The behavior of some watch calls to the server when filtering on fields was incorrect. If watching objects with a filter, when an update was made that no longer matched the filter a DELETE event was correctly sent. However, the object that was returned by that delete was not the (correct) version before the update, but instead, the newer version. That meant the new object was not matched by the filter. This was a regression from behavior between cached watches on the server side and uncached watches,...

This release contains changes that address the following vulnerabilities:

### CVE-2021-25735: Validating Admission Webhook does not observe some previous fields

A security issue was discovered in kube-apiserver that could allow node
updates to bypass a Validating Admission Webhook. You are only affected
by this vulnerability if you run a Validating Admission Webhook for Nodes

pkg syscall (freebsd-arm64), type IfAnnounceMsghdr struct, Type uint8
pkg syscall (freebsd-arm64), type IfAnnounceMsghdr struct, Version uint8
pkg syscall (freebsd-arm64), type IfAnnounceMsghdr struct, What uint16
pkg syscall (freebsd-arm64), type IfData struct
pkg syscall (freebsd-arm64), type IfData struct, Addrlen uint8
pkg syscall (freebsd-arm64), type IfData struct, Baudrate uint64

This release contains changes that address the following vulnerabilities:

### CVE-2021-25735: Validating Admission Webhook does not observe some previous fields

A security issue was discovered in kube-apiserver that could allow node
updates to bypass a Validating Admission Webhook. You are only affected
by this vulnerability if you run a Validating Admission Webhook for Nodes

- Fixed an issue in the kubelet that showed when writeable layers and read-only layers were at different paths within the same mount.
  Kubernetes was previously detecting that the image filesystem was split, even when that was not really the case ([#128344](https://github.com/kubernetes/kubernetes/pull/128344), [@kannon92](https://github.com/kannon92)) [SIG Node]

then the <code>File</code> interface is implemented by both <code>S1</code> and
<code>S2</code>, regardless of what other methods
<code>S1</code> and <code>S2</code> may have or share.
</p>

<p>
Every type that is a member of the type set of an interface implements that interface.
Any given type may implement several distinct interfaces.

pkg syscall (freebsd-riscv64), type IfAnnounceMsghdr struct, Type uint8 #53466
pkg syscall (freebsd-riscv64), type IfAnnounceMsghdr struct, Version uint8 #53466
pkg syscall (freebsd-riscv64), type IfAnnounceMsghdr struct, What uint16 #53466
pkg syscall (freebsd-riscv64), type IfData struct #53466
pkg syscall (freebsd-riscv64), type IfData struct, Addrlen uint8 #53466
pkg syscall (freebsd-riscv64), type IfData struct, Baudrate uint64 #53466

not match private key") } return nil }) return privateKey, nil } } func NewPrivateKey[P Point[P]](c *Curve[P], key []byte) (*PrivateKey, error) { // SP 800-56A Rev. 3, Section 5.6.1.2.2 checks that c <= n – 2 and then // returns d = c + 1. Note that it follows that 0 < d < n. Equivalently, // we check that 0 < d < n, and return d. if len(key) != len(c.N) || isZero(key) || !isLess(key, c.N) { return nil, errors.New("crypto/ecdh: invalid private key") } p, err := c.newPoint().ScalarBaseMult(key) if...

  HttpUrl baseUrl = server.url("/v1/chat/");

  // Exercise your application code, which should make those HTTP requests.
  // Responses are returned in the same order that they are enqueued.
  Chat chat = new Chat(baseUrl);

  chat.loadMore();
  assertEquals("hello, world!", chat.messages());

  chat.loadMore();
  chat.loadMore();
  assertEquals(""
      + "hello, world!\n"

 *
 * In addition to low-level chat operations, this interface defines
 * high-level RAG workflow methods that allow each provider to optimize
 * prompt construction, parameter tuning, and response parsing.
 */
public interface LlmClient {

    /**
     * Performs a chat completion request.
     *
     * @param request the chat request containing messages and parameters