Algorithm() pkix.AlgorithmIdentifier
 	SetData([]byte)
 }
 func makePBES2Parameters(rand io.Reader, salt []byte, iterations int) ([]byte, error) {
 	var err error
 	randomIV := make([]byte, 16)
 	if _, err := rand.Read(randomIV); err != nil {
 		return nil, err
 	}
 	var kdfparams pbkdf2Params
 	if kdfparams.Salt.FullBytes, err = asn1.Marshal(salt); err != nil {
 		return nil, err
 	}
 	kdfparams.Iterations = iterations
 	kdfparams.Prf.Algorithm = oidHmacWithSHA256
 	var params pbes2Params
 	params.Kdf.Algorithm = oidPBKDF2
 	if params.Kdf.Parameters.FullBytes, err = asn1.Marshal(kdfparams); err != nil {
 		return nil, err
 	}
 	params.EncryptionScheme.Algorithm = oidAES256CBC
 	if params.EncryptionScheme.Parameters.FullBytes, err = asn1.Marshal(randomIV); err != nil {
 		return nil, err
 	}
 	return asn1.Marshal(params)
 }
--- a/vendor/software.sslmate.com/src/go-pkcs12/mac.go
+++ b/vendor/software.sslmate.com/src/go-pkcs12/mac.go
@@ -31,7 +31,7 @@ var (
 	oidSHA256 = asn1.ObjectIdentifier([]int{2, 16, 840, 1, 101, 3, 4, 2, 1})
 )
-func doMac(macData *macData, message, password []byte) ([]byte, error) {
+func verifyMac(macData *macData, message, password []byte) error {
 	var hFn func() hash.Hash
 	var key []byte
 	switch {
@@ -42,19 +42,13 @@ func doMac(macData *macData, message, password []byte) ([]byte, error) {
 		hFn = sha256.New
 		key = pbkdf(sha256Sum, 32, 64, macData.MacSalt, password, macData.Iterations, 3, 32)
 	default:
-		return nil, NotImplementedError("unknown digest algorithm: " + macData.Mac.Algorithm.Algorithm.String())
+		return NotImplementedError("unknown digest algorithm: " + macData.Mac.Algorithm.Algorithm.String())
 	}
 	mac := hmac.New(hFn, key)
 	mac.Write(message)
-	return mac.Sum(nil), nil
+	expectedMAC := mac.Sum(nil)
 }
 func verifyMac(macData *macData, message, password []byte) error {
 	expectedMAC, err := doMac(macData, message, password)
 	if err != nil {
 		return err
 	}
 	if !hmac.Equal(macData.Mac.Digest, expectedMAC) {
 		return ErrIncorrectPassword
 	}
@@ -62,10 +56,15 @@ func verifyMac(macData *macData, message, password []byte) error {
 }
 func computeMac(macData *macData, message, password []byte) error {
-	digest, err := doMac(macData, message, password)
+	if !macData.Mac.Algorithm.Algorithm.Equal(oidSHA1) {
-	if err != nil {
+		return NotImplementedError("unknown digest algorithm: " + macData.Mac.Algorithm.Algorithm.String())
 		return err
 	}
-	macData.Mac.Digest = digest
+
 	key := pbkdf(sha1Sum, 20, 64, macData.MacSalt, password, macData.Iterations, 3, 20)
 	mac := hmac.New(sha1.New, key)
 	mac.Write(message)
 	macData.Mac.Digest = mac.Sum(nil)
 	return nil
 }
--- a/vendor/software.sslmate.com/src/go-pkcs12/pkcs12.go
+++ b/vendor/software.sslmate.com/src/go-pkcs12/pkcs12.go
@@ -10,7 +10,7 @@
 // primitives, it SHOULD NOT be used for new applications.
 //
 // Note that only DER-encoded PKCS#12 files are supported, even though PKCS#12
-// allows BER encoding.  This is because encoding/asn1 only supports DER.
+// allows BER encoding.  This is becuase encoding/asn1 only supports DER.
 //
 // This package is forked from golang.org/x/crypto/pkcs12, which is frozen.
 // The implementation is distilled from https://tools.ietf.org/html/rfc7292
@@ -19,7 +19,6 @@ package pkcs12 // import "software.sslmate.com/src/go-pkcs12"
 import (
 	"crypto/ecdsa"
 	"crypto/rand"
 	"crypto/rsa"
 	"crypto/sha1"
 	"crypto/x509"
@@ -28,160 +27,15 @@ import (
 	"encoding/hex"
 	"encoding/pem"
 	"errors"
 	"fmt"
 	"io"
 )
 // DefaultPassword is the string "changeit", a commonly-used password for
-// PKCS#12 files.
+// PKCS#12 files. Due to the weak encryption used by PKCS#12, it is
 // RECOMMENDED that you use DefaultPassword when encoding PKCS#12 files,
 // and protect the PKCS#12 files using other means.
 const DefaultPassword = "changeit"
 // An Encoder contains methods for encoding PKCS#12 files.  This package
 // defines several different Encoders with different parameters.
 type Encoder struct {
 	macAlgorithm         asn1.ObjectIdentifier
 	certAlgorithm        asn1.ObjectIdentifier
 	keyAlgorithm         asn1.ObjectIdentifier
 	macIterations        int
 	encryptionIterations int
 	saltLen              int
 	rand                 io.Reader
 }
 // WithIterations creates a new Encoder identical to enc except that
 // it will use the given number of KDF iterations for deriving the MAC
 // and encryption keys.
