dependency mechanism</a>. The default scope is {@code compile}.
            ]]>
          </description>
          <type>String</type>
          <!-- This default has to be enforced at the maven-artifact layer, to allow
            | injection of defaults from <dependencyManagement/>.
            | TODO: how can we document it?
            |-->
          <!-- defaultValue>compile</defaultValue -->

* New Kubelet flag `--enforce-node-allocatable` with a default value of `pods` is added which will make kubelet create a top level cgroup for all pods to enforce Node Allocatable. Optionally, `system-reserved` & `kube-reserved` values can also be specified separated by comma to enforce node allocatable on cgroups specified via `--system-reserved-cgroup` & `--kube-reserved-cgroup` respectively. Note the...

        </excludes>
      </testResource>
    </testResources>
    <plugins>
      <plugin>
        <artifactId>maven-enforcer-plugin</artifactId>
        <executions>
          <execution>
            <id>enforce-versions</id>
            <goals>
              <goal>enforce</goal>
            </goals>
            <configuration>
              <rules>
                <requireMavenVersion>

        </excludes>
      </testResource>
    </testResources>
    <plugins>
      <plugin>
        <artifactId>maven-enforcer-plugin</artifactId>
        <executions>
          <execution>
            <id>enforce-versions</id>
            <goals>
              <goal>enforce</goal>
            </goals>
            <configuration>
              <rules>
                <requireMavenVersion>

  - `azureDisk` for `disk.csi.azure.com`
  - `gcePersistentDisk` for `pd.csi.storage.googleapis.com`
  - `cinder` for `cinder.csi.openstack.org`
  - `csi`
  However it was still enforced using a limit in CSINode objects. ([#126924](https://github.com/kubernetes/kubernetes/pull/126924), [@carlory](https://github.com/carlory))

- Changed underlying logic to propagate pod-level hugepage cgroup to containers when they did not specify hugepage resources.

          <plugin>
            <groupId>org.apache.maven.plugins</groupId>
            <artifactId>maven-enforcer-plugin</artifactId>
            <version>1.0-alpha-3</version>
            <executions>
              <execution>
                <id>enforce-jdk-15</id>
                <goals>
                  <goal>enforce</goal>
                </goals>
                <configuration>
                  <rules>

- Service account tokens now include the JWT Key ID field in their header. ([#78502](https://github.com/kubernetes/kubernetes/pull/78502), [@ahmedtd](https://github.com/ahmedtd))
- The nbf (not before) claim, if present in ID token, is now enforced. ([#81413](https://github.com/kubernetes/kubernetes/pull/81413), [@anderseknert](https://github.com/anderseknert))

### CLI

- When `cpu-manager-policy=static` is configured, containers meeting the qualifications for static cpu assignment (i.e. Containers with integer CPU `requests` in pods with `Guaranteed` QOS) will not have cfs quota enforced. Because this fix changes a long-established behavior, users observing a regressions can use the `DisableCPUQuotaWithExclusiveCPUs` feature gate (enabled by default) to restore the previous behavior. Please file an issue if you encounter problems...

          <plugin>
            <groupId>org.apache.maven.plugins</groupId>
            <artifactId>maven-enforcer-plugin</artifactId>
            <version>1.0-alpha-3</version>
            <executions>
              <execution>
                <id>enforce-jdk-15</id>
                <goals>
                  <goal>enforce</goal>
                </goals>
                <configuration>
                  <rules>