"alias_priority": alias_priority,
                    "validation_alias": validation_alias,
                    "serialization_alias": serialization_alias,
                    "strict": strict,
                    "json_schema_extra": current_json_schema_extra,
                }
            )
            kwargs["pattern"] = pattern or regex
        else:
            kwargs["regex"] = pattern or regex

            strict(methodShouldNotBeAnnotatedMessage { type(TypeWithAnnotatedNonGetterMethods.canonicalName).kind('method').method('doSomething').annotation('Large').includeLink() }),
            strict(methodShouldNotBeAnnotatedMessage { type(TypeWithAnnotatedNonGetterMethods.canonicalName).kind('setter').method('setSomething').annotation('Large').includeLink() }),

						},
					},
				},
				{
					// There is only authN policy that enables mTLS (Strict).
					// The request should be denied because the client is always using plain text.
					name: "STRICT",
					config: `apiVersion: security.istio.io/v1beta1
kind: PeerAuthentication
metadata:
  name: mtls
spec:
  mtls:
    mode: STRICT`,
					expected: []expect{
						{
							port:              ports.TCPWorkloadOnly,

import spock.lang.Specification

class NodeStateTest extends Specification {

    int idIdx = 0
    NodeState root = nextNode()

    def "uses empty strict version constraints object if no strict versions are defined"() {
        Set<ModuleIdentifier> constraintsSet = []

        when:
        root.maybeCollectStrictVersions(constraintsSet, edge(root, false).dependencyState)

						{
							MatchType: &security.StringMatch_Presence{},
						},
					},
				},
			},
		})
	}

	// If we have a strict policy and all of the ports are strict, it's effectively a strict policy
	// so we can exit early and have the WorkloadRbac xDS server push its static strict policy.
	// Note that this doesn't actually attach the policy to any workload; it just makes it available
	// to ztunnel in case a workload needs it.

                "{\"bool\":{\"should\":[{\"geo_distance\":{\"location\":[151.0,35.0],\"distance\":1000.0,\"distance_type\":\"arc\",\"validation_method\":\"STRICT\",\"ignore_unmapped\":false,\"boost\":1.0}},{\"geo_distance\":{\"location\":[150.0,34.0],\"distance\":10000.0,\"distance_type\":\"arc\",\"validation_method\":\"STRICT\",\"ignore_unmapped\":false,\"boost\":1.0}}],\"adjust_pure_negative\":true,\"boost\":1.0}}";

    }

    public ScopedServiceRegistry(
        Class<? extends Scope> scope,
        boolean strict,
        String displayName,
        ServiceRegistry... parents
    ) {
        super(displayName, parents);
        addServiceValidator(scope, strict);
    }

    /**
     * Validator implements a special type of service ({@link AnnotatedServiceLifecycleHandler})

	// browserHSTSSeconds setting name for Strict-Transport-Security response header, amount of seconds for 'max-age'
	browserHSTSSeconds = "hsts_seconds"
	// browserHSTSIncludeSubdomains setting name for Strict-Transport-Security response header 'includeSubDomains' flag (true or false)
	browserHSTSIncludeSubdomains = "hsts_include_subdomains"
	// browserHSTSPreload setting name for Strict-Transport-Security response header 'preload' flag (true or false)

   -r <revision>: only report issues in code added since that revision
   -a: automatically select the common base of origin/master and HEAD
       as revision
   -s: select a strict configuration for new code
   -n: in addition to strict checking, also enable hints (aka nits) that may are may not
       be useful
   -g <github action file>: also write results with --out-format=github-actions
       to a separate file

  limit: Int = length,
  encodeSet: String,
  alreadyEncoded: Boolean = false,
  strict: Boolean = false,
  plusIsSpace: Boolean = false,
  unicodeAllowed: Boolean = false,
): String {
  return canonicalizeWithCharset(
    pos = pos,
    limit = limit,
    encodeSet = encodeSet,
    alreadyEncoded = alreadyEncoded,
    strict = strict,
    plusIsSpace = plusIsSpace,
    unicodeAllowed = unicodeAllowed,
  )
}