 //
 // Note that even with a large number of iterations, a weak
 // password can still be brute-forced in much less time than it would
 // take to brute-force a high-entropy encrytion key.  For the best
 // security, don't worry about the number of iterations and just
 // use a high-entropy password (e.g. one generated with `openssl rand -hex 16`).
 // See https://neilmadden.blog/2023/01/09/on-pbkdf2-iterations/ for more detail.
 //
 // Panics if iterations is less than 1.
 func (enc Encoder) WithIterations(iterations int) *Encoder {
 	if iterations < 1 {
 		panic("pkcs12: number of iterations is less than 1")
 	}
 	enc.macIterations = iterations
 	enc.encryptionIterations = iterations
 	return &enc
 }
 // WithRand creates a new Encoder identical to enc except that
 // it will use the given io.Reader for its random number generator
 // instead of [crypto/rand.Reader].
 func (enc Encoder) WithRand(rand io.Reader) *Encoder {
 	enc.rand = rand
 	return &enc
 }
 // LegacyRC2 encodes PKCS#12 files using weak algorithms that were
 // traditionally used in PKCS#12 files, including those produced
 // by OpenSSL before 3.0.0, go-pkcs12 before 0.3.0, and Java when
 // keystore.pkcs12.legacy is defined.  Specifically, certificates
 // are encrypted using PBE with RC2, and keys are encrypted using PBE
 // with 3DES, using keys derived with 2048 iterations of HMAC-SHA-1.
 // MACs use HMAC-SHA-1 with keys derived with 1 iteration of HMAC-SHA-1.
 //
 // Due to the weak encryption, it is STRONGLY RECOMMENDED that you use [DefaultPassword]
 // when encoding PKCS#12 files using this encoder, and protect the PKCS#12 files
 // using other means.
 //
 // By default, OpenSSL 3 can't decode PKCS#12 files created using this encoder.
 // For better compatibility, use [LegacyDES].  For better security, use
 // [Modern2023].
 var LegacyRC2 = &Encoder{
 	macAlgorithm:         oidSHA1,
 	certAlgorithm:        oidPBEWithSHAAnd40BitRC2CBC,
 	keyAlgorithm:         oidPBEWithSHAAnd3KeyTripleDESCBC,
 	macIterations:        1,
 	encryptionIterations: 2048,
 	saltLen:              8,
 	rand:                 rand.Reader,
 }
 // LegacyDES encodes PKCS#12 files using weak algorithms that are
 // supported by a wide variety of software.  Certificates and keys
 // are encrypted using PBE with 3DES using keys derived with 2048
 // iterations of HMAC-SHA-1.  MACs use HMAC-SHA-1 with keys derived
 // with 1 iteration of HMAC-SHA-1.  These are the same parameters
 // used by OpenSSL's -descert option.  As of 2023, this encoder is
 // likely to produce files that can be read by the most software.
 //
 // Due to the weak encryption, it is STRONGLY RECOMMENDED that you use [DefaultPassword]
 // when encoding PKCS#12 files using this encoder, and protect the PKCS#12 files
 // using other means.  To create more secure PKCS#12 files, use [Modern2023].
 var LegacyDES = &Encoder{
 	macAlgorithm:         oidSHA1,
 	certAlgorithm:        oidPBEWithSHAAnd3KeyTripleDESCBC,
 	keyAlgorithm:         oidPBEWithSHAAnd3KeyTripleDESCBC,
 	macIterations:        1,
 	encryptionIterations: 2048,
 	saltLen:              8,
 	rand:                 rand.Reader,
 }
 // Passwordless encodes PKCS#12 files without any encryption or MACs.
 // A lot of software has trouble reading such files, so it's probably only
 // useful for creating Java trust stores using [Encoder.EncodeTrustStore]
 // or [Encoder.EncodeTrustStoreEntries].
 //
 // When using this encoder, you MUST specify an empty password.
 var Passwordless = &Encoder{
 	macAlgorithm:  nil,
 	certAlgorithm: nil,
 	keyAlgorithm:  nil,
 	rand:          rand.Reader,
 }
 // Modern2023 encodes PKCS#12 files using algorithms that are considered modern
 // as of 2023.  Private keys and certificates are encrypted using PBES2 with
 // PBKDF2-HMAC-SHA-256 and AES-256-CBC.  The MAC algorithm is HMAC-SHA-2.  These
 // are the same algorithms used by OpenSSL 3 (by default), Java 20 (by default),
 // and Windows Server 2019 (when "stronger" is used).
 //
 // Files produced with this encoder can be read by OpenSSL 1.1.1 and higher,
 // Java 12 and higher, and Windows Server 2019 and higher.
