diff --git a/go.mod b/go.mod
index f2bd093067b..b200793e18e 100644
--- a/go.mod
+++ b/go.mod
@@ -26,7 +26,7 @@ require (
 	github.com/grafana/e2e v0.1.2-0.20240118170847-db90b84177fc
 	github.com/hashicorp/golang-lru v1.0.2 // indirect
 	github.com/json-iterator/go v1.1.12
-	github.com/minio/minio-go/v7 v7.0.82
+	github.com/minio/minio-go/v7 v7.0.83
 	github.com/mitchellh/go-wordwrap v1.0.1
 	github.com/oklog/ulid v1.3.1
 	github.com/opentracing-contrib/go-grpc v0.1.0
@@ -113,7 +113,7 @@ require (
 	github.com/go-jose/go-jose/v4 v4.0.1 // indirect
 	github.com/go-ole/go-ole v1.2.6 // indirect
 	github.com/go-test/deep v1.1.0 // indirect
-	github.com/goccy/go-json v0.10.3 // indirect
+	github.com/goccy/go-json v0.10.4 // indirect
 	github.com/golang-jwt/jwt/v5 v5.2.1 // indirect
 	github.com/golang/glog v1.2.2 // indirect
 	github.com/google/gnostic-models v0.6.8 // indirect
@@ -232,7 +232,7 @@ require (
 	github.com/jpillora/backoff v1.0.0 // indirect
 	github.com/julienschmidt/httprouter v1.3.0 // indirect
 	github.com/klauspost/compress v1.17.11
-	github.com/klauspost/cpuid/v2 v2.2.8 // indirect
+	github.com/klauspost/cpuid/v2 v2.2.9 // indirect
 	github.com/kylelemons/godebug v1.1.0 // indirect
 	github.com/mailru/easyjson v0.7.7 // indirect
 	github.com/mattn/go-colorable v0.1.13 // indirect
diff --git a/go.sum b/go.sum
index 918a1ec5fb7..836a7c93178 100644
--- a/go.sum
+++ b/go.sum
@@ -1100,8 +1100,8 @@ github.com/gobwas/ws v1.1.0-rc.5/go.mod h1:nzvNcVha5eUziGrbxFCo6qFIojQHjJV5cLYIb
 github.com/gobwas/ws v1.2.1 h1:F2aeBZrm2NDsc7vbovKrWSogd4wvfAxg0FQ89/iqOTk=
 github.com/gobwas/ws v1.2.1/go.mod h1:hRKAFb8wOxFROYNsT1bqfWnhX+b5MFeJM9r2ZSwg/KY=
 github.com/goccy/go-json v0.9.11/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I=
-github.com/goccy/go-json v0.10.3 h1:KZ5WoDbxAIgm2HNbYckL0se1fHD6rz5j4ywS6ebzDqA=
-github.com/goccy/go-json v0.10.3/go.mod h1:oq7eo15ShAhp70Anwd5lgX2pLfOS3QCiwU/PULtXL6M=
+github.com/goccy/go-json v0.10.4 h1:JSwxQzIqKfmFX1swYPpUThQZp/Ka4wzJdK0LWVytLPM=
+github.com/goccy/go-json v0.10.4/go.mod h1:oq7eo15ShAhp70Anwd5lgX2pLfOS3QCiwU/PULtXL6M=
 github.com/goccy/go-yaml v1.9.5/go.mod h1:U/jl18uSupI5rdI2jmuCswEA2htH9eXfferR3KfscvA=
 github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
 github.com/gofrs/flock v0.8.1 h1:+gYjHKf32LDeiEEFhQaotPbLuUXjY5ZqxKgXy7n59aw=
@@ -1430,8 +1430,8 @@ github.com/klauspost/compress v1.17.11 h1:In6xLpyWOi1+C7tXUUWv2ot1QvBjxevKAaI6IX
 github.com/klauspost/compress v1.17.11/go.mod h1:pMDklpSncoRMuLFrf1W9Ss9KT+0rH90U12bZKk7uwG0=
 github.com/klauspost/cpuid/v2 v2.0.1/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg=
 github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg=
-github.com/klauspost/cpuid/v2 v2.2.8 h1:+StwCXwm9PdpiEkPyzBXIy+M9KUb4ODm0Zarf1kS5BM=
-github.com/klauspost/cpuid/v2 v2.2.8/go.mod h1:Lcz8mBdAVJIBVzewtcLocK12l3Y+JytZYpaMropDUws=
+github.com/klauspost/cpuid/v2 v2.2.9 h1:66ze0taIn2H33fBvCkXuv9BmCwDfafmiIVpKV9kKGuY=
+github.com/klauspost/cpuid/v2 v2.2.9/go.mod h1:rqkxqrZ1EhYM9G+hXH7YdowN5R5RGN6NK4QwQ3WMXF8=
 github.com/kolo/xmlrpc v0.0.0-20220921171641-a4b6fa1dd06b h1:udzkj9S/zlT5X367kqJis0QP7YMxobob6zhzq6Yre00=
 github.com/kolo/xmlrpc v0.0.0-20220921171641-a4b6fa1dd06b/go.mod h1:pcaDhQK0/NJZEvtCO0qQPPropqV0sJOJ6YW7X+9kRwM=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
@@ -1498,8 +1498,8 @@ github.com/minio/asm2plan9s v0.0.0-20200509001527-cdd76441f9d8/go.mod h1:mC1jAcs
 github.com/minio/c2goasm v0.0.0-20190812172519-36a3d3bbc4f3/go.mod h1:RagcQ7I8IeTMnF8JTXieKnO4Z6JCsikNEzj0DwauVzE=
 github.com/minio/md5-simd v1.1.2 h1:Gdi1DZK69+ZVMoNHRXJyNcxrMA4dSxoYHZSQbirFg34=
 github.com/minio/md5-simd v1.1.2/go.mod h1:MzdKDxYpY2BT9XQFocsiZf/NKVtR7nkE4RoEpN+20RM=
-github.com/minio/minio-go/v7 v7.0.82 h1:tWfICLhmp2aFPXL8Tli0XDTHj2VB/fNf0PC1f/i1gRo=
-github.com/minio/minio-go/v7 v7.0.82/go.mod h1:84gmIilaX4zcvAWWzJ5Z1WI5axN+hAbM5w25xf8xvC0=
+github.com/minio/minio-go/v7 v7.0.83 h1:W4Kokksvlz3OKf3OqIlzDNKd4MERlC2oN8YptwJ0+GA=
+github.com/minio/minio-go/v7 v7.0.83/go.mod h1:57YXpvc5l3rjPdhqNrDsvVlY0qPI6UTk1bflAe+9doY=
 github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc=
 github.com/mitchellh/cli v1.1.0/go.mod h1:xcISNoH86gajksDmfB23e/pu+B+GeFRMYmoHXxx3xhI=
 github.com/mitchellh/colorstring v0.0.0-20190213212951-d06e56a500db h1:62I3jR2EmQ4l5rM/4FEfDWcRD+abF5XlKShorW5LRoQ=
diff --git a/vendor/github.com/goccy/go-json/internal/decoder/compile.go b/vendor/github.com/goccy/go-json/internal/decoder/compile.go
index fab6437647b..8ad50936c0c 100644
--- a/vendor/github.com/goccy/go-json/internal/decoder/compile.go
+++ b/vendor/github.com/goccy/go-json/internal/decoder/compile.go
@@ -5,6 +5,7 @@ import (
 	"fmt"
 	"reflect"
 	"strings"
+	"sync"
 	"sync/atomic"
 	"unicode"
 	"unsafe"
@@ -17,22 +18,27 @@ var (
 	typeAddr         *runtime.TypeAddr
 	cachedDecoderMap unsafe.Pointer // map[uintptr]decoder
 	cachedDecoder    []Decoder
+	initOnce         sync.Once
 )
 
-func init() {
-	typeAddr = runtime.AnalyzeTypeAddr()
-	if typeAddr == nil {
-		typeAddr = &runtime.TypeAddr{}
-	}
-	cachedDecoder = make([]Decoder, typeAddr.AddrRange>>typeAddr.AddrShift+1)
+func initDecoder() {
+	initOnce.Do(func() {
+		typeAddr = runtime.AnalyzeTypeAddr()
+		if typeAddr == nil {
+			typeAddr = &runtime.TypeAddr{}
+		}
+		cachedDecoder = make([]Decoder, typeAddr.AddrRange>>typeAddr.AddrShift+1)
+	})
 }
 
 func loadDecoderMap() map[uintptr]Decoder {
+	initDecoder()
 	p := atomic.LoadPointer(&cachedDecoderMap)
 	return *(*map[uintptr]Decoder)(unsafe.Pointer(&p))
 }
 
 func storeDecoder(typ uintptr, dec Decoder, m map[uintptr]Decoder) {
+	initDecoder()
 	newDecoderMap := make(map[uintptr]Decoder, len(m)+1)
 	newDecoderMap[typ] = dec
 
diff --git a/vendor/github.com/goccy/go-json/internal/decoder/compile_norace.go b/vendor/github.com/goccy/go-json/internal/decoder/compile_norace.go
index eb7e2b1345d..025ca85b5e2 100644
--- a/vendor/github.com/goccy/go-json/internal/decoder/compile_norace.go
+++ b/vendor/github.com/goccy/go-json/internal/decoder/compile_norace.go
@@ -10,6 +10,7 @@ import (
 )
 
 func CompileToGetDecoder(typ *runtime.Type) (Decoder, error) {
+	initDecoder()
 	typeptr := uintptr(unsafe.Pointer(typ))
 	if typeptr > typeAddr.MaxTypeAddr {
 		return compileToGetDecoderSlowPath(typeptr, typ)
diff --git a/vendor/github.com/goccy/go-json/internal/decoder/compile_race.go b/vendor/github.com/goccy/go-json/internal/decoder/compile_race.go
index 49cdda4a172..023b817c368 100644
--- a/vendor/github.com/goccy/go-json/internal/decoder/compile_race.go
+++ b/vendor/github.com/goccy/go-json/internal/decoder/compile_race.go
@@ -13,6 +13,7 @@ import (
 var decMu sync.RWMutex
 
 func CompileToGetDecoder(typ *runtime.Type) (Decoder, error) {
+	initDecoder()
 	typeptr := uintptr(unsafe.Pointer(typ))
 	if typeptr > typeAddr.MaxTypeAddr {
 		return compileToGetDecoderSlowPath(typeptr, typ)
diff --git a/vendor/github.com/goccy/go-json/internal/encoder/compiler.go b/vendor/github.com/goccy/go-json/internal/encoder/compiler.go
index 37b7aa38e26..b107636890a 100644
--- a/vendor/github.com/goccy/go-json/internal/encoder/compiler.go
+++ b/vendor/github.com/goccy/go-json/internal/encoder/compiler.go
@@ -5,6 +5,7 @@ import (
 	"encoding"
 	"encoding/json"
 	"reflect"
+	"sync"
 	"sync/atomic"
 	"unsafe"
 
@@ -24,14 +25,17 @@ var (
 	cachedOpcodeSets       []*OpcodeSet
 	cachedOpcodeMap        unsafe.Pointer // map[uintptr]*OpcodeSet
 	typeAddr               *runtime.TypeAddr
+	initEncoderOnce        sync.Once
 )
 
