From 0f3de397d9f37a41f743a8e6fa3eb87792ec3ac7 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 5 Mar 2026 03:26:41 +0000
Subject: [PATCH] Bump github.com/docker/cli

Bumps [github.com/docker/cli](https://github.com/docker/cli) from 24.0.0+incompatible to 29.2.0+incompatible.
- [Commits](https://github.com/docker/cli/compare/v24.0.0...v29.2.0)

---
updated-dependencies:
- dependency-name: github.com/docker/cli
  dependency-version: 29.2.0+incompatible
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 go.mod                                        |   2 +-
 go.sum                                        |   4 +-
 vendor/github.com/docker/cli/AUTHORS          | 107 ++++++++++++-
 vendor/github.com/docker/cli/NOTICE           |   2 +-
 .../docker/cli/cli/config/config.go           | 149 ++++++++++--------
 .../docker/cli/cli/config/configfile/file.go  | 114 ++++++++++++--
 .../cli/cli/config/configfile/file_unix.go    |   1 -
 .../cli/config/credentials/default_store.go   |  23 +--
 .../credentials/default_store_unsupported.go  |   1 -
 .../cli/cli/config/credentials/file_store.go  |  72 +++++++--
 .../cli/config/credentials/native_store.go    |   4 +
 .../cli/cli/config/memorystore/store.go       | 131 +++++++++++++++
 .../docker/cli/cli/config/types/authconfig.go |   5 -
 vendor/modules.txt                            |   3 +-
 14 files changed, 497 insertions(+), 121 deletions(-)
 create mode 100644 vendor/github.com/docker/cli/cli/config/memorystore/store.go

diff --git a/go.mod b/go.mod
index ebb7419c59..85556cc60b 100644
--- a/go.mod
+++ b/go.mod
@@ -49,7 +49,7 @@ require (
 	github.com/cpuguy83/go-md2man/v2 v2.0.3 // indirect
 	github.com/distribution/distribution/v3 v3.0.0-20210316161203-a01c71e2477e // indirect
 	github.com/distribution/reference v0.6.0 // indirect
-	github.com/docker/cli v24.0.0+incompatible // indirect
+	github.com/docker/cli v29.2.0+incompatible // indirect
 	github.com/docker/distribution v2.8.2+incompatible // indirect
 	github.com/docker/docker-credential-helpers v0.7.0 // indirect
 	github.com/docker/go-units v0.5.0 // indirect
diff --git a/go.sum b/go.sum
index 83c60ce9b0..2ba32bde14 100644
--- a/go.sum
+++ b/go.sum
@@ -89,8 +89,8 @@ github.com/distribution/distribution/v3 v3.0.0-20210316161203-a01c71e2477e/go.mo
 github.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5QvfrDyIgxBk=
 github.com/distribution/reference v0.6.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E=
 github.com/dnaeon/go-vcr v1.0.1/go.mod h1:aBB1+wY4s93YsC3HHjMBMrwTj2R9FHDzUr9KyGc8n1E=
-github.com/docker/cli v24.0.0+incompatible h1:0+1VshNwBQzQAx9lOl+OYCTCEAD8fKs/qeXMx3O0wqM=
-github.com/docker/cli v24.0.0+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
+github.com/docker/cli v29.2.0+incompatible h1:9oBd9+YM7rxjZLfyMGxjraKBKE4/nVyvVfN4qNl9XRM=
+github.com/docker/cli v29.2.0+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
 github.com/docker/distribution v2.8.2+incompatible h1:T3de5rq0dB1j30rp0sA2rER+m322EBzniBPB6ZIzuh8=
 github.com/docker/distribution v2.8.2+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
 github.com/docker/docker v25.0.6+incompatible h1:5cPwbwriIcsua2REJe8HqQV+6WlWc1byg2QSXzBxBGg=
diff --git a/vendor/github.com/docker/cli/AUTHORS b/vendor/github.com/docker/cli/AUTHORS
index 483743c992..57af08b204 100644
--- a/vendor/github.com/docker/cli/AUTHORS
+++ b/vendor/github.com/docker/cli/AUTHORS
@@ -2,6 +2,7 @@
 # This file lists all contributors to the repository.
 # See scripts/docs/generate-authors.sh to make modifications.
 