 //
 // For passwords, it is RECOMMENDED that you do one of the following:
 // 1) Use [DefaultPassword] and protect the file using other means, or
 // 2) Use a high-entropy password, such as one generated with `openssl rand -hex 16`.
 //
 // You SHOULD NOT use a lower-entropy password with this encoder because the number of KDF
 // iterations is only 2048 and doesn't provide meaningful protection against
 // brute-forcing.  You can increase the number of iterations using [Encoder.WithIterations],
 // but as https://neilmadden.blog/2023/01/09/on-pbkdf2-iterations/ explains, this doesn't
 // help as much as you think.
 var Modern2023 = &Encoder{
 	macAlgorithm:         oidSHA256,
 	certAlgorithm:        oidPBES2,
 	keyAlgorithm:         oidPBES2,
 	macIterations:        2048,
 	encryptionIterations: 2048,
 	saltLen:              16,
 	rand:                 rand.Reader,
 }
 // Legacy encodes PKCS#12 files using weak, legacy parameters that work in
 // a wide variety of software.
 //
 // Currently, this encoder is the same as [LegacyDES], but this
 // may change in the future if another encoder is found to provide better
 // compatibility.
 //
 // Due to the weak encryption, it is STRONGLY RECOMMENDED that you use [DefaultPassword]
 // when encoding PKCS#12 files using this encoder, and protect the PKCS#12 files
 // using other means.
 var Legacy = LegacyDES
 // Modern encodes PKCS#12 files using modern, robust parameters.
 //
 // Currently, this encoder is the same as [Modern2023], but this
 // may change in the future to keep up with modern practices.
 var Modern = Modern2023
 var (
 	oidDataContentType          = asn1.ObjectIdentifier([]int{1, 2, 840, 113549, 1, 7, 1})
 	oidEncryptedDataContentType = asn1.ObjectIdentifier([]int{1, 2, 840, 113549, 1, 7, 6})
@@ -190,8 +44,7 @@ var (
 	oidLocalKeyID       = asn1.ObjectIdentifier([]int{1, 2, 840, 113549, 1, 9, 21})
 	oidMicrosoftCSPName = asn1.ObjectIdentifier([]int{1, 3, 6, 1, 4, 1, 311, 17, 1})
-	oidJavaTrustStore      = asn1.ObjectIdentifier([]int{2, 16, 840, 1, 113894, 746875, 1, 1})
+	oidJavaTrustStore = asn1.ObjectIdentifier([]int{2, 16, 840, 1, 113894, 746875, 1, 1})
 	oidAnyExtendedKeyUsage = asn1.ObjectIdentifier([]int{2, 5, 29, 37, 0})
 )
 type pfxPdu struct {
@@ -281,18 +134,17 @@ func unmarshal(in []byte, out interface{}) error {
 }
 // ToPEM converts all "safe bags" contained in pfxData to PEM blocks.
-//
+// DO NOT USE THIS FUNCTION. ToPEM creates invalid PEM blocks; private keys
 // Deprecated: ToPEM creates invalid PEM blocks (private keys
 // are encoded as raw RSA or EC private keys rather than PKCS#8 despite being
-// labeled "PRIVATE KEY").  To decode a PKCS#12 file, use [DecodeChain] instead,
+// labeled "PRIVATE KEY".  To decode a PKCS#12 file, use DecodeChain instead,
-// and use the [encoding/pem] package to convert to PEM if necessary.
+// and use the encoding/pem package to convert to PEM if necessary.
 func ToPEM(pfxData []byte, password string) ([]*pem.Block, error) {
-	encodedPassword, err := bmpStringZeroTerminated(password)
+	encodedPassword, err := bmpString(password)
 	if err != nil {
 		return nil, ErrIncorrectPassword
 	}
-	bags, encodedPassword, err := getSafeContents(pfxData, encodedPassword, 2, 2)
+	bags, encodedPassword, err := getSafeContents(pfxData, encodedPassword, 2)
 	if err != nil {
 		return nil, err
@@ -394,7 +246,7 @@ func convertAttribute(attribute *pkcs12Attribute) (key, value string, err error)
 // Decode extracts a certificate and private key from pfxData, which must be a DER-encoded PKCS#12 file. This function
 // assumes that there is only one certificate and only one private key in the
 // pfxData.  Since PKCS#12 files often contain more than one certificate, you
-// probably want to use [DecodeChain] instead.
+// probably want to use DecodeChain instead.
 func Decode(pfxData []byte, password string) (privateKey interface{}, certificate *x509.Certificate, err error) {
 	var caCerts []*x509.Certificate
 	privateKey, certificate, caCerts, err = DecodeChain(pfxData, password)
@@ -410,12 +262,12 @@ func Decode(pfxData []byte, password string) (privateKey interface{}, certificat
 // be the leaf certificate, and subsequent certificates, if any, are assumed to
 // comprise the CA certificate chain.