-func init() {
-	typeAddr = runtime.AnalyzeTypeAddr()
-	if typeAddr == nil {
-		typeAddr = &runtime.TypeAddr{}
-	}
-	cachedOpcodeSets = make([]*OpcodeSet, typeAddr.AddrRange>>typeAddr.AddrShift+1)
+func initEncoder() {
+	initEncoderOnce.Do(func() {
+		typeAddr = runtime.AnalyzeTypeAddr()
+		if typeAddr == nil {
+			typeAddr = &runtime.TypeAddr{}
+		}
+		cachedOpcodeSets = make([]*OpcodeSet, typeAddr.AddrRange>>typeAddr.AddrShift+1)
+	})
 }
 
 func loadOpcodeMap() map[uintptr]*OpcodeSet {
diff --git a/vendor/github.com/goccy/go-json/internal/encoder/compiler_norace.go b/vendor/github.com/goccy/go-json/internal/encoder/compiler_norace.go
index 20c93cbf709..b6f45a49b0e 100644
--- a/vendor/github.com/goccy/go-json/internal/encoder/compiler_norace.go
+++ b/vendor/github.com/goccy/go-json/internal/encoder/compiler_norace.go
@@ -4,6 +4,7 @@
 package encoder
 
 func CompileToGetCodeSet(ctx *RuntimeContext, typeptr uintptr) (*OpcodeSet, error) {
+	initEncoder()
 	if typeptr > typeAddr.MaxTypeAddr || typeptr < typeAddr.BaseTypeAddr {
 		codeSet, err := compileToGetCodeSetSlowPath(typeptr)
 		if err != nil {
diff --git a/vendor/github.com/goccy/go-json/internal/encoder/compiler_race.go b/vendor/github.com/goccy/go-json/internal/encoder/compiler_race.go
index 13ba23fdff8..47b482f7fb6 100644
--- a/vendor/github.com/goccy/go-json/internal/encoder/compiler_race.go
+++ b/vendor/github.com/goccy/go-json/internal/encoder/compiler_race.go
@@ -10,6 +10,7 @@ import (
 var setsMu sync.RWMutex
 
 func CompileToGetCodeSet(ctx *RuntimeContext, typeptr uintptr) (*OpcodeSet, error) {
+	initEncoder()
 	if typeptr > typeAddr.MaxTypeAddr || typeptr < typeAddr.BaseTypeAddr {
 		codeSet, err := compileToGetCodeSetSlowPath(typeptr)
 		if err != nil {
diff --git a/vendor/github.com/goccy/go-json/internal/encoder/encoder.go b/vendor/github.com/goccy/go-json/internal/encoder/encoder.go
index 14eb6a0d643..b436f5b21ff 100644
--- a/vendor/github.com/goccy/go-json/internal/encoder/encoder.go
+++ b/vendor/github.com/goccy/go-json/internal/encoder/encoder.go
@@ -406,6 +406,11 @@ func AppendMarshalJSON(ctx *RuntimeContext, code *Opcode, b []byte, v interface{
 			rv = newV
 		}
 	}
+
+	if rv.Kind() == reflect.Ptr && rv.IsNil() {
+		return AppendNull(ctx, b), nil
+	}
+
 	v = rv.Interface()
 	var bb []byte
 	if (code.Flags & MarshalerContextFlags) != 0 {
diff --git a/vendor/github.com/klauspost/cpuid/v2/README.md b/vendor/github.com/klauspost/cpuid/v2/README.md
index 21508edbdb3..f06ba51c56b 100644
--- a/vendor/github.com/klauspost/cpuid/v2/README.md
+++ b/vendor/github.com/klauspost/cpuid/v2/README.md
@@ -281,6 +281,7 @@ Exit Code 1
 | AMXBF16            | Tile computational operations on BFLOAT16 numbers                                                                                                                                  |
 | AMXINT8            | Tile computational operations on 8-bit integers                                                                                                                                    |
 | AMXFP16            | Tile computational operations on FP16 numbers                                                                                                                                      |
+| AMXFP8             | Tile computational operations on FP8 numbers                                                                                                                                      |
 | AMXTILE            | Tile architecture                                                                                                                                                                  |
 | APX_F              | Intel APX                                                                                                                                                                          |
 | AVX                | AVX functions                                                                                                                                                                      |
diff --git a/vendor/github.com/klauspost/cpuid/v2/cpuid.go b/vendor/github.com/klauspost/cpuid/v2/cpuid.go
index 53bc18ca719..db99eb62f7b 100644
--- a/vendor/github.com/klauspost/cpuid/v2/cpuid.go
+++ b/vendor/github.com/klauspost/cpuid/v2/cpuid.go
@@ -55,6 +55,12 @@ const (
 	Qualcomm
 	Marvell
 
+	QEMU
+	QNX
+	ACRN
+	SRE
+	Apple
+
 	lastVendor
 )
 
@@ -75,6 +81,7 @@ const (
 	AMXBF16                              // Tile computational operations on BFLOAT16 numbers
 	AMXFP16                              // Tile computational operations on FP16 numbers
 	AMXINT8                              // Tile computational operations on 8-bit integers
+	AMXFP8                               // Tile computational operations on FP8 numbers
 	AMXTILE                              // Tile architecture
 	APX_F                                // Intel APX
 	AVX                                  // AVX functions
@@ -296,20 +303,22 @@ const (
 
 // CPUInfo contains information about the detected system CPU.
 type CPUInfo struct {
-	BrandName      string  // Brand name reported by the CPU
-	VendorID       Vendor  // Comparable CPU vendor ID
-	VendorString   string  // Raw vendor string.
-	featureSet     flagSet // Features of the CPU
-	PhysicalCores  int     // Number of physical processor cores in your CPU. Will be 0 if undetectable.
-	ThreadsPerCore int     // Number of threads per physical core. Will be 1 if undetectable.
-	LogicalCores   int     // Number of physical cores times threads that can run on each core through the use of hyperthreading. Will be 0 if undetectable.
-	Family         int     // CPU family number
-	Model          int     // CPU model number
-	Stepping       int     // CPU stepping info
-	CacheLine      int     // Cache line size in bytes. Will be 0 if undetectable.
-	Hz             int64   // Clock speed, if known, 0 otherwise. Will attempt to contain base clock speed.
-	BoostFreq      int64   // Max clock speed, if known, 0 otherwise
-	Cache          struct {
+	BrandName              string  // Brand name reported by the CPU
+	VendorID               Vendor  // Comparable CPU vendor ID
+	VendorString           string  // Raw vendor string.
+	HypervisorVendorID     Vendor  // Hypervisor vendor
+	HypervisorVendorString string  // Raw hypervisor vendor string
+	featureSet             flagSet // Features of the CPU
+	PhysicalCores          int     // Number of physical processor cores in your CPU. Will be 0 if undetectable.
+	ThreadsPerCore         int     // Number of threads per physical core. Will be 1 if undetectable.
+	LogicalCores           int     // Number of physical cores times threads that can run on each core through the use of hyperthreading. Will be 0 if undetectable.
+	Family                 int     // CPU family number
+	Model                  int     // CPU model number
+	Stepping               int     // CPU stepping info
+	CacheLine              int     // Cache line size in bytes. Will be 0 if undetectable.
+	Hz                     int64   // Clock speed, if known, 0 otherwise. Will attempt to contain base clock speed.
+	BoostFreq              int64   // Max clock speed, if known, 0 otherwise
+	Cache                  struct {
 		L1I int // L1 Instruction Cache (per core or shared). Will be -1 if undetected
 		L1D int // L1 Data Cache (per core or shared). Will be -1 if undetected
 		L2  int // L2 Cache (per core or shared). Will be -1 if undetected
@@ -318,8 +327,9 @@ type CPUInfo struct {
 	SGX              SGXSupport
 	AMDMemEncryption AMDMemEncryptionSupport
 	AVX10Level       uint8
-	maxFunc          uint32
-	maxExFunc        uint32
+
+	maxFunc   uint32
+	maxExFunc uint32
 }
 
 var cpuid func(op uint32) (eax, ebx, ecx, edx uint32)
@@ -503,7 +513,7 @@ func (c CPUInfo) FeatureSet() []string {
 // Uses the RDTSCP instruction. The value 0 is returned
 // if the CPU does not support the instruction.
 func (c CPUInfo) RTCounter() uint64 {
-	if !c.Supports(RDTSCP) {
+	if !c.Has(RDTSCP) {
 		return 0
 	}
 	a, _, _, d := rdtscpAsm()
@@ -515,13 +525,22 @@ func (c CPUInfo) RTCounter() uint64 {
 // about the current cpu/core the code is running on.
 // If the RDTSCP instruction isn't supported on the CPU, the value 0 is returned.
 func (c CPUInfo) Ia32TscAux() uint32 {
-	if !c.Supports(RDTSCP) {
+	if !c.Has(RDTSCP) {
 		return 0
 	}
 	_, _, ecx, _ := rdtscpAsm()
 	return ecx
 }
 
+// SveLengths returns arm SVE vector and predicate lengths.
+// Will return 0, 0 if SVE is not enabled or otherwise unable to detect.
+func (c CPUInfo) SveLengths() (vl, pl uint64) {
+	if !c.Has(SVE) {
+		return 0, 0
+	}
+	return getVectorLength()
+}
+
 // LogicalCPU will return the Logical CPU the code is currently executing on.
 // This is likely to change when the OS re-schedules the running thread
 // to another CPU.
@@ -781,11 +800,16 @@ func threadsPerCore() int {
 	_, b, _, _ := cpuidex(0xb, 0)
 	if b&0xffff == 0 {
 		if vend == AMD {
-			// Workaround for AMD returning 0, assume 2 if >= Zen 2
-			// It will be more correct than not.
+			// if >= Zen 2 0x8000001e EBX 15-8 bits means threads per core.
+			// The number of threads per core is ThreadsPerCore+1
+			// See PPR for AMD Family 17h Models 00h-0Fh (page 82)
 			fam, _, _ := familyModel()
 			_, _, _, d := cpuid(1)
 			if (d&(1<<28)) != 0 && fam >= 23 {
+				if maxExtendedFunction() >= 0x8000001e {
+					_, b, _, _ := cpuid(0x8000001e)
+					return int((b>>8)&0xff) + 1
+				}
 				return 2
 			}
 		}
@@ -877,7 +901,9 @@ var vendorMapping = map[string]Vendor{
 	"GenuineTMx86": Transmeta,
 	"Geode by NSC": NSC,
 	"VIA VIA VIA ": VIA,
-	"KVMKVMKVMKVM": KVM,
+	"KVMKVMKVM":    KVM,
+	"Linux KVM Hv": KVM,
+	"TCGTCGTCGTCG": QEMU,
 	"Microsoft Hv": MSVM,
 	"VMwareVMware": VMware,
 	"XenVMMXenVMM": XenHVM,
@@ -887,6 +913,10 @@ var vendorMapping = map[string]Vendor{
 	"SiS SiS SiS ": SiS,
 	"RiseRiseRise": SiS,
 	"Genuine  RDC": RDC,
+	"QNXQVMBSQG":   QNX,
+	"ACRNACRNACRN": ACRN,
+	"SRESRESRESRE": SRE,
+	"Apple VZ":     Apple,
 }
 
 func vendorID() (Vendor, string) {
@@ -899,6 +929,17 @@ func vendorID() (Vendor, string) {
 	return vend, v
 }
 
+func hypervisorVendorID() (Vendor, string) {
+	// https://lwn.net/Articles/301888/
+	_, b, c, d := cpuid(0x40000000)
+	v := string(valAsString(b, c, d))
+	vend, ok := vendorMapping[v]
+	if !ok {
+		return VendorUnknown, v
+	}
+	return vend, v
+}
+
 func cacheLine() int {
 	if maxFunctionID() < 0x1 {
 		return 0
@@ -1271,6 +1312,7 @@ func support() flagSet {
 				fs.setIf(ebx&(1<<31) != 0, AVX512VL)
 				// ecx
 				fs.setIf(ecx&(1<<1) != 0, AVX512VBMI)
+				fs.setIf(ecx&(1<<3) != 0, AMXFP8)
 				fs.setIf(ecx&(1<<6) != 0, AVX512VBMI2)
 				fs.setIf(ecx&(1<<11) != 0, AVX512VNNI)
 				fs.setIf(ecx&(1<<12) != 0, AVX512BITALG)
diff --git a/vendor/github.com/klauspost/cpuid/v2/cpuid_arm64.s b/vendor/github.com/klauspost/cpuid/v2/cpuid_arm64.s
index b31d6aec43f..b196f78eb44 100644
--- a/vendor/github.com/klauspost/cpuid/v2/cpuid_arm64.s
+++ b/vendor/github.com/klauspost/cpuid/v2/cpuid_arm64.s
@@ -24,3 +24,13 @@ TEXT ·getInstAttributes(SB), 7, $0
 	MOVD R1, instAttrReg1+8(FP)
 	RET
 
+TEXT ·getVectorLength(SB), 7, $0
+	WORD $0xd2800002  // mov   x2, #0
+	WORD $0x04225022  // addvl x2, x2, #1
+	WORD $0xd37df042  // lsl   x2, x2, #3
+	WORD $0xd2800003  // mov   x3, #0
+	WORD $0x04635023  // addpl x3, x3, #1
+	WORD $0xd37df063  // lsl   x3, x3, #3
+	MOVD R2, vl+0(FP)
+	MOVD R3, pl+8(FP)
+	RET
diff --git a/vendor/github.com/klauspost/cpuid/v2/detect_arm64.go b/vendor/github.com/klauspost/cpuid/v2/detect_arm64.go
index 9a53504a042..566743d2204 100644
--- a/vendor/github.com/klauspost/cpuid/v2/detect_arm64.go
+++ b/vendor/github.com/klauspost/cpuid/v2/detect_arm64.go
@@ -10,6 +10,7 @@ import "runtime"
 func getMidr() (midr uint64)
 func getProcFeatures() (procFeatures uint64)
 func getInstAttributes() (instAttrReg0, instAttrReg1 uint64)
+func getVectorLength() (vl, pl uint64)
 
 func initCPU() {
 	cpuid = func(uint32) (a, b, c, d uint32) { return 0, 0, 0, 0 }
@@ -24,7 +25,7 @@ func addInfo(c *CPUInfo, safe bool) {
 	detectOS(c)
 
