for reparse points, which can be controlled with the `winsymlink` setting.
As of Go 1.23 (`winsymlink=1`), mount points no longer have [`os.ModeSymlink`](/pkg/os#ModeSymlink)
set, and reparse points that are not symlinks, Unix sockets, or dedup files now
always have [`os.ModeIrregular`](/pkg/os#ModeIrregular) set. As a result of these changes,
[`filepath.EvalSymlinks`](/pkg/path/filepath#EvalSymlinks) no longer evaluates

        .socketFactory(
          object : DelegatingSocketFactory(getDefault()) {
            override fun configureSocket(socket: Socket): Socket {
              socket.receiveBufferSize = socketBufferSize
              socket.sendBufferSize = socketBufferSize
              return socket
            }
          },
        ).writeTimeout(Duration.ofMillis(500))
        .build()
    server.start()

 *  Fix: Don't close a `Deflater` while we're still using it to compress a web socket message. We
    had a severe bug where web sockets were closed on the wrong thread, which caused
    `NullPointerException` crashes in `Deflater`.

 *  Fix: Don't crash after a web socket fails its connection upgrade. We incorrectly released
    the web socket's connections back to the pool before their resources were cleaned up.

### CVE-2023-2728: Bypassing enforce mountable secrets policy imposed by the ServiceAccount admission plugin

### CVE-2023-2728: Bypassing enforce mountable secrets policy imposed by the ServiceAccount admission plugin

* Fixed racy panics when using fake watches with ObjectTracker ([#61195](https://github.com/kubernetes/kubernetes/pull/61195), [@grantr](https://github.com/grantr))
* Fixed mounting of UNIX sockets(and other special files) in subpaths ([#61480](https://github.com/kubernetes/kubernetes/pull/61480), [@gnufscied](https://github.com/gnufied))

### CVE-2023-2728: Bypassing enforce mountable secrets policy imposed by the ServiceAccount admission plugin

          commit-message: Update test buckets
          branch: devprod/update-test-buckets
          branch-suffix: timestamp
          delete-branch: true
          title: 'Update test buckets'
          signoff: true
          sign-commits: true
          labels: |
            in:building-gradle
            @dev-productivity
          body: |
            This PR updates the test buckets based on the latest test class data.

- Fixed bug that caused cAdvisor to incorrectly detect single-socket multi-NUMA topology. ([#99209](https://github.com/kubernetes/kubernetes/pull/99209), [@iwankgb](https://github.com/iwankgb)) [SIG Node]

    * - Don't generate empty record for externalName service.
    * - Add validation for upstreamNameserver port.
    * - Update go version to 1.9.3.
* Fix mounting of UNIX sockets(and other special files) in subpaths ([#61480](https://github.com/kubernetes/kubernetes/pull/61480), [@gnufied](https://github.com/gnufied))