the add-opens. Right now that doesn't seem worth the effort, though.
    -->
    <test.add.opens>
      --add-opens java.base/java.lang=ALL-UNNAMED
      --add-opens java.base/java.util=ALL-UNNAMED
      --add-opens java.base/sun.security.jca=ALL-UNNAMED
    </test.add.opens>
    <module.status>integration</module.status>

# @format

name: Issue Workflow

on:
  issues:
    types:
      - opened

jobs:
  add-to-project:
    name: Add issue to project
    runs-on: ubuntu-latest
    steps:
      - uses: actions/add-to-project@v0.5.0
        with:
          project-url: https://github.com/orgs/miniohq/projects/2

name: 'Auto Assign PR to Author'
on:
  pull_request:
    types: [opened]

permissions: {}

jobs:
  add-reviews:
    permissions:
      contents: read  # for kentaro-m/auto-assign-action to fetch config file
      pull-requests: write  # for kentaro-m/auto-assign-action to assign PR reviewers
    runs-on: ubuntu-latest
    steps:

		writeSTSErrorResponse(ctx, w, ErrSTSInternalError, err)
		return
	}

	// https://openid.net/specs/openid-connect-core-1_0.html#ClaimStability
	// claim is only considered stable when subject and iss are used together
	// this is to ensure that ParentUser doesn't change and we get to use
	// parentUser as per the requirements for service accounts for OpenID
	// based logins.
	var subFromToken string
	if v, ok := claims[subClaim]; ok {

::: fastapi.security.OAuth2PasswordRequestForm

::: fastapi.security.OAuth2PasswordRequestFormStrict

## OAuth2 Security Scopes in Dependencies

::: fastapi.security.SecurityScopes

## OpenID Connect

name: Labels
on:
  pull_request_target:
    types:
      - opened
      - synchronize
      - reopened
      # For label-checker
      - labeled
      - unlabeled

jobs:
  labeler:
    permissions:
      contents: read
      pull-requests: write
    runs-on: ubuntu-latest
    steps:
    - uses: actions/labeler@v5
      if: ${{ github.event.action != 'labeled' && github.event.action != 'unlabeled' }}

name: containers

on:
  push:
    branches:
      - master
  pull_request:
    types: [opened, labeled, unlabeled, synchronize]

permissions:
  contents: read

env:
  GRADLE_OPTS: "-Dorg.gradle.jvmargs=-Xmx4g -Dorg.gradle.daemon=false -Dkotlin.incremental=false"

jobs:
  test_containers:
    permissions:
      checks: write # for actions/upload-artifact
    runs-on: ubuntu-latest

      TestByteSink okSink = new TestByteSink();
      assertThrows(IOException.class, () -> failSource.copyTo(okSink));
      // ensure stream was closed IF it was opened (depends on implementation whether or not it's
      // opened at all if source.newInputStream() throws).
      assertTrue(
          "stream not closed when copying from source with option: " + option,

      TestByteSink okSink = new TestByteSink();
      assertThrows(IOException.class, () -> failSource.copyTo(okSink));
      // ensure stream was closed IF it was opened (depends on implementation whether or not it's
      // opened at all if source.newInputStream() throws).
      assertTrue(
          "stream not closed when copying from source with option: " + option,

of the code base.

## Scope

The vulnerability management policy described in this document covers the
process of investigating, assessing and resolving a vulnerability report
opened by a MinIO employee or an external third party.

Therefore, it lists pre-conditions and actions that should be performed to
resolve and fix a reported vulnerability.

## Vulnerability Management Process