 	// ARM64 disabled since it may crash if interrupt is not intercepted by OS.
-	if safe && !c.Supports(ARMCPUID) && runtime.GOOS != "freebsd" {
+	if safe && !c.Has(ARMCPUID) && runtime.GOOS != "freebsd" {
 		return
 	}
 	midr := getMidr()
diff --git a/vendor/github.com/klauspost/cpuid/v2/detect_ref.go b/vendor/github.com/klauspost/cpuid/v2/detect_ref.go
index 9636c2bc17c..574f9389c07 100644
--- a/vendor/github.com/klauspost/cpuid/v2/detect_ref.go
+++ b/vendor/github.com/klauspost/cpuid/v2/detect_ref.go
@@ -10,6 +10,8 @@ func initCPU() {
 	cpuidex = func(x, y uint32) (a, b, c, d uint32) { return 0, 0, 0, 0 }
 	xgetbv = func(uint32) (a, b uint32) { return 0, 0 }
 	rdtscpAsm = func() (a, b, c, d uint32) { return 0, 0, 0, 0 }
+
 }
 
 func addInfo(info *CPUInfo, safe bool) {}
+func getVectorLength() (vl, pl uint64) { return 0, 0 }
diff --git a/vendor/github.com/klauspost/cpuid/v2/detect_x86.go b/vendor/github.com/klauspost/cpuid/v2/detect_x86.go
index 799b400c2ec..f924c9d8399 100644
--- a/vendor/github.com/klauspost/cpuid/v2/detect_x86.go
+++ b/vendor/github.com/klauspost/cpuid/v2/detect_x86.go
@@ -32,7 +32,10 @@ func addInfo(c *CPUInfo, safe bool) {
 	c.LogicalCores = logicalCores()
 	c.PhysicalCores = physicalCores()
 	c.VendorID, c.VendorString = vendorID()
+	c.HypervisorVendorID, c.HypervisorVendorString = hypervisorVendorID()
 	c.AVX10Level = c.supportAVX10()
 	c.cacheSize()
 	c.frequencies()
 }
+
+func getVectorLength() (vl, pl uint64) { return 0, 0 }
diff --git a/vendor/github.com/klauspost/cpuid/v2/featureid_string.go b/vendor/github.com/klauspost/cpuid/v2/featureid_string.go
index 3a256031039..e7f874a7e8d 100644
--- a/vendor/github.com/klauspost/cpuid/v2/featureid_string.go
+++ b/vendor/github.com/klauspost/cpuid/v2/featureid_string.go
@@ -15,224 +15,225 @@ func _() {
 	_ = x[AMXBF16-5]
 	_ = x[AMXFP16-6]
 	_ = x[AMXINT8-7]
-	_ = x[AMXTILE-8]
-	_ = x[APX_F-9]
-	_ = x[AVX-10]
-	_ = x[AVX10-11]
-	_ = x[AVX10_128-12]
-	_ = x[AVX10_256-13]
-	_ = x[AVX10_512-14]
-	_ = x[AVX2-15]
-	_ = x[AVX512BF16-16]
-	_ = x[AVX512BITALG-17]
-	_ = x[AVX512BW-18]
-	_ = x[AVX512CD-19]
-	_ = x[AVX512DQ-20]
-	_ = x[AVX512ER-21]
-	_ = x[AVX512F-22]
-	_ = x[AVX512FP16-23]
-	_ = x[AVX512IFMA-24]
-	_ = x[AVX512PF-25]
-	_ = x[AVX512VBMI-26]
-	_ = x[AVX512VBMI2-27]
-	_ = x[AVX512VL-28]
-	_ = x[AVX512VNNI-29]
-	_ = x[AVX512VP2INTERSECT-30]
-	_ = x[AVX512VPOPCNTDQ-31]
-	_ = x[AVXIFMA-32]
-	_ = x[AVXNECONVERT-33]
-	_ = x[AVXSLOW-34]
-	_ = x[AVXVNNI-35]
-	_ = x[AVXVNNIINT8-36]
-	_ = x[AVXVNNIINT16-37]
-	_ = x[BHI_CTRL-38]
-	_ = x[BMI1-39]
-	_ = x[BMI2-40]
-	_ = x[CETIBT-41]
-	_ = x[CETSS-42]
-	_ = x[CLDEMOTE-43]
-	_ = x[CLMUL-44]
-	_ = x[CLZERO-45]
-	_ = x[CMOV-46]
-	_ = x[CMPCCXADD-47]
-	_ = x[CMPSB_SCADBS_SHORT-48]
-	_ = x[CMPXCHG8-49]
-	_ = x[CPBOOST-50]
-	_ = x[CPPC-51]
-	_ = x[CX16-52]
-	_ = x[EFER_LMSLE_UNS-53]
-	_ = x[ENQCMD-54]
-	_ = x[ERMS-55]
-	_ = x[F16C-56]
-	_ = x[FLUSH_L1D-57]
-	_ = x[FMA3-58]
-	_ = x[FMA4-59]
-	_ = x[FP128-60]
-	_ = x[FP256-61]
-	_ = x[FSRM-62]
-	_ = x[FXSR-63]
-	_ = x[FXSROPT-64]
-	_ = x[GFNI-65]
-	_ = x[HLE-66]
-	_ = x[HRESET-67]
-	_ = x[HTT-68]
-	_ = x[HWA-69]
-	_ = x[HYBRID_CPU-70]
-	_ = x[HYPERVISOR-71]
-	_ = x[IA32_ARCH_CAP-72]
-	_ = x[IA32_CORE_CAP-73]
-	_ = x[IBPB-74]
-	_ = x[IBPB_BRTYPE-75]
-	_ = x[IBRS-76]
-	_ = x[IBRS_PREFERRED-77]
-	_ = x[IBRS_PROVIDES_SMP-78]
-	_ = x[IBS-79]
-	_ = x[IBSBRNTRGT-80]
-	_ = x[IBSFETCHSAM-81]
-	_ = x[IBSFFV-82]
-	_ = x[IBSOPCNT-83]
-	_ = x[IBSOPCNTEXT-84]
-	_ = x[IBSOPSAM-85]
-	_ = x[IBSRDWROPCNT-86]
-	_ = x[IBSRIPINVALIDCHK-87]
-	_ = x[IBS_FETCH_CTLX-88]
-	_ = x[IBS_OPDATA4-89]
-	_ = x[IBS_OPFUSE-90]
-	_ = x[IBS_PREVENTHOST-91]
-	_ = x[IBS_ZEN4-92]
-	_ = x[IDPRED_CTRL-93]
-	_ = x[INT_WBINVD-94]
-	_ = x[INVLPGB-95]
-	_ = x[KEYLOCKER-96]
-	_ = x[KEYLOCKERW-97]
-	_ = x[LAHF-98]
-	_ = x[LAM-99]
-	_ = x[LBRVIRT-100]
-	_ = x[LZCNT-101]
-	_ = x[MCAOVERFLOW-102]
-	_ = x[MCDT_NO-103]
-	_ = x[MCOMMIT-104]
-	_ = x[MD_CLEAR-105]
-	_ = x[MMX-106]
-	_ = x[MMXEXT-107]
-	_ = x[MOVBE-108]
-	_ = x[MOVDIR64B-109]
-	_ = x[MOVDIRI-110]
-	_ = x[MOVSB_ZL-111]
-	_ = x[MOVU-112]
-	_ = x[MPX-113]
-	_ = x[MSRIRC-114]
-	_ = x[MSRLIST-115]
-	_ = x[MSR_PAGEFLUSH-116]
-	_ = x[NRIPS-117]
-	_ = x[NX-118]
-	_ = x[OSXSAVE-119]
-	_ = x[PCONFIG-120]
-	_ = x[POPCNT-121]
-	_ = x[PPIN-122]
-	_ = x[PREFETCHI-123]
-	_ = x[PSFD-124]
-	_ = x[RDPRU-125]
-	_ = x[RDRAND-126]
-	_ = x[RDSEED-127]
-	_ = x[RDTSCP-128]
-	_ = x[RRSBA_CTRL-129]
-	_ = x[RTM-130]
-	_ = x[RTM_ALWAYS_ABORT-131]
-	_ = x[SBPB-132]
-	_ = x[SERIALIZE-133]
-	_ = x[SEV-134]
-	_ = x[SEV_64BIT-135]
-	_ = x[SEV_ALTERNATIVE-136]
-	_ = x[SEV_DEBUGSWAP-137]
-	_ = x[SEV_ES-138]
-	_ = x[SEV_RESTRICTED-139]
-	_ = x[SEV_SNP-140]
-	_ = x[SGX-141]
-	_ = x[SGXLC-142]
-	_ = x[SHA-143]
-	_ = x[SME-144]
-	_ = x[SME_COHERENT-145]
-	_ = x[SPEC_CTRL_SSBD-146]
-	_ = x[SRBDS_CTRL-147]
-	_ = x[SRSO_MSR_FIX-148]
-	_ = x[SRSO_NO-149]
-	_ = x[SRSO_USER_KERNEL_NO-150]
-	_ = x[SSE-151]
-	_ = x[SSE2-152]
-	_ = x[SSE3-153]
-	_ = x[SSE4-154]
-	_ = x[SSE42-155]
-	_ = x[SSE4A-156]
-	_ = x[SSSE3-157]
-	_ = x[STIBP-158]
-	_ = x[STIBP_ALWAYSON-159]
-	_ = x[STOSB_SHORT-160]
-	_ = x[SUCCOR-161]
-	_ = x[SVM-162]
-	_ = x[SVMDA-163]
-	_ = x[SVMFBASID-164]
-	_ = x[SVML-165]
-	_ = x[SVMNP-166]
-	_ = x[SVMPF-167]
-	_ = x[SVMPFT-168]
-	_ = x[SYSCALL-169]
-	_ = x[SYSEE-170]
-	_ = x[TBM-171]
-	_ = x[TDX_GUEST-172]
-	_ = x[TLB_FLUSH_NESTED-173]
-	_ = x[TME-174]
-	_ = x[TOPEXT-175]
-	_ = x[TSCRATEMSR-176]
-	_ = x[TSXLDTRK-177]
-	_ = x[VAES-178]
-	_ = x[VMCBCLEAN-179]
-	_ = x[VMPL-180]
-	_ = x[VMSA_REGPROT-181]
-	_ = x[VMX-182]
-	_ = x[VPCLMULQDQ-183]
-	_ = x[VTE-184]
-	_ = x[WAITPKG-185]
-	_ = x[WBNOINVD-186]
-	_ = x[WRMSRNS-187]
-	_ = x[X87-188]
-	_ = x[XGETBV1-189]
-	_ = x[XOP-190]
-	_ = x[XSAVE-191]
-	_ = x[XSAVEC-192]
-	_ = x[XSAVEOPT-193]
-	_ = x[XSAVES-194]
-	_ = x[AESARM-195]
-	_ = x[ARMCPUID-196]
-	_ = x[ASIMD-197]
-	_ = x[ASIMDDP-198]
-	_ = x[ASIMDHP-199]
-	_ = x[ASIMDRDM-200]
-	_ = x[ATOMICS-201]
-	_ = x[CRC32-202]
-	_ = x[DCPOP-203]
-	_ = x[EVTSTRM-204]
-	_ = x[FCMA-205]
-	_ = x[FP-206]
-	_ = x[FPHP-207]
-	_ = x[GPA-208]
-	_ = x[JSCVT-209]
-	_ = x[LRCPC-210]
-	_ = x[PMULL-211]
-	_ = x[SHA1-212]
-	_ = x[SHA2-213]
-	_ = x[SHA3-214]
-	_ = x[SHA512-215]
-	_ = x[SM3-216]
-	_ = x[SM4-217]
-	_ = x[SVE-218]
-	_ = x[lastID-219]
+	_ = x[AMXFP8-8]
+	_ = x[AMXTILE-9]
+	_ = x[APX_F-10]
+	_ = x[AVX-11]
+	_ = x[AVX10-12]
+	_ = x[AVX10_128-13]
+	_ = x[AVX10_256-14]
+	_ = x[AVX10_512-15]
+	_ = x[AVX2-16]
+	_ = x[AVX512BF16-17]
+	_ = x[AVX512BITALG-18]
+	_ = x[AVX512BW-19]
+	_ = x[AVX512CD-20]
+	_ = x[AVX512DQ-21]
+	_ = x[AVX512ER-22]
+	_ = x[AVX512F-23]
+	_ = x[AVX512FP16-24]
+	_ = x[AVX512IFMA-25]
+	_ = x[AVX512PF-26]
+	_ = x[AVX512VBMI-27]
+	_ = x[AVX512VBMI2-28]
+	_ = x[AVX512VL-29]
+	_ = x[AVX512VNNI-30]
+	_ = x[AVX512VP2INTERSECT-31]
+	_ = x[AVX512VPOPCNTDQ-32]
+	_ = x[AVXIFMA-33]
+	_ = x[AVXNECONVERT-34]
+	_ = x[AVXSLOW-35]
+	_ = x[AVXVNNI-36]
+	_ = x[AVXVNNIINT8-37]
+	_ = x[AVXVNNIINT16-38]
+	_ = x[BHI_CTRL-39]
+	_ = x[BMI1-40]
+	_ = x[BMI2-41]
+	_ = x[CETIBT-42]
+	_ = x[CETSS-43]
+	_ = x[CLDEMOTE-44]
+	_ = x[CLMUL-45]
+	_ = x[CLZERO-46]
+	_ = x[CMOV-47]
+	_ = x[CMPCCXADD-48]
+	_ = x[CMPSB_SCADBS_SHORT-49]
+	_ = x[CMPXCHG8-50]
+	_ = x[CPBOOST-51]
+	_ = x[CPPC-52]
+	_ = x[CX16-53]
+	_ = x[EFER_LMSLE_UNS-54]
+	_ = x[ENQCMD-55]
+	_ = x[ERMS-56]
+	_ = x[F16C-57]
+	_ = x[FLUSH_L1D-58]
+	_ = x[FMA3-59]
+	_ = x[FMA4-60]
+	_ = x[FP128-61]
+	_ = x[FP256-62]
+	_ = x[FSRM-63]
+	_ = x[FXSR-64]
+	_ = x[FXSROPT-65]
+	_ = x[GFNI-66]
+	_ = x[HLE-67]
+	_ = x[HRESET-68]
+	_ = x[HTT-69]
+	_ = x[HWA-70]
+	_ = x[HYBRID_CPU-71]
+	_ = x[HYPERVISOR-72]
+	_ = x[IA32_ARCH_CAP-73]
+	_ = x[IA32_CORE_CAP-74]
+	_ = x[IBPB-75]
+	_ = x[IBPB_BRTYPE-76]
+	_ = x[IBRS-77]
+	_ = x[IBRS_PREFERRED-78]
+	_ = x[IBRS_PROVIDES_SMP-79]
+	_ = x[IBS-80]
+	_ = x[IBSBRNTRGT-81]
+	_ = x[IBSFETCHSAM-82]
+	_ = x[IBSFFV-83]
+	_ = x[IBSOPCNT-84]
+	_ = x[IBSOPCNTEXT-85]
+	_ = x[IBSOPSAM-86]
+	_ = x[IBSRDWROPCNT-87]
+	_ = x[IBSRIPINVALIDCHK-88]
+	_ = x[IBS_FETCH_CTLX-89]
+	_ = x[IBS_OPDATA4-90]
+	_ = x[IBS_OPFUSE-91]
+	_ = x[IBS_PREVENTHOST-92]
+	_ = x[IBS_ZEN4-93]
+	_ = x[IDPRED_CTRL-94]
+	_ = x[INT_WBINVD-95]
+	_ = x[INVLPGB-96]
+	_ = x[KEYLOCKER-97]
+	_ = x[KEYLOCKERW-98]
+	_ = x[LAHF-99]
+	_ = x[LAM-100]
+	_ = x[LBRVIRT-101]
+	_ = x[LZCNT-102]
+	_ = x[MCAOVERFLOW-103]
+	_ = x[MCDT_NO-104]
+	_ = x[MCOMMIT-105]
+	_ = x[MD_CLEAR-106]
+	_ = x[MMX-107]
+	_ = x[MMXEXT-108]
+	_ = x[MOVBE-109]
+	_ = x[MOVDIR64B-110]
+	_ = x[MOVDIRI-111]
+	_ = x[MOVSB_ZL-112]
+	_ = x[MOVU-113]
+	_ = x[MPX-114]
+	_ = x[MSRIRC-115]
+	_ = x[MSRLIST-116]
+	_ = x[MSR_PAGEFLUSH-117]
+	_ = x[NRIPS-118]
+	_ = x[NX-119]
+	_ = x[OSXSAVE-120]
+	_ = x[PCONFIG-121]
+	_ = x[POPCNT-122]
+	_ = x[PPIN-123]
+	_ = x[PREFETCHI-124]
+	_ = x[PSFD-125]
+	_ = x[RDPRU-126]
+	_ = x[RDRAND-127]
+	_ = x[RDSEED-128]
+	_ = x[RDTSCP-129]
+	_ = x[RRSBA_CTRL-130]
+	_ = x[RTM-131]
+	_ = x[RTM_ALWAYS_ABORT-132]
+	_ = x[SBPB-133]
+	_ = x[SERIALIZE-134]
+	_ = x[SEV-135]
+	_ = x[SEV_64BIT-136]
+	_ = x[SEV_ALTERNATIVE-137]
+	_ = x[SEV_DEBUGSWAP-138]
+	_ = x[SEV_ES-139]
+	_ = x[SEV_RESTRICTED-140]
+	_ = x[SEV_SNP-141]
+	_ = x[SGX-142]
+	_ = x[SGXLC-143]
+	_ = x[SHA-144]
+	_ = x[SME-145]
+	_ = x[SME_COHERENT-146]
+	_ = x[SPEC_CTRL_SSBD-147]
+	_ = x[SRBDS_CTRL-148]
+	_ = x[SRSO_MSR_FIX-149]
+	_ = x[SRSO_NO-150]
+	_ = x[SRSO_USER_KERNEL_NO-151]
+	_ = x[SSE-152]
+	_ = x[SSE2-153]
+	_ = x[SSE3-154]
+	_ = x[SSE4-155]
+	_ = x[SSE42-156]
+	_ = x[SSE4A-157]
+	_ = x[SSSE3-158]
+	_ = x[STIBP-159]
+	_ = x[STIBP_ALWAYSON-160]
+	_ = x[STOSB_SHORT-161]
+	_ = x[SUCCOR-162]
+	_ = x[SVM-163]
+	_ = x[SVMDA-164]
+	_ = x[SVMFBASID-165]
+	_ = x[SVML-166]
+	_ = x[SVMNP-167]
+	_ = x[SVMPF-168]
+	_ = x[SVMPFT-169]
+	_ = x[SYSCALL-170]
+	_ = x[SYSEE-171]
+	_ = x[TBM-172]
+	_ = x[TDX_GUEST-173]
+	_ = x[TLB_FLUSH_NESTED-174]
+	_ = x[TME-175]
+	_ = x[TOPEXT-176]
+	_ = x[TSCRATEMSR-177]
+	_ = x[TSXLDTRK-178]
+	_ = x[VAES-179]
+	_ = x[VMCBCLEAN-180]
+	_ = x[VMPL-181]
+	_ = x[VMSA_REGPROT-182]
+	_ = x[VMX-183]
+	_ = x[VPCLMULQDQ-184]
+	_ = x[VTE-185]
+	_ = x[WAITPKG-186]
+	_ = x[WBNOINVD-187]
+	_ = x[WRMSRNS-188]
+	_ = x[X87-189]
+	_ = x[XGETBV1-190]
+	_ = x[XOP-191]
+	_ = x[XSAVE-192]
+	_ = x[XSAVEC-193]
+	_ = x[XSAVEOPT-194]
+	_ = x[XSAVES-195]
+	_ = x[AESARM-196]
+	_ = x[ARMCPUID-197]
+	_ = x[ASIMD-198]
+	_ = x[ASIMDDP-199]
+	_ = x[ASIMDHP-200]
+	_ = x[ASIMDRDM-201]
+	_ = x[ATOMICS-202]
+	_ = x[CRC32-203]
+	_ = x[DCPOP-204]
+	_ = x[EVTSTRM-205]
+	_ = x[FCMA-206]
+	_ = x[FP-207]
+	_ = x[FPHP-208]
+	_ = x[GPA-209]
+	_ = x[JSCVT-210]
+	_ = x[LRCPC-211]
+	_ = x[PMULL-212]
+	_ = x[SHA1-213]
+	_ = x[SHA2-214]
+	_ = x[SHA3-215]
+	_ = x[SHA512-216]
+	_ = x[SM3-217]
+	_ = x[SM4-218]
+	_ = x[SVE-219]
+	_ = x[lastID-220]
 	_ = x[firstID-0]
 }
 