 func DecodeChain(pfxData []byte, password string) (privateKey interface{}, certificate *x509.Certificate, caCerts []*x509.Certificate, err error) {
-	encodedPassword, err := bmpStringZeroTerminated(password)
+	encodedPassword, err := bmpString(password)
 	if err != nil {
 		return nil, nil, nil, err
 	}
-	bags, encodedPassword, err := getSafeContents(pfxData, encodedPassword, 1, 2)
+	bags, encodedPassword, err := getSafeContents(pfxData, encodedPassword, 2)
 	if err != nil {
 		return nil, nil, nil, err
 	}
@@ -441,15 +293,6 @@ func DecodeChain(pfxData []byte, password string) (privateKey interface{}, certi
 				caCerts = append(caCerts, certs[0])
 			}
 		case bag.Id.Equal(oidKeyBag):
 			if privateKey != nil {
 				err = errors.New("pkcs12: expected exactly one key bag")
 				return nil, nil, nil, err
 			}
 			if privateKey, err = x509.ParsePKCS8PrivateKey(bag.Value.Bytes); err != nil {
 				return nil, nil, nil, err
 			}
 		case bag.Id.Equal(oidPKCS8ShroundedKeyBag):
 			if privateKey != nil {
 				err = errors.New("pkcs12: expected exactly one key bag")
@@ -475,16 +318,13 @@ func DecodeChain(pfxData []byte, password string) (privateKey interface{}, certi
 // DecodeTrustStore extracts the certificates from pfxData, which must be a DER-encoded
 // PKCS#12 file containing exclusively certificates with attribute 2.16.840.1.113894.746875.1.1,
 // which is used by Java to designate a trust anchor.
 //
 // If the password argument is empty, DecodeTrustStore will decode either password-less
 // PKCS#12 files (i.e. those without encryption) or files with a literal empty password.
 func DecodeTrustStore(pfxData []byte, password string) (certs []*x509.Certificate, err error) {
-	encodedPassword, err := bmpStringZeroTerminated(password)
+	encodedPassword, err := bmpString(password)
 	if err != nil {
 		return nil, err
 	}
-	bags, encodedPassword, err := getSafeContents(pfxData, encodedPassword, 1, 1)
+	bags, encodedPassword, err := getSafeContents(pfxData, encodedPassword, 1)
 	if err != nil {
 		return nil, err
 	}
@@ -519,7 +359,7 @@ func DecodeTrustStore(pfxData []byte, password string) (certs []*x509.Certificat
 	return
 }
-func getSafeContents(p12Data, password []byte, expectedItemsMin int, expectedItemsMax int) (bags []safeBag, updatedPassword []byte, err error) {
+func getSafeContents(p12Data, password []byte, expectedItems int) (bags []safeBag, updatedPassword []byte, err error) {
 	pfx := new(pfxPdu)
 	if err := unmarshal(p12Data, pfx); err != nil {
 		return nil, nil, errors.New("pkcs12: error reading P12 data: " + err.Error())
@@ -539,10 +379,10 @@ func getSafeContents(p12Data, password []byte, expectedItemsMin int, expectedIte
 	}
 	if len(pfx.MacData.Mac.Algorithm.Algorithm) == 0 {
-		if !(len(password) == 2 && password[0] == 0 && password[1] == 0) {
+		return nil, nil, errors.New("pkcs12: no MAC in data")
-			return nil, nil, errors.New("pkcs12: no MAC in data")
+	}
-		}
+
-	} else if err := verifyMac(&pfx.MacData, pfx.AuthSafe.Content.Bytes, password); err != nil {
+	if err := verifyMac(&pfx.MacData, pfx.AuthSafe.Content.Bytes, password); err != nil {
 		if err == ErrIncorrectPassword && len(password) == 2 && password[0] == 0 && password[1] == 0 {
 			// some implementations use an empty byte array
 			// for the empty string password try one more
@@ -560,11 +400,8 @@ func getSafeContents(p12Data, password []byte, expectedItemsMin int, expectedIte
 		return nil, nil, err
 	}
-	if len(authenticatedSafe) < expectedItemsMin || len(authenticatedSafe) > expectedItemsMax {
+	if len(authenticatedSafe) != expectedItems {
-		if expectedItemsMin == expectedItemsMax {
+		return nil, nil, NotImplementedError("expected exactly two items in the authenticated safe")
 			return nil, nil, NotImplementedError(fmt.Sprintf("expected exactly %d items in the authenticated safe, but this file has %d", expectedItemsMin, len(authenticatedSafe)))
 		}
 		return nil, nil, NotImplementedError(fmt.Sprintf("expected between %d and %d items in the authenticated safe, but this file has %d", expectedItemsMin, expectedItemsMax, len(authenticatedSafe)))
 	}
 	for _, ci := range authenticatedSafe {
@@ -600,35 +437,26 @@ func getSafeContents(p12Data, password []byte, expectedItemsMin int, expectedIte
 	return bags, password, nil
 }
 // Encode is equivalent to LegacyRC2.WithRand(rand).Encode.
 // See [Encoder.Encode] and [LegacyRC2] for details.
