}
	})

	t.Run("if-match with correct ETag and read quorum failure", func(t *testing.T) {
		// Test Case 3: if-match with CORRECT ETag but read quorum failure
		// Even with the correct ETag, we shouldn't proceed if we can't verify it.
		opts := ObjectOptions{
			UserDefined: map[string]string{
				xhttp.IfMatch: existingETag,
			},
			HasIfMatch: true,
			CheckPrecondFn: func(oi ObjectInfo) bool {

    assertThat(expected)
        .hasMessageThat()
        .isEqualTo("I bet you didn't think Thread.interrupt could throw");
    /*
     * We need to wait for the runner to exit. It used to be that the runner would get stuck in the
     * busy loop when interrupt threw.
     *
     * While we're at it, we confirm that the interrupt happened as expected.
     */
    ExecutionException fromRunInterruptibly =

# the hashes of all the branch heads, so we can use a hash of
# all those branch names and heads as a conservative snapshot
# of the entire remote repo state, and use that as the tag sum.
# Any change on the server then invalidates the tag sum,
# even if it didn't have anything to do with tags, but at least
# we will avoid re-cloning a server when there have been no
# changes at all.
#

[Mockito][mockito]. We believe subtyping `OkHttpClient` is the wrong way to test with OkHttp. If
you must, mock `Call.Factory` which is the interface that `OkHttpClient` implements.

#### Internal API changes

The `okhttp3.internal` package is not a published API and we change it frequently without warning.

	// must be restricted by it. So, we set `.IsOwner` to false here
	// unconditionally.
	//
	// We also set `DenyOnly` arg to false here - this is an IMPORTANT corner
	// case: DenyOnly is used only for allowing an account to do actions related
	// to its own account (like create service accounts for itself, among
	// others). However when a session policy is present, we need to validate

		// There is at least one SSE-S3 single-part object.
		// For all SSE-S3 single-part objects we have to
		// fetch their decryption keys. We do this using
		// a Bulk-Decryption API call, if available.
		keys, err := crypto.S3.UnsealObjectKeys(ctx, k, metadata, buckets, names)
		if err != nil {
			return err
		}

		// Now, we have to decrypt the ETags of SSE-S3 single-part

### We Make Mistakes { #we-make-mistakes }

We, as humans, make **mistakes**, all the time. Software almost *always* has **bugs** hidden in different places. 🐛

And we as developers keep improving the code as we find those bugs and as we implement new features (possibly adding new bugs too 😅).

	errOutdatedXLMeta = errors.New("outdated XL meta")
	errPartCorrupt    = errors.New("part corrupt")
	errPartMissing    = errors.New("part missing")
)

// Only heal on disks where we are sure that healing is needed. We can expand
// this list as and when we figure out more errors can be added to this list safely.
func shouldHealObjectOnDisk(erErr error, partsErrs []int, meta FileInfo, latestMeta FileInfo) (bool, bool, error) {

# Note: We intentionally don't add the flags we'd need to make Flags and Enums
# work. That's because the Proguard configuration required to make them work on
# optimized code would preclude lots of optimization, like converting enums
# into ints.

# Throwables uses internal APIs for lazy stack trace resolution
-dontnote sun.misc.SharedSecrets
-keep class sun.misc.SharedSecrets {
  *** getJavaLangAccess(...);
}
-dontnote sun.misc.JavaLangAccess

    could use new flow control capacity before acknowledging it, causing strict HTTP/2 servers to
    fail the call.

 *  Fix: Recover gracefully when a coalesced connection immediately goes unhealthy.

## Version 3.14.2

_2019-05-19_

 *  Fix: Lock in a route when recovering from an HTTP/2 connection error. We had a bug where two