-const _FeatureID_name = "firstIDADXAESNIAMD3DNOWAMD3DNOWEXTAMXBF16AMXFP16AMXINT8AMXTILEAPX_FAVXAVX10AVX10_128AVX10_256AVX10_512AVX2AVX512BF16AVX512BITALGAVX512BWAVX512CDAVX512DQAVX512ERAVX512FAVX512FP16AVX512IFMAAVX512PFAVX512VBMIAVX512VBMI2AVX512VLAVX512VNNIAVX512VP2INTERSECTAVX512VPOPCNTDQAVXIFMAAVXNECONVERTAVXSLOWAVXVNNIAVXVNNIINT8AVXVNNIINT16BHI_CTRLBMI1BMI2CETIBTCETSSCLDEMOTECLMULCLZEROCMOVCMPCCXADDCMPSB_SCADBS_SHORTCMPXCHG8CPBOOSTCPPCCX16EFER_LMSLE_UNSENQCMDERMSF16CFLUSH_L1DFMA3FMA4FP128FP256FSRMFXSRFXSROPTGFNIHLEHRESETHTTHWAHYBRID_CPUHYPERVISORIA32_ARCH_CAPIA32_CORE_CAPIBPBIBPB_BRTYPEIBRSIBRS_PREFERREDIBRS_PROVIDES_SMPIBSIBSBRNTRGTIBSFETCHSAMIBSFFVIBSOPCNTIBSOPCNTEXTIBSOPSAMIBSRDWROPCNTIBSRIPINVALIDCHKIBS_FETCH_CTLXIBS_OPDATA4IBS_OPFUSEIBS_PREVENTHOSTIBS_ZEN4IDPRED_CTRLINT_WBINVDINVLPGBKEYLOCKERKEYLOCKERWLAHFLAMLBRVIRTLZCNTMCAOVERFLOWMCDT_NOMCOMMITMD_CLEARMMXMMXEXTMOVBEMOVDIR64BMOVDIRIMOVSB_ZLMOVUMPXMSRIRCMSRLISTMSR_PAGEFLUSHNRIPSNXOSXSAVEPCONFIGPOPCNTPPINPREFETCHIPSFDRDPRURDRANDRDSEEDRDTSCPRRSBA_CTRLRTMRTM_ALWAYS_ABORTSBPBSERIALIZESEVSEV_64BITSEV_ALTERNATIVESEV_DEBUGSWAPSEV_ESSEV_RESTRICTEDSEV_SNPSGXSGXLCSHASMESME_COHERENTSPEC_CTRL_SSBDSRBDS_CTRLSRSO_MSR_FIXSRSO_NOSRSO_USER_KERNEL_NOSSESSE2SSE3SSE4SSE42SSE4ASSSE3STIBPSTIBP_ALWAYSONSTOSB_SHORTSUCCORSVMSVMDASVMFBASIDSVMLSVMNPSVMPFSVMPFTSYSCALLSYSEETBMTDX_GUESTTLB_FLUSH_NESTEDTMETOPEXTTSCRATEMSRTSXLDTRKVAESVMCBCLEANVMPLVMSA_REGPROTVMXVPCLMULQDQVTEWAITPKGWBNOINVDWRMSRNSX87XGETBV1XOPXSAVEXSAVECXSAVEOPTXSAVESAESARMARMCPUIDASIMDASIMDDPASIMDHPASIMDRDMATOMICSCRC32DCPOPEVTSTRMFCMAFPFPHPGPAJSCVTLRCPCPMULLSHA1SHA2SHA3SHA512SM3SM4SVElastID"
+const _FeatureID_name = "firstIDADXAESNIAMD3DNOWAMD3DNOWEXTAMXBF16AMXFP16AMXINT8AMXFP8AMXTILEAPX_FAVXAVX10AVX10_128AVX10_256AVX10_512AVX2AVX512BF16AVX512BITALGAVX512BWAVX512CDAVX512DQAVX512ERAVX512FAVX512FP16AVX512IFMAAVX512PFAVX512VBMIAVX512VBMI2AVX512VLAVX512VNNIAVX512VP2INTERSECTAVX512VPOPCNTDQAVXIFMAAVXNECONVERTAVXSLOWAVXVNNIAVXVNNIINT8AVXVNNIINT16BHI_CTRLBMI1BMI2CETIBTCETSSCLDEMOTECLMULCLZEROCMOVCMPCCXADDCMPSB_SCADBS_SHORTCMPXCHG8CPBOOSTCPPCCX16EFER_LMSLE_UNSENQCMDERMSF16CFLUSH_L1DFMA3FMA4FP128FP256FSRMFXSRFXSROPTGFNIHLEHRESETHTTHWAHYBRID_CPUHYPERVISORIA32_ARCH_CAPIA32_CORE_CAPIBPBIBPB_BRTYPEIBRSIBRS_PREFERREDIBRS_PROVIDES_SMPIBSIBSBRNTRGTIBSFETCHSAMIBSFFVIBSOPCNTIBSOPCNTEXTIBSOPSAMIBSRDWROPCNTIBSRIPINVALIDCHKIBS_FETCH_CTLXIBS_OPDATA4IBS_OPFUSEIBS_PREVENTHOSTIBS_ZEN4IDPRED_CTRLINT_WBINVDINVLPGBKEYLOCKERKEYLOCKERWLAHFLAMLBRVIRTLZCNTMCAOVERFLOWMCDT_NOMCOMMITMD_CLEARMMXMMXEXTMOVBEMOVDIR64BMOVDIRIMOVSB_ZLMOVUMPXMSRIRCMSRLISTMSR_PAGEFLUSHNRIPSNXOSXSAVEPCONFIGPOPCNTPPINPREFETCHIPSFDRDPRURDRANDRDSEEDRDTSCPRRSBA_CTRLRTMRTM_ALWAYS_ABORTSBPBSERIALIZESEVSEV_64BITSEV_ALTERNATIVESEV_DEBUGSWAPSEV_ESSEV_RESTRICTEDSEV_SNPSGXSGXLCSHASMESME_COHERENTSPEC_CTRL_SSBDSRBDS_CTRLSRSO_MSR_FIXSRSO_NOSRSO_USER_KERNEL_NOSSESSE2SSE3SSE4SSE42SSE4ASSSE3STIBPSTIBP_ALWAYSONSTOSB_SHORTSUCCORSVMSVMDASVMFBASIDSVMLSVMNPSVMPFSVMPFTSYSCALLSYSEETBMTDX_GUESTTLB_FLUSH_NESTEDTMETOPEXTTSCRATEMSRTSXLDTRKVAESVMCBCLEANVMPLVMSA_REGPROTVMXVPCLMULQDQVTEWAITPKGWBNOINVDWRMSRNSX87XGETBV1XOPXSAVEXSAVECXSAVEOPTXSAVESAESARMARMCPUIDASIMDASIMDDPASIMDHPASIMDRDMATOMICSCRC32DCPOPEVTSTRMFCMAFPFPHPGPAJSCVTLRCPCPMULLSHA1SHA2SHA3SHA512SM3SM4SVElastID"
 