 //
 // Deprecated: for the same behavior, use LegacyRC2.Encode; for
 // better compatibility, use Legacy.Encode; for better
 // security, use Modern.Encode.
 func Encode(rand io.Reader, privateKey interface{}, certificate *x509.Certificate, caCerts []*x509.Certificate, password string) (pfxData []byte, err error) {
 	return LegacyRC2.WithRand(rand).Encode(privateKey, certificate, caCerts, password)
 }
 // Encode produces pfxData containing one private key (privateKey), an
 // end-entity certificate (certificate), and any number of CA certificates
 // (caCerts).
 //
-// The pfxData is encrypted and authenticated with keys derived from
+// The private key is encrypted with the provided password, but due to the
-// the provided password.
+// weak encryption primitives used by PKCS#12, it is RECOMMENDED that you
 // specify a hard-coded password (such as pkcs12.DefaultPassword) and protect
 // the resulting pfxData using other means.
 //
 // The rand argument is used to provide entropy for the encryption, and
 // can be set to rand.Reader from the crypto/rand package.
 //
 // Encode emulates the behavior of OpenSSL's PKCS12_create: it creates two
-// SafeContents: one that's encrypted with the certificate encryption algorithm
+// SafeContents: one that's encrypted with RC2 and contains the certificates,
-// and contains the certificates, and another that is unencrypted and contains the
+// and another that is unencrypted and contains the private key shrouded with
-// private key shrouded with the key encryption algorithm.  The private key bag and
+// 3DES  The private key bag and the end-entity certificate bag have the
-// the end-entity certificate bag have the LocalKeyId attribute set to the SHA-1
+// LocalKeyId attribute set to the SHA-1 fingerprint of the end-entity
-// fingerprint of the end-entity certificate.
+// certificate.
-func (enc *Encoder) Encode(privateKey interface{}, certificate *x509.Certificate, caCerts []*x509.Certificate, password string) (pfxData []byte, err error) {
+func Encode(rand io.Reader, privateKey interface{}, certificate *x509.Certificate, caCerts []*x509.Certificate, password string) (pfxData []byte, err error) {
-	if enc.macAlgorithm == nil && enc.certAlgorithm == nil && enc.keyAlgorithm == nil && password != "" {
+	encodedPassword, err := bmpString(password)
 		return nil, errors.New("password must be empty")
 	}
 	encodedPassword, err := bmpStringZeroTerminated(password)
 	if err != nil {
 		return nil, err
 	}
@@ -647,37 +475,26 @@ func (enc *Encoder) Encode(privateKey interface{}, certificate *x509.Certificate
 	}
 	var certBags []safeBag
-	if certBag, err := makeCertBag(certificate.Raw, []pkcs12Attribute{localKeyIdAttr}); err != nil {
+	var certBag *safeBag
 	if certBag, err = makeCertBag(certificate.Raw, []pkcs12Attribute{localKeyIdAttr}); err != nil {
 		return nil, err
-	} else {
+	}
 	certBags = append(certBags, *certBag)
 	for _, cert := range caCerts {
 		if certBag, err = makeCertBag(cert.Raw, []pkcs12Attribute{}); err != nil {
 			return nil, err
 		}
 		certBags = append(certBags, *certBag)
 	}
 	for _, cert := range caCerts {
 		if certBag, err := makeCertBag(cert.Raw, []pkcs12Attribute{}); err != nil {
 			return nil, err
 		} else {
 			certBags = append(certBags, *certBag)
 		}
 	}
 	var keyBag safeBag
-	if enc.keyAlgorithm == nil {
+	keyBag.Id = oidPKCS8ShroundedKeyBag
-		keyBag.Id = oidKeyBag
+	keyBag.Value.Class = 2
-		keyBag.Value.Class = 2
+	keyBag.Value.Tag = 0
-		keyBag.Value.Tag = 0
+	keyBag.Value.IsCompound = true
-		keyBag.Value.IsCompound = true
+	if keyBag.Value.Bytes, err = encodePkcs8ShroudedKeyBag(rand, privateKey, encodedPassword); err != nil {
-		if keyBag.Value.Bytes, err = x509.MarshalPKCS8PrivateKey(privateKey); err != nil {
+		return nil, err
 			return nil, err
 		}
 	} else {
 		keyBag.Id = oidPKCS8ShroundedKeyBag
 		keyBag.Value.Class = 2
 		keyBag.Value.Tag = 0
 		keyBag.Value.IsCompound = true
 		if keyBag.Value.Bytes, err = encodePkcs8ShroudedKeyBag(enc.rand, privateKey, enc.keyAlgorithm, encodedPassword, enc.encryptionIterations, enc.saltLen); err != nil {
 			return nil, err
 		}
 	}
 	keyBag.Attributes = append(keyBag.Attributes, localKeyIdAttr)
@@ -685,10 +502,10 @@ func (enc *Encoder) Encode(privateKey interface{}, certificate *x509.Certificate
 	// The first SafeContents is encrypted and contains the cert bags.
