</p>

<pre>
type Pair[A, B any] struct {
	a A
	b B
}

func (p Pair[A, B]) Swap() Pair[B, A]  { … }  // receiver declares A, B
func (p Pair[First, _]) First() First  { … }  // receiver declares First, corresponds to A in Pair
</pre>

<h2 id="Expressions">Expressions</h2>

<p>
An expression specifies the computation of a value by applying
operators and functions to operands.

* 📝 Update `security/first-steps.md`. PR [#11674](https://github.com/tiangolo/fastapi/pull/11674) by [@alejsdev](https://github.com/alejsdev).
* 📝 Update `security/first-steps.md`. PR [#11673](https://github.com/tiangolo/fastapi/pull/11673) by [@alejsdev](https://github.com/alejsdev).

- Fixed a bug where startupProbe stopped working after a container's first restart ([#101093](https://github.com/kubernetes/kubernetes/pull/101093), [@wzshiming](https://github.com/wzshiming)) [SIG Node]

    <_comment>Temporary files created by MSOffice applications</_comment>
    <_comment>PRONOM fmt-473</_comment>
    <_comment>First byte and 53rd byte are the same -- the length of the name.</_comment>
    <_comment>Based on TIKA-2469, we've added a heuristic/wild guess that the first 10 chars</_comment>
    <_comment>after the length byte should be \x00 or a non-control character.</_comment>
    <magic priority="80">

  - kubelet v1.20.11
  - kubelet v1.19.15

This vulnerability was reported by Fabricio Voznika and Mark Wolters of Google.

**CVSS Rating:** High (8.8) [CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H](https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

## Changes by Kind

### Feature

  // a single attach. When stdin is true the stdin stream will remain open across multiple attach
  // sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the
  // first client attaches to stdin, and then remains open and accepts data until the client disconnects,
  // at which time stdin is closed and remains closed until the container is restarted. If this

* Only use the first IP address got from instance metadata. This is because Azure CNI would set up a list of IP addresses in instance metadata, while only the first one is the Node's IP. ([#71736](https://github.com/kubernetes/kubernetes/pull/71736), [@feiskyer](https://github.com/feiskyer))

### Action Required

* ACTION REQUIRED: In-place node upgrades to this release from versions 1.7.14, 1.8.9, and 1.9.4 are not supported if using subpath volumes with PVCs.  Such pods should be drained from the node first. ([#61373](https://github.com/kubernetes/kubernetes/pull/61373), [@msau42](https://github.com/msau42))

### Other notable changes

  - kubelet v1.25.13
  - kubelet v1.24.17

This vulnerability was reported by Tomer Peled @tomerpeled92


**CVSS Rating:** High (8.8) [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H](https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)


### CVE-2023-3955: Insufficient input sanitization on Windows nodes leads to privilege escalation

  
  Additionally, the FailureTarget condition is also added to the Job object in the first Job
  status update as soon as the failure conditions are met (backoffLimit is exceeded, maxFailedIndexes, 
  or activeDeadlineSeconds is exceeded).
  
  Similarly, the SuccessCriteriaMet condition is added in the first update as soon as the expected number
  of pod completions is reached.