+A. Lester Buck III <github-reg@nbolt.com>
 Aanand Prasad <aanand.prasad@gmail.com>
 Aaron L. Xu <liker.xu@foxmail.com>
 Aaron Lehmann <alehmann@netflix.com>
@@ -16,6 +17,7 @@ Adolfo Ochagavía <aochagavia92@gmail.com>
 Adrian Plata <adrian.plata@docker.com>
 Adrien Duermael <adrien@duermael.com>
 Adrien Folie <folie.adrien@gmail.com>
+Adyanth Hosavalike <ahosavalike@ucsd.edu>
 Ahmet Alp Balkan <ahmetb@microsoft.com>
 Aidan Feldman <aidan.feldman@gmail.com>
 Aidan Hobson Sayers <aidanhs@cantab.net>
@@ -24,9 +26,10 @@ Akhil Mohan <akhil.mohan@mayadata.io>
 Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 Akim Demaille <akim.demaille@docker.com>
 Alan Thompson <cloojure@gmail.com>
+Alano Terblanche <alano.terblanche@docker.com>
 Albert Callarisa <shark234@gmail.com>
 Alberto Roura <mail@albertoroura.com>
-Albin Kerouanton <albin@akerouanton.name>
+Albin Kerouanton <albinker@gmail.com>
 Aleksa Sarai <asarai@suse.de>
 Aleksander Piotrowski <apiotrowski312@gmail.com>
 Alessandro Boch <aboch@tetrationanalytics.com>
@@ -34,6 +37,7 @@ Alex Couture-Beil <alex@earthly.dev>
 Alex Mavrogiannis <alex.mavrogiannis@docker.com>
 Alex Mayer <amayer5125@gmail.com>
 Alexander Boyd <alex@opengroove.org>
+Alexander Chneerov <achneerov@gmail.com>
 Alexander Larsson <alexl@redhat.com>
 Alexander Morozov <lk4d4math@gmail.com>
 Alexander Ryabov <i@sepa.spb.ru>
@@ -41,8 +45,10 @@ Alexandre González <agonzalezro@gmail.com>
 Alexey Igrychev <alexey.igrychev@flant.com>
 Alexis Couvreur <alexiscouvreur.pro@gmail.com>
 Alfred Landrum <alfred.landrum@docker.com>
+Ali Rostami <rostami.ali@gmail.com>
 Alicia Lauerman <alicia@eta.im>
 Allen Sun <allensun.shl@alibaba-inc.com>
+Allie Sadler <allie.sadler@docker.com>
 Alvin Deng <alvin.q.deng@utexas.edu>
 Amen Belayneh <amenbelayneh@gmail.com>
 Amey Shrivastava <72866602+AmeyShrivastava@users.noreply.github.com>
@@ -57,10 +63,12 @@ Andreas Köhler <andi5.py@gmx.net>
 Andres G. Aragoneses <knocte@gmail.com>
 Andres Leon Rangel <aleon1220@gmail.com>
 Andrew France <andrew@avito.co.uk>
+Andrew He <he.andrew.mail@gmail.com>
 Andrew Hsu <andrewhsu@docker.com>
 Andrew Macpherson <hopscotch23@gmail.com>
 Andrew McDonnell <bugs@andrewmcdonnell.net>
 Andrew Po <absourd.noise@gmail.com>
+Andrew-Zipperer <atzipperer@gmail.com>
 Andrey Petrov <andrey.petrov@shazow.net>
 Andrii Berehuliak <berkusandrew@gmail.com>
 André Martins <aanm90@gmail.com>
@@ -75,11 +83,16 @@ Antonis Kalipetis <akalipetis@gmail.com>
 Anusha Ragunathan <anusha.ragunathan@docker.com>
 Ao Li <la9249@163.com>
 Arash Deshmeh <adeshmeh@ca.ibm.com>
+Archimedes Trajano <developer@trajano.net>
 Arko Dasgupta <arko@tetrate.io>
 Arnaud Porterie <icecrime@gmail.com>
 Arnaud Rebillout <elboulangero@gmail.com>
+Arthur Flageul <arthur.flageul@gmail.com>
 Arthur Peka <arthur.peka@outlook.com>
+Ashly Mathew <ashly.mathew@sap.com>
 Ashwini Oruganti <ashwini.oruganti@gmail.com>
+Aslam Ahemad <aslamahemad@gmail.com>
+Austin Vazquez <austin.vazquez@docker.com>
 Azat Khuyiyakhmetov <shadow_uz@mail.ru>
 Bardia Keyoumarsi <bkeyouma@ucsc.edu>
 Barnaby Gray <barnaby@pickle.me.uk>
@@ -98,7 +111,9 @@ Bill Wang <ozbillwang@gmail.com>
 Bin Liu <liubin0329@gmail.com>
 Bingshen Wang <bingshen.wbs@alibaba-inc.com>
 Bishal Das <bishalhnj127@gmail.com>
+Bjorn Neergaard <bjorn.neergaard@docker.com>
 Boaz Shuster <ripcurld.github@gmail.com>
+Boban Acimovic <boban.acimovic@gmail.com>
 Bogdan Anton <contact@bogdananton.ro>
 Boris Pruessmann <boris@pruessmann.org>
 Brad Baker <brad@brad.fi>
@@ -109,19 +124,25 @@ Brent Salisbury <brent.salisbury@docker.com>
 Bret Fisher <bret@bretfisher.com>
 Brian (bex) Exelbierd <bexelbie@redhat.com>
 Brian Goff <cpuguy83@gmail.com>
+Brian Tracy <brian.tracy33@gmail.com>
 Brian Wieder <brian@4wieders.com>
 Bruno Sousa <bruno.sousa@docker.com>
 Bryan Bess <squarejaw@bsbess.com>
 Bryan Boreham <bjboreham@gmail.com>
 Bryan Murphy <bmurphy1976@gmail.com>
 bryfry <bryon.fryer@gmail.com>
+Calvin Liu <flycalvin@qq.com>
 Cameron Spear <cameronspear@gmail.com>
 Cao Weiwei <cao.weiwei30@zte.com.cn>
 Carlo Mion <mion00@gmail.com>
 Carlos Alexandro Becker <caarlos0@gmail.com>
 Carlos de Paula <me@carlosedp.com>
+carsontham <carsontham@outlook.com>
+Carston Schilds <Carston.Schilds@visier.com>
+Casey Korver <casey@korver.dev>
 Ce Gao <ce.gao@outlook.com>
 Cedric Davies <cedricda@microsoft.com>
+Cesar Talledo <cesar.talledo@docker.com>
 Cezar Sa Espinola <cezarsa@gmail.com>
 Chad Faragher <wyckster@hotmail.com>
 Chao Wang <wangchao.fnst@cn.fujitsu.com>
@@ -136,6 +157,7 @@ Chen Chuanliang <chen.chuanliang@zte.com.cn>
 Chen Hanxiao <chenhanxiao@cn.fujitsu.com>
 Chen Mingjie <chenmingjie0828@163.com>
 Chen Qiu <cheney-90@hotmail.com>
+Chris Chinchilla <chris@chrischinchilla.com>
 Chris Couzens <ccouzens@gmail.com>
 Chris Gavin <chris@chrisgavin.me>
 Chris Gibson <chris@chrisg.io>
@@ -150,6 +172,8 @@ Christophe Vidal <kriss@krizalys.com>
 Christopher Biscardi <biscarch@sketcht.com>
 Christopher Crone <christopher.crone@docker.com>
 Christopher Jones <tophj@linux.vnet.ibm.com>
+Christopher Petito <47751006+krissetto@users.noreply.github.com>
+Christopher Petito <chrisjpetito@gmail.com>
 Christopher Svensson <stoffus@stoffus.com>
 Christy Norman <christy@linux.vnet.ibm.com>
 Chun Chen <ramichen@tencent.com>
@@ -163,6 +187,8 @@ Conner Crosby <conner@cavcrosby.tech>
 Corey Farrell <git@cfware.com>
 Corey Quon <corey.quon@docker.com>
 Cory Bennet <cbennett@netflix.com>
+Cory Snider <csnider@mirantis.com>
+Craig Osterhout <craig.osterhout@docker.com>
 Craig Wilhite <crwilhit@microsoft.com>
 Cristian Staretu <cristian.staretu@gmail.com>
 Daehyeok Mun <daehyeok@gmail.com>
@@ -171,6 +197,8 @@ Daisuke Ito <itodaisuke00@gmail.com>
 dalanlan <dalanlan925@gmail.com>
 Damien Nadé <github@livna.org>
 Dan Cotora <dan@bluevision.ro>
+Dan Wallis <dan@wallis.nz>
+Danial Gharib <danial.mail.gh@gmail.com>
 Daniel Artine <daniel.artine@ufrj.br>
 Daniel Cassidy <mail@danielcassidy.me.uk>
 Daniel Dao <dqminh@cloudflare.com>
@@ -196,9 +224,10 @@ David Alvarez <david.alvarez@flyeralarm.com>
 David Beitey <david@davidjb.com>
 David Calavera <david.calavera@gmail.com>
 David Cramer <davcrame@cisco.com>
-David Dooling <dooling@gmail.com>
+David Dooling <david.dooling@docker.com>
 David Gageot <david@gageot.net>
 David Karlsson <david.karlsson@docker.com>
+David le Blanc <systemmonkey42@users.noreply.github.com>
 David Lechner <david@lechnology.com>
 David Scott <dave@recoil.org>
 David Sheets <dsheets@docker.com>
@@ -210,12 +239,14 @@ Denis Defreyne <denis@soundcloud.com>
 Denis Gladkikh <denis@gladkikh.email>
 Denis Ollier <larchunix@users.noreply.github.com>
 Dennis Docter <dennis@d23.nl>
+dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 Derek McGowan <derek@mcg.dev>
 Des Preston <despreston@gmail.com>
 Deshi Xiao <dxiao@redhat.com>
 Dharmit Shah <shahdharmit@gmail.com>
 Dhawal Yogesh Bhanushali <dbhanushali@vmware.com>
 Dieter Reuter <dieter.reuter@me.com>
+Dilep Dev <34891655+DilepDev@users.noreply.github.com>
 Dima Stopel <dima@twistlock.com>
 Dimitry Andric <d.andric@activevideo.com>
 Ding Fei <dingfei@stars.org.cn>
@@ -232,11 +263,14 @@ DongGeon Lee <secmatth1996@gmail.com>
 Doug Davis <dug@us.ibm.com>
 Drew Erny <derny@mirantis.com>
 Ed Costello <epc@epcostello.com>
+Ed Morley <501702+edmorley@users.noreply.github.com>
 Elango Sivanandam <elango.siva@docker.com>
 Eli Uriegas <eli.uriegas@docker.com>
 Eli Uriegas <seemethere101@gmail.com>
 Elias Faxö <elias.faxo@tre.se>
 Elliot Luo <956941328@qq.com>
+Eng Zer Jun <engzerjun@gmail.com>
+Eric Bode <eric.bode@foundries.io>
 Eric Curtin <ericcurtin17@gmail.com>
 Eric Engestrom <eric@engestrom.ch>
 Eric G. Noriega <enoriega@vizuri.com>
@@ -254,6 +288,7 @@ Eugene Yakubovich <eugene.yakubovich@coreos.com>
 Evan Allrich <evan@unguku.com>
