alertUnexpectedMessage            alert = 10
	alertBadRecordMAC                 alert = 20
	alertDecryptionFailed             alert = 21
	alertRecordOverflow               alert = 22
	alertDecompressionFailure         alert = 30
	alertHandshakeFailure             alert = 40
	alertBadCertificate               alert = 42
	alertUnsupportedCertificate       alert = 43
	alertCertificateRevoked           alert = 44

	annotation.SidecarTrafficIncludeOutboundIPRanges.Name: true,
}

var AlwaysIgnoredAnnotations = map[string]bool{
	// this annotation is set by default in istiod, don't alert on it.
	annotation.SidecarStatus.Name: true,

	// this annotation is set by controller, don't alert on it.
	annotation.GatewayControllerVersion.Name: true,

	// this annotation is added automatically.
	annotation.IoIstioRev.Name: true,

				</div>
			</div>
			<section class="content">
				<la:form action="/admin/upgrade/">
					<%-- Message: BEGIN --%>
					<div class="col-md-12">
						<la:info id="msg" message="true">
							<div class="alert alert-info">${msg}</div>
						</la:info>
						<la:errors />
					</div>
					<%-- Message: END --%>
					<div class="col-md-12">
						<div class="card card-outline card-primary">
							<div class="card-header">

		} else {
			var a alert
			c.out.Lock()
			if !errors.As(c.out.err, &a) {
				a = alertInternalError
			}
			c.out.Unlock()
			// Return an error which wraps both the handshake error and
			// any alert error we may have sent, or alertInternalError
			// if we didn't send an alert.
			// Truncate the text of the alert to 0 characters.

	err = t.ExecuteTemplate(out, "T", "<script>alert('you have been pwned')</script>")

produces

	Hello, <script>alert('you have been pwned')</script>!

but the contextual autoescaping in html/template

	import "html/template"
	...
	t, err := template.New("foo").Parse(`{{define "T"}}Hello, {{.}}!{{end}}`)
	err = t.ExecuteTemplate(out, "T", "<script>alert('you have been pwned')</script>")

	// Delay is the sleep multiplier.
	Delay float64 `json:"delay"`

	// Sleep always or based on incoming S3 requests.
	IdleMode int32 // 0 => on, 1 => off

	// Alert upon this many excess object versions
	ExcessVersions int64 // 100

	// Alert upon this many excess sub-folders per folder in an erasure set.
	ExcessFolders int64 // 50000

	// MaxWait is maximum wait time between operations
	MaxWait time.Duration

	if err == nil {
		return nil
	}
	var ae AlertError
	if errors.As(err, &ae) {
		return err
	}
	var a alert
	if !errors.As(err, &a) {
		a = alertInternalError
	}
	// Return an error wrapping the original error and an AlertError.
	// Truncate the text of the alert to 0 characters.
	return fmt.Errorf("%w%.0w", err, AlertError(a))
}

func (c *Conn) quicReadHandshakeBytes(n int) error {

	// list of resources to ignore
	ignoredResources map[schema.GroupResource]struct{}

	// The period that should be used to re-sync the monitored resource
	resyncPeriod controller.ResyncPeriodFunc

	// callback to alert that a change may require quota recalculation
	replenishmentFunc ReplenishmentFunc

	// maintains list of evaluators
	registry quota.Registry

	updateFilter UpdateFilter
}

	// HTML.
	{"html", `{{html "<script>alert(\"XSS\");</script>"}}`,
		"&lt;script&gt;alert(&#34;XSS&#34;);&lt;/script&gt;", nil, true},
	{"html pipeline", `{{printf "<script>alert(\"XSS\");</script>" | html}}`,
		"&lt;script&gt;alert(&#34;XSS&#34;);&lt;/script&gt;", nil, true},
	{"html", `{{html .PS}}`, "a string", tVal, true},

link:https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-supply-chain-security[GitHub supply chain security] features will detect and alert about any dependencies that have known vulnerabilities.
In order to do this, GitHub requires a complete dependency graph for your project.