-var _FeatureID_index = [...]uint16{0, 7, 10, 15, 23, 34, 41, 48, 55, 62, 67, 70, 75, 84, 93, 102, 106, 116, 128, 136, 144, 152, 160, 167, 177, 187, 195, 205, 216, 224, 234, 252, 267, 274, 286, 293, 300, 311, 323, 331, 335, 339, 345, 350, 358, 363, 369, 373, 382, 400, 408, 415, 419, 423, 437, 443, 447, 451, 460, 464, 468, 473, 478, 482, 486, 493, 497, 500, 506, 509, 512, 522, 532, 545, 558, 562, 573, 577, 591, 608, 611, 621, 632, 638, 646, 657, 665, 677, 693, 707, 718, 728, 743, 751, 762, 772, 779, 788, 798, 802, 805, 812, 817, 828, 835, 842, 850, 853, 859, 864, 873, 880, 888, 892, 895, 901, 908, 921, 926, 928, 935, 942, 948, 952, 961, 965, 970, 976, 982, 988, 998, 1001, 1017, 1021, 1030, 1033, 1042, 1057, 1070, 1076, 1090, 1097, 1100, 1105, 1108, 1111, 1123, 1137, 1147, 1159, 1166, 1185, 1188, 1192, 1196, 1200, 1205, 1210, 1215, 1220, 1234, 1245, 1251, 1254, 1259, 1268, 1272, 1277, 1282, 1288, 1295, 1300, 1303, 1312, 1328, 1331, 1337, 1347, 1355, 1359, 1368, 1372, 1384, 1387, 1397, 1400, 1407, 1415, 1422, 1425, 1432, 1435, 1440, 1446, 1454, 1460, 1466, 1474, 1479, 1486, 1493, 1501, 1508, 1513, 1518, 1525, 1529, 1531, 1535, 1538, 1543, 1548, 1553, 1557, 1561, 1565, 1571, 1574, 1577, 1580, 1586}
+var _FeatureID_index = [...]uint16{0, 7, 10, 15, 23, 34, 41, 48, 55, 61, 68, 73, 76, 81, 90, 99, 108, 112, 122, 134, 142, 150, 158, 166, 173, 183, 193, 201, 211, 222, 230, 240, 258, 273, 280, 292, 299, 306, 317, 329, 337, 341, 345, 351, 356, 364, 369, 375, 379, 388, 406, 414, 421, 425, 429, 443, 449, 453, 457, 466, 470, 474, 479, 484, 488, 492, 499, 503, 506, 512, 515, 518, 528, 538, 551, 564, 568, 579, 583, 597, 614, 617, 627, 638, 644, 652, 663, 671, 683, 699, 713, 724, 734, 749, 757, 768, 778, 785, 794, 804, 808, 811, 818, 823, 834, 841, 848, 856, 859, 865, 870, 879, 886, 894, 898, 901, 907, 914, 927, 932, 934, 941, 948, 954, 958, 967, 971, 976, 982, 988, 994, 1004, 1007, 1023, 1027, 1036, 1039, 1048, 1063, 1076, 1082, 1096, 1103, 1106, 1111, 1114, 1117, 1129, 1143, 1153, 1165, 1172, 1191, 1194, 1198, 1202, 1206, 1211, 1216, 1221, 1226, 1240, 1251, 1257, 1260, 1265, 1274, 1278, 1283, 1288, 1294, 1301, 1306, 1309, 1318, 1334, 1337, 1343, 1353, 1361, 1365, 1374, 1378, 1390, 1393, 1403, 1406, 1413, 1421, 1428, 1431, 1438, 1441, 1446, 1452, 1460, 1466, 1472, 1480, 1485, 1492, 1499, 1507, 1514, 1519, 1524, 1531, 1535, 1537, 1541, 1544, 1549, 1554, 1559, 1563, 1567, 1571, 1577, 1580, 1583, 1586, 1592}
 
 func (i FeatureID) String() string {
 	if i < 0 || i >= FeatureID(len(_FeatureID_index)-1) {
@@ -270,12 +271,17 @@ func _() {
 	_ = x[AMCC-23]
 	_ = x[Qualcomm-24]
 	_ = x[Marvell-25]
-	_ = x[lastVendor-26]
+	_ = x[QEMU-26]
+	_ = x[QNX-27]
+	_ = x[ACRN-28]
+	_ = x[SRE-29]
+	_ = x[Apple-30]
+	_ = x[lastVendor-31]
 }
 
-const _Vendor_name = "VendorUnknownIntelAMDVIATransmetaNSCKVMMSVMVMwareXenHVMBhyveHygonSiSRDCAmpereARMBroadcomCaviumDECFujitsuInfineonMotorolaNVIDIAAMCCQualcommMarvelllastVendor"
+const _Vendor_name = "VendorUnknownIntelAMDVIATransmetaNSCKVMMSVMVMwareXenHVMBhyveHygonSiSRDCAmpereARMBroadcomCaviumDECFujitsuInfineonMotorolaNVIDIAAMCCQualcommMarvellQEMUQNXACRNSREApplelastVendor"
 
-var _Vendor_index = [...]uint8{0, 13, 18, 21, 24, 33, 36, 39, 43, 49, 55, 60, 65, 68, 71, 77, 80, 88, 94, 97, 104, 112, 120, 126, 130, 138, 145, 155}
+var _Vendor_index = [...]uint8{0, 13, 18, 21, 24, 33, 36, 39, 43, 49, 55, 60, 65, 68, 71, 77, 80, 88, 94, 97, 104, 112, 120, 126, 130, 138, 145, 149, 152, 156, 159, 164, 174}
 
 func (i Vendor) String() string {
 	if i < 0 || i >= Vendor(len(_Vendor_index)-1) {
diff --git a/vendor/github.com/minio/minio-go/v7/api-presigned.go b/vendor/github.com/minio/minio-go/v7/api-presigned.go
index 9e85f818167..29642200ee1 100644
--- a/vendor/github.com/minio/minio-go/v7/api-presigned.go
+++ b/vendor/github.com/minio/minio-go/v7/api-presigned.go
@@ -140,7 +140,7 @@ func (c *Client) PresignedPostPolicy(ctx context.Context, p *PostPolicy) (u *url
 	}
 
 	// Get credentials from the configured credentials provider.
-	credValues, err := c.credsProvider.Get()
+	credValues, err := c.credsProvider.GetWithContext(c.CredContext())
 	if err != nil {
 		return nil, nil, err
 	}
diff --git a/vendor/github.com/minio/minio-go/v7/api.go b/vendor/github.com/minio/minio-go/v7/api.go
index 83c003e499f..cb46816d0db 100644
--- a/vendor/github.com/minio/minio-go/v7/api.go
+++ b/vendor/github.com/minio/minio-go/v7/api.go
@@ -133,7 +133,7 @@ type Options struct {
 // Global constants.
 const (
 	libraryName    = "minio-go"
-	libraryVersion = "v7.0.82"
+	libraryVersion = "v7.0.83"
 )
 
 // User Agent should always following the below style.
@@ -600,9 +600,9 @@ func (c *Client) executeMethod(ctx context.Context, method string, metadata requ
 		return nil, errors.New(c.endpointURL.String() + " is offline.")
 	}
 
-	var retryable bool          // Indicates if request can be retried.
-	var bodySeeker io.Seeker    // Extracted seeker from io.Reader.
-	var reqRetry = c.maxRetries // Indicates how many times we can retry the request
+	var retryable bool       // Indicates if request can be retried.
+	var bodySeeker io.Seeker // Extracted seeker from io.Reader.
+	reqRetry := c.maxRetries // Indicates how many times we can retry the request
 
 	if metadata.contentBody != nil {
 		// Check if body is seekable then it is retryable.
@@ -808,7 +808,7 @@ func (c *Client) newRequest(ctx context.Context, method string, metadata request
 	}
 
 	// Get credentials from the configured credentials provider.
-	value, err := c.credsProvider.Get()
+	value, err := c.credsProvider.GetWithContext(c.CredContext())
 	if err != nil {
 		return nil, err
 	}
@@ -1018,3 +1018,15 @@ func (c *Client) isVirtualHostStyleRequest(url url.URL, bucketName string) bool
 	// path style requests
 	return s3utils.IsVirtualHostSupported(url, bucketName)
 }
+
+// CredContext returns the context for fetching credentials
+func (c *Client) CredContext() *credentials.CredContext {
+	httpClient := c.httpClient
+	if httpClient == nil {
+		httpClient = http.DefaultClient
+	}
+	return &credentials.CredContext{
+		Client:   httpClient,
+		Endpoint: c.endpointURL.String(),
+	}
+}
diff --git a/vendor/github.com/minio/minio-go/v7/bucket-cache.go b/vendor/github.com/minio/minio-go/v7/bucket-cache.go
index b1d3b3852cf..4e4305acd5b 100644
--- a/vendor/github.com/minio/minio-go/v7/bucket-cache.go
+++ b/vendor/github.com/minio/minio-go/v7/bucket-cache.go
@@ -212,7 +212,7 @@ func (c *Client) getBucketLocationRequest(ctx context.Context, bucketName string
 	c.setUserAgent(req)
 
 	// Get credentials from the configured credentials provider.
-	value, err := c.credsProvider.Get()
+	value, err := c.credsProvider.GetWithContext(c.CredContext())
 	if err != nil {
 		return nil, err
 	}
diff --git a/vendor/github.com/minio/minio-go/v7/pkg/credentials/assume_role.go b/vendor/github.com/minio/minio-go/v7/pkg/credentials/assume_role.go
index d245bc07a3a..cd0a641bde1 100644
--- a/vendor/github.com/minio/minio-go/v7/pkg/credentials/assume_role.go
+++ b/vendor/github.com/minio/minio-go/v7/pkg/credentials/assume_role.go
@@ -76,7 +76,8 @@ type AssumeRoleResult struct {
 type STSAssumeRole struct {
 	Expiry
 
-	// Required http Client to use when connecting to MinIO STS service.
+	// Optional http Client to use when connecting to MinIO STS service
+	// (overrides default client in CredContext)
 	Client *http.Client
 
 	// STS endpoint to fetch STS credentials.
@@ -108,16 +109,10 @@ type STSAssumeRoleOptions struct {
 // NewSTSAssumeRole returns a pointer to a new
 // Credentials object wrapping the STSAssumeRole.
 func NewSTSAssumeRole(stsEndpoint string, opts STSAssumeRoleOptions) (*Credentials, error) {
-	if stsEndpoint == "" {
-		return nil, errors.New("STS endpoint cannot be empty")
-	}
 	if opts.AccessKey == "" || opts.SecretKey == "" {
 		return nil, errors.New("AssumeRole credentials access/secretkey is mandatory")
 	}
 	return New(&STSAssumeRole{
-		Client: &http.Client{
-			Transport: http.DefaultTransport,
-		},
 		STSEndpoint: stsEndpoint,
 		Options:     opts,
 	}), nil
@@ -222,10 +217,30 @@ func getAssumeRoleCredentials(clnt *http.Client, endpoint string, opts STSAssume
 	return a, nil
 }
 
-// Retrieve retrieves credentials from the MinIO service.
-// Error will be returned if the request fails.
-func (m *STSAssumeRole) Retrieve() (Value, error) {
-	a, err := getAssumeRoleCredentials(m.Client, m.STSEndpoint, m.Options)
+// RetrieveWithCredContext retrieves credentials from the MinIO service.
+// Error will be returned if the request fails, optional cred context.
+func (m *STSAssumeRole) RetrieveWithCredContext(cc *CredContext) (Value, error) {
+	if cc == nil {
+		cc = defaultCredContext
+	}
+
+	client := m.Client
+	if client == nil {
+		client = cc.Client
+	}
+	if client == nil {
+		client = defaultCredContext.Client
+	}
+
+	stsEndpoint := m.STSEndpoint
+	if stsEndpoint == "" {
+		stsEndpoint = cc.Endpoint
+	}
+	if stsEndpoint == "" {
+		return Value{}, errors.New("STS endpoint unknown")
+	}
+
+	a, err := getAssumeRoleCredentials(client, stsEndpoint, m.Options)
 	if err != nil {
 		return Value{}, err
 	}
@@ -241,3 +256,9 @@ func (m *STSAssumeRole) Retrieve() (Value, error) {
 		SignerType:      SignatureV4,
 	}, nil
 }
+
+// Retrieve retrieves credentials from the MinIO service.
+// Error will be returned if the request fails.
+func (m *STSAssumeRole) Retrieve() (Value, error) {
+	return m.RetrieveWithCredContext(nil)
+}
diff --git a/vendor/github.com/minio/minio-go/v7/pkg/credentials/chain.go b/vendor/github.com/minio/minio-go/v7/pkg/credentials/chain.go
index ddccfb173fe..5ef3597d104 100644
--- a/vendor/github.com/minio/minio-go/v7/pkg/credentials/chain.go
+++ b/vendor/github.com/minio/minio-go/v7/pkg/credentials/chain.go
@@ -55,6 +55,24 @@ func NewChainCredentials(providers []Provider) *Credentials {
 	})
 }
 