 Evan Hazlett <ejhazlett@gmail.com>
 Evan Krall <krall@yelp.com>
+Evan Lezar <elezar@nvidia.com>
 Evelyn Xu <evelynhsu21@gmail.com>
 Everett Toews <everett.toews@rackspace.com>
 Fabio Falci <fabiofalci@gmail.com>
@@ -275,19 +310,25 @@ Frederik Nordahl Jul Sabroe <frederikns@gmail.com>
 Frieder Bluemle <frieder.bluemle@gmail.com>
 Gabriel Gore <gabgore@cisco.com>
 Gabriel Nicolas Avellaneda <avellaneda.gabriel@gmail.com>
+Gabriela Georgieva <gabriela.georgieva@docker.com>
 Gaetan de Villele <gdevillele@gmail.com>
 Gang Qiao <qiaohai8866@gmail.com>
 Gary Schaetz <gary@schaetzkc.com>
 Genki Takiuchi <genki@s21g.com>
 George MacRorie <gmacr31@gmail.com>
+George Margaritis <gmargaritis@protonmail.com>
 George Xie <georgexsh@gmail.com>
 Gianluca Borello <g.borello@gmail.com>
+Giau. Tran Minh <hello@giautm.dev>
+Giedrius Jonikas <giedriusj1@gmail.com>
 Gildas Cuisinier <gildas.cuisinier@gcuisinier.net>
 Gio d'Amelio <giodamelio@gmail.com>
 Gleb Stsenov <gleb.stsenov@gmail.com>
 Goksu Toprak <goksu.toprak@docker.com>
 Gou Rao <gou@portworx.com>
 Govind Rai <raigovind93@gmail.com>
+Grace Choi <grace.54109@gmail.com>
+Graeme Wiebe <graeme.wiebe@gmail.com>
 Grant Reaber <grant.reaber@gmail.com>
 Greg Pflaum <gpflaum@users.noreply.github.com>
 Gsealy <jiaojingwei1001@hotmail.com>
@@ -309,12 +350,15 @@ Henning Sprang <henning.sprang@gmail.com>
 Henry N <henrynmail-github@yahoo.de>
 Hernan Garcia <hernandanielg@gmail.com>
 Hongbin Lu <hongbin034@gmail.com>
+Hossein Abbasi <16090309+hsnabszhdn@users.noreply.github.com>
 Hu Keping <hukeping@huawei.com>
 Huayi Zhang <irachex@gmail.com>
+Hugo Chastel <Hugo-C@users.noreply.github.com>
 Hugo Gabriel Eyherabide <hugogabriel.eyherabide@gmail.com>
 huqun <huqun@zju.edu.cn>
 Huu Nguyen <huu@prismskylabs.com>
 Hyzhou Zhy <hyzhou.zhy@alibaba-inc.com>
+Iain MacDonald <IJMacD@gmail.com>
 Iain Samuel McLean Elder <iain@isme.es>
 Ian Campbell <ian.campbell@docker.com>
 Ian Philpot <ian.philpot@microsoft.com>
@@ -329,9 +373,12 @@ Ivan Grund <ivan.grund@gmail.com>
 Ivan Markin <sw@nogoegst.net>
 Jacob Atzen <jacob@jacobatzen.dk>
 Jacob Tomlinson <jacob@tom.linson.uk>
+Jacopo Rigoli <rigoli.jacopo@gmail.com>
 Jaivish Kothari <janonymous.codevulture@gmail.com>
 Jake Lambert <jake.lambert@volusion.com>
 Jake Sanders <jsand@google.com>
+Jake Stokes <contactjake@developerjake.com>
+Jakub Panek <me@panekj.dev>
 James Nesbitt <james.nesbitt@wunderkraut.com>
 James Turnbull <james@lovedthanlost.net>
 Jamie Hannaford <jamie@limetree.org>
@@ -361,8 +408,10 @@ Jesse Adametz <jesseadametz@gmail.com>
 Jessica Frazelle <jess@oxide.computer>
 Jezeniel Zapanta <jpzapanta22@gmail.com>
 Jian Zhang <zhangjian.fnst@cn.fujitsu.com>
+Jianyong Wu <wujianyong@hygon.cn>
 Jie Luo <luo612@zju.edu.cn>
 Jilles Oldenbeuving <ojilles@gmail.com>
+Jim Chen <njucjc@gmail.com>
 Jim Galasyn <jim.galasyn@docker.com>
 Jim Lin <b04705003@ntu.edu.tw>
 Jimmy Leger <jimmy.leger@gmail.com>
@@ -393,6 +442,7 @@ John Willis <john.willis@docker.com>
 Jon Johnson <jonjohnson@google.com>
 Jon Zeolla <zeolla@gmail.com>
 Jonatas Baldin <jonatas.baldin@gmail.com>
+Jonathan A. Sternberg <jonathansternberg@gmail.com>
 Jonathan Boulle <jonathanboulle@gmail.com>
 Jonathan Lee <jonjohn1232009@gmail.com>
 Jonathan Lomas <jonathan@floatinglomas.ca>
@@ -408,10 +458,13 @@ Josh Chorlton <jchorlton@gmail.com>
 Josh Hawn <josh.hawn@docker.com>
 Josh Horwitz <horwitz@addthis.com>
 Josh Soref <jsoref@gmail.com>
+Julian <gitea+julian@ic.thejulian.uk>
 Julien Barbier <write0@gmail.com>
 Julien Kassar <github@kassisol.com>
 Julien Maitrehenry <julien.maitrehenry@me.com>
+Julio Cesar Garcia <juliogarciamelgarejo@gmail.com>
 Justas Brazauskas <brazauskasjustas@gmail.com>
+Justin Chadwell <me@jedevc.com>
 Justin Cormack <justin.cormack@docker.com>
 Justin Simonelis <justin.p.simonelis@gmail.com>
 Justyn Temme <justyntemme@gmail.com>
@@ -434,7 +487,7 @@ Kelton Bassingthwaite <KeltonBassingthwaite@gmail.com>
 Ken Cochrane <kencochrane@gmail.com>
 Ken ICHIKAWA <ichikawa.ken@jp.fujitsu.com>
 Kenfe-Mickaël Laventure <mickael.laventure@gmail.com>
-Kevin Alvarez <crazy-max@users.noreply.github.com>
+Kevin Alvarez <github@crazymax.dev>
 Kevin Burke <kev@inburke.com>
 Kevin Feyrer <kevin.feyrer@btinternet.com>
 Kevin Kern <kaiwentan@harmonycloud.cn>
@@ -445,6 +498,7 @@ Kevin Woblick <mail@kovah.de>
 khaled souf <khaled.souf@gmail.com>
 Kim Eik <kim@heldig.org>
 Kir Kolyshkin <kolyshkin@gmail.com>
+Kirill A. Korinsky <kirill@korins.ky>
 Kotaro Yoshimatsu <kotaro.yoshimatsu@gmail.com>
 Krasi Georgiev <krasi@vip-consult.solutions>
 Kris-Mikael Krister <krismikael@protonmail.com>
@@ -453,19 +507,23 @@ Kunal Kushwaha <kushwaha_kunal_v7@lab.ntt.co.jp>
 Kyle Mitofsky <Kylemit@gmail.com>
 Lachlan Cooper <lachlancooper@gmail.com>
 Lai Jiangshan <jiangshanlai@gmail.com>
+Lajos Papp <lajos.papp@sequenceiq.com>
 Lars Kellogg-Stedman <lars@redhat.com>
+Laura Brehm <laurabrehm@hey.com>
 Laura Frank <ljfrank@gmail.com>
 Laurent Erignoux <lerignoux@gmail.com>
+Laurent Goderre <laurent.goderre@docker.com>
 Lee Gaines <eightlimbed@gmail.com>
 Lei Jitang <leijitang@huawei.com>
 Lennie <github@consolejunkie.net>
+lentil32 <lentil32@icloud.com>
 Leo Gallucci <elgalu3@gmail.com>
 Leonid Skorospelov <leosko94@gmail.com>
 Lewis Daly <lewisdaly@me.com>
+Li Fu Bang <lifubang@acmcoder.com>
 Li Yi <denverdino@gmail.com>
-Li Yi <weiyuan.yl@alibaba-inc.com>
+Li Zeghong <zeghong@hotmail.com>
 Liang-Chi Hsieh <viirya@gmail.com>
-Lifubang <lifubang@acmcoder.com>
 Lihua Tang <lhtang@alauda.io>
 Lily Guo <lily.guo@docker.com>
 Lin Lu <doraalin@163.com>
@@ -477,9 +535,11 @@ lixiaobing10051267 <li.xiaobing1@zte.com.cn>
 Lloyd Dewolf <foolswisdom@gmail.com>
 Lorenzo Fontana <lo@linux.com>
 Louis Opter <kalessin@kalessin.fr>
+Lovekesh Kumar <lovekesh.kumar@rtcamp.com>
 Luca Favatella <luca.favatella@erlang-solutions.com>
 Luca Marturana <lucamarturana@gmail.com>
 Lucas Chan <lucas-github@lucaschan.com>
+Luis Henrique Mulinari <luis.mulinari@gmail.com>
 Luka Hartwig <mail@lukahartwig.de>
 Lukas Heeren <lukas-heeren@hotmail.com>
 Lukasz Zajaczkowski <Lukasz.Zajaczkowski@ts.fujitsu.com>
@@ -498,10 +558,12 @@ mapk0y <mapk0y@gmail.com>
 Marc Bihlmaier <marc.bihlmaier@reddoxx.com>
 Marc Cornellà <hello@mcornella.com>
 Marco Mariani <marco.mariani@alterway.fr>
+Marco Spiess <marco.spiess@hotmail.de>
 Marco Vedovati <mvedovati@suse.com>
 Marcus Martins <marcus@docker.com>
 Marianna Tessel <mtesselh@gmail.com>
 Marius Ileana <marius.ileana@gmail.com>
+Marius Meschter <marius@meschter.me>
 Marius Sturm <marius@graylog.com>
 Mark Oates <fl0yd@me.com>
 Marsh Macy <marsma@microsoft.com>
@@ -510,6 +572,7 @@ Mary Anthony <mary.anthony@docker.com>
 Mason Fish <mason.fish@docker.com>
 Mason Malone <mason.malone@gmail.com>
 Mateusz Major <apkd@users.noreply.github.com>
+Mathias Duedahl <64321057+Lussebullen@users.noreply.github.com>
 Mathieu Champlon <mathieu.champlon@docker.com>
 Mathieu Rollet <matletix@gmail.com>
 Matt Gucci <matt9ucci@gmail.com>
@@ -517,11 +580,15 @@ Matt Robenolt <matt@ydekproductions.com>
 Matteo Orefice <matteo.orefice@bites4bits.software>
 Matthew Heon <mheon@redhat.com>
 Matthieu Hauglustaine <matt.hauglustaine@gmail.com>
+Matthieu MOREL <matthieu.morel35@gmail.com>
 Mauro Porras P <mauroporrasp@gmail.com>
 Max Shytikov <mshytikov@gmail.com>
+Max-Julian Pogner <max-julian@pogner.at>
 Maxime Petazzoni <max@signalfuse.com>
 Maximillian Fan Xavier <maximillianfx@gmail.com>
 Mei ChunTao <mei.chuntao@zte.com.cn>
+Melroy van den Berg <melroy@melroy.org>
+Mert Şişmanoğlu <mert190737fb@gmail.com>
 Metal <2466052+tedhexaflow@users.noreply.github.com>
 Micah Zoltu <micah@newrelic.com>
 Michael A. Smith <michael@smith-li.com>
@@ -534,6 +601,7 @@ Michael Prokop <github@michael-prokop.at>
 Michael Scharf <github@scharf.gr>
