}
        if (escaped.length > 0) {
          System.arraycopy(escaped, 0, dest, destIndex, escaped.length);
          destIndex += escaped.length;
        }
        // If we dealt with an escaped character, reset the unescaped range.
        unescapedChunkStart = nextIndex;
      }
      index = nextEscapeIndex(s, nextIndex, end);
    }

    // Process trailing unescaped characters - no need to account for escaped

        nb.index = idx;
        nb.deferred = this.deferred;
        return nb;
    }

    /**
     * Resets the buffer position to the start.
     */
    public void reset() {
        this.index = this.start;
        this.length = 0;
        this.deferred = this;
    }

    /**
     * Returns the current index position in the buffer.
     *

  fun nextFrame(
    requireSettings: Boolean,
    handler: Handler,
  ): Boolean {
    try {
      source.require(9) // Frame header size.
    } catch (e: EOFException) {
      return false // This might be a normal socket close.
    }

    //  0                   1                   2                   3
    //  0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1

    /** The key of the message: Access Key */
    public static final String LABELS_storage_access_key = "{labels.storage_access_key}";

    /** The key of the message: Secret Key */
    public static final String LABELS_storage_secret_key = "{labels.storage_secret_key}";

    /** The key of the message: Bucket */
    public static final String LABELS_storage_bucket = "{labels.storage_bucket}";

        // Note: We can't directly test the byte limit without encrypting large amounts of data,
        // but we can verify the method exists and returns proper boolean
    }

    @Test
    @DisplayName("Should reset key rotation tracking")
    void testResetKeyRotationTracking() {
        // Given
        Smb2EncryptionContext context = new Smb2EncryptionContext(1, DialectVersion.SMB311, testEncryptionKey, testDecryptionKey);

### Immutable Secrets and ConfigMaps (beta)

Secret and ConfigMap volumes can be marked as immutable, which significantly reduces load on the API server if there are many Secret and ConfigMap volumes in the cluster.
See [ConfigMap](https://kubernetes.io/docs/concepts/configuration/configmap/) and [Secret](https://kubernetes.io/docs/concepts/configuration/secret/) for more information.

### CSI Proxy for Windows

            }

            @Override
            public boolean isCommitted() {
                return false;
            }

            @Override
            public void reset() {
            }

            @Override
            public void setLocale(java.util.Locale loc) {
            }

            @Override
            public java.util.Locale getLocale() {

	if err = saveServerConfig(ctx, objectAPI, cfg); err != nil {
		writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL)
		return
	}

	// freshly retrieve the config so that default values are loaded for reset config
	if cfg, err = getValidConfig(objectAPI); err != nil {
		writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL)
		return
	}

	dynamic := config.SubSystemsDynamic.Contains(subSys)
	if dynamic {

- Kubeadm: fix the bug that kubeadm tries to call 'docker info' even if the CRI socket was for another CR ([#94555](https://github.com/kubernetes/kubernetes/pull/94555), [@SataQiu](https://github.com/SataQiu)) [SIG Cluster Lifecycle]

### SIG CLI

* You can now use the `base64decode` function in kubectl go templates to decode base64-encoded data, such as `kubectl get secret SECRET -o go-template='{{ .data.KEY | base64decode }}'`. ([#60755](https://github.com/kubernetes/kubernetes/pull/60755), [@glb](https://github.com/glb))