 	// The second SafeContents is unencrypted and contains the shrouded key bag.
 	var authenticatedSafe [2]contentInfo
-	if authenticatedSafe[0], err = makeSafeContents(enc.rand, certBags, enc.certAlgorithm, encodedPassword, enc.encryptionIterations, enc.saltLen); err != nil {
+	if authenticatedSafe[0], err = makeSafeContents(rand, certBags, encodedPassword); err != nil {
 		return nil, err
 	}
-	if authenticatedSafe[1], err = makeSafeContents(enc.rand, []safeBag{keyBag}, nil, nil, 0, 0); err != nil {
+	if authenticatedSafe[1], err = makeSafeContents(rand, []safeBag{keyBag}, nil); err != nil {
 		return nil, err
 	}
@@ -697,17 +514,15 @@ func (enc *Encoder) Encode(privateKey interface{}, certificate *x509.Certificate
 		return nil, err
 	}
-	if enc.macAlgorithm != nil {
+	// compute the MAC
-		// compute the MAC
+	pfx.MacData.Mac.Algorithm.Algorithm = oidSHA1
-		pfx.MacData.Mac.Algorithm.Algorithm = enc.macAlgorithm
+	pfx.MacData.MacSalt = make([]byte, 8)
-		pfx.MacData.MacSalt = make([]byte, enc.saltLen)
+	if _, err = rand.Read(pfx.MacData.MacSalt); err != nil {
-		if _, err = enc.rand.Read(pfx.MacData.MacSalt); err != nil {
+		return nil, err
-			return nil, err
+	}
-		}
+	pfx.MacData.Iterations = 1
-		pfx.MacData.Iterations = enc.macIterations
+	if err = computeMac(&pfx.MacData, authenticatedSafeBytes, encodedPassword); err != nil {
-		if err = computeMac(&pfx.MacData, authenticatedSafeBytes, encodedPassword); err != nil {
+		return nil, err
 			return nil, err
 		}
 	}
 	pfx.AuthSafe.ContentType = oidDataContentType
@@ -724,73 +539,21 @@ func (enc *Encoder) Encode(privateKey interface{}, certificate *x509.Certificate
 	return
 }
 // EncodeTrustStore is equivalent to LegacyRC2.WithRand(rand).EncodeTrustStore.
 // See [Encoder.EncodeTrustStore] and [LegacyRC2] for details.
 //
 // Deprecated: for the same behavior, use LegacyRC2.EncodeTrustStore; to generate passwordless trust stores,
 // use Passwordless.EncodeTrustStore.
 func EncodeTrustStore(rand io.Reader, certs []*x509.Certificate, password string) (pfxData []byte, err error) {
 	return LegacyRC2.WithRand(rand).EncodeTrustStore(certs, password)
 }
 // EncodeTrustStore produces pfxData containing any number of CA certificates
 // (certs) to be trusted. The certificates will be marked with a special OID that
 // allow it to be used as a Java TrustStore in Java 1.8 and newer.
 //
-// EncodeTrustStore creates a single SafeContents that's optionally encrypted
+// Due to the weak encryption primitives used by PKCS#12, it is RECOMMENDED that
 // you specify a hard-coded password (such as pkcs12.DefaultPassword) and protect
 // the resulting pfxData using other means.
 //
 // The rand argument is used to provide entropy for the encryption, and
 // can be set to rand.Reader from the crypto/rand package.
 //
 // EncodeTrustStore creates a single SafeContents that's encrypted with RC2
 // and contains the certificates.
-//
+func EncodeTrustStore(rand io.Reader, certs []*x509.Certificate, password string) (pfxData []byte, err error) {
-// The Subject of the certificates are used as the Friendly Names (Aliases)
+	encodedPassword, err := bmpString(password)
 // within the resulting pfxData. If certificates share a Subject, then the
 // resulting Friendly Names (Aliases) will be identical, which Java may treat as
 // the same entry when used as a Java TrustStore, e.g. with `keytool`.  To
 // customize the Friendly Names, use [EncodeTrustStoreEntries].
 func (enc *Encoder) EncodeTrustStore(certs []*x509.Certificate, password string) (pfxData []byte, err error) {
 	var certsWithFriendlyNames []TrustStoreEntry
 	for _, cert := range certs {
 		certsWithFriendlyNames = append(certsWithFriendlyNames, TrustStoreEntry{
 			Cert:         cert,
 			FriendlyName: cert.Subject.String(),
 		})
 	}
 	return enc.EncodeTrustStoreEntries(certsWithFriendlyNames, password)
 }
 // TrustStoreEntry represents an entry in a Java TrustStore.
 type TrustStoreEntry struct {
 	Cert         *x509.Certificate
 	FriendlyName string
 }
 // EncodeTrustStoreEntries is equivalent to LegacyRC2.WithRand(rand).EncodeTrustStoreEntries.
 // See [Encoder.EncodeTrustStoreEntries] and [LegacyRC2] for details.
 //
 // Deprecated: for the same behavior, use LegacyRC2.EncodeTrustStoreEntries; to generate passwordless trust stores,
 // use Passwordless.EncodeTrustStoreEntries.
 func EncodeTrustStoreEntries(rand io.Reader, entries []TrustStoreEntry, password string) (pfxData []byte, err error) {
 	return LegacyRC2.WithRand(rand).EncodeTrustStoreEntries(entries, password)
 }
 // EncodeTrustStoreEntries produces pfxData containing any number of CA
 // certificates (entries) to be trusted. The certificates will be marked with a
 // special OID that allow it to be used as a Java TrustStore in Java 1.8 and newer.