 Michael Spetsiotis <michael_spets@hotmail.com>
 Michael Steinert <mike.steinert@gmail.com>
+Michael Tews <michael@tews.dev>
 Michael West <mwest@mdsol.com>
 Michal Minář <miminar@redhat.com>
 Michał Czeraszkiewicz <czerasz@gmail.com>
@@ -554,7 +622,9 @@ Mindaugas Rukas <momomg@gmail.com>
 Miroslav Gula <miroslav.gula@naytrolabs.com>
 Misty Stanley-Jones <misty@docker.com>
 Mohammad Banikazemi <mb@us.ibm.com>
+Mohammad Hossein <mhm98035@gmail.com>
 Mohammed Aaqib Ansari <maaquib@gmail.com>
+Mohammed Aminu Futa <mohammedfuta2000@gmail.com>
 Mohini Anne Dsouza <mohini3917@gmail.com>
 Moorthy RS <rsmoorthy@gmail.com>
 Morgan Bauer <mbauer@us.ibm.com>
@@ -581,6 +651,7 @@ Nathan McCauley <nathan.mccauley@docker.com>
 Neil Peterson <neilpeterson@outlook.com>
 Nick Adcock <nick.adcock@docker.com>
 Nick Santos <nick.santos@docker.com>
+Nick Sieger <nick@nicksieger.com>
 Nico Stapelbroek <nstapelbroek@gmail.com>
 Nicola Kabar <nicolaka@gmail.com>
 Nicolas Borboën <ponsfrilus@gmail.com>
@@ -588,11 +659,14 @@ Nicolas De Loof <nicolas.deloof@gmail.com>
 Nikhil Chawla <chawlanikhil24@gmail.com>
 Nikolas Garofil <nikolas.garofil@uantwerpen.be>
 Nikolay Milovanov <nmil@itransformers.net>
+NinaLua <iturf@sina.cn>
 Nir Soffer <nsoffer@redhat.com>
 Nishant Totla <nishanttotla@gmail.com>
 NIWA Hideyuki <niwa.niwa@nifty.ne.jp>
+Noah Silas <noah@hustle.com>
 Noah Treuhaft <noah.treuhaft@docker.com>
 O.S. Tezer <ostezer@gmail.com>
+Oded Arbel <oded@geek.co.il>
 Odin Ugedal <odin@ugedal.com>
 ohmystack <jun.jiang02@ele.me>
 OKA Naoya <git@okanaoya.com>
@@ -604,19 +678,23 @@ Otto Kekäläinen <otto@seravo.fi>
 Ovidio Mallo <ovidio.mallo@gmail.com>
 Pascal Borreli <pascal@borreli.com>
 Patrick Böänziger <patrick.baenziger@bsi-software.com>
+Patrick Daigle <114765035+pdaig@users.noreply.github.com>
 Patrick Hemmer <patrick.hemmer@gmail.com>
 Patrick Lang <plang@microsoft.com>
+Patrick St. laurent <patrick@saint-laurent.us>
 Paul <paul9869@gmail.com>
 Paul Kehrer <paul.l.kehrer@gmail.com>
 Paul Lietar <paul@lietar.net>
 Paul Mulders <justinkb@gmail.com>
+Paul Rogalski <mail@paul-rogalski.de>
+Paul Seyfert <pseyfert.mathphys@gmail.com>
 Paul Weaver <pauweave@cisco.com>
 Pavel Pospisil <pospispa@gmail.com>
 Paweł Gronowski <pawel.gronowski@docker.com>
 Paweł Pokrywka <pepawel@users.noreply.github.com>
 Paweł Szczekutowicz <pszczekutowicz@gmail.com>
 Peeyush Gupta <gpeeyush@linux.vnet.ibm.com>
-Per Lundberg <per.lundberg@ecraft.com>
+Per Lundberg <perlun@gmail.com>
 Peter Dave Hello <hsu@peterdavehello.org>
 Peter Edge <peter.edge@gmail.com>
 Peter Hsu <shhsu@microsoft.com>
@@ -630,7 +708,6 @@ Philip Alexander Etling <paetling@gmail.com>
 Philipp Gillé <philipp.gille@gmail.com>
 Philipp Schmied <pschmied@schutzwerk.com>
 Phong Tran <tran.pho@northeastern.edu>
-pidster <pid@pidster.com>
 Pieter E Smit <diepes@github.com>
 pixelistik <pixelistik@users.noreply.github.com>
 Pratik Karki <prertik@outlook.com>
@@ -639,6 +716,7 @@ Preston Cowley <preston.cowley@sony.com>
 Pure White <daniel48@126.com>
 Qiang Huang <h.huangqiang@huawei.com>
 Qinglan Peng <qinglanpeng@zju.edu.cn>
+QQ喵 <gqqnb2005@gmail.com>
 qudongfang <qudongfang@gmail.com>
 Raghavendra K T <raghavendra.kt@linux.vnet.ibm.com>
 Rahul Kadyan <hi@znck.me>
@@ -657,6 +735,7 @@ Rick Wieman <git@rickw.nl>
 Ritesh H Shukla <sritesh@vmware.com>
 Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 Rob Gulewich <rgulewich@netflix.com>
+Rob Murray <rob.murray@docker.com>
 Robert Wallis <smilingrob@gmail.com>
 Robin Naundorf <r.naundorf@fh-muenster.de>
 Robin Speekenbrink <robin@kingsquare.nl>
@@ -670,6 +749,7 @@ Rory Hunter <roryhunter2@gmail.com>
 Ross Boucher <rboucher@gmail.com>
 Rubens Figueiredo <r.figueiredo.52@gmail.com>
 Rui Cao <ruicao@alauda.io>
+Rui JingAn <quiterace@gmail.com>
 Ryan Belgrave <rmb1993@gmail.com>
 Ryan Detzel <ryan.detzel@gmail.com>
 Ryan Stelly <ryan.stelly@live.com>
@@ -687,8 +767,10 @@ Samuel Cochran <sj26@sj26.com>
 Samuel Karp <skarp@amazon.com>
 Sandro Jäckel <sandro.jaeckel@gmail.com>
 Santhosh Manohar <santhosh@docker.com>
+Sarah Sanders <sarah.sanders@docker.com>
 Sargun Dhillon <sargun@netflix.com>
 Saswat Bhattacharya <sas.saswat@gmail.com>
+Saurabh Kumar <saurabhkumar0184@gmail.com>
 Scott Brenner <scott@scottbrenner.me>
 Scott Collier <emailscottcollier@gmail.com>
 Sean Christopherson <sean.j.christopherson@intel.com>
@@ -718,6 +800,7 @@ Spencer Brown <spencer@spencerbrown.org>
 Spring Lee <xi.shuai@outlook.com>
 squeegels <lmscrewy@gmail.com>
 Srini Brahmaroutu <srbrahma@us.ibm.com>
+Stavros Panakakis <stavrospanakakis@gmail.com>
 Stefan S. <tronicum@user.github.com>
 Stefan Scherer <stefan.scherer@docker.com>
 Stefan Weil <sw@weilnetz.de>
@@ -728,6 +811,7 @@ Steve Durrheimer <s.durrheimer@gmail.com>
 Steve Richards <steve.richards@docker.com>
 Steven Burgess <steven.a.burgess@hotmail.com>
 Stoica-Marcu Floris-Andrei <floris.sm@gmail.com>
+Stuart Williams <pid@pidster.com>
 Subhajit Ghosh <isubuz.g@gmail.com>
 Sun Jianbo <wonderflow.sun@gmail.com>
 Sune Keller <absukl@almbrand.dk>
@@ -762,6 +846,7 @@ Tim Hockin <thockin@google.com>
 Tim Sampson <tim@sampson.fi>
 Tim Smith <timbot@google.com>
 Tim Waugh <twaugh@redhat.com>
+Tim Welsh <timothy.welsh@docker.com>
 Tim Wraight <tim.wraight@tangentlabs.co.uk>
 timfeirg <kkcocogogo@gmail.com>
 Timothy Hobbs <timothyhobbs@seznam.cz>
@@ -788,6 +873,7 @@ uhayate <uhayate.gong@daocloud.io>
 Ulrich Bareth <ulrich.bareth@gmail.com>
 Ulysses Souza <ulysses.souza@docker.com>
 Umesh Yadav <umesh4257@gmail.com>
+Vaclav Struhar <struharv@gmail.com>
 Valentin Lorentz <progval+git@progval.net>
 Vardan Pogosian <vardan.pogosyan@gmail.com>
 Venkateswara Reddy Bukkasamudram <bukkasamudram@outlook.com>
@@ -795,6 +881,7 @@ Veres Lajos <vlajos@gmail.com>
 Victor Vieux <victor.vieux@docker.com>
 Victoria Bialas <victoria.bialas@docker.com>
 Viktor Stanchev <me@viktorstanchev.com>
+Ville Skyttä <ville.skytta@iki.fi>
 Vimal Raghubir <vraghubir0418@gmail.com>
 Vincent Batts <vbatts@redhat.com>
 Vincent Bernat <Vincent.Bernat@exoscale.ch>
@@ -812,9 +899,11 @@ Wang Yumu <37442693@qq.com>
 Wataru Ishida <ishida.wataru@lab.ntt.co.jp>
 Wayne Song <wsong@docker.com>
 Wen Cheng Ma <wenchma@cn.ibm.com>
+Wenlong Zhang <zhangwenlong@loongson.cn>
 Wenzhi Liang <wenzhi.liang@gmail.com>
 Wes Morgan <cap10morgan@gmail.com>
 Wewang Xiaorenfine <wang.xiaoren@zte.com.cn>
+Will Wang <willww64@gmail.com>
 William Henry <whenry@redhat.com>
 Xianglin Gao <xlgao@zju.edu.cn>
 Xiaodong Liu <liuxiaodong@loongson.cn>
@@ -831,6 +920,7 @@ Yong Tang <yong.tang.github@outlook.com>
 Yosef Fertel <yfertel@gmail.com>
 Yu Peng <yu.peng36@zte.com.cn>
 Yuan Sun <sunyuan3@huawei.com>
+Yucheng Wu <wyc123wyc@gmail.com>
 Yue Zhang <zy675793960@yeah.net>
 Yunxiang Huang <hyxqshk@vip.qq.com>
 Zachary Romero <zacromero3@gmail.com>
@@ -842,11 +932,14 @@ Zhang Wei <zhangwei555@huawei.com>
 Zhang Wentao <zhangwentao234@huawei.com>
 ZhangHang <stevezhang2014@gmail.com>
 zhenghenghuo <zhenghenghuo@zju.edu.cn>
+Zhiwei Liang <zliang@akamai.com>
 Zhou Hao <zhouhao@cn.fujitsu.com>
 Zhoulin Xie <zhoulin.xie@daocloud.io>
 Zhu Guihua <zhugh.fnst@cn.fujitsu.com>
+Zhuo Zhi <h.dwwwwww@gmail.com>
 Álex González <agonzalezro@gmail.com>
 Álvaro Lázaro <alvaro.lazaro.g@gmail.com>
 Átila Camurça Alves <camurca.home@gmail.com>
 Александр Менщиков <__Singleton__@hackerdom.ru>
 徐俊杰 <paco.xu@daocloud.io>
+林博仁 Buo-ren Lin <Buo.Ren.Lin@gmail.com>
diff --git a/vendor/github.com/docker/cli/NOTICE b/vendor/github.com/docker/cli/NOTICE
index 58b19b6d15..1c40faaec6 100644
--- a/vendor/github.com/docker/cli/NOTICE
+++ b/vendor/github.com/docker/cli/NOTICE
@@ -14,6 +14,6 @@ United States and other governments.
 It is your responsibility to ensure that your use and/or transfer does not
 violate applicable laws.
 
