param("env.JDK8", javaHome(OpenJdk8, Os.LINUX))
            param("env.JDK11", javaHome(OpenJdk11, Os.LINUX))
            param("env.JDK17", javaHome(OpenJdk17, Os.LINUX))
            // Keep 21 and 25 for tests requiring it specifically: https://github.com/gradle/gradle/pull/35410#discussion_r2460835304
            param("env.JDK21", javaHome(OpenJdk21, Os.LINUX))
            param("env.JDK25", javaHome(OpenJdk25, Os.LINUX))

 * which is commonly used for Kerberos-based authentication in Windows environments.
 * It handles the negotiation between client and server to establish a secure
 * authentication context without requiring users to explicitly enter credentials.
 *
 * The authenticator supports various configuration options including delegation,
 * basic authentication fallback, and localhost authentication bypass.
 */

  @Override
  /*
   * This suppression is here for two reasons:
   *
   * 1. b/192354773 in our checker affects toArray declarations.
   *
   * 2. `other[size] = null` is unsound. We could "fix" this by requiring callers to pass in an
   * array with a nullable element type. But probably they usually want an array with a non-nullable
   * type. That said, we could *accept* a `@Nullable T[]` (which, given that we treat arrays as

  @Override
  /*
   * This suppression is here for two reasons:
   *
   * 1. b/192354773 in our checker affects toArray declarations.
   *
   * 2. `other[size] = null` is unsound. We could "fix" this by requiring callers to pass in an
   * array with a nullable element type. But probably they usually want an array with a non-nullable
   * type. That said, we could *accept* a `@Nullable T[]` (which, given that we treat arrays as

    //                                                                    ================

    /**
     * Testable subclass that bypasses ComponentUtil dependencies.
     * This allows testing the filter logic without requiring the DI container.
     */
    private static class TestableLoadControlFilter extends LoadControlFilter {
        private short cpuPercent = 0;
        private int webLoadControl = 0;

### Sub-dependencies { #sub-dependencies }

   *
   * @see Stream#findFirst()
   * @throws NullPointerException if the last element of the stream is null
   */
  /*
   * By declaring <T> instead of <T extends @Nullable Object>, we declare this method as requiring a
   * stream whose elements are non-null. However, the method goes out of its way to still handle
   * nulls in the stream. This means that the method can safely be used with a stream that contains

that allows it to track container images and the list of authentication information that leads to their successful pulls. This data is persisted across reboots of the host and restarts of the kubelet.
  
  The kubelet ensures any image requiring credential verification is always pulled if authentication information from an image pull is not yet present, thus enforcing authentication / re-authentication. This means an image pull might be attempted even in cases where a pod requests the `IfNotPresent`...

- Removed an inaccurate statement about requiring ports when the Pod spec `hostNetwork` field was set. ([#130994](https://github.com/kubernetes/kubernetes/pull/130994), [@BenTheElder](https://github.com/BenTheElder)) [SIG Network and Node]

   * "pass on" the signal to another thread. If it *was* signalled, then its guard must have been
   * satisfied at the time of signal, and has since been modified by some other thread to be
   * non-satisfied before reacquiring the lock, and that other thread takes over the responsibility
   * of signaling the next waiter.
   *
   * Unlike the underlying Condition, if we are not careful, an interrupt *can* cause a signal to be