 //
 // This is identical to [Encoder.EncodeTrustStore], but also allows for setting specific
 // Friendly Names (Aliases) to be used per certificate, by specifying a slice
 // of TrustStoreEntry.
 //
 // If the same Friendly Name is used for more than one certificate, then the
 // resulting Friendly Names (Aliases) in the pfxData will be identical, which Java
 // may treat as the same entry when used as a Java TrustStore, e.g. with `keytool`.
 //
 // EncodeTrustStoreEntries creates a single SafeContents that's optionally
 // encrypted and contains the certificates.
 func (enc *Encoder) EncodeTrustStoreEntries(entries []TrustStoreEntry, password string) (pfxData []byte, err error) {
 	if enc.macAlgorithm == nil && enc.certAlgorithm == nil && password != "" {
 		return nil, errors.New("password must be empty")
 	}
 	encodedPassword, err := bmpStringZeroTerminated(password)
 	if err != nil {
 		return nil, err
 	}
@@ -798,54 +561,16 @@ func (enc *Encoder) EncodeTrustStoreEntries(entries []TrustStoreEntry, password
 	var pfx pfxPdu
 	pfx.Version = 3
-	var certAttributes []pkcs12Attribute
+	// Setting this attribute will make the certificates trusted in Java >= 1.8
-
+	var javaTrustStoreAttr pkcs12Attribute
-	extKeyUsageOidBytes, err := asn1.Marshal(oidAnyExtendedKeyUsage)
+	javaTrustStoreAttr.Id = oidJavaTrustStore
-	if err != nil {
+	javaTrustStoreAttr.Value.Class = 0
-		return nil, err
+	javaTrustStoreAttr.Value.Tag = 17
-	}
+	javaTrustStoreAttr.Value.IsCompound = true
 	// the oidJavaTrustStore attribute contains the EKUs for which
 	// this trust anchor will be valid
 	certAttributes = append(certAttributes, pkcs12Attribute{
 		Id: oidJavaTrustStore,
 		Value: asn1.RawValue{
 			Class:      0,
 			Tag:        17,
 			IsCompound: true,
 			Bytes:      extKeyUsageOidBytes,
 		},
 	})
 	var certBags []safeBag
-	for _, entry := range entries {
+	for _, cert := range certs {
-
+		certBag, err := makeCertBag(cert.Raw, []pkcs12Attribute{javaTrustStoreAttr})
 		bmpFriendlyName, err := bmpString(entry.FriendlyName)
 		if err != nil {
 			return nil, err
 		}
 		encodedFriendlyName, err := asn1.Marshal(asn1.RawValue{
 			Class:      0,
 			Tag:        30,
 			IsCompound: false,
 			Bytes:      bmpFriendlyName,
 		})
 		if err != nil {
 			return nil, err
 		}
 		friendlyName := pkcs12Attribute{
 			Id: oidFriendlyName,
 			Value: asn1.RawValue{
 				Class:      0,
 				Tag:        17,
 				IsCompound: true,
 				Bytes:      encodedFriendlyName,
 			},
 		}
 		certBag, err := makeCertBag(entry.Cert.Raw, append(certAttributes, friendlyName))
 		if err != nil {
 			return nil, err
 		}
@@ -853,9 +578,9 @@ func (enc *Encoder) EncodeTrustStoreEntries(entries []TrustStoreEntry, password
 	}
 	// Construct an authenticated safe with one SafeContent.
-	// The SafeContents is contains the cert bags.
+	// The SafeContents is encrypted and contains the cert bags.