-For more information, please see https://www.bis.doc.gov
+For more information, see https://www.bis.doc.gov
 
 See also https://www.apache.org/dev/crypto.html and/or seek legal counsel.
diff --git a/vendor/github.com/docker/cli/cli/config/config.go b/vendor/github.com/docker/cli/cli/config/config.go
index b7c05c3f86..5a63780509 100644
--- a/vendor/github.com/docker/cli/cli/config/config.go
+++ b/vendor/github.com/docker/cli/cli/config/config.go
@@ -4,44 +4,37 @@ import (
 	"fmt"
 	"io"
 	"os"
+	"os/user"
 	"path/filepath"
+	"runtime"
 	"strings"
 	"sync"
 
 	"github.com/docker/cli/cli/config/configfile"
 	"github.com/docker/cli/cli/config/credentials"
 	"github.com/docker/cli/cli/config/types"
-	"github.com/docker/docker/pkg/homedir"
-	"github.com/pkg/errors"
 )
 
 const (
-	// ConfigFileName is the name of config file
+	// EnvOverrideConfigDir is the name of the environment variable that can be
+	// used to override the location of the client configuration files (~/.docker).
+	//
+	// It takes priority over the default, but can be overridden by the "--config"
+	// command line option.
+	EnvOverrideConfigDir = "DOCKER_CONFIG"
+
+	// ConfigFileName is the name of the client configuration file inside the
+	// config-directory.
 	ConfigFileName = "config.json"
 	configFileDir  = ".docker"
-	oldConfigfile  = ".dockercfg" // Deprecated: remove once we stop printing deprecation warning
 	contextsDir    = "contexts"
 )
 
 var (
 	initConfigDir = new(sync.Once)
 	configDir     string
-	homeDir       string
 )
 
-// resetHomeDir is used in testing to reset the "homeDir" package variable to
-// force re-lookup of the home directory between tests.
-func resetHomeDir() {
-	homeDir = ""
-}
-
-func getHomeDir() string {
-	if homeDir == "" {
-		homeDir = homedir.Get()
-	}
-	return homeDir
-}
-
 // resetConfigDir is used in testing to reset the "configDir" package variable
 // and its sync.Once to force re-lookup between tests.
 func resetConfigDir() {
@@ -49,19 +42,45 @@ func resetConfigDir() {
 	initConfigDir = new(sync.Once)
 }
 
-func setConfigDir() {
-	if configDir != "" {
-		return
-	}
-	configDir = os.Getenv("DOCKER_CONFIG")
-	if configDir == "" {
-		configDir = filepath.Join(getHomeDir(), configFileDir)
+// getHomeDir returns the home directory of the current user with the help of
+// environment variables depending on the target operating system.
+// Returned path should be used with "path/filepath" to form new paths.
+//
+// On non-Windows platforms, it falls back to nss lookups, if the home
+// directory cannot be obtained from environment-variables.
+//
+// If linking statically with cgo enabled against glibc, ensure the
+// osusergo build tag is used.
+//
+// If needing to do nss lookups, do not disable cgo or set osusergo.
+//
+// getHomeDir is a copy of [pkg/homedir.Get] to prevent adding docker/docker
+// as dependency for consumers that only need to read the config-file.
+//
+// [pkg/homedir.Get]: https://pkg.go.dev/github.com/docker/docker@v28.0.3+incompatible/pkg/homedir#Get
+func getHomeDir() string {
+	home, _ := os.UserHomeDir()
+	if home == "" && runtime.GOOS != "windows" {
+		if u, err := user.Current(); err == nil {
+			return u.HomeDir
+		}
 	}
+	return home
+}
+
+// Provider defines an interface for providing the CLI config.
+type Provider interface {
+	ConfigFile() *configfile.ConfigFile
 }
 
 // Dir returns the directory the configuration file is stored in
 func Dir() string {
-	initConfigDir.Do(setConfigDir)
+	initConfigDir.Do(func() {
+		configDir = os.Getenv(EnvOverrideConfigDir)
+		if configDir == "" {
+			configDir = filepath.Join(getHomeDir(), configFileDir)
+		}
+	})
 	return configDir
 }
 
@@ -72,6 +91,8 @@ func ContextStoreDir() string {
 
 // SetDir sets the directory the configuration file is stored in
 func SetDir(dir string) {
+	// trigger the sync.Once to synchronise with Dir()
+	initConfigDir.Do(func() {})
 	configDir = filepath.Clean(dir)
 }
 
@@ -79,13 +100,13 @@ func SetDir(dir string) {
 func Path(p ...string) (string, error) {
 	path := filepath.Join(append([]string{Dir()}, p...)...)
 	if !strings.HasPrefix(path, Dir()+string(filepath.Separator)) {
-		return "", errors.Errorf("path %q is outside of root config directory %q", path, Dir())
+		return "", fmt.Errorf("path %q is outside of root config directory %q", path, Dir())
 	}
 	return path, nil
 }
 
