*       href="https://bugs.openjdk.java.net/browse/JDK-8202469">JDK-8202469</a>
 * </ul>
 *
 * <p>This annotation is a temporary hack. We will remove it after we're able to adopt the <a
 * href="https://jspecify.dev/">JSpecify</a> nullness annotations and <a
 * href="https://github.com/google/guava/issues/6126#issuecomment-1203145963">tools no longer need
 * it</a>.
 */

 */
@ElementTypesAreNonnullByDefault
class MapIteratorCache<K, V> {
  private final Map<K, V> backingMap;

  /*
   * Per JDK: "the behavior of a map entry is undefined if the backing map has been modified after
   * the entry was returned by the iterator, except through the setValue operation on the map entry"
   * As such, this field must be cleared before every map mutation.
   *

 *       href="https://bugs.openjdk.java.net/browse/JDK-8202469">JDK-8202469</a>
 * </ul>
 *
 * <p>This annotation is a temporary hack. We will remove it after we're able to adopt the <a
 * href="https://jspecify.dev/">JSpecify</a> nullness annotations and <a
 * href="https://github.com/google/guava/issues/6126#issuecomment-1203145963">tools no longer need
 * it</a>.
 */

 *       href="https://bugs.openjdk.java.net/browse/JDK-8202469">JDK-8202469</a>
 * </ul>
 *
 * <p>This annotation is a temporary hack. We will remove it after we're able to adopt the <a
 * href="https://jspecify.dev/">JSpecify</a> nullness annotations and <a
 * href="https://github.com/google/guava/issues/6126#issuecomment-1203145963">tools no longer need
 * it</a>.
 */

    }
  }

  private boolean hasRemaining() {
    return remaining() > 0;
  }

  private int remaining() {
    requireNonNull(seq); // safe as long as we call this only after checkOpen
    return seq.length() - pos;
  }

  /*
   * To avoid the need to call requireNonNull so much, we could consider more clever approaches,
   * such as:
   *

 *       href="https://bugs.openjdk.java.net/browse/JDK-8202469">JDK-8202469</a>
 * </ul>
 *
 * <p>This annotation is a temporary hack. We will remove it after we're able to adopt the <a
 * href="https://jspecify.dev/">JSpecify</a> nullness annotations and <a
 * href="https://github.com/google/guava/issues/6126#issuecomment-1203145963">tools no longer need
 * it</a>.
 */

 *       href="https://bugs.openjdk.java.net/browse/JDK-8202469">JDK-8202469</a>
 * </ul>
 *
 * <p>This annotation is a temporary hack. We will remove it after we're able to adopt the <a
 * href="https://jspecify.dev/">JSpecify</a> nullness annotations and <a
 * href="https://github.com/google/guava/issues/6126#issuecomment-1203145963">tools no longer need
 * it</a>.
 */

         */
        void update(@Nonnull ByteBuffer input);

        /**
         * Returns the algorithm end result as string, never {@code null}. After invoking this method, this instance should
         * be discarded and not reused. For new checksum calculation you have to get new instance.
         */
        @Nonnull
        String checksum();
    }

That way, using `secrets.compare_digest()` in your application code, it will be safe against this whole range of security attacks.

### Return the error

After detecting that the credentials are incorrect, return an `HTTPException` with a status code 401 (the same returned when no credentials are provided) and add the header `WWW-Authenticate` to make the browser show the login prompt again:

func reliableRename(srcFilePath, dstFilePath, baseDir string) (err error) {
	if err = reliableMkdirAll(path.Dir(dstFilePath), 0o777, baseDir); err != nil {
		return err
	}

	i := 0
	for {
		// After a successful parent directory create attempt a renameAll.
		if err = Rename(srcFilePath, dstFilePath); err != nil {
			// Retry only for the first retryable error.
			if osIsNotExist(err) && i == 0 {
				i++
				continue