 	var authenticatedSafe [1]contentInfo
-	if authenticatedSafe[0], err = makeSafeContents(enc.rand, certBags, enc.certAlgorithm, encodedPassword, enc.encryptionIterations, enc.saltLen); err != nil {
+	if authenticatedSafe[0], err = makeSafeContents(rand, certBags, encodedPassword); err != nil {
 		return nil, err
 	}
@@ -864,17 +589,15 @@ func (enc *Encoder) EncodeTrustStoreEntries(entries []TrustStoreEntry, password
 		return nil, err
 	}
-	if enc.macAlgorithm != nil {
+	// compute the MAC
-		// compute the MAC
+	pfx.MacData.Mac.Algorithm.Algorithm = oidSHA1
-		pfx.MacData.Mac.Algorithm.Algorithm = enc.macAlgorithm
+	pfx.MacData.MacSalt = make([]byte, 8)
-		pfx.MacData.MacSalt = make([]byte, enc.saltLen)
+	if _, err = rand.Read(pfx.MacData.MacSalt); err != nil {
-		if _, err = enc.rand.Read(pfx.MacData.MacSalt); err != nil {
+		return nil, err
-			return nil, err
+	}
-		}
+	pfx.MacData.Iterations = 1
-		pfx.MacData.Iterations = enc.macIterations
+	if err = computeMac(&pfx.MacData, authenticatedSafeBytes, encodedPassword); err != nil {
-		if err = computeMac(&pfx.MacData, authenticatedSafeBytes, encodedPassword); err != nil {
+		return nil, err
 			return nil, err
 		}
 	}
 	pfx.AuthSafe.ContentType = oidDataContentType
@@ -904,13 +627,13 @@ func makeCertBag(certBytes []byte, attributes []pkcs12Attribute) (certBag *safeB
 	return
 }
-func makeSafeContents(rand io.Reader, bags []safeBag, algoID asn1.ObjectIdentifier, password []byte, iterations int, saltLen int) (ci contentInfo, err error) {
+func makeSafeContents(rand io.Reader, bags []safeBag, password []byte) (ci contentInfo, err error) {
 	var data []byte
 	if data, err = asn1.Marshal(bags); err != nil {
 		return
 	}
-	if algoID == nil {
+	if password == nil {
 		ci.ContentType = oidDataContentType
 		ci.Content.Class = 2
 		ci.Content.Tag = 0
@@ -919,21 +642,15 @@ func makeSafeContents(rand io.Reader, bags []safeBag, algoID asn1.ObjectIdentifi
 			return
 		}
 	} else {
-		randomSalt := make([]byte, saltLen)
+		randomSalt := make([]byte, 8)
 		if _, err = rand.Read(randomSalt); err != nil {
 			return
 		}
 		var algo pkix.AlgorithmIdentifier
-		algo.Algorithm = algoID
+		algo.Algorithm = oidPBEWithSHAAnd40BitRC2CBC
-		if algoID.Equal(oidPBES2) {
+		if algo.Parameters.FullBytes, err = asn1.Marshal(pbeParams{Salt: randomSalt, Iterations: 2048}); err != nil {
-			if algo.Parameters.FullBytes, err = makePBES2Parameters(rand, randomSalt, iterations); err != nil {
+			return
 				return
 			}
 		} else {
 			if algo.Parameters.FullBytes, err = asn1.Marshal(pbeParams{Salt: randomSalt, Iterations: iterations}); err != nil {
 				return
 			}
 		}
 		var encryptedData encryptedData
--- a/vendor/software.sslmate.com/src/go-pkcs12/safebags.go
+++ b/vendor/software.sslmate.com/src/go-pkcs12/safebags.go
@@ -15,7 +15,6 @@ import (
 var (
 	// see https://tools.ietf.org/html/rfc7292#appendix-D
 	oidCertTypeX509Certificate = asn1.ObjectIdentifier([]int{1, 2, 840, 113549, 1, 9, 22, 1})
 	oidKeyBag                  = asn1.ObjectIdentifier([]int{1, 2, 840, 113549, 1, 12, 10, 1, 1})
 	oidPKCS8ShroundedKeyBag    = asn1.ObjectIdentifier([]int{1, 2, 840, 113549, 1, 12, 10, 1, 2})
 	oidCertBag                 = asn1.ObjectIdentifier([]int{1, 2, 840, 113549, 1, 12, 10, 1, 3})
 )
@@ -48,30 +47,23 @@ func decodePkcs8ShroudedKeyBag(asn1Data, password []byte) (privateKey interface{
 	return privateKey, nil
 }
-func encodePkcs8ShroudedKeyBag(rand io.Reader, privateKey interface{}, algoID asn1.ObjectIdentifier, password []byte, iterations int, saltLen int) (asn1Data []byte, err error) {
+func encodePkcs8ShroudedKeyBag(rand io.Reader, privateKey interface{}, password []byte) (asn1Data []byte, err error) {
 	var pkData []byte
 	if pkData, err = x509.MarshalPKCS8PrivateKey(privateKey); err != nil {
 		return nil, errors.New("pkcs12: error encoding PKCS#8 private key: " + err.Error())
 	}
-	randomSalt := make([]byte, saltLen)
+	randomSalt := make([]byte, 8)
 	if _, err = rand.Read(randomSalt); err != nil {
 		return nil, errors.New("pkcs12: error reading random salt: " + err.Error())
 	}
 	var paramBytes []byte
-	if algoID.Equal(oidPBES2) {
+	if paramBytes, err = asn1.Marshal(pbeParams{Salt: randomSalt, Iterations: 2048}); err != nil {
-		if paramBytes, err = makePBES2Parameters(rand, randomSalt, iterations); err != nil {
+		return nil, errors.New("pkcs12: error encoding params: " + err.Error())
 			return nil, errors.New("pkcs12: error encoding params: " + err.Error())
 		}
 	} else {
 		if paramBytes, err = asn1.Marshal(pbeParams{Salt: randomSalt, Iterations: iterations}); err != nil {
 			return nil, errors.New("pkcs12: error encoding params: " + err.Error())
 		}
 	}
 	var pkinfo encryptedPrivateKeyInfo
-	pkinfo.AlgorithmIdentifier.Algorithm = algoID
+	pkinfo.AlgorithmIdentifier.Algorithm = oidPBEWithSHAAnd3KeyTripleDESCBC
 	pkinfo.AlgorithmIdentifier.Parameters.FullBytes = paramBytes
 	if err = pbEncrypt(&pkinfo, pkData, password); err != nil {