 // LoadFromReader is a convenience function that creates a ConfigFile object from
-// a reader
+// a reader. It returns an error if configData is malformed.
 func LoadFromReader(configData io.Reader) (*configfile.ConfigFile, error) {
 	configFile := configfile.ConfigFile{
 		AuthConfigs: make(map[string]types.AuthConfig),
@@ -94,57 +115,59 @@ func LoadFromReader(configData io.Reader) (*configfile.ConfigFile, error) {
 	return &configFile, err
 }
 
-// Load reads the configuration files in the given directory, and sets up
-// the auth config information and returns values.
-// FIXME: use the internal golang config parser
+// Load reads the configuration file ([ConfigFileName]) from the given directory.
+// If no directory is given, it uses the default [Dir]. A [*configfile.ConfigFile]
+// is returned containing the contents of the configuration file, or a default
+// struct if no configfile exists in the given location.
+//
+// Load returns an error if a configuration file exists in the given location,
+// but cannot be read, or is malformed. Consumers must handle errors to prevent
+// overwriting an existing configuration file.
 func Load(configDir string) (*configfile.ConfigFile, error) {
-	cfg, _, err := load(configDir)
-	return cfg, err
-}
-
-// TODO remove this temporary hack, which is used to warn about the deprecated ~/.dockercfg file
-// so we can remove the bool return value and collapse this back into `Load`
-func load(configDir string) (*configfile.ConfigFile, bool, error) {
-	printLegacyFileWarning := false
-
 	if configDir == "" {
 		configDir = Dir()
 	}
+	return load(configDir)
+}
 
+func load(configDir string) (*configfile.ConfigFile, error) {
 	filename := filepath.Join(configDir, ConfigFileName)
 	configFile := configfile.New(filename)
 
-	// Try happy path first - latest config file
-	if file, err := os.Open(filename); err == nil {
-		defer file.Close()
-		err = configFile.LoadFromReader(file)
-		if err != nil {
-			err = errors.Wrap(err, filename)
+	file, err := os.Open(filename)
+	if err != nil {
+		if os.IsNotExist(err) {
+			// It is OK for no configuration file to be present, in which
+			// case we return a default struct.
+			return configFile, nil
 		}
-		return configFile, printLegacyFileWarning, err
-	} else if !os.IsNotExist(err) {
-		// if file is there but we can't stat it for any reason other
-		// than it doesn't exist then stop
-		return configFile, printLegacyFileWarning, errors.Wrap(err, filename)
+		// Any other error happening when failing to read the file must be returned.
+		return configFile, fmt.Errorf("loading config file: %w", err)
 	}
-
-	// Can't find latest config file so check for the old one
-	filename = filepath.Join(getHomeDir(), oldConfigfile)
-	if _, err := os.Stat(filename); err == nil {
-		printLegacyFileWarning = true
+	defer func() { _ = file.Close() }()
+	err = configFile.LoadFromReader(file)
+	if err != nil {
+		err = fmt.Errorf("parsing config file (%s): %w", filename, err)
 	}
-	return configFile, printLegacyFileWarning, nil
+	return configFile, err
 }
 
 // LoadDefaultConfigFile attempts to load the default config file and returns
-// an initialized ConfigFile struct if none is found.
+// a reference to the ConfigFile struct. If none is found or when failing to load
+// the configuration file, it initializes a default ConfigFile struct. If no
+// credentials-store is set in the configuration file, it attempts to discover
+// the default store to use for the current platform.
+//
+// Important: LoadDefaultConfigFile prints a warning to stderr when failing to
+// load the configuration file, but otherwise ignores errors. Consumers should
+// consider using [Load] (and [credentials.DetectDefaultStore]) to detect errors
+// when updating the configuration file, to prevent discarding a (malformed)
+// configuration file.
 func LoadDefaultConfigFile(stderr io.Writer) *configfile.ConfigFile {
-	configFile, printLegacyFileWarning, err := load(Dir())
+	configFile, err := load(Dir())
 	if err != nil {
-		fmt.Fprintf(stderr, "WARNING: Error loading config file: %v\n", err)
-	}
-	if printLegacyFileWarning {
-		_, _ = fmt.Fprintln(stderr, "WARNING: Support for the legacy ~/.dockercfg configuration file and file-format has been removed and the configuration file will be ignored")
+		// FIXME(thaJeztah): we should not proceed here to prevent overwriting existing (but malformed) config files; see https://github.com/docker/cli/issues/5075
+		_, _ = fmt.Fprintln(stderr, "WARNING: Error", err)
 	}
 	if !configFile.ContainsAuth() {
 		configFile.CredentialsStore = credentials.DetectDefaultStore(configFile.CredentialsStore)
diff --git a/vendor/github.com/docker/cli/cli/config/configfile/file.go b/vendor/github.com/docker/cli/cli/config/configfile/file.go
index 5db7f8b827..fab3ed4cba 100644
--- a/vendor/github.com/docker/cli/cli/config/configfile/file.go
+++ b/vendor/github.com/docker/cli/cli/config/configfile/file.go
@@ -3,14 +3,16 @@ package configfile
 import (
 	"encoding/base64"
 	"encoding/json"
+	"errors"
+	"fmt"
 	"io"
 	"os"
 	"path/filepath"
 	"strings"
 
 	"github.com/docker/cli/cli/config/credentials"
+	"github.com/docker/cli/cli/config/memorystore"
 	"github.com/docker/cli/cli/config/types"
-	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 )
 
@@ -36,13 +38,38 @@ type ConfigFile struct {
 	NodesFormat          string                       `json:"nodesFormat,omitempty"`
 	PruneFilters         []string                     `json:"pruneFilters,omitempty"`
 	Proxies              map[string]ProxyConfig       `json:"proxies,omitempty"`
-	Experimental         string                       `json:"experimental,omitempty"`
 	CurrentContext       string                       `json:"currentContext,omitempty"`
 	CLIPluginsExtraDirs  []string                     `json:"cliPluginsExtraDirs,omitempty"`
 	Plugins              map[string]map[string]string `json:"plugins,omitempty"`
 	Aliases              map[string]string            `json:"aliases,omitempty"`
+	Features             map[string]string            `json:"features,omitempty"`
 }
 
+type configEnvAuth struct {
+	Auth string `json:"auth"`
+}
+
+type configEnv struct {
+	AuthConfigs map[string]configEnvAuth `json:"auths"`
+}
+
+// DockerEnvConfigKey is an environment variable that contains a JSON encoded
+// credential config. It only supports storing the credentials as a base64
+// encoded string in the format base64("username:pat").
+//
+// Adding additional fields will produce a parsing error.
+//
+// Example:
+//
+//	{
+//		"auths": {
+//			"example.test": {
+//				"auth": base64-encoded-username-pat
+//			}
+//		}
+//	}
+const DockerEnvConfigKey = "DOCKER_AUTH_CONFIG"
+
 // ProxyConfig contains proxy configuration settings
 type ProxyConfig struct {
 	HTTPProxy  string `json:"httpProxy,omitempty"`
@@ -94,6 +121,9 @@ func (configFile *ConfigFile) ContainsAuth() bool {
 
 // GetAuthConfigs returns the mapping of repo to auth configuration
 func (configFile *ConfigFile) GetAuthConfigs() map[string]types.AuthConfig {
+	if configFile.AuthConfigs == nil {
+		configFile.AuthConfigs = make(map[string]types.AuthConfig)
+	}
 	return configFile.AuthConfigs
 }
 
@@ -134,7 +164,7 @@ func (configFile *ConfigFile) SaveToWriter(writer io.Writer) error {
 // Save encodes and writes out all the authorization information
 func (configFile *ConfigFile) Save() (retErr error) {
 	if configFile.Filename == "" {
-		return errors.Errorf("Can't save config with empty filename")
+		return errors.New("can't save config with empty filename")
 	}
 
 	dir := filepath.Dir(configFile.Filename)
@@ -146,7 +176,8 @@ func (configFile *ConfigFile) Save() (retErr error) {
 		return err
 	}
 	defer func() {
-		temp.Close()
+		// ignore error as the file may already be closed when we reach this.
+		_ = temp.Close()
 		if retErr != nil {
 			if err := os.Remove(temp.Name()); err != nil {
 				logrus.WithError(err).WithField("file", temp.Name()).Debug("Error cleaning up temp file")
@@ -160,13 +191,19 @@ func (configFile *ConfigFile) Save() (retErr error) {
 	}
 
 	if err := temp.Close(); err != nil {
-		return errors.Wrap(err, "error closing temp file")
+		return fmt.Errorf("error closing temp file: %w", err)
 	}
 
