* though it's racy, we don't care which of those values we get, so no need to synchronize.
     */
    @LazyInit @Nullable Thread thread;

    /** Only used by the thread associated with this object */
    @Nullable Runnable nextTask;

    /** Only used by the thread associated with this object */
    @Nullable Executor nextExecutor;
  }

  /**
   * Enqueues a task to run when the previous task (if any) completes.

    /**
     * Returns the password in plain text or {@code null} if the raw password
     * hashes were used to construct this {@code NtlmPasswordAuthentication}
     * object which will be the case when NTLM HTTP Authentication is
     * used. There is no way to retrieve a users password in plain text unless
     * it is supplied by the user at runtime.
     */
    /**
     * Returns the password in plain text or {@code null} if the raw password

  /**
   * Returns a comparator that compares two {@code char} arrays <a
   * href="http://en.wikipedia.org/wiki/Lexicographical_order">lexicographically</a>; not advisable
   * for sorting user-visible strings as the ordering may not match the conventions of the user's
   * locale. That is, it compares, using {@link #compare(char, char)}), the first pair of values
   * that follow any common prefix, or when one array is a prefix of the other, treats the shorter

     * Returns the username for the authenticating user.
     *
     * @return A <code>String</code> containing the user for this message.
     */
    public String getUser() {
        return this.user;
    }

    /**
     * Sets the user for this message.
     *
     * @param user
     *            The user.
     */
    public void setUser(final String user) {
        this.user = user;
    }

     * users. This method should return the same text that the ACL
     * editor in Windows would display.
     * <p>
     * Specifically, if the SID has
     * been resolved and it is not a domain SID or builtin account,
     * the full DOMAIN\name form of the account will be
     * returned (e.g. MYDOM\alice or MYDOM\Domain Users).
     * If the SID has been resolved but it is is a domain SID,

        processMemberOf(user, groupList, roleList, "https://graph.microsoft.com/v1.0/me/memberOf");
        user.setGroups(groupList.stream().distinct().toArray(n -> new String[n]));
        user.setRoles(roleList.stream().distinct().toArray(n -> new String[n]));
    }

    /**
     * Processes member-of information from Microsoft Graph API.
     * @param user The Azure AD user.

// OpenIDClientAppParams - contains openID client application params, used in
// testing.
type OpenIDClientAppParams struct {
	ClientID, ClientSecret, ProviderURL, RedirectURL string
}

// MockOpenIDTestUserInteraction - tries to login to dex using provided credentials.
// It performs the user's browser interaction to login and retrieves the auth
// code from dex and exchanges it for a JWT.

- github.com/moby/docker-image-spec: [v1.3.1](https://github.com/moby/docker-image-spec/tree/v1.3.1)
- github.com/moby/sys/user: [v0.3.0](https://github.com/moby/sys/tree/user/v0.3.0)
- github.com/moby/sys/userns: [v0.1.0](https://github.com/moby/sys/tree/userns/v0.1.0)
- go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp: v1.27.0

### Changed
- cel.dev/expr: v0.15.0 → v0.18.0

 *  **OkHttp no longer attempts a direct connection if the system's HTTP proxy fails.** This
    behavior was surprising because OkHttp was disregarding the user's specified configuration. If
    you need to customize proxy fallback behavior, implement your own `java.net.ProxySelector`.

 *  Fix: Support TLSv1.3 on devices that support it.

  - [beta] PodDisruptionBudget has been promoted to beta, can be used to safely drain nodes while respecting application SLO's ([docs](http://kubernetes.io/docs/tasks/administer-cluster/safely-drain-node/)) ([kubernetes/features#85](https://github.com/kubernetes/enhancements/issues/85))
- **UI**