private @Nullable AvlNode<E> right;
    /*
     * pred and succ are nullable after construction, but we always call successor() to initialize
     * them immediately thereafter.
     *
     * They may be subsequently nulled out by TreeMultiset.clear(). I think that the only place that
     * we can reference a node whose fields have been cleared is inside the iterator (and presumably
     * only under concurrent modification).
     *

    private @Nullable AvlNode<E> right;
    /*
     * pred and succ are nullable after construction, but we always call successor() to initialize
     * them immediately thereafter.
     *
     * They may be subsequently nulled out by TreeMultiset.clear(). I think that the only place that
     * we can reference a node whose fields have been cleared is inside the iterator (and presumably
     * only under concurrent modification).
     *

vulnerability exists in the NodeRestriction admission controller where node users can delete their corresponding node object by patching themselves with an OwnerReference to a cluster-scoped resource. If the OwnerReference resource does not exist or is subsequently deleted, the given node object will be deleted via garbage collection. By default, node users are authorized for create and patch requests but not delete requests against their node object. Since the NodeRestriction admission controller does not...

vulnerability exists in the NodeRestriction admission controller where node users can delete their corresponding node object by patching themselves with an OwnerReference to a cluster-scoped resource. If the OwnerReference resource does not exist or is subsequently deleted, the given node object will be deleted via garbage collection. By default, node users are authorized for create and patch requests but not delete requests against their node object. Since the NodeRestriction admission controller does not...

            return url;
        }
    }

    /**
     * Gets the character encoding for a parent URL from cache or data service.
     * Caches encoding information to improve performance on subsequent requests.
     *
     * @param parentUrl the parent URL to get encoding for
     * @param sessionId the session ID for the crawling session
     * @return the character encoding, or null if not found
     */

  /**
   * Returns a stream over the values in this array, in order.
   *
   * @since 33.4.0 (but since 22.0 in the JRE flavor)
   */
  // If users use this when they shouldn't, we hope that NewApi will catch subsequent stream calls
  @IgnoreJRERequirement
  public LongStream stream() {
    return Arrays.stream(array, start, end);
  }

  /** Returns a new, mutable copy of this array's values, as a primitive {@code long[]}. */

     * Parses client rule configuration string into a list of client name and pattern pairs.
     * The configuration string format is "clientName:pattern,clientName:pattern,..."
     * Results are cached to improve performance on subsequent calls.
     *
     * @param value the client rule configuration string
     * @return a list of pairs containing client names and their corresponding compiled patterns
     */

  /**
   * Records an exception so that it can be rethrown later in the test harness thread, triggering a
   * test case failure. Only the first failure is recorded; subsequent calls to this method from
   * within the same test have no effect.
   */
  public void threadRecordFailure(Throwable t) {
    threadFailure.compareAndSet(null, t);
  }

  @Override

 *  Fix: Don't leak file handles when a cache disk write fails.

 *  Fix: Don't hang when the public suffix database cannot be loaded. We had a bug where a failure
    reading the public suffix database would cause subsequent reads to hang when they should have
    crashed.

 *  Fix: Avoid `InetAddress.getCanonicalHostName()` in MockWebServer. This avoids problems if the
    host machine's IP address has additional DNS registrations.

- Added support in the kubelet's image pull credential tracking for service account-based verification. When an image was pulled using service account credentials via external credential providers, subsequent Pods using the same service account (UID, name, and namespace) could access the cached image without re-authentication for the lifetime of that service account. ([#132771](https://github.com/kubernetes/kubernetes/pull/132771), [@aramase](https:...