-	// Handle situation where the configfile is a symlink
+	// Handle situation where the configfile is a symlink, and allow for dangling symlinks
 	cfgFile := configFile.Filename
-	if f, err := os.Readlink(cfgFile); err == nil {
+	if f, err := filepath.EvalSymlinks(cfgFile); err == nil {
 		cfgFile = f
+	} else if os.IsNotExist(err) {
+		// extract the path from the error if the configfile does not exist or is a dangling symlink
+		var pathError *os.PathError
+		if errors.As(err, &pathError) {
+			cfgFile = pathError.Path
+		}
 	}
 
 	// Try copying the current config file (if any) ownership and permissions
@@ -238,11 +275,11 @@ func decodeAuth(authStr string) (string, string, error) {
 		return "", "", err
 	}
 	if n > decLen {
-		return "", "", errors.Errorf("Something went wrong decoding auth config")
+		return "", "", errors.New("something went wrong decoding auth config")
 	}
 	userName, password, ok := strings.Cut(string(decoded), ":")
 	if !ok || userName == "" {
-		return "", "", errors.Errorf("Invalid auth configuration file")
+		return "", "", errors.New("invalid auth configuration file")
 	}
 	return userName, strings.Trim(password, "\x00"), nil
 }
@@ -250,10 +287,64 @@ func decodeAuth(authStr string) (string, string, error) {
 // GetCredentialsStore returns a new credentials store from the settings in the
 // configuration file
 func (configFile *ConfigFile) GetCredentialsStore(registryHostname string) credentials.Store {
+	store := credentials.NewFileStore(configFile)
+
 	if helper := getConfiguredCredentialStore(configFile, registryHostname); helper != "" {
-		return newNativeStore(configFile, helper)
+		store = newNativeStore(configFile, helper)
+	}
+
+	envConfig := os.Getenv(DockerEnvConfigKey)
+	if envConfig == "" {
+		return store
+	}
+
+	authConfig, err := parseEnvConfig(envConfig)
+	if err != nil {
+		_, _ = fmt.Fprintln(os.Stderr, "Failed to create credential store from DOCKER_AUTH_CONFIG: ", err)
+		return store
+	}
+
+	// use DOCKER_AUTH_CONFIG if set
+	// it uses the native or file store as a fallback to fetch and store credentials
+	envStore, err := memorystore.New(
+		memorystore.WithAuthConfig(authConfig),
+		memorystore.WithFallbackStore(store),
+	)
+	if err != nil {
+		_, _ = fmt.Fprintln(os.Stderr, "Failed to create credential store from DOCKER_AUTH_CONFIG: ", err)
+		return store
+	}
+
+	return envStore
+}
+
+func parseEnvConfig(v string) (map[string]types.AuthConfig, error) {
+	envConfig := &configEnv{}
+	decoder := json.NewDecoder(strings.NewReader(v))
+	decoder.DisallowUnknownFields()
+	if err := decoder.Decode(envConfig); err != nil && !errors.Is(err, io.EOF) {
+		return nil, err
+	}
+	if decoder.More() {
+		return nil, errors.New("DOCKER_AUTH_CONFIG does not support more than one JSON object")
+	}
+
+	authConfigs := make(map[string]types.AuthConfig)
+	for addr, envAuth := range envConfig.AuthConfigs {
+		if envAuth.Auth == "" {
+			return nil, fmt.Errorf("DOCKER_AUTH_CONFIG environment variable is missing key `auth` for %s", addr)
+		}
+		username, password, err := decodeAuth(envAuth.Auth)
+		if err != nil {
+			return nil, err
+		}
+		authConfigs[addr] = types.AuthConfig{
+			Username:      username,
+			Password:      password,
+			ServerAddress: addr,
+		}
 	}
-	return credentials.NewFileStore(configFile)
+	return authConfigs, nil
 }
 
 // var for unit testing.
@@ -299,6 +390,7 @@ func (configFile *ConfigFile) GetAllCredentials() (map[string]types.AuthConfig,
 	for registryHostname := range configFile.CredentialHelpers {
 		newAuth, err := configFile.GetAuthConfig(registryHostname)
 		if err != nil {
+			// TODO(thaJeztah): use context-logger, so that this output can be suppressed (in tests).
 			logrus.WithError(err).Warnf("Failed to get credentials for registry: %s", registryHostname)
 			continue
 		}
diff --git a/vendor/github.com/docker/cli/cli/config/configfile/file_unix.go b/vendor/github.com/docker/cli/cli/config/configfile/file_unix.go
index 353887547c..06b811e7d5 100644
--- a/vendor/github.com/docker/cli/cli/config/configfile/file_unix.go
+++ b/vendor/github.com/docker/cli/cli/config/configfile/file_unix.go
@@ -1,5 +1,4 @@
 //go:build !windows
-// +build !windows
 
 package configfile
 
diff --git a/vendor/github.com/docker/cli/cli/config/credentials/default_store.go b/vendor/github.com/docker/cli/cli/config/credentials/default_store.go
index 402235bff0..a36afc41f4 100644
--- a/vendor/github.com/docker/cli/cli/config/credentials/default_store.go
+++ b/vendor/github.com/docker/cli/cli/config/credentials/default_store.go
@@ -1,21 +1,22 @@
 package credentials
 
-import (
-	exec "golang.org/x/sys/execabs"
-)
+import "os/exec"
 
 // DetectDefaultStore return the default credentials store for the platform if
-// the store executable is available.
+// no user-defined store is passed, and the store executable is available.
 func DetectDefaultStore(store string) string {
-	platformDefault := defaultCredentialsStore()
-
-	// user defined or no default for platform
-	if store != "" || platformDefault == "" {
+	if store != "" {
+		// use user-defined
 		return store
 	}
 
-	if _, err := exec.LookPath(remoteCredentialsPrefix + platformDefault); err == nil {
-		return platformDefault
+	platformDefault := defaultCredentialsStore()
+	if platformDefault == "" {
+		return ""
+	}
+
+	if _, err := exec.LookPath(remoteCredentialsPrefix + platformDefault); err != nil {
+		return ""
 	}
-	return ""
+	return platformDefault
 }
diff --git a/vendor/github.com/docker/cli/cli/config/credentials/default_store_unsupported.go b/vendor/github.com/docker/cli/cli/config/credentials/default_store_unsupported.go
index c9630ea51b..40c16eb837 100644
--- a/vendor/github.com/docker/cli/cli/config/credentials/default_store_unsupported.go
+++ b/vendor/github.com/docker/cli/cli/config/credentials/default_store_unsupported.go
@@ -1,5 +1,4 @@
 //go:build !windows && !darwin && !linux
-// +build !windows,!darwin,!linux
 
 package credentials
 
diff --git a/vendor/github.com/docker/cli/cli/config/credentials/file_store.go b/vendor/github.com/docker/cli/cli/config/credentials/file_store.go
index de1c676e50..c69312b014 100644
--- a/vendor/github.com/docker/cli/cli/config/credentials/file_store.go
+++ b/vendor/github.com/docker/cli/cli/config/credentials/file_store.go
@@ -1,7 +1,12 @@
 package credentials
 
 import (
+	"fmt"
+	"net"
+	"net/url"
+	"os"
 	"strings"
+	"sync/atomic"
 
 	"github.com/docker/cli/cli/config/types"
 )
@@ -23,8 +28,13 @@ func NewFileStore(file store) Store {
 	return &fileStore{file: file}
 }
 
-// Erase removes the given credentials from the file store.
+// Erase removes the given credentials from the file store.This function is
+// idempotent and does not update the file if credentials did not change.
 func (c *fileStore) Erase(serverAddress string) error {
+	if _, exists := c.file.GetAuthConfigs()[serverAddress]; !exists {
+		// nothing to do; no credentials found for the given serverAddress
+		return nil
+	}
 	delete(c.file.GetAuthConfigs(), serverAddress)
 	return c.file.Save()
 }
@@ -50,31 +60,59 @@ func (c *fileStore) GetAll() (map[string]types.AuthConfig, error) {
 	return c.file.GetAuthConfigs(), nil
 }
 
-// Store saves the given credentials in the file store.
+// unencryptedWarning warns the user when using an insecure credential storage.
+// After a deprecation period, user will get prompted if stdin and stderr are a terminal.
+// Otherwise, we'll assume they want it (sadly), because people may have been scripting
+// insecure logins and we don't want to break them. Maybe they'll see the warning in their
+// logs and fix things.
+const unencryptedWarning = `
+WARNING! Your credentials are stored unencrypted in '%s'.
+Configure a credential helper to remove this warning. See
+https://docs.docker.com/go/credential-store/
+`
+
+// alreadyPrinted ensures that we only print the unencryptedWarning once per
+// CLI invocation (no need to warn the user multiple times per command).
+var alreadyPrinted atomic.Bool
+
+// Store saves the given credentials in the file store. This function is
+// idempotent and does not update the file if credentials did not change.
 func (c *fileStore) Store(authConfig types.AuthConfig) error {
-	c.file.GetAuthConfigs()[authConfig.ServerAddress] = authConfig
-	return c.file.Save()
-}
+	authConfigs := c.file.GetAuthConfigs()
+	if oldAuthConfig, ok := authConfigs[authConfig.ServerAddress]; ok && oldAuthConfig == authConfig {
+		// Credentials didn't change, so skip updating the configuration file.
+		return nil
+	}
+	authConfigs[authConfig.ServerAddress] = authConfig
+	if err := c.file.Save(); err != nil {
+		return err
+	}
 