+// RetrieveWithCredContext is like Retrieve with CredContext
+func (c *Chain) RetrieveWithCredContext(cc *CredContext) (Value, error) {
+	for _, p := range c.Providers {
+		creds, _ := p.RetrieveWithCredContext(cc)
+		// Always prioritize non-anonymous providers, if any.
+		if creds.AccessKeyID == "" && creds.SecretAccessKey == "" {
+			continue
+		}
+		c.curr = p
+		return creds, nil
+	}
+	// At this point we have exhausted all the providers and
+	// are left without any credentials return anonymous.
+	return Value{
+		SignerType: SignatureAnonymous,
+	}, nil
+}
+
 // Retrieve returns the credentials value, returns no credentials(anonymous)
 // if no credentials provider returned any value.
 //
diff --git a/vendor/github.com/minio/minio-go/v7/pkg/credentials/credentials.go b/vendor/github.com/minio/minio-go/v7/pkg/credentials/credentials.go
index 68f9b38157e..52aff9a57f6 100644
--- a/vendor/github.com/minio/minio-go/v7/pkg/credentials/credentials.go
+++ b/vendor/github.com/minio/minio-go/v7/pkg/credentials/credentials.go
@@ -18,6 +18,7 @@
 package credentials
 
 import (
+	"net/http"
 	"sync"
 	"time"
 )
@@ -30,6 +31,10 @@ const (
 	defaultExpiryWindow = 0.8
 )
 
+// defaultCredContext is used when the credential context doesn't
+// actually matter or the default context is suitable.
+var defaultCredContext = &CredContext{Client: http.DefaultClient}
+
 // A Value is the S3 credentials value for individual credential fields.
 type Value struct {
 	// S3 Access key ID
@@ -52,8 +57,17 @@ type Value struct {
 // Value. A provider is required to manage its own Expired state, and what to
 // be expired means.
 type Provider interface {
+	// RetrieveWithCredContext returns nil if it successfully retrieved the
+	// value. Error is returned if the value were not obtainable, or empty.
+	// optionally takes CredContext for additional context to retrieve credentials.
+	RetrieveWithCredContext(cc *CredContext) (Value, error)
+
 	// Retrieve returns nil if it successfully retrieved the value.
 	// Error is returned if the value were not obtainable, or empty.
+	//
+	// Deprecated: Retrieve() exists for historical compatibility and should not
+	// be used. To get new credentials use the RetrieveWithCredContext function
+	// to ensure the proper context (i.e. HTTP client) will be used.
 	Retrieve() (Value, error)
 
 	// IsExpired returns if the credentials are no longer valid, and need
@@ -61,6 +75,18 @@ type Provider interface {
 	IsExpired() bool
 }
 
+// CredContext is passed to the Retrieve function of a provider to provide
+// some additional context to retrieve credentials.
+type CredContext struct {
+	// Client specifies the HTTP client that should be used if an HTTP
+	// request is to be made to fetch the credentials.
+	Client *http.Client
+
+	// Endpoint specifies the MinIO endpoint that will be used if no
+	// explicit endpoint is provided.
+	Endpoint string
+}
+
 // A Expiry provides shared expiration logic to be used by credentials
 // providers to implement expiry functionality.
 //
@@ -146,16 +172,36 @@ func New(provider Provider) *Credentials {
 //
 // If Credentials.Expire() was called the credentials Value will be force
 // expired, and the next call to Get() will cause them to be refreshed.
+//
+// Deprecated: Get() exists for historical compatibility and should not be
+// used. To get new credentials use the Credentials.GetWithContext function
+// to ensure the proper context (i.e. HTTP client) will be used.
 func (c *Credentials) Get() (Value, error) {
+	return c.GetWithContext(nil)
+}
+
+// GetWithContext returns the credentials value, or error if the
+// credentials Value failed to be retrieved.
+//
+// Will return the cached credentials Value if it has not expired. If the
+// credentials Value has expired the Provider's Retrieve() will be called
+// to refresh the credentials.
+//
+// If Credentials.Expire() was called the credentials Value will be force
+// expired, and the next call to Get() will cause them to be refreshed.
+func (c *Credentials) GetWithContext(cc *CredContext) (Value, error) {
 	if c == nil {
 		return Value{}, nil
 	}
+	if cc == nil {
+		cc = defaultCredContext
+	}
 
 	c.Lock()
 	defer c.Unlock()
 
 	if c.isExpired() {
-		creds, err := c.provider.Retrieve()
+		creds, err := c.provider.RetrieveWithCredContext(cc)
 		if err != nil {
 			return Value{}, err
 		}
diff --git a/vendor/github.com/minio/minio-go/v7/pkg/credentials/env_aws.go b/vendor/github.com/minio/minio-go/v7/pkg/credentials/env_aws.go
index b6e60d0e165..21ab0a38a4d 100644
--- a/vendor/github.com/minio/minio-go/v7/pkg/credentials/env_aws.go
+++ b/vendor/github.com/minio/minio-go/v7/pkg/credentials/env_aws.go
@@ -37,8 +37,7 @@ func NewEnvAWS() *Credentials {
 	return New(&EnvAWS{})
 }
 
-// Retrieve retrieves the keys from the environment.
-func (e *EnvAWS) Retrieve() (Value, error) {
+func (e *EnvAWS) retrieve() (Value, error) {
 	e.retrieved = false
 
 	id := os.Getenv("AWS_ACCESS_KEY_ID")
@@ -65,6 +64,16 @@ func (e *EnvAWS) Retrieve() (Value, error) {
 	}, nil
 }
 
+// Retrieve retrieves the keys from the environment.
+func (e *EnvAWS) Retrieve() (Value, error) {
+	return e.retrieve()
+}
+
+// RetrieveWithCredContext is like Retrieve (no-op input of Cred Context)
+func (e *EnvAWS) RetrieveWithCredContext(_ *CredContext) (Value, error) {
+	return e.retrieve()
+}
+
 // IsExpired returns if the credentials have been retrieved.
 func (e *EnvAWS) IsExpired() bool {
 	return !e.retrieved
diff --git a/vendor/github.com/minio/minio-go/v7/pkg/credentials/env_minio.go b/vendor/github.com/minio/minio-go/v7/pkg/credentials/env_minio.go
index 5bfeab140ae..dbfbdfcef1d 100644
--- a/vendor/github.com/minio/minio-go/v7/pkg/credentials/env_minio.go
+++ b/vendor/github.com/minio/minio-go/v7/pkg/credentials/env_minio.go
@@ -38,8 +38,7 @@ func NewEnvMinio() *Credentials {
 	return New(&EnvMinio{})
 }
 
-// Retrieve retrieves the keys from the environment.
-func (e *EnvMinio) Retrieve() (Value, error) {
+func (e *EnvMinio) retrieve() (Value, error) {
 	e.retrieved = false
 
 	id := os.Getenv("MINIO_ROOT_USER")
@@ -62,6 +61,16 @@ func (e *EnvMinio) Retrieve() (Value, error) {
 	}, nil
 }
 
+// Retrieve retrieves the keys from the environment.
+func (e *EnvMinio) Retrieve() (Value, error) {
+	return e.retrieve()
+}
+
+// RetrieveWithCredContext is like Retrieve() (no-op input cred context)
+func (e *EnvMinio) RetrieveWithCredContext(_ *CredContext) (Value, error) {
+	return e.retrieve()
+}
+
 // IsExpired returns if the credentials have been retrieved.
 func (e *EnvMinio) IsExpired() bool {
 	return !e.retrieved
diff --git a/vendor/github.com/minio/minio-go/v7/pkg/credentials/file_aws_credentials.go b/vendor/github.com/minio/minio-go/v7/pkg/credentials/file_aws_credentials.go
index 541e1a72f0f..0c83fc7fa4c 100644
--- a/vendor/github.com/minio/minio-go/v7/pkg/credentials/file_aws_credentials.go
+++ b/vendor/github.com/minio/minio-go/v7/pkg/credentials/file_aws_credentials.go
@@ -71,9 +71,7 @@ func NewFileAWSCredentials(filename, profile string) *Credentials {
 	})
 }
 
-// Retrieve reads and extracts the shared credentials from the current
-// users home directory.
-func (p *FileAWSCredentials) Retrieve() (Value, error) {
+func (p *FileAWSCredentials) retrieve() (Value, error) {
 	if p.Filename == "" {
 		p.Filename = os.Getenv("AWS_SHARED_CREDENTIALS_FILE")
 		if p.Filename == "" {
@@ -142,6 +140,17 @@ func (p *FileAWSCredentials) Retrieve() (Value, error) {
 	}, nil
 }
 
+// Retrieve reads and extracts the shared credentials from the current
+// users home directory.
+func (p *FileAWSCredentials) Retrieve() (Value, error) {
+	return p.retrieve()
+}
+
+// RetrieveWithCredContext is like Retrieve(), cred context is no-op for File credentials
+func (p *FileAWSCredentials) RetrieveWithCredContext(_ *CredContext) (Value, error) {
+	return p.retrieve()
+}
+
 // loadProfiles loads from the file pointed to by shared credentials filename for profile.
 // The credentials retrieved from the profile will be returned or error. Error will be
 // returned if it fails to read from the file, or the data is invalid.
diff --git a/vendor/github.com/minio/minio-go/v7/pkg/credentials/file_minio_client.go b/vendor/github.com/minio/minio-go/v7/pkg/credentials/file_minio_client.go
index 750e26ffa8b..5805281fe9e 100644
--- a/vendor/github.com/minio/minio-go/v7/pkg/credentials/file_minio_client.go
+++ b/vendor/github.com/minio/minio-go/v7/pkg/credentials/file_minio_client.go
@@ -56,9 +56,7 @@ func NewFileMinioClient(filename, alias string) *Credentials {
 	})
 }
 
-// Retrieve reads and extracts the shared credentials from the current
-// users home directory.
-func (p *FileMinioClient) Retrieve() (Value, error) {
+func (p *FileMinioClient) retrieve() (Value, error) {
 	if p.Filename == "" {
 		if value, ok := os.LookupEnv("MINIO_SHARED_CREDENTIALS_FILE"); ok {
 			p.Filename = value
@@ -96,6 +94,17 @@ func (p *FileMinioClient) Retrieve() (Value, error) {
 	}, nil
 }
 
+// Retrieve reads and extracts the shared credentials from the current
+// users home directory.
+func (p *FileMinioClient) Retrieve() (Value, error) {
+	return p.retrieve()
+}
+
+// RetrieveWithCredContext - is like Retrieve()
+func (p *FileMinioClient) RetrieveWithCredContext(_ *CredContext) (Value, error) {
+	return p.retrieve()
+}
+
 // IsExpired returns if the shared credentials have expired.
 func (p *FileMinioClient) IsExpired() bool {
 	return !p.retrieved
diff --git a/vendor/github.com/minio/minio-go/v7/pkg/credentials/iam_aws.go b/vendor/github.com/minio/minio-go/v7/pkg/credentials/iam_aws.go
index ea4b3ef9375..0ba06e71066 100644
--- a/vendor/github.com/minio/minio-go/v7/pkg/credentials/iam_aws.go
+++ b/vendor/github.com/minio/minio-go/v7/pkg/credentials/iam_aws.go
@@ -49,7 +49,8 @@ const DefaultExpiryWindow = -1
 type IAM struct {
 	Expiry
 
-	// Required http Client to use when connecting to IAM metadata service.
+	// Optional http Client to use when connecting to IAM metadata service
+	// (overrides default client in CredContext)
 	Client *http.Client
 
 	// Custom endpoint to fetch IAM role credentials.
@@ -90,17 +91,16 @@ const (
 // NewIAM returns a pointer to a new Credentials object wrapping the IAM.
 func NewIAM(endpoint string) *Credentials {
 	return New(&IAM{
-		Client: &http.Client{
-			Transport: http.DefaultTransport,
-		},
 		Endpoint: endpoint,
 	})
 }
 
-// Retrieve retrieves credentials from the EC2 service.
-// Error will be returned if the request fails, or unable to extract
-// the desired
-func (m *IAM) Retrieve() (Value, error) {
+// RetrieveWithCredContext is like Retrieve with Cred Context
+func (m *IAM) RetrieveWithCredContext(cc *CredContext) (Value, error) {
+	if cc == nil {
+		cc = defaultCredContext
+	}
+
 	token := os.Getenv("AWS_CONTAINER_AUTHORIZATION_TOKEN")
 	if token == "" {
 		token = m.Container.AuthorizationToken
@@ -144,7 +144,19 @@ func (m *IAM) Retrieve() (Value, error) {
 	var roleCreds ec2RoleCredRespBody
 	var err error
 
