public class ExecutionError extends Error {
  /*
   * Ideally, this class would have exposed only constructors that require a non-null cause. See
   * https://github.com/jspecify/jspecify-reference-checker/blob/61aafa4ae52594830cfc2d61c8b113009dbdb045/src/main/java/com/google/jspecify/nullness/NullSpecTransfer.java#L789
   * and https://github.com/jspecify/jspecify/issues/490.
   *

     * won't be cleared as long as the enum constant is referenced somewhere, and the enum constant
     * is referenced somewhere for as long as the enum class is loaded. *Maybe in theory* the enum
     * class could be unloaded after the above call to `getEnumConstants` but before we call
     * `get()`, but that is vanishingly unlikely.
     */
    return ref == null ? Optional.absent() : Optional.fromNullable(enumClass.cast(ref.get()));
  }

# Dependency Injection

Use dependencies when:

* They can't be declared in Pydantic validation and require additional logic
* The logic depends on external resources or could block in any other way
* Other dependencies need their results (it's a sub-dependency)
* The logic can be shared by multiple endpoints to do things like error early, authentication, etc.
* They need to handle cleanup (e.g., DB sessions, file handles), using dependencies with `yield`

        }
        foundTrustedCertificate = true
        continue
      }

      // Search for the certificate in the chain that signed this certificate. This is typically
      // the next element in the chain, but it could be any element.
      val i = queue.iterator()
      while (i.hasNext()) {
        val signingCert = i.next() as X509Certificate
        if (verifySignature(toVerify, signingCert, result.size - 1)) {
          i.remove()

    # Fixes "fatal: detected dubious ownership in repository" for Docker.
    git config --system --add safe.directory '*'
    git config --system protocol.file.allow always

    # Note that you could generate a list of all the affected targets with e.g.:
    # bazel query $(paste -sd "+" $BATS_FILE_TMPDIR/changed_files) --keep_going
    # Only shows Added, Changed, Modified, Renamed, and Type-changed files

    else:
        authenticate_value = "Bearer"
    credentials_exception = HTTPException(
        status_code=status.HTTP_401_UNAUTHORIZED,
        detail="Could not validate credentials",
        headers={"WWW-Authenticate": authenticate_value},
    )
    try:
        payload = jwt.decode(token, SECRET_KEY, algorithms=[ALGORITHM])
        username: str = payload.get("sub")

   *
   * <ul>
   *   <li>We could change the serialization of this class incompatibly. We have reserved the right
   *       to make such changes to our serialized forms, and we have made them before, usually
   *       without trouble. In this case, my guess is that our chosen approach is even less likely
   *       to lead to trouble than an incompatible change would be.

   * insists upon doing. It then runs the test, which behaves exactly like this package's existing
   * PackageSanityTests. (The test would run on the JVM, too, if not for the suppression below, and
   * that would be a problem because it violates small-test rules. Note that we strip the
   * suppression externally, but it's OK because we don't enforce test-size rules there.)
   *

Best practice is to set conventions in a plugin (2). This keeps the underlying object "dumb", so it can be reused in multiple contexts and doesn't contain any special information about how conventions are calculated or what they could be.  In the wild, we've seen some objects set conventions in the object's constructor (3), but this can lead to unexpected assumptions or coupling between plugins.

    checkState(keyStrength == null, "Key strength was already set to %s", keyStrength);
    keyStrength = checkNotNull(strength);
    if (strength != Strength.STRONG) {
      // STRONG could be used during deserialization.
      useCustomMap = true;
    }
    return this;
  }

  Strength getKeyStrength() {
    return MoreObjects.firstNonNull(keyStrength, Strength.STRONG);
  }

  /**