-func (c *fileStore) GetFilename() string {
-	return c.file.GetFilename()
-}
+	if !alreadyPrinted.Load() && authConfig.Password != "" {
+		// Display a warning if we're storing the users password (not a token).
+		//
+		// FIXME(thaJeztah): make output configurable instead of hardcoding to os.Stderr
+		_, _ = fmt.Fprintln(os.Stderr, fmt.Sprintf(unencryptedWarning, c.file.GetFilename()))
+		alreadyPrinted.Store(true)
+	}
 
-func (c *fileStore) IsFileStore() bool {
-	return true
+	return nil
 }
 
 // ConvertToHostname converts a registry url which has http|https prepended
 // to just an hostname.
 // Copied from github.com/docker/docker/registry.ConvertToHostname to reduce dependencies.
-func ConvertToHostname(url string) string {
-	stripped := url
-	if strings.HasPrefix(url, "http://") {
-		stripped = strings.TrimPrefix(url, "http://")
-	} else if strings.HasPrefix(url, "https://") {
-		stripped = strings.TrimPrefix(url, "https://")
+func ConvertToHostname(maybeURL string) string {
+	stripped := maybeURL
+	if strings.Contains(stripped, "://") {
+		u, err := url.Parse(stripped)
+		if err == nil && u.Hostname() != "" {
+			if u.Port() == "" {
+				return u.Hostname()
+			}
+			return net.JoinHostPort(u.Hostname(), u.Port())
+		}
 	}
-
 	hostName, _, _ := strings.Cut(stripped, "/")
 	return hostName
 }
diff --git a/vendor/github.com/docker/cli/cli/config/credentials/native_store.go b/vendor/github.com/docker/cli/cli/config/credentials/native_store.go
index f9619b0381..b9af145b9d 100644
--- a/vendor/github.com/docker/cli/cli/config/credentials/native_store.go
+++ b/vendor/github.com/docker/cli/cli/config/credentials/native_store.go
@@ -51,6 +51,7 @@ func (c *nativeStore) Get(serverAddress string) (types.AuthConfig, error) {
 	auth.Username = creds.Username
 	auth.IdentityToken = creds.IdentityToken
 	auth.Password = creds.Password
+	auth.ServerAddress = creds.ServerAddress
 
 	return auth, nil
 }
@@ -76,6 +77,9 @@ func (c *nativeStore) GetAll() (map[string]types.AuthConfig, error) {
 		ac.Username = creds.Username
 		ac.Password = creds.Password
 		ac.IdentityToken = creds.IdentityToken
+		if ac.ServerAddress == "" {
+			ac.ServerAddress = creds.ServerAddress
+		}
 		authConfigs[registry] = ac
 	}
 
diff --git a/vendor/github.com/docker/cli/cli/config/memorystore/store.go b/vendor/github.com/docker/cli/cli/config/memorystore/store.go
new file mode 100644
index 0000000000..f8ec62b95a
--- /dev/null
+++ b/vendor/github.com/docker/cli/cli/config/memorystore/store.go
@@ -0,0 +1,131 @@
+// FIXME(thaJeztah): remove once we are a module; the go:build directive prevents go from downgrading language version to go1.16:
+//go:build go1.24
+
+package memorystore
+
+import (
+	"fmt"
+	"maps"
+	"os"
+	"sync"
+
+	"github.com/docker/cli/cli/config/credentials"
+	"github.com/docker/cli/cli/config/types"
+)
+
+// notFoundErr is the error returned when a plugin could not be found.
+type notFoundErr string
+
+func (notFoundErr) NotFound() {}
+
+func (e notFoundErr) Error() string {
+	return string(e)
+}
+
+var errValueNotFound notFoundErr = "value not found"
+
+type Config struct {
+	lock              sync.RWMutex
+	memoryCredentials map[string]types.AuthConfig
+	fallbackStore     credentials.Store
+}
+
+func (e *Config) Erase(serverAddress string) error {
+	e.lock.Lock()
+	defer e.lock.Unlock()
+	delete(e.memoryCredentials, serverAddress)
+
+	if e.fallbackStore != nil {
+		err := e.fallbackStore.Erase(serverAddress)
+		if err != nil {
+			_, _ = fmt.Fprintln(os.Stderr, "memorystore: ", err)
+		}
+	}
+
+	return nil
+}
+
+func (e *Config) Get(serverAddress string) (types.AuthConfig, error) {
+	e.lock.RLock()
+	defer e.lock.RUnlock()
+	authConfig, ok := e.memoryCredentials[serverAddress]
+	if !ok {
+		if e.fallbackStore != nil {
+			return e.fallbackStore.Get(serverAddress)
+		}
+		return types.AuthConfig{}, errValueNotFound
+	}
+	return authConfig, nil
+}
+
+func (e *Config) GetAll() (map[string]types.AuthConfig, error) {
+	e.lock.RLock()
+	defer e.lock.RUnlock()
+	creds := make(map[string]types.AuthConfig)
+
+	if e.fallbackStore != nil {
+		fileCredentials, err := e.fallbackStore.GetAll()
+		if err != nil {
+			_, _ = fmt.Fprintln(os.Stderr, "memorystore: ", err)
+		} else {
+			creds = fileCredentials
+		}
+	}
+
+	maps.Copy(creds, e.memoryCredentials)
+	return creds, nil
+}
+
+func (e *Config) Store(authConfig types.AuthConfig) error {
+	e.lock.Lock()
+	defer e.lock.Unlock()
+	e.memoryCredentials[authConfig.ServerAddress] = authConfig
+
+	if e.fallbackStore != nil {
+		return e.fallbackStore.Store(authConfig)
+	}
+	return nil
+}
+
+// WithFallbackStore sets a fallback store.
+//
+// Write operations will be performed on both the memory store and the
+// fallback store.
+//
+// Read operations will first check the memory store, and if the credential
+// is not found, it will then check the fallback store.
+//
+// Retrieving all credentials will return from both the memory store and the
+// fallback store, merging the results from both stores into a single map.
+//
+// Data stored in the memory store will take precedence over data in the
+// fallback store.
+func WithFallbackStore(store credentials.Store) Options {
+	return func(s *Config) error {
+		s.fallbackStore = store
+		return nil
+	}
+}
+
+// WithAuthConfig allows to set the initial credentials in the memory store.
+func WithAuthConfig(config map[string]types.AuthConfig) Options {
+	return func(s *Config) error {
+		s.memoryCredentials = config
+		return nil
+	}
+}
+
+type Options func(*Config) error
+
+// New creates a new in memory credential store
+func New(opts ...Options) (credentials.Store, error) {
+	m := &Config{
+		memoryCredentials: make(map[string]types.AuthConfig),
+	}
+	for _, opt := range opts {
+		if err := opt(m); err != nil {
+			return nil, err
+		}
+	}
+	return m, nil
+}
diff --git a/vendor/github.com/docker/cli/cli/config/types/authconfig.go b/vendor/github.com/docker/cli/cli/config/types/authconfig.go
index 056af6b842..9fe90003b1 100644
--- a/vendor/github.com/docker/cli/cli/config/types/authconfig.go
+++ b/vendor/github.com/docker/cli/cli/config/types/authconfig.go
@@ -6,11 +6,6 @@ type AuthConfig struct {
 	Password string `json:"password,omitempty"`
 	Auth     string `json:"auth,omitempty"`
 
-	// Email is an optional value associated with the username.
-	// This field is deprecated and will be removed in a later
-	// version of docker.
-	Email string `json:"email,omitempty"`
-
 	ServerAddress string `json:"serveraddress,omitempty"`
 
 	// IdentityToken is used to authenticate the user and get
diff --git a/vendor/modules.txt b/vendor/modules.txt
index c96f3bd5be..a48c94fd7e 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -75,11 +75,12 @@ github.com/distribution/distribution/v3/reference
 # github.com/distribution/reference v0.6.0
 ## explicit; go 1.20
 github.com/distribution/reference
-# github.com/docker/cli v24.0.0+incompatible
+# github.com/docker/cli v29.2.0+incompatible
 ## explicit
 github.com/docker/cli/cli/config
 github.com/docker/cli/cli/config/configfile
 github.com/docker/cli/cli/config/credentials
+github.com/docker/cli/cli/config/memorystore
 github.com/docker/cli/cli/config/types
 # github.com/docker/distribution v2.8.2+incompatible
 ## explicit