+	client := m.Client
+	if client == nil {
+		client = cc.Client
+	}
+	if client == nil {
+		client = defaultCredContext.Client
+	}
+
 	endpoint := m.Endpoint
+	if endpoint == "" {
+		endpoint = cc.Endpoint
+	}
+
 	switch {
 	case identityFile != "":
 		if len(endpoint) == 0 {
@@ -160,7 +172,7 @@ func (m *IAM) Retrieve() (Value, error) {
 		}
 
 		creds := &STSWebIdentity{
-			Client:      m.Client,
+			Client:      client,
 			STSEndpoint: endpoint,
 			GetWebIDTokenExpiry: func() (*WebIdentityToken, error) {
 				token, err := os.ReadFile(identityFile)
@@ -174,7 +186,7 @@ func (m *IAM) Retrieve() (Value, error) {
 			roleSessionName: roleSessionName,
 		}
 
-		stsWebIdentityCreds, err := creds.Retrieve()
+		stsWebIdentityCreds, err := creds.RetrieveWithCredContext(cc)
 		if err == nil {
 			m.SetExpiration(creds.Expiration(), DefaultExpiryWindow)
 		}
@@ -185,11 +197,11 @@ func (m *IAM) Retrieve() (Value, error) {
 			endpoint = fmt.Sprintf("%s%s", DefaultECSRoleEndpoint, relativeURI)
 		}
 
-		roleCreds, err = getEcsTaskCredentials(m.Client, endpoint, token)
+		roleCreds, err = getEcsTaskCredentials(client, endpoint, token)
 
 	case tokenFile != "" && fullURI != "":
 		endpoint = fullURI
-		roleCreds, err = getEKSPodIdentityCredentials(m.Client, endpoint, tokenFile)
+		roleCreds, err = getEKSPodIdentityCredentials(client, endpoint, tokenFile)
 
 	case fullURI != "":
 		if len(endpoint) == 0 {
@@ -203,10 +215,10 @@ func (m *IAM) Retrieve() (Value, error) {
 			}
 		}
 
-		roleCreds, err = getEcsTaskCredentials(m.Client, endpoint, token)
+		roleCreds, err = getEcsTaskCredentials(client, endpoint, token)
 
 	default:
-		roleCreds, err = getCredentials(m.Client, endpoint)
+		roleCreds, err = getCredentials(client, endpoint)
 	}
 
 	if err != nil {
@@ -224,6 +236,13 @@ func (m *IAM) Retrieve() (Value, error) {
 	}, nil
 }
 
+// Retrieve retrieves credentials from the EC2 service.
+// Error will be returned if the request fails, or unable to extract
+// the desired
+func (m *IAM) Retrieve() (Value, error) {
+	return m.RetrieveWithCredContext(nil)
+}
+
 // A ec2RoleCredRespBody provides the shape for unmarshaling credential
 // request responses.
 type ec2RoleCredRespBody struct {
diff --git a/vendor/github.com/minio/minio-go/v7/pkg/credentials/static.go b/vendor/github.com/minio/minio-go/v7/pkg/credentials/static.go
index 7dde00b0a16..d90c98c84d5 100644
--- a/vendor/github.com/minio/minio-go/v7/pkg/credentials/static.go
+++ b/vendor/github.com/minio/minio-go/v7/pkg/credentials/static.go
@@ -59,6 +59,11 @@ func (s *Static) Retrieve() (Value, error) {
 	return s.Value, nil
 }
 
+// RetrieveWithCredContext returns the static credentials.
+func (s *Static) RetrieveWithCredContext(_ *CredContext) (Value, error) {
+	return s.Retrieve()
+}
+
 // IsExpired returns if the credentials are expired.
 //
 // For Static, the credentials never expired.
diff --git a/vendor/github.com/minio/minio-go/v7/pkg/credentials/sts_client_grants.go b/vendor/github.com/minio/minio-go/v7/pkg/credentials/sts_client_grants.go
index 62bfbb6b02c..ef6f436b84b 100644
--- a/vendor/github.com/minio/minio-go/v7/pkg/credentials/sts_client_grants.go
+++ b/vendor/github.com/minio/minio-go/v7/pkg/credentials/sts_client_grants.go
@@ -72,7 +72,8 @@ type ClientGrantsToken struct {
 type STSClientGrants struct {
 	Expiry
 
-	// Required http Client to use when connecting to MinIO STS service.
+	// Optional http Client to use when connecting to MinIO STS service.
+	// (overrides default client in CredContext)
 	Client *http.Client
 
 	// MinIO endpoint to fetch STS credentials.
@@ -90,16 +91,10 @@ type STSClientGrants struct {
 // NewSTSClientGrants returns a pointer to a new
 // Credentials object wrapping the STSClientGrants.
 func NewSTSClientGrants(stsEndpoint string, getClientGrantsTokenExpiry func() (*ClientGrantsToken, error)) (*Credentials, error) {
-	if stsEndpoint == "" {
-		return nil, errors.New("STS endpoint cannot be empty")
-	}
 	if getClientGrantsTokenExpiry == nil {
 		return nil, errors.New("Client grants access token and expiry retrieval function should be defined")
 	}
 	return New(&STSClientGrants{
-		Client: &http.Client{
-			Transport: http.DefaultTransport,
-		},
 		STSEndpoint:                stsEndpoint,
 		GetClientGrantsTokenExpiry: getClientGrantsTokenExpiry,
 	}), nil
@@ -162,10 +157,29 @@ func getClientGrantsCredentials(clnt *http.Client, endpoint string,
 	return a, nil
 }
 
-// Retrieve retrieves credentials from the MinIO service.
-// Error will be returned if the request fails.
-func (m *STSClientGrants) Retrieve() (Value, error) {
-	a, err := getClientGrantsCredentials(m.Client, m.STSEndpoint, m.GetClientGrantsTokenExpiry)
+// RetrieveWithCredContext is like Retrieve() with cred context
+func (m *STSClientGrants) RetrieveWithCredContext(cc *CredContext) (Value, error) {
+	if cc == nil {
+		cc = defaultCredContext
+	}
+
+	client := m.Client
+	if client == nil {
+		client = cc.Client
+	}
+	if client == nil {
+		client = defaultCredContext.Client
+	}
+
+	stsEndpoint := m.STSEndpoint
+	if stsEndpoint == "" {
+		stsEndpoint = cc.Endpoint
+	}
+	if stsEndpoint == "" {
+		return Value{}, errors.New("STS endpoint unknown")
+	}
+
+	a, err := getClientGrantsCredentials(client, stsEndpoint, m.GetClientGrantsTokenExpiry)
 	if err != nil {
 		return Value{}, err
 	}
@@ -181,3 +195,9 @@ func (m *STSClientGrants) Retrieve() (Value, error) {
 		SignerType:      SignatureV4,
 	}, nil
 }
+
+// Retrieve retrieves credentials from the MinIO service.
+// Error will be returned if the request fails.
+func (m *STSClientGrants) Retrieve() (Value, error) {
+	return m.RetrieveWithCredContext(nil)
+}
diff --git a/vendor/github.com/minio/minio-go/v7/pkg/credentials/sts_custom_identity.go b/vendor/github.com/minio/minio-go/v7/pkg/credentials/sts_custom_identity.go
index 75e1a77d322..0021f9315b6 100644
--- a/vendor/github.com/minio/minio-go/v7/pkg/credentials/sts_custom_identity.go
+++ b/vendor/github.com/minio/minio-go/v7/pkg/credentials/sts_custom_identity.go
@@ -53,6 +53,8 @@ type AssumeRoleWithCustomTokenResponse struct {
 type CustomTokenIdentity struct {
 	Expiry
 
+	// Optional http Client to use when connecting to MinIO STS service.
+	// (overrides default client in CredContext)
 	Client *http.Client
 
 	// MinIO server STS endpoint to fetch STS credentials.
@@ -69,9 +71,21 @@ type CustomTokenIdentity struct {
 	RequestedExpiry time.Duration
 }
 
-// Retrieve - to satisfy Provider interface; fetches credentials from MinIO.
-func (c *CustomTokenIdentity) Retrieve() (value Value, err error) {
-	u, err := url.Parse(c.STSEndpoint)
+// RetrieveWithCredContext with Retrieve optionally cred context
+func (c *CustomTokenIdentity) RetrieveWithCredContext(cc *CredContext) (value Value, err error) {
+	if cc == nil {
+		cc = defaultCredContext
+	}
+
+	stsEndpoint := c.STSEndpoint
+	if stsEndpoint == "" {
+		stsEndpoint = cc.Endpoint
+	}
+	if stsEndpoint == "" {
+		return Value{}, errors.New("STS endpoint unknown")
+	}
+
+	u, err := url.Parse(stsEndpoint)
 	if err != nil {
 		return value, err
 	}
@@ -92,7 +106,15 @@ func (c *CustomTokenIdentity) Retrieve() (value Value, err error) {
 		return value, err
 	}
 
-	resp, err := c.Client.Do(req)
+	client := c.Client
+	if client == nil {
+		client = cc.Client
+	}
+	if client == nil {
+		client = defaultCredContext.Client
+	}
+
+	resp, err := client.Do(req)
 	if err != nil {
 		return value, err
 	}
@@ -118,11 +140,15 @@ func (c *CustomTokenIdentity) Retrieve() (value Value, err error) {
 	}, nil
 }
 
+// Retrieve - to satisfy Provider interface; fetches credentials from MinIO.
+func (c *CustomTokenIdentity) Retrieve() (value Value, err error) {
+	return c.RetrieveWithCredContext(nil)
+}
+
 // NewCustomTokenCredentials - returns credentials using the
 // AssumeRoleWithCustomToken STS API.
 func NewCustomTokenCredentials(stsEndpoint, token, roleArn string, optFuncs ...CustomTokenOpt) (*Credentials, error) {
 	c := CustomTokenIdentity{
-		Client:      &http.Client{Transport: http.DefaultTransport},
 		STSEndpoint: stsEndpoint,
 		Token:       token,
 		RoleArn:     roleArn,
diff --git a/vendor/github.com/minio/minio-go/v7/pkg/credentials/sts_ldap_identity.go b/vendor/github.com/minio/minio-go/v7/pkg/credentials/sts_ldap_identity.go
index b8df289f203..e63997e6ef2 100644
--- a/vendor/github.com/minio/minio-go/v7/pkg/credentials/sts_ldap_identity.go
+++ b/vendor/github.com/minio/minio-go/v7/pkg/credentials/sts_ldap_identity.go
@@ -20,6 +20,7 @@ package credentials
 import (
 	"bytes"
 	"encoding/xml"
+	"errors"
 	"fmt"
 	"io"
 	"net/http"
@@ -55,7 +56,8 @@ type LDAPIdentityResult struct {
 type LDAPIdentity struct {
 	Expiry
 
-	// Required http Client to use when connecting to MinIO STS service.
+	// Optional http Client to use when connecting to MinIO STS service.
+	// (overrides default client in CredContext)
 	Client *http.Client
 
 	// Exported STS endpoint to fetch STS credentials.
@@ -77,7 +79,6 @@ type LDAPIdentity struct {
 // Identity.
 func NewLDAPIdentity(stsEndpoint, ldapUsername, ldapPassword string, optFuncs ...LDAPIdentityOpt) (*Credentials, error) {
 	l := LDAPIdentity{
-		Client:       &http.Client{Transport: http.DefaultTransport},
 		STSEndpoint:  stsEndpoint,
 		LDAPUsername: ldapUsername,
 		LDAPPassword: ldapPassword,
@@ -113,7 +114,6 @@ func LDAPIdentityExpiryOpt(d time.Duration) LDAPIdentityOpt {
 // Deprecated: Use the `LDAPIdentityPolicyOpt` with `NewLDAPIdentity` instead.
 func NewLDAPIdentityWithSessionPolicy(stsEndpoint, ldapUsername, ldapPassword, policy string) (*Credentials, error) {
 	return New(&LDAPIdentity{
-		Client:       &http.Client{Transport: http.DefaultTransport},
 		STSEndpoint:  stsEndpoint,
 		LDAPUsername: ldapUsername,
 		LDAPPassword: ldapPassword,
@@ -121,10 +121,22 @@ func NewLDAPIdentityWithSessionPolicy(stsEndpoint, ldapUsername, ldapPassword, p
 	}), nil
 }
 
-// Retrieve gets the credential by calling the MinIO STS API for
+// RetrieveWithCredContext gets the credential by calling the MinIO STS API for
 // LDAP on the configured stsEndpoint.
-func (k *LDAPIdentity) Retrieve() (value Value, err error) {
-	u, err := url.Parse(k.STSEndpoint)
+func (k *LDAPIdentity) RetrieveWithCredContext(cc *CredContext) (value Value, err error) {
+	if cc == nil {
+		cc = defaultCredContext
+	}
+
+	stsEndpoint := k.STSEndpoint
+	if stsEndpoint == "" {
+		stsEndpoint = cc.Endpoint
+	}
+	if stsEndpoint == "" {
+		return Value{}, errors.New("STS endpoint unknown")
+	}
+
+	u, err := url.Parse(stsEndpoint)
 	if err != nil {
 		return value, err
 	}
@@ -148,7 +160,15 @@ func (k *LDAPIdentity) Retrieve() (value Value, err error) {
 
 	req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
 
-	resp, err := k.Client.Do(req)
+	client := k.Client
+	if client == nil {
+		client = cc.Client
+	}
+	if client == nil {
+		client = defaultCredContext.Client
+	}
+
+	resp, err := client.Do(req)
 	if err != nil {
 		return value, err
 	}
@@ -188,3 +208,9 @@ func (k *LDAPIdentity) Retrieve() (value Value, err error) {
 		SignerType:      SignatureV4,
 	}, nil
 }
+
+// Retrieve gets the credential by calling the MinIO STS API for
+// LDAP on the configured stsEndpoint.
+func (k *LDAPIdentity) Retrieve() (value Value, err error) {
+	return k.RetrieveWithCredContext(defaultCredContext)
+}
diff --git a/vendor/github.com/minio/minio-go/v7/pkg/credentials/sts_tls_identity.go b/vendor/github.com/minio/minio-go/v7/pkg/credentials/sts_tls_identity.go
index 10083502d1d..c904bbeac78 100644
--- a/vendor/github.com/minio/minio-go/v7/pkg/credentials/sts_tls_identity.go
+++ b/vendor/github.com/minio/minio-go/v7/pkg/credentials/sts_tls_identity.go
@@ -20,8 +20,8 @@ import (
 	"crypto/tls"
 	"encoding/xml"
 	"errors"
+	"fmt"
 	"io"
-	"net"
 	"net/http"
 	"net/url"
 	"strconv"
@@ -36,7 +36,12 @@ type CertificateIdentityOption func(*STSCertificateIdentity)
 // CertificateIdentityWithTransport returns a CertificateIdentityOption that
 // customizes the STSCertificateIdentity with the given http.RoundTripper.
 func CertificateIdentityWithTransport(t http.RoundTripper) CertificateIdentityOption {
-	return CertificateIdentityOption(func(i *STSCertificateIdentity) { i.Client.Transport = t })
+	return CertificateIdentityOption(func(i *STSCertificateIdentity) {
+		if i.Client == nil {
+			i.Client = &http.Client{}
+		}
+		i.Client.Transport = t
+	})
 }
 
 // CertificateIdentityWithExpiry returns a CertificateIdentityOption that
@@ -53,6 +58,10 @@ func CertificateIdentityWithExpiry(livetime time.Duration) CertificateIdentityOp
 type STSCertificateIdentity struct {
 	Expiry
 
+	// Optional http Client to use when connecting to MinIO STS service.
+	// (overrides default client in CredContext)
+	Client *http.Client
+
 	// STSEndpoint is the base URL endpoint of the STS API.
 	// For example, https://minio.local:9000
 	STSEndpoint string
@@ -68,50 +77,18 @@ type STSCertificateIdentity struct {
 	// The default livetime is one hour.
 	S3CredentialLivetime time.Duration
 
-	// Client is the HTTP client used to authenticate and fetch
-	// S3 credentials.
-	//
-	// A custom TLS client configuration can be specified by
-	// using a custom http.Transport:
-	//   Client: http.Client {
-	//       Transport: &http.Transport{
-	//           TLSClientConfig: &tls.Config{},
-	//       },
-	//   }
-	Client http.Client
+	// Certificate is the client certificate that is used for
+	// STS authentication.
+	Certificate tls.Certificate
 }
 
-var _ Provider = (*STSWebIdentity)(nil) // compiler check
-
 // NewSTSCertificateIdentity returns a STSCertificateIdentity that authenticates
 // to the given STS endpoint with the given TLS certificate and retrieves and
 // rotates S3 credentials.
 func NewSTSCertificateIdentity(endpoint string, certificate tls.Certificate, options ...CertificateIdentityOption) (*Credentials, error) {
-	if endpoint == "" {
-		return nil, errors.New("STS endpoint cannot be empty")
-	}
-	if _, err := url.Parse(endpoint); err != nil {
-		return nil, err
-	}
 	identity := &STSCertificateIdentity{
 		STSEndpoint: endpoint,
-		Client: http.Client{
-			Transport: &http.Transport{
-				Proxy: http.ProxyFromEnvironment,
-				DialContext: (&net.Dialer{
-					Timeout:   30 * time.Second,
-					KeepAlive: 30 * time.Second,
-				}).DialContext,
-				ForceAttemptHTTP2:     true,
-				MaxIdleConns:          100,
-				IdleConnTimeout:       90 * time.Second,
-				TLSHandshakeTimeout:   10 * time.Second,
-				ExpectContinueTimeout: 5 * time.Second,
-				TLSClientConfig: &tls.Config{
-					Certificates: []tls.Certificate{certificate},
-				},
-			},
-		},
+		Certificate: certificate,
 	}
 	for _, option := range options {
 		option(identity)
@@ -119,10 +96,21 @@ func NewSTSCertificateIdentity(endpoint string, certificate tls.Certificate, opt
 	return New(identity), nil
 }
 
-// Retrieve fetches a new set of S3 credentials from the configured
-// STS API endpoint.
-func (i *STSCertificateIdentity) Retrieve() (Value, error) {
-	endpointURL, err := url.Parse(i.STSEndpoint)
+// RetrieveWithCredContext is Retrieve with cred context
+func (i *STSCertificateIdentity) RetrieveWithCredContext(cc *CredContext) (Value, error) {
+	if cc == nil {
+		cc = defaultCredContext
+	}
+
+	stsEndpoint := i.STSEndpoint
+	if stsEndpoint == "" {
+		stsEndpoint = cc.Endpoint
+	}
+	if stsEndpoint == "" {
+		return Value{}, errors.New("STS endpoint unknown")
+	}
+
+	endpointURL, err := url.Parse(stsEndpoint)
 	if err != nil {
 		return Value{}, err
 	}
@@ -145,7 +133,28 @@ func (i *STSCertificateIdentity) Retrieve() (Value, error) {
 	}
 	req.Form.Add("DurationSeconds", strconv.FormatUint(uint64(livetime.Seconds()), 10))
 
-	resp, err := i.Client.Do(req)
+	client := i.Client
+	if client == nil {
+		client = cc.Client
+	}
+	if client == nil {
+		client = defaultCredContext.Client
+	}
+
+	tr, ok := client.Transport.(*http.Transport)
+	if !ok {
+		return Value{}, fmt.Errorf("CredContext should contain an http.Transport value")
+	}
+
+	// Clone the HTTP transport (patch the TLS client certificate)
+	trCopy := tr.Clone()
+	trCopy.TLSClientConfig.Certificates = []tls.Certificate{i.Certificate}
+
+	// Clone the HTTP client (patch the HTTP transport)
+	clientCopy := *client
+	clientCopy.Transport = trCopy
+
+	resp, err := clientCopy.Do(req)
 	if err != nil {
 		return Value{}, err
 	}
@@ -193,6 +202,11 @@ func (i *STSCertificateIdentity) Retrieve() (Value, error) {
 	}, nil
 }
 
+// Retrieve fetches a new set of S3 credentials from the configured STS API endpoint.
+func (i *STSCertificateIdentity) Retrieve() (Value, error) {
+	return i.RetrieveWithCredContext(defaultCredContext)
+}
+
 // Expiration returns the expiration time of the current S3 credentials.
 func (i *STSCertificateIdentity) Expiration() time.Time { return i.expiration }
 
diff --git a/vendor/github.com/minio/minio-go/v7/pkg/credentials/sts_web_identity.go b/vendor/github.com/minio/minio-go/v7/pkg/credentials/sts_web_identity.go
index 8c06bac60db..23525889301 100644
--- a/vendor/github.com/minio/minio-go/v7/pkg/credentials/sts_web_identity.go
+++ b/vendor/github.com/minio/minio-go/v7/pkg/credentials/sts_web_identity.go
@@ -69,7 +69,8 @@ type WebIdentityToken struct {
 type STSWebIdentity struct {
 	Expiry
 
-	// Required http Client to use when connecting to MinIO STS service.
+	// Optional http Client to use when connecting to MinIO STS service.
+	// (overrides default client in CredContext)
 	Client *http.Client
 
 	// Exported STS endpoint to fetch STS credentials.
@@ -97,16 +98,10 @@ type STSWebIdentity struct {
 // NewSTSWebIdentity returns a pointer to a new
 // Credentials object wrapping the STSWebIdentity.
 func NewSTSWebIdentity(stsEndpoint string, getWebIDTokenExpiry func() (*WebIdentityToken, error), opts ...func(*STSWebIdentity)) (*Credentials, error) {
-	if stsEndpoint == "" {
-		return nil, errors.New("STS endpoint cannot be empty")
-	}
 	if getWebIDTokenExpiry == nil {
 		return nil, errors.New("Web ID token and expiry retrieval function should be defined")
 	}
 	i := &STSWebIdentity{
-		Client: &http.Client{
-			Transport: http.DefaultTransport,
-		},
 		STSEndpoint:         stsEndpoint,
 		GetWebIDTokenExpiry: getWebIDTokenExpiry,
 	}
@@ -219,10 +214,29 @@ func getWebIdentityCredentials(clnt *http.Client, endpoint, roleARN, roleSession
 	return a, nil
 }
 
-// Retrieve retrieves credentials from the MinIO service.
-// Error will be returned if the request fails.
-func (m *STSWebIdentity) Retrieve() (Value, error) {
-	a, err := getWebIdentityCredentials(m.Client, m.STSEndpoint, m.RoleARN, m.roleSessionName, m.Policy, m.GetWebIDTokenExpiry)
+// RetrieveWithCredContext is like Retrieve with optional cred context.
+func (m *STSWebIdentity) RetrieveWithCredContext(cc *CredContext) (Value, error) {
+	if cc == nil {
+		cc = defaultCredContext
+	}
+
+	client := m.Client
+	if client == nil {
+		client = cc.Client
+	}
+	if client == nil {
+		client = defaultCredContext.Client
+	}
+
+	stsEndpoint := m.STSEndpoint
+	if stsEndpoint == "" {
+		stsEndpoint = cc.Endpoint
+	}
+	if stsEndpoint == "" {
+		return Value{}, errors.New("STS endpoint unknown")
+	}
+
+	a, err := getWebIdentityCredentials(client, stsEndpoint, m.RoleARN, m.roleSessionName, m.Policy, m.GetWebIDTokenExpiry)
 	if err != nil {
 		return Value{}, err
 	}
@@ -239,6 +253,12 @@ func (m *STSWebIdentity) Retrieve() (Value, error) {
 	}, nil
 }
 
+// Retrieve retrieves credentials from the MinIO service.
+// Error will be returned if the request fails.
+func (m *STSWebIdentity) Retrieve() (Value, error) {
+	return m.RetrieveWithCredContext(nil)
+}
+
 // Expiration returns the expiration time of the credentials
 func (m *STSWebIdentity) Expiration() time.Time {
 	return m.expiration
diff --git a/vendor/github.com/minio/minio-go/v7/retry.go b/vendor/github.com/minio/minio-go/v7/retry.go
index 4cc45920c4a..ed954017ca2 100644
--- a/vendor/github.com/minio/minio-go/v7/retry.go
+++ b/vendor/github.com/minio/minio-go/v7/retry.go
@@ -112,6 +112,7 @@ func isS3CodeRetryable(s3Code string) (ok bool) {
 
 // List of HTTP status codes which are retryable.
 var retryableHTTPStatusCodes = map[int]struct{}{
+	http.StatusRequestTimeout:      {},
 	429:                            {}, // http.StatusTooManyRequests is not part of the Go 1.5 library, yet
 	499:                            {}, // client closed request, retry. A non-standard status code introduced by nginx.
 	http.StatusInternalServerError: {},
diff --git a/vendor/modules.txt b/vendor/modules.txt
index 809e3eacc42..b164a040261 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -478,7 +478,7 @@ github.com/go-redis/redis/v8/internal/rand
 github.com/go-redis/redis/v8/internal/util
 # github.com/go-test/deep v1.1.0
 ## explicit; go 1.16
-# github.com/goccy/go-json v0.10.3
+# github.com/goccy/go-json v0.10.4
 ## explicit; go 1.19
 github.com/goccy/go-json
 github.com/goccy/go-json/internal/decoder
@@ -824,8 +824,8 @@ github.com/klauspost/compress/s2
 github.com/klauspost/compress/zlib
 github.com/klauspost/compress/zstd
 github.com/klauspost/compress/zstd/internal/xxhash
-# github.com/klauspost/cpuid/v2 v2.2.8
-## explicit; go 1.15
+# github.com/klauspost/cpuid/v2 v2.2.9
+## explicit; go 1.20
 github.com/klauspost/cpuid/v2
 # github.com/kylelemons/godebug v1.1.0
 ## explicit; go 1.11
@@ -860,7 +860,7 @@ github.com/miekg/dns
 # github.com/minio/md5-simd v1.1.2
 ## explicit; go 1.14
 github.com/minio/md5-simd
-# github.com/minio/minio-go/v7 v7.0.82
+# github.com/minio/minio-go/v7 v7.0.83
 ## explicit; go 1.22
 github.com/minio/minio-go/v7
 github.com/minio/minio